LXR linux/fs/ecryptfs/file.c

   1/**
   2 * eCryptfs: Linux filesystem encryption layer
   3 *
   4 * Copyright (C) 1997-2004 Erez Zadok
   5 * Copyright (C) 2001-2004 Stony Brook University
   6 * Copyright (C) 2004-2007 International Business Machines Corp.
   7 *   Author(s): Michael A. Halcrow <mhalcrow@us.ibm.com>
   8 *              Michael C. Thompson <mcthomps@us.ibm.com>
   9 *
  10 * This program is free software; you can redistribute it and/or
  11 * modify it under the terms of the GNU General Public License as
  12 * published by the Free Software Foundation; either version 2 of the
  13 * License, or (at your option) any later version.
  14 *
  15 * This program is distributed in the hope that it will be useful, but
  16 * WITHOUT ANY WARRANTY; without even the implied warranty of
  17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  18 * General Public License for more details.
  19 *
  20 * You should have received a copy of the GNU General Public License
  21 * along with this program; if not, write to the Free Software
  22 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
  23 * 02111-1307, USA.
  24 */
  25
  26#include <linux/file.h>
  27#include <linux/poll.h>
  28#include <linux/mount.h>
  29#include <linux/pagemap.h>
  30#include <linux/security.h>
  31#include <linux/compat.h>
  32#include <linux/fs_stack.h>
  33#include "ecryptfs_kernel.h"
  34
  35/**
  36 * ecryptfs_read_update_atime
  37 *
  38 * generic_file_read updates the atime of upper layer inode.  But, it
  39 * doesn't give us a chance to update the atime of the lower layer
  40 * inode.  This function is a wrapper to generic_file_read.  It
  41 * updates the atime of the lower level inode if generic_file_read
  42 * returns without any errors. This is to be used only for file reads.
  43 * The function to be used for directory reads is ecryptfs_read.
  44 */
  45static ssize_t ecryptfs_read_update_atime(struct kiocb *iocb,
  46                                const struct iovec *iov,
  47                                unsigned long nr_segs, loff_t pos)
  48{
  49        int rc;
  50        struct dentry *lower_dentry;
  51        struct vfsmount *lower_vfsmount;
  52        struct file *file = iocb->ki_filp;
  53
  54        rc = generic_file_aio_read(iocb, iov, nr_segs, pos);
  55        /*
  56         * Even though this is a async interface, we need to wait
  57         * for IO to finish to update atime
  58         */
  59        if (-EIOCBQUEUED == rc)
  60                rc = wait_on_sync_kiocb(iocb);
  61        if (rc >= 0) {
  62                lower_dentry = ecryptfs_dentry_to_lower(file->f_path.dentry);
  63                lower_vfsmount = ecryptfs_dentry_to_lower_mnt(file->f_path.dentry);
  64                touch_atime(lower_vfsmount, lower_dentry);
  65        }
  66        return rc;
  67}
  68
  69struct ecryptfs_getdents_callback {
  70        void *dirent;
  71        struct dentry *dentry;
  72        filldir_t filldir;
  73        int err;
  74        int filldir_called;
  75        int entries_written;
  76};
  77
  78/* Inspired by generic filldir in fs/readir.c */
  79static int
  80ecryptfs_filldir(void *dirent, const char *name, int namelen, loff_t offset,
  81                 u64 ino, unsigned int d_type)
  82{
  83        struct ecryptfs_crypt_stat *crypt_stat;
  84        struct ecryptfs_getdents_callback *buf =
  85            (struct ecryptfs_getdents_callback *)dirent;
  86        int rc;
  87        int decoded_length;
  88        char *decoded_name;
  89
  90        crypt_stat = ecryptfs_dentry_to_private(buf->dentry)->crypt_stat;
  91        buf->filldir_called++;
  92        decoded_length = ecryptfs_decode_filename(crypt_stat, name, namelen,
  93                                                  &decoded_name);
  94        if (decoded_length < 0) {
  95                rc = decoded_length;
  96                goto out;
  97        }
  98        rc = buf->filldir(buf->dirent, decoded_name, decoded_length, offset,
  99                          ino, d_type);
 100        kfree(decoded_name);
 101        if (rc >= 0)
 102                buf->entries_written++;
 103out:
 104        return rc;
 105}
 106
 107/**
 108 * ecryptfs_readdir
 109 * @file: The ecryptfs file struct
 110 * @dirent: Directory entry
 111 * @filldir: The filldir callback function
 112 */
 113static int ecryptfs_readdir(struct file *file, void *dirent, filldir_t filldir)
 114{
 115        int rc;
 116        struct file *lower_file;
 117        struct inode *inode;
 118        struct ecryptfs_getdents_callback buf;
 119
 120        lower_file = ecryptfs_file_to_lower(file);
 121        lower_file->f_pos = file->f_pos;
 122        inode = file->f_path.dentry->d_inode;
 123        memset(&buf, 0, sizeof(buf));
 124        buf.dirent = dirent;
 125        buf.dentry = file->f_path.dentry;
 126        buf.filldir = filldir;
 127retry:
 128        buf.filldir_called = 0;
 129        buf.entries_written = 0;
 130        buf.err = 0;
 131        rc = vfs_readdir(lower_file, ecryptfs_filldir, (void *)&buf);
 132        if (buf.err)
 133                rc = buf.err;
 134        if (buf.filldir_called && !buf.entries_written)
 135                goto retry;
 136        file->f_pos = lower_file->f_pos;
 137        if (rc >= 0)
 138                fsstack_copy_attr_atime(inode, lower_file->f_path.dentry->d_inode);
 139        return rc;
 140}
 141
 142struct kmem_cache *ecryptfs_file_info_cache;
 143
 144/**
 145 * ecryptfs_open
 146 * @inode: inode speciying file to open
 147 * @file: Structure to return filled in
 148 *
 149 * Opens the file specified by inode.
