LXR linux/fs/ecryptfs/inode.c

   1// SPDX-License-Identifier: GPL-2.0-or-later
   2/**
   3 * eCryptfs: Linux filesystem encryption layer
   4 *
   5 * Copyright (C) 1997-2004 Erez Zadok
   6 * Copyright (C) 2001-2004 Stony Brook University
   7 * Copyright (C) 2004-2007 International Business Machines Corp.
   8 *   Author(s): Michael A. Halcrow <mahalcro@us.ibm.com>
   9 *              Michael C. Thompsion <mcthomps@us.ibm.com>
  10 */
  11
  12#include <linux/file.h>
  13#include <linux/vmalloc.h>
  14#include <linux/pagemap.h>
  15#include <linux/dcache.h>
  16#include <linux/namei.h>
  17#include <linux/mount.h>
  18#include <linux/fs_stack.h>
  19#include <linux/slab.h>
  20#include <linux/xattr.h>
  21#include <asm/unaligned.h>
  22#include "ecryptfs_kernel.h"
  23
  24static struct dentry *lock_parent(struct dentry *dentry)
  25{
  26        struct dentry *dir;
  27
  28        dir = dget_parent(dentry);
  29        inode_lock_nested(d_inode(dir), I_MUTEX_PARENT);
  30        return dir;
  31}
  32
  33static void unlock_dir(struct dentry *dir)
  34{
  35        inode_unlock(d_inode(dir));
  36        dput(dir);
  37}
  38
  39static int ecryptfs_inode_test(struct inode *inode, void *lower_inode)
  40{
  41        return ecryptfs_inode_to_lower(inode) == lower_inode;
  42}
  43
  44static int ecryptfs_inode_set(struct inode *inode, void *opaque)
  45{
  46        struct inode *lower_inode = opaque;
  47
  48        ecryptfs_set_inode_lower(inode, lower_inode);
  49        fsstack_copy_attr_all(inode, lower_inode);
  50        /* i_size will be overwritten for encrypted regular files */
  51        fsstack_copy_inode_size(inode, lower_inode);
  52        inode->i_ino = lower_inode->i_ino;
  53        inode->i_mapping->a_ops = &ecryptfs_aops;
  54
  55        if (S_ISLNK(inode->i_mode))
  56                inode->i_op = &ecryptfs_symlink_iops;
  57        else if (S_ISDIR(inode->i_mode))
  58                inode->i_op = &ecryptfs_dir_iops;
  59        else
  60                inode->i_op = &ecryptfs_main_iops;
  61
  62        if (S_ISDIR(inode->i_mode))
  63                inode->i_fop = &ecryptfs_dir_fops;
  64        else if (special_file(inode->i_mode))
  65                init_special_inode(inode, inode->i_mode, inode->i_rdev);
  66        else
  67                inode->i_fop = &ecryptfs_main_fops;
  68
  69        return 0;
  70}
  71
  72static struct inode *__ecryptfs_get_inode(struct inode *lower_inode,
  73                                          struct super_block *sb)
  74{
  75        struct inode *inode;
  76
  77        if (lower_inode->i_sb != ecryptfs_superblock_to_lower(sb))
  78                return ERR_PTR(-EXDEV);
  79        if (!igrab(lower_inode))
  80                return ERR_PTR(-ESTALE);
  81        inode = iget5_locked(sb, (unsigned long)lower_inode,
  82                             ecryptfs_inode_test, ecryptfs_inode_set,
  83                             lower_inode);
  84        if (!inode) {
  85                iput(lower_inode);
  86                return ERR_PTR(-EACCES);
  87        }
  88        if (!(inode->i_state & I_NEW))
  89                iput(lower_inode);
  90
  91        return inode;
  92}
  93
  94struct inode *ecryptfs_get_inode(struct inode *lower_inode,
  95                                 struct super_block *sb)
  96{
  97        struct inode *inode = __ecryptfs_get_inode(lower_inode, sb);
  98
  99        if (!IS_ERR(inode) && (inode->i_state & I_NEW))
 100                unlock_new_inode(inode);
 101
 102        return inode;
 103}
 104
 105/**
 106 * ecryptfs_interpose
 107 * @lower_dentry: Existing dentry in the lower filesystem
 108 * @dentry: ecryptfs' dentry
 109 * @sb: ecryptfs's super_block
 110 *
 111 * Interposes upper and lower dentries.
 112 *
 113 * Returns zero on success; non-zero otherwise
 114 */
 115static int ecryptfs_interpose(struct dentry *lower_dentry,
 116                              struct dentry *dentry, struct super_block *sb)
 117{
 118        struct inode *inode = ecryptfs_get_inode(d_inode(lower_dentry), sb);
 119
 120        if (IS_ERR(inode))
 121                return PTR_ERR(inode);
 122        d_instantiate(dentry, inode);
 123
 124        return 0;
 125}
 126
 127static int ecryptfs_do_unlink(struct inode *dir, struct dentry *dentry,
 128                              struct inode *inode)
 129{
 130        struct dentry *lower_dentry = ecryptfs_dentry_to_lower(dentry);
 131        struct inode *lower_dir_inode = ecryptfs_inode_to_lower(dir);
 132        struct dentry *lower_dir_dentry;
 133        int rc;
 134
 135        dget(lower_dentry);
 136        lower_dir_dentry = lock_parent(lower_dentry);
 137        rc = vfs_unlink(lower_dir_inode, lower_dentry, NULL);
 138        if (rc) {
 139                printk(KERN_ERR "Error in vfs_unlink; rc = [%d]\n", rc);
 140                goto out_unlock;
 141        }
 142        fsstack_copy_attr_times(dir, lower_dir_inode);
 143        set_nlink(inode, ecryptfs_inode_to_lower(inode)->i_nlink);
 144        inode->i_ctime = dir->i_ctime;
 145        d_drop(dentry);
 146out_unlock:
 147        unlock_dir(lower_dir_dentry);
 148        dput(lower_dentry);
 149        return rc;
 150}
 151
 152/**
 153 * ecryptfs_do_create
 154 * @directory_inode: inode of the new file's dentry's parent in ecryptfs
 155 * @ecryptfs_dentry: New file's dentry in ecryptfs
 156 * @mode: The mode of the new file
 157 *
 158 * Creates the underlying file and the eCryptfs inode which will link to
 159 * it. It will also update the eCryptfs directory inode to mimic the
 160 * stat of the lower directory inode.
