1 // SPDX-License-Identifier: GPL-2.0
2 
3 #include <linux/quotaops.h>
4 #include <linux/uuid.h>
5 
6 #include "ext4.h"
7 #include "xattr.h"
8 #include "ext4_jbd2.h"
9 
ext4_fname_from_fscrypt_name(struct ext4_filename * dst,const struct fscrypt_name * src)10 static void ext4_fname_from_fscrypt_name(struct ext4_filename *dst,
11 					 const struct fscrypt_name *src)
12 {
13 	memset(dst, 0, sizeof(*dst));
14 
15 	dst->usr_fname = src->usr_fname;
16 	dst->disk_name = src->disk_name;
17 	dst->hinfo.hash = src->hash;
18 	dst->hinfo.minor_hash = src->minor_hash;
19 	dst->crypto_buf = src->crypto_buf;
20 }
21 
ext4_fname_setup_filename(struct inode * dir,const struct qstr * iname,int lookup,struct ext4_filename * fname)22 int ext4_fname_setup_filename(struct inode *dir, const struct qstr *iname,
23 			      int lookup, struct ext4_filename *fname)
24 {
25 	struct fscrypt_name name;
26 	int err;
27 
28 	err = fscrypt_setup_filename(dir, iname, lookup, &name);
29 	if (err)
30 		return err;
31 
32 	ext4_fname_from_fscrypt_name(fname, &name);
33 
34 	err = ext4_fname_setup_ci_filename(dir, iname, fname);
35 	if (err)
36 		ext4_fname_free_filename(fname);
37 
38 	return err;
39 }
40 
ext4_fname_prepare_lookup(struct inode * dir,struct dentry * dentry,struct ext4_filename * fname)41 int ext4_fname_prepare_lookup(struct inode *dir, struct dentry *dentry,
42 			      struct ext4_filename *fname)
43 {
44 	struct fscrypt_name name;
45 	int err;
46 
47 	err = fscrypt_prepare_lookup(dir, dentry, &name);
48 	if (err)
49 		return err;
50 
51 	ext4_fname_from_fscrypt_name(fname, &name);
52 
53 	err = ext4_fname_setup_ci_filename(dir, &dentry->d_name, fname);
54 	if (err)
55 		ext4_fname_free_filename(fname);
56 	return err;
57 }
58 
ext4_fname_free_filename(struct ext4_filename * fname)59 void ext4_fname_free_filename(struct ext4_filename *fname)
60 {
61 	struct fscrypt_name name;
62 
63 	name.crypto_buf = fname->crypto_buf;
64 	fscrypt_free_filename(&name);
65 
66 	fname->crypto_buf.name = NULL;
67 	fname->usr_fname = NULL;
68 	fname->disk_name.name = NULL;
69 
70 	ext4_fname_free_ci_filename(fname);
71 }
72 
uuid_is_zero(__u8 u[16])73 static bool uuid_is_zero(__u8 u[16])
74 {
75 	int i;
76 
77 	for (i = 0; i < 16; i++)
78 		if (u[i])
79 			return false;
80 	return true;
81 }
82 
ext4_ioctl_get_encryption_pwsalt(struct file * filp,void __user * arg)83 int ext4_ioctl_get_encryption_pwsalt(struct file *filp, void __user *arg)
84 {
85 	struct super_block *sb = file_inode(filp)->i_sb;
86 	struct ext4_sb_info *sbi = EXT4_SB(sb);
87 	int err, err2;
88 	handle_t *handle;
89 
90 	if (!ext4_has_feature_encrypt(sb))
91 		return -EOPNOTSUPP;
92 
93 	if (uuid_is_zero(sbi->s_es->s_encrypt_pw_salt)) {
94 		err = mnt_want_write_file(filp);
95 		if (err)
96 			return err;
97 		handle = ext4_journal_start_sb(sb, EXT4_HT_MISC, 1);
98 		if (IS_ERR(handle)) {
99 			err = PTR_ERR(handle);
100 			goto pwsalt_err_exit;
101 		}
102 		err = ext4_journal_get_write_access(handle, sb, sbi->s_sbh,
103 						    EXT4_JTR_NONE);
104 		if (err)
105 			goto pwsalt_err_journal;
106 		lock_buffer(sbi->s_sbh);
107 		generate_random_uuid(sbi->s_es->s_encrypt_pw_salt);
108 		ext4_superblock_csum_set(sb);
109 		unlock_buffer(sbi->s_sbh);
110 		err = ext4_handle_dirty_metadata(handle, NULL, sbi->s_sbh);
111 pwsalt_err_journal:
112 		err2 = ext4_journal_stop(handle);
113 		if (err2 && !err)
114 			err = err2;
115 pwsalt_err_exit:
116 		mnt_drop_write_file(filp);
117 		if (err)
118 			return err;
119 	}
120 
121 	if (copy_to_user(arg, sbi->s_es->s_encrypt_pw_salt, 16))
122 		return -EFAULT;
123 	return 0;
124 }
125 
ext4_get_context(struct inode * inode,void * ctx,size_t len)126 static int ext4_get_context(struct inode *inode, void *ctx, size_t len)
127 {
128 	return ext4_xattr_get(inode, EXT4_XATTR_INDEX_ENCRYPTION,
129 				 EXT4_XATTR_NAME_ENCRYPTION_CONTEXT, ctx, len);
130 }
131 
ext4_set_context(struct inode * inode,const void * ctx,size_t len,void * fs_data)132 static int ext4_set_context(struct inode *inode, const void *ctx, size_t len,
133 							void *fs_data)
134 {
135 	handle_t *handle = fs_data;
136 	int res, res2, credits, retries = 0;
137 
138 	/*
139 	 * Encrypting the root directory is not allowed because e2fsck expects
140 	 * lost+found to exist and be unencrypted, and encrypting the root
141 	 * directory would imply encrypting the lost+found directory as well as
142 	 * the filename "lost+found" itself.
