aboutsummaryrefslogtreecommitdiffstats
path: root/fs/ecryptfs/crypto.c
diff options
context:
space:
mode:
Diffstat (limited to 'fs/ecryptfs/crypto.c')
-rw-r--r--fs/ecryptfs/crypto.c127
1 files changed, 59 insertions, 68 deletions
diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c
index 7f788ea5da2b..55110ffe9ebd 100644
--- a/fs/ecryptfs/crypto.c
+++ b/fs/ecryptfs/crypto.c
@@ -1342,21 +1342,28 @@ out:
1342 return rc; 1342 return rc;
1343} 1343}
1344 1344
1345int ecryptfs_read_and_validate_header_region(char *data, struct dentry *dentry, 1345int ecryptfs_read_and_validate_header_region(char *data,
1346 struct vfsmount *mnt) 1346 struct inode *ecryptfs_inode)
1347{ 1347{
1348 struct ecryptfs_crypt_stat *crypt_stat =
1349 &(ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat);
1348 int rc; 1350 int rc;
1349 1351
1350 rc = ecryptfs_read_header_region(data, dentry, mnt); 1352 rc = ecryptfs_read_lower(data, 0, crypt_stat->extent_size,
1351 if (rc) 1353 ecryptfs_inode);
1354 if (rc) {
1355 printk(KERN_ERR "%s: Error reading header region; rc = [%d]\n",
1356 __FUNCTION__, rc);
1352 goto out; 1357 goto out;
1353 if (!contains_ecryptfs_marker(data + ECRYPTFS_FILE_SIZE_BYTES)) 1358 }
1359 if (!contains_ecryptfs_marker(data + ECRYPTFS_FILE_SIZE_BYTES)) {
1354 rc = -EINVAL; 1360 rc = -EINVAL;
1361 ecryptfs_printk(KERN_DEBUG, "Valid marker not found\n");
1362 }
1355out: 1363out:
1356 return rc; 1364 return rc;
1357} 1365}
1358 1366
1359
1360void 1367void
1361ecryptfs_write_header_metadata(char *virt, 1368ecryptfs_write_header_metadata(char *virt,
1362 struct ecryptfs_crypt_stat *crypt_stat, 1369 struct ecryptfs_crypt_stat *crypt_stat,
@@ -1441,24 +1448,19 @@ static int ecryptfs_write_headers_virt(char *page_virt, size_t *size,
1441 1448
1442static int 1449static int
1443ecryptfs_write_metadata_to_contents(struct ecryptfs_crypt_stat *crypt_stat, 1450ecryptfs_write_metadata_to_contents(struct ecryptfs_crypt_stat *crypt_stat,
1444 struct file *lower_file, char *page_virt) 1451 struct dentry *ecryptfs_dentry,
1452 char *page_virt)
1445{ 1453{
1446 mm_segment_t oldfs;
1447 int current_header_page; 1454 int current_header_page;
1448 int header_pages; 1455 int header_pages;
1449 ssize_t size; 1456 int rc;
1450 int rc = 0;
1451 1457
1452 lower_file->f_pos = 0; 1458 rc = ecryptfs_write_lower(ecryptfs_dentry->d_inode, page_virt,
1453 oldfs = get_fs(); 1459 0, PAGE_CACHE_SIZE);
1454 set_fs(get_ds()); 1460 if (rc) {
1455 size = vfs_write(lower_file, (char __user *)page_virt, PAGE_CACHE_SIZE, 1461 printk(KERN_ERR "%s: Error attempting to write header "
1456 &lower_file->f_pos); 1462 "information to lower file; rc = [%d]\n", __FUNCTION__,
1457 if (size < 0) { 1463 rc);
1458 rc = (int)size;
1459 printk(KERN_ERR "Error attempting to write lower page; "
1460 "rc = [%d]\n", rc);
1461 set_fs(oldfs);
1462 goto out; 1464 goto out;
1463 } 1465 }
