aboutsummaryrefslogtreecommitdiffstats
path: root/fs/ecryptfs
diff options
context:
space:
mode:
authorGlenn Elliott <gelliott@cs.unc.edu>2012-03-04 19:47:13 -0500
committerGlenn Elliott <gelliott@cs.unc.edu>2012-03-04 19:47:13 -0500
commitc71c03bda1e86c9d5198c5d83f712e695c4f2a1e (patch)
treeecb166cb3e2b7e2adb3b5e292245fefd23381ac8 /fs/ecryptfs
parentea53c912f8a86a8567697115b6a0d8152beee5c8 (diff)
parent6a00f206debf8a5c8899055726ad127dbeeed098 (diff)
Merge branch 'mpi-master' into wip-k-fmlpwip-k-fmlp
Conflicts: litmus/sched_cedf.c
Diffstat (limited to 'fs/ecryptfs')
-rw-r--r--fs/ecryptfs/crypto.c127
-rw-r--r--fs/ecryptfs/dentry.c29
-rw-r--r--fs/ecryptfs/ecryptfs_kernel.h67
-rw-r--r--fs/ecryptfs/file.c63
-rw-r--r--fs/ecryptfs/inode.c497
-rw-r--r--fs/ecryptfs/keystore.c365
-rw-r--r--fs/ecryptfs/kthread.c6
-rw-r--r--fs/ecryptfs/main.c285
-rw-r--r--fs/ecryptfs/miscdev.c1
-rw-r--r--fs/ecryptfs/mmap.c94
-rw-r--r--fs/ecryptfs/read_write.c12
-rw-r--r--fs/ecryptfs/super.c48
12 files changed, 803 insertions, 791 deletions
diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c
index cbadc1bee6e7..58609bde3b9f 100644
--- a/fs/ecryptfs/crypto.c
+++ b/fs/ecryptfs/crypto.c
@@ -266,7 +266,6 @@ void ecryptfs_destroy_mount_crypt_stat(
266 &mount_crypt_stat->global_auth_tok_list, 266 &mount_crypt_stat->global_auth_tok_list,
267 mount_crypt_stat_list) { 267 mount_crypt_stat_list) {
268 list_del(&auth_tok->mount_crypt_stat_list); 268 list_del(&auth_tok->mount_crypt_stat_list);
269 mount_crypt_stat->num_global_auth_toks--;
270 if (auth_tok->global_auth_tok_key 269 if (auth_tok->global_auth_tok_key
271 && !(auth_tok->flags & ECRYPTFS_AUTH_TOK_INVALID)) 270 && !(auth_tok->flags & ECRYPTFS_AUTH_TOK_INVALID))
272 key_put(auth_tok->global_auth_tok_key); 271 key_put(auth_tok->global_auth_tok_key);
@@ -348,7 +347,7 @@ static int encrypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat,
348 BUG_ON(!crypt_stat || !crypt_stat->tfm 347 BUG_ON(!crypt_stat || !crypt_stat->tfm
349 || !(crypt_stat->flags & ECRYPTFS_STRUCT_INITIALIZED)); 348 || !(crypt_stat->flags & ECRYPTFS_STRUCT_INITIALIZED));
350 if (unlikely(ecryptfs_verbosity > 0)) { 349 if (unlikely(ecryptfs_verbosity > 0)) {
351 ecryptfs_printk(KERN_DEBUG, "Key size [%d]; key:\n", 350 ecryptfs_printk(KERN_DEBUG, "Key size [%zd]; key:\n",
352 crypt_stat->key_size); 351 crypt_stat->key_size);
353 ecryptfs_dump_hex(crypt_stat->key, 352 ecryptfs_dump_hex(crypt_stat->key,
354 crypt_stat->key_size); 353 crypt_stat->key_size);
@@ -413,10 +412,9 @@ static int ecryptfs_encrypt_extent(struct page *enc_extent_page,
413 rc = ecryptfs_derive_iv(extent_iv, crypt_stat, 412 rc = ecryptfs_derive_iv(extent_iv, crypt_stat,
414 (extent_base + extent_offset)); 413 (extent_base + extent_offset));
415 if (rc) { 414 if (rc) {
416 ecryptfs_printk(KERN_ERR, "Error attempting to " 415 ecryptfs_printk(KERN_ERR, "Error attempting to derive IV for "
417 "derive IV for extent [0x%.16x]; " 416 "extent [0x%.16llx]; rc = [%d]\n",
418 "rc = [%d]\n", (extent_base + extent_offset), 417 (unsigned long long)(extent_base + extent_offset), rc);
419 rc);
420 goto out; 418 goto out;
421 } 419 }
422 if (unlikely(ecryptfs_verbosity > 0)) { 420 if (unlikely(ecryptfs_verbosity > 0)) {
@@ -443,9 +441,9 @@ static int ecryptfs_encrypt_extent(struct page *enc_extent_page,
443 } 441 }
444 rc = 0; 442 rc = 0;
445 if (unlikely(ecryptfs_verbosity > 0)) { 443 if (unlikely(ecryptfs_verbosity > 0)) {
446 ecryptfs_printk(KERN_DEBUG, "Encrypt extent [0x%.16x]; " 444 ecryptfs_printk(KERN_DEBUG, "Encrypt extent [0x%.16llx]; "
447 "rc = [%d]\n", (extent_base + extent_offset), 445 "rc = [%d]\n",
448 rc); 446 (unsigned long long)(extent_base + extent_offset), rc);
449 ecryptfs_printk(KERN_DEBUG, "First 8 bytes after " 447 ecryptfs_printk(KERN_DEBUG, "First 8 bytes after "
450 "encryption:\n"); 448 "encryption:\n");
451 ecryptfs_dump_hex((char *)(page_address(enc_extent_page)), 8); 449 ecryptfs_dump_hex((char *)(page_address(enc_extent_page)), 8);
@@ -540,10 +538,9 @@ static int ecryptfs_decrypt_extent(struct page *page,
540 rc = ecryptfs_derive_iv(extent_iv, crypt_stat, 538 rc = ecryptfs_derive_iv(extent_iv, crypt_stat,
541 (extent_base + extent_offset)); 539 (extent_base + extent_offset));
542 if (rc) { 540 if (rc) {
543 ecryptfs_printk(KERN_ERR, "Error attempting to " 541 ecryptfs_printk(KERN_ERR, "Error attempting to derive IV for "
544 "derive IV for extent [0x%.16x]; " 542 "extent [0x%.16llx]; rc = [%d]\n",
545 "rc = [%d]\n", (extent_base + extent_offset), 543 (unsigned long long)(extent_base + extent_offset), rc);
546 rc);
547 goto out; 544 goto out;
548 } 545 }
549 if (unlikely(ecryptfs_verbosity > 0)) { 546 if (unlikely(ecryptfs_verbosity > 0)) {
@@ -571,9 +568,9 @@ static int ecryptfs_decrypt_extent(struct page *page,
571 } 568 }
572 rc = 0; 569 rc = 0;
573 if (unlikely(ecryptfs_verbosity > 0)) { 570 if (unlikely(ecryptfs_verbosity > 0)) {
574 ecryptfs_printk(KERN_DEBUG, "Decrypt extent [0x%.16x]; " 571 ecryptfs_printk(KERN_DEBUG, "Decrypt extent [0x%.16llx]; "
575 "rc = [%d]\n", (extent_base + extent_offset), 572 "rc = [%d]\n",
576 rc); 573 (unsigned long long)(extent_base + extent_offset), rc);
577 ecryptfs_printk(KERN_DEBUG, "First 8 bytes after " 574 ecryptfs_printk(KERN_DEBUG, "First 8 bytes after "
578 "decryption:\n"); 575 "decryption:\n");
579 ecryptfs_dump_hex((char *)(page_address(page) 576 ecryptfs_dump_hex((char *)(page_address(page)
@@ -780,7 +777,7 @@ int ecryptfs_init_crypt_ctx(struct ecryptfs_crypt_stat *crypt_stat)
780 } 777 }
781 ecryptfs_printk(KERN_DEBUG, 778 ecryptfs_printk(KERN_DEBUG,
782 "Initializing cipher [%s]; strlen = [%d]; " 779 "Initializing cipher [%s]; strlen = [%d]; "
783 "key_size_bits = [%d]\n", 780 "key_size_bits = [%zd]\n",
784 crypt_stat->cipher, (int)strlen(crypt_stat->cipher), 781 crypt_stat->cipher, (int)strlen(crypt_stat->cipher),
785 crypt_stat->key_size << 3); 782 crypt_stat->key_size << 3);
786 if (crypt_stat->tfm) { 783 if (crypt_stat->tfm) {
@@ -1027,25 +1024,25 @@ out:
1027} 1024}
1028 1025
1029/** 1026/**
1030 * contains_ecryptfs_marker - check for the ecryptfs marker 1027 * ecryptfs_validate_marker - check for the ecryptfs marker
1031 * @data: The data block in which to check 1028 * @data: The data block in which to check
1032 * 1029 *
1033 * Returns one if marker found; zero if not found 1030 * Returns zero if marker found; -EINVAL if not found
1034 */ 1031 */
1035static int contains_ecryptfs_marker(char *data) 1032static int ecryptfs_validate_marker(char *data)
1036{ 1033{
1037 u32 m_1, m_2; 1034 u32 m_1, m_2;
1038 1035
1039 m_1 = get_unaligned_be32(data); 1036 m_1 = get_unaligned_be32(data);
1040 m_2 = get_unaligned_be32(data + 4); 1037 m_2 = get_unaligned_be32(data + 4);
1041 if ((m_1 ^ MAGIC_ECRYPTFS_MARKER) == m_2) 1038 if ((m_1 ^ MAGIC_ECRYPTFS_MARKER) == m_2)
1042 return 1; 1039 return 0;
1043 ecryptfs_printk(KERN_DEBUG, "m_1 = [0x%.8x]; m_2 = [0x%.8x]; " 1040 ecryptfs_printk(KERN_DEBUG, "m_1 = [0x%.8x]; m_2 = [0x%.8x]; "
1044 "MAGIC_ECRYPTFS_MARKER = [0x%.8x]\n", m_1, m_2, 1041 "MAGIC_ECRYPTFS_MARKER = [0x%.8x]\n", m_1, m_2,
1045 MAGIC_ECRYPTFS_MARKER); 1042 MAGIC_ECRYPTFS_MARKER);
1046 ecryptfs_printk(KERN_DEBUG, "(m_1 ^ MAGIC_ECRYPTFS_MARKER) = " 1043 ecryptfs_printk(KERN_DEBUG, "(m_1 ^ MAGIC_ECRYPTFS_MARKER) = "
1047 "[0x%.8x]\n", (m_1 ^ MAGIC_ECRYPTFS_MARKER)); 1044 "[0x%.8x]\n", (m_1 ^ MAGIC_ECRYPTFS_MARKER));
1048 return 0; 1045 return -EINVAL;
1049} 1046}
1050 1047
1051struct ecryptfs_flag_map_elem { 1048struct ecryptfs_flag_map_elem {
@@ -1204,27 +1201,19 @@ int ecryptfs_cipher_code_to_string(char *str, u8 cipher_code)
1204 return rc; 1201 return rc;
1205} 1202}
1206 1203
1207int ecryptfs_read_and_validate_header_region(char *data, 1204int ecryptfs_read_and_validate_header_region(struct inode *inode)
1208 struct inode *ecryptfs_inode)
1209{ 1205{
1210 struct ecryptfs_crypt_stat *crypt_stat = 1206 u8 file_size[ECRYPTFS_SIZE_AND_MARKER_BYTES];
1211 &(ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat); 1207 u8 *marker = file_size + ECRYPTFS_FILE_SIZE_BYTES;
1212 int rc; 1208 int rc;
1213 1209
1214 if (crypt_stat->extent_size == 0) 1210 rc = ecryptfs_read_lower(file_size, 0, ECRYPTFS_SIZE_AND_MARKER_BYTES,
1215 crypt_stat->extent_size = ECRYPTFS_DEFAULT_EXTENT_SIZE; 1211 inode);
1216 rc = ecryptfs_read_lower(data, 0, crypt_stat->extent_size, 1212 if (rc < ECRYPTFS_SIZE_AND_MARKER_BYTES)
1217 ecryptfs_inode); 1213 return rc >= 0 ? -EINVAL : rc;
1218 if (rc < 0) { 1214 rc = ecryptfs_validate_marker(marker);
1219 printk(KERN_ERR "%s: Error reading header region; rc = [%d]\n", 1215 if (!rc)
1220 __func__, rc); 1216 ecryptfs_i_size_init(file_size, inode);
1221 goto out;
1222 }
1223 if (!contains_ecryptfs_marker(data + ECRYPTFS_FILE_SIZE_BYTES)) {
1224 rc = -EINVAL;
1225 } else
1226 rc = 0;
1227out:
1228 return rc; 1217 return rc;
1229} 1218}
1230 1219
@@ -1245,8 +1234,7 @@ ecryptfs_write_header_metadata(char *virt,
1245 (*written) = 6; 1234 (*written) = 6;
1246} 1235}
1247 1236
1248struct kmem_cache *ecryptfs_header_cache_1; 1237struct kmem_cache *ecryptfs_header_cache;
1249struct kmem_cache *ecryptfs_header_cache_2;
1250 1238
1251/** 1239/**
1252 * ecryptfs_write_headers_virt 1240 * ecryptfs_write_headers_virt
@@ -1391,6 +1379,7 @@ int ecryptfs_write_metadata(struct dentry *ecryptfs_dentry)
1391 rc = -ENOMEM; 1379 rc = -ENOMEM;
1392 goto out; 1380 goto out;
1393 } 1381 }
1382 /* Zeroed page ensures the in-header unencrypted i_size is set to 0 */
1394 rc = ecryptfs_write_headers_virt(virt, virt_len, &size, crypt_stat, 1383 rc = ecryptfs_write_headers_virt(virt, virt_len, &size, crypt_stat,
1395 ecryptfs_dentry); 1384 ecryptfs_dentry);
1396 if (unlikely(rc)) { 1385 if (unlikely(rc)) {
@@ -1454,6 +1443,25 @@ static void set_default_header_data(struct ecryptfs_crypt_stat *crypt_stat)
1454 crypt_stat->metadata_size = ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE; 1443 crypt_stat->metadata_size = ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE;
1455} 1444}
1456 1445
1446void ecryptfs_i_size_init(const char *page_virt, struct inode *inode)
1447{
1448 struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
1449 struct ecryptfs_crypt_stat *crypt_stat;
1450 u64 file_size;
1451
1452 crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat;
1453 mount_crypt_stat =
1454 &ecryptfs_superblock_to_private(inode->i_sb)->mount_crypt_stat;
1455 if (mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED) {
1456 file_size = i_size_read(ecryptfs_inode_to_lower(inode));
1457 if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR)
1458 file_size += crypt_stat->metadata_size;
1459 } else
1460 file_size = get_unaligned_be64(page_virt);
1461 i_size_write(inode, (loff_t)file_size);
1462 crypt_stat->flags |= ECRYPTFS_I_SIZE_INITIALIZED;
1463}
1464
1457/** 1465/**
1458 * ecryptfs_read_headers_virt 1466 * ecryptfs_read_headers_virt
1459 * @page_virt: The virtual address into which to read the headers 1467 * @page_virt: The virtual address into which to read the headers
@@ -1479,11 +1487,11 @@ static int ecryptfs_read_headers_virt(char *page_virt,
1479 crypt_stat->mount_crypt_stat = &ecryptfs_superblock_to_private( 1487 crypt_stat->mount_crypt_stat = &ecryptfs_superblock_to_private(
1480 ecryptfs_dentry->d_sb)->mount_crypt_stat; 1488 ecryptfs_dentry->d_sb)->mount_crypt_stat;
1481 offset = ECRYPTFS_FILE_SIZE_BYTES; 1489 offset = ECRYPTFS_FILE_SIZE_BYTES;
1482 rc = contains_ecryptfs_marker(page_virt + offset); 1490 rc = ecryptfs_validate_marker(page_virt + offset);
1483 if (rc == 0) { 1491 if (rc)
1484 rc = -EINVAL;
1485 goto out; 1492 goto out;
1486 } 1493 if (!(crypt_stat->flags & ECRYPTFS_I_SIZE_INITIALIZED))
1494 ecryptfs_i_size_init(page_virt, ecryptfs_dentry->d_inode);
1487 offset += MAGIC_ECRYPTFS_MARKER_SIZE_BYTES; 1495 offset += MAGIC_ECRYPTFS_MARKER_SIZE_BYTES;
1488 rc = ecryptfs_process_flags(crypt_stat, (page_virt + offset), 1496 rc = ecryptfs_process_flags(crypt_stat, (page_virt + offset),
1489 &bytes_read); 1497 &bytes_read);
@@ -1548,20 +1556,21 @@ out:
1548 return rc; 1556 return rc;
1549} 1557}
1550 1558
1551int ecryptfs_read_and_validate_xattr_region(char *page_virt, 1559int ecryptfs_read_and_validate_xattr_region(struct dentry *dentry,
1552 struct dentry *ecryptfs_dentry) 1560 struct inode *inode)
1553{ 1561{
1562 u8 file_size[ECRYPTFS_SIZE_AND_MARKER_BYTES];
1563 u8 *marker = file_size + ECRYPTFS_FILE_SIZE_BYTES;
1554 int rc; 1564 int rc;
1555 1565
1556 rc = ecryptfs_read_xattr_region(page_virt, ecryptfs_dentry->d_inode); 1566 rc = ecryptfs_getxattr_lower(ecryptfs_dentry_to_lower(dentry),
1557 if (rc) 1567 ECRYPTFS_XATTR_NAME, file_size,
1558 goto out; 1568 ECRYPTFS_SIZE_AND_MARKER_BYTES);
1559 if (!contains_ecryptfs_marker(page_virt + ECRYPTFS_FILE_SIZE_BYTES)) { 1569 if (rc < ECRYPTFS_SIZE_AND_MARKER_BYTES)
1560 printk(KERN_WARNING "Valid data found in [%s] xattr, but " 1570 return rc >= 0 ? -EINVAL : rc;
1561 "the marker is invalid\n", ECRYPTFS_XATTR_NAME); 1571 rc = ecryptfs_validate_marker(marker);
1562 rc = -EINVAL; 1572 if (!rc)
1563 } 1573 ecryptfs_i_size_init(file_size, inode);
1564out:
1565 return rc; 1574 return rc;
1566} 1575}
1567 1576
@@ -1591,7 +1600,7 @@ int ecryptfs_read_metadata(struct dentry *ecryptfs_dentry)
1591 ecryptfs_copy_mount_wide_flags_to_inode_flags(crypt_stat, 1600 ecryptfs_copy_mount_wide_flags_to_inode_flags(crypt_stat,
1592 mount_crypt_stat); 1601 mount_crypt_stat);
1593 /* Read the first page from the underlying file */ 1602 /* Read the first page from the underlying file */
1594 page_virt = kmem_cache_alloc(ecryptfs_header_cache_1, GFP_USER); 1603 page_virt = kmem_cache_alloc(ecryptfs_header_cache, GFP_USER);
1595 if (!page_virt) { 1604 if (!page_virt) {
1596 rc = -ENOMEM; 1605 rc = -ENOMEM;
1597 printk(KERN_ERR "%s: Unable to allocate page_virt\n", 1606 printk(KERN_ERR "%s: Unable to allocate page_virt\n",
@@ -1636,7 +1645,7 @@ int ecryptfs_read_metadata(struct dentry *ecryptfs_dentry)
1636out: 1645out:
1637 if (page_virt) { 1646 if (page_virt) {
1638 memset(page_virt, 0, PAGE_CACHE_SIZE); 1647 memset(page_virt, 0, PAGE_CACHE_SIZE);
1639 kmem_cache_free(ecryptfs_header_cache_1, page_virt); 1648 kmem_cache_free(ecryptfs_header_cache, page_virt);
1640 } 1649 }
1641 return rc; 1650 return rc;
1642} 1651}
diff --git a/fs/ecryptfs/dentry.c b/fs/ecryptfs/dentry.c
index 906e803f7f79..534c1d46e69e 100644
--- a/fs/ecryptfs/dentry.c
+++ b/fs/ecryptfs/dentry.c
@@ -44,21 +44,30 @@
44 */ 44 */
45static int ecryptfs_d_revalidate(struct dentry *dentry, struct nameidata *nd) 45static int ecryptfs_d_revalidate(struct dentry *dentry, struct nameidata *nd)
46{ 46{
47 struct dentry *lower_dentry = ecryptfs_dentry_to_lower(dentry); 47 struct dentry *lower_dentry;
48 struct vfsmount *lower_mnt = ecryptfs_dentry_to_lower_mnt(dentry); 48 struct vfsmount *lower_mnt;
49 struct dentry *dentry_save; 49 struct dentry *dentry_save = NULL;
50 struct vfsmount *vfsmount_save; 50 struct vfsmount *vfsmount_save = NULL;
51 int rc = 1; 51 int rc = 1;
52 52
53 if (nd && nd->flags & LOOKUP_RCU)
54 return -ECHILD;
55
56 lower_dentry = ecryptfs_dentry_to_lower(dentry);
57 lower_mnt = ecryptfs_dentry_to_lower_mnt(dentry);
53 if (!lower_dentry->d_op || !lower_dentry->d_op->d_revalidate) 58 if (!lower_dentry->d_op || !lower_dentry->d_op->d_revalidate)
54 goto out; 59 goto out;
55 dentry_save = nd->path.dentry; 60 if (nd) {
56 vfsmount_save = nd->path.mnt; 61 dentry_save = nd->path.dentry;
57 nd->path.dentry = lower_dentry; 62 vfsmount_save = nd->path.mnt;
58 nd->path.mnt = lower_mnt; 63 nd->path.dentry = lower_dentry;
64 nd->path.mnt = lower_mnt;
65 }
59 rc = lower_dentry->d_op->d_revalidate(lower_dentry, nd); 66 rc = lower_dentry->d_op->d_revalidate(lower_dentry, nd);
60 nd->path.dentry = dentry_save; 67 if (nd) {
61 nd->path.mnt = vfsmount_save; 68 nd->path.dentry = dentry_save;
69 nd->path.mnt = vfsmount_save;
70 }
62 if (dentry->d_inode) { 71 if (dentry->d_inode) {
63 struct inode *lower_inode = 72 struct inode *lower_inode =
64 ecryptfs_inode_to_lower(dentry->d_inode); 73 ecryptfs_inode_to_lower(dentry->d_inode);
diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h
index 0032a9f5a3a9..43c7c43b06f5 100644
--- a/fs/ecryptfs/ecryptfs_kernel.h
+++ b/fs/ecryptfs/ecryptfs_kernel.h
@@ -192,7 +192,6 @@ ecryptfs_get_key_payload_data(struct key *key)
192 (((struct user_key_payload*)key->payload.data)->data); 192 (((struct user_key_payload*)key->payload.data)->data);
193} 193}
194 194
195#define ECRYPTFS_SUPER_MAGIC 0xf15f
196#define ECRYPTFS_MAX_KEYSET_SIZE 1024 195#define ECRYPTFS_MAX_KEYSET_SIZE 1024
197#define ECRYPTFS_MAX_CIPHER_NAME_SIZE 32 196#define ECRYPTFS_MAX_CIPHER_NAME_SIZE 32
198#define ECRYPTFS_MAX_NUM_ENC_KEYS 64 197#define ECRYPTFS_MAX_NUM_ENC_KEYS 64
@@ -201,6 +200,8 @@ ecryptfs_get_key_payload_data(struct key *key)
201#define MAGIC_ECRYPTFS_MARKER 0x3c81b7f5 200#define MAGIC_ECRYPTFS_MARKER 0x3c81b7f5
202#define MAGIC_ECRYPTFS_MARKER_SIZE_BYTES 8 /* 4*2 */ 201#define MAGIC_ECRYPTFS_MARKER_SIZE_BYTES 8 /* 4*2 */
203#define ECRYPTFS_FILE_SIZE_BYTES (sizeof(u64)) 202#define ECRYPTFS_FILE_SIZE_BYTES (sizeof(u64))
203#define ECRYPTFS_SIZE_AND_MARKER_BYTES (ECRYPTFS_FILE_SIZE_BYTES \
204 + MAGIC_ECRYPTFS_MARKER_SIZE_BYTES)
204#define ECRYPTFS_DEFAULT_CIPHER "aes" 205#define ECRYPTFS_DEFAULT_CIPHER "aes"
205#define ECRYPTFS_DEFAULT_KEY_BYTES 16 206#define ECRYPTFS_DEFAULT_KEY_BYTES 16
206#define ECRYPTFS_DEFAULT_HASH "md5" 207#define ECRYPTFS_DEFAULT_HASH "md5"
@@ -234,7 +235,7 @@ ecryptfs_get_key_payload_data(struct key *key)
234 235
235struct ecryptfs_key_sig { 236struct ecryptfs_key_sig {
236 struct list_head crypt_stat_list; 237 struct list_head crypt_stat_list;
237 char keysig[ECRYPTFS_SIG_SIZE_HEX]; 238 char keysig[ECRYPTFS_SIG_SIZE_HEX + 1];
238}; 239};
239 240
240struct ecryptfs_filename { 241struct ecryptfs_filename {
@@ -258,19 +259,19 @@ struct ecryptfs_filename {
258struct ecryptfs_crypt_stat { 259struct ecryptfs_crypt_stat {
259#define ECRYPTFS_STRUCT_INITIALIZED 0x00000001 260#define ECRYPTFS_STRUCT_INITIALIZED 0x00000001
260#define ECRYPTFS_POLICY_APPLIED 0x00000002 261#define ECRYPTFS_POLICY_APPLIED 0x00000002
261#define ECRYPTFS_NEW_FILE 0x00000004 262#define ECRYPTFS_ENCRYPTED 0x00000004
