Diff markup
1 /** 1 /**
2 * eCryptfs: Linux filesystem encryption layer 2 * eCryptfs: Linux filesystem encryption layer
3 * 3 *
4 * Copyright (C) 1997-2003 Erez Zadok 4 * Copyright (C) 1997-2003 Erez Zadok
5 * Copyright (C) 2001-2003 Stony Brook Univers 5 * Copyright (C) 2001-2003 Stony Brook University
6 * Copyright (C) 2004-2007 International Busin 6 * Copyright (C) 2004-2007 International Business Machines Corp.
7 * Author(s): Michael A. Halcrow <mahalcro@u 7 * Author(s): Michael A. Halcrow <mahalcro@us.ibm.com>
8 * Michael C. Thompson <mcthomps@ 8 * Michael C. Thompson <mcthomps@us.ibm.com>
9 * Tyler Hicks <tyhicks@ou.edu> 9 * Tyler Hicks <tyhicks@ou.edu>
10 * 10 *
11 * This program is free software; you can redi 11 * This program is free software; you can redistribute it and/or
12 * modify it under the terms of the GNU Genera 12 * modify it under the terms of the GNU General Public License as
13 * published by the Free Software Foundation; 13 * published by the Free Software Foundation; either version 2 of the
14 * License, or (at your option) any later vers 14 * License, or (at your option) any later version.
15 * 15 *
16 * This program is distributed in the hope tha 16 * This program is distributed in the hope that it will be useful, but
17 * WITHOUT ANY WARRANTY; without even the impl 17 * WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR 18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19 * General Public License for more details. 19 * General Public License for more details.
20 * 20 *
21 * You should have received a copy of the GNU 21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, write to t 22 * along with this program; if not, write to the Free Software
23 * Foundation, Inc., 59 Temple Place - Suite 3 23 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
24 * 02111-1307, USA. 24 * 02111-1307, USA.
25 */ 25 */
26 26
27 #include <linux/dcache.h> 27 #include <linux/dcache.h>
28 #include <linux/file.h> 28 #include <linux/file.h>
29 #include <linux/module.h> 29 #include <linux/module.h>
30 #include <linux/namei.h> 30 #include <linux/namei.h>
31 #include <linux/skbuff.h> 31 #include <linux/skbuff.h>
32 #include <linux/crypto.h> 32 #include <linux/crypto.h>
33 #include <linux/netlink.h> <<
34 #include <linux/mount.h> 33 #include <linux/mount.h>
35 #include <linux/pagemap.h> 34 #include <linux/pagemap.h>
36 #include <linux/key.h> 35 #include <linux/key.h>
37 #include <linux/parser.h> 36 #include <linux/parser.h>
38 #include <linux/fs_stack.h> 37 #include <linux/fs_stack.h>
>> 38 #include <linux/ima.h>
39 #include "ecryptfs_kernel.h" 39 #include "ecryptfs_kernel.h"
40 40
41 /** 41 /**
42 * Module parameter that defines the ecryptfs_ 42 * Module parameter that defines the ecryptfs_verbosity level.
43 */ 43 */
44 int ecryptfs_verbosity = 0; 44 int ecryptfs_verbosity = 0;
45 45
46 module_param(ecryptfs_verbosity, int, 0); 46 module_param(ecryptfs_verbosity, int, 0);
47 MODULE_PARM_DESC(ecryptfs_verbosity, 47 MODULE_PARM_DESC(ecryptfs_verbosity,
48 "Initial verbosity level (0 o 48 "Initial verbosity level (0 or 1; defaults to "
49 "0, which is Quiet)"); 49 "0, which is Quiet)");
50 50
51 /** 51 /**
52 * Module parameter that defines the number of !! 52 * Module parameter that defines the number of message buffer elements
53 * elements <<
54 */ 53 */
55 unsigned int ecryptfs_message_buf_len = ECRYPT 54 unsigned int ecryptfs_message_buf_len = ECRYPTFS_DEFAULT_MSG_CTX_ELEMS;
56 55
57 module_param(ecryptfs_message_buf_len, uint, 0 56 module_param(ecryptfs_message_buf_len, uint, 0);
58 MODULE_PARM_DESC(ecryptfs_message_buf_len, 57 MODULE_PARM_DESC(ecryptfs_message_buf_len,
59 "Number of message buffer ele 58 "Number of message buffer elements");
60 59
61 /** 60 /**
62 * Module parameter that defines the maximum g 61 * Module parameter that defines the maximum guaranteed amount of time to wait
63 * for a response through netlink. The actual !! 62 * for a response from ecryptfsd. The actual sleep time will be, more than
64 * likely, a small amount greater than this sp 63 * likely, a small amount greater than this specified value, but only less if
65 * the netlink message successfully arrives. !! 64 * the message successfully arrives.
66 */ 65 */
67 signed long ecryptfs_message_wait_timeout = EC 66 signed long ecryptfs_message_wait_timeout = ECRYPTFS_MAX_MSG_CTX_TTL / HZ;
68 67
69 module_param(ecryptfs_message_wait_timeout, lo 68 module_param(ecryptfs_message_wait_timeout, long, 0);
70 MODULE_PARM_DESC(ecryptfs_message_wait_timeout 69 MODULE_PARM_DESC(ecryptfs_message_wait_timeout,
71 "Maximum number of seconds th 70 "Maximum number of seconds that an operation will "
72 "sleep while waiting for a me 71 "sleep while waiting for a message response from "
73 "userspace"); 72 "userspace");
74 73
75 /** 74 /**
76 * Module parameter that is an estimate of the 75 * Module parameter that is an estimate of the maximum number of users
77 * that will be concurrently using eCryptfs. S 76 * that will be concurrently using eCryptfs. Set this to the right
78 * value to balance performance and memory use 77 * value to balance performance and memory use.
79 */ 78 */
80 unsigned int ecryptfs_number_of_users = ECRYPT 79 unsigned int ecryptfs_number_of_users = ECRYPTFS_DEFAULT_NUM_USERS;
81 80
82 module_param(ecryptfs_number_of_users, uint, 0 81 module_param(ecryptfs_number_of_users, uint, 0);
83 MODULE_PARM_DESC(ecryptfs_number_of_users, "An 82 MODULE_PARM_DESC(ecryptfs_number_of_users, "An estimate of the number of "
84 "concurrent users of eCryptfs 83 "concurrent users of eCryptfs");
85 84
86 unsigned int ecryptfs_transport = ECRYPTFS_DEF <<
87 <<
88 void __ecryptfs_printk(const char *fmt, ...) 85 void __ecryptfs_printk(const char *fmt, ...)
89 { 86 {
90 va_list args; 87 va_list args;
91 va_start(args, fmt); 88 va_start(args, fmt);
92 if (fmt[1] == '7') { /* KERN_DEBUG */ 89 if (fmt[1] == '7') { /* KERN_DEBUG */
93 if (ecryptfs_verbosity >= 1) 90 if (ecryptfs_verbosity >= 1)
94 vprintk(fmt, args); 91 vprintk(fmt, args);
95 } else 92 } else
96 vprintk(fmt, args); 93 vprintk(fmt, args);
97 va_end(args); 94 va_end(args);
98 } 95 }
99 96
100 /** 97 /**
101 * ecryptfs_init_persistent_file 98 * ecryptfs_init_persistent_file
102 * @ecryptfs_dentry: Fully initialized eCryptf 99 * @ecryptfs_dentry: Fully initialized eCryptfs dentry object, with
103 * the lower dentry and the 100 * the lower dentry and the lower mount set
104 * 101 *
105 * eCryptfs only ever keeps a single open file 102 * eCryptfs only ever keeps a single open file for every lower
106 * inode. All I/O operations to the lower inod 103 * inode. All I/O operations to the lower inode occur through that
107 * file. When the first eCryptfs dentry that i 104 * file. When the first eCryptfs dentry that interposes with the first
108 * lower dentry for that inode is created, thi 105 * lower dentry for that inode is created, this function creates the
109 * persistent file struct and associates it wi 106 * persistent file struct and associates it with the eCryptfs
110 * inode. When the eCryptfs inode is destroyed 107 * inode. When the eCryptfs inode is destroyed, the file is closed.
