file.c 11.5 KB
Newer Older
1 2 3 4 5
/**
 * eCryptfs: Linux filesystem encryption layer
 *
 * Copyright (C) 1997-2004 Erez Zadok
 * Copyright (C) 2001-2004 Stony Brook University
6
 * Copyright (C) 2004-2007 International Business Machines Corp.
7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27
 *   Author(s): Michael A. Halcrow <mhalcrow@us.ibm.com>
 *   		Michael C. Thompson <mcthomps@us.ibm.com>
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License as
 * published by the Free Software Foundation; either version 2 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
 * 02111-1307, USA.
 */

#include <linux/file.h>
#include <linux/poll.h>
28
#include <linux/slab.h>
29 30 31 32
#include <linux/mount.h>
#include <linux/pagemap.h>
#include <linux/security.h>
#include <linux/compat.h>
33
#include <linux/fs_stack.h>
34 35 36 37 38 39 40 41 42 43 44 45 46
#include "ecryptfs_kernel.h"

/**
 * ecryptfs_read_update_atime
 *
 * generic_file_read updates the atime of upper layer inode.  But, it
 * doesn't give us a chance to update the atime of the lower layer
 * inode.  This function is a wrapper to generic_file_read.  It
 * updates the atime of the lower level inode if generic_file_read
 * returns without any errors. This is to be used only for file reads.
 * The function to be used for directory reads is ecryptfs_read.
 */
static ssize_t ecryptfs_read_update_atime(struct kiocb *iocb,
47
				struct iov_iter *to)
48
{
49
	ssize_t rc;
50
	struct path *path;
51 52
	struct file *file = iocb->ki_filp;

53
	rc = generic_file_read_iter(iocb, to);
54
	if (rc >= 0) {
55 56
		path = ecryptfs_dentry_to_lower_path(file->f_path.dentry);
		touch_atime(path);
57 58 59 60 61
	}
	return rc;
}

struct ecryptfs_getdents_callback {
62
	struct dir_context ctx;
Al Viro's avatar
Al Viro committed
63
	struct dir_context *caller;
64
	struct super_block *sb;
65 66 67 68
	int filldir_called;
	int entries_written;
};

69
/* Inspired by generic filldir in fs/readdir.c */
70
static int
71 72
ecryptfs_filldir(struct dir_context *ctx, const char *lower_name,
		 int lower_namelen, loff_t offset, u64 ino, unsigned int d_type)
73 74
{
	struct ecryptfs_getdents_callback *buf =
75
		container_of(ctx, struct ecryptfs_getdents_callback, ctx);
76
	size_t name_size;
77
	char *name;
78 79 80
	int rc;

	buf->filldir_called++;
81
	rc = ecryptfs_decode_and_decrypt_filename(&name, &name_size,
82
						  buf->sb, lower_name,
83 84 85 86 87
						  lower_namelen);
	if (rc) {
		printk(KERN_ERR "%s: Error attempting to decode and decrypt "
		       "filename [%s]; rc = [%d]\n", __func__, lower_name,
		       rc);
88 89
		goto out;
	}
Al Viro's avatar
Al Viro committed
90 91
	buf->caller->pos = buf->ctx.pos;
	rc = !dir_emit(buf->caller, name, name_size, ino, d_type);
92
	kfree(name);
Al Viro's avatar
Al Viro committed
93
	if (!rc)
94 95 96 97 98 99 100
		buf->entries_written++;
out:
	return rc;
}

/**
 * ecryptfs_readdir
101
 * @file: The eCryptfs directory file
Al Viro's avatar
Al Viro committed
102
 * @ctx: The actor to feed the entries to
103
 */
Al Viro's avatar
Al Viro committed
104
static int ecryptfs_readdir(struct file *file, struct dir_context *ctx)
105 106 107
{
	int rc;
	struct file *lower_file;
108
	struct inode *inode = file_inode(file);
Al Viro's avatar
Al Viro committed
109 110 111
	struct ecryptfs_getdents_callback buf = {
		.ctx.actor = ecryptfs_filldir,
		.caller = ctx,
112
		.sb = inode->i_sb,
Al Viro's avatar
Al Viro committed
113
	};
114
	lower_file = ecryptfs_file_to_lower(file);
115
	rc = iterate_dir(lower_file, &buf.ctx);
Al Viro's avatar
Al Viro committed
116
	ctx->pos = buf.ctx.pos;
117 118 119 120
	if (rc < 0)
		goto out;
	if (buf.filldir_called && !buf.entries_written)
		goto out;
121
	if (rc >= 0)
122
		fsstack_copy_attr_atime(inode,
Al Viro's avatar
Al Viro committed
123
					file_inode(lower_file));
124
out:
125 126 127 128 129
	return rc;
}

