1 | /* SPDX-License-Identifier: GPL-2.0 */ |
2 | /* |
3 | * fscrypt.h: declarations for per-file encryption |
4 | * |
5 | * Filesystems that implement per-file encryption must include this header |
6 | * file. |
7 | * |
8 | * Copyright (C) 2015, Google, Inc. |
9 | * |
10 | * Written by Michael Halcrow, 2015. |
11 | * Modified by Jaegeuk Kim, 2015. |
12 | */ |
13 | #ifndef _LINUX_FSCRYPT_H |
14 | #define _LINUX_FSCRYPT_H |
15 | |
16 | #include <linux/fs.h> |
17 | #include <linux/mm.h> |
18 | #include <linux/slab.h> |
19 | #include <uapi/linux/fscrypt.h> |
20 | |
21 | /* |
22 | * The lengths of all file contents blocks must be divisible by this value. |
23 | * This is needed to ensure that all contents encryption modes will work, as |
24 | * some of the supported modes don't support arbitrarily byte-aligned messages. |
25 | * |
26 | * Since the needed alignment is 16 bytes, most filesystems will meet this |
27 | * requirement naturally, as typical block sizes are powers of 2. However, if a |
28 | * filesystem can generate arbitrarily byte-aligned block lengths (e.g., via |
29 | * compression), then it will need to pad to this alignment before encryption. |
30 | */ |
31 | #define FSCRYPT_CONTENTS_ALIGNMENT 16 |
32 | |
33 | union fscrypt_policy; |
34 | struct fscrypt_inode_info; |
35 | struct fs_parameter; |
36 | struct seq_file; |
37 | |
38 | struct fscrypt_str { |
39 | unsigned char *name; |
40 | u32 len; |
41 | }; |
42 | |
43 | struct fscrypt_name { |
44 | const struct qstr *usr_fname; |
45 | struct fscrypt_str disk_name; |
46 | u32 hash; |
47 | u32 minor_hash; |
48 | struct fscrypt_str crypto_buf; |
49 | bool is_nokey_name; |
50 | }; |
51 | |
52 | #define FSTR_INIT(n, l) { .name = n, .len = l } |
53 | #define FSTR_TO_QSTR(f) QSTR_INIT((f)->name, (f)->len) |
54 | #define fname_name(p) ((p)->disk_name.name) |
55 | #define fname_len(p) ((p)->disk_name.len) |
56 | |
57 | /* Maximum value for the third parameter of fscrypt_operations.set_context(). */ |
58 | #define FSCRYPT_SET_CONTEXT_MAX_SIZE 40 |
59 | |
60 | #ifdef CONFIG_FS_ENCRYPTION |
61 | |
62 | /* Crypto operations for filesystems */ |
63 | struct fscrypt_operations { |
64 | |
65 | /* |
66 | * If set, then fs/crypto/ will allocate a global bounce page pool the |
67 | * first time an encryption key is set up for a file. The bounce page |
68 | * pool is required by the following functions: |
69 | * |
70 | * - fscrypt_encrypt_pagecache_blocks() |
71 | * - fscrypt_zeroout_range() for files not using inline crypto |
72 | * |
73 | * If the filesystem doesn't use those, it doesn't need to set this. |
74 | */ |
75 | unsigned int needs_bounce_pages : 1; |
76 | |
77 | /* |
78 | * If set, then fs/crypto/ will allow the use of encryption settings |
79 | * that assume inode numbers fit in 32 bits (i.e. |
80 | * FSCRYPT_POLICY_FLAG_IV_INO_LBLK_{32,64}), provided that the other |
81 | * prerequisites for these settings are also met. This is only useful |
82 | * if the filesystem wants to support inline encryption hardware that is |
83 | * limited to 32-bit or 64-bit data unit numbers and where programming |
84 | * keyslots is very slow. |
85 | */ |
86 | unsigned int has_32bit_inodes : 1; |
87 | |
88 | /* |
89 | * If set, then fs/crypto/ will allow users to select a crypto data unit |
90 | * size that is less than the filesystem block size. This is done via |
91 | * the log2_data_unit_size field of the fscrypt policy. This flag is |
92 | * not compatible with filesystems that encrypt variable-length blocks |
93 | * (i.e. blocks that aren't all equal to filesystem's block size), for |
94 | * example as a result of compression. It's also not compatible with |
95 | * the fscrypt_encrypt_block_inplace() and |
96 | * fscrypt_decrypt_block_inplace() functions. |
97 | */ |
98 | unsigned int supports_subblock_data_units : 1; |
99 | |
100 | /* |
101 | * This field exists only for backwards compatibility reasons and should |
102 | * only be set by the filesystems that are setting it already. It |
103 | * contains the filesystem-specific key description prefix that is |
104 | * accepted for "logon" keys for v1 fscrypt policies. This |
105 | * functionality is deprecated in favor of the generic prefix |
106 | * "fscrypt:", which itself is deprecated in favor of the filesystem |
107 | * keyring ioctls such as FS_IOC_ADD_ENCRYPTION_KEY. Filesystems that |
108 | * are newly adding fscrypt support should not set this field. |
109 | */ |
110 | const char *legacy_key_prefix; |
111 | |
112 | /* |
113 | * Get the fscrypt context of the given inode. |
114 | * |
115 | * @inode: the inode whose context to get |
116 | * @ctx: the buffer into which to get the context |
117 | * @len: length of the @ctx buffer in bytes |
118 | * |
119 | * Return: On success, returns the length of the context in bytes; this |
120 | * may be less than @len. On failure, returns -ENODATA if the |
121 | * inode doesn't have a context, -ERANGE if the context is |
122 | * longer than @len, or another -errno code. |
123 | */ |
124 | int (*get_context)(struct inode *inode, void *ctx, size_t len); |
