aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--fs/Kconfig2
-rw-r--r--fs/ecryptfs/ecryptfs_kernel.h101
-rw-r--r--fs/ecryptfs/messaging.c505
-rw-r--r--fs/ecryptfs/netlink.c255
-rw-r--r--include/linux/netlink.h1
5 files changed, 860 insertions, 4 deletions
diff --git a/fs/Kconfig b/fs/Kconfig
index 11c59329ed06..488521ed9e9b 100644
--- a/fs/Kconfig
+++ b/fs/Kconfig
@@ -1088,7 +1088,7 @@ config AFFS_FS
1088 1088
1089config ECRYPT_FS 1089config ECRYPT_FS
1090 tristate "eCrypt filesystem layer support (EXPERIMENTAL)" 1090 tristate "eCrypt filesystem layer support (EXPERIMENTAL)"
1091 depends on EXPERIMENTAL && KEYS && CRYPTO 1091 depends on EXPERIMENTAL && KEYS && CRYPTO && NET
1092 help 1092 help
1093 Encrypted filesystem that operates on the VFS layer. See 1093 Encrypted filesystem that operates on the VFS layer. See
1094 <file:Documentation/ecryptfs.txt> to learn more about 1094 <file:Documentation/ecryptfs.txt> to learn more about
diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h
index 0f897109759b..508648efa447 100644
--- a/fs/ecryptfs/ecryptfs_kernel.h
+++ b/fs/ecryptfs/ecryptfs_kernel.h
@@ -6,6 +6,8 @@
6 * Copyright (C) 2001-2003 Stony Brook University 6 * Copyright (C) 2001-2003 Stony Brook University
7 * Copyright (C) 2004-2006 International Business Machines Corp. 7 * Copyright (C) 2004-2006 International Business Machines Corp.
8 * Author(s): Michael A. Halcrow <mahalcro@us.ibm.com> 8 * Author(s): Michael A. Halcrow <mahalcro@us.ibm.com>
9 * Trevor S. Highland <trevor.highland@gmail.com>
10 * Tyler Hicks <tyhicks@ou.edu>
9 * 11 *
10 * This program is free software; you can redistribute it and/or 12 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License as 13 * modify it under the terms of the GNU General Public License as
@@ -35,7 +37,7 @@
35/* Version verification for shared data structures w/ userspace */ 37/* Version verification for shared data structures w/ userspace */
36#define ECRYPTFS_VERSION_MAJOR 0x00 38#define ECRYPTFS_VERSION_MAJOR 0x00
37#define ECRYPTFS_VERSION_MINOR 0x04 39#define ECRYPTFS_VERSION_MINOR 0x04
38#define ECRYPTFS_SUPPORTED_FILE_VERSION 0x01 40#define ECRYPTFS_SUPPORTED_FILE_VERSION 0x02
39/* These flags indicate which features are supported by the kernel 41/* These flags indicate which features are supported by the kernel
40 * module; userspace tools such as the mount helper read 42 * module; userspace tools such as the mount helper read
41 * ECRYPTFS_VERSIONING_MASK from a sysfs handle in order to determine 43 * ECRYPTFS_VERSIONING_MASK from a sysfs handle in order to determine
@@ -60,10 +62,24 @@
60#define ECRYPTFS_MAX_KEY_BYTES 64 62#define ECRYPTFS_MAX_KEY_BYTES 64
61#define ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES 512 63#define ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES 512
62#define ECRYPTFS_DEFAULT_IV_BYTES 16 64#define ECRYPTFS_DEFAULT_IV_BYTES 16
63#define ECRYPTFS_FILE_VERSION 0x01 65#define ECRYPTFS_FILE_VERSION 0x02
64#define ECRYPTFS_DEFAULT_HEADER_EXTENT_SIZE 8192 66#define ECRYPTFS_DEFAULT_HEADER_EXTENT_SIZE 8192
65#define ECRYPTFS_DEFAULT_EXTENT_SIZE 4096 67#define ECRYPTFS_DEFAULT_EXTENT_SIZE 4096
66#define ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE 8192 68#define ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE 8192
69#define ECRYPTFS_DEFAULT_MSG_CTX_ELEMS 32
70#define ECRYPTFS_DEFAULT_SEND_TIMEOUT HZ
71#define ECRYPTFS_MAX_MSG_CTX_TTL (HZ*3)
72#define ECRYPTFS_NLMSG_HELO 100
73#define ECRYPTFS_NLMSG_QUIT 101
74#define ECRYPTFS_NLMSG_REQUEST 102
75#define ECRYPTFS_NLMSG_RESPONSE 103
76#define ECRYPTFS_MAX_PKI_NAME_BYTES 16
77#define ECRYPTFS_DEFAULT_NUM_USERS 4
78#define ECRYPTFS_MAX_NUM_USERS 32768
79#define ECRYPTFS_TRANSPORT_NETLINK 0
80#define ECRYPTFS_TRANSPORT_CONNECTOR 1
81#define ECRYPTFS_TRANSPORT_RELAYFS 2
82#define ECRYPTFS_DEFAULT_TRANSPORT ECRYPTFS_TRANSPORT_NETLINK
67 83
68#define RFC2440_CIPHER_DES3_EDE 0x02 84#define RFC2440_CIPHER_DES3_EDE 0x02
69#define RFC2440_CIPHER_CAST_5 0x03 85#define RFC2440_CIPHER_CAST_5 0x03
@@ -77,6 +93,7 @@
77#define ECRYPTFS_SET_FLAG(flag_bit_vector, flag) (flag_bit_vector |= (flag)) 93#define ECRYPTFS_SET_FLAG(flag_bit_vector, flag) (flag_bit_vector |= (flag))
