LCOV - code coverage report
Current view: top level - include/linux - fscrypt.h (source / functions) Hit Total Coverage
Test: coverage.info Lines: 0 1 0.0 %
Date: 2023-04-06 08:38:28 Functions: 0 0 -

          Line data    Source code
       1             : /* SPDX-License-Identifier: GPL-2.0 */
       2             : /*
       3             :  * fscrypt.h: declarations for per-file encryption
       4             :  *
       5             :  * Filesystems that implement per-file encryption must include this header
       6             :  * file.
       7             :  *
       8             :  * Copyright (C) 2015, Google, Inc.
       9             :  *
      10             :  * Written by Michael Halcrow, 2015.
      11             :  * Modified by Jaegeuk Kim, 2015.
      12             :  */
      13             : #ifndef _LINUX_FSCRYPT_H
      14             : #define _LINUX_FSCRYPT_H
      15             : 
      16             : #include <linux/fs.h>
      17             : #include <linux/mm.h>
      18             : #include <linux/slab.h>
      19             : #include <uapi/linux/fscrypt.h>
      20             : 
      21             : /*
      22             :  * The lengths of all file contents blocks must be divisible by this value.
      23             :  * This is needed to ensure that all contents encryption modes will work, as
      24             :  * some of the supported modes don't support arbitrarily byte-aligned messages.
      25             :  *
      26             :  * Since the needed alignment is 16 bytes, most filesystems will meet this
      27             :  * requirement naturally, as typical block sizes are powers of 2.  However, if a
      28             :  * filesystem can generate arbitrarily byte-aligned block lengths (e.g., via
      29             :  * compression), then it will need to pad to this alignment before encryption.
      30             :  */
      31             : #define FSCRYPT_CONTENTS_ALIGNMENT 16
      32             : 
      33             : union fscrypt_policy;
      34             : struct fscrypt_info;
      35             : struct fs_parameter;
      36             : struct seq_file;
      37             : 
      38             : struct fscrypt_str {
      39             :         unsigned char *name;
      40             :         u32 len;
      41             : };
      42             : 
      43             : struct fscrypt_name {
      44             :         const struct qstr *usr_fname;
      45             :         struct fscrypt_str disk_name;
      46             :         u32 hash;
      47             :         u32 minor_hash;
      48             :         struct fscrypt_str crypto_buf;
      49             :         bool is_nokey_name;
      50             : };
      51             : 
      52             : #define FSTR_INIT(n, l)         { .name = n, .len = l }
      53             : #define FSTR_TO_QSTR(f)         QSTR_INIT((f)->name, (f)->len)
      54             : #define fname_name(p)           ((p)->disk_name.name)
      55             : #define fname_len(p)            ((p)->disk_name.len)
      56             : 
      57             : /* Maximum value for the third parameter of fscrypt_operations.set_context(). */
      58             : #define FSCRYPT_SET_CONTEXT_MAX_SIZE    40
      59             : 
      60             : #ifdef CONFIG_FS_ENCRYPTION
      61             : 
      62             : /*
      63             :  * If set, the fscrypt bounce page pool won't be allocated (unless another
      64             :  * filesystem needs it).  Set this if the filesystem always uses its own bounce
      65             :  * pages for writes and therefore won't need the fscrypt bounce page pool.
      66             :  */
      67             : #define FS_CFLG_OWN_PAGES (1U << 1)
      68             : 
      69             : /* Crypto operations for filesystems */
      70             : struct fscrypt_operations {
      71             : 
      72             :         /* Set of optional flags; see above for allowed flags */
      73             :         unsigned int flags;
      74             : 
      75             :         /*
      76             :          * If set, this is a filesystem-specific key description prefix that
      77             :          * will be accepted for "logon" keys for v1 fscrypt policies, in
      78             :          * addition to the generic prefix "fscrypt:".  This functionality is
      79             :          * deprecated, so new filesystems shouldn't set this field.
      80             :          */
      81             :         const char *key_prefix;
      82             : 
      83             :         /*
      84             :          * Get the fscrypt context of the given inode.
      85             :          *
      86             :          * @inode: the inode whose context to get
      87             :          * @ctx: the buffer into which to get the context
      88             :          * @len: length of the @ctx buffer in bytes
      89             :          *
      90             :          * Return: On success, returns the length of the context in bytes; this
      91             :          *         may be less than @len.  On failure, returns -ENODATA if the
      92             :          *         inode doesn't have a context, -ERANGE if the context is
      93             :          *         longer than @len, or another -errno code.
      94             :          */
      95             :         int (*get_context)(struct inode *inode, void *ctx, size_t len);
      96             : 
      97             :         /*
      98             :          * Set an fscrypt context on the given inode.
      99             :          *
     100             :          * @inode: the inode whose context to set.  The inode won't already have
     101             :          *         an fscrypt context.
     102             :          * @ctx: the context to set
     103             :          * @len: length of @ctx in bytes (at most FSCRYPT_SET_CONTEXT_MAX_SIZE)
     104             :          * @fs_data: If called from fscrypt_set_context(), this will be the
     105             :          *           value the filesystem passed to fscrypt_set_context().
     106             :          *           Otherwise (i.e. when called from
     107             :          *           FS_IOC_SET_ENCRYPTION_POLICY) this will be NULL.
     108             :          *
     109             :          * i_rwsem will be held for write.
     110             :          *
     111             :          * Return: 0 on success, -errno on failure.
     112             :          */
     113             :         int (*set_context)(struct inode *inode, const void *ctx, size_t len,
     114             :                            void *fs_data);
     115             : 
     116             :         /*
     117             :          * Get the dummy fscrypt policy in use on the filesystem (if any).
     118             :          *
     119             :          * Filesystems only need to implement this function if they support the
     120             :          * test_dummy_encryption mount option.
     121             :          *
     122             :          * Return: A pointer to the dummy fscrypt policy, if the filesystem is
     123             :          *         mounted with test_dummy_encryption; otherwise NULL.
