aboutsummaryrefslogtreecommitdiffstats
path: root/fs/ecryptfs/main.c
diff options
context:
space:
mode:
authorMichael Halcrow <mhalcrow@us.ibm.com>2006-10-04 05:16:22 -0400
committerLinus Torvalds <torvalds@g5.osdl.org>2006-10-04 10:55:24 -0400
commit237fead619984cc48818fe12ee0ceada3f55b012 (patch)
tree40c6cacf2331191139e847988882b168d111c12e /fs/ecryptfs/main.c
parentf7aa2638f288f4c67acdb55947472740bd27d27a (diff)
[PATCH] ecryptfs: fs/Makefile and fs/Kconfig
eCryptfs is a stacked cryptographic filesystem for Linux. It is derived from Erez Zadok's Cryptfs, implemented through the FiST framework for generating stacked filesystems. eCryptfs extends Cryptfs to provide advanced key management and policy features. eCryptfs stores cryptographic metadata in the header of each file written, so that encrypted files can be copied between hosts; the file will be decryptable with the proper key, and there is no need to keep track of any additional information aside from what is already in the encrypted file itself. [akpm@osdl.org: updates for ongoing API changes] [bunk@stusta.de: cleanups] [akpm@osdl.org: alpha build fix] [akpm@osdl.org: cleanups] [tytso@mit.edu: inode-diet updates] [pbadari@us.ibm.com: generic_file_*_read/write() interface updates] [rdunlap@xenotime.net: printk format fixes] [akpm@osdl.org: make slab creation and teardown table-driven] Signed-off-by: Phillip Hellewell <phillip@hellewell.homeip.net> Signed-off-by: Michael Halcrow <mhalcrow@us.ibm.com> Signed-off-by: Erez Zadok <ezk@cs.sunysb.edu> Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: "Theodore Ts'o" <tytso@mit.edu> Signed-off-by: Badari Pulavarty <pbadari@us.ibm.com> Signed-off-by: Randy Dunlap <rdunlap@xenotime.net> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'fs/ecryptfs/main.c')
-rw-r--r--fs/ecryptfs/main.c831
1 files changed, 831 insertions, 0 deletions
diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c
new file mode 100644
index 000000000000..7a11b8ae6644
--- /dev/null
+++ b/fs/ecryptfs/main.c
@@ -0,0 +1,831 @@
1/**
2 * eCryptfs: Linux filesystem encryption layer
3 *
4 * Copyright (C) 1997-2003 Erez Zadok
5 * Copyright (C) 2001-2003 Stony Brook University
6 * Copyright (C) 2004-2006 International Business Machines Corp.
7 * Author(s): Michael A. Halcrow <mahalcro@us.ibm.com>
8 * Michael C. Thompson <mcthomps@us.ibm.com>
9 *
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License as
12 * published by the Free Software Foundation; either version 2 of the
13 * License, or (at your option) any later version.
14 *
15 * This program is distributed in the hope that it will be useful, but
16 * WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 * General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
23 * 02111-1307, USA.
24 */
25
26#include <linux/dcache.h>
27#include <linux/file.h>
28#include <linux/module.h>
29#include <linux/namei.h>
30#include <linux/skbuff.h>
31#include <linux/crypto.h>
32#include <linux/netlink.h>
33#include <linux/mount.h>
34#include <linux/dcache.h>
35#include <linux/pagemap.h>
36#include <linux/key.h>
37#include <linux/parser.h>
38#include "ecryptfs_kernel.h"
39
40/**
41 * Module parameter that defines the ecryptfs_verbosity level.
42 */
43int ecryptfs_verbosity = 0;
44
45module_param(ecryptfs_verbosity, int, 0);
46MODULE_PARM_DESC(ecryptfs_verbosity,
47 "Initial verbosity level (0 or 1; defaults to "
48 "0, which is Quiet)");
49
50void __ecryptfs_printk(const char *fmt, ...)
51{
52 va_list args;
53 va_start(args, fmt);
54 if (fmt[1] == '7') { /* KERN_DEBUG */
55 if (ecryptfs_verbosity >= 1)
56 vprintk(fmt, args);
57 } else
58 vprintk(fmt, args);
59 va_end(args);
60}
61
62/**
63 * ecryptfs_interpose
64 * @lower_dentry: Existing dentry in the lower filesystem
65 * @dentry: ecryptfs' dentry
66 * @sb: ecryptfs's super_block
67 * @flag: If set to true, then d_add is called, else d_instantiate is called
68 *
69 * Interposes upper and lower dentries.
