LCOV - code coverage report
Current view: top level - include/linux - fscrypt.h (source / functions) Hit Total Coverage
Test: fstests of 6.5.0-rc4-xfsx @ Mon Jul 31 20:08:34 PDT 2023 Lines: 20 24 83.3 %
Date: 2023-07-31 20:08:34 Functions: 2 2 100.0 %

          Line data    Source code
       1             : /* SPDX-License-Identifier: GPL-2.0 */
       2             : /*
       3             :  * fscrypt.h: declarations for per-file encryption
       4             :  *
       5             :  * Filesystems that implement per-file encryption must include this header
       6             :  * file.
       7             :  *
       8             :  * Copyright (C) 2015, Google, Inc.
       9             :  *
      10             :  * Written by Michael Halcrow, 2015.
      11             :  * Modified by Jaegeuk Kim, 2015.
      12             :  */
      13             : #ifndef _LINUX_FSCRYPT_H
      14             : #define _LINUX_FSCRYPT_H
      15             : 
      16             : #include <linux/fs.h>
      17             : #include <linux/mm.h>
      18             : #include <linux/slab.h>
      19             : #include <uapi/linux/fscrypt.h>
      20             : 
      21             : /*
      22             :  * The lengths of all file contents blocks must be divisible by this value.
      23             :  * This is needed to ensure that all contents encryption modes will work, as
      24             :  * some of the supported modes don't support arbitrarily byte-aligned messages.
      25             :  *
      26             :  * Since the needed alignment is 16 bytes, most filesystems will meet this
      27             :  * requirement naturally, as typical block sizes are powers of 2.  However, if a
      28             :  * filesystem can generate arbitrarily byte-aligned block lengths (e.g., via
      29             :  * compression), then it will need to pad to this alignment before encryption.
      30             :  */
      31             : #define FSCRYPT_CONTENTS_ALIGNMENT 16
      32             : 
      33             : union fscrypt_policy;
      34             : struct fscrypt_info;
      35             : struct fs_parameter;
      36             : struct seq_file;
      37             : 
      38             : struct fscrypt_str {
      39             :         unsigned char *name;
      40             :         u32 len;
      41             : };
      42             : 
      43             : struct fscrypt_name {
      44             :         const struct qstr *usr_fname;
      45             :         struct fscrypt_str disk_name;
      46             :         u32 hash;
      47             :         u32 minor_hash;
      48             :         struct fscrypt_str crypto_buf;
      49             :         bool is_nokey_name;
      50             : };
      51             : 
      52             : #define FSTR_INIT(n, l)         { .name = n, .len = l }
      53             : #define FSTR_TO_QSTR(f)         QSTR_INIT((f)->name, (f)->len)
      54             : #define fname_name(p)           ((p)->disk_name.name)
      55             : #define fname_len(p)            ((p)->disk_name.len)
      56             : 
      57             : /* Maximum value for the third parameter of fscrypt_operations.set_context(). */
      58             : #define FSCRYPT_SET_CONTEXT_MAX_SIZE    40
      59             : 
      60             : #ifdef CONFIG_FS_ENCRYPTION
      61             : 
      62             : /*
      63             :  * If set, the fscrypt bounce page pool won't be allocated (unless another
      64             :  * filesystem needs it).  Set this if the filesystem always uses its own bounce
      65             :  * pages for writes and therefore won't need the fscrypt bounce page pool.
      66             :  */
      67             : #define FS_CFLG_OWN_PAGES (1U << 1)
      68             : 
      69             : /* Crypto operations for filesystems */
      70             : struct fscrypt_operations {
      71             : 
      72             :         /* Set of optional flags; see above for allowed flags */
      73             :         unsigned int flags;
      74             : 
      75             :         /*
      76             :          * If set, this is a filesystem-specific key description prefix that
      77             :          * will be accepted for "logon" keys for v1 fscrypt policies, in
      78             :          * addition to the generic prefix "fscrypt:".  This functionality is
      79             :          * deprecated, so new filesystems shouldn't set this field.
      80             :          */
      81             :         const char *key_prefix;
      82             : 
      83             :         /*
      84             :          * Get the fscrypt context of the given inode.
      85             :          *
      86             :          * @inode: the inode whose context to get
      87             :          * @ctx: the buffer into which to get the context
      88             :          * @len: length of the @ctx buffer in bytes
      89             :          *
      90             :          * Return: On success, returns the length of the context in bytes; this
      91             :          *         may be less than @len.  On failure, returns -ENODATA if the
      92             :          *         inode doesn't have a context, -ERANGE if the context is
      93             :          *         longer than @len, or another -errno code.
      94             :          */
      95             :         int (*get_context)(struct inode *inode, void *ctx, size_t len);
      96             : 
      97             :         /*
      98             :          * Set an fscrypt context on the given inode.
      99             :          *
     100             :          * @inode: the inode whose context to set.  The inode won't already have
     101             :          *         an fscrypt context.
     102             :          * @ctx: the context to set
     103             :          * @len: length of @ctx in bytes (at most FSCRYPT_SET_CONTEXT_MAX_SIZE)
     104             :          * @fs_data: If called from fscrypt_set_context(), this will be the
     105             :          *           value the filesystem passed to fscrypt_set_context().
     106             :          *           Otherwise (i.e. when called from
     107             :          *           FS_IOC_SET_ENCRYPTION_POLICY) this will be NULL.
     108             :          *
     109             :          * i_rwsem will be held for write.
     110             :          *
     111             :          * Return: 0 on success, -errno on failure.
     112             :          */
     113             :         int (*set_context)(struct inode *inode, const void *ctx, size_t len,
     114             :                            void *fs_data);
     115             : 
     116             :         /*
     117             :          * Get the dummy fscrypt policy in use on the filesystem (if any).
     118             :          *
     119             :          * Filesystems only need to implement this function if they support the
     120             :          * test_dummy_encryption mount option.
     121             :          *
     122             :          * Return: A pointer to the dummy fscrypt policy, if the filesystem is
     123             :          *         mounted with test_dummy_encryption; otherwise NULL.
