1 /** 2 * eCryptfs: Linux filesystem encryption layer 3 * 4 * Copyright (C) 2008 International Business Machines Corp. 5 * Author(s): Michael A. Halcrow <mhalcrow@us.ibm.com> 6 * 7 * This program is free software; you can redistribute it and/or 8 * modify it under the terms of the GNU General Public License version 9 * 2 as published by the Free Software Foundation. 10 * 11 * This program is distributed in the hope that it will be useful, but 12 * WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 * General Public License for more details. 15 * 16 * You should have received a copy of the GNU General Public License 17 * along with this program; if not, write to the Free Software 18 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 19 * 02111-1307, USA. 20 */ 21 22 #include <linux/fs.h> 23 #include <linux/hash.h> 24 #include <linux/random.h> 25 #include <linux/miscdevice.h> 26 #include <linux/poll.h> 27 #include <linux/slab.h> 28 #include <linux/wait.h> 29 #include <linux/module.h> 30 #include "ecryptfs_kernel.h" 31 32 static atomic_t ecryptfs_num_miscdev_opens; 33 34 /** 35 * ecryptfs_miscdev_poll 36 * @file: dev file (ignored) 37 * @pt: dev poll table (ignored) 38 * 39 * Returns the poll mask 40 */ 41 static unsigned int 42 ecryptfs_miscdev_poll(struct file *file, poll_table *pt) 43 { 44 struct ecryptfs_daemon *daemon; 45 unsigned int mask = 0; 46 uid_t euid = current_euid(); 47 int rc; 48 49 mutex_lock(&ecryptfs_daemon_hash_mux); 50 /* TODO: Just use file->private_data? */ 51 rc = ecryptfs_find_daemon_by_euid(&daemon, euid, current_user_ns()); 52 if (rc || !daemon) { 53 mutex_unlock(&ecryptfs_daemon_hash_mux); 54 return -EINVAL; 55 } 56 mutex_lock(&daemon->mux); 57 mutex_unlock(&ecryptfs_daemon_hash_mux); 58 if (daemon->flags & ECRYPTFS_DAEMON_ZOMBIE) { 59 printk(KERN_WARNING "%s: Attempt to poll on zombified " 60 "daemon\n", __func__); 61 goto out_unlock_daemon; 62 } 63 if (daemon->flags & ECRYPTFS_DAEMON_IN_READ) 64 goto out_unlock_daemon; 65 if (daemon->flags & ECRYPTFS_DAEMON_IN_POLL) 66 goto out_unlock_daemon; 67 daemon->flags |= ECRYPTFS_DAEMON_IN_POLL; 68 mutex_unlock(&daemon->mux); 69 poll_wait(file, &daemon->wait, pt); 70 mutex_lock(&daemon->mux); 71 if (!list_empty(&daemon->msg_ctx_out_queue)) 72 mask |= POLLIN | POLLRDNORM; 73 out_unlock_daemon: 74 daemon->flags &= ~ECRYPTFS_DAEMON_IN_POLL; 75 mutex_unlock(&daemon->mux); 76 return mask; 77 } 78 79 /** 80 * ecryptfs_miscdev_open 81 * @inode: inode of miscdev handle (ignored) 82 * @file: file for miscdev handle (ignored) 83 * 84 * Returns zero on success; non-zero otherwise 85 */ 86 static int 87 ecryptfs_miscdev_open(struct inode *inode, struct file *file) 88 { 89 struct ecryptfs_daemon *daemon = NULL; 90 uid_t euid = current_euid(); 91 int rc; 92 93 mutex_lock(&ecryptfs_daemon_hash_mux); 94 rc = try_module_get(THIS_MODULE); 95 if (rc == 0) { 96 rc = -EIO; 97 printk(KERN_ERR "%s: Error attempting to increment module use " 98 "count; rc = [%d]\n", __func__, rc); 99 goto out_unlock_daemon_list; 100 } 101 rc = ecryptfs_find_daemon_by_euid(&daemon, euid, current_user_ns()); 102 if (rc || !daemon) { 103 rc = ecryptfs_spawn_daemon(&daemon, euid, current_user_ns(), 104 task_pid(current)); 105 if (rc) { 106 printk(KERN_ERR "%s: Error attempting to spawn daemon; " 107 "rc = [%d]\n", __func__, rc); 108 goto out_module_put_unlock_daemon_list; 109 } 110 } 111 mutex_lock(&daemon->mux); 112 if (daemon->pid != task_pid(current)) { 113 rc = -EINVAL; 114 printk(KERN_ERR "%s: pid [0x%p] has registered with euid [%d], " 115 "but pid [0x%p] has attempted to open the handle " 116 "instead\n", __func__, daemon->pid, daemon->euid, 117 task_pid(current)); 118 goto out_unlock_daemon; 119 } 120 if (daemon->flags & ECRYPTFS_DAEMON_MISCDEV_OPEN) { 121 rc = -EBUSY; 122 printk(KERN_ERR "%s: Miscellaneous device handle may only be " 123 "opened once per daemon; pid [0x%p] already has this " 124 "handle open\n", __func__, daemon->pid); 125 goto out_unlock_daemon; 126 } 127 daemon->flags |= ECRYPTFS_DAEMON_MISCDEV_OPEN; 128 file->private_data = daemon; 129 atomic_inc(&ecryptfs_num_miscdev_opens); 130 out_unlock_daemon: 131 mutex_unlock(&daemon->mux); 132 out_module_put_unlock_daemon_list: 133 if (rc) 134 module_put(THIS_MODULE); 135 out_unlock_daemon_list: 136 mutex_unlock(&ecryptfs_daemon_hash_mux); 137 return rc; 138 } 139 140 /** 141 * ecryptfs_miscdev_release 142 * @inode: inode of fs/ecryptfs/euid handle (ignored) 143 * @file: file for fs/ecryptfs/euid handle (ignored) 144 * 145 * This keeps the daemon registered until the daemon sends another 146 * ioctl to fs/ecryptfs/ctl or until the kernel module unregisters. 147 * 148 * Returns zero on success; non-zero otherwise 149 */ 150 static int 151 ecryptfs_miscdev_release(struct inode *inode, struct file *file) 152 { 153 struct ecryptfs_daemon *daemon = NULL; 154 uid_t euid = current_euid(); 155 int rc; 156 157 mutex_lock(&ecryptfs_daemon_hash_mux); 158 rc = ecryptfs_find_daemon_by_euid(&daemon, euid, current_user_ns()); 159 if (rc || !daemon) 160 daemon = file->private_data; 161 mutex_lock(&daemon->mux); 162 BUG_ON(!(daemon->flags & ECRYPTFS_DAEMON_MISCDEV_OPEN)); 163 daemon->flags &= ~ECRYPTFS_DAEMON_MISCDEV_OPEN; 164 atomic_dec(&ecryptfs_num_miscdev_opens); 165 mutex_unlock(&daemon->mux); 166 rc = ecryptfs_exorcise_daemon(daemon); 167 if (rc) { 168 printk(KERN_CRIT "%s: Fatal error whilst attempting to " 169 "shut down daemon; rc = [%d]. Please report this " 170 "bug.\n", __func__, rc); 171 BUG(); 172 } 173 module_put(THIS_MODULE); 174 mutex_unlock(&ecryptfs_daemon_hash_mux); 175 return rc; 176 } 177 178 /** 179 * ecryptfs_send_miscdev 180 * @data: Data to send to daemon; may be NULL 181 * @data_size: Amount of data to send to daemon 182 * @msg_ctx: Message context, which is used to handle the reply. If 183 * this is NULL, then we do not expect a reply. 