     124             :          */
     125             :         const union fscrypt_policy *(*get_dummy_policy)(struct super_block *sb);
     126             : 
     127             :         /*
     128             :          * Check whether a directory is empty.  i_rwsem will be held for write.
     129             :          */
     130             :         bool (*empty_dir)(struct inode *inode);
     131             : 
     132             :         /*
     133             :          * Check whether the filesystem's inode numbers and UUID are stable,
     134             :          * meaning that they will never be changed even by offline operations
     135             :          * such as filesystem shrinking and therefore can be used in the
     136             :          * encryption without the possibility of files becoming unreadable.
     137             :          *
     138             :          * Filesystems only need to implement this function if they want to
     139             :          * support the FSCRYPT_POLICY_FLAG_IV_INO_LBLK_{32,64} flags.  These
     140             :          * flags are designed to work around the limitations of UFS and eMMC
     141             :          * inline crypto hardware, and they shouldn't be used in scenarios where
     142             :          * such hardware isn't being used.
     143             :          *
     144             :          * Leaving this NULL is equivalent to always returning false.
     145             :          */
     146             :         bool (*has_stable_inodes)(struct super_block *sb);
     147             : 
     148             :         /*
     149             :          * Get the number of bits that the filesystem uses to represent inode
     150             :          * numbers and file logical block numbers.
     151             :          *
     152             :          * By default, both of these are assumed to be 64-bit.  This function
     153             :          * can be implemented to declare that either or both of these numbers is
     154             :          * shorter, which may allow the use of the
     155             :          * FSCRYPT_POLICY_FLAG_IV_INO_LBLK_{32,64} flags and/or the use of
     156             :          * inline crypto hardware whose maximum DUN length is less than 64 bits
     157             :          * (e.g., eMMC v5.2 spec compliant hardware).  This function only needs
     158             :          * to be implemented if support for one of these features is needed.
     159             :          */
     160             :         void (*get_ino_and_lblk_bits)(struct super_block *sb,
     161             :                                       int *ino_bits_ret, int *lblk_bits_ret);
     162             : 
     163             :         /*
     164             :          * Return an array of pointers to the block devices to which the
     165             :          * filesystem may write encrypted file contents, NULL if the filesystem
     166             :          * only has a single such block device, or an ERR_PTR() on error.
     167             :          *
     168             :          * On successful non-NULL return, *num_devs is set to the number of
     169             :          * devices in the returned array.  The caller must free the returned
     170             :          * array using kfree().
     171             :          *
     172             :          * If the filesystem can use multiple block devices (other than block
     173             :          * devices that aren't used for encrypted file contents, such as
     174             :          * external journal devices), and wants to support inline encryption,
     175             :          * then it must implement this function.  Otherwise it's not needed.
     176             :          */
     177             :         struct block_device **(*get_devices)(struct super_block *sb,
     178             :                                              unsigned int *num_devs);
     179             : };
     180             : 
     181             : static inline struct fscrypt_info *fscrypt_get_info(const struct inode *inode)
     182             : {
     183             :         /*
     184             :          * Pairs with the cmpxchg_release() in fscrypt_setup_encryption_info().
     185             :          * I.e., another task may publish ->i_crypt_info concurrently, executing
     186             :          * a RELEASE barrier.  We need to use smp_load_acquire() here to safely
     187             :          * ACQUIRE the memory the other task published.
     188             :          */
     189             :         return smp_load_acquire(&inode->i_crypt_info);
     190             : }
     191             : 
     192             : /**
     193             :  * fscrypt_needs_contents_encryption() - check whether an inode needs
     194             :  *                                       contents encryption
     195             :  * @inode: the inode to check
     196             :  *
     197             :  * Return: %true iff the inode is an encrypted regular file and the kernel was
     198             :  * built with fscrypt support.
     199             :  *
     200             :  * If you need to know whether the encrypt bit is set even when the kernel was
     201             :  * built without fscrypt support, you must use IS_ENCRYPTED() directly instead.
     202             :  */
     203             : static inline bool fscrypt_needs_contents_encryption(const struct inode *inode)
     204             : {
     205             :         return IS_ENCRYPTED(inode) && S_ISREG(inode->i_mode);
     206             : }
     207             : 
     208             : /*
     209             :  * When d_splice_alias() moves a directory's no-key alias to its plaintext alias
     210             :  * as a result of the encryption key being added, DCACHE_NOKEY_NAME must be
     211             :  * cleared.  Note that we don't have to support arbitrary moves of this flag
     212             :  * because fscrypt doesn't allow no-key names to be the source or target of a
     213             :  * rename().
     214             :  */
     215             : static inline void fscrypt_handle_d_move(struct dentry *dentry)
     216             : {
     217             :         dentry->d_flags &= ~DCACHE_NOKEY_NAME;
     218             : }
     219             : 
     220             : /**
     221             :  * fscrypt_is_nokey_name() - test whether a dentry is a no-key name
     222             :  * @dentry: the dentry to check
     223             :  *
     224             :  * This returns true if the dentry is a no-key dentry.  A no-key dentry is a
     225             :  * dentry that was created in an encrypted directory that hasn't had its
     226             :  * encryption key added yet.  Such dentries may be either positive or negative.
     227             :  *
     228             :  * When a filesystem is asked to create a new filename in an encrypted directory
     229             :  * and the new filename's dentry is a no-key dentry, it must fail the operation
     230             :  * with ENOKEY.  This includes ->create(), ->mkdir(), ->mknod(), ->symlink(),
     231             :  * ->rename(), and ->link().  (However, ->rename() and ->link() are already
     232             :  * handled by fscrypt_prepare_rename() and fscrypt_prepare_link().)
