aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--fs/ecryptfs/crypto.c37
-rw-r--r--fs/ecryptfs/debug.c6
-rw-r--r--fs/ecryptfs/ecryptfs_kernel.h3
-rw-r--r--fs/ecryptfs/file.c17
-rw-r--r--fs/ecryptfs/inode.c14
-rw-r--r--fs/ecryptfs/keystore.c32
-rw-r--r--fs/ecryptfs/mmap.c8
7 files changed, 49 insertions, 68 deletions
diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c
index b817a1a39e70..6ac630625b70 100644
--- a/fs/ecryptfs/crypto.c
+++ b/fs/ecryptfs/crypto.c
@@ -207,7 +207,7 @@ ecryptfs_init_crypt_stat(struct ecryptfs_crypt_stat *crypt_stat)
207 mutex_init(&crypt_stat->cs_mutex); 207 mutex_init(&crypt_stat->cs_mutex);
208 mutex_init(&crypt_stat->cs_tfm_mutex); 208 mutex_init(&crypt_stat->cs_tfm_mutex);
209 mutex_init(&crypt_stat->cs_hash_tfm_mutex); 209 mutex_init(&crypt_stat->cs_hash_tfm_mutex);
210 ECRYPTFS_SET_FLAG(crypt_stat->flags, ECRYPTFS_STRUCT_INITIALIZED); 210 crypt_stat->flags |= ECRYPTFS_STRUCT_INITIALIZED;
211} 211}
212 212
213/** 213/**
@@ -305,8 +305,7 @@ static int encrypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat,
305 int rc = 0; 305 int rc = 0;
306 306
307 BUG_ON(!crypt_stat || !crypt_stat->tfm 307 BUG_ON(!crypt_stat || !crypt_stat->tfm
308 || !ECRYPTFS_CHECK_FLAG(crypt_stat->flags, 308 || !(crypt_stat->flags & ECRYPTFS_STRUCT_INITIALIZED));
309 ECRYPTFS_STRUCT_INITIALIZED));
310 if (unlikely(ecryptfs_verbosity > 0)) { 309 if (unlikely(ecryptfs_verbosity > 0)) {
311 ecryptfs_printk(KERN_DEBUG, "Key size [%d]; key:\n", 310 ecryptfs_printk(KERN_DEBUG, "Key size [%d]; key:\n",
312 crypt_stat->key_size); 311 crypt_stat->key_size);
@@ -485,7 +484,7 @@ int ecryptfs_encrypt_page(struct ecryptfs_page_crypt_context *ctx)
485 lower_inode = ecryptfs_inode_to_lower(ctx->page->mapping->host); 484 lower_inode = ecryptfs_inode_to_lower(ctx->page->mapping->host);
486 inode_info = ecryptfs_inode_to_private(ctx->page->mapping->host); 485 inode_info = ecryptfs_inode_to_private(ctx->page->mapping->host);
487 crypt_stat = &inode_info->crypt_stat; 486 crypt_stat = &inode_info->crypt_stat;
488 if (!ECRYPTFS_CHECK_FLAG(crypt_stat->flags, ECRYPTFS_ENCRYPTED)) { 487 if (!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) {
489 rc = ecryptfs_copy_page_to_lower(ctx->page, lower_inode, 488 rc = ecryptfs_copy_page_to_lower(ctx->page, lower_inode,
490 ctx->param.lower_file); 489 ctx->param.lower_file);
491 if (rc) 490 if (rc)
@@ -617,7 +616,7 @@ int ecryptfs_decrypt_page(struct file *file, struct page *page)
617 crypt_stat = &(ecryptfs_inode_to_private( 616 crypt_stat = &(ecryptfs_inode_to_private(
618 page->mapping->host)->crypt_stat); 617 page->mapping->host)->crypt_stat);
619 lower_inode = ecryptfs_inode_to_lower(page->mapping->host); 618 lower_inode = ecryptfs_inode_to_lower(page->mapping->host);
620 if (!ECRYPTFS_CHECK_FLAG(crypt_stat->flags, ECRYPTFS_ENCRYPTED)) { 619 if (!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) {
621 rc = ecryptfs_do_readpage(file, page, page->index); 620 rc = ecryptfs_do_readpage(file, page, page->index);
622 if (rc) 621 if (rc)
623 ecryptfs_printk(KERN_ERR, "Error attempting to copy " 622 ecryptfs_printk(KERN_ERR, "Error attempting to copy "
