1
2
3
4
5
6
7
8
9
10
11
12#include <linux/file.h>
13#include <linux/vmalloc.h>
14#include <linux/pagemap.h>
15#include <linux/dcache.h>
16#include <linux/namei.h>
17#include <linux/mount.h>
18#include <linux/fs_stack.h>
19#include <linux/slab.h>
20#include <linux/xattr.h>
21#include <asm/unaligned.h>
22#include "ecryptfs_kernel.h"
23
24static struct dentry *lock_parent(struct dentry *dentry)
25{
26 struct dentry *dir;
27
28 dir = dget_parent(dentry);
29 inode_lock_nested(d_inode(dir), I_MUTEX_PARENT);
30 return dir;
31}
32
33static void unlock_dir(struct dentry *dir)
34{
35 inode_unlock(d_inode(dir));
36 dput(dir);
37}
38
39static int ecryptfs_inode_test(struct inode *inode, void *lower_inode)
40{
41 return ecryptfs_inode_to_lower(inode) == lower_inode;
42}
43
44static int ecryptfs_inode_set(struct inode *inode, void *opaque)
45{
46 struct inode *lower_inode = opaque;
47
48 ecryptfs_set_inode_lower(inode, lower_inode);
49 fsstack_copy_attr_all(inode, lower_inode);
50
51 fsstack_copy_inode_size(inode, lower_inode);
52 inode->i_ino = lower_inode->i_ino;
53 inode->i_mapping->a_ops = &ecryptfs_aops;
54
55 if (S_ISLNK(inode->i_mode))
56 inode->i_op = &ecryptfs_symlink_iops;
57 else if (S_ISDIR(inode->i_mode))
58 inode->i_op = &ecryptfs_dir_iops;
59 else
60 inode->i_op = &ecryptfs_main_iops;
61
62 if (S_ISDIR(inode->i_mode))
63 inode->i_fop = &ecryptfs_dir_fops;
64 else if (special_file(inode->i_mode))
65 init_special_inode(inode, inode->i_mode, inode->i_rdev);
66 else
67 inode->i_fop = &ecryptfs_main_fops;
68
69 return 0;
70}
71
72static struct inode *__ecryptfs_get_inode(struct inode *lower_inode,
73 struct super_block *sb)
74{
75 struct inode *inode;
76
77 if (lower_inode->i_sb != ecryptfs_superblock_to_lower(sb))
78 return ERR_PTR(-EXDEV);
79 if (!igrab(lower_inode))
80 return ERR_PTR(-ESTALE);
81 inode = iget5_locked(sb, (unsigned long)lower_inode,
82 ecryptfs_inode_test, ecryptfs_inode_set,
83 lower_inode);
84 if (!inode) {
85 iput(lower_inode);
86 return ERR_PTR(-EACCES);
87 }
88 if (!(inode->i_state & I_NEW))
89 iput(lower_inode);
90
91 return inode;
92}
93
94struct inode *ecryptfs_get_inode(struct inode *lower_inode,
95 struct super_block *sb)
96{
97 struct inode *inode = __ecryptfs_get_inode(lower_inode, sb);
98
99 if (!IS_ERR(inode) && (inode->i_state & I_NEW))
100 unlock_new_inode(inode);
101
102 return inode;
103}
104
105
106
107
108
109
110
111
112
113
114
115static int ecryptfs_interpose(struct dentry *lower_dentry,
116 struct dentry *dentry, struct super_block *sb)
117{
118 struct inode *inode = ecryptfs_get_inode(d_inode(lower_dentry), sb);
119
120 if (IS_ERR(inode))
121 return PTR_ERR(inode);
122 d_instantiate(dentry, inode);
123
124 return 0;
125}
126
127static int ecryptfs_do_unlink(struct inode *dir, struct dentry *dentry,
128 struct inode *inode)
129{
130 struct dentry *lower_dentry = ecryptfs_dentry_to_lower(dentry);
131 struct inode *lower_dir_inode = ecryptfs_inode_to_lower(dir);
132 struct dentry *lower_dir_dentry;
133 int rc;
134
135 dget(lower_dentry);
136 lower_dir_dentry = lock_parent(lower_dentry);
137 rc = vfs_unlink(lower_dir_inode, lower_dentry, NULL);
138 if (rc) {
139 printk(KERN_ERR "Error in vfs_unlink; rc = [%d]\n", rc);
140 goto out_unlock;
141 }
142 fsstack_copy_attr_times(dir, lower_dir_inode);
143 set_nlink(inode, ecryptfs_inode_to_lower(inode)->i_nlink);
144 inode->i_ctime = dir->i_ctime;
145 d_drop(dentry);
146out_unlock:
147 unlock_dir(lower_dir_dentry);
148 dput(lower_dentry);
149 return rc;
150}
151
152
153
154
155
156
157
158
159
160
161
162
163
164static struct inode *
165ecryptfs_do_create(struct inode *directory_inode,
166 struct dentry *ecryptfs_dentry, umode_t mode)
167{
168 int rc;
169 struct dentry *lower_dentry;
170 struct dentry *lower_dir_dentry;
