aboutsummaryrefslogtreecommitdiffstats
path: root/fs/ecryptfs
diff options
context:
space:
mode:
Diffstat (limited to 'fs/ecryptfs')
-rw-r--r--fs/ecryptfs/crypto.c191
-rw-r--r--fs/ecryptfs/dentry.c12
-rw-r--r--fs/ecryptfs/ecryptfs_kernel.h17
-rw-r--r--fs/ecryptfs/file.c5
-rw-r--r--fs/ecryptfs/inode.c40
-rw-r--r--fs/ecryptfs/keystore.c8
-rw-r--r--fs/ecryptfs/main.c46
-rw-r--r--fs/ecryptfs/mmap.c28
-rw-r--r--fs/ecryptfs/read_write.c2
-rw-r--r--fs/ecryptfs/super.c48
10 files changed, 201 insertions, 196 deletions
diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c
index f8ef0af919e7..a066e109ad9c 100644
--- a/fs/ecryptfs/crypto.c
+++ b/fs/ecryptfs/crypto.c
@@ -355,8 +355,11 @@ static int encrypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat,
355 } 355 }
356 /* Consider doing this once, when the file is opened */ 356 /* Consider doing this once, when the file is opened */
357 mutex_lock(&crypt_stat->cs_tfm_mutex); 357 mutex_lock(&crypt_stat->cs_tfm_mutex);
358 rc = crypto_blkcipher_setkey(crypt_stat->tfm, crypt_stat->key, 358 if (!(crypt_stat->flags & ECRYPTFS_KEY_SET)) {
359 crypt_stat->key_size); 359 rc = crypto_blkcipher_setkey(crypt_stat->tfm, crypt_stat->key,
360 crypt_stat->key_size);
361 crypt_stat->flags |= ECRYPTFS_KEY_SET;
362 }
360 if (rc) { 363 if (rc) {
361 ecryptfs_printk(KERN_ERR, "Error setting key; rc = [%d]\n", 364 ecryptfs_printk(KERN_ERR, "Error setting key; rc = [%d]\n",
362 rc); 365 rc);
@@ -376,11 +379,10 @@ out:
376 * 379 *
377 * Convert an eCryptfs page index into a lower byte offset 380 * Convert an eCryptfs page index into a lower byte offset
378 */ 381 */
379void ecryptfs_lower_offset_for_extent(loff_t *offset, loff_t extent_num, 382static void ecryptfs_lower_offset_for_extent(loff_t *offset, loff_t extent_num,
380 struct ecryptfs_crypt_stat *crypt_stat) 383 struct ecryptfs_crypt_stat *crypt_stat)
381{ 384{
382 (*offset) = ((crypt_stat->extent_size 385 (*offset) = (crypt_stat->num_header_bytes_at_front
383 * crypt_stat->num_header_extents_at_front)
384 + (crypt_stat->extent_size * extent_num)); 386 + (crypt_stat->extent_size * extent_num));
385} 387}
386 388
@@ -842,15 +844,13 @@ void ecryptfs_set_default_sizes(struct ecryptfs_crypt_stat *crypt_stat)
842 set_extent_mask_and_shift(crypt_stat); 844 set_extent_mask_and_shift(crypt_stat);
843 crypt_stat->iv_bytes = ECRYPTFS_DEFAULT_IV_BYTES; 845 crypt_stat->iv_bytes = ECRYPTFS_DEFAULT_IV_BYTES;
844 if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR) 846 if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR)
845 crypt_stat->num_header_extents_at_front = 0; 847 crypt_stat->num_header_bytes_at_front = 0;
846 else { 848 else {
847 if (PAGE_CACHE_SIZE <= ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE) 849 if (PAGE_CACHE_SIZE <= ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE)
848 crypt_stat->num_header_extents_at_front = 850 crypt_stat->num_header_bytes_at_front =
849 (ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE 851 ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE;
850 / crypt_stat->extent_size);
851 else 852 else
852 crypt_stat->num_header_extents_at_front = 853 crypt_stat->num_header_bytes_at_front = PAGE_CACHE_SIZE;
853 (PAGE_CACHE_SIZE / crypt_stat->extent_size);
854 } 854 }
855} 855}
856 856
@@ -1128,7 +1128,7 @@ write_ecryptfs_flags(char *page_virt, struct ecryptfs_crypt_stat *crypt_stat,
1128 1128
1129struct ecryptfs_cipher_code_str_map_elem { 1129struct ecryptfs_cipher_code_str_map_elem {
1130 char cipher_str[16]; 1130 char cipher_str[16];
1131 u16 cipher_code; 1131 u8 cipher_code;
1132}; 1132};
1133 1133
1134/* Add support for additional ciphers by adding elements here. The 1134/* Add support for additional ciphers by adding elements here. The
@@ -1152,10 +1152,10 @@ ecryptfs_cipher_code_str_map[] = {
1152 * 1152 *
1153 * Returns zero on no match, or the cipher code on match 1153 * Returns zero on no match, or the cipher code on match
1154 */ 1154 */
1155u16 ecryptfs_code_for_cipher_string(struct ecryptfs_crypt_stat *crypt_stat) 1155u8 ecryptfs_code_for_cipher_string(struct ecryptfs_crypt_stat *crypt_stat)
1156{ 1156{
1157 int i; 1157 int i;
1158 u16 code = 0; 1158 u8 code = 0;
1159 struct ecryptfs_cipher_code_str_map_elem *map = 1159 struct ecryptfs_cipher_code_str_map_elem *map =
1160 ecryptfs_cipher_code_str_map; 1160 ecryptfs_cipher_code_str_map;
1161 1161
@@ -1187,7 +1187,7 @@ u16 ecryptfs_code_for_cipher_string(struct ecryptfs_crypt_stat *crypt_stat)
1187 * 1187 *
1188 * Returns zero on success 1188 * Returns zero on success
1189 */ 1189 */
1190int ecryptfs_cipher_code_to_string(char *str, u16 cipher_code) 1190int ecryptfs_cipher_code_to_string(char *str, u8 cipher_code)
1191{ 1191{
1192 int rc = 0; 1192 int rc = 0;
1193 int i; 1193 int i;
@@ -1236,7 +1236,8 @@ ecryptfs_write_header_metadata(char *virt,
1236 1236
1237 header_extent_size = (u32)crypt_stat->extent_size; 1237 header_extent_size = (u32)crypt_stat->extent_size;
1238 num_header_extents_at_front = 1238 num_header_extents_at_front =
1239 (u16)crypt_stat->num_header_extents_at_front; 1239 (u16)(crypt_stat->num_header_bytes_at_front
1240 / crypt_stat->extent_size);
1240 header_extent_size = cpu_to_be32(header_extent_size); 1241 header_extent_size = cpu_to_be32(header_extent_size);
1241 memcpy(virt, &header_extent_size, 4); 1242 memcpy(virt, &header_extent_size, 4);
1242 virt += 4; 1243 virt += 4;
@@ -1311,40 +1312,16 @@ static int ecryptfs_write_headers_virt(char *page_virt, size_t *size,
1311static int 1312static int
1312ecryptfs_write_metadata_to_contents(struct ecryptfs_crypt_stat *crypt_stat, 1313ecryptfs_write_metadata_to_contents(struct ecryptfs_crypt_stat *crypt_stat,
1313 struct dentry *ecryptfs_dentry, 1314 struct dentry *ecryptfs_dentry,
1314 char *page_virt) 1315 char *virt)
1315{ 1316{
1316 int current_header_page;
1317 int header_pages;
1318 int rc; 1317 int rc;
1319 1318
1320 rc = ecryptfs_write_lower(ecryptfs_dentry->d_inode, page_virt, 1319 rc = ecryptfs_write_lower(ecryptfs_dentry->d_inode, virt,
1321 0, PAGE_CACHE_SIZE); 1320 0, crypt_stat->num_header_bytes_at_front);
1322 if (rc) { 1321 if (rc)
1323 printk(KERN_ERR "%s: Error attempting to write header " 1322 printk(KERN_ERR "%s: Error attempting to write header "
1324 "information to lower file; rc = [%d]\n", __FUNCTION__, 1323 "information to lower file; rc = [%d]\n", __FUNCTION__,
1325 rc); 1324 rc);
1326 goto out;
1327 }
1328 header_pages = ((crypt_stat->extent_size
1329 * crypt_stat->num_header_extents_at_front)
1330 / PAGE_CACHE_SIZE);
1331 memset(page_virt, 0, PAGE_CACHE_SIZE);
1332 current_header_page = 1;
1333 while (current_header_page < header_pages) {
1334 loff_t offset;
1335
1336 offset = (((loff_t)current_header_page) << PAGE_CACHE_SHIFT);
1337 if ((rc = ecryptfs_write_lower(ecryptfs_dentry->d_inode,
1338 page_virt, offset,
1339 PAGE_CACHE_SIZE))) {
1340 printk(KERN_ERR "%s: Error attempting to write header "
1341 "information to lower file; rc = [%d]\n",
1342 __FUNCTION__, rc);
1343 goto out;
1344 }
1345 current_header_page++;
1346 }
1347out:
1348 return rc; 1325 return rc;
1349} 1326}
1350 1327
@@ -1370,15 +1347,13 @@ ecryptfs_write_metadata_to_xattr(struct dentry *ecryptfs_dentry,
1370 * retrieved via a prompt. Exactly what happens at this point should 1347 * retrieved via a prompt. Exactly what happens at this point should
1371 * be policy-dependent. 1348 * be policy-dependent.
