[linux-2.6-block.git] / fs / crypto / crypto.c

/*
 * This contains encryption functions for per-file encryption.
 *
 * Copyright (C) 2015, Google, Inc.
 * Copyright (C) 2015, Motorola Mobility
 *
 * Written by Michael Halcrow, 2014.
 *
 * Filename encryption additions
 *	Uday Savagaonkar, 2014
 * Encryption policy handling additions
 *	Ildar Muslukhov, 2014
 * Add fscrypt_pullback_bio_page()
 *	Jaegeuk Kim, 2015.
 *
 * This has not yet undergone a rigorous security audit.
 *
 * The usage of AES-XTS should conform to recommendations in NIST
 * Special Publication 800-38E and IEEE P1619/D16.
 */

#include <linux/pagemap.h>
#include <linux/mempool.h>
#include <linux/module.h>
#include <linux/scatterlist.h>
#include <linux/ratelimit.h>
#include <linux/bio.h>
#include <linux/dcache.h>
#include <linux/namei.h>
#include <linux/fscrypto.h>

static unsigned int num_prealloc_crypto_pages = 32;
static unsigned int num_prealloc_crypto_ctxs = 128;

module_param(num_prealloc_crypto_pages, uint, 0444);
MODULE_PARM_DESC(num_prealloc_crypto_pages,
		"Number of crypto pages to preallocate");
module_param(num_prealloc_crypto_ctxs, uint, 0444);
MODULE_PARM_DESC(num_prealloc_crypto_ctxs,
		"Number of crypto contexts to preallocate");

static mempool_t *fscrypt_bounce_page_pool = NULL;

static LIST_HEAD(fscrypt_free_ctxs);
static DEFINE_SPINLOCK(fscrypt_ctx_lock);

static struct workqueue_struct *fscrypt_read_workqueue;
static DEFINE_MUTEX(fscrypt_init_mutex);

static struct kmem_cache *fscrypt_ctx_cachep;
struct kmem_cache *fscrypt_info_cachep;

/**
 * fscrypt_release_ctx() - Releases an encryption context
 * @ctx: The encryption context to release.
 *
 * If the encryption context was allocated from the pre-allocated pool, returns
 * it to that pool. Else, frees it.
 *
 * If there's a bounce page in the context, this frees that.
 */
void fscrypt_release_ctx(struct fscrypt_ctx *ctx)
{
	unsigned long flags;

	if (ctx->flags & FS_WRITE_PATH_FL && ctx->w.bounce_page) {
		mempool_free(ctx->w.bounce_page, fscrypt_bounce_page_pool);
		ctx->w.bounce_page = NULL;
	}
	ctx->w.control_page = NULL;
	if (ctx->flags & FS_CTX_REQUIRES_FREE_ENCRYPT_FL) {
		kmem_cache_free(fscrypt_ctx_cachep, ctx);
	} else {
		spin_lock_irqsave(&fscrypt_ctx_lock, flags);
		list_add(&ctx->free_list, &fscrypt_free_ctxs);
		spin_unlock_irqrestore(&fscrypt_ctx_lock, flags);
	}
}
EXPORT_SYMBOL(fscrypt_release_ctx);

/**
 * fscrypt_get_ctx() - Gets an encryption context
 * @inode:       The inode for which we are doing the crypto
 * @gfp_flags:   The gfp flag for memory allocation
 *
 * Allocates and initializes an encryption context.
 *
 * Return: An allocated and initialized encryption context on success; error
 * value or NULL otherwise.
 */
struct fscrypt_ctx *fscrypt_get_ctx(struct inode *inode, gfp_t gfp_flags)
{
	struct fscrypt_ctx *ctx = NULL;
	struct fscrypt_info *ci = inode->i_crypt_info;
	unsigned long flags;

	if (ci == NULL)
		return ERR_PTR(-ENOKEY);

	/*
	 * We first try getting the ctx from a free list because in
	 * the common case the ctx will have an allocated and
	 * initialized crypto tfm, so it's probably a worthwhile
	 * optimization. For the bounce page, we first try getting it
	 * from the kernel allocator because that's just about as fast
	 * as getting it from a list and because a cache of free pages
	 * should generally be a "last resort" option for a filesystem
	 * to be able to do its job.
	 */
	spin_lock_irqsave(&fscrypt_ctx_lock, flags);
	ctx = list_first_entry_or_null(&fscrypt_free_ctxs,
					struct fscrypt_ctx, free_list);
	if (ctx)
		list_del(&ctx->free_list);
	spin_unlock_irqrestore(&fscrypt_ctx_lock, flags);
	if (!ctx) {
		ctx = kmem_cache_zalloc(fscrypt_ctx_cachep, gfp_flags);
		if (!ctx)
			return ERR_PTR(-ENOMEM);
		ctx->flags |= FS_CTX_REQUIRES_FREE_ENCRYPT_FL;
	} else {
		ctx->flags &= ~FS_CTX_REQUIRES_FREE_ENCRYPT_FL;
	}
	ctx->flags &= ~FS_WRITE_PATH_FL;
	return ctx;
}
EXPORT_SYMBOL(fscrypt_get_ctx);

