diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 18:49:45 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 18:49:45 +0000 |
commit | 2c3c1048746a4622d8c89a29670120dc8fab93c4 (patch) | |
tree | 848558de17fb3008cdf4d861b01ac7781903ce39 /fs/ecryptfs/mmap.c | |
parent | Initial commit. (diff) | |
download | linux-2c3c1048746a4622d8c89a29670120dc8fab93c4.tar.xz linux-2c3c1048746a4622d8c89a29670120dc8fab93c4.zip |
Adding upstream version 6.1.76.upstream/6.1.76upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'fs/ecryptfs/mmap.c')
-rw-r--r-- | fs/ecryptfs/mmap.c | 557 |
1 files changed, 557 insertions, 0 deletions
diff --git a/fs/ecryptfs/mmap.c b/fs/ecryptfs/mmap.c new file mode 100644 index 000000000..19af229eb --- /dev/null +++ b/fs/ecryptfs/mmap.c @@ -0,0 +1,557 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * eCryptfs: Linux filesystem encryption layer + * This is where eCryptfs coordinates the symmetric encryption and + * decryption of the file data as it passes between the lower + * encrypted file and the upper decrypted file. + * + * Copyright (C) 1997-2003 Erez Zadok + * Copyright (C) 2001-2003 Stony Brook University + * Copyright (C) 2004-2007 International Business Machines Corp. + * Author(s): Michael A. Halcrow <mahalcro@us.ibm.com> + */ + +#include <linux/pagemap.h> +#include <linux/writeback.h> +#include <linux/page-flags.h> +#include <linux/mount.h> +#include <linux/file.h> +#include <linux/scatterlist.h> +#include <linux/slab.h> +#include <linux/xattr.h> +#include <asm/unaligned.h> +#include "ecryptfs_kernel.h" + +/* + * ecryptfs_get_locked_page + * + * Get one page from cache or lower f/s, return error otherwise. + * + * Returns locked and up-to-date page (if ok), with increased + * refcnt. + */ +struct page *ecryptfs_get_locked_page(struct inode *inode, loff_t index) +{ + struct page *page = read_mapping_page(inode->i_mapping, index, NULL); + if (!IS_ERR(page)) + lock_page(page); + return page; +} + +/** + * ecryptfs_writepage + * @page: Page that is locked before this call is made + * @wbc: Write-back control structure + * + * Returns zero on success; non-zero otherwise + * + * This is where we encrypt the data and pass the encrypted data to + * the lower filesystem. In OpenPGP-compatible mode, we operate on + * entire underlying packets. + */ +static int ecryptfs_writepage(struct page *page, struct writeback_control *wbc) +{ + int rc; + + rc = ecryptfs_encrypt_page(page); + if (rc) { + ecryptfs_printk(KERN_WARNING, "Error encrypting " + "page (upper index [0x%.16lx])\n", page->index); + ClearPageUptodate(page); + goto out; + } + SetPageUptodate(page); +out: + unlock_page(page); + return rc; +} + +static void strip_xattr_flag(char *page_virt, + struct ecryptfs_crypt_stat *crypt_stat) +{ + if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR) { + size_t written; + + crypt_stat->flags &= ~ECRYPTFS_METADATA_IN_XATTR; + ecryptfs_write_crypt_stat_flags(page_virt, crypt_stat, + &written); + crypt_stat->flags |= ECRYPTFS_METADATA_IN_XATTR; + } +} + +/* + * Header Extent: + * Octets 0-7: Unencrypted file size (big-endian) + * Octets 8-15: eCryptfs special marker + * Octets 16-19: Flags + * Octet 16: File format version number (between 0 and 255) + * Octets 17-18: Reserved + * Octet 19: Bit 1 (lsb): Reserved + * Bit 2: Encrypted? + * Bits 3-8: Reserved + * Octets 20-23: Header extent size (big-endian) + * Octets 24-25: Number of header extents at front of file + * (big-endian) + * Octet 26: Begin RFC 2440 authentication token packet set + */ + +/** + * ecryptfs_copy_up_encrypted_with_header + * @page: Sort of a ``virtual'' representation of the encrypted lower + * file. The actual lower file does not have the metadata in + * the header. This is locked. + * @crypt_stat: The eCryptfs inode's cryptographic context + * + * The ``view'' is the version of the file that userspace winds up + * seeing, with the header information inserted. + */ +static int +ecryptfs_copy_up_encrypted_with_header(struct page *page, + struct ecryptfs_crypt_stat *crypt_stat) +{ + loff_t