// SPDX-License-Identifier: GPL-2.0-or-later /** * eCryptfs: Linux filesystem encryption layer * * Copyright (C) 2008 International Business Machines Corp. * Author(s): Michael A. Halcrow <mahalcro@us.ibm.com> */ #include <linux/kthread.h> #include <linux/freezer.h> #include <linux/slab.h> #include <linux/wait.h> #include <linux/mount.h> #include "ecryptfs_kernel.h" struct ecryptfs_open_req { struct file **lower_file; struct path path; struct completion done; struct list_head kthread_ctl_list; }; static struct ecryptfs_kthread_ctl { #define ECRYPTFS_KTHREAD_ZOMBIE 0x00000001 u32 flags; struct mutex mux; struct list_head req_list; wait_queue_head_t wait; } ecryptfs_kthread_ctl; static struct task_struct *ecryptfs_kthread; /** * ecryptfs_threadfn * @ignored: ignored * * The eCryptfs kernel thread that has the responsibility of getting * the lower file with RW permissions. * * Returns zero on success; non-zero otherwise */ static int ecryptfs_threadfn(void *ignored) { set_freezable(); while (1) { struct ecryptfs_open_req *req; wait_event_freezable( ecryptfs_kthread_ctl.wait, (!list_empty(&ecryptfs_kthread_ctl.req_list) || kthread_should_stop())); mutex_lock(&ecryptfs_kthread_ctl.mux); if (ecryptfs_kthread_ctl.flags & ECRYPTFS_KTHREAD_ZOMBIE) { mutex_unlock(&ecryptfs_kthread_ctl.mux); goto out; } while (!list_empty(&ecryptfs_kthread_ctl.req_list)) { req = list_first_entry(&ecryptfs_kthread_ctl.req_list, struct ecryptfs_open_req, kthread_ctl_list); list_del(&req->kthread_ctl_list); *req->lower_file = dentry_open(&req->path, (O_RDWR | O_LARGEFILE), current_cred()); complete(&req->done); } mutex_unlock(&ecryptfs_kthread_ctl.mux); } out: return 0; } int __init ecryptfs_init_kthread(void) { int rc = 0; mutex_init(&ecryptfs_kthread_ctl.mux); init_waitqueue_head(&ecryptfs_kthread_ctl.wait); INIT_LIST_HEAD(&ecryptfs_kthread_ctl.req_list); ecryptfs_kthread = kthread_run(&ecryptfs_threadfn, NULL, "ecryptfs-kthread"); if (IS_ERR(ecryptfs_kthread)) { rc = PTR_ERR(ecryptfs_kthread); printk(KERN_ERR "%s: Failed to create kernel thread; rc = [%d]" "\n", __func__, rc); } return rc; } void ecryptfs_destroy_kthread(void) { struct ecryptfs_open_req *req, *tmp; mutex_lock(&ecryptfs_kthread_ctl.mux); ecryptfs_kthread_ctl.flags |= ECRYPTFS_KTHREAD_ZOMBIE; list_for_each_entry_safe(req, tmp, &ecryptfs_kthread_ctl.req_list, kthread_ctl_list) { list_del(&req->kthread_ctl_list); *req->lower_file = ERR_PTR(-EIO); complete(&req->done); } mutex_unlock(&ecryptfs_kthread_ctl.mux); kthread_stop(ecryptfs_kthread); wake_up(&ecryptfs_kthread_ctl.wait); } /** * ecryptfs_privileged_open * @lower_file: Result of dentry_open by root on lower dentry * @lower_dentry: Lower dentry for file to open * @lower_mnt: Lower vfsmount for file to open * * This function gets a r/w file opened against the lower dentry. * * Returns zero on success; non-zero otherwise */ int ecryptfs_privileged_open(struct file **lower_file, struct dentry *lower_dentry, struct vfsmount *lower_mnt, const struct cred *cred) { struct ecryptfs_open_req req; int flags = O_LARGEFILE; int rc = 0; init_completion(&req.done); req.lower_file = lower_file; req.path.dentry = lower_dentry; req.path.mnt = lower_mnt; /* Corresponding dput() and mntput() are done when the * lower file is fput() when all eCryptfs files for the inode are * released. */ flags |= IS_RDONLY(d_inode(lower_dentry)) ? O_RDONLY : O_RDWR; (*lower_file) = dentry_open(&req.path, flags, cred); if (!IS_ERR(*lower_file)) goto out; if ((flags & O_ACCMODE) == O_RDONLY) { rc = PTR_ERR((*lower_file)); goto out; } mutex_lock(&ecryptfs_kthread_ctl.mux); if (ecryptfs_kthread_ctl.flags & ECRYPTFS_KTHREAD_ZOMBIE) { rc = -EIO; mutex_unlock(&ecryptfs_kthread_ctl.mux); printk(KERN_ERR "%s: We are in the middle of shutting down; " "aborting privileged request to open lower file\n", __func__); goto out; } list_add_tail(&req.kthread_ctl_list, &ecryptfs_kthread_ctl.req_list); mutex_unlock(&ecryptfs_kthread_ctl.mux); wake_up(&ecryptfs_kthread_ctl.wait); wait_for_completion(&req.done); if (IS_ERR(*lower_file)) rc = PTR_ERR(*lower_file); out: return rc; }