 161 *
 162 * Returns the new eCryptfs inode on success; an ERR_PTR on error condition
 163 */
 164static struct inode *
 165ecryptfs_do_create(struct inode *directory_inode,
 166                   struct dentry *ecryptfs_dentry, umode_t mode)
 167{
 168        int rc;
 169        struct dentry *lower_dentry;
 170        struct dentry *lower_dir_dentry;
 171        struct inode *inode;
 172
 173        lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry);
 174        lower_dir_dentry = lock_parent(lower_dentry);
 175        rc = vfs_create(d_inode(lower_dir_dentry), lower_dentry, mode, true);
 176        if (rc) {
 177                printk(KERN_ERR "%s: Failure to create dentry in lower fs; "
 178                       "rc = [%d]\n", __func__, rc);
 179                inode = ERR_PTR(rc);
 180                goto out_lock;
 181        }
 182        inode = __ecryptfs_get_inode(d_inode(lower_dentry),
 183                                     directory_inode->i_sb);
 184        if (IS_ERR(inode)) {
 185                vfs_unlink(d_inode(lower_dir_dentry), lower_dentry, NULL);
 186                goto out_lock;
 187        }
 188        fsstack_copy_attr_times(directory_inode, d_inode(lower_dir_dentry));
 189        fsstack_copy_inode_size(directory_inode, d_inode(lower_dir_dentry));
 190out_lock:
 191        unlock_dir(lower_dir_dentry);
 192        return inode;
 193}
 194
 195/**
 196 * ecryptfs_initialize_file
 197 *
 198 * Cause the file to be changed from a basic empty file to an ecryptfs
 199 * file with a header and first data page.
 200 *
 201 * Returns zero on success
 202 */
 203int ecryptfs_initialize_file(struct dentry *ecryptfs_dentry,
 204                             struct inode *ecryptfs_inode)
 205{
 206        struct ecryptfs_crypt_stat *crypt_stat =
 207                &ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat;
 208        int rc = 0;
 209
 210        if (S_ISDIR(ecryptfs_inode->i_mode)) {
 211                ecryptfs_printk(KERN_DEBUG, "This is a directory\n");
 212                crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
 213                goto out;
 214        }
 215        ecryptfs_printk(KERN_DEBUG, "Initializing crypto context\n");
 216        rc = ecryptfs_new_file_context(ecryptfs_inode);
 217        if (rc) {
 218                ecryptfs_printk(KERN_ERR, "Error creating new file "
 219                                "context; rc = [%d]\n", rc);
 220                goto out;
 221        }
 222        rc = ecryptfs_get_lower_file(ecryptfs_dentry, ecryptfs_inode);
 223        if (rc) {
 224                printk(KERN_ERR "%s: Error attempting to initialize "
 225                        "the lower file for the dentry with name "
 226                        "[%pd]; rc = [%d]\n", __func__,
 227                        ecryptfs_dentry, rc);
 228                goto out;
 229        }
 230        rc = ecryptfs_write_metadata(ecryptfs_dentry, ecryptfs_inode);
 231        if (rc)
 232                printk(KERN_ERR "Error writing headers; rc = [%d]\n", rc);
 233        ecryptfs_put_lower_file(ecryptfs_inode);
 234out:
 235        return rc;
 236}
 237
 238/**
 239 * ecryptfs_create
 240 * @dir: The inode of the directory in which to create the file.
 241 * @dentry: The eCryptfs dentry
 242 * @mode: The mode of the new file.
 243 *
 244 * Creates a new file.
 245 *
 246 * Returns zero on success; non-zero on error condition
 247 */
 248static int
 249ecryptfs_create(struct inode *directory_inode, struct dentry *ecryptfs_dentry,
 250                umode_t mode, bool excl)
 251{
 252        struct inode *ecryptfs_inode;
 253        int rc;
 254
 255        ecryptfs_inode = ecryptfs_do_create(directory_inode, ecryptfs_dentry,
 256                                            mode);
 257        if (IS_ERR(ecryptfs_inode)) {
 258                ecryptfs_printk(KERN_WARNING, "Failed to create file in"
 259                                "lower filesystem\n");
 260                rc = PTR_ERR(ecryptfs_inode);
 261                goto out;
 262        }
 263        /* At this point, a file exists on "disk"; we need to make sure
 264         * that this on disk file is prepared to be an ecryptfs file */
 265        rc = ecryptfs_initialize_file(ecryptfs_dentry, ecryptfs_inode);
 266        if (rc) {
 267                ecryptfs_do_unlink(directory_inode, ecryptfs_dentry,
 268                                   ecryptfs_inode);
 269                iget_failed(ecryptfs_inode);
 270                goto out;
 271        }
 272        d_instantiate_new(ecryptfs_dentry, ecryptfs_inode);
 273out:
 274        return rc;
 275}
 276
 277static int ecryptfs_i_size_read(struct dentry *dentry, struct inode *inode)
 278{
 279        struct ecryptfs_crypt_stat *crypt_stat;
 280        int rc;
 281
 282        rc = ecryptfs_get_lower_file(dentry, inode);
 283        if (rc) {
 284                printk(KERN_ERR "%s: Error attempting to initialize "
 285                        "the lower file for the dentry with name "
 286                        "[%pd]; rc = [%d]\n", __func__,
 287                        dentry, rc);
 288                return rc;
 289        }
 290
 291        crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat;
 292        /* TODO: lock for crypt_stat comparison */
 293        if (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED))
 294                ecryptfs_set_default_sizes(crypt_stat);
 295
 296        rc = ecryptfs_read_and_validate_header_region(inode);
