fs: push i_mutex and filemap_write_and_wait down into ->fsync() handlers
[linux-2.6.git] / fs / ecryptfs / inode.c
1 /**
2  * eCryptfs: Linux filesystem encryption layer
3  *
4  * Copyright (C) 1997-2004 Erez Zadok
5  * Copyright (C) 2001-2004 Stony Brook University
6  * Copyright (C) 2004-2007 International Business Machines Corp.
7  *   Author(s): Michael A. Halcrow <mahalcro@us.ibm.com>
8  *              Michael C. Thompsion <mcthomps@us.ibm.com>
9  *
10  * This program is free software; you can redistribute it and/or
11  * modify it under the terms of the GNU General Public License as
12  * published by the Free Software Foundation; either version 2 of the
13  * License, or (at your option) any later version.
14  *
15  * This program is distributed in the hope that it will be useful, but
16  * WITHOUT ANY WARRANTY; without even the implied warranty of
17  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
18  * General Public License for more details.
19  *
20  * You should have received a copy of the GNU General Public License
21  * along with this program; if not, write to the Free Software
22  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
23  * 02111-1307, USA.
24  */
25
26 #include <linux/file.h>
27 #include <linux/vmalloc.h>
28 #include <linux/pagemap.h>
29 #include <linux/dcache.h>
30 #include <linux/namei.h>
31 #include <linux/mount.h>
32 #include <linux/crypto.h>
33 #include <linux/fs_stack.h>
34 #include <linux/slab.h>
35 #include <linux/xattr.h>
36 #include <asm/unaligned.h>
37 #include "ecryptfs_kernel.h"
38
39 static struct dentry *lock_parent(struct dentry *dentry)
40 {
41         struct dentry *dir;
42
43         dir = dget_parent(dentry);
44         mutex_lock_nested(&(dir->d_inode->i_mutex), I_MUTEX_PARENT);
45         return dir;
46 }
47
48 static void unlock_dir(struct dentry *dir)
49 {
50         mutex_unlock(&dir->d_inode->i_mutex);
51         dput(dir);
52 }
53
54 static int ecryptfs_inode_test(struct inode *inode, void *lower_inode)
55 {
56         if (ecryptfs_inode_to_lower(inode) == (struct inode *)lower_inode)
57                 return 1;
58         return 0;
59 }
60
61 static int ecryptfs_inode_set(struct inode *inode, void *opaque)
62 {
63         struct inode *lower_inode = opaque;
64
65         ecryptfs_set_inode_lower(inode, lower_inode);
66         fsstack_copy_attr_all(inode, lower_inode);
67         /* i_size will be overwritten for encrypted regular files */
68         fsstack_copy_inode_size(inode, lower_inode);
69         inode->i_ino = lower_inode->i_ino;
70         inode->i_version++;
71         inode->i_mapping->a_ops = &ecryptfs_aops;
72
73         if (S_ISLNK(inode->i_mode))
74                 inode->i_op = &ecryptfs_symlink_iops;
75         else if (S_ISDIR(inode->i_mode))
76                 inode->i_op = &ecryptfs_dir_iops;
77         else
78                 inode->i_op = &ecryptfs_main_iops;
79
80         if (S_ISDIR(inode->i_mode))
81                 inode->i_fop = &ecryptfs_dir_fops;
82         else if (special_file(inode->i_mode))
83                 init_special_inode(inode, inode->i_mode, inode->i_rdev);
84         else
85                 inode->i_fop = &ecryptfs_main_fops;
86
87         return 0;
88 }
89
90 static struct inode *__ecryptfs_get_inode(struct inode *lower_inode,
91                                           struct super_block *sb)
92 {
93         struct inode *inode;
94
95         if (lower_inode->i_sb != ecryptfs_superblock_to_lower(sb))
96                 return ERR_PTR(-EXDEV);
97         if (!igrab(lower_inode))
98                 return ERR_PTR(-ESTALE);
99         inode = iget5_locked(sb, (unsigned long)lower_inode,
100                              ecryptfs_inode_test, ecryptfs_inode_set,
101                              lower_inode);
102         if (!inode) {
103                 iput(lower_inode);
104                 return ERR_PTR(-EACCES);
105         }
106         if (!(inode->i_state & I_NEW))
107                 iput(lower_inode);
108
109         return inode;
110 }
111
112 struct inode *ecryptfs_get_inode(struct inode *lower_inode,
113                                  struct super_block *sb)
114 {
115         struct inode *inode = __ecryptfs_get_inode(lower_inode, sb);
116
117         if (!IS_ERR(inode) && (inode->i_state & I_NEW))
118                 unlock_new_inode(inode);
119
120         return inode;
121 }
122
123 /**
124  * ecryptfs_interpose
125  * @lower_dentry: Existing dentry in the lower filesystem
126  * @dentry: ecryptfs' dentry
127  * @sb: ecryptfs's super_block
128  *
129  * Interposes upper and lower dentries.
130  *
131  * Returns zero on success; non-zero otherwise
132  */
133 static int ecryptfs_interpose(struct dentry *lower_dentry,
134                               struct dentry *dentry, struct super_block *sb)
135 {
136         struct inode *inode = ecryptfs_get_inode(lower_dentry->d_inode, sb);
137
138         if (IS_ERR(inode))
139                 return PTR_ERR(inode);
140         d_instantiate(dentry, inode);
141
142         return 0;
143 }
144
145 /**
146  * ecryptfs_create_underlying_file
147  * @lower_dir_inode: inode of the parent in the lower fs of the new file
148  * @dentry: New file's dentry
149  * @mode: The mode of the new file
150  *
151  * Creates the file in the lower file system.