171 struct inode *inode;
172
173 lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry);
174 lower_dir_dentry = lock_parent(lower_dentry);
175 rc = vfs_create(d_inode(lower_dir_dentry), lower_dentry, mode, true);
176 if (rc) {
177 printk(KERN_ERR "%s: Failure to create dentry in lower fs; "
178 "rc = [%d]\n", __func__, rc);
179 inode = ERR_PTR(rc);
180 goto out_lock;
181 }
182 inode = __ecryptfs_get_inode(d_inode(lower_dentry),
183 directory_inode->i_sb);
184 if (IS_ERR(inode)) {
185 vfs_unlink(d_inode(lower_dir_dentry), lower_dentry, NULL);
186 goto out_lock;
187 }
188 fsstack_copy_attr_times(directory_inode, d_inode(lower_dir_dentry));
189 fsstack_copy_inode_size(directory_inode, d_inode(lower_dir_dentry));
190out_lock:
191 unlock_dir(lower_dir_dentry);
192 return inode;
193}
194
195
196
197
198
199
200
201
202
203int ecryptfs_initialize_file(struct dentry *ecryptfs_dentry,
204 struct inode *ecryptfs_inode)
205{
206 struct ecryptfs_crypt_stat *crypt_stat =
207 &ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat;
208 int rc = 0;
209
210 if (S_ISDIR(ecryptfs_inode->i_mode)) {
211 ecryptfs_printk(KERN_DEBUG, "This is a directory\n");
212 crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
213 goto out;
214 }
215 ecryptfs_printk(KERN_DEBUG, "Initializing crypto context\n");
216 rc = ecryptfs_new_file_context(ecryptfs_inode);
217 if (rc) {
218 ecryptfs_printk(KERN_ERR, "Error creating new file "
219 "context; rc = [%d]\n", rc);
220 goto out;
221 }
222 rc = ecryptfs_get_lower_file(ecryptfs_dentry, ecryptfs_inode);
223 if (rc) {
224 printk(KERN_ERR "%s: Error attempting to initialize "
225 "the lower file for the dentry with name "
226 "[%pd]; rc = [%d]\n", __func__,
227 ecryptfs_dentry, rc);
228 goto out;
229 }
230 rc = ecryptfs_write_metadata(ecryptfs_dentry, ecryptfs_inode);
231 if (rc)
232 printk(KERN_ERR "Error writing headers; rc = [%d]\n", rc);
233 ecryptfs_put_lower_file(ecryptfs_inode);
234out:
235 return rc;
236}
237
238
239
240
241
242
243
244
245
246
247
248static int
249ecryptfs_create(struct inode *directory_inode, struct dentry *ecryptfs_dentry,
250 umode_t mode, bool excl)
251{
252 struct inode *ecryptfs_inode;
253 int rc;
254
255 ecryptfs_inode = ecryptfs_do_create(directory_inode, ecryptfs_dentry,
256 mode);
257 if (IS_ERR(ecryptfs_inode)) {
258 ecryptfs_printk(KERN_WARNING, "Failed to create file in"
259 "lower filesystem\n");
260 rc = PTR_ERR(ecryptfs_inode);
261 goto out;
262 }
263
264
265 rc = ecryptfs_initialize_file(ecryptfs_dentry, ecryptfs_inode);
266 if (rc) {
267 ecryptfs_do_unlink(directory_inode, ecryptfs_dentry,
268 ecryptfs_inode);
269 iget_failed(ecryptfs_inode);
270 goto out;
271 }
272 d_instantiate_new(ecryptfs_dentry, ecryptfs_inode);
273out:
274 return rc;
275}
276
277static int ecryptfs_i_size_read(struct dentry *dentry, struct inode *inode)
278{
279 struct ecryptfs_crypt_stat *crypt_stat;
280 int rc;
281
282 rc = ecryptfs_get_lower_file(dentry, inode);
283 if (rc) {
284 printk(KERN_ERR "%s: Error attempting to initialize "
285 "the lower file for the dentry with name "
286 "[%pd]; rc = [%d]\n", __func__,
287 dentry, rc);
288 return rc;
289 }
290
291 crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat;
292
293 if (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED))
294 ecryptfs_set_default_sizes(crypt_stat);
295
296 rc = ecryptfs_read_and_validate_header_region(inode);
297 ecryptfs_put_lower_file(inode);
298 if (rc) {
299 rc = ecryptfs_read_and_validate_xattr_region(dentry, inode);
300 if (!rc)
301 crypt_stat->flags |= ECRYPTFS_METADATA_IN_XATTR;
302 }
303
304
305 return 0;
306}
307
308
309
310
311static struct dentry *ecryptfs_lookup_interpose(struct dentry *dentry,
312 struct dentry *lower_dentry)
313{
