search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
USB: io_ti: check firmware version before updating
[linux-2.6/linux-acpi-2.6/ibm-acpi-2.6.git] / fs / ecryptfs / inode.c
blob21801eec43a8e00bfd16345b6dca7d35751fe7b1
1 /**
2 * eCryptfs: Linux filesystem encryption layer
3 *
4 * Copyright (C) 1997-2004 Erez Zadok
5 * Copyright (C) 2001-2004 Stony Brook University
6 * Copyright (C) 2004-2007 International Business Machines Corp.
7 * Author(s): Michael A. Halcrow <mahalcro@us.ibm.com>
8 * Michael C. Thompsion <mcthomps@us.ibm.com>
9 *
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License as
12 * published by the Free Software Foundation; either version 2 of the
13 * License, or (at your option) any later version.
14 *
15 * This program is distributed in the hope that it will be useful, but
16 * WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 * General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
23 * 02111-1307, USA.
24 */
25
26 #include <linux/file.h>
27 #include <linux/vmalloc.h>
28 #include <linux/pagemap.h>
29 #include <linux/dcache.h>
30 #include <linux/namei.h>
31 #include <linux/mount.h>
32 #include <linux/crypto.h>
33 #include <linux/fs_stack.h>
34 #include <linux/slab.h>
35 #include <asm/unaligned.h>
36 #include "ecryptfs_kernel.h"
37
38 static struct dentry *lock_parent(struct dentry *dentry)
39 {
40 struct dentry *dir;
41
42 dir = dget_parent(dentry);
43 mutex_lock_nested(&(dir->d_inode->i_mutex), I_MUTEX_PARENT);
44 return dir;
45 }
46
47 static void unlock_dir(struct dentry *dir)
48 {
49 mutex_unlock(&dir->d_inode->i_mutex);
50 dput(dir);
51 }
52
53 /**
54 * ecryptfs_create_underlying_file
55 * @lower_dir_inode: inode of the parent in the lower fs of the new file
56 * @dentry: New file's dentry
57 * @mode: The mode of the new file
58 * @nd: nameidata of ecryptfs' parent's dentry & vfsmount
59 *
60 * Creates the file in the lower file system.
61 *
62 * Returns zero on success; non-zero on error condition
63 */
64 static int
65 ecryptfs_create_underlying_file(struct inode *lower_dir_inode,
66 struct dentry *dentry, int mode,
67 struct nameidata *nd)
68 {
69 struct dentry *lower_dentry = ecryptfs_dentry_to_lower(dentry);
70 struct vfsmount *lower_mnt = ecryptfs_dentry_to_lower_mnt(dentry);
71 struct dentry *dentry_save;
72 struct vfsmount *vfsmount_save;
73 int rc;
74
75 dentry_save = nd->path.dentry;
76 vfsmount_save = nd->path.mnt;
77 nd->path.dentry = lower_dentry;
78 nd->path.mnt = lower_mnt;
79 rc = vfs_create(lower_dir_inode, lower_dentry, mode, nd);
80 nd->path.dentry = dentry_save;
81 nd->path.mnt = vfsmount_save;
82 return rc;
83 }
84
85 /**
86 * ecryptfs_do_create
87 * @directory_inode: inode of the new file's dentry's parent in ecryptfs
88 * @ecryptfs_dentry: New file's dentry in ecryptfs
89 * @mode: The mode of the new file
90 * @nd: nameidata of ecryptfs' parent's dentry & vfsmount
91 *
92 * Creates the underlying file and the eCryptfs inode which will link to
93 * it. It will also update the eCryptfs directory inode to mimic the
94 * stat of the lower directory inode.
95 *
96 * Returns zero on success; non-zero on error condition
97 */
98 static int
99 ecryptfs_do_create(struct inode *directory_inode,
100 struct dentry *ecryptfs_dentry, int mode,
101 struct nameidata *nd)
102 {
103 int rc;
104 struct dentry *lower_dentry;
105 struct dentry *lower_dir_dentry;
106
107 lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry);
108 lower_dir_dentry = lock_parent(lower_dentry);
109 if (IS_ERR(lower_dir_dentry)) {
110 ecryptfs_printk(KERN_ERR, "Error locking directory of "
111 "dentry\n");
112 rc = PTR_ERR(lower_dir_dentry);
113 goto out;
114 }
115 rc = ecryptfs_create_underlying_file(lower_dir_dentry->d_inode,
116 ecryptfs_dentry, mode, nd);
117 if (rc) {
118 printk(KERN_ERR "%s: Failure to create dentry in lower fs; "
119 "rc = [%d]\n", __func__, rc);
120 goto out_lock;
121 }
122 rc = ecryptfs_interpose(lower_dentry, ecryptfs_dentry,
123 directory_inode->i_sb, 0);
124 if (rc) {
125 ecryptfs_printk(KERN_ERR, "Failure in ecryptfs_interpose\n");
126 goto out_lock;
127 }
128 fsstack_copy_attr_times(directory_inode, lower_dir_dentry->d_inode);
129 fsstack_copy_inode_size(directory_inode, lower_dir_dentry->d_inode);
130 out_lock:
131 unlock_dir(lower_dir_dentry);
132 out:
133 return rc;
134 }
135
136 /**
137 * grow_file
138 * @ecryptfs_dentry: the eCryptfs dentry
139 *
140 * This is the code which will grow the file to its correct size.
141 */
142 static int grow_file(struct dentry *ecryptfs_dentry)
143 {
144 struct inode *ecryptfs_inode = ecryptfs_dentry->d_inode;
145 struct file fake_file;
146 struct ecryptfs_file_info tmp_file_info;
147 char zero_virt[] = { 0x00 };
148 int rc = 0;
149
150 memset(&fake_file, 0, sizeof(fake_file));
151 fake_file.f_path.dentry = ecryptfs_dentry;
152 memset(&tmp_file_info, 0, sizeof(tmp_file_info));
153 ecryptfs_set_file_private(&fake_file, &tmp_file_info);
154 ecryptfs_set_file_lower(
155 &fake_file,
156 ecryptfs_inode_to_private(ecryptfs_inode)->lower_file);
157 rc = ecryptfs_write(&fake_file, zero_virt, 0, 1);
158 i_size_write(ecryptfs_inode, 0);
159 rc = ecryptfs_write_inode_size_to_metadata(ecryptfs_inode);
160 ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat.flags |=
161 ECRYPTFS_NEW_FILE;
162 return rc;
163 }
164
165 /**
166 * ecryptfs_initialize_file
167 *
168 * Cause the file to be changed from a basic empty file to an ecryptfs
169 * file with a header and first data page.
