10 files changed, 237 insertions, 200 deletions

diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c
index cbadc1bee6e7..bfd8b680e648 100644
--- a/fs/ecryptfs/crypto.c
+++ b/fs/ecryptfs/crypto.c
@@ -348,7 +348,7 @@ static int encrypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat,
         BUG_ON(!crypt_stat || !crypt_stat->tfm
                || !(crypt_stat->flags & ECRYPTFS_STRUCT_INITIALIZED));
         if (unlikely(ecryptfs_verbosity > 0)) {
-                ecryptfs_printk(KERN_DEBUG, "Key size [%d]; key:\n",
+                ecryptfs_printk(KERN_DEBUG, "Key size [%zd]; key:\n",
                                 crypt_stat->key_size);
                 ecryptfs_dump_hex(crypt_stat->key,
                                   crypt_stat->key_size);
@@ -413,10 +413,9 @@ static int ecryptfs_encrypt_extent(struct page *enc_extent_page,
         rc = ecryptfs_derive_iv(extent_iv, crypt_stat,
                                 (extent_base + extent_offset));
         if (rc) {
-                ecryptfs_printk(KERN_ERR, "Error attempting to "
-                                "derive IV for extent [0x%.16x]; "
-                                "rc = [%d]\n", (extent_base + extent_offset),
-                                rc);
+                ecryptfs_printk(KERN_ERR, "Error attempting to derive IV for "
+                        "extent [0x%.16llx]; rc = [%d]\n",
+                        (unsigned long long)(extent_base + extent_offset), rc);
                 goto out;
         }
         if (unlikely(ecryptfs_verbosity > 0)) {
@@ -443,9 +442,9 @@ static int ecryptfs_encrypt_extent(struct page *enc_extent_page,
         }
         rc = 0;
         if (unlikely(ecryptfs_verbosity > 0)) {
-                ecryptfs_printk(KERN_DEBUG, "Encrypt extent [0x%.16x]; "
-                                "rc = [%d]\n", (extent_base + extent_offset),
-                                rc);
+                ecryptfs_printk(KERN_DEBUG, "Encrypt extent [0x%.16llx]; "
+                        "rc = [%d]\n",
+                        (unsigned long long)(extent_base + extent_offset), rc);
                 ecryptfs_printk(KERN_DEBUG, "First 8 bytes after "
                                 "encryption:\n");
                 ecryptfs_dump_hex((char *)(page_address(enc_extent_page)), 8);
@@ -540,10 +539,9 @@ static int ecryptfs_decrypt_extent(struct page *page,
         rc = ecryptfs_derive_iv(extent_iv, crypt_stat,
                                 (extent_base + extent_offset));
         if (rc) {
-                ecryptfs_printk(KERN_ERR, "Error attempting to "
-                                "derive IV for extent [0x%.16x]; "
-                                "rc = [%d]\n", (extent_base + extent_offset),
-                                rc);
+                ecryptfs_printk(KERN_ERR, "Error attempting to derive IV for "
+                        "extent [0x%.16llx]; rc = [%d]\n",
+                        (unsigned long long)(extent_base + extent_offset), rc);
                 goto out;
         }
         if (unlikely(ecryptfs_verbosity > 0)) {
@@ -571,9 +569,9 @@ static int ecryptfs_decrypt_extent(struct page *page,
         }
         rc = 0;
         if (unlikely(ecryptfs_verbosity > 0)) {
-                ecryptfs_printk(KERN_DEBUG, "Decrypt extent [0x%.16x]; "
-                                "rc = [%d]\n", (extent_base + extent_offset),
-                                rc);
+                ecryptfs_printk(KERN_DEBUG, "Decrypt extent [0x%.16llx]; "
+                        "rc = [%d]\n",
+                        (unsigned long long)(extent_base + extent_offset), rc);
                 ecryptfs_printk(KERN_DEBUG, "First 8 bytes after "
                                 "decryption:\n");
                 ecryptfs_dump_hex((char *)(page_address(page)
@@ -780,7 +778,7 @@ int ecryptfs_init_crypt_ctx(struct ecryptfs_crypt_stat *crypt_stat)
         }
         ecryptfs_printk(KERN_DEBUG,
                         "Initializing cipher [%s]; strlen = [%d]; "
-                        "key_size_bits = [%d]\n",
+                        "key_size_bits = [%zd]\n",
                         crypt_stat->cipher, (int)strlen(crypt_stat->cipher),
                         crypt_stat->key_size << 3);
         if (crypt_stat->tfm) {
diff --git a/fs/ecryptfs/dentry.c b/fs/ecryptfs/dentry.c
index 906e803f7f79..6fc4f319b550 100644
--- a/fs/ecryptfs/dentry.c
+++ b/fs/ecryptfs/dentry.c
@@ -44,12 +44,17 @@
  */
 static int ecryptfs_d_revalidate(struct dentry *dentry, struct nameidata *nd)
 {
-        struct dentry *lower_dentry = ecryptfs_dentry_to_lower(dentry);
-        struct vfsmount *lower_mnt = ecryptfs_dentry_to_lower_mnt(dentry);
+        struct dentry *lower_dentry;
+        struct vfsmount *lower_mnt;
         struct dentry *dentry_save;
         struct vfsmount *vfsmount_save;
         int rc = 1;
 
+        if (nd->flags & LOOKUP_RCU)
+                return -ECHILD;
+
+        lower_dentry = ecryptfs_dentry_to_lower(dentry);
+        lower_mnt = ecryptfs_dentry_to_lower_mnt(dentry);
         if (!lower_dentry->d_op || !lower_dentry->d_op->d_revalidate)
                 goto out;
         dentry_save = nd->path.dentry;
diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h
index 0032a9f5a3a9..dbc84ed96336 100644
--- a/fs/ecryptfs/ecryptfs_kernel.h
+++ b/fs/ecryptfs/ecryptfs_kernel.h
@@ -192,7 +192,6 @@ ecryptfs_get_key_payload_data(struct key *key)
                 (((struct user_key_payload*)key->payload.data)->data);
 }
 
