4 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 only,
8 * as published by the Free Software Foundation.
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * General Public License version 2 for more details (a copy is included
14 * in the LICENSE file that accompanied this code).
16 * You should have received a copy of the GNU General Public License
17 * version 2 along with this program; If not, see
18 * http://www.gnu.org/licenses/gpl-2.0.html
23 * Copyright (c) 2019, 2020, Whamcloud.
26 * This file is part of Lustre, http://www.lustre.org/
29 #include "llite_internal.h"
31 #ifdef HAVE_LUSTRE_CRYPTO
32 #include <libcfs/libcfs_crypto.h>
34 static int ll_get_context(struct inode *inode, void *ctx, size_t len)
36 struct dentry *dentry = d_find_any_alias(inode);
39 rc = ll_vfs_getxattr(dentry, inode, LL_XATTR_NAME_ENCRYPTION_CONTEXT,
44 /* used as encryption unit size */
45 if (S_ISREG(inode->i_mode))
46 inode->i_blkbits = LUSTRE_ENCRYPTION_BLOCKBITS;
50 int ll_set_encflags(struct inode *inode, void *encctx, __u32 encctxlen,
53 unsigned int ext_flags;
56 /* used as encryption unit size */
57 if (S_ISREG(inode->i_mode))
58 inode->i_blkbits = LUSTRE_ENCRYPTION_BLOCKBITS;
59 ext_flags = ll_inode_to_ext_flags(inode->i_flags) | LUSTRE_ENCRYPT_FL;
60 ll_update_inode_flags(inode, ext_flags);
62 if (encctx && encctxlen)
63 rc = ll_xattr_cache_insert(inode,
64 LL_XATTR_NAME_ENCRYPTION_CONTEXT,
69 return preload ? llcrypt_get_encryption_info(inode) : 0;
72 /* ll_set_context has 2 distinct behaviors, depending on the value of inode
75 * passed fs_data is a struct md_op_data *. We need to store enc ctx in
76 * op_data, so that it will be sent along to the server with the request that
77 * the caller is preparing, thus saving a setxattr request.
78 * - inode is not NULL:
79 * normal case in which passed fs_data is a struct dentry *, letting proceed
80 * with setxattr operation.
81 * This use case should only be used when explicitly setting a new encryption
82 * policy on an existing, empty directory.
84 static int ll_set_context(struct inode *inode, const void *ctx, size_t len,
87 struct dentry *dentry;
91 struct md_op_data *op_data = (struct md_op_data *)fs_data;
96 OBD_ALLOC(op_data->op_file_encctx, len);
97 if (op_data->op_file_encctx == NULL)
99 op_data->op_file_encctx_size = len;
100 memcpy(op_data->op_file_encctx, ctx, len);
104 /* Encrypting the root directory is not allowed */
105 if (is_root_inode(inode))
108 dentry = (struct dentry *)fs_data;
109 set_bit(LLIF_SET_ENC_CTX, &ll_i2info(inode)->lli_flags);
110 rc = ll_vfs_setxattr(dentry, inode, LL_XATTR_NAME_ENCRYPTION_CONTEXT,
111 ctx, len, XATTR_CREATE);
115 return ll_set_encflags(inode, (void *)ctx, len, false);
118 void llcrypt_free_ctx(void *encctx, __u32 size)
121 OBD_FREE(encctx, size);
124 bool ll_sbi_has_test_dummy_encryption(struct ll_sb_info *sbi)
126 return unlikely(sbi->ll_flags & LL_SBI_TEST_DUMMY_ENCRYPTION);
129 static bool ll_dummy_context(struct inode *inode)
131 struct ll_sb_info *sbi = ll_i2sbi(inode);
133 return sbi ? ll_sbi_has_test_dummy_encryption(sbi) : false;
136 bool ll_sbi_has_encrypt(struct ll_sb_info *sbi)
138 return sbi->ll_flags & LL_SBI_ENCRYPT;
141 void ll_sbi_set_encrypt(struct ll_sb_info *sbi, bool set)
144 sbi->ll_flags |= LL_SBI_ENCRYPT;
147 ~(LL_SBI_ENCRYPT | LL_SBI_TEST_DUMMY_ENCRYPTION);
150 static bool ll_empty_dir(struct inode *inode)
152 /* used by llcrypt_ioctl_set_policy(), because a policy can only be set
155 /* Here we choose to return true, meaning we always call .set_context.
156 * Then we rely on server side, with mdd_fix_attr() that calls
157 * mdd_dir_is_empty() when setting encryption flag on directory.
163 * ll_setup_filename() - overlay to llcrypt_setup_filename
164 * @dir: the directory that will be searched
165 * @iname: the user-provided filename being searched for
166 * @lookup: 1 if we're allowed to proceed without the key because it's
167 * ->lookup() or we're finding the dir_entry for deletion; 0 if we cannot
168 * proceed without the key because we're going to create the dir_entry.
169 * @fname: the filename information to be filled in
171 * This overlay function is necessary to properly encode @fname after
172 * encryption, as it will be sent over the wire.
