linux/fs/ecryptfs/miscdev.c
<<
>>
Prefs
   1/**
   2 * eCryptfs: Linux filesystem encryption layer
   3 *
   4 * Copyright (C) 2008 International Business Machines Corp.
   5 *   Author(s): Michael A. Halcrow <mhalcrow@us.ibm.com>
   6 *
   7 * This program is free software; you can redistribute it and/or
   8 * modify it under the terms of the GNU General Public License version
   9 * 2 as published by the Free Software Foundation.
  10 *
  11 * This program is distributed in the hope that it will be useful, but
  12 * WITHOUT ANY WARRANTY; without even the implied warranty of
  13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  14 * General Public License for more details.
  15 *
  16 * You should have received a copy of the GNU General Public License
  17 * along with this program; if not, write to the Free Software
  18 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
  19 * 02111-1307, USA.
  20 */
  21
  22#include <linux/fs.h>
  23#include <linux/hash.h>
  24#include <linux/random.h>
  25#include <linux/miscdevice.h>
  26#include <linux/poll.h>
  27#include <linux/slab.h>
  28#include <linux/wait.h>
  29#include <linux/module.h>
  30#include "ecryptfs_kernel.h"
  31
  32static atomic_t ecryptfs_num_miscdev_opens;
  33
  34/**
  35 * ecryptfs_miscdev_poll
  36 * @file: dev file
  37 * @pt: dev poll table (ignored)
  38 *
  39 * Returns the poll mask
  40 */
  41static unsigned int
  42ecryptfs_miscdev_poll(struct file *file, poll_table *pt)
  43{
  44        struct ecryptfs_daemon *daemon = file->private_data;
  45        unsigned int mask = 0;
  46
  47        mutex_lock(&daemon->mux);
  48        if (daemon->flags & ECRYPTFS_DAEMON_ZOMBIE) {
  49                printk(KERN_WARNING "%s: Attempt to poll on zombified "
  50                       "daemon\n", __func__);
  51                goto out_unlock_daemon;
  52        }
  53        if (daemon->flags & ECRYPTFS_DAEMON_IN_READ)
  54                goto out_unlock_daemon;
  55        if (daemon->flags & ECRYPTFS_DAEMON_IN_POLL)
  56                goto out_unlock_daemon;
  57        daemon->flags |= ECRYPTFS_DAEMON_IN_POLL;
  58        mutex_unlock(&daemon->mux);
  59        poll_wait(file, &daemon->wait, pt);
  60        mutex_lock(&daemon->mux);
  61        if (!list_empty(&daemon->msg_ctx_out_queue))
  62                mask |= POLLIN | POLLRDNORM;
  63out_unlock_daemon:
  64        daemon->flags &= ~ECRYPTFS_DAEMON_IN_POLL;
  65        mutex_unlock(&daemon->mux);
  66        return mask;
  67}
  68
  69/**
  70 * ecryptfs_miscdev_open
  71 * @inode: inode of miscdev handle (ignored)
  72 * @file: file for miscdev handle
  73 *
  74 * Returns zero on success; non-zero otherwise
  75 */
  76static int
  77ecryptfs_miscdev_open(struct inode *inode, struct file *file)
  78{
  79        struct ecryptfs_daemon *daemon = NULL;
  80        int rc;
  81
  82        mutex_lock(&ecryptfs_daemon_hash_mux);
  83        rc = try_module_get(THIS_MODULE);
  84        if (rc == 0) {
  85                rc = -EIO;
  86                printk(KERN_ERR "%s: Error attempting to increment module use "
