Commit | Line | Data |
---|---|---|
237fead6 MH |
1 | /** |
2 | * eCryptfs: Linux filesystem encryption layer | |
3 | * | |
4 | * Copyright (C) 1997-2003 Erez Zadok | |
5 | * Copyright (C) 2001-2003 Stony Brook University | |
6 | * Copyright (C) 2004-2006 International Business Machines Corp. | |
7 | * Author(s): Michael A. Halcrow <mahalcro@us.ibm.com> | |
8 | * Michael C. Thompson <mcthomps@us.ibm.com> | |
9 | * | |
10 | * This program is free software; you can redistribute it and/or | |
11 | * modify it under the terms of the GNU General Public License as | |
12 | * published by the Free Software Foundation; either version 2 of the | |
13 | * License, or (at your option) any later version. | |
14 | * | |
15 | * This program is distributed in the hope that it will be useful, but | |
16 | * WITHOUT ANY WARRANTY; without even the implied warranty of | |
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
18 | * General Public License for more details. | |
19 | * | |
20 | * You should have received a copy of the GNU General Public License | |
21 | * along with this program; if not, write to the Free Software | |
22 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA | |
23 | * 02111-1307, USA. | |
24 | */ | |
25 | ||
26 | #include <linux/dcache.h> | |
27 | #include <linux/file.h> | |
28 | #include <linux/module.h> | |
29 | #include <linux/namei.h> | |
30 | #include <linux/skbuff.h> | |
31 | #include <linux/crypto.h> | |
32 | #include <linux/netlink.h> | |
33 | #include <linux/mount.h> | |
34 | #include <linux/dcache.h> | |
35 | #include <linux/pagemap.h> | |
36 | #include <linux/key.h> | |
37 | #include <linux/parser.h> | |
38 | #include "ecryptfs_kernel.h" | |
39 | ||
40 | /** | |
41 | * Module parameter that defines the ecryptfs_verbosity level. | |
42 | */ | |
43 | int ecryptfs_verbosity = 0; | |
44 | ||
45 | module_param(ecryptfs_verbosity, int, 0); | |
46 | MODULE_PARM_DESC(ecryptfs_verbosity, | |
47 | "Initial verbosity level (0 or 1; defaults to " | |
48 | "0, which is Quiet)"); | |
49 | ||
50 | void __ecryptfs_printk(const char *fmt, ...) | |
51 | { | |
52 | va_list args; | |
53 | va_start(args, fmt); | |
54 | if (fmt[1] == '7') { /* KERN_DEBUG */ | |
55 | if (ecryptfs_verbosity >= 1) | |
56 | vprintk(fmt, args); | |
57 | } else | |
58 | vprintk(fmt, args); | |
59 | va_end(args); | |
60 | } | |
61 | ||
62 | /** | |
63 | * ecryptfs_interpose | |
64 | * @lower_dentry: Existing dentry in the lower filesystem | |
65 | * @dentry: ecryptfs' dentry | |
66 | * @sb: ecryptfs's super_block | |
67 | * @flag: If set to true, then d_add is called, else d_instantiate is called | |
68 | * | |
69 | * Interposes upper and lower dentries. | |
70 | * | |
71 | * Returns zero on success; non-zero otherwise | |
72 | */ | |
73 | int ecryptfs_interpose(struct dentry *lower_dentry, struct dentry *dentry, | |
74 | struct super_block *sb, int flag) | |
75 | { | |
76 | struct inode *lower_inode; | |
77 | struct inode *inode; | |
78 | int rc = 0; | |
79 | ||
80 | lower_inode = lower_dentry->d_inode; | |
81 | if (lower_inode->i_sb != ecryptfs_superblock_to_lower(sb)) { | |
82 | rc = -EXDEV; | |
83 | goto out; | |
84 | } | |
85 | if (!igrab(lower_inode)) { | |
86 | rc = -ESTALE; | |
87 | goto out; | |
88 | } | |
89 | inode = iget5_locked(sb, (unsigned long)lower_inode, | |
90 | ecryptfs_inode_test, ecryptfs_inode_set, | |
91 | lower_inode); | |
92 | if (!inode) { | |
93 | rc = -EACCES; | |
94 | iput(lower_inode); | |
95 | goto out; | |
96 | } | |
97 | if (inode->i_state & I_NEW) | |
98 | unlock_new_inode(inode); | |
99 | else | |
100 | iput(lower_inode); | |
101 | if (S_ISLNK(lower_inode->i_mode)) | |
102 | inode->i_op = &ecryptfs_symlink_iops; | |