170 *
171 * Returns zero on success
172 */
173 static int ecryptfs_initialize_file(struct dentry *ecryptfs_dentry)
174 {
175 struct ecryptfs_crypt_stat *crypt_stat =
176 &ecryptfs_inode_to_private(ecryptfs_dentry->d_inode)->crypt_stat;
177 int rc = 0;
178
179 if (S_ISDIR(ecryptfs_dentry->d_inode->i_mode)) {
180 ecryptfs_printk(KERN_DEBUG, "This is a directory\n");
181 crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
182 goto out;
183 }
184 crypt_stat->flags |= ECRYPTFS_NEW_FILE;
185 ecryptfs_printk(KERN_DEBUG, "Initializing crypto context\n");
186 rc = ecryptfs_new_file_context(ecryptfs_dentry);
187 if (rc) {
188 ecryptfs_printk(KERN_ERR, "Error creating new file "
189 "context; rc = [%d]\n", rc);
190 goto out;
191 }
192 if (!ecryptfs_inode_to_private(ecryptfs_dentry->d_inode)->lower_file) {
193 rc = ecryptfs_init_persistent_file(ecryptfs_dentry);
194 if (rc) {
195 printk(KERN_ERR "%s: Error attempting to initialize "
196 "the persistent file for the dentry with name "
197 "[%s]; rc = [%d]\n", __func__,
198 ecryptfs_dentry->d_name.name, rc);
199 goto out;
200 }
201 }
202 rc = ecryptfs_write_metadata(ecryptfs_dentry);
203 if (rc) {
204 printk(KERN_ERR "Error writing headers; rc = [%d]\n", rc);
205 goto out;
206 }
207 rc = grow_file(ecryptfs_dentry);
208 if (rc)
209 printk(KERN_ERR "Error growing file; rc = [%d]\n", rc);
210 out:
211 return rc;
212 }
213
214 /**
215 * ecryptfs_create
216 * @dir: The inode of the directory in which to create the file.
217 * @dentry: The eCryptfs dentry
218 * @mode: The mode of the new file.
219 * @nd: nameidata
220 *
221 * Creates a new file.
222 *
223 * Returns zero on success; non-zero on error condition
224 */
225 static int
226 ecryptfs_create(struct inode *directory_inode, struct dentry *ecryptfs_dentry,
227 int mode, struct nameidata *nd)
228 {
229 int rc;
230
231 /* ecryptfs_do_create() calls ecryptfs_interpose() */
232 rc = ecryptfs_do_create(directory_inode, ecryptfs_dentry, mode, nd);
233 if (unlikely(rc)) {
234 ecryptfs_printk(KERN_WARNING, "Failed to create file in"
235 "lower filesystem\n");
236 goto out;
237 }
238 /* At this point, a file exists on "disk"; we need to make sure
239 * that this on disk file is prepared to be an ecryptfs file */
240 rc = ecryptfs_initialize_file(ecryptfs_dentry);
241 out:
242 return rc;
243 }
244
245 /**
246 * ecryptfs_lookup_and_interpose_lower - Perform a lookup
247 */
248 int ecryptfs_lookup_and_interpose_lower(struct dentry *ecryptfs_dentry,
249 struct dentry *lower_dentry,
250 struct inode *ecryptfs_dir_inode,
251 struct nameidata *ecryptfs_nd)
252 {
253 struct dentry *lower_dir_dentry;
254 struct vfsmount *lower_mnt;
255 struct inode *lower_inode;
256 struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
257 struct ecryptfs_crypt_stat *crypt_stat;
258 char *page_virt = NULL;
259 u64 file_size;
260 int rc = 0;
261
262 lower_dir_dentry = lower_dentry->d_parent;
263 lower_mnt = mntget(ecryptfs_dentry_to_lower_mnt(
264 ecryptfs_dentry->d_parent));
265 lower_inode = lower_dentry->d_inode;
266 fsstack_copy_attr_atime(ecryptfs_dir_inode, lower_dir_dentry->d_inode);
267 BUG_ON(!atomic_read(&lower_dentry->d_count));
268 ecryptfs_set_dentry_private(ecryptfs_dentry,
269 kmem_cache_alloc(ecryptfs_dentry_info_cache,
270 GFP_KERNEL));
271 if (!ecryptfs_dentry_to_private(ecryptfs_dentry)) {
272 rc = -ENOMEM;
273 printk(KERN_ERR "%s: Out of memory whilst attempting "
274 "to allocate ecryptfs_dentry_info struct\n",
275 __func__);
276 goto out_put;
277 }
278 ecryptfs_set_dentry_lower(ecryptfs_dentry, lower_dentry);
279 ecryptfs_set_dentry_lower_mnt(ecryptfs_dentry, lower_mnt);
280 if (!lower_dentry->d_inode) {
281 /* We want to add because we couldn't find in lower */
282 d_add(ecryptfs_dentry, NULL);
283 goto out;
284 }
285 rc = ecryptfs_interpose(lower_dentry, ecryptfs_dentry,
286 ecryptfs_dir_inode->i_sb,
287 ECRYPTFS_INTERPOSE_FLAG_D_ADD);
288 if (rc) {
289 printk(KERN_ERR "%s: Error interposing; rc = [%d]\n",
290 __func__, rc);
291 goto out;
292 }
293 if (S_ISDIR(lower_inode->i_mode))
294 goto out;
295 if (S_ISLNK(lower_inode->i_mode))
296 goto out;
297 if (special_file(lower_inode->i_mode))
298 goto out;
299 if (!ecryptfs_nd)
300 goto out;
301 /* Released in this function */
302 page_virt = kmem_cache_zalloc(ecryptfs_header_cache_2, GFP_USER);
303 if (!page_virt) {
304 printk(KERN_ERR "%s: Cannot kmem_cache_zalloc() a page\n",
305 __func__);
306 rc = -ENOMEM;
307 goto out;
308 }
309 if (!ecryptfs_inode_to_private(ecryptfs_dentry->d_inode)->lower_file) {
310 rc = ecryptfs_init_persistent_file(ecryptfs_dentry);
311 if (rc) {
