diff options
Diffstat (limited to 'fs/ecryptfs')
-rw-r--r-- | fs/ecryptfs/crypto.c | 191 | ||||
-rw-r--r-- | fs/ecryptfs/dentry.c | 12 | ||||
-rw-r--r-- | fs/ecryptfs/ecryptfs_kernel.h | 17 | ||||
-rw-r--r-- | fs/ecryptfs/file.c | 5 | ||||
-rw-r--r-- | fs/ecryptfs/inode.c | 40 | ||||
-rw-r--r-- | fs/ecryptfs/keystore.c | 8 | ||||
-rw-r--r-- | fs/ecryptfs/main.c | 46 | ||||
-rw-r--r-- | fs/ecryptfs/mmap.c | 28 | ||||
-rw-r--r-- | fs/ecryptfs/read_write.c | 2 | ||||
-rw-r--r-- | fs/ecryptfs/super.c | 48 |
10 files changed, 201 insertions, 196 deletions
diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c index f8ef0af919e7..a066e109ad9c 100644 --- a/fs/ecryptfs/crypto.c +++ b/fs/ecryptfs/crypto.c | |||
@@ -355,8 +355,11 @@ static int encrypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat, | |||
355 | } | 355 | } |
356 | /* Consider doing this once, when the file is opened */ | 356 | /* Consider doing this once, when the file is opened */ |
357 | mutex_lock(&crypt_stat->cs_tfm_mutex); | 357 | mutex_lock(&crypt_stat->cs_tfm_mutex); |
358 | rc = crypto_blkcipher_setkey(crypt_stat->tfm, crypt_stat->key, | 358 | if (!(crypt_stat->flags & ECRYPTFS_KEY_SET)) { |
359 | crypt_stat->key_size); | 359 | rc = crypto_blkcipher_setkey(crypt_stat->tfm, crypt_stat->key, |
360 | crypt_stat->key_size); | ||
361 | crypt_stat->flags |= ECRYPTFS_KEY_SET; | ||
362 | } | ||
360 | if (rc) { | 363 | if (rc) { |
361 | ecryptfs_printk(KERN_ERR, "Error setting key; rc = [%d]\n", | 364 | ecryptfs_printk(KERN_ERR, "Error setting key; rc = [%d]\n", |
362 | rc); | 365 | rc); |
@@ -376,11 +379,10 @@ out: | |||
376 | * | 379 | * |
377 | * Convert an eCryptfs page index into a lower byte offset | 380 | * Convert an eCryptfs page index into a lower byte offset |
378 | */ | 381 | */ |
379 | void ecryptfs_lower_offset_for_extent(loff_t *offset, loff_t extent_num, | 382 | static void ecryptfs_lower_offset_for_extent(loff_t *offset, loff_t extent_num, |
380 | struct ecryptfs_crypt_stat *crypt_stat) | 383 | struct ecryptfs_crypt_stat *crypt_stat) |
381 | { | 384 | { |
382 | (*offset) = ((crypt_stat->extent_size | 385 | (*offset) = (crypt_stat->num_header_bytes_at_front |
383 | * crypt_stat->num_header_extents_at_front) | ||
384 | + (crypt_stat->extent_size * extent_num)); | 386 | + (crypt_stat->extent_size * extent_num)); |
385 | } | 387 | } |
386 | 388 | ||
@@ -842,15 +844,13 @@ void ecryptfs_set_default_sizes(struct ecryptfs_crypt_stat *crypt_stat) | |||
842 | set_extent_mask_and_shift(crypt_stat); | 844 | set_extent_mask_and_shift(crypt_stat); |
843 | crypt_stat->iv_bytes = ECRYPTFS_DEFAULT_IV_BYTES; | 845 | crypt_stat->iv_bytes = ECRYPTFS_DEFAULT_IV_BYTES; |
844 | if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR) | 846 | if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR) |
845 | crypt_stat->num_header_extents_at_front = 0; | 847 | crypt_stat->num_header_bytes_at_front = 0; |
846 | else { | 848 | else { |
847 | if (PAGE_CACHE_SIZE <= ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE) | 849 | if (PAGE_CACHE_SIZE <= ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE) |
848 | crypt_stat->num_header_extents_at_front = | 850 | crypt_stat->num_header_bytes_at_front = |
849 | (ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE | 851 | ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE; |
850 | / crypt_stat->extent_size); | ||
851 | else | 852 | else |
852 | crypt_stat->num_header_extents_at_front = | 853 | crypt_stat->num_header_bytes_at_front = PAGE_CACHE_SIZE; |
853 | (PAGE_CACHE_SIZE / crypt_stat->extent_size); | ||
854 | } | 854 | } |
855 | } | 855 | } |
856 | 856 | ||
@@ -1128,7 +1128,7 @@ write_ecryptfs_flags(char *page_virt, struct ecryptfs_crypt_stat *crypt_stat, | |||
1128 | 1128 | ||
1129 | struct ecryptfs_cipher_code_str_map_elem { | 1129 | struct ecryptfs_cipher_code_str_map_elem { |
1130 | char cipher_str[16]; | 1130 | char cipher_str[16]; |
1131 | u16 cipher_code; | 1131 | u8 cipher_code; |
1132 | }; | 1132 | }; |
1133 | 1133 | ||
1134 | /* Add support for additional ciphers by adding elements here. The | 1134 | /* Add support for additional ciphers by adding elements here. The |
@@ -1152,10 +1152,10 @@ ecryptfs_cipher_code_str_map[] = { | |||
1152 | * | 1152 | * |
1153 | * Returns zero on no match, or the cipher code on match | 1153 | * Returns zero on no match, or the cipher code on match |
1154 | */ | 1154 | */ |
1155 | u16 ecryptfs_code_for_cipher_string(struct ecryptfs_crypt_stat *crypt_stat) | 1155 | u8 ecryptfs_code_for_cipher_string(struct ecryptfs_crypt_stat *crypt_stat) |
1156 | { | 1156 | { |
1157 | int i; | 1157 | int i; |
1158 | u16 code = 0; | 1158 | u8 code = 0; |
1159 | struct ecryptfs_cipher_code_str_map_elem *map = | 1159 | struct ecryptfs_cipher_code_str_map_elem *map = |
1160 | ecryptfs_cipher_code_str_map; | 1160 | ecryptfs_cipher_code_str_map; |
1161 | 1161 | ||
@@ -1187,7 +1187,7 @@ u16 ecryptfs_code_for_cipher_string(struct ecryptfs_crypt_stat *crypt_stat) | |||
1187 | * | 1187 | * |
1188 | * Returns zero on success | 1188 | * Returns zero on success |
1189 | */ | 1189 | */ |
1190 | int ecryptfs_cipher_code_to_string(char *str, u16 cipher_code) | 1190 | int ecryptfs_cipher_code_to_string(char *str, u8 cipher_code) |
1191 | { | 1191 | { |
1192 | int rc = 0; | 1192 | int rc = 0; |
1193 | int i; | 1193 | int i; |
@@ -1236,7 +1236,8 @@ ecryptfs_write_header_metadata(char *virt, | |||
1236 | 1236 | ||
1237 | header_extent_size = (u32)crypt_stat->extent_size; | 1237 | header_extent_size = (u32)crypt_stat->extent_size; |
1238 | num_header_extents_at_front = | 1238 | num_header_extents_at_front = |
1239 | (u16)crypt_stat->num_header_extents_at_front; | 1239 | (u16)(crypt_stat->num_header_bytes_at_front |
1240 | / crypt_stat->extent_size); | ||
1240 | header_extent_size = cpu_to_be32(header_extent_size); | 1241 | header_extent_size = cpu_to_be32(header_extent_size); |
1241 | memcpy(virt, &header_extent_size, 4); | 1242 | memcpy(virt, &header_extent_size, 4); |
1242 | virt += 4; | 1243 | virt += 4; |
@@ -1311,40 +1312,16 @@ static int ecryptfs_write_headers_virt(char *page_virt, size_t *size, | |||
1311 | static int | 1312 | static int |
1312 | ecryptfs_write_metadata_to_contents(struct ecryptfs_crypt_stat *crypt_stat, | 1313 | ecryptfs_write_metadata_to_contents(struct ecryptfs_crypt_stat *crypt_stat, |
1313 | struct dentry *ecryptfs_dentry, | 1314 | struct dentry *ecryptfs_dentry, |
1314 | char *page_virt) | 1315 | char *virt) |
1315 | { | 1316 | { |
