LXR linux/fs/ecryptfs/inode.c

   1/**
   2 * eCryptfs: Linux filesystem encryption layer
   3 *
   4 * Copyright (C) 1997-2004 Erez Zadok
   5 * Copyright (C) 2001-2004 Stony Brook University
   6 * Copyright (C) 2004-2007 International Business Machines Corp.
   7 *   Author(s): Michael A. Halcrow <mahalcro@us.ibm.com>
   8 *              Michael C. Thompsion <mcthomps@us.ibm.com>
   9 *
  10 * This program is free software; you can redistribute it and/or
  11 * modify it under the terms of the GNU General Public License as
  12 * published by the Free Software Foundation; either version 2 of the
  13 * License, or (at your option) any later version.
  14 *
  15 * This program is distributed in the hope that it will be useful, but
  16 * WITHOUT ANY WARRANTY; without even the implied warranty of
  17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  18 * General Public License for more details.
  19 *
  20 * You should have received a copy of the GNU General Public License
  21 * along with this program; if not, write to the Free Software
  22 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
  23 * 02111-1307, USA.
  24 */
  25
  26#include <linux/file.h>
  27#include <linux/vmalloc.h>
  28#include <linux/pagemap.h>
  29#include <linux/dcache.h>
  30#include <linux/namei.h>
  31#include <linux/mount.h>
  32#include <linux/crypto.h>
  33#include <linux/fs_stack.h>
  34#include "ecryptfs_kernel.h"
  35
  36static struct dentry *lock_parent(struct dentry *dentry)
  37{
  38        struct dentry *dir;
  39
  40        dir = dget(dentry->d_parent);
  41        mutex_lock_nested(&(dir->d_inode->i_mutex), I_MUTEX_PARENT);
  42        return dir;
  43}
  44
  45static void unlock_parent(struct dentry *dentry)
  46{
  47        mutex_unlock(&(dentry->d_parent->d_inode->i_mutex));
  48        dput(dentry->d_parent);
  49}
  50
  51static void unlock_dir(struct dentry *dir)
  52{
  53        mutex_unlock(&dir->d_inode->i_mutex);
  54        dput(dir);
  55}
  56
  57/**
  58 * ecryptfs_create_underlying_file
  59 * @lower_dir_inode: inode of the parent in the lower fs of the new file
  60 * @lower_dentry: New file's dentry in the lower fs
  61 * @ecryptfs_dentry: New file's dentry in ecryptfs
  62 * @mode: The mode of the new file
  63 * @nd: nameidata of ecryptfs' parent's dentry & vfsmount
  64 *
  65 * Creates the file in the lower file system.
  66 *
  67 * Returns zero on success; non-zero on error condition
  68 */
  69static int
  70ecryptfs_create_underlying_file(struct inode *lower_dir_inode,
  71                                struct dentry *dentry, int mode,
  72                                struct nameidata *nd)
  73{
  74        struct dentry *lower_dentry = ecryptfs_dentry_to_lower(dentry);
  75        struct vfsmount *lower_mnt = ecryptfs_dentry_to_lower_mnt(dentry);
  76        struct dentry *dentry_save;
  77        struct vfsmount *vfsmount_save;
  78        int rc;
  79
  80        dentry_save = nd->dentry;
  81        vfsmount_save = nd->mnt;
  82        nd->dentry = lower_dentry;
  83        nd->mnt = lower_mnt;
  84        rc = vfs_create(lower_dir_inode, lower_dentry, mode, nd);
  85        nd->dentry = dentry_save;
  86        nd->mnt = vfsmount_save;
  87        return rc;
  88}
  89
  90/**
  91 * ecryptfs_do_create
  92 * @directory_inode: inode of the new file's dentry's parent in ecryptfs
  93 * @ecryptfs_dentry: New file's dentry in ecryptfs
  94 * @mode: The mode of the new file
  95 * @nd: nameidata of ecryptfs' parent's dentry & vfsmount
  96 *
  97 * Creates the underlying file and the eCryptfs inode which will link to
  98 * it. It will also update the eCryptfs directory inode to mimic the
  99 * stat of the lower directory inode.
 100 *
 101 * Returns zero on success; non-zero on error condition
 102 */
 103static int
 104ecryptfs_do_create(struct inode *directory_inode,
 105                   struct dentry *ecryptfs_dentry, int mode,
 106                   struct nameidata *nd)
 107{
 108        int rc;
 109        struct dentry *lower_dentry;
 110        struct dentry *lower_dir_dentry;
 111
 112        lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry);
 113        lower_dir_dentry = lock_parent(lower_dentry);
 114        if (unlikely(IS_ERR(lower_dir_dentry))) {
 115                ecryptfs_printk(KERN_ERR, "Error locking directory of "
 116                                "dentry\n");
 117                rc = PTR_ERR(lower_dir_dentry);
 118                goto out;
 119        }
 120        rc = ecryptfs_create_underlying_file(lower_dir_dentry->d_inode,
 121                                             ecryptfs_dentry, mode, nd);
 122        if (rc) {
 123                printk(KERN_ERR "%s: Failure to create dentry in lower fs; "
 124                       "rc = [%d]\n", __FUNCTION__, rc);
 125                goto out_lock;
 126        }
 127        rc = ecryptfs_interpose(lower_dentry, ecryptfs_dentry,
 128                                directory_inode->i_sb, 0);
 129        if (rc) {
 130                ecryptfs_printk(KERN_ERR, "Failure in ecryptfs_interpose\n");
 131                goto out_lock;
 132        }
 133        fsstack_copy_attr_times(directory_inode, lower_dir_dentry->d_inode);
 134        fsstack_copy_inode_size(directory_inode, lower_dir_dentry->d_inode);
 135out_lock:
 136        unlock_dir(lower_dir_dentry);
 137out:
 138        return rc;
 139}
 140
 141/**
 142 * grow_file
 143 * @ecryptfs_dentry: the eCryptfs dentry
 144 *
 145 * This is the code which will grow the file to its correct size.
