diff options
author | Michael Halcrow <mhalcrow@us.ibm.com> | 2007-02-12 03:53:49 -0500 |
---|---|---|
committer | Linus Torvalds <torvalds@woody.linux-foundation.org> | 2007-02-12 12:48:37 -0500 |
commit | e2bd99ec5c0e20ed6aeb079fa8f975c2dcd78a2c (patch) | |
tree | 78892d49cf55fa4cf22ce9b8b226c63bac8b227c | |
parent | 9d8b8ce5561890464c54645cdea4d6b157159fec (diff) |
[PATCH] eCryptfs: open-code flag checking and manipulation
Open-code flag checking and manipulation.
Signed-off-by: Michael Halcrow <mhalcrow@us.ibm.com>
Signed-off-by: Trevor Highland <tshighla@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r-- | fs/ecryptfs/crypto.c | 37 | ||||
-rw-r--r-- | fs/ecryptfs/debug.c | 6 | ||||
-rw-r--r-- | fs/ecryptfs/ecryptfs_kernel.h | 3 | ||||
-rw-r--r-- | fs/ecryptfs/file.c | 17 | ||||
-rw-r--r-- | fs/ecryptfs/inode.c | 14 | ||||
-rw-r--r-- | fs/ecryptfs/keystore.c | 32 | ||||
-rw-r--r-- | fs/ecryptfs/mmap.c | 8 |
7 files changed, 49 insertions, 68 deletions
diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c index b817a1a39e70..6ac630625b70 100644 --- a/fs/ecryptfs/crypto.c +++ b/fs/ecryptfs/crypto.c | |||
@@ -207,7 +207,7 @@ ecryptfs_init_crypt_stat(struct ecryptfs_crypt_stat *crypt_stat) | |||
207 | mutex_init(&crypt_stat->cs_mutex); | 207 | mutex_init(&crypt_stat->cs_mutex); |
208 | mutex_init(&crypt_stat->cs_tfm_mutex); | 208 | mutex_init(&crypt_stat->cs_tfm_mutex); |
209 | mutex_init(&crypt_stat->cs_hash_tfm_mutex); | 209 | mutex_init(&crypt_stat->cs_hash_tfm_mutex); |
210 | ECRYPTFS_SET_FLAG(crypt_stat->flags, ECRYPTFS_STRUCT_INITIALIZED); | 210 | crypt_stat->flags |= ECRYPTFS_STRUCT_INITIALIZED; |
211 | } | 211 | } |
212 | 212 | ||
213 | /** | 213 | /** |
@@ -305,8 +305,7 @@ static int encrypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat, | |||
305 | int rc = 0; | 305 | int rc = 0; |
306 | 306 | ||
307 | BUG_ON(!crypt_stat || !crypt_stat->tfm | 307 | BUG_ON(!crypt_stat || !crypt_stat->tfm |
308 | || !ECRYPTFS_CHECK_FLAG(crypt_stat->flags, | 308 | || !(crypt_stat->flags & ECRYPTFS_STRUCT_INITIALIZED)); |
309 | ECRYPTFS_STRUCT_INITIALIZED)); | ||
310 | if (unlikely(ecryptfs_verbosity > 0)) { | 309 | if (unlikely(ecryptfs_verbosity > 0)) { |
311 | ecryptfs_printk(KERN_DEBUG, "Key size [%d]; key:\n", | 310 | ecryptfs_printk(KERN_DEBUG, "Key size [%d]; key:\n", |
312 | crypt_stat->key_size); | 311 | crypt_stat->key_size); |
@@ -485,7 +484,7 @@ int ecryptfs_encrypt_page(struct ecryptfs_page_crypt_context *ctx) | |||
485 | lower_inode = ecryptfs_inode_to_lower(ctx->page->mapping->host); | 484 | lower_inode = ecryptfs_inode_to_lower(ctx->page->mapping->host); |
486 | inode_info = ecryptfs_inode_to_private(ctx->page->mapping->host); | 485 | inode_info = ecryptfs_inode_to_private(ctx->page->mapping->host); |
487 | crypt_stat = &inode_info->crypt_stat; | 486 | crypt_stat = &inode_info->crypt_stat; |
488 | if (!ECRYPTFS_CHECK_FLAG(crypt_stat->flags, ECRYPTFS_ENCRYPTED)) { | 487 | if (!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) { |
489 | rc = ecryptfs_copy_page_to_lower(ctx->page, lower_inode, | 488 | rc = ecryptfs_copy_page_to_lower(ctx->page, lower_inode, |
490 | ctx->param.lower_file); | 489 | ctx->param.lower_file); |
491 | if (rc) | 490 | if (rc) |
@@ -617,7 +616,7 @@ int ecryptfs_decrypt_page(struct file *file, struct page *page) | |||
617 | crypt_stat = &(ecryptfs_inode_to_private( | 616 | crypt_stat = &(ecryptfs_inode_to_private( |
618 | page->mapping->host)->crypt_stat); | 617 | page->mapping->host)->crypt_stat); |
