aboutsummaryrefslogtreecommitdiffstats
path: root/fs/ecryptfs
diff options
context:
space:
mode:
authorMichael Halcrow <mhalcrow@us.ibm.com>2009-01-06 17:42:00 -0500
committerLinus Torvalds <torvalds@linux-foundation.org>2009-01-06 18:59:22 -0500
commitaddd65ad8d19a7d7982130b16f957d5d01d3f8df (patch)
tree2263b4a4b7a6269410bd161a3995d2b4af3f7bcf /fs/ecryptfs
parent51ca58dcc9f0d6b1e78954d08bd4954fb6a1421c (diff)
eCryptfs: Filename Encryption: filldir, lookup, and readlink
Make the requisite modifications to ecryptfs_filldir(), ecryptfs_lookup(), and ecryptfs_readlink() to call out to filename encryption functions. Propagate filename encryption policy flags from mount-wide crypt_stat to inode crypt_stat. Signed-off-by: Michael Halcrow <mhalcrow@us.ibm.com> Cc: Dustin Kirkland <dustin.kirkland@gmail.com> Cc: Eric Sandeen <sandeen@redhat.com> Cc: Tyler Hicks <tchicks@us.ibm.com> Cc: David Kleikamp <shaggy@us.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'fs/ecryptfs')
-rw-r--r--fs/ecryptfs/crypto.c107
-rw-r--r--fs/ecryptfs/ecryptfs_kernel.h6
-rw-r--r--fs/ecryptfs/file.c30
-rw-r--r--fs/ecryptfs/inode.c294
4 files changed, 195 insertions, 242 deletions
diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c
index 18c78abba683..ea2afd2ce222 100644
--- a/fs/ecryptfs/crypto.c
+++ b/fs/ecryptfs/crypto.c
@@ -924,6 +924,15 @@ static void ecryptfs_copy_mount_wide_flags_to_inode_flags(
924 crypt_stat->flags |= ECRYPTFS_METADATA_IN_XATTR; 924 crypt_stat->flags |= ECRYPTFS_METADATA_IN_XATTR;
925 if (mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED) 925 if (mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED)
926 crypt_stat->flags |= ECRYPTFS_VIEW_AS_ENCRYPTED; 926 crypt_stat->flags |= ECRYPTFS_VIEW_AS_ENCRYPTED;
927 if (mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES) {
928 crypt_stat->flags |= ECRYPTFS_ENCRYPT_FILENAMES;
929 if (mount_crypt_stat->flags
930 & ECRYPTFS_GLOBAL_ENCFN_USE_MOUNT_FNEK)
931 crypt_stat->flags |= ECRYPTFS_ENCFN_USE_MOUNT_FNEK;
932 else if (mount_crypt_stat->flags
933 & ECRYPTFS_GLOBAL_ENCFN_USE_FEK)
934 crypt_stat->flags |= ECRYPTFS_ENCFN_USE_FEK;
935 }
927} 936}
928 937
929static int ecryptfs_copy_mount_wide_sigs_to_inode_sigs( 938static int ecryptfs_copy_mount_wide_sigs_to_inode_sigs(
@@ -1060,7 +1069,8 @@ struct ecryptfs_flag_map_elem {
1060static struct ecryptfs_flag_map_elem ecryptfs_flag_map[] = { 1069static struct ecryptfs_flag_map_elem ecryptfs_flag_map[] = {
1061 {0x00000001, ECRYPTFS_ENABLE_HMAC}, 1070 {0x00000001, ECRYPTFS_ENABLE_HMAC},
1062 {0x00000002, ECRYPTFS_ENCRYPTED}, 1071 {0x00000002, ECRYPTFS_ENCRYPTED},
1063 {0x00000004, ECRYPTFS_METADATA_IN_XATTR} 1072 {0x00000004, ECRYPTFS_METADATA_IN_XATTR},
1073 {0x00000008, ECRYPTFS_ENCRYPT_FILENAMES}
1064}; 1074};
1065 1075
1066/** 1076/**
@@ -1213,6 +1223,8 @@ int ecryptfs_read_and_validate_header_region(char *data,
1213 &(ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat); 1223 &(ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat);
1214 int rc; 1224 int rc;
1215 1225
1226 if (crypt_stat->extent_size == 0)
1227 crypt_stat->extent_size = ECRYPTFS_DEFAULT_EXTENT_SIZE;
1216 rc = ecryptfs_read_lower(data, 0, crypt_stat->extent_size, 1228 rc = ecryptfs_read_lower(data, 0, crypt_stat->extent_size,
1217 ecryptfs_inode); 1229 ecryptfs_inode);
1218 if (rc) { 1230 if (rc) {
@@ -1222,7 +1234,6 @@ int ecryptfs_read_and_validate_header_region(char *data,
1222 } 1234 }
1223 if (!contains_ecryptfs_marker(data + ECRYPTFS_FILE_SIZE_BYTES)) { 1235 if (!contains_ecryptfs_marker(data + ECRYPTFS_FILE_SIZE_BYTES)) {
1224 rc = -EINVAL; 1236 rc = -EINVAL;
1225 ecryptfs_printk(KERN_DEBUG, "Valid marker not found\n");
1226 } 1237 }
1227out: 1238out:
1228 return rc; 1239 return rc;
@@ -1629,98 +1640,6 @@ out:
1629} 1640}
1630 1641
1631/** 1642/**
1632 * ecryptfs_encode_filename - converts a plaintext file name to cipher text
1633 * @crypt_stat: The crypt_stat struct associated with the file anem to encode
1634 * @name: The plaintext name
1635 * @length: The length of the plaintext
1636 * @encoded_name: The encypted name
1637 *
1638 * Encrypts and encodes a filename into something that constitutes a
1639 * valid filename for a filesystem, with printable characters.
