[mirror_ubuntu-artful-kernel.git] / fs / crypto / crypto.c

/*
 * This contains encryption functions for per-file encryption.
 *
 * Copyright (C) 2015, Google, Inc.
 * Copyright (C) 2015, Motorola Mobility
 *
 * Written by Michael Halcrow, 2014.
 *
 * Filename encryption additions
 *	Uday Savagaonkar, 2014
 * Encryption policy handling additions
 *	Ildar Muslukhov, 2014
 * Add fscrypt_pullback_bio_page()
 *	Jaegeuk Kim, 2015.
 *
 * This has not yet undergone a rigorous security audit.
 *
 * The usage of AES-XTS should conform to recommendations in NIST
 * Special Publication 800-38E and IEEE P1619/D16.
 */

#include <linux/pagemap.h>
#include <linux/mempool.h>
#include <linux/module.h>
#include <linux/scatterlist.h>
#include <linux/ratelimit.h>
#include <linux/bio.h>
#include <linux/dcache.h>
#include <linux/namei.h>
#include <linux/fscrypto.h>
#include <linux/ecryptfs.h>

static unsigned int num_prealloc_crypto_pages = 32;
static unsigned int num_prealloc_crypto_ctxs = 128;

module_param(num_prealloc_crypto_pages, uint, 0444);
MODULE_PARM_DESC(num_prealloc_crypto_pages,
		"Number of crypto pages to preallocate");
module_param(num_prealloc_crypto_ctxs, uint, 0444);
MODULE_PARM_DESC(num_prealloc_crypto_ctxs,
		"Number of crypto contexts to preallocate");

static mempool_t *fscrypt_bounce_page_pool = NULL;

static LIST_HEAD(fscrypt_free_ctxs);
static DEFINE_SPINLOCK(fscrypt_ctx_lock);

static struct workqueue_struct *fscrypt_read_workqueue;
static DEFINE_MUTEX(fscrypt_init_mutex);

static struct kmem_cache *fscrypt_ctx_cachep;
struct kmem_cache *fscrypt_info_cachep;

/**
 * fscrypt_release_ctx() - Releases an encryption context
 * @ctx: The encryption context to release.
 *
 * If the encryption context was allocated from the pre-allocated pool, returns
 * it to that pool. Else, frees it.
 *
 * If there's a bounce page in the context, this frees that.
 */
void fscrypt_release_ctx(struct fscrypt_ctx *ctx)
{
	unsigned long flags;

	if (ctx->flags & FS_WRITE_PATH_FL && ctx->w.bounce_page) {
		mempool_free(ctx->w.bounce_page, fscrypt_bounce_page_pool);
		ctx->w.bounce_page = NULL;
	}
	ctx->w.control_page = NULL;
	if (ctx->flags & FS_CTX_REQUIRES_FREE_ENCRYPT_FL) {
		kmem_cache_free(fscrypt_ctx_cachep, ctx);
	} else {
		spin_lock_irqsave(&fscrypt_ctx_lock, flags);
		list_add(&ctx->free_list, &fscrypt_free_ctxs);
		spin_unlock_irqrestore(&fscrypt_ctx_lock, flags);
	}
}
EXPORT_SYMBOL(fscrypt_release_ctx);

/**
 * fscrypt_get_ctx() - Gets an encryption context
 * @inode:       The inode for which we are doing the crypto
 * @gfp_flags:   The gfp flag for memory allocation
 *
 * Allocates and initializes an encryption context.
 *
 * Return: An allocated and initialized encryption context on success; error
 * value or NULL otherwise.
 */
struct fscrypt_ctx *fscrypt_get_ctx(struct inode *inode, gfp_t gfp_flags)
{
	struct fscrypt_ctx *ctx = NULL;
	struct fscrypt_info *ci = inode->i_crypt_info;
	unsigned long flags;

	if (ci == NULL)
		return ERR_PTR(-ENOKEY);

	/*
	 * We first try getting the ctx from a free list because in
	 * the common case the ctx will have an allocated and
	 * initialized crypto tfm, so it's probably a worthwhile
	 * optimization. For the bounce page, we first try getting it
	 * from the kernel allocator because that's just about as fast
	 * as getting it from a list and because a cache of free pages
	 * should generally be a "last resort" option for a filesystem
	 * to be able to do its job.
	 */
	spin_lock_irqsave(&fscrypt_ctx_lock, flags);
	ctx = list_first_entry_or_null(&fscrypt_free_ctxs,
					struct fscrypt_ctx, free_list);
	if (ctx)
		list_del(&ctx->free_list);
	spin_unlock_irqrestore(&fscrypt_ctx_lock, flags);
	if (!ctx) {
		ctx = kmem_cache_zalloc(fscrypt_ctx_cachep, gfp_flags);
		if (!ctx)
			return ERR_PTR(-ENOMEM);
		ctx->flags |= FS_CTX_REQUIRES_FREE_ENCRYPT_FL;
	} else {
		ctx->flags &= ~FS_CTX_REQUIRES_FREE_ENCRYPT_FL;
	}
	ctx->flags &= ~FS_WRITE_PATH_FL;
	return ctx;
}
EXPORT_SYMBOL(fscrypt_get_ctx);

