1 /* SPDX-License-Identifier: GPL-2.0 */
2 /*
3 * fscrypt.h: declarations for per-file encryption
4 *
5 * Filesystems that implement per-file encryption must include this header
6 * file.
7 *
8 * Copyright (C) 2015, Google, Inc.
9 *
10 * Written by Michael Halcrow, 2015.
11 * Modified by Jaegeuk Kim, 2015.
12 */
13 #ifndef _LINUX_FSCRYPT_H
14 #define _LINUX_FSCRYPT_H
15
16 #include <linux/fs.h>
17 #include <linux/mm.h>
18 #include <linux/slab.h>
19 #include <uapi/linux/fscrypt.h>
20 #include <linux/android_kabi.h>
21
22 /*
23 * The lengths of all file contents blocks must be divisible by this value.
24 * This is needed to ensure that all contents encryption modes will work, as
25 * some of the supported modes don't support arbitrarily byte-aligned messages.
26 *
27 * Since the needed alignment is 16 bytes, most filesystems will meet this
28 * requirement naturally, as typical block sizes are powers of 2. However, if a
29 * filesystem can generate arbitrarily byte-aligned block lengths (e.g., via
30 * compression), then it will need to pad to this alignment before encryption.
31 */
32 #define FSCRYPT_CONTENTS_ALIGNMENT 16
33
34 union fscrypt_policy;
35 struct fscrypt_inode_info;
36 struct fs_parameter;
37 struct seq_file;
38
39 struct fscrypt_str {
40 unsigned char *name;
41 u32 len;
42 };
43
44 struct fscrypt_name {
45 const struct qstr *usr_fname;
46 struct fscrypt_str disk_name;
47 u32 hash;
48 u32 minor_hash;
49 struct fscrypt_str crypto_buf;
50 bool is_nokey_name;
51 };
52
53 #define FSTR_INIT(n, l) { .name = n, .len = l }
54 #define FSTR_TO_QSTR(f) QSTR_INIT((f)->name, (f)->len)
55 #define fname_name(p) ((p)->disk_name.name)
56 #define fname_len(p) ((p)->disk_name.len)
57
58 /* Maximum value for the third parameter of fscrypt_operations.set_context(). */
59 #define FSCRYPT_SET_CONTEXT_MAX_SIZE 40
60
61 #ifdef CONFIG_FS_ENCRYPTION
62
63 /* Crypto operations for filesystems */
64 struct fscrypt_operations {
65
66 /*
67 * If set, then fs/crypto/ will allocate a global bounce page pool the
68 * first time an encryption key is set up for a file. The bounce page
69 * pool is required by the following functions:
70 *
71 * - fscrypt_encrypt_pagecache_blocks()
72 * - fscrypt_zeroout_range() for files not using inline crypto
73 *
74 * If the filesystem doesn't use those, it doesn't need to set this.
75 */
76 unsigned int needs_bounce_pages : 1;
77
78 /*
79 * If set, then fs/crypto/ will allow the use of encryption settings
80 * that assume inode numbers fit in 32 bits (i.e.
81 * FSCRYPT_POLICY_FLAG_IV_INO_LBLK_{32,64}), provided that the other
82 * prerequisites for these settings are also met. This is only useful
83 * if the filesystem wants to support inline encryption hardware that is
84 * limited to 32-bit or 64-bit data unit numbers and where programming
85 * keyslots is very slow.
86 */
87 unsigned int has_32bit_inodes : 1;
88
89 /*
90 * If set, then fs/crypto/ will allow users to select a crypto data unit
91 * size that is less than the filesystem block size. This is done via
92 * the log2_data_unit_size field of the fscrypt policy. This flag is
93 * not compatible with filesystems that encrypt variable-length blocks
94 * (i.e. blocks that aren't all equal to filesystem's block size), for
95 * example as a result of compression. It's also not compatible with
96 * the fscrypt_encrypt_block_inplace() and
97 * fscrypt_decrypt_block_inplace() functions.
98 */
99 unsigned int supports_subblock_data_units : 1;
100
101 /*
102 * This field exists only for backwards compatibility reasons and should
103 * only be set by the filesystems that are setting it already. It
104 * contains the filesystem-specific key description prefix that is
105 * accepted for "logon" keys for v1 fscrypt policies. This
106 * functionality is deprecated in favor of the generic prefix
107 * "fscrypt:", which itself is deprecated in favor of the filesystem
108 * keyring ioctls such as FS_IOC_ADD_ENCRYPTION_KEY. Filesystems that
109 * are newly adding fscrypt support should not set this field.
110 */
111 const char *legacy_key_prefix;
112
113 /*
114 * Get the fscrypt context of the given inode.
115 *
116 * @inode: the inode whose context to get
117 * @ctx: the buffer into which to get the context
118 * @len: length of the @ctx buffer in bytes
119 *
120 * Return: On success, returns the length of the context in bytes; this
121 * may be less than @len. On failure, returns -ENODATA if the
122 * inode doesn't have a context, -ERANGE if the context is
123 * longer than @len, or another -errno code.
124 */
125 int (*get_context)(struct inode *inode, void *ctx, size_t len);
126
127 /*
128 * Set an fscrypt context on the given inode.
129 *
130 * @inode: the inode whose context to set. The inode won't already have
131 * an fscrypt context.
132 * @ctx: the context to set
133 * @len: length of @ctx in bytes (at most FSCRYPT_SET_CONTEXT_MAX_SIZE)
134 * @fs_data: If called from fscrypt_set_context(), this will be the
135 * value the filesystem passed to fscrypt_set_context().
136 * Otherwise (i.e. when called from
137 * FS_IOC_SET_ENCRYPTION_POLICY) this will be NULL.
138 *
139 * i_rwsem will be held for write.
140 *
141 * Return: 0 on success, -errno on failure.
142 */
143 int (*set_context)(struct inode *inode, const void *ctx, size_t len,
144 void *fs_data);
145
146 /*
147 * Get the dummy fscrypt policy in use on the filesystem (if any).
148 *
149 * Filesystems only need to implement this function if they support the
150 * test_dummy_encryption mount option.
151 *
152 * Return: A pointer to the dummy fscrypt policy, if the filesystem is
153 * mounted with test_dummy_encryption; otherwise NULL.
154 */
155 const union fscrypt_policy *(*get_dummy_policy)(struct super_block *sb);
156
157 /*
158 * Check whether a directory is empty. i_rwsem will be held for write.
