This source file includes following definitions.
- fscrypt_has_encryption_key
- fscrypt_dummy_context_enabled
- fscrypt_handle_d_move
- fscrypt_is_bounce_page
- fscrypt_pagecache_page
- fscrypt_free_filename
- fscrypt_match_name
- fscrypt_set_ops
- fscrypt_has_encryption_key
- fscrypt_dummy_context_enabled
- fscrypt_handle_d_move
- fscrypt_enqueue_decrypt_work
- fscrypt_get_ctx
- fscrypt_release_ctx
- fscrypt_encrypt_pagecache_blocks
- fscrypt_encrypt_block_inplace
- fscrypt_decrypt_pagecache_blocks
- fscrypt_decrypt_block_inplace
- fscrypt_is_bounce_page
- fscrypt_pagecache_page
- fscrypt_free_bounce_page
- fscrypt_ioctl_set_policy
- fscrypt_ioctl_get_policy
- fscrypt_ioctl_get_policy_ex
- fscrypt_has_permitted_context
- fscrypt_inherit_context
- fscrypt_sb_free
- fscrypt_ioctl_add_key
- fscrypt_ioctl_remove_key
- fscrypt_ioctl_remove_key_all_users
- fscrypt_ioctl_get_key_status
- fscrypt_get_encryption_info
- fscrypt_put_encryption_info
- fscrypt_free_inode
- fscrypt_drop_inode
- fscrypt_setup_filename
- fscrypt_free_filename
- fscrypt_fname_alloc_buffer
- fscrypt_fname_free_buffer
- fscrypt_fname_disk_to_usr
- fscrypt_match_name
- fscrypt_decrypt_bio
- fscrypt_enqueue_decrypt_bio
- fscrypt_zeroout_range
- fscrypt_file_open
- __fscrypt_prepare_link
- __fscrypt_prepare_rename
- __fscrypt_prepare_lookup
- __fscrypt_prepare_symlink
- __fscrypt_encrypt_symlink
- fscrypt_get_symlink
- fscrypt_set_ops
- fscrypt_require_key
- fscrypt_prepare_link
- fscrypt_prepare_rename
- fscrypt_prepare_lookup
- fscrypt_prepare_setattr
- fscrypt_prepare_symlink
- fscrypt_encrypt_symlink
- fscrypt_finalize_bounce_page
1
2
3
4
5
6
7
8
9
10
11
12
13 #ifndef _LINUX_FSCRYPT_H
14 #define _LINUX_FSCRYPT_H
15
16 #include <linux/fs.h>
17 #include <linux/mm.h>
18 #include <linux/slab.h>
19 #include <uapi/linux/fscrypt.h>
20
21 #define FS_CRYPTO_BLOCK_SIZE 16
22
23 struct fscrypt_ctx;
24 struct fscrypt_info;
25
26 struct fscrypt_str {
27 unsigned char *name;
28 u32 len;
29 };
30
31 struct fscrypt_name {
32 const struct qstr *usr_fname;
33 struct fscrypt_str disk_name;
34 u32 hash;
35 u32 minor_hash;
36 struct fscrypt_str crypto_buf;
37 bool is_ciphertext_name;
38 };
39
40 #define FSTR_INIT(n, l) { .name = n, .len = l }
41 #define FSTR_TO_QSTR(f) QSTR_INIT((f)->name, (f)->len)
42 #define fname_name(p) ((p)->disk_name.name)
43 #define fname_len(p) ((p)->disk_name.len)
44
45
46 #define FSCRYPT_SET_CONTEXT_MAX_SIZE 40
47
48 #ifdef CONFIG_FS_ENCRYPTION
49
50
51
52 #define FS_CFLG_OWN_PAGES (1U << 1)
53
54
55
56
57 struct fscrypt_operations {
58 unsigned int flags;
59 const char *key_prefix;
60 int (*get_context)(struct inode *, void *, size_t);
61 int (*set_context)(struct inode *, const void *, size_t, void *);
62 bool (*dummy_context)(struct inode *);
63 bool (*empty_dir)(struct inode *);
64 unsigned int max_namelen;
65 };
66
67
68 struct fscrypt_ctx {
69 union {
70 struct {
71 struct bio *bio;
72 struct work_struct work;
73 };
74 struct list_head free_list;
75 };
76 u8 flags;
77 };
78
79 static inline bool fscrypt_has_encryption_key(const struct inode *inode)
80 {
81
82 return READ_ONCE(inode->i_crypt_info) != NULL;
83 }
84
85 static inline bool fscrypt_dummy_context_enabled(struct inode *inode)
86 {
87 return inode->i_sb->s_cop->dummy_context &&
88 inode->i_sb->s_cop->dummy_context(inode);
89 }
90
91
92
93
94
95
96
97
98 static inline void fscrypt_handle_d_move(struct dentry *dentry)
99 {
100 dentry->d_flags &= ~DCACHE_ENCRYPTED_NAME;
101 }
102
103
104 extern void fscrypt_enqueue_decrypt_work(struct work_struct *);
105 extern struct fscrypt_ctx *fscrypt_get_ctx(gfp_t);
