Merge tag 'ecryptfs-3.9-rc2-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tyhicks/ecryptfs

+8

fs/ecryptfs/Kconfig

··· 12 12 13 13 To compile this file system support as a module, choose M here: the 14 14 module will be called ecryptfs. 15 + 16 + config ECRYPT_FS_MESSAGING 17 + bool "Enable notifications for userspace key wrap/unwrap" 18 + depends on ECRYPT_FS 19 + help 20 + Enables the /dev/ecryptfs entry for use by ecryptfsd. This allows 21 + for userspace to wrap/unwrap file encryption keys by other 22 + backends, like OpenSSL.

+5 -2

fs/ecryptfs/Makefile

··· 1 1 # 2 - # Makefile for the Linux 2.6 eCryptfs 2 + # Makefile for the Linux eCryptfs 3 3 # 4 4 5 5 obj-$(CONFIG_ECRYPT_FS) += ecryptfs.o 6 6 7 - ecryptfs-objs := dentry.o file.o inode.o main.o super.o mmap.o read_write.o crypto.o keystore.o messaging.o miscdev.o kthread.o debug.o 7 + ecryptfs-y := dentry.o file.o inode.o main.o super.o mmap.o read_write.o \ 8 + crypto.o keystore.o kthread.o debug.o 9 + 10 + ecryptfs-$(CONFIG_ECRYPT_FS_MESSAGING) += messaging.o miscdev.o

+3 -6

fs/ecryptfs/crypto.c

··· 301 301 while (size > 0 && i < sg_size) { 302 302 pg = virt_to_page(addr); 303 303 offset = offset_in_page(addr); 304 - if (sg) 305 - sg_set_page(&sg[i], pg, 0, offset); 304 + sg_set_page(&sg[i], pg, 0, offset); 306 305 remainder_of_page = PAGE_CACHE_SIZE - offset; 307 306 if (size >= remainder_of_page) { 308 - if (sg) 309 - sg[i].length = remainder_of_page; 307 + sg[i].length = remainder_of_page; 310 308 addr += remainder_of_page; 311 309 size -= remainder_of_page; 312 310 } else { 313 - if (sg) 314 - sg[i].length = size; 311 + sg[i].length = size; 315 312 addr += size; 316 313 size = 0; 317 314 }

-2

fs/ecryptfs/dentry.c

··· 45 45 static int ecryptfs_d_revalidate(struct dentry *dentry, unsigned int flags) 46 46 { 47 47 struct dentry *lower_dentry; 48 - struct vfsmount *lower_mnt; 49 48 int rc = 1; 50 49 51 50 if (flags & LOOKUP_RCU) 52 51 return -ECHILD; 53 52 54 53 lower_dentry = ecryptfs_dentry_to_lower(dentry); 55 - lower_mnt = ecryptfs_dentry_to_lower_mnt(dentry); 56 54 if (!lower_dentry->d_op || !lower_dentry->d_op->d_revalidate) 57 55 goto out; 58 56 rc = lower_dentry->d_op->d_revalidate(lower_dentry, flags);