/**
 * page_crypt_complete() - completion callback for page crypto
 * @req: The asynchronous cipher request context
 * @res: The result of the cipher operation
 */
static void page_crypt_complete(struct crypto_async_request *req, int res)
{
	struct fscrypt_completion_result *ecr = req->data;

	if (res == -EINPROGRESS)
		return;
	ecr->res = res;
	complete(&ecr->completion);
}

typedef enum {
	FS_DECRYPT = 0,
	FS_ENCRYPT,
} fscrypt_direction_t;

static int do_page_crypto(struct inode *inode,
			fscrypt_direction_t rw, pgoff_t index,
			struct page *src_page, struct page *dest_page,
			gfp_t gfp_flags)
{
	u8 xts_tweak[FS_XTS_TWEAK_SIZE];
	struct skcipher_request *req = NULL;
	DECLARE_FS_COMPLETION_RESULT(ecr);
	struct scatterlist dst, src;
	struct fscrypt_info *ci = inode->i_crypt_info;
	struct crypto_skcipher *tfm = ci->ci_ctfm;
	int res = 0;

	req = skcipher_request_alloc(tfm, gfp_flags);
	if (!req) {
		printk_ratelimited(KERN_ERR
				"%s: crypto_request_alloc() failed\n",
				__func__);
		return -ENOMEM;
	}

	skcipher_request_set_callback(
		req, CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
		page_crypt_complete, &ecr);

	BUILD_BUG_ON(FS_XTS_TWEAK_SIZE < sizeof(index));
	memcpy(xts_tweak, &index, sizeof(index));
	memset(&xts_tweak[sizeof(index)], 0,
			FS_XTS_TWEAK_SIZE - sizeof(index));

	sg_init_table(&dst, 1);
	sg_set_page(&dst, dest_page, PAGE_SIZE, 0);
	sg_init_table(&src, 1);
	sg_set_page(&src, src_page, PAGE_SIZE, 0);
	skcipher_request_set_crypt(req, &src, &dst, PAGE_SIZE,
					xts_tweak);
	if (rw == FS_DECRYPT)
		res = crypto_skcipher_decrypt(req);
	else
		res = crypto_skcipher_encrypt(req);
	if (res == -EINPROGRESS || res == -EBUSY) {
		BUG_ON(req->base.data != &ecr);
		wait_for_completion(&ecr.completion);
		res = ecr.res;
	}
	skcipher_request_free(req);
	if (res) {
		printk_ratelimited(KERN_ERR
			"%s: crypto_skcipher_encrypt() returned %d\n",
			__func__, res);
		return res;
	}
	return 0;
}

static struct page *alloc_bounce_page(struct fscrypt_ctx *ctx, gfp_t gfp_flags)
{
	ctx->w.bounce_page = mempool_alloc(fscrypt_bounce_page_pool, gfp_flags);
	if (ctx->w.bounce_page == NULL)
		return ERR_PTR(-ENOMEM);
	ctx->flags |= FS_WRITE_PATH_FL;
	return ctx->w.bounce_page;
}

/**
 * fscypt_encrypt_page() - Encrypts a page
 * @inode:          The inode for which the encryption should take place
 * @plaintext_page: The page to encrypt. Must be locked.
 * @gfp_flags:      The gfp flag for memory allocation
 *
 * Allocates a ciphertext page and encrypts plaintext_page into it using the ctx
 * encryption context.
 *
 * Called on the page write path.  The caller must call
 * fscrypt_restore_control_page() on the returned ciphertext page to
 * release the bounce buffer and the encryption context.
 *
 * Return: An allocated page with the encrypted content on success. Else, an
 * error value or NULL.
 */
struct page *fscrypt_encrypt_page(struct inode *inode,
				struct page *plaintext_page, gfp_t gfp_flags)
{
	struct fscrypt_ctx *ctx;
	struct page *ciphertext_page = NULL;
	int err;

	BUG_ON(!PageLocked(plaintext_page));

	ctx = fscrypt_get_ctx(inode, gfp_flags);
	if (IS_ERR(ctx))
		return (struct page *)ctx;

	/* The encryption operation will require a bounce page. */
	ciphertext_page = alloc_bounce_page(ctx, gfp_flags);
	if (IS_ERR(ciphertext_page))
		goto errout;

	ctx->w.control_page = plaintext_page;
	err = do_page_crypto(inode, FS_ENCRYPT, plaintext_page->index,
					plaintext_page, ciphertext_page,
					gfp_flags);
	if (err) {
		ciphertext_page = ERR_PTR(err);
		goto errout;
	}
	SetPagePrivate(ciphertext_page);
	set_page_private(ciphertext_page, (unsigned long)ctx);
	lock_page(ciphertext_page);
	return ciphertext_page;

errout:
	fscrypt_release_ctx(ctx);
	return ciphertext_page;
}
EXPORT_SYMBOL(fscrypt_encrypt_page);

/**
 * f2crypt_decrypt_page() - Decrypts a page in-place
 * @page: The page to decrypt. Must be locked.
 *
 * Decrypts page in-place using the ctx encryption context.
 *
 * Called from the read completion callback.
 *
 * Return: Zero on success, non-zero otherwise.
 */
int fscrypt_decrypt_page(struct page *page)
{
	BUG_ON(!PageLocked(page));

	return do_page_crypto(page->mapping->host,
			FS_DECRYPT, page->index, page, page, GFP_NOFS);
}
EXPORT_SYMBOL(fscrypt_decrypt_page);

int fscrypt_zeroout_range(struct inode *inode, pgoff_t lblk,
				sector_t pblk, unsigned int len)
{
	struct fscrypt_ctx *ctx;
	struct page *ciphertext_page = NULL;
	struct bio *bio;
	int ret, err = 0;