-#define ECRYPTFS_SUPER_MAGIC 0xf15f
 #define ECRYPTFS_MAX_KEYSET_SIZE 1024
 #define ECRYPTFS_MAX_CIPHER_NAME_SIZE 32
 #define ECRYPTFS_MAX_NUM_ENC_KEYS 64
@@ -377,6 +376,7 @@ struct ecryptfs_mount_crypt_stat {
 #define ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES      0x00000010
 #define ECRYPTFS_GLOBAL_ENCFN_USE_MOUNT_FNEK   0x00000020
 #define ECRYPTFS_GLOBAL_ENCFN_USE_FEK          0x00000040
+#define ECRYPTFS_GLOBAL_MOUNT_AUTH_TOK_ONLY    0x00000080
         u32 flags;
         struct list_head global_auth_tok_list;
         struct mutex global_auth_tok_list_mutex;
@@ -477,7 +477,7 @@ ecryptfs_lower_header_size(struct ecryptfs_crypt_stat *crypt_stat)
 static inline struct ecryptfs_file_info *
 ecryptfs_file_to_private(struct file *file)
 {
-        return (struct ecryptfs_file_info *)file->private_data;
+        return file->private_data;
 }
 
 static inline void
@@ -583,6 +583,7 @@ ecryptfs_set_dentry_lower_mnt(struct dentry *dentry, struct vfsmount *lower_mnt)
 
 #define ecryptfs_printk(type, fmt, arg...) \
         __ecryptfs_printk(type "%s: " fmt, __func__, ## arg);
+__attribute__ ((format(printf, 1, 2)))
 void __ecryptfs_printk(const char *fmt, ...);
 
 extern const struct file_operations ecryptfs_main_fops;
diff --git a/fs/ecryptfs/file.c b/fs/ecryptfs/file.c
index 622c95140802..81e10e6a9443 100644
--- a/fs/ecryptfs/file.c
+++ b/fs/ecryptfs/file.c
@@ -31,7 +31,6 @@
 #include <linux/security.h>
 #include <linux/compat.h>
 #include <linux/fs_stack.h>
-#include <linux/smp_lock.h>
 #include "ecryptfs_kernel.h"
 
 /**
@@ -48,7 +47,7 @@ static ssize_t ecryptfs_read_update_atime(struct kiocb *iocb,
                                 const struct iovec *iov,
                                 unsigned long nr_segs, loff_t pos)
 {
-        int rc;
+        ssize_t rc;
         struct dentry *lower_dentry;
         struct vfsmount *lower_vfsmount;
         struct file *file = iocb->ki_filp;
@@ -192,18 +191,16 @@ static int ecryptfs_open(struct inode *inode, struct file *file)
                                       | ECRYPTFS_ENCRYPTED);
         }
         mutex_unlock(&crypt_stat->cs_mutex);
-        if (!ecryptfs_inode_to_private(inode)->lower_file) {
-                rc = ecryptfs_init_persistent_file(ecryptfs_dentry);
-                if (rc) {
-                        printk(KERN_ERR "%s: Error attempting to initialize "
-                               "the persistent file for the dentry with name "
-                               "[%s]; rc = [%d]\n", __func__,
-                               ecryptfs_dentry->d_name.name, rc);
-                        goto out_free;
-                }
+        rc = ecryptfs_init_persistent_file(ecryptfs_dentry);
+        if (rc) {
+                printk(KERN_ERR "%s: Error attempting to initialize "
+                        "the persistent file for the dentry with name "
+                        "[%s]; rc = [%d]\n", __func__,
+                        ecryptfs_dentry->d_name.name, rc);
+                goto out_free;
         }
-        if ((ecryptfs_inode_to_private(inode)->lower_file->f_flags & O_RDONLY)
-            && !(file->f_flags & O_RDONLY)) {
+        if ((ecryptfs_inode_to_private(inode)->lower_file->f_flags & O_ACCMODE)
+            == O_RDONLY && (file->f_flags & O_ACCMODE) != O_RDONLY) {
                 rc = -EPERM;
                 printk(KERN_WARNING "%s: Lower persistent file is RO; eCryptfs "
                        "file must hence be opened RO\n", __func__);
@@ -244,9 +241,9 @@ static int ecryptfs_open(struct inode *inode, struct file *file)
                 }
         }
         mutex_unlock(&crypt_stat->cs_mutex);
-        ecryptfs_printk(KERN_DEBUG, "inode w/ addr = [0x%p], i_ino = [0x%.16x] "
-                        "size: [0x%.16x]\n", inode, inode->i_ino,
-                        i_size_read(inode));
+        ecryptfs_printk(KERN_DEBUG, "inode w/ addr = [0x%p], i_ino = "
+                        "[0x%.16lx] size: [0x%.16llx]\n", inode, inode->i_ino,
+                        (unsigned long long)i_size_read(inode));
         goto out;
 out_free:
         kmem_cache_free(ecryptfs_file_info_cache,
@@ -284,11 +281,9 @@ static int ecryptfs_fasync(int fd, struct file *file, int flag)
         int rc = 0;
         struct file *lower_file = NULL;
 
-        lock_kernel();
         lower_file = ecryptfs_file_to_lower(file);
         if (lower_file->f_op && lower_file->f_op->fasync)
                 rc = lower_file->f_op->fasync(fd, lower_file, flag);
-        unlock_kernel();
         return rc;
 }
 
@@ -332,6 +327,7 @@ const struct file_operations ecryptfs_dir_fops = {
         .fsync = ecryptfs_fsync,
         .fasync = ecryptfs_fasync,
         .splice_read = generic_file_splice_read,
+        .llseek = default_llseek,
 };
 
 const struct file_operations ecryptfs_main_fops = {
diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c
index 3fbc94203380..bd33f87a1907 100644
--- a/fs/ecryptfs/inode.c
+++ b/fs/ecryptfs/inode.c
@@ -32,6 +32,7 @@
 #include <linux/crypto.h>
 #include <linux/fs_stack.h>
 #include <linux/slab.h>
+#include <linux/xattr.h>
 #include <asm/unaligned.h>
 #include "ecryptfs_kernel.h"
 
@@ -70,15 +71,19 @@ ecryptfs_create_underlying_file(struct inode *lower_dir_inode,
         struct vfsmount *lower_mnt = ecryptfs_dentry_to_lower_mnt(dentry);
         struct dentry *dentry_save;
         struct vfsmount *vfsmount_save;
+        unsigned int flags_save;
         int rc;
 
         dentry_save = nd->path.dentry;
         vfsmount_save = nd->path.mnt;
+        flags_save = nd->flags;
         nd->path.dentry = lower_dentry;
         nd->path.mnt = lower_mnt;
+        nd->flags &= ~LOOKUP_OPEN;
         rc = vfs_create(lower_dir_inode, lower_dentry, mode, nd);
         nd->path.dentry = dentry_save;
         nd->path.mnt = vfsmount_save;
+        nd->flags = flags_save;
         return rc;
 }
 