@@ -882,7 +881,7 @@ int ecryptfs_compute_root_iv(struct ecryptfs_crypt_stat *crypt_stat)
882 881
883 BUG_ON(crypt_stat->iv_bytes > MD5_DIGEST_SIZE); 882 BUG_ON(crypt_stat->iv_bytes > MD5_DIGEST_SIZE);
884 BUG_ON(crypt_stat->iv_bytes <= 0); 883 BUG_ON(crypt_stat->iv_bytes <= 0);
885 if (!ECRYPTFS_CHECK_FLAG(crypt_stat->flags, ECRYPTFS_KEY_VALID)) { 884 if (!(crypt_stat->flags & ECRYPTFS_KEY_VALID)) {
886 rc = -EINVAL; 885 rc = -EINVAL;
887 ecryptfs_printk(KERN_WARNING, "Session key not valid; " 886 ecryptfs_printk(KERN_WARNING, "Session key not valid; "
888 "cannot generate root IV\n"); 887 "cannot generate root IV\n");
@@ -899,8 +898,7 @@ int ecryptfs_compute_root_iv(struct ecryptfs_crypt_stat *crypt_stat)
899out: 898out:
900 if (rc) { 899 if (rc) {
901 memset(crypt_stat->root_iv, 0, crypt_stat->iv_bytes); 900 memset(crypt_stat->root_iv, 0, crypt_stat->iv_bytes);
902 ECRYPTFS_SET_FLAG(crypt_stat->flags, 901 crypt_stat->flags |= ECRYPTFS_SECURITY_WARNING;
903 ECRYPTFS_SECURITY_WARNING);
904 } 902 }
905 return rc; 903 return rc;
906} 904}
@@ -908,7 +906,7 @@ out:
908static void ecryptfs_generate_new_key(struct ecryptfs_crypt_stat *crypt_stat) 906static void ecryptfs_generate_new_key(struct ecryptfs_crypt_stat *crypt_stat)
909{ 907{
910 get_random_bytes(crypt_stat->key, crypt_stat->key_size); 908 get_random_bytes(crypt_stat->key, crypt_stat->key_size);
911 ECRYPTFS_SET_FLAG(crypt_stat->flags, ECRYPTFS_KEY_VALID); 909 crypt_stat->flags |= ECRYPTFS_KEY_VALID;
912 ecryptfs_compute_root_iv(crypt_stat); 910 ecryptfs_compute_root_iv(crypt_stat);
913 if (unlikely(ecryptfs_verbosity > 0)) { 911 if (unlikely(ecryptfs_verbosity > 0)) {
914 ecryptfs_printk(KERN_DEBUG, "Generated new session key:\n"); 912 ecryptfs_printk(KERN_DEBUG, "Generated new session key:\n");
@@ -948,7 +946,7 @@ static void ecryptfs_set_default_crypt_stat_vals(
948 ecryptfs_set_default_sizes(crypt_stat); 946 ecryptfs_set_default_sizes(crypt_stat);
949 strcpy(crypt_stat->cipher, ECRYPTFS_DEFAULT_CIPHER); 947 strcpy(crypt_stat->cipher, ECRYPTFS_DEFAULT_CIPHER);
950 crypt_stat->key_size = ECRYPTFS_DEFAULT_KEY_BYTES; 948 crypt_stat->key_size = ECRYPTFS_DEFAULT_KEY_BYTES;
951 ECRYPTFS_CLEAR_FLAG(crypt_stat->flags, ECRYPTFS_KEY_VALID); 949 crypt_stat->flags &= ~(ECRYPTFS_KEY_VALID);
952 crypt_stat->file_version = ECRYPTFS_FILE_VERSION; 950 crypt_stat->file_version = ECRYPTFS_FILE_VERSION;
953 crypt_stat->mount_crypt_stat = mount_crypt_stat; 951 crypt_stat->mount_crypt_stat = mount_crypt_stat;
954} 952}
@@ -988,8 +986,8 @@ int ecryptfs_new_file_context(struct dentry *ecryptfs_dentry)
988 if (mount_crypt_stat->global_auth_tok) { 986 if (mount_crypt_stat->global_auth_tok) {
989 ecryptfs_printk(KERN_DEBUG, "Initializing context for new " 987 ecryptfs_printk(KERN_DEBUG, "Initializing context for new "
990 "file using mount_crypt_stat\n"); 988 "file using mount_crypt_stat\n");
991 ECRYPTFS_SET_FLAG(crypt_stat->flags, ECRYPTFS_ENCRYPTED); 989 crypt_stat->flags |= ECRYPTFS_ENCRYPTED;
992 ECRYPTFS_SET_FLAG(crypt_stat->flags, ECRYPTFS_KEY_VALID); 990 crypt_stat->flags |= ECRYPTFS_KEY_VALID;
993 ecryptfs_copy_mount_wide_flags_to_inode_flags(crypt_stat, 991 ecryptfs_copy_mount_wide_flags_to_inode_flags(crypt_stat,
