aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJaegeuk Kim <jaegeuk@kernel.org>2016-07-10 14:01:03 -0400
committerTheodore Ts'o <tytso@mit.edu>2016-07-10 14:01:03 -0400
commita7550b30ab709ffb9bbe48669adf7d8556f3698f (patch)
tree5ed986d93b2df41cad68bdfa0851604bb039d1d1
parentff0031d848a0cd7002606f9feef958de8d5edf19 (diff)
ext4 crypto: migrate into vfs's crypto engine
This patch removes the most parts of internal crypto codes. And then, it modifies and adds some ext4-specific crypt codes to use the generic facility. Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Diffstat
-rw-r--r--fs/ext4/Kconfig12
-rw-r--r--fs/ext4/Makefile2
-rw-r--r--fs/ext4/crypto.c536
-rw-r--r--fs/ext4/crypto_fname.c468
-rw-r--r--fs/ext4/crypto_key.c274
-rw-r--r--fs/ext4/crypto_policy.c229
-rw-r--r--fs/ext4/dir.c26
-rw-r--r--fs/ext4/ext4.h208
-rw-r--r--fs/ext4/ext4_crypto.h159
-rw-r--r--fs/ext4/file.c10
-rw-r--r--fs/ext4/ialloc.c7
-rw-r--r--fs/ext4/inline.c14
-rw-r--r--fs/ext4/inode.c8
-rw-r--r--fs/ext4/ioctl.c20
-rw-r--r--fs/ext4/namei.c131
-rw-r--r--fs/ext4/page-io.c13
-rw-r--r--fs/ext4/readpage.c45
-rw-r--r--fs/ext4/super.c97
-rw-r--r--fs/ext4/symlink.c35
19 files changed, 297 insertions, 1997 deletions
diff --git a/fs/ext4/Kconfig b/fs/ext4/Kconfig
index b46e9fc64196..e38039fd96ff 100644
--- a/fs/ext4/Kconfig
+++ b/fs/ext4/Kconfig
@@ -99,17 +99,9 @@ config EXT4_FS_SECURITY
99 extended attributes for file security labels, say N. 99 extended attributes for file security labels, say N.
100 100
101config EXT4_ENCRYPTION 101config EXT4_ENCRYPTION
102 tristate "Ext4 Encryption" 102 bool "Ext4 Encryption"
103 depends on EXT4_FS 103 depends on EXT4_FS
104 select CRYPTO_AES 104 select FS_ENCRYPTION
105 select CRYPTO_CBC
106 select CRYPTO_ECB
107 select CRYPTO_XTS
108 select CRYPTO_CTS
109 select CRYPTO_CTR
110 select CRYPTO_SHA256
111 select KEYS
112 select ENCRYPTED_KEYS
113 help 105 help
114 Enable encryption of ext4 files and directories. This 106 Enable encryption of ext4 files and directories. This
115 feature is similar to ecryptfs, but it is more memory 107 feature is similar to ecryptfs, but it is more memory
diff --git a/fs/ext4/Makefile b/fs/ext4/Makefile
index f52cf54f0cbc..354103f3490c 100644
--- a/fs/ext4/Makefile
+++ b/fs/ext4/Makefile
@@ -12,5 +12,3 @@ ext4-y := balloc.o bitmap.o dir.o file.o fsync.o ialloc.o inode.o page-io.o \
12 12
13ext4-$(CONFIG_EXT4_FS_POSIX_ACL) += acl.o 13ext4-$(CONFIG_EXT4_FS_POSIX_ACL) += acl.o
14ext4-$(CONFIG_EXT4_FS_SECURITY) += xattr_security.o 14ext4-$(CONFIG_EXT4_FS_SECURITY) += xattr_security.o
15ext4-$(CONFIG_EXT4_FS_ENCRYPTION) += crypto_policy.o crypto.o \
16 crypto_key.o crypto_fname.o
diff --git a/fs/ext4/crypto.c b/fs/ext4/crypto.c
deleted file mode 100644
index 6a6c27373b54..000000000000
--- a/fs/ext4/crypto.c
+++ /dev/null
@@ -1,536 +0,0 @@
1/*
2 * linux/fs/ext4/crypto.c
3 *
4 * Copyright (C) 2015, Google, Inc.
5 *
6 * This contains encryption functions for ext4
7 *
8 * Written by Michael Halcrow, 2014.
9 *
10 * Filename encryption additions
11 * Uday Savagaonkar, 2014
12 * Encryption policy handling additions
13 * Ildar Muslukhov, 2014
14 *
15 * This has not yet undergone a rigorous security audit.
16 *
17 * The usage of AES-XTS should conform to recommendations in NIST
18 * Special Publication 800-38E and IEEE P1619/D16.
19 */
20
21#include <crypto/skcipher.h>
22#include <keys/user-type.h>
23#include <keys/encrypted-type.h>
24#include <linux/ecryptfs.h>
25#include <linux/gfp.h>
26#include <linux/kernel.h>
27#include <linux/key.h>
28#include <linux/list.h>
29#include <linux/mempool.h>
30#include <linux/module.h>
31#include <linux/mutex.h>
32#include <linux/random.h>
33#include <linux/scatterlist.h>
34#include <linux/spinlock_types.h>
35#include <linux/namei.h>
36
37#include "ext4_extents.h"
38#include "xattr.h"
39
40/* Encryption added and removed here! (L: */
41
42static unsigned int num_prealloc_crypto_pages = 32;
43static unsigned int num_prealloc_crypto_ctxs = 128;
44
45module_param(num_prealloc_crypto_pages, uint, 0444);
46MODULE_PARM_DESC(num_prealloc_crypto_pages,
47 "Number of crypto pages to preallocate");
48module_param(num_prealloc_crypto_ctxs, uint, 0444);
49MODULE_PARM_DESC(num_prealloc_crypto_ctxs,
50 "Number of crypto contexts to preallocate");
51
52static mempool_t *ext4_bounce_page_pool;
53
54static LIST_HEAD(ext4_free_crypto_ctxs);
55static DEFINE_SPINLOCK(ext4_crypto_ctx_lock);
56
57static struct kmem_cache *ext4_crypto_ctx_cachep;
58struct kmem_cache *ext4_crypt_info_cachep;
59
60/**
61 * ext4_release_crypto_ctx() - Releases an encryption context
62 * @ctx: The encryption context to release.
63 *
64 * If the encryption context was allocated from the pre-allocated pool, returns
65 * it to that pool. Else, frees it.
66 *
67 * If there's a bounce page in the context, this frees that.
68 */
69void ext4_release_crypto_ctx(struct ext4_crypto_ctx *ctx)
70{
71 unsigned long flags;
72
73 if (ctx->flags & EXT4_WRITE_PATH_FL && ctx->w.bounce_page)
74 mempool_free(ctx->w.bounce_page, ext4_bounce_page_pool);
75 ctx->w.bounce_page = NULL;
76 ctx->w.control_page = NULL;
77 if (ctx->flags & EXT4_CTX_REQUIRES_FREE_ENCRYPT_FL) {
78 kmem_cache_free(ext4_crypto_ctx_cachep, ctx);
79 } else {
80 spin_lock_irqsave(&ext4_crypto_ctx_lock, flags);
81 list_add(&ctx->free_list, &ext4_free_crypto_ctxs);
82 spin_unlock_irqrestore(&ext4_crypto_ctx_lock, flags);
83 }
84}
85
86/**
87 * ext4_get_crypto_ctx() - Gets an encryption context
88 * @inode: The inode for which we are doing the crypto
89 *
90 * Allocates and initializes an encryption context.
91 *
92 * Return: An allocated and initialized encryption context on success; error
93 * value or NULL otherwise.
94 */
95struct ext4_crypto_ctx *ext4_get_crypto_ctx(struct inode *inode,
96 gfp_t gfp_flags)
97{
98 struct ext4_crypto_ctx *ctx = NULL;
99 int res = 0;
100 unsigned long flags;
101 struct ext4_crypt_info *ci = EXT4_I(inode)->i_crypt_info;
102
103 if (ci == NULL)
104 return ERR_PTR(-ENOKEY);
105
106 /*
107 * We first try getting the ctx from a free list because in
108 * the common case the ctx will have an allocated and
109 * initialized crypto tfm, so it's probably a worthwhile
110 * optimization. For the bounce page, we first try getting it
111 * from the kernel allocator because that's just about as fast
112 * as getting it from a list and because a cache of free pages
113 * should generally be a "last resort" option for a filesystem
114 * to be able to do its job.
115 */
116 spin_lock_irqsave(&ext4_crypto_ctx_lock, flags);
117 ctx = list_first_entry_or_null(&ext4_free_crypto_ctxs,
118 struct ext4_crypto_ctx, free_list);
119 if (ctx)
120 list_del(&ctx->free_list);
121 spin_unlock_irqrestore(&ext4_crypto_ctx_lock, flags);
122 if (!ctx) {
123 ctx = kmem_cache_zalloc(ext4_crypto_ctx_cachep, gfp_flags);
124 if (!ctx) {
125 res = -ENOMEM;
126 goto out;
127 }
128 ctx->flags |= EXT4_CTX_REQUIRES_FREE_ENCRYPT_FL;
129 } else {
130 ctx->flags &= ~EXT4_CTX_REQUIRES_FREE_ENCRYPT_FL;
131 }
132 ctx->flags &= ~EXT4_WRITE_PATH_FL;
133
134out:
135 if (res) {
136 if (!IS_ERR_OR_NULL(ctx))
137 ext4_release_crypto_ctx(ctx);
138 ctx = ERR_PTR(res);
139 }
140 return ctx;
141}
142
143struct workqueue_struct *ext4_read_workqueue;
144static DEFINE_MUTEX(crypto_init);
145
146/**
147 * ext4_exit_crypto() - Shutdown the ext4 encryption system
148 */
149void ext4_exit_crypto(void)
150{
151 struct ext4_crypto_ctx *pos, *n;
152
153 list_for_each_entry_safe(pos, n, &ext4_free_crypto_ctxs, free_list)
154 kmem_cache_free(ext4_crypto_ctx_cachep, pos);
155 INIT_LIST_HEAD(&ext4_free_crypto_ctxs);
156 if (ext4_bounce_page_pool)
157 mempool_destroy(ext4_bounce_page_pool);
158 ext4_bounce_page_pool = NULL;
159 if (ext4_read_workqueue)
160 destroy_workqueue(ext4_read_workqueue);
161 ext4_read_workqueue = NULL;
162 if (ext4_crypto_ctx_cachep)
163 kmem_cache_destroy(ext4_crypto_ctx_cachep);
164 ext4_crypto_ctx_cachep = NULL;
165 if (ext4_crypt_info_cachep)
166 kmem_cache_destroy(ext4_crypt_info_cachep);
167 ext4_crypt_info_cachep = NULL;
168}
169
170/**
171 * ext4_init_crypto() - Set up for ext4 encryption.
172 *
173 * We only call this when we start accessing encrypted files, since it
174 * results in memory getting allocated that wouldn't otherwise be used.
175 *
176 * Return: Zero on success, non-zero otherwise.
177 */
178int ext4_init_crypto(void)
179{
180 int i, res = -ENOMEM;
181
182 mutex_lock(&crypto_init);
183 if (ext4_read_workqueue)
184 goto already_initialized;
185 ext4_read_workqueue = alloc_workqueue("ext4_crypto", WQ_HIGHPRI, 0);
186 if (!ext4_read_workqueue)
187 goto fail;
188
189 ext4_crypto_ctx_cachep = KMEM_CACHE(ext4_crypto_ctx,
190 SLAB_RECLAIM_ACCOUNT);
191 if (!ext4_crypto_ctx_cachep)
192 goto fail;
193
194 ext4_crypt_info_cachep = KMEM_CACHE(ext4_crypt_info,
195 SLAB_RECLAIM_ACCOUNT);
196 if (!ext4_crypt_info_cachep)
197 goto fail;
198
199 for (i = 0; i < num_prealloc_crypto_ctxs; i++) {
200 struct ext4_crypto_ctx *ctx;
201
202 ctx = kmem_cache_zalloc(ext4_crypto_ctx_cachep, GFP_NOFS);
203 if (!ctx) {
204 res = -ENOMEM;
205 goto fail;
206 }
207 list_add(&ctx->free_list, &ext4_free_crypto_ctxs);
208 }
209
210 ext4_bounce_page_pool =
211 mempool_create_page_pool(num_prealloc_crypto_pages, 0);
212 if (!ext4_bounce_page_pool) {
213 res = -ENOMEM;
214 goto fail;
215 }
216already_initialized:
217 mutex_unlock(&crypto_init);
218 return 0;
219fail:
220 ext4_exit_crypto();
221 mutex_unlock(&crypto_init);
222 return res;
223}
224
225void ext4_restore_control_page(struct page *data_page)
226{
227 struct ext4_crypto_ctx *ctx =
228 (struct ext4_crypto_ctx *)page_private(data_page);
229
230 set_page_private(data_page, (unsigned long)NULL);
231 ClearPagePrivate(data_page);
232 unlock_page(data_page);
233 ext4_release_crypto_ctx(ctx);
234}
235
236/**
237 * ext4_crypt_complete() - The completion callback for page encryption
238 * @req: The asynchronous encryption request context
239 * @res: The result of the encryption operation
240 */
241static void ext4_crypt_complete(struct crypto_async_request *req, int res)
242{
243 struct ext4_completion_result *ecr = req->data;
244
245 if (res == -EINPROGRESS)
246 return;
247 ecr->res = res;
248 complete(&ecr->completion);
249}
250
251typedef enum {
252 EXT4_DECRYPT = 0,
253 EXT4_ENCRYPT,
254} ext4_direction_t;
255
256static int ext4_page_crypto(struct inode *inode,
257 ext4_direction_t rw,
258 pgoff_t index,
259 struct page *src_page,
260 struct page *dest_page,
261 gfp_t gfp_flags)
262
263{
264 u8 xts_tweak[EXT4_XTS_TWEAK_SIZE];
265 struct skcipher_request *req = NULL;
266 DECLARE_EXT4_COMPLETION_RESULT(ecr);
267 struct scatterlist dst, src;
268 struct ext4_crypt_info *ci = EXT4_I(inode)->i_crypt_info;
269 struct crypto_skcipher *tfm = ci->ci_ctfm;
270 int res = 0;
271
272 req = skcipher_request_alloc(tfm, gfp_flags);
273 if (!req) {
274 printk_ratelimited(KERN_ERR
275 "%s: crypto_request_alloc() failed\n",
276 __func__);
277 return -ENOMEM;
278 }
279 skcipher_request_set_callback(
280 req, CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
281 ext4_crypt_complete, &ecr);
282
283 BUILD_BUG_ON(EXT4_XTS_TWEAK_SIZE < sizeof(index));
284 memcpy(xts_tweak, &index, sizeof(index));
285 memset(&xts_tweak[sizeof(index)], 0,
286 EXT4_XTS_TWEAK_SIZE - sizeof(index));
287
288 sg_init_table(&dst, 1);
289 sg_set_page(&dst, dest_page, PAGE_SIZE, 0);
290 sg_init_table(&src, 1);
291 sg_set_page(&src, src_page, PAGE_SIZE, 0);
292 skcipher_request_set_crypt(req, &src, &dst, PAGE_SIZE,
293 xts_tweak);
294 if (rw == EXT4_DECRYPT)
295 res = crypto_skcipher_decrypt(req);
296 else
297 res = crypto_skcipher_encrypt(req);
298 if (res == -EINPROGRESS || res == -EBUSY) {
299 wait_for_completion(&ecr.completion);
300 res = ecr.res;
301 }
302 skcipher_request_free(req);
303 if (res) {
304 printk_ratelimited(
305 KERN_ERR
306 "%s: crypto_skcipher_encrypt() returned %d\n",
307 __func__, res);
308 return res;
309 }
310 return 0;
311}
312
313static struct page *alloc_bounce_page(struct ext4_crypto_ctx *ctx,
314 gfp_t gfp_flags)
315{
316 ctx->w.bounce_page = mempool_alloc(ext4_bounce_page_pool, gfp_flags);
317 if (ctx->w.bounce_page == NULL)
318 return ERR_PTR(-ENOMEM);
319 ctx->flags |= EXT4_WRITE_PATH_FL;
320 return ctx->w.bounce_page;
321}
322
323/**
324 * ext4_encrypt() - Encrypts a page
325 * @inode: The inode for which the encryption should take place
326 * @plaintext_page: The page to encrypt. Must be locked.
327 *
328 * Allocates a ciphertext page and encrypts plaintext_page into it using the ctx
329 * encryption context.
330 *
331 * Called on the page write path. The caller must call
332 * ext4_restore_control_page() on the returned ciphertext page to
333 * release the bounce buffer and the encryption context.
334 *
335 * Return: An allocated page with the encrypted content on success. Else, an
336 * error value or NULL.
337 */
338struct page *ext4_encrypt(struct inode *inode,
339 struct page *plaintext_page,
340 gfp_t gfp_flags)
341{
342 struct ext4_crypto_ctx *ctx;
343 struct page *ciphertext_page = NULL;
344 int err;
345
346 BUG_ON(!PageLocked(plaintext_page));
347
348 ctx = ext4_get_crypto_ctx(inode, gfp_flags);
349 if (IS_ERR(ctx))
350 return (struct page *) ctx;
351
352 /* The encryption operation will require a bounce page. */
353 ciphertext_page = alloc_bounce_page(ctx, gfp_flags);
354 if (IS_ERR(ciphertext_page))
355 goto errout;
356 ctx->w.control_page = plaintext_page;
357 err = ext4_page_crypto(inode, EXT4_ENCRYPT, plaintext_page->index,
358 plaintext_page, ciphertext_page, gfp_flags);
359 if (err) {
360 ciphertext_page = ERR_PTR(err);
361 errout:
362 ext4_release_crypto_ctx(ctx);
363 return ciphertext_page;
364 }
365 SetPagePrivate(ciphertext_page);
366 set_page_private(ciphertext_page, (unsigned long)ctx);
367 lock_page(ciphertext_page);
368 return ciphertext_page;
369}
370
371/**
372 * ext4_decrypt() - Decrypts a page in-place
373 * @ctx: The encryption context.
374 * @page: The page to decrypt. Must be locked.
