Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
tjh.dev
kernel
os
linux
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ecryptfs/ecryptfs-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ecryptfs/ecryptfs-2.6:
ecryptfs: use after free
ecryptfs: Eliminate useless code
ecryptfs: fix interpose/interpolate typos in comments
ecryptfs: pass matching flags to interpose as defined and used there
ecryptfs: remove unnecessary d_drop calls in ecryptfs_link
ecryptfs: don't ignore return value from lock_rename
ecryptfs: initialize private persistent file before dereferencing pointer
eCryptfs: Remove mmap from directory operations
eCryptfs: Add getattr function
eCryptfs: Use notify_change for truncating lower inodes
+2
-2
fs/ecryptfs/crypto.c
+2
-2
fs/ecryptfs/crypto.c
···
1748
char *cipher_name, size_t *key_size)
1749
{
1750
char dummy_key[ECRYPTFS_MAX_KEY_BYTES];
1751
-
char *full_alg_name;
1752
int rc;
1753
1754
*key_tfm = NULL;
···
1763
if (rc)
1764
goto out;
1765
*key_tfm = crypto_alloc_blkcipher(full_alg_name, 0, CRYPTO_ALG_ASYNC);
1766
-
kfree(full_alg_name);
1767
if (IS_ERR(*key_tfm)) {
1768
rc = PTR_ERR(*key_tfm);
1769
printk(KERN_ERR "Unable to allocate crypto cipher with name "
···
1785
goto out;
1786
}
1787
out:
1788
return rc;
1789
}
1790
···
1748
char *cipher_name, size_t *key_size)
1749
{
1750
char dummy_key[ECRYPTFS_MAX_KEY_BYTES];
1751
+
char *full_alg_name = NULL;
1752
int rc;
1753
1754
*key_tfm = NULL;
···
1763
if (rc)
1764
goto out;
1765
*key_tfm = crypto_alloc_blkcipher(full_alg_name, 0, CRYPTO_ALG_ASYNC);
1766
if (IS_ERR(*key_tfm)) {
1767
rc = PTR_ERR(*key_tfm);
1768
printk(KERN_ERR "Unable to allocate crypto cipher with name "
···
1786
goto out;
1787
}
1788
out:
1789
+
kfree(full_alg_name);
1790
return rc;
1791
}
1792
+8
-9
fs/ecryptfs/file.c
+8
-9
fs/ecryptfs/file.c
···
158
struct dentry *ecryptfs_dentry = file->f_path.dentry;
159
/* Private value of ecryptfs_dentry allocated in
160
* ecryptfs_lookup() */
161
-
struct dentry *lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry);
162
struct ecryptfs_file_info *file_info;
163
164
mount_crypt_stat = &ecryptfs_superblock_to_private(
···
191
| ECRYPTFS_ENCRYPTED);
192
}
193
mutex_unlock(&crypt_stat->cs_mutex);
194
-
if ((ecryptfs_inode_to_private(inode)->lower_file->f_flags & O_RDONLY)
195
-
&& !(file->f_flags & O_RDONLY)) {
196
-
rc = -EPERM;
197
-
printk(KERN_WARNING "%s: Lower persistent file is RO; eCryptfs "
198
-
"file must hence be opened RO\n", __func__);
199
-
goto out;
200
-
}
201
if (!ecryptfs_inode_to_private(inode)->lower_file) {
202
rc = ecryptfs_init_persistent_file(ecryptfs_dentry);
203
if (rc) {
···
200
ecryptfs_dentry->d_name.name, rc);
201
goto out;
202
}
203
}
204
ecryptfs_set_file_lower(
205
file, ecryptfs_inode_to_private(inode)->lower_file);
···
299
const struct file_operations ecryptfs_dir_fops = {
