2 * eCryptfs: Linux filesystem encryption layer
4 * Copyright (C) 1997-2004 Erez Zadok
5 * Copyright (C) 2001-2004 Stony Brook University
6 * Copyright (C) 2004-2007 International Business Machines Corp.
7 * Author(s): Michael A. Halcrow <mahalcro@us.ibm.com>
8 * Michael C. Thompsion <mcthomps@us.ibm.com>
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License as
12 * published by the Free Software Foundation; either version 2 of the
13 * License, or (at your option) any later version.
15 * This program is distributed in the hope that it will be useful, but
16 * WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 * General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
26 #include <linux/file.h>
27 #include <linux/vmalloc.h>
28 #include <linux/pagemap.h>
29 #include <linux/dcache.h>
30 #include <linux/namei.h>
31 #include <linux/mount.h>
32 #include <linux/crypto.h>
33 #include <linux/fs_stack.h>
34 #include <linux/slab.h>
35 #include <asm/unaligned.h>
36 #include "ecryptfs_kernel.h"
38 static struct dentry
*lock_parent(struct dentry
*dentry
)
42 dir
= dget_parent(dentry
);
43 mutex_lock_nested(&(dir
->d_inode
->i_mutex
), I_MUTEX_PARENT
);
47 static void unlock_dir(struct dentry
*dir
)
49 mutex_unlock(&dir
->d_inode
->i_mutex
);
54 * ecryptfs_create_underlying_file
55 * @lower_dir_inode: inode of the parent in the lower fs of the new file
56 * @dentry: New file's dentry
57 * @mode: The mode of the new file
58 * @nd: nameidata of ecryptfs' parent's dentry & vfsmount
60 * Creates the file in the lower file system.
62 * Returns zero on success; non-zero on error condition
65 ecryptfs_create_underlying_file(struct inode
*lower_dir_inode
,
66 struct dentry
*dentry
, int mode
,
69 struct dentry
*lower_dentry
= ecryptfs_dentry_to_lower(dentry
);
70 struct vfsmount
*lower_mnt
= ecryptfs_dentry_to_lower_mnt(dentry
);
71 struct dentry
*dentry_save
;
72 struct vfsmount
*vfsmount_save
;
75 dentry_save
= nd
->path
.dentry
;
76 vfsmount_save
= nd
->path
.mnt
;
77 nd
->path
.dentry
= lower_dentry
;
78 nd
->path
.mnt
= lower_mnt
;
79 rc
= vfs_create(lower_dir_inode
, lower_dentry
, mode
, nd
);
80 nd
->path
.dentry
= dentry_save
;
81 nd
->path
.mnt
= vfsmount_save
;
87 * @directory_inode: inode of the new file's dentry's parent in ecryptfs
88 * @ecryptfs_dentry: New file's dentry in ecryptfs
89 * @mode: The mode of the new file
90 * @nd: nameidata of ecryptfs' parent's dentry & vfsmount
92 * Creates the underlying file and the eCryptfs inode which will link to
93 * it. It will also update the eCryptfs directory inode to mimic the
94 * stat of the lower directory inode.
96 * Returns zero on success; non-zero on error condition
99 ecryptfs_do_create(struct inode
*directory_inode
,
100 struct dentry
*ecryptfs_dentry
, int mode
,
101 struct nameidata
*nd
)
104 struct dentry
*lower_dentry
;
105 struct dentry
*lower_dir_dentry
;
107 lower_dentry
= ecryptfs_dentry_to_lower(ecryptfs_dentry
);
108 lower_dir_dentry
= lock_parent(lower_dentry
);
109 if (IS_ERR(lower_dir_dentry
)) {
110 ecryptfs_printk(KERN_ERR
, "Error locking directory of "
112 rc
= PTR_ERR(lower_dir_dentry
);
115 rc
= ecryptfs_create_underlying_file(lower_dir_dentry
->d_inode
,
116 ecryptfs_dentry
, mode
, nd
);
118 printk(KERN_ERR
"%s: Failure to create dentry in lower fs; "
119 "rc = [%d]\n", __func__
, rc
);
122 rc
= ecryptfs_interpose(lower_dentry
, ecryptfs_dentry
,
123 directory_inode
->i_sb
, 0);
125 ecryptfs_printk(KERN_ERR
, "Failure in ecryptfs_interpose\n");
128 fsstack_copy_attr_times(directory_inode
, lower_dir_dentry
->d_inode
);
129 fsstack_copy_inode_size(directory_inode
, lower_dir_dentry
->d_inode
);
131 unlock_dir(lower_dir_dentry
);
138 * @ecryptfs_dentry: the eCryptfs dentry
140 * This is the code which will grow the file to its correct size.
142 static int grow_file(struct dentry
*ecryptfs_dentry
)
144 struct inode
*ecryptfs_inode
= ecryptfs_dentry
->d_inode
;
145 struct file fake_file
;
146 struct ecryptfs_file_info tmp_file_info
;
147 char zero_virt
[] = { 0x00 };
150 memset(&fake_file
, 0, sizeof(fake_file
));
151 fake_file
.f_path
.dentry
= ecryptfs_dentry
;
152 memset(&tmp_file_info
, 0, sizeof(tmp_file_info
));
153 ecryptfs_set_file_private(&fake_file
, &tmp_file_info
);
154 ecryptfs_set_file_lower(
156 ecryptfs_inode_to_private(ecryptfs_inode
)->lower_file
);
157 rc
= ecryptfs_write(&fake_file
, zero_virt
, 0, 1);
158 i_size_write(ecryptfs_inode
, 0);
159 rc
= ecryptfs_write_inode_size_to_metadata(ecryptfs_inode
);
160 ecryptfs_inode_to_private(ecryptfs_inode
)->crypt_stat
.flags
|=
166 * ecryptfs_initialize_file
168 * Cause the file to be changed from a basic empty file to an ecryptfs
169 * file with a header and first data page.
