diff options
Diffstat (limited to 'fs/ecryptfs')
-rw-r--r-- | fs/ecryptfs/Makefile | 2 | ||||
-rw-r--r-- | fs/ecryptfs/ecryptfs_kernel.h | 79 | ||||
-rw-r--r-- | fs/ecryptfs/keystore.c | 89 | ||||
-rw-r--r-- | fs/ecryptfs/messaging.c | 479 | ||||
-rw-r--r-- | fs/ecryptfs/miscdev.c | 4 | ||||
-rw-r--r-- | fs/ecryptfs/netlink.c | 8 |
6 files changed, 435 insertions, 226 deletions
diff --git a/fs/ecryptfs/Makefile b/fs/ecryptfs/Makefile index 768857015516..1e34a7fd4884 100644 --- a/fs/ecryptfs/Makefile +++ b/fs/ecryptfs/Makefile | |||
@@ -4,4 +4,4 @@ | |||
4 | 4 | ||
5 | obj-$(CONFIG_ECRYPT_FS) += ecryptfs.o | 5 | obj-$(CONFIG_ECRYPT_FS) += ecryptfs.o |
6 | 6 | ||
7 | ecryptfs-objs := dentry.o file.o inode.o main.o super.o mmap.o read_write.o crypto.o keystore.o messaging.o netlink.o debug.o | 7 | ecryptfs-objs := dentry.o file.o inode.o main.o super.o mmap.o read_write.o crypto.o keystore.o messaging.o netlink.o miscdev.o debug.o |
diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h index 342e8d37b421..72e117706a68 100644 --- a/fs/ecryptfs/ecryptfs_kernel.h +++ b/fs/ecryptfs/ecryptfs_kernel.h | |||
@@ -4,7 +4,7 @@ | |||
4 | * | 4 | * |
5 | * Copyright (C) 1997-2003 Erez Zadok | 5 | * Copyright (C) 1997-2003 Erez Zadok |
6 | * Copyright (C) 2001-2003 Stony Brook University | 6 | * Copyright (C) 2001-2003 Stony Brook University |
7 | * Copyright (C) 2004-2007 International Business Machines Corp. | 7 | * Copyright (C) 2004-2008 International Business Machines Corp. |
8 | * Author(s): Michael A. Halcrow <mahalcro@us.ibm.com> | 8 | * Author(s): Michael A. Halcrow <mahalcro@us.ibm.com> |
9 | * Trevor S. Highland <trevor.highland@gmail.com> | 9 | * Trevor S. Highland <trevor.highland@gmail.com> |
10 | * Tyler Hicks <tyhicks@ou.edu> | 10 | * Tyler Hicks <tyhicks@ou.edu> |
@@ -49,11 +49,13 @@ | |||
49 | #define ECRYPTFS_VERSIONING_POLICY 0x00000008 | 49 | #define ECRYPTFS_VERSIONING_POLICY 0x00000008 |
50 | #define ECRYPTFS_VERSIONING_XATTR 0x00000010 | 50 | #define ECRYPTFS_VERSIONING_XATTR 0x00000010 |
51 | #define ECRYPTFS_VERSIONING_MULTKEY 0x00000020 | 51 | #define ECRYPTFS_VERSIONING_MULTKEY 0x00000020 |
52 | #define ECRYPTFS_VERSIONING_DEVMISC 0x00000040 | ||
52 | #define ECRYPTFS_VERSIONING_MASK (ECRYPTFS_VERSIONING_PASSPHRASE \ | 53 | #define ECRYPTFS_VERSIONING_MASK (ECRYPTFS_VERSIONING_PASSPHRASE \ |
53 | | ECRYPTFS_VERSIONING_PLAINTEXT_PASSTHROUGH \ | 54 | | ECRYPTFS_VERSIONING_PLAINTEXT_PASSTHROUGH \ |
54 | | ECRYPTFS_VERSIONING_PUBKEY \ | 55 | | ECRYPTFS_VERSIONING_PUBKEY \ |
55 | | ECRYPTFS_VERSIONING_XATTR \ | 56 | | ECRYPTFS_VERSIONING_XATTR \ |
56 | | ECRYPTFS_VERSIONING_MULTKEY) | 57 | | ECRYPTFS_VERSIONING_MULTKEY \ |
58 | | ECRYPTFS_VERSIONING_DEVMISC) | ||
57 | #define ECRYPTFS_MAX_PASSWORD_LENGTH 64 | 59 | #define ECRYPTFS_MAX_PASSWORD_LENGTH 64 |
58 | #define ECRYPTFS_MAX_PASSPHRASE_BYTES ECRYPTFS_MAX_PASSWORD_LENGTH | 60 | #define ECRYPTFS_MAX_PASSPHRASE_BYTES ECRYPTFS_MAX_PASSWORD_LENGTH |
59 | #define ECRYPTFS_SALT_SIZE 8 | 61 | #define ECRYPTFS_SALT_SIZE 8 |
@@ -73,17 +75,14 @@ | |||
73 | #define ECRYPTFS_DEFAULT_MSG_CTX_ELEMS 32 | 75 | #define ECRYPTFS_DEFAULT_MSG_CTX_ELEMS 32 |
74 | #define ECRYPTFS_DEFAULT_SEND_TIMEOUT HZ | 76 | #define ECRYPTFS_DEFAULT_SEND_TIMEOUT HZ |
75 | #define ECRYPTFS_MAX_MSG_CTX_TTL (HZ*3) | 77 | #define ECRYPTFS_MAX_MSG_CTX_TTL (HZ*3) |
76 | #define ECRYPTFS_NLMSG_HELO 100 | ||
77 | #define ECRYPTFS_NLMSG_QUIT 101 | ||
78 | #define ECRYPTFS_NLMSG_REQUEST 102 | ||
79 | #define ECRYPTFS_NLMSG_RESPONSE 103 | ||
80 | #define ECRYPTFS_MAX_PKI_NAME_BYTES 16 | 78 | #define ECRYPTFS_MAX_PKI_NAME_BYTES 16 |
81 | #define ECRYPTFS_DEFAULT_NUM_USERS 4 | 79 | #define ECRYPTFS_DEFAULT_NUM_USERS 4 |
82 | #define ECRYPTFS_MAX_NUM_USERS 32768 | 80 | #define ECRYPTFS_MAX_NUM_USERS 32768 |
83 | #define ECRYPTFS_TRANSPORT_NETLINK 0 | 81 | #define ECRYPTFS_TRANSPORT_NETLINK 0 |
84 | #define ECRYPTFS_TRANSPORT_CONNECTOR 1 | 82 | #define ECRYPTFS_TRANSPORT_CONNECTOR 1 |
85 | #define ECRYPTFS_TRANSPORT_RELAYFS 2 | 83 | #define ECRYPTFS_TRANSPORT_RELAYFS 2 |
86 | #define ECRYPTFS_DEFAULT_TRANSPORT ECRYPTFS_TRANSPORT_NETLINK | 84 | #define ECRYPTFS_TRANSPORT_MISCDEV 3 |
85 | #define ECRYPTFS_DEFAULT_TRANSPORT ECRYPTFS_TRANSPORT_MISCDEV | ||
87 | #define ECRYPTFS_XATTR_NAME "user.ecryptfs" | 86 | #define ECRYPTFS_XATTR_NAME "user.ecryptfs" |
88 | 87 | ||
89 | #define RFC2440_CIPHER_DES3_EDE 0x02 | 88 | #define RFC2440_CIPHER_DES3_EDE 0x02 |
@@ -366,32 +365,62 @@ struct ecryptfs_auth_tok_list_item { | |||
366 | }; | 365 | }; |
367 | 366 | ||
368 | struct ecryptfs_message { | 367 | struct ecryptfs_message { |
368 | /* Can never be greater than ecryptfs_message_buf_len */ | ||
369 | /* Used to find the parent msg_ctx */ | ||
370 | /* Inherits from msg_ctx->index */ | ||
369 | u32 index; | 371 | u32 index; |
370 | u32 data_len; | 372 | u32 data_len; |
371 | u8 data[]; | 373 | u8 data[]; |
372 | }; | 374 | }; |
373 | 375 | ||
374 | struct ecryptfs_msg_ctx { | 376 | struct ecryptfs_msg_ctx { |
375 | #define ECRYPTFS_MSG_CTX_STATE_FREE 0x0001 | 377 | #define ECRYPTFS_MSG_CTX_STATE_FREE 0x01 |
376 | #define ECRYPTFS_MSG_CTX_STATE_PENDING 0x0002 | 378 | #define ECRYPTFS_MSG_CTX_STATE_PENDING 0x02 |
377 | #define ECRYPTFS_MSG_CTX_STATE_DONE 0x0003 | 379 | #define ECRYPTFS_MSG_CTX_STATE_DONE 0x03 |
378 | u32 state; | 380 | #define ECRYPTFS_MSG_CTX_STATE_NO_REPLY 0x04 |
379 | unsigned int index; | 381 | u8 state; |
380 | unsigned int counter; | 382 | #define ECRYPTFS_MSG_HELO 100 |
383 | #define ECRYPTFS_MSG_QUIT 101 | ||
384 | #define ECRYPTFS_MSG_REQUEST 102 | ||
385 | #define ECRYPTFS_MSG_RESPONSE 103 | ||
386 | u8 type; | ||
387 | u32 index; | ||
388 | /* Counter converts to a sequence number. Each message sent | ||
389 | * out for which we expect a response has an associated | ||
390 | * sequence number. The response must have the same sequence | ||
391 | * number as the counter for the msg_stc for the message to be | ||
392 | * valid. */ | ||
393 | u32 counter; | ||
394 | size_t msg_size; | ||
381 | struct ecryptfs_message *msg; | 395 | struct ecryptfs_message *msg; |
382 | struct task_struct *task; | 396 | struct task_struct *task; |
383 | struct list_head node; | 397 | struct list_head node; |
398 | struct list_head daemon_out_list; | ||
384 | struct mutex mux; | 399 | struct mutex mux; |
385 | }; | 400 | }; |
386 | 401 | ||
387 | extern unsigned int ecryptfs_transport; | 402 | extern unsigned int ecryptfs_transport; |
388 | 403 | ||
389 | struct ecryptfs_daemon_id { | 404 | struct ecryptfs_daemon; |
405 | |||
406 | struct ecryptfs_daemon { | ||
407 | #define ECRYPTFS_DAEMON_IN_READ 0x00000001 | ||
408 | #define ECRYPTFS_DAEMON_IN_POLL 0x00000002 | ||
409 | #define ECRYPTFS_DAEMON_ZOMBIE 0x00000004 | ||
410 | #define ECRYPTFS_DAEMON_MISCDEV_OPEN 0x00000008 | ||
411 | u32 flags; | ||
412 | u32 num_queued_msg_ctx; | ||
390 | pid_t pid; | 413 | pid_t pid; |
391 | uid_t uid; | 414 | uid_t euid; |
392 | struct hlist_node id_chain; | 415 | struct task_struct *task; |
416 | struct mutex mux; | ||
417 | struct list_head msg_ctx_out_queue; | ||
418 | wait_queue_head_t wait; | ||
419 | struct hlist_node euid_chain; | ||
393 | }; | 420 | }; |
394 | 421 | ||
422 | extern struct mutex ecryptfs_daemon_hash_mux; | ||
423 | |||
395 | static inline struct ecryptfs_file_info * | 424 | static inline struct ecryptfs_file_info * |
396 | ecryptfs_file_to_private(struct file *file) | 425 | ecryptfs_file_to_private(struct file *file) |
397 | { | 426 | { |
@@ -593,13 +622,13 @@ int ecryptfs_init_messaging(unsigned int transport); | |||
593 | void ecryptfs_release_messaging(unsigned int transport); | 622 | void ecryptfs_release_messaging(unsigned int transport); |
594 | 623 | ||
595 | int ecryptfs_send_netlink(char *data, int data_len, | 624 | int ecryptfs_send_netlink(char *data, int data_len, |
596 | struct ecryptfs_msg_ctx *msg_ctx, u16 msg_type, | 625 | struct ecryptfs_msg_ctx *msg_ctx, u8 msg_type, |
597 | u16 msg_flags, pid_t daemon_pid); | 626 | u16 msg_flags, pid_t daemon_pid); |
598 | int ecryptfs_init_netlink(void); | 627 | int ecryptfs_init_netlink(void); |
599 | void ecryptfs_release_netlink(void); | 628 | void ecryptfs_release_netlink(void); |
