aboutsummaryrefslogtreecommitdiffstats
path: root/fs/ecryptfs
diff options
context:
space:
mode:
authorAndi Kleen <andi@basil.nowhere.org>2006-11-21 04:22:09 -0500
committerAndi Kleen <andi@basil.nowhere.org>2006-11-21 04:22:09 -0500
commit1b7f6a626f0ff511c3840678466cbfe1d62c0b29 (patch)
tree415e8c838c0067bff384afb8a2c91e5f7c6d11d3 /fs/ecryptfs
parentb3edc9cec07ade41aaf1804f7c9e876afa90c862 (diff)
parent3f5a6ca31c334011fd929501a078424c0d3f71be (diff)
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6
Diffstat (limited to 'fs/ecryptfs')
-rw-r--r--fs/ecryptfs/crypto.c206
-rw-r--r--fs/ecryptfs/dentry.c14
-rw-r--r--fs/ecryptfs/ecryptfs_kernel.h22
-rw-r--r--fs/ecryptfs/file.c44
-rw-r--r--fs/ecryptfs/inode.c100
-rw-r--r--fs/ecryptfs/keystore.c114
-rw-r--r--fs/ecryptfs/main.c15
-rw-r--r--fs/ecryptfs/super.c18
8 files changed, 285 insertions, 248 deletions
diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c
index ed35a9712fa1..136175a69332 100644
--- a/fs/ecryptfs/crypto.c
+++ b/fs/ecryptfs/crypto.c
@@ -94,25 +94,53 @@ static int ecryptfs_calculate_md5(char *dst,
94 struct ecryptfs_crypt_stat *crypt_stat, 94 struct ecryptfs_crypt_stat *crypt_stat,
95 char *src, int len) 95 char *src, int len)
96{ 96{
97 int rc = 0;
98 struct scatterlist sg; 97 struct scatterlist sg;
98 struct hash_desc desc = {
99 .tfm = crypt_stat->hash_tfm,
100 .flags = CRYPTO_TFM_REQ_MAY_SLEEP
101 };
102 int rc = 0;
99 103
100 mutex_lock(&crypt_stat->cs_md5_tfm_mutex); 104 mutex_lock(&crypt_stat->cs_hash_tfm_mutex);
101 sg_init_one(&sg, (u8 *)src, len); 105 sg_init_one(&sg, (u8 *)src, len);
102 if (!crypt_stat->md5_tfm) { 106 if (!desc.tfm) {
103 crypt_stat->md5_tfm = 107 desc.tfm = crypto_alloc_hash(ECRYPTFS_DEFAULT_HASH, 0,
104 crypto_alloc_tfm("md5", CRYPTO_TFM_REQ_MAY_SLEEP); 108 CRYPTO_ALG_ASYNC);
105 if (!crypt_stat->md5_tfm) { 109 if (IS_ERR(desc.tfm)) {
106 rc = -ENOMEM; 110 rc = PTR_ERR(desc.tfm);
107 ecryptfs_printk(KERN_ERR, "Error attempting to " 111 ecryptfs_printk(KERN_ERR, "Error attempting to "
108 "allocate crypto context\n"); 112 "allocate crypto context; rc = [%d]\n",
113 rc);
109 goto out; 114 goto out;
110 } 115 }
116 crypt_stat->hash_tfm = desc.tfm;
111 } 117 }
112 crypto_digest_init(crypt_stat->md5_tfm); 118 crypto_hash_init(&desc);
113 crypto_digest_update(crypt_stat->md5_tfm, &sg, 1); 119 crypto_hash_update(&desc, &sg, len);
114 crypto_digest_final(crypt_stat->md5_tfm, dst); 120 crypto_hash_final(&desc, dst);
115 mutex_unlock(&crypt_stat->cs_md5_tfm_mutex); 121 mutex_unlock(&crypt_stat->cs_hash_tfm_mutex);
122out:
123 return rc;
124}
125
126int ecryptfs_crypto_api_algify_cipher_name(char **algified_name,
127 char *cipher_name,
128 char *chaining_modifier)
129{
130 int cipher_name_len = strlen(cipher_name);
131 int chaining_modifier_len = strlen(chaining_modifier);
132 int algified_name_len;
133 int rc;
134
135 algified_name_len = (chaining_modifier_len + cipher_name_len + 3);
136 (*algified_name) = kmalloc(algified_name_len, GFP_KERNEL);
137 if (!(*algified_name)) {
138 rc = -ENOMEM;
139 goto out;
140 }
141 snprintf((*algified_name), algified_name_len, "%s(%s)",
142 chaining_modifier, cipher_name);
143 rc = 0;
116out: 144out:
117 return rc; 145 return rc;
118} 146}
@@ -178,7 +206,7 @@ ecryptfs_init_crypt_stat(struct ecryptfs_crypt_stat *crypt_stat)
178 memset((void *)crypt_stat, 0, sizeof(struct ecryptfs_crypt_stat)); 206 memset((void *)crypt_stat, 0, sizeof(struct ecryptfs_crypt_stat));
179 mutex_init(&crypt_stat->cs_mutex); 207 mutex_init(&crypt_stat->cs_mutex);
180 mutex_init(&crypt_stat->cs_tfm_mutex); 208 mutex_init(&crypt_stat->cs_tfm_mutex);
181 mutex_init(&crypt_stat->cs_md5_tfm_mutex); 209 mutex_init(&crypt_stat->cs_hash_tfm_mutex);
182 ECRYPTFS_SET_FLAG(crypt_stat->flags, ECRYPTFS_STRUCT_INITIALIZED); 210 ECRYPTFS_SET_FLAG(crypt_stat->flags, ECRYPTFS_STRUCT_INITIALIZED);
183} 211}
184 212
@@ -191,9 +219,9 @@ ecryptfs_init_crypt_stat(struct ecryptfs_crypt_stat *crypt_stat)
191void ecryptfs_destruct_crypt_stat(struct ecryptfs_crypt_stat *crypt_stat) 219void ecryptfs_destruct_crypt_stat(struct ecryptfs_crypt_stat *crypt_stat)
192{ 220{
193 if (crypt_stat->tfm) 221 if (crypt_stat->tfm)
194 crypto_free_tfm(crypt_stat->tfm); 222 crypto_free_blkcipher(crypt_stat->tfm);
195 if (crypt_stat->md5_tfm) 223 if (crypt_stat->hash_tfm)
196 crypto_free_tfm(crypt_stat->md5_tfm); 224 crypto_free_hash(crypt_stat->hash_tfm);
197 memset(crypt_stat, 0, sizeof(struct ecryptfs_crypt_stat)); 225 memset(crypt_stat, 0, sizeof(struct ecryptfs_crypt_stat));
198} 226}
199 227
@@ -203,7 +231,7 @@ void ecryptfs_destruct_mount_crypt_stat(
203 if (mount_crypt_stat->global_auth_tok_key) 231 if (mount_crypt_stat->global_auth_tok_key)
204 key_put(mount_crypt_stat->global_auth_tok_key); 232 key_put(mount_crypt_stat->global_auth_tok_key);
205 if (mount_crypt_stat->global_key_tfm) 233 if (mount_crypt_stat->global_key_tfm)
206 crypto_free_tfm(mount_crypt_stat->global_key_tfm); 234 crypto_free_blkcipher(mount_crypt_stat->global_key_tfm);
207 memset(mount_crypt_stat, 0, sizeof(struct ecryptfs_mount_crypt_stat)); 235 memset(mount_crypt_stat, 0, sizeof(struct ecryptfs_mount_crypt_stat));
208} 236}
209 237
@@ -269,6 +297,11 @@ static int encrypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat,
269 struct scatterlist *src_sg, int size, 297 struct scatterlist *src_sg, int size,
270 unsigned char *iv) 298 unsigned char *iv)
271{ 299{
300 struct blkcipher_desc desc = {
301 .tfm = crypt_stat->tfm,
302 .info = iv,
303 .flags = CRYPTO_TFM_REQ_MAY_SLEEP
304 };
272 int rc = 0; 305 int rc = 0;
273 306
274 BUG_ON(!crypt_stat || !crypt_stat->tfm 307 BUG_ON(!crypt_stat || !crypt_stat->tfm
@@ -282,8 +315,8 @@ static int encrypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat,
282 } 315 }
283 /* Consider doing this once, when the file is opened */ 316 /* Consider doing this once, when the file is opened */
284 mutex_lock(&crypt_stat->cs_tfm_mutex); 317 mutex_lock(&crypt_stat->cs_tfm_mutex);
285 rc = crypto_cipher_setkey(crypt_stat->tfm, crypt_stat->key, 318 rc = crypto_blkcipher_setkey(crypt_stat->tfm, crypt_stat->key,
286 crypt_stat->key_size); 319 crypt_stat->key_size);
287 if (rc) { 320 if (rc) {
288 ecryptfs_printk(KERN_ERR, "Error setting key; rc = [%d]\n", 321 ecryptfs_printk(KERN_ERR, "Error setting key; rc = [%d]\n",
289 rc); 322 rc);
@@ -292,7 +325,7 @@ static int encrypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat,