314 struct inode *inode, *lower_inode = d_inode(lower_dentry);
315 struct ecryptfs_dentry_info *dentry_info;
316 struct vfsmount *lower_mnt;
317 int rc = 0;
318
319 dentry_info = kmem_cache_alloc(ecryptfs_dentry_info_cache, GFP_KERNEL);
320 if (!dentry_info) {
321 dput(lower_dentry);
322 return ERR_PTR(-ENOMEM);
323 }
324
325 lower_mnt = mntget(ecryptfs_dentry_to_lower_mnt(dentry->d_parent));
326 fsstack_copy_attr_atime(d_inode(dentry->d_parent),
327 d_inode(lower_dentry->d_parent));
328 BUG_ON(!d_count(lower_dentry));
329
330 ecryptfs_set_dentry_private(dentry, dentry_info);
331 dentry_info->lower_path.mnt = lower_mnt;
332 dentry_info->lower_path.dentry = lower_dentry;
333
334 if (d_really_is_negative(lower_dentry)) {
335
336 d_add(dentry, NULL);
337 return NULL;
338 }
339 inode = __ecryptfs_get_inode(lower_inode, dentry->d_sb);
340 if (IS_ERR(inode)) {
341 printk(KERN_ERR "%s: Error interposing; rc = [%ld]\n",
342 __func__, PTR_ERR(inode));
343 return ERR_CAST(inode);
344 }
345 if (S_ISREG(inode->i_mode)) {
346 rc = ecryptfs_i_size_read(dentry, inode);
347 if (rc) {
348 make_bad_inode(inode);
349 return ERR_PTR(rc);
350 }
351 }
352
353 if (inode->i_state & I_NEW)
354 unlock_new_inode(inode);
355 return d_splice_alias(inode, dentry);
356}
357
358
359
360
361
362
363
364
365
366
367static struct dentry *ecryptfs_lookup(struct inode *ecryptfs_dir_inode,
368 struct dentry *ecryptfs_dentry,
369 unsigned int flags)
370{
371 char *encrypted_and_encoded_name = NULL;
372 struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
373 struct dentry *lower_dir_dentry, *lower_dentry;
374 const char *name = ecryptfs_dentry->d_name.name;
375 size_t len = ecryptfs_dentry->d_name.len;
376 struct dentry *res;
377 int rc = 0;
378
379 lower_dir_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry->d_parent);
380
381 mount_crypt_stat = &ecryptfs_superblock_to_private(
382 ecryptfs_dentry->d_sb)->mount_crypt_stat;
383 if (mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES) {
384 rc = ecryptfs_encrypt_and_encode_filename(
385 &encrypted_and_encoded_name, &len,
386 mount_crypt_stat, name, len);
387 if (rc) {
388 printk(KERN_ERR "%s: Error attempting to encrypt and encode "
389 "filename; rc = [%d]\n", __func__, rc);
390 return ERR_PTR(rc);
391 }
392 name = encrypted_and_encoded_name;
393 }
394
395 lower_dentry = lookup_one_len_unlocked(name, lower_dir_dentry, len);
396 if (IS_ERR(lower_dentry)) {
397 ecryptfs_printk(KERN_DEBUG, "%s: lookup_one_len() returned "
398 "[%ld] on lower_dentry = [%s]\n", __func__,
399 PTR_ERR(lower_dentry),
400 name);
401 res = ERR_CAST(lower_dentry);
402 } else {
403 res = ecryptfs_lookup_interpose(ecryptfs_dentry, lower_dentry);
404 }
405 kfree(encrypted_and_encoded_name);
406 return res;
407}
408
409static int ecryptfs_link(struct dentry *old_dentry, struct inode *dir,
410 struct dentry *new_dentry)
411{
412 struct dentry *lower_old_dentry;
413 struct dentry *lower_new_dentry;
414 struct dentry *lower_dir_dentry;
415 u64 file_size_save;
416 int rc;
417
418 file_size_save = i_size_read(d_inode(old_dentry));
419 lower_old_dentry = ecryptfs_dentry_to_lower(old_dentry);
420 lower_new_dentry = ecryptfs_dentry_to_lower(new_dentry);
421 dget(lower_old_dentry);
422 dget(lower_new_dentry);
423 lower_dir_dentry = lock_parent(lower_new_dentry);
424 rc = vfs_link(lower_old_dentry, d_inode(lower_dir_dentry),
425 lower_new_dentry, NULL);
426 if (rc || d_really_is_negative(lower_new_dentry))
427 goto out_lock;
428 rc = ecryptfs_interpose(lower_new_dentry, new_dentry, dir->i_sb);
429 if (rc)
430 goto out_lock;
431 fsstack_copy_attr_times(dir, d_inode(lower_dir_dentry));
432 fsstack_copy_inode_size(dir, d_inode(lower_dir_dentry));
433 set_nlink(d_inode(old_dentry),
434 ecryptfs_inode_to_lower(d_inode(old_dentry))->i_nlink);
