eCryptfs: replace encrypt, decrypt, and inode size write

Replace page encryption and decryption routines and inode size write routine with versions that utilize the read_write.c functions. Signed-off-by: Michael Halcrow <mhalcrow@us.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
author: Michael Halcrow <mhalcrow@us.ibm.com> 2007-10-16 04:28:08 -0400
committer: Linus Torvalds <torvalds@woody.linux-foundation.org> 2007-10-16 12:43:12 -0400
commit: 0216f7f7921759211e48e8b940eae29f0fe43902 (patch)
tree: 44999b1dfb49944bfd83881c8d9e0cbe3a90e2b7 /fs/ecryptfs/crypto.c
parent: da0102a10aed2244d8fc34f289e81e502622b81e (diff)
1 files changed, 235 insertions, 192 deletions
diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c
index e3d2118fafad..7f788ea5da2b 100644
--- a/fs/ecryptfs/crypto.c
+++ b/fs/ecryptfs/crypto.c
@@ -467,8 +467,91 @@ out:
 }
 /**
+ * ecryptfs_lower_offset_for_extent
+ *
+ * Convert an eCryptfs page index into a lower byte offset
+ */
+void ecryptfs_lower_offset_for_extent(loff_t *offset, loff_t extent_num,
+                                      struct ecryptfs_crypt_stat *crypt_stat)
+{
+        (*offset) = ((crypt_stat->extent_size
+                      * crypt_stat->num_header_extents_at_front)
+                     + (crypt_stat->extent_size * extent_num));
+}
+/**
+ * ecryptfs_encrypt_extent
+ * @enc_extent_page: Allocated page into which to encrypt the data in
+ *                   @page
+ * @crypt_stat: crypt_stat containing cryptographic context for the
+ *              encryption operation
+ * @page: Page containing plaintext data extent to encrypt
+ * @extent_offset: Page extent offset for use in generating IV
+ *
+ * Encrypts one extent of data.
+ *
+ * Return zero on success; non-zero otherwise
+ */
+static int ecryptfs_encrypt_extent(struct page *enc_extent_page,
+                                   struct ecryptfs_crypt_stat *crypt_stat,
+                                   struct page *page,
+                                   unsigned long extent_offset)
+{
+        unsigned long extent_base;
+        char extent_iv[ECRYPTFS_MAX_IV_BYTES];
+        int rc;
+        extent_base = (page->index
+                       * (PAGE_CACHE_SIZE / crypt_stat->extent_size));
+        rc = ecryptfs_derive_iv(extent_iv, crypt_stat,
+                                (extent_base + extent_offset));
+        if (rc) {
+                ecryptfs_printk(KERN_ERR, "Error attempting to "
+                                "derive IV for extent [0x%.16x]; "
+                                "rc = [%d]\n", (extent_base + extent_offset),
+                                rc);
+                goto out;
+        }
+        if (unlikely(ecryptfs_verbosity > 0)) {
+                ecryptfs_printk(KERN_DEBUG, "Encrypting extent "
+                                "with iv:\n");
+                ecryptfs_dump_hex(extent_iv, crypt_stat->iv_bytes);
+                ecryptfs_printk(KERN_DEBUG, "First 8 bytes before "
+                                "encryption:\n");
+                ecryptfs_dump_hex((char *)
+                                  (page_address(page)
+                                   + (extent_offset * crypt_stat->extent_size)),
+                                  8);
+        }
+        rc = ecryptfs_encrypt_page_offset(crypt_stat, enc_extent_page, 0,
+                                          page, (extent_offset
+                                                 * crypt_stat->extent_size),
+                                          crypt_stat->extent_size, extent_iv);
+        if (rc < 0) {
+                printk(KERN_ERR "%s: Error attempting to encrypt page with "
+                       "page->index = [%ld], extent_offset = [%ld]; "
+                       "rc = [%d]\n", __FUNCTION__, page->index, extent_offset,
+                       rc);
+                goto out;
+        }
+        rc = 0;
+        if (unlikely(ecryptfs_verbosity > 0)) {
+                ecryptfs_printk(KERN_DEBUG, "Encrypt extent [0x%.16x]; "
+                                "rc = [%d]\n", (extent_base + extent_offset),
+                                rc);
+                ecryptfs_printk(KERN_DEBUG, "First 8 bytes after "
+                                "encryption:\n");
+                ecryptfs_dump_hex((char *)(page_address(enc_extent_page)), 8);
+        }
+out:
+        return rc;
+}
+/**
 * ecryptfs_encrypt_page
- * @ctx: The context of the page
+ * @page: Page mapped from the eCryptfs inode for the file; contains
+ *        decrypted content that needs to be encrypted (to a temporary
+ *        page; not in place) and written out to the lower file
 *
 * Encrypt an eCryptfs page. This is done on a per-extent basis. Note
 * that eCryptfs pages may straddle the lower pages -- for instance,
@@ -478,128 +561,121 @@ out:
 * file, 24K of page 0 of the lower file will be read and decrypted,
 * and then 8K of page 1 of the lower file will be read and decrypted.
 *
- * The actual operations performed on each page depends on the
- * contents of the ecryptfs_page_crypt_context struct.