     124             :          */
     125             :         const union fscrypt_policy *(*get_dummy_policy)(struct super_block *sb);
     126             : 
     127             :         /*
     128             :          * Check whether a directory is empty.  i_rwsem will be held for write.
     129             :          */
     130             :         bool (*empty_dir)(struct inode *inode);
     131             : 
     132             :         /*
     133             :          * Check whether the filesystem's inode numbers and UUID are stable,
     134             :          * meaning that they will never be changed even by offline operations
     135             :          * such as filesystem shrinking and therefore can be used in the
     136             :          * encryption without the possibility of files becoming unreadable.
     137             :          *
     138             :          * Filesystems only need to implement this function if they want to
     139             :          * support the FSCRYPT_POLICY_FLAG_IV_INO_LBLK_{32,64} flags.  These
     140             :          * flags are designed to work around the limitations of UFS and eMMC
     141             :          * inline crypto hardware, and they shouldn't be used in scenarios where
     142             :          * such hardware isn't being used.
     143             :          *
     144             :          * Leaving this NULL is equivalent to always returning false.
     145             :          */
     146             :         bool (*has_stable_inodes)(struct super_block *sb);
     147             : 
     148             :         /*
     149             :          * Get the number of bits that the filesystem uses to represent inode
     150             :          * numbers and file logical block numbers.
     151             :          *
     152             :          * By default, both of these are assumed to be 64-bit.  This function
     153             :          * can be implemented to declare that either or both of these numbers is
     154             :          * shorter, which may allow the use of the
     155             :          * FSCRYPT_POLICY_FLAG_IV_INO_LBLK_{32,64} flags and/or the use of
     156             :          * inline crypto hardware whose maximum DUN length is less than 64 bits
     157             :          * (e.g., eMMC v5.2 spec compliant hardware).  This function only needs
     158             :          * to be implemented if support for one of these features is needed.
     159             :          */
     160             :         void (*get_ino_and_lblk_bits)(struct super_block *sb,
     161             :                                       int *ino_bits_ret, int *lblk_bits_ret);
     162             : 
     163             :         /*
     164             :          * Return an array of pointers to the block devices to which the
     165             :          * filesystem may write encrypted file contents, NULL if the filesystem
     166             :          * only has a single such block device, or an ERR_PTR() on error.
     167             :          *
     168             :          * On successful non-NULL return, *num_devs is set to the number of
     169             :          * devices in the returned array.  The caller must free the returned
     170             :          * array using kfree().
     171             :          *
     172             :          * If the filesystem can use multiple block devices (other than block
     173             :          * devices that aren't used for encrypted file contents, such as
     174             :          * external journal devices), and wants to support inline encryption,
     175             :          * then it must implement this function.  Otherwise it's not needed.
     176             :          */
     177             :         struct block_device **(*get_devices)(struct super_block *sb,
     178             :                                              unsigned int *num_devs);
     179             : };
     180             : 
     181             : static inline struct fscrypt_info *fscrypt_get_info(const struct inode *inode)
     182             : {
     183             :         /*
     184             :          * Pairs with the cmpxchg_release() in fscrypt_setup_encryption_info().
     185             :          * I.e., another task may publish ->i_crypt_info concurrently, executing
     186             :          * a RELEASE barrier.  We need to use smp_load_acquire() here to safely
     187             :          * ACQUIRE the memory the other task published.
     188             :          */
     189             :         return smp_load_acquire(&inode->i_crypt_info);
     190             : }
     191             : 
     192             : /**
     193             :  * fscrypt_needs_contents_encryption() - check whether an inode needs
     194             :  *                                       contents encryption
     195             :  * @inode: the inode to check
     196             :  *
     197             :  * Return: %true iff the inode is an encrypted regular file and the kernel was
     198             :  * built with fscrypt support.
     199             :  *
     200             :  * If you need to know whether the encrypt bit is set even when the kernel was
     201             :  * built without fscrypt support, you must use IS_ENCRYPTED() directly instead.
     202             :  */
     203             : static inline bool fscrypt_needs_contents_encryption(const struct inode *inode)
     204             : {
     205             :         return IS_ENCRYPTED(inode) && S_ISREG(inode->i_mode);
     206             : }
     207             : 
     208             : /*
     209             :  * When d_splice_alias() moves a directory's no-key alias to its plaintext alias
     210             :  * as a result of the encryption key being added, DCACHE_NOKEY_NAME must be
     211             :  * cleared.  Note that we don't have to support arbitrary moves of this flag
     212             :  * because fscrypt doesn't allow no-key names to be the source or target of a
     213             :  * rename().
     214             :  */
     215             : static inline void fscrypt_handle_d_move(struct dentry *dentry)
     216             : {
     217             :         dentry->d_flags &= ~DCACHE_NOKEY_NAME;
     218             : }
     219             : 
     220             : /**
     221             :  * fscrypt_is_nokey_name() - test whether a dentry is a no-key name
     222             :  * @dentry: the dentry to check
     223             :  *
     224             :  * This returns true if the dentry is a no-key dentry.  A no-key dentry is a
     225             :  * dentry that was created in an encrypted directory that hasn't had its
     226             :  * encryption key added yet.  Such dentries may be either positive or negative.
     227             :  *
     228             :  * When a filesystem is asked to create a new filename in an encrypted directory
     229             :  * and the new filename's dentry is a no-key dentry, it must fail the operation
     230             :  * with ENOKEY.  This includes ->create(), ->mkdir(), ->mknod(), ->symlink(),
     231             :  * ->rename(), and ->link().  (However, ->rename() and ->link() are already
     232             :  * handled by fscrypt_prepare_rename() and fscrypt_prepare_link().)
     233             :  *
     234             :  * This is necessary because creating a filename requires the directory's
     235             :  * encryption key, but just checking for the key on the directory inode during
     236             :  * the final filesystem operation doesn't guarantee that the key was available
     237             :  * during the preceding dentry lookup.  And the key must have already been
     238             :  * available during the dentry lookup in order for it to have been checked
     239             :  * whether the filename already exists in the directory and for the new file's
     240             :  * dentry not to be invalidated due to it incorrectly having the no-key flag.