435 i_size_write(d_inode(new_dentry), file_size_save);
436out_lock:
437 unlock_dir(lower_dir_dentry);
438 dput(lower_new_dentry);
439 dput(lower_old_dentry);
440 return rc;
441}
442
443static int ecryptfs_unlink(struct inode *dir, struct dentry *dentry)
444{
445 return ecryptfs_do_unlink(dir, dentry, d_inode(dentry));
446}
447
448static int ecryptfs_symlink(struct inode *dir, struct dentry *dentry,
449 const char *symname)
450{
451 int rc;
452 struct dentry *lower_dentry;
453 struct dentry *lower_dir_dentry;
454 char *encoded_symname;
455 size_t encoded_symlen;
456 struct ecryptfs_mount_crypt_stat *mount_crypt_stat = NULL;
457
458 lower_dentry = ecryptfs_dentry_to_lower(dentry);
459 dget(lower_dentry);
460 lower_dir_dentry = lock_parent(lower_dentry);
461 mount_crypt_stat = &ecryptfs_superblock_to_private(
462 dir->i_sb)->mount_crypt_stat;
463 rc = ecryptfs_encrypt_and_encode_filename(&encoded_symname,
464 &encoded_symlen,
465 mount_crypt_stat, symname,
466 strlen(symname));
467 if (rc)
468 goto out_lock;
469 rc = vfs_symlink(d_inode(lower_dir_dentry), lower_dentry,
470 encoded_symname);
471 kfree(encoded_symname);
472 if (rc || d_really_is_negative(lower_dentry))
473 goto out_lock;
474 rc = ecryptfs_interpose(lower_dentry, dentry, dir->i_sb);
475 if (rc)
476 goto out_lock;
477 fsstack_copy_attr_times(dir, d_inode(lower_dir_dentry));
478 fsstack_copy_inode_size(dir, d_inode(lower_dir_dentry));
479out_lock:
480 unlock_dir(lower_dir_dentry);
481 dput(lower_dentry);
482 if (d_really_is_negative(dentry))
483 d_drop(dentry);
484 return rc;
485}
486
487static int ecryptfs_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
488{
489 int rc;
490 struct dentry *lower_dentry;
491 struct dentry *lower_dir_dentry;
492
493 lower_dentry = ecryptfs_dentry_to_lower(dentry);
494 lower_dir_dentry = lock_parent(lower_dentry);
495 rc = vfs_mkdir(d_inode(lower_dir_dentry), lower_dentry, mode);
496 if (rc || d_really_is_negative(lower_dentry))
497 goto out;
498 rc = ecryptfs_interpose(lower_dentry, dentry, dir->i_sb);
499 if (rc)
500 goto out;
501 fsstack_copy_attr_times(dir, d_inode(lower_dir_dentry));
502 fsstack_copy_inode_size(dir, d_inode(lower_dir_dentry));
503 set_nlink(dir, d_inode(lower_dir_dentry)->i_nlink);
504out:
505 unlock_dir(lower_dir_dentry);
506 if (d_really_is_negative(dentry))
507 d_drop(dentry);
508 return rc;
509}
510
511static int ecryptfs_rmdir(struct inode *dir, struct dentry *dentry)
512{
513 struct dentry *lower_dentry;
514 struct dentry *lower_dir_dentry;
515 int rc;
516
517 lower_dentry = ecryptfs_dentry_to_lower(dentry);
518 dget(dentry);
519 lower_dir_dentry = lock_parent(lower_dentry);
520 dget(lower_dentry);
521 rc = vfs_rmdir(d_inode(lower_dir_dentry), lower_dentry);
522 dput(lower_dentry);
523 if (!rc && d_really_is_positive(dentry))
524 clear_nlink(d_inode(dentry));
525 fsstack_copy_attr_times(dir, d_inode(lower_dir_dentry));
526 set_nlink(dir, d_inode(lower_dir_dentry)->i_nlink);
527 unlock_dir(lower_dir_dentry);
528 if (!rc)
529 d_drop(dentry);
530 dput(dentry);
531 return rc;
532}
533
534static int
535ecryptfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
536{
537 int rc;
538 struct dentry *lower_dentry;
539 struct dentry *lower_dir_dentry;
540
541 lower_dentry = ecryptfs_dentry_to_lower(dentry);
542 lower_dir_dentry = lock_parent(lower_dentry);
543 rc = vfs_mknod(d_inode(lower_dir_dentry), lower_dentry, mode, dev);
544 if (rc || d_really_is_negative(lower_dentry))
545 goto out;
546 rc = ecryptfs_interpose(lower_dentry, dentry, dir->i_sb);
547 if (rc)
548 goto out;
549 fsstack_copy_attr_times(dir, d_inode(lower_dir_dentry));
550 fsstack_copy_inode_size(dir, d_inode(lower_dir_dentry));
551out:
552 unlock_dir(lower_dir_dentry);
553 if (d_really_is_negative(dentry))