300
.readdir = ecryptfs_readdir,
301
.ioctl = ecryptfs_ioctl,
302
-
.mmap = generic_file_mmap,
303
.open = ecryptfs_open,
304
.flush = ecryptfs_flush,
305
.release = ecryptfs_release,
···
158
struct dentry *ecryptfs_dentry = file->f_path.dentry;
159
/* Private value of ecryptfs_dentry allocated in
160
* ecryptfs_lookup() */
161
+
struct dentry *lower_dentry;
162
struct ecryptfs_file_info *file_info;
163
164
mount_crypt_stat = &ecryptfs_superblock_to_private(
···
191
| ECRYPTFS_ENCRYPTED);
192
}
193
mutex_unlock(&crypt_stat->cs_mutex);
194
if (!ecryptfs_inode_to_private(inode)->lower_file) {
195
rc = ecryptfs_init_persistent_file(ecryptfs_dentry);
196
if (rc) {
···
207
ecryptfs_dentry->d_name.name, rc);
208
goto out;
209
}
210
+
}
211
+
if ((ecryptfs_inode_to_private(inode)->lower_file->f_flags & O_RDONLY)
212
+
&& !(file->f_flags & O_RDONLY)) {
213
+
rc = -EPERM;
214
+
printk(KERN_WARNING "%s: Lower persistent file is RO; eCryptfs "
215
+
"file must hence be opened RO\n", __func__);
216
+
goto out;
217
}
218
ecryptfs_set_file_lower(
219
file, ecryptfs_inode_to_private(inode)->lower_file);
···
299
const struct file_operations ecryptfs_dir_fops = {
300
.readdir = ecryptfs_readdir,
301
.ioctl = ecryptfs_ioctl,
302
.open = ecryptfs_open,
303
.flush = ecryptfs_flush,
304
.release = ecryptfs_release,
+97
-37
fs/ecryptfs/inode.c
+97
-37
fs/ecryptfs/inode.c
···
282
goto out;
283
}
284
rc = ecryptfs_interpose(lower_dentry, ecryptfs_dentry,
285
-
ecryptfs_dir_inode->i_sb, 1);
286
if (rc) {
287
printk(KERN_ERR "%s: Error interposing; rc = [%d]\n",
288
__func__, rc);
···
464
unlock_dir(lower_dir_dentry);
465
dput(lower_new_dentry);
466
dput(lower_old_dentry);
467
-
d_drop(lower_old_dentry);
468
-
d_drop(new_dentry);
469
-
d_drop(old_dentry);
470
return rc;
471
}
472
···
612
struct dentry *lower_new_dentry;
613
struct dentry *lower_old_dir_dentry;
614
struct dentry *lower_new_dir_dentry;
615
616
lower_old_dentry = ecryptfs_dentry_to_lower(old_dentry);
617
lower_new_dentry = ecryptfs_dentry_to_lower(new_dentry);
···
620
dget(lower_new_dentry);
621
lower_old_dir_dentry = dget_parent(lower_old_dentry);
622
lower_new_dir_dentry = dget_parent(lower_new_dentry);
623
-
lock_rename(lower_old_dir_dentry, lower_new_dir_dentry);
624
rc = vfs_rename(lower_old_dir_dentry->d_inode, lower_old_dentry,
625
lower_new_dir_dentry->d_inode, lower_new_dentry);
626
if (rc)
···
781
}
782
783
/**
784
-
* ecryptfs_truncate
785
* @dentry: The ecryptfs layer dentry
786
-
* @new_length: The length to expand the file to
787
*
788
* Function to handle truncations modifying the size of the file. Note
789
* that the file sizes are interpolated. When expanding, we are simply
790
-
* writing strings of 0's out. When truncating, we need to modify the
791
-
* underlying file size according to the page index interpolations.