1316 | int current_header_page; | ||
1317 | int header_pages; | ||
1318 | int rc; | 1317 | int rc; |
1319 | 1318 | ||
1320 | rc = ecryptfs_write_lower(ecryptfs_dentry->d_inode, page_virt, | 1319 | rc = ecryptfs_write_lower(ecryptfs_dentry->d_inode, virt, |
1321 | 0, PAGE_CACHE_SIZE); | 1320 | 0, crypt_stat->num_header_bytes_at_front); |
1322 | if (rc) { | 1321 | if (rc) |
1323 | printk(KERN_ERR "%s: Error attempting to write header " | 1322 | printk(KERN_ERR "%s: Error attempting to write header " |
1324 | "information to lower file; rc = [%d]\n", __FUNCTION__, | 1323 | "information to lower file; rc = [%d]\n", __FUNCTION__, |
1325 | rc); | 1324 | rc); |
1326 | goto out; | ||
1327 | } | ||
1328 | header_pages = ((crypt_stat->extent_size | ||
1329 | * crypt_stat->num_header_extents_at_front) | ||
1330 | / PAGE_CACHE_SIZE); | ||
1331 | memset(page_virt, 0, PAGE_CACHE_SIZE); | ||
1332 | current_header_page = 1; | ||
1333 | while (current_header_page < header_pages) { | ||
1334 | loff_t offset; | ||
1335 | |||
1336 | offset = (((loff_t)current_header_page) << PAGE_CACHE_SHIFT); | ||
1337 | if ((rc = ecryptfs_write_lower(ecryptfs_dentry->d_inode, | ||
1338 | page_virt, offset, | ||
1339 | PAGE_CACHE_SIZE))) { | ||
1340 | printk(KERN_ERR "%s: Error attempting to write header " | ||
1341 | "information to lower file; rc = [%d]\n", | ||
1342 | __FUNCTION__, rc); | ||
1343 | goto out; | ||
1344 | } | ||
1345 | current_header_page++; | ||
1346 | } | ||
1347 | out: | ||
1348 | return rc; | 1325 | return rc; |
1349 | } | 1326 | } |
1350 | 1327 | ||
@@ -1370,15 +1347,13 @@ ecryptfs_write_metadata_to_xattr(struct dentry *ecryptfs_dentry, | |||
1370 | * retrieved via a prompt. Exactly what happens at this point should | 1347 | * retrieved via a prompt. Exactly what happens at this point should |
1371 | * be policy-dependent. | 1348 | * be policy-dependent. |
1372 | * | 1349 | * |
1373 | * TODO: Support header information spanning multiple pages | ||
1374 | * | ||
1375 | * Returns zero on success; non-zero on error | 1350 | * Returns zero on success; non-zero on error |
1376 | */ | 1351 | */ |
1377 | int ecryptfs_write_metadata(struct dentry *ecryptfs_dentry) | 1352 | int ecryptfs_write_metadata(struct dentry *ecryptfs_dentry) |
1378 | { | 1353 | { |
1379 | struct ecryptfs_crypt_stat *crypt_stat = | 1354 | struct ecryptfs_crypt_stat *crypt_stat = |
1380 | &ecryptfs_inode_to_private(ecryptfs_dentry->d_inode)->crypt_stat; | 1355 | &ecryptfs_inode_to_private(ecryptfs_dentry->d_inode)->crypt_stat; |
1381 | char *page_virt; | 1356 | char *virt; |
1382 | size_t size = 0; | 1357 | size_t size = 0; |
1383 | int rc = 0; | 1358 | int rc = 0; |
1384 | 1359 | ||
@@ -1389,40 +1364,39 @@ int ecryptfs_write_metadata(struct dentry *ecryptfs_dentry) | |||
1389 | goto out; | 1364 | goto out; |
1390 | } | 1365 | } |
1391 | } else { | 1366 | } else { |
1367 | printk(KERN_WARNING "%s: Encrypted flag not set\n", | ||
1368 | __FUNCTION__); | ||
1392 | rc = -EINVAL; | 1369 | rc = -EINVAL; |
1393 | ecryptfs_printk(KERN_WARNING, | ||
1394 | "Called with crypt_stat->encrypted == 0\n"); | ||
1395 | goto out; | 1370 | goto out; |
1396 | } | 1371 | } |
1397 | /* Released in this function */ | 1372 | /* Released in this function */ |
1398 | page_virt = kmem_cache_zalloc(ecryptfs_header_cache_0, GFP_USER); | 1373 | virt = kzalloc(crypt_stat->num_header_bytes_at_front, GFP_KERNEL); |
1399 | if (!page_virt) { | 1374 | if (!virt) { |
1400 | ecryptfs_printk(KERN_ERR, "Out of memory\n"); | 1375 | printk(KERN_ERR "%s: Out of memory\n", __FUNCTION__); |
1401 | rc = -ENOMEM; | 1376 | rc = -ENOMEM; |
1402 | goto out; | 1377 | goto out; |
1403 | } | 1378 | } |
1404 | rc = ecryptfs_write_headers_virt(page_virt, &size, crypt_stat, | 1379 | rc = ecryptfs_write_headers_virt(virt, &size, crypt_stat, |
1405 | ecryptfs_dentry); | 1380 | ecryptfs_dentry); |
1406 | if (unlikely(rc)) { | 1381 | if (unlikely(rc)) { |
1407 | ecryptfs_printk(KERN_ERR, "Error whilst writing headers\n"); | 1382 | printk(KERN_ERR "%s: Error whilst writing headers; rc = [%d]\n", |
1408 | memset(page_virt, 0, PAGE_CACHE_SIZE); | 1383 | __FUNCTION__, rc); |
1409 | goto out_free; | 1384 | goto out_free; |
1410 | } | 1385 | } |
1411 | if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR) | 1386 | if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR) |
1412 | rc = ecryptfs_write_metadata_to_xattr(ecryptfs_dentry, | 1387 | rc = ecryptfs_write_metadata_to_xattr(ecryptfs_dentry, |
1413 | crypt_stat, page_virt, | 1388 | crypt_stat, virt, size); |
1414 | size); | ||
1415 | else | 1389 | else |
1416 | rc = ecryptfs_write_metadata_to_contents(crypt_stat, | 1390 | rc = ecryptfs_write_metadata_to_contents(crypt_stat, |
1417 | ecryptfs_dentry, | 1391 | ecryptfs_dentry, virt); |
1418 | page_virt); | ||
1419 | if (rc) { | 1392 | if (rc) { |
1420 | printk(KERN_ERR "Error writing metadata out to lower file; " | 1393 | printk(KERN_ERR "%s: Error writing metadata out to lower file; " |
1421 | "rc = [%d]\n", rc); | 1394 | "rc = [%d]\n", __FUNCTION__, rc); |
1422 | goto out_free; | 1395 | goto out_free; |
1423 | } | 1396 | } |
1424 | out_free: | 1397 | out_free: |
1425 | kmem_cache_free(ecryptfs_header_cache_0, page_virt); | 1398 | memset(virt, 0, crypt_stat->num_header_bytes_at_front); |
1399 | kfree(virt); | ||
1426 | out: | 1400 | out: |
1427 | return rc; | 1401 | return rc; |
1428 | } | 1402 | } |
@@ -1442,16 +1416,16 @@ static int parse_header_metadata(struct ecryptfs_crypt_stat *crypt_stat, | |||
1442 | virt += sizeof(u32); | 1416 | virt += sizeof(u32); |
1443 | memcpy(&num_header_extents_at_front, virt, sizeof(u16)); | 1417 | memcpy(&num_header_extents_at_front, virt, sizeof(u16)); |
1444 | num_header_extents_at_front = be16_to_cpu(num_header_extents_at_front); | 1418 | num_header_extents_at_front = be16_to_cpu(num_header_extents_at_front); |
1445 | crypt_stat->num_header_extents_at_front = | 1419 | crypt_stat->num_header_bytes_at_front = |
1446 | (int)num_header_extents_at_front; | 1420 | (((size_t)num_header_extents_at_front |
1421 | * (size_t)header_extent_size)); | ||
1447 | (*bytes_read) = (sizeof(u32) + sizeof(u16)); | 1422 | (*bytes_read) = (sizeof(u32) + sizeof(u16)); |
1448 | if ((validate_header_size == ECRYPTFS_VALIDATE_HEADER_SIZE) | 1423 | if ((validate_header_size == ECRYPTFS_VALIDATE_HEADER_SIZE) |
1449 | && ((crypt_stat->extent_size | 1424 | && (crypt_stat->num_header_bytes_at_front |
1450 | * crypt_stat->num_header_extents_at_front) | ||