125 | |
126 | /* |
127 | * Set an fscrypt context on the given inode. |
128 | * |
129 | * @inode: the inode whose context to set. The inode won't already have |
130 | * an fscrypt context. |
131 | * @ctx: the context to set |
132 | * @len: length of @ctx in bytes (at most FSCRYPT_SET_CONTEXT_MAX_SIZE) |
133 | * @fs_data: If called from fscrypt_set_context(), this will be the |
134 | * value the filesystem passed to fscrypt_set_context(). |
135 | * Otherwise (i.e. when called from |
136 | * FS_IOC_SET_ENCRYPTION_POLICY) this will be NULL. |
137 | * |
138 | * i_rwsem will be held for write. |
139 | * |
140 | * Return: 0 on success, -errno on failure. |
141 | */ |
142 | int (*set_context)(struct inode *inode, const void *ctx, size_t len, |
143 | void *fs_data); |
144 | |
145 | /* |
146 | * Get the dummy fscrypt policy in use on the filesystem (if any). |
147 | * |
148 | * Filesystems only need to implement this function if they support the |
149 | * test_dummy_encryption mount option. |
150 | * |
151 | * Return: A pointer to the dummy fscrypt policy, if the filesystem is |
152 | * mounted with test_dummy_encryption; otherwise NULL. |
153 | */ |
154 | const union fscrypt_policy *(*get_dummy_policy)(struct super_block *sb); |
155 | |
156 | /* |
157 | * Check whether a directory is empty. i_rwsem will be held for write. |
158 | */ |
159 | bool (*empty_dir)(struct inode *inode); |
160 | |
161 | /* |
162 | * Check whether the filesystem's inode numbers and UUID are stable, |
163 | * meaning that they will never be changed even by offline operations |
164 | * such as filesystem shrinking and therefore can be used in the |
165 | * encryption without the possibility of files becoming unreadable. |
166 | * |
167 | * Filesystems only need to implement this function if they want to |
168 | * support the FSCRYPT_POLICY_FLAG_IV_INO_LBLK_{32,64} flags. These |
169 | * flags are designed to work around the limitations of UFS and eMMC |
170 | * inline crypto hardware, and they shouldn't be used in scenarios where |
171 | * such hardware isn't being used. |
172 | * |
173 | * Leaving this NULL is equivalent to always returning false. |
174 | */ |
175 | bool (*has_stable_inodes)(struct super_block *sb); |
176 | |
177 | /* |
178 | * Return an array of pointers to the block devices to which the |
179 | * filesystem may write encrypted file contents, NULL if the filesystem |
180 | * only has a single such block device, or an ERR_PTR() on error. |
181 | * |
182 | * On successful non-NULL return, *num_devs is set to the number of |
183 | * devices in the returned array. The caller must free the returned |
184 | * array using kfree(). |
185 | * |
186 | * If the filesystem can use multiple block devices (other than block |
187 | * devices that aren't used for encrypted file contents, such as |
188 | * external journal devices), and wants to support inline encryption, |
189 | * then it must implement this function. Otherwise it's not needed. |
190 | */ |
191 | struct block_device **(*get_devices)(struct super_block *sb, |
192 | unsigned int *num_devs); |
193 | }; |
194 | |
195 | static inline struct fscrypt_inode_info * |
196 | fscrypt_get_inode_info(const struct inode *inode) |
197 | { |
198 | /* |
199 | * Pairs with the cmpxchg_release() in fscrypt_setup_encryption_info(). |
200 | * I.e., another task may publish ->i_crypt_info concurrently, executing |
201 | * a RELEASE barrier. We need to use smp_load_acquire() here to safely |
202 | * ACQUIRE the memory the other task published. |
203 | */ |
204 | return smp_load_acquire(&inode->i_crypt_info); |
205 | } |
206 | |
207 | /** |
208 | * fscrypt_needs_contents_encryption() - check whether an inode needs |
209 | * contents encryption |
210 | * @inode: the inode to check |
211 | * |
212 | * Return: %true iff the inode is an encrypted regular file and the kernel was |
213 | * built with fscrypt support. |
214 | * |
215 | * If you need to know whether the encrypt bit is set even when the kernel was |
216 | * built without fscrypt support, you must use IS_ENCRYPTED() directly instead. |
217 | */ |
218 | static inline bool fscrypt_needs_contents_encryption(const struct inode *inode) |
219 | { |
220 | return IS_ENCRYPTED(inode) && S_ISREG(inode->i_mode); |
221 | } |
222 | |
223 | /* |
224 | * When d_splice_alias() moves a directory's no-key alias to its plaintext alias |
225 | * as a result of the encryption key being added, DCACHE_NOKEY_NAME must be |
226 | * cleared. Note that we don't have to support arbitrary moves of this flag |
227 | * because fscrypt doesn't allow no-key names to be the source or target of a |
228 | * rename(). |
229 | */ |
230 | static inline void fscrypt_handle_d_move(struct dentry *dentry) |
231 | { |
232 | dentry->d_flags &= ~DCACHE_NOKEY_NAME; |
233 | } |
234 | |
235 | /** |
236 | * fscrypt_is_nokey_name() - test whether a dentry is a no-key name |
237 | * @dentry: the dentry to check |
238 | * |
239 | * This returns true if the dentry is a no-key dentry. A no-key dentry is a |
240 | * dentry that was created in an encrypted directory that hasn't had its |