171 * Returns zero on success
173 static int ecryptfs_initialize_file(struct dentry
*ecryptfs_dentry
)
175 struct ecryptfs_crypt_stat
*crypt_stat
=
176 &ecryptfs_inode_to_private(ecryptfs_dentry
->d_inode
)->crypt_stat
;
179 if (S_ISDIR(ecryptfs_dentry
->d_inode
->i_mode
)) {
180 ecryptfs_printk(KERN_DEBUG
, "This is a directory\n");
181 crypt_stat
->flags
&= ~(ECRYPTFS_ENCRYPTED
);
184 crypt_stat
->flags
|= ECRYPTFS_NEW_FILE
;
185 ecryptfs_printk(KERN_DEBUG
, "Initializing crypto context\n");
186 rc
= ecryptfs_new_file_context(ecryptfs_dentry
);
188 ecryptfs_printk(KERN_ERR
, "Error creating new file "
189 "context; rc = [%d]\n", rc
);
192 if (!ecryptfs_inode_to_private(ecryptfs_dentry
->d_inode
)->lower_file
) {
193 rc
= ecryptfs_init_persistent_file(ecryptfs_dentry
);
195 printk(KERN_ERR
"%s: Error attempting to initialize "
196 "the persistent file for the dentry with name "
197 "[%s]; rc = [%d]\n", __func__
,
198 ecryptfs_dentry
->d_name
.name
, rc
);
202 rc
= ecryptfs_write_metadata(ecryptfs_dentry
);
204 printk(KERN_ERR
"Error writing headers; rc = [%d]\n", rc
);
207 rc
= grow_file(ecryptfs_dentry
);
209 printk(KERN_ERR
"Error growing file; rc = [%d]\n", rc
);
216 * @dir: The inode of the directory in which to create the file.
217 * @dentry: The eCryptfs dentry
218 * @mode: The mode of the new file.
221 * Creates a new file.
223 * Returns zero on success; non-zero on error condition
226 ecryptfs_create(struct inode
*directory_inode
, struct dentry
*ecryptfs_dentry
,
227 int mode
, struct nameidata
*nd
)
231 /* ecryptfs_do_create() calls ecryptfs_interpose() */
232 rc
= ecryptfs_do_create(directory_inode
, ecryptfs_dentry
, mode
, nd
);
234 ecryptfs_printk(KERN_WARNING
, "Failed to create file in"
235 "lower filesystem\n");
238 /* At this point, a file exists on "disk"; we need to make sure
239 * that this on disk file is prepared to be an ecryptfs file */
240 rc
= ecryptfs_initialize_file(ecryptfs_dentry
);
246 * ecryptfs_lookup_and_interpose_lower - Perform a lookup
248 int ecryptfs_lookup_and_interpose_lower(struct dentry
*ecryptfs_dentry
,
249 struct dentry
*lower_dentry
,
250 struct inode
*ecryptfs_dir_inode
,
251 struct nameidata
*ecryptfs_nd
)
253 struct dentry
*lower_dir_dentry
;
254 struct vfsmount
*lower_mnt
;
255 struct inode
*lower_inode
;
256 struct ecryptfs_mount_crypt_stat
*mount_crypt_stat
;
257 struct ecryptfs_crypt_stat
*crypt_stat
;
258 char *page_virt
= NULL
;
262 lower_dir_dentry
= lower_dentry
->d_parent
;
263 lower_mnt
= mntget(ecryptfs_dentry_to_lower_mnt(
264 ecryptfs_dentry
->d_parent
));
265 lower_inode
= lower_dentry
->d_inode
;
266 fsstack_copy_attr_atime(ecryptfs_dir_inode
, lower_dir_dentry
->d_inode
);
267 BUG_ON(!atomic_read(&lower_dentry
->d_count
));
268 ecryptfs_set_dentry_private(ecryptfs_dentry
,
269 kmem_cache_alloc(ecryptfs_dentry_info_cache
,
271 if (!ecryptfs_dentry_to_private(ecryptfs_dentry
)) {
273 printk(KERN_ERR
"%s: Out of memory whilst attempting "
274 "to allocate ecryptfs_dentry_info struct\n",
278 ecryptfs_set_dentry_lower(ecryptfs_dentry
, lower_dentry
);
279 ecryptfs_set_dentry_lower_mnt(ecryptfs_dentry
, lower_mnt
);
280 if (!lower_dentry
->d_inode
) {
281 /* We want to add because we couldn't find in lower */
282 d_add(ecryptfs_dentry
, NULL
);
285 rc
= ecryptfs_interpose(lower_dentry
, ecryptfs_dentry
,
286 ecryptfs_dir_inode
->i_sb
,
287 ECRYPTFS_INTERPOSE_FLAG_D_ADD
);
289 printk(KERN_ERR
"%s: Error interposing; rc = [%d]\n",
293 if (S_ISDIR(lower_inode
->i_mode
))
295 if (S_ISLNK(lower_inode
->i_mode
))
297 if (special_file(lower_inode
->i_mode
))
301 /* Released in this function */
302 page_virt
= kmem_cache_zalloc(ecryptfs_header_cache_2
, GFP_USER
);
304 printk(KERN_ERR
"%s: Cannot kmem_cache_zalloc() a page\n",
309 if (!ecryptfs_inode_to_private(ecryptfs_dentry
->d_inode
)->lower_file
) {
310 rc
