1 // SPDX-License-Identifier: GPL-2.0-only
5  * Encryption hooks for higher-level filesystem operations.
11  * fscrypt_file_open() - prepare to open a possibly-encrypted regular file
13  * @filp: the struct file being set up
15  * Currently, an encrypted regular file can only be opened if its encryption key
17  * Therefore, we first set up the inode's encryption key (if not already done)
28  * Return: 0 on success, -ENOKEY if the key is missing, or another -errno code
44 			     d_inode(dir)->i_ino);  in fscrypt_file_open()
45 		err = -EPERM;  in fscrypt_file_open()
61 	/* ... in case we looked up no-key name before key was added */  in __fscrypt_prepare_link()
63 		return -ENOKEY;  in __fscrypt_prepare_link()
66 		return -EXDEV;  in __fscrypt_prepare_link()
86 	/* ... in case we looked up no-key name(s) before key was added */  in __fscrypt_prepare_rename()
89 		return -ENOKEY;  in __fscrypt_prepare_rename()
95 			return -EXDEV;  in __fscrypt_prepare_rename()
101 			return -EXDEV;  in __fscrypt_prepare_rename()
110 	int err = fscrypt_setup_filename(dir, &dentry->d_name, 1, fname);  in __fscrypt_prepare_lookup()
112 	if (err && err != -ENOENT)  in __fscrypt_prepare_lookup()
115 	if (fname->is_nokey_name) {  in __fscrypt_prepare_lookup()
116 		spin_lock(&dentry->d_lock);  in __fscrypt_prepare_lookup()
117 		dentry->d_flags |= DCACHE_NOKEY_NAME;  in __fscrypt_prepare_lookup()
118 		spin_unlock(&dentry->d_lock);  in __fscrypt_prepare_lookup()
126  * fscrypt_prepare_setflags() - prepare to change flags with FS_IOC_SETFLAGS
133  * Return: 0 on success; -errno if the flags change isn't allowed or if
145 	 * derive the secret key needed for the dirhash.  This is only possible  in fscrypt_prepare_setflags()
152 		ci = inode->i_crypt_info;  in fscrypt_prepare_setflags()
153 		if (ci->ci_policy.version != FSCRYPT_POLICY_V2)  in fscrypt_prepare_setflags()
154 			return -EINVAL;  in fscrypt_prepare_setflags()
155 		mk = ci->ci_master_key;  in fscrypt_prepare_setflags()
156 		down_read(&mk->mk_sem);  in fscrypt_prepare_setflags()
157 		if (is_master_key_secret_present(&mk->mk_secret))  in fscrypt_prepare_setflags()
160 			err = -ENOKEY;  in fscrypt_prepare_setflags()
161 		up_read(&mk->mk_sem);  in fscrypt_prepare_setflags()
168  * fscrypt_prepare_symlink() - prepare to create a possibly-encrypted symlink
173  * @disk_link: (out) the on-disk symlink target being prepared
175  * This function computes the size the symlink target will require on-disk,
176  * stores it in @disk_link->len, and validates it against @max_len.  An
179  * Additionally, @disk_link->name is set to @target if the symlink will be
182  * on-disk target later.  (The reason for the two-step process is that some
186  * Return: 0 on success, -ENAMETOOLONG if the symlink target is too long,
187  * -ENOKEY if the encryption key is missing, or another -errno code if a problem
188  * occurred while setting up the encryption key.
