1 /** 2 * eCryptfs: Linux filesystem encryption layer 3 * 4 * Copyright (C) 2008 International Business Machines Corp. 5 * Author(s): Michael A. Halcrow <mhalcrow@us.ibm.com> 6 * 7 * This program is free software; you can redistribute it and/or 8 * modify it under the terms of the GNU General Public License version 9 * 2 as published by the Free Software Foundation. 10 * 11 * This program is distributed in the hope that it will be useful, but 12 * WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 * General Public License for more details. 15 * 16 * You should have received a copy of the GNU General Public License 17 * along with this program; if not, write to the Free Software 18 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 19 * 02111-1307, USA. 20 */ 21 22 #include <linux/fs.h> 23 #include <linux/hash.h> 24 #include <linux/random.h> 25 #include <linux/miscdevice.h> 26 #include <linux/poll.h> 27 #include <linux/slab.h> 28 #include <linux/wait.h> 29 #include <linux/module.h> 30 #include "ecryptfs_kernel.h" 31 32 static atomic_t ecryptfs_num_miscdev_opens; 33 34 /** 35 * ecryptfs_miscdev_poll 36 * @file: dev file 37 * @pt: dev poll table (ignored) 38 * 39 * Returns the poll mask 40 */ 41 static unsigned int 42 ecryptfs_miscdev_poll(struct file *file, poll_table *pt) 43 { 44 struct ecryptfs_daemon *daemon = file->private_data; 45 unsigned int mask = 0; 46 47 mutex_lock(&daemon->mux); 48 if (daemon->flags & ECRYPTFS_DAEMON_ZOMBIE) { 49 printk(KERN_WARNING "%s: Attempt to poll on zombified " 50 "daemon\n", __func__); 51 goto out_unlock_daemon; 52 } 53 if (daemon->flags & ECRYPTFS_DAEMON_IN_READ) 54 goto out_unlock_daemon; 55 if (daemon->flags & ECRYPTFS_DAEMON_IN_POLL) 56 goto out_unlock_daemon; 57 daemon->flags |= ECRYPTFS_DAEMON_IN_POLL; 58 mutex_unlock(&daemon->mux); 59 poll_wait(file, &daemon->wait, pt); 60 mutex_lock(&daemon->mux); 61 if (!list_empty(&daemon->msg_ctx_out_queue)) 62 mask |= POLLIN | POLLRDNORM; 63 out_unlock_daemon: 64 daemon->flags &= ~ECRYPTFS_DAEMON_IN_POLL; 65 mutex_unlock(&daemon->mux); 66 return mask; 67 } 68 69 /** 70 * ecryptfs_miscdev_open 71 * @inode: inode of miscdev handle (ignored) 72 * @file: file for miscdev handle 73 * 74 * Returns zero on success; non-zero otherwise 75 */ 76 static int 77 ecryptfs_miscdev_open(struct inode *inode, struct file *file) 78 { 79 struct ecryptfs_daemon *daemon = NULL; 80 int rc; 81 82 mutex_lock(&ecryptfs_daemon_hash_mux); 83 rc = ecryptfs_find_daemon_by_euid(&daemon); 84 if (!rc) { 85 rc = -EINVAL; 86 goto out_unlock_daemon_list; 87 } 88 rc = ecryptfs_spawn_daemon(&daemon, file); 89 if (rc) { 90 printk(KERN_ERR "%s: Error attempting to spawn daemon; " 91 "rc = [%d]\n", __func__, rc); 92 goto out_unlock_daemon_list; 93 } 94 mutex_lock(&daemon->mux); 95 if (daemon->flags & ECRYPTFS_DAEMON_MISCDEV_OPEN) { 96 rc = -EBUSY; 97 goto out_unlock_daemon; 98 } 99 daemon->flags |= ECRYPTFS_DAEMON_MISCDEV_OPEN; 100 file->private_data = daemon; 101 atomic_inc(&ecryptfs_num_miscdev_opens); 102 out_unlock_daemon: 103 mutex_unlock(&daemon->mux); 104 out_unlock_daemon_list: 105 mutex_unlock(&ecryptfs_daemon_hash_mux); 106 return rc; 107 } 108 109 /** 110 * ecryptfs_miscdev_release 111 * @inode: inode of fs/ecryptfs/euid handle (ignored) 112 * @file: file for fs/ecryptfs/euid handle 113 * 114 * This keeps the daemon registered until the daemon sends another 115 * ioctl to fs/ecryptfs/ctl or until the kernel module unregisters. 