kthread.c 4.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173
  1. /**
  2. * eCryptfs: Linux filesystem encryption layer
  3. *
  4. * Copyright (C) 2008 International Business Machines Corp.
  5. * Author(s): Michael A. Halcrow <mahalcro@us.ibm.com>
  6. *
  7. * This program is free software; you can redistribute it and/or
  8. * modify it under the terms of the GNU General Public License as
  9. * published by the Free Software Foundation; either version 2 of the
  10. * License, or (at your option) any later version.
  11. *
  12. * This program is distributed in the hope that it will be useful, but
  13. * WITHOUT ANY WARRANTY; without even the implied warranty of
  14. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  15. * General Public License for more details.
  16. *
  17. * You should have received a copy of the GNU General Public License
  18. * along with this program; if not, write to the Free Software
  19. * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
  20. * 02111-1307, USA.
  21. */
  22. #include <linux/kthread.h>
  23. #include <linux/freezer.h>
  24. #include <linux/slab.h>
  25. #include <linux/wait.h>
  26. #include <linux/mount.h>
  27. #include "ecryptfs_kernel.h"
  28. struct ecryptfs_open_req {
  29. struct file **lower_file;
  30. struct path path;
  31. struct completion done;
  32. struct list_head kthread_ctl_list;
  33. };
  34. static struct ecryptfs_kthread_ctl {
  35. #define ECRYPTFS_KTHREAD_ZOMBIE 0x00000001
  36. u32 flags;
  37. struct mutex mux;
  38. struct list_head req_list;
  39. wait_queue_head_t wait;
  40. } ecryptfs_kthread_ctl;
  41. static struct task_struct *ecryptfs_kthread;
  42. /**
  43. * ecryptfs_threadfn
  44. * @ignored: ignored
  45. *
  46. * The eCryptfs kernel thread that has the responsibility of getting
  47. * the lower file with RW permissions.
  48. *
  49. * Returns zero on success; non-zero otherwise
  50. */
  51. static int ecryptfs_threadfn(void *ignored)
  52. {
  53. set_freezable();
  54. while (1) {
  55. struct ecryptfs_open_req *req;
  56. wait_event_freezable(
  57. ecryptfs_kthread_ctl.wait,
  58. (!list_empty(&ecryptfs_kthread_ctl.req_list)
  59. || kthread_should_stop()));
  60. mutex_lock(&ecryptfs_kthread_ctl.mux);
  61. if (ecryptfs_kthread_ctl.flags & ECRYPTFS_KTHREAD_ZOMBIE) {
  62. mutex_unlock(&ecryptfs_kthread_ctl.mux);
  63. goto out;
  64. }
  65. while (!list_empty(&ecryptfs_kthread_ctl.req_list)) {
  66. req = list_first_entry(&ecryptfs_kthread_ctl.req_list,
  67. struct ecryptfs_open_req,
  68. kthread_ctl_list);
  69. list_del(&req->kthread_ctl_list);
  70. *req->lower_file = dentry_open(&req->path,
  71. (O_RDWR | O_LARGEFILE), current_cred());
  72. complete(&req->done);
  73. }
  74. mutex_unlock(&ecryptfs_kthread_ctl.mux);
  75. }
  76. out:
  77. return 0;
  78. }
  79. int __init ecryptfs_init_kthread(void)
  80. {
  81. int rc = 0;
  82. mutex_init(&ecryptfs_kthread_ctl.mux);
  83. init_waitqueue_head(&ecryptfs_kthread_ctl.wait);
  84. INIT_LIST_HEAD(&ecryptfs_kthread_ctl.req_list);
  85. ecryptfs_kthread = kthread_run(&ecryptfs_threadfn, NULL,
  86. "ecryptfs-kthread");
  87. if (IS_ERR(ecryptfs_kthread)) {
  88. rc = PTR_ERR(ecryptfs_kthread);
  89. printk(KERN_ERR "%s: Failed to create kernel thread; rc = [%d]"
  90. "\n", __func__, rc);
  91. }
  92. return rc;
  93. }
  94. void ecryptfs_destroy_kthread(void)
  95. {
  96. struct ecryptfs_open_req *req, *tmp;
  97. mutex_lock(&ecryptfs_kthread_ctl.mux);
  98. ecryptfs_kthread_ctl.flags |= ECRYPTFS_KTHREAD_ZOMBIE;
  99. list_for_each_entry_safe(req, tmp, &ecryptfs_kthread_ctl.req_list,
  100. kthread_ctl_list) {
  101. list_del(&req->kthread_ctl_list);
  102. *req->lower_file = ERR_PTR(-EIO);
  103. complete(&req->done);
  104. }
  105. mutex_unlock(&ecryptfs_kthread_ctl.mux);
  106. kthread_stop(ecryptfs_kthread);
  107. wake_up(&ecryptfs_kthread_ctl.wait);
  108. }
  109. /**
  110. * ecryptfs_privileged_open
  111. * @lower_file: Result of dentry_open by root on lower dentry
  112. * @lower_dentry: Lower dentry for file to open
  113. * @lower_mnt: Lower vfsmount for file to open
  114. *
  115. * This function gets a r/w file opened against the lower dentry.
  116. *
  117. * Returns zero on success; non-zero otherwise
  118. */
  119. int ecryptfs_privileged_open(struct file **lower_file,
  120. struct dentry *lower_dentry,
  121. struct vfsmount *lower_mnt,
  122. const struct cred *cred)
  123. {
  124. struct ecryptfs_open_req req;
  125. int flags = O_LARGEFILE;
  126. int rc = 0;
  127. init_completion(&req.done);
  128. req.lower_file = lower_file;
  129. req.path.dentry = lower_dentry;
  130. req.path.mnt = lower_mnt;
  131. /* Corresponding dput() and mntput() are done when the
  132. * lower file is fput() when all eCryptfs files for the inode are
  133. * released. */
  134. flags |= IS_RDONLY(d_inode(lower_dentry)) ? O_RDONLY : O_RDWR;
  135. (*lower_file) = dentry_open(&req.path, flags, cred);
  136. if (!IS_ERR(*lower_file))
  137. goto out;
  138. if ((flags & O_ACCMODE) == O_RDONLY) {
  139. rc = PTR_ERR((*lower_file));
  140. goto out;
  141. }
  142. mutex_lock(&ecryptfs_kthread_ctl.mux);
  143. if (ecryptfs_kthread_ctl.flags & ECRYPTFS_KTHREAD_ZOMBIE) {
  144. rc = -EIO;
  145. mutex_unlock(&ecryptfs_kthread_ctl.mux);
  146. printk(KERN_ERR "%s: We are in the middle of shutting down; "
  147. "aborting privileged request to open lower file\n",
  148. __func__);
  149. goto out;
  150. }
  151. list_add_tail(&req.kthread_ctl_list, &ecryptfs_kthread_ctl.req_list);
  152. mutex_unlock(&ecryptfs_kthread_ctl.mux);
  153. wake_up(&ecryptfs_kthread_ctl.wait);
  154. wait_for_completion(&req.done);
  155. if (IS_ERR(*lower_file))
  156. rc = PTR_ERR(*lower_file);
  157. out:
  158. return rc;
  159. }