fscrypt.h source code [linux/include/linux/fscrypt.h]

1	/ SPDX-License-Identifier: GPL-2.0 /
2	/*
3	* fscrypt.h: declarations for per-file encryption
4	*
5	* Filesystems that implement per-file encryption must include this header
6	* file.
7	*
8	* Copyright (C) 2015, Google, Inc.
9	*
10	* Written by Michael Halcrow, 2015.
11	* Modified by Jaegeuk Kim, 2015.
12	*/
13	#ifndef _LINUX_FSCRYPT_H
14	#define _LINUX_FSCRYPT_H
15
16	#include <linux/fs.h>
17	#include <linux/mm.h>
18	#include <linux/slab.h>
19	#include <uapi/linux/fscrypt.h>
20
21	/*
22	* The lengths of all file contents blocks must be divisible by this value.
23	* This is needed to ensure that all contents encryption modes will work, as
24	* some of the supported modes don't support arbitrarily byte-aligned messages.
25	*
26	* Since the needed alignment is 16 bytes, most filesystems will meet this
27	* requirement naturally, as typical block sizes are powers of 2. However, if a
28	* filesystem can generate arbitrarily byte-aligned block lengths (e.g., via
29	* compression), then it will need to pad to this alignment before encryption.
30	*/
31	#define FSCRYPT_CONTENTS_ALIGNMENT 16
32
33	union fscrypt_policy;
34	struct fscrypt_inode_info;
35	struct fs_parameter;
36	struct seq_file;
37
38	struct fscrypt_str {
39	unsigned char *name;
40	u32 len;
41	};
42
43	struct fscrypt_name {
44	const struct qstr *usr_fname;
45	struct fscrypt_str disk_name;
46	u32 hash;
47	u32 minor_hash;
48	struct fscrypt_str crypto_buf;
49	bool is_nokey_name;
50	};
51
52	#define FSTR_INIT(n, l) { .name = n, .len = l }
53	#define FSTR_TO_QSTR(f) QSTR_INIT((f)->name, (f)->len)
54	#define fname_name(p) ((p)->disk_name.name)
55	#define fname_len(p) ((p)->disk_name.len)
56
57	/ Maximum value for the third parameter of fscrypt_operations.set_context(). /
58	#define FSCRYPT_SET_CONTEXT_MAX_SIZE 40
59
60	#ifdef CONFIG_FS_ENCRYPTION
61
62	/ Crypto operations for filesystems /
63	struct fscrypt_operations {
64
65	/*
66	* If set, then fs/crypto/ will allocate a global bounce page pool the
67	* first time an encryption key is set up for a file. The bounce page
68	* pool is required by the following functions:
69	*
70	* - fscrypt_encrypt_pagecache_blocks()
71	* - fscrypt_zeroout_range() for files not using inline crypto
72	*
73	* If the filesystem doesn't use those, it doesn't need to set this.
74	*/
75	unsigned int needs_bounce_pages : `1`;
76
77	/*
78	* If set, then fs/crypto/ will allow the use of encryption settings
79	* that assume inode numbers fit in 32 bits (i.e.
80	* FSCRYPT_POLICY_FLAG_IV_INO_LBLK_{32,64}), provided that the other
81	* prerequisites for these settings are also met. This is only useful
82	* if the filesystem wants to support inline encryption hardware that is
83	* limited to 32-bit or 64-bit data unit numbers and where programming
84	* keyslots is very slow.
85	*/
86	unsigned int has_32bit_inodes : `1`;
87
88	/*
89	* If set, then fs/crypto/ will allow users to select a crypto data unit
90	* size that is less than the filesystem block size. This is done via
91	* the log2_data_unit_size field of the fscrypt policy. This flag is
92	* not compatible with filesystems that encrypt variable-length blocks
93	* (i.e. blocks that aren't all equal to filesystem's block size), for
94	* example as a result of compression. It's also not compatible with
95	* the fscrypt_encrypt_block_inplace() and
96	* fscrypt_decrypt_block_inplace() functions.
97	*/
98	unsigned int supports_subblock_data_units : `1`;
99
100	/*
101	* This field exists only for backwards compatibility reasons and should
102	* only be set by the filesystems that are setting it already. It
103	* contains the filesystem-specific key description prefix that is
104	* accepted for "logon" keys for v1 fscrypt policies. This
105	* functionality is deprecated in favor of the generic prefix
106	* "fscrypt:", which itself is deprecated in favor of the filesystem
107	* keyring ioctls such as FS_IOC_ADD_ENCRYPTION_KEY. Filesystems that
108	* are newly adding fscrypt support should not set this field.
109	*/
110	const char *legacy_key_prefix;
111
112	/*
113	* Get the fscrypt context of the given inode.
114	*
115	* @inode: the inode whose context to get
116	* @ctx: the buffer into which to get the context
117	* @len: length of the @ctx buffer in bytes
118	*
119	* Return: On success, returns the length of the context in bytes; this
120	* may be less than @len. On failure, returns -ENODATA if the
121	* inode doesn't have a context, -ERANGE if the context is
122	* longer than @len, or another -errno code.
123	*/
124	int (get_context)(struct* inode inode, void* *ctx, size_t len);
125
126	/*
127	* Set an fscrypt context on the given inode.