struct kmem_cache *ecryptfs_file_info_cache;

130 131
static int read_or_initialize_metadata(struct dentry *dentry)
{
132
	struct inode *inode = d_inode(dentry);
133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171
	struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
	struct ecryptfs_crypt_stat *crypt_stat;
	int rc;

	crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat;
	mount_crypt_stat = &ecryptfs_superblock_to_private(
						inode->i_sb)->mount_crypt_stat;
	mutex_lock(&crypt_stat->cs_mutex);

	if (crypt_stat->flags & ECRYPTFS_POLICY_APPLIED &&
	    crypt_stat->flags & ECRYPTFS_KEY_VALID) {
		rc = 0;
		goto out;
	}

	rc = ecryptfs_read_metadata(dentry);
	if (!rc)
		goto out;

	if (mount_crypt_stat->flags & ECRYPTFS_PLAINTEXT_PASSTHROUGH_ENABLED) {
		crypt_stat->flags &= ~(ECRYPTFS_I_SIZE_INITIALIZED
				       | ECRYPTFS_ENCRYPTED);
		rc = 0;
		goto out;
	}

	if (!(mount_crypt_stat->flags & ECRYPTFS_XATTR_METADATA_ENABLED) &&
	    !i_size_read(ecryptfs_inode_to_lower(inode))) {
		rc = ecryptfs_initialize_file(dentry, inode);
		if (!rc)
			goto out;
	}

	rc = -EIO;
out:
	mutex_unlock(&crypt_stat->cs_mutex);
	return rc;
}

172 173 174 175 176 177 178 179 180 181 182 183 184
static int ecryptfs_mmap(struct file *file, struct vm_area_struct *vma)
{
	struct file *lower_file = ecryptfs_file_to_lower(file);
	/*
	 * Don't allow mmap on top of file systems that don't support it
	 * natively.  If FILESYSTEM_MAX_STACK_DEPTH > 2 or ecryptfs
	 * allows recursive mounting, this will need to be extended.
	 */
	if (!lower_file->f_op->mmap)
		return -ENODEV;
	return generic_file_mmap(file, vma);
}

185 186
/**
 * ecryptfs_open
187
 * @inode: inode specifying file to open
188 189 190 191 192 193 194 195 196 197
 * @file: Structure to return filled in
 *
 * Opens the file specified by inode.
 *
 * Returns zero on success; non-zero otherwise
 */
static int ecryptfs_open(struct inode *inode, struct file *file)
{
	int rc = 0;
	struct ecryptfs_crypt_stat *crypt_stat = NULL;
198
	struct dentry *ecryptfs_dentry = file->f_path.dentry;
199 200 201 202 203
	/* Private value of ecryptfs_dentry allocated in
	 * ecryptfs_lookup() */
	struct ecryptfs_file_info *file_info;