78#define ECRYPTFS_CLEAR_FLAG(flag_bit_vector, flag) (flag_bit_vector &= ~(flag)) 94#define ECRYPTFS_CLEAR_FLAG(flag_bit_vector, flag) (flag_bit_vector &= ~(flag))
79#define ECRYPTFS_CHECK_FLAG(flag_bit_vector, flag) (flag_bit_vector & (flag)) 95#define ECRYPTFS_CHECK_FLAG(flag_bit_vector, flag) (flag_bit_vector & (flag))
96#define RFC2440_CIPHER_RSA 0x01
80 97
81/** 98/**
82 * For convenience, we may need to pass around the encrypted session 99 * For convenience, we may need to pass around the encrypted session
@@ -114,6 +131,14 @@ struct ecryptfs_password {
114 131
115enum ecryptfs_token_types {ECRYPTFS_PASSWORD, ECRYPTFS_PRIVATE_KEY}; 132enum ecryptfs_token_types {ECRYPTFS_PASSWORD, ECRYPTFS_PRIVATE_KEY};
116 133
134struct ecryptfs_private_key {
135 u32 key_size;
136 u32 data_len;
137 u8 signature[ECRYPTFS_PASSWORD_SIG_SIZE + 1];
138 char pki_type[ECRYPTFS_MAX_PKI_NAME_BYTES + 1];
139 u8 data[];
140};
141
117/* May be a password or a private key */ 142/* May be a password or a private key */
118struct ecryptfs_auth_tok { 143struct ecryptfs_auth_tok {
119 u16 version; /* 8-bit major and 8-bit minor */ 144 u16 version; /* 8-bit major and 8-bit minor */
@@ -123,7 +148,7 @@ struct ecryptfs_auth_tok {
123 u8 reserved[32]; 148 u8 reserved[32];
124 union { 149 union {
125 struct ecryptfs_password password; 150 struct ecryptfs_password password;
126 /* Private key is in future eCryptfs releases */ 151 struct ecryptfs_private_key private_key;
127 } token; 152 } token;
128} __attribute__ ((packed)); 153} __attribute__ ((packed));
129 154
@@ -177,8 +202,13 @@ ecryptfs_get_key_payload_data(struct key *key)
177#define ECRYPTFS_DEFAULT_CIPHER "aes" 202#define ECRYPTFS_DEFAULT_CIPHER "aes"
178#define ECRYPTFS_DEFAULT_KEY_BYTES 16 203#define ECRYPTFS_DEFAULT_KEY_BYTES 16
179#define ECRYPTFS_DEFAULT_HASH "md5" 204#define ECRYPTFS_DEFAULT_HASH "md5"
205#define ECRYPTFS_TAG_1_PACKET_TYPE 0x01
180#define ECRYPTFS_TAG_3_PACKET_TYPE 0x8C 206#define ECRYPTFS_TAG_3_PACKET_TYPE 0x8C
181#define ECRYPTFS_TAG_11_PACKET_TYPE 0xED 207#define ECRYPTFS_TAG_11_PACKET_TYPE 0xED
208#define ECRYPTFS_TAG_64_PACKET_TYPE 0x40
209#define ECRYPTFS_TAG_65_PACKET_TYPE 0x41
210#define ECRYPTFS_TAG_66_PACKET_TYPE 0x42
211#define ECRYPTFS_TAG_67_PACKET_TYPE 0x43
182#define MD5_DIGEST_SIZE 16 212#define MD5_DIGEST_SIZE 16
183 213
184/** 214/**
@@ -271,6 +301,45 @@ struct ecryptfs_auth_tok_list_item {
271 struct ecryptfs_auth_tok auth_tok; 301 struct ecryptfs_auth_tok auth_tok;
272}; 302};
273 303
304struct ecryptfs_message {
305 u32 index;
306 u32 data_len;
307 u8 data[];
308};
309
310struct ecryptfs_msg_ctx {
311#define ECRYPTFS_MSG_CTX_STATE_FREE 0x0001
312#define ECRYPTFS_MSG_CTX_STATE_PENDING 0x0002
313#define ECRYPTFS_MSG_CTX_STATE_DONE 0x0003
314 u32 state;
315 unsigned int index;
316 unsigned int counter;
317 struct ecryptfs_message *msg;
318 struct task_struct *task;
319 struct list_head node;
320 struct mutex mux;
321};
322
323extern struct list_head ecryptfs_msg_ctx_free_list;
324extern struct list_head ecryptfs_msg_ctx_alloc_list;
325extern struct mutex ecryptfs_msg_ctx_lists_mux;
326
327#define ecryptfs_uid_hash(uid) \
328 hash_long((unsigned long)uid, ecryptfs_hash_buckets)
329extern struct hlist_head *ecryptfs_daemon_id_hash;
330extern struct mutex ecryptfs_daemon_id_hash_mux;
331extern int ecryptfs_hash_buckets;
332
333extern unsigned int ecryptfs_msg_counter;
334extern struct ecryptfs_msg_ctx *ecryptfs_msg_ctx_arr;
335extern unsigned int ecryptfs_transport;
336
337struct ecryptfs_daemon_id {
338 pid_t pid;
339 uid_t uid;
340 struct hlist_node id_chain;
341};
342
274static inline struct ecryptfs_file_info * 343static inline struct ecryptfs_file_info *
275ecryptfs_file_to_private(struct file *file) 344ecryptfs_file_to_private(struct file *file)
276{ 345{
@@ -391,6 +460,9 @@ extern struct super_operations ecryptfs_sops;
391extern struct dentry_operations ecryptfs_dops; 460extern struct dentry_operations ecryptfs_dops;
392extern struct address_space_operations ecryptfs_aops; 461extern struct address_space_operations ecryptfs_aops;