103 | else if (S_ISDIR(lower_inode->i_mode)) | |
104 | inode->i_op = &ecryptfs_dir_iops; | |
105 | if (S_ISDIR(lower_inode->i_mode)) | |
106 | inode->i_fop = &ecryptfs_dir_fops; | |
107 | /* TODO: Is there a better way to identify if the inode is | |
108 | * special? */ | |
109 | if (S_ISBLK(lower_inode->i_mode) || S_ISCHR(lower_inode->i_mode) || | |
110 | S_ISFIFO(lower_inode->i_mode) || S_ISSOCK(lower_inode->i_mode)) | |
111 | init_special_inode(inode, lower_inode->i_mode, | |
112 | lower_inode->i_rdev); | |
113 | dentry->d_op = &ecryptfs_dops; | |
114 | if (flag) | |
115 | d_add(dentry, inode); | |
116 | else | |
117 | d_instantiate(dentry, inode); | |
118 | ecryptfs_copy_attr_all(inode, lower_inode); | |
119 | /* This size will be overwritten for real files w/ headers and | |
120 | * other metadata */ | |
121 | ecryptfs_copy_inode_size(inode, lower_inode); | |
122 | out: | |
123 | return rc; | |
124 | } | |
125 | ||
126 | enum { ecryptfs_opt_sig, ecryptfs_opt_ecryptfs_sig, ecryptfs_opt_debug, | |
127 | ecryptfs_opt_ecryptfs_debug, ecryptfs_opt_cipher, | |
128 | ecryptfs_opt_ecryptfs_cipher, ecryptfs_opt_ecryptfs_key_bytes, | |
129 | ecryptfs_opt_passthrough, ecryptfs_opt_err }; | |
130 | ||
131 | static match_table_t tokens = { | |
132 | {ecryptfs_opt_sig, "sig=%s"}, | |
133 | {ecryptfs_opt_ecryptfs_sig, "ecryptfs_sig=%s"}, | |
134 | {ecryptfs_opt_debug, "debug=%u"}, | |
135 | {ecryptfs_opt_ecryptfs_debug, "ecryptfs_debug=%u"}, | |
136 | {ecryptfs_opt_cipher, "cipher=%s"}, | |
137 | {ecryptfs_opt_ecryptfs_cipher, "ecryptfs_cipher=%s"}, | |
138 | {ecryptfs_opt_ecryptfs_key_bytes, "ecryptfs_key_bytes=%u"}, | |
139 | {ecryptfs_opt_passthrough, "ecryptfs_passthrough"}, | |
140 | {ecryptfs_opt_err, NULL} | |
141 | }; | |
142 | ||
143 | /** | |
144 | * ecryptfs_verify_version | |
145 | * @version: The version number to confirm | |
146 | * | |
147 | * Returns zero on good version; non-zero otherwise | |
148 | */ | |
149 | static int ecryptfs_verify_version(u16 version) | |
150 | { | |
151 | int rc = 0; | |
152 | unsigned char major; | |
153 | unsigned char minor; | |
154 | ||
155 | major = ((version >> 8) & 0xFF); | |
156 | minor = (version & 0xFF); | |
157 | if (major != ECRYPTFS_VERSION_MAJOR) { | |
158 | ecryptfs_printk(KERN_ERR, "Major version number mismatch. " | |
159 | "Expected [%d]; got [%d]\n", | |
160 | ECRYPTFS_VERSION_MAJOR, major); | |
161 | rc = -EINVAL; | |
162 | goto out; | |
163 | } | |
164 | if (minor != ECRYPTFS_VERSION_MINOR) { | |
165 | ecryptfs_printk(KERN_ERR, "Minor version number mismatch. " | |
166 | "Expected [%d]; got [%d]\n", | |
167 | ECRYPTFS_VERSION_MINOR, minor); | |
168 | rc = -EINVAL; | |
169 | goto out; | |
170 | } | |
171 | out: | |
172 | return rc; | |
173 | } | |
174 | ||
175 | /** | |
176 | * ecryptfs_parse_options | |
177 | * @sb: The ecryptfs super block | |
178 | * @options: The options pased to the kernel | |
179 | * | |
180 | * Parse mount options: | |
181 | * debug=N - ecryptfs_verbosity level for debug output | |
182 | * sig=XXX - description(signature) of the key to use | |
183 | * | |
184 | * Returns the dentry object of the lower-level (lower/interposed) | |
185 | * directory; We want to mount our stackable file system on top of | |
186 | * that lower directory. | |
187 | * | |
188 | * The signature of the key to use must be the description of a key | |
189 | * already in the keyring. Mounting will fail if the key can not be | |
190 | * found. | |
191 | * | |
192 | * Returns zero on success; non-zero on error | |
193 | */ | |
194 | static int ecryptfs_parse_options(struct super_block *sb, char *options) | |
195 | { | |
196 | char *p; | |
197 | int rc = 0; | |
198 | int sig_set = 0; | |
199 | int cipher_name_set = 0; | |