 297        ecryptfs_put_lower_file(inode);
 298        if (rc) {
 299                rc = ecryptfs_read_and_validate_xattr_region(dentry, inode);
 300                if (!rc)
 301                        crypt_stat->flags |= ECRYPTFS_METADATA_IN_XATTR;
 302        }
 303
 304        /* Must return 0 to allow non-eCryptfs files to be looked up, too */
 305        return 0;
 306}
 307
 308/**
 309 * ecryptfs_lookup_interpose - Dentry interposition for a lookup
 310 */
 311static struct dentry *ecryptfs_lookup_interpose(struct dentry *dentry,
 312                                     struct dentry *lower_dentry)
 313{
 314        struct inode *inode, *lower_inode = d_inode(lower_dentry);
 315        struct ecryptfs_dentry_info *dentry_info;
 316        struct vfsmount *lower_mnt;
 317        int rc = 0;
 318
 319        dentry_info = kmem_cache_alloc(ecryptfs_dentry_info_cache, GFP_KERNEL);
 320        if (!dentry_info) {
 321                dput(lower_dentry);
 322                return ERR_PTR(-ENOMEM);
 323        }
 324
 325        lower_mnt = mntget(ecryptfs_dentry_to_lower_mnt(dentry->d_parent));
 326        fsstack_copy_attr_atime(d_inode(dentry->d_parent),
 327                                d_inode(lower_dentry->d_parent));
 328        BUG_ON(!d_count(lower_dentry));
 329
 330        ecryptfs_set_dentry_private(dentry, dentry_info);
 331        dentry_info->lower_path.mnt = lower_mnt;
 332        dentry_info->lower_path.dentry = lower_dentry;
 333
 334        if (d_really_is_negative(lower_dentry)) {
 335                /* We want to add because we couldn't find in lower */
 336                d_add(dentry, NULL);
 337                return NULL;
 338        }
 339        inode = __ecryptfs_get_inode(lower_inode, dentry->d_sb);
 340        if (IS_ERR(inode)) {
 341                printk(KERN_ERR "%s: Error interposing; rc = [%ld]\n",
 342                       __func__, PTR_ERR(inode));
 343                return ERR_CAST(inode);
 344        }
 345        if (S_ISREG(inode->i_mode)) {
 346                rc = ecryptfs_i_size_read(dentry, inode);
 347                if (rc) {
 348                        make_bad_inode(inode);
 349                        return ERR_PTR(rc);
 350                }
 351        }
 352
 353        if (inode->i_state & I_NEW)
 354                unlock_new_inode(inode);
 355        return d_splice_alias(inode, dentry);
 356}
 357
 358/**
 359 * ecryptfs_lookup
 360 * @ecryptfs_dir_inode: The eCryptfs directory inode
 361 * @ecryptfs_dentry: The eCryptfs dentry that we are looking up
 362 * @flags: lookup flags
 363 *
 364 * Find a file on disk. If the file does not exist, then we'll add it to the
 365 * dentry cache and continue on to read it from the disk.
 366 */
 367static struct dentry *ecryptfs_lookup(struct inode *ecryptfs_dir_inode,
 368                                      struct dentry *ecryptfs_dentry,
 369                                      unsigned int flags)
 370{
 371        char *encrypted_and_encoded_name = NULL;
 372        struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
 373        struct dentry *lower_dir_dentry, *lower_dentry;
 374        const char *name = ecryptfs_dentry->d_name.name;
 375        size_t len = ecryptfs_dentry->d_name.len;
 376        struct dentry *res;
 377        int rc = 0;
 378
 379        lower_dir_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry->d_parent);
 380
 381        mount_crypt_stat = &ecryptfs_superblock_to_private(
 382                                ecryptfs_dentry->d_sb)->mount_crypt_stat;
 383        if (mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES) {
 384                rc = ecryptfs_encrypt_and_encode_filename(
 385                        &encrypted_and_encoded_name, &len,
 386                        mount_crypt_stat, name, len);
 387                if (rc) {
 388                        printk(KERN_ERR "%s: Error attempting to encrypt and encode "
 389                               "filename; rc = [%d]\n", __func__, rc);
 390                        return ERR_PTR(rc);
 391                }
 392                name = encrypted_and_encoded_name;
 393        }
 394
 395        lower_dentry = lookup_one_len_unlocked(name, lower_dir_dentry, len);
 396        if (IS_ERR(lower_dentry)) {
 397                ecryptfs_printk(KERN_DEBUG, "%s: lookup_one_len() returned "
 398                                "[%ld] on lower_dentry = [%s]\n", __func__,
 399                                PTR_ERR(lower_dentry),
 400                                name);
 401                res = ERR_CAST(lower_dentry);
 402        } else {
 403                res = ecryptfs_lookup_interpose(ecryptfs_dentry, lower_dentry);
 404        }
 405        kfree(encrypted_and_encoded_name);
 406        return res;
 407}
 408
 409static int ecryptfs_link(struct dentry *old_dentry, struct inode *dir,
 410                         struct dentry *new_dentry)
 411{
 412        struct dentry *lower_old_dentry;
 413        struct dentry *lower_new_dentry;
 414        struct dentry *lower_dir_dentry;
 415        u64 file_size_save;
 416        int rc;
 417
 418        file_size_save = i_size_read(d_inode(old_dentry));
 419        lower_old_dentry = ecryptfs_dentry_to_lower(old_dentry);
 420        lower_new_dentry = ecryptfs_dentry_to_lower(new_dentry);
 421        dget(lower_old_dentry);
 422        dget(lower_new_dentry);
 423        lower_dir_dentry = lock_parent(lower_new_dentry);
 424        rc = vfs_link(lower_old_dentry, d_inode(lower_dir_dentry),
