2 * eCryptfs: Linux filesystem encryption layer
4 * Copyright (C) 2004-2008 International Business Machines Corp.
5 * Author(s): Michael A. Halcrow <mhalcrow@us.ibm.com>
6 * Tyler Hicks <tyhicks@ou.edu>
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License version
10 * 2 as published by the Free Software Foundation.
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
22 #include <linux/sched.h>
23 #include "ecryptfs_kernel.h"
25 static LIST_HEAD(ecryptfs_msg_ctx_free_list);
26 static LIST_HEAD(ecryptfs_msg_ctx_alloc_list);
27 static struct mutex ecryptfs_msg_ctx_lists_mux;
29 static struct hlist_head *ecryptfs_daemon_hash;
30 struct mutex ecryptfs_daemon_hash_mux;
31 static int ecryptfs_hash_buckets;
32 #define ecryptfs_uid_hash(uid) \
33 hash_long((unsigned long)uid, ecryptfs_hash_buckets)
35 static u32 ecryptfs_msg_counter;
36 static struct ecryptfs_msg_ctx *ecryptfs_msg_ctx_arr;
39 * ecryptfs_acquire_free_msg_ctx
40 * @msg_ctx: The context that was acquired from the free list
42 * Acquires a context element from the free list and locks the mutex
43 * on the context. Sets the msg_ctx task to current. Returns zero on
44 * success; non-zero on error or upon failure to acquire a free
45 * context element. Must be called with ecryptfs_msg_ctx_lists_mux
48 static int ecryptfs_acquire_free_msg_ctx(struct ecryptfs_msg_ctx **msg_ctx)
53 if (list_empty(&ecryptfs_msg_ctx_free_list)) {
54 printk(KERN_WARNING "%s: The eCryptfs free "
55 "context list is empty. It may be helpful to "
56 "specify the ecryptfs_message_buf_len "
57 "parameter to be greater than the current "
58 "value of [%d]\n", __func__, ecryptfs_message_buf_len);
62 list_for_each(p, &ecryptfs_msg_ctx_free_list) {
63 *msg_ctx = list_entry(p, struct ecryptfs_msg_ctx, node);
64 if (mutex_trylock(&(*msg_ctx)->mux)) {
65 (*msg_ctx)->task = current;
76 * ecryptfs_msg_ctx_free_to_alloc
77 * @msg_ctx: The context to move from the free list to the alloc list
79 * Must be called with ecryptfs_msg_ctx_lists_mux held.
81 static void ecryptfs_msg_ctx_free_to_alloc(struct ecryptfs_msg_ctx *msg_ctx)
83 list_move(&msg_ctx->node, &ecryptfs_msg_ctx_alloc_list);
84 msg_ctx->state = ECRYPTFS_MSG_CTX_STATE_PENDING;
85 msg_ctx->counter = ++ecryptfs_msg_counter;
89 * ecryptfs_msg_ctx_alloc_to_free
90 * @msg_ctx: The context to move from the alloc list to the free list
92 * Must be called with ecryptfs_msg_ctx_lists_mux held.
94 void ecryptfs_msg_ctx_alloc_to_free(struct ecryptfs_msg_ctx *msg_ctx)
96 list_move(&(msg_ctx->node), &ecryptfs_msg_ctx_free_list);
100 msg_ctx->state = ECRYPTFS_MSG_CTX_STATE_FREE;
104 * ecryptfs_find_daemon_by_euid
105 * @euid: The effective user id which maps to the desired daemon id
106 * @daemon: If return value is zero, points to the desired daemon pointer
108 * Must be called with ecryptfs_daemon_hash_mux held.
110 * Search the hash list for the given user id.
112 * Returns zero if the user id exists in the list; non-zero otherwise.