1372 * 1349 *
1373 * TODO: Support header information spanning multiple pages
1374 *
1375 * Returns zero on success; non-zero on error 1350 * Returns zero on success; non-zero on error
1376 */ 1351 */
1377int ecryptfs_write_metadata(struct dentry *ecryptfs_dentry) 1352int ecryptfs_write_metadata(struct dentry *ecryptfs_dentry)
1378{ 1353{
1379 struct ecryptfs_crypt_stat *crypt_stat = 1354 struct ecryptfs_crypt_stat *crypt_stat =
1380 &ecryptfs_inode_to_private(ecryptfs_dentry->d_inode)->crypt_stat; 1355 &ecryptfs_inode_to_private(ecryptfs_dentry->d_inode)->crypt_stat;
1381 char *page_virt; 1356 char *virt;
1382 size_t size = 0; 1357 size_t size = 0;
1383 int rc = 0; 1358 int rc = 0;
1384 1359
@@ -1389,40 +1364,39 @@ int ecryptfs_write_metadata(struct dentry *ecryptfs_dentry)
1389 goto out; 1364 goto out;
1390 } 1365 }
1391 } else { 1366 } else {
1367 printk(KERN_WARNING "%s: Encrypted flag not set\n",
1368 __FUNCTION__);
1392 rc = -EINVAL; 1369 rc = -EINVAL;
1393 ecryptfs_printk(KERN_WARNING,
1394 "Called with crypt_stat->encrypted == 0\n");
1395 goto out; 1370 goto out;
1396 } 1371 }
1397 /* Released in this function */ 1372 /* Released in this function */
1398 page_virt = kmem_cache_zalloc(ecryptfs_header_cache_0, GFP_USER); 1373 virt = kzalloc(crypt_stat->num_header_bytes_at_front, GFP_KERNEL);
1399 if (!page_virt) { 1374 if (!virt) {
1400 ecryptfs_printk(KERN_ERR, "Out of memory\n"); 1375 printk(KERN_ERR "%s: Out of memory\n", __FUNCTION__);
1401 rc = -ENOMEM; 1376 rc = -ENOMEM;
1402 goto out; 1377 goto out;
1403 } 1378 }
1404 rc = ecryptfs_write_headers_virt(page_virt, &size, crypt_stat, 1379 rc = ecryptfs_write_headers_virt(virt, &size, crypt_stat,
1405 ecryptfs_dentry); 1380 ecryptfs_dentry);
1406 if (unlikely(rc)) { 1381 if (unlikely(rc)) {
1407 ecryptfs_printk(KERN_ERR, "Error whilst writing headers\n"); 1382 printk(KERN_ERR "%s: Error whilst writing headers; rc = [%d]\n",
1408 memset(page_virt, 0, PAGE_CACHE_SIZE); 1383 __FUNCTION__, rc);
1409 goto out_free; 1384 goto out_free;
1410 } 1385 }
1411 if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR) 1386 if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR)
1412 rc = ecryptfs_write_metadata_to_xattr(ecryptfs_dentry, 1387 rc = ecryptfs_write_metadata_to_xattr(ecryptfs_dentry,
1413 crypt_stat, page_virt, 1388 crypt_stat, virt, size);
1414 size);
1415 else 1389 else
1416 rc = ecryptfs_write_metadata_to_contents(crypt_stat, 1390 rc = ecryptfs_write_metadata_to_contents(crypt_stat,
1417 ecryptfs_dentry, 1391 ecryptfs_dentry, virt);
1418 page_virt);
1419 if (rc) { 1392 if (rc) {
1420 printk(KERN_ERR "Error writing metadata out to lower file; " 1393 printk(KERN_ERR "%s: Error writing metadata out to lower file; "
1421 "rc = [%d]\n", rc); 1394 "rc = [%d]\n", __FUNCTION__, rc);
1422 goto out_free; 1395 goto out_free;
1423 } 1396 }
1424out_free: 1397out_free:
1425 kmem_cache_free(ecryptfs_header_cache_0, page_virt); 1398 memset(virt, 0, crypt_stat->num_header_bytes_at_front);
1399 kfree(virt);
1426out: 1400out:
1427 return rc; 1401 return rc;
1428} 1402}
@@ -1442,16 +1416,16 @@ static int parse_header_metadata(struct ecryptfs_crypt_stat *crypt_stat,
1442 virt += sizeof(u32); 1416 virt += sizeof(u32);
1443 memcpy(&num_header_extents_at_front, virt, sizeof(u16)); 1417 memcpy(&num_header_extents_at_front, virt, sizeof(u16));
1444 num_header_extents_at_front = be16_to_cpu(num_header_extents_at_front); 1418 num_header_extents_at_front = be16_to_cpu(num_header_extents_at_front);
1445 crypt_stat->num_header_extents_at_front = 1419 crypt_stat->num_header_bytes_at_front =
1446 (int)num_header_extents_at_front; 1420 (((size_t)num_header_extents_at_front
1421 * (size_t)header_extent_size));
1447 (*bytes_read) = (sizeof(u32) + sizeof(u16)); 1422 (*bytes_read) = (sizeof(u32) + sizeof(u16));
1448 if ((validate_header_size == ECRYPTFS_VALIDATE_HEADER_SIZE) 1423 if ((validate_header_size == ECRYPTFS_VALIDATE_HEADER_SIZE)
1449 && ((crypt_stat->extent_size 1424 && (crypt_stat->num_header_bytes_at_front
1450 * crypt_stat->num_header_extents_at_front)
1451 < ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE)) { 1425 < ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE)) {
1452 rc = -EINVAL; 1426 rc = -EINVAL;
1453 printk(KERN_WARNING "Invalid number of header extents: [%zd]\n", 1427 printk(KERN_WARNING "Invalid header size: [%zd]\n",
1454 crypt_stat->num_header_extents_at_front); 1428 crypt_stat->num_header_bytes_at_front);
