Commit | Line | Data |
---|---|---|
237fead6 MH |
1 | /** |
2 | * eCryptfs: Linux filesystem encryption layer | |
3 | * | |
4 | * Copyright (C) 1997-2003 Erez Zadok | |
5 | * Copyright (C) 2001-2003 Stony Brook University | |
6 | * Copyright (C) 2004-2006 International Business Machines Corp. | |
7 | * Author(s): Michael A. Halcrow <mahalcro@us.ibm.com> | |
8 | * Michael C. Thompson <mcthomps@us.ibm.com> | |
dddfa461 | 9 | * Tyler Hicks <tyhicks@ou.edu> |
237fead6 MH |
10 | * |
11 | * This program is free software; you can redistribute it and/or | |
12 | * modify it under the terms of the GNU General Public License as | |
13 | * published by the Free Software Foundation; either version 2 of the | |
14 | * License, or (at your option) any later version. | |
15 | * | |
16 | * This program is distributed in the hope that it will be useful, but | |
17 | * WITHOUT ANY WARRANTY; without even the implied warranty of | |
18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
19 | * General Public License for more details. | |
20 | * | |
21 | * You should have received a copy of the GNU General Public License | |
22 | * along with this program; if not, write to the Free Software | |
23 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA | |
24 | * 02111-1307, USA. | |
25 | */ | |
26 | ||
27 | #include <linux/dcache.h> | |
28 | #include <linux/file.h> | |
29 | #include <linux/module.h> | |
30 | #include <linux/namei.h> | |
31 | #include <linux/skbuff.h> | |
32 | #include <linux/crypto.h> | |
33 | #include <linux/netlink.h> | |
34 | #include <linux/mount.h> | |
35 | #include <linux/dcache.h> | |
36 | #include <linux/pagemap.h> | |
37 | #include <linux/key.h> | |
38 | #include <linux/parser.h> | |
0cc72dc7 | 39 | #include <linux/fs_stack.h> |
237fead6 MH |
40 | #include "ecryptfs_kernel.h" |
41 | ||
42 | /** | |
43 | * Module parameter that defines the ecryptfs_verbosity level. | |
44 | */ | |
45 | int ecryptfs_verbosity = 0; | |
46 | ||
47 | module_param(ecryptfs_verbosity, int, 0); | |
48 | MODULE_PARM_DESC(ecryptfs_verbosity, | |
49 | "Initial verbosity level (0 or 1; defaults to " | |
50 | "0, which is Quiet)"); | |
51 | ||
dddfa461 MH |
52 | /** |
53 | * Module parameter that defines the number of netlink message buffer | |
54 | * elements | |
55 | */ | |
56 | unsigned int ecryptfs_message_buf_len = ECRYPTFS_DEFAULT_MSG_CTX_ELEMS; | |
57 | ||
58 | module_param(ecryptfs_message_buf_len, uint, 0); | |
59 | MODULE_PARM_DESC(ecryptfs_message_buf_len, | |
60 | "Number of message buffer elements"); | |
61 | ||
62 | /** | |
63 | * Module parameter that defines the maximum guaranteed amount of time to wait | |
64 | * for a response through netlink. The actual sleep time will be, more than | |
65 | * likely, a small amount greater than this specified value, but only less if | |
66 | * the netlink message successfully arrives. | |
67 | */ | |
68 | signed long ecryptfs_message_wait_timeout = ECRYPTFS_MAX_MSG_CTX_TTL / HZ; | |
69 | ||
70 | module_param(ecryptfs_message_wait_timeout, long, 0); | |
71 | MODULE_PARM_DESC(ecryptfs_message_wait_timeout, | |
72 | "Maximum number of seconds that an operation will " | |
73 | "sleep while waiting for a message response from " | |
74 | "userspace"); | |
75 | ||
76 | /** | |
77 | * Module parameter that is an estimate of the maximum number of users | |
78 | * that will be concurrently using eCryptfs. Set this to the right | |
79 | * value to balance performance and memory use. | |
80 | */ | |
81 | unsigned int ecryptfs_number_of_users = ECRYPTFS_DEFAULT_NUM_USERS; | |
82 | ||
83 | module_param(ecryptfs_number_of_users, uint, 0); | |
84 | MODULE_PARM_DESC(ecryptfs_number_of_users, "An estimate of the number of " | |
85 | "concurrent users of eCryptfs"); | |
86 | ||
87 | unsigned int ecryptfs_transport = ECRYPTFS_DEFAULT_TRANSPORT; | |
88 | ||
237fead6 MH |
89 | void __ecryptfs_printk(const char *fmt, ...) |
90 | { | |
91 | va_list args; | |
92 | va_start(args, fmt); | |
