aboutsummaryrefslogtreecommitdiffstats
path: root/fs/ecryptfs/inode.c
diff options
context:
space:
mode:
Diffstat (limited to 'fs/ecryptfs/inode.c')
-rw-r--r--fs/ecryptfs/inode.c300
1 files changed, 169 insertions, 131 deletions
diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c
index 5e78fc179886..5697899a168d 100644
--- a/fs/ecryptfs/inode.c
+++ b/fs/ecryptfs/inode.c
@@ -52,8 +52,7 @@ static void unlock_dir(struct dentry *dir)
52/** 52/**
53 * ecryptfs_create_underlying_file 53 * ecryptfs_create_underlying_file
54 * @lower_dir_inode: inode of the parent in the lower fs of the new file 54 * @lower_dir_inode: inode of the parent in the lower fs of the new file
55 * @lower_dentry: New file's dentry in the lower fs 55 * @dentry: New file's dentry
56 * @ecryptfs_dentry: New file's dentry in ecryptfs
57 * @mode: The mode of the new file 56 * @mode: The mode of the new file
58 * @nd: nameidata of ecryptfs' parent's dentry & vfsmount 57 * @nd: nameidata of ecryptfs' parent's dentry & vfsmount
59 * 58 *
@@ -228,8 +227,7 @@ ecryptfs_create(struct inode *directory_inode, struct dentry *ecryptfs_dentry,
228{ 227{
229 int rc; 228 int rc;
230 229
231 /* ecryptfs_do_create() calls ecryptfs_interpose(), which opens 230 /* ecryptfs_do_create() calls ecryptfs_interpose() */
232 * the crypt_stat->lower_file (persistent file) */
233 rc = ecryptfs_do_create(directory_inode, ecryptfs_dentry, mode, nd); 231 rc = ecryptfs_do_create(directory_inode, ecryptfs_dentry, mode, nd);
234 if (unlikely(rc)) { 232 if (unlikely(rc)) {
235 ecryptfs_printk(KERN_WARNING, "Failed to create file in" 233 ecryptfs_printk(KERN_WARNING, "Failed to create file in"
@@ -244,141 +242,91 @@ out:
244} 242}
245 243
246/** 244/**
247 * ecryptfs_lookup 245 * ecryptfs_lookup_and_interpose_lower - Perform a lookup
248 * @dir: inode
249 * @dentry: The dentry
250 * @nd: nameidata, may be NULL
251 *
252 * Find a file on disk. If the file does not exist, then we'll add it to the
253 * dentry cache and continue on to read it from the disk.
254 */ 246 */
255static struct dentry *ecryptfs_lookup(struct inode *dir, struct dentry *dentry, 247int ecryptfs_lookup_and_interpose_lower(struct dentry *ecryptfs_dentry,
256 struct nameidata *nd) 248 struct dentry *lower_dentry,
249 struct ecryptfs_crypt_stat *crypt_stat,
250 struct inode *ecryptfs_dir_inode,
251 struct nameidata *ecryptfs_nd)
257{ 252{
258 int rc = 0;
259 struct dentry *lower_dir_dentry; 253 struct dentry *lower_dir_dentry;
260 struct dentry *lower_dentry;
261 struct vfsmount *lower_mnt; 254 struct vfsmount *lower_mnt;
262 char *encoded_name; 255 struct inode *lower_inode;
263 int encoded_namelen;
264 struct ecryptfs_crypt_stat *crypt_stat = NULL;
265 struct ecryptfs_mount_crypt_stat *mount_crypt_stat; 256 struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
266 char *page_virt = NULL; 257 char *page_virt = NULL;
267 struct inode *lower_inode;
268 u64 file_size; 258 u64 file_size;
259 int rc = 0;
269 260
270 lower_dir_dentry = ecryptfs_dentry_to_lower(dentry->d_parent); 261 lower_dir_dentry = lower_dentry->d_parent;