1451 | < ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE)) { | 1425 | < ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE)) { |
1452 | rc = -EINVAL; | 1426 | rc = -EINVAL; |
1453 | printk(KERN_WARNING "Invalid number of header extents: [%zd]\n", | 1427 | printk(KERN_WARNING "Invalid header size: [%zd]\n", |
1454 | crypt_stat->num_header_extents_at_front); | 1428 | crypt_stat->num_header_bytes_at_front); |
1455 | } | 1429 | } |
1456 | return rc; | 1430 | return rc; |
1457 | } | 1431 | } |
@@ -1466,7 +1440,8 @@ static int parse_header_metadata(struct ecryptfs_crypt_stat *crypt_stat, | |||
1466 | */ | 1440 | */ |
1467 | static void set_default_header_data(struct ecryptfs_crypt_stat *crypt_stat) | 1441 | static void set_default_header_data(struct ecryptfs_crypt_stat *crypt_stat) |
1468 | { | 1442 | { |
1469 | crypt_stat->num_header_extents_at_front = 2; | 1443 | crypt_stat->num_header_bytes_at_front = |
1444 | ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE; | ||
1470 | } | 1445 | } |
1471 | 1446 | ||
1472 | /** | 1447 | /** |
@@ -1552,9 +1527,10 @@ int ecryptfs_read_xattr_region(char *page_virt, struct inode *ecryptfs_inode) | |||
1552 | size = ecryptfs_getxattr_lower(lower_dentry, ECRYPTFS_XATTR_NAME, | 1527 | size = ecryptfs_getxattr_lower(lower_dentry, ECRYPTFS_XATTR_NAME, |
1553 | page_virt, ECRYPTFS_DEFAULT_EXTENT_SIZE); | 1528 | page_virt, ECRYPTFS_DEFAULT_EXTENT_SIZE); |
1554 | if (size < 0) { | 1529 | if (size < 0) { |
1555 | printk(KERN_ERR "Error attempting to read the [%s] " | 1530 | if (unlikely(ecryptfs_verbosity > 0)) |
1556 | "xattr from the lower file; return value = [%zd]\n", | 1531 | printk(KERN_INFO "Error attempting to read the [%s] " |
1557 | ECRYPTFS_XATTR_NAME, size); | 1532 | "xattr from the lower file; return value = " |
1533 | "[%zd]\n", ECRYPTFS_XATTR_NAME, size); | ||
1558 | rc = -EINVAL; | 1534 | rc = -EINVAL; |
1559 | goto out; | 1535 | goto out; |
1560 | } | 1536 | } |
@@ -1802,7 +1778,7 @@ out: | |||
1802 | } | 1778 | } |
1803 | 1779 | ||
1804 | struct kmem_cache *ecryptfs_key_tfm_cache; | 1780 | struct kmem_cache *ecryptfs_key_tfm_cache; |
1805 | struct list_head key_tfm_list; | 1781 | static struct list_head key_tfm_list; |
1806 | struct mutex key_tfm_list_mutex; | 1782 | struct mutex key_tfm_list_mutex; |
1807 | 1783 | ||
1808 | int ecryptfs_init_crypto(void) | 1784 | int ecryptfs_init_crypto(void) |
@@ -1812,6 +1788,11 @@ int ecryptfs_init_crypto(void) | |||
1812 | return 0; | 1788 | return 0; |
1813 | } | 1789 | } |
1814 | 1790 | ||
1791 | /** | ||
1792 | * ecryptfs_destroy_crypto - free all cached key_tfms on key_tfm_list | ||
1793 | * | ||
1794 | * Called only at module unload time | ||
1795 | */ | ||
1815 | int ecryptfs_destroy_crypto(void) | 1796 | int ecryptfs_destroy_crypto(void) |
1816 | { | 1797 | { |
1817 | struct ecryptfs_key_tfm *key_tfm, *key_tfm_tmp; | 1798 | struct ecryptfs_key_tfm *key_tfm, *key_tfm_tmp; |
@@ -1835,6 +1816,8 @@ ecryptfs_add_new_key_tfm(struct ecryptfs_key_tfm **key_tfm, char *cipher_name, | |||
1835 | struct ecryptfs_key_tfm *tmp_tfm; | 1816 | struct ecryptfs_key_tfm *tmp_tfm; |
1836 | int rc = 0; | 1817 | int rc = 0; |
1837 | 1818 | ||
1819 | BUG_ON(!mutex_is_locked(&key_tfm_list_mutex)); | ||
1820 | |||
1838 | tmp_tfm = kmem_cache_alloc(ecryptfs_key_tfm_cache, GFP_KERNEL); | 1821 | tmp_tfm = kmem_cache_alloc(ecryptfs_key_tfm_cache, GFP_KERNEL); |
1839 | if (key_tfm != NULL) | 1822 | if (key_tfm != NULL) |
1840 | (*key_tfm) = tmp_tfm; | 1823 | (*key_tfm) = tmp_tfm; |
@@ -1861,13 +1844,50 @@ ecryptfs_add_new_key_tfm(struct ecryptfs_key_tfm **key_tfm, char *cipher_name, | |||
1861 | (*key_tfm) = NULL; | 1844 | (*key_tfm) = NULL; |
1862 | goto out; | 1845 | goto out; |
1863 | } | 1846 | } |
1864 | mutex_lock(&key_tfm_list_mutex); | ||
1865 | list_add(&tmp_tfm->key_tfm_list, &key_tfm_list); | 1847 | list_add(&tmp_tfm->key_tfm_list, &key_tfm_list); |
1866 | mutex_unlock(&key_tfm_list_mutex); | ||
1867 | out: | 1848 | out: |
1868 | return rc; | 1849 | return rc; |
1869 | } | 1850 | } |
1870 | 1851 | ||
1852 | /** | ||
1853 | * ecryptfs_tfm_exists - Search for existing tfm for cipher_name. | ||
1854 | * @cipher_name: the name of the cipher to search for | ||
1855 | * @key_tfm: set to corresponding tfm if found | ||
1856 | * | ||
1857 | * Searches for cached key_tfm matching @cipher_name | ||
1858 | * Must be called with &key_tfm_list_mutex held | ||
1859 | * Returns 1 if found, with @key_tfm set | ||
1860 | * Returns 0 if not found, with @key_tfm set to NULL | ||
1861 | */ | ||
1862 | int ecryptfs_tfm_exists(char *cipher_name, struct ecryptfs_key_tfm **key_tfm) | ||
1863 | { | ||
1864 | struct ecryptfs_key_tfm *tmp_key_tfm; | ||
1865 | |||
1866 | BUG_ON(!mutex_is_locked(&key_tfm_list_mutex)); | ||
1867 | |||
1868 | list_for_each_entry(tmp_key_tfm, &key_tfm_list, key_tfm_list) { | ||
1869 | if (strcmp(tmp_key_tfm->cipher_name, cipher_name) == 0) { | ||
1870 | if (key_tfm) | ||
1871 | (*key_tfm) = tmp_key_tfm; | ||
1872 | return 1; | ||
1873 | } | ||
1874 | } | ||
1875 | if (key_tfm) | ||
1876 | (*key_tfm) = NULL; | ||
1877 | return 0; | ||
1878 | } | ||
1879 | |||
1880 | /** | ||
1881 | * ecryptfs_get_tfm_and_mutex_for_cipher_name | ||
1882 | * | ||
1883 | * @tfm: set to cached tfm found, or new tfm created | ||
1884 | * @tfm_mutex: set to mutex for cached tfm found, or new tfm created | ||
1885 | * @cipher_name: the name of the cipher to search for and/or add | ||
1886 | * | ||
1887 | * Sets pointers to @tfm & @tfm_mutex matching @cipher_name. | ||
1888 | * Searches for cached item first, and creates new if not found. | ||
1889 | * Returns 0 on success, non-zero if adding new cipher failed | ||
1890 | */ | ||
1871 | int ecryptfs_get_tfm_and_mutex_for_cipher_name(struct crypto_blkcipher **tfm, | 1891 | int ecryptfs_get_tfm_and_mutex_for_cipher_name(struct crypto_blkcipher **tfm, |
1872 | struct mutex **tfm_mutex, | 1892 | struct mutex **tfm_mutex, |
1873 | char *cipher_name) | 1893 | char *cipher_name) |
@@ -1877,22 +1897,17 @@ int ecryptfs_get_tfm_and_mutex_for_cipher_name(struct crypto_blkcipher **tfm, | |||
1877 | 1897 | ||
1878 | (*tfm) = NULL; | 1898 | (*tfm) = NULL; |
1879 | (*tfm_mutex) = NULL; | 1899 | (*tfm_mutex) = NULL; |
1900 | |||
1880 | mutex_lock(&key_tfm_list_mutex); | 1901 | mutex_lock(&key_tfm_list_mutex); |
1881 | list_for_each_entry(key_tfm, &key_tfm_list, key_tfm_list) { | 1902 | if (!ecryptfs_tfm_exists(cipher_name, &key_tfm)) { |
1882 | if (strcmp(key_tfm->cipher_name, cipher_name) == 0) { | 1903 | rc = ecryptfs_add_new_key_tfm(&key_tfm, cipher_name, 0); |