93 | if (fmt[1] == '7') { /* KERN_DEBUG */ | |
94 | if (ecryptfs_verbosity >= 1) | |
95 | vprintk(fmt, args); | |
96 | } else | |
97 | vprintk(fmt, args); | |
98 | va_end(args); | |
99 | } | |
100 | ||
101 | /** | |
102 | * ecryptfs_interpose | |
103 | * @lower_dentry: Existing dentry in the lower filesystem | |
104 | * @dentry: ecryptfs' dentry | |
105 | * @sb: ecryptfs's super_block | |
106 | * @flag: If set to true, then d_add is called, else d_instantiate is called | |
107 | * | |
108 | * Interposes upper and lower dentries. | |
109 | * | |
110 | * Returns zero on success; non-zero otherwise | |
111 | */ | |
112 | int ecryptfs_interpose(struct dentry *lower_dentry, struct dentry *dentry, | |
113 | struct super_block *sb, int flag) | |
114 | { | |
115 | struct inode *lower_inode; | |
116 | struct inode *inode; | |
117 | int rc = 0; | |
118 | ||
119 | lower_inode = lower_dentry->d_inode; | |
120 | if (lower_inode->i_sb != ecryptfs_superblock_to_lower(sb)) { | |
121 | rc = -EXDEV; | |
122 | goto out; | |
123 | } | |
124 | if (!igrab(lower_inode)) { | |
125 | rc = -ESTALE; | |
126 | goto out; | |
127 | } | |
128 | inode = iget5_locked(sb, (unsigned long)lower_inode, | |
129 | ecryptfs_inode_test, ecryptfs_inode_set, | |
130 | lower_inode); | |
131 | if (!inode) { | |
132 | rc = -EACCES; | |
133 | iput(lower_inode); | |
134 | goto out; | |
135 | } | |
136 | if (inode->i_state & I_NEW) | |
137 | unlock_new_inode(inode); | |
138 | else | |
139 | iput(lower_inode); | |
140 | if (S_ISLNK(lower_inode->i_mode)) | |
141 | inode->i_op = &ecryptfs_symlink_iops; | |
142 | else if (S_ISDIR(lower_inode->i_mode)) | |
143 | inode->i_op = &ecryptfs_dir_iops; | |
144 | if (S_ISDIR(lower_inode->i_mode)) | |
145 | inode->i_fop = &ecryptfs_dir_fops; | |
26da8205 | 146 | if (special_file(lower_inode->i_mode)) |
237fead6 MH |
147 | init_special_inode(inode, lower_inode->i_mode, |
148 | lower_inode->i_rdev); | |
149 | dentry->d_op = &ecryptfs_dops; | |
150 | if (flag) | |
151 | d_add(dentry, inode); | |
152 | else | |
153 | d_instantiate(dentry, inode); | |
0cc72dc7 | 154 | fsstack_copy_attr_all(inode, lower_inode, NULL); |
237fead6 MH |
155 | /* This size will be overwritten for real files w/ headers and |
156 | * other metadata */ | |
0cc72dc7 | 157 | fsstack_copy_inode_size(inode, lower_inode); |
237fead6 MH |
158 | out: |
159 | return rc; | |
160 | } | |
161 | ||
162 | enum { ecryptfs_opt_sig, ecryptfs_opt_ecryptfs_sig, ecryptfs_opt_debug, | |
163 | ecryptfs_opt_ecryptfs_debug, ecryptfs_opt_cipher, | |
164 | ecryptfs_opt_ecryptfs_cipher, ecryptfs_opt_ecryptfs_key_bytes, | |
165 | ecryptfs_opt_passthrough, ecryptfs_opt_err }; | |
166 | ||
167 | static match_table_t tokens = { | |
168 | {ecryptfs_opt_sig, "sig=%s"}, | |
169 | {ecryptfs_opt_ecryptfs_sig, "ecryptfs_sig=%s"}, | |
170 | {ecryptfs_opt_debug, "debug=%u"}, | |
171 | {ecryptfs_opt_ecryptfs_debug, "ecryptfs_debug=%u"}, | |
172 | {ecryptfs_opt_cipher, "cipher=%s"}, | |
173 | {ecryptfs_opt_ecryptfs_cipher, "ecryptfs_cipher=%s"}, | |
174 | {ecryptfs_opt_ecryptfs_key_bytes, "ecryptfs_key_bytes=%u"}, | |
175 | {ecryptfs_opt_passthrough, "ecryptfs_passthrough"}, | |
176 | {ecryptfs_opt_err, NULL} | |
177 | }; | |
178 | ||
179 | /** | |
180 | * ecryptfs_verify_version | |
181 | * @version: The version number to confirm | |
182 | * | |
183 | * Returns zero on good version; non-zero otherwise | |
184 | */ | |
185 | static int ecryptfs_verify_version(u16 version) | |
186 | { | |
187 | int rc = 0; | |
188 | unsigned char major; | |
189 | unsigned char minor; | |
190 | ||
191 | major = ((version >> 8) & 0xFF); | |
192 | minor = (version & 0xFF); | |
193 | if (major != ECRYPTFS_VERSION_MAJOR) { | |
194 | ecryptfs_printk(KERN_ERR, "Major version number mismatch. " | |
195 | "Expected [%d]; got [%d]\n", | |
196 | ECRYPTFS_VERSION_MAJOR, major); | |
197 | rc = -EINVAL; | |
198 | goto out; | |
199 | } | |
200 | if (minor != ECRYPTFS_VERSION_MINOR) { | |