	BUG_ON(inode->i_sb->s_blocksize != PAGE_SIZE);

	ctx = fscrypt_get_ctx(inode, GFP_NOFS);
	if (IS_ERR(ctx))
		return PTR_ERR(ctx);

	ciphertext_page = alloc_bounce_page(ctx, GFP_NOWAIT);
	if (IS_ERR(ciphertext_page)) {
		err = PTR_ERR(ciphertext_page);
		goto errout;
	}

	while (len--) {
		err = do_page_crypto(inode, FS_ENCRYPT, lblk,
					ZERO_PAGE(0), ciphertext_page,
					GFP_NOFS);
		if (err)
			goto errout;

		bio = bio_alloc(GFP_NOWAIT, 1);
		if (!bio) {
			err = -ENOMEM;
			goto errout;
		}
		bio->bi_bdev = inode->i_sb->s_bdev;
		bio->bi_iter.bi_sector =
			pblk << (inode->i_sb->s_blocksize_bits - 9);
		bio_set_op_attrs(bio, REQ_OP_WRITE, 0);
		ret = bio_add_page(bio, ciphertext_page,
					inode->i_sb->s_blocksize, 0);
		if (ret != inode->i_sb->s_blocksize) {
			/* should never happen! */
			WARN_ON(1);
			bio_put(bio);
			err = -EIO;
			goto errout;
		}
		err = submit_bio_wait(bio);
		if ((err == 0) && bio->bi_error)
			err = -EIO;
		bio_put(bio);
		if (err)
			goto errout;
		lblk++;
		pblk++;
	}
	err = 0;
errout:
	fscrypt_release_ctx(ctx);
	return err;
}
EXPORT_SYMBOL(fscrypt_zeroout_range);

/*
 * Validate dentries for encrypted directories to make sure we aren't
 * potentially caching stale data after a key has been added or
 * removed.
 */
static int fscrypt_d_revalidate(struct dentry *dentry, unsigned int flags)
{
	struct dentry *dir;
	struct fscrypt_info *ci;
	int dir_has_key, cached_with_key;

	if (flags & LOOKUP_RCU)
		return -ECHILD;

	dir = dget_parent(dentry);
	if (!d_inode(dir)->i_sb->s_cop->is_encrypted(d_inode(dir))) {
		dput(dir);
		return 0;
	}

	ci = d_inode(dir)->i_crypt_info;
	if (ci && ci->ci_keyring_key &&
	    (ci->ci_keyring_key->flags & ((1 << KEY_FLAG_INVALIDATED) |
					  (1 << KEY_FLAG_REVOKED) |
					  (1 << KEY_FLAG_DEAD))))
		ci = NULL;

	/* this should eventually be an flag in d_flags */
	spin_lock(&dentry->d_lock);
	cached_with_key = dentry->d_flags & DCACHE_ENCRYPTED_WITH_KEY;
	spin_unlock(&dentry->d_lock);
	dir_has_key = (ci != NULL);
	dput(dir);

	/*
	 * If the dentry was cached without the key, and it is a
	 * negative dentry, it might be a valid name.  We can't check
	 * if the key has since been made available due to locking
	 * reasons, so we fail the validation so ext4_lookup() can do
	 * this check.
	 *
	 * We also fail the validation if the dentry was created with
	 * the key present, but we no longer have the key, or vice versa.
	 */
	if ((!cached_with_key && d_is_negative(dentry)) ||
			(!cached_with_key && dir_has_key) ||
			(cached_with_key && !dir_has_key))
		return 0;
	return 1;
}

const struct dentry_operations fscrypt_d_ops = {
	.d_revalidate = fscrypt_d_revalidate,
};
EXPORT_SYMBOL(fscrypt_d_ops);

/*
 * Call fscrypt_decrypt_page on every single page, reusing the encryption
 * context.
 */
static void completion_pages(struct work_struct *work)
{
	struct fscrypt_ctx *ctx =
		container_of(work, struct fscrypt_ctx, r.work);
	struct bio *bio = ctx->r.bio;
	struct bio_vec *bv;
	int i;

	bio_for_each_segment_all(bv, bio, i) {
		struct page *page = bv->bv_page;
		int ret = fscrypt_decrypt_page(page);

		if (ret) {
			WARN_ON_ONCE(1);
			SetPageError(page);
		} else {
			SetPageUptodate(page);
		}
		unlock_page(page);
	}
	fscrypt_release_ctx(ctx);
	bio_put(bio);
}

void fscrypt_decrypt_bio_pages(struct fscrypt_ctx *ctx, struct bio *bio)
{
	INIT_WORK(&ctx->r.work, completion_pages);
	ctx->r.bio = bio;
	queue_work(fscrypt_read_workqueue, &ctx->r.work);
}
EXPORT_SYMBOL(fscrypt_decrypt_bio_pages);

void fscrypt_pullback_bio_page(struct page **page, bool restore)
{
	struct fscrypt_ctx *ctx;
	struct page *bounce_page;

	/* The bounce data pages are unmapped. */
	if ((*page)->mapping)
		return;

	/* The bounce data page is unmapped. */
	bounce_page = *page;
	ctx = (struct fscrypt_ctx *)page_private(bounce_page);

	/* restore control page */
	*page = ctx->w.control_page;

	if (restore)
		fscrypt_restore_control_page(bounce_page);
}
EXPORT_SYMBOL(fscrypt_pullback_bio_page);

void fscrypt_restore_control_page(struct page *page)
{
	struct fscrypt_ctx *ctx;

	ctx = (struct fscrypt_ctx *)page_private(page);
	set_page_private(page, (unsigned long)NULL);
	ClearPagePrivate(page);
	unlock_page(page);
	fscrypt_release_ctx(ctx);
}
EXPORT_SYMBOL(fscrypt_restore_control_page);

static void fscrypt_destroy(void)
{
	struct fscrypt_ctx *pos, *n;

	list_for_each_entry_safe(pos, n, &fscrypt_free_ctxs, free_list)
		kmem_cache_free(fscrypt_ctx_cachep, pos);
	INIT_LIST_HEAD(&fscrypt_free_ctxs);
	mempool_destroy(fscrypt_bounce_page_pool);
	fscrypt_bounce_page_pool = NULL;
}

