LCOV - code coverage report
Current view: top level - fs/crypto - crypto.c (source / functions) Hit Total Coverage
Test: gcov_data_raspi2_real_modules_combined.info Lines: 12 138 8.7 %
Date: 2020-09-30 20:25:40 Functions: 2 16 12.5 %
Branches: 5 108 4.6 %

           Branch data     Line data    Source code
       1                 :            : // SPDX-License-Identifier: GPL-2.0-only
       2                 :            : /*
       3                 :            :  * This contains encryption functions for per-file encryption.
       4                 :            :  *
       5                 :            :  * Copyright (C) 2015, Google, Inc.
       6                 :            :  * Copyright (C) 2015, Motorola Mobility
       7                 :            :  *
       8                 :            :  * Written by Michael Halcrow, 2014.
       9                 :            :  *
      10                 :            :  * Filename encryption additions
      11                 :            :  *      Uday Savagaonkar, 2014
      12                 :            :  * Encryption policy handling additions
      13                 :            :  *      Ildar Muslukhov, 2014
      14                 :            :  * Add fscrypt_pullback_bio_page()
      15                 :            :  *      Jaegeuk Kim, 2015.
      16                 :            :  *
      17                 :            :  * This has not yet undergone a rigorous security audit.
      18                 :            :  *
      19                 :            :  * The usage of AES-XTS should conform to recommendations in NIST
      20                 :            :  * Special Publication 800-38E and IEEE P1619/D16.
      21                 :            :  */
      22                 :            : 
      23                 :            : #include <linux/pagemap.h>
      24                 :            : #include <linux/mempool.h>
      25                 :            : #include <linux/module.h>
      26                 :            : #include <linux/scatterlist.h>
      27                 :            : #include <linux/ratelimit.h>
      28                 :            : #include <linux/dcache.h>
      29                 :            : #include <linux/namei.h>
      30                 :            : #include <crypto/aes.h>
      31                 :            : #include <crypto/skcipher.h>
      32                 :            : #include "fscrypt_private.h"
      33                 :            : 
      34                 :            : static unsigned int num_prealloc_crypto_pages = 32;
      35                 :            : static unsigned int num_prealloc_crypto_ctxs = 128;
      36                 :            : 
      37                 :            : module_param(num_prealloc_crypto_pages, uint, 0444);
      38                 :            : MODULE_PARM_DESC(num_prealloc_crypto_pages,
      39                 :            :                 "Number of crypto pages to preallocate");
      40                 :            : module_param(num_prealloc_crypto_ctxs, uint, 0444);
      41                 :            : MODULE_PARM_DESC(num_prealloc_crypto_ctxs,
      42                 :            :                 "Number of crypto contexts to preallocate");
      43                 :            : 
      44                 :            : static mempool_t *fscrypt_bounce_page_pool = NULL;
      45                 :            : 
      46                 :            : static LIST_HEAD(fscrypt_free_ctxs);
      47                 :            : static DEFINE_SPINLOCK(fscrypt_ctx_lock);
      48                 :            : 
      49                 :            : static struct workqueue_struct *fscrypt_read_workqueue;
      50                 :            : static DEFINE_MUTEX(fscrypt_init_mutex);
      51                 :            : 
      52                 :            : static struct kmem_cache *fscrypt_ctx_cachep;
      53                 :            : struct kmem_cache *fscrypt_info_cachep;
      54                 :            : 
      55                 :          0 : void fscrypt_enqueue_decrypt_work(struct work_struct *work)
      56                 :            : {
      57                 :          0 :         queue_work(fscrypt_read_workqueue, work);
      58                 :          0 : }
      59                 :            : EXPORT_SYMBOL(fscrypt_enqueue_decrypt_work);
      60                 :            : 
      61                 :            : /**
      62                 :            :  * fscrypt_release_ctx() - Release a decryption context
      63                 :            :  * @ctx: The decryption context to release.
      64                 :            :  *
      65                 :            :  * If the decryption context was allocated from the pre-allocated pool, return
      66                 :            :  * it to that pool.  Else, free it.