201 | ecryptfs_printk(KERN_ERR, "Minor version number mismatch. " | |
202 | "Expected [%d]; got [%d]\n", | |
203 | ECRYPTFS_VERSION_MINOR, minor); | |
204 | rc = -EINVAL; | |
205 | goto out; | |
206 | } | |
207 | out: | |
208 | return rc; | |
209 | } | |
210 | ||
211 | /** | |
212 | * ecryptfs_parse_options | |
213 | * @sb: The ecryptfs super block | |
214 | * @options: The options pased to the kernel | |
215 | * | |
216 | * Parse mount options: | |
217 | * debug=N - ecryptfs_verbosity level for debug output | |
218 | * sig=XXX - description(signature) of the key to use | |
219 | * | |
220 | * Returns the dentry object of the lower-level (lower/interposed) | |
221 | * directory; We want to mount our stackable file system on top of | |
222 | * that lower directory. | |
223 | * | |
224 | * The signature of the key to use must be the description of a key | |
225 | * already in the keyring. Mounting will fail if the key can not be | |
226 | * found. | |
227 | * | |
228 | * Returns zero on success; non-zero on error | |
229 | */ | |
230 | static int ecryptfs_parse_options(struct super_block *sb, char *options) | |
231 | { | |
232 | char *p; | |
233 | int rc = 0; | |
234 | int sig_set = 0; | |
235 | int cipher_name_set = 0; | |
236 | int cipher_key_bytes; | |
237 | int cipher_key_bytes_set = 0; | |
238 | struct key *auth_tok_key = NULL; | |
239 | struct ecryptfs_auth_tok *auth_tok = NULL; | |
240 | struct ecryptfs_mount_crypt_stat *mount_crypt_stat = | |
241 | &ecryptfs_superblock_to_private(sb)->mount_crypt_stat; | |
242 | substring_t args[MAX_OPT_ARGS]; | |
243 | int token; | |
244 | char *sig_src; | |
245 | char *sig_dst; | |
246 | char *debug_src; | |
247 | char *cipher_name_dst; | |
248 | char *cipher_name_src; | |
249 | char *cipher_key_bytes_src; | |
237fead6 MH |
250 | int cipher_name_len; |
251 | ||
252 | if (!options) { | |
253 | rc = -EINVAL; | |
254 | goto out; | |
255 | } | |
256 | while ((p = strsep(&options, ",")) != NULL) { | |
257 | if (!*p) | |
258 | continue; | |
259 | token = match_token(p, tokens, args); | |
260 | switch (token) { | |
261 | case ecryptfs_opt_sig: | |
262 | case ecryptfs_opt_ecryptfs_sig: | |
263 | sig_src = args[0].from; | |
264 | sig_dst = | |
265 | mount_crypt_stat->global_auth_tok_sig; | |
266 | memcpy(sig_dst, sig_src, ECRYPTFS_SIG_SIZE_HEX); | |
267 | sig_dst[ECRYPTFS_SIG_SIZE_HEX] = '\0'; | |
268 | ecryptfs_printk(KERN_DEBUG, | |
269 | "The mount_crypt_stat " | |
270 | "global_auth_tok_sig set to: " | |
271 | "[%s]\n", sig_dst); | |
272 | sig_set = 1; | |
273 | break; | |
274 | case ecryptfs_opt_debug: | |
275 | case ecryptfs_opt_ecryptfs_debug: | |
276 | debug_src = args[0].from; | |
277 | ecryptfs_verbosity = | |
278 | (int)simple_strtol(debug_src, &debug_src, | |
279 | 0); | |
280 | ecryptfs_printk(KERN_DEBUG, | |
281 | "Verbosity set to [%d]" "\n", | |
282 | ecryptfs_verbosity); | |
283 | break; | |
284 | case ecryptfs_opt_cipher: | |
285 | case ecryptfs_opt_ecryptfs_cipher: | |
286 | cipher_name_src = args[0].from; | |
287 | cipher_name_dst = | |
288 | mount_crypt_stat-> | |
289 | global_default_cipher_name; | |
290 | strncpy(cipher_name_dst, cipher_name_src, | |
291 | ECRYPTFS_MAX_CIPHER_NAME_SIZE); | |
292 | ecryptfs_printk(KERN_DEBUG, | |
293 | "The mount_crypt_stat " | |
294 | "global_default_cipher_name set to: " | |
295 | "[%s]\n", cipher_name_dst); | |
296 | cipher_name_set = 1; | |
297 | break; | |
298 | case ecryptfs_opt_ecryptfs_key_bytes: | |
299 | cipher_key_bytes_src = args[0].from; | |
300 | cipher_key_bytes = | |
301 | (int)simple_strtol(cipher_key_bytes_src, | |
302 | &cipher_key_bytes_src, 0); | |
303 | mount_crypt_stat->global_default_cipher_key_size = | |
304 | cipher_key_bytes; | |
305 | ecryptfs_printk(KERN_DEBUG, | |
306 | "The mount_crypt_stat " | |
307 | "global_default_cipher_key_size " | |
308 | "set to: [%d]\n", mount_crypt_stat-> | |
309 | global_default_cipher_key_size); | |
310 | cipher_key_bytes_set = 1; | |
311 | break; | |