/**
 * fscrypt_initialize() - allocate major buffers for fs encryption.
 *
 * We only call this when we start accessing encrypted files, since it
 * results in memory getting allocated that wouldn't otherwise be used.
 *
 * Return: Zero on success, non-zero otherwise.
 */
int fscrypt_initialize(void)
{
	int i, res = -ENOMEM;

	if (fscrypt_bounce_page_pool)
		return 0;

	mutex_lock(&fscrypt_init_mutex);
	if (fscrypt_bounce_page_pool)
		goto already_initialized;

	for (i = 0; i < num_prealloc_crypto_ctxs; i++) {
		struct fscrypt_ctx *ctx;

		ctx = kmem_cache_zalloc(fscrypt_ctx_cachep, GFP_NOFS);
		if (!ctx)
			goto fail;
		list_add(&ctx->free_list, &fscrypt_free_ctxs);
	}

	fscrypt_bounce_page_pool =
		mempool_create_page_pool(num_prealloc_crypto_pages, 0);
	if (!fscrypt_bounce_page_pool)
		goto fail;

already_initialized:
	mutex_unlock(&fscrypt_init_mutex);
	return 0;
fail:
	fscrypt_destroy();
	mutex_unlock(&fscrypt_init_mutex);
	return res;
}
EXPORT_SYMBOL(fscrypt_initialize);

/**
 * fscrypt_init() - Set up for fs encryption.
 */
static int __init fscrypt_init(void)
{
	fscrypt_read_workqueue = alloc_workqueue("fscrypt_read_queue",
							WQ_HIGHPRI, 0);
	if (!fscrypt_read_workqueue)
		goto fail;

	fscrypt_ctx_cachep = KMEM_CACHE(fscrypt_ctx, SLAB_RECLAIM_ACCOUNT);
	if (!fscrypt_ctx_cachep)
		goto fail_free_queue;

	fscrypt_info_cachep = KMEM_CACHE(fscrypt_info, SLAB_RECLAIM_ACCOUNT);
	if (!fscrypt_info_cachep)
		goto fail_free_ctx;

	return 0;

fail_free_ctx:
	kmem_cache_destroy(fscrypt_ctx_cachep);
fail_free_queue:
	destroy_workqueue(fscrypt_read_workqueue);
fail:
	return -ENOMEM;
}
module_init(fscrypt_init)

/**
 * fscrypt_exit() - Shutdown the fs encryption system
 */
static void __exit fscrypt_exit(void)
{
	fscrypt_destroy();

	if (fscrypt_read_workqueue)
		destroy_workqueue(fscrypt_read_workqueue);
	kmem_cache_destroy(fscrypt_ctx_cachep);
	kmem_cache_destroy(fscrypt_info_cachep);
}
module_exit(fscrypt_exit);