  87                       "count; rc = [%d]\n", __func__, rc);
  88                goto out_unlock_daemon_list;
  89        }
  90        rc = ecryptfs_find_daemon_by_euid(&daemon);
  91        if (!rc) {
  92                rc = -EINVAL;
  93                goto out_unlock_daemon_list;
  94        }
  95        rc = ecryptfs_spawn_daemon(&daemon, file);
  96        if (rc) {
  97                printk(KERN_ERR "%s: Error attempting to spawn daemon; "
  98                       "rc = [%d]\n", __func__, rc);
  99                goto out_module_put_unlock_daemon_list;
 100        }
 101        mutex_lock(&daemon->mux);
 102        if (daemon->flags & ECRYPTFS_DAEMON_MISCDEV_OPEN) {
 103                rc = -EBUSY;
 104                goto out_unlock_daemon;
 105        }
 106        daemon->flags |= ECRYPTFS_DAEMON_MISCDEV_OPEN;
 107        file->private_data = daemon;
 108        atomic_inc(&ecryptfs_num_miscdev_opens);
 109out_unlock_daemon:
 110        mutex_unlock(&daemon->mux);
 111out_module_put_unlock_daemon_list:
 112        if (rc)
 113                module_put(THIS_MODULE);
 114out_unlock_daemon_list:
 115        mutex_unlock(&ecryptfs_daemon_hash_mux);
 116        return rc;
 117}
 118
 119/**
 120 * ecryptfs_miscdev_release
 121 * @inode: inode of fs/ecryptfs/euid handle (ignored)
 122 * @file: file for fs/ecryptfs/euid handle
 123 *
 124 * This keeps the daemon registered until the daemon sends another
 125 * ioctl to fs/ecryptfs/ctl or until the kernel module unregisters.
 126 *
 127 * Returns zero on success; non-zero otherwise
 128 */
 129static int
 130ecryptfs_miscdev_release(struct inode *inode, struct file *file)
 131{
 132        struct ecryptfs_daemon *daemon = file->private_data;
 133        int rc;
 134
 135        mutex_lock(&daemon->mux);
 136        BUG_ON(!(daemon->flags & ECRYPTFS_DAEMON_MISCDEV_OPEN));
 137        daemon->flags &= ~ECRYPTFS_DAEMON_MISCDEV_OPEN;
 138        atomic_dec(&ecryptfs_num_miscdev_opens);
 139        mutex_unlock(&daemon->mux);
 140
 141        mutex_lock(&ecryptfs_daemon_hash_mux);
 142        rc = ecryptfs_exorcise_daemon(daemon);
 143        mutex_unlock(&ecryptfs_daemon_hash_mux);
 144        if (rc) {
 145                printk(KERN_CRIT "%s: Fatal error whilst attempting to "
 146                       "shut down daemon; rc = [%d]. Please report this "
 147                       "bug.\n", __func__, rc);
 148                BUG();
 149        }
 150        module_put(THIS_MODULE);
 151        return rc;
 152}
 153
 154/**
 155 * ecryptfs_send_miscdev
 156 * @data: Data to send to daemon; may be NULL
 157 * @data_size: Amount of data to send to daemon
 158 * @msg_ctx: Message context, which is used to handle the reply. If
 159 *           this is NULL, then we do not expect a reply.
 160 * @msg_type: Type of message
 161 * @msg_flags: Flags for message
 162 * @daemon: eCryptfs daemon object
 163 *
 164 * Add msg_ctx to queue and then, if it exists, notify the blocked
 165 * miscdevess about the data being available. Must be called with
 166 * ecryptfs_daemon_hash_mux held.