152  *
153  * Returns zero on success; non-zero on error condition
154  */
155 static int
156 ecryptfs_create_underlying_file(struct inode *lower_dir_inode,
157                                 struct dentry *dentry, int mode)
158 {
159         struct dentry *lower_dentry = ecryptfs_dentry_to_lower(dentry);
160         return vfs_create(lower_dir_inode, lower_dentry, mode, NULL);
161 }
162
163 /**
164  * ecryptfs_do_create
165  * @directory_inode: inode of the new file's dentry's parent in ecryptfs
166  * @ecryptfs_dentry: New file's dentry in ecryptfs
167  * @mode: The mode of the new file
168  * @nd: nameidata of ecryptfs' parent's dentry & vfsmount
169  *
170  * Creates the underlying file and the eCryptfs inode which will link to
171  * it. It will also update the eCryptfs directory inode to mimic the
172  * stat of the lower directory inode.
173  *
174  * Returns zero on success; non-zero on error condition
175  */
176 static int
177 ecryptfs_do_create(struct inode *directory_inode,
178                    struct dentry *ecryptfs_dentry, int mode)
179 {
180         int rc;
181         struct dentry *lower_dentry;
182         struct dentry *lower_dir_dentry;
183
184         lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry);
185         lower_dir_dentry = lock_parent(lower_dentry);
186         if (IS_ERR(lower_dir_dentry)) {
187                 ecryptfs_printk(KERN_ERR, "Error locking directory of "
188                                 "dentry\n");
189                 rc = PTR_ERR(lower_dir_dentry);
190                 goto out;
191         }
192         rc = ecryptfs_create_underlying_file(lower_dir_dentry->d_inode,
193                                              ecryptfs_dentry, mode);
194         if (rc) {
195                 printk(KERN_ERR "%s: Failure to create dentry in lower fs; "
196                        "rc = [%d]\n", __func__, rc);
197                 goto out_lock;
198         }
199         rc = ecryptfs_interpose(lower_dentry, ecryptfs_dentry,
200                                 directory_inode->i_sb);
201         if (rc) {
202                 ecryptfs_printk(KERN_ERR, "Failure in ecryptfs_interpose\n");
203                 goto out_lock;
204         }
205         fsstack_copy_attr_times(directory_inode, lower_dir_dentry->d_inode);
206         fsstack_copy_inode_size(directory_inode, lower_dir_dentry->d_inode);
207 out_lock:
208         unlock_dir(lower_dir_dentry);
209 out:
210         return rc;
211 }
212
213 /**
214  * ecryptfs_initialize_file
215  *
216  * Cause the file to be changed from a basic empty file to an ecryptfs
217  * file with a header and first data page.
218  *
219  * Returns zero on success
220  */
221 static int ecryptfs_initialize_file(struct dentry *ecryptfs_dentry)
222 {
223         struct ecryptfs_crypt_stat *crypt_stat =
224                 &ecryptfs_inode_to_private(ecryptfs_dentry->d_inode)->crypt_stat;
225         int rc = 0;
226
227         if (S_ISDIR(ecryptfs_dentry->d_inode->i_mode)) {
228                 ecryptfs_printk(KERN_DEBUG, "This is a directory\n");
229                 crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
230                 goto out;
231         }
232         ecryptfs_printk(KERN_DEBUG, "Initializing crypto context\n");
233         rc = ecryptfs_new_file_context(ecryptfs_dentry);
234         if (rc) {
235                 ecryptfs_printk(KERN_ERR, "Error creating new file "
236                                 "context; rc = [%d]\n", rc);
237                 goto out;
238         }
239         rc = ecryptfs_get_lower_file(ecryptfs_dentry,
240                                      ecryptfs_dentry->d_inode);
241         if (rc) {
242                 printk(KERN_ERR "%s: Error attempting to initialize "
243                         "the lower file for the dentry with name "
244                         "[%s]; rc = [%d]\n", __func__,
245                         ecryptfs_dentry->d_name.name, rc);
246                 goto out;
247         }
248         rc = ecryptfs_write_metadata(ecryptfs_dentry);
249         if (rc)
250                 printk(KERN_ERR "Error writing headers; rc = [%d]\n", rc);
251         ecryptfs_put_lower_file(ecryptfs_dentry->d_inode);
252 out:
253         return rc;
254 }
255
256 /**
257  * ecryptfs_create
258  * @dir: The inode of the directory in which to create the file.
259  * @dentry: The eCryptfs dentry
260  * @mode: The mode of the new file.
261  * @nd: nameidata
262  *
263  * Creates a new file.
264  *
265  * Returns zero on success; non-zero on error condition
266  */
267 static int
268 ecryptfs_create(struct inode *directory_inode, struct dentry *ecryptfs_dentry,
269                 int mode, struct nameidata *nd)
270 {
271         int rc;
272
273         /* ecryptfs_do_create() calls ecryptfs_interpose() */
274         rc = ecryptfs_do_create(directory_inode, ecryptfs_dentry, mode);
275         if (unlikely(rc)) {
276                 ecryptfs_printk(KERN_WARNING, "Failed to create file in"
277                                 "lower filesystem\n");
278                 goto out;
279         }
280         /* At this point, a file exists on "disk"; we need to make sure
281          * that this on disk file is prepared to be an ecryptfs file */
282         rc = ecryptfs_initialize_file(ecryptfs_dentry);
283 out:
284         return rc;
285 }
286
287 static int ecryptfs_i_size_read(struct dentry *dentry, struct inode *inode)
288 {
289         struct ecryptfs_crypt_stat *crypt_stat;
290         int rc;
291
292         rc = ecryptfs_get_lower_file(dentry, inode);
293         if (rc) {
294                 printk(KERN_ERR "%s: Error attempting to initialize "
295                         "the lower file for the dentry with name "
296                         "[%s]; rc = [%d]\n", __func__,
297                         dentry->d_name.name, rc);
298                 return rc;
299         }
300
301         crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat;
302         /* TODO: lock for crypt_stat comparison */
303         if (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED))
304                 ecryptfs_set_default_sizes(crypt_stat);
305