= ecryptfs_init_persistent_file(ecryptfs_dentry
);
312 printk(KERN_ERR
"%s: Error attempting to initialize "
313 "the persistent file for the dentry with name "
314 "[%s]; rc = [%d]\n", __func__
,
315 ecryptfs_dentry
->d_name
.name
, rc
);
319 crypt_stat
= &ecryptfs_inode_to_private(
320 ecryptfs_dentry
->d_inode
)->crypt_stat
;
321 /* TODO: lock for crypt_stat comparison */
322 if (!(crypt_stat
->flags
& ECRYPTFS_POLICY_APPLIED
))
323 ecryptfs_set_default_sizes(crypt_stat
);
324 rc
= ecryptfs_read_and_validate_header_region(page_virt
,
325 ecryptfs_dentry
->d_inode
);
327 memset(page_virt
, 0, PAGE_CACHE_SIZE
);
328 rc
= ecryptfs_read_and_validate_xattr_region(page_virt
,
334 crypt_stat
->flags
|= ECRYPTFS_METADATA_IN_XATTR
;
336 mount_crypt_stat
= &ecryptfs_superblock_to_private(
337 ecryptfs_dentry
->d_sb
)->mount_crypt_stat
;
338 if (mount_crypt_stat
->flags
& ECRYPTFS_ENCRYPTED_VIEW_ENABLED
) {
339 if (crypt_stat
->flags
& ECRYPTFS_METADATA_IN_XATTR
)
340 file_size
= (crypt_stat
->metadata_size
341 + i_size_read(lower_dentry
->d_inode
));
343 file_size
= i_size_read(lower_dentry
->d_inode
);
345 file_size
= get_unaligned_be64(page_virt
);
347 i_size_write(ecryptfs_dentry
->d_inode
, (loff_t
)file_size
);
349 kmem_cache_free(ecryptfs_header_cache_2
, page_virt
);
354 d_drop(ecryptfs_dentry
);
361 * @ecryptfs_dir_inode: The eCryptfs directory inode
362 * @ecryptfs_dentry: The eCryptfs dentry that we are looking up
363 * @ecryptfs_nd: nameidata; may be NULL
365 * Find a file on disk. If the file does not exist, then we'll add it to the
366 * dentry cache and continue on to read it from the disk.
368 static struct dentry
*ecryptfs_lookup(struct inode
*ecryptfs_dir_inode
,
369 struct dentry
*ecryptfs_dentry
,
370 struct nameidata
*ecryptfs_nd
)
372 char *encrypted_and_encoded_name
= NULL
;
373 size_t encrypted_and_encoded_name_size
;
374 struct ecryptfs_mount_crypt_stat
*mount_crypt_stat
= NULL
;
375 struct dentry
*lower_dir_dentry
, *lower_dentry
;
378 ecryptfs_dentry
->d_op
= &ecryptfs_dops
;
379 if ((ecryptfs_dentry
->d_name
.len
== 1
380 && !strcmp(ecryptfs_dentry
->d_name
.name
, "."))
381 || (ecryptfs_dentry
->d_name
.len
== 2
382 && !strcmp(ecryptfs_dentry
->d_name
.name
, ".."))) {
385 lower_dir_dentry
= ecryptfs_dentry_to_lower(ecryptfs_dentry
->d_parent
);
386 mutex_lock(&lower_dir_dentry
->d_inode
->i_mutex
);
387 lower_dentry
= lookup_one_len(ecryptfs_dentry
->d_name
.name
,
389 ecryptfs_dentry
->d_name
.len
);
390 mutex_unlock(&lower_dir_dentry
->d_inode
->i_mutex
);
391 if (IS_ERR(lower_dentry
)) {
392 rc
= PTR_ERR(lower_dentry
);
393 ecryptfs_printk(KERN_DEBUG
, "%s: lookup_one_len() returned "
394 "[%d] on lower_dentry = [%s]\n", __func__
, rc
,
395 encrypted_and_encoded_name
);
398 if (lower_dentry
->d_inode
)
399 goto lookup_and_interpose
;
400 mount_crypt_stat
= &ecryptfs_superblock_to_private(
401 ecryptfs_dentry
->d_sb
)->mount_crypt_stat
;
402 if (!(mount_crypt_stat
403 && (mount_crypt_stat
->flags
& ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES
)))
404 goto lookup_and_interpose
;
406 rc
= ecryptfs_encrypt_and_encode_filename(
407 &encrypted_and_encoded_name
, &encrypted_and_encoded_name_size
,
408 NULL
, mount_crypt_stat
, ecryptfs_dentry
->d_name
.name
,
409 ecryptfs_dentry
->d_name
.len
);
411 printk(KERN_ERR
"%s: Error attempting to encrypt and encode "
412 "filename; rc = [%d]\n", __func__
, rc
);
415 mutex_lock(&lower_dir_dentry
->d_inode
->i_mutex
);
416 lower_dentry
= lookup_one_len(encrypted_and_encoded_name
,
418 encrypted_and_encoded_name_size
- 1);
419 mutex_unlock(&lower_dir_dentry
->d_inode
->i_mutex
);
420 if (IS_ERR(lower_dentry
)) {
421 rc
= PTR_ERR(lower_dentry
);
422 ecryptfs_printk(KERN_DEBUG
, "%s: lookup_one_len() returned "
423 "[%d] on lower_dentry = [%s]\n", __func__
, rc
,
424 encrypted_and_encoded_name
);