+38 -2

fs/ecryptfs/ecryptfs_kernel.h

··· 172 172 #define ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE 24 173 173 #define ECRYPTFS_ENCRYPTED_DENTRY_NAME_LEN (18 + 1 + 4 + 1 + 32) 174 174 175 + #ifdef CONFIG_ECRYPT_FS_MESSAGING 176 + # define ECRYPTFS_VERSIONING_MASK_MESSAGING (ECRYPTFS_VERSIONING_DEVMISC \ 177 + | ECRYPTFS_VERSIONING_PUBKEY) 178 + #else 179 + # define ECRYPTFS_VERSIONING_MASK_MESSAGING 0 180 + #endif 181 + 182 + #define ECRYPTFS_VERSIONING_MASK (ECRYPTFS_VERSIONING_PASSPHRASE \ 183 + | ECRYPTFS_VERSIONING_PLAINTEXT_PASSTHROUGH \ 184 + | ECRYPTFS_VERSIONING_XATTR \ 185 + | ECRYPTFS_VERSIONING_MULTKEY \ 186 + | ECRYPTFS_VERSIONING_MASK_MESSAGING \ 187 + | ECRYPTFS_VERSIONING_FILENAME_ENCRYPTION) 175 188 struct ecryptfs_key_sig { 176 189 struct list_head crypt_stat_list; 177 190 char keysig[ECRYPTFS_SIG_SIZE_HEX + 1]; ··· 412 399 struct hlist_node euid_chain; 413 400 }; 414 401 402 + #ifdef CONFIG_ECRYPT_FS_MESSAGING 415 403 extern struct mutex ecryptfs_daemon_hash_mux; 404 + #endif 416 405 417 406 static inline size_t 418 407 ecryptfs_lower_header_size(struct ecryptfs_crypt_stat *crypt_stat) ··· 625 610 ecryptfs_setxattr(struct dentry *dentry, const char *name, const void *value, 626 611 size_t size, int flags); 627 612 int ecryptfs_read_xattr_region(char *page_virt, struct inode *ecryptfs_inode); 613 + #ifdef CONFIG_ECRYPT_FS_MESSAGING 628 614 int ecryptfs_process_response(struct ecryptfs_daemon *daemon, 629 615 struct ecryptfs_message *msg, u32 seq); 630 616 int ecryptfs_send_message(char *data, int data_len, ··· 634 618 struct ecryptfs_message **emsg); 635 619 int ecryptfs_init_messaging(void); 636 620 void ecryptfs_release_messaging(void); 621 + #else 622 + static inline int ecryptfs_init_messaging(void) 623 + { 624 + return 0; 625 + } 626 + static inline void ecryptfs_release_messaging(void) 627 + { } 628 + static inline int ecryptfs_send_message(char *data, int data_len, 629 + struct ecryptfs_msg_ctx **msg_ctx) 630 + { 631 + return -ENOTCONN; 632 + } 633 + static inline int ecryptfs_wait_for_response(struct ecryptfs_msg_ctx *msg_ctx, 634 + struct ecryptfs_message **emsg) 635 + { 636 + return -ENOMSG; 637 + } 638 + #endif 637 639 638 640 void 639 641 ecryptfs_write_header_metadata(char *virt, ··· 689 655 size_t offset_in_page, size_t size, 690 656 struct inode *ecryptfs_inode); 691 657 struct page *ecryptfs_get_locked_page(struct inode *inode, loff_t index); 692 - int ecryptfs_exorcise_daemon(struct ecryptfs_daemon *daemon); 693 - int ecryptfs_find_daemon_by_euid(struct ecryptfs_daemon **daemon); 694 658 int ecryptfs_parse_packet_length(unsigned char *data, size_t *size, 695 659 size_t *length_size); 696 660 int ecryptfs_write_packet_length(char *dest, size_t size, 697 661 size_t *packet_size_length); 662 + #ifdef CONFIG_ECRYPT_FS_MESSAGING 698 663 int ecryptfs_init_ecryptfs_miscdev(void); 699 664 void ecryptfs_destroy_ecryptfs_miscdev(void); 700 665 int ecryptfs_send_miscdev(char *data, size_t data_size, ··· 702 669 void ecryptfs_msg_ctx_alloc_to_free(struct ecryptfs_msg_ctx *msg_ctx); 703 670 int 704 671 ecryptfs_spawn_daemon(struct ecryptfs_daemon **daemon, struct file *file); 672 + int ecryptfs_exorcise_daemon(struct ecryptfs_daemon *daemon); 673 + int ecryptfs_find_daemon_by_euid(struct ecryptfs_daemon **daemon); 674 + #endif 705 675 int ecryptfs_init_kthread(void); 706 676 void ecryptfs_destroy_kthread(void); 707 677 int ecryptfs_privileged_open(struct file **lower_file,

-2

fs/ecryptfs/file.c

··· 199 199 struct dentry *ecryptfs_dentry = file->f_path.dentry; 200 200 /* Private value of ecryptfs_dentry allocated in 201 201 * ecryptfs_lookup() */ 202 - struct dentry *lower_dentry; 203 202 struct ecryptfs_file_info *file_info; 204 203 205 204 mount_crypt_stat = &ecryptfs_superblock_to_private( ··· 221 222 rc = -ENOMEM; 222 223 goto out; 223 224 } 224 - lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry); 225 225 crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat; 226 226 mutex_lock(&crypt_stat->cs_mutex); 227 227 if (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED)) {

+4 -4

fs/ecryptfs/inode.c

··· 999 999 return rc; 1000 1000 } 1001 1001 1002 - int ecryptfs_getattr_link(struct vfsmount *mnt, struct dentry *dentry, 1003 - struct kstat *stat) 1002 + static int ecryptfs_getattr_link(struct vfsmount *mnt, struct dentry *dentry, 1003 + struct kstat *stat) 1004 1004 { 1005 1005 struct ecryptfs_mount_crypt_stat *mount_crypt_stat; 1006 1006 int rc = 0; ··· 1021 1021 return rc; 1022 1022 } 1023 1023 1024 - int ecryptfs_getattr(struct vfsmount *mnt, struct dentry *dentry, 1025 - struct kstat *stat) 1024 + static int ecryptfs_getattr(struct vfsmount *mnt, struct dentry *dentry, 1025 + struct kstat *stat) 1026 1026 { 1027 1027 struct kstat lower_stat; 1028 1028 int rc;