      67                 :            :  */
      68                 :          0 : void fscrypt_release_ctx(struct fscrypt_ctx *ctx)
      69                 :            : {
      70                 :            :         unsigned long flags;
      71                 :            : 
      72         [ #  # ]:          0 :         if (ctx->flags & FS_CTX_REQUIRES_FREE_ENCRYPT_FL) {
      73                 :          0 :                 kmem_cache_free(fscrypt_ctx_cachep, ctx);
      74                 :            :         } else {
      75                 :          0 :                 spin_lock_irqsave(&fscrypt_ctx_lock, flags);
      76                 :          0 :                 list_add(&ctx->free_list, &fscrypt_free_ctxs);
      77                 :            :                 spin_unlock_irqrestore(&fscrypt_ctx_lock, flags);
      78                 :            :         }
      79                 :          0 : }
      80                 :            : EXPORT_SYMBOL(fscrypt_release_ctx);
      81                 :            : 
      82                 :            : /**
      83                 :            :  * fscrypt_get_ctx() - Get a decryption context
      84                 :            :  * @gfp_flags:   The gfp flag for memory allocation
      85                 :            :  *
      86                 :            :  * Allocate and initialize a decryption context.
      87                 :            :  *
      88                 :            :  * Return: A new decryption context on success; an ERR_PTR() otherwise.
      89                 :            :  */
      90                 :          0 : struct fscrypt_ctx *fscrypt_get_ctx(gfp_t gfp_flags)
      91                 :            : {
      92                 :            :         struct fscrypt_ctx *ctx;
      93                 :            :         unsigned long flags;
      94                 :            : 
      95                 :            :         /*
      96                 :            :          * First try getting a ctx from the free list so that we don't have to
      97                 :            :          * call into the slab allocator.
      98                 :            :          */
      99                 :          0 :         spin_lock_irqsave(&fscrypt_ctx_lock, flags);
     100         [ #  # ]:          0 :         ctx = list_first_entry_or_null(&fscrypt_free_ctxs,
     101                 :            :                                         struct fscrypt_ctx, free_list);
     102         [ #  # ]:          0 :         if (ctx)
     103                 :            :                 list_del(&ctx->free_list);
     104                 :            :         spin_unlock_irqrestore(&fscrypt_ctx_lock, flags);
     105         [ #  # ]:          0 :         if (!ctx) {
     106                 :          0 :                 ctx = kmem_cache_zalloc(fscrypt_ctx_cachep, gfp_flags);
     107         [ #  # ]:          0 :                 if (!ctx)
     108                 :            :                         return ERR_PTR(-ENOMEM);
     109                 :          0 :                 ctx->flags |= FS_CTX_REQUIRES_FREE_ENCRYPT_FL;
     110                 :            :         } else {
     111                 :          0 :                 ctx->flags &= ~FS_CTX_REQUIRES_FREE_ENCRYPT_FL;
     112                 :            :         }
     113                 :          0 :         return ctx;
     114                 :            : }
     115                 :            : EXPORT_SYMBOL(fscrypt_get_ctx);
     116                 :            : 
     117                 :          0 : struct page *fscrypt_alloc_bounce_page(gfp_t gfp_flags)
     118                 :            : {
     119                 :          0 :         return mempool_alloc(fscrypt_bounce_page_pool, gfp_flags);
     120                 :            : }
     121                 :            : 
     122                 :            : /**
     123                 :            :  * fscrypt_free_bounce_page() - free a ciphertext bounce page
     124                 :            :  *
     125                 :            :  * Free a bounce page that was allocated by fscrypt_encrypt_pagecache_blocks(),
     126                 :            :  * or by fscrypt_alloc_bounce_page() directly.
