xref: /linux/include/linux/fscrypt.h (revision be709d48329a500621d2a05835283150ae137b45)
1 /* SPDX-License-Identifier: GPL-2.0 */
2 /*
3  * fscrypt.h: declarations for per-file encryption
4  *
5  * Filesystems that implement per-file encryption must include this header
6  * file.
7  *
8  * Copyright (C) 2015, Google, Inc.
9  *
10  * Written by Michael Halcrow, 2015.
11  * Modified by Jaegeuk Kim, 2015.
12  */
13 #ifndef _LINUX_FSCRYPT_H
14 #define _LINUX_FSCRYPT_H
15 
16 #include <linux/fs.h>
17 #include <linux/mm.h>
18 #include <linux/slab.h>
19 
20 #define FS_CRYPTO_BLOCK_SIZE		16
21 
22 struct fscrypt_ctx;
23 struct fscrypt_info;
24 
25 struct fscrypt_str {
26 	unsigned char *name;
27 	u32 len;
28 };
29 
30 struct fscrypt_name {
31 	const struct qstr *usr_fname;
32 	struct fscrypt_str disk_name;
33 	u32 hash;
34 	u32 minor_hash;
35 	struct fscrypt_str crypto_buf;
36 };
37 
38 #define FSTR_INIT(n, l)		{ .name = n, .len = l }
39 #define FSTR_TO_QSTR(f)		QSTR_INIT((f)->name, (f)->len)
40 #define fname_name(p)		((p)->disk_name.name)
41 #define fname_len(p)		((p)->disk_name.len)
42 
43 /* Maximum value for the third parameter of fscrypt_operations.set_context(). */
44 #define FSCRYPT_SET_CONTEXT_MAX_SIZE	28
45 
46 #ifdef CONFIG_FS_ENCRYPTION
47 /*
48  * fscrypt superblock flags
49  */
50 #define FS_CFLG_OWN_PAGES (1U << 1)
51 
52 /*
53  * crypto operations for filesystems
54  */
55 struct fscrypt_operations {
56 	unsigned int flags;
57 	const char *key_prefix;
58 	int (*get_context)(struct inode *, void *, size_t);
59 	int (*set_context)(struct inode *, const void *, size_t, void *);
60 	bool (*dummy_context)(struct inode *);
61 	bool (*empty_dir)(struct inode *);
62 	unsigned int max_namelen;
63 };
64 
65 struct fscrypt_ctx {
66 	union {
67 		struct {
68 			struct page *bounce_page;	/* Ciphertext page */
69 			struct page *control_page;	/* Original page  */
70 		} w;
71 		struct {
72 			struct bio *bio;
73 			struct work_struct work;
74 		} r;
75 		struct list_head free_list;	/* Free list */
76 	};
77 	u8 flags;				/* Flags */
78 };
79 
80 static inline bool fscrypt_has_encryption_key(const struct inode *inode)
81 {
82 	return (inode->i_crypt_info != NULL);
83 }
84 
85 static inline bool fscrypt_dummy_context_enabled(struct inode *inode)
86 {
87 	return inode->i_sb->s_cop->dummy_context &&
88 		inode->i_sb->s_cop->dummy_context(inode);
89 }
90 
91 /* crypto.c */
92 extern void fscrypt_enqueue_decrypt_work(struct work_struct *);
93 extern struct fscrypt_ctx *fscrypt_get_ctx(const struct inode *, gfp_t);
94 extern void fscrypt_release_ctx(struct fscrypt_ctx *);
95 extern struct page *fscrypt_encrypt_page(const struct inode *, struct page *,
96 						unsigned int, unsigned int,
97 						u64, gfp_t);
98 extern int fscrypt_decrypt_page(const struct inode *, struct page *, unsigned int,
99 				unsigned int, u64);
100 
101 static inline struct page *fscrypt_control_page(struct page *page)
102 {
103 	return ((struct fscrypt_ctx *)page_private(page))->w.control_page;
104 }
105 
106 extern void fscrypt_restore_control_page(struct page *);
107 
108 /* policy.c */
109 extern int fscrypt_ioctl_set_policy(struct file *, const void __user *);
110 extern int fscrypt_ioctl_get_policy(struct file *, void __user *);
111 extern int fscrypt_has_permitted_context(struct inode *, struct inode *);
112 extern int fscrypt_inherit_context(struct inode *, struct inode *,
113 					void *, bool);
114 /* keyinfo.c */
115 extern int fscrypt_get_encryption_info(struct inode *);