619 | lower_inode = ecryptfs_inode_to_lower(page->mapping->host); | 618 | lower_inode = ecryptfs_inode_to_lower(page->mapping->host); |
620 | if (!ECRYPTFS_CHECK_FLAG(crypt_stat->flags, ECRYPTFS_ENCRYPTED)) { | 619 | if (!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) { |
621 | rc = ecryptfs_do_readpage(file, page, page->index); | 620 | rc = ecryptfs_do_readpage(file, page, page->index); |
622 | if (rc) | 621 | if (rc) |
623 | ecryptfs_printk(KERN_ERR, "Error attempting to copy " | 622 | ecryptfs_printk(KERN_ERR, "Error attempting to copy " |
@@ -882,7 +881,7 @@ int ecryptfs_compute_root_iv(struct ecryptfs_crypt_stat *crypt_stat) | |||
882 | 881 | ||
883 | BUG_ON(crypt_stat->iv_bytes > MD5_DIGEST_SIZE); | 882 | BUG_ON(crypt_stat->iv_bytes > MD5_DIGEST_SIZE); |
884 | BUG_ON(crypt_stat->iv_bytes <= 0); | 883 | BUG_ON(crypt_stat->iv_bytes <= 0); |
885 | if (!ECRYPTFS_CHECK_FLAG(crypt_stat->flags, ECRYPTFS_KEY_VALID)) { | 884 | if (!(crypt_stat->flags & ECRYPTFS_KEY_VALID)) { |
886 | rc = -EINVAL; | 885 | rc = -EINVAL; |
887 | ecryptfs_printk(KERN_WARNING, "Session key not valid; " | 886 | ecryptfs_printk(KERN_WARNING, "Session key not valid; " |
888 | "cannot generate root IV\n"); | 887 | "cannot generate root IV\n"); |
@@ -899,8 +898,7 @@ int ecryptfs_compute_root_iv(struct ecryptfs_crypt_stat *crypt_stat) | |||
899 | out: | 898 | out: |
900 | if (rc) { | 899 | if (rc) { |
901 | memset(crypt_stat->root_iv, 0, crypt_stat->iv_bytes); | 900 | memset(crypt_stat->root_iv, 0, crypt_stat->iv_bytes); |
902 | ECRYPTFS_SET_FLAG(crypt_stat->flags, | 901 | crypt_stat->flags |= ECRYPTFS_SECURITY_WARNING; |
903 | ECRYPTFS_SECURITY_WARNING); | ||
904 | } | 902 | } |
905 | return rc; | 903 | return rc; |
906 | } | 904 | } |
@@ -908,7 +906,7 @@ out: | |||
908 | static void ecryptfs_generate_new_key(struct ecryptfs_crypt_stat *crypt_stat) | 906 | static void ecryptfs_generate_new_key(struct ecryptfs_crypt_stat *crypt_stat) |
909 | { | 907 | { |
910 | get_random_bytes(crypt_stat->key, crypt_stat->key_size); | 908 | get_random_bytes(crypt_stat->key, crypt_stat->key_size); |
911 | ECRYPTFS_SET_FLAG(crypt_stat->flags, ECRYPTFS_KEY_VALID); | 909 | crypt_stat->flags |= ECRYPTFS_KEY_VALID; |
912 | ecryptfs_compute_root_iv(crypt_stat); | 910 | ecryptfs_compute_root_iv(crypt_stat); |
913 | if (unlikely(ecryptfs_verbosity > 0)) { | 911 | if (unlikely(ecryptfs_verbosity > 0)) { |
914 | ecryptfs_printk(KERN_DEBUG, "Generated new session key:\n"); | 912 | ecryptfs_printk(KERN_DEBUG, "Generated new session key:\n"); |
@@ -948,7 +946,7 @@ static void ecryptfs_set_default_crypt_stat_vals( | |||
948 | ecryptfs_set_default_sizes(crypt_stat); | 946 | ecryptfs_set_default_sizes(crypt_stat); |
949 | strcpy(crypt_stat->cipher, ECRYPTFS_DEFAULT_CIPHER); | 947 | strcpy(crypt_stat->cipher, ECRYPTFS_DEFAULT_CIPHER); |
950 | crypt_stat->key_size = ECRYPTFS_DEFAULT_KEY_BYTES; | 948 | crypt_stat->key_size = ECRYPTFS_DEFAULT_KEY_BYTES; |
951 | ECRYPTFS_CLEAR_FLAG(crypt_stat->flags, ECRYPTFS_KEY_VALID); | 949 | crypt_stat->flags &= ~(ECRYPTFS_KEY_VALID); |
952 | crypt_stat->file_version = ECRYPTFS_FILE_VERSION; | 950 | crypt_stat->file_version = ECRYPTFS_FILE_VERSION; |
953 | crypt_stat->mount_crypt_stat = mount_crypt_stat; | 951 | crypt_stat->mount_crypt_stat = mount_crypt_stat; |
954 | } | 952 | } |
@@ -988,8 +986,8 @@ int ecryptfs_new_file_context(struct dentry *ecryptfs_dentry) | |||
988 | if (mount_crypt_stat->global_auth_tok) { | 986 | if (mount_crypt_stat->global_auth_tok) { |