     127                 :            :  */
     128                 :      30353 : void fscrypt_free_bounce_page(struct page *bounce_page)
     129                 :            : {
     130         [ -  + ]:      30353 :         if (!bounce_page)
     131                 :      30353 :                 return;
     132                 :          0 :         set_page_private(bounce_page, (unsigned long)NULL);
     133                 :            :         ClearPagePrivate(bounce_page);
     134                 :          0 :         mempool_free(bounce_page, fscrypt_bounce_page_pool);
     135                 :            : }
     136                 :            : EXPORT_SYMBOL(fscrypt_free_bounce_page);
     137                 :            : 
     138                 :          0 : void fscrypt_generate_iv(union fscrypt_iv *iv, u64 lblk_num,
     139                 :            :                          const struct fscrypt_info *ci)
     140                 :            : {
     141                 :          0 :         memset(iv, 0, ci->ci_mode->ivsize);
     142                 :          0 :         iv->lblk_num = cpu_to_le64(lblk_num);
     143                 :            : 
     144         [ #  # ]:          0 :         if (fscrypt_is_direct_key_policy(&ci->ci_policy))
     145                 :          0 :                 memcpy(iv->nonce, ci->ci_nonce, FS_KEY_DERIVATION_NONCE_SIZE);
     146                 :            : 
     147         [ #  # ]:          0 :         if (ci->ci_essiv_tfm != NULL)
     148                 :          0 :                 crypto_cipher_encrypt_one(ci->ci_essiv_tfm, iv->raw, iv->raw);
     149                 :          0 : }
     150                 :            : 
     151                 :            : /* Encrypt or decrypt a single filesystem block of file contents */
     152                 :          0 : int fscrypt_crypt_block(const struct inode *inode, fscrypt_direction_t rw,
     153                 :            :                         u64 lblk_num, struct page *src_page,
     154                 :            :                         struct page *dest_page, unsigned int len,
     155                 :            :                         unsigned int offs, gfp_t gfp_flags)
     156                 :            : {
     157                 :            :         union fscrypt_iv iv;
     158                 :            :         struct skcipher_request *req = NULL;
     159                 :          0 :         DECLARE_CRYPTO_WAIT(wait);
     160                 :            :         struct scatterlist dst, src;
     161                 :          0 :         struct fscrypt_info *ci = inode->i_crypt_info;
     162                 :          0 :         struct crypto_skcipher *tfm = ci->ci_ctfm;
     163                 :            :         int res = 0;
     164                 :            : 
     165   [ #  #  #  #  :          0 :         if (WARN_ON_ONCE(len <= 0))
                   #  # ]
     166                 :            :                 return -EINVAL;
     167   [ #  #  #  #  :          0 :         if (WARN_ON_ONCE(len % FS_CRYPTO_BLOCK_SIZE != 0))
                   #  # ]
     168                 :            :                 return -EINVAL;
     169                 :            : 
     170                 :          0 :         fscrypt_generate_iv(&iv, lblk_num, ci);
     171                 :            : 
     172                 :          0 :         req = skcipher_request_alloc(tfm, gfp_flags);
     173         [ #  # ]:          0 :         if (!req)
     174                 :            :                 return -ENOMEM;
     175                 :            : 
     176                 :            :         skcipher_request_set_callback(
     177                 :            :                 req, CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
     178                 :            :                 crypto_req_done, &wait);
     179                 :            : 
     180                 :          0 :         sg_init_table(&dst, 1);
     181                 :            :         sg_set_page(&dst, dest_page, len, offs);
     182                 :          0 :         sg_init_table(&src, 1);
     183                 :            :         sg_set_page(&src, src_page, len, offs);
     184                 :            :         skcipher_request_set_crypt(req, &src, &dst, len, &iv);
     185         [ #  # ]:          0 :         if (rw == FS_DECRYPT)
     186                 :          0 :                 res = crypto_wait_req(crypto_skcipher_decrypt(req), &wait);
     187                 :            :         else
     188                 :          0 :                 res = crypto_wait_req(crypto_skcipher_encrypt(req), &wait);
     189                 :            :         skcipher_request_free(req);
     190         [ #  # ]:          0 :         if (res) {
     191         [ #  # ]:          0 :                 fscrypt_err(inode, "%scryption failed for block %llu: %d",
     192                 :            :                             (rw == FS_DECRYPT ? "De" : "En"), lblk_num, res);
     193                 :          0 :                 return res;
     194                 :            :         }
     195                 :            :         return 0;
     196                 :            : }
     197                 :            : 
     198                 :            : /**
     199                 :            :  * fscrypt_encrypt_pagecache_blocks() - Encrypt filesystem blocks from a pagecache page
     200                 :            :  * @page:      The locked pagecache page containing the block(s) to encrypt
     201                 :            :  * @len:       Total size of the block(s) to encrypt.  Must be a nonzero
     202                 :            :  *              multiple of the filesystem's block size.
