eCryptfs: Fix data corruption when using ecryptfs_passthrough

ecryptfs_passthrough is a mount option that allows eCryptfs to allow data to be written to non-eCryptfs files in the lower filesystem. The passthrough option was causing data corruption due to it not always being treated as a non-eCryptfs file. The first 8 bytes of an eCryptfs file contains the decrypted file size. This value was being written to the non-eCryptfs files, too. Also, extra 0x00 characters were being written to make the file size a multiple of PAGE_CACHE_SIZE. Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
author: Tyler Hicks <tyhicks@linux.vnet.ibm.com> 2009-04-13 16:29:27 -0400
committer: Tyler Hicks <tyhicks@linux.vnet.ibm.com> 2009-04-22 04:54:13 -0400
commit: 13a791b4e63eb0537a7f804a340d6527485983b4 (patch)
tree: ad3c74093e8efe0da14644a0dc16ac0c61b2e6e5 /fs/ecryptfs
parent: 3a5203ab3c0c31e0f1434c69e893bfb85c6e6657 (diff)
4 files changed, 41 insertions, 32 deletions
diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c
index 8b65f289ee00..b91851f1cda3 100644
--- a/fs/ecryptfs/crypto.c
+++ b/fs/ecryptfs/crypto.c
@@ -483,15 +483,7 @@ int ecryptfs_encrypt_page(struct page *page)
        ecryptfs_inode = page->mapping->host;
        crypt_stat =
                &(ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat);
-        if (!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) {
+        BUG_ON(!(crypt_stat->flags & ECRYPTFS_ENCRYPTED));
-                rc = ecryptfs_write_lower_page_segment(ecryptfs_inode, page,
-                                                       0, PAGE_CACHE_SIZE);
-                if (rc)
-                        printk(KERN_ERR "%s: Error attempting to copy "
-                               "page at index [%ld]\n", __func__,
-                               page->index);
-                goto out;
-        }
        enc_extent_page = alloc_page(GFP_USER);
        if (!enc_extent_page) {
                rc = -ENOMEM;
@@ -620,16 +612,7 @@ int ecryptfs_decrypt_page(struct page *page)
        ecryptfs_inode = page->mapping->host;
        crypt_stat =
                &(ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat);
-        if (!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) {
+        BUG_ON(!(crypt_stat->flags & ECRYPTFS_ENCRYPTED));
-                rc = ecryptfs_read_lower_page_segment(page, page->index, 0,
-                                                      PAGE_CACHE_SIZE,
-                                                      ecryptfs_inode);
-                if (rc)
-                        printk(KERN_ERR "%s: Error attempting to copy "
-                               "page at index [%ld]\n", __func__,
-                               page->index);
-                goto out;
-        }
        enc_extent_page = alloc_page(GFP_USER);
        if (!enc_extent_page) {
                rc = -ENOMEM;
diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c
index 55b3145b8072..5ed86e25b8a2 100644
--- a/fs/ecryptfs/inode.c
+++ b/fs/ecryptfs/inode.c
@@ -814,6 +814,13 @@ int ecryptfs_truncate(struct dentry *dentry, loff_t new_length)
                size_t num_zeros = (PAGE_CACHE_SIZE
                                    - (new_length & ~PAGE_CACHE_MASK));
+                if (!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) {
+                        rc = vmtruncate(inode, new_length);
+                        if (rc)
+                                goto out_free;
+                        rc = vmtruncate(lower_dentry->d_inode, new_length);
+                        goto out_free;
+                }
                if (num_zeros) {
                        char *zeros_virt;
@@ -915,8 +922,6 @@ static int ecryptfs_setattr(struct dentry *dentry, struct iattr *ia)
                        }
                        rc = 0;
                        crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
-                        mutex_unlock(&crypt_stat->cs_mutex);
-                        goto out;
                }
        }
        mutex_unlock(&crypt_stat->cs_mutex);
diff --git a/fs/ecryptfs/mmap.c b/fs/ecryptfs/mmap.c
index 46cec2b69796..5c6bab9786e3 100644
--- a/fs/ecryptfs/mmap.c
+++ b/fs/ecryptfs/mmap.c
@@ -449,6 +449,7 @@ int ecryptfs_write_inode_size_to_metadata(struct inode *ecryptfs_inode)
        struct ecryptfs_crypt_stat *crypt_stat;
        crypt_stat = &ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat;
+        BUG_ON(!(crypt_stat->flags & ECRYPTFS_ENCRYPTED));