271 dentry->d_op = &ecryptfs_dops; 262 lower_mnt = mntget(ecryptfs_dentry_to_lower_mnt(
272 if ((dentry->d_name.len == 1 && !strcmp(dentry->d_name.name, ".")) 263 ecryptfs_dentry->d_parent));
273 || (dentry->d_name.len == 2
274 && !strcmp(dentry->d_name.name, ".."))) {
275 d_drop(dentry);
276 goto out;
277 }
278 encoded_namelen = ecryptfs_encode_filename(crypt_stat,
279 dentry->d_name.name,
280 dentry->d_name.len,
281 &encoded_name);
282 if (encoded_namelen < 0) {
283 rc = encoded_namelen;
284 d_drop(dentry);
285 goto out;
286 }
287 ecryptfs_printk(KERN_DEBUG, "encoded_name = [%s]; encoded_namelen "
288 "= [%d]\n", encoded_name, encoded_namelen);
289 lower_dentry = lookup_one_len(encoded_name, lower_dir_dentry,
290 encoded_namelen - 1);
291 kfree(encoded_name);
292 if (IS_ERR(lower_dentry)) {
293 ecryptfs_printk(KERN_ERR, "ERR from lower_dentry\n");
294 rc = PTR_ERR(lower_dentry);
295 d_drop(dentry);
296 goto out;
297 }
298 lower_mnt = mntget(ecryptfs_dentry_to_lower_mnt(dentry->d_parent));
299 ecryptfs_printk(KERN_DEBUG, "lower_dentry = [%p]; lower_dentry->"
300 "d_name.name = [%s]\n", lower_dentry,
301 lower_dentry->d_name.name);
302 lower_inode = lower_dentry->d_inode; 264 lower_inode = lower_dentry->d_inode;
303 fsstack_copy_attr_atime(dir, lower_dir_dentry->d_inode); 265 fsstack_copy_attr_atime(ecryptfs_dir_inode, lower_dir_dentry->d_inode);
304 BUG_ON(!atomic_read(&lower_dentry->d_count)); 266 BUG_ON(!atomic_read(&lower_dentry->d_count));
305 ecryptfs_set_dentry_private(dentry, 267 ecryptfs_set_dentry_private(ecryptfs_dentry,
306 kmem_cache_alloc(ecryptfs_dentry_info_cache, 268 kmem_cache_alloc(ecryptfs_dentry_info_cache,
307 GFP_KERNEL)); 269 GFP_KERNEL));
308 if (!ecryptfs_dentry_to_private(dentry)) { 270 if (!ecryptfs_dentry_to_private(ecryptfs_dentry)) {
309 rc = -ENOMEM; 271 rc = -ENOMEM;
310 ecryptfs_printk(KERN_ERR, "Out of memory whilst attempting " 272 printk(KERN_ERR "%s: Out of memory whilst attempting "
311 "to allocate ecryptfs_dentry_info struct\n"); 273 "to allocate ecryptfs_dentry_info struct\n",
274 __func__);
312 goto out_dput; 275 goto out_dput;
313 } 276 }
314 ecryptfs_set_dentry_lower(dentry, lower_dentry); 277 ecryptfs_set_dentry_lower(ecryptfs_dentry, lower_dentry);
315 ecryptfs_set_dentry_lower_mnt(dentry, lower_mnt); 278 ecryptfs_set_dentry_lower_mnt(ecryptfs_dentry, lower_mnt);
316 if (!lower_dentry->d_inode) { 279 if (!lower_dentry->d_inode) {
317 /* We want to add because we couldn't find in lower */ 280 /* We want to add because we couldn't find in lower */
318 d_add(dentry, NULL); 281 d_add(ecryptfs_dentry, NULL);
319 goto out; 282 goto out;
320 } 283 }
321 rc = ecryptfs_interpose(lower_dentry, dentry, dir->i_sb, 284 rc = ecryptfs_interpose(lower_dentry, ecryptfs_dentry,
322 ECRYPTFS_INTERPOSE_FLAG_D_ADD); 285 ecryptfs_dir_inode->i_sb, 1);
323 if (rc) { 286 if (rc) {
324 ecryptfs_printk(KERN_ERR, "Error interposing\n"); 287 printk(KERN_ERR "%s: Error interposing; rc = [%d]\n",
288 __func__, rc);
325 goto out; 289 goto out;
326 } 290 }
327 if (S_ISDIR(lower_inode->i_mode)) { 291 if (S_ISDIR(lower_inode->i_mode))