/**
 * fscrypt_complete() - The completion callback for page encryption
 * @req: The asynchronous encryption request context
 * @res: The result of the encryption operation
 */
static void fscrypt_complete(struct crypto_async_request *req, int res)
{
	struct fscrypt_completion_result *ecr = req->data;

	if (res == -EINPROGRESS)
		return;
	ecr->res = res;
	complete(&ecr->completion);
}

typedef enum {
	FS_DECRYPT = 0,
	FS_ENCRYPT,
} fscrypt_direction_t;

static int do_page_crypto(struct inode *inode,
			fscrypt_direction_t rw, pgoff_t index,
			struct page *src_page, struct page *dest_page,
			gfp_t gfp_flags)
{
	u8 xts_tweak[FS_XTS_TWEAK_SIZE];
	struct skcipher_request *req = NULL;
	DECLARE_FS_COMPLETION_RESULT(ecr);
	struct scatterlist dst, src;
	struct fscrypt_info *ci = inode->i_crypt_info;
	struct crypto_skcipher *tfm = ci->ci_ctfm;
	int res = 0;

	req = skcipher_request_alloc(tfm, gfp_flags);
	if (!req) {
		printk_ratelimited(KERN_ERR
				"%s: crypto_request_alloc() failed\n",
				__func__);
		return -ENOMEM;
	}

	skcipher_request_set_callback(
		req, CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
		fscrypt_complete, &ecr);

	BUILD_BUG_ON(FS_XTS_TWEAK_SIZE < sizeof(index));
	memcpy(xts_tweak, &index, sizeof(index));
	memset(&xts_tweak[sizeof(index)], 0,
			FS_XTS_TWEAK_SIZE - sizeof(index));

	sg_init_table(&dst, 1);
	sg_set_page(&dst, dest_page, PAGE_SIZE, 0);
	sg_init_table(&src, 1);
	sg_set_page(&src, src_page, PAGE_SIZE, 0);
	skcipher_request_set_crypt(req, &src, &dst, PAGE_SIZE,
					xts_tweak);
	if (rw == FS_DECRYPT)
		res = crypto_skcipher_decrypt(req);
	else
		res = crypto_skcipher_encrypt(req);
	if (res == -EINPROGRESS || res == -EBUSY) {
		BUG_ON(req->base.data != &ecr);
		wait_for_completion(&ecr.completion);
		res = ecr.res;
	}
	skcipher_request_free(req);
	if (res) {
		printk_ratelimited(KERN_ERR
			"%s: crypto_skcipher_encrypt() returned %d\n",
			__func__, res);
		return res;
	}
	return 0;
}

static struct page *alloc_bounce_page(struct fscrypt_ctx *ctx, gfp_t gfp_flags)
{
	ctx->w.bounce_page = mempool_alloc(fscrypt_bounce_page_pool, gfp_flags);
	if (ctx->w.bounce_page == NULL)
		return ERR_PTR(-ENOMEM);
	ctx->flags |= FS_WRITE_PATH_FL;
	return ctx->w.bounce_page;
}

/**
 * fscypt_encrypt_page() - Encrypts a page
 * @inode:          The inode for which the encryption should take place
 * @plaintext_page: The page to encrypt. Must be locked.
 * @gfp_flags:      The gfp flag for memory allocation
 *
 * Allocates a ciphertext page and encrypts plaintext_page into it using the ctx
 * encryption context.
 *
 * Called on the page write path.  The caller must call
 * fscrypt_restore_control_page() on the returned ciphertext page to
 * release the bounce buffer and the encryption context.
 *
 * Return: An allocated page with the encrypted content on success. Else, an
 * error value or NULL.
 */
struct page *fscrypt_encrypt_page(struct inode *inode,
				struct page *plaintext_page, gfp_t gfp_flags)
{
	struct fscrypt_ctx *ctx;
	struct page *ciphertext_page = NULL;
	int err;

	BUG_ON(!PageLocked(plaintext_page));

	ctx = fscrypt_get_ctx(inode, gfp_flags);
	if (IS_ERR(ctx))
		return (struct page *)ctx;

	/* The encryption operation will require a bounce page. */
	ciphertext_page = alloc_bounce_page(ctx, gfp_flags);
	if (IS_ERR(ciphertext_page))
		goto errout;

	ctx->w.control_page = plaintext_page;
	err = do_page_crypto(inode, FS_ENCRYPT, plaintext_page->index,
					plaintext_page, ciphertext_page,
					gfp_flags);
	if (err) {
		ciphertext_page = ERR_PTR(err);
		goto errout;
	}
	SetPagePrivate(ciphertext_page);
	set_page_private(ciphertext_page, (unsigned long)ctx);
	lock_page(ciphertext_page);
	return ciphertext_page;

errout:
	fscrypt_release_ctx(ctx);
	return ciphertext_page;
}
EXPORT_SYMBOL(fscrypt_encrypt_page);

/**
 * f2crypt_decrypt_page() - Decrypts a page in-place
 * @page: The page to decrypt. Must be locked.
 *
 * Decrypts page in-place using the ctx encryption context.
 *
 * Called from the read completion callback.
 *
 * Return: Zero on success, non-zero otherwise.
 */
int fscrypt_decrypt_page(struct page *page)
{
	BUG_ON(!PageLocked(page));

	return do_page_crypto(page->mapping->host,
			FS_DECRYPT, page->index, page, page, GFP_NOFS);
}
EXPORT_SYMBOL(fscrypt_decrypt_page);

int fscrypt_zeroout_range(struct inode *inode, pgoff_t lblk,
				sector_t pblk, unsigned int len)
{
	struct fscrypt_ctx *ctx;
	struct page *ciphertext_page = NULL;
	struct bio *bio;
	int ret, err = 0;