306         rc = ecryptfs_read_and_validate_header_region(inode);
307         ecryptfs_put_lower_file(inode);
308         if (rc) {
309                 rc = ecryptfs_read_and_validate_xattr_region(dentry, inode);
310                 if (!rc)
311                         crypt_stat->flags |= ECRYPTFS_METADATA_IN_XATTR;
312         }
313
314         /* Must return 0 to allow non-eCryptfs files to be looked up, too */
315         return 0;
316 }
317
318 /**
319  * ecryptfs_lookup_interpose - Dentry interposition for a lookup
320  */
321 static int ecryptfs_lookup_interpose(struct dentry *dentry,
322                                      struct dentry *lower_dentry,
323                                      struct inode *dir_inode)
324 {
325         struct inode *inode, *lower_inode = lower_dentry->d_inode;
326         struct ecryptfs_dentry_info *dentry_info;
327         struct vfsmount *lower_mnt;
328         int rc = 0;
329
330         lower_mnt = mntget(ecryptfs_dentry_to_lower_mnt(dentry->d_parent));
331         fsstack_copy_attr_atime(dir_inode, lower_dentry->d_parent->d_inode);
332         BUG_ON(!lower_dentry->d_count);
333
334         dentry_info = kmem_cache_alloc(ecryptfs_dentry_info_cache, GFP_KERNEL);
335         ecryptfs_set_dentry_private(dentry, dentry_info);
336         if (!dentry_info) {
337                 printk(KERN_ERR "%s: Out of memory whilst attempting "
338                        "to allocate ecryptfs_dentry_info struct\n",
339                         __func__);
340                 dput(lower_dentry);
341                 mntput(lower_mnt);
342                 d_drop(dentry);
343                 return -ENOMEM;
344         }
345         ecryptfs_set_dentry_lower(dentry, lower_dentry);
346         ecryptfs_set_dentry_lower_mnt(dentry, lower_mnt);
347
348         if (!lower_dentry->d_inode) {
349                 /* We want to add because we couldn't find in lower */
350                 d_add(dentry, NULL);
351                 return 0;
352         }
353         inode = __ecryptfs_get_inode(lower_inode, dir_inode->i_sb);
354         if (IS_ERR(inode)) {
355                 printk(KERN_ERR "%s: Error interposing; rc = [%ld]\n",
356                        __func__, PTR_ERR(inode));
357                 return PTR_ERR(inode);
358         }
359         if (S_ISREG(inode->i_mode)) {
360                 rc = ecryptfs_i_size_read(dentry, inode);
361                 if (rc) {
362                         make_bad_inode(inode);
363                         return rc;
364                 }
365         }
366
367         if (inode->i_state & I_NEW)
368                 unlock_new_inode(inode);
369         d_add(dentry, inode);
370
371         return rc;
372 }
373
374 /**
375  * ecryptfs_lookup
376  * @ecryptfs_dir_inode: The eCryptfs directory inode
377  * @ecryptfs_dentry: The eCryptfs dentry that we are looking up
378  * @ecryptfs_nd: nameidata; may be NULL
379  *
380  * Find a file on disk. If the file does not exist, then we'll add it to the
381  * dentry cache and continue on to read it from the disk.
382  */
383 static struct dentry *ecryptfs_lookup(struct inode *ecryptfs_dir_inode,
384                                       struct dentry *ecryptfs_dentry,
385                                       struct nameidata *ecryptfs_nd)
386 {
387         char *encrypted_and_encoded_name = NULL;
388         size_t encrypted_and_encoded_name_size;
389         struct ecryptfs_mount_crypt_stat *mount_crypt_stat = NULL;
390         struct dentry *lower_dir_dentry, *lower_dentry;
391         int rc = 0;
392
393         if ((ecryptfs_dentry->d_name.len == 1
394              && !strcmp(ecryptfs_dentry->d_name.name, "."))
395             || (ecryptfs_dentry->d_name.len == 2
396                 && !strcmp(ecryptfs_dentry->d_name.name, ".."))) {
397                 goto out_d_drop;
398         }
399         lower_dir_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry->d_parent);
400         mutex_lock(&lower_dir_dentry->d_inode->i_mutex);
401         lower_dentry = lookup_one_len(ecryptfs_dentry->d_name.name,
402                                       lower_dir_dentry,
403                                       ecryptfs_dentry->d_name.len);
404         mutex_unlock(&lower_dir_dentry->d_inode->i_mutex);
405         if (IS_ERR(lower_dentry)) {
406                 rc = PTR_ERR(lower_dentry);
407                 ecryptfs_printk(KERN_DEBUG, "%s: lookup_one_len() returned "
408                                 "[%d] on lower_dentry = [%s]\n", __func__, rc,
409                                 encrypted_and_encoded_name);
410                 goto out_d_drop;
411         }
412         if (lower_dentry->d_inode)
413                 goto interpose;
414         mount_crypt_stat = &ecryptfs_superblock_to_private(
415                                 ecryptfs_dentry->d_sb)->mount_crypt_stat;
416         if (!(mount_crypt_stat
417             && (mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES)))
418                 goto interpose;
419         dput(lower_dentry);
420         rc = ecryptfs_encrypt_and_encode_filename(
421                 &encrypted_and_encoded_name, &encrypted_and_encoded_name_size,
422                 NULL, mount_crypt_stat, ecryptfs_dentry->d_name.name,
423                 ecryptfs_dentry->d_name.len);
424         if (rc) {
425                 printk(KERN_ERR "%s: Error attempting to encrypt and encode "
426                        "filename; rc = [%d]\n", __func__, rc);
427                 goto out_d_drop;
428         }
429         mutex_lock(&lower_dir_dentry->d_inode->i_mutex);
430         lower_dentry = lookup_one_len(encrypted_and_encoded_name,
431                                       lower_dir_dentry,
432                                       encrypted_and_encoded_name_size);
433         mutex_unlock(&lower_dir_dentry->d_inode->i_mutex);
434         if (IS_ERR(lower_dentry)) {
435                 rc = PTR_ERR(lower_dentry);
436                 ecryptfs_printk(KERN_DEBUG, "%s: lookup_one_len() returned "
437                                 "[%d] on lower_dentry = [%s]\n", __func__, rc,
438                                 encrypted_and_encoded_name);