312 printk(KERN_ERR "%s: Error attempting to initialize "
313 "the persistent file for the dentry with name "
314 "[%s]; rc = [%d]\n", __func__,
315 ecryptfs_dentry->d_name.name, rc);
316 goto out_free_kmem;
317 }
318 }
319 crypt_stat = &ecryptfs_inode_to_private(
320 ecryptfs_dentry->d_inode)->crypt_stat;
321 /* TODO: lock for crypt_stat comparison */
322 if (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED))
323 ecryptfs_set_default_sizes(crypt_stat);
324 rc = ecryptfs_read_and_validate_header_region(page_virt,
325 ecryptfs_dentry->d_inode);
326 if (rc) {
327 memset(page_virt, 0, PAGE_CACHE_SIZE);
328 rc = ecryptfs_read_and_validate_xattr_region(page_virt,
329 ecryptfs_dentry);
330 if (rc) {
331 rc = 0;
332 goto out_free_kmem;
333 }
334 crypt_stat->flags |= ECRYPTFS_METADATA_IN_XATTR;
335 }
336 mount_crypt_stat = &ecryptfs_superblock_to_private(
337 ecryptfs_dentry->d_sb)->mount_crypt_stat;
338 if (mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED) {
339 if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR)
340 file_size = (crypt_stat->metadata_size
341 + i_size_read(lower_dentry->d_inode));
342 else
343 file_size = i_size_read(lower_dentry->d_inode);
344 } else {
345 file_size = get_unaligned_be64(page_virt);
346 }
347 i_size_write(ecryptfs_dentry->d_inode, (loff_t)file_size);
348 out_free_kmem:
349 kmem_cache_free(ecryptfs_header_cache_2, page_virt);
350 goto out;
351 out_put:
352 dput(lower_dentry);
353 mntput(lower_mnt);
354 d_drop(ecryptfs_dentry);
355 out:
356 return rc;
357 }
358
359 /**
360 * ecryptfs_lookup
361 * @ecryptfs_dir_inode: The eCryptfs directory inode
362 * @ecryptfs_dentry: The eCryptfs dentry that we are looking up
363 * @ecryptfs_nd: nameidata; may be NULL
364 *
365 * Find a file on disk. If the file does not exist, then we'll add it to the
366 * dentry cache and continue on to read it from the disk.
367 */
368 static struct dentry *ecryptfs_lookup(struct inode *ecryptfs_dir_inode,
369 struct dentry *ecryptfs_dentry,
370 struct nameidata *ecryptfs_nd)
371 {
372 char *encrypted_and_encoded_name = NULL;
373 size_t encrypted_and_encoded_name_size;
374 struct ecryptfs_mount_crypt_stat *mount_crypt_stat = NULL;
375 struct dentry *lower_dir_dentry, *lower_dentry;
376 int rc = 0;
377
378 ecryptfs_dentry->d_op = &ecryptfs_dops;
379 if ((ecryptfs_dentry->d_name.len == 1
380 && !strcmp(ecryptfs_dentry->d_name.name, "."))
381 || (ecryptfs_dentry->d_name.len == 2
382 && !strcmp(ecryptfs_dentry->d_name.name, ".."))) {
383 goto out_d_drop;
384 }
385 lower_dir_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry->d_parent);
386 mutex_lock(&lower_dir_dentry->d_inode->i_mutex);
387 lower_dentry = lookup_one_len(ecryptfs_dentry->d_name.name,
388 lower_dir_dentry,
389 ecryptfs_dentry->d_name.len);
390 mutex_unlock(&lower_dir_dentry->d_inode->i_mutex);
391 if (IS_ERR(lower_dentry)) {
392 rc = PTR_ERR(lower_dentry);
393 ecryptfs_printk(KERN_DEBUG, "%s: lookup_one_len() returned "
394 "[%d] on lower_dentry = [%s]\n", __func__, rc,
395 encrypted_and_encoded_name);
396 goto out_d_drop;
397 }
398 if (lower_dentry->d_inode)
399 goto lookup_and_interpose;
400 mount_crypt_stat = &ecryptfs_superblock_to_private(
401 ecryptfs_dentry->d_sb)->mount_crypt_stat;
402 if (!(mount_crypt_stat
403 && (mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES)))
404 goto lookup_and_interpose;
405 dput(lower_dentry);
406 rc = ecryptfs_encrypt_and_encode_filename(
407 &encrypted_and_encoded_name, &encrypted_and_encoded_name_size,
408 NULL, mount_crypt_stat, ecryptfs_dentry->d_name.name,
409 ecryptfs_dentry->d_name.len);
410 if (rc) {
411 printk(KERN_ERR "%s: Error attempting to encrypt and encode "
412 "filename; rc = [%d]\n", __func__, rc);
413 goto out_d_drop;
414 }
415 mutex_lock(&lower_dir_dentry->d_inode->i_mutex);
416 lower_dentry = lookup_one_len(encrypted_and_encoded_name,
417 lower_dir_dentry,
418 encrypted_and_encoded_name_size - 1);
419 mutex_unlock(&lower_dir_dentry->d_inode->i_mutex);
420 if (IS_ERR(lower_dentry)) {
421 rc = PTR_ERR(lower_dentry);
422 ecryptfs_printk(KERN_DEBUG, "%s: lookup_one_len() returned "
423 "[%d] on lower_dentry = [%s]\n", __func__, rc,
424 encrypted_and_encoded_name);
425 goto out_d_drop;
426 }
427 lookup_and_interpose:
428 rc = ecryptfs_lookup_and_interpose_lower(ecryptfs_dentry, lower_dentry,
429 ecryptfs_dir_inode,
430 ecryptfs_nd);
431 goto out;
432 out_d_drop:
433 d_drop(ecryptfs_dentry);
434 out:
435 kfree(encrypted_and_encoded_name);
436 return ERR_PTR(rc);
437 }
438
439 static int ecryptfs_link(struct dentry *old_dentry, struct inode *dir,
440 struct dentry *new_dentry)
441 {
442 struct dentry *lower_old_dentry;