427 lookup_and_interpose
:
428 rc
= ecryptfs_lookup_and_interpose_lower(ecryptfs_dentry
, lower_dentry
,
433 d_drop(ecryptfs_dentry
);
435 kfree(encrypted_and_encoded_name
);
439 static int ecryptfs_link(struct dentry
*old_dentry
, struct inode
*dir
,
440 struct dentry
*new_dentry
)
442 struct dentry
*lower_old_dentry
;
443 struct dentry
*lower_new_dentry
;
444 struct dentry
*lower_dir_dentry
;
448 file_size_save
= i_size_read(old_dentry
->d_inode
);
449 lower_old_dentry
= ecryptfs_dentry_to_lower(old_dentry
);
450 lower_new_dentry
= ecryptfs_dentry_to_lower(new_dentry
);
451 dget(lower_old_dentry
);
452 dget(lower_new_dentry
);
453 lower_dir_dentry
= lock_parent(lower_new_dentry
);
454 rc
= vfs_link(lower_old_dentry
, lower_dir_dentry
->d_inode
,
456 if (rc
|| !lower_new_dentry
->d_inode
)
458 rc
= ecryptfs_interpose(lower_new_dentry
, new_dentry
, dir
->i_sb
, 0);
461 fsstack_copy_attr_times(dir
, lower_dir_dentry
->d_inode
);
462 fsstack_copy_inode_size(dir
, lower_dir_dentry
->d_inode
);
463 old_dentry
->d_inode
->i_nlink
=
464 ecryptfs_inode_to_lower(old_dentry
->d_inode
)->i_nlink
;
465 i_size_write(new_dentry
->d_inode
, file_size_save
);
467 unlock_dir(lower_dir_dentry
);
468 dput(lower_new_dentry
);
469 dput(lower_old_dentry
);
473 static int ecryptfs_unlink(struct inode
*dir
, struct dentry
*dentry
)
476 struct dentry
*lower_dentry
= ecryptfs_dentry_to_lower(dentry
);
477 struct inode
*lower_dir_inode
= ecryptfs_inode_to_lower(dir
);
478 struct dentry
*lower_dir_dentry
;
481 lower_dir_dentry
= lock_parent(lower_dentry
);
482 rc
= vfs_unlink(lower_dir_inode
, lower_dentry
);
484 printk(KERN_ERR
"Error in vfs_unlink; rc = [%d]\n", rc
);
487 fsstack_copy_attr_times(dir
, lower_dir_inode
);
488 dentry
->d_inode
->i_nlink
=
489 ecryptfs_inode_to_lower(dentry
->d_inode
)->i_nlink
;
490 dentry
->d_inode
->i_ctime
= dir
->i_ctime
;
493 unlock_dir(lower_dir_dentry
);
498 static int ecryptfs_symlink(struct inode
*dir
, struct dentry
*dentry
,
502 struct dentry
*lower_dentry
;
503 struct dentry
*lower_dir_dentry
;
504 char *encoded_symname
;
505 size_t encoded_symlen
;
506 struct ecryptfs_mount_crypt_stat
*mount_crypt_stat
= NULL
;
508 lower_dentry
= ecryptfs_dentry_to_lower(dentry
);
510 lower_dir_dentry
= lock_parent(lower_dentry
);
511 mount_crypt_stat
= &ecryptfs_superblock_to_private(
512 dir
->i_sb
)->mount_crypt_stat
;
513 rc
= ecryptfs_encrypt_and_encode_filename(&encoded_symname
,
516 mount_crypt_stat
, symname
,
520 rc
= vfs_symlink(lower_dir_dentry
->d_inode
, lower_dentry
,
522 kfree(encoded_symname
);
523 if (rc
|| !lower_dentry
->d_inode
)
525 rc
= ecryptfs_interpose(lower_dentry
, dentry
, dir
->i_sb
, 0);
528 fsstack_copy_attr_times(dir
, lower_dir_dentry
->d_inode
);
529 fsstack_copy_inode_size(dir
, lower_dir_dentry
->d_inode
);
531 unlock_dir(lower_dir_dentry
);
533 if (!dentry
->d_inode
)
538 static int ecryptfs_mkdir(struct inode
*dir
, struct dentry
*dentry
, int mode
)
541 struct dentry
*lower_dentry
;
542 struct dentry
*lower_dir_dentry
;
544 lower_dentry
= ecryptfs_dentry_to_lower(dentry
);
545 lower_dir_dentry
= lock_parent(lower_dentry
);
546 rc
= vfs_mkdir(lower_dir_dentry
->d_inode
, lower_dentry
, mode
);
547 if (rc
|| !lower_dentry
->d_inode
)
549 rc
= ecryptfs_interpose(lower_dentry
, dentry
, dir
->i_sb
, 0);
552 fsstack_copy_attr_times(dir
, lower_dir_dentry
->d_inode
);
553 fsstack_copy_inode_size(dir
, lower_dir_dentry
->d_inode
);
554 dir
->i_nlink
= lower_dir_dentry
->d_inode
->i_nlink
;
556 unlock_dir(lower_dir_dentry
);
557 if (!dentry
->d_inode
)
562 static int ecryptfs_rmdir(struct inode
*dir
, struct dentry
*dentry
)
564 struct dentry
*lower_dentry
;
565 struct dentry
*lower_dir_dentry
;
568 lower_dentry
= ecryptfs_dentry_to_lower(dentry
);
570 lower_dir_dentry
= lock_parent(lower_dentry
);
572 rc
= vfs_rmdir(lower_dir_dentry
