Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ecryptfs/ecryptfs-2.6

+18 -19

fs/ecryptfs/crypto.c

··· 382 382 static void ecryptfs_lower_offset_for_extent(loff_t *offset, loff_t extent_num, 383 383 struct ecryptfs_crypt_stat *crypt_stat) 384 384 { 385 - (*offset) = (crypt_stat->num_header_bytes_at_front 386 - + (crypt_stat->extent_size * extent_num)); 385 + (*offset) = ecryptfs_lower_header_size(crypt_stat) 386 + + (crypt_stat->extent_size * extent_num); 387 387 } 388 388 389 389 /** ··· 835 835 set_extent_mask_and_shift(crypt_stat); 836 836 crypt_stat->iv_bytes = ECRYPTFS_DEFAULT_IV_BYTES; 837 837 if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR) 838 - crypt_stat->num_header_bytes_at_front = 0; 838 + crypt_stat->metadata_size = ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE; 839 839 else { 840 840 if (PAGE_CACHE_SIZE <= ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE) 841 - crypt_stat->num_header_bytes_at_front = 841 + crypt_stat->metadata_size = 842 842 ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE; 843 843 else 844 - crypt_stat->num_header_bytes_at_front = PAGE_CACHE_SIZE; 844 + crypt_stat->metadata_size = PAGE_CACHE_SIZE; 845 845 } 846 846 } 847 847 ··· 1108 1108 (*written) = MAGIC_ECRYPTFS_MARKER_SIZE_BYTES; 1109 1109 } 1110 1110 1111 - static void 1112 - write_ecryptfs_flags(char *page_virt, struct ecryptfs_crypt_stat *crypt_stat, 1113 - size_t *written) 1111 + void ecryptfs_write_crypt_stat_flags(char *page_virt, 1112 + struct ecryptfs_crypt_stat *crypt_stat, 1113 + size_t *written) 1114 1114 { 1115 1115 u32 flags = 0; 1116 1116 int i; ··· 1238 1238 1239 1239 header_extent_size = (u32)crypt_stat->extent_size; 1240 1240 num_header_extents_at_front = 1241 - (u16)(crypt_stat->num_header_bytes_at_front 1242 - / crypt_stat->extent_size); 1241 + (u16)(crypt_stat->metadata_size / crypt_stat->extent_size); 1243 1242 put_unaligned_be32(header_extent_size, virt); 1244 1243 virt += 4; 1245 1244 put_unaligned_be16(num_header_extents_at_front, virt); ··· 1291 1292 offset = ECRYPTFS_FILE_SIZE_BYTES; 1292 1293 write_ecryptfs_marker((page_virt + offset), &written); 1293 1294 offset += written; 1294 - write_ecryptfs_flags((page_virt + offset), crypt_stat, &written); 1295 + ecryptfs_write_crypt_stat_flags((page_virt + offset), crypt_stat, 1296 + &written); 1295 1297 offset += written; 1296 1298 ecryptfs_write_header_metadata((page_virt + offset), crypt_stat, 1297 1299 &written); ··· 1382 1382 rc = -EINVAL; 1383 1383 goto out; 1384 1384 } 1385 - virt_len = crypt_stat->num_header_bytes_at_front; 1385 + virt_len = crypt_stat->metadata_size; 1386 1386 order = get_order(virt_len); 1387 1387 /* Released in this function */ 1388 1388 virt = (char *)ecryptfs_get_zeroed_pages(GFP_KERNEL, order); ··· 1428 1428 header_extent_size = get_unaligned_be32(virt); 1429 1429 virt += sizeof(__be32); 1430 1430 num_header_extents_at_front = get_unaligned_be16(virt); 1431 - crypt_stat->num_header_bytes_at_front = 1432 - (((size_t)num_header_extents_at_front 1433 - * (size_t)header_extent_size)); 1431 + crypt_stat->metadata_size = (((size_t)num_header_extents_at_front 1432 + * (size_t)header_extent_size)); 1434 1433 (*bytes_read) = (sizeof(__be32) + sizeof(__be16)); 1435 1434 if ((validate_header_size == ECRYPTFS_VALIDATE_HEADER_SIZE) 1436 - && (crypt_stat->num_header_bytes_at_front 1435 + && (crypt_stat->metadata_size 1437 1436 < ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE)) { 1438 1437 rc = -EINVAL; 1439 1438 printk(KERN_WARNING "Invalid header size: [%zd]\n", 1440 - crypt_stat->num_header_bytes_at_front); 1439 + crypt_stat->metadata_size); 1441 1440 } 1442 1441 return rc; 1443 1442 } ··· 1451 1452 */ 1452 1453 static void set_default_header_data(struct ecryptfs_crypt_stat *crypt_stat) 1453 1454 { 1454 - crypt_stat->num_header_bytes_at_front = 1455 - ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE; 1455 + crypt_stat->metadata_size = ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE; 1456 1456 } 1457 1457 1458 1458 /** ··· 1605 1607 ecryptfs_dentry, 1606 1608 ECRYPTFS_VALIDATE_HEADER_SIZE); 1607 1609 if (rc) { 1610 + memset(page_virt, 0, PAGE_CACHE_SIZE); 1608 1611 rc = ecryptfs_read_xattr_region(page_virt, ecryptfs_inode); 1609 1612 if (rc) { 1610 1613 printk(KERN_DEBUG "Valid eCryptfs headers not found in "