extent_num_in_page = 0; + loff_t num_extents_per_page = (PAGE_SIZE + / crypt_stat->extent_size); + int rc = 0; + + while (extent_num_in_page < num_extents_per_page) { + loff_t view_extent_num = ((((loff_t)page->index) + * num_extents_per_page) + + extent_num_in_page); + size_t num_header_extents_at_front = + (crypt_stat->metadata_size / crypt_stat->extent_size); + + if (view_extent_num < num_header_extents_at_front) { + /* This is a header extent */ + char *page_virt; + + page_virt = kmap_atomic(page); + memset(page_virt, 0, PAGE_SIZE); + /* TODO: Support more than one header extent */ + if (view_extent_num == 0) { + size_t written; + + rc = ecryptfs_read_xattr_region( + page_virt, page->mapping->host); + strip_xattr_flag(page_virt + 16, crypt_stat); + ecryptfs_write_header_metadata(page_virt + 20, + crypt_stat, + &written); + } + kunmap_atomic(page_virt); + flush_dcache_page(page); + if (rc) { + printk(KERN_ERR "%s: Error reading xattr " + "region; rc = [%d]\n", __func__, rc); + goto out; + } + } else { + /* This is an encrypted data extent */ + loff_t lower_offset = + ((view_extent_num * crypt_stat->extent_size) + - crypt_stat->metadata_size); + + rc = ecryptfs_read_lower_page_segment( + page, (lower_offset >> PAGE_SHIFT), + (lower_offset & ~PAGE_MASK), + crypt_stat->extent_size, page->mapping->host); + if (rc) { + printk(KERN_ERR "%s: Error attempting to read " + "extent at offset [%lld] in the lower " + "file; rc = [%d]\n", __func__, + lower_offset, rc); + goto out; + } + } + extent_num_in_page++; + } +out: + return rc; +} + +/** + * ecryptfs_read_folio + * @file: An eCryptfs file + * @folio: Folio from eCryptfs inode mapping into which to stick the read data + * + * Read in a folio, decrypting if necessary. + * + * Returns zero on success; non-zero on error. + */ +static int ecryptfs_read_folio(struct file *file, struct folio *folio) +{ + struct page *page = &folio->page; + struct ecryptfs_crypt_stat *crypt_stat = + &ecryptfs_inode_to_private(page->mapping->host)->crypt_stat; + int rc = 0; + + if (!crypt_stat || !(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) { + rc = ecryptfs_read_lower_page_segment(page, page->index, 0, + PAGE_SIZE, + page->mapping->host); + } else if (crypt_stat->flags & ECRYPTFS_VIEW_AS_ENCRYPTED) { + if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR) { + rc = ecryptfs_copy_up_encrypted_with_header(page, + crypt_stat); + if (rc) { + printk(KERN_ERR "%s: Error attempting to copy " + "the encrypted content from the lower " + "file whilst inserting the metadata " + "from the xattr into the header; rc = " + "[%d]\n", __func__, rc); + goto out; + } + + } else { + rc = ecryptfs_read_lower_page_segment( + page, page->index, 0, PAGE_SIZE, + page->mapping->host); + if (rc) { + printk(KERN_ERR "Error reading page; rc = " + "[%d]\n", rc); + goto out; + } + } + } else { + rc = ecryptfs_decrypt_page(page); + if (rc) { + ecryptfs_printk(KERN_ERR, "Error decrypting page; " + "rc = [%d]\n", rc); + goto out; + } + } +out: + if (rc) + ClearPageUptodate(page); + else + SetPageUptodate(page); + ecryptfs_printk(KERN_DEBUG, "Unlocking page with index = [0x%.16lx]\n", + page->index); + unlock_page(page); + return rc; +} + +/* + * Called with lower inode mutex held. + */ +static int fill_zeros_to_end_of_page(struct page *page, unsigned int to) +{ + struct inode *inode = page->mapping->host; + int end_byte_in_page; + + if ((i_size_read(inode) / PAGE_SIZE) != page->index) + goto out; + end_byte_in_page = i_size_read(inode) % PAGE_SIZE; + if (to > end_byte_in_page) + end_byte_in_page = to; + zero_user_segment(page, end_byte_in_page, PAGE_SIZE); +out: + return 0; +} + +/** + * ecryptfs_write_begin + * @file: The eCryptfs file + * @mapping: The eCryptfs object + * @pos: The file offset at which to start writing + * @len: Length of the write + * @flags: Various flags + * @pagep: Pointer to return the page + * @fsdata: Pointer to return fs data (unused) + * + * This function must zero any hole we create + * + * Returns zero on success; non-zero otherwise + */ +static int ecryptfs_write_begin(struct file *file, + struct address_space *mapping, + loff_t pos, unsigned len, + struct page **pagep, void **fsdata) +{ + pgoff_t index = pos >> PAGE_SHIFT; + struct page *page; + loff_t prev_page_end_size; + int rc = 0; + + page = grab_cache_page_write_begin(mapping, index); + if (!page) + return -ENOMEM; + *pagep = page; + + prev_page_end_size = ((loff_t)index << PAGE_SHIFT); + if (!PageUptodate(page)) { + struct ecryptfs_crypt_stat *crypt_stat = + &ecryptfs_inode_to_private(mapping->host)->crypt_stat; + + if (!