600 | 629 | ||
601 | int ecryptfs_send_connector(char *data, int data_len, | 630 | int ecryptfs_send_connector(char *data, int data_len, |
602 | struct ecryptfs_msg_ctx *msg_ctx, u16 msg_type, | 631 | struct ecryptfs_msg_ctx *msg_ctx, u8 msg_type, |
603 | u16 msg_flags, pid_t daemon_pid); | 632 | u16 msg_flags, pid_t daemon_pid); |
604 | int ecryptfs_init_connector(void); | 633 | int ecryptfs_init_connector(void); |
605 | void ecryptfs_release_connector(void); | 634 | void ecryptfs_release_connector(void); |
@@ -642,5 +671,19 @@ int ecryptfs_read_lower_page_segment(struct page *page_for_ecryptfs, | |||
642 | size_t offset_in_page, size_t size, | 671 | size_t offset_in_page, size_t size, |
643 | struct inode *ecryptfs_inode); | 672 | struct inode *ecryptfs_inode); |
644 | struct page *ecryptfs_get_locked_page(struct file *file, loff_t index); | 673 | struct page *ecryptfs_get_locked_page(struct file *file, loff_t index); |
674 | int ecryptfs_exorcise_daemon(struct ecryptfs_daemon *daemon); | ||
675 | int ecryptfs_find_daemon_by_euid(struct ecryptfs_daemon **daemon, uid_t euid); | ||
676 | int ecryptfs_parse_packet_length(unsigned char *data, size_t *size, | ||
677 | size_t *length_size); | ||
678 | int ecryptfs_write_packet_length(char *dest, size_t size, | ||
679 | size_t *packet_size_length); | ||
680 | int ecryptfs_init_ecryptfs_miscdev(void); | ||
681 | void ecryptfs_destroy_ecryptfs_miscdev(void); | ||
682 | int ecryptfs_send_miscdev(char *data, size_t data_size, | ||
683 | struct ecryptfs_msg_ctx *msg_ctx, u8 msg_type, | ||
684 | u16 msg_flags, struct ecryptfs_daemon *daemon); | ||
685 | void ecryptfs_msg_ctx_alloc_to_free(struct ecryptfs_msg_ctx *msg_ctx); | ||
686 | int | ||
687 | ecryptfs_spawn_daemon(struct ecryptfs_daemon **daemon, uid_t euid, pid_t pid); | ||
645 | 688 | ||
646 | #endif /* #ifndef ECRYPTFS_KERNEL_H */ | 689 | #endif /* #ifndef ECRYPTFS_KERNEL_H */ |
diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c index 682b1b2482c2..e82b457180be 100644 --- a/fs/ecryptfs/keystore.c +++ b/fs/ecryptfs/keystore.c | |||
@@ -65,7 +65,7 @@ static int process_request_key_err(long err_code) | |||
65 | } | 65 | } |
66 | 66 | ||
67 | /** | 67 | /** |
68 | * parse_packet_length | 68 | * ecryptfs_parse_packet_length |
69 | * @data: Pointer to memory containing length at offset | 69 | * @data: Pointer to memory containing length at offset |
70 | * @size: This function writes the decoded size to this memory | 70 | * @size: This function writes the decoded size to this memory |
71 | * address; zero on error | 71 | * address; zero on error |
@@ -73,8 +73,8 @@ static int process_request_key_err(long err_code) | |||
73 | * | 73 | * |
74 | * Returns zero on success; non-zero on error | 74 | * Returns zero on success; non-zero on error |
75 | */ | 75 | */ |
76 | static int parse_packet_length(unsigned char *data, size_t *size, | 76 | int ecryptfs_parse_packet_length(unsigned char *data, size_t *size, |
77 | size_t *length_size) | 77 | size_t *length_size) |
78 | { | 78 | { |
79 | int rc = 0; | 79 | int rc = 0; |
80 | 80 | ||
@@ -105,7 +105,7 @@ out: | |||
105 | } | 105 | } |
106 | 106 | ||
107 | /** | 107 | /** |
108 | * write_packet_length | 108 | * ecryptfs_write_packet_length |
109 | * @dest: The byte array target into which to write the length. Must | 109 | * @dest: The byte array target into which to write the length. Must |
110 | * have at least 5 bytes allocated. | 110 | * have at least 5 bytes allocated. |
111 | * @size: The length to write. | 111 | * @size: The length to write. |
@@ -114,8 +114,8 @@ out: | |||
114 | * | 114 | * |
115 | * Returns zero on success; non-zero on error. | 115 | * Returns zero on success; non-zero on error. |
116 | */ | 116 | */ |
117 | static int write_packet_length(char *dest, size_t size, | 117 | int ecryptfs_write_packet_length(char *dest, size_t size, |
118 | size_t *packet_size_length) | 118 | size_t *packet_size_length) |
119 | { | 119 | { |
120 | int rc = 0; | 120 | int rc = 0; |
121 | 121 | ||
@@ -162,8 +162,8 @@ write_tag_64_packet(char *signature, struct ecryptfs_session_key *session_key, | |||
162 | goto out; | 162 | goto out; |
163 | } | 163 | } |
164 | message[i++] = ECRYPTFS_TAG_64_PACKET_TYPE; | 164 | message[i++] = ECRYPTFS_TAG_64_PACKET_TYPE; |
165 | rc = write_packet_length(&message[i], ECRYPTFS_SIG_SIZE_HEX, | 165 | rc = ecryptfs_write_packet_length(&message[i], ECRYPTFS_SIG_SIZE_HEX, |
166 | &packet_size_len); | 166 | &packet_size_len); |
167 | if (rc) { | 167 | if (rc) { |
168 | ecryptfs_printk(KERN_ERR, "Error generating tag 64 packet " | 168 | ecryptfs_printk(KERN_ERR, "Error generating tag 64 packet " |
169 | "header; cannot generate packet length\n"); | 169 | "header; cannot generate packet length\n"); |
@@ -172,8 +172,9 @@ write_tag_64_packet(char *signature, struct ecryptfs_session_key *session_key, | |||
172 | i += packet_size_len; | 172 | i += packet_size_len; |
173 | memcpy(&message[i], signature, ECRYPTFS_SIG_SIZE_HEX); | 173 | memcpy(&message[i], signature, ECRYPTFS_SIG_SIZE_HEX); |
174 | i += ECRYPTFS_SIG_SIZE_HEX; | 174 | i += ECRYPTFS_SIG_SIZE_HEX; |
175 | rc = write_packet_length(&message[i], session_key->encrypted_key_size, | 175 | rc = ecryptfs_write_packet_length(&message[i], |
176 | &packet_size_len); | 176 | session_key->encrypted_key_size, |
177 | &packet_size_len); | ||
177 | if (rc) { | 178 | if (rc) { |
178 | ecryptfs_printk(KERN_ERR, "Error generating tag 64 packet " | 179 | ecryptfs_printk(KERN_ERR, "Error generating tag 64 packet " |
179 | "header; cannot generate packet length\n"); | 180 | "header; cannot generate packet length\n"); |
@@ -225,7 +226,7 @@ parse_tag_65_packet(struct ecryptfs_session_key *session_key, u8 *cipher_code, | |||
225 | rc = -EIO; | 226 | rc = -EIO; |
226 | goto out; | 227 | goto out; |
227 | } | 228 | } |
228 | rc = parse_packet_length(&data[i], &m_size, &data_len); | 229 | rc = ecryptfs_parse_packet_length(&data[i], &m_size, &data_len); |
229 | if (rc) { | 230 | if (rc) { |
230 | ecryptfs_printk(KERN_WARNING, "Error parsing packet length; " | 231 | ecryptfs_printk(KERN_WARNING, "Error parsing packet length; " |
231 | "rc = [%d]\n", rc); | 232 | "rc = [%d]\n", rc); |
@@ -304,8 +305,8 @@ write_tag_66_packet(char *signature, u8 cipher_code, | |||
304 | goto out; | 305 | goto out; |
305 | } | 306 | } |
306 | message[i++] = ECRYPTFS_TAG_66_PACKET_TYPE; | 307 | message[i++] = ECRYPTFS_TAG_66_PACKET_TYPE; |
307 | rc = write_packet_length(&message[i], ECRYPTFS_SIG_SIZE_HEX, | 308 | rc = ecryptfs_write_packet_length(&message[i], ECRYPTFS_SIG_SIZE_HEX, |
308 | &packet_size_len); | 309 | &packet_size_len); |
309 | if (rc) { | 310 | if (rc) { |
310 | ecryptfs_printk(KERN_ERR, "Error generating tag 66 packet " | 311 | ecryptfs_printk(KERN_ERR, "Error generating tag 66 packet " |
311 | "header; cannot generate packet length\n"); | 312 | "header; cannot generate packet length\n"); |
@@ -315,8 +316,8 @@ write_tag_66_packet(char *signature, u8 cipher_code, | |||
315 | memcpy(&message[i], signature, ECRYPTFS_SIG_SIZE_HEX); | 316 | memcpy(&message[i], signature, ECRYPTFS_SIG_SIZE_HEX); |
316 | i += ECRYPTFS_SIG_SIZE_HEX; | 317 | i += ECRYPTFS_SIG_SIZE_HEX; |
317 | /* The encrypted key includes 1 byte cipher code and 2 byte checksum */ | 318 | /* The encrypted key includes 1 byte cipher code and 2 byte checksum */ |
318 | rc = write_packet_length(&message[i], crypt_stat->key_size + 3, | 319 | rc = ecryptfs_write_packet_length(&message[i], crypt_stat->key_size + 3, |
319 | &packet_size_len); | 320 | &packet_size_len); |
320 | if (rc) { | 321 | if (rc) { |
321 | ecryptfs_printk(KERN_ERR, "Error generating tag 66 packet " | 322 | ecryptfs_printk(KERN_ERR, "Error generating tag 66 packet " |
322 | "header; cannot generate packet length\n"); | 323 | "header; cannot generate packet length\n"); |
@@ -357,20 +358,25 @@ parse_tag_67_packet(struct ecryptfs_key_record *key_rec, | |||
357 | /* verify that everything through the encrypted FEK size is present */ | 358 | /* verify that everything through the encrypted FEK size is present */ |
358 | if (message_len < 4) { | 359 | if (message_len < 4) { |