     241             :  *
     242             :  * Return: %true if the dentry is a no-key name
     243             :  */
     244             : static inline bool fscrypt_is_nokey_name(const struct dentry *dentry)
     245             : {
     246             :         return dentry->d_flags & DCACHE_NOKEY_NAME;
     247             : }
     248             : 
     249             : /* crypto.c */
     250             : void fscrypt_enqueue_decrypt_work(struct work_struct *);
     251             : 
     252             : struct page *fscrypt_encrypt_pagecache_blocks(struct page *page,
     253             :                                               unsigned int len,
     254             :                                               unsigned int offs,
     255             :                                               gfp_t gfp_flags);
     256             : int fscrypt_encrypt_block_inplace(const struct inode *inode, struct page *page,
     257             :                                   unsigned int len, unsigned int offs,
     258             :                                   u64 lblk_num, gfp_t gfp_flags);
     259             : 
     260             : int fscrypt_decrypt_pagecache_blocks(struct folio *folio, size_t len,
     261             :                                      size_t offs);
     262             : int fscrypt_decrypt_block_inplace(const struct inode *inode, struct page *page,
     263             :                                   unsigned int len, unsigned int offs,
     264             :                                   u64 lblk_num);
     265             : 
     266             : static inline bool fscrypt_is_bounce_page(struct page *page)
     267             : {
     268             :         return page->mapping == NULL;
     269             : }
     270             : 
     271             : static inline struct page *fscrypt_pagecache_page(struct page *bounce_page)
     272             : {
     273             :         return (struct page *)page_private(bounce_page);
     274             : }
     275             : 
     276             : static inline bool fscrypt_is_bounce_folio(struct folio *folio)
     277             : {
     278             :         return folio->mapping == NULL;
     279             : }
     280             : 
     281             : static inline struct folio *fscrypt_pagecache_folio(struct folio *bounce_folio)
     282             : {
     283             :         return bounce_folio->private;
     284             : }
     285             : 
     286             : void fscrypt_free_bounce_page(struct page *bounce_page);
     287             : 
     288             : /* policy.c */
     289             : int fscrypt_ioctl_set_policy(struct file *filp, const void __user *arg);
     290             : int fscrypt_ioctl_get_policy(struct file *filp, void __user *arg);
     291             : int fscrypt_ioctl_get_policy_ex(struct file *filp, void __user *arg);
     292             : int fscrypt_ioctl_get_nonce(struct file *filp, void __user *arg);
     293             : int fscrypt_has_permitted_context(struct inode *parent, struct inode *child);
     294             : int fscrypt_context_for_new_inode(void *ctx, struct inode *inode);
     295             : int fscrypt_set_context(struct inode *inode, void *fs_data);
     296             : 
     297             : struct fscrypt_dummy_policy {
     298             :         const union fscrypt_policy *policy;
     299             : };
     300             : 
     301             : int fscrypt_parse_test_dummy_encryption(const struct fs_parameter *param,
     302             :                                     struct fscrypt_dummy_policy *dummy_policy);
     303             : bool fscrypt_dummy_policies_equal(const struct fscrypt_dummy_policy *p1,
     304             :                                   const struct fscrypt_dummy_policy *p2);
     305             : void fscrypt_show_test_dummy_encryption(struct seq_file *seq, char sep,
     306             :                                         struct super_block *sb);
     307             : static inline bool
     308             : fscrypt_is_dummy_policy_set(const struct fscrypt_dummy_policy *dummy_policy)
     309             : {
     310             :         return dummy_policy->policy != NULL;
     311             : }
     312             : static inline void
     313             : fscrypt_free_dummy_policy(struct fscrypt_dummy_policy *dummy_policy)
     314             : {
     315             :         kfree(dummy_policy->policy);
     316             :         dummy_policy->policy = NULL;
     317             : }
     318             : 
     319             : /* keyring.c */
     320             : void fscrypt_destroy_keyring(struct super_block *sb);
     321             : int fscrypt_ioctl_add_key(struct file *filp, void __user *arg);
     322             : int fscrypt_ioctl_remove_key(struct file *filp, void __user *arg);
     323             : int fscrypt_ioctl_remove_key_all_users(struct file *filp, void __user *arg);
     324             : int fscrypt_ioctl_get_key_status(struct file *filp, void __user *arg);
     325             : 
     326             : /* keysetup.c */
     327             : int fscrypt_prepare_new_inode(struct inode *dir, struct inode *inode,
     328             :                               bool *encrypt_ret);
     329             : void fscrypt_put_encryption_info(struct inode *inode);
     330             : void fscrypt_free_inode(struct inode *inode);
     331             : int fscrypt_drop_inode(struct inode *inode);
     332             : 
     333             : /* fname.c */
     334             : int fscrypt_fname_encrypt(const struct inode *inode, const struct qstr *iname,
     335             :                           u8 *out, unsigned int olen);
     336             : bool fscrypt_fname_encrypted_size(const struct inode *inode, u32 orig_len,
     337             :                                   u32 max_len, u32 *encrypted_len_ret);
     338             : int fscrypt_setup_filename(struct inode *inode, const struct qstr *iname,
     339             :                            int lookup, struct fscrypt_name *fname);
     340             : 
     341             : static inline void fscrypt_free_filename(struct fscrypt_name *fname)
     342             : {
     343             :         kfree(fname->crypto_buf.name);
     344             : }
     345             : 
     346             : int fscrypt_fname_alloc_buffer(u32 max_encrypted_len,
     347             :                                struct fscrypt_str *crypto_str);
     348             : void fscrypt_fname_free_buffer(struct fscrypt_str *crypto_str);
     349             : int fscrypt_fname_disk_to_usr(const struct inode *inode,
     350             :                               u32 hash, u32 minor_hash,
     351             :                               const struct fscrypt_str *iname,
     352             :                               struct fscrypt_str *oname);
     353             : bool fscrypt_match_name(const struct fscrypt_name *fname,
     354             :                         const u8 *de_name, u32 de_name_len);
     355             : u64 fscrypt_fname_siphash(const struct inode *dir, const struct qstr *name);
     356             : int fscrypt_d_revalidate(struct dentry *dentry, unsigned int flags);
     357             : 
     358             : /* bio.c */
     359             : bool fscrypt_decrypt_bio(struct bio *bio);
     360             : int fscrypt_zeroout_range(const struct inode *inode, pgoff_t lblk,
     361             :                           sector_t pblk, unsigned int len);
     362             : 
     363             : /* hooks.c */
     364             : int fscrypt_file_open(struct inode *inode, struct file *filp);
     365             : int __fscrypt_prepare_link(struct inode *inode, struct inode *dir,
     366             :                            struct dentry *dentry);
     367             : int __fscrypt_prepare_rename(struct inode *old_dir, struct dentry *old_dentry,
     368             :                              struct inode *new_dir, struct dentry *new_dentry,