989 | ecryptfs_printk(KERN_DEBUG, "Initializing context for new " | 987 | ecryptfs_printk(KERN_DEBUG, "Initializing context for new " |
990 | "file using mount_crypt_stat\n"); | 988 | "file using mount_crypt_stat\n"); |
991 | ECRYPTFS_SET_FLAG(crypt_stat->flags, ECRYPTFS_ENCRYPTED); | 989 | crypt_stat->flags |= ECRYPTFS_ENCRYPTED; |
992 | ECRYPTFS_SET_FLAG(crypt_stat->flags, ECRYPTFS_KEY_VALID); | 990 | crypt_stat->flags |= ECRYPTFS_KEY_VALID; |
993 | ecryptfs_copy_mount_wide_flags_to_inode_flags(crypt_stat, | 991 | ecryptfs_copy_mount_wide_flags_to_inode_flags(crypt_stat, |
994 | mount_crypt_stat); | 992 | mount_crypt_stat); |
995 | memcpy(crypt_stat->keysigs[crypt_stat->num_keysigs++], | 993 | memcpy(crypt_stat->keysigs[crypt_stat->num_keysigs++], |
@@ -1074,11 +1072,9 @@ static int ecryptfs_process_flags(struct ecryptfs_crypt_stat *crypt_stat, | |||
1074 | for (i = 0; i < ((sizeof(ecryptfs_flag_map) | 1072 | for (i = 0; i < ((sizeof(ecryptfs_flag_map) |
1075 | / sizeof(struct ecryptfs_flag_map_elem))); i++) | 1073 | / sizeof(struct ecryptfs_flag_map_elem))); i++) |
1076 | if (flags & ecryptfs_flag_map[i].file_flag) { | 1074 | if (flags & ecryptfs_flag_map[i].file_flag) { |
1077 | ECRYPTFS_SET_FLAG(crypt_stat->flags, | 1075 | crypt_stat->flags |= ecryptfs_flag_map[i].local_flag; |
1078 | ecryptfs_flag_map[i].local_flag); | ||
1079 | } else | 1076 | } else |
1080 | ECRYPTFS_CLEAR_FLAG(crypt_stat->flags, | 1077 | crypt_stat->flags &= ~(ecryptfs_flag_map[i].local_flag); |
1081 | ecryptfs_flag_map[i].local_flag); | ||
1082 | /* Version is in top 8 bits of the 32-bit flag vector */ | 1078 | /* Version is in top 8 bits of the 32-bit flag vector */ |
1083 | crypt_stat->file_version = ((flags >> 24) & 0xFF); | 1079 | crypt_stat->file_version = ((flags >> 24) & 0xFF); |
1084 | (*bytes_read) = 4; | 1080 | (*bytes_read) = 4; |
@@ -1115,8 +1111,7 @@ write_ecryptfs_flags(char *page_virt, struct ecryptfs_crypt_stat *crypt_stat, | |||
1115 | 1111 | ||
1116 | for (i = 0; i < ((sizeof(ecryptfs_flag_map) | 1112 | for (i = 0; i < ((sizeof(ecryptfs_flag_map) |
1117 | / sizeof(struct ecryptfs_flag_map_elem))); i++) | 1113 | / sizeof(struct ecryptfs_flag_map_elem))); i++) |
1118 | if (ECRYPTFS_CHECK_FLAG(crypt_stat->flags, | 1114 | if (crypt_stat->flags & ecryptfs_flag_map[i].local_flag) |
1119 | ecryptfs_flag_map[i].local_flag)) | ||
1120 | flags |= ecryptfs_flag_map[i].file_flag; | 1115 | flags |= ecryptfs_flag_map[i].file_flag; |
1121 | /* Version is in top 8 bits of the 32-bit flag vector */ | 1116 | /* Version is in top 8 bits of the 32-bit flag vector */ |
1122 | flags |= ((((u8)crypt_stat->file_version) << 24) & 0xFF000000); | 1117 | flags |= ((((u8)crypt_stat->file_version) << 24) & 0xFF000000); |
@@ -1414,10 +1409,8 @@ int ecryptfs_write_metadata(struct dentry *ecryptfs_dentry, | |||
1414 | 1409 | ||
1415 | crypt_stat = &ecryptfs_inode_to_private( | 1410 | crypt_stat = &ecryptfs_inode_to_private( |
1416 | ecryptfs_dentry->d_inode)->crypt_stat; | 1411 | ecryptfs_dentry->d_inode)->crypt_stat; |
1417 | if (likely(ECRYPTFS_CHECK_FLAG(crypt_stat->flags, | 1412 | if (likely(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) { |
1418 | ECRYPTFS_ENCRYPTED))) { | 1413 | if (!(crypt_stat->flags & ECRYPTFS_KEY_VALID)) { |
1419 | if (!ECRYPTFS_CHECK_FLAG(crypt_stat->flags, | ||
1420 | ECRYPTFS_KEY_VALID)) { | ||
1421 | ecryptfs_printk(KERN_DEBUG, "Key is " | 1414 | ecryptfs_printk(KERN_DEBUG, "Key is " |
1422 | "invalid; bailing out\n"); | 1415 | "invalid; bailing out\n"); |
1423 | rc = -EINVAL; | 1416 | rc = -EINVAL; |