@@ -180,15 +185,13 @@ static int ecryptfs_initialize_file(struct dentry *ecryptfs_dentry)
                                 "context; rc = [%d]\n", rc);
                 goto out;
         }
-        if (!ecryptfs_inode_to_private(ecryptfs_dentry->d_inode)->lower_file) {
-                rc = ecryptfs_init_persistent_file(ecryptfs_dentry);
-                if (rc) {
-                        printk(KERN_ERR "%s: Error attempting to initialize "
-                               "the persistent file for the dentry with name "
-                               "[%s]; rc = [%d]\n", __func__,
-                               ecryptfs_dentry->d_name.name, rc);
-                        goto out;
-                }
+        rc = ecryptfs_init_persistent_file(ecryptfs_dentry);
+        if (rc) {
+                printk(KERN_ERR "%s: Error attempting to initialize "
+                        "the persistent file for the dentry with name "
+                        "[%s]; rc = [%d]\n", __func__,
+                        ecryptfs_dentry->d_name.name, rc);
+                goto out;
         }
         rc = ecryptfs_write_metadata(ecryptfs_dentry);
         if (rc) {
@@ -255,7 +258,7 @@ int ecryptfs_lookup_and_interpose_lower(struct dentry *ecryptfs_dentry,
                                    ecryptfs_dentry->d_parent));
         lower_inode = lower_dentry->d_inode;
         fsstack_copy_attr_atime(ecryptfs_dir_inode, lower_dir_dentry->d_inode);
-        BUG_ON(!atomic_read(&lower_dentry->d_count));
+        BUG_ON(!lower_dentry->d_count);
         ecryptfs_set_dentry_private(ecryptfs_dentry,
                                     kmem_cache_alloc(ecryptfs_dentry_info_cache,
                                                      GFP_KERNEL));
@@ -297,15 +300,13 @@ int ecryptfs_lookup_and_interpose_lower(struct dentry *ecryptfs_dentry,
                 rc = -ENOMEM;
                 goto out;
         }
-        if (!ecryptfs_inode_to_private(ecryptfs_dentry->d_inode)->lower_file) {
-                rc = ecryptfs_init_persistent_file(ecryptfs_dentry);
-                if (rc) {
-                        printk(KERN_ERR "%s: Error attempting to initialize "
-                               "the persistent file for the dentry with name "
-                               "[%s]; rc = [%d]\n", __func__,
-                               ecryptfs_dentry->d_name.name, rc);
-                        goto out_free_kmem;
-                }
+        rc = ecryptfs_init_persistent_file(ecryptfs_dentry);
+        if (rc) {
+                printk(KERN_ERR "%s: Error attempting to initialize "
+                        "the persistent file for the dentry with name "
+                        "[%s]; rc = [%d]\n", __func__,
+                        ecryptfs_dentry->d_name.name, rc);
+                goto out_free_kmem;
         }
         crypt_stat = &ecryptfs_inode_to_private(
                                         ecryptfs_dentry->d_inode)->crypt_stat;
@@ -436,7 +437,6 @@ static struct dentry *ecryptfs_lookup(struct inode *ecryptfs_dir_inode,
         struct qstr lower_name;
         int rc = 0;
 
-        ecryptfs_dentry->d_op = &ecryptfs_dops;
         if ((ecryptfs_dentry->d_name.len == 1
              && !strcmp(ecryptfs_dentry->d_name.name, "."))
             || (ecryptfs_dentry->d_name.len == 2
@@ -449,7 +449,7 @@ static struct dentry *ecryptfs_lookup(struct inode *ecryptfs_dir_inode,
         lower_name.hash = ecryptfs_dentry->d_name.hash;
         if (lower_dir_dentry->d_op && lower_dir_dentry->d_op->d_hash) {
                 rc = lower_dir_dentry->d_op->d_hash(lower_dir_dentry,
-                                                    &lower_name);
+                                lower_dir_dentry->d_inode, &lower_name);
                 if (rc < 0)
                         goto out_d_drop;
         }
@@ -484,7 +484,7 @@ static struct dentry *ecryptfs_lookup(struct inode *ecryptfs_dir_inode,
         lower_name.hash = full_name_hash(lower_name.name, lower_name.len);
         if (lower_dir_dentry->d_op && lower_dir_dentry->d_op->d_hash) {
                 rc = lower_dir_dentry->d_op->d_hash(lower_dir_dentry,
-                                                    &lower_name);
+                                lower_dir_dentry->d_inode, &lower_name);
                 if (rc < 0)
                         goto out_d_drop;
         }
@@ -975,8 +975,10 @@ int ecryptfs_truncate(struct dentry *dentry, loff_t new_length)
 }
 
 static int
-ecryptfs_permission(struct inode *inode, int mask)
+ecryptfs_permission(struct inode *inode, int mask, unsigned int flags)
 {
+        if (flags & IPERM_FLAG_RCU)
+                return -ECHILD;
         return inode_permission(ecryptfs_inode_to_lower(inode), mask);
 }
 
@@ -1108,10 +1110,8 @@ ecryptfs_setxattr(struct dentry *dentry, const char *name, const void *value,
                 rc = -EOPNOTSUPP;
                 goto out;
         }
-        mutex_lock(&lower_dentry->d_inode->i_mutex);
-        rc = lower_dentry->d_inode->i_op->setxattr(lower_dentry, name, value,
-                                                   size, flags);
-        mutex_unlock(&lower_dentry->d_inode->i_mutex);
+
+        rc = vfs_setxattr(lower_dentry, name, value, size, flags);
 out:
         return rc;
 }
diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c
index 73811cfa2ea4..c1436cff6f2d 100644
--- a/fs/ecryptfs/keystore.c
+++ b/fs/ecryptfs/keystore.c
@@ -59,7 +59,7 @@ static int process_request_key_err(long err_code)
                 break;
         default:
                 ecryptfs_printk(KERN_WARNING, "Unknown error code: "
-                                "[0x%.16x]\n", err_code);
+                                "[0x%.16lx]\n", err_code);
                 rc = -EINVAL;
         }
         return rc;
@@ -130,7 +130,7 @@ int ecryptfs_write_packet_length(char *dest, size_t size,
         } else {
                 rc = -EINVAL;
                 ecryptfs_printk(KERN_WARNING,
-                                "Unsupported packet size: [%d]\n", size);
+                                "Unsupported packet size: [%zd]\n", size);
         }
         return rc;
 }
@@ -446,6 +446,7 @@ out:
  */
 static int
 ecryptfs_find_auth_tok_for_sig(
+        struct key **auth_tok_key,
         struct ecryptfs_auth_tok **auth_tok,
         struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
         char *sig)
@@ -453,12 +454,21 @@ ecryptfs_find_auth_tok_for_sig(
         struct ecryptfs_global_auth_tok *global_auth_tok;
         int rc = 0;
 