     233             :  *
     234             :  * This is necessary because creating a filename requires the directory's
     235             :  * encryption key, but just checking for the key on the directory inode during
     236             :  * the final filesystem operation doesn't guarantee that the key was available
     237             :  * during the preceding dentry lookup.  And the key must have already been
     238             :  * available during the dentry lookup in order for it to have been checked
     239             :  * whether the filename already exists in the directory and for the new file's
     240             :  * dentry not to be invalidated due to it incorrectly having the no-key flag.
     241             :  *
     242             :  * Return: %true if the dentry is a no-key name
     243             :  */
     244             : static inline bool fscrypt_is_nokey_name(const struct dentry *dentry)
     245             : {
     246             :         return dentry->d_flags & DCACHE_NOKEY_NAME;
     247             : }
     248             : 
     249             : /* crypto.c */
     250             : void fscrypt_enqueue_decrypt_work(struct work_struct *);
     251             : 
     252             : struct page *fscrypt_encrypt_pagecache_blocks(struct page *page,
     253             :                                               unsigned int len,
     254             :                                               unsigned int offs,
     255             :                                               gfp_t gfp_flags);
     256             : int fscrypt_encrypt_block_inplace(const struct inode *inode, struct page *page,
     257             :                                   unsigned int len, unsigned int offs,
     258             :                                   u64 lblk_num, gfp_t gfp_flags);
     259             : 
     260             : int fscrypt_decrypt_pagecache_blocks(struct folio *folio, size_t len,
     261             :                                      size_t offs);
     262             : int fscrypt_decrypt_block_inplace(const struct inode *inode, struct page *page,
     263             :                                   unsigned int len, unsigned int offs,
     264             :                                   u64 lblk_num);
     265             : 
     266             : static inline bool fscrypt_is_bounce_page(struct page *page)
     267             : {
     268             :         return page->mapping == NULL;
     269             : }
     270             : 
     271             : static inline struct page *fscrypt_pagecache_page(struct page *bounce_page)
     272             : {
     273             :         return (struct page *)page_private(bounce_page);
     274             : }
     275             : 
     276             : void fscrypt_free_bounce_page(struct page *bounce_page);
     277             : 
     278             : /* policy.c */
     279             : int fscrypt_ioctl_set_policy(struct file *filp, const void __user *arg);
     280             : int fscrypt_ioctl_get_policy(struct file *filp, void __user *arg);
     281             : int fscrypt_ioctl_get_policy_ex(struct file *filp, void __user *arg);
     282             : int fscrypt_ioctl_get_nonce(struct file *filp, void __user *arg);
     283             : int fscrypt_has_permitted_context(struct inode *parent, struct inode *child);
     284             : int fscrypt_context_for_new_inode(void *ctx, struct inode *inode);
     285             : int fscrypt_set_context(struct inode *inode, void *fs_data);
     286             : 
     287             : struct fscrypt_dummy_policy {
     288             :         const union fscrypt_policy *policy;
     289             : };
     290             : 
     291             : int fscrypt_parse_test_dummy_encryption(const struct fs_parameter *param,
     292             :                                     struct fscrypt_dummy_policy *dummy_policy);
     293             : bool fscrypt_dummy_policies_equal(const struct fscrypt_dummy_policy *p1,
     294             :                                   const struct fscrypt_dummy_policy *p2);
     295             : void fscrypt_show_test_dummy_encryption(struct seq_file *seq, char sep,
     296             :                                         struct super_block *sb);
     297             : static inline bool
     298             : fscrypt_is_dummy_policy_set(const struct fscrypt_dummy_policy *dummy_policy)
     299             : {
     300             :         return dummy_policy->policy != NULL;
     301             : }
     302             : static inline void
     303             : fscrypt_free_dummy_policy(struct fscrypt_dummy_policy *dummy_policy)
     304             : {
     305             :         kfree(dummy_policy->policy);
     306             :         dummy_policy->policy = NULL;
     307             : }
     308             : 
     309             : /* keyring.c */
     310             : void fscrypt_destroy_keyring(struct super_block *sb);
     311             : int fscrypt_ioctl_add_key(struct file *filp, void __user *arg);
     312             : int fscrypt_ioctl_remove_key(struct file *filp, void __user *arg);
     313             : int fscrypt_ioctl_remove_key_all_users(struct file *filp, void __user *arg);
     314             : int fscrypt_ioctl_get_key_status(struct file *filp, void __user *arg);
     315             : 
     316             : /* keysetup.c */
     317             : int fscrypt_prepare_new_inode(struct inode *dir, struct inode *inode,
     318             :                               bool *encrypt_ret);
     319             : void fscrypt_put_encryption_info(struct inode *inode);
     320             : void fscrypt_free_inode(struct inode *inode);
     321             : int fscrypt_drop_inode(struct inode *inode);
     322             : 
     323             : /* fname.c */
     324             : int fscrypt_fname_encrypt(const struct inode *inode, const struct qstr *iname,
     325             :                           u8 *out, unsigned int olen);
     326             : bool fscrypt_fname_encrypted_size(const struct inode *inode, u32 orig_len,
     327             :                                   u32 max_len, u32 *encrypted_len_ret);
     328             : int fscrypt_setup_filename(struct inode *inode, const struct qstr *iname,
     329             :                            int lookup, struct fscrypt_name *fname);
     330             : 
     331             : static inline void fscrypt_free_filename(struct fscrypt_name *fname)
     332             : {
     333             :         kfree(fname->crypto_buf.name);
     334             : }
     335             : 
     336             : int fscrypt_fname_alloc_buffer(u32 max_encrypted_len,
     337             :                                struct fscrypt_str *crypto_str);
     338             : void fscrypt_fname_free_buffer(struct fscrypt_str *crypto_str);
     339             : int fscrypt_fname_disk_to_usr(const struct inode *inode,
     340             :                               u32 hash, u32 minor_hash,
     341             :                               const struct fscrypt_str *iname,
     342             :                               struct fscrypt_str *oname);
     343             : bool fscrypt_match_name(const struct fscrypt_name *fname,
     344             :                         const u8 *de_name, u32 de_name_len);
     345             : u64 fscrypt_fname_siphash(const struct inode *dir, const struct qstr *name);
     346             : int fscrypt_d_revalidate(struct dentry *dentry, unsigned int flags);
     347             : 
     348             : /* bio.c */
     349             : bool fscrypt_decrypt_bio(struct bio *bio);
     350             : int fscrypt_zeroout_range(const struct inode *inode, pgoff_t lblk,
     351             :                           sector_t pblk, unsigned int len);
     352             : 
     353             : /* hooks.c */
