Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm
[platform/kernel/linux-starfive.git] / fs / ext4 / crypto.c
1 // SPDX-License-Identifier: GPL-2.0
2
3 #include <linux/quotaops.h>
4 #include <linux/uuid.h>
5
6 #include "ext4.h"
7 #include "xattr.h"
8 #include "ext4_jbd2.h"
9
10 static void ext4_fname_from_fscrypt_name(struct ext4_filename *dst,
11                                          const struct fscrypt_name *src)
12 {
13         memset(dst, 0, sizeof(*dst));
14
15         dst->usr_fname = src->usr_fname;
16         dst->disk_name = src->disk_name;
17         dst->hinfo.hash = src->hash;
18         dst->hinfo.minor_hash = src->minor_hash;
19         dst->crypto_buf = src->crypto_buf;
20 }
21
22 int ext4_fname_setup_filename(struct inode *dir, const struct qstr *iname,
23                               int lookup, struct ext4_filename *fname)
24 {
25         struct fscrypt_name name;
26         int err;
27
28         err = fscrypt_setup_filename(dir, iname, lookup, &name);
29         if (err)
30                 return err;
31
32         ext4_fname_from_fscrypt_name(fname, &name);
33
34 #if IS_ENABLED(CONFIG_UNICODE)
35         err = ext4_fname_setup_ci_filename(dir, iname, fname);
36         if (err)
37                 ext4_fname_free_filename(fname);
38 #endif
39         return err;
40 }
41
42 int ext4_fname_prepare_lookup(struct inode *dir, struct dentry *dentry,
43                               struct ext4_filename *fname)
44 {
45         struct fscrypt_name name;
46         int err;
47
48         err = fscrypt_prepare_lookup(dir, dentry, &name);
49         if (err)
50                 return err;
51
52         ext4_fname_from_fscrypt_name(fname, &name);
53
54 #if IS_ENABLED(CONFIG_UNICODE)
55         err = ext4_fname_setup_ci_filename(dir, &dentry->d_name, fname);
56         if (err)
57                 ext4_fname_free_filename(fname);
58 #endif
59         return err;
60 }
61
62 void ext4_fname_free_filename(struct ext4_filename *fname)
63 {
64         struct fscrypt_name name;
65
66         name.crypto_buf = fname->crypto_buf;
67         fscrypt_free_filename(&name);
68
69         fname->crypto_buf.name = NULL;
70         fname->usr_fname = NULL;
71         fname->disk_name.name = NULL;
72
73 #if IS_ENABLED(CONFIG_UNICODE)
74         kfree(fname->cf_name.name);
75         fname->cf_name.name = NULL;
76 #endif
77 }
78
79 static bool uuid_is_zero(__u8 u[16])
80 {
81         int i;
82
83         for (i = 0; i < 16; i++)
84                 if (u[i])
85                         return false;
86         return true;
87 }
88
89 int ext4_ioctl_get_encryption_pwsalt(struct file *filp, void __user *arg)
90 {
91         struct super_block *sb = file_inode(filp)->i_sb;
92         struct ext4_sb_info *sbi = EXT4_SB(sb);
93         int err, err2;
94         handle_t *handle;
95
96         if (!ext4_has_feature_encrypt(sb))
97                 return -EOPNOTSUPP;
98
99         if (uuid_is_zero(sbi->s_es->s_encrypt_pw_salt)) {
100                 err = mnt_want_write_file(filp);
101                 if (err)
102                         return err;
103                 handle = ext4_journal_start_sb(sb, EXT4_HT_MISC, 1);
104                 if (IS_ERR(handle)) {
105                         err = PTR_ERR(handle);
106                         goto pwsalt_err_exit;
107                 }
108                 err = ext4_journal_get_write_access(handle, sb, sbi->s_sbh,
109                                                     EXT4_JTR_NONE);
110                 if (err)
111                         goto pwsalt_err_journal;
112                 lock_buffer(sbi->s_sbh);
113                 generate_random_uuid(sbi->s_es->s_encrypt_pw_salt);
114                 ext4_superblock_csum_set(sb);
115                 unlock_buffer(sbi->s_sbh);
116                 err = ext4_handle_dirty_metadata(handle, NULL, sbi->s_sbh);
117 pwsalt_err_journal:
118                 err2 = ext4_journal_stop(handle);
119                 if (err2 && !err)
120                         err = err2;
121 pwsalt_err_exit:
122                 mnt_drop_write_file(filp);
123                 if (err)
124                         return err;
125         }
126
127         if (copy_to_user(arg, sbi->s_es->s_encrypt_pw_salt, 16))
128                 return -EFAULT;
129         return 0;
130 }
131
132 static int ext4_get_context(struct inode *inode, void *ctx, size_t len)
133 {
134         return ext4_xattr_get(inode, EXT4_XATTR_INDEX_ENCRYPTION,
135                                  EXT4_XATTR_NAME_ENCRYPTION_CONTEXT, ctx, len);
136 }
137
138 static int ext4_set_context(struct inode *inode, const void *ctx, size_t len,
139                                                         void *fs_data)
140 {
141         handle_t *handle = fs_data;
142         int res, res2, credits, retries = 0;
143
144         /*
145          * Encrypting the root directory is not allowed because e2fsck expects
146          * lost+found to exist and be unencrypted, and encrypting the root
147          * directory would imply encrypting the lost+found directory as well as
148          * the filename "lost+found" itself.