439                 goto out_d_drop;
440         }
441 interpose:
442         rc = ecryptfs_lookup_interpose(ecryptfs_dentry, lower_dentry,
443                                        ecryptfs_dir_inode);
444         goto out;
445 out_d_drop:
446         d_drop(ecryptfs_dentry);
447 out:
448         kfree(encrypted_and_encoded_name);
449         return ERR_PTR(rc);
450 }
451
452 static int ecryptfs_link(struct dentry *old_dentry, struct inode *dir,
453                          struct dentry *new_dentry)
454 {
455         struct dentry *lower_old_dentry;
456         struct dentry *lower_new_dentry;
457         struct dentry *lower_dir_dentry;
458         u64 file_size_save;
459         int rc;
460
461         file_size_save = i_size_read(old_dentry->d_inode);
462         lower_old_dentry = ecryptfs_dentry_to_lower(old_dentry);
463         lower_new_dentry = ecryptfs_dentry_to_lower(new_dentry);
464         dget(lower_old_dentry);
465         dget(lower_new_dentry);
466         lower_dir_dentry = lock_parent(lower_new_dentry);
467         rc = vfs_link(lower_old_dentry, lower_dir_dentry->d_inode,
468                       lower_new_dentry);
469         if (rc || !lower_new_dentry->d_inode)
470                 goto out_lock;
471         rc = ecryptfs_interpose(lower_new_dentry, new_dentry, dir->i_sb);
472         if (rc)
473                 goto out_lock;
474         fsstack_copy_attr_times(dir, lower_dir_dentry->d_inode);
475         fsstack_copy_inode_size(dir, lower_dir_dentry->d_inode);
476         old_dentry->d_inode->i_nlink =
477                 ecryptfs_inode_to_lower(old_dentry->d_inode)->i_nlink;
478         i_size_write(new_dentry->d_inode, file_size_save);
479 out_lock:
480         unlock_dir(lower_dir_dentry);
481         dput(lower_new_dentry);
482         dput(lower_old_dentry);
483         return rc;
484 }
485
486 static int ecryptfs_unlink(struct inode *dir, struct dentry *dentry)
487 {
488         int rc = 0;
489         struct dentry *lower_dentry = ecryptfs_dentry_to_lower(dentry);
490         struct inode *lower_dir_inode = ecryptfs_inode_to_lower(dir);
491         struct dentry *lower_dir_dentry;
492
493         dget(lower_dentry);
494         lower_dir_dentry = lock_parent(lower_dentry);
495         rc = vfs_unlink(lower_dir_inode, lower_dentry);
496         if (rc) {
497                 printk(KERN_ERR "Error in vfs_unlink; rc = [%d]\n", rc);
498                 goto out_unlock;
499         }
500         fsstack_copy_attr_times(dir, lower_dir_inode);
501         dentry->d_inode->i_nlink =
502                 ecryptfs_inode_to_lower(dentry->d_inode)->i_nlink;
503         dentry->d_inode->i_ctime = dir->i_ctime;
504         d_drop(dentry);
505 out_unlock:
506         unlock_dir(lower_dir_dentry);
507         dput(lower_dentry);
508         return rc;
509 }
510
511 static int ecryptfs_symlink(struct inode *dir, struct dentry *dentry,
512                             const char *symname)
513 {
514         int rc;
515         struct dentry *lower_dentry;
516         struct dentry *lower_dir_dentry;
517         char *encoded_symname;
518         size_t encoded_symlen;
519         struct ecryptfs_mount_crypt_stat *mount_crypt_stat = NULL;
520
521         lower_dentry = ecryptfs_dentry_to_lower(dentry);
522         dget(lower_dentry);
523         lower_dir_dentry = lock_parent(lower_dentry);
524         mount_crypt_stat = &ecryptfs_superblock_to_private(
525                 dir->i_sb)->mount_crypt_stat;
526         rc = ecryptfs_encrypt_and_encode_filename(&encoded_symname,
527                                                   &encoded_symlen,
528                                                   NULL,
529                                                   mount_crypt_stat, symname,
530                                                   strlen(symname));
531         if (rc)
532                 goto out_lock;
533         rc = vfs_symlink(lower_dir_dentry->d_inode, lower_dentry,
534                          encoded_symname);
535         kfree(encoded_symname);
536         if (rc || !lower_dentry->d_inode)
537                 goto out_lock;
538         rc = ecryptfs_interpose(lower_dentry, dentry, dir->i_sb);
539         if (rc)
540                 goto out_lock;
541         fsstack_copy_attr_times(dir, lower_dir_dentry->d_inode);
542         fsstack_copy_inode_size(dir, lower_dir_dentry->d_inode);
543 out_lock:
544         unlock_dir(lower_dir_dentry);
545         dput(lower_dentry);
546         if (!dentry->d_inode)
547                 d_drop(dentry);
548         return rc;
549 }
550
551 static int ecryptfs_mkdir(struct inode *dir, struct dentry *dentry, int mode)
552 {
553         int rc;
554         struct dentry *lower_dentry;
555         struct dentry *lower_dir_dentry;
556
557         lower_dentry = ecryptfs_dentry_to_lower(dentry);
558         lower_dir_dentry = lock_parent(lower_dentry);
559         rc = vfs_mkdir(lower_dir_dentry->d_inode, lower_dentry, mode);
560         if (rc || !lower_dentry->d_inode)
561                 goto out;
562         rc = ecryptfs_interpose(lower_dentry, dentry, dir->i_sb);
563         if (rc)
564                 goto out;
565         fsstack_copy_attr_times(dir, lower_dir_dentry->d_inode);
566         fsstack_copy_inode_size(dir, lower_dir_dentry->d_inode);
567         dir->i_nlink = lower_dir_dentry->d_inode->i_nlink;
568 out:
569         unlock_dir(lower_dir_dentry);
570         if (!dentry->d_inode)
571                 d_drop(dentry);
572         return rc;
573 }
574
575 static int ecryptfs_rmdir(struct inode *dir, struct dentry *dentry)
576 {
577         struct dentry *lower_dentry;
578         struct dentry *lower_dir_dentry;
579         int rc;
580
581         lower_dentry = ecryptfs_dentry_to_lower(dentry);
582         dget(dentry);
583         lower_dir_dentry = lock_parent(lower_dentry);
584         dget(lower_dentry);
585         rc = vfs_rmdir(lower_dir_dentry->d_inode, lower_dentry);
586         dput(lower_dentry);
587         if (!rc && dentry->d_inode)
588                 clear_nlink(dentry->d_inode);
589         fsstack_copy_attr_times(dir, lower_dir_dentry->d_inode);