200 | int cipher_key_bytes; | |
201 | int cipher_key_bytes_set = 0; | |
202 | struct key *auth_tok_key = NULL; | |
203 | struct ecryptfs_auth_tok *auth_tok = NULL; | |
204 | struct ecryptfs_mount_crypt_stat *mount_crypt_stat = | |
205 | &ecryptfs_superblock_to_private(sb)->mount_crypt_stat; | |
206 | substring_t args[MAX_OPT_ARGS]; | |
207 | int token; | |
208 | char *sig_src; | |
209 | char *sig_dst; | |
210 | char *debug_src; | |
211 | char *cipher_name_dst; | |
212 | char *cipher_name_src; | |
213 | char *cipher_key_bytes_src; | |
214 | struct crypto_tfm *tmp_tfm; | |
215 | int cipher_name_len; | |
216 | ||
217 | if (!options) { | |
218 | rc = -EINVAL; | |
219 | goto out; | |
220 | } | |
221 | while ((p = strsep(&options, ",")) != NULL) { | |
222 | if (!*p) | |
223 | continue; | |
224 | token = match_token(p, tokens, args); | |
225 | switch (token) { | |
226 | case ecryptfs_opt_sig: | |
227 | case ecryptfs_opt_ecryptfs_sig: | |
228 | sig_src = args[0].from; | |
229 | sig_dst = | |
230 | mount_crypt_stat->global_auth_tok_sig; | |
231 | memcpy(sig_dst, sig_src, ECRYPTFS_SIG_SIZE_HEX); | |
232 | sig_dst[ECRYPTFS_SIG_SIZE_HEX] = '\0'; | |
233 | ecryptfs_printk(KERN_DEBUG, | |
234 | "The mount_crypt_stat " | |
235 | "global_auth_tok_sig set to: " | |
236 | "[%s]\n", sig_dst); | |
237 | sig_set = 1; | |
238 | break; | |
239 | case ecryptfs_opt_debug: | |
240 | case ecryptfs_opt_ecryptfs_debug: | |
241 | debug_src = args[0].from; | |
242 | ecryptfs_verbosity = | |
243 | (int)simple_strtol(debug_src, &debug_src, | |
244 | 0); | |
245 | ecryptfs_printk(KERN_DEBUG, | |
246 | "Verbosity set to [%d]" "\n", | |
247 | ecryptfs_verbosity); | |
248 | break; | |
249 | case ecryptfs_opt_cipher: | |
250 | case ecryptfs_opt_ecryptfs_cipher: | |
251 | cipher_name_src = args[0].from; | |
252 | cipher_name_dst = | |
253 | mount_crypt_stat-> | |
254 | global_default_cipher_name; | |
255 | strncpy(cipher_name_dst, cipher_name_src, | |
256 | ECRYPTFS_MAX_CIPHER_NAME_SIZE); | |
257 | ecryptfs_printk(KERN_DEBUG, | |
258 | "The mount_crypt_stat " | |
259 | "global_default_cipher_name set to: " | |
260 | "[%s]\n", cipher_name_dst); | |
261 | cipher_name_set = 1; | |
262 | break; | |
263 | case ecryptfs_opt_ecryptfs_key_bytes: | |
264 | cipher_key_bytes_src = args[0].from; | |
265 | cipher_key_bytes = | |
266 | (int)simple_strtol(cipher_key_bytes_src, | |
267 | &cipher_key_bytes_src, 0); | |
268 | mount_crypt_stat->global_default_cipher_key_size = | |
269 | cipher_key_bytes; | |
270 | ecryptfs_printk(KERN_DEBUG, | |
271 | "The mount_crypt_stat " | |
272 | "global_default_cipher_key_size " | |
273 | "set to: [%d]\n", mount_crypt_stat-> | |
274 | global_default_cipher_key_size); | |
275 | cipher_key_bytes_set = 1; | |
276 | break; | |
277 | case ecryptfs_opt_passthrough: | |
278 | mount_crypt_stat->flags |= | |
279 | ECRYPTFS_PLAINTEXT_PASSTHROUGH_ENABLED; | |
280 | break; | |
281 | case ecryptfs_opt_err: | |
282 | default: | |
283 | ecryptfs_printk(KERN_WARNING, | |
284 | "eCryptfs: unrecognized option '%s'\n", | |
285 | p); | |
286 | } | |
287 | } | |
288 | /* Do not support lack of mount-wide signature in 0.1 | |
289 | * release */ | |
290 | if (!sig_set) { | |
291 | rc = -EINVAL; | |
292 | ecryptfs_printk(KERN_ERR, "You must supply a valid " | |
293 | "passphrase auth tok signature as a mount " | |
294 | "parameter; see the eCryptfs README\n"); | |
295 | goto out; | |
296 | } | |
297 | if (!cipher_name_set) { | |
298 | cipher_name_len = strlen(ECRYPTFS_DEFAULT_CIPHER); | |
299 | if (unlikely(cipher_name_len | |
300 | >= ECRYPTFS_MAX_CIPHER_NAME_SIZE)) { | |
301 | rc = -EINVAL; | |
302 | BUG(); | |
303 | goto out; | |
304 | } | |
305 | memcpy(mount_crypt_stat->global_default_cipher_name, | |