	BUG_ON(inode->i_sb->s_blocksize != PAGE_SIZE);

	ctx = fscrypt_get_ctx(inode, GFP_NOFS);
	if (IS_ERR(ctx))
		return PTR_ERR(ctx);

	ciphertext_page = alloc_bounce_page(ctx, GFP_NOWAIT);
	if (IS_ERR(ciphertext_page)) {
		err = PTR_ERR(ciphertext_page);
		goto errout;
	}

	while (len--) {
		err = do_page_crypto(inode, FS_ENCRYPT, lblk,
					ZERO_PAGE(0), ciphertext_page,
					GFP_NOFS);
		if (err)
			goto errout;

		bio = bio_alloc(GFP_NOWAIT, 1);
		if (!bio) {
			err = -ENOMEM;
			goto errout;
		}
		bio->bi_bdev = inode->i_sb->s_bdev;
		bio->bi_iter.bi_sector =
			pblk << (inode->i_sb->s_blocksize_bits - 9);
		bio_set_op_attrs(bio, REQ_OP_WRITE, 0);
		ret = bio_add_page(bio, ciphertext_page,
					inode->i_sb->s_blocksize, 0);
		if (ret != inode->i_sb->s_blocksize) {
			/* should never happen! */
			WARN_ON(1);
			bio_put(bio);
			err = -EIO;
			goto errout;
		}
		err = submit_bio_wait(bio);
		if ((err == 0) && bio->bi_error)
			err = -EIO;
		bio_put(bio);
		if (err)
			goto errout;
		lblk++;
		pblk++;
	}
	err = 0;
errout:
	fscrypt_release_ctx(ctx);
	return err;
}
EXPORT_SYMBOL(fscrypt_zeroout_range);

/*
 * Validate dentries for encrypted directories to make sure we aren't
 * potentially caching stale data after a key has been added or
 * removed.
 */
static int fscrypt_d_revalidate(struct dentry *dentry, unsigned int flags)
{
	struct dentry *dir;
	struct fscrypt_info *ci;
	int dir_has_key, cached_with_key;

	if (flags & LOOKUP_RCU)
		return -ECHILD;

	dir = dget_parent(dentry);
	if (!d_inode(dir)->i_sb->s_cop->is_encrypted(d_inode(dir))) {
		dput(dir);
		return 0;
	}

	ci = d_inode(dir)->i_crypt_info;
	if (ci && ci->ci_keyring_key &&
	    (ci->ci_keyring_key->flags & ((1 << KEY_FLAG_INVALIDATED) |
					  (1 << KEY_FLAG_REVOKED) |
					  (1 << KEY_FLAG_DEAD))))
		ci = NULL;

	/* this should eventually be an flag in d_flags */
	spin_lock(&dentry->d_lock);
	cached_with_key = dentry->d_flags & DCACHE_ENCRYPTED_WITH_KEY;
	spin_unlock(&dentry->d_lock);
	dir_has_key = (ci != NULL);
	dput(dir);

	/*
	 * If the dentry was cached without the key, and it is a
	 * negative dentry, it might be a valid name.  We can't check
	 * if the key has since been made available due to locking
	 * reasons, so we fail the validation so ext4_lookup() can do
	 * this check.
	 *
	 * We also fail the validation if the dentry was created with
	 * the key present, but we no longer have the key, or vice versa.
	 */
	if ((!cached_with_key && d_is_negative(dentry)) ||
			(!cached_with_key && dir_has_key) ||
			(cached_with_key && !dir_has_key))
		return 0;
	return 1;
}

const struct dentry_operations fscrypt_d_ops = {
	.d_revalidate = fscrypt_d_revalidate,
};
EXPORT_SYMBOL(fscrypt_d_ops);

/*
 * Call fscrypt_decrypt_page on every single page, reusing the encryption
 * context.
 */
static void completion_pages(struct work_struct *work)
{
	struct fscrypt_ctx *ctx =
		container_of(work, struct fscrypt_ctx, r.work);
	struct bio *bio = ctx->r.bio;
	struct bio_vec *bv;
	int i;

	bio_for_each_segment_all(bv, bio, i) {
		struct page *page = bv->bv_page;
		int ret = fscrypt_decrypt_page(page);

		if (ret) {
			WARN_ON_ONCE(1);
			SetPageError(page);
		} else {
			SetPageUptodate(page);
		}
		unlock_page(page);
	}
	fscrypt_release_ctx(ctx);
	bio_put(bio);
}

void fscrypt_decrypt_bio_pages(struct fscrypt_ctx *ctx, struct bio *bio)
{
	INIT_WORK(&ctx->r.work, completion_pages);
	ctx->r.bio = bio;
	queue_work(fscrypt_read_workqueue, &ctx->r.work);
}
EXPORT_SYMBOL(fscrypt_decrypt_bio_pages);

void fscrypt_pullback_bio_page(struct page **page, bool restore)
{
	struct fscrypt_ctx *ctx;
	struct page *bounce_page;

	/* The bounce data pages are unmapped. */
	if ((*page)->mapping)
		return;

	/* The bounce data page is unmapped. */
	bounce_page = *page;
	ctx = (struct fscrypt_ctx *)page_private(bounce_page);

	/* restore control page */
	*page = ctx->w.control_page;

	if (restore)
		fscrypt_restore_control_page(bounce_page);
}
EXPORT_SYMBOL(fscrypt_pullback_bio_page);

void fscrypt_restore_control_page(struct page *page)
{
	struct fscrypt_ctx *ctx;

	ctx = (struct fscrypt_ctx *)page_private(page);
	set_page_private(page, (unsigned long)NULL);
	ClearPagePrivate(page);
	unlock_page(page);
	fscrypt_release_ctx(ctx);
}
EXPORT_SYMBOL(fscrypt_restore_control_page);

static void fscrypt_destroy(void)
{
	struct fscrypt_ctx *pos, *n;

	list_for_each_entry_safe(pos, n, &fscrypt_free_ctxs, free_list)
		kmem_cache_free(fscrypt_ctx_cachep, pos);
	INIT_LIST_HEAD(&fscrypt_free_ctxs);
	mempool_destroy(fscrypt_bounce_page_pool);
	fscrypt_bounce_page_pool = NULL;
}