312 | case ecryptfs_opt_passthrough: | |
313 | mount_crypt_stat->flags |= | |
314 | ECRYPTFS_PLAINTEXT_PASSTHROUGH_ENABLED; | |
315 | break; | |
316 | case ecryptfs_opt_err: | |
317 | default: | |
318 | ecryptfs_printk(KERN_WARNING, | |
319 | "eCryptfs: unrecognized option '%s'\n", | |
320 | p); | |
321 | } | |
322 | } | |
323 | /* Do not support lack of mount-wide signature in 0.1 | |
324 | * release */ | |
325 | if (!sig_set) { | |
326 | rc = -EINVAL; | |
327 | ecryptfs_printk(KERN_ERR, "You must supply a valid " | |
328 | "passphrase auth tok signature as a mount " | |
329 | "parameter; see the eCryptfs README\n"); | |
330 | goto out; | |
331 | } | |
332 | if (!cipher_name_set) { | |
333 | cipher_name_len = strlen(ECRYPTFS_DEFAULT_CIPHER); | |
334 | if (unlikely(cipher_name_len | |
335 | >= ECRYPTFS_MAX_CIPHER_NAME_SIZE)) { | |
336 | rc = -EINVAL; | |
337 | BUG(); | |
338 | goto out; | |
339 | } | |
340 | memcpy(mount_crypt_stat->global_default_cipher_name, | |
341 | ECRYPTFS_DEFAULT_CIPHER, cipher_name_len); | |
342 | mount_crypt_stat->global_default_cipher_name[cipher_name_len] | |
343 | = '\0'; | |
344 | } | |
345 | if (!cipher_key_bytes_set) { | |
e5d9cbde | 346 | mount_crypt_stat->global_default_cipher_key_size = 0; |
237fead6 MH |
347 | } |
348 | rc = ecryptfs_process_cipher( | |
237fead6 MH |
349 | &mount_crypt_stat->global_key_tfm, |
350 | mount_crypt_stat->global_default_cipher_name, | |
e5d9cbde | 351 | &mount_crypt_stat->global_default_cipher_key_size); |
237fead6 MH |
352 | if (rc) { |
353 | printk(KERN_ERR "Error attempting to initialize cipher [%s] " | |
354 | "with key size [%Zd] bytes; rc = [%d]\n", | |
355 | mount_crypt_stat->global_default_cipher_name, | |
356 | mount_crypt_stat->global_default_cipher_key_size, rc); | |
8bba066f MH |
357 | mount_crypt_stat->global_key_tfm = NULL; |
358 | mount_crypt_stat->global_auth_tok_key = NULL; | |
237fead6 MH |
359 | rc = -EINVAL; |
360 | goto out; | |
361 | } | |
362 | mutex_init(&mount_crypt_stat->global_key_tfm_mutex); | |
363 | ecryptfs_printk(KERN_DEBUG, "Requesting the key with description: " | |
364 | "[%s]\n", mount_crypt_stat->global_auth_tok_sig); | |
365 | /* The reference to this key is held until umount is done The | |
366 | * call to key_put is done in ecryptfs_put_super() */ | |
367 | auth_tok_key = request_key(&key_type_user, | |
368 | mount_crypt_stat->global_auth_tok_sig, | |
369 | NULL); | |
370 | if (!auth_tok_key || IS_ERR(auth_tok_key)) { | |
371 | ecryptfs_printk(KERN_ERR, "Could not find key with " | |
372 | "description: [%s]\n", | |
373 | mount_crypt_stat->global_auth_tok_sig); | |
374 | process_request_key_err(PTR_ERR(auth_tok_key)); | |
375 | rc = -EINVAL; | |
376 | goto out; | |
377 | } | |
378 | auth_tok = ecryptfs_get_key_payload_data(auth_tok_key); | |
379 | if (ecryptfs_verify_version(auth_tok->version)) { | |
380 | ecryptfs_printk(KERN_ERR, "Data structure version mismatch. " | |
381 | "Userspace tools must match eCryptfs kernel " | |
382 | "module with major version [%d] and minor " | |
383 | "version [%d]\n", ECRYPTFS_VERSION_MAJOR, | |
384 | ECRYPTFS_VERSION_MINOR); | |
385 | rc = -EINVAL; | |
386 | goto out; | |
387 | } | |
dddfa461 MH |
388 | if (auth_tok->token_type != ECRYPTFS_PASSWORD |
389 | && auth_tok->token_type != ECRYPTFS_PRIVATE_KEY) { | |
237fead6 | 390 | ecryptfs_printk(KERN_ERR, "Invalid auth_tok structure " |
dddfa461 | 391 | "returned from key query\n"); |
237fead6 MH |
392 | rc = -EINVAL; |
393 | goto out; | |
394 | } | |
395 | mount_crypt_stat->global_auth_tok_key = auth_tok_key; | |
396 | mount_crypt_stat->global_auth_tok = auth_tok; | |
397 | out: | |
398 | return rc; | |
399 | } | |
400 | ||
401 | struct kmem_cache *ecryptfs_sb_info_cache; | |
402 | ||
403 | /** | |
404 | * ecryptfs_fill_super | |
405 | * @sb: The ecryptfs super block | |
406 | * @raw_data: The options passed to mount | |
407 | * @silent: Not used but required by function prototype | |
408 | * | |
