tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

fscrypt: split supp and notsupp declarations into their own headers

Previously, each filesystem configured without encryption support would
define all the public fscrypt functions to their notsupp_* stubs. This
list of #defines had to be updated in every filesystem whenever a change
was made to the public fscrypt functions. To make things more
maintainable now that we have three filesystems using fscrypt, split the
old header fscrypto.h into several new headers. fscrypt_supp.h contains
the real declarations and is included by filesystems when configured
with encryption support, whereas fscrypt_notsupp.h contains the inline
stubs and is included by filesystems when configured without encryption
support. fscrypt_common.h contains common declarations needed by both.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

authored by

Eric Biggers and committed by
Theodore Ts'o 46f47e48 02680b31

+397 -421
+1 -1
MAINTAINERS
··· 5268 5268 L: linux-fsdevel@vger.kernel.org 5269 5269 S: Supported 5270 5270 F: fs/crypto/ 5271 - F: include/linux/fscrypto.h 5271 + F: include/linux/fscrypt*.h 5272 5272 5273 5273 F2FS FILE SYSTEM 5274 5274 M: Jaegeuk Kim <jaegeuk@kernel.org>
+1 -1
fs/crypto/fscrypt_private.h
··· 11 11 #ifndef _FSCRYPT_PRIVATE_H 12 12 #define _FSCRYPT_PRIVATE_H 13 13 14 - #include <linux/fscrypto.h> 14 + #include <linux/fscrypt_supp.h> 15 15 16 16 #define FS_FNAME_CRYPTO_DIGEST_SIZE 32 17 17
+5 -23
fs/ext4/ext4.h
··· 32 32 #include <linux/percpu_counter.h> 33 33 #include <linux/ratelimit.h> 34 34 #include <crypto/hash.h> 35 - #include <linux/fscrypto.h> 35 + #ifdef CONFIG_EXT4_FS_ENCRYPTION 36 + #include <linux/fscrypt_supp.h> 37 + #else 38 + #include <linux/fscrypt_notsupp.h> 39 + #endif 36 40 #include <linux/falloc.h> 37 41 #include <linux/percpu-rwsem.h> 38 42 #ifdef __KERNEL__ ··· 2313 2309 } 2314 2310 static inline void ext4_fname_free_filename(struct ext4_filename *fname) { } 2315 2311 2316 - #define fscrypt_set_d_op(i) 2317 - #define fscrypt_get_ctx fscrypt_notsupp_get_ctx 2318 - #define fscrypt_release_ctx fscrypt_notsupp_release_ctx 2319 - #define fscrypt_encrypt_page fscrypt_notsupp_encrypt_page 2320 - #define fscrypt_decrypt_page fscrypt_notsupp_decrypt_page 2321 - #define fscrypt_decrypt_bio_pages fscrypt_notsupp_decrypt_bio_pages 2322 - #define fscrypt_pullback_bio_page fscrypt_notsupp_pullback_bio_page 2323 - #define fscrypt_restore_control_page fscrypt_notsupp_restore_control_page 2324 - #define fscrypt_zeroout_range fscrypt_notsupp_zeroout_range 2325 - #define fscrypt_ioctl_set_policy fscrypt_notsupp_ioctl_set_policy 2326 - #define fscrypt_ioctl_get_policy fscrypt_notsupp_ioctl_get_policy 2327 - #define fscrypt_has_permitted_context fscrypt_notsupp_has_permitted_context 2328 - #define fscrypt_inherit_context fscrypt_notsupp_inherit_context 2329 - #define fscrypt_get_encryption_info fscrypt_notsupp_get_encryption_info 2330 - #define fscrypt_put_encryption_info fscrypt_notsupp_put_encryption_info 2331 - #define fscrypt_setup_filename fscrypt_notsupp_setup_filename 2332 - #define fscrypt_free_filename fscrypt_notsupp_free_filename 2333 - #define fscrypt_fname_encrypted_size fscrypt_notsupp_fname_encrypted_size 2334 - #define fscrypt_fname_alloc_buffer fscrypt_notsupp_fname_alloc_buffer 2335 - #define fscrypt_fname_free_buffer fscrypt_notsupp_fname_free_buffer 2336 - #define fscrypt_fname_disk_to_usr fscrypt_notsupp_fname_disk_to_usr 2337 - #define fscrypt_fname_usr_to_disk fscrypt_notsupp_fname_usr_to_disk 2338 2312 #endif 2339 2313 2340 2314 /* dir.c */
-1
fs/ext4/page-io.c