994 mount_crypt_stat); 992 mount_crypt_stat);
995 memcpy(crypt_stat->keysigs[crypt_stat->num_keysigs++], 993 memcpy(crypt_stat->keysigs[crypt_stat->num_keysigs++],
@@ -1074,11 +1072,9 @@ static int ecryptfs_process_flags(struct ecryptfs_crypt_stat *crypt_stat,
1074 for (i = 0; i < ((sizeof(ecryptfs_flag_map) 1072 for (i = 0; i < ((sizeof(ecryptfs_flag_map)
1075 / sizeof(struct ecryptfs_flag_map_elem))); i++) 1073 / sizeof(struct ecryptfs_flag_map_elem))); i++)
1076 if (flags & ecryptfs_flag_map[i].file_flag) { 1074 if (flags & ecryptfs_flag_map[i].file_flag) {
1077 ECRYPTFS_SET_FLAG(crypt_stat->flags, 1075 crypt_stat->flags |= ecryptfs_flag_map[i].local_flag;
1078 ecryptfs_flag_map[i].local_flag);
1079 } else 1076 } else
1080 ECRYPTFS_CLEAR_FLAG(crypt_stat->flags, 1077 crypt_stat->flags &= ~(ecryptfs_flag_map[i].local_flag);
1081 ecryptfs_flag_map[i].local_flag);
1082 /* Version is in top 8 bits of the 32-bit flag vector */ 1078 /* Version is in top 8 bits of the 32-bit flag vector */
1083 crypt_stat->file_version = ((flags >> 24) & 0xFF); 1079 crypt_stat->file_version = ((flags >> 24) & 0xFF);
1084 (*bytes_read) = 4; 1080 (*bytes_read) = 4;
@@ -1115,8 +1111,7 @@ write_ecryptfs_flags(char *page_virt, struct ecryptfs_crypt_stat *crypt_stat,
1115 1111
1116 for (i = 0; i < ((sizeof(ecryptfs_flag_map) 1112 for (i = 0; i < ((sizeof(ecryptfs_flag_map)
1117 / sizeof(struct ecryptfs_flag_map_elem))); i++) 1113 / sizeof(struct ecryptfs_flag_map_elem))); i++)
1118 if (ECRYPTFS_CHECK_FLAG(crypt_stat->flags, 1114 if (crypt_stat->flags & ecryptfs_flag_map[i].local_flag)
1119 ecryptfs_flag_map[i].local_flag))
1120 flags |= ecryptfs_flag_map[i].file_flag; 1115 flags |= ecryptfs_flag_map[i].file_flag;
1121 /* Version is in top 8 bits of the 32-bit flag vector */ 1116 /* Version is in top 8 bits of the 32-bit flag vector */
1122 flags |= ((((u8)crypt_stat->file_version) << 24) & 0xFF000000); 1117 flags |= ((((u8)crypt_stat->file_version) << 24) & 0xFF000000);
@@ -1414,10 +1409,8 @@ int ecryptfs_write_metadata(struct dentry *ecryptfs_dentry,
1414 1409
1415 crypt_stat = &ecryptfs_inode_to_private( 1410 crypt_stat = &ecryptfs_inode_to_private(
1416 ecryptfs_dentry->d_inode)->crypt_stat; 1411 ecryptfs_dentry->d_inode)->crypt_stat;
1417 if (likely(ECRYPTFS_CHECK_FLAG(crypt_stat->flags, 1412 if (likely(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) {
1418 ECRYPTFS_ENCRYPTED))) { 1413 if (!(crypt_stat->flags & ECRYPTFS_KEY_VALID)) {
1419 if (!ECRYPTFS_CHECK_FLAG(crypt_stat->flags,
1420 ECRYPTFS_KEY_VALID)) {
1421 ecryptfs_printk(KERN_DEBUG, "Key is " 1414 ecryptfs_printk(KERN_DEBUG, "Key is "
1422 "invalid; bailing out\n"); 1415 "invalid; bailing out\n");
1423 rc = -EINVAL; 1416 rc = -EINVAL;
diff --git a/fs/ecryptfs/debug.c b/fs/ecryptfs/debug.c
index 61f8e894284f..434c7efd80f8 100644
--- a/fs/ecryptfs/debug.c
+++ b/fs/ecryptfs/debug.c
@@ -36,7 +36,7 @@ void ecryptfs_dump_auth_tok(struct ecryptfs_auth_tok *auth_tok)
36 36
37 ecryptfs_printk(KERN_DEBUG, "Auth tok at mem loc [%p]:\n", 37 ecryptfs_printk(KERN_DEBUG, "Auth tok at mem loc [%p]:\n",