128	*
129	* @inode: the inode whose context to set. The inode won't already have
130	* an fscrypt context.
131	* @ctx: the context to set
132	* @len: length of @ctx in bytes (at most FSCRYPT_SET_CONTEXT_MAX_SIZE)
133	* @fs_data: If called from fscrypt_set_context(), this will be the
134	* value the filesystem passed to fscrypt_set_context().
135	* Otherwise (i.e. when called from
136	* FS_IOC_SET_ENCRYPTION_POLICY) this will be NULL.
137	*
138	* i_rwsem will be held for write.
139	*
140	* Return: 0 on success, -errno on failure.
141	*/
142	int (set_context)(struct* inode inode, const* void *ctx, size_t len,
143	void *fs_data);
144
145	/*
146	* Get the dummy fscrypt policy in use on the filesystem (if any).
147	*
148	* Filesystems only need to implement this function if they support the
149	* test_dummy_encryption mount option.
150	*
151	* Return: A pointer to the dummy fscrypt policy, if the filesystem is
152	* mounted with test_dummy_encryption; otherwise NULL.
153	*/
154	const union fscrypt_policy (get_dummy_policy)(struct super_block *sb);
155
156	/*
157	* Check whether a directory is empty. i_rwsem will be held for write.
158	*/
159	bool (empty_dir)(struct* inode *inode);
160
161	/*
162	* Check whether the filesystem's inode numbers and UUID are stable,
163	* meaning that they will never be changed even by offline operations
164	* such as filesystem shrinking and therefore can be used in the
165	* encryption without the possibility of files becoming unreadable.
166	*
167	* Filesystems only need to implement this function if they want to
168	* support the FSCRYPT_POLICY_FLAG_IV_INO_LBLK_{32,64} flags. These
169	* flags are designed to work around the limitations of UFS and eMMC
170	* inline crypto hardware, and they shouldn't be used in scenarios where
171	* such hardware isn't being used.
172	*
173	* Leaving this NULL is equivalent to always returning false.
174	*/
175	bool (has_stable_inodes)(struct* super_block *sb);
176
177	/*
178	* Return an array of pointers to the block devices to which the
179	* filesystem may write encrypted file contents, NULL if the filesystem
180	* only has a single such block device, or an ERR_PTR() on error.
181	*
182	* On successful non-NULL return, *num_devs is set to the number of
183	* devices in the returned array. The caller must free the returned
184	* array using kfree().
185	*
186	* If the filesystem can use multiple block devices (other than block
187	* devices that aren't used for encrypted file contents, such as
188	* external journal devices), and wants to support inline encryption,
189	* then it must implement this function. Otherwise it's not needed.
190	*/
191	struct block_device *(get_devices)(struct super_block *sb,
192	unsigned int *num_devs);
193	};
194
195	static inline struct fscrypt_inode_info *
196	fscrypt_get_inode_info(const struct inode *inode)
197	{
198	/*
199	* Pairs with the cmpxchg_release() in fscrypt_setup_encryption_info().
200	* I.e., another task may publish ->i_crypt_info concurrently, executing
201	* a RELEASE barrier. We need to use smp_load_acquire() here to safely
202	* ACQUIRE the memory the other task published.
203	*/
204	return smp_load_acquire(&inode->i_crypt_info);
205	}
206
207	/**
208	* fscrypt_needs_contents_encryption() - check whether an inode needs
209	* contents encryption
210	* @inode: the inode to check
211	*
212	* Return: %true iff the inode is an encrypted regular file and the kernel was
213	* built with fscrypt support.
214	*
215	* If you need to know whether the encrypt bit is set even when the kernel was
216	* built without fscrypt support, you must use IS_ENCRYPTED() directly instead.
217	*/
218	static inline bool fscrypt_needs_contents_encryption(const struct inode *inode)
219	{
220	return IS_ENCRYPTED(inode) && S_ISREG(inode->i_mode);
221	}
222
223	/*
224	* When d_splice_alias() moves a directory's no-key alias to its plaintext alias
225	* as a result of the encryption key being added, DCACHE_NOKEY_NAME must be
226	* cleared. Note that we don't have to support arbitrary moves of this flag
227	* because fscrypt doesn't allow no-key names to be the source or target of a
228	* rename().
229	*/
230	static inline void fscrypt_handle_d_move(struct dentry *dentry)
231	{
232	dentry->d_flags &= ~DCACHE_NOKEY_NAME;
233	}
234
235	/**
236	* fscrypt_is_nokey_name() - test whether a dentry is a no-key name
237	* @dentry: the dentry to check
238	*
239	* This returns true if the dentry is a no-key dentry. A no-key dentry is a
240	* dentry that was created in an encrypted directory that hasn't had its
241	* encryption key added yet. Such dentries may be either positive or negative.
242	*
243	* When a filesystem is asked to create a new filename in an encrypted directory
244	* and the new filename's dentry is a no-key dentry, it must fail the operation
245	* with ENOKEY. This includes ->create(), ->mkdir(), ->mknod(), ->symlink(),
246	* ->rename(), and ->link(). (However, ->rename() and ->link() are already
247	* handled by fscrypt_prepare_rename() and fscrypt_prepare_link().)
