cachepc-linux

Fork of AMDESE/linux with modifications for CachePC side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-linux
Log | Files | Refs | README | LICENSE | sfeed.txt

crypto.c (6216B)

      1// SPDX-License-Identifier: GPL-2.0
      2
      3#include <linux/quotaops.h>
      4#include <linux/uuid.h>
      5
      6#include "ext4.h"
      7#include "xattr.h"
      8#include "ext4_jbd2.h"
      9
     10static void ext4_fname_from_fscrypt_name(struct ext4_filename *dst,
     11					 const struct fscrypt_name *src)
     12{
     13	memset(dst, 0, sizeof(*dst));
     14
     15	dst->usr_fname = src->usr_fname;
     16	dst->disk_name = src->disk_name;
     17	dst->hinfo.hash = src->hash;
     18	dst->hinfo.minor_hash = src->minor_hash;
     19	dst->crypto_buf = src->crypto_buf;
     20}
     21
     22int ext4_fname_setup_filename(struct inode *dir, const struct qstr *iname,
     23			      int lookup, struct ext4_filename *fname)
     24{
     25	struct fscrypt_name name;
     26	int err;
     27
     28	err = fscrypt_setup_filename(dir, iname, lookup, &name);
     29	if (err)
     30		return err;
     31
     32	ext4_fname_from_fscrypt_name(fname, &name);
     33
     34#if IS_ENABLED(CONFIG_UNICODE)
     35	err = ext4_fname_setup_ci_filename(dir, iname, fname);
     36#endif
     37	return err;
     38}
     39
     40int ext4_fname_prepare_lookup(struct inode *dir, struct dentry *dentry,
     41			      struct ext4_filename *fname)
     42{
     43	struct fscrypt_name name;
     44	int err;
     45
     46	err = fscrypt_prepare_lookup(dir, dentry, &name);
     47	if (err)
     48		return err;
     49
     50	ext4_fname_from_fscrypt_name(fname, &name);
     51
     52#if IS_ENABLED(CONFIG_UNICODE)
     53	err = ext4_fname_setup_ci_filename(dir, &dentry->d_name, fname);
     54#endif
     55	return err;
     56}
     57
     58void ext4_fname_free_filename(struct ext4_filename *fname)
     59{
     60	struct fscrypt_name name;
     61
     62	name.crypto_buf = fname->crypto_buf;
     63	fscrypt_free_filename(&name);
     64
     65	fname->crypto_buf.name = NULL;
     66	fname->usr_fname = NULL;
     67	fname->disk_name.name = NULL;
     68
     69#if IS_ENABLED(CONFIG_UNICODE)
     70	kfree(fname->cf_name.name);
     71	fname->cf_name.name = NULL;
     72#endif
     73}
     74
     75static bool uuid_is_zero(__u8 u[16])
     76{
     77	int i;
     78
     79	for (i = 0; i < 16; i++)
     80		if (u[i])
     81			return false;
     82	return true;
     83}
     84
     85int ext4_ioctl_get_encryption_pwsalt(struct file *filp, void __user *arg)
     86{
     87	struct super_block *sb = file_inode(filp)->i_sb;
     88	struct ext4_sb_info *sbi = EXT4_SB(sb);
     89	int err, err2;
     90	handle_t *handle;
     91
     92	if (!ext4_has_feature_encrypt(sb))
     93		return -EOPNOTSUPP;
     94
     95	if (uuid_is_zero(sbi->s_es->s_encrypt_pw_salt)) {
     96		err = mnt_want_write_file(filp);
     97		if (err)
     98			return err;
     99		handle = ext4_journal_start_sb(sb, EXT4_HT_MISC, 1);
    100		if (IS_ERR(handle)) {
    101			err = PTR_ERR(handle);
    102			goto pwsalt_err_exit;
    103		}
    104		err = ext4_journal_get_write_access(handle, sb, sbi->s_sbh,
    105						    EXT4_JTR_NONE);
    106		if (err)
    107			goto pwsalt_err_journal;
    108		lock_buffer(sbi->s_sbh);
    109		generate_random_uuid(sbi->s_es->s_encrypt_pw_salt);
    110		ext4_superblock_csum_set(sb);
    111		unlock_buffer(sbi->s_sbh);
    112		err = ext4_handle_dirty_metadata(handle, NULL, sbi->s_sbh);
    113pwsalt_err_journal:
    114		err2 = ext4_journal_stop(handle);
    115		if (err2 && !err)
    116			err = err2;
    117pwsalt_err_exit:
    118		mnt_drop_write_file(filp);
    119		if (err)
    120			return err;
    121	}
    122
    123	if (copy_to_user(arg, sbi->s_es->s_encrypt_pw_salt, 16))
    124		return -EFAULT;
    125	return 0;
    126}
    127
    128static int ext4_get_context(struct inode *inode, void *ctx, size_t len)
    129{
    130	return ext4_xattr_get(inode, EXT4_XATTR_INDEX_ENCRYPTION,