114 int ecryptfs_find_daemon_by_euid(struct ecryptfs_daemon **daemon, uid_t euid)
116 struct hlist_node *elem;
119 hlist_for_each_entry(*daemon, elem,
120 &ecryptfs_daemon_hash[ecryptfs_uid_hash(euid)],
122 if ((*daemon)->euid == euid) {
133 ecryptfs_send_message_locked(unsigned int transport, char *data, int data_len,
134 u8 msg_type, struct ecryptfs_msg_ctx **msg_ctx);
137 * ecryptfs_send_raw_message
138 * @transport: Transport type
139 * @msg_type: Message type
140 * @daemon: Daemon struct for recipient of message
142 * A raw message is one that does not include an ecryptfs_message
143 * struct. It simply has a type.
145 * Must be called with ecryptfs_daemon_hash_mux held.
147 * Returns zero on success; non-zero otherwise
149 static int ecryptfs_send_raw_message(unsigned int transport, u8 msg_type,
150 struct ecryptfs_daemon *daemon)
152 struct ecryptfs_msg_ctx *msg_ctx;
156 case ECRYPTFS_TRANSPORT_NETLINK:
157 rc = ecryptfs_send_netlink(NULL, 0, NULL, msg_type, 0,
160 case ECRYPTFS_TRANSPORT_MISCDEV:
161 rc = ecryptfs_send_message_locked(transport, NULL, 0, msg_type,
164 printk(KERN_ERR "%s: Error whilst attempting to send "
165 "message via procfs; rc = [%d]\n", __func__, rc);
168 /* Raw messages are logically context-free (e.g., no
169 * reply is expected), so we set the state of the
170 * ecryptfs_msg_ctx object to indicate that it should
171 * be freed as soon as the transport sends out the message. */
172 mutex_lock(&msg_ctx->mux);
173 msg_ctx->state = ECRYPTFS_MSG_CTX_STATE_NO_REPLY;
174 mutex_unlock(&msg_ctx->mux);
176 case ECRYPTFS_TRANSPORT_CONNECTOR:
177 case ECRYPTFS_TRANSPORT_RELAYFS:
186 * ecryptfs_spawn_daemon - Create and initialize a new daemon struct
187 * @daemon: Pointer to set to newly allocated daemon struct
188 * @euid: Effective user id for the daemon
189 * @pid: Process id for the daemon
191 * Must be called ceremoniously while in possession of
192 * ecryptfs_sacred_daemon_hash_mux
194 * Returns zero on success; non-zero otherwise
197 ecryptfs_spawn_daemon(struct ecryptfs_daemon **daemon, uid_t euid, pid_t pid)
201 (*daemon) = kzalloc(sizeof(**daemon), GFP_KERNEL);
204 printk(KERN_ERR "%s: Failed to allocate [%Zd] bytes of "
205 "GFP_KERNEL memory\n", __func__, sizeof(**daemon));
208 (*daemon)->euid = euid;
209 (*daemon)->pid = pid;
210 (*daemon)->task = current;
211 mutex_init(&(*daemon)->mux);
212 INIT_LIST_HEAD(&(*daemon)->msg_ctx_out_queue);
213 init_waitqueue_head(&(*daemon)->wait);
214 (*daemon)->num_queued_msg_ctx = 0;
215 hlist_add_head(&(*daemon)->euid_chain,
216 &ecryptfs_daemon_hash[ecryptfs_uid_hash(euid)]);
222 * ecryptfs_process_helo
223 * @transport: The underlying transport (netlink, etc.)
224 * @euid: The user ID owner of the message
225 * @pid: The process ID for the userspace program that sent the
228 * Adds the euid and pid values to the daemon euid hash. If an euid
229 * already has a daemon pid registered, the daemon will be
230 * unregistered before the new daemon is put into the hash list.
231 * Returns zero after adding a new daemon to the hash list;
232 * non-zero otherwise.