262#define ECRYPTFS_ENCRYPTED 0x00000008 263#define ECRYPTFS_SECURITY_WARNING 0x00000008
263#define ECRYPTFS_SECURITY_WARNING 0x00000010 264#define ECRYPTFS_ENABLE_HMAC 0x00000010
264#define ECRYPTFS_ENABLE_HMAC 0x00000020 265#define ECRYPTFS_ENCRYPT_IV_PAGES 0x00000020
265#define ECRYPTFS_ENCRYPT_IV_PAGES 0x00000040 266#define ECRYPTFS_KEY_VALID 0x00000040
266#define ECRYPTFS_KEY_VALID 0x00000080 267#define ECRYPTFS_METADATA_IN_XATTR 0x00000080
267#define ECRYPTFS_METADATA_IN_XATTR 0x00000100 268#define ECRYPTFS_VIEW_AS_ENCRYPTED 0x00000100
268#define ECRYPTFS_VIEW_AS_ENCRYPTED 0x00000200 269#define ECRYPTFS_KEY_SET 0x00000200
269#define ECRYPTFS_KEY_SET 0x00000400 270#define ECRYPTFS_ENCRYPT_FILENAMES 0x00000400
270#define ECRYPTFS_ENCRYPT_FILENAMES 0x00000800 271#define ECRYPTFS_ENCFN_USE_MOUNT_FNEK 0x00000800
271#define ECRYPTFS_ENCFN_USE_MOUNT_FNEK 0x00001000 272#define ECRYPTFS_ENCFN_USE_FEK 0x00001000
272#define ECRYPTFS_ENCFN_USE_FEK 0x00002000 273#define ECRYPTFS_UNLINK_SIGS 0x00002000
273#define ECRYPTFS_UNLINK_SIGS 0x00004000 274#define ECRYPTFS_I_SIZE_INITIALIZED 0x00004000
274 u32 flags; 275 u32 flags;
275 unsigned int file_version; 276 unsigned int file_version;
276 size_t iv_bytes; 277 size_t iv_bytes;
@@ -297,8 +298,9 @@ struct ecryptfs_crypt_stat {
297struct ecryptfs_inode_info { 298struct ecryptfs_inode_info {
298 struct inode vfs_inode; 299 struct inode vfs_inode;
299 struct inode *wii_inode; 300 struct inode *wii_inode;
300 struct file *lower_file;
301 struct mutex lower_file_mutex; 301 struct mutex lower_file_mutex;
302 atomic_t lower_file_count;
303 struct file *lower_file;
302 struct ecryptfs_crypt_stat crypt_stat; 304 struct ecryptfs_crypt_stat crypt_stat;
303}; 305};
304 306
@@ -334,7 +336,6 @@ struct ecryptfs_global_auth_tok {
334 u32 flags; 336 u32 flags;
335 struct list_head mount_crypt_stat_list; 337 struct list_head mount_crypt_stat_list;
336 struct key *global_auth_tok_key; 338 struct key *global_auth_tok_key;
337 struct ecryptfs_auth_tok *global_auth_tok;
338 unsigned char sig[ECRYPTFS_SIG_SIZE_HEX + 1]; 339 unsigned char sig[ECRYPTFS_SIG_SIZE_HEX + 1];
339}; 340};
340 341
@@ -377,10 +378,10 @@ struct ecryptfs_mount_crypt_stat {
377#define ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES 0x00000010 378#define ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES 0x00000010
378#define ECRYPTFS_GLOBAL_ENCFN_USE_MOUNT_FNEK 0x00000020 379#define ECRYPTFS_GLOBAL_ENCFN_USE_MOUNT_FNEK 0x00000020
379#define ECRYPTFS_GLOBAL_ENCFN_USE_FEK 0x00000040 380#define ECRYPTFS_GLOBAL_ENCFN_USE_FEK 0x00000040
381#define ECRYPTFS_GLOBAL_MOUNT_AUTH_TOK_ONLY 0x00000080
380 u32 flags; 382 u32 flags;
381 struct list_head global_auth_tok_list; 383 struct list_head global_auth_tok_list;
382 struct mutex global_auth_tok_list_mutex; 384 struct mutex global_auth_tok_list_mutex;
383 size_t num_global_auth_toks;
384 size_t global_default_cipher_key_size; 385 size_t global_default_cipher_key_size;
385 size_t global_default_fn_cipher_key_bytes; 386 size_t global_default_fn_cipher_key_bytes;
386 unsigned char global_default_cipher_name[ECRYPTFS_MAX_CIPHER_NAME_SIZE 387 unsigned char global_default_cipher_name[ECRYPTFS_MAX_CIPHER_NAME_SIZE
@@ -477,7 +478,7 @@ ecryptfs_lower_header_size(struct ecryptfs_crypt_stat *crypt_stat)
477static inline struct ecryptfs_file_info * 478static inline struct ecryptfs_file_info *
478ecryptfs_file_to_private(struct file *file) 479ecryptfs_file_to_private(struct file *file)
479{ 480{
480 return (struct ecryptfs_file_info *)file->private_data; 481 return file->private_data;
481} 482}
482 483
483static inline void 484static inline void
@@ -583,6 +584,7 @@ ecryptfs_set_dentry_lower_mnt(struct dentry *dentry, struct vfsmount *lower_mnt)
583 584
584#define ecryptfs_printk(type, fmt, arg...) \ 585#define ecryptfs_printk(type, fmt, arg...) \
585 __ecryptfs_printk(type "%s: " fmt, __func__, ## arg); 586 __ecryptfs_printk(type "%s: " fmt, __func__, ## arg);
587__attribute__ ((format(printf, 1, 2)))
586void __ecryptfs_printk(const char *fmt, ...); 588void __ecryptfs_printk(const char *fmt, ...);
587 589
588extern const struct file_operations ecryptfs_main_fops; 590extern const struct file_operations ecryptfs_main_fops;
@@ -603,8 +605,7 @@ extern struct kmem_cache *ecryptfs_file_info_cache;
603extern struct kmem_cache *ecryptfs_dentry_info_cache; 605extern struct kmem_cache *ecryptfs_dentry_info_cache;
604extern struct kmem_cache *ecryptfs_inode_info_cache; 606extern struct kmem_cache *ecryptfs_inode_info_cache;
605extern struct kmem_cache *ecryptfs_sb_info_cache; 607extern struct kmem_cache *ecryptfs_sb_info_cache;
606extern struct kmem_cache *ecryptfs_header_cache_1; 608extern struct kmem_cache *ecryptfs_header_cache;
607extern struct kmem_cache *ecryptfs_header_cache_2;
608extern struct kmem_cache *ecryptfs_xattr_cache; 609extern struct kmem_cache *ecryptfs_xattr_cache;
609extern struct kmem_cache *ecryptfs_key_record_cache; 610extern struct kmem_cache *ecryptfs_key_record_cache;
610extern struct kmem_cache *ecryptfs_key_sig_cache; 611extern struct kmem_cache *ecryptfs_key_sig_cache;
@@ -625,14 +626,9 @@ struct ecryptfs_open_req {
625 struct list_head kthread_ctl_list; 626 struct list_head kthread_ctl_list;
626}; 627};
627 628
628#define ECRYPTFS_INTERPOSE_FLAG_D_ADD 0x00000001 629struct inode *ecryptfs_get_inode(struct inode *lower_inode,
629int ecryptfs_interpose(struct dentry *hidden_dentry, 630 struct super_block *sb);
630 struct dentry *this_dentry, struct super_block *sb, 631void ecryptfs_i_size_init(const char *page_virt, struct inode *inode);
631 u32 flags);
632int ecryptfs_lookup_and_interpose_lower(struct dentry *ecryptfs_dentry,
633 struct dentry *lower_dentry,
634 struct inode *ecryptfs_dir_inode,
635 struct nameidata *ecryptfs_nd);
636int ecryptfs_decode_and_decrypt_filename(char **decrypted_name, 632int ecryptfs_decode_and_decrypt_filename(char **decrypted_name,
637 size_t *decrypted_name_size, 633 size_t *decrypted_name_size,
638 struct dentry *ecryptfs_dentry, 634 struct dentry *ecryptfs_dentry,
@@ -664,10 +660,9 @@ int ecryptfs_new_file_context(struct dentry *ecryptfs_dentry);
664void ecryptfs_write_crypt_stat_flags(char *page_virt, 660void ecryptfs_write_crypt_stat_flags(char *page_virt,
665 struct ecryptfs_crypt_stat *crypt_stat, 661 struct ecryptfs_crypt_stat *crypt_stat,
666 size_t *written); 662 size_t *written);
667int ecryptfs_read_and_validate_header_region(char *data, 663int ecryptfs_read_and_validate_header_region(struct inode *inode);
668 struct inode *ecryptfs_inode); 664int ecryptfs_read_and_validate_xattr_region(struct dentry *dentry,
669int ecryptfs_read_and_validate_xattr_region(char *page_virt, 665 struct inode *inode);
670 struct dentry *ecryptfs_dentry);
671u8 ecryptfs_code_for_cipher_string(char *cipher_name, size_t key_bytes); 666u8 ecryptfs_code_for_cipher_string(char *cipher_name, size_t key_bytes);
672int ecryptfs_cipher_code_to_string(char *str, u8 cipher_code); 667int ecryptfs_cipher_code_to_string(char *str, u8 cipher_code);
673void ecryptfs_set_default_sizes(struct ecryptfs_crypt_stat *crypt_stat); 668void ecryptfs_set_default_sizes(struct ecryptfs_crypt_stat *crypt_stat);
@@ -679,9 +674,6 @@ int
679ecryptfs_parse_packet_set(struct ecryptfs_crypt_stat *crypt_stat, 674ecryptfs_parse_packet_set(struct ecryptfs_crypt_stat *crypt_stat,
680 unsigned char *src, struct dentry *ecryptfs_dentry); 675 unsigned char *src, struct dentry *ecryptfs_dentry);
681int ecryptfs_truncate(struct dentry *dentry, loff_t new_length); 676int ecryptfs_truncate(struct dentry *dentry, loff_t new_length);
682int ecryptfs_inode_test(struct inode *inode, void *candidate_lower_inode);
683int ecryptfs_inode_set(struct inode *inode, void *lower_inode);
684void ecryptfs_init_inode(struct inode *inode, struct inode *lower_inode);
685ssize_t 677ssize_t
686ecryptfs_getxattr_lower(struct dentry *lower_dentry, const char *name, 678ecryptfs_getxattr_lower(struct dentry *lower_dentry, const char *name,
687 void *value, size_t size); 679 void *value, size_t size);
@@ -761,7 +753,8 @@ int ecryptfs_privileged_open(struct file **lower_file,
761 struct dentry *lower_dentry, 753 struct dentry *lower_dentry,
762 struct vfsmount *lower_mnt, 754 struct vfsmount *lower_mnt,
763 const struct cred *cred); 755 const struct cred *cred);
764int ecryptfs_init_persistent_file(struct dentry *ecryptfs_dentry); 756int ecryptfs_get_lower_file(struct dentry *dentry, struct inode *inode);
757void ecryptfs_put_lower_file(struct inode *inode);
765int 758int
766ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes, 759ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes,
767 size_t *packet_size, 760 size_t *packet_size,
diff --git a/fs/ecryptfs/file.c b/fs/ecryptfs/file.c
index 622c95140802..4ec9eb00a241 100644
--- a/fs/ecryptfs/file.c
+++ b/fs/ecryptfs/file.c
@@ -31,7 +31,6 @@
31#include <linux/security.h> 31#include <linux/security.h>
32#include <linux/compat.h> 32#include <linux/compat.h>
33#include <linux/fs_stack.h> 33#include <linux/fs_stack.h>
34#include <linux/smp_lock.h>
35#include "ecryptfs_kernel.h" 34#include "ecryptfs_kernel.h"
36 35
37/** 36/**
@@ -48,7 +47,7 @@ static ssize_t ecryptfs_read_update_atime(struct kiocb *iocb,
48 const struct iovec *iov, 47 const struct iovec *iov,
49 unsigned long nr_segs, loff_t pos) 48 unsigned long nr_segs, loff_t pos)
50{ 49{
51 int rc; 50 ssize_t rc;
52 struct dentry *lower_dentry; 51 struct dentry *lower_dentry;
53 struct vfsmount *lower_vfsmount; 52 struct vfsmount *lower_vfsmount;
54 struct file *file = iocb->ki_filp; 53 struct file *file = iocb->ki_filp;
@@ -192,22 +191,20 @@ static int ecryptfs_open(struct inode *inode, struct file *file)
192 | ECRYPTFS_ENCRYPTED); 191 | ECRYPTFS_ENCRYPTED);
193 } 192 }
194 mutex_unlock(&crypt_stat->cs_mutex); 193 mutex_unlock(&crypt_stat->cs_mutex);
195 if (!ecryptfs_inode_to_private(inode)->lower_file) { 194 rc = ecryptfs_get_lower_file(ecryptfs_dentry, inode);
196 rc = ecryptfs_init_persistent_file(ecryptfs_dentry); 195 if (rc) {
197 if (rc) { 196 printk(KERN_ERR "%s: Error attempting to initialize "
198 printk(KERN_ERR "%s: Error attempting to initialize " 197 "the lower file for the dentry with name "
199 "the persistent file for the dentry with name " 198 "[%s]; rc = [%d]\n", __func__,
200 "[%s]; rc = [%d]\n", __func__, 199 ecryptfs_dentry->d_name.name, rc);
201 ecryptfs_dentry->d_name.name, rc); 200 goto out_free;
202 goto out_free;
203 }
204 } 201 }
205 if ((ecryptfs_inode_to_private(inode)->lower_file->f_flags & O_RDONLY) 202 if ((ecryptfs_inode_to_private(inode)->lower_file->f_flags & O_ACCMODE)
206 && !(file->f_flags & O_RDONLY)) { 203 == O_RDONLY && (file->f_flags & O_ACCMODE) != O_RDONLY) {
207 rc = -EPERM; 204 rc = -EPERM;
208 printk(KERN_WARNING "%s: Lower persistent file is RO; eCryptfs " 205 printk(KERN_WARNING "%s: Lower file is RO; eCryptfs "
209 "file must hence be opened RO\n", __func__); 206 "file must hence be opened RO\n", __func__);
210 goto out_free; 207 goto out_put;
211 } 208 }
212 ecryptfs_set_file_lower( 209 ecryptfs_set_file_lower(
213 file, ecryptfs_inode_to_private(inode)->lower_file); 210 file, ecryptfs_inode_to_private(inode)->lower_file);
@@ -235,19 +232,22 @@ static int ecryptfs_open(struct inode *inode, struct file *file)
235 "Plaintext passthrough mode is not " 232 "Plaintext passthrough mode is not "
236 "enabled; returning -EIO\n"); 233 "enabled; returning -EIO\n");
237 mutex_unlock(&crypt_stat->cs_mutex); 234 mutex_unlock(&crypt_stat->cs_mutex);
238 goto out_free; 235 goto out_put;
239 } 236 }
240 rc = 0; 237 rc = 0;
241 crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED); 238 crypt_stat->flags &= ~(ECRYPTFS_I_SIZE_INITIALIZED
239 | ECRYPTFS_ENCRYPTED);
242 mutex_unlock(&crypt_stat->cs_mutex); 240 mutex_unlock(&crypt_stat->cs_mutex);
243 goto out; 241 goto out;
244 } 242 }
245 } 243 }
246 mutex_unlock(&crypt_stat->cs_mutex); 244 mutex_unlock(&crypt_stat->cs_mutex);
247 ecryptfs_printk(KERN_DEBUG, "inode w/ addr = [0x%p], i_ino = [0x%.16x] " 245 ecryptfs_printk(KERN_DEBUG, "inode w/ addr = [0x%p], i_ino = "
248 "size: [0x%.16x]\n", inode, inode->i_ino, 246 "[0x%.16lx] size: [0x%.16llx]\n", inode, inode->i_ino,
249 i_size_read(inode)); 247 (unsigned long long)i_size_read(inode));
250 goto out; 248 goto out;
249out_put:
250 ecryptfs_put_lower_file(inode);
251out_free: 251out_free:
252 kmem_cache_free(ecryptfs_file_info_cache, 252 kmem_cache_free(ecryptfs_file_info_cache,
253 ecryptfs_file_to_private(file)); 253 ecryptfs_file_to_private(file));
@@ -257,17 +257,13 @@ out:
257 257
258static int ecryptfs_flush(struct file *file, fl_owner_t td) 258static int ecryptfs_flush(struct file *file, fl_owner_t td)
259{ 259{
260 int rc = 0; 260 return file->f_mode & FMODE_WRITE
261 struct file *lower_file = NULL; 261 ? filemap_write_and_wait(file->f_mapping) : 0;
262
263 lower_file = ecryptfs_file_to_lower(file);
264 if (lower_file->f_op && lower_file->f_op->flush)
265 rc = lower_file->f_op->flush(lower_file, td);
266 return rc;
267} 262}
268 263
269static int ecryptfs_release(struct inode *inode, struct file *file) 264static int ecryptfs_release(struct inode *inode, struct file *file)
270{ 265{
266 ecryptfs_put_lower_file(inode);
271 kmem_cache_free(ecryptfs_file_info_cache, 267 kmem_cache_free(ecryptfs_file_info_cache,
272 ecryptfs_file_to_private(file)); 268 ecryptfs_file_to_private(file));
273 return 0; 269 return 0;
@@ -276,7 +272,14 @@ static int ecryptfs_release(struct inode *inode, struct file *file)
276static int 272static int
277ecryptfs_fsync(struct file *file, int datasync) 273ecryptfs_fsync(struct file *file, int datasync)
278{ 274{
279 return vfs_fsync(ecryptfs_file_to_lower(file), datasync); 275 int rc = 0;
276
277 rc = generic_file_fsync(file, datasync);
278 if (rc)
279 goto out;
280 rc = vfs_fsync(ecryptfs_file_to_lower(file), datasync);
281out:
282 return rc;
280} 283}
281 284
282static int ecryptfs_fasync(int fd, struct file *file, int flag) 285static int ecryptfs_fasync(int fd, struct file *file, int flag)
@@ -284,11 +287,9 @@ static int ecryptfs_fasync(int fd, struct file *file, int flag)
284 int rc = 0; 287 int rc = 0;
285 struct file *lower_file = NULL; 288 struct file *lower_file = NULL;
286 289
287 lock_kernel();
288 lower_file = ecryptfs_file_to_lower(file); 290 lower_file = ecryptfs_file_to_lower(file);
289 if (lower_file->f_op && lower_file->f_op->fasync) 291 if (lower_file->f_op && lower_file->f_op->fasync)
290 rc = lower_file->f_op->fasync(fd, lower_file, flag); 292 rc = lower_file->f_op->fasync(fd, lower_file, flag);
291 unlock_kernel();
292 return rc; 293 return rc;
293} 294}
294 295
@@ -322,6 +323,7 @@ ecryptfs_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
322 323
323const struct file_operations ecryptfs_dir_fops = { 324const struct file_operations ecryptfs_dir_fops = {
324 .readdir = ecryptfs_readdir, 325 .readdir = ecryptfs_readdir,
326 .read = generic_read_dir,
325 .unlocked_ioctl = ecryptfs_unlocked_ioctl, 327 .unlocked_ioctl = ecryptfs_unlocked_ioctl,
326#ifdef CONFIG_COMPAT 328#ifdef CONFIG_COMPAT
327 .compat_ioctl = ecryptfs_compat_ioctl, 329 .compat_ioctl = ecryptfs_compat_ioctl,
@@ -332,6 +334,7 @@ const struct file_operations ecryptfs_dir_fops = {
332 .fsync = ecryptfs_fsync, 334 .fsync = ecryptfs_fsync,
333 .fasync = ecryptfs_fasync, 335 .fasync = ecryptfs_fasync,
334 .splice_read = generic_file_splice_read, 336 .splice_read = generic_file_splice_read,
337 .llseek = default_llseek,
335}; 338};
336 339
337const struct file_operations ecryptfs_main_fops = { 340const struct file_operations ecryptfs_main_fops = {
diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c
index 3fbc94203380..7349ade17de6 100644
--- a/fs/ecryptfs/inode.c
+++ b/fs/ecryptfs/inode.c
@@ -32,6 +32,7 @@
32#include <linux/crypto.h> 32#include <linux/crypto.h>
33#include <linux/fs_stack.h> 33#include <linux/fs_stack.h>
34#include <linux/slab.h> 34#include <linux/slab.h>
35#include <linux/xattr.h>
35#include <asm/unaligned.h> 36#include <asm/unaligned.h>
36#include "ecryptfs_kernel.h" 37#include "ecryptfs_kernel.h"
37 38
@@ -50,6 +51,97 @@ static void unlock_dir(struct dentry *dir)
50 dput(dir); 51 dput(dir);
51} 52}
52 53
54static int ecryptfs_inode_test(struct inode *inode, void *lower_inode)
55{
56 if (ecryptfs_inode_to_lower(inode) == (struct inode *)lower_inode)
57 return 1;
58 return 0;
59}
60
61static int ecryptfs_inode_set(struct inode *inode, void *opaque)
62{
63 struct inode *lower_inode = opaque;
64
65 ecryptfs_set_inode_lower(inode, lower_inode);
66 fsstack_copy_attr_all(inode, lower_inode);
67 /* i_size will be overwritten for encrypted regular files */
68 fsstack_copy_inode_size(inode, lower_inode);
69 inode->i_ino = lower_inode->i_ino;
70 inode->i_version++;
71 inode->i_mapping->a_ops = &ecryptfs_aops;
72
73 if (S_ISLNK(inode->i_mode))
74 inode->i_op = &ecryptfs_symlink_iops;
75 else if (S_ISDIR(inode->i_mode))
76 inode->i_op = &ecryptfs_dir_iops;
77 else
78 inode->i_op = &ecryptfs_main_iops;
79
80 if (S_ISDIR(inode->i_mode))
81 inode->i_fop = &ecryptfs_dir_fops;
82 else if (special_file(inode->i_mode))
83 init_special_inode(inode, inode->i_mode, inode->i_rdev);
84 else
85 inode->i_fop = &ecryptfs_main_fops;
86
87 return 0;
88}
89
90static struct inode *__ecryptfs_get_inode(struct inode *lower_inode,
91 struct super_block *sb)
92{
93 struct inode *inode;
94
95 if (lower_inode->i_sb != ecryptfs_superblock_to_lower(sb))
96 return ERR_PTR(-EXDEV);
97 if (!igrab(lower_inode))
98 return ERR_PTR(-ESTALE);
99 inode = iget5_locked(sb, (unsigned long)lower_inode,
100 ecryptfs_inode_test, ecryptfs_inode_set,
101 lower_inode);
102 if (!inode) {
103 iput(lower_inode);
104 return ERR_PTR(-EACCES);
105 }
106 if (!(inode->i_state & I_NEW))
107 iput(lower_inode);
108
109 return inode;
110}
111
112struct inode *ecryptfs_get_inode(struct inode *lower_inode,
113 struct super_block *sb)
114{
115 struct inode *inode = __ecryptfs_get_inode(lower_inode, sb);
116
117 if (!IS_ERR(inode) && (inode->i_state & I_NEW))
118 unlock_new_inode(inode);
119
120 return inode;
121}
122
123/**
124 * ecryptfs_interpose
125 * @lower_dentry: Existing dentry in the lower filesystem
126 * @dentry: ecryptfs' dentry
127 * @sb: ecryptfs's super_block
128 *
129 * Interposes upper and lower dentries.
