1
2
3
4
5
6
7
8
9
10
11
12
13#ifndef _LINUX_FSCRYPT_H
14#define _LINUX_FSCRYPT_H
15
16#include <linux/fs.h>
17#include <linux/mm.h>
18#include <linux/slab.h>
19#include <uapi/linux/fscrypt.h>
20
21#define FS_CRYPTO_BLOCK_SIZE 16
22
23union fscrypt_policy;
24struct fscrypt_info;
25struct seq_file;
26
27struct fscrypt_str {
28 unsigned char *name;
29 u32 len;
30};
31
32struct fscrypt_name {
33 const struct qstr *usr_fname;
34 struct fscrypt_str disk_name;
35 u32 hash;
36 u32 minor_hash;
37 struct fscrypt_str crypto_buf;
38 bool is_nokey_name;
39};
40
41#define FSTR_INIT(n, l) { .name = n, .len = l }
42#define FSTR_TO_QSTR(f) QSTR_INIT((f)->name, (f)->len)
43#define fname_name(p) ((p)->disk_name.name)
44#define fname_len(p) ((p)->disk_name.len)
45
46
47#define FSCRYPT_SET_CONTEXT_MAX_SIZE 40
48
49#ifdef CONFIG_FS_ENCRYPTION
50
51
52
53
54
55
56#define FS_CFLG_OWN_PAGES (1U << 1)
57
58
59struct fscrypt_operations {
60
61
62 unsigned int flags;
63
64
65
66
67
68
69
70 const char *key_prefix;
71
72
73
74
75
76
77
78
79
80
81
82
83
84 int (*get_context)(struct inode *inode, void *ctx, size_t len);
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102 int (*set_context)(struct inode *inode, const void *ctx, size_t len,
103 void *fs_data);
104
105
106
107
108
109
110
111
112
113
114 const union fscrypt_policy *(*get_dummy_policy)(struct super_block *sb);
115
116
117
118
119 bool (*empty_dir)(struct inode *inode);
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135 bool (*has_stable_inodes)(struct super_block *sb);
136
137
138
139
140
141
142
143
144
145
146
147
148
149 void (*get_ino_and_lblk_bits)(struct super_block *sb,
150 int *ino_bits_ret, int *lblk_bits_ret);
151
152
153
154
155
156
157
158
159
160
161 int (*get_num_devices)(struct super_block *sb);
162
163
164
165
166
167
168
169 void (*get_devices)(struct super_block *sb,
170 struct request_queue **devs);
171};
172
173static inline struct fscrypt_info *fscrypt_get_info(const struct inode *inode)
174{
175
176
177
178
179
180
181 return smp_load_acquire(&inode->i_crypt_info);
182}
183
184
185
186
187
188
189
190
191
192
193
194
195static inline bool fscrypt_needs_contents_encryption(const struct inode *inode)
196{
197 return IS_ENCRYPTED(inode) && S_ISREG(inode->i_mode);
198}
199
200
201
202
203
204
205
206
207static inline void fscrypt_handle_d_move(struct dentry *dentry)
208{
209 dentry->d_flags &= ~DCACHE_NOKEY_NAME;
210}
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236static inline bool fscrypt_is_nokey_name(const struct dentry *dentry)
237{
238 return dentry->d_flags & DCACHE_NOKEY_NAME;
239}
240
241
242void fscrypt_enqueue_decrypt_work(struct work_struct *);
243
244struct page *fscrypt_encrypt_pagecache_blocks(struct page *page,
245 unsigned int len,
246 unsigned int offs,
247 gfp_t gfp_flags);
248int fscrypt_encrypt_block_inplace(const struct inode *inode, struct page *page,
249 unsigned int len, unsigned int offs,
250 u64 lblk_num, gfp_t gfp_flags);
251
252int fscrypt_decrypt_pagecache_blocks(struct page *page, unsigned int len,
253 unsigned int offs);
254int fscrypt_decrypt_block_inplace(const struct inode *inode, struct page *page,
255 unsigned int len, unsigned int offs,
256 u64 lblk_num);
257
258static inline bool fscrypt_is_bounce_page(struct page *page)