149          */
150         if (inode->i_ino == EXT4_ROOT_INO)
151                 return -EPERM;
152
153         if (WARN_ON_ONCE(IS_DAX(inode) && i_size_read(inode)))
154                 return -EINVAL;
155
156         if (ext4_test_inode_flag(inode, EXT4_INODE_DAX))
157                 return -EOPNOTSUPP;
158
159         res = ext4_convert_inline_data(inode);
160         if (res)
161                 return res;
162
163         /*
164          * If a journal handle was specified, then the encryption context is
165          * being set on a new inode via inheritance and is part of a larger
166          * transaction to create the inode.  Otherwise the encryption context is
167          * being set on an existing inode in its own transaction.  Only in the
168          * latter case should the "retry on ENOSPC" logic be used.
169          */
170
171         if (handle) {
172                 res = ext4_xattr_set_handle(handle, inode,
173                                             EXT4_XATTR_INDEX_ENCRYPTION,
174                                             EXT4_XATTR_NAME_ENCRYPTION_CONTEXT,
175                                             ctx, len, 0);
176                 if (!res) {
177                         ext4_set_inode_flag(inode, EXT4_INODE_ENCRYPT);
178                         ext4_clear_inode_state(inode,
179                                         EXT4_STATE_MAY_INLINE_DATA);
180                         /*
181                          * Update inode->i_flags - S_ENCRYPTED will be enabled,
182                          * S_DAX may be disabled
183                          */
184                         ext4_set_inode_flags(inode, false);
185                 }
186                 return res;
187         }
188
189         res = dquot_initialize(inode);
190         if (res)
191                 return res;
192 retry:
193         res = ext4_xattr_set_credits(inode, len, false /* is_create */,
194                                      &credits);
195         if (res)
196                 return res;
197
198         handle = ext4_journal_start(inode, EXT4_HT_MISC, credits);
199         if (IS_ERR(handle))
200                 return PTR_ERR(handle);
201
202         res = ext4_xattr_set_handle(handle, inode, EXT4_XATTR_INDEX_ENCRYPTION,
203                                     EXT4_XATTR_NAME_ENCRYPTION_CONTEXT,
204                                     ctx, len, 0);
205         if (!res) {
206                 ext4_set_inode_flag(inode, EXT4_INODE_ENCRYPT);
207                 /*
208                  * Update inode->i_flags - S_ENCRYPTED will be enabled,
209                  * S_DAX may be disabled
210                  */
211                 ext4_set_inode_flags(inode, false);
212                 res = ext4_mark_inode_dirty(handle, inode);
213                 if (res)
214                         EXT4_ERROR_INODE(inode, "Failed to mark inode dirty");
215         }
216         res2 = ext4_journal_stop(handle);
217
218         if (res == -ENOSPC && ext4_should_retry_alloc(inode->i_sb, &retries))
219                 goto retry;
220         if (!res)
221                 res = res2;
222         return res;
223 }
224
225 static const union fscrypt_policy *ext4_get_dummy_policy(struct super_block *sb)
226 {
227         return EXT4_SB(sb)->s_dummy_enc_policy.policy;
228 }
229
230 static bool ext4_has_stable_inodes(struct super_block *sb)
231 {
232         return ext4_has_feature_stable_inodes(sb);
233 }
234
235 static void ext4_get_ino_and_lblk_bits(struct super_block *sb,
236                                        int *ino_bits_ret, int *lblk_bits_ret)
237 {
238         *ino_bits_ret = 8 * sizeof(EXT4_SB(sb)->s_es->s_inodes_count);
239         *lblk_bits_ret = 8 * sizeof(ext4_lblk_t);
240 }
241
242 const struct fscrypt_operations ext4_cryptops = {
243         .key_prefix             = "ext4:",
244         .get_context            = ext4_get_context,
245         .set_context            = ext4_set_context,
246         .get_dummy_policy       = ext4_get_dummy_policy,
247         .empty_dir              = ext4_empty_dir,
248         .has_stable_inodes      = ext4_has_stable_inodes,
249         .get_ino_and_lblk_bits  = ext4_get_ino_and_lblk_bits,
250 };