292 goto out; 325 goto out;
293 } 326 }
294 ecryptfs_printk(KERN_DEBUG, "Encrypting [%d] bytes.\n", size); 327 ecryptfs_printk(KERN_DEBUG, "Encrypting [%d] bytes.\n", size);
295 crypto_cipher_encrypt_iv(crypt_stat->tfm, dest_sg, src_sg, size, iv); 328 crypto_blkcipher_encrypt_iv(&desc, dest_sg, src_sg, size);
296 mutex_unlock(&crypt_stat->cs_tfm_mutex); 329 mutex_unlock(&crypt_stat->cs_tfm_mutex);
297out: 330out:
298 return rc; 331 return rc;
@@ -675,12 +708,17 @@ static int decrypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat,
675 struct scatterlist *src_sg, int size, 708 struct scatterlist *src_sg, int size,
676 unsigned char *iv) 709 unsigned char *iv)
677{ 710{
711 struct blkcipher_desc desc = {
712 .tfm = crypt_stat->tfm,
713 .info = iv,
714 .flags = CRYPTO_TFM_REQ_MAY_SLEEP
715 };
678 int rc = 0; 716 int rc = 0;
679 717
680 /* Consider doing this once, when the file is opened */ 718 /* Consider doing this once, when the file is opened */
681 mutex_lock(&crypt_stat->cs_tfm_mutex); 719 mutex_lock(&crypt_stat->cs_tfm_mutex);
682 rc = crypto_cipher_setkey(crypt_stat->tfm, crypt_stat->key, 720 rc = crypto_blkcipher_setkey(crypt_stat->tfm, crypt_stat->key,
683 crypt_stat->key_size); 721 crypt_stat->key_size);
684 if (rc) { 722 if (rc) {
685 ecryptfs_printk(KERN_ERR, "Error setting key; rc = [%d]\n", 723 ecryptfs_printk(KERN_ERR, "Error setting key; rc = [%d]\n",
686 rc); 724 rc);
@@ -689,8 +727,7 @@ static int decrypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat,
689 goto out; 727 goto out;
690 } 728 }
691 ecryptfs_printk(KERN_DEBUG, "Decrypting [%d] bytes.\n", size); 729 ecryptfs_printk(KERN_DEBUG, "Decrypting [%d] bytes.\n", size);
692 rc = crypto_cipher_decrypt_iv(crypt_stat->tfm, dest_sg, src_sg, size, 730 rc = crypto_blkcipher_decrypt_iv(&desc, dest_sg, src_sg, size);
693 iv);
694 mutex_unlock(&crypt_stat->cs_tfm_mutex); 731 mutex_unlock(&crypt_stat->cs_tfm_mutex);
695 if (rc) { 732 if (rc) {
696 ecryptfs_printk(KERN_ERR, "Error decrypting; rc = [%d]\n", 733 ecryptfs_printk(KERN_ERR, "Error decrypting; rc = [%d]\n",
@@ -759,6 +796,7 @@ ecryptfs_decrypt_page_offset(struct ecryptfs_crypt_stat *crypt_stat,
759 */ 796 */
760int ecryptfs_init_crypt_ctx(struct ecryptfs_crypt_stat *crypt_stat) 797int ecryptfs_init_crypt_ctx(struct ecryptfs_crypt_stat *crypt_stat)
761{ 798{
799 char *full_alg_name;
762 int rc = -EINVAL; 800 int rc = -EINVAL;
763 801
764 if (!crypt_stat->cipher) { 802 if (!crypt_stat->cipher) {
@@ -775,16 +813,24 @@ int ecryptfs_init_crypt_ctx(struct ecryptfs_crypt_stat *crypt_stat)
775 goto out; 813 goto out;
776 } 814 }
777 mutex_lock(&crypt_stat->cs_tfm_mutex); 815 mutex_lock(&crypt_stat->cs_tfm_mutex);
778 crypt_stat->tfm = crypto_alloc_tfm(crypt_stat->cipher, 816 rc = ecryptfs_crypto_api_algify_cipher_name(&full_alg_name,
779 ECRYPTFS_DEFAULT_CHAINING_MODE 817 crypt_stat->cipher, "cbc");
780 | CRYPTO_TFM_REQ_WEAK_KEY); 818 if (rc)
781 mutex_unlock(&crypt_stat->cs_tfm_mutex); 819 goto out;
820 crypt_stat->tfm = crypto_alloc_blkcipher(full_alg_name, 0,
821 CRYPTO_ALG_ASYNC);
822 kfree(full_alg_name);
782 if (!crypt_stat->tfm) { 823 if (!crypt_stat->tfm) {
783 ecryptfs_printk(KERN_ERR, "cryptfs: init_crypt_ctx(): " 824 ecryptfs_printk(KERN_ERR, "cryptfs: init_crypt_ctx(): "
784 "Error initializing cipher [%s]\n", 825 "Error initializing cipher [%s]\n",
785 crypt_stat->cipher); 826 crypt_stat->cipher);
827 mutex_unlock(&crypt_stat->cs_tfm_mutex);
786 goto out; 828 goto out;
787 } 829 }
830 crypto_blkcipher_set_flags(crypt_stat->tfm,
831 (ECRYPTFS_DEFAULT_CHAINING_MODE
832 | CRYPTO_TFM_REQ_WEAK_KEY));
833 mutex_unlock(&crypt_stat->cs_tfm_mutex);
788 rc = 0; 834 rc = 0;
789out: 835out:
790 return rc; 836 return rc;
@@ -1145,28 +1191,28 @@ int ecryptfs_cipher_code_to_string(char *str, u16 cipher_code)
1145int ecryptfs_read_header_region(char *data, struct dentry *dentry, 1191int ecryptfs_read_header_region(char *data, struct dentry *dentry,
1146 struct vfsmount *mnt) 1192 struct vfsmount *mnt)
1147{ 1193{
1148 struct file *file; 1194 struct file *lower_file;
1149 mm_segment_t oldfs; 1195 mm_segment_t oldfs;
1150 int rc; 1196 int rc;
1151 1197
1152 mnt = mntget(mnt); 1198 if ((rc = ecryptfs_open_lower_file(&lower_file, dentry, mnt,
1153 file = dentry_open(dentry, mnt, O_RDONLY); 1199 O_RDONLY))) {
1154 if (IS_ERR(file)) { 1200 printk(KERN_ERR
1155 ecryptfs_printk(KERN_DEBUG, "Error opening file to " 1201 "Error opening lower_file to read header region\n");
1156 "read header region\n");
1157 mntput(mnt);
1158 rc = PTR_ERR(file);
1159 goto out; 1202 goto out;
1160 } 1203 }
1161 file->f_pos = 0; 1204 lower_file->f_pos = 0;
1162 oldfs = get_fs(); 1205 oldfs = get_fs();
1163 set_fs(get_ds()); 1206 set_fs(get_ds());
1164 /* For releases 0.1 and 0.2, all of the header information 1207 /* For releases 0.1 and 0.2, all of the header information
1165 * fits in the first data extent-sized region. */ 1208 * fits in the first data extent-sized region. */
1166 rc = file->f_op->read(file, (char __user *)data, 1209 rc = lower_file->f_op->read(lower_file, (char __user *)data,
1167 ECRYPTFS_DEFAULT_EXTENT_SIZE, &file->f_pos); 1210 ECRYPTFS_DEFAULT_EXTENT_SIZE, &lower_file->f_pos);
1168 set_fs(oldfs); 1211 set_fs(oldfs);
1169 fput(file); 1212 if ((rc = ecryptfs_close_lower_file(lower_file))) {
1213 printk(KERN_ERR "Error closing lower_file\n");
1214 goto out;
1215 }
1170 rc = 0; 1216 rc = 0;
1171out: 1217out:
1172 return rc; 1218 return rc;
@@ -1573,84 +1619,52 @@ out:
1573 1619
1574/** 1620/**
1575 * ecryptfs_process_cipher - Perform cipher initialization. 1621 * ecryptfs_process_cipher - Perform cipher initialization.
1576 * @tfm: Crypto context set by this function
1577 * @key_tfm: Crypto context for key material, set by this function 1622 * @key_tfm: Crypto context for key material, set by this function
1578 * @cipher_name: Name of the cipher. 1623 * @cipher_name: Name of the cipher
1579 * @key_size: Size of the key in bytes. 1624 * @key_size: Size of the key in bytes
1580 * 1625 *
1581 * Returns zero on success. Any crypto_tfm structs allocated here 1626 * Returns zero on success. Any crypto_tfm structs allocated here
1582 * should be released by other functions, such as on a superblock put 1627 * should be released by other functions, such as on a superblock put
1583 * event, regardless of whether this function succeeds for fails. 1628 * event, regardless of whether this function succeeds for fails.