1640 *
1641 * We assume that we have a properly initialized crypto context,
1642 * pointed to by crypt_stat->tfm.
1643 *
1644 * TODO: Implement filename decoding and decryption here, in place of
1645 * memcpy. We are keeping the framework around for now to (1)
1646 * facilitate testing of the components needed to implement filename
1647 * encryption and (2) to provide a code base from which other
1648 * developers in the community can easily implement this feature.
1649 *
1650 * Returns the length of encoded filename; negative if error
1651 */
1652int
1653ecryptfs_encode_filename(struct ecryptfs_crypt_stat *crypt_stat,
1654 const char *name, int length, char **encoded_name)
1655{
1656 int error = 0;
1657
1658 (*encoded_name) = kmalloc(length + 2, GFP_KERNEL);
1659 if (!(*encoded_name)) {
1660 error = -ENOMEM;
1661 goto out;
1662 }
1663 /* TODO: Filename encryption is a scheduled feature for a
1664 * future version of eCryptfs. This function is here only for
1665 * the purpose of providing a framework for other developers
1666 * to easily implement filename encryption. Hint: Replace this
1667 * memcpy() with a call to encrypt and encode the
1668 * filename, the set the length accordingly. */
1669 memcpy((void *)(*encoded_name), (void *)name, length);
1670 (*encoded_name)[length] = '\0';
1671 error = length + 1;
1672out:
1673 return error;
1674}
1675
1676/**
1677 * ecryptfs_decode_filename - converts the cipher text name to plaintext
1678 * @crypt_stat: The crypt_stat struct associated with the file
1679 * @name: The filename in cipher text
1680 * @length: The length of the cipher text name
1681 * @decrypted_name: The plaintext name
1682 *
1683 * Decodes and decrypts the filename.
1684 *
1685 * We assume that we have a properly initialized crypto context,
1686 * pointed to by crypt_stat->tfm.
1687 *
1688 * TODO: Implement filename decoding and decryption here, in place of
1689 * memcpy. We are keeping the framework around for now to (1)
1690 * facilitate testing of the components needed to implement filename
1691 * encryption and (2) to provide a code base from which other
1692 * developers in the community can easily implement this feature.