 167 *
 168 * Returns zero on success; non-zero otherwise
 169 */
 170int ecryptfs_send_miscdev(char *data, size_t data_size,
 171                          struct ecryptfs_msg_ctx *msg_ctx, u8 msg_type,
 172                          u16 msg_flags, struct ecryptfs_daemon *daemon)
 173{
 174        struct ecryptfs_message *msg;
 175
 176        msg = kmalloc((sizeof(*msg) + data_size), GFP_KERNEL);
 177        if (!msg) {
 178                printk(KERN_ERR "%s: Out of memory whilst attempting "
 179                       "to kmalloc(%zd, GFP_KERNEL)\n", __func__,
 180                       (sizeof(*msg) + data_size));
 181                return -ENOMEM;
 182        }
 183
 184        mutex_lock(&msg_ctx->mux);
 185        msg_ctx->msg = msg;
 186        msg_ctx->msg->index = msg_ctx->index;
 187        msg_ctx->msg->data_len = data_size;
 188        msg_ctx->type = msg_type;
 189        memcpy(msg_ctx->msg->data, data, data_size);
 190        msg_ctx->msg_size = (sizeof(*msg_ctx->msg) + data_size);
 191        list_add_tail(&msg_ctx->daemon_out_list, &daemon->msg_ctx_out_queue);
 192        mutex_unlock(&msg_ctx->mux);
 193
 194        mutex_lock(&daemon->mux);
 195        daemon->num_queued_msg_ctx++;
 196        wake_up_interruptible(&daemon->wait);
 197        mutex_unlock(&daemon->mux);
 198
 199        return 0;
 200}
 201
 202/*
 203 * miscdevfs packet format:
 204 *  Octet 0: Type
 205 *  Octets 1-4: network byte order msg_ctx->counter
 206 *  Octets 5-N0: Size of struct ecryptfs_message to follow
 207 *  Octets N0-N1: struct ecryptfs_message (including data)
 208 *
 209 *  Octets 5-N1 not written if the packet type does not include a message
 210 */
 211#define PKT_TYPE_SIZE           1
 212#define PKT_CTR_SIZE            4
 213#define MIN_NON_MSG_PKT_SIZE    (PKT_TYPE_SIZE + PKT_CTR_SIZE)
 214#define MIN_MSG_PKT_SIZE        (PKT_TYPE_SIZE + PKT_CTR_SIZE \
 215                                 + ECRYPTFS_MIN_PKT_LEN_SIZE)
 216/* 4 + ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES comes from tag 65 packet format */
 217#define MAX_MSG_PKT_SIZE        (PKT_TYPE_SIZE + PKT_CTR_SIZE \
 218                                 + ECRYPTFS_MAX_PKT_LEN_SIZE \
 219                                 + sizeof(struct ecryptfs_message) \
 220                                 + 4 + ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES)
 221#define PKT_TYPE_OFFSET         0
 222#define PKT_CTR_OFFSET          PKT_TYPE_SIZE
 223#define PKT_LEN_OFFSET          (PKT_TYPE_SIZE + PKT_CTR_SIZE)
 224
 225/**
 226 * ecryptfs_miscdev_read - format and send message from queue
 227 * @file: miscdevfs handle
 228 * @buf: User buffer into which to copy the next message on the daemon queue
 229 * @count: Amount of space available in @buf
 230 * @ppos: Offset in file (ignored)
 231 *
 232 * Pulls the most recent message from the daemon queue, formats it for
 233 * being sent via a miscdevfs handle, and copies it into @buf
 234 *
 235 * Returns the number of bytes copied into the user buffer
 236 */
 237static ssize_t
 238ecryptfs_miscdev_read(struct file *file, char __user *buf, size_t count,
 239                      loff_t *ppos)
 240{
 241        struct ecryptfs_daemon *daemon = file->private_data;
 242        struct ecryptfs_msg_ctx *msg_ctx;
 243        size_t packet_length_size;
 244        char packet_length[ECRYPTFS_MAX_PKT_LEN_SIZE];
 245        size_t i;
 246        size_t total_length;
 247        int rc;
 248
 249        mutex_lock(&daemon->mux);
 250        if (daemon->flags & ECRYPTFS_DAEMON_ZOMBIE) {
 251                rc = 0;
 252                printk(KERN_WARNING "%s: Attempt to read from zombified "
 253                       "daemon\n", __func__);
 254                goto out_unlock_daemon;
 255        }