38 auth_tok); 38 auth_tok);
39 if (ECRYPTFS_CHECK_FLAG(auth_tok->flags, ECRYPTFS_PRIVATE_KEY)) { 39 if (auth_tok->flags & ECRYPTFS_PRIVATE_KEY) {
40 ecryptfs_printk(KERN_DEBUG, " * private key type\n"); 40 ecryptfs_printk(KERN_DEBUG, " * private key type\n");
41 ecryptfs_printk(KERN_DEBUG, " * (NO PRIVATE KEY SUPPORT " 41 ecryptfs_printk(KERN_DEBUG, " * (NO PRIVATE KEY SUPPORT "
42 "IN ECRYPTFS VERSION 0.1)\n"); 42 "IN ECRYPTFS VERSION 0.1)\n");
@@ -46,8 +46,8 @@ void ecryptfs_dump_auth_tok(struct ecryptfs_auth_tok *auth_tok)
46 ECRYPTFS_SALT_SIZE); 46 ECRYPTFS_SALT_SIZE);
47 salt[ECRYPTFS_SALT_SIZE * 2] = '\0'; 47 salt[ECRYPTFS_SALT_SIZE * 2] = '\0';
48 ecryptfs_printk(KERN_DEBUG, " * salt = [%s]\n", salt); 48 ecryptfs_printk(KERN_DEBUG, " * salt = [%s]\n", salt);
49 if (ECRYPTFS_CHECK_FLAG(auth_tok->token.password.flags, 49 if (auth_tok->token.password.flags &
50 ECRYPTFS_PERSISTENT_PASSWORD)) { 50 ECRYPTFS_PERSISTENT_PASSWORD) {
51 ecryptfs_printk(KERN_DEBUG, " * persistent\n"); 51 ecryptfs_printk(KERN_DEBUG, " * persistent\n");
52 } 52 }
53 memcpy(sig, auth_tok->token.password.signature, 53 memcpy(sig, auth_tok->token.password.signature,
diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h
index 31e628a3a1fa..839a34fa6fab 100644
--- a/fs/ecryptfs/ecryptfs_kernel.h
+++ b/fs/ecryptfs/ecryptfs_kernel.h
@@ -94,9 +94,6 @@
94#define RFC2440_CIPHER_TWOFISH 0x0a 94#define RFC2440_CIPHER_TWOFISH 0x0a
95#define RFC2440_CIPHER_CAST_6 0x0b 95#define RFC2440_CIPHER_CAST_6 0x0b
96 96
97#define ECRYPTFS_SET_FLAG(flag_bit_vector, flag) (flag_bit_vector |= (flag))
98#define ECRYPTFS_CLEAR_FLAG(flag_bit_vector, flag) (flag_bit_vector &= ~(flag))
99#define ECRYPTFS_CHECK_FLAG(flag_bit_vector, flag) (flag_bit_vector & (flag))
100#define RFC2440_CIPHER_RSA 0x01 97#define RFC2440_CIPHER_RSA 0x01
101 98
102/** 99/**
diff --git a/fs/ecryptfs/file.c b/fs/ecryptfs/file.c
index 652ed772a9be..bd969adf70d7 100644
--- a/fs/ecryptfs/file.c
+++ b/fs/ecryptfs/file.c
@@ -273,11 +273,11 @@ static int ecryptfs_open(struct inode *inode, struct file *file)
273 lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry); 273 lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry);
274 crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat; 274 crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat;
275 mutex_lock(&crypt_stat->cs_mutex); 275 mutex_lock(&crypt_stat->cs_mutex);
276 if (!ECRYPTFS_CHECK_FLAG(crypt_stat->flags, ECRYPTFS_POLICY_APPLIED)) { 276 if (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED)) {
277 ecryptfs_printk(KERN_DEBUG, "Setting flags for stat...\n"); 277 ecryptfs_printk(KERN_DEBUG, "Setting flags for stat...\n");
278 /* Policy code enabled in future release */ 278 /* Policy code enabled in future release */
279 ECRYPTFS_SET_FLAG(crypt_stat->flags, ECRYPTFS_POLICY_APPLIED); 279 crypt_stat->flags |= ECRYPTFS_POLICY_APPLIED;
280 ECRYPTFS_SET_FLAG(crypt_stat->flags, ECRYPTFS_ENCRYPTED); 280 crypt_stat->flags |= ECRYPTFS_ENCRYPTED;
281 } 281 }
282 mutex_unlock(&crypt_stat->cs_mutex); 282 mutex_unlock(&crypt_stat->cs_mutex);
283 lower_flags = file->f_flags; 283 lower_flags = file->f_flags;