     369             :                              unsigned int flags);
     370             : int __fscrypt_prepare_lookup(struct inode *dir, struct dentry *dentry,
     371             :                              struct fscrypt_name *fname);
     372             : int fscrypt_prepare_lookup_partial(struct inode *dir, struct dentry *dentry);
     373             : int __fscrypt_prepare_readdir(struct inode *dir);
     374             : int __fscrypt_prepare_setattr(struct dentry *dentry, struct iattr *attr);
     375             : int fscrypt_prepare_setflags(struct inode *inode,
     376             :                              unsigned int oldflags, unsigned int flags);
     377             : int fscrypt_prepare_symlink(struct inode *dir, const char *target,
     378             :                             unsigned int len, unsigned int max_len,
     379             :                             struct fscrypt_str *disk_link);
     380             : int __fscrypt_encrypt_symlink(struct inode *inode, const char *target,
     381             :                               unsigned int len, struct fscrypt_str *disk_link);
     382             : const char *fscrypt_get_symlink(struct inode *inode, const void *caddr,
     383             :                                 unsigned int max_size,
     384             :                                 struct delayed_call *done);
     385             : int fscrypt_symlink_getattr(const struct path *path, struct kstat *stat);
     386             : static inline void fscrypt_set_ops(struct super_block *sb,
     387             :                                    const struct fscrypt_operations *s_cop)
     388             : {
     389             :         sb->s_cop = s_cop;
     390             : }
     391             : #else  /* !CONFIG_FS_ENCRYPTION */
     392             : 
     393             : static inline struct fscrypt_info *fscrypt_get_info(const struct inode *inode)
     394             : {
     395             :         return NULL;
     396             : }
     397             : 
     398             : static inline bool fscrypt_needs_contents_encryption(const struct inode *inode)
     399             : {
     400             :         return false;
     401             : }
     402             : 
     403             : static inline void fscrypt_handle_d_move(struct dentry *dentry)
     404             : {
     405             : }
     406             : 
     407             : static inline bool fscrypt_is_nokey_name(const struct dentry *dentry)
     408             : {
     409             :         return false;
     410             : }
     411             : 
     412             : /* crypto.c */
     413             : static inline void fscrypt_enqueue_decrypt_work(struct work_struct *work)
     414             : {
     415             : }
     416             : 
     417             : static inline struct page *fscrypt_encrypt_pagecache_blocks(struct page *page,
     418             :                                                             unsigned int len,
     419             :                                                             unsigned int offs,
     420             :                                                             gfp_t gfp_flags)
     421             : {
     422             :         return ERR_PTR(-EOPNOTSUPP);
     423             : }
     424             : 
     425             : static inline int fscrypt_encrypt_block_inplace(const struct inode *inode,
     426             :                                                 struct page *page,
     427             :                                                 unsigned int len,
     428             :                                                 unsigned int offs, u64 lblk_num,
     429             :                                                 gfp_t gfp_flags)
     430             : {
     431             :         return -EOPNOTSUPP;
     432             : }
     433             : 
     434             : static inline int fscrypt_decrypt_pagecache_blocks(struct folio *folio,
     435             :                                                    size_t len, size_t offs)
     436             : {
     437             :         return -EOPNOTSUPP;
     438             : }
     439             : 
     440             : static inline int fscrypt_decrypt_block_inplace(const struct inode *inode,
     441             :                                                 struct page *page,
     442             :                                                 unsigned int len,
     443             :                                                 unsigned int offs, u64 lblk_num)
     444             : {
     445             :         return -EOPNOTSUPP;
     446             : }
     447             : 
     448             : static inline bool fscrypt_is_bounce_page(struct page *page)
     449             : {
     450             :         return false;
     451             : }
     452             : 
     453             : static inline struct page *fscrypt_pagecache_page(struct page *bounce_page)
     454             : {
     455             :         WARN_ON_ONCE(1);
     456             :         return ERR_PTR(-EINVAL);
     457             : }
     458             : 
     459             : static inline bool fscrypt_is_bounce_folio(struct folio *folio)
     460             : {
     461             :         return false;
     462             : }
     463             : 
     464             : static inline struct folio *fscrypt_pagecache_folio(struct folio *bounce_folio)
     465             : {
     466             :         WARN_ON_ONCE(1);
     467             :         return ERR_PTR(-EINVAL);
     468             : }
     469             : 
     470             : static inline void fscrypt_free_bounce_page(struct page *bounce_page)
     471             : {
     472             : }
     473             : 
     474             : /* policy.c */
     475             : static inline int fscrypt_ioctl_set_policy(struct file *filp,
     476             :                                            const void __user *arg)
     477             : {
     478             :         return -EOPNOTSUPP;
     479             : }
     480             : 
     481             : static inline int fscrypt_ioctl_get_policy(struct file *filp, void __user *arg)
     482             : {
     483             :         return -EOPNOTSUPP;
     484             : }
     485             : 
     486             : static inline int fscrypt_ioctl_get_policy_ex(struct file *filp,
     487             :                                               void __user *arg)
     488             : {
     489             :         return -EOPNOTSUPP;
     490             : }
     491             : 
     492             : static inline int fscrypt_ioctl_get_nonce(struct file *filp, void __user *arg)
     493             : {
     494             :         return -EOPNOTSUPP;
     495             : }
     496             : 
     497             : static inline int fscrypt_has_permitted_context(struct inode *parent,
     498             :                                                 struct inode *child)
     499             : {
     500             :         return 0;
     501             : }
     502             : 
     503             : static inline int fscrypt_set_context(struct inode *inode, void *fs_data)
     504             : {
     505             :         return -EOPNOTSUPP;
     506             : }
     507             : 
     508             : struct fscrypt_dummy_policy {
     509             : };
     510             : 
     511             : static inline int
     512             : fscrypt_parse_test_dummy_encryption(const struct fs_parameter *param,
     513             :                                     struct fscrypt_dummy_policy *dummy_policy)
     514             : {
     515             :         return -EINVAL;
     516             : }
     517             : 
     518             : static inline bool
     519             : fscrypt_dummy_policies_equal(const struct fscrypt_dummy_policy *p1,
     520             :                              const struct fscrypt_dummy_policy *p2)