1464 header_pages = ((crypt_stat->extent_size 1466 header_pages = ((crypt_stat->extent_size
@@ -1467,18 +1469,19 @@ ecryptfs_write_metadata_to_contents(struct ecryptfs_crypt_stat *crypt_stat,
1467 memset(page_virt, 0, PAGE_CACHE_SIZE); 1469 memset(page_virt, 0, PAGE_CACHE_SIZE);
1468 current_header_page = 1; 1470 current_header_page = 1;
1469 while (current_header_page < header_pages) { 1471 while (current_header_page < header_pages) {
1470 size = vfs_write(lower_file, (char __user *)page_virt, 1472 loff_t offset;
1471 PAGE_CACHE_SIZE, &lower_file->f_pos); 1473
1472 if (size < 0) { 1474 offset = (current_header_page << PAGE_CACHE_SHIFT);
1473 rc = (int)size; 1475 if ((rc = ecryptfs_write_lower(ecryptfs_dentry->d_inode,
1474 printk(KERN_ERR "Error attempting to write lower page; " 1476 page_virt, offset,
1475 "rc = [%d]\n", rc); 1477 PAGE_CACHE_SIZE))) {
1476 set_fs(oldfs); 1478 printk(KERN_ERR "%s: Error attempting to write header "
1479 "information to lower file; rc = [%d]\n",
1480 __FUNCTION__, rc);
1477 goto out; 1481 goto out;
1478 } 1482 }
1479 current_header_page++; 1483 current_header_page++;
1480 } 1484 }
1481 set_fs(oldfs);
1482out: 1485out:
1483 return rc; 1486 return rc;
1484} 1487}
@@ -1498,7 +1501,6 @@ ecryptfs_write_metadata_to_xattr(struct dentry *ecryptfs_dentry,
1498/** 1501/**
1499 * ecryptfs_write_metadata 1502 * ecryptfs_write_metadata
1500 * @ecryptfs_dentry: The eCryptfs dentry 1503 * @ecryptfs_dentry: The eCryptfs dentry
1501 * @lower_file: The lower file struct, which was returned from dentry_open
1502 * 1504 *
1503 * Write the file headers out. This will likely involve a userspace 1505 * Write the file headers out. This will likely involve a userspace
1504 * callout, in which the session key is encrypted with one or more 1506 * callout, in which the session key is encrypted with one or more
@@ -1506,22 +1508,21 @@ ecryptfs_write_metadata_to_xattr(struct dentry *ecryptfs_dentry,
1506 * retrieved via a prompt. Exactly what happens at this point should 1508 * retrieved via a prompt. Exactly what happens at this point should
1507 * be policy-dependent. 1509 * be policy-dependent.
1508 * 1510 *
1511 * TODO: Support header information spanning multiple pages
1512 *
1509 * Returns zero on success; non-zero on error 1513 * Returns zero on success; non-zero on error
1510 */ 1514 */
1511int ecryptfs_write_metadata(struct dentry *ecryptfs_dentry, 1515int ecryptfs_write_metadata(struct dentry *ecryptfs_dentry)
1512 struct file *lower_file)
1513{ 1516{
1514 struct ecryptfs_crypt_stat *crypt_stat; 1517 struct ecryptfs_crypt_stat *crypt_stat =
1518 &ecryptfs_inode_to_private(ecryptfs_dentry->d_inode)->crypt_stat;
1515 char *page_virt; 1519 char *page_virt;
1516 size_t size; 1520 size_t size = 0;
1517 int rc = 0; 1521 int rc = 0;
1518 1522
1519 crypt_stat = &ecryptfs_inode_to_private(
1520 ecryptfs_dentry->d_inode)->crypt_stat;