@@ -297,15 +297,13 @@ static int ecryptfs_open(struct inode *inode, struct file *file)
297 lower_inode = lower_dentry->d_inode; 297 lower_inode = lower_dentry->d_inode;
298 if (S_ISDIR(ecryptfs_dentry->d_inode->i_mode)) { 298 if (S_ISDIR(ecryptfs_dentry->d_inode->i_mode)) {
299 ecryptfs_printk(KERN_DEBUG, "This is a directory\n"); 299 ecryptfs_printk(KERN_DEBUG, "This is a directory\n");
300 ECRYPTFS_CLEAR_FLAG(crypt_stat->flags, ECRYPTFS_ENCRYPTED); 300 crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
301 rc = 0; 301 rc = 0;
302 goto out; 302 goto out;
303 } 303 }
304 mutex_lock(&crypt_stat->cs_mutex); 304 mutex_lock(&crypt_stat->cs_mutex);
305 if (!ECRYPTFS_CHECK_FLAG(crypt_stat->flags, 305 if (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED)
306 ECRYPTFS_POLICY_APPLIED) 306 || !(crypt_stat->flags & ECRYPTFS_KEY_VALID)) {
307 || !ECRYPTFS_CHECK_FLAG(crypt_stat->flags,
308 ECRYPTFS_KEY_VALID)) {
309 rc = ecryptfs_read_metadata(ecryptfs_dentry, lower_file); 307 rc = ecryptfs_read_metadata(ecryptfs_dentry, lower_file);
310 if (rc) { 308 if (rc) {
311 ecryptfs_printk(KERN_DEBUG, 309 ecryptfs_printk(KERN_DEBUG,
@@ -320,9 +318,8 @@ static int ecryptfs_open(struct inode *inode, struct file *file)
320 mutex_unlock(&crypt_stat->cs_mutex); 318 mutex_unlock(&crypt_stat->cs_mutex);
321 goto out_puts; 319 goto out_puts;
322 } 320 }
323 ECRYPTFS_CLEAR_FLAG(crypt_stat->flags,
324 ECRYPTFS_ENCRYPTED);
325 rc = 0; 321 rc = 0;
322 crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
326 mutex_unlock(&crypt_stat->cs_mutex); 323 mutex_unlock(&crypt_stat->cs_mutex);
327 goto out; 324 goto out;
328 } 325 }
diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c
index 7d3391712027..91357183398d 100644
--- a/fs/ecryptfs/inode.c
+++ b/fs/ecryptfs/inode.c
@@ -161,9 +161,8 @@ static int grow_file(struct dentry *ecryptfs_dentry, struct file *lower_file,
161 ecryptfs_set_file_lower(&fake_file, lower_file); 161 ecryptfs_set_file_lower(&fake_file, lower_file);
162 rc = ecryptfs_fill_zeros(&fake_file, 1); 162 rc = ecryptfs_fill_zeros(&fake_file, 1);
163 if (rc) { 163 if (rc) {
164 ECRYPTFS_SET_FLAG( 164 ecryptfs_inode_to_private(inode)->crypt_stat.flags |=
165 ecryptfs_inode_to_private(inode)->crypt_stat.flags, 165 ECRYPTFS_SECURITY_WARNING;
166 ECRYPTFS_SECURITY_WARNING);
167 ecryptfs_printk(KERN_WARNING, "Error attempting to fill zeros " 166 ecryptfs_printk(KERN_WARNING, "Error attempting to fill zeros "
168 "in file; rc = [%d]\n", rc); 167 "in file; rc = [%d]\n", rc);
169 goto out; 168 goto out;
@@ -172,8 +171,7 @@ static int grow_file(struct dentry *ecryptfs_dentry, struct file *lower_file,
172 ecryptfs_write_inode_size_to_metadata(lower_file, lower_inode, inode, 171 ecryptfs_write_inode_size_to_metadata(lower_file, lower_inode, inode,
173 ecryptfs_dentry, 172 ecryptfs_dentry,
174 ECRYPTFS_LOWER_I_MUTEX_NOT_HELD); 173 ECRYPTFS_LOWER_I_MUTEX_NOT_HELD);
175 ECRYPTFS_SET_FLAG(ecryptfs_inode_to_private(inode)->crypt_stat.flags, 174 ecryptfs_inode_to_private(inode)->crypt_stat.flags |= ECRYPTFS_NEW_FILE;
176 ECRYPTFS_NEW_FILE);
177out: 175out:
178 return rc; 176 return rc;
179} 177}
@@ -216,10 +214,10 @@ static int ecryptfs_initialize_file(struct dentry *ecryptfs_dentry)