554 d_drop(dentry);
555 return rc;
556}
557
558static int
559ecryptfs_rename(struct inode *old_dir, struct dentry *old_dentry,
560 struct inode *new_dir, struct dentry *new_dentry,
561 unsigned int flags)
562{
563 int rc;
564 struct dentry *lower_old_dentry;
565 struct dentry *lower_new_dentry;
566 struct dentry *lower_old_dir_dentry;
567 struct dentry *lower_new_dir_dentry;
568 struct dentry *trap = NULL;
569 struct inode *target_inode;
570
571 if (flags)
572 return -EINVAL;
573
574 lower_old_dentry = ecryptfs_dentry_to_lower(old_dentry);
575 lower_new_dentry = ecryptfs_dentry_to_lower(new_dentry);
576 dget(lower_old_dentry);
577 dget(lower_new_dentry);
578 lower_old_dir_dentry = dget_parent(lower_old_dentry);
579 lower_new_dir_dentry = dget_parent(lower_new_dentry);
580 target_inode = d_inode(new_dentry);
581 trap = lock_rename(lower_old_dir_dentry, lower_new_dir_dentry);
582 rc = -EINVAL;
583 if (lower_old_dentry->d_parent != lower_old_dir_dentry)
584 goto out_lock;
585 if (lower_new_dentry->d_parent != lower_new_dir_dentry)
586 goto out_lock;
587 if (d_unhashed(lower_old_dentry) || d_unhashed(lower_new_dentry))
588 goto out_lock;
589
590 if (trap == lower_old_dentry)
591 goto out_lock;
592
593 if (trap == lower_new_dentry) {
594 rc = -ENOTEMPTY;
595 goto out_lock;
596 }
597 rc = vfs_rename(d_inode(lower_old_dir_dentry), lower_old_dentry,
598 d_inode(lower_new_dir_dentry), lower_new_dentry,
599 NULL, 0);
600 if (rc)
601 goto out_lock;
602 if (target_inode)
603 fsstack_copy_attr_all(target_inode,
604 ecryptfs_inode_to_lower(target_inode));
605 fsstack_copy_attr_all(new_dir, d_inode(lower_new_dir_dentry));
606 if (new_dir != old_dir)
607 fsstack_copy_attr_all(old_dir, d_inode(lower_old_dir_dentry));
608out_lock:
609 unlock_rename(lower_old_dir_dentry, lower_new_dir_dentry);
610 dput(lower_new_dir_dentry);
611 dput(lower_old_dir_dentry);
612 dput(lower_new_dentry);
613 dput(lower_old_dentry);
614 return rc;
615}
616
617static char *ecryptfs_readlink_lower(struct dentry *dentry, size_t *bufsiz)
618{
619 DEFINE_DELAYED_CALL(done);
620 struct dentry *lower_dentry = ecryptfs_dentry_to_lower(dentry);
621 const char *link;
622 char *buf;
623 int rc;
624
625 link = vfs_get_link(lower_dentry, &done);
626 if (IS_ERR(link))
627 return ERR_CAST(link);
628
629 rc = ecryptfs_decode_and_decrypt_filename(&buf, bufsiz, dentry->d_sb,
630 link, strlen(link));
631 do_delayed_call(&done);
632 if (rc)
633 return ERR_PTR(rc);
634
635 return buf;
636}
637
638static const char *ecryptfs_get_link(struct dentry *dentry,
639 struct inode *inode,
640 struct delayed_call *done)
641{
642 size_t len;
643 char *buf;
644
645 if (!dentry)
646 return ERR_PTR(-ECHILD);
647
648 buf = ecryptfs_readlink_lower(dentry, &len);
649 if (IS_ERR(buf))
650 return buf;
651 fsstack_copy_attr_atime(d_inode(dentry),
652 d_inode(ecryptfs_dentry_to_lower(dentry)));
653 buf[len] = '\0';
654 set_delayed_call(done, kfree_link, buf);
655 return buf;
656}
657
658
659
660
661
662
663
664
665
666
667
668
669static loff_t
670upper_size_to_lower_size(struct ecryptfs_crypt_stat *crypt_stat,
671 loff_t upper_size)
672{
673 loff_t lower_size;
674
675 lower_size = ecryptfs_lower_header_size(crypt_stat);
676 if (upper_size != 0) {
677 loff_t num_extents;
678
679 num_extents = upper_size >> crypt_stat->extent_shift;
680 if (upper_size & ~crypt_stat->extent_mask)
681 num_extents++;
682 lower_size += (num_extents * crypt_stat->extent_size);
683 }
684 return lower_size;
685}
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703static int truncate_upper(struct dentry *dentry, struct iattr *ia,
704 struct iattr *lower_ia)
705{
706 int rc = 0;
707 struct inode *inode = d_inode(dentry);
708 struct ecryptfs_crypt_stat *crypt_stat;
709 loff_t i_size = i_size_read(inode);