359 | rc = -EIO; | 360 | rc = -EIO; |
361 | printk(KERN_ERR "%s: message_len is [%Zd]; minimum acceptable " | ||
362 | "message length is [%d]\n", __func__, message_len, 4); | ||
360 | goto out; | 363 | goto out; |
361 | } | 364 | } |
362 | if (data[i++] != ECRYPTFS_TAG_67_PACKET_TYPE) { | 365 | if (data[i++] != ECRYPTFS_TAG_67_PACKET_TYPE) { |
363 | ecryptfs_printk(KERN_ERR, "Type should be ECRYPTFS_TAG_67\n"); | ||
364 | rc = -EIO; | 366 | rc = -EIO; |
367 | printk(KERN_ERR "%s: Type should be ECRYPTFS_TAG_67\n", | ||
368 | __func__); | ||
365 | goto out; | 369 | goto out; |
366 | } | 370 | } |
367 | if (data[i++]) { | 371 | if (data[i++]) { |
368 | ecryptfs_printk(KERN_ERR, "Status indicator has non zero value" | ||
369 | " [%d]\n", data[i-1]); | ||
370 | rc = -EIO; | 372 | rc = -EIO; |
373 | printk(KERN_ERR "%s: Status indicator has non zero " | ||
374 | "value [%d]\n", __func__, data[i-1]); | ||
375 | |||
371 | goto out; | 376 | goto out; |
372 | } | 377 | } |
373 | rc = parse_packet_length(&data[i], &key_rec->enc_key_size, &data_len); | 378 | rc = ecryptfs_parse_packet_length(&data[i], &key_rec->enc_key_size, |
379 | &data_len); | ||
374 | if (rc) { | 380 | if (rc) { |
375 | ecryptfs_printk(KERN_WARNING, "Error parsing packet length; " | 381 | ecryptfs_printk(KERN_WARNING, "Error parsing packet length; " |
376 | "rc = [%d]\n", rc); | 382 | "rc = [%d]\n", rc); |
@@ -378,17 +384,17 @@ parse_tag_67_packet(struct ecryptfs_key_record *key_rec, | |||
378 | } | 384 | } |
379 | i += data_len; | 385 | i += data_len; |
380 | if (message_len < (i + key_rec->enc_key_size)) { | 386 | if (message_len < (i + key_rec->enc_key_size)) { |
381 | ecryptfs_printk(KERN_ERR, "message_len [%d]; max len is [%d]\n", | ||
382 | message_len, (i + key_rec->enc_key_size)); | ||
383 | rc = -EIO; | 387 | rc = -EIO; |
388 | printk(KERN_ERR "%s: message_len [%Zd]; max len is [%Zd]\n", | ||
389 | __func__, message_len, (i + key_rec->enc_key_size)); | ||
384 | goto out; | 390 | goto out; |
385 | } | 391 | } |
386 | if (key_rec->enc_key_size > ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES) { | 392 | if (key_rec->enc_key_size > ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES) { |
387 | ecryptfs_printk(KERN_ERR, "Encrypted key_size [%d] larger than " | ||
388 | "the maximum key size [%d]\n", | ||
389 | key_rec->enc_key_size, | ||
390 | ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES); | ||
391 | rc = -EIO; | 393 | rc = -EIO; |
394 | printk(KERN_ERR "%s: Encrypted key_size [%Zd] larger than " | ||
395 | "the maximum key size [%d]\n", __func__, | ||
396 | key_rec->enc_key_size, | ||
397 | ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES); | ||
392 | goto out; | 398 | goto out; |
393 | } | 399 | } |
394 | memcpy(key_rec->enc_key, &data[i], key_rec->enc_key_size); | 400 | memcpy(key_rec->enc_key, &data[i], key_rec->enc_key_size); |
@@ -445,7 +451,7 @@ decrypt_pki_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok, | |||
445 | rc = write_tag_64_packet(auth_tok_sig, &(auth_tok->session_key), | 451 | rc = write_tag_64_packet(auth_tok_sig, &(auth_tok->session_key), |
446 | &netlink_message, &netlink_message_length); | 452 | &netlink_message, &netlink_message_length); |
447 | if (rc) { | 453 | if (rc) { |
448 | ecryptfs_printk(KERN_ERR, "Failed to write tag 64 packet"); | 454 | ecryptfs_printk(KERN_ERR, "Failed to write tag 64 packet\n"); |
449 | goto out; | 455 | goto out; |
450 | } | 456 | } |
451 | rc = ecryptfs_send_message(ecryptfs_transport, netlink_message, | 457 | rc = ecryptfs_send_message(ecryptfs_transport, netlink_message, |
@@ -570,8 +576,8 @@ parse_tag_1_packet(struct ecryptfs_crypt_stat *crypt_stat, | |||
570 | goto out; | 576 | goto out; |
571 | } | 577 | } |
572 | (*new_auth_tok) = &auth_tok_list_item->auth_tok; | 578 | (*new_auth_tok) = &auth_tok_list_item->auth_tok; |
573 | rc = parse_packet_length(&data[(*packet_size)], &body_size, | 579 | rc = ecryptfs_parse_packet_length(&data[(*packet_size)], &body_size, |
574 | &length_size); | 580 | &length_size); |
575 | if (rc) { | 581 | if (rc) { |
576 | printk(KERN_WARNING "Error parsing packet length; " | 582 | printk(KERN_WARNING "Error parsing packet length; " |
577 | "rc = [%d]\n", rc); | 583 | "rc = [%d]\n", rc); |
@@ -704,8 +710,8 @@ parse_tag_3_packet(struct ecryptfs_crypt_stat *crypt_stat, | |||
704 | goto out; | 710 | goto out; |
705 | } | 711 | } |
706 | (*new_auth_tok) = &auth_tok_list_item->auth_tok; | 712 | (*new_auth_tok) = &auth_tok_list_item->auth_tok; |
707 | rc = parse_packet_length(&data[(*packet_size)], &body_size, | 713 | rc = ecryptfs_parse_packet_length(&data[(*packet_size)], &body_size, |
708 | &length_size); | 714 | &length_size); |
709 | if (rc) { | 715 | if (rc) { |
710 | printk(KERN_WARNING "Error parsing packet length; rc = [%d]\n", | 716 | printk(KERN_WARNING "Error parsing packet length; rc = [%d]\n", |
711 | rc); | 717 | rc); |
@@ -852,8 +858,8 @@ parse_tag_11_packet(unsigned char *data, unsigned char *contents, | |||
852 | rc = -EINVAL; | 858 | rc = -EINVAL; |
853 | goto out; | 859 | goto out; |
854 | } | 860 | } |
855 | rc = parse_packet_length(&data[(*packet_size)], &body_size, | 861 | rc = ecryptfs_parse_packet_length(&data[(*packet_size)], &body_size, |
856 | &length_size); | 862 | &length_size); |
857 | if (rc) { | 863 | if (rc) { |
858 | printk(KERN_WARNING "Invalid tag 11 packet format\n"); | 864 | printk(KERN_WARNING "Invalid tag 11 packet format\n"); |
859 | goto out; | 865 | goto out; |
@@ -1405,8 +1411,8 @@ write_tag_1_packet(char *dest, size_t *remaining_bytes, | |||
1405 | auth_tok->token.private_key.key_size; | 1411 | auth_tok->token.private_key.key_size; |
1406 | rc = pki_encrypt_session_key(auth_tok, crypt_stat, key_rec); | 1412 | rc = pki_encrypt_session_key(auth_tok, crypt_stat, key_rec); |
1407 | if (rc) { | 1413 | if (rc) { |
1408 | ecryptfs_printk(KERN_ERR, "Failed to encrypt session key " | 1414 | printk(KERN_ERR "Failed to encrypt session key via a key " |
1409 | "via a pki"); | 1415 | "module; rc = [%d]\n", rc); |
1410 | goto out; | 1416 | goto out; |
1411 | } | 1417 | } |
1412 | if (ecryptfs_verbosity > 0) { | 1418 | if (ecryptfs_verbosity > 0) { |
@@ -1430,8 +1436,9 @@ encrypted_session_key_set: | |||
1430 | goto out; | 1436 | goto out; |
1431 | } | 1437 | } |
1432 | dest[(*packet_size)++] = ECRYPTFS_TAG_1_PACKET_TYPE; | 1438 | dest[(*packet_size)++] = ECRYPTFS_TAG_1_PACKET_TYPE; |
1433 | rc = write_packet_length(&dest[(*packet_size)], (max_packet_size - 4), | 1439 | rc = ecryptfs_write_packet_length(&dest[(*packet_size)], |
1434 | &packet_size_length); | 1440 | (max_packet_size - 4), |
1441 | &packet_size_length); | ||
1435 | if (rc) { | 1442 | if (rc) { |
1436 | ecryptfs_printk(KERN_ERR, "Error generating tag 1 packet " | 1443 | ecryptfs_printk(KERN_ERR, "Error generating tag 1 packet " |
1437 | "header; cannot generate packet length\n"); | 1444 | "header; cannot generate packet length\n"); |
@@ -1489,8 +1496,9 @@ write_tag_11_packet(char *dest, size_t *remaining_bytes, char *contents, | |||
1489 | goto out; | 1496 | goto out; |
1490 | } | 1497 | } |
1491 | dest[(*packet_length)++] = ECRYPTFS_TAG_11_PACKET_TYPE; | 1498 | dest[(*packet_length)++] = ECRYPTFS_TAG_11_PACKET_TYPE; |
1492 | rc = write_packet_length(&dest[(*packet_length)], | 1499 | rc = ecryptfs_write_packet_length(&dest[(*packet_length)], |
1493 | (max_packet_size - 4), &packet_size_length); | 1500 | (max_packet_size - 4), |
1501 | &packet_size_length); | ||
1494 | if (rc) { | 1502 | if (rc) { |
1495 | printk(KERN_ERR "Error generating tag 11 packet header; cannot " | 1503 | printk(KERN_ERR "Error generating tag 11 packet header; cannot " |
1496 | "generate packet length. rc = [%d]\n", rc); | 1504 | "generate packet length. rc = [%d]\n", rc); |
@@ -1682,8 +1690,9 @@ encrypted_session_key_set: | |||
1682 | dest[(*packet_size)++] = ECRYPTFS_TAG_3_PACKET_TYPE; | 1690 | dest[(*packet_size)++] = ECRYPTFS_TAG_3_PACKET_TYPE; |
1683 | /* Chop off the Tag 3 identifier(1) and Tag 3 packet size(3) | 1691 | /* Chop off the Tag 3 identifier(1) and Tag 3 packet size(3) |
1684 | * to get the number of octets in the actual Tag 3 packet */ | 1692 | * to get the number of octets in the actual Tag 3 packet */ |