393extern int ecryptfs_verbosity; 462extern int ecryptfs_verbosity;
463extern unsigned int ecryptfs_message_buf_len;
464extern signed long ecryptfs_message_wait_timeout;
465extern unsigned int ecryptfs_number_of_users;
394 466
395extern struct kmem_cache *ecryptfs_auth_tok_list_item_cache; 467extern struct kmem_cache *ecryptfs_auth_tok_list_item_cache;
396extern struct kmem_cache *ecryptfs_file_info_cache; 468extern struct kmem_cache *ecryptfs_file_info_cache;
@@ -484,4 +556,27 @@ int ecryptfs_open_lower_file(struct file **lower_file,
484 struct vfsmount *lower_mnt, int flags); 556 struct vfsmount *lower_mnt, int flags);
485int ecryptfs_close_lower_file(struct file *lower_file); 557int ecryptfs_close_lower_file(struct file *lower_file);
486 558
559int ecryptfs_process_helo(unsigned int transport, uid_t uid, pid_t pid);
560int ecryptfs_process_quit(uid_t uid, pid_t pid);
561int ecryptfs_process_response(struct ecryptfs_message *msg, pid_t pid, u32 seq);
562int ecryptfs_send_message(unsigned int transport, char *data, int data_len,
563 struct ecryptfs_msg_ctx **msg_ctx);
564int ecryptfs_wait_for_response(struct ecryptfs_msg_ctx *msg_ctx,
565 struct ecryptfs_message **emsg);
566int ecryptfs_init_messaging(unsigned int transport);
567void ecryptfs_release_messaging(unsigned int transport);
568
569int ecryptfs_send_netlink(char *data, int data_len,
570 struct ecryptfs_msg_ctx *msg_ctx, u16 msg_type,
571 u16 msg_flags, pid_t daemon_pid);
572int ecryptfs_init_netlink(void);
573void ecryptfs_release_netlink(void);
574
575int ecryptfs_send_connector(char *data, int data_len,
576 struct ecryptfs_msg_ctx *msg_ctx, u16 msg_type,
577 u16 msg_flags, pid_t daemon_pid);
578int ecryptfs_init_connector(void);
579void ecryptfs_release_connector(void);
580
581
487#endif /* #ifndef ECRYPTFS_KERNEL_H */ 582#endif /* #ifndef ECRYPTFS_KERNEL_H */
diff --git a/fs/ecryptfs/messaging.c b/fs/ecryptfs/messaging.c
new file mode 100644
index 000000000000..c22b32fc8e8c
--- /dev/null
+++ b/fs/ecryptfs/messaging.c
@@ -0,0 +1,505 @@
1/**
2 * eCryptfs: Linux filesystem encryption layer
3 *
4 * Copyright (C) 2004-2006 International Business Machines Corp.
5 * Author(s): Michael A. Halcrow <mhalcrow@us.ibm.com>
6 * Tyler Hicks <tyhicks@ou.edu>
7 *
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License version
10 * 2 as published by the Free Software Foundation.
11 *
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
20 * 02111-1307, USA.
21 */
22
23#include "ecryptfs_kernel.h"
24
25LIST_HEAD(ecryptfs_msg_ctx_free_list);
26LIST_HEAD(ecryptfs_msg_ctx_alloc_list);
27struct mutex ecryptfs_msg_ctx_lists_mux;
28
29struct hlist_head *ecryptfs_daemon_id_hash;
30struct mutex ecryptfs_daemon_id_hash_mux;
31int ecryptfs_hash_buckets;
32
33unsigned int ecryptfs_msg_counter;
34struct ecryptfs_msg_ctx *ecryptfs_msg_ctx_arr;
35
36/**
37 * ecryptfs_acquire_free_msg_ctx
38 * @msg_ctx: The context that was acquired from the free list
39 *
40 * Acquires a context element from the free list and locks the mutex
41 * on the context. Returns zero on success; non-zero on error or upon
42 * failure to acquire a free context element. Be sure to lock the
43 * list mutex before calling.
44 */
45static int ecryptfs_acquire_free_msg_ctx(struct ecryptfs_msg_ctx **msg_ctx)
46{
47 struct list_head *p;
48 int rc;
49
50 if (list_empty(&ecryptfs_msg_ctx_free_list)) {
51 ecryptfs_printk(KERN_WARNING, "The eCryptfs free "
52 "context list is empty. It may be helpful to "
53 "specify the ecryptfs_message_buf_len "
54 "parameter to be greater than the current "
55 "value of [%d]\n", ecryptfs_message_buf_len);
56 rc = -ENOMEM;
57 goto out;
58 }
59 list_for_each(p, &ecryptfs_msg_ctx_free_list) {
60 *msg_ctx = list_entry(p, struct ecryptfs_msg_ctx, node);
61 if (mutex_trylock(&(*msg_ctx)->mux)) {
62 (*msg_ctx)->task = current;
63 rc = 0;
64 goto out;
65 }
66 }
67 rc = -ENOMEM;
68out:
69 return rc;
70}
71
72/**
73 * ecryptfs_msg_ctx_free_to_alloc
74 * @msg_ctx: The context to move from the free list to the alloc list
75 *
76 * Be sure to lock the list mutex and the context mutex before
77 * calling.