 425                      lower_new_dentry, NULL);
 426        if (rc || d_really_is_negative(lower_new_dentry))
 427                goto out_lock;
 428        rc = ecryptfs_interpose(lower_new_dentry, new_dentry, dir->i_sb);
 429        if (rc)
 430                goto out_lock;
 431        fsstack_copy_attr_times(dir, d_inode(lower_dir_dentry));
 432        fsstack_copy_inode_size(dir, d_inode(lower_dir_dentry));
 433        set_nlink(d_inode(old_dentry),
 434                  ecryptfs_inode_to_lower(d_inode(old_dentry))->i_nlink);
 435        i_size_write(d_inode(new_dentry), file_size_save);
 436out_lock:
 437        unlock_dir(lower_dir_dentry);
 438        dput(lower_new_dentry);
 439        dput(lower_old_dentry);
 440        return rc;
 441}
 442
 443static int ecryptfs_unlink(struct inode *dir, struct dentry *dentry)
 444{
 445        return ecryptfs_do_unlink(dir, dentry, d_inode(dentry));
 446}
 447
 448static int ecryptfs_symlink(struct inode *dir, struct dentry *dentry,
 449                            const char *symname)
 450{
 451        int rc;
 452        struct dentry *lower_dentry;
 453        struct dentry *lower_dir_dentry;
 454        char *encoded_symname;
 455        size_t encoded_symlen;
 456        struct ecryptfs_mount_crypt_stat *mount_crypt_stat = NULL;
 457
 458        lower_dentry = ecryptfs_dentry_to_lower(dentry);
 459        dget(lower_dentry);
 460        lower_dir_dentry = lock_parent(lower_dentry);
 461        mount_crypt_stat = &ecryptfs_superblock_to_private(
 462                dir->i_sb)->mount_crypt_stat;
 463        rc = ecryptfs_encrypt_and_encode_filename(&encoded_symname,
 464                                                  &encoded_symlen,
 465                                                  mount_crypt_stat, symname,
 466                                                  strlen(symname));
 467        if (rc)
 468                goto out_lock;
 469        rc = vfs_symlink(d_inode(lower_dir_dentry), lower_dentry,
 470                         encoded_symname);
 471        kfree(encoded_symname);
 472        if (rc || d_really_is_negative(lower_dentry))
 473                goto out_lock;
 474        rc = ecryptfs_interpose(lower_dentry, dentry, dir->i_sb);
 475        if (rc)
 476                goto out_lock;
 477        fsstack_copy_attr_times(dir, d_inode(lower_dir_dentry));
 478        fsstack_copy_inode_size(dir, d_inode(lower_dir_dentry));
 479out_lock:
 480        unlock_dir(lower_dir_dentry);
 481        dput(lower_dentry);
 482        if (d_really_is_negative(dentry))
 483                d_drop(dentry);
 484        return rc;
 485}
 486
 487static int ecryptfs_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
 488{
 489        int rc;
 490        struct dentry *lower_dentry;
 491        struct dentry *lower_dir_dentry;
 492
 493        lower_dentry = ecryptfs_dentry_to_lower(dentry);
 494        lower_dir_dentry = lock_parent(lower_dentry);
 495        rc = vfs_mkdir(d_inode(lower_dir_dentry), lower_dentry, mode);
 496        if (rc || d_really_is_negative(lower_dentry))
 497                goto out;
 498        rc = ecryptfs_interpose(lower_dentry, dentry, dir->i_sb);
 499        if (rc)
 500                goto out;
 501        fsstack_copy_attr_times(dir, d_inode(lower_dir_dentry));
 502        fsstack_copy_inode_size(dir, d_inode(lower_dir_dentry));
 503        set_nlink(dir, d_inode(lower_dir_dentry)->i_nlink);
 504out:
 505        unlock_dir(lower_dir_dentry);
 506        if (d_really_is_negative(dentry))
 507                d_drop(dentry);
 508        return rc;
 509}
 510
 511static int ecryptfs_rmdir(struct inode *dir, struct dentry *dentry)
 512{
 513        struct dentry *lower_dentry;
 514        struct dentry *lower_dir_dentry;
 515        int rc;
 516
 517        lower_dentry = ecryptfs_dentry_to_lower(dentry);
 518        dget(dentry);
 519        lower_dir_dentry = lock_parent(lower_dentry);
 520        dget(lower_dentry);
 521        rc = vfs_rmdir(d_inode(lower_dir_dentry), lower_dentry);
 522        dput(lower_dentry);
 523        if (!rc && d_really_is_positive(dentry))
 524                clear_nlink(d_inode(dentry));
 525        fsstack_copy_attr_times(dir, d_inode(lower_dir_dentry));
 526        set_nlink(dir, d_inode(lower_dir_dentry)->i_nlink);
 527        unlock_dir(lower_dir_dentry);
 528        if (!rc)
 529                d_drop(dentry);
 530        dput(dentry);
 531        return rc;
 532}
 533
 534static int
 535ecryptfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
 536{
 537        int rc;
 538        struct dentry *lower_dentry;
 539        struct dentry *lower_dir_dentry;
 540
 541        lower_dentry = ecryptfs_dentry_to_lower(dentry);
 542        lower_dir_dentry = lock_parent(lower_dentry);
 543        rc = vfs_mknod(d_inode(lower_dir_dentry), lower_dentry, mode, dev);
 544        if (rc || d_really_is_negative(lower_dentry))
 545                goto out;
 546        rc = ecryptfs_interpose(lower_dentry, dentry, dir->i_sb);
 547        if (rc)
 548                goto out;
 549        fsstack_copy_attr_times(dir, d_inode(lower_dir_dentry));
 550        fsstack_copy_inode_size(dir, d_inode(lower_dir_dentry));
 551out:
 552        unlock_dir(lower_dir_dentry);
 553        if (d_really_is_negative(dentry))
 554                d_drop(dentry);
 555        return rc;
 556}
 557
 558static int
 559ecryptfs_rename(struct inode *old_dir, struct dentry *old_dentry,
 560                struct inode *new_dir, struct dentry *new_dentry,