··· 24 24 #include <linux/slab.h> 25 25 #include <linux/mm.h> 26 26 #include <linux/backing-dev.h> 27 - #include <linux/fscrypto.h> 28 27 29 28 #include "ext4_jbd2.h" 30 29 #include "xattr.h"
+5 -25
fs/f2fs/f2fs.h
··· 22 22 #include <linux/vmalloc.h> 23 23 #include <linux/bio.h> 24 24 #include <linux/blkdev.h> 25 - #include <linux/fscrypto.h> 25 + #ifdef CONFIG_F2FS_FS_ENCRYPTION 26 + #include <linux/fscrypt_supp.h> 27 + #else 28 + #include <linux/fscrypt_notsupp.h> 29 + #endif 26 30 #include <crypto/hash.h> 27 31 28 32 #ifdef CONFIG_F2FS_CHECK_FS ··· 2505 2501 #endif 2506 2502 } 2507 2503 2508 - #ifndef CONFIG_F2FS_FS_ENCRYPTION 2509 - #define fscrypt_set_d_op(i) 2510 - #define fscrypt_get_ctx fscrypt_notsupp_get_ctx 2511 - #define fscrypt_release_ctx fscrypt_notsupp_release_ctx 2512 - #define fscrypt_encrypt_page fscrypt_notsupp_encrypt_page 2513 - #define fscrypt_decrypt_page fscrypt_notsupp_decrypt_page 2514 - #define fscrypt_decrypt_bio_pages fscrypt_notsupp_decrypt_bio_pages 2515 - #define fscrypt_pullback_bio_page fscrypt_notsupp_pullback_bio_page 2516 - #define fscrypt_restore_control_page fscrypt_notsupp_restore_control_page 2517 - #define fscrypt_zeroout_range fscrypt_notsupp_zeroout_range 2518 - #define fscrypt_ioctl_set_policy fscrypt_notsupp_ioctl_set_policy 2519 - #define fscrypt_ioctl_get_policy fscrypt_notsupp_ioctl_get_policy 2520 - #define fscrypt_has_permitted_context fscrypt_notsupp_has_permitted_context 2521 - #define fscrypt_inherit_context fscrypt_notsupp_inherit_context 2522 - #define fscrypt_get_encryption_info fscrypt_notsupp_get_encryption_info 2523 - #define fscrypt_put_encryption_info fscrypt_notsupp_put_encryption_info 2524 - #define fscrypt_setup_filename fscrypt_notsupp_setup_filename 2525 - #define fscrypt_free_filename fscrypt_notsupp_free_filename 2526 - #define fscrypt_fname_encrypted_size fscrypt_notsupp_fname_encrypted_size 2527 - #define fscrypt_fname_alloc_buffer fscrypt_notsupp_fname_alloc_buffer 2528 - #define fscrypt_fname_free_buffer fscrypt_notsupp_fname_free_buffer 2529 - #define fscrypt_fname_disk_to_usr fscrypt_notsupp_fname_disk_to_usr 2530 - #define fscrypt_fname_usr_to_disk fscrypt_notsupp_fname_usr_to_disk 2531 - #endif 2532 2504 #endif
+5 -23
fs/ubifs/ubifs.h
··· 38 38 #include <linux/backing-dev.h> 39 39 #include <linux/security.h> 40 40 #include <linux/xattr.h> 41 - #include <linux/fscrypto.h> 41 + #ifdef CONFIG_UBIFS_FS_ENCRYPTION 42 + #include <linux/fscrypt_supp.h> 43 + #else 44 + #include <linux/fscrypt_notsupp.h> 45 + #endif 42 46 #include <linux/random.h> 43 47 #include "ubifs-media.h" 44 48 ··· 1801 1797 #include "key.h" 1802 1798 1803 1799 #ifndef CONFIG_UBIFS_FS_ENCRYPTION 1804 - #define fscrypt_set_d_op(i) 1805 - #define fscrypt_get_ctx fscrypt_notsupp_get_ctx 1806 - #define fscrypt_release_ctx fscrypt_notsupp_release_ctx 1807 - #define fscrypt_encrypt_page fscrypt_notsupp_encrypt_page 1808 - #define fscrypt_decrypt_page fscrypt_notsupp_decrypt_page 1809 - #define fscrypt_decrypt_bio_pages fscrypt_notsupp_decrypt_bio_pages 1810 - #define fscrypt_pullback_bio_page fscrypt_notsupp_pullback_bio_page 1811 - #define fscrypt_restore_control_page fscrypt_notsupp_restore_control_page 1812 - #define fscrypt_zeroout_range fscrypt_notsupp_zeroout_range 1813 - #define fscrypt_ioctl_set_policy fscrypt_notsupp_ioctl_set_policy 1814 - #define fscrypt_ioctl_get_policy fscrypt_notsupp_ioctl_get_policy 1815 - #define fscrypt_has_permitted_context fscrypt_notsupp_has_permitted_context 1816 - #define fscrypt_inherit_context fscrypt_notsupp_inherit_context 1817 - #define fscrypt_get_encryption_info fscrypt_notsupp_get_encryption_info 1818 - #define