 146 */
 147static int grow_file(struct dentry *ecryptfs_dentry)
 148{
 149        struct inode *ecryptfs_inode = ecryptfs_dentry->d_inode;
 150        struct file fake_file;
 151        struct ecryptfs_file_info tmp_file_info;
 152        char zero_virt[] = { 0x00 };
 153        int rc = 0;
 154
 155        memset(&fake_file, 0, sizeof(fake_file));
 156        fake_file.f_path.dentry = ecryptfs_dentry;
 157        memset(&tmp_file_info, 0, sizeof(tmp_file_info));
 158        ecryptfs_set_file_private(&fake_file, &tmp_file_info);
 159        ecryptfs_set_file_lower(
 160                &fake_file,
 161                ecryptfs_inode_to_private(ecryptfs_inode)->lower_file);
 162        rc = ecryptfs_write(&fake_file, zero_virt, 0, 1);
 163        i_size_write(ecryptfs_inode, 0);
 164        rc = ecryptfs_write_inode_size_to_metadata(ecryptfs_inode);
 165        ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat.flags |=
 166                ECRYPTFS_NEW_FILE;
 167        return rc;
 168}
 169
 170/**
 171 * ecryptfs_initialize_file
 172 *
 173 * Cause the file to be changed from a basic empty file to an ecryptfs
 174 * file with a header and first data page.
 175 *
 176 * Returns zero on success
 177 */
 178static int ecryptfs_initialize_file(struct dentry *ecryptfs_dentry)
 179{
 180        struct ecryptfs_crypt_stat *crypt_stat =
 181                &ecryptfs_inode_to_private(ecryptfs_dentry->d_inode)->crypt_stat;
 182        int rc = 0;
 183
 184        if (S_ISDIR(ecryptfs_dentry->d_inode->i_mode)) {
 185                ecryptfs_printk(KERN_DEBUG, "This is a directory\n");
 186                crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
 187                goto out;
 188        }
 189        crypt_stat->flags |= ECRYPTFS_NEW_FILE;
 190        ecryptfs_printk(KERN_DEBUG, "Initializing crypto context\n");
 191        rc = ecryptfs_new_file_context(ecryptfs_dentry);
 192        if (rc) {
 193                ecryptfs_printk(KERN_ERR, "Error creating new file "
 194                                "context; rc = [%d]\n", rc);
 195                goto out;
 196        }
 197        rc = ecryptfs_write_metadata(ecryptfs_dentry);
 198        if (rc) {
 199                printk(KERN_ERR "Error writing headers; rc = [%d]\n", rc);
 200                goto out;
 201        }
 202        rc = grow_file(ecryptfs_dentry);
 203        if (rc)
 204                printk(KERN_ERR "Error growing file; rc = [%d]\n", rc);
 205out:
 206        return rc;
 207}
 208
 209/**
 210 * ecryptfs_create
 211 * @dir: The inode of the directory in which to create the file.
 212 * @dentry: The eCryptfs dentry
 213 * @mode: The mode of the new file.
 214 * @nd: nameidata
 215 *
 216 * Creates a new file.
 217 *
 218 * Returns zero on success; non-zero on error condition
 219 */
 220static int
 221ecryptfs_create(struct inode *directory_inode, struct dentry *ecryptfs_dentry,
 222                int mode, struct nameidata *nd)
 223{
 224        int rc;
 225
 226        /* ecryptfs_do_create() calls ecryptfs_interpose(), which opens
 227         * the crypt_stat->lower_file (persistent file) */
 228        rc = ecryptfs_do_create(directory_inode, ecryptfs_dentry, mode, nd);
 229        if (unlikely(rc)) {
 230                ecryptfs_printk(KERN_WARNING, "Failed to create file in"
 231                                "lower filesystem\n");
 232                goto out;
 233        }
 234        /* At this point, a file exists on "disk"; we need to make sure
 235         * that this on disk file is prepared to be an ecryptfs file */
 236        rc = ecryptfs_initialize_file(ecryptfs_dentry);
 237out:
 238        return rc;
 239}
 240
 241/**
 242 * ecryptfs_lookup
 243 * @dir: inode
 244 * @dentry: The dentry
 245 * @nd: nameidata, may be NULL
 246 *
 247 * Find a file on disk. If the file does not exist, then we'll add it to the
 248 * dentry cache and continue on to read it from the disk.
 249 */
 250static struct dentry *ecryptfs_lookup(struct inode *dir, struct dentry *dentry,
 251                                      struct nameidata *nd)
 252{
 253        int rc = 0;
 254        struct dentry *lower_dir_dentry;
 255        struct dentry *lower_dentry;
 256        struct vfsmount *lower_mnt;
 257        char *encoded_name;
 258        int encoded_namelen;
 259        struct ecryptfs_crypt_stat *crypt_stat = NULL;
 260        struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
 261        char *page_virt = NULL;
 262        struct inode *lower_inode;
 263        u64 file_size;
 264
 265        lower_dir_dentry = ecryptfs_dentry_to_lower(dentry->d_parent);
 266        dentry->d_op = &ecryptfs_dops;
 267        if ((dentry->d_name.len == 1 && !strcmp(dentry->d_name.name, "."))