78 */
79static void ecryptfs_msg_ctx_free_to_alloc(struct ecryptfs_msg_ctx *msg_ctx)
80{
81 list_move(&msg_ctx->node, &ecryptfs_msg_ctx_alloc_list);
82 msg_ctx->state = ECRYPTFS_MSG_CTX_STATE_PENDING;
83 msg_ctx->counter = ++ecryptfs_msg_counter;
84}
85
86/**
87 * ecryptfs_msg_ctx_alloc_to_free
88 * @msg_ctx: The context to move from the alloc list to the free list
89 *
90 * Be sure to lock the list mutex and the context mutex before
91 * calling.
92 */
93static void ecryptfs_msg_ctx_alloc_to_free(struct ecryptfs_msg_ctx *msg_ctx)
94{
95 list_move(&(msg_ctx->node), &ecryptfs_msg_ctx_free_list);
96 if (msg_ctx->msg)
97 kfree(msg_ctx->msg);
98 msg_ctx->state = ECRYPTFS_MSG_CTX_STATE_FREE;
99}
100
101/**
102 * ecryptfs_find_daemon_id
103 * @uid: The user id which maps to the desired daemon id
104 * @id: If return value is zero, points to the desired daemon id
105 * pointer
106 *
107 * Search the hash list for the given user id. Returns zero if the
108 * user id exists in the list; non-zero otherwise. The daemon id hash
109 * mutex should be held before calling this function.
110 */
111static int ecryptfs_find_daemon_id(uid_t uid, struct ecryptfs_daemon_id **id)
112{
113 struct hlist_node *elem;
114 int rc;
115
116 hlist_for_each_entry(*id, elem,
117 &ecryptfs_daemon_id_hash[ecryptfs_uid_hash(uid)],
118 id_chain) {
119 if ((*id)->uid == uid) {
120 rc = 0;
121 goto out;
122 }
123 }
124 rc = -EINVAL;
125out:
126 return rc;
127}
128
129static int ecryptfs_send_raw_message(unsigned int transport, u16 msg_type,
130 pid_t pid)
131{
132 int rc;
133
134 switch(transport) {
135 case ECRYPTFS_TRANSPORT_NETLINK:
136 rc = ecryptfs_send_netlink(NULL, 0, NULL, msg_type, 0, pid);
137 break;
138 case ECRYPTFS_TRANSPORT_CONNECTOR:
139 case ECRYPTFS_TRANSPORT_RELAYFS:
140 default:
141 rc = -ENOSYS;
142 }
143 return rc;
144}
145
146/**
147 * ecryptfs_process_helo
148 * @transport: The underlying transport (netlink, etc.)
149 * @uid: The user ID owner of the message
150 * @pid: The process ID for the userspace program that sent the
151 * message
152 *
153 * Adds the uid and pid values to the daemon id hash. If a uid
154 * already has a daemon pid registered, the daemon will be
155 * unregistered before the new daemon id is put into the hash list.
156 * Returns zero after adding a new daemon id to the hash list;
157 * non-zero otherwise.
158 */
159int ecryptfs_process_helo(unsigned int transport, uid_t uid, pid_t pid)
160{
161 struct ecryptfs_daemon_id *new_id;
162 struct ecryptfs_daemon_id *old_id;
163 int rc;
164
165 mutex_lock(&ecryptfs_daemon_id_hash_mux);
166 new_id = kmalloc(sizeof(*new_id), GFP_KERNEL);
167 if (!new_id) {
168 rc = -ENOMEM;
169 ecryptfs_printk(KERN_ERR, "Failed to allocate memory; unable "
170 "to register daemon [%d] for user\n", pid, uid);
171 goto unlock;
172 }
173 if (!ecryptfs_find_daemon_id(uid, &old_id)) {
174 printk(KERN_WARNING "Received request from user [%d] "
175 "to register daemon [%d]; unregistering daemon "
176 "[%d]\n", uid, pid, old_id->pid);
177 hlist_del(&old_id->id_chain);
178 rc = ecryptfs_send_raw_message(transport, ECRYPTFS_NLMSG_QUIT,
179 old_id->pid);
180 if (rc)
181 printk(KERN_WARNING "Failed to send QUIT "
182 "message to daemon [%d]; rc = [%d]\n",
183 old_id->pid, rc);
184 kfree(old_id);
185 }
186 new_id->uid = uid;
187 new_id->pid = pid;
188 hlist_add_head(&new_id->id_chain,
189 &ecryptfs_daemon_id_hash[ecryptfs_uid_hash(uid)]);
190 rc = 0;
191unlock:
192 mutex_unlock(&ecryptfs_daemon_id_hash_mux);
193 return rc;
194}
195
196/**
197 * ecryptfs_process_quit
198 * @uid: The user ID owner of the message
199 * @pid: The process ID for the userspace program that sent the
200 * message
201 *
202 * Deletes the corresponding daemon id for the given uid and pid, if
203 * it is the registered that is requesting the deletion. Returns zero
204 * after deleting the desired daemon id; non-zero otherwise.
205 */
206int ecryptfs_process_quit(uid_t uid, pid_t pid)
207{
208 struct ecryptfs_daemon_id *id;
209 int rc;
210
211 mutex_lock(&ecryptfs_daemon_id_hash_mux);
212 if (ecryptfs_find_daemon_id(uid, &id)) {
213 rc = -EINVAL;
214 ecryptfs_printk(KERN_ERR, "Received request from user [%d] to "
215 "unregister unrecognized daemon [%d]\n", uid,
216 pid);
217 goto unlock;
218 }
219 if (id->pid != pid) {
220 rc = -EINVAL;
221 ecryptfs_printk(KERN_WARNING, "Received request from user [%d] "
222 "with pid [%d] to unregister daemon [%d]\n",
223 uid, pid, id->pid);
224 goto unlock;
225 }
226 hlist_del(&id->id_chain);
227 kfree(id);
228 rc = 0;
229unlock:
230 mutex_unlock(&ecryptfs_daemon_id_hash_mux);
231 return rc;
232}
233
234/**
235 * ecryptfs_process_reponse
236 * @msg: The ecryptfs message received; the caller should sanity check
237 * msg->data_len
238 * @pid: The process ID of the userspace application that sent the
239 * message
240 * @seq: The sequence number of the message
241 *
242 * Processes a response message after sending a operation request to
243 * userspace. Returns zero upon delivery to desired context element;
244 * non-zero upon delivery failure or error.