 561                unsigned int flags)
 562{
 563        int rc;
 564        struct dentry *lower_old_dentry;
 565        struct dentry *lower_new_dentry;
 566        struct dentry *lower_old_dir_dentry;
 567        struct dentry *lower_new_dir_dentry;
 568        struct dentry *trap = NULL;
 569        struct inode *target_inode;
 570
 571        if (flags)
 572                return -EINVAL;
 573
 574        lower_old_dentry = ecryptfs_dentry_to_lower(old_dentry);
 575        lower_new_dentry = ecryptfs_dentry_to_lower(new_dentry);
 576        dget(lower_old_dentry);
 577        dget(lower_new_dentry);
 578        lower_old_dir_dentry = dget_parent(lower_old_dentry);
 579        lower_new_dir_dentry = dget_parent(lower_new_dentry);
 580        target_inode = d_inode(new_dentry);
 581        trap = lock_rename(lower_old_dir_dentry, lower_new_dir_dentry);
 582        rc = -EINVAL;
 583        if (lower_old_dentry->d_parent != lower_old_dir_dentry)
 584                goto out_lock;
 585        if (lower_new_dentry->d_parent != lower_new_dir_dentry)
 586                goto out_lock;
 587        if (d_unhashed(lower_old_dentry) || d_unhashed(lower_new_dentry))
 588                goto out_lock;
 589        /* source should not be ancestor of target */
 590        if (trap == lower_old_dentry)
 591                goto out_lock;
 592        /* target should not be ancestor of source */
 593        if (trap == lower_new_dentry) {
 594                rc = -ENOTEMPTY;
 595                goto out_lock;
 596        }
 597        rc = vfs_rename(d_inode(lower_old_dir_dentry), lower_old_dentry,
 598                        d_inode(lower_new_dir_dentry), lower_new_dentry,
 599                        NULL, 0);
 600        if (rc)
 601                goto out_lock;
 602        if (target_inode)
 603                fsstack_copy_attr_all(target_inode,
 604                                      ecryptfs_inode_to_lower(target_inode));
 605        fsstack_copy_attr_all(new_dir, d_inode(lower_new_dir_dentry));
 606        if (new_dir != old_dir)
 607                fsstack_copy_attr_all(old_dir, d_inode(lower_old_dir_dentry));
 608out_lock:
 609        unlock_rename(lower_old_dir_dentry, lower_new_dir_dentry);
 610        dput(lower_new_dir_dentry);
 611        dput(lower_old_dir_dentry);
 612        dput(lower_new_dentry);
 613        dput(lower_old_dentry);
 614        return rc;
 615}
 616
 617static char *ecryptfs_readlink_lower(struct dentry *dentry, size_t *bufsiz)
 618{
 619        DEFINE_DELAYED_CALL(done);
 620        struct dentry *lower_dentry = ecryptfs_dentry_to_lower(dentry);
 621        const char *link;
 622        char *buf;
 623        int rc;
 624
 625        link = vfs_get_link(lower_dentry, &done);
 626        if (IS_ERR(link))
 627                return ERR_CAST(link);
 628
 629        rc = ecryptfs_decode_and_decrypt_filename(&buf, bufsiz, dentry->d_sb,
 630                                                  link, strlen(link));
 631        do_delayed_call(&done);
 632        if (rc)
 633                return ERR_PTR(rc);
 634
 635        return buf;
 636}
 637
 638static const char *ecryptfs_get_link(struct dentry *dentry,
 639                                     struct inode *inode,
 640                                     struct delayed_call *done)
 641{
 642        size_t len;
 643        char *buf;
 644
 645        if (!dentry)
 646                return ERR_PTR(-ECHILD);
 647
 648        buf = ecryptfs_readlink_lower(dentry, &len);
 649        if (IS_ERR(buf))
 650                return buf;
 651        fsstack_copy_attr_atime(d_inode(dentry),
 652                                d_inode(ecryptfs_dentry_to_lower(dentry)));
 653        buf[len] = '\0';
 654        set_delayed_call(done, kfree_link, buf);
 655        return buf;
 656}
 657
 658/**
 659 * upper_size_to_lower_size
 660 * @crypt_stat: Crypt_stat associated with file
 661 * @upper_size: Size of the upper file
 662 *
 663 * Calculate the required size of the lower file based on the
 664 * specified size of the upper file. This calculation is based on the
 665 * number of headers in the underlying file and the extent size.
 666 *
 667 * Returns Calculated size of the lower file.
 668 */
 669static loff_t
 670upper_size_to_lower_size(struct ecryptfs_crypt_stat *crypt_stat,
 671                         loff_t upper_size)
 672{
 673        loff_t lower_size;
 674
 675        lower_size = ecryptfs_lower_header_size(crypt_stat);
 676        if (upper_size != 0) {
 677                loff_t num_extents;
 678
 679                num_extents = upper_size >> crypt_stat->extent_shift;
 680                if (upper_size & ~crypt_stat->extent_mask)
 681                        num_extents++;
 682                lower_size += (num_extents * crypt_stat->extent_size);
 683        }
 684        return lower_size;
 685}
 686
 687/**
 688 * truncate_upper
 689 * @dentry: The ecryptfs layer dentry
 690 * @ia: Address of the ecryptfs inode's attributes
 691 * @lower_ia: Address of the lower inode's attributes
 692 *
 693 * Function to handle truncations modifying the size of the file. Note
 694 * that the file sizes are interpolated. When expanding, we are simply
 695 * writing strings of 0's out. When truncating, we truncate the upper
 696 * inode and update the lower_ia according to the page index
 697 * interpolations. If ATTR_SIZE is set in lower_ia->ia_valid upon return,
 698 * the caller must use lower_ia in a call to notify_change() to perform
 699 * the truncation of the lower inode.