/**
 * fscrypt_initialize() - allocate major buffers for fs encryption.
 *
 * We only call this when we start accessing encrypted files, since it
 * results in memory getting allocated that wouldn't otherwise be used.
 *
 * Return: Zero on success, non-zero otherwise.
 */
int fscrypt_initialize(void)
{
	int i, res = -ENOMEM;

	if (fscrypt_bounce_page_pool)
		return 0;

	mutex_lock(&fscrypt_init_mutex);
	if (fscrypt_bounce_page_pool)
		goto already_initialized;

	for (i = 0; i < num_prealloc_crypto_ctxs; i++) {
		struct fscrypt_ctx *ctx;

		ctx = kmem_cache_zalloc(fscrypt_ctx_cachep, GFP_NOFS);
		if (!ctx)
			goto fail;
		list_add(&ctx->free_list, &fscrypt_free_ctxs);
	}

	fscrypt_bounce_page_pool =
		mempool_create_page_pool(num_prealloc_crypto_pages, 0);
	if (!fscrypt_bounce_page_pool)
		goto fail;

already_initialized:
	mutex_unlock(&fscrypt_init_mutex);
	return 0;
fail:
	fscrypt_destroy();
	mutex_unlock(&fscrypt_init_mutex);
	return res;
}
EXPORT_SYMBOL(fscrypt_initialize);

/**
 * fscrypt_init() - Set up for fs encryption.
 */
static int __init fscrypt_init(void)
{
	fscrypt_read_workqueue = alloc_workqueue("fscrypt_read_queue",
							WQ_HIGHPRI, 0);
	if (!fscrypt_read_workqueue)
		goto fail;

	fscrypt_ctx_cachep = KMEM_CACHE(fscrypt_ctx, SLAB_RECLAIM_ACCOUNT);
	if (!fscrypt_ctx_cachep)
		goto fail_free_queue;

	fscrypt_info_cachep = KMEM_CACHE(fscrypt_info, SLAB_RECLAIM_ACCOUNT);
	if (!fscrypt_info_cachep)
		goto fail_free_ctx;

	return 0;

fail_free_ctx:
	kmem_cache_destroy(fscrypt_ctx_cachep);
fail_free_queue:
	destroy_workqueue(fscrypt_read_workqueue);
fail:
	return -ENOMEM;
}
module_init(fscrypt_init)

/**
 * fscrypt_exit() - Shutdown the fs encryption system
 */
static void __exit fscrypt_exit(void)
{
	fscrypt_destroy();

	if (fscrypt_read_workqueue)
		destroy_workqueue(fscrypt_read_workqueue);
	kmem_cache_destroy(fscrypt_ctx_cachep);
	kmem_cache_destroy(fscrypt_info_cachep);
}
module_exit(fscrypt_exit);