1455 } 1429 }
1456 return rc; 1430 return rc;
1457} 1431}
@@ -1466,7 +1440,8 @@ static int parse_header_metadata(struct ecryptfs_crypt_stat *crypt_stat,
1466 */ 1440 */
1467static void set_default_header_data(struct ecryptfs_crypt_stat *crypt_stat) 1441static void set_default_header_data(struct ecryptfs_crypt_stat *crypt_stat)
1468{ 1442{
1469 crypt_stat->num_header_extents_at_front = 2; 1443 crypt_stat->num_header_bytes_at_front =
1444 ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE;
1470} 1445}
1471 1446
1472/** 1447/**
@@ -1552,9 +1527,10 @@ int ecryptfs_read_xattr_region(char *page_virt, struct inode *ecryptfs_inode)
1552 size = ecryptfs_getxattr_lower(lower_dentry, ECRYPTFS_XATTR_NAME, 1527 size = ecryptfs_getxattr_lower(lower_dentry, ECRYPTFS_XATTR_NAME,
1553 page_virt, ECRYPTFS_DEFAULT_EXTENT_SIZE); 1528 page_virt, ECRYPTFS_DEFAULT_EXTENT_SIZE);
1554 if (size < 0) { 1529 if (size < 0) {
1555 printk(KERN_ERR "Error attempting to read the [%s] " 1530 if (unlikely(ecryptfs_verbosity > 0))
1556 "xattr from the lower file; return value = [%zd]\n", 1531 printk(KERN_INFO "Error attempting to read the [%s] "
1557 ECRYPTFS_XATTR_NAME, size); 1532 "xattr from the lower file; return value = "
1533 "[%zd]\n", ECRYPTFS_XATTR_NAME, size);
1558 rc = -EINVAL; 1534 rc = -EINVAL;
1559 goto out; 1535 goto out;
1560 } 1536 }
@@ -1802,7 +1778,7 @@ out:
1802} 1778}
1803 1779
1804struct kmem_cache *ecryptfs_key_tfm_cache; 1780struct kmem_cache *ecryptfs_key_tfm_cache;
1805struct list_head key_tfm_list; 1781static struct list_head key_tfm_list;
1806struct mutex key_tfm_list_mutex; 1782struct mutex key_tfm_list_mutex;
1807 1783
1808int ecryptfs_init_crypto(void) 1784int ecryptfs_init_crypto(void)
@@ -1812,6 +1788,11 @@ int ecryptfs_init_crypto(void)
1812 return 0; 1788 return 0;
1813} 1789}
1814 1790
1791/**
1792 * ecryptfs_destroy_crypto - free all cached key_tfms on key_tfm_list
1793 *
1794 * Called only at module unload time
1795 */
1815int ecryptfs_destroy_crypto(void) 1796int ecryptfs_destroy_crypto(void)
1816{ 1797{
1817 struct ecryptfs_key_tfm *key_tfm, *key_tfm_tmp; 1798 struct ecryptfs_key_tfm *key_tfm, *key_tfm_tmp;
@@ -1835,6 +1816,8 @@ ecryptfs_add_new_key_tfm(struct ecryptfs_key_tfm **key_tfm, char *cipher_name,
1835 struct ecryptfs_key_tfm *tmp_tfm; 1816 struct ecryptfs_key_tfm *tmp_tfm;
1836 int rc = 0; 1817 int rc = 0;
1837 1818
1819 BUG_ON(!mutex_is_locked(&key_tfm_list_mutex));
1820
1838 tmp_tfm = kmem_cache_alloc(ecryptfs_key_tfm_cache, GFP_KERNEL); 1821 tmp_tfm = kmem_cache_alloc(ecryptfs_key_tfm_cache, GFP_KERNEL);
1839 if (key_tfm != NULL) 1822 if (key_tfm != NULL)
1840 (*key_tfm) = tmp_tfm; 1823 (*key_tfm) = tmp_tfm;
@@ -1861,13 +1844,50 @@ ecryptfs_add_new_key_tfm(struct ecryptfs_key_tfm **key_tfm, char *cipher_name,
1861 (*key_tfm) = NULL; 1844 (*key_tfm) = NULL;
1862 goto out; 1845 goto out;
1863 } 1846 }
1864 mutex_lock(&key_tfm_list_mutex);
1865 list_add(&tmp_tfm->key_tfm_list, &key_tfm_list); 1847 list_add(&tmp_tfm->key_tfm_list, &key_tfm_list);
1866 mutex_unlock(&key_tfm_list_mutex);
1867out: 1848out:
1868 return rc; 1849 return rc;
1869} 1850}
1870 1851
1852/**
1853 * ecryptfs_tfm_exists - Search for existing tfm for cipher_name.
1854 * @cipher_name: the name of the cipher to search for
1855 * @key_tfm: set to corresponding tfm if found
1856 *
1857 * Searches for cached key_tfm matching @cipher_name
1858 * Must be called with &key_tfm_list_mutex held
1859 * Returns 1 if found, with @key_tfm set
1860 * Returns 0 if not found, with @key_tfm set to NULL
1861 */
1862int ecryptfs_tfm_exists(char *cipher_name, struct ecryptfs_key_tfm **key_tfm)
1863{
1864 struct ecryptfs_key_tfm *tmp_key_tfm;
1865
1866 BUG_ON(!mutex_is_locked(&key_tfm_list_mutex));
1867
1868 list_for_each_entry(tmp_key_tfm, &key_tfm_list, key_tfm_list) {
1869 if (strcmp(tmp_key_tfm->cipher_name, cipher_name) == 0) {
1870 if (key_tfm)
1871 (*key_tfm) = tmp_key_tfm;
1872 return 1;
1873 }
1874 }
1875 if (key_tfm)
1876 (*key_tfm) = NULL;
1877 return 0;
1878}
1879
1880/**
1881 * ecryptfs_get_tfm_and_mutex_for_cipher_name
1882 *
1883 * @tfm: set to cached tfm found, or new tfm created
1884 * @tfm_mutex: set to mutex for cached tfm found, or new tfm created
1885 * @cipher_name: the name of the cipher to search for and/or add
1886 *
1887 * Sets pointers to @tfm & @tfm_mutex matching @cipher_name.
1888 * Searches for cached item first, and creates new if not found.