259{
260 return page->mapping == NULL;
261}
262
263static inline struct page *fscrypt_pagecache_page(struct page *bounce_page)
264{
265 return (struct page *)page_private(bounce_page);
266}
267
268void fscrypt_free_bounce_page(struct page *bounce_page);
269
270
271int fscrypt_ioctl_set_policy(struct file *filp, const void __user *arg);
272int fscrypt_ioctl_get_policy(struct file *filp, void __user *arg);
273int fscrypt_ioctl_get_policy_ex(struct file *filp, void __user *arg);
274int fscrypt_ioctl_get_nonce(struct file *filp, void __user *arg);
275int fscrypt_has_permitted_context(struct inode *parent, struct inode *child);
276int fscrypt_set_context(struct inode *inode, void *fs_data);
277
278struct fscrypt_dummy_policy {
279 const union fscrypt_policy *policy;
280};
281
282int fscrypt_set_test_dummy_encryption(struct super_block *sb, const char *arg,
283 struct fscrypt_dummy_policy *dummy_policy);
284void fscrypt_show_test_dummy_encryption(struct seq_file *seq, char sep,
285 struct super_block *sb);
286static inline void
287fscrypt_free_dummy_policy(struct fscrypt_dummy_policy *dummy_policy)
288{
289 kfree(dummy_policy->policy);
290 dummy_policy->policy = NULL;
291}
292
293
294void fscrypt_sb_free(struct super_block *sb);
295int fscrypt_ioctl_add_key(struct file *filp, void __user *arg);
296int fscrypt_ioctl_remove_key(struct file *filp, void __user *arg);
297int fscrypt_ioctl_remove_key_all_users(struct file *filp, void __user *arg);
298int fscrypt_ioctl_get_key_status(struct file *filp, void __user *arg);
299
300
301int fscrypt_prepare_new_inode(struct inode *dir, struct inode *inode,
302 bool *encrypt_ret);
303void fscrypt_put_encryption_info(struct inode *inode);
304void fscrypt_free_inode(struct inode *inode);
305int fscrypt_drop_inode(struct inode *inode);
306
307
308int fscrypt_setup_filename(struct inode *inode, const struct qstr *iname,
309 int lookup, struct fscrypt_name *fname);
310
311static inline void fscrypt_free_filename(struct fscrypt_name *fname)
312{
313 kfree(fname->crypto_buf.name);
314}
315
316int fscrypt_fname_alloc_buffer(u32 max_encrypted_len,
317 struct fscrypt_str *crypto_str);
318void fscrypt_fname_free_buffer(struct fscrypt_str *crypto_str);
319int fscrypt_fname_disk_to_usr(const struct inode *inode,
320 u32 hash, u32 minor_hash,
321 const struct fscrypt_str *iname,
322 struct fscrypt_str *oname);
323bool fscrypt_match_name(const struct fscrypt_name *fname,
324 const u8 *de_name, u32 de_name_len);
325u64 fscrypt_fname_siphash(const struct inode *dir, const struct qstr *name);
326int fscrypt_d_revalidate(struct dentry *dentry, unsigned int flags);
327
328
329void fscrypt_decrypt_bio(struct bio *bio);
330int fscrypt_zeroout_range(const struct inode *inode, pgoff_t lblk,
331 sector_t pblk, unsigned int len);
332
333
334int fscrypt_file_open(struct inode *inode, struct file *filp);
335int __fscrypt_prepare_link(struct inode *inode, struct inode *dir,
336 struct dentry *dentry);
337int __fscrypt_prepare_rename(struct inode *old_dir, struct dentry *old_dentry,
338 struct inode *new_dir, struct dentry *new_dentry,
339 unsigned int flags);
340int __fscrypt_prepare_lookup(struct inode *dir, struct dentry *dentry,
341 struct fscrypt_name *fname);