116 * 117 * Returns zero on success; non-zero otherwise 118 */ 119 static int 120 ecryptfs_miscdev_release(struct inode *inode, struct file *file) 121 { 122 struct ecryptfs_daemon *daemon = file->private_data; 123 int rc; 124 125 mutex_lock(&daemon->mux); 126 BUG_ON(!(daemon->flags & ECRYPTFS_DAEMON_MISCDEV_OPEN)); 127 daemon->flags &= ~ECRYPTFS_DAEMON_MISCDEV_OPEN; 128 atomic_dec(&ecryptfs_num_miscdev_opens); 129 mutex_unlock(&daemon->mux); 130 131 mutex_lock(&ecryptfs_daemon_hash_mux); 132 rc = ecryptfs_exorcise_daemon(daemon); 133 mutex_unlock(&ecryptfs_daemon_hash_mux); 134 if (rc) { 135 printk(KERN_CRIT "%s: Fatal error whilst attempting to " 136 "shut down daemon; rc = [%d]. Please report this " 137 "bug.\n", __func__, rc); 138 BUG(); 139 } 140 return rc; 141 } 142 143 /** 144 * ecryptfs_send_miscdev 145 * @data: Data to send to daemon; may be NULL 146 * @data_size: Amount of data to send to daemon 147 * @msg_ctx: Message context, which is used to handle the reply. If 148 * this is NULL, then we do not expect a reply. 149 * @msg_type: Type of message 150 * @msg_flags: Flags for message 151 * @daemon: eCryptfs daemon object 152 * 153 * Add msg_ctx to queue and then, if it exists, notify the blocked 154 * miscdevess about the data being available. Must be called with 155 * ecryptfs_daemon_hash_mux held. 156 * 157 * Returns zero on success; non-zero otherwise 158 */ 159 int ecryptfs_send_miscdev(char *data, size_t data_size, 160 struct ecryptfs_msg_ctx *msg_ctx, u8 msg_type, 161 u16 msg_flags, struct ecryptfs_daemon *daemon) 162 { 163 struct ecryptfs_message *msg; 164 165 msg = kmalloc((sizeof(*msg) + data_size), GFP_KERNEL); 166 if (!msg) { 167 printk(KERN_ERR "%s: Out of memory whilst attempting " 168 "to kmalloc(%zd, GFP_KERNEL)\n", __func__, 169 (sizeof(*msg) + data_size)); 170 return -ENOMEM; 171 } 172 173 mutex_lock(&msg_ctx->mux); 174 msg_ctx->msg = msg; 175 msg_ctx->msg->index = msg_ctx->index; 176 msg_ctx->msg->data_len = data_size; 177 msg_ctx->type = msg_type; 178 memcpy(msg_ctx->msg->data, data, data_size); 179 msg_ctx->msg_size = (sizeof(*msg_ctx->msg) + data_size); 180 list_add_tail(&msg_ctx->daemon_out_list, &daemon->msg_ctx_out_queue); 181 mutex_unlock(&msg_ctx->mux); 182 183 mutex_lock(&daemon->mux); 184 daemon->num_queued_msg_ctx++; 185 wake_up_interruptible(&daemon->wait); 186 mutex_unlock(&daemon->mux); 187 188 return 0; 189 } 190 191 /* 192 * miscdevfs packet format: 193 * Octet 0: Type 194 * Octets 1-4: network byte order msg_ctx->counter 195 * Octets 5-N0: Size of struct ecryptfs_message to follow 196 * Octets N0-N1: struct ecryptfs_message (including data) 197 * 198 * Octets 5-N1 not written if the packet type does not include a message 199 */ 200 #define PKT_TYPE_SIZE 1 201 #define PKT_CTR_SIZE 4 202 #define MIN_NON_MSG_PKT_SIZE (PKT_TYPE_SIZE + PKT_CTR_SIZE) 203 #define MIN_MSG_PKT_SIZE (PKT_TYPE_SIZE + PKT_CTR_SIZE \ 204 + ECRYPTFS_MIN_PKT_LEN_SIZE) 205 /* 4 + ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES comes from tag 65 packet format */ 206 #define MAX_MSG_PKT_SIZE (PKT_TYPE_SIZE + PKT_CTR_SIZE \ 207 + ECRYPTFS_MAX_PKT_LEN_SIZE \ 208 + sizeof(struct ecryptfs_message) \ 209 + 4 + ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES) 210 #define PKT_TYPE_OFFSET 0 211 #define PKT_CTR_OFFSET PKT_TYPE_SIZE 212 #define PKT_LEN_OFFSET (PKT_TYPE_SIZE + PKT_CTR_SIZE) 213 214 /** 215 * ecryptfs_miscdev_read - format and send message from queue 216 * @file: miscdevfs handle 217 * @buf: User buffer into which to copy the next message on the daemon queue 218 * @count: Amount of space available in @buf 219 * @ppos: Offset in file (ignored) 220 * 221 * Pulls the most recent message from the daemon queue, formats it for 222 * being sent via a miscdevfs handle, and copies it into @buf 223 * 224 * Returns the number of bytes copied into the user buffer 225 */ 226 static ssize_t 227 ecryptfs_miscdev_read(struct file *file, char __user *buf, size_t count, 228 loff_t *ppos) 229 { 230 struct ecryptfs_daemon *daemon = file->private_data; 231 struct ecryptfs_msg_ctx *msg_ctx; 232 size_t packet_length_size; 233 char packet_length[ECRYPTFS_MAX_PKT_LEN_SIZE]; 234 size_t i; 235 size_t total_length; 236 int rc; 237 238 mutex_lock(&daemon->mux); 239 if (daemon->flags & ECRYPTFS_DAEMON_ZOMBIE) { 240 rc = 0; 241 printk(KERN_WARNING "%s: Attempt to read from zombified " 242 "daemon\n", __func__); 243 goto out_unlock_daemon; 244 } 245 if (daemon->flags & ECRYPTFS_DAEMON_IN_READ) { 246 rc = 0; 247 goto out_unlock_daemon; 248 } 249 /* This daemon will not go away so long as this flag is set */ 250 daemon->flags |= ECRYPTFS_DAEMON_IN_READ; 251 check_list: 252 if (list_empty(&daemon->msg_ctx_out_queue)) { 253 mutex_unlock(&daemon->mux); 254 rc = wait_event_interruptible( 255 daemon->wait, !list_empty(&daemon->msg_ctx_out_queue)); 256 mutex_lock(&daemon->mux); 257 if (rc < 0) { 258 rc = 0; 259 goto out_unlock_daemon; 260 } 261 } 262 if (daemon->flags & ECRYPTFS_DAEMON_ZOMBIE) { 263 rc = 0; 264 goto out_unlock_daemon; 265 } 266 if (list_empty(&daemon->msg_ctx_out_queue)) { 267 /* Something else jumped in since the 268 * wait_event_interruptable() and removed the 269 * message from the queue; try again */ 270 goto check_list; 271 } 272 msg_ctx = list_first_entry(&daemon->msg_ctx_out_queue, 273 struct ecryptfs_msg_ctx, daemon_out_list); 274 BUG_ON(!msg_ctx); 275 mutex_lock(&msg_ctx->mux); 276 if (msg_ctx->msg) { 277 rc = ecryptfs_write_packet_length(packet_length, 278 msg_ctx->msg_size, 279 &packet_length_size); 280 if (rc) { 281 rc = 0; 282 printk(KERN_WARNING "%s: Error writing packet length; " 283 "rc = [%d]\n", __func__, rc); 284 goto out_unlock_msg_ctx; 285 } 286 } else { 287 packet_length_size = 0; 288 msg_ctx->msg_size = 0; 289 } 290 total_length = (PKT_TYPE_SIZE + PKT_CTR_SIZE + packet_length_size 291 + msg_ctx->msg_size); 292 if (count < total_length) { 293 rc = 0; 294 printk(KERN_WARNING "%s: Only given user buffer of " 295 "size [%zd], but we need [%zd] to read the " 296 "pending message\n", __func__, count, total_length); 297 goto out_unlock_msg_ctx; 298 } 299 rc = -EFAULT; 300 if (put_user(msg_ctx->type, buf)) 301 goto out_unlock_msg_ctx; 302 if (put_user(cpu_to_be32(msg_ctx->counter), 303 (__be32 __user *)(&buf[PKT_CTR_OFFSET]))) 304 goto out_unlock_msg_ctx; 305 i = PKT_TYPE_SIZE + PKT_CTR_SIZE; 306 if (msg_ctx->msg) { 307 if (copy_to_user(&buf[i], packet_length, packet_length_size)) 308 goto out_unlock_msg_ctx; 309 i += packet_length_size; 310 if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size)) 311 goto out_unlock_msg_ctx; 312 i += msg_ctx->msg_size; 313 } 314 rc = i; 315 list_del(&msg_ctx->daemon_out_list); 316 kfree(msg_ctx->msg); 317 msg_ctx->msg = NULL; 318 /* We do not expect a reply from the userspace daemon for any 319 * message type other than ECRYPTFS_MSG_REQUEST */ 320 if (msg_ctx->type != ECRYPTFS_MSG_REQUEST) 321 ecryptfs_msg_ctx_alloc_to_free(msg_ctx); 322 out_unlock_msg_ctx: 323 mutex_unlock(&msg_ctx->mux); 324 out_unlock_daemon: 325 daemon->flags &= ~ECRYPTFS_DAEMON_IN_READ; 326 mutex_unlock(&daemon->mux); 327 return rc; 328 } 329 330 /** 331 * ecryptfs_miscdev_response - miscdevess response to message previously sent to daemon 332 * @data: Bytes comprising struct ecryptfs_message 333 * @data_size: sizeof(struct ecryptfs_message) + data len 334 * @seq: Sequence number for miscdev response packet 335 * 336 * Returns zero on success; non-zero otherwise 337 */ 338 static int ecryptfs_miscdev_response(struct ecryptfs_daemon *daemon, char *data, 339 size_t data_size, u32 seq) 340 { 341 struct ecryptfs_message *msg = (struct ecryptfs_message *)data; 342 int rc; 343 344 if ((sizeof(*msg) + msg->data_len) != data_size) { 345 printk(KERN_WARNING "%s: (sizeof(*msg) + msg->data_len) = " 346 "[%zd]; data_size = [%zd]. Invalid packet.\n", __func__, 347 (sizeof(*msg) + msg->data_len), data_size); 348 rc = -EINVAL; 349 goto out; 350 } 351 rc = ecryptfs_process_response(daemon, msg, seq); 352 if (rc) 353 printk(KERN_ERR 354 "Error processing response message; rc = [%d]\n", rc); 355 out: 356 return rc; 357 } 358 359 /** 360 * ecryptfs_miscdev_write - handle write to daemon miscdev handle 361 * @file: File for misc dev handle 362 * @buf: Buffer containing user data 363 * @count: Amount of data in @buf 364 * @ppos: Pointer to offset in file (ignored) 365 * 366 * Returns the number of bytes read from @buf 367 */ 368 static ssize_t 369 ecryptfs_miscdev_write(struct file *file, const char __user *buf, 370 size_t count, loff_t *ppos) 371 { 372 __be32 counter_nbo; 373 u32 seq; 374 size_t packet_size, packet_size_length; 375 char *data; 376 unsigned char packet_size_peek[ECRYPTFS_MAX_PKT_LEN_SIZE]; 377 ssize_t rc; 378 379 if (count == 0) { 380 return 0; 381 } else if (count == MIN_NON_MSG_PKT_SIZE) { 382 /* Likely a harmless MSG_HELO or MSG_QUIT - no packet length */ 383 goto memdup; 384 } else if (count < MIN_MSG_PKT_SIZE || count > MAX_MSG_PKT_SIZE) { 385 printk(KERN_WARNING "%s: Acceptable packet size range is " 386 "[%d-%zu], but amount of data written is [%zu].", 387 __func__, MIN_MSG_PKT_SIZE, MAX_MSG_PKT_SIZE, count); 388 return -EINVAL; 389 } 390 391 if (copy_from_user(packet_size_peek, &buf[PKT_LEN_OFFSET], 392 sizeof(packet_size_peek))) { 393 printk(KERN_WARNING "%s: Error while inspecting packet size\n", 394 __func__); 395 return -EFAULT; 396 } 397 398 rc = ecryptfs_parse_packet_length(packet_size_peek, &packet_size, 