 256        if (daemon->flags & ECRYPTFS_DAEMON_IN_READ) {
 257                rc = 0;
 258                goto out_unlock_daemon;
 259        }
 260        /* This daemon will not go away so long as this flag is set */
 261        daemon->flags |= ECRYPTFS_DAEMON_IN_READ;
 262check_list:
 263        if (list_empty(&daemon->msg_ctx_out_queue)) {
 264                mutex_unlock(&daemon->mux);
 265                rc = wait_event_interruptible(
 266                        daemon->wait, !list_empty(&daemon->msg_ctx_out_queue));
 267                mutex_lock(&daemon->mux);
 268                if (rc < 0) {
 269                        rc = 0;
 270                        goto out_unlock_daemon;
 271                }
 272        }
 273        if (daemon->flags & ECRYPTFS_DAEMON_ZOMBIE) {
 274                rc = 0;
 275                goto out_unlock_daemon;
 276        }
 277        if (list_empty(&daemon->msg_ctx_out_queue)) {
 278                /* Something else jumped in since the
 279                 * wait_event_interruptable() and removed the
 280                 * message from the queue; try again */
 281                goto check_list;
 282        }
 283        msg_ctx = list_first_entry(&daemon->msg_ctx_out_queue,
 284                                   struct ecryptfs_msg_ctx, daemon_out_list);
 285        BUG_ON(!msg_ctx);
 286        mutex_lock(&msg_ctx->mux);
 287        if (msg_ctx->msg) {
 288                rc = ecryptfs_write_packet_length(packet_length,
 289                                                  msg_ctx->msg_size,
 290                                                  &packet_length_size);
 291                if (rc) {
 292                        rc = 0;
 293                        printk(KERN_WARNING "%s: Error writing packet length; "
 294                               "rc = [%d]\n", __func__, rc);
 295                        goto out_unlock_msg_ctx;
 296                }
 297        } else {
 298                packet_length_size = 0;
 299                msg_ctx->msg_size = 0;
 300        }
 301        total_length = (PKT_TYPE_SIZE + PKT_CTR_SIZE + packet_length_size
 302                        + msg_ctx->msg_size);
 303        if (count < total_length) {
 304                rc = 0;
 305                printk(KERN_WARNING "%s: Only given user buffer of "
 306                       "size [%zd], but we need [%zd] to read the "
 307                       "pending message\n", __func__, count, total_length);
 308                goto out_unlock_msg_ctx;
 309        }
 310        rc = -EFAULT;
 311        if (put_user(msg_ctx->type, buf))
 312                goto out_unlock_msg_ctx;
 313        if (put_user(cpu_to_be32(msg_ctx->counter),
 314                     (__be32 __user *)(&buf[PKT_CTR_OFFSET])))
 315                goto out_unlock_msg_ctx;
 316        i = PKT_TYPE_SIZE + PKT_CTR_SIZE;
 317        if (msg_ctx->msg) {
 318                if (copy_to_user(&buf[i], packet_length, packet_length_size))
 319                        goto out_unlock_msg_ctx;
 320                i += packet_length_size;
 321                if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size))
 322                        goto out_unlock_msg_ctx;
 323                i += msg_ctx->msg_size;
 324        }
 325        rc = i;
 326        list_del(&msg_ctx->daemon_out_list);
 327        kfree(msg_ctx->msg);
 328        msg_ctx->msg = NULL;
 329        /* We do not expect a reply from the userspace daemon for any
 330         * message type other than ECRYPTFS_MSG_REQUEST */
 331        if (msg_ctx->type != ECRYPTFS_MSG_REQUEST)
 332                ecryptfs_msg_ctx_alloc_to_free(msg_ctx);
 333out_unlock_msg_ctx:
 334        mutex_unlock(&msg_ctx->mux);
 335out_unlock_daemon:
 336        daemon->flags &= ~ECRYPTFS_DAEMON_IN_READ;