1883 | (*tfm) = key_tfm->key_tfm; | 1904 | if (rc) { |
1884 | (*tfm_mutex) = &key_tfm->key_tfm_mutex; | 1905 | printk(KERN_ERR "Error adding new key_tfm to list; " |
1885 | mutex_unlock(&key_tfm_list_mutex); | 1906 | "rc = [%d]\n", rc); |
1886 | goto out; | 1907 | goto out; |
1887 | } | 1908 | } |
1888 | } | 1909 | } |
1889 | mutex_unlock(&key_tfm_list_mutex); | 1910 | mutex_unlock(&key_tfm_list_mutex); |
1890 | rc = ecryptfs_add_new_key_tfm(&key_tfm, cipher_name, 0); | ||
1891 | if (rc) { | ||
1892 | printk(KERN_ERR "Error adding new key_tfm to list; rc = [%d]\n", | ||
1893 | rc); | ||
1894 | goto out; | ||
1895 | } | ||
1896 | (*tfm) = key_tfm->key_tfm; | 1911 | (*tfm) = key_tfm->key_tfm; |
1897 | (*tfm_mutex) = &key_tfm->key_tfm_mutex; | 1912 | (*tfm_mutex) = &key_tfm->key_tfm_mutex; |
1898 | out: | 1913 | out: |
diff --git a/fs/ecryptfs/dentry.c b/fs/ecryptfs/dentry.c index cb20b964419f..841a032050a7 100644 --- a/fs/ecryptfs/dentry.c +++ b/fs/ecryptfs/dentry.c | |||
@@ -51,13 +51,13 @@ static int ecryptfs_d_revalidate(struct dentry *dentry, struct nameidata *nd) | |||
51 | 51 | ||
52 | if (!lower_dentry->d_op || !lower_dentry->d_op->d_revalidate) | 52 | if (!lower_dentry->d_op || !lower_dentry->d_op->d_revalidate) |
53 | goto out; | 53 | goto out; |
54 | dentry_save = nd->dentry; | 54 | dentry_save = nd->path.dentry; |
55 | vfsmount_save = nd->mnt; | 55 | vfsmount_save = nd->path.mnt; |
56 | nd->dentry = lower_dentry; | 56 | nd->path.dentry = lower_dentry; |
57 | nd->mnt = lower_mnt; | 57 | nd->path.mnt = lower_mnt; |
58 | rc = lower_dentry->d_op->d_revalidate(lower_dentry, nd); | 58 | rc = lower_dentry->d_op->d_revalidate(lower_dentry, nd); |
59 | nd->dentry = dentry_save; | 59 | nd->path.dentry = dentry_save; |
60 | nd->mnt = vfsmount_save; | 60 | nd->path.mnt = vfsmount_save; |
61 | if (dentry->d_inode) { | 61 | if (dentry->d_inode) { |
62 | struct inode *lower_inode = | 62 | struct inode *lower_inode = |
63 | ecryptfs_inode_to_lower(dentry->d_inode); | 63 | ecryptfs_inode_to_lower(dentry->d_inode); |
diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h index ce7a5d4aec36..5007f788da01 100644 --- a/fs/ecryptfs/ecryptfs_kernel.h +++ b/fs/ecryptfs/ecryptfs_kernel.h | |||
@@ -234,10 +234,11 @@ struct ecryptfs_crypt_stat { | |||
234 | #define ECRYPTFS_KEY_VALID 0x00000080 | 234 | #define ECRYPTFS_KEY_VALID 0x00000080 |
235 | #define ECRYPTFS_METADATA_IN_XATTR 0x00000100 | 235 | #define ECRYPTFS_METADATA_IN_XATTR 0x00000100 |
236 | #define ECRYPTFS_VIEW_AS_ENCRYPTED 0x00000200 | 236 | #define ECRYPTFS_VIEW_AS_ENCRYPTED 0x00000200 |
237 | #define ECRYPTFS_KEY_SET 0x00000400 | ||
237 | u32 flags; | 238 | u32 flags; |
238 | unsigned int file_version; | 239 | unsigned int file_version; |
239 | size_t iv_bytes; | 240 | size_t iv_bytes; |
240 | size_t num_header_extents_at_front; | 241 | size_t num_header_bytes_at_front; |
241 | size_t extent_size; /* Data extent size; default is 4096 */ | 242 | size_t extent_size; /* Data extent size; default is 4096 */ |
242 | size_t key_size; | 243 | size_t key_size; |
243 | size_t extent_shift; | 244 | size_t extent_shift; |
@@ -322,7 +323,6 @@ struct ecryptfs_key_tfm { | |||
322 | unsigned char cipher_name[ECRYPTFS_MAX_CIPHER_NAME_SIZE + 1]; | 323 | unsigned char cipher_name[ECRYPTFS_MAX_CIPHER_NAME_SIZE + 1]; |
323 | }; | 324 | }; |
324 | 325 | ||
325 | extern struct list_head key_tfm_list; | ||
326 | extern struct mutex key_tfm_list_mutex; | 326 | extern struct mutex key_tfm_list_mutex; |
327 | 327 | ||
328 | /** | 328 | /** |
@@ -521,11 +521,9 @@ extern struct kmem_cache *ecryptfs_file_info_cache; | |||
521 | extern struct kmem_cache *ecryptfs_dentry_info_cache; | 521 | extern struct kmem_cache *ecryptfs_dentry_info_cache; |
522 | extern struct kmem_cache *ecryptfs_inode_info_cache; | 522 | extern struct kmem_cache *ecryptfs_inode_info_cache; |
523 | extern struct kmem_cache *ecryptfs_sb_info_cache; | 523 | extern struct kmem_cache *ecryptfs_sb_info_cache; |
524 | extern struct kmem_cache *ecryptfs_header_cache_0; | ||
525 | extern struct kmem_cache *ecryptfs_header_cache_1; | 524 | extern struct kmem_cache *ecryptfs_header_cache_1; |
526 | extern struct kmem_cache *ecryptfs_header_cache_2; | 525 | extern struct kmem_cache *ecryptfs_header_cache_2; |
527 | extern struct kmem_cache *ecryptfs_xattr_cache; | 526 | extern struct kmem_cache *ecryptfs_xattr_cache; |
528 | extern struct kmem_cache *ecryptfs_lower_page_cache; | ||
529 | extern struct kmem_cache *ecryptfs_key_record_cache; | 527 | extern struct kmem_cache *ecryptfs_key_record_cache; |
530 | extern struct kmem_cache *ecryptfs_key_sig_cache; | 528 | extern struct kmem_cache *ecryptfs_key_sig_cache; |
531 | extern struct kmem_cache *ecryptfs_global_auth_tok_cache; | 529 | extern struct kmem_cache *ecryptfs_global_auth_tok_cache; |
@@ -562,8 +560,8 @@ int ecryptfs_read_and_validate_header_region(char *data, | |||
562 | struct inode *ecryptfs_inode); | 560 | struct inode *ecryptfs_inode); |
563 | int ecryptfs_read_and_validate_xattr_region(char *page_virt, | 561 | int ecryptfs_read_and_validate_xattr_region(char *page_virt, |
564 | struct dentry *ecryptfs_dentry); | 562 | struct dentry *ecryptfs_dentry); |
565 | u16 ecryptfs_code_for_cipher_string(struct ecryptfs_crypt_stat *crypt_stat); | 563 | u8 ecryptfs_code_for_cipher_string(struct ecryptfs_crypt_stat *crypt_stat); |
566 | int ecryptfs_cipher_code_to_string(char *str, u16 cipher_code); | 564 | int ecryptfs_cipher_code_to_string(char *str, u8 cipher_code); |
567 | void ecryptfs_set_default_sizes(struct ecryptfs_crypt_stat *crypt_stat); | 565 | void ecryptfs_set_default_sizes(struct ecryptfs_crypt_stat *crypt_stat); |
568 | int ecryptfs_generate_key_packet_set(char *dest_base, | 566 | int ecryptfs_generate_key_packet_set(char *dest_base, |
569 | struct ecryptfs_crypt_stat *crypt_stat, | 567 | struct ecryptfs_crypt_stat *crypt_stat, |
@@ -576,8 +574,6 @@ int ecryptfs_truncate(struct dentry *dentry, loff_t new_length); | |||
576 | int ecryptfs_inode_test(struct inode *inode, void *candidate_lower_inode); | 574 | int ecryptfs_inode_test(struct inode *inode, void *candidate_lower_inode); |
577 | int ecryptfs_inode_set(struct inode *inode, void *lower_inode); | 575 | int ecryptfs_inode_set(struct inode *inode, void *lower_inode); |
578 | void ecryptfs_init_inode(struct inode *inode, struct inode *lower_inode); | 576 | void ecryptfs_init_inode(struct inode *inode, struct inode *lower_inode); |