111 * 108 *
112 * The persistent file will be opened with rea 109 * The persistent file will be opened with read/write permissions, if
113 * possible. Otherwise, it is opened read-only 110 * possible. Otherwise, it is opened read-only.
114 * 111 *
115 * This function does nothing if a lower persi 112 * This function does nothing if a lower persistent file is already
116 * associated with the eCryptfs inode. 113 * associated with the eCryptfs inode.
117 * 114 *
118 * Returns zero on success; non-zero otherwise 115 * Returns zero on success; non-zero otherwise
119 */ 116 */
120 static int ecryptfs_init_persistent_file(struc !! 117 int ecryptfs_init_persistent_file(struct dentry *ecryptfs_dentry)
121 { 118 {
>> 119 const struct cred *cred = current_cred();
122 struct ecryptfs_inode_info *inode_info 120 struct ecryptfs_inode_info *inode_info =
123 ecryptfs_inode_to_private(ecry 121 ecryptfs_inode_to_private(ecryptfs_dentry->d_inode);
>> 122 int opened_lower_file = 0;
124 int rc = 0; 123 int rc = 0;
125 124
126 mutex_lock(&inode_info->lower_file_mut 125 mutex_lock(&inode_info->lower_file_mutex);
127 if (!inode_info->lower_file) { 126 if (!inode_info->lower_file) {
128 struct dentry *lower_dentry; 127 struct dentry *lower_dentry;
129 struct vfsmount *lower_mnt = 128 struct vfsmount *lower_mnt =
130 ecryptfs_dentry_to_low 129 ecryptfs_dentry_to_lower_mnt(ecryptfs_dentry);
131 130
132 lower_dentry = ecryptfs_dentry 131 lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry);
133 /* Corresponding dput() and mn !! 132 rc = ecryptfs_privileged_open(&inode_info->lower_file,
134 * persistent file is fput() w !! 133 lower_dentry, lower_mnt, cred);
135 * is destroyed. */ !! 134 if (rc) {
136 dget(lower_dentry); <<
137 mntget(lower_mnt); <<
138 inode_info->lower_file = dentr <<
139 <<
140 <<
141 if (IS_ERR(inode_info->lower_f <<
142 dget(lower_dentry); <<
143 mntget(lower_mnt); <<
144 inode_info->lower_file <<
145 <<
146 <<
147 <<
148 } <<
149 if (IS_ERR(inode_info->lower_f <<
150 printk(KERN_ERR "Error 135 printk(KERN_ERR "Error opening lower persistent file "
151 "for lower_dent !! 136 "for lower_dentry [0x%p] and lower_mnt [0x%p]; "
152 lower_dentry, l !! 137 "rc = [%d]\n", lower_dentry, lower_mnt, rc);
153 rc = PTR_ERR(inode_inf <<
154 inode_info->lower_file 138 inode_info->lower_file = NULL;
155 } !! 139 } else
>> 140 opened_lower_file = 1;
156 } 141 }
157 mutex_unlock(&inode_info->lower_file_m 142 mutex_unlock(&inode_info->lower_file_mutex);
>> 143 if (opened_lower_file)
>> 144 ima_counts_get(inode_info->lower_file);
158 return rc; 145 return rc;
159 } 146 }
160 147
161 /** 148 /**
162 * ecryptfs_interpose 149 * ecryptfs_interpose
163 * @lower_dentry: Existing dentry in the lower 150 * @lower_dentry: Existing dentry in the lower filesystem
164 * @dentry: ecryptfs' dentry 151 * @dentry: ecryptfs' dentry
165 * @sb: ecryptfs's super_block 152 * @sb: ecryptfs's super_block
166 * @flag: If set to true, then d_add is called !! 153 * @flags: flags to govern behavior of interpose procedure
167 * 154 *
168 * Interposes upper and lower dentries. 155 * Interposes upper and lower dentries.
169 * 156 *
170 * Returns zero on success; non-zero otherwise 157 * Returns zero on success; non-zero otherwise
171 */ 158 */
172 int ecryptfs_interpose(struct dentry *lower_de 159 int ecryptfs_interpose(struct dentry *lower_dentry, struct dentry *dentry,
173 struct super_block *sb, !! 160 struct super_block *sb, u32 flags)
174 { 161 {
175 struct inode *lower_inode; 162 struct inode *lower_inode;
176 struct inode *inode; 163 struct inode *inode;
177 int rc = 0; 164 int rc = 0;
178 165
179 lower_inode = lower_dentry->d_inode; 166 lower_inode = lower_dentry->d_inode;
180 if (lower_inode->i_sb != ecryptfs_supe 167 if (lower_inode->i_sb != ecryptfs_superblock_to_lower(sb)) {
181 rc = -EXDEV; 168 rc = -EXDEV;
182 goto out; 169 goto out;
183 } 170 }
184 if (!igrab(lower_inode)) { 171 if (!igrab(lower_inode)) {
185 rc = -ESTALE; 172 rc = -ESTALE;
186 goto out; 173 goto out;
187 } 174 }
188 inode = iget5_locked(sb, (unsigned lon 175 inode = iget5_locked(sb, (unsigned long)lower_inode,
189 ecryptfs_inode_te 176 ecryptfs_inode_test, ecryptfs_inode_set,
190 lower_inode); 177 lower_inode);
191 if (!inode) { 178 if (!inode) {
192 rc = -EACCES; 179 rc = -EACCES;
193 iput(lower_inode); 180 iput(lower_inode);
194 goto out; 181 goto out;
195 } 182 }
196 if (inode->i_state & I_NEW) 183 if (inode->i_state & I_NEW)
197 unlock_new_inode(inode); 184 unlock_new_inode(inode);
198 else 185 else
199 iput(lower_inode); 186 iput(lower_inode);
200 if (S_ISLNK(lower_inode->i_mode)) 187 if (S_ISLNK(lower_inode->i_mode))
201 inode->i_op = &ecryptfs_symlin 188 inode->i_op = &ecryptfs_symlink_iops;
202 else if (S_ISDIR(lower_inode->i_mode)) 189 else if (S_ISDIR(lower_inode->i_mode))
203 inode->i_op = &ecryptfs_dir_io 190 inode->i_op = &ecryptfs_dir_iops;
204 if (S_ISDIR(lower_inode->i_mode)) 191 if (S_ISDIR(lower_inode->i_mode))
205 inode->i_fop = &ecryptfs_dir_f 192 inode->i_fop = &ecryptfs_dir_fops;
206 if (special_file(lower_inode->i_mode)) 193 if (special_file(lower_inode->i_mode))
207 init_special_inode(inode, lowe 194 init_special_inode(inode, lower_inode->i_mode,
208 lower_inode 195 lower_inode->i_rdev);
209 dentry->d_op = &ecryptfs_dops; 196 dentry->d_op = &ecryptfs_dops;
210 if (flag) <<
211 d_add(dentry, inode); <<
212 else <<
213 d_instantiate(dentry, inode); <<
214 fsstack_copy_attr_all(inode, lower_ino 197 fsstack_copy_attr_all(inode, lower_inode, NULL);