241 | * encryption key added yet. Such dentries may be either positive or negative. |
242 | * |
243 | * When a filesystem is asked to create a new filename in an encrypted directory |
244 | * and the new filename's dentry is a no-key dentry, it must fail the operation |
245 | * with ENOKEY. This includes ->create(), ->mkdir(), ->mknod(), ->symlink(), |
246 | * ->rename(), and ->link(). (However, ->rename() and ->link() are already |
247 | * handled by fscrypt_prepare_rename() and fscrypt_prepare_link().) |
248 | * |
249 | * This is necessary because creating a filename requires the directory's |
250 | * encryption key, but just checking for the key on the directory inode during |
251 | * the final filesystem operation doesn't guarantee that the key was available |
252 | * during the preceding dentry lookup. And the key must have already been |
253 | * available during the dentry lookup in order for it to have been checked |
254 | * whether the filename already exists in the directory and for the new file's |
255 | * dentry not to be invalidated due to it incorrectly having the no-key flag. |
256 | * |
257 | * Return: %true if the dentry is a no-key name |
258 | */ |
259 | static inline bool fscrypt_is_nokey_name(const struct dentry *dentry) |
260 | { |
261 | return dentry->d_flags & DCACHE_NOKEY_NAME; |
262 | } |
263 | |
264 | /* crypto.c */ |
265 | void fscrypt_enqueue_decrypt_work(struct work_struct *); |
266 | |
267 | struct page *fscrypt_encrypt_pagecache_blocks(struct page *page, |
268 | unsigned int len, |
269 | unsigned int offs, |
270 | gfp_t gfp_flags); |
271 | int fscrypt_encrypt_block_inplace(const struct inode *inode, struct page *page, |
272 | unsigned int len, unsigned int offs, |
273 | u64 lblk_num, gfp_t gfp_flags); |
274 | |
275 | int fscrypt_decrypt_pagecache_blocks(struct folio *folio, size_t len, |
276 | size_t offs); |
277 | int fscrypt_decrypt_block_inplace(const struct inode *inode, struct page *page, |
278 | unsigned int len, unsigned int offs, |
279 | u64 lblk_num); |
280 | |
281 | static inline bool fscrypt_is_bounce_page(struct page *page) |
282 | { |
283 | return page->mapping == NULL; |
284 | } |
285 | |
286 | static inline struct page *fscrypt_pagecache_page(struct page *bounce_page) |
287 | { |
288 | return (struct page *)page_private(bounce_page); |
289 | } |
290 | |
291 | static inline bool fscrypt_is_bounce_folio(struct folio *folio) |
292 | { |
293 | return folio->mapping == NULL; |
294 | } |
295 | |
296 | static inline struct folio *fscrypt_pagecache_folio(struct folio *bounce_folio) |
297 | { |
298 | return bounce_folio->private; |
299 | } |
300 | |
301 | void fscrypt_free_bounce_page(struct page *bounce_page); |
302 | |
303 | /* policy.c */ |
304 | int fscrypt_ioctl_set_policy(struct file *filp, const void __user *arg); |
305 | int fscrypt_ioctl_get_policy(struct file *filp, void __user *arg); |
306 | int fscrypt_ioctl_get_policy_ex(struct file *filp, void __user *arg); |
307 | int fscrypt_ioctl_get_nonce(struct file *filp, void __user *arg); |
308 | int fscrypt_has_permitted_context(struct inode *parent, struct inode *child); |
309 | int fscrypt_context_for_new_inode(void *ctx, struct inode *inode); |
310 | int fscrypt_set_context(struct inode *inode, void *fs_data); |
311 | |
312 | struct fscrypt_dummy_policy { |
313 | const union fscrypt_policy *policy; |
314 | }; |
315 | |
316 | int fscrypt_parse_test_dummy_encryption(const struct fs_parameter *param, |
317 | struct fscrypt_dummy_policy *dummy_policy); |
318 | bool fscrypt_dummy_policies_equal(const struct fscrypt_dummy_policy *p1, |
319 | const struct fscrypt_dummy_policy *p2); |
320 | void fscrypt_show_test_dummy_encryption(struct seq_file *seq, char sep, |
321 | struct super_block *sb); |
322 | static inline bool |
323 | fscrypt_is_dummy_policy_set(const struct fscrypt_dummy_policy *dummy_policy) |
324 | { |
325 | return dummy_policy->policy != NULL; |
326 | } |
327 | static inline void |
328 | fscrypt_free_dummy_policy(struct fscrypt_dummy_policy *dummy_policy) |
329 | { |
330 | kfree(objp: dummy_policy->policy); |
331 | dummy_policy->policy = NULL; |
332 | } |
333 | |
334 | /* keyring.c */ |
335 | void fscrypt_destroy_keyring(struct super_block *sb); |
336 | int fscrypt_ioctl_add_key(struct file *filp, void __user *arg); |
337 | int fscrypt_ioctl_remove_key(struct file *filp, void __user *arg); |
338 | int fscrypt_ioctl_remove_key_all_users(struct file *filp, void __user *arg); |
339 | int fscrypt_ioctl_get_key_status(struct file *filp, void __user *arg); |
340 | |
341 | /* keysetup.c */ |
342 | int fscrypt_prepare_new_inode(struct inode *dir, struct inode *inode, |
343 | bool *encrypt_ret); |
344 | void fscrypt_put_encryption_info(struct inode *inode); |
345 | void fscrypt_free_inode(struct inode *inode); |
346 | int fscrypt_drop_inode(struct inode *inode); |
347 | |
348 | /* fname.c */ |
349 | int fscrypt_fname_encrypt(const struct inode *inode, const struct qstr *iname, |
350 | u8 *out, unsigned int olen); |
351 | bool fscrypt_fname_encrypted_size(const struct inode *inode, u32 orig_len, |