245 */
246int ecryptfs_process_response(struct ecryptfs_message *msg, pid_t pid, u32 seq)
247{
248 struct ecryptfs_daemon_id *id;
249 struct ecryptfs_msg_ctx *msg_ctx;
250 int msg_size;
251 int rc;
252
253 if (msg->index >= ecryptfs_message_buf_len) {
254 rc = -EINVAL;
255 ecryptfs_printk(KERN_ERR, "Attempt to reference "
256 "context buffer at index [%d]; maximum "
257 "allowable is [%d]\n", msg->index,
258 (ecryptfs_message_buf_len - 1));
259 goto out;
260 }
261 msg_ctx = &ecryptfs_msg_ctx_arr[msg->index];
262 mutex_lock(&msg_ctx->mux);
263 if (ecryptfs_find_daemon_id(msg_ctx->task->euid, &id)) {
264 rc = -EBADMSG;
265 ecryptfs_printk(KERN_WARNING, "User [%d] received a "
266 "message response from process [%d] but does "
267 "not have a registered daemon\n",
268 msg_ctx->task->euid, pid);
269 goto wake_up;
270 }
271 if (id->pid != pid) {
272 rc = -EBADMSG;
273 ecryptfs_printk(KERN_ERR, "User [%d] received a "
274 "message response from an unrecognized "
275 "process [%d]\n", msg_ctx->task->euid, pid);
276 goto unlock;
277 }
278 if (msg_ctx->state != ECRYPTFS_MSG_CTX_STATE_PENDING) {
279 rc = -EINVAL;
280 ecryptfs_printk(KERN_WARNING, "Desired context element is not "
281 "pending a response\n");
282 goto unlock;
283 } else if (msg_ctx->counter != seq) {
284 rc = -EINVAL;
285 ecryptfs_printk(KERN_WARNING, "Invalid message sequence; "
286 "expected [%d]; received [%d]\n",
287 msg_ctx->counter, seq);
288 goto unlock;
289 }
290 msg_size = sizeof(*msg) + msg->data_len;
291 msg_ctx->msg = kmalloc(msg_size, GFP_KERNEL);
292 if (!msg_ctx->msg) {
293 rc = -ENOMEM;
294 ecryptfs_printk(KERN_ERR, "Failed to allocate memory\n");
295 goto unlock;
296 }
297 memcpy(msg_ctx->msg, msg, msg_size);
298 msg_ctx->state = ECRYPTFS_MSG_CTX_STATE_DONE;
299 rc = 0;
300wake_up:
301 wake_up_process(msg_ctx->task);
302unlock:
303 mutex_unlock(&msg_ctx->mux);
304out:
305 return rc;
306}
307
308/**
309 * ecryptfs_send_message
310 * @transport: The transport over which to send the message (i.e.,
311 * netlink)
312 * @data: The data to send
313 * @data_len: The length of data
314 * @msg_ctx: The message context allocated for the send
315 */
316int ecryptfs_send_message(unsigned int transport, char *data, int data_len,
317 struct ecryptfs_msg_ctx **msg_ctx)
318{
319 struct ecryptfs_daemon_id *id;
320 int rc;
321
322 mutex_lock(&ecryptfs_daemon_id_hash_mux);
323 if (ecryptfs_find_daemon_id(current->euid, &id)) {
324 mutex_unlock(&ecryptfs_daemon_id_hash_mux);
325 rc = -ENOTCONN;
326 ecryptfs_printk(KERN_ERR, "User [%d] does not have a daemon "
327 "registered\n", current->euid);
328 goto out;
329 }
330 mutex_unlock(&ecryptfs_daemon_id_hash_mux);
331 mutex_lock(&ecryptfs_msg_ctx_lists_mux);
332 rc = ecryptfs_acquire_free_msg_ctx(msg_ctx);
333 if (rc) {
334 mutex_unlock(&ecryptfs_msg_ctx_lists_mux);
335 ecryptfs_printk(KERN_WARNING, "Could not claim a free "
336 "context element\n");
337 goto out;
338 }
339 ecryptfs_msg_ctx_free_to_alloc(*msg_ctx);
340 mutex_unlock(&(*msg_ctx)->mux);
341 mutex_unlock(&ecryptfs_msg_ctx_lists_mux);
342 switch (transport) {
343 case ECRYPTFS_TRANSPORT_NETLINK:
344 rc = ecryptfs_send_netlink(data, data_len, *msg_ctx,
345 ECRYPTFS_NLMSG_REQUEST, 0, id->pid);
346 break;
347 case ECRYPTFS_TRANSPORT_CONNECTOR:
348 case ECRYPTFS_TRANSPORT_RELAYFS:
349 default:
350 rc = -ENOSYS;
351 }
352 if (rc) {
353 printk(KERN_ERR "Error attempting to send message to userspace "
354 "daemon; rc = [%d]\n", rc);
355 }
356out:
357 return rc;
358}
359
360/**
361 * ecryptfs_wait_for_response
362 * @msg_ctx: The context that was assigned when sending a message
363 * @msg: The incoming message from userspace; not set if rc != 0
364 *
365 * Sleeps until awaken by ecryptfs_receive_message or until the amount
366 * of time exceeds ecryptfs_message_wait_timeout. If zero is
367 * returned, msg will point to a valid message from userspace; a
368 * non-zero value is returned upon failure to receive a message or an
369 * error occurs.