+        (*auth_tok_key) = NULL;
         (*auth_tok) = NULL;
         if (ecryptfs_find_global_auth_tok_for_sig(&global_auth_tok,
                                                   mount_crypt_stat, sig)) {
-                struct key *auth_tok_key;
 
-                rc = ecryptfs_keyring_auth_tok_for_sig(&auth_tok_key, auth_tok,
+                /* if the flag ECRYPTFS_GLOBAL_MOUNT_AUTH_TOK_ONLY is set in the
+                 * mount_crypt_stat structure, we prevent to use auth toks that
+                 * are not inserted through the ecryptfs_add_global_auth_tok
+                 * function.
+                 */
+                if (mount_crypt_stat->flags
+                                & ECRYPTFS_GLOBAL_MOUNT_AUTH_TOK_ONLY)
+                        return -EINVAL;
+
+                rc = ecryptfs_keyring_auth_tok_for_sig(auth_tok_key, auth_tok,
                                                        sig);
         } else
                 (*auth_tok) = global_auth_tok->global_auth_tok;
@@ -509,6 +519,7 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes,
                              char *filename, size_t filename_size)
 {
         struct ecryptfs_write_tag_70_packet_silly_stack *s;
+        struct key *auth_tok_key = NULL;
         int rc = 0;
 
         s = kmalloc(sizeof(*s), GFP_KERNEL);
@@ -606,6 +617,7 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes,
         }
         dest[s->i++] = s->cipher_code;
         rc = ecryptfs_find_auth_tok_for_sig(
+                &auth_tok_key,
                 &s->auth_tok, mount_crypt_stat,
                 mount_crypt_stat->global_default_fnek_sig);
         if (rc) {
@@ -753,6 +765,8 @@ out_free_unlock:
 out_unlock:
         mutex_unlock(s->tfm_mutex);
 out:
+        if (auth_tok_key)
+                key_put(auth_tok_key);
         kfree(s);
         return rc;
 }
@@ -798,6 +812,7 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size,
                              char *data, size_t max_packet_size)
 {
         struct ecryptfs_parse_tag_70_packet_silly_stack *s;
+        struct key *auth_tok_key = NULL;
         int rc = 0;
 
         (*packet_size) = 0;
@@ -910,7 +925,8 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size,
          * >= ECRYPTFS_MAX_IV_BYTES. */
         memset(s->iv, 0, ECRYPTFS_MAX_IV_BYTES);
         s->desc.info = s->iv;
-        rc = ecryptfs_find_auth_tok_for_sig(&s->auth_tok, mount_crypt_stat,
+        rc = ecryptfs_find_auth_tok_for_sig(&auth_tok_key,
+                                            &s->auth_tok, mount_crypt_stat,
                                             s->fnek_sig_hex);
         if (rc) {
                 printk(KERN_ERR "%s: Error attempting to find auth tok for "
@@ -986,6 +1002,8 @@ out:
                 (*filename_size) = 0;
                 (*filename) = NULL;
         }
+        if (auth_tok_key)
+                key_put(auth_tok_key);
         kfree(s);
         return rc;
 }
@@ -1557,14 +1575,19 @@ int ecryptfs_keyring_auth_tok_for_sig(struct key **auth_tok_key,
                        ECRYPTFS_VERSION_MAJOR,
                        ECRYPTFS_VERSION_MINOR);
                 rc = -EINVAL;
-                goto out;
+                goto out_release_key;
         }
         if ((*auth_tok)->token_type != ECRYPTFS_PASSWORD
             && (*auth_tok)->token_type != ECRYPTFS_PRIVATE_KEY) {
                 printk(KERN_ERR "Invalid auth_tok structure "
                        "returned from key query\n");
                 rc = -EINVAL;
-                goto out;
+                goto out_release_key;
+        }
+out_release_key:
+        if (rc) {
+                key_put(*auth_tok_key);
+                (*auth_tok_key) = NULL;
         }
 out:
         return rc;
@@ -1649,7 +1672,7 @@ decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
                auth_tok->session_key.decrypted_key_size);
         crypt_stat->flags |= ECRYPTFS_KEY_VALID;
         if (unlikely(ecryptfs_verbosity > 0)) {
-                ecryptfs_printk(KERN_DEBUG, "FEK of size [%d]:\n",
+                ecryptfs_printk(KERN_DEBUG, "FEK of size [%zd]:\n",
                                 crypt_stat->key_size);
                 ecryptfs_dump_hex(crypt_stat->key,
                                   crypt_stat->key_size);
@@ -1688,6 +1711,7 @@ int ecryptfs_parse_packet_set(struct ecryptfs_crypt_stat *crypt_stat,
         struct ecryptfs_auth_tok_list_item *auth_tok_list_item;
         size_t tag_11_contents_size;
         size_t tag_11_packet_size;
+        struct key *auth_tok_key = NULL;
         int rc = 0;
 