 150 *
 151 * Returns zero on success; non-zero otherwise
 152 */
 153static int ecryptfs_open(struct inode *inode, struct file *file)
 154{
 155        int rc = 0;
 156        struct ecryptfs_crypt_stat *crypt_stat = NULL;
 157        struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
 158        struct dentry *ecryptfs_dentry = file->f_path.dentry;
 159        /* Private value of ecryptfs_dentry allocated in
 160         * ecryptfs_lookup() */
 161        struct dentry *lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry);
 162        struct ecryptfs_file_info *file_info;
 163
 164        mount_crypt_stat = &ecryptfs_superblock_to_private(
 165                ecryptfs_dentry->d_sb)->mount_crypt_stat;
 166        if ((mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED)
 167            && ((file->f_flags & O_WRONLY) || (file->f_flags & O_RDWR)
 168                || (file->f_flags & O_CREAT) || (file->f_flags & O_TRUNC)
 169                || (file->f_flags & O_APPEND))) {
 170                printk(KERN_WARNING "Mount has encrypted view enabled; "
 171                       "files may only be read\n");
 172                rc = -EPERM;
 173                goto out;
 174        }
 175        /* Released in ecryptfs_release or end of function if failure */
 176        file_info = kmem_cache_zalloc(ecryptfs_file_info_cache, GFP_KERNEL);
 177        ecryptfs_set_file_private(file, file_info);
 178        if (!file_info) {
 179                ecryptfs_printk(KERN_ERR,
 180                                "Error attempting to allocate memory\n");
 181                rc = -ENOMEM;
 182                goto out;
 183        }
 184        lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry);
 185        crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat;
 186        mutex_lock(&crypt_stat->cs_mutex);
 187        if (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED)) {
 188                ecryptfs_printk(KERN_DEBUG, "Setting flags for stat...\n");
 189                /* Policy code enabled in future release */
 190                crypt_stat->flags |= (ECRYPTFS_POLICY_APPLIED
 191                                      | ECRYPTFS_ENCRYPTED);
 192        }
 193        mutex_unlock(&crypt_stat->cs_mutex);
 194        ecryptfs_set_file_lower(
 195                file, ecryptfs_inode_to_private(inode)->lower_file);
 196        if (S_ISDIR(ecryptfs_dentry->d_inode->i_mode)) {
 197                ecryptfs_printk(KERN_DEBUG, "This is a directory\n");
 198                crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
 199                rc = 0;
 200                goto out;
 201        }
 202        mutex_lock(&crypt_stat->cs_mutex);
 203        if (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED)
 204            || !(crypt_stat->flags & ECRYPTFS_KEY_VALID)) {
 205                rc = ecryptfs_read_metadata(ecryptfs_dentry);
 206                if (rc) {
 207                        ecryptfs_printk(KERN_DEBUG,
 208                                        "Valid headers not found\n");
 209                        if (!(mount_crypt_stat->flags
 210                              & ECRYPTFS_PLAINTEXT_PASSTHROUGH_ENABLED)) {
 211                                rc = -EIO;
 212                                printk(KERN_WARNING "Attempt to read file that "
 213                                       "is not in a valid eCryptfs format, "
 214                                       "and plaintext passthrough mode is not "
 215                                       "enabled; returning -EIO\n");
 216                                mutex_unlock(&crypt_stat->cs_mutex);
 217                                goto out_free;
 218                        }
 219                        rc = 0;
 220                        crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
 221                        mutex_unlock(&crypt_stat->cs_mutex);
 222                        goto out;