409 | * Sets up what we can of the sb, rest is done in ecryptfs_read_super | |
410 | * | |
411 | * Returns zero on success; non-zero otherwise | |
412 | */ | |
413 | static int | |
414 | ecryptfs_fill_super(struct super_block *sb, void *raw_data, int silent) | |
415 | { | |
416 | int rc = 0; | |
417 | ||
418 | /* Released in ecryptfs_put_super() */ | |
419 | ecryptfs_set_superblock_private(sb, | |
c3762229 | 420 | kmem_cache_zalloc(ecryptfs_sb_info_cache, |
e94b1766 | 421 | GFP_KERNEL)); |
237fead6 MH |
422 | if (!ecryptfs_superblock_to_private(sb)) { |
423 | ecryptfs_printk(KERN_WARNING, "Out of memory\n"); | |
424 | rc = -ENOMEM; | |
425 | goto out; | |
426 | } | |
237fead6 MH |
427 | sb->s_op = &ecryptfs_sops; |
428 | /* Released through deactivate_super(sb) from get_sb_nodev */ | |
429 | sb->s_root = d_alloc(NULL, &(const struct qstr) { | |
430 | .hash = 0,.name = "/",.len = 1}); | |
431 | if (!sb->s_root) { | |
432 | ecryptfs_printk(KERN_ERR, "d_alloc failed\n"); | |
433 | rc = -ENOMEM; | |
434 | goto out; | |
435 | } | |
436 | sb->s_root->d_op = &ecryptfs_dops; | |
437 | sb->s_root->d_sb = sb; | |
438 | sb->s_root->d_parent = sb->s_root; | |
439 | /* Released in d_release when dput(sb->s_root) is called */ | |
440 | /* through deactivate_super(sb) from get_sb_nodev() */ | |
441 | ecryptfs_set_dentry_private(sb->s_root, | |
c3762229 | 442 | kmem_cache_zalloc(ecryptfs_dentry_info_cache, |
e94b1766 | 443 | GFP_KERNEL)); |
237fead6 MH |
444 | if (!ecryptfs_dentry_to_private(sb->s_root)) { |
445 | ecryptfs_printk(KERN_ERR, | |
446 | "dentry_info_cache alloc failed\n"); | |
447 | rc = -ENOMEM; | |
448 | goto out; | |
449 | } | |
237fead6 MH |
450 | rc = 0; |
451 | out: | |
452 | /* Should be able to rely on deactivate_super called from | |
453 | * get_sb_nodev */ | |
454 | return rc; | |
455 | } | |
456 | ||
457 | /** | |
458 | * ecryptfs_read_super | |
459 | * @sb: The ecryptfs super block | |
460 | * @dev_name: The path to mount over | |
461 | * | |
462 | * Read the super block of the lower filesystem, and use | |
463 | * ecryptfs_interpose to create our initial inode and super block | |
464 | * struct. | |
465 | */ | |
466 | static int ecryptfs_read_super(struct super_block *sb, const char *dev_name) | |
467 | { | |
468 | int rc; | |
469 | struct nameidata nd; | |
470 | struct dentry *lower_root; | |
471 | struct vfsmount *lower_mnt; | |
472 | ||
473 | memset(&nd, 0, sizeof(struct nameidata)); | |
474 | rc = path_lookup(dev_name, LOOKUP_FOLLOW, &nd); | |
475 | if (rc) { | |
476 | ecryptfs_printk(KERN_WARNING, "path_lookup() failed\n"); | |
477 | goto out_free; | |
478 | } | |
479 | lower_root = nd.dentry; | |
480 | if (!lower_root->d_inode) { | |
481 | ecryptfs_printk(KERN_WARNING, | |
482 | "No directory to interpose on\n"); | |
483 | rc = -ENOENT; | |
484 | goto out_free; | |
485 | } | |
486 | lower_mnt = nd.mnt; | |
487 | ecryptfs_set_superblock_lower(sb, lower_root->d_sb); | |
488 | sb->s_maxbytes = lower_root->d_sb->s_maxbytes; | |
489 | ecryptfs_set_dentry_lower(sb->s_root, lower_root); | |
490 | ecryptfs_set_dentry_lower_mnt(sb->s_root, lower_mnt); | |
491 | if ((rc = ecryptfs_interpose(lower_root, sb->s_root, sb, 0))) | |
492 | goto out_free; | |
493 | rc = 0; | |
494 | goto out; | |
495 | out_free: | |
496 | path_release(&nd); | |
497 | out: | |
498 | return rc; | |
499 | } | |
500 | ||
501 | /** | |
502 | * ecryptfs_get_sb | |
503 | * @fs_type | |
504 | * @flags | |
505 | * @dev_name: The path to mount over | |
506 | * @raw_data: The options passed into the kernel | |
507 | * | |
508 | * The whole ecryptfs_get_sb process is broken into 4 functions: | |
509 | * ecryptfs_parse_options(): handle options passed to ecryptfs, if any | |
510 | * ecryptfs_fill_super(): used by get_sb_nodev, fills out the super_block | |
511 | * with as much information as it can before needing | |
512 | * the lower filesystem. | |
513 | * ecryptfs_read_super(): this accesses the lower filesystem and uses | |
