cachepc-linux

Fork of AMDESE/linux with modifications for CachePC side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-linux
Log | Files | Refs | README | LICENSE | sfeed.txt

inode.c (33608B)


      1// SPDX-License-Identifier: GPL-2.0-or-later
      2/*
      3 * eCryptfs: Linux filesystem encryption layer
      4 *
      5 * Copyright (C) 1997-2004 Erez Zadok
      6 * Copyright (C) 2001-2004 Stony Brook University
      7 * Copyright (C) 2004-2007 International Business Machines Corp.
      8 *   Author(s): Michael A. Halcrow <mahalcro@us.ibm.com>
      9 *              Michael C. Thompsion <mcthomps@us.ibm.com>
     10 */
     11
     12#include <linux/file.h>
     13#include <linux/vmalloc.h>
     14#include <linux/pagemap.h>
     15#include <linux/dcache.h>
     16#include <linux/namei.h>
     17#include <linux/mount.h>
     18#include <linux/fs_stack.h>
     19#include <linux/slab.h>
     20#include <linux/xattr.h>
     21#include <linux/fileattr.h>
     22#include <asm/unaligned.h>
     23#include "ecryptfs_kernel.h"
     24
     25static int lock_parent(struct dentry *dentry,
     26		       struct dentry **lower_dentry,
     27		       struct inode **lower_dir)
     28{
     29	struct dentry *lower_dir_dentry;
     30
     31	lower_dir_dentry = ecryptfs_dentry_to_lower(dentry->d_parent);
     32	*lower_dir = d_inode(lower_dir_dentry);
     33	*lower_dentry = ecryptfs_dentry_to_lower(dentry);
     34
     35	inode_lock_nested(*lower_dir, I_MUTEX_PARENT);
     36	return (*lower_dentry)->d_parent == lower_dir_dentry ? 0 : -EINVAL;
     37}
     38
     39static int ecryptfs_inode_test(struct inode *inode, void *lower_inode)
     40{
     41	return ecryptfs_inode_to_lower(inode) == lower_inode;
     42}
     43
     44static int ecryptfs_inode_set(struct inode *inode, void *opaque)
     45{
     46	struct inode *lower_inode = opaque;
     47
     48	ecryptfs_set_inode_lower(inode, lower_inode);
     49	fsstack_copy_attr_all(inode, lower_inode);
     50	/* i_size will be overwritten for encrypted regular files */
     51	fsstack_copy_inode_size(inode, lower_inode);
     52	inode->i_ino = lower_inode->i_ino;
     53	inode->i_mapping->a_ops = &ecryptfs_aops;
     54
     55	if (S_ISLNK(inode->i_mode))
     56		inode->i_op = &ecryptfs_symlink_iops;
     57	else if (S_ISDIR(inode->i_mode))
     58		inode->i_op = &ecryptfs_dir_iops;
     59	else
     60		inode->i_op = &ecryptfs_main_iops;
     61
     62	if (S_ISDIR(inode->i_mode))
     63		inode->i_fop = &ecryptfs_dir_fops;
     64	else if (special_file(inode->i_mode))
     65		init_special_inode(inode, inode->i_mode, inode->i_rdev);
     66	else
     67		inode->i_fop = &ecryptfs_main_fops;
     68
     69	return 0;
     70}
     71
     72static struct inode *__ecryptfs_get_inode(struct inode *lower_inode,
     73					  struct super_block *sb)
     74{
     75	struct inode *inode;
     76
     77	if (lower_inode->i_sb != ecryptfs_superblock_to_lower(sb))
     78		return ERR_PTR(-EXDEV);
     79	if (!igrab(lower_inode))
     80		return ERR_PTR(-ESTALE);
     81	inode = iget5_locked(sb, (unsigned long)lower_inode,
     82			     ecryptfs_inode_test, ecryptfs_inode_set,
     83			     lower_inode);
     84	if (!inode) {
     85		iput(lower_inode);
     86		return ERR_PTR(-EACCES);
     87	}
     88	if (!(inode->i_state & I_NEW))
     89		iput(lower_inode);
     90
     91	return inode;
     92}
     93
     94struct inode *ecryptfs_get_inode(struct inode *lower_inode,
     95				 struct super_block *sb)
     96{
     97	struct inode *inode = __ecryptfs_get_inode(lower_inode, sb);
     98
     99	if (!IS_ERR(inode) && (inode->i_state & I_NEW))
    100		unlock_new_inode(inode);
    101
    102	return inode;
    103}
    104
    105/**
    106 * ecryptfs_interpose
    107 * @lower_dentry: Existing dentry in the lower filesystem
    108 * @dentry: ecryptfs' dentry
    109 * @sb: ecryptfs's super_block
    110 *
    111 * Interposes upper and lower dentries.
    112 *
    113 * Returns zero on success; non-zero otherwise
    114 */
    115static int ecryptfs_interpose(struct dentry *lower_dentry,
    116			      struct dentry *dentry, struct super_block *sb)
    117{
    118	struct inode *inode = ecryptfs_get_inode(d_inode(lower_dentry), sb);
    119
    120	if (IS_ERR(inode))
    121		return PTR_ERR(inode);
    122	d_instantiate(dentry, inode);
    123
    124	return 0;
    125}
    126
    127static int ecryptfs_do_unlink(struct inode *dir, struct dentry *dentry,
    128			      struct inode *inode)
    129{
    130	struct dentry *lower_dentry;
    131	struct inode *lower_dir;
    132	int rc;
    133
    134	rc = lock_parent(dentry, &lower_dentry, &lower_dir);
    135	dget(lower_dentry);	// don't even try to make the lower negative
    136	if (!rc) {
    137		if (d_unhashed(lower_dentry))
    138			rc = -EINVAL;
    139		else
    140			rc = vfs_unlink(&init_user_ns, lower_dir, lower_dentry,
    141					NULL);
    142	}
    143	if (rc) {
    144		printk(KERN_ERR "Error in vfs_unlink; rc = [%d]\n", rc);
    145		goto out_unlock;
    146	}
    147	fsstack_copy_attr_times(dir, lower_dir);
    148	set_nlink(inode, ecryptfs_inode_to_lower(inode)->i_nlink);
    149	inode->i_ctime = dir->i_ctime;
    150out_unlock:
    151	dput(lower_dentry);
    152	inode_unlock(lower_dir);
    153	if (!rc)
    154		d_drop(dentry);
    155	return rc;
    156}
    157
    158/**
    159 * ecryptfs_do_create
    160 * @directory_inode: inode of the new file's dentry's parent in ecryptfs
    161 * @ecryptfs_dentry: New file's dentry in ecryptfs
    162 * @mode: The mode of the new file
    163 *
    164 * Creates the underlying file and the eCryptfs inode which will link to
    165 * it. It will also update the eCryptfs directory inode to mimic the
    166 * stat of the lower directory inode.