248	*
249	* This is necessary because creating a filename requires the directory's
250	* encryption key, but just checking for the key on the directory inode during
251	* the final filesystem operation doesn't guarantee that the key was available
252	* during the preceding dentry lookup. And the key must have already been
253	* available during the dentry lookup in order for it to have been checked
254	* whether the filename already exists in the directory and for the new file's
255	* dentry not to be invalidated due to it incorrectly having the no-key flag.
256	*
257	* Return: %true if the dentry is a no-key name
258	*/
259	static inline bool fscrypt_is_nokey_name(const struct dentry *dentry)
260	{
261	return dentry->d_flags & DCACHE_NOKEY_NAME;
262	}
263
264	/ crypto.c /
265	void fscrypt_enqueue_decrypt_work(struct work_struct *);
266
267	struct page fscrypt_encrypt_pagecache_blocks(struct* page *page,
268	unsigned int len,
269	unsigned int offs,
270	gfp_t gfp_flags);
271	int fscrypt_encrypt_block_inplace(const struct inode inode, struct* page *page,
272	unsigned int len, unsigned int offs,
273	u64 lblk_num, gfp_t gfp_flags);
274
275	int fscrypt_decrypt_pagecache_blocks(struct folio *folio, size_t len,
276	size_t offs);
277	int fscrypt_decrypt_block_inplace(const struct inode inode, struct* page *page,
278	unsigned int len, unsigned int offs,
279	u64 lblk_num);
280
281	static inline bool fscrypt_is_bounce_page(struct page *page)
282	{
283	return page->mapping == NULL;
284	}
285
286	static inline struct page fscrypt_pagecache_page(struct* page *bounce_page)
287	{
288	return (struct page *)page_private(bounce_page);
289	}
290
291	static inline bool fscrypt_is_bounce_folio(struct folio *folio)
292	{
293	return folio->mapping == NULL;
294	}
295
296	static inline struct folio fscrypt_pagecache_folio(struct* folio *bounce_folio)
297	{
298	return bounce_folio->private;
299	}
300
301	void fscrypt_free_bounce_page(struct page *bounce_page);
302
303	/ policy.c /
304	int fscrypt_ioctl_set_policy(struct file filp, const* void __user *arg);
305	int fscrypt_ioctl_get_policy(struct file filp, void* __user *arg);
306	int fscrypt_ioctl_get_policy_ex(struct file filp, void* __user *arg);
307	int fscrypt_ioctl_get_nonce(struct file filp, void* __user *arg);
308	int fscrypt_has_permitted_context(struct inode parent, struct* inode *child);
309	int fscrypt_context_for_new_inode(void ctx, struct* inode *inode);
310	int fscrypt_set_context(struct inode inode, void* *fs_data);
311
312	struct fscrypt_dummy_policy {
313	const union fscrypt_policy *policy;
314	};
315
316	int fscrypt_parse_test_dummy_encryption(const struct fs_parameter *param,
317	struct fscrypt_dummy_policy *dummy_policy);
318	bool fscrypt_dummy_policies_equal(const struct fscrypt_dummy_policy *p1,
319	const struct fscrypt_dummy_policy *p2);
320	void fscrypt_show_test_dummy_encryption(struct seq_file seq, char* sep,
321	struct super_block *sb);
322	static inline bool
323	fscrypt_is_dummy_policy_set(const struct fscrypt_dummy_policy *dummy_policy)
324	{
325	return dummy_policy->policy != NULL;
326	}
327	static inline void
328	fscrypt_free_dummy_policy(struct fscrypt_dummy_policy *dummy_policy)
329	{
330	kfree(objp: dummy_policy->policy);
331	dummy_policy->policy = NULL;
332	}
333
334	/ keyring.c /
335	void fscrypt_destroy_keyring(struct super_block *sb);
336	int fscrypt_ioctl_add_key(struct file filp, void* __user *arg);
337	int fscrypt_ioctl_remove_key(struct file filp, void* __user *arg);
338	int fscrypt_ioctl_remove_key_all_users(struct file filp, void* __user *arg);
339	int fscrypt_ioctl_get_key_status(struct file filp, void* __user *arg);
340
341	/ keysetup.c /
342	int fscrypt_prepare_new_inode(struct inode dir, struct* inode *inode,
343	bool *encrypt_ret);
344	void fscrypt_put_encryption_info(struct inode *inode);
345	void fscrypt_free_inode(struct inode *inode);
346	int fscrypt_drop_inode(struct inode *inode);
347
348	/ fname.c /
349	int fscrypt_fname_encrypt(const struct inode inode, const* struct qstr *iname,
350	u8 out, unsigned* int olen);
351	bool fscrypt_fname_encrypted_size(const struct inode *inode, u32 orig_len,
352	u32 max_len, u32 *encrypted_len_ret);
353	int fscrypt_setup_filename(struct inode inode, const* struct qstr *iname,
354	int lookup, struct fscrypt_name *fname);
355