MODULE_LICENSE("GPL");
Commit	Line	Data
0b81d077 JK	1	/*
	2	* This contains encryption functions for per-file encryption.
	3	*
	4	* Copyright (C) 2015, Google, Inc.
	5	* Copyright (C) 2015, Motorola Mobility
	6	*
	7	* Written by Michael Halcrow, 2014.
	8	*
	9	* Filename encryption additions
	10	* Uday Savagaonkar, 2014
	11	* Encryption policy handling additions
	12	* Ildar Muslukhov, 2014
	13	* Add fscrypt_pullback_bio_page()
	14	* Jaegeuk Kim, 2015.
	15	*
	16	* This has not yet undergone a rigorous security audit.
	17	*
	18	* The usage of AES-XTS should conform to recommendations in NIST
	19	* Special Publication 800-38E and IEEE P1619/D16.
	20	*/
	21
0b81d077 JK	22	#include <linux/pagemap.h>
	23	#include <linux/mempool.h>
	24	#include <linux/module.h>
	25	#include <linux/scatterlist.h>
	26	#include <linux/ratelimit.h>
	27	#include <linux/bio.h>
	28	#include <linux/dcache.h>
03a8bb0e	29	#include <linux/namei.h>
0b81d077	30	#include <linux/fscrypto.h>
d407574e	31	#include <linux/ecryptfs.h>
0b81d077 JK	32
	33	static unsigned int num_prealloc_crypto_pages = 32;
	34	static unsigned int num_prealloc_crypto_ctxs = 128;
	35
	36	module_param(num_prealloc_crypto_pages, uint, 0444);
	37	MODULE_PARM_DESC(num_prealloc_crypto_pages,
	38	"Number of crypto pages to preallocate");
	39	module_param(num_prealloc_crypto_ctxs, uint, 0444);
	40	MODULE_PARM_DESC(num_prealloc_crypto_ctxs,
	41	"Number of crypto contexts to preallocate");
	42
	43	static mempool_t *fscrypt_bounce_page_pool = NULL;
	44
	45	static LIST_HEAD(fscrypt_free_ctxs);
	46	static DEFINE_SPINLOCK(fscrypt_ctx_lock);
	47
	48	static struct workqueue_struct *fscrypt_read_workqueue;
	49	static DEFINE_MUTEX(fscrypt_init_mutex);
	50
	51	static struct kmem_cache *fscrypt_ctx_cachep;
	52	struct kmem_cache *fscrypt_info_cachep;
	53
	54	/**
	55	* fscrypt_release_ctx() - Releases an encryption context
	56	* @ctx: The encryption context to release.
	57	*
	58	* If the encryption context was allocated from the pre-allocated pool, returns
	59	* it to that pool. Else, frees it.
	60	*
	61	* If there's a bounce page in the context, this frees that.
	62	*/
	63	void fscrypt_release_ctx(struct fscrypt_ctx *ctx)
	64	{
	65	unsigned long flags;
	66
	67	if (ctx->flags & FS_WRITE_PATH_FL && ctx->w.bounce_page) {
	68	mempool_free(ctx->w.bounce_page, fscrypt_bounce_page_pool);
	69	ctx->w.bounce_page = NULL;
	70	}
	71	ctx->w.control_page = NULL;
	72	if (ctx->flags & FS_CTX_REQUIRES_FREE_ENCRYPT_FL) {
	73	kmem_cache_free(fscrypt_ctx_cachep, ctx);
	74	} else {
	75	spin_lock_irqsave(&fscrypt_ctx_lock, flags);
	76	list_add(&ctx->free_list, &fscrypt_free_ctxs);
	77	spin_unlock_irqrestore(&fscrypt_ctx_lock, flags);
	78	}
	79	}
	80	EXPORT_SYMBOL(fscrypt_release_ctx);
	81
	82	/**
	83	* fscrypt_get_ctx() - Gets an encryption context
	84	* @inode: The inode for which we are doing the crypto
b32e4482	85	* @gfp_flags: The gfp flag for memory allocation
0b81d077 JK	86	*
	87	* Allocates and initializes an encryption context.
	88	*
	89	* Return: An allocated and initialized encryption context on success; error
	90	* value or NULL otherwise.
	91	*/
b32e4482	92	struct fscrypt_ctx fscrypt_get_ctx(struct inode inode, gfp_t gfp_flags)
0b81d077 JK	93	{
	94	struct fscrypt_ctx *ctx = NULL;
	95	struct fscrypt_info *ci = inode->i_crypt_info;
	96	unsigned long flags;
	97
	98	if (ci == NULL)
	99	return ERR_PTR(-ENOKEY);
	100
	101	/*
	102	* We first try getting the ctx from a free list because in
	103	* the common case the ctx will have an allocated and
	104	* initialized crypto tfm, so it's probably a worthwhile
	105	* optimization. For the bounce page, we first try getting it
	106	* from the kernel allocator because that's just about as fast
	107	* as getting it from a list and because a cache of free pages
	108	* should generally be a "last resort" option for a filesystem
	109	* to be able to do its job.
	110	*/
	111	spin_lock_irqsave(&fscrypt_ctx_lock, flags);
	112	ctx = list_first_entry_or_null(&fscrypt_free_ctxs,
	113	struct fscrypt_ctx, free_list);
	114	if (ctx)
	115	list_del(&ctx->free_list);
	116	spin_unlock_irqrestore(&fscrypt_ctx_lock, flags);
	117	if (!ctx) {
b32e4482	118	ctx = kmem_cache_zalloc(fscrypt_ctx_cachep, gfp_flags);
0b81d077 JK	119	if (!ctx)
	120	return ERR_PTR(-ENOMEM);
	121	ctx->flags \|= FS_CTX_REQUIRES_FREE_ENCRYPT_FL;
	122	} else {
	123	ctx->flags &= ~FS_CTX_REQUIRES_FREE_ENCRYPT_FL;
	124	}
	125	ctx->flags &= ~FS_WRITE_PATH_FL;
	126	return ctx;