    167 *
    168 * Returns the new eCryptfs inode on success; an ERR_PTR on error condition
    169 */
    170static struct inode *
    171ecryptfs_do_create(struct inode *directory_inode,
    172		   struct dentry *ecryptfs_dentry, umode_t mode)
    173{
    174	int rc;
    175	struct dentry *lower_dentry;
    176	struct inode *lower_dir;
    177	struct inode *inode;
    178
    179	rc = lock_parent(ecryptfs_dentry, &lower_dentry, &lower_dir);
    180	if (!rc)
    181		rc = vfs_create(&init_user_ns, lower_dir,
    182				lower_dentry, mode, true);
    183	if (rc) {
    184		printk(KERN_ERR "%s: Failure to create dentry in lower fs; "
    185		       "rc = [%d]\n", __func__, rc);
    186		inode = ERR_PTR(rc);
    187		goto out_lock;
    188	}
    189	inode = __ecryptfs_get_inode(d_inode(lower_dentry),
    190				     directory_inode->i_sb);
    191	if (IS_ERR(inode)) {
    192		vfs_unlink(&init_user_ns, lower_dir, lower_dentry, NULL);
    193		goto out_lock;
    194	}
    195	fsstack_copy_attr_times(directory_inode, lower_dir);
    196	fsstack_copy_inode_size(directory_inode, lower_dir);
    197out_lock:
    198	inode_unlock(lower_dir);
    199	return inode;
    200}
    201
    202/*
    203 * ecryptfs_initialize_file
    204 *
    205 * Cause the file to be changed from a basic empty file to an ecryptfs
    206 * file with a header and first data page.
    207 *
    208 * Returns zero on success
    209 */
    210int ecryptfs_initialize_file(struct dentry *ecryptfs_dentry,
    211			     struct inode *ecryptfs_inode)
    212{
    213	struct ecryptfs_crypt_stat *crypt_stat =
    214		&ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat;
    215	int rc = 0;
    216
    217	if (S_ISDIR(ecryptfs_inode->i_mode)) {
    218		ecryptfs_printk(KERN_DEBUG, "This is a directory\n");
    219		crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
    220		goto out;
    221	}
    222	ecryptfs_printk(KERN_DEBUG, "Initializing crypto context\n");
    223	rc = ecryptfs_new_file_context(ecryptfs_inode);
    224	if (rc) {
    225		ecryptfs_printk(KERN_ERR, "Error creating new file "
    226				"context; rc = [%d]\n", rc);
    227		goto out;
    228	}
    229	rc = ecryptfs_get_lower_file(ecryptfs_dentry, ecryptfs_inode);
    230	if (rc) {
    231		printk(KERN_ERR "%s: Error attempting to initialize "
    232			"the lower file for the dentry with name "
    233			"[%pd]; rc = [%d]\n", __func__,
    234			ecryptfs_dentry, rc);
    235		goto out;
    236	}
    237	rc = ecryptfs_write_metadata(ecryptfs_dentry, ecryptfs_inode);
    238	if (rc)
    239		printk(KERN_ERR "Error writing headers; rc = [%d]\n", rc);
    240	ecryptfs_put_lower_file(ecryptfs_inode);
    241out:
    242	return rc;
    243}
    244
    245/*
    246 * ecryptfs_create
    247 * @mode: The mode of the new file.
    248 *
    249 * Creates a new file.
    250 *
    251 * Returns zero on success; non-zero on error condition
    252 */
    253static int
    254ecryptfs_create(struct user_namespace *mnt_userns,
    255		struct inode *directory_inode, struct dentry *ecryptfs_dentry,
    256		umode_t mode, bool excl)
    257{
    258	struct inode *ecryptfs_inode;
    259	int rc;
    260
    261	ecryptfs_inode = ecryptfs_do_create(directory_inode, ecryptfs_dentry,
    262					    mode);
    263	if (IS_ERR(ecryptfs_inode)) {
    264		ecryptfs_printk(KERN_WARNING, "Failed to create file in"
    265				"lower filesystem\n");
    266		rc = PTR_ERR(ecryptfs_inode);
    267		goto out;
    268	}
    269	/* At this point, a file exists on "disk"; we need to make sure
    270	 * that this on disk file is prepared to be an ecryptfs file */
    271	rc = ecryptfs_initialize_file(ecryptfs_dentry, ecryptfs_inode);
    272	if (rc) {
    273		ecryptfs_do_unlink(directory_inode, ecryptfs_dentry,
    274				   ecryptfs_inode);
    275		iget_failed(ecryptfs_inode);
    276		goto out;
    277	}
    278	d_instantiate_new(ecryptfs_dentry, ecryptfs_inode);
    279out:
    280	return rc;
    281}
    282
    283static int ecryptfs_i_size_read(struct dentry *dentry, struct inode *inode)
    284{
    285	struct ecryptfs_crypt_stat *crypt_stat;
    286	int rc;
    287
    288	rc = ecryptfs_get_lower_file(dentry, inode);
    289	if (rc) {
    290		printk(KERN_ERR "%s: Error attempting to initialize "
    291			"the lower file for the dentry with name "
    292			"[%pd]; rc = [%d]\n", __func__,
    293			dentry, rc);
    294		return rc;
    295	}
    296
    297	crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat;
    298	/* TODO: lock for crypt_stat comparison */
    299	if (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED))
    300		ecryptfs_set_default_sizes(crypt_stat);
    301
    302	rc = ecryptfs_read_and_validate_header_region(inode);
    303	ecryptfs_put_lower_file(inode);
    304	if (rc) {
    305		rc = ecryptfs_read_and_validate_xattr_region(dentry, inode);
    306		if (!rc)
    307			crypt_stat->flags |= ECRYPTFS_METADATA_IN_XATTR;
    308	}
    309
    310	/* Must return 0 to allow non-eCryptfs files to be looked up, too */
    311	return 0;
    312}
    313
    314/*
    315 * ecryptfs_lookup_interpose - Dentry interposition for a lookup
    316 */
    317static struct dentry *ecryptfs_lookup_interpose(struct dentry *dentry,
    318				     struct dentry *lower_dentry)
    319{
    320	struct path *path = ecryptfs_dentry_to_lower_path(dentry->d_parent);
    321	struct inode *inode, *lower_inode;
    322	struct ecryptfs_dentry_info *dentry_info;
    323	int rc = 0;
    324
    325	dentry_info = kmem_cache_alloc(ecryptfs_dentry_info_cache, GFP_KERNEL);
    326	if (!dentry_info) {
    327		dput(lower_dentry);
    328		return ERR_PTR(-ENOMEM);
    329	}
    330
    331	fsstack_copy_attr_atime(d_inode(dentry->d_parent),
    332				d_inode(path->dentry));
    333	BUG_ON(!d_count(lower_dentry));
    334
    335	ecryptfs_set_dentry_private(dentry, dentry_info);
    336	dentry_info->lower_path.mnt = mntget(path->mnt);
    337	dentry_info->lower_path.dentry = lower_dentry;
    338
    339	/*
    340	 * negative dentry can go positive under us here - its parent is not
    341	 * locked.  That's OK and that could happen just as we return from
    342	 * ecryptfs_lookup() anyway.  Just need to be careful and fetch
    343	 * ->d_inode only once - it's not stable here.