174 int ll_setup_filename(struct inode *dir, const struct qstr *iname,
175 int lookup, struct llcrypt_name *fname)
179 rc = llcrypt_setup_filename(dir, iname, lookup, fname);
183 if (IS_ENCRYPTED(dir) &&
184 !name_is_dot_or_dotdot(fname->disk_name.name,
185 fname->disk_name.len)) {
186 int presented_len = critical_chars(fname->disk_name.name,
187 fname->disk_name.len);
190 buf = kmalloc(presented_len + 1, GFP_NOFS);
196 if (presented_len == fname->disk_name.len)
197 memcpy(buf, fname->disk_name.name, presented_len);
199 critical_encode(fname->disk_name.name,
200 fname->disk_name.len, buf);
201 buf[presented_len] = '\0';
202 kfree(fname->crypto_buf.name);
203 fname->crypto_buf.name = buf;
204 fname->crypto_buf.len = presented_len;
205 fname->disk_name.name = fname->crypto_buf.name;
206 fname->disk_name.len = fname->crypto_buf.len;
212 llcrypt_free_filename(fname);
217 * ll_fname_disk_to_usr() - overlay to llcrypt_fname_disk_to_usr
218 * @inode: the inode to convert name
219 * @hash: major hash for inode
220 * @minor_hash: minor hash for inode
221 * @iname: the user-provided filename needing conversion
222 * @oname: the filename information to be filled in
224 * The caller must have allocated sufficient memory for the @oname string.
226 * This overlay function is necessary to properly decode @iname before
227 * decryption, as it comes from the wire.
229 int ll_fname_disk_to_usr(struct inode *inode,
230 u32 hash, u32 minor_hash,
231 struct llcrypt_str *iname, struct llcrypt_str *oname)
233 struct llcrypt_str lltr = LLTR_INIT(iname->name, iname->len);
237 if (IS_ENCRYPTED(inode) &&
238 !name_is_dot_or_dotdot(lltr.name, lltr.len) &&
239 strnchr(lltr.name, lltr.len, '=')) {
240 /* Only proceed to critical decode if
241 * iname contains espace char '='.
245 buf = kmalloc(len, GFP_NOFS);
249 len = critical_decode(lltr.name, len, buf);
254 rc = llcrypt_fname_disk_to_usr(inode, hash, minor_hash, &lltr, oname);
261 /* Copied from llcrypt_d_revalidate, as it is not exported */
263 * Validate dentries in encrypted directories to make sure we aren't potentially
264 * caching stale dentries after a key has been added.
266 int ll_revalidate_d_crypto(struct dentry *dentry, unsigned int flags)
273 * Plaintext names are always valid, since llcrypt doesn't support
274 * reverting to ciphertext names without evicting the directory's inode
275 * -- which implies eviction of the dentries in the directory.
277 if (!(dentry->d_flags & DCACHE_ENCRYPTED_NAME))
281 * Ciphertext name; valid if the directory's key is still unavailable.
283 * Although llcrypt forbids rename() on ciphertext names, we still must
284 * use dget_parent() here rather than use ->d_parent directly. That's
285 * because a corrupted fs image may contain directory hard links, which
286 * the VFS handles by moving the directory's dentry tree in the dcache
287 * each time ->lookup() finds the directory and it already has a dentry
288 * elsewhere. Thus ->d_parent can be changing, and we must safely grab
289 * a reference to some ->d_parent to prevent it from being freed.
292 if (flags & LOOKUP_RCU)
295 dir = dget_parent(dentry);
296 err = llcrypt_get_encryption_info(d_inode(dir));
297 valid = !llcrypt_has_encryption_key(d_inode(dir));
306 const struct llcrypt_operations lustre_cryptops = {
307 .key_prefix = "lustre:",
308 .get_context = ll_get_context,
309 .set_context = ll_set_context,
310 .dummy_context = ll_dummy_context,
311 .empty_dir = ll_empty_dir,
312 .max_namelen = NAME_MAX,
314 #else /* !HAVE_LUSTRE_CRYPTO */
315 int ll_set_encflags(struct inode *inode, void *encctx, __u32 encctxlen,
321 void llcrypt_free_ctx(void *encctx, __u32 size)
325 bool ll_sbi_has_test_dummy_encryption(struct ll_sb_info *sbi)
330 bool ll_sbi_has_encrypt(struct ll_sb_info *sbi)
335 void ll_sbi_set_encrypt(struct ll_sb_info *sbi, bool set)
339 int ll_setup_filename(struct inode *dir, const struct qstr *iname,
340 int lookup, struct llcrypt_name *fname)
342 return llcrypt_setup_filename(dir, iname, lookup, fname);
345 int ll_fname_disk_to_usr(struct inode *inode,
346 u32 hash, u32 minor_hash,
347 struct llcrypt_str *iname, struct llcrypt_str *oname)
349 return llcrypt_fname_disk_to_usr(inode, hash, minor_hash, iname, oname);
352 int ll_revalidate_d_crypto(struct dentry *dentry, unsigned int flags)