1693 *
1694 * Returns the length of decoded filename; negative if error
1695 */
1696int
1697ecryptfs_decode_filename(struct ecryptfs_crypt_stat *crypt_stat,
1698 const char *name, int length, char **decrypted_name)
1699{
1700 int error = 0;
1701
1702 (*decrypted_name) = kmalloc(length + 2, GFP_KERNEL);
1703 if (!(*decrypted_name)) {
1704 error = -ENOMEM;
1705 goto out;
1706 }
1707 /* TODO: Filename encryption is a scheduled feature for a
1708 * future version of eCryptfs. This function is here only for
1709 * the purpose of providing a framework for other developers
1710 * to easily implement filename encryption. Hint: Replace this
1711 * memcpy() with a call to decode and decrypt the
1712 * filename, the set the length accordingly. */
1713 memcpy((void *)(*decrypted_name), (void *)name, length);
1714 (*decrypted_name)[length + 1] = '\0'; /* Only for convenience
1715 * in printing out the
1716 * string in debug
1717 * messages */
1718 error = length;
1719out:
1720 return error;
1721}
1722
1723/**
1724 * ecryptfs_encrypt_filename - encrypt filename 1643 * ecryptfs_encrypt_filename - encrypt filename
1725 * 1644 *
1726 * CBC-encrypts the filename. We do not want to encrypt the same 1645 * CBC-encrypts the filename. We do not want to encrypt the same
diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h
index b648175a44cd..c11fc95714ab 100644
--- a/fs/ecryptfs/ecryptfs_kernel.h
+++ b/fs/ecryptfs/ecryptfs_kernel.h
@@ -627,12 +627,6 @@ int ecryptfs_decode_and_decrypt_filename(char **decrypted_name,
627 struct dentry *ecryptfs_dentry, 627 struct dentry *ecryptfs_dentry,
628 const char *name, size_t name_size); 628 const char *name, size_t name_size);
629int ecryptfs_fill_zeros(struct file *file, loff_t new_length); 629int ecryptfs_fill_zeros(struct file *file, loff_t new_length);
630int ecryptfs_decode_filename(struct ecryptfs_crypt_stat *crypt_stat,
631 const char *name, int length,
632 char **decrypted_name);
633int ecryptfs_encode_filename(struct ecryptfs_crypt_stat *crypt_stat,
634 const char *name, int length,
635 char **encoded_name);
636int ecryptfs_encrypt_and_encode_filename( 630int ecryptfs_encrypt_and_encode_filename(
637 char **encoded_name, 631 char **encoded_name,
638 size_t *encoded_name_size, 632 size_t *encoded_name_size,
diff --git a/fs/ecryptfs/file.c b/fs/ecryptfs/file.c
index 713834371229..567eb4bee1b6 100644
--- a/fs/ecryptfs/file.c
+++ b/fs/ecryptfs/file.c
@@ -77,27 +77,27 @@ struct ecryptfs_getdents_callback {
77 77
78/* Inspired by generic filldir in fs/readdir.c */ 78/* Inspired by generic filldir in fs/readdir.c */
79static int 79static int
80ecryptfs_filldir(void *dirent, const char *name, int namelen, loff_t offset, 80ecryptfs_filldir(void *dirent, const char *lower_name, int lower_namelen,
81 u64 ino, unsigned int d_type) 81 loff_t offset, u64 ino, unsigned int d_type)
82{ 82{
83 struct ecryptfs_crypt_stat *crypt_stat;
84 struct ecryptfs_getdents_callback *buf = 83 struct ecryptfs_getdents_callback *buf =
85 (struct ecryptfs_getdents_callback *)dirent; 84 (struct ecryptfs_getdents_callback *)dirent;
85 int name_size;
86 char *name;
86 int rc; 87 int rc;
87 int decoded_length;
88 char *decoded_name;
89 88
90 crypt_stat = ecryptfs_dentry_to_private(buf->dentry)->crypt_stat;
91 buf->filldir_called++; 89 buf->filldir_called++;
92 decoded_length = ecryptfs_decode_filename(crypt_stat, name, namelen, 90 rc = ecryptfs_decode_and_decrypt_filename(&name, &name_size,
93 &decoded_name); 91 buf->dentry, lower_name,
94 if (decoded_length < 0) { 92 lower_namelen);
95 rc = decoded_length; 93 if (rc) {
94 printk(KERN_ERR "%s: Error attempting to decode and decrypt "
95 "filename [%s]; rc = [%d]\n", __func__, lower_name,
96 rc);
96 goto out; 97 goto out;
97 } 98 }
98 rc = buf->filldir(buf->dirent, decoded_name, decoded_length, offset, 99 rc = buf->filldir(buf->dirent, name, name_size, offset, ino, d_type);
99 ino, d_type); 100 kfree(name);
100 kfree(decoded_name);
101 if (rc >= 0) 101 if (rc >= 0)
102 buf->entries_written++; 102 buf->entries_written++;
103out: 103out:
@@ -106,8 +106,8 @@ out:
106 106
107/** 107/**
108 * ecryptfs_readdir 108 * ecryptfs_readdir
109 * @file: The ecryptfs file struct 109 * @file: The eCryptfs directory file
110 * @dirent: Directory entry 110 * @dirent: Directory entry handle
111 * @filldir: The filldir callback function 111 * @filldir: The filldir callback function
112 */ 112 */
113static int ecryptfs_readdir(struct file *file, void *dirent, filldir_t filldir) 113static int ecryptfs_readdir(struct file *file, void *dirent, filldir_t filldir)
diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c
index 0111906a8877..38309ce94d71 100644
--- a/fs/ecryptfs/inode.c
+++ b/fs/ecryptfs/inode.c
@@ -228,8 +228,7 @@ ecryptfs_create(struct inode *directory_inode, struct dentry *ecryptfs_dentry,
228{ 228{
229 int rc; 229 int rc;
230 230
231 /* ecryptfs_do_create() calls ecryptfs_interpose(), which opens 231 /* ecryptfs_do_create() calls ecryptfs_interpose() */
232 * the crypt_stat->lower_file (persistent file) */
233 rc = ecryptfs_do_create(directory_inode, ecryptfs_dentry, mode, nd); 232 rc = ecryptfs_do_create(directory_inode, ecryptfs_dentry, mode, nd);
234 if (unlikely(rc)) { 233 if (unlikely(rc)) {
235 ecryptfs_printk(KERN_WARNING, "Failed to create file in" 234 ecryptfs_printk(KERN_WARNING, "Failed to create file in"
@@ -244,141 +243,91 @@ out:
244} 243}
245 244
246/** 245/**
247 * ecryptfs_lookup 246 * ecryptfs_lookup_and_interpose_lower - Perform a lookup
248 * @dir: inode
249 * @dentry: The dentry
250 * @nd: nameidata, may be NULL
251 *
252 * Find a file on disk. If the file does not exist, then we'll add it to the
253 * dentry cache and continue on to read it from the disk.
