Merge tag 'fscrypt-for-linus' of git://git.kernel.org/pub/scm/fs/fscrypt/fscrypt

	va_start(args, fmt);

	vaf.fmt = fmt;

	vaf.va = &args;

	if (inode)

	if (inode && inode->i_ino)

		printk("%sfscrypt (%s, inode %lu): %pV\n",

		       level, inode->i_sb->s_id, inode->i_ino, &vaf);

	else if (inode)

		printk("%sfscrypt (%s): %pV\n", level, inode->i_sb->s_id, &vaf);

	else

		printk("%sfscrypt: %pV\n", level, &vaf);

	va_end(args);

 */

#define FSCRYPT_NOKEY_NAME_MAX	offsetofend(struct fscrypt_nokey_name, sha256)

static void fscrypt_do_sha256(const u8 *data, unsigned int data_len, u8 *result)

{

	struct sha256_state sctx;

	sha256_init(&sctx);

	sha256_update(&sctx, data, data_len);

	sha256_final(&sctx, result);

}

static inline bool fscrypt_is_dot_dotdot(const struct qstr *str)

{

	if (str->len == 1 && str->name[0] == '.')

	return cp - dst;

}

bool fscrypt_fname_encrypted_size(const struct inode *inode, u32 orig_len,

				  u32 max_len, u32 *encrypted_len_ret)

bool fscrypt_fname_encrypted_size(const union fscrypt_policy *policy,

				  u32 orig_len, u32 max_len,

				  u32 *encrypted_len_ret)

{

	const struct fscrypt_info *ci = inode->i_crypt_info;

	int padding = 4 << (fscrypt_policy_flags(&ci->ci_policy) &

	int padding = 4 << (fscrypt_policy_flags(policy) &

			    FSCRYPT_POLICY_FLAGS_PAD_MASK);

	u32 encrypted_len;

/**

 * fscrypt_fname_alloc_buffer() - allocate a buffer for presented filenames

 * @inode: inode of the parent directory (for regular filenames)

 *	   or of the symlink (for symlink targets)

 * @max_encrypted_len: maximum length of encrypted filenames the buffer will be

 *		       used to present

 * @crypto_str: (output) buffer to allocate

 *

 * Return: 0 on success, -errno on failure

 */

int fscrypt_fname_alloc_buffer(const struct inode *inode,

			       u32 max_encrypted_len,

int fscrypt_fname_alloc_buffer(u32 max_encrypted_len,

			       struct fscrypt_str *crypto_str)

{

	const u32 max_encoded_len = BASE64_CHARS(FSCRYPT_NOKEY_NAME_MAX);

	} else {

		memcpy(nokey_name.bytes, iname->name, sizeof(nokey_name.bytes));

		/* Compute strong hash of remaining part of name. */

		fscrypt_do_sha256(&iname->name[sizeof(nokey_name.bytes)],

		sha256(&iname->name[sizeof(nokey_name.bytes)],

		       iname->len - sizeof(nokey_name.bytes),

		       nokey_name.sha256);

		size = FSCRYPT_NOKEY_NAME_MAX;

 * directory's encryption key, then @iname is the plaintext, so we encrypt it to

 * get the disk_name.

 *

 * Else, for keyless @lookup operations, @iname is the presented ciphertext, so

 * we decode it to get the fscrypt_nokey_name.  Non-@lookup operations will be

 * impossible in this case, so we fail them with ENOKEY.

 * Else, for keyless @lookup operations, @iname should be a no-key name, so we

 * decode it to get the struct fscrypt_nokey_name.  Non-@lookup operations will

 * be impossible in this case, so we fail them with ENOKEY.

 *

 * If successful, fscrypt_free_filename() must be called later to clean up.

 *

		return ret;

	if (fscrypt_has_encryption_key(dir)) {

		if (!fscrypt_fname_encrypted_size(dir, iname->len,

		if (!fscrypt_fname_encrypted_size(&dir->i_crypt_info->ci_policy,

						  iname->len,

						  dir->i_sb->s_cop->max_namelen,

						  &fname->crypto_buf.len))

			return -ENAMETOOLONG;

	}

	if (!lookup)

		return -ENOKEY;

	fname->is_ciphertext_name = true;

	fname->is_nokey_name = true;

	/*

	 * We don't have the key and we are doing a lookup; decode the

{

	const struct fscrypt_nokey_name *nokey_name =

		(const void *)fname->crypto_buf.name;

	u8 sha256[SHA256_DIGEST_SIZE];

	u8 digest[SHA256_DIGEST_SIZE];

	if (likely(fname->disk_name.name)) {

		if (de_name_len != fname->disk_name.len)

		return false;

	if (memcmp(de_name, nokey_name->bytes, sizeof(nokey_name->bytes)))

		return false;

	fscrypt_do_sha256(&de_name[sizeof(nokey_name->bytes)],

			  de_name_len - sizeof(nokey_name->bytes), sha256);

	return !memcmp(sha256, nokey_name->sha256, sizeof(sha256));

	sha256(&de_name[sizeof(nokey_name->bytes)],

	       de_name_len - sizeof(nokey_name->bytes), digest);

	return !memcmp(digest, nokey_name->sha256, sizeof(digest));

}

EXPORT_SYMBOL_GPL(fscrypt_match_name);

 * Validate dentries in encrypted directories to make sure we aren't potentially

 * caching stale dentries after a key has been added.