234 int ecryptfs_process_helo(unsigned int transport, uid_t euid, pid_t pid)
236 struct ecryptfs_daemon *new_daemon;
237 struct ecryptfs_daemon *old_daemon;
240 mutex_lock(&ecryptfs_daemon_hash_mux);
241 rc = ecryptfs_find_daemon_by_euid(&old_daemon, euid);
243 printk(KERN_WARNING "Received request from user [%d] "
244 "to register daemon [%d]; unregistering daemon "
245 "[%d]\n", euid, pid, old_daemon->pid);
246 rc = ecryptfs_send_raw_message(transport, ECRYPTFS_MSG_QUIT,
249 printk(KERN_WARNING "Failed to send QUIT "
250 "message to daemon [%d]; rc = [%d]\n",
251 old_daemon->pid, rc);
252 hlist_del(&old_daemon->euid_chain);
255 rc = ecryptfs_spawn_daemon(&new_daemon, euid, pid);
257 printk(KERN_ERR "%s: The gods are displeased with this attempt "
258 "to create a new daemon object for euid [%d]; pid [%d]; "
259 "rc = [%d]\n", __func__, euid, pid, rc);
260 mutex_unlock(&ecryptfs_daemon_hash_mux);
265 * ecryptfs_exorcise_daemon - Destroy the daemon struct
267 * Must be called ceremoniously while in possession of
268 * ecryptfs_daemon_hash_mux and the daemon's own mux.
270 int ecryptfs_exorcise_daemon(struct ecryptfs_daemon *daemon)
272 struct ecryptfs_msg_ctx *msg_ctx, *msg_ctx_tmp;
275 mutex_lock(&daemon->mux);
276 if ((daemon->flags & ECRYPTFS_DAEMON_IN_READ)
277 || (daemon->flags & ECRYPTFS_DAEMON_IN_POLL)) {
279 printk(KERN_WARNING "%s: Attempt to destroy daemon with pid "
280 "[%d], but it is in the midst of a read or a poll\n",
281 __func__, daemon->pid);
282 mutex_unlock(&daemon->mux);
285 list_for_each_entry_safe(msg_ctx, msg_ctx_tmp,
286 &daemon->msg_ctx_out_queue, daemon_out_list) {
287 list_del(&msg_ctx->daemon_out_list);
288 daemon->num_queued_msg_ctx--;
289 printk(KERN_WARNING "%s: Warning: dropping message that is in "
290 "the out queue of a dying daemon\n", __func__);
291 ecryptfs_msg_ctx_alloc_to_free(msg_ctx);
293 hlist_del(&daemon->euid_chain);
295 wake_up_process(daemon->task);
296 mutex_unlock(&daemon->mux);
297 memset(daemon, 0, sizeof(*daemon));
304 * ecryptfs_process_quit
305 * @euid: The user ID owner of the message
306 * @pid: The process ID for the userspace program that sent the
309 * Deletes the corresponding daemon for the given euid and pid, if
310 * it is the registered that is requesting the deletion. Returns zero
311 * after deleting the desired daemon; non-zero otherwise.
313 int ecryptfs_process_quit(uid_t euid, pid_t pid)
315 struct ecryptfs_daemon *daemon;
318 mutex_lock(&ecryptfs_daemon_hash_mux);
319 rc = ecryptfs_find_daemon_by_euid(&daemon, euid);
322 printk(KERN_ERR "Received request from user [%d] to "
323 "unregister unrecognized daemon [%d]\n", euid, pid);
326 rc = ecryptfs_exorcise_daemon(daemon);
328 mutex_unlock(&ecryptfs_daemon_hash_mux);
333 * ecryptfs_process_reponse
334 * @msg: The ecryptfs message received; the caller should sanity check
335 * msg->data_len and free the memory
336 * @pid: The process ID of the userspace application that sent the
338 * @seq: The sequence number of the message; must match the sequence
339 * number for the existing message context waiting for this
342 * Processes a response message after sending an operation request to
343 * userspace. Some other process is awaiting this response. Before
344 * sending out its first communications, the other process allocated a
345 * msg_ctx from the ecryptfs_msg_ctx_arr at a particular index. The
346 * response message contains this index so that we can copy over the
347 * response message into the msg_ctx that the process holds a
348 * reference to. The other process is going to wake up, check to see
349 * that msg_ctx->state == ECRYPTFS_MSG_CTX_STATE_DONE, and then
350 * proceed to read off and process the response message. Returns zero