    344	 */
    345	lower_inode = READ_ONCE(lower_dentry->d_inode);
    346
    347	if (!lower_inode) {
    348		/* We want to add because we couldn't find in lower */
    349		d_add(dentry, NULL);
    350		return NULL;
    351	}
    352	inode = __ecryptfs_get_inode(lower_inode, dentry->d_sb);
    353	if (IS_ERR(inode)) {
    354		printk(KERN_ERR "%s: Error interposing; rc = [%ld]\n",
    355		       __func__, PTR_ERR(inode));
    356		return ERR_CAST(inode);
    357	}
    358	if (S_ISREG(inode->i_mode)) {
    359		rc = ecryptfs_i_size_read(dentry, inode);
    360		if (rc) {
    361			make_bad_inode(inode);
    362			return ERR_PTR(rc);
    363		}
    364	}
    365
    366	if (inode->i_state & I_NEW)
    367		unlock_new_inode(inode);
    368	return d_splice_alias(inode, dentry);
    369}
    370
    371/**
    372 * ecryptfs_lookup
    373 * @ecryptfs_dir_inode: The eCryptfs directory inode
    374 * @ecryptfs_dentry: The eCryptfs dentry that we are looking up
    375 * @flags: lookup flags
    376 *
    377 * Find a file on disk. If the file does not exist, then we'll add it to the
    378 * dentry cache and continue on to read it from the disk.
    379 */
    380static struct dentry *ecryptfs_lookup(struct inode *ecryptfs_dir_inode,
    381				      struct dentry *ecryptfs_dentry,
    382				      unsigned int flags)
    383{
    384	char *encrypted_and_encoded_name = NULL;
    385	struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
    386	struct dentry *lower_dir_dentry, *lower_dentry;
    387	const char *name = ecryptfs_dentry->d_name.name;
    388	size_t len = ecryptfs_dentry->d_name.len;
    389	struct dentry *res;
    390	int rc = 0;
    391
    392	lower_dir_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry->d_parent);
    393
    394	mount_crypt_stat = &ecryptfs_superblock_to_private(
    395				ecryptfs_dentry->d_sb)->mount_crypt_stat;
    396	if (mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES) {
    397		rc = ecryptfs_encrypt_and_encode_filename(
    398			&encrypted_and_encoded_name, &len,
    399			mount_crypt_stat, name, len);
    400		if (rc) {
    401			printk(KERN_ERR "%s: Error attempting to encrypt and encode "
    402			       "filename; rc = [%d]\n", __func__, rc);
    403			return ERR_PTR(rc);
    404		}
    405		name = encrypted_and_encoded_name;
    406	}
    407
    408	lower_dentry = lookup_one_len_unlocked(name, lower_dir_dentry, len);
    409	if (IS_ERR(lower_dentry)) {
    410		ecryptfs_printk(KERN_DEBUG, "%s: lookup_one_len() returned "
    411				"[%ld] on lower_dentry = [%s]\n", __func__,
    412				PTR_ERR(lower_dentry),
    413				name);
    414		res = ERR_CAST(lower_dentry);
    415	} else {
    416		res = ecryptfs_lookup_interpose(ecryptfs_dentry, lower_dentry);
    417	}
    418	kfree(encrypted_and_encoded_name);
    419	return res;
    420}
    421
    422static int ecryptfs_link(struct dentry *old_dentry, struct inode *dir,
    423			 struct dentry *new_dentry)
    424{
    425	struct dentry *lower_old_dentry;
    426	struct dentry *lower_new_dentry;
    427	struct inode *lower_dir;
    428	u64 file_size_save;
    429	int rc;
    430
    431	file_size_save = i_size_read(d_inode(old_dentry));
    432	lower_old_dentry = ecryptfs_dentry_to_lower(old_dentry);
    433	rc = lock_parent(new_dentry, &lower_new_dentry, &lower_dir);
    434	if (!rc)
    435		rc = vfs_link(lower_old_dentry, &init_user_ns, lower_dir,
    436			      lower_new_dentry, NULL);
    437	if (rc || d_really_is_negative(lower_new_dentry))
    438		goto out_lock;
    439	rc = ecryptfs_interpose(lower_new_dentry, new_dentry, dir->i_sb);
    440	if (rc)
    441		goto out_lock;
    442	fsstack_copy_attr_times(dir, lower_dir);
    443	fsstack_copy_inode_size(dir, lower_dir);
    444	set_nlink(d_inode(old_dentry),
    445		  ecryptfs_inode_to_lower(d_inode(old_dentry))->i_nlink);
    446	i_size_write(d_inode(new_dentry), file_size_save);
    447out_lock:
    448	inode_unlock(lower_dir);
    449	return rc;
    450}
    451
    452static int ecryptfs_unlink(struct inode *dir, struct dentry *dentry)
    453{
    454	return ecryptfs_do_unlink(dir, dentry, d_inode(dentry));
    455}
    456
    457static int ecryptfs_symlink(struct user_namespace *mnt_userns,
    458			    struct inode *dir, struct dentry *dentry,
    459			    const char *symname)
    460{
    461	int rc;
    462	struct dentry *lower_dentry;
    463	struct inode *lower_dir;
    464	char *encoded_symname;