328 ecryptfs_printk(KERN_DEBUG, "Is a directory; returning\n");
329 goto out; 292 goto out;
330 } 293 if (S_ISLNK(lower_inode->i_mode))
331 if (S_ISLNK(lower_inode->i_mode)) {
332 ecryptfs_printk(KERN_DEBUG, "Is a symlink; returning\n");
333 goto out; 294 goto out;
334 } 295 if (special_file(lower_inode->i_mode))
335 if (special_file(lower_inode->i_mode)) {
336 ecryptfs_printk(KERN_DEBUG, "Is a special file; returning\n");
337 goto out; 296 goto out;
338 } 297 if (!ecryptfs_nd)
339 if (!nd) {
340 ecryptfs_printk(KERN_DEBUG, "We have a NULL nd, just leave"
341 "as we *think* we are about to unlink\n");
342 goto out; 298 goto out;
343 }
344 /* Released in this function */ 299 /* Released in this function */
345 page_virt = kmem_cache_zalloc(ecryptfs_header_cache_2, 300 page_virt = kmem_cache_zalloc(ecryptfs_header_cache_2, GFP_USER);
346 GFP_USER);
347 if (!page_virt) { 301 if (!page_virt) {
302 printk(KERN_ERR "%s: Cannot kmem_cache_zalloc() a page\n",
303 __func__);
348 rc = -ENOMEM; 304 rc = -ENOMEM;
349 ecryptfs_printk(KERN_ERR,
350 "Cannot ecryptfs_kmalloc a page\n");
351 goto out; 305 goto out;
352 } 306 }
353 crypt_stat = &ecryptfs_inode_to_private(dentry->d_inode)->crypt_stat; 307 if (!ecryptfs_inode_to_private(ecryptfs_dentry->d_inode)->lower_file) {
354 if (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED)) 308 rc = ecryptfs_init_persistent_file(ecryptfs_dentry);
355 ecryptfs_set_default_sizes(crypt_stat);
356 if (!ecryptfs_inode_to_private(dentry->d_inode)->lower_file) {
357 rc = ecryptfs_init_persistent_file(dentry);
358 if (rc) { 309 if (rc) {
359 printk(KERN_ERR "%s: Error attempting to initialize " 310 printk(KERN_ERR "%s: Error attempting to initialize "
360 "the persistent file for the dentry with name " 311 "the persistent file for the dentry with name "
361 "[%s]; rc = [%d]\n", __func__, 312 "[%s]; rc = [%d]\n", __func__,
362 dentry->d_name.name, rc); 313 ecryptfs_dentry->d_name.name, rc);
363 goto out; 314 goto out_free_kmem;
364 } 315 }
365 } 316 }
366 rc = ecryptfs_read_and_validate_header_region(page_virt, 317 rc = ecryptfs_read_and_validate_header_region(page_virt,
367 dentry->d_inode); 318 ecryptfs_dentry->d_inode);
368 if (rc) { 319 if (rc) {
369 rc = ecryptfs_read_and_validate_xattr_region(page_virt, dentry); 320 rc = ecryptfs_read_and_validate_xattr_region(page_virt,
321 ecryptfs_dentry);
370 if (rc) { 322 if (rc) {
371 printk(KERN_DEBUG "Valid metadata not found in header "
372 "region or xattr region; treating file as "
373 "unencrypted\n");
374 rc = 0; 323 rc = 0;
375 kmem_cache_free(ecryptfs_header_cache_2, page_virt); 324 goto out_free_kmem;
376 goto out;
377 } 325 }
378 crypt_stat->flags |= ECRYPTFS_METADATA_IN_XATTR; 326 crypt_stat->flags |= ECRYPTFS_METADATA_IN_XATTR;
379 } 327 }
380 mount_crypt_stat = &ecryptfs_superblock_to_private( 328 mount_crypt_stat = &ecryptfs_superblock_to_private(
381 dentry->d_sb)->mount_crypt_stat; 329 ecryptfs_dentry->d_sb)->mount_crypt_stat;
382 if (mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED) { 330 if (mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED) {