216 lower_inode = lower_dentry->d_inode; 214 lower_inode = lower_dentry->d_inode;
217 if (S_ISDIR(ecryptfs_dentry->d_inode->i_mode)) { 215 if (S_ISDIR(ecryptfs_dentry->d_inode->i_mode)) {
218 ecryptfs_printk(KERN_DEBUG, "This is a directory\n"); 216 ecryptfs_printk(KERN_DEBUG, "This is a directory\n");
219 ECRYPTFS_CLEAR_FLAG(crypt_stat->flags, ECRYPTFS_ENCRYPTED); 217 crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
220 goto out_fput; 218 goto out_fput;
221 } 219 }
222 ECRYPTFS_SET_FLAG(crypt_stat->flags, ECRYPTFS_NEW_FILE); 220 crypt_stat->flags |= ECRYPTFS_NEW_FILE;
223 ecryptfs_printk(KERN_DEBUG, "Initializing crypto context\n"); 221 ecryptfs_printk(KERN_DEBUG, "Initializing crypto context\n");
224 rc = ecryptfs_new_file_context(ecryptfs_dentry); 222 rc = ecryptfs_new_file_context(ecryptfs_dentry);
225 if (rc) { 223 if (rc) {
@@ -373,7 +371,7 @@ static struct dentry *ecryptfs_lookup(struct inode *dir, struct dentry *dentry,
373 goto out_dput; 371 goto out_dput;
374 } 372 }
375 crypt_stat = &ecryptfs_inode_to_private(dentry->d_inode)->crypt_stat; 373 crypt_stat = &ecryptfs_inode_to_private(dentry->d_inode)->crypt_stat;
376 if (!ECRYPTFS_CHECK_FLAG(crypt_stat->flags, ECRYPTFS_POLICY_APPLIED)) 374 if (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED))
377 ecryptfs_set_default_sizes(crypt_stat); 375 ecryptfs_set_default_sizes(crypt_stat);
378 rc = ecryptfs_read_and_validate_header_region(page_virt, lower_dentry, 376 rc = ecryptfs_read_and_validate_header_region(page_virt, lower_dentry,
379 nd->mnt); 377 nd->mnt);
diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c
index 558d538e2b1f..c209f67e7a26 100644
--- a/fs/ecryptfs/keystore.c
+++ b/fs/ecryptfs/keystore.c
@@ -607,13 +607,13 @@ parse_tag_1_packet(struct ecryptfs_crypt_stat *crypt_stat,
607 (*new_auth_tok)->session_key.flags |= 607 (*new_auth_tok)->session_key.flags |=
608 ECRYPTFS_CONTAINS_ENCRYPTED_KEY; 608 ECRYPTFS_CONTAINS_ENCRYPTED_KEY;
609 (*new_auth_tok)->token_type = ECRYPTFS_PRIVATE_KEY; 609 (*new_auth_tok)->token_type = ECRYPTFS_PRIVATE_KEY;
610 ECRYPTFS_SET_FLAG((*new_auth_tok)->flags, ECRYPTFS_PRIVATE_KEY); 610 (*new_auth_tok)->flags |= ECRYPTFS_PRIVATE_KEY;
611 /* TODO: Why are we setting this flag here? Don't we want the 611 /* TODO: Why are we setting this flag here? Don't we want the
612 * userspace to decrypt the session key? */ 612 * userspace to decrypt the session key? */
613 ECRYPTFS_CLEAR_FLAG((*new_auth_tok)->session_key.flags, 613 (*new_auth_tok)->session_key.flags &=
614 ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT); 614 ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT);
615 ECRYPTFS_CLEAR_FLAG((*new_auth_tok)->session_key.flags, 615 (*new_auth_tok)->session_key.flags &=
616 ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT); 616 ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT);
617 list_add(&auth_tok_list_item->list, auth_tok_list); 617 list_add(&auth_tok_list_item->list, auth_tok_list);
618 goto out; 618 goto out;
619out_free: 619out_free:
@@ -793,10 +793,10 @@ parse_tag_3_packet(struct ecryptfs_crypt_stat *crypt_stat,