306 | ECRYPTFS_DEFAULT_CIPHER, cipher_name_len); | |
307 | mount_crypt_stat->global_default_cipher_name[cipher_name_len] | |
308 | = '\0'; | |
309 | } | |
310 | if (!cipher_key_bytes_set) { | |
311 | mount_crypt_stat->global_default_cipher_key_size = | |
312 | ECRYPTFS_DEFAULT_KEY_BYTES; | |
313 | ecryptfs_printk(KERN_DEBUG, "Cipher key size was not " | |
314 | "specified. Defaulting to [%d]\n", | |
315 | mount_crypt_stat-> | |
316 | global_default_cipher_key_size); | |
317 | } | |
318 | rc = ecryptfs_process_cipher( | |
319 | &tmp_tfm, | |
320 | &mount_crypt_stat->global_key_tfm, | |
321 | mount_crypt_stat->global_default_cipher_name, | |
322 | mount_crypt_stat->global_default_cipher_key_size); | |
323 | if (tmp_tfm) | |
324 | crypto_free_tfm(tmp_tfm); | |
325 | if (rc) { | |
326 | printk(KERN_ERR "Error attempting to initialize cipher [%s] " | |
327 | "with key size [%Zd] bytes; rc = [%d]\n", | |
328 | mount_crypt_stat->global_default_cipher_name, | |
329 | mount_crypt_stat->global_default_cipher_key_size, rc); | |
330 | rc = -EINVAL; | |
331 | goto out; | |
332 | } | |
333 | mutex_init(&mount_crypt_stat->global_key_tfm_mutex); | |
334 | ecryptfs_printk(KERN_DEBUG, "Requesting the key with description: " | |
335 | "[%s]\n", mount_crypt_stat->global_auth_tok_sig); | |
336 | /* The reference to this key is held until umount is done The | |
337 | * call to key_put is done in ecryptfs_put_super() */ | |
338 | auth_tok_key = request_key(&key_type_user, | |
339 | mount_crypt_stat->global_auth_tok_sig, | |
340 | NULL); | |
341 | if (!auth_tok_key || IS_ERR(auth_tok_key)) { | |
342 | ecryptfs_printk(KERN_ERR, "Could not find key with " | |
343 | "description: [%s]\n", | |
344 | mount_crypt_stat->global_auth_tok_sig); | |
345 | process_request_key_err(PTR_ERR(auth_tok_key)); | |
346 | rc = -EINVAL; | |
347 | goto out; | |
348 | } | |
349 | auth_tok = ecryptfs_get_key_payload_data(auth_tok_key); | |
350 | if (ecryptfs_verify_version(auth_tok->version)) { | |
351 | ecryptfs_printk(KERN_ERR, "Data structure version mismatch. " | |
352 | "Userspace tools must match eCryptfs kernel " | |
353 | "module with major version [%d] and minor " | |
354 | "version [%d]\n", ECRYPTFS_VERSION_MAJOR, | |
355 | ECRYPTFS_VERSION_MINOR); | |
356 | rc = -EINVAL; | |
357 | goto out; | |
358 | } | |
359 | if (auth_tok->token_type != ECRYPTFS_PASSWORD) { | |
360 | ecryptfs_printk(KERN_ERR, "Invalid auth_tok structure " | |
361 | "returned from key\n"); | |
362 | rc = -EINVAL; | |
363 | goto out; | |
364 | } | |
365 | mount_crypt_stat->global_auth_tok_key = auth_tok_key; | |
366 | mount_crypt_stat->global_auth_tok = auth_tok; | |
367 | out: | |
368 | return rc; | |
369 | } | |
370 | ||
371 | struct kmem_cache *ecryptfs_sb_info_cache; | |
372 | ||
373 | /** | |
374 | * ecryptfs_fill_super | |
375 | * @sb: The ecryptfs super block | |
376 | * @raw_data: The options passed to mount | |
377 | * @silent: Not used but required by function prototype | |
378 | * | |
379 | * Sets up what we can of the sb, rest is done in ecryptfs_read_super | |
380 | * | |
381 | * Returns zero on success; non-zero otherwise | |
382 | */ | |
383 | static int | |
384 | ecryptfs_fill_super(struct super_block *sb, void *raw_data, int silent) | |
385 | { | |
386 | int rc = 0; | |
387 | ||
388 | /* Released in ecryptfs_put_super() */ | |
389 | ecryptfs_set_superblock_private(sb, | |
390 | kmem_cache_alloc(ecryptfs_sb_info_cache, | |
391 | SLAB_KERNEL)); | |
392 | if (!ecryptfs_superblock_to_private(sb)) { | |
393 | ecryptfs_printk(KERN_WARNING, "Out of memory\n"); | |
394 | rc = -ENOMEM; | |
395 | goto out; | |
396 | } | |
397 | memset(ecryptfs_superblock_to_private(sb), 0, | |
398 | sizeof(struct ecryptfs_sb_info)); | |
