1
2
3
4
5
6
7
8
9
10
11
12
13#ifndef _LINUX_FSCRYPT_H
14#define _LINUX_FSCRYPT_H
15
16#include <linux/fs.h>
17#include <linux/mm.h>
18#include <linux/slab.h>
19#include <uapi/linux/fscrypt.h>
20
21#define FS_CRYPTO_BLOCK_SIZE 16
22
23union fscrypt_policy;
24struct fscrypt_info;
25struct seq_file;
26
27struct fscrypt_str {
28 unsigned char *name;
29 u32 len;
30};
31
32struct fscrypt_name {
33 const struct qstr *usr_fname;
34 struct fscrypt_str disk_name;
35 u32 hash;
36 u32 minor_hash;
37 struct fscrypt_str crypto_buf;
38 bool is_nokey_name;
39};
40
41#define FSTR_INIT(n, l) { .name = n, .len = l }
42#define FSTR_TO_QSTR(f) QSTR_INIT((f)->name, (f)->len)
43#define fname_name(p) ((p)->disk_name.name)
44#define fname_len(p) ((p)->disk_name.len)
45
46
47#define FSCRYPT_SET_CONTEXT_MAX_SIZE 40
48
49#ifdef CONFIG_FS_ENCRYPTION
50
51
52
53
54
55
56#define FS_CFLG_OWN_PAGES (1U << 1)
57
58
59struct fscrypt_operations {
60
61
62 unsigned int flags;
63
64
65
66
67
68
69
70 const char *key_prefix;
71
72
73
74
75
76
77
78
79
80
81
82
83
84 int (*get_context)(struct inode *inode, void *ctx, size_t len);
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102 int (*set_context)(struct inode *inode, const void *ctx, size_t len,
103 void *fs_data);
104
105
106
107
108
109
110
111
112
113
114 const union fscrypt_policy *(*get_dummy_policy)(struct super_block *sb);
115
116
117
118
119 bool (*empty_dir)(struct inode *inode);
120
121
122 unsigned int max_namelen;
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138 bool (*has_stable_inodes)(struct super_block *sb);
139
140
141
142
143
144
145
146
147
148
149
150
151
152 void (*get_ino_and_lblk_bits)(struct super_block *sb,
153 int *ino_bits_ret, int *lblk_bits_ret);
154
155
156
157
158
159
160
161
162
163
164 int (*get_num_devices)(struct super_block *sb);
165
166
167
168
169
170
171
172 void (*get_devices)(struct super_block *sb,
173 struct request_queue **devs);
174};
175
176static inline struct fscrypt_info *fscrypt_get_info(const struct inode *inode)
177{
178
179
180
181
182
183
184 return smp_load_acquire(&inode->i_crypt_info);
185}
186
187
188
189
190
191
192
193
194
195
196
197
198static inline bool fscrypt_needs_contents_encryption(const struct inode *inode)
199{
200 return IS_ENCRYPTED(inode) && S_ISREG(inode->i_mode);
201}
202
203
204
205
206
207
208
209
210static inline void fscrypt_handle_d_move(struct dentry *dentry)
211{
212 dentry->d_flags &= ~DCACHE_NOKEY_NAME;
213}
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239static inline bool fscrypt_is_nokey_name(const struct dentry *dentry)
240{
241 return dentry->d_flags & DCACHE_NOKEY_NAME;
242}
243
244
245void fscrypt_enqueue_decrypt_work(struct work_struct *);
246
247struct page *fscrypt_encrypt_pagecache_blocks(struct page *page,
248 unsigned int len,
249 unsigned int offs,
250 gfp_t gfp_flags);
251int fscrypt_encrypt_block_inplace(const struct inode *inode, struct page *page,
252 unsigned int len, unsigned int offs,
253 u64 lblk_num, gfp_t gfp_flags);
254
255int fscrypt_decrypt_pagecache_blocks(struct page *page, unsigned int len,
256 unsigned int offs);
257int fscrypt_decrypt_block_inplace(const struct inode *inode, struct page *page,
258 unsigned int len, unsigned int offs,
259 u64 lblk_num);
260
261static inline bool fscrypt_is_bounce_page(struct page *page)
262{
263 return page->mapping == NULL;
264}
265
266static inline struct page *fscrypt_pagecache_page(struct page *bounce_page)
267{
268 return (struct page *)page_private(bounce_page);
269}
270
271void fscrypt_free_bounce_page(struct page *bounce_page);
272
273
274int fscrypt_ioctl_set_policy(struct file *filp, const void __user *arg);
275int fscrypt_ioctl_get_policy(struct file *filp, void __user *arg);
276int fscrypt_ioctl_get_policy_ex(struct file *filp, void __user *arg);