1584 */ 1629 */
1585int 1630int
1586ecryptfs_process_cipher(struct crypto_tfm **tfm, struct crypto_tfm **key_tfm, 1631ecryptfs_process_cipher(struct crypto_blkcipher **key_tfm, char *cipher_name,
1587 char *cipher_name, size_t key_size) 1632 size_t *key_size)
1588{ 1633{
1589 char dummy_key[ECRYPTFS_MAX_KEY_BYTES]; 1634 char dummy_key[ECRYPTFS_MAX_KEY_BYTES];
1635 char *full_alg_name;
1590 int rc; 1636 int rc;
1591 1637
1592 *tfm = *key_tfm = NULL; 1638 *key_tfm = NULL;
1593 if (key_size > ECRYPTFS_MAX_KEY_BYTES) { 1639 if (*key_size > ECRYPTFS_MAX_KEY_BYTES) {
1594 rc = -EINVAL; 1640 rc = -EINVAL;
1595 printk(KERN_ERR "Requested key size is [%Zd] bytes; maximum " 1641 printk(KERN_ERR "Requested key size is [%Zd] bytes; maximum "
1596 "allowable is [%d]\n", key_size, ECRYPTFS_MAX_KEY_BYTES); 1642 "allowable is [%d]\n", *key_size, ECRYPTFS_MAX_KEY_BYTES);
1597 goto out; 1643 goto out;
1598 } 1644 }
1599 *tfm = crypto_alloc_tfm(cipher_name, (ECRYPTFS_DEFAULT_CHAINING_MODE 1645 rc = ecryptfs_crypto_api_algify_cipher_name(&full_alg_name, cipher_name,
1600 | CRYPTO_TFM_REQ_WEAK_KEY)); 1646 "ecb");
1601 if (!(*tfm)) { 1647 if (rc)
1602 rc = -EINVAL;
1603 printk(KERN_ERR "Unable to allocate crypto cipher with name "
1604 "[%s]\n", cipher_name);
1605 goto out; 1648 goto out;
1606 } 1649 *key_tfm = crypto_alloc_blkcipher(full_alg_name, 0, CRYPTO_ALG_ASYNC);
1607 *key_tfm = crypto_alloc_tfm(cipher_name, CRYPTO_TFM_REQ_WEAK_KEY); 1650 kfree(full_alg_name);
1608 if (!(*key_tfm)) { 1651 if (IS_ERR(*key_tfm)) {
1609 rc = -EINVAL; 1652 rc = PTR_ERR(*key_tfm);
1610 printk(KERN_ERR "Unable to allocate crypto cipher with name " 1653 printk(KERN_ERR "Unable to allocate crypto cipher with name "
1611 "[%s]\n", cipher_name); 1654 "[%s]; rc = [%d]\n", cipher_name, rc);
1612 goto out;
1613 }
1614 if (key_size < crypto_tfm_alg_min_keysize(*tfm)) {
1615 rc = -EINVAL;
1616 printk(KERN_ERR "Request key size is [%Zd]; minimum key size "
1617 "supported by cipher [%s] is [%d]\n", key_size,
1618 cipher_name, crypto_tfm_alg_min_keysize(*tfm));
1619 goto out;
1620 }
1621 if (key_size < crypto_tfm_alg_min_keysize(*key_tfm)) {
1622 rc = -EINVAL;
1623 printk(KERN_ERR "Request key size is [%Zd]; minimum key size "
1624 "supported by cipher [%s] is [%d]\n", key_size,
1625 cipher_name, crypto_tfm_alg_min_keysize(*key_tfm));
1626 goto out; 1655 goto out;
1627 } 1656 }
1628 if (key_size > crypto_tfm_alg_max_keysize(*tfm)) { 1657 crypto_blkcipher_set_flags(*key_tfm, CRYPTO_TFM_REQ_WEAK_KEY);
1629 rc = -EINVAL; 1658 if (*key_size == 0) {
1630 printk(KERN_ERR "Request key size is [%Zd]; maximum key size " 1659 struct blkcipher_alg *alg = crypto_blkcipher_alg(*key_tfm);
1631 "supported by cipher [%s] is [%d]\n", key_size, 1660
1632 cipher_name, crypto_tfm_alg_min_keysize(*tfm)); 1661 *key_size = alg->max_keysize;
1633 goto out;
1634 }
1635 if (key_size > crypto_tfm_alg_max_keysize(*key_tfm)) {
1636 rc = -EINVAL;
1637 printk(KERN_ERR "Request key size is [%Zd]; maximum key size "
1638 "supported by cipher [%s] is [%d]\n", key_size,
1639 cipher_name, crypto_tfm_alg_min_keysize(*key_tfm));
1640 goto out;
1641 }
1642 get_random_bytes(dummy_key, key_size);
1643 rc = crypto_cipher_setkey(*tfm, dummy_key, key_size);
1644 if (rc) {
1645 printk(KERN_ERR "Error attempting to set key of size [%Zd] for "
1646 "cipher [%s]; rc = [%d]\n", key_size, cipher_name, rc);
1647 rc = -EINVAL;
1648 goto out;
1649 } 1662 }
1650 rc = crypto_cipher_setkey(*key_tfm, dummy_key, key_size); 1663 get_random_bytes(dummy_key, *key_size);
1664 rc = crypto_blkcipher_setkey(*key_tfm, dummy_key, *key_size);
1651 if (rc) { 1665 if (rc) {
1652 printk(KERN_ERR "Error attempting to set key of size [%Zd] for " 1666 printk(KERN_ERR "Error attempting to set key of size [%Zd] for "
1653 "cipher [%s]; rc = [%d]\n", key_size, cipher_name, rc); 1667 "cipher [%s]; rc = [%d]\n", *key_size, cipher_name, rc);
1654 rc = -EINVAL; 1668 rc = -EINVAL;
1655 goto out; 1669 goto out;
1656 } 1670 }
diff --git a/fs/ecryptfs/dentry.c b/fs/ecryptfs/dentry.c
index f0d2a433242b..52d1e36dc746 100644
--- a/fs/ecryptfs/dentry.c
+++ b/fs/ecryptfs/dentry.c
@@ -24,6 +24,7 @@
24 24
25#include <linux/dcache.h> 25#include <linux/dcache.h>
26#include <linux/namei.h> 26#include <linux/namei.h>
27#include <linux/mount.h>
27#include "ecryptfs_kernel.h" 28#include "ecryptfs_kernel.h"
28 29
29/** 30/**
@@ -56,6 +57,12 @@ static int ecryptfs_d_revalidate(struct dentry *dentry, struct nameidata *nd)
56 rc = lower_dentry->d_op->d_revalidate(lower_dentry, nd); 57 rc = lower_dentry->d_op->d_revalidate(lower_dentry, nd);
57 nd->dentry = dentry_save; 58 nd->dentry = dentry_save;
58 nd->mnt = vfsmount_save; 59 nd->mnt = vfsmount_save;
60 if (dentry->d_inode) {
61 struct inode *lower_inode =
62 ecryptfs_inode_to_lower(dentry->d_inode);
63
64 ecryptfs_copy_attr_all(dentry->d_inode, lower_inode);
65 }
59out: 66out:
60 return rc; 67 return rc;
61} 68}
@@ -76,8 +83,13 @@ static void ecryptfs_d_release(struct dentry *dentry)
76 if (ecryptfs_dentry_to_private(dentry)) 83 if (ecryptfs_dentry_to_private(dentry))
77 kmem_cache_free(ecryptfs_dentry_info_cache, 84 kmem_cache_free(ecryptfs_dentry_info_cache,
78 ecryptfs_dentry_to_private(dentry)); 85 ecryptfs_dentry_to_private(dentry));
79 if (lower_dentry) 86 if (lower_dentry) {
87 struct vfsmount *lower_mnt =
88 ecryptfs_dentry_to_lower_mnt(dentry);
89
90 mntput(lower_mnt);
80 dput(lower_dentry); 91 dput(lower_dentry);
92 }
81 return; 93 return;
82} 94}
83 95
diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h
index 872c9958531a..f992533d1692 100644
--- a/fs/ecryptfs/ecryptfs_kernel.h
+++ b/fs/ecryptfs/ecryptfs_kernel.h
@@ -175,6 +175,7 @@ ecryptfs_get_key_payload_data(struct key *key)
175#define ECRYPTFS_DEFAULT_CIPHER "aes" 175#define ECRYPTFS_DEFAULT_CIPHER "aes"
176#define ECRYPTFS_DEFAULT_KEY_BYTES 16 176#define ECRYPTFS_DEFAULT_KEY_BYTES 16
177#define ECRYPTFS_DEFAULT_CHAINING_MODE CRYPTO_TFM_MODE_CBC 177#define ECRYPTFS_DEFAULT_CHAINING_MODE CRYPTO_TFM_MODE_CBC
178#define ECRYPTFS_DEFAULT_HASH "md5"
178#define ECRYPTFS_TAG_3_PACKET_TYPE 0x8C 179#define ECRYPTFS_TAG_3_PACKET_TYPE 0x8C
179#define ECRYPTFS_TAG_11_PACKET_TYPE 0xED 180#define ECRYPTFS_TAG_11_PACKET_TYPE 0xED
180#define MD5_DIGEST_SIZE 16 181#define MD5_DIGEST_SIZE 16
@@ -204,15 +205,15 @@ struct ecryptfs_crypt_stat {
204 size_t extent_shift; 205 size_t extent_shift;
205 unsigned int extent_mask; 206 unsigned int extent_mask;
206 struct ecryptfs_mount_crypt_stat *mount_crypt_stat; 207 struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
207 struct crypto_tfm *tfm; 208 struct crypto_blkcipher *tfm;
