Merge tag 'ecryptfs-3.3-rc4-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tyhicks/ecryptfs

+61 -7

fs/ecryptfs/crypto.c

··· 1990 1990 return; 1991 1991 } 1992 1992 1993 + static size_t ecryptfs_max_decoded_size(size_t encoded_size) 1994 + { 1995 + /* Not exact; conservatively long. Every block of 4 1996 + * encoded characters decodes into a block of 3 1997 + * decoded characters. This segment of code provides 1998 + * the caller with the maximum amount of allocated 1999 + * space that @dst will need to point to in a 2000 + * subsequent call. */ 2001 + return ((encoded_size + 1) * 3) / 4; 2002 + } 2003 + 1993 2004 /** 1994 2005 * ecryptfs_decode_from_filename 1995 2006 * @dst: If NULL, this function only sets @dst_size and returns. If ··· 2019 2008 size_t dst_byte_offset = 0; 2020 2009 2021 2010 if (dst == NULL) { 2022 - /* Not exact; conservatively long. Every block of 4 2023 - * encoded characters decodes into a block of 3 2024 - * decoded characters. This segment of code provides 2025 - * the caller with the maximum amount of allocated 2026 - * space that @dst will need to point to in a 2027 - * subsequent call. */ 2028 - (*dst_size) = (((src_size + 1) * 3) / 4); 2011 + (*dst_size) = ecryptfs_max_decoded_size(src_size); 2029 2012 goto out; 2030 2013 } 2031 2014 while (src_byte_offset < src_size) { ··· 2243 2238 kfree(decoded_name); 2244 2239 out: 2245 2240 return rc; 2241 + } 2242 + 2243 + #define ENC_NAME_MAX_BLOCKLEN_8_OR_16 143 2244 + 2245 + int ecryptfs_set_f_namelen(long *namelen, long lower_namelen, 2246 + struct ecryptfs_mount_crypt_stat *mount_crypt_stat) 2247 + { 2248 + struct blkcipher_desc desc; 2249 + struct mutex *tfm_mutex; 2250 + size_t cipher_blocksize; 2251 + int rc; 2252 + 2253 + if (!(mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES)) { 2254 + (*namelen) = lower_namelen; 2255 + return 0; 2256 + } 2257 + 2258 + rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&desc.tfm, &tfm_mutex, 2259 + mount_crypt_stat->global_default_fn_cipher_name); 2260 + if (unlikely(rc)) { 2261 + (*namelen) = 0; 2262 + return rc; 2263 + } 2264 + 2265 + mutex_lock(tfm_mutex); 2266 + cipher_blocksize = crypto_blkcipher_blocksize(desc.tfm); 2267 + mutex_unlock(tfm_mutex); 2268 + 2269 + /* Return an exact amount for the common cases */ 2270 + if (lower_namelen == NAME_MAX 2271 + && (cipher_blocksize == 8 || cipher_blocksize == 16)) { 2272 + (*namelen) = ENC_NAME_MAX_BLOCKLEN_8_OR_16; 2273 + return 0; 2274 + } 2275 + 2276 + /* Return a safe estimate for the uncommon cases */ 2277 + (*namelen) = lower_namelen; 2278 + (*namelen) -= ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE; 2279 + /* Since this is the max decoded size, subtract 1 "decoded block" len */ 2280 + (*namelen) = ecryptfs_max_decoded_size(*namelen) - 3; 2281 + (*namelen) -= ECRYPTFS_TAG_70_MAX_METADATA_SIZE; 2282 + (*namelen) -= ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES; 2283 + /* Worst case is that the filename is padded nearly a full block size */ 2284 + (*namelen) -= cipher_blocksize - 1; 2285 + 2286 + if ((*namelen) < 0) 2287 + (*namelen) = 0; 2288 + 2289 + return 0; 2246 2290 }

+6

fs/ecryptfs/ecryptfs_kernel.h

··· 162 162 #define ECRYPTFS_NON_NULL 0x42 /* A reasonable substitute for NULL */ 163 163 #define MD5_DIGEST_SIZE 16 164 164 #define ECRYPTFS_TAG_70_DIGEST_SIZE MD5_DIGEST_SIZE 165 + #define ECRYPTFS_TAG_70_MIN_METADATA_SIZE (1 + ECRYPTFS_MIN_PKT_LEN_SIZE \ 166 + + ECRYPTFS_SIG_SIZE + 1 + 1) 167 + #define ECRYPTFS_TAG_70_MAX_METADATA_SIZE (1 + ECRYPTFS_MAX_PKT_LEN_SIZE \ 168 + + ECRYPTFS_SIG_SIZE + 1 + 1) 165 169 #define ECRYPTFS_FEK_ENCRYPTED_FILENAME_PREFIX "ECRYPTFS_FEK_ENCRYPTED." 166 170 #define ECRYPTFS_FEK_ENCRYPTED_FILENAME_PREFIX_SIZE 23 167 171 #define ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX "ECRYPTFS_FNEK_ENCRYPTED." ··· 705 701 size_t *packet_size, 706 702 struct ecryptfs_mount_crypt_stat *mount_crypt_stat, 707 703 char *data, size_t max_packet_size); 704 + int ecryptfs_set_f_namelen(long *namelen, long lower_namelen, 705 + struct ecryptfs_mount_crypt_stat *mount_crypt_stat); 708 706 int ecryptfs_derive_iv(char *iv, struct ecryptfs_crypt_stat *crypt_stat, 709 707 loff_t offset); 710 708