277int fscrypt_ioctl_get_nonce(struct file *filp, void __user *arg);
278int fscrypt_has_permitted_context(struct inode *parent, struct inode *child);
279int fscrypt_set_context(struct inode *inode, void *fs_data);
280
281struct fscrypt_dummy_policy {
282 const union fscrypt_policy *policy;
283};
284
285int fscrypt_set_test_dummy_encryption(struct super_block *sb, const char *arg,
286 struct fscrypt_dummy_policy *dummy_policy);
287void fscrypt_show_test_dummy_encryption(struct seq_file *seq, char sep,
288 struct super_block *sb);
289static inline void
290fscrypt_free_dummy_policy(struct fscrypt_dummy_policy *dummy_policy)
291{
292 kfree(dummy_policy->policy);
293 dummy_policy->policy = NULL;
294}
295
296
297void fscrypt_sb_free(struct super_block *sb);
298int fscrypt_ioctl_add_key(struct file *filp, void __user *arg);
299int fscrypt_ioctl_remove_key(struct file *filp, void __user *arg);
300int fscrypt_ioctl_remove_key_all_users(struct file *filp, void __user *arg);
301int fscrypt_ioctl_get_key_status(struct file *filp, void __user *arg);
302
303
304int fscrypt_prepare_new_inode(struct inode *dir, struct inode *inode,
305 bool *encrypt_ret);
306void fscrypt_put_encryption_info(struct inode *inode);
307void fscrypt_free_inode(struct inode *inode);
308int fscrypt_drop_inode(struct inode *inode);
309
310
311int fscrypt_setup_filename(struct inode *inode, const struct qstr *iname,
312 int lookup, struct fscrypt_name *fname);
313
314static inline void fscrypt_free_filename(struct fscrypt_name *fname)
315{
316 kfree(fname->crypto_buf.name);
317}
318
319int fscrypt_fname_alloc_buffer(u32 max_encrypted_len,
320 struct fscrypt_str *crypto_str);
321void fscrypt_fname_free_buffer(struct fscrypt_str *crypto_str);
322int fscrypt_fname_disk_to_usr(const struct inode *inode,
323 u32 hash, u32 minor_hash,
324 const struct fscrypt_str *iname,
325 struct fscrypt_str *oname);
326bool fscrypt_match_name(const struct fscrypt_name *fname,
327 const u8 *de_name, u32 de_name_len);
328u64 fscrypt_fname_siphash(const struct inode *dir, const struct qstr *name);
329int fscrypt_d_revalidate(struct dentry *dentry, unsigned int flags);
330
331
332void fscrypt_decrypt_bio(struct bio *bio);
333int fscrypt_zeroout_range(const struct inode *inode, pgoff_t lblk,
334 sector_t pblk, unsigned int len);
335
336
337int fscrypt_file_open(struct inode *inode, struct file *filp);
338int __fscrypt_prepare_link(struct inode *inode, struct inode *dir,
339 struct dentry *dentry);
340int __fscrypt_prepare_rename(struct inode *old_dir, struct dentry *old_dentry,
341 struct inode *new_dir, struct dentry *new_dentry,
342 unsigned int flags);
343int __fscrypt_prepare_lookup(struct inode *dir, struct dentry *dentry,
344 struct fscrypt_name *fname);
345int __fscrypt_prepare_readdir(struct inode *dir);
346int __fscrypt_prepare_setattr(struct dentry *dentry, struct iattr *attr);
347int fscrypt_prepare_setflags(struct inode *inode,
348 unsigned int oldflags, unsigned int flags);
349int fscrypt_prepare_symlink(struct inode *dir, const char *target,
350 unsigned int len, unsigned int max_len,
351 struct fscrypt_str *disk_link);
352int __fscrypt_encrypt_symlink(struct inode *inode, const char *target,
353 unsigned int len, struct fscrypt_str *disk_link);
354const char *fscrypt_get_symlink(struct inode *inode, const void *caddr,
355 unsigned int max_size,
356 struct delayed_call *done);
357int fscrypt_symlink_getattr(const struct path *path, struct kstat *stat);
358static inline void fscrypt_set_ops(struct super_block *sb,
359 const struct fscrypt_operations *s_cop)
360{
361 sb->s_cop = s_cop;
362}
363#else
364
365static inline struct fscrypt_info *fscrypt_get_info(const struct inode *inode)
366{
367 return NULL;
368}
369
370static inline bool fscrypt_needs_contents_encryption(const struct inode *inode)
371{