159 */
160 bool (*empty_dir)(struct inode *inode);
161
162 /*
163 * Check whether the filesystem's inode numbers and UUID are stable,
164 * meaning that they will never be changed even by offline operations
165 * such as filesystem shrinking and therefore can be used in the
166 * encryption without the possibility of files becoming unreadable.
167 *
168 * Filesystems only need to implement this function if they want to
169 * support the FSCRYPT_POLICY_FLAG_IV_INO_LBLK_{32,64} flags. These
170 * flags are designed to work around the limitations of UFS and eMMC
171 * inline crypto hardware, and they shouldn't be used in scenarios where
172 * such hardware isn't being used.
173 *
174 * Leaving this NULL is equivalent to always returning false.
175 */
176 bool (*has_stable_inodes)(struct super_block *sb);
177
178 /*
179 * Return an array of pointers to the block devices to which the
180 * filesystem may write encrypted file contents, NULL if the filesystem
181 * only has a single such block device, or an ERR_PTR() on error.
182 *
183 * On successful non-NULL return, *num_devs is set to the number of
184 * devices in the returned array. The caller must free the returned
185 * array using kfree().
186 *
187 * If the filesystem can use multiple block devices (other than block
188 * devices that aren't used for encrypted file contents, such as
189 * external journal devices), and wants to support inline encryption,
190 * then it must implement this function. Otherwise it's not needed.
191 */
192 struct block_device **(*get_devices)(struct super_block *sb,
193 unsigned int *num_devs);
194
195 ANDROID_KABI_RESERVE(1);
196 ANDROID_KABI_RESERVE(2);
197 ANDROID_KABI_RESERVE(3);
198 ANDROID_KABI_RESERVE(4);
199
200 ANDROID_OEM_DATA_ARRAY(1, 4);
201 };
202
203 int fscrypt_d_revalidate(struct dentry *dentry, unsigned int flags);
204
205 static inline struct fscrypt_inode_info *
fscrypt_get_inode_info(const struct inode * inode)206 fscrypt_get_inode_info(const struct inode *inode)
207 {
208 /*
209 * Pairs with the cmpxchg_release() in fscrypt_setup_encryption_info().
210 * I.e., another task may publish ->i_crypt_info concurrently, executing
211 * a RELEASE barrier. We need to use smp_load_acquire() here to safely
212 * ACQUIRE the memory the other task published.
213 */
214 return smp_load_acquire(&inode->i_crypt_info);
215 }
216
217 /**
218 * fscrypt_needs_contents_encryption() - check whether an inode needs
219 * contents encryption
220 * @inode: the inode to check
221 *
222 * Return: %true iff the inode is an encrypted regular file and the kernel was
223 * built with fscrypt support.
224 *
225 * If you need to know whether the encrypt bit is set even when the kernel was
226 * built without fscrypt support, you must use IS_ENCRYPTED() directly instead.
227 */
fscrypt_needs_contents_encryption(const struct inode * inode)228 static inline bool fscrypt_needs_contents_encryption(const struct inode *inode)
229 {
230 return IS_ENCRYPTED(inode) && S_ISREG(inode->i_mode);
231 }
232
233 /*
234 * When d_splice_alias() moves a directory's no-key alias to its
235 * plaintext alias as a result of the encryption key being added,
236 * DCACHE_NOKEY_NAME must be cleared and there might be an opportunity
237 * to disable d_revalidate. Note that we don't have to support the
238 * inverse operation because fscrypt doesn't allow no-key names to be
239 * the source or target of a rename().
240 */
fscrypt_handle_d_move(struct dentry * dentry)241 static inline void fscrypt_handle_d_move(struct dentry *dentry)
242 {
243 /*
244 * VFS calls fscrypt_handle_d_move even for non-fscrypt
245 * filesystems.
246 */
247 if (dentry->d_flags & DCACHE_NOKEY_NAME) {
248 dentry->d_flags &= ~DCACHE_NOKEY_NAME;
249
250 /*
251 * Other filesystem features might be handling dentry
252 * revalidation, in which case it cannot be disabled.
253 */
254 if (dentry->d_op->d_revalidate == fscrypt_d_revalidate)
255 dentry->d_flags &= ~DCACHE_OP_REVALIDATE;
256 }
257 }
258
259 /**
260 * fscrypt_is_nokey_name() - test whether a dentry is a no-key name
261 * @dentry: the dentry to check
262 *
263 * This returns true if the dentry is a no-key dentry. A no-key dentry is a
264 * dentry that was created in an encrypted directory that hasn't had its
265 * encryption key added yet. Such dentries may be either positive or negative.
266 *
267 * When a filesystem is asked to create a new filename in an encrypted directory
268 * and the new filename's dentry is a no-key dentry, it must fail the operation
269 * with ENOKEY. This includes ->create(), ->mkdir(), ->mknod(), ->symlink(),
270 * ->rename(), and ->link(). (However, ->rename() and ->link() are already
271 * handled by fscrypt_prepare_rename() and fscrypt_prepare_link().)
272 *
273 * This is necessary because creating a filename requires the directory's
274 * encryption key, but just checking for the key on the directory inode during
275 * the final filesystem operation doesn't guarantee that the key was available
276 * during the preceding dentry lookup. And the key must have already been
277 * available during the dentry lookup in order for it to have been checked
278 * whether the filename already exists in the directory and for the new file's
279 * dentry not to be invalidated due to it incorrectly having the no-key flag.
280 *
281 * Return: %true if the dentry is a no-key name
282 */
fscrypt_is_nokey_name(const struct dentry * dentry)283 static inline bool fscrypt_is_nokey_name(const struct dentry *dentry)
284 {
285 return dentry->d_flags & DCACHE_NOKEY_NAME;
286 }
287
fscrypt_prepare_dentry(struct dentry * dentry,bool is_nokey_name)288 static inline void fscrypt_prepare_dentry(struct dentry *dentry,
289 bool is_nokey_name)
290 {
291 /*
292 * This code tries to only take ->d_lock when necessary to write
293 * to ->d_flags. We shouldn't be peeking on d_flags for
294 * DCACHE_OP_REVALIDATE unlocked, but in the unlikely case
295 * there is a race, the worst it can happen is that we fail to
296 * unset DCACHE_OP_REVALIDATE and pay the cost of an extra
297 * d_revalidate.