 */

static int fscrypt_d_revalidate(struct dentry *dentry, unsigned int flags)

int fscrypt_d_revalidate(struct dentry *dentry, unsigned int flags)

{

	struct dentry *dir;

	int err;

	/*

	 * Plaintext names are always valid, since fscrypt doesn't support

	 * reverting to ciphertext names without evicting the directory's inode

	 * reverting to no-key names without evicting the directory's inode

	 * -- which implies eviction of the dentries in the directory.

	 */

	if (!(dentry->d_flags & DCACHE_ENCRYPTED_NAME))

	if (!(dentry->d_flags & DCACHE_NOKEY_NAME))

		return 1;

	/*

	 * Ciphertext name; valid if the directory's key is still unavailable.

	 * No-key name; valid if the directory's key is still unavailable.

	 *

	 * Although fscrypt forbids rename() on ciphertext names, we still must

	 * use dget_parent() here rather than use ->d_parent directly.  That's

	 * Although fscrypt forbids rename() on no-key names, we still must use

	 * dget_parent() here rather than use ->d_parent directly.  That's

	 * because a corrupted fs image may contain directory hard links, which

	 * the VFS handles by moving the directory's dentry tree in the dcache

	 * each time ->lookup() finds the directory and it already has a dentry

	return valid;

}

EXPORT_SYMBOL_GPL(fscrypt_d_revalidate);

const struct dentry_operations fscrypt_d_ops = {

	.d_revalidate = fscrypt_d_revalidate,

	return NULL;

}

#undef fscrypt_policy

union fscrypt_policy {

	u8 version;

	struct fscrypt_policy_v1 v1;

/* fname.c */

int fscrypt_fname_encrypt(const struct inode *inode, const struct qstr *iname,

			  u8 *out, unsigned int olen);

bool fscrypt_fname_encrypted_size(const struct inode *inode, u32 orig_len,

				  u32 max_len, u32 *encrypted_len_ret);

bool fscrypt_fname_encrypted_size(const union fscrypt_policy *policy,

				  u32 orig_len, u32 max_len,

				  u32 *encrypted_len_ret);

extern const struct dentry_operations fscrypt_d_ops;

/* hkdf.c */

int fscrypt_derive_dirhash_key(struct fscrypt_info *ci,

			       const struct fscrypt_master_key *mk);

void fscrypt_hash_inode_number(struct fscrypt_info *ci,

			       const struct fscrypt_master_key *mk);

/* keysetup_v1.c */

void fscrypt_put_direct_key(struct fscrypt_direct_key *dk);

int fscrypt_policy_from_context(union fscrypt_policy *policy_u,

				const union fscrypt_context *ctx_u,

				int ctx_size);

const union fscrypt_policy *fscrypt_policy_to_inherit(struct inode *dir);

#endif /* _FSCRYPT_PRIVATE_H */

	if (err)

		return err;

	/* ... in case we looked up ciphertext name before key was added */

	if (dentry->d_flags & DCACHE_ENCRYPTED_NAME)

	/* ... in case we looked up no-key name before key was added */

	if (dentry->d_flags & DCACHE_NOKEY_NAME)

		return -ENOKEY;

	if (!fscrypt_has_permitted_context(dir, inode))

	if (err)

		return err;

	/* ... in case we looked up ciphertext name(s) before key was added */

	if ((old_dentry->d_flags | new_dentry->d_flags) &

	    DCACHE_ENCRYPTED_NAME)

	/* ... in case we looked up no-key name(s) before key was added */

	if ((old_dentry->d_flags | new_dentry->d_flags) & DCACHE_NOKEY_NAME)

		return -ENOKEY;

	if (old_dir != new_dir) {

	if (err && err != -ENOENT)

		return err;

	if (fname->is_ciphertext_name) {

	if (fname->is_nokey_name) {

		spin_lock(&dentry->d_lock);

		dentry->d_flags |= DCACHE_ENCRYPTED_NAME;

		dentry->d_flags |= DCACHE_NOKEY_NAME;

		spin_unlock(&dentry->d_lock);

		d_set_d_op(dentry, &fscrypt_d_ops);

	}

	return 0;

}

int __fscrypt_prepare_symlink(struct inode *dir, unsigned int len,

			      unsigned int max_len,

/**

 * fscrypt_prepare_symlink() - prepare to create a possibly-encrypted symlink

 * @dir: directory in which the symlink is being created

 * @target: plaintext symlink target

 * @len: length of @target excluding null terminator

 * @max_len: space the filesystem has available to store the symlink target

 * @disk_link: (out) the on-disk symlink target being prepared

 *

 * This function computes the size the symlink target will require on-disk,

 * stores it in @disk_link->len, and validates it against @max_len.  An

 * encrypted symlink may be longer than the original.