710 loff_t lower_size_before_truncate;
711 loff_t lower_size_after_truncate;
712
713 if (unlikely((ia->ia_size == i_size))) {
714 lower_ia->ia_valid &= ~ATTR_SIZE;
715 return 0;
716 }
717 rc = ecryptfs_get_lower_file(dentry, inode);
718 if (rc)
719 return rc;
720 crypt_stat = &ecryptfs_inode_to_private(d_inode(dentry))->crypt_stat;
721
722 if (ia->ia_size > i_size) {
723 char zero[] = { 0x00 };
724
725 lower_ia->ia_valid &= ~ATTR_SIZE;
726
727
728
729
730 rc = ecryptfs_write(inode, zero,
731 (ia->ia_size - 1), 1);
732 } else {
733
734
735
736
737 size_t num_zeros = (PAGE_SIZE
738 - (ia->ia_size & ~PAGE_MASK));
739
740 if (!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) {
741 truncate_setsize(inode, ia->ia_size);
742 lower_ia->ia_size = ia->ia_size;
743 lower_ia->ia_valid |= ATTR_SIZE;
744 goto out;
745 }
746 if (num_zeros) {
747 char *zeros_virt;
748
749 zeros_virt = kzalloc(num_zeros, GFP_KERNEL);
750 if (!zeros_virt) {
751 rc = -ENOMEM;
752 goto out;
753 }
754 rc = ecryptfs_write(inode, zeros_virt,
755 ia->ia_size, num_zeros);
756 kfree(zeros_virt);
757 if (rc) {
758 printk(KERN_ERR "Error attempting to zero out "
759 "the remainder of the end page on "
760 "reducing truncate; rc = [%d]\n", rc);
761 goto out;
762 }
763 }
764 truncate_setsize(inode, ia->ia_size);
765 rc = ecryptfs_write_inode_size_to_metadata(inode);
766 if (rc) {
767 printk(KERN_ERR "Problem with "
768 "ecryptfs_write_inode_size_to_metadata; "
769 "rc = [%d]\n", rc);
770 goto out;
771 }
772
773
774 lower_size_before_truncate =
775 upper_size_to_lower_size(crypt_stat, i_size);
776 lower_size_after_truncate =
777 upper_size_to_lower_size(crypt_stat, ia->ia_size);
778 if (lower_size_after_truncate < lower_size_before_truncate) {
779 lower_ia->ia_size = lower_size_after_truncate;
780 lower_ia->ia_valid |= ATTR_SIZE;
781 } else
782 lower_ia->ia_valid &= ~ATTR_SIZE;
783 }
784out:
785 ecryptfs_put_lower_file(inode);
786 return rc;
787}
788
789static int ecryptfs_inode_newsize_ok(struct inode *inode, loff_t offset)
790{
791 struct ecryptfs_crypt_stat *crypt_stat;
792 loff_t lower_oldsize, lower_newsize;
793
794 crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat;
795 lower_oldsize = upper_size_to_lower_size(crypt_stat,
796 i_size_read(inode));
797 lower_newsize = upper_size_to_lower_size(crypt_stat, offset);
798 if (lower_newsize > lower_oldsize) {
799
800
801
802
803
804
805 return inode_newsize_ok(inode, lower_newsize);
806 }
807
808 return 0;
809}
810
811
812
813
814
815
816
817
818
819
820
821int ecryptfs_truncate(struct dentry *dentry, loff_t new_length)
822{
823 struct iattr ia = { .ia_valid = ATTR_SIZE, .ia_size = new_length };
824 struct iattr lower_ia = { .ia_valid = 0 };
825 int rc;
826
827 rc = ecryptfs_inode_newsize_ok(d_inode(dentry), new_length);
828 if (rc)
829 return rc;
830
831 rc = truncate_upper(dentry, &ia, &lower_ia);
832 if (!rc && lower_ia.ia_valid & ATTR_SIZE) {
833 struct dentry *lower_dentry = ecryptfs_dentry_to_lower(dentry);
834
835 inode_lock(d_inode(lower_dentry));
836 rc = notify_change(lower_dentry, &lower_ia, NULL);
837 inode_unlock(d_inode(lower_dentry));
838 }
839 return rc;
840}
841
842static int
843ecryptfs_permission(struct inode *inode, int mask)
844{
845 return inode_permission(ecryptfs_inode_to_lower(inode), mask);
846}
847
848
849
850
851
852
853
854
855
856
857
858
859
860static int ecryptfs_setattr(struct dentry *dentry, struct iattr *ia)
861{
862 int rc = 0;
863 struct dentry *lower_dentry;
864 struct iattr lower_ia;
865 struct inode *inode;
866 struct inode *lower_inode;
867 struct ecryptfs_crypt_stat *crypt_stat;
868
869 crypt_stat = &ecryptfs_inode_to_private(d_inode(dentry))->crypt_stat;
870 if (!(crypt_stat->flags & ECRYPTFS_STRUCT_INITIALIZED)) {
871 rc = ecryptfs_init_crypt_stat(crypt_stat);