 337        mutex_unlock(&daemon->mux);
 338        return rc;
 339}
 340
 341/**
 342 * ecryptfs_miscdev_response - miscdevess response to message previously sent to daemon
 343 * @data: Bytes comprising struct ecryptfs_message
 344 * @data_size: sizeof(struct ecryptfs_message) + data len
 345 * @seq: Sequence number for miscdev response packet
 346 *
 347 * Returns zero on success; non-zero otherwise
 348 */
 349static int ecryptfs_miscdev_response(struct ecryptfs_daemon *daemon, char *data,
 350                                     size_t data_size, u32 seq)
 351{
 352        struct ecryptfs_message *msg = (struct ecryptfs_message *)data;
 353        int rc;
 354
 355        if ((sizeof(*msg) + msg->data_len) != data_size) {
 356                printk(KERN_WARNING "%s: (sizeof(*msg) + msg->data_len) = "
 357                       "[%zd]; data_size = [%zd]. Invalid packet.\n", __func__,
 358                       (sizeof(*msg) + msg->data_len), data_size);
 359                rc = -EINVAL;
 360                goto out;
 361        }
 362        rc = ecryptfs_process_response(daemon, msg, seq);
 363        if (rc)
 364                printk(KERN_ERR
 365                       "Error processing response message; rc = [%d]\n", rc);
 366out:
 367        return rc;
 368}
 369
 370/**
 371 * ecryptfs_miscdev_write - handle write to daemon miscdev handle
 372 * @file: File for misc dev handle
 373 * @buf: Buffer containing user data
 374 * @count: Amount of data in @buf
 375 * @ppos: Pointer to offset in file (ignored)
 376 *
 377 * Returns the number of bytes read from @buf
 378 */
 379static ssize_t
 380ecryptfs_miscdev_write(struct file *file, const char __user *buf,
 381                       size_t count, loff_t *ppos)
 382{
 383        __be32 counter_nbo;
 384        u32 seq;
 385        size_t packet_size, packet_size_length;
 386        char *data;
 387        unsigned char packet_size_peek[ECRYPTFS_MAX_PKT_LEN_SIZE];
 388        ssize_t rc;
 389
 390        if (count == 0) {
 391                return 0;
 392        } else if (count == MIN_NON_MSG_PKT_SIZE) {
 393                /* Likely a harmless MSG_HELO or MSG_QUIT - no packet length */
 394                goto memdup;
 395        } else if (count < MIN_MSG_PKT_SIZE || count > MAX_MSG_PKT_SIZE) {
 396                printk(KERN_WARNING "%s: Acceptable packet size range is "
 397                       "[%d-%zu], but amount of data written is [%zu].",
 398                       __func__, MIN_MSG_PKT_SIZE, MAX_MSG_PKT_SIZE, count);
 399                return -EINVAL;
 400        }
 401
 402        if (copy_from_user(packet_size_peek, &buf[PKT_LEN_OFFSET],
 403                           sizeof(packet_size_peek))) {
 404                printk(KERN_WARNING "%s: Error while inspecting packet size\n",
 405                       __func__);
 406                return -EFAULT;
 407        }
 408
 409        rc = ecryptfs_parse_packet_length(packet_size_peek, &packet_size,
 410                                          &packet_size_length);
 411        if (rc) {
 412                printk(KERN_WARNING "%s: Error parsing packet length; "
 413                       "rc = [%zd]\n", __func__, rc);
 414                return rc;
 415        }
 416
 417        if ((PKT_TYPE_SIZE + PKT_CTR_SIZE + packet_size_length + packet_size)
 418            != count) {
 419                printk(KERN_WARNING "%s: Invalid packet size [%zu]\n", __func__,
 420                       packet_size);
 421                return -EINVAL;
 422        }
 423
 424memdup:
 425        data = memdup_user(buf, count);
 426        if (IS_ERR(data)) {
 427                printk(KERN_ERR "%s: memdup_user returned error [%ld]\n",
 428                       __func__, PTR_ERR(data));