375 *
376 * Decrypts page in-place using the ctx encryption context.
377 *
378 * Called from the read completion callback.
379 *
380 * Return: Zero on success, non-zero otherwise.
381 */
382int ext4_decrypt(struct page *page)
383{
384 BUG_ON(!PageLocked(page));
385
386 return ext4_page_crypto(page->mapping->host, EXT4_DECRYPT,
387 page->index, page, page, GFP_NOFS);
388}
389
390int ext4_encrypted_zeroout(struct inode *inode, ext4_lblk_t lblk,
391 ext4_fsblk_t pblk, ext4_lblk_t len)
392{
393 struct ext4_crypto_ctx *ctx;
394 struct page *ciphertext_page = NULL;
395 struct bio *bio;
396 int ret, err = 0;
397
398#if 0
399 ext4_msg(inode->i_sb, KERN_CRIT,
400 "ext4_encrypted_zeroout ino %lu lblk %u len %u",
401 (unsigned long) inode->i_ino, lblk, len);
402#endif
403
404 BUG_ON(inode->i_sb->s_blocksize != PAGE_SIZE);
405
406 ctx = ext4_get_crypto_ctx(inode, GFP_NOFS);
407 if (IS_ERR(ctx))
408 return PTR_ERR(ctx);
409
410 ciphertext_page = alloc_bounce_page(ctx, GFP_NOWAIT);
411 if (IS_ERR(ciphertext_page)) {
412 err = PTR_ERR(ciphertext_page);
413 goto errout;
414 }
415
416 while (len--) {
417 err = ext4_page_crypto(inode, EXT4_ENCRYPT, lblk,
418 ZERO_PAGE(0), ciphertext_page,
419 GFP_NOFS);
420 if (err)
421 goto errout;
422
423 bio = bio_alloc(GFP_NOWAIT, 1);
424 if (!bio) {
425 err = -ENOMEM;
426 goto errout;
427 }
428 bio->bi_bdev = inode->i_sb->s_bdev;
429 bio->bi_iter.bi_sector =
430 pblk << (inode->i_sb->s_blocksize_bits - 9);
431 ret = bio_add_page(bio, ciphertext_page,
432 inode->i_sb->s_blocksize, 0);
433 if (ret != inode->i_sb->s_blocksize) {
434 /* should never happen! */
435 ext4_msg(inode->i_sb, KERN_ERR,
436 "bio_add_page failed: %d", ret);
437 WARN_ON(1);
438 bio_put(bio);
439 err = -EIO;
440 goto errout;
441 }
442 err = submit_bio_wait(WRITE, bio);
443 if ((err == 0) && bio->bi_error)
444 err = -EIO;
445 bio_put(bio);
446 if (err)
447 goto errout;
448 lblk++; pblk++;
449 }
450 err = 0;
451errout:
452 ext4_release_crypto_ctx(ctx);
453 return err;
454}
455
456bool ext4_valid_contents_enc_mode(uint32_t mode)
457{
458 return (mode == EXT4_ENCRYPTION_MODE_AES_256_XTS);
459}
460
461/**
462 * ext4_validate_encryption_key_size() - Validate the encryption key size
463 * @mode: The key mode.
464 * @size: The key size to validate.
465 *
466 * Return: The validated key size for @mode. Zero if invalid.
467 */
468uint32_t ext4_validate_encryption_key_size(uint32_t mode, uint32_t size)
469{
470 if (size == ext4_encryption_key_size(mode))
471 return size;
472 return 0;
473}
474
475/*
476 * Validate dentries for encrypted directories to make sure we aren't
477 * potentially caching stale data after a key has been added or
478 * removed.
479 */
480static int ext4_d_revalidate(struct dentry *dentry, unsigned int flags)
481{
482 struct dentry *dir;
483 struct ext4_crypt_info *ci;
484 int dir_has_key, cached_with_key;
485
486 if (flags & LOOKUP_RCU)
487 return -ECHILD;
488
489 dir = dget_parent(dentry);
490 if (!ext4_encrypted_inode(d_inode(dir))) {
491 dput(dir);
492 return 0;
493 }
494 ci = EXT4_I(d_inode(dir))->i_crypt_info;
495 if (ci && ci->ci_keyring_key &&
496 (ci->ci_keyring_key->flags & ((1 << KEY_FLAG_INVALIDATED) |
497 (1 << KEY_FLAG_REVOKED) |
498 (1 << KEY_FLAG_DEAD))))
499 ci = NULL;
500
501 /* this should eventually be an flag in d_flags */
502 cached_with_key = dentry->d_fsdata != NULL;
503 dir_has_key = (ci != NULL);
504 dput(dir);
505
506 /*
507 * If the dentry was cached without the key, and it is a
508 * negative dentry, it might be a valid name. We can't check
509 * if the key has since been made available due to locking
510 * reasons, so we fail the validation so ext4_lookup() can do
511 * this check.
512 *
513 * We also fail the validation if the dentry was created with
514 * the key present, but we no longer have the key, or vice versa.
515 */
516 if ((!cached_with_key && d_is_negative(dentry)) ||
517 (!cached_with_key && dir_has_key) ||
518 (cached_with_key && !dir_has_key)) {
519#if 0 /* Revalidation debug */
520 char buf[80];
521 char *cp = simple_dname(dentry, buf, sizeof(buf));
522
523 if (IS_ERR(cp))
524 cp = (char *) "???";
525 pr_err("revalidate: %s %p %d %d %d\n", cp, dentry->d_fsdata,
526 cached_with_key, d_is_negative(dentry),
527 dir_has_key);
528#endif
529 return 0;
530 }
531 return 1;
532}
533
534const struct dentry_operations ext4_encrypted_d_ops = {
535 .d_revalidate = ext4_d_revalidate,
536};
diff --git a/fs/ext4/crypto_fname.c b/fs/ext4/crypto_fname.c
deleted file mode 100644
index 1a2f360405db..000000000000
--- a/fs/ext4/crypto_fname.c
+++ /dev/null
@@ -1,468 +0,0 @@
1/*
2 * linux/fs/ext4/crypto_fname.c
3 *
4 * Copyright (C) 2015, Google, Inc.
5 *
6 * This contains functions for filename crypto management in ext4
7 *
8 * Written by Uday Savagaonkar, 2014.
9 *
10 * This has not yet undergone a rigorous security audit.
11 *
12 */
13
14#include <crypto/skcipher.h>
15#include <keys/encrypted-type.h>
16#include <keys/user-type.h>
17#include <linux/gfp.h>
18#include <linux/kernel.h>
19#include <linux/key.h>
20#include <linux/list.h>
21#include <linux/mempool.h>
22#include <linux/random.h>
23#include <linux/scatterlist.h>
24#include <linux/spinlock_types.h>
25
26#include "ext4.h"
27#include "ext4_crypto.h"
28#include "xattr.h"
29
30/**
31 * ext4_dir_crypt_complete() -
32 */
33static void ext4_dir_crypt_complete(struct crypto_async_request *req, int res)
34{
35 struct ext4_completion_result *ecr = req->data;
36
37 if (res == -EINPROGRESS)
38 return;
39 ecr->res = res;
40 complete(&ecr->completion);
41}
42
43bool ext4_valid_filenames_enc_mode(uint32_t mode)
44{
45 return (mode == EXT4_ENCRYPTION_MODE_AES_256_CTS);
46}
47
48static unsigned max_name_len(struct inode *inode)
49{
50 return S_ISLNK(inode->i_mode) ? inode->i_sb->s_blocksize :
51 EXT4_NAME_LEN;
52}
53
54/**
55 * ext4_fname_encrypt() -
56 *
57 * This function encrypts the input filename, and returns the length of the
58 * ciphertext. Errors are returned as negative numbers. We trust the caller to
59 * allocate sufficient memory to oname string.
60 */
61static int ext4_fname_encrypt(struct inode *inode,
62 const struct qstr *iname,
63 struct ext4_str *oname)
64{
65 u32 ciphertext_len;
66 struct skcipher_request *req = NULL;
67 DECLARE_EXT4_COMPLETION_RESULT(ecr);
68 struct ext4_crypt_info *ci = EXT4_I(inode)->i_crypt_info;
69 struct crypto_skcipher *tfm = ci->ci_ctfm;
70 int res = 0;
71 char iv[EXT4_CRYPTO_BLOCK_SIZE];
72 struct scatterlist src_sg, dst_sg;
73 int padding = 4 << (ci->ci_flags & EXT4_POLICY_FLAGS_PAD_MASK);
74 char *workbuf, buf[32], *alloc_buf = NULL;
75 unsigned lim = max_name_len(inode);
76
77 if (iname->len <= 0 || iname->len > lim)
78 return -EIO;
79
80 ciphertext_len = (iname->len < EXT4_CRYPTO_BLOCK_SIZE) ?
81 EXT4_CRYPTO_BLOCK_SIZE : iname->len;
82 ciphertext_len = ext4_fname_crypto_round_up(ciphertext_len, padding);
83 ciphertext_len = (ciphertext_len > lim)
84 ? lim : ciphertext_len;
85
86 if (ciphertext_len <= sizeof(buf)) {
87 workbuf = buf;
88 } else {
89 alloc_buf = kmalloc(ciphertext_len, GFP_NOFS);
90 if (!alloc_buf)
91 return -ENOMEM;
92 workbuf = alloc_buf;
93 }
94
95 /* Allocate request */
96 req = skcipher_request_alloc(tfm, GFP_NOFS);
97 if (!req) {
98 printk_ratelimited(
99 KERN_ERR "%s: crypto_request_alloc() failed\n", __func__);
100 kfree(alloc_buf);
101 return -ENOMEM;
102 }
103 skcipher_request_set_callback(req,
104 CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
105 ext4_dir_crypt_complete, &ecr);
106
107 /* Copy the input */
108 memcpy(workbuf, iname->name, iname->len);
109 if (iname->len < ciphertext_len)
110 memset(workbuf + iname->len, 0, ciphertext_len - iname->len);
111
112 /* Initialize IV */
113 memset(iv, 0, EXT4_CRYPTO_BLOCK_SIZE);
114
115 /* Create encryption request */
116 sg_init_one(&src_sg, workbuf, ciphertext_len);
117 sg_init_one(&dst_sg, oname->name, ciphertext_len);
118 skcipher_request_set_crypt(req, &src_sg, &dst_sg, ciphertext_len, iv);
119 res = crypto_skcipher_encrypt(req);
120 if (res == -EINPROGRESS || res == -EBUSY) {
121 wait_for_completion(&ecr.completion);
122 res = ecr.res;
123 }
124 kfree(alloc_buf);
125 skcipher_request_free(req);
126 if (res < 0) {
127 printk_ratelimited(
128 KERN_ERR "%s: Error (error code %d)\n", __func__, res);
129 }
130 oname->len = ciphertext_len;
131 return res;
132}
133
134/*
135 * ext4_fname_decrypt()
136 * This function decrypts the input filename, and returns
137 * the length of the plaintext.
138 * Errors are returned as negative numbers.
139 * We trust the caller to allocate sufficient memory to oname string.
140 */
141static int ext4_fname_decrypt(struct inode *inode,
142 const struct ext4_str *iname,
143 struct ext4_str *oname)
144{
145 struct ext4_str tmp_in[2], tmp_out[1];
146 struct skcipher_request *req = NULL;
147 DECLARE_EXT4_COMPLETION_RESULT(ecr);
148 struct scatterlist src_sg, dst_sg;
149 struct ext4_crypt_info *ci = EXT4_I(inode)->i_crypt_info;
150 struct crypto_skcipher *tfm = ci->ci_ctfm;
151 int res = 0;
152 char iv[EXT4_CRYPTO_BLOCK_SIZE];
153 unsigned lim = max_name_len(inode);
154
155 if (iname->len <= 0 || iname->len > lim)
156 return -EIO;
157
158 tmp_in[0].name = iname->name;
159 tmp_in[0].len = iname->len;
160 tmp_out[0].name = oname->name;
161
162 /* Allocate request */
163 req = skcipher_request_alloc(tfm, GFP_NOFS);
164 if (!req) {
165 printk_ratelimited(
166 KERN_ERR "%s: crypto_request_alloc() failed\n", __func__);
167 return -ENOMEM;
168 }
169 skcipher_request_set_callback(req,
170 CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
171 ext4_dir_crypt_complete, &ecr);
172
173 /* Initialize IV */
174 memset(iv, 0, EXT4_CRYPTO_BLOCK_SIZE);
175
176 /* Create encryption request */
177 sg_init_one(&src_sg, iname->name, iname->len);
178 sg_init_one(&dst_sg, oname->name, oname->len);
179 skcipher_request_set_crypt(req, &src_sg, &dst_sg, iname->len, iv);
180 res = crypto_skcipher_decrypt(req);
181 if (res == -EINPROGRESS || res == -EBUSY) {
182 wait_for_completion(&ecr.completion);
183 res = ecr.res;
184 }
185 skcipher_request_free(req);
186 if (res < 0) {
187 printk_ratelimited(
188 KERN_ERR "%s: Error in ext4_fname_encrypt (error code %d)\n",
189 __func__, res);
190 return res;
191 }
192
193 oname->len = strnlen(oname->name, iname->len);
194 return oname->len;
195}
196
197static const char *lookup_table =
198 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+,";
199
200/**
201 * ext4_fname_encode_digest() -
202 *
203 * Encodes the input digest using characters from the set [a-zA-Z0-9_+].
204 * The encoded string is roughly 4/3 times the size of the input string.
205 */
206static int digest_encode(const char *src, int len, char *dst)
207{
208 int i = 0, bits = 0, ac = 0;
209 char *cp = dst;
210
211 while (i < len) {
212 ac += (((unsigned char) src[i]) << bits);
213 bits += 8;
214 do {
215 *cp++ = lookup_table[ac & 0x3f];
216 ac >>= 6;
217 bits -= 6;
218 } while (bits >= 6);
219 i++;
220 }
221 if (bits)
222 *cp++ = lookup_table[ac & 0x3f];
223 return cp - dst;
224}
225
226static int digest_decode(const char *src, int len, char *dst)
227{
228 int i = 0, bits = 0, ac = 0;
229 const char *p;
230 char *cp = dst;
231
232 while (i < len) {
233 p = strchr(lookup_table, src[i]);
234 if (p == NULL || src[i] == 0)
235 return -2;
236 ac += (p - lookup_table) << bits;
237 bits += 6;
238 if (bits >= 8) {
239 *cp++ = ac & 0xff;
240 ac >>= 8;
241 bits -= 8;
242 }
243 i++;
244 }
245 if (ac)
246 return -1;
247 return cp - dst;
248}
249
250/**
251 * ext4_fname_crypto_round_up() -
252 *
253 * Return: The next multiple of block size
254 */
255u32 ext4_fname_crypto_round_up(u32 size, u32 blksize)
256{
257 return ((size+blksize-1)/blksize)*blksize;
258}
259
260unsigned ext4_fname_encrypted_size(struct inode *inode, u32 ilen)
261{
262 struct ext4_crypt_info *ci = EXT4_I(inode)->i_crypt_info;
263 int padding = 32;
264
265 if (ci)
266 padding = 4 << (ci->ci_flags & EXT4_POLICY_FLAGS_PAD_MASK);
267 if (ilen < EXT4_CRYPTO_BLOCK_SIZE)
268 ilen = EXT4_CRYPTO_BLOCK_SIZE;
269 return ext4_fname_crypto_round_up(ilen, padding);
270}
271
272/*
273 * ext4_fname_crypto_alloc_buffer() -
274 *
275 * Allocates an output buffer that is sufficient for the crypto operation
276 * specified by the context and the direction.
277 */
278int ext4_fname_crypto_alloc_buffer(struct inode *inode,
279 u32 ilen, struct ext4_str *crypto_str)
280{
281 unsigned int olen = ext4_fname_encrypted_size(inode, ilen);
282
283 crypto_str->len = olen;
284 if (olen < EXT4_FNAME_CRYPTO_DIGEST_SIZE*2)
285 olen = EXT4_FNAME_CRYPTO_DIGEST_SIZE*2;
286 /* Allocated buffer can hold one more character to null-terminate the
287 * string */
288 crypto_str->name = kmalloc(olen+1, GFP_NOFS);
289 if (!(crypto_str->name))
290 return -ENOMEM;
291 return 0;
292}
293
294/**
295 * ext4_fname_crypto_free_buffer() -
296 *
297 * Frees the buffer allocated for crypto operation.