372 return false;
373}
374
375static inline void fscrypt_handle_d_move(struct dentry *dentry)
376{
377}
378
379static inline bool fscrypt_is_nokey_name(const struct dentry *dentry)
380{
381 return false;
382}
383
384
385static inline void fscrypt_enqueue_decrypt_work(struct work_struct *work)
386{
387}
388
389static inline struct page *fscrypt_encrypt_pagecache_blocks(struct page *page,
390 unsigned int len,
391 unsigned int offs,
392 gfp_t gfp_flags)
393{
394 return ERR_PTR(-EOPNOTSUPP);
395}
396
397static inline int fscrypt_encrypt_block_inplace(const struct inode *inode,
398 struct page *page,
399 unsigned int len,
400 unsigned int offs, u64 lblk_num,
401 gfp_t gfp_flags)
402{
403 return -EOPNOTSUPP;
404}
405
406static inline int fscrypt_decrypt_pagecache_blocks(struct page *page,
407 unsigned int len,
408 unsigned int offs)
409{
410 return -EOPNOTSUPP;
411}
412
413static inline int fscrypt_decrypt_block_inplace(const struct inode *inode,
414 struct page *page,
415 unsigned int len,
416 unsigned int offs, u64 lblk_num)
417{
418 return -EOPNOTSUPP;
419}
420
421static inline bool fscrypt_is_bounce_page(struct page *page)
422{
423 return false;
424}
425
426static inline struct page *fscrypt_pagecache_page(struct page *bounce_page)
427{
428 WARN_ON_ONCE(1);
429 return ERR_PTR(-EINVAL);
430}
431
432static inline void fscrypt_free_bounce_page(struct page *bounce_page)
433{
434}
435
436
437static inline int fscrypt_ioctl_set_policy(struct file *filp,
438 const void __user *arg)
439{
440 return -EOPNOTSUPP;
441}
442
443static inline int fscrypt_ioctl_get_policy(struct file *filp, void __user *arg)
444{
445 return -EOPNOTSUPP;
446}
447
448static inline int fscrypt_ioctl_get_policy_ex(struct file *filp,
449 void __user *arg)
450{
451 return -EOPNOTSUPP;
452}
453
454static inline int fscrypt_ioctl_get_nonce(struct file *filp, void __user *arg)
455{
456 return -EOPNOTSUPP;
457}
458
459static inline int fscrypt_has_permitted_context(struct inode *parent,
460 struct inode *child)
461{
462 return 0;
463}
464
465static inline int fscrypt_set_context(struct inode *inode, void *fs_data)
466{
467 return -EOPNOTSUPP;
468}
469
470struct fscrypt_dummy_policy {
471};
472
473static inline void fscrypt_show_test_dummy_encryption(struct seq_file *seq,
474 char sep,
475 struct super_block *sb)
476{
477}
478
479static inline void
480fscrypt_free_dummy_policy(struct fscrypt_dummy_policy *dummy_policy)
481{
482}
483
484
485static inline void fscrypt_sb_free(struct super_block *sb)
486{
487}
488
489static inline int fscrypt_ioctl_add_key(struct file *filp, void __user *arg)
490{
491 return -EOPNOTSUPP;
492}
493
494static inline int fscrypt_ioctl_remove_key(struct file *filp, void __user *arg)
495{
496 return -EOPNOTSUPP;
497}
498
499static inline int fscrypt_ioctl_remove_key_all_users(struct file *filp,
500 void __user *arg)
501{
502 return -EOPNOTSUPP;
503}
504
505static inline int fscrypt_ioctl_get_key_status(struct file *filp,
506 void __user *arg)
507{
508 return -EOPNOTSUPP;
509}
510
511
512
513static inline int fscrypt_prepare_new_inode(struct inode *dir,
514 struct inode *inode,
515 bool *encrypt_ret)
516{
517 if (IS_ENCRYPTED(dir))
518 return -EOPNOTSUPP;
519 return 0;
520}
521
522static inline void fscrypt_put_encryption_info(struct inode *inode)
523{
524 return;
525}
526
527static inline void fscrypt_free_inode(struct inode *inode)
528{
529}
530
531static inline int fscrypt_drop_inode(struct inode *inode)
532{
533 return 0;
534}
535
536
537static inline int fscrypt_setup_filename(struct inode *dir,
538 const struct qstr *iname,
539 int lookup, struct fscrypt_name *fname)
540{
541 if (IS_ENCRYPTED(dir))
542 return -EOPNOTSUPP;
543
544 memset(fname, 0, sizeof(*fname));
545 fname->usr_fname = iname;
546 fname->disk_name.name = (unsigned char *)iname->name;