MODULE_LICENSE("GPL");
Commit	Line	Data
0b81d077 JK	1	/*
	2	* This contains encryption functions for per-file encryption.
	3	*
	4	* Copyright (C) 2015, Google, Inc.
	5	* Copyright (C) 2015, Motorola Mobility
	6	*
	7	* Written by Michael Halcrow, 2014.
	8	*
	9	* Filename encryption additions
	10	* Uday Savagaonkar, 2014
	11	* Encryption policy handling additions
	12	* Ildar Muslukhov, 2014
	13	* Add fscrypt_pullback_bio_page()
	14	* Jaegeuk Kim, 2015.
	15	*
	16	* This has not yet undergone a rigorous security audit.
	17	*
	18	* The usage of AES-XTS should conform to recommendations in NIST
	19	* Special Publication 800-38E and IEEE P1619/D16.
	20	*/
	21
0b81d077 JK	22	#include <linux/pagemap.h>
	23	#include <linux/mempool.h>
	24	#include <linux/module.h>
	25	#include <linux/scatterlist.h>
	26	#include <linux/ratelimit.h>
	27	#include <linux/bio.h>
	28	#include <linux/dcache.h>
03a8bb0e	29	#include <linux/namei.h>
0b81d077 JK	30	#include <linux/fscrypto.h>
	31
	32	static unsigned int num_prealloc_crypto_pages = 32;
	33	static unsigned int num_prealloc_crypto_ctxs = 128;
	34
	35	module_param(num_prealloc_crypto_pages, uint, 0444);
	36	MODULE_PARM_DESC(num_prealloc_crypto_pages,
	37	"Number of crypto pages to preallocate");
	38	module_param(num_prealloc_crypto_ctxs, uint, 0444);
	39	MODULE_PARM_DESC(num_prealloc_crypto_ctxs,
	40	"Number of crypto contexts to preallocate");
	41
	42	static mempool_t *fscrypt_bounce_page_pool = NULL;
	43
	44	static LIST_HEAD(fscrypt_free_ctxs);
	45	static DEFINE_SPINLOCK(fscrypt_ctx_lock);
	46
	47	static struct workqueue_struct *fscrypt_read_workqueue;
	48	static DEFINE_MUTEX(fscrypt_init_mutex);
	49
	50	static struct kmem_cache *fscrypt_ctx_cachep;
	51	struct kmem_cache *fscrypt_info_cachep;
	52
	53	/**
	54	* fscrypt_release_ctx() - Releases an encryption context
	55	* @ctx: The encryption context to release.
	56	*
	57	* If the encryption context was allocated from the pre-allocated pool, returns
	58	* it to that pool. Else, frees it.
	59	*
	60	* If there's a bounce page in the context, this frees that.
	61	*/
	62	void fscrypt_release_ctx(struct fscrypt_ctx *ctx)
	63	{
	64	unsigned long flags;
	65
	66	if (ctx->flags & FS_WRITE_PATH_FL && ctx->w.bounce_page) {
	67	mempool_free(ctx->w.bounce_page, fscrypt_bounce_page_pool);
	68	ctx->w.bounce_page = NULL;
	69	}
	70	ctx->w.control_page = NULL;
	71	if (ctx->flags & FS_CTX_REQUIRES_FREE_ENCRYPT_FL) {
	72	kmem_cache_free(fscrypt_ctx_cachep, ctx);
	73	} else {
	74	spin_lock_irqsave(&fscrypt_ctx_lock, flags);
	75	list_add(&ctx->free_list, &fscrypt_free_ctxs);
	76	spin_unlock_irqrestore(&fscrypt_ctx_lock, flags);
	77	}
	78	}
	79	EXPORT_SYMBOL(fscrypt_release_ctx);
	80
	81	/**
	82	* fscrypt_get_ctx() - Gets an encryption context
	83	* @inode: The inode for which we are doing the crypto
b32e4482	84	* @gfp_flags: The gfp flag for memory allocation
0b81d077 JK	85	*
	86	* Allocates and initializes an encryption context.
	87	*
	88	* Return: An allocated and initialized encryption context on success; error
	89	* value or NULL otherwise.
	90	*/
b32e4482	91	struct fscrypt_ctx fscrypt_get_ctx(struct inode inode, gfp_t gfp_flags)
0b81d077 JK	92	{
	93	struct fscrypt_ctx *ctx = NULL;
	94	struct fscrypt_info *ci = inode->i_crypt_info;
	95	unsigned long flags;
	96
	97	if (ci == NULL)
	98	return ERR_PTR(-ENOKEY);
	99
	100	/*
	101	* We first try getting the ctx from a free list because in
	102	* the common case the ctx will have an allocated and
	103	* initialized crypto tfm, so it's probably a worthwhile
	104	* optimization. For the bounce page, we first try getting it
	105	* from the kernel allocator because that's just about as fast
	106	* as getting it from a list and because a cache of free pages
	107	* should generally be a "last resort" option for a filesystem
	108	* to be able to do its job.
	109	*/
	110	spin_lock_irqsave(&fscrypt_ctx_lock, flags);
	111	ctx = list_first_entry_or_null(&fscrypt_free_ctxs,
	112	struct fscrypt_ctx, free_list);
	113	if (ctx)
	114	list_del(&ctx->free_list);
	115	spin_unlock_irqrestore(&fscrypt_ctx_lock, flags);
	116	if (!ctx) {
b32e4482	117	ctx = kmem_cache_zalloc(fscrypt_ctx_cachep, gfp_flags);
0b81d077 JK	118	if (!ctx)
	119	return ERR_PTR(-ENOMEM);
	120	ctx->flags \|= FS_CTX_REQUIRES_FREE_ENCRYPT_FL;
	121	} else {
	122	ctx->flags &= ~FS_CTX_REQUIRES_FREE_ENCRYPT_FL;
	123	}
	124	ctx->flags &= ~FS_WRITE_PATH_FL;
	125	return ctx;
	126	}
	127	EXPORT_SYMBOL(fscrypt_get_ctx);
	128