872 if (rc)
873 return rc;
874 }
875 inode = d_inode(dentry);
876 lower_inode = ecryptfs_inode_to_lower(inode);
877 lower_dentry = ecryptfs_dentry_to_lower(dentry);
878 mutex_lock(&crypt_stat->cs_mutex);
879 if (d_is_dir(dentry))
880 crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
881 else if (d_is_reg(dentry)
882 && (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED)
883 || !(crypt_stat->flags & ECRYPTFS_KEY_VALID))) {
884 struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
885
886 mount_crypt_stat = &ecryptfs_superblock_to_private(
887 dentry->d_sb)->mount_crypt_stat;
888 rc = ecryptfs_get_lower_file(dentry, inode);
889 if (rc) {
890 mutex_unlock(&crypt_stat->cs_mutex);
891 goto out;
892 }
893 rc = ecryptfs_read_metadata(dentry);
894 ecryptfs_put_lower_file(inode);
895 if (rc) {
896 if (!(mount_crypt_stat->flags
897 & ECRYPTFS_PLAINTEXT_PASSTHROUGH_ENABLED)) {
898 rc = -EIO;
899 printk(KERN_WARNING "Either the lower file "
900 "is not in a valid eCryptfs format, "
901 "or the key could not be retrieved. "
902 "Plaintext passthrough mode is not "
903 "enabled; returning -EIO\n");
904 mutex_unlock(&crypt_stat->cs_mutex);
905 goto out;
906 }
907 rc = 0;
908 crypt_stat->flags &= ~(ECRYPTFS_I_SIZE_INITIALIZED
909 | ECRYPTFS_ENCRYPTED);
910 }
911 }
912 mutex_unlock(&crypt_stat->cs_mutex);
913
914 rc = setattr_prepare(dentry, ia);
915 if (rc)
916 goto out;
917 if (ia->ia_valid & ATTR_SIZE) {
918 rc = ecryptfs_inode_newsize_ok(inode, ia->ia_size);
919 if (rc)
920 goto out;
921 }
922
923 memcpy(&lower_ia, ia, sizeof(lower_ia));
924 if (ia->ia_valid & ATTR_FILE)
925 lower_ia.ia_file = ecryptfs_file_to_lower(ia->ia_file);
926 if (ia->ia_valid & ATTR_SIZE) {
927 rc = truncate_upper(dentry, ia, &lower_ia);
928 if (rc < 0)
929 goto out;
930 }
931
932
933
934
935
936 if (lower_ia.ia_valid & (ATTR_KILL_SUID | ATTR_KILL_SGID))
937 lower_ia.ia_valid &= ~ATTR_MODE;
938
939 inode_lock(d_inode(lower_dentry));
940 rc = notify_change(lower_dentry, &lower_ia, NULL);
941 inode_unlock(d_inode(lower_dentry));
942out:
943 fsstack_copy_attr_all(inode, lower_inode);
944 return rc;
945}
946
947static int ecryptfs_getattr_link(const struct path *path, struct kstat *stat,
948 u32 request_mask, unsigned int flags)
949{
950 struct dentry *dentry = path->dentry;
951 struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
952 int rc = 0;
953
954 mount_crypt_stat = &ecryptfs_superblock_to_private(
955 dentry->d_sb)->mount_crypt_stat;
956 generic_fillattr(d_inode(dentry), stat);
957 if (mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES) {
958 char *target;
959 size_t targetsiz;
960
961 target = ecryptfs_readlink_lower(dentry, &targetsiz);
962 if (!IS_ERR(target)) {
963 kfree(target);
964 stat->size = targetsiz;
965 } else {
966 rc = PTR_ERR(target);
967 }
968 }
969 return rc;
970}
971
972static int ecryptfs_getattr(const struct path *path, struct kstat *stat,
973 u32 request_mask, unsigned int flags)
974{
975 struct dentry *dentry = path->dentry;
976 struct kstat lower_stat;
977 int rc;
978
979 rc = vfs_getattr(ecryptfs_dentry_to_lower_path(dentry), &lower_stat,
980 request_mask, flags);
981 if (!rc) {
982 fsstack_copy_attr_all(d_inode(dentry),
983 ecryptfs_inode_to_lower(d_inode(dentry)));
984 generic_fillattr(d_inode(dentry), stat);
985 stat->blocks = lower_stat.blocks;
986 }
987 return rc;
988}
989
990int
991ecryptfs_setxattr(struct dentry *dentry, struct inode *inode,
992 const char *name, const void *value,
993 size_t size, int flags)
994{
995 int rc;
996 struct dentry *lower_dentry;
997
998 lower_dentry = ecryptfs_dentry_to_lower(dentry);
999 if (!(d_inode(lower_dentry)->i_opflags & IOP_XATTR)) {
1000 rc = -EOPNOTSUPP;
1001 goto out;
1002 }
1003 rc = vfs_setxattr(lower_dentry, name, value, size, flags);