	/* Released in ecryptfs_release or end of function if failure */
204
	file_info = kmem_cache_zalloc(ecryptfs_file_info_cache, GFP_KERNEL);
205 206 207 208 209 210 211 212 213
	ecryptfs_set_file_private(file, file_info);
	if (!file_info) {
		ecryptfs_printk(KERN_ERR,
				"Error attempting to allocate memory\n");
		rc = -ENOMEM;
		goto out;
	}
	crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat;
	mutex_lock(&crypt_stat->cs_mutex);
214
	if (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED)) {
215 216
		ecryptfs_printk(KERN_DEBUG, "Setting flags for stat...\n");
		/* Policy code enabled in future release */
217 218
		crypt_stat->flags |= (ECRYPTFS_POLICY_APPLIED
				      | ECRYPTFS_ENCRYPTED);
219 220
	}
	mutex_unlock(&crypt_stat->cs_mutex);
221
	rc = ecryptfs_get_lower_file(ecryptfs_dentry, inode);
222 223
	if (rc) {
		printk(KERN_ERR "%s: Error attempting to initialize "
224
			"the lower file for the dentry with name "
David Howells's avatar
David Howells committed
225 226
			"[%pd]; rc = [%d]\n", __func__,
			ecryptfs_dentry, rc);
227
		goto out_free;
228
	}
229 230
	if ((ecryptfs_inode_to_private(inode)->lower_file->f_flags & O_ACCMODE)
	    == O_RDONLY && (file->f_flags & O_ACCMODE) != O_RDONLY) {
231
		rc = -EPERM;
232
		printk(KERN_WARNING "%s: Lower file is RO; eCryptfs "
233
		       "file must hence be opened RO\n", __func__);
234
		goto out_put;
235
	}
236 237
	ecryptfs_set_file_lower(
		file, ecryptfs_inode_to_private(inode)->lower_file);
238 239 240
	rc = read_or_initialize_metadata(ecryptfs_dentry);
	if (rc)
		goto out_put;
241 242 243
	ecryptfs_printk(KERN_DEBUG, "inode w/ addr = [0x%p], i_ino = "
			"[0x%.16lx] size: [0x%.16llx]\n", inode, inode->i_ino,
			(unsigned long long)i_size_read(inode));
244
	goto out;
245 246
out_put:
	ecryptfs_put_lower_file(inode);
247
out_free:
248 249 250 251 252 253
	kmem_cache_free(ecryptfs_file_info_cache,
			ecryptfs_file_to_private(file));
out:
	return rc;
}

254 255
/**
 * ecryptfs_dir_open
256
 * @inode: inode specifying file to open
257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292
 * @file: Structure to return filled in
 *
 * Opens the file specified by inode.
 *
 * Returns zero on success; non-zero otherwise
 */
static int ecryptfs_dir_open(struct inode *inode, struct file *file)
{
	struct dentry *ecryptfs_dentry = file->f_path.dentry;
	/* Private value of ecryptfs_dentry allocated in
	 * ecryptfs_lookup() */
	struct ecryptfs_file_info *file_info;
	struct file *lower_file;

	/* Released in ecryptfs_release or end of function if failure */
	file_info = kmem_cache_zalloc(ecryptfs_file_info_cache, GFP_KERNEL);
	ecryptfs_set_file_private(file, file_info);
	if (unlikely(!file_info)) {
		ecryptfs_printk(KERN_ERR,
				"Error attempting to allocate memory\n");
		return -ENOMEM;
	}
	lower_file = dentry_open(ecryptfs_dentry_to_lower_path(ecryptfs_dentry),
				 file->f_flags, current_cred());
	if (IS_ERR(lower_file)) {
		printk(KERN_ERR "%s: Error attempting to initialize "
			"the lower file for the dentry with name "
			"[%pd]; rc = [%ld]\n", __func__,
			ecryptfs_dentry, PTR_ERR(lower_file));
		kmem_cache_free(ecryptfs_file_info_cache, file_info);
		return PTR_ERR(lower_file);
	}
	ecryptfs_set_file_lower(file, lower_file);
	return 0;
}

293 294
static int ecryptfs_flush(struct file *file, fl_owner_t td)
{
295 296
	struct file *lower_file = ecryptfs_file_to_lower(file);

Al Viro's avatar
Al Viro committed
297
	if (lower_file->f_op->flush) {
298 299 300 301 302
		filemap_write_and_wait(file->f_mapping);
		return lower_file->f_op->flush(lower_file, td);
	}

	return 0;
303 304 305 306
}

static int ecryptfs_release(struct inode *inode, struct file *file)
{
307
	ecryptfs_put_lower_file(inode);
308 309 310
	kmem_cache_free(ecryptfs_file_info_cache,
			ecryptfs_file_to_private(file));
	return 0;
311 312
}