215 /* This size will be overwritten for r 198 /* This size will be overwritten for real files w/ headers and
216 * other metadata */ 199 * other metadata */
217 fsstack_copy_inode_size(inode, lower_i 200 fsstack_copy_inode_size(inode, lower_inode);
218 rc = ecryptfs_init_persistent_file(den !! 201 if (flags & ECRYPTFS_INTERPOSE_FLAG_D_ADD)
219 if (rc) { !! 202 d_add(dentry, inode);
220 printk(KERN_ERR "%s: Error att !! 203 else
221 "persistent file for th !! 204 d_instantiate(dentry, inode);
222 "rc = [%d]\n", __FUNCTI <<
223 goto out; <<
224 } <<
225 out: 205 out:
226 return rc; 206 return rc;
227 } 207 }
228 208
229 enum { ecryptfs_opt_sig, ecryptfs_opt_ecryptfs 209 enum { ecryptfs_opt_sig, ecryptfs_opt_ecryptfs_sig,
230 ecryptfs_opt_cipher, ecryptfs_opt_ecryp 210 ecryptfs_opt_cipher, ecryptfs_opt_ecryptfs_cipher,
231 ecryptfs_opt_ecryptfs_key_bytes, 211 ecryptfs_opt_ecryptfs_key_bytes,
232 ecryptfs_opt_passthrough, ecryptfs_opt_ 212 ecryptfs_opt_passthrough, ecryptfs_opt_xattr_metadata,
233 ecryptfs_opt_encrypted_view, ecryptfs_o !! 213 ecryptfs_opt_encrypted_view, ecryptfs_opt_fnek_sig,
>> 214 ecryptfs_opt_fn_cipher, ecryptfs_opt_fn_cipher_key_bytes,
>> 215 ecryptfs_opt_unlink_sigs, ecryptfs_opt_err };
234 216
235 static match_table_t tokens = { !! 217 static const match_table_t tokens = {
236 {ecryptfs_opt_sig, "sig=%s"}, 218 {ecryptfs_opt_sig, "sig=%s"},
237 {ecryptfs_opt_ecryptfs_sig, "ecryptfs_ 219 {ecryptfs_opt_ecryptfs_sig, "ecryptfs_sig=%s"},
238 {ecryptfs_opt_cipher, "cipher=%s"}, 220 {ecryptfs_opt_cipher, "cipher=%s"},
239 {ecryptfs_opt_ecryptfs_cipher, "ecrypt 221 {ecryptfs_opt_ecryptfs_cipher, "ecryptfs_cipher=%s"},
240 {ecryptfs_opt_ecryptfs_key_bytes, "ecr 222 {ecryptfs_opt_ecryptfs_key_bytes, "ecryptfs_key_bytes=%u"},
241 {ecryptfs_opt_passthrough, "ecryptfs_p 223 {ecryptfs_opt_passthrough, "ecryptfs_passthrough"},
242 {ecryptfs_opt_xattr_metadata, "ecryptf 224 {ecryptfs_opt_xattr_metadata, "ecryptfs_xattr_metadata"},
243 {ecryptfs_opt_encrypted_view, "ecryptf 225 {ecryptfs_opt_encrypted_view, "ecryptfs_encrypted_view"},
>> 226 {ecryptfs_opt_fnek_sig, "ecryptfs_fnek_sig=%s"},
>> 227 {ecryptfs_opt_fn_cipher, "ecryptfs_fn_cipher=%s"},
>> 228 {ecryptfs_opt_fn_cipher_key_bytes, "ecryptfs_fn_key_bytes=%u"},
>> 229 {ecryptfs_opt_unlink_sigs, "ecryptfs_unlink_sigs"},
244 {ecryptfs_opt_err, NULL} 230 {ecryptfs_opt_err, NULL}
245 }; 231 };
246 232
247 static int ecryptfs_init_global_auth_toks( 233 static int ecryptfs_init_global_auth_toks(
248 struct ecryptfs_mount_crypt_stat *moun 234 struct ecryptfs_mount_crypt_stat *mount_crypt_stat)
249 { 235 {
250 struct ecryptfs_global_auth_tok *globa 236 struct ecryptfs_global_auth_tok *global_auth_tok;
251 int rc = 0; 237 int rc = 0;
252 238
253 list_for_each_entry(global_auth_tok, 239 list_for_each_entry(global_auth_tok,
254 &mount_crypt_stat- 240 &mount_crypt_stat->global_auth_tok_list,
255 mount_crypt_stat_l 241 mount_crypt_stat_list) {
256 rc = ecryptfs_keyring_auth_tok 242 rc = ecryptfs_keyring_auth_tok_for_sig(
257 &global_auth_tok->glob 243 &global_auth_tok->global_auth_tok_key,
258 &global_auth_tok->glob 244 &global_auth_tok->global_auth_tok,
259 global_auth_tok->sig); 245 global_auth_tok->sig);
260 if (rc) { 246 if (rc) {
261 printk(KERN_ERR "Could 247 printk(KERN_ERR "Could not find valid key in user "
262 "session keyrin 248 "session keyring for sig specified in mount "
263 "option: [%s]\n 249 "option: [%s]\n", global_auth_tok->sig);
264 global_auth_tok->flags 250 global_auth_tok->flags |= ECRYPTFS_AUTH_TOK_INVALID;
265 rc = 0; !! 251 goto out;
266 } else 252 } else
267 global_auth_tok->flags 253 global_auth_tok->flags &= ~ECRYPTFS_AUTH_TOK_INVALID;
268 } 254 }
>> 255 out:
269 return rc; 256 return rc;
270 } 257 }
271 258
272 static void ecryptfs_init_mount_crypt_stat( 259 static void ecryptfs_init_mount_crypt_stat(
273 struct ecryptfs_mount_crypt_stat *moun 260 struct ecryptfs_mount_crypt_stat *mount_crypt_stat)
274 { 261 {
275 memset((void *)mount_crypt_stat, 0, 262 memset((void *)mount_crypt_stat, 0,
276 sizeof(struct ecryptfs_mount_cr 263 sizeof(struct ecryptfs_mount_crypt_stat));
277 INIT_LIST_HEAD(&mount_crypt_stat->glob 264 INIT_LIST_HEAD(&mount_crypt_stat->global_auth_tok_list);
278 mutex_init(&mount_crypt_stat->global_a 265 mutex_init(&mount_crypt_stat->global_auth_tok_list_mutex);
279 mount_crypt_stat->flags |= ECRYPTFS_MO 266 mount_crypt_stat->flags |= ECRYPTFS_MOUNT_CRYPT_STAT_INITIALIZED;
280 } 267 }
281 268
282 /** 269 /**
283 * ecryptfs_parse_options 270 * ecryptfs_parse_options
284 * @sb: The ecryptfs super block 271 * @sb: The ecryptfs super block
285 * @options: The options pased to the kernel 272 * @options: The options pased to the kernel
286 * 273 *
287 * Parse mount options: 274 * Parse mount options:
288 * debug=N - ecryptfs_verbosity level 275 * debug=N - ecryptfs_verbosity level for debug output
289 * sig=XXX - description(signature) of 276 * sig=XXX - description(signature) of the key to use
290 * 277 *
291 * Returns the dentry object of the lower-leve 278 * Returns the dentry object of the lower-level (lower/interposed)
292 * directory; We want to mount our stackable f 279 * directory; We want to mount our stackable file system on top of
293 * that lower directory. 280 * that lower directory.
294 * 281 *
295 * The signature of the key to use must be the 282 * The signature of the key to use must be the description of a key
296 * already in the keyring. Mounting will fail 283 * already in the keyring. Mounting will fail if the key can not be
297 * found. 284 * found.