342int __fscrypt_prepare_readdir(struct inode *dir);
343int __fscrypt_prepare_setattr(struct dentry *dentry, struct iattr *attr);
344int fscrypt_prepare_setflags(struct inode *inode,
345 unsigned int oldflags, unsigned int flags);
346int fscrypt_prepare_symlink(struct inode *dir, const char *target,
347 unsigned int len, unsigned int max_len,
348 struct fscrypt_str *disk_link);
349int __fscrypt_encrypt_symlink(struct inode *inode, const char *target,
350 unsigned int len, struct fscrypt_str *disk_link);
351const char *fscrypt_get_symlink(struct inode *inode, const void *caddr,
352 unsigned int max_size,
353 struct delayed_call *done);
354int fscrypt_symlink_getattr(const struct path *path, struct kstat *stat);
355static inline void fscrypt_set_ops(struct super_block *sb,
356 const struct fscrypt_operations *s_cop)
357{
358 sb->s_cop = s_cop;
359}
360#else
361
362static inline struct fscrypt_info *fscrypt_get_info(const struct inode *inode)
363{
364 return NULL;
365}
366
367static inline bool fscrypt_needs_contents_encryption(const struct inode *inode)
368{
369 return false;
370}
371
372static inline void fscrypt_handle_d_move(struct dentry *dentry)
373{
374}
375
376static inline bool fscrypt_is_nokey_name(const struct dentry *dentry)
377{
378 return false;
379}
380
381
382static inline void fscrypt_enqueue_decrypt_work(struct work_struct *work)
383{
384}
385
386static inline struct page *fscrypt_encrypt_pagecache_blocks(struct page *page,
387 unsigned int len,
388 unsigned int offs,
389 gfp_t gfp_flags)
390{
391 return ERR_PTR(-EOPNOTSUPP);
392}
393
394static inline int fscrypt_encrypt_block_inplace(const struct inode *inode,
395 struct page *page,
396 unsigned int len,
397 unsigned int offs, u64 lblk_num,
398 gfp_t gfp_flags)
399{
400 return -EOPNOTSUPP;
401}
402
403static inline int fscrypt_decrypt_pagecache_blocks(struct page *page,
404 unsigned int len,
405 unsigned int offs)
406{
407 return -EOPNOTSUPP;
408}
409
410static inline int fscrypt_decrypt_block_inplace(const struct inode *inode,
411 struct page *page,
412 unsigned int len,
413 unsigned int offs, u64 lblk_num)
414{
415 return -EOPNOTSUPP;
416}
417
418static inline bool fscrypt_is_bounce_page(struct page *page)
419{
420 return false;
421}
422
423static inline struct page *fscrypt_pagecache_page(struct page *bounce_page)
424{
425 WARN_ON_ONCE(1);
426 return ERR_PTR(-EINVAL);
427}
428
429static inline void fscrypt_free_bounce_page(struct page *bounce_page)
430{
431}
432
433
434static inline int fscrypt_ioctl_set_policy(struct file *filp,
435 const void __user *arg)
436{
437 return -EOPNOTSUPP;
438}
439
440static inline int fscrypt_ioctl_get_policy(struct file *filp, void __user *arg)
441{
442 return -EOPNOTSUPP;
443}
444
445static inline int fscrypt_ioctl_get_policy_ex(struct file *filp,
446 void __user *arg)
447{
448 return -EOPNOTSUPP;
449}
450
451static inline int fscrypt_ioctl_get_nonce(struct file *filp, void __user *arg)
452{
453 return -EOPNOTSUPP;
454}
455
456static inline int fscrypt_has_permitted_context(struct inode *parent,
457 struct inode *child)
458{
459 return 0;
460}
461
462static inline int fscrypt_set_context(struct inode *inode, void *fs_data)
463{
464 return -EOPNOTSUPP;
465}
466
467struct fscrypt_dummy_policy {
468};
469