351 * upon delivery to desired context element; non-zero upon delivery
354 * Returns zero on success; non-zero otherwise
356 int ecryptfs_process_response(struct ecryptfs_message *msg, uid_t euid,
359 struct ecryptfs_daemon *daemon;
360 struct ecryptfs_msg_ctx *msg_ctx;
364 if (msg->index >= ecryptfs_message_buf_len) {
366 printk(KERN_ERR "%s: Attempt to reference "
367 "context buffer at index [%d]; maximum "
368 "allowable is [%d]\n", __func__, msg->index,
369 (ecryptfs_message_buf_len - 1));
372 msg_ctx = &ecryptfs_msg_ctx_arr[msg->index];
373 mutex_lock(&msg_ctx->mux);
374 mutex_lock(&ecryptfs_daemon_hash_mux);
375 rc = ecryptfs_find_daemon_by_euid(&daemon, msg_ctx->task->euid);
376 mutex_unlock(&ecryptfs_daemon_hash_mux);
379 printk(KERN_WARNING "%s: User [%d] received a "
380 "message response from process [%d] but does "
381 "not have a registered daemon\n", __func__,
382 msg_ctx->task->euid, pid);
385 if (msg_ctx->task->euid != euid) {
387 printk(KERN_WARNING "%s: Received message from user "
388 "[%d]; expected message from user [%d]\n", __func__,
389 euid, msg_ctx->task->euid);
392 if (daemon->pid != pid) {
394 printk(KERN_ERR "%s: User [%d] sent a message response "
395 "from an unrecognized process [%d]\n",
396 __func__, msg_ctx->task->euid, pid);
399 if (msg_ctx->state != ECRYPTFS_MSG_CTX_STATE_PENDING) {
401 printk(KERN_WARNING "%s: Desired context element is not "
402 "pending a response\n", __func__);
404 } else if (msg_ctx->counter != seq) {
406 printk(KERN_WARNING "%s: Invalid message sequence; "
407 "expected [%d]; received [%d]\n", __func__,
408 msg_ctx->counter, seq);
411 msg_size = (sizeof(*msg) + msg->data_len);
412 msg_ctx->msg = kmalloc(msg_size, GFP_KERNEL);
415 printk(KERN_ERR "%s: Failed to allocate [%Zd] bytes of "
416 "GFP_KERNEL memory\n", __func__, msg_size);
419 memcpy(msg_ctx->msg, msg, msg_size);
420 msg_ctx->state = ECRYPTFS_MSG_CTX_STATE_DONE;
423 wake_up_process(msg_ctx->task);
425 mutex_unlock(&msg_ctx->mux);
431 * ecryptfs_send_message_locked
432 * @transport: The transport over which to send the message (i.e.,
434 * @data: The data to send
435 * @data_len: The length of data
436 * @msg_ctx: The message context allocated for the send
438 * Must be called with ecryptfs_daemon_hash_mux held.
440 * Returns zero on success; non-zero otherwise
443 ecryptfs_send_message_locked(unsigned int transport, char *data, int data_len,
444 u8 msg_type, struct ecryptfs_msg_ctx **msg_ctx)
446 struct ecryptfs_daemon *daemon;
449 rc = ecryptfs_find_daemon_by_euid(&daemon, current->euid);
452 printk(KERN_ERR "%s: User [%d] does not have a daemon "
453 "registered\n", __func__, current->euid);
456 mutex_lock(&ecryptfs_msg_ctx_lists_mux);
457 rc = ecryptfs_acquire_free_msg_ctx(msg_ctx);
459 mutex_unlock(&ecryptfs_msg_ctx_lists_mux);
460 printk(KERN_WARNING "%s: Could not claim a free "
461 "context element\n", __func__);
464 ecryptfs_msg_ctx_free_to_alloc(*msg_ctx);
465 mutex_unlock(&(*msg_ctx)->mux);
466 mutex_unlock(&ecryptfs_msg_ctx_lists_mux);
468 case ECRYPTFS_TRANSPORT_NETLINK:
469 rc = ecryptfs_send_netlink(data, data_len, *msg_ctx, msg_type,
472 case ECRYPTFS_TRANSPORT_MISCDEV:
473 rc = ecryptfs_send_miscdev(data, data_len, *msg_ctx, msg_type,
476 case ECRYPTFS_TRANSPORT_CONNECTOR:
477 case ECRYPTFS_TRANSPORT_RELAYFS:
482 printk(KERN_ERR "%s: Error attempting to send message to "
483 "userspace daemon; rc = [%d]\n", __func__, rc);
489 * ecryptfs_send_message
490 * @transport: The transport over which to send the message (i.e.,
492 * @data: The data to send
493 * @data_len: The length of data
494 * @msg_ctx: The message context allocated for the send
496 * Grabs ecryptfs_daemon_hash_mux.