514 | * ecryptfs_interpolate to perform most of the linking | |
515 | * ecryptfs_interpolate(): links the lower filesystem into ecryptfs | |
516 | */ | |
517 | static int ecryptfs_get_sb(struct file_system_type *fs_type, int flags, | |
518 | const char *dev_name, void *raw_data, | |
519 | struct vfsmount *mnt) | |
520 | { | |
521 | int rc; | |
522 | struct super_block *sb; | |
523 | ||
524 | rc = get_sb_nodev(fs_type, flags, raw_data, ecryptfs_fill_super, mnt); | |
525 | if (rc < 0) { | |
526 | printk(KERN_ERR "Getting sb failed; rc = [%d]\n", rc); | |
527 | goto out; | |
528 | } | |
529 | sb = mnt->mnt_sb; | |
530 | rc = ecryptfs_parse_options(sb, raw_data); | |
531 | if (rc) { | |
532 | printk(KERN_ERR "Error parsing options; rc = [%d]\n", rc); | |
533 | goto out_abort; | |
534 | } | |
535 | rc = ecryptfs_read_super(sb, dev_name); | |
536 | if (rc) { | |
537 | printk(KERN_ERR "Reading sb failed; rc = [%d]\n", rc); | |
538 | goto out_abort; | |
539 | } | |
540 | goto out; | |
541 | out_abort: | |
542 | dput(sb->s_root); | |
543 | up_write(&sb->s_umount); | |
544 | deactivate_super(sb); | |
545 | out: | |
546 | return rc; | |
547 | } | |
548 | ||
549 | /** | |
550 | * ecryptfs_kill_block_super | |
551 | * @sb: The ecryptfs super block | |
552 | * | |
553 | * Used to bring the superblock down and free the private data. | |
554 | * Private data is free'd in ecryptfs_put_super() | |
555 | */ | |
556 | static void ecryptfs_kill_block_super(struct super_block *sb) | |
557 | { | |
558 | generic_shutdown_super(sb); | |
559 | } | |
560 | ||
561 | static struct file_system_type ecryptfs_fs_type = { | |
562 | .owner = THIS_MODULE, | |
563 | .name = "ecryptfs", | |
564 | .get_sb = ecryptfs_get_sb, | |
565 | .kill_sb = ecryptfs_kill_block_super, | |
566 | .fs_flags = 0 | |
567 | }; | |
568 | ||
569 | /** | |
570 | * inode_info_init_once | |
571 | * | |
572 | * Initializes the ecryptfs_inode_info_cache when it is created | |
573 | */ | |
574 | static void | |
575 | inode_info_init_once(void *vptr, struct kmem_cache *cachep, unsigned long flags) | |
576 | { | |
577 | struct ecryptfs_inode_info *ei = (struct ecryptfs_inode_info *)vptr; | |
578 | ||
579 | if ((flags & (SLAB_CTOR_VERIFY | SLAB_CTOR_CONSTRUCTOR)) == | |
580 | SLAB_CTOR_CONSTRUCTOR) | |
581 | inode_init_once(&ei->vfs_inode); | |
582 | } | |
583 | ||
584 | static struct ecryptfs_cache_info { | |
e18b890b | 585 | struct kmem_cache **cache; |
237fead6 MH |
586 | const char *name; |
587 | size_t size; | |
588 | void (*ctor)(void*, struct kmem_cache *, unsigned long); | |
589 | } ecryptfs_cache_infos[] = { | |
590 | { | |
591 | .cache = &ecryptfs_auth_tok_list_item_cache, | |
592 | .name = "ecryptfs_auth_tok_list_item", | |
593 | .size = sizeof(struct ecryptfs_auth_tok_list_item), | |
594 | }, | |
595 | { | |
596 | .cache = &ecryptfs_file_info_cache, | |
597 | .name = "ecryptfs_file_cache", | |
598 | .size = sizeof(struct ecryptfs_file_info), | |
599 | }, | |
600 | { | |
601 | .cache = &ecryptfs_dentry_info_cache, | |
602 | .name = "ecryptfs_dentry_info_cache", | |
603 | .size = sizeof(struct ecryptfs_dentry_info), | |
604 | }, | |
605 | { | |
606 | .cache = &ecryptfs_inode_info_cache, | |
607 | .name = "ecryptfs_inode_cache", | |
608 | .size = sizeof(struct ecryptfs_inode_info), | |
609 | .ctor = inode_info_init_once, | |
610 | }, | |
611 | { | |
612 | .cache = &ecryptfs_sb_info_cache, | |
613 | .name = "ecryptfs_sb_cache", | |
614 | .size = sizeof(struct ecryptfs_sb_info), | |
615 | }, | |
616 | { | |
617 | .cache = &ecryptfs_header_cache_0, | |
618 | .name = "ecryptfs_headers_0", | |
619 | .size = PAGE_CACHE_SIZE, | |
620 | }, | |
621 | { | |
622 | .cache = &ecryptfs_header_cache_1, | |
623 | .name = "ecryptfs_headers_1", | |
624 | .size = PAGE_CACHE_SIZE, | |
625 | }, | |
626 | { | |
627 | .cache = &ecryptfs_header_cache_2, | |
628 | .name = "ecryptfs_headers_2", | |
629 | .size = PAGE_CACHE_SIZE, | |
630 | }, | |
631 | { | |
632 | .cache = &ecryptfs_lower_page_cache, | |