130 *
131 * Returns zero on success; non-zero otherwise
132 */
133static int ecryptfs_interpose(struct dentry *lower_dentry,
134 struct dentry *dentry, struct super_block *sb)
135{
136 struct inode *inode = ecryptfs_get_inode(lower_dentry->d_inode, sb);
137
138 if (IS_ERR(inode))
139 return PTR_ERR(inode);
140 d_instantiate(dentry, inode);
141
142 return 0;
143}
144
53/** 145/**
54 * ecryptfs_create_underlying_file 146 * ecryptfs_create_underlying_file
55 * @lower_dir_inode: inode of the parent in the lower fs of the new file 147 * @lower_dir_inode: inode of the parent in the lower fs of the new file
@@ -70,15 +162,23 @@ ecryptfs_create_underlying_file(struct inode *lower_dir_inode,
70 struct vfsmount *lower_mnt = ecryptfs_dentry_to_lower_mnt(dentry); 162 struct vfsmount *lower_mnt = ecryptfs_dentry_to_lower_mnt(dentry);
71 struct dentry *dentry_save; 163 struct dentry *dentry_save;
72 struct vfsmount *vfsmount_save; 164 struct vfsmount *vfsmount_save;
165 unsigned int flags_save;
73 int rc; 166 int rc;
74 167
75 dentry_save = nd->path.dentry; 168 if (nd) {
76 vfsmount_save = nd->path.mnt; 169 dentry_save = nd->path.dentry;
77 nd->path.dentry = lower_dentry; 170 vfsmount_save = nd->path.mnt;
78 nd->path.mnt = lower_mnt; 171 flags_save = nd->flags;
172 nd->path.dentry = lower_dentry;
173 nd->path.mnt = lower_mnt;
174 nd->flags &= ~LOOKUP_OPEN;
175 }
79 rc = vfs_create(lower_dir_inode, lower_dentry, mode, nd); 176 rc = vfs_create(lower_dir_inode, lower_dentry, mode, nd);
80 nd->path.dentry = dentry_save; 177 if (nd) {
81 nd->path.mnt = vfsmount_save; 178 nd->path.dentry = dentry_save;
179 nd->path.mnt = vfsmount_save;
180 nd->flags = flags_save;
181 }
82 return rc; 182 return rc;
83} 183}
84 184
@@ -120,7 +220,7 @@ ecryptfs_do_create(struct inode *directory_inode,
120 goto out_lock; 220 goto out_lock;
121 } 221 }
122 rc = ecryptfs_interpose(lower_dentry, ecryptfs_dentry, 222 rc = ecryptfs_interpose(lower_dentry, ecryptfs_dentry,
123 directory_inode->i_sb, 0); 223 directory_inode->i_sb);
124 if (rc) { 224 if (rc) {
125 ecryptfs_printk(KERN_ERR, "Failure in ecryptfs_interpose\n"); 225 ecryptfs_printk(KERN_ERR, "Failure in ecryptfs_interpose\n");
126 goto out_lock; 226 goto out_lock;
@@ -134,26 +234,6 @@ out:
134} 234}
135 235
136/** 236/**
137 * grow_file
138 * @ecryptfs_dentry: the eCryptfs dentry
139 *
140 * This is the code which will grow the file to its correct size.
141 */
142static int grow_file(struct dentry *ecryptfs_dentry)
143{
144 struct inode *ecryptfs_inode = ecryptfs_dentry->d_inode;
145 char zero_virt[] = { 0x00 };
146 int rc = 0;
147
148 rc = ecryptfs_write(ecryptfs_inode, zero_virt, 0, 1);
149 i_size_write(ecryptfs_inode, 0);
150 rc = ecryptfs_write_inode_size_to_metadata(ecryptfs_inode);
151 ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat.flags |=
152 ECRYPTFS_NEW_FILE;
153 return rc;
154}
155
156/**
157 * ecryptfs_initialize_file 237 * ecryptfs_initialize_file
158 * 238 *
159 * Cause the file to be changed from a basic empty file to an ecryptfs 239 * Cause the file to be changed from a basic empty file to an ecryptfs
@@ -172,7 +252,6 @@ static int ecryptfs_initialize_file(struct dentry *ecryptfs_dentry)
172 crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED); 252 crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
173 goto out; 253 goto out;
174 } 254 }
175 crypt_stat->flags |= ECRYPTFS_NEW_FILE;
176 ecryptfs_printk(KERN_DEBUG, "Initializing crypto context\n"); 255 ecryptfs_printk(KERN_DEBUG, "Initializing crypto context\n");
177 rc = ecryptfs_new_file_context(ecryptfs_dentry); 256 rc = ecryptfs_new_file_context(ecryptfs_dentry);
178 if (rc) { 257 if (rc) {
@@ -180,24 +259,19 @@ static int ecryptfs_initialize_file(struct dentry *ecryptfs_dentry)
180 "context; rc = [%d]\n", rc); 259 "context; rc = [%d]\n", rc);
181 goto out; 260 goto out;
182 } 261 }
183 if (!ecryptfs_inode_to_private(ecryptfs_dentry->d_inode)->lower_file) { 262 rc = ecryptfs_get_lower_file(ecryptfs_dentry,
184 rc = ecryptfs_init_persistent_file(ecryptfs_dentry); 263 ecryptfs_dentry->d_inode);
185 if (rc) {
186 printk(KERN_ERR "%s: Error attempting to initialize "
187 "the persistent file for the dentry with name "
188 "[%s]; rc = [%d]\n", __func__,
189 ecryptfs_dentry->d_name.name, rc);
190 goto out;
191 }
192 }
193 rc = ecryptfs_write_metadata(ecryptfs_dentry);
194 if (rc) { 264 if (rc) {
195 printk(KERN_ERR "Error writing headers; rc = [%d]\n", rc); 265 printk(KERN_ERR "%s: Error attempting to initialize "
266 "the lower file for the dentry with name "
267 "[%s]; rc = [%d]\n", __func__,
268 ecryptfs_dentry->d_name.name, rc);
196 goto out; 269 goto out;
197 } 270 }
198 rc = grow_file(ecryptfs_dentry); 271 rc = ecryptfs_write_metadata(ecryptfs_dentry);
199 if (rc) 272 if (rc)
200 printk(KERN_ERR "Error growing file; rc = [%d]\n", rc); 273 printk(KERN_ERR "Error writing headers; rc = [%d]\n", rc);
274 ecryptfs_put_lower_file(ecryptfs_dentry->d_inode);
201out: 275out:
202 return rc; 276 return rc;
203} 277}
@@ -233,187 +307,91 @@ out:
233 return rc; 307 return rc;
234} 308}
235 309
236/** 310static int ecryptfs_i_size_read(struct dentry *dentry, struct inode *inode)
237 * ecryptfs_lookup_and_interpose_lower - Perform a lookup
238 */
239int ecryptfs_lookup_and_interpose_lower(struct dentry *ecryptfs_dentry,
240 struct dentry *lower_dentry,
241 struct inode *ecryptfs_dir_inode,
242 struct nameidata *ecryptfs_nd)
243{ 311{
244 struct dentry *lower_dir_dentry;
245 struct vfsmount *lower_mnt;
246 struct inode *lower_inode;
247 struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
248 struct ecryptfs_crypt_stat *crypt_stat; 312 struct ecryptfs_crypt_stat *crypt_stat;
249 char *page_virt = NULL; 313 int rc;
250 u64 file_size;
251 int rc = 0;
252 314
253 lower_dir_dentry = lower_dentry->d_parent; 315 rc = ecryptfs_get_lower_file(dentry, inode);
254 lower_mnt = mntget(ecryptfs_dentry_to_lower_mnt(
255 ecryptfs_dentry->d_parent));
256 lower_inode = lower_dentry->d_inode;
257 fsstack_copy_attr_atime(ecryptfs_dir_inode, lower_dir_dentry->d_inode);
258 BUG_ON(!atomic_read(&lower_dentry->d_count));
259 ecryptfs_set_dentry_private(ecryptfs_dentry,
260 kmem_cache_alloc(ecryptfs_dentry_info_cache,
261 GFP_KERNEL));
262 if (!ecryptfs_dentry_to_private(ecryptfs_dentry)) {
263 rc = -ENOMEM;
264 printk(KERN_ERR "%s: Out of memory whilst attempting "
265 "to allocate ecryptfs_dentry_info struct\n",
266 __func__);
267 goto out_put;
268 }
269 ecryptfs_set_dentry_lower(ecryptfs_dentry, lower_dentry);
270 ecryptfs_set_dentry_lower_mnt(ecryptfs_dentry, lower_mnt);
271 if (!lower_dentry->d_inode) {
272 /* We want to add because we couldn't find in lower */
273 d_add(ecryptfs_dentry, NULL);
274 goto out;
275 }
276 rc = ecryptfs_interpose(lower_dentry, ecryptfs_dentry,
277 ecryptfs_dir_inode->i_sb,
278 ECRYPTFS_INTERPOSE_FLAG_D_ADD);
279 if (rc) { 316 if (rc) {
280 printk(KERN_ERR "%s: Error interposing; rc = [%d]\n", 317 printk(KERN_ERR "%s: Error attempting to initialize "
281 __func__, rc); 318 "the lower file for the dentry with name "
282 goto out; 319 "[%s]; rc = [%d]\n", __func__,
283 } 320 dentry->d_name.name, rc);
284 if (S_ISDIR(lower_inode->i_mode)) 321 return rc;
285 goto out;
286 if (S_ISLNK(lower_inode->i_mode))
287 goto out;
288 if (special_file(lower_inode->i_mode))
289 goto out;
290 if (!ecryptfs_nd)
291 goto out;
292 /* Released in this function */
293 page_virt = kmem_cache_zalloc(ecryptfs_header_cache_2, GFP_USER);
294 if (!page_virt) {
295 printk(KERN_ERR "%s: Cannot kmem_cache_zalloc() a page\n",
296 __func__);
297 rc = -ENOMEM;
298 goto out;
299 } 322 }
300 if (!ecryptfs_inode_to_private(ecryptfs_dentry->d_inode)->lower_file) { 323
301 rc = ecryptfs_init_persistent_file(ecryptfs_dentry); 324 crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat;
302 if (rc) {
303 printk(KERN_ERR "%s: Error attempting to initialize "
304 "the persistent file for the dentry with name "
305 "[%s]; rc = [%d]\n", __func__,
306 ecryptfs_dentry->d_name.name, rc);
307 goto out_free_kmem;
308 }
309 }
310 crypt_stat = &ecryptfs_inode_to_private(
311 ecryptfs_dentry->d_inode)->crypt_stat;
312 /* TODO: lock for crypt_stat comparison */ 325 /* TODO: lock for crypt_stat comparison */
313 if (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED)) 326 if (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED))
314 ecryptfs_set_default_sizes(crypt_stat); 327 ecryptfs_set_default_sizes(crypt_stat);
315 rc = ecryptfs_read_and_validate_header_region(page_virt, 328
316 ecryptfs_dentry->d_inode); 329 rc = ecryptfs_read_and_validate_header_region(inode);
330 ecryptfs_put_lower_file(inode);
317 if (rc) { 331 if (rc) {
318 memset(page_virt, 0, PAGE_CACHE_SIZE); 332 rc = ecryptfs_read_and_validate_xattr_region(dentry, inode);
319 rc = ecryptfs_read_and_validate_xattr_region(page_virt, 333 if (!rc)
320 ecryptfs_dentry); 334 crypt_stat->flags |= ECRYPTFS_METADATA_IN_XATTR;
321 if (rc) {
322 rc = 0;
323 goto out_free_kmem;
324 }
325 crypt_stat->flags |= ECRYPTFS_METADATA_IN_XATTR;
326 }
327 mount_crypt_stat = &ecryptfs_superblock_to_private(
328 ecryptfs_dentry->d_sb)->mount_crypt_stat;
329 if (mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED) {
330 if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR)
331 file_size = (crypt_stat->metadata_size
332 + i_size_read(lower_dentry->d_inode));
333 else
334 file_size = i_size_read(lower_dentry->d_inode);
335 } else {
336 file_size = get_unaligned_be64(page_virt);
337 } 335 }
338 i_size_write(ecryptfs_dentry->d_inode, (loff_t)file_size);
339out_free_kmem:
340 kmem_cache_free(ecryptfs_header_cache_2, page_virt);
341 goto out;
342out_put:
343 dput(lower_dentry);
344 mntput(lower_mnt);
345 d_drop(ecryptfs_dentry);
346out:
347 return rc;
348}
349
350/**
351 * ecryptfs_new_lower_dentry
352 * @name: The name of the new dentry.
353 * @lower_dir_dentry: Parent directory of the new dentry.
354 * @nd: nameidata from last lookup.
355 *
356 * Create a new dentry or get it from lower parent dir.
357 */
358static struct dentry *
359ecryptfs_new_lower_dentry(struct qstr *name, struct dentry *lower_dir_dentry,
360 struct nameidata *nd)
361{
362 struct dentry *new_dentry;
363 struct dentry *tmp;
364 struct inode *lower_dir_inode;
365
366 lower_dir_inode = lower_dir_dentry->d_inode;
367
368 tmp = d_alloc(lower_dir_dentry, name);
369 if (!tmp)
370 return ERR_PTR(-ENOMEM);
371 336
372 mutex_lock(&lower_dir_inode->i_mutex); 337 /* Must return 0 to allow non-eCryptfs files to be looked up, too */
373 new_dentry = lower_dir_inode->i_op->lookup(lower_dir_inode, tmp, nd); 338 return 0;
374 mutex_unlock(&lower_dir_inode->i_mutex);
375
376 if (!new_dentry)
377 new_dentry = tmp;
378 else
379 dput(tmp);
380
381 return new_dentry;
382} 339}
383 340
384
385/** 341/**
386 * ecryptfs_lookup_one_lower 342 * ecryptfs_lookup_interpose - Dentry interposition for a lookup
387 * @ecryptfs_dentry: The eCryptfs dentry that we are looking up
388 * @lower_dir_dentry: lower parent directory
389 * @name: lower file name
390 *
391 * Get the lower dentry from vfs. If lower dentry does not exist yet,
392 * create it.