+12 -1

fs/ecryptfs/ecryptfs_kernel.h

··· 273 273 u32 flags; 274 274 unsigned int file_version; 275 275 size_t iv_bytes; 276 - size_t num_header_bytes_at_front; 276 + size_t metadata_size; 277 277 size_t extent_size; /* Data extent size; default is 4096 */ 278 278 size_t key_size; 279 279 size_t extent_shift; ··· 464 464 465 465 extern struct mutex ecryptfs_daemon_hash_mux; 466 466 467 + static inline size_t 468 + ecryptfs_lower_header_size(struct ecryptfs_crypt_stat *crypt_stat) 469 + { 470 + if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR) 471 + return 0; 472 + return crypt_stat->metadata_size; 473 + } 474 + 467 475 static inline struct ecryptfs_file_info * 468 476 ecryptfs_file_to_private(struct file *file) 469 477 { ··· 659 651 int ecryptfs_write_metadata(struct dentry *ecryptfs_dentry); 660 652 int ecryptfs_read_metadata(struct dentry *ecryptfs_dentry); 661 653 int ecryptfs_new_file_context(struct dentry *ecryptfs_dentry); 654 + void ecryptfs_write_crypt_stat_flags(char *page_virt, 655 + struct ecryptfs_crypt_stat *crypt_stat, 656 + size_t *written); 662 657 int ecryptfs_read_and_validate_header_region(char *data, 663 658 struct inode *ecryptfs_inode); 664 659 int ecryptfs_read_and_validate_xattr_region(char *page_virt,