        if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR)
                return ecryptfs_write_inode_size_to_xattr(ecryptfs_inode);
        else
@@ -490,6 +491,16 @@ static int ecryptfs_write_end(struct file *file,
                ecryptfs_printk(KERN_DEBUG, "Not a new file\n");
        ecryptfs_printk(KERN_DEBUG, "Calling fill_zeros_to_end_of_page"
                        "(page w/ index = [0x%.16x], to = [%d])\n", index, to);
+        if (!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) {
+                rc = ecryptfs_write_lower_page_segment(ecryptfs_inode, page, 0,
+                                                       to);
+                if (!rc) {
+                        rc = copied;
+                        fsstack_copy_inode_size(ecryptfs_inode,
+                                ecryptfs_inode_to_lower(ecryptfs_inode));
+                }
+                goto out;
+        }
        /* Fills in zeros if 'to' goes beyond inode size */
        rc = fill_zeros_to_end_of_page(page, to);
        if (rc) {
diff --git a/fs/ecryptfs/read_write.c b/fs/ecryptfs/read_write.c
index 75c2ea9fee35..a137c6ea2fee 100644
--- a/fs/ecryptfs/read_write.c
+++ b/fs/ecryptfs/read_write.c
@@ -117,13 +117,15 @@ int ecryptfs_write(struct file *ecryptfs_file, char *data, loff_t offset,
                   size_t size)
 {
        struct page *ecryptfs_page;
+        struct ecryptfs_crypt_stat *crypt_stat;
+        struct inode *ecryptfs_inode = ecryptfs_file->f_dentry->d_inode;
        char *ecryptfs_page_virt;
-        loff_t ecryptfs_file_size =
+        loff_t ecryptfs_file_size = i_size_read(ecryptfs_inode);
-                i_size_read(ecryptfs_file->f_dentry->d_inode);
        loff_t data_offset = 0;
        loff_t pos;
        int rc = 0;
+        crypt_stat = &ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat;
        /*
         * if we are writing beyond current size, then start pos
         * at the current size - we'll fill in zeros from there.
@@ -184,7 +186,13 @@ int ecryptfs_write(struct file *ecryptfs_file, char *data, loff_t offset,
                flush_dcache_page(ecryptfs_page);
                SetPageUptodate(ecryptfs_page);
                unlock_page(ecryptfs_page);
-                rc = ecryptfs_encrypt_page(ecryptfs_page);
+                if (crypt_stat->flags & ECRYPTFS_ENCRYPTED)
+                        rc = ecryptfs_encrypt_page(ecryptfs_page);
+                else
+                        rc = ecryptfs_write_lower_page_segment(ecryptfs_inode,
+                                                ecryptfs_page,
+                                                start_offset_in_page,
+                                                data_offset);
                page_cache_release(ecryptfs_page);
                if (rc) {
                        printk(KERN_ERR "%s: Error encrypting "
@@ -194,14 +202,16 @@ int ecryptfs_write(struct file *ecryptfs_file, char *data, loff_t offset,
                pos += num_bytes;
        }
        if ((offset + size) > ecryptfs_file_size) {
-                i_size_write(ecryptfs_file->f_dentry->d_inode, (offset + size));
+                i_size_write(ecryptfs_inode, (offset + size));
-                rc = ecryptfs_write_inode_size_to_metadata(
+                if (crypt_stat->flags & ECRYPTFS_ENCRYPTED) {
-                        ecryptfs_file->f_dentry->d_inode);
+                        rc = ecryptfs_write_inode_size_to_metadata(
-                if (rc) {
+                                                                ecryptfs_inode);
-                        printk(KERN_ERR "Problem with "
+                        if (rc) {
-                               "ecryptfs_write_inode_size_to_metadata; "
+                                printk(KERN_ERR "Problem with "
-                               "rc = [%d]\n", rc);
+                                       "ecryptfs_write_inode_size_to_metadata; "
-                        goto out;
+                                       "rc = [%d]\n", rc);
+                                goto out;
+                        }
                }
        }
 out:
author	Tyler Hicks <tyhicks@linux.vnet.ibm.com>	2009-04-13 16:29:27 -0400
committer	Tyler Hicks <tyhicks@linux.vnet.ibm.com>	2009-04-22 04:54:13 -0400
commit	13a791b4e63eb0537a7f804a340d6527485983b4 (patch)
tree	ad3c74093e8efe0da14644a0dc16ac0c61b2e6e5 /fs/ecryptfs
parent	3a5203ab3c0c31e0f1434c69e893bfb85c6e6657 (diff)