     203                 :            :  * @offs:      Byte offset within @page of the first block to encrypt.  Must be
     204                 :            :  *              a multiple of the filesystem's block size.
     205                 :            :  * @gfp_flags: Memory allocation flags
     206                 :            :  *
     207                 :            :  * A new bounce page is allocated, and the specified block(s) are encrypted into
     208                 :            :  * it.  In the bounce page, the ciphertext block(s) will be located at the same
     209                 :            :  * offsets at which the plaintext block(s) were located in the source page; any
     210                 :            :  * other parts of the bounce page will be left uninitialized.  However, normally
     211                 :            :  * blocksize == PAGE_SIZE and the whole page is encrypted at once.
     212                 :            :  *
     213                 :            :  * This is for use by the filesystem's ->writepages() method.
     214                 :            :  *
     215                 :            :  * Return: the new encrypted bounce page on success; an ERR_PTR() on failure
     216                 :            :  */
     217                 :          0 : struct page *fscrypt_encrypt_pagecache_blocks(struct page *page,
     218                 :            :                                               unsigned int len,
     219                 :            :                                               unsigned int offs,
     220                 :            :                                               gfp_t gfp_flags)
     221                 :            : 
     222                 :            : {
     223                 :          0 :         const struct inode *inode = page->mapping->host;
     224                 :          0 :         const unsigned int blockbits = inode->i_blkbits;
     225                 :          0 :         const unsigned int blocksize = 1 << blockbits;
     226                 :            :         struct page *ciphertext_page;
     227                 :          0 :         u64 lblk_num = ((u64)page->index << (PAGE_SHIFT - blockbits)) +
     228                 :          0 :                        (offs >> blockbits);
     229                 :            :         unsigned int i;
     230                 :            :         int err;
     231                 :            : 
     232   [ #  #  #  #  :          0 :         if (WARN_ON_ONCE(!PageLocked(page)))
                   #  # ]
     233                 :            :                 return ERR_PTR(-EINVAL);
     234                 :            : 
     235   [ #  #  #  #  :          0 :         if (WARN_ON_ONCE(len <= 0 || !IS_ALIGNED(len | offs, blocksize)))
          #  #  #  #  #  
                      # ]
     236                 :            :                 return ERR_PTR(-EINVAL);
     237                 :            : 
     238                 :            :         ciphertext_page = fscrypt_alloc_bounce_page(gfp_flags);
     239         [ #  # ]:          0 :         if (!ciphertext_page)
     240                 :            :                 return ERR_PTR(-ENOMEM);
     241                 :            : 
     242         [ #  # ]:          0 :         for (i = offs; i < offs + len; i += blocksize, lblk_num++) {
     243                 :          0 :                 err = fscrypt_crypt_block(inode, FS_ENCRYPT, lblk_num,
     244                 :            :                                           page, ciphertext_page,
     245                 :            :                                           blocksize, i, gfp_flags);
     246         [ #  # ]:          0 :                 if (err) {
     247                 :          0 :                         fscrypt_free_bounce_page(ciphertext_page);
     248                 :          0 :                         return ERR_PTR(err);
     249                 :            :                 }
     250                 :            :         }
     251                 :            :         SetPagePrivate(ciphertext_page);
     252                 :          0 :         set_page_private(ciphertext_page, (unsigned long)page);
     253                 :          0 :         return ciphertext_page;
     254                 :            : }
     255                 :            : EXPORT_SYMBOL(fscrypt_encrypt_pagecache_blocks);
     256                 :            : 
     257                 :            : /**
     258                 :            :  * fscrypt_encrypt_block_inplace() - Encrypt a filesystem block in-place
     259                 :            :  * @inode:     The inode to which this block belongs
     260                 :            :  * @page:      The page containing the block to encrypt
     261                 :            :  * @len:       Size of block to encrypt.  Doesn't need to be a multiple of the
     262                 :            :  *              fs block size, but must be a multiple of FS_CRYPTO_BLOCK_SIZE.