298 */
299 if (is_nokey_name) {
300 spin_lock(&dentry->d_lock);
301 dentry->d_flags |= DCACHE_NOKEY_NAME;
302 spin_unlock(&dentry->d_lock);
303 } else if (dentry->d_flags & DCACHE_OP_REVALIDATE &&
304 dentry->d_op->d_revalidate == fscrypt_d_revalidate) {
305 /*
306 * Unencrypted dentries and encrypted dentries where the
307 * key is available are always valid from fscrypt
308 * perspective. Avoid the cost of calling
309 * fscrypt_d_revalidate unnecessarily.
310 */
311 spin_lock(&dentry->d_lock);
312 dentry->d_flags &= ~DCACHE_OP_REVALIDATE;
313 spin_unlock(&dentry->d_lock);
314 }
315 }
316
317 /* crypto.c */
318 void fscrypt_enqueue_decrypt_work(struct work_struct *);
319
320 struct page *fscrypt_encrypt_pagecache_blocks(struct page *page,
321 unsigned int len,
322 unsigned int offs,
323 gfp_t gfp_flags);
324 int fscrypt_encrypt_block_inplace(const struct inode *inode, struct page *page,
325 unsigned int len, unsigned int offs,
326 u64 lblk_num, gfp_t gfp_flags);
327
328 int fscrypt_decrypt_pagecache_blocks(struct folio *folio, size_t len,
329 size_t offs);
330 int fscrypt_decrypt_block_inplace(const struct inode *inode, struct page *page,
331 unsigned int len, unsigned int offs,
332 u64 lblk_num);
333
fscrypt_is_bounce_page(struct page * page)334 static inline bool fscrypt_is_bounce_page(struct page *page)
335 {
336 return page->mapping == NULL;
337 }
338
fscrypt_pagecache_page(struct page * bounce_page)339 static inline struct page *fscrypt_pagecache_page(struct page *bounce_page)
340 {
341 return (struct page *)page_private(bounce_page);
342 }
343
fscrypt_is_bounce_folio(struct folio * folio)344 static inline bool fscrypt_is_bounce_folio(struct folio *folio)
345 {
346 return folio->mapping == NULL;
347 }
348
fscrypt_pagecache_folio(struct folio * bounce_folio)349 static inline struct folio *fscrypt_pagecache_folio(struct folio *bounce_folio)
350 {
351 return bounce_folio->private;
352 }
353
354 void fscrypt_free_bounce_page(struct page *bounce_page);
355
356 /* policy.c */
357 int fscrypt_ioctl_set_policy(struct file *filp, const void __user *arg);
358 int fscrypt_ioctl_get_policy(struct file *filp, void __user *arg);
359 int fscrypt_ioctl_get_policy_ex(struct file *filp, void __user *arg);
360 int fscrypt_ioctl_get_nonce(struct file *filp, void __user *arg);
361 int fscrypt_has_permitted_context(struct inode *parent, struct inode *child);
362 int fscrypt_context_for_new_inode(void *ctx, struct inode *inode);
363 int fscrypt_set_context(struct inode *inode, void *fs_data);
364
365 struct fscrypt_dummy_policy {
366 const union fscrypt_policy *policy;
367 };
368
369 int fscrypt_parse_test_dummy_encryption(const struct fs_parameter *param,
370 struct fscrypt_dummy_policy *dummy_policy);
371 bool fscrypt_dummy_policies_equal(const struct fscrypt_dummy_policy *p1,
372 const struct fscrypt_dummy_policy *p2);
373 void fscrypt_show_test_dummy_encryption(struct seq_file *seq, char sep,
374 struct super_block *sb);
375 static inline bool
fscrypt_is_dummy_policy_set(const struct fscrypt_dummy_policy * dummy_policy)376 fscrypt_is_dummy_policy_set(const struct fscrypt_dummy_policy *dummy_policy)
377 {
378 return dummy_policy->policy != NULL;
379 }
380 static inline void
fscrypt_free_dummy_policy(struct fscrypt_dummy_policy * dummy_policy)381 fscrypt_free_dummy_policy(struct fscrypt_dummy_policy *dummy_policy)
382 {
383 kfree(dummy_policy->policy);
384 dummy_policy->policy = NULL;
385 }
386
387 /* keyring.c */
388 void fscrypt_destroy_keyring(struct super_block *sb);
389 int fscrypt_ioctl_add_key(struct file *filp, void __user *arg);
390 int fscrypt_ioctl_remove_key(struct file *filp, void __user *arg);
391 int fscrypt_ioctl_remove_key_all_users(struct file *filp, void __user *arg);
392 int fscrypt_ioctl_get_key_status(struct file *filp, void __user *arg);
393
394 /* keysetup.c */
395 int fscrypt_prepare_new_inode(struct inode *dir, struct inode *inode,
396 bool *encrypt_ret);
397 void fscrypt_put_encryption_info(struct inode *inode);
398 void fscrypt_free_inode(struct inode *inode);
399 int fscrypt_drop_inode(struct inode *inode);
400
401 /* fname.c */
402 int fscrypt_fname_encrypt(const struct inode *inode, const struct qstr *iname,
403 u8 *out, unsigned int olen);
404 bool fscrypt_fname_encrypted_size(const struct inode *inode, u32 orig_len,
405 u32 max_len, u32 *encrypted_len_ret);
406 int fscrypt_setup_filename(struct inode *inode, const struct qstr *iname,
407 int lookup, struct fscrypt_name *fname);
408
fscrypt_free_filename(struct fscrypt_name * fname)409 static inline void fscrypt_free_filename(struct fscrypt_name *fname)
410 {
411 kfree(fname->crypto_buf.name);
412 }
413
414 int fscrypt_fname_alloc_buffer(u32 max_encrypted_len,
415 struct fscrypt_str *crypto_str);
416 void fscrypt_fname_free_buffer(struct fscrypt_str *crypto_str);
417 int fscrypt_fname_disk_to_usr(const struct inode *inode,
418 u32 hash, u32 minor_hash,
419 const struct fscrypt_str *iname,
420 struct fscrypt_str *oname);
421 bool fscrypt_match_name(const struct fscrypt_name *fname,
422 const u8 *de_name, u32 de_name_len);
423 u64 fscrypt_fname_siphash(const struct inode *dir, const struct qstr *name);
424
425 /* bio.c */
426 bool fscrypt_decrypt_bio(struct bio *bio);
427 int fscrypt_zeroout_range(const struct inode *inode, pgoff_t lblk,
428 sector_t pblk, unsigned int len);
429
430 /* hooks.c */
431 int fscrypt_file_open(struct inode *inode, struct file *filp);