143 	 */
144 	if (inode->i_ino == EXT4_ROOT_INO)
145 		return -EPERM;
146 
147 	if (WARN_ON_ONCE(IS_DAX(inode) && i_size_read(inode)))
148 		return -EINVAL;
149 
150 	if (ext4_test_inode_flag(inode, EXT4_INODE_DAX))
151 		return -EOPNOTSUPP;
152 
153 	res = ext4_convert_inline_data(inode);
154 	if (res)
155 		return res;
156 
157 	/*
158 	 * If a journal handle was specified, then the encryption context is
159 	 * being set on a new inode via inheritance and is part of a larger
160 	 * transaction to create the inode.  Otherwise the encryption context is
161 	 * being set on an existing inode in its own transaction.  Only in the
162 	 * latter case should the "retry on ENOSPC" logic be used.
163 	 */
164 
165 	if (handle) {
166 		res = ext4_xattr_set_handle(handle, inode,
167 					    EXT4_XATTR_INDEX_ENCRYPTION,
168 					    EXT4_XATTR_NAME_ENCRYPTION_CONTEXT,
169 					    ctx, len, 0);
170 		if (!res) {
171 			ext4_set_inode_flag(inode, EXT4_INODE_ENCRYPT);
172 			ext4_clear_inode_state(inode,
173 					EXT4_STATE_MAY_INLINE_DATA);
174 			/*
175 			 * Update inode->i_flags - S_ENCRYPTED will be enabled,
176 			 * S_DAX may be disabled
177 			 */
178 			ext4_set_inode_flags(inode, false);
179 		}
180 		return res;
181 	}
182 
183 	res = dquot_initialize(inode);
184 	if (res)
185 		return res;
186 retry:
187 	res = ext4_xattr_set_credits(inode, len, false /* is_create */,
188 				     &credits);
189 	if (res)
190 		return res;
191 
192 	handle = ext4_journal_start(inode, EXT4_HT_MISC, credits);
193 	if (IS_ERR(handle))
194 		return PTR_ERR(handle);
195 
196 	res = ext4_xattr_set_handle(handle, inode, EXT4_XATTR_INDEX_ENCRYPTION,
197 				    EXT4_XATTR_NAME_ENCRYPTION_CONTEXT,
198 				    ctx, len, 0);
199 	if (!res) {
200 		ext4_set_inode_flag(inode, EXT4_INODE_ENCRYPT);
201 		/*
202 		 * Update inode->i_flags - S_ENCRYPTED will be enabled,
203 		 * S_DAX may be disabled
204 		 */
205 		ext4_set_inode_flags(inode, false);
206 		res = ext4_mark_inode_dirty(handle, inode);
207 		if (res)
208 			EXT4_ERROR_INODE(inode, "Failed to mark inode dirty");
209 	}
210 	res2 = ext4_journal_stop(handle);
211 
212 	if (res == -ENOSPC && ext4_should_retry_alloc(inode->i_sb, &retries))
213 		goto retry;
214 	if (!res)
215 		res = res2;
216 	return res;
217 }
218 
ext4_get_dummy_policy(struct super_block * sb)219 static const union fscrypt_policy *ext4_get_dummy_policy(struct super_block *sb)
220 {
221 	return EXT4_SB(sb)->s_dummy_enc_policy.policy;
222 }
223 
ext4_has_stable_inodes(struct super_block * sb)224 static bool ext4_has_stable_inodes(struct super_block *sb)
225 {
226 	return ext4_has_feature_stable_inodes(sb);
227 }
228 
229 const struct fscrypt_operations ext4_cryptops = {
230 	.needs_bounce_pages	= 1,
231 	.has_32bit_inodes	= 1,
232 	.supports_subblock_data_units = 1,
233 	.legacy_key_prefix	= "ext4:",
234 	.get_context		= ext4_get_context,
235 	.set_context		= ext4_set_context,
236 	.get_dummy_policy	= ext4_get_dummy_policy,
237 	.empty_dir		= ext4_empty_dir,
238 	.has_stable_inodes	= ext4_has_stable_inodes,
239 };
240