116 extern void fscrypt_put_encryption_info(struct inode *);
117 
118 /* fname.c */
119 extern int fscrypt_setup_filename(struct inode *, const struct qstr *,
120 				int lookup, struct fscrypt_name *);
121 
122 static inline void fscrypt_free_filename(struct fscrypt_name *fname)
123 {
124 	kfree(fname->crypto_buf.name);
125 }
126 
127 extern int fscrypt_fname_alloc_buffer(const struct inode *, u32,
128 				struct fscrypt_str *);
129 extern void fscrypt_fname_free_buffer(struct fscrypt_str *);
130 extern int fscrypt_fname_disk_to_usr(struct inode *, u32, u32,
131 			const struct fscrypt_str *, struct fscrypt_str *);
132 
133 #define FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE	32
134 
135 /* Extracts the second-to-last ciphertext block; see explanation below */
136 #define FSCRYPT_FNAME_DIGEST(name, len)	\
137 	((name) + round_down((len) - FS_CRYPTO_BLOCK_SIZE - 1, \
138 			     FS_CRYPTO_BLOCK_SIZE))
139 
140 #define FSCRYPT_FNAME_DIGEST_SIZE	FS_CRYPTO_BLOCK_SIZE
141 
142 /**
143  * fscrypt_digested_name - alternate identifier for an on-disk filename
144  *
145  * When userspace lists an encrypted directory without access to the key,
146  * filenames whose ciphertext is longer than FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE
147  * bytes are shown in this abbreviated form (base64-encoded) rather than as the
148  * full ciphertext (base64-encoded).  This is necessary to allow supporting
149  * filenames up to NAME_MAX bytes, since base64 encoding expands the length.
150  *
151  * To make it possible for filesystems to still find the correct directory entry
152  * despite not knowing the full on-disk name, we encode any filesystem-specific
153  * 'hash' and/or 'minor_hash' which the filesystem may need for its lookups,
154  * followed by the second-to-last ciphertext block of the filename.  Due to the
155  * use of the CBC-CTS encryption mode, the second-to-last ciphertext block
156  * depends on the full plaintext.  (Note that ciphertext stealing causes the
157  * last two blocks to appear "flipped".)  This makes accidental collisions very
158  * unlikely: just a 1 in 2^128 chance for two filenames to collide even if they
159  * share the same filesystem-specific hashes.
160  *
161  * However, this scheme isn't immune to intentional collisions, which can be
162  * created by anyone able to create arbitrary plaintext filenames and view them
163  * without the key.  Making the "digest" be a real cryptographic hash like
164  * SHA-256 over the full ciphertext would prevent this, although it would be
165  * less efficient and harder to implement, especially since the filesystem would
166  * need to calculate it for each directory entry examined during a search.
167  */
168 struct fscrypt_digested_name {
169 	u32 hash;
170 	u32 minor_hash;
171 	u8 digest[FSCRYPT_FNAME_DIGEST_SIZE];
172 };
173 
174 /**
175  * fscrypt_match_name() - test whether the given name matches a directory entry
176  * @fname: the name being searched for
177  * @de_name: the name from the directory entry
178  * @de_name_len: the length of @de_name in bytes
179  *
180  * Normally @fname->disk_name will be set, and in that case we simply compare
181  * that to the name stored in the directory entry.  The only exception is that
182  * if we don't have the key for an encrypted directory and a filename in it is
183  * very long, then we won't have the full disk_name and we'll instead need to
184  * match against the fscrypt_digested_name.
185  *
186  * Return: %true if the name matches, otherwise %false.