443 struct dentry *lower_new_dentry;
444 struct dentry *lower_dir_dentry;
445 u64 file_size_save;
446 int rc;
447
448 file_size_save = i_size_read(old_dentry->d_inode);
449 lower_old_dentry = ecryptfs_dentry_to_lower(old_dentry);
450 lower_new_dentry = ecryptfs_dentry_to_lower(new_dentry);
451 dget(lower_old_dentry);
452 dget(lower_new_dentry);
453 lower_dir_dentry = lock_parent(lower_new_dentry);
454 rc = vfs_link(lower_old_dentry, lower_dir_dentry->d_inode,
455 lower_new_dentry);
456 if (rc || !lower_new_dentry->d_inode)
457 goto out_lock;
458 rc = ecryptfs_interpose(lower_new_dentry, new_dentry, dir->i_sb, 0);
459 if (rc)
460 goto out_lock;
461 fsstack_copy_attr_times(dir, lower_dir_dentry->d_inode);
462 fsstack_copy_inode_size(dir, lower_dir_dentry->d_inode);
463 old_dentry->d_inode->i_nlink =
464 ecryptfs_inode_to_lower(old_dentry->d_inode)->i_nlink;
465 i_size_write(new_dentry->d_inode, file_size_save);
466 out_lock:
467 unlock_dir(lower_dir_dentry);
468 dput(lower_new_dentry);
469 dput(lower_old_dentry);
470 return rc;
471 }
472
473 static int ecryptfs_unlink(struct inode *dir, struct dentry *dentry)
474 {
475 int rc = 0;
476 struct dentry *lower_dentry = ecryptfs_dentry_to_lower(dentry);
477 struct inode *lower_dir_inode = ecryptfs_inode_to_lower(dir);
478 struct dentry *lower_dir_dentry;
479
480 dget(lower_dentry);
481 lower_dir_dentry = lock_parent(lower_dentry);
482 rc = vfs_unlink(lower_dir_inode, lower_dentry);
483 if (rc) {
484 printk(KERN_ERR "Error in vfs_unlink; rc = [%d]\n", rc);
485 goto out_unlock;
486 }
487 fsstack_copy_attr_times(dir, lower_dir_inode);
488 dentry->d_inode->i_nlink =
489 ecryptfs_inode_to_lower(dentry->d_inode)->i_nlink;
490 dentry->d_inode->i_ctime = dir->i_ctime;
491 d_drop(dentry);
492 out_unlock:
493 unlock_dir(lower_dir_dentry);
494 dput(lower_dentry);
495 return rc;
496 }
497
498 static int ecryptfs_symlink(struct inode *dir, struct dentry *dentry,
499 const char *symname)
500 {
501 int rc;
502 struct dentry *lower_dentry;
503 struct dentry *lower_dir_dentry;
504 char *encoded_symname;
505 size_t encoded_symlen;
506 struct ecryptfs_mount_crypt_stat *mount_crypt_stat = NULL;
507
508 lower_dentry = ecryptfs_dentry_to_lower(dentry);
509 dget(lower_dentry);
510 lower_dir_dentry = lock_parent(lower_dentry);
511 mount_crypt_stat = &ecryptfs_superblock_to_private(
512 dir->i_sb)->mount_crypt_stat;
513 rc = ecryptfs_encrypt_and_encode_filename(&encoded_symname,
514 &encoded_symlen,
515 NULL,
516 mount_crypt_stat, symname,
517 strlen(symname));
518 if (rc)
519 goto out_lock;
520 rc = vfs_symlink(lower_dir_dentry->d_inode, lower_dentry,
521 encoded_symname);
522 kfree(encoded_symname);
523 if (rc || !lower_dentry->d_inode)
524 goto out_lock;
525 rc = ecryptfs_interpose(lower_dentry, dentry, dir->i_sb, 0);
526 if (rc)
527 goto out_lock;
528 fsstack_copy_attr_times(dir, lower_dir_dentry->d_inode);
529 fsstack_copy_inode_size(dir, lower_dir_dentry->d_inode);
530 out_lock:
531 unlock_dir(lower_dir_dentry);
532 dput(lower_dentry);
533 if (!dentry->d_inode)
534 d_drop(dentry);
535 return rc;
536 }
537
538 static int ecryptfs_mkdir(struct inode *dir, struct dentry *dentry, int mode)
539 {
540 int rc;
541 struct dentry *lower_dentry;
542 struct dentry *lower_dir_dentry;
543
544 lower_dentry = ecryptfs_dentry_to_lower(dentry);
545 lower_dir_dentry = lock_parent(lower_dentry);
546 rc = vfs_mkdir(lower_dir_dentry->d_inode, lower_dentry, mode);
547 if (rc || !lower_dentry->d_inode)
548 goto out;
549 rc = ecryptfs_interpose(lower_dentry, dentry, dir->i_sb, 0);
550 if (rc)
551 goto out;
552 fsstack_copy_attr_times(dir, lower_dir_dentry->d_inode);
553 fsstack_copy_inode_size(dir, lower_dir_dentry->d_inode);
554 dir->i_nlink = lower_dir_dentry->d_inode->i_nlink;
555 out:
556 unlock_dir(lower_dir_dentry);
557 if (!dentry->d_inode)
558 d_drop(dentry);
559 return rc;
560 }
561
562 static int ecryptfs_rmdir(struct inode *dir, struct dentry *dentry)
563 {
564 struct dentry *lower_dentry;
565 struct dentry *lower_dir_dentry;
566 int rc;
567
568 lower_dentry = ecryptfs_dentry_to_lower(dentry);
569 dget(dentry);
570 lower_dir_dentry = lock_parent(lower_dentry);
571 dget(lower_dentry);
572 rc = vfs_rmdir(lower_dir_dentry->d_inode, lower_dentry);
573 dput(lower_dentry);
574 if (!rc)
575 d_delete(lower_dentry);
576 fsstack_copy_attr_times(dir, lower_dir_dentry->d_inode);
577 dir->i_nlink = lower_dir_dentry->d_inode->i_nlink;
578 unlock_dir(lower_dir_dentry);
579 if (!rc)
580 d_drop(dentry);
581 dput(dentry);
582 return rc;
583 }
584
585 static int
586 ecryptfs_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