298 */
299void ext4_fname_crypto_free_buffer(struct ext4_str *crypto_str)
300{
301 if (!crypto_str)
302 return;
303 kfree(crypto_str->name);
304 crypto_str->name = NULL;
305}
306
307/**
308 * ext4_fname_disk_to_usr() - converts a filename from disk space to user space
309 */
310int _ext4_fname_disk_to_usr(struct inode *inode,
311 struct dx_hash_info *hinfo,
312 const struct ext4_str *iname,
313 struct ext4_str *oname)
314{
315 char buf[24];
316 int ret;
317
318 if (iname->len < 3) {
319 /*Check for . and .. */
320 if (iname->name[0] == '.' && iname->name[iname->len-1] == '.') {
321 oname->name[0] = '.';
322 oname->name[iname->len-1] = '.';
323 oname->len = iname->len;
324 return oname->len;
325 }
326 }
327 if (iname->len < EXT4_CRYPTO_BLOCK_SIZE) {
328 EXT4_ERROR_INODE(inode, "encrypted inode too small");
329 return -EUCLEAN;
330 }
331 if (EXT4_I(inode)->i_crypt_info)
332 return ext4_fname_decrypt(inode, iname, oname);
333
334 if (iname->len <= EXT4_FNAME_CRYPTO_DIGEST_SIZE) {
335 ret = digest_encode(iname->name, iname->len, oname->name);
336 oname->len = ret;
337 return ret;
338 }
339 if (hinfo) {
340 memcpy(buf, &hinfo->hash, 4);
341 memcpy(buf+4, &hinfo->minor_hash, 4);
342 } else
343 memset(buf, 0, 8);
344 memcpy(buf + 8, iname->name + iname->len - 16, 16);
345 oname->name[0] = '_';
346 ret = digest_encode(buf, 24, oname->name+1);
347 oname->len = ret + 1;
348 return ret + 1;
349}
350
351int ext4_fname_disk_to_usr(struct inode *inode,
352 struct dx_hash_info *hinfo,
353 const struct ext4_dir_entry_2 *de,
354 struct ext4_str *oname)
355{
356 struct ext4_str iname = {.name = (unsigned char *) de->name,
357 .len = de->name_len };
358
359 return _ext4_fname_disk_to_usr(inode, hinfo, &iname, oname);
360}
361
362
363/**
364 * ext4_fname_usr_to_disk() - converts a filename from user space to disk space
365 */
366int ext4_fname_usr_to_disk(struct inode *inode,
367 const struct qstr *iname,
368 struct ext4_str *oname)
369{
370 int res;
371 struct ext4_crypt_info *ci = EXT4_I(inode)->i_crypt_info;
372
373 if (iname->len < 3) {
374 /*Check for . and .. */
375 if (iname->name[0] == '.' &&
376 iname->name[iname->len-1] == '.') {
377 oname->name[0] = '.';
378 oname->name[iname->len-1] = '.';
379 oname->len = iname->len;
380 return oname->len;
381 }
382 }
383 if (ci) {
384 res = ext4_fname_encrypt(inode, iname, oname);
385 return res;
386 }
387 /* Without a proper key, a user is not allowed to modify the filenames
388 * in a directory. Consequently, a user space name cannot be mapped to
389 * a disk-space name */
390 return -EACCES;
391}
392
393int ext4_fname_setup_filename(struct inode *dir, const struct qstr *iname,
394 int lookup, struct ext4_filename *fname)
395{
396 struct ext4_crypt_info *ci;
397 int ret = 0, bigname = 0;
398
399 memset(fname, 0, sizeof(struct ext4_filename));
400 fname->usr_fname = iname;
401
402 if (!ext4_encrypted_inode(dir) ||
403 ((iname->name[0] == '.') &&
404 ((iname->len == 1) ||
405 ((iname->name[1] == '.') && (iname->len == 2))))) {
406 fname->disk_name.name = (unsigned char *) iname->name;
407 fname->disk_name.len = iname->len;
408 return 0;
409 }
410 ret = ext4_get_encryption_info(dir);
411 if (ret)
412 return ret;
413 ci = EXT4_I(dir)->i_crypt_info;
414 if (ci) {
415 ret = ext4_fname_crypto_alloc_buffer(dir, iname->len,
416 &fname->crypto_buf);
417 if (ret < 0)
418 return ret;
419 ret = ext4_fname_encrypt(dir, iname, &fname->crypto_buf);
420 if (ret < 0)
421 goto errout;
422 fname->disk_name.name = fname->crypto_buf.name;
423 fname->disk_name.len = fname->crypto_buf.len;
424 return 0;
425 }
426 if (!lookup)
427 return -EACCES;
428
429 /* We don't have the key and we are doing a lookup; decode the
430 * user-supplied name
431 */
432 if (iname->name[0] == '_')
433 bigname = 1;
434 if ((bigname && (iname->len != 33)) ||
435 (!bigname && (iname->len > 43)))
436 return -ENOENT;
437
438 fname->crypto_buf.name = kmalloc(32, GFP_KERNEL);
439 if (fname->crypto_buf.name == NULL)
440 return -ENOMEM;
441 ret = digest_decode(iname->name + bigname, iname->len - bigname,
442 fname->crypto_buf.name);
443 if (ret < 0) {
444 ret = -ENOENT;
445 goto errout;
446 }
447 fname->crypto_buf.len = ret;
448 if (bigname) {
449 memcpy(&fname->hinfo.hash, fname->crypto_buf.name, 4);
450 memcpy(&fname->hinfo.minor_hash, fname->crypto_buf.name + 4, 4);
451 } else {
452 fname->disk_name.name = fname->crypto_buf.name;
453 fname->disk_name.len = fname->crypto_buf.len;
454 }
455 return 0;
456errout:
457 kfree(fname->crypto_buf.name);
458 fname->crypto_buf.name = NULL;
459 return ret;
460}
461
462void ext4_fname_free_filename(struct ext4_filename *fname)
463{
464 kfree(fname->crypto_buf.name);
465 fname->crypto_buf.name = NULL;
466 fname->usr_fname = NULL;
467 fname->disk_name.name = NULL;
468}
diff --git a/fs/ext4/crypto_key.c b/fs/ext4/crypto_key.c
deleted file mode 100644
index 0129d688d1f7..000000000000
--- a/fs/ext4/crypto_key.c
+++ /dev/null
@@ -1,274 +0,0 @@
1/*
2 * linux/fs/ext4/crypto_key.c
3 *
4 * Copyright (C) 2015, Google, Inc.
5 *
6 * This contains encryption key functions for ext4
7 *
8 * Written by Michael Halcrow, Ildar Muslukhov, and Uday Savagaonkar, 2015.
9 */
10
11#include <crypto/skcipher.h>
12#include <keys/encrypted-type.h>
13#include <keys/user-type.h>
14#include <linux/random.h>
15#include <linux/scatterlist.h>
16#include <uapi/linux/keyctl.h>
17
18#include "ext4.h"
19#include "xattr.h"
20
21static void derive_crypt_complete(struct crypto_async_request *req, int rc)
22{
23 struct ext4_completion_result *ecr = req->data;
24
25 if (rc == -EINPROGRESS)
26 return;
27
28 ecr->res = rc;
29 complete(&ecr->completion);
30}
31
32/**
33 * ext4_derive_key_aes() - Derive a key using AES-128-ECB
34 * @deriving_key: Encryption key used for derivation.
35 * @source_key: Source key to which to apply derivation.
36 * @derived_key: Derived key.
37 *
38 * Return: Zero on success; non-zero otherwise.
39 */
40static int ext4_derive_key_aes(char deriving_key[EXT4_AES_128_ECB_KEY_SIZE],
41 char source_key[EXT4_AES_256_XTS_KEY_SIZE],
42 char derived_key[EXT4_AES_256_XTS_KEY_SIZE])
43{
44 int res = 0;
45 struct skcipher_request *req = NULL;
46 DECLARE_EXT4_COMPLETION_RESULT(ecr);
47 struct scatterlist src_sg, dst_sg;
48 struct crypto_skcipher *tfm = crypto_alloc_skcipher("ecb(aes)", 0, 0);
49
50 if (IS_ERR(tfm)) {
51 res = PTR_ERR(tfm);
52 tfm = NULL;
53 goto out;
54 }
55 crypto_skcipher_set_flags(tfm, CRYPTO_TFM_REQ_WEAK_KEY);
56 req = skcipher_request_alloc(tfm, GFP_NOFS);
57 if (!req) {
58 res = -ENOMEM;
59 goto out;
60 }
61 skcipher_request_set_callback(req,
62 CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
63 derive_crypt_complete, &ecr);
64 res = crypto_skcipher_setkey(tfm, deriving_key,
65 EXT4_AES_128_ECB_KEY_SIZE);
66 if (res < 0)
67 goto out;
68 sg_init_one(&src_sg, source_key, EXT4_AES_256_XTS_KEY_SIZE);
69 sg_init_one(&dst_sg, derived_key, EXT4_AES_256_XTS_KEY_SIZE);
70 skcipher_request_set_crypt(req, &src_sg, &dst_sg,
71 EXT4_AES_256_XTS_KEY_SIZE, NULL);
72 res = crypto_skcipher_encrypt(req);
73 if (res == -EINPROGRESS || res == -EBUSY) {
74 wait_for_completion(&ecr.completion);
75 res = ecr.res;
76 }
77
78out:
79 skcipher_request_free(req);
80 crypto_free_skcipher(tfm);
81 return res;
82}
83
84void ext4_free_crypt_info(struct ext4_crypt_info *ci)
85{
86 if (!ci)
87 return;
88
89 if (ci->ci_keyring_key)
90 key_put(ci->ci_keyring_key);
91 crypto_free_skcipher(ci->ci_ctfm);
92 kmem_cache_free(ext4_crypt_info_cachep, ci);
93}
94
95void ext4_free_encryption_info(struct inode *inode,
96 struct ext4_crypt_info *ci)
97{
98 struct ext4_inode_info *ei = EXT4_I(inode);
99 struct ext4_crypt_info *prev;
100
101 if (ci == NULL)
102 ci = ACCESS_ONCE(ei->i_crypt_info);
103 if (ci == NULL)
104 return;
105 prev = cmpxchg(&ei->i_crypt_info, ci, NULL);
106 if (prev != ci)
107 return;
108
109 ext4_free_crypt_info(ci);
110}
111
112int _ext4_get_encryption_info(struct inode *inode)
113{
114 struct ext4_inode_info *ei = EXT4_I(inode);
115 struct ext4_crypt_info *crypt_info;
116 char full_key_descriptor[EXT4_KEY_DESC_PREFIX_SIZE +
117 (EXT4_KEY_DESCRIPTOR_SIZE * 2) + 1];
118 struct key *keyring_key = NULL;
119 struct ext4_encryption_key *master_key;
120 struct ext4_encryption_context ctx;
121 const struct user_key_payload *ukp;
122 struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb);
123 struct crypto_skcipher *ctfm;
124 const char *cipher_str;
125 char raw_key[EXT4_MAX_KEY_SIZE];
126 char mode;
127 int res;
128
129 if (!ext4_read_workqueue) {
130 res = ext4_init_crypto();
131 if (res)
132 return res;
133 }
134
135retry:
136 crypt_info = ACCESS_ONCE(ei->i_crypt_info);
137 if (crypt_info) {
138 if (!crypt_info->ci_keyring_key ||
139 key_validate(crypt_info->ci_keyring_key) == 0)
140 return 0;
141 ext4_free_encryption_info(inode, crypt_info);
142 goto retry;
143 }
144
145 res = ext4_xattr_get(inode, EXT4_XATTR_INDEX_ENCRYPTION,
146 EXT4_XATTR_NAME_ENCRYPTION_CONTEXT,
147 &ctx, sizeof(ctx));
148 if (res < 0) {
149 if (!DUMMY_ENCRYPTION_ENABLED(sbi))
150 return res;
151 ctx.contents_encryption_mode = EXT4_ENCRYPTION_MODE_AES_256_XTS;
152 ctx.filenames_encryption_mode =
153 EXT4_ENCRYPTION_MODE_AES_256_CTS;
154 ctx.flags = 0;
155 } else if (res != sizeof(ctx))
156 return -EINVAL;
157 res = 0;
158
159 crypt_info = kmem_cache_alloc(ext4_crypt_info_cachep, GFP_KERNEL);
160 if (!crypt_info)
161 return -ENOMEM;
162
163 crypt_info->ci_flags = ctx.flags;
164 crypt_info->ci_data_mode = ctx.contents_encryption_mode;
165 crypt_info->ci_filename_mode = ctx.filenames_encryption_mode;
166 crypt_info->ci_ctfm = NULL;
167 crypt_info->ci_keyring_key = NULL;
168 memcpy(crypt_info->ci_master_key, ctx.master_key_descriptor,
169 sizeof(crypt_info->ci_master_key));
170 if (S_ISREG(inode->i_mode))
171 mode = crypt_info->ci_data_mode;
172 else if (S_ISDIR(inode->i_mode) || S_ISLNK(inode->i_mode))
173 mode = crypt_info->ci_filename_mode;
174 else
175 BUG();
176 switch (mode) {
177 case EXT4_ENCRYPTION_MODE_AES_256_XTS:
178 cipher_str = "xts(aes)";
179 break;
180 case EXT4_ENCRYPTION_MODE_AES_256_CTS:
181 cipher_str = "cts(cbc(aes))";
182 break;
183 default:
184 printk_once(KERN_WARNING
185 "ext4: unsupported key mode %d (ino %u)\n",
186 mode, (unsigned) inode->i_ino);
187 res = -ENOKEY;
188 goto out;
189 }
190 if (DUMMY_ENCRYPTION_ENABLED(sbi)) {
191 memset(raw_key, 0x42, EXT4_AES_256_XTS_KEY_SIZE);
192 goto got_key;
193 }
194 memcpy(full_key_descriptor, EXT4_KEY_DESC_PREFIX,
195 EXT4_KEY_DESC_PREFIX_SIZE);
196 sprintf(full_key_descriptor + EXT4_KEY_DESC_PREFIX_SIZE,
197 "%*phN", EXT4_KEY_DESCRIPTOR_SIZE,
198 ctx.master_key_descriptor);
199 full_key_descriptor[EXT4_KEY_DESC_PREFIX_SIZE +
200 (2 * EXT4_KEY_DESCRIPTOR_SIZE)] = '\0';
201 keyring_key = request_key(&key_type_logon, full_key_descriptor, NULL);
202 if (IS_ERR(keyring_key)) {
203 res = PTR_ERR(keyring_key);
204 keyring_key = NULL;
205 goto out;
206 }
207 crypt_info->ci_keyring_key = keyring_key;
208 if (keyring_key->type != &key_type_logon) {
209 printk_once(KERN_WARNING
210 "ext4: key type must be logon\n");
211 res = -ENOKEY;
212 goto out;
213 }
214 down_read(&keyring_key->sem);
215 ukp = user_key_payload(keyring_key);
216 if (ukp->datalen != sizeof(struct ext4_encryption_key)) {
217 res = -EINVAL;
218 up_read(&keyring_key->sem);
219 goto out;
220 }
221 master_key = (struct ext4_encryption_key *)ukp->data;
222 BUILD_BUG_ON(EXT4_AES_128_ECB_KEY_SIZE !=
223 EXT4_KEY_DERIVATION_NONCE_SIZE);
224 if (master_key->size != EXT4_AES_256_XTS_KEY_SIZE) {
225 printk_once(KERN_WARNING
226 "ext4: key size incorrect: %d\n",
227 master_key->size);
228 res = -ENOKEY;
229 up_read(&keyring_key->sem);
230 goto out;
231 }
232 res = ext4_derive_key_aes(ctx.nonce, master_key->raw,
233 raw_key);
234 up_read(&keyring_key->sem);
235 if (res)
236 goto out;
237got_key:
238 ctfm = crypto_alloc_skcipher(cipher_str, 0, 0);
239 if (!ctfm || IS_ERR(ctfm)) {
240 res = ctfm ? PTR_ERR(ctfm) : -ENOMEM;
241 printk(KERN_DEBUG
242 "%s: error %d (inode %u) allocating crypto tfm\n",
243 __func__, res, (unsigned) inode->i_ino);
244 goto out;
245 }
246 crypt_info->ci_ctfm = ctfm;
247 crypto_skcipher_clear_flags(ctfm, ~0);
248 crypto_tfm_set_flags(crypto_skcipher_tfm(ctfm),
249 CRYPTO_TFM_REQ_WEAK_KEY);
250 res = crypto_skcipher_setkey(ctfm, raw_key,
251 ext4_encryption_key_size(mode));
252 if (res)
253 goto out;
254 memzero_explicit(raw_key, sizeof(raw_key));
255 if (cmpxchg(&ei->i_crypt_info, NULL, crypt_info) != NULL) {
256 ext4_free_crypt_info(crypt_info);
257 goto retry;
258 }
259 return 0;
260
261out:
262 if (res == -ENOKEY)
263 res = 0;
264 ext4_free_crypt_info(crypt_info);
265 memzero_explicit(raw_key, sizeof(raw_key));
266 return res;
267}
268
269int ext4_has_encryption_key(struct inode *inode)
270{
271 struct ext4_inode_info *ei = EXT4_I(inode);
272
273 return (ei->i_crypt_info != NULL);
274}
diff --git a/fs/ext4/crypto_policy.c b/fs/ext4/crypto_policy.c
deleted file mode 100644
index ad050698143f..000000000000
--- a/fs/ext4/crypto_policy.c
+++ /dev/null
@@ -1,229 +0,0 @@
1/*
2 * linux/fs/ext4/crypto_policy.c
3 *
4 * Copyright (C) 2015, Google, Inc.
5 *
6 * This contains encryption policy functions for ext4
7 *
8 * Written by Michael Halcrow, 2015.