->d_inode
, lower_dentry
);
575 d_delete(lower_dentry
);
576 fsstack_copy_attr_times(dir
, lower_dir_dentry
->d_inode
);
577 dir
->i_nlink
= lower_dir_dentry
->d_inode
->i_nlink
;
578 unlock_dir(lower_dir_dentry
);
586 ecryptfs_mknod(struct inode
*dir
, struct dentry
*dentry
, int mode
, dev_t dev
)
589 struct dentry
*lower_dentry
;
590 struct dentry
*lower_dir_dentry
;
592 lower_dentry
= ecryptfs_dentry_to_lower(dentry
);
593 lower_dir_dentry
= lock_parent(lower_dentry
);
594 rc
= vfs_mknod(lower_dir_dentry
->d_inode
, lower_dentry
, mode
, dev
);
595 if (rc
|| !lower_dentry
->d_inode
)
597 rc
= ecryptfs_interpose(lower_dentry
, dentry
, dir
->i_sb
, 0);
600 fsstack_copy_attr_times(dir
, lower_dir_dentry
->d_inode
);
601 fsstack_copy_inode_size(dir
, lower_dir_dentry
->d_inode
);
603 unlock_dir(lower_dir_dentry
);
604 if (!dentry
->d_inode
)
610 ecryptfs_rename(struct inode
*old_dir
, struct dentry
*old_dentry
,
611 struct inode
*new_dir
, struct dentry
*new_dentry
)
614 struct dentry
*lower_old_dentry
;
615 struct dentry
*lower_new_dentry
;
616 struct dentry
*lower_old_dir_dentry
;
617 struct dentry
*lower_new_dir_dentry
;
618 struct dentry
*trap
= NULL
;
620 lower_old_dentry
= ecryptfs_dentry_to_lower(old_dentry
);
621 lower_new_dentry
= ecryptfs_dentry_to_lower(new_dentry
);
622 dget(lower_old_dentry
);
623 dget(lower_new_dentry
);
624 lower_old_dir_dentry
= dget_parent(lower_old_dentry
);
625 lower_new_dir_dentry
= dget_parent(lower_new_dentry
);
626 trap
= lock_rename(lower_old_dir_dentry
, lower_new_dir_dentry
);
627 /* source should not be ancestor of target */
628 if (trap
== lower_old_dentry
) {
632 /* target should not be ancestor of source */
633 if (trap
== lower_new_dentry
) {
637 rc
= vfs_rename(lower_old_dir_dentry
->d_inode
, lower_old_dentry
,
638 lower_new_dir_dentry
->d_inode
, lower_new_dentry
);
641 fsstack_copy_attr_all(new_dir
, lower_new_dir_dentry
->d_inode
);
642 if (new_dir
!= old_dir
)
643 fsstack_copy_attr_all(old_dir
, lower_old_dir_dentry
->d_inode
);
645 unlock_rename(lower_old_dir_dentry
, lower_new_dir_dentry
);
646 dput(lower_new_dentry
->d_parent
);
647 dput(lower_old_dentry
->d_parent
);
648 dput(lower_new_dentry
);
649 dput(lower_old_dentry
);
653 static int ecryptfs_readlink_lower(struct dentry
*dentry
, char **buf
,
656 struct dentry
*lower_dentry
= ecryptfs_dentry_to_lower(dentry
);
658 size_t lower_bufsiz
= PATH_MAX
;
662 lower_buf
= kmalloc(lower_bufsiz
, GFP_KERNEL
);
669 rc
= lower_dentry
->d_inode
->i_op
->readlink(lower_dentry
,
670 (char __user
*)lower_buf
,
676 rc
= ecryptfs_decode_and_decrypt_filename(buf
, bufsiz
, dentry
,
677 lower_buf
, lower_bufsiz
);
684 ecryptfs_readlink(struct dentry
*dentry
, char __user
*buf
, int bufsiz
)
687 size_t kbufsiz
, copied
;
690 rc
= ecryptfs_readlink_lower(dentry
, &kbuf
, &kbufsiz
);
693 copied
= min_t(size_t, bufsiz
, kbufsiz
);
694 rc
= copy_to_user(buf
, kbuf
, copied
) ? -EFAULT
: copied
;
696 fsstack_copy_attr_atime(dentry
->d_inode
,
697 ecryptfs_dentry_to_lower(dentry
)->d_inode
);
702 static void *ecryptfs_follow_link(struct dentry
*dentry
, struct nameidata
*nd
)
705 int len
= PAGE_SIZE
, rc
;
708 /* Released in ecryptfs_put_link(); only release here on error */
709 buf
= kmalloc(len
, GFP_KERNEL
);
711 buf
= ERR_PTR(-ENOMEM
);
716 rc
= dentry
->d_inode
->i_op
->readlink(dentry
, (char __user
*)buf
, len
);
724 nd_set_link(nd
, buf
);
729 ecryptfs_put_link(struct dentry
*dentry
, struct nameidata
*nd
, void *ptr
)
731 char *buf
= nd_get_link(nd
);
739 * upper_size_to_lower_size
740 * @crypt_stat: Crypt_stat associated with file
741 * @upper_size: Size of the upper file
743 * Calculate the required size of the lower file based on the
744 * specified size of the upper file. This calculation is based on the
745 * number of headers in the underlying file and the extent size.