     263                 :            :  * @offs:      Byte offset within @page at which the block to encrypt begins
     264                 :            :  * @lblk_num:  Filesystem logical block number of the block, i.e. the 0-based
     265                 :            :  *              number of the block within the file
     266                 :            :  * @gfp_flags: Memory allocation flags
     267                 :            :  *
     268                 :            :  * Encrypt a possibly-compressed filesystem block that is located in an
     269                 :            :  * arbitrary page, not necessarily in the original pagecache page.  The @inode
     270                 :            :  * and @lblk_num must be specified, as they can't be determined from @page.
     271                 :            :  *
     272                 :            :  * Return: 0 on success; -errno on failure
     273                 :            :  */
     274                 :          0 : int fscrypt_encrypt_block_inplace(const struct inode *inode, struct page *page,
     275                 :            :                                   unsigned int len, unsigned int offs,
     276                 :            :                                   u64 lblk_num, gfp_t gfp_flags)
     277                 :            : {
     278                 :          0 :         return fscrypt_crypt_block(inode, FS_ENCRYPT, lblk_num, page, page,
     279                 :            :                                    len, offs, gfp_flags);
     280                 :            : }
     281                 :            : EXPORT_SYMBOL(fscrypt_encrypt_block_inplace);
     282                 :            : 
     283                 :            : /**
     284                 :            :  * fscrypt_decrypt_pagecache_blocks() - Decrypt filesystem blocks in a pagecache page
     285                 :            :  * @page:      The locked pagecache page containing the block(s) to decrypt
     286                 :            :  * @len:       Total size of the block(s) to decrypt.  Must be a nonzero
     287                 :            :  *              multiple of the filesystem's block size.
     288                 :            :  * @offs:      Byte offset within @page of the first block to decrypt.  Must be
     289                 :            :  *              a multiple of the filesystem's block size.
     290                 :            :  *
     291                 :            :  * The specified block(s) are decrypted in-place within the pagecache page,
     292                 :            :  * which must still be locked and not uptodate.  Normally, blocksize ==
     293                 :            :  * PAGE_SIZE and the whole page is decrypted at once.
     294                 :            :  *
     295                 :            :  * This is for use by the filesystem's ->readpages() method.