370 */
371int ecryptfs_wait_for_response(struct ecryptfs_msg_ctx *msg_ctx,
372 struct ecryptfs_message **msg)
373{
374 signed long timeout = ecryptfs_message_wait_timeout * HZ;
375 int rc = 0;
376
377sleep:
378 timeout = schedule_timeout_interruptible(timeout);
379 mutex_lock(&ecryptfs_msg_ctx_lists_mux);
380 mutex_lock(&msg_ctx->mux);
381 if (msg_ctx->state != ECRYPTFS_MSG_CTX_STATE_DONE) {
382 if (timeout) {
383 mutex_unlock(&msg_ctx->mux);
384 mutex_unlock(&ecryptfs_msg_ctx_lists_mux);
385 goto sleep;
386 }
387 rc = -ENOMSG;
388 } else {
389 *msg = msg_ctx->msg;
390 msg_ctx->msg = NULL;
391 }
392 ecryptfs_msg_ctx_alloc_to_free(msg_ctx);
393 mutex_unlock(&msg_ctx->mux);
394 mutex_unlock(&ecryptfs_msg_ctx_lists_mux);
395 return rc;
396}
397
398int ecryptfs_init_messaging(unsigned int transport)
399{
400 int i;
401 int rc = 0;
402
403 if (ecryptfs_number_of_users > ECRYPTFS_MAX_NUM_USERS) {
404 ecryptfs_number_of_users = ECRYPTFS_MAX_NUM_USERS;
405 ecryptfs_printk(KERN_WARNING, "Specified number of users is "
406 "too large, defaulting to [%d] users\n",
407 ecryptfs_number_of_users);
408 }
409 mutex_init(&ecryptfs_daemon_id_hash_mux);
410 mutex_lock(&ecryptfs_daemon_id_hash_mux);
411 ecryptfs_hash_buckets = 0;
412 while (ecryptfs_number_of_users >> ++ecryptfs_hash_buckets);
413 ecryptfs_daemon_id_hash = kmalloc(sizeof(struct hlist_head)
414 * ecryptfs_hash_buckets, GFP_KERNEL);
415 if (!ecryptfs_daemon_id_hash) {
416 rc = -ENOMEM;
417 ecryptfs_printk(KERN_ERR, "Failed to allocate memory\n");
418 goto out;
419 }
420 for (i = 0; i < ecryptfs_hash_buckets; i++)
421 INIT_HLIST_HEAD(&ecryptfs_daemon_id_hash[i]);
422 mutex_unlock(&ecryptfs_daemon_id_hash_mux);
423
424 ecryptfs_msg_ctx_arr = kmalloc((sizeof(struct ecryptfs_msg_ctx)
425 * ecryptfs_message_buf_len), GFP_KERNEL);
426 if (!ecryptfs_msg_ctx_arr) {
427 rc = -ENOMEM;
428 ecryptfs_printk(KERN_ERR, "Failed to allocate memory\n");
429 goto out;
430 }
431 mutex_init(&ecryptfs_msg_ctx_lists_mux);
432 mutex_lock(&ecryptfs_msg_ctx_lists_mux);
433 ecryptfs_msg_counter = 0;
434 for (i = 0; i < ecryptfs_message_buf_len; i++) {
435 INIT_LIST_HEAD(&ecryptfs_msg_ctx_arr[i].node);
436 mutex_init(&ecryptfs_msg_ctx_arr[i].mux);
437 mutex_lock(&ecryptfs_msg_ctx_arr[i].mux);
438 ecryptfs_msg_ctx_arr[i].index = i;
439 ecryptfs_msg_ctx_arr[i].state = ECRYPTFS_MSG_CTX_STATE_FREE;
440 ecryptfs_msg_ctx_arr[i].counter = 0;
441 ecryptfs_msg_ctx_arr[i].task = NULL;
442 ecryptfs_msg_ctx_arr[i].msg = NULL;
443 list_add_tail(&ecryptfs_msg_ctx_arr[i].node,
444 &ecryptfs_msg_ctx_free_list);
445 mutex_unlock(&ecryptfs_msg_ctx_arr[i].mux);
446 }
447 mutex_unlock(&ecryptfs_msg_ctx_lists_mux);
448 switch(transport) {
449 case ECRYPTFS_TRANSPORT_NETLINK:
450 rc = ecryptfs_init_netlink();
451 if (rc)
452 ecryptfs_release_messaging(transport);
453 break;
454 case ECRYPTFS_TRANSPORT_CONNECTOR:
455 case ECRYPTFS_TRANSPORT_RELAYFS:
456 default:
457 rc = -ENOSYS;
458 }
459out:
460 return rc;
461}
462
463void ecryptfs_release_messaging(unsigned int transport)
464{
465 if (ecryptfs_msg_ctx_arr) {
466 int i;
467
468 mutex_lock(&ecryptfs_msg_ctx_lists_mux);
469 for (i = 0; i < ecryptfs_message_buf_len; i++) {
470 mutex_lock(&ecryptfs_msg_ctx_arr[i].mux);
471 if (ecryptfs_msg_ctx_arr[i].msg)
472 kfree(ecryptfs_msg_ctx_arr[i].msg);
473 mutex_unlock(&ecryptfs_msg_ctx_arr[i].mux);
474 }
475 kfree(ecryptfs_msg_ctx_arr);
476 mutex_unlock(&ecryptfs_msg_ctx_lists_mux);
477 }
478 if (ecryptfs_daemon_id_hash) {
479 struct hlist_node *elem;
480 struct ecryptfs_daemon_id *id;
481 int i;
482
483 mutex_lock(&ecryptfs_daemon_id_hash_mux);
484 for (i = 0; i < ecryptfs_hash_buckets; i++) {
485 hlist_for_each_entry(id, elem,
486 &ecryptfs_daemon_id_hash[i],
487 id_chain) {
488 hlist_del(elem);
489 kfree(id);
490 }
491 }
492 kfree(ecryptfs_daemon_id_hash);
493 mutex_unlock(&ecryptfs_daemon_id_hash_mux);
494 }
495 switch(transport) {
496 case ECRYPTFS_TRANSPORT_NETLINK:
497 ecryptfs_release_netlink();
498 break;
499 case ECRYPTFS_TRANSPORT_CONNECTOR:
500 case ECRYPTFS_TRANSPORT_RELAYFS:
501 default:
502 break;
503 }
504 return;
505}
diff --git a/fs/ecryptfs/netlink.c b/fs/ecryptfs/netlink.c
new file mode 100644
index 000000000000..aba061d62118
--- /dev/null
+++ b/fs/ecryptfs/netlink.c
@@ -0,0 +1,255 @@
1/**
2 * eCryptfs: Linux filesystem encryption layer
3 *
4 * Copyright (C) 2004-2006 International Business Machines Corp.