     521             : {
     522             :         return true;
     523             : }
     524             : 
     525             : static inline void fscrypt_show_test_dummy_encryption(struct seq_file *seq,
     526             :                                                       char sep,
     527             :                                                       struct super_block *sb)
     528             : {
     529             : }
     530             : 
     531             : static inline bool
     532             : fscrypt_is_dummy_policy_set(const struct fscrypt_dummy_policy *dummy_policy)
     533             : {
     534             :         return false;
     535             : }
     536             : 
     537             : static inline void
     538             : fscrypt_free_dummy_policy(struct fscrypt_dummy_policy *dummy_policy)
     539             : {
     540             : }
     541             : 
     542             : /* keyring.c */
     543             : static inline void fscrypt_destroy_keyring(struct super_block *sb)
     544             : {
     545             : }
     546             : 
     547             : static inline int fscrypt_ioctl_add_key(struct file *filp, void __user *arg)
     548             : {
     549             :         return -EOPNOTSUPP;
     550             : }
     551             : 
     552             : static inline int fscrypt_ioctl_remove_key(struct file *filp, void __user *arg)
     553             : {
     554             :         return -EOPNOTSUPP;
     555             : }
     556             : 
     557             : static inline int fscrypt_ioctl_remove_key_all_users(struct file *filp,
     558             :                                                      void __user *arg)
     559             : {
     560             :         return -EOPNOTSUPP;
     561             : }
     562             : 
     563             : static inline int fscrypt_ioctl_get_key_status(struct file *filp,
     564             :                                                void __user *arg)
     565             : {
     566             :         return -EOPNOTSUPP;
     567             : }
     568             : 
     569             : /* keysetup.c */
     570             : 
     571             : static inline int fscrypt_prepare_new_inode(struct inode *dir,
     572             :                                             struct inode *inode,
     573             :                                             bool *encrypt_ret)
     574             : {
     575     2996347 :         if (IS_ENCRYPTED(dir))
     576           0 :                 return -EOPNOTSUPP;
     577             :         return 0;
     578             : }
     579             : 
     580             : static inline void fscrypt_put_encryption_info(struct inode *inode)
     581             : {
     582             :         return;
     583             : }
     584             : 
     585             : static inline void fscrypt_free_inode(struct inode *inode)
     586             : {
     587             : }
     588             : 
     589             : static inline int fscrypt_drop_inode(struct inode *inode)
     590             : {
     591             :         return 0;
     592             : }
     593             : 
     594             :  /* fname.c */
     595     8628518 : static inline int fscrypt_setup_filename(struct inode *dir,
     596             :                                          const struct qstr *iname,
     597             :                                          int lookup, struct fscrypt_name *fname)
     598             : {
     599     8628518 :         if (IS_ENCRYPTED(dir))
     600             :                 return -EOPNOTSUPP;
     601             : 
     602     8628518 :         memset(fname, 0, sizeof(*fname));
     603     8628518 :         fname->usr_fname = iname;
     604     8628518 :         fname->disk_name.name = (unsigned char *)iname->name;
     605     8628518 :         fname->disk_name.len = iname->len;
     606     8628518 :         return 0;
     607             : }
     608             : 
     609             : static inline void fscrypt_free_filename(struct fscrypt_name *fname)
     610             : {
     611             :         return;
     612             : }
     613             : 
     614             : static inline int fscrypt_fname_alloc_buffer(u32 max_encrypted_len,
     615             :                                              struct fscrypt_str *crypto_str)
     616             : {
     617             :         return -EOPNOTSUPP;
     618             : }
     619             : 
     620             : static inline void fscrypt_fname_free_buffer(struct fscrypt_str *crypto_str)
     621             : {
     622             :         return;
     623             : }
     624             : 
     625             : static inline int fscrypt_fname_disk_to_usr(const struct inode *inode,
     626             :                                             u32 hash, u32 minor_hash,
     627             :                                             const struct fscrypt_str *iname,
     628             :                                             struct fscrypt_str *oname)
     629             : {
     630             :         return -EOPNOTSUPP;
     631             : }
     632             : 
     633   636229813 : static inline bool fscrypt_match_name(const struct fscrypt_name *fname,
     634             :                                       const u8 *de_name, u32 de_name_len)
     635             : {
     636             :         /* Encryption support disabled; use standard comparison */
     637   636229813 :         if (de_name_len != fname->disk_name.len)
     638             :                 return false;
     639   573442044 :         return !memcmp(de_name, fname->disk_name.name, fname->disk_name.len);
     640             : }
     641             : 
     642             : static inline u64 fscrypt_fname_siphash(const struct inode *dir,
     643             :                                         const struct qstr *name)
     644             : {
     645             :         WARN_ON_ONCE(1);
     646             :         return 0;
     647             : }
     648             : 
     649             : static inline int fscrypt_d_revalidate(struct dentry *dentry,
     650             :                                        unsigned int flags)
     651             : {
     652             :         return 1;
     653             : }
     654             : 
     655             : /* bio.c */
     656             : static inline bool fscrypt_decrypt_bio(struct bio *bio)
     657             : {
     658             :         return true;
     659             : }
     660             : 
     661             : static inline int fscrypt_zeroout_range(const struct inode *inode, pgoff_t lblk,
     662             :                                         sector_t pblk, unsigned int len)
     663             : {
     664             :         return -EOPNOTSUPP;
     665             : }
     666             : 
     667             : /* hooks.c */
     668             : 
     669             : static inline int fscrypt_file_open(struct inode *inode, struct file *filp)
     670             : {
     671     7551064 :         if (IS_ENCRYPTED(inode))
     672             :                 return -EOPNOTSUPP;
     673             :         return 0;
     674             : }
     675             : 
     676             : static inline int __fscrypt_prepare_link(struct inode *inode, struct inode *dir,
     677             :                                          struct dentry *dentry)
     678             : {
     679             :         return -EOPNOTSUPP;
     680             : }
     681             : 
     682             : static inline int __fscrypt_prepare_rename(struct inode *old_dir,
     683             :                                            struct dentry *old_dentry,
     684             :                                            struct inode *new_dir,
     685             :                                            struct dentry *new_dentry,