393 */ 343 */
394static struct dentry * 344static int ecryptfs_lookup_interpose(struct dentry *dentry,
395ecryptfs_lookup_one_lower(struct dentry *ecryptfs_dentry, 345 struct dentry *lower_dentry,
396 struct dentry *lower_dir_dentry, struct qstr *name) 346 struct inode *dir_inode)
397{ 347{
398 struct nameidata nd; 348 struct inode *inode, *lower_inode = lower_dentry->d_inode;
349 struct ecryptfs_dentry_info *dentry_info;
399 struct vfsmount *lower_mnt; 350 struct vfsmount *lower_mnt;
400 int err; 351 int rc = 0;
352
353 lower_mnt = mntget(ecryptfs_dentry_to_lower_mnt(dentry->d_parent));
354 fsstack_copy_attr_atime(dir_inode, lower_dentry->d_parent->d_inode);
355 BUG_ON(!lower_dentry->d_count);
401 356
402 lower_mnt = mntget(ecryptfs_dentry_to_lower_mnt( 357 dentry_info = kmem_cache_alloc(ecryptfs_dentry_info_cache, GFP_KERNEL);
403 ecryptfs_dentry->d_parent)); 358 ecryptfs_set_dentry_private(dentry, dentry_info);
404 err = vfs_path_lookup(lower_dir_dentry, lower_mnt, name->name , 0, &nd); 359 if (!dentry_info) {
405 mntput(lower_mnt); 360 printk(KERN_ERR "%s: Out of memory whilst attempting "
361 "to allocate ecryptfs_dentry_info struct\n",
362 __func__);
363 dput(lower_dentry);
364 mntput(lower_mnt);
365 d_drop(dentry);
366 return -ENOMEM;
367 }
368 ecryptfs_set_dentry_lower(dentry, lower_dentry);
369 ecryptfs_set_dentry_lower_mnt(dentry, lower_mnt);
406 370
407 if (!err) { 371 if (!lower_dentry->d_inode) {
408 /* we dont need the mount */ 372 /* We want to add because we couldn't find in lower */
409 mntput(nd.path.mnt); 373 d_add(dentry, NULL);
410 return nd.path.dentry; 374 return 0;
375 }
376 inode = __ecryptfs_get_inode(lower_inode, dir_inode->i_sb);
377 if (IS_ERR(inode)) {
378 printk(KERN_ERR "%s: Error interposing; rc = [%ld]\n",
379 __func__, PTR_ERR(inode));
380 return PTR_ERR(inode);
381 }
382 if (S_ISREG(inode->i_mode)) {
383 rc = ecryptfs_i_size_read(dentry, inode);
384 if (rc) {
385 make_bad_inode(inode);
386 return rc;
387 }
411 } 388 }
412 if (err != -ENOENT)
413 return ERR_PTR(err);
414 389
415 /* create a new lower dentry */ 390 if (inode->i_state & I_NEW)
416 return ecryptfs_new_lower_dentry(name, lower_dir_dentry, &nd); 391 unlock_new_inode(inode);
392 d_add(dentry, inode);
393
394 return rc;
417} 395}
418 396
419/** 397/**
@@ -433,10 +411,8 @@ static struct dentry *ecryptfs_lookup(struct inode *ecryptfs_dir_inode,
433 size_t encrypted_and_encoded_name_size; 411 size_t encrypted_and_encoded_name_size;
434 struct ecryptfs_mount_crypt_stat *mount_crypt_stat = NULL; 412 struct ecryptfs_mount_crypt_stat *mount_crypt_stat = NULL;
435 struct dentry *lower_dir_dentry, *lower_dentry; 413 struct dentry *lower_dir_dentry, *lower_dentry;
436 struct qstr lower_name;
437 int rc = 0; 414 int rc = 0;
438 415
439 ecryptfs_dentry->d_op = &ecryptfs_dops;
440 if ((ecryptfs_dentry->d_name.len == 1 416 if ((ecryptfs_dentry->d_name.len == 1
441 && !strcmp(ecryptfs_dentry->d_name.name, ".")) 417 && !strcmp(ecryptfs_dentry->d_name.name, "."))
442 || (ecryptfs_dentry->d_name.len == 2 418 || (ecryptfs_dentry->d_name.len == 2
@@ -444,31 +420,25 @@ static struct dentry *ecryptfs_lookup(struct inode *ecryptfs_dir_inode,
444 goto out_d_drop; 420 goto out_d_drop;
445 } 421 }
446 lower_dir_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry->d_parent); 422 lower_dir_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry->d_parent);
447 lower_name.name = ecryptfs_dentry->d_name.name; 423 mutex_lock(&lower_dir_dentry->d_inode->i_mutex);
448 lower_name.len = ecryptfs_dentry->d_name.len; 424 lower_dentry = lookup_one_len(ecryptfs_dentry->d_name.name,
449 lower_name.hash = ecryptfs_dentry->d_name.hash; 425 lower_dir_dentry,
450 if (lower_dir_dentry->d_op && lower_dir_dentry->d_op->d_hash) { 426 ecryptfs_dentry->d_name.len);
451 rc = lower_dir_dentry->d_op->d_hash(lower_dir_dentry, 427 mutex_unlock(&lower_dir_dentry->d_inode->i_mutex);
452 &lower_name);
453 if (rc < 0)
454 goto out_d_drop;
455 }
456 lower_dentry = ecryptfs_lookup_one_lower(ecryptfs_dentry,
457 lower_dir_dentry, &lower_name);
458 if (IS_ERR(lower_dentry)) { 428 if (IS_ERR(lower_dentry)) {
459 rc = PTR_ERR(lower_dentry); 429 rc = PTR_ERR(lower_dentry);
460 ecryptfs_printk(KERN_DEBUG, "%s: lookup_one_lower() returned " 430 ecryptfs_printk(KERN_DEBUG, "%s: lookup_one_len() returned "
461 "[%d] on lower_dentry = [%s]\n", __func__, rc, 431 "[%d] on lower_dentry = [%s]\n", __func__, rc,
462 encrypted_and_encoded_name); 432 encrypted_and_encoded_name);
463 goto out_d_drop; 433 goto out_d_drop;
464 } 434 }
465 if (lower_dentry->d_inode) 435 if (lower_dentry->d_inode)
466 goto lookup_and_interpose; 436 goto interpose;
467 mount_crypt_stat = &ecryptfs_superblock_to_private( 437 mount_crypt_stat = &ecryptfs_superblock_to_private(
468 ecryptfs_dentry->d_sb)->mount_crypt_stat; 438 ecryptfs_dentry->d_sb)->mount_crypt_stat;
469 if (!(mount_crypt_stat 439 if (!(mount_crypt_stat
470 && (mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES))) 440 && (mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES)))
471 goto lookup_and_interpose; 441 goto interpose;
472 dput(lower_dentry); 442 dput(lower_dentry);
473 rc = ecryptfs_encrypt_and_encode_filename( 443 rc = ecryptfs_encrypt_and_encode_filename(
474 &encrypted_and_encoded_name, &encrypted_and_encoded_name_size, 444 &encrypted_and_encoded_name, &encrypted_and_encoded_name_size,
@@ -479,28 +449,21 @@ static struct dentry *ecryptfs_lookup(struct inode *ecryptfs_dir_inode,
479 "filename; rc = [%d]\n", __func__, rc); 449 "filename; rc = [%d]\n", __func__, rc);
480 goto out_d_drop; 450 goto out_d_drop;
481 } 451 }
482 lower_name.name = encrypted_and_encoded_name; 452 mutex_lock(&lower_dir_dentry->d_inode->i_mutex);
483 lower_name.len = encrypted_and_encoded_name_size; 453 lower_dentry = lookup_one_len(encrypted_and_encoded_name,
484 lower_name.hash = full_name_hash(lower_name.name, lower_name.len); 454 lower_dir_dentry,
485 if (lower_dir_dentry->d_op && lower_dir_dentry->d_op->d_hash) { 455 encrypted_and_encoded_name_size);
486 rc = lower_dir_dentry->d_op->d_hash(lower_dir_dentry, 456 mutex_unlock(&lower_dir_dentry->d_inode->i_mutex);
487 &lower_name);
488 if (rc < 0)
489 goto out_d_drop;
490 }
491 lower_dentry = ecryptfs_lookup_one_lower(ecryptfs_dentry,
492 lower_dir_dentry, &lower_name);
493 if (IS_ERR(lower_dentry)) { 457 if (IS_ERR(lower_dentry)) {
494 rc = PTR_ERR(lower_dentry); 458 rc = PTR_ERR(lower_dentry);
495 ecryptfs_printk(KERN_DEBUG, "%s: lookup_one_lower() returned " 459 ecryptfs_printk(KERN_DEBUG, "%s: lookup_one_len() returned "
496 "[%d] on lower_dentry = [%s]\n", __func__, rc, 460 "[%d] on lower_dentry = [%s]\n", __func__, rc,
497 encrypted_and_encoded_name); 461 encrypted_and_encoded_name);
498 goto out_d_drop; 462 goto out_d_drop;
499 } 463 }
500lookup_and_interpose: 464interpose:
501 rc = ecryptfs_lookup_and_interpose_lower(ecryptfs_dentry, lower_dentry, 465 rc = ecryptfs_lookup_interpose(ecryptfs_dentry, lower_dentry,
502 ecryptfs_dir_inode, 466 ecryptfs_dir_inode);
503 ecryptfs_nd);
504 goto out; 467 goto out;
505out_d_drop: 468out_d_drop:
506 d_drop(ecryptfs_dentry); 469 d_drop(ecryptfs_dentry);
@@ -528,7 +491,7 @@ static int ecryptfs_link(struct dentry *old_dentry, struct inode *dir,
528 lower_new_dentry); 491 lower_new_dentry);
529 if (rc || !lower_new_dentry->d_inode) 492 if (rc || !lower_new_dentry->d_inode)
530 goto out_lock; 493 goto out_lock;
531 rc = ecryptfs_interpose(lower_new_dentry, new_dentry, dir->i_sb, 0); 494 rc = ecryptfs_interpose(lower_new_dentry, new_dentry, dir->i_sb);
532 if (rc) 495 if (rc)
533 goto out_lock; 496 goto out_lock;
534 fsstack_copy_attr_times(dir, lower_dir_dentry->d_inode); 497 fsstack_copy_attr_times(dir, lower_dir_dentry->d_inode);
@@ -595,7 +558,7 @@ static int ecryptfs_symlink(struct inode *dir, struct dentry *dentry,
595 kfree(encoded_symname); 558 kfree(encoded_symname);
596 if (rc || !lower_dentry->d_inode) 559 if (rc || !lower_dentry->d_inode)
597 goto out_lock; 560 goto out_lock;
598 rc = ecryptfs_interpose(lower_dentry, dentry, dir->i_sb, 0); 561 rc = ecryptfs_interpose(lower_dentry, dentry, dir->i_sb);
599 if (rc) 562 if (rc)
600 goto out_lock; 563 goto out_lock;
601 fsstack_copy_attr_times(dir, lower_dir_dentry->d_inode); 564 fsstack_copy_attr_times(dir, lower_dir_dentry->d_inode);
@@ -619,7 +582,7 @@ static int ecryptfs_mkdir(struct inode *dir, struct dentry *dentry, int mode)
619 rc = vfs_mkdir(lower_dir_dentry->d_inode, lower_dentry, mode); 582 rc = vfs_mkdir(lower_dir_dentry->d_inode, lower_dentry, mode);
620 if (rc || !lower_dentry->d_inode) 583 if (rc || !lower_dentry->d_inode)
621 goto out; 584 goto out;
622 rc = ecryptfs_interpose(lower_dentry, dentry, dir->i_sb, 0); 585 rc = ecryptfs_interpose(lower_dentry, dentry, dir->i_sb);
623 if (rc) 586 if (rc)
624 goto out; 587 goto out;
625 fsstack_copy_attr_times(dir, lower_dir_dentry->d_inode); 588 fsstack_copy_attr_times(dir, lower_dir_dentry->d_inode);
@@ -644,8 +607,8 @@ static int ecryptfs_rmdir(struct inode *dir, struct dentry *dentry)
644 dget(lower_dentry); 607 dget(lower_dentry);
645 rc = vfs_rmdir(lower_dir_dentry->d_inode, lower_dentry); 608 rc = vfs_rmdir(lower_dir_dentry->d_inode, lower_dentry);
646 dput(lower_dentry); 609 dput(lower_dentry);
647 if (!rc) 610 if (!rc && dentry->d_inode)
648 d_delete(lower_dentry); 611 clear_nlink(dentry->d_inode);
649 fsstack_copy_attr_times(dir, lower_dir_dentry->d_inode); 612 fsstack_copy_attr_times(dir, lower_dir_dentry->d_inode);
650 dir->i_nlink = lower_dir_dentry->d_inode->i_nlink; 613 dir->i_nlink = lower_dir_dentry->d_inode->i_nlink;
651 unlock_dir(lower_dir_dentry); 614 unlock_dir(lower_dir_dentry);
@@ -667,7 +630,7 @@ ecryptfs_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
667 rc = vfs_mknod(lower_dir_dentry->d_inode, lower_dentry, mode, dev); 630 rc = vfs_mknod(lower_dir_dentry->d_inode, lower_dentry, mode, dev);
668 if (rc || !lower_dentry->d_inode) 631 if (rc || !lower_dentry->d_inode)
669 goto out; 632 goto out;
670 rc = ecryptfs_interpose(lower_dentry, dentry, dir->i_sb, 0); 633 rc = ecryptfs_interpose(lower_dentry, dentry, dir->i_sb);
671 if (rc) 634 if (rc)
672 goto out; 635 goto out;
673 fsstack_copy_attr_times(dir, lower_dir_dentry->d_inode); 636 fsstack_copy_attr_times(dir, lower_dir_dentry->d_inode);
@@ -716,8 +679,8 @@ ecryptfs_rename(struct inode *old_dir, struct dentry *old_dentry,
716 fsstack_copy_attr_all(old_dir, lower_old_dir_dentry->d_inode); 679 fsstack_copy_attr_all(old_dir, lower_old_dir_dentry->d_inode);
717out_lock: 680out_lock:
718 unlock_rename(lower_old_dir_dentry, lower_new_dir_dentry); 681 unlock_rename(lower_old_dir_dentry, lower_new_dir_dentry);
719 dput(lower_new_dentry->d_parent); 682 dput(lower_new_dir_dentry);
720 dput(lower_old_dentry->d_parent); 683 dput(lower_old_dir_dentry);
721 dput(lower_new_dentry); 684 dput(lower_new_dentry);
722 dput(lower_old_dentry); 685 dput(lower_old_dentry);
723 return rc; 686 return rc;
@@ -865,8 +828,11 @@ static int truncate_upper(struct dentry *dentry, struct iattr *ia,
865 828
866 if (unlikely((ia->ia_size == i_size))) { 829 if (unlikely((ia->ia_size == i_size))) {
867 lower_ia->ia_valid &= ~ATTR_SIZE; 830 lower_ia->ia_valid &= ~ATTR_SIZE;
868 goto out; 831 return 0;
869 } 832 }
833 rc = ecryptfs_get_lower_file(dentry, inode);
834 if (rc)
835 return rc;
870 crypt_stat = &ecryptfs_inode_to_private(dentry->d_inode)->crypt_stat; 836 crypt_stat = &ecryptfs_inode_to_private(dentry->d_inode)->crypt_stat;
871 /* Switch on growing or shrinking file */ 837 /* Switch on growing or shrinking file */
872 if (ia->ia_size > i_size) { 838 if (ia->ia_size > i_size) {
@@ -944,6 +910,7 @@ static int truncate_upper(struct dentry *dentry, struct iattr *ia,
944 lower_ia->ia_valid &= ~ATTR_SIZE; 910 lower_ia->ia_valid &= ~ATTR_SIZE;
945 } 911 }
946out: 912out:
913 ecryptfs_put_lower_file(inode);
947 return rc; 914 return rc;
948} 915}
949 916
@@ -975,8 +942,10 @@ int ecryptfs_truncate(struct dentry *dentry, loff_t new_length)
975} 942}
976 943
977static int 944static int
978ecryptfs_permission(struct inode *inode, int mask) 945ecryptfs_permission(struct inode *inode, int mask, unsigned int flags)
979{ 946{
947 if (flags & IPERM_FLAG_RCU)
948 return -ECHILD;
980 return inode_permission(ecryptfs_inode_to_lower(inode), mask); 949 return inode_permission(ecryptfs_inode_to_lower(inode), mask);
981} 950}
982 951
@@ -1017,7 +986,13 @@ static int ecryptfs_setattr(struct dentry *dentry, struct iattr *ia)
1017 986
1018 mount_crypt_stat = &ecryptfs_superblock_to_private( 987 mount_crypt_stat = &ecryptfs_superblock_to_private(
1019 dentry->d_sb)->mount_crypt_stat; 988 dentry->d_sb)->mount_crypt_stat;
989 rc = ecryptfs_get_lower_file(dentry, inode);
990 if (rc) {
991 mutex_unlock(&crypt_stat->cs_mutex);
992 goto out;
993 }
1020 rc = ecryptfs_read_metadata(dentry); 994 rc = ecryptfs_read_metadata(dentry);
995 ecryptfs_put_lower_file(inode);
1021 if (rc) { 996 if (rc) {
1022 if (!(mount_crypt_stat->flags 997 if (!(mount_crypt_stat->flags
1023 & ECRYPTFS_PLAINTEXT_PASSTHROUGH_ENABLED)) { 998 & ECRYPTFS_PLAINTEXT_PASSTHROUGH_ENABLED)) {
@@ -1031,10 +1006,17 @@ static int ecryptfs_setattr(struct dentry *dentry, struct iattr *ia)
1031 goto out; 1006 goto out;
1032 } 1007 }
1033 rc = 0; 1008 rc = 0;
1034 crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED); 1009 crypt_stat->flags &= ~(ECRYPTFS_I_SIZE_INITIALIZED
1010 | ECRYPTFS_ENCRYPTED);
1035 } 1011 }
1036 } 1012 }
1037 mutex_unlock(&crypt_stat->cs_mutex); 1013 mutex_unlock(&crypt_stat->cs_mutex);
1014 if (S_ISREG(inode->i_mode)) {
1015 rc = filemap_write_and_wait(inode->i_mapping);
1016 if (rc)
1017 goto out;
1018 fsstack_copy_attr_all(inode, lower_inode);
1019 }
1038 memcpy(&lower_ia, ia, sizeof(lower_ia)); 1020 memcpy(&lower_ia, ia, sizeof(lower_ia));
1039 if (ia->ia_valid & ATTR_FILE) 1021 if (ia->ia_valid & ATTR_FILE)
1040 lower_ia.ia_file = ecryptfs_file_to_lower(ia->ia_file); 1022 lower_ia.ia_file = ecryptfs_file_to_lower(ia->ia_file);
@@ -1090,6 +1072,8 @@ int ecryptfs_getattr(struct vfsmount *mnt, struct dentry *dentry,
1090 rc = vfs_getattr(ecryptfs_dentry_to_lower_mnt(dentry), 1072 rc = vfs_getattr(ecryptfs_dentry_to_lower_mnt(dentry),
1091 ecryptfs_dentry_to_lower(dentry), &lower_stat); 1073 ecryptfs_dentry_to_lower(dentry), &lower_stat);
1092 if (!rc) { 1074 if (!rc) {
1075 fsstack_copy_attr_all(dentry->d_inode,
1076 ecryptfs_inode_to_lower(dentry->d_inode));
1093 generic_fillattr(dentry->d_inode, stat); 1077 generic_fillattr(dentry->d_inode, stat);
1094 stat->blocks = lower_stat.blocks; 1078 stat->blocks = lower_stat.blocks;
1095 } 1079 }
@@ -1108,10 +1092,8 @@ ecryptfs_setxattr(struct dentry *dentry, const char *name, const void *value,
1108 rc = -EOPNOTSUPP; 1092 rc = -EOPNOTSUPP;
1109 goto out; 1093 goto out;
1110 } 1094 }
1111 mutex_lock(&lower_dentry->d_inode->i_mutex); 1095
1112 rc = lower_dentry->d_inode->i_op->setxattr(lower_dentry, name, value, 1096 rc = vfs_setxattr(lower_dentry, name, value, size, flags);
1113 size, flags);
1114 mutex_unlock(&lower_dentry->d_inode->i_mutex);
1115out: 1097out:
1116 return rc; 1098 return rc;
1117} 1099}
@@ -1177,21 +1159,6 @@ out:
1177 return rc; 1159 return rc;
1178} 1160}
1179 1161
1180int ecryptfs_inode_test(struct inode *inode, void *candidate_lower_inode)
1181{
1182 if ((ecryptfs_inode_to_lower(inode)
1183 == (struct inode *)candidate_lower_inode))
1184 return 1;
1185 else
1186 return 0;
1187}
1188
1189int ecryptfs_inode_set(struct inode *inode, void *lower_inode)
1190{
1191 ecryptfs_init_inode(inode, (struct inode *)lower_inode);
1192 return 0;
1193}
1194
1195const struct inode_operations ecryptfs_symlink_iops = { 1162const struct inode_operations ecryptfs_symlink_iops = {
1196 .readlink = ecryptfs_readlink, 1163 .readlink = ecryptfs_readlink,
1197 .follow_link = ecryptfs_follow_link, 1164 .follow_link = ecryptfs_follow_link,
diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c
index 73811cfa2ea4..27a7fefb83eb 100644
--- a/fs/ecryptfs/keystore.c
+++ b/fs/ecryptfs/keystore.c
@@ -59,12 +59,30 @@ static int process_request_key_err(long err_code)
59 break; 59 break;
60 default: 60 default:
61 ecryptfs_printk(KERN_WARNING, "Unknown error code: " 61 ecryptfs_printk(KERN_WARNING, "Unknown error code: "
62 "[0x%.16x]\n", err_code); 62 "[0x%.16lx]\n", err_code);
63 rc = -EINVAL; 63 rc = -EINVAL;
64 } 64 }
65 return rc; 65 return rc;
66} 66}
67 67
68static int process_find_global_auth_tok_for_sig_err(int err_code)
69{
70 int rc = err_code;
71
72 switch (err_code) {
73 case -ENOENT:
74 ecryptfs_printk(KERN_WARNING, "Missing auth tok\n");
75 break;
76 case -EINVAL:
77 ecryptfs_printk(KERN_WARNING, "Invalid auth tok\n");
78 break;
79 default:
80 rc = process_request_key_err(err_code);
81 break;
82 }
83 return rc;