- *
 * Returns zero on success; negative on error
 */
-int ecryptfs_encrypt_page(struct ecryptfs_page_crypt_context *ctx)
+int ecryptfs_encrypt_page(struct page *page)
 {
-        char extent_iv[ECRYPTFS_MAX_IV_BYTES];
+        struct inode *ecryptfs_inode;
-        unsigned long base_extent;
-        unsigned long extent_offset = 0;
-        unsigned long lower_page_idx = 0;
-        unsigned long prior_lower_page_idx = 0;
-        struct page *lower_page;
-        struct inode *lower_inode;
-        struct ecryptfs_inode_info *inode_info;
        struct ecryptfs_crypt_stat *crypt_stat;
+        char *enc_extent_virt = NULL;
+        struct page *enc_extent_page;
+        loff_t extent_offset;
        int rc = 0;
-        int lower_byte_offset = 0;
-        int orig_byte_offset = 0;
+        ecryptfs_inode = page->mapping->host;
-        int num_extents_per_page;
+        crypt_stat =
-#define ECRYPTFS_PAGE_STATE_UNREAD    0
+                &(ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat);
-#define ECRYPTFS_PAGE_STATE_READ      1
-#define ECRYPTFS_PAGE_STATE_MODIFIED  2
-#define ECRYPTFS_PAGE_STATE_WRITTEN   3
-        int page_state;
-        lower_inode = ecryptfs_inode_to_lower(ctx->page->mapping->host);
-        inode_info = ecryptfs_inode_to_private(ctx->page->mapping->host);
-        crypt_stat = &inode_info->crypt_stat;
        if (!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) {
-                rc = ecryptfs_copy_page_to_lower(ctx->page, lower_inode,
+                rc = ecryptfs_write_lower_page_segment(ecryptfs_inode, page,
-                                                 ctx->param.lower_file);
+                                                       0, PAGE_CACHE_SIZE);
                if (rc)
-                        ecryptfs_printk(KERN_ERR, "Error attempting to copy "
+                        printk(KERN_ERR "%s: Error attempting to copy "
-                                        "page at index [0x%.16x]\n",
+                               "page at index [%ld]\n", __FUNCTION__,
-                                        ctx->page->index);
+                               page->index);
                goto out;
        }
-        num_extents_per_page = PAGE_CACHE_SIZE / crypt_stat->extent_size;
+        enc_extent_virt = kmalloc(PAGE_CACHE_SIZE, GFP_USER);
-        base_extent = (ctx->page->index * num_extents_per_page);
+        if (!enc_extent_virt) {
-        page_state = ECRYPTFS_PAGE_STATE_UNREAD;
+                rc = -ENOMEM;
-        while (extent_offset < num_extents_per_page) {
+                ecryptfs_printk(KERN_ERR, "Error allocating memory for "
-                ecryptfs_extent_to_lwr_pg_idx_and_offset(
+                                "encrypted extent\n");
-                        &lower_page_idx, &lower_byte_offset, crypt_stat,
+                goto out;
-                        (base_extent + extent_offset));
+        }
-                if (prior_lower_page_idx != lower_page_idx
+        enc_extent_page = virt_to_page(enc_extent_virt);
-                    && page_state == ECRYPTFS_PAGE_STATE_MODIFIED) {
+        for (extent_offset = 0;
-                        rc = ecryptfs_write_out_page(ctx, lower_page,
+             extent_offset < (PAGE_CACHE_SIZE / crypt_stat->extent_size);
-                                                     lower_inode,
+             extent_offset++) {
-                                                     orig_byte_offset,
+                loff_t offset;
-                                                     (PAGE_CACHE_SIZE
-                                                      - orig_byte_offset));
+                rc = ecryptfs_encrypt_extent(enc_extent_page, crypt_stat, page,
-                        if (rc) {
+                                             extent_offset);
-                                ecryptfs_printk(KERN_ERR, "Error attempting "
-                                                "to write out page; rc = [%d]"
-                                                "\n", rc);
-                                goto out;
-                        }
-                        page_state = ECRYPTFS_PAGE_STATE_WRITTEN;
-                }
-                if (page_state == ECRYPTFS_PAGE_STATE_UNREAD
-                    || page_state == ECRYPTFS_PAGE_STATE_WRITTEN) {
-                        rc = ecryptfs_read_in_page(ctx, &lower_page,
-                                                   lower_inode, lower_page_idx,
-                                                   lower_byte_offset);
-                        if (rc) {
-                                ecryptfs_printk(KERN_ERR, "Error attempting "
-                                                "to read in lower page with "
-                                                "index [0x%.16x]; rc = [%d]\n",
-                                                lower_page_idx, rc);
-                                goto out;
-                        }
-                        orig_byte_offset = lower_byte_offset;
-                        prior_lower_page_idx = lower_page_idx;
-                        page_state = ECRYPTFS_PAGE_STATE_READ;
-                }
-                BUG_ON(!(page_state == ECRYPTFS_PAGE_STATE_MODIFIED
-                         || page_state == ECRYPTFS_PAGE_STATE_READ));
-                rc = ecryptfs_derive_iv(extent_iv, crypt_stat,
-                                        (base_extent + extent_offset));
                if (rc) {
-                        ecryptfs_printk(KERN_ERR, "Error attempting to "
+                        printk(KERN_ERR "%s: Error encrypting extent; "
-                                        "derive IV for extent [0x%.16x]; "
+                               "rc = [%d]\n", __FUNCTION__, rc);
-                                        "rc = [%d]\n",
-                                        (base_extent + extent_offset), rc);
                        goto out;
                }
-                if (unlikely(ecryptfs_verbosity > 0)) {
+                ecryptfs_lower_offset_for_extent(
-                        ecryptfs_printk(KERN_DEBUG, "Encrypting extent "
+                        &offset, ((page->index * (PAGE_CACHE_SIZE
-                                        "with iv:\n");
+                                                  / crypt_stat->extent_size))
-                        ecryptfs_dump_hex(extent_iv, crypt_stat->iv_bytes);
+                                  + extent_offset), crypt_stat);
-                        ecryptfs_printk(KERN_DEBUG, "First 8 bytes before "
+                rc = ecryptfs_write_lower(ecryptfs_inode, enc_extent_virt,
-                                        "encryption:\n");
+                                          offset, crypt_stat->extent_size);
-                        ecryptfs_dump_hex((char *)
+                if (rc) {
-                                          (page_address(ctx->page)
+                        ecryptfs_printk(KERN_ERR, "Error attempting "