298 * 285 *
299 * Returns zero on success; non-zero on error 286 * Returns zero on success; non-zero on error
300 */ 287 */
301 static int ecryptfs_parse_options(struct super 288 static int ecryptfs_parse_options(struct super_block *sb, char *options)
302 { 289 {
303 char *p; 290 char *p;
304 int rc = 0; 291 int rc = 0;
305 int sig_set = 0; 292 int sig_set = 0;
306 int cipher_name_set = 0; 293 int cipher_name_set = 0;
>> 294 int fn_cipher_name_set = 0;
307 int cipher_key_bytes; 295 int cipher_key_bytes;
308 int cipher_key_bytes_set = 0; 296 int cipher_key_bytes_set = 0;
>> 297 int fn_cipher_key_bytes;
>> 298 int fn_cipher_key_bytes_set = 0;
309 struct ecryptfs_mount_crypt_stat *moun 299 struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
310 &ecryptfs_superblock_to_privat 300 &ecryptfs_superblock_to_private(sb)->mount_crypt_stat;
311 substring_t args[MAX_OPT_ARGS]; 301 substring_t args[MAX_OPT_ARGS];
312 int token; 302 int token;
313 char *sig_src; 303 char *sig_src;
314 char *cipher_name_dst; 304 char *cipher_name_dst;
315 char *cipher_name_src; 305 char *cipher_name_src;
>> 306 char *fn_cipher_name_dst;
>> 307 char *fn_cipher_name_src;
>> 308 char *fnek_dst;
>> 309 char *fnek_src;
316 char *cipher_key_bytes_src; 310 char *cipher_key_bytes_src;
317 int cipher_name_len; !! 311 char *fn_cipher_key_bytes_src;
318 312
319 if (!options) { 313 if (!options) {
320 rc = -EINVAL; 314 rc = -EINVAL;
321 goto out; 315 goto out;
322 } 316 }
323 ecryptfs_init_mount_crypt_stat(mount_c 317 ecryptfs_init_mount_crypt_stat(mount_crypt_stat);
324 while ((p = strsep(&options, ",")) != 318 while ((p = strsep(&options, ",")) != NULL) {
325 if (!*p) 319 if (!*p)
326 continue; 320 continue;
327 token = match_token(p, tokens, 321 token = match_token(p, tokens, args);
328 switch (token) { 322 switch (token) {
329 case ecryptfs_opt_sig: 323 case ecryptfs_opt_sig:
330 case ecryptfs_opt_ecryptfs_sig 324 case ecryptfs_opt_ecryptfs_sig:
331 sig_src = args[0].from 325 sig_src = args[0].from;
332 rc = ecryptfs_add_glob 326 rc = ecryptfs_add_global_auth_tok(mount_crypt_stat,
333 !! 327 sig_src, 0);
334 if (rc) { 328 if (rc) {
335 printk(KERN_ER 329 printk(KERN_ERR "Error attempting to register "
336 "global 330 "global sig; rc = [%d]\n", rc);
337 goto out; 331 goto out;
338 } 332 }
339 sig_set = 1; 333 sig_set = 1;
340 break; 334 break;
341 case ecryptfs_opt_cipher: 335 case ecryptfs_opt_cipher:
342 case ecryptfs_opt_ecryptfs_cip 336 case ecryptfs_opt_ecryptfs_cipher:
343 cipher_name_src = args 337 cipher_name_src = args[0].from;
344 cipher_name_dst = 338 cipher_name_dst =
345 mount_crypt_st 339 mount_crypt_stat->
346 global_default 340 global_default_cipher_name;
347 strncpy(cipher_name_ds 341 strncpy(cipher_name_dst, cipher_name_src,
348 ECRYPTFS_MAX_C 342 ECRYPTFS_MAX_CIPHER_NAME_SIZE);
349 ecryptfs_printk(KERN_D !! 343 cipher_name_dst[ECRYPTFS_MAX_CIPHER_NAME_SIZE] = '\0';
350 "The m <<
351 "globa <<
352 "[%s]\ <<
353 cipher_name_set = 1; 344 cipher_name_set = 1;
354 break; 345 break;
355 case ecryptfs_opt_ecryptfs_key 346 case ecryptfs_opt_ecryptfs_key_bytes:
356 cipher_key_bytes_src = 347 cipher_key_bytes_src = args[0].from;
357 cipher_key_bytes = 348 cipher_key_bytes =
358 (int)simple_st 349 (int)simple_strtol(cipher_key_bytes_src,
359 350 &cipher_key_bytes_src, 0);
360 mount_crypt_stat->glob 351 mount_crypt_stat->global_default_cipher_key_size =
361 cipher_key_byt 352 cipher_key_bytes;
362 ecryptfs_printk(KERN_D <<
363 "The m <<
364 "globa <<
365 "set t <<
366 global <<
367 cipher_key_bytes_set = 353 cipher_key_bytes_set = 1;
368 break; 354 break;
369 case ecryptfs_opt_passthrough: 355 case ecryptfs_opt_passthrough:
370 mount_crypt_stat->flag 356 mount_crypt_stat->flags |=
371 ECRYPTFS_PLAIN 357 ECRYPTFS_PLAINTEXT_PASSTHROUGH_ENABLED;
372 break; 358 break;
373 case ecryptfs_opt_xattr_metada 359 case ecryptfs_opt_xattr_metadata:
374 mount_crypt_stat->flag 360 mount_crypt_stat->flags |=
375 ECRYPTFS_XATTR 361 ECRYPTFS_XATTR_METADATA_ENABLED;
376 break; 362 break;
377 case ecryptfs_opt_encrypted_vi 363 case ecryptfs_opt_encrypted_view:
378 mount_crypt_stat->flag 364 mount_crypt_stat->flags |=
379 ECRYPTFS_XATTR 365 ECRYPTFS_XATTR_METADATA_ENABLED;
380 mount_crypt_stat->flag 366 mount_crypt_stat->flags |=
381 ECRYPTFS_ENCRY 367 ECRYPTFS_ENCRYPTED_VIEW_ENABLED;
382 break; 368 break;
>> 369 case ecryptfs_opt_fnek_sig:
>> 370 fnek_src = args[0].from;
>> 371 fnek_dst =
>> 372 mount_crypt_stat->global_default_fnek_sig;
>> 373 strncpy(fnek_dst, fnek_src, ECRYPTFS_SIG_SIZE_HEX);
>> 374 mount_crypt_stat->global_default_fnek_sig[
>> 375 ECRYPTFS_SIG_SIZE_HEX] = '\0';
>> 376 rc = ecryptfs_add_global_auth_tok(
>> 377 mount_crypt_stat,
>> 378 mount_crypt_stat->global_default_fnek_sig,
>> 379 ECRYPTFS_AUTH_TOK_FNEK);
>> 380 if (rc) {
>> 381 printk(KERN_ERR "Error attempting to register "
>> 382 "global fnek sig [%s]; rc = [%d]\n",
>> 383 mount_crypt_stat->global_default_fnek_sig,
>> 384 rc);
>> 385 goto out;
>> 386 }
>> 387 mount_crypt_stat->flags |=
>> 388 (ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES
>> 389 | ECRYPTFS_GLOBAL_ENCFN_USE_MOUNT_FNEK);
>> 390 break;
>> 391 case ecryptfs_opt_fn_cipher:
>> 392 fn_cipher_name_src = args[0].from;
>> 393 fn_cipher_name_dst =
>> 394 mount_crypt_stat->global_default_fn_cipher_name;
>> 395 strncpy(fn_cipher_name_dst, fn_cipher_name_src,
>> 396 ECRYPTFS_MAX_CIPHER_NAME_SIZE);
>> 397 mount_crypt_stat->global_default_fn_cipher_name[
>> 398 ECRYPTFS_MAX_CIPHER_NAME_SIZE] = '\0';
>> 399 fn_cipher_name_set = 1;
>> 400 break;
>> 401 case ecryptfs_opt_fn_cipher_key_bytes:
>> 402 fn_cipher_key_bytes_src = args[0].from;
>> 403 fn_cipher_key_bytes =
>> 404 (int)simple_strtol(fn_cipher_key_bytes_src,
>> 405 &fn_cipher_key_bytes_src, 0);
>> 406 mount_crypt_stat->global_default_fn_cipher_key_bytes =
>> 407 fn_cipher_key_bytes;
>> 408 fn_cipher_key_bytes_set = 1;
>> 409 break;
>> 410 case ecryptfs_opt_unlink_sigs:
>> 411 mount_crypt_stat->flags |= ECRYPTFS_UNLINK_SIGS;
>> 412 break;