747 * Returns Calculated size of the lower file.
750 upper_size_to_lower_size(struct ecryptfs_crypt_stat
*crypt_stat
,
755 lower_size
= ecryptfs_lower_header_size(crypt_stat
);
756 if (upper_size
!= 0) {
759 num_extents
= upper_size
>> crypt_stat
->extent_shift
;
760 if (upper_size
& ~crypt_stat
->extent_mask
)
762 lower_size
+= (num_extents
* crypt_stat
->extent_size
);
769 * @dentry: The ecryptfs layer dentry
770 * @ia: Address of the ecryptfs inode's attributes
771 * @lower_ia: Address of the lower inode's attributes
773 * Function to handle truncations modifying the size of the file. Note
774 * that the file sizes are interpolated. When expanding, we are simply
775 * writing strings of 0's out. When truncating, we truncate the upper
776 * inode and update the lower_ia according to the page index
777 * interpolations. If ATTR_SIZE is set in lower_ia->ia_valid upon return,
778 * the caller must use lower_ia in a call to notify_change() to perform
779 * the truncation of the lower inode.
781 * Returns zero on success; non-zero otherwise
783 static int truncate_upper(struct dentry
*dentry
, struct iattr
*ia
,
784 struct iattr
*lower_ia
)
787 struct inode
*inode
= dentry
->d_inode
;
788 struct dentry
*lower_dentry
;
789 struct file fake_ecryptfs_file
;
790 struct ecryptfs_crypt_stat
*crypt_stat
;
791 loff_t i_size
= i_size_read(inode
);
792 loff_t lower_size_before_truncate
;
793 loff_t lower_size_after_truncate
;
795 if (unlikely((ia
->ia_size
== i_size
))) {
796 lower_ia
->ia_valid
&= ~ATTR_SIZE
;
799 crypt_stat
= &ecryptfs_inode_to_private(dentry
->d_inode
)->crypt_stat
;
800 /* Set up a fake ecryptfs file, this is used to interface with
801 * the file in the underlying filesystem so that the
802 * truncation has an effect there as well. */
803 memset(&fake_ecryptfs_file
, 0, sizeof(fake_ecryptfs_file
));
804 fake_ecryptfs_file
.f_path
.dentry
= dentry
;
805 /* Released at out_free: label */
806 ecryptfs_set_file_private(&fake_ecryptfs_file
,
807 kmem_cache_alloc(ecryptfs_file_info_cache
,
809 if (unlikely(!ecryptfs_file_to_private(&fake_ecryptfs_file
))) {
813 lower_dentry
= ecryptfs_dentry_to_lower(dentry
);
814 ecryptfs_set_file_lower(
816 ecryptfs_inode_to_private(dentry
->d_inode
)->lower_file
);
817 /* Switch on growing or shrinking file */
818 if (ia
->ia_size
> i_size
) {
819 char zero
[] = { 0x00 };
821 lower_ia
->ia_valid
&= ~ATTR_SIZE
;
822 /* Write a single 0 at the last position of the file;
823 * this triggers code that will fill in 0's throughout
824 * the intermediate portion of the previous end of the
825 * file and the new and of the file */
826 rc
= ecryptfs_write(&fake_ecryptfs_file
, zero
,
827 (ia
->ia_size
- 1), 1);
828 } else { /* ia->ia_size < i_size_read(inode) */
829 /* We're chopping off all the pages down to the page
830 * in which ia->ia_size is located. Fill in the end of
831 * that page from (ia->ia_size & ~PAGE_CACHE_MASK) to
832 * PAGE_CACHE_SIZE with zeros. */
833 size_t num_zeros
= (PAGE_CACHE_SIZE
834 - (ia
->ia_size
& ~PAGE_CACHE_MASK
));
836 if (!(crypt_stat
->flags
& ECRYPTFS_ENCRYPTED
)) {
837 rc
= vmtruncate(inode
, ia
->ia_size
);
840 lower_ia
->ia_size
= ia
->ia_size
;
841 lower_ia
->ia_valid
|= ATTR_SIZE
;
847 zeros_virt
= kzalloc(num_zeros
, GFP_KERNEL
);
852 rc
= ecryptfs_write(&fake_ecryptfs_file
, zeros_virt
,
853 ia
->ia_size
, num_zeros
);
856 printk(KERN_ERR
"Error attempting to zero out "
857 "the remainder of the end page on "
858 "reducing truncate; rc = [%d]\n", rc
);
862 vmtruncate(inode
, ia
->ia_size
);
863 rc
= ecryptfs_write_inode_size_to_metadata(inode
);
865 printk(KERN_ERR
"Problem with "
866 "ecryptfs_write_inode_size_to_metadata; "
870 /* We are reducing the size of the ecryptfs file, and need to
871 * know if we need to reduce the size of the lower file. */
872 lower_size_before_truncate
=
873 upper_size_to_lower_size(crypt_stat
, i_size
);
874 lower_size_after_truncate
=
875 upper_size_to_lower_size(crypt_stat
, ia
->ia_size
);
876 if (lower_size_after_truncate
< lower_size_before_truncate
) {
877 lower_ia
->ia_size
= lower_size_after_truncate
;
878 lower_ia
->ia_valid
|= ATTR_SIZE
;
880 lower_ia
->ia_valid
&= ~ATTR_SIZE
;
883 if (ecryptfs_file_to_private(&fake_ecryptfs_file
))
884 kmem_cache_free(ecryptfs_file_info_cache
,
885 ecryptfs_file_to_private(&fake_ecryptfs_file
));
892 * @dentry: The ecryptfs layer dentry
893 * @new_length: The length to expand the file to
895 * Simple function that handles the truncation of an eCryptfs inode and
896 * its corresponding lower inode.