633 | .name = "ecryptfs_lower_page_cache", | |
634 | .size = PAGE_CACHE_SIZE, | |
635 | }, | |
636 | }; | |
637 | ||
638 | static void ecryptfs_free_kmem_caches(void) | |
639 | { | |
640 | int i; | |
641 | ||
642 | for (i = 0; i < ARRAY_SIZE(ecryptfs_cache_infos); i++) { | |
643 | struct ecryptfs_cache_info *info; | |
644 | ||
645 | info = &ecryptfs_cache_infos[i]; | |
646 | if (*(info->cache)) | |
647 | kmem_cache_destroy(*(info->cache)); | |
648 | } | |
649 | } | |
650 | ||
651 | /** | |
652 | * ecryptfs_init_kmem_caches | |
653 | * | |
654 | * Returns zero on success; non-zero otherwise | |
655 | */ | |
656 | static int ecryptfs_init_kmem_caches(void) | |
657 | { | |
658 | int i; | |
659 | ||
660 | for (i = 0; i < ARRAY_SIZE(ecryptfs_cache_infos); i++) { | |
661 | struct ecryptfs_cache_info *info; | |
662 | ||
663 | info = &ecryptfs_cache_infos[i]; | |
664 | *(info->cache) = kmem_cache_create(info->name, info->size, | |
665 | 0, SLAB_HWCACHE_ALIGN, info->ctor, NULL); | |
666 | if (!*(info->cache)) { | |
667 | ecryptfs_free_kmem_caches(); | |
668 | ecryptfs_printk(KERN_WARNING, "%s: " | |
669 | "kmem_cache_create failed\n", | |
670 | info->name); | |
671 | return -ENOMEM; | |
672 | } | |
673 | } | |
674 | return 0; | |
675 | } | |
676 | ||
677 | struct ecryptfs_obj { | |
678 | char *name; | |
679 | struct list_head slot_list; | |
680 | struct kobject kobj; | |
681 | }; | |
682 | ||
683 | struct ecryptfs_attribute { | |
684 | struct attribute attr; | |
685 | ssize_t(*show) (struct ecryptfs_obj *, char *); | |
686 | ssize_t(*store) (struct ecryptfs_obj *, const char *, size_t); | |
687 | }; | |
688 | ||
689 | static ssize_t | |
690 | ecryptfs_attr_store(struct kobject *kobj, | |
691 | struct attribute *attr, const char *buf, size_t len) | |
692 | { | |
693 | struct ecryptfs_obj *obj = container_of(kobj, struct ecryptfs_obj, | |
694 | kobj); | |
695 | struct ecryptfs_attribute *attribute = | |
696 | container_of(attr, struct ecryptfs_attribute, attr); | |
697 | ||
698 | return (attribute->store ? attribute->store(obj, buf, len) : 0); | |
699 | } | |
700 | ||
701 | static ssize_t | |
702 | ecryptfs_attr_show(struct kobject *kobj, struct attribute *attr, char *buf) | |
703 | { | |
704 | struct ecryptfs_obj *obj = container_of(kobj, struct ecryptfs_obj, | |
705 | kobj); | |
706 | struct ecryptfs_attribute *attribute = | |
707 | container_of(attr, struct ecryptfs_attribute, attr); | |
708 | ||
709 | return (attribute->show ? attribute->show(obj, buf) : 0); | |
710 | } | |
711 | ||
712 | static struct sysfs_ops ecryptfs_sysfs_ops = { | |
713 | .show = ecryptfs_attr_show, | |
714 | .store = ecryptfs_attr_store | |
715 | }; | |
716 | ||
717 | static struct kobj_type ecryptfs_ktype = { | |
718 | .sysfs_ops = &ecryptfs_sysfs_ops | |
719 | }; | |
720 | ||
721 | static decl_subsys(ecryptfs, &ecryptfs_ktype, NULL); | |
722 | ||
723 | static ssize_t version_show(struct ecryptfs_obj *obj, char *buff) | |
724 | { | |
725 | return snprintf(buff, PAGE_SIZE, "%d\n", ECRYPTFS_VERSIONING_MASK); | |
726 | } | |
727 | ||
728 | static struct ecryptfs_attribute sysfs_attr_version = __ATTR_RO(version); | |
729 | ||
8487f2e4 | 730 | static struct ecryptfs_version_str_map_elem { |
237fead6 MH |
731 | u32 flag; |
732 | char *str; | |
733 | } ecryptfs_version_str_map[] = { | |
734 | {ECRYPTFS_VERSIONING_PASSPHRASE, "passphrase"}, | |
735 | {ECRYPTFS_VERSIONING_PUBKEY, "pubkey"}, | |
736 | {ECRYPTFS_VERSIONING_PLAINTEXT_PASSTHROUGH, "plaintext passthrough"}, | |
737 | {ECRYPTFS_VERSIONING_POLICY, "policy"} | |
738 | }; | |
739 | ||
740 | static ssize_t version_str_show(struct ecryptfs_obj *obj, char *buff) | |
741 | { | |
742 | int i; | |
743 | int remaining = PAGE_SIZE; | |
744 | int total_written = 0; | |
745 | ||
746 | buff[0] = '\0'; | |
747 | for (i = 0; i < ARRAY_SIZE(ecryptfs_version_str_map); i++) { | |
748 | int entry_size; | |
749 | ||
750 | if (!(ECRYPTFS_VERSIONING_MASK | |
751 | & ecryptfs_version_str_map[i].flag)) | |