187  */
188 static inline bool fscrypt_match_name(const struct fscrypt_name *fname,
189 				      const u8 *de_name, u32 de_name_len)
190 {
191 	if (unlikely(!fname->disk_name.name)) {
192 		const struct fscrypt_digested_name *n =
193 			(const void *)fname->crypto_buf.name;
194 		if (WARN_ON_ONCE(fname->usr_fname->name[0] != '_'))
195 			return false;
196 		if (de_name_len <= FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE)
197 			return false;
198 		return !memcmp(FSCRYPT_FNAME_DIGEST(de_name, de_name_len),
199 			       n->digest, FSCRYPT_FNAME_DIGEST_SIZE);
200 	}
201 
202 	if (de_name_len != fname->disk_name.len)
203 		return false;
204 	return !memcmp(de_name, fname->disk_name.name, fname->disk_name.len);
205 }
206 
207 /* bio.c */
208 extern void fscrypt_decrypt_bio(struct bio *);
209 extern void fscrypt_enqueue_decrypt_bio(struct fscrypt_ctx *ctx,
210 					struct bio *bio);
211 extern void fscrypt_pullback_bio_page(struct page **, bool);
212 extern int fscrypt_zeroout_range(const struct inode *, pgoff_t, sector_t,
213 				 unsigned int);
214 
215 /* hooks.c */
216 extern int fscrypt_file_open(struct inode *inode, struct file *filp);
217 extern int __fscrypt_prepare_link(struct inode *inode, struct inode *dir);
218 extern int __fscrypt_prepare_rename(struct inode *old_dir,
219 				    struct dentry *old_dentry,
220 				    struct inode *new_dir,
221 				    struct dentry *new_dentry,
222 				    unsigned int flags);
223 extern int __fscrypt_prepare_lookup(struct inode *dir, struct dentry *dentry);
224 extern int __fscrypt_prepare_symlink(struct inode *dir, unsigned int len,
225 				     unsigned int max_len,
226 				     struct fscrypt_str *disk_link);
227 extern int __fscrypt_encrypt_symlink(struct inode *inode, const char *target,
228 				     unsigned int len,
229 				     struct fscrypt_str *disk_link);
230 extern const char *fscrypt_get_symlink(struct inode *inode, const void *caddr,
231 				       unsigned int max_size,
232 				       struct delayed_call *done);
233 #else  /* !CONFIG_FS_ENCRYPTION */
234 
235 static inline bool fscrypt_has_encryption_key(const struct inode *inode)
236 {
237 	return false;
238 }
239 
240 static inline bool fscrypt_dummy_context_enabled(struct inode *inode)
241 {
242 	return false;
243 }
244 
245 /* crypto.c */
246 static inline void fscrypt_enqueue_decrypt_work(struct work_struct *work)
247 {
248 }
249 
250 static inline struct fscrypt_ctx *fscrypt_get_ctx(const struct inode *inode,
251 						  gfp_t gfp_flags)
252 {
253 	return ERR_PTR(-EOPNOTSUPP);
254 }
255 
256 static inline void fscrypt_release_ctx(struct fscrypt_ctx *ctx)
257 {
258 	return;
259 }
260 
261 static inline struct page *fscrypt_encrypt_page(const struct inode *inode,
262 						struct page *page,
263 						unsigned int len,
264 						unsigned int offs,
265 						u64 lblk_num, gfp_t gfp_flags)
266 {
267 	return ERR_PTR(-EOPNOTSUPP);
268 }
269 
270 static inline int fscrypt_decrypt_page(const struct inode *inode,
271 				       struct page *page,
272 				       unsigned int len, unsigned int offs,
273 				       u64 lblk_num)
274 {
275 	return -EOPNOTSUPP;
276 }
277 
278 static inline struct page *fscrypt_control_page(struct page *page)
279 {
280 	WARN_ON_ONCE(1);
281 	return ERR_PTR(-EINVAL);
282 }
283 
284 static inline void fscrypt_restore_control_page(struct page *page)
285 {
286 	return;
287 }
288 
289 /* policy.c */
290 static inline int fscrypt_ioctl_set_policy(struct file *filp,
291 					   const void __user *arg)
292 {
293 	return -EOPNOTSUPP;
294 }
295 
296 static inline int fscrypt_ioctl_get_policy(struct file *filp, void __user *arg)
297 {
298 	return -EOPNOTSUPP;
299 }
300 
301 static inline int fscrypt_has_permitted_context(struct inode *parent,
302 						struct inode *child)
303 {
304 	return 0;
305 }
306 
307 static inline int fscrypt_inherit_context(struct inode *parent,
308 					  struct inode *child,
309 					  void *fs_data, bool preload)
310 {
311 	return -EOPNOTSUPP;
312 }
313 
314 /* keyinfo.c */