184 * @msg_type: Type of message 185 * @msg_flags: Flags for message 186 * @daemon: eCryptfs daemon object 187 * 188 * Add msg_ctx to queue and then, if it exists, notify the blocked 189 * miscdevess about the data being available. Must be called with 190 * ecryptfs_daemon_hash_mux held. 191 * 192 * Returns zero on success; non-zero otherwise 193 */ 194 int ecryptfs_send_miscdev(char *data, size_t data_size, 195 struct ecryptfs_msg_ctx *msg_ctx, u8 msg_type, 196 u16 msg_flags, struct ecryptfs_daemon *daemon) 197 { 198 struct ecryptfs_message *msg; 199 200 msg = kmalloc((sizeof(*msg) + data_size), GFP_KERNEL); 201 if (!msg) { 202 printk(KERN_ERR "%s: Out of memory whilst attempting " 203 "to kmalloc(%zd, GFP_KERNEL)\n", __func__, 204 (sizeof(*msg) + data_size)); 205 return -ENOMEM; 206 } 207 208 mutex_lock(&msg_ctx->mux); 209 msg_ctx->msg = msg; 210 msg_ctx->msg->index = msg_ctx->index; 211 msg_ctx->msg->data_len = data_size; 212 msg_ctx->type = msg_type; 213 memcpy(msg_ctx->msg->data, data, data_size); 214 msg_ctx->msg_size = (sizeof(*msg_ctx->msg) + data_size); 215 list_add_tail(&msg_ctx->daemon_out_list, &daemon->msg_ctx_out_queue); 216 mutex_unlock(&msg_ctx->mux); 217 218 mutex_lock(&daemon->mux); 219 daemon->num_queued_msg_ctx++; 220 wake_up_interruptible(&daemon->wait); 221 mutex_unlock(&daemon->mux); 222 223 return 0; 224 } 225 226 /* 227 * miscdevfs packet format: 228 * Octet 0: Type 229 * Octets 1-4: network byte order msg_ctx->counter 230 * Octets 5-N0: Size of struct ecryptfs_message to follow 231 * Octets N0-N1: struct ecryptfs_message (including data) 232 * 233 * Octets 5-N1 not written if the packet type does not include a message 234 */ 235 #define PKT_TYPE_SIZE 1 236 #define PKT_CTR_SIZE 4 237 #define MIN_NON_MSG_PKT_SIZE (PKT_TYPE_SIZE + PKT_CTR_SIZE) 238 #define MIN_MSG_PKT_SIZE (PKT_TYPE_SIZE + PKT_CTR_SIZE \ 239 + ECRYPTFS_MIN_PKT_LEN_SIZE) 240 /* 4 + ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES comes from tag 65 packet format */ 241 #define MAX_MSG_PKT_SIZE (PKT_TYPE_SIZE + PKT_CTR_SIZE \ 242 + ECRYPTFS_MAX_PKT_LEN_SIZE \ 243 + sizeof(struct ecryptfs_message) \ 244 + 4 + ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES) 245 #define PKT_TYPE_OFFSET 0 246 #define PKT_CTR_OFFSET PKT_TYPE_SIZE 247 #define PKT_LEN_OFFSET (PKT_TYPE_SIZE + PKT_CTR_SIZE) 248 249 /** 250 * ecryptfs_miscdev_read - format and send message from queue 251 * @file: fs/ecryptfs/euid miscdevfs handle (ignored) 252 * @buf: User buffer into which to copy the next message on the daemon queue 253 * @count: Amount of space available in @buf 254 * @ppos: Offset in file (ignored) 255 * 256 * Pulls the most recent message from the daemon queue, formats it for 257 * being sent via a miscdevfs handle, and copies it into @buf 258 * 259 * Returns the number of bytes copied into the user buffer 260 */ 261 static ssize_t 262 ecryptfs_miscdev_read(struct file *file, char __user *buf, size_t count, 263 loff_t *ppos) 264 { 265 struct ecryptfs_daemon *daemon; 266 struct ecryptfs_msg_ctx *msg_ctx; 267 size_t packet_length_size; 268 char packet_length[ECRYPTFS_MAX_PKT_LEN_SIZE]; 269 size_t i; 270 size_t total_length; 271 uid_t euid = current_euid(); 272 int rc; 273 274 mutex_lock(&ecryptfs_daemon_hash_mux); 275 /* TODO: Just use file->private_data? */ 276 