498 * Returns zero on success; non-zero otherwise
500 int ecryptfs_send_message(unsigned int transport, char *data, int data_len,
501 struct ecryptfs_msg_ctx **msg_ctx)
505 mutex_lock(&ecryptfs_daemon_hash_mux);
506 rc = ecryptfs_send_message_locked(transport, data, data_len,
507 ECRYPTFS_MSG_REQUEST, msg_ctx);
508 mutex_unlock(&ecryptfs_daemon_hash_mux);
513 * ecryptfs_wait_for_response
514 * @msg_ctx: The context that was assigned when sending a message
515 * @msg: The incoming message from userspace; not set if rc != 0
517 * Sleeps until awaken by ecryptfs_receive_message or until the amount
518 * of time exceeds ecryptfs_message_wait_timeout. If zero is
519 * returned, msg will point to a valid message from userspace; a
520 * non-zero value is returned upon failure to receive a message or an
521 * error occurs. Callee must free @msg on success.
523 int ecryptfs_wait_for_response(struct ecryptfs_msg_ctx *msg_ctx,
524 struct ecryptfs_message **msg)
526 signed long timeout = ecryptfs_message_wait_timeout * HZ;
530 timeout = schedule_timeout_interruptible(timeout);
531 mutex_lock(&ecryptfs_msg_ctx_lists_mux);
532 mutex_lock(&msg_ctx->mux);
533 if (msg_ctx->state != ECRYPTFS_MSG_CTX_STATE_DONE) {
535 mutex_unlock(&msg_ctx->mux);
536 mutex_unlock(&ecryptfs_msg_ctx_lists_mux);
544 ecryptfs_msg_ctx_alloc_to_free(msg_ctx);
545 mutex_unlock(&msg_ctx->mux);
546 mutex_unlock(&ecryptfs_msg_ctx_lists_mux);
550 int ecryptfs_init_messaging(unsigned int transport)
555 if (ecryptfs_number_of_users > ECRYPTFS_MAX_NUM_USERS) {
556 ecryptfs_number_of_users = ECRYPTFS_MAX_NUM_USERS;
557 printk(KERN_WARNING "%s: Specified number of users is "
558 "too large, defaulting to [%d] users\n", __func__,
559 ecryptfs_number_of_users);
561 mutex_init(&ecryptfs_daemon_hash_mux);
562 mutex_lock(&ecryptfs_daemon_hash_mux);
563 ecryptfs_hash_buckets = 1;
564 while (ecryptfs_number_of_users >> ecryptfs_hash_buckets)
565 ecryptfs_hash_buckets++;
566 ecryptfs_daemon_hash = kmalloc((sizeof(struct hlist_head)
567 * ecryptfs_hash_buckets), GFP_KERNEL);
568 if (!ecryptfs_daemon_hash) {
570 printk(KERN_ERR "%s: Failed to allocate memory\n", __func__);
571 mutex_unlock(&ecryptfs_daemon_hash_mux);
574 for (i = 0; i < ecryptfs_hash_buckets; i++)
575 INIT_HLIST_HEAD(&ecryptfs_daemon_hash[i]);
576 mutex_unlock(&ecryptfs_daemon_hash_mux);
577 ecryptfs_msg_ctx_arr = kmalloc((sizeof(struct ecryptfs_msg_ctx)
578 * ecryptfs_message_buf_len),