         INIT_LIST_HEAD(&auth_tok_list);
@@ -1730,7 +1754,7 @@ int ecryptfs_parse_packet_set(struct ecryptfs_crypt_stat *crypt_stat,
                         if (ECRYPTFS_SIG_SIZE != tag_11_contents_size) {
                                 ecryptfs_printk(KERN_ERR, "Expected "
                                                 "signature of size [%d]; "
-                                                "read size [%d]\n",
+                                                "read size [%zd]\n",
                                                 ECRYPTFS_SIG_SIZE,
                                                 tag_11_contents_size);
                                 rc = -EIO;
@@ -1763,8 +1787,8 @@ int ecryptfs_parse_packet_set(struct ecryptfs_crypt_stat *crypt_stat,
                         goto out_wipe_list;
                         break;
                 default:
-                        ecryptfs_printk(KERN_DEBUG, "No packet at offset "
-                                        "[%d] of the file header; hex value of "
+                        ecryptfs_printk(KERN_DEBUG, "No packet at offset [%zd] "
+                                        "of the file header; hex value of "
                                         "character is [0x%.2x]\n", i, src[i]);
                         next_packet_is_auth_tok_packet = 0;
                 }
@@ -1784,6 +1808,10 @@ int ecryptfs_parse_packet_set(struct ecryptfs_crypt_stat *crypt_stat,
          * just one will be sufficient to decrypt to get the FEK. */
 find_next_matching_auth_tok:
         found_auth_tok = 0;
+        if (auth_tok_key) {
+                key_put(auth_tok_key);
+                auth_tok_key = NULL;
+        }
         list_for_each_entry(auth_tok_list_item, &auth_tok_list, list) {
                 candidate_auth_tok = &auth_tok_list_item->auth_tok;
                 if (unlikely(ecryptfs_verbosity > 0)) {
@@ -1800,10 +1828,11 @@ find_next_matching_auth_tok:
                         rc = -EINVAL;
                         goto out_wipe_list;
                 }
-                ecryptfs_find_auth_tok_for_sig(&matching_auth_tok,
+                rc = ecryptfs_find_auth_tok_for_sig(&auth_tok_key,
+                                               &matching_auth_tok,
                                                crypt_stat->mount_crypt_stat,
                                                candidate_auth_tok_sig);
-                if (matching_auth_tok) {
+                if (!rc) {
                         found_auth_tok = 1;
                         goto found_matching_auth_tok;
                 }
@@ -1835,8 +1864,8 @@ found_matching_auth_tok:
                                 "session key for authentication token with sig "
                                 "[%.*s]; rc = [%d]. Removing auth tok "
                                 "candidate from the list and searching for "
-                                "the next match.\n", candidate_auth_tok_sig,
-                                ECRYPTFS_SIG_SIZE_HEX, rc);
+                                "the next match.\n", ECRYPTFS_SIG_SIZE_HEX,
+                                candidate_auth_tok_sig, rc);
                 list_for_each_entry_safe(auth_tok_list_item,
                                          auth_tok_list_item_tmp,
                                          &auth_tok_list, list) {
@@ -1866,6 +1895,8 @@ found_matching_auth_tok:
 out_wipe_list:
         wipe_auth_tok_list(&auth_tok_list);
 out:
+        if (auth_tok_key)
+                key_put(auth_tok_key);
         return rc;
 }
 
@@ -2137,7 +2168,7 @@ write_tag_3_packet(char *dest, size_t *remaining_bytes,
         if (encrypted_session_key_valid) {
                 ecryptfs_printk(KERN_DEBUG, "encrypted_session_key_valid != 0; "
                                 "using auth_tok->session_key.encrypted_key, "
-                                "where key_rec->enc_key_size = [%d]\n",
+                                "where key_rec->enc_key_size = [%zd]\n",
                                 key_rec->enc_key_size);
                 memcpy(key_rec->enc_key,
                        auth_tok->session_key.encrypted_key,
@@ -2167,7 +2198,7 @@ write_tag_3_packet(char *dest, size_t *remaining_bytes,
         if (rc < 1 || rc > 2) {
                 ecryptfs_printk(KERN_ERR, "Error generating scatterlist "
                                 "for crypt_stat session key; expected rc = 1; "
-                                "got rc = [%d]. key_rec->enc_key_size = [%d]\n",
+                                "got rc = [%d]. key_rec->enc_key_size = [%zd]\n",
                                 rc, key_rec->enc_key_size);
                 rc = -ENOMEM;
                 goto out;
@@ -2178,7 +2209,7 @@ write_tag_3_packet(char *dest, size_t *remaining_bytes,
                 ecryptfs_printk(KERN_ERR, "Error generating scatterlist "
                                 "for crypt_stat encrypted session key; "
                                 "expected rc = 1; got rc = [%d]. "
-                                "key_rec->enc_key_size = [%d]\n", rc,
+                                "key_rec->enc_key_size = [%zd]\n", rc,
                                 key_rec->enc_key_size);
                 rc = -ENOMEM;
                 goto out;
@@ -2193,7 +2224,7 @@ write_tag_3_packet(char *dest, size_t *remaining_bytes,
                 goto out;
         }
         rc = 0;
-        ecryptfs_printk(KERN_DEBUG, "Encrypting [%d] bytes of the key\n",
+        ecryptfs_printk(KERN_DEBUG, "Encrypting [%zd] bytes of the key\n",
                         crypt_stat->key_size);
         rc = crypto_blkcipher_encrypt(&desc, dst_sg, src_sg,
                                       (*key_rec).enc_key_size);
@@ -2204,7 +2235,7 @@ write_tag_3_packet(char *dest, size_t *remaining_bytes,
         }
         ecryptfs_printk(KERN_DEBUG, "This should be the encrypted key:\n");
         if (ecryptfs_verbosity > 0) {
-                ecryptfs_printk(KERN_DEBUG, "EFEK of size [%d]:\n",
+                ecryptfs_printk(KERN_DEBUG, "EFEK of size [%zd]:\n",
                                 key_rec->enc_key_size);
                 ecryptfs_dump_hex(key_rec->enc_key,
                                   key_rec->enc_key_size);
diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c
index cbd4e18adb20..758323a0f09a 100644
--- a/fs/ecryptfs/main.c
+++ b/fs/ecryptfs/main.c
@@ -36,6 +36,7 @@
 #include <linux/parser.h>
 #include <linux/fs_stack.h>
 #include <linux/slab.h>
+#include <linux/magic.h>
 #include "ecryptfs_kernel.h"
 
 /**
@@ -141,25 +142,12 @@ int ecryptfs_init_persistent_file(struct dentry *ecryptfs_dentry)
         return rc;
 }
 
-/**
- * ecryptfs_interpose
- * @lower_dentry: Existing dentry in the lower filesystem
- * @dentry: ecryptfs' dentry
- * @sb: ecryptfs's super_block
- * @flags: flags to govern behavior of interpose procedure
- *
- * Interposes upper and lower dentries.
- *
- * Returns zero on success; non-zero otherwise
- */
-int ecryptfs_interpose(struct dentry *lower_dentry, struct dentry *dentry,
-                       struct super_block *sb, u32 flags)
+static struct inode *ecryptfs_get_inode(struct inode *lower_inode,
+                       struct super_block *sb)
 {
-        struct inode *lower_inode;
         struct inode *inode;
         int rc = 0;
 
