| 1 | // SPDX-License-Identifier: GPL-2.0 |
|---|
| 2 | |
|---|
| 3 | #include <linux/quotaops.h> |
|---|
| 4 | #include <linux/uuid.h> |
|---|
| 5 | |
|---|
| 6 | #include "ext4.h" |
|---|
| 7 | #include "xattr.h" |
|---|
| 8 | #include "ext4_jbd2.h" |
|---|
| 9 | |
|---|
| 10 | static void ext4_fname_from_fscrypt_name(struct ext4_filename *dst, |
|---|
| 11 | const struct fscrypt_name *src) |
|---|
| 12 | { |
|---|
| 13 | memset(dst, 0, sizeof(*dst)); |
|---|
| 14 | |
|---|
| 15 | dst->usr_fname = src->usr_fname; |
|---|
| 16 | dst->disk_name = src->disk_name; |
|---|
| 17 | dst->hinfo.hash = src->hash; |
|---|
| 18 | dst->hinfo.minor_hash = src->minor_hash; |
|---|
| 19 | dst->crypto_buf = src->crypto_buf; |
|---|
| 20 | } |
|---|
| 21 | |
|---|
| 22 | int ext4_fname_setup_filename(struct inode *dir, const struct qstr *iname, |
|---|
| 23 | int lookup, struct ext4_filename *fname) |
|---|
| 24 | { |
|---|
| 25 | struct fscrypt_name name; |
|---|
| 26 | int err; |
|---|
| 27 | |
|---|
| 28 | err = fscrypt_setup_filename(inode: dir, iname, lookup, fname: &name); |
|---|
| 29 | if (err) |
|---|
| 30 | return err; |
|---|
| 31 | |
|---|
| 32 | ext4_fname_from_fscrypt_name(dst: fname, src: &name); |
|---|
| 33 | |
|---|
| 34 | err = ext4_fname_setup_ci_filename(dir, iname, fname); |
|---|
| 35 | if (err) |
|---|
| 36 | ext4_fname_free_filename(fname); |
|---|
| 37 | |
|---|
| 38 | return err; |
|---|
| 39 | } |
|---|
| 40 | |
|---|
| 41 | int ext4_fname_prepare_lookup(struct inode *dir, struct dentry *dentry, |
|---|
| 42 | struct ext4_filename *fname) |
|---|
| 43 | { |
|---|
| 44 | struct fscrypt_name name; |
|---|
| 45 | int err; |
|---|
| 46 | |
|---|
| 47 | err = fscrypt_prepare_lookup(dir, dentry, fname: &name); |
|---|
| 48 | if (err) |
|---|
| 49 | return err; |
|---|
| 50 | |
|---|
| 51 | ext4_fname_from_fscrypt_name(dst: fname, src: &name); |
|---|
| 52 | |
|---|
| 53 | err = ext4_fname_setup_ci_filename(dir, iname: &dentry->d_name, fname); |
|---|
| 54 | if (err) |
|---|
| 55 | ext4_fname_free_filename(fname); |
|---|
| 56 | return err; |
|---|
| 57 | } |
|---|
| 58 | |
|---|
| 59 | void ext4_fname_free_filename(struct ext4_filename *fname) |
|---|
| 60 | { |
|---|
| 61 | struct fscrypt_name name; |
|---|
| 62 | |
|---|
| 63 | name.crypto_buf = fname->crypto_buf; |
|---|
| 64 | fscrypt_free_filename(fname: &name); |
|---|
| 65 | |
|---|
| 66 | fname->crypto_buf.name = NULL; |
|---|
| 67 | fname->usr_fname = NULL; |
|---|
| 68 | fname->disk_name.name = NULL; |
|---|
| 69 | |
|---|
| 70 | ext4_fname_free_ci_filename(fname); |
|---|
| 71 | } |
|---|
| 72 | |
|---|
| 73 | static bool uuid_is_zero(__u8 u[16]) |
|---|
| 74 | { |
|---|
| 75 | int i; |
|---|
| 76 | |
|---|
| 77 | for (i = 0; i < 16; i++) |
|---|
| 78 | if (u[i]) |
|---|
| 79 | return false; |
|---|
| 80 | return true; |
|---|
| 81 | } |
|---|
| 82 | |
|---|
| 83 | int ext4_ioctl_get_encryption_pwsalt(struct file *filp, void __user *arg) |
|---|
| 84 | { |
|---|
| 85 | struct super_block *sb = file_inode(f: filp)->i_sb; |
|---|
| 86 | struct ext4_sb_info *sbi = EXT4_SB(sb); |
|---|
| 87 | int err, err2; |
|---|
| 88 | handle_t *handle; |
|---|
| 89 | |
|---|
| 90 | if (!ext4_has_feature_encrypt(sb)) |