470static inline void fscrypt_show_test_dummy_encryption(struct seq_file *seq,
471 char sep,
472 struct super_block *sb)
473{
474}
475
476static inline void
477fscrypt_free_dummy_policy(struct fscrypt_dummy_policy *dummy_policy)
478{
479}
480
481
482static inline void fscrypt_sb_free(struct super_block *sb)
483{
484}
485
486static inline int fscrypt_ioctl_add_key(struct file *filp, void __user *arg)
487{
488 return -EOPNOTSUPP;
489}
490
491static inline int fscrypt_ioctl_remove_key(struct file *filp, void __user *arg)
492{
493 return -EOPNOTSUPP;
494}
495
496static inline int fscrypt_ioctl_remove_key_all_users(struct file *filp,
497 void __user *arg)
498{
499 return -EOPNOTSUPP;
500}
501
502static inline int fscrypt_ioctl_get_key_status(struct file *filp,
503 void __user *arg)
504{
505 return -EOPNOTSUPP;
506}
507
508
509
510static inline int fscrypt_prepare_new_inode(struct inode *dir,
511 struct inode *inode,
512 bool *encrypt_ret)
513{
514 if (IS_ENCRYPTED(dir))
515 return -EOPNOTSUPP;
516 return 0;
517}
518
519static inline void fscrypt_put_encryption_info(struct inode *inode)
520{
521 return;
522}
523
524static inline void fscrypt_free_inode(struct inode *inode)
525{
526}
527
528static inline int fscrypt_drop_inode(struct inode *inode)
529{
530 return 0;
531}
532
533
534static inline int fscrypt_setup_filename(struct inode *dir,
535 const struct qstr *iname,
536 int lookup, struct fscrypt_name *fname)
537{
538 if (IS_ENCRYPTED(dir))
539 return -EOPNOTSUPP;
540
541 memset(fname, 0, sizeof(*fname));
542 fname->usr_fname = iname;
543 fname->disk_name.name = (unsigned char *)iname->name;
544 fname->disk_name.len = iname->len;
545 return 0;
546}
547
548static inline void fscrypt_free_filename(struct fscrypt_name *fname)
549{
550 return;
551}
552
553static inline int fscrypt_fname_alloc_buffer(u32 max_encrypted_len,
554 struct fscrypt_str *crypto_str)
555{
556 return -EOPNOTSUPP;
557}
558
559static inline void fscrypt_fname_free_buffer(struct fscrypt_str *crypto_str)
560{
561 return;
562}
563
564static inline int fscrypt_fname_disk_to_usr(const struct inode *inode,
565 u32 hash, u32 minor_hash,
566 const struct fscrypt_str *iname,
567 struct fscrypt_str *oname)
568{
569 return -EOPNOTSUPP;
570}
571
572static inline bool fscrypt_match_name(const struct fscrypt_name *fname,
573 const u8 *de_name, u32 de_name_len)
574{
575
576 if (de_name_len != fname->disk_name.len)
577 return false;
578 return !memcmp(de_name, fname->disk_name.name, fname->disk_name.len);
579}
580
581static inline u64 fscrypt_fname_siphash(const struct inode *dir,
582 const struct qstr *name)
583{
584 WARN_ON_ONCE(1);
585 return 0;
586}
587
588static inline int fscrypt_d_revalidate(struct dentry *dentry,
589 unsigned int flags)
590{
591 return 1;
592}
593
594
595static inline void fscrypt_decrypt_bio(struct bio *bio)
596{
597}
598
599static inline int fscrypt_zeroout_range(const struct inode *inode, pgoff_t lblk,
600 sector_t pblk, unsigned int len)
601{
602 return -EOPNOTSUPP;
603}
604
605
606
607static inline int fscrypt_file_open(struct inode *inode, struct file *filp)
608{
609 if (IS_ENCRYPTED(inode))
610 return -EOPNOTSUPP;
611 return 0;
612}
613
614static inline int __fscrypt_prepare_link(struct inode *inode, struct inode *dir,