rc = ecryptfs_find_daemon_by_euid(&daemon, euid, current_user_ns()); 277 if (rc || !daemon) { 278 mutex_unlock(&ecryptfs_daemon_hash_mux); 279 return -EINVAL; 280 } 281 mutex_lock(&daemon->mux); 282 if (task_pid(current) != daemon->pid) { 283 mutex_unlock(&daemon->mux); 284 mutex_unlock(&ecryptfs_daemon_hash_mux); 285 return -EPERM; 286 } 287 if (daemon->flags & ECRYPTFS_DAEMON_ZOMBIE) { 288 rc = 0; 289 mutex_unlock(&ecryptfs_daemon_hash_mux); 290 printk(KERN_WARNING "%s: Attempt to read from zombified " 291 "daemon\n", __func__); 292 goto out_unlock_daemon; 293 } 294 if (daemon->flags & ECRYPTFS_DAEMON_IN_READ) { 295 rc = 0; 296 mutex_unlock(&ecryptfs_daemon_hash_mux); 297 goto out_unlock_daemon; 298 } 299 /* This daemon will not go away so long as this flag is set */ 300 daemon->flags |= ECRYPTFS_DAEMON_IN_READ; 301 mutex_unlock(&ecryptfs_daemon_hash_mux); 302 check_list: 303 if (list_empty(&daemon->msg_ctx_out_queue)) { 304 mutex_unlock(&daemon->mux); 305 rc = wait_event_interruptible( 306 daemon->wait, !list_empty(&daemon->msg_ctx_out_queue)); 307 mutex_lock(&daemon->mux); 308 if (rc < 0) { 309 rc = 0; 310 goto out_unlock_daemon; 311 } 312 } 313 if (daemon->flags & ECRYPTFS_DAEMON_ZOMBIE) { 314 rc = 0; 315 goto out_unlock_daemon; 316 } 317 if (list_empty(&daemon->msg_ctx_out_queue)) { 318 /* Something else jumped in since the 319 * wait_event_interruptable() and removed the 320 * message from the queue; try again */ 321 goto check_list; 322 } 323 msg_ctx = list_first_entry(&daemon->msg_ctx_out_queue, 324 struct ecryptfs_msg_ctx, daemon_out_list); 325 BUG_ON(!msg_ctx); 326 mutex_lock(&msg_ctx->mux); 327 if (msg_ctx->msg) { 328 rc = ecryptfs_write_packet_length(packet_length, 329 msg_ctx->msg_size, 330 &packet_length_size); 331 if (rc) { 332 rc = 0; 333 printk(KERN_WARNING "%s: Error writing packet length; " 334 "rc = [%d]\n", __func__, rc); 335 goto out_unlock_msg_ctx; 336 } 337 } else { 338 packet_length_size = 0; 339 msg_ctx->msg_size = 0; 340 } 341 total_length = (PKT_TYPE_SIZE + PKT_CTR_SIZE + packet_length_size 342 + msg_ctx->msg_size); 343 if (count < total_length) { 344 rc = 0; 345 printk(KERN_WARNING "%s: Only given user buffer of " 346 "size [%zd], but we need [%zd] to read the " 347 "pending message\n", __func__, count, total_length); 348 goto out_unlock_msg_ctx; 349 } 350 rc = -EFAULT; 351 if (put_user(msg_ctx->type, buf)) 352 goto out_unlock_msg_ctx; 353 if (put_user(cpu_to_be32(msg_ctx->counter), 354 (__be32 __user *)(&buf[PKT_CTR_OFFSET]))) 355 goto out_unlock_msg_ctx; 356 i = PKT_TYPE_SIZE + PKT_CTR_SIZE; 357 if (msg_ctx->msg) { 358 if (copy_to_user(&buf[i], packet_length, packet_length_size)) 359 goto out_unlock_msg_ctx; 360 i += packet_length_size; 361 if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size)) 362 goto out_unlock_msg_ctx; 363 i += msg_ctx->msg_size; 364 } 365 rc = i; 366 list_del(&msg_ctx->daemon_out_list); 367 kfree(msg_ctx->msg); 368 msg_ctx->msg = NULL; 369 /* We do not expect a reply from the userspace daemon for any 370 * message type other than