106 extern void fscrypt_release_ctx(struct fscrypt_ctx *);
107
108 extern struct page *fscrypt_encrypt_pagecache_blocks(struct page *page,
109 unsigned int len,
110 unsigned int offs,
111 gfp_t gfp_flags);
112 extern int fscrypt_encrypt_block_inplace(const struct inode *inode,
113 struct page *page, unsigned int len,
114 unsigned int offs, u64 lblk_num,
115 gfp_t gfp_flags);
116
117 extern int fscrypt_decrypt_pagecache_blocks(struct page *page, unsigned int len,
118 unsigned int offs);
119 extern int fscrypt_decrypt_block_inplace(const struct inode *inode,
120 struct page *page, unsigned int len,
121 unsigned int offs, u64 lblk_num);
122
123 static inline bool fscrypt_is_bounce_page(struct page *page)
124 {
125 return page->mapping == NULL;
126 }
127
128 static inline struct page *fscrypt_pagecache_page(struct page *bounce_page)
129 {
130 return (struct page *)page_private(bounce_page);
131 }
132
133 extern void fscrypt_free_bounce_page(struct page *bounce_page);
134
135
136 extern int fscrypt_ioctl_set_policy(struct file *, const void __user *);
137 extern int fscrypt_ioctl_get_policy(struct file *, void __user *);
138 extern int fscrypt_ioctl_get_policy_ex(struct file *, void __user *);
139 extern int fscrypt_has_permitted_context(struct inode *, struct inode *);
140 extern int fscrypt_inherit_context(struct inode *, struct inode *,
141 void *, bool);
142
143 extern void fscrypt_sb_free(struct super_block *sb);
144 extern int fscrypt_ioctl_add_key(struct file *filp, void __user *arg);
145 extern int fscrypt_ioctl_remove_key(struct file *filp, void __user *arg);
146 extern int fscrypt_ioctl_remove_key_all_users(struct file *filp,
147 void __user *arg);
148 extern int fscrypt_ioctl_get_key_status(struct file *filp, void __user *arg);
149
150
151 extern int fscrypt_get_encryption_info(struct inode *);
152 extern void fscrypt_put_encryption_info(struct inode *);
153 extern void fscrypt_free_inode(struct inode *);
154 extern int fscrypt_drop_inode(struct inode *inode);
155
156
157 extern int fscrypt_setup_filename(struct inode *, const struct qstr *,
158 int lookup, struct fscrypt_name *);
159
160 static inline void fscrypt_free_filename(struct fscrypt_name *fname)
161 {
162 kfree(fname->crypto_buf.name);
163 }
164
165 extern int fscrypt_fname_alloc_buffer(const struct inode *, u32,
166 struct fscrypt_str *);
167 extern void fscrypt_fname_free_buffer(struct fscrypt_str *);
168 extern int fscrypt_fname_disk_to_usr(struct inode *, u32, u32,
169 const struct fscrypt_str *, struct fscrypt_str *);
170
171 #define FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE 32
172
173
174 #define FSCRYPT_FNAME_DIGEST(name, len) \
175 ((name) + round_down((len) - FS_CRYPTO_BLOCK_SIZE - 1, \
176 FS_CRYPTO_BLOCK_SIZE))
177
178 #define FSCRYPT_FNAME_DIGEST_SIZE FS_CRYPTO_BLOCK_SIZE
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206 struct fscrypt_digested_name {
207 u32 hash;
208 u32 minor_hash;
209 u8 digest[FSCRYPT_FNAME_DIGEST_SIZE];
210 };
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226 static inline bool fscrypt_match_name(const struct fscrypt_name *fname,
227 const u8 *de_name, u32 de_name_len)
228 {
229 if (unlikely(!fname->disk_name.name)) {
230 const struct fscrypt_digested_name *n =
231 (const void *)fname->crypto_buf.name;
232 if (WARN_ON_ONCE(fname->usr_fname->name[0] != '_'))
233 return false;
234 if (de_name_len <= FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE)
235 return false;
236 return !memcmp(FSCRYPT_FNAME_DIGEST(de_name, de_name_len),
237 n->digest, FSCRYPT_FNAME_DIGEST_SIZE);
238 }
239
