162306a36Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0-or-later 262306a36Sopenharmony_ci/* 362306a36Sopenharmony_ci * eCryptfs: Linux filesystem encryption layer 462306a36Sopenharmony_ci * 562306a36Sopenharmony_ci * Copyright (C) 2008 International Business Machines Corp. 662306a36Sopenharmony_ci * Author(s): Michael A. Halcrow <mahalcro@us.ibm.com> 762306a36Sopenharmony_ci */ 862306a36Sopenharmony_ci 962306a36Sopenharmony_ci#include <linux/kthread.h> 1062306a36Sopenharmony_ci#include <linux/freezer.h> 1162306a36Sopenharmony_ci#include <linux/slab.h> 1262306a36Sopenharmony_ci#include <linux/wait.h> 1362306a36Sopenharmony_ci#include <linux/mount.h> 1462306a36Sopenharmony_ci#include "ecryptfs_kernel.h" 1562306a36Sopenharmony_ci 1662306a36Sopenharmony_cistruct ecryptfs_open_req { 1762306a36Sopenharmony_ci struct file **lower_file; 1862306a36Sopenharmony_ci struct path path; 1962306a36Sopenharmony_ci struct completion done; 2062306a36Sopenharmony_ci struct list_head kthread_ctl_list; 2162306a36Sopenharmony_ci}; 2262306a36Sopenharmony_ci 2362306a36Sopenharmony_cistatic struct ecryptfs_kthread_ctl { 2462306a36Sopenharmony_ci#define ECRYPTFS_KTHREAD_ZOMBIE 0x00000001 2562306a36Sopenharmony_ci u32 flags; 2662306a36Sopenharmony_ci struct mutex mux; 2762306a36Sopenharmony_ci struct list_head req_list; 2862306a36Sopenharmony_ci wait_queue_head_t wait; 2962306a36Sopenharmony_ci} ecryptfs_kthread_ctl; 3062306a36Sopenharmony_ci 3162306a36Sopenharmony_cistatic struct task_struct *ecryptfs_kthread; 3262306a36Sopenharmony_ci 3362306a36Sopenharmony_ci/** 3462306a36Sopenharmony_ci * ecryptfs_threadfn 3562306a36Sopenharmony_ci * @ignored: ignored 3662306a36Sopenharmony_ci * 3762306a36Sopenharmony_ci * The eCryptfs kernel thread that has the responsibility of getting 3862306a36Sopenharmony_ci * the lower file with RW permissions. 3962306a36Sopenharmony_ci * 4062306a36Sopenharmony_ci * Returns zero on success; non-zero otherwise 4162306a36Sopenharmony_ci */ 4262306a36Sopenharmony_cistatic int ecryptfs_threadfn(void *ignored) 4362306a36Sopenharmony_ci{ 4462306a36Sopenharmony_ci set_freezable(); 4562306a36Sopenharmony_ci while (1) { 4662306a36Sopenharmony_ci struct ecryptfs_open_req *req; 4762306a36Sopenharmony_ci 4862306a36Sopenharmony_ci wait_event_freezable( 4962306a36Sopenharmony_ci ecryptfs_kthread_ctl.wait, 5062306a36Sopenharmony_ci (!list_empty(&ecryptfs_kthread_ctl.req_list) 5162306a36Sopenharmony_ci || kthread_should_stop())); 5262306a36Sopenharmony_ci mutex_lock(&ecryptfs_kthread_ctl.mux); 5362306a36Sopenharmony_ci if (ecryptfs_kthread_ctl.flags & ECRYPTFS_KTHREAD_ZOMBIE) { 5462306a36Sopenharmony_ci mutex_unlock(&ecryptfs_kthread_ctl.mux); 5562306a36Sopenharmony_ci goto out; 5662306a36Sopenharmony_ci } 5762306a36Sopenharmony_ci