1// SPDX-License-Identifier: GPL-2.0
  2
  3#include <linux/quotaops.h>
  4#include <linux/uuid.h>
  5
  6#include "ext4.h"
  7#include "xattr.h"
  8#include "ext4_jbd2.h"
  9
 10static void ext4_fname_from_fscrypt_name(struct ext4_filename *dst,
 11					 const struct fscrypt_name *src)
 12{
 13	memset(dst, 0, sizeof(*dst));
 14
 15	dst->usr_fname = src->usr_fname;
 16	dst->disk_name = src->disk_name;
 17	dst->hinfo.hash = src->hash;
 18	dst->hinfo.minor_hash = src->minor_hash;
 19	dst->crypto_buf = src->crypto_buf;
 20}
 21
 22int ext4_fname_setup_filename(struct inode *dir, const struct qstr *iname,
 23			      int lookup, struct ext4_filename *fname)
 24{
 25	struct fscrypt_name name;
 26	int err;
 27
 28	err = fscrypt_setup_filename(dir, iname, lookup, &name);
 29	if (err)
 30		return err;
 31
 32	ext4_fname_from_fscrypt_name(fname, &name);
 33
 34#if IS_ENABLED(CONFIG_UNICODE)
 35	err = ext4_fname_setup_ci_filename(dir, iname, fname);
 36#endif
 37	return err;
 38}
 39
 40int ext4_fname_prepare_lookup(struct inode *dir, struct dentry *dentry,
 41			      struct ext4_filename *fname)
 42{
 43	struct fscrypt_name name;
 44	int err;
 45
 46	err = fscrypt_prepare_lookup(dir, dentry, &name);
 47	if (err)
 48		return err;
 49
 50	ext4_fname_from_fscrypt_name(fname, &name);
 51
 52#if IS_ENABLED(CONFIG_UNICODE)
 53	err = ext4_fname_setup_ci_filename(dir, &dentry->d_name, fname);
 54#endif
 55	return err;
 56}
 57
 58void ext4_fname_free_filename(struct ext4_filename *fname)
 59{
 60	struct fscrypt_name name;
 61
 62	name.crypto_buf = fname->crypto_buf;
 63	fscrypt_free_filename(&name);
 64
 65	fname->crypto_buf.name = NULL;
 66	fname->usr_fname = NULL;
 67	fname->disk_name.name = NULL;
 68
 69#if IS_ENABLED(CONFIG_UNICODE)
 70	kfree(fname->cf_name.name);
 71	fname->cf_name.name = NULL;
 72#endif
 73}
 74
 75static bool uuid_is_zero(__u8 u[16])
 76{
 77	int i;
 78
 79	for (i = 0; i < 16; i++)
 80		if (u[i])
 81			return false;
 82	return true;
 83}
 84
 85int ext4_ioctl_get_encryption_pwsalt(struct file *filp, void __user *arg)
 86{
 87	struct super_block *sb = file_inode(filp)->i_sb;
 88	struct ext4_sb_info *sbi = EXT4_SB(sb);
 89	int err, err2;
 90	handle_t *handle;
 91
 92	if (!ext4_has_feature_encrypt(sb))
 93		return -EOPNOTSUPP;
 94
 95	if (uuid_is_zero(sbi->s_es->s_encrypt_pw_salt)) {
 96		err = mnt_want_write_file(filp);
 97		if (err)
 98			return err;
 99		handle = ext4_journal_start_sb(sb, EXT4_HT_MISC, 1);
100		if (IS_ERR(handle)) {
101			err = PTR_ERR(handle);
102			goto pwsalt_err_exit;
103		}
104		err = ext4_journal_get_write_access(handle, sb, sbi->s_sbh,
105						    EXT4_JTR_NONE);
106		if (err)
107			goto pwsalt_err_journal;
108		lock_buffer(sbi->s_sbh);
109		generate_random_uuid(sbi->s_es->s_encrypt_pw_salt);
110		ext4_superblock_csum_set(sb);
111		unlock_buffer(sbi->s_sbh);
112		err = ext4_handle_dirty_metadata(handle, NULL, sbi->s_sbh);
113pwsalt_err_journal:
114		err2 = ext4_journal_stop(handle);
115		if (err2 && !err)
116			err = err2;
117pwsalt_err_exit:
118		mnt_drop_write_file(filp);
119		if (err)
120			return err;
121	}
122
123	if (copy_to_user(arg, sbi->s_es->s_encrypt_pw_salt, 16))
124		return -EFAULT;
125	return 0;
126}
127
128static int ext4_get_context(struct inode *inode, void *ctx, size_t len)
129{
130	return ext4_xattr_get(inode, EXT4_XATTR_INDEX_ENCRYPTION,
131				 EXT4_XATTR_NAME_ENCRYPTION_CONTEXT, ctx, len);
132}
133
134static int ext4_set_context(struct inode *inode, const void *ctx, size_t len,
135							void *fs_data)
136{
137	handle_t *handle = fs_data;
138	int res, res2, credits, retries = 0;
139
140	/*
141	 * Encrypting the root directory is not allowed because e2fsck expects
142	 * lost+found to exist and be unencrypted, and encrypting the root
143	 * directory would imply encrypting the lost+found directory as well as
144	 * the filename "lost+found" itself.