240 if (de_name_len != fname->disk_name.len)
241 return false;
242 return !memcmp(de_name, fname->disk_name.name, fname->disk_name.len);
243 }
244
245
246 extern void fscrypt_decrypt_bio(struct bio *);
247 extern void fscrypt_enqueue_decrypt_bio(struct fscrypt_ctx *ctx,
248 struct bio *bio);
249 extern int fscrypt_zeroout_range(const struct inode *, pgoff_t, sector_t,
250 unsigned int);
251
252
253 extern int fscrypt_file_open(struct inode *inode, struct file *filp);
254 extern int __fscrypt_prepare_link(struct inode *inode, struct inode *dir,
255 struct dentry *dentry);
256 extern int __fscrypt_prepare_rename(struct inode *old_dir,
257 struct dentry *old_dentry,
258 struct inode *new_dir,
259 struct dentry *new_dentry,
260 unsigned int flags);
261 extern int __fscrypt_prepare_lookup(struct inode *dir, struct dentry *dentry,
262 struct fscrypt_name *fname);
263 extern int __fscrypt_prepare_symlink(struct inode *dir, unsigned int len,
264 unsigned int max_len,
265 struct fscrypt_str *disk_link);
266 extern int __fscrypt_encrypt_symlink(struct inode *inode, const char *target,
267 unsigned int len,
268 struct fscrypt_str *disk_link);
269 extern const char *fscrypt_get_symlink(struct inode *inode, const void *caddr,
270 unsigned int max_size,
271 struct delayed_call *done);
272 static inline void fscrypt_set_ops(struct super_block *sb,
273 const struct fscrypt_operations *s_cop)
274 {
275 sb->s_cop = s_cop;
276 }
277 #else
278
279 static inline bool fscrypt_has_encryption_key(const struct inode *inode)
280 {
281 return false;
282 }
283
284 static inline bool fscrypt_dummy_context_enabled(struct inode *inode)
285 {
286 return false;
287 }
288
289 static inline void fscrypt_handle_d_move(struct dentry *dentry)
290 {
291 }
292
293
294 static inline void fscrypt_enqueue_decrypt_work(struct work_struct *work)
295 {
296 }
297
298 static inline struct fscrypt_ctx *fscrypt_get_ctx(gfp_t gfp_flags)
299 {
300 return ERR_PTR(-EOPNOTSUPP);
301 }
302
303 static inline void fscrypt_release_ctx(struct fscrypt_ctx *ctx)
304 {
305 return;
306 }
307
308 static inline struct page *fscrypt_encrypt_pagecache_blocks(struct page *page,
309 unsigned int len,
310 unsigned int offs,
311 gfp_t gfp_flags)
312 {
313 return ERR_PTR(-EOPNOTSUPP);
314 }
315
316 static inline int fscrypt_encrypt_block_inplace(const struct inode *inode,
317 struct page *page,
318 unsigned int len,
319 unsigned int offs, u64 lblk_num,
320 gfp_t gfp_flags)
321 {
322 return -EOPNOTSUPP;
323 }
324
325 static inline int fscrypt_decrypt_pagecache_blocks(struct page *page,
326 unsigned int len,
327 unsigned int offs)
328 {
329 return -EOPNOTSUPP;
330 }
331
332 static inline int fscrypt_decrypt_block_inplace(const struct inode *inode,
333 struct page *page,
334 unsigned int len,
335 unsigned int offs, u64 lblk_num)
336 {
337 return -EOPNOTSUPP;
338 }
339
340 static inline bool fscrypt_is_bounce_page(struct page *page)
341 {
342 return false;
343 }
344
345 static inline struct page *fscrypt_pagecache_page(struct page *bounce_page)
346 {
347 WARN_ON_ONCE(1);
348 return ERR_PTR(-EINVAL);
349 }
350
351 static inline void fscrypt_free_bounce_page(struct page *bounce_page)
352 {
353 }
354
355
356 static inline int fscrypt_ioctl_set_policy(struct file *filp,
357 const void __user *arg)
358 {
359 return -EOPNOTSUPP;
360 }
361
362 static inline int fscrypt_ioctl_get_policy(struct file *filp, void __user *arg)
363 {
364 return -EOPNOTSUPP;
365 }
366
367 static inline int fscrypt_ioctl_get_policy_ex(struct file *filp,
368 void __user *arg)
369 {
370 return -EOPNOTSUPP;
371 }
372