     354             : int fscrypt_file_open(struct inode *inode, struct file *filp);
     355             : int __fscrypt_prepare_link(struct inode *inode, struct inode *dir,
     356             :                            struct dentry *dentry);
     357             : int __fscrypt_prepare_rename(struct inode *old_dir, struct dentry *old_dentry,
     358             :                              struct inode *new_dir, struct dentry *new_dentry,
     359             :                              unsigned int flags);
     360             : int __fscrypt_prepare_lookup(struct inode *dir, struct dentry *dentry,
     361             :                              struct fscrypt_name *fname);
     362             : int __fscrypt_prepare_readdir(struct inode *dir);
     363             : int __fscrypt_prepare_setattr(struct dentry *dentry, struct iattr *attr);
     364             : int fscrypt_prepare_setflags(struct inode *inode,
     365             :                              unsigned int oldflags, unsigned int flags);
     366             : int fscrypt_prepare_symlink(struct inode *dir, const char *target,
     367             :                             unsigned int len, unsigned int max_len,
     368             :                             struct fscrypt_str *disk_link);
     369             : int __fscrypt_encrypt_symlink(struct inode *inode, const char *target,
     370             :                               unsigned int len, struct fscrypt_str *disk_link);
     371             : const char *fscrypt_get_symlink(struct inode *inode, const void *caddr,
     372             :                                 unsigned int max_size,
     373             :                                 struct delayed_call *done);
     374             : int fscrypt_symlink_getattr(const struct path *path, struct kstat *stat);
     375             : static inline void fscrypt_set_ops(struct super_block *sb,
     376             :                                    const struct fscrypt_operations *s_cop)
     377             : {
     378             :         sb->s_cop = s_cop;
     379             : }
     380             : #else  /* !CONFIG_FS_ENCRYPTION */
     381             : 
     382             : static inline struct fscrypt_info *fscrypt_get_info(const struct inode *inode)
     383             : {
     384             :         return NULL;
     385             : }
     386             : 
     387             : static inline bool fscrypt_needs_contents_encryption(const struct inode *inode)
     388             : {
     389             :         return false;
     390             : }
     391             : 
     392             : static inline void fscrypt_handle_d_move(struct dentry *dentry)
     393             : {
     394             : }
     395             : 
     396             : static inline bool fscrypt_is_nokey_name(const struct dentry *dentry)
     397             : {
     398             :         return false;
     399             : }
     400             : 
     401             : /* crypto.c */
     402             : static inline void fscrypt_enqueue_decrypt_work(struct work_struct *work)
     403             : {
     404             : }
     405             : 
     406             : static inline struct page *fscrypt_encrypt_pagecache_blocks(struct page *page,
     407             :                                                             unsigned int len,
     408             :                                                             unsigned int offs,
     409             :                                                             gfp_t gfp_flags)
     410             : {
     411             :         return ERR_PTR(-EOPNOTSUPP);
     412             : }
     413             : 
     414             : static inline int fscrypt_encrypt_block_inplace(const struct inode *inode,
     415             :                                                 struct page *page,
     416             :                                                 unsigned int len,
     417             :                                                 unsigned int offs, u64 lblk_num,
     418             :                                                 gfp_t gfp_flags)
     419             : {
     420             :         return -EOPNOTSUPP;
     421             : }
     422             : 
     423             : static inline int fscrypt_decrypt_pagecache_blocks(struct folio *folio,
     424             :                                                    size_t len, size_t offs)
     425             : {
     426             :         return -EOPNOTSUPP;
     427             : }
     428             : 
     429             : static inline int fscrypt_decrypt_block_inplace(const struct inode *inode,
     430             :                                                 struct page *page,
     431             :                                                 unsigned int len,
     432             :                                                 unsigned int offs, u64 lblk_num)
     433             : {
     434             :         return -EOPNOTSUPP;
     435             : }
     436             : 
     437             : static inline bool fscrypt_is_bounce_page(struct page *page)
     438             : {
     439             :         return false;
     440             : }
     441             : 
     442             : static inline struct page *fscrypt_pagecache_page(struct page *bounce_page)
     443             : {
     444             :         WARN_ON_ONCE(1);
     445             :         return ERR_PTR(-EINVAL);
     446             : }
     447             : 
     448             : static inline void fscrypt_free_bounce_page(struct page *bounce_page)
     449             : {
     450             : }
     451             : 
     452             : /* policy.c */
     453             : static inline int fscrypt_ioctl_set_policy(struct file *filp,
     454             :                                            const void __user *arg)
     455             : {
     456             :         return -EOPNOTSUPP;
     457             : }
     458             : 
     459             : static inline int fscrypt_ioctl_get_policy(struct file *filp, void __user *arg)
     460             : {
     461             :         return -EOPNOTSUPP;
     462             : }
     463             : 
     464             : static inline int fscrypt_ioctl_get_policy_ex(struct file *filp,
     465             :                                               void __user *arg)
     466             : {
     467             :         return -EOPNOTSUPP;
     468             : }
     469             : 
     470             : static inline int fscrypt_ioctl_get_nonce(struct file *filp, void __user *arg)
     471             : {
     472             :         return -EOPNOTSUPP;
     473             : }
     474             : 
     475             : static inline int fscrypt_has_permitted_context(struct inode *parent,
     476             :                                                 struct inode *child)
     477             : {
     478             :         return 0;
     479             : }
     480             : 
     481             : static inline int fscrypt_set_context(struct inode *inode, void *fs_data)
     482             : {
     483             :         return -EOPNOTSUPP;
     484             : }
     485             : 
     486             : struct fscrypt_dummy_policy {
     487             : };
     488             : 
     489             : static inline int
     490             : fscrypt_parse_test_dummy_encryption(const struct fs_parameter *param,
     491             :                                     struct fscrypt_dummy_policy *dummy_policy)
     492             : {
     493             :         return -EINVAL;
     494             : }
     495             : 
     496             : static inline bool
     497             : fscrypt_dummy_policies_equal(const struct fscrypt_dummy_policy *p1,
     498             :                              const struct fscrypt_dummy_policy *p2)