|---|
| 91 | return -EOPNOTSUPP; |
|---|
| 92 | |
|---|
| 93 | if (uuid_is_zero(u: sbi->s_es->s_encrypt_pw_salt)) { |
|---|
| 94 | err = mnt_want_write_file(file: filp); |
|---|
| 95 | if (err) |
|---|
| 96 | return err; |
|---|
| 97 | handle = ext4_journal_start_sb(sb, EXT4_HT_MISC, 1); |
|---|
| 98 | if (IS_ERR(ptr: handle)) { |
|---|
| 99 | err = PTR_ERR(ptr: handle); |
|---|
| 100 | goto pwsalt_err_exit; |
|---|
| 101 | } |
|---|
| 102 | err = ext4_journal_get_write_access(handle, sb, sbi->s_sbh, |
|---|
| 103 | EXT4_JTR_NONE); |
|---|
| 104 | if (err) |
|---|
| 105 | goto pwsalt_err_journal; |
|---|
| 106 | lock_buffer(bh: sbi->s_sbh); |
|---|
| 107 | generate_random_uuid(uuid: sbi->s_es->s_encrypt_pw_salt); |
|---|
| 108 | ext4_superblock_csum_set(sb); |
|---|
| 109 | unlock_buffer(bh: sbi->s_sbh); |
|---|
| 110 | err = ext4_handle_dirty_metadata(handle, NULL, sbi->s_sbh); |
|---|
| 111 | pwsalt_err_journal: |
|---|
| 112 | err2 = ext4_journal_stop(handle); |
|---|
| 113 | if (err2 && !err) |
|---|
| 114 | err = err2; |
|---|
| 115 | pwsalt_err_exit: |
|---|
| 116 | mnt_drop_write_file(file: filp); |
|---|
| 117 | if (err) |
|---|
| 118 | return err; |
|---|
| 119 | } |
|---|
| 120 | |
|---|
| 121 | if (copy_to_user(to: arg, from: sbi->s_es->s_encrypt_pw_salt, n: 16)) |
|---|
| 122 | return -EFAULT; |
|---|
| 123 | return 0; |
|---|
| 124 | } |
|---|
| 125 | |
|---|
| 126 | static int ext4_get_context(struct inode *inode, void *ctx, size_t len) |
|---|
| 127 | { |
|---|
| 128 | return ext4_xattr_get(inode, EXT4_XATTR_INDEX_ENCRYPTION, |
|---|
| 129 | EXT4_XATTR_NAME_ENCRYPTION_CONTEXT, ctx, len); |
|---|
| 130 | } |
|---|
| 131 | |
|---|
| 132 | static int ext4_set_context(struct inode *inode, const void *ctx, size_t len, |
|---|
| 133 | void *fs_data) |
|---|
| 134 | { |
|---|
| 135 | handle_t *handle = fs_data; |
|---|
| 136 | int res, res2, credits, retries = 0; |
|---|
| 137 | |
|---|
| 138 | /* |
|---|
| 139 | * Encrypting the root directory is not allowed because e2fsck expects |
|---|
| 140 | * lost+found to exist and be unencrypted, and encrypting the root |
|---|
| 141 | * directory would imply encrypting the lost+found directory as well as |
|---|
| 142 | * the filename "lost+found" itself. |
|---|
| 143 | */ |
|---|
| 144 | if (inode->i_ino == EXT4_ROOT_INO) |
|---|
| 145 | return -EPERM; |
|---|
| 146 | |
|---|
| 147 | if (WARN_ON_ONCE(IS_DAX(inode) && i_size_read(inode))) |
|---|
| 148 | return -EINVAL; |
|---|
| 149 | |
|---|
| 150 | if (ext4_test_inode_flag(inode, bit: EXT4_INODE_DAX)) |
|---|
| 151 | return -EOPNOTSUPP; |
|---|
| 152 | |
|---|
| 153 | res = ext4_convert_inline_data(inode); |
|---|
| 154 | if (res) |
|---|
| 155 | return res; |
|---|
| 156 | |
|---|
| 157 | /* |
|---|
| 158 | * If a journal handle was specified, then the encryption context is |
|---|
| 159 | * being set on a new inode via inheritance and is part of a larger |
|---|
| 160 | * transaction to create the inode. Otherwise the encryption context is |
|---|
| 161 | * being set on an existing inode in its own transaction. Only in the |
|---|
| 162 | * latter case should the "retry on ENOSPC" logic be used. |
|---|
| 163 | */ |
|---|
| 164 | |
|---|
| 165 | if (handle) { |
|---|