diff --git a/fs/ecryptfs/debug.c b/fs/ecryptfs/debug.c index 61f8e894284f..434c7efd80f8 100644 --- a/fs/ecryptfs/debug.c +++ b/fs/ecryptfs/debug.c | |||
@@ -36,7 +36,7 @@ void ecryptfs_dump_auth_tok(struct ecryptfs_auth_tok *auth_tok) | |||
36 | 36 | ||
37 | ecryptfs_printk(KERN_DEBUG, "Auth tok at mem loc [%p]:\n", | 37 | ecryptfs_printk(KERN_DEBUG, "Auth tok at mem loc [%p]:\n", |
38 | auth_tok); | 38 | auth_tok); |
39 | if (ECRYPTFS_CHECK_FLAG(auth_tok->flags, ECRYPTFS_PRIVATE_KEY)) { | 39 | if (auth_tok->flags & ECRYPTFS_PRIVATE_KEY) { |
40 | ecryptfs_printk(KERN_DEBUG, " * private key type\n"); | 40 | ecryptfs_printk(KERN_DEBUG, " * private key type\n"); |
41 | ecryptfs_printk(KERN_DEBUG, " * (NO PRIVATE KEY SUPPORT " | 41 | ecryptfs_printk(KERN_DEBUG, " * (NO PRIVATE KEY SUPPORT " |
42 | "IN ECRYPTFS VERSION 0.1)\n"); | 42 | "IN ECRYPTFS VERSION 0.1)\n"); |
@@ -46,8 +46,8 @@ void ecryptfs_dump_auth_tok(struct ecryptfs_auth_tok *auth_tok) | |||
46 | ECRYPTFS_SALT_SIZE); | 46 | ECRYPTFS_SALT_SIZE); |
47 | salt[ECRYPTFS_SALT_SIZE * 2] = '\0'; | 47 | salt[ECRYPTFS_SALT_SIZE * 2] = '\0'; |
48 | ecryptfs_printk(KERN_DEBUG, " * salt = [%s]\n", salt); | 48 | ecryptfs_printk(KERN_DEBUG, " * salt = [%s]\n", salt); |
49 | if (ECRYPTFS_CHECK_FLAG(auth_tok->token.password.flags, | 49 | if (auth_tok->token.password.flags & |
50 | ECRYPTFS_PERSISTENT_PASSWORD)) { | 50 | ECRYPTFS_PERSISTENT_PASSWORD) { |
51 | ecryptfs_printk(KERN_DEBUG, " * persistent\n"); | 51 | ecryptfs_printk(KERN_DEBUG, " * persistent\n"); |
52 | } | 52 | } |
53 | memcpy(sig, auth_tok->token.password.signature, | 53 | memcpy(sig, auth_tok->token.password.signature, |
diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h index 31e628a3a1fa..839a34fa6fab 100644 --- a/fs/ecryptfs/ecryptfs_kernel.h +++ b/fs/ecryptfs/ecryptfs_kernel.h | |||
@@ -94,9 +94,6 @@ | |||
94 | #define RFC2440_CIPHER_TWOFISH 0x0a | 94 | #define RFC2440_CIPHER_TWOFISH 0x0a |
95 | #define RFC2440_CIPHER_CAST_6 0x0b | 95 | #define RFC2440_CIPHER_CAST_6 0x0b |
96 | 96 | ||
97 | #define ECRYPTFS_SET_FLAG(flag_bit_vector, flag) (flag_bit_vector |= (flag)) | ||
98 | #define ECRYPTFS_CLEAR_FLAG(flag_bit_vector, flag) (flag_bit_vector &= ~(flag)) | ||
99 | #define ECRYPTFS_CHECK_FLAG(flag_bit_vector, flag) (flag_bit_vector & (flag)) | ||
100 | #define RFC2440_CIPHER_RSA 0x01 | 97 | #define RFC2440_CIPHER_RSA 0x01 |
101 | 98 | ||
102 | /** | 99 | /** |
diff --git a/fs/ecryptfs/file.c b/fs/ecryptfs/file.c index 652ed772a9be..bd969adf70d7 100644 --- a/fs/ecryptfs/file.c +++ b/fs/ecryptfs/file.c | |||
@@ -273,11 +273,11 @@ static int ecryptfs_open(struct inode *inode, struct file *file) | |||
273 | lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry); | 273 | lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry); |
274 | crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat; | 274 | crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat; |
275 | mutex_lock(&crypt_stat->cs_mutex); | 275 | mutex_lock(&crypt_stat->cs_mutex); |
276 | if (!ECRYPTFS_CHECK_FLAG(crypt_stat->flags, ECRYPTFS_POLICY_APPLIED)) { | 276 | if (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED)) { |
277 | ecryptfs_printk(KERN_DEBUG, "Setting flags for stat...\n"); | 277 | ecryptfs_printk(KERN_DEBUG, "Setting flags for stat...\n"); |
278 | /* Policy code enabled in future release */ | 278 | /* Policy code enabled in future release */ |
279 | ECRYPTFS_SET_FLAG(crypt_stat->flags, ECRYPTFS_POLICY_APPLIED); | 279 | crypt_stat->flags |= ECRYPTFS_POLICY_APPLIED; |
