[PATCH] ecryptfs: fs/Makefile and fs/Kconfig

eCryptfs is a stacked cryptographic filesystem for Linux. It is derived from Erez Zadok's Cryptfs, implemented through the FiST framework for generating stacked filesystems. eCryptfs extends Cryptfs to provide advanced key management and policy features. eCryptfs stores cryptographic metadata in the header of each file written, so that encrypted files can be copied between hosts; the file will be decryptable with the proper key, and there is no need to keep track of any additional information aside from what is already in the encrypted file itself. [akpm@osdl.org: updates for ongoing API changes] [bunk@stusta.de: cleanups] [akpm@osdl.org: alpha build fix] [akpm@osdl.org: cleanups] [tytso@mit.edu: inode-diet updates] [pbadari@us.ibm.com: generic_file_*_read/write() interface updates] [rdunlap@xenotime.net: printk format fixes] [akpm@osdl.org: make slab creation and teardown table-driven] Signed-off-by: Phillip Hellewell <phillip@hellewell.homeip.net> Signed-off-by: Michael Halcrow <mhalcrow@us.ibm.com> Signed-off-by: Erez Zadok <ezk@cs.sunysb.edu> Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: "Theodore Ts'o" <tytso@mit.edu> Signed-off-by: Badari Pulavarty <pbadari@us.ibm.com> Signed-off-by: Randy Dunlap <rdunlap@xenotime.net> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
author: Michael Halcrow <mhalcrow@us.ibm.com> 2006-10-04 05:16:22 -0400
committer: Linus Torvalds <torvalds@g5.osdl.org> 2006-10-04 10:55:24 -0400
commit: 237fead619984cc48818fe12ee0ceada3f55b012 (patch)
tree: 40c6cacf2331191139e847988882b168d111c12e /fs/ecryptfs/super.c
parent: f7aa2638f288f4c67acdb55947472740bd27d27a (diff)
1 files changed, 198 insertions, 0 deletions
diff --git a/fs/ecryptfs/super.c b/fs/ecryptfs/super.c
new file mode 100644
index 000000000000..c337c0410fb1
--- /dev/null
+++ b/fs/ecryptfs/super.c
@@ -0,0 +1,198 @@
+/**
+ * eCryptfs: Linux filesystem encryption layer
+ *
+ * Copyright (C) 1997-2003 Erez Zadok
+ * Copyright (C) 2001-2003 Stony Brook University
+ * Copyright (C) 2004-2006 International Business Machines Corp.
+ *   Author(s): Michael A. Halcrow <mahalcro@us.ibm.com>
+ *              Michael C. Thompson <mcthomps@us.ibm.com>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+ * 02111-1307, USA.
+ */
+#include <linux/fs.h>
+#include <linux/mount.h>
+#include <linux/key.h>
+#include <linux/seq_file.h>
+#include <linux/crypto.h>
+#include "ecryptfs_kernel.h"
+struct kmem_cache *ecryptfs_inode_info_cache;
+/**
+ * ecryptfs_alloc_inode - allocate an ecryptfs inode
+ * @sb: Pointer to the ecryptfs super block
+ *
+ * Called to bring an inode into existence.
+ *
+ * Only handle allocation, setting up structures should be done in
+ * ecryptfs_read_inode. This is because the kernel, between now and
+ * then, will 0 out the private data pointer.
+ *
+ * Returns a pointer to a newly allocated inode, NULL otherwise
+ */
+static struct inode *ecryptfs_alloc_inode(struct super_block *sb)
+{
+        struct ecryptfs_inode_info *ecryptfs_inode;
+        struct inode *inode = NULL;
+        ecryptfs_inode = kmem_cache_alloc(ecryptfs_inode_info_cache,
+                                          SLAB_KERNEL);
+        if (unlikely(!ecryptfs_inode))
+                goto out;
+        ecryptfs_init_crypt_stat(&ecryptfs_inode->crypt_stat);
+        inode = &ecryptfs_inode->vfs_inode;
+out:
+        return inode;
+}
+/**
+ * ecryptfs_destroy_inode
+ * @inode: The ecryptfs inode
+ *
+ * This is used during the final destruction of the inode.
+ * All allocation of memory related to the inode, including allocated
+ * memory in the crypt_stat struct, will be released here.
+ * There should be no chance that this deallocation will be missed.