 429                return PTR_ERR(data);
 430        }
 431        switch (data[PKT_TYPE_OFFSET]) {
 432        case ECRYPTFS_MSG_RESPONSE:
 433                if (count < (MIN_MSG_PKT_SIZE
 434                             + sizeof(struct ecryptfs_message))) {
 435                        printk(KERN_WARNING "%s: Minimum acceptable packet "
 436                               "size is [%zd], but amount of data written is "
 437                               "only [%zd]. Discarding response packet.\n",
 438                               __func__,
 439                               (MIN_MSG_PKT_SIZE
 440                                + sizeof(struct ecryptfs_message)), count);
 441                        rc = -EINVAL;
 442                        goto out_free;
 443                }
 444                memcpy(&counter_nbo, &data[PKT_CTR_OFFSET], PKT_CTR_SIZE);
 445                seq = be32_to_cpu(counter_nbo);
 446                rc = ecryptfs_miscdev_response(file->private_data,
 447                                &data[PKT_LEN_OFFSET + packet_size_length],
 448                                packet_size, seq);
 449                if (rc) {
 450                        printk(KERN_WARNING "%s: Failed to deliver miscdev "
 451                               "response to requesting operation; rc = [%zd]\n",
 452                               __func__, rc);
 453                        goto out_free;
 454                }
 455                break;
 456        case ECRYPTFS_MSG_HELO:
 457        case ECRYPTFS_MSG_QUIT:
 458                break;
 459        default:
 460                ecryptfs_printk(KERN_WARNING, "Dropping miscdev "
 461                                "message of unrecognized type [%d]\n",
 462                                data[0]);
 463                rc = -EINVAL;
 464                goto out_free;
 465        }
 466        rc = count;
 467out_free:
 468        kfree(data);
 469        return rc;
 470}
 471
 472
 473static const struct file_operations ecryptfs_miscdev_fops = {
 474        .open    = ecryptfs_miscdev_open,
 475        .poll    = ecryptfs_miscdev_poll,
 476        .read    = ecryptfs_miscdev_read,
 477        .write   = ecryptfs_miscdev_write,
 478        .release = ecryptfs_miscdev_release,
 479        .llseek  = noop_llseek,
 480};
 481
 482static struct miscdevice ecryptfs_miscdev = {
 483        .minor = MISC_DYNAMIC_MINOR,
 484        .name  = "ecryptfs",
 485        .fops  = &ecryptfs_miscdev_fops
 486};
 487
 488/**
 489 * ecryptfs_init_ecryptfs_miscdev
 490 *
 491 * Messages sent to the userspace daemon from the kernel are placed on
 492 * a queue associated with the daemon. The next read against the
 493 * miscdev handle by that daemon will return the oldest message placed
 494 * on the message queue for the daemon.
 495 *
 496 * Returns zero on success; non-zero otherwise
 497 */
 498int __init ecryptfs_init_ecryptfs_miscdev(void)
 499{
 500        int rc;
 501
 502        atomic_set(&ecryptfs_num_miscdev_opens, 0);
 503        rc = misc_register(&ecryptfs_miscdev);
 504        if (rc)
 505                printk(KERN_ERR "%s: Failed to register miscellaneous device "
 506                       "for communications with userspace daemons; rc = [%d]\n",
 507                       __func__, rc);
 508        return rc;
 509}
 510
 511/**
 512 * ecryptfs_destroy_ecryptfs_miscdev
 513 *
 514 * All of the daemons must be exorcised prior to calling this
 515 * function.
 516 */
 517void ecryptfs_destroy_ecryptfs_miscdev(void)
 518{
 519        BUG_ON(atomic_read(&ecryptfs_num_miscdev_opens) != 0);
 520        misc_deregister(&ecryptfs_miscdev);
 521}
 522
lxr.linux.no kindly hosted by Redpill Linpro AS, provider of Linux consulting and operations services since 1995.