432 int __fscrypt_prepare_link(struct inode *inode, struct inode *dir,
433 struct dentry *dentry);
434 int __fscrypt_prepare_rename(struct inode *old_dir, struct dentry *old_dentry,
435 struct inode *new_dir, struct dentry *new_dentry,
436 unsigned int flags);
437 int __fscrypt_prepare_lookup(struct inode *dir, struct dentry *dentry,
438 struct fscrypt_name *fname);
439 int fscrypt_prepare_lookup_partial(struct inode *dir, struct dentry *dentry);
440 int __fscrypt_prepare_readdir(struct inode *dir);
441 int __fscrypt_prepare_setattr(struct dentry *dentry, struct iattr *attr);
442 int fscrypt_prepare_setflags(struct inode *inode,
443 unsigned int oldflags, unsigned int flags);
444 int fscrypt_prepare_symlink(struct inode *dir, const char *target,
445 unsigned int len, unsigned int max_len,
446 struct fscrypt_str *disk_link);
447 int __fscrypt_encrypt_symlink(struct inode *inode, const char *target,
448 unsigned int len, struct fscrypt_str *disk_link);
449 const char *fscrypt_get_symlink(struct inode *inode, const void *caddr,
450 unsigned int max_size,
451 struct delayed_call *done);
452 int fscrypt_symlink_getattr(const struct path *path, struct kstat *stat);
fscrypt_set_ops(struct super_block * sb,const struct fscrypt_operations * s_cop)453 static inline void fscrypt_set_ops(struct super_block *sb,
454 const struct fscrypt_operations *s_cop)
455 {
456 sb->s_cop = s_cop;
457 }
458 #else /* !CONFIG_FS_ENCRYPTION */
459
460 static inline struct fscrypt_inode_info *
fscrypt_get_inode_info(const struct inode * inode)461 fscrypt_get_inode_info(const struct inode *inode)
462 {
463 return NULL;
464 }
465
fscrypt_needs_contents_encryption(const struct inode * inode)466 static inline bool fscrypt_needs_contents_encryption(const struct inode *inode)
467 {
468 return false;
469 }
470
fscrypt_handle_d_move(struct dentry * dentry)471 static inline void fscrypt_handle_d_move(struct dentry *dentry)
472 {
473 }
474
fscrypt_is_nokey_name(const struct dentry * dentry)475 static inline bool fscrypt_is_nokey_name(const struct dentry *dentry)
476 {
477 return false;
478 }
479
fscrypt_prepare_dentry(struct dentry * dentry,bool is_nokey_name)480 static inline void fscrypt_prepare_dentry(struct dentry *dentry,
481 bool is_nokey_name)
482 {
483 }
484
485 /* crypto.c */
fscrypt_enqueue_decrypt_work(struct work_struct * work)486 static inline void fscrypt_enqueue_decrypt_work(struct work_struct *work)
487 {
488 }
489
fscrypt_encrypt_pagecache_blocks(struct page * page,unsigned int len,unsigned int offs,gfp_t gfp_flags)490 static inline struct page *fscrypt_encrypt_pagecache_blocks(struct page *page,
491 unsigned int len,
492 unsigned int offs,
493 gfp_t gfp_flags)
494 {
495 return ERR_PTR(-EOPNOTSUPP);
496 }
497
fscrypt_encrypt_block_inplace(const struct inode * inode,struct page * page,unsigned int len,unsigned int offs,u64 lblk_num,gfp_t gfp_flags)498 static inline int fscrypt_encrypt_block_inplace(const struct inode *inode,
499 struct page *page,
500 unsigned int len,
501 unsigned int offs, u64 lblk_num,
502 gfp_t gfp_flags)
503 {
504 return -EOPNOTSUPP;
505 }
506
fscrypt_decrypt_pagecache_blocks(struct folio * folio,size_t len,size_t offs)507 static inline int fscrypt_decrypt_pagecache_blocks(struct folio *folio,
508 size_t len, size_t offs)
509 {
510 return -EOPNOTSUPP;
511 }
512
fscrypt_decrypt_block_inplace(const struct inode * inode,struct page * page,unsigned int len,unsigned int offs,u64 lblk_num)513 static inline int fscrypt_decrypt_block_inplace(const struct inode *inode,
514 struct page *page,
515 unsigned int len,
516 unsigned int offs, u64 lblk_num)
517 {
518 return -EOPNOTSUPP;
519 }
520
fscrypt_is_bounce_page(struct page * page)521 static inline bool fscrypt_is_bounce_page(struct page *page)
522 {
523 return false;
524 }
525
fscrypt_pagecache_page(struct page * bounce_page)526 static inline struct page *fscrypt_pagecache_page(struct page *bounce_page)
527 {
528 WARN_ON_ONCE(1);
529 return ERR_PTR(-EINVAL);
530 }
531
fscrypt_is_bounce_folio(struct folio * folio)532 static inline bool fscrypt_is_bounce_folio(struct folio *folio)
533 {
534 return false;
535 }
536
fscrypt_pagecache_folio(struct folio * bounce_folio)537 static inline struct folio *fscrypt_pagecache_folio(struct folio *bounce_folio)
538 {
539 WARN_ON_ONCE(1);
540 return ERR_PTR(-EINVAL);
541 }
542
fscrypt_free_bounce_page(struct page * bounce_page)543 static inline void fscrypt_free_bounce_page(struct page *bounce_page)
544 {
545 }
546
547 /* policy.c */
fscrypt_ioctl_set_policy(struct file * filp,const void __user * arg)548 static inline int fscrypt_ioctl_set_policy(struct file *filp,
549 const void __user *arg)
550 {
551 return -EOPNOTSUPP;
552 }
553
fscrypt_ioctl_get_policy(struct file * filp,void __user * arg)554 static inline int fscrypt_ioctl_get_policy(struct file *filp, void __user *arg)
555 {
556 return -EOPNOTSUPP;
557 }
558
fscrypt_ioctl_get_policy_ex(struct file * filp,void __user * arg)559 static inline int fscrypt_ioctl_get_policy_ex(struct file *filp,
560 void __user *arg)
561 {
562 return -EOPNOTSUPP;
563 }
564
fscrypt_ioctl_get_nonce(struct file * filp,void __user * arg)565 static inline int fscrypt_ioctl_get_nonce(struct file *filp, void __user *arg)
566 {
567 return -EOPNOTSUPP;
568 }
569
fscrypt_has_permitted_context(struct inode * parent,struct inode * child)570 static inline int fscrypt_has_permitted_context(struct inode *parent,