254 */ 247 */
255static struct dentry *ecryptfs_lookup(struct inode *dir, struct dentry *dentry, 248int ecryptfs_lookup_and_interpose_lower(struct dentry *ecryptfs_dentry,
256 struct nameidata *nd) 249 struct dentry *lower_dentry,
250 struct ecryptfs_crypt_stat *crypt_stat,
251 struct inode *ecryptfs_dir_inode,
252 struct nameidata *ecryptfs_nd)
257{ 253{
258 int rc = 0;
259 struct dentry *lower_dir_dentry; 254 struct dentry *lower_dir_dentry;
260 struct dentry *lower_dentry;
261 struct vfsmount *lower_mnt; 255 struct vfsmount *lower_mnt;
262 char *encoded_name; 256 struct inode *lower_inode;
263 int encoded_namelen;
264 struct ecryptfs_crypt_stat *crypt_stat = NULL;
265 struct ecryptfs_mount_crypt_stat *mount_crypt_stat; 257 struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
266 char *page_virt = NULL; 258 char *page_virt = NULL;
267 struct inode *lower_inode;
268 u64 file_size; 259 u64 file_size;
260 int rc = 0;
269 261
270 lower_dir_dentry = ecryptfs_dentry_to_lower(dentry->d_parent); 262 lower_dir_dentry = lower_dentry->d_parent;
271 dentry->d_op = &ecryptfs_dops; 263 lower_mnt = mntget(ecryptfs_dentry_to_lower_mnt(
272 if ((dentry->d_name.len == 1 && !strcmp(dentry->d_name.name, ".")) 264 ecryptfs_dentry->d_parent));
273 || (dentry->d_name.len == 2
274 && !strcmp(dentry->d_name.name, ".."))) {
275 d_drop(dentry);
276 goto out;
277 }
278 encoded_namelen = ecryptfs_encode_filename(crypt_stat,
279 dentry->d_name.name,
280 dentry->d_name.len,
281 &encoded_name);
282 if (encoded_namelen < 0) {
283 rc = encoded_namelen;
284 d_drop(dentry);
285 goto out;
286 }
287 ecryptfs_printk(KERN_DEBUG, "encoded_name = [%s]; encoded_namelen "
288 "= [%d]\n", encoded_name, encoded_namelen);
289 lower_dentry = lookup_one_len(encoded_name, lower_dir_dentry,
290 encoded_namelen - 1);
291 kfree(encoded_name);
292 if (IS_ERR(lower_dentry)) {
293 ecryptfs_printk(KERN_ERR, "ERR from lower_dentry\n");
294 rc = PTR_ERR(lower_dentry);
295 d_drop(dentry);
296 goto out;
297 }
298 lower_mnt = mntget(ecryptfs_dentry_to_lower_mnt(dentry->d_parent));
299 ecryptfs_printk(KERN_DEBUG, "lower_dentry = [%p]; lower_dentry->"
300 "d_name.name = [%s]\n", lower_dentry,
301 lower_dentry->d_name.name);
302 lower_inode = lower_dentry->d_inode; 265 lower_inode = lower_dentry->d_inode;
303 fsstack_copy_attr_atime(dir, lower_dir_dentry->d_inode); 266 fsstack_copy_attr_atime(ecryptfs_dir_inode, lower_dir_dentry->d_inode);
304 BUG_ON(!atomic_read(&lower_dentry->d_count)); 267 BUG_ON(!atomic_read(&lower_dentry->d_count));
305 ecryptfs_set_dentry_private(dentry, 268 ecryptfs_set_dentry_private(ecryptfs_dentry,
306 kmem_cache_alloc(ecryptfs_dentry_info_cache, 269 kmem_cache_alloc(ecryptfs_dentry_info_cache,
307 GFP_KERNEL)); 270 GFP_KERNEL));
308 if (!ecryptfs_dentry_to_private(dentry)) { 271 if (!ecryptfs_dentry_to_private(ecryptfs_dentry)) {
309 rc = -ENOMEM; 272 rc = -ENOMEM;
310 ecryptfs_printk(KERN_ERR, "Out of memory whilst attempting " 273 printk(KERN_ERR "%s: Out of memory whilst attempting "