	129	/**
53fd7550 EB	130	* page_crypt_complete() - completion callback for page crypto
	131	* @req: The asynchronous cipher request context
	132	* @res: The result of the cipher operation
0b81d077	133	*/
53fd7550	134	static void page_crypt_complete(struct crypto_async_request *req, int res)
0b81d077 JK	135	{
	136	struct fscrypt_completion_result *ecr = req->data;
	137
	138	if (res == -EINPROGRESS)
	139	return;
	140	ecr->res = res;
	141	complete(&ecr->completion);
	142	}
	143
	144	typedef enum {
	145	FS_DECRYPT = 0,
	146	FS_ENCRYPT,
	147	} fscrypt_direction_t;
	148
	149	static int do_page_crypto(struct inode *inode,
	150	fscrypt_direction_t rw, pgoff_t index,
b32e4482 JK	151	struct page src_page, struct page dest_page,
b32e4482 JK	152	gfp_t gfp_flags)
0b81d077 JK	153	{
0b81d077 JK	154	u8 xts_tweak[FS_XTS_TWEAK_SIZE];
d407574e	155	struct skcipher_request *req = NULL;
0b81d077 JK	156	DECLARE_FS_COMPLETION_RESULT(ecr);
	157	struct scatterlist dst, src;
	158	struct fscrypt_info *ci = inode->i_crypt_info;
d407574e	159	struct crypto_skcipher *tfm = ci->ci_ctfm;
0b81d077 JK	160	int res = 0;
0b81d077 JK	161
b32e4482	162	req = skcipher_request_alloc(tfm, gfp_flags);
0b81d077 JK	163	if (!req) {
	164	printk_ratelimited(KERN_ERR
	165	"%s: crypto_request_alloc() failed\n",
	166	__func__);
	167	return -ENOMEM;
	168	}
	169
d407574e	170	skcipher_request_set_callback(
0b81d077	171	req, CRYPTO_TFM_REQ_MAY_BACKLOG \| CRYPTO_TFM_REQ_MAY_SLEEP,
53fd7550	172	page_crypt_complete, &ecr);
0b81d077 JK	173
0b81d077 JK	174	BUILD_BUG_ON(FS_XTS_TWEAK_SIZE < sizeof(index));
02fc59a0	175	memcpy(xts_tweak, &index, sizeof(index));
0b81d077 JK	176	memset(&xts_tweak[sizeof(index)], 0,
	177	FS_XTS_TWEAK_SIZE - sizeof(index));
	178
	179	sg_init_table(&dst, 1);
09cbfeaf	180	sg_set_page(&dst, dest_page, PAGE_SIZE, 0);
0b81d077	181	sg_init_table(&src, 1);
09cbfeaf KS	182	sg_set_page(&src, src_page, PAGE_SIZE, 0);
09cbfeaf KS	183	skcipher_request_set_crypt(req, &src, &dst, PAGE_SIZE,
0b81d077 JK	184	xts_tweak);
0b81d077 JK	185	if (rw == FS_DECRYPT)
d407574e	186	res = crypto_skcipher_decrypt(req);
0b81d077	187	else
d407574e	188	res = crypto_skcipher_encrypt(req);
0b81d077 JK	189	if (res == -EINPROGRESS \|\| res == -EBUSY) {
	190	BUG_ON(req->base.data != &ecr);
	191	wait_for_completion(&ecr.completion);
	192	res = ecr.res;
	193	}
d407574e	194	skcipher_request_free(req);
0b81d077 JK	195	if (res) {
0b81d077 JK	196	printk_ratelimited(KERN_ERR
d407574e	197	"%s: crypto_skcipher_encrypt() returned %d\n",
0b81d077 JK	198	__func__, res);
	199	return res;
	200	}
	201	return 0;
	202	}
	203
b32e4482	204	static struct page alloc_bounce_page(struct fscrypt_ctx ctx, gfp_t gfp_flags)
0b81d077	205	{
b32e4482	206	ctx->w.bounce_page = mempool_alloc(fscrypt_bounce_page_pool, gfp_flags);
0b81d077 JK	207	if (ctx->w.bounce_page == NULL)
	208	return ERR_PTR(-ENOMEM);
	209	ctx->flags \|= FS_WRITE_PATH_FL;
	210	return ctx->w.bounce_page;
	211	}
	212
	213	/**
	214	* fscypt_encrypt_page() - Encrypts a page
	215	* @inode: The inode for which the encryption should take place
	216	* @plaintext_page: The page to encrypt. Must be locked.
b32e4482	217	* @gfp_flags: The gfp flag for memory allocation
0b81d077 JK	218	*
	219	* Allocates a ciphertext page and encrypts plaintext_page into it using the ctx
	220	* encryption context.
	221	*
	222	* Called on the page write path. The caller must call
	223	* fscrypt_restore_control_page() on the returned ciphertext page to
	224	* release the bounce buffer and the encryption context.
	225	*
	226	* Return: An allocated page with the encrypted content on success. Else, an
	227	* error value or NULL.
	228	*/
	229	struct page fscrypt_encrypt_page(struct inode inode,
b32e4482	230	struct page *plaintext_page, gfp_t gfp_flags)
0b81d077 JK	231	{
	232	struct fscrypt_ctx *ctx;
	233	struct page *ciphertext_page = NULL;
	234	int err;
	235
	236	BUG_ON(!PageLocked(plaintext_page));
	237
b32e4482	238	ctx = fscrypt_get_ctx(inode, gfp_flags);
0b81d077 JK	239	if (IS_ERR(ctx))
	240	return (struct page *)ctx;
	241
	242	/* The encryption operation will require a bounce page. */
b32e4482	243	ciphertext_page = alloc_bounce_page(ctx, gfp_flags);
0b81d077 JK	244	if (IS_ERR(ciphertext_page))
	245	goto errout;
	246
	247	ctx->w.control_page = plaintext_page;
	248	err = do_page_crypto(inode, FS_ENCRYPT, plaintext_page->index,
b32e4482 JK	249	plaintext_page, ciphertext_page,
b32e4482 JK	250	gfp_flags);
0b81d077 JK	251	if (err) {