356	static inline void fscrypt_free_filename(struct fscrypt_name *fname)
357	{
358	kfree(objp: fname->crypto_buf.name);
359	}
360
361	int fscrypt_fname_alloc_buffer(u32 max_encrypted_len,
362	struct fscrypt_str *crypto_str);
363	void fscrypt_fname_free_buffer(struct fscrypt_str *crypto_str);
364	int fscrypt_fname_disk_to_usr(const struct inode *inode,
365	u32 hash, u32 minor_hash,
366	const struct fscrypt_str *iname,
367	struct fscrypt_str *oname);
368	bool fscrypt_match_name(const struct fscrypt_name *fname,
369	const u8 *de_name, u32 de_name_len);
370	u64 fscrypt_fname_siphash(const struct inode dir, const* struct qstr *name);
371	int fscrypt_d_revalidate(struct dentry dentry, unsigned* int flags);
372
373	/ bio.c /
374	bool fscrypt_decrypt_bio(struct bio *bio);
375	int fscrypt_zeroout_range(const struct inode *inode, pgoff_t lblk,
376	sector_t pblk, unsigned int len);
377
378	/ hooks.c /
379	int fscrypt_file_open(struct inode inode, struct* file *filp);
380	int __fscrypt_prepare_link(struct inode inode, struct* inode *dir,
381	struct dentry *dentry);
382	int __fscrypt_prepare_rename(struct inode old_dir, struct* dentry *old_dentry,
383	struct inode new_dir, struct* dentry *new_dentry,
384	unsigned int flags);
385	int __fscrypt_prepare_lookup(struct inode dir, struct* dentry *dentry,
386	struct fscrypt_name *fname);
387	int fscrypt_prepare_lookup_partial(struct inode dir, struct* dentry *dentry);
388	int __fscrypt_prepare_readdir(struct inode *dir);
389	int __fscrypt_prepare_setattr(struct dentry dentry, struct* iattr *attr);
390	int fscrypt_prepare_setflags(struct inode *inode,
391	unsigned int oldflags, unsigned int flags);
392	int fscrypt_prepare_symlink(struct inode dir, const* char *target,
393	unsigned int len, unsigned int max_len,
394	struct fscrypt_str *disk_link);
395	int __fscrypt_encrypt_symlink(struct inode inode, const* char *target,
396	unsigned int len, struct fscrypt_str *disk_link);
397	const char fscrypt_get_symlink(struct* inode inode, const* void *caddr,
398	unsigned int max_size,
399	struct delayed_call *done);
400	int fscrypt_symlink_getattr(const struct path path, struct* kstat *stat);
401	static inline void fscrypt_set_ops(struct super_block *sb,
402	const struct fscrypt_operations *s_cop)
403	{
404	sb->s_cop = s_cop;
405	}
406	#else /* !CONFIG_FS_ENCRYPTION */
407
408	static inline struct fscrypt_inode_info *
409	fscrypt_get_inode_info(const struct inode *inode)
410	{
411	return NULL;
412	}
413
414	static inline bool fscrypt_needs_contents_encryption(const struct inode *inode)
415	{
416	return false;
417	}
418
419	static inline void fscrypt_handle_d_move(struct dentry *dentry)
420	{
421	}
422
423	static inline bool fscrypt_is_nokey_name(const struct dentry *dentry)
424	{
425	return false;
426	}
427
428	/ crypto.c /
429	static inline void fscrypt_enqueue_decrypt_work(struct work_struct *work)
430	{
431	}
432
433	static inline struct page fscrypt_encrypt_pagecache_blocks(struct* page *page,
434	unsigned int len,
435	unsigned int offs,
436	gfp_t gfp_flags)
437	{
438	return ERR_PTR(-EOPNOTSUPP);
439	}
440
441	static inline int fscrypt_encrypt_block_inplace(const struct inode *inode,
442	struct page *page,
443	unsigned int len,
444	unsigned int offs, u64 lblk_num,
445	gfp_t gfp_flags)
446	{
447	return -EOPNOTSUPP;
448	}
449
450	static inline int fscrypt_decrypt_pagecache_blocks(struct folio *folio,
451	size_t len, size_t offs)
452	{
453	return -EOPNOTSUPP;
454	}
455
456	static inline int fscrypt_decrypt_block_inplace(const struct inode *inode,
457	struct page *page,
458	unsigned int len,
459	unsigned int offs, u64 lblk_num)
460	{
461	return -EOPNOTSUPP;
462	}
463
464	static inline bool fscrypt_is_bounce_page(struct page *page)
465	{
466	return false;
467	}
468
469	static inline struct page fscrypt_pagecache_page(struct* page *bounce_page)
470	{
471	WARN_ON_ONCE(`1`);
472	return ERR_PTR(-EINVAL);
473	}
474
475	static inline bool fscrypt_is_bounce_folio(struct folio *folio)
476	{
477	return false;
478	}
479
480	static inline struct folio fscrypt_pagecache_folio(struct* folio *bounce_folio)
481	{
482	WARN_ON_ONCE(`1`);
483	return ERR_PTR(-EINVAL);
484	}
485
486	static inline void fscrypt_free_bounce_page(struct page *bounce_page)
487	{
488	}
489
490	/ policy.c /
491	static inline int fscrypt_ioctl_set_policy(struct file *filp,
492	const void __user *arg)
493	{
494	return -EOPNOTSUPP;