590         dir->i_nlink = lower_dir_dentry->d_inode->i_nlink;
591         unlock_dir(lower_dir_dentry);
592         if (!rc)
593                 d_drop(dentry);
594         dput(dentry);
595         return rc;
596 }
597
598 static int
599 ecryptfs_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
600 {
601         int rc;
602         struct dentry *lower_dentry;
603         struct dentry *lower_dir_dentry;
604
605         lower_dentry = ecryptfs_dentry_to_lower(dentry);
606         lower_dir_dentry = lock_parent(lower_dentry);
607         rc = vfs_mknod(lower_dir_dentry->d_inode, lower_dentry, mode, dev);
608         if (rc || !lower_dentry->d_inode)
609                 goto out;
610         rc = ecryptfs_interpose(lower_dentry, dentry, dir->i_sb);
611         if (rc)
612                 goto out;
613         fsstack_copy_attr_times(dir, lower_dir_dentry->d_inode);
614         fsstack_copy_inode_size(dir, lower_dir_dentry->d_inode);
615 out:
616         unlock_dir(lower_dir_dentry);
617         if (!dentry->d_inode)
618                 d_drop(dentry);
619         return rc;
620 }
621
622 static int
623 ecryptfs_rename(struct inode *old_dir, struct dentry *old_dentry,
624                 struct inode *new_dir, struct dentry *new_dentry)
625 {
626         int rc;
627         struct dentry *lower_old_dentry;
628         struct dentry *lower_new_dentry;
629         struct dentry *lower_old_dir_dentry;
630         struct dentry *lower_new_dir_dentry;
631         struct dentry *trap = NULL;
632
633         lower_old_dentry = ecryptfs_dentry_to_lower(old_dentry);
634         lower_new_dentry = ecryptfs_dentry_to_lower(new_dentry);
635         dget(lower_old_dentry);
636         dget(lower_new_dentry);
637         lower_old_dir_dentry = dget_parent(lower_old_dentry);
638         lower_new_dir_dentry = dget_parent(lower_new_dentry);
639         trap = lock_rename(lower_old_dir_dentry, lower_new_dir_dentry);
640         /* source should not be ancestor of target */
641         if (trap == lower_old_dentry) {
642                 rc = -EINVAL;
643                 goto out_lock;
644         }
645         /* target should not be ancestor of source */
646         if (trap == lower_new_dentry) {
647                 rc = -ENOTEMPTY;
648                 goto out_lock;
649         }
650         rc = vfs_rename(lower_old_dir_dentry->d_inode, lower_old_dentry,
651                         lower_new_dir_dentry->d_inode, lower_new_dentry);
652         if (rc)
653                 goto out_lock;
654         fsstack_copy_attr_all(new_dir, lower_new_dir_dentry->d_inode);
655         if (new_dir != old_dir)
656                 fsstack_copy_attr_all(old_dir, lower_old_dir_dentry->d_inode);
657 out_lock:
658         unlock_rename(lower_old_dir_dentry, lower_new_dir_dentry);
659         dput(lower_new_dir_dentry);
660         dput(lower_old_dir_dentry);
661         dput(lower_new_dentry);
662         dput(lower_old_dentry);
663         return rc;
664 }
665
666 static int ecryptfs_readlink_lower(struct dentry *dentry, char **buf,
667                                    size_t *bufsiz)
668 {
669         struct dentry *lower_dentry = ecryptfs_dentry_to_lower(dentry);
670         char *lower_buf;
671         size_t lower_bufsiz = PATH_MAX;
672         mm_segment_t old_fs;
673         int rc;
674
675         lower_buf = kmalloc(lower_bufsiz, GFP_KERNEL);
676         if (!lower_buf) {
677                 rc = -ENOMEM;
678                 goto out;
679         }
680         old_fs = get_fs();
681         set_fs(get_ds());
682         rc = lower_dentry->d_inode->i_op->readlink(lower_dentry,
683                                                    (char __user *)lower_buf,
684                                                    lower_bufsiz);
685         set_fs(old_fs);
686         if (rc < 0)
687                 goto out;
688         lower_bufsiz = rc;
689         rc = ecryptfs_decode_and_decrypt_filename(buf, bufsiz, dentry,
690                                                   lower_buf, lower_bufsiz);
691 out:
692         kfree(lower_buf);
693         return rc;
694 }
695
696 static int
697 ecryptfs_readlink(struct dentry *dentry, char __user *buf, int bufsiz)
698 {
699         char *kbuf;
700         size_t kbufsiz, copied;
701         int rc;
702
703         rc = ecryptfs_readlink_lower(dentry, &kbuf, &kbufsiz);
704         if (rc)
705                 goto out;
706         copied = min_t(size_t, bufsiz, kbufsiz);
707         rc = copy_to_user(buf, kbuf, copied) ? -EFAULT : copied;
708         kfree(kbuf);
709         fsstack_copy_attr_atime(dentry->d_inode,
710                                 ecryptfs_dentry_to_lower(dentry)->d_inode);
711 out:
712         return rc;
713 }
714
715 static void *ecryptfs_follow_link(struct dentry *dentry, struct nameidata *nd)
716 {
717         char *buf;
718         int len = PAGE_SIZE, rc;
719         mm_segment_t old_fs;
720
721         /* Released in ecryptfs_put_link(); only release here on error */
722         buf = kmalloc(len, GFP_KERNEL);
723         if (!buf) {
724                 buf = ERR_PTR(-ENOMEM);
725                 goto out;
726         }
727         old_fs = get_fs();
728         set_fs(get_ds());
729         rc = dentry->d_inode->i_op->readlink(dentry, (char __user *)buf, len);
730         set_fs(old_fs);
731         if (rc < 0) {
732                 kfree(buf);
733                 buf = ERR_PTR(rc);
734         } else
735                 buf[rc] = '\0';
736 out:
737         nd_set_link(nd, buf);
738         return NULL;
739 }
740
741 static void
742 ecryptfs_put_link(struct dentry *dentry, struct nameidata *nd, void *ptr)
743 {
744         char *buf = nd_get_link(nd);
745         if (!IS_ERR(buf)) {
746                 /* Free the char* */
747                 kfree(buf);
748         }
749 }
750
751 /**
752  * upper_size_to_lower_size
753  * @crypt_stat: Crypt_stat associated with file
754  * @upper_size: Size of the upper file
755  *
756  * Calculate the required size of the lower file based on the
757  * specified size of the upper file. This calculation is based on the
758  * number of headers in the underlying file and the extent size.