145	 */
146	if (inode->i_ino == EXT4_ROOT_INO)
147		return -EPERM;
148
149	if (WARN_ON_ONCE(IS_DAX(inode) && i_size_read(inode)))
150		return -EINVAL;
151
152	if (ext4_test_inode_flag(inode, EXT4_INODE_DAX))
153		return -EOPNOTSUPP;
154
155	res = ext4_convert_inline_data(inode);
156	if (res)
157		return res;
158
159	/*
160	 * If a journal handle was specified, then the encryption context is
161	 * being set on a new inode via inheritance and is part of a larger
162	 * transaction to create the inode.  Otherwise the encryption context is
163	 * being set on an existing inode in its own transaction.  Only in the
164	 * latter case should the "retry on ENOSPC" logic be used.
165	 */
166
167	if (handle) {
168		res = ext4_xattr_set_handle(handle, inode,
169					    EXT4_XATTR_INDEX_ENCRYPTION,
170					    EXT4_XATTR_NAME_ENCRYPTION_CONTEXT,
171					    ctx, len, 0);
172		if (!res) {
173			ext4_set_inode_flag(inode, EXT4_INODE_ENCRYPT);
174			ext4_clear_inode_state(inode,
175					EXT4_STATE_MAY_INLINE_DATA);
176			/*
177			 * Update inode->i_flags - S_ENCRYPTED will be enabled,
178			 * S_DAX may be disabled
179			 */
180			ext4_set_inode_flags(inode, false);
181		}
182		return res;
183	}
184
185	res = dquot_initialize(inode);
186	if (res)
187		return res;
188retry:
189	res = ext4_xattr_set_credits(inode, len, false /* is_create */,
190				     &credits);
191	if (res)
192		return res;
193
194	handle = ext4_journal_start(inode, EXT4_HT_MISC, credits);
195	if (IS_ERR(handle))
196		return PTR_ERR(handle);
197
198	res = ext4_xattr_set_handle(handle, inode, EXT4_XATTR_INDEX_ENCRYPTION,
199				    EXT4_XATTR_NAME_ENCRYPTION_CONTEXT,
200				    ctx, len, 0);
201	if (!res) {
202		ext4_set_inode_flag(inode, EXT4_INODE_ENCRYPT);
203		/*
204		 * Update inode->i_flags - S_ENCRYPTED will be enabled,
205		 * S_DAX may be disabled
206		 */
207		ext4_set_inode_flags(inode, false);
208		res = ext4_mark_inode_dirty(handle, inode);
209		if (res)
210			EXT4_ERROR_INODE(inode, "Failed to mark inode dirty");
211	}
212	res2 = ext4_journal_stop(handle);
213
214	if (res == -ENOSPC && ext4_should_retry_alloc(inode->i_sb, &retries))
215		goto retry;
216	if (!res)
217		res = res2;
218	return res;
219}
220
221static const union fscrypt_policy *ext4_get_dummy_policy(struct super_block *sb)
222{
223	return EXT4_SB(sb)->s_dummy_enc_policy.policy;
224}
225
226static bool ext4_has_stable_inodes(struct super_block *sb)
227{
228	return ext4_has_feature_stable_inodes(sb);
229}
230
231static void ext4_get_ino_and_lblk_bits(struct super_block *sb,
232				       int *ino_bits_ret, int *lblk_bits_ret)
233{
234	*ino_bits_ret = 8 * sizeof(EXT4_SB(sb)->s_es->s_inodes_count);
235	*lblk_bits_ret = 8 * sizeof(ext4_lblk_t);
236}
237
238const struct fscrypt_operations ext4_cryptops = {
239	.key_prefix		= "ext4:",
240	.get_context		= ext4_get_context,
241	.set_context		= ext4_set_context,
242	.get_dummy_policy	= ext4_get_dummy_policy,
243	.empty_dir		= ext4_empty_dir,
244	.has_stable_inodes	= ext4_has_stable_inodes,
245	.get_ino_and_lblk_bits	= ext4_get_ino_and_lblk_bits,
246};