    465	size_t encoded_symlen;
    466	struct ecryptfs_mount_crypt_stat *mount_crypt_stat = NULL;
    467
    468	rc = lock_parent(dentry, &lower_dentry, &lower_dir);
    469	if (rc)
    470		goto out_lock;
    471	mount_crypt_stat = &ecryptfs_superblock_to_private(
    472		dir->i_sb)->mount_crypt_stat;
    473	rc = ecryptfs_encrypt_and_encode_filename(&encoded_symname,
    474						  &encoded_symlen,
    475						  mount_crypt_stat, symname,
    476						  strlen(symname));
    477	if (rc)
    478		goto out_lock;
    479	rc = vfs_symlink(&init_user_ns, lower_dir, lower_dentry,
    480			 encoded_symname);
    481	kfree(encoded_symname);
    482	if (rc || d_really_is_negative(lower_dentry))
    483		goto out_lock;
    484	rc = ecryptfs_interpose(lower_dentry, dentry, dir->i_sb);
    485	if (rc)
    486		goto out_lock;
    487	fsstack_copy_attr_times(dir, lower_dir);
    488	fsstack_copy_inode_size(dir, lower_dir);
    489out_lock:
    490	inode_unlock(lower_dir);
    491	if (d_really_is_negative(dentry))
    492		d_drop(dentry);
    493	return rc;
    494}
    495
    496static int ecryptfs_mkdir(struct user_namespace *mnt_userns, struct inode *dir,
    497			  struct dentry *dentry, umode_t mode)
    498{
    499	int rc;
    500	struct dentry *lower_dentry;
    501	struct inode *lower_dir;
    502
    503	rc = lock_parent(dentry, &lower_dentry, &lower_dir);
    504	if (!rc)
    505		rc = vfs_mkdir(&init_user_ns, lower_dir,
    506			       lower_dentry, mode);
    507	if (rc || d_really_is_negative(lower_dentry))
    508		goto out;
    509	rc = ecryptfs_interpose(lower_dentry, dentry, dir->i_sb);
    510	if (rc)
    511		goto out;
    512	fsstack_copy_attr_times(dir, lower_dir);
    513	fsstack_copy_inode_size(dir, lower_dir);
    514	set_nlink(dir, lower_dir->i_nlink);
    515out:
    516	inode_unlock(lower_dir);
    517	if (d_really_is_negative(dentry))
    518		d_drop(dentry);
    519	return rc;
    520}
    521
    522static int ecryptfs_rmdir(struct inode *dir, struct dentry *dentry)
    523{
    524	struct dentry *lower_dentry;
    525	struct inode *lower_dir;
    526	int rc;
    527
    528	rc = lock_parent(dentry, &lower_dentry, &lower_dir);
    529	dget(lower_dentry);	// don't even try to make the lower negative
    530	if (!rc) {
    531		if (d_unhashed(lower_dentry))
    532			rc = -EINVAL;
    533		else
    534			rc = vfs_rmdir(&init_user_ns, lower_dir, lower_dentry);
    535	}
    536	if (!rc) {
    537		clear_nlink(d_inode(dentry));
    538		fsstack_copy_attr_times(dir, lower_dir);
    539		set_nlink(dir, lower_dir->i_nlink);
    540	}
    541	dput(lower_dentry);
    542	inode_unlock(lower_dir);
    543	if (!rc)
    544		d_drop(dentry);
    545	return rc;
    546}
    547
    548static int
    549ecryptfs_mknod(struct user_namespace *mnt_userns, struct inode *dir,
    550	       struct dentry *dentry, umode_t mode, dev_t dev)
    551{
    552	int rc;
    553	struct dentry *lower_dentry;
    554	struct inode *lower_dir;
    555
    556	rc = lock_parent(dentry, &lower_dentry, &lower_dir);
    557	if (!rc)
    558		rc = vfs_mknod(&init_user_ns, lower_dir,
    559			       lower_dentry, mode, dev);
    560	if (rc || d_really_is_negative(lower_dentry))
    561		goto out;
    562	rc = ecryptfs_interpose(lower_dentry, dentry, dir->i_sb);
    563	if (rc)
    564		goto out;
    565	fsstack_copy_attr_times(dir, lower_dir);
    566	fsstack_copy_inode_size(dir, lower_dir);
    567out:
    568	inode_unlock(lower_dir);
    569	if (d_really_is_negative(dentry))
    570		d_drop(dentry);
    571	return rc;
    572}
    573
    574static int
    575ecryptfs_rename(struct user_namespace *mnt_userns, struct inode *old_dir,
    576		struct dentry *old_dentry, struct inode *new_dir,
    577		struct dentry *new_dentry, unsigned int flags)
    578{
    579	int rc;
    580	struct dentry *lower_old_dentry;
    581	struct dentry *lower_new_dentry;
    582	struct dentry *lower_old_dir_dentry;
    583	struct dentry *lower_new_dir_dentry;
    584	struct dentry *trap;
    585	struct inode *target_inode;
    586	struct renamedata rd = {};
    587
    588	if (flags)
    589		return -EINVAL;
    590
    591	lower_old_dir_dentry = ecryptfs_dentry_to_lower(old_dentry->d_parent);
    592	lower_new_dir_dentry = ecryptfs_dentry_to_lower(new_dentry->d_parent);
    593
    594	lower_old_dentry = ecryptfs_dentry_to_lower(old_dentry);
    595	lower_new_dentry = ecryptfs_dentry_to_lower(new_dentry);