-                                           + (extent_offset
+                                        "to write lower page; rc = [%d]"
-                                              * crypt_stat->extent_size)), 8);
+                                        "\n", rc);
-                }
+                        goto out;
-                rc = ecryptfs_encrypt_page_offset(
-                        crypt_stat, lower_page, lower_byte_offset, ctx->page,
-                        (extent_offset * crypt_stat->extent_size),
-                        crypt_stat->extent_size, extent_iv);
-                ecryptfs_printk(KERN_DEBUG, "Encrypt extent [0x%.16x]; "
-                                "rc = [%d]\n",
-                                (base_extent + extent_offset), rc);
-                if (unlikely(ecryptfs_verbosity > 0)) {
-                        ecryptfs_printk(KERN_DEBUG, "First 8 bytes after "
-                                        "encryption:\n");
-                        ecryptfs_dump_hex((char *)(page_address(lower_page)
-                                                   + lower_byte_offset), 8);
                }
-                page_state = ECRYPTFS_PAGE_STATE_MODIFIED;
                extent_offset++;
        }
-        BUG_ON(orig_byte_offset != 0);
+out:
-        rc = ecryptfs_write_out_page(ctx, lower_page, lower_inode, 0,
+        kfree(enc_extent_virt);
-                                     (lower_byte_offset
+        return rc;
-                                      + crypt_stat->extent_size));
+}
+static int ecryptfs_decrypt_extent(struct page *page,
+                                   struct ecryptfs_crypt_stat *crypt_stat,
+                                   struct page *enc_extent_page,
+                                   unsigned long extent_offset)
+{
+        unsigned long extent_base;
+        char extent_iv[ECRYPTFS_MAX_IV_BYTES];
+        int rc;
+        extent_base = (page->index
+                       * (PAGE_CACHE_SIZE / crypt_stat->extent_size));
+        rc = ecryptfs_derive_iv(extent_iv, crypt_stat,
+                                (extent_base + extent_offset));
        if (rc) {
-                ecryptfs_printk(KERN_ERR, "Error attempting to write out "
+                ecryptfs_printk(KERN_ERR, "Error attempting to "
-                                "page; rc = [%d]\n", rc);
+                                "derive IV for extent [0x%.16x]; "
-                                goto out;
+                                "rc = [%d]\n", (extent_base + extent_offset),
+                                rc);
+                goto out;
+        }
+        if (unlikely(ecryptfs_verbosity > 0)) {
+                ecryptfs_printk(KERN_DEBUG, "Decrypting extent "
+                                "with iv:\n");
+                ecryptfs_dump_hex(extent_iv, crypt_stat->iv_bytes);
+                ecryptfs_printk(KERN_DEBUG, "First 8 bytes before "
+                                "decryption:\n");
+                ecryptfs_dump_hex((char *)
+                                  (page_address(enc_extent_page)
+                                   + (extent_offset * crypt_stat->extent_size)),
+                                  8);
+        }
+        rc = ecryptfs_decrypt_page_offset(crypt_stat, page,
+                                          (extent_offset
+                                           * crypt_stat->extent_size),
+                                          enc_extent_page, 0,
+                                          crypt_stat->extent_size, extent_iv);
+        if (rc < 0) {
+                printk(KERN_ERR "%s: Error attempting to decrypt to page with "
+                       "page->index = [%ld], extent_offset = [%ld]; "
+                       "rc = [%d]\n", __FUNCTION__, page->index, extent_offset,
+                       rc);
+                goto out;
+        }
+        rc = 0;
+        if (unlikely(ecryptfs_verbosity > 0)) {
+                ecryptfs_printk(KERN_DEBUG, "Decrypt extent [0x%.16x]; "
+                                "rc = [%d]\n", (extent_base + extent_offset),
+                                rc);
+                ecryptfs_printk(KERN_DEBUG, "First 8 bytes after "
+                                "decryption:\n");
+                ecryptfs_dump_hex((char *)(page_address(page)
+                                           + (extent_offset
+                                              * crypt_stat->extent_size)), 8);
        }
 out:
        return rc;
@@ -607,8 +683,9 @@ out:
 /**
 * ecryptfs_decrypt_page
- * @file: The ecryptfs file
+ * @page: Page mapped from the eCryptfs inode for the file; data read
- * @page: The page in ecryptfs to decrypt
+ *        and decrypted from the lower file will be written into this
+ *        page
 *
 * Decrypt an eCryptfs page. This is done on a per-extent basis. Note
 * that eCryptfs pages may straddle the lower pages -- for instance,
@@ -620,103 +697,69 @@ out:
 *
 * Returns zero on success; negative on error
 */
-int ecryptfs_decrypt_page(struct file *file, struct page *page)
+int ecryptfs_decrypt_page(struct page *page)
 {
-        char extent_iv[ECRYPTFS_MAX_IV_BYTES];
+        struct inode *ecryptfs_inode;
-        unsigned long base_extent;
-        unsigned long extent_offset = 0;
-        unsigned long lower_page_idx = 0;
-        unsigned long prior_lower_page_idx = 0;
-        struct page *lower_page;
-        char *lower_page_virt = NULL;
-        struct inode *lower_inode;
        struct ecryptfs_crypt_stat *crypt_stat;
+        char *enc_extent_virt = NULL;
+        struct page *enc_extent_page;
+        unsigned long extent_offset;
        int rc = 0;
-        int byte_offset;
-        int num_extents_per_page;
-        int page_state;
-        crypt_stat = &(ecryptfs_inode_to_private(
+        ecryptfs_inode = page->mapping->host;
-                               page->mapping->host)->crypt_stat);
+        crypt_stat =
-        lower_inode = ecryptfs_inode_to_lower(page->mapping->host);
+                &(ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat);
        if (!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) {
-                rc = ecryptfs_do_readpage(file, page, page->index);
+                rc = ecryptfs_read_lower_page_segment(page, page->index, 0,
+                                                      PAGE_CACHE_SIZE,
+                                                      ecryptfs_inode);
                if (rc)
-                        ecryptfs_printk(KERN_ERR, "Error attempting to copy "
+                        printk(KERN_ERR "%s: Error attempting to copy "
-                                        "page at index [0x%.16x]\n",
+                               "page at index [%ld]\n", __FUNCTION__,
-                                        page->index);
+                               page->index);
-                goto out;
+                goto out_clear_uptodate;
        }
