mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2024-11-17 09:14:19 +08:00
3aeb86ea4c
When failing to read the lower file's crypto metadata during a lookup, eCryptfs must continue on without throwing an error. For example, there may be a plaintext file in the lower mount point that the user wants to delete through the eCryptfs mount. If an error is encountered while reading the metadata in lookup(), the eCryptfs inode's size could be incorrect. We must be sure to reread the plaintext inode size from the metadata when performing an open() or setattr(). The metadata is already being read in those paths, so this adds minimal performance overhead. This patch introduces a flag which will track whether or not the plaintext inode size has been read so that an incorrect i_size can be fixed in the open() or setattr() paths. https://bugs.launchpad.net/bugs/509180 Cc: <stable@kernel.org> Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
359 lines
10 KiB
C
359 lines
10 KiB
C
/**
|
|
* eCryptfs: Linux filesystem encryption layer
|
|
*
|
|
* Copyright (C) 1997-2004 Erez Zadok
|
|
* Copyright (C) 2001-2004 Stony Brook University
|
|
* Copyright (C) 2004-2007 International Business Machines Corp.
|
|
* Author(s): Michael A. Halcrow <mhalcrow@us.ibm.com>
|
|
* Michael C. Thompson <mcthomps@us.ibm.com>
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public License as
|
|
* published by the Free Software Foundation; either version 2 of the
|
|
* License, or (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful, but
|
|
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, write to the Free Software
|
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
|
|
* 02111-1307, USA.
|
|
*/
|
|
|
|
#include <linux/file.h>
|
|
#include <linux/poll.h>
|
|
#include <linux/slab.h>
|
|
#include <linux/mount.h>
|
|
#include <linux/pagemap.h>
|
|
#include <linux/security.h>
|
|
#include <linux/compat.h>
|
|
#include <linux/fs_stack.h>
|
|
#include "ecryptfs_kernel.h"
|
|
|
|
/**
|
|
* ecryptfs_read_update_atime
|
|
*
|
|
* generic_file_read updates the atime of upper layer inode. But, it
|
|
* doesn't give us a chance to update the atime of the lower layer
|
|
* inode. This function is a wrapper to generic_file_read. It
|
|
* updates the atime of the lower level inode if generic_file_read
|
|
* returns without any errors. This is to be used only for file reads.
|
|
* The function to be used for directory reads is ecryptfs_read.
|
|
*/
|
|
static ssize_t ecryptfs_read_update_atime(struct kiocb *iocb,
|
|
const struct iovec *iov,
|
|
unsigned long nr_segs, loff_t pos)
|
|
{
|
|
ssize_t rc;
|
|
struct dentry *lower_dentry;
|
|
struct vfsmount *lower_vfsmount;
|
|
struct file *file = iocb->ki_filp;
|
|
|
|
rc = generic_file_aio_read(iocb, iov, nr_segs, pos);
|
|
/*
|
|
* Even though this is a async interface, we need to wait
|
|
* for IO to finish to update atime
|
|
*/
|
|
if (-EIOCBQUEUED == rc)
|
|
rc = wait_on_sync_kiocb(iocb);
|
|
if (rc >= 0) {
|
|
lower_dentry = ecryptfs_dentry_to_lower(file->f_path.dentry);
|