 268            || (dentry->d_name.len == 2
 269                && !strcmp(dentry->d_name.name, ".."))) {
 270                d_drop(dentry);
 271                goto out;
 272        }
 273        encoded_namelen = ecryptfs_encode_filename(crypt_stat,
 274                                                   dentry->d_name.name,
 275                                                   dentry->d_name.len,
 276                                                   &encoded_name);
 277        if (encoded_namelen < 0) {
 278                rc = encoded_namelen;
 279                d_drop(dentry);
 280                goto out;
 281        }
 282        ecryptfs_printk(KERN_DEBUG, "encoded_name = [%s]; encoded_namelen "
 283                        "= [%d]\n", encoded_name, encoded_namelen);
 284        lower_dentry = lookup_one_len(encoded_name, lower_dir_dentry,
 285                                      encoded_namelen - 1);
 286        kfree(encoded_name);
 287        if (IS_ERR(lower_dentry)) {
 288                ecryptfs_printk(KERN_ERR, "ERR from lower_dentry\n");
 289                rc = PTR_ERR(lower_dentry);
 290                d_drop(dentry);
 291                goto out;
 292        }
 293        lower_mnt = mntget(ecryptfs_dentry_to_lower_mnt(dentry->d_parent));
 294        ecryptfs_printk(KERN_DEBUG, "lower_dentry = [%p]; lower_dentry->"
 295                "d_name.name = [%s]\n", lower_dentry,
 296                lower_dentry->d_name.name);
 297        lower_inode = lower_dentry->d_inode;
 298        fsstack_copy_attr_atime(dir, lower_dir_dentry->d_inode);
 299        BUG_ON(!atomic_read(&lower_dentry->d_count));
 300        ecryptfs_set_dentry_private(dentry,
 301                                    kmem_cache_alloc(ecryptfs_dentry_info_cache,
 302                                                     GFP_KERNEL));
 303        if (!ecryptfs_dentry_to_private(dentry)) {
 304                rc = -ENOMEM;
 305                ecryptfs_printk(KERN_ERR, "Out of memory whilst attempting "
 306                                "to allocate ecryptfs_dentry_info struct\n");
 307                goto out_dput;
 308        }
 309        ecryptfs_set_dentry_lower(dentry, lower_dentry);
 310        ecryptfs_set_dentry_lower_mnt(dentry, lower_mnt);
 311        if (!lower_dentry->d_inode) {
 312                /* We want to add because we couldn't find in lower */
 313                d_add(dentry, NULL);
 314                goto out;
 315        }
 316        rc = ecryptfs_interpose(lower_dentry, dentry, dir->i_sb, 1);
 317        if (rc) {
 318                ecryptfs_printk(KERN_ERR, "Error interposing\n");
 319                goto out_dput;
 320        }
 321        if (S_ISDIR(lower_inode->i_mode)) {
 322                ecryptfs_printk(KERN_DEBUG, "Is a directory; returning\n");
 323                goto out;
 324        }
 325        if (S_ISLNK(lower_inode->i_mode)) {
 326                ecryptfs_printk(KERN_DEBUG, "Is a symlink; returning\n");
 327                goto out;
 328        }
 329        if (special_file(lower_inode->i_mode)) {
 330                ecryptfs_printk(KERN_DEBUG, "Is a special file; returning\n");
 331                goto out;
 332        }
 333        if (!nd) {
 334                ecryptfs_printk(KERN_DEBUG, "We have a NULL nd, just leave"
 335                                "as we *think* we are about to unlink\n");
 336                goto out;
 337        }
 338        /* Released in this function */
 339        page_virt = kmem_cache_zalloc(ecryptfs_header_cache_2,
 340                                      GFP_USER);
 341        if (!page_virt) {
 342                rc = -ENOMEM;
 343                ecryptfs_printk(KERN_ERR,
 344                                "Cannot ecryptfs_kmalloc a page\n");
 345                goto out_dput;
 346        }
 347        crypt_stat = &ecryptfs_inode_to_private(dentry->d_inode)->crypt_stat;
 348        if (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED))
 349                ecryptfs_set_default_sizes(crypt_stat);
 350        rc = ecryptfs_read_and_validate_header_region(page_virt,
 351                                                      dentry->d_inode);
 352        if (rc) {
 353                rc = ecryptfs_read_and_validate_xattr_region(page_virt, dentry);
 354                if (rc) {
 355                        printk(KERN_DEBUG "Valid metadata not found in header "
 356                               "region or xattr region; treating file as "
 357                               "unencrypted\n");
 358                        rc = 0;
 359                        kmem_cache_free(ecryptfs_header_cache_2, page_virt);
 360                        goto out;
 361                }
 362                crypt_stat->flags |= ECRYPTFS_METADATA_IN_XATTR;
 363        }
 364        mount_crypt_stat = &ecryptfs_superblock_to_private(
 365                dentry->d_sb)->mount_crypt_stat;
 366        if (mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED) {
 367                if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR)
 368                        file_size = ((crypt_stat->extent_size
 369                                      * crypt_stat->num_header_extents_at_front)
 370                                     + i_size_read(lower_dentry->d_inode));
 371                else
 372                        file_size = i_size_read(lower_dentry->d_inode);
 373        } else {
 374                memcpy(&file_size, page_virt, sizeof(file_size));
 375                file_size = be64_to_cpu(file_size);
 376        }
 377        i_size_write(dentry->d_inode, (loff_t)file_size);
 378        kmem_cache_free(ecryptfs_header_cache_2, page_virt);
 379        goto out;
 380
 381out_dput:
 382        dput(lower_dentry);
 383        d_drop(dentry);
 384out:
 385        return ERR_PTR(rc);
 386}
 387
 388static int ecryptfs_link(struct dentry *old_dentry, struct inode *dir,