    596
    597	target_inode = d_inode(new_dentry);
    598
    599	trap = lock_rename(lower_old_dir_dentry, lower_new_dir_dentry);
    600	dget(lower_new_dentry);
    601	rc = -EINVAL;
    602	if (lower_old_dentry->d_parent != lower_old_dir_dentry)
    603		goto out_lock;
    604	if (lower_new_dentry->d_parent != lower_new_dir_dentry)
    605		goto out_lock;
    606	if (d_unhashed(lower_old_dentry) || d_unhashed(lower_new_dentry))
    607		goto out_lock;
    608	/* source should not be ancestor of target */
    609	if (trap == lower_old_dentry)
    610		goto out_lock;
    611	/* target should not be ancestor of source */
    612	if (trap == lower_new_dentry) {
    613		rc = -ENOTEMPTY;
    614		goto out_lock;
    615	}
    616
    617	rd.old_mnt_userns	= &init_user_ns;
    618	rd.old_dir		= d_inode(lower_old_dir_dentry);
    619	rd.old_dentry		= lower_old_dentry;
    620	rd.new_mnt_userns	= &init_user_ns;
    621	rd.new_dir		= d_inode(lower_new_dir_dentry);
    622	rd.new_dentry		= lower_new_dentry;
    623	rc = vfs_rename(&rd);
    624	if (rc)
    625		goto out_lock;
    626	if (target_inode)
    627		fsstack_copy_attr_all(target_inode,
    628				      ecryptfs_inode_to_lower(target_inode));
    629	fsstack_copy_attr_all(new_dir, d_inode(lower_new_dir_dentry));
    630	if (new_dir != old_dir)
    631		fsstack_copy_attr_all(old_dir, d_inode(lower_old_dir_dentry));
    632out_lock:
    633	dput(lower_new_dentry);
    634	unlock_rename(lower_old_dir_dentry, lower_new_dir_dentry);
    635	return rc;
    636}
    637
    638static char *ecryptfs_readlink_lower(struct dentry *dentry, size_t *bufsiz)
    639{
    640	DEFINE_DELAYED_CALL(done);
    641	struct dentry *lower_dentry = ecryptfs_dentry_to_lower(dentry);
    642	const char *link;
    643	char *buf;
    644	int rc;
    645
    646	link = vfs_get_link(lower_dentry, &done);
    647	if (IS_ERR(link))
    648		return ERR_CAST(link);
    649
    650	rc = ecryptfs_decode_and_decrypt_filename(&buf, bufsiz, dentry->d_sb,
    651						  link, strlen(link));
    652	do_delayed_call(&done);
    653	if (rc)
    654		return ERR_PTR(rc);
    655
    656	return buf;
    657}
    658
    659static const char *ecryptfs_get_link(struct dentry *dentry,
    660				     struct inode *inode,
    661				     struct delayed_call *done)
    662{
    663	size_t len;
    664	char *buf;
    665
    666	if (!dentry)
    667		return ERR_PTR(-ECHILD);
    668
    669	buf = ecryptfs_readlink_lower(dentry, &len);
    670	if (IS_ERR(buf))
    671		return buf;
    672	fsstack_copy_attr_atime(d_inode(dentry),
    673				d_inode(ecryptfs_dentry_to_lower(dentry)));
    674	buf[len] = '\0';
    675	set_delayed_call(done, kfree_link, buf);
    676	return buf;
    677}
    678
    679/**
    680 * upper_size_to_lower_size
    681 * @crypt_stat: Crypt_stat associated with file
    682 * @upper_size: Size of the upper file
    683 *
    684 * Calculate the required size of the lower file based on the
    685 * specified size of the upper file. This calculation is based on the
    686 * number of headers in the underlying file and the extent size.
    687 *
    688 * Returns Calculated size of the lower file.
    689 */
    690static loff_t
    691upper_size_to_lower_size(struct ecryptfs_crypt_stat *crypt_stat,
    692			 loff_t upper_size)
    693{
    694	loff_t lower_size;
    695
    696	lower_size = ecryptfs_lower_header_size(crypt_stat);
    697	if (upper_size != 0) {
    698		loff_t num_extents;
    699
    700		num_extents = upper_size >> crypt_stat->extent_shift;
    701		if (upper_size & ~crypt_stat->extent_mask)
    702			num_extents++;
    703		lower_size += (num_extents * crypt_stat->extent_size);
    704	}
    705	return lower_size;
    706}
    707
    708/**
    709 * truncate_upper
    710 * @dentry: The ecryptfs layer dentry
    711 * @ia: Address of the ecryptfs inode's attributes
    712 * @lower_ia: Address of the lower inode's attributes
    713 *
    714 * Function to handle truncations modifying the size of the file. Note
    715 * that the file sizes are interpolated. When expanding, we are simply
    716 * writing strings of 0's out. When truncating, we truncate the upper
    717 * inode and update the lower_ia according to the page index
    718 * interpolations. If ATTR_SIZE is set in lower_ia->ia_valid upon return,
    719 * the caller must use lower_ia in a call to notify_change() to perform
    720 * the truncation of the lower inode.