311 "to allocate ecryptfs_dentry_info struct\n"); 274 "to allocate ecryptfs_dentry_info struct\n",
275 __func__);
312 goto out_dput; 276 goto out_dput;
313 } 277 }
314 ecryptfs_set_dentry_lower(dentry, lower_dentry); 278 ecryptfs_set_dentry_lower(ecryptfs_dentry, lower_dentry);
315 ecryptfs_set_dentry_lower_mnt(dentry, lower_mnt); 279 ecryptfs_set_dentry_lower_mnt(ecryptfs_dentry, lower_mnt);
316 if (!lower_dentry->d_inode) { 280 if (!lower_dentry->d_inode) {
317 /* We want to add because we couldn't find in lower */ 281 /* We want to add because we couldn't find in lower */
318 d_add(dentry, NULL); 282 d_add(ecryptfs_dentry, NULL);
319 goto out; 283 goto out;
320 } 284 }
321 rc = ecryptfs_interpose(lower_dentry, dentry, dir->i_sb, 285 rc = ecryptfs_interpose(lower_dentry, ecryptfs_dentry,
322 ECRYPTFS_INTERPOSE_FLAG_D_ADD); 286 ecryptfs_dir_inode->i_sb, 1);
323 if (rc) { 287 if (rc) {
324 ecryptfs_printk(KERN_ERR, "Error interposing\n"); 288 printk(KERN_ERR "%s: Error interposing; rc = [%d]\n",
289 __func__, rc);
325 goto out; 290 goto out;
326 } 291 }
327 if (S_ISDIR(lower_inode->i_mode)) { 292 if (S_ISDIR(lower_inode->i_mode))
328 ecryptfs_printk(KERN_DEBUG, "Is a directory; returning\n");
329 goto out; 293 goto out;
330 } 294 if (S_ISLNK(lower_inode->i_mode))
331 if (S_ISLNK(lower_inode->i_mode)) {
332 ecryptfs_printk(KERN_DEBUG, "Is a symlink; returning\n");
333 goto out; 295 goto out;
334 } 296 if (special_file(lower_inode->i_mode))
335 if (special_file(lower_inode->i_mode)) {
336 ecryptfs_printk(KERN_DEBUG, "Is a special file; returning\n");
337 goto out; 297 goto out;
338 } 298 if (!ecryptfs_nd)
339 if (!nd) {
340 ecryptfs_printk(KERN_DEBUG, "We have a NULL nd, just leave"
341 "as we *think* we are about to unlink\n");
342 goto out; 299 goto out;
343 }
344 /* Released in this function */ 300 /* Released in this function */
345 page_virt = kmem_cache_zalloc(ecryptfs_header_cache_2, 301 page_virt = kmem_cache_zalloc(ecryptfs_header_cache_2, GFP_USER);
346 GFP_USER);
347 if (!page_virt) { 302 if (!page_virt) {
303 printk(KERN_ERR "%s: Cannot kmem_cache_zalloc() a page\n",
304 __func__);
348 rc = -ENOMEM; 305 rc = -ENOMEM;
349 ecryptfs_printk(KERN_ERR,
350 "Cannot ecryptfs_kmalloc a page\n");
351 goto out; 306 goto out;
352 } 307 }
353 crypt_stat = &ecryptfs_inode_to_private(dentry->d_inode)->crypt_stat; 308 if (!ecryptfs_inode_to_private(ecryptfs_dentry->d_inode)->lower_file) {
354 if (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED)) 309 rc = ecryptfs_init_persistent_file(ecryptfs_dentry);
355 ecryptfs_set_default_sizes(crypt_stat);
356 if (!ecryptfs_inode_to_private(dentry->d_inode)->lower_file) {
357 rc = ecryptfs_init_persistent_file(dentry);
358 if (rc) { 310 if (rc) {
359 printk(KERN_ERR "%s: Error attempting to initialize " 311 printk(KERN_ERR "%s: Error attempting to initialize "
360 "the persistent file for the dentry with name " 312 "the persistent file for the dentry with name "
361 "[%s]; rc = [%d]\n", __func__, 313 "[%s]; rc = [%d]\n", __func__,
362 dentry->d_name.name, rc); 314 ecryptfs_dentry->d_name.name, rc);