495	}
496
497	static inline int fscrypt_ioctl_get_policy(struct file filp, void* __user *arg)
498	{
499	return -EOPNOTSUPP;
500	}
501
502	static inline int fscrypt_ioctl_get_policy_ex(struct file *filp,
503	void __user *arg)
504	{
505	return -EOPNOTSUPP;
506	}
507
508	static inline int fscrypt_ioctl_get_nonce(struct file filp, void* __user *arg)
509	{
510	return -EOPNOTSUPP;
511	}
512
513	static inline int fscrypt_has_permitted_context(struct inode *parent,
514	struct inode *child)
515	{
516	return `0`;
517	}
518
519	static inline int fscrypt_set_context(struct inode inode, void* *fs_data)
520	{
521	return -EOPNOTSUPP;
522	}
523
524	struct fscrypt_dummy_policy {
525	};
526
527	static inline int
528	fscrypt_parse_test_dummy_encryption(const struct fs_parameter *param,
529	struct fscrypt_dummy_policy *dummy_policy)
530	{
531	return -EINVAL;
532	}
533
534	static inline bool
535	fscrypt_dummy_policies_equal(const struct fscrypt_dummy_policy *p1,
536	const struct fscrypt_dummy_policy *p2)
537	{
538	return true;
539	}
540
541	static inline void fscrypt_show_test_dummy_encryption(struct seq_file *seq,
542	char sep,
543	struct super_block *sb)
544	{
545	}
546
547	static inline bool
548	fscrypt_is_dummy_policy_set(const struct fscrypt_dummy_policy *dummy_policy)
549	{
550	return false;
551	}
552
553	static inline void
554	fscrypt_free_dummy_policy(struct fscrypt_dummy_policy *dummy_policy)
555	{
556	}
557
558	/ keyring.c /
559	static inline void fscrypt_destroy_keyring(struct super_block *sb)
560	{
561	}
562
563	static inline int fscrypt_ioctl_add_key(struct file filp, void* __user *arg)
564	{
565	return -EOPNOTSUPP;
566	}
567
568	static inline int fscrypt_ioctl_remove_key(struct file filp, void* __user *arg)
569	{
570	return -EOPNOTSUPP;
571	}
572
573	static inline int fscrypt_ioctl_remove_key_all_users(struct file *filp,
574	void __user *arg)
575	{
576	return -EOPNOTSUPP;
577	}
578
579	static inline int fscrypt_ioctl_get_key_status(struct file *filp,
580	void __user *arg)
581	{
582	return -EOPNOTSUPP;
583	}
584
585	/ keysetup.c /
586
587	static inline int fscrypt_prepare_new_inode(struct inode *dir,
588	struct inode *inode,
589	bool *encrypt_ret)
590	{
591	if (IS_ENCRYPTED(dir))
592	return -EOPNOTSUPP;
593	return `0`;
594	}
595
596	static inline void fscrypt_put_encryption_info(struct inode *inode)
597	{
598	return;
599	}
600
601	static inline void fscrypt_free_inode(struct inode *inode)
602	{
603	}
604
605	static inline int fscrypt_drop_inode(struct inode *inode)
606	{
607	return `0`;
608	}
609
610	/ fname.c /
611	static inline int fscrypt_setup_filename(struct inode *dir,
612	const struct qstr *iname,
613	int lookup, struct fscrypt_name *fname)
614	{
615	if (IS_ENCRYPTED(dir))
616	return -EOPNOTSUPP;
617
618	memset(fname, `0`, sizeof(*fname));
619	fname->usr_fname = iname;
620	fname->disk_name.name = (unsigned char *)iname->name;
621	fname->disk_name.len = iname->len;
622	return `0`;
623	}
624
625	static inline void fscrypt_free_filename(struct fscrypt_name *fname)
626	{
627	return;
628	}
629
630	static inline int fscrypt_fname_alloc_buffer(u32 max_encrypted_len,
631	struct fscrypt_str *crypto_str)
632	{
633	return -EOPNOTSUPP;
634	}
635
636	static inline void fscrypt_fname_free_buffer(struct fscrypt_str *crypto_str)
637	{
638	return;
639	}
640
641	static inline int fscrypt_fname_disk_to_usr(const struct inode *inode,
642	u32 hash, u32 minor_hash,
643	const struct fscrypt_str *iname,
644	struct fscrypt_str *oname)
645	{
646	return -EOPNOTSUPP;
647	}
648
649	static inline bool fscrypt_match_name(const struct fscrypt_name *fname,
650	const u8 *de_name, u32 de_name_len)
651	{
652	/ Encryption support disabled; use standard comparison /
653	if (de_name_len != fname->disk_name.len)
654	return false;
655	return !memcmp(de_name, fname->disk_name.name, fname->disk_name.len);
656	}
657
658	static inline u64 fscrypt_fname_siphash(const struct inode *dir,
659	const struct qstr *name)
660	{
661	WARN_ON_ONCE(`1`);
662	return `0`;
663	}
664
665	static inline int fscrypt_d_revalidate(struct dentry *dentry,
666	unsigned int flags)
667	{
668	return `1`;
669	}
670
671	/ bio.c /
672	static inline bool fscrypt_decrypt_bio(struct bio *bio)
673	{
674	return true;
675	}
676
677	static inline int fscrypt_zeroout_range(const struct inode *inode, pgoff_t lblk,
678	sector_t pblk, unsigned int len)