84}
85
68/** 86/**
69 * ecryptfs_parse_packet_length 87 * ecryptfs_parse_packet_length
70 * @data: Pointer to memory containing length at offset 88 * @data: Pointer to memory containing length at offset
@@ -130,7 +148,7 @@ int ecryptfs_write_packet_length(char *dest, size_t size,
130 } else { 148 } else {
131 rc = -EINVAL; 149 rc = -EINVAL;
132 ecryptfs_printk(KERN_WARNING, 150 ecryptfs_printk(KERN_WARNING,
133 "Unsupported packet size: [%d]\n", size); 151 "Unsupported packet size: [%zd]\n", size);
134 } 152 }
135 return rc; 153 return rc;
136} 154}
@@ -403,27 +421,120 @@ out:
403 return rc; 421 return rc;
404} 422}
405 423
424/**
425 * ecryptfs_verify_version
426 * @version: The version number to confirm
427 *
428 * Returns zero on good version; non-zero otherwise
429 */
430static int ecryptfs_verify_version(u16 version)
431{
432 int rc = 0;
433 unsigned char major;
434 unsigned char minor;
435
436 major = ((version >> 8) & 0xFF);
437 minor = (version & 0xFF);
438 if (major != ECRYPTFS_VERSION_MAJOR) {
439 ecryptfs_printk(KERN_ERR, "Major version number mismatch. "
440 "Expected [%d]; got [%d]\n",
441 ECRYPTFS_VERSION_MAJOR, major);
442 rc = -EINVAL;
443 goto out;
444 }
445 if (minor != ECRYPTFS_VERSION_MINOR) {
446 ecryptfs_printk(KERN_ERR, "Minor version number mismatch. "
447 "Expected [%d]; got [%d]\n",
448 ECRYPTFS_VERSION_MINOR, minor);
449 rc = -EINVAL;
450 goto out;
451 }
452out:
453 return rc;
454}
455
456/**
457 * ecryptfs_verify_auth_tok_from_key
458 * @auth_tok_key: key containing the authentication token
459 * @auth_tok: authentication token
460 *
461 * Returns zero on valid auth tok; -EINVAL otherwise
462 */
463static int
464ecryptfs_verify_auth_tok_from_key(struct key *auth_tok_key,
465 struct ecryptfs_auth_tok **auth_tok)
466{
467 int rc = 0;
468
469 (*auth_tok) = ecryptfs_get_key_payload_data(auth_tok_key);
470 if (ecryptfs_verify_version((*auth_tok)->version)) {
471 printk(KERN_ERR "Data structure version mismatch. Userspace "
472 "tools must match eCryptfs kernel module with major "
473 "version [%d] and minor version [%d]\n",
474 ECRYPTFS_VERSION_MAJOR, ECRYPTFS_VERSION_MINOR);
475 rc = -EINVAL;
476 goto out;
477 }
478 if ((*auth_tok)->token_type != ECRYPTFS_PASSWORD
479 && (*auth_tok)->token_type != ECRYPTFS_PRIVATE_KEY) {
480 printk(KERN_ERR "Invalid auth_tok structure "
481 "returned from key query\n");
482 rc = -EINVAL;
483 goto out;
484 }
485out:
486 return rc;
487}
488
406static int 489static int
407ecryptfs_find_global_auth_tok_for_sig( 490ecryptfs_find_global_auth_tok_for_sig(
408 struct ecryptfs_global_auth_tok **global_auth_tok, 491 struct key **auth_tok_key,
492 struct ecryptfs_auth_tok **auth_tok,
409 struct ecryptfs_mount_crypt_stat *mount_crypt_stat, char *sig) 493 struct ecryptfs_mount_crypt_stat *mount_crypt_stat, char *sig)
410{ 494{
411 struct ecryptfs_global_auth_tok *walker; 495 struct ecryptfs_global_auth_tok *walker;
412 int rc = 0; 496 int rc = 0;
413 497
414 (*global_auth_tok) = NULL; 498 (*auth_tok_key) = NULL;
499 (*auth_tok) = NULL;
415 mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex); 500 mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex);
416 list_for_each_entry(walker, 501 list_for_each_entry(walker,
417 &mount_crypt_stat->global_auth_tok_list, 502 &mount_crypt_stat->global_auth_tok_list,
418 mount_crypt_stat_list) { 503 mount_crypt_stat_list) {
419 if (memcmp(walker->sig, sig, ECRYPTFS_SIG_SIZE_HEX) == 0) { 504 if (memcmp(walker->sig, sig, ECRYPTFS_SIG_SIZE_HEX))
420 rc = key_validate(walker->global_auth_tok_key); 505 continue;
421 if (!rc) 506
422 (*global_auth_tok) = walker; 507 if (walker->flags & ECRYPTFS_AUTH_TOK_INVALID) {
508 rc = -EINVAL;
423 goto out; 509 goto out;
424 } 510 }
511
512 rc = key_validate(walker->global_auth_tok_key);
513 if (rc) {
514 if (rc == -EKEYEXPIRED)
515 goto out;
516 goto out_invalid_auth_tok;
517 }
518
519 down_write(&(walker->global_auth_tok_key->sem));
520 rc = ecryptfs_verify_auth_tok_from_key(
521 walker->global_auth_tok_key, auth_tok);
522 if (rc)
523 goto out_invalid_auth_tok_unlock;
524
525 (*auth_tok_key) = walker->global_auth_tok_key;
526 key_get(*auth_tok_key);
527 goto out;
425 } 528 }
426 rc = -EINVAL; 529 rc = -ENOENT;
530 goto out;
531out_invalid_auth_tok_unlock:
532 up_write(&(walker->global_auth_tok_key->sem));
533out_invalid_auth_tok:
534 printk(KERN_WARNING "Invalidating auth tok with sig = [%s]\n", sig);
535 walker->flags |= ECRYPTFS_AUTH_TOK_INVALID;
536 key_put(walker->global_auth_tok_key);
537 walker->global_auth_tok_key = NULL;
427out: 538out:
428 mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex); 539 mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex);
429 return rc; 540 return rc;
@@ -446,22 +557,28 @@ out:
446 */ 557 */
447static int 558static int
448ecryptfs_find_auth_tok_for_sig( 559ecryptfs_find_auth_tok_for_sig(
560 struct key **auth_tok_key,
449 struct ecryptfs_auth_tok **auth_tok, 561 struct ecryptfs_auth_tok **auth_tok,
450 struct ecryptfs_mount_crypt_stat *mount_crypt_stat, 562 struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
451 char *sig) 563 char *sig)
452{ 564{
453 struct ecryptfs_global_auth_tok *global_auth_tok;
454 int rc = 0; 565 int rc = 0;
455 566
456 (*auth_tok) = NULL; 567 rc = ecryptfs_find_global_auth_tok_for_sig(auth_tok_key, auth_tok,
457 if (ecryptfs_find_global_auth_tok_for_sig(&global_auth_tok, 568 mount_crypt_stat, sig);
458 mount_crypt_stat, sig)) { 569 if (rc == -ENOENT) {
459 struct key *auth_tok_key; 570 /* if the flag ECRYPTFS_GLOBAL_MOUNT_AUTH_TOK_ONLY is set in the
460 571 * mount_crypt_stat structure, we prevent to use auth toks that
461 rc = ecryptfs_keyring_auth_tok_for_sig(&auth_tok_key, auth_tok, 572 * are not inserted through the ecryptfs_add_global_auth_tok
573 * function.
574 */
575 if (mount_crypt_stat->flags
576 & ECRYPTFS_GLOBAL_MOUNT_AUTH_TOK_ONLY)
577 return -EINVAL;
578
579 rc = ecryptfs_keyring_auth_tok_for_sig(auth_tok_key, auth_tok,
462 sig); 580 sig);
463 } else 581 }
464 (*auth_tok) = global_auth_tok->global_auth_tok;
465 return rc; 582 return rc;
466} 583}
467 584
@@ -482,8 +599,8 @@ struct ecryptfs_write_tag_70_packet_silly_stack {
482 struct mutex *tfm_mutex; 599 struct mutex *tfm_mutex;
483 char *block_aligned_filename; 600 char *block_aligned_filename;
484 struct ecryptfs_auth_tok *auth_tok; 601 struct ecryptfs_auth_tok *auth_tok;
485 struct scatterlist src_sg; 602 struct scatterlist src_sg[2];
486 struct scatterlist dst_sg; 603 struct scatterlist dst_sg[2];
487 struct blkcipher_desc desc; 604 struct blkcipher_desc desc;
488 char iv[ECRYPTFS_MAX_IV_BYTES]; 605 char iv[ECRYPTFS_MAX_IV_BYTES];
489 char hash[ECRYPTFS_TAG_70_DIGEST_SIZE]; 606 char hash[ECRYPTFS_TAG_70_DIGEST_SIZE];
@@ -509,6 +626,7 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes,
509 char *filename, size_t filename_size) 626 char *filename, size_t filename_size)
510{ 627{
511 struct ecryptfs_write_tag_70_packet_silly_stack *s; 628 struct ecryptfs_write_tag_70_packet_silly_stack *s;
629 struct key *auth_tok_key = NULL;
512 int rc = 0; 630 int rc = 0;
513 631
514 s = kmalloc(sizeof(*s), GFP_KERNEL); 632 s = kmalloc(sizeof(*s), GFP_KERNEL);
@@ -520,6 +638,16 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes,
520 } 638 }
521 s->desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP; 639 s->desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
522 (*packet_size) = 0; 640 (*packet_size) = 0;
641 rc = ecryptfs_find_auth_tok_for_sig(
642 &auth_tok_key,
643 &s->auth_tok, mount_crypt_stat,
644 mount_crypt_stat->global_default_fnek_sig);
645 if (rc) {
646 printk(KERN_ERR "%s: Error attempting to find auth tok for "
647 "fnek sig [%s]; rc = [%d]\n", __func__,
648 mount_crypt_stat->global_default_fnek_sig, rc);
649 goto out;
650 }
523 rc = ecryptfs_get_tfm_and_mutex_for_cipher_name( 651 rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(
524 &s->desc.tfm, 652 &s->desc.tfm,
525 &s->tfm_mutex, mount_crypt_stat->global_default_fn_cipher_name); 653 &s->tfm_mutex, mount_crypt_stat->global_default_fn_cipher_name);
@@ -605,15 +733,6 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes,
605 goto out_free_unlock; 733 goto out_free_unlock;
606 } 734 }
607 dest[s->i++] = s->cipher_code; 735 dest[s->i++] = s->cipher_code;
608 rc = ecryptfs_find_auth_tok_for_sig(
609 &s->auth_tok, mount_crypt_stat,
610 mount_crypt_stat->global_default_fnek_sig);
611 if (rc) {
612 printk(KERN_ERR "%s: Error attempting to find auth tok for "
613 "fnek sig [%s]; rc = [%d]\n", __func__,
614 mount_crypt_stat->global_default_fnek_sig, rc);
615 goto out_free_unlock;
616 }
617 /* TODO: Support other key modules than passphrase for 736 /* TODO: Support other key modules than passphrase for
618 * filename encryption */ 737 * filename encryption */
619 if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) { 738 if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) {
@@ -697,23 +816,21 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes,
697 memcpy(&s->block_aligned_filename[s->num_rand_bytes], filename, 816 memcpy(&s->block_aligned_filename[s->num_rand_bytes], filename,
698 filename_size); 817 filename_size);
699 rc = virt_to_scatterlist(s->block_aligned_filename, 818 rc = virt_to_scatterlist(s->block_aligned_filename,
700 s->block_aligned_filename_size, &s->src_sg, 1); 819 s->block_aligned_filename_size, s->src_sg, 2);
701 if (rc != 1) { 820 if (rc < 1) {
702 printk(KERN_ERR "%s: Internal error whilst attempting to " 821 printk(KERN_ERR "%s: Internal error whilst attempting to "
703 "convert filename memory to scatterlist; " 822 "convert filename memory to scatterlist; rc = [%d]. "
704 "expected rc = 1; got rc = [%d]. "
705 "block_aligned_filename_size = [%zd]\n", __func__, rc, 823 "block_aligned_filename_size = [%zd]\n", __func__, rc,
706 s->block_aligned_filename_size); 824 s->block_aligned_filename_size);
707 goto out_release_free_unlock; 825 goto out_release_free_unlock;
708 } 826 }
709 rc = virt_to_scatterlist(&dest[s->i], s->block_aligned_filename_size, 827 rc = virt_to_scatterlist(&dest[s->i], s->block_aligned_filename_size,
710 &s->dst_sg, 1); 828 s->dst_sg, 2);
711 if (rc != 1) { 829 if (rc < 1) {
712 printk(KERN_ERR "%s: Internal error whilst attempting to " 830 printk(KERN_ERR "%s: Internal error whilst attempting to "
713 "convert encrypted filename memory to scatterlist; " 831 "convert encrypted filename memory to scatterlist; "
714 "expected rc = 1; got rc = [%d]. " 832 "rc = [%d]. block_aligned_filename_size = [%zd]\n",
715 "block_aligned_filename_size = [%zd]\n", __func__, rc, 833 __func__, rc, s->block_aligned_filename_size);
716 s->block_aligned_filename_size);
717 goto out_release_free_unlock; 834 goto out_release_free_unlock;
718 } 835 }
719 /* The characters in the first block effectively do the job 836 /* The characters in the first block effectively do the job
@@ -736,7 +853,7 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes,
736 mount_crypt_stat->global_default_fn_cipher_key_bytes); 853 mount_crypt_stat->global_default_fn_cipher_key_bytes);
737 goto out_release_free_unlock; 854 goto out_release_free_unlock;
738 } 855 }
739 rc = crypto_blkcipher_encrypt_iv(&s->desc, &s->dst_sg, &s->src_sg, 856 rc = crypto_blkcipher_encrypt_iv(&s->desc, s->dst_sg, s->src_sg,
740 s->block_aligned_filename_size); 857 s->block_aligned_filename_size);
741 if (rc) { 858 if (rc) {
742 printk(KERN_ERR "%s: Error attempting to encrypt filename; " 859 printk(KERN_ERR "%s: Error attempting to encrypt filename; "
@@ -753,6 +870,10 @@ out_free_unlock:
753out_unlock: 870out_unlock:
754 mutex_unlock(s->tfm_mutex); 871 mutex_unlock(s->tfm_mutex);
755out: 872out:
873 if (auth_tok_key) {
874 up_write(&(auth_tok_key->sem));
875 key_put(auth_tok_key);
876 }
756 kfree(s); 877 kfree(s);
757 return rc; 878 return rc;
758} 879}
@@ -768,8 +889,8 @@ struct ecryptfs_parse_tag_70_packet_silly_stack {
768 struct mutex *tfm_mutex; 889 struct mutex *tfm_mutex;
769 char *decrypted_filename; 890 char *decrypted_filename;
770 struct ecryptfs_auth_tok *auth_tok; 891 struct ecryptfs_auth_tok *auth_tok;
771 struct scatterlist src_sg; 892 struct scatterlist src_sg[2];
772 struct scatterlist dst_sg; 893 struct scatterlist dst_sg[2];
773 struct blkcipher_desc desc; 894 struct blkcipher_desc desc;
774 char fnek_sig_hex[ECRYPTFS_SIG_SIZE_HEX + 1]; 895 char fnek_sig_hex[ECRYPTFS_SIG_SIZE_HEX + 1];
775 char iv[ECRYPTFS_MAX_IV_BYTES]; 896 char iv[ECRYPTFS_MAX_IV_BYTES];
@@ -798,6 +919,7 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size,
798 char *data, size_t max_packet_size) 919 char *data, size_t max_packet_size)
799{ 920{
800 struct ecryptfs_parse_tag_70_packet_silly_stack *s; 921 struct ecryptfs_parse_tag_70_packet_silly_stack *s;
922 struct key *auth_tok_key = NULL;
801 int rc = 0; 923 int rc = 0;
802 924
803 (*packet_size) = 0; 925 (*packet_size) = 0;
@@ -864,6 +986,15 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size,
864 __func__, s->cipher_code); 986 __func__, s->cipher_code);
865 goto out; 987 goto out;
866 } 988 }
989 rc = ecryptfs_find_auth_tok_for_sig(&auth_tok_key,
990 &s->auth_tok, mount_crypt_stat,
991 s->fnek_sig_hex);
992 if (rc) {
993 printk(KERN_ERR "%s: Error attempting to find auth tok for "
994 "fnek sig [%s]; rc = [%d]\n", __func__, s->fnek_sig_hex,
995 rc);
996 goto out;
997 }
867 rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&s->desc.tfm, 998 rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&s->desc.tfm,
868 &s->tfm_mutex, 999 &s->tfm_mutex,
869 s->cipher_string); 1000 s->cipher_string);
@@ -875,13 +1006,12 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size,
875 } 1006 }
876 mutex_lock(s->tfm_mutex); 1007 mutex_lock(s->tfm_mutex);
877 rc = virt_to_scatterlist(&data[(*packet_size)], 1008 rc = virt_to_scatterlist(&data[(*packet_size)],
878 s->block_aligned_filename_size, &s->src_sg, 1); 1009 s->block_aligned_filename_size, s->src_sg, 2);
879 if (rc != 1) { 1010 if (rc < 1) {
880 printk(KERN_ERR "%s: Internal error whilst attempting to " 1011 printk(KERN_ERR "%s: Internal error whilst attempting to "
881 "convert encrypted filename memory to scatterlist; " 1012 "convert encrypted filename memory to scatterlist; "
882 "expected rc = 1; got rc = [%d]. " 1013 "rc = [%d]. block_aligned_filename_size = [%zd]\n",
883 "block_aligned_filename_size = [%zd]\n", __func__, rc, 1014 __func__, rc, s->block_aligned_filename_size);
884 s->block_aligned_filename_size);
885 goto out_unlock; 1015 goto out_unlock;
886 } 1016 }
887 (*packet_size) += s->block_aligned_filename_size; 1017 (*packet_size) += s->block_aligned_filename_size;
@@ -895,13 +1025,12 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size,
895 goto out_unlock; 1025 goto out_unlock;
896 } 1026 }
897 rc = virt_to_scatterlist(s->decrypted_filename, 1027 rc = virt_to_scatterlist(s->decrypted_filename,
898 s->block_aligned_filename_size, &s->dst_sg, 1); 1028 s->block_aligned_filename_size, s->dst_sg, 2);
899 if (rc != 1) { 1029 if (rc < 1) {
900 printk(KERN_ERR "%s: Internal error whilst attempting to " 1030 printk(KERN_ERR "%s: Internal error whilst attempting to "
901 "convert decrypted filename memory to scatterlist; " 1031 "convert decrypted filename memory to scatterlist; "
902 "expected rc = 1; got rc = [%d]. " 1032 "rc = [%d]. block_aligned_filename_size = [%zd]\n",
903 "block_aligned_filename_size = [%zd]\n", __func__, rc, 1033 __func__, rc, s->block_aligned_filename_size);
904 s->block_aligned_filename_size);
905 goto out_free_unlock; 1034 goto out_free_unlock;
906 } 1035 }
907 /* The characters in the first block effectively do the job of 1036 /* The characters in the first block effectively do the job of
@@ -910,14 +1039,6 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size,
910 * >= ECRYPTFS_MAX_IV_BYTES. */ 1039 * >= ECRYPTFS_MAX_IV_BYTES. */
911 memset(s->iv, 0, ECRYPTFS_MAX_IV_BYTES); 1040 memset(s->iv, 0, ECRYPTFS_MAX_IV_BYTES);
912 s->desc.info = s->iv; 1041 s->desc.info = s->iv;
913 rc = ecryptfs_find_auth_tok_for_sig(&s->auth_tok, mount_crypt_stat,
914 s->fnek_sig_hex);
915 if (rc) {
916 printk(KERN_ERR "%s: Error attempting to find auth tok for "
917 "fnek sig [%s]; rc = [%d]\n", __func__, s->fnek_sig_hex,
918 rc);
919 goto out_free_unlock;
920 }
921 /* TODO: Support other key modules than passphrase for 1042 /* TODO: Support other key modules than passphrase for
922 * filename encryption */ 1043 * filename encryption */
923 if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) { 1044 if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) {
@@ -940,7 +1061,7 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size,
940 mount_crypt_stat->global_default_fn_cipher_key_bytes); 1061 mount_crypt_stat->global_default_fn_cipher_key_bytes);
941 goto out_free_unlock; 1062 goto out_free_unlock;