280 | ECRYPTFS_SET_FLAG(crypt_stat->flags, ECRYPTFS_ENCRYPTED); | 280 | crypt_stat->flags |= ECRYPTFS_ENCRYPTED; |
281 | } | 281 | } |
282 | mutex_unlock(&crypt_stat->cs_mutex); | 282 | mutex_unlock(&crypt_stat->cs_mutex); |
283 | lower_flags = file->f_flags; | 283 | lower_flags = file->f_flags; |
@@ -297,15 +297,13 @@ static int ecryptfs_open(struct inode *inode, struct file *file) | |||
297 | lower_inode = lower_dentry->d_inode; | 297 | lower_inode = lower_dentry->d_inode; |
298 | if (S_ISDIR(ecryptfs_dentry->d_inode->i_mode)) { | 298 | if (S_ISDIR(ecryptfs_dentry->d_inode->i_mode)) { |
299 | ecryptfs_printk(KERN_DEBUG, "This is a directory\n"); | 299 | ecryptfs_printk(KERN_DEBUG, "This is a directory\n"); |
300 | ECRYPTFS_CLEAR_FLAG(crypt_stat->flags, ECRYPTFS_ENCRYPTED); | 300 | crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED); |
301 | rc = 0; | 301 | rc = 0; |
302 | goto out; | 302 | goto out; |
303 | } | 303 | } |
304 | mutex_lock(&crypt_stat->cs_mutex); | 304 | mutex_lock(&crypt_stat->cs_mutex); |
305 | if (!ECRYPTFS_CHECK_FLAG(crypt_stat->flags, | 305 | if (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED) |
306 | ECRYPTFS_POLICY_APPLIED) | 306 | || !(crypt_stat->flags & ECRYPTFS_KEY_VALID)) { |
307 | || !ECRYPTFS_CHECK_FLAG(crypt_stat->flags, | ||
308 | ECRYPTFS_KEY_VALID)) { | ||
309 | rc = ecryptfs_read_metadata(ecryptfs_dentry, lower_file); | 307 | rc = ecryptfs_read_metadata(ecryptfs_dentry, lower_file); |
310 | if (rc) { | 308 | if (rc) { |
311 | ecryptfs_printk(KERN_DEBUG, | 309 | ecryptfs_printk(KERN_DEBUG, |
@@ -320,9 +318,8 @@ static int ecryptfs_open(struct inode *inode, struct file *file) | |||
320 | mutex_unlock(&crypt_stat->cs_mutex); | 318 | mutex_unlock(&crypt_stat->cs_mutex); |
321 | goto out_puts; | 319 | goto out_puts; |
322 | } | 320 | } |
323 | ECRYPTFS_CLEAR_FLAG(crypt_stat->flags, | ||
324 | ECRYPTFS_ENCRYPTED); | ||
325 | rc = 0; | 321 | rc = 0; |
322 | crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED); | ||
326 | mutex_unlock(&crypt_stat->cs_mutex); | 323 | mutex_unlock(&crypt_stat->cs_mutex); |
327 | goto out; | 324 | goto out; |
328 | } | 325 | } |
diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c index 7d3391712027..91357183398d 100644 --- a/fs/ecryptfs/inode.c +++ b/fs/ecryptfs/inode.c | |||
@@ -161,9 +161,8 @@ static int grow_file(struct dentry *ecryptfs_dentry, struct file *lower_file, | |||
161 | ecryptfs_set_file_lower(&fake_file, lower_file); | 161 | ecryptfs_set_file_lower(&fake_file, lower_file); |
162 | rc = ecryptfs_fill_zeros(&fake_file, 1); | 162 | rc = ecryptfs_fill_zeros(&fake_file, 1); |
163 | if (rc) { | 163 | if (rc) { |
164 | ECRYPTFS_SET_FLAG( | 164 | ecryptfs_inode_to_private(inode)->crypt_stat.flags |= |
165 | ecryptfs_inode_to_private(inode)->crypt_stat.flags, | 165 | ECRYPTFS_SECURITY_WARNING; |
166 | ECRYPTFS_SECURITY_WARNING); | ||
167 | ecryptfs_printk(KERN_WARNING, "Error attempting to fill zeros " | 166 | ecryptfs_printk(KERN_WARNING, "Error attempting to fill zeros " |
168 | "in file; rc = [%d]\n", rc); | 167 | "in file; rc = [%d]\n", rc); |
169 | goto out; | 168 | goto out; |
@@ -172,8 +171,7 @@ static int grow_file(struct dentry *ecryptfs_dentry, struct file *lower_file, | |||
172 | ecryptfs_write_inode_size_to_metadata(lower_file, lower_inode, inode, | 171 | ecryptfs_write_inode_size_to_metadata(lower_file, lower_inode, inode, |
173 | ecryptfs_dentry, | 172 | ecryptfs_dentry, |
174 | ECRYPTFS_LOWER_I_MUTEX_NOT_HELD); | 173 | ECRYPTFS_LOWER_I_MUTEX_NOT_HELD); |
