Lines Matching +full:key +full:- +full:up
1 // SPDX-License-Identifier: GPL-2.0-only
5 * Encryption hooks for higher-level filesystem operations.
11 * fscrypt_file_open() - prepare to open a possibly-encrypted regular file
13 * @filp: the struct file being set up
15 * Currently, an encrypted regular file can only be opened if its encryption key
17 * Therefore, we first set up the inode's encryption key (if not already done)
28 * Return: 0 on success, -ENOKEY if the key is missing, or another -errno code
44 * encryption policy comparison, but it's expensive on multi-core in fscrypt_file_open()
46 * with a lightweight RCU-mode check for the parent directory being in fscrypt_file_open()
52 dentry_parent = READ_ONCE(dentry->d_parent); in fscrypt_file_open()
64 d_inode(dentry_parent)->i_ino); in fscrypt_file_open()
65 err = -EPERM; in fscrypt_file_open()
76 return -ENOKEY; in __fscrypt_prepare_link()
78 * We don't need to separately check that the directory inode's key is in __fscrypt_prepare_link()
79 * available, as it's implied by the dentry not being a no-key name. in __fscrypt_prepare_link()
83 return -EXDEV; in __fscrypt_prepare_link()
95 return -ENOKEY; in __fscrypt_prepare_rename()
98 * available, as it's implied by the dentries not being no-key names. in __fscrypt_prepare_rename()
105 return -EXDEV; in __fscrypt_prepare_rename()
111 return -EXDEV; in __fscrypt_prepare_rename()
120 int err = fscrypt_setup_filename(dir, &dentry->d_name, 1, fname); in __fscrypt_prepare_lookup()
122 if (err && err != -ENOENT) in __fscrypt_prepare_lookup()
125 fscrypt_prepare_dentry(dentry, fname->is_nokey_name); in __fscrypt_prepare_lookup()
132 * fscrypt_prepare_lookup_partial() - prepare lookup without filename setup
134 * @dentry: the dentry being looked up in @dir
136 * This function should be used by the ->lookup and ->atomic_open methods of
137 * filesystems that handle filename encryption and no-key name encoding
139 * fscrypt_prepare_lookup(), this will try to set up the directory's encryption
140 * key and will set DCACHE_NOKEY_NAME on the dentry if the key is unavailable.
141 * However, this function doesn't set up a struct fscrypt_name for the filename.
143 * Return: 0 on success; -errno on error. Note that the encryption key being
146 * like the key being unavailable, so that files can still be deleted.
167 if (attr->ia_valid & ATTR_SIZE) in __fscrypt_prepare_setattr()
174 * fscrypt_prepare_setflags() - prepare to change flags with FS_IOC_SETFLAGS
181 * Return: 0 on success; -errno if the flags change isn't allowed or if
193 * derive the secret key needed for the dirhash. This is only possible in fscrypt_prepare_setflags()
200 ci = inode->i_crypt_info; in fscrypt_prepare_setflags()
201 if (ci->ci_policy.version != FSCRYPT_POLICY_V2) in fscrypt_prepare_setflags()
202 return -EINVAL; in fscrypt_prepare_setflags()
203 mk = ci->ci_master_key; in fscrypt_prepare_setflags()
204 down_read(&mk->mk_sem); in fscrypt_prepare_setflags()
205 if (mk->mk_present) in fscrypt_prepare_setflags()
208 err = -ENOKEY; in fscrypt_prepare_setflags()
209 up_read(&mk->mk_sem); in fscrypt_prepare_setflags()
216 * fscrypt_prepare_symlink() - prepare to create a possibly-encrypted symlink
221 * @disk_link: (out) the on-disk symlink target being prepared
223 * This function computes the size the symlink target will require on-disk,
224 * stores it in @disk_link->len, and validates it against @max_len. An
227 * Additionally, @disk_link->name is set to @target if the symlink will be
230 * on-disk target later. (The reason for the two-step process is that some
234 * Return: 0 on success, -ENAMETOOLONG if the symlink target is too long,
235 * -ENOKEY if the encryption key is missing, or another -errno code if a problem
236 * occurred while setting up the encryption key.