|
lower_vfsmount = ecryptfs_dentry_to_lower_mnt(file->f_path.dentry);
|
|
touch_atime(lower_vfsmount, lower_dentry);
|
|
}
|
|
return rc;
|
|
}
|
|
|
|
struct ecryptfs_getdents_callback {
|
|
void *dirent;
|
|
struct dentry *dentry;
|
|
filldir_t filldir;
|
|
int filldir_called;
|
|
int entries_written;
|
|
};
|
|
|
|
/* Inspired by generic filldir in fs/readdir.c */
|
|
static int
|
|
ecryptfs_filldir(void *dirent, const char *lower_name, int lower_namelen,
|
|
loff_t offset, u64 ino, unsigned int d_type)
|
|
{
|
|
struct ecryptfs_getdents_callback *buf =
|
|
(struct ecryptfs_getdents_callback *)dirent;
|
|
size_t name_size;
|
|
char *name;
|
|
int rc;
|
|
|
|
buf->filldir_called++;
|
|
rc = ecryptfs_decode_and_decrypt_filename(&name, &name_size,
|
|
buf->dentry, lower_name,
|
|
lower_namelen);
|
|
if (rc) {
|
|
printk(KERN_ERR "%s: Error attempting to decode and decrypt "
|
|
"filename [%s]; rc = [%d]\n", __func__, lower_name,
|
|
rc);
|
|
goto out;
|
|
}
|
|
rc = buf->filldir(buf->dirent, name, name_size, offset, ino, d_type);
|
|
kfree(name);
|
|
if (rc >= 0)
|
|
buf->entries_written++;
|
|
out:
|
|
return rc;
|
|
}
|
|
|
|
/**
|
|
* ecryptfs_readdir
|
|
* @file: The eCryptfs directory file
|
|
* @dirent: Directory entry handle
|
|
* @filldir: The filldir callback function
|
|
*/
|
|
static int ecryptfs_readdir(struct file *file, void *dirent, filldir_t filldir)
|
|
{
|
|
int rc;
|
|
struct file *lower_file;
|
|
struct inode *inode;
|
|
struct ecryptfs_getdents_callback buf;
|
|
|
|
lower_file = ecryptfs_file_to_lower(file);
|
|
lower_file->f_pos = file->f_pos;
|
|
inode = file->f_path.dentry->d_inode;
|
|
memset(&buf, 0, sizeof(buf));
|
|
buf.dirent = dirent;
|
|
buf.dentry = file->f_path.dentry;
|
|
buf.filldir = filldir;
|
|
buf.filldir_called = 0;
|
|
buf.entries_written = 0;
|
|
rc = vfs_readdir(lower_file, ecryptfs_filldir, (void *)&buf);
|
|
file->f_pos = lower_file->f_pos;
|
|
if (rc < 0)
|
|
goto out;
|
|
if (buf.filldir_called && !buf.entries_written)
|
|
goto out;
|
|
if (rc >= 0)
|
|
fsstack_copy_attr_atime(inode,
|
|
lower_file->f_path.dentry->d_inode);
|
|
out:
|
|
return rc;
|
|
}
|
|
|
|
struct kmem_cache *ecryptfs_file_info_cache;
|
|
|
|
/**
|
|
* ecryptfs_open
|
|
* @inode: inode speciying file to open
|
|
* @file: Structure to return filled in
|
|
*
|
|
* Opens the file specified by inode.
|
|
*
|
|
* Returns zero on success; non-zero otherwise
|
|
*/
|
|
static int ecryptfs_open(struct inode *inode, struct file *file)
|
|
{
|
|
int rc = 0;
|
|
struct ecryptfs_crypt_stat *crypt_stat = NULL;
|
|
struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
|
|
struct dentry *ecryptfs_dentry = file->f_path.dentry;
|
|
/* Private value of ecryptfs_dentry allocated in
|
|
* ecryptfs_lookup() */
|
|
struct dentry *lower_dentry;
|
|
struct ecryptfs_file_info *file_info;
|
|
|
|
mount_crypt_stat = &ecryptfs_superblock_to_private(
|
|
ecryptfs_dentry->d_sb)->mount_crypt_stat;
|
|
if ((mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED)
|
|
&& ((file->f_flags & O_WRONLY) || (file->f_flags & O_RDWR)