352 | u32 max_len, u32 *encrypted_len_ret); |
353 | int fscrypt_setup_filename(struct inode *inode, const struct qstr *iname, |
354 | int lookup, struct fscrypt_name *fname); |
355 | |
356 | static inline void fscrypt_free_filename(struct fscrypt_name *fname) |
357 | { |
358 | kfree(objp: fname->crypto_buf.name); |
359 | } |
360 | |
361 | int fscrypt_fname_alloc_buffer(u32 max_encrypted_len, |
362 | struct fscrypt_str *crypto_str); |
363 | void fscrypt_fname_free_buffer(struct fscrypt_str *crypto_str); |
364 | int fscrypt_fname_disk_to_usr(const struct inode *inode, |
365 | u32 hash, u32 minor_hash, |
366 | const struct fscrypt_str *iname, |
367 | struct fscrypt_str *oname); |
368 | bool fscrypt_match_name(const struct fscrypt_name *fname, |
369 | const u8 *de_name, u32 de_name_len); |
370 | u64 fscrypt_fname_siphash(const struct inode *dir, const struct qstr *name); |
371 | int fscrypt_d_revalidate(struct dentry *dentry, unsigned int flags); |
372 | |
373 | /* bio.c */ |
374 | bool fscrypt_decrypt_bio(struct bio *bio); |
375 | int fscrypt_zeroout_range(const struct inode *inode, pgoff_t lblk, |
376 | sector_t pblk, unsigned int len); |
377 | |
378 | /* hooks.c */ |
379 | int fscrypt_file_open(struct inode *inode, struct file *filp); |
380 | int __fscrypt_prepare_link(struct inode *inode, struct inode *dir, |
381 | struct dentry *dentry); |
382 | int __fscrypt_prepare_rename(struct inode *old_dir, struct dentry *old_dentry, |
383 | struct inode *new_dir, struct dentry *new_dentry, |
384 | unsigned int flags); |
385 | int __fscrypt_prepare_lookup(struct inode *dir, struct dentry *dentry, |
386 | struct fscrypt_name *fname); |
387 | int fscrypt_prepare_lookup_partial(struct inode *dir, struct dentry *dentry); |
388 | int __fscrypt_prepare_readdir(struct inode *dir); |
389 | int __fscrypt_prepare_setattr(struct dentry *dentry, struct iattr *attr); |
390 | int fscrypt_prepare_setflags(struct inode *inode, |
391 | unsigned int oldflags, unsigned int flags); |
392 | int fscrypt_prepare_symlink(struct inode *dir, const char *target, |
393 | unsigned int len, unsigned int max_len, |
394 | struct fscrypt_str *disk_link); |
395 | int __fscrypt_encrypt_symlink(struct inode *inode, const char *target, |
396 | unsigned int len, struct fscrypt_str *disk_link); |
397 | const char *fscrypt_get_symlink(struct inode *inode, const void *caddr, |
398 | unsigned int max_size, |
399 | struct delayed_call *done); |
400 | int fscrypt_symlink_getattr(const struct path *path, struct kstat *stat); |
401 | static inline void fscrypt_set_ops(struct super_block *sb, |
402 | const struct fscrypt_operations *s_cop) |
403 | { |
404 | sb->s_cop = s_cop; |
405 | } |
406 | #else /* !CONFIG_FS_ENCRYPTION */ |
407 | |
408 | static inline struct fscrypt_inode_info * |
409 | fscrypt_get_inode_info(const struct inode *inode) |
410 | { |
411 | return NULL; |
412 | } |
413 | |
414 | static inline bool fscrypt_needs_contents_encryption(const struct inode *inode) |
415 | { |
416 | return false; |
417 | } |
418 | |
419 | static inline void fscrypt_handle_d_move(struct dentry *dentry) |
420 | { |
421 | } |
422 | |
423 | static inline bool fscrypt_is_nokey_name(const struct dentry *dentry) |
424 | { |
425 | return false; |
426 | } |
427 | |
428 | /* crypto.c */ |
429 | static inline void fscrypt_enqueue_decrypt_work(struct work_struct *work) |
430 | { |
431 | } |
432 | |
433 | static inline struct page *fscrypt_encrypt_pagecache_blocks(struct page *page, |
434 | unsigned int len, |
435 | unsigned int offs, |
436 | gfp_t gfp_flags) |
437 | { |
438 | return ERR_PTR(-EOPNOTSUPP); |
439 | } |
440 | |
441 | static inline int fscrypt_encrypt_block_inplace(const struct inode *inode, |
442 | struct page *page, |
443 | unsigned int len, |
444 | unsigned int offs, u64 lblk_num, |
445 | gfp_t gfp_flags) |
446 | { |
447 | return -EOPNOTSUPP; |
448 | } |
449 | |
450 | static inline int fscrypt_decrypt_pagecache_blocks(struct folio *folio, |
451 | size_t len, size_t offs) |
452 | { |
453 | return -EOPNOTSUPP; |
454 | } |
455 | |
456 | static inline int fscrypt_decrypt_block_inplace(const struct inode *inode, |
457 | struct page *page, |
458 | unsigned int len, |
459 | unsigned int offs, u64 lblk_num) |
460 | { |
461 | return -EOPNOTSUPP; |
462 | } |
463 | |
464 | static inline bool fscrypt_is_bounce_page(struct page *page) |
465 | { |
466 | return false; |
467 | } |
468 | |
469 | static inline struct page *fscrypt_pagecache_page(struct page *bounce_page) |
470 | { |
471 | WARN_ON_ONCE(1); |
472 | return ERR_PTR(-EINVAL); |
473 | } |
474 | |
475 | static inline bool fscrypt_is_bounce_folio(struct folio *folio) |
476 | { |
477 | return false; |
478 | } |
479 | |
480 | static inline struct folio *fscrypt_pagecache_folio(struct folio *bounce_folio) |
481 | { |
482 | WARN_ON_ONCE(1); |
483 | return ERR_PTR(-EINVAL); |
484 | } |
485 | |
486 | static inline void fscrypt_free_bounce_page(struct page *bounce_page) |
487 | { |
488 | } |
489 | |
490 | /* policy.c */ |
491 | static inline int fscrypt_ioctl_set_policy(struct file *filp, |
