1 | // SPDX-License-Identifier: GPL-2.0 |
2 | |
3 | #include <linux/quotaops.h> |
4 | #include <linux/uuid.h> |
5 | |
6 | #include "ext4.h" |
7 | #include "xattr.h" |
8 | #include "ext4_jbd2.h" |
9 | |
10 | static void ext4_fname_from_fscrypt_name(struct ext4_filename *dst, |
11 | const struct fscrypt_name *src) |
12 | { |
13 | memset(dst, 0, sizeof(*dst)); |
14 | |
15 | dst->usr_fname = src->usr_fname; |
16 | dst->disk_name = src->disk_name; |
17 | dst->hinfo.hash = src->hash; |
18 | dst->hinfo.minor_hash = src->minor_hash; |
19 | dst->crypto_buf = src->crypto_buf; |
20 | } |
21 | |
22 | int ext4_fname_setup_filename(struct inode *dir, const struct qstr *iname, |
23 | int lookup, struct ext4_filename *fname) |
24 | { |
25 | struct fscrypt_name name; |
26 | int err; |
27 | |
28 | err = fscrypt_setup_filename(inode: dir, iname, lookup, fname: &name); |
29 | if (err) |
30 | return err; |
31 | |
32 | ext4_fname_from_fscrypt_name(dst: fname, src: &name); |
33 | |
34 | #if IS_ENABLED(CONFIG_UNICODE) |
35 | err = ext4_fname_setup_ci_filename(dir, iname, fname); |
36 | if (err) |
37 | ext4_fname_free_filename(fname); |
38 | #endif |
39 | return err; |
40 | } |
41 | |
42 | int ext4_fname_prepare_lookup(struct inode *dir, struct dentry *dentry, |
43 | struct ext4_filename *fname) |
44 | { |
45 | struct fscrypt_name name; |
46 | int err; |
47 | |
48 | err = fscrypt_prepare_lookup(dir, dentry, fname: &name); |
49 | if (err) |
50 | return err; |
51 | |
52 | ext4_fname_from_fscrypt_name(dst: fname, src: &name); |
53 | |
54 | #if IS_ENABLED(CONFIG_UNICODE) |
55 | err = ext4_fname_setup_ci_filename(dir, iname: &dentry->d_name, fname); |
56 | if (err) |
57 | ext4_fname_free_filename(fname); |
58 | #endif |
59 | return err; |
60 | } |
61 | |
62 | void ext4_fname_free_filename(struct ext4_filename *fname) |
63 | { |
64 | struct fscrypt_name name; |
65 | |
66 | name.crypto_buf = fname->crypto_buf; |
67 | fscrypt_free_filename(fname: &name); |
68 | |
69 | fname->crypto_buf.name = NULL; |
70 | fname->usr_fname = NULL; |
71 | fname->disk_name.name = NULL; |
72 | |
73 | #if IS_ENABLED(CONFIG_UNICODE) |
74 | kfree(objp: fname->cf_name.name); |
75 | fname->cf_name.name = NULL; |
76 | #endif |
77 | } |
78 | |
79 | static bool uuid_is_zero(__u8 u[16]) |
80 | { |
81 | int i; |
82 | |
83 | for (i = 0; i < 16; i++) |
84 | if (u[i]) |
85 | return false; |
86 | return true; |
87 | } |
88 | |
89 | int ext4_ioctl_get_encryption_pwsalt(struct file *filp, void __user *arg) |
90 | { |
91 | struct super_block *sb = file_inode(f: filp)->i_sb; |
92 | struct ext4_sb_info *sbi = EXT4_SB(sb); |
93 | int err, err2; |
94 | handle_t *handle; |
95 | |
96 | if (!ext4_has_feature_encrypt(sb)) |
97 | return -EOPNOTSUPP; |
98 | |
99 | if (uuid_is_zero(u: sbi->s_es->s_encrypt_pw_salt)) { |
100 | err = mnt_want_write_file(file: filp); |
101 | if (err) |
102 | return err; |
103 | handle = ext4_journal_start_sb(sb, EXT4_HT_MISC, 1); |
104 | if (IS_ERR(ptr: handle)) { |
105 | err = PTR_ERR(ptr: handle); |
106 | goto pwsalt_err_exit; |
107 | } |
108 | err = ext4_journal_get_write_access(handle, sb, sbi->s_sbh, |
109 | EXT4_JTR_NONE); |
110 | if (err) |
111 | goto pwsalt_err_journal; |
112 | lock_buffer(bh: sbi->s_sbh); |
113 | generate_random_uuid(uuid: sbi->s_es->s_encrypt_pw_salt); |
114 | ext4_superblock_csum_set(sb); |
115 | unlock_buffer(bh: sbi->s_sbh); |
116 | err = ext4_handle_dirty_metadata(handle, NULL, sbi->s_sbh); |
117 | pwsalt_err_journal: |
118 | err2 = ext4_journal_stop(handle); |
119 | if (err2 && !err) |
120 | err = err2; |
121 | pwsalt_err_exit: |
122 | mnt_drop_write_file(file: filp); |
123 | if (err) |
124 | return err; |
125 | } |
126 | |
127 | if (copy_to_user(to: arg, from: sbi->s_es->s_encrypt_pw_salt, n: 16)) |
128 | return -EFAULT; |
129 | return 0; |
130 | } |
131 | |
132 | static int ext4_get_context(struct inode *inode, void *ctx, size_t len) |
133 | { |