898 * Returns zero on success; non-zero otherwise
900 int ecryptfs_truncate(struct dentry
*dentry
, loff_t new_length
)
902 struct iattr ia
= { .ia_valid
= ATTR_SIZE
, .ia_size
= new_length
};
903 struct iattr lower_ia
= { .ia_valid
= 0 };
906 rc
= truncate_upper(dentry
, &ia
, &lower_ia
);
907 if (!rc
&& lower_ia
.ia_valid
& ATTR_SIZE
) {
908 struct dentry
*lower_dentry
= ecryptfs_dentry_to_lower(dentry
);
910 mutex_lock(&lower_dentry
->d_inode
->i_mutex
);
911 rc
= notify_change(lower_dentry
, &lower_ia
);
912 mutex_unlock(&lower_dentry
->d_inode
->i_mutex
);
918 ecryptfs_permission(struct inode
*inode
, int mask
)
920 return inode_permission(ecryptfs_inode_to_lower(inode
), mask
);
925 * @dentry: dentry handle to the inode to modify
926 * @ia: Structure with flags of what to change and values
928 * Updates the metadata of an inode. If the update is to the size
929 * i.e. truncation, then ecryptfs_truncate will handle the size modification
930 * of both the ecryptfs inode and the lower inode.
932 * All other metadata changes will be passed right to the lower filesystem,
933 * and we will just update our inode to look like the lower.
935 static int ecryptfs_setattr(struct dentry
*dentry
, struct iattr
*ia
)
938 struct dentry
*lower_dentry
;
939 struct iattr lower_ia
;
941 struct inode
*lower_inode
;
942 struct ecryptfs_crypt_stat
*crypt_stat
;
944 crypt_stat
= &ecryptfs_inode_to_private(dentry
->d_inode
)->crypt_stat
;
945 if (!(crypt_stat
->flags
& ECRYPTFS_STRUCT_INITIALIZED
))
946 ecryptfs_init_crypt_stat(crypt_stat
);
947 inode
= dentry
->d_inode
;
948 lower_inode
= ecryptfs_inode_to_lower(inode
);
949 lower_dentry
= ecryptfs_dentry_to_lower(dentry
);
950 mutex_lock(&crypt_stat
->cs_mutex
);
951 if (S_ISDIR(dentry
->d_inode
->i_mode
))
952 crypt_stat
->flags
&= ~(ECRYPTFS_ENCRYPTED
);
953 else if (S_ISREG(dentry
->d_inode
->i_mode
)
954 && (!(crypt_stat
->flags
& ECRYPTFS_POLICY_APPLIED
)
955 || !(crypt_stat
->flags
& ECRYPTFS_KEY_VALID
))) {
956 struct ecryptfs_mount_crypt_stat
*mount_crypt_stat
;
958 mount_crypt_stat
= &ecryptfs_superblock_to_private(
959 dentry
->d_sb
)->mount_crypt_stat
;
960 rc
= ecryptfs_read_metadata(dentry
);
962 if (!(mount_crypt_stat
->flags
963 & ECRYPTFS_PLAINTEXT_PASSTHROUGH_ENABLED
)) {
965 printk(KERN_WARNING
"Either the lower file "
966 "is not in a valid eCryptfs format, "
967 "or the key could not be retrieved. "
968 "Plaintext passthrough mode is not "
969 "enabled; returning -EIO\n");
970 mutex_unlock(&crypt_stat
->cs_mutex
);
974 crypt_stat
->flags
&= ~(ECRYPTFS_ENCRYPTED
);
977 mutex_unlock(&crypt_stat
->cs_mutex
);
978 memcpy(&lower_ia
, ia
, sizeof(lower_ia
));
979 if (ia
->ia_valid
& ATTR_FILE
)
980 lower_ia
.ia_file
= ecryptfs_file_to_lower(ia
->ia_file
);
981 if (ia
->ia_valid
& ATTR_SIZE
) {
982 rc
= truncate_upper(dentry
, ia
, &lower_ia
);
988 * mode change is for clearing setuid/setgid bits. Allow lower fs
989 * to interpret this in its own way.