ECRYPTFS_MSG_REQUEST */ 371 if (msg_ctx->type != ECRYPTFS_MSG_REQUEST) 372 ecryptfs_msg_ctx_alloc_to_free(msg_ctx); 373 out_unlock_msg_ctx: 374 mutex_unlock(&msg_ctx->mux); 375 out_unlock_daemon: 376 daemon->flags &= ~ECRYPTFS_DAEMON_IN_READ; 377 mutex_unlock(&daemon->mux); 378 return rc; 379 } 380 381 /** 382 * ecryptfs_miscdev_response - miscdevess response to message previously sent to daemon 383 * @data: Bytes comprising struct ecryptfs_message 384 * @data_size: sizeof(struct ecryptfs_message) + data len 385 * @euid: Effective user id of miscdevess sending the miscdev response 386 * @user_ns: The namespace in which @euid applies 387 * @pid: Miscdevess id of miscdevess sending the miscdev response 388 * @seq: Sequence number for miscdev response packet 389 * 390 * Returns zero on success; non-zero otherwise 391 */ 392 static int ecryptfs_miscdev_response(char *data, size_t data_size, 393 uid_t euid, struct user_namespace *user_ns, 394 struct pid *pid, u32 seq) 395 { 396 struct ecryptfs_message *msg = (struct ecryptfs_message *)data; 397 int rc; 398 399 if ((sizeof(*msg) + msg->data_len) != data_size) { 400 printk(KERN_WARNING "%s: (sizeof(*msg) + msg->data_len) = " 401 "[%zd]; data_size = [%zd]. Invalid packet.\n", __func__, 402 (sizeof(*msg) + msg->data_len), data_size); 403 rc = -EINVAL; 404 goto out; 405 } 406 rc = ecryptfs_process_response(msg, euid, user_ns, pid, seq); 407 if (rc) 408 printk(KERN_ERR 409 "Error processing response message; rc = [%d]\n", rc); 410 out: 411 return rc; 412 } 413 414 /** 415 * ecryptfs_miscdev_write - handle write to daemon miscdev handle 416 * @file: File for misc dev handle (ignored) 417 * @buf: Buffer containing user data 418 * @count: Amount of data in @buf 419 * @ppos: Pointer to offset in file (ignored) 420 * 421 * Returns the number of bytes read from @buf 422 */ 423 static ssize_t 424 ecryptfs_miscdev_write(struct file *file, const char __user *buf, 425 size_t count, loff_t *ppos) 426 { 427 __be32 counter_nbo; 428 u32 seq; 429 size_t packet_size, packet_size_length; 430 char *data; 431 uid_t euid = current_euid(); 432 unsigned char packet_size_peek[ECRYPTFS_MAX_PKT_LEN_SIZE]; 433 ssize_t rc; 434 435 if (count == 0) { 436 return 0; 437 } else if (count == MIN_NON_MSG_PKT_SIZE) { 438 /* Likely a harmless MSG_HELO or MSG_QUIT - no packet length */ 439 goto memdup; 440 } else if (count < MIN_MSG_PKT_SIZE || count > MAX_MSG_PKT_SIZE) { 441 printk(KERN_WARNING "%s: Acceptable packet size range is " 442 "[%d-%zu], but amount of data written is [%zu].", 443 __func__, MIN_MSG_PKT_SIZE, MAX_MSG_PKT_SIZE, count); 444 return -EINVAL; 445 } 446 447 if (copy_from_user(packet_size_peek, &buf[PKT_LEN_OFFSET], 448 sizeof(packet_size_peek))) { 449 printk(KERN_WARNING "%s: Error while inspecting packet size\n", 450 __func__); 451 return -EFAULT; 452 } 453 454 rc = ecryptfs_parse_packet_length(packet_size_peek, &packet_size, 455 &packet_size_length); 456 if (rc) { 457 printk(KERN_WARNING "%s: Error parsing packet length; " 458 "rc = [%zd]\n", __func__, rc); 459 return rc; 460 } 461 462 if ((PKT_TYPE_SIZE + PKT_CTR_SIZE + packet_size_length + packet_size) 463 != count) { 464 printk(KERN_WARNING "%s: Invalid packet size [%zu]\n", __func__, 465 packet_size); 466 return -EINVAL; 467 } 468 469 memdup: 470 data = memdup_user(buf, count); 471 if (IS_ERR(data)) { 472 printk(KERN_ERR "%s: memdup_user returned error [%ld]\n", 473 __func__, PTR_ERR(data)); 474 return PTR_ERR(data); 475 } 476 switch (data[PKT_TYPE_OFFSET]) { 477 case ECRYPTFS_MSG_RESPONSE: 478 if (count < (MIN_MSG_PKT_SIZE 479 + sizeof(struct ecryptfs_message))) { 480 printk(KERN_WARNING "%s: Minimum acceptable packet " 481 "size is [%zd], but amount of data written is " 482 "only [%zd]. Discarding response packet.\n", 483 __func__, 484 (MIN_MSG_PKT_SIZE 485 + sizeof(struct ecryptfs_message)), count); 486 rc = -EINVAL; 487 goto out_free; 488 } 489 memcpy(&counter_nbo, &data[PKT_CTR_OFFSET], PKT_CTR_SIZE); 490 seq = be32_to_cpu(counter_nbo); 491 rc = ecryptfs_miscdev_response( 492 &data[PKT_LEN_OFFSET + packet_size_length], 493 packet_size, euid, current_user_ns(), 494 task_pid(current), seq); 495 if (rc) { 496 printk(KERN_WARNING "%s: Failed to deliver miscdev " 497 "response to requesting operation; rc = [%zd]\n", 498 __func__, rc); 499 goto out_free; 500 } 501 break; 502 case ECRYPTFS_MSG_HELO: 503 case ECRYPTFS_MSG_QUIT: 504 break; 505 default: 506 ecryptfs_printk(KERN_WARNING, "Dropping miscdev " 507 "message of unrecognized type [%d]\n", 508 data[0]); 509 rc = -EINVAL; 510 goto out_free; 511 } 512 rc = count; 513 out_free: 514 kfree(data); 515 return rc; 516 } 517 518 519 static const struct file_operations ecryptfs_miscdev_fops = { 520 .open = ecryptfs_miscdev_open, 521 .poll = ecryptfs_miscdev_poll, 522 .read = ecryptfs_miscdev_read, 523 .write = ecryptfs_miscdev_write, 524 .release = ecryptfs_miscdev_release, 525 .llseek = noop_llseek, 526 }; 527 528 static struct miscdevice ecryptfs_miscdev = { 529 .minor = MISC_DYNAMIC_MINOR, 530 .name = "ecryptfs", 531 .fops = &ecryptfs_miscdev_fops 532 }; 533 534 /** 535 * ecryptfs_init_ecryptfs_miscdev 536 * 537 * Messages sent to the userspace daemon from the kernel are placed on 538 * a queue associated with the daemon. The next read against the 539 * miscdev handle by that daemon will return the oldest message placed 540 * on the message queue for the daemon. 541 * 542 * Returns zero on success; non-zero otherwise 543 */ 544 int __init ecryptfs_init_ecryptfs_miscdev(void) 545 { 546 int rc; 547 548 atomic_set(&ecryptfs_num_miscdev_opens, 0); 549 rc = misc_register(&ecryptfs_miscdev); 550 if (rc) 551 printk(KERN_ERR "%s: Failed to register miscellaneous device " 552 "for communications with userspace daemons; rc = [%d]\n", 553 __func__, rc); 554 return rc; 555 } 556 557 /** 558 * ecryptfs_destroy_ecryptfs_miscdev 559 * 560 * All of the daemons must be exorcised prior to calling this 561 * function. 562 */ 563 void ecryptfs_destroy_ecryptfs_miscdev(void) 564 { 565 BUG_ON(atomic_read(&ecryptfs_num_miscdev_opens) != 0); 566 misc_deregister(&ecryptfs_miscdev); 567 } 568