363 goto out; 315 goto out_free_kmem;
364 } 316 }
365 } 317 }
366 rc = ecryptfs_read_and_validate_header_region(page_virt, 318 rc = ecryptfs_read_and_validate_header_region(page_virt,
367 dentry->d_inode); 319 ecryptfs_dentry->d_inode);
368 if (rc) { 320 if (rc) {
369 rc = ecryptfs_read_and_validate_xattr_region(page_virt, dentry); 321 rc = ecryptfs_read_and_validate_xattr_region(page_virt,
322 ecryptfs_dentry);
370 if (rc) { 323 if (rc) {
371 printk(KERN_DEBUG "Valid metadata not found in header "
372 "region or xattr region; treating file as "
373 "unencrypted\n");
374 rc = 0; 324 rc = 0;
375 kmem_cache_free(ecryptfs_header_cache_2, page_virt); 325 goto out_free_kmem;
376 goto out;
377 } 326 }
378 crypt_stat->flags |= ECRYPTFS_METADATA_IN_XATTR; 327 crypt_stat->flags |= ECRYPTFS_METADATA_IN_XATTR;
379 } 328 }
380 mount_crypt_stat = &ecryptfs_superblock_to_private( 329 mount_crypt_stat = &ecryptfs_superblock_to_private(
381 dentry->d_sb)->mount_crypt_stat; 330 ecryptfs_dentry->d_sb)->mount_crypt_stat;
382 if (mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED) { 331 if (mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED) {
383 if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR) 332 if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR)
384 file_size = (crypt_stat->num_header_bytes_at_front 333 file_size = (crypt_stat->num_header_bytes_at_front
@@ -388,14 +337,103 @@ static struct dentry *ecryptfs_lookup(struct inode *dir, struct dentry *dentry,
388 } else { 337 } else {
389 file_size = get_unaligned_be64(page_virt); 338 file_size = get_unaligned_be64(page_virt);
390 } 339 }
391 i_size_write(dentry->d_inode, (loff_t)file_size); 340 i_size_write(ecryptfs_dentry->d_inode, (loff_t)file_size);
341out_free_kmem:
392 kmem_cache_free(ecryptfs_header_cache_2, page_virt); 342 kmem_cache_free(ecryptfs_header_cache_2, page_virt);
393 goto out; 343 goto out;
394
395out_dput: 344out_dput:
396 dput(lower_dentry); 345 dput(lower_dentry);
397 d_drop(dentry); 346 d_drop(ecryptfs_dentry);
398out: 347out:
348 return rc;
349}
350
351/**
352 * ecryptfs_lookup
353 * @ecryptfs_dir_inode: The eCryptfs directory inode
354 * @ecryptfs_dentry: The eCryptfs dentry that we are looking up
355 * @ecryptfs_nd: nameidata; may be NULL
356 *
357 * Find a file on disk. If the file does not exist, then we'll add it to the
358 * dentry cache and continue on to read it from the disk.
359 */
360static struct dentry *ecryptfs_lookup(struct inode *ecryptfs_dir_inode,
361 struct dentry *ecryptfs_dentry,
362 struct nameidata *ecryptfs_nd)
363{
364 char *encrypted_and_encoded_name = NULL;
365 int encrypted_and_encoded_name_size;
366 struct ecryptfs_crypt_stat *crypt_stat = NULL;
367 struct ecryptfs_mount_crypt_stat *mount_crypt_stat = NULL;
368 struct ecryptfs_inode_info *inode_info;
369 struct dentry *lower_dir_dentry, *lower_dentry;
370 int rc = 0;
371
372 ecryptfs_dentry->d_op = &ecryptfs_dops;
373 if ((ecryptfs_dentry->d_name.len == 1
374 && !strcmp(ecryptfs_dentry->d_name.name, "."))