+2

fs/ecryptfs/inode.c

··· 1085 1085 } 1086 1086 1087 1087 rc = vfs_setxattr(lower_dentry, name, value, size, flags); 1088 + if (!rc) 1089 + fsstack_copy_attr_all(dentry->d_inode, lower_dentry->d_inode); 1088 1090 out: 1089 1091 return rc; 1090 1092 }

+3 -6

fs/ecryptfs/keystore.c

··· 679 679 * Octets N3-N4: Block-aligned encrypted filename 680 680 * - Consists of a minimum number of random characters, a \0 681 681 * separator, and then the filename */ 682 - s->max_packet_size = (1 /* Tag 70 identifier */ 683 - + 3 /* Max Tag 70 packet size */ 684 - + ECRYPTFS_SIG_SIZE /* FNEK sig */ 685 - + 1 /* Cipher identifier */ 682 + s->max_packet_size = (ECRYPTFS_TAG_70_MAX_METADATA_SIZE 686 683 + s->block_aligned_filename_size); 687 684 if (dest == NULL) { 688 685 (*packet_size) = s->max_packet_size; ··· 931 934 goto out; 932 935 } 933 936 s->desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP; 934 - if (max_packet_size < (1 + 1 + ECRYPTFS_SIG_SIZE + 1 + 1)) { 937 + if (max_packet_size < ECRYPTFS_TAG_70_MIN_METADATA_SIZE) { 935 938 printk(KERN_WARNING "%s: max_packet_size is [%zd]; it must be " 936 939 "at least [%d]\n", __func__, max_packet_size, 937 - (1 + 1 + ECRYPTFS_SIG_SIZE + 1 + 1)); 940 + ECRYPTFS_TAG_70_MIN_METADATA_SIZE); 938 941 rc = -EINVAL; 939 942 goto out; 940 943 }

+2 -2

fs/ecryptfs/mmap.c

··· 150 150 /* This is a header extent */ 151 151 char *page_virt; 152 152 153 - page_virt = kmap_atomic(page, KM_USER0); 153 + page_virt = kmap_atomic(page); 154 154 memset(page_virt, 0, PAGE_CACHE_SIZE); 155 155 /* TODO: Support more than one header extent */ 156 156 if (view_extent_num == 0) { ··· 163 163 crypt_stat, 164 164 &written); 165 165 } 166 - kunmap_atomic(page_virt, KM_USER0); 166 + kunmap_atomic(page_virt); 167 167 flush_dcache_page(page); 168 168 if (rc) { 169 169 printk(KERN_ERR "%s: Error reading xattr "

+2 -2

fs/ecryptfs/read_write.c

··· 156 156 ecryptfs_page_idx, rc); 157 157 goto out; 158 158 } 159 - ecryptfs_page_virt = kmap_atomic(ecryptfs_page, KM_USER0); 159 + ecryptfs_page_virt = kmap_atomic(ecryptfs_page); 160 160 161 161 /* 162 162 * pos: where we're now writing, offset: where the request was ··· 179 179 (data + data_offset), num_bytes); 180 180 data_offset += num_bytes; 181 181 } 182 - kunmap_atomic(ecryptfs_page_virt, KM_USER0); 182 + kunmap_atomic(ecryptfs_page_virt); 183 183 flush_dcache_page(ecryptfs_page); 184 184 SetPageUptodate(ecryptfs_page); 185 185 unlock_page(ecryptfs_page);

+13 -1

fs/ecryptfs/super.c

··· 30 30 #include <linux/seq_file.h> 31 31 #include <linux/file.h> 32 32 #include <linux/crypto.h> 33 + #include <linux/statfs.h> 34 + #include <linux/magic.h> 33 35 #include "ecryptfs_kernel.h" 34 36 35 37 struct kmem_cache *ecryptfs_inode_info_cache; ··· 104 102 static int ecryptfs_statfs(struct dentry *dentry, struct kstatfs *buf) 105 103 { 106 104 struct dentry *lower_dentry = ecryptfs_dentry_to_lower(dentry); 105 + int rc; 107 106 108 107 if (!lower_dentry->d_sb->s_op->statfs) 109 108 return -ENOSYS; 110 - return lower_dentry->d_sb->s_op->statfs(lower_dentry, buf); 109 + 110 + rc = lower_dentry->d_sb->s_op->statfs(lower_dentry, buf); 111 + if (rc) 112 + return rc; 113 + 114 + buf->f_type = ECRYPTFS_SUPER_MAGIC; 115 + rc = ecryptfs_set_f_namelen(&buf->f_namelen, buf->f_namelen, 116 + &ecryptfs_superblock_to_private(dentry->d_sb)->mount_crypt_stat); 117 + 118 + return rc; 111 119 } 112 120 113 121 /**

Configure Feed

Configure Feed