579 | ssize_t ecryptfs_getxattr(struct dentry *dentry, const char *name, void *value, | ||
580 | size_t size); | ||
581 | ssize_t | 577 | ssize_t |
582 | ecryptfs_getxattr_lower(struct dentry *lower_dentry, const char *name, | 578 | ecryptfs_getxattr_lower(struct dentry *lower_dentry, const char *name, |
583 | void *value, size_t size); | 579 | void *value, size_t size); |
@@ -623,6 +619,7 @@ ecryptfs_add_new_key_tfm(struct ecryptfs_key_tfm **key_tfm, char *cipher_name, | |||
623 | size_t key_size); | 619 | size_t key_size); |
624 | int ecryptfs_init_crypto(void); | 620 | int ecryptfs_init_crypto(void); |
625 | int ecryptfs_destroy_crypto(void); | 621 | int ecryptfs_destroy_crypto(void); |
622 | int ecryptfs_tfm_exists(char *cipher_name, struct ecryptfs_key_tfm **key_tfm); | ||
626 | int ecryptfs_get_tfm_and_mutex_for_cipher_name(struct crypto_blkcipher **tfm, | 623 | int ecryptfs_get_tfm_and_mutex_for_cipher_name(struct crypto_blkcipher **tfm, |
627 | struct mutex **tfm_mutex, | 624 | struct mutex **tfm_mutex, |
628 | char *cipher_name); | 625 | char *cipher_name); |
@@ -631,8 +628,6 @@ int ecryptfs_keyring_auth_tok_for_sig(struct key **auth_tok_key, | |||
631 | char *sig); | 628 | char *sig); |
632 | int ecryptfs_write_zeros(struct file *file, pgoff_t index, int start, | 629 | int ecryptfs_write_zeros(struct file *file, pgoff_t index, int start, |
633 | int num_zeros); | 630 | int num_zeros); |
634 | void ecryptfs_lower_offset_for_extent(loff_t *offset, loff_t extent_num, | ||
635 | struct ecryptfs_crypt_stat *crypt_stat); | ||
636 | int ecryptfs_write_lower(struct inode *ecryptfs_inode, char *data, | 631 | int ecryptfs_write_lower(struct inode *ecryptfs_inode, char *data, |
637 | loff_t offset, size_t size); | 632 | loff_t offset, size_t size); |
638 | int ecryptfs_write_lower_page_segment(struct inode *ecryptfs_inode, | 633 | int ecryptfs_write_lower_page_segment(struct inode *ecryptfs_inode, |
@@ -646,8 +641,6 @@ int ecryptfs_read_lower_page_segment(struct page *page_for_ecryptfs, | |||
646 | pgoff_t page_index, | 641 | pgoff_t page_index, |
647 | size_t offset_in_page, size_t size, | 642 | size_t offset_in_page, size_t size, |
648 | struct inode *ecryptfs_inode); | 643 | struct inode *ecryptfs_inode); |
649 | int ecryptfs_read(char *data, loff_t offset, size_t size, | ||
650 | struct file *ecryptfs_file); | ||
651 | struct page *ecryptfs_get_locked_page(struct file *file, loff_t index); | 644 | struct page *ecryptfs_get_locked_page(struct file *file, loff_t index); |
652 | 645 | ||
653 | #endif /* #ifndef ECRYPTFS_KERNEL_H */ | 646 | #endif /* #ifndef ECRYPTFS_KERNEL_H */ |
diff --git a/fs/ecryptfs/file.c b/fs/ecryptfs/file.c index c98c4690a771..2b8f5ed4adea 100644 --- a/fs/ecryptfs/file.c +++ b/fs/ecryptfs/file.c | |||
@@ -209,9 +209,10 @@ static int ecryptfs_open(struct inode *inode, struct file *file) | |||
209 | if (!(mount_crypt_stat->flags | 209 | if (!(mount_crypt_stat->flags |
210 | & ECRYPTFS_PLAINTEXT_PASSTHROUGH_ENABLED)) { | 210 | & ECRYPTFS_PLAINTEXT_PASSTHROUGH_ENABLED)) { |
211 | rc = -EIO; | 211 | rc = -EIO; |
212 | printk(KERN_WARNING "Attempt to read file that " | 212 | printk(KERN_WARNING "Either the lower file " |
213 | "is not in a valid eCryptfs format, " | 213 | "is not in a valid eCryptfs format, " |
214 | "and plaintext passthrough mode is not " | 214 | "or the key could not be retrieved. " |
215 | "Plaintext passthrough mode is not " | ||
215 | "enabled; returning -EIO\n"); | 216 | "enabled; returning -EIO\n"); |
216 | mutex_unlock(&crypt_stat->cs_mutex); | 217 | mutex_unlock(&crypt_stat->cs_mutex); |
217 | goto out_free; | 218 | goto out_free; |
diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c index 5a719180983c..e23861152101 100644 --- a/fs/ecryptfs/inode.c +++ b/fs/ecryptfs/inode.c | |||
@@ -77,13 +77,13 @@ ecryptfs_create_underlying_file(struct inode *lower_dir_inode, | |||
77 | struct vfsmount *vfsmount_save; | 77 | struct vfsmount *vfsmount_save; |
78 | int rc; | 78 | int rc; |
79 | 79 | ||
80 | dentry_save = nd->dentry; | 80 | dentry_save = nd->path.dentry; |
81 | vfsmount_save = nd->mnt; | 81 | vfsmount_save = nd->path.mnt; |
82 | nd->dentry = lower_dentry; | 82 | nd->path.dentry = lower_dentry; |
83 | nd->mnt = lower_mnt; | 83 | nd->path.mnt = lower_mnt; |
84 | rc = vfs_create(lower_dir_inode, lower_dentry, mode, nd); | 84 | rc = vfs_create(lower_dir_inode, lower_dentry, mode, nd); |
85 | nd->dentry = dentry_save; | 85 | nd->path.dentry = dentry_save; |
86 | nd->mnt = vfsmount_save; | 86 | nd->path.mnt = vfsmount_save; |
87 | return rc; | 87 | return rc; |
88 | } | 88 | } |
89 | 89 | ||
@@ -365,8 +365,7 @@ static struct dentry *ecryptfs_lookup(struct inode *dir, struct dentry *dentry, | |||
365 | dentry->d_sb)->mount_crypt_stat; | 365 | dentry->d_sb)->mount_crypt_stat; |
366 | if (mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED) { | 366 | if (mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED) { |
367 | if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR) | 367 | if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR) |
368 | file_size = ((crypt_stat->extent_size | 368 | file_size = (crypt_stat->num_header_bytes_at_front |
369 | * crypt_stat->num_header_extents_at_front) | ||
370 | + i_size_read(lower_dentry->d_inode)); | 369 | + i_size_read(lower_dentry->d_inode)); |
371 | else | 370 | else |
372 | file_size = i_size_read(lower_dentry->d_inode); | 371 | file_size = i_size_read(lower_dentry->d_inode); |
@@ -685,7 +684,7 @@ ecryptfs_put_link(struct dentry *dentry, struct nameidata *nd, void *ptr) | |||
685 | * @crypt_stat: Crypt_stat associated with file | 684 | * @crypt_stat: Crypt_stat associated with file |
686 | * @upper_size: Size of the upper file | 685 | * @upper_size: Size of the upper file |
687 | * | 686 | * |
688 | * Calculate the requried size of the lower file based on the | 687 | * Calculate the required size of the lower file based on the |
689 | * specified size of the upper file. This calculation is based on the | 688 | * specified size of the upper file. This calculation is based on the |
690 | * number of headers in the underlying file and the extent size. | 689 | * number of headers in the underlying file and the extent size. |
691 | * | 690 | * |
@@ -697,8 +696,7 @@ upper_size_to_lower_size(struct ecryptfs_crypt_stat *crypt_stat, | |||
697 | { | 696 | { |
698 | loff_t lower_size; | 697 | loff_t lower_size; |
699 | 698 | ||
700 | lower_size = (crypt_stat->extent_size | 699 | lower_size = crypt_stat->num_header_bytes_at_front; |