    721 *
    722 * Returns zero on success; non-zero otherwise
    723 */
    724static int truncate_upper(struct dentry *dentry, struct iattr *ia,
    725			  struct iattr *lower_ia)
    726{
    727	int rc = 0;
    728	struct inode *inode = d_inode(dentry);
    729	struct ecryptfs_crypt_stat *crypt_stat;
    730	loff_t i_size = i_size_read(inode);
    731	loff_t lower_size_before_truncate;
    732	loff_t lower_size_after_truncate;
    733
    734	if (unlikely((ia->ia_size == i_size))) {
    735		lower_ia->ia_valid &= ~ATTR_SIZE;
    736		return 0;
    737	}
    738	rc = ecryptfs_get_lower_file(dentry, inode);
    739	if (rc)
    740		return rc;
    741	crypt_stat = &ecryptfs_inode_to_private(d_inode(dentry))->crypt_stat;
    742	/* Switch on growing or shrinking file */
    743	if (ia->ia_size > i_size) {
    744		char zero[] = { 0x00 };
    745
    746		lower_ia->ia_valid &= ~ATTR_SIZE;
    747		/* Write a single 0 at the last position of the file;
    748		 * this triggers code that will fill in 0's throughout
    749		 * the intermediate portion of the previous end of the
    750		 * file and the new and of the file */
    751		rc = ecryptfs_write(inode, zero,
    752				    (ia->ia_size - 1), 1);
    753	} else { /* ia->ia_size < i_size_read(inode) */
    754		/* We're chopping off all the pages down to the page
    755		 * in which ia->ia_size is located. Fill in the end of
    756		 * that page from (ia->ia_size & ~PAGE_MASK) to
    757		 * PAGE_SIZE with zeros. */
    758		size_t num_zeros = (PAGE_SIZE
    759				    - (ia->ia_size & ~PAGE_MASK));
    760
    761		if (!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) {
    762			truncate_setsize(inode, ia->ia_size);
    763			lower_ia->ia_size = ia->ia_size;
    764			lower_ia->ia_valid |= ATTR_SIZE;
    765			goto out;
    766		}
    767		if (num_zeros) {
    768			char *zeros_virt;
    769
    770			zeros_virt = kzalloc(num_zeros, GFP_KERNEL);
    771			if (!zeros_virt) {
    772				rc = -ENOMEM;
    773				goto out;
    774			}
    775			rc = ecryptfs_write(inode, zeros_virt,
    776					    ia->ia_size, num_zeros);
    777			kfree(zeros_virt);
    778			if (rc) {
    779				printk(KERN_ERR "Error attempting to zero out "
    780				       "the remainder of the end page on "
    781				       "reducing truncate; rc = [%d]\n", rc);
    782				goto out;
    783			}
    784		}
    785		truncate_setsize(inode, ia->ia_size);
    786		rc = ecryptfs_write_inode_size_to_metadata(inode);
    787		if (rc) {
    788			printk(KERN_ERR	"Problem with "
    789			       "ecryptfs_write_inode_size_to_metadata; "
    790			       "rc = [%d]\n", rc);
    791			goto out;
    792		}
    793		/* We are reducing the size of the ecryptfs file, and need to
    794		 * know if we need to reduce the size of the lower file. */
    795		lower_size_before_truncate =
    796		    upper_size_to_lower_size(crypt_stat, i_size);
    797		lower_size_after_truncate =
    798		    upper_size_to_lower_size(crypt_stat, ia->ia_size);
    799		if (lower_size_after_truncate < lower_size_before_truncate) {
    800			lower_ia->ia_size = lower_size_after_truncate;
    801			lower_ia->ia_valid |= ATTR_SIZE;
    802		} else
    803			lower_ia->ia_valid &= ~ATTR_SIZE;
    804	}
    805out:
    806	ecryptfs_put_lower_file(inode);
    807	return rc;
    808}
    809
    810static int ecryptfs_inode_newsize_ok(struct inode *inode, loff_t offset)
    811{
    812	struct ecryptfs_crypt_stat *crypt_stat;
    813	loff_t lower_oldsize, lower_newsize;
    814
    815	crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat;
    816	lower_oldsize = upper_size_to_lower_size(crypt_stat,
    817						 i_size_read(inode));
    818	lower_newsize = upper_size_to_lower_size(crypt_stat, offset);
    819	if (lower_newsize > lower_oldsize) {
    820		/*
    821		 * The eCryptfs inode and the new *lower* size are mixed here
    822		 * because we may not have the lower i_mutex held and/or it may
    823		 * not be appropriate to call inode_newsize_ok() with inodes
    824		 * from other filesystems.
    825		 */
    826		return inode_newsize_ok(inode, lower_newsize);
    827	}
    828
    829	return 0;
    830}
    831
    832/**
    833 * ecryptfs_truncate
    834 * @dentry: The ecryptfs layer dentry
    835 * @new_length: The length to expand the file to
    836 *
    837 * Simple function that handles the truncation of an eCryptfs inode and
    838 * its corresponding lower inode.
    839 *
    840 * Returns zero on success; non-zero otherwise
    841 */
    842int ecryptfs_truncate(struct dentry *dentry, loff_t new_length)
    843{
    844	struct iattr ia = { .ia_valid = ATTR_SIZE, .ia_size = new_length };
    845	struct iattr lower_ia = { .ia_valid = 0 };
    846	int rc;
    847
    848	rc = ecryptfs_inode_newsize_ok(d_inode(dentry), new_length);
    849	if (rc)
    850		return rc;
    851
    852	rc = truncate_upper(dentry, &ia, &lower_ia);
    853	if (!rc && lower_ia.ia_valid & ATTR_SIZE) {
    854		struct dentry *lower_dentry = ecryptfs_dentry_to_lower(dentry);
    855
    856		inode_lock(d_inode(lower_dentry));
    857		rc = notify_change(&init_user_ns, lower_dentry,
    858				   &lower_ia, NULL);
    859		inode_unlock(d_inode(lower_dentry));
    860	}
    861	return rc;
    862}
    863
    864static int
    865ecryptfs_permission(struct user_namespace *mnt_userns, struct inode *inode,
    866		    int mask)
    867{
    868	return inode_permission(&init_user_ns,
    869				ecryptfs_inode_to_lower(inode), mask);
    870}
    871
    872/**
    873 * ecryptfs_setattr
    874 * @mnt_userns: user namespace of the target mount
    875 * @dentry: dentry handle to the inode to modify
    876 * @ia: Structure with flags of what to change and values
    877 *
    878 * Updates the metadata of an inode. If the update is to the size
    879 * i.e. truncation, then ecryptfs_truncate will handle the size modification
    880 * of both the ecryptfs inode and the lower inode.
    881 *
    882 * All other metadata changes will be passed right to the lower filesystem,
    883 * and we will just update our inode to look like the lower.
