4 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 only,
8 * as published by the Free Software Foundation.
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * General Public License version 2 for more details (a copy is included
14 * in the LICENSE file that accompanied this code).
16 * You should have received a copy of the GNU General Public License
17 * version 2 along with this program; If not, see
18 * http://www.gnu.org/licenses/gpl-2.0.html
23 * Copyright (c) 2019, 2020, Whamcloud.
26 * This file is part of Lustre, http://www.lustre.org/
29 #include "llite_internal.h"
31 #ifdef HAVE_LUSTRE_CRYPTO
32 #include <libcfs/libcfs_crypto.h>
34 static int ll_get_context(struct inode *inode, void *ctx, size_t len)
38 /* Get enc context xattr directly instead of going through the VFS,
39 * as there is no xattr handler for "encryption.".
41 rc = ll_xattr_list(inode, xattr_for_enc(inode),
42 XATTR_ENCRYPTION_T, ctx, len, OBD_MD_FLXATTR);
44 /* used as encryption unit size */
45 if (S_ISREG(inode->i_mode))
46 inode->i_blkbits = LUSTRE_ENCRYPTION_BLOCKBITS;
50 int ll_set_encflags(struct inode *inode, void *encctx, __u32 encctxlen,
53 unsigned int ext_flags;
56 /* used as encryption unit size */
57 if (S_ISREG(inode->i_mode))
58 inode->i_blkbits = LUSTRE_ENCRYPTION_BLOCKBITS;
59 ext_flags = ll_inode_to_ext_flags(inode->i_flags) | LUSTRE_ENCRYPT_FL;
60 ll_update_inode_flags(inode, ext_flags);
62 if (encctx && encctxlen)
63 rc = ll_xattr_cache_insert(inode,
69 return preload ? llcrypt_prepare_readdir(inode) : 0;
72 /* ll_set_context has 2 distinct behaviors, depending on the value of inode
75 * passed fs_data is a struct md_op_data *. We need to store enc ctx in
76 * op_data, so that it will be sent along to the server with the request that
77 * the caller is preparing, thus saving a setxattr request.
78 * - inode is not NULL:
79 * normal case, letting proceed with setxattr operation.
80 * This use case should only be used when explicitly setting a new encryption
81 * policy on an existing, empty directory.
83 static int ll_set_context(struct inode *inode, const void *ctx, size_t len,
86 struct ptlrpc_request *req = NULL;
87 struct ll_sb_info *sbi;
91 struct md_op_data *op_data = (struct md_op_data *)fs_data;
96 OBD_ALLOC(op_data->op_file_encctx, len);
97 if (op_data->op_file_encctx == NULL)
99 op_data->op_file_encctx_size = len;
100 memcpy(op_data->op_file_encctx, ctx, len);
104 /* Encrypting the root directory is not allowed */
105 if (is_root_inode(inode))
108 sbi = ll_i2sbi(inode);
109 /* Send setxattr request to lower layers directly instead of going
110 * through the VFS, as there is no xattr handler for "encryption.".
112 rc = md_setxattr(sbi->ll_md_exp, ll_inode2fid(inode),
113 OBD_MD_FLXATTR, xattr_for_enc(inode),
114 ctx, len, XATTR_CREATE, ll_i2suppgid(inode), &req);
117 ptlrpc_req_finished(req);
119 return ll_set_encflags(inode, (void *)ctx, len, false);
123 * ll_file_open_encrypt() - overlay to llcrypt_file_open
124 * @inode: the inode being opened
125 * @filp: the struct file being set up
127 * This overlay function is necessary to handle encrypted file open without
128 * the key. We allow this access pattern to applications that know what they
129 * are doing, by using the specific flag O_FILE_ENC.
130 * This flag is only compatible with O_DIRECT IOs, to make sure ciphertext
131 * data is wiped from page cache once IOs are finished.