-        lower_inode = lower_dentry->d_inode;
         if (lower_inode->i_sb != ecryptfs_superblock_to_lower(sb)) {
                 rc = -EXDEV;
                 goto out;
@@ -189,17 +177,38 @@ int ecryptfs_interpose(struct dentry *lower_dentry, struct dentry *dentry,
         if (special_file(lower_inode->i_mode))
                 init_special_inode(inode, lower_inode->i_mode,
                                    lower_inode->i_rdev);
-        dentry->d_op = &ecryptfs_dops;
         fsstack_copy_attr_all(inode, lower_inode);
         /* This size will be overwritten for real files w/ headers and
          * other metadata */
         fsstack_copy_inode_size(inode, lower_inode);
+        return inode;
+out:
+        return ERR_PTR(rc);
+}
+
+/**
+ * ecryptfs_interpose
+ * @lower_dentry: Existing dentry in the lower filesystem
+ * @dentry: ecryptfs' dentry
+ * @sb: ecryptfs's super_block
+ * @flags: flags to govern behavior of interpose procedure
+ *
+ * Interposes upper and lower dentries.
+ *
+ * Returns zero on success; non-zero otherwise
+ */
+int ecryptfs_interpose(struct dentry *lower_dentry, struct dentry *dentry,
+                       struct super_block *sb, u32 flags)
+{
+        struct inode *lower_inode = lower_dentry->d_inode;
+        struct inode *inode = ecryptfs_get_inode(lower_inode, sb);
+        if (IS_ERR(inode))
+                return PTR_ERR(inode);
         if (flags & ECRYPTFS_INTERPOSE_FLAG_D_ADD)
                 d_add(dentry, inode);
         else
                 d_instantiate(dentry, inode);
-out:
-        return rc;
+        return 0;
 }
 
 enum { ecryptfs_opt_sig, ecryptfs_opt_ecryptfs_sig,
@@ -208,7 +217,8 @@ enum { ecryptfs_opt_sig, ecryptfs_opt_ecryptfs_sig,
        ecryptfs_opt_passthrough, ecryptfs_opt_xattr_metadata,
        ecryptfs_opt_encrypted_view, ecryptfs_opt_fnek_sig,
        ecryptfs_opt_fn_cipher, ecryptfs_opt_fn_cipher_key_bytes,
-       ecryptfs_opt_unlink_sigs, ecryptfs_opt_err };
+       ecryptfs_opt_unlink_sigs, ecryptfs_opt_mount_auth_tok_only,
+       ecryptfs_opt_err };
 
 static const match_table_t tokens = {
         {ecryptfs_opt_sig, "sig=%s"},
@@ -223,6 +233,7 @@ static const match_table_t tokens = {
         {ecryptfs_opt_fn_cipher, "ecryptfs_fn_cipher=%s"},
         {ecryptfs_opt_fn_cipher_key_bytes, "ecryptfs_fn_key_bytes=%u"},
         {ecryptfs_opt_unlink_sigs, "ecryptfs_unlink_sigs"},
+        {ecryptfs_opt_mount_auth_tok_only, "ecryptfs_mount_auth_tok_only"},
         {ecryptfs_opt_err, NULL}
 };
 
@@ -406,6 +417,10 @@ static int ecryptfs_parse_options(struct ecryptfs_sb_info *sbi, char *options)
                 case ecryptfs_opt_unlink_sigs:
                         mount_crypt_stat->flags |= ECRYPTFS_UNLINK_SIGS;
                         break;
+                case ecryptfs_opt_mount_auth_tok_only:
+                        mount_crypt_stat->flags |=
+                                ECRYPTFS_GLOBAL_MOUNT_AUTH_TOK_ONLY;
+                        break;
                 case ecryptfs_opt_err:
                 default:
                         printk(KERN_WARNING
@@ -486,68 +501,21 @@ struct kmem_cache *ecryptfs_sb_info_cache;
 static struct file_system_type ecryptfs_fs_type;
 
 /**
- * ecryptfs_read_super
- * @sb: The ecryptfs super block
- * @dev_name: The path to mount over
- *
- * Read the super block of the lower filesystem, and use
- * ecryptfs_interpose to create our initial inode and super block
- * struct.
- */
-static int ecryptfs_read_super(struct super_block *sb, const char *dev_name)
-{
-        struct path path;
-        int rc;
-
-        rc = kern_path(dev_name, LOOKUP_FOLLOW | LOOKUP_DIRECTORY, &path);
-        if (rc) {
-                ecryptfs_printk(KERN_WARNING, "path_lookup() failed\n");
-                goto out;
-        }
-        if (path.dentry->d_sb->s_type == &ecryptfs_fs_type) {
-                rc = -EINVAL;
-                printk(KERN_ERR "Mount on filesystem of type "
-                        "eCryptfs explicitly disallowed due to "
-                        "known incompatibilities\n");
-                goto out_free;
-        }
-        ecryptfs_set_superblock_lower(sb, path.dentry->d_sb);
-        sb->s_maxbytes = path.dentry->d_sb->s_maxbytes;
-        sb->s_blocksize = path.dentry->d_sb->s_blocksize;
-        ecryptfs_set_dentry_lower(sb->s_root, path.dentry);
-        ecryptfs_set_dentry_lower_mnt(sb->s_root, path.mnt);
-        rc = ecryptfs_interpose(path.dentry, sb->s_root, sb, 0);
-        if (rc)
-                goto out_free;
-        rc = 0;
-        goto out;
-out_free:
-        path_put(&path);
-out:
-        return rc;
-}
-
-/**
  * ecryptfs_get_sb
  * @fs_type
  * @flags
  * @dev_name: The path to mount over
  * @raw_data: The options passed into the kernel
- *
- * The whole ecryptfs_get_sb process is broken into 3 functions:
- * ecryptfs_parse_options(): handle options passed to ecryptfs, if any
- * ecryptfs_read_super(): this accesses the lower filesystem and uses
- *                        ecryptfs_interpose to perform most of the linking
- * ecryptfs_interpose(): links the lower filesystem into ecryptfs (inode.c)
  */
-static int ecryptfs_get_sb(struct file_system_type *fs_type, int flags,
-                        const char *dev_name, void *raw_data,
-                        struct vfsmount *mnt)
+static struct dentry *ecryptfs_mount(struct file_system_type *fs_type, int flags,
+                        const char *dev_name, void *raw_data)
 {
         struct super_block *s;
         struct ecryptfs_sb_info *sbi;
         struct ecryptfs_dentry_info *root_info;
         const char *err = "Getting sb failed";
+        struct inode *inode;
+        struct path path;
         int rc;
 