547 fname->disk_name.len = iname->len;
548 return 0;
549}
550
551static inline void fscrypt_free_filename(struct fscrypt_name *fname)
552{
553 return;
554}
555
556static inline int fscrypt_fname_alloc_buffer(u32 max_encrypted_len,
557 struct fscrypt_str *crypto_str)
558{
559 return -EOPNOTSUPP;
560}
561
562static inline void fscrypt_fname_free_buffer(struct fscrypt_str *crypto_str)
563{
564 return;
565}
566
567static inline int fscrypt_fname_disk_to_usr(const struct inode *inode,
568 u32 hash, u32 minor_hash,
569 const struct fscrypt_str *iname,
570 struct fscrypt_str *oname)
571{
572 return -EOPNOTSUPP;
573}
574
575static inline bool fscrypt_match_name(const struct fscrypt_name *fname,
576 const u8 *de_name, u32 de_name_len)
577{
578
579 if (de_name_len != fname->disk_name.len)
580 return false;
581 return !memcmp(de_name, fname->disk_name.name, fname->disk_name.len);
582}
583
584static inline u64 fscrypt_fname_siphash(const struct inode *dir,
585 const struct qstr *name)
586{
587 WARN_ON_ONCE(1);
588 return 0;
589}
590
591static inline int fscrypt_d_revalidate(struct dentry *dentry,
592 unsigned int flags)
593{
594 return 1;
595}
596
597
598static inline void fscrypt_decrypt_bio(struct bio *bio)
599{
600}
601
602static inline int fscrypt_zeroout_range(const struct inode *inode, pgoff_t lblk,
603 sector_t pblk, unsigned int len)
604{
605 return -EOPNOTSUPP;
606}
607
608
609
610static inline int fscrypt_file_open(struct inode *inode, struct file *filp)
611{
612 if (IS_ENCRYPTED(inode))
613 return -EOPNOTSUPP;
614 return 0;
615}
616
617static inline int __fscrypt_prepare_link(struct inode *inode, struct inode *dir,
618 struct dentry *dentry)
619{
620 return -EOPNOTSUPP;
621}
622
623static inline int __fscrypt_prepare_rename(struct inode *old_dir,
624 struct dentry *old_dentry,
625 struct inode *new_dir,
626 struct dentry *new_dentry,
627 unsigned int flags)
628{
629 return -EOPNOTSUPP;
630}
631
632static inline int __fscrypt_prepare_lookup(struct inode *dir,
633 struct dentry *dentry,
634 struct fscrypt_name *fname)
635{
636 return -EOPNOTSUPP;
637}
638
639static inline int __fscrypt_prepare_readdir(struct inode *dir)
640{
641 return -EOPNOTSUPP;
642}
643
644static inline int __fscrypt_prepare_setattr(struct dentry *dentry,
645 struct iattr *attr)
646{
647 return -EOPNOTSUPP;
648}
649
650static inline int fscrypt_prepare_setflags(struct inode *inode,
651 unsigned int oldflags,
652 unsigned int flags)
653{
654 return 0;
655}
656
657static inline int fscrypt_prepare_symlink(struct inode *dir,
658 const char *target,
659 unsigned int len,
660 unsigned int max_len,
661 struct fscrypt_str *disk_link)
662{
663 if (IS_ENCRYPTED(dir))
664 return -EOPNOTSUPP;
665 disk_link->name = (unsigned char *)target;
666 disk_link->len = len + 1;
667 if (disk_link->len > max_len)
668 return -ENAMETOOLONG;
669 return 0;
670}
671
672static inline int __fscrypt_encrypt_symlink(struct inode *inode,
673 const char *target,
674 unsigned int len,
675 struct fscrypt_str *disk_link)
676{
677 return -EOPNOTSUPP;
678}
679
680static inline const char *fscrypt_get_symlink(struct inode *inode,
681 const void *caddr,
682 unsigned int max_size,
683 struct delayed_call *done)
684{
685 return ERR_PTR(-EOPNOTSUPP);
686}
687
688static inline int fscrypt_symlink_getattr(const struct path *path,
689 struct kstat *stat)
690{
691 return -EOPNOTSUPP;
692}
693
694static inline void fscrypt_set_ops(struct super_block *sb,
695 const struct fscrypt_operations *s_cop)
696{
697}
698
699#endif
700
701
702#ifdef CONFIG_FS_ENCRYPTION_INLINE_CRYPT
703
704bool __fscrypt_inode_uses_inline_crypto(const struct inode *inode);
705
706void fscrypt_set_bio_crypt_ctx(struct bio *bio,
707 const struct inode *inode, u64 first_lblk,
708 gfp_t gfp_mask);
709
710void fscrypt_set_bio_crypt_ctx_bh(struct bio *bio,