793 (*new_auth_tok)->token_type = ECRYPTFS_PASSWORD; 793 (*new_auth_tok)->token_type = ECRYPTFS_PASSWORD;
794 /* TODO: Parametarize; we might actually want userspace to 794 /* TODO: Parametarize; we might actually want userspace to
795 * decrypt the session key. */ 795 * decrypt the session key. */
796 ECRYPTFS_CLEAR_FLAG((*new_auth_tok)->session_key.flags, 796 (*new_auth_tok)->session_key.flags &=
797 ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT); 797 ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT);
798 ECRYPTFS_CLEAR_FLAG((*new_auth_tok)->session_key.flags, 798 (*new_auth_tok)->session_key.flags &=
799 ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT); 799 ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT);
800 list_add(&auth_tok_list_item->list, auth_tok_list); 800 list_add(&auth_tok_list_item->list, auth_tok_list);
801 goto out; 801 goto out;
802out_free: 802out_free:
@@ -941,8 +941,7 @@ static int decrypt_session_key(struct ecryptfs_auth_tok *auth_tok,
941 int rc = 0; 941 int rc = 0;
942 942
943 password_s_ptr = &auth_tok->token.password; 943 password_s_ptr = &auth_tok->token.password;
944 if (ECRYPTFS_CHECK_FLAG(password_s_ptr->flags, 944 if (password_s_ptr->flags & ECRYPTFS_SESSION_KEY_ENCRYPTION_KEY_SET)
945 ECRYPTFS_SESSION_KEY_ENCRYPTION_KEY_SET))
946 ecryptfs_printk(KERN_DEBUG, "Session key encryption key " 945 ecryptfs_printk(KERN_DEBUG, "Session key encryption key "
947 "set; skipping key generation\n"); 946 "set; skipping key generation\n");
948 ecryptfs_printk(KERN_DEBUG, "Session key encryption key (size [%d])" 947 ecryptfs_printk(KERN_DEBUG, "Session key encryption key (size [%d])"
@@ -1024,7 +1023,7 @@ static int decrypt_session_key(struct ecryptfs_auth_tok *auth_tok,
1024 auth_tok->session_key.flags |= ECRYPTFS_CONTAINS_DECRYPTED_KEY; 1023 auth_tok->session_key.flags |= ECRYPTFS_CONTAINS_DECRYPTED_KEY;
1025 memcpy(crypt_stat->key, auth_tok->session_key.decrypted_key, 1024 memcpy(crypt_stat->key, auth_tok->session_key.decrypted_key,
1026 auth_tok->session_key.decrypted_key_size); 1025 auth_tok->session_key.decrypted_key_size);
1027 ECRYPTFS_SET_FLAG(crypt_stat->flags, ECRYPTFS_KEY_VALID); 1026 crypt_stat->flags |= ECRYPTFS_KEY_VALID;
1028 ecryptfs_printk(KERN_DEBUG, "Decrypted session key:\n"); 1027 ecryptfs_printk(KERN_DEBUG, "Decrypted session key:\n");
1029 if (ecryptfs_verbosity > 0) 1028 if (ecryptfs_verbosity > 0)
1030 ecryptfs_dump_hex(crypt_stat->key, 1029 ecryptfs_dump_hex(crypt_stat->key,
@@ -1127,8 +1126,7 @@ int ecryptfs_parse_packet_set(struct ecryptfs_crypt_stat *crypt_stat,
1127 sig_tmp_space, tag_11_contents_size); 1126 sig_tmp_space, tag_11_contents_size);
1128 new_auth_tok->token.password.signature[ 1127 new_auth_tok->token.password.signature[
1129 ECRYPTFS_PASSWORD_SIG_SIZE] = '\0'; 1128 ECRYPTFS_PASSWORD_SIG_SIZE] = '\0';
1130 ECRYPTFS_SET_FLAG(crypt_stat->flags, 1129 crypt_stat->flags |= ECRYPTFS_ENCRYPTED;
1131 ECRYPTFS_ENCRYPTED);
1132 break; 1130 break;
1133 case ECRYPTFS_TAG_1_PACKET_TYPE: 1131 case ECRYPTFS_TAG_1_PACKET_TYPE:
1134 rc = parse_tag_1_packet(crypt_stat, 1132 rc = parse_tag_1_packet(crypt_stat,