1889 * Returns 0 on success, non-zero if adding new cipher failed
1890 */
1871int ecryptfs_get_tfm_and_mutex_for_cipher_name(struct crypto_blkcipher **tfm, 1891int ecryptfs_get_tfm_and_mutex_for_cipher_name(struct crypto_blkcipher **tfm,
1872 struct mutex **tfm_mutex, 1892 struct mutex **tfm_mutex,
1873 char *cipher_name) 1893 char *cipher_name)
@@ -1877,22 +1897,17 @@ int ecryptfs_get_tfm_and_mutex_for_cipher_name(struct crypto_blkcipher **tfm,
1877 1897
1878 (*tfm) = NULL; 1898 (*tfm) = NULL;
1879 (*tfm_mutex) = NULL; 1899 (*tfm_mutex) = NULL;
1900
1880 mutex_lock(&key_tfm_list_mutex); 1901 mutex_lock(&key_tfm_list_mutex);
1881 list_for_each_entry(key_tfm, &key_tfm_list, key_tfm_list) { 1902 if (!ecryptfs_tfm_exists(cipher_name, &key_tfm)) {
1882 if (strcmp(key_tfm->cipher_name, cipher_name) == 0) { 1903 rc = ecryptfs_add_new_key_tfm(&key_tfm, cipher_name, 0);
1883 (*tfm) = key_tfm->key_tfm; 1904 if (rc) {
1884 (*tfm_mutex) = &key_tfm->key_tfm_mutex; 1905 printk(KERN_ERR "Error adding new key_tfm to list; "
1885 mutex_unlock(&key_tfm_list_mutex); 1906 "rc = [%d]\n", rc);
1886 goto out; 1907 goto out;
1887 } 1908 }
1888 } 1909 }
1889 mutex_unlock(&key_tfm_list_mutex); 1910 mutex_unlock(&key_tfm_list_mutex);
1890 rc = ecryptfs_add_new_key_tfm(&key_tfm, cipher_name, 0);
1891 if (rc) {
1892 printk(KERN_ERR "Error adding new key_tfm to list; rc = [%d]\n",
1893 rc);
1894 goto out;
1895 }
1896 (*tfm) = key_tfm->key_tfm; 1911 (*tfm) = key_tfm->key_tfm;
1897 (*tfm_mutex) = &key_tfm->key_tfm_mutex; 1912 (*tfm_mutex) = &key_tfm->key_tfm_mutex;
1898out: 1913out:
diff --git a/fs/ecryptfs/dentry.c b/fs/ecryptfs/dentry.c
index cb20b964419f..841a032050a7 100644
--- a/fs/ecryptfs/dentry.c
+++ b/fs/ecryptfs/dentry.c
@@ -51,13 +51,13 @@ static int ecryptfs_d_revalidate(struct dentry *dentry, struct nameidata *nd)
51 51
52 if (!lower_dentry->d_op || !lower_dentry->d_op->d_revalidate) 52 if (!lower_dentry->d_op || !lower_dentry->d_op->d_revalidate)
53 goto out; 53 goto out;
54 dentry_save = nd->dentry; 54 dentry_save = nd->path.dentry;
55 vfsmount_save = nd->mnt; 55 vfsmount_save = nd->path.mnt;
56 nd->dentry = lower_dentry; 56 nd->path.dentry = lower_dentry;
57 nd->mnt = lower_mnt; 57 nd->path.mnt = lower_mnt;
58 rc = lower_dentry->d_op->d_revalidate(lower_dentry, nd); 58 rc = lower_dentry->d_op->d_revalidate(lower_dentry, nd);
59 nd->dentry = dentry_save; 59 nd->path.dentry = dentry_save;
60 nd->mnt = vfsmount_save; 60 nd->path.mnt = vfsmount_save;
61 if (dentry->d_inode) { 61 if (dentry->d_inode) {
62 struct inode *lower_inode = 62 struct inode *lower_inode =
63 ecryptfs_inode_to_lower(dentry->d_inode); 63 ecryptfs_inode_to_lower(dentry->d_inode);
diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h
index ce7a5d4aec36..5007f788da01 100644
--- a/fs/ecryptfs/ecryptfs_kernel.h
+++ b/fs/ecryptfs/ecryptfs_kernel.h
@@ -234,10 +234,11 @@ struct ecryptfs_crypt_stat {
234#define ECRYPTFS_KEY_VALID 0x00000080 234#define ECRYPTFS_KEY_VALID 0x00000080
235#define ECRYPTFS_METADATA_IN_XATTR 0x00000100 235#define ECRYPTFS_METADATA_IN_XATTR 0x00000100
236#define ECRYPTFS_VIEW_AS_ENCRYPTED 0x00000200 236#define ECRYPTFS_VIEW_AS_ENCRYPTED 0x00000200
237#define ECRYPTFS_KEY_SET 0x00000400
237 u32 flags; 238 u32 flags;
238 unsigned int file_version; 239 unsigned int file_version;
239 size_t iv_bytes; 240 size_t iv_bytes;
240 size_t num_header_extents_at_front; 241 size_t num_header_bytes_at_front;
241 size_t extent_size; /* Data extent size; default is 4096 */ 242 size_t extent_size; /* Data extent size; default is 4096 */
242 size_t key_size; 243 size_t key_size;
243 size_t extent_shift; 244 size_t extent_shift;
@@ -322,7 +323,6 @@ struct ecryptfs_key_tfm {
322 unsigned char cipher_name[ECRYPTFS_MAX_CIPHER_NAME_SIZE + 1]; 323 unsigned char cipher_name[ECRYPTFS_MAX_CIPHER_NAME_SIZE + 1];
323}; 324};
324 325
325extern struct list_head key_tfm_list;
326extern struct mutex key_tfm_list_mutex; 326extern struct mutex key_tfm_list_mutex;
327 327
328/** 328/**
@@ -521,11 +521,9 @@ extern struct kmem_cache *ecryptfs_file_info_cache;
521extern struct kmem_cache *ecryptfs_dentry_info_cache; 521extern struct kmem_cache *ecryptfs_dentry_info_cache;
522extern struct kmem_cache *ecryptfs_inode_info_cache; 522extern struct kmem_cache *ecryptfs_inode_info_cache;
523extern struct kmem_cache *ecryptfs_sb_info_cache; 523extern struct kmem_cache *ecryptfs_sb_info_cache;
524extern struct kmem_cache *ecryptfs_header_cache_0;
525extern struct kmem_cache *ecryptfs_header_cache_1; 524extern struct kmem_cache *ecryptfs_header_cache_1;
526extern struct kmem_cache *ecryptfs_header_cache_2; 525extern struct kmem_cache *ecryptfs_header_cache_2;
527extern struct kmem_cache *ecryptfs_xattr_cache; 526extern struct kmem_cache *ecryptfs_xattr_cache;
528extern struct kmem_cache *ecryptfs_lower_page_cache;
529extern struct kmem_cache *ecryptfs_key_record_cache; 527extern struct kmem_cache *ecryptfs_key_record_cache;
530extern struct kmem_cache *ecryptfs_key_sig_cache; 528extern struct kmem_cache *ecryptfs_key_sig_cache;
531extern struct kmem_cache *ecryptfs_global_auth_tok_cache; 529extern struct kmem_cache *ecryptfs_global_auth_tok_cache;
@@ -562,8 +560,8 @@ int ecryptfs_read_and_validate_header_region(char *data,
562 struct inode *ecryptfs_inode); 560 struct inode *ecryptfs_inode);
563int ecryptfs_read_and_validate_xattr_region(char *page_virt, 561int ecryptfs_read_and_validate_xattr_region(char *page_virt,
564 struct dentry *ecryptfs_dentry); 562 struct dentry *ecryptfs_dentry);
565u16 ecryptfs_code_for_cipher_string(struct ecryptfs_crypt_stat *crypt_stat); 563u8 ecryptfs_code_for_cipher_string(struct ecryptfs_crypt_stat *crypt_stat);
566int ecryptfs_cipher_code_to_string(char *str, u16 cipher_code); 564int ecryptfs_cipher_code_to_string(char *str, u8 cipher_code);
567void ecryptfs_set_default_sizes(struct ecryptfs_crypt_stat *crypt_stat); 565void ecryptfs_set_default_sizes(struct ecryptfs_crypt_stat *crypt_stat);
568int ecryptfs_generate_key_packet_set(char *dest_base, 566int ecryptfs_generate_key_packet_set(char *dest_base,
569 struct ecryptfs_crypt_stat *crypt_stat, 567 struct ecryptfs_crypt_stat *crypt_stat,