701 | * crypt_stat->num_header_extents_at_front); | ||
702 | if (upper_size != 0) { | 700 | if (upper_size != 0) { |
703 | loff_t num_extents; | 701 | loff_t num_extents; |
704 | 702 | ||
@@ -821,14 +819,14 @@ ecryptfs_permission(struct inode *inode, int mask, struct nameidata *nd) | |||
821 | int rc; | 819 | int rc; |
822 | 820 | ||
823 | if (nd) { | 821 | if (nd) { |
824 | struct vfsmount *vfsmnt_save = nd->mnt; | 822 | struct vfsmount *vfsmnt_save = nd->path.mnt; |
825 | struct dentry *dentry_save = nd->dentry; | 823 | struct dentry *dentry_save = nd->path.dentry; |
826 | 824 | ||
827 | nd->mnt = ecryptfs_dentry_to_lower_mnt(nd->dentry); | 825 | nd->path.mnt = ecryptfs_dentry_to_lower_mnt(nd->path.dentry); |
828 | nd->dentry = ecryptfs_dentry_to_lower(nd->dentry); | 826 | nd->path.dentry = ecryptfs_dentry_to_lower(nd->path.dentry); |
829 | rc = permission(ecryptfs_inode_to_lower(inode), mask, nd); | 827 | rc = permission(ecryptfs_inode_to_lower(inode), mask, nd); |
830 | nd->mnt = vfsmnt_save; | 828 | nd->path.mnt = vfsmnt_save; |
831 | nd->dentry = dentry_save; | 829 | nd->path.dentry = dentry_save; |
832 | } else | 830 | } else |
833 | rc = permission(ecryptfs_inode_to_lower(inode), mask, NULL); | 831 | rc = permission(ecryptfs_inode_to_lower(inode), mask, NULL); |
834 | return rc; | 832 | return rc; |
@@ -875,11 +873,11 @@ static int ecryptfs_setattr(struct dentry *dentry, struct iattr *ia) | |||
875 | if (!(mount_crypt_stat->flags | 873 | if (!(mount_crypt_stat->flags |
876 | & ECRYPTFS_PLAINTEXT_PASSTHROUGH_ENABLED)) { | 874 | & ECRYPTFS_PLAINTEXT_PASSTHROUGH_ENABLED)) { |
877 | rc = -EIO; | 875 | rc = -EIO; |
878 | printk(KERN_WARNING "Attempt to read file that " | 876 | printk(KERN_WARNING "Either the lower file " |
879 | "is not in a valid eCryptfs format, " | 877 | "is not in a valid eCryptfs format, " |
880 | "and plaintext passthrough mode is not " | 878 | "or the key could not be retrieved. " |
879 | "Plaintext passthrough mode is not " | ||
881 | "enabled; returning -EIO\n"); | 880 | "enabled; returning -EIO\n"); |
882 | |||
883 | mutex_unlock(&crypt_stat->cs_mutex); | 881 | mutex_unlock(&crypt_stat->cs_mutex); |
884 | goto out; | 882 | goto out; |
885 | } | 883 | } |
@@ -954,7 +952,7 @@ out: | |||
954 | return rc; | 952 | return rc; |
955 | } | 953 | } |
956 | 954 | ||
957 | ssize_t | 955 | static ssize_t |
958 | ecryptfs_getxattr(struct dentry *dentry, const char *name, void *value, | 956 | ecryptfs_getxattr(struct dentry *dentry, const char *name, void *value, |
959 | size_t size) | 957 | size_t size) |
960 | { | 958 | { |
diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c index f458c1f35565..682b1b2482c2 100644 --- a/fs/ecryptfs/keystore.c +++ b/fs/ecryptfs/keystore.c | |||
@@ -189,7 +189,7 @@ out: | |||
189 | } | 189 | } |
190 | 190 | ||
191 | static int | 191 | static int |
192 | parse_tag_65_packet(struct ecryptfs_session_key *session_key, u16 *cipher_code, | 192 | parse_tag_65_packet(struct ecryptfs_session_key *session_key, u8 *cipher_code, |
193 | struct ecryptfs_message *msg) | 193 | struct ecryptfs_message *msg) |
194 | { | 194 | { |
195 | size_t i = 0; | 195 | size_t i = 0; |
@@ -275,7 +275,7 @@ out: | |||
275 | 275 | ||
276 | 276 | ||
277 | static int | 277 | static int |
278 | write_tag_66_packet(char *signature, size_t cipher_code, | 278 | write_tag_66_packet(char *signature, u8 cipher_code, |
279 | struct ecryptfs_crypt_stat *crypt_stat, char **packet, | 279 | struct ecryptfs_crypt_stat *crypt_stat, char **packet, |
280 | size_t *packet_len) | 280 | size_t *packet_len) |
281 | { | 281 | { |
@@ -428,7 +428,7 @@ static int | |||
428 | decrypt_pki_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok, | 428 | decrypt_pki_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok, |
429 | struct ecryptfs_crypt_stat *crypt_stat) | 429 | struct ecryptfs_crypt_stat *crypt_stat) |
430 | { | 430 | { |
431 | u16 cipher_code = 0; | 431 | u8 cipher_code = 0; |
432 | struct ecryptfs_msg_ctx *msg_ctx; | 432 | struct ecryptfs_msg_ctx *msg_ctx; |
433 | struct ecryptfs_message *msg = NULL; | 433 | struct ecryptfs_message *msg = NULL; |
434 | char *auth_tok_sig; | 434 | char *auth_tok_sig; |
@@ -1537,7 +1537,7 @@ write_tag_3_packet(char *dest, size_t *remaining_bytes, | |||
1537 | struct scatterlist dst_sg; | 1537 | struct scatterlist dst_sg; |
1538 | struct scatterlist src_sg; | 1538 | struct scatterlist src_sg; |
1539 | struct mutex *tfm_mutex = NULL; | 1539 | struct mutex *tfm_mutex = NULL; |
1540 | size_t cipher_code; | 1540 | u8 cipher_code; |
1541 | size_t packet_size_length; | 1541 | size_t packet_size_length; |
1542 | size_t max_packet_size; | 1542 | size_t max_packet_size; |
1543 | struct ecryptfs_mount_crypt_stat *mount_crypt_stat = | 1543 | struct ecryptfs_mount_crypt_stat *mount_crypt_stat = |
diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c index 0249aa4ae181..d25ac9500a92 100644 --- a/fs/ecryptfs/main.c +++ b/fs/ecryptfs/main.c | |||
@@ -117,7 +117,7 @@ void __ecryptfs_printk(const char *fmt, ...) | |||
117 | * | 117 | * |
118 | * Returns zero on success; non-zero otherwise | 118 | * Returns zero on success; non-zero otherwise |
119 | */ | 119 | */ |
120 | int ecryptfs_init_persistent_file(struct dentry *ecryptfs_dentry) | 120 | static int ecryptfs_init_persistent_file(struct dentry *ecryptfs_dentry) |
121 | { | 121 | { |
122 | struct ecryptfs_inode_info *inode_info = | 122 | struct ecryptfs_inode_info *inode_info = |
123 | ecryptfs_inode_to_private(ecryptfs_dentry->d_inode); | 123 | ecryptfs_inode_to_private(ecryptfs_dentry->d_inode); |
@@ -226,17 +226,15 @@ out: | |||
226 | return rc; | 226 | return rc; |
227 | } | 227 | } |
228 | 228 | ||
229 | enum { ecryptfs_opt_sig, ecryptfs_opt_ecryptfs_sig, ecryptfs_opt_debug, | 229 | enum { ecryptfs_opt_sig, ecryptfs_opt_ecryptfs_sig, |
230 | ecryptfs_opt_ecryptfs_debug, ecryptfs_opt_cipher, | 230 | ecryptfs_opt_cipher, ecryptfs_opt_ecryptfs_cipher, |
231 | ecryptfs_opt_ecryptfs_cipher, ecryptfs_opt_ecryptfs_key_bytes, | 231 | ecryptfs_opt_ecryptfs_key_bytes, |
232 | ecryptfs_opt_passthrough, ecryptfs_opt_xattr_metadata, | 232 | ecryptfs_opt_passthrough, ecryptfs_opt_xattr_metadata, |
233 | ecryptfs_opt_encrypted_view, ecryptfs_opt_err }; | 233 | ecryptfs_opt_encrypted_view, ecryptfs_opt_err }; |
234 | 234 | ||
235 | static match_table_t tokens = { | 235 | static match_table_t tokens = { |
236 | {ecryptfs_opt_sig, "sig=%s"}, | 236 | {ecryptfs_opt_sig, "sig=%s"}, |