615 struct dentry *dentry)
616{
617 return -EOPNOTSUPP;
618}
619
620static inline int __fscrypt_prepare_rename(struct inode *old_dir,
621 struct dentry *old_dentry,
622 struct inode *new_dir,
623 struct dentry *new_dentry,
624 unsigned int flags)
625{
626 return -EOPNOTSUPP;
627}
628
629static inline int __fscrypt_prepare_lookup(struct inode *dir,
630 struct dentry *dentry,
631 struct fscrypt_name *fname)
632{
633 return -EOPNOTSUPP;
634}
635
636static inline int __fscrypt_prepare_readdir(struct inode *dir)
637{
638 return -EOPNOTSUPP;
639}
640
641static inline int __fscrypt_prepare_setattr(struct dentry *dentry,
642 struct iattr *attr)
643{
644 return -EOPNOTSUPP;
645}
646
647static inline int fscrypt_prepare_setflags(struct inode *inode,
648 unsigned int oldflags,
649 unsigned int flags)
650{
651 return 0;
652}
653
654static inline int fscrypt_prepare_symlink(struct inode *dir,
655 const char *target,
656 unsigned int len,
657 unsigned int max_len,
658 struct fscrypt_str *disk_link)
659{
660 if (IS_ENCRYPTED(dir))
661 return -EOPNOTSUPP;
662 disk_link->name = (unsigned char *)target;
663 disk_link->len = len + 1;
664 if (disk_link->len > max_len)
665 return -ENAMETOOLONG;
666 return 0;
667}
668
669static inline int __fscrypt_encrypt_symlink(struct inode *inode,
670 const char *target,
671 unsigned int len,
672 struct fscrypt_str *disk_link)
673{
674 return -EOPNOTSUPP;
675}
676
677static inline const char *fscrypt_get_symlink(struct inode *inode,
678 const void *caddr,
679 unsigned int max_size,
680 struct delayed_call *done)
681{
682 return ERR_PTR(-EOPNOTSUPP);
683}
684
685static inline int fscrypt_symlink_getattr(const struct path *path,
686 struct kstat *stat)
687{
688 return -EOPNOTSUPP;
689}
690
691static inline void fscrypt_set_ops(struct super_block *sb,
692 const struct fscrypt_operations *s_cop)
693{
694}
695
696#endif
697
698
699#ifdef CONFIG_FS_ENCRYPTION_INLINE_CRYPT
700
701bool __fscrypt_inode_uses_inline_crypto(const struct inode *inode);
702
703void fscrypt_set_bio_crypt_ctx(struct bio *bio,
704 const struct inode *inode, u64 first_lblk,
705 gfp_t gfp_mask);
706
707void fscrypt_set_bio_crypt_ctx_bh(struct bio *bio,
708 const struct buffer_head *first_bh,
709 gfp_t gfp_mask);
710
711bool fscrypt_mergeable_bio(struct bio *bio, const struct inode *inode,
712 u64 next_lblk);
713
714bool fscrypt_mergeable_bio_bh(struct bio *bio,
715 const struct buffer_head *next_bh);
716
717bool fscrypt_dio_supported(struct kiocb *iocb, struct iov_iter *iter);
718
719u64 fscrypt_limit_io_blocks(const struct inode *inode, u64 lblk, u64 nr_blocks);
720
721#else
722
723static inline bool __fscrypt_inode_uses_inline_crypto(const struct inode *inode)
724{
725 return false;
726}
727
728static inline void fscrypt_set_bio_crypt_ctx(struct bio *bio,
729 const struct inode *inode,
730 u64 first_lblk, gfp_t gfp_mask) { }
731
732static inline void fscrypt_set_bio_crypt_ctx_bh(
733 struct bio *bio,
734 const struct buffer_head *first_bh,
735 gfp_t gfp_mask) { }
736
737static inline bool fscrypt_mergeable_bio(struct bio *bio,
738 const struct inode *inode,
739 u64 next_lblk)
740{
741 return true;
742}
743
744static inline bool fscrypt_mergeable_bio_bh(struct bio *bio,
745 const struct buffer_head *next_bh)
746{