399 | sb->s_op = &ecryptfs_sops; | |
400 | /* Released through deactivate_super(sb) from get_sb_nodev */ | |
401 | sb->s_root = d_alloc(NULL, &(const struct qstr) { | |
402 | .hash = 0,.name = "/",.len = 1}); | |
403 | if (!sb->s_root) { | |
404 | ecryptfs_printk(KERN_ERR, "d_alloc failed\n"); | |
405 | rc = -ENOMEM; | |
406 | goto out; | |
407 | } | |
408 | sb->s_root->d_op = &ecryptfs_dops; | |
409 | sb->s_root->d_sb = sb; | |
410 | sb->s_root->d_parent = sb->s_root; | |
411 | /* Released in d_release when dput(sb->s_root) is called */ | |
412 | /* through deactivate_super(sb) from get_sb_nodev() */ | |
413 | ecryptfs_set_dentry_private(sb->s_root, | |
414 | kmem_cache_alloc(ecryptfs_dentry_info_cache, | |
415 | SLAB_KERNEL)); | |
416 | if (!ecryptfs_dentry_to_private(sb->s_root)) { | |
417 | ecryptfs_printk(KERN_ERR, | |
418 | "dentry_info_cache alloc failed\n"); | |
419 | rc = -ENOMEM; | |
420 | goto out; | |
421 | } | |
422 | memset(ecryptfs_dentry_to_private(sb->s_root), 0, | |
423 | sizeof(struct ecryptfs_dentry_info)); | |
424 | rc = 0; | |
425 | out: | |
426 | /* Should be able to rely on deactivate_super called from | |
427 | * get_sb_nodev */ | |
428 | return rc; | |
429 | } | |
430 | ||
431 | /** | |
432 | * ecryptfs_read_super | |
433 | * @sb: The ecryptfs super block | |
434 | * @dev_name: The path to mount over | |
435 | * | |
436 | * Read the super block of the lower filesystem, and use | |
437 | * ecryptfs_interpose to create our initial inode and super block | |
438 | * struct. | |
439 | */ | |
440 | static int ecryptfs_read_super(struct super_block *sb, const char *dev_name) | |
441 | { | |
442 | int rc; | |
443 | struct nameidata nd; | |
444 | struct dentry *lower_root; | |
445 | struct vfsmount *lower_mnt; | |
446 | ||
447 | memset(&nd, 0, sizeof(struct nameidata)); | |
448 | rc = path_lookup(dev_name, LOOKUP_FOLLOW, &nd); | |
449 | if (rc) { | |
450 | ecryptfs_printk(KERN_WARNING, "path_lookup() failed\n"); | |
451 | goto out_free; | |
452 | } | |
453 | lower_root = nd.dentry; | |
454 | if (!lower_root->d_inode) { | |
455 | ecryptfs_printk(KERN_WARNING, | |
456 | "No directory to interpose on\n"); | |
457 | rc = -ENOENT; | |
458 | goto out_free; | |
459 | } | |
460 | lower_mnt = nd.mnt; | |
461 | ecryptfs_set_superblock_lower(sb, lower_root->d_sb); | |
462 | sb->s_maxbytes = lower_root->d_sb->s_maxbytes; | |
463 | ecryptfs_set_dentry_lower(sb->s_root, lower_root); | |
464 | ecryptfs_set_dentry_lower_mnt(sb->s_root, lower_mnt); | |
465 | if ((rc = ecryptfs_interpose(lower_root, sb->s_root, sb, 0))) | |
466 | goto out_free; | |
467 | rc = 0; | |
468 | goto out; | |
469 | out_free: | |
470 | path_release(&nd); | |
471 | out: | |
472 | return rc; | |
473 | } | |
474 | ||
475 | /** | |
476 | * ecryptfs_get_sb | |
477 | * @fs_type | |
478 | * @flags | |
479 | * @dev_name: The path to mount over | |
480 | * @raw_data: The options passed into the kernel | |
481 | * | |
482 | * The whole ecryptfs_get_sb process is broken into 4 functions: | |
483 | * ecryptfs_parse_options(): handle options passed to ecryptfs, if any | |
484 | * ecryptfs_fill_super(): used by get_sb_nodev, fills out the super_block | |
485 | * with as much information as it can before needing | |
486 | * the lower filesystem. | |
487 | * ecryptfs_read_super(): this accesses the lower filesystem and uses | |
488 | * ecryptfs_interpolate to perform most of the linking | |
489 | * ecryptfs_interpolate(): links the lower filesystem into ecryptfs | |
490 | */ | |
491 | static int ecryptfs_get_sb(struct file_system_type *fs_type, int flags, | |
492 | const char *dev_name, void *raw_data, | |
493 | struct vfsmount *mnt) | |
494 | { | |
495 | int rc; | |
496 | struct super_block *sb; | |