	252	ciphertext_page = ERR_PTR(err);
	253	goto errout;
	254	}
	255	SetPagePrivate(ciphertext_page);
	256	set_page_private(ciphertext_page, (unsigned long)ctx);
	257	lock_page(ciphertext_page);
	258	return ciphertext_page;
	259
	260	errout:
	261	fscrypt_release_ctx(ctx);
	262	return ciphertext_page;
	263	}
	264	EXPORT_SYMBOL(fscrypt_encrypt_page);
	265
	266	/**
	267	* f2crypt_decrypt_page() - Decrypts a page in-place
	268	* @page: The page to decrypt. Must be locked.
	269	*
	270	* Decrypts page in-place using the ctx encryption context.
	271	*
	272	* Called from the read completion callback.
	273	*
	274	* Return: Zero on success, non-zero otherwise.
	275	*/
	276	int fscrypt_decrypt_page(struct page *page)
	277	{
	278	BUG_ON(!PageLocked(page));
	279
	280	return do_page_crypto(page->mapping->host,
b32e4482	281	FS_DECRYPT, page->index, page, page, GFP_NOFS);
0b81d077 JK	282	}
	283	EXPORT_SYMBOL(fscrypt_decrypt_page);
	284
	285	int fscrypt_zeroout_range(struct inode *inode, pgoff_t lblk,
	286	sector_t pblk, unsigned int len)
	287	{
	288	struct fscrypt_ctx *ctx;
	289	struct page *ciphertext_page = NULL;
	290	struct bio *bio;
	291	int ret, err = 0;
	292
09cbfeaf	293	BUG_ON(inode->i_sb->s_blocksize != PAGE_SIZE);
0b81d077	294
b32e4482	295	ctx = fscrypt_get_ctx(inode, GFP_NOFS);
0b81d077 JK	296	if (IS_ERR(ctx))
	297	return PTR_ERR(ctx);
	298
b32e4482	299	ciphertext_page = alloc_bounce_page(ctx, GFP_NOWAIT);
0b81d077 JK	300	if (IS_ERR(ciphertext_page)) {
	301	err = PTR_ERR(ciphertext_page);
	302	goto errout;
	303	}
	304
	305	while (len--) {
	306	err = do_page_crypto(inode, FS_ENCRYPT, lblk,
b32e4482 JK	307	ZERO_PAGE(0), ciphertext_page,
b32e4482 JK	308	GFP_NOFS);
0b81d077 JK	309	if (err)
	310	goto errout;
	311
b32e4482	312	bio = bio_alloc(GFP_NOWAIT, 1);
0b81d077 JK	313	if (!bio) {
	314	err = -ENOMEM;
	315	goto errout;
	316	}
	317	bio->bi_bdev = inode->i_sb->s_bdev;
	318	bio->bi_iter.bi_sector =
	319	pblk << (inode->i_sb->s_blocksize_bits - 9);
95fe6c1a	320	bio_set_op_attrs(bio, REQ_OP_WRITE, 0);
0b81d077 JK	321	ret = bio_add_page(bio, ciphertext_page,
	322	inode->i_sb->s_blocksize, 0);
	323	if (ret != inode->i_sb->s_blocksize) {
	324	/* should never happen! */
	325	WARN_ON(1);
	326	bio_put(bio);
	327	err = -EIO;
	328	goto errout;
	329	}
4e49ea4a	330	err = submit_bio_wait(bio);
0b81d077 JK	331	if ((err == 0) && bio->bi_error)
	332	err = -EIO;
	333	bio_put(bio);
	334	if (err)
	335	goto errout;
	336	lblk++;
	337	pblk++;
	338	}
	339	err = 0;
	340	errout:
	341	fscrypt_release_ctx(ctx);
	342	return err;
	343	}
	344	EXPORT_SYMBOL(fscrypt_zeroout_range);
	345
	346	/*
	347	* Validate dentries for encrypted directories to make sure we aren't
	348	* potentially caching stale data after a key has been added or
	349	* removed.
	350	*/
	351	static int fscrypt_d_revalidate(struct dentry *dentry, unsigned int flags)
	352	{
d7d75352 JK	353	struct dentry *dir;
d7d75352 JK	354	struct fscrypt_info *ci;
0b81d077 JK	355	int dir_has_key, cached_with_key;
0b81d077 JK	356
03a8bb0e JK	357	if (flags & LOOKUP_RCU)
	358	return -ECHILD;
	359
d7d75352 JK	360	dir = dget_parent(dentry);
	361	if (!d_inode(dir)->i_sb->s_cop->is_encrypted(d_inode(dir))) {
	362	dput(dir);
0b81d077	363	return 0;
d7d75352	364	}
0b81d077	365
d7d75352	366	ci = d_inode(dir)->i_crypt_info;
0b81d077 JK	367	if (ci && ci->ci_keyring_key &&
	368	(ci->ci_keyring_key->flags & ((1 << KEY_FLAG_INVALIDATED) \|
	369	(1 << KEY_FLAG_REVOKED) \|
	370	(1 << KEY_FLAG_DEAD))))
	371	ci = NULL;
	372
	373	/* this should eventually be an flag in d_flags */
	374	spin_lock(&dentry->d_lock);
	375	cached_with_key = dentry->d_flags & DCACHE_ENCRYPTED_WITH_KEY;
	376	spin_unlock(&dentry->d_lock);
	377	dir_has_key = (ci != NULL);
d7d75352	378	dput(dir);
0b81d077 JK	379
	380	/*
	381	* If the dentry was cached without the key, and it is a
	382	* negative dentry, it might be a valid name. We can't check
	383	* if the key has since been made available due to locking
	384	* reasons, so we fail the validation so ext4_lookup() can do
	385	* this check.
	386	*
	387	* We also fail the validation if the dentry was created with
	388	* the key present, but we no longer have the key, or vice versa.
	389	*/
	390	if ((!cached_with_key && d_is_negative(dentry)) \|\|
	391	(!cached_with_key && dir_has_key) \|\|
	392	(cached_with_key && !dir_has_key))
	393	return 0;
	394	return 1;
	395	}
	396
	397	const struct dentry_operations fscrypt_d_ops = {
	398	.d_revalidate = fscrypt_d_revalidate,