 389                         struct dentry *new_dentry)
 390{
 391        struct dentry *lower_old_dentry;
 392        struct dentry *lower_new_dentry;
 393        struct dentry *lower_dir_dentry;
 394        u64 file_size_save;
 395        int rc;
 396
 397        file_size_save = i_size_read(old_dentry->d_inode);
 398        lower_old_dentry = ecryptfs_dentry_to_lower(old_dentry);
 399        lower_new_dentry = ecryptfs_dentry_to_lower(new_dentry);
 400        dget(lower_old_dentry);
 401        dget(lower_new_dentry);
 402        lower_dir_dentry = lock_parent(lower_new_dentry);
 403        rc = vfs_link(lower_old_dentry, lower_dir_dentry->d_inode,
 404                      lower_new_dentry);
 405        if (rc || !lower_new_dentry->d_inode)
 406                goto out_lock;
 407        rc = ecryptfs_interpose(lower_new_dentry, new_dentry, dir->i_sb, 0);
 408        if (rc)
 409                goto out_lock;
 410        fsstack_copy_attr_times(dir, lower_new_dentry->d_inode);
 411        fsstack_copy_inode_size(dir, lower_new_dentry->d_inode);
 412        old_dentry->d_inode->i_nlink =
 413                ecryptfs_inode_to_lower(old_dentry->d_inode)->i_nlink;
 414        i_size_write(new_dentry->d_inode, file_size_save);
 415out_lock:
 416        unlock_dir(lower_dir_dentry);
 417        dput(lower_new_dentry);
 418        dput(lower_old_dentry);
 419        d_drop(lower_old_dentry);
 420        d_drop(new_dentry);
 421        d_drop(old_dentry);
 422        return rc;
 423}
 424
 425static int ecryptfs_unlink(struct inode *dir, struct dentry *dentry)
 426{
 427        int rc = 0;
 428        struct dentry *lower_dentry = ecryptfs_dentry_to_lower(dentry);
 429        struct inode *lower_dir_inode = ecryptfs_inode_to_lower(dir);
 430
 431        lock_parent(lower_dentry);
 432        rc = vfs_unlink(lower_dir_inode, lower_dentry);
 433        if (rc) {
 434                printk(KERN_ERR "Error in vfs_unlink; rc = [%d]\n", rc);
 435                goto out_unlock;
 436        }
 437        fsstack_copy_attr_times(dir, lower_dir_inode);
 438        dentry->d_inode->i_nlink =
 439                ecryptfs_inode_to_lower(dentry->d_inode)->i_nlink;
 440        dentry->d_inode->i_ctime = dir->i_ctime;
 441        d_drop(dentry);
 442out_unlock:
 443        unlock_parent(lower_dentry);
 444        return rc;
 445}
 446
 447static int ecryptfs_symlink(struct inode *dir, struct dentry *dentry,
 448                            const char *symname)
 449{
 450        int rc;
 451        struct dentry *lower_dentry;
 452        struct dentry *lower_dir_dentry;
 453        umode_t mode;
 454        char *encoded_symname;
 455        int encoded_symlen;
 456        struct ecryptfs_crypt_stat *crypt_stat = NULL;
 457
 458        lower_dentry = ecryptfs_dentry_to_lower(dentry);
 459        dget(lower_dentry);
 460        lower_dir_dentry = lock_parent(lower_dentry);
 461        mode = S_IALLUGO;
 462        encoded_symlen = ecryptfs_encode_filename(crypt_stat, symname,
 463                                                  strlen(symname),
 464                                                  &encoded_symname);
 465        if (encoded_symlen < 0) {
 466                rc = encoded_symlen;
 467                goto out_lock;
 468        }
 469        rc = vfs_symlink(lower_dir_dentry->d_inode, lower_dentry,
 470                         encoded_symname, mode);
 471        kfree(encoded_symname);
 472        if (rc || !lower_dentry->d_inode)
 473                goto out_lock;
 474        rc = ecryptfs_interpose(lower_dentry, dentry, dir->i_sb, 0);
 475        if (rc)
 476                goto out_lock;
 477        fsstack_copy_attr_times(dir, lower_dir_dentry->d_inode);
 478        fsstack_copy_inode_size(dir, lower_dir_dentry->d_inode);
 479out_lock:
 480        unlock_dir(lower_dir_dentry);
 481        dput(lower_dentry);
 482        if (!dentry->d_inode)
 483                d_drop(dentry);
 484        return rc;
 485}
 486
 487static int ecryptfs_mkdir(struct inode *dir, struct dentry *dentry, int mode)
 488{
 489        int rc;
 490        struct dentry *lower_dentry;
 491        struct dentry *lower_dir_dentry;
 492
 493        lower_dentry = ecryptfs_dentry_to_lower(dentry);
 494        lower_dir_dentry = lock_parent(lower_dentry);
 495        rc = vfs_mkdir(lower_dir_dentry->d_inode, lower_dentry, mode);
 496        if (rc || !lower_dentry->d_inode)
 497                goto out;
 498        rc = ecryptfs_interpose(lower_dentry, dentry, dir->i_sb, 0);
 499        if (rc)
 500                goto out;
 501        fsstack_copy_attr_times(dir, lower_dir_dentry->d_inode);
 502        fsstack_copy_inode_size(dir, lower_dir_dentry->d_inode);
 503        dir->i_nlink = lower_dir_dentry->d_inode->i_nlink;
 504out:
 505        unlock_dir(lower_dir_dentry);
 506        if (!dentry->d_inode)
 507                d_drop(dentry);
 508        return rc;
 509}
 510
 511static int ecryptfs_rmdir(struct inode *dir, struct dentry *dentry)
 512{
 513        struct dentry *lower_dentry;
 514        struct dentry *lower_dir_dentry;
 515        int rc;
 516
 517        lower_dentry = ecryptfs_dentry_to_lower(dentry);
 518        dget(dentry);
 519        lower_dir_dentry = lock_parent(lower_dentry);
 520        dget(lower_dentry);
 521        rc = vfs_rmdir(lower_dir_dentry->d_inode, lower_dentry);
 522        dput(lower_dentry);
 523        if (!rc)
 524                d_delete(lower_dentry);
 525        fsstack_copy_attr_times(dir, lower_dir_dentry->d_inode);
 526        dir->i_nlink = lower_dir_dentry->d_inode->i_nlink;
 527        unlock_dir(lower_dir_dentry);
 528        if (!rc)
 529                d_drop(dentry);
 530        dput(dentry);
 531        return rc;
 532}
 533
 534static int
 535ecryptfs_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
 536{
 537        int rc;
 538        struct dentry *lower_dentry;
 539        struct dentry *lower_dir_dentry;
 540