133 int ll_file_open_encrypt(struct inode *inode, struct file *filp)
137 rc = llcrypt_file_open(inode, filp);
138 if (likely(rc != -ENOKEY))
142 (filp->f_flags & O_FILE_ENC) == O_FILE_ENC &&
143 filp->f_flags & O_DIRECT)
144 /* allow file open with O_FILE_ENC flag when we have O_DIRECT */
150 void llcrypt_free_ctx(void *encctx, __u32 size)
153 OBD_FREE(encctx, size);
156 #ifdef HAVE_FSCRYPT_DUMMY_CONTEXT_ENABLED
157 bool ll_sb_has_test_dummy_encryption(struct super_block *sb)
159 struct ll_sb_info *sbi = s2lsi(sb)->lsi_llsbi;
162 unlikely(test_bit(LL_SBI_TEST_DUMMY_ENCRYPTION, sbi->ll_flags)) :
166 static bool ll_dummy_context(struct inode *inode)
168 return ll_sb_has_test_dummy_encryption(inode->i_sb);
171 static const union llcrypt_policy *
172 ll_get_dummy_policy(struct super_block *sb)
174 struct lustre_sb_info *lsi = s2lsi(sb);
176 #ifdef HAVE_FSCRYPT_DUMMY_POLICY
177 return lsi ? lsi->lsi_dummy_enc_policy.policy : NULL;
179 return lsi ? lsi->lsi_dummy_enc_policy.ctx : NULL;
183 bool ll_sb_has_test_dummy_encryption(struct super_block *sb)
185 return ll_get_dummy_policy(sb) != NULL;
189 bool ll_sbi_has_encrypt(struct ll_sb_info *sbi)
191 return test_bit(LL_SBI_ENCRYPT, sbi->ll_flags);
194 void ll_sbi_set_encrypt(struct ll_sb_info *sbi, bool set)
197 set_bit(LL_SBI_ENCRYPT, sbi->ll_flags);
199 clear_bit(LL_SBI_ENCRYPT, sbi->ll_flags);
200 clear_bit(LL_SBI_TEST_DUMMY_ENCRYPTION, sbi->ll_flags);
204 bool ll_sbi_has_name_encrypt(struct ll_sb_info *sbi)
206 return test_bit(LL_SBI_ENCRYPT_NAME, sbi->ll_flags);
209 void ll_sbi_set_name_encrypt(struct ll_sb_info *sbi, bool set)
212 set_bit(LL_SBI_ENCRYPT_NAME, sbi->ll_flags);
214 clear_bit(LL_SBI_ENCRYPT_NAME, sbi->ll_flags);
217 static bool ll_empty_dir(struct inode *inode)
219 /* used by llcrypt_ioctl_set_policy(), because a policy can only be set
222 /* Here we choose to return true, meaning we always call .set_context.
223 * Then we rely on server side, with mdd_fix_attr() that calls
224 * mdd_dir_is_empty() when setting encryption flag on directory.
229 static int ll_digest_long_name(struct inode *dir, struct llcrypt_name *fname,
230 struct lu_fid *fid, int digested)
235 /* Without the key, for long names user should have struct
236 * ll_digest_filename representation of the dentry instead of
237 * the name. So make sure it is valid, return fid and put
238 * excerpt of cipher text name in disk_name.
240 struct ll_digest_filename *digest;
242 if (fname->crypto_buf.len < sizeof(struct ll_digest_filename)) {
246 digest = (struct ll_digest_filename *)fname->disk_name.name;
247 *fid = digest->ldf_fid;
248 if (!fid_is_sane(fid)) {
252 fname->disk_name.name = digest->ldf_excerpt;
253 fname->disk_name.len = sizeof(digest->ldf_excerpt);
255 if (IS_ENCRYPTED(dir) &&
256 !name_is_dot_or_dotdot(fname->disk_name.name,
257 fname->disk_name.len)) {
258 int presented_len = critical_chars(fname->disk_name.name,
259 fname->disk_name.len);
262 buf = kmalloc(presented_len + 1, GFP_NOFS);
268 if (presented_len == fname->disk_name.len)
269 memcpy(buf, fname->disk_name.name, presented_len);
271 critical_encode(fname->disk_name.name,
272 fname->disk_name.len, buf);
273 buf[presented_len] = '\0';
274 kfree(fname->crypto_buf.name);
275 fname->crypto_buf.name = buf;
276 fname->crypto_buf.len = presented_len;
277 fname->disk_name.name = fname->crypto_buf.name;
278 fname->disk_name.len = fname->crypto_buf.len;
282 llcrypt_free_filename(fname);
288 * ll_prepare_lookup() - overlay to llcrypt_prepare_lookup
289 * @dir: the directory that will be searched
290 * @de: the dentry contain the user-provided filename being searched for
291 * @fname: the filename information to be filled in
292 * @fid: fid retrieved from user-provided filename
294 * This overlay function is necessary to properly encode @fname after
295 * encryption, as it will be sent over the wire.