679	{
680	return -EOPNOTSUPP;
681	}
682
683	/ hooks.c /
684
685	static inline int fscrypt_file_open(struct inode inode, struct* file *filp)
686	{
687	if (IS_ENCRYPTED(inode))
688	return -EOPNOTSUPP;
689	return `0`;
690	}
691
692	static inline int __fscrypt_prepare_link(struct inode inode, struct* inode *dir,
693	struct dentry *dentry)
694	{
695	return -EOPNOTSUPP;
696	}
697
698	static inline int __fscrypt_prepare_rename(struct inode *old_dir,
699	struct dentry *old_dentry,
700	struct inode *new_dir,
701	struct dentry *new_dentry,
702	unsigned int flags)
703	{
704	return -EOPNOTSUPP;
705	}
706
707	static inline int __fscrypt_prepare_lookup(struct inode *dir,
708	struct dentry *dentry,
709	struct fscrypt_name *fname)
710	{
711	return -EOPNOTSUPP;
712	}
713
714	static inline int fscrypt_prepare_lookup_partial(struct inode *dir,
715	struct dentry *dentry)
716	{
717	return -EOPNOTSUPP;
718	}
719
720	static inline int __fscrypt_prepare_readdir(struct inode *dir)
721	{
722	return -EOPNOTSUPP;
723	}
724
725	static inline int __fscrypt_prepare_setattr(struct dentry *dentry,
726	struct iattr *attr)
727	{
728	return -EOPNOTSUPP;
729	}
730
731	static inline int fscrypt_prepare_setflags(struct inode *inode,
732	unsigned int oldflags,
733	unsigned int flags)
734	{
735	return `0`;
736	}
737
738	static inline int fscrypt_prepare_symlink(struct inode *dir,
739	const char *target,
740	unsigned int len,
741	unsigned int max_len,
742	struct fscrypt_str *disk_link)
743	{
744	if (IS_ENCRYPTED(dir))
745	return -EOPNOTSUPP;
746	disk_link->name = (unsigned char *)target;
747	disk_link->len = len + `1`;
748	if (disk_link->len > max_len)
749	return -ENAMETOOLONG;
750	return `0`;
751	}
752
753	static inline int __fscrypt_encrypt_symlink(struct inode *inode,
754	const char *target,
755	unsigned int len,
756	struct fscrypt_str *disk_link)
757	{
758	return -EOPNOTSUPP;
759	}
760
761	static inline const char fscrypt_get_symlink(struct* inode *inode,
762	const void *caddr,
763	unsigned int max_size,
764	struct delayed_call *done)
765	{
766	return ERR_PTR(-EOPNOTSUPP);
767	}
768
769	static inline int fscrypt_symlink_getattr(const struct path *path,
770	struct kstat *stat)
771	{
772	return -EOPNOTSUPP;
773	}
774
775	static inline void fscrypt_set_ops(struct super_block *sb,
776	const struct fscrypt_operations *s_cop)
777	{
778	}
779
780	#endif /* !CONFIG_FS_ENCRYPTION */
781
782	/ inline_crypt.c /
783	#ifdef CONFIG_FS_ENCRYPTION_INLINE_CRYPT
784
785	bool __fscrypt_inode_uses_inline_crypto(const struct inode *inode);
786
787	void fscrypt_set_bio_crypt_ctx(struct bio *bio,
788	const struct inode *inode, u64 first_lblk,
789	gfp_t gfp_mask);
790
791	void fscrypt_set_bio_crypt_ctx_bh(struct bio *bio,
792	const struct buffer_head *first_bh,
793	gfp_t gfp_mask);
794
795	bool fscrypt_mergeable_bio(struct bio bio, const* struct inode *inode,
796	u64 next_lblk);
797
798	bool fscrypt_mergeable_bio_bh(struct bio *bio,
799	const struct buffer_head *next_bh);
800
801	bool fscrypt_dio_supported(struct inode *inode);
802
803	u64 fscrypt_limit_io_blocks(const struct inode *inode, u64 lblk, u64 nr_blocks);
804
805	#else /* CONFIG_FS_ENCRYPTION_INLINE_CRYPT */
806
807	static inline bool __fscrypt_inode_uses_inline_crypto(const struct inode *inode)
808	{
809	return false;
810	}
811
812	static inline void fscrypt_set_bio_crypt_ctx(struct bio *bio,
813	const struct inode *inode,
814	u64 first_lblk, gfp_t gfp_mask) { }
815
816	static inline void fscrypt_set_bio_crypt_ctx_bh(
817	struct bio *bio,
818	const struct buffer_head *first_bh,
819	gfp_t gfp_mask) { }
820
821	static inline bool fscrypt_mergeable_bio(struct bio *bio,
822	const struct inode *inode,
823	u64 next_lblk)
824	{
825	return true;
826	}
827
828	static inline bool fscrypt_mergeable_bio_bh(struct bio *bio,
829	const struct buffer_head *next_bh)
830	{
831	return true;
832	}
833
834	static inline bool fscrypt_dio_supported(struct inode *inode)
835	{
836	return !fscrypt_needs_contents_encryption(inode);
837	}
838
839	static inline u64 fscrypt_limit_io_blocks(const struct inode *inode, u64 lblk,
840	u64 nr_blocks)
841	{
842	return nr_blocks;
843	}
844	#endif /* !CONFIG_FS_ENCRYPTION_INLINE_CRYPT */
845
846	/**
847	* fscrypt_inode_uses_inline_crypto() - test whether an inode uses inline
848	* encryption
849	* @inode: an inode. If encrypted, its key must be set up.