70 *
71 * Returns zero on success; non-zero otherwise
72 */
73int ecryptfs_interpose(struct dentry *lower_dentry, struct dentry *dentry,
74 struct super_block *sb, int flag)
75{
76 struct inode *lower_inode;
77 struct inode *inode;
78 int rc = 0;
79
80 lower_inode = lower_dentry->d_inode;
81 if (lower_inode->i_sb != ecryptfs_superblock_to_lower(sb)) {
82 rc = -EXDEV;
83 goto out;
84 }
85 if (!igrab(lower_inode)) {
86 rc = -ESTALE;
87 goto out;
88 }
89 inode = iget5_locked(sb, (unsigned long)lower_inode,
90 ecryptfs_inode_test, ecryptfs_inode_set,
91 lower_inode);
92 if (!inode) {
93 rc = -EACCES;
94 iput(lower_inode);
95 goto out;
96 }
97 if (inode->i_state & I_NEW)
98 unlock_new_inode(inode);
99 else
100 iput(lower_inode);
101 if (S_ISLNK(lower_inode->i_mode))
102 inode->i_op = &ecryptfs_symlink_iops;
103 else if (S_ISDIR(lower_inode->i_mode))
104 inode->i_op = &ecryptfs_dir_iops;
105 if (S_ISDIR(lower_inode->i_mode))
106 inode->i_fop = &ecryptfs_dir_fops;
107 /* TODO: Is there a better way to identify if the inode is
108 * special? */
109 if (S_ISBLK(lower_inode->i_mode) || S_ISCHR(lower_inode->i_mode) ||
110 S_ISFIFO(lower_inode->i_mode) || S_ISSOCK(lower_inode->i_mode))
111 init_special_inode(inode, lower_inode->i_mode,
112 lower_inode->i_rdev);
113 dentry->d_op = &ecryptfs_dops;
114 if (flag)
115 d_add(dentry, inode);
116 else
117 d_instantiate(dentry, inode);
118 ecryptfs_copy_attr_all(inode, lower_inode);
119 /* This size will be overwritten for real files w/ headers and
120 * other metadata */
121 ecryptfs_copy_inode_size(inode, lower_inode);
122out:
123 return rc;
124}
125
126enum { ecryptfs_opt_sig, ecryptfs_opt_ecryptfs_sig, ecryptfs_opt_debug,
127 ecryptfs_opt_ecryptfs_debug, ecryptfs_opt_cipher,
128 ecryptfs_opt_ecryptfs_cipher, ecryptfs_opt_ecryptfs_key_bytes,
129 ecryptfs_opt_passthrough, ecryptfs_opt_err };
130
131static match_table_t tokens = {
132 {ecryptfs_opt_sig, "sig=%s"},
133 {ecryptfs_opt_ecryptfs_sig, "ecryptfs_sig=%s"},
134 {ecryptfs_opt_debug, "debug=%u"},
135 {ecryptfs_opt_ecryptfs_debug, "ecryptfs_debug=%u"},
136 {ecryptfs_opt_cipher, "cipher=%s"},
137 {ecryptfs_opt_ecryptfs_cipher, "ecryptfs_cipher=%s"},
138 {ecryptfs_opt_ecryptfs_key_bytes, "ecryptfs_key_bytes=%u"},
139 {ecryptfs_opt_passthrough, "ecryptfs_passthrough"},
140 {ecryptfs_opt_err, NULL}
141};
142
143/**
144 * ecryptfs_verify_version
145 * @version: The version number to confirm
146 *
147 * Returns zero on good version; non-zero otherwise
148 */
149static int ecryptfs_verify_version(u16 version)
150{
151 int rc = 0;
152 unsigned char major;
153 unsigned char minor;
154
155 major = ((version >> 8) & 0xFF);
156 minor = (version & 0xFF);
157 if (major != ECRYPTFS_VERSION_MAJOR) {
158 ecryptfs_printk(KERN_ERR, "Major version number mismatch. "
159 "Expected [%d]; got [%d]\n",
160 ECRYPTFS_VERSION_MAJOR, major);
161 rc = -EINVAL;
162 goto out;
163 }
164 if (minor != ECRYPTFS_VERSION_MINOR) {
165 ecryptfs_printk(KERN_ERR, "Minor version number mismatch. "
166 "Expected [%d]; got [%d]\n",
167 ECRYPTFS_VERSION_MINOR, minor);
168 rc = -EINVAL;
169 goto out;
170 }
171out:
172 return rc;
173}
174
175/**
176 * ecryptfs_parse_options
177 * @sb: The ecryptfs super block
178 * @options: The options pased to the kernel
179 *
180 * Parse mount options:
181 * debug=N - ecryptfs_verbosity level for debug output
182 * sig=XXX - description(signature) of the key to use
183 *
184 * Returns the dentry object of the lower-level (lower/interposed)
185 * directory; We want to mount our stackable file system on top of
186 * that lower directory.