@@ -576,8 +574,6 @@ int ecryptfs_truncate(struct dentry *dentry, loff_t new_length);
576int ecryptfs_inode_test(struct inode *inode, void *candidate_lower_inode); 574int ecryptfs_inode_test(struct inode *inode, void *candidate_lower_inode);
577int ecryptfs_inode_set(struct inode *inode, void *lower_inode); 575int ecryptfs_inode_set(struct inode *inode, void *lower_inode);
578void ecryptfs_init_inode(struct inode *inode, struct inode *lower_inode); 576void ecryptfs_init_inode(struct inode *inode, struct inode *lower_inode);
579ssize_t ecryptfs_getxattr(struct dentry *dentry, const char *name, void *value,
580 size_t size);
581ssize_t 577ssize_t
582ecryptfs_getxattr_lower(struct dentry *lower_dentry, const char *name, 578ecryptfs_getxattr_lower(struct dentry *lower_dentry, const char *name,
583 void *value, size_t size); 579 void *value, size_t size);
@@ -623,6 +619,7 @@ ecryptfs_add_new_key_tfm(struct ecryptfs_key_tfm **key_tfm, char *cipher_name,
623 size_t key_size); 619 size_t key_size);
624int ecryptfs_init_crypto(void); 620int ecryptfs_init_crypto(void);
625int ecryptfs_destroy_crypto(void); 621int ecryptfs_destroy_crypto(void);
622int ecryptfs_tfm_exists(char *cipher_name, struct ecryptfs_key_tfm **key_tfm);
626int ecryptfs_get_tfm_and_mutex_for_cipher_name(struct crypto_blkcipher **tfm, 623int ecryptfs_get_tfm_and_mutex_for_cipher_name(struct crypto_blkcipher **tfm,
627 struct mutex **tfm_mutex, 624 struct mutex **tfm_mutex,
628 char *cipher_name); 625 char *cipher_name);
@@ -631,8 +628,6 @@ int ecryptfs_keyring_auth_tok_for_sig(struct key **auth_tok_key,
631 char *sig); 628 char *sig);
632int ecryptfs_write_zeros(struct file *file, pgoff_t index, int start, 629int ecryptfs_write_zeros(struct file *file, pgoff_t index, int start,
633 int num_zeros); 630 int num_zeros);
634void ecryptfs_lower_offset_for_extent(loff_t *offset, loff_t extent_num,
635 struct ecryptfs_crypt_stat *crypt_stat);
636int ecryptfs_write_lower(struct inode *ecryptfs_inode, char *data, 631int ecryptfs_write_lower(struct inode *ecryptfs_inode, char *data,
637 loff_t offset, size_t size); 632 loff_t offset, size_t size);
638int ecryptfs_write_lower_page_segment(struct inode *ecryptfs_inode, 633int ecryptfs_write_lower_page_segment(struct inode *ecryptfs_inode,
@@ -646,8 +641,6 @@ int ecryptfs_read_lower_page_segment(struct page *page_for_ecryptfs,
646 pgoff_t page_index, 641 pgoff_t page_index,
647 size_t offset_in_page, size_t size, 642 size_t offset_in_page, size_t size,
648 struct inode *ecryptfs_inode); 643 struct inode *ecryptfs_inode);
649int ecryptfs_read(char *data, loff_t offset, size_t size,
650 struct file *ecryptfs_file);
651struct page *ecryptfs_get_locked_page(struct file *file, loff_t index); 644struct page *ecryptfs_get_locked_page(struct file *file, loff_t index);
652 645
653#endif /* #ifndef ECRYPTFS_KERNEL_H */ 646#endif /* #ifndef ECRYPTFS_KERNEL_H */
diff --git a/fs/ecryptfs/file.c b/fs/ecryptfs/file.c
index c98c4690a771..2b8f5ed4adea 100644
--- a/fs/ecryptfs/file.c
+++ b/fs/ecryptfs/file.c
@@ -209,9 +209,10 @@ static int ecryptfs_open(struct inode *inode, struct file *file)
209 if (!(mount_crypt_stat->flags 209 if (!(mount_crypt_stat->flags
210 & ECRYPTFS_PLAINTEXT_PASSTHROUGH_ENABLED)) { 210 & ECRYPTFS_PLAINTEXT_PASSTHROUGH_ENABLED)) {
211 rc = -EIO; 211 rc = -EIO;
212 printk(KERN_WARNING "Attempt to read file that " 212 printk(KERN_WARNING "Either the lower file "
213 "is not in a valid eCryptfs format, " 213 "is not in a valid eCryptfs format, "
214 "and plaintext passthrough mode is not " 214 "or the key could not be retrieved. "
215 "Plaintext passthrough mode is not "
215 "enabled; returning -EIO\n"); 216 "enabled; returning -EIO\n");
216 mutex_unlock(&crypt_stat->cs_mutex); 217 mutex_unlock(&crypt_stat->cs_mutex);
217 goto out_free; 218 goto out_free;
diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c
index 5a719180983c..e23861152101 100644
--- a/fs/ecryptfs/inode.c
+++ b/fs/ecryptfs/inode.c
@@ -77,13 +77,13 @@ ecryptfs_create_underlying_file(struct inode *lower_dir_inode,
77 struct vfsmount *vfsmount_save; 77 struct vfsmount *vfsmount_save;
78 int rc; 78 int rc;
79 79
80 dentry_save = nd->dentry; 80 dentry_save = nd->path.dentry;
81 vfsmount_save = nd->mnt; 81 vfsmount_save = nd->path.mnt;
82 nd->dentry = lower_dentry; 82 nd->path.dentry = lower_dentry;
83 nd->mnt = lower_mnt; 83 nd->path.mnt = lower_mnt;
84 rc = vfs_create(lower_dir_inode, lower_dentry, mode, nd); 84 rc = vfs_create(lower_dir_inode, lower_dentry, mode, nd);
85 nd->dentry = dentry_save; 85 nd->path.dentry = dentry_save;
86 nd->mnt = vfsmount_save; 86 nd->path.mnt = vfsmount_save;
87 return rc; 87 return rc;
88} 88}
89 89
@@ -365,8 +365,7 @@ static struct dentry *ecryptfs_lookup(struct inode *dir, struct dentry *dentry,
365 dentry->d_sb)->mount_crypt_stat; 365 dentry->d_sb)->mount_crypt_stat;
366 if (mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED) { 366 if (mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED) {
367 if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR) 367 if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR)
368 file_size = ((crypt_stat->extent_size 368 file_size = (crypt_stat->num_header_bytes_at_front
369 * crypt_stat->num_header_extents_at_front)
370 + i_size_read(lower_dentry->d_inode)); 369 + i_size_read(lower_dentry->d_inode));
371 else 370 else
372 file_size = i_size_read(lower_dentry->d_inode); 371 file_size = i_size_read(lower_dentry->d_inode);
@@ -685,7 +684,7 @@ ecryptfs_put_link(struct dentry *dentry, struct nameidata *nd, void *ptr)
685 * @crypt_stat: Crypt_stat associated with file 684 * @crypt_stat: Crypt_stat associated with file
686 * @upper_size: Size of the upper file 685 * @upper_size: Size of the upper file
687 * 686 *
688 * Calculate the requried size of the lower file based on the 687 * Calculate the required size of the lower file based on the
689 * specified size of the upper file. This calculation is based on the 688 * specified size of the upper file. This calculation is based on the
690 * number of headers in the underlying file and the extent size. 689 * number of headers in the underlying file and the extent size.