fscrypt_put_encryption_info fscrypt_notsupp_put_encryption_info 1819 - #define fscrypt_setup_filename fscrypt_notsupp_setup_filename 1820 - #define fscrypt_free_filename fscrypt_notsupp_free_filename 1821 - #define fscrypt_fname_encrypted_size fscrypt_notsupp_fname_encrypted_size 1822 - #define fscrypt_fname_alloc_buffer fscrypt_notsupp_fname_alloc_buffer 1823 - #define fscrypt_fname_free_buffer fscrypt_notsupp_fname_free_buffer 1824 - #define fscrypt_fname_disk_to_usr fscrypt_notsupp_fname_disk_to_usr 1825 - #define fscrypt_fname_usr_to_disk fscrypt_notsupp_fname_usr_to_disk 1826 1800 static inline int ubifs_encrypt(const struct inode *inode, 1827 1801 struct ubifs_data_node *dn, 1828 1802 unsigned int in_len, unsigned int *out_len,
+146
include/linux/fscrypt_common.h
··· 1 + /* 2 + * fscrypt_common.h: common declarations for per-file encryption 3 + * 4 + * Copyright (C) 2015, Google, Inc. 5 + * 6 + * Written by Michael Halcrow, 2015. 7 + * Modified by Jaegeuk Kim, 2015. 8 + */ 9 + 10 + #ifndef _LINUX_FSCRYPT_COMMON_H 11 + #define _LINUX_FSCRYPT_COMMON_H 12 + 13 + #include <linux/key.h> 14 + #include <linux/fs.h> 15 + #include <linux/mm.h> 16 + #include <linux/bio.h> 17 + #include <linux/dcache.h> 18 + #include <crypto/skcipher.h> 19 + #include <uapi/linux/fs.h> 20 + 21 + #define FS_CRYPTO_BLOCK_SIZE 16 22 + 23 + struct fscrypt_info; 24 + 25 + struct fscrypt_ctx { 26 + union { 27 + struct { 28 + struct page *bounce_page; /* Ciphertext page */ 29 + struct page *control_page; /* Original page */ 30 + } w; 31 + struct { 32 + struct bio *bio; 33 + struct work_struct work; 34 + } r; 35 + struct list_head free_list; /* Free list */ 36 + }; 37 + u8 flags; /* Flags */ 38 + }; 39 + 40 + /** 41 + * For encrypted symlinks, the ciphertext length is stored at the beginning 42 + * of the string in little-endian format. 43 + */ 44 + struct fscrypt_symlink_data { 45 + __le16 len; 46 + char encrypted_path[1]; 47 + } __packed; 48 + 49 + /** 50 + * This function is used to calculate the disk space required to 51 + * store a filename of length l in encrypted symlink format. 52 + */ 53 + static inline u32 fscrypt_symlink_data_len(u32 l) 54 + { 55 + if (l < FS_CRYPTO_BLOCK_SIZE) 56 + l = FS_CRYPTO_BLOCK_SIZE; 57 + return (l + sizeof(struct fscrypt_symlink_data) - 1); 58 + } 59 + 60 + struct fscrypt_str { 61 + unsigned char *name; 62 + u32 len; 63 + }; 64 + 65 + struct fscrypt_name { 66 + const struct qstr *usr_fname; 67 + struct fscrypt_str disk_name; 68 + u32 hash; 69 + u32 minor_hash; 70 + struct fscrypt_str crypto_buf; 71 + }; 72 + 73 + #define FSTR_INIT(n, l) { .name = n, .len = l } 74 + #define FSTR_TO_QSTR(f) QSTR_INIT((f)->name, (f)->len) 75 + #define fname_name(p) ((p)->disk_name.name) 76 + #define fname_len(p) ((p)->disk_name.len) 77 + 78 + /* 79 + * fscrypt superblock flags 80 + */ 81 + #define FS_CFLG_OWN_PAGES (1U << 1) 82 + 83 + /* 84 + * crypto opertions for filesystems 85 + */ 86 + struct fscrypt_operations { 87 + unsigned int flags; 88 + const char *key_prefix; 89 + int (*get_context)(struct inode *, void *, size_t); 90 + int (*prepare_context)(struct inode *); 91 + int (*set_context)(struct inode *, const void *, size_t, void *); 92 + int (*dummy_context)(struct inode *); 93 + bool (*is_encrypted)(struct inode *); 94 + bool (*empty_dir)(struct inode *); 95 + unsigned (*max_namelen)(struct inode *); 96 + }; 97 + 98 + static inline bool fscrypt_dummy_context_enabled(struct inode *inode) 99 + { 100 + if (inode->i_sb->s_cop->dummy_context && 101 + inode->i_sb->s_cop->dummy_context(inode)) 102 + return true; 103 + return false; 104 + } 105 + 106 + static inline bool fscrypt_valid_contents_enc_mode(u32 mode) 107 + { 108 + return (mode == FS_ENCRYPTION_MODE_AES_256_XTS); 109 + } 110 + 111 + static inline bool fscrypt_valid_filenames_enc_mode(u32 mode) 112 + { 113 + return (mode == FS_ENCRYPTION_MODE_AES_256_CTS); 114 + } 115 + 116 + static inline bool fscrypt_is_dot_dotdot(const struct qstr *str) 117 + { 118 + if (str->len == 1 && str->name[0] == '.') 