497 | ||
498 | rc = get_sb_nodev(fs_type, flags, raw_data, ecryptfs_fill_super, mnt); | |
499 | if (rc < 0) { | |
500 | printk(KERN_ERR "Getting sb failed; rc = [%d]\n", rc); | |
501 | goto out; | |
502 | } | |
503 | sb = mnt->mnt_sb; | |
504 | rc = ecryptfs_parse_options(sb, raw_data); | |
505 | if (rc) { | |
506 | printk(KERN_ERR "Error parsing options; rc = [%d]\n", rc); | |
507 | goto out_abort; | |
508 | } | |
509 | rc = ecryptfs_read_super(sb, dev_name); | |
510 | if (rc) { | |
511 | printk(KERN_ERR "Reading sb failed; rc = [%d]\n", rc); | |
512 | goto out_abort; | |
513 | } | |
514 | goto out; | |
515 | out_abort: | |
516 | dput(sb->s_root); | |
517 | up_write(&sb->s_umount); | |
518 | deactivate_super(sb); | |
519 | out: | |
520 | return rc; | |
521 | } | |
522 | ||
523 | /** | |
524 | * ecryptfs_kill_block_super | |
525 | * @sb: The ecryptfs super block | |
526 | * | |
527 | * Used to bring the superblock down and free the private data. | |
528 | * Private data is free'd in ecryptfs_put_super() | |
529 | */ | |
530 | static void ecryptfs_kill_block_super(struct super_block *sb) | |
531 | { | |
532 | generic_shutdown_super(sb); | |
533 | } | |
534 | ||
535 | static struct file_system_type ecryptfs_fs_type = { | |
536 | .owner = THIS_MODULE, | |
537 | .name = "ecryptfs", | |
538 | .get_sb = ecryptfs_get_sb, | |
539 | .kill_sb = ecryptfs_kill_block_super, | |
540 | .fs_flags = 0 | |
541 | }; | |
542 | ||
543 | /** | |
544 | * inode_info_init_once | |
545 | * | |
546 | * Initializes the ecryptfs_inode_info_cache when it is created | |
547 | */ | |
548 | static void | |
549 | inode_info_init_once(void *vptr, struct kmem_cache *cachep, unsigned long flags) | |
550 | { | |
551 | struct ecryptfs_inode_info *ei = (struct ecryptfs_inode_info *)vptr; | |
552 | ||
553 | if ((flags & (SLAB_CTOR_VERIFY | SLAB_CTOR_CONSTRUCTOR)) == | |
554 | SLAB_CTOR_CONSTRUCTOR) | |
555 | inode_init_once(&ei->vfs_inode); | |
556 | } | |
557 | ||
558 | static struct ecryptfs_cache_info { | |
559 | kmem_cache_t **cache; | |
560 | const char *name; | |
561 | size_t size; | |
562 | void (*ctor)(void*, struct kmem_cache *, unsigned long); | |
563 | } ecryptfs_cache_infos[] = { | |
564 | { | |
565 | .cache = &ecryptfs_auth_tok_list_item_cache, | |
566 | .name = "ecryptfs_auth_tok_list_item", | |
567 | .size = sizeof(struct ecryptfs_auth_tok_list_item), | |
568 | }, | |
569 | { | |
570 | .cache = &ecryptfs_file_info_cache, | |
571 | .name = "ecryptfs_file_cache", | |
572 | .size = sizeof(struct ecryptfs_file_info), | |
573 | }, | |
574 | { | |
575 | .cache = &ecryptfs_dentry_info_cache, | |
576 | .name = "ecryptfs_dentry_info_cache", | |
577 | .size = sizeof(struct ecryptfs_dentry_info), | |
578 | }, | |
579 | { | |
580 | .cache = &ecryptfs_inode_info_cache, | |
581 | .name = "ecryptfs_inode_cache", | |
582 | .size = sizeof(struct ecryptfs_inode_info), | |
583 | .ctor = inode_info_init_once, | |
584 | }, | |
585 | { | |
586 | .cache = &ecryptfs_sb_info_cache, | |
587 | .name = "ecryptfs_sb_cache", | |
588 | .size = sizeof(struct ecryptfs_sb_info), | |
589 | }, | |
590 | { | |
591 | .cache = &ecryptfs_header_cache_0, | |
592 | .name = "ecryptfs_headers_0", | |
593 | .size = PAGE_CACHE_SIZE, | |
594 | }, | |
595 | { | |
596 | .cache = &ecryptfs_header_cache_1, | |
597 | .name = "ecryptfs_headers_1", | |
598 | .size = PAGE_CACHE_SIZE, | |
599 | }, | |
600 | { | |
601 | .cache = &ecryptfs_header_cache_2, | |
602 | .name = "ecryptfs_headers_2", | |
603 | .size = PAGE_CACHE_SIZE, | |
604 | }, | |
605 | { | |
606 | .cache = &ecryptfs_lower_page_cache, | |
607 | .name = "ecryptfs_lower_page_cache", | |
608 | .size = PAGE_CACHE_SIZE, | |
609 | }, | |
610 | }; | |
611 | ||