    884 */
    885static int ecryptfs_setattr(struct user_namespace *mnt_userns,
    886			    struct dentry *dentry, struct iattr *ia)
    887{
    888	int rc = 0;
    889	struct dentry *lower_dentry;
    890	struct iattr lower_ia;
    891	struct inode *inode;
    892	struct inode *lower_inode;
    893	struct ecryptfs_crypt_stat *crypt_stat;
    894
    895	crypt_stat = &ecryptfs_inode_to_private(d_inode(dentry))->crypt_stat;
    896	if (!(crypt_stat->flags & ECRYPTFS_STRUCT_INITIALIZED)) {
    897		rc = ecryptfs_init_crypt_stat(crypt_stat);
    898		if (rc)
    899			return rc;
    900	}
    901	inode = d_inode(dentry);
    902	lower_inode = ecryptfs_inode_to_lower(inode);
    903	lower_dentry = ecryptfs_dentry_to_lower(dentry);
    904	mutex_lock(&crypt_stat->cs_mutex);
    905	if (d_is_dir(dentry))
    906		crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
    907	else if (d_is_reg(dentry)
    908		 && (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED)
    909		     || !(crypt_stat->flags & ECRYPTFS_KEY_VALID))) {
    910		struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
    911
    912		mount_crypt_stat = &ecryptfs_superblock_to_private(
    913			dentry->d_sb)->mount_crypt_stat;
    914		rc = ecryptfs_get_lower_file(dentry, inode);
    915		if (rc) {
    916			mutex_unlock(&crypt_stat->cs_mutex);
    917			goto out;
    918		}
    919		rc = ecryptfs_read_metadata(dentry);
    920		ecryptfs_put_lower_file(inode);
    921		if (rc) {
    922			if (!(mount_crypt_stat->flags
    923			      & ECRYPTFS_PLAINTEXT_PASSTHROUGH_ENABLED)) {
    924				rc = -EIO;
    925				printk(KERN_WARNING "Either the lower file "
    926				       "is not in a valid eCryptfs format, "
    927				       "or the key could not be retrieved. "
    928				       "Plaintext passthrough mode is not "
    929				       "enabled; returning -EIO\n");
    930				mutex_unlock(&crypt_stat->cs_mutex);
    931				goto out;
    932			}
    933			rc = 0;
    934			crypt_stat->flags &= ~(ECRYPTFS_I_SIZE_INITIALIZED
    935					       | ECRYPTFS_ENCRYPTED);
    936		}
    937	}
    938	mutex_unlock(&crypt_stat->cs_mutex);
    939
    940	rc = setattr_prepare(&init_user_ns, dentry, ia);
    941	if (rc)
    942		goto out;
    943	if (ia->ia_valid & ATTR_SIZE) {
    944		rc = ecryptfs_inode_newsize_ok(inode, ia->ia_size);
    945		if (rc)
    946			goto out;
    947	}
    948
    949	memcpy(&lower_ia, ia, sizeof(lower_ia));
    950	if (ia->ia_valid & ATTR_FILE)
    951		lower_ia.ia_file = ecryptfs_file_to_lower(ia->ia_file);
    952	if (ia->ia_valid & ATTR_SIZE) {
    953		rc = truncate_upper(dentry, ia, &lower_ia);
    954		if (rc < 0)
    955			goto out;
    956	}
    957
    958	/*
    959	 * mode change is for clearing setuid/setgid bits. Allow lower fs
    960	 * to interpret this in its own way.
    961	 */
    962	if (lower_ia.ia_valid & (ATTR_KILL_SUID | ATTR_KILL_SGID))
    963		lower_ia.ia_valid &= ~ATTR_MODE;
    964
    965	inode_lock(d_inode(lower_dentry));
    966	rc = notify_change(&init_user_ns, lower_dentry, &lower_ia, NULL);
    967	inode_unlock(d_inode(lower_dentry));
    968out:
    969	fsstack_copy_attr_all(inode, lower_inode);
    970	return rc;
    971}
    972
    973static int ecryptfs_getattr_link(struct user_namespace *mnt_userns,
    974				 const struct path *path, struct kstat *stat,
    975				 u32 request_mask, unsigned int flags)
    976{
    977	struct dentry *dentry = path->dentry;
    978	struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
    979	int rc = 0;
    980
    981	mount_crypt_stat = &ecryptfs_superblock_to_private(
    982						dentry->d_sb)->mount_crypt_stat;
    983	generic_fillattr(&init_user_ns, d_inode(dentry), stat);
    984	if (mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES) {
    985		char *target;
    986		size_t targetsiz;
    987
    988		target = ecryptfs_readlink_lower(dentry, &targetsiz);
    989		if (!IS_ERR(target)) {
    990			kfree(target);
    991			stat->size = targetsiz;
    992		} else {
    993			rc = PTR_ERR(target);
    994		}
    995	}
    996	return rc;
    997}
    998
    999static int ecryptfs_getattr(struct user_namespace *mnt_userns,
   1000			    const struct path *path, struct kstat *stat,
   1001			    u32 request_mask, unsigned int flags)
   1002{
   1003	struct dentry *dentry = path->dentry;
   1004	struct kstat lower_stat;
   1005	int rc;
   1006
   1007	rc = vfs_getattr(ecryptfs_dentry_to_lower_path(dentry), &lower_stat,
   1008			 request_mask, flags);
   1009	if (!rc) {
   1010		fsstack_copy_attr_all(d_inode(dentry),
   1011				      ecryptfs_inode_to_lower(d_inode(dentry)));
   1012		generic_fillattr(&init_user_ns, d_inode(dentry), stat);
   1013		stat->blocks = lower_stat.blocks;
   1014	}
   1015	return rc;
   1016}
   1017
   1018int
   1019ecryptfs_setxattr(struct dentry *dentry, struct inode *inode,
   1020		  const char *name, const void *value,
   1021		  size_t size, int flags)
   1022{
   1023	int rc;
   1024	struct dentry *lower_dentry;
   1025	struct inode *lower_inode;
   1026
   1027	lower_dentry = ecryptfs_dentry_to_lower(dentry);
   1028	lower_inode = d_inode(lower_dentry);
   1029	if (!(lower_inode->i_opflags & IOP_XATTR)) {
   1030		rc = -EOPNOTSUPP;