571 struct inode *child)
572 {
573 return 0;
574 }
575
fscrypt_set_context(struct inode * inode,void * fs_data)576 static inline int fscrypt_set_context(struct inode *inode, void *fs_data)
577 {
578 return -EOPNOTSUPP;
579 }
580
581 struct fscrypt_dummy_policy {
582 };
583
584 static inline int
fscrypt_parse_test_dummy_encryption(const struct fs_parameter * param,struct fscrypt_dummy_policy * dummy_policy)585 fscrypt_parse_test_dummy_encryption(const struct fs_parameter *param,
586 struct fscrypt_dummy_policy *dummy_policy)
587 {
588 return -EINVAL;
589 }
590
591 static inline bool
fscrypt_dummy_policies_equal(const struct fscrypt_dummy_policy * p1,const struct fscrypt_dummy_policy * p2)592 fscrypt_dummy_policies_equal(const struct fscrypt_dummy_policy *p1,
593 const struct fscrypt_dummy_policy *p2)
594 {
595 return true;
596 }
597
fscrypt_show_test_dummy_encryption(struct seq_file * seq,char sep,struct super_block * sb)598 static inline void fscrypt_show_test_dummy_encryption(struct seq_file *seq,
599 char sep,
600 struct super_block *sb)
601 {
602 }
603
604 static inline bool
fscrypt_is_dummy_policy_set(const struct fscrypt_dummy_policy * dummy_policy)605 fscrypt_is_dummy_policy_set(const struct fscrypt_dummy_policy *dummy_policy)
606 {
607 return false;
608 }
609
610 static inline void
fscrypt_free_dummy_policy(struct fscrypt_dummy_policy * dummy_policy)611 fscrypt_free_dummy_policy(struct fscrypt_dummy_policy *dummy_policy)
612 {
613 }
614
615 /* keyring.c */
fscrypt_destroy_keyring(struct super_block * sb)616 static inline void fscrypt_destroy_keyring(struct super_block *sb)
617 {
618 }
619
fscrypt_ioctl_add_key(struct file * filp,void __user * arg)620 static inline int fscrypt_ioctl_add_key(struct file *filp, void __user *arg)
621 {
622 return -EOPNOTSUPP;
623 }
624
fscrypt_ioctl_remove_key(struct file * filp,void __user * arg)625 static inline int fscrypt_ioctl_remove_key(struct file *filp, void __user *arg)
626 {
627 return -EOPNOTSUPP;
628 }
629
fscrypt_ioctl_remove_key_all_users(struct file * filp,void __user * arg)630 static inline int fscrypt_ioctl_remove_key_all_users(struct file *filp,
631 void __user *arg)
632 {
633 return -EOPNOTSUPP;
634 }
635
fscrypt_ioctl_get_key_status(struct file * filp,void __user * arg)636 static inline int fscrypt_ioctl_get_key_status(struct file *filp,
637 void __user *arg)
638 {
639 return -EOPNOTSUPP;
640 }
641
642 /* keysetup.c */
643
fscrypt_prepare_new_inode(struct inode * dir,struct inode * inode,bool * encrypt_ret)644 static inline int fscrypt_prepare_new_inode(struct inode *dir,
645 struct inode *inode,
646 bool *encrypt_ret)
647 {
648 if (IS_ENCRYPTED(dir))
649 return -EOPNOTSUPP;
650 return 0;
651 }
652
fscrypt_put_encryption_info(struct inode * inode)653 static inline void fscrypt_put_encryption_info(struct inode *inode)
654 {
655 return;
656 }
657
fscrypt_free_inode(struct inode * inode)658 static inline void fscrypt_free_inode(struct inode *inode)
659 {
660 }
661
fscrypt_drop_inode(struct inode * inode)662 static inline int fscrypt_drop_inode(struct inode *inode)
663 {
664 return 0;
665 }
666
667 /* fname.c */
fscrypt_setup_filename(struct inode * dir,const struct qstr * iname,int lookup,struct fscrypt_name * fname)668 static inline int fscrypt_setup_filename(struct inode *dir,
669 const struct qstr *iname,
670 int lookup, struct fscrypt_name *fname)
671 {
672 if (IS_ENCRYPTED(dir))
673 return -EOPNOTSUPP;
674
675 memset(fname, 0, sizeof(*fname));
676 fname->usr_fname = iname;
677 fname->disk_name.name = (unsigned char *)iname->name;
678 fname->disk_name.len = iname->len;
679 return 0;
680 }
681
fscrypt_free_filename(struct fscrypt_name * fname)682 static inline void fscrypt_free_filename(struct fscrypt_name *fname)
683 {
684 return;
685 }
686
fscrypt_fname_alloc_buffer(u32 max_encrypted_len,struct fscrypt_str * crypto_str)687 static inline int fscrypt_fname_alloc_buffer(u32 max_encrypted_len,
688 struct fscrypt_str *crypto_str)
689 {
690 return -EOPNOTSUPP;
691 }
692
fscrypt_fname_free_buffer(struct fscrypt_str * crypto_str)693 static inline void fscrypt_fname_free_buffer(struct fscrypt_str *crypto_str)
694 {
695 return;
696 }
697
fscrypt_fname_disk_to_usr(const struct inode * inode,u32 hash,u32 minor_hash,const struct fscrypt_str * iname,struct fscrypt_str * oname)698 static inline int fscrypt_fname_disk_to_usr(const struct inode *inode,
699 u32 hash, u32 minor_hash,
700 const struct fscrypt_str *iname,
701 struct fscrypt_str *oname)
702 {
703 return -EOPNOTSUPP;
704 }
705
fscrypt_match_name(const struct fscrypt_name * fname,const u8 * de_name,u32 de_name_len)706 static inline bool fscrypt_match_name(const struct fscrypt_name *fname,
707 const u8 *de_name, u32 de_name_len)
708 {
709 /* Encryption support disabled; use standard comparison */
710 if (de_name_len != fname->disk_name.len)
711 return false;
712 return !memcmp(de_name, fname->disk_name.name, fname->disk_name.len);
713 }
714
fscrypt_fname_siphash(const struct inode * dir,const struct qstr * name)715 static inline u64 fscrypt_fname_siphash(const struct inode *dir,
716 const struct qstr *name)
717 {
718 WARN_ON_ONCE(1);
719 return 0;
720 }
721
fscrypt_d_revalidate(struct dentry * dentry,unsigned int flags)722 static inline int fscrypt_d_revalidate(struct dentry *dentry,
723 unsigned int flags)
724 {
725 return 1;
726 }
727
728 /* bio.c */