	127	}
	128	EXPORT_SYMBOL(fscrypt_get_ctx);
	129
	130	/**
	131	* fscrypt_complete() - The completion callback for page encryption
	132	* @req: The asynchronous encryption request context
	133	* @res: The result of the encryption operation
	134	*/
	135	static void fscrypt_complete(struct crypto_async_request *req, int res)
	136	{
	137	struct fscrypt_completion_result *ecr = req->data;
	138
	139	if (res == -EINPROGRESS)
	140	return;
	141	ecr->res = res;
	142	complete(&ecr->completion);
	143	}
	144
	145	typedef enum {
	146	FS_DECRYPT = 0,
	147	FS_ENCRYPT,
	148	} fscrypt_direction_t;
	149
	150	static int do_page_crypto(struct inode *inode,
	151	fscrypt_direction_t rw, pgoff_t index,
b32e4482 JK	152	struct page src_page, struct page dest_page,
b32e4482 JK	153	gfp_t gfp_flags)
0b81d077 JK	154	{
0b81d077 JK	155	u8 xts_tweak[FS_XTS_TWEAK_SIZE];
d407574e	156	struct skcipher_request *req = NULL;
0b81d077 JK	157	DECLARE_FS_COMPLETION_RESULT(ecr);
	158	struct scatterlist dst, src;
	159	struct fscrypt_info *ci = inode->i_crypt_info;
d407574e	160	struct crypto_skcipher *tfm = ci->ci_ctfm;
0b81d077 JK	161	int res = 0;
0b81d077 JK	162
b32e4482	163	req = skcipher_request_alloc(tfm, gfp_flags);
0b81d077 JK	164	if (!req) {
	165	printk_ratelimited(KERN_ERR
	166	"%s: crypto_request_alloc() failed\n",
	167	__func__);
	168	return -ENOMEM;
	169	}
	170
d407574e	171	skcipher_request_set_callback(
0b81d077 JK	172	req, CRYPTO_TFM_REQ_MAY_BACKLOG \| CRYPTO_TFM_REQ_MAY_SLEEP,
	173	fscrypt_complete, &ecr);
	174
	175	BUILD_BUG_ON(FS_XTS_TWEAK_SIZE < sizeof(index));
02fc59a0	176	memcpy(xts_tweak, &index, sizeof(index));
0b81d077 JK	177	memset(&xts_tweak[sizeof(index)], 0,
	178	FS_XTS_TWEAK_SIZE - sizeof(index));
	179
	180	sg_init_table(&dst, 1);
09cbfeaf	181	sg_set_page(&dst, dest_page, PAGE_SIZE, 0);
0b81d077	182	sg_init_table(&src, 1);
09cbfeaf KS	183	sg_set_page(&src, src_page, PAGE_SIZE, 0);
09cbfeaf KS	184	skcipher_request_set_crypt(req, &src, &dst, PAGE_SIZE,
0b81d077 JK	185	xts_tweak);
0b81d077 JK	186	if (rw == FS_DECRYPT)
d407574e	187	res = crypto_skcipher_decrypt(req);
0b81d077	188	else
d407574e	189	res = crypto_skcipher_encrypt(req);
0b81d077 JK	190	if (res == -EINPROGRESS \|\| res == -EBUSY) {
	191	BUG_ON(req->base.data != &ecr);
	192	wait_for_completion(&ecr.completion);
	193	res = ecr.res;
	194	}
d407574e	195	skcipher_request_free(req);
0b81d077 JK	196	if (res) {
0b81d077 JK	197	printk_ratelimited(KERN_ERR
d407574e	198	"%s: crypto_skcipher_encrypt() returned %d\n",
0b81d077 JK	199	__func__, res);
	200	return res;
	201	}
	202	return 0;
	203	}
	204
b32e4482	205	static struct page alloc_bounce_page(struct fscrypt_ctx ctx, gfp_t gfp_flags)
0b81d077	206	{
b32e4482	207	ctx->w.bounce_page = mempool_alloc(fscrypt_bounce_page_pool, gfp_flags);
0b81d077 JK	208	if (ctx->w.bounce_page == NULL)
	209	return ERR_PTR(-ENOMEM);
	210	ctx->flags \|= FS_WRITE_PATH_FL;
	211	return ctx->w.bounce_page;
	212	}
	213
	214	/**
	215	* fscypt_encrypt_page() - Encrypts a page
	216	* @inode: The inode for which the encryption should take place
	217	* @plaintext_page: The page to encrypt. Must be locked.
b32e4482	218	* @gfp_flags: The gfp flag for memory allocation
0b81d077 JK	219	*
	220	* Allocates a ciphertext page and encrypts plaintext_page into it using the ctx
	221	* encryption context.
	222	*
	223	* Called on the page write path. The caller must call
	224	* fscrypt_restore_control_page() on the returned ciphertext page to
	225	* release the bounce buffer and the encryption context.
	226	*
	227	* Return: An allocated page with the encrypted content on success. Else, an
	228	* error value or NULL.
	229	*/
	230	struct page fscrypt_encrypt_page(struct inode inode,
b32e4482	231	struct page *plaintext_page, gfp_t gfp_flags)
0b81d077 JK	232	{
	233	struct fscrypt_ctx *ctx;
	234	struct page *ciphertext_page = NULL;
	235	int err;
	236
	237	BUG_ON(!PageLocked(plaintext_page));
	238
b32e4482	239	ctx = fscrypt_get_ctx(inode, gfp_flags);
0b81d077 JK	240	if (IS_ERR(ctx))
	241	return (struct page *)ctx;
	242
	243	/* The encryption operation will require a bounce page. */
b32e4482	244	ciphertext_page = alloc_bounce_page(ctx, gfp_flags);
0b81d077 JK	245	if (IS_ERR(ciphertext_page))
	246	goto errout;
	247
	248	ctx->w.control_page = plaintext_page;
	249	err = do_page_crypto(inode, FS_ENCRYPT, plaintext_page->index,
b32e4482 JK	250	plaintext_page, ciphertext_page,
b32e4482 JK	251	gfp_flags);
0b81d077 JK	252	if (err) {