 541        lower_dentry = ecryptfs_dentry_to_lower(dentry);
 542        lower_dir_dentry = lock_parent(lower_dentry);
 543        rc = vfs_mknod(lower_dir_dentry->d_inode, lower_dentry, mode, dev);
 544        if (rc || !lower_dentry->d_inode)
 545                goto out;
 546        rc = ecryptfs_interpose(lower_dentry, dentry, dir->i_sb, 0);
 547        if (rc)
 548                goto out;
 549        fsstack_copy_attr_times(dir, lower_dir_dentry->d_inode);
 550        fsstack_copy_inode_size(dir, lower_dir_dentry->d_inode);
 551out:
 552        unlock_dir(lower_dir_dentry);
 553        if (!dentry->d_inode)
 554                d_drop(dentry);
 555        return rc;
 556}
 557
 558static int
 559ecryptfs_rename(struct inode *old_dir, struct dentry *old_dentry,
 560                struct inode *new_dir, struct dentry *new_dentry)
 561{
 562        int rc;
 563        struct dentry *lower_old_dentry;
 564        struct dentry *lower_new_dentry;
 565        struct dentry *lower_old_dir_dentry;
 566        struct dentry *lower_new_dir_dentry;
 567
 568        lower_old_dentry = ecryptfs_dentry_to_lower(old_dentry);
 569        lower_new_dentry = ecryptfs_dentry_to_lower(new_dentry);
 570        dget(lower_old_dentry);
 571        dget(lower_new_dentry);
 572        lower_old_dir_dentry = dget_parent(lower_old_dentry);
 573        lower_new_dir_dentry = dget_parent(lower_new_dentry);
 574        lock_rename(lower_old_dir_dentry, lower_new_dir_dentry);
 575        rc = vfs_rename(lower_old_dir_dentry->d_inode, lower_old_dentry,
 576                        lower_new_dir_dentry->d_inode, lower_new_dentry);
 577        if (rc)
 578                goto out_lock;
 579        fsstack_copy_attr_all(new_dir, lower_new_dir_dentry->d_inode, NULL);
 580        if (new_dir != old_dir)
 581                fsstack_copy_attr_all(old_dir, lower_old_dir_dentry->d_inode, NULL);
 582out_lock:
 583        unlock_rename(lower_old_dir_dentry, lower_new_dir_dentry);
 584        dput(lower_new_dentry->d_parent);
 585        dput(lower_old_dentry->d_parent);
 586        dput(lower_new_dentry);
 587        dput(lower_old_dentry);
 588        return rc;
 589}
 590
 591static int
 592ecryptfs_readlink(struct dentry *dentry, char __user * buf, int bufsiz)
 593{
 594        int rc;
 595        struct dentry *lower_dentry;
 596        char *decoded_name;
 597        char *lower_buf;
 598        mm_segment_t old_fs;
 599        struct ecryptfs_crypt_stat *crypt_stat;
 600
 601        lower_dentry = ecryptfs_dentry_to_lower(dentry);
 602        if (!lower_dentry->d_inode->i_op ||
 603            !lower_dentry->d_inode->i_op->readlink) {
 604                rc = -EINVAL;
 605                goto out;
 606        }
 607        /* Released in this function */
 608        lower_buf = kmalloc(bufsiz, GFP_KERNEL);
 609        if (lower_buf == NULL) {
 610                ecryptfs_printk(KERN_ERR, "Out of memory\n");
 611                rc = -ENOMEM;
 612                goto out;
 613        }
 614        old_fs = get_fs();
 615        set_fs(get_ds());
 616        ecryptfs_printk(KERN_DEBUG, "Calling readlink w/ "
 617                        "lower_dentry->d_name.name = [%s]\n",
 618                        lower_dentry->d_name.name);
 619        rc = lower_dentry->d_inode->i_op->readlink(lower_dentry,
 620                                                   (char __user *)lower_buf,
 621                                                   bufsiz);
 622        set_fs(old_fs);
 623        if (rc >= 0) {
 624                crypt_stat = NULL;
 625                rc = ecryptfs_decode_filename(crypt_stat, lower_buf, rc,
 626                                              &decoded_name);
 627                if (rc == -ENOMEM)
 628                        goto out_free_lower_buf;
 629                if (rc > 0) {
 630                        ecryptfs_printk(KERN_DEBUG, "Copying [%d] bytes "
 631                                        "to userspace: [%*s]\n", rc,
 632                                        decoded_name);
 633                        if (copy_to_user(buf, decoded_name, rc))
 634                                rc = -EFAULT;
 635                }
 636                kfree(decoded_name);
 637                fsstack_copy_attr_atime(dentry->d_inode,
 638                                        lower_dentry->d_inode);
 639        }
 640out_free_lower_buf:
 641        kfree(lower_buf);
 642out:
 643        return rc;
 644}
 645
 646static void *ecryptfs_follow_link(struct dentry *dentry, struct nameidata *nd)
 647{
 648        char *buf;
 649        int len = PAGE_SIZE, rc;
 650        mm_segment_t old_fs;
 651
 652        /* Released in ecryptfs_put_link(); only release here on error */
 653        buf = kmalloc(len, GFP_KERNEL);
 654        if (!buf) {
 655                rc = -ENOMEM;
 656                goto out;
 657        }
 658        old_fs = get_fs();
 659        set_fs(get_ds());
 660        ecryptfs_printk(KERN_DEBUG, "Calling readlink w/ "
 661                        "dentry->d_name.name = [%s]\n", dentry->d_name.name);
 662        rc = dentry->d_inode->i_op->readlink(dentry, (char __user *)buf, len);
 663        buf[rc] = '\0';
 664        set_fs(old_fs);
 665        if (rc < 0)
 666                goto out_free;
 667        rc = 0;
 668        nd_set_link(nd, buf);
 669        goto out;
 670out_free:
 671        kfree(buf);
 672out:
 673        return ERR_PTR(rc);
 674}
 675
 676static void
 677ecryptfs_put_link(struct dentry *dentry, struct nameidata *nd, void *ptr)
 678{
 679        /* Free the char* */
 680        kfree(nd_get_link(nd));
 681}
 682
 683/**
 684 * upper_size_to_lower_size
 685 * @crypt_stat: Crypt_stat associated with file
 686 * @upper_size: Size of the upper file
 687 *
 688 * Calculate the requried size of the lower file based on the
 689 * specified size of the upper file. This calculation is based on the
 690 * number of headers in the underlying file and the extent size.