942 } 1063 }
943 rc = crypto_blkcipher_decrypt_iv(&s->desc, &s->dst_sg, &s->src_sg, 1064 rc = crypto_blkcipher_decrypt_iv(&s->desc, s->dst_sg, s->src_sg,
944 s->block_aligned_filename_size); 1065 s->block_aligned_filename_size);
945 if (rc) { 1066 if (rc) {
946 printk(KERN_ERR "%s: Error attempting to decrypt filename; " 1067 printk(KERN_ERR "%s: Error attempting to decrypt filename; "
@@ -986,6 +1107,10 @@ out:
986 (*filename_size) = 0; 1107 (*filename_size) = 0;
987 (*filename) = NULL; 1108 (*filename) = NULL;
988 } 1109 }
1110 if (auth_tok_key) {
1111 up_write(&(auth_tok_key->sem));
1112 key_put(auth_tok_key);
1113 }
989 kfree(s); 1114 kfree(s);
990 return rc; 1115 return rc;
991} 1116}
@@ -1502,38 +1627,6 @@ out:
1502 return rc; 1627 return rc;
1503} 1628}
1504 1629
1505/**
1506 * ecryptfs_verify_version
1507 * @version: The version number to confirm
1508 *
1509 * Returns zero on good version; non-zero otherwise
1510 */
1511static int ecryptfs_verify_version(u16 version)
1512{
1513 int rc = 0;
1514 unsigned char major;
1515 unsigned char minor;
1516
1517 major = ((version >> 8) & 0xFF);
1518 minor = (version & 0xFF);
1519 if (major != ECRYPTFS_VERSION_MAJOR) {
1520 ecryptfs_printk(KERN_ERR, "Major version number mismatch. "
1521 "Expected [%d]; got [%d]\n",
1522 ECRYPTFS_VERSION_MAJOR, major);
1523 rc = -EINVAL;
1524 goto out;
1525 }
1526 if (minor != ECRYPTFS_VERSION_MINOR) {
1527 ecryptfs_printk(KERN_ERR, "Minor version number mismatch. "
1528 "Expected [%d]; got [%d]\n",
1529 ECRYPTFS_VERSION_MINOR, minor);
1530 rc = -EINVAL;
1531 goto out;
1532 }
1533out:
1534 return rc;
1535}
1536
1537int ecryptfs_keyring_auth_tok_for_sig(struct key **auth_tok_key, 1630int ecryptfs_keyring_auth_tok_for_sig(struct key **auth_tok_key,
1538 struct ecryptfs_auth_tok **auth_tok, 1631 struct ecryptfs_auth_tok **auth_tok,
1539 char *sig) 1632 char *sig)
@@ -1545,25 +1638,15 @@ int ecryptfs_keyring_auth_tok_for_sig(struct key **auth_tok_key,
1545 printk(KERN_ERR "Could not find key with description: [%s]\n", 1638 printk(KERN_ERR "Could not find key with description: [%s]\n",
1546 sig); 1639 sig);
1547 rc = process_request_key_err(PTR_ERR(*auth_tok_key)); 1640 rc = process_request_key_err(PTR_ERR(*auth_tok_key));
1641 (*auth_tok_key) = NULL;
1548 goto out; 1642 goto out;
1549 } 1643 }
1550 (*auth_tok) = ecryptfs_get_key_payload_data(*auth_tok_key); 1644 down_write(&(*auth_tok_key)->sem);
1551 if (ecryptfs_verify_version((*auth_tok)->version)) { 1645 rc = ecryptfs_verify_auth_tok_from_key(*auth_tok_key, auth_tok);
1552 printk(KERN_ERR 1646 if (rc) {
1553 "Data structure version mismatch. " 1647 up_write(&(*auth_tok_key)->sem);
1554 "Userspace tools must match eCryptfs " 1648 key_put(*auth_tok_key);
1555 "kernel module with major version [%d] " 1649 (*auth_tok_key) = NULL;
1556 "and minor version [%d]\n",
1557 ECRYPTFS_VERSION_MAJOR,
1558 ECRYPTFS_VERSION_MINOR);
1559 rc = -EINVAL;
1560 goto out;
1561 }
1562 if ((*auth_tok)->token_type != ECRYPTFS_PASSWORD
1563 && (*auth_tok)->token_type != ECRYPTFS_PRIVATE_KEY) {
1564 printk(KERN_ERR "Invalid auth_tok structure "
1565 "returned from key query\n");
1566 rc = -EINVAL;
1567 goto out; 1650 goto out;
1568 } 1651 }
1569out: 1652out:
@@ -1649,7 +1732,7 @@ decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
1649 auth_tok->session_key.decrypted_key_size); 1732 auth_tok->session_key.decrypted_key_size);
1650 crypt_stat->flags |= ECRYPTFS_KEY_VALID; 1733 crypt_stat->flags |= ECRYPTFS_KEY_VALID;
1651 if (unlikely(ecryptfs_verbosity > 0)) { 1734 if (unlikely(ecryptfs_verbosity > 0)) {
1652 ecryptfs_printk(KERN_DEBUG, "FEK of size [%d]:\n", 1735 ecryptfs_printk(KERN_DEBUG, "FEK of size [%zd]:\n",
1653 crypt_stat->key_size); 1736 crypt_stat->key_size);
1654 ecryptfs_dump_hex(crypt_stat->key, 1737 ecryptfs_dump_hex(crypt_stat->key,
1655 crypt_stat->key_size); 1738 crypt_stat->key_size);
@@ -1688,6 +1771,7 @@ int ecryptfs_parse_packet_set(struct ecryptfs_crypt_stat *crypt_stat,
1688 struct ecryptfs_auth_tok_list_item *auth_tok_list_item; 1771 struct ecryptfs_auth_tok_list_item *auth_tok_list_item;
1689 size_t tag_11_contents_size; 1772 size_t tag_11_contents_size;
1690 size_t tag_11_packet_size; 1773 size_t tag_11_packet_size;
1774 struct key *auth_tok_key = NULL;
1691 int rc = 0; 1775 int rc = 0;
1692 1776
1693 INIT_LIST_HEAD(&auth_tok_list); 1777 INIT_LIST_HEAD(&auth_tok_list);
@@ -1730,7 +1814,7 @@ int ecryptfs_parse_packet_set(struct ecryptfs_crypt_stat *crypt_stat,
1730 if (ECRYPTFS_SIG_SIZE != tag_11_contents_size) { 1814 if (ECRYPTFS_SIG_SIZE != tag_11_contents_size) {
1731 ecryptfs_printk(KERN_ERR, "Expected " 1815 ecryptfs_printk(KERN_ERR, "Expected "
1732 "signature of size [%d]; " 1816 "signature of size [%d]; "
1733 "read size [%d]\n", 1817 "read size [%zd]\n",
1734 ECRYPTFS_SIG_SIZE, 1818 ECRYPTFS_SIG_SIZE,
1735 tag_11_contents_size); 1819 tag_11_contents_size);
1736 rc = -EIO; 1820 rc = -EIO;
@@ -1763,8 +1847,8 @@ int ecryptfs_parse_packet_set(struct ecryptfs_crypt_stat *crypt_stat,
1763 goto out_wipe_list; 1847 goto out_wipe_list;
1764 break; 1848 break;
1765 default: 1849 default:
1766 ecryptfs_printk(KERN_DEBUG, "No packet at offset " 1850 ecryptfs_printk(KERN_DEBUG, "No packet at offset [%zd] "
1767 "[%d] of the file header; hex value of " 1851 "of the file header; hex value of "
1768 "character is [0x%.2x]\n", i, src[i]); 1852 "character is [0x%.2x]\n", i, src[i]);
1769 next_packet_is_auth_tok_packet = 0; 1853 next_packet_is_auth_tok_packet = 0;
1770 } 1854 }
@@ -1784,6 +1868,11 @@ int ecryptfs_parse_packet_set(struct ecryptfs_crypt_stat *crypt_stat,
1784 * just one will be sufficient to decrypt to get the FEK. */ 1868 * just one will be sufficient to decrypt to get the FEK. */
1785find_next_matching_auth_tok: 1869find_next_matching_auth_tok:
1786 found_auth_tok = 0; 1870 found_auth_tok = 0;
1871 if (auth_tok_key) {
1872 up_write(&(auth_tok_key->sem));
1873 key_put(auth_tok_key);
1874 auth_tok_key = NULL;
1875 }
1787 list_for_each_entry(auth_tok_list_item, &auth_tok_list, list) { 1876 list_for_each_entry(auth_tok_list_item, &auth_tok_list, list) {
1788 candidate_auth_tok = &auth_tok_list_item->auth_tok; 1877 candidate_auth_tok = &auth_tok_list_item->auth_tok;
1789 if (unlikely(ecryptfs_verbosity > 0)) { 1878 if (unlikely(ecryptfs_verbosity > 0)) {
@@ -1800,10 +1889,11 @@ find_next_matching_auth_tok:
1800 rc = -EINVAL; 1889 rc = -EINVAL;
1801 goto out_wipe_list; 1890 goto out_wipe_list;
1802 } 1891 }
1803 ecryptfs_find_auth_tok_for_sig(&matching_auth_tok, 1892 rc = ecryptfs_find_auth_tok_for_sig(&auth_tok_key,
1893 &matching_auth_tok,
1804 crypt_stat->mount_crypt_stat, 1894 crypt_stat->mount_crypt_stat,
1805 candidate_auth_tok_sig); 1895 candidate_auth_tok_sig);
1806 if (matching_auth_tok) { 1896 if (!rc) {
1807 found_auth_tok = 1; 1897 found_auth_tok = 1;
1808 goto found_matching_auth_tok; 1898 goto found_matching_auth_tok;
1809 } 1899 }
@@ -1835,8 +1925,8 @@ found_matching_auth_tok:
1835 "session key for authentication token with sig " 1925 "session key for authentication token with sig "
1836 "[%.*s]; rc = [%d]. Removing auth tok " 1926 "[%.*s]; rc = [%d]. Removing auth tok "
1837 "candidate from the list and searching for " 1927 "candidate from the list and searching for "
1838 "the next match.\n", candidate_auth_tok_sig, 1928 "the next match.\n", ECRYPTFS_SIG_SIZE_HEX,
1839 ECRYPTFS_SIG_SIZE_HEX, rc); 1929 candidate_auth_tok_sig, rc);
1840 list_for_each_entry_safe(auth_tok_list_item, 1930 list_for_each_entry_safe(auth_tok_list_item,
1841 auth_tok_list_item_tmp, 1931 auth_tok_list_item_tmp,
1842 &auth_tok_list, list) { 1932 &auth_tok_list, list) {
@@ -1866,6 +1956,10 @@ found_matching_auth_tok:
1866out_wipe_list: 1956out_wipe_list:
1867 wipe_auth_tok_list(&auth_tok_list); 1957 wipe_auth_tok_list(&auth_tok_list);
1868out: 1958out:
1959 if (auth_tok_key) {
1960 up_write(&(auth_tok_key->sem));
1961 key_put(auth_tok_key);
1962 }
1869 return rc; 1963 return rc;
1870} 1964}
1871 1965
@@ -2137,7 +2231,7 @@ write_tag_3_packet(char *dest, size_t *remaining_bytes,
2137 if (encrypted_session_key_valid) { 2231 if (encrypted_session_key_valid) {
2138 ecryptfs_printk(KERN_DEBUG, "encrypted_session_key_valid != 0; " 2232 ecryptfs_printk(KERN_DEBUG, "encrypted_session_key_valid != 0; "
2139 "using auth_tok->session_key.encrypted_key, " 2233 "using auth_tok->session_key.encrypted_key, "
2140 "where key_rec->enc_key_size = [%d]\n", 2234 "where key_rec->enc_key_size = [%zd]\n",
2141 key_rec->enc_key_size); 2235 key_rec->enc_key_size);
2142 memcpy(key_rec->enc_key, 2236 memcpy(key_rec->enc_key,
2143 auth_tok->session_key.encrypted_key, 2237 auth_tok->session_key.encrypted_key,
@@ -2167,7 +2261,7 @@ write_tag_3_packet(char *dest, size_t *remaining_bytes,
2167 if (rc < 1 || rc > 2) { 2261 if (rc < 1 || rc > 2) {
2168 ecryptfs_printk(KERN_ERR, "Error generating scatterlist " 2262 ecryptfs_printk(KERN_ERR, "Error generating scatterlist "
2169 "for crypt_stat session key; expected rc = 1; " 2263 "for crypt_stat session key; expected rc = 1; "
2170 "got rc = [%d]. key_rec->enc_key_size = [%d]\n", 2264 "got rc = [%d]. key_rec->enc_key_size = [%zd]\n",
2171 rc, key_rec->enc_key_size); 2265 rc, key_rec->enc_key_size);
2172 rc = -ENOMEM; 2266 rc = -ENOMEM;
2173 goto out; 2267 goto out;
@@ -2178,7 +2272,7 @@ write_tag_3_packet(char *dest, size_t *remaining_bytes,
2178 ecryptfs_printk(KERN_ERR, "Error generating scatterlist " 2272 ecryptfs_printk(KERN_ERR, "Error generating scatterlist "
2179 "for crypt_stat encrypted session key; " 2273 "for crypt_stat encrypted session key; "
2180 "expected rc = 1; got rc = [%d]. " 2274 "expected rc = 1; got rc = [%d]. "
2181 "key_rec->enc_key_size = [%d]\n", rc, 2275 "key_rec->enc_key_size = [%zd]\n", rc,
2182 key_rec->enc_key_size); 2276 key_rec->enc_key_size);
2183 rc = -ENOMEM; 2277 rc = -ENOMEM;
2184 goto out; 2278 goto out;
@@ -2193,7 +2287,7 @@ write_tag_3_packet(char *dest, size_t *remaining_bytes,
2193 goto out; 2287 goto out;
2194 } 2288 }
2195 rc = 0; 2289 rc = 0;
2196 ecryptfs_printk(KERN_DEBUG, "Encrypting [%d] bytes of the key\n", 2290 ecryptfs_printk(KERN_DEBUG, "Encrypting [%zd] bytes of the key\n",
2197 crypt_stat->key_size); 2291 crypt_stat->key_size);
2198 rc = crypto_blkcipher_encrypt(&desc, dst_sg, src_sg, 2292 rc = crypto_blkcipher_encrypt(&desc, dst_sg, src_sg,
2199 (*key_rec).enc_key_size); 2293 (*key_rec).enc_key_size);
@@ -2204,7 +2298,7 @@ write_tag_3_packet(char *dest, size_t *remaining_bytes,
2204 } 2298 }
2205 ecryptfs_printk(KERN_DEBUG, "This should be the encrypted key:\n"); 2299 ecryptfs_printk(KERN_DEBUG, "This should be the encrypted key:\n");
2206 if (ecryptfs_verbosity > 0) { 2300 if (ecryptfs_verbosity > 0) {
2207 ecryptfs_printk(KERN_DEBUG, "EFEK of size [%d]:\n", 2301 ecryptfs_printk(KERN_DEBUG, "EFEK of size [%zd]:\n",
2208 key_rec->enc_key_size); 2302 key_rec->enc_key_size);
2209 ecryptfs_dump_hex(key_rec->enc_key, 2303 ecryptfs_dump_hex(key_rec->enc_key,
2210 key_rec->enc_key_size); 2304 key_rec->enc_key_size);
@@ -2293,7 +2387,7 @@ ecryptfs_generate_key_packet_set(char *dest_base,
2293 size_t max) 2387 size_t max)
2294{ 2388{
2295 struct ecryptfs_auth_tok *auth_tok; 2389 struct ecryptfs_auth_tok *auth_tok;
2296 struct ecryptfs_global_auth_tok *global_auth_tok; 2390 struct key *auth_tok_key = NULL;
2297 struct ecryptfs_mount_crypt_stat *mount_crypt_stat = 2391 struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
2298 &ecryptfs_superblock_to_private( 2392 &ecryptfs_superblock_to_private(
2299 ecryptfs_dentry->d_sb)->mount_crypt_stat; 2393 ecryptfs_dentry->d_sb)->mount_crypt_stat;
@@ -2312,21 +2406,16 @@ ecryptfs_generate_key_packet_set(char *dest_base,
2312 list_for_each_entry(key_sig, &crypt_stat->keysig_list, 2406 list_for_each_entry(key_sig, &crypt_stat->keysig_list,
2313 crypt_stat_list) { 2407 crypt_stat_list) {
2314 memset(key_rec, 0, sizeof(*key_rec)); 2408 memset(key_rec, 0, sizeof(*key_rec));
2315 rc = ecryptfs_find_global_auth_tok_for_sig(&global_auth_tok, 2409 rc = ecryptfs_find_global_auth_tok_for_sig(&auth_tok_key,
2410 &auth_tok,
2316 mount_crypt_stat, 2411 mount_crypt_stat,
2317 key_sig->keysig); 2412 key_sig->keysig);
2318 if (rc) { 2413 if (rc) {
2319 printk(KERN_ERR "Error attempting to get the global " 2414 printk(KERN_WARNING "Unable to retrieve auth tok with "
2320 "auth_tok; rc = [%d]\n", rc); 2415 "sig = [%s]\n", key_sig->keysig);
2416 rc = process_find_global_auth_tok_for_sig_err(rc);
2321 goto out_free; 2417 goto out_free;
2322 } 2418 }
2323 if (global_auth_tok->flags & ECRYPTFS_AUTH_TOK_INVALID) {
2324 printk(KERN_WARNING
2325 "Skipping invalid auth tok with sig = [%s]\n",
2326 global_auth_tok->sig);
2327 continue;
2328 }
2329 auth_tok = global_auth_tok->global_auth_tok;
2330 if (auth_tok->token_type == ECRYPTFS_PASSWORD) { 2419 if (auth_tok->token_type == ECRYPTFS_PASSWORD) {
2331 rc = write_tag_3_packet((dest_base + (*len)), 2420 rc = write_tag_3_packet((dest_base + (*len)),
2332 &max, auth_tok, 2421 &max, auth_tok,
@@ -2364,6 +2453,9 @@ ecryptfs_generate_key_packet_set(char *dest_base,
2364 rc = -EINVAL; 2453 rc = -EINVAL;
2365 goto out_free; 2454 goto out_free;
2366 } 2455 }
2456 up_write(&(auth_tok_key->sem));
2457 key_put(auth_tok_key);
2458 auth_tok_key = NULL;
2367 } 2459 }
2368 if (likely(max > 0)) { 2460 if (likely(max > 0)) {
2369 dest_base[(*len)] = 0x00; 2461 dest_base[(*len)] = 0x00;
@@ -2376,6 +2468,11 @@ out_free:
2376out: 2468out:
2377 if (rc) 2469 if (rc)
2378 (*len) = 0; 2470 (*len) = 0;
2471 if (auth_tok_key) {
2472 up_write(&(auth_tok_key->sem));
2473 key_put(auth_tok_key);
2474 }
2475
2379 mutex_unlock(&crypt_stat->keysig_list_mutex); 2476 mutex_unlock(&crypt_stat->keysig_list_mutex);
2380 return rc; 2477 return rc;
2381} 2478}
@@ -2393,6 +2490,7 @@ int ecryptfs_add_keysig(struct ecryptfs_crypt_stat *crypt_stat, char *sig)
2393 return -ENOMEM; 2490 return -ENOMEM;
2394 } 2491 }
2395 memcpy(new_key_sig->keysig, sig, ECRYPTFS_SIG_SIZE_HEX); 2492 memcpy(new_key_sig->keysig, sig, ECRYPTFS_SIG_SIZE_HEX);
2493 new_key_sig->keysig[ECRYPTFS_SIG_SIZE_HEX] = '\0';
2396 /* Caller must hold keysig_list_mutex */ 2494 /* Caller must hold keysig_list_mutex */
2397 list_add(&new_key_sig->crypt_stat_list, &crypt_stat->keysig_list); 2495 list_add(&new_key_sig->crypt_stat_list, &crypt_stat->keysig_list);
2398 2496
@@ -2422,7 +2520,6 @@ ecryptfs_add_global_auth_tok(struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
2422 mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex); 2520 mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex);
2423 list_add(&new_auth_tok->mount_crypt_stat_list, 2521 list_add(&new_auth_tok->mount_crypt_stat_list,
2424 &mount_crypt_stat->global_auth_tok_list); 2522 &mount_crypt_stat->global_auth_tok_list);
2425 mount_crypt_stat->num_global_auth_toks++;
2426 mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex); 2523 mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex);
2427out: 2524out:
2428 return rc; 2525 return rc;
diff --git a/fs/ecryptfs/kthread.c b/fs/ecryptfs/kthread.c
index 0851ab6980f5..69f994a7d524 100644
--- a/fs/ecryptfs/kthread.c
+++ b/fs/ecryptfs/kthread.c
@@ -44,7 +44,7 @@ static struct task_struct *ecryptfs_kthread;
44 * @ignored: ignored 44 * @ignored: ignored
45 * 45 *
46 * The eCryptfs kernel thread that has the responsibility of getting 46 * The eCryptfs kernel thread that has the responsibility of getting
47 * the lower persistent file with RW permissions. 47 * the lower file with RW permissions.
48 * 48 *
49 * Returns zero on success; non-zero otherwise 49 * Returns zero on success; non-zero otherwise
50 */ 50 */
@@ -141,8 +141,8 @@ int ecryptfs_privileged_open(struct file **lower_file,
141 int rc = 0; 141 int rc = 0;
142 142
143 /* Corresponding dput() and mntput() are done when the 143 /* Corresponding dput() and mntput() are done when the
144 * persistent file is fput() when the eCryptfs inode is 144 * lower file is fput() when all eCryptfs files for the inode are
145 * destroyed. */ 145 * released. */
146 dget(lower_dentry); 146 dget(lower_dentry);
147 mntget(lower_mnt); 147 mntget(lower_mnt);
148 flags |= IS_RDONLY(lower_dentry->d_inode) ? O_RDONLY : O_RDWR; 148 flags |= IS_RDONLY(lower_dentry->d_inode) ? O_RDONLY : O_RDWR;
diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c
index cbd4e18adb20..9f1bb747d77d 100644
--- a/fs/ecryptfs/main.c
+++ b/fs/ecryptfs/main.c
@@ -36,6 +36,7 @@
36#include <linux/parser.h> 36#include <linux/parser.h>
37#include <linux/fs_stack.h> 37#include <linux/fs_stack.h>
38#include <linux/slab.h> 38#include <linux/slab.h>
39#include <linux/magic.h>
39#include "ecryptfs_kernel.h" 40#include "ecryptfs_kernel.h"
40 41
41/** 42/**
@@ -95,7 +96,7 @@ void __ecryptfs_printk(const char *fmt, ...)