+4 -5

fs/ecryptfs/keystore.c

··· 1150 1150 struct ecryptfs_message *msg = NULL; 1151 1151 char *auth_tok_sig; 1152 1152 char *payload; 1153 - size_t payload_len; 1153 + size_t payload_len = 0; 1154 1154 int rc; 1155 1155 1156 1156 rc = ecryptfs_get_auth_tok_sig(&auth_tok_sig, auth_tok); ··· 1168 1168 rc = ecryptfs_send_message(payload, payload_len, &msg_ctx); 1169 1169 if (rc) { 1170 1170 ecryptfs_printk(KERN_ERR, "Error sending message to " 1171 - "ecryptfsd\n"); 1171 + "ecryptfsd: %d\n", rc); 1172 1172 goto out; 1173 1173 } 1174 1174 rc = ecryptfs_wait_for_response(msg_ctx, &msg); ··· 1202 1202 crypt_stat->key_size); 1203 1203 } 1204 1204 out: 1205 - if (msg) 1206 - kfree(msg); 1205 + kfree(msg); 1207 1206 return rc; 1208 1207 } 1209 1208 ··· 1988 1989 rc = ecryptfs_send_message(payload, payload_len, &msg_ctx); 1989 1990 if (rc) { 1990 1991 ecryptfs_printk(KERN_ERR, "Error sending message to " 1991 - "ecryptfsd\n"); 1992 + "ecryptfsd: %d\n", rc); 1992 1993 goto out; 1993 1994 } 1994 1995 rc = ecryptfs_wait_for_response(msg_ctx, &msg);

+2 -3

fs/ecryptfs/messaging.c

··· 97 97 void ecryptfs_msg_ctx_alloc_to_free(struct ecryptfs_msg_ctx *msg_ctx) 98 98 { 99 99 list_move(&(msg_ctx->node), &ecryptfs_msg_ctx_free_list); 100 - if (msg_ctx->msg) 101 - kfree(msg_ctx->msg); 100 + kfree(msg_ctx->msg); 102 101 msg_ctx->msg = NULL; 103 102 msg_ctx->state = ECRYPTFS_MSG_CTX_STATE_FREE; 104 103 } ··· 282 283 int rc; 283 284 284 285 rc = ecryptfs_find_daemon_by_euid(&daemon); 285 - if (rc || !daemon) { 286 + if (rc) { 286 287 rc = -ENOTCONN; 287 288 goto out; 288 289 }

+2 -10

include/linux/ecryptfs.h

··· 6 6 #define ECRYPTFS_VERSION_MINOR 0x04 7 7 #define ECRYPTFS_SUPPORTED_FILE_VERSION 0x03 8 8 /* These flags indicate which features are supported by the kernel 9 - * module; userspace tools such as the mount helper read 10 - * ECRYPTFS_VERSIONING_MASK from a sysfs handle in order to determine 11 - * how to behave. */ 9 + * module; userspace tools such as the mount helper read the feature 10 + * bits from a sysfs handle in order to determine how to behave. */ 12 11 #define ECRYPTFS_VERSIONING_PASSPHRASE 0x00000001 13 12 #define ECRYPTFS_VERSIONING_PUBKEY 0x00000002 14 13 #define ECRYPTFS_VERSIONING_PLAINTEXT_PASSTHROUGH 0x00000004 ··· 18 19 #define ECRYPTFS_VERSIONING_HMAC 0x00000080 19 20 #define ECRYPTFS_VERSIONING_FILENAME_ENCRYPTION 0x00000100 20 21 #define ECRYPTFS_VERSIONING_GCM 0x00000200 21 - #define ECRYPTFS_VERSIONING_MASK (ECRYPTFS_VERSIONING_PASSPHRASE \ 22 - | ECRYPTFS_VERSIONING_PLAINTEXT_PASSTHROUGH \ 23 - | ECRYPTFS_VERSIONING_PUBKEY \ 24 - | ECRYPTFS_VERSIONING_XATTR \ 25 - | ECRYPTFS_VERSIONING_MULTKEY \ 26 - | ECRYPTFS_VERSIONING_DEVMISC \ 27 - | ECRYPTFS_VERSIONING_FILENAME_ENCRYPTION) 28 22 #define ECRYPTFS_MAX_PASSWORD_LENGTH 64 29 23 #define ECRYPTFS_MAX_PASSPHRASE_BYTES ECRYPTFS_MAX_PASSWORD_LENGTH 30 24 #define ECRYPTFS_SALT_SIZE 8