|
|
|| (file->f_flags & O_CREAT) || (file->f_flags & O_TRUNC)
|
|
|| (file->f_flags & O_APPEND))) {
|
|
printk(KERN_WARNING "Mount has encrypted view enabled; "
|
|
"files may only be read\n");
|
|
rc = -EPERM;
|
|
goto out;
|
|
}
|
|
/* Released in ecryptfs_release or end of function if failure */
|
|
file_info = kmem_cache_zalloc(ecryptfs_file_info_cache, GFP_KERNEL);
|
|
ecryptfs_set_file_private(file, file_info);
|
|
if (!file_info) {
|
|
ecryptfs_printk(KERN_ERR,
|
|
"Error attempting to allocate memory\n");
|
|
rc = -ENOMEM;
|
|
goto out;
|
|
}
|
|
lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry);
|
|
crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat;
|
|
mutex_lock(&crypt_stat->cs_mutex);
|
|
if (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED)) {
|
|
ecryptfs_printk(KERN_DEBUG, "Setting flags for stat...\n");
|
|
/* Policy code enabled in future release */
|
|
crypt_stat->flags |= (ECRYPTFS_POLICY_APPLIED
|
|
| ECRYPTFS_ENCRYPTED);
|
|
}
|
|
mutex_unlock(&crypt_stat->cs_mutex);
|
|
rc = ecryptfs_get_lower_file(ecryptfs_dentry);
|
|
if (rc) {
|
|
printk(KERN_ERR "%s: Error attempting to initialize "
|
|
"the lower file for the dentry with name "
|
|
"[%s]; rc = [%d]\n", __func__,
|
|
ecryptfs_dentry->d_name.name, rc);
|
|
goto out_free;
|
|
}
|
|
if ((ecryptfs_inode_to_private(inode)->lower_file->f_flags & O_ACCMODE)
|
|
== O_RDONLY && (file->f_flags & O_ACCMODE) != O_RDONLY) {
|
|
rc = -EPERM;
|
|
printk(KERN_WARNING "%s: Lower file is RO; eCryptfs "
|
|
"file must hence be opened RO\n", __func__);
|
|
goto out_put;
|
|
}
|
|
ecryptfs_set_file_lower(
|
|
file, ecryptfs_inode_to_private(inode)->lower_file);
|
|
if (S_ISDIR(ecryptfs_dentry->d_inode->i_mode)) {
|
|
ecryptfs_printk(KERN_DEBUG, "This is a directory\n");
|
|
mutex_lock(&crypt_stat->cs_mutex);
|
|
crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
|
|
mutex_unlock(&crypt_stat->cs_mutex);
|
|
rc = 0;
|
|
goto out;
|
|
}
|
|
mutex_lock(&crypt_stat->cs_mutex);
|
|
if (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED)
|
|
|| !(crypt_stat->flags & ECRYPTFS_KEY_VALID)) {
|
|
rc = ecryptfs_read_metadata(ecryptfs_dentry);
|
|
if (rc) {
|
|
ecryptfs_printk(KERN_DEBUG,
|
|
"Valid headers not found\n");
|
|
if (!(mount_crypt_stat->flags
|
|
& ECRYPTFS_PLAINTEXT_PASSTHROUGH_ENABLED)) {
|
|
rc = -EIO;
|
|
printk(KERN_WARNING "Either the lower file "
|
|
"is not in a valid eCryptfs format, "
|
|
"or the key could not be retrieved. "
|
|
"Plaintext passthrough mode is not "
|
|
"enabled; returning -EIO\n");
|
|
mutex_unlock(&crypt_stat->cs_mutex);
|
|
goto out_put;
|
|
}
|
|
rc = 0;
|
|
crypt_stat->flags &= ~(ECRYPTFS_I_SIZE_INITIALIZED
|
|
| ECRYPTFS_ENCRYPTED);
|
|
mutex_unlock(&crypt_stat->cs_mutex);
|
|
goto out;
|
|
}
|
|
}
|
|
mutex_unlock(&crypt_stat->cs_mutex);
|
|
ecryptfs_printk(KERN_DEBUG, "inode w/ addr = [0x%p], i_ino = "
|
|
"[0x%.16lx] size: [0x%.16llx]\n", inode, inode->i_ino,
|
|
(unsigned long long)i_size_read(inode));
|
|
goto out;
|
|
out_put:
|
|
ecryptfs_put_lower_file(inode);
