crypto.c 16 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605
  1. // SPDX-License-Identifier: GPL-2.0
  2. /*
  3. * The base64 encode/decode code was copied from fscrypt:
  4. * Copyright (C) 2015, Google, Inc.
  5. * Copyright (C) 2015, Motorola Mobility
  6. * Written by Uday Savagaonkar, 2014.
  7. * Modified by Jaegeuk Kim, 2015.
  8. */
  9. #include <linux/ceph/ceph_debug.h>
  10. #include <linux/xattr.h>
  11. #include <linux/fscrypt.h>
  12. #include <linux/ceph/striper.h>
  13. #include "super.h"
  14. #include "mds_client.h"
  15. #include "crypto.h"
  16. static int ceph_crypt_get_context(struct inode *inode, void *ctx, size_t len)
  17. {
  18. struct ceph_inode_info *ci = ceph_inode(inode);
  19. struct ceph_fscrypt_auth *cfa = (struct ceph_fscrypt_auth *)ci->fscrypt_auth;
  20. u32 ctxlen;
  21. /* Non existent or too short? */
  22. if (!cfa || (ci->fscrypt_auth_len < (offsetof(struct ceph_fscrypt_auth, cfa_blob) + 1)))
  23. return -ENOBUFS;
  24. /* Some format we don't recognize? */
  25. if (le32_to_cpu(cfa->cfa_version) != CEPH_FSCRYPT_AUTH_VERSION)
  26. return -ENOBUFS;
  27. ctxlen = le32_to_cpu(cfa->cfa_blob_len);
  28. if (len < ctxlen)
  29. return -ERANGE;
  30. memcpy(ctx, cfa->cfa_blob, ctxlen);
  31. return ctxlen;
  32. }
  33. static int ceph_crypt_set_context(struct inode *inode, const void *ctx,
  34. size_t len, void *fs_data)
  35. {
  36. int ret;
  37. struct iattr attr = { };
  38. struct ceph_iattr cia = { };
  39. struct ceph_fscrypt_auth *cfa;
  40. WARN_ON_ONCE(fs_data);
  41. if (len > FSCRYPT_SET_CONTEXT_MAX_SIZE)
  42. return -EINVAL;
  43. cfa = kzalloc_obj(*cfa);
  44. if (!cfa)
  45. return -ENOMEM;
  46. cfa->cfa_version = cpu_to_le32(CEPH_FSCRYPT_AUTH_VERSION);
  47. cfa->cfa_blob_len = cpu_to_le32(len);
  48. memcpy(cfa->cfa_blob, ctx, len);
  49. cia.fscrypt_auth = cfa;
  50. ret = __ceph_setattr(&nop_mnt_idmap, inode, &attr, &cia);
  51. if (ret == 0)
  52. inode_set_flags(inode, S_ENCRYPTED, S_ENCRYPTED);
  53. kfree(cia.fscrypt_auth);
  54. return ret;
  55. }
  56. static bool ceph_crypt_empty_dir(struct inode *inode)
  57. {
  58. struct ceph_inode_info *ci = ceph_inode(inode);
  59. return ci->i_rsubdirs + ci->i_rfiles == 1;
  60. }
  61. static const union fscrypt_policy *ceph_get_dummy_policy(struct super_block *sb)
  62. {
  63. return ceph_sb_to_fs_client(sb)->fsc_dummy_enc_policy.policy;
  64. }
  65. static struct fscrypt_operations ceph_fscrypt_ops = {
  66. .inode_info_offs = (int)offsetof(struct ceph_inode_info, i_crypt_info) -
  67. (int)offsetof(struct ceph_inode_info, netfs.inode),
  68. .needs_bounce_pages = 1,
  69. .get_context = ceph_crypt_get_context,
  70. .set_context = ceph_crypt_set_context,
  71. .get_dummy_policy = ceph_get_dummy_policy,
  72. .empty_dir = ceph_crypt_empty_dir,
  73. };
  74. void ceph_fscrypt_set_ops(struct super_block *sb)
  75. {
  76. fscrypt_set_ops(sb, &ceph_fscrypt_ops);
  77. }
  78. void ceph_fscrypt_free_dummy_policy(struct ceph_fs_client *fsc)
  79. {
  80. fscrypt_free_dummy_policy(&fsc->fsc_dummy_enc_policy);
  81. }
  82. int ceph_fscrypt_prepare_context(struct inode *dir, struct inode *inode,