9 */
10
11#include <linux/random.h>
12#include <linux/string.h>
13#include <linux/types.h>
14
15#include "ext4_jbd2.h"
16#include "ext4.h"
17#include "xattr.h"
18
19static int ext4_inode_has_encryption_context(struct inode *inode)
20{
21 int res = ext4_xattr_get(inode, EXT4_XATTR_INDEX_ENCRYPTION,
22 EXT4_XATTR_NAME_ENCRYPTION_CONTEXT, NULL, 0);
23 return (res > 0);
24}
25
26/*
27 * check whether the policy is consistent with the encryption context
28 * for the inode
29 */
30static int ext4_is_encryption_context_consistent_with_policy(
31 struct inode *inode, const struct ext4_encryption_policy *policy)
32{
33 struct ext4_encryption_context ctx;
34 int res = ext4_xattr_get(inode, EXT4_XATTR_INDEX_ENCRYPTION,
35 EXT4_XATTR_NAME_ENCRYPTION_CONTEXT, &ctx,
36 sizeof(ctx));
37 if (res != sizeof(ctx))
38 return 0;
39 return (memcmp(ctx.master_key_descriptor, policy->master_key_descriptor,
40 EXT4_KEY_DESCRIPTOR_SIZE) == 0 &&
41 (ctx.flags ==
42 policy->flags) &&
43 (ctx.contents_encryption_mode ==
44 policy->contents_encryption_mode) &&
45 (ctx.filenames_encryption_mode ==
46 policy->filenames_encryption_mode));
47}
48
49static int ext4_create_encryption_context_from_policy(
50 struct inode *inode, const struct ext4_encryption_policy *policy)
51{
52 struct ext4_encryption_context ctx;
53 handle_t *handle;
54 int res, res2;
55
56 res = ext4_convert_inline_data(inode);
57 if (res)
58 return res;
59
60 ctx.format = EXT4_ENCRYPTION_CONTEXT_FORMAT_V1;
61 memcpy(ctx.master_key_descriptor, policy->master_key_descriptor,
62 EXT4_KEY_DESCRIPTOR_SIZE);
63 if (!ext4_valid_contents_enc_mode(policy->contents_encryption_mode)) {
64 printk(KERN_WARNING
65 "%s: Invalid contents encryption mode %d\n", __func__,
66 policy->contents_encryption_mode);
67 return -EINVAL;
68 }
69 if (!ext4_valid_filenames_enc_mode(policy->filenames_encryption_mode)) {
70 printk(KERN_WARNING
71 "%s: Invalid filenames encryption mode %d\n", __func__,
72 policy->filenames_encryption_mode);
73 return -EINVAL;
74 }
75 if (policy->flags & ~EXT4_POLICY_FLAGS_VALID)
76 return -EINVAL;
77 ctx.contents_encryption_mode = policy->contents_encryption_mode;
78 ctx.filenames_encryption_mode = policy->filenames_encryption_mode;
79 ctx.flags = policy->flags;
80 BUILD_BUG_ON(sizeof(ctx.nonce) != EXT4_KEY_DERIVATION_NONCE_SIZE);
81 get_random_bytes(ctx.nonce, EXT4_KEY_DERIVATION_NONCE_SIZE);
82
83 handle = ext4_journal_start(inode, EXT4_HT_MISC,
84 ext4_jbd2_credits_xattr(inode));
85 if (IS_ERR(handle))
86 return PTR_ERR(handle);
87 res = ext4_xattr_set(inode, EXT4_XATTR_INDEX_ENCRYPTION,
88 EXT4_XATTR_NAME_ENCRYPTION_CONTEXT, &ctx,
89 sizeof(ctx), 0);
90 if (!res) {
91 ext4_set_inode_flag(inode, EXT4_INODE_ENCRYPT);
92 res = ext4_mark_inode_dirty(handle, inode);
93 if (res)
94 EXT4_ERROR_INODE(inode, "Failed to mark inode dirty");
95 }
96 res2 = ext4_journal_stop(handle);
97 if (!res)
98 res = res2;
99 return res;
100}
101
102int ext4_process_policy(const struct ext4_encryption_policy *policy,
103 struct inode *inode)
104{
105 if (policy->version != 0)
106 return -EINVAL;
107
108 if (!ext4_inode_has_encryption_context(inode)) {
109 if (!S_ISDIR(inode->i_mode))
110 return -EINVAL;
111 if (!ext4_empty_dir(inode))
112 return -ENOTEMPTY;
113 return ext4_create_encryption_context_from_policy(inode,
114 policy);
115 }
116
117 if (ext4_is_encryption_context_consistent_with_policy(inode, policy))
118 return 0;
119
120 printk(KERN_WARNING "%s: Policy inconsistent with encryption context\n",
121 __func__);
122 return -EINVAL;
123}
124
125int ext4_get_policy(struct inode *inode, struct ext4_encryption_policy *policy)
126{
127 struct ext4_encryption_context ctx;
128
129 int res = ext4_xattr_get(inode, EXT4_XATTR_INDEX_ENCRYPTION,
130 EXT4_XATTR_NAME_ENCRYPTION_CONTEXT,
131 &ctx, sizeof(ctx));
132 if (res != sizeof(ctx))
133 return -ENOENT;
134 if (ctx.format != EXT4_ENCRYPTION_CONTEXT_FORMAT_V1)
135 return -EINVAL;
136 policy->version = 0;
137 policy->contents_encryption_mode = ctx.contents_encryption_mode;
138 policy->filenames_encryption_mode = ctx.filenames_encryption_mode;
139 policy->flags = ctx.flags;
140 memcpy(&policy->master_key_descriptor, ctx.master_key_descriptor,
141 EXT4_KEY_DESCRIPTOR_SIZE);
142 return 0;
143}
144
145int ext4_is_child_context_consistent_with_parent(struct inode *parent,
146 struct inode *child)
147{
148 struct ext4_crypt_info *parent_ci, *child_ci;
149 int res;
150
151 if ((parent == NULL) || (child == NULL)) {
152 pr_err("parent %p child %p\n", parent, child);
153 WARN_ON(1); /* Should never happen */
154 return 0;
155 }
156 /* no restrictions if the parent directory is not encrypted */
157 if (!ext4_encrypted_inode(parent))
158 return 1;
159 /* if the child directory is not encrypted, this is always a problem */
160 if (!ext4_encrypted_inode(child))
161 return 0;
162 res = ext4_get_encryption_info(parent);
163 if (res)
164 return 0;
165 res = ext4_get_encryption_info(child);
166 if (res)
167 return 0;
168 parent_ci = EXT4_I(parent)->i_crypt_info;
169 child_ci = EXT4_I(child)->i_crypt_info;
170 if (!parent_ci && !child_ci)
171 return 1;
172 if (!parent_ci || !child_ci)
173 return 0;
174
175 return (memcmp(parent_ci->ci_master_key,
176 child_ci->ci_master_key,
177 EXT4_KEY_DESCRIPTOR_SIZE) == 0 &&
178 (parent_ci->ci_data_mode == child_ci->ci_data_mode) &&
179 (parent_ci->ci_filename_mode == child_ci->ci_filename_mode) &&
180 (parent_ci->ci_flags == child_ci->ci_flags));
181}
182
183/**
184 * ext4_inherit_context() - Sets a child context from its parent
185 * @parent: Parent inode from which the context is inherited.
186 * @child: Child inode that inherits the context from @parent.
187 *
188 * Return: Zero on success, non-zero otherwise
189 */
190int ext4_inherit_context(struct inode *parent, struct inode *child)
191{
192 struct ext4_encryption_context ctx;
193 struct ext4_crypt_info *ci;
194 int res;
195
196 res = ext4_get_encryption_info(parent);
197 if (res < 0)
198 return res;
199 ci = EXT4_I(parent)->i_crypt_info;
200 if (ci == NULL)
201 return -ENOKEY;
202
203 ctx.format = EXT4_ENCRYPTION_CONTEXT_FORMAT_V1;
204 if (DUMMY_ENCRYPTION_ENABLED(EXT4_SB(parent->i_sb))) {
205 ctx.contents_encryption_mode = EXT4_ENCRYPTION_MODE_AES_256_XTS;
206 ctx.filenames_encryption_mode =
207 EXT4_ENCRYPTION_MODE_AES_256_CTS;
208 ctx.flags = 0;
209 memset(ctx.master_key_descriptor, 0x42,
210 EXT4_KEY_DESCRIPTOR_SIZE);
211 res = 0;
212 } else {
213 ctx.contents_encryption_mode = ci->ci_data_mode;
214 ctx.filenames_encryption_mode = ci->ci_filename_mode;
215 ctx.flags = ci->ci_flags;
216 memcpy(ctx.master_key_descriptor, ci->ci_master_key,
217 EXT4_KEY_DESCRIPTOR_SIZE);
218 }
219 get_random_bytes(ctx.nonce, EXT4_KEY_DERIVATION_NONCE_SIZE);
220 res = ext4_xattr_set(child, EXT4_XATTR_INDEX_ENCRYPTION,
221 EXT4_XATTR_NAME_ENCRYPTION_CONTEXT, &ctx,
222 sizeof(ctx), 0);
223 if (!res) {
224 ext4_set_inode_flag(child, EXT4_INODE_ENCRYPT);
225 ext4_clear_inode_state(child, EXT4_STATE_MAY_INLINE_DATA);
226 res = ext4_get_encryption_info(child);
227 }
228 return res;
229}
diff --git a/fs/ext4/dir.c b/fs/ext4/dir.c
index 68323e3da3fa..67415e0e6af0 100644
--- a/fs/ext4/dir.c
+++ b/fs/ext4/dir.c
@@ -109,10 +109,10 @@ static int ext4_readdir(struct file *file, struct dir_context *ctx)
109 struct super_block *sb = inode->i_sb; 109 struct super_block *sb = inode->i_sb;
110 struct buffer_head *bh = NULL; 110 struct buffer_head *bh = NULL;
111 int dir_has_error = 0; 111 int dir_has_error = 0;
112 struct ext4_str fname_crypto_str = {.name = NULL, .len = 0}; 112 struct fscrypt_str fstr = FSTR_INIT(NULL, 0);
113 113
114 if (ext4_encrypted_inode(inode)) { 114 if (ext4_encrypted_inode(inode)) {
115 err = ext4_get_encryption_info(inode); 115 err = fscrypt_get_encryption_info(inode);
116 if (err && err != -ENOKEY) 116 if (err && err != -ENOKEY)
117 return err; 117 return err;
118 } 118 }
@@ -139,8 +139,7 @@ static int ext4_readdir(struct file *file, struct dir_context *ctx)
139 } 139 }
140 140
141 if (ext4_encrypted_inode(inode)) { 141 if (ext4_encrypted_inode(inode)) {
142 err = ext4_fname_crypto_alloc_buffer(inode, EXT4_NAME_LEN, 142 err = fscrypt_fname_alloc_buffer(inode, EXT4_NAME_LEN, &fstr);
143 &fname_crypto_str);
144 if (err < 0) 143 if (err < 0)
145 return err; 144 return err;
146 } 145 }
@@ -253,16 +252,19 @@ static int ext4_readdir(struct file *file, struct dir_context *ctx)
253 get_dtype(sb, de->file_type))) 252 get_dtype(sb, de->file_type)))
254 goto done; 253 goto done;
255 } else { 254 } else {
256 int save_len = fname_crypto_str.len; 255 int save_len = fstr.len;
256 struct fscrypt_str de_name =
257 FSTR_INIT(de->name,
258 de->name_len);
257 259
258 /* Directory is encrypted */ 260 /* Directory is encrypted */
259 err = ext4_fname_disk_to_usr(inode, 261 err = fscrypt_fname_disk_to_usr(inode,
260 NULL, de, &fname_crypto_str); 262 0, 0, &de_name, &fstr);
261 fname_crypto_str.len = save_len; 263 fstr.len = save_len;
262 if (err < 0) 264 if (err < 0)
263 goto errout; 265 goto errout;
264 if (!dir_emit(ctx, 266 if (!dir_emit(ctx,
265 fname_crypto_str.name, err, 267 fstr.name, err,
266 le32_to_cpu(de->inode), 268 le32_to_cpu(de->inode),
267 get_dtype(sb, de->file_type))) 269 get_dtype(sb, de->file_type)))
268 goto done; 270 goto done;
@@ -281,7 +283,7 @@ done:
281 err = 0; 283 err = 0;
282errout: 284errout:
283#ifdef CONFIG_EXT4_FS_ENCRYPTION 285#ifdef CONFIG_EXT4_FS_ENCRYPTION
284 ext4_fname_crypto_free_buffer(&fname_crypto_str); 286 fscrypt_fname_free_buffer(&fstr);
285#endif 287#endif
286 brelse(bh); 288 brelse(bh);
287 return err; 289 return err;
@@ -432,7 +434,7 @@ void ext4_htree_free_dir_info(struct dir_private_info *p)
432int ext4_htree_store_dirent(struct file *dir_file, __u32 hash, 434int ext4_htree_store_dirent(struct file *dir_file, __u32 hash,
433 __u32 minor_hash, 435 __u32 minor_hash,
434 struct ext4_dir_entry_2 *dirent, 436 struct ext4_dir_entry_2 *dirent,
435 struct ext4_str *ent_name) 437 struct fscrypt_str *ent_name)
436{ 438{
437 struct rb_node **p, *parent = NULL; 439 struct rb_node **p, *parent = NULL;
438 struct fname *fname, *new_fn; 440 struct fname *fname, *new_fn;
@@ -609,7 +611,7 @@ finished:
609static int ext4_dir_open(struct inode * inode, struct file * filp) 611static int ext4_dir_open(struct inode * inode, struct file * filp)
610{ 612{
611 if (ext4_encrypted_inode(inode)) 613 if (ext4_encrypted_inode(inode))
612 return ext4_get_encryption_info(inode) ? -EACCES : 0; 614 return fscrypt_get_encryption_info(inode) ? -EACCES : 0;
613 return 0; 615 return 0;
614} 616}
615 617
diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h
index 96c73e6fec6e..ea31931386ec 100644
--- a/fs/ext4/ext4.h
+++ b/fs/ext4/ext4.h
@@ -32,6 +32,7 @@
32#include <linux/percpu_counter.h> 32#include <linux/percpu_counter.h>
33#include <linux/ratelimit.h> 33#include <linux/ratelimit.h>
34#include <crypto/hash.h> 34#include <crypto/hash.h>
35#include <linux/fscrypto.h>
35#include <linux/falloc.h> 36#include <linux/falloc.h>
36#include <linux/percpu-rwsem.h> 37#include <linux/percpu-rwsem.h>
37#ifdef __KERNEL__ 38#ifdef __KERNEL__
@@ -608,15 +609,6 @@ enum {
608#define EXT4_FREE_BLOCKS_NOFREE_FIRST_CLUSTER 0x0010 609#define EXT4_FREE_BLOCKS_NOFREE_FIRST_CLUSTER 0x0010
609#define EXT4_FREE_BLOCKS_NOFREE_LAST_CLUSTER 0x0020 610#define EXT4_FREE_BLOCKS_NOFREE_LAST_CLUSTER 0x0020
610 611
611/* Encryption algorithms */
612#define EXT4_ENCRYPTION_MODE_INVALID 0
613#define EXT4_ENCRYPTION_MODE_AES_256_XTS 1
614#define EXT4_ENCRYPTION_MODE_AES_256_GCM 2
615#define EXT4_ENCRYPTION_MODE_AES_256_CBC 3
616#define EXT4_ENCRYPTION_MODE_AES_256_CTS 4
617
618#include "ext4_crypto.h"
619
620/* 612/*
621 * ioctl commands 613 * ioctl commands
622 */ 614 */
@@ -638,9 +630,9 @@ enum {
638#define EXT4_IOC_RESIZE_FS _IOW('f', 16, __u64) 630#define EXT4_IOC_RESIZE_FS _IOW('f', 16, __u64)
639#define EXT4_IOC_SWAP_BOOT _IO('f', 17) 631#define EXT4_IOC_SWAP_BOOT _IO('f', 17)
640#define EXT4_IOC_PRECACHE_EXTENTS _IO('f', 18) 632#define EXT4_IOC_PRECACHE_EXTENTS _IO('f', 18)
641#define EXT4_IOC_SET_ENCRYPTION_POLICY _IOR('f', 19, struct ext4_encryption_policy) 633#define EXT4_IOC_SET_ENCRYPTION_POLICY FS_IOC_SET_ENCRYPTION_POLICY
642#define EXT4_IOC_GET_ENCRYPTION_PWSALT _IOW('f', 20, __u8[16]) 634#define EXT4_IOC_GET_ENCRYPTION_PWSALT FS_IOC_GET_ENCRYPTION_PWSALT
643#define EXT4_IOC_GET_ENCRYPTION_POLICY _IOW('f', 21, struct ext4_encryption_policy) 635#define EXT4_IOC_GET_ENCRYPTION_POLICY FS_IOC_GET_ENCRYPTION_POLICY
644 636
645#ifndef FS_IOC_FSGETXATTR 637#ifndef FS_IOC_FSGETXATTR
646/* Until the uapi changes get merged for project quota... */ 638/* Until the uapi changes get merged for project quota... */
@@ -1082,10 +1074,6 @@ struct ext4_inode_info {
1082 /* Precomputed uuid+inum+igen checksum for seeding inode checksums */ 1074 /* Precomputed uuid+inum+igen checksum for seeding inode checksums */
1083 __u32 i_csum_seed; 1075 __u32 i_csum_seed;
1084 1076
1085#ifdef CONFIG_EXT4_FS_ENCRYPTION
1086 /* Encryption params */
1087 struct ext4_crypt_info *i_crypt_info;
1088#endif
1089 kprojid_t i_projid; 1077 kprojid_t i_projid;
1090}; 1078};
1091 1079
@@ -1344,6 +1332,11 @@ struct ext4_super_block {
1344/* Number of quota types we support */ 1332/* Number of quota types we support */
1345#define EXT4_MAXQUOTAS 3 1333#define EXT4_MAXQUOTAS 3
1346 1334
1335#ifdef CONFIG_EXT4_FS_ENCRYPTION
1336#define EXT4_KEY_DESC_PREFIX "ext4:"
1337#define EXT4_KEY_DESC_PREFIX_SIZE 5
1338#endif
1339
1347/* 1340/*
1348 * fourth extended-fs super-block data in memory 1341 * fourth extended-fs super-block data in memory
1349 */ 1342 */
@@ -1513,6 +1506,12 @@ struct ext4_sb_info {
1513 1506
1514 /* Barrier between changing inodes' journal flags and writepages ops. */ 1507 /* Barrier between changing inodes' journal flags and writepages ops. */
1515 struct percpu_rw_semaphore s_journal_flag_rwsem; 1508 struct percpu_rw_semaphore s_journal_flag_rwsem;
1509
1510 /* Encryption support */
1511#ifdef CONFIG_EXT4_FS_ENCRYPTION
1512 u8 key_prefix[EXT4_KEY_DESC_PREFIX_SIZE];
1513 u8 key_prefix_size;
1514#endif
1516}; 1515};
1517 1516
1518static inline struct ext4_sb_info *EXT4_SB(struct super_block *sb) 1517static inline struct ext4_sb_info *EXT4_SB(struct super_block *sb)
@@ -1611,15 +1610,6 @@ static inline void ext4_clear_state_flags(struct ext4_inode_info *ei)
1611/* 1610/*
1612 * Returns true if the inode is inode is encrypted 1611 * Returns true if the inode is inode is encrypted
1613 */ 1612 */
1614static inline int ext4_encrypted_inode(struct inode *inode)
1615{
1616#ifdef CONFIG_EXT4_FS_ENCRYPTION
1617 return ext4_test_inode_flag(inode, EXT4_INODE_ENCRYPT);
1618#else