         sbi = kmem_cache_zalloc(ecryptfs_sb_info_cache, GFP_KERNEL);
@@ -570,10 +538,8 @@ static int ecryptfs_get_sb(struct file_system_type *fs_type, int flags,
 
         s->s_flags = flags;
         rc = bdi_setup_and_register(&sbi->bdi, "ecryptfs", BDI_CAP_MAP_COPY);
-        if (rc) {
-                deactivate_locked_super(s);
-                goto out;
-        }
+        if (rc)
+                goto out1;
 
         ecryptfs_set_superblock_private(s, sbi);
         s->s_bdi = &sbi->bdi;
@@ -581,42 +547,62 @@ static int ecryptfs_get_sb(struct file_system_type *fs_type, int flags,
         /* ->kill_sb() will take care of sbi after that point */
         sbi = NULL;
         s->s_op = &ecryptfs_sops;
+        s->s_d_op = &ecryptfs_dops;
 
-        rc = -ENOMEM;
-        s->s_root = d_alloc(NULL, &(const struct qstr) {
-                             .hash = 0,.name = "/",.len = 1});
+        err = "Reading sb failed";
+        rc = kern_path(dev_name, LOOKUP_FOLLOW | LOOKUP_DIRECTORY, &path);
+        if (rc) {
+                ecryptfs_printk(KERN_WARNING, "kern_path() failed\n");
+                goto out1;
+        }
+        if (path.dentry->d_sb->s_type == &ecryptfs_fs_type) {
+                rc = -EINVAL;
+                printk(KERN_ERR "Mount on filesystem of type "
+                        "eCryptfs explicitly disallowed due to "
+                        "known incompatibilities\n");
+                goto out_free;
+        }
+        ecryptfs_set_superblock_lower(s, path.dentry->d_sb);
+        s->s_maxbytes = path.dentry->d_sb->s_maxbytes;
+        s->s_blocksize = path.dentry->d_sb->s_blocksize;
+        s->s_magic = ECRYPTFS_SUPER_MAGIC;
+
+        inode = ecryptfs_get_inode(path.dentry->d_inode, s);
+        rc = PTR_ERR(inode);
+        if (IS_ERR(inode))
+                goto out_free;
+
+        s->s_root = d_alloc_root(inode);
         if (!s->s_root) {
-                deactivate_locked_super(s);
-                goto out;
+                iput(inode);
+                rc = -ENOMEM;
+                goto out_free;
         }
-        s->s_root->d_op = &ecryptfs_dops;
-        s->s_root->d_sb = s;
-        s->s_root->d_parent = s->s_root;
 
+        rc = -ENOMEM;
         root_info = kmem_cache_zalloc(ecryptfs_dentry_info_cache, GFP_KERNEL);
-        if (!root_info) {
-                deactivate_locked_super(s);
-                goto out;
-        }
+        if (!root_info)
+                goto out_free;
+
         /* ->kill_sb() will take care of root_info */
         ecryptfs_set_dentry_private(s->s_root, root_info);
+        ecryptfs_set_dentry_lower(s->s_root, path.dentry);
+        ecryptfs_set_dentry_lower_mnt(s->s_root, path.mnt);
+
         s->s_flags |= MS_ACTIVE;
-        rc = ecryptfs_read_super(s, dev_name);
-        if (rc) {
-                deactivate_locked_super(s);
-                err = "Reading sb failed";
-                goto out;
-        }
-        simple_set_mnt(mnt, s);
-        return 0;
+        return dget(s->s_root);
 
+out_free:
+        path_put(&path);
+out1:
+        deactivate_locked_super(s);
 out:
         if (sbi) {
                 ecryptfs_destroy_mount_crypt_stat(&sbi->mount_crypt_stat);
                 kmem_cache_free(ecryptfs_sb_info_cache, sbi);
         }
         printk(KERN_ERR "%s; rc = [%d]\n", err, rc);
-        return rc;
+        return ERR_PTR(rc);
 }
 
 /**
@@ -639,7 +625,7 @@ static void ecryptfs_kill_block_super(struct super_block *sb)
 static struct file_system_type ecryptfs_fs_type = {
         .owner = THIS_MODULE,
         .name = "ecryptfs",
-        .get_sb = ecryptfs_get_sb,
+        .mount = ecryptfs_mount,
         .kill_sb = ecryptfs_kill_block_super,
         .fs_flags = 0
 };
@@ -824,9 +810,10 @@ static int __init ecryptfs_init(void)
                 ecryptfs_printk(KERN_ERR, "The eCryptfs extent size is "
                                 "larger than the host's page size, and so "
                                 "eCryptfs cannot run on this system. The "
-                                "default eCryptfs extent size is [%d] bytes; "
-                                "the page size is [%d] bytes.\n",
-                                ECRYPTFS_DEFAULT_EXTENT_SIZE, PAGE_CACHE_SIZE);
+                                "default eCryptfs extent size is [%u] bytes; "
+                                "the page size is [%lu] bytes.\n",
+                                ECRYPTFS_DEFAULT_EXTENT_SIZE,
+                                (unsigned long)PAGE_CACHE_SIZE);
                 goto out;
         }
         rc = ecryptfs_init_kmem_caches();
diff --git a/fs/ecryptfs/miscdev.c b/fs/ecryptfs/miscdev.c
index 00208c3d7e92..940a82e63dc3 100644
--- a/fs/ecryptfs/miscdev.c
+++ b/fs/ecryptfs/miscdev.c
@@ -482,6 +482,7 @@ static const struct file_operations ecryptfs_miscdev_fops = {
         .read    = ecryptfs_miscdev_read,
         .write   = ecryptfs_miscdev_write,
         .release = ecryptfs_miscdev_release,
+        .llseek  = noop_llseek,
 };
 