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) { + rc = ecryptfs_read_lower_page_segment( + page, index, 0, PAGE_SIZE, mapping->host); + if (rc) { + printk(KERN_ERR "%s: Error attempting to read " + "lower page segment; rc = [%d]\n", + __func__, rc); + ClearPageUptodate(page); + goto out; + } else + SetPageUptodate(page); + } else if (crypt_stat->flags & ECRYPTFS_VIEW_AS_ENCRYPTED) { + if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR) { + rc = ecryptfs_copy_up_encrypted_with_header( + page, crypt_stat); + if (rc) { + printk(KERN_ERR "%s: Error attempting " + "to copy the encrypted content " + "from the lower file whilst " + "inserting the metadata from " + "the xattr into the header; rc " + "= [%d]\n", __func__, rc); + ClearPageUptodate(page); + goto out; + } + SetPageUptodate(page); + } else { + rc = ecryptfs_read_lower_page_segment( + page, index, 0, PAGE_SIZE, + mapping->host); + if (rc) { + printk(KERN_ERR "%s: Error reading " + "page; rc = [%d]\n", + __func__, rc); + ClearPageUptodate(page); + goto out; + } + SetPageUptodate(page); + } + } else { + if (prev_page_end_size + >= i_size_read(page->mapping->host)) { + zero_user(page, 0, PAGE_SIZE); + SetPageUptodate(page); + } else if (len < PAGE_SIZE) { + rc = ecryptfs_decrypt_page(page); + if (rc) { + printk(KERN_ERR "%s: Error decrypting " + "page at index [%ld]; " + "rc = [%d]\n", + __func__, page->index, rc); + ClearPageUptodate(page); + goto out; + } + SetPageUptodate(page); + } + } + } + /* If creating a page or more of holes, zero them out via truncate. + * Note, this will increase i_size. */ + if (index != 0) { + if (prev_page_end_size > i_size_read(page->mapping->host)) { + rc = ecryptfs_truncate(file->f_path.dentry, + prev_page_end_size); + if (rc) { + printk(KERN_ERR "%s: Error on attempt to " + "truncate to (higher) offset [%lld];" + " rc = [%d]\n", __func__, + prev_page_end_size, rc); + goto out; + } + } + } + /* Writing to a new page, and creating a small hole from start + * of page? Zero it out. */ + if ((i_size_read(mapping->host) == prev_page_end_size) + && (pos != 0)) + zero_user(page, 0, PAGE_SIZE); +out: + if (unlikely(rc)) { + unlock_page(page); + put_page(page); + *pagep = NULL; + } + return rc; +} + +/* + * ecryptfs_write_inode_size_to_header + * + * Writes the lower file size to the first 8 bytes of the header. + * + * Returns zero on success; non-zero on error. + */ +static int ecryptfs_write_inode_size_to_header(struct inode *ecryptfs_inode) +{ + char *file_size_virt; + int rc; + + file_size_virt = kmalloc(sizeof(u64), GFP_KERNEL); + if (!file_size_virt) { + rc = -ENOMEM; + goto out; + } + put_unaligned_be64(i_size_read(ecryptfs_inode), file_size_virt); + rc = ecryptfs_write_lower(ecryptfs_inode, file_size_virt, 0, + sizeof(u64)); + kfree(file_size_virt); + if (rc < 0) + printk(KERN_ERR "%s: Error writing file size to header; " + "rc = [%d]\n", __func__, rc); + else + rc = 0; +out: + return rc; +} + +struct kmem_cache *ecryptfs_xattr_cache; + +static int ecryptfs_write_inode_size_to_xattr(struct inode *ecryptfs_inode) +{ + ssize_t size; + void *xattr_virt; + struct dentry *lower_dentry = + ecryptfs_inode_to_private(ecryptfs_inode)->lower_file->f_path.dentry; + struct inode *lower_inode = d_inode(lower_dentry); + int rc; + + if (!