850	*
851	* Return: true if the inode requires file contents encryption and if the
852	* encryption should be done in the block layer via blk-crypto rather
853	* than in the filesystem layer.
854	*/
855	static inline bool fscrypt_inode_uses_inline_crypto(const struct inode *inode)
856	{
857	return fscrypt_needs_contents_encryption(inode) &&
858	__fscrypt_inode_uses_inline_crypto(inode);
859	}
860
861	/**
862	* fscrypt_inode_uses_fs_layer_crypto() - test whether an inode uses fs-layer
863	* encryption
864	* @inode: an inode. If encrypted, its key must be set up.
865	*
866	* Return: true if the inode requires file contents encryption and if the
867	* encryption should be done in the filesystem layer rather than in the
868	* block layer via blk-crypto.
869	*/
870	static inline bool fscrypt_inode_uses_fs_layer_crypto(const struct inode *inode)
871	{
872	return fscrypt_needs_contents_encryption(inode) &&
873	!__fscrypt_inode_uses_inline_crypto(inode);
874	}
875
876	/**
877	* fscrypt_has_encryption_key() - check whether an inode has had its key set up
878	* @inode: the inode to check
879	*
880	* Return: %true if the inode has had its encryption key set up, else %false.
881	*
882	* Usually this should be preceded by fscrypt_get_encryption_info() to try to
883	* set up the key first.
884	*/
885	static inline bool fscrypt_has_encryption_key(const struct inode *inode)
886	{
887	return fscrypt_get_inode_info(inode) != NULL;
888	}
889
890	/**
891	* fscrypt_prepare_link() - prepare to link an inode into a possibly-encrypted
892	* directory
893	* @old_dentry: an existing dentry for the inode being linked
894	* @dir: the target directory
895	* @dentry: negative dentry for the target filename
896	*
897	* A new link can only be added to an encrypted directory if the directory's
898	* encryption key is available --- since otherwise we'd have no way to encrypt
899	* the filename.
900	*
901	* We also verify that the link will not violate the constraint that all files
902	* in an encrypted directory tree use the same encryption policy.
903	*
904	* Return: 0 on success, -ENOKEY if the directory's encryption key is missing,
905	* -EXDEV if the link would result in an inconsistent encryption policy, or
906	* another -errno code.
907	*/
908	static inline int fscrypt_prepare_link(struct dentry *old_dentry,
909	struct inode *dir,
910	struct dentry *dentry)
911	{
912	if (IS_ENCRYPTED(dir))
913	return __fscrypt_prepare_link(inode: d_inode(dentry: old_dentry), dir, dentry);
914	return `0`;
915	}
916
917	/**
918	* fscrypt_prepare_rename() - prepare for a rename between possibly-encrypted
919	* directories
920	* @old_dir: source directory
921	* @old_dentry: dentry for source file
922	* @new_dir: target directory
923	* @new_dentry: dentry for target location (may be negative unless exchanging)
924	* @flags: rename flags (we care at least about %RENAME_EXCHANGE)
925	*
926	* Prepare for ->rename() where the source and/or target directories may be
927	* encrypted. A new link can only be added to an encrypted directory if the
928	* directory's encryption key is available --- since otherwise we'd have no way
929	* to encrypt the filename. A rename to an existing name, on the other hand,
930	* is cryptographically possible without the key. However, we take the more
931	* conservative approach and just forbid all no-key renames.
932	*
933	* We also verify that the rename will not violate the constraint that all files
934	* in an encrypted directory tree use the same encryption policy.
935	*
936	* Return: 0 on success, -ENOKEY if an encryption key is missing, -EXDEV if the
937	* rename would cause inconsistent encryption policies, or another -errno code.
938	*/
939	static inline int fscrypt_prepare_rename(struct inode *old_dir,
940	struct dentry *old_dentry,
941	struct inode *new_dir,
942	struct dentry *new_dentry,
943	unsigned int flags)
944	{
945	if (IS_ENCRYPTED(old_dir) \|\| IS_ENCRYPTED(new_dir))
946	return __fscrypt_prepare_rename(old_dir, old_dentry,
947	new_dir, new_dentry, flags);
948	return `0`;
949	}
950
951	/**
952	* fscrypt_prepare_lookup() - prepare to lookup a name in a possibly-encrypted
953	* directory
954	* @dir: directory being searched
955	* @dentry: filename being looked up
956	* @fname: (output) the name to use to search the on-disk directory
957	*
958	* Prepare for ->lookup() in a directory which may be encrypted by determining
959	* the name that will actually be used to search the directory on-disk. If the
960	* directory's encryption policy is supported by this kernel and its encryption
961	* key is available, then the lookup is assumed to be by plaintext name;
962	* otherwise, it is assumed to be by no-key name.