759  *
760  * Returns Calculated size of the lower file.
761  */
762 static loff_t
763 upper_size_to_lower_size(struct ecryptfs_crypt_stat *crypt_stat,
764                          loff_t upper_size)
765 {
766         loff_t lower_size;
767
768         lower_size = ecryptfs_lower_header_size(crypt_stat);
769         if (upper_size != 0) {
770                 loff_t num_extents;
771
772                 num_extents = upper_size >> crypt_stat->extent_shift;
773                 if (upper_size & ~crypt_stat->extent_mask)
774                         num_extents++;
775                 lower_size += (num_extents * crypt_stat->extent_size);
776         }
777         return lower_size;
778 }
779
780 /**
781  * truncate_upper
782  * @dentry: The ecryptfs layer dentry
783  * @ia: Address of the ecryptfs inode's attributes
784  * @lower_ia: Address of the lower inode's attributes
785  *
786  * Function to handle truncations modifying the size of the file. Note
787  * that the file sizes are interpolated. When expanding, we are simply
788  * writing strings of 0's out. When truncating, we truncate the upper
789  * inode and update the lower_ia according to the page index
790  * interpolations. If ATTR_SIZE is set in lower_ia->ia_valid upon return,
791  * the caller must use lower_ia in a call to notify_change() to perform
792  * the truncation of the lower inode.
793  *
794  * Returns zero on success; non-zero otherwise
795  */
796 static int truncate_upper(struct dentry *dentry, struct iattr *ia,
797                           struct iattr *lower_ia)
798 {
799         int rc = 0;
800         struct inode *inode = dentry->d_inode;
801         struct ecryptfs_crypt_stat *crypt_stat;
802         loff_t i_size = i_size_read(inode);
803         loff_t lower_size_before_truncate;
804         loff_t lower_size_after_truncate;
805
806         if (unlikely((ia->ia_size == i_size))) {
807                 lower_ia->ia_valid &= ~ATTR_SIZE;
808                 return 0;
809         }
810         rc = ecryptfs_get_lower_file(dentry, inode);
811         if (rc)
812                 return rc;
813         crypt_stat = &ecryptfs_inode_to_private(dentry->d_inode)->crypt_stat;
814         /* Switch on growing or shrinking file */
815         if (ia->ia_size > i_size) {
816                 char zero[] = { 0x00 };
817
818                 lower_ia->ia_valid &= ~ATTR_SIZE;
819                 /* Write a single 0 at the last position of the file;
820                  * this triggers code that will fill in 0's throughout
821                  * the intermediate portion of the previous end of the
822                  * file and the new and of the file */
823                 rc = ecryptfs_write(inode, zero,
824                                     (ia->ia_size - 1), 1);
825         } else { /* ia->ia_size < i_size_read(inode) */
826                 /* We're chopping off all the pages down to the page
827                  * in which ia->ia_size is located. Fill in the end of
828                  * that page from (ia->ia_size & ~PAGE_CACHE_MASK) to
829                  * PAGE_CACHE_SIZE with zeros. */
830                 size_t num_zeros = (PAGE_CACHE_SIZE
831                                     - (ia->ia_size & ~PAGE_CACHE_MASK));
832
833
834                 /*
835                  * XXX(truncate) this should really happen at the begginning
836                  * of ->setattr.  But the code is too messy to that as part
837                  * of a larger patch.  ecryptfs is also totally missing out
838                  * on the inode_change_ok check at the beginning of
839                  * ->setattr while would include this.
840                  */
841                 rc = inode_newsize_ok(inode, ia->ia_size);
842                 if (rc)
843                         goto out;
844
845                 if (!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) {
846                         truncate_setsize(inode, ia->ia_size);
847                         lower_ia->ia_size = ia->ia_size;
848                         lower_ia->ia_valid |= ATTR_SIZE;
849                         goto out;
850                 }
851                 if (num_zeros) {
852                         char *zeros_virt;
853
854                         zeros_virt = kzalloc(num_zeros, GFP_KERNEL);
855                         if (!zeros_virt) {
856                                 rc = -ENOMEM;
857                                 goto out;
858                         }
859                         rc = ecryptfs_write(inode, zeros_virt,
860                                             ia->ia_size, num_zeros);
861                         kfree(zeros_virt);
862                         if (rc) {
863                                 printk(KERN_ERR "Error attempting to zero out "
864                                        "the remainder of the end page on "
865                                        "reducing truncate; rc = [%d]\n", rc);
866                                 goto out;
867                         }
868                 }
869                 truncate_setsize(inode, ia->ia_size);
870                 rc = ecryptfs_write_inode_size_to_metadata(inode);
871                 if (rc) {
872                         printk(KERN_ERR "Problem with "
873                                "ecryptfs_write_inode_size_to_metadata; "
874                                "rc = [%d]\n", rc);
875                         goto out;
876                 }
877                 /* We are reducing the size of the ecryptfs file, and need to
878                  * know if we need to reduce the size of the lower file. */
879                 lower_size_before_truncate =
880                     upper_size_to_lower_size(crypt_stat, i_size);
881                 lower_size_after_truncate =
882                     upper_size_to_lower_size(crypt_stat, ia->ia_size);
883                 if (lower_size_after_truncate < lower_size_before_truncate) {
884                         lower_ia->ia_size = lower_size_after_truncate;
885                         lower_ia->ia_valid |= ATTR_SIZE;
886                 } else
887                         lower_ia->ia_valid &= ~ATTR_SIZE;
888         }
889 out:
890         ecryptfs_put_lower_file(inode);
891         return rc;
892 }
893
894 /**
895  * ecryptfs_truncate
896  * @dentry: The ecryptfs layer dentry
897  * @new_length: The length to expand the file to
898  *
899  * Simple function that handles the truncation of an eCryptfs inode and
900  * its corresponding lower inode.