373 static inline int fscrypt_has_permitted_context(struct inode *parent,
374 struct inode *child)
375 {
376 return 0;
377 }
378
379 static inline int fscrypt_inherit_context(struct inode *parent,
380 struct inode *child,
381 void *fs_data, bool preload)
382 {
383 return -EOPNOTSUPP;
384 }
385
386
387 static inline void fscrypt_sb_free(struct super_block *sb)
388 {
389 }
390
391 static inline int fscrypt_ioctl_add_key(struct file *filp, void __user *arg)
392 {
393 return -EOPNOTSUPP;
394 }
395
396 static inline int fscrypt_ioctl_remove_key(struct file *filp, void __user *arg)
397 {
398 return -EOPNOTSUPP;
399 }
400
401 static inline int fscrypt_ioctl_remove_key_all_users(struct file *filp,
402 void __user *arg)
403 {
404 return -EOPNOTSUPP;
405 }
406
407 static inline int fscrypt_ioctl_get_key_status(struct file *filp,
408 void __user *arg)
409 {
410 return -EOPNOTSUPP;
411 }
412
413
414 static inline int fscrypt_get_encryption_info(struct inode *inode)
415 {
416 return -EOPNOTSUPP;
417 }
418
419 static inline void fscrypt_put_encryption_info(struct inode *inode)
420 {
421 return;
422 }
423
424 static inline void fscrypt_free_inode(struct inode *inode)
425 {
426 }
427
428 static inline int fscrypt_drop_inode(struct inode *inode)
429 {
430 return 0;
431 }
432
433
434 static inline int fscrypt_setup_filename(struct inode *dir,
435 const struct qstr *iname,
436 int lookup, struct fscrypt_name *fname)
437 {
438 if (IS_ENCRYPTED(dir))
439 return -EOPNOTSUPP;
440
441 memset(fname, 0, sizeof(*fname));
442 fname->usr_fname = iname;
443 fname->disk_name.name = (unsigned char *)iname->name;
444 fname->disk_name.len = iname->len;
445 return 0;
446 }
447
448 static inline void fscrypt_free_filename(struct fscrypt_name *fname)
449 {
450 return;
451 }
452
453 static inline int fscrypt_fname_alloc_buffer(const struct inode *inode,
454 u32 max_encrypted_len,
455 struct fscrypt_str *crypto_str)
456 {
457 return -EOPNOTSUPP;
458 }
459
460 static inline void fscrypt_fname_free_buffer(struct fscrypt_str *crypto_str)
461 {
462 return;
463 }
464
465 static inline int fscrypt_fname_disk_to_usr(struct inode *inode,
466 u32 hash, u32 minor_hash,
467 const struct fscrypt_str *iname,
468 struct fscrypt_str *oname)
469 {
470 return -EOPNOTSUPP;
471 }
472
473 static inline bool fscrypt_match_name(const struct fscrypt_name *fname,
474 const u8 *de_name, u32 de_name_len)
475 {
476
477 if (de_name_len != fname->disk_name.len)
478 return false;
479 return !memcmp(de_name, fname->disk_name.name, fname->disk_name.len);
480 }
481
482
483 static inline void fscrypt_decrypt_bio(struct bio *bio)
484 {
485 }
486
487 static inline void fscrypt_enqueue_decrypt_bio(struct fscrypt_ctx *ctx,
488 struct bio *bio)
489 {
490 }
491
492 static inline int fscrypt_zeroout_range(const struct inode *inode, pgoff_t lblk,
493 sector_t pblk, unsigned int len)
494 {
495 return -EOPNOTSUPP;
496 }
497
498
499
500 static inline int fscrypt_file_open(struct inode *inode, struct file *filp)
501 {
502 if (IS_ENCRYPTED(inode))
503 return -EOPNOTSUPP;
504 return 0;
505 }
506
507 static inline int __fscrypt_prepare_link(struct inode *inode, struct inode *dir,
508 struct dentry *dentry)
509 {
510 return -EOPNOTSUPP;
511 }
512
513 static inline int __fscrypt_prepare_rename(struct inode *old_dir,
514 struct dentry *old_dentry,
515 struct inode *new_dir,
516 struct dentry *new_dentry,
517 unsigned int flags)
518 {
519 return -EOPNOTSUPP;
520 }
521
522 static inline int __fscrypt_prepare_lookup(struct inode *dir,
523 struct dentry *dentry,
524 struct fscrypt_name *fname)
525 {
526 return -EOPNOTSUPP;
527 }
528