  83. struct ceph_acl_sec_ctx *as)
  84. {
  85. int ret, ctxsize;
  86. bool encrypted = false;
  87. struct ceph_inode_info *ci = ceph_inode(inode);
  88. ret = fscrypt_prepare_new_inode(dir, inode, &encrypted);
  89. if (ret)
  90. return ret;
  91. if (!encrypted)
  92. return 0;
  93. as->fscrypt_auth = kzalloc_obj(*as->fscrypt_auth);
  94. if (!as->fscrypt_auth)
  95. return -ENOMEM;
  96. ctxsize = fscrypt_context_for_new_inode(as->fscrypt_auth->cfa_blob,
  97. inode);
  98. if (ctxsize < 0)
  99. return ctxsize;
  100. as->fscrypt_auth->cfa_version = cpu_to_le32(CEPH_FSCRYPT_AUTH_VERSION);
  101. as->fscrypt_auth->cfa_blob_len = cpu_to_le32(ctxsize);
  102. WARN_ON_ONCE(ci->fscrypt_auth);
  103. kfree(ci->fscrypt_auth);
  104. ci->fscrypt_auth_len = ceph_fscrypt_auth_len(as->fscrypt_auth);
  105. ci->fscrypt_auth = kmemdup(as->fscrypt_auth, ci->fscrypt_auth_len,
  106. GFP_KERNEL);
  107. if (!ci->fscrypt_auth)
  108. return -ENOMEM;
  109. inode->i_flags |= S_ENCRYPTED;
  110. return 0;
  111. }
  112. void ceph_fscrypt_as_ctx_to_req(struct ceph_mds_request *req,
  113. struct ceph_acl_sec_ctx *as)
  114. {
  115. swap(req->r_fscrypt_auth, as->fscrypt_auth);
  116. }
  117. /*
  118. * User-created snapshots can't start with '_'. Snapshots that start with this
  119. * character are special (hint: there aren't real snapshots) and use the
  120. * following format:
  121. *
  122. * _<SNAPSHOT-NAME>_<INODE-NUMBER>
  123. *
  124. * where:
  125. * - <SNAPSHOT-NAME> - the real snapshot name that may need to be decrypted,
  126. * - <INODE-NUMBER> - the inode number (in decimal) for the actual snapshot
  127. *
  128. * This function parses these snapshot names and returns the inode
  129. * <INODE-NUMBER>. 'name_len' will also bet set with the <SNAPSHOT-NAME>
  130. * length.
  131. */
  132. static struct inode *parse_longname(const struct inode *parent,
  133. const char *name, int *name_len)
  134. {
  135. struct ceph_client *cl = ceph_inode_to_client(parent);
  136. struct inode *dir = NULL;
  137. struct ceph_vino vino = { .snap = CEPH_NOSNAP };
  138. char *name_end, *inode_number;
  139. int ret = -EIO;
  140. /* Snapshot name must start with an underscore */
  141. if (*name_len <= 0 || name[0] != '_')
  142. return ERR_PTR(-EIO);
  143. /* Skip initial '_' and NUL-terminate */
  144. char *str __free(kfree) = kmemdup_nul(name + 1, *name_len - 1, GFP_KERNEL);
  145. if (!str)
  146. return ERR_PTR(-ENOMEM);
  147. name_end = strrchr(str, '_');
  148. if (!name_end) {
  149. doutc(cl, "failed to parse long snapshot name: %s\n", str);
  150. return ERR_PTR(-EIO);
  151. }
  152. *name_len = (name_end - str);
  153. if (*name_len <= 0) {
  154. pr_err_client(cl, "failed to parse long snapshot name\n");
  155. return ERR_PTR(-EIO);
  156. }
  157. /* Get the inode number */
  158. inode_number = name_end + 1;
  159. ret = kstrtou64(inode_number, 10, &vino.ino);
  160. if (ret) {
  161. doutc(cl, "failed to parse inode number: %s\n", str);
  162. return ERR_PTR(ret);
  163. }
  164. /* And finally the inode */
  165. dir = ceph_find_inode(parent->i_sb, vino);
  166. if (!dir) {
  167. /* This can happen if we're not mounting cephfs on the root */