-        num_extents_per_page = PAGE_CACHE_SIZE / crypt_stat->extent_size;
+        enc_extent_virt = kmalloc(PAGE_CACHE_SIZE, GFP_USER);
-        base_extent = (page->index * num_extents_per_page);
+        if (!enc_extent_virt) {
-        lower_page_virt = kmem_cache_alloc(ecryptfs_lower_page_cache,
-                                           GFP_KERNEL);
-        if (!lower_page_virt) {
                rc = -ENOMEM;
-                ecryptfs_printk(KERN_ERR, "Error getting page for encrypted "
+                ecryptfs_printk(KERN_ERR, "Error allocating memory for "
-                                "lower page(s)\n");
+                                "encrypted extent\n");
-                goto out;
+                goto out_clear_uptodate;
-        }
+        }
-        lower_page = virt_to_page(lower_page_virt);
+        enc_extent_page = virt_to_page(enc_extent_virt);
-        page_state = ECRYPTFS_PAGE_STATE_UNREAD;
+        for (extent_offset = 0;
-        while (extent_offset < num_extents_per_page) {
+             extent_offset < (PAGE_CACHE_SIZE / crypt_stat->extent_size);
-                ecryptfs_extent_to_lwr_pg_idx_and_offset(
+             extent_offset++) {
-                        &lower_page_idx, &byte_offset, crypt_stat,
+                loff_t offset;
-                        (base_extent + extent_offset));
-                if (prior_lower_page_idx != lower_page_idx
+                ecryptfs_lower_offset_for_extent(
-                    || page_state == ECRYPTFS_PAGE_STATE_UNREAD) {
+                        &offset, ((page->index * (PAGE_CACHE_SIZE
-                        rc = ecryptfs_do_readpage(file, lower_page,
+                                                  / crypt_stat->extent_size))
-                                                  lower_page_idx);
+                                  + extent_offset), crypt_stat);
-                        if (rc) {
+                rc = ecryptfs_read_lower(enc_extent_virt, offset,
-                                ecryptfs_printk(KERN_ERR, "Error reading "
+                                         crypt_stat->extent_size,
-                                                "lower encrypted page; rc = "
+                                         ecryptfs_inode);
-                                                "[%d]\n", rc);
-                                goto out;
-                        }
-                        prior_lower_page_idx = lower_page_idx;
-                        page_state = ECRYPTFS_PAGE_STATE_READ;
-                }
-                rc = ecryptfs_derive_iv(extent_iv, crypt_stat,
-                                        (base_extent + extent_offset));
                if (rc) {
-                        ecryptfs_printk(KERN_ERR, "Error attempting to "
+                        ecryptfs_printk(KERN_ERR, "Error attempting "
-                                        "derive IV for extent [0x%.16x]; rc = "
+                                        "to read lower page; rc = [%d]"
-                                        "[%d]\n",
+                                        "\n", rc);
-                                        (base_extent + extent_offset), rc);
+                        goto out_clear_uptodate;
-                        goto out;
-                }
-                if (unlikely(ecryptfs_verbosity > 0)) {
-                        ecryptfs_printk(KERN_DEBUG, "Decrypting extent "
-                                        "with iv:\n");
-                        ecryptfs_dump_hex(extent_iv, crypt_stat->iv_bytes);
-                        ecryptfs_printk(KERN_DEBUG, "First 8 bytes before "
-                                        "decryption:\n");
-                        ecryptfs_dump_hex((lower_page_virt + byte_offset), 8);
                }
-                rc = ecryptfs_decrypt_page_offset(crypt_stat, page,
+                rc = ecryptfs_decrypt_extent(page, crypt_stat, enc_extent_page,
-                                                  (extent_offset
+                                             extent_offset);
-                                                   * crypt_stat->extent_size),
+                if (rc) {
-                                                  lower_page, byte_offset,
+                        printk(KERN_ERR "%s: Error encrypting extent; "
-                                                  crypt_stat->extent_size,
+                               "rc = [%d]\n", __FUNCTION__, rc);
-                                                  extent_iv);
+                        goto out_clear_uptodate;
-                if (rc != crypt_stat->extent_size) {
-                        ecryptfs_printk(KERN_ERR, "Error attempting to "
-                                        "decrypt extent [0x%.16x]\n",
-                                        (base_extent + extent_offset));
-                        goto out;
-                }
-                rc = 0;
-                if (unlikely(ecryptfs_verbosity > 0)) {
-                        ecryptfs_printk(KERN_DEBUG, "First 8 bytes after "
-                                        "decryption:\n");
-                        ecryptfs_dump_hex((char *)(page_address(page)
-                                                   + byte_offset), 8);
                }
                extent_offset++;
        }
+        SetPageUptodate(page);
+        goto out;
+out_clear_uptodate:
+        ClearPageUptodate(page);
 out:
-        if (lower_page_virt)
+        kfree(enc_extent_virt);
-                kmem_cache_free(ecryptfs_lower_page_cache, lower_page_virt);
        return rc;
 }
author	Michael Halcrow <mhalcrow@us.ibm.com>	2007-10-16 04:28:08 -0400
committer	Linus Torvalds <torvalds@woody.linux-foundation.org>	2007-10-16 12:43:12 -0400
commit	0216f7f7921759211e48e8b940eae29f0fe43902 (patch)
tree	44999b1dfb49944bfd83881c8d9e0cbe3a90e2b7 /fs/ecryptfs/crypto.c
parent	da0102a10aed2244d8fc34f289e81e502622b81e (diff)

diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c index e3d2118fafad..7f788ea5da2b 100644 --- a/fs/ecryptfs/crypto.c +++ b/fs/ecryptfs/crypto.c
@@ -467,8 +467,91 @@ out:
467	}	467	}
468		468
469	/**	469	/**
		470	* ecryptfs_lower_offset_for_extent
		471	*
		472	* Convert an eCryptfs page index into a lower byte offset
		473	*/
		474	void ecryptfs_lower_offset_for_extent(loff_t *offset, loff_t extent_num,
		475	struct ecryptfs_crypt_stat *crypt_stat)
		476	{
		477	(*offset) = ((crypt_stat->extent_size
		478	* crypt_stat->num_header_extents_at_front)
		479	+ (crypt_stat->extent_size * extent_num));
		480	}
		481
		482	/**
		483	* ecryptfs_encrypt_extent
		484	* @enc_extent_page: Allocated page into which to encrypt the data in
		485	* @page
		486	* @crypt_stat: crypt_stat containing cryptographic context for the
		487	* encryption operation
		488	* @page: Page containing plaintext data extent to encrypt
		489	* @extent_offset: Page extent offset for use in generating IV
		490	*
		491	* Encrypts one extent of data.