 700 *
 701 * Returns zero on success; non-zero otherwise
 702 */
 703static int truncate_upper(struct dentry *dentry, struct iattr *ia,
 704                          struct iattr *lower_ia)
 705{
 706        int rc = 0;
 707        struct inode *inode = d_inode(dentry);
 708        struct ecryptfs_crypt_stat *crypt_stat;
 709        loff_t i_size = i_size_read(inode);
 710        loff_t lower_size_before_truncate;
 711        loff_t lower_size_after_truncate;
 712
 713        if (unlikely((ia->ia_size == i_size))) {
 714                lower_ia->ia_valid &= ~ATTR_SIZE;
 715                return 0;
 716        }
 717        rc = ecryptfs_get_lower_file(dentry, inode);
 718        if (rc)
 719                return rc;
 720        crypt_stat = &ecryptfs_inode_to_private(d_inode(dentry))->crypt_stat;
 721        /* Switch on growing or shrinking file */
 722        if (ia->ia_size > i_size) {
 723                char zero[] = { 0x00 };
 724
 725                lower_ia->ia_valid &= ~ATTR_SIZE;
 726                /* Write a single 0 at the last position of the file;
 727                 * this triggers code that will fill in 0's throughout
 728                 * the intermediate portion of the previous end of the
 729                 * file and the new and of the file */
 730                rc = ecryptfs_write(inode, zero,
 731                                    (ia->ia_size - 1), 1);
 732        } else { /* ia->ia_size < i_size_read(inode) */
 733                /* We're chopping off all the pages down to the page
 734                 * in which ia->ia_size is located. Fill in the end of
 735                 * that page from (ia->ia_size & ~PAGE_MASK) to
 736                 * PAGE_SIZE with zeros. */
 737                size_t num_zeros = (PAGE_SIZE
 738                                    - (ia->ia_size & ~PAGE_MASK));
 739
 740                if (!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) {
 741                        truncate_setsize(inode, ia->ia_size);
 742                        lower_ia->ia_size = ia->ia_size;
 743                        lower_ia->ia_valid |= ATTR_SIZE;
 744                        goto out;
 745                }
 746                if (num_zeros) {
 747                        char *zeros_virt;
 748
 749                        zeros_virt = kzalloc(num_zeros, GFP_KERNEL);
 750                        if (!zeros_virt) {
 751                                rc = -ENOMEM;
 752                                goto out;
 753                        }
 754                        rc = ecryptfs_write(inode, zeros_virt,
 755                                            ia->ia_size, num_zeros);
 756                        kfree(zeros_virt);
 757                        if (rc) {
 758                                printk(KERN_ERR "Error attempting to zero out "
 759                                       "the remainder of the end page on "
 760                                       "reducing truncate; rc = [%d]\n", rc);
 761                                goto out;
 762                        }
 763                }
 764                truncate_setsize(inode, ia->ia_size);
 765                rc = ecryptfs_write_inode_size_to_metadata(inode);
 766                if (rc) {
 767                        printk(KERN_ERR "Problem with "
 768                               "ecryptfs_write_inode_size_to_metadata; "
 769                               "rc = [%d]\n", rc);
 770                        goto out;
 771                }
 772                /* We are reducing the size of the ecryptfs file, and need to
 773                 * know if we need to reduce the size of the lower file. */
 774                lower_size_before_truncate =
 775                    upper_size_to_lower_size(crypt_stat, i_size);
 776                lower_size_after_truncate =
 777                    upper_size_to_lower_size(crypt_stat, ia->ia_size);
 778                if (lower_size_after_truncate < lower_size_before_truncate) {
 779                        lower_ia->ia_size = lower_size_after_truncate;
 780                        lower_ia->ia_valid |= ATTR_SIZE;
 781                } else
 782                        lower_ia->ia_valid &= ~ATTR_SIZE;
 783        }
 784out:
 785        ecryptfs_put_lower_file(inode);
 786        return rc;
 787}
 788
 789static int ecryptfs_inode_newsize_ok(struct inode *inode, loff_t offset)
 790{
 791        struct ecryptfs_crypt_stat *crypt_stat;
 792        loff_t lower_oldsize, lower_newsize;
 793
 794        crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat;
 795        lower_oldsize = upper_size_to_lower_size(crypt_stat,
 796                                                 i_size_read(inode));
 797        lower_newsize = upper_size_to_lower_size(crypt_stat, offset);
 798        if (lower_newsize > lower_oldsize) {
 799                /*
 800                 * The eCryptfs inode and the new *lower* size are mixed here
 801                 * because we may not have the lower i_mutex held and/or it may
 802                 * not be appropriate to call inode_newsize_ok() with inodes
 803                 * from other filesystems.
 804                 */
 805                return inode_newsize_ok(inode, lower_newsize);
 806        }
 807
 808        return 0;
 809}
 810
 811/**
 812 * ecryptfs_truncate
 813 * @dentry: The ecryptfs layer dentry
 814 * @new_length: The length to expand the file to
 815 *
 816 * Simple function that handles the truncation of an eCryptfs inode and
 817 * its corresponding lower inode.
 818 *
 819 * Returns zero on success; non-zero otherwise
 820 */
 821int ecryptfs_truncate(struct dentry *dentry, loff_t new_length)
 822{
 823        struct iattr ia = { .ia_valid = ATTR_SIZE, .ia_size = new_length };
 824        struct iattr lower_ia = { .ia_valid = 0 };
 825        int rc;
 826
 827        rc = ecryptfs_inode_newsize_ok(d_inode(dentry), new_length);
 828        if (rc)
 829                return rc;
 830
 831        rc = truncate_upper(dentry, &ia, &lower_ia);
 832        if (!rc && lower_ia.ia_valid & ATTR_SIZE) {
 833                struct dentry *lower_dentry = ecryptfs_dentry_to_lower(dentry);
 834
 835                inode_lock(d_inode(lower_dentry));
 836                rc = notify_change(lower_dentry, &lower_ia, NULL);
 837                inode_unlock(d_inode(lower_dentry));
 838        }
 839        return rc;
 840}
 841
 842static int
 843ecryptfs_permission(struct inode *inode, int mask)
 844{
 845        return inode_permission(ecryptfs_inode_to_lower(inode), mask);
 846}
 847
 848/**
 849 * ecryptfs_setattr
 850 * @dentry: dentry handle to the inode to modify
 851 * @ia: Structure with flags of what to change and values
 852 *
 853 * Updates the metadata of an inode. If the update is to the size
 854 * i.e. truncation, then ecryptfs_truncate will handle the size modification
 855 * of both the ecryptfs inode and the lower inode.