1685 | rc = write_packet_length(&dest[(*packet_size)], (max_packet_size - 4), | 1693 | rc = ecryptfs_write_packet_length(&dest[(*packet_size)], |
1686 | &packet_size_length); | 1694 | (max_packet_size - 4), |
1695 | &packet_size_length); | ||
1687 | if (rc) { | 1696 | if (rc) { |
1688 | printk(KERN_ERR "Error generating tag 3 packet header; cannot " | 1697 | printk(KERN_ERR "Error generating tag 3 packet header; cannot " |
1689 | "generate packet length. rc = [%d]\n", rc); | 1698 | "generate packet length. rc = [%d]\n", rc); |
diff --git a/fs/ecryptfs/messaging.c b/fs/ecryptfs/messaging.c index 9cc2aec27b0d..c6038bd60897 100644 --- a/fs/ecryptfs/messaging.c +++ b/fs/ecryptfs/messaging.c | |||
@@ -1,7 +1,7 @@ | |||
1 | /** | 1 | /** |
2 | * eCryptfs: Linux filesystem encryption layer | 2 | * eCryptfs: Linux filesystem encryption layer |
3 | * | 3 | * |
4 | * Copyright (C) 2004-2006 International Business Machines Corp. | 4 | * Copyright (C) 2004-2008 International Business Machines Corp. |
5 | * Author(s): Michael A. Halcrow <mhalcrow@us.ibm.com> | 5 | * Author(s): Michael A. Halcrow <mhalcrow@us.ibm.com> |
6 | * Tyler Hicks <tyhicks@ou.edu> | 6 | * Tyler Hicks <tyhicks@ou.edu> |
7 | * | 7 | * |
@@ -26,13 +26,13 @@ static LIST_HEAD(ecryptfs_msg_ctx_free_list); | |||
26 | static LIST_HEAD(ecryptfs_msg_ctx_alloc_list); | 26 | static LIST_HEAD(ecryptfs_msg_ctx_alloc_list); |
27 | static struct mutex ecryptfs_msg_ctx_lists_mux; | 27 | static struct mutex ecryptfs_msg_ctx_lists_mux; |
28 | 28 | ||
29 | static struct hlist_head *ecryptfs_daemon_id_hash; | 29 | static struct hlist_head *ecryptfs_daemon_hash; |
30 | static struct mutex ecryptfs_daemon_id_hash_mux; | 30 | struct mutex ecryptfs_daemon_hash_mux; |
31 | static int ecryptfs_hash_buckets; | 31 | static int ecryptfs_hash_buckets; |
32 | #define ecryptfs_uid_hash(uid) \ | 32 | #define ecryptfs_uid_hash(uid) \ |
33 | hash_long((unsigned long)uid, ecryptfs_hash_buckets) | 33 | hash_long((unsigned long)uid, ecryptfs_hash_buckets) |
34 | 34 | ||
35 | static unsigned int ecryptfs_msg_counter; | 35 | static u32 ecryptfs_msg_counter; |
36 | static struct ecryptfs_msg_ctx *ecryptfs_msg_ctx_arr; | 36 | static struct ecryptfs_msg_ctx *ecryptfs_msg_ctx_arr; |
37 | 37 | ||
38 | /** | 38 | /** |
@@ -40,9 +40,10 @@ static struct ecryptfs_msg_ctx *ecryptfs_msg_ctx_arr; | |||
40 | * @msg_ctx: The context that was acquired from the free list | 40 | * @msg_ctx: The context that was acquired from the free list |
41 | * | 41 | * |
42 | * Acquires a context element from the free list and locks the mutex | 42 | * Acquires a context element from the free list and locks the mutex |
43 | * on the context. Returns zero on success; non-zero on error or upon | 43 | * on the context. Sets the msg_ctx task to current. Returns zero on |
44 | * failure to acquire a free context element. Be sure to lock the | 44 | * success; non-zero on error or upon failure to acquire a free |
45 | * list mutex before calling. | 45 | * context element. Must be called with ecryptfs_msg_ctx_lists_mux |
46 | * held. | ||
46 | */ | 47 | */ |
47 | static int ecryptfs_acquire_free_msg_ctx(struct ecryptfs_msg_ctx **msg_ctx) | 48 | static int ecryptfs_acquire_free_msg_ctx(struct ecryptfs_msg_ctx **msg_ctx) |
48 | { | 49 | { |
@@ -50,11 +51,11 @@ static int ecryptfs_acquire_free_msg_ctx(struct ecryptfs_msg_ctx **msg_ctx) | |||
50 | int rc; | 51 | int rc; |
51 | 52 | ||
52 | if (list_empty(&ecryptfs_msg_ctx_free_list)) { | 53 | if (list_empty(&ecryptfs_msg_ctx_free_list)) { |
53 | ecryptfs_printk(KERN_WARNING, "The eCryptfs free " | 54 | printk(KERN_WARNING "%s: The eCryptfs free " |
54 | "context list is empty. It may be helpful to " | 55 | "context list is empty. It may be helpful to " |
55 | "specify the ecryptfs_message_buf_len " | 56 | "specify the ecryptfs_message_buf_len " |
56 | "parameter to be greater than the current " | 57 | "parameter to be greater than the current " |
57 | "value of [%d]\n", ecryptfs_message_buf_len); | 58 | "value of [%d]\n", __func__, ecryptfs_message_buf_len); |
58 | rc = -ENOMEM; | 59 | rc = -ENOMEM; |
59 | goto out; | 60 | goto out; |
60 | } | 61 | } |
@@ -75,8 +76,7 @@ out: | |||
75 | * ecryptfs_msg_ctx_free_to_alloc | 76 | * ecryptfs_msg_ctx_free_to_alloc |
76 | * @msg_ctx: The context to move from the free list to the alloc list | 77 | * @msg_ctx: The context to move from the free list to the alloc list |
77 | * | 78 | * |
78 | * Be sure to lock the list mutex and the context mutex before | 79 | * Must be called with ecryptfs_msg_ctx_lists_mux held. |
79 | * calling. | ||
80 | */ | 80 | */ |
81 | static void ecryptfs_msg_ctx_free_to_alloc(struct ecryptfs_msg_ctx *msg_ctx) | 81 | static void ecryptfs_msg_ctx_free_to_alloc(struct ecryptfs_msg_ctx *msg_ctx) |
82 | { | 82 | { |
@@ -89,36 +89,37 @@ static void ecryptfs_msg_ctx_free_to_alloc(struct ecryptfs_msg_ctx *msg_ctx) | |||
89 | * ecryptfs_msg_ctx_alloc_to_free | 89 | * ecryptfs_msg_ctx_alloc_to_free |
90 | * @msg_ctx: The context to move from the alloc list to the free list | 90 | * @msg_ctx: The context to move from the alloc list to the free list |
91 | * | 91 | * |
92 | * Be sure to lock the list mutex and the context mutex before | 92 | * Must be called with ecryptfs_msg_ctx_lists_mux held. |
93 | * calling. | ||
94 | */ | 93 | */ |
95 | static void ecryptfs_msg_ctx_alloc_to_free(struct ecryptfs_msg_ctx *msg_ctx) | 94 | void ecryptfs_msg_ctx_alloc_to_free(struct ecryptfs_msg_ctx *msg_ctx) |
96 | { | 95 | { |
97 | list_move(&(msg_ctx->node), &ecryptfs_msg_ctx_free_list); | 96 | list_move(&(msg_ctx->node), &ecryptfs_msg_ctx_free_list); |
98 | if (msg_ctx->msg) | 97 | if (msg_ctx->msg) |
99 | kfree(msg_ctx->msg); | 98 | kfree(msg_ctx->msg); |
99 | msg_ctx->msg = NULL; | ||
100 | msg_ctx->state = ECRYPTFS_MSG_CTX_STATE_FREE; | 100 | msg_ctx->state = ECRYPTFS_MSG_CTX_STATE_FREE; |
101 | } | 101 | } |
102 | 102 | ||
103 | /** | 103 | /** |
104 | * ecryptfs_find_daemon_id | 104 | * ecryptfs_find_daemon_by_euid |
105 | * @uid: The user id which maps to the desired daemon id | 105 | * @euid: The effective user id which maps to the desired daemon id |
106 | * @id: If return value is zero, points to the desired daemon id | 106 | * @daemon: If return value is zero, points to the desired daemon pointer |
107 | * pointer | ||
108 | * | 107 | * |
109 | * Search the hash list for the given user id. Returns zero if the | 108 | * Must be called with ecryptfs_daemon_hash_mux held. |
110 | * user id exists in the list; non-zero otherwise. The daemon id hash | 109 | * |
111 | * mutex should be held before calling this function. | 110 | * Search the hash list for the given user id. |
111 | * | ||
112 | * Returns zero if the user id exists in the list; non-zero otherwise. | ||
112 | */ | 113 | */ |
113 | static int ecryptfs_find_daemon_id(uid_t uid, struct ecryptfs_daemon_id **id) | 114 | int ecryptfs_find_daemon_by_euid(struct ecryptfs_daemon **daemon, uid_t euid) |
114 | { | 115 | { |
115 | struct hlist_node *elem; | 116 | struct hlist_node *elem; |
116 | int rc; | 117 | int rc; |
117 | 118 | ||
118 | hlist_for_each_entry(*id, elem, | 119 | hlist_for_each_entry(*daemon, elem, |
119 | &ecryptfs_daemon_id_hash[ecryptfs_uid_hash(uid)], | 120 | &ecryptfs_daemon_hash[ecryptfs_uid_hash(euid)], |
120 | id_chain) { | 121 | euid_chain) { |
121 | if ((*id)->uid == uid) { | 122 | if ((*daemon)->euid == euid) { |
122 | rc = 0; | 123 | rc = 0; |
123 | goto out; | 124 | goto out; |
124 | } | 125 | } |
@@ -128,181 +129,291 @@ out: | |||
128 | return rc; | 129 | return rc; |
129 | } | 130 | } |
130 | 131 | ||
131 | static int ecryptfs_send_raw_message(unsigned int transport, u16 msg_type, | 132 | static int |
132 | pid_t pid) | 133 | ecryptfs_send_message_locked(unsigned int transport, char *data, int data_len, |
134 | u8 msg_type, struct ecryptfs_msg_ctx **msg_ctx); | ||
135 | |||
136 | /** | ||
137 | * ecryptfs_send_raw_message | ||
138 | * @transport: Transport type | ||
139 | * @msg_type: Message type | ||
140 | * @daemon: Daemon struct for recipient of message | ||
141 | * | ||
142 | * A raw message is one that does not include an ecryptfs_message | ||