 *

 * Additionally, @disk_link->name is set to @target if the symlink will be

 * unencrypted, but left NULL if the symlink will be encrypted.  For encrypted

 * symlinks, the filesystem must call fscrypt_encrypt_symlink() to create the

 * on-disk target later.  (The reason for the two-step process is that some

 * filesystems need to know the size of the symlink target before creating the

 * inode, e.g. to determine whether it will be a "fast" or "slow" symlink.)

 *

 * Return: 0 on success, -ENAMETOOLONG if the symlink target is too long,

 * -ENOKEY if the encryption key is missing, or another -errno code if a problem

 * occurred while setting up the encryption key.

 */

int fscrypt_prepare_symlink(struct inode *dir, const char *target,

			    unsigned int len, unsigned int max_len,

			    struct fscrypt_str *disk_link)

{

	int err;

	const union fscrypt_policy *policy;

	/*

	 * To calculate the size of the encrypted symlink target we need to know

	 * the amount of NUL padding, which is determined by the flags set in

	 * the encryption policy which will be inherited from the directory.

	 * The easiest way to get access to this is to just load the directory's

	 * fscrypt_info, since we'll need it to create the dir_entry anyway.

	 *

	 * Note: in test_dummy_encryption mode, @dir may be unencrypted.

	 */

	err = fscrypt_get_encryption_info(dir);

	if (err)

		return err;

	if (!fscrypt_has_encryption_key(dir))

		return -ENOKEY;

	policy = fscrypt_policy_to_inherit(dir);

	if (policy == NULL) {

		/* Not encrypted */

		disk_link->name = (unsigned char *)target;

		disk_link->len = len + 1;

		if (disk_link->len > max_len)

			return -ENAMETOOLONG;

		return 0;

	}

	if (IS_ERR(policy))

		return PTR_ERR(policy);

	/*

	 * Calculate the size of the encrypted symlink and verify it won't

	 * counting it (even though it is meaningless for ciphertext) is simpler

	 * for now since filesystems will assume it is there and subtract it.

	 */

	if (!fscrypt_fname_encrypted_size(dir, len,

	if (!fscrypt_fname_encrypted_size(policy, len,

					  max_len - sizeof(struct fscrypt_symlink_data),

					  &disk_link->len))

		return -ENAMETOOLONG;

	disk_link->name = NULL;

	return 0;

}

EXPORT_SYMBOL_GPL(__fscrypt_prepare_symlink);

EXPORT_SYMBOL_GPL(fscrypt_prepare_symlink);

int __fscrypt_encrypt_symlink(struct inode *inode, const char *target,

			      unsigned int len, struct fscrypt_str *disk_link)

	struct fscrypt_symlink_data *sd;

	unsigned int ciphertext_len;

	err = fscrypt_require_key(inode);

	if (err)

		return err;

	/*

	 * fscrypt_prepare_new_inode() should have already set up the new

	 * symlink inode's encryption key.  We don't wait until now to do it,

	 * since we may be in a filesystem transaction now.

	 */

	if (WARN_ON_ONCE(!fscrypt_has_encryption_key(inode)))

		return -ENOKEY;

	if (disk_link->name) {

		/* filesystem-provided buffer */

	if (cstr.len + sizeof(*sd) - 1 > max_size)

		return ERR_PTR(-EUCLEAN);

	err = fscrypt_fname_alloc_buffer(inode, cstr.len, &pstr);

	err = fscrypt_fname_alloc_buffer(cstr.len, &pstr);

	if (err)

		return ERR_PTR(err);

	crypto_cfg.data_unit_size = sb->s_blocksize;

	crypto_cfg.dun_bytes = fscrypt_get_dun_bytes(ci);

	num_devs = fscrypt_get_num_devices(sb);

	devs = kmalloc_array(num_devs, sizeof(*devs), GFP_NOFS);

	devs = kmalloc_array(num_devs, sizeof(*devs), GFP_KERNEL);

	if (!devs)

		return -ENOMEM;

	fscrypt_get_devices(sb, num_devs, devs);

	struct fscrypt_blk_crypto_key *blk_key;

	int err;

	int i;

	unsigned int flags;

	blk_key = kzalloc(struct_size(blk_key, devs, num_devs), GFP_NOFS);

	blk_key = kzalloc(struct_size(blk_key, devs, num_devs), GFP_KERNEL);

	if (!blk_key)

		return -ENOMEM;

		}

		queue_refs++;

		flags = memalloc_nofs_save();

		err = blk_crypto_start_using_key(&blk_key->base,

						 blk_key->devs[i]);

		memalloc_nofs_restore(flags);

		if (err) {

			fscrypt_err(inode,

				    "error %d starting to use blk-crypto", err);