 856 *
 857 * All other metadata changes will be passed right to the lower filesystem,
 858 * and we will just update our inode to look like the lower.
 859 */
 860static int ecryptfs_setattr(struct dentry *dentry, struct iattr *ia)
 861{
 862        int rc = 0;
 863        struct dentry *lower_dentry;
 864        struct iattr lower_ia;
 865        struct inode *inode;
 866        struct inode *lower_inode;
 867        struct ecryptfs_crypt_stat *crypt_stat;
 868
 869        crypt_stat = &ecryptfs_inode_to_private(d_inode(dentry))->crypt_stat;
 870        if (!(crypt_stat->flags & ECRYPTFS_STRUCT_INITIALIZED)) {
 871                rc = ecryptfs_init_crypt_stat(crypt_stat);
 872                if (rc)
 873                        return rc;
 874        }
 875        inode = d_inode(dentry);
 876        lower_inode = ecryptfs_inode_to_lower(inode);
 877        lower_dentry = ecryptfs_dentry_to_lower(dentry);
 878        mutex_lock(&crypt_stat->cs_mutex);
 879        if (d_is_dir(dentry))
 880                crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
 881        else if (d_is_reg(dentry)
 882                 && (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED)
 883                     || !(crypt_stat->flags & ECRYPTFS_KEY_VALID))) {
 884                struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
 885
 886                mount_crypt_stat = &ecryptfs_superblock_to_private(
 887                        dentry->d_sb)->mount_crypt_stat;
 888                rc = ecryptfs_get_lower_file(dentry, inode);
 889                if (rc) {
 890                        mutex_unlock(&crypt_stat->cs_mutex);
 891                        goto out;
 892                }
 893                rc = ecryptfs_read_metadata(dentry);
 894                ecryptfs_put_lower_file(inode);
 895                if (rc) {
 896                        if (!(mount_crypt_stat->flags
 897                              & ECRYPTFS_PLAINTEXT_PASSTHROUGH_ENABLED)) {
 898                                rc = -EIO;
 899                                printk(KERN_WARNING "Either the lower file "
 900                                       "is not in a valid eCryptfs format, "
 901                                       "or the key could not be retrieved. "
 902                                       "Plaintext passthrough mode is not "
 903                                       "enabled; returning -EIO\n");
 904                                mutex_unlock(&crypt_stat->cs_mutex);
 905                                goto out;
 906                        }
 907                        rc = 0;
 908                        crypt_stat->flags &= ~(ECRYPTFS_I_SIZE_INITIALIZED
 909                                               | ECRYPTFS_ENCRYPTED);
 910                }
 911        }
 912        mutex_unlock(&crypt_stat->cs_mutex);
 913
 914        rc = setattr_prepare(dentry, ia);
 915        if (rc)
 916                goto out;
 917        if (ia->ia_valid & ATTR_SIZE) {
 918                rc = ecryptfs_inode_newsize_ok(inode, ia->ia_size);
 919                if (rc)
 920                        goto out;
 921        }
 922
 923        memcpy(&lower_ia, ia, sizeof(lower_ia));
 924        if (ia->ia_valid & ATTR_FILE)
 925                lower_ia.ia_file = ecryptfs_file_to_lower(ia->ia_file);
 926        if (ia->ia_valid & ATTR_SIZE) {
 927                rc = truncate_upper(dentry, ia, &lower_ia);
 928                if (rc < 0)
 929                        goto out;
 930        }
 931
 932        /*
 933         * mode change is for clearing setuid/setgid bits. Allow lower fs
 934         * to interpret this in its own way.