587 {
588 int rc;
589 struct dentry *lower_dentry;
590 struct dentry *lower_dir_dentry;
591
592 lower_dentry = ecryptfs_dentry_to_lower(dentry);
593 lower_dir_dentry = lock_parent(lower_dentry);
594 rc = vfs_mknod(lower_dir_dentry->d_inode, lower_dentry, mode, dev);
595 if (rc || !lower_dentry->d_inode)
596 goto out;
597 rc = ecryptfs_interpose(lower_dentry, dentry, dir->i_sb, 0);
598 if (rc)
599 goto out;
600 fsstack_copy_attr_times(dir, lower_dir_dentry->d_inode);
601 fsstack_copy_inode_size(dir, lower_dir_dentry->d_inode);
602 out:
603 unlock_dir(lower_dir_dentry);
604 if (!dentry->d_inode)
605 d_drop(dentry);
606 return rc;
607 }
608
609 static int
610 ecryptfs_rename(struct inode *old_dir, struct dentry *old_dentry,
611 struct inode *new_dir, struct dentry *new_dentry)
612 {
613 int rc;
614 struct dentry *lower_old_dentry;
615 struct dentry *lower_new_dentry;
616 struct dentry *lower_old_dir_dentry;
617 struct dentry *lower_new_dir_dentry;
618 struct dentry *trap = NULL;
619
620 lower_old_dentry = ecryptfs_dentry_to_lower(old_dentry);
621 lower_new_dentry = ecryptfs_dentry_to_lower(new_dentry);
622 dget(lower_old_dentry);
623 dget(lower_new_dentry);
624 lower_old_dir_dentry = dget_parent(lower_old_dentry);
625 lower_new_dir_dentry = dget_parent(lower_new_dentry);
626 trap = lock_rename(lower_old_dir_dentry, lower_new_dir_dentry);
627 /* source should not be ancestor of target */
628 if (trap == lower_old_dentry) {
629 rc = -EINVAL;
630 goto out_lock;
631 }
632 /* target should not be ancestor of source */
633 if (trap == lower_new_dentry) {
634 rc = -ENOTEMPTY;
635 goto out_lock;
636 }
637 rc = vfs_rename(lower_old_dir_dentry->d_inode, lower_old_dentry,
638 lower_new_dir_dentry->d_inode, lower_new_dentry);
639 if (rc)
640 goto out_lock;
641 fsstack_copy_attr_all(new_dir, lower_new_dir_dentry->d_inode);
642 if (new_dir != old_dir)
643 fsstack_copy_attr_all(old_dir, lower_old_dir_dentry->d_inode);
644 out_lock:
645 unlock_rename(lower_old_dir_dentry, lower_new_dir_dentry);
646 dput(lower_new_dentry->d_parent);
647 dput(lower_old_dentry->d_parent);
648 dput(lower_new_dentry);
649 dput(lower_old_dentry);
650 return rc;
651 }
652
653 static int ecryptfs_readlink_lower(struct dentry *dentry, char **buf,
654 size_t *bufsiz)
655 {
656 struct dentry *lower_dentry = ecryptfs_dentry_to_lower(dentry);
657 char *lower_buf;
658 size_t lower_bufsiz = PATH_MAX;
659 mm_segment_t old_fs;
660 int rc;
661
662 lower_buf = kmalloc(lower_bufsiz, GFP_KERNEL);
663 if (!lower_buf) {
664 rc = -ENOMEM;
665 goto out;
666 }
667 old_fs = get_fs();
668 set_fs(get_ds());
669 rc = lower_dentry->d_inode->i_op->readlink(lower_dentry,
670 (char __user *)lower_buf,
671 lower_bufsiz);
672 set_fs(old_fs);
673 if (rc < 0)
674 goto out;
675 lower_bufsiz = rc;
676 rc = ecryptfs_decode_and_decrypt_filename(buf, bufsiz, dentry,
677 lower_buf, lower_bufsiz);
678 out:
679 kfree(lower_buf);
680 return rc;
681 }
682
683 static int
684 ecryptfs_readlink(struct dentry *dentry, char __user *buf, int bufsiz)
685 {
686 char *kbuf;
687 size_t kbufsiz, copied;
688 int rc;
689
690 rc = ecryptfs_readlink_lower(dentry, &kbuf, &kbufsiz);
691 if (rc)
692 goto out;
693 copied = min_t(size_t, bufsiz, kbufsiz);
694 rc = copy_to_user(buf, kbuf, copied) ? -EFAULT : copied;
695 kfree(kbuf);
696 fsstack_copy_attr_atime(dentry->d_inode,
697 ecryptfs_dentry_to_lower(dentry)->d_inode);
698 out:
699 return rc;
700 }
701
702 static void *ecryptfs_follow_link(struct dentry *dentry, struct nameidata *nd)
703 {
704 char *buf;
705 int len = PAGE_SIZE, rc;
706 mm_segment_t old_fs;
707
708 /* Released in ecryptfs_put_link(); only release here on error */
709 buf = kmalloc(len, GFP_KERNEL);
710 if (!buf) {
711 buf = ERR_PTR(-ENOMEM);
712 goto out;
713 }
714 old_fs = get_fs();
715 set_fs(get_ds());
716 rc = dentry->d_inode->i_op->readlink(dentry, (char __user *)buf, len);
717 set_fs(old_fs);
718 if (rc < 0) {
719 kfree(buf);
720 buf = ERR_PTR(rc);
721 } else
722 buf[rc] = '\0';
723 out:
724 nd_set_link(nd, buf);
725 return NULL;
726 }
727
728 static void
729 ecryptfs_put_link(struct dentry *dentry, struct nameidata *nd, void *ptr)
730 {
731 char *buf = nd_get_link(nd);
732 if (!IS_ERR(buf)) {
733 /* Free the char* */
734 kfree(buf);
735 }
736 }
737
738 /**
739 * upper_size_to_lower_size
740 * @crypt_stat: Crypt_stat associated with file
741 * @upper_size: Size of the upper file
742 *
743 * Calculate the required size of the lower file based on the
744 * specified size of the upper file. This calculation is based on the
745 * number of headers in the underlying file and the extent size.