1619 return 0;
1620#endif
1621}
1622
1623#define NEXT_ORPHAN(inode) EXT4_I(inode)->i_dtime 1613#define NEXT_ORPHAN(inode) EXT4_I(inode)->i_dtime
1624 1614
1625/* 1615/*
@@ -2083,10 +2073,10 @@ struct dx_hash_info
2083 2073
2084struct ext4_filename { 2074struct ext4_filename {
2085 const struct qstr *usr_fname; 2075 const struct qstr *usr_fname;
2086 struct ext4_str disk_name; 2076 struct fscrypt_str disk_name;
2087 struct dx_hash_info hinfo; 2077 struct dx_hash_info hinfo;
2088#ifdef CONFIG_EXT4_FS_ENCRYPTION 2078#ifdef CONFIG_EXT4_FS_ENCRYPTION
2089 struct ext4_str crypto_buf; 2079 struct fscrypt_str crypto_buf;
2090#endif 2080#endif
2091}; 2081};
2092 2082
@@ -2297,132 +2287,82 @@ extern unsigned ext4_free_clusters_after_init(struct super_block *sb,
2297 struct ext4_group_desc *gdp); 2287 struct ext4_group_desc *gdp);
2298ext4_fsblk_t ext4_inode_to_goal_block(struct inode *); 2288ext4_fsblk_t ext4_inode_to_goal_block(struct inode *);
2299 2289
2300/* crypto_policy.c */
2301int ext4_is_child_context_consistent_with_parent(struct inode *parent,
2302 struct inode *child);
2303int ext4_inherit_context(struct inode *parent, struct inode *child);
2304void ext4_to_hex(char *dst, char *src, size_t src_size);
2305int ext4_process_policy(const struct ext4_encryption_policy *policy,
2306 struct inode *inode);
2307int ext4_get_policy(struct inode *inode,
2308 struct ext4_encryption_policy *policy);
2309
2310/* crypto.c */
2311extern struct kmem_cache *ext4_crypt_info_cachep;
2312bool ext4_valid_contents_enc_mode(uint32_t mode);
2313uint32_t ext4_validate_encryption_key_size(uint32_t mode, uint32_t size);
2314extern struct workqueue_struct *ext4_read_workqueue;
2315struct ext4_crypto_ctx *ext4_get_crypto_ctx(struct inode *inode,
2316 gfp_t gfp_flags);
2317void ext4_release_crypto_ctx(struct ext4_crypto_ctx *ctx);
2318void ext4_restore_control_page(struct page *data_page);
2319struct page *ext4_encrypt(struct inode *inode,
2320 struct page *plaintext_page,
2321 gfp_t gfp_flags);
2322int ext4_decrypt(struct page *page);
2323int ext4_encrypted_zeroout(struct inode *inode, ext4_lblk_t lblk,
2324 ext4_fsblk_t pblk, ext4_lblk_t len);
2325extern const struct dentry_operations ext4_encrypted_d_ops;
2326
2327#ifdef CONFIG_EXT4_FS_ENCRYPTION
2328int ext4_init_crypto(void);
2329void ext4_exit_crypto(void);
2330static inline int ext4_sb_has_crypto(struct super_block *sb) 2290static inline int ext4_sb_has_crypto(struct super_block *sb)
2331{ 2291{
2332 return ext4_has_feature_encrypt(sb); 2292 return ext4_has_feature_encrypt(sb);
2333} 2293}
2334#else 2294
2335static inline int ext4_init_crypto(void) { return 0; } 2295static inline bool ext4_encrypted_inode(struct inode *inode)
2336static inline void ext4_exit_crypto(void) { }
2337static inline int ext4_sb_has_crypto(struct super_block *sb)
2338{ 2296{
2339 return 0; 2297 return ext4_test_inode_flag(inode, EXT4_INODE_ENCRYPT);
2340} 2298}
2341#endif
2342 2299
2343/* crypto_fname.c */
2344bool ext4_valid_filenames_enc_mode(uint32_t mode);
2345u32 ext4_fname_crypto_round_up(u32 size, u32 blksize);
2346unsigned ext4_fname_encrypted_size(struct inode *inode, u32 ilen);
2347int ext4_fname_crypto_alloc_buffer(struct inode *inode,
2348 u32 ilen, struct ext4_str *crypto_str);
2349int _ext4_fname_disk_to_usr(struct inode *inode,
2350 struct dx_hash_info *hinfo,
2351 const struct ext4_str *iname,
2352 struct ext4_str *oname);
2353int ext4_fname_disk_to_usr(struct inode *inode,
2354 struct dx_hash_info *hinfo,
2355 const struct ext4_dir_entry_2 *de,
2356 struct ext4_str *oname);
2357int ext4_fname_usr_to_disk(struct inode *inode,
2358 const struct qstr *iname,
2359 struct ext4_str *oname);
2360#ifdef CONFIG_EXT4_FS_ENCRYPTION 2300#ifdef CONFIG_EXT4_FS_ENCRYPTION
2361void ext4_fname_crypto_free_buffer(struct ext4_str *crypto_str);
2362int ext4_fname_setup_filename(struct inode *dir, const struct qstr *iname,
2363 int lookup, struct ext4_filename *fname);
2364void ext4_fname_free_filename(struct ext4_filename *fname);
2365#else
2366static inline
2367int ext4_setup_fname_crypto(struct inode *inode)
2368{
2369 return 0;
2370}
2371static inline void ext4_fname_crypto_free_buffer(struct ext4_str *p) { }
2372static inline int ext4_fname_setup_filename(struct inode *dir, 2301static inline int ext4_fname_setup_filename(struct inode *dir,
2373 const struct qstr *iname, 2302 const struct qstr *iname,
2374 int lookup, struct ext4_filename *fname) 2303 int lookup, struct ext4_filename *fname)
2375{ 2304{
2376 fname->usr_fname = iname; 2305 struct fscrypt_name name;
2377 fname->disk_name.name = (unsigned char *) iname->name; 2306 int err;
2378 fname->disk_name.len = iname->len;
2379 return 0;
2380}
2381static inline void ext4_fname_free_filename(struct ext4_filename *fname) { }
2382#endif
2383
2384 2307
2385/* crypto_key.c */ 2308 memset(fname, 0, sizeof(struct ext4_filename));
2386void ext4_free_crypt_info(struct ext4_crypt_info *ci);
2387void ext4_free_encryption_info(struct inode *inode, struct ext4_crypt_info *ci);
2388int _ext4_get_encryption_info(struct inode *inode);
2389 2309
2390#ifdef CONFIG_EXT4_FS_ENCRYPTION 2310 err = fscrypt_setup_filename(dir, iname, lookup, &name);
2391int ext4_has_encryption_key(struct inode *inode);
2392 2311
2393static inline int ext4_get_encryption_info(struct inode *inode) 2312 fname->usr_fname = name.usr_fname;
2394{ 2313 fname->disk_name = name.disk_name;
2395 struct ext4_crypt_info *ci = EXT4_I(inode)->i_crypt_info; 2314 fname->hinfo.hash = name.hash;
2396 2315 fname->hinfo.minor_hash = name.minor_hash;
2397 if (!ci || 2316 fname->crypto_buf = name.crypto_buf;
2398 (ci->ci_keyring_key && 2317 return err;
2399 (ci->ci_keyring_key->flags & ((1 << KEY_FLAG_INVALIDATED) |
2400 (1 << KEY_FLAG_REVOKED) |
2401 (1 << KEY_FLAG_DEAD)))))
2402 return _ext4_get_encryption_info(inode);
2403 return 0;
2404} 2318}
2405 2319
2406static inline struct ext4_crypt_info *ext4_encryption_info(struct inode *inode) 2320static inline void ext4_fname_free_filename(struct ext4_filename *fname)
2407{ 2321{
2408 return EXT4_I(inode)->i_crypt_info; 2322 struct fscrypt_name name;
2409}
2410 2323
2411#else 2324 name.crypto_buf = fname->crypto_buf;
2412static inline int ext4_has_encryption_key(struct inode *inode) 2325 fscrypt_free_filename(&name);
2413{ 2326
2414 return 0; 2327 fname->crypto_buf.name = NULL;
2328 fname->usr_fname = NULL;
2329 fname->disk_name.name = NULL;
2415} 2330}
2416static inline int ext4_get_encryption_info(struct inode *inode) 2331#else
2332static inline int ext4_fname_setup_filename(struct inode *dir,
2333 const struct qstr *iname,
2334 int lookup, struct ext4_filename *fname)
2417{ 2335{
2336 fname->usr_fname = iname;
2337 fname->disk_name.name = (unsigned char *) iname->name;
2338 fname->disk_name.len = iname->len;
2418 return 0; 2339 return 0;
2419} 2340}
2420static inline struct ext4_crypt_info *ext4_encryption_info(struct inode *inode) 2341static inline void ext4_fname_free_filename(struct ext4_filename *fname) { }
2421{
2422 return NULL;
2423}
2424#endif
2425 2342
2343#define fscrypt_set_d_op(i)
2344#define fscrypt_get_ctx fscrypt_notsupp_get_ctx
2345#define fscrypt_release_ctx fscrypt_notsupp_release_ctx
2346#define fscrypt_encrypt_page fscrypt_notsupp_encrypt_page
2347#define fscrypt_decrypt_page fscrypt_notsupp_decrypt_page
2348#define fscrypt_decrypt_bio_pages fscrypt_notsupp_decrypt_bio_pages
2349#define fscrypt_pullback_bio_page fscrypt_notsupp_pullback_bio_page
2350#define fscrypt_restore_control_page fscrypt_notsupp_restore_control_page
2351#define fscrypt_zeroout_range fscrypt_notsupp_zeroout_range
2352#define fscrypt_process_policy fscrypt_notsupp_process_policy
2353#define fscrypt_get_policy fscrypt_notsupp_get_policy
2354#define fscrypt_has_permitted_context fscrypt_notsupp_has_permitted_context
2355#define fscrypt_inherit_context fscrypt_notsupp_inherit_context
2356#define fscrypt_get_encryption_info fscrypt_notsupp_get_encryption_info
2357#define fscrypt_put_encryption_info fscrypt_notsupp_put_encryption_info
2358#define fscrypt_setup_filename fscrypt_notsupp_setup_filename
2359#define fscrypt_free_filename fscrypt_notsupp_free_filename
2360#define fscrypt_fname_encrypted_size fscrypt_notsupp_fname_encrypted_size
2361#define fscrypt_fname_alloc_buffer fscrypt_notsupp_fname_alloc_buffer
2362#define fscrypt_fname_free_buffer fscrypt_notsupp_fname_free_buffer
2363#define fscrypt_fname_disk_to_usr fscrypt_notsupp_fname_disk_to_usr
2364#define fscrypt_fname_usr_to_disk fscrypt_notsupp_fname_usr_to_disk
2365#endif
2426 2366
2427/* dir.c */ 2367/* dir.c */
2428extern int __ext4_check_dir_entry(const char *, unsigned int, struct inode *, 2368extern int __ext4_check_dir_entry(const char *, unsigned int, struct inode *,
@@ -2436,7 +2376,7 @@ extern int __ext4_check_dir_entry(const char *, unsigned int, struct inode *,
2436extern int ext4_htree_store_dirent(struct file *dir_file, __u32 hash, 2376extern int ext4_htree_store_dirent(struct file *dir_file, __u32 hash,
2437 __u32 minor_hash, 2377 __u32 minor_hash,
2438 struct ext4_dir_entry_2 *dirent, 2378 struct ext4_dir_entry_2 *dirent,
2439 struct ext4_str *ent_name); 2379 struct fscrypt_str *ent_name);
2440extern void ext4_htree_free_dir_info(struct dir_private_info *p); 2380extern void ext4_htree_free_dir_info(struct dir_private_info *p);
2441extern int ext4_find_dest_de(struct inode *dir, struct inode *inode, 2381extern int ext4_find_dest_de(struct inode *dir, struct inode *inode,
2442 struct buffer_head *bh, 2382 struct buffer_head *bh,
@@ -2624,7 +2564,7 @@ extern int ext4_generic_delete_entry(handle_t *handle,
2624 void *entry_buf, 2564 void *entry_buf,
2625 int buf_size, 2565 int buf_size,
2626 int csum_size); 2566 int csum_size);
2627extern int ext4_empty_dir(struct inode *inode); 2567extern bool ext4_empty_dir(struct inode *inode);
2628 2568
2629/* resize.c */ 2569/* resize.c */
2630extern int ext4_group_add(struct super_block *sb, 2570extern int ext4_group_add(struct super_block *sb,
@@ -3106,7 +3046,7 @@ extern int ext4_delete_inline_entry(handle_t *handle,
3106 struct ext4_dir_entry_2 *de_del, 3046 struct ext4_dir_entry_2 *de_del,
3107 struct buffer_head *bh, 3047 struct buffer_head *bh,
3108 int *has_inline_data); 3048 int *has_inline_data);
3109extern int empty_inline_dir(struct inode *dir, int *has_inline_data); 3049extern bool empty_inline_dir(struct inode *dir, int *has_inline_data);
3110extern struct buffer_head *ext4_get_first_inline_block(struct inode *inode, 3050extern struct buffer_head *ext4_get_first_inline_block(struct inode *inode,
3111 struct ext4_dir_entry_2 **parent_de, 3051 struct ext4_dir_entry_2 **parent_de,
3112 int *retval); 3052 int *retval);
diff --git a/fs/ext4/ext4_crypto.h b/fs/ext4/ext4_crypto.h
deleted file mode 100644
index 1f73c29717e1..000000000000
--- a/fs/ext4/ext4_crypto.h
+++ /dev/null
@@ -1,159 +0,0 @@
1/*
2 * linux/fs/ext4/ext4_crypto.h
3 *
4 * Copyright (C) 2015, Google, Inc.
5 *
6 * This contains encryption header content for ext4
7 *
8 * Written by Michael Halcrow, 2015.
9 */
10
11#ifndef _EXT4_CRYPTO_H
12#define _EXT4_CRYPTO_H
13
14#include <linux/fs.h>
15
16#define EXT4_KEY_DESCRIPTOR_SIZE 8
17
18/* Policy provided via an ioctl on the topmost directory */
19struct ext4_encryption_policy {
20 char version;
21 char contents_encryption_mode;
22 char filenames_encryption_mode;
23 char flags;
24 char master_key_descriptor[EXT4_KEY_DESCRIPTOR_SIZE];
25} __attribute__((__packed__));
26
27#define EXT4_ENCRYPTION_CONTEXT_FORMAT_V1 1
28#define EXT4_KEY_DERIVATION_NONCE_SIZE 16
29
30#define EXT4_POLICY_FLAGS_PAD_4 0x00
31#define EXT4_POLICY_FLAGS_PAD_8 0x01
32#define EXT4_POLICY_FLAGS_PAD_16 0x02
33#define EXT4_POLICY_FLAGS_PAD_32 0x03
34#define EXT4_POLICY_FLAGS_PAD_MASK 0x03
35#define EXT4_POLICY_FLAGS_VALID 0x03
36
37/**
38 * Encryption context for inode
39 *
40 * Protector format:
41 * 1 byte: Protector format (1 = this version)
42 * 1 byte: File contents encryption mode
43 * 1 byte: File names encryption mode
44 * 1 byte: Reserved
45 * 8 bytes: Master Key descriptor
46 * 16 bytes: Encryption Key derivation nonce
47 */
48struct ext4_encryption_context {
49 char format;
50 char contents_encryption_mode;
51 char filenames_encryption_mode;
52 char flags;
53 char master_key_descriptor[EXT4_KEY_DESCRIPTOR_SIZE];
54 char nonce[EXT4_KEY_DERIVATION_NONCE_SIZE];
55} __attribute__((__packed__));
56
57/* Encryption parameters */
58#define EXT4_XTS_TWEAK_SIZE 16
59#define EXT4_AES_128_ECB_KEY_SIZE 16
60#define EXT4_AES_256_GCM_KEY_SIZE 32
61#define EXT4_AES_256_CBC_KEY_SIZE 32
62#define EXT4_AES_256_CTS_KEY_SIZE 32
63#define EXT4_AES_256_XTS_KEY_SIZE 64
64#define EXT4_MAX_KEY_SIZE 64
65
66#define EXT4_KEY_DESC_PREFIX "ext4:"
67#define EXT4_KEY_DESC_PREFIX_SIZE 5
68
69/* This is passed in from userspace into the kernel keyring */
70struct ext4_encryption_key {
71 __u32 mode;
72 char raw[EXT4_MAX_KEY_SIZE];
73 __u32 size;
74} __attribute__((__packed__));
75
76struct ext4_crypt_info {
77 char ci_data_mode;
78 char ci_filename_mode;
79 char ci_flags;
80 struct crypto_skcipher *ci_ctfm;
81 struct key *ci_keyring_key;
82 char ci_master_key[EXT4_KEY_DESCRIPTOR_SIZE];
83};
84
85#define EXT4_CTX_REQUIRES_FREE_ENCRYPT_FL 0x00000001
86#define EXT4_WRITE_PATH_FL 0x00000002
87
88struct ext4_crypto_ctx {
89 union {
90 struct {
91 struct page *bounce_page; /* Ciphertext page */
92 struct page *control_page; /* Original page */
93 } w;
94 struct {
95 struct bio *bio;
96 struct work_struct work;
97 } r;
98 struct list_head free_list; /* Free list */
99 };
100 char flags; /* Flags */
101 char mode; /* Encryption mode for tfm */
102};
103
104struct ext4_completion_result {
105 struct completion completion;
106 int res;
107};
108
109#define DECLARE_EXT4_COMPLETION_RESULT(ecr) \
110 struct ext4_completion_result ecr = { \
111 COMPLETION_INITIALIZER((ecr).completion), 0 }
112
113static inline int ext4_encryption_key_size(int mode)
114{
115 switch (mode) {
116 case EXT4_ENCRYPTION_MODE_AES_256_XTS:
117 return EXT4_AES_256_XTS_KEY_SIZE;
118 case EXT4_ENCRYPTION_MODE_AES_256_GCM:
119 return EXT4_AES_256_GCM_KEY_SIZE;
120 case EXT4_ENCRYPTION_MODE_AES_256_CBC:
121 return EXT4_AES_256_CBC_KEY_SIZE;
122 case EXT4_ENCRYPTION_MODE_AES_256_CTS:
123 return EXT4_AES_256_CTS_KEY_SIZE;
124 default:
125 BUG();
126 }
127 return 0;
128}
129
130#define EXT4_FNAME_NUM_SCATTER_ENTRIES 4
131#define EXT4_CRYPTO_BLOCK_SIZE 16
132#define EXT4_FNAME_CRYPTO_DIGEST_SIZE 32
133
134struct ext4_str {
135 unsigned char *name;
136 u32 len;
137};
138
139/**
140 * For encrypted symlinks, the ciphertext length is stored at the beginning
141 * of the string in little-endian format.