492 | const void __user *arg) |
493 | { |
494 | return -EOPNOTSUPP; |
495 | } |
496 | |
497 | static inline int fscrypt_ioctl_get_policy(struct file *filp, void __user *arg) |
498 | { |
499 | return -EOPNOTSUPP; |
500 | } |
501 | |
502 | static inline int fscrypt_ioctl_get_policy_ex(struct file *filp, |
503 | void __user *arg) |
504 | { |
505 | return -EOPNOTSUPP; |
506 | } |
507 | |
508 | static inline int fscrypt_ioctl_get_nonce(struct file *filp, void __user *arg) |
509 | { |
510 | return -EOPNOTSUPP; |
511 | } |
512 | |
513 | static inline int fscrypt_has_permitted_context(struct inode *parent, |
514 | struct inode *child) |
515 | { |
516 | return 0; |
517 | } |
518 | |
519 | static inline int fscrypt_set_context(struct inode *inode, void *fs_data) |
520 | { |
521 | return -EOPNOTSUPP; |
522 | } |
523 | |
524 | struct fscrypt_dummy_policy { |
525 | }; |
526 | |
527 | static inline int |
528 | fscrypt_parse_test_dummy_encryption(const struct fs_parameter *param, |
529 | struct fscrypt_dummy_policy *dummy_policy) |
530 | { |
531 | return -EINVAL; |
532 | } |
533 | |
534 | static inline bool |
535 | fscrypt_dummy_policies_equal(const struct fscrypt_dummy_policy *p1, |
536 | const struct fscrypt_dummy_policy *p2) |
537 | { |
538 | return true; |
539 | } |
540 | |
541 | static inline void fscrypt_show_test_dummy_encryption(struct seq_file *seq, |
542 | char sep, |
543 | struct super_block *sb) |
544 | { |
545 | } |
546 | |
547 | static inline bool |
548 | fscrypt_is_dummy_policy_set(const struct fscrypt_dummy_policy *dummy_policy) |
549 | { |
550 | return false; |
551 | } |
552 | |
553 | static inline void |
554 | fscrypt_free_dummy_policy(struct fscrypt_dummy_policy *dummy_policy) |
555 | { |
556 | } |
557 | |
558 | /* keyring.c */ |
559 | static inline void fscrypt_destroy_keyring(struct super_block *sb) |
560 | { |
561 | } |
562 | |
563 | static inline int fscrypt_ioctl_add_key(struct file *filp, void __user *arg) |
564 | { |
565 | return -EOPNOTSUPP; |
566 | } |
567 | |
568 | static inline int fscrypt_ioctl_remove_key(struct file *filp, void __user *arg) |
569 | { |
570 | return -EOPNOTSUPP; |
571 | } |
572 | |
573 | static inline int fscrypt_ioctl_remove_key_all_users(struct file *filp, |
574 | void __user *arg) |
575 | { |
576 | return -EOPNOTSUPP; |
577 | } |
578 | |
579 | static inline int fscrypt_ioctl_get_key_status(struct file *filp, |
580 | void __user *arg) |
581 | { |
582 | return -EOPNOTSUPP; |
583 | } |
584 | |
585 | /* keysetup.c */ |
586 | |
587 | static inline int fscrypt_prepare_new_inode(struct inode *dir, |
588 | struct inode *inode, |
589 | bool *encrypt_ret) |
590 | { |
591 | if (IS_ENCRYPTED(dir)) |
592 | return -EOPNOTSUPP; |
593 | return 0; |
594 | } |
595 | |
596 | static inline void fscrypt_put_encryption_info(struct inode *inode) |
597 | { |
598 | return; |
599 | } |
600 | |
601 | static inline void fscrypt_free_inode(struct inode *inode) |
602 | { |
603 | } |
604 | |
605 | static inline int fscrypt_drop_inode(struct inode *inode) |
606 | { |
607 | return 0; |
608 | } |
609 | |
610 | /* fname.c */ |
611 | static inline int fscrypt_setup_filename(struct inode *dir, |
612 | const struct qstr *iname, |
613 | int lookup, struct fscrypt_name *fname) |
614 | { |
615 | if (IS_ENCRYPTED(dir)) |
616 | return -EOPNOTSUPP; |
617 | |
618 | memset(fname, 0, sizeof(*fname)); |
619 | fname->usr_fname = iname; |
620 | fname->disk_name.name = (unsigned char *)iname->name; |
621 | fname->disk_name.len = iname->len; |
622 | return 0; |
623 | } |
624 | |
625 | static inline void fscrypt_free_filename(struct fscrypt_name *fname) |
626 | { |
627 | return; |
628 | } |
629 | |
630 | static inline int fscrypt_fname_alloc_buffer(u32 max_encrypted_len, |
631 | struct fscrypt_str *crypto_str) |
632 | { |
633 | return -EOPNOTSUPP; |
634 | } |
635 | |
636 | static inline void fscrypt_fname_free_buffer(struct fscrypt_str *crypto_str) |
637 | { |
638 | return; |
639 | } |
640 | |
641 | static inline int fscrypt_fname_disk_to_usr(const struct inode *inode, |
642 | u32 hash, u32 minor_hash, |
643 | const struct fscrypt_str *iname, |
644 | struct fscrypt_str *oname) |
645 | { |
646 | return -EOPNOTSUPP; |
647 | } |
648 | |
649 | static inline bool fscrypt_match_name(const struct fscrypt_name *fname, |
650 | const u8 *de_name, u32 de_name_len) |
651 | { |
652 | /* Encryption support disabled; use standard comparison */ |
653 | if (de_name_len != fname->disk_name.len) |
654 | return false; |
655 | return !memcmp(de_name, fname->disk_name.name, fname->disk_name.len); |
656 | } |
657 | |
658 | static inline u64 fscrypt_fname_siphash(const struct inode *dir, |
659 | const struct qstr *name) |
660 | { |
661 | WARN_ON_ONCE(1); |
662 | return 0; |
663 | } |
664 | |
665 | static inline int fscrypt_d_revalidate(struct dentry *dentry, |
666 | unsigned int flags) |
667 | { |
668 | return 1; |
669 | } |
670 | |
671 | /* bio.c */ |
672 | static inline bool fscrypt_decrypt_bio(struct bio *bio) |
673 | { |
674 | return true; |
675 | } |
676 | |
677 | static inline int fscrypt_zeroout_range(const struct inode *inode, pgoff_t lblk, |