  168. dir = ceph_get_inode(parent->i_sb, vino, NULL);
  169. if (IS_ERR(dir))
  170. doutc(cl, "can't find inode %s (%s)\n", inode_number, name);
  171. }
  172. return dir;
  173. }
  174. int ceph_encode_encrypted_dname(struct inode *parent, char *buf, int elen)
  175. {
  176. struct ceph_client *cl = ceph_inode_to_client(parent);
  177. struct inode *dir = parent;
  178. char *p = buf;
  179. u32 len;
  180. int name_len = elen;
  181. int ret;
  182. u8 *cryptbuf = NULL;
  183. /* Handle the special case of snapshot names that start with '_' */
  184. if (ceph_snap(dir) == CEPH_SNAPDIR && *p == '_') {
  185. dir = parse_longname(parent, p, &name_len);
  186. if (IS_ERR(dir))
  187. return PTR_ERR(dir);
  188. p++; /* skip initial '_' */
  189. }
  190. if (!fscrypt_has_encryption_key(dir))
  191. goto out;
  192. /*
  193. * Convert cleartext d_name to ciphertext. If result is longer than
  194. * CEPH_NOHASH_NAME_MAX, sha256 the remaining bytes
  195. *
  196. * See: fscrypt_setup_filename
  197. */
  198. if (!fscrypt_fname_encrypted_size(dir, name_len, NAME_MAX, &len)) {
  199. elen = -ENAMETOOLONG;
  200. goto out;
  201. }
  202. /* Allocate a buffer appropriate to hold the result */
  203. cryptbuf = kmalloc(len > CEPH_NOHASH_NAME_MAX ? NAME_MAX : len,
  204. GFP_KERNEL);
  205. if (!cryptbuf) {
  206. elen = -ENOMEM;
  207. goto out;
  208. }
  209. ret = fscrypt_fname_encrypt(dir,
  210. &(struct qstr)QSTR_INIT(p, name_len),
  211. cryptbuf, len);
  212. if (ret) {
  213. elen = ret;
  214. goto out;
  215. }
  216. /* hash the end if the name is long enough */
  217. if (len > CEPH_NOHASH_NAME_MAX) {
  218. u8 hash[SHA256_DIGEST_SIZE];
  219. u8 *extra = cryptbuf + CEPH_NOHASH_NAME_MAX;
  220. /*
  221. * hash the extra bytes and overwrite crypttext beyond that
  222. * point with it
  223. */
  224. sha256(extra, len - CEPH_NOHASH_NAME_MAX, hash);
  225. memcpy(extra, hash, SHA256_DIGEST_SIZE);
  226. len = CEPH_NOHASH_NAME_MAX + SHA256_DIGEST_SIZE;
  227. }
  228. /* base64 encode the encrypted name */
  229. elen = base64_encode(cryptbuf, len, p, false, BASE64_IMAP);
  230. doutc(cl, "base64-encoded ciphertext name = %.*s\n", elen, p);
  231. /* To understand the 240 limit, see CEPH_NOHASH_NAME_MAX comments */
  232. WARN_ON(elen > 240);
  233. if (dir != parent) // leading _ is already there; append _<inum>
  234. elen += 1 + sprintf(p + elen, "_%ld", dir->i_ino);
  235. out:
  236. kfree(cryptbuf);
  237. if (dir != parent) {
  238. if ((inode_state_read_once(dir) & I_NEW))
  239. discard_new_inode(dir);
  240. else
  241. iput(dir);
  242. }
  243. return elen;
  244. }
  245. /**
  246. * ceph_fname_to_usr - convert a filename for userland presentation
  247. * @fname: ceph_fname to be converted
  248. * @tname: temporary name buffer to use for conversion (may be NULL)
  249. * @oname: where converted name should be placed
  250. * @is_nokey: set to true if key wasn't available during conversion (may be NULL)
  251. *
  252. * Given a filename (usually from the MDS), format it for presentation to
  253. * userland. If @parent is not encrypted, just pass it back as-is.