383 if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR) 331 if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR)
384 file_size = (crypt_stat->num_header_bytes_at_front 332 file_size = (crypt_stat->num_header_bytes_at_front
@@ -388,14 +336,103 @@ static struct dentry *ecryptfs_lookup(struct inode *dir, struct dentry *dentry,
388 } else { 336 } else {
389 file_size = get_unaligned_be64(page_virt); 337 file_size = get_unaligned_be64(page_virt);
390 } 338 }
391 i_size_write(dentry->d_inode, (loff_t)file_size); 339 i_size_write(ecryptfs_dentry->d_inode, (loff_t)file_size);
340out_free_kmem:
392 kmem_cache_free(ecryptfs_header_cache_2, page_virt); 341 kmem_cache_free(ecryptfs_header_cache_2, page_virt);
393 goto out; 342 goto out;
394
395out_dput: 343out_dput:
396 dput(lower_dentry); 344 dput(lower_dentry);
397 d_drop(dentry); 345 d_drop(ecryptfs_dentry);
346out:
347 return rc;
348}
349
350/**
351 * ecryptfs_lookup
352 * @ecryptfs_dir_inode: The eCryptfs directory inode
353 * @ecryptfs_dentry: The eCryptfs dentry that we are looking up
354 * @ecryptfs_nd: nameidata; may be NULL
355 *
356 * Find a file on disk. If the file does not exist, then we'll add it to the
357 * dentry cache and continue on to read it from the disk.
358 */
359static struct dentry *ecryptfs_lookup(struct inode *ecryptfs_dir_inode,
360 struct dentry *ecryptfs_dentry,
361 struct nameidata *ecryptfs_nd)
362{
363 char *encrypted_and_encoded_name = NULL;
364 size_t encrypted_and_encoded_name_size;
365 struct ecryptfs_crypt_stat *crypt_stat = NULL;
366 struct ecryptfs_mount_crypt_stat *mount_crypt_stat = NULL;
367 struct ecryptfs_inode_info *inode_info;
368 struct dentry *lower_dir_dentry, *lower_dentry;
369 int rc = 0;
370
371 ecryptfs_dentry->d_op = &ecryptfs_dops;
372 if ((ecryptfs_dentry->d_name.len == 1
373 && !strcmp(ecryptfs_dentry->d_name.name, "."))
374 || (ecryptfs_dentry->d_name.len == 2
375 && !strcmp(ecryptfs_dentry->d_name.name, ".."))) {
376 goto out_d_drop;
377 }
378 lower_dir_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry->d_parent);
379 lower_dentry = lookup_one_len(ecryptfs_dentry->d_name.name,
380 lower_dir_dentry,
381 ecryptfs_dentry->d_name.len);
382 if (IS_ERR(lower_dentry)) {
383 rc = PTR_ERR(lower_dentry);
384 printk(KERN_ERR "%s: lookup_one_len() returned [%d] on "
385 "lower_dentry = [%s]\n", __func__, rc,
386 ecryptfs_dentry->d_name.name);
387 goto out_d_drop;
388 }
389 if (lower_dentry->d_inode)
390 goto lookup_and_interpose;
391 inode_info = ecryptfs_inode_to_private(ecryptfs_dentry->d_inode);
392 if (inode_info) {
393 crypt_stat = &inode_info->crypt_stat;
394 /* TODO: lock for crypt_stat comparison */
395 if (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED))
396 ecryptfs_set_default_sizes(crypt_stat);
397 }
398 if (crypt_stat)
399 mount_crypt_stat = crypt_stat->mount_crypt_stat;
400 else
401 mount_crypt_stat = &ecryptfs_superblock_to_private(
402 ecryptfs_dentry->d_sb)->mount_crypt_stat;
403 if (!(crypt_stat && (crypt_stat->flags & ECRYPTFS_ENCRYPT_FILENAMES))