529 static inline int __fscrypt_prepare_symlink(struct inode *dir,
530 unsigned int len,
531 unsigned int max_len,
532 struct fscrypt_str *disk_link)
533 {
534 return -EOPNOTSUPP;
535 }
536
537
538 static inline int __fscrypt_encrypt_symlink(struct inode *inode,
539 const char *target,
540 unsigned int len,
541 struct fscrypt_str *disk_link)
542 {
543 return -EOPNOTSUPP;
544 }
545
546 static inline const char *fscrypt_get_symlink(struct inode *inode,
547 const void *caddr,
548 unsigned int max_size,
549 struct delayed_call *done)
550 {
551 return ERR_PTR(-EOPNOTSUPP);
552 }
553
554 static inline void fscrypt_set_ops(struct super_block *sb,
555 const struct fscrypt_operations *s_cop)
556 {
557 }
558
559 #endif
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574 static inline int fscrypt_require_key(struct inode *inode)
575 {
576 if (IS_ENCRYPTED(inode)) {
577 int err = fscrypt_get_encryption_info(inode);
578
579 if (err)
580 return err;
581 if (!fscrypt_has_encryption_key(inode))
582 return -ENOKEY;
583 }
584 return 0;
585 }
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605 static inline int fscrypt_prepare_link(struct dentry *old_dentry,
606 struct inode *dir,
607 struct dentry *dentry)
608 {
609 if (IS_ENCRYPTED(dir))
610 return __fscrypt_prepare_link(d_inode(old_dentry), dir, dentry);
611 return 0;
612 }
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635 static inline int fscrypt_prepare_rename(struct inode *old_dir,
636 struct dentry *old_dentry,
637 struct inode *new_dir,
638 struct dentry *new_dentry,
639 unsigned int flags)
640 {
641 if (IS_ENCRYPTED(old_dir) || IS_ENCRYPTED(new_dir))
642 return __fscrypt_prepare_rename(old_dir, old_dentry,
643 new_dir, new_dentry, flags);
644 return 0;
645 }
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666 static inline int fscrypt_prepare_lookup(struct inode *dir,
667 struct dentry *dentry,
668 struct fscrypt_name *fname)
669 {
670 if (IS_ENCRYPTED(dir))
671 return __fscrypt_prepare_lookup(dir, dentry, fname);
672
673 memset(fname, 0, sizeof(*fname));
674 fname->usr_fname = &dentry->d_name;
675 fname->disk_name.name = (unsigned char *)dentry->d_name.name;
676 fname->disk_name.len = dentry->d_name.len;
677 return 0;
678 }
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697 static inline int fscrypt_prepare_setattr(struct dentry *dentry,
698 struct iattr *attr)
699 {
700 if (attr->ia_valid & ATTR_SIZE)
701 return fscrypt_require_key(d_inode(dentry));
702 return 0;
703 }
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728 static inline int fscrypt_prepare_symlink(struct inode *dir,
729 const char *target,
730 unsigned int len,
731 unsigned int max_len,
732 struct fscrypt_str *disk_link)
733 {
734 if (IS_ENCRYPTED(dir) || fscrypt_dummy_context_enabled(dir))
735 return __fscrypt_prepare_symlink(dir, len, max_len, disk_link);
736
737 disk_link->name = (unsigned char *)target;
738 disk_link->len = len + 1;
739 if (disk_link->len > max_len)
740 return -ENAMETOOLONG;
741 return 0;
742 }
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759 static inline int fscrypt_encrypt_symlink(struct inode *inode,
760 const char *target,
761 unsigned int len,
762 struct fscrypt_str *disk_link)
763 {
764 if (IS_ENCRYPTED(inode))
765 return __fscrypt_encrypt_symlink(inode, target, len, disk_link);
766 return 0;
767 }
768
769
770 static inline void fscrypt_finalize_bounce_page(struct page **pagep)
771 {
772 struct page *page = *pagep;
773
774 if (fscrypt_is_bounce_page(page)) {
775 *pagep = fscrypt_pagecache_page(page);
776 fscrypt_free_bounce_page(page);
777 }
778 }
779
780 #endif