187 *
188 * The signature of the key to use must be the description of a key
189 * already in the keyring. Mounting will fail if the key can not be
190 * found.
191 *
192 * Returns zero on success; non-zero on error
193 */
194static int ecryptfs_parse_options(struct super_block *sb, char *options)
195{
196 char *p;
197 int rc = 0;
198 int sig_set = 0;
199 int cipher_name_set = 0;
200 int cipher_key_bytes;
201 int cipher_key_bytes_set = 0;
202 struct key *auth_tok_key = NULL;
203 struct ecryptfs_auth_tok *auth_tok = NULL;
204 struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
205 &ecryptfs_superblock_to_private(sb)->mount_crypt_stat;
206 substring_t args[MAX_OPT_ARGS];
207 int token;
208 char *sig_src;
209 char *sig_dst;
210 char *debug_src;
211 char *cipher_name_dst;
212 char *cipher_name_src;
213 char *cipher_key_bytes_src;
214 struct crypto_tfm *tmp_tfm;
215 int cipher_name_len;
216
217 if (!options) {
218 rc = -EINVAL;
219 goto out;
220 }
221 while ((p = strsep(&options, ",")) != NULL) {
222 if (!*p)
223 continue;
224 token = match_token(p, tokens, args);
225 switch (token) {
226 case ecryptfs_opt_sig:
227 case ecryptfs_opt_ecryptfs_sig:
228 sig_src = args[0].from;
229 sig_dst =
230 mount_crypt_stat->global_auth_tok_sig;
231 memcpy(sig_dst, sig_src, ECRYPTFS_SIG_SIZE_HEX);
232 sig_dst[ECRYPTFS_SIG_SIZE_HEX] = '\0';
233 ecryptfs_printk(KERN_DEBUG,
234 "The mount_crypt_stat "
235 "global_auth_tok_sig set to: "
236 "[%s]\n", sig_dst);
237 sig_set = 1;
238 break;
239 case ecryptfs_opt_debug:
240 case ecryptfs_opt_ecryptfs_debug:
241 debug_src = args[0].from;
242 ecryptfs_verbosity =
243 (int)simple_strtol(debug_src, &debug_src,
244 0);
245 ecryptfs_printk(KERN_DEBUG,
246 "Verbosity set to [%d]" "\n",
247 ecryptfs_verbosity);
248 break;
249 case ecryptfs_opt_cipher:
250 case ecryptfs_opt_ecryptfs_cipher:
251 cipher_name_src = args[0].from;
252 cipher_name_dst =
253 mount_crypt_stat->
254 global_default_cipher_name;
255 strncpy(cipher_name_dst, cipher_name_src,
256 ECRYPTFS_MAX_CIPHER_NAME_SIZE);
257 ecryptfs_printk(KERN_DEBUG,
258 "The mount_crypt_stat "
259 "global_default_cipher_name set to: "
260 "[%s]\n", cipher_name_dst);
261 cipher_name_set = 1;
262 break;
263 case ecryptfs_opt_ecryptfs_key_bytes:
264 cipher_key_bytes_src = args[0].from;
265 cipher_key_bytes =
266 (int)simple_strtol(cipher_key_bytes_src,
267 &cipher_key_bytes_src, 0);
268 mount_crypt_stat->global_default_cipher_key_size =
269 cipher_key_bytes;
270 ecryptfs_printk(KERN_DEBUG,
271 "The mount_crypt_stat "
272 "global_default_cipher_key_size "
273 "set to: [%d]\n", mount_crypt_stat->
274 global_default_cipher_key_size);
275 cipher_key_bytes_set = 1;
276 break;
277 case ecryptfs_opt_passthrough:
278 mount_crypt_stat->flags |=
279 ECRYPTFS_PLAINTEXT_PASSTHROUGH_ENABLED;
280 break;
281 case ecryptfs_opt_err:
282 default:
283 ecryptfs_printk(KERN_WARNING,
284 "eCryptfs: unrecognized option '%s'\n",
285 p);
286 }
287 }
288 /* Do not support lack of mount-wide signature in 0.1
289 * release */
290 if (!sig_set) {
291 rc = -EINVAL;
292 ecryptfs_printk(KERN_ERR, "You must supply a valid "