208 struct crypto_tfm *md5_tfm; /* Crypto context for generating 209 struct crypto_hash *hash_tfm; /* Crypto context for generating
209 * the initialization vectors */ 210 * the initialization vectors */
210 unsigned char cipher[ECRYPTFS_MAX_CIPHER_NAME_SIZE]; 211 unsigned char cipher[ECRYPTFS_MAX_CIPHER_NAME_SIZE];
211 unsigned char key[ECRYPTFS_MAX_KEY_BYTES]; 212 unsigned char key[ECRYPTFS_MAX_KEY_BYTES];
212 unsigned char root_iv[ECRYPTFS_MAX_IV_BYTES]; 213 unsigned char root_iv[ECRYPTFS_MAX_IV_BYTES];
213 unsigned char keysigs[ECRYPTFS_MAX_NUM_KEYSIGS][ECRYPTFS_SIG_SIZE_HEX]; 214 unsigned char keysigs[ECRYPTFS_MAX_NUM_KEYSIGS][ECRYPTFS_SIG_SIZE_HEX];
214 struct mutex cs_tfm_mutex; 215 struct mutex cs_tfm_mutex;
215 struct mutex cs_md5_tfm_mutex; 216 struct mutex cs_hash_tfm_mutex;
216 struct mutex cs_mutex; 217 struct mutex cs_mutex;
217}; 218};
218 219
@@ -244,7 +245,7 @@ struct ecryptfs_mount_crypt_stat {
244 struct ecryptfs_auth_tok *global_auth_tok; 245 struct ecryptfs_auth_tok *global_auth_tok;
245 struct key *global_auth_tok_key; 246 struct key *global_auth_tok_key;
246 size_t global_default_cipher_key_size; 247 size_t global_default_cipher_key_size;
247 struct crypto_tfm *global_key_tfm; 248 struct crypto_blkcipher *global_key_tfm;
248 struct mutex global_key_tfm_mutex; 249 struct mutex global_key_tfm_mutex;
249 unsigned char global_default_cipher_name[ECRYPTFS_MAX_CIPHER_NAME_SIZE 250 unsigned char global_default_cipher_name[ECRYPTFS_MAX_CIPHER_NAME_SIZE
250 + 1]; 251 + 1];
@@ -425,6 +426,9 @@ void ecryptfs_destruct_crypt_stat(struct ecryptfs_crypt_stat *crypt_stat);
425void ecryptfs_destruct_mount_crypt_stat( 426void ecryptfs_destruct_mount_crypt_stat(
426 struct ecryptfs_mount_crypt_stat *mount_crypt_stat); 427 struct ecryptfs_mount_crypt_stat *mount_crypt_stat);
427int ecryptfs_init_crypt_ctx(struct ecryptfs_crypt_stat *crypt_stat); 428int ecryptfs_init_crypt_ctx(struct ecryptfs_crypt_stat *crypt_stat);
429int ecryptfs_crypto_api_algify_cipher_name(char **algified_name,
430 char *cipher_name,
431 char *chaining_modifier);
428int ecryptfs_write_inode_size_to_header(struct file *lower_file, 432int ecryptfs_write_inode_size_to_header(struct file *lower_file,
429 struct inode *lower_inode, 433 struct inode *lower_inode,
430 struct inode *inode); 434 struct inode *inode);
@@ -473,10 +477,14 @@ ecryptfs_parse_packet_set(struct ecryptfs_crypt_stat *crypt_stat,
473 unsigned char *src, struct dentry *ecryptfs_dentry); 477 unsigned char *src, struct dentry *ecryptfs_dentry);
474int ecryptfs_truncate(struct dentry *dentry, loff_t new_length); 478int ecryptfs_truncate(struct dentry *dentry, loff_t new_length);
475int 479int
476ecryptfs_process_cipher(struct crypto_tfm **tfm, struct crypto_tfm **key_tfm, 480ecryptfs_process_cipher(struct crypto_blkcipher **key_tfm, char *cipher_name,
477 char *cipher_name, size_t key_size); 481 size_t *key_size);
478int ecryptfs_inode_test(struct inode *inode, void *candidate_lower_inode); 482int ecryptfs_inode_test(struct inode *inode, void *candidate_lower_inode);
479int ecryptfs_inode_set(struct inode *inode, void *lower_inode); 483int ecryptfs_inode_set(struct inode *inode, void *lower_inode);
480void ecryptfs_init_inode(struct inode *inode, struct inode *lower_inode); 484void ecryptfs_init_inode(struct inode *inode, struct inode *lower_inode);
485int ecryptfs_open_lower_file(struct file **lower_file,
486 struct dentry *lower_dentry,
487 struct vfsmount *lower_mnt, int flags);
488int ecryptfs_close_lower_file(struct file *lower_file);
481 489
482#endif /* #ifndef ECRYPTFS_KERNEL_H */ 490#endif /* #ifndef ECRYPTFS_KERNEL_H */
diff --git a/fs/ecryptfs/file.c b/fs/ecryptfs/file.c
index c8550c9f9cd2..a92ef05eff8f 100644
--- a/fs/ecryptfs/file.c
+++ b/fs/ecryptfs/file.c
@@ -198,6 +198,33 @@ retry:
198 198
199struct kmem_cache *ecryptfs_file_info_cache; 199struct kmem_cache *ecryptfs_file_info_cache;
200 200
201int ecryptfs_open_lower_file(struct file **lower_file,
202 struct dentry *lower_dentry,
203 struct vfsmount *lower_mnt, int flags)
204{
205 int rc = 0;
206
207 dget(lower_dentry);
208 mntget(lower_mnt);
209 *lower_file = dentry_open(lower_dentry, lower_mnt, flags);
210 if (IS_ERR(*lower_file)) {
211 printk(KERN_ERR "Error opening lower file for lower_dentry "
212 "[0x%p], lower_mnt [0x%p], and flags [0x%x]\n",
213 lower_dentry, lower_mnt, flags);
214 rc = PTR_ERR(*lower_file);
215 *lower_file = NULL;
216 goto out;
217 }
218out:
219 return rc;
220}
221
222int ecryptfs_close_lower_file(struct file *lower_file)
223{
224 fput(lower_file);
225 return 0;
226}
227
201/** 228/**
202 * ecryptfs_open 229 * ecryptfs_open
203 * @inode: inode speciying file to open 230 * @inode: inode speciying file to open
@@ -244,19 +271,15 @@ static int ecryptfs_open(struct inode *inode, struct file *file)
244 ECRYPTFS_SET_FLAG(crypt_stat->flags, ECRYPTFS_ENCRYPTED); 271 ECRYPTFS_SET_FLAG(crypt_stat->flags, ECRYPTFS_ENCRYPTED);
245 } 272 }
246 mutex_unlock(&crypt_stat->cs_mutex); 273 mutex_unlock(&crypt_stat->cs_mutex);
247 /* This mntget & dget is undone via fput when the file is released */
248 dget(lower_dentry);
249 lower_flags = file->f_flags; 274 lower_flags = file->f_flags;
250 if ((lower_flags & O_ACCMODE) == O_WRONLY) 275 if ((lower_flags & O_ACCMODE) == O_WRONLY)
251 lower_flags = (lower_flags & O_ACCMODE) | O_RDWR; 276 lower_flags = (lower_flags & O_ACCMODE) | O_RDWR;
252 if (file->f_flags & O_APPEND) 277 if (file->f_flags & O_APPEND)
253 lower_flags &= ~O_APPEND; 278 lower_flags &= ~O_APPEND;
254 lower_mnt = ecryptfs_dentry_to_lower_mnt(ecryptfs_dentry); 279 lower_mnt = ecryptfs_dentry_to_lower_mnt(ecryptfs_dentry);
255 mntget(lower_mnt);
256 /* Corresponding fput() in ecryptfs_release() */ 280 /* Corresponding fput() in ecryptfs_release() */
257 lower_file = dentry_open(lower_dentry, lower_mnt, lower_flags); 281 if ((rc = ecryptfs_open_lower_file(&lower_file, lower_dentry, lower_mnt,
258 if (IS_ERR(lower_file)) { 282 lower_flags))) {
259 rc = PTR_ERR(lower_file);
260 ecryptfs_printk(KERN_ERR, "Error opening lower file\n"); 283 ecryptfs_printk(KERN_ERR, "Error opening lower file\n");
261 goto out_puts; 284 goto out_puts;
262 } 285 }
@@ -341,11 +364,16 @@ static int ecryptfs_release(struct inode *inode, struct file *file)
341 struct file *lower_file = ecryptfs_file_to_lower(file); 364 struct file *lower_file = ecryptfs_file_to_lower(file);
342 struct ecryptfs_file_info *file_info = ecryptfs_file_to_private(file); 365 struct ecryptfs_file_info *file_info = ecryptfs_file_to_private(file);
343 struct inode *lower_inode = ecryptfs_inode_to_lower(inode); 366 struct inode *lower_inode = ecryptfs_inode_to_lower(inode);
367 int rc;
344 368
345 fput(lower_file); 369 if ((rc = ecryptfs_close_lower_file(lower_file))) {