@@ -1142,8 +1140,7 @@ int ecryptfs_parse_packet_set(struct ecryptfs_crypt_stat *crypt_stat,
1142 goto out_wipe_list; 1140 goto out_wipe_list;
1143 } 1141 }
1144 i += packet_size; 1142 i += packet_size;
1145 ECRYPTFS_SET_FLAG(crypt_stat->flags, 1143 crypt_stat->flags |= ECRYPTFS_ENCRYPTED;
1146 ECRYPTFS_ENCRYPTED);
1147 break; 1144 break;
1148 case ECRYPTFS_TAG_11_PACKET_TYPE: 1145 case ECRYPTFS_TAG_11_PACKET_TYPE:
1149 ecryptfs_printk(KERN_WARNING, "Invalid packet set " 1146 ecryptfs_printk(KERN_WARNING, "Invalid packet set "
@@ -1209,8 +1206,7 @@ int ecryptfs_parse_packet_set(struct ecryptfs_crypt_stat *crypt_stat,
1209 } 1206 }
1210leave_list: 1207leave_list:
1211 rc = -ENOTSUPP; 1208 rc = -ENOTSUPP;
1212 if ((ECRYPTFS_CHECK_FLAG(candidate_auth_tok->flags, 1209 if (candidate_auth_tok->token_type == ECRYPTFS_PRIVATE_KEY) {
1213 ECRYPTFS_PRIVATE_KEY))) {
1214 memcpy(&(candidate_auth_tok->token.private_key), 1210 memcpy(&(candidate_auth_tok->token.private_key),
1215 &(chosen_auth_tok->token.private_key), 1211 &(chosen_auth_tok->token.private_key),
1216 sizeof(struct ecryptfs_private_key)); 1212 sizeof(struct ecryptfs_private_key));
diff --git a/fs/ecryptfs/mmap.c b/fs/ecryptfs/mmap.c
index f5f962d7a123..3014aa719953 100644
--- a/fs/ecryptfs/mmap.c
+++ b/fs/ecryptfs/mmap.c
@@ -295,8 +295,8 @@ static int ecryptfs_readpage(struct file *file, struct page *page)
295 crypt_stat = &ecryptfs_inode_to_private(file->f_path.dentry->d_inode) 295 crypt_stat = &ecryptfs_inode_to_private(file->f_path.dentry->d_inode)
296 ->crypt_stat; 296 ->crypt_stat;
297 if (!crypt_stat 297 if (!crypt_stat
298 || !ECRYPTFS_CHECK_FLAG(crypt_stat->flags, ECRYPTFS_ENCRYPTED) 298 || !(crypt_stat->flags & ECRYPTFS_ENCRYPTED)
299 || ECRYPTFS_CHECK_FLAG(crypt_stat->flags, ECRYPTFS_NEW_FILE)) { 299 || (crypt_stat->flags & ECRYPTFS_NEW_FILE)) {
300 ecryptfs_printk(KERN_DEBUG, 300 ecryptfs_printk(KERN_DEBUG,
301 "Passing through unencrypted page\n"); 301 "Passing through unencrypted page\n");
302 rc = ecryptfs_do_readpage(file, page, page->index); 302 rc = ecryptfs_do_readpage(file, page, page->index);
@@ -657,10 +657,10 @@ static int ecryptfs_commit_write(struct file *file, struct page *page,
657 mutex_lock(&lower_inode->i_mutex); 657 mutex_lock(&lower_inode->i_mutex);
658 crypt_stat = &ecryptfs_inode_to_private(file->f_path.dentry->d_inode) 658 crypt_stat = &ecryptfs_inode_to_private(file->f_path.dentry->d_inode)
659 ->crypt_stat; 659 ->crypt_stat;
660 if (ECRYPTFS_CHECK_FLAG(crypt_stat->flags, ECRYPTFS_NEW_FILE)) { 660 if (crypt_stat->flags & ECRYPTFS_NEW_FILE) {
661 ecryptfs_printk(KERN_DEBUG, "ECRYPTFS_NEW_FILE flag set in " 661 ecryptfs_printk(KERN_DEBUG, "ECRYPTFS_NEW_FILE flag set in "
662 "crypt_stat at memory location [%p]\n", crypt_stat); 662 "crypt_stat at memory location [%p]\n", crypt_stat);
663 ECRYPTFS_CLEAR_FLAG(crypt_stat->flags, ECRYPTFS_NEW_FILE); 663 crypt_stat->flags &= ~(ECRYPTFS_NEW_FILE);
664 } else 664 } else
665 ecryptfs_printk(KERN_DEBUG, "Not a new file\n"); 665 ecryptfs_printk(KERN_DEBUG, "Not a new file\n");
666 ecryptfs_printk(KERN_DEBUG, "Calling fill_zeros_to_end_of_page" 666 ecryptfs_printk(KERN_DEBUG, "Calling fill_zeros_to_end_of_page"