     686             :                                            unsigned int flags)
     687             : {
     688             :         return -EOPNOTSUPP;
     689             : }
     690             : 
     691             : static inline int __fscrypt_prepare_lookup(struct inode *dir,
     692             :                                            struct dentry *dentry,
     693             :                                            struct fscrypt_name *fname)
     694             : {
     695             :         return -EOPNOTSUPP;
     696             : }
     697             : 
     698             : static inline int fscrypt_prepare_lookup_partial(struct inode *dir,
     699             :                                                  struct dentry *dentry)
     700             : {
     701             :         return -EOPNOTSUPP;
     702             : }
     703             : 
     704             : static inline int __fscrypt_prepare_readdir(struct inode *dir)
     705             : {
     706             :         return -EOPNOTSUPP;
     707             : }
     708             : 
     709             : static inline int __fscrypt_prepare_setattr(struct dentry *dentry,
     710             :                                             struct iattr *attr)
     711             : {
     712             :         return -EOPNOTSUPP;
     713             : }
     714             : 
     715             : static inline int fscrypt_prepare_setflags(struct inode *inode,
     716             :                                            unsigned int oldflags,
     717             :                                            unsigned int flags)
     718             : {
     719             :         return 0;
     720             : }
     721             : 
     722             : static inline int fscrypt_prepare_symlink(struct inode *dir,
     723             :                                           const char *target,
     724             :                                           unsigned int len,
     725             :                                           unsigned int max_len,
     726             :                                           struct fscrypt_str *disk_link)
     727             : {
     728      140629 :         if (IS_ENCRYPTED(dir))
     729             :                 return -EOPNOTSUPP;
     730      140629 :         disk_link->name = (unsigned char *)target;
     731      140629 :         disk_link->len = len + 1;
     732      140629 :         if (disk_link->len > max_len)
     733             :                 return -ENAMETOOLONG;
     734             :         return 0;
     735             : }
     736             : 
     737             : static inline int __fscrypt_encrypt_symlink(struct inode *inode,
     738             :                                             const char *target,
     739             :                                             unsigned int len,
     740             :                                             struct fscrypt_str *disk_link)
     741             : {
     742             :         return -EOPNOTSUPP;
     743             : }
     744             : 
     745             : static inline const char *fscrypt_get_symlink(struct inode *inode,
     746             :                                               const void *caddr,
     747             :                                               unsigned int max_size,
     748             :                                               struct delayed_call *done)
     749             : {
     750             :         return ERR_PTR(-EOPNOTSUPP);
     751             : }
     752             : 
     753             : static inline int fscrypt_symlink_getattr(const struct path *path,
     754             :                                           struct kstat *stat)
     755             : {
     756             :         return -EOPNOTSUPP;
     757             : }
     758             : 
     759             : static inline void fscrypt_set_ops(struct super_block *sb,
     760             :                                    const struct fscrypt_operations *s_cop)
     761             : {
     762             : }
     763             : 
     764             : #endif  /* !CONFIG_FS_ENCRYPTION */
     765             : 
     766             : /* inline_crypt.c */
     767             : #ifdef CONFIG_FS_ENCRYPTION_INLINE_CRYPT
     768             : 
     769             : bool __fscrypt_inode_uses_inline_crypto(const struct inode *inode);
     770             : 
     771             : void fscrypt_set_bio_crypt_ctx(struct bio *bio,
     772             :                                const struct inode *inode, u64 first_lblk,
     773             :                                gfp_t gfp_mask);
     774             : 
     775             : void fscrypt_set_bio_crypt_ctx_bh(struct bio *bio,
     776             :                                   const struct buffer_head *first_bh,
     777             :                                   gfp_t gfp_mask);
     778             : 
     779             : bool fscrypt_mergeable_bio(struct bio *bio, const struct inode *inode,
     780             :                            u64 next_lblk);
     781             : 
     782             : bool fscrypt_mergeable_bio_bh(struct bio *bio,
     783             :                               const struct buffer_head *next_bh);
     784             : 
     785             : bool fscrypt_dio_supported(struct inode *inode);
     786             : 
     787             : u64 fscrypt_limit_io_blocks(const struct inode *inode, u64 lblk, u64 nr_blocks);
     788             : 
     789             : #else /* CONFIG_FS_ENCRYPTION_INLINE_CRYPT */
     790             : 
     791             : static inline bool __fscrypt_inode_uses_inline_crypto(const struct inode *inode)
     792             : {
     793             :         return false;
     794             : }
     795             : 
     796             : static inline void fscrypt_set_bio_crypt_ctx(struct bio *bio,
     797             :                                              const struct inode *inode,
     798             :                                              u64 first_lblk, gfp_t gfp_mask) { }
     799             : 
     800             : static inline void fscrypt_set_bio_crypt_ctx_bh(
     801             :                                          struct bio *bio,
     802             :                                          const struct buffer_head *first_bh,
     803             :                                          gfp_t gfp_mask) { }
     804             : 
     805             : static inline bool fscrypt_mergeable_bio(struct bio *bio,
     806             :                                          const struct inode *inode,
     807             :                                          u64 next_lblk)
     808             : {
     809             :         return true;
     810             : }
     811             : 
     812             : static inline bool fscrypt_mergeable_bio_bh(struct bio *bio,
     813             :                                             const struct buffer_head *next_bh)
     814             : {
     815             :         return true;
     816             : }
     817             : 
     818             : static inline bool fscrypt_dio_supported(struct inode *inode)
     819             : {
     820             :         return !fscrypt_needs_contents_encryption(inode);
     821             : }
     822             : 
     823             : static inline u64 fscrypt_limit_io_blocks(const struct inode *inode, u64 lblk,
     824             :                                           u64 nr_blocks)
     825             : {
     826             :         return nr_blocks;
     827             : }
     828             : #endif /* !CONFIG_FS_ENCRYPTION_INLINE_CRYPT */
     829             : 
     830             : /**
     831             :  * fscrypt_inode_uses_inline_crypto() - test whether an inode uses inline
     832             :  *                                      encryption
     833             :  * @inode: an inode. If encrypted, its key must be set up.