95} 96}
96 97
97/** 98/**
98 * ecryptfs_init_persistent_file 99 * ecryptfs_init_lower_file
99 * @ecryptfs_dentry: Fully initialized eCryptfs dentry object, with 100 * @ecryptfs_dentry: Fully initialized eCryptfs dentry object, with
100 * the lower dentry and the lower mount set 101 * the lower dentry and the lower mount set
101 * 102 *
@@ -103,103 +104,68 @@ void __ecryptfs_printk(const char *fmt, ...)
103 * inode. All I/O operations to the lower inode occur through that 104 * inode. All I/O operations to the lower inode occur through that
104 * file. When the first eCryptfs dentry that interposes with the first 105 * file. When the first eCryptfs dentry that interposes with the first
105 * lower dentry for that inode is created, this function creates the 106 * lower dentry for that inode is created, this function creates the
106 * persistent file struct and associates it with the eCryptfs 107 * lower file struct and associates it with the eCryptfs
107 * inode. When the eCryptfs inode is destroyed, the file is closed. 108 * inode. When all eCryptfs files associated with the inode are released, the
109 * file is closed.
108 * 110 *
109 * The persistent file will be opened with read/write permissions, if 111 * The lower file will be opened with read/write permissions, if
110 * possible. Otherwise, it is opened read-only. 112 * possible. Otherwise, it is opened read-only.
111 * 113 *
112 * This function does nothing if a lower persistent file is already 114 * This function does nothing if a lower file is already
113 * associated with the eCryptfs inode. 115 * associated with the eCryptfs inode.
114 * 116 *
115 * Returns zero on success; non-zero otherwise 117 * Returns zero on success; non-zero otherwise
116 */ 118 */
117int ecryptfs_init_persistent_file(struct dentry *ecryptfs_dentry) 119static int ecryptfs_init_lower_file(struct dentry *dentry,
120 struct file **lower_file)
118{ 121{
119 const struct cred *cred = current_cred(); 122 const struct cred *cred = current_cred();
120 struct ecryptfs_inode_info *inode_info = 123 struct dentry *lower_dentry = ecryptfs_dentry_to_lower(dentry);
121 ecryptfs_inode_to_private(ecryptfs_dentry->d_inode); 124 struct vfsmount *lower_mnt = ecryptfs_dentry_to_lower_mnt(dentry);
122 int rc = 0; 125 int rc;
126
127 rc = ecryptfs_privileged_open(lower_file, lower_dentry, lower_mnt,
128 cred);
129 if (rc) {
130 printk(KERN_ERR "Error opening lower file "
131 "for lower_dentry [0x%p] and lower_mnt [0x%p]; "
132 "rc = [%d]\n", lower_dentry, lower_mnt, rc);
133 (*lower_file) = NULL;
134 }
135 return rc;
136}
123 137
138int ecryptfs_get_lower_file(struct dentry *dentry, struct inode *inode)
139{
140 struct ecryptfs_inode_info *inode_info;
141 int count, rc = 0;
142
143 inode_info = ecryptfs_inode_to_private(inode);
124 mutex_lock(&inode_info->lower_file_mutex); 144 mutex_lock(&inode_info->lower_file_mutex);
125 if (!inode_info->lower_file) { 145 count = atomic_inc_return(&inode_info->lower_file_count);
126 struct dentry *lower_dentry; 146 if (WARN_ON_ONCE(count < 1))
127 struct vfsmount *lower_mnt = 147 rc = -EINVAL;
128 ecryptfs_dentry_to_lower_mnt(ecryptfs_dentry); 148 else if (count == 1) {
129 149 rc = ecryptfs_init_lower_file(dentry,
130 lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry); 150 &inode_info->lower_file);
131 rc = ecryptfs_privileged_open(&inode_info->lower_file, 151 if (rc)
132 lower_dentry, lower_mnt, cred); 152 atomic_set(&inode_info->lower_file_count, 0);
133 if (rc) {
134 printk(KERN_ERR "Error opening lower persistent file "
135 "for lower_dentry [0x%p] and lower_mnt [0x%p]; "
136 "rc = [%d]\n", lower_dentry, lower_mnt, rc);
137 inode_info->lower_file = NULL;
138 }
139 } 153 }
140 mutex_unlock(&inode_info->lower_file_mutex); 154 mutex_unlock(&inode_info->lower_file_mutex);
141 return rc; 155 return rc;
142} 156}
143 157
144/** 158void ecryptfs_put_lower_file(struct inode *inode)
145 * ecryptfs_interpose
146 * @lower_dentry: Existing dentry in the lower filesystem
147 * @dentry: ecryptfs' dentry
148 * @sb: ecryptfs's super_block
149 * @flags: flags to govern behavior of interpose procedure
150 *
151 * Interposes upper and lower dentries.
152 *
153 * Returns zero on success; non-zero otherwise
154 */
155int ecryptfs_interpose(struct dentry *lower_dentry, struct dentry *dentry,
156 struct super_block *sb, u32 flags)
157{ 159{
158 struct inode *lower_inode; 160 struct ecryptfs_inode_info *inode_info;
159 struct inode *inode;
160 int rc = 0;
161 161
162 lower_inode = lower_dentry->d_inode; 162 inode_info = ecryptfs_inode_to_private(inode);
163 if (lower_inode->i_sb != ecryptfs_superblock_to_lower(sb)) { 163 if (atomic_dec_and_mutex_lock(&inode_info->lower_file_count,
164 rc = -EXDEV; 164 &inode_info->lower_file_mutex)) {
165 goto out; 165 fput(inode_info->lower_file);
166 } 166 inode_info->lower_file = NULL;
167 if (!igrab(lower_inode)) { 167 mutex_unlock(&inode_info->lower_file_mutex);
168 rc = -ESTALE;
169 goto out;
170 } 168 }
171 inode = iget5_locked(sb, (unsigned long)lower_inode,
172 ecryptfs_inode_test, ecryptfs_inode_set,
173 lower_inode);
174 if (!inode) {
175 rc = -EACCES;
176 iput(lower_inode);
177 goto out;
178 }
179 if (inode->i_state & I_NEW)
180 unlock_new_inode(inode);
181 else
182 iput(lower_inode);
183 if (S_ISLNK(lower_inode->i_mode))
184 inode->i_op = &ecryptfs_symlink_iops;
185 else if (S_ISDIR(lower_inode->i_mode))
186 inode->i_op = &ecryptfs_dir_iops;
187 if (S_ISDIR(lower_inode->i_mode))
188 inode->i_fop = &ecryptfs_dir_fops;
189 if (special_file(lower_inode->i_mode))
190 init_special_inode(inode, lower_inode->i_mode,
191 lower_inode->i_rdev);
192 dentry->d_op = &ecryptfs_dops;
193 fsstack_copy_attr_all(inode, lower_inode);
194 /* This size will be overwritten for real files w/ headers and
195 * other metadata */
196 fsstack_copy_inode_size(inode, lower_inode);
197 if (flags & ECRYPTFS_INTERPOSE_FLAG_D_ADD)
198 d_add(dentry, inode);
199 else
200 d_instantiate(dentry, inode);
201out:
202 return rc;
203} 169}
204 170
205enum { ecryptfs_opt_sig, ecryptfs_opt_ecryptfs_sig, 171enum { ecryptfs_opt_sig, ecryptfs_opt_ecryptfs_sig,
@@ -208,7 +174,8 @@ enum { ecryptfs_opt_sig, ecryptfs_opt_ecryptfs_sig,
208 ecryptfs_opt_passthrough, ecryptfs_opt_xattr_metadata, 174 ecryptfs_opt_passthrough, ecryptfs_opt_xattr_metadata,
209 ecryptfs_opt_encrypted_view, ecryptfs_opt_fnek_sig, 175 ecryptfs_opt_encrypted_view, ecryptfs_opt_fnek_sig,
210 ecryptfs_opt_fn_cipher, ecryptfs_opt_fn_cipher_key_bytes, 176 ecryptfs_opt_fn_cipher, ecryptfs_opt_fn_cipher_key_bytes,
211 ecryptfs_opt_unlink_sigs, ecryptfs_opt_err }; 177 ecryptfs_opt_unlink_sigs, ecryptfs_opt_mount_auth_tok_only,
178 ecryptfs_opt_err };
212 179
213static const match_table_t tokens = { 180static const match_table_t tokens = {
214 {ecryptfs_opt_sig, "sig=%s"}, 181 {ecryptfs_opt_sig, "sig=%s"},
@@ -223,6 +190,7 @@ static const match_table_t tokens = {
223 {ecryptfs_opt_fn_cipher, "ecryptfs_fn_cipher=%s"}, 190 {ecryptfs_opt_fn_cipher, "ecryptfs_fn_cipher=%s"},
224 {ecryptfs_opt_fn_cipher_key_bytes, "ecryptfs_fn_key_bytes=%u"}, 191 {ecryptfs_opt_fn_cipher_key_bytes, "ecryptfs_fn_key_bytes=%u"},
225 {ecryptfs_opt_unlink_sigs, "ecryptfs_unlink_sigs"}, 192 {ecryptfs_opt_unlink_sigs, "ecryptfs_unlink_sigs"},
193 {ecryptfs_opt_mount_auth_tok_only, "ecryptfs_mount_auth_tok_only"},
226 {ecryptfs_opt_err, NULL} 194 {ecryptfs_opt_err, NULL}
227}; 195};
228 196
@@ -230,14 +198,14 @@ static int ecryptfs_init_global_auth_toks(
230 struct ecryptfs_mount_crypt_stat *mount_crypt_stat) 198 struct ecryptfs_mount_crypt_stat *mount_crypt_stat)
231{ 199{
232 struct ecryptfs_global_auth_tok *global_auth_tok; 200 struct ecryptfs_global_auth_tok *global_auth_tok;
201 struct ecryptfs_auth_tok *auth_tok;
233 int rc = 0; 202 int rc = 0;
234 203
235 list_for_each_entry(global_auth_tok, 204 list_for_each_entry(global_auth_tok,
236 &mount_crypt_stat->global_auth_tok_list, 205 &mount_crypt_stat->global_auth_tok_list,
237 mount_crypt_stat_list) { 206 mount_crypt_stat_list) {
238 rc = ecryptfs_keyring_auth_tok_for_sig( 207 rc = ecryptfs_keyring_auth_tok_for_sig(
239 &global_auth_tok->global_auth_tok_key, 208 &global_auth_tok->global_auth_tok_key, &auth_tok,
240 &global_auth_tok->global_auth_tok,
241 global_auth_tok->sig); 209 global_auth_tok->sig);
242 if (rc) { 210 if (rc) {
243 printk(KERN_ERR "Could not find valid key in user " 211 printk(KERN_ERR "Could not find valid key in user "
@@ -245,8 +213,10 @@ static int ecryptfs_init_global_auth_toks(
245 "option: [%s]\n", global_auth_tok->sig); 213 "option: [%s]\n", global_auth_tok->sig);
246 global_auth_tok->flags |= ECRYPTFS_AUTH_TOK_INVALID; 214 global_auth_tok->flags |= ECRYPTFS_AUTH_TOK_INVALID;
247 goto out; 215 goto out;
248 } else 216 } else {
249 global_auth_tok->flags &= ~ECRYPTFS_AUTH_TOK_INVALID; 217 global_auth_tok->flags &= ~ECRYPTFS_AUTH_TOK_INVALID;
218 up_write(&(global_auth_tok->global_auth_tok_key)->sem);
219 }
250 } 220 }
251out: 221out:
252 return rc; 222 return rc;
@@ -265,7 +235,7 @@ static void ecryptfs_init_mount_crypt_stat(
265/** 235/**
266 * ecryptfs_parse_options 236 * ecryptfs_parse_options
267 * @sb: The ecryptfs super block 237 * @sb: The ecryptfs super block
268 * @options: The options pased to the kernel 238 * @options: The options passed to the kernel
269 * 239 *
270 * Parse mount options: 240 * Parse mount options:
271 * debug=N - ecryptfs_verbosity level for debug output 241 * debug=N - ecryptfs_verbosity level for debug output
@@ -406,6 +376,10 @@ static int ecryptfs_parse_options(struct ecryptfs_sb_info *sbi, char *options)
406 case ecryptfs_opt_unlink_sigs: 376 case ecryptfs_opt_unlink_sigs:
407 mount_crypt_stat->flags |= ECRYPTFS_UNLINK_SIGS; 377 mount_crypt_stat->flags |= ECRYPTFS_UNLINK_SIGS;
408 break; 378 break;
379 case ecryptfs_opt_mount_auth_tok_only:
380 mount_crypt_stat->flags |=
381 ECRYPTFS_GLOBAL_MOUNT_AUTH_TOK_ONLY;
382 break;
409 case ecryptfs_opt_err: 383 case ecryptfs_opt_err:
410 default: 384 default:
411 printk(KERN_WARNING 385 printk(KERN_WARNING
@@ -486,68 +460,21 @@ struct kmem_cache *ecryptfs_sb_info_cache;
486static struct file_system_type ecryptfs_fs_type; 460static struct file_system_type ecryptfs_fs_type;
487 461
488/** 462/**
489 * ecryptfs_read_super
490 * @sb: The ecryptfs super block
491 * @dev_name: The path to mount over
492 *
493 * Read the super block of the lower filesystem, and use
494 * ecryptfs_interpose to create our initial inode and super block
495 * struct.
496 */
497static int ecryptfs_read_super(struct super_block *sb, const char *dev_name)
498{
499 struct path path;
500 int rc;
501
502 rc = kern_path(dev_name, LOOKUP_FOLLOW | LOOKUP_DIRECTORY, &path);
503 if (rc) {
504 ecryptfs_printk(KERN_WARNING, "path_lookup() failed\n");
505 goto out;
506 }
507 if (path.dentry->d_sb->s_type == &ecryptfs_fs_type) {
508 rc = -EINVAL;
509 printk(KERN_ERR "Mount on filesystem of type "
510 "eCryptfs explicitly disallowed due to "
511 "known incompatibilities\n");
512 goto out_free;
513 }
514 ecryptfs_set_superblock_lower(sb, path.dentry->d_sb);
515 sb->s_maxbytes = path.dentry->d_sb->s_maxbytes;
516 sb->s_blocksize = path.dentry->d_sb->s_blocksize;
517 ecryptfs_set_dentry_lower(sb->s_root, path.dentry);
518 ecryptfs_set_dentry_lower_mnt(sb->s_root, path.mnt);
519 rc = ecryptfs_interpose(path.dentry, sb->s_root, sb, 0);
520 if (rc)
521 goto out_free;
522 rc = 0;
523 goto out;
524out_free:
525 path_put(&path);
526out:
527 return rc;
528}
529
530/**
531 * ecryptfs_get_sb 463 * ecryptfs_get_sb
532 * @fs_type 464 * @fs_type
533 * @flags 465 * @flags
534 * @dev_name: The path to mount over 466 * @dev_name: The path to mount over
535 * @raw_data: The options passed into the kernel 467 * @raw_data: The options passed into the kernel
536 *
537 * The whole ecryptfs_get_sb process is broken into 3 functions:
538 * ecryptfs_parse_options(): handle options passed to ecryptfs, if any
539 * ecryptfs_read_super(): this accesses the lower filesystem and uses
540 * ecryptfs_interpose to perform most of the linking
541 * ecryptfs_interpose(): links the lower filesystem into ecryptfs (inode.c)
542 */ 468 */
543static int ecryptfs_get_sb(struct file_system_type *fs_type, int flags, 469static struct dentry *ecryptfs_mount(struct file_system_type *fs_type, int flags,
544 const char *dev_name, void *raw_data, 470 const char *dev_name, void *raw_data)
545 struct vfsmount *mnt)
546{ 471{
547 struct super_block *s; 472 struct super_block *s;
548 struct ecryptfs_sb_info *sbi; 473 struct ecryptfs_sb_info *sbi;
549 struct ecryptfs_dentry_info *root_info; 474 struct ecryptfs_dentry_info *root_info;
550 const char *err = "Getting sb failed"; 475 const char *err = "Getting sb failed";
476 struct inode *inode;
477 struct path path;
551 int rc; 478 int rc;
552 479
553 sbi = kmem_cache_zalloc(ecryptfs_sb_info_cache, GFP_KERNEL); 480 sbi = kmem_cache_zalloc(ecryptfs_sb_info_cache, GFP_KERNEL);
@@ -570,10 +497,8 @@ static int ecryptfs_get_sb(struct file_system_type *fs_type, int flags,
570 497
571 s->s_flags = flags; 498 s->s_flags = flags;
572 rc = bdi_setup_and_register(&sbi->bdi, "ecryptfs", BDI_CAP_MAP_COPY); 499 rc = bdi_setup_and_register(&sbi->bdi, "ecryptfs", BDI_CAP_MAP_COPY);
573 if (rc) { 500 if (rc)
574 deactivate_locked_super(s); 501 goto out1;
575 goto out;
576 }
577 502
578 ecryptfs_set_superblock_private(s, sbi); 503 ecryptfs_set_superblock_private(s, sbi);
579 s->s_bdi = &sbi->bdi; 504 s->s_bdi = &sbi->bdi;
@@ -581,42 +506,62 @@ static int ecryptfs_get_sb(struct file_system_type *fs_type, int flags,
581 /* ->kill_sb() will take care of sbi after that point */ 506 /* ->kill_sb() will take care of sbi after that point */
582 sbi = NULL; 507 sbi = NULL;
583 s->s_op = &ecryptfs_sops; 508 s->s_op = &ecryptfs_sops;
509 s->s_d_op = &ecryptfs_dops;
584 510
585 rc = -ENOMEM; 511 err = "Reading sb failed";
586 s->s_root = d_alloc(NULL, &(const struct qstr) { 512 rc = kern_path(dev_name, LOOKUP_FOLLOW | LOOKUP_DIRECTORY, &path);
587 .hash = 0,.name = "/",.len = 1}); 513 if (rc) {
514 ecryptfs_printk(KERN_WARNING, "kern_path() failed\n");
515 goto out1;
516 }
517 if (path.dentry->d_sb->s_type == &ecryptfs_fs_type) {
518 rc = -EINVAL;
519 printk(KERN_ERR "Mount on filesystem of type "
520 "eCryptfs explicitly disallowed due to "
521 "known incompatibilities\n");
522 goto out_free;
523 }
524 ecryptfs_set_superblock_lower(s, path.dentry->d_sb);
525 s->s_maxbytes = path.dentry->d_sb->s_maxbytes;
526 s->s_blocksize = path.dentry->d_sb->s_blocksize;
527 s->s_magic = ECRYPTFS_SUPER_MAGIC;
528
529 inode = ecryptfs_get_inode(path.dentry->d_inode, s);
530 rc = PTR_ERR(inode);
531 if (IS_ERR(inode))
532 goto out_free;
533
534 s->s_root = d_alloc_root(inode);
588 if (!s->s_root) { 535 if (!s->s_root) {
589 deactivate_locked_super(s); 536 iput(inode);
590 goto out; 537 rc = -ENOMEM;
538 goto out_free;
591 } 539 }
592 s->s_root->d_op = &ecryptfs_dops;
593 s->s_root->d_sb = s;
594 s->s_root->d_parent = s->s_root;
595 540
541 rc = -ENOMEM;
596 root_info = kmem_cache_zalloc(ecryptfs_dentry_info_cache, GFP_KERNEL); 542 root_info = kmem_cache_zalloc(ecryptfs_dentry_info_cache, GFP_KERNEL);
597 if (!root_info) { 543 if (!root_info)
598 deactivate_locked_super(s); 544 goto out_free;
599 goto out; 545
600 }
601 /* ->kill_sb() will take care of root_info */ 546 /* ->kill_sb() will take care of root_info */
602 ecryptfs_set_dentry_private(s->s_root, root_info); 547 ecryptfs_set_dentry_private(s->s_root, root_info);
548 ecryptfs_set_dentry_lower(s->s_root, path.dentry);
549 ecryptfs_set_dentry_lower_mnt(s->s_root, path.mnt);
550
603 s->s_flags |= MS_ACTIVE; 551 s->s_flags |= MS_ACTIVE;
604 rc = ecryptfs_read_super(s, dev_name); 552 return dget(s->s_root);
605 if (rc) {
606 deactivate_locked_super(s);
607 err = "Reading sb failed";
608 goto out;
609 }
610 simple_set_mnt(mnt, s);
611 return 0;
612 553
554out_free:
555 path_put(&path);
556out1:
557 deactivate_locked_super(s);
613out: 558out:
614 if (sbi) { 559 if (sbi) {
615 ecryptfs_destroy_mount_crypt_stat(&sbi->mount_crypt_stat); 560 ecryptfs_destroy_mount_crypt_stat(&sbi->mount_crypt_stat);
616 kmem_cache_free(ecryptfs_sb_info_cache, sbi); 561 kmem_cache_free(ecryptfs_sb_info_cache, sbi);
617 } 562 }
618 printk(KERN_ERR "%s; rc = [%d]\n", err, rc); 563 printk(KERN_ERR "%s; rc = [%d]\n", err, rc);
619 return rc; 564 return ERR_PTR(rc);
620} 565}
621 566
622/** 567/**
@@ -639,7 +584,7 @@ static void ecryptfs_kill_block_super(struct super_block *sb)
639static struct file_system_type ecryptfs_fs_type = { 584static struct file_system_type ecryptfs_fs_type = {
640 .owner = THIS_MODULE, 585 .owner = THIS_MODULE,
641 .name = "ecryptfs", 586 .name = "ecryptfs",
642 .get_sb = ecryptfs_get_sb, 587 .mount = ecryptfs_mount,
643 .kill_sb = ecryptfs_kill_block_super, 588 .kill_sb = ecryptfs_kill_block_super,
644 .fs_flags = 0 589 .fs_flags = 0
645}; 590};
@@ -690,13 +635,8 @@ static struct ecryptfs_cache_info {
690 .size = sizeof(struct ecryptfs_sb_info), 635 .size = sizeof(struct ecryptfs_sb_info),
691 }, 636 },
692 { 637 {
693 .cache = &ecryptfs_header_cache_1, 638 .cache = &ecryptfs_header_cache,
694 .name = "ecryptfs_headers_1", 639 .name = "ecryptfs_headers",
695 .size = PAGE_CACHE_SIZE,
696 },
697 {
698 .cache = &ecryptfs_header_cache_2,
699 .name = "ecryptfs_headers_2",
700 .size = PAGE_CACHE_SIZE, 640 .size = PAGE_CACHE_SIZE,
701 }, 641 },
702 { 642 {
@@ -824,9 +764,10 @@ static int __init ecryptfs_init(void)
824 ecryptfs_printk(KERN_ERR, "The eCryptfs extent size is " 764 ecryptfs_printk(KERN_ERR, "The eCryptfs extent size is "
825 "larger than the host's page size, and so " 765 "larger than the host's page size, and so "
826 "eCryptfs cannot run on this system. The " 766 "eCryptfs cannot run on this system. The "
827 "default eCryptfs extent size is [%d] bytes; " 767 "default eCryptfs extent size is [%u] bytes; "
828 "the page size is [%d] bytes.\n", 768 "the page size is [%lu] bytes.\n",
829 ECRYPTFS_DEFAULT_EXTENT_SIZE, PAGE_CACHE_SIZE); 769 ECRYPTFS_DEFAULT_EXTENT_SIZE,
770 (unsigned long)PAGE_CACHE_SIZE);
830 goto out; 771 goto out;
831 } 772 }
832 rc = ecryptfs_init_kmem_caches(); 773 rc = ecryptfs_init_kmem_caches();
@@ -853,7 +794,7 @@ static int __init ecryptfs_init(void)
853 } 794 }
854 rc = ecryptfs_init_messaging(); 795 rc = ecryptfs_init_messaging();
855 if (rc) { 796 if (rc) {
856 printk(KERN_ERR "Failure occured while attempting to " 797 printk(KERN_ERR "Failure occurred while attempting to "
857 "initialize the communications channel to " 798 "initialize the communications channel to "
858 "ecryptfsd\n"); 799 "ecryptfsd\n");
859 goto out_destroy_kthread; 800 goto out_destroy_kthread;
diff --git a/fs/ecryptfs/miscdev.c b/fs/ecryptfs/miscdev.c
index 00208c3d7e92..940a82e63dc3 100644
--- a/fs/ecryptfs/miscdev.c
+++ b/fs/ecryptfs/miscdev.c
@@ -482,6 +482,7 @@ static const struct file_operations ecryptfs_miscdev_fops = {
482 .read = ecryptfs_miscdev_read, 482 .read = ecryptfs_miscdev_read,
483 .write = ecryptfs_miscdev_write, 483 .write = ecryptfs_miscdev_write,
484 .release = ecryptfs_miscdev_release, 484 .release = ecryptfs_miscdev_release,
485 .llseek = noop_llseek,
485}; 486};
486 487
487static struct miscdevice ecryptfs_miscdev = { 488static struct miscdevice ecryptfs_miscdev = {
diff --git a/fs/ecryptfs/mmap.c b/fs/ecryptfs/mmap.c
index b1d82756544b..6a44148c5fb9 100644
--- a/fs/ecryptfs/mmap.c
+++ b/fs/ecryptfs/mmap.c
@@ -62,16 +62,28 @@ static int ecryptfs_writepage(struct page *page, struct writeback_control *wbc)
62{ 62{
63 int rc; 63 int rc;
64 64
65 /*
66 * Refuse to write the page out if we are called from reclaim context
67 * since our writepage() path may potentially allocate memory when
68 * calling into the lower fs vfs_write() which may in turn invoke
69 * us again.