		492	*
		493	* Return zero on success; non-zero otherwise
		494	*/
		495	static int ecryptfs_encrypt_extent(struct page *enc_extent_page,
		496	struct ecryptfs_crypt_stat *crypt_stat,
		497	struct page *page,
		498	unsigned long extent_offset)
		499	{
		500	unsigned long extent_base;
		501	char extent_iv[ECRYPTFS_MAX_IV_BYTES];
		502	int rc;
		503
		504	extent_base = (page->index
		505	* (PAGE_CACHE_SIZE / crypt_stat->extent_size));
		506	rc = ecryptfs_derive_iv(extent_iv, crypt_stat,
		507	(extent_base + extent_offset));
		508	if (rc) {
		509	ecryptfs_printk(KERN_ERR, "Error attempting to "
		510	"derive IV for extent [0x%.16x]; "
		511	"rc = [%d]\n", (extent_base + extent_offset),
		512	rc);
		513	goto out;
		514	}
		515	if (unlikely(ecryptfs_verbosity > 0)) {
		516	ecryptfs_printk(KERN_DEBUG, "Encrypting extent "
		517	"with iv:\n");
		518	ecryptfs_dump_hex(extent_iv, crypt_stat->iv_bytes);
		519	ecryptfs_printk(KERN_DEBUG, "First 8 bytes before "
		520	"encryption:\n");
		521	ecryptfs_dump_hex((char *)
		522	(page_address(page)
		523	+ (extent_offset * crypt_stat->extent_size)),
		524	8);
		525	}
		526	rc = ecryptfs_encrypt_page_offset(crypt_stat, enc_extent_page, 0,
		527	page, (extent_offset
		528	* crypt_stat->extent_size),
		529	crypt_stat->extent_size, extent_iv);
		530	if (rc < 0) {
		531	printk(KERN_ERR "%s: Error attempting to encrypt page with "
		532	"page->index = [%ld], extent_offset = [%ld]; "
		533	"rc = [%d]\n", __FUNCTION__, page->index, extent_offset,
		534	rc);
		535	goto out;
		536	}
		537	rc = 0;
		538	if (unlikely(ecryptfs_verbosity > 0)) {
		539	ecryptfs_printk(KERN_DEBUG, "Encrypt extent [0x%.16x]; "
		540	"rc = [%d]\n", (extent_base + extent_offset),
		541	rc);
		542	ecryptfs_printk(KERN_DEBUG, "First 8 bytes after "
		543	"encryption:\n");
		544	ecryptfs_dump_hex((char *)(page_address(enc_extent_page)), 8);
		545	}
		546	out:
		547	return rc;
		548	}
		549
		550	/**
470	* ecryptfs_encrypt_page	551	* ecryptfs_encrypt_page
471	* @ctx: The context of the page	552	* @page: Page mapped from the eCryptfs inode for the file; contains
		553	* decrypted content that needs to be encrypted (to a temporary
		554	* page; not in place) and written out to the lower file
472	*	555	*
473	* Encrypt an eCryptfs page. This is done on a per-extent basis. Note	556	* Encrypt an eCryptfs page. This is done on a per-extent basis. Note
474	* that eCryptfs pages may straddle the lower pages -- for instance,	557	* that eCryptfs pages may straddle the lower pages -- for instance,
@@ -478,128 +561,121 @@ out:
478	* file, 24K of page 0 of the lower file will be read and decrypted,	561	* file, 24K of page 0 of the lower file will be read and decrypted,
479	* and then 8K of page 1 of the lower file will be read and decrypted.	562	* and then 8K of page 1 of the lower file will be read and decrypted.
480	*	563	*
481	* The actual operations performed on each page depends on the
482	* contents of the ecryptfs_page_crypt_context struct.