+67 -62

fs/ecryptfs/inode.c

··· 324 324 rc = ecryptfs_read_and_validate_header_region(page_virt, 325 325 ecryptfs_dentry->d_inode); 326 326 if (rc) { 327 + memset(page_virt, 0, PAGE_CACHE_SIZE); 327 328 rc = ecryptfs_read_and_validate_xattr_region(page_virt, 328 329 ecryptfs_dentry); 329 330 if (rc) { ··· 337 336 ecryptfs_dentry->d_sb)->mount_crypt_stat; 338 337 if (mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED) { 339 338 if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR) 340 - file_size = (crypt_stat->num_header_bytes_at_front 339 + file_size = (crypt_stat->metadata_size 341 340 + i_size_read(lower_dentry->d_inode)); 342 341 else 343 342 file_size = i_size_read(lower_dentry->d_inode); ··· 389 388 mutex_unlock(&lower_dir_dentry->d_inode->i_mutex); 390 389 if (IS_ERR(lower_dentry)) { 391 390 rc = PTR_ERR(lower_dentry); 392 - printk(KERN_ERR "%s: lookup_one_len() returned [%d] on " 393 - "lower_dentry = [%s]\n", __func__, rc, 394 - ecryptfs_dentry->d_name.name); 391 + ecryptfs_printk(KERN_DEBUG, "%s: lookup_one_len() returned " 392 + "[%d] on lower_dentry = [%s]\n", __func__, rc, 393 + encrypted_and_encoded_name); 395 394 goto out_d_drop; 396 395 } 397 396 if (lower_dentry->d_inode) ··· 418 417 mutex_unlock(&lower_dir_dentry->d_inode->i_mutex); 419 418 if (IS_ERR(lower_dentry)) { 420 419 rc = PTR_ERR(lower_dentry); 421 - printk(KERN_ERR "%s: lookup_one_len() returned [%d] on " 422 - "lower_dentry = [%s]\n", __func__, rc, 423 - encrypted_and_encoded_name); 420 + ecryptfs_printk(KERN_DEBUG, "%s: lookup_one_len() returned " 421 + "[%d] on lower_dentry = [%s]\n", __func__, rc, 422 + encrypted_and_encoded_name); 424 423 goto out_d_drop; 425 424 } 426 425 lookup_and_interpose: ··· 457 456 rc = ecryptfs_interpose(lower_new_dentry, new_dentry, dir->i_sb, 0); 458 457 if (rc) 459 458 goto out_lock; 460 - fsstack_copy_attr_times(dir, lower_new_dentry->d_inode); 461 - fsstack_copy_inode_size(dir, lower_new_dentry->d_inode); 459 + fsstack_copy_attr_times(dir, lower_dir_dentry->d_inode); 460 + fsstack_copy_inode_size(dir, lower_dir_dentry->d_inode); 462 461 old_dentry->d_inode->i_nlink = 463 462 ecryptfs_inode_to_lower(old_dentry->d_inode)->i_nlink; 464 463 i_size_write(new_dentry->d_inode, file_size_save); ··· 649 648 return rc; 650 649 } 651 650 652 - static int 653 - ecryptfs_readlink(struct dentry *dentry, char __user *buf, int bufsiz) 651 + static int ecryptfs_readlink_lower(struct dentry *dentry, char **buf, 652 + size_t *bufsiz) 654 653 { 654 + struct dentry *lower_dentry = ecryptfs_dentry_to_lower(dentry); 655 655 char *lower_buf; 656 - size_t lower_bufsiz; 657 - struct dentry *lower_dentry; 658 - struct ecryptfs_mount_crypt_stat *mount_crypt_stat; 659 - char *plaintext_name; 660 - size_t plaintext_name_size; 656 + size_t lower_bufsiz = PATH_MAX; 661 657 mm_segment_t old_fs; 662 658 int rc; 663 659 664 - lower_dentry = ecryptfs_dentry_to_lower(dentry); 665 - if (!lower_dentry->d_inode->i_op->readlink) { 666 - rc = -EINVAL; 667 - goto out; 668 - } 669 - mount_crypt_stat = &ecryptfs_superblock_to_private( 670 - dentry->d_sb)->mount_crypt_stat; 671 - /* 672 - * If the lower filename is encrypted, it will result in a significantly 673 - * longer name. If needed, truncate the name after decode and decrypt. 