315 static inline int fscrypt_get_encryption_info(struct inode *inode)
316 {
317 	return -EOPNOTSUPP;
318 }
319 
320 static inline void fscrypt_put_encryption_info(struct inode *inode)
321 {
322 	return;
323 }
324 
325  /* fname.c */
326 static inline int fscrypt_setup_filename(struct inode *dir,
327 					 const struct qstr *iname,
328 					 int lookup, struct fscrypt_name *fname)
329 {
330 	if (IS_ENCRYPTED(dir))
331 		return -EOPNOTSUPP;
332 
333 	memset(fname, 0, sizeof(struct fscrypt_name));
334 	fname->usr_fname = iname;
335 	fname->disk_name.name = (unsigned char *)iname->name;
336 	fname->disk_name.len = iname->len;
337 	return 0;
338 }
339 
340 static inline void fscrypt_free_filename(struct fscrypt_name *fname)
341 {
342 	return;
343 }
344 
345 static inline int fscrypt_fname_alloc_buffer(const struct inode *inode,
346 					     u32 max_encrypted_len,
347 					     struct fscrypt_str *crypto_str)
348 {
349 	return -EOPNOTSUPP;
350 }
351 
352 static inline void fscrypt_fname_free_buffer(struct fscrypt_str *crypto_str)
353 {
354 	return;
355 }
356 
357 static inline int fscrypt_fname_disk_to_usr(struct inode *inode,
358 					    u32 hash, u32 minor_hash,
359 					    const struct fscrypt_str *iname,
360 					    struct fscrypt_str *oname)
361 {
362 	return -EOPNOTSUPP;
363 }
364 
365 static inline bool fscrypt_match_name(const struct fscrypt_name *fname,
366 				      const u8 *de_name, u32 de_name_len)
367 {
368 	/* Encryption support disabled; use standard comparison */
369 	if (de_name_len != fname->disk_name.len)
370 		return false;
371 	return !memcmp(de_name, fname->disk_name.name, fname->disk_name.len);
372 }
373 
374 /* bio.c */
375 static inline void fscrypt_decrypt_bio(struct bio *bio)
376 {
377 }
378 
379 static inline void fscrypt_enqueue_decrypt_bio(struct fscrypt_ctx *ctx,
380 					       struct bio *bio)
381 {
382 }
383 
384 static inline void fscrypt_pullback_bio_page(struct page **page, bool restore)
385 {
386 	return;
387 }
388 
389 static inline int fscrypt_zeroout_range(const struct inode *inode, pgoff_t lblk,
390 					sector_t pblk, unsigned int len)
391 {
392 	return -EOPNOTSUPP;
393 }
394 
395 /* hooks.c */
396 
397 static inline int fscrypt_file_open(struct inode *inode, struct file *filp)
398 {
399 	if (IS_ENCRYPTED(inode))
400 		return -EOPNOTSUPP;
401 	return 0;
402 }
403 
404 static inline int __fscrypt_prepare_link(struct inode *inode,
405 					 struct inode *dir)
406 {
407 	return -EOPNOTSUPP;
408 }
409 
410 static inline int __fscrypt_prepare_rename(struct inode *old_dir,
411 					   struct dentry *old_dentry,
412 					   struct inode *new_dir,
413 					   struct dentry *new_dentry,
414 					   unsigned int flags)
415 {
416 	return -EOPNOTSUPP;
417 }
418 
419 static inline int __fscrypt_prepare_lookup(struct inode *dir,
420 					   struct dentry *dentry)
421 {
422 	return -EOPNOTSUPP;
423 }
424 
425 static inline int __fscrypt_prepare_symlink(struct inode *dir,
426 					    unsigned int len,
427 					    unsigned int max_len,
428 					    struct fscrypt_str *disk_link)
429 {
430 	return -EOPNOTSUPP;
431 }
432 
433 
434 static inline int __fscrypt_encrypt_symlink(struct inode *inode,
435 					    const char *target,
436 					    unsigned int len,
437 					    struct fscrypt_str *disk_link)
438 {
439 	return -EOPNOTSUPP;
440 }
441 
442 static inline const char *fscrypt_get_symlink(struct inode *inode,
443 					      const void *caddr,
444 					      unsigned int max_size,
445 					      struct delayed_call *done)
446 {
447 	return ERR_PTR(-EOPNOTSUPP);
448 }
449 #endif	/* !CONFIG_FS_ENCRYPTION */
450 
451 /**
452  * fscrypt_require_key - require an inode's encryption key
453  * @inode: the inode we need the key for
454  *
455  * If the inode is encrypted, set up its encryption key if not already done.
456  * Then require that the key be present and return -ENOKEY otherwise.
457  *
458  * No locks are needed, and the key will live as long as the struct inode --- so
459  * it won't go away from under you.