fscrypt_decrypt_bio(struct bio * bio)729 static inline bool fscrypt_decrypt_bio(struct bio *bio)
730 {
731 return true;
732 }
733
fscrypt_zeroout_range(const struct inode * inode,pgoff_t lblk,sector_t pblk,unsigned int len)734 static inline int fscrypt_zeroout_range(const struct inode *inode, pgoff_t lblk,
735 sector_t pblk, unsigned int len)
736 {
737 return -EOPNOTSUPP;
738 }
739
740 /* hooks.c */
741
fscrypt_file_open(struct inode * inode,struct file * filp)742 static inline int fscrypt_file_open(struct inode *inode, struct file *filp)
743 {
744 if (IS_ENCRYPTED(inode))
745 return -EOPNOTSUPP;
746 return 0;
747 }
748
__fscrypt_prepare_link(struct inode * inode,struct inode * dir,struct dentry * dentry)749 static inline int __fscrypt_prepare_link(struct inode *inode, struct inode *dir,
750 struct dentry *dentry)
751 {
752 return -EOPNOTSUPP;
753 }
754
__fscrypt_prepare_rename(struct inode * old_dir,struct dentry * old_dentry,struct inode * new_dir,struct dentry * new_dentry,unsigned int flags)755 static inline int __fscrypt_prepare_rename(struct inode *old_dir,
756 struct dentry *old_dentry,
757 struct inode *new_dir,
758 struct dentry *new_dentry,
759 unsigned int flags)
760 {
761 return -EOPNOTSUPP;
762 }
763
__fscrypt_prepare_lookup(struct inode * dir,struct dentry * dentry,struct fscrypt_name * fname)764 static inline int __fscrypt_prepare_lookup(struct inode *dir,
765 struct dentry *dentry,
766 struct fscrypt_name *fname)
767 {
768 return -EOPNOTSUPP;
769 }
770
fscrypt_prepare_lookup_partial(struct inode * dir,struct dentry * dentry)771 static inline int fscrypt_prepare_lookup_partial(struct inode *dir,
772 struct dentry *dentry)
773 {
774 return -EOPNOTSUPP;
775 }
776
__fscrypt_prepare_readdir(struct inode * dir)777 static inline int __fscrypt_prepare_readdir(struct inode *dir)
778 {
779 return -EOPNOTSUPP;
780 }
781
__fscrypt_prepare_setattr(struct dentry * dentry,struct iattr * attr)782 static inline int __fscrypt_prepare_setattr(struct dentry *dentry,
783 struct iattr *attr)
784 {
785 return -EOPNOTSUPP;
786 }
787
fscrypt_prepare_setflags(struct inode * inode,unsigned int oldflags,unsigned int flags)788 static inline int fscrypt_prepare_setflags(struct inode *inode,
789 unsigned int oldflags,
790 unsigned int flags)
791 {
792 return 0;
793 }
794
fscrypt_prepare_symlink(struct inode * dir,const char * target,unsigned int len,unsigned int max_len,struct fscrypt_str * disk_link)795 static inline int fscrypt_prepare_symlink(struct inode *dir,
796 const char *target,
797 unsigned int len,
798 unsigned int max_len,
799 struct fscrypt_str *disk_link)
800 {
801 if (IS_ENCRYPTED(dir))
802 return -EOPNOTSUPP;
803 disk_link->name = (unsigned char *)target;
804 disk_link->len = len + 1;
805 if (disk_link->len > max_len)
806 return -ENAMETOOLONG;
807 return 0;
808 }
809
__fscrypt_encrypt_symlink(struct inode * inode,const char * target,unsigned int len,struct fscrypt_str * disk_link)810 static inline int __fscrypt_encrypt_symlink(struct inode *inode,
811 const char *target,
812 unsigned int len,
813 struct fscrypt_str *disk_link)
814 {
815 return -EOPNOTSUPP;
816 }
817
fscrypt_get_symlink(struct inode * inode,const void * caddr,unsigned int max_size,struct delayed_call * done)818 static inline const char *fscrypt_get_symlink(struct inode *inode,
819 const void *caddr,
820 unsigned int max_size,
821 struct delayed_call *done)
822 {
823 return ERR_PTR(-EOPNOTSUPP);
824 }
825
fscrypt_symlink_getattr(const struct path * path,struct kstat * stat)826 static inline int fscrypt_symlink_getattr(const struct path *path,
827 struct kstat *stat)
828 {
829 return -EOPNOTSUPP;
830 }
831
fscrypt_set_ops(struct super_block * sb,const struct fscrypt_operations * s_cop)832 static inline void fscrypt_set_ops(struct super_block *sb,
833 const struct fscrypt_operations *s_cop)
834 {
835 }
836
837 #endif /* !CONFIG_FS_ENCRYPTION */
838
839 /* inline_crypt.c */
840 #ifdef CONFIG_FS_ENCRYPTION_INLINE_CRYPT
841
842 bool __fscrypt_inode_uses_inline_crypto(const struct inode *inode);
843
844 void fscrypt_set_bio_crypt_ctx(struct bio *bio,
845 const struct inode *inode, u64 first_lblk,
846 gfp_t gfp_mask);
847
848 void fscrypt_set_bio_crypt_ctx_bh(struct bio *bio,
849 const struct buffer_head *first_bh,
850 gfp_t gfp_mask);
851
852 bool fscrypt_mergeable_bio(struct bio *bio, const struct inode *inode,
853 u64 next_lblk);
854
855 bool fscrypt_mergeable_bio_bh(struct bio *bio,
856 const struct buffer_head *next_bh);
857
858 bool fscrypt_dio_supported(struct inode *inode);
859
860 u64 fscrypt_limit_io_blocks(const struct inode *inode, u64 lblk, u64 nr_blocks);
861
862 #else /* CONFIG_FS_ENCRYPTION_INLINE_CRYPT */
863
__fscrypt_inode_uses_inline_crypto(const struct inode * inode)864 static inline bool __fscrypt_inode_uses_inline_crypto(const struct inode *inode)
865 {
866 return false;
867 }
868
fscrypt_set_bio_crypt_ctx(struct bio * bio,const struct inode * inode,u64 first_lblk,gfp_t gfp_mask)869 static inline void fscrypt_set_bio_crypt_ctx(struct bio *bio,
870 const struct inode *inode,
871 u64 first_lblk, gfp_t gfp_mask) { }
872
fscrypt_set_bio_crypt_ctx_bh(struct bio * bio,const struct buffer_head * first_bh,gfp_t gfp_mask)873 static inline void fscrypt_set_bio_crypt_ctx_bh(
874 struct bio *bio,
875 const struct buffer_head *first_bh,
876 gfp_t gfp_mask) { }
877
fscrypt_mergeable_bio(struct bio * bio,const struct inode * inode,u64 next_lblk)878 static inline bool fscrypt_mergeable_bio(struct bio *bio,