792
*
793
* Returns zero on success; non-zero otherwise
794
*/
795
-
int ecryptfs_truncate(struct dentry *dentry, loff_t new_length)
796
{
797
int rc = 0;
798
struct inode *inode = dentry->d_inode;
···
808
loff_t lower_size_before_truncate;
809
loff_t lower_size_after_truncate;
810
811
-
if (unlikely((new_length == i_size)))
812
goto out;
813
crypt_stat = &ecryptfs_inode_to_private(dentry->d_inode)->crypt_stat;
814
/* Set up a fake ecryptfs file, this is used to interface with
815
* the file in the underlying filesystem so that the
···
831
&fake_ecryptfs_file,
832
ecryptfs_inode_to_private(dentry->d_inode)->lower_file);
833
/* Switch on growing or shrinking file */
834
-
if (new_length > i_size) {
835
char zero[] = { 0x00 };
836
837
/* Write a single 0 at the last position of the file;
838
* this triggers code that will fill in 0's throughout
839
* the intermediate portion of the previous end of the
840
* file and the new and of the file */
841
rc = ecryptfs_write(&fake_ecryptfs_file, zero,
842
-
(new_length - 1), 1);
843
-
} else { /* new_length < i_size_read(inode) */
844
-
/* We're chopping off all the pages down do the page
845
-
* in which new_length is located. Fill in the end of
846
-
* that page from (new_length & ~PAGE_CACHE_MASK) to
847
* PAGE_CACHE_SIZE with zeros. */
848
size_t num_zeros = (PAGE_CACHE_SIZE
849
-
- (new_length & ~PAGE_CACHE_MASK));
850
851
if (!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) {
852
-
rc = vmtruncate(inode, new_length);
853
if (rc)
854
goto out_free;
855
-
rc = vmtruncate(lower_dentry->d_inode, new_length);
856
goto out_free;
857
}
858
if (num_zeros) {
···
866
goto out_free;
867
}
868
rc = ecryptfs_write(&fake_ecryptfs_file, zeros_virt,
869
-
new_length, num_zeros);
870
kfree(zeros_virt);
871
if (rc) {
872
printk(KERN_ERR "Error attempting to zero out "
···
875
goto out_free;
876
}
877
}
878
-
vmtruncate(inode, new_length);
879
rc = ecryptfs_write_inode_size_to_metadata(inode);
880
if (rc) {
881
printk(KERN_ERR "Problem with "
···
888
lower_size_before_truncate =
889
upper_size_to_lower_size(crypt_stat, i_size);
890
lower_size_after_truncate =
891
-
upper_size_to_lower_size(crypt_stat, new_length);
892
-
if (lower_size_after_truncate < lower_size_before_truncate)
893
-
vmtruncate(lower_dentry->d_inode,
894
-
lower_size_after_truncate);
895
}
896
out_free:
897
if (ecryptfs_file_to_private(&fake_ecryptfs_file))
898
kmem_cache_free(ecryptfs_file_info_cache,
899
ecryptfs_file_to_private(&fake_ecryptfs_file));
900
out:
901
return rc;
902
}
903
···
952
{
953
int rc = 0;
954
struct dentry *lower_dentry;
955
struct inode *inode;
956
struct inode *lower_inode;
957
struct ecryptfs_crypt_stat *crypt_stat;
···
991
}
992
}
993
mutex_unlock(&crypt_stat->cs_mutex);
994
if (ia->ia_valid & ATTR_SIZE) {
995
-
ecryptfs_printk(KERN_DEBUG,
996
-
"ia->ia_valid = [0x%x] ATTR_SIZE" " = [0x%x]\n",
997
-
ia->ia_valid, ATTR_SIZE);
998
-
rc = ecryptfs_truncate(dentry, ia->ia_size);
999
-
/* ecryptfs_truncate handles resizing of the lower file */
1000
-
ia->ia_valid &= ~ATTR_SIZE;
1001
-
ecryptfs_printk(KERN_DEBUG, "ia->ia_valid = [%x]\n",
1002
-
ia->ia_valid);
1003
if (rc < 0)
1004
goto out;
1005
}
···
1004
* mode change is for clearing setuid/setgid bits. Allow lower fs
1005
* to interpret this in its own way.