 935         */
 936        if (lower_ia.ia_valid & (ATTR_KILL_SUID | ATTR_KILL_SGID))
 937                lower_ia.ia_valid &= ~ATTR_MODE;
 938
 939        inode_lock(d_inode(lower_dentry));
 940        rc = notify_change(lower_dentry, &lower_ia, NULL);
 941        inode_unlock(d_inode(lower_dentry));
 942out:
 943        fsstack_copy_attr_all(inode, lower_inode);
 944        return rc;
 945}
 946
 947static int ecryptfs_getattr_link(const struct path *path, struct kstat *stat,
 948                                 u32 request_mask, unsigned int flags)
 949{
 950        struct dentry *dentry = path->dentry;
 951        struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
 952        int rc = 0;
 953
 954        mount_crypt_stat = &ecryptfs_superblock_to_private(
 955                                                dentry->d_sb)->mount_crypt_stat;
 956        generic_fillattr(d_inode(dentry), stat);
 957        if (mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES) {
 958                char *target;
 959                size_t targetsiz;
 960
 961                target = ecryptfs_readlink_lower(dentry, &targetsiz);
 962                if (!IS_ERR(target)) {
 963                        kfree(target);
 964                        stat->size = targetsiz;
 965                } else {
 966                        rc = PTR_ERR(target);
 967                }
 968        }
 969        return rc;
 970}
 971
 972static int ecryptfs_getattr(const struct path *path, struct kstat *stat,
 973                            u32 request_mask, unsigned int flags)
 974{
 975        struct dentry *dentry = path->dentry;
 976        struct kstat lower_stat;
 977        int rc;
 978
 979        rc = vfs_getattr(ecryptfs_dentry_to_lower_path(dentry), &lower_stat,
 980                         request_mask, flags);
 981        if (!rc) {
 982                fsstack_copy_attr_all(d_inode(dentry),
 983                                      ecryptfs_inode_to_lower(d_inode(dentry)));
 984                generic_fillattr(d_inode(dentry), stat);
 985                stat->blocks = lower_stat.blocks;
 986        }
 987        return rc;
 988}
 989
 990int
 991ecryptfs_setxattr(struct dentry *dentry, struct inode *inode,
 992                  const char *name, const void *value,
 993                  size_t size, int flags)
 994{
 995        int rc;
 996        struct dentry *lower_dentry;
 997
 998        lower_dentry = ecryptfs_dentry_to_lower(dentry);
 999        if (!(d_inode(lower_dentry)->i_opflags & IOP_XATTR)) {
1000                rc = -EOPNOTSUPP;

1001                goto out;
1002        }
1003        rc = vfs_setxattr(lower_dentry, name, value, size, flags);
1004        if (!rc && inode)
1005                fsstack_copy_attr_all(inode, d_inode(lower_dentry));
1006out:
1007        return rc;
1008}
1009
1010ssize_t
1011ecryptfs_getxattr_lower(struct dentry *lower_dentry, struct inode *lower_inode,
1012                        const char *name, void *value, size_t size)
1013{
1014        int rc;
1015
1016        if (!(lower_inode->i_opflags & IOP_XATTR)) {
1017                rc = -EOPNOTSUPP;
1018                goto out;
1019        }
1020        inode_lock(lower_inode);
1021        rc = __vfs_getxattr(lower_dentry, lower_inode, name, value, size);
1022        inode_unlock(lower_inode);
1023out:
1024        return rc;
1025}
1026
1027static ssize_t
1028ecryptfs_getxattr(struct dentry *dentry, struct inode *inode,
1029                  const char *name, void *value, size_t size)
1030{
1031        return ecryptfs_getxattr_lower(ecryptfs_dentry_to_lower(dentry),
1032                                       ecryptfs_inode_to_lower(inode),
1033                                       name, value, size);
1034}
1035
1036static ssize_t
1037ecryptfs_listxattr(struct dentry *dentry, char *list, size_t size)
1038{
1039        int rc = 0;
1040        struct dentry *lower_dentry;
1041
1042        lower_dentry = ecryptfs_dentry_to_lower(dentry);
1043        if (!d_inode(lower_dentry)->i_op->listxattr) {
1044                rc = -EOPNOTSUPP;
1045                goto out;
1046        }
1047        inode_lock(d_inode(lower_dentry));
1048        rc = d_inode(lower_dentry)->i_op->listxattr(lower_dentry, list, size);
1049        inode_unlock(d_inode(lower_dentry));
1050out:
1051        return rc;
1052}
1053
1054static int ecryptfs_removexattr(struct dentry *dentry, struct inode *inode,
1055                                const char *name)
1056{
1057        int rc;
1058        struct dentry *lower_dentry;
1059        struct inode *lower_inode;
1060
1061        lower_dentry = ecryptfs_dentry_to_lower(dentry);
1062        lower_inode = ecryptfs_inode_to_lower(inode);
1063        if (!(lower_inode->i_opflags & IOP_XATTR)) {
1064                rc = -EOPNOTSUPP;
1065                goto out;
1066        }
1067        inode_lock(lower_inode);
1068        rc = __vfs_removexattr(lower_dentry, name);
1069        inode_unlock(lower_inode);
1070out:
1071        return rc;
1072}
1073
1074const struct inode_operations ecryptfs_symlink_iops = {
1075        .get_link = ecryptfs_get_link,
1076        .permission = ecryptfs_permission,
1077        .setattr = ecryptfs_setattr,
1078        .getattr = ecryptfs_getattr_link,
1079        .listxattr = ecryptfs_listxattr,
1080};
1081
1082const struct inode_operations ecryptfs_dir_iops = {
1083        .create = ecryptfs_create,
1084        .lookup = ecryptfs_lookup,
1085        .link = ecryptfs_link,
1086        .unlink = ecryptfs_unlink,
1087        .symlink = ecryptfs_symlink,
1088        .mkdir = ecryptfs_mkdir,
1089        .rmdir = ecryptfs_rmdir,
1090        .mknod = ecryptfs_mknod,
1091        .rename = ecryptfs_rename,
1092        .permission = ecryptfs_permission,
1093        .setattr = ecryptfs_setattr,
1094        .listxattr = ecryptfs_listxattr,
1095};
1096
1097const struct inode_operations ecryptfs_main_iops = {
1098        .permission = ecryptfs_permission,
1099        .setattr = ecryptfs_setattr,
1100        .getattr = ecryptfs_getattr,
1101        .listxattr = ecryptfs_listxattr,
1102};
1103
1104static int ecryptfs_xattr_get(const struct xattr_handler *handler,
1105                              struct dentry *dentry, struct inode *inode,
1106                              const char *name, void *buffer, size_t size)
1107{
1108        return ecryptfs_getxattr(dentry, inode, name, buffer, size);
1109}
1110
1111static int ecryptfs_xattr_set(const struct xattr_handler *handler,
1112                              struct dentry *dentry, struct inode *inode,
1113                              const char *name, const void *value, size_t size,
1114                              int flags)
1115{
1116        if (value)
1117                return ecryptfs_setxattr(dentry, inode, name, value, size, flags);
1118        else {
1119                BUG_ON(flags != XATTR_REPLACE);
1120                return ecryptfs_removexattr(dentry, inode, name);
1121        }
1122}
1123
1124static const struct xattr_handler ecryptfs_xattr_handler = {
1125        .prefix = "",  /* match anything */
1126        .get = ecryptfs_xattr_get,
1127        .set = ecryptfs_xattr_set,
1128};
1129
1130const struct xattr_handler *ecryptfs_xattr_handlers[] = {
1131        &ecryptfs_xattr_handler,
1132        NULL
1133};
1134