     499             : {
     500             :         return true;
     501             : }
     502             : 
     503             : static inline void fscrypt_show_test_dummy_encryption(struct seq_file *seq,
     504             :                                                       char sep,
     505             :                                                       struct super_block *sb)
     506             : {
     507             : }
     508             : 
     509             : static inline bool
     510             : fscrypt_is_dummy_policy_set(const struct fscrypt_dummy_policy *dummy_policy)
     511             : {
     512             :         return false;
     513             : }
     514             : 
     515             : static inline void
     516             : fscrypt_free_dummy_policy(struct fscrypt_dummy_policy *dummy_policy)
     517             : {
     518             : }
     519             : 
     520             : /* keyring.c */
     521             : static inline void fscrypt_destroy_keyring(struct super_block *sb)
     522             : {
     523             : }
     524             : 
     525             : static inline int fscrypt_ioctl_add_key(struct file *filp, void __user *arg)
     526             : {
     527             :         return -EOPNOTSUPP;
     528             : }
     529             : 
     530             : static inline int fscrypt_ioctl_remove_key(struct file *filp, void __user *arg)
     531             : {
     532             :         return -EOPNOTSUPP;
     533             : }
     534             : 
     535             : static inline int fscrypt_ioctl_remove_key_all_users(struct file *filp,
     536             :                                                      void __user *arg)
     537             : {
     538             :         return -EOPNOTSUPP;
     539             : }
     540             : 
     541             : static inline int fscrypt_ioctl_get_key_status(struct file *filp,
     542             :                                                void __user *arg)
     543             : {
     544             :         return -EOPNOTSUPP;
     545             : }
     546             : 
     547             : /* keysetup.c */
     548             : 
     549             : static inline int fscrypt_prepare_new_inode(struct inode *dir,
     550             :                                             struct inode *inode,
     551             :                                             bool *encrypt_ret)
     552             : {
     553             :         if (IS_ENCRYPTED(dir))
     554             :                 return -EOPNOTSUPP;
     555             :         return 0;
     556             : }
     557             : 
     558             : static inline void fscrypt_put_encryption_info(struct inode *inode)
     559             : {
     560             :         return;
     561             : }
     562             : 
     563             : static inline void fscrypt_free_inode(struct inode *inode)
     564             : {
     565             : }
     566             : 
     567             : static inline int fscrypt_drop_inode(struct inode *inode)
     568             : {
     569             :         return 0;
     570             : }
     571             : 
     572             :  /* fname.c */
     573             : static inline int fscrypt_setup_filename(struct inode *dir,
     574             :                                          const struct qstr *iname,
     575             :                                          int lookup, struct fscrypt_name *fname)
     576             : {
     577             :         if (IS_ENCRYPTED(dir))
     578             :                 return -EOPNOTSUPP;
     579             : 
     580             :         memset(fname, 0, sizeof(*fname));
     581             :         fname->usr_fname = iname;
     582             :         fname->disk_name.name = (unsigned char *)iname->name;
     583             :         fname->disk_name.len = iname->len;
     584             :         return 0;
     585             : }
     586             : 
     587             : static inline void fscrypt_free_filename(struct fscrypt_name *fname)
     588             : {
     589             :         return;
     590             : }
     591             : 
     592             : static inline int fscrypt_fname_alloc_buffer(u32 max_encrypted_len,
     593             :                                              struct fscrypt_str *crypto_str)
     594             : {
     595             :         return -EOPNOTSUPP;
     596             : }
     597             : 
     598             : static inline void fscrypt_fname_free_buffer(struct fscrypt_str *crypto_str)
     599             : {
     600             :         return;
     601             : }
     602             : 
     603             : static inline int fscrypt_fname_disk_to_usr(const struct inode *inode,
     604             :                                             u32 hash, u32 minor_hash,
     605             :                                             const struct fscrypt_str *iname,
     606             :                                             struct fscrypt_str *oname)
     607             : {
     608             :         return -EOPNOTSUPP;
     609             : }
     610             : 
     611             : static inline bool fscrypt_match_name(const struct fscrypt_name *fname,
     612             :                                       const u8 *de_name, u32 de_name_len)
     613             : {
     614             :         /* Encryption support disabled; use standard comparison */
     615             :         if (de_name_len != fname->disk_name.len)
     616             :                 return false;
     617             :         return !memcmp(de_name, fname->disk_name.name, fname->disk_name.len);
     618             : }
     619             : 
     620             : static inline u64 fscrypt_fname_siphash(const struct inode *dir,
     621             :                                         const struct qstr *name)
     622             : {
     623             :         WARN_ON_ONCE(1);
     624             :         return 0;
     625             : }
     626             : 
     627             : static inline int fscrypt_d_revalidate(struct dentry *dentry,
     628             :                                        unsigned int flags)
     629             : {
     630             :         return 1;
     631             : }
     632             : 
     633             : /* bio.c */
     634             : static inline bool fscrypt_decrypt_bio(struct bio *bio)
     635             : {
     636             :         return true;
     637             : }
     638             : 
     639             : static inline int fscrypt_zeroout_range(const struct inode *inode, pgoff_t lblk,
     640             :                                         sector_t pblk, unsigned int len)
     641             : {
     642             :         return -EOPNOTSUPP;
     643             : }
     644             : 
     645             : /* hooks.c */
     646             : 
     647             : static inline int fscrypt_file_open(struct inode *inode, struct file *filp)
     648             : {
     649             :         if (IS_ENCRYPTED(inode))
     650             :                 return -EOPNOTSUPP;
     651             :         return 0;
     652             : }
     653             : 
     654             : static inline int __fscrypt_prepare_link(struct inode *inode, struct inode *dir,
     655             :                                          struct dentry *dentry)
     656             : {
     657             :         return -EOPNOTSUPP;
     658             : }
     659             : 
     660             : static inline int __fscrypt_prepare_rename(struct inode *old_dir,
     661             :                                            struct dentry *old_dentry,