383 case ecryptfs_opt_err: 413 case ecryptfs_opt_err:
384 default: 414 default:
385 ecryptfs_printk(KERN_W !! 415 printk(KERN_WARNING
386 "eCryp !! 416 "%s: eCryptfs: unrecognized option [%s]\n",
387 p); !! 417 __func__, p);
388 } 418 }
389 } 419 }
390 if (!sig_set) { 420 if (!sig_set) {
391 rc = -EINVAL; 421 rc = -EINVAL;
392 ecryptfs_printk(KERN_ERR, "You 422 ecryptfs_printk(KERN_ERR, "You must supply at least one valid "
393 "auth tok sign 423 "auth tok signature as a mount "
394 "parameter; se 424 "parameter; see the eCryptfs README\n");
395 goto out; 425 goto out;
396 } 426 }
397 if (!cipher_name_set) { 427 if (!cipher_name_set) {
398 cipher_name_len = strlen(ECRYP !! 428 int cipher_name_len = strlen(ECRYPTFS_DEFAULT_CIPHER);
399 if (unlikely(cipher_name_len !! 429
400 >= ECRYPTFS_MAX_C !! 430 BUG_ON(cipher_name_len >= ECRYPTFS_MAX_CIPHER_NAME_SIZE);
401 rc = -EINVAL; !! 431 strcpy(mount_crypt_stat->global_default_cipher_name,
402 BUG(); !! 432 ECRYPTFS_DEFAULT_CIPHER);
403 goto out; !! 433 }
404 } !! 434 if ((mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES)
405 memcpy(mount_crypt_stat->globa !! 435 && !fn_cipher_name_set)
406 ECRYPTFS_DEFAULT_CIPHER !! 436 strcpy(mount_crypt_stat->global_default_fn_cipher_name,
407 mount_crypt_stat->global_defau !! 437 mount_crypt_stat->global_default_cipher_name);
408 = '\0'; !! 438 if (!cipher_key_bytes_set)
409 } <<
410 if (!cipher_key_bytes_set) { <<
411 mount_crypt_stat->global_defau 439 mount_crypt_stat->global_default_cipher_key_size = 0;
412 } !! 440 if ((mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES)
>> 441 && !fn_cipher_key_bytes_set)
>> 442 mount_crypt_stat->global_default_fn_cipher_key_bytes =
>> 443 mount_crypt_stat->global_default_cipher_key_size;
413 mutex_lock(&key_tfm_list_mutex); 444 mutex_lock(&key_tfm_list_mutex);
414 if (!ecryptfs_tfm_exists(mount_crypt_s 445 if (!ecryptfs_tfm_exists(mount_crypt_stat->global_default_cipher_name,
415 NULL)) !! 446 NULL)) {
416 rc = ecryptfs_add_new_key_tfm( 447 rc = ecryptfs_add_new_key_tfm(
417 NULL, mount_crypt_stat 448 NULL, mount_crypt_stat->global_default_cipher_name,
418 mount_crypt_stat->glob 449 mount_crypt_stat->global_default_cipher_key_size);
419 mutex_unlock(&key_tfm_list_mutex); !! 450 if (rc) {
420 if (rc) { !! 451 printk(KERN_ERR "Error attempting to initialize "
421 printk(KERN_ERR "Error attempt !! 452 "cipher with name = [%s] and key size = [%td]; "
422 "name = [%s] and key si !! 453 "rc = [%d]\n",
423 mount_crypt_stat->globa !! 454 mount_crypt_stat->global_default_cipher_name,
424 mount_crypt_stat->globa !! 455 mount_crypt_stat->global_default_cipher_key_size,
425 rc = -EINVAL; !! 456 rc);
426 goto out; !! 457 rc = -EINVAL;
>> 458 mutex_unlock(&key_tfm_list_mutex);
>> 459 goto out;
>> 460 }
427 } 461 }
>> 462 if ((mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES)
>> 463 && !ecryptfs_tfm_exists(
>> 464 mount_crypt_stat->global_default_fn_cipher_name, NULL)) {
>> 465 rc = ecryptfs_add_new_key_tfm(
>> 466 NULL, mount_crypt_stat->global_default_fn_cipher_name,
>> 467 mount_crypt_stat->global_default_fn_cipher_key_bytes);
>> 468 if (rc) {
>> 469 printk(KERN_ERR "Error attempting to initialize "
>> 470 "cipher with name = [%s] and key size = [%td]; "
>> 471 "rc = [%d]\n",
>> 472 mount_crypt_stat->global_default_fn_cipher_name,
>> 473 mount_crypt_stat->global_default_fn_cipher_key_bytes,
>> 474 rc);
>> 475 rc = -EINVAL;
>> 476 mutex_unlock(&key_tfm_list_mutex);
>> 477 goto out;
>> 478 }
>> 479 }
>> 480 mutex_unlock(&key_tfm_list_mutex);
428 rc = ecryptfs_init_global_auth_toks(mo 481 rc = ecryptfs_init_global_auth_toks(mount_crypt_stat);
429 if (rc) { !! 482 if (rc)
430 printk(KERN_WARNING "One or mo 483 printk(KERN_WARNING "One or more global auth toks could not "
431 "properly register; rc 484 "properly register; rc = [%d]\n", rc);
432 } <<
433 rc = 0; <<
434 out: 485 out:
435 return rc; 486 return rc;
436 } 487 }
437 488
438 struct kmem_cache *ecryptfs_sb_info_cache; 489 struct kmem_cache *ecryptfs_sb_info_cache;
439 490
440 /** 491 /**
441 * ecryptfs_fill_super 492 * ecryptfs_fill_super
442 * @sb: The ecryptfs super block 493 * @sb: The ecryptfs super block
443 * @raw_data: The options passed to mount 494 * @raw_data: The options passed to mount
444 * @silent: Not used but required by function 495 * @silent: Not used but required by function prototype
445 * 496 *
446 * Sets up what we can of the sb, rest is done 497 * Sets up what we can of the sb, rest is done in ecryptfs_read_super
447 * 498 *
448 * Returns zero on success; non-zero otherwise 499 * Returns zero on success; non-zero otherwise
449 */ 500 */
450 static int 501 static int
451 ecryptfs_fill_super(struct super_block *sb, vo 502 ecryptfs_fill_super(struct super_block *sb, void *raw_data, int silent)
452 { 503 {
453 int rc = 0; 504 int rc = 0;
454 505
455 /* Released in ecryptfs_put_super() */ 506 /* Released in ecryptfs_put_super() */
456 ecryptfs_set_superblock_private(sb, 507 ecryptfs_set_superblock_private(sb,
457 kmem_c 508 kmem_cache_zalloc(ecryptfs_sb_info_cache,
458 509 GFP_KERNEL));
459 if (!ecryptfs_superblock_to_private(sb 510 if (!ecryptfs_superblock_to_private(sb)) {
460 ecryptfs_printk(KERN_WARNING, 511 ecryptfs_printk(KERN_WARNING, "Out of memory\n");
461 rc = -ENOMEM; 512 rc = -ENOMEM;
462 goto out; 513 goto out;
463 } 514 }
464 sb->s_op = &ecryptfs_sops; 515 sb->s_op = &ecryptfs_sops;
465 /* Released through deactivate_super(s 516 /* Released through deactivate_super(sb) from get_sb_nodev */
466 sb->s_root = d_alloc(NULL, &(const str 517 sb->s_root = d_alloc(NULL, &(const struct qstr) {
467 .hash = 0,.name = 518 .hash = 0,.name = "/",.len = 1});
468 if (!sb->s_root) { 519 if (!sb->s_root) {
469 ecryptfs_printk(KERN_ERR, "d_a 520 ecryptfs_printk(KERN_ERR, "d_alloc failed\n");
470 rc = -ENOMEM; 521 rc = -ENOMEM;
471 goto out; 522 goto out;
472 } 523 }
473 sb->s_root->d_op = &ecryptfs_dops; 524 sb->s_root->d_op = &ecryptfs_dops;
474 sb->s_root->d_sb = sb; 525 sb->s_root->d_sb = sb;