674 - */ 675 - if (mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES) 676 - lower_bufsiz = PATH_MAX; 677 - else 678 - lower_bufsiz = bufsiz; 679 - /* Released in this function */ 680 660 lower_buf = kmalloc(lower_bufsiz, GFP_KERNEL); 681 - if (lower_buf == NULL) { 682 - printk(KERN_ERR "%s: Out of memory whilst attempting to " 683 - "kmalloc [%zd] bytes\n", __func__, lower_bufsiz); 661 + if (!lower_buf) { 684 662 rc = -ENOMEM; 685 663 goto out; 686 664 } ··· 669 689 (char __user *)lower_buf, 670 690 lower_bufsiz); 671 691 set_fs(old_fs); 672 - if (rc >= 0) { 673 - rc = ecryptfs_decode_and_decrypt_filename(&plaintext_name, 674 - &plaintext_name_size, 675 - dentry, lower_buf, 676 - rc); 677 - if (rc) { 678 - printk(KERN_ERR "%s: Error attempting to decode and " 679 - "decrypt filename; rc = [%d]\n", __func__, 680 - rc); 681 - goto out_free_lower_buf; 682 - } 683 - /* Check for bufsiz <= 0 done in sys_readlinkat() */ 684 - rc = copy_to_user(buf, plaintext_name, 685 - min((size_t) bufsiz, plaintext_name_size)); 686 - if (rc) 687 - rc = -EFAULT; 688 - else 689 - rc = plaintext_name_size; 690 - kfree(plaintext_name); 691 - fsstack_copy_attr_atime(dentry->d_inode, lower_dentry->d_inode); 692 - } 693 - out_free_lower_buf: 692 + if (rc < 0) 693 + goto out; 694 + lower_bufsiz = rc; 695 + rc = ecryptfs_decode_and_decrypt_filename(buf, bufsiz, dentry, 696 + lower_buf, lower_bufsiz); 697 + out: 694 698 kfree(lower_buf); 699 + return rc; 700 + } 701 + 702 + static int 703 + ecryptfs_readlink(struct dentry *dentry, char __user *buf, int bufsiz) 704 + { 705 + char *kbuf; 706 + size_t kbufsiz, copied; 707 + int rc; 708 + 709 + rc = ecryptfs_readlink_lower(dentry, &kbuf, &kbufsiz); 710 + if (rc) 711 + goto out; 712 + copied = min_t(size_t, bufsiz, kbufsiz); 713 + rc = copy_to_user(buf, kbuf, copied) ? -EFAULT : copied; 714 + kfree(kbuf); 715 + fsstack_copy_attr_atime(dentry->d_inode, 716 + ecryptfs_dentry_to_lower(dentry)->d_inode); 695 717 out: 696 718 return rc; 697 719 } ··· 751 769 { 752 770 loff_t lower_size; 753 771 754 - lower_size = crypt_stat->num_header_bytes_at_front; 772 + lower_size = ecryptfs_lower_header_size(crypt_stat); 755 773 if (upper_size != 0) { 756 774 loff_t num_extents; 757 775 ··· 998 1016 return rc; 999 1017 } 1000 1018 1019 + int ecryptfs_getattr_link(struct vfsmount *mnt, struct dentry *dentry, 1020 + struct kstat *stat) 1021 + { 1022 + struct ecryptfs_mount_crypt_stat *mount_crypt_stat; 1023 + int rc = 0; 1024 + 1025 + mount_crypt_stat = &ecryptfs_superblock_to_private( 1026 + dentry->d_sb)->mount_crypt_stat; 1027 + generic_fillattr(dentry->d_inode, stat); 1028 + if (mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES) { 1029 + char *target; 1030 + size_t targetsiz; 1031 + 1032 + rc = ecryptfs_readlink_lower(dentry, &target, &targetsiz); 1033 + if (!rc) { 1034 + kfree(target); 1035 + stat->size = targetsiz; 1036 + } 1037 + } 1038 + return rc; 1039 + } 1040 + 1001 1041 int ecryptfs_getattr(struct vfsmount *mnt, struct dentry *dentry, 1002 1042 struct kstat *stat) 1003 1043 { ··· 1044 1040 1045 1041 lower_dentry = ecryptfs_dentry_to_lower(dentry); 1046 1042 if (!lower_dentry->d_inode->i_op->setxattr) { 1047 - rc = -ENOSYS; 1043 + rc = -EOPNOTSUPP; 1048 1044 goto out; 1049 1045 } 1050 1046 mutex_lock(&lower_dentry->d_inode->i_mutex); ··· 1062 1058 int rc = 0; 1063 1059 1064 1060 if (!lower_dentry->d_inode->i_op->getxattr) { 1065 - rc = -ENOSYS; 1061 + rc = -EOPNOTSUPP; 1066 1062 goto out; 1067 1063 } 1068 1064 mutex_lock(&lower_dentry->d_inode->i_mutex); ··· 1089 1085 1090 1086 lower_dentry = ecryptfs_dentry_to_lower(dentry); 1091 1087 if (!lower_dentry->d_inode->i_op->listxattr) { 1092 - rc = -ENOSYS; 1088 + rc = -EOPNOTSUPP; 1093 1089 goto out; 1094 1090 } 1095 1091 mutex_lock(&lower_dentry->d_inode->i_mutex); ··· 1106 1102 1107 1103 lower_dentry = ecryptfs_dentry_to_lower(dentry); 1108 1104 if (!lower_dentry->d_inode->i_op->removexattr) { 1109 - rc = -ENOSYS; 1105 + rc = -EOPNOTSUPP; 1110 1106 goto out; 1111 1107 } 1112 1108 mutex_lock(&lower_dentry->d_inode->i_mutex); ··· 1137 1133 .put_link = ecryptfs_put_link, 1138 1134 .permission = ecryptfs_permission, 1139 1135 .setattr = ecryptfs_setattr, 1136 + .getattr = ecryptfs_getattr_link, 1140 1137 .setxattr = ecryptfs_setxattr, 1141 1138 .getxattr = ecryptfs_getxattr, 1142 1139 .listxattr = ecryptfs_listxattr,