747 return true;
748}
749
750static inline bool fscrypt_dio_supported(struct kiocb *iocb,
751 struct iov_iter *iter)
752{
753 const struct inode *inode = file_inode(iocb->ki_filp);
754
755 return !fscrypt_needs_contents_encryption(inode);
756}
757
758static inline u64 fscrypt_limit_io_blocks(const struct inode *inode, u64 lblk,
759 u64 nr_blocks)
760{
761 return nr_blocks;
762}
763#endif
764
765
766
767
768
769
770
771
772
773
774static inline bool fscrypt_inode_uses_inline_crypto(const struct inode *inode)
775{
776 return fscrypt_needs_contents_encryption(inode) &&
777 __fscrypt_inode_uses_inline_crypto(inode);
778}
779
780
781
782
783
784
785
786
787
788
789static inline bool fscrypt_inode_uses_fs_layer_crypto(const struct inode *inode)
790{
791 return fscrypt_needs_contents_encryption(inode) &&
792 !__fscrypt_inode_uses_inline_crypto(inode);
793}
794
795
796
797
798
799
800
801
802
803
804static inline bool fscrypt_has_encryption_key(const struct inode *inode)
805{
806 return fscrypt_get_info(inode) != NULL;
807}
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827static inline int fscrypt_prepare_link(struct dentry *old_dentry,
828 struct inode *dir,
829 struct dentry *dentry)
830{
831 if (IS_ENCRYPTED(dir))
832 return __fscrypt_prepare_link(d_inode(old_dentry), dir, dentry);
833 return 0;
834}
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858static inline int fscrypt_prepare_rename(struct inode *old_dir,
859 struct dentry *old_dentry,
860 struct inode *new_dir,
861 struct dentry *new_dentry,
862 unsigned int flags)
863{
864 if (IS_ENCRYPTED(old_dir) || IS_ENCRYPTED(new_dir))
865 return __fscrypt_prepare_rename(old_dir, old_dentry,
866 new_dir, new_dentry, flags);
867 return 0;
868}
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893static inline int fscrypt_prepare_lookup(struct inode *dir,
894 struct dentry *dentry,
895 struct fscrypt_name *fname)
896{
897 if (IS_ENCRYPTED(dir))
898 return __fscrypt_prepare_lookup(dir, dentry, fname);
899
900 memset(fname, 0, sizeof(*fname));
901 fname->usr_fname = &dentry->d_name;
902 fname->disk_name.name = (unsigned char *)dentry->d_name.name;
903 fname->disk_name.len = dentry->d_name.len;
904 return 0;
905}
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920static inline int fscrypt_prepare_readdir(struct inode *dir)
921{
922 if (IS_ENCRYPTED(dir))
923 return __fscrypt_prepare_readdir(dir);
924 return 0;
925}
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945static inline int fscrypt_prepare_setattr(struct dentry *dentry,
946 struct iattr *attr)
947{
948 if (IS_ENCRYPTED(d_inode(dentry)))
949 return __fscrypt_prepare_setattr(dentry, attr);
950 return 0;
951}
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968static inline int fscrypt_encrypt_symlink(struct inode *inode,
969 const char *target,
970 unsigned int len,
971 struct fscrypt_str *disk_link)
972{
973 if (IS_ENCRYPTED(inode))
974 return __fscrypt_encrypt_symlink(inode, target, len, disk_link);
975 return 0;
976}
977
978
979static inline void fscrypt_finalize_bounce_page(struct page **pagep)
980{
981 struct page *page = *pagep;
982
983 if (fscrypt_is_bounce_page(page)) {
984 *pagep = fscrypt_pagecache_page(page);
985 fscrypt_free_bounce_page(page);
986 }
987}
988
989#endif
990