1521 if (likely(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) { 1523 if (likely(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) {
1522 if (!(crypt_stat->flags & ECRYPTFS_KEY_VALID)) { 1524 if (!(crypt_stat->flags & ECRYPTFS_KEY_VALID)) {
1523 ecryptfs_printk(KERN_DEBUG, "Key is " 1525 printk(KERN_ERR "Key is invalid; bailing out\n");
1524 "invalid; bailing out\n");
1525 rc = -EINVAL; 1526 rc = -EINVAL;
1526 goto out; 1527 goto out;
1527 } 1528 }
@@ -1550,7 +1551,8 @@ int ecryptfs_write_metadata(struct dentry *ecryptfs_dentry,
1550 crypt_stat, page_virt, 1551 crypt_stat, page_virt,
1551 size); 1552 size);
1552 else 1553 else
1553 rc = ecryptfs_write_metadata_to_contents(crypt_stat, lower_file, 1554 rc = ecryptfs_write_metadata_to_contents(crypt_stat,
1555 ecryptfs_dentry,
1554 page_virt); 1556 page_virt);
1555 if (rc) { 1557 if (rc) {
1556 printk(KERN_ERR "Error writing metadata out to lower file; " 1558 printk(KERN_ERR "Error writing metadata out to lower file; "
@@ -1678,15 +1680,17 @@ out:
1678 * 1680 *
1679 * Returns zero on success; non-zero on error 1681 * Returns zero on success; non-zero on error
1680 */ 1682 */
1681int ecryptfs_read_xattr_region(char *page_virt, struct dentry *ecryptfs_dentry) 1683int ecryptfs_read_xattr_region(char *page_virt, struct inode *ecryptfs_inode)
1682{ 1684{
1685 struct dentry *lower_dentry =
1686 ecryptfs_inode_to_private(ecryptfs_inode)->lower_file->f_dentry;
1683 ssize_t size; 1687 ssize_t size;
1684 int rc = 0; 1688 int rc = 0;
1685 1689
1686 size = ecryptfs_getxattr(ecryptfs_dentry, ECRYPTFS_XATTR_NAME, 1690 size = ecryptfs_getxattr_lower(lower_dentry, ECRYPTFS_XATTR_NAME,
1687 page_virt, ECRYPTFS_DEFAULT_EXTENT_SIZE); 1691 page_virt, ECRYPTFS_DEFAULT_EXTENT_SIZE);
1688 if (size < 0) { 1692 if (size < 0) {
1689 printk(KERN_DEBUG "Error attempting to read the [%s] " 1693 printk(KERN_ERR "Error attempting to read the [%s] "
1690 "xattr from the lower file; return value = [%zd]\n", 1694 "xattr from the lower file; return value = [%zd]\n",
1691 ECRYPTFS_XATTR_NAME, size); 1695 ECRYPTFS_XATTR_NAME, size);
1692 rc = -EINVAL; 1696 rc = -EINVAL;
@@ -1701,7 +1705,7 @@ int ecryptfs_read_and_validate_xattr_region(char *page_virt,
1701{ 1705{
1702 int rc; 1706 int rc;
1703 1707
1704 rc = ecryptfs_read_xattr_region(page_virt, ecryptfs_dentry); 1708 rc = ecryptfs_read_xattr_region(page_virt, ecryptfs_dentry->d_inode);
1705 if (rc) 1709 if (rc)
1706 goto out; 1710 goto out;
1707 if (!contains_ecryptfs_marker(page_virt + ECRYPTFS_FILE_SIZE_BYTES)) { 1711 if (!contains_ecryptfs_marker(page_virt + ECRYPTFS_FILE_SIZE_BYTES)) {
@@ -1715,8 +1719,6 @@ out:
1715 1719
1716/** 1720/**
1717 * ecryptfs_read_metadata 1721 * ecryptfs_read_metadata
1718 * @ecryptfs_dentry: The eCryptfs dentry
1719 * @lower_file: The lower file from which to read the metadata
1720 * 1722 *
1721 * Common entry point for reading file metadata. From here, we could 1723 * Common entry point for reading file metadata. From here, we could
