Linux/fs/ext4/crypto.c

Version: ~ [ linux-6.11.5 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.58 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.114 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.169 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.228 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.284 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.322 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.9 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

1 // SPDX-License-Identifier: GPL-2.0 2 3 #include <linux/quotaops.h> 4 #include <linux/uuid.h> 5 6 #include "ext4.h" 7 #include "xattr.h" 8 #include "ext4_jbd2.h" 9 10 static void ext4_fname_from_fscrypt_name(struct ext4_filename *dst, 11 const struct fscrypt_name *src) 12 { 13 memset(dst, 0, sizeof(*dst)); 14 15 dst->usr_fname = src->usr_fname; 16 dst->disk_name = src->disk_name; 17 dst->hinfo.hash = src->hash; 18 dst->hinfo.minor_hash = src->minor_hash; 19 dst->crypto_buf = src->crypto_buf; 20 } 21 22 int ext4_fname_setup_filename(struct inode *dir, const struct qstr *iname, 23 int lookup, struct ext4_filename *fname) 24 { 25 struct fscrypt_name name; 26 int err; 27 28 err = fscrypt_setup_filename(dir, iname, lookup, &name); 29 if (err) 30 return err; 31 32 ext4_fname_from_fscrypt_name(fname, &name); 33 34 err = ext4_fname_setup_ci_filename(dir, iname, fname); 35 if (err) 36 ext4_fname_free_filename(fname); 37 38 return err; 39 } 40 41 int ext4_fname_prepare_lookup(struct inode *dir, struct dentry *dentry, 42 struct ext4_filename *fname) 43 { 44 struct fscrypt_name name; 45 int err; 46 47 err = fscrypt_prepare_lookup(dir, dentry, &name); 48 if (err) 49 return err; 50 51 ext4_fname_from_fscrypt_name(fname, &name); 52 53 err = ext4_fname_setup_ci_filename(dir, &dentry->d_name, fname); 54 if (err) 55 ext4_fname_free_filename(fname); 56 return err; 57 } 58 59 void ext4_fname_free_filename(struct ext4_filename *fname) 60 { 61 struct fscrypt_name name; 62 63 name.crypto_buf = fname->crypto_buf; 64 fscrypt_free_filename(&name); 65 66 fname->crypto_buf.name = NULL; 67 fname->usr_fname = NULL; 68 fname->disk_name.name = NULL; 69 70 ext4_fname_free_ci_filename(fname); 71 } 72 73 static bool uuid_is_zero(__u8 u[16]) 74 { 75 int i; 76 77 for (i = 0; i < 16; i++) 78 if (u[i]) 79 return false; 80 return true; 81 } 82 83 int ext4_ioctl_get_encryption_pwsalt(struct file *filp, void __user *arg) 84 { 85 struct super_block *sb = file_inode(filp)->i_sb; 86 struct ext4_sb_info *sbi = EXT4_SB(sb); 87 int err, err2; 88 handle_t *handle; 89 90 if (!ext4_has_feature_encrypt(sb)) 91 return -EOPNOTSUPP; 92 93 if (uuid_is_zero(sbi->s_es->s_encrypt_pw_salt)) { 94 err = mnt_want_write_file(filp); 95 if (err) 96 return err; 97 handle = ext4_journal_start_sb(sb, EXT4_HT_MISC, 1); 98 if (IS_ERR(handle)) { 99 err = PTR_ERR(handle); 100 goto pwsalt_err_exit; 101 } 102 err = ext4_journal_get_write_access(handle, sb, sbi->s_sbh, 103 EXT4_JTR_NONE); 104 if (err) 105 goto pwsalt_err_journal; 106 lock_buffer(sbi->s_sbh); 107 generate_random_uuid(sbi->s_es->s_encrypt_pw_salt); 108 ext4_superblock_csum_set(sb); 109 unlock_buffer(sbi->s_sbh); 110 err = ext4_handle_dirty_metadata(handle, NULL, sbi->s_sbh); 111 pwsalt_err_journal: 112 err2 = ext4_journal_stop(handle); 113 if (err2 && !err) 114 err = err2; 115 pwsalt_err_exit: 116 mnt_drop_write_file(filp); 117 if (err) 118 return err; 119 } 120 121 if (copy_to_user(arg, sbi->s_es->s_encrypt_pw_salt, 16)) 122 return -EFAULT; 123 return 0; 124 } 125 126 static int ext4_get_context(struct