901  *
902  * Returns zero on success; non-zero otherwise
903  */
904 int ecryptfs_truncate(struct dentry *dentry, loff_t new_length)
905 {
906         struct iattr ia = { .ia_valid = ATTR_SIZE, .ia_size = new_length };
907         struct iattr lower_ia = { .ia_valid = 0 };
908         int rc;
909
910         rc = truncate_upper(dentry, &ia, &lower_ia);
911         if (!rc && lower_ia.ia_valid & ATTR_SIZE) {
912                 struct dentry *lower_dentry = ecryptfs_dentry_to_lower(dentry);
913
914                 mutex_lock(&lower_dentry->d_inode->i_mutex);
915                 rc = notify_change(lower_dentry, &lower_ia);
916                 mutex_unlock(&lower_dentry->d_inode->i_mutex);
917         }
918         return rc;
919 }
920
921 static int
922 ecryptfs_permission(struct inode *inode, int mask)
923 {
924         return inode_permission(ecryptfs_inode_to_lower(inode), mask);
925 }
926
927 /**
928  * ecryptfs_setattr
929  * @dentry: dentry handle to the inode to modify
930  * @ia: Structure with flags of what to change and values
931  *
932  * Updates the metadata of an inode. If the update is to the size
933  * i.e. truncation, then ecryptfs_truncate will handle the size modification
934  * of both the ecryptfs inode and the lower inode.
935  *
936  * All other metadata changes will be passed right to the lower filesystem,
937  * and we will just update our inode to look like the lower.
938  */
939 static int ecryptfs_setattr(struct dentry *dentry, struct iattr *ia)
940 {
941         int rc = 0;
942         struct dentry *lower_dentry;
943         struct iattr lower_ia;
944         struct inode *inode;
945         struct inode *lower_inode;
946         struct ecryptfs_crypt_stat *crypt_stat;
947
948         crypt_stat = &ecryptfs_inode_to_private(dentry->d_inode)->crypt_stat;
949         if (!(crypt_stat->flags & ECRYPTFS_STRUCT_INITIALIZED))
950                 ecryptfs_init_crypt_stat(crypt_stat);
951         inode = dentry->d_inode;
952         lower_inode = ecryptfs_inode_to_lower(inode);
953         lower_dentry = ecryptfs_dentry_to_lower(dentry);
954         mutex_lock(&crypt_stat->cs_mutex);
955         if (S_ISDIR(dentry->d_inode->i_mode))
956                 crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
957         else if (S_ISREG(dentry->d_inode->i_mode)
958                  && (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED)
959                      || !(crypt_stat->flags & ECRYPTFS_KEY_VALID))) {
960                 struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
961
962                 mount_crypt_stat = &ecryptfs_superblock_to_private(
963                         dentry->d_sb)->mount_crypt_stat;
964                 rc = ecryptfs_get_lower_file(dentry, inode);
965                 if (rc) {
966                         mutex_unlock(&crypt_stat->cs_mutex);
967                         goto out;
968                 }
969                 rc = ecryptfs_read_metadata(dentry);
970                 ecryptfs_put_lower_file(inode);
971                 if (rc) {
972                         if (!(mount_crypt_stat->flags
973                               & ECRYPTFS_PLAINTEXT_PASSTHROUGH_ENABLED)) {
974                                 rc = -EIO;
975                                 printk(KERN_WARNING "Either the lower file "
976                                        "is not in a valid eCryptfs format, "
977                                        "or the key could not be retrieved. "
978                                        "Plaintext passthrough mode is not "
979                                        "enabled; returning -EIO\n");
980                                 mutex_unlock(&crypt_stat->cs_mutex);
981                                 goto out;
982                         }
983                         rc = 0;
984                         crypt_stat->flags &= ~(ECRYPTFS_I_SIZE_INITIALIZED
985                                                | ECRYPTFS_ENCRYPTED);
986                 }
987         }
988         mutex_unlock(&crypt_stat->cs_mutex);
989         if (S_ISREG(inode->i_mode)) {
990                 rc = filemap_write_and_wait(inode->i_mapping);
991                 if (rc)
992                         goto out;
993                 fsstack_copy_attr_all(inode, lower_inode);
994         }
995         memcpy(&lower_ia, ia, sizeof(lower_ia));
996         if (ia->ia_valid & ATTR_FILE)
997                 lower_ia.ia_file = ecryptfs_file_to_lower(ia->ia_file);
998         if (ia->ia_valid & ATTR_SIZE) {
999                 rc = truncate_upper(dentry, ia, &lower_ia);
1000                 if (rc < 0)
1001                         goto out;
1002         }
1003
1004         /*
1005          * mode change is for clearing setuid/setgid bits. Allow lower fs
1006          * to interpret this in its own way.