  254. *
  255. * Otherwise, base64 decode the string, and then ask fscrypt to format it
  256. * for userland presentation.
  257. *
  258. * Returns 0 on success or negative error code on error.
  259. */
  260. int ceph_fname_to_usr(const struct ceph_fname *fname, struct fscrypt_str *tname,
  261. struct fscrypt_str *oname, bool *is_nokey)
  262. {
  263. struct inode *dir = fname->dir;
  264. struct fscrypt_str _tname = FSTR_INIT(NULL, 0);
  265. struct fscrypt_str iname;
  266. char *name = fname->name;
  267. int name_len = fname->name_len;
  268. int ret;
  269. /* Sanity check that the resulting name will fit in the buffer */
  270. if (fname->name_len > NAME_MAX || fname->ctext_len > NAME_MAX)
  271. return -EIO;
  272. /* Handle the special case of snapshot names that start with '_' */
  273. if ((ceph_snap(dir) == CEPH_SNAPDIR) && (name_len > 0) &&
  274. (name[0] == '_')) {
  275. dir = parse_longname(dir, name, &name_len);
  276. if (IS_ERR(dir))
  277. return PTR_ERR(dir);
  278. name++; /* skip initial '_' */
  279. }
  280. if (!IS_ENCRYPTED(dir)) {
  281. oname->name = fname->name;
  282. oname->len = fname->name_len;
  283. ret = 0;
  284. goto out_inode;
  285. }
  286. ret = ceph_fscrypt_prepare_readdir(dir);
  287. if (ret)
  288. goto out_inode;
  289. /*
  290. * Use the raw dentry name as sent by the MDS instead of
  291. * generating a nokey name via fscrypt.
  292. */
  293. if (!fscrypt_has_encryption_key(dir)) {
  294. if (fname->no_copy)
  295. oname->name = fname->name;
  296. else
  297. memcpy(oname->name, fname->name, fname->name_len);
  298. oname->len = fname->name_len;
  299. if (is_nokey)
  300. *is_nokey = true;
  301. ret = 0;
  302. goto out_inode;
  303. }
  304. if (fname->ctext_len == 0) {
  305. int declen;
  306. if (!tname) {
  307. ret = fscrypt_fname_alloc_buffer(NAME_MAX, &_tname);
  308. if (ret)
  309. goto out_inode;
  310. tname = &_tname;
  311. }
  312. declen = base64_decode(name, name_len,
  313. tname->name, false, BASE64_IMAP);
  314. if (declen <= 0) {
  315. ret = -EIO;
  316. goto out;
  317. }
  318. iname.name = tname->name;
  319. iname.len = declen;
  320. } else {
  321. iname.name = fname->ctext;
  322. iname.len = fname->ctext_len;
  323. }
  324. ret = fscrypt_fname_disk_to_usr(dir, 0, 0, &iname, oname);
  325. if (!ret && (dir != fname->dir)) {
  326. char tmp_buf[BASE64_CHARS(NAME_MAX)];
  327. name_len = snprintf(tmp_buf, sizeof(tmp_buf), "_%.*s_%ld",
  328. oname->len, oname->name, dir->i_ino);
  329. memcpy(oname->name, tmp_buf, name_len);
  330. oname->len = name_len;
  331. }
  332. out:
  333. fscrypt_fname_free_buffer(&_tname);
  334. out_inode:
  335. if (dir != fname->dir) {
  336. if ((inode_state_read_once(dir) & I_NEW))
  337. discard_new_inode(dir);
  338. else
  339. iput(dir);
  340. }
  341. return ret;
  342. }
  343. /**
  344. * ceph_fscrypt_prepare_readdir - simple __fscrypt_prepare_readdir() wrapper
  345. * @dir: directory inode for readdir prep
  346. *
  347. * Simple wrapper around __fscrypt_prepare_readdir() that will mark directory as
  348. * non-complete if this call results in having the directory unlocked.