+ */
+static void ecryptfs_destroy_inode(struct inode *inode)
+{
+        struct ecryptfs_inode_info *inode_info;
+        inode_info = ecryptfs_inode_to_private(inode);
+        ecryptfs_destruct_crypt_stat(&inode_info->crypt_stat);
+        kmem_cache_free(ecryptfs_inode_info_cache, inode_info);
+}
+/**
+ * ecryptfs_init_inode
+ * @inode: The ecryptfs inode
+ *
+ * Set up the ecryptfs inode.
+ */
+void ecryptfs_init_inode(struct inode *inode, struct inode *lower_inode)
+{
+        ecryptfs_set_inode_lower(inode, lower_inode);
+        inode->i_ino = lower_inode->i_ino;
+        inode->i_version++;
+        inode->i_op = &ecryptfs_main_iops;
+        inode->i_fop = &ecryptfs_main_fops;
+        inode->i_mapping->a_ops = &ecryptfs_aops;
+}
+/**
+ * ecryptfs_put_super
+ * @sb: Pointer to the ecryptfs super block
+ *
+ * Final actions when unmounting a file system.
+ * This will handle deallocation and release of our private data.
+ */
+static void ecryptfs_put_super(struct super_block *sb)
+{
+        struct ecryptfs_sb_info *sb_info = ecryptfs_superblock_to_private(sb);
+        ecryptfs_destruct_mount_crypt_stat(&sb_info->mount_crypt_stat);
+        kmem_cache_free(ecryptfs_sb_info_cache, sb_info);
+        ecryptfs_set_superblock_private(sb, NULL);
+}
+/**
+ * ecryptfs_statfs
+ * @sb: The ecryptfs super block
+ * @buf: The struct kstatfs to fill in with stats
+ *
+ * Get the filesystem statistics. Currently, we let this pass right through
+ * to the lower filesystem and take no action ourselves.
+ */
+static int ecryptfs_statfs(struct dentry *dentry, struct kstatfs *buf)
+{
+        return vfs_statfs(ecryptfs_dentry_to_lower(dentry), buf);
+}
+/**
+ * ecryptfs_clear_inode
+ * @inode - The ecryptfs inode
+ *
+ * Called by iput() when the inode reference count reached zero
+ * and the inode is not hashed anywhere.  Used to clear anything
+ * that needs to be, before the inode is completely destroyed and put
+ * on the inode free list. We use this to drop out reference to the
+ * lower inode.
+ */
+static void ecryptfs_clear_inode(struct inode *inode)
+{
+        iput(ecryptfs_inode_to_lower(inode));
+}
+/**
+ * ecryptfs_umount_begin
+ *
+ * Called in do_umount().
+ */
+static void ecryptfs_umount_begin(struct vfsmount *vfsmnt, int flags)
+{
+        struct vfsmount *lower_mnt =
+                ecryptfs_dentry_to_lower_mnt(vfsmnt->mnt_sb->s_root);
+        struct super_block *lower_sb;
+        mntput(lower_mnt);
+        lower_sb = lower_mnt->mnt_sb;
+        if (lower_sb->s_op->umount_begin)
+                lower_sb->s_op->umount_begin(lower_mnt, flags);
+}
+/**
+ * ecryptfs_show_options
+ *
+ * Prints the directory we are currently mounted over.
+ * Returns zero on success; non-zero otherwise
+ */
+static int ecryptfs_show_options(struct seq_file *m, struct vfsmount *mnt)
+{
+        struct super_block *sb = mnt->mnt_sb;
+        struct dentry *lower_root_dentry = ecryptfs_dentry_to_lower(sb->s_root);
+        struct vfsmount *lower_mnt = ecryptfs_dentry_to_lower_mnt(sb->s_root);
+        char *tmp_page;
+        char *path;
+        int rc = 0;
+        tmp_page = (char *)__get_free_page(GFP_KERNEL);
+        if (!tmp_page) {
+                rc = -ENOMEM;
+                goto out;
+        }
+        path = d_path(lower_root_dentry, lower_mnt, tmp_page, PAGE_SIZE);
+        if (IS_ERR(path)) {
+                rc = PTR_ERR(path);
+                goto out;
+        }
+        seq_printf(m, ",dir=%s", path);
+        free_page((unsigned long)tmp_page);
+out:
+        return rc;
+}
+struct super_operations ecryptfs_sops = {
+        .alloc_inode = ecryptfs_alloc_inode,
+        .destroy_inode = ecryptfs_destroy_inode,
+        .drop_inode = generic_delete_inode,
+        .put_super = ecryptfs_put_super,
+        .statfs = ecryptfs_statfs,
+        .remount_fs = NULL,
+        .clear_inode = ecryptfs_clear_inode,
+        .umount_begin = ecryptfs_umount_begin,
+        .show_options = ecryptfs_show_options
+};
author	Michael Halcrow <mhalcrow@us.ibm.com>	2006-10-04 05:16:22 -0400
committer	Linus Torvalds <torvalds@g5.osdl.org>	2006-10-04 10:55:24 -0400
commit	237fead619984cc48818fe12ee0ceada3f55b012 (patch)
tree	40c6cacf2331191139e847988882b168d111c12e /fs/ecryptfs/super.c
parent	f7aa2638f288f4c67acdb55947472740bd27d27a (diff)

diff --git a/fs/ecryptfs/super.c b/fs/ecryptfs/super.c new file mode 100644 index 000000000000..c337c0410fb1 --- /dev/null +++ b/fs/ecryptfs/super.c
@@ -0,0 +1,198 @@
	1	/**
	2	* eCryptfs: Linux filesystem encryption layer
	3	*
	4	* Copyright (C) 1997-2003 Erez Zadok
	5	* Copyright (C) 2001-2003 Stony Brook University
	6	* Copyright (C) 2004-2006 International Business Machines Corp.