313 314 315 316 317 318 319 320 321 322 323 324 325
static int ecryptfs_dir_release(struct inode *inode, struct file *file)
{
	fput(ecryptfs_file_to_lower(file));
	kmem_cache_free(ecryptfs_file_info_cache,
			ecryptfs_file_to_private(file));
	return 0;
}

static loff_t ecryptfs_dir_llseek(struct file *file, loff_t offset, int whence)
{
	return vfs_llseek(ecryptfs_file_to_lower(file), offset, whence);
}

326
static int
327
ecryptfs_fsync(struct file *file, loff_t start, loff_t end, int datasync)
328
{
329 330
	int rc;

331
	rc = file_write_and_wait(file);
332 333 334
	if (rc)
		return rc;

335
	return vfs_fsync(ecryptfs_file_to_lower(file), datasync);
336 337 338 339 340 341 342 343
}

static int ecryptfs_fasync(int fd, struct file *file, int flag)
{
	int rc = 0;
	struct file *lower_file = NULL;

	lower_file = ecryptfs_file_to_lower(file);
Al Viro's avatar
Al Viro committed
344
	if (lower_file->f_op->fasync)
345 346 347 348
		rc = lower_file->f_op->fasync(fd, lower_file, flag);
	return rc;
}

349 350 351
static long
ecryptfs_unlocked_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
{
352
	struct file *lower_file = ecryptfs_file_to_lower(file);
353 354
	long rc = -ENOTTY;

355 356 357 358 359 360 361 362 363
	if (!lower_file->f_op->unlocked_ioctl)
		return rc;

	switch (cmd) {
	case FITRIM:
	case FS_IOC_GETFLAGS:
	case FS_IOC_SETFLAGS:
	case FS_IOC_GETVERSION:
	case FS_IOC_SETVERSION:
364
		rc = lower_file->f_op->unlocked_ioctl(lower_file, cmd, arg);
365 366 367 368 369 370
		fsstack_copy_attr_all(file_inode(file), file_inode(lower_file));

		return rc;
	default:
		return rc;
	}
371 372 373 374 375 376
}

#ifdef CONFIG_COMPAT
static long
ecryptfs_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
{
377
	struct file *lower_file = ecryptfs_file_to_lower(file);
378 379
	long rc = -ENOIOCTLCMD;

380 381 382 383 384 385 386 387
	if (!lower_file->f_op->compat_ioctl)
		return rc;

	switch (cmd) {
	case FS_IOC32_GETFLAGS:
	case FS_IOC32_SETFLAGS:
	case FS_IOC32_GETVERSION:
	case FS_IOC32_SETVERSION:
388
		rc = lower_file->f_op->compat_ioctl(lower_file, cmd, arg);
389 390 391 392 393 394
		fsstack_copy_attr_all(file_inode(file), file_inode(lower_file));

		return rc;
	default:
		return rc;
	}
395 396
}
#endif
397 398

const struct file_operations ecryptfs_dir_fops = {
399
	.iterate_shared = ecryptfs_readdir,
400
	.read = generic_read_dir,
401 402 403 404
	.unlocked_ioctl = ecryptfs_unlocked_ioctl,
#ifdef CONFIG_COMPAT
	.compat_ioctl = ecryptfs_compat_ioctl,
#endif
405 406
	.open = ecryptfs_dir_open,
	.release = ecryptfs_dir_release,
407
	.fsync = ecryptfs_fsync,
408
	.llseek = ecryptfs_dir_llseek,
409 410 411
};

const struct file_operations ecryptfs_main_fops = {
412
	.llseek = generic_file_llseek,
413
	.read_iter = ecryptfs_read_update_atime,
414
	.write_iter = generic_file_write_iter,
415 416 417 418
	.unlocked_ioctl = ecryptfs_unlocked_ioctl,
#ifdef CONFIG_COMPAT
	.compat_ioctl = ecryptfs_compat_ioctl,
#endif
419
	.mmap = ecryptfs_mmap,
420 421 422 423 424
	.open = ecryptfs_open,
	.flush = ecryptfs_flush,
	.release = ecryptfs_release,
	.fsync = ecryptfs_fsync,
	.fasync = ecryptfs_fasync,
425
	.splice_read = generic_file_splice_read,
426
};