204 		disk_link->name = (unsigned char *)target;  in fscrypt_prepare_symlink()
205 		disk_link->len = len + 1;  in fscrypt_prepare_symlink()
206 		if (disk_link->len > max_len)  in fscrypt_prepare_symlink()
207 			return -ENAMETOOLONG;  in fscrypt_prepare_symlink()
225 					  max_len - sizeof(struct fscrypt_symlink_data),  in fscrypt_prepare_symlink()
226 					  &disk_link->len))  in fscrypt_prepare_symlink()
227 		return -ENAMETOOLONG;  in fscrypt_prepare_symlink()
228 	disk_link->len += sizeof(struct fscrypt_symlink_data);  in fscrypt_prepare_symlink()
230 	disk_link->name = NULL;  in fscrypt_prepare_symlink()
244 	 * fscrypt_prepare_new_inode() should have already set up the new  in __fscrypt_encrypt_symlink()
245 	 * symlink inode's encryption key.  We don't wait until now to do it,  in __fscrypt_encrypt_symlink()
249 		return -ENOKEY;  in __fscrypt_encrypt_symlink()
251 	if (disk_link->name) {  in __fscrypt_encrypt_symlink()
252 		/* filesystem-provided buffer */  in __fscrypt_encrypt_symlink()
253 		sd = (struct fscrypt_symlink_data *)disk_link->name;  in __fscrypt_encrypt_symlink()
255 		sd = kmalloc(disk_link->len, GFP_NOFS);  in __fscrypt_encrypt_symlink()
257 			return -ENOMEM;  in __fscrypt_encrypt_symlink()
259 	ciphertext_len = disk_link->len - sizeof(*sd);  in __fscrypt_encrypt_symlink()
260 	sd->len = cpu_to_le16(ciphertext_len);  in __fscrypt_encrypt_symlink()
262 	err = fscrypt_fname_encrypt(inode, &iname, sd->encrypted_path,  in __fscrypt_encrypt_symlink()
268 	 * Null-terminating the ciphertext doesn't make sense, but we still  in __fscrypt_encrypt_symlink()
272 	sd->encrypted_path[ciphertext_len] = '\0';  in __fscrypt_encrypt_symlink()
275 	err = -ENOMEM;  in __fscrypt_encrypt_symlink()
276 	inode->i_link = kmemdup(target, len + 1, GFP_NOFS);  in __fscrypt_encrypt_symlink()
277 	if (!inode->i_link)  in __fscrypt_encrypt_symlink()
280 	if (!disk_link->name)  in __fscrypt_encrypt_symlink()
281 		disk_link->name = (unsigned char *)sd;  in __fscrypt_encrypt_symlink()
285 	if (!disk_link->name)  in __fscrypt_encrypt_symlink()
292  * fscrypt_get_symlink() - get the target of an encrypted symlink
294  * @caddr: the on-disk contents of the symlink
296  * @done: if successful, will be set up to free the returned target if needed
298  * If the symlink's encryption key is available, we decrypt its target.
316 		return ERR_PTR(-EINVAL);  in fscrypt_get_symlink()
319 	pstr.name = READ_ONCE(inode->i_link);  in fscrypt_get_symlink()
324 	 * Try to set up the symlink's encryption key, but we can continue  in fscrypt_get_symlink()
325 	 * regardless of whether the key is available or not.  in fscrypt_get_symlink()
338 		return ERR_PTR(-EUCLEAN);  in fscrypt_get_symlink()
340 	cstr.name = (unsigned char *)sd->encrypted_path;  in fscrypt_get_symlink()
341 	cstr.len = le16_to_cpu(sd->len);  in fscrypt_get_symlink()
344 		return ERR_PTR(-EUCLEAN);  in fscrypt_get_symlink()
346 	if (cstr.len + sizeof(*sd) - 1 > max_size)  in fscrypt_get_symlink()
347 		return ERR_PTR(-EUCLEAN);  in fscrypt_get_symlink()
357 	err = -EUCLEAN;  in fscrypt_get_symlink()
365 	 * symlink targets encoded without the key, since those become outdated  in fscrypt_get_symlink()
366 	 * once the key is added.  This pairs with the READ_ONCE() above and in  in fscrypt_get_symlink()
370 	    cmpxchg_release(&inode->i_link, NULL, pstr.name) != NULL)  in fscrypt_get_symlink()
382  * fscrypt_symlink_getattr() - set the correct st_size for encrypted symlinks
387  * symlink target (or the no-key encoded symlink target, if the key is
392  * This requires reading the symlink target from disk if needed, setting up the
393  * inode's encryption key if possible, and then decrypting or encoding the
395  * case.  However, decrypted symlink targets will be cached in ->i_link, so
399  * Return: 0 on success, -errno on failure
403 	struct dentry *dentry = path->dentry;  in fscrypt_symlink_getattr()
410 	 * decrypted target or the no-key encoded target), we can just get it in  in fscrypt_symlink_getattr()
413 	link = READ_ONCE(inode->i_link);  in fscrypt_symlink_getattr()
415 		link = inode->i_op->get_link(dentry, inode, &done);  in fscrypt_symlink_getattr()
419 	stat->size = strlen(link);  in fscrypt_symlink_getattr()