711 const struct buffer_head *first_bh,
712 gfp_t gfp_mask);
713
714bool fscrypt_mergeable_bio(struct bio *bio, const struct inode *inode,
715 u64 next_lblk);
716
717bool fscrypt_mergeable_bio_bh(struct bio *bio,
718 const struct buffer_head *next_bh);
719
720#else
721
722static inline bool __fscrypt_inode_uses_inline_crypto(const struct inode *inode)
723{
724 return false;
725}
726
727static inline void fscrypt_set_bio_crypt_ctx(struct bio *bio,
728 const struct inode *inode,
729 u64 first_lblk, gfp_t gfp_mask) { }
730
731static inline void fscrypt_set_bio_crypt_ctx_bh(
732 struct bio *bio,
733 const struct buffer_head *first_bh,
734 gfp_t gfp_mask) { }
735
736static inline bool fscrypt_mergeable_bio(struct bio *bio,
737 const struct inode *inode,
738 u64 next_lblk)
739{
740 return true;
741}
742
743static inline bool fscrypt_mergeable_bio_bh(struct bio *bio,
744 const struct buffer_head *next_bh)
745{
746 return true;
747}
748#endif
749
750
751
752
753
754
755
756
757
758
759static inline bool fscrypt_inode_uses_inline_crypto(const struct inode *inode)
760{
761 return fscrypt_needs_contents_encryption(inode) &&
762 __fscrypt_inode_uses_inline_crypto(inode);
763}
764
765
766
767
768
769
770
771
772
773
774static inline bool fscrypt_inode_uses_fs_layer_crypto(const struct inode *inode)
775{
776 return fscrypt_needs_contents_encryption(inode) &&
777 !__fscrypt_inode_uses_inline_crypto(inode);
778}
779
780
781
782
783
784
785
786
787
788
789static inline bool fscrypt_has_encryption_key(const struct inode *inode)
790{
791 return fscrypt_get_info(inode) != NULL;
792}
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812static inline int fscrypt_prepare_link(struct dentry *old_dentry,
813 struct inode *dir,
814 struct dentry *dentry)
815{
816 if (IS_ENCRYPTED(dir))
817 return __fscrypt_prepare_link(d_inode(old_dentry), dir, dentry);
818 return 0;
819}
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843static inline int fscrypt_prepare_rename(struct inode *old_dir,
844 struct dentry *old_dentry,
845 struct inode *new_dir,
846 struct dentry *new_dentry,
847 unsigned int flags)
848{
849 if (IS_ENCRYPTED(old_dir) || IS_ENCRYPTED(new_dir))
850 return __fscrypt_prepare_rename(old_dir, old_dentry,
851 new_dir, new_dentry, flags);
852 return 0;
853}
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878static inline int fscrypt_prepare_lookup(struct inode *dir,
879 struct dentry *dentry,
880 struct fscrypt_name *fname)
881{
882 if (IS_ENCRYPTED(dir))
883 return __fscrypt_prepare_lookup(dir, dentry, fname);
884
885 memset(fname, 0, sizeof(*fname));
886 fname->usr_fname = &dentry->d_name;
887 fname->disk_name.name = (unsigned char *)dentry->d_name.name;
888 fname->disk_name.len = dentry->d_name.len;
889 return 0;
890}
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905static inline int fscrypt_prepare_readdir(struct inode *dir)
906{
907 if (IS_ENCRYPTED(dir))
908 return __fscrypt_prepare_readdir(dir);
909 return 0;
910}
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930static inline int fscrypt_prepare_setattr(struct dentry *dentry,
931 struct iattr *attr)
932{
933 if (IS_ENCRYPTED(d_inode(dentry)))
934 return __fscrypt_prepare_setattr(dentry, attr);
935 return 0;
936}
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953static inline int fscrypt_encrypt_symlink(struct inode *inode,
954 const char *target,
955 unsigned int len,
956 struct fscrypt_str *disk_link)
957{
958 if (IS_ENCRYPTED(inode))
959 return __fscrypt_encrypt_symlink(inode, target, len, disk_link);
960 return 0;
961}
962
963
964static inline void fscrypt_finalize_bounce_page(struct page **pagep)
965{
966 struct page *page = *pagep;
967
968 if (fscrypt_is_bounce_page(page)) {
969 *pagep = fscrypt_pagecache_page(page);
970 fscrypt_free_bounce_page(page);
971 }
972}
973
974#endif
975