475 sb->s_root->d_parent = sb->s_root; 526 sb->s_root->d_parent = sb->s_root;
476 /* Released in d_release when dput(sb- 527 /* Released in d_release when dput(sb->s_root) is called */
477 /* through deactivate_super(sb) from g 528 /* through deactivate_super(sb) from get_sb_nodev() */
478 ecryptfs_set_dentry_private(sb->s_root 529 ecryptfs_set_dentry_private(sb->s_root,
479 kmem_cache 530 kmem_cache_zalloc(ecryptfs_dentry_info_cache,
480 531 GFP_KERNEL));
481 if (!ecryptfs_dentry_to_private(sb->s_ 532 if (!ecryptfs_dentry_to_private(sb->s_root)) {
482 ecryptfs_printk(KERN_ERR, 533 ecryptfs_printk(KERN_ERR,
483 "dentry_info_c 534 "dentry_info_cache alloc failed\n");
484 rc = -ENOMEM; 535 rc = -ENOMEM;
485 goto out; 536 goto out;
486 } 537 }
487 rc = 0; 538 rc = 0;
488 out: 539 out:
489 /* Should be able to rely on deactivat 540 /* Should be able to rely on deactivate_super called from
490 * get_sb_nodev */ 541 * get_sb_nodev */
491 return rc; 542 return rc;
492 } 543 }
493 544
494 /** 545 /**
495 * ecryptfs_read_super 546 * ecryptfs_read_super
496 * @sb: The ecryptfs super block 547 * @sb: The ecryptfs super block
497 * @dev_name: The path to mount over 548 * @dev_name: The path to mount over
498 * 549 *
499 * Read the super block of the lower filesyste 550 * Read the super block of the lower filesystem, and use
500 * ecryptfs_interpose to create our initial in 551 * ecryptfs_interpose to create our initial inode and super block
501 * struct. 552 * struct.
502 */ 553 */
503 static int ecryptfs_read_super(struct super_bl 554 static int ecryptfs_read_super(struct super_block *sb, const char *dev_name)
504 { 555 {
>> 556 struct path path;
505 int rc; 557 int rc;
506 struct nameidata nd; <<
507 struct dentry *lower_root; <<
508 struct vfsmount *lower_mnt; <<
509 558
510 memset(&nd, 0, sizeof(struct nameidata !! 559 rc = kern_path(dev_name, LOOKUP_FOLLOW | LOOKUP_DIRECTORY, &path);
511 rc = path_lookup(dev_name, LOOKUP_FOLL <<
512 if (rc) { 560 if (rc) {
513 ecryptfs_printk(KERN_WARNING, 561 ecryptfs_printk(KERN_WARNING, "path_lookup() failed\n");
514 goto out; 562 goto out;
515 } 563 }
516 lower_root = nd.path.dentry; !! 564 ecryptfs_set_superblock_lower(sb, path.dentry->d_sb);
517 lower_mnt = nd.path.mnt; !! 565 sb->s_maxbytes = path.dentry->d_sb->s_maxbytes;
518 ecryptfs_set_superblock_lower(sb, lowe !! 566 sb->s_blocksize = path.dentry->d_sb->s_blocksize;
519 sb->s_maxbytes = lower_root->d_sb->s_m !! 567 ecryptfs_set_dentry_lower(sb->s_root, path.dentry);
520 sb->s_blocksize = lower_root->d_sb->s_ !! 568 ecryptfs_set_dentry_lower_mnt(sb->s_root, path.mnt);
521 ecryptfs_set_dentry_lower(sb->s_root, !! 569 rc = ecryptfs_interpose(path.dentry, sb->s_root, sb, 0);
522 ecryptfs_set_dentry_lower_mnt(sb->s_ro <<
523 rc = ecryptfs_interpose(lower_root, sb <<
524 if (rc) 570 if (rc)
525 goto out_free; 571 goto out_free;
526 rc = 0; 572 rc = 0;
527 goto out; 573 goto out;
528 out_free: 574 out_free:
529 path_put(&nd.path); !! 575 path_put(&path);
530 out: 576 out:
531 return rc; 577 return rc;
532 } 578 }
533 579
534 /** 580 /**
535 * ecryptfs_get_sb 581 * ecryptfs_get_sb
536 * @fs_type 582 * @fs_type
537 * @flags 583 * @flags
538 * @dev_name: The path to mount over 584 * @dev_name: The path to mount over
539 * @raw_data: The options passed into the kern 585 * @raw_data: The options passed into the kernel
540 * 586 *
541 * The whole ecryptfs_get_sb process is broken 587 * The whole ecryptfs_get_sb process is broken into 4 functions:
542 * ecryptfs_parse_options(): handle options pa 588 * ecryptfs_parse_options(): handle options passed to ecryptfs, if any
543 * ecryptfs_fill_super(): used by get_sb_nodev 589 * ecryptfs_fill_super(): used by get_sb_nodev, fills out the super_block
544 * with as much informa 590 * with as much information as it can before needing
545 * the lower filesystem 591 * the lower filesystem.
546 * ecryptfs_read_super(): this accesses the lo 592 * ecryptfs_read_super(): this accesses the lower filesystem and uses
547 * ecryptfs_interpolate 593 * ecryptfs_interpolate to perform most of the linking
548 * ecryptfs_interpolate(): links the lower fil 594 * ecryptfs_interpolate(): links the lower filesystem into ecryptfs
549 */ 595 */
550 static int ecryptfs_get_sb(struct file_system_ 596 static int ecryptfs_get_sb(struct file_system_type *fs_type, int flags,
551 const char *dev_name, 597 const char *dev_name, void *raw_data,
552 struct vfsmount *mnt) 598 struct vfsmount *mnt)
553 { 599 {
554 int rc; 600 int rc;
555 struct super_block *sb; 601 struct super_block *sb;
556 602
557 rc = get_sb_nodev(fs_type, flags, raw_ 603 rc = get_sb_nodev(fs_type, flags, raw_data, ecryptfs_fill_super, mnt);
558 if (rc < 0) { 604 if (rc < 0) {
559 printk(KERN_ERR "Getting sb fa 605 printk(KERN_ERR "Getting sb failed; rc = [%d]\n", rc);
560 goto out; 606 goto out;
561 } 607 }
562 sb = mnt->mnt_sb; 608 sb = mnt->mnt_sb;
563 rc = ecryptfs_parse_options(sb, raw_da 609 rc = ecryptfs_parse_options(sb, raw_data);
564 if (rc) { 610 if (rc) {
565 printk(KERN_ERR "Error parsing 611 printk(KERN_ERR "Error parsing options; rc = [%d]\n", rc);
566 goto out_abort; 612 goto out_abort;
567 } 613 }
568 rc = ecryptfs_read_super(sb, dev_name) 614 rc = ecryptfs_read_super(sb, dev_name);
569 if (rc) { 615 if (rc) {
570 printk(KERN_ERR "Reading sb fa 616 printk(KERN_ERR "Reading sb failed; rc = [%d]\n", rc);
571 goto out_abort; 617 goto out_abort;
572 } 618 }
573 goto out; 619 goto out;
574 out_abort: 620 out_abort:
575 dput(sb->s_root); !! 621 dput(sb->s_root); /* aka mnt->mnt_root, as set by get_sb_nodev() */
576 up_write(&sb->s_umount); !! 622 deactivate_locked_super(sb);
577 deactivate_super(sb); <<
578 out: 623 out:
579 return rc; 624 return rc;
580 } 625 }
581 626
582 /** 627 /**
583 * ecryptfs_kill_block_super 628 * ecryptfs_kill_block_super
584 * @sb: The ecryptfs super block 629 * @sb: The ecryptfs super block
585 * 630 *
586 * Used to bring the superblock down and free 631 * Used to bring the superblock down and free the private data.