 691 *
 692 * Returns Calculated size of the lower file.
 693 */
 694static loff_t
 695upper_size_to_lower_size(struct ecryptfs_crypt_stat *crypt_stat,
 696                         loff_t upper_size)
 697{
 698        loff_t lower_size;
 699
 700        lower_size = (crypt_stat->extent_size
 701                      * crypt_stat->num_header_extents_at_front);
 702        if (upper_size != 0) {
 703                loff_t num_extents;
 704
 705                num_extents = upper_size >> crypt_stat->extent_shift;
 706                if (upper_size & ~crypt_stat->extent_mask)
 707                        num_extents++;
 708                lower_size += (num_extents * crypt_stat->extent_size);
 709        }
 710        return lower_size;
 711}
 712
 713/**
 714 * ecryptfs_truncate
 715 * @dentry: The ecryptfs layer dentry
 716 * @new_length: The length to expand the file to
 717 *
 718 * Function to handle truncations modifying the size of the file. Note
 719 * that the file sizes are interpolated. When expanding, we are simply
 720 * writing strings of 0's out. When truncating, we need to modify the
 721 * underlying file size according to the page index interpolations.
 722 *
 723 * Returns zero on success; non-zero otherwise
 724 */
 725int ecryptfs_truncate(struct dentry *dentry, loff_t new_length)
 726{
 727        int rc = 0;
 728        struct inode *inode = dentry->d_inode;
 729        struct dentry *lower_dentry;
 730        struct file fake_ecryptfs_file;
 731        struct ecryptfs_crypt_stat *crypt_stat;
 732        loff_t i_size = i_size_read(inode);
 733        loff_t lower_size_before_truncate;
 734        loff_t lower_size_after_truncate;
 735
 736        if (unlikely((new_length == i_size)))
 737                goto out;
 738        crypt_stat = &ecryptfs_inode_to_private(dentry->d_inode)->crypt_stat;
 739        /* Set up a fake ecryptfs file, this is used to interface with
 740         * the file in the underlying filesystem so that the
 741         * truncation has an effect there as well. */
 742        memset(&fake_ecryptfs_file, 0, sizeof(fake_ecryptfs_file));
 743        fake_ecryptfs_file.f_path.dentry = dentry;
 744        /* Released at out_free: label */
 745        ecryptfs_set_file_private(&fake_ecryptfs_file,
 746                                  kmem_cache_alloc(ecryptfs_file_info_cache,
 747                                                   GFP_KERNEL));
 748        if (unlikely(!ecryptfs_file_to_private(&fake_ecryptfs_file))) {
 749                rc = -ENOMEM;
 750                goto out;
 751        }
 752        lower_dentry = ecryptfs_dentry_to_lower(dentry);
 753        ecryptfs_set_file_lower(
 754                &fake_ecryptfs_file,
 755                ecryptfs_inode_to_private(dentry->d_inode)->lower_file);
 756        /* Switch on growing or shrinking file */
 757        if (new_length > i_size) {
 758                char zero[] = { 0x00 };
 759
 760                /* Write a single 0 at the last position of the file;
 761                 * this triggers code that will fill in 0's throughout
 762                 * the intermediate portion of the previous end of the
 763                 * file and the new and of the file */
 764                rc = ecryptfs_write(&fake_ecryptfs_file, zero,
 765                                    (new_length - 1), 1);
 766        } else { /* new_length < i_size_read(inode) */
 767                /* We're chopping off all the pages down do the page
 768                 * in which new_length is located. Fill in the end of
 769                 * that page from (new_length & ~PAGE_CACHE_MASK) to
 770                 * PAGE_CACHE_SIZE with zeros. */
 771                size_t num_zeros = (PAGE_CACHE_SIZE
 772                                    - (new_length & ~PAGE_CACHE_MASK));
 773
 774                if (num_zeros) {
 775                        char *zeros_virt;
 776
 777                        zeros_virt = kzalloc(num_zeros, GFP_KERNEL);
 778                        if (!zeros_virt) {
 779                                rc = -ENOMEM;
 780                                goto out_free;
 781                        }
 782                        rc = ecryptfs_write(&fake_ecryptfs_file, zeros_virt,
 783                                            new_length, num_zeros);
 784                        kfree(zeros_virt);
 785                        if (rc) {
 786                                printk(KERN_ERR "Error attempting to zero out "
 787                                       "the remainder of the end page on "
 788                                       "reducing truncate; rc = [%d]\n", rc);
 789                                goto out_free;
 790                        }
 791                }
 792                vmtruncate(inode, new_length);
 793                rc = ecryptfs_write_inode_size_to_metadata(inode);
 794                if (rc) {
 795                        printk(KERN_ERR "Problem with "
 796                               "ecryptfs_write_inode_size_to_metadata; "
 797                               "rc = [%d]\n", rc);
 798                        goto out_free;
 799                }