879 const struct inode *inode,
880 u64 next_lblk)
881 {
882 return true;
883 }
884
fscrypt_mergeable_bio_bh(struct bio * bio,const struct buffer_head * next_bh)885 static inline bool fscrypt_mergeable_bio_bh(struct bio *bio,
886 const struct buffer_head *next_bh)
887 {
888 return true;
889 }
890
fscrypt_dio_supported(struct inode * inode)891 static inline bool fscrypt_dio_supported(struct inode *inode)
892 {
893 return !fscrypt_needs_contents_encryption(inode);
894 }
895
fscrypt_limit_io_blocks(const struct inode * inode,u64 lblk,u64 nr_blocks)896 static inline u64 fscrypt_limit_io_blocks(const struct inode *inode, u64 lblk,
897 u64 nr_blocks)
898 {
899 return nr_blocks;
900 }
901 #endif /* !CONFIG_FS_ENCRYPTION_INLINE_CRYPT */
902
903 #if IS_ENABLED(CONFIG_FS_ENCRYPTION) && IS_ENABLED(CONFIG_DM_DEFAULT_KEY)
904 static inline bool
fscrypt_inode_should_skip_dm_default_key(const struct inode * inode)905 fscrypt_inode_should_skip_dm_default_key(const struct inode *inode)
906 {
907 return IS_ENCRYPTED(inode) && S_ISREG(inode->i_mode);
908 }
909 #else
910 static inline bool
fscrypt_inode_should_skip_dm_default_key(const struct inode * inode)911 fscrypt_inode_should_skip_dm_default_key(const struct inode *inode)
912 {
913 return false;
914 }
915 #endif
916
917 /**
918 * fscrypt_inode_uses_inline_crypto() - test whether an inode uses inline
919 * encryption
920 * @inode: an inode. If encrypted, its key must be set up.
921 *
922 * Return: true if the inode requires file contents encryption and if the
923 * encryption should be done in the block layer via blk-crypto rather
924 * than in the filesystem layer.
925 */
fscrypt_inode_uses_inline_crypto(const struct inode * inode)926 static inline bool fscrypt_inode_uses_inline_crypto(const struct inode *inode)
927 {
928 return fscrypt_needs_contents_encryption(inode) &&
929 __fscrypt_inode_uses_inline_crypto(inode);
930 }
931
932 /**
933 * fscrypt_inode_uses_fs_layer_crypto() - test whether an inode uses fs-layer
934 * encryption
935 * @inode: an inode. If encrypted, its key must be set up.
936 *
937 * Return: true if the inode requires file contents encryption and if the
938 * encryption should be done in the filesystem layer rather than in the
939 * block layer via blk-crypto.
940 */
fscrypt_inode_uses_fs_layer_crypto(const struct inode * inode)941 static inline bool fscrypt_inode_uses_fs_layer_crypto(const struct inode *inode)
942 {
943 return fscrypt_needs_contents_encryption(inode) &&
944 !__fscrypt_inode_uses_inline_crypto(inode);
945 }
946
947 /**
948 * fscrypt_has_encryption_key() - check whether an inode has had its key set up
949 * @inode: the inode to check
950 *
951 * Return: %true if the inode has had its encryption key set up, else %false.
952 *
953 * Usually this should be preceded by fscrypt_get_encryption_info() to try to
954 * set up the key first.
955 */
fscrypt_has_encryption_key(const struct inode * inode)956 static inline bool fscrypt_has_encryption_key(const struct inode *inode)
957 {
958 return fscrypt_get_inode_info(inode) != NULL;
959 }
960
961 /**
962 * fscrypt_prepare_link() - prepare to link an inode into a possibly-encrypted
963 * directory
964 * @old_dentry: an existing dentry for the inode being linked
965 * @dir: the target directory
966 * @dentry: negative dentry for the target filename
967 *
968 * A new link can only be added to an encrypted directory if the directory's
969 * encryption key is available --- since otherwise we'd have no way to encrypt
970 * the filename.
971 *
972 * We also verify that the link will not violate the constraint that all files
973 * in an encrypted directory tree use the same encryption policy.
974 *
975 * Return: 0 on success, -ENOKEY if the directory's encryption key is missing,
976 * -EXDEV if the link would result in an inconsistent encryption policy, or
977 * another -errno code.
978 */
fscrypt_prepare_link(struct dentry * old_dentry,struct inode * dir,struct dentry * dentry)979 static inline int fscrypt_prepare_link(struct dentry *old_dentry,
980 struct inode *dir,
981 struct dentry *dentry)
982 {
983 if (IS_ENCRYPTED(dir))
984 return __fscrypt_prepare_link(d_inode(old_dentry), dir, dentry);
985 return 0;
986 }
987
988 /**
989 * fscrypt_prepare_rename() - prepare for a rename between possibly-encrypted
990 * directories
991 * @old_dir: source directory
992 * @old_dentry: dentry for source file
993 * @new_dir: target directory
994 * @new_dentry: dentry for target location (may be negative unless exchanging)
995 * @flags: rename flags (we care at least about %RENAME_EXCHANGE)
996 *
997 * Prepare for ->rename() where the source and/or target directories may be
998 * encrypted. A new link can only be added to an encrypted directory if the
999 * directory's encryption key is available --- since otherwise we'd have no way
1000 * to encrypt the filename. A rename to an existing name, on the other hand,
1001 * *is* cryptographically possible without the key. However, we take the more
1002 * conservative approach and just forbid all no-key renames.
1003 *
1004 * We also verify that the rename will not violate the constraint that all files
1005 * in an encrypted directory tree use the same encryption policy.
1006 *
1007 * Return: 0 on success, -ENOKEY if an encryption key is missing, -EXDEV if the
1008 * rename would cause inconsistent encryption policies, or another -errno code.