587 * Private data is free'd in ecryptfs_put_supe 632 * Private data is free'd in ecryptfs_put_super()
588 */ 633 */
589 static void ecryptfs_kill_block_super(struct s 634 static void ecryptfs_kill_block_super(struct super_block *sb)
590 { 635 {
591 generic_shutdown_super(sb); 636 generic_shutdown_super(sb);
592 } 637 }
593 638
594 static struct file_system_type ecryptfs_fs_typ 639 static struct file_system_type ecryptfs_fs_type = {
595 .owner = THIS_MODULE, 640 .owner = THIS_MODULE,
596 .name = "ecryptfs", 641 .name = "ecryptfs",
597 .get_sb = ecryptfs_get_sb, 642 .get_sb = ecryptfs_get_sb,
598 .kill_sb = ecryptfs_kill_block_super, 643 .kill_sb = ecryptfs_kill_block_super,
599 .fs_flags = 0 644 .fs_flags = 0
600 }; 645 };
601 646
602 /** 647 /**
603 * inode_info_init_once 648 * inode_info_init_once
604 * 649 *
605 * Initializes the ecryptfs_inode_info_cache w 650 * Initializes the ecryptfs_inode_info_cache when it is created
606 */ 651 */
607 static void 652 static void
608 inode_info_init_once(struct kmem_cache *cachep !! 653 inode_info_init_once(void *vptr)
609 { 654 {
610 struct ecryptfs_inode_info *ei = (stru 655 struct ecryptfs_inode_info *ei = (struct ecryptfs_inode_info *)vptr;
611 656
612 inode_init_once(&ei->vfs_inode); 657 inode_init_once(&ei->vfs_inode);
613 } 658 }
614 659
615 static struct ecryptfs_cache_info { 660 static struct ecryptfs_cache_info {
616 struct kmem_cache **cache; 661 struct kmem_cache **cache;
617 const char *name; 662 const char *name;
618 size_t size; 663 size_t size;
619 void (*ctor)(struct kmem_cache *cache, !! 664 void (*ctor)(void *obj);
620 } ecryptfs_cache_infos[] = { 665 } ecryptfs_cache_infos[] = {
621 { 666 {
622 .cache = &ecryptfs_auth_tok_li 667 .cache = &ecryptfs_auth_tok_list_item_cache,
623 .name = "ecryptfs_auth_tok_lis 668 .name = "ecryptfs_auth_tok_list_item",
624 .size = sizeof(struct ecryptfs 669 .size = sizeof(struct ecryptfs_auth_tok_list_item),
625 }, 670 },
626 { 671 {
627 .cache = &ecryptfs_file_info_c 672 .cache = &ecryptfs_file_info_cache,
628 .name = "ecryptfs_file_cache", 673 .name = "ecryptfs_file_cache",
629 .size = sizeof(struct ecryptfs 674 .size = sizeof(struct ecryptfs_file_info),
630 }, 675 },
631 { 676 {
632 .cache = &ecryptfs_dentry_info 677 .cache = &ecryptfs_dentry_info_cache,
633 .name = "ecryptfs_dentry_info_ 678 .name = "ecryptfs_dentry_info_cache",
634 .size = sizeof(struct ecryptfs 679 .size = sizeof(struct ecryptfs_dentry_info),
635 }, 680 },
636 { 681 {
637 .cache = &ecryptfs_inode_info_ 682 .cache = &ecryptfs_inode_info_cache,
638 .name = "ecryptfs_inode_cache" 683 .name = "ecryptfs_inode_cache",
639 .size = sizeof(struct ecryptfs 684 .size = sizeof(struct ecryptfs_inode_info),
640 .ctor = inode_info_init_once, 685 .ctor = inode_info_init_once,
641 }, 686 },
642 { 687 {
643 .cache = &ecryptfs_sb_info_cac 688 .cache = &ecryptfs_sb_info_cache,
644 .name = "ecryptfs_sb_cache", 689 .name = "ecryptfs_sb_cache",
645 .size = sizeof(struct ecryptfs 690 .size = sizeof(struct ecryptfs_sb_info),
646 }, 691 },
647 { 692 {
648 .cache = &ecryptfs_header_cach 693 .cache = &ecryptfs_header_cache_1,
649 .name = "ecryptfs_headers_1", 694 .name = "ecryptfs_headers_1",
650 .size = PAGE_CACHE_SIZE, 695 .size = PAGE_CACHE_SIZE,
651 }, 696 },
652 { 697 {
653 .cache = &ecryptfs_header_cach 698 .cache = &ecryptfs_header_cache_2,
654 .name = "ecryptfs_headers_2", 699 .name = "ecryptfs_headers_2",
655 .size = PAGE_CACHE_SIZE, 700 .size = PAGE_CACHE_SIZE,
656 }, 701 },
657 { 702 {
658 .cache = &ecryptfs_xattr_cache 703 .cache = &ecryptfs_xattr_cache,
659 .name = "ecryptfs_xattr_cache" 704 .name = "ecryptfs_xattr_cache",
660 .size = PAGE_CACHE_SIZE, 705 .size = PAGE_CACHE_SIZE,
661 }, 706 },
662 { 707 {
663 .cache = &ecryptfs_key_record_ 708 .cache = &ecryptfs_key_record_cache,
664 .name = "ecryptfs_key_record_c 709 .name = "ecryptfs_key_record_cache",
665 .size = sizeof(struct ecryptfs 710 .size = sizeof(struct ecryptfs_key_record),
666 }, 711 },
667 { 712 {
668 .cache = &ecryptfs_key_sig_cac 713 .cache = &ecryptfs_key_sig_cache,
669 .name = "ecryptfs_key_sig_cach 714 .name = "ecryptfs_key_sig_cache",
670 .size = sizeof(struct ecryptfs 715 .size = sizeof(struct ecryptfs_key_sig),
671 }, 716 },
672 { 717 {
673 .cache = &ecryptfs_global_auth 718 .cache = &ecryptfs_global_auth_tok_cache,
674 .name = "ecryptfs_global_auth_ 719 .name = "ecryptfs_global_auth_tok_cache",
675 .size = sizeof(struct ecryptfs 720 .size = sizeof(struct ecryptfs_global_auth_tok),
676 }, 721 },
677 { 722 {
678 .cache = &ecryptfs_key_tfm_cac 723 .cache = &ecryptfs_key_tfm_cache,
679 .name = "ecryptfs_key_tfm_cach 724 .name = "ecryptfs_key_tfm_cache",
680 .size = sizeof(struct ecryptfs 725 .size = sizeof(struct ecryptfs_key_tfm),
681 }, 726 },
>> 727 {
>> 728 .cache = &ecryptfs_open_req_cache,
>> 729 .name = "ecryptfs_open_req_cache",
>> 730 .size = sizeof(struct ecryptfs_open_req),
>> 731 },
682 }; 732 };
683 733
684 static void ecryptfs_free_kmem_caches(void) 734 static void ecryptfs_free_kmem_caches(void)
685 { 735 {
686 int i; 736 int i;
687 737
688 for (i = 0; i < ARRAY_SIZE(ecryptfs_ca 738 for (i = 0; i < ARRAY_SIZE(ecryptfs_cache_infos); i++) {
689 struct ecryptfs_cache_info *in 739 struct ecryptfs_cache_info *info;
690 740
691 info = &ecryptfs_cache_infos[i 741 info = &ecryptfs_cache_infos[i];
692 if (*(info->cache)) 742 if (*(info->cache))