175 | ECRYPTFS_SET_FLAG(ecryptfs_inode_to_private(inode)->crypt_stat.flags, | 174 | ecryptfs_inode_to_private(inode)->crypt_stat.flags |= ECRYPTFS_NEW_FILE; |
176 | ECRYPTFS_NEW_FILE); | ||
177 | out: | 175 | out: |
178 | return rc; | 176 | return rc; |
179 | } | 177 | } |
@@ -216,10 +214,10 @@ static int ecryptfs_initialize_file(struct dentry *ecryptfs_dentry) | |||
216 | lower_inode = lower_dentry->d_inode; | 214 | lower_inode = lower_dentry->d_inode; |
217 | if (S_ISDIR(ecryptfs_dentry->d_inode->i_mode)) { | 215 | if (S_ISDIR(ecryptfs_dentry->d_inode->i_mode)) { |
218 | ecryptfs_printk(KERN_DEBUG, "This is a directory\n"); | 216 | ecryptfs_printk(KERN_DEBUG, "This is a directory\n"); |
219 | ECRYPTFS_CLEAR_FLAG(crypt_stat->flags, ECRYPTFS_ENCRYPTED); | 217 | crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED); |
220 | goto out_fput; | 218 | goto out_fput; |
221 | } | 219 | } |
222 | ECRYPTFS_SET_FLAG(crypt_stat->flags, ECRYPTFS_NEW_FILE); | 220 | crypt_stat->flags |= ECRYPTFS_NEW_FILE; |
223 | ecryptfs_printk(KERN_DEBUG, "Initializing crypto context\n"); | 221 | ecryptfs_printk(KERN_DEBUG, "Initializing crypto context\n"); |
224 | rc = ecryptfs_new_file_context(ecryptfs_dentry); | 222 | rc = ecryptfs_new_file_context(ecryptfs_dentry); |
225 | if (rc) { | 223 | if (rc) { |
@@ -373,7 +371,7 @@ static struct dentry *ecryptfs_lookup(struct inode *dir, struct dentry *dentry, | |||
373 | goto out_dput; | 371 | goto out_dput; |
374 | } | 372 | } |
375 | crypt_stat = &ecryptfs_inode_to_private(dentry->d_inode)->crypt_stat; | 373 | crypt_stat = &ecryptfs_inode_to_private(dentry->d_inode)->crypt_stat; |
376 | if (!ECRYPTFS_CHECK_FLAG(crypt_stat->flags, ECRYPTFS_POLICY_APPLIED)) | 374 | if (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED)) |
377 | ecryptfs_set_default_sizes(crypt_stat); | 375 | ecryptfs_set_default_sizes(crypt_stat); |
378 | rc = ecryptfs_read_and_validate_header_region(page_virt, lower_dentry, | 376 | rc = ecryptfs_read_and_validate_header_region(page_virt, lower_dentry, |
379 | nd->mnt); | 377 | nd->mnt); |
diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c index 558d538e2b1f..c209f67e7a26 100644 --- a/fs/ecryptfs/keystore.c +++ b/fs/ecryptfs/keystore.c | |||
@@ -607,13 +607,13 @@ parse_tag_1_packet(struct ecryptfs_crypt_stat *crypt_stat, | |||
607 | (*new_auth_tok)->session_key.flags |= | 607 | (*new_auth_tok)->session_key.flags |= |
608 | ECRYPTFS_CONTAINS_ENCRYPTED_KEY; | 608 | ECRYPTFS_CONTAINS_ENCRYPTED_KEY; |
609 | (*new_auth_tok)->token_type = ECRYPTFS_PRIVATE_KEY; | 609 | (*new_auth_tok)->token_type = ECRYPTFS_PRIVATE_KEY; |
610 | ECRYPTFS_SET_FLAG((*new_auth_tok)->flags, ECRYPTFS_PRIVATE_KEY); | 610 | (*new_auth_tok)->flags |= ECRYPTFS_PRIVATE_KEY; |
611 | /* TODO: Why are we setting this flag here? Don't we want the | 611 | /* TODO: Why are we setting this flag here? Don't we want the |
612 | * userspace to decrypt the session key? */ | 612 | * userspace to decrypt the session key? */ |
613 | ECRYPTFS_CLEAR_FLAG((*new_auth_tok)->session_key.flags, | 613 | (*new_auth_tok)->session_key.flags &= |
614 | ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT); | 614 | ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT); |
615 | ECRYPTFS_CLEAR_FLAG((*new_auth_tok)->session_key.flags, | 615 | (*new_auth_tok)->session_key.flags &= |
616 | ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT); | 616 | ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT); |
617 | list_add(&auth_tok_list_item->list, auth_tok_list); | 617 | list_add(&auth_tok_list_item->list, auth_tok_list); |