|
|
out_free:
|
|
kmem_cache_free(ecryptfs_file_info_cache,
|
|
ecryptfs_file_to_private(file));
|
|
out:
|
|
return rc;
|
|
}
|
|
|
|
static int ecryptfs_flush(struct file *file, fl_owner_t td)
|
|
{
|
|
return file->f_mode & FMODE_WRITE
|
|
? filemap_write_and_wait(file->f_mapping) : 0;
|
|
}
|
|
|
|
static int ecryptfs_release(struct inode *inode, struct file *file)
|
|
{
|
|
ecryptfs_put_lower_file(inode);
|
|
kmem_cache_free(ecryptfs_file_info_cache,
|
|
ecryptfs_file_to_private(file));
|
|
return 0;
|
|
}
|
|
|
|
static int
|
|
ecryptfs_fsync(struct file *file, int datasync)
|
|
{
|
|
int rc = 0;
|
|
|
|
rc = generic_file_fsync(file, datasync);
|
|
if (rc)
|
|
goto out;
|
|
rc = vfs_fsync(ecryptfs_file_to_lower(file), datasync);
|
|
out:
|
|
return rc;
|
|
}
|
|
|
|
static int ecryptfs_fasync(int fd, struct file *file, int flag)
|
|
{
|
|
int rc = 0;
|
|
struct file *lower_file = NULL;
|
|
|
|
lower_file = ecryptfs_file_to_lower(file);
|
|
if (lower_file->f_op && lower_file->f_op->fasync)
|
|
rc = lower_file->f_op->fasync(fd, lower_file, flag);
|
|
return rc;
|
|
}
|
|
|
|
static long
|
|
ecryptfs_unlocked_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
|
|
{
|
|
struct file *lower_file = NULL;
|
|
long rc = -ENOTTY;
|
|
|
|
if (ecryptfs_file_to_private(file))
|
|
lower_file = ecryptfs_file_to_lower(file);
|
|
if (lower_file && lower_file->f_op && lower_file->f_op->unlocked_ioctl)
|
|
rc = lower_file->f_op->unlocked_ioctl(lower_file, cmd, arg);
|
|
return rc;
|
|
}
|
|
|
|
#ifdef CONFIG_COMPAT
|
|
static long
|
|
ecryptfs_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
|
|
{
|
|
struct file *lower_file = NULL;
|
|
long rc = -ENOIOCTLCMD;
|
|
|
|
if (ecryptfs_file_to_private(file))
|
|
lower_file = ecryptfs_file_to_lower(file);
|
|
if (lower_file && lower_file->f_op && lower_file->f_op->compat_ioctl)
|
|
rc = lower_file->f_op->compat_ioctl(lower_file, cmd, arg);
|
|
return rc;
|
|
}
|
|
#endif
|
|
|
|
const struct file_operations ecryptfs_dir_fops = {
|
|
.readdir = ecryptfs_readdir,
|
|
.read = generic_read_dir,
|
|
.unlocked_ioctl = ecryptfs_unlocked_ioctl,
|
|
#ifdef CONFIG_COMPAT
|
|
.compat_ioctl = ecryptfs_compat_ioctl,
|
|
#endif
|
|
.open = ecryptfs_open,
|
|
.flush = ecryptfs_flush,
|
|
.release = ecryptfs_release,
|
|
.fsync = ecryptfs_fsync,
|
|
.fasync = ecryptfs_fasync,
|
|
.splice_read = generic_file_splice_read,
|
|
.llseek = default_llseek,
|
|
};
|
|
|
|
const struct file_operations ecryptfs_main_fops = {
|
|
.llseek = generic_file_llseek,
|
|
.read = do_sync_read,
|
|
.aio_read = ecryptfs_read_update_atime,
|
|
.write = do_sync_write,
|
|
.aio_write = generic_file_aio_write,
|
|
.readdir = ecryptfs_readdir,
|
|
.unlocked_ioctl = ecryptfs_unlocked_ioctl,
|
|
#ifdef CONFIG_COMPAT
|
|
.compat_ioctl = ecryptfs_compat_ioctl,
|
|
#endif
|
|
.mmap = generic_file_mmap,
|
|
.open = ecryptfs_open,
|
|
.flush = ecryptfs_flush,
|
|
.release = ecryptfs_release,
|
|
.fsync = ecryptfs_fsync,
|
|
.fasync = ecryptfs_fasync,
|
|
.splice_read = generic_file_splice_read,
|
|
};
|