     834             :  *
     835             :  * Return: true if the inode requires file contents encryption and if the
     836             :  *         encryption should be done in the block layer via blk-crypto rather
     837             :  *         than in the filesystem layer.
     838             :  */
     839             : static inline bool fscrypt_inode_uses_inline_crypto(const struct inode *inode)
     840             : {
     841             :         return fscrypt_needs_contents_encryption(inode) &&
     842             :                __fscrypt_inode_uses_inline_crypto(inode);
     843             : }
     844             : 
     845             : /**
     846             :  * fscrypt_inode_uses_fs_layer_crypto() - test whether an inode uses fs-layer
     847             :  *                                        encryption
     848             :  * @inode: an inode. If encrypted, its key must be set up.
     849             :  *
     850             :  * Return: true if the inode requires file contents encryption and if the
     851             :  *         encryption should be done in the filesystem layer rather than in the
     852             :  *         block layer via blk-crypto.
     853             :  */
     854             : static inline bool fscrypt_inode_uses_fs_layer_crypto(const struct inode *inode)
     855             : {
     856             :         return fscrypt_needs_contents_encryption(inode) &&
     857             :                !__fscrypt_inode_uses_inline_crypto(inode);
     858             : }
     859             : 
     860             : /**
     861             :  * fscrypt_has_encryption_key() - check whether an inode has had its key set up
     862             :  * @inode: the inode to check
     863             :  *
     864             :  * Return: %true if the inode has had its encryption key set up, else %false.
     865             :  *
     866             :  * Usually this should be preceded by fscrypt_get_encryption_info() to try to
     867             :  * set up the key first.
     868             :  */
     869             : static inline bool fscrypt_has_encryption_key(const struct inode *inode)
     870             : {
     871             :         return fscrypt_get_info(inode) != NULL;
     872             : }
     873             : 
     874             : /**
     875             :  * fscrypt_prepare_link() - prepare to link an inode into a possibly-encrypted
     876             :  *                          directory
     877             :  * @old_dentry: an existing dentry for the inode being linked
     878             :  * @dir: the target directory
     879             :  * @dentry: negative dentry for the target filename
     880             :  *
     881             :  * A new link can only be added to an encrypted directory if the directory's
     882             :  * encryption key is available --- since otherwise we'd have no way to encrypt
     883             :  * the filename.
     884             :  *
     885             :  * We also verify that the link will not violate the constraint that all files
     886             :  * in an encrypted directory tree use the same encryption policy.
     887             :  *
     888             :  * Return: 0 on success, -ENOKEY if the directory's encryption key is missing,
     889             :  * -EXDEV if the link would result in an inconsistent encryption policy, or
     890             :  * another -errno code.
     891             :  */
     892             : static inline int fscrypt_prepare_link(struct dentry *old_dentry,
     893             :                                        struct inode *dir,
     894             :                                        struct dentry *dentry)
     895             : {
     896       76638 :         if (IS_ENCRYPTED(dir))
     897             :                 return __fscrypt_prepare_link(d_inode(old_dentry), dir, dentry);
     898             :         return 0;
     899             : }
     900             : 
     901             : /**
     902             :  * fscrypt_prepare_rename() - prepare for a rename between possibly-encrypted
     903             :  *                            directories
     904             :  * @old_dir: source directory
     905             :  * @old_dentry: dentry for source file
     906             :  * @new_dir: target directory
     907             :  * @new_dentry: dentry for target location (may be negative unless exchanging)
     908             :  * @flags: rename flags (we care at least about %RENAME_EXCHANGE)
     909             :  *
     910             :  * Prepare for ->rename() where the source and/or target directories may be
     911             :  * encrypted.  A new link can only be added to an encrypted directory if the
     912             :  * directory's encryption key is available --- since otherwise we'd have no way
     913             :  * to encrypt the filename.  A rename to an existing name, on the other hand,
     914             :  * *is* cryptographically possible without the key.  However, we take the more
     915             :  * conservative approach and just forbid all no-key renames.
     916             :  *
     917             :  * We also verify that the rename will not violate the constraint that all files
     918             :  * in an encrypted directory tree use the same encryption policy.
     919             :  *
     920             :  * Return: 0 on success, -ENOKEY if an encryption key is missing, -EXDEV if the
     921             :  * rename would cause inconsistent encryption policies, or another -errno code.
     922             :  */
     923             : static inline int fscrypt_prepare_rename(struct inode *old_dir,
     924             :                                          struct dentry *old_dentry,
     925             :                                          struct inode *new_dir,
     926             :                                          struct dentry *new_dentry,
     927             :                                          unsigned int flags)
     928             : {
     929      653875 :         if (IS_ENCRYPTED(old_dir) || IS_ENCRYPTED(new_dir))
     930             :                 return __fscrypt_prepare_rename(old_dir, old_dentry,
     931             :                                                 new_dir, new_dentry, flags);
     932             :         return 0;
     933             : }
     934             : 
     935             : /**
     936             :  * fscrypt_prepare_lookup() - prepare to lookup a name in a possibly-encrypted
     937             :  *                            directory
     938             :  * @dir: directory being searched
     939             :  * @dentry: filename being looked up
     940             :  * @fname: (output) the name to use to search the on-disk directory
     941             :  *
     942             :  * Prepare for ->lookup() in a directory which may be encrypted by determining
     943             :  * the name that will actually be used to search the directory on-disk.  If the
     944             :  * directory's encryption policy is supported by this kernel and its encryption
     945             :  * key is available, then the lookup is assumed to be by plaintext name;
     946             :  * otherwise, it is assumed to be by no-key name.