	253	ciphertext_page = ERR_PTR(err);
	254	goto errout;
	255	}
	256	SetPagePrivate(ciphertext_page);
	257	set_page_private(ciphertext_page, (unsigned long)ctx);
	258	lock_page(ciphertext_page);
	259	return ciphertext_page;
	260
	261	errout:
	262	fscrypt_release_ctx(ctx);
	263	return ciphertext_page;
	264	}
	265	EXPORT_SYMBOL(fscrypt_encrypt_page);
	266
	267	/**
	268	* f2crypt_decrypt_page() - Decrypts a page in-place
	269	* @page: The page to decrypt. Must be locked.
	270	*
	271	* Decrypts page in-place using the ctx encryption context.
	272	*
	273	* Called from the read completion callback.
	274	*
	275	* Return: Zero on success, non-zero otherwise.
	276	*/
	277	int fscrypt_decrypt_page(struct page *page)
	278	{
	279	BUG_ON(!PageLocked(page));
	280
	281	return do_page_crypto(page->mapping->host,
b32e4482	282	FS_DECRYPT, page->index, page, page, GFP_NOFS);
0b81d077 JK	283	}
	284	EXPORT_SYMBOL(fscrypt_decrypt_page);
	285
	286	int fscrypt_zeroout_range(struct inode *inode, pgoff_t lblk,
	287	sector_t pblk, unsigned int len)
	288	{
	289	struct fscrypt_ctx *ctx;
	290	struct page *ciphertext_page = NULL;
	291	struct bio *bio;
	292	int ret, err = 0;
	293
09cbfeaf	294	BUG_ON(inode->i_sb->s_blocksize != PAGE_SIZE);
0b81d077	295
b32e4482	296	ctx = fscrypt_get_ctx(inode, GFP_NOFS);
0b81d077 JK	297	if (IS_ERR(ctx))
	298	return PTR_ERR(ctx);
	299
b32e4482	300	ciphertext_page = alloc_bounce_page(ctx, GFP_NOWAIT);
0b81d077 JK	301	if (IS_ERR(ciphertext_page)) {
	302	err = PTR_ERR(ciphertext_page);
	303	goto errout;
	304	}
	305
	306	while (len--) {
	307	err = do_page_crypto(inode, FS_ENCRYPT, lblk,
b32e4482 JK	308	ZERO_PAGE(0), ciphertext_page,
b32e4482 JK	309	GFP_NOFS);
0b81d077 JK	310	if (err)
	311	goto errout;
	312
b32e4482	313	bio = bio_alloc(GFP_NOWAIT, 1);
0b81d077 JK	314	if (!bio) {
	315	err = -ENOMEM;
	316	goto errout;
	317	}
	318	bio->bi_bdev = inode->i_sb->s_bdev;
	319	bio->bi_iter.bi_sector =
	320	pblk << (inode->i_sb->s_blocksize_bits - 9);
95fe6c1a	321	bio_set_op_attrs(bio, REQ_OP_WRITE, 0);
0b81d077 JK	322	ret = bio_add_page(bio, ciphertext_page,
	323	inode->i_sb->s_blocksize, 0);
	324	if (ret != inode->i_sb->s_blocksize) {
	325	/* should never happen! */
	326	WARN_ON(1);
	327	bio_put(bio);
	328	err = -EIO;
	329	goto errout;
	330	}
4e49ea4a	331	err = submit_bio_wait(bio);
0b81d077 JK	332	if ((err == 0) && bio->bi_error)
	333	err = -EIO;
	334	bio_put(bio);
	335	if (err)
	336	goto errout;
	337	lblk++;
	338	pblk++;
	339	}
	340	err = 0;
	341	errout:
	342	fscrypt_release_ctx(ctx);
	343	return err;
	344	}
	345	EXPORT_SYMBOL(fscrypt_zeroout_range);
	346
	347	/*
	348	* Validate dentries for encrypted directories to make sure we aren't
	349	* potentially caching stale data after a key has been added or
	350	* removed.
	351	*/
	352	static int fscrypt_d_revalidate(struct dentry *dentry, unsigned int flags)
	353	{
d7d75352 JK	354	struct dentry *dir;
d7d75352 JK	355	struct fscrypt_info *ci;
0b81d077 JK	356	int dir_has_key, cached_with_key;
0b81d077 JK	357
03a8bb0e JK	358	if (flags & LOOKUP_RCU)
	359	return -ECHILD;
	360
d7d75352 JK	361	dir = dget_parent(dentry);
	362	if (!d_inode(dir)->i_sb->s_cop->is_encrypted(d_inode(dir))) {
	363	dput(dir);
0b81d077	364	return 0;
d7d75352	365	}
0b81d077	366
d7d75352	367	ci = d_inode(dir)->i_crypt_info;
0b81d077 JK	368	if (ci && ci->ci_keyring_key &&
	369	(ci->ci_keyring_key->flags & ((1 << KEY_FLAG_INVALIDATED) \|
	370	(1 << KEY_FLAG_REVOKED) \|
	371	(1 << KEY_FLAG_DEAD))))
	372	ci = NULL;
	373
	374	/* this should eventually be an flag in d_flags */
	375	spin_lock(&dentry->d_lock);
	376	cached_with_key = dentry->d_flags & DCACHE_ENCRYPTED_WITH_KEY;
	377	spin_unlock(&dentry->d_lock);
	378	dir_has_key = (ci != NULL);
d7d75352	379	dput(dir);
0b81d077 JK	380
	381	/*
	382	* If the dentry was cached without the key, and it is a
	383	* negative dentry, it might be a valid name. We can't check
	384	* if the key has since been made available due to locking
	385	* reasons, so we fail the validation so ext4_lookup() can do
	386	* this check.
	387	*
	388	* We also fail the validation if the dentry was created with
	389	* the key present, but we no longer have the key, or vice versa.
	390	*/
	391	if ((!cached_with_key && d_is_negative(dentry)) \|\|
	392	(!cached_with_key && dir_has_key) \|\|
	393	(cached_with_key && !dir_has_key))
	394	return 0;
	395	return 1;
	396	}
	397
	398	const struct dentry_operations fscrypt_d_ops = {
	399	.d_revalidate = fscrypt_d_revalidate,