293 "passphrase auth tok signature as a mount "
294 "parameter; see the eCryptfs README\n");
295 goto out;
296 }
297 if (!cipher_name_set) {
298 cipher_name_len = strlen(ECRYPTFS_DEFAULT_CIPHER);
299 if (unlikely(cipher_name_len
300 >= ECRYPTFS_MAX_CIPHER_NAME_SIZE)) {
301 rc = -EINVAL;
302 BUG();
303 goto out;
304 }
305 memcpy(mount_crypt_stat->global_default_cipher_name,
306 ECRYPTFS_DEFAULT_CIPHER, cipher_name_len);
307 mount_crypt_stat->global_default_cipher_name[cipher_name_len]
308 = '\0';
309 }
310 if (!cipher_key_bytes_set) {
311 mount_crypt_stat->global_default_cipher_key_size =
312 ECRYPTFS_DEFAULT_KEY_BYTES;
313 ecryptfs_printk(KERN_DEBUG, "Cipher key size was not "
314 "specified. Defaulting to [%d]\n",
315 mount_crypt_stat->
316 global_default_cipher_key_size);
317 }
318 rc = ecryptfs_process_cipher(
319 &tmp_tfm,
320 &mount_crypt_stat->global_key_tfm,
321 mount_crypt_stat->global_default_cipher_name,
322 mount_crypt_stat->global_default_cipher_key_size);
323 if (tmp_tfm)
324 crypto_free_tfm(tmp_tfm);
325 if (rc) {
326 printk(KERN_ERR "Error attempting to initialize cipher [%s] "
327 "with key size [%Zd] bytes; rc = [%d]\n",
328 mount_crypt_stat->global_default_cipher_name,
329 mount_crypt_stat->global_default_cipher_key_size, rc);
330 rc = -EINVAL;
331 goto out;
332 }
333 mutex_init(&mount_crypt_stat->global_key_tfm_mutex);
334 ecryptfs_printk(KERN_DEBUG, "Requesting the key with description: "
335 "[%s]\n", mount_crypt_stat->global_auth_tok_sig);
336 /* The reference to this key is held until umount is done The
337 * call to key_put is done in ecryptfs_put_super() */
338 auth_tok_key = request_key(&key_type_user,
339 mount_crypt_stat->global_auth_tok_sig,
340 NULL);
341 if (!auth_tok_key || IS_ERR(auth_tok_key)) {
342 ecryptfs_printk(KERN_ERR, "Could not find key with "
343 "description: [%s]\n",
344 mount_crypt_stat->global_auth_tok_sig);
345 process_request_key_err(PTR_ERR(auth_tok_key));
346 rc = -EINVAL;
347 goto out;
348 }
349 auth_tok = ecryptfs_get_key_payload_data(auth_tok_key);
350 if (ecryptfs_verify_version(auth_tok->version)) {
351 ecryptfs_printk(KERN_ERR, "Data structure version mismatch. "
352 "Userspace tools must match eCryptfs kernel "
353 "module with major version [%d] and minor "
354 "version [%d]\n", ECRYPTFS_VERSION_MAJOR,
355 ECRYPTFS_VERSION_MINOR);
356 rc = -EINVAL;
357 goto out;
358 }
359 if (auth_tok->token_type != ECRYPTFS_PASSWORD) {
360 ecryptfs_printk(KERN_ERR, "Invalid auth_tok structure "
361 "returned from key\n");
362 rc = -EINVAL;
363 goto out;
364 }
365 mount_crypt_stat->global_auth_tok_key = auth_tok_key;
366 mount_crypt_stat->global_auth_tok = auth_tok;
367out:
368 return rc;
369}
370
371struct kmem_cache *ecryptfs_sb_info_cache;
372
373/**
374 * ecryptfs_fill_super
375 * @sb: The ecryptfs super block
376 * @raw_data: The options passed to mount
377 * @silent: Not used but required by function prototype
378 *
379 * Sets up what we can of the sb, rest is done in ecryptfs_read_super
380 *
381 * Returns zero on success; non-zero otherwise
382 */
383static int
384ecryptfs_fill_super(struct super_block *sb, void *raw_data, int silent)
385{