     662             :                                            struct inode *new_dir,
     663             :                                            struct dentry *new_dentry,
     664             :                                            unsigned int flags)
     665             : {
     666             :         return -EOPNOTSUPP;
     667             : }
     668             : 
     669             : static inline int __fscrypt_prepare_lookup(struct inode *dir,
     670             :                                            struct dentry *dentry,
     671             :                                            struct fscrypt_name *fname)
     672             : {
     673             :         return -EOPNOTSUPP;
     674             : }
     675             : 
     676             : static inline int __fscrypt_prepare_readdir(struct inode *dir)
     677             : {
     678             :         return -EOPNOTSUPP;
     679             : }
     680             : 
     681             : static inline int __fscrypt_prepare_setattr(struct dentry *dentry,
     682             :                                             struct iattr *attr)
     683             : {
     684             :         return -EOPNOTSUPP;
     685             : }
     686             : 
     687             : static inline int fscrypt_prepare_setflags(struct inode *inode,
     688             :                                            unsigned int oldflags,
     689             :                                            unsigned int flags)
     690             : {
     691             :         return 0;
     692             : }
     693             : 
     694             : static inline int fscrypt_prepare_symlink(struct inode *dir,
     695             :                                           const char *target,
     696             :                                           unsigned int len,
     697             :                                           unsigned int max_len,
     698             :                                           struct fscrypt_str *disk_link)
     699             : {
     700             :         if (IS_ENCRYPTED(dir))
     701             :                 return -EOPNOTSUPP;
     702             :         disk_link->name = (unsigned char *)target;
     703             :         disk_link->len = len + 1;
     704             :         if (disk_link->len > max_len)
     705             :                 return -ENAMETOOLONG;
     706             :         return 0;
     707             : }
     708             : 
     709             : static inline int __fscrypt_encrypt_symlink(struct inode *inode,
     710             :                                             const char *target,
     711             :                                             unsigned int len,
     712             :                                             struct fscrypt_str *disk_link)
     713             : {
     714             :         return -EOPNOTSUPP;
     715             : }
     716             : 
     717             : static inline const char *fscrypt_get_symlink(struct inode *inode,
     718             :                                               const void *caddr,
     719             :                                               unsigned int max_size,
     720             :                                               struct delayed_call *done)
     721             : {
     722             :         return ERR_PTR(-EOPNOTSUPP);
     723             : }
     724             : 
     725             : static inline int fscrypt_symlink_getattr(const struct path *path,
     726             :                                           struct kstat *stat)
     727             : {
     728             :         return -EOPNOTSUPP;
     729             : }
     730             : 
     731             : static inline void fscrypt_set_ops(struct super_block *sb,
     732             :                                    const struct fscrypt_operations *s_cop)
     733             : {
     734             : }
     735             : 
     736             : #endif  /* !CONFIG_FS_ENCRYPTION */
     737             : 
     738             : /* inline_crypt.c */
     739             : #ifdef CONFIG_FS_ENCRYPTION_INLINE_CRYPT
     740             : 
     741             : bool __fscrypt_inode_uses_inline_crypto(const struct inode *inode);
     742             : 
     743             : void fscrypt_set_bio_crypt_ctx(struct bio *bio,
     744             :                                const struct inode *inode, u64 first_lblk,
     745             :                                gfp_t gfp_mask);
     746             : 
     747             : void fscrypt_set_bio_crypt_ctx_bh(struct bio *bio,
     748             :                                   const struct buffer_head *first_bh,
     749             :                                   gfp_t gfp_mask);
     750             : 
     751             : bool fscrypt_mergeable_bio(struct bio *bio, const struct inode *inode,
     752             :                            u64 next_lblk);
     753             : 
     754             : bool fscrypt_mergeable_bio_bh(struct bio *bio,
     755             :                               const struct buffer_head *next_bh);
     756             : 
     757             : bool fscrypt_dio_supported(struct inode *inode);
     758             : 
     759             : u64 fscrypt_limit_io_blocks(const struct inode *inode, u64 lblk, u64 nr_blocks);
     760             : 
     761             : #else /* CONFIG_FS_ENCRYPTION_INLINE_CRYPT */
     762             : 
     763             : static inline bool __fscrypt_inode_uses_inline_crypto(const struct inode *inode)
     764             : {
     765             :         return false;
     766             : }
     767             : 
     768             : static inline void fscrypt_set_bio_crypt_ctx(struct bio *bio,
     769             :                                              const struct inode *inode,
     770             :                                              u64 first_lblk, gfp_t gfp_mask) { }
     771             : 
     772             : static inline void fscrypt_set_bio_crypt_ctx_bh(
     773             :                                          struct bio *bio,
     774             :                                          const struct buffer_head *first_bh,
     775             :                                          gfp_t gfp_mask) { }
     776             : 
     777             : static inline bool fscrypt_mergeable_bio(struct bio *bio,
     778             :                                          const struct inode *inode,
     779             :                                          u64 next_lblk)
     780             : {
     781             :         return true;
     782             : }
     783             : 
     784             : static inline bool fscrypt_mergeable_bio_bh(struct bio *bio,
     785             :                                             const struct buffer_head *next_bh)
     786             : {
     787             :         return true;
     788             : }
     789             : 
     790             : static inline bool fscrypt_dio_supported(struct inode *inode)
     791             : {
     792             :         return !fscrypt_needs_contents_encryption(inode);
     793             : }
     794             : 
     795             : static inline u64 fscrypt_limit_io_blocks(const struct inode *inode, u64 lblk,
     796             :                                           u64 nr_blocks)
     797             : {
     798             :         return nr_blocks;
     799             : }
     800             : #endif /* !CONFIG_FS_ENCRYPTION_INLINE_CRYPT */
     801             : 
     802             : /**
     803             :  * fscrypt_inode_uses_inline_crypto() - test whether an inode uses inline
     804             :  *                                      encryption
     805             :  * @inode: an inode. If encrypted, its key must be set up.