991 if (lower_ia
.ia_valid
& (ATTR_KILL_SUID
| ATTR_KILL_SGID
))
992 lower_ia
.ia_valid
&= ~ATTR_MODE
;
994 mutex_lock(&lower_dentry
->d_inode
->i_mutex
);
995 rc
= notify_change(lower_dentry
, &lower_ia
);
996 mutex_unlock(&lower_dentry
->d_inode
->i_mutex
);
998 fsstack_copy_attr_all(inode
, lower_inode
);
1002 int ecryptfs_getattr_link(struct vfsmount
*mnt
, struct dentry
*dentry
,
1005 struct ecryptfs_mount_crypt_stat
*mount_crypt_stat
;
1008 mount_crypt_stat
= &ecryptfs_superblock_to_private(
1009 dentry
->d_sb
)->mount_crypt_stat
;
1010 generic_fillattr(dentry
->d_inode
, stat
);
1011 if (mount_crypt_stat
->flags
& ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES
) {
1015 rc
= ecryptfs_readlink_lower(dentry
, &target
, &targetsiz
);
1018 stat
->size
= targetsiz
;
1024 int ecryptfs_getattr(struct vfsmount
*mnt
, struct dentry
*dentry
,
1027 struct kstat lower_stat
;
1030 rc
= vfs_getattr(ecryptfs_dentry_to_lower_mnt(dentry
),
1031 ecryptfs_dentry_to_lower(dentry
), &lower_stat
);
1033 generic_fillattr(dentry
->d_inode
, stat
);
1034 stat
->blocks
= lower_stat
.blocks
;
1040 ecryptfs_setxattr(struct dentry
*dentry
, const char *name
, const void *value
,
1041 size_t size
, int flags
)
1044 struct dentry
*lower_dentry
;
1046 lower_dentry
= ecryptfs_dentry_to_lower(dentry
);
1047 if (!lower_dentry
->d_inode
->i_op
->setxattr
) {
1051 mutex_lock(&lower_dentry
->d_inode
->i_mutex
);
1052 rc
= lower_dentry
->d_inode
->i_op
->setxattr(lower_dentry
, name
, value
,
1054 mutex_unlock(&lower_dentry
->d_inode
->i_mutex
);
1060 ecryptfs_getxattr_lower(struct dentry
*lower_dentry
, const char *name
,
1061 void *value
, size_t size
)
1065 if (!lower_dentry
->d_inode
->i_op
->getxattr
) {
1069 mutex_lock(&lower_dentry
->d_inode
->i_mutex
);
1070 rc
= lower_dentry
->d_inode
->i_op
->getxattr(lower_dentry
, name
, value
,
1072 mutex_unlock(&lower_dentry
->d_inode
->i_mutex
);
1078 ecryptfs_getxattr(struct dentry
*dentry
, const char *name
, void *value
,
1081 return ecryptfs_getxattr_lower(ecryptfs_dentry_to_lower(dentry
), name
,
1086 ecryptfs_listxattr(struct dentry
*dentry
, char *list
, size_t size
)
1089 struct dentry
*lower_dentry
;
1091 lower_dentry
= ecryptfs_dentry_to_lower(dentry
);
1092 if (!lower_dentry
->d_inode
->i_op
->listxattr
) {
1096 mutex_lock(&lower_dentry
->d_inode
->i_mutex
);
1097 rc
= lower_dentry
->d_inode
->i_op
->listxattr(lower_dentry
, list
, size
);
1098 mutex_unlock(&lower_dentry
->d_inode
->i_mutex
);
1103 static int ecryptfs_removexattr(struct dentry
*dentry
, const char *name
)
1106 struct dentry
*lower_dentry
;
1108 lower_dentry
= ecryptfs_dentry_to_lower(dentry
);
1109 if (!lower_dentry
->d_inode
->i_op
->removexattr
) {
1113 mutex_lock(&lower_dentry
->d_inode
->i_mutex
);
1114 rc
= lower_dentry
->d_inode
->i_op
->removexattr(lower_dentry
, name
);
1115 mutex_unlock(&lower_dentry
->d_inode
->i_mutex
);
1120 int ecryptfs_inode_test(struct inode
*inode
, void *candidate_lower_inode
)
1122 if ((ecryptfs_inode_to_lower(inode
)
1123 == (struct inode
*)candidate_lower_inode
))
1129 int ecryptfs_inode_set(struct inode
*inode
, void *lower_inode
)
1131 ecryptfs_init_inode(inode
, (struct inode
*)lower_inode
);
1135 const struct inode_operations ecryptfs_symlink_iops
= {
1136 .readlink
= ecryptfs_readlink
,
1137 .follow_link
= ecryptfs_follow_link
,
1138 .put_link
= ecryptfs_put_link
,
1139 .permission
= ecryptfs_permission
,
1140 .setattr
= ecryptfs_setattr
,
1141 .getattr
= ecryptfs_getattr_link
,
1142 .setxattr
= ecryptfs_setxattr
,
1143 .getxattr
= ecryptfs_getxattr
,
1144 .listxattr
= ecryptfs_listxattr
,
1145 .removexattr
= ecryptfs_removexattr
1148 const struct inode_operations ecryptfs_dir_iops
= {
1149 .create
= ecryptfs_create
,
1150 .lookup
= ecryptfs_lookup
,
1151 .link
= ecryptfs_link
,
1152 .unlink
= ecryptfs_unlink
,
1153 .symlink
= ecryptfs_symlink
,
1154 .mkdir
= ecryptfs_mkdir
,
1155 .rmdir
= ecryptfs_rmdir
,
1156 .mknod
= ecryptfs_mknod
,
1157 .rename
= ecryptfs_rename
,
1158 .permission
= ecryptfs_permission
,
1159 .setattr
= ecryptfs_setattr
,
1160 .setxattr
= ecryptfs_setxattr
,
1161 .getxattr
= ecryptfs_getxattr
,
1162 .listxattr
= ecryptfs_listxattr
,
1163 .removexattr
= ecryptfs_removexattr
1166 const struct inode_operations ecryptfs_main_iops
= {
1167 .permission
= ecryptfs_permission
,
1168 .setattr
= ecryptfs_setattr
,
1169 .getattr
= ecryptfs_getattr
,
1170 .setxattr
= ecryptfs_setxattr
,
1171 .getxattr
= ecryptfs_getxattr
,
1172 .listxattr
= ecryptfs_listxattr
,
1173 .removexattr
= ecryptfs_removexattr