119 + return true; 120 + 121 + if (str->len == 2 && str->name[0] == '.' && str->name[1] == '.') 122 + return true; 123 + 124 + return false; 125 + } 126 + 127 + static inline struct page *fscrypt_control_page(struct page *page) 128 + { 129 + #if IS_ENABLED(CONFIG_FS_ENCRYPTION) 130 + return ((struct fscrypt_ctx *)page_private(page))->w.control_page; 131 + #else 132 + WARN_ON_ONCE(1); 133 + return ERR_PTR(-EINVAL); 134 + #endif 135 + } 136 + 137 + static inline int fscrypt_has_encryption_key(const struct inode *inode) 138 + { 139 + #if IS_ENABLED(CONFIG_FS_ENCRYPTION) 140 + return (inode->i_crypt_info != NULL); 141 + #else 142 + return 0; 143 + #endif 144 + } 145 + 146 + #endif /* _LINUX_FSCRYPT_COMMON_H */
+168
include/linux/fscrypt_notsupp.h
··· 1 + /* 2 + * fscrypt_notsupp.h 3 + * 4 + * This stubs out the fscrypt functions for filesystems configured without 5 + * encryption support. 6 + */ 7 + 8 + #ifndef _LINUX_FSCRYPT_NOTSUPP_H 9 + #define _LINUX_FSCRYPT_NOTSUPP_H 10 + 11 + #include <linux/fscrypt_common.h> 12 + 13 + /* crypto.c */ 14 + static inline struct fscrypt_ctx *fscrypt_get_ctx(const struct inode *inode, 15 + gfp_t gfp_flags) 16 + { 17 + return ERR_PTR(-EOPNOTSUPP); 18 + } 19 + 20 + static inline void fscrypt_release_ctx(struct fscrypt_ctx *ctx) 21 + { 22 + return; 23 + } 24 + 25 + static inline struct page *fscrypt_encrypt_page(const struct inode *inode, 26 + struct page *page, 27 + unsigned int len, 28 + unsigned int offs, 29 + u64 lblk_num, gfp_t gfp_flags) 30 + { 31 + return ERR_PTR(-EOPNOTSUPP); 32 + } 33 + 34 + static inline int fscrypt_decrypt_page(const struct inode *inode, 35 + struct page *page, 36 + unsigned int len, unsigned int offs, 37 + u64 lblk_num) 38 + { 39 + return -EOPNOTSUPP; 40 + } 41 + 42 + 43 + static inline void fscrypt_restore_control_page(struct page *page) 44 + { 45 + return; 46 + } 47 + 48 + static inline void fscrypt_set_d_op(struct dentry *dentry) 49 + { 50 + return; 51 + } 52 + 53 + static inline void fscrypt_set_encrypted_dentry(struct dentry *dentry) 54 + { 55 + return; 56 + } 57 + 58 + /* policy.c */ 59 + static inline int fscrypt_ioctl_set_policy(struct file *filp, 60 + const void __user *arg) 61 + { 62 + return -EOPNOTSUPP; 63 + } 64 + 65 + static inline int fscrypt_ioctl_get_policy(struct file *filp, void __user *arg) 66 + { 67 + return -EOPNOTSUPP; 68 + } 69 + 70 + static inline int fscrypt_has_permitted_context(struct inode *parent, 71 + struct inode *child) 72 + { 73 + return 0; 74 + } 75 + 76 + static inline int fscrypt_inherit_context(struct inode *parent, 77 + struct inode *child, 78 + void *fs_data, bool preload) 79 + { 80 + return -EOPNOTSUPP; 81 + } 82 + 83 + /* keyinfo.c */ 84 + static inline int fscrypt_get_encryption_info(struct inode *inode) 85 + { 86 + return -EOPNOTSUPP; 87 + } 88 + 89 + static inline void fscrypt_put_encryption_info(struct inode *inode, 90 + struct fscrypt_info *ci) 91 + { 92 + return; 93 + } 94 + 95 + /* fname.c */ 96 + static inline int fscrypt_setup_filename(struct inode *dir, 97 + const struct qstr *iname, 98 + int lookup, struct fscrypt_name *fname) 99 + { 100 + if (dir->i_sb->s_cop->is_encrypted(dir)) 101 + return -EOPNOTSUPP; 102 + 103 + memset(fname, 0, sizeof(struct fscrypt_name)); 104 + fname->usr_fname = iname; 105 + fname->disk_name.name = (unsigned char *)iname->name; 106 + fname->disk_name.len = iname->len; 107 + return 0; 108 + } 109 + 110 + static inline void fscrypt_free_filename(struct fscrypt_name *fname) 111 + { 112 + return; 113 + } 114 + 115 + static inline u32 fscrypt_fname_encrypted_size(const struct inode *inode, 116 + u32 ilen) 117 + { 118 + /* never happens */ 119 + WARN_ON(1); 120 + return 0; 121 + } 122 + 123 + static inline int fscrypt_fname_alloc_buffer(const struct inode *inode, 124 + u32 ilen, 125 + struct fscrypt_str *crypto_str) 126 + { 127 + return -EOPNOTSUPP; 128 + } 129 + 130 + static inline void fscrypt_fname_free_buffer(struct fscrypt_str *crypto_str) 131 + { 132 + return; 133 + } 134 + 135 + static inline int fscrypt_fname_disk_to_usr(struct inode *inode, 136 + u32 hash, u32 minor_hash, 137 + const struct fscrypt_str *iname, 138 + struct fscrypt_str *oname) 139 + { 140 + return -EOPNOTSUPP; 141 + } 142 + 143 + static inline int fscrypt_fname_usr_to_disk(struct inode *inode, 144 + const struct qstr *iname, 145 + struct fscrypt_str *oname) 146 + { 147 + return -EOPNOTSUPP; 148 + } 149 + 150 + /* bio.c */ 151 + static inline void fscrypt_decrypt_bio_pages(struct fscrypt_ctx *ctx, 152 + struct bio *bio) 153 + { 154 + return; 155 + } 156 + 157 + static inline void fscrypt_pullback_bio_page(struct page **page, bool restore) 158 + { 159 + return; 160 + } 161 + 162 + static inline int fscrypt_zeroout_range(const struct inode *inode, pgoff_t lblk, 163 + sector_t pblk, unsigned int len) 164 + { 165 + return -EOPNOTSUPP; 166 + } 167 + 168 + #endif /* _LINUX_FSCRYPT_NOTSUPP_H */
+66
include/linux/fscrypt_supp.h
··· 1 + /* 2 + * fscrypt_supp.h 3 + * 4 + * This is included by filesystems configured with encryption support. 5 + */ 6 + 7 + #ifndef _LINUX_FSCRYPT_SUPP_H 8 + #define _LINUX_FSCRYPT_SUPP_H 9 + 10 + #include <linux/fscrypt_common.h> 11 + 12 + /* crypto.c */ 13 + extern struct kmem_cache *fscrypt_info_cachep; 14 + extern struct fscrypt_ctx *fscrypt_get_ctx(const struct inode *, gfp_t); 15 + extern void fscrypt_release_ctx(struct fscrypt_ctx *); 16 + extern struct page *fscrypt_encrypt_page(const struct inode *, struct page *, 17 + unsigned int, unsigned int, 18 + u64, gfp_t); 19 + extern int fscrypt_decrypt_page(const struct inode *, struct page *, unsigned int, 20 + unsigned int, u64); 21 + extern void fscrypt_restore_control_page(struct page *); 22 + 23 + extern const struct dentry_operations fscrypt_d_ops; 24 + 25 + static inline void fscrypt_set_d_op(struct dentry *dentry) 26 + { 27 + d_set_d_op(dentry, &fscrypt_d_ops); 28 + } 29 + 30 + static inline void fscrypt_set_encrypted_dentry(struct dentry *dentry) 31 + { 32 + spin_lock(&dentry->d_lock); 33 + dentry->d_flags |= DCACHE_ENCRYPTED_WITH_KEY; 34 + spin_unlock(&dentry->d_lock); 35 + } 36 + 37 + /* policy.c */ 38 + extern int fscrypt_ioctl_set_policy(struct file *, const void __user *); 39 + extern int fscrypt_ioctl_get_policy(struct file *, void __user *); 40 + extern int fscrypt_has_permitted_context(struct inode *, struct inode *); 41 + extern int fscrypt_inherit_context(struct inode *, struct inode *, 42 + void *, bool); 43 + /* keyinfo.c */ 44 + extern int fscrypt_get_encryption_info(struct inode *); 45 + extern void fscrypt_put_encryption_info(struct inode *, struct fscrypt_info *); 46 + 47 + /* fname.c */ 48 + extern int fscrypt_setup_filename(struct inode *, const struct qstr *, 49 + int lookup, struct fscrypt_name *); 50 + extern void fscrypt_free_filename(struct fscrypt_name *); 51 + extern u32 fscrypt_fname_encrypted_size(const struct inode *, u32); 52 + extern int fscrypt_fname_alloc_buffer(const