237 | {ecryptfs_opt_ecryptfs_sig, "ecryptfs_sig=%s"}, | 237 | {ecryptfs_opt_ecryptfs_sig, "ecryptfs_sig=%s"}, |
238 | {ecryptfs_opt_debug, "debug=%u"}, | ||
239 | {ecryptfs_opt_ecryptfs_debug, "ecryptfs_debug=%u"}, | ||
240 | {ecryptfs_opt_cipher, "cipher=%s"}, | 238 | {ecryptfs_opt_cipher, "cipher=%s"}, |
241 | {ecryptfs_opt_ecryptfs_cipher, "ecryptfs_cipher=%s"}, | 239 | {ecryptfs_opt_ecryptfs_cipher, "ecryptfs_cipher=%s"}, |
242 | {ecryptfs_opt_ecryptfs_key_bytes, "ecryptfs_key_bytes=%u"}, | 240 | {ecryptfs_opt_ecryptfs_key_bytes, "ecryptfs_key_bytes=%u"}, |
@@ -313,7 +311,6 @@ static int ecryptfs_parse_options(struct super_block *sb, char *options) | |||
313 | substring_t args[MAX_OPT_ARGS]; | 311 | substring_t args[MAX_OPT_ARGS]; |
314 | int token; | 312 | int token; |
315 | char *sig_src; | 313 | char *sig_src; |
316 | char *debug_src; | ||
317 | char *cipher_name_dst; | 314 | char *cipher_name_dst; |
318 | char *cipher_name_src; | 315 | char *cipher_name_src; |
319 | char *cipher_key_bytes_src; | 316 | char *cipher_key_bytes_src; |
@@ -341,16 +338,6 @@ static int ecryptfs_parse_options(struct super_block *sb, char *options) | |||
341 | } | 338 | } |
342 | sig_set = 1; | 339 | sig_set = 1; |
343 | break; | 340 | break; |
344 | case ecryptfs_opt_debug: | ||
345 | case ecryptfs_opt_ecryptfs_debug: | ||
346 | debug_src = args[0].from; | ||
347 | ecryptfs_verbosity = | ||
348 | (int)simple_strtol(debug_src, &debug_src, | ||
349 | 0); | ||
350 | ecryptfs_printk(KERN_DEBUG, | ||
351 | "Verbosity set to [%d]" "\n", | ||
352 | ecryptfs_verbosity); | ||
353 | break; | ||
354 | case ecryptfs_opt_cipher: | 341 | case ecryptfs_opt_cipher: |
355 | case ecryptfs_opt_ecryptfs_cipher: | 342 | case ecryptfs_opt_ecryptfs_cipher: |
356 | cipher_name_src = args[0].from; | 343 | cipher_name_src = args[0].from; |
@@ -423,9 +410,13 @@ static int ecryptfs_parse_options(struct super_block *sb, char *options) | |||
423 | if (!cipher_key_bytes_set) { | 410 | if (!cipher_key_bytes_set) { |
424 | mount_crypt_stat->global_default_cipher_key_size = 0; | 411 | mount_crypt_stat->global_default_cipher_key_size = 0; |
425 | } | 412 | } |
426 | rc = ecryptfs_add_new_key_tfm( | 413 | mutex_lock(&key_tfm_list_mutex); |
427 | NULL, mount_crypt_stat->global_default_cipher_name, | 414 | if (!ecryptfs_tfm_exists(mount_crypt_stat->global_default_cipher_name, |
428 | mount_crypt_stat->global_default_cipher_key_size); | 415 | NULL)) |
416 | rc = ecryptfs_add_new_key_tfm( | ||
417 | NULL, mount_crypt_stat->global_default_cipher_name, | ||
418 | mount_crypt_stat->global_default_cipher_key_size); | ||
419 | mutex_unlock(&key_tfm_list_mutex); | ||
429 | if (rc) { | 420 | if (rc) { |
430 | printk(KERN_ERR "Error attempting to initialize cipher with " | 421 | printk(KERN_ERR "Error attempting to initialize cipher with " |
431 | "name = [%s] and key size = [%td]; rc = [%d]\n", | 422 | "name = [%s] and key size = [%td]; rc = [%d]\n", |
@@ -522,8 +513,8 @@ static int ecryptfs_read_super(struct super_block *sb, const char *dev_name) | |||
522 | ecryptfs_printk(KERN_WARNING, "path_lookup() failed\n"); | 513 | ecryptfs_printk(KERN_WARNING, "path_lookup() failed\n"); |
523 | goto out; | 514 | goto out; |
524 | } | 515 | } |
525 | lower_root = nd.dentry; | 516 | lower_root = nd.path.dentry; |
526 | lower_mnt = nd.mnt; | 517 | lower_mnt = nd.path.mnt; |
527 | ecryptfs_set_superblock_lower(sb, lower_root->d_sb); | 518 | ecryptfs_set_superblock_lower(sb, lower_root->d_sb); |
528 | sb->s_maxbytes = lower_root->d_sb->s_maxbytes; | 519 | sb->s_maxbytes = lower_root->d_sb->s_maxbytes; |
529 | sb->s_blocksize = lower_root->d_sb->s_blocksize; | 520 | sb->s_blocksize = lower_root->d_sb->s_blocksize; |
@@ -535,7 +526,7 @@ static int ecryptfs_read_super(struct super_block *sb, const char *dev_name) | |||
535 | rc = 0; | 526 | rc = 0; |
536 | goto out; | 527 | goto out; |
537 | out_free: | 528 | out_free: |
538 | path_release(&nd); | 529 | path_put(&nd.path); |
539 | out: | 530 | out: |
540 | return rc; | 531 | return rc; |
541 | } | 532 | } |
@@ -654,11 +645,6 @@ static struct ecryptfs_cache_info { | |||
654 | .size = sizeof(struct ecryptfs_sb_info), | 645 | .size = sizeof(struct ecryptfs_sb_info), |
655 | }, | 646 | }, |
656 | { | 647 | { |
657 | .cache = &ecryptfs_header_cache_0, | ||
658 | .name = "ecryptfs_headers_0", | ||
659 | .size = PAGE_CACHE_SIZE, | ||
660 | }, | ||
661 | { | ||
662 | .cache = &ecryptfs_header_cache_1, | 648 | .cache = &ecryptfs_header_cache_1, |
663 | .name = "ecryptfs_headers_1", | 649 | .name = "ecryptfs_headers_1", |
664 | .size = PAGE_CACHE_SIZE, | 650 | .size = PAGE_CACHE_SIZE, |
@@ -821,6 +807,10 @@ static int __init ecryptfs_init(void) | |||
821 | "rc = [%d]\n", rc); | 807 | "rc = [%d]\n", rc); |
822 | goto out_release_messaging; | 808 | goto out_release_messaging; |
823 | } | 809 | } |
810 | if (ecryptfs_verbosity > 0) | ||
811 | printk(KERN_CRIT "eCryptfs verbosity set to %d. Secret values " | ||
812 | "will be written to the syslog!\n", ecryptfs_verbosity); | ||
813 | |||
824 | goto out; | 814 | goto out; |
825 | out_release_messaging: | 815 | out_release_messaging: |
826 | ecryptfs_release_messaging(ecryptfs_transport); | 816 | ecryptfs_release_messaging(ecryptfs_transport); |
diff --git a/fs/ecryptfs/mmap.c b/fs/ecryptfs/mmap.c index 32c5711d79a3..dc74b186145d 100644 --- a/fs/ecryptfs/mmap.c +++ b/fs/ecryptfs/mmap.c | |||
@@ -34,8 +34,6 @@ | |||
34 | #include <linux/scatterlist.h> | 34 | #include <linux/scatterlist.h> |
35 | #include "ecryptfs_kernel.h" | 35 | #include "ecryptfs_kernel.h" |
36 | 36 | ||
37 | struct kmem_cache *ecryptfs_lower_page_cache; | ||
38 | |||
39 | /** | 37 | /** |
40 | * ecryptfs_get_locked_page | 38 | * ecryptfs_get_locked_page |
41 | * | 39 | * |
@@ -102,13 +100,14 @@ static void set_header_info(char *page_virt, | |||
102 | struct ecryptfs_crypt_stat *crypt_stat) | 100 | struct ecryptfs_crypt_stat *crypt_stat) |
103 | { | 101 | { |
104 | size_t written; | 102 | size_t written; |
105 | int save_num_header_extents_at_front = | 103 | size_t save_num_header_bytes_at_front = |
106 | crypt_stat->num_header_extents_at_front; | 104 | crypt_stat->num_header_bytes_at_front; |
107 | 105 | ||
108 | crypt_stat->num_header_extents_at_front = 1; | 106 | crypt_stat->num_header_bytes_at_front = |
107 | ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE; | ||
109 | ecryptfs_write_header_metadata(page_virt + 20, crypt_stat, &written); | 108 | ecryptfs_write_header_metadata(page_virt + 20, crypt_stat, &written); |