618 | goto out; | 618 | goto out; |
619 | out_free: | 619 | out_free: |
@@ -793,10 +793,10 @@ parse_tag_3_packet(struct ecryptfs_crypt_stat *crypt_stat, | |||
793 | (*new_auth_tok)->token_type = ECRYPTFS_PASSWORD; | 793 | (*new_auth_tok)->token_type = ECRYPTFS_PASSWORD; |
794 | /* TODO: Parametarize; we might actually want userspace to | 794 | /* TODO: Parametarize; we might actually want userspace to |
795 | * decrypt the session key. */ | 795 | * decrypt the session key. */ |
796 | ECRYPTFS_CLEAR_FLAG((*new_auth_tok)->session_key.flags, | 796 | (*new_auth_tok)->session_key.flags &= |
797 | ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT); | 797 | ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT); |
798 | ECRYPTFS_CLEAR_FLAG((*new_auth_tok)->session_key.flags, | 798 | (*new_auth_tok)->session_key.flags &= |
799 | ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT); | 799 | ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT); |
800 | list_add(&auth_tok_list_item->list, auth_tok_list); | 800 | list_add(&auth_tok_list_item->list, auth_tok_list); |
801 | goto out; | 801 | goto out; |
802 | out_free: | 802 | out_free: |
@@ -941,8 +941,7 @@ static int decrypt_session_key(struct ecryptfs_auth_tok *auth_tok, | |||
941 | int rc = 0; | 941 | int rc = 0; |
942 | 942 | ||
943 | password_s_ptr = &auth_tok->token.password; | 943 | password_s_ptr = &auth_tok->token.password; |
944 | if (ECRYPTFS_CHECK_FLAG(password_s_ptr->flags, | 944 | if (password_s_ptr->flags & ECRYPTFS_SESSION_KEY_ENCRYPTION_KEY_SET) |
945 | ECRYPTFS_SESSION_KEY_ENCRYPTION_KEY_SET)) | ||
946 | ecryptfs_printk(KERN_DEBUG, "Session key encryption key " | 945 | ecryptfs_printk(KERN_DEBUG, "Session key encryption key " |
947 | "set; skipping key generation\n"); | 946 | "set; skipping key generation\n"); |
948 | ecryptfs_printk(KERN_DEBUG, "Session key encryption key (size [%d])" | 947 | ecryptfs_printk(KERN_DEBUG, "Session key encryption key (size [%d])" |
@@ -1024,7 +1023,7 @@ static int decrypt_session_key(struct ecryptfs_auth_tok *auth_tok, | |||
1024 | auth_tok->session_key.flags |= ECRYPTFS_CONTAINS_DECRYPTED_KEY; | 1023 | auth_tok->session_key.flags |= ECRYPTFS_CONTAINS_DECRYPTED_KEY; |
1025 | memcpy(crypt_stat->key, auth_tok->session_key.decrypted_key, | 1024 | memcpy(crypt_stat->key, auth_tok->session_key.decrypted_key, |
1026 | auth_tok->session_key.decrypted_key_size); | 1025 | auth_tok->session_key.decrypted_key_size); |
1027 | ECRYPTFS_SET_FLAG(crypt_stat->flags, ECRYPTFS_KEY_VALID); | 1026 | crypt_stat->flags |= ECRYPTFS_KEY_VALID; |
1028 | ecryptfs_printk(KERN_DEBUG, "Decrypted session key:\n"); | 1027 | ecryptfs_printk(KERN_DEBUG, "Decrypted session key:\n"); |
1029 | if (ecryptfs_verbosity > 0) | 1028 | if (ecryptfs_verbosity > 0) |
1030 | ecryptfs_dump_hex(crypt_stat->key, | 1029 | ecryptfs_dump_hex(crypt_stat->key, |
@@ -1127,8 +1126,7 @@ int ecryptfs_parse_packet_set(struct ecryptfs_crypt_stat *crypt_stat, | |||
1127 | sig_tmp_space, tag_11_contents_size); | 1126 | sig_tmp_space, tag_11_contents_size); |
1128 | new_auth_tok->token.password.signature[ | 1127 | new_auth_tok->token.password.signature[ |
1129 | ECRYPTFS_PASSWORD_SIG_SIZE] = '\0'; | 1128 | ECRYPTFS_PASSWORD_SIG_SIZE] = '\0'; |
1130 | ECRYPTFS_SET_FLAG(crypt_stat->flags, | 1129 | crypt_stat->flags |= ECRYPTFS_ENCRYPTED; |
1131 | ECRYPTFS_ENCRYPTED); | ||
1132 | break; | 1130 | break; |
1133 | case ECRYPTFS_TAG_1_PACKET_TYPE: | 1131 | case ECRYPTFS_TAG_1_PACKET_TYPE: |