struct inode *, u32, 53 + struct fscrypt_str *); 54 + extern void fscrypt_fname_free_buffer(struct fscrypt_str *); 55 + extern int fscrypt_fname_disk_to_usr(struct inode *, u32, u32, 56 + const struct fscrypt_str *, struct fscrypt_str *); 57 + extern int fscrypt_fname_usr_to_disk(struct inode *, const struct qstr *, 58 + struct fscrypt_str *); 59 + 60 + /* bio.c */ 61 + extern void fscrypt_decrypt_bio_pages(struct fscrypt_ctx *, struct bio *); 62 + extern void fscrypt_pullback_bio_page(struct page **, bool); 63 + extern int fscrypt_zeroout_range(const struct inode *, pgoff_t, sector_t, 64 + unsigned int); 65 + 66 + #endif /* _LINUX_FSCRYPT_SUPP_H */
-347
include/linux/fscrypto.h
··· 1 - /* 2 - * General per-file encryption definition 3 - * 4 - * Copyright (C) 2015, Google, Inc. 5 - * 6 - * Written by Michael Halcrow, 2015. 7 - * Modified by Jaegeuk Kim, 2015. 8 - */ 9 - 10 - #ifndef _LINUX_FSCRYPTO_H 11 - #define _LINUX_FSCRYPTO_H 12 - 13 - #include <linux/key.h> 14 - #include <linux/fs.h> 15 - #include <linux/mm.h> 16 - #include <linux/bio.h> 17 - #include <linux/dcache.h> 18 - #include <crypto/skcipher.h> 19 - #include <uapi/linux/fs.h> 20 - 21 - #define FS_CRYPTO_BLOCK_SIZE 16 22 - 23 - struct fscrypt_info; 24 - 25 - struct fscrypt_ctx { 26 - union { 27 - struct { 28 - struct page *bounce_page; /* Ciphertext page */ 29 - struct page *control_page; /* Original page */ 30 - } w; 31 - struct { 32 - struct bio *bio; 33 - struct work_struct work; 34 - } r; 35 - struct list_head free_list; /* Free list */ 36 - }; 37 - u8 flags; /* Flags */ 38 - }; 39 - 40 - /** 41 - * For encrypted symlinks, the ciphertext length is stored at the beginning 42 - * of the string in little-endian format. 43 - */ 44 - struct fscrypt_symlink_data { 45 - __le16 len; 46 - char encrypted_path[1]; 47 - } __packed; 48 - 49 - /** 50 - * This function is used to calculate the disk space required to 51 - * store a filename of length l in encrypted symlink format. 52 - */ 53 - static inline u32 fscrypt_symlink_data_len(u32 l) 54 - { 55 - if (l < FS_CRYPTO_BLOCK_SIZE) 56 - l = FS_CRYPTO_BLOCK_SIZE; 57 - return (l + sizeof(struct fscrypt_symlink_data) - 1); 58 - } 59 - 60 - struct fscrypt_str { 61 - unsigned char *name; 62 - u32 len; 63 - }; 64 - 65 - struct fscrypt_name { 66 - const struct qstr *usr_fname; 67 - struct fscrypt_str disk_name; 68 - u32 hash; 69 - u32 minor_hash; 70 - struct fscrypt_str crypto_buf; 71 - }; 72 - 73 - #define FSTR_INIT(n, l) { .name = n, .len = l } 74 - #define FSTR_TO_QSTR(f) QSTR_INIT((f)->name, (f)->len) 75 - #define fname_name(p) ((p)->disk_name.name) 76 - #define fname_len(p) ((p)->disk_name.len) 77 - 78 - /* 79 - * fscrypt superblock flags 80 - */ 81 - #define FS_CFLG_OWN_PAGES (1U << 1) 82 - 83 - /* 84 - * crypto opertions for filesystems 85 - */ 86 - struct fscrypt_operations { 87 - unsigned int flags; 88 - const char *key_prefix; 89 - int (*get_context)(struct inode *, void *, size_t); 90 - int (*prepare_context)(struct inode *); 91 - int (*set_context)(struct inode *, const void *, size_t, void *); 92 - int (*dummy_context)(struct inode *); 93 - bool (*is_encrypted)(struct inode *); 94 - bool (*empty_dir)(struct inode *); 95 - unsigned (*max_namelen)(struct inode *); 96 - }; 97 - 98 - static inline bool fscrypt_dummy_context_enabled(struct inode *inode) 99 - { 100 - if (inode->i_sb->s_cop->dummy_context && 101 - inode->i_sb->s_cop->dummy_context(inode)) 102 - return true; 103 - return false; 104 - } 105 - 106 - static inline bool fscrypt_valid_contents_enc_mode(u32 mode) 107 - { 108 - return (mode == FS_ENCRYPTION_MODE_AES_256_XTS); 109 - } 110 - 111 - static inline bool fscrypt_valid_filenames_enc_mode(u32 mode) 112 - { 113 - return (mode == FS_ENCRYPTION_MODE_AES_256_CTS); 114 - } 115 - 116 - static inline bool fscrypt_is_dot_dotdot(const struct qstr *str) 117 - { 118 - if (str->len == 1 && str->name[0] == '.') 