143 | * struct. It simply has a type. | ||
144 | * | ||
145 | * Must be called with ecryptfs_daemon_hash_mux held. | ||
146 | * | ||
147 | * Returns zero on success; non-zero otherwise | ||
148 | */ | ||
149 | static int ecryptfs_send_raw_message(unsigned int transport, u8 msg_type, | ||
150 | struct ecryptfs_daemon *daemon) | ||
133 | { | 151 | { |
152 | struct ecryptfs_msg_ctx *msg_ctx; | ||
134 | int rc; | 153 | int rc; |
135 | 154 | ||
136 | switch(transport) { | 155 | switch(transport) { |
137 | case ECRYPTFS_TRANSPORT_NETLINK: | 156 | case ECRYPTFS_TRANSPORT_NETLINK: |
138 | rc = ecryptfs_send_netlink(NULL, 0, NULL, msg_type, 0, pid); | 157 | rc = ecryptfs_send_netlink(NULL, 0, NULL, msg_type, 0, |
158 | daemon->pid); | ||
159 | break; | ||
160 | case ECRYPTFS_TRANSPORT_MISCDEV: | ||
161 | rc = ecryptfs_send_message_locked(transport, NULL, 0, msg_type, | ||
162 | &msg_ctx); | ||
163 | if (rc) { | ||
164 | printk(KERN_ERR "%s: Error whilst attempting to send " | ||
165 | "message via procfs; rc = [%d]\n", __func__, rc); | ||
166 | goto out; | ||
167 | } | ||
168 | /* Raw messages are logically context-free (e.g., no | ||
169 | * reply is expected), so we set the state of the | ||
170 | * ecryptfs_msg_ctx object to indicate that it should | ||
171 | * be freed as soon as the transport sends out the message. */ | ||
172 | mutex_lock(&msg_ctx->mux); | ||
173 | msg_ctx->state = ECRYPTFS_MSG_CTX_STATE_NO_REPLY; | ||
174 | mutex_unlock(&msg_ctx->mux); | ||
139 | break; | 175 | break; |
140 | case ECRYPTFS_TRANSPORT_CONNECTOR: | 176 | case ECRYPTFS_TRANSPORT_CONNECTOR: |
141 | case ECRYPTFS_TRANSPORT_RELAYFS: | 177 | case ECRYPTFS_TRANSPORT_RELAYFS: |
142 | default: | 178 | default: |
143 | rc = -ENOSYS; | 179 | rc = -ENOSYS; |
144 | } | 180 | } |
181 | out: | ||
182 | return rc; | ||
183 | } | ||
184 | |||
185 | /** | ||
186 | * ecryptfs_spawn_daemon - Create and initialize a new daemon struct | ||
187 | * @daemon: Pointer to set to newly allocated daemon struct | ||
188 | * @euid: Effective user id for the daemon | ||
189 | * @pid: Process id for the daemon | ||
190 | * | ||
191 | * Must be called ceremoniously while in possession of | ||
192 | * ecryptfs_sacred_daemon_hash_mux | ||
193 | * | ||
194 | * Returns zero on success; non-zero otherwise | ||
195 | */ | ||
196 | int | ||
197 | ecryptfs_spawn_daemon(struct ecryptfs_daemon **daemon, uid_t euid, pid_t pid) | ||
198 | { | ||
199 | int rc = 0; | ||
200 | |||
201 | (*daemon) = kzalloc(sizeof(**daemon), GFP_KERNEL); | ||
202 | if (!(*daemon)) { | ||
203 | rc = -ENOMEM; | ||
204 | printk(KERN_ERR "%s: Failed to allocate [%Zd] bytes of " | ||
205 | "GFP_KERNEL memory\n", __func__, sizeof(**daemon)); | ||
206 | goto out; | ||
207 | } | ||
208 | (*daemon)->euid = euid; | ||
209 | (*daemon)->pid = pid; | ||
210 | (*daemon)->task = current; | ||
211 | mutex_init(&(*daemon)->mux); | ||
212 | INIT_LIST_HEAD(&(*daemon)->msg_ctx_out_queue); | ||
213 | init_waitqueue_head(&(*daemon)->wait); | ||
214 | (*daemon)->num_queued_msg_ctx = 0; | ||
215 | hlist_add_head(&(*daemon)->euid_chain, | ||
216 | &ecryptfs_daemon_hash[ecryptfs_uid_hash(euid)]); | ||
217 | out: | ||
145 | return rc; | 218 | return rc; |
146 | } | 219 | } |
147 | 220 | ||
148 | /** | 221 | /** |
149 | * ecryptfs_process_helo | 222 | * ecryptfs_process_helo |
150 | * @transport: The underlying transport (netlink, etc.) | 223 | * @transport: The underlying transport (netlink, etc.) |
151 | * @uid: The user ID owner of the message | 224 | * @euid: The user ID owner of the message |
152 | * @pid: The process ID for the userspace program that sent the | 225 | * @pid: The process ID for the userspace program that sent the |
153 | * message | 226 | * message |
154 | * | 227 | * |
155 | * Adds the uid and pid values to the daemon id hash. If a uid | 228 | * Adds the euid and pid values to the daemon euid hash. If an euid |
156 | * already has a daemon pid registered, the daemon will be | 229 | * already has a daemon pid registered, the daemon will be |
157 | * unregistered before the new daemon id is put into the hash list. | 230 | * unregistered before the new daemon is put into the hash list. |
158 | * Returns zero after adding a new daemon id to the hash list; | 231 | * Returns zero after adding a new daemon to the hash list; |
159 | * non-zero otherwise. | 232 | * non-zero otherwise. |
160 | */ | 233 | */ |
161 | int ecryptfs_process_helo(unsigned int transport, uid_t uid, pid_t pid) | 234 | int ecryptfs_process_helo(unsigned int transport, uid_t euid, pid_t pid) |
162 | { | 235 | { |
163 | struct ecryptfs_daemon_id *new_id; | 236 | struct ecryptfs_daemon *new_daemon; |
164 | struct ecryptfs_daemon_id *old_id; | 237 | struct ecryptfs_daemon *old_daemon; |
165 | int rc; | 238 | int rc; |
166 | 239 | ||
167 | mutex_lock(&ecryptfs_daemon_id_hash_mux); | 240 | mutex_lock(&ecryptfs_daemon_hash_mux); |
168 | new_id = kmalloc(sizeof(*new_id), GFP_KERNEL); | 241 | rc = ecryptfs_find_daemon_by_euid(&old_daemon, euid); |
169 | if (!new_id) { | 242 | if (rc != 0) { |
170 | rc = -ENOMEM; | ||
171 | ecryptfs_printk(KERN_ERR, "Failed to allocate memory; unable " | ||
172 | "to register daemon [%d] for user [%d]\n", | ||
173 | pid, uid); | ||
174 | goto unlock; | ||
175 | } | ||
176 | if (!ecryptfs_find_daemon_id(uid, &old_id)) { | ||
177 | printk(KERN_WARNING "Received request from user [%d] " | 243 | printk(KERN_WARNING "Received request from user [%d] " |
178 | "to register daemon [%d]; unregistering daemon " | 244 | "to register daemon [%d]; unregistering daemon " |
179 | "[%d]\n", uid, pid, old_id->pid); | 245 | "[%d]\n", euid, pid, old_daemon->pid); |
180 | hlist_del(&old_id->id_chain); | 246 | rc = ecryptfs_send_raw_message(transport, ECRYPTFS_MSG_QUIT, |
181 | rc = ecryptfs_send_raw_message(transport, ECRYPTFS_NLMSG_QUIT, | 247 | old_daemon); |
182 | old_id->pid); | ||
183 | if (rc) | 248 | if (rc) |
184 | printk(KERN_WARNING "Failed to send QUIT " | 249 | printk(KERN_WARNING "Failed to send QUIT " |
185 | "message to daemon [%d]; rc = [%d]\n", | 250 | "message to daemon [%d]; rc = [%d]\n", |
186 | old_id->pid, rc); | 251 | old_daemon->pid, rc); |
187 | kfree(old_id); | 252 | hlist_del(&old_daemon->euid_chain); |
253 | kfree(old_daemon); | ||
188 | } | 254 | } |
189 | new_id->uid = uid; | 255 | rc = ecryptfs_spawn_daemon(&new_daemon, euid, pid); |
190 | new_id->pid = pid; | 256 | if (rc) |
191 | hlist_add_head(&new_id->id_chain, | 257 | printk(KERN_ERR "%s: The gods are displeased with this attempt " |
192 | &ecryptfs_daemon_id_hash[ecryptfs_uid_hash(uid)]); | 258 | "to create a new daemon object for euid [%d]; pid [%d]; " |
193 | rc = 0; | 259 | "rc = [%d]\n", __func__, euid, pid, rc); |
194 | unlock: | 260 | mutex_unlock(&ecryptfs_daemon_hash_mux); |
195 | mutex_unlock(&ecryptfs_daemon_id_hash_mux); | 261 | return rc; |
262 | } | ||
263 | |||
264 | /** | ||
265 | * ecryptfs_exorcise_daemon - Destroy the daemon struct | ||
266 | * | ||
267 | * Must be called ceremoniously while in possession of | ||
268 | * ecryptfs_daemon_hash_mux and the daemon's own mux. | ||
269 | */ | ||
270 | int ecryptfs_exorcise_daemon(struct ecryptfs_daemon *daemon) | ||
271 | { | ||
272 | struct ecryptfs_msg_ctx *msg_ctx, *msg_ctx_tmp; | ||
273 | int rc = 0; | ||
274 | |||
275 | mutex_lock(&daemon->mux); | ||
276 | if ((daemon->flags & ECRYPTFS_DAEMON_IN_READ) | ||
277 | || (daemon->flags & ECRYPTFS_DAEMON_IN_POLL)) { | ||
278 | rc = -EBUSY; | ||
279 | printk(KERN_WARNING "%s: Attempt to destroy daemon with pid " | ||
280 | "[%d], but it is in the midst of a read or a poll\n", | ||
281 | __func__, daemon->pid); | ||
282 | mutex_unlock(&daemon->mux); | ||
283 | goto out; | ||
284 | } | ||
285 | list_for_each_entry_safe(msg_ctx, msg_ctx_tmp, | ||
286 | &daemon->msg_ctx_out_queue, daemon_out_list) { | ||
287 | list_del(&msg_ctx->daemon_out_list); | ||
288 | daemon->num_queued_msg_ctx--; | ||
289 | printk(KERN_WARNING "%s: Warning: dropping message that is in " | ||
290 | "the out queue of a dying daemon\n", __func__); | ||
291 | ecryptfs_msg_ctx_alloc_to_free(msg_ctx); | ||
292 | } | ||
293 | hlist_del(&daemon->euid_chain); | ||