	7	* Author(s): Michael A. Halcrow <mahalcro@us.ibm.com>
	8	* Michael C. Thompson <mcthomps@us.ibm.com>
	9	*
	10	* This program is free software; you can redistribute it and/or
	11	* modify it under the terms of the GNU General Public License as
	12	* published by the Free Software Foundation; either version 2 of the
	13	* License, or (at your option) any later version.
	14	*
	15	* This program is distributed in the hope that it will be useful, but
	16	* WITHOUT ANY WARRANTY; without even the implied warranty of
	17	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	18	* General Public License for more details.
	19	*
	20	* You should have received a copy of the GNU General Public License
	21	* along with this program; if not, write to the Free Software
	22	* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
	23	* 02111-1307, USA.
	24	*/
	25
	26	#include <linux/fs.h>
	27	#include <linux/mount.h>
	28	#include <linux/key.h>
	29	#include <linux/seq_file.h>
	30	#include <linux/crypto.h>
	31	#include "ecryptfs_kernel.h"
	32
	33	struct kmem_cache *ecryptfs_inode_info_cache;
	34
	35	/**
	36	* ecryptfs_alloc_inode - allocate an ecryptfs inode
	37	* @sb: Pointer to the ecryptfs super block
	38	*
	39	* Called to bring an inode into existence.
	40	*
	41	* Only handle allocation, setting up structures should be done in
	42	* ecryptfs_read_inode. This is because the kernel, between now and
	43	* then, will 0 out the private data pointer.
	44	*
	45	* Returns a pointer to a newly allocated inode, NULL otherwise
	46	*/
	47	static struct inode ecryptfs_alloc_inode(struct super_block sb)
	48	{
	49	struct ecryptfs_inode_info *ecryptfs_inode;
	50	struct inode *inode = NULL;
	51
	52	ecryptfs_inode = kmem_cache_alloc(ecryptfs_inode_info_cache,
	53	SLAB_KERNEL);
	54	if (unlikely(!ecryptfs_inode))
	55	goto out;
	56	ecryptfs_init_crypt_stat(&ecryptfs_inode->crypt_stat);
	57	inode = &ecryptfs_inode->vfs_inode;
	58	out:
	59	return inode;
	60	}
	61
	62	/**
	63	* ecryptfs_destroy_inode
	64	* @inode: The ecryptfs inode
	65	*
	66	* This is used during the final destruction of the inode.
	67	* All allocation of memory related to the inode, including allocated
	68	* memory in the crypt_stat struct, will be released here.
	69	* There should be no chance that this deallocation will be missed.
	70	*/
	71	static void ecryptfs_destroy_inode(struct inode *inode)
	72	{
	73	struct ecryptfs_inode_info *inode_info;
	74
	75	inode_info = ecryptfs_inode_to_private(inode);
	76	ecryptfs_destruct_crypt_stat(&inode_info->crypt_stat);
	77	kmem_cache_free(ecryptfs_inode_info_cache, inode_info);
	78	}
	79
	80	/**
	81	* ecryptfs_init_inode
	82	* @inode: The ecryptfs inode
	83	*
	84	* Set up the ecryptfs inode.