612 | static void ecryptfs_free_kmem_caches(void) | |
613 | { | |
614 | int i; | |
615 | ||
616 | for (i = 0; i < ARRAY_SIZE(ecryptfs_cache_infos); i++) { | |
617 | struct ecryptfs_cache_info *info; | |
618 | ||
619 | info = &ecryptfs_cache_infos[i]; | |
620 | if (*(info->cache)) | |
621 | kmem_cache_destroy(*(info->cache)); | |
622 | } | |
623 | } | |
624 | ||
625 | /** | |
626 | * ecryptfs_init_kmem_caches | |
627 | * | |
628 | * Returns zero on success; non-zero otherwise | |
629 | */ | |
630 | static int ecryptfs_init_kmem_caches(void) | |
631 | { | |
632 | int i; | |
633 | ||
634 | for (i = 0; i < ARRAY_SIZE(ecryptfs_cache_infos); i++) { | |
635 | struct ecryptfs_cache_info *info; | |
636 | ||
637 | info = &ecryptfs_cache_infos[i]; | |
638 | *(info->cache) = kmem_cache_create(info->name, info->size, | |
639 | 0, SLAB_HWCACHE_ALIGN, info->ctor, NULL); | |
640 | if (!*(info->cache)) { | |
641 | ecryptfs_free_kmem_caches(); | |
642 | ecryptfs_printk(KERN_WARNING, "%s: " | |
643 | "kmem_cache_create failed\n", | |
644 | info->name); | |
645 | return -ENOMEM; | |
646 | } | |
647 | } | |
648 | return 0; | |
649 | } | |
650 | ||
651 | struct ecryptfs_obj { | |
652 | char *name; | |
653 | struct list_head slot_list; | |
654 | struct kobject kobj; | |
655 | }; | |
656 | ||
657 | struct ecryptfs_attribute { | |
658 | struct attribute attr; | |
659 | ssize_t(*show) (struct ecryptfs_obj *, char *); | |
660 | ssize_t(*store) (struct ecryptfs_obj *, const char *, size_t); | |
661 | }; | |
662 | ||
663 | static ssize_t | |
664 | ecryptfs_attr_store(struct kobject *kobj, | |
665 | struct attribute *attr, const char *buf, size_t len) | |
666 | { | |
667 | struct ecryptfs_obj *obj = container_of(kobj, struct ecryptfs_obj, | |
668 | kobj); | |
669 | struct ecryptfs_attribute *attribute = | |
670 | container_of(attr, struct ecryptfs_attribute, attr); | |
671 | ||
672 | return (attribute->store ? attribute->store(obj, buf, len) : 0); | |
673 | } | |
674 | ||
675 | static ssize_t | |
676 | ecryptfs_attr_show(struct kobject *kobj, struct attribute *attr, char *buf) | |
677 | { | |
678 | struct ecryptfs_obj *obj = container_of(kobj, struct ecryptfs_obj, | |
679 | kobj); | |
680 | struct ecryptfs_attribute *attribute = | |
681 | container_of(attr, struct ecryptfs_attribute, attr); | |
682 | ||
683 | return (attribute->show ? attribute->show(obj, buf) : 0); | |
684 | } | |
685 | ||
686 | static struct sysfs_ops ecryptfs_sysfs_ops = { | |
687 | .show = ecryptfs_attr_show, | |
688 | .store = ecryptfs_attr_store | |
689 | }; | |
690 | ||
691 | static struct kobj_type ecryptfs_ktype = { | |
692 | .sysfs_ops = &ecryptfs_sysfs_ops | |
693 | }; | |
694 | ||
695 | static decl_subsys(ecryptfs, &ecryptfs_ktype, NULL); | |
696 | ||
697 | static ssize_t version_show(struct ecryptfs_obj *obj, char *buff) | |
698 | { | |
699 | return snprintf(buff, PAGE_SIZE, "%d\n", ECRYPTFS_VERSIONING_MASK); | |
700 | } | |
701 | ||
702 | static struct ecryptfs_attribute sysfs_attr_version = __ATTR_RO(version); | |
703 | ||
704 | struct ecryptfs_version_str_map_elem { | |
705 | u32 flag; | |
706 | char *str; | |
707 | } ecryptfs_version_str_map[] = { | |
708 | {ECRYPTFS_VERSIONING_PASSPHRASE, "passphrase"}, | |
709 | {ECRYPTFS_VERSIONING_PUBKEY, "pubkey"}, | |
710 | {ECRYPTFS_VERSIONING_PLAINTEXT_PASSTHROUGH, "plaintext passthrough"}, | |
711 | {ECRYPTFS_VERSIONING_POLICY, "policy"} | |
712 | }; | |
713 | ||
714 | static ssize_t version_str_show(struct ecryptfs_obj *obj, char *buff) | |
715 | { | |
716 | int i; | |
717 | int remaining = PAGE_SIZE; | |
718 | int total_written = 0; | |
719 | ||
720 | buff[0] = '\0'; | |
721 | for (i = 0; i < ARRAY_SIZE(ecryptfs_version_str_map); i++) { | |
722 | int entry_size; | |