294 | if (daemon->task) | ||
295 | wake_up_process(daemon->task); | ||
296 | mutex_unlock(&daemon->mux); | ||
297 | memset(daemon, 0, sizeof(*daemon)); | ||
298 | kfree(daemon); | ||
299 | out: | ||
196 | return rc; | 300 | return rc; |
197 | } | 301 | } |
198 | 302 | ||
199 | /** | 303 | /** |
200 | * ecryptfs_process_quit | 304 | * ecryptfs_process_quit |
201 | * @uid: The user ID owner of the message | 305 | * @euid: The user ID owner of the message |
202 | * @pid: The process ID for the userspace program that sent the | 306 | * @pid: The process ID for the userspace program that sent the |
203 | * message | 307 | * message |
204 | * | 308 | * |
205 | * Deletes the corresponding daemon id for the given uid and pid, if | 309 | * Deletes the corresponding daemon for the given euid and pid, if |
206 | * it is the registered that is requesting the deletion. Returns zero | 310 | * it is the registered that is requesting the deletion. Returns zero |
207 | * after deleting the desired daemon id; non-zero otherwise. | 311 | * after deleting the desired daemon; non-zero otherwise. |
208 | */ | 312 | */ |
209 | int ecryptfs_process_quit(uid_t uid, pid_t pid) | 313 | int ecryptfs_process_quit(uid_t euid, pid_t pid) |
210 | { | 314 | { |
211 | struct ecryptfs_daemon_id *id; | 315 | struct ecryptfs_daemon *daemon; |
212 | int rc; | 316 | int rc; |
213 | 317 | ||
214 | mutex_lock(&ecryptfs_daemon_id_hash_mux); | 318 | mutex_lock(&ecryptfs_daemon_hash_mux); |
215 | if (ecryptfs_find_daemon_id(uid, &id)) { | 319 | rc = ecryptfs_find_daemon_by_euid(&daemon, euid); |
216 | rc = -EINVAL; | 320 | if (rc || !daemon) { |
217 | ecryptfs_printk(KERN_ERR, "Received request from user [%d] to " | ||
218 | "unregister unrecognized daemon [%d]\n", uid, | ||
219 | pid); | ||
220 | goto unlock; | ||
221 | } | ||
222 | if (id->pid != pid) { | ||
223 | rc = -EINVAL; | 321 | rc = -EINVAL; |
224 | ecryptfs_printk(KERN_WARNING, "Received request from user [%d] " | 322 | printk(KERN_ERR "Received request from user [%d] to " |
225 | "with pid [%d] to unregister daemon [%d]\n", | 323 | "unregister unrecognized daemon [%d]\n", euid, pid); |
226 | uid, pid, id->pid); | 324 | goto out_unlock; |
227 | goto unlock; | ||
228 | } | 325 | } |
229 | hlist_del(&id->id_chain); | 326 | rc = ecryptfs_exorcise_daemon(daemon); |
230 | kfree(id); | 327 | out_unlock: |
231 | rc = 0; | 328 | mutex_unlock(&ecryptfs_daemon_hash_mux); |
232 | unlock: | ||
233 | mutex_unlock(&ecryptfs_daemon_id_hash_mux); | ||
234 | return rc; | 329 | return rc; |
235 | } | 330 | } |
236 | 331 | ||
237 | /** | 332 | /** |
238 | * ecryptfs_process_reponse | 333 | * ecryptfs_process_reponse |
239 | * @msg: The ecryptfs message received; the caller should sanity check | 334 | * @msg: The ecryptfs message received; the caller should sanity check |
240 | * msg->data_len | 335 | * msg->data_len and free the memory |
241 | * @pid: The process ID of the userspace application that sent the | 336 | * @pid: The process ID of the userspace application that sent the |
242 | * message | 337 | * message |
243 | * @seq: The sequence number of the message | 338 | * @seq: The sequence number of the message; must match the sequence |
339 | * number for the existing message context waiting for this | ||
340 | * response | ||
341 | * | ||
342 | * Processes a response message after sending an operation request to | ||
343 | * userspace. Some other process is awaiting this response. Before | ||
344 | * sending out its first communications, the other process allocated a | ||
345 | * msg_ctx from the ecryptfs_msg_ctx_arr at a particular index. The | ||
346 | * response message contains this index so that we can copy over the | ||
347 | * response message into the msg_ctx that the process holds a | ||
348 | * reference to. The other process is going to wake up, check to see | ||
349 | * that msg_ctx->state == ECRYPTFS_MSG_CTX_STATE_DONE, and then | ||
350 | * proceed to read off and process the response message. Returns zero | ||
351 | * upon delivery to desired context element; non-zero upon delivery | ||
352 | * failure or error. | ||
244 | * | 353 | * |
245 | * Processes a response message after sending a operation request to | 354 | * Returns zero on success; non-zero otherwise |
246 | * userspace. Returns zero upon delivery to desired context element; | ||
247 | * non-zero upon delivery failure or error. | ||
248 | */ | 355 | */ |
249 | int ecryptfs_process_response(struct ecryptfs_message *msg, uid_t uid, | 356 | int ecryptfs_process_response(struct ecryptfs_message *msg, uid_t euid, |
250 | pid_t pid, u32 seq) | 357 | pid_t pid, u32 seq) |
251 | { | 358 | { |
252 | struct ecryptfs_daemon_id *id; | 359 | struct ecryptfs_daemon *daemon; |
253 | struct ecryptfs_msg_ctx *msg_ctx; | 360 | struct ecryptfs_msg_ctx *msg_ctx; |
254 | int msg_size; | 361 | size_t msg_size; |
255 | int rc; | 362 | int rc; |
256 | 363 | ||
257 | if (msg->index >= ecryptfs_message_buf_len) { | 364 | if (msg->index >= ecryptfs_message_buf_len) { |
258 | rc = -EINVAL; | 365 | rc = -EINVAL; |
259 | ecryptfs_printk(KERN_ERR, "Attempt to reference " | 366 | printk(KERN_ERR "%s: Attempt to reference " |
260 | "context buffer at index [%d]; maximum " | 367 | "context buffer at index [%d]; maximum " |
261 | "allowable is [%d]\n", msg->index, | 368 | "allowable is [%d]\n", __func__, msg->index, |
262 | (ecryptfs_message_buf_len - 1)); | 369 | (ecryptfs_message_buf_len - 1)); |
263 | goto out; | 370 | goto out; |
264 | } | 371 | } |
265 | msg_ctx = &ecryptfs_msg_ctx_arr[msg->index]; | 372 | msg_ctx = &ecryptfs_msg_ctx_arr[msg->index]; |
266 | mutex_lock(&msg_ctx->mux); | 373 | mutex_lock(&msg_ctx->mux); |
267 | if (ecryptfs_find_daemon_id(msg_ctx->task->euid, &id)) { | 374 | mutex_lock(&ecryptfs_daemon_hash_mux); |
375 | rc = ecryptfs_find_daemon_by_euid(&daemon, msg_ctx->task->euid); | ||
376 | mutex_unlock(&ecryptfs_daemon_hash_mux); | ||
377 | if (rc) { | ||
268 | rc = -EBADMSG; | 378 | rc = -EBADMSG; |
269 | ecryptfs_printk(KERN_WARNING, "User [%d] received a " | 379 | printk(KERN_WARNING "%s: User [%d] received a " |
270 | "message response from process [%d] but does " | 380 | "message response from process [%d] but does " |
271 | "not have a registered daemon\n", | 381 | "not have a registered daemon\n", __func__, |
272 | msg_ctx->task->euid, pid); | 382 | msg_ctx->task->euid, pid); |
273 | goto wake_up; | 383 | goto wake_up; |
274 | } | 384 | } |
275 | if (msg_ctx->task->euid != uid) { | 385 | if (msg_ctx->task->euid != euid) { |
276 | rc = -EBADMSG; | 386 | rc = -EBADMSG; |
277 | ecryptfs_printk(KERN_WARNING, "Received message from user " | 387 | printk(KERN_WARNING "%s: Received message from user " |
278 | "[%d]; expected message from user [%d]\n", | 388 | "[%d]; expected message from user [%d]\n", __func__, |
279 | uid, msg_ctx->task->euid); | 389 | euid, msg_ctx->task->euid); |
280 | goto unlock; | 390 | goto unlock; |
281 | } | 391 | } |
282 | if (id->pid != pid) { | 392 | if (daemon->pid != pid) { |
283 | rc = -EBADMSG; | 393 | rc = -EBADMSG; |
284 | ecryptfs_printk(KERN_ERR, "User [%d] received a " | 394 | printk(KERN_ERR "%s: User [%d] sent a message response " |
285 | "message response from an unrecognized " | 395 | "from an unrecognized process [%d]\n", |
286 | "process [%d]\n", msg_ctx->task->euid, pid); | 396 | __func__, msg_ctx->task->euid, pid); |
287 | goto unlock; | 397 | goto unlock; |
288 | } | 398 | } |
289 | if (msg_ctx->state != ECRYPTFS_MSG_CTX_STATE_PENDING) { | 399 | if (msg_ctx->state != ECRYPTFS_MSG_CTX_STATE_PENDING) { |
290 | rc = -EINVAL; | 400 | rc = -EINVAL; |
291 | ecryptfs_printk(KERN_WARNING, "Desired context element is not " | 401 | printk(KERN_WARNING "%s: Desired context element is not " |
292 | "pending a response\n"); | 402 | "pending a response\n", __func__); |
293 | goto unlock; | 403 | goto unlock; |
294 | } else if (msg_ctx->counter != seq) { | 404 | } else if (msg_ctx->counter != seq) { |
295 | rc = -EINVAL; | 405 | rc = -EINVAL; |
296 | ecryptfs_printk(KERN_WARNING, "Invalid message sequence; " | 406 | printk(KERN_WARNING "%s: Invalid message sequence; " |