while (!list_empty(&ecryptfs_kthread_ctl.req_list)) { 5862306a36Sopenharmony_ci req = list_first_entry(&ecryptfs_kthread_ctl.req_list, 5962306a36Sopenharmony_ci struct ecryptfs_open_req, 6062306a36Sopenharmony_ci kthread_ctl_list); 6162306a36Sopenharmony_ci list_del(&req->kthread_ctl_list); 6262306a36Sopenharmony_ci *req->lower_file = dentry_open(&req->path, 6362306a36Sopenharmony_ci (O_RDWR | O_LARGEFILE), current_cred()); 6462306a36Sopenharmony_ci complete(&req->done); 6562306a36Sopenharmony_ci } 6662306a36Sopenharmony_ci mutex_unlock(&ecryptfs_kthread_ctl.mux); 6762306a36Sopenharmony_ci } 6862306a36Sopenharmony_ciout: 6962306a36Sopenharmony_ci return 0; 7062306a36Sopenharmony_ci} 7162306a36Sopenharmony_ci 7262306a36Sopenharmony_ciint __init ecryptfs_init_kthread(void) 7362306a36Sopenharmony_ci{ 7462306a36Sopenharmony_ci int rc = 0; 7562306a36Sopenharmony_ci 7662306a36Sopenharmony_ci mutex_init(&ecryptfs_kthread_ctl.mux); 7762306a36Sopenharmony_ci init_waitqueue_head(&ecryptfs_kthread_ctl.wait); 7862306a36Sopenharmony_ci INIT_LIST_HEAD(&ecryptfs_kthread_ctl.req_list); 7962306a36Sopenharmony_ci ecryptfs_kthread = kthread_run(&ecryptfs_threadfn, NULL, 8062306a36Sopenharmony_ci "ecryptfs-kthread"); 8162306a36Sopenharmony_ci if (IS_ERR(ecryptfs_kthread)) { 8262306a36Sopenharmony_ci rc = PTR_ERR(ecryptfs_kthread); 8362306a36Sopenharmony_ci printk(KERN_ERR "%s: Failed to create kernel thread; rc = [%d]" 8462306a36Sopenharmony_ci "\n", __func__, rc); 8562306a36Sopenharmony_ci } 8662306a36Sopenharmony_ci return rc; 8762306a36Sopenharmony_ci} 8862306a36Sopenharmony_ci 8962306a36Sopenharmony_civoid ecryptfs_destroy_kthread(void) 9062306a36Sopenharmony_ci{ 9162306a36Sopenharmony_ci struct ecryptfs_open_req *req, *tmp; 9262306a36Sopenharmony_ci 9362306a36Sopenharmony_ci mutex_lock(&ecryptfs_kthread_ctl.mux); 9462306a36Sopenharmony_ci ecryptfs_kthread_ctl.flags |= ECRYPTFS_KTHREAD_ZOMBIE; 9562306a36Sopenharmony_ci list_for_each_entry_safe(req, tmp, &ecryptfs_kthread_ctl.req_list, 9662306a36Sopenharmony_ci kthread_ctl_list) { 9762306a36Sopenharmony_ci list_del(&req->kthread_ctl_list); 9862306a36Sopenharmony_ci *req->lower_file = ERR_PTR(-EIO); 9962306a36Sopenharmony_ci complete(&req->done); 10062306a36Sopenharmony_ci } 10162306a36Sopenharmony_ci mutex_unlock(&ecryptfs_kthread_ctl.mux); 10262306a36Sopenharmony_ci kthread_stop(ecryptfs_kthread); 10362306a36Sopenharmony_ci wake_up(&ecryptfs_kthread_ctl.wait); 10462306a36Sopenharmony_ci} 10562306a36Sopenharmony_ci 10662306a36Sopenharmony_ci/** 10762306a36Sopenharmony_ci * ecryptfs_privileged_open 10862306a36Sopenharmony_ci * @lower_file: Result of dentry_open by root on lower dentry 10962306a36Sopenharmony_ci * @lower_dentry: Lower dentry for file to open 11062306a36Sopenharmony_ci * @lower_mnt: Lower vfsmount for file to open 11162306a36Sopenharmony_ci * @cred: credential to use for this call 11262306a36Sopenharmony_ci * 11362306a36Sopenharmony_ci * This function gets a r/w file opened against the lower dentry. 