296 * This overlay function is also necessary to handle the case of operations
297 * carried out without the key. Normally llcrypt makes use of digested names in
298 * that case. Having a digested name works for local file systems that can call
299 * llcrypt_match_name(), but Lustre server side is not aware of encryption.
300 * FID and name hash can then easily be extracted and put into the
301 * requests sent to servers.
303 int ll_prepare_lookup(struct inode *dir, struct dentry *de,
304 struct llcrypt_name *fname, struct lu_fid *fid)
306 struct qstr iname = QSTR_INIT(de->d_name.name, de->d_name.len);
310 if (fid && IS_ENCRYPTED(dir) && llcrypt_policy_has_filename_enc(dir) &&
311 !llcrypt_has_encryption_key(dir)) {
312 struct lustre_sb_info *lsi = s2lsi(dir->i_sb);
314 if ((!(lsi->lsi_flags & LSI_FILENAME_ENC_B64_OLD_CLI) &&
315 iname.name[0] == LLCRYPT_DIGESTED_CHAR) ||
316 ((lsi->lsi_flags & LSI_FILENAME_ENC_B64_OLD_CLI) &&
317 iname.name[0] == LLCRYPT_DIGESTED_CHAR_OLD))
321 iname.name += digested;
322 iname.len -= digested;
329 if (unlikely(filename_is_volatile(iname.name,
331 /* keep volatile name as-is, matters for server side */
332 memset(fname, 0, sizeof(struct llcrypt_name));
333 fname->disk_name.name = (unsigned char *)iname.name;
334 fname->disk_name.len = iname.len;
337 /* We should use ll_prepare_lookup() but Lustre handles the
338 * digested form its own way, incompatible with llcrypt's
341 rc = llcrypt_setup_filename(dir, &iname, 1, fname);
342 if ((rc == 0 || rc == -ENOENT) &&
343 #if defined(HAVE_FSCRYPT_NOKEY_NAME) && !defined(CONFIG_LL_ENCRYPTION)
344 fname->is_nokey_name) {
346 fname->is_ciphertext_name) {
348 spin_lock(&de->d_lock);
349 de->d_flags |= DCACHE_NOKEY_NAME;
350 spin_unlock(&de->d_lock);
354 if (((is_root_inode(dir) &&
355 iname.len == strlen(dot_fscrypt_name) &&
356 strncmp(iname.name, dot_fscrypt_name, iname.len) == 0) ||
357 (!llcrypt_has_encryption_key(dir) &&
358 unlikely(filename_is_volatile(iname.name,
359 iname.len, NULL))))) {
360 /* In case of subdir mount of an encrypted directory,
361 * we allow lookup of /.fscrypt directory.
363 /* For purpose of migration or mirroring without enc key
364 * we allow lookup of volatile file without enc context.
366 memset(fname, 0, sizeof(struct llcrypt_name));
367 fname->disk_name.name = (unsigned char *)iname.name;
368 fname->disk_name.len = iname.len;
370 } else if (!llcrypt_has_encryption_key(dir)) {
377 return ll_digest_long_name(dir, fname, fid, digested);
381 * ll_setup_filename() - overlay to llcrypt_setup_filename
382 * @dir: the directory that will be searched
383 * @iname: the user-provided filename being searched for
384 * @lookup: 1 if we're allowed to proceed without the key because it's
385 * ->lookup() or we're finding the dir_entry for deletion; 0 if we cannot
386 * proceed without the key because we're going to create the dir_entry.
387 * @fname: the filename information to be filled in
388 * @fid: fid retrieved from user-provided filename
390 * This overlay function is necessary to properly encode @fname after
391 * encryption, as it will be sent over the wire.
392 * This overlay function is also necessary to handle the case of operations
393 * carried out without the key. Normally llcrypt makes use of digested names in
394 * that case. Having a digested name works for local file systems that can call
395 * llcrypt_match_name(), but Lustre server side is not aware of encryption.
396 * So for keyless @lookup operations on long names, for Lustre we choose to
397 * present to users the encoded struct ll_digest_filename, instead of a digested
398 * name. FID and name hash can then easily be extracted and put into the
399 * requests sent to servers.