460  *
461  * Return: 0 on success, -ENOKEY if the key is missing, or another -errno code
462  * if a problem occurred while setting up the encryption key.
463  */
464 static inline int fscrypt_require_key(struct inode *inode)
465 {
466 	if (IS_ENCRYPTED(inode)) {
467 		int err = fscrypt_get_encryption_info(inode);
468 
469 		if (err)
470 			return err;
471 		if (!fscrypt_has_encryption_key(inode))
472 			return -ENOKEY;
473 	}
474 	return 0;
475 }
476 
477 /**
478  * fscrypt_prepare_link - prepare to link an inode into a possibly-encrypted directory
479  * @old_dentry: an existing dentry for the inode being linked
480  * @dir: the target directory
481  * @dentry: negative dentry for the target filename
482  *
483  * A new link can only be added to an encrypted directory if the directory's
484  * encryption key is available --- since otherwise we'd have no way to encrypt
485  * the filename.  Therefore, we first set up the directory's encryption key (if
486  * not already done) and return an error if it's unavailable.
487  *
488  * We also verify that the link will not violate the constraint that all files
489  * in an encrypted directory tree use the same encryption policy.
490  *
491  * Return: 0 on success, -ENOKEY if the directory's encryption key is missing,
492  * -EXDEV if the link would result in an inconsistent encryption policy, or
493  * another -errno code.
494  */
495 static inline int fscrypt_prepare_link(struct dentry *old_dentry,
496 				       struct inode *dir,
497 				       struct dentry *dentry)
498 {
499 	if (IS_ENCRYPTED(dir))
500 		return __fscrypt_prepare_link(d_inode(old_dentry), dir);
501 	return 0;
502 }
503 
504 /**
505  * fscrypt_prepare_rename - prepare for a rename between possibly-encrypted directories
506  * @old_dir: source directory
507  * @old_dentry: dentry for source file
508  * @new_dir: target directory
509  * @new_dentry: dentry for target location (may be negative unless exchanging)
510  * @flags: rename flags (we care at least about %RENAME_EXCHANGE)
511  *
512  * Prepare for ->rename() where the source and/or target directories may be
513  * encrypted.  A new link can only be added to an encrypted directory if the
514  * directory's encryption key is available --- since otherwise we'd have no way
515  * to encrypt the filename.  A rename to an existing name, on the other hand,
516  * *is* cryptographically possible without the key.  However, we take the more
517  * conservative approach and just forbid all no-key renames.
518  *
519  * We also verify that the rename will not violate the constraint that all files
520  * in an encrypted directory tree use the same encryption policy.
521  *
522  * Return: 0 on success, -ENOKEY if an encryption key is missing, -EXDEV if the
523  * rename would cause inconsistent encryption policies, or another -errno code.
524  */
525 static inline int fscrypt_prepare_rename(struct inode *old_dir,
526 					 struct dentry *old_dentry,
527 					 struct inode *new_dir,
528 					 struct dentry *new_dentry,
529 					 unsigned int flags)
530 {
531 	if (IS_ENCRYPTED(old_dir) || IS_ENCRYPTED(new_dir))
532 		return __fscrypt_prepare_rename(old_dir, old_dentry,
533 						new_dir, new_dentry, flags);
534 	return 0;
535 }
536 
537 /**
538  * fscrypt_prepare_lookup - prepare to lookup a name in a possibly-encrypted directory
539  * @dir: directory being searched
540  * @dentry: filename being looked up
541  * @flags: lookup flags
542  *
543  * Prepare for ->lookup() in a directory which may be encrypted.  Lookups can be
544  * done with or without the directory's encryption key; without the key,
545  * filenames are presented in encrypted form.  Therefore, we'll try to set up
546  * the directory's encryption key, but even without it the lookup can continue.
547  *
548  * To allow invalidating stale dentries if the directory's encryption key is
549  * added later, we also install a custom ->d_revalidate() method and use the
550  * DCACHE_ENCRYPTED_WITH_KEY flag to indicate whether a given dentry is a
551  * plaintext name (flag set) or a ciphertext name (flag cleared).