	85	*/
	86	void ecryptfs_init_inode(struct inode inode, struct inode lower_inode)
	87	{
	88	ecryptfs_set_inode_lower(inode, lower_inode);
	89	inode->i_ino = lower_inode->i_ino;
	90	inode->i_version++;
	91	inode->i_op = &ecryptfs_main_iops;
	92	inode->i_fop = &ecryptfs_main_fops;
	93	inode->i_mapping->a_ops = &ecryptfs_aops;
	94	}
	95
	96	/**
	97	* ecryptfs_put_super
	98	* @sb: Pointer to the ecryptfs super block
	99	*
	100	* Final actions when unmounting a file system.
	101	* This will handle deallocation and release of our private data.
	102	*/
	103	static void ecryptfs_put_super(struct super_block *sb)
	104	{
	105	struct ecryptfs_sb_info *sb_info = ecryptfs_superblock_to_private(sb);
	106
	107	ecryptfs_destruct_mount_crypt_stat(&sb_info->mount_crypt_stat);
	108	kmem_cache_free(ecryptfs_sb_info_cache, sb_info);
	109	ecryptfs_set_superblock_private(sb, NULL);
	110	}
	111
	112	/**
	113	* ecryptfs_statfs
	114	* @sb: The ecryptfs super block
	115	* @buf: The struct kstatfs to fill in with stats
	116	*
	117	* Get the filesystem statistics. Currently, we let this pass right through
	118	* to the lower filesystem and take no action ourselves.
	119	*/
	120	static int ecryptfs_statfs(struct dentry dentry, struct kstatfs buf)
	121	{
	122	return vfs_statfs(ecryptfs_dentry_to_lower(dentry), buf);
	123	}
	124
	125	/**
	126	* ecryptfs_clear_inode
	127	* @inode - The ecryptfs inode
	128	*
	129	* Called by iput() when the inode reference count reached zero
	130	* and the inode is not hashed anywhere. Used to clear anything
	131	* that needs to be, before the inode is completely destroyed and put
	132	* on the inode free list. We use this to drop out reference to the
	133	* lower inode.
	134	*/
	135	static void ecryptfs_clear_inode(struct inode *inode)
	136	{
	137	iput(ecryptfs_inode_to_lower(inode));
	138	}
	139
	140	/**
	141	* ecryptfs_umount_begin
	142	*
	143	* Called in do_umount().
	144	*/
	145	static void ecryptfs_umount_begin(struct vfsmount *vfsmnt, int flags)
	146	{
	147	struct vfsmount *lower_mnt =
	148	ecryptfs_dentry_to_lower_mnt(vfsmnt->mnt_sb->s_root);
	149	struct super_block *lower_sb;
	150
	151	mntput(lower_mnt);
	152	lower_sb = lower_mnt->mnt_sb;
	153	if (lower_sb->s_op->umount_begin)
	154	lower_sb->s_op->umount_begin(lower_mnt, flags);
	155	}
	156
	157	/**
	158	* ecryptfs_show_options
	159	*
	160	* Prints the directory we are currently mounted over.
	161	* Returns zero on success; non-zero otherwise
	162	*/
	163	static int ecryptfs_show_options(struct seq_file m, struct vfsmount mnt)
	164	{
	165	struct super_block *sb = mnt->mnt_sb;
	166	struct dentry *lower_root_dentry = ecryptfs_dentry_to_lower(sb->s_root);
	167	struct vfsmount *lower_mnt = ecryptfs_dentry_to_lower_mnt(sb->s_root);
	168	char *tmp_page;
	169	char *path;
	170	int rc = 0;
	171
	172	tmp_page = (char *)__get_free_page(GFP_KERNEL);
	173	if (!tmp_page) {
	174	rc = -ENOMEM;
	175	goto out;
	176	}
	177	path = d_path(lower_root_dentry, lower_mnt, tmp_page, PAGE_SIZE);
	178	if (IS_ERR(path)) {
	179	rc = PTR_ERR(path);
	180	goto out;
	181	}
	182	seq_printf(m, ",dir=%s", path);
	183	free_page((unsigned long)tmp_page);
	184	out:
	185	return rc;
	186	}
	187
	188	struct super_operations ecryptfs_sops = {
	189	.alloc_inode = ecryptfs_alloc_inode,
	190	.destroy_inode = ecryptfs_destroy_inode,
	191	.drop_inode = generic_delete_inode,
	192	.put_super = ecryptfs_put_super,
	193	.statfs = ecryptfs_statfs,
	194	.remount_fs = NULL,
	195	.clear_inode = ecryptfs_clear_inode,
	196	.umount_begin = ecryptfs_umount_begin,
	197	.show_options = ecryptfs_show_options
	198	};