1004 if (!rc && inode)
1005 fsstack_copy_attr_all(inode, d_inode(lower_dentry));
1006out:
1007 return rc;
1008}
1009
1010ssize_t
1011ecryptfs_getxattr_lower(struct dentry *lower_dentry, struct inode *lower_inode,
1012 const char *name, void *value, size_t size)
1013{
1014 int rc;
1015
1016 if (!(lower_inode->i_opflags & IOP_XATTR)) {
1017 rc = -EOPNOTSUPP;
1018 goto out;
1019 }
1020 inode_lock(lower_inode);
1021 rc = __vfs_getxattr(lower_dentry, lower_inode, name, value, size);
1022 inode_unlock(lower_inode);
1023out:
1024 return rc;
1025}
1026
1027static ssize_t
1028ecryptfs_getxattr(struct dentry *dentry, struct inode *inode,
1029 const char *name, void *value, size_t size)
1030{
1031 return ecryptfs_getxattr_lower(ecryptfs_dentry_to_lower(dentry),
1032 ecryptfs_inode_to_lower(inode),
1033 name, value, size);
1034}
1035
1036static ssize_t
1037ecryptfs_listxattr(struct dentry *dentry, char *list, size_t size)
1038{
1039 int rc = 0;
1040 struct dentry *lower_dentry;
1041
1042 lower_dentry = ecryptfs_dentry_to_lower(dentry);
1043 if (!d_inode(lower_dentry)->i_op->listxattr) {
1044 rc = -EOPNOTSUPP;
1045 goto out;
1046 }
1047 inode_lock(d_inode(lower_dentry));
1048 rc = d_inode(lower_dentry)->i_op->listxattr(lower_dentry, list, size);
1049 inode_unlock(d_inode(lower_dentry));
1050out:
1051 return rc;
1052}
1053
1054static int ecryptfs_removexattr(struct dentry *dentry, struct inode *inode,
1055 const char *name)
1056{
1057 int rc;
1058 struct dentry *lower_dentry;
1059 struct inode *lower_inode;
1060
1061 lower_dentry = ecryptfs_dentry_to_lower(dentry);
1062 lower_inode = ecryptfs_inode_to_lower(inode);
1063 if (!(lower_inode->i_opflags & IOP_XATTR)) {
1064 rc = -EOPNOTSUPP;
1065 goto out;
1066 }
1067 inode_lock(lower_inode);
1068 rc = __vfs_removexattr(lower_dentry, name);
1069 inode_unlock(lower_inode);
1070out:
1071 return rc;
1072}
1073
1074const struct inode_operations ecryptfs_symlink_iops = {
1075 .get_link = ecryptfs_get_link,
1076 .permission = ecryptfs_permission,
1077 .setattr = ecryptfs_setattr,
1078 .getattr = ecryptfs_getattr_link,
1079 .listxattr = ecryptfs_listxattr,
1080};
1081
1082const struct inode_operations ecryptfs_dir_iops = {
1083 .create = ecryptfs_create,
1084 .lookup = ecryptfs_lookup,
1085 .link = ecryptfs_link,
1086 .unlink = ecryptfs_unlink,
1087 .symlink = ecryptfs_symlink,
1088 .mkdir = ecryptfs_mkdir,
1089 .rmdir = ecryptfs_rmdir,
1090 .mknod = ecryptfs_mknod,
1091 .rename = ecryptfs_rename,
1092 .permission = ecryptfs_permission,
1093 .setattr = ecryptfs_setattr,
1094 .listxattr = ecryptfs_listxattr,
1095};
1096
1097const struct inode_operations ecryptfs_main_iops = {
1098 .permission = ecryptfs_permission,
1099 .setattr = ecryptfs_setattr,
1100 .getattr = ecryptfs_getattr,
1101 .listxattr = ecryptfs_listxattr,
1102};
1103
1104static int ecryptfs_xattr_get(const struct xattr_handler *handler,
1105 struct dentry *dentry, struct inode *inode,
1106 const char *name, void *buffer, size_t size)
1107{
1108 return ecryptfs_getxattr(dentry, inode, name, buffer, size);
1109}
1110
1111static int ecryptfs_xattr_set(const struct xattr_handler *handler,
1112 struct dentry *dentry, struct inode *inode,
1113 const char *name, const void *value, size_t size,
1114 int flags)
1115{
1116 if (value)
1117 return ecryptfs_setxattr(dentry, inode, name, value, size, flags);
1118 else {
1119 BUG_ON(flags != XATTR_REPLACE);
1120 return ecryptfs_removexattr(dentry, inode, name);
1121 }
1122}
1123
1124static const struct xattr_handler ecryptfs_xattr_handler = {
1125 .prefix = "",
1126 .get = ecryptfs_xattr_get,
1127 .set = ecryptfs_xattr_set,
1128};
1129
1130const struct xattr_handler *ecryptfs_xattr_handlers[] = {
1131 &ecryptfs_xattr_handler,
1132 NULL
1133};
1134