386 int rc = 0;
387
388 /* Released in ecryptfs_put_super() */
389 ecryptfs_set_superblock_private(sb,
390 kmem_cache_alloc(ecryptfs_sb_info_cache,
391 SLAB_KERNEL));
392 if (!ecryptfs_superblock_to_private(sb)) {
393 ecryptfs_printk(KERN_WARNING, "Out of memory\n");
394 rc = -ENOMEM;
395 goto out;
396 }
397 memset(ecryptfs_superblock_to_private(sb), 0,
398 sizeof(struct ecryptfs_sb_info));
399 sb->s_op = &ecryptfs_sops;
400 /* Released through deactivate_super(sb) from get_sb_nodev */
401 sb->s_root = d_alloc(NULL, &(const struct qstr) {
402 .hash = 0,.name = "/",.len = 1});
403 if (!sb->s_root) {
404 ecryptfs_printk(KERN_ERR, "d_alloc failed\n");
405 rc = -ENOMEM;
406 goto out;
407 }
408 sb->s_root->d_op = &ecryptfs_dops;
409 sb->s_root->d_sb = sb;
410 sb->s_root->d_parent = sb->s_root;
411 /* Released in d_release when dput(sb->s_root) is called */
412 /* through deactivate_super(sb) from get_sb_nodev() */
413 ecryptfs_set_dentry_private(sb->s_root,
414 kmem_cache_alloc(ecryptfs_dentry_info_cache,
415 SLAB_KERNEL));
416 if (!ecryptfs_dentry_to_private(sb->s_root)) {
417 ecryptfs_printk(KERN_ERR,
418 "dentry_info_cache alloc failed\n");
419 rc = -ENOMEM;
420 goto out;
421 }
422 memset(ecryptfs_dentry_to_private(sb->s_root), 0,
423 sizeof(struct ecryptfs_dentry_info));
424 rc = 0;
425out:
426 /* Should be able to rely on deactivate_super called from
427 * get_sb_nodev */
428 return rc;
429}
430
431/**
432 * ecryptfs_read_super
433 * @sb: The ecryptfs super block
434 * @dev_name: The path to mount over
435 *
436 * Read the super block of the lower filesystem, and use
437 * ecryptfs_interpose to create our initial inode and super block
438 * struct.
439 */
440static int ecryptfs_read_super(struct super_block *sb, const char *dev_name)
441{
442 int rc;
443 struct nameidata nd;
444 struct dentry *lower_root;
445 struct vfsmount *lower_mnt;
446
447 memset(&nd, 0, sizeof(struct nameidata));
448 rc = path_lookup(dev_name, LOOKUP_FOLLOW, &nd);
449 if (rc) {
450 ecryptfs_printk(KERN_WARNING, "path_lookup() failed\n");
451 goto out_free;
452 }
453 lower_root = nd.dentry;
454 if (!lower_root->d_inode) {
455 ecryptfs_printk(KERN_WARNING,
456 "No directory to interpose on\n");
457 rc = -ENOENT;
458 goto out_free;
459 }
460 lower_mnt = nd.mnt;
461 ecryptfs_set_superblock_lower(sb, lower_root->d_sb);
462 sb->s_maxbytes = lower_root->d_sb->s_maxbytes;
463 ecryptfs_set_dentry_lower(sb->s_root, lower_root);
464 ecryptfs_set_dentry_lower_mnt(sb->s_root, lower_mnt);
465 if ((rc = ecryptfs_interpose(lower_root, sb->s_root, sb, 0)))
466 goto out_free;
467 rc = 0;
468 goto out;
469out_free:
470 path_release(&nd);
471out:
472 return rc;
473}
474
475/**
476 * ecryptfs_get_sb
477 * @fs_type
478 * @flags
479 * @dev_name: The path to mount over
480 * @raw_data: The options passed into the kernel
481 *
482 * The whole ecryptfs_get_sb process is broken into 4 functions:
483 * ecryptfs_parse_options(): handle options passed to ecryptfs, if any
484 * ecryptfs_fill_super(): used by get_sb_nodev, fills out the super_block
485 * with as much information as it can before needing
486 * the lower filesystem.