691 * 690 *
@@ -697,8 +696,7 @@ upper_size_to_lower_size(struct ecryptfs_crypt_stat *crypt_stat,
697{ 696{
698 loff_t lower_size; 697 loff_t lower_size;
699 698
700 lower_size = (crypt_stat->extent_size 699 lower_size = crypt_stat->num_header_bytes_at_front;
701 * crypt_stat->num_header_extents_at_front);
702 if (upper_size != 0) { 700 if (upper_size != 0) {
703 loff_t num_extents; 701 loff_t num_extents;
704 702
@@ -821,14 +819,14 @@ ecryptfs_permission(struct inode *inode, int mask, struct nameidata *nd)
821 int rc; 819 int rc;
822 820
823 if (nd) { 821 if (nd) {
824 struct vfsmount *vfsmnt_save = nd->mnt; 822 struct vfsmount *vfsmnt_save = nd->path.mnt;
825 struct dentry *dentry_save = nd->dentry; 823 struct dentry *dentry_save = nd->path.dentry;
826 824
827 nd->mnt = ecryptfs_dentry_to_lower_mnt(nd->dentry); 825 nd->path.mnt = ecryptfs_dentry_to_lower_mnt(nd->path.dentry);
828 nd->dentry = ecryptfs_dentry_to_lower(nd->dentry); 826 nd->path.dentry = ecryptfs_dentry_to_lower(nd->path.dentry);
829 rc = permission(ecryptfs_inode_to_lower(inode), mask, nd); 827 rc = permission(ecryptfs_inode_to_lower(inode), mask, nd);
830 nd->mnt = vfsmnt_save; 828 nd->path.mnt = vfsmnt_save;
831 nd->dentry = dentry_save; 829 nd->path.dentry = dentry_save;
832 } else 830 } else
833 rc = permission(ecryptfs_inode_to_lower(inode), mask, NULL); 831 rc = permission(ecryptfs_inode_to_lower(inode), mask, NULL);
834 return rc; 832 return rc;
@@ -875,11 +873,11 @@ static int ecryptfs_setattr(struct dentry *dentry, struct iattr *ia)
875 if (!(mount_crypt_stat->flags 873 if (!(mount_crypt_stat->flags
876 & ECRYPTFS_PLAINTEXT_PASSTHROUGH_ENABLED)) { 874 & ECRYPTFS_PLAINTEXT_PASSTHROUGH_ENABLED)) {
877 rc = -EIO; 875 rc = -EIO;
878 printk(KERN_WARNING "Attempt to read file that " 876 printk(KERN_WARNING "Either the lower file "
879 "is not in a valid eCryptfs format, " 877 "is not in a valid eCryptfs format, "
880 "and plaintext passthrough mode is not " 878 "or the key could not be retrieved. "
879 "Plaintext passthrough mode is not "
881 "enabled; returning -EIO\n"); 880 "enabled; returning -EIO\n");
882
883 mutex_unlock(&crypt_stat->cs_mutex); 881 mutex_unlock(&crypt_stat->cs_mutex);
884 goto out; 882 goto out;
885 } 883 }
@@ -954,7 +952,7 @@ out:
954 return rc; 952 return rc;
955} 953}
956 954
957ssize_t 955static ssize_t
958ecryptfs_getxattr(struct dentry *dentry, const char *name, void *value, 956ecryptfs_getxattr(struct dentry *dentry, const char *name, void *value,
959 size_t size) 957 size_t size)
960{ 958{
diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c
index f458c1f35565..682b1b2482c2 100644
--- a/fs/ecryptfs/keystore.c
+++ b/fs/ecryptfs/keystore.c
@@ -189,7 +189,7 @@ out:
189} 189}
190 190
191static int 191static int
192parse_tag_65_packet(struct ecryptfs_session_key *session_key, u16 *cipher_code, 192parse_tag_65_packet(struct ecryptfs_session_key *session_key, u8 *cipher_code,
193 struct ecryptfs_message *msg) 193 struct ecryptfs_message *msg)
194{ 194{
195 size_t i = 0; 195 size_t i = 0;
@@ -275,7 +275,7 @@ out:
275 275
276 276
277static int 277static int
278write_tag_66_packet(char *signature, size_t cipher_code, 278write_tag_66_packet(char *signature, u8 cipher_code,
279 struct ecryptfs_crypt_stat *crypt_stat, char **packet, 279 struct ecryptfs_crypt_stat *crypt_stat, char **packet,
280 size_t *packet_len) 280 size_t *packet_len)
281{ 281{
@@ -428,7 +428,7 @@ static int
428decrypt_pki_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok, 428decrypt_pki_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
429 struct ecryptfs_crypt_stat *crypt_stat) 429 struct ecryptfs_crypt_stat *crypt_stat)
430{ 430{
431 u16 cipher_code = 0; 431 u8 cipher_code = 0;
432 struct ecryptfs_msg_ctx *msg_ctx; 432 struct ecryptfs_msg_ctx *msg_ctx;
433 struct ecryptfs_message *msg = NULL; 433 struct ecryptfs_message *msg = NULL;
434 char *auth_tok_sig; 434 char *auth_tok_sig;
@@ -1537,7 +1537,7 @@ write_tag_3_packet(char *dest, size_t *remaining_bytes,
1537 struct scatterlist dst_sg; 1537 struct scatterlist dst_sg;
1538 struct scatterlist src_sg; 1538 struct scatterlist src_sg;
1539 struct mutex *tfm_mutex = NULL; 1539 struct mutex *tfm_mutex = NULL;
1540 size_t cipher_code; 1540 u8 cipher_code;
1541 size_t packet_size_length; 1541 size_t packet_size_length;
1542 size_t max_packet_size; 1542 size_t max_packet_size;
1543 struct ecryptfs_mount_crypt_stat *mount_crypt_stat = 1543 struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c
index 0249aa4ae181..d25ac9500a92 100644
--- a/fs/ecryptfs/main.c
+++ b/fs/ecryptfs/main.c
@@ -117,7 +117,7 @@ void __ecryptfs_printk(const char *fmt, ...)