580 if (!ecryptfs_msg_ctx_arr) {
582 printk(KERN_ERR "%s: Failed to allocate memory\n", __func__);
585 mutex_init(&ecryptfs_msg_ctx_lists_mux);
586 mutex_lock(&ecryptfs_msg_ctx_lists_mux);
587 ecryptfs_msg_counter = 0;
588 for (i = 0; i < ecryptfs_message_buf_len; i++) {
589 INIT_LIST_HEAD(&ecryptfs_msg_ctx_arr[i].node);
590 INIT_LIST_HEAD(&ecryptfs_msg_ctx_arr[i].daemon_out_list);
591 mutex_init(&ecryptfs_msg_ctx_arr[i].mux);
592 mutex_lock(&ecryptfs_msg_ctx_arr[i].mux);
593 ecryptfs_msg_ctx_arr[i].index = i;
594 ecryptfs_msg_ctx_arr[i].state = ECRYPTFS_MSG_CTX_STATE_FREE;
595 ecryptfs_msg_ctx_arr[i].counter = 0;
596 ecryptfs_msg_ctx_arr[i].task = NULL;
597 ecryptfs_msg_ctx_arr[i].msg = NULL;
598 list_add_tail(&ecryptfs_msg_ctx_arr[i].node,
599 &ecryptfs_msg_ctx_free_list);
600 mutex_unlock(&ecryptfs_msg_ctx_arr[i].mux);
602 mutex_unlock(&ecryptfs_msg_ctx_lists_mux);
604 case ECRYPTFS_TRANSPORT_NETLINK:
605 rc = ecryptfs_init_netlink();
607 ecryptfs_release_messaging(transport);
609 case ECRYPTFS_TRANSPORT_MISCDEV:
610 rc = ecryptfs_init_ecryptfs_miscdev();
612 ecryptfs_release_messaging(transport);
614 case ECRYPTFS_TRANSPORT_CONNECTOR:
615 case ECRYPTFS_TRANSPORT_RELAYFS:
623 void ecryptfs_release_messaging(unsigned int transport)
625 if (ecryptfs_msg_ctx_arr) {
628 mutex_lock(&ecryptfs_msg_ctx_lists_mux);
629 for (i = 0; i < ecryptfs_message_buf_len; i++) {
630 mutex_lock(&ecryptfs_msg_ctx_arr[i].mux);
631 if (ecryptfs_msg_ctx_arr[i].msg)
632 kfree(ecryptfs_msg_ctx_arr[i].msg);
633 mutex_unlock(&ecryptfs_msg_ctx_arr[i].mux);
635 kfree(ecryptfs_msg_ctx_arr);
636 mutex_unlock(&ecryptfs_msg_ctx_lists_mux);
638 if (ecryptfs_daemon_hash) {
639 struct hlist_node *elem;
640 struct ecryptfs_daemon *daemon;
643 mutex_lock(&ecryptfs_daemon_hash_mux);
644 for (i = 0; i < ecryptfs_hash_buckets; i++) {
647 hlist_for_each_entry(daemon, elem,
648 &ecryptfs_daemon_hash[i],
650 rc = ecryptfs_exorcise_daemon(daemon);
652 printk(KERN_ERR "%s: Error whilst "
653 "attempting to destroy daemon; "
654 "rc = [%d]. Dazed and confused, "
655 "but trying to continue.\n",
659 kfree(ecryptfs_daemon_hash);
660 mutex_unlock(&ecryptfs_daemon_hash_mux);
663 case ECRYPTFS_TRANSPORT_NETLINK:
664 ecryptfs_release_netlink();
666 case ECRYPTFS_TRANSPORT_MISCDEV:
667 ecryptfs_destroy_ecryptfs_miscdev();
669 case ECRYPTFS_TRANSPORT_CONNECTOR:
670 case ECRYPTFS_TRANSPORT_RELAYFS:
git://ftp.safe.ca / safe / jmp / linux-2.6 / blob