^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1) // SPDX-License-Identifier: GPL-2.0-or-later
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3) * eCryptfs: Linux filesystem encryption layer
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5) * Copyright (C) 2008 International Business Machines Corp.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6) * Author(s): Michael A. Halcrow <mahalcro@us.ibm.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 8)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 9) #include <linux/kthread.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) #include <linux/freezer.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) #include <linux/slab.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) #include <linux/wait.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) #include <linux/mount.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) #include "ecryptfs_kernel.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) struct ecryptfs_open_req {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) struct file **lower_file;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) struct path path;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) struct completion done;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) struct list_head kthread_ctl_list;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) static struct ecryptfs_kthread_ctl {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) #define ECRYPTFS_KTHREAD_ZOMBIE 0x00000001
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25) u32 flags;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) struct mutex mux;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) struct list_head req_list;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28) wait_queue_head_t wait;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29) } ecryptfs_kthread_ctl;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31) static struct task_struct *ecryptfs_kthread;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34) * ecryptfs_threadfn
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) * @ignored: ignored
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37) * The eCryptfs kernel thread that has the responsibility of getting
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) * the lower file with RW permissions.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40) * Returns zero on success; non-zero otherwise
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42) static int ecryptfs_threadfn(void *ignored)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44) set_freezable();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) while (1) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46) struct ecryptfs_open_req *req;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48) wait_event_freezable(
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49) ecryptfs_kthread_ctl.wait,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50) (!list_empty(&ecryptfs_kthread_ctl.req_list)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51) || kthread_should_stop()));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52) mutex_lock(&ecryptfs_kthread_ctl.mux);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53) if (ecryptfs_kthread_ctl.flags & ECRYPTFS_KTHREAD_ZOMBIE) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54) mutex_unlock(&ecryptfs_kthread_ctl.mux);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 56) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 57) while (!list_empty(&ecryptfs_kthread_ctl.req_list)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 58) req = list_first_entry(&ecryptfs_kthread_ctl.req_list,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 59) struct ecryptfs_open_req,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 60) kthread_ctl_list);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 61) list_del(&req->kthread_ctl_list);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 62) *req->lower_file = dentry_open(&req->path,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 63) (O_RDWR | O_LARGEFILE), current_cred());
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 64) complete(&req->done);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 65) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 66) mutex_unlock(&ecryptfs_kthread_ctl.mux);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 67) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 68) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 69) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 70) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 71)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 72) int __init ecryptfs_init_kthread(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 73) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 74) int rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 75)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 76) mutex_init(&ecryptfs_kthread_ctl.mux);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 77) init_waitqueue_head(&ecryptfs_kthread_ctl.wait);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 78) INIT_LIST_HEAD(&ecryptfs_kthread_ctl.req_list);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 79) ecryptfs_kthread = kthread_run(&ecryptfs_threadfn, NULL,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 80) "ecryptfs-kthread");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 81) if (IS_ERR(ecryptfs_kthread)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 82) rc = PTR_ERR(ecryptfs_kthread);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 83) printk(KERN_ERR "%s: Failed to create kernel thread; rc = [%d]"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 84) "\n", __func__, rc);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 85) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 86) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 87) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 88)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 89) void ecryptfs_destroy_kthread(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 90) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 91) struct ecryptfs_open_req *req, *tmp;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 92)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 93) mutex_lock(&ecryptfs_kthread_ctl.mux);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 94) ecryptfs_kthread_ctl.flags |= ECRYPTFS_KTHREAD_ZOMBIE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 95) list_for_each_entry_safe(req, tmp, &ecryptfs_kthread_ctl.req_list,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 96) kthread_ctl_list) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 97) list_del(&req->kthread_ctl_list);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 98) *req->lower_file = ERR_PTR(-EIO);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 99) complete(&req->done);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) mutex_unlock(&ecryptfs_kthread_ctl.mux);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) kthread_stop(ecryptfs_kthread);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) wake_up(&ecryptfs_kthread_ctl.wait);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) * ecryptfs_privileged_open
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) * @lower_file: Result of dentry_open by root on lower dentry
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) * @lower_dentry: Lower dentry for file to open
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) * @lower_mnt: Lower vfsmount for file to open
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) * This function gets a r/w file opened against the lower dentry.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114) * Returns zero on success; non-zero otherwise
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) int ecryptfs_privileged_open(struct file **lower_file,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) struct dentry *lower_dentry,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) struct vfsmount *lower_mnt,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) const struct cred *cred)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) struct ecryptfs_open_req req;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) int flags = O_LARGEFILE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) int rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) init_completion(&req.done);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) req.lower_file = lower_file;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) req.path.dentry = lower_dentry;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128) req.path.mnt = lower_mnt;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) /* Corresponding dput() and mntput() are done when the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131) * lower file is fput() when all eCryptfs files for the inode are
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132) * released. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133) flags |= IS_RDONLY(d_inode(lower_dentry)) ? O_RDONLY : O_RDWR;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) (*lower_file) = dentry_open(&req.path, flags, cred);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) if (!IS_ERR(*lower_file))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) if ((flags & O_ACCMODE) == O_RDONLY) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138) rc = PTR_ERR((*lower_file));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141) mutex_lock(&ecryptfs_kthread_ctl.mux);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142) if (ecryptfs_kthread_ctl.flags & ECRYPTFS_KTHREAD_ZOMBIE) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143) rc = -EIO;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144) mutex_unlock(&ecryptfs_kthread_ctl.mux);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145) printk(KERN_ERR "%s: We are in the middle of shutting down; "
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) "aborting privileged request to open lower file\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147) __func__);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150) list_add_tail(&req.kthread_ctl_list, &ecryptfs_kthread_ctl.req_list);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151) mutex_unlock(&ecryptfs_kthread_ctl.mux);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152) wake_up(&ecryptfs_kthread_ctl.wait);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153) wait_for_completion(&req.done);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154) if (IS_ERR(*lower_file))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155) rc = PTR_ERR(*lower_file);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158) }
Orange Pi5 kernel
Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards
3 Commits
0 Branches
0 Tags