678 | sector_t pblk, unsigned int len) |
679 | { |
680 | return -EOPNOTSUPP; |
681 | } |
682 | |
683 | /* hooks.c */ |
684 | |
685 | static inline int fscrypt_file_open(struct inode *inode, struct file *filp) |
686 | { |
687 | if (IS_ENCRYPTED(inode)) |
688 | return -EOPNOTSUPP; |
689 | return 0; |
690 | } |
691 | |
692 | static inline int __fscrypt_prepare_link(struct inode *inode, struct inode *dir, |
693 | struct dentry *dentry) |
694 | { |
695 | return -EOPNOTSUPP; |
696 | } |
697 | |
698 | static inline int __fscrypt_prepare_rename(struct inode *old_dir, |
699 | struct dentry *old_dentry, |
700 | struct inode *new_dir, |
701 | struct dentry *new_dentry, |
702 | unsigned int flags) |
703 | { |
704 | return -EOPNOTSUPP; |
705 | } |
706 | |
707 | static inline int __fscrypt_prepare_lookup(struct inode *dir, |
708 | struct dentry *dentry, |
709 | struct fscrypt_name *fname) |
710 | { |
711 | return -EOPNOTSUPP; |
712 | } |
713 | |
714 | static inline int fscrypt_prepare_lookup_partial(struct inode *dir, |
715 | struct dentry *dentry) |
716 | { |
717 | return -EOPNOTSUPP; |
718 | } |
719 | |
720 | static inline int __fscrypt_prepare_readdir(struct inode *dir) |
721 | { |
722 | return -EOPNOTSUPP; |
723 | } |
724 | |
725 | static inline int __fscrypt_prepare_setattr(struct dentry *dentry, |
726 | struct iattr *attr) |
727 | { |
728 | return -EOPNOTSUPP; |
729 | } |
730 | |
731 | static inline int fscrypt_prepare_setflags(struct inode *inode, |
732 | unsigned int oldflags, |
733 | unsigned int flags) |
734 | { |
735 | return 0; |
736 | } |
737 | |
738 | static inline int fscrypt_prepare_symlink(struct inode *dir, |
739 | const char *target, |
740 | unsigned int len, |
741 | unsigned int max_len, |
742 | struct fscrypt_str *disk_link) |
743 | { |
744 | if (IS_ENCRYPTED(dir)) |
745 | return -EOPNOTSUPP; |
746 | disk_link->name = (unsigned char *)target; |
747 | disk_link->len = len + 1; |
748 | if (disk_link->len > max_len) |
749 | return -ENAMETOOLONG; |
750 | return 0; |
751 | } |
752 | |
753 | static inline int __fscrypt_encrypt_symlink(struct inode *inode, |
754 | const char *target, |
755 | unsigned int len, |
756 | struct fscrypt_str *disk_link) |
757 | { |
758 | return -EOPNOTSUPP; |
759 | } |
760 | |
761 | static inline const char *fscrypt_get_symlink(struct inode *inode, |
762 | const void *caddr, |
763 | unsigned int max_size, |
764 | struct delayed_call *done) |
765 | { |
766 | return ERR_PTR(-EOPNOTSUPP); |
767 | } |
768 | |
769 | static inline int fscrypt_symlink_getattr(const struct path *path, |
770 | struct kstat *stat) |
771 | { |
772 | return -EOPNOTSUPP; |
773 | } |
774 | |
775 | static inline void fscrypt_set_ops(struct super_block *sb, |
776 | const struct fscrypt_operations *s_cop) |
777 | { |
778 | } |
779 | |
780 | #endif /* !CONFIG_FS_ENCRYPTION */ |
781 | |
782 | /* inline_crypt.c */ |
783 | #ifdef CONFIG_FS_ENCRYPTION_INLINE_CRYPT |
784 | |
785 | bool __fscrypt_inode_uses_inline_crypto(const struct inode *inode); |
786 | |
787 | void fscrypt_set_bio_crypt_ctx(struct bio *bio, |
788 | const struct inode *inode, u64 first_lblk, |
789 | gfp_t gfp_mask); |
790 | |
791 | void fscrypt_set_bio_crypt_ctx_bh(struct bio *bio, |
792 | const struct buffer_head *first_bh, |
793 | gfp_t gfp_mask); |
794 | |
795 | bool fscrypt_mergeable_bio(struct bio *bio, const struct inode *inode, |
796 | u64 next_lblk); |
797 | |
798 | bool fscrypt_mergeable_bio_bh(struct bio *bio, |
799 | const struct buffer_head *next_bh); |
800 | |
801 | bool fscrypt_dio_supported(struct inode *inode); |
802 | |
803 | u64 fscrypt_limit_io_blocks(const struct inode *inode, u64 lblk, u64 nr_blocks); |
804 | |
805 | #else /* CONFIG_FS_ENCRYPTION_INLINE_CRYPT */ |
806 | |
807 | static inline bool __fscrypt_inode_uses_inline_crypto(const struct inode *inode) |
808 | { |
809 | return false; |
810 | } |
811 | |
812 | static inline void fscrypt_set_bio_crypt_ctx(struct bio *bio, |
813 | const struct inode *inode, |
814 | u64 first_lblk, gfp_t gfp_mask) { } |
815 | |
816 | static inline void fscrypt_set_bio_crypt_ctx_bh( |
817 | struct bio *bio, |
818 | const struct buffer_head *first_bh, |
819 | gfp_t gfp_mask) { } |
820 | |
821 | static inline bool fscrypt_mergeable_bio(struct bio *bio, |
822 | const struct inode *inode, |
823 | u64 next_lblk) |
824 | { |
825 | return true; |
826 | } |
827 | |
828 | static inline bool fscrypt_mergeable_bio_bh(struct bio *bio, |
829 | const struct buffer_head *next_bh) |
830 | { |
831 | return true; |
832 | } |
833 | |
834 | static inline bool fscrypt_dio_supported(struct inode *inode) |
835 | { |
836 | return !fscrypt_needs_contents_encryption(inode); |
837 | } |
838 | |
839 | static inline u64 fscrypt_limit_io_blocks(const struct inode *inode, u64 lblk, |
840 | u64 nr_blocks) |
841 | { |
842 | return nr_blocks; |
843 | } |
844 | #endif /* !CONFIG_FS_ENCRYPTION_INLINE_CRYPT */ |
845 | |
846 | /** |
847 | * fscrypt_inode_uses_inline_crypto() - test whether an inode uses inline |
848 | * encryption |