 800                /* We are reducing the size of the ecryptfs file, and need to
 801                 * know if we need to reduce the size of the lower file. */
 802                lower_size_before_truncate =
 803                    upper_size_to_lower_size(crypt_stat, i_size);
 804                lower_size_after_truncate =
 805                    upper_size_to_lower_size(crypt_stat, new_length);
 806                if (lower_size_after_truncate < lower_size_before_truncate)
 807                        vmtruncate(lower_dentry->d_inode,
 808                                   lower_size_after_truncate);
 809        }
 810out_free:
 811        if (ecryptfs_file_to_private(&fake_ecryptfs_file))
 812                kmem_cache_free(ecryptfs_file_info_cache,
 813                                ecryptfs_file_to_private(&fake_ecryptfs_file));
 814out:
 815        return rc;
 816}
 817
 818static int
 819ecryptfs_permission(struct inode *inode, int mask, struct nameidata *nd)
 820{
 821        int rc;
 822
 823        if (nd) {
 824                struct vfsmount *vfsmnt_save = nd->mnt;
 825                struct dentry *dentry_save = nd->dentry;
 826
 827                nd->mnt = ecryptfs_dentry_to_lower_mnt(nd->dentry);
 828                nd->dentry = ecryptfs_dentry_to_lower(nd->dentry);
 829                rc = permission(ecryptfs_inode_to_lower(inode), mask, nd);
 830                nd->mnt = vfsmnt_save;
 831                nd->dentry = dentry_save;
 832        } else
 833                rc = permission(ecryptfs_inode_to_lower(inode), mask, NULL);
 834        return rc;
 835}
 836
 837/**
 838 * ecryptfs_setattr
 839 * @dentry: dentry handle to the inode to modify
 840 * @ia: Structure with flags of what to change and values
 841 *
 842 * Updates the metadata of an inode. If the update is to the size
 843 * i.e. truncation, then ecryptfs_truncate will handle the size modification
 844 * of both the ecryptfs inode and the lower inode.
 845 *
 846 * All other metadata changes will be passed right to the lower filesystem,
 847 * and we will just update our inode to look like the lower.
 848 */
 849static int ecryptfs_setattr(struct dentry *dentry, struct iattr *ia)
 850{
 851        int rc = 0;
 852        struct dentry *lower_dentry;
 853        struct inode *inode;
 854        struct inode *lower_inode;
 855        struct ecryptfs_crypt_stat *crypt_stat;
 856
 857        crypt_stat = &ecryptfs_inode_to_private(dentry->d_inode)->crypt_stat;
 858        if (!(crypt_stat->flags & ECRYPTFS_STRUCT_INITIALIZED))
 859                ecryptfs_init_crypt_stat(crypt_stat);
 860        inode = dentry->d_inode;
 861        lower_inode = ecryptfs_inode_to_lower(inode);
 862        lower_dentry = ecryptfs_dentry_to_lower(dentry);
 863        mutex_lock(&crypt_stat->cs_mutex);
 864        if (S_ISDIR(dentry->d_inode->i_mode))
 865                crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
 866        else if (S_ISREG(dentry->d_inode->i_mode)
 867                 && (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED)
 868                     || !(crypt_stat->flags & ECRYPTFS_KEY_VALID))) {
 869                struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
 870
 871                mount_crypt_stat = &ecryptfs_superblock_to_private(
 872                        dentry->d_sb)->mount_crypt_stat;
 873                rc = ecryptfs_read_metadata(dentry);
 874                if (rc) {
 875                        if (!(mount_crypt_stat->flags
 876                              & ECRYPTFS_PLAINTEXT_PASSTHROUGH_ENABLED)) {
 877                                rc = -EIO;
 878                                printk(KERN_WARNING "Attempt to read file that "
 879                                       "is not in a valid eCryptfs format, "
 880                                       "and plaintext passthrough mode is not "
 881                                       "enabled; returning -EIO\n");
 882
 883                                mutex_unlock(&crypt_stat->cs_mutex);
 884                                goto out;
 885                        }
 886                        rc = 0;
 887                        crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
 888                        mutex_unlock(&crypt_stat->cs_mutex);
 889                        goto out;
 890                }
 891        }
 892        mutex_unlock(&crypt_stat->cs_mutex);
 893        if (ia->ia_valid & ATTR_SIZE) {
 894                ecryptfs_printk(KERN_DEBUG,
 895                                "ia->ia_valid = [0x%x] ATTR_SIZE" " = [0x%x]\n",
 896                                ia->ia_valid, ATTR_SIZE);
 897                rc = ecryptfs_truncate(dentry, ia->ia_size);
 898                /* ecryptfs_truncate handles resizing of the lower file */
 899                ia->ia_valid &= ~ATTR_SIZE;
 900                ecryptfs_printk(KERN_DEBUG, "ia->ia_valid = [%x]\n",
 901                                ia->ia_valid);
 902                if (rc < 0)
 903                        goto out;
 904        }
 905
 906        /*
 907         * mode change is for clearing setuid/setgid bits. Allow lower fs
 908         * to interpret this in its own way.