     806             :  *
     807             :  * Return: true if the inode requires file contents encryption and if the
     808             :  *         encryption should be done in the block layer via blk-crypto rather
     809             :  *         than in the filesystem layer.
     810             :  */
     811             : static inline bool fscrypt_inode_uses_inline_crypto(const struct inode *inode)
     812             : {
     813             :         return fscrypt_needs_contents_encryption(inode) &&
     814             :                __fscrypt_inode_uses_inline_crypto(inode);
     815             : }
     816             : 
     817             : /**
     818             :  * fscrypt_inode_uses_fs_layer_crypto() - test whether an inode uses fs-layer
     819             :  *                                        encryption
     820             :  * @inode: an inode. If encrypted, its key must be set up.
     821             :  *
     822             :  * Return: true if the inode requires file contents encryption and if the
     823             :  *         encryption should be done in the filesystem layer rather than in the
     824             :  *         block layer via blk-crypto.
     825             :  */
     826             : static inline bool fscrypt_inode_uses_fs_layer_crypto(const struct inode *inode)
     827             : {
     828           0 :         return fscrypt_needs_contents_encryption(inode) &&
     829             :                !__fscrypt_inode_uses_inline_crypto(inode);
     830             : }
     831             : 
     832             : /**
     833             :  * fscrypt_has_encryption_key() - check whether an inode has had its key set up
     834             :  * @inode: the inode to check
     835             :  *
     836             :  * Return: %true if the inode has had its encryption key set up, else %false.
     837             :  *
     838             :  * Usually this should be preceded by fscrypt_get_encryption_info() to try to
     839             :  * set up the key first.
     840             :  */
     841             : static inline bool fscrypt_has_encryption_key(const struct inode *inode)
     842             : {
     843             :         return fscrypt_get_info(inode) != NULL;
     844             : }
     845             : 
     846             : /**
     847             :  * fscrypt_prepare_link() - prepare to link an inode into a possibly-encrypted
     848             :  *                          directory
     849             :  * @old_dentry: an existing dentry for the inode being linked
     850             :  * @dir: the target directory
     851             :  * @dentry: negative dentry for the target filename
     852             :  *
     853             :  * A new link can only be added to an encrypted directory if the directory's
     854             :  * encryption key is available --- since otherwise we'd have no way to encrypt
     855             :  * the filename.
     856             :  *
     857             :  * We also verify that the link will not violate the constraint that all files
     858             :  * in an encrypted directory tree use the same encryption policy.
     859             :  *
     860             :  * Return: 0 on success, -ENOKEY if the directory's encryption key is missing,
     861             :  * -EXDEV if the link would result in an inconsistent encryption policy, or
     862             :  * another -errno code.
     863             :  */
     864             : static inline int fscrypt_prepare_link(struct dentry *old_dentry,
     865             :                                        struct inode *dir,
     866             :                                        struct dentry *dentry)
     867             : {
     868             :         if (IS_ENCRYPTED(dir))
     869             :                 return __fscrypt_prepare_link(d_inode(old_dentry), dir, dentry);
     870             :         return 0;
     871             : }
     872             : 
     873             : /**
     874             :  * fscrypt_prepare_rename() - prepare for a rename between possibly-encrypted
     875             :  *                            directories
     876             :  * @old_dir: source directory
     877             :  * @old_dentry: dentry for source file
     878             :  * @new_dir: target directory
     879             :  * @new_dentry: dentry for target location (may be negative unless exchanging)
     880             :  * @flags: rename flags (we care at least about %RENAME_EXCHANGE)
     881             :  *
     882             :  * Prepare for ->rename() where the source and/or target directories may be
     883             :  * encrypted.  A new link can only be added to an encrypted directory if the
     884             :  * directory's encryption key is available --- since otherwise we'd have no way
     885             :  * to encrypt the filename.  A rename to an existing name, on the other hand,
     886             :  * *is* cryptographically possible without the key.  However, we take the more
     887             :  * conservative approach and just forbid all no-key renames.
     888             :  *
     889             :  * We also verify that the rename will not violate the constraint that all files
     890             :  * in an encrypted directory tree use the same encryption policy.
     891             :  *
     892             :  * Return: 0 on success, -ENOKEY if an encryption key is missing, -EXDEV if the
     893             :  * rename would cause inconsistent encryption policies, or another -errno code.
     894             :  */
     895             : static inline int fscrypt_prepare_rename(struct inode *old_dir,
     896             :                                          struct dentry *old_dentry,
     897             :                                          struct inode *new_dir,
     898             :                                          struct dentry *new_dentry,
     899             :                                          unsigned int flags)
     900             : {
     901             :         if (IS_ENCRYPTED(old_dir) || IS_ENCRYPTED(new_dir))
     902             :                 return __fscrypt_prepare_rename(old_dir, old_dentry,
     903             :                                                 new_dir, new_dentry, flags);
     904             :         return 0;
     905             : }
     906             : 
     907             : /**
     908             :  * fscrypt_prepare_lookup() - prepare to lookup a name in a possibly-encrypted
     909             :  *                            directory
     910             :  * @dir: directory being searched
     911             :  * @dentry: filename being looked up
     912             :  * @fname: (output) the name to use to search the on-disk directory
     913             :  *
     914             :  * Prepare for ->lookup() in a directory which may be encrypted by determining
     915             :  * the name that will actually be used to search the directory on-disk.  If the
     916             :  * directory's encryption policy is supported by this kernel and its encryption
     917             :  * key is available, then the lookup is assumed to be by plaintext name;
     918             :  * otherwise, it is assumed to be by no-key name.