483	*
484	* Returns zero on success; negative on error	564	* Returns zero on success; negative on error
485	*/	565	*/
486	int ecryptfs_encrypt_page(struct ecryptfs_page_crypt_context *ctx)	566	int ecryptfs_encrypt_page(struct page *page)
487	{	567	{
488	char extent_iv[ECRYPTFS_MAX_IV_BYTES];	568	struct inode *ecryptfs_inode;
489	unsigned long base_extent;
490	unsigned long extent_offset = 0;
491	unsigned long lower_page_idx = 0;
492	unsigned long prior_lower_page_idx = 0;
493	struct page *lower_page;
494	struct inode *lower_inode;
495	struct ecryptfs_inode_info *inode_info;
496	struct ecryptfs_crypt_stat *crypt_stat;	569	struct ecryptfs_crypt_stat *crypt_stat;
		570	char *enc_extent_virt = NULL;
		571	struct page *enc_extent_page;
		572	loff_t extent_offset;
497	int rc = 0;	573	int rc = 0;
498	int lower_byte_offset = 0;	574
499	int orig_byte_offset = 0;	575	ecryptfs_inode = page->mapping->host;
500	int num_extents_per_page;	576	crypt_stat =
501	#define ECRYPTFS_PAGE_STATE_UNREAD 0	577	&(ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat);
502	#define ECRYPTFS_PAGE_STATE_READ 1
503	#define ECRYPTFS_PAGE_STATE_MODIFIED 2
504	#define ECRYPTFS_PAGE_STATE_WRITTEN 3
505	int page_state;
506
507	lower_inode = ecryptfs_inode_to_lower(ctx->page->mapping->host);
508	inode_info = ecryptfs_inode_to_private(ctx->page->mapping->host);
509	crypt_stat = &inode_info->crypt_stat;
510	if (!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) {	578	if (!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) {
511	rc = ecryptfs_copy_page_to_lower(ctx->page, lower_inode,	579	rc = ecryptfs_write_lower_page_segment(ecryptfs_inode, page,
512	ctx->param.lower_file);	580	0, PAGE_CACHE_SIZE);
513	if (rc)	581	if (rc)
514	ecryptfs_printk(KERN_ERR, "Error attempting to copy "	582	printk(KERN_ERR "%s: Error attempting to copy "
515	"page at index [0x%.16x]\n",	583	"page at index [%ld]\n", __FUNCTION__,
516	ctx->page->index);	584	page->index);
517	goto out;	585	goto out;
518	}	586	}
519	num_extents_per_page = PAGE_CACHE_SIZE / crypt_stat->extent_size;	587	enc_extent_virt = kmalloc(PAGE_CACHE_SIZE, GFP_USER);
520	base_extent = (ctx->page->index * num_extents_per_page);	588	if (!enc_extent_virt) {
521	page_state = ECRYPTFS_PAGE_STATE_UNREAD;	589	rc = -ENOMEM;
522	while (extent_offset < num_extents_per_page) {	590	ecryptfs_printk(KERN_ERR, "Error allocating memory for "
523	ecryptfs_extent_to_lwr_pg_idx_and_offset(	591	"encrypted extent\n");
524	&lower_page_idx, &lower_byte_offset, crypt_stat,	592	goto out;
525	(base_extent + extent_offset));	593	}
526	if (prior_lower_page_idx != lower_page_idx	594	enc_extent_page = virt_to_page(enc_extent_virt);
527	&& page_state == ECRYPTFS_PAGE_STATE_MODIFIED) {	595	for (extent_offset = 0;
528	rc = ecryptfs_write_out_page(ctx, lower_page,	596	extent_offset < (PAGE_CACHE_SIZE / crypt_stat->extent_size);
529	lower_inode,	597	extent_offset++) {
530	orig_byte_offset,	598	loff_t offset;
531	(PAGE_CACHE_SIZE	599
532	- orig_byte_offset));	600	rc = ecryptfs_encrypt_extent(enc_extent_page, crypt_stat, page,
533	if (rc) {	601	extent_offset);
534	ecryptfs_printk(KERN_ERR, "Error attempting "
535	"to write out page; rc = [%d]"
536	"\n", rc);
537	goto out;
538	}
539	page_state = ECRYPTFS_PAGE_STATE_WRITTEN;
540	}
541	if (page_state == ECRYPTFS_PAGE_STATE_UNREAD
542	\|\| page_state == ECRYPTFS_PAGE_STATE_WRITTEN) {
543	rc = ecryptfs_read_in_page(ctx, &lower_page,
544	lower_inode, lower_page_idx,
545	lower_byte_offset);
546	if (rc) {
547	ecryptfs_printk(KERN_ERR, "Error attempting "
548	"to read in lower page with "
549	"index [0x%.16x]; rc = [%d]\n",
550	lower_page_idx, rc);
551	goto out;
552	}
553	orig_byte_offset = lower_byte_offset;
554	prior_lower_page_idx = lower_page_idx;
555	page_state = ECRYPTFS_PAGE_STATE_READ;
556	}
557	BUG_ON(!(page_state == ECRYPTFS_PAGE_STATE_MODIFIED
558	\|\| page_state == ECRYPTFS_PAGE_STATE_READ));
559	rc = ecryptfs_derive_iv(extent_iv, crypt_stat,
560	(base_extent + extent_offset));
561	if (rc) {	602	if (rc) {
562	ecryptfs_printk(KERN_ERR, "Error attempting to "	603	printk(KERN_ERR "%s: Error encrypting extent; "
563	"derive IV for extent [0x%.16x]; "	604	"rc = [%d]\n", __FUNCTION__, rc);
564	"rc = [%d]\n",
565	(base_extent + extent_offset), rc);
566	goto out;	605	goto out;
567	}	606	}
568	if (unlikely(ecryptfs_verbosity > 0)) {	607	ecryptfs_lower_offset_for_extent(
569	ecryptfs_printk(KERN_DEBUG, "Encrypting extent "	608	&offset, ((page->index * (PAGE_CACHE_SIZE
570	"with iv:\n");	609	/ crypt_stat->extent_size))
571	ecryptfs_dump_hex(extent_iv, crypt_stat->iv_bytes);	610	+ extent_offset), crypt_stat);