723 | ||
724 | if (!(ECRYPTFS_VERSIONING_MASK | |
725 | & ecryptfs_version_str_map[i].flag)) | |
726 | continue; | |
727 | entry_size = strlen(ecryptfs_version_str_map[i].str); | |
728 | if ((entry_size + 2) > remaining) | |
729 | goto out; | |
730 | memcpy(buff, ecryptfs_version_str_map[i].str, entry_size); | |
731 | buff[entry_size++] = '\n'; | |
732 | buff[entry_size] = '\0'; | |
733 | buff += entry_size; | |
734 | total_written += entry_size; | |
735 | remaining -= entry_size; | |
736 | } | |
737 | out: | |
738 | return total_written; | |
739 | } | |
740 | ||
741 | static struct ecryptfs_attribute sysfs_attr_version_str = __ATTR_RO(version_str); | |
742 | ||
743 | static int do_sysfs_registration(void) | |
744 | { | |
745 | int rc; | |
746 | ||
747 | if ((rc = subsystem_register(&ecryptfs_subsys))) { | |
748 | printk(KERN_ERR | |
749 | "Unable to register ecryptfs sysfs subsystem\n"); | |
750 | goto out; | |
751 | } | |
752 | rc = sysfs_create_file(&ecryptfs_subsys.kset.kobj, | |
753 | &sysfs_attr_version.attr); | |
754 | if (rc) { | |
755 | printk(KERN_ERR | |
756 | "Unable to create ecryptfs version attribute\n"); | |
757 | subsystem_unregister(&ecryptfs_subsys); | |
758 | goto out; | |
759 | } | |
760 | rc = sysfs_create_file(&ecryptfs_subsys.kset.kobj, | |
761 | &sysfs_attr_version_str.attr); | |
762 | if (rc) { | |
763 | printk(KERN_ERR | |
764 | "Unable to create ecryptfs version_str attribute\n"); | |
765 | sysfs_remove_file(&ecryptfs_subsys.kset.kobj, | |
766 | &sysfs_attr_version.attr); | |
767 | subsystem_unregister(&ecryptfs_subsys); | |
768 | goto out; | |
769 | } | |
770 | out: | |
771 | return rc; | |
772 | } | |
773 | ||
774 | static int __init ecryptfs_init(void) | |
775 | { | |
776 | int rc; | |
777 | ||
778 | if (ECRYPTFS_DEFAULT_EXTENT_SIZE > PAGE_CACHE_SIZE) { | |
779 | rc = -EINVAL; | |
780 | ecryptfs_printk(KERN_ERR, "The eCryptfs extent size is " | |
781 | "larger than the host's page size, and so " | |
782 | "eCryptfs cannot run on this system. The " | |
783 | "default eCryptfs extent size is [%d] bytes; " | |
784 | "the page size is [%d] bytes.\n", | |
785 | ECRYPTFS_DEFAULT_EXTENT_SIZE, PAGE_CACHE_SIZE); | |
786 | goto out; | |
787 | } | |
788 | rc = ecryptfs_init_kmem_caches(); | |
789 | if (rc) { | |
790 | printk(KERN_ERR | |
791 | "Failed to allocate one or more kmem_cache objects\n"); | |
792 | goto out; | |
793 | } | |
794 | rc = register_filesystem(&ecryptfs_fs_type); | |
795 | if (rc) { | |
796 | printk(KERN_ERR "Failed to register filesystem\n"); | |
797 | ecryptfs_free_kmem_caches(); | |
798 | goto out; | |
799 | } | |
800 | kset_set_kset_s(&ecryptfs_subsys, fs_subsys); | |
801 | sysfs_attr_version.attr.owner = THIS_MODULE; | |
802 | sysfs_attr_version_str.attr.owner = THIS_MODULE; | |
803 | rc = do_sysfs_registration(); | |
804 | if (rc) { | |
805 | printk(KERN_ERR "sysfs registration failed\n"); | |
806 | unregister_filesystem(&ecryptfs_fs_type); | |
807 | ecryptfs_free_kmem_caches(); | |
808 | goto out; | |
809 | } | |
810 | out: | |
811 | return rc; | |
812 | } | |
813 | ||
814 | static void __exit ecryptfs_exit(void) | |
815 | { | |
816 | sysfs_remove_file(&ecryptfs_subsys.kset.kobj, | |
817 | &sysfs_attr_version.attr); | |
818 | sysfs_remove_file(&ecryptfs_subsys.kset.kobj, | |
819 | &sysfs_attr_version_str.attr); | |
820 | subsystem_unregister(&ecryptfs_subsys); | |
821 | unregister_filesystem(&ecryptfs_fs_type); | |
822 | ecryptfs_free_kmem_caches(); | |
823 | } | |
824 | ||
825 | MODULE_AUTHOR("Michael A. Halcrow <mhalcrow@us.ibm.com>"); | |
826 | MODULE_DESCRIPTION("eCryptfs"); | |
827 | ||
828 | MODULE_LICENSE("GPL"); | |
829 | ||
830 | module_init(ecryptfs_init) | |
831 | module_exit(ecryptfs_exit) |