746 *
747 * Returns Calculated size of the lower file.
748 */
749 static loff_t
750 upper_size_to_lower_size(struct ecryptfs_crypt_stat *crypt_stat,
751 loff_t upper_size)
752 {
753 loff_t lower_size;
754
755 lower_size = ecryptfs_lower_header_size(crypt_stat);
756 if (upper_size != 0) {
757 loff_t num_extents;
758
759 num_extents = upper_size >> crypt_stat->extent_shift;
760 if (upper_size & ~crypt_stat->extent_mask)
761 num_extents++;
762 lower_size += (num_extents * crypt_stat->extent_size);
763 }
764 return lower_size;
765 }
766
767 /**
768 * truncate_upper
769 * @dentry: The ecryptfs layer dentry
770 * @ia: Address of the ecryptfs inode's attributes
771 * @lower_ia: Address of the lower inode's attributes
772 *
773 * Function to handle truncations modifying the size of the file. Note
774 * that the file sizes are interpolated. When expanding, we are simply
775 * writing strings of 0's out. When truncating, we truncate the upper
776 * inode and update the lower_ia according to the page index
777 * interpolations. If ATTR_SIZE is set in lower_ia->ia_valid upon return,
778 * the caller must use lower_ia in a call to notify_change() to perform
779 * the truncation of the lower inode.
780 *
781 * Returns zero on success; non-zero otherwise
782 */
783 static int truncate_upper(struct dentry *dentry, struct iattr *ia,
784 struct iattr *lower_ia)
785 {
786 int rc = 0;
787 struct inode *inode = dentry->d_inode;
788 struct dentry *lower_dentry;
789 struct file fake_ecryptfs_file;
790 struct ecryptfs_crypt_stat *crypt_stat;
791 loff_t i_size = i_size_read(inode);
792 loff_t lower_size_before_truncate;
793 loff_t lower_size_after_truncate;
794
795 if (unlikely((ia->ia_size == i_size))) {
796 lower_ia->ia_valid &= ~ATTR_SIZE;
797 goto out;
798 }
799 crypt_stat = &ecryptfs_inode_to_private(dentry->d_inode)->crypt_stat;
800 /* Set up a fake ecryptfs file, this is used to interface with
801 * the file in the underlying filesystem so that the
802 * truncation has an effect there as well. */
803 memset(&fake_ecryptfs_file, 0, sizeof(fake_ecryptfs_file));
804 fake_ecryptfs_file.f_path.dentry = dentry;
805 /* Released at out_free: label */
806 ecryptfs_set_file_private(&fake_ecryptfs_file,
807 kmem_cache_alloc(ecryptfs_file_info_cache,
808 GFP_KERNEL));
809 if (unlikely(!ecryptfs_file_to_private(&fake_ecryptfs_file))) {
810 rc = -ENOMEM;
811 goto out;
812 }
813 lower_dentry = ecryptfs_dentry_to_lower(dentry);
814 ecryptfs_set_file_lower(
815 &fake_ecryptfs_file,
816 ecryptfs_inode_to_private(dentry->d_inode)->lower_file);
817 /* Switch on growing or shrinking file */
818 if (ia->ia_size > i_size) {
819 char zero[] = { 0x00 };
820
821 lower_ia->ia_valid &= ~ATTR_SIZE;
822 /* Write a single 0 at the last position of the file;
823 * this triggers code that will fill in 0's throughout
824 * the intermediate portion of the previous end of the
825 * file and the new and of the file */
826 rc = ecryptfs_write(&fake_ecryptfs_file, zero,
827 (ia->ia_size - 1), 1);
828 } else { /* ia->ia_size < i_size_read(inode) */
829 /* We're chopping off all the pages down to the page
830 * in which ia->ia_size is located. Fill in the end of
831 * that page from (ia->ia_size & ~PAGE_CACHE_MASK) to
832 * PAGE_CACHE_SIZE with zeros. */
833 size_t num_zeros = (PAGE_CACHE_SIZE
834 - (ia->ia_size & ~PAGE_CACHE_MASK));
835
836 if (!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) {
837 rc = vmtruncate(inode, ia->ia_size);
838 if (rc)
839 goto out_free;
840 lower_ia->ia_size = ia->ia_size;
841 lower_ia->ia_valid |= ATTR_SIZE;
842 goto out_free;
843 }
844 if (num_zeros) {
845 char *zeros_virt;
846
847 zeros_virt = kzalloc(num_zeros, GFP_KERNEL);
848 if (!zeros_virt) {
849 rc = -ENOMEM;
850 goto out_free;
851 }
852 rc = ecryptfs_write(&fake_ecryptfs_file, zeros_virt,
853 ia->ia_size, num_zeros);
854 kfree(zeros_virt);
855 if (rc) {
856 printk(KERN_ERR "Error attempting to zero out "
857 "the remainder of the end page on "
858 "reducing truncate; rc = [%d]\n", rc);
859 goto out_free;
860 }
861 }
862 vmtruncate(inode, ia->ia_size);
863 rc = ecryptfs_write_inode_size_to_metadata(inode);
864 if (rc) {
865 printk(KERN_ERR "Problem with "
866 "ecryptfs_write_inode_size_to_metadata; "
867 "rc = [%d]\n", rc);
868 goto out_free;
869 }
870 /* We are reducing the size of the ecryptfs file, and need to
871 * know if we need to reduce the size of the lower file. */
872 lower_size_before_truncate =
873 upper_size_to_lower_size(crypt_stat, i_size);
874 lower_size_after_truncate =
875 upper_size_to_lower_size(crypt_stat, ia->ia_size);
876 if (lower_size_after_truncate < lower_size_before_truncate) {
877 lower_ia->ia_size = lower_size_after_truncate;
878 lower_ia->ia_valid |= ATTR_SIZE;
879 } else
880 lower_ia->ia_valid &= ~ATTR_SIZE;
881 }
882 out_free:
883 if (ecryptfs_file_to_private(&fake_ecryptfs_file))
884 kmem_cache_free(ecryptfs_file_info_cache,
885 ecryptfs_file_to_private(&fake_ecryptfs_file));
886 out:
887 return rc;
888 }
889
890 /**
891 * ecryptfs_truncate
892 * @dentry: The ecryptfs layer dentry
893 * @new_length: The length to expand the file to
894 *
895 * Simple function that handles the truncation of an eCryptfs inode and
896 * its corresponding lower inode.