752 | continue; | |
753 | entry_size = strlen(ecryptfs_version_str_map[i].str); | |
754 | if ((entry_size + 2) > remaining) | |
755 | goto out; | |
756 | memcpy(buff, ecryptfs_version_str_map[i].str, entry_size); | |
757 | buff[entry_size++] = '\n'; | |
758 | buff[entry_size] = '\0'; | |
759 | buff += entry_size; | |
760 | total_written += entry_size; | |
761 | remaining -= entry_size; | |
762 | } | |
763 | out: | |
764 | return total_written; | |
765 | } | |
766 | ||
767 | static struct ecryptfs_attribute sysfs_attr_version_str = __ATTR_RO(version_str); | |
768 | ||
769 | static int do_sysfs_registration(void) | |
770 | { | |
771 | int rc; | |
772 | ||
773 | if ((rc = subsystem_register(&ecryptfs_subsys))) { | |
774 | printk(KERN_ERR | |
775 | "Unable to register ecryptfs sysfs subsystem\n"); | |
776 | goto out; | |
777 | } | |
778 | rc = sysfs_create_file(&ecryptfs_subsys.kset.kobj, | |
779 | &sysfs_attr_version.attr); | |
780 | if (rc) { | |
781 | printk(KERN_ERR | |
782 | "Unable to create ecryptfs version attribute\n"); | |
783 | subsystem_unregister(&ecryptfs_subsys); | |
784 | goto out; | |
785 | } | |
786 | rc = sysfs_create_file(&ecryptfs_subsys.kset.kobj, | |
787 | &sysfs_attr_version_str.attr); | |
788 | if (rc) { | |
789 | printk(KERN_ERR | |
790 | "Unable to create ecryptfs version_str attribute\n"); | |
791 | sysfs_remove_file(&ecryptfs_subsys.kset.kobj, | |
792 | &sysfs_attr_version.attr); | |
793 | subsystem_unregister(&ecryptfs_subsys); | |
794 | goto out; | |
795 | } | |
796 | out: | |
797 | return rc; | |
798 | } | |
799 | ||
800 | static int __init ecryptfs_init(void) | |
801 | { | |
802 | int rc; | |
803 | ||
804 | if (ECRYPTFS_DEFAULT_EXTENT_SIZE > PAGE_CACHE_SIZE) { | |
805 | rc = -EINVAL; | |
806 | ecryptfs_printk(KERN_ERR, "The eCryptfs extent size is " | |
807 | "larger than the host's page size, and so " | |
808 | "eCryptfs cannot run on this system. The " | |
809 | "default eCryptfs extent size is [%d] bytes; " | |
810 | "the page size is [%d] bytes.\n", | |
811 | ECRYPTFS_DEFAULT_EXTENT_SIZE, PAGE_CACHE_SIZE); | |
812 | goto out; | |
813 | } | |
814 | rc = ecryptfs_init_kmem_caches(); | |
815 | if (rc) { | |
816 | printk(KERN_ERR | |
817 | "Failed to allocate one or more kmem_cache objects\n"); | |
818 | goto out; | |
819 | } | |
820 | rc = register_filesystem(&ecryptfs_fs_type); | |
821 | if (rc) { | |
822 | printk(KERN_ERR "Failed to register filesystem\n"); | |
823 | ecryptfs_free_kmem_caches(); | |
824 | goto out; | |
825 | } | |
826 | kset_set_kset_s(&ecryptfs_subsys, fs_subsys); | |
827 | sysfs_attr_version.attr.owner = THIS_MODULE; | |
828 | sysfs_attr_version_str.attr.owner = THIS_MODULE; | |
829 | rc = do_sysfs_registration(); | |
830 | if (rc) { | |
831 | printk(KERN_ERR "sysfs registration failed\n"); | |
832 | unregister_filesystem(&ecryptfs_fs_type); | |
833 | ecryptfs_free_kmem_caches(); | |
834 | goto out; | |
835 | } | |
dddfa461 MH |
836 | rc = ecryptfs_init_messaging(ecryptfs_transport); |
837 | if (rc) { | |
838 | ecryptfs_printk(KERN_ERR, "Failure occured while attempting to " | |
839 | "initialize the eCryptfs netlink socket\n"); | |
840 | } | |
237fead6 MH |
841 | out: |
842 | return rc; | |
843 | } | |
844 | ||
845 | static void __exit ecryptfs_exit(void) | |
846 | { | |
847 | sysfs_remove_file(&ecryptfs_subsys.kset.kobj, | |
848 | &sysfs_attr_version.attr); | |
849 | sysfs_remove_file(&ecryptfs_subsys.kset.kobj, | |
850 | &sysfs_attr_version_str.attr); | |
851 | subsystem_unregister(&ecryptfs_subsys); | |
dddfa461 | 852 | ecryptfs_release_messaging(ecryptfs_transport); |
237fead6 MH |
853 | unregister_filesystem(&ecryptfs_fs_type); |
854 | ecryptfs_free_kmem_caches(); | |
855 | } | |
856 | ||
857 | MODULE_AUTHOR("Michael A. Halcrow <mhalcrow@us.ibm.com>"); | |
858 | MODULE_DESCRIPTION("eCryptfs"); | |
859 | ||
860 | MODULE_LICENSE("GPL"); | |
861 | ||
862 | module_init(ecryptfs_init) | |
863 | module_exit(ecryptfs_exit) |