142 */
143struct ext4_encrypted_symlink_data {
144 __le16 len;
145 char encrypted_path[1];
146} __attribute__((__packed__));
147
148/**
149 * This function is used to calculate the disk space required to
150 * store a filename of length l in encrypted symlink format.
151 */
152static inline u32 encrypted_symlink_data_len(u32 l)
153{
154 if (l < EXT4_CRYPTO_BLOCK_SIZE)
155 l = EXT4_CRYPTO_BLOCK_SIZE;
156 return (l + sizeof(struct ext4_encrypted_symlink_data) - 1);
157}
158
159#endif /* _EXT4_CRYPTO_H */
diff --git a/fs/ext4/file.c b/fs/ext4/file.c
index df44c877892a..4f615cdd22ca 100644
--- a/fs/ext4/file.c
+++ b/fs/ext4/file.c
@@ -303,10 +303,10 @@ static int ext4_file_mmap(struct file *file, struct vm_area_struct *vma)
303 struct inode *inode = file->f_mapping->host; 303 struct inode *inode = file->f_mapping->host;
304 304
305 if (ext4_encrypted_inode(inode)) { 305 if (ext4_encrypted_inode(inode)) {
306 int err = ext4_get_encryption_info(inode); 306 int err = fscrypt_get_encryption_info(inode);
307 if (err) 307 if (err)
308 return 0; 308 return 0;
309 if (ext4_encryption_info(inode) == NULL) 309 if (!fscrypt_has_encryption_key(inode))
310 return -ENOKEY; 310 return -ENOKEY;
311 } 311 }
312 file_accessed(file); 312 file_accessed(file);
@@ -362,16 +362,16 @@ static int ext4_file_open(struct inode * inode, struct file * filp)
362 } 362 }
363 } 363 }
364 if (ext4_encrypted_inode(inode)) { 364 if (ext4_encrypted_inode(inode)) {
365 ret = ext4_get_encryption_info(inode); 365 ret = fscrypt_get_encryption_info(inode);
366 if (ret) 366 if (ret)
367 return -EACCES; 367 return -EACCES;
368 if (ext4_encryption_info(inode) == NULL) 368 if (!fscrypt_has_encryption_key(inode))
369 return -ENOKEY; 369 return -ENOKEY;
370 } 370 }
371 371
372 dir = dget_parent(file_dentry(filp)); 372 dir = dget_parent(file_dentry(filp));
373 if (ext4_encrypted_inode(d_inode(dir)) && 373 if (ext4_encrypted_inode(d_inode(dir)) &&
374 !ext4_is_child_context_consistent_with_parent(d_inode(dir), inode)) { 374 !fscrypt_has_permitted_context(d_inode(dir), inode)) {
375 ext4_warning(inode->i_sb, 375 ext4_warning(inode->i_sb,
376 "Inconsistent encryption contexts: %lu/%lu", 376 "Inconsistent encryption contexts: %lu/%lu",
377 (unsigned long) d_inode(dir)->i_ino, 377 (unsigned long) d_inode(dir)->i_ino,
diff --git a/fs/ext4/ialloc.c b/fs/ext4/ialloc.c
index 3da4cf8d18b6..35f351895b89 100644
--- a/fs/ext4/ialloc.c
+++ b/fs/ext4/ialloc.c
@@ -767,10 +767,10 @@ struct inode *__ext4_new_inode(handle_t *handle, struct inode *dir,
767 if ((ext4_encrypted_inode(dir) || 767 if ((ext4_encrypted_inode(dir) ||
768 DUMMY_ENCRYPTION_ENABLED(EXT4_SB(dir->i_sb))) && 768 DUMMY_ENCRYPTION_ENABLED(EXT4_SB(dir->i_sb))) &&
769 (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode))) { 769 (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode))) {
770 err = ext4_get_encryption_info(dir); 770 err = fscrypt_get_encryption_info(dir);
771 if (err) 771 if (err)
772 return ERR_PTR(err); 772 return ERR_PTR(err);
773 if (ext4_encryption_info(dir) == NULL) 773 if (!fscrypt_has_encryption_key(dir))
774 return ERR_PTR(-EPERM); 774 return ERR_PTR(-EPERM);
775 if (!handle) 775 if (!handle)
776 nblocks += EXT4_DATA_TRANS_BLOCKS(dir->i_sb); 776 nblocks += EXT4_DATA_TRANS_BLOCKS(dir->i_sb);
@@ -1115,7 +1115,8 @@ got:
1115 } 1115 }
1116 1116
1117 if (encrypt) { 1117 if (encrypt) {
1118 err = ext4_inherit_context(dir, inode); 1118 /* give pointer to avoid set_context with journal ops. */
1119 err = fscrypt_inherit_context(dir, inode, &encrypt, true);
1119 if (err) 1120 if (err)
1120 goto fail_free_drop; 1121 goto fail_free_drop;
1121 } 1122 }
diff --git a/fs/ext4/inline.c b/fs/ext4/inline.c
index ff7538c26992..f74d5ee2cdec 100644
--- a/fs/ext4/inline.c
+++ b/fs/ext4/inline.c
@@ -1326,7 +1326,7 @@ int htree_inlinedir_to_tree(struct file *dir_file,
1326 struct ext4_iloc iloc; 1326 struct ext4_iloc iloc;
1327 void *dir_buf = NULL; 1327 void *dir_buf = NULL;
1328 struct ext4_dir_entry_2 fake; 1328 struct ext4_dir_entry_2 fake;
1329 struct ext4_str tmp_str; 1329 struct fscrypt_str tmp_str;
1330 1330
1331 ret = ext4_get_inode_loc(inode, &iloc); 1331 ret = ext4_get_inode_loc(inode, &iloc);
1332 if (ret) 1332 if (ret)
@@ -1739,20 +1739,20 @@ ext4_get_inline_entry(struct inode *inode,
1739 return (struct ext4_dir_entry_2 *)(inline_pos + offset); 1739 return (struct ext4_dir_entry_2 *)(inline_pos + offset);
1740} 1740}
1741 1741
1742int empty_inline_dir(struct inode *dir, int *has_inline_data) 1742bool empty_inline_dir(struct inode *dir, int *has_inline_data)
1743{ 1743{
1744 int err, inline_size; 1744 int err, inline_size;
1745 struct ext4_iloc iloc; 1745 struct ext4_iloc iloc;
1746 void *inline_pos; 1746 void *inline_pos;
1747 unsigned int offset; 1747 unsigned int offset;
1748 struct ext4_dir_entry_2 *de; 1748 struct ext4_dir_entry_2 *de;
1749 int ret = 1; 1749 bool ret = true;
1750 1750
1751 err = ext4_get_inode_loc(dir, &iloc); 1751 err = ext4_get_inode_loc(dir, &iloc);
1752 if (err) { 1752 if (err) {
1753 EXT4_ERROR_INODE(dir, "error %d getting inode %lu block", 1753 EXT4_ERROR_INODE(dir, "error %d getting inode %lu block",
1754 err, dir->i_ino); 1754 err, dir->i_ino);
1755 return 1; 1755 return true;
1756 } 1756 }
1757 1757
1758 down_read(&EXT4_I(dir)->xattr_sem); 1758 down_read(&EXT4_I(dir)->xattr_sem);
@@ -1766,7 +1766,7 @@ int empty_inline_dir(struct inode *dir, int *has_inline_data)
1766 ext4_warning(dir->i_sb, 1766 ext4_warning(dir->i_sb,
1767 "bad inline directory (dir #%lu) - no `..'", 1767 "bad inline directory (dir #%lu) - no `..'",
1768 dir->i_ino); 1768 dir->i_ino);
1769 ret = 1; 1769 ret = true;
1770 goto out; 1770 goto out;
1771 } 1771 }
1772 1772
@@ -1784,11 +1784,11 @@ int empty_inline_dir(struct inode *dir, int *has_inline_data)
1784 dir->i_ino, le32_to_cpu(de->inode), 1784 dir->i_ino, le32_to_cpu(de->inode),
1785 le16_to_cpu(de->rec_len), de->name_len, 1785 le16_to_cpu(de->rec_len), de->name_len,
1786 inline_size); 1786 inline_size);
1787 ret = 1; 1787 ret = true;
1788 goto out; 1788 goto out;
1789 } 1789 }
1790 if (le32_to_cpu(de->inode)) { 1790 if (le32_to_cpu(de->inode)) {
1791 ret = 0; 1791 ret = false;
1792 goto out; 1792 goto out;
1793 } 1793 }
1794 offset += ext4_rec_len_from_disk(de->rec_len, inline_size); 1794 offset += ext4_rec_len_from_disk(de->rec_len, inline_size);
diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
index ea39d191dbcb..5a6277d80f7c 100644
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -392,7 +392,7 @@ int ext4_issue_zeroout(struct inode *inode, ext4_lblk_t lblk, ext4_fsblk_t pblk,
392 int ret; 392 int ret;
393 393
394 if (ext4_encrypted_inode(inode)) 394 if (ext4_encrypted_inode(inode))
395 return ext4_encrypted_zeroout(inode, lblk, pblk, len); 395 return fscrypt_zeroout_range(inode, lblk, pblk, len);
396 396
397 ret = sb_issue_zeroout(inode->i_sb, pblk, len, GFP_NOFS); 397 ret = sb_issue_zeroout(inode->i_sb, pblk, len, GFP_NOFS);
398 if (ret > 0) 398 if (ret > 0)
@@ -1158,7 +1158,7 @@ static int ext4_block_write_begin(struct page *page, loff_t pos, unsigned len,
1158 if (unlikely(err)) 1158 if (unlikely(err))
1159 page_zero_new_buffers(page, from, to); 1159 page_zero_new_buffers(page, from, to);
1160 else if (decrypt) 1160 else if (decrypt)
1161 err = ext4_decrypt(page); 1161 err = fscrypt_decrypt_page(page);
1162 return err; 1162 return err;
1163} 1163}
1164#endif 1164#endif
@@ -3735,9 +3735,9 @@ static int __ext4_block_zero_page_range(handle_t *handle,
3735 if (S_ISREG(inode->i_mode) && 3735 if (S_ISREG(inode->i_mode) &&
3736 ext4_encrypted_inode(inode)) { 3736 ext4_encrypted_inode(inode)) {
3737 /* We expect the key to be set. */ 3737 /* We expect the key to be set. */
3738 BUG_ON(!ext4_has_encryption_key(inode)); 3738 BUG_ON(!fscrypt_has_encryption_key(inode));
3739 BUG_ON(blocksize != PAGE_SIZE); 3739 BUG_ON(blocksize != PAGE_SIZE);
3740 WARN_ON_ONCE(ext4_decrypt(page)); 3740 WARN_ON_ONCE(fscrypt_decrypt_page(page));
3741 } 3741 }
3742 } 3742 }
3743 if (ext4_should_journal_data(inode)) { 3743 if (ext4_should_journal_data(inode)) {
diff --git a/fs/ext4/ioctl.c b/fs/ext4/ioctl.c
index b5a39b00265e..10686fd67fb4 100644
--- a/fs/ext4/ioctl.c
+++ b/fs/ext4/ioctl.c
@@ -770,19 +770,13 @@ resizefs_out:
770 return ext4_ext_precache(inode); 770 return ext4_ext_precache(inode);
771 case EXT4_IOC_SET_ENCRYPTION_POLICY: { 771 case EXT4_IOC_SET_ENCRYPTION_POLICY: {
772#ifdef CONFIG_EXT4_FS_ENCRYPTION 772#ifdef CONFIG_EXT4_FS_ENCRYPTION
773 struct ext4_encryption_policy policy; 773 struct fscrypt_policy policy;
774 int err = 0;
775 774
776 if (copy_from_user(&policy, 775 if (copy_from_user(&policy,
777 (struct ext4_encryption_policy __user *)arg, 776 (struct fscrypt_policy __user *)arg,
778 sizeof(policy))) { 777 sizeof(policy)))
779 err = -EFAULT; 778 return -EFAULT;
780 goto encryption_policy_out; 779 return fscrypt_process_policy(inode, &policy);
781 }
782
783 err = ext4_process_policy(&policy, inode);
784encryption_policy_out:
785 return err;
786#else 780#else
787 return -EOPNOTSUPP; 781 return -EOPNOTSUPP;
788#endif 782#endif
@@ -825,12 +819,12 @@ encryption_policy_out:
825 } 819 }
826 case EXT4_IOC_GET_ENCRYPTION_POLICY: { 820 case EXT4_IOC_GET_ENCRYPTION_POLICY: {
827#ifdef CONFIG_EXT4_FS_ENCRYPTION 821#ifdef CONFIG_EXT4_FS_ENCRYPTION
828 struct ext4_encryption_policy policy; 822 struct fscrypt_policy policy;
829 int err = 0; 823 int err = 0;
830 824
831 if (!ext4_encrypted_inode(inode)) 825 if (!ext4_encrypted_inode(inode))
832 return -ENOENT; 826 return -ENOENT;
833 err = ext4_get_policy(inode, &policy); 827 err = fscrypt_get_policy(inode, &policy);
834 if (err) 828 if (err)
835 return err; 829 return err;
836 if (copy_to_user((void __user *)arg, &policy, sizeof(policy))) 830 if (copy_to_user((void __user *)arg, &policy, sizeof(policy)))
diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c
index 94d22e78a7dd..4637c439ca54 100644
--- a/fs/ext4/namei.c
+++ b/fs/ext4/namei.c
@@ -611,19 +611,19 @@ static struct stats dx_show_leaf(struct inode *dir,
611#ifdef CONFIG_EXT4_FS_ENCRYPTION 611#ifdef CONFIG_EXT4_FS_ENCRYPTION
612 int len; 612 int len;
613 char *name; 613 char *name;
614 struct ext4_str fname_crypto_str 614 struct fscrypt_str fname_crypto_str =
615 = {.name = NULL, .len = 0}; 615 FSTR_INIT(NULL, 0);
616 int res = 0; 616 int res = 0;
617 617
618 name = de->name; 618 name = de->name;
619 len = de->name_len; 619 len = de->name_len;
620 if (ext4_encrypted_inode(inode)) 620 if (ext4_encrypted_inode(dir))
621 res = ext4_get_encryption_info(dir); 621 res = fscrypt_get_encryption_info(dir);
622 if (res) { 622 if (res) {
623 printk(KERN_WARNING "Error setting up" 623 printk(KERN_WARNING "Error setting up"
624 " fname crypto: %d\n", res); 624 " fname crypto: %d\n", res);
625 } 625 }
626 if (ctx == NULL) { 626 if (!fscrypt_has_encryption_key(dir)) {
627 /* Directory is not encrypted */ 627 /* Directory is not encrypted */
628 ext4fs_dirhash(de->name, 628 ext4fs_dirhash(de->name,
629 de->name_len, &h); 629 de->name_len, &h);
@@ -632,19 +632,21 @@ static struct stats dx_show_leaf(struct inode *dir,
632 (unsigned) ((char *) de 632 (unsigned) ((char *) de
633 - base)); 633 - base));
634 } else { 634 } else {
635 struct fscrypt_str de_name =
636 FSTR_INIT(name, len);
637
635 /* Directory is encrypted */ 638 /* Directory is encrypted */
636 res = ext4_fname_crypto_alloc_buffer( 639 res = fscrypt_fname_alloc_buffer(
637 ctx, de->name_len, 640 dir, len,
638 &fname_crypto_str); 641 &fname_crypto_str);
639 if (res < 0) { 642 if (res < 0)
640 printk(KERN_WARNING "Error " 643 printk(KERN_WARNING "Error "
641 "allocating crypto " 644 "allocating crypto "
642 "buffer--skipping " 645 "buffer--skipping "
643 "crypto\n"); 646 "crypto\n");
644 ctx = NULL; 647 res = fscrypt_fname_disk_to_usr(dir,
645 } 648 0, 0, &de_name,
646 res = ext4_fname_disk_to_usr(ctx, NULL, de, 649 &fname_crypto_str);
647 &fname_crypto_str);
648 if (res < 0) { 650 if (res < 0) {
649 printk(KERN_WARNING "Error " 651 printk(KERN_WARNING "Error "
650 "converting filename " 652 "converting filename "
@@ -661,8 +663,8 @@ static struct stats dx_show_leaf(struct inode *dir,
661 printk("%*.s:(E)%x.%u ", len, name, 663 printk("%*.s:(E)%x.%u ", len, name,
662 h.hash, (unsigned) ((char *) de 664 h.hash, (unsigned) ((char *) de
663 - base)); 665 - base));
664 ext4_fname_crypto_free_buffer( 666 fscrypt_fname_free_buffer(
665 &fname_crypto_str); 667 &fname_crypto_str);
666 } 668 }
667#else 669#else
668 int len = de->name_len; 670 int len = de->name_len;
@@ -951,7 +953,7 @@ static int htree_dirblock_to_tree(struct file *dir_file,
951 struct buffer_head *bh; 953 struct buffer_head *bh;
952 struct ext4_dir_entry_2 *de, *top; 954 struct ext4_dir_entry_2 *de, *top;
953 int err = 0, count = 0; 955 int err = 0, count = 0;
954 struct ext4_str fname_crypto_str = {.name = NULL, .len = 0}, tmp_str; 956 struct fscrypt_str fname_crypto_str = FSTR_INIT(NULL, 0), tmp_str;
955 957
956 dxtrace(printk(KERN_INFO "In htree dirblock_to_tree: block %lu\n", 958 dxtrace(printk(KERN_INFO "In htree dirblock_to_tree: block %lu\n",
957 (unsigned long)block)); 959 (unsigned long)block));
@@ -966,12 +968,12 @@ static int htree_dirblock_to_tree(struct file *dir_file,
966#ifdef CONFIG_EXT4_FS_ENCRYPTION 968#ifdef CONFIG_EXT4_FS_ENCRYPTION
967 /* Check if the directory is encrypted */ 969 /* Check if the directory is encrypted */
968 if (ext4_encrypted_inode(dir)) { 970 if (ext4_encrypted_inode(dir)) {
969 err = ext4_get_encryption_info(dir); 971 err = fscrypt_get_encryption_info(dir);
970 if (err < 0) { 972 if (err < 0) {
971 brelse(bh); 973 brelse(bh);
972 return err; 974 return err;
973 } 975 }
974 err = ext4_fname_crypto_alloc_buffer(dir, EXT4_NAME_LEN, 976 err = fscrypt_fname_alloc_buffer(dir, EXT4_NAME_LEN,
975 &fname_crypto_str); 977 &fname_crypto_str);
976 if (err < 0) { 978 if (err < 0) {
977 brelse(bh); 979 brelse(bh);
@@ -1002,10 +1004,13 @@ static int htree_dirblock_to_tree(struct file *dir_file,
1002 &tmp_str); 1004 &tmp_str);
1003 } else { 1005 } else {
1004 int save_len = fname_crypto_str.len; 1006 int save_len = fname_crypto_str.len;
1007 struct fscrypt_str de_name = FSTR_INIT(de->name,
1008 de->name_len);
1005 1009
1006 /* Directory is encrypted */ 1010 /* Directory is encrypted */
1007 err = ext4_fname_disk_to_usr(dir, hinfo, de, 1011 err = fscrypt_fname_disk_to_usr(dir, hinfo->hash,
1008 &fname_crypto_str); 1012 hinfo->minor_hash, &de_name,
1013 &fname_crypto_str);
1009 if (err < 0) { 1014 if (err < 0) {
1010 count = err; 1015 count = err;
1011 goto errout; 1016 goto errout;
@@ -1024,7 +1029,7 @@ static int htree_dirblock_to_tree(struct file *dir_file,
1024errout: 1029errout:
1025 brelse(bh); 1030 brelse(bh);
1026#ifdef CONFIG_EXT4_FS_ENCRYPTION 1031#ifdef CONFIG_EXT4_FS_ENCRYPTION
1027 ext4_fname_crypto_free_buffer(&fname_crypto_str); 1032 fscrypt_fname_free_buffer(&fname_crypto_str);
1028#endif 1033#endif
1029 return count; 1034 return count;
1030} 1035}
@@ -1049,7 +1054,7 @@ int ext4_htree_fill_tree(struct file *dir_file, __u32 start_hash,
1049 int count = 0; 1054 int count = 0;
1050 int ret, err; 1055 int ret, err;
1051 __u32 hashval; 1056 __u32 hashval;
1052 struct ext4_str tmp_str; 1057 struct fscrypt_str tmp_str;
1053 1058
1054 dxtrace(printk(KERN_DEBUG "In htree_fill_tree, start hash: %x:%x\n", 1059 dxtrace(printk(KERN_DEBUG "In htree_fill_tree, start hash: %x:%x\n",
1055 start_hash, start_minor_hash)); 1060 start_hash, start_minor_hash));
@@ -1562,26 +1567,23 @@ static struct dentry *ext4_lookup(struct inode *dir, struct dentry *dentry, unsi
1562 struct ext4_dir_entry_2 *de; 1567 struct ext4_dir_entry_2 *de;
1563 struct buffer_head *bh; 1568 struct buffer_head *bh;
1564 1569
1565 if (ext4_encrypted_inode(dir)) { 1570 if (ext4_encrypted_inode(dir)) {
1566 int res = ext4_get_encryption_info(dir); 1571 int res = fscrypt_get_encryption_info(dir);
1567 1572
1568 /* 1573 /*
1569 * This should be a properly defined flag for 1574 * DCACHE_ENCRYPTED_WITH_KEY is set if the dentry is
1570 * dentry->d_flags when we uplift this to the VFS.