inode *inode, void *ctx, size_t len) 127 { 128 return ext4_xattr_get(inode, EXT4_XATTR_INDEX_ENCRYPTION, 129 EXT4_XATTR_NAME_ENCRYPTION_CONTEXT, ctx, len); 130 } 131 132 static int ext4_set_context(struct inode *inode, const void *ctx, size_t len, 133 void *fs_data) 134 { 135 handle_t *handle = fs_data; 136 int res, res2, credits, retries = 0; 137 138 /* 139 * Encrypting the root directory is not allowed because e2fsck expects 140 * lost+found to exist and be unencrypted, and encrypting the root 141 * directory would imply encrypting the lost+found directory as well as 142 * the filename "lost+found" itself. 143 */ 144 if (inode->i_ino == EXT4_ROOT_INO) 145 return -EPERM; 146 147 if (WARN_ON_ONCE(IS_DAX(inode) && i_size_read(inode))) 148 return -EINVAL; 149 150 if (ext4_test_inode_flag(inode, EXT4_INODE_DAX)) 151 return -EOPNOTSUPP; 152 153 res = ext4_convert_inline_data(inode); 154 if (res) 155 return res; 156 157 /* 158 * If a journal handle was specified, then the encryption context is 159 * being set on a new inode via inheritance and is part of a larger 160 * transaction to create the inode. Otherwise the encryption context is 161 * being set on an existing inode in its own transaction. Only in the 162 * latter case should the "retry on ENOSPC" logic be used. 163 */ 164 165 if (handle) { 166 res = ext4_xattr_set_handle(handle, inode, 167 EXT4_XATTR_INDEX_ENCRYPTION, 168 EXT4_XATTR_NAME_ENCRYPTION_CONTEXT, 169 ctx, len, 0); 170 if (!res) { 171 ext4_set_inode_flag(inode, EXT4_INODE_ENCRYPT); 172 ext4_clear_inode_state(inode, 173 EXT4_STATE_MAY_INLINE_DATA); 174 /* 175 * Update inode->i_flags - S_ENCRYPTED will be enabled, 176 * S_DAX may be disabled 177 */ 178 ext4_set_inode_flags(inode, false); 179 } 180 return res; 181 } 182 183 res = dquot_initialize(inode); 184 if (res) 185 return res; 186 retry: 187 res = ext4_xattr_set_credits(inode, len, false /* is_create */, 188 &credits); 189 if (res) 190 return res; 191 192 handle = ext4_journal_start(inode, EXT4_HT_MISC, credits); 193 if (IS_ERR(handle)) 194 return PTR_ERR(handle); 195 196 res = ext4_xattr_set_handle(handle, inode, EXT4_XATTR_INDEX_ENCRYPTION, 197 EXT4_XATTR_NAME_ENCRYPTION_CONTEXT, 198 ctx, len, 0); 199 if (!res) { 200 ext4_set_inode_flag(inode, EXT4_INODE_ENCRYPT); 201 /* 202 * Update inode->i_flags - S_ENCRYPTED will be enabled, 203 * S_DAX may be disabled 204 */ 205 ext4_set_inode_flags(inode, false); 206 res = ext4_mark_inode_dirty(handle, inode); 207 if (res) 208 EXT4_ERROR_INODE(inode, "Failed to mark inode dirty"); 209 } 210 res2 = ext4_journal_stop(handle); 211 212 if (res == -ENOSPC && ext4_should_retry_alloc(inode->i_sb, &retries)) 213 goto retry; 214 if (!res) 215 res = res2; 216 return res; 217 } 218 219 static const union fscrypt_policy *ext4_get_dummy_policy(struct super_block *sb) 220 { 221 return EXT4_SB(sb)->s_dummy_enc_policy.policy; 222 } 223 224 static bool ext4_has_stable_inodes(struct super_block *sb) 225 { 226 return ext4_has_feature_stable_inodes(sb); 227 } 228 229 const struct fscrypt_operations ext4_cryptops = { 230 .needs_bounce_pages = 1, 231 .has_32bit_inodes = 1, 232 .supports_subblock_data_units = 1, 233 .legacy_key_prefix = "ext4:", 234 .get_context = ext4_get_context, 235 .set_context = ext4_set_context, 236 .get_dummy_policy = ext4_get_dummy_policy, 237 .empty_dir = ext4_empty_dir, 238 .has_stable_inodes = ext4_has_stable_inodes, 239 }; 240

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

TOMOYO Linux Cross Reference Linux/fs/ext4/crypto.c

TOMOYO Linux Cross Reference
Linux/fs/ext4/crypto.c