1007          */
1008         if (lower_ia.ia_valid & (ATTR_KILL_SUID | ATTR_KILL_SGID))
1009                 lower_ia.ia_valid &= ~ATTR_MODE;
1010
1011         mutex_lock(&lower_dentry->d_inode->i_mutex);
1012         rc = notify_change(lower_dentry, &lower_ia);
1013         mutex_unlock(&lower_dentry->d_inode->i_mutex);
1014 out:
1015         fsstack_copy_attr_all(inode, lower_inode);
1016         return rc;
1017 }
1018
1019 int ecryptfs_getattr_link(struct vfsmount *mnt, struct dentry *dentry,
1020                           struct kstat *stat)
1021 {
1022         struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
1023         int rc = 0;
1024
1025         mount_crypt_stat = &ecryptfs_superblock_to_private(
1026                                                 dentry->d_sb)->mount_crypt_stat;
1027         generic_fillattr(dentry->d_inode, stat);
1028         if (mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES) {
1029                 char *target;
1030                 size_t targetsiz;
1031
1032                 rc = ecryptfs_readlink_lower(dentry, &target, &targetsiz);
1033                 if (!rc) {
1034                         kfree(target);
1035                         stat->size = targetsiz;
1036                 }
1037         }
1038         return rc;
1039 }
1040
1041 int ecryptfs_getattr(struct vfsmount *mnt, struct dentry *dentry,
1042                      struct kstat *stat)
1043 {
1044         struct kstat lower_stat;
1045         int rc;
1046
1047         rc = vfs_getattr(ecryptfs_dentry_to_lower_mnt(dentry),
1048                          ecryptfs_dentry_to_lower(dentry), &lower_stat);
1049         if (!rc) {
1050                 fsstack_copy_attr_all(dentry->d_inode,
1051                                       ecryptfs_inode_to_lower(dentry->d_inode));
1052                 generic_fillattr(dentry->d_inode, stat);
1053                 stat->blocks = lower_stat.blocks;
1054         }
1055         return rc;
1056 }
1057
1058 int
1059 ecryptfs_setxattr(struct dentry *dentry, const char *name, const void *value,
1060                   size_t size, int flags)
1061 {
1062         int rc = 0;
1063         struct dentry *lower_dentry;
1064
1065         lower_dentry = ecryptfs_dentry_to_lower(dentry);
1066         if (!lower_dentry->d_inode->i_op->setxattr) {
1067                 rc = -EOPNOTSUPP;
1068                 goto out;
1069         }
1070
1071         rc = vfs_setxattr(lower_dentry, name, value, size, flags);
1072 out:
1073         return rc;
1074 }
1075
1076 ssize_t
1077 ecryptfs_getxattr_lower(struct dentry *lower_dentry, const char *name,
1078                         void *value, size_t size)
1079 {
1080         int rc = 0;
1081
1082         if (!lower_dentry->d_inode->i_op->getxattr) {
1083                 rc = -EOPNOTSUPP;
1084                 goto out;
1085         }
1086         mutex_lock(&lower_dentry->d_inode->i_mutex);
1087         rc = lower_dentry->d_inode->i_op->getxattr(lower_dentry, name, value,
1088                                                    size);
1089         mutex_unlock(&lower_dentry->d_inode->i_mutex);
1090 out:
1091         return rc;
1092 }
1093
1094 static ssize_t
1095 ecryptfs_getxattr(struct dentry *dentry, const char *name, void *value,
1096                   size_t size)
1097 {
1098         return ecryptfs_getxattr_lower(ecryptfs_dentry_to_lower(dentry), name,
1099                                        value, size);
1100 }
1101
1102 static ssize_t
1103 ecryptfs_listxattr(struct dentry *dentry, char *list, size_t size)
1104 {
1105         int rc = 0;
1106         struct dentry *lower_dentry;
1107
1108         lower_dentry = ecryptfs_dentry_to_lower(dentry);
1109         if (!lower_dentry->d_inode->i_op->listxattr) {
1110                 rc = -EOPNOTSUPP;
1111                 goto out;
1112         }
1113         mutex_lock(&lower_dentry->d_inode->i_mutex);
1114         rc = lower_dentry->d_inode->i_op->listxattr(lower_dentry, list, size);
1115         mutex_unlock(&lower_dentry->d_inode->i_mutex);
1116 out:
1117         return rc;
1118 }
1119
1120 static int ecryptfs_removexattr(struct dentry *dentry, const char *name)
1121 {
1122         int rc = 0;
1123         struct dentry *lower_dentry;
1124
1125         lower_dentry = ecryptfs_dentry_to_lower(dentry);
1126         if (!lower_dentry->d_inode->i_op->removexattr) {
1127                 rc = -EOPNOTSUPP;
1128                 goto out;
1129         }
1130         mutex_lock(&lower_dentry->d_inode->i_mutex);
1131         rc = lower_dentry->d_inode->i_op->removexattr(lower_dentry, name);
1132         mutex_unlock(&lower_dentry->d_inode->i_mutex);
1133 out:
1134         return rc;
1135 }
1136
1137 const struct inode_operations ecryptfs_symlink_iops = {
1138         .readlink = ecryptfs_readlink,
1139         .follow_link = ecryptfs_follow_link,
1140         .put_link = ecryptfs_put_link,
1141         .permission = ecryptfs_permission,
1142         .setattr = ecryptfs_setattr,
1143         .getattr = ecryptfs_getattr_link,
1144         .setxattr = ecryptfs_setxattr,
1145         .getxattr = ecryptfs_getxattr,
1146         .listxattr = ecryptfs_listxattr,
1147         .removexattr = ecryptfs_removexattr
1148 };
1149
1150 const struct inode_operations ecryptfs_dir_iops = {
1151         .create = ecryptfs_create,
1152         .lookup = ecryptfs_lookup,
1153         .link = ecryptfs_link,
1154         .unlink = ecryptfs_unlink,
1155         .symlink = ecryptfs_symlink,
1156         .mkdir = ecryptfs_mkdir,
1157         .rmdir = ecryptfs_rmdir,
1158         .mknod = ecryptfs_mknod,
1159         .rename = ecryptfs_rename,
1160         .permission = ecryptfs_permission,
1161         .setattr = ecryptfs_setattr,
1162         .setxattr = ecryptfs_setxattr,
1163         .getxattr = ecryptfs_getxattr,
1164         .listxattr = ecryptfs_listxattr,
1165         .removexattr = ecryptfs_removexattr
1166 };
1167
1168 const struct inode_operations ecryptfs_main_iops = {
1169         .permission = ecryptfs_permission,
1170         .setattr = ecryptfs_setattr,
1171         .getattr = ecryptfs_getattr,
1172         .setxattr = ecryptfs_setxattr,
1173         .getxattr = ecryptfs_getxattr,
1174         .listxattr = ecryptfs_listxattr,
1175         .removexattr = ecryptfs_removexattr
1176 };