   1031		goto out;
   1032	}
   1033	inode_lock(lower_inode);
   1034	rc = __vfs_setxattr_locked(&init_user_ns, lower_dentry, name, value, size, flags, NULL);
   1035	inode_unlock(lower_inode);
   1036	if (!rc && inode)
   1037		fsstack_copy_attr_all(inode, lower_inode);
   1038out:
   1039	return rc;
   1040}
   1041
   1042ssize_t
   1043ecryptfs_getxattr_lower(struct dentry *lower_dentry, struct inode *lower_inode,
   1044			const char *name, void *value, size_t size)
   1045{
   1046	int rc;
   1047
   1048	if (!(lower_inode->i_opflags & IOP_XATTR)) {
   1049		rc = -EOPNOTSUPP;
   1050		goto out;
   1051	}
   1052	inode_lock(lower_inode);
   1053	rc = __vfs_getxattr(lower_dentry, lower_inode, name, value, size);
   1054	inode_unlock(lower_inode);
   1055out:
   1056	return rc;
   1057}
   1058
   1059static ssize_t
   1060ecryptfs_getxattr(struct dentry *dentry, struct inode *inode,
   1061		  const char *name, void *value, size_t size)
   1062{
   1063	return ecryptfs_getxattr_lower(ecryptfs_dentry_to_lower(dentry),
   1064				       ecryptfs_inode_to_lower(inode),
   1065				       name, value, size);
   1066}
   1067
   1068static ssize_t
   1069ecryptfs_listxattr(struct dentry *dentry, char *list, size_t size)
   1070{
   1071	int rc = 0;
   1072	struct dentry *lower_dentry;
   1073
   1074	lower_dentry = ecryptfs_dentry_to_lower(dentry);
   1075	if (!d_inode(lower_dentry)->i_op->listxattr) {
   1076		rc = -EOPNOTSUPP;
   1077		goto out;
   1078	}
   1079	inode_lock(d_inode(lower_dentry));
   1080	rc = d_inode(lower_dentry)->i_op->listxattr(lower_dentry, list, size);
   1081	inode_unlock(d_inode(lower_dentry));
   1082out:
   1083	return rc;
   1084}
   1085
   1086static int ecryptfs_removexattr(struct dentry *dentry, struct inode *inode,
   1087				const char *name)
   1088{
   1089	int rc;
   1090	struct dentry *lower_dentry;
   1091	struct inode *lower_inode;
   1092
   1093	lower_dentry = ecryptfs_dentry_to_lower(dentry);
   1094	lower_inode = ecryptfs_inode_to_lower(inode);
   1095	if (!(lower_inode->i_opflags & IOP_XATTR)) {
   1096		rc = -EOPNOTSUPP;
   1097		goto out;
   1098	}
   1099	inode_lock(lower_inode);
   1100	rc = __vfs_removexattr(&init_user_ns, lower_dentry, name);
   1101	inode_unlock(lower_inode);
   1102out:
   1103	return rc;
   1104}
   1105
   1106static int ecryptfs_fileattr_get(struct dentry *dentry, struct fileattr *fa)
   1107{
   1108	return vfs_fileattr_get(ecryptfs_dentry_to_lower(dentry), fa);
   1109}
   1110
   1111static int ecryptfs_fileattr_set(struct user_namespace *mnt_userns,
   1112				 struct dentry *dentry, struct fileattr *fa)
   1113{
   1114	struct dentry *lower_dentry = ecryptfs_dentry_to_lower(dentry);
   1115	int rc;
   1116
   1117	rc = vfs_fileattr_set(&init_user_ns, lower_dentry, fa);
   1118	fsstack_copy_attr_all(d_inode(dentry), d_inode(lower_dentry));
   1119
   1120	return rc;
   1121}
   1122
   1123const struct inode_operations ecryptfs_symlink_iops = {
   1124	.get_link = ecryptfs_get_link,
   1125	.permission = ecryptfs_permission,
   1126	.setattr = ecryptfs_setattr,
   1127	.getattr = ecryptfs_getattr_link,
   1128	.listxattr = ecryptfs_listxattr,
   1129};
   1130
   1131const struct inode_operations ecryptfs_dir_iops = {
   1132	.create = ecryptfs_create,
   1133	.lookup = ecryptfs_lookup,
   1134	.link = ecryptfs_link,
   1135	.unlink = ecryptfs_unlink,
   1136	.symlink = ecryptfs_symlink,
   1137	.mkdir = ecryptfs_mkdir,
   1138	.rmdir = ecryptfs_rmdir,
   1139	.mknod = ecryptfs_mknod,
   1140	.rename = ecryptfs_rename,
   1141	.permission = ecryptfs_permission,
   1142	.setattr = ecryptfs_setattr,
   1143	.listxattr = ecryptfs_listxattr,
   1144	.fileattr_get = ecryptfs_fileattr_get,
   1145	.fileattr_set = ecryptfs_fileattr_set,
   1146};
   1147
   1148const struct inode_operations ecryptfs_main_iops = {
   1149	.permission = ecryptfs_permission,
   1150	.setattr = ecryptfs_setattr,
   1151	.getattr = ecryptfs_getattr,
   1152	.listxattr = ecryptfs_listxattr,
   1153	.fileattr_get = ecryptfs_fileattr_get,
   1154	.fileattr_set = ecryptfs_fileattr_set,
   1155};
   1156
   1157static int ecryptfs_xattr_get(const struct xattr_handler *handler,
   1158			      struct dentry *dentry, struct inode *inode,
   1159			      const char *name, void *buffer, size_t size)
   1160{
   1161	return ecryptfs_getxattr(dentry, inode, name, buffer, size);
   1162}
   1163
   1164static int ecryptfs_xattr_set(const struct xattr_handler *handler,
   1165			      struct user_namespace *mnt_userns,
   1166			      struct dentry *dentry, struct inode *inode,
   1167			      const char *name, const void *value, size_t size,
   1168			      int flags)
   1169{
   1170	if (value)
   1171		return ecryptfs_setxattr(dentry, inode, name, value, size, flags);
   1172	else {
   1173		BUG_ON(flags != XATTR_REPLACE);
   1174		return ecryptfs_removexattr(dentry, inode, name);
   1175	}
   1176}
   1177
   1178static const struct xattr_handler ecryptfs_xattr_handler = {
   1179	.prefix = "",  /* match anything */
   1180	.get = ecryptfs_xattr_get,
   1181	.set = ecryptfs_xattr_set,
   1182};
   1183
   1184const struct xattr_handler *ecryptfs_xattr_handlers[] = {
   1185	&ecryptfs_xattr_handler,
   1186	NULL
   1187};