297 | "expected [%d]; received [%d]\n", | 407 | "expected [%d]; received [%d]\n", __func__, |
298 | msg_ctx->counter, seq); | 408 | msg_ctx->counter, seq); |
299 | goto unlock; | 409 | goto unlock; |
300 | } | 410 | } |
301 | msg_size = sizeof(*msg) + msg->data_len; | 411 | msg_size = (sizeof(*msg) + msg->data_len); |
302 | msg_ctx->msg = kmalloc(msg_size, GFP_KERNEL); | 412 | msg_ctx->msg = kmalloc(msg_size, GFP_KERNEL); |
303 | if (!msg_ctx->msg) { | 413 | if (!msg_ctx->msg) { |
304 | rc = -ENOMEM; | 414 | rc = -ENOMEM; |
305 | ecryptfs_printk(KERN_ERR, "Failed to allocate memory\n"); | 415 | printk(KERN_ERR "%s: Failed to allocate [%Zd] bytes of " |
416 | "GFP_KERNEL memory\n", __func__, msg_size); | ||
306 | goto unlock; | 417 | goto unlock; |
307 | } | 418 | } |
308 | memcpy(msg_ctx->msg, msg, msg_size); | 419 | memcpy(msg_ctx->msg, msg, msg_size); |
@@ -317,34 +428,37 @@ out: | |||
317 | } | 428 | } |
318 | 429 | ||
319 | /** | 430 | /** |
320 | * ecryptfs_send_message | 431 | * ecryptfs_send_message_locked |
321 | * @transport: The transport over which to send the message (i.e., | 432 | * @transport: The transport over which to send the message (i.e., |
322 | * netlink) | 433 | * netlink) |
323 | * @data: The data to send | 434 | * @data: The data to send |
324 | * @data_len: The length of data | 435 | * @data_len: The length of data |
325 | * @msg_ctx: The message context allocated for the send | 436 | * @msg_ctx: The message context allocated for the send |
437 | * | ||
438 | * Must be called with ecryptfs_daemon_hash_mux held. | ||
439 | * | ||
440 | * Returns zero on success; non-zero otherwise | ||
326 | */ | 441 | */ |
327 | int ecryptfs_send_message(unsigned int transport, char *data, int data_len, | 442 | static int |
328 | struct ecryptfs_msg_ctx **msg_ctx) | 443 | ecryptfs_send_message_locked(unsigned int transport, char *data, int data_len, |
444 | u8 msg_type, struct ecryptfs_msg_ctx **msg_ctx) | ||
329 | { | 445 | { |
330 | struct ecryptfs_daemon_id *id; | 446 | struct ecryptfs_daemon *daemon; |
331 | int rc; | 447 | int rc; |
332 | 448 | ||
333 | mutex_lock(&ecryptfs_daemon_id_hash_mux); | 449 | rc = ecryptfs_find_daemon_by_euid(&daemon, current->euid); |
334 | if (ecryptfs_find_daemon_id(current->euid, &id)) { | 450 | if (rc || !daemon) { |
335 | mutex_unlock(&ecryptfs_daemon_id_hash_mux); | ||
336 | rc = -ENOTCONN; | 451 | rc = -ENOTCONN; |
337 | ecryptfs_printk(KERN_ERR, "User [%d] does not have a daemon " | 452 | printk(KERN_ERR "%s: User [%d] does not have a daemon " |
338 | "registered\n", current->euid); | 453 | "registered\n", __func__, current->euid); |
339 | goto out; | 454 | goto out; |
340 | } | 455 | } |
341 | mutex_unlock(&ecryptfs_daemon_id_hash_mux); | ||
342 | mutex_lock(&ecryptfs_msg_ctx_lists_mux); | 456 | mutex_lock(&ecryptfs_msg_ctx_lists_mux); |
343 | rc = ecryptfs_acquire_free_msg_ctx(msg_ctx); | 457 | rc = ecryptfs_acquire_free_msg_ctx(msg_ctx); |
344 | if (rc) { | 458 | if (rc) { |
345 | mutex_unlock(&ecryptfs_msg_ctx_lists_mux); | 459 | mutex_unlock(&ecryptfs_msg_ctx_lists_mux); |
346 | ecryptfs_printk(KERN_WARNING, "Could not claim a free " | 460 | printk(KERN_WARNING "%s: Could not claim a free " |
347 | "context element\n"); | 461 | "context element\n", __func__); |
348 | goto out; | 462 | goto out; |
349 | } | 463 | } |
350 | ecryptfs_msg_ctx_free_to_alloc(*msg_ctx); | 464 | ecryptfs_msg_ctx_free_to_alloc(*msg_ctx); |
@@ -352,23 +466,50 @@ int ecryptfs_send_message(unsigned int transport, char *data, int data_len, | |||
352 | mutex_unlock(&ecryptfs_msg_ctx_lists_mux); | 466 | mutex_unlock(&ecryptfs_msg_ctx_lists_mux); |
353 | switch (transport) { | 467 | switch (transport) { |
354 | case ECRYPTFS_TRANSPORT_NETLINK: | 468 | case ECRYPTFS_TRANSPORT_NETLINK: |
355 | rc = ecryptfs_send_netlink(data, data_len, *msg_ctx, | 469 | rc = ecryptfs_send_netlink(data, data_len, *msg_ctx, msg_type, |
356 | ECRYPTFS_NLMSG_REQUEST, 0, id->pid); | 470 | 0, daemon->pid); |
471 | break; | ||
472 | case ECRYPTFS_TRANSPORT_MISCDEV: | ||
473 | rc = ecryptfs_send_miscdev(data, data_len, *msg_ctx, msg_type, | ||
474 | 0, daemon); | ||
357 | break; | 475 | break; |
358 | case ECRYPTFS_TRANSPORT_CONNECTOR: | 476 | case ECRYPTFS_TRANSPORT_CONNECTOR: |
359 | case ECRYPTFS_TRANSPORT_RELAYFS: | 477 | case ECRYPTFS_TRANSPORT_RELAYFS: |
360 | default: | 478 | default: |
361 | rc = -ENOSYS; | 479 | rc = -ENOSYS; |
362 | } | 480 | } |
363 | if (rc) { | 481 | if (rc) |
364 | printk(KERN_ERR "Error attempting to send message to userspace " | 482 | printk(KERN_ERR "%s: Error attempting to send message to " |
365 | "daemon; rc = [%d]\n", rc); | 483 | "userspace daemon; rc = [%d]\n", __func__, rc); |
366 | } | ||
367 | out: | 484 | out: |
368 | return rc; | 485 | return rc; |
369 | } | 486 | } |
370 | 487 | ||
371 | /** | 488 | /** |
489 | * ecryptfs_send_message | ||
490 | * @transport: The transport over which to send the message (i.e., | ||
491 | * netlink) | ||
492 | * @data: The data to send | ||
493 | * @data_len: The length of data | ||
494 | * @msg_ctx: The message context allocated for the send | ||
495 | * | ||
496 | * Grabs ecryptfs_daemon_hash_mux. | ||
497 | * | ||
498 | * Returns zero on success; non-zero otherwise | ||
499 | */ | ||
500 | int ecryptfs_send_message(unsigned int transport, char *data, int data_len, | ||
501 | struct ecryptfs_msg_ctx **msg_ctx) | ||
502 | { | ||
503 | int rc; | ||
504 | |||
505 | mutex_lock(&ecryptfs_daemon_hash_mux); | ||
506 | rc = ecryptfs_send_message_locked(transport, data, data_len, | ||
507 | ECRYPTFS_MSG_REQUEST, msg_ctx); | ||
508 | mutex_unlock(&ecryptfs_daemon_hash_mux); | ||
509 | return rc; | ||
510 | } | ||
511 | |||
512 | /** | ||
372 | * ecryptfs_wait_for_response | 513 | * ecryptfs_wait_for_response |
373 | * @msg_ctx: The context that was assigned when sending a message | 514 | * @msg_ctx: The context that was assigned when sending a message |
374 | * @msg: The incoming message from userspace; not set if rc != 0 | 515 | * @msg: The incoming message from userspace; not set if rc != 0 |
@@ -377,7 +518,7 @@ out: | |||
377 | * of time exceeds ecryptfs_message_wait_timeout. If zero is | 518 | * of time exceeds ecryptfs_message_wait_timeout. If zero is |
378 | * returned, msg will point to a valid message from userspace; a | 519 | * returned, msg will point to a valid message from userspace; a |
379 | * non-zero value is returned upon failure to receive a message or an | 520 | * non-zero value is returned upon failure to receive a message or an |
380 | * error occurs. | 521 | * error occurs. Callee must free @msg on success. |
381 | */ | 522 | */ |
382 | int ecryptfs_wait_for_response(struct ecryptfs_msg_ctx *msg_ctx, | 523 | int ecryptfs_wait_for_response(struct ecryptfs_msg_ctx *msg_ctx, |
383 | struct ecryptfs_message **msg) | 524 | struct ecryptfs_message **msg) |
@@ -413,32 +554,32 @@ int ecryptfs_init_messaging(unsigned int transport) | |||
413 | 554 | ||
414 | if (ecryptfs_number_of_users > ECRYPTFS_MAX_NUM_USERS) { | 555 | if (ecryptfs_number_of_users > ECRYPTFS_MAX_NUM_USERS) { |
415 | ecryptfs_number_of_users = ECRYPTFS_MAX_NUM_USERS; | 556 | ecryptfs_number_of_users = ECRYPTFS_MAX_NUM_USERS; |
416 | ecryptfs_printk(KERN_WARNING, "Specified number of users is " | 557 | printk(KERN_WARNING "%s: Specified number of users is " |
417 | "too large, defaulting to [%d] users\n", | 558 | "too large, defaulting to [%d] users\n", __func__, |
418 | ecryptfs_number_of_users); | 559 | ecryptfs_number_of_users); |
419 | } | 560 | } |
420 | mutex_init(&ecryptfs_daemon_id_hash_mux); | 561 | mutex_init(&ecryptfs_daemon_hash_mux); |
421 | mutex_lock(&ecryptfs_daemon_id_hash_mux); | 562 | mutex_lock(&ecryptfs_daemon_hash_mux); |
422 | ecryptfs_hash_buckets = 1; | 563 | ecryptfs_hash_buckets = 1; |
423 | while (ecryptfs_number_of_users >> ecryptfs_hash_buckets) | 564 | while (ecryptfs_number_of_users >> ecryptfs_hash_buckets) |
424 | ecryptfs_hash_buckets++; | 565 | ecryptfs_hash_buckets++; |
425 | ecryptfs_daemon_id_hash = kmalloc(sizeof(struct hlist_head) | 566 | ecryptfs_daemon_hash = kmalloc((sizeof(struct hlist_head) |
426 | * ecryptfs_hash_buckets, GFP_KERNEL); | 567 | * ecryptfs_hash_buckets), GFP_KERNEL); |