134 | return ext4_xattr_get(inode, EXT4_XATTR_INDEX_ENCRYPTION, |
135 | EXT4_XATTR_NAME_ENCRYPTION_CONTEXT, ctx, len); |
136 | } |
137 | |
138 | static int ext4_set_context(struct inode *inode, const void *ctx, size_t len, |
139 | void *fs_data) |
140 | { |
141 | handle_t *handle = fs_data; |
142 | int res, res2, credits, retries = 0; |
143 | |
144 | /* |
145 | * Encrypting the root directory is not allowed because e2fsck expects |
146 | * lost+found to exist and be unencrypted, and encrypting the root |
147 | * directory would imply encrypting the lost+found directory as well as |
148 | * the filename "lost+found" itself. |
149 | */ |
150 | if (inode->i_ino == EXT4_ROOT_INO) |
151 | return -EPERM; |
152 | |
153 | if (WARN_ON_ONCE(IS_DAX(inode) && i_size_read(inode))) |
154 | return -EINVAL; |
155 | |
156 | if (ext4_test_inode_flag(inode, bit: EXT4_INODE_DAX)) |
157 | return -EOPNOTSUPP; |
158 | |
159 | res = ext4_convert_inline_data(inode); |
160 | if (res) |
161 | return res; |
162 | |
163 | /* |
164 | * If a journal handle was specified, then the encryption context is |
165 | * being set on a new inode via inheritance and is part of a larger |
166 | * transaction to create the inode. Otherwise the encryption context is |
167 | * being set on an existing inode in its own transaction. Only in the |
168 | * latter case should the "retry on ENOSPC" logic be used. |
169 | */ |
170 | |
171 | if (handle) { |
172 | res = ext4_xattr_set_handle(handle, inode, |
173 | EXT4_XATTR_INDEX_ENCRYPTION, |
174 | EXT4_XATTR_NAME_ENCRYPTION_CONTEXT, |
175 | ctx, len, 0); |
176 | if (!res) { |
177 | ext4_set_inode_flag(inode, bit: EXT4_INODE_ENCRYPT); |
178 | ext4_clear_inode_state(inode, |
179 | bit: EXT4_STATE_MAY_INLINE_DATA); |
180 | /* |
181 | * Update inode->i_flags - S_ENCRYPTED will be enabled, |
182 | * S_DAX may be disabled |
183 | */ |
184 | ext4_set_inode_flags(inode, init: false); |
185 | } |
186 | return res; |
187 | } |
188 | |
189 | res = dquot_initialize(inode); |
190 | if (res) |
191 | return res; |
192 | retry: |
193 | res = ext4_xattr_set_credits(inode, value_len: len, is_create: false /* is_create */, |
194 | credits: &credits); |
195 | if (res) |
196 | return res; |
197 | |
198 | handle = ext4_journal_start(inode, EXT4_HT_MISC, credits); |
199 | if (IS_ERR(ptr: handle)) |
200 | return PTR_ERR(ptr: handle); |
201 | |
202 | res = ext4_xattr_set_handle(handle, inode, EXT4_XATTR_INDEX_ENCRYPTION, |
203 | EXT4_XATTR_NAME_ENCRYPTION_CONTEXT, |
204 | ctx, len, 0); |
205 | if (!res) { |
206 | ext4_set_inode_flag(inode, bit: EXT4_INODE_ENCRYPT); |
207 | /* |
208 | * Update inode->i_flags - S_ENCRYPTED will be enabled, |
209 | * S_DAX may be disabled |
210 | */ |
211 | ext4_set_inode_flags(inode, init: false); |
212 | res = ext4_mark_inode_dirty(handle, inode); |
213 | if (res) |
214 | EXT4_ERROR_INODE(inode, "Failed to mark inode dirty" ); |
215 | } |
216 | res2 = ext4_journal_stop(handle); |
217 | |
218 | if (res == -ENOSPC && ext4_should_retry_alloc(sb: inode->i_sb, retries: &retries)) |
219 | goto retry; |
220 | if (!res) |
221 | res = res2; |
222 | return res; |
223 | } |
224 | |
225 | static const union fscrypt_policy *ext4_get_dummy_policy(struct super_block *sb) |
226 | { |
227 | return EXT4_SB(sb)->s_dummy_enc_policy.policy; |
228 | } |
229 | |
230 | static bool ext4_has_stable_inodes(struct super_block *sb) |
231 | { |
232 | return ext4_has_feature_stable_inodes(sb); |
233 | } |
234 | |
235 | const struct fscrypt_operations ext4_cryptops = { |
236 | .needs_bounce_pages = 1, |
237 | .has_32bit_inodes = 1, |
238 | .supports_subblock_data_units = 1, |
239 | .legacy_key_prefix = "ext4:" , |
240 | .get_context = ext4_get_context, |
241 | .set_context = ext4_set_context, |
242 | .get_dummy_policy = ext4_get_dummy_policy, |
243 | .empty_dir = ext4_empty_dir, |
244 | .has_stable_inodes = ext4_has_stable_inodes, |
245 | }; |
246 | |