1722 * retrieve the header information from the header region of the file, 1724 * retrieve the header information from the header region of the file,
@@ -1727,15 +1729,13 @@ out:
1727 * 1729 *
1728 * Returns zero if valid headers found and parsed; non-zero otherwise 1730 * Returns zero if valid headers found and parsed; non-zero otherwise
1729 */ 1731 */
1730int ecryptfs_read_metadata(struct dentry *ecryptfs_dentry, 1732int ecryptfs_read_metadata(struct dentry *ecryptfs_dentry)
1731 struct file *lower_file)
1732{ 1733{
1733 int rc = 0; 1734 int rc = 0;
1734 char *page_virt = NULL; 1735 char *page_virt = NULL;
1735 mm_segment_t oldfs; 1736 struct inode *ecryptfs_inode = ecryptfs_dentry->d_inode;
1736 ssize_t bytes_read;
1737 struct ecryptfs_crypt_stat *crypt_stat = 1737 struct ecryptfs_crypt_stat *crypt_stat =
1738 &ecryptfs_inode_to_private(ecryptfs_dentry->d_inode)->crypt_stat; 1738 &ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat;
1739 struct ecryptfs_mount_crypt_stat *mount_crypt_stat = 1739 struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
1740 &ecryptfs_superblock_to_private( 1740 &ecryptfs_superblock_to_private(
1741 ecryptfs_dentry->d_sb)->mount_crypt_stat; 1741 ecryptfs_dentry->d_sb)->mount_crypt_stat;
@@ -1746,27 +1746,18 @@ int ecryptfs_read_metadata(struct dentry *ecryptfs_dentry,
1746 page_virt = kmem_cache_alloc(ecryptfs_header_cache_1, GFP_USER); 1746 page_virt = kmem_cache_alloc(ecryptfs_header_cache_1, GFP_USER);
1747 if (!page_virt) { 1747 if (!page_virt) {
1748 rc = -ENOMEM; 1748 rc = -ENOMEM;
1749 ecryptfs_printk(KERN_ERR, "Unable to allocate page_virt\n"); 1749 printk(KERN_ERR "%s: Unable to allocate page_virt\n",
1750 __FUNCTION__);
1750 goto out; 1751 goto out;
1751 } 1752 }
1752 lower_file->f_pos = 0; 1753 rc = ecryptfs_read_lower(page_virt, 0, crypt_stat->extent_size,
1753 oldfs = get_fs(); 1754 ecryptfs_inode);
1754 set_fs(get_ds()); 1755 if (!rc)
1755 bytes_read = lower_file->f_op->read(lower_file, 1756 rc = ecryptfs_read_headers_virt(page_virt, crypt_stat,
1756 (char __user *)page_virt, 1757 ecryptfs_dentry,
1757 ECRYPTFS_DEFAULT_EXTENT_SIZE, 1758 ECRYPTFS_VALIDATE_HEADER_SIZE);
1758 &lower_file->f_pos);
1759 set_fs(oldfs);
1760 if (bytes_read != ECRYPTFS_DEFAULT_EXTENT_SIZE) {
1761 rc = -EINVAL;
1762 goto out;
1763 }
1764 rc = ecryptfs_read_headers_virt(page_virt, crypt_stat,
1765 ecryptfs_dentry,
1766 ECRYPTFS_VALIDATE_HEADER_SIZE);
1767 if (rc) { 1759 if (rc) {
1768 rc = ecryptfs_read_xattr_region(page_virt, 1760 rc = ecryptfs_read_xattr_region(page_virt, ecryptfs_inode);
1769 ecryptfs_dentry);
1770 if (rc) { 1761 if (rc) {
1771 printk(KERN_DEBUG "Valid eCryptfs headers not found in " 1762 printk(KERN_DEBUG "Valid eCryptfs headers not found in "
1772 "file header region or xattr region\n"); 1763 "file header region or xattr region\n");