117 * 117 *
118 * Returns zero on success; non-zero otherwise 118 * Returns zero on success; non-zero otherwise
119 */ 119 */
120int ecryptfs_init_persistent_file(struct dentry *ecryptfs_dentry) 120static int ecryptfs_init_persistent_file(struct dentry *ecryptfs_dentry)
121{ 121{
122 struct ecryptfs_inode_info *inode_info = 122 struct ecryptfs_inode_info *inode_info =
123 ecryptfs_inode_to_private(ecryptfs_dentry->d_inode); 123 ecryptfs_inode_to_private(ecryptfs_dentry->d_inode);
@@ -226,17 +226,15 @@ out:
226 return rc; 226 return rc;
227} 227}
228 228
229enum { ecryptfs_opt_sig, ecryptfs_opt_ecryptfs_sig, ecryptfs_opt_debug, 229enum { ecryptfs_opt_sig, ecryptfs_opt_ecryptfs_sig,
230 ecryptfs_opt_ecryptfs_debug, ecryptfs_opt_cipher, 230 ecryptfs_opt_cipher, ecryptfs_opt_ecryptfs_cipher,
231 ecryptfs_opt_ecryptfs_cipher, ecryptfs_opt_ecryptfs_key_bytes, 231 ecryptfs_opt_ecryptfs_key_bytes,
232 ecryptfs_opt_passthrough, ecryptfs_opt_xattr_metadata, 232 ecryptfs_opt_passthrough, ecryptfs_opt_xattr_metadata,
233 ecryptfs_opt_encrypted_view, ecryptfs_opt_err }; 233 ecryptfs_opt_encrypted_view, ecryptfs_opt_err };
234 234
235static match_table_t tokens = { 235static match_table_t tokens = {
236 {ecryptfs_opt_sig, "sig=%s"}, 236 {ecryptfs_opt_sig, "sig=%s"},
237 {ecryptfs_opt_ecryptfs_sig, "ecryptfs_sig=%s"}, 237 {ecryptfs_opt_ecryptfs_sig, "ecryptfs_sig=%s"},
238 {ecryptfs_opt_debug, "debug=%u"},
239 {ecryptfs_opt_ecryptfs_debug, "ecryptfs_debug=%u"},
240 {ecryptfs_opt_cipher, "cipher=%s"}, 238 {ecryptfs_opt_cipher, "cipher=%s"},
241 {ecryptfs_opt_ecryptfs_cipher, "ecryptfs_cipher=%s"}, 239 {ecryptfs_opt_ecryptfs_cipher, "ecryptfs_cipher=%s"},
242 {ecryptfs_opt_ecryptfs_key_bytes, "ecryptfs_key_bytes=%u"}, 240 {ecryptfs_opt_ecryptfs_key_bytes, "ecryptfs_key_bytes=%u"},
@@ -313,7 +311,6 @@ static int ecryptfs_parse_options(struct super_block *sb, char *options)
313 substring_t args[MAX_OPT_ARGS]; 311 substring_t args[MAX_OPT_ARGS];
314 int token; 312 int token;
315 char *sig_src; 313 char *sig_src;
316 char *debug_src;
317 char *cipher_name_dst; 314 char *cipher_name_dst;
318 char *cipher_name_src; 315 char *cipher_name_src;
319 char *cipher_key_bytes_src; 316 char *cipher_key_bytes_src;
@@ -341,16 +338,6 @@ static int ecryptfs_parse_options(struct super_block *sb, char *options)
341 } 338 }
342 sig_set = 1; 339 sig_set = 1;
343 break; 340 break;
344 case ecryptfs_opt_debug:
345 case ecryptfs_opt_ecryptfs_debug:
346 debug_src = args[0].from;
347 ecryptfs_verbosity =
348 (int)simple_strtol(debug_src, &debug_src,
349 0);
350 ecryptfs_printk(KERN_DEBUG,
351 "Verbosity set to [%d]" "\n",
352 ecryptfs_verbosity);
353 break;
354 case ecryptfs_opt_cipher: 341 case ecryptfs_opt_cipher:
355 case ecryptfs_opt_ecryptfs_cipher: 342 case ecryptfs_opt_ecryptfs_cipher:
356 cipher_name_src = args[0].from; 343 cipher_name_src = args[0].from;
@@ -423,9 +410,13 @@ static int ecryptfs_parse_options(struct super_block *sb, char *options)
423 if (!cipher_key_bytes_set) { 410 if (!cipher_key_bytes_set) {
424 mount_crypt_stat->global_default_cipher_key_size = 0; 411 mount_crypt_stat->global_default_cipher_key_size = 0;
425 } 412 }
426 rc = ecryptfs_add_new_key_tfm( 413 mutex_lock(&key_tfm_list_mutex);
427 NULL, mount_crypt_stat->global_default_cipher_name, 414 if (!ecryptfs_tfm_exists(mount_crypt_stat->global_default_cipher_name,
428 mount_crypt_stat->global_default_cipher_key_size); 415 NULL))
416 rc = ecryptfs_add_new_key_tfm(
417 NULL, mount_crypt_stat->global_default_cipher_name,
418 mount_crypt_stat->global_default_cipher_key_size);
419 mutex_unlock(&key_tfm_list_mutex);
429 if (rc) { 420 if (rc) {
430 printk(KERN_ERR "Error attempting to initialize cipher with " 421 printk(KERN_ERR "Error attempting to initialize cipher with "
431 "name = [%s] and key size = [%td]; rc = [%d]\n", 422 "name = [%s] and key size = [%td]; rc = [%d]\n",
@@ -522,8 +513,8 @@ static int ecryptfs_read_super(struct super_block *sb, const char *dev_name)
522 ecryptfs_printk(KERN_WARNING, "path_lookup() failed\n"); 513 ecryptfs_printk(KERN_WARNING, "path_lookup() failed\n");
523 goto out; 514 goto out;
524 } 515 }
525 lower_root = nd.dentry; 516 lower_root = nd.path.dentry;
526 lower_mnt = nd.mnt; 517 lower_mnt = nd.path.mnt;
527 ecryptfs_set_superblock_lower(sb, lower_root->d_sb); 518 ecryptfs_set_superblock_lower(sb, lower_root->d_sb);
528 sb->s_maxbytes = lower_root->d_sb->s_maxbytes; 519 sb->s_maxbytes = lower_root->d_sb->s_maxbytes;
529 sb->s_blocksize = lower_root->d_sb->s_blocksize; 520 sb->s_blocksize = lower_root->d_sb->s_blocksize;
@@ -535,7 +526,7 @@ static int ecryptfs_read_super(struct super_block *sb, const char *dev_name)
535 rc = 0; 526 rc = 0;
536 goto out; 527 goto out;
537out_free: 528out_free:
538 path_release(&nd); 529 path_put(&nd.path);
539out: 530out:
540 return rc; 531 return rc;
541} 532}
@@ -654,11 +645,6 @@ static struct ecryptfs_cache_info {
654 .size = sizeof(struct ecryptfs_sb_info), 645 .size = sizeof(struct ecryptfs_sb_info),
655 }, 646 },
656 { 647 {
657 .cache = &ecryptfs_header_cache_0,
658 .name = "ecryptfs_headers_0",
659 .size = PAGE_CACHE_SIZE,
660 },
661 {
662 .cache = &ecryptfs_header_cache_1, 648 .cache = &ecryptfs_header_cache_1,
663 .name = "ecryptfs_headers_1", 649 .name = "ecryptfs_headers_1",
664 .size = PAGE_CACHE_SIZE, 650 .size = PAGE_CACHE_SIZE,
@@ -821,6 +807,10 @@ static int __init ecryptfs_init(void)
821 "rc = [%d]\n", rc); 807 "rc = [%d]\n", rc);
822 goto out_release_messaging; 808 goto out_release_messaging;
823 } 809 }
810 if (ecryptfs_verbosity > 0)
811 printk(KERN_CRIT "eCryptfs verbosity set to %d. Secret values "
812 "will be written to the syslog!\n", ecryptfs_verbosity);
813
824 goto out; 814 goto out;
825out_release_messaging: 815out_release_messaging:
826 ecryptfs_release_messaging(ecryptfs_transport); 816 ecryptfs_release_messaging(ecryptfs_transport);
diff --git a/fs/ecryptfs/mmap.c b/fs/ecryptfs/mmap.c
index 32c5711d79a3..dc74b186145d 100644
--- a/fs/ecryptfs/mmap.c
+++ b/fs/ecryptfs/mmap.c
@@ -34,8 +34,6 @@
34#include <linux/scatterlist.h> 34#include <linux/scatterlist.h>
35#include "ecryptfs_kernel.h" 35#include "ecryptfs_kernel.h"
36 36
37struct kmem_cache *ecryptfs_lower_page_cache;
38
39/** 37/**
40 * ecryptfs_get_locked_page 38 * ecryptfs_get_locked_page
41 * 39 *