401 int ll_setup_filename(struct inode *dir, const struct qstr *iname,
402 int lookup, struct llcrypt_name *fname,
409 if (fid && IS_ENCRYPTED(dir) && llcrypt_policy_has_filename_enc(dir) &&
410 !llcrypt_has_encryption_key(dir)) {
411 struct lustre_sb_info *lsi = s2lsi(dir->i_sb);
413 if ((!(lsi->lsi_flags & LSI_FILENAME_ENC_B64_OLD_CLI) &&
414 iname->name[0] == LLCRYPT_DIGESTED_CHAR) ||
415 ((lsi->lsi_flags & LSI_FILENAME_ENC_B64_OLD_CLI) &&
416 iname->name[0] == LLCRYPT_DIGESTED_CHAR_OLD))
420 dname.name = iname->name + digested;
421 dname.len = iname->len - digested;
428 if (unlikely(filename_is_volatile(iname->name,
429 iname->len, NULL))) {
430 /* keep volatile name as-is, matters for server side */
431 memset(fname, 0, sizeof(struct llcrypt_name));
432 fname->disk_name.name = (unsigned char *)iname->name;
433 fname->disk_name.len = iname->len;
436 rc = llcrypt_setup_filename(dir, &dname, lookup, fname);
438 if (rc == -ENOENT && lookup) {
439 if (((is_root_inode(dir) &&
440 iname->len == strlen(dot_fscrypt_name) &&
441 strncmp(iname->name, dot_fscrypt_name, iname->len) == 0) ||
442 (!llcrypt_has_encryption_key(dir) &&
443 unlikely(filename_is_volatile(iname->name,
444 iname->len, NULL))))) {
445 /* In case of subdir mount of an encrypted directory,
446 * we allow lookup of /.fscrypt directory.
448 /* For purpose of migration or mirroring without enc key
449 * we allow lookup of volatile file without enc context.
451 memset(fname, 0, sizeof(struct llcrypt_name));
452 fname->disk_name.name = (unsigned char *)iname->name;
453 fname->disk_name.len = iname->len;
455 } else if (!llcrypt_has_encryption_key(dir)) {
462 return ll_digest_long_name(dir, fname, fid, digested);
466 * ll_fname_disk_to_usr() - overlay to llcrypt_fname_disk_to_usr
467 * @inode: the inode to convert name
468 * @hash: major hash for inode
469 * @minor_hash: minor hash for inode
470 * @iname: the user-provided filename needing conversion
471 * @oname: the filename information to be filled in
472 * @fid: the user-provided fid for filename
474 * The caller must have allocated sufficient memory for the @oname string.
476 * This overlay function is necessary to properly decode @iname before
477 * decryption, as it comes from the wire.
478 * This overlay function is also necessary to handle the case of operations
479 * carried out without the key. Normally llcrypt makes use of digested names in
480 * that case. Having a digested name works for local file systems that can call
481 * llcrypt_match_name(), but Lustre server side is not aware of encryption.
482 * So for keyless @lookup operations on long names, for Lustre we choose to
483 * present to users the encoded struct ll_digest_filename, instead of a digested
484 * name. FID and name hash can then easily be extracted and put into the
485 * requests sent to servers.
487 int ll_fname_disk_to_usr(struct inode *inode,
488 u32 hash, u32 minor_hash,
489 struct llcrypt_str *iname, struct llcrypt_str *oname,
492 struct llcrypt_str lltr = LLTR_INIT(iname->name, iname->len);
493 struct ll_digest_filename digest;
498 if (IS_ENCRYPTED(inode)) {
499 if (!name_is_dot_or_dotdot(lltr.name, lltr.len) &&
500 strnchr(lltr.name, lltr.len, '=')) {
501 /* Only proceed to critical decode if
502 * iname contains espace char '='.
506 buf = kmalloc(len, GFP_NOFS);
510 len = critical_decode(lltr.name, len, buf);
514 if (lltr.len > LL_CRYPTO_BLOCK_SIZE * 2 &&
515 !llcrypt_has_encryption_key(inode) &&
516 llcrypt_policy_has_filename_enc(inode)) {
517 struct lustre_sb_info *lsi = s2lsi(inode->i_sb);
520 /* Without the key for long names, set the dentry name
521 * to the representing struct ll_digest_filename. It
522 * will be encoded by llcrypt for display, and will
523 * enable further lookup requests.