375 || (ecryptfs_dentry->d_name.len == 2
376 && !strcmp(ecryptfs_dentry->d_name.name, ".."))) {
377 goto out_d_drop;
378 }
379 lower_dir_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry->d_parent);
380 lower_dentry = lookup_one_len(ecryptfs_dentry->d_name.name,
381 lower_dir_dentry,
382 ecryptfs_dentry->d_name.len);
383 if (IS_ERR(lower_dentry)) {
384 rc = PTR_ERR(lower_dentry);
385 printk(KERN_ERR "%s: lookup_one_len() returned [%d] on "
386 "lower_dentry = [%s]\n", __func__, rc,
387 ecryptfs_dentry->d_name.name);
388 goto out_d_drop;
389 }
390 if (lower_dentry->d_inode)
391 goto lookup_and_interpose;
392 inode_info = ecryptfs_inode_to_private(ecryptfs_dentry->d_inode);
393 if (inode_info) {
394 crypt_stat = &inode_info->crypt_stat;
395 /* TODO: lock for crypt_stat comparison */
396 if (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED))
397 ecryptfs_set_default_sizes(crypt_stat);
398 }
399 if (crypt_stat)
400 mount_crypt_stat = crypt_stat->mount_crypt_stat;
401 else
402 mount_crypt_stat = &ecryptfs_superblock_to_private(
403 ecryptfs_dentry->d_sb)->mount_crypt_stat;
404 if (!(crypt_stat && (crypt_stat->flags & ECRYPTFS_ENCRYPT_FILENAMES))
405 && !(mount_crypt_stat && (mount_crypt_stat->flags
406 & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES)))
407 goto lookup_and_interpose;
408 dput(lower_dentry);
409 rc = ecryptfs_encrypt_and_encode_filename(
410 &encrypted_and_encoded_name, &encrypted_and_encoded_name_size,
411 crypt_stat, mount_crypt_stat, ecryptfs_dentry->d_name.name,
412 ecryptfs_dentry->d_name.len);
413 if (rc) {
414 printk(KERN_ERR "%s: Error attempting to encrypt and encode "
415 "filename; rc = [%d]\n", __func__, rc);
416 goto out_d_drop;
417 }
418 lower_dentry = lookup_one_len(encrypted_and_encoded_name,
419 lower_dir_dentry,
420 encrypted_and_encoded_name_size - 1);
421 if (IS_ERR(lower_dentry)) {
422 rc = PTR_ERR(lower_dentry);
423 printk(KERN_ERR "%s: lookup_one_len() returned [%d] on "
424 "lower_dentry = [%s]\n", __func__, rc,
425 encrypted_and_encoded_name);
426 goto out_d_drop;
427 }
428lookup_and_interpose:
429 rc = ecryptfs_lookup_and_interpose_lower(ecryptfs_dentry, lower_dentry,
430 crypt_stat, ecryptfs_dir_inode,
431 ecryptfs_nd);
432 goto out;
433out_d_drop:
434 d_drop(ecryptfs_dentry);
435out:
436 kfree(encrypted_and_encoded_name);
399 return ERR_PTR(rc); 437 return ERR_PTR(rc);
400} 438}
401 439
@@ -466,19 +504,21 @@ static int ecryptfs_symlink(struct inode *dir, struct dentry *dentry,
466 struct dentry *lower_dentry; 504 struct dentry *lower_dentry;
467 struct dentry *lower_dir_dentry; 505 struct dentry *lower_dir_dentry;
468 char *encoded_symname; 506 char *encoded_symname;
469 int encoded_symlen; 507 size_t encoded_symlen;
470 struct ecryptfs_crypt_stat *crypt_stat = NULL; 508 struct ecryptfs_mount_crypt_stat *mount_crypt_stat = NULL;
471 509
472 lower_dentry = ecryptfs_dentry_to_lower(dentry); 510 lower_dentry = ecryptfs_dentry_to_lower(dentry);
473 dget(lower_dentry); 511 dget(lower_dentry);
474 lower_dir_dentry = lock_parent(lower_dentry); 512 lower_dir_dentry = lock_parent(lower_dentry);
475 encoded_symlen = ecryptfs_encode_filename(crypt_stat, symname, 513 mount_crypt_stat = &ecryptfs_superblock_to_private(
476 strlen(symname), 514 dir->i_sb)->mount_crypt_stat;
477 &encoded_symname); 515 rc = ecryptfs_encrypt_and_encode_filename(&encoded_symname,
478 if (encoded_symlen < 0) { 516 &encoded_symlen,
479 rc = encoded_symlen; 517 NULL,
518 mount_crypt_stat, symname,
519 strlen(symname));
520 if (rc)
480 goto out_lock; 521 goto out_lock;
481 }
482 rc = vfs_symlink(lower_dir_dentry->d_inode, lower_dentry, 522 rc = vfs_symlink(lower_dir_dentry->d_inode, lower_dentry,