     919             :  *
     920             :  * This will set DCACHE_NOKEY_NAME on the dentry if the lookup is by no-key
     921             :  * name.  In this case the filesystem must assign the dentry a dentry_operations
     922             :  * which contains fscrypt_d_revalidate (or contains a d_revalidate method that
     923             :  * calls fscrypt_d_revalidate), so that the dentry will be invalidated if the
     924             :  * directory's encryption key is later added.
     925             :  *
     926             :  * Return: 0 on success; -ENOENT if the directory's key is unavailable but the
     927             :  * filename isn't a valid no-key name, so a negative dentry should be created;
     928             :  * or another -errno code.
     929             :  */
     930             : static inline int fscrypt_prepare_lookup(struct inode *dir,
     931             :                                          struct dentry *dentry,
     932             :                                          struct fscrypt_name *fname)
     933             : {
     934             :         if (IS_ENCRYPTED(dir))
     935             :                 return __fscrypt_prepare_lookup(dir, dentry, fname);
     936             : 
     937             :         memset(fname, 0, sizeof(*fname));
     938             :         fname->usr_fname = &dentry->d_name;
     939             :         fname->disk_name.name = (unsigned char *)dentry->d_name.name;
     940             :         fname->disk_name.len = dentry->d_name.len;
     941             :         return 0;
     942             : }
     943             : 
     944             : /**
     945             :  * fscrypt_prepare_readdir() - prepare to read a possibly-encrypted directory
     946             :  * @dir: the directory inode
     947             :  *
     948             :  * If the directory is encrypted and it doesn't already have its encryption key
     949             :  * set up, try to set it up so that the filenames will be listed in plaintext
     950             :  * form rather than in no-key form.
     951             :  *
     952             :  * Return: 0 on success; -errno on error.  Note that the encryption key being
     953             :  *         unavailable is not considered an error.  It is also not an error if
     954             :  *         the encryption policy is unsupported by this kernel; that is treated
     955             :  *         like the key being unavailable, so that files can still be deleted.
     956             :  */
     957             : static inline int fscrypt_prepare_readdir(struct inode *dir)
     958             : {
     959             :         if (IS_ENCRYPTED(dir))
     960             :                 return __fscrypt_prepare_readdir(dir);
     961             :         return 0;
     962             : }
     963             : 
     964             : /**
     965             :  * fscrypt_prepare_setattr() - prepare to change a possibly-encrypted inode's
     966             :  *                             attributes
     967             :  * @dentry: dentry through which the inode is being changed
     968             :  * @attr: attributes to change
     969             :  *
     970             :  * Prepare for ->setattr() on a possibly-encrypted inode.  On an encrypted file,
     971             :  * most attribute changes are allowed even without the encryption key.  However,
     972             :  * without the encryption key we do have to forbid truncates.  This is needed
     973             :  * because the size being truncated to may not be a multiple of the filesystem
     974             :  * block size, and in that case we'd have to decrypt the final block, zero the
     975             :  * portion past i_size, and re-encrypt it.  (We *could* allow truncating to a
     976             :  * filesystem block boundary, but it's simpler to just forbid all truncates ---
     977             :  * and we already forbid all other contents modifications without the key.)
     978             :  *
     979             :  * Return: 0 on success, -ENOKEY if the key is missing, or another -errno code
     980             :  * if a problem occurred while setting up the encryption key.
     981             :  */
     982             : static inline int fscrypt_prepare_setattr(struct dentry *dentry,
     983             :                                           struct iattr *attr)
     984             : {
     985             :         if (IS_ENCRYPTED(d_inode(dentry)))
     986             :                 return __fscrypt_prepare_setattr(dentry, attr);
     987             :         return 0;
     988             : }
     989             : 
     990             : /**
     991             :  * fscrypt_encrypt_symlink() - encrypt the symlink target if needed
     992             :  * @inode: symlink inode
     993             :  * @target: plaintext symlink target
     994             :  * @len: length of @target excluding null terminator
     995             :  * @disk_link: (in/out) the on-disk symlink target being prepared
     996             :  *
     997             :  * If the symlink target needs to be encrypted, then this function encrypts it
     998             :  * into @disk_link->name.  fscrypt_prepare_symlink() must have been called
     999             :  * previously to compute @disk_link->len.  If the filesystem did not allocate a
    1000             :  * buffer for @disk_link->name after calling fscrypt_prepare_link(), then one
    1001             :  * will be kmalloc()'ed and the filesystem will be responsible for freeing it.
    1002             :  *
    1003             :  * Return: 0 on success, -errno on failure
    1004             :  */
    1005             : static inline int fscrypt_encrypt_symlink(struct inode *inode,
    1006             :                                           const char *target,
    1007             :                                           unsigned int len,
    1008             :                                           struct fscrypt_str *disk_link)
    1009             : {
    1010             :         if (IS_ENCRYPTED(inode))
    1011             :                 return __fscrypt_encrypt_symlink(inode, target, len, disk_link);
    1012             :         return 0;
    1013             : }
    1014             : 
    1015             : /* If *pagep is a bounce page, free it and set *pagep to the pagecache page */
    1016             : static inline void fscrypt_finalize_bounce_page(struct page **pagep)
    1017             : {
    1018             :         struct page *page = *pagep;
    1019             : 
    1020             :         if (fscrypt_is_bounce_page(page)) {
    1021             :                 *pagep = fscrypt_pagecache_page(page);
    1022             :                 fscrypt_free_bounce_page(page);
    1023             :         }
    1024             : }
    1025             : 
    1026             : #endif  /* _LINUX_FSCRYPT_H */

Generated by: LCOV version 1.14