370 printk(KERN_ERR "Error closing lower_file\n");
371 goto out;
372 }
346 inode->i_blocks = lower_inode->i_blocks; 373 inode->i_blocks = lower_inode->i_blocks;
347 kmem_cache_free(ecryptfs_file_info_cache, file_info); 374 kmem_cache_free(ecryptfs_file_info_cache, file_info);
348 return 0; 375out:
376 return rc;
349} 377}
350 378
351static int 379static int
diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c
index efdd2b7b62d7..dfcc68484f47 100644
--- a/fs/ecryptfs/inode.c
+++ b/fs/ecryptfs/inode.c
@@ -231,7 +231,6 @@ static int ecryptfs_initialize_file(struct dentry *ecryptfs_dentry)
231 int lower_flags; 231 int lower_flags;
232 struct ecryptfs_crypt_stat *crypt_stat; 232 struct ecryptfs_crypt_stat *crypt_stat;
233 struct dentry *lower_dentry; 233 struct dentry *lower_dentry;
234 struct dentry *tlower_dentry = NULL;
235 struct file *lower_file; 234 struct file *lower_file;
236 struct inode *inode, *lower_inode; 235 struct inode *inode, *lower_inode;
237 struct vfsmount *lower_mnt; 236 struct vfsmount *lower_mnt;
@@ -241,30 +240,19 @@ static int ecryptfs_initialize_file(struct dentry *ecryptfs_dentry)
241 lower_dentry->d_name.name); 240 lower_dentry->d_name.name);
242 inode = ecryptfs_dentry->d_inode; 241 inode = ecryptfs_dentry->d_inode;
243 crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat; 242 crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat;
244 tlower_dentry = dget(lower_dentry);
245 if (!tlower_dentry) {
246 rc = -ENOMEM;
247 ecryptfs_printk(KERN_ERR, "Error dget'ing lower_dentry\n");
248 goto out;
249 }
250 lower_flags = ((O_CREAT | O_WRONLY | O_TRUNC) & O_ACCMODE) | O_RDWR; 243 lower_flags = ((O_CREAT | O_WRONLY | O_TRUNC) & O_ACCMODE) | O_RDWR;
251#if BITS_PER_LONG != 32 244#if BITS_PER_LONG != 32
252 lower_flags |= O_LARGEFILE; 245 lower_flags |= O_LARGEFILE;
253#endif 246#endif
254 lower_mnt = ecryptfs_dentry_to_lower_mnt(ecryptfs_dentry); 247 lower_mnt = ecryptfs_dentry_to_lower_mnt(ecryptfs_dentry);
255 mntget(lower_mnt);
256 /* Corresponding fput() at end of this function */ 248 /* Corresponding fput() at end of this function */
257 lower_file = dentry_open(tlower_dentry, lower_mnt, lower_flags); 249 if ((rc = ecryptfs_open_lower_file(&lower_file, lower_dentry, lower_mnt,
258 if (IS_ERR(lower_file)) { 250 lower_flags))) {
259 rc = PTR_ERR(lower_file);
260 ecryptfs_printk(KERN_ERR, 251 ecryptfs_printk(KERN_ERR,
261 "Error opening dentry; rc = [%i]\n", rc); 252 "Error opening dentry; rc = [%i]\n", rc);
262 goto out; 253 goto out;
263 } 254 }
264 /* fput(lower_file) should handle the puts if we do this */ 255 lower_inode = lower_dentry->d_inode;
265 lower_file->f_dentry = tlower_dentry;
266 lower_file->f_vfsmnt = lower_mnt;
267 lower_inode = tlower_dentry->d_inode;
268 if (S_ISDIR(ecryptfs_dentry->d_inode->i_mode)) { 256 if (S_ISDIR(ecryptfs_dentry->d_inode->i_mode)) {
269 ecryptfs_printk(KERN_DEBUG, "This is a directory\n"); 257 ecryptfs_printk(KERN_DEBUG, "This is a directory\n");
270 ECRYPTFS_CLEAR_FLAG(crypt_stat->flags, ECRYPTFS_ENCRYPTED); 258 ECRYPTFS_CLEAR_FLAG(crypt_stat->flags, ECRYPTFS_ENCRYPTED);
@@ -285,7 +273,8 @@ static int ecryptfs_initialize_file(struct dentry *ecryptfs_dentry)
285 } 273 }
286 rc = grow_file(ecryptfs_dentry, lower_file, inode, lower_inode); 274 rc = grow_file(ecryptfs_dentry, lower_file, inode, lower_inode);
287out_fput: 275out_fput:
288 fput(lower_file); 276 if ((rc = ecryptfs_close_lower_file(lower_file)))
277 printk(KERN_ERR "Error closing lower_file\n");
289out: 278out:
290 return rc; 279 return rc;
291} 280}
@@ -336,7 +325,6 @@ static struct dentry *ecryptfs_lookup(struct inode *dir, struct dentry *dentry,
336 struct dentry *lower_dir_dentry; 325 struct dentry *lower_dir_dentry;
337 struct dentry *lower_dentry; 326 struct dentry *lower_dentry;
338 struct vfsmount *lower_mnt; 327 struct vfsmount *lower_mnt;
339 struct dentry *tlower_dentry = NULL;
340 char *encoded_name; 328 char *encoded_name;
341 unsigned int encoded_namelen; 329 unsigned int encoded_namelen;
342 struct ecryptfs_crypt_stat *crypt_stat = NULL; 330 struct ecryptfs_crypt_stat *crypt_stat = NULL;
@@ -347,27 +335,32 @@ static struct dentry *ecryptfs_lookup(struct inode *dir, struct dentry *dentry,
347 lower_dir_dentry = ecryptfs_dentry_to_lower(dentry->d_parent); 335 lower_dir_dentry = ecryptfs_dentry_to_lower(dentry->d_parent);
348 dentry->d_op = &ecryptfs_dops; 336 dentry->d_op = &ecryptfs_dops;
349 if ((dentry->d_name.len == 1 && !strcmp(dentry->d_name.name, ".")) 337 if ((dentry->d_name.len == 1 && !strcmp(dentry->d_name.name, "."))
350 || (dentry->d_name.len == 2 && !strcmp(dentry->d_name.name, ".."))) 338 || (dentry->d_name.len == 2
351 goto out_drop; 339 && !strcmp(dentry->d_name.name, ".."))) {
340 d_drop(dentry);
341 goto out;
342 }
352 encoded_namelen = ecryptfs_encode_filename(crypt_stat, 343 encoded_namelen = ecryptfs_encode_filename(crypt_stat,
353 dentry->d_name.name, 344 dentry->d_name.name,
354 dentry->d_name.len, 345 dentry->d_name.len,
355 &encoded_name); 346 &encoded_name);
356 if (encoded_namelen < 0) { 347 if (encoded_namelen < 0) {
357 rc = encoded_namelen; 348 rc = encoded_namelen;
358 goto out_drop; 349 d_drop(dentry);
350 goto out;
359 } 351 }
360 ecryptfs_printk(KERN_DEBUG, "encoded_name = [%s]; encoded_namelen " 352 ecryptfs_printk(KERN_DEBUG, "encoded_name = [%s]; encoded_namelen "
361 "= [%d]\n", encoded_name, encoded_namelen); 353 "= [%d]\n", encoded_name, encoded_namelen);
362 lower_dentry = lookup_one_len(encoded_name, lower_dir_dentry, 354 lower_dentry = lookup_one_len(encoded_name, lower_dir_dentry,
363 encoded_namelen - 1); 355 encoded_namelen - 1);
364 kfree(encoded_name); 356 kfree(encoded_name);
365 lower_mnt = mntget(ecryptfs_dentry_to_lower_mnt(dentry->d_parent));
366 if (IS_ERR(lower_dentry)) { 357 if (IS_ERR(lower_dentry)) {
367 ecryptfs_printk(KERN_ERR, "ERR from lower_dentry\n"); 358 ecryptfs_printk(KERN_ERR, "ERR from lower_dentry\n");
368 rc = PTR_ERR(lower_dentry); 359 rc = PTR_ERR(lower_dentry);
369 goto out_drop; 360 d_drop(dentry);
361 goto out;
370 } 362 }
363 lower_mnt = mntget(ecryptfs_dentry_to_lower_mnt(dentry->d_parent));
371 ecryptfs_printk(KERN_DEBUG, "lower_dentry = [%p]; lower_dentry->" 364 ecryptfs_printk(KERN_DEBUG, "lower_dentry = [%p]; lower_dentry->"
372 "d_name.name = [%s]\n", lower_dentry, 365 "d_name.name = [%s]\n", lower_dentry,
373 lower_dentry->d_name.name); 366 lower_dentry->d_name.name);
@@ -408,12 +401,6 @@ static struct dentry *ecryptfs_lookup(struct inode *dir, struct dentry *dentry,
408 "as we *think* we are about to unlink\n"); 401 "as we *think* we are about to unlink\n");
409 goto out; 402 goto out;
410 } 403 }