487 * ecryptfs_read_super(): this accesses the lower filesystem and uses
488 * ecryptfs_interpolate to perform most of the linking
489 * ecryptfs_interpolate(): links the lower filesystem into ecryptfs
490 */
491static int ecryptfs_get_sb(struct file_system_type *fs_type, int flags,
492 const char *dev_name, void *raw_data,
493 struct vfsmount *mnt)
494{
495 int rc;
496 struct super_block *sb;
497
498 rc = get_sb_nodev(fs_type, flags, raw_data, ecryptfs_fill_super, mnt);
499 if (rc < 0) {
500 printk(KERN_ERR "Getting sb failed; rc = [%d]\n", rc);
501 goto out;
502 }
503 sb = mnt->mnt_sb;
504 rc = ecryptfs_parse_options(sb, raw_data);
505 if (rc) {
506 printk(KERN_ERR "Error parsing options; rc = [%d]\n", rc);
507 goto out_abort;
508 }
509 rc = ecryptfs_read_super(sb, dev_name);
510 if (rc) {
511 printk(KERN_ERR "Reading sb failed; rc = [%d]\n", rc);
512 goto out_abort;
513 }
514 goto out;
515out_abort:
516 dput(sb->s_root);
517 up_write(&sb->s_umount);
518 deactivate_super(sb);
519out:
520 return rc;
521}
522
523/**
524 * ecryptfs_kill_block_super
525 * @sb: The ecryptfs super block
526 *
527 * Used to bring the superblock down and free the private data.
528 * Private data is free'd in ecryptfs_put_super()
529 */
530static void ecryptfs_kill_block_super(struct super_block *sb)
531{
532 generic_shutdown_super(sb);
533}
534
535static struct file_system_type ecryptfs_fs_type = {
536 .owner = THIS_MODULE,
537 .name = "ecryptfs",
538 .get_sb = ecryptfs_get_sb,
539 .kill_sb = ecryptfs_kill_block_super,
540 .fs_flags = 0
541};
542
543/**
544 * inode_info_init_once
545 *
546 * Initializes the ecryptfs_inode_info_cache when it is created
547 */
548static void
549inode_info_init_once(void *vptr, struct kmem_cache *cachep, unsigned long flags)
550{
551 struct ecryptfs_inode_info *ei = (struct ecryptfs_inode_info *)vptr;
552
553 if ((flags & (SLAB_CTOR_VERIFY | SLAB_CTOR_CONSTRUCTOR)) ==
554 SLAB_CTOR_CONSTRUCTOR)
555 inode_init_once(&ei->vfs_inode);
556}
557
558static struct ecryptfs_cache_info {
559 kmem_cache_t **cache;
560 const char *name;
561 size_t size;
562 void (*ctor)(void*, struct kmem_cache *, unsigned long);
563} ecryptfs_cache_infos[] = {
564 {
565 .cache = &ecryptfs_auth_tok_list_item_cache,
566 .name = "ecryptfs_auth_tok_list_item",
567 .size = sizeof(struct ecryptfs_auth_tok_list_item),
568 },
569 {
570 .cache = &ecryptfs_file_info_cache,
571 .name = "ecryptfs_file_cache",
572 .size = sizeof(struct ecryptfs_file_info),
573 },
574 {
575 .cache = &ecryptfs_dentry_info_cache,
576 .name = "ecryptfs_dentry_info_cache",
577 .size = sizeof(struct ecryptfs_dentry_info),
578 },
579 {
580 .cache = &ecryptfs_inode_info_cache,
581 .name = "ecryptfs_inode_cache",
582 .size = sizeof(struct ecryptfs_inode_info),
583 .ctor = inode_info_init_once,
584 },
585 {
586 .cache = &ecryptfs_sb_info_cache,
587 .name = "ecryptfs_sb_cache",
588 .size = sizeof(struct ecryptfs_sb_info),
589 },
590 {
591 .cache = &ecryptfs_header_cache_0,
592 .name = "ecryptfs_headers_0",
593 .size = PAGE_CACHE_SIZE,
594 },
595 {
596 .cache = &ecryptfs_header_cache_1,
597 .name = "ecryptfs_headers_1",
598 .size = PAGE_CACHE_SIZE,
599 },
600 {
601 .cache = &ecryptfs_header_cache_2,