 static struct miscdevice ecryptfs_miscdev = {
diff --git a/fs/ecryptfs/mmap.c b/fs/ecryptfs/mmap.c
index b1d82756544b..cc64fca89f8d 100644
--- a/fs/ecryptfs/mmap.c
+++ b/fs/ecryptfs/mmap.c
@@ -65,7 +65,7 @@ static int ecryptfs_writepage(struct page *page, struct writeback_control *wbc)
         rc = ecryptfs_encrypt_page(page);
         if (rc) {
                 ecryptfs_printk(KERN_WARNING, "Error encrypting "
-                                "page (upper index [0x%.16x])\n", page->index);
+                                "page (upper index [0x%.16lx])\n", page->index);
                 ClearPageUptodate(page);
                 goto out;
         }
@@ -237,7 +237,7 @@ out:
                 ClearPageUptodate(page);
         else
                 SetPageUptodate(page);
-        ecryptfs_printk(KERN_DEBUG, "Unlocking page with index = [0x%.16x]\n",
+        ecryptfs_printk(KERN_DEBUG, "Unlocking page with index = [0x%.16lx]\n",
                         page->index);
         unlock_page(page);
         return rc;
@@ -290,6 +290,7 @@ static int ecryptfs_write_begin(struct file *file,
                 return -ENOMEM;
         *pagep = page;
 
+        prev_page_end_size = ((loff_t)index << PAGE_CACHE_SHIFT);
         if (!PageUptodate(page)) {
                 struct ecryptfs_crypt_stat *crypt_stat =
                         &ecryptfs_inode_to_private(mapping->host)->crypt_stat;
@@ -335,18 +336,23 @@ static int ecryptfs_write_begin(struct file *file,
                                 SetPageUptodate(page);
                         }
                 } else {
-                        rc = ecryptfs_decrypt_page(page);
-                        if (rc) {
-                                printk(KERN_ERR "%s: Error decrypting page "
-                                       "at index [%ld]; rc = [%d]\n",
-                                       __func__, page->index, rc);
-                                ClearPageUptodate(page);
-                                goto out;
+                        if (prev_page_end_size
+                            >= i_size_read(page->mapping->host)) {
+                                zero_user(page, 0, PAGE_CACHE_SIZE);
+                        } else {
+                                rc = ecryptfs_decrypt_page(page);
+                                if (rc) {
+                                        printk(KERN_ERR "%s: Error decrypting "
+                                               "page at index [%ld]; "
+                                               "rc = [%d]\n",
+                                               __func__, page->index, rc);
+                                        ClearPageUptodate(page);
+                                        goto out;
+                                }
                         }
                         SetPageUptodate(page);
                 }
         }
-        prev_page_end_size = ((loff_t)index << PAGE_CACHE_SHIFT);
         /* If creating a page or more of holes, zero them out via truncate.
          * Note, this will increase i_size. */
         if (index != 0) {
@@ -488,7 +494,7 @@ static int ecryptfs_write_end(struct file *file,
         } else
                 ecryptfs_printk(KERN_DEBUG, "Not a new file\n");
         ecryptfs_printk(KERN_DEBUG, "Calling fill_zeros_to_end_of_page"
-                        "(page w/ index = [0x%.16x], to = [%d])\n", index, to);
+                        "(page w/ index = [0x%.16lx], to = [%d])\n", index, to);
         if (!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) {
                 rc = ecryptfs_write_lower_page_segment(ecryptfs_inode, page, 0,
                                                        to);
@@ -503,19 +509,20 @@ static int ecryptfs_write_end(struct file *file,
         rc = fill_zeros_to_end_of_page(page, to);
         if (rc) {
                 ecryptfs_printk(KERN_WARNING, "Error attempting to fill "
-                        "zeros in page with index = [0x%.16x]\n", index);
+                        "zeros in page with index = [0x%.16lx]\n", index);
                 goto out;
         }
         rc = ecryptfs_encrypt_page(page);
         if (rc) {
                 ecryptfs_printk(KERN_WARNING, "Error encrypting page (upper "
-                                "index [0x%.16x])\n", index);
+                                "index [0x%.16lx])\n", index);
                 goto out;
         }
         if (pos + copied > i_size_read(ecryptfs_inode)) {
                 i_size_write(ecryptfs_inode, pos + copied);
                 ecryptfs_printk(KERN_DEBUG, "Expanded file size to "
-                                "[0x%.16x]\n", i_size_read(ecryptfs_inode));
+                        "[0x%.16llx]\n",
+                        (unsigned long long)i_size_read(ecryptfs_inode));
         }
         rc = ecryptfs_write_inode_size_to_metadata(ecryptfs_inode);
         if (rc)
diff --git a/fs/ecryptfs/super.c b/fs/ecryptfs/super.c
index f7fc286a3aa9..3042fe123a34 100644
--- a/fs/ecryptfs/super.c
+++ b/fs/ecryptfs/super.c
@@ -28,7 +28,6 @@
 #include <linux/key.h>
 #include <linux/slab.h>
 #include <linux/seq_file.h>
-#include <linux/smp_lock.h>
 #include <linux/file.h>
 #include <linux/crypto.h>
 #include "ecryptfs_kernel.h"
@@ -63,6 +62,16 @@ out:
         return inode;
 }
 
+static void ecryptfs_i_callback(struct rcu_head *head)
+{
+        struct inode *inode = container_of(head, struct inode, i_rcu);
+        struct ecryptfs_inode_info *inode_info;
+        inode_info = ecryptfs_inode_to_private(inode);
+
+        INIT_LIST_HEAD(&inode->i_dentry);
+        kmem_cache_free(ecryptfs_inode_info_cache, inode_info);
+}
+
 /**
  * ecryptfs_destroy_inode
  * @inode: The ecryptfs inode
@@ -89,7 +98,7 @@ static void ecryptfs_destroy_inode(struct inode *inode)
                 }
         }
         ecryptfs_destroy_crypt_stat(&inode_info->crypt_stat);
-        kmem_cache_free(ecryptfs_inode_info_cache, inode_info);
+        call_rcu(&inode->i_rcu, ecryptfs_i_callback);
 }
 
 /**
@@ -180,6 +189,8 @@ static int ecryptfs_show_options(struct seq_file *m, struct vfsmount *mnt)
                 seq_printf(m, ",ecryptfs_encrypted_view");
         if (mount_crypt_stat->flags & ECRYPTFS_UNLINK_SIGS)
                 seq_printf(m, ",ecryptfs_unlink_sigs");
+        if (mount_crypt_stat->flags & ECRYPTFS_GLOBAL_MOUNT_AUTH_TOK_ONLY)
+                seq_printf(m, ",ecryptfs_mount_auth_tok_only");
 
         return 0;
 }