483 encoded_symname); 523 encoded_symname);
484 kfree(encoded_symname); 524 kfree(encoded_symname);
@@ -602,52 +642,54 @@ out_lock:
602} 642}
603 643
604static int 644static int
605ecryptfs_readlink(struct dentry *dentry, char __user * buf, int bufsiz) 645ecryptfs_readlink(struct dentry *dentry, char __user *buf, int bufsiz)
606{ 646{
607 int rc;
608 struct dentry *lower_dentry;
609 char *decoded_name;
610 char *lower_buf; 647 char *lower_buf;
611 mm_segment_t old_fs; 648 struct dentry *lower_dentry;
612 struct ecryptfs_crypt_stat *crypt_stat; 649 struct ecryptfs_crypt_stat *crypt_stat;
650 char *plaintext_name;
651 size_t plaintext_name_size;
652 mm_segment_t old_fs;
653 int rc;
613 654
614 lower_dentry = ecryptfs_dentry_to_lower(dentry); 655 lower_dentry = ecryptfs_dentry_to_lower(dentry);
615 if (!lower_dentry->d_inode->i_op->readlink) { 656 if (!lower_dentry->d_inode->i_op->readlink) {
616 rc = -EINVAL; 657 rc = -EINVAL;
617 goto out; 658 goto out;
618 } 659 }
660 crypt_stat = &ecryptfs_inode_to_private(dentry->d_inode)->crypt_stat;
619 /* Released in this function */ 661 /* Released in this function */
620 lower_buf = kmalloc(bufsiz, GFP_KERNEL); 662 lower_buf = kmalloc(bufsiz, GFP_KERNEL);
621 if (lower_buf == NULL) { 663 if (lower_buf == NULL) {
622 ecryptfs_printk(KERN_ERR, "Out of memory\n"); 664 printk(KERN_ERR "%s: Out of memory whilst attempting to "
665 "kmalloc [%d] bytes\n", __func__, bufsiz);
623 rc = -ENOMEM; 666 rc = -ENOMEM;
624 goto out; 667 goto out;
625 } 668 }
626 old_fs = get_fs(); 669 old_fs = get_fs();
627 set_fs(get_ds()); 670 set_fs(get_ds());
628 ecryptfs_printk(KERN_DEBUG, "Calling readlink w/ "
629 "lower_dentry->d_name.name = [%s]\n",
630 lower_dentry->d_name.name);
631 rc = lower_dentry->d_inode->i_op->readlink(lower_dentry, 671 rc = lower_dentry->d_inode->i_op->readlink(lower_dentry,
632 (char __user *)lower_buf, 672 (char __user *)lower_buf,
633 bufsiz); 673 bufsiz);
634 set_fs(old_fs); 674 set_fs(old_fs);
635 if (rc >= 0) { 675 if (rc >= 0) {
636 crypt_stat = NULL; 676 rc = ecryptfs_decode_and_decrypt_filename(&plaintext_name,
637 rc = ecryptfs_decode_filename(crypt_stat, lower_buf, rc, 677 &plaintext_name_size,
638 &decoded_name); 678 dentry, lower_buf,
639 if (rc == -ENOMEM) 679 rc);
680 if (rc) {
681 printk(KERN_ERR "%s: Error attempting to decode and "
682 "decrypt filename; rc = [%d]\n", __func__,
683 rc);
640 goto out_free_lower_buf; 684 goto out_free_lower_buf;
641 if (rc > 0) {
642 ecryptfs_printk(KERN_DEBUG, "Copying [%d] bytes "
643 "to userspace: [%*s]\n", rc,
644 decoded_name);
645 if (copy_to_user(buf, decoded_name, rc))
646 rc = -EFAULT;
647 } 685 }
648 kfree(decoded_name); 686 rc = copy_to_user(buf, plaintext_name, plaintext_name_size);
649 fsstack_copy_attr_atime(dentry->d_inode, 687 if (rc)
650 lower_dentry->d_inode); 688 rc = -EFAULT;
689 else
690 rc = plaintext_name_size;
691 kfree(plaintext_name);
692 fsstack_copy_attr_atime(dentry->d_inode, lower_dentry->d_inode);
651 } 693 }
652out_free_lower_buf: 694out_free_lower_buf:
653 kfree(lower_buf); 695 kfree(lower_buf);
@@ -669,8 +711,6 @@ static void *ecryptfs_follow_link(struct dentry *dentry, struct nameidata *nd)
669 } 711 }
670 old_fs = get_fs(); 712 old_fs = get_fs();
671 set_fs(get_ds()); 713 set_fs(get_ds());
672 ecryptfs_printk(KERN_DEBUG, "Calling readlink w/ "
673 "dentry->d_name.name = [%s]\n", dentry->d_name.name);
674 rc = dentry->d_inode->i_op->readlink(dentry, (char __user *)buf, len); 714 rc = dentry->d_inode->i_op->readlink(dentry, (char __user *)buf, len);
675 set_fs(old_fs); 715 set_fs(old_fs);
676 if (rc < 0) 716 if (rc < 0)