11462306a36Sopenharmony_ci * 11562306a36Sopenharmony_ci * Returns zero on success; non-zero otherwise 11662306a36Sopenharmony_ci */ 11762306a36Sopenharmony_ciint ecryptfs_privileged_open(struct file **lower_file, 11862306a36Sopenharmony_ci struct dentry *lower_dentry, 11962306a36Sopenharmony_ci struct vfsmount *lower_mnt, 12062306a36Sopenharmony_ci const struct cred *cred) 12162306a36Sopenharmony_ci{ 12262306a36Sopenharmony_ci struct ecryptfs_open_req req; 12362306a36Sopenharmony_ci int flags = O_LARGEFILE; 12462306a36Sopenharmony_ci int rc = 0; 12562306a36Sopenharmony_ci 12662306a36Sopenharmony_ci init_completion(&req.done); 12762306a36Sopenharmony_ci req.lower_file = lower_file; 12862306a36Sopenharmony_ci req.path.dentry = lower_dentry; 12962306a36Sopenharmony_ci req.path.mnt = lower_mnt; 13062306a36Sopenharmony_ci 13162306a36Sopenharmony_ci /* Corresponding dput() and mntput() are done when the 13262306a36Sopenharmony_ci * lower file is fput() when all eCryptfs files for the inode are 13362306a36Sopenharmony_ci * released. */ 13462306a36Sopenharmony_ci flags |= IS_RDONLY(d_inode(lower_dentry)) ? O_RDONLY : O_RDWR; 13562306a36Sopenharmony_ci (*lower_file) = dentry_open(&req.path, flags, cred); 13662306a36Sopenharmony_ci if (!IS_ERR(*lower_file)) 13762306a36Sopenharmony_ci goto out; 13862306a36Sopenharmony_ci if ((flags & O_ACCMODE) == O_RDONLY) { 13962306a36Sopenharmony_ci rc = PTR_ERR((*lower_file)); 14062306a36Sopenharmony_ci goto out; 14162306a36Sopenharmony_ci } 14262306a36Sopenharmony_ci mutex_lock(&ecryptfs_kthread_ctl.mux); 14362306a36Sopenharmony_ci if (ecryptfs_kthread_ctl.flags & ECRYPTFS_KTHREAD_ZOMBIE) { 14462306a36Sopenharmony_ci rc = -EIO; 14562306a36Sopenharmony_ci mutex_unlock(&ecryptfs_kthread_ctl.mux); 14662306a36Sopenharmony_ci printk(KERN_ERR "%s: We are in the middle of shutting down; " 14762306a36Sopenharmony_ci "aborting privileged request to open lower file\n", 14862306a36Sopenharmony_ci __func__); 14962306a36Sopenharmony_ci goto out; 15062306a36Sopenharmony_ci } 15162306a36Sopenharmony_ci list_add_tail(&req.kthread_ctl_list, &ecryptfs_kthread_ctl.req_list); 15262306a36Sopenharmony_ci mutex_unlock(&ecryptfs_kthread_ctl.mux); 15362306a36Sopenharmony_ci wake_up(&ecryptfs_kthread_ctl.wait); 15462306a36Sopenharmony_ci wait_for_completion(&req.done); 15562306a36Sopenharmony_ci if (IS_ERR(*lower_file)) 15662306a36Sopenharmony_ci rc = PTR_ERR(*lower_file); 15762306a36Sopenharmony_ciout: 15862306a36Sopenharmony_ci return rc; 15962306a36Sopenharmony_ci} 160