+21 -17

fs/ecryptfs/mmap.c

··· 83 83 return rc; 84 84 } 85 85 86 + static void strip_xattr_flag(char *page_virt, 87 + struct ecryptfs_crypt_stat *crypt_stat) 88 + { 89 + if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR) { 90 + size_t written; 91 + 92 + crypt_stat->flags &= ~ECRYPTFS_METADATA_IN_XATTR; 93 + ecryptfs_write_crypt_stat_flags(page_virt, crypt_stat, 94 + &written); 95 + crypt_stat->flags |= ECRYPTFS_METADATA_IN_XATTR; 96 + } 97 + } 98 + 86 99 /** 87 100 * Header Extent: 88 101 * Octets 0-7: Unencrypted file size (big-endian) ··· 111 98 * (big-endian) 112 99 * Octet 26: Begin RFC 2440 authentication token packet set 113 100 */ 114 - static void set_header_info(char *page_virt, 115 - struct ecryptfs_crypt_stat *crypt_stat) 116 - { 117 - size_t written; 118 - size_t save_num_header_bytes_at_front = 119 - crypt_stat->num_header_bytes_at_front; 120 - 121 - crypt_stat->num_header_bytes_at_front = 122 - ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE; 123 - ecryptfs_write_header_metadata(page_virt + 20, crypt_stat, &written); 124 - crypt_stat->num_header_bytes_at_front = 125 - save_num_header_bytes_at_front; 126 - } 127 101 128 102 /** 129 103 * ecryptfs_copy_up_encrypted_with_header ··· 136 136 * num_extents_per_page) 137 137 + extent_num_in_page); 138 138 size_t num_header_extents_at_front = 139 - (crypt_stat->num_header_bytes_at_front 140 - / crypt_stat->extent_size); 139 + (crypt_stat->metadata_size / crypt_stat->extent_size); 141 140 142 141 if (view_extent_num < num_header_extents_at_front) { 143 142 /* This is a header extent */ ··· 146 147 memset(page_virt, 0, PAGE_CACHE_SIZE); 147 148 /* TODO: Support more than one header extent */ 148 149 if (view_extent_num == 0) { 150 + size_t written; 151 + 149 152 rc = ecryptfs_read_xattr_region( 150 153 page_virt, page->mapping->host); 151 - set_header_info(page_virt, crypt_stat); 154 + strip_xattr_flag(page_virt + 16, crypt_stat); 155 + ecryptfs_write_header_metadata(page_virt + 20, 156 + crypt_stat, 157 + &written); 152 158 } 153 159 kunmap_atomic(page_virt, KM_USER0); 154 160 flush_dcache_page(page); ··· 166 162 /* This is an encrypted data extent */ 167 163 loff_t lower_offset = 168 164 ((view_extent_num * crypt_stat->extent_size) 169 - - crypt_stat->num_header_bytes_at_front); 165 + - crypt_stat->metadata_size); 170 166 171 167 rc = ecryptfs_read_lower_page_segment( 172 168 page, (lower_offset >> PAGE_CACHE_SHIFT),

-1

fs/ecryptfs/super.c

··· 86 86 if (lower_dentry->d_inode) { 87 87 fput(inode_info->lower_file); 88 88 inode_info->lower_file = NULL; 89 - d_drop(lower_dentry); 90 89 } 91 90 } 92 91 ecryptfs_destroy_crypt_stat(&inode_info->crypt_stat);

Configure Feed

Configure Feed