(lower_inode->i_opflags & IOP_XATTR)) { + printk(KERN_WARNING + "No support for setting xattr in lower filesystem\n"); + rc = -ENOSYS; + goto out; + } + xattr_virt = kmem_cache_alloc(ecryptfs_xattr_cache, GFP_KERNEL); + if (!xattr_virt) { + rc = -ENOMEM; + goto out; + } + inode_lock(lower_inode); + size = __vfs_getxattr(lower_dentry, lower_inode, ECRYPTFS_XATTR_NAME, + xattr_virt, PAGE_SIZE); + if (size < 0) + size = 8; + put_unaligned_be64(i_size_read(ecryptfs_inode), xattr_virt); + rc = __vfs_setxattr(&init_user_ns, lower_dentry, lower_inode, + ECRYPTFS_XATTR_NAME, xattr_virt, size, 0); + inode_unlock(lower_inode); + if (rc) + printk(KERN_ERR "Error whilst attempting to write inode size " + "to lower file xattr; rc = [%d]\n", rc); + kmem_cache_free(ecryptfs_xattr_cache, xattr_virt); +out: + return rc; +} + +int ecryptfs_write_inode_size_to_metadata(struct inode *ecryptfs_inode) +{ + struct ecryptfs_crypt_stat *crypt_stat; + + crypt_stat = &ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat; + BUG_ON(!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)); + if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR) + return ecryptfs_write_inode_size_to_xattr(ecryptfs_inode); + else + return ecryptfs_write_inode_size_to_header(ecryptfs_inode); +} + +/** + * ecryptfs_write_end + * @file: The eCryptfs file object + * @mapping: The eCryptfs object + * @pos: The file position + * @len: The length of the data (unused) + * @copied: The amount of data copied + * @page: The eCryptfs page + * @fsdata: The fsdata (unused) + */ +static int ecryptfs_write_end(struct file *file, + struct address_space *mapping, + loff_t pos, unsigned len, unsigned copied, + struct page *page, void *fsdata) +{ + pgoff_t index = pos >> PAGE_SHIFT; + unsigned from = pos & (PAGE_SIZE - 1); + unsigned to = from + copied; + struct inode *ecryptfs_inode = mapping->host; + struct ecryptfs_crypt_stat *crypt_stat = + &ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat; + int rc; + + ecryptfs_printk(KERN_DEBUG, "Calling fill_zeros_to_end_of_page" + "(page w/ index = [0x%.16lx], to = [%d])\n", index, to); + if (!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) { + rc = ecryptfs_write_lower_page_segment(ecryptfs_inode, page, 0, + to); + if (!rc) { + rc = copied; + fsstack_copy_inode_size(ecryptfs_inode, + ecryptfs_inode_to_lower(ecryptfs_inode)); + } + goto out; + } + if (!PageUptodate(page)) { + if (copied < PAGE_SIZE) { + rc = 0; + goto out; + } + SetPageUptodate(page); + } + /* Fills in zeros if 'to' goes beyond inode size */ + rc = fill_zeros_to_end_of_page(page, to); + if (rc) { + ecryptfs_printk(KERN_WARNING, "Error attempting to fill " + "zeros in page with index = [0x%.16lx]\n", index); + goto out; + } + rc = ecryptfs_encrypt_page(page); + if (rc) { + ecryptfs_printk(KERN_WARNING, "Error encrypting page (upper " + "index [0x%.16lx])\n", index); + goto out; + } + if (pos + copied > i_size_read(ecryptfs_inode)) { + i_size_write(ecryptfs_inode, pos + copied); + ecryptfs_printk(KERN_DEBUG, "Expanded file size to " + "[0x%.16llx]\n", + (unsigned long long)i_size_read(ecryptfs_inode)); + } + rc = ecryptfs_write_inode_size_to_metadata(ecryptfs_inode); + if (rc) + printk(KERN_ERR "Error writing inode size to metadata; " + "rc = [%d]\n", rc); + else + rc = copied; +out: + unlock_page(page); + put_page(page); + return rc; +} + +static sector_t ecryptfs_bmap(struct address_space *mapping, sector_t block) +{ + struct inode *lower_inode = ecryptfs_inode_to_lower(mapping->host); + int ret = bmap(lower_inode, &block); + + if (ret) + return 0; + return block; +} + +#include <linux/buffer_head.h> + +const struct address_space_operations ecryptfs_aops = { + /* + * XXX: This is pretty broken for multiple reasons: ecryptfs does not + * actually use buffer_heads, and ecryptfs will crash without + * CONFIG_BLOCK. But it matches the behavior before the default for + * address_space_operations without the ->dirty_folio method was + * cleaned up, so this is the best we can do without maintainer + * feedback. + */ +#ifdef CONFIG_BLOCK + .dirty_folio = block_dirty_folio, + .invalidate_folio = block_invalidate_folio, +#endif + .writepage = ecryptfs_writepage, + .read_folio = ecryptfs_read_folio, + .write_begin = ecryptfs_write_begin, + .write_end = ecryptfs_write_end, + .bmap = ecryptfs_bmap, +}; |