572	ecryptfs_printk(KERN_DEBUG, "First 8 bytes before "	611	rc = ecryptfs_write_lower(ecryptfs_inode, enc_extent_virt,
573	"encryption:\n");	612	offset, crypt_stat->extent_size);
574	ecryptfs_dump_hex((char *)	613	if (rc) {
575	(page_address(ctx->page)	614	ecryptfs_printk(KERN_ERR, "Error attempting "
576	+ (extent_offset	615	"to write lower page; rc = [%d]"
577	* crypt_stat->extent_size)), 8);	616	"\n", rc);
578	}	617	goto out;
579	rc = ecryptfs_encrypt_page_offset(
580	crypt_stat, lower_page, lower_byte_offset, ctx->page,
581	(extent_offset * crypt_stat->extent_size),
582	crypt_stat->extent_size, extent_iv);
583	ecryptfs_printk(KERN_DEBUG, "Encrypt extent [0x%.16x]; "
584	"rc = [%d]\n",
585	(base_extent + extent_offset), rc);
586	if (unlikely(ecryptfs_verbosity > 0)) {
587	ecryptfs_printk(KERN_DEBUG, "First 8 bytes after "
588	"encryption:\n");
589	ecryptfs_dump_hex((char *)(page_address(lower_page)
590	+ lower_byte_offset), 8);
591	}	618	}
592	page_state = ECRYPTFS_PAGE_STATE_MODIFIED;
593	extent_offset++;	619	extent_offset++;
594	}	620	}
595	BUG_ON(orig_byte_offset != 0);	621	out:
596	rc = ecryptfs_write_out_page(ctx, lower_page, lower_inode, 0,	622	kfree(enc_extent_virt);
597	(lower_byte_offset	623	return rc;
598	+ crypt_stat->extent_size));	624	}
		625
		626	static int ecryptfs_decrypt_extent(struct page *page,
		627	struct ecryptfs_crypt_stat *crypt_stat,
		628	struct page *enc_extent_page,
		629	unsigned long extent_offset)
		630	{
		631	unsigned long extent_base;
		632	char extent_iv[ECRYPTFS_MAX_IV_BYTES];
		633	int rc;
		634
		635	extent_base = (page->index
		636	* (PAGE_CACHE_SIZE / crypt_stat->extent_size));
		637	rc = ecryptfs_derive_iv(extent_iv, crypt_stat,
		638	(extent_base + extent_offset));
599	if (rc) {	639	if (rc) {
600	ecryptfs_printk(KERN_ERR, "Error attempting to write out "	640	ecryptfs_printk(KERN_ERR, "Error attempting to "
601	"page; rc = [%d]\n", rc);	641	"derive IV for extent [0x%.16x]; "
602	goto out;	642	"rc = [%d]\n", (extent_base + extent_offset),
		643	rc);
		644	goto out;
		645	}
		646	if (unlikely(ecryptfs_verbosity > 0)) {
		647	ecryptfs_printk(KERN_DEBUG, "Decrypting extent "
		648	"with iv:\n");
		649	ecryptfs_dump_hex(extent_iv, crypt_stat->iv_bytes);
		650	ecryptfs_printk(KERN_DEBUG, "First 8 bytes before "
		651	"decryption:\n");
		652	ecryptfs_dump_hex((char *)
		653	(page_address(enc_extent_page)
		654	+ (extent_offset * crypt_stat->extent_size)),
		655	8);
		656	}
		657	rc = ecryptfs_decrypt_page_offset(crypt_stat, page,
		658	(extent_offset
		659	* crypt_stat->extent_size),
		660	enc_extent_page, 0,
		661	crypt_stat->extent_size, extent_iv);
		662	if (rc < 0) {
		663	printk(KERN_ERR "%s: Error attempting to decrypt to page with "
		664	"page->index = [%ld], extent_offset = [%ld]; "
		665	"rc = [%d]\n", __FUNCTION__, page->index, extent_offset,
		666	rc);
		667	goto out;
		668	}
		669	rc = 0;
		670	if (unlikely(ecryptfs_verbosity > 0)) {
		671	ecryptfs_printk(KERN_DEBUG, "Decrypt extent [0x%.16x]; "
		672	"rc = [%d]\n", (extent_base + extent_offset),
		673	rc);
		674	ecryptfs_printk(KERN_DEBUG, "First 8 bytes after "
		675	"decryption:\n");
		676	ecryptfs_dump_hex((char *)(page_address(page)
		677	+ (extent_offset
		678	* crypt_stat->extent_size)), 8);
603	}	679	}
604	out:	680	out:
605	return rc;	681	return rc;
@@ -607,8 +683,9 @@ out:
607		683
608	/**	684	/**
609	* ecryptfs_decrypt_page	685	* ecryptfs_decrypt_page
610	* @file: The ecryptfs file	686	* @page: Page mapped from the eCryptfs inode for the file; data read
611	* @page: The page in ecryptfs to decrypt	687	* and decrypted from the lower file will be written into this
		688	* page
612	*	689	*
613	* Decrypt an eCryptfs page. This is done on a per-extent basis. Note	690	* Decrypt an eCryptfs page. This is done on a per-extent basis. Note
614	* that eCryptfs pages may straddle the lower pages -- for instance,	691	* that eCryptfs pages may straddle the lower pages -- for instance,
@@ -620,103 +697,69 @@ out:
620	*	697	*
621	* Returns zero on success; negative on error	698	* Returns zero on success; negative on error
622	*/	699	*/
623	int ecryptfs_decrypt_page(struct file file, struct page page)	700	int ecryptfs_decrypt_page(struct page *page)
624	{	701	{
625	char extent_iv[ECRYPTFS_MAX_IV_BYTES];	702	struct inode *ecryptfs_inode;
626	unsigned long base_extent;
627	unsigned long extent_offset = 0;
628	unsigned long lower_page_idx = 0;
629	unsigned long prior_lower_page_idx = 0;
630	struct page *lower_page;
631	char *lower_page_virt = NULL;
632	struct inode *lower_inode;
633	struct ecryptfs_crypt_stat *crypt_stat;	703	struct ecryptfs_crypt_stat *crypt_stat;
		704	char *enc_extent_virt = NULL;