 909         */
 910        if (ia->ia_valid & (ATTR_KILL_SUID | ATTR_KILL_SGID))
 911                ia->ia_valid &= ~ATTR_MODE;
 912
 913        rc = notify_change(lower_dentry, ia);
 914out:
 915        fsstack_copy_attr_all(inode, lower_inode, NULL);
 916        return rc;
 917}
 918
 919int
 920ecryptfs_setxattr(struct dentry *dentry, const char *name, const void *value,
 921                  size_t size, int flags)
 922{
 923        int rc = 0;
 924        struct dentry *lower_dentry;
 925
 926        lower_dentry = ecryptfs_dentry_to_lower(dentry);
 927        if (!lower_dentry->d_inode->i_op->setxattr) {
 928                rc = -ENOSYS;
 929                goto out;
 930        }
 931        mutex_lock(&lower_dentry->d_inode->i_mutex);
 932        rc = lower_dentry->d_inode->i_op->setxattr(lower_dentry, name, value,
 933                                                   size, flags);
 934        mutex_unlock(&lower_dentry->d_inode->i_mutex);
 935out:
 936        return rc;
 937}
 938
 939ssize_t
 940ecryptfs_getxattr_lower(struct dentry *lower_dentry, const char *name,
 941                        void *value, size_t size)
 942{
 943        int rc = 0;
 944
 945        if (!lower_dentry->d_inode->i_op->getxattr) {
 946                rc = -ENOSYS;
 947                goto out;
 948        }
 949        mutex_lock(&lower_dentry->d_inode->i_mutex);
 950        rc = lower_dentry->d_inode->i_op->getxattr(lower_dentry, name, value,
 951                                                   size);
 952        mutex_unlock(&lower_dentry->d_inode->i_mutex);
 953out:
 954        return rc;
 955}
 956
 957ssize_t
 958ecryptfs_getxattr(struct dentry *dentry, const char *name, void *value,
 959                  size_t size)
 960{
 961        return ecryptfs_getxattr_lower(ecryptfs_dentry_to_lower(dentry), name,
 962                                       value, size);
 963}
 964
 965static ssize_t
 966ecryptfs_listxattr(struct dentry *dentry, char *list, size_t size)
 967{
 968        int rc = 0;
 969        struct dentry *lower_dentry;
 970
 971        lower_dentry = ecryptfs_dentry_to_lower(dentry);
 972        if (!lower_dentry->d_inode->i_op->listxattr) {
 973                rc = -ENOSYS;
 974                goto out;
 975        }
 976        mutex_lock(&lower_dentry->d_inode->i_mutex);
 977        rc = lower_dentry->d_inode->i_op->listxattr(lower_dentry, list, size);
 978        mutex_unlock(&lower_dentry->d_inode->i_mutex);
 979out:
 980        return rc;
 981}
 982
 983static int ecryptfs_removexattr(struct dentry *dentry, const char *name)
 984{
 985        int rc = 0;
 986        struct dentry *lower_dentry;
 987
 988        lower_dentry = ecryptfs_dentry_to_lower(dentry);
 989        if (!lower_dentry->d_inode->i_op->removexattr) {
 990                rc = -ENOSYS;
 991                goto out;
 992        }
 993        mutex_lock(&lower_dentry->d_inode->i_mutex);
 994        rc = lower_dentry->d_inode->i_op->removexattr(lower_dentry, name);
 995        mutex_unlock(&lower_dentry->d_inode->i_mutex);
 996out:
 997        return rc;
 998}
 999
1000int ecryptfs_inode_test(struct inode *inode, void *candidate_lower_inode)

1001{
1002        if ((ecryptfs_inode_to_lower(inode)
1003             == (struct inode *)candidate_lower_inode))
1004                return 1;
1005        else
1006                return 0;
1007}
1008
1009int ecryptfs_inode_set(struct inode *inode, void *lower_inode)
1010{
1011        ecryptfs_init_inode(inode, (struct inode *)lower_inode);
1012        return 0;
1013}
1014
1015const struct inode_operations ecryptfs_symlink_iops = {
1016        .readlink = ecryptfs_readlink,
1017        .follow_link = ecryptfs_follow_link,
1018        .put_link = ecryptfs_put_link,
1019        .permission = ecryptfs_permission,
1020        .setattr = ecryptfs_setattr,
1021        .setxattr = ecryptfs_setxattr,
1022        .getxattr = ecryptfs_getxattr,
1023        .listxattr = ecryptfs_listxattr,
1024        .removexattr = ecryptfs_removexattr
1025};
1026
1027const struct inode_operations ecryptfs_dir_iops = {
1028        .create = ecryptfs_create,
1029        .lookup = ecryptfs_lookup,
1030        .link = ecryptfs_link,
1031        .unlink = ecryptfs_unlink,
1032        .symlink = ecryptfs_symlink,
1033        .mkdir = ecryptfs_mkdir,
1034        .rmdir = ecryptfs_rmdir,
1035        .mknod = ecryptfs_mknod,
1036        .rename = ecryptfs_rename,
1037        .permission = ecryptfs_permission,
1038        .setattr = ecryptfs_setattr,
1039        .setxattr = ecryptfs_setxattr,
1040        .getxattr = ecryptfs_getxattr,
1041        .listxattr = ecryptfs_listxattr,
1042        .removexattr = ecryptfs_removexattr
1043};
1044
1045const struct inode_operations ecryptfs_main_iops = {
1046        .permission = ecryptfs_permission,
1047        .setattr = ecryptfs_setattr,
1048        .setxattr = ecryptfs_setxattr,
1049        .getxattr = ecryptfs_getxattr,
1050        .listxattr = ecryptfs_listxattr,
1051        .removexattr = ecryptfs_removexattr
1052};
1053