552  *
553  * Return: 0 on success, -errno if a problem occurred while setting up the
554  * encryption key
555  */
556 static inline int fscrypt_prepare_lookup(struct inode *dir,
557 					 struct dentry *dentry,
558 					 unsigned int flags)
559 {
560 	if (IS_ENCRYPTED(dir))
561 		return __fscrypt_prepare_lookup(dir, dentry);
562 	return 0;
563 }
564 
565 /**
566  * fscrypt_prepare_setattr - prepare to change a possibly-encrypted inode's attributes
567  * @dentry: dentry through which the inode is being changed
568  * @attr: attributes to change
569  *
570  * Prepare for ->setattr() on a possibly-encrypted inode.  On an encrypted file,
571  * most attribute changes are allowed even without the encryption key.  However,
572  * without the encryption key we do have to forbid truncates.  This is needed
573  * because the size being truncated to may not be a multiple of the filesystem
574  * block size, and in that case we'd have to decrypt the final block, zero the
575  * portion past i_size, and re-encrypt it.  (We *could* allow truncating to a
576  * filesystem block boundary, but it's simpler to just forbid all truncates ---
577  * and we already forbid all other contents modifications without the key.)
578  *
579  * Return: 0 on success, -ENOKEY if the key is missing, or another -errno code
580  * if a problem occurred while setting up the encryption key.
581  */
582 static inline int fscrypt_prepare_setattr(struct dentry *dentry,
583 					  struct iattr *attr)
584 {
585 	if (attr->ia_valid & ATTR_SIZE)
586 		return fscrypt_require_key(d_inode(dentry));
587 	return 0;
588 }
589 
590 /**
591  * fscrypt_prepare_symlink - prepare to create a possibly-encrypted symlink
592  * @dir: directory in which the symlink is being created
593  * @target: plaintext symlink target
594  * @len: length of @target excluding null terminator
595  * @max_len: space the filesystem has available to store the symlink target
596  * @disk_link: (out) the on-disk symlink target being prepared
597  *
598  * This function computes the size the symlink target will require on-disk,
599  * stores it in @disk_link->len, and validates it against @max_len.  An
600  * encrypted symlink may be longer than the original.
601  *
602  * Additionally, @disk_link->name is set to @target if the symlink will be
603  * unencrypted, but left NULL if the symlink will be encrypted.  For encrypted
604  * symlinks, the filesystem must call fscrypt_encrypt_symlink() to create the
605  * on-disk target later.  (The reason for the two-step process is that some
606  * filesystems need to know the size of the symlink target before creating the
607  * inode, e.g. to determine whether it will be a "fast" or "slow" symlink.)
608  *
609  * Return: 0 on success, -ENAMETOOLONG if the symlink target is too long,
610  * -ENOKEY if the encryption key is missing, or another -errno code if a problem
611  * occurred while setting up the encryption key.
612  */
613 static inline int fscrypt_prepare_symlink(struct inode *dir,
614 					  const char *target,
615 					  unsigned int len,
616 					  unsigned int max_len,
617 					  struct fscrypt_str *disk_link)
618 {
619 	if (IS_ENCRYPTED(dir) || fscrypt_dummy_context_enabled(dir))
620 		return __fscrypt_prepare_symlink(dir, len, max_len, disk_link);
621 
622 	disk_link->name = (unsigned char *)target;
623 	disk_link->len = len + 1;
624 	if (disk_link->len > max_len)
625 		return -ENAMETOOLONG;
626 	return 0;
627 }
628 
629 /**
630  * fscrypt_encrypt_symlink - encrypt the symlink target if needed
631  * @inode: symlink inode
632  * @target: plaintext symlink target
633  * @len: length of @target excluding null terminator
634  * @disk_link: (in/out) the on-disk symlink target being prepared
635  *
636  * If the symlink target needs to be encrypted, then this function encrypts it
637  * into @disk_link->name.  fscrypt_prepare_symlink() must have been called
638  * previously to compute @disk_link->len.  If the filesystem did not allocate a
639  * buffer for @disk_link->name after calling fscrypt_prepare_link(), then one
640  * will be kmalloc()'ed and the filesystem will be responsible for freeing it.
641  *
642  * Return: 0 on success, -errno on failure
643  */
644 static inline int fscrypt_encrypt_symlink(struct inode *inode,
645 					  const char *target,
646 					  unsigned int len,
647 					  struct fscrypt_str *disk_link)
648 {
649 	if (IS_ENCRYPTED(inode))
650 		return __fscrypt_encrypt_symlink(inode, target, len, disk_link);
651 	return 0;
652 }
653 
654 #endif	/* _LINUX_FSCRYPT_H */
655