1006
*/
1007
-
if (ia->ia_valid & (ATTR_KILL_SUID | ATTR_KILL_SGID))
1008
-
ia->ia_valid &= ~ATTR_MODE;
1009
1010
mutex_lock(&lower_dentry->d_inode->i_mutex);
1011
-
rc = notify_change(lower_dentry, ia);
1012
mutex_unlock(&lower_dentry->d_inode->i_mutex);
1013
out:
1014
fsstack_copy_attr_all(inode, lower_inode);
1015
return rc;
1016
}
1017
···
1159
const struct inode_operations ecryptfs_main_iops = {
1160
.permission = ecryptfs_permission,
1161
.setattr = ecryptfs_setattr,
1162
.setxattr = ecryptfs_setxattr,
1163
.getxattr = ecryptfs_getxattr,
1164
.listxattr = ecryptfs_listxattr,
···
282
goto out;
283
}
284
rc = ecryptfs_interpose(lower_dentry, ecryptfs_dentry,
285
+
ecryptfs_dir_inode->i_sb,
286
+
ECRYPTFS_INTERPOSE_FLAG_D_ADD);
287
if (rc) {
288
printk(KERN_ERR "%s: Error interposing; rc = [%d]\n",
289
__func__, rc);
···
463
unlock_dir(lower_dir_dentry);
464
dput(lower_new_dentry);
465
dput(lower_old_dentry);
466
return rc;
467
}
468
···
614
struct dentry *lower_new_dentry;
615
struct dentry *lower_old_dir_dentry;
616
struct dentry *lower_new_dir_dentry;
617
+
struct dentry *trap = NULL;
618
619
lower_old_dentry = ecryptfs_dentry_to_lower(old_dentry);
620
lower_new_dentry = ecryptfs_dentry_to_lower(new_dentry);
···
621
dget(lower_new_dentry);
622
lower_old_dir_dentry = dget_parent(lower_old_dentry);
623
lower_new_dir_dentry = dget_parent(lower_new_dentry);
624
+
trap = lock_rename(lower_old_dir_dentry, lower_new_dir_dentry);
625
+
/* source should not be ancestor of target */
626
+
if (trap == lower_old_dentry) {
627
+
rc = -EINVAL;
628
+
goto out_lock;
629
+
}
630
+
/* target should not be ancestor of source */
631
+
if (trap == lower_new_dentry) {
632
+
rc = -ENOTEMPTY;
633
+
goto out_lock;
634
+
}
635
rc = vfs_rename(lower_old_dir_dentry->d_inode, lower_old_dentry,
636
lower_new_dir_dentry->d_inode, lower_new_dentry);
637
if (rc)
···
772
}
773
774
/**
775
+
* truncate_upper
776
* @dentry: The ecryptfs layer dentry
777
+
* @ia: Address of the ecryptfs inode's attributes
778
+
* @lower_ia: Address of the lower inode's attributes
779
*
780
* Function to handle truncations modifying the size of the file. Note
781
* that the file sizes are interpolated. When expanding, we are simply
782
+
* writing strings of 0's out. When truncating, we truncate the upper
783
+
* inode and update the lower_ia according to the page index
784
+
* interpolations. If ATTR_SIZE is set in lower_ia->ia_valid upon return,
785
+
* the caller must use lower_ia in a call to notify_change() to perform
786
+
* the truncation of the lower inode.