| 166 | res = ext4_xattr_set_handle(handle, inode, |
|---|
| 167 | EXT4_XATTR_INDEX_ENCRYPTION, |
|---|
| 168 | EXT4_XATTR_NAME_ENCRYPTION_CONTEXT, |
|---|
| 169 | ctx, len, 0); |
|---|
| 170 | if (!res) { |
|---|
| 171 | ext4_set_inode_flag(inode, bit: EXT4_INODE_ENCRYPT); |
|---|
| 172 | ext4_clear_inode_state(inode, |
|---|
| 173 | bit: EXT4_STATE_MAY_INLINE_DATA); |
|---|
| 174 | /* |
|---|
| 175 | * Update inode->i_flags - S_ENCRYPTED will be enabled, |
|---|
| 176 | * S_DAX may be disabled |
|---|
| 177 | */ |
|---|
| 178 | ext4_set_inode_flags(inode, init: false); |
|---|
| 179 | } |
|---|
| 180 | return res; |
|---|
| 181 | } |
|---|
| 182 | |
|---|
| 183 | res = dquot_initialize(inode); |
|---|
| 184 | if (res) |
|---|
| 185 | return res; |
|---|
| 186 | retry: |
|---|
| 187 | res = ext4_xattr_set_credits(inode, value_len: len, is_create: false /* is_create */, |
|---|
| 188 | credits: &credits); |
|---|
| 189 | if (res) |
|---|
| 190 | return res; |
|---|
| 191 | |
|---|
| 192 | handle = ext4_journal_start(inode, EXT4_HT_MISC, credits); |
|---|
| 193 | if (IS_ERR(ptr: handle)) |
|---|
| 194 | return PTR_ERR(ptr: handle); |
|---|
| 195 | |
|---|
| 196 | res = ext4_xattr_set_handle(handle, inode, EXT4_XATTR_INDEX_ENCRYPTION, |
|---|
| 197 | EXT4_XATTR_NAME_ENCRYPTION_CONTEXT, |
|---|
| 198 | ctx, len, 0); |
|---|
| 199 | if (!res) { |
|---|
| 200 | ext4_set_inode_flag(inode, bit: EXT4_INODE_ENCRYPT); |
|---|
| 201 | /* |
|---|
| 202 | * Update inode->i_flags - S_ENCRYPTED will be enabled, |
|---|
| 203 | * S_DAX may be disabled |
|---|
| 204 | */ |
|---|
| 205 | ext4_set_inode_flags(inode, init: false); |
|---|
| 206 | res = ext4_mark_inode_dirty(handle, inode); |
|---|
| 207 | if (res) |
|---|
| 208 | EXT4_ERROR_INODE(inode, "Failed to mark inode dirty" ); |
|---|
| 209 | } |
|---|
| 210 | res2 = ext4_journal_stop(handle); |
|---|
| 211 | |
|---|
| 212 | if (res == -ENOSPC && ext4_should_retry_alloc(sb: inode->i_sb, retries: &retries)) |
|---|
| 213 | goto retry; |
|---|
| 214 | if (!res) |
|---|
| 215 | res = res2; |
|---|
| 216 | return res; |
|---|
| 217 | } |
|---|
| 218 | |
|---|
| 219 | static const union fscrypt_policy *ext4_get_dummy_policy(struct super_block *sb) |
|---|
| 220 | { |
|---|
| 221 | return EXT4_SB(sb)->s_dummy_enc_policy.policy; |
|---|
| 222 | } |
|---|
| 223 | |
|---|
| 224 | static bool ext4_has_stable_inodes(struct super_block *sb) |
|---|
| 225 | { |
|---|
| 226 | return ext4_has_feature_stable_inodes(sb); |
|---|
| 227 | } |
|---|
| 228 | |
|---|
| 229 | const struct fscrypt_operations ext4_cryptops = { |
|---|
| 230 | .inode_info_offs = (int)offsetof(struct ext4_inode_info, i_crypt_info) - |
|---|
| 231 | (int)offsetof(struct ext4_inode_info, vfs_inode), |
|---|
| 232 | .needs_bounce_pages = 1, |
|---|
| 233 | .has_32bit_inodes = 1, |
|---|
| 234 | .supports_subblock_data_units = 1, |
|---|
| 235 | .legacy_key_prefix = "ext4:" , |
|---|
| 236 | .get_context = ext4_get_context, |
|---|
| 237 | .set_context = ext4_set_context, |
|---|
| 238 | .get_dummy_policy = ext4_get_dummy_policy, |
|---|
| 239 | .empty_dir = ext4_empty_dir, |
|---|
| 240 | .has_stable_inodes = ext4_has_stable_inodes, |
|---|
| 241 | }; |
|---|
| 242 | |
|---|