411 tlower_dentry = dget(lower_dentry);
412 if (!tlower_dentry || IS_ERR(tlower_dentry)) {
413 rc = -ENOMEM;
414 ecryptfs_printk(KERN_ERR, "Cannot dget lower_dentry\n");
415 goto out_dput;
416 }
417 /* Released in this function */ 404 /* Released in this function */
418 page_virt = 405 page_virt =
419 (char *)kmem_cache_alloc(ecryptfs_header_cache_2, 406 (char *)kmem_cache_alloc(ecryptfs_header_cache_2,
@@ -425,7 +412,7 @@ static struct dentry *ecryptfs_lookup(struct inode *dir, struct dentry *dentry,
425 goto out_dput; 412 goto out_dput;
426 } 413 }
427 memset(page_virt, 0, PAGE_CACHE_SIZE); 414 memset(page_virt, 0, PAGE_CACHE_SIZE);
428 rc = ecryptfs_read_header_region(page_virt, tlower_dentry, nd->mnt); 415 rc = ecryptfs_read_header_region(page_virt, lower_dentry, nd->mnt);
429 crypt_stat = &ecryptfs_inode_to_private(dentry->d_inode)->crypt_stat; 416 crypt_stat = &ecryptfs_inode_to_private(dentry->d_inode)->crypt_stat;
430 if (!ECRYPTFS_CHECK_FLAG(crypt_stat->flags, ECRYPTFS_POLICY_APPLIED)) 417 if (!ECRYPTFS_CHECK_FLAG(crypt_stat->flags, ECRYPTFS_POLICY_APPLIED))
431 ecryptfs_set_default_sizes(crypt_stat); 418 ecryptfs_set_default_sizes(crypt_stat);
@@ -448,9 +435,6 @@ static struct dentry *ecryptfs_lookup(struct inode *dir, struct dentry *dentry,
448 435
449out_dput: 436out_dput:
450 dput(lower_dentry); 437 dput(lower_dentry);
451 if (tlower_dentry)
452 dput(tlower_dentry);
453out_drop:
454 d_drop(dentry); 438 d_drop(dentry);
455out: 439out:
456 return ERR_PTR(rc); 440 return ERR_PTR(rc);
@@ -486,8 +470,9 @@ out_lock:
486 unlock_dir(lower_dir_dentry); 470 unlock_dir(lower_dir_dentry);
487 dput(lower_new_dentry); 471 dput(lower_new_dentry);
488 dput(lower_old_dentry); 472 dput(lower_old_dentry);
489 if (!new_dentry->d_inode) 473 d_drop(lower_old_dentry);
490 d_drop(new_dentry); 474 d_drop(new_dentry);
475 d_drop(old_dentry);
491 return rc; 476 return rc;
492} 477}
493 478
@@ -500,7 +485,7 @@ static int ecryptfs_unlink(struct inode *dir, struct dentry *dentry)
500 lock_parent(lower_dentry); 485 lock_parent(lower_dentry);
501 rc = vfs_unlink(lower_dir_inode, lower_dentry); 486 rc = vfs_unlink(lower_dir_inode, lower_dentry);
502 if (rc) { 487 if (rc) {
503 ecryptfs_printk(KERN_ERR, "Error in vfs_unlink\n"); 488 printk(KERN_ERR "Error in vfs_unlink; rc = [%d]\n", rc);
504 goto out_unlock; 489 goto out_unlock;
505 } 490 }
506 ecryptfs_copy_attr_times(dir, lower_dir_inode); 491 ecryptfs_copy_attr_times(dir, lower_dir_inode);
@@ -576,41 +561,24 @@ out:
576 561
577static int ecryptfs_rmdir(struct inode *dir, struct dentry *dentry) 562static int ecryptfs_rmdir(struct inode *dir, struct dentry *dentry)
578{ 563{
579 int rc = 0;
580 struct dentry *tdentry = NULL;
581 struct dentry *lower_dentry; 564 struct dentry *lower_dentry;
582 struct dentry *tlower_dentry = NULL;
583 struct dentry *lower_dir_dentry; 565 struct dentry *lower_dir_dentry;
566 int rc;
584 567
585 lower_dentry = ecryptfs_dentry_to_lower(dentry); 568 lower_dentry = ecryptfs_dentry_to_lower(dentry);
586 if (!(tdentry = dget(dentry))) { 569 dget(dentry);
587 rc = -EINVAL;
588 ecryptfs_printk(KERN_ERR, "Error dget'ing dentry [%p]\n",
589 dentry);
590 goto out;
591 }
592 lower_dir_dentry = lock_parent(lower_dentry); 570 lower_dir_dentry = lock_parent(lower_dentry);
593 if (!(tlower_dentry = dget(lower_dentry))) { 571 dget(lower_dentry);
594 rc = -EINVAL;
595 ecryptfs_printk(KERN_ERR, "Error dget'ing lower_dentry "
596 "[%p]\n", lower_dentry);
597 goto out;
598 }
599 rc = vfs_rmdir(lower_dir_dentry->d_inode, lower_dentry); 572 rc = vfs_rmdir(lower_dir_dentry->d_inode, lower_dentry);
600 if (!rc) { 573 dput(lower_dentry);
601 d_delete(tlower_dentry); 574 if (!rc)
602 tlower_dentry = NULL; 575 d_delete(lower_dentry);
603 }
604 ecryptfs_copy_attr_times(dir, lower_dir_dentry->d_inode); 576 ecryptfs_copy_attr_times(dir, lower_dir_dentry->d_inode);
605 dir->i_nlink = lower_dir_dentry->d_inode->i_nlink; 577 dir->i_nlink = lower_dir_dentry->d_inode->i_nlink;
606 unlock_dir(lower_dir_dentry); 578 unlock_dir(lower_dir_dentry);
607 if (!rc) 579 if (!rc)
608 d_drop(dentry); 580 d_drop(dentry);
609out: 581 dput(dentry);
610 if (tdentry)
611 dput(tdentry);
612 if (tlower_dentry)
613 dput(tlower_dentry);
614 return rc; 582 return rc;
615} 583}
616 584
@@ -663,6 +631,8 @@ ecryptfs_rename(struct inode *old_dir, struct dentry *old_dentry,
663 ecryptfs_copy_attr_all(old_dir, lower_old_dir_dentry->d_inode); 631 ecryptfs_copy_attr_all(old_dir, lower_old_dir_dentry->d_inode);
664out_lock: 632out_lock:
665 unlock_rename(lower_old_dir_dentry, lower_new_dir_dentry); 633 unlock_rename(lower_old_dir_dentry, lower_new_dir_dentry);
634 dput(lower_new_dentry->d_parent);
635 dput(lower_old_dentry->d_parent);
666 dput(lower_new_dentry); 636 dput(lower_new_dentry);
667 dput(lower_old_dentry); 637 dput(lower_old_dentry);
668 return rc; 638 return rc;
@@ -832,12 +802,11 @@ int ecryptfs_truncate(struct dentry *dentry, loff_t new_length)
832 } 802 }
833 lower_dentry = ecryptfs_dentry_to_lower(dentry); 803 lower_dentry = ecryptfs_dentry_to_lower(dentry);
834 /* This dget & mntget is released through fput at out_fput: */ 804 /* This dget & mntget is released through fput at out_fput: */
835 dget(lower_dentry);
836 lower_mnt = ecryptfs_dentry_to_lower_mnt(dentry); 805 lower_mnt = ecryptfs_dentry_to_lower_mnt(dentry);
837 mntget(lower_mnt); 806 if ((rc = ecryptfs_open_lower_file(&lower_file, lower_dentry, lower_mnt,
838 lower_file = dentry_open(lower_dentry, lower_mnt, O_RDWR); 807 O_RDWR))) {
839 if (unlikely(IS_ERR(lower_file))) { 808 ecryptfs_printk(KERN_ERR,
840 rc = PTR_ERR(lower_file); 809 "Error opening dentry; rc = [%i]\n", rc);
841 goto out_free; 810 goto out_free;
842 } 811 }
843 ecryptfs_set_file_lower(&fake_ecryptfs_file, lower_file); 812 ecryptfs_set_file_lower(&fake_ecryptfs_file, lower_file);
@@ -879,7 +848,8 @@ int ecryptfs_truncate(struct dentry *dentry, loff_t new_length)
879 = CURRENT_TIME; 848 = CURRENT_TIME;
880 mark_inode_dirty_sync(inode); 849 mark_inode_dirty_sync(inode);
881out_fput: 850out_fput:
882 fput(lower_file); 851 if ((rc = ecryptfs_close_lower_file(lower_file)))
852 printk(KERN_ERR "Error closing lower_file\n");
883out_free: 853out_free:
884 if (ecryptfs_file_to_private(&fake_ecryptfs_file)) 854 if (ecryptfs_file_to_private(&fake_ecryptfs_file))
885 kmem_cache_free(ecryptfs_file_info_cache, 855 kmem_cache_free(ecryptfs_file_info_cache,
diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c
index ba454785a0c5..c3746f56d162 100644
--- a/fs/ecryptfs/keystore.c
+++ b/fs/ecryptfs/keystore.c
@@ -458,14 +458,16 @@ out:
458static int decrypt_session_key(struct ecryptfs_auth_tok *auth_tok, 458static int decrypt_session_key(struct ecryptfs_auth_tok *auth_tok,