787
*
788
* Returns zero on success; non-zero otherwise
789
*/
790
+
static int truncate_upper(struct dentry *dentry, struct iattr *ia,
791
+
struct iattr *lower_ia)
792
{
793
int rc = 0;
794
struct inode *inode = dentry->d_inode;
···
794
loff_t lower_size_before_truncate;
795
loff_t lower_size_after_truncate;
796
797
+
if (unlikely((ia->ia_size == i_size))) {
798
+
lower_ia->ia_valid &= ~ATTR_SIZE;
799
goto out;
800
+
}
801
crypt_stat = &ecryptfs_inode_to_private(dentry->d_inode)->crypt_stat;
802
/* Set up a fake ecryptfs file, this is used to interface with
803
* the file in the underlying filesystem so that the
···
815
&fake_ecryptfs_file,
816
ecryptfs_inode_to_private(dentry->d_inode)->lower_file);
817
/* Switch on growing or shrinking file */
818
+
if (ia->ia_size > i_size) {
819
char zero[] = { 0x00 };
820
821
+
lower_ia->ia_valid &= ~ATTR_SIZE;
822
/* Write a single 0 at the last position of the file;
823
* this triggers code that will fill in 0's throughout
824
* the intermediate portion of the previous end of the
825
* file and the new and of the file */
826
rc = ecryptfs_write(&fake_ecryptfs_file, zero,
827
+
(ia->ia_size - 1), 1);
828
+
} else { /* ia->ia_size < i_size_read(inode) */
829
+
/* We're chopping off all the pages down to the page
830
+
* in which ia->ia_size is located. Fill in the end of
831
+
* that page from (ia->ia_size & ~PAGE_CACHE_MASK) to
832
* PAGE_CACHE_SIZE with zeros. */
833
size_t num_zeros = (PAGE_CACHE_SIZE
834
+
- (ia->ia_size & ~PAGE_CACHE_MASK));
835
836
if (!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) {
837
+
rc = vmtruncate(inode, ia->ia_size);
838
if (rc)
839
goto out_free;
840
+
lower_ia->ia_size = ia->ia_size;
841
+
lower_ia->ia_valid |= ATTR_SIZE;
842
goto out_free;
843
}
844
if (num_zeros) {
···
848
goto out_free;
849
}
850
rc = ecryptfs_write(&fake_ecryptfs_file, zeros_virt,
851
+
ia->ia_size, num_zeros);
852
kfree(zeros_virt);
853
if (rc) {
854
printk(KERN_ERR "Error attempting to zero out "
···
857
goto out_free;
858
}
859
}
860
+
vmtruncate(inode, ia->ia_size);
861
rc = ecryptfs_write_inode_size_to_metadata(inode);
862
if (rc) {
863
printk(KERN_ERR "Problem with "
···
870
lower_size_before_truncate =
871
upper_size_to_lower_size(crypt_stat, i_size);
872
lower_size_after_truncate =
873
+
upper_size_to_lower_size(crypt_stat, ia->ia_size);
874
+
if (lower_size_after_truncate < lower_size_before_truncate) {
875
+
lower_ia->ia_size = lower_size_after_truncate;
876
+
lower_ia->ia_valid |= ATTR_SIZE;
877
+
} else
878
+
lower_ia->ia_valid &= ~ATTR_SIZE;
879
}
880
out_free:
881
if (ecryptfs_file_to_private(&fake_ecryptfs_file))
882
kmem_cache_free(ecryptfs_file_info_cache,
883
ecryptfs_file_to_private(&fake_ecryptfs_file));
884
out:
885
+
return rc;
886
+
}
887
+
888
+
/**
889
+
* ecryptfs_truncate
890
+
* @dentry: The ecryptfs layer dentry
891
+
* @new_length: The length to expand the file to
892
+
*
893
+
* Simple function that handles the truncation of an eCryptfs inode and
894
+
* its corresponding lower inode.