404 && !(mount_crypt_stat && (mount_crypt_stat->flags
405 & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES)))
406 goto lookup_and_interpose;
407 dput(lower_dentry);
408 rc = ecryptfs_encrypt_and_encode_filename(
409 &encrypted_and_encoded_name, &encrypted_and_encoded_name_size,
410 crypt_stat, mount_crypt_stat, ecryptfs_dentry->d_name.name,
411 ecryptfs_dentry->d_name.len);
412 if (rc) {
413 printk(KERN_ERR "%s: Error attempting to encrypt and encode "
414 "filename; rc = [%d]\n", __func__, rc);
415 goto out_d_drop;
416 }
417 lower_dentry = lookup_one_len(encrypted_and_encoded_name,
418 lower_dir_dentry,
419 encrypted_and_encoded_name_size - 1);
420 if (IS_ERR(lower_dentry)) {
421 rc = PTR_ERR(lower_dentry);
422 printk(KERN_ERR "%s: lookup_one_len() returned [%d] on "
423 "lower_dentry = [%s]\n", __func__, rc,
424 encrypted_and_encoded_name);
425 goto out_d_drop;
426 }
427lookup_and_interpose:
428 rc = ecryptfs_lookup_and_interpose_lower(ecryptfs_dentry, lower_dentry,
429 crypt_stat, ecryptfs_dir_inode,
430 ecryptfs_nd);
431 goto out;
432out_d_drop:
433 d_drop(ecryptfs_dentry);
398out: 434out:
435 kfree(encrypted_and_encoded_name);
399 return ERR_PTR(rc); 436 return ERR_PTR(rc);
400} 437}
401 438
@@ -466,19 +503,21 @@ static int ecryptfs_symlink(struct inode *dir, struct dentry *dentry,
466 struct dentry *lower_dentry; 503 struct dentry *lower_dentry;
467 struct dentry *lower_dir_dentry; 504 struct dentry *lower_dir_dentry;
468 char *encoded_symname; 505 char *encoded_symname;
469 int encoded_symlen; 506 size_t encoded_symlen;
470 struct ecryptfs_crypt_stat *crypt_stat = NULL; 507 struct ecryptfs_mount_crypt_stat *mount_crypt_stat = NULL;
471 508
472 lower_dentry = ecryptfs_dentry_to_lower(dentry); 509 lower_dentry = ecryptfs_dentry_to_lower(dentry);
473 dget(lower_dentry); 510 dget(lower_dentry);
474 lower_dir_dentry = lock_parent(lower_dentry); 511 lower_dir_dentry = lock_parent(lower_dentry);
475 encoded_symlen = ecryptfs_encode_filename(crypt_stat, symname, 512 mount_crypt_stat = &ecryptfs_superblock_to_private(
476 strlen(symname), 513 dir->i_sb)->mount_crypt_stat;
477 &encoded_symname); 514 rc = ecryptfs_encrypt_and_encode_filename(&encoded_symname,
478 if (encoded_symlen < 0) { 515 &encoded_symlen,
479 rc = encoded_symlen; 516 NULL,
517 mount_crypt_stat, symname,
518 strlen(symname));
519 if (rc)
480 goto out_lock; 520 goto out_lock;
481 }
482 rc = vfs_symlink(lower_dir_dentry->d_inode, lower_dentry, 521 rc = vfs_symlink(lower_dir_dentry->d_inode, lower_dentry,
483 encoded_symname); 522 encoded_symname);
484 kfree(encoded_symname); 523 kfree(encoded_symname);
@@ -602,53 +641,54 @@ out_lock:
602} 641}
603 642
604static int 643static int
605ecryptfs_readlink(struct dentry *dentry, char __user * buf, int bufsiz) 644ecryptfs_readlink(struct dentry *dentry, char __user *buf, int bufsiz)
606{ 645{
607 int rc;
608 struct dentry *lower_dentry;
609 char *decoded_name;
610 char *lower_buf; 646 char *lower_buf;
611 mm_segment_t old_fs; 647 struct dentry *lower_dentry;
612 struct ecryptfs_crypt_stat *crypt_stat; 648 struct ecryptfs_crypt_stat *crypt_stat;