602 .name = "ecryptfs_headers_2",
603 .size = PAGE_CACHE_SIZE,
604 },
605 {
606 .cache = &ecryptfs_lower_page_cache,
607 .name = "ecryptfs_lower_page_cache",
608 .size = PAGE_CACHE_SIZE,
609 },
610};
611
612static void ecryptfs_free_kmem_caches(void)
613{
614 int i;
615
616 for (i = 0; i < ARRAY_SIZE(ecryptfs_cache_infos); i++) {
617 struct ecryptfs_cache_info *info;
618
619 info = &ecryptfs_cache_infos[i];
620 if (*(info->cache))
621 kmem_cache_destroy(*(info->cache));
622 }
623}
624
625/**
626 * ecryptfs_init_kmem_caches
627 *
628 * Returns zero on success; non-zero otherwise
629 */
630static int ecryptfs_init_kmem_caches(void)
631{
632 int i;
633
634 for (i = 0; i < ARRAY_SIZE(ecryptfs_cache_infos); i++) {
635 struct ecryptfs_cache_info *info;
636
637 info = &ecryptfs_cache_infos[i];
638 *(info->cache) = kmem_cache_create(info->name, info->size,
639 0, SLAB_HWCACHE_ALIGN, info->ctor, NULL);
640 if (!*(info->cache)) {
641 ecryptfs_free_kmem_caches();
642 ecryptfs_printk(KERN_WARNING, "%s: "
643 "kmem_cache_create failed\n",
644 info->name);
645 return -ENOMEM;
646 }
647 }
648 return 0;
649}
650
651struct ecryptfs_obj {
652 char *name;
653 struct list_head slot_list;
654 struct kobject kobj;
655};
656
657struct ecryptfs_attribute {
658 struct attribute attr;
659 ssize_t(*show) (struct ecryptfs_obj *, char *);
660 ssize_t(*store) (struct ecryptfs_obj *, const char *, size_t);
661};
662
663static ssize_t
664ecryptfs_attr_store(struct kobject *kobj,
665 struct attribute *attr, const char *buf, size_t len)
666{
667 struct ecryptfs_obj *obj = container_of(kobj, struct ecryptfs_obj,
668 kobj);
669 struct ecryptfs_attribute *attribute =
670 container_of(attr, struct ecryptfs_attribute, attr);
671
672 return (attribute->store ? attribute->store(obj, buf, len) : 0);
673}
674
675static ssize_t
676ecryptfs_attr_show(struct kobject *kobj, struct attribute *attr, char *buf)
677{
678 struct ecryptfs_obj *obj = container_of(kobj, struct ecryptfs_obj,
679 kobj);
680 struct ecryptfs_attribute *attribute =
681 container_of(attr, struct ecryptfs_attribute, attr);
682
683 return (attribute->show ? attribute->show(obj, buf) : 0);
684}
685
686static struct sysfs_ops ecryptfs_sysfs_ops = {
687 .show = ecryptfs_attr_show,
688 .store = ecryptfs_attr_store
689};
690
691static struct kobj_type ecryptfs_ktype = {
692 .sysfs_ops = &ecryptfs_sysfs_ops
693};
694
695static decl_subsys(ecryptfs, &ecryptfs_ktype, NULL);
696
697static ssize_t version_show(struct ecryptfs_obj *obj, char *buff)
698{
699 return snprintf(buff, PAGE_SIZE, "%d\n", ECRYPTFS_VERSIONING_MASK);
700}
701
702static struct ecryptfs_attribute sysfs_attr_version = __ATTR_RO(version);
703
704struct ecryptfs_version_str_map_elem {
705 u32 flag;
706 char *str;
707} ecryptfs_version_str_map[] = {
708 {ECRYPTFS_VERSIONING_PASSPHRASE, "passphrase"},
709 {ECRYPTFS_VERSIONING_PUBKEY, "pubkey"},
710 {ECRYPTFS_VERSIONING_PLAINTEXT_PASSTHROUGH, "plaintext passthrough"},
711 {ECRYPTFS_VERSIONING_POLICY, "policy"}
712};
713
714static ssize_t version_str_show(struct ecryptfs_obj *obj, char *buff)
715{
716 int i;
717 int remaining = PAGE_SIZE;
718 int total_written = 0;
719
720 buff[0] = '\0';