527 digest.ldf_fid = *fid;
528 memcpy(digest.ldf_excerpt,
529 LLCRYPT_EXTRACT_DIGEST(lltr.name, lltr.len),
530 sizeof(digest.ldf_excerpt));
532 lltr.name = (char *)&digest;
533 lltr.len = sizeof(digest);
535 if (!(lsi->lsi_flags & LSI_FILENAME_ENC_B64_OLD_CLI))
536 oname->name[0] = LLCRYPT_DIGESTED_CHAR;
538 oname->name[0] = LLCRYPT_DIGESTED_CHAR_OLD;
539 oname->name = oname->name + 1;
544 rc = llcrypt_fname_disk_to_usr(inode, hash, minor_hash, &lltr, oname);
547 oname->name = oname->name - digested;
548 oname->len = oname->len + digested;
553 #if !defined(HAVE_FSCRYPT_D_REVALIDATE) || defined(CONFIG_LL_ENCRYPTION)
554 /* Copied from llcrypt_d_revalidate, as it is not exported */
556 * Validate dentries in encrypted directories to make sure we aren't potentially
557 * caching stale dentries after a key has been added.
559 int llcrypt_d_revalidate(struct dentry *dentry, unsigned int flags)
566 * Plaintext names are always valid, since llcrypt doesn't support
567 * reverting to ciphertext names without evicting the directory's inode
568 * -- which implies eviction of the dentries in the directory.
570 if (!llcrypt_is_nokey_name(dentry))
574 * Ciphertext name; valid if the directory's key is still unavailable.
576 * Although llcrypt forbids rename() on ciphertext names, we still must
577 * use dget_parent() here rather than use ->d_parent directly. That's
578 * because a corrupted fs image may contain directory hard links, which
579 * the VFS handles by moving the directory's dentry tree in the dcache
580 * each time ->lookup() finds the directory and it already has a dentry
581 * elsewhere. Thus ->d_parent can be changing, and we must safely grab
582 * a reference to some ->d_parent to prevent it from being freed.
585 if (flags & LOOKUP_RCU)
588 dir = dget_parent(dentry);
589 err = llcrypt_prepare_readdir(d_inode(dir));
590 valid = !llcrypt_has_encryption_key(d_inode(dir));
598 #endif /* !HAVE_FSCRYPT_D_REVALIDATE || CONFIG_LL_ENCRYPTION */
600 const struct llcrypt_operations lustre_cryptops = {
601 .key_prefix = "lustre:",
602 .get_context = ll_get_context,
603 .set_context = ll_set_context,
604 #ifdef HAVE_FSCRYPT_DUMMY_CONTEXT_ENABLED
605 .dummy_context = ll_dummy_context,
607 #ifdef HAVE_FSCRYPT_DUMMY_POLICY
608 .get_dummy_policy = ll_get_dummy_policy,
610 .get_dummy_context = ll_get_dummy_policy,
612 #endif /* !HAVE_FSCRYPT_DUMMY_CONTEXT_ENABLED */
613 .empty_dir = ll_empty_dir,
614 .max_namelen = NAME_MAX,
616 #else /* !HAVE_LUSTRE_CRYPTO */
617 int ll_set_encflags(struct inode *inode, void *encctx, __u32 encctxlen,
623 int ll_file_open_encrypt(struct inode *inode, struct file *filp)
625 return llcrypt_file_open(inode, filp);
628 void llcrypt_free_ctx(void *encctx, __u32 size)
632 bool ll_sb_has_test_dummy_encryption(struct super_block *sb)
637 bool ll_sbi_has_encrypt(struct ll_sb_info *sbi)
642 void ll_sbi_set_encrypt(struct ll_sb_info *sbi, bool set)
646 bool ll_sbi_has_name_encrypt(struct ll_sb_info *sbi)
651 void ll_sbi_set_name_encrypt(struct ll_sb_info *sbi, bool set)
655 int ll_prepare_lookup(struct inode *dir, struct dentry *de,
656 struct llcrypt_name *fname, struct lu_fid *fid)
658 const struct qstr *iname = &de->d_name;
666 return llcrypt_setup_filename(dir, iname, 1, fname);
669 int ll_setup_filename(struct inode *dir, const struct qstr *iname,
670 int lookup, struct llcrypt_name *fname,
679 return llcrypt_setup_filename(dir, iname, lookup, fname);
682 int ll_fname_disk_to_usr(struct inode *inode,
683 u32 hash, u32 minor_hash,
684 struct llcrypt_str *iname, struct llcrypt_str *oname,
687 return llcrypt_fname_disk_to_usr(inode, hash, minor_hash, iname, oname);
690 int llcrypt_d_revalidate(struct dentry *dentry, unsigned int flags)