399 &packet_size_length); 400 if (rc) { 401 printk(KERN_WARNING "%s: Error parsing packet length; " 402 "rc = [%zd]\n", __func__, rc); 403 return rc; 404 } 405 406 if ((PKT_TYPE_SIZE + PKT_CTR_SIZE + packet_size_length + packet_size) 407 != count) { 408 printk(KERN_WARNING "%s: Invalid packet size [%zu]\n", __func__, 409 packet_size); 410 return -EINVAL; 411 } 412 413 memdup: 414 data = memdup_user(buf, count); 415 if (IS_ERR(data)) { 416 printk(KERN_ERR "%s: memdup_user returned error [%ld]\n", 417 __func__, PTR_ERR(data)); 418 return PTR_ERR(data); 419 } 420 switch (data[PKT_TYPE_OFFSET]) { 421 case ECRYPTFS_MSG_RESPONSE: 422 if (count < (MIN_MSG_PKT_SIZE 423 + sizeof(struct ecryptfs_message))) { 424 printk(KERN_WARNING "%s: Minimum acceptable packet " 425 "size is [%zd], but amount of data written is " 426 "only [%zd]. Discarding response packet.\n", 427 __func__, 428 (MIN_MSG_PKT_SIZE 429 + sizeof(struct ecryptfs_message)), count); 430 rc = -EINVAL; 431 goto out_free; 432 } 433 memcpy(&counter_nbo, &data[PKT_CTR_OFFSET], PKT_CTR_SIZE); 434 seq = be32_to_cpu(counter_nbo); 435 rc = ecryptfs_miscdev_response(file->private_data, 436 &data[PKT_LEN_OFFSET + packet_size_length], 437 packet_size, seq); 438 if (rc) { 439 printk(KERN_WARNING "%s: Failed to deliver miscdev " 440 "response to requesting operation; rc = [%zd]\n", 441 __func__, rc); 442 goto out_free; 443 } 444 break; 445 case ECRYPTFS_MSG_HELO: 446 case ECRYPTFS_MSG_QUIT: 447 break; 448 default: 449 ecryptfs_printk(KERN_WARNING, "Dropping miscdev " 450 "message of unrecognized type [%d]\n", 451 data[0]); 452 rc = -EINVAL; 453 goto out_free; 454 } 455 rc = count; 456 out_free: 457 kfree(data); 458 return rc; 459 } 460 461 462 static const struct file_operations ecryptfs_miscdev_fops = { 463 .owner = THIS_MODULE, 464 .open = ecryptfs_miscdev_open, 465 .poll = ecryptfs_miscdev_poll, 466 .read = ecryptfs_miscdev_read, 467 .write = ecryptfs_miscdev_write, 468 .release = ecryptfs_miscdev_release, 469 .llseek = noop_llseek, 470 }; 471 472 static struct miscdevice ecryptfs_miscdev = { 473 .minor = MISC_DYNAMIC_MINOR, 474 .name = "ecryptfs", 475 .fops = &ecryptfs_miscdev_fops 476 }; 477 478 /** 479 * ecryptfs_init_ecryptfs_miscdev 480 * 481 * Messages sent to the userspace daemon from the kernel are placed on 482 * a queue associated with the daemon. The next read against the 483 * miscdev handle by that daemon will return the oldest message placed 484 * on the message queue for the daemon. 485 * 486 * Returns zero on success; non-zero otherwise 487 */ 488 int __init ecryptfs_init_ecryptfs_miscdev(void) 489 { 490 int rc; 491 492 atomic_set(&ecryptfs_num_miscdev_opens, 0); 493 rc = misc_register(&ecryptfs_miscdev); 494 if (rc) 495 printk(KERN_ERR "%s: Failed to register miscellaneous device " 496 "for communications with userspace daemons; rc = [%d]\n", 497 __func__, rc); 498 return rc; 499 } 500 501 /** 502 * ecryptfs_destroy_ecryptfs_miscdev 503 * 504 * All of the daemons must be exorcised prior to calling this 505 * function. 506 */ 507 void ecryptfs_destroy_ecryptfs_miscdev(void) 508 { 509 BUG_ON(atomic_read(&ecryptfs_num_miscdev_opens) != 0); 510 misc_deregister(&ecryptfs_miscdev); 511 } 512