5 * Author(s): Michael A. Halcrow <mhalcrow@us.ibm.com>
6 * Tyler Hicks <tyhicks@ou.edu>
7 *
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License version
10 * 2 as published by the Free Software Foundation.
11 *
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
20 * 02111-1307, USA.
21 */
22
23#include <net/sock.h>
24#include <linux/hash.h>
25#include <linux/random.h>
26#include "ecryptfs_kernel.h"
27
28static struct sock *ecryptfs_nl_sock;
29
30/**
31 * ecryptfs_send_netlink
32 * @data: The data to include as the payload
33 * @data_len: The byte count of the data
34 * @msg_ctx: The netlink context that will be used to handle the
35 * response message
36 * @msg_type: The type of netlink message to send
37 * @msg_flags: The flags to include in the netlink header
38 * @daemon_pid: The process id of the daemon to send the message to
39 *
40 * Sends the data to the specified daemon pid and uses the netlink
41 * context element to store the data needed for validation upon
42 * receiving the response. The data and the netlink context can be
43 * null if just sending a netlink header is sufficient. Returns zero
44 * upon sending the message; non-zero upon error.
45 */
46int ecryptfs_send_netlink(char *data, int data_len,
47 struct ecryptfs_msg_ctx *msg_ctx, u16 msg_type,
48 u16 msg_flags, pid_t daemon_pid)
49{
50 struct sk_buff *skb;
51 struct nlmsghdr *nlh;
52 struct ecryptfs_message *msg;
53 size_t payload_len;
54 int rc;
55
56 payload_len = ((data && data_len) ? (sizeof(*msg) + data_len) : 0);
57 skb = alloc_skb(NLMSG_SPACE(payload_len), GFP_KERNEL);
58 if (!skb) {
59 rc = -ENOMEM;
60 ecryptfs_printk(KERN_ERR, "Failed to allocate socket buffer\n");
61 goto out;
62 }
63 nlh = NLMSG_PUT(skb, daemon_pid, msg_ctx ? msg_ctx->counter : 0,
64 msg_type, payload_len);
65 nlh->nlmsg_flags = msg_flags;
66 if (msg_ctx && payload_len) {
67 msg = (struct ecryptfs_message *)NLMSG_DATA(nlh);
68 msg->index = msg_ctx->index;
69 msg->data_len = data_len;
70 memcpy(msg->data, data, data_len);
71 }
72 rc = netlink_unicast(ecryptfs_nl_sock, skb, daemon_pid, 0);
73 if (rc < 0) {
74 ecryptfs_printk(KERN_ERR, "Failed to send eCryptfs netlink "
75 "message; rc = [%d]\n", rc);
76 goto out;
77 }
78 rc = 0;
79 goto out;
80nlmsg_failure:
81 rc = -EMSGSIZE;
82 kfree_skb(skb);
83out:
84 return rc;
85}
86
87/**
88 * ecryptfs_process_nl_reponse
89 * @skb: The socket buffer containing the netlink message of state
90 * RESPONSE
91 *
92 * Processes a response message after sending a operation request to
93 * userspace. Attempts to assign the msg to a netlink context element
94 * at the index specified in the msg. The sk_buff and nlmsghdr must
95 * be validated before this function. Returns zero upon delivery to
96 * desired context element; non-zero upon delivery failure or error.
97 */
98static int ecryptfs_process_nl_response(struct sk_buff *skb)
99{
100 struct nlmsghdr *nlh = (struct nlmsghdr*)skb->data;
101 struct ecryptfs_message *msg = NLMSG_DATA(nlh);
102 int rc;
103
104 if (skb->len - NLMSG_HDRLEN - sizeof(*msg) != msg->data_len) {
105 rc = -EINVAL;
106 ecryptfs_printk(KERN_ERR, "Received netlink message with "
107 "incorrectly specified data length\n");
108 goto out;
109 }
110 rc = ecryptfs_process_response(msg, NETLINK_CREDS(skb)->pid,
111 nlh->nlmsg_seq);
112 if (rc)
113 printk(KERN_ERR
114 "Error processing response message; rc = [%d]\n", rc);
115out:
116 return rc;
117}
118
119/**
120 * ecryptfs_process_nl_helo
121 * @skb: The socket buffer containing the nlmsghdr in HELO state
122 *
123 * Gets uid and pid of the skb and adds the values to the daemon id
124 * hash. Returns zero after adding a new daemon id to the hash list;
125 * non-zero otherwise.