649 char *plaintext_name;
650 size_t plaintext_name_size;
651 mm_segment_t old_fs;
652 int rc;
613 653
614 lower_dentry = ecryptfs_dentry_to_lower(dentry); 654 lower_dentry = ecryptfs_dentry_to_lower(dentry);
615 if (!lower_dentry->d_inode->i_op || 655 if (!lower_dentry->d_inode->i_op->readlink) {
616 !lower_dentry->d_inode->i_op->readlink) {
617 rc = -EINVAL; 656 rc = -EINVAL;
618 goto out; 657 goto out;
619 } 658 }
659 crypt_stat = &ecryptfs_inode_to_private(dentry->d_inode)->crypt_stat;
620 /* Released in this function */ 660 /* Released in this function */
621 lower_buf = kmalloc(bufsiz, GFP_KERNEL); 661 lower_buf = kmalloc(bufsiz, GFP_KERNEL);
622 if (lower_buf == NULL) { 662 if (lower_buf == NULL) {
623 ecryptfs_printk(KERN_ERR, "Out of memory\n"); 663 printk(KERN_ERR "%s: Out of memory whilst attempting to "
664 "kmalloc [%d] bytes\n", __func__, bufsiz);
624 rc = -ENOMEM; 665 rc = -ENOMEM;
625 goto out; 666 goto out;
626 } 667 }
627 old_fs = get_fs(); 668 old_fs = get_fs();
628 set_fs(get_ds()); 669 set_fs(get_ds());
629 ecryptfs_printk(KERN_DEBUG, "Calling readlink w/ "
630 "lower_dentry->d_name.name = [%s]\n",
631 lower_dentry->d_name.name);
632 rc = lower_dentry->d_inode->i_op->readlink(lower_dentry, 670 rc = lower_dentry->d_inode->i_op->readlink(lower_dentry,
633 (char __user *)lower_buf, 671 (char __user *)lower_buf,
634 bufsiz); 672 bufsiz);
635 set_fs(old_fs); 673 set_fs(old_fs);
636 if (rc >= 0) { 674 if (rc >= 0) {
637 crypt_stat = NULL; 675 rc = ecryptfs_decode_and_decrypt_filename(&plaintext_name,
638 rc = ecryptfs_decode_filename(crypt_stat, lower_buf, rc, 676 &plaintext_name_size,
639 &decoded_name); 677 dentry, lower_buf,
640 if (rc == -ENOMEM) 678 rc);
679 if (rc) {
680 printk(KERN_ERR "%s: Error attempting to decode and "
681 "decrypt filename; rc = [%d]\n", __func__,
682 rc);
641 goto out_free_lower_buf; 683 goto out_free_lower_buf;
642 if (rc > 0) {
643 ecryptfs_printk(KERN_DEBUG, "Copying [%d] bytes "
644 "to userspace: [%*s]\n", rc,
645 decoded_name);
646 if (copy_to_user(buf, decoded_name, rc))
647 rc = -EFAULT;
648 } 684 }
649 kfree(decoded_name); 685 rc = copy_to_user(buf, plaintext_name, plaintext_name_size);
650 fsstack_copy_attr_atime(dentry->d_inode, 686 if (rc)
651 lower_dentry->d_inode); 687 rc = -EFAULT;
688 else
689 rc = plaintext_name_size;
690 kfree(plaintext_name);
691 fsstack_copy_attr_atime(dentry->d_inode, lower_dentry->d_inode);
652 } 692 }
653out_free_lower_buf: 693out_free_lower_buf:
654 kfree(lower_buf); 694 kfree(lower_buf);
@@ -670,8 +710,6 @@ static void *ecryptfs_follow_link(struct dentry *dentry, struct nameidata *nd)
670 } 710 }
671 old_fs = get_fs(); 711 old_fs = get_fs();
672 set_fs(get_ds()); 712 set_fs(get_ds());
673 ecryptfs_printk(KERN_DEBUG, "Calling readlink w/ "
674 "dentry->d_name.name = [%s]\n", dentry->d_name.name);
675 rc = dentry->d_inode->i_op->readlink(dentry, (char __user *)buf, len); 713 rc = dentry->d_inode->i_op->readlink(dentry, (char __user *)buf, len);
676 set_fs(old_fs); 714 set_fs(old_fs);
677 if (rc < 0) 715 if (rc < 0)