 223                }
 224        }
 225        mutex_unlock(&crypt_stat->cs_mutex);
 226        ecryptfs_printk(KERN_DEBUG, "inode w/ addr = [0x%p], i_ino = [0x%.16x] "
 227                        "size: [0x%.16x]\n", inode, inode->i_ino,
 228                        i_size_read(inode));
 229        goto out;
 230out_free:
 231        kmem_cache_free(ecryptfs_file_info_cache,
 232                        ecryptfs_file_to_private(file));
 233out:
 234        return rc;
 235}
 236
 237static int ecryptfs_flush(struct file *file, fl_owner_t td)
 238{
 239        int rc = 0;
 240        struct file *lower_file = NULL;
 241
 242        lower_file = ecryptfs_file_to_lower(file);
 243        if (lower_file->f_op && lower_file->f_op->flush)
 244                rc = lower_file->f_op->flush(lower_file, td);
 245        return rc;
 246}
 247
 248static int ecryptfs_release(struct inode *inode, struct file *file)
 249{
 250        kmem_cache_free(ecryptfs_file_info_cache,
 251                        ecryptfs_file_to_private(file));
 252        return 0;
 253}
 254
 255static int
 256ecryptfs_fsync(struct file *file, struct dentry *dentry, int datasync)
 257{
 258        struct file *lower_file = ecryptfs_file_to_lower(file);
 259        struct dentry *lower_dentry = ecryptfs_dentry_to_lower(dentry);
 260        struct inode *lower_inode = lower_dentry->d_inode;
 261        int rc = -EINVAL;
 262
 263        if (lower_inode->i_fop->fsync) {
 264                mutex_lock(&lower_inode->i_mutex);
 265                rc = lower_inode->i_fop->fsync(lower_file, lower_dentry,
 266                                               datasync);
 267                mutex_unlock(&lower_inode->i_mutex);
 268        }
 269        return rc;
 270}
 271
 272static int ecryptfs_fasync(int fd, struct file *file, int flag)
 273{
 274        int rc = 0;
 275        struct file *lower_file = NULL;
 276
 277        lower_file = ecryptfs_file_to_lower(file);
 278        if (lower_file->f_op && lower_file->f_op->fasync)
 279                rc = lower_file->f_op->fasync(fd, lower_file, flag);
 280        return rc;
 281}
 282
 283static int ecryptfs_ioctl(struct inode *inode, struct file *file,
 284                          unsigned int cmd, unsigned long arg);
 285
 286const struct file_operations ecryptfs_dir_fops = {
 287        .readdir = ecryptfs_readdir,
 288        .ioctl = ecryptfs_ioctl,
 289        .mmap = generic_file_mmap,
 290        .open = ecryptfs_open,
 291        .flush = ecryptfs_flush,
 292        .release = ecryptfs_release,
 293        .fsync = ecryptfs_fsync,
 294        .fasync = ecryptfs_fasync,
 295        .splice_read = generic_file_splice_read,
 296};
 297
 298const struct file_operations ecryptfs_main_fops = {
 299        .llseek = generic_file_llseek,
 300        .read = do_sync_read,
 301        .aio_read = ecryptfs_read_update_atime,
 302        .write = do_sync_write,
 303        .aio_write = generic_file_aio_write,
 304        .readdir = ecryptfs_readdir,
 305        .ioctl = ecryptfs_ioctl,
 306        .mmap = generic_file_mmap,
 307        .open = ecryptfs_open,
 308        .flush = ecryptfs_flush,
 309        .release = ecryptfs_release,
 310        .fsync = ecryptfs_fsync,
 311        .fasync = ecryptfs_fasync,
 312        .splice_read = generic_file_splice_read,
 313};
 314
 315static int
 316ecryptfs_ioctl(struct inode *inode, struct file *file, unsigned int cmd,
 317               unsigned long arg)
 318{
 319        int rc = 0;
 320        struct file *lower_file = NULL;
 321
 322        if (ecryptfs_file_to_private(file))
 323                lower_file = ecryptfs_file_to_lower(file);
 324        if (lower_file && lower_file->f_op && lower_file->f_op->ioctl)
 325                rc = lower_file->f_op->ioctl(ecryptfs_inode_to_lower(inode),
 326                                             lower_file, cmd, arg);
 327        else
 328                rc = -ENOTTY;
 329        return rc;
 330}
 331