119 - return true; 120 - 121 - if (str->len == 2 && str->name[0] == '.' && str->name[1] == '.') 122 - return true; 123 - 124 - return false; 125 - } 126 - 127 - static inline struct page *fscrypt_control_page(struct page *page) 128 - { 129 - #if IS_ENABLED(CONFIG_FS_ENCRYPTION) 130 - return ((struct fscrypt_ctx *)page_private(page))->w.control_page; 131 - #else 132 - WARN_ON_ONCE(1); 133 - return ERR_PTR(-EINVAL); 134 - #endif 135 - } 136 - 137 - static inline int fscrypt_has_encryption_key(const struct inode *inode) 138 - { 139 - #if IS_ENABLED(CONFIG_FS_ENCRYPTION) 140 - return (inode->i_crypt_info != NULL); 141 - #else 142 - return 0; 143 - #endif 144 - } 145 - 146 - static inline void fscrypt_set_encrypted_dentry(struct dentry *dentry) 147 - { 148 - #if IS_ENABLED(CONFIG_FS_ENCRYPTION) 149 - spin_lock(&dentry->d_lock); 150 - dentry->d_flags |= DCACHE_ENCRYPTED_WITH_KEY; 151 - spin_unlock(&dentry->d_lock); 152 - #endif 153 - } 154 - 155 - #if IS_ENABLED(CONFIG_FS_ENCRYPTION) 156 - extern const struct dentry_operations fscrypt_d_ops; 157 - #endif 158 - 159 - static inline void fscrypt_set_d_op(struct dentry *dentry) 160 - { 161 - #if IS_ENABLED(CONFIG_FS_ENCRYPTION) 162 - d_set_d_op(dentry, &fscrypt_d_ops); 163 - #endif 164 - } 165 - 166 - #if IS_ENABLED(CONFIG_FS_ENCRYPTION) 167 - /* crypto.c */ 168 - extern struct kmem_cache *fscrypt_info_cachep; 169 - extern struct fscrypt_ctx *fscrypt_get_ctx(const struct inode *, gfp_t); 170 - extern void fscrypt_release_ctx(struct fscrypt_ctx *); 171 - extern struct page *fscrypt_encrypt_page(const struct inode *, struct page *, 172 - unsigned int, unsigned int, 173 - u64, gfp_t); 174 - extern int fscrypt_decrypt_page(const struct inode *, struct page *, unsigned int, 175 - unsigned int, u64); 176 - extern void fscrypt_restore_control_page(struct page *); 177 - 178 - /* policy.c */ 179 - extern int fscrypt_ioctl_set_policy(struct file *, const void __user *); 180 - extern int fscrypt_ioctl_get_policy(struct file *, void __user *); 181 - extern int fscrypt_has_permitted_context(struct inode *, struct inode *); 182 - extern int fscrypt_inherit_context(struct inode *, struct inode *, 183 - void *, bool); 184 - /* keyinfo.c */ 185 - extern int fscrypt_get_encryption_info(struct inode *); 186 - extern void fscrypt_put_encryption_info(struct inode *, struct fscrypt_info *); 187 - 188 - /* fname.c */ 189 - extern int fscrypt_setup_filename(struct inode *, const struct qstr *, 190 - int lookup, struct fscrypt_name *); 191 - extern void fscrypt_free_filename(struct fscrypt_name *); 192 - extern u32 fscrypt_fname_encrypted_size(const struct inode *, u32); 193 - extern int fscrypt_fname_alloc_buffer(const struct inode *, u32, 194 - struct fscrypt_str *); 195 - extern void fscrypt_fname_free_buffer(struct fscrypt_str *); 196 - extern int fscrypt_fname_disk_to_usr(struct inode *, u32, u32, 197 - const struct fscrypt_str *, struct fscrypt_str *); 198 - extern int fscrypt_fname_usr_to_disk(struct inode *, const struct qstr *, 199 - struct fscrypt_str *); 200 - 201 - /* bio.c */ 202 - extern void fscrypt_decrypt_bio_pages(struct fscrypt_ctx *, struct bio *); 203 - extern void fscrypt_pullback_bio_page(struct page **, bool); 204 - extern int fscrypt_zeroout_range(const struct inode *, pgoff_t, sector_t, 205 - unsigned int); 206 - #endif 207 - 208 - /* crypto.c */ 209 - static inline struct fscrypt_ctx *fscrypt_notsupp_get_ctx(const struct inode *i, 210 - gfp_t f) 211 - { 212 - return ERR_PTR(-EOPNOTSUPP); 213 - } 214 - 215 - static inline void fscrypt_notsupp_release_ctx(struct fscrypt_ctx *c) 216 - { 217 - return; 218 - } 219 - 220 - static inline struct page *fscrypt_notsupp_encrypt_page(const struct inode *i, 221 - struct page *p, 222 - unsigned int len, 223 - unsigned int offs, 224 - u64 lblk_num, gfp_t f) 225 - { 226 - return ERR_PTR(-EOPNOTSUPP); 227 - } 228 - 229 - static inline int fscrypt_notsupp_decrypt_page(const struct inode *i, struct page *p, 230 - unsigned int len, unsigned int offs, 231 - u64 lblk_num) 232 - { 233 - return -EOPNOTSUPP; 234 - } 235 - 236 - static inline void fscrypt_notsupp_decrypt_bio_pages(struct fscrypt_ctx *c, 237 - struct bio *b) 238 - { 239 - return; 240 - } 241 - 242 - static inline void fscrypt_notsupp_pullback_bio_page(struct page **p, bool b) 243 - { 244 - return; 245 - } 246 - 247 - static inline void fscrypt_notsupp_restore_control_page(struct page *p) 248 - { 249 - return; 250 - } 251 - 252 - static inline int fscrypt_notsupp_zeroout_range(const struct inode *i, pgoff_t p, 253 - sector_t s, unsigned int f) 254 - { 255 - return -EOPNOTSUPP; 256 - } 257 - 258 - /* policy.c */ 259 - static inline int fscrypt_notsupp_ioctl_set_policy(struct file *f, 260 - const void __user *arg) 261 - { 262 - return -EOPNOTSUPP; 263 - } 264 - 265 - static inline int fscrypt_notsupp_ioctl_get_policy(struct file *f, 266 - void __user *arg) 267 - { 268 - return -EOPNOTSUPP; 269 - } 270 - 271 - static inline int fscrypt_notsupp_has_permitted_context(struct inode *p, 272 - struct inode *i) 273 - { 274 - return 0; 275 - } 276 - 277 - static inline int fscrypt_notsupp_inherit_context(struct inode *p, 278 - struct inode *i, void *v, bool b) 279 - { 280 - return -EOPNOTSUPP; 281 - } 282 - 283 - /* keyinfo.c */ 284 - static inline int fscrypt_notsupp_get_encryption_info(struct inode *i) 285 - { 286 - return -EOPNOTSUPP; 287 - } 288 - 289 - static inline void fscrypt_notsupp_put_encryption_info(struct inode *i, 290 - struct fscrypt_info *f) 291 - { 292 - return; 293 - } 294 - 295 - /* fname.c */ 296 - static inline int fscrypt_notsupp_setup_filename(struct inode *dir, 297 - const struct qstr *iname, 298 - int lookup, struct fscrypt_name *fname) 299 - { 300 - if (dir->i_sb->s_cop->is_encrypted(dir)) 301 - return -EOPNOTSUPP; 302 - 303 - memset(fname, 0, sizeof(struct fscrypt_name)); 304 - fname->usr_fname = iname; 305 - fname->disk_name.name = (unsigned char *)iname->name; 306 - fname->disk_name.len = iname->len; 307 - return 0; 308 - } 309 - 310 - static inline void fscrypt_notsupp_free_filename(struct fscrypt_name *fname) 311 - { 312 - return; 313 - } 314 - 315 - static inline u32 fscrypt_notsupp_fname_encrypted_size(struct inode *i, u32 s) 316 - { 317 - /* never happens */ 318 - WARN_ON(1); 319 - return 0; 320 - } 321 - 322 - static inline int fscrypt_notsupp_fname_alloc_buffer(struct inode *inode, 323 - u32 ilen, struct fscrypt_str *crypto_str) 324 - { 325 - return -EOPNOTSUPP; 326 - } 327 - 328 - static inline void fscrypt_notsupp_fname_free_buffer(struct fscrypt_str *c) 329 - { 330 - return; 331 - } 332 - 333 - static inline int fscrypt_notsupp_fname_disk_to_usr(struct inode *inode, 334 - u32 hash, u32 minor_hash, 335 - const struct fscrypt_str *iname, 336 - struct fscrypt_str *oname) 337 - { 338 - return -EOPNOTSUPP; 339 - } 340 - 341 - static inline int fscrypt_notsupp_fname_usr_to_disk(struct inode *inode, 342 - const struct qstr *iname, 343 - struct fscrypt_str *oname) 344 - { 345 - return -EOPNOTSUPP; 346 - } 347 - #endif /* _LINUX_FSCRYPTO_H */