895
+
*
896
+
* Returns zero on success; non-zero otherwise
897
+
*/
898
+
int ecryptfs_truncate(struct dentry *dentry, loff_t new_length)
899
+
{
900
+
struct iattr ia = { .ia_valid = ATTR_SIZE, .ia_size = new_length };
901
+
struct iattr lower_ia = { .ia_valid = 0 };
902
+
int rc;
903
+
904
+
rc = truncate_upper(dentry, &ia, &lower_ia);
905
+
if (!rc && lower_ia.ia_valid & ATTR_SIZE) {
906
+
struct dentry *lower_dentry = ecryptfs_dentry_to_lower(dentry);
907
+
908
+
mutex_lock(&lower_dentry->d_inode->i_mutex);
909
+
rc = notify_change(lower_dentry, &lower_ia);
910
+
mutex_unlock(&lower_dentry->d_inode->i_mutex);
911
+
}
912
return rc;
913
}
914
···
905
{
906
int rc = 0;
907
struct dentry *lower_dentry;
908
+
struct iattr lower_ia;
909
struct inode *inode;
910
struct inode *lower_inode;
911
struct ecryptfs_crypt_stat *crypt_stat;
···
943
}
944
}
945
mutex_unlock(&crypt_stat->cs_mutex);
946
+
memcpy(&lower_ia, ia, sizeof(lower_ia));
947
+
if (ia->ia_valid & ATTR_FILE)
948
+
lower_ia.ia_file = ecryptfs_file_to_lower(ia->ia_file);
949
if (ia->ia_valid & ATTR_SIZE) {
950
+
rc = truncate_upper(dentry, ia, &lower_ia);
951
if (rc < 0)
952
goto out;
953
}
···
960
* mode change is for clearing setuid/setgid bits. Allow lower fs
961
* to interpret this in its own way.
962
*/
963
+
if (lower_ia.ia_valid & (ATTR_KILL_SUID | ATTR_KILL_SGID))
964
+
lower_ia.ia_valid &= ~ATTR_MODE;
965
966
mutex_lock(&lower_dentry->d_inode->i_mutex);
967
+
rc = notify_change(lower_dentry, &lower_ia);
968
mutex_unlock(&lower_dentry->d_inode->i_mutex);
969
out:
970
fsstack_copy_attr_all(inode, lower_inode);
971
+
return rc;
972
+
}
973
+
974
+
int ecryptfs_getattr(struct vfsmount *mnt, struct dentry *dentry,
975
+
struct kstat *stat)
976
+
{
977
+
struct kstat lower_stat;
978
+
int rc;
979
+
980
+
rc = vfs_getattr(ecryptfs_dentry_to_lower_mnt(dentry),
981
+
ecryptfs_dentry_to_lower(dentry), &lower_stat);
982
+
if (!rc) {
983
+
generic_fillattr(dentry->d_inode, stat);
984
+
stat->blocks = lower_stat.blocks;
985
+
}
986
return rc;
987
}
988
···
1100
const struct inode_operations ecryptfs_main_iops = {
1101
.permission = ecryptfs_permission,
1102
.setattr = ecryptfs_setattr,
1103
+
.getattr = ecryptfs_getattr,
1104
.setxattr = ecryptfs_setxattr,
1105
.getxattr = ecryptfs_getxattr,
1106
.listxattr = ecryptfs_listxattr,
+2
-2
fs/ecryptfs/main.c
+2
-2
fs/ecryptfs/main.c
···
585
* with as much information as it can before needing
586
* the lower filesystem.
587
* ecryptfs_read_super(): this accesses the lower filesystem and uses
588
-
* ecryptfs_interpolate to perform most of the linking
589
-
* ecryptfs_interpolate(): links the lower filesystem into ecryptfs
590
*/
591
static int ecryptfs_get_sb(struct file_system_type *fs_type, int flags,
592
const char *dev_name, void *raw_data,
···
585
* with as much information as it can before needing
586
* the lower filesystem.
587
* ecryptfs_read_super(): this accesses the lower filesystem and uses
588
+
* ecryptfs_interpose to perform most of the linking
589
+
* ecryptfs_interpose(): links the lower filesystem into ecryptfs (inode.c)
590
*/
591
static int ecryptfs_get_sb(struct file_system_type *fs_type, int flags,
592
const char *dev_name, void *raw_data,