     296                 :            :  *
     297                 :            :  * Return: 0 on success; -errno on failure
     298                 :            :  */
     299                 :          0 : int fscrypt_decrypt_pagecache_blocks(struct page *page, unsigned int len,
     300                 :            :                                      unsigned int offs)
     301                 :            : {
     302                 :          0 :         const struct inode *inode = page->mapping->host;
     303                 :          0 :         const unsigned int blockbits = inode->i_blkbits;
     304                 :          0 :         const unsigned int blocksize = 1 << blockbits;
     305                 :          0 :         u64 lblk_num = ((u64)page->index << (PAGE_SHIFT - blockbits)) +
     306                 :          0 :                        (offs >> blockbits);
     307                 :            :         unsigned int i;
     308                 :            :         int err;
     309                 :            : 
     310   [ #  #  #  #  :          0 :         if (WARN_ON_ONCE(!PageLocked(page)))
                   #  # ]
     311                 :            :                 return -EINVAL;
     312                 :            : 
     313   [ #  #  #  #  :          0 :         if (WARN_ON_ONCE(len <= 0 || !IS_ALIGNED(len | offs, blocksize)))
          #  #  #  #  #  
                      # ]
     314                 :            :                 return -EINVAL;
     315                 :            : 
     316         [ #  # ]:          0 :         for (i = offs; i < offs + len; i += blocksize, lblk_num++) {
     317                 :          0 :                 err = fscrypt_crypt_block(inode, FS_DECRYPT, lblk_num, page,
     318                 :            :                                           page, blocksize, i, GFP_NOFS);
     319         [ #  # ]:          0 :                 if (err)
     320                 :          0 :                         return err;
     321                 :            :         }
     322                 :            :         return 0;
     323                 :            : }
     324                 :            : EXPORT_SYMBOL(fscrypt_decrypt_pagecache_blocks);
     325                 :            : 
     326                 :            : /**
     327                 :            :  * fscrypt_decrypt_block_inplace() - Decrypt a filesystem block in-place
     328                 :            :  * @inode:     The inode to which this block belongs
     329                 :            :  * @page:      The page containing the block to decrypt
     330                 :            :  * @len:       Size of block to decrypt.  Doesn't need to be a multiple of the
     331                 :            :  *              fs block size, but must be a multiple of FS_CRYPTO_BLOCK_SIZE.
     332                 :            :  * @offs:      Byte offset within @page at which the block to decrypt begins
     333                 :            :  * @lblk_num:  Filesystem logical block number of the block, i.e. the 0-based
     334                 :            :  *              number of the block within the file
     335                 :            :  *
     336                 :            :  * Decrypt a possibly-compressed filesystem block that is located in an
     337                 :            :  * arbitrary page, not necessarily in the original pagecache page.  The @inode
     338                 :            :  * and @lblk_num must be specified, as they can't be determined from @page.
     339                 :            :  *
     340                 :            :  * Return: 0 on success; -errno on failure
     341                 :            :  */
     342                 :          0 : int fscrypt_decrypt_block_inplace(const struct inode *inode, struct page *page,
     343                 :            :                                   unsigned int len, unsigned int offs,
     344                 :            :                                   u64 lblk_num)
     345                 :            : {
     346                 :          0 :         return fscrypt_crypt_block(inode, FS_DECRYPT, lblk_num, page, page,
     347                 :            :                                    len, offs, GFP_NOFS);
     348                 :            : }
     349                 :            : EXPORT_SYMBOL(fscrypt_decrypt_block_inplace);
     350                 :            : 
     351                 :            : /*
     352                 :            :  * Validate dentries in encrypted directories to make sure we aren't potentially
     353                 :            :  * caching stale dentries after a key has been added.
     354                 :            :  */
     355                 :          0 : static int fscrypt_d_revalidate(struct dentry *dentry, unsigned int flags)
     356                 :            : {
     357                 :            :         struct dentry *dir;
     358                 :            :         int err;
     359                 :            :         int valid;
     360                 :            : 
     361                 :            :         /*
     362                 :            :          * Plaintext names are always valid, since fscrypt doesn't support
     363                 :            :          * reverting to ciphertext names without evicting the directory's inode
     364                 :            :          * -- which implies eviction of the dentries in the directory.
     365                 :            :          */
     366         [ #  # ]:          0 :         if (!(dentry->d_flags & DCACHE_ENCRYPTED_NAME))
     367                 :            :                 return 1;
     368                 :            : 
     369                 :            :         /*
     370                 :            :          * Ciphertext name; valid if the directory's key is still unavailable.
     371                 :            :          *
     372                 :            :          * Although fscrypt forbids rename() on ciphertext names, we still must
     373                 :            :          * use dget_parent() here rather than use ->d_parent directly.  That's
     374                 :            :          * because a corrupted fs image may contain directory hard links, which
     375                 :            :          * the VFS handles by moving the directory's dentry tree in the dcache
     376                 :            :          * each time ->lookup() finds the directory and it already has a dentry
     377                 :            :          * elsewhere.  Thus ->d_parent can be changing, and we must safely grab
     378                 :            :          * a reference to some ->d_parent to prevent it from being freed.