  349. *
  350. * Returns:
  351. * 1 - if directory was locked and key is now loaded (i.e. dir is unlocked)
  352. * 0 - if directory is still locked
  353. * < 0 - if __fscrypt_prepare_readdir() fails
  354. */
  355. int ceph_fscrypt_prepare_readdir(struct inode *dir)
  356. {
  357. bool had_key = fscrypt_has_encryption_key(dir);
  358. int err;
  359. if (!IS_ENCRYPTED(dir))
  360. return 0;
  361. err = __fscrypt_prepare_readdir(dir);
  362. if (err)
  363. return err;
  364. if (!had_key && fscrypt_has_encryption_key(dir)) {
  365. /* directory just got unlocked, mark it as not complete */
  366. ceph_dir_clear_complete(dir);
  367. return 1;
  368. }
  369. return 0;
  370. }
  371. int ceph_fscrypt_decrypt_block_inplace(const struct inode *inode,
  372. struct page *page, unsigned int len,
  373. unsigned int offs, u64 lblk_num)
  374. {
  375. struct ceph_client *cl = ceph_inode_to_client(inode);
  376. doutc(cl, "%p %llx.%llx len %u offs %u blk %llu\n", inode,
  377. ceph_vinop(inode), len, offs, lblk_num);
  378. return fscrypt_decrypt_block_inplace(inode, page, len, offs, lblk_num);
  379. }
  380. int ceph_fscrypt_encrypt_block_inplace(const struct inode *inode,
  381. struct page *page, unsigned int len,
  382. unsigned int offs, u64 lblk_num)
  383. {
  384. struct ceph_client *cl = ceph_inode_to_client(inode);
  385. doutc(cl, "%p %llx.%llx len %u offs %u blk %llu\n", inode,
  386. ceph_vinop(inode), len, offs, lblk_num);
  387. return fscrypt_encrypt_block_inplace(inode, page, len, offs, lblk_num);
  388. }
  389. /**
  390. * ceph_fscrypt_decrypt_pages - decrypt an array of pages
  391. * @inode: pointer to inode associated with these pages
  392. * @page: pointer to page array
  393. * @off: offset into the file that the read data starts
  394. * @len: max length to decrypt
  395. *
  396. * Decrypt an array of fscrypt'ed pages and return the amount of
  397. * data decrypted. Any data in the page prior to the start of the
  398. * first complete block in the read is ignored. Any incomplete
  399. * crypto blocks at the end of the array are ignored (and should
  400. * probably be zeroed by the caller).
  401. *
  402. * Returns the length of the decrypted data or a negative errno.
  403. */
  404. int ceph_fscrypt_decrypt_pages(struct inode *inode, struct page **page,
  405. u64 off, int len)
  406. {
  407. int i, num_blocks;
  408. u64 baseblk = off >> CEPH_FSCRYPT_BLOCK_SHIFT;
  409. int ret = 0;
  410. /*
  411. * We can't deal with partial blocks on an encrypted file, so mask off
  412. * the last bit.
  413. */
  414. num_blocks = ceph_fscrypt_blocks(off, len & CEPH_FSCRYPT_BLOCK_MASK);
  415. /* Decrypt each block */
  416. for (i = 0; i < num_blocks; ++i) {
  417. int blkoff = i << CEPH_FSCRYPT_BLOCK_SHIFT;
  418. int pgidx = blkoff >> PAGE_SHIFT;
  419. unsigned int pgoffs = offset_in_page(blkoff);
  420. int fret;
  421. fret = ceph_fscrypt_decrypt_block_inplace(inode, page[pgidx],
  422. CEPH_FSCRYPT_BLOCK_SIZE, pgoffs,
  423. baseblk + i);
  424. if (fret < 0) {
  425. if (ret == 0)
  426. ret = fret;
  427. break;
  428. }
  429. ret += CEPH_FSCRYPT_BLOCK_SIZE;
  430. }
  431. return ret;
  432. }
  433. /**
  434. * ceph_fscrypt_decrypt_extents: decrypt received extents in given buffer
  435. * @inode: inode associated with pages being decrypted
  436. * @page: pointer to page array
  437. * @off: offset into the file that the data in page[0] starts
  438. * @map: pointer to extent array
  439. * @ext_cnt: length of extent array
  440. *
  441. * Given an extent map and a page array, decrypt the received data in-place,
  442. * skipping holes. Returns the offset into buffer of end of last decrypted
  443. * block.