@@ -102,13 +100,14 @@ static void set_header_info(char *page_virt,
102 struct ecryptfs_crypt_stat *crypt_stat) 100 struct ecryptfs_crypt_stat *crypt_stat)
103{ 101{
104 size_t written; 102 size_t written;
105 int save_num_header_extents_at_front = 103 size_t save_num_header_bytes_at_front =
106 crypt_stat->num_header_extents_at_front; 104 crypt_stat->num_header_bytes_at_front;
107 105
108 crypt_stat->num_header_extents_at_front = 1; 106 crypt_stat->num_header_bytes_at_front =
107 ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE;
109 ecryptfs_write_header_metadata(page_virt + 20, crypt_stat, &written); 108 ecryptfs_write_header_metadata(page_virt + 20, crypt_stat, &written);
110 crypt_stat->num_header_extents_at_front = 109 crypt_stat->num_header_bytes_at_front =
111 save_num_header_extents_at_front; 110 save_num_header_bytes_at_front;
112} 111}
113 112
114/** 113/**
@@ -134,8 +133,11 @@ ecryptfs_copy_up_encrypted_with_header(struct page *page,
134 loff_t view_extent_num = ((((loff_t)page->index) 133 loff_t view_extent_num = ((((loff_t)page->index)
135 * num_extents_per_page) 134 * num_extents_per_page)
136 + extent_num_in_page); 135 + extent_num_in_page);
136 size_t num_header_extents_at_front =
137 (crypt_stat->num_header_bytes_at_front
138 / crypt_stat->extent_size);
137 139
138 if (view_extent_num < crypt_stat->num_header_extents_at_front) { 140 if (view_extent_num < num_header_extents_at_front) {
139 /* This is a header extent */ 141 /* This is a header extent */
140 char *page_virt; 142 char *page_virt;
141 143
@@ -157,9 +159,8 @@ ecryptfs_copy_up_encrypted_with_header(struct page *page,
157 } else { 159 } else {
158 /* This is an encrypted data extent */ 160 /* This is an encrypted data extent */
159 loff_t lower_offset = 161 loff_t lower_offset =
160 ((view_extent_num - 162 ((view_extent_num * crypt_stat->extent_size)
161 crypt_stat->num_header_extents_at_front) 163 - crypt_stat->num_header_bytes_at_front);
162 * crypt_stat->extent_size);
163 164
164 rc = ecryptfs_read_lower_page_segment( 165 rc = ecryptfs_read_lower_page_segment(
165 page, (lower_offset >> PAGE_CACHE_SHIFT), 166 page, (lower_offset >> PAGE_CACHE_SHIFT),
@@ -257,8 +258,7 @@ static int fill_zeros_to_end_of_page(struct page *page, unsigned int to)
257 end_byte_in_page = i_size_read(inode) % PAGE_CACHE_SIZE; 258 end_byte_in_page = i_size_read(inode) % PAGE_CACHE_SIZE;
258 if (to > end_byte_in_page) 259 if (to > end_byte_in_page)
259 end_byte_in_page = to; 260 end_byte_in_page = to;
260 zero_user_page(page, end_byte_in_page, 261 zero_user_segment(page, end_byte_in_page, PAGE_CACHE_SIZE);
261 PAGE_CACHE_SIZE - end_byte_in_page, KM_USER0);
262out: 262out:
263 return 0; 263 return 0;
264} 264}
@@ -307,7 +307,7 @@ static int ecryptfs_prepare_write(struct file *file, struct page *page,
307 */ 307 */
308 if ((i_size_read(page->mapping->host) == prev_page_end_size) && 308 if ((i_size_read(page->mapping->host) == prev_page_end_size) &&
309 (from != 0)) { 309 (from != 0)) {
310 zero_user_page(page, 0, PAGE_CACHE_SIZE, KM_USER0); 310 zero_user(page, 0, PAGE_CACHE_SIZE);
311 } 311 }
312out: 312out:
313 return rc; 313 return rc;
diff --git a/fs/ecryptfs/read_write.c b/fs/ecryptfs/read_write.c
index 948f57624c05..0c4928623bbc 100644
--- a/fs/ecryptfs/read_write.c
+++ b/fs/ecryptfs/read_write.c
@@ -293,6 +293,7 @@ int ecryptfs_read_lower_page_segment(struct page *page_for_ecryptfs,
293 return rc; 293 return rc;
294} 294}
295 295
296#if 0
296/** 297/**
297 * ecryptfs_read 298 * ecryptfs_read
298 * @data: The virtual address into which to write the data read (and 299 * @data: The virtual address into which to write the data read (and
@@ -371,3 +372,4 @@ int ecryptfs_read(char *data, loff_t offset, size_t size,
371out: 372out:
372 return rc; 373 return rc;
373} 374}
375#endif /* 0 */
diff --git a/fs/ecryptfs/super.c b/fs/ecryptfs/super.c
index 4859c4eecd65..c27ac2b358a1 100644
--- a/fs/ecryptfs/super.c
+++ b/fs/ecryptfs/super.c
@@ -156,32 +156,38 @@ static void ecryptfs_clear_inode(struct inode *inode)
156/** 156/**
157 * ecryptfs_show_options 157 * ecryptfs_show_options
158 * 158 *
159 * Prints the directory we are currently mounted over. 159 * Prints the mount options for a given superblock.
160 * Returns zero on success; non-zero otherwise 160 * Returns zero; does not fail.
161 */ 161 */
162static int ecryptfs_show_options(struct seq_file *m, struct vfsmount *mnt) 162static int ecryptfs_show_options(struct seq_file *m, struct vfsmount *mnt)
163{ 163{
164 struct super_block *sb = mnt->mnt_sb; 164 struct super_block *sb = mnt->mnt_sb;
165 struct dentry *lower_root_dentry = ecryptfs_dentry_to_lower(sb->s_root); 165 struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
166 struct vfsmount *lower_mnt = ecryptfs_dentry_to_lower_mnt(sb->s_root); 166 &ecryptfs_superblock_to_private(sb)->mount_crypt_stat;
167 char *tmp_page; 167 struct ecryptfs_global_auth_tok *walker;
168 char *path; 168
169 int rc = 0; 169 mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex);
170 170 list_for_each_entry(walker,
171 tmp_page = (char *)__get_free_page(GFP_KERNEL); 171 &mount_crypt_stat->global_auth_tok_list,
172 if (!tmp_page) { 172 mount_crypt_stat_list) {
173 rc = -ENOMEM; 173 seq_printf(m, ",ecryptfs_sig=%s", walker->sig);
174 goto out;
175 }
176 path = d_path(lower_root_dentry, lower_mnt, tmp_page, PAGE_SIZE);
177 if (IS_ERR(path)) {
178 rc = PTR_ERR(path);
179 goto out;
180 } 174 }
181 seq_printf(m, ",dir=%s", path); 175 mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex);
182 free_page((unsigned long)tmp_page); 176
183out: 177 seq_printf(m, ",ecryptfs_cipher=%s",
184 return rc; 178 mount_crypt_stat->global_default_cipher_name);
179
180 if (mount_crypt_stat->global_default_cipher_key_size)
181 seq_printf(m, ",ecryptfs_key_bytes=%zd",
182 mount_crypt_stat->global_default_cipher_key_size);
183 if (mount_crypt_stat->flags & ECRYPTFS_PLAINTEXT_PASSTHROUGH_ENABLED)
184 seq_printf(m, ",ecryptfs_passthrough");
185 if (mount_crypt_stat->flags & ECRYPTFS_XATTR_METADATA_ENABLED)
186 seq_printf(m, ",ecryptfs_xattr_metadata");
187 if (mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED)
188 seq_printf(m, ",ecryptfs_encrypted_view");
189
190 return 0;
185} 191}
186 192
187const struct super_operations ecryptfs_sops = { 193const struct super_operations ecryptfs_sops = {