     379                 :            :          */
     380                 :            : 
     381         [ #  # ]:          0 :         if (flags & LOOKUP_RCU)
     382                 :            :                 return -ECHILD;
     383                 :            : 
     384                 :          0 :         dir = dget_parent(dentry);
     385                 :          0 :         err = fscrypt_get_encryption_info(d_inode(dir));
     386                 :          0 :         valid = !fscrypt_has_encryption_key(d_inode(dir));
     387                 :          0 :         dput(dir);
     388                 :            : 
     389         [ #  # ]:          0 :         if (err < 0)
     390                 :            :                 return err;
     391                 :            : 
     392                 :          0 :         return valid;
     393                 :            : }
     394                 :            : 
     395                 :            : const struct dentry_operations fscrypt_d_ops = {
     396                 :            :         .d_revalidate = fscrypt_d_revalidate,
     397                 :            : };
     398                 :            : 
     399                 :          0 : static void fscrypt_destroy(void)
     400                 :            : {
     401                 :            :         struct fscrypt_ctx *pos, *n;
     402                 :            : 
     403         [ #  # ]:          0 :         list_for_each_entry_safe(pos, n, &fscrypt_free_ctxs, free_list)
     404                 :          0 :                 kmem_cache_free(fscrypt_ctx_cachep, pos);
     405                 :            :         INIT_LIST_HEAD(&fscrypt_free_ctxs);
     406                 :          0 :         mempool_destroy(fscrypt_bounce_page_pool);
     407                 :          0 :         fscrypt_bounce_page_pool = NULL;
     408                 :          0 : }
     409                 :            : 
     410                 :            : /**
     411                 :            :  * fscrypt_initialize() - allocate major buffers for fs encryption.
     412                 :            :  * @cop_flags:  fscrypt operations flags
     413                 :            :  *
     414                 :            :  * We only call this when we start accessing encrypted files, since it
     415                 :            :  * results in memory getting allocated that wouldn't otherwise be used.
     416                 :            :  *
     417                 :            :  * Return: Zero on success, non-zero otherwise.
     418                 :            :  */
     419                 :          0 : int fscrypt_initialize(unsigned int cop_flags)
     420                 :            : {
     421                 :            :         int i, res = -ENOMEM;
     422                 :            : 
     423                 :            :         /* No need to allocate a bounce page pool if this FS won't use it. */
     424         [ #  # ]:          0 :         if (cop_flags & FS_CFLG_OWN_PAGES)
     425                 :            :                 return 0;
     426                 :            : 
     427                 :          0 :         mutex_lock(&fscrypt_init_mutex);
     428         [ #  # ]:          0 :         if (fscrypt_bounce_page_pool)
     429                 :            :                 goto already_initialized;
     430                 :            : 
     431         [ #  # ]:          0 :         for (i = 0; i < num_prealloc_crypto_ctxs; i++) {
     432                 :            :                 struct fscrypt_ctx *ctx;
     433                 :            : 
     434                 :          0 :                 ctx = kmem_cache_zalloc(fscrypt_ctx_cachep, GFP_NOFS);
     435         [ #  # ]:          0 :                 if (!ctx)
     436                 :            :                         goto fail;
     437                 :          0 :                 list_add(&ctx->free_list, &fscrypt_free_ctxs);
     438                 :            :         }
     439                 :            : 
     440                 :          0 :         fscrypt_bounce_page_pool =
     441                 :          0 :                 mempool_create_page_pool(num_prealloc_crypto_pages, 0);
     442         [ #  # ]:          0 :         if (!fscrypt_bounce_page_pool)
     443                 :            :                 goto fail;
     444                 :            : 
     445                 :            : already_initialized:
     446                 :          0 :         mutex_unlock(&fscrypt_init_mutex);
     447                 :          0 :         return 0;
     448                 :            : fail:
     449                 :          0 :         fscrypt_destroy();
     450                 :          0 :         mutex_unlock(&fscrypt_init_mutex);
     451                 :          0 :         return res;
     452                 :            : }
     453                 :            : 
     454                 :          0 : void fscrypt_msg(const struct inode *inode, const char *level,
     455                 :            :                  const char *fmt, ...)