  444. */
  445. int ceph_fscrypt_decrypt_extents(struct inode *inode, struct page **page,
  446. u64 off, struct ceph_sparse_extent *map,
  447. u32 ext_cnt)
  448. {
  449. struct ceph_client *cl = ceph_inode_to_client(inode);
  450. int i, ret = 0;
  451. struct ceph_inode_info *ci = ceph_inode(inode);
  452. u64 objno, objoff;
  453. u32 xlen;
  454. /* Nothing to do for empty array */
  455. if (ext_cnt == 0) {
  456. doutc(cl, "%p %llx.%llx empty array, ret 0\n", inode,
  457. ceph_vinop(inode));
  458. return 0;
  459. }
  460. ceph_calc_file_object_mapping(&ci->i_layout, off, map[0].len,
  461. &objno, &objoff, &xlen);
  462. for (i = 0; i < ext_cnt; ++i) {
  463. struct ceph_sparse_extent *ext = &map[i];
  464. int pgsoff = ext->off - objoff;
  465. int pgidx = pgsoff >> PAGE_SHIFT;
  466. int fret;
  467. if ((ext->off | ext->len) & ~CEPH_FSCRYPT_BLOCK_MASK) {
  468. pr_warn_client(cl,
  469. "%p %llx.%llx bad encrypted sparse extent "
  470. "idx %d off %llx len %llx\n",
  471. inode, ceph_vinop(inode), i, ext->off,
  472. ext->len);
  473. return -EIO;
  474. }
  475. fret = ceph_fscrypt_decrypt_pages(inode, &page[pgidx],
  476. off + pgsoff, ext->len);
  477. doutc(cl, "%p %llx.%llx [%d] 0x%llx~0x%llx fret %d\n", inode,
  478. ceph_vinop(inode), i, ext->off, ext->len, fret);
  479. if (fret < 0) {
  480. if (ret == 0)
  481. ret = fret;
  482. break;
  483. }
  484. ret = pgsoff + fret;
  485. }
  486. doutc(cl, "ret %d\n", ret);
  487. return ret;
  488. }
  489. /**
  490. * ceph_fscrypt_encrypt_pages - encrypt an array of pages
  491. * @inode: pointer to inode associated with these pages
  492. * @page: pointer to page array
  493. * @off: offset into the file that the data starts
  494. * @len: max length to encrypt
  495. *
  496. * Encrypt an array of cleartext pages and return the amount of
  497. * data encrypted. Any data in the page prior to the start of the
  498. * first complete block in the read is ignored. Any incomplete
  499. * crypto blocks at the end of the array are ignored.
  500. *
  501. * Returns the length of the encrypted data or a negative errno.
  502. */
  503. int ceph_fscrypt_encrypt_pages(struct inode *inode, struct page **page, u64 off,
  504. int len)
  505. {
  506. int i, num_blocks;
  507. u64 baseblk = off >> CEPH_FSCRYPT_BLOCK_SHIFT;
  508. int ret = 0;
  509. /*
  510. * We can't deal with partial blocks on an encrypted file, so mask off
  511. * the last bit.
  512. */
  513. num_blocks = ceph_fscrypt_blocks(off, len & CEPH_FSCRYPT_BLOCK_MASK);
  514. /* Encrypt each block */
  515. for (i = 0; i < num_blocks; ++i) {
  516. int blkoff = i << CEPH_FSCRYPT_BLOCK_SHIFT;
  517. int pgidx = blkoff >> PAGE_SHIFT;
  518. unsigned int pgoffs = offset_in_page(blkoff);
  519. int fret;
  520. fret = ceph_fscrypt_encrypt_block_inplace(inode, page[pgidx],
  521. CEPH_FSCRYPT_BLOCK_SIZE, pgoffs,
  522. baseblk + i);
  523. if (fret < 0) {
  524. if (ret == 0)
  525. ret = fret;
  526. break;
  527. }
  528. ret += CEPH_FSCRYPT_BLOCK_SIZE;
  529. }
  530. return ret;
  531. }