897 *
898 * Returns zero on success; non-zero otherwise
899 */
900 int ecryptfs_truncate(struct dentry *dentry, loff_t new_length)
901 {
902 struct iattr ia = { .ia_valid = ATTR_SIZE, .ia_size = new_length };
903 struct iattr lower_ia = { .ia_valid = 0 };
904 int rc;
905
906 rc = truncate_upper(dentry, &ia, &lower_ia);
907 if (!rc && lower_ia.ia_valid & ATTR_SIZE) {
908 struct dentry *lower_dentry = ecryptfs_dentry_to_lower(dentry);
909
910 mutex_lock(&lower_dentry->d_inode->i_mutex);
911 rc = notify_change(lower_dentry, &lower_ia);
912 mutex_unlock(&lower_dentry->d_inode->i_mutex);
913 }
914 return rc;
915 }
916
917 static int
918 ecryptfs_permission(struct inode *inode, int mask)
919 {
920 return inode_permission(ecryptfs_inode_to_lower(inode), mask);
921 }
922
923 /**
924 * ecryptfs_setattr
925 * @dentry: dentry handle to the inode to modify
926 * @ia: Structure with flags of what to change and values
927 *
928 * Updates the metadata of an inode. If the update is to the size
929 * i.e. truncation, then ecryptfs_truncate will handle the size modification
930 * of both the ecryptfs inode and the lower inode.
931 *
932 * All other metadata changes will be passed right to the lower filesystem,
933 * and we will just update our inode to look like the lower.
934 */
935 static int ecryptfs_setattr(struct dentry *dentry, struct iattr *ia)
936 {
937 int rc = 0;
938 struct dentry *lower_dentry;
939 struct iattr lower_ia;
940 struct inode *inode;
941 struct inode *lower_inode;
942 struct ecryptfs_crypt_stat *crypt_stat;
943
944 crypt_stat = &ecryptfs_inode_to_private(dentry->d_inode)->crypt_stat;
945 if (!(crypt_stat->flags & ECRYPTFS_STRUCT_INITIALIZED))
946 ecryptfs_init_crypt_stat(crypt_stat);
947 inode = dentry->d_inode;
948 lower_inode = ecryptfs_inode_to_lower(inode);
949 lower_dentry = ecryptfs_dentry_to_lower(dentry);
950 mutex_lock(&crypt_stat->cs_mutex);
951 if (S_ISDIR(dentry->d_inode->i_mode))
952 crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
953 else if (S_ISREG(dentry->d_inode->i_mode)
954 && (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED)
955 || !(crypt_stat->flags & ECRYPTFS_KEY_VALID))) {
956 struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
957
958 mount_crypt_stat = &ecryptfs_superblock_to_private(
959 dentry->d_sb)->mount_crypt_stat;
960 rc = ecryptfs_read_metadata(dentry);
961 if (rc) {
962 if (!(mount_crypt_stat->flags
963 & ECRYPTFS_PLAINTEXT_PASSTHROUGH_ENABLED)) {
964 rc = -EIO;
965 printk(KERN_WARNING "Either the lower file "
966 "is not in a valid eCryptfs format, "
967 "or the key could not be retrieved. "
968 "Plaintext passthrough mode is not "
969 "enabled; returning -EIO\n");
970 mutex_unlock(&crypt_stat->cs_mutex);
971 goto out;
972 }
973 rc = 0;
974 crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
975 }
976 }
977 mutex_unlock(&crypt_stat->cs_mutex);
978 memcpy(&lower_ia, ia, sizeof(lower_ia));
979 if (ia->ia_valid & ATTR_FILE)
980 lower_ia.ia_file = ecryptfs_file_to_lower(ia->ia_file);
981 if (ia->ia_valid & ATTR_SIZE) {
982 rc = truncate_upper(dentry, ia, &lower_ia);
983 if (rc < 0)
984 goto out;
985 }
986
987 /*
988 * mode change is for clearing setuid/setgid bits. Allow lower fs
989 * to interpret this in its own way.