    131				 EXT4_XATTR_NAME_ENCRYPTION_CONTEXT, ctx, len);
    132}
    133
    134static int ext4_set_context(struct inode *inode, const void *ctx, size_t len,
    135							void *fs_data)
    136{
    137	handle_t *handle = fs_data;
    138	int res, res2, credits, retries = 0;
    139
    140	/*
    141	 * Encrypting the root directory is not allowed because e2fsck expects
    142	 * lost+found to exist and be unencrypted, and encrypting the root
    143	 * directory would imply encrypting the lost+found directory as well as
    144	 * the filename "lost+found" itself.
    145	 */
    146	if (inode->i_ino == EXT4_ROOT_INO)
    147		return -EPERM;
    148
    149	if (WARN_ON_ONCE(IS_DAX(inode) && i_size_read(inode)))
    150		return -EINVAL;
    151
    152	if (ext4_test_inode_flag(inode, EXT4_INODE_DAX))
    153		return -EOPNOTSUPP;
    154
    155	res = ext4_convert_inline_data(inode);
    156	if (res)
    157		return res;
    158
    159	/*
    160	 * If a journal handle was specified, then the encryption context is
    161	 * being set on a new inode via inheritance and is part of a larger
    162	 * transaction to create the inode.  Otherwise the encryption context is
    163	 * being set on an existing inode in its own transaction.  Only in the
    164	 * latter case should the "retry on ENOSPC" logic be used.
    165	 */
    166
    167	if (handle) {
    168		res = ext4_xattr_set_handle(handle, inode,
    169					    EXT4_XATTR_INDEX_ENCRYPTION,
    170					    EXT4_XATTR_NAME_ENCRYPTION_CONTEXT,
    171					    ctx, len, 0);
    172		if (!res) {
    173			ext4_set_inode_flag(inode, EXT4_INODE_ENCRYPT);
    174			ext4_clear_inode_state(inode,
    175					EXT4_STATE_MAY_INLINE_DATA);
    176			/*
    177			 * Update inode->i_flags - S_ENCRYPTED will be enabled,
    178			 * S_DAX may be disabled
    179			 */
    180			ext4_set_inode_flags(inode, false);
    181		}
    182		return res;
    183	}
    184
    185	res = dquot_initialize(inode);
    186	if (res)
    187		return res;
    188retry:
    189	res = ext4_xattr_set_credits(inode, len, false /* is_create */,
    190				     &credits);
    191	if (res)
    192		return res;
    193
    194	handle = ext4_journal_start(inode, EXT4_HT_MISC, credits);
    195	if (IS_ERR(handle))
    196		return PTR_ERR(handle);
    197
    198	res = ext4_xattr_set_handle(handle, inode, EXT4_XATTR_INDEX_ENCRYPTION,
    199				    EXT4_XATTR_NAME_ENCRYPTION_CONTEXT,
    200				    ctx, len, 0);
    201	if (!res) {
    202		ext4_set_inode_flag(inode, EXT4_INODE_ENCRYPT);
    203		/*
    204		 * Update inode->i_flags - S_ENCRYPTED will be enabled,
    205		 * S_DAX may be disabled
    206		 */
    207		ext4_set_inode_flags(inode, false);
    208		res = ext4_mark_inode_dirty(handle, inode);
    209		if (res)
    210			EXT4_ERROR_INODE(inode, "Failed to mark inode dirty");
    211	}
    212	res2 = ext4_journal_stop(handle);
    213
    214	if (res == -ENOSPC && ext4_should_retry_alloc(inode->i_sb, &retries))
    215		goto retry;
    216	if (!res)
    217		res = res2;
    218	return res;
    219}
    220
    221static const union fscrypt_policy *ext4_get_dummy_policy(struct super_block *sb)
    222{
    223	return EXT4_SB(sb)->s_dummy_enc_policy.policy;
    224}
    225
    226static bool ext4_has_stable_inodes(struct super_block *sb)
    227{
    228	return ext4_has_feature_stable_inodes(sb);
    229}
    230
    231static void ext4_get_ino_and_lblk_bits(struct super_block *sb,
    232				       int *ino_bits_ret, int *lblk_bits_ret)
    233{
    234	*ino_bits_ret = 8 * sizeof(EXT4_SB(sb)->s_es->s_inodes_count);
    235	*lblk_bits_ret = 8 * sizeof(ext4_lblk_t);
    236}
    237
    238const struct fscrypt_operations ext4_cryptops = {
    239	.key_prefix		= "ext4:",
    240	.get_context		= ext4_get_context,
    241	.set_context		= ext4_set_context,
    242	.get_dummy_policy	= ext4_get_dummy_policy,
    243	.empty_dir		= ext4_empty_dir,
    244	.has_stable_inodes	= ext4_has_stable_inodes,
    245	.get_ino_and_lblk_bits	= ext4_get_ino_and_lblk_bits,
    246};