1571 * d_fsdata is set to (void *) 1 if if the dentry is
1572 * created while the directory was encrypted and we 1575 * created while the directory was encrypted and we
1573 * don't have access to the key. 1576 * have access to the key.
1574 */ 1577 */
1575 dentry->d_fsdata = NULL; 1578 if (fscrypt_has_encryption_key(dir))
1576 if (ext4_encryption_info(dir)) 1579 fscrypt_set_encrypted_dentry(dentry);
1577 dentry->d_fsdata = (void *) 1; 1580 fscrypt_set_d_op(dentry);
1578 d_set_d_op(dentry, &ext4_encrypted_d_ops); 1581 if (res && res != -ENOKEY)
1579 if (res && res != -ENOKEY) 1582 return ERR_PTR(res);
1580 return ERR_PTR(res); 1583 }
1581 }
1582 1584
1583 if (dentry->d_name.len > EXT4_NAME_LEN) 1585 if (dentry->d_name.len > EXT4_NAME_LEN)
1584 return ERR_PTR(-ENAMETOOLONG); 1586 return ERR_PTR(-ENAMETOOLONG);
1585 1587
1586 bh = ext4_find_entry(dir, &dentry->d_name, &de, NULL); 1588 bh = ext4_find_entry(dir, &dentry->d_name, &de, NULL);
1587 if (IS_ERR(bh)) 1589 if (IS_ERR(bh))
@@ -1608,11 +1610,9 @@ static struct dentry *ext4_lookup(struct inode *dir, struct dentry *dentry, unsi
1608 } 1610 }
1609 if (!IS_ERR(inode) && ext4_encrypted_inode(dir) && 1611 if (!IS_ERR(inode) && ext4_encrypted_inode(dir) &&
1610 (S_ISDIR(inode->i_mode) || S_ISLNK(inode->i_mode)) && 1612 (S_ISDIR(inode->i_mode) || S_ISLNK(inode->i_mode)) &&
1611 !ext4_is_child_context_consistent_with_parent(dir, 1613 !fscrypt_has_permitted_context(dir, inode)) {
1612 inode)) {
1613 int nokey = ext4_encrypted_inode(inode) && 1614 int nokey = ext4_encrypted_inode(inode) &&
1614 !ext4_encryption_info(inode); 1615 !fscrypt_has_encryption_key(inode);
1615
1616 iput(inode); 1616 iput(inode);
1617 if (nokey) 1617 if (nokey)
1618 return ERR_PTR(-ENOKEY); 1618 return ERR_PTR(-ENOKEY);
@@ -2689,30 +2689,30 @@ out_stop:
2689/* 2689/*
2690 * routine to check that the specified directory is empty (for rmdir) 2690 * routine to check that the specified directory is empty (for rmdir)
2691 */ 2691 */
2692int ext4_empty_dir(struct inode *inode) 2692bool ext4_empty_dir(struct inode *inode)
2693{ 2693{
2694 unsigned int offset; 2694 unsigned int offset;
2695 struct buffer_head *bh; 2695 struct buffer_head *bh;
2696 struct ext4_dir_entry_2 *de, *de1; 2696 struct ext4_dir_entry_2 *de, *de1;
2697 struct super_block *sb; 2697 struct super_block *sb;
2698 int err = 0;
2699 2698
2700 if (ext4_has_inline_data(inode)) { 2699 if (ext4_has_inline_data(inode)) {
2701 int has_inline_data = 1; 2700 int has_inline_data = 1;
2701 int ret;
2702 2702
2703 err = empty_inline_dir(inode, &has_inline_data); 2703 ret = empty_inline_dir(inode, &has_inline_data);
2704 if (has_inline_data) 2704 if (has_inline_data)
2705 return err; 2705 return ret;
2706 } 2706 }
2707 2707
2708 sb = inode->i_sb; 2708 sb = inode->i_sb;
2709 if (inode->i_size < EXT4_DIR_REC_LEN(1) + EXT4_DIR_REC_LEN(2)) { 2709 if (inode->i_size < EXT4_DIR_REC_LEN(1) + EXT4_DIR_REC_LEN(2)) {
2710 EXT4_ERROR_INODE(inode, "invalid size"); 2710 EXT4_ERROR_INODE(inode, "invalid size");
2711 return 1; 2711 return true;
2712 } 2712 }
2713 bh = ext4_read_dirblock(inode, 0, EITHER); 2713 bh = ext4_read_dirblock(inode, 0, EITHER);
2714 if (IS_ERR(bh)) 2714 if (IS_ERR(bh))
2715 return 1; 2715 return true;
2716 2716
2717 de = (struct ext4_dir_entry_2 *) bh->b_data; 2717 de = (struct ext4_dir_entry_2 *) bh->b_data;
2718 de1 = ext4_next_entry(de, sb->s_blocksize); 2718 de1 = ext4_next_entry(de, sb->s_blocksize);
@@ -2721,7 +2721,7 @@ int ext4_empty_dir(struct inode *inode)
2721 strcmp(".", de->name) || strcmp("..", de1->name)) { 2721 strcmp(".", de->name) || strcmp("..", de1->name)) {
2722 ext4_warning_inode(inode, "directory missing '.' and/or '..'"); 2722 ext4_warning_inode(inode, "directory missing '.' and/or '..'");
2723 brelse(bh); 2723 brelse(bh);
2724 return 1; 2724 return true;
2725 } 2725 }
2726 offset = ext4_rec_len_from_disk(de->rec_len, sb->s_blocksize) + 2726 offset = ext4_rec_len_from_disk(de->rec_len, sb->s_blocksize) +
2727 ext4_rec_len_from_disk(de1->rec_len, sb->s_blocksize); 2727 ext4_rec_len_from_disk(de1->rec_len, sb->s_blocksize);
@@ -2729,12 +2729,11 @@ int ext4_empty_dir(struct inode *inode)
2729 while (offset < inode->i_size) { 2729 while (offset < inode->i_size) {
2730 if ((void *) de >= (void *) (bh->b_data+sb->s_blocksize)) { 2730 if ((void *) de >= (void *) (bh->b_data+sb->s_blocksize)) {
2731 unsigned int lblock; 2731 unsigned int lblock;
2732 err = 0;
2733 brelse(bh); 2732 brelse(bh);
2734 lblock = offset >> EXT4_BLOCK_SIZE_BITS(sb); 2733 lblock = offset >> EXT4_BLOCK_SIZE_BITS(sb);
2735 bh = ext4_read_dirblock(inode, lblock, EITHER); 2734 bh = ext4_read_dirblock(inode, lblock, EITHER);
2736 if (IS_ERR(bh)) 2735 if (IS_ERR(bh))
2737 return 1; 2736 return true;
2738 de = (struct ext4_dir_entry_2 *) bh->b_data; 2737 de = (struct ext4_dir_entry_2 *) bh->b_data;
2739 } 2738 }
2740 if (ext4_check_dir_entry(inode, NULL, de, bh, 2739 if (ext4_check_dir_entry(inode, NULL, de, bh,
@@ -2746,13 +2745,13 @@ int ext4_empty_dir(struct inode *inode)
2746 } 2745 }
2747 if (le32_to_cpu(de->inode)) { 2746 if (le32_to_cpu(de->inode)) {
2748 brelse(bh); 2747 brelse(bh);
2749 return 0; 2748 return false;
2750 } 2749 }
2751 offset += ext4_rec_len_from_disk(de->rec_len, sb->s_blocksize); 2750 offset += ext4_rec_len_from_disk(de->rec_len, sb->s_blocksize);
2752 de = ext4_next_entry(de, sb->s_blocksize); 2751 de = ext4_next_entry(de, sb->s_blocksize);
2753 } 2752 }
2754 brelse(bh); 2753 brelse(bh);
2755 return 1; 2754 return true;
2756} 2755}
2757 2756
2758/* 2757/*
@@ -3075,8 +3074,8 @@ static int ext4_symlink(struct inode *dir,
3075 int err, len = strlen(symname); 3074 int err, len = strlen(symname);
3076 int credits; 3075 int credits;
3077 bool encryption_required; 3076 bool encryption_required;
3078 struct ext4_str disk_link; 3077 struct fscrypt_str disk_link;
3079 struct ext4_encrypted_symlink_data *sd = NULL; 3078 struct fscrypt_symlink_data *sd = NULL;
3080 3079
3081 disk_link.len = len + 1; 3080 disk_link.len = len + 1;
3082 disk_link.name = (char *) symname; 3081 disk_link.name = (char *) symname;
@@ -3084,13 +3083,13 @@ static int ext4_symlink(struct inode *dir,
3084 encryption_required = (ext4_encrypted_inode(dir) || 3083 encryption_required = (ext4_encrypted_inode(dir) ||
3085 DUMMY_ENCRYPTION_ENABLED(EXT4_SB(dir->i_sb))); 3084 DUMMY_ENCRYPTION_ENABLED(EXT4_SB(dir->i_sb)));
3086 if (encryption_required) { 3085 if (encryption_required) {
3087 err = ext4_get_encryption_info(dir); 3086 err = fscrypt_get_encryption_info(dir);
3088 if (err) 3087 if (err)
3089 return err; 3088 return err;
3090 if (ext4_encryption_info(dir) == NULL) 3089 if (!fscrypt_has_encryption_key(dir))
3091 return -EPERM; 3090 return -EPERM;
3092 disk_link.len = (ext4_fname_encrypted_size(dir, len) + 3091 disk_link.len = (fscrypt_fname_encrypted_size(dir, len) +
3093 sizeof(struct ext4_encrypted_symlink_data)); 3092 sizeof(struct fscrypt_symlink_data));
3094 sd = kzalloc(disk_link.len, GFP_KERNEL); 3093 sd = kzalloc(disk_link.len, GFP_KERNEL);
3095 if (!sd) 3094 if (!sd)
3096 return -ENOMEM; 3095 return -ENOMEM;
@@ -3138,13 +3137,12 @@ static int ext4_symlink(struct inode *dir,
3138 3137
3139 if (encryption_required) { 3138 if (encryption_required) {
3140 struct qstr istr; 3139 struct qstr istr;
3141 struct ext4_str ostr; 3140 struct fscrypt_str ostr =
3141 FSTR_INIT(sd->encrypted_path, disk_link.len);
3142 3142
3143 istr.name = (const unsigned char *) symname; 3143 istr.name = (const unsigned char *) symname;
3144 istr.len = len; 3144 istr.len = len;
3145 ostr.name = sd->encrypted_path; 3145 err = fscrypt_fname_usr_to_disk(inode, &istr, &ostr);
3146 ostr.len = disk_link.len;
3147 err = ext4_fname_usr_to_disk(inode, &istr, &ostr);
3148 if (err < 0) 3146 if (err < 0)
3149 goto err_drop_inode; 3147 goto err_drop_inode;
3150 sd->len = cpu_to_le16(ostr.len); 3148 sd->len = cpu_to_le16(ostr.len);
@@ -3233,7 +3231,7 @@ static int ext4_link(struct dentry *old_dentry,
3233 if (inode->i_nlink >= EXT4_LINK_MAX) 3231 if (inode->i_nlink >= EXT4_LINK_MAX)
3234 return -EMLINK; 3232 return -EMLINK;
3235 if (ext4_encrypted_inode(dir) && 3233 if (ext4_encrypted_inode(dir) &&
3236 !ext4_is_child_context_consistent_with_parent(dir, inode)) 3234 !fscrypt_has_permitted_context(dir, inode))
3237 return -EPERM; 3235 return -EPERM;
3238 3236
3239 if ((ext4_test_inode_flag(dir, EXT4_INODE_PROJINHERIT)) && 3237 if ((ext4_test_inode_flag(dir, EXT4_INODE_PROJINHERIT)) &&
@@ -3556,8 +3554,7 @@ static int ext4_rename(struct inode *old_dir, struct dentry *old_dentry,
3556 3554
3557 if ((old.dir != new.dir) && 3555 if ((old.dir != new.dir) &&
3558 ext4_encrypted_inode(new.dir) && 3556 ext4_encrypted_inode(new.dir) &&
3559 !ext4_is_child_context_consistent_with_parent(new.dir, 3557 !fscrypt_has_permitted_context(new.dir, old.inode)) {
3560 old.inode)) {
3561 retval = -EPERM; 3558 retval = -EPERM;
3562 goto end_rename; 3559 goto end_rename;
3563 } 3560 }
@@ -3729,10 +3726,8 @@ static int ext4_cross_rename(struct inode *old_dir, struct dentry *old_dentry,
3729 if ((ext4_encrypted_inode(old_dir) || 3726 if ((ext4_encrypted_inode(old_dir) ||
3730 ext4_encrypted_inode(new_dir)) && 3727 ext4_encrypted_inode(new_dir)) &&
3731 (old_dir != new_dir) && 3728 (old_dir != new_dir) &&
3732 (!ext4_is_child_context_consistent_with_parent(new_dir, 3729 (!fscrypt_has_permitted_context(new_dir, old.inode) ||
3733 old.inode) || 3730 !fscrypt_has_permitted_context(old_dir, new.inode)))
3734 !ext4_is_child_context_consistent_with_parent(old_dir,
3735 new.inode)))
3736 return -EPERM; 3731 return -EPERM;
3737 3732
3738 if ((ext4_test_inode_flag(new_dir, EXT4_INODE_PROJINHERIT) && 3733 if ((ext4_test_inode_flag(new_dir, EXT4_INODE_PROJINHERIT) &&
diff --git a/fs/ext4/page-io.c b/fs/ext4/page-io.c
index 2a01df9cc1c3..5ad05af51dd8 100644
--- a/fs/ext4/page-io.c
+++ b/fs/ext4/page-io.c
@@ -24,6 +24,7 @@
24#include <linux/slab.h> 24#include <linux/slab.h>
25#include <linux/mm.h> 25#include <linux/mm.h>
26#include <linux/backing-dev.h> 26#include <linux/backing-dev.h>
27#include <linux/fscrypto.h>
27 28
28#include "ext4_jbd2.h" 29#include "ext4_jbd2.h"
29#include "xattr.h" 30#include "xattr.h"
@@ -67,7 +68,6 @@ static void ext4_finish_bio(struct bio *bio)
67 struct page *page = bvec->bv_page; 68 struct page *page = bvec->bv_page;
68#ifdef CONFIG_EXT4_FS_ENCRYPTION 69#ifdef CONFIG_EXT4_FS_ENCRYPTION
69 struct page *data_page = NULL; 70 struct page *data_page = NULL;
70 struct ext4_crypto_ctx *ctx = NULL;
71#endif 71#endif
72 struct buffer_head *bh, *head; 72 struct buffer_head *bh, *head;
73 unsigned bio_start = bvec->bv_offset; 73 unsigned bio_start = bvec->bv_offset;
@@ -82,8 +82,7 @@ static void ext4_finish_bio(struct bio *bio)
82 if (!page->mapping) { 82 if (!page->mapping) {
83 /* The bounce data pages are unmapped. */ 83 /* The bounce data pages are unmapped. */
84 data_page = page; 84 data_page = page;
85 ctx = (struct ext4_crypto_ctx *)page_private(data_page); 85 fscrypt_pullback_bio_page(&page, false);
86 page = ctx->w.control_page;
87 } 86 }
88#endif 87#endif
89 88
@@ -113,8 +112,8 @@ static void ext4_finish_bio(struct bio *bio)
113 local_irq_restore(flags); 112 local_irq_restore(flags);
114 if (!under_io) { 113 if (!under_io) {
115#ifdef CONFIG_EXT4_FS_ENCRYPTION 114#ifdef CONFIG_EXT4_FS_ENCRYPTION
116 if (ctx) 115 if (data_page)
117 ext4_restore_control_page(data_page); 116 fscrypt_restore_control_page(data_page);
118#endif 117#endif
119 end_page_writeback(page); 118 end_page_writeback(page);
120 } 119 }
@@ -472,7 +471,7 @@ int ext4_bio_write_page(struct ext4_io_submit *io,
472 gfp_t gfp_flags = GFP_NOFS; 471 gfp_t gfp_flags = GFP_NOFS;
473 472
474 retry_encrypt: 473 retry_encrypt:
475 data_page = ext4_encrypt(inode, page, gfp_flags); 474 data_page = fscrypt_encrypt_page(inode, page, gfp_flags);
476 if (IS_ERR(data_page)) { 475 if (IS_ERR(data_page)) {
477 ret = PTR_ERR(data_page); 476 ret = PTR_ERR(data_page);
478 if (ret == -ENOMEM && wbc->sync_mode == WB_SYNC_ALL) { 477 if (ret == -ENOMEM && wbc->sync_mode == WB_SYNC_ALL) {
@@ -510,7 +509,7 @@ int ext4_bio_write_page(struct ext4_io_submit *io,
510 if (ret) { 509 if (ret) {
511 out: 510 out:
512 if (data_page) 511 if (data_page)
513 ext4_restore_control_page(data_page); 512 fscrypt_restore_control_page(data_page);
514 printk_ratelimited(KERN_ERR "%s: ret = %d\n", __func__, ret); 513 printk_ratelimited(KERN_ERR "%s: ret = %d\n", __func__, ret);
515 redirty_page_for_writepage(wbc, page); 514 redirty_page_for_writepage(wbc, page);
516 do { 515 do {
diff --git a/fs/ext4/readpage.c b/fs/ext4/readpage.c
index e24ec3bfe1b5..18b2cf23d40f 100644
--- a/fs/ext4/readpage.c
+++ b/fs/ext4/readpage.c
@@ -46,37 +46,6 @@
46 46
47#include "ext4.h" 47#include "ext4.h"
48 48
49/*
50 * Call ext4_decrypt on every single page, reusing the encryption
51 * context.