459 struct ecryptfs_crypt_stat *crypt_stat) 459 struct ecryptfs_crypt_stat *crypt_stat)
460{ 460{
461 int rc = 0;
462 struct ecryptfs_password *password_s_ptr; 461 struct ecryptfs_password *password_s_ptr;
463 struct crypto_tfm *tfm = NULL;
464 struct scatterlist src_sg[2], dst_sg[2]; 462 struct scatterlist src_sg[2], dst_sg[2];
465 struct mutex *tfm_mutex = NULL; 463 struct mutex *tfm_mutex = NULL;
466 /* TODO: Use virt_to_scatterlist for these */ 464 /* TODO: Use virt_to_scatterlist for these */
467 char *encrypted_session_key; 465 char *encrypted_session_key;
468 char *session_key; 466 char *session_key;
467 struct blkcipher_desc desc = {
468 .flags = CRYPTO_TFM_REQ_MAY_SLEEP
469 };
470 int rc = 0;
469 471
470 password_s_ptr = &auth_tok->token.password; 472 password_s_ptr = &auth_tok->token.password;
471 if (ECRYPTFS_CHECK_FLAG(password_s_ptr->flags, 473 if (ECRYPTFS_CHECK_FLAG(password_s_ptr->flags,
@@ -482,30 +484,37 @@ static int decrypt_session_key(struct ecryptfs_auth_tok *auth_tok,
482 if (!strcmp(crypt_stat->cipher, 484 if (!strcmp(crypt_stat->cipher,
483 crypt_stat->mount_crypt_stat->global_default_cipher_name) 485 crypt_stat->mount_crypt_stat->global_default_cipher_name)
484 && crypt_stat->mount_crypt_stat->global_key_tfm) { 486 && crypt_stat->mount_crypt_stat->global_key_tfm) {
485 tfm = crypt_stat->mount_crypt_stat->global_key_tfm; 487 desc.tfm = crypt_stat->mount_crypt_stat->global_key_tfm;
486 tfm_mutex = &crypt_stat->mount_crypt_stat->global_key_tfm_mutex; 488 tfm_mutex = &crypt_stat->mount_crypt_stat->global_key_tfm_mutex;
487 } else { 489 } else {
488 tfm = crypto_alloc_tfm(crypt_stat->cipher, 490 char *full_alg_name;
489 CRYPTO_TFM_REQ_WEAK_KEY); 491
490 if (!tfm) { 492 rc = ecryptfs_crypto_api_algify_cipher_name(&full_alg_name,
491 printk(KERN_ERR "Error allocating crypto context\n"); 493 crypt_stat->cipher,
492 rc = -ENOMEM; 494 "ecb");
495 if (rc)
496 goto out;
497 desc.tfm = crypto_alloc_blkcipher(full_alg_name, 0,
498 CRYPTO_ALG_ASYNC);
499 kfree(full_alg_name);
500 if (IS_ERR(desc.tfm)) {
501 rc = PTR_ERR(desc.tfm);
502 printk(KERN_ERR "Error allocating crypto context; "
503 "rc = [%d]\n", rc);
493 goto out; 504 goto out;
494 } 505 }
495 } 506 crypto_blkcipher_set_flags(desc.tfm, CRYPTO_TFM_REQ_WEAK_KEY);
496 if (password_s_ptr->session_key_encryption_key_bytes
497 < crypto_tfm_alg_min_keysize(tfm)) {
498 printk(KERN_WARNING "Session key encryption key is [%d] bytes; "
499 "minimum keysize for selected cipher is [%d] bytes.\n",
500 password_s_ptr->session_key_encryption_key_bytes,
501 crypto_tfm_alg_min_keysize(tfm));
502 rc = -EINVAL;
503 goto out;
504 } 507 }
505 if (tfm_mutex) 508 if (tfm_mutex)
506 mutex_lock(tfm_mutex); 509 mutex_lock(tfm_mutex);
507 crypto_cipher_setkey(tfm, password_s_ptr->session_key_encryption_key, 510 rc = crypto_blkcipher_setkey(desc.tfm,
508 crypt_stat->key_size); 511 password_s_ptr->session_key_encryption_key,
512 crypt_stat->key_size);
513 if (rc < 0) {
514 printk(KERN_ERR "Error setting key for crypto context\n");
515 rc = -EINVAL;
516 goto out_free_tfm;
517 }
509 /* TODO: virt_to_scatterlist */ 518 /* TODO: virt_to_scatterlist */
510 encrypted_session_key = (char *)__get_free_page(GFP_KERNEL); 519 encrypted_session_key = (char *)__get_free_page(GFP_KERNEL);
511 if (!encrypted_session_key) { 520 if (!encrypted_session_key) {
@@ -531,9 +540,12 @@ static int decrypt_session_key(struct ecryptfs_auth_tok *auth_tok,
531 auth_tok->session_key.decrypted_key_size = 540 auth_tok->session_key.decrypted_key_size =
532 auth_tok->session_key.encrypted_key_size; 541 auth_tok->session_key.encrypted_key_size;
533 dst_sg[0].length = auth_tok->session_key.encrypted_key_size; 542 dst_sg[0].length = auth_tok->session_key.encrypted_key_size;
534 /* TODO: Handle error condition */ 543 rc = crypto_blkcipher_decrypt(&desc, dst_sg, src_sg,
535 crypto_cipher_decrypt(tfm, dst_sg, src_sg, 544 auth_tok->session_key.encrypted_key_size);
536 auth_tok->session_key.encrypted_key_size); 545 if (rc) {
546 printk(KERN_ERR "Error decrypting; rc = [%d]\n", rc);
547 goto out_free_memory;
548 }
537 auth_tok->session_key.decrypted_key_size = 549 auth_tok->session_key.decrypted_key_size =
538 auth_tok->session_key.encrypted_key_size; 550 auth_tok->session_key.encrypted_key_size;
539 memcpy(auth_tok->session_key.decrypted_key, session_key, 551 memcpy(auth_tok->session_key.decrypted_key, session_key,
@@ -546,6 +558,7 @@ static int decrypt_session_key(struct ecryptfs_auth_tok *auth_tok,
546 if (ecryptfs_verbosity > 0) 558 if (ecryptfs_verbosity > 0)
547 ecryptfs_dump_hex(crypt_stat->key, 559 ecryptfs_dump_hex(crypt_stat->key,
548 crypt_stat->key_size); 560 crypt_stat->key_size);
561out_free_memory:
549 memset(encrypted_session_key, 0, PAGE_CACHE_SIZE); 562 memset(encrypted_session_key, 0, PAGE_CACHE_SIZE);
550 free_page((unsigned long)encrypted_session_key); 563 free_page((unsigned long)encrypted_session_key);
551 memset(session_key, 0, PAGE_CACHE_SIZE); 564 memset(session_key, 0, PAGE_CACHE_SIZE);
@@ -554,7 +567,7 @@ out_free_tfm:
554 if (tfm_mutex) 567 if (tfm_mutex)
555 mutex_unlock(tfm_mutex); 568 mutex_unlock(tfm_mutex);
556 else 569 else
557 crypto_free_tfm(tfm); 570 crypto_free_blkcipher(desc.tfm);
558out: 571out:
559 return rc; 572 return rc;
560} 573}
@@ -803,19 +816,21 @@ write_tag_3_packet(char *dest, size_t max, struct ecryptfs_auth_tok *auth_tok,
803 struct ecryptfs_crypt_stat *crypt_stat, 816 struct ecryptfs_crypt_stat *crypt_stat,
804 struct ecryptfs_key_record *key_rec, size_t *packet_size) 817 struct ecryptfs_key_record *key_rec, size_t *packet_size)
805{ 818{
806 int rc = 0;
807
808 size_t i; 819 size_t i;
809 size_t signature_is_valid = 0; 820 size_t signature_is_valid = 0;
810 size_t encrypted_session_key_valid = 0; 821 size_t encrypted_session_key_valid = 0;
811 char session_key_encryption_key[ECRYPTFS_MAX_KEY_BYTES]; 822 char session_key_encryption_key[ECRYPTFS_MAX_KEY_BYTES];
812 struct scatterlist dest_sg[2]; 823 struct scatterlist dest_sg[2];
813 struct scatterlist src_sg[2]; 824 struct scatterlist src_sg[2];
814 struct crypto_tfm *tfm = NULL;
815 struct mutex *tfm_mutex = NULL; 825 struct mutex *tfm_mutex = NULL;
816 size_t key_rec_size; 826 size_t key_rec_size;
817 size_t packet_size_length; 827 size_t packet_size_length;
818 size_t cipher_code; 828 size_t cipher_code;
829 struct blkcipher_desc desc = {
830 .tfm = NULL,
831 .flags = CRYPTO_TFM_REQ_MAY_SLEEP
832 };
833 int rc = 0;
819 834
820 (*packet_size) = 0; 835 (*packet_size) = 0;
821 /* Check for a valid signature on the auth_tok */ 836 /* Check for a valid signature on the auth_tok */