70 */
71 if (current->flags & PF_MEMALLOC) {
72 redirty_page_for_writepage(wbc, page);
73 rc = 0;
74 goto out;
75 }
76
65 rc = ecryptfs_encrypt_page(page); 77 rc = ecryptfs_encrypt_page(page);
66 if (rc) { 78 if (rc) {
67 ecryptfs_printk(KERN_WARNING, "Error encrypting " 79 ecryptfs_printk(KERN_WARNING, "Error encrypting "
68 "page (upper index [0x%.16x])\n", page->index); 80 "page (upper index [0x%.16lx])\n", page->index);
69 ClearPageUptodate(page); 81 ClearPageUptodate(page);
70 goto out; 82 goto out;
71 } 83 }
72 SetPageUptodate(page); 84 SetPageUptodate(page);
73 unlock_page(page);
74out: 85out:
86 unlock_page(page);
75 return rc; 87 return rc;
76} 88}
77 89
@@ -193,11 +205,7 @@ static int ecryptfs_readpage(struct file *file, struct page *page)
193 &ecryptfs_inode_to_private(page->mapping->host)->crypt_stat; 205 &ecryptfs_inode_to_private(page->mapping->host)->crypt_stat;
194 int rc = 0; 206 int rc = 0;
195 207
196 if (!crypt_stat 208 if (!crypt_stat || !(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) {
197 || !(crypt_stat->flags & ECRYPTFS_ENCRYPTED)
198 || (crypt_stat->flags & ECRYPTFS_NEW_FILE)) {
199 ecryptfs_printk(KERN_DEBUG,
200 "Passing through unencrypted page\n");
201 rc = ecryptfs_read_lower_page_segment(page, page->index, 0, 209 rc = ecryptfs_read_lower_page_segment(page, page->index, 0,
202 PAGE_CACHE_SIZE, 210 PAGE_CACHE_SIZE,
203 page->mapping->host); 211 page->mapping->host);
@@ -237,7 +245,7 @@ out:
237 ClearPageUptodate(page); 245 ClearPageUptodate(page);
238 else 246 else
239 SetPageUptodate(page); 247 SetPageUptodate(page);
240 ecryptfs_printk(KERN_DEBUG, "Unlocking page with index = [0x%.16x]\n", 248 ecryptfs_printk(KERN_DEBUG, "Unlocking page with index = [0x%.16lx]\n",
241 page->index); 249 page->index);
242 unlock_page(page); 250 unlock_page(page);
243 return rc; 251 return rc;
@@ -290,12 +298,12 @@ static int ecryptfs_write_begin(struct file *file,
290 return -ENOMEM; 298 return -ENOMEM;
291 *pagep = page; 299 *pagep = page;
292 300
301 prev_page_end_size = ((loff_t)index << PAGE_CACHE_SHIFT);
293 if (!PageUptodate(page)) { 302 if (!PageUptodate(page)) {
294 struct ecryptfs_crypt_stat *crypt_stat = 303 struct ecryptfs_crypt_stat *crypt_stat =
295 &ecryptfs_inode_to_private(mapping->host)->crypt_stat; 304 &ecryptfs_inode_to_private(mapping->host)->crypt_stat;
296 305
297 if (!(crypt_stat->flags & ECRYPTFS_ENCRYPTED) 306 if (!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) {
298 || (crypt_stat->flags & ECRYPTFS_NEW_FILE)) {
299 rc = ecryptfs_read_lower_page_segment( 307 rc = ecryptfs_read_lower_page_segment(
300 page, index, 0, PAGE_CACHE_SIZE, mapping->host); 308 page, index, 0, PAGE_CACHE_SIZE, mapping->host);
301 if (rc) { 309 if (rc) {
@@ -335,18 +343,23 @@ static int ecryptfs_write_begin(struct file *file,
335 SetPageUptodate(page); 343 SetPageUptodate(page);
336 } 344 }
337 } else { 345 } else {
338 rc = ecryptfs_decrypt_page(page); 346 if (prev_page_end_size
339 if (rc) { 347 >= i_size_read(page->mapping->host)) {
340 printk(KERN_ERR "%s: Error decrypting page " 348 zero_user(page, 0, PAGE_CACHE_SIZE);
341 "at index [%ld]; rc = [%d]\n", 349 } else {
342 __func__, page->index, rc); 350 rc = ecryptfs_decrypt_page(page);
343 ClearPageUptodate(page); 351 if (rc) {
344 goto out; 352 printk(KERN_ERR "%s: Error decrypting "
353 "page at index [%ld]; "
354 "rc = [%d]\n",
355 __func__, page->index, rc);
356 ClearPageUptodate(page);
357 goto out;
358 }
345 } 359 }
346 SetPageUptodate(page); 360 SetPageUptodate(page);
347 } 361 }
348 } 362 }
349 prev_page_end_size = ((loff_t)index << PAGE_CACHE_SHIFT);
350 /* If creating a page or more of holes, zero them out via truncate. 363 /* If creating a page or more of holes, zero them out via truncate.
351 * Note, this will increase i_size. */ 364 * Note, this will increase i_size. */
352 if (index != 0) { 365 if (index != 0) {
@@ -368,6 +381,11 @@ static int ecryptfs_write_begin(struct file *file,
368 && (pos != 0)) 381 && (pos != 0))
369 zero_user(page, 0, PAGE_CACHE_SIZE); 382 zero_user(page, 0, PAGE_CACHE_SIZE);
370out: 383out:
384 if (unlikely(rc)) {
385 unlock_page(page);
386 page_cache_release(page);
387 *pagep = NULL;
388 }
371 return rc; 389 return rc;
372} 390}
373 391
@@ -480,15 +498,10 @@ static int ecryptfs_write_end(struct file *file,
480 struct ecryptfs_crypt_stat *crypt_stat = 498 struct ecryptfs_crypt_stat *crypt_stat =
481 &ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat; 499 &ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat;
482 int rc; 500 int rc;
501 int need_unlock_page = 1;
483 502
484 if (crypt_stat->flags & ECRYPTFS_NEW_FILE) {
485 ecryptfs_printk(KERN_DEBUG, "ECRYPTFS_NEW_FILE flag set in "
486 "crypt_stat at memory location [%p]\n", crypt_stat);
487 crypt_stat->flags &= ~(ECRYPTFS_NEW_FILE);
488 } else
489 ecryptfs_printk(KERN_DEBUG, "Not a new file\n");
490 ecryptfs_printk(KERN_DEBUG, "Calling fill_zeros_to_end_of_page" 503 ecryptfs_printk(KERN_DEBUG, "Calling fill_zeros_to_end_of_page"
491 "(page w/ index = [0x%.16x], to = [%d])\n", index, to); 504 "(page w/ index = [0x%.16lx], to = [%d])\n", index, to);
492 if (!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) { 505 if (!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) {
493 rc = ecryptfs_write_lower_page_segment(ecryptfs_inode, page, 0, 506 rc = ecryptfs_write_lower_page_segment(ecryptfs_inode, page, 0,
494 to); 507 to);
@@ -503,28 +516,29 @@ static int ecryptfs_write_end(struct file *file,
503 rc = fill_zeros_to_end_of_page(page, to); 516 rc = fill_zeros_to_end_of_page(page, to);
504 if (rc) { 517 if (rc) {
505 ecryptfs_printk(KERN_WARNING, "Error attempting to fill " 518 ecryptfs_printk(KERN_WARNING, "Error attempting to fill "
506 "zeros in page with index = [0x%.16x]\n", index); 519 "zeros in page with index = [0x%.16lx]\n", index);
507 goto out;
508 }
509 rc = ecryptfs_encrypt_page(page);
510 if (rc) {
511 ecryptfs_printk(KERN_WARNING, "Error encrypting page (upper "
512 "index [0x%.16x])\n", index);
513 goto out; 520 goto out;
514 } 521 }
522 set_page_dirty(page);
523 unlock_page(page);
524 need_unlock_page = 0;
515 if (pos + copied > i_size_read(ecryptfs_inode)) { 525 if (pos + copied > i_size_read(ecryptfs_inode)) {
516 i_size_write(ecryptfs_inode, pos + copied); 526 i_size_write(ecryptfs_inode, pos + copied);
517 ecryptfs_printk(KERN_DEBUG, "Expanded file size to " 527 ecryptfs_printk(KERN_DEBUG, "Expanded file size to "
518 "[0x%.16x]\n", i_size_read(ecryptfs_inode)); 528 "[0x%.16llx]\n",
529 (unsigned long long)i_size_read(ecryptfs_inode));
530 balance_dirty_pages_ratelimited(mapping);
531 rc = ecryptfs_write_inode_size_to_metadata(ecryptfs_inode);
532 if (rc) {
533 printk(KERN_ERR "Error writing inode size to metadata; "
534 "rc = [%d]\n", rc);
535 goto out;
536 }
519 } 537 }
520 rc = ecryptfs_write_inode_size_to_metadata(ecryptfs_inode); 538 rc = copied;
521 if (rc)
522 printk(KERN_ERR "Error writing inode size to metadata; "
523 "rc = [%d]\n", rc);
524 else
525 rc = copied;
526out: 539out:
527 unlock_page(page); 540 if (need_unlock_page)
541 unlock_page(page);
528 page_cache_release(page); 542 page_cache_release(page);
529 return rc; 543 return rc;
530} 544}
diff --git a/fs/ecryptfs/read_write.c b/fs/ecryptfs/read_write.c
index db184ef15d3d..85d430963116 100644
--- a/fs/ecryptfs/read_write.c
+++ b/fs/ecryptfs/read_write.c
@@ -44,15 +44,11 @@ int ecryptfs_write_lower(struct inode *ecryptfs_inode, char *data,
44 ssize_t rc; 44 ssize_t rc;
45 45
46 inode_info = ecryptfs_inode_to_private(ecryptfs_inode); 46 inode_info = ecryptfs_inode_to_private(ecryptfs_inode);
47 mutex_lock(&inode_info->lower_file_mutex);
48 BUG_ON(!inode_info->lower_file); 47 BUG_ON(!inode_info->lower_file);
49 inode_info->lower_file->f_pos = offset;
50 fs_save = get_fs(); 48 fs_save = get_fs();
51 set_fs(get_ds()); 49 set_fs(get_ds());
52 rc = vfs_write(inode_info->lower_file, data, size, 50 rc = vfs_write(inode_info->lower_file, data, size, &offset);
53 &inode_info->lower_file->f_pos);
54 set_fs(fs_save); 51 set_fs(fs_save);
55 mutex_unlock(&inode_info->lower_file_mutex);
56 mark_inode_dirty_sync(ecryptfs_inode); 52 mark_inode_dirty_sync(ecryptfs_inode);
57 return rc; 53 return rc;
58} 54}
@@ -234,15 +230,11 @@ int ecryptfs_read_lower(char *data, loff_t offset, size_t size,
234 mm_segment_t fs_save; 230 mm_segment_t fs_save;
235 ssize_t rc; 231 ssize_t rc;
236 232
237 mutex_lock(&inode_info->lower_file_mutex);
238 BUG_ON(!inode_info->lower_file); 233 BUG_ON(!inode_info->lower_file);
239 inode_info->lower_file->f_pos = offset;
240 fs_save = get_fs(); 234 fs_save = get_fs();
241 set_fs(get_ds()); 235 set_fs(get_ds());
242 rc = vfs_read(inode_info->lower_file, data, size, 236 rc = vfs_read(inode_info->lower_file, data, size, &offset);
243 &inode_info->lower_file->f_pos);
244 set_fs(fs_save); 237 set_fs(fs_save);
245 mutex_unlock(&inode_info->lower_file_mutex);
246 return rc; 238 return rc;
247} 239}
248 240
diff --git a/fs/ecryptfs/super.c b/fs/ecryptfs/super.c
index f7fc286a3aa9..dbd52d40df4c 100644
--- a/fs/ecryptfs/super.c
+++ b/fs/ecryptfs/super.c
@@ -28,7 +28,6 @@
28#include <linux/key.h> 28#include <linux/key.h>
29#include <linux/slab.h> 29#include <linux/slab.h>
30#include <linux/seq_file.h> 30#include <linux/seq_file.h>
31#include <linux/smp_lock.h>
32#include <linux/file.h> 31#include <linux/file.h>
33#include <linux/crypto.h> 32#include <linux/crypto.h>
34#include "ecryptfs_kernel.h" 33#include "ecryptfs_kernel.h"
@@ -57,20 +56,30 @@ static struct inode *ecryptfs_alloc_inode(struct super_block *sb)
57 goto out; 56 goto out;
58 ecryptfs_init_crypt_stat(&inode_info->crypt_stat); 57 ecryptfs_init_crypt_stat(&inode_info->crypt_stat);
59 mutex_init(&inode_info->lower_file_mutex); 58 mutex_init(&inode_info->lower_file_mutex);
59 atomic_set(&inode_info->lower_file_count, 0);
60 inode_info->lower_file = NULL; 60 inode_info->lower_file = NULL;
61 inode = &inode_info->vfs_inode; 61 inode = &inode_info->vfs_inode;
62out: 62out:
63 return inode; 63 return inode;
64} 64}
65 65
66static void ecryptfs_i_callback(struct rcu_head *head)
67{
68 struct inode *inode = container_of(head, struct inode, i_rcu);
69 struct ecryptfs_inode_info *inode_info;
70 inode_info = ecryptfs_inode_to_private(inode);
71
72 INIT_LIST_HEAD(&inode->i_dentry);
73 kmem_cache_free(ecryptfs_inode_info_cache, inode_info);
74}
75
66/** 76/**
67 * ecryptfs_destroy_inode 77 * ecryptfs_destroy_inode
68 * @inode: The ecryptfs inode 78 * @inode: The ecryptfs inode
69 * 79 *
70 * This is used during the final destruction of the inode. All 80 * This is used during the final destruction of the inode. All
71 * allocation of memory related to the inode, including allocated 81 * allocation of memory related to the inode, including allocated
72 * memory in the crypt_stat struct, will be released here. This 82 * memory in the crypt_stat struct, will be released here.
73 * function also fput()'s the persistent file for the lower inode.
74 * There should be no chance that this deallocation will be missed. 83 * There should be no chance that this deallocation will be missed.
75 */ 84 */
76static void ecryptfs_destroy_inode(struct inode *inode) 85static void ecryptfs_destroy_inode(struct inode *inode)
@@ -78,34 +87,9 @@ static void ecryptfs_destroy_inode(struct inode *inode)
78 struct ecryptfs_inode_info *inode_info; 87 struct ecryptfs_inode_info *inode_info;
79 88
80 inode_info = ecryptfs_inode_to_private(inode); 89 inode_info = ecryptfs_inode_to_private(inode);
81 if (inode_info->lower_file) { 90 BUG_ON(inode_info->lower_file);
82 struct dentry *lower_dentry =
83 inode_info->lower_file->f_dentry;
84
85 BUG_ON(!lower_dentry);
86 if (lower_dentry->d_inode) {
87 fput(inode_info->lower_file);
88 inode_info->lower_file = NULL;
89 }
90 }
91 ecryptfs_destroy_crypt_stat(&inode_info->crypt_stat); 91 ecryptfs_destroy_crypt_stat(&inode_info->crypt_stat);
92 kmem_cache_free(ecryptfs_inode_info_cache, inode_info); 92 call_rcu(&inode->i_rcu, ecryptfs_i_callback);
93}
94
95/**
96 * ecryptfs_init_inode
97 * @inode: The ecryptfs inode
98 *
99 * Set up the ecryptfs inode.
100 */
101void ecryptfs_init_inode(struct inode *inode, struct inode *lower_inode)
102{
103 ecryptfs_set_inode_lower(inode, lower_inode);
104 inode->i_ino = lower_inode->i_ino;
105 inode->i_version++;
106 inode->i_op = &ecryptfs_main_iops;
107 inode->i_fop = &ecryptfs_main_fops;
108 inode->i_mapping->a_ops = &ecryptfs_aops;
109} 93}
110 94
111/** 95/**
@@ -180,6 +164,8 @@ static int ecryptfs_show_options(struct seq_file *m, struct vfsmount *mnt)
180 seq_printf(m, ",ecryptfs_encrypted_view"); 164 seq_printf(m, ",ecryptfs_encrypted_view");
181 if (mount_crypt_stat->flags & ECRYPTFS_UNLINK_SIGS) 165 if (mount_crypt_stat->flags & ECRYPTFS_UNLINK_SIGS)
182 seq_printf(m, ",ecryptfs_unlink_sigs"); 166 seq_printf(m, ",ecryptfs_unlink_sigs");
167 if (mount_crypt_stat->flags & ECRYPTFS_GLOBAL_MOUNT_AUTH_TOK_ONLY)
168 seq_printf(m, ",ecryptfs_mount_auth_tok_only");
183 169
184 return 0; 170 return 0;
185} 171}
@@ -187,7 +173,7 @@ static int ecryptfs_show_options(struct seq_file *m, struct vfsmount *mnt)
187const struct super_operations ecryptfs_sops = { 173const struct super_operations ecryptfs_sops = {
188 .alloc_inode = ecryptfs_alloc_inode, 174 .alloc_inode = ecryptfs_alloc_inode,
189 .destroy_inode = ecryptfs_destroy_inode, 175 .destroy_inode = ecryptfs_destroy_inode,
190 .drop_inode = generic_delete_inode, 176 .drop_inode = generic_drop_inode,
191 .statfs = ecryptfs_statfs, 177 .statfs = ecryptfs_statfs,
192 .remount_fs = NULL, 178 .remount_fs = NULL,
193 .evict_inode = ecryptfs_evict_inode, 179 .evict_inode = ecryptfs_evict_inode,
generated by cgit v1.2.2 (git 2.25.0) at 2025-09-14 11:17:25 -0400