     947             :  *
     948             :  * This will set DCACHE_NOKEY_NAME on the dentry if the lookup is by no-key
     949             :  * name.  In this case the filesystem must assign the dentry a dentry_operations
     950             :  * which contains fscrypt_d_revalidate (or contains a d_revalidate method that
     951             :  * calls fscrypt_d_revalidate), so that the dentry will be invalidated if the
     952             :  * directory's encryption key is later added.
     953             :  *
     954             :  * Return: 0 on success; -ENOENT if the directory's key is unavailable but the
     955             :  * filename isn't a valid no-key name, so a negative dentry should be created;
     956             :  * or another -errno code.
     957             :  */
     958             : static inline int fscrypt_prepare_lookup(struct inode *dir,
     959             :                                          struct dentry *dentry,
     960             :                                          struct fscrypt_name *fname)
     961             : {
     962             :         if (IS_ENCRYPTED(dir))
     963             :                 return __fscrypt_prepare_lookup(dir, dentry, fname);
     964             : 
     965             :         memset(fname, 0, sizeof(*fname));
     966             :         fname->usr_fname = &dentry->d_name;
     967             :         fname->disk_name.name = (unsigned char *)dentry->d_name.name;
     968             :         fname->disk_name.len = dentry->d_name.len;
     969             :         return 0;
     970             : }
     971             : 
     972             : /**
     973             :  * fscrypt_prepare_readdir() - prepare to read a possibly-encrypted directory
     974             :  * @dir: the directory inode
     975             :  *
     976             :  * If the directory is encrypted and it doesn't already have its encryption key
     977             :  * set up, try to set it up so that the filenames will be listed in plaintext
     978             :  * form rather than in no-key form.
     979             :  *
     980             :  * Return: 0 on success; -errno on error.  Note that the encryption key being
     981             :  *         unavailable is not considered an error.  It is also not an error if
     982             :  *         the encryption policy is unsupported by this kernel; that is treated
     983             :  *         like the key being unavailable, so that files can still be deleted.
     984             :  */
     985             : static inline int fscrypt_prepare_readdir(struct inode *dir)
     986             : {
     987      376377 :         if (IS_ENCRYPTED(dir))
     988           0 :                 return __fscrypt_prepare_readdir(dir);
     989             :         return 0;
     990             : }
     991             : 
     992             : /**
     993             :  * fscrypt_prepare_setattr() - prepare to change a possibly-encrypted inode's
     994             :  *                             attributes
     995             :  * @dentry: dentry through which the inode is being changed
     996             :  * @attr: attributes to change
     997             :  *
     998             :  * Prepare for ->setattr() on a possibly-encrypted inode.  On an encrypted file,
     999             :  * most attribute changes are allowed even without the encryption key.  However,
    1000             :  * without the encryption key we do have to forbid truncates.  This is needed
    1001             :  * because the size being truncated to may not be a multiple of the filesystem
    1002             :  * block size, and in that case we'd have to decrypt the final block, zero the
    1003             :  * portion past i_size, and re-encrypt it.  (We *could* allow truncating to a
    1004             :  * filesystem block boundary, but it's simpler to just forbid all truncates ---
    1005             :  * and we already forbid all other contents modifications without the key.)
    1006             :  *
    1007             :  * Return: 0 on success, -ENOKEY if the key is missing, or another -errno code
    1008             :  * if a problem occurred while setting up the encryption key.
    1009             :  */
    1010             : static inline int fscrypt_prepare_setattr(struct dentry *dentry,
    1011             :                                           struct iattr *attr)
    1012             : {
    1013     2615872 :         if (IS_ENCRYPTED(d_inode(dentry)))
    1014             :                 return __fscrypt_prepare_setattr(dentry, attr);
    1015             :         return 0;
    1016             : }
    1017             : 
    1018             : /**
    1019             :  * fscrypt_encrypt_symlink() - encrypt the symlink target if needed
    1020             :  * @inode: symlink inode
    1021             :  * @target: plaintext symlink target
    1022             :  * @len: length of @target excluding null terminator
    1023             :  * @disk_link: (in/out) the on-disk symlink target being prepared
    1024             :  *
    1025             :  * If the symlink target needs to be encrypted, then this function encrypts it
    1026             :  * into @disk_link->name.  fscrypt_prepare_symlink() must have been called
    1027             :  * previously to compute @disk_link->len.  If the filesystem did not allocate a
    1028             :  * buffer for @disk_link->name after calling fscrypt_prepare_link(), then one
    1029             :  * will be kmalloc()'ed and the filesystem will be responsible for freeing it.
    1030             :  *
    1031             :  * Return: 0 on success, -errno on failure
    1032             :  */
    1033             : static inline int fscrypt_encrypt_symlink(struct inode *inode,
    1034             :                                           const char *target,
    1035             :                                           unsigned int len,
    1036             :                                           struct fscrypt_str *disk_link)
    1037             : {
    1038           0 :         if (IS_ENCRYPTED(inode))
    1039           0 :                 return __fscrypt_encrypt_symlink(inode, target, len, disk_link);
    1040             :         return 0;
    1041             : }
    1042             : 
    1043             : /* If *pagep is a bounce page, free it and set *pagep to the pagecache page */
    1044             : static inline void fscrypt_finalize_bounce_page(struct page **pagep)
    1045             : {
    1046             :         struct page *page = *pagep;
    1047             : 
    1048             :         if (fscrypt_is_bounce_page(page)) {
    1049             :                 *pagep = fscrypt_pagecache_page(page);
    1050             :                 fscrypt_free_bounce_page(page);
    1051             :         }
    1052             : }
    1053             : 
    1054             : #endif  /* _LINUX_FSCRYPT_H */

Generated by: LCOV version 1.14