	400	};
	401	EXPORT_SYMBOL(fscrypt_d_ops);
	402
	403	/*
	404	* Call fscrypt_decrypt_page on every single page, reusing the encryption
	405	* context.
	406	*/
	407	static void completion_pages(struct work_struct *work)
	408	{
	409	struct fscrypt_ctx *ctx =
	410	container_of(work, struct fscrypt_ctx, r.work);
	411	struct bio *bio = ctx->r.bio;
	412	struct bio_vec *bv;
	413	int i;
	414
	415	bio_for_each_segment_all(bv, bio, i) {
	416	struct page *page = bv->bv_page;
	417	int ret = fscrypt_decrypt_page(page);
	418
	419	if (ret) {
	420	WARN_ON_ONCE(1);
	421	SetPageError(page);
	422	} else {
	423	SetPageUptodate(page);
	424	}
	425	unlock_page(page);
	426	}
	427	fscrypt_release_ctx(ctx);
	428	bio_put(bio);
	429	}
	430
	431	void fscrypt_decrypt_bio_pages(struct fscrypt_ctx ctx, struct bio bio)
	432	{
	433	INIT_WORK(&ctx->r.work, completion_pages);
	434	ctx->r.bio = bio;
	435	queue_work(fscrypt_read_workqueue, &ctx->r.work);
	436	}
	437	EXPORT_SYMBOL(fscrypt_decrypt_bio_pages);
	438
	439	void fscrypt_pullback_bio_page(struct page **page, bool restore)
	440	{
	441	struct fscrypt_ctx *ctx;
	442	struct page *bounce_page;
	443
444	/* The bounce data pages are unmapped. */
445	if ((*page)->mapping)
446	return;
447
448	/* The bounce data page is unmapped. */
449	bounce_page = *page;
450	ctx = (struct fscrypt_ctx *)page_private(bounce_page);
451
452	/* restore control page */
453	*page = ctx->w.control_page;
454
455	if (restore)
456	fscrypt_restore_control_page(bounce_page);
457	}
458	EXPORT_SYMBOL(fscrypt_pullback_bio_page);
459
460	void fscrypt_restore_control_page(struct page *page)
461	{
462	struct fscrypt_ctx *ctx;
463
464	ctx = (struct fscrypt_ctx *)page_private(page);
465	set_page_private(page, (unsigned long)NULL);
466	ClearPagePrivate(page);
467	unlock_page(page);
468	fscrypt_release_ctx(ctx);
469	}
470	EXPORT_SYMBOL(fscrypt_restore_control_page);
471
472	static void fscrypt_destroy(void)
473	{
474	struct fscrypt_ctx pos, n;
475
476	list_for_each_entry_safe(pos, n, &fscrypt_free_ctxs, free_list)
477	kmem_cache_free(fscrypt_ctx_cachep, pos);
478	INIT_LIST_HEAD(&fscrypt_free_ctxs);
479	mempool_destroy(fscrypt_bounce_page_pool);
480	fscrypt_bounce_page_pool = NULL;
481	}
482
483	/**
484	* fscrypt_initialize() - allocate major buffers for fs encryption.
485	*
486	* We only call this when we start accessing encrypted files, since it
487	* results in memory getting allocated that wouldn't otherwise be used.
488	*
489	* Return: Zero on success, non-zero otherwise.
490	*/
491	int fscrypt_initialize(void)
492	{
493	int i, res = -ENOMEM;
494
495	if (fscrypt_bounce_page_pool)
496	return 0;
497
498	mutex_lock(&fscrypt_init_mutex);
499	if (fscrypt_bounce_page_pool)
500	goto already_initialized;
501
502	for (i = 0; i < num_prealloc_crypto_ctxs; i++) {
503	struct fscrypt_ctx *ctx;
504
505	ctx = kmem_cache_zalloc(fscrypt_ctx_cachep, GFP_NOFS);
506	if (!ctx)
507	goto fail;
508	list_add(&ctx->free_list, &fscrypt_free_ctxs);
509	}
510
511	fscrypt_bounce_page_pool =
512	mempool_create_page_pool(num_prealloc_crypto_pages, 0);
513	if (!fscrypt_bounce_page_pool)
514	goto fail;
515
516	already_initialized:
517	mutex_unlock(&fscrypt_init_mutex);
518	return 0;
519	fail:
520	fscrypt_destroy();
521	mutex_unlock(&fscrypt_init_mutex);
522	return res;
523	}
524	EXPORT_SYMBOL(fscrypt_initialize);
525
526	/**
527	* fscrypt_init() - Set up for fs encryption.
528	*/
529	static int __init fscrypt_init(void)
530	{
531	fscrypt_read_workqueue = alloc_workqueue("fscrypt_read_queue",
532	WQ_HIGHPRI, 0);
533	if (!fscrypt_read_workqueue)
534	goto fail;
535
536	fscrypt_ctx_cachep = KMEM_CACHE(fscrypt_ctx, SLAB_RECLAIM_ACCOUNT);
537	if (!fscrypt_ctx_cachep)
538	goto fail_free_queue;
539
540	fscrypt_info_cachep = KMEM_CACHE(fscrypt_info, SLAB_RECLAIM_ACCOUNT);
541	if (!fscrypt_info_cachep)
542	goto fail_free_ctx;
543
544	return 0;
545
546	fail_free_ctx:
547	kmem_cache_destroy(fscrypt_ctx_cachep);
548	fail_free_queue:
549	destroy_workqueue(fscrypt_read_workqueue);
550	fail:
551	return -ENOMEM;
552	}
553	module_init(fscrypt_init)
554
555	/**
556	* fscrypt_exit() - Shutdown the fs encryption system
557	*/
558	static void __exit fscrypt_exit(void)
559	{
560	fscrypt_destroy();
561
562	if (fscrypt_read_workqueue)
563	destroy_workqueue(fscrypt_read_workqueue);
564	kmem_cache_destroy(fscrypt_ctx_cachep);
565	kmem_cache_destroy(fscrypt_info_cachep);
566	}
567	module_exit(fscrypt_exit);
568
569	MODULE_LICENSE("GPL");