	399	};
	400	EXPORT_SYMBOL(fscrypt_d_ops);
	401
	402	/*
	403	* Call fscrypt_decrypt_page on every single page, reusing the encryption
	404	* context.
	405	*/
	406	static void completion_pages(struct work_struct *work)
	407	{
	408	struct fscrypt_ctx *ctx =
	409	container_of(work, struct fscrypt_ctx, r.work);
	410	struct bio *bio = ctx->r.bio;
	411	struct bio_vec *bv;
	412	int i;
	413
	414	bio_for_each_segment_all(bv, bio, i) {
	415	struct page *page = bv->bv_page;
	416	int ret = fscrypt_decrypt_page(page);
	417
	418	if (ret) {
	419	WARN_ON_ONCE(1);
	420	SetPageError(page);
	421	} else {
	422	SetPageUptodate(page);
	423	}
	424	unlock_page(page);
	425	}
	426	fscrypt_release_ctx(ctx);
	427	bio_put(bio);
	428	}
	429
	430	void fscrypt_decrypt_bio_pages(struct fscrypt_ctx ctx, struct bio bio)
	431	{
	432	INIT_WORK(&ctx->r.work, completion_pages);
	433	ctx->r.bio = bio;
	434	queue_work(fscrypt_read_workqueue, &ctx->r.work);
	435	}
	436	EXPORT_SYMBOL(fscrypt_decrypt_bio_pages);
	437
	438	void fscrypt_pullback_bio_page(struct page **page, bool restore)
	439	{
	440	struct fscrypt_ctx *ctx;
	441	struct page *bounce_page;
	442
443	/* The bounce data pages are unmapped. */
444	if ((*page)->mapping)
445	return;
446
447	/* The bounce data page is unmapped. */
448	bounce_page = *page;
449	ctx = (struct fscrypt_ctx *)page_private(bounce_page);
450
451	/* restore control page */
452	*page = ctx->w.control_page;
453
454	if (restore)
455	fscrypt_restore_control_page(bounce_page);
456	}
457	EXPORT_SYMBOL(fscrypt_pullback_bio_page);
458
459	void fscrypt_restore_control_page(struct page *page)
460	{
461	struct fscrypt_ctx *ctx;
462
463	ctx = (struct fscrypt_ctx *)page_private(page);
464	set_page_private(page, (unsigned long)NULL);
465	ClearPagePrivate(page);
466	unlock_page(page);
467	fscrypt_release_ctx(ctx);
468	}
469	EXPORT_SYMBOL(fscrypt_restore_control_page);
470
471	static void fscrypt_destroy(void)
472	{
473	struct fscrypt_ctx pos, n;
474
475	list_for_each_entry_safe(pos, n, &fscrypt_free_ctxs, free_list)
476	kmem_cache_free(fscrypt_ctx_cachep, pos);
477	INIT_LIST_HEAD(&fscrypt_free_ctxs);
478	mempool_destroy(fscrypt_bounce_page_pool);
479	fscrypt_bounce_page_pool = NULL;
480	}
481
482	/**
483	* fscrypt_initialize() - allocate major buffers for fs encryption.
484	*
485	* We only call this when we start accessing encrypted files, since it
486	* results in memory getting allocated that wouldn't otherwise be used.
487	*
488	* Return: Zero on success, non-zero otherwise.
489	*/
490	int fscrypt_initialize(void)
491	{
492	int i, res = -ENOMEM;
493
494	if (fscrypt_bounce_page_pool)
495	return 0;
496
497	mutex_lock(&fscrypt_init_mutex);
498	if (fscrypt_bounce_page_pool)
499	goto already_initialized;
500
501	for (i = 0; i < num_prealloc_crypto_ctxs; i++) {
502	struct fscrypt_ctx *ctx;
503
504	ctx = kmem_cache_zalloc(fscrypt_ctx_cachep, GFP_NOFS);
505	if (!ctx)
506	goto fail;
507	list_add(&ctx->free_list, &fscrypt_free_ctxs);
508	}
509
510	fscrypt_bounce_page_pool =
511	mempool_create_page_pool(num_prealloc_crypto_pages, 0);
512	if (!fscrypt_bounce_page_pool)
513	goto fail;
514
515	already_initialized:
516	mutex_unlock(&fscrypt_init_mutex);
517	return 0;
518	fail:
519	fscrypt_destroy();
520	mutex_unlock(&fscrypt_init_mutex);
521	return res;
522	}
523	EXPORT_SYMBOL(fscrypt_initialize);
524
525	/**
526	* fscrypt_init() - Set up for fs encryption.
527	*/
528	static int __init fscrypt_init(void)
529	{
530	fscrypt_read_workqueue = alloc_workqueue("fscrypt_read_queue",
531	WQ_HIGHPRI, 0);
532	if (!fscrypt_read_workqueue)
533	goto fail;
534
535	fscrypt_ctx_cachep = KMEM_CACHE(fscrypt_ctx, SLAB_RECLAIM_ACCOUNT);
536	if (!fscrypt_ctx_cachep)
537	goto fail_free_queue;
538
539	fscrypt_info_cachep = KMEM_CACHE(fscrypt_info, SLAB_RECLAIM_ACCOUNT);
540	if (!fscrypt_info_cachep)
541	goto fail_free_ctx;
542
543	return 0;
544
545	fail_free_ctx:
546	kmem_cache_destroy(fscrypt_ctx_cachep);
547	fail_free_queue:
548	destroy_workqueue(fscrypt_read_workqueue);
549	fail:
550	return -ENOMEM;
551	}
552	module_init(fscrypt_init)
553
554	/**
555	* fscrypt_exit() - Shutdown the fs encryption system
556	*/
557	static void __exit fscrypt_exit(void)
558	{
559	fscrypt_destroy();
560
561	if (fscrypt_read_workqueue)
562	destroy_workqueue(fscrypt_read_workqueue);
563	kmem_cache_destroy(fscrypt_ctx_cachep);
564	kmem_cache_destroy(fscrypt_info_cachep);
565	}
566	module_exit(fscrypt_exit);
567
568	MODULE_LICENSE("GPL");