52 */
53static void completion_pages(struct work_struct *work)
54{
55#ifdef CONFIG_EXT4_FS_ENCRYPTION
56 struct ext4_crypto_ctx *ctx =
57 container_of(work, struct ext4_crypto_ctx, r.work);
58 struct bio *bio = ctx->r.bio;
59 struct bio_vec *bv;
60 int i;
61
62 bio_for_each_segment_all(bv, bio, i) {
63 struct page *page = bv->bv_page;
64
65 int ret = ext4_decrypt(page);
66 if (ret) {
67 WARN_ON_ONCE(1);
68 SetPageError(page);
69 } else
70 SetPageUptodate(page);
71 unlock_page(page);
72 }
73 ext4_release_crypto_ctx(ctx);
74 bio_put(bio);
75#else
76 BUG();
77#endif
78}
79
80static inline bool ext4_bio_encrypted(struct bio *bio) 49static inline bool ext4_bio_encrypted(struct bio *bio)
81{ 50{
82#ifdef CONFIG_EXT4_FS_ENCRYPTION 51#ifdef CONFIG_EXT4_FS_ENCRYPTION
@@ -104,14 +73,10 @@ static void mpage_end_io(struct bio *bio)
104 int i; 73 int i;
105 74
106 if (ext4_bio_encrypted(bio)) { 75 if (ext4_bio_encrypted(bio)) {
107 struct ext4_crypto_ctx *ctx = bio->bi_private;
108
109 if (bio->bi_error) { 76 if (bio->bi_error) {
110 ext4_release_crypto_ctx(ctx); 77 fscrypt_release_ctx(bio->bi_private);
111 } else { 78 } else {
112 INIT_WORK(&ctx->r.work, completion_pages); 79 fscrypt_decrypt_bio_pages(bio->bi_private, bio);
113 ctx->r.bio = bio;
114 queue_work(ext4_read_workqueue, &ctx->r.work);
115 return; 80 return;
116 } 81 }
117 } 82 }
@@ -274,11 +239,11 @@ int ext4_mpage_readpages(struct address_space *mapping,
274 bio = NULL; 239 bio = NULL;
275 } 240 }
276 if (bio == NULL) { 241 if (bio == NULL) {
277 struct ext4_crypto_ctx *ctx = NULL; 242 struct fscrypt_ctx *ctx = NULL;
278 243
279 if (ext4_encrypted_inode(inode) && 244 if (ext4_encrypted_inode(inode) &&
280 S_ISREG(inode->i_mode)) { 245 S_ISREG(inode->i_mode)) {
281 ctx = ext4_get_crypto_ctx(inode, GFP_NOFS); 246 ctx = fscrypt_get_ctx(inode, GFP_NOFS);
282 if (IS_ERR(ctx)) 247 if (IS_ERR(ctx))
283 goto set_error_page; 248 goto set_error_page;
284 } 249 }
@@ -286,7 +251,7 @@ int ext4_mpage_readpages(struct address_space *mapping,
286 min_t(int, nr_pages, BIO_MAX_PAGES)); 251 min_t(int, nr_pages, BIO_MAX_PAGES));
287 if (!bio) { 252 if (!bio) {
288 if (ctx) 253 if (ctx)
289 ext4_release_crypto_ctx(ctx); 254 fscrypt_release_ctx(ctx);
290 goto set_error_page; 255 goto set_error_page;
291 } 256 }
292 bio->bi_bdev = bdev; 257 bio->bi_bdev = bdev;
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index 13c49af7a06a..1e3fd5c9a72b 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -945,9 +945,6 @@ static struct inode *ext4_alloc_inode(struct super_block *sb)
945 ei->i_datasync_tid = 0; 945 ei->i_datasync_tid = 0;
946 atomic_set(&ei->i_unwritten, 0); 946 atomic_set(&ei->i_unwritten, 0);
947 INIT_WORK(&ei->i_rsv_conversion_work, ext4_end_io_rsv_work); 947 INIT_WORK(&ei->i_rsv_conversion_work, ext4_end_io_rsv_work);
948#ifdef CONFIG_EXT4_FS_ENCRYPTION
949 ei->i_crypt_info = NULL;
950#endif
951 return &ei->vfs_inode; 948 return &ei->vfs_inode;
952} 949}
953 950
@@ -1026,8 +1023,7 @@ void ext4_clear_inode(struct inode *inode)
1026 EXT4_I(inode)->jinode = NULL; 1023 EXT4_I(inode)->jinode = NULL;
1027 } 1024 }
1028#ifdef CONFIG_EXT4_FS_ENCRYPTION 1025#ifdef CONFIG_EXT4_FS_ENCRYPTION
1029 if (EXT4_I(inode)->i_crypt_info) 1026 fscrypt_put_encryption_info(inode, NULL);
1030 ext4_free_encryption_info(inode, EXT4_I(inode)->i_crypt_info);
1031#endif 1027#endif
1032} 1028}
1033 1029
@@ -1094,6 +1090,90 @@ static int bdev_try_to_free_page(struct super_block *sb, struct page *page,
1094 return try_to_free_buffers(page); 1090 return try_to_free_buffers(page);
1095} 1091}
1096 1092
1093#ifdef CONFIG_EXT4_FS_ENCRYPTION
1094static int ext4_get_context(struct inode *inode, void *ctx, size_t len)
1095{
1096 return ext4_xattr_get(inode, EXT4_XATTR_INDEX_ENCRYPTION,
1097 EXT4_XATTR_NAME_ENCRYPTION_CONTEXT, ctx, len);
1098}
1099
1100static int ext4_key_prefix(struct inode *inode, u8 **key)
1101{
1102 *key = EXT4_SB(inode->i_sb)->key_prefix;
1103 return EXT4_SB(inode->i_sb)->key_prefix_size;
1104}
1105
1106static int ext4_prepare_context(struct inode *inode)
1107{
1108 return ext4_convert_inline_data(inode);
1109}
1110
1111static int ext4_set_context(struct inode *inode, const void *ctx, size_t len,
1112 void *fs_data)
1113{
1114 handle_t *handle;
1115 int res, res2;
1116
1117 /* fs_data is null when internally used. */
1118 if (fs_data) {
1119 res = ext4_xattr_set(inode, EXT4_XATTR_INDEX_ENCRYPTION,
1120 EXT4_XATTR_NAME_ENCRYPTION_CONTEXT, ctx,
1121 len, 0);
1122 if (!res) {
1123 ext4_set_inode_flag(inode, EXT4_INODE_ENCRYPT);
1124 ext4_clear_inode_state(inode,
1125 EXT4_STATE_MAY_INLINE_DATA);
1126 }
1127 return res;
1128 }
1129
1130 handle = ext4_journal_start(inode, EXT4_HT_MISC,
1131 ext4_jbd2_credits_xattr(inode));
1132 if (IS_ERR(handle))
1133 return PTR_ERR(handle);
1134
1135 res = ext4_xattr_set(inode, EXT4_XATTR_INDEX_ENCRYPTION,
1136 EXT4_XATTR_NAME_ENCRYPTION_CONTEXT, ctx,
1137 len, 0);
1138 if (!res) {
1139 ext4_set_inode_flag(inode, EXT4_INODE_ENCRYPT);
1140 res = ext4_mark_inode_dirty(handle, inode);
1141 if (res)
1142 EXT4_ERROR_INODE(inode, "Failed to mark inode dirty");
1143 }
1144 res2 = ext4_journal_stop(handle);
1145 if (!res)
1146 res = res2;
1147 return res;
1148}
1149
1150static int ext4_dummy_context(struct inode *inode)
1151{
1152 return DUMMY_ENCRYPTION_ENABLED(EXT4_SB(inode->i_sb));
1153}
1154
1155static unsigned ext4_max_namelen(struct inode *inode)
1156{
1157 return S_ISLNK(inode->i_mode) ? inode->i_sb->s_blocksize :
1158 EXT4_NAME_LEN;
1159}
1160
1161static struct fscrypt_operations ext4_cryptops = {
1162 .get_context = ext4_get_context,
1163 .key_prefix = ext4_key_prefix,
1164 .prepare_context = ext4_prepare_context,
1165 .set_context = ext4_set_context,
1166 .dummy_context = ext4_dummy_context,
1167 .is_encrypted = ext4_encrypted_inode,
1168 .empty_dir = ext4_empty_dir,
1169 .max_namelen = ext4_max_namelen,
1170};
1171#else
1172static struct fscrypt_operations ext4_cryptops = {
1173 .is_encrypted = ext4_encrypted_inode,
1174};
1175#endif
1176
1097#ifdef CONFIG_QUOTA 1177#ifdef CONFIG_QUOTA
1098static char *quotatypes[] = INITQFNAMES; 1178static char *quotatypes[] = INITQFNAMES;
1099#define QTYPE2NAME(t) (quotatypes[t]) 1179#define QTYPE2NAME(t) (quotatypes[t])
@@ -3693,6 +3773,7 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent)
3693 sb->s_op = &ext4_sops; 3773 sb->s_op = &ext4_sops;
3694 sb->s_export_op = &ext4_export_ops; 3774 sb->s_export_op = &ext4_export_ops;
3695 sb->s_xattr = ext4_xattr_handlers; 3775 sb->s_xattr = ext4_xattr_handlers;
3776 sb->s_cop = &ext4_cryptops;
3696#ifdef CONFIG_QUOTA 3777#ifdef CONFIG_QUOTA
3697 sb->dq_op = &ext4_quota_operations; 3778 sb->dq_op = &ext4_quota_operations;
3698 if (ext4_has_feature_quota(sb)) 3779 if (ext4_has_feature_quota(sb))
@@ -4003,6 +4084,11 @@ no_journal:
4003 ratelimit_state_init(&sbi->s_msg_ratelimit_state, 5 * HZ, 10); 4084 ratelimit_state_init(&sbi->s_msg_ratelimit_state, 5 * HZ, 10);
4004 4085
4005 kfree(orig_data); 4086 kfree(orig_data);
4087#ifdef CONFIG_EXT4_FS_ENCRYPTION
4088 memcpy(sbi->key_prefix, EXT4_KEY_DESC_PREFIX,
4089 EXT4_KEY_DESC_PREFIX_SIZE);
4090 sbi->key_prefix_size = EXT4_KEY_DESC_PREFIX_SIZE;
4091#endif
4006 return 0; 4092 return 0;
4007 4093
4008cantfind_ext4: 4094cantfind_ext4:
@@ -5431,7 +5517,6 @@ out5:
5431 5517
5432static void __exit ext4_exit_fs(void) 5518static void __exit ext4_exit_fs(void)
5433{ 5519{
5434 ext4_exit_crypto();
5435 ext4_destroy_lazyinit_thread(); 5520 ext4_destroy_lazyinit_thread();
5436 unregister_as_ext2(); 5521 unregister_as_ext2();
5437 unregister_as_ext3(); 5522 unregister_as_ext3();
diff --git a/fs/ext4/symlink.c b/fs/ext4/symlink.c
index 75ed5c2f0c16..4d83d9e05f2e 100644
--- a/fs/ext4/symlink.c
+++ b/fs/ext4/symlink.c
@@ -22,23 +22,22 @@
22#include "ext4.h" 22#include "ext4.h"
23#include "xattr.h" 23#include "xattr.h"
24 24
25#ifdef CONFIG_EXT4_FS_ENCRYPTION
26static const char *ext4_encrypted_get_link(struct dentry *dentry, 25static const char *ext4_encrypted_get_link(struct dentry *dentry,
27 struct inode *inode, 26 struct inode *inode,
28 struct delayed_call *done) 27 struct delayed_call *done)
29{ 28{
30 struct page *cpage = NULL; 29 struct page *cpage = NULL;
31 char *caddr, *paddr = NULL; 30 char *caddr, *paddr = NULL;
32 struct ext4_str cstr, pstr; 31 struct fscrypt_str cstr, pstr;
33 struct ext4_encrypted_symlink_data *sd; 32 struct fscrypt_symlink_data *sd;
34 loff_t size = min_t(loff_t, i_size_read(inode), PAGE_SIZE - 1); 33 loff_t size = min_t(loff_t, i_size_read(inode), PAGE_SIZE - 1);
35 int res; 34 int res;
36 u32 plen, max_size = inode->i_sb->s_blocksize; 35 u32 max_size = inode->i_sb->s_blocksize;
37 36
38 if (!dentry) 37 if (!dentry)
39 return ERR_PTR(-ECHILD); 38 return ERR_PTR(-ECHILD);
40 39
41 res = ext4_get_encryption_info(inode); 40 res = fscrypt_get_encryption_info(inode);
42 if (res) 41 if (res)
43 return ERR_PTR(res); 42 return ERR_PTR(res);
44 43
@@ -54,30 +53,27 @@ static const char *ext4_encrypted_get_link(struct dentry *dentry,
54 } 53 }
55 54
56 /* Symlink is encrypted */ 55 /* Symlink is encrypted */
57 sd = (struct ext4_encrypted_symlink_data *)caddr; 56 sd = (struct fscrypt_symlink_data *)caddr;
58 cstr.name = sd->encrypted_path; 57 cstr.name = sd->encrypted_path;
59 cstr.len = le16_to_cpu(sd->len); 58 cstr.len = le16_to_cpu(sd->len);
60 if ((cstr.len + 59 if ((cstr.len + sizeof(struct fscrypt_symlink_data) - 1) > max_size) {
61 sizeof(struct ext4_encrypted_symlink_data) - 1) >
62 max_size) {
63 /* Symlink data on the disk is corrupted */ 60 /* Symlink data on the disk is corrupted */
64 res = -EFSCORRUPTED; 61 res = -EFSCORRUPTED;
65 goto errout; 62 goto errout;
66 } 63 }
67 plen = (cstr.len < EXT4_FNAME_CRYPTO_DIGEST_SIZE*2) ? 64
68 EXT4_FNAME_CRYPTO_DIGEST_SIZE*2 : cstr.len; 65 res = fscrypt_fname_alloc_buffer(inode, cstr.len, &pstr);
69 paddr = kmalloc(plen + 1, GFP_NOFS); 66 if (res)
70 if (!paddr) {
71 res = -ENOMEM;
72 goto errout; 67 goto errout;
73 } 68
74 pstr.name = paddr; 69 res = fscrypt_fname_disk_to_usr(inode, 0, 0, &cstr, &pstr);
75 pstr.len = plen;
76 res = _ext4_fname_disk_to_usr(inode, NULL, &cstr, &pstr);
77 if (res < 0) 70 if (res < 0)
78 goto errout; 71 goto errout;
72
73 paddr = pstr.name;
74
79 /* Null-terminate the name */ 75 /* Null-terminate the name */
80 if (res <= plen) 76 if (res <= pstr.len)
81 paddr[res] = '\0'; 77 paddr[res] = '\0';
82 if (cpage) 78 if (cpage)
83 put_page(cpage); 79 put_page(cpage);
@@ -99,7 +95,6 @@ const struct inode_operations ext4_encrypted_symlink_inode_operations = {
99 .listxattr = ext4_listxattr, 95 .listxattr = ext4_listxattr,
100 .removexattr = generic_removexattr, 96 .removexattr = generic_removexattr,
101}; 97};
102#endif
103 98
104const struct inode_operations ext4_symlink_inode_operations = { 99const struct inode_operations ext4_symlink_inode_operations = {
105 .readlink = generic_readlink, 100 .readlink = generic_readlink,
generated by cgit v1.2.2 (git 2.25.0) at 2025-08-11 22:41:11 -0400