@@ -882,33 +897,48 @@ write_tag_3_packet(char *dest, size_t max, struct ecryptfs_auth_tok *auth_tok,
882 if (!strcmp(crypt_stat->cipher, 897 if (!strcmp(crypt_stat->cipher,
883 crypt_stat->mount_crypt_stat->global_default_cipher_name) 898 crypt_stat->mount_crypt_stat->global_default_cipher_name)
884 && crypt_stat->mount_crypt_stat->global_key_tfm) { 899 && crypt_stat->mount_crypt_stat->global_key_tfm) {
885 tfm = crypt_stat->mount_crypt_stat->global_key_tfm; 900 desc.tfm = crypt_stat->mount_crypt_stat->global_key_tfm;
886 tfm_mutex = &crypt_stat->mount_crypt_stat->global_key_tfm_mutex; 901 tfm_mutex = &crypt_stat->mount_crypt_stat->global_key_tfm_mutex;
887 } else 902 } else {
888 tfm = crypto_alloc_tfm(crypt_stat->cipher, 0); 903 char *full_alg_name;
889 if (!tfm) { 904
890 ecryptfs_printk(KERN_ERR, "Could not initialize crypto " 905 rc = ecryptfs_crypto_api_algify_cipher_name(&full_alg_name,
891 "context for cipher [%s]\n", 906 crypt_stat->cipher,
892 crypt_stat->cipher); 907 "ecb");
893 rc = -EINVAL; 908 if (rc)
894 goto out; 909 goto out;
910 desc.tfm = crypto_alloc_blkcipher(full_alg_name, 0,
911 CRYPTO_ALG_ASYNC);
912 kfree(full_alg_name);
913 if (IS_ERR(desc.tfm)) {
914 rc = PTR_ERR(desc.tfm);
915 ecryptfs_printk(KERN_ERR, "Could not initialize crypto "
916 "context for cipher [%s]; rc = [%d]\n",
917 crypt_stat->cipher, rc);
918 goto out;
919 }
920 crypto_blkcipher_set_flags(desc.tfm, CRYPTO_TFM_REQ_WEAK_KEY);
895 } 921 }
896 if (tfm_mutex) 922 if (tfm_mutex)
897 mutex_lock(tfm_mutex); 923 mutex_lock(tfm_mutex);
898 rc = crypto_cipher_setkey(tfm, session_key_encryption_key, 924 rc = crypto_blkcipher_setkey(desc.tfm, session_key_encryption_key,
899 crypt_stat->key_size); 925 crypt_stat->key_size);
900 if (rc < 0) { 926 if (rc < 0) {
901 if (tfm_mutex) 927 if (tfm_mutex)
902 mutex_unlock(tfm_mutex); 928 mutex_unlock(tfm_mutex);
903 ecryptfs_printk(KERN_ERR, "Error setting key for crypto " 929 ecryptfs_printk(KERN_ERR, "Error setting key for crypto "
904 "context\n"); 930 "context; rc = [%d]\n", rc);
905 goto out; 931 goto out;
906 } 932 }
907 rc = 0; 933 rc = 0;
908 ecryptfs_printk(KERN_DEBUG, "Encrypting [%d] bytes of the key\n", 934 ecryptfs_printk(KERN_DEBUG, "Encrypting [%d] bytes of the key\n",
909 crypt_stat->key_size); 935 crypt_stat->key_size);
910 crypto_cipher_encrypt(tfm, dest_sg, src_sg, 936 rc = crypto_blkcipher_encrypt(&desc, dest_sg, src_sg,
911 (*key_rec).enc_key_size); 937 (*key_rec).enc_key_size);
938 if (rc) {
939 printk(KERN_ERR "Error encrypting; rc = [%d]\n", rc);
940 goto out;
941 }
912 if (tfm_mutex) 942 if (tfm_mutex)
913 mutex_unlock(tfm_mutex); 943 mutex_unlock(tfm_mutex);
914 ecryptfs_printk(KERN_DEBUG, "This should be the encrypted key:\n"); 944 ecryptfs_printk(KERN_DEBUG, "This should be the encrypted key:\n");
@@ -971,8 +1001,8 @@ encrypted_session_key_set:
971 (*key_rec).enc_key_size); 1001 (*key_rec).enc_key_size);
972 (*packet_size) += (*key_rec).enc_key_size; 1002 (*packet_size) += (*key_rec).enc_key_size;
973out: 1003out:
974 if (tfm && !tfm_mutex) 1004 if (desc.tfm && !tfm_mutex)
975 crypto_free_tfm(tfm); 1005 crypto_free_blkcipher(desc.tfm);
976 if (rc) 1006 if (rc)
977 (*packet_size) = 0; 1007 (*packet_size) = 0;
978 return rc; 1008 return rc;
diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c
index 5938a232d11b..a78d87d14baf 100644
--- a/fs/ecryptfs/main.c
+++ b/fs/ecryptfs/main.c
@@ -208,7 +208,6 @@ static int ecryptfs_parse_options(struct super_block *sb, char *options)
208 char *cipher_name_dst; 208 char *cipher_name_dst;
209 char *cipher_name_src; 209 char *cipher_name_src;
210 char *cipher_key_bytes_src; 210 char *cipher_key_bytes_src;
211 struct crypto_tfm *tmp_tfm;
212 int cipher_name_len; 211 int cipher_name_len;
213 212
214 if (!options) { 213 if (!options) {
@@ -305,25 +304,19 @@ static int ecryptfs_parse_options(struct super_block *sb, char *options)
305 = '\0'; 304 = '\0';
306 } 305 }
307 if (!cipher_key_bytes_set) { 306 if (!cipher_key_bytes_set) {
308 mount_crypt_stat->global_default_cipher_key_size = 307 mount_crypt_stat->global_default_cipher_key_size = 0;
309 ECRYPTFS_DEFAULT_KEY_BYTES;
310 ecryptfs_printk(KERN_DEBUG, "Cipher key size was not "
311 "specified. Defaulting to [%d]\n",
312 mount_crypt_stat->
313 global_default_cipher_key_size);
314 } 308 }
315 rc = ecryptfs_process_cipher( 309 rc = ecryptfs_process_cipher(
316 &tmp_tfm,
317 &mount_crypt_stat->global_key_tfm, 310 &mount_crypt_stat->global_key_tfm,
318 mount_crypt_stat->global_default_cipher_name, 311 mount_crypt_stat->global_default_cipher_name,
319 mount_crypt_stat->global_default_cipher_key_size); 312 &mount_crypt_stat->global_default_cipher_key_size);
320 if (tmp_tfm)
321 crypto_free_tfm(tmp_tfm);
322 if (rc) { 313 if (rc) {
323 printk(KERN_ERR "Error attempting to initialize cipher [%s] " 314 printk(KERN_ERR "Error attempting to initialize cipher [%s] "
324 "with key size [%Zd] bytes; rc = [%d]\n", 315 "with key size [%Zd] bytes; rc = [%d]\n",
325 mount_crypt_stat->global_default_cipher_name, 316 mount_crypt_stat->global_default_cipher_name,
326 mount_crypt_stat->global_default_cipher_key_size, rc); 317 mount_crypt_stat->global_default_cipher_key_size, rc);
318 mount_crypt_stat->global_key_tfm = NULL;
319 mount_crypt_stat->global_auth_tok_key = NULL;
327 rc = -EINVAL; 320 rc = -EINVAL;
328 goto out; 321 goto out;
329 } 322 }
diff --git a/fs/ecryptfs/super.c b/fs/ecryptfs/super.c
index c337c0410fb1..825757ae4867 100644
--- a/fs/ecryptfs/super.c
+++ b/fs/ecryptfs/super.c
@@ -138,23 +138,6 @@ static void ecryptfs_clear_inode(struct inode *inode)
138} 138}
139 139
140/** 140/**
141 * ecryptfs_umount_begin
142 *
143 * Called in do_umount().
144 */
145static void ecryptfs_umount_begin(struct vfsmount *vfsmnt, int flags)
146{
147 struct vfsmount *lower_mnt =
148 ecryptfs_dentry_to_lower_mnt(vfsmnt->mnt_sb->s_root);
149 struct super_block *lower_sb;
150
151 mntput(lower_mnt);
152 lower_sb = lower_mnt->mnt_sb;
153 if (lower_sb->s_op->umount_begin)
154 lower_sb->s_op->umount_begin(lower_mnt, flags);
155}
156
157/**
158 * ecryptfs_show_options 141 * ecryptfs_show_options
159 * 142 *
160 * Prints the directory we are currently mounted over. 143 * Prints the directory we are currently mounted over.
@@ -193,6 +176,5 @@ struct super_operations ecryptfs_sops = {
193 .statfs = ecryptfs_statfs, 176 .statfs = ecryptfs_statfs,
194 .remount_fs = NULL, 177 .remount_fs = NULL,
195 .clear_inode = ecryptfs_clear_inode, 178 .clear_inode = ecryptfs_clear_inode,
196 .umount_begin = ecryptfs_umount_begin,
197 .show_options = ecryptfs_show_options 179 .show_options = ecryptfs_show_options
198}; 180};
generated by cgit v1.2.2 (git 2.25.0) at 2026-01-06 09:11:45 -0500