126 */
127static int ecryptfs_process_nl_helo(struct sk_buff *skb)
128{
129 int rc;
130
131 rc = ecryptfs_process_helo(ECRYPTFS_TRANSPORT_NETLINK,
132 NETLINK_CREDS(skb)->uid,
133 NETLINK_CREDS(skb)->pid);
134 if (rc)
135 printk(KERN_WARNING "Error processing HELO; rc = [%d]\n", rc);
136 return rc;
137}
138
139/**
140 * ecryptfs_process_nl_quit
141 * @skb: The socket buffer containing the nlmsghdr in QUIT state
142 *
143 * Gets uid and pid of the skb and deletes the corresponding daemon
144 * id, if it is the registered that is requesting the
145 * deletion. Returns zero after deleting the desired daemon id;
146 * non-zero otherwise.
147 */
148static int ecryptfs_process_nl_quit(struct sk_buff *skb)
149{
150 int rc;
151
152 rc = ecryptfs_process_quit(NETLINK_CREDS(skb)->uid,
153 NETLINK_CREDS(skb)->pid);
154 if (rc)
155 printk(KERN_WARNING
156 "Error processing QUIT message; rc = [%d]\n", rc);
157 return rc;
158}
159
160/**
161 * ecryptfs_receive_nl_message
162 *
163 * Callback function called by netlink system when a message arrives.
164 * If the message looks to be valid, then an attempt is made to assign
165 * it to its desired netlink context element and wake up the process
166 * that is waiting for a response.
167 */
168static void ecryptfs_receive_nl_message(struct sock *sk, int len)
169{
170 struct sk_buff *skb;
171 struct nlmsghdr *nlh;
172 int rc = 0; /* skb_recv_datagram requires this */
173
174receive:
175 skb = skb_recv_datagram(sk, 0, 0, &rc);
176 if (rc == -EINTR)
177 goto receive;
178 else if (rc < 0) {
179 ecryptfs_printk(KERN_ERR, "Error occurred while "
180 "receiving eCryptfs netlink message; "
181 "rc = [%d]\n", rc);
182 return;
183 }
184 nlh = (struct nlmsghdr *)skb->data;
185 if (!NLMSG_OK(nlh, skb->len)) {
186 ecryptfs_printk(KERN_ERR, "Received corrupt netlink "
187 "message\n");
188 goto free;
189 }
190 switch (nlh->nlmsg_type) {
191 case ECRYPTFS_NLMSG_RESPONSE:
192 if (ecryptfs_process_nl_response(skb)) {
193 ecryptfs_printk(KERN_WARNING, "Failed to "
194 "deliver netlink response to "
195 "requesting operation\n");
196 }
197 break;
198 case ECRYPTFS_NLMSG_HELO:
199 if (ecryptfs_process_nl_helo(skb)) {
200 ecryptfs_printk(KERN_WARNING, "Failed to "
201 "fulfill HELO request\n");
202 }
203 break;
204 case ECRYPTFS_NLMSG_QUIT:
205 if (ecryptfs_process_nl_quit(skb)) {
206 ecryptfs_printk(KERN_WARNING, "Failed to "
207 "fulfill QUIT request\n");
208 }
209 break;
210 default:
211 ecryptfs_printk(KERN_WARNING, "Dropping netlink "
212 "message of unrecognized type [%d]\n",
213 nlh->nlmsg_type);
214 break;
215 }
216free:
217 kfree_skb(skb);
218}
219
220/**
221 * ecryptfs_init_netlink
222 *
223 * Initializes the daemon id hash list, netlink context array, and
224 * necessary locks. Returns zero upon success; non-zero upon error.
225 */
226int ecryptfs_init_netlink(void)
227{
228 int rc;
229
230 ecryptfs_nl_sock = netlink_kernel_create(NETLINK_ECRYPTFS, 0,
231 ecryptfs_receive_nl_message,
232 THIS_MODULE);
233 if (!ecryptfs_nl_sock) {
234 rc = -EIO;
235 ecryptfs_printk(KERN_ERR, "Failed to create netlink socket\n");
236 goto out;
237 }
238 ecryptfs_nl_sock->sk_sndtimeo = ECRYPTFS_DEFAULT_SEND_TIMEOUT;
239 rc = 0;
240out:
241 return rc;
242}
243
244/**
245 * ecryptfs_release_netlink
246 *
247 * Frees all memory used by the netlink context array and releases the
248 * netlink socket.
249 */
250void ecryptfs_release_netlink(void)
251{
252 if (ecryptfs_nl_sock && ecryptfs_nl_sock->sk_socket)
253 sock_release(ecryptfs_nl_sock->sk_socket);
254 ecryptfs_nl_sock = NULL;
255}
diff --git a/include/linux/netlink.h b/include/linux/netlink.h
index b3b9b609ee89..2a20f488ac1b 100644
--- a/include/linux/netlink.h
+++ b/include/linux/netlink.h
@@ -23,6 +23,7 @@
23#define NETLINK_GENERIC 16 23#define NETLINK_GENERIC 16
24/* leave room for NETLINK_DM (DM Events) */ 24/* leave room for NETLINK_DM (DM Events) */
25#define NETLINK_SCSITRANSPORT 18 /* SCSI Transports */ 25#define NETLINK_SCSITRANSPORT 18 /* SCSI Transports */
26#define NETLINK_ECRYPTFS 19
26 27
27#define MAX_LINKS 32 28#define MAX_LINKS 32
28 29