721 for (i = 0; i < ARRAY_SIZE(ecryptfs_version_str_map); i++) {
722 int entry_size;
723
724 if (!(ECRYPTFS_VERSIONING_MASK
725 & ecryptfs_version_str_map[i].flag))
726 continue;
727 entry_size = strlen(ecryptfs_version_str_map[i].str);
728 if ((entry_size + 2) > remaining)
729 goto out;
730 memcpy(buff, ecryptfs_version_str_map[i].str, entry_size);
731 buff[entry_size++] = '\n';
732 buff[entry_size] = '\0';
733 buff += entry_size;
734 total_written += entry_size;
735 remaining -= entry_size;
736 }
737out:
738 return total_written;
739}
740
741static struct ecryptfs_attribute sysfs_attr_version_str = __ATTR_RO(version_str);
742
743static int do_sysfs_registration(void)
744{
745 int rc;
746
747 if ((rc = subsystem_register(&ecryptfs_subsys))) {
748 printk(KERN_ERR
749 "Unable to register ecryptfs sysfs subsystem\n");
750 goto out;
751 }
752 rc = sysfs_create_file(&ecryptfs_subsys.kset.kobj,
753 &sysfs_attr_version.attr);
754 if (rc) {
755 printk(KERN_ERR
756 "Unable to create ecryptfs version attribute\n");
757 subsystem_unregister(&ecryptfs_subsys);
758 goto out;
759 }
760 rc = sysfs_create_file(&ecryptfs_subsys.kset.kobj,
761 &sysfs_attr_version_str.attr);
762 if (rc) {
763 printk(KERN_ERR
764 "Unable to create ecryptfs version_str attribute\n");
765 sysfs_remove_file(&ecryptfs_subsys.kset.kobj,
766 &sysfs_attr_version.attr);
767 subsystem_unregister(&ecryptfs_subsys);
768 goto out;
769 }
770out:
771 return rc;
772}
773
774static int __init ecryptfs_init(void)
775{
776 int rc;
777
778 if (ECRYPTFS_DEFAULT_EXTENT_SIZE > PAGE_CACHE_SIZE) {
779 rc = -EINVAL;
780 ecryptfs_printk(KERN_ERR, "The eCryptfs extent size is "
781 "larger than the host's page size, and so "
782 "eCryptfs cannot run on this system. The "
783 "default eCryptfs extent size is [%d] bytes; "
784 "the page size is [%d] bytes.\n",
785 ECRYPTFS_DEFAULT_EXTENT_SIZE, PAGE_CACHE_SIZE);
786 goto out;
787 }
788 rc = ecryptfs_init_kmem_caches();
789 if (rc) {
790 printk(KERN_ERR
791 "Failed to allocate one or more kmem_cache objects\n");
792 goto out;
793 }
794 rc = register_filesystem(&ecryptfs_fs_type);
795 if (rc) {
796 printk(KERN_ERR "Failed to register filesystem\n");
797 ecryptfs_free_kmem_caches();
798 goto out;
799 }
800 kset_set_kset_s(&ecryptfs_subsys, fs_subsys);
801 sysfs_attr_version.attr.owner = THIS_MODULE;
802 sysfs_attr_version_str.attr.owner = THIS_MODULE;
803 rc = do_sysfs_registration();
804 if (rc) {
805 printk(KERN_ERR "sysfs registration failed\n");
806 unregister_filesystem(&ecryptfs_fs_type);
807 ecryptfs_free_kmem_caches();
808 goto out;
809 }
810out:
811 return rc;
812}
813
814static void __exit ecryptfs_exit(void)
815{
816 sysfs_remove_file(&ecryptfs_subsys.kset.kobj,
817 &sysfs_attr_version.attr);
818 sysfs_remove_file(&ecryptfs_subsys.kset.kobj,
819 &sysfs_attr_version_str.attr);
820 subsystem_unregister(&ecryptfs_subsys);
821 unregister_filesystem(&ecryptfs_fs_type);
822 ecryptfs_free_kmem_caches();
823}
824
825MODULE_AUTHOR("Michael A. Halcrow <mhalcrow@us.ibm.com>");
826MODULE_DESCRIPTION("eCryptfs");
827
828MODULE_LICENSE("GPL");
829
830module_init(ecryptfs_init)
831module_exit(ecryptfs_exit)
generated by cgit v1.2.2 (git 2.25.0) at 2024-10-02 04:29:30 -0400