849 | * @inode: an inode. If encrypted, its key must be set up. |
850 | * |
851 | * Return: true if the inode requires file contents encryption and if the |
852 | * encryption should be done in the block layer via blk-crypto rather |
853 | * than in the filesystem layer. |
854 | */ |
855 | static inline bool fscrypt_inode_uses_inline_crypto(const struct inode *inode) |
856 | { |
857 | return fscrypt_needs_contents_encryption(inode) && |
858 | __fscrypt_inode_uses_inline_crypto(inode); |
859 | } |
860 | |
861 | /** |
862 | * fscrypt_inode_uses_fs_layer_crypto() - test whether an inode uses fs-layer |
863 | * encryption |
864 | * @inode: an inode. If encrypted, its key must be set up. |
865 | * |
866 | * Return: true if the inode requires file contents encryption and if the |
867 | * encryption should be done in the filesystem layer rather than in the |
868 | * block layer via blk-crypto. |
869 | */ |
870 | static inline bool fscrypt_inode_uses_fs_layer_crypto(const struct inode *inode) |
871 | { |
872 | return fscrypt_needs_contents_encryption(inode) && |
873 | !__fscrypt_inode_uses_inline_crypto(inode); |
874 | } |
875 | |
876 | /** |
877 | * fscrypt_has_encryption_key() - check whether an inode has had its key set up |
878 | * @inode: the inode to check |
879 | * |
880 | * Return: %true if the inode has had its encryption key set up, else %false. |
881 | * |
882 | * Usually this should be preceded by fscrypt_get_encryption_info() to try to |
883 | * set up the key first. |
884 | */ |
885 | static inline bool fscrypt_has_encryption_key(const struct inode *inode) |
886 | { |
887 | return fscrypt_get_inode_info(inode) != NULL; |
888 | } |
889 | |
890 | /** |
891 | * fscrypt_prepare_link() - prepare to link an inode into a possibly-encrypted |
892 | * directory |
893 | * @old_dentry: an existing dentry for the inode being linked |
894 | * @dir: the target directory |
895 | * @dentry: negative dentry for the target filename |
896 | * |
897 | * A new link can only be added to an encrypted directory if the directory's |
898 | * encryption key is available --- since otherwise we'd have no way to encrypt |
899 | * the filename. |
900 | * |
901 | * We also verify that the link will not violate the constraint that all files |
902 | * in an encrypted directory tree use the same encryption policy. |
903 | * |
904 | * Return: 0 on success, -ENOKEY if the directory's encryption key is missing, |
905 | * -EXDEV if the link would result in an inconsistent encryption policy, or |
906 | * another -errno code. |
907 | */ |
908 | static inline int fscrypt_prepare_link(struct dentry *old_dentry, |
909 | struct inode *dir, |
910 | struct dentry *dentry) |
911 | { |
912 | if (IS_ENCRYPTED(dir)) |
913 | return __fscrypt_prepare_link(inode: d_inode(dentry: old_dentry), dir, dentry); |
914 | return 0; |
915 | } |
916 | |
917 | /** |
918 | * fscrypt_prepare_rename() - prepare for a rename between possibly-encrypted |
919 | * directories |
920 | * @old_dir: source directory |
921 | * @old_dentry: dentry for source file |
922 | * @new_dir: target directory |
923 | * @new_dentry: dentry for target location (may be negative unless exchanging) |
924 | * @flags: rename flags (we care at least about %RENAME_EXCHANGE) |
925 | * |
926 | * Prepare for ->rename() where the source and/or target directories may be |
927 | * encrypted. A new link can only be added to an encrypted directory if the |
928 | * directory's encryption key is available --- since otherwise we'd have no way |
929 | * to encrypt the filename. A rename to an existing name, on the other hand, |
930 | * *is* cryptographically possible without the key. However, we take the more |
931 | * conservative approach and just forbid all no-key renames. |
932 | * |
933 | * We also verify that the rename will not violate the constraint that all files |
934 | * in an encrypted directory tree use the same encryption policy. |
935 | * |
936 | * Return: 0 on success, -ENOKEY if an encryption key is missing, -EXDEV if the |
937 | * rename would cause inconsistent encryption policies, or another -errno code. |
938 | */ |
939 | static inline int fscrypt_prepare_rename(struct inode *old_dir, |
940 | struct dentry *old_dentry, |
941 | struct inode *new_dir, |
942 | struct dentry *new_dentry, |
943 | unsigned int flags) |
944 | { |
945 | if (IS_ENCRYPTED(old_dir) || IS_ENCRYPTED(new_dir)) |
946 | return __fscrypt_prepare_rename(old_dir, old_dentry, |
947 | new_dir, new_dentry, flags); |
948 | return 0; |
949 | } |
950 | |
951 | /** |
952 | * fscrypt_prepare_lookup() - prepare to lookup a name in a possibly-encrypted |
953 | * directory |
954 | * @dir: directory being searched |
955 | * @dentry: filename being looked up |
956 | * @fname: (output) the name to use to search the on-disk directory |
957 | * |
958 | * Prepare for ->lookup() in a directory which may be encrypted by determining |
959 | * the name that will actually be used to search the directory on-disk. If the |
960 | * directory's encryption policy is supported by this kernel and its encryption |
961 | * key is available, then the lookup is assumed to be by plaintext name; |