252 disk_link->name = (unsigned char *)target; in fscrypt_prepare_symlink()
253 disk_link->len = len + 1; in fscrypt_prepare_symlink()
254 if (disk_link->len > max_len) in fscrypt_prepare_symlink()
255 return -ENAMETOOLONG; in fscrypt_prepare_symlink()
273 max_len - sizeof(struct fscrypt_symlink_data) - 1, in fscrypt_prepare_symlink()
274 &disk_link->len)) in fscrypt_prepare_symlink()
275 return -ENAMETOOLONG; in fscrypt_prepare_symlink()
276 disk_link->len += sizeof(struct fscrypt_symlink_data) + 1; in fscrypt_prepare_symlink()
278 disk_link->name = NULL; in fscrypt_prepare_symlink()
292 * fscrypt_prepare_new_inode() should have already set up the new in __fscrypt_encrypt_symlink()
293 * symlink inode's encryption key. We don't wait until now to do it, in __fscrypt_encrypt_symlink()
297 return -ENOKEY; in __fscrypt_encrypt_symlink()
299 if (disk_link->name) { in __fscrypt_encrypt_symlink()
300 /* filesystem-provided buffer */ in __fscrypt_encrypt_symlink()
301 sd = (struct fscrypt_symlink_data *)disk_link->name; in __fscrypt_encrypt_symlink()
303 sd = kmalloc(disk_link->len, GFP_NOFS); in __fscrypt_encrypt_symlink()
305 return -ENOMEM; in __fscrypt_encrypt_symlink()
307 ciphertext_len = disk_link->len - sizeof(*sd) - 1; in __fscrypt_encrypt_symlink()
308 sd->len = cpu_to_le16(ciphertext_len); in __fscrypt_encrypt_symlink()
310 err = fscrypt_fname_encrypt(inode, &iname, sd->encrypted_path, in __fscrypt_encrypt_symlink()
316 * Null-terminating the ciphertext doesn't make sense, but we still in __fscrypt_encrypt_symlink()
320 sd->encrypted_path[ciphertext_len] = '\0'; in __fscrypt_encrypt_symlink()
323 err = -ENOMEM; in __fscrypt_encrypt_symlink()
324 inode->i_link = kmemdup(target, len + 1, GFP_NOFS); in __fscrypt_encrypt_symlink()
325 if (!inode->i_link) in __fscrypt_encrypt_symlink()
328 if (!disk_link->name) in __fscrypt_encrypt_symlink()
329 disk_link->name = (unsigned char *)sd; in __fscrypt_encrypt_symlink()
333 if (!disk_link->name) in __fscrypt_encrypt_symlink()
340 * fscrypt_get_symlink() - get the target of an encrypted symlink
342 * @caddr: the on-disk contents of the symlink
344 * @done: if successful, will be set up to free the returned target if needed
346 * If the symlink's encryption key is available, we decrypt its target.
364 return ERR_PTR(-EINVAL); in fscrypt_get_symlink()
367 pstr.name = READ_ONCE(inode->i_link); in fscrypt_get_symlink()
372 * Try to set up the symlink's encryption key, but we can continue in fscrypt_get_symlink()
373 * regardless of whether the key is available or not. in fscrypt_get_symlink()
386 return ERR_PTR(-EUCLEAN); in fscrypt_get_symlink()
388 cstr.name = (unsigned char *)sd->encrypted_path; in fscrypt_get_symlink()
389 cstr.len = le16_to_cpu(sd->len); in fscrypt_get_symlink()
392 return ERR_PTR(-EUCLEAN); in fscrypt_get_symlink()
395 return ERR_PTR(-EUCLEAN); in fscrypt_get_symlink()
405 err = -EUCLEAN; in fscrypt_get_symlink()
413 * symlink targets encoded without the key, since those become outdated in fscrypt_get_symlink()
414 * once the key is added. This pairs with the READ_ONCE() above and in in fscrypt_get_symlink()
418 cmpxchg_release(&inode->i_link, NULL, pstr.name) != NULL) in fscrypt_get_symlink()
430 * fscrypt_symlink_getattr() - set the correct st_size for encrypted symlinks
435 * symlink target (or the no-key encoded symlink target, if the key is
440 * This requires reading the symlink target from disk if needed, setting up the
441 * inode's encryption key if possible, and then decrypting or encoding the
443 * case. However, decrypted symlink targets will be cached in ->i_link, so
447 * Return: 0 on success, -errno on failure
451 struct dentry *dentry = path->dentry; in fscrypt_symlink_getattr()
458 * decrypted target or the no-key encoded target), we can just get it in in fscrypt_symlink_getattr()
461 link = READ_ONCE(inode->i_link); in fscrypt_symlink_getattr()
463 link = inode->i_op->get_link(dentry, inode, &done); in fscrypt_symlink_getattr()
467 stat->size = strlen(link); in fscrypt_symlink_getattr()