990 */
991 if (lower_ia.ia_valid & (ATTR_KILL_SUID | ATTR_KILL_SGID))
992 lower_ia.ia_valid &= ~ATTR_MODE;
993
994 mutex_lock(&lower_dentry->d_inode->i_mutex);
995 rc = notify_change(lower_dentry, &lower_ia);
996 mutex_unlock(&lower_dentry->d_inode->i_mutex);
997 out:
998 fsstack_copy_attr_all(inode, lower_inode);
999 return rc;
1000 }
1001
1002 int ecryptfs_getattr_link(struct vfsmount *mnt, struct dentry *dentry,
1003 struct kstat *stat)
1004 {
1005 struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
1006 int rc = 0;
1007
1008 mount_crypt_stat = &ecryptfs_superblock_to_private(
1009 dentry->d_sb)->mount_crypt_stat;
1010 generic_fillattr(dentry->d_inode, stat);
1011 if (mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES) {
1012 char *target;
1013 size_t targetsiz;
1014
1015 rc = ecryptfs_readlink_lower(dentry, &target, &targetsiz);
1016 if (!rc) {
1017 kfree(target);
1018 stat->size = targetsiz;
1019 }
1020 }
1021 return rc;
1022 }
1023
1024 int ecryptfs_getattr(struct vfsmount *mnt, struct dentry *dentry,
1025 struct kstat *stat)
1026 {
1027 struct kstat lower_stat;
1028 int rc;
1029
1030 rc = vfs_getattr(ecryptfs_dentry_to_lower_mnt(dentry),
1031 ecryptfs_dentry_to_lower(dentry), &lower_stat);
1032 if (!rc) {
1033 generic_fillattr(dentry->d_inode, stat);
1034 stat->blocks = lower_stat.blocks;
1035 }
1036 return rc;
1037 }
1038
1039 int
1040 ecryptfs_setxattr(struct dentry *dentry, const char *name, const void *value,
1041 size_t size, int flags)
1042 {
1043 int rc = 0;
1044 struct dentry *lower_dentry;
1045
1046 lower_dentry = ecryptfs_dentry_to_lower(dentry);
1047 if (!lower_dentry->d_inode->i_op->setxattr) {
1048 rc = -EOPNOTSUPP;
1049 goto out;
1050 }
1051 mutex_lock(&lower_dentry->d_inode->i_mutex);
1052 rc = lower_dentry->d_inode->i_op->setxattr(lower_dentry, name, value,
1053 size, flags);
1054 mutex_unlock(&lower_dentry->d_inode->i_mutex);
1055 out:
1056 return rc;
1057 }
1058
1059 ssize_t
1060 ecryptfs_getxattr_lower(struct dentry *lower_dentry, const char *name,
1061 void *value, size_t size)
1062 {
1063 int rc = 0;
1064
1065 if (!lower_dentry->d_inode->i_op->getxattr) {
1066 rc = -EOPNOTSUPP;
1067 goto out;
1068 }
1069 mutex_lock(&lower_dentry->d_inode->i_mutex);
1070 rc = lower_dentry->d_inode->i_op->getxattr(lower_dentry, name, value,
1071 size);
1072 mutex_unlock(&lower_dentry->d_inode->i_mutex);
1073 out:
1074 return rc;
1075 }
1076
1077 static ssize_t
1078 ecryptfs_getxattr(struct dentry *dentry, const char *name, void *value,
1079 size_t size)
1080 {
1081 return ecryptfs_getxattr_lower(ecryptfs_dentry_to_lower(dentry), name,
1082 value, size);
1083 }
1084
1085 static ssize_t
1086 ecryptfs_listxattr(struct dentry *dentry, char *list, size_t size)
1087 {
1088 int rc = 0;
1089 struct dentry *lower_dentry;
1090
1091 lower_dentry = ecryptfs_dentry_to_lower(dentry);
1092 if (!lower_dentry->d_inode->i_op->listxattr) {
1093 rc = -EOPNOTSUPP;
1094 goto out;
1095 }
1096 mutex_lock(&lower_dentry->d_inode->i_mutex);
1097 rc = lower_dentry->d_inode->i_op->listxattr(lower_dentry, list, size);
1098 mutex_unlock(&lower_dentry->d_inode->i_mutex);
1099 out:
1100 return rc;
1101 }
1102
1103 static int ecryptfs_removexattr(struct dentry *dentry, const char *name)
1104 {
1105 int rc = 0;
1106 struct dentry *lower_dentry;
1107
1108 lower_dentry = ecryptfs_dentry_to_lower(dentry);
1109 if (!lower_dentry->d_inode->i_op->removexattr) {
1110 rc = -EOPNOTSUPP;
1111 goto out;
1112 }
1113 mutex_lock(&lower_dentry->d_inode->i_mutex);
1114 rc = lower_dentry->d_inode->i_op->removexattr(lower_dentry, name);
1115 mutex_unlock(&lower_dentry->d_inode->i_mutex);
1116 out:
1117 return rc;
1118 }
1119
1120 int ecryptfs_inode_test(struct inode *inode, void *candidate_lower_inode)
1121 {
1122 if ((ecryptfs_inode_to_lower(inode)
1123 == (struct inode *)candidate_lower_inode))
1124 return 1;
1125 else
1126 return 0;
1127 }
1128
1129 int ecryptfs_inode_set(struct inode *inode, void *lower_inode)
1130 {
1131 ecryptfs_init_inode(inode, (struct inode *)lower_inode);
1132 return 0;
1133 }
1134
1135 const struct inode_operations ecryptfs_symlink_iops = {
1136 .readlink = ecryptfs_readlink,
1137 .follow_link = ecryptfs_follow_link,
1138 .put_link = ecryptfs_put_link,
1139 .permission = ecryptfs_permission,
1140 .setattr = ecryptfs_setattr,
1141 .getattr = ecryptfs_getattr_link,
1142 .setxattr = ecryptfs_setxattr,
1143 .getxattr = ecryptfs_getxattr,
1144 .listxattr = ecryptfs_listxattr,
1145 .removexattr = ecryptfs_removexattr
1146 };
1147
1148 const struct inode_operations ecryptfs_dir_iops = {
1149 .create = ecryptfs_create,
1150 .lookup = ecryptfs_lookup,
1151 .link = ecryptfs_link,
1152 .unlink = ecryptfs_unlink,
1153 .symlink = ecryptfs_symlink,
1154 .mkdir = ecryptfs_mkdir,
1155 .rmdir = ecryptfs_rmdir,
1156 .mknod = ecryptfs_mknod,
1157 .rename = ecryptfs_rename,
1158 .permission = ecryptfs_permission,
1159 .setattr = ecryptfs_setattr,
1160 .setxattr = ecryptfs_setxattr,
1161 .getxattr = ecryptfs_getxattr,
1162 .listxattr = ecryptfs_listxattr,
1163 .removexattr = ecryptfs_removexattr
1164 };
1165
1166 const struct inode_operations ecryptfs_main_iops = {
1167 .permission = ecryptfs_permission,
1168 .setattr = ecryptfs_setattr,
1169 .getattr = ecryptfs_getattr,
1170 .setxattr = ecryptfs_setxattr,
1171 .getxattr = ecryptfs_getxattr,
1172 .listxattr = ecryptfs_listxattr,
1173 .removexattr = ecryptfs_removexattr
1174 };
Linux 2.6 ibm-acpi/thinkpad-acpi driver git tree