963	*
964	* This will set DCACHE_NOKEY_NAME on the dentry if the lookup is by no-key
965	* name. In this case the filesystem must assign the dentry a dentry_operations
966	* which contains fscrypt_d_revalidate (or contains a d_revalidate method that
967	* calls fscrypt_d_revalidate), so that the dentry will be invalidated if the
968	* directory's encryption key is later added.
969	*
970	* Return: 0 on success; -ENOENT if the directory's key is unavailable but the
971	* filename isn't a valid no-key name, so a negative dentry should be created;
972	* or another -errno code.
973	*/
974	static inline int fscrypt_prepare_lookup(struct inode *dir,
975	struct dentry *dentry,
976	struct fscrypt_name *fname)
977	{
978	if (IS_ENCRYPTED(dir))
979	return __fscrypt_prepare_lookup(dir, dentry, fname);
980
981	memset(fname, `0`, sizeof(*fname));
982	fname->usr_fname = &dentry->d_name;
983	fname->disk_name.name = (unsigned char *)dentry->d_name.name;
984	fname->disk_name.len = dentry->d_name.len;
985	return `0`;
986	}
987
988	/**
989	* fscrypt_prepare_readdir() - prepare to read a possibly-encrypted directory
990	* @dir: the directory inode
991	*
992	* If the directory is encrypted and it doesn't already have its encryption key
993	* set up, try to set it up so that the filenames will be listed in plaintext
994	* form rather than in no-key form.
995	*
996	* Return: 0 on success; -errno on error. Note that the encryption key being
997	* unavailable is not considered an error. It is also not an error if
998	* the encryption policy is unsupported by this kernel; that is treated
999	* like the key being unavailable, so that files can still be deleted.
1000	*/
1001	static inline int fscrypt_prepare_readdir(struct inode *dir)
1002	{
1003	if (IS_ENCRYPTED(dir))
1004	return __fscrypt_prepare_readdir(dir);
1005	return `0`;
1006	}
1007
1008	/**
1009	* fscrypt_prepare_setattr() - prepare to change a possibly-encrypted inode's
1010	* attributes
1011	* @dentry: dentry through which the inode is being changed
1012	* @attr: attributes to change
1013	*
1014	* Prepare for ->setattr() on a possibly-encrypted inode. On an encrypted file,
1015	* most attribute changes are allowed even without the encryption key. However,
1016	* without the encryption key we do have to forbid truncates. This is needed
1017	* because the size being truncated to may not be a multiple of the filesystem
1018	* block size, and in that case we'd have to decrypt the final block, zero the
1019	* portion past i_size, and re-encrypt it. (We could allow truncating to a
1020	* filesystem block boundary, but it's simpler to just forbid all truncates ---
1021	* and we already forbid all other contents modifications without the key.)
1022	*
1023	* Return: 0 on success, -ENOKEY if the key is missing, or another -errno code
1024	* if a problem occurred while setting up the encryption key.
1025	*/
1026	static inline int fscrypt_prepare_setattr(struct dentry *dentry,
1027	struct iattr *attr)
1028	{
1029	if (IS_ENCRYPTED(d_inode(dentry)))
1030	return __fscrypt_prepare_setattr(dentry, attr);
1031	return `0`;
1032	}
1033
1034	/**
1035	* fscrypt_encrypt_symlink() - encrypt the symlink target if needed
1036	* @inode: symlink inode
1037	* @target: plaintext symlink target
1038	* @len: length of @target excluding null terminator
1039	* @disk_link: (in/out) the on-disk symlink target being prepared
1040	*
1041	* If the symlink target needs to be encrypted, then this function encrypts it
1042	* into @disk_link->name. fscrypt_prepare_symlink() must have been called
1043	* previously to compute @disk_link->len. If the filesystem did not allocate a
1044	* buffer for @disk_link->name after calling fscrypt_prepare_link(), then one
1045	* will be kmalloc()'ed and the filesystem will be responsible for freeing it.
1046	*
1047	* Return: 0 on success, -errno on failure
1048	*/
1049	static inline int fscrypt_encrypt_symlink(struct inode *inode,
1050	const char *target,
1051	unsigned int len,
1052	struct fscrypt_str *disk_link)
1053	{
1054	if (IS_ENCRYPTED(inode))
1055	return __fscrypt_encrypt_symlink(inode, target, len, disk_link);
1056	return `0`;
1057	}
1058
1059	/ If pagep is a bounce page, free it and set pagep to the pagecache page /
1060	static inline void fscrypt_finalize_bounce_page(struct page **pagep)
1061	{
1062	struct page page = pagep;
1063
1064	if (fscrypt_is_bounce_page(page)) {
1065	*pagep = fscrypt_pagecache_page(bounce_page: page);
1066	fscrypt_free_bounce_page(bounce_page: page);
1067	}
1068	}
1069
1070	#endif /* _LINUX_FSCRYPT_H */
1071

source code of linux/include/linux/fscrypt.h