427 | if (!ecryptfs_daemon_id_hash) { | 568 | if (!ecryptfs_daemon_hash) { |
428 | rc = -ENOMEM; | 569 | rc = -ENOMEM; |
429 | ecryptfs_printk(KERN_ERR, "Failed to allocate memory\n"); | 570 | printk(KERN_ERR "%s: Failed to allocate memory\n", __func__); |
430 | mutex_unlock(&ecryptfs_daemon_id_hash_mux); | 571 | mutex_unlock(&ecryptfs_daemon_hash_mux); |
431 | goto out; | 572 | goto out; |
432 | } | 573 | } |
433 | for (i = 0; i < ecryptfs_hash_buckets; i++) | 574 | for (i = 0; i < ecryptfs_hash_buckets; i++) |
434 | INIT_HLIST_HEAD(&ecryptfs_daemon_id_hash[i]); | 575 | INIT_HLIST_HEAD(&ecryptfs_daemon_hash[i]); |
435 | mutex_unlock(&ecryptfs_daemon_id_hash_mux); | 576 | mutex_unlock(&ecryptfs_daemon_hash_mux); |
436 | |||
437 | ecryptfs_msg_ctx_arr = kmalloc((sizeof(struct ecryptfs_msg_ctx) | 577 | ecryptfs_msg_ctx_arr = kmalloc((sizeof(struct ecryptfs_msg_ctx) |
438 | * ecryptfs_message_buf_len), GFP_KERNEL); | 578 | * ecryptfs_message_buf_len), |
579 | GFP_KERNEL); | ||
439 | if (!ecryptfs_msg_ctx_arr) { | 580 | if (!ecryptfs_msg_ctx_arr) { |
440 | rc = -ENOMEM; | 581 | rc = -ENOMEM; |
441 | ecryptfs_printk(KERN_ERR, "Failed to allocate memory\n"); | 582 | printk(KERN_ERR "%s: Failed to allocate memory\n", __func__); |
442 | goto out; | 583 | goto out; |
443 | } | 584 | } |
444 | mutex_init(&ecryptfs_msg_ctx_lists_mux); | 585 | mutex_init(&ecryptfs_msg_ctx_lists_mux); |
@@ -446,6 +587,7 @@ int ecryptfs_init_messaging(unsigned int transport) | |||
446 | ecryptfs_msg_counter = 0; | 587 | ecryptfs_msg_counter = 0; |
447 | for (i = 0; i < ecryptfs_message_buf_len; i++) { | 588 | for (i = 0; i < ecryptfs_message_buf_len; i++) { |
448 | INIT_LIST_HEAD(&ecryptfs_msg_ctx_arr[i].node); | 589 | INIT_LIST_HEAD(&ecryptfs_msg_ctx_arr[i].node); |
590 | INIT_LIST_HEAD(&ecryptfs_msg_ctx_arr[i].daemon_out_list); | ||
449 | mutex_init(&ecryptfs_msg_ctx_arr[i].mux); | 591 | mutex_init(&ecryptfs_msg_ctx_arr[i].mux); |
450 | mutex_lock(&ecryptfs_msg_ctx_arr[i].mux); | 592 | mutex_lock(&ecryptfs_msg_ctx_arr[i].mux); |
451 | ecryptfs_msg_ctx_arr[i].index = i; | 593 | ecryptfs_msg_ctx_arr[i].index = i; |
@@ -464,6 +606,11 @@ int ecryptfs_init_messaging(unsigned int transport) | |||
464 | if (rc) | 606 | if (rc) |
465 | ecryptfs_release_messaging(transport); | 607 | ecryptfs_release_messaging(transport); |
466 | break; | 608 | break; |
609 | case ECRYPTFS_TRANSPORT_MISCDEV: | ||
610 | rc = ecryptfs_init_ecryptfs_miscdev(); | ||
611 | if (rc) | ||
612 | ecryptfs_release_messaging(transport); | ||
613 | break; | ||
467 | case ECRYPTFS_TRANSPORT_CONNECTOR: | 614 | case ECRYPTFS_TRANSPORT_CONNECTOR: |
468 | case ECRYPTFS_TRANSPORT_RELAYFS: | 615 | case ECRYPTFS_TRANSPORT_RELAYFS: |
469 | default: | 616 | default: |
@@ -488,27 +635,37 @@ void ecryptfs_release_messaging(unsigned int transport) | |||
488 | kfree(ecryptfs_msg_ctx_arr); | 635 | kfree(ecryptfs_msg_ctx_arr); |
489 | mutex_unlock(&ecryptfs_msg_ctx_lists_mux); | 636 | mutex_unlock(&ecryptfs_msg_ctx_lists_mux); |
490 | } | 637 | } |
491 | if (ecryptfs_daemon_id_hash) { | 638 | if (ecryptfs_daemon_hash) { |
492 | struct hlist_node *elem; | 639 | struct hlist_node *elem; |
493 | struct ecryptfs_daemon_id *id; | 640 | struct ecryptfs_daemon *daemon; |
494 | int i; | 641 | int i; |
495 | 642 | ||
496 | mutex_lock(&ecryptfs_daemon_id_hash_mux); | 643 | mutex_lock(&ecryptfs_daemon_hash_mux); |
497 | for (i = 0; i < ecryptfs_hash_buckets; i++) { | 644 | for (i = 0; i < ecryptfs_hash_buckets; i++) { |
498 | hlist_for_each_entry(id, elem, | 645 | int rc; |
499 | &ecryptfs_daemon_id_hash[i], | 646 | |
500 | id_chain) { | 647 | hlist_for_each_entry(daemon, elem, |
501 | hlist_del(elem); | 648 | &ecryptfs_daemon_hash[i], |
502 | kfree(id); | 649 | euid_chain) { |
650 | rc = ecryptfs_exorcise_daemon(daemon); | ||
651 | if (rc) | ||
652 | printk(KERN_ERR "%s: Error whilst " | ||
653 | "attempting to destroy daemon; " | ||
654 | "rc = [%d]. Dazed and confused, " | ||
655 | "but trying to continue.\n", | ||
656 | __func__, rc); | ||
503 | } | 657 | } |
504 | } | 658 | } |
505 | kfree(ecryptfs_daemon_id_hash); | 659 | kfree(ecryptfs_daemon_hash); |
506 | mutex_unlock(&ecryptfs_daemon_id_hash_mux); | 660 | mutex_unlock(&ecryptfs_daemon_hash_mux); |
507 | } | 661 | } |
508 | switch(transport) { | 662 | switch(transport) { |
509 | case ECRYPTFS_TRANSPORT_NETLINK: | 663 | case ECRYPTFS_TRANSPORT_NETLINK: |
510 | ecryptfs_release_netlink(); | 664 | ecryptfs_release_netlink(); |
511 | break; | 665 | break; |
666 | case ECRYPTFS_TRANSPORT_MISCDEV: | ||
667 | ecryptfs_destroy_ecryptfs_miscdev(); | ||
668 | break; | ||
512 | case ECRYPTFS_TRANSPORT_CONNECTOR: | 669 | case ECRYPTFS_TRANSPORT_CONNECTOR: |
513 | case ECRYPTFS_TRANSPORT_RELAYFS: | 670 | case ECRYPTFS_TRANSPORT_RELAYFS: |
514 | default: | 671 | default: |
diff --git a/fs/ecryptfs/miscdev.c b/fs/ecryptfs/miscdev.c index 72dfec48ea22..0c559731ae34 100644 --- a/fs/ecryptfs/miscdev.c +++ b/fs/ecryptfs/miscdev.c | |||
@@ -196,7 +196,7 @@ int ecryptfs_send_miscdev(char *data, size_t data_size, | |||
196 | if (!msg_ctx->msg) { | 196 | if (!msg_ctx->msg) { |
197 | rc = -ENOMEM; | 197 | rc = -ENOMEM; |
198 | printk(KERN_ERR "%s: Out of memory whilst attempting " | 198 | printk(KERN_ERR "%s: Out of memory whilst attempting " |
199 | "to kmalloc(%d, GFP_KERNEL)\n", __func__, | 199 | "to kmalloc(%Zd, GFP_KERNEL)\n", __func__, |
200 | (sizeof(*msg_ctx->msg) + data_size)); | 200 | (sizeof(*msg_ctx->msg) + data_size)); |
201 | goto out_unlock; | 201 | goto out_unlock; |
202 | } | 202 | } |
@@ -232,7 +232,7 @@ out_unlock: | |||
232 | * | 232 | * |
233 | * Returns the number of bytes copied into the user buffer | 233 | * Returns the number of bytes copied into the user buffer |
234 | */ | 234 | */ |
235 | static int | 235 | static ssize_t |
236 | ecryptfs_miscdev_read(struct file *file, char __user *buf, size_t count, | 236 | ecryptfs_miscdev_read(struct file *file, char __user *buf, size_t count, |
237 | loff_t *ppos) | 237 | loff_t *ppos) |
238 | { | 238 | { |
diff --git a/fs/ecryptfs/netlink.c b/fs/ecryptfs/netlink.c index f638a698dc52..eb70f69d705d 100644 --- a/fs/ecryptfs/netlink.c +++ b/fs/ecryptfs/netlink.c | |||
@@ -44,7 +44,7 @@ static struct sock *ecryptfs_nl_sock; | |||
44 | * upon sending the message; non-zero upon error. | 44 | * upon sending the message; non-zero upon error. |
45 | */ | 45 | */ |
46 | int ecryptfs_send_netlink(char *data, int data_len, | 46 | int ecryptfs_send_netlink(char *data, int data_len, |
47 | struct ecryptfs_msg_ctx *msg_ctx, u16 msg_type, | 47 | struct ecryptfs_msg_ctx *msg_ctx, u8 msg_type, |
48 | u16 msg_flags, pid_t daemon_pid) | 48 | u16 msg_flags, pid_t daemon_pid) |
49 | { | 49 | { |
50 | struct sk_buff *skb; | 50 | struct sk_buff *skb; |
@@ -176,20 +176,20 @@ static void ecryptfs_receive_nl_message(struct sk_buff *skb) | |||
176 | goto free; | 176 | goto free; |
177 | } | 177 | } |
178 | switch (nlh->nlmsg_type) { | 178 | switch (nlh->nlmsg_type) { |
179 | case ECRYPTFS_NLMSG_RESPONSE: | 179 | case ECRYPTFS_MSG_RESPONSE: |
180 | if (ecryptfs_process_nl_response(skb)) { | 180 | if (ecryptfs_process_nl_response(skb)) { |
181 | ecryptfs_printk(KERN_WARNING, "Failed to " | 181 | ecryptfs_printk(KERN_WARNING, "Failed to " |
182 | "deliver netlink response to " | 182 | "deliver netlink response to " |
183 | "requesting operation\n"); | 183 | "requesting operation\n"); |
184 | } | 184 | } |
185 | break; | 185 | break; |
186 | case ECRYPTFS_NLMSG_HELO: | 186 | case ECRYPTFS_MSG_HELO: |
187 | if (ecryptfs_process_nl_helo(skb)) { | 187 | if (ecryptfs_process_nl_helo(skb)) { |
188 | ecryptfs_printk(KERN_WARNING, "Failed to " | 188 | ecryptfs_printk(KERN_WARNING, "Failed to " |
189 | "fulfill HELO request\n"); | 189 | "fulfill HELO request\n"); |
190 | } | 190 | } |
191 | break; | 191 | break; |
192 | case ECRYPTFS_NLMSG_QUIT: | 192 | case ECRYPTFS_MSG_QUIT: |
193 | if (ecryptfs_process_nl_quit(skb)) { | 193 | if (ecryptfs_process_nl_quit(skb)) { |
194 | ecryptfs_printk(KERN_WARNING, "Failed to " | 194 | ecryptfs_printk(KERN_WARNING, "Failed to " |
195 | "fulfill QUIT request\n"); | 195 | "fulfill QUIT request\n"); |