110 | crypt_stat->num_header_extents_at_front = | 109 | crypt_stat->num_header_bytes_at_front = |
111 | save_num_header_extents_at_front; | 110 | save_num_header_bytes_at_front; |
112 | } | 111 | } |
113 | 112 | ||
114 | /** | 113 | /** |
@@ -134,8 +133,11 @@ ecryptfs_copy_up_encrypted_with_header(struct page *page, | |||
134 | loff_t view_extent_num = ((((loff_t)page->index) | 133 | loff_t view_extent_num = ((((loff_t)page->index) |
135 | * num_extents_per_page) | 134 | * num_extents_per_page) |
136 | + extent_num_in_page); | 135 | + extent_num_in_page); |
136 | size_t num_header_extents_at_front = | ||
137 | (crypt_stat->num_header_bytes_at_front | ||
138 | / crypt_stat->extent_size); | ||
137 | 139 | ||
138 | if (view_extent_num < crypt_stat->num_header_extents_at_front) { | 140 | if (view_extent_num < num_header_extents_at_front) { |
139 | /* This is a header extent */ | 141 | /* This is a header extent */ |
140 | char *page_virt; | 142 | char *page_virt; |
141 | 143 | ||
@@ -157,9 +159,8 @@ ecryptfs_copy_up_encrypted_with_header(struct page *page, | |||
157 | } else { | 159 | } else { |
158 | /* This is an encrypted data extent */ | 160 | /* This is an encrypted data extent */ |
159 | loff_t lower_offset = | 161 | loff_t lower_offset = |
160 | ((view_extent_num - | 162 | ((view_extent_num * crypt_stat->extent_size) |
161 | crypt_stat->num_header_extents_at_front) | 163 | - crypt_stat->num_header_bytes_at_front); |
162 | * crypt_stat->extent_size); | ||
163 | 164 | ||
164 | rc = ecryptfs_read_lower_page_segment( | 165 | rc = ecryptfs_read_lower_page_segment( |
165 | page, (lower_offset >> PAGE_CACHE_SHIFT), | 166 | page, (lower_offset >> PAGE_CACHE_SHIFT), |
@@ -257,8 +258,7 @@ static int fill_zeros_to_end_of_page(struct page *page, unsigned int to) | |||
257 | end_byte_in_page = i_size_read(inode) % PAGE_CACHE_SIZE; | 258 | end_byte_in_page = i_size_read(inode) % PAGE_CACHE_SIZE; |
258 | if (to > end_byte_in_page) | 259 | if (to > end_byte_in_page) |
259 | end_byte_in_page = to; | 260 | end_byte_in_page = to; |
260 | zero_user_page(page, end_byte_in_page, | 261 | zero_user_segment(page, end_byte_in_page, PAGE_CACHE_SIZE); |
261 | PAGE_CACHE_SIZE - end_byte_in_page, KM_USER0); | ||
262 | out: | 262 | out: |
263 | return 0; | 263 | return 0; |
264 | } | 264 | } |
@@ -307,7 +307,7 @@ static int ecryptfs_prepare_write(struct file *file, struct page *page, | |||
307 | */ | 307 | */ |
308 | if ((i_size_read(page->mapping->host) == prev_page_end_size) && | 308 | if ((i_size_read(page->mapping->host) == prev_page_end_size) && |
309 | (from != 0)) { | 309 | (from != 0)) { |
310 | zero_user_page(page, 0, PAGE_CACHE_SIZE, KM_USER0); | 310 | zero_user(page, 0, PAGE_CACHE_SIZE); |
311 | } | 311 | } |
312 | out: | 312 | out: |
313 | return rc; | 313 | return rc; |
diff --git a/fs/ecryptfs/read_write.c b/fs/ecryptfs/read_write.c index 948f57624c05..0c4928623bbc 100644 --- a/fs/ecryptfs/read_write.c +++ b/fs/ecryptfs/read_write.c | |||
@@ -293,6 +293,7 @@ int ecryptfs_read_lower_page_segment(struct page *page_for_ecryptfs, | |||
293 | return rc; | 293 | return rc; |
294 | } | 294 | } |
295 | 295 | ||
296 | #if 0 | ||
296 | /** | 297 | /** |
297 | * ecryptfs_read | 298 | * ecryptfs_read |
298 | * @data: The virtual address into which to write the data read (and | 299 | * @data: The virtual address into which to write the data read (and |
@@ -371,3 +372,4 @@ int ecryptfs_read(char *data, loff_t offset, size_t size, | |||
371 | out: | 372 | out: |
372 | return rc; | 373 | return rc; |
373 | } | 374 | } |
375 | #endif /* 0 */ | ||
diff --git a/fs/ecryptfs/super.c b/fs/ecryptfs/super.c index 4859c4eecd65..c27ac2b358a1 100644 --- a/fs/ecryptfs/super.c +++ b/fs/ecryptfs/super.c | |||
@@ -156,32 +156,38 @@ static void ecryptfs_clear_inode(struct inode *inode) | |||
156 | /** | 156 | /** |
157 | * ecryptfs_show_options | 157 | * ecryptfs_show_options |
158 | * | 158 | * |
159 | * Prints the directory we are currently mounted over. | 159 | * Prints the mount options for a given superblock. |
160 | * Returns zero on success; non-zero otherwise | 160 | * Returns zero; does not fail. |
161 | */ | 161 | */ |
162 | static int ecryptfs_show_options(struct seq_file *m, struct vfsmount *mnt) | 162 | static int ecryptfs_show_options(struct seq_file *m, struct vfsmount *mnt) |
163 | { | 163 | { |
164 | struct super_block *sb = mnt->mnt_sb; | 164 | struct super_block *sb = mnt->mnt_sb; |
165 | struct dentry *lower_root_dentry = ecryptfs_dentry_to_lower(sb->s_root); | 165 | struct ecryptfs_mount_crypt_stat *mount_crypt_stat = |
166 | struct vfsmount *lower_mnt = ecryptfs_dentry_to_lower_mnt(sb->s_root); | 166 | &ecryptfs_superblock_to_private(sb)->mount_crypt_stat; |
167 | char *tmp_page; | 167 | struct ecryptfs_global_auth_tok *walker; |
168 | char *path; | 168 | |
169 | int rc = 0; | 169 | mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex); |
170 | 170 | list_for_each_entry(walker, | |
171 | tmp_page = (char *)__get_free_page(GFP_KERNEL); | 171 | &mount_crypt_stat->global_auth_tok_list, |
172 | if (!tmp_page) { | 172 | mount_crypt_stat_list) { |
173 | rc = -ENOMEM; | 173 | seq_printf(m, ",ecryptfs_sig=%s", walker->sig); |
174 | goto out; | ||
175 | } | ||
176 | path = d_path(lower_root_dentry, lower_mnt, tmp_page, PAGE_SIZE); | ||
177 | if (IS_ERR(path)) { | ||
178 | rc = PTR_ERR(path); | ||
179 | goto out; | ||
180 | } | 174 | } |
181 | seq_printf(m, ",dir=%s", path); | 175 | mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex); |
182 | free_page((unsigned long)tmp_page); | 176 | |
183 | out: | 177 | seq_printf(m, ",ecryptfs_cipher=%s", |
184 | return rc; | 178 | mount_crypt_stat->global_default_cipher_name); |
179 | |||
180 | if (mount_crypt_stat->global_default_cipher_key_size) | ||
181 | seq_printf(m, ",ecryptfs_key_bytes=%zd", | ||
182 | mount_crypt_stat->global_default_cipher_key_size); | ||
183 | if (mount_crypt_stat->flags & ECRYPTFS_PLAINTEXT_PASSTHROUGH_ENABLED) | ||
184 | seq_printf(m, ",ecryptfs_passthrough"); | ||
185 | if (mount_crypt_stat->flags & ECRYPTFS_XATTR_METADATA_ENABLED) | ||
186 | seq_printf(m, ",ecryptfs_xattr_metadata"); | ||
187 | if (mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED) | ||
188 | seq_printf(m, ",ecryptfs_encrypted_view"); | ||
189 | |||
190 | return 0; | ||
185 | } | 191 | } |
186 | 192 | ||
187 | const struct super_operations ecryptfs_sops = { | 193 | const struct super_operations ecryptfs_sops = { |