1134 | rc = parse_tag_1_packet(crypt_stat, | 1132 | rc = parse_tag_1_packet(crypt_stat, |
@@ -1142,8 +1140,7 @@ int ecryptfs_parse_packet_set(struct ecryptfs_crypt_stat *crypt_stat, | |||
1142 | goto out_wipe_list; | 1140 | goto out_wipe_list; |
1143 | } | 1141 | } |
1144 | i += packet_size; | 1142 | i += packet_size; |
1145 | ECRYPTFS_SET_FLAG(crypt_stat->flags, | 1143 | crypt_stat->flags |= ECRYPTFS_ENCRYPTED; |
1146 | ECRYPTFS_ENCRYPTED); | ||
1147 | break; | 1144 | break; |
1148 | case ECRYPTFS_TAG_11_PACKET_TYPE: | 1145 | case ECRYPTFS_TAG_11_PACKET_TYPE: |
1149 | ecryptfs_printk(KERN_WARNING, "Invalid packet set " | 1146 | ecryptfs_printk(KERN_WARNING, "Invalid packet set " |
@@ -1209,8 +1206,7 @@ int ecryptfs_parse_packet_set(struct ecryptfs_crypt_stat *crypt_stat, | |||
1209 | } | 1206 | } |
1210 | leave_list: | 1207 | leave_list: |
1211 | rc = -ENOTSUPP; | 1208 | rc = -ENOTSUPP; |
1212 | if ((ECRYPTFS_CHECK_FLAG(candidate_auth_tok->flags, | 1209 | if (candidate_auth_tok->token_type == ECRYPTFS_PRIVATE_KEY) { |
1213 | ECRYPTFS_PRIVATE_KEY))) { | ||
1214 | memcpy(&(candidate_auth_tok->token.private_key), | 1210 | memcpy(&(candidate_auth_tok->token.private_key), |
1215 | &(chosen_auth_tok->token.private_key), | 1211 | &(chosen_auth_tok->token.private_key), |
1216 | sizeof(struct ecryptfs_private_key)); | 1212 | sizeof(struct ecryptfs_private_key)); |
diff --git a/fs/ecryptfs/mmap.c b/fs/ecryptfs/mmap.c index f5f962d7a123..3014aa719953 100644 --- a/fs/ecryptfs/mmap.c +++ b/fs/ecryptfs/mmap.c | |||
@@ -295,8 +295,8 @@ static int ecryptfs_readpage(struct file *file, struct page *page) | |||
295 | crypt_stat = &ecryptfs_inode_to_private(file->f_path.dentry->d_inode) | 295 | crypt_stat = &ecryptfs_inode_to_private(file->f_path.dentry->d_inode) |
296 | ->crypt_stat; | 296 | ->crypt_stat; |
297 | if (!crypt_stat | 297 | if (!crypt_stat |
298 | || !ECRYPTFS_CHECK_FLAG(crypt_stat->flags, ECRYPTFS_ENCRYPTED) | 298 | || !(crypt_stat->flags & ECRYPTFS_ENCRYPTED) |
299 | || ECRYPTFS_CHECK_FLAG(crypt_stat->flags, ECRYPTFS_NEW_FILE)) { | 299 | || (crypt_stat->flags & ECRYPTFS_NEW_FILE)) { |
300 | ecryptfs_printk(KERN_DEBUG, | 300 | ecryptfs_printk(KERN_DEBUG, |
301 | "Passing through unencrypted page\n"); | 301 | "Passing through unencrypted page\n"); |
302 | rc = ecryptfs_do_readpage(file, page, page->index); | 302 | rc = ecryptfs_do_readpage(file, page, page->index); |
@@ -657,10 +657,10 @@ static int ecryptfs_commit_write(struct file *file, struct page *page, | |||
657 | mutex_lock(&lower_inode->i_mutex); | 657 | mutex_lock(&lower_inode->i_mutex); |
658 | crypt_stat = &ecryptfs_inode_to_private(file->f_path.dentry->d_inode) | 658 | crypt_stat = &ecryptfs_inode_to_private(file->f_path.dentry->d_inode) |
659 | ->crypt_stat; | 659 | ->crypt_stat; |
660 | if (ECRYPTFS_CHECK_FLAG(crypt_stat->flags, ECRYPTFS_NEW_FILE)) { | 660 | if (crypt_stat->flags & ECRYPTFS_NEW_FILE) { |
661 | ecryptfs_printk(KERN_DEBUG, "ECRYPTFS_NEW_FILE flag set in " | 661 | ecryptfs_printk(KERN_DEBUG, "ECRYPTFS_NEW_FILE flag set in " |
662 | "crypt_stat at memory location [%p]\n", crypt_stat); | 662 | "crypt_stat at memory location [%p]\n", crypt_stat); |
663 | ECRYPTFS_CLEAR_FLAG(crypt_stat->flags, ECRYPTFS_NEW_FILE); | 663 | crypt_stat->flags &= ~(ECRYPTFS_NEW_FILE); |
664 | } else | 664 | } else |
665 | ecryptfs_printk(KERN_DEBUG, "Not a new file\n"); | 665 | ecryptfs_printk(KERN_DEBUG, "Not a new file\n"); |
666 | ecryptfs_printk(KERN_DEBUG, "Calling fill_zeros_to_end_of_page" | 666 | ecryptfs_printk(KERN_DEBUG, "Calling fill_zeros_to_end_of_page" |