962 | * otherwise, it is assumed to be by no-key name. |
963 | * |
964 | * This will set DCACHE_NOKEY_NAME on the dentry if the lookup is by no-key |
965 | * name. In this case the filesystem must assign the dentry a dentry_operations |
966 | * which contains fscrypt_d_revalidate (or contains a d_revalidate method that |
967 | * calls fscrypt_d_revalidate), so that the dentry will be invalidated if the |
968 | * directory's encryption key is later added. |
969 | * |
970 | * Return: 0 on success; -ENOENT if the directory's key is unavailable but the |
971 | * filename isn't a valid no-key name, so a negative dentry should be created; |
972 | * or another -errno code. |
973 | */ |
974 | static inline int fscrypt_prepare_lookup(struct inode *dir, |
975 | struct dentry *dentry, |
976 | struct fscrypt_name *fname) |
977 | { |
978 | if (IS_ENCRYPTED(dir)) |
979 | return __fscrypt_prepare_lookup(dir, dentry, fname); |
980 | |
981 | memset(fname, 0, sizeof(*fname)); |
982 | fname->usr_fname = &dentry->d_name; |
983 | fname->disk_name.name = (unsigned char *)dentry->d_name.name; |
984 | fname->disk_name.len = dentry->d_name.len; |
985 | return 0; |
986 | } |
987 | |
988 | /** |
989 | * fscrypt_prepare_readdir() - prepare to read a possibly-encrypted directory |
990 | * @dir: the directory inode |
991 | * |
992 | * If the directory is encrypted and it doesn't already have its encryption key |
993 | * set up, try to set it up so that the filenames will be listed in plaintext |
994 | * form rather than in no-key form. |
995 | * |
996 | * Return: 0 on success; -errno on error. Note that the encryption key being |
997 | * unavailable is not considered an error. It is also not an error if |
998 | * the encryption policy is unsupported by this kernel; that is treated |
999 | * like the key being unavailable, so that files can still be deleted. |
1000 | */ |
1001 | static inline int fscrypt_prepare_readdir(struct inode *dir) |
1002 | { |
1003 | if (IS_ENCRYPTED(dir)) |
1004 | return __fscrypt_prepare_readdir(dir); |
1005 | return 0; |
1006 | } |
1007 | |
1008 | /** |
1009 | * fscrypt_prepare_setattr() - prepare to change a possibly-encrypted inode's |
1010 | * attributes |
1011 | * @dentry: dentry through which the inode is being changed |
1012 | * @attr: attributes to change |
1013 | * |
1014 | * Prepare for ->setattr() on a possibly-encrypted inode. On an encrypted file, |
1015 | * most attribute changes are allowed even without the encryption key. However, |
1016 | * without the encryption key we do have to forbid truncates. This is needed |
1017 | * because the size being truncated to may not be a multiple of the filesystem |
1018 | * block size, and in that case we'd have to decrypt the final block, zero the |
1019 | * portion past i_size, and re-encrypt it. (We *could* allow truncating to a |
1020 | * filesystem block boundary, but it's simpler to just forbid all truncates --- |
1021 | * and we already forbid all other contents modifications without the key.) |
1022 | * |
1023 | * Return: 0 on success, -ENOKEY if the key is missing, or another -errno code |
1024 | * if a problem occurred while setting up the encryption key. |
1025 | */ |
1026 | static inline int fscrypt_prepare_setattr(struct dentry *dentry, |
1027 | struct iattr *attr) |
1028 | { |
1029 | if (IS_ENCRYPTED(d_inode(dentry))) |
1030 | return __fscrypt_prepare_setattr(dentry, attr); |
1031 | return 0; |
1032 | } |
1033 | |
1034 | /** |
1035 | * fscrypt_encrypt_symlink() - encrypt the symlink target if needed |
1036 | * @inode: symlink inode |
1037 | * @target: plaintext symlink target |
1038 | * @len: length of @target excluding null terminator |
1039 | * @disk_link: (in/out) the on-disk symlink target being prepared |
1040 | * |
1041 | * If the symlink target needs to be encrypted, then this function encrypts it |
1042 | * into @disk_link->name. fscrypt_prepare_symlink() must have been called |
1043 | * previously to compute @disk_link->len. If the filesystem did not allocate a |
1044 | * buffer for @disk_link->name after calling fscrypt_prepare_link(), then one |
1045 | * will be kmalloc()'ed and the filesystem will be responsible for freeing it. |
1046 | * |
1047 | * Return: 0 on success, -errno on failure |
1048 | */ |
1049 | static inline int fscrypt_encrypt_symlink(struct inode *inode, |
1050 | const char *target, |
1051 | unsigned int len, |
1052 | struct fscrypt_str *disk_link) |
1053 | { |
1054 | if (IS_ENCRYPTED(inode)) |
1055 | return __fscrypt_encrypt_symlink(inode, target, len, disk_link); |
1056 | return 0; |
1057 | } |
1058 | |
1059 | /* If *pagep is a bounce page, free it and set *pagep to the pagecache page */ |
1060 | static inline void fscrypt_finalize_bounce_page(struct page **pagep) |
1061 | { |
1062 | struct page *page = *pagep; |
1063 | |
1064 | if (fscrypt_is_bounce_page(page)) { |
1065 | *pagep = fscrypt_pagecache_page(bounce_page: page); |
1066 | fscrypt_free_bounce_page(bounce_page: page); |
1067 | } |
1068 | } |
1069 | |
1070 | #endif /* _LINUX_FSCRYPT_H */ |
1071 | |