		705	struct page *enc_extent_page;
		706	unsigned long extent_offset;
634	int rc = 0;	707	int rc = 0;
635	int byte_offset;
636	int num_extents_per_page;
637	int page_state;
638		708
639	crypt_stat = &(ecryptfs_inode_to_private(	709	ecryptfs_inode = page->mapping->host;
640	page->mapping->host)->crypt_stat);	710	crypt_stat =
641	lower_inode = ecryptfs_inode_to_lower(page->mapping->host);	711	&(ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat);
642	if (!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) {	712	if (!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) {
643	rc = ecryptfs_do_readpage(file, page, page->index);	713	rc = ecryptfs_read_lower_page_segment(page, page->index, 0,
		714	PAGE_CACHE_SIZE,
		715	ecryptfs_inode);
644	if (rc)	716	if (rc)
645	ecryptfs_printk(KERN_ERR, "Error attempting to copy "	717	printk(KERN_ERR "%s: Error attempting to copy "
646	"page at index [0x%.16x]\n",	718	"page at index [%ld]\n", __FUNCTION__,
647	page->index);	719	page->index);
648	goto out;	720	goto out_clear_uptodate;
649	}	721	}
650	num_extents_per_page = PAGE_CACHE_SIZE / crypt_stat->extent_size;	722	enc_extent_virt = kmalloc(PAGE_CACHE_SIZE, GFP_USER);
651	base_extent = (page->index * num_extents_per_page);	723	if (!enc_extent_virt) {
652	lower_page_virt = kmem_cache_alloc(ecryptfs_lower_page_cache,
653	GFP_KERNEL);
654	if (!lower_page_virt) {
655	rc = -ENOMEM;	724	rc = -ENOMEM;
656	ecryptfs_printk(KERN_ERR, "Error getting page for encrypted "	725	ecryptfs_printk(KERN_ERR, "Error allocating memory for "
657	"lower page(s)\n");	726	"encrypted extent\n");
658	goto out;	727	goto out_clear_uptodate;
659	}	728	}
660	lower_page = virt_to_page(lower_page_virt);	729	enc_extent_page = virt_to_page(enc_extent_virt);
661	page_state = ECRYPTFS_PAGE_STATE_UNREAD;	730	for (extent_offset = 0;
662	while (extent_offset < num_extents_per_page) {	731	extent_offset < (PAGE_CACHE_SIZE / crypt_stat->extent_size);
663	ecryptfs_extent_to_lwr_pg_idx_and_offset(	732	extent_offset++) {
664	&lower_page_idx, &byte_offset, crypt_stat,	733	loff_t offset;
665	(base_extent + extent_offset));	734
666	if (prior_lower_page_idx != lower_page_idx	735	ecryptfs_lower_offset_for_extent(
667	\|\| page_state == ECRYPTFS_PAGE_STATE_UNREAD) {	736	&offset, ((page->index * (PAGE_CACHE_SIZE
668	rc = ecryptfs_do_readpage(file, lower_page,	737	/ crypt_stat->extent_size))
669	lower_page_idx);	738	+ extent_offset), crypt_stat);
670	if (rc) {	739	rc = ecryptfs_read_lower(enc_extent_virt, offset,
671	ecryptfs_printk(KERN_ERR, "Error reading "	740	crypt_stat->extent_size,
672	"lower encrypted page; rc = "	741	ecryptfs_inode);
673	"[%d]\n", rc);
674	goto out;
675	}
676	prior_lower_page_idx = lower_page_idx;
677	page_state = ECRYPTFS_PAGE_STATE_READ;
678	}
679	rc = ecryptfs_derive_iv(extent_iv, crypt_stat,
680	(base_extent + extent_offset));
681	if (rc) {	742	if (rc) {
682	ecryptfs_printk(KERN_ERR, "Error attempting to "	743	ecryptfs_printk(KERN_ERR, "Error attempting "
683	"derive IV for extent [0x%.16x]; rc = "	744	"to read lower page; rc = [%d]"
684	"[%d]\n",	745	"\n", rc);
685	(base_extent + extent_offset), rc);	746	goto out_clear_uptodate;
686	goto out;
687	}
688	if (unlikely(ecryptfs_verbosity > 0)) {
689	ecryptfs_printk(KERN_DEBUG, "Decrypting extent "
690	"with iv:\n");
691	ecryptfs_dump_hex(extent_iv, crypt_stat->iv_bytes);
692	ecryptfs_printk(KERN_DEBUG, "First 8 bytes before "
693	"decryption:\n");
694	ecryptfs_dump_hex((lower_page_virt + byte_offset), 8);
695	}	747	}
696	rc = ecryptfs_decrypt_page_offset(crypt_stat, page,	748	rc = ecryptfs_decrypt_extent(page, crypt_stat, enc_extent_page,
697	(extent_offset	749	extent_offset);
698	* crypt_stat->extent_size),	750	if (rc) {
699	lower_page, byte_offset,	751	printk(KERN_ERR "%s: Error encrypting extent; "
700	crypt_stat->extent_size,	752	"rc = [%d]\n", __FUNCTION__, rc);
701	extent_iv);	753	goto out_clear_uptodate;
702	if (rc != crypt_stat->extent_size) {
703	ecryptfs_printk(KERN_ERR, "Error attempting to "
704	"decrypt extent [0x%.16x]\n",
705	(base_extent + extent_offset));
706	goto out;
707	}
708	rc = 0;
709	if (unlikely(ecryptfs_verbosity > 0)) {
710	ecryptfs_printk(KERN_DEBUG, "First 8 bytes after "
711	"decryption:\n");
712	ecryptfs_dump_hex((char *)(page_address(page)
713	+ byte_offset), 8);
714	}	754	}
715	extent_offset++;	755	extent_offset++;
716	}	756	}
		757	SetPageUptodate(page);
		758	goto out;
		759	out_clear_uptodate:
		760	ClearPageUptodate(page);
717	out:	761	out:
718	if (lower_page_virt)	762	kfree(enc_extent_virt);
719	kmem_cache_free(ecryptfs_lower_page_cache, lower_page_virt);
720	return rc;	763	return rc;
721	}	764	}
722		765