     456                 :            : {
     457                 :            :         static DEFINE_RATELIMIT_STATE(rs, DEFAULT_RATELIMIT_INTERVAL,
     458                 :            :                                       DEFAULT_RATELIMIT_BURST);
     459                 :            :         struct va_format vaf;
     460                 :            :         va_list args;
     461                 :            : 
     462         [ #  # ]:          0 :         if (!__ratelimit(&rs))
     463                 :          0 :                 return;
     464                 :            : 
     465                 :          0 :         va_start(args, fmt);
     466                 :          0 :         vaf.fmt = fmt;
     467                 :          0 :         vaf.va = &args;
     468         [ #  # ]:          0 :         if (inode)
     469                 :          0 :                 printk("%sfscrypt (%s, inode %lu): %pV\n",
     470                 :          0 :                        level, inode->i_sb->s_id, inode->i_ino, &vaf);
     471                 :            :         else
     472                 :          0 :                 printk("%sfscrypt: %pV\n", level, &vaf);
     473                 :          0 :         va_end(args);
     474                 :            : }
     475                 :            : 
     476                 :            : /**
     477                 :            :  * fscrypt_init() - Set up for fs encryption.
     478                 :            :  */
     479                 :        207 : static int __init fscrypt_init(void)
     480                 :            : {
     481                 :            :         int err = -ENOMEM;
     482                 :            : 
     483                 :            :         /*
     484                 :            :          * Use an unbound workqueue to allow bios to be decrypted in parallel
     485                 :            :          * even when they happen to complete on the same CPU.  This sacrifices
     486                 :            :          * locality, but it's worthwhile since decryption is CPU-intensive.
     487                 :            :          *
     488                 :            :          * Also use a high-priority workqueue to prioritize decryption work,
     489                 :            :          * which blocks reads from completing, over regular application tasks.
     490                 :            :          */
     491                 :        207 :         fscrypt_read_workqueue = alloc_workqueue("fscrypt_read_queue",
     492                 :            :                                                  WQ_UNBOUND | WQ_HIGHPRI,
     493                 :            :                                                  num_online_cpus());
     494         [ +  - ]:        207 :         if (!fscrypt_read_workqueue)
     495                 :            :                 goto fail;
     496                 :            : 
     497                 :        207 :         fscrypt_ctx_cachep = KMEM_CACHE(fscrypt_ctx, SLAB_RECLAIM_ACCOUNT);
     498         [ +  - ]:        207 :         if (!fscrypt_ctx_cachep)
     499                 :            :                 goto fail_free_queue;
     500                 :            : 
     501                 :        207 :         fscrypt_info_cachep = KMEM_CACHE(fscrypt_info, SLAB_RECLAIM_ACCOUNT);
     502         [ +  - ]:        207 :         if (!fscrypt_info_cachep)
     503                 :            :                 goto fail_free_ctx;
     504                 :            : 
     505                 :        207 :         err = fscrypt_init_keyring();
     506         [ -  + ]:        207 :         if (err)
     507                 :            :                 goto fail_free_info;
     508                 :            : 
     509                 :            :         return 0;
     510                 :            : 
     511                 :            : fail_free_info:
     512                 :          0 :         kmem_cache_destroy(fscrypt_info_cachep);
     513                 :            : fail_free_ctx:
     514                 :          0 :         kmem_cache_destroy(fscrypt_ctx_cachep);
     515                 :            : fail_free_queue:
     516                 :          0 :         destroy_workqueue(fscrypt_read_workqueue);
     517                 :            : fail:
     518                 :          0 :         return err;
     519                 :            : }
     520                 :            : late_initcall(fscrypt_init)

Generated by: LCOV version 1.14