1009 */
fscrypt_prepare_rename(struct inode * old_dir,struct dentry * old_dentry,struct inode * new_dir,struct dentry * new_dentry,unsigned int flags)1010 static inline int fscrypt_prepare_rename(struct inode *old_dir,
1011 struct dentry *old_dentry,
1012 struct inode *new_dir,
1013 struct dentry *new_dentry,
1014 unsigned int flags)
1015 {
1016 if (IS_ENCRYPTED(old_dir) || IS_ENCRYPTED(new_dir))
1017 return __fscrypt_prepare_rename(old_dir, old_dentry,
1018 new_dir, new_dentry, flags);
1019 return 0;
1020 }
1021
1022 /**
1023 * fscrypt_prepare_lookup() - prepare to lookup a name in a possibly-encrypted
1024 * directory
1025 * @dir: directory being searched
1026 * @dentry: filename being looked up
1027 * @fname: (output) the name to use to search the on-disk directory
1028 *
1029 * Prepare for ->lookup() in a directory which may be encrypted by determining
1030 * the name that will actually be used to search the directory on-disk. If the
1031 * directory's encryption policy is supported by this kernel and its encryption
1032 * key is available, then the lookup is assumed to be by plaintext name;
1033 * otherwise, it is assumed to be by no-key name.
1034 *
1035 * This will set DCACHE_NOKEY_NAME on the dentry if the lookup is by no-key
1036 * name. In this case the filesystem must assign the dentry a dentry_operations
1037 * which contains fscrypt_d_revalidate (or contains a d_revalidate method that
1038 * calls fscrypt_d_revalidate), so that the dentry will be invalidated if the
1039 * directory's encryption key is later added.
1040 *
1041 * Return: 0 on success; -ENOENT if the directory's key is unavailable but the
1042 * filename isn't a valid no-key name, so a negative dentry should be created;
1043 * or another -errno code.
1044 */
fscrypt_prepare_lookup(struct inode * dir,struct dentry * dentry,struct fscrypt_name * fname)1045 static inline int fscrypt_prepare_lookup(struct inode *dir,
1046 struct dentry *dentry,
1047 struct fscrypt_name *fname)
1048 {
1049 if (IS_ENCRYPTED(dir))
1050 return __fscrypt_prepare_lookup(dir, dentry, fname);
1051
1052 memset(fname, 0, sizeof(*fname));
1053 fname->usr_fname = &dentry->d_name;
1054 fname->disk_name.name = (unsigned char *)dentry->d_name.name;
1055 fname->disk_name.len = dentry->d_name.len;
1056
1057 fscrypt_prepare_dentry(dentry, false);
1058
1059 return 0;
1060 }
1061
1062 /**
1063 * fscrypt_prepare_readdir() - prepare to read a possibly-encrypted directory
1064 * @dir: the directory inode
1065 *
1066 * If the directory is encrypted and it doesn't already have its encryption key
1067 * set up, try to set it up so that the filenames will be listed in plaintext
1068 * form rather than in no-key form.
1069 *
1070 * Return: 0 on success; -errno on error. Note that the encryption key being
1071 * unavailable is not considered an error. It is also not an error if
1072 * the encryption policy is unsupported by this kernel; that is treated
1073 * like the key being unavailable, so that files can still be deleted.
1074 */
fscrypt_prepare_readdir(struct inode * dir)1075 static inline int fscrypt_prepare_readdir(struct inode *dir)
1076 {
1077 if (IS_ENCRYPTED(dir))
1078 return __fscrypt_prepare_readdir(dir);
1079 return 0;
1080 }
1081
1082 /**
1083 * fscrypt_prepare_setattr() - prepare to change a possibly-encrypted inode's
1084 * attributes
1085 * @dentry: dentry through which the inode is being changed
1086 * @attr: attributes to change
1087 *
1088 * Prepare for ->setattr() on a possibly-encrypted inode. On an encrypted file,
1089 * most attribute changes are allowed even without the encryption key. However,
1090 * without the encryption key we do have to forbid truncates. This is needed
1091 * because the size being truncated to may not be a multiple of the filesystem
1092 * block size, and in that case we'd have to decrypt the final block, zero the
1093 * portion past i_size, and re-encrypt it. (We *could* allow truncating to a
1094 * filesystem block boundary, but it's simpler to just forbid all truncates ---
1095 * and we already forbid all other contents modifications without the key.)
1096 *
1097 * Return: 0 on success, -ENOKEY if the key is missing, or another -errno code
1098 * if a problem occurred while setting up the encryption key.
1099 */
fscrypt_prepare_setattr(struct dentry * dentry,struct iattr * attr)1100 static inline int fscrypt_prepare_setattr(struct dentry *dentry,
1101 struct iattr *attr)
1102 {
1103 if (IS_ENCRYPTED(d_inode(dentry)))
1104 return __fscrypt_prepare_setattr(dentry, attr);
1105 return 0;
1106 }
1107
1108 /**
1109 * fscrypt_encrypt_symlink() - encrypt the symlink target if needed
1110 * @inode: symlink inode
1111 * @target: plaintext symlink target
1112 * @len: length of @target excluding null terminator
1113 * @disk_link: (in/out) the on-disk symlink target being prepared
1114 *
1115 * If the symlink target needs to be encrypted, then this function encrypts it
1116 * into @disk_link->name. fscrypt_prepare_symlink() must have been called
1117 * previously to compute @disk_link->len. If the filesystem did not allocate a
1118 * buffer for @disk_link->name after calling fscrypt_prepare_link(), then one
1119 * will be kmalloc()'ed and the filesystem will be responsible for freeing it.
1120 *
1121 * Return: 0 on success, -errno on failure
1122 */
fscrypt_encrypt_symlink(struct inode * inode,const char * target,unsigned int len,struct fscrypt_str * disk_link)1123 static inline int fscrypt_encrypt_symlink(struct inode *inode,
1124 const char *target,
1125 unsigned int len,
1126 struct fscrypt_str *disk_link)
1127 {
1128 if (IS_ENCRYPTED(inode))
1129 return __fscrypt_encrypt_symlink(inode, target, len, disk_link);
1130 return 0;
1131 }
1132
1133 /* If *pagep is a bounce page, free it and set *pagep to the pagecache page */
fscrypt_finalize_bounce_page(struct page ** pagep)1134 static inline void fscrypt_finalize_bounce_page(struct page **pagep)
1135 {
1136 struct page *page = *pagep;
1137
1138 if (fscrypt_is_bounce_page(page)) {
1139 *pagep = fscrypt_pagecache_page(page);
1140 fscrypt_free_bounce_page(page);
1141 }
1142 }
1143
1144 #endif /* _LINUX_FSCRYPT_H */
1145