693 kmem_cache_destroy(*(i 743 kmem_cache_destroy(*(info->cache));
694 } 744 }
695 } 745 }
696 746
697 /** 747 /**
698 * ecryptfs_init_kmem_caches 748 * ecryptfs_init_kmem_caches
699 * 749 *
700 * Returns zero on success; non-zero otherwise 750 * Returns zero on success; non-zero otherwise
701 */ 751 */
702 static int ecryptfs_init_kmem_caches(void) 752 static int ecryptfs_init_kmem_caches(void)
703 { 753 {
704 int i; 754 int i;
705 755
706 for (i = 0; i < ARRAY_SIZE(ecryptfs_ca 756 for (i = 0; i < ARRAY_SIZE(ecryptfs_cache_infos); i++) {
707 struct ecryptfs_cache_info *in 757 struct ecryptfs_cache_info *info;
708 758
709 info = &ecryptfs_cache_infos[i 759 info = &ecryptfs_cache_infos[i];
710 *(info->cache) = kmem_cache_cr 760 *(info->cache) = kmem_cache_create(info->name, info->size,
711 0, SLAB_HWCACH 761 0, SLAB_HWCACHE_ALIGN, info->ctor);
712 if (!*(info->cache)) { 762 if (!*(info->cache)) {
713 ecryptfs_free_kmem_cac 763 ecryptfs_free_kmem_caches();
714 ecryptfs_printk(KERN_W 764 ecryptfs_printk(KERN_WARNING, "%s: "
715 "kmem_ 765 "kmem_cache_create failed\n",
716 info-> 766 info->name);
717 return -ENOMEM; 767 return -ENOMEM;
718 } 768 }
719 } 769 }
720 return 0; 770 return 0;
721 } 771 }
722 772
723 static struct kobject *ecryptfs_kobj; 773 static struct kobject *ecryptfs_kobj;
724 774
725 static ssize_t version_show(struct kobject *ko 775 static ssize_t version_show(struct kobject *kobj,
726 struct kobj_attrib 776 struct kobj_attribute *attr, char *buff)
727 { 777 {
728 return snprintf(buff, PAGE_SIZE, "%d\n 778 return snprintf(buff, PAGE_SIZE, "%d\n", ECRYPTFS_VERSIONING_MASK);
729 } 779 }
730 780
731 static struct kobj_attribute version_attr = __ 781 static struct kobj_attribute version_attr = __ATTR_RO(version);
732 782
733 static struct attribute *attributes[] = { 783 static struct attribute *attributes[] = {
734 &version_attr.attr, 784 &version_attr.attr,
735 NULL, 785 NULL,
736 }; 786 };
737 787
738 static struct attribute_group attr_group = { 788 static struct attribute_group attr_group = {
739 .attrs = attributes, 789 .attrs = attributes,
740 }; 790 };
741 791
742 static int do_sysfs_registration(void) 792 static int do_sysfs_registration(void)
743 { 793 {
744 int rc; 794 int rc;
745 795
746 ecryptfs_kobj = kobject_create_and_add 796 ecryptfs_kobj = kobject_create_and_add("ecryptfs", fs_kobj);
747 if (!ecryptfs_kobj) { 797 if (!ecryptfs_kobj) {
748 printk(KERN_ERR "Unable to cre 798 printk(KERN_ERR "Unable to create ecryptfs kset\n");
749 rc = -ENOMEM; 799 rc = -ENOMEM;
750 goto out; 800 goto out;
751 } 801 }
752 rc = sysfs_create_group(ecryptfs_kobj, 802 rc = sysfs_create_group(ecryptfs_kobj, &attr_group);
753 if (rc) { 803 if (rc) {
754 printk(KERN_ERR 804 printk(KERN_ERR
755 "Unable to create ecryp 805 "Unable to create ecryptfs version attributes\n");
756 kobject_put(ecryptfs_kobj); 806 kobject_put(ecryptfs_kobj);
757 } 807 }
758 out: 808 out:
759 return rc; 809 return rc;
760 } 810 }
761 811
762 static void do_sysfs_unregistration(void) 812 static void do_sysfs_unregistration(void)
763 { 813 {
764 sysfs_remove_group(ecryptfs_kobj, &att 814 sysfs_remove_group(ecryptfs_kobj, &attr_group);
765 kobject_put(ecryptfs_kobj); 815 kobject_put(ecryptfs_kobj);
766 } 816 }
767 817
768 static int __init ecryptfs_init(void) 818 static int __init ecryptfs_init(void)
769 { 819 {
770 int rc; 820 int rc;
771 821
772 if (ECRYPTFS_DEFAULT_EXTENT_SIZE > PAG 822 if (ECRYPTFS_DEFAULT_EXTENT_SIZE > PAGE_CACHE_SIZE) {
773 rc = -EINVAL; 823 rc = -EINVAL;
774 ecryptfs_printk(KERN_ERR, "The 824 ecryptfs_printk(KERN_ERR, "The eCryptfs extent size is "
775 "larger than t 825 "larger than the host's page size, and so "
776 "eCryptfs cann 826 "eCryptfs cannot run on this system. The "
777 "default eCryp 827 "default eCryptfs extent size is [%d] bytes; "
778 "the page size 828 "the page size is [%d] bytes.\n",
779 ECRYPTFS_DEFAU 829 ECRYPTFS_DEFAULT_EXTENT_SIZE, PAGE_CACHE_SIZE);
780 goto out; 830 goto out;
781 } 831 }
782 rc = ecryptfs_init_kmem_caches(); 832 rc = ecryptfs_init_kmem_caches();
783 if (rc) { 833 if (rc) {
784 printk(KERN_ERR 834 printk(KERN_ERR
785 "Failed to allocate one 835 "Failed to allocate one or more kmem_cache objects\n");
786 goto out; 836 goto out;
787 } 837 }
788 rc = register_filesystem(&ecryptfs_fs_ 838 rc = register_filesystem(&ecryptfs_fs_type);
789 if (rc) { 839 if (rc) {
790 printk(KERN_ERR "Failed to reg 840 printk(KERN_ERR "Failed to register filesystem\n");
791 goto out_free_kmem_caches; 841 goto out_free_kmem_caches;
792 } 842 }
793 rc = do_sysfs_registration(); 843 rc = do_sysfs_registration();
794 if (rc) { 844 if (rc) {
795 printk(KERN_ERR "sysfs registr 845 printk(KERN_ERR "sysfs registration failed\n");
796 goto out_unregister_filesystem 846 goto out_unregister_filesystem;
797 } 847 }
798 rc = ecryptfs_init_messaging(ecryptfs_ !! 848 rc = ecryptfs_init_kthread();
799 if (rc) { 849 if (rc) {
800 ecryptfs_printk(KERN_ERR, "Fai !! 850 printk(KERN_ERR "%s: kthread initialization failed; "
801 "initialize th !! 851 "rc = [%d]\n", __func__, rc);
802 goto out_do_sysfs_unregistrati 852 goto out_do_sysfs_unregistration;
803 } 853 }
>> 854 rc = ecryptfs_init_messaging();
>> 855 if (rc) {
>> 856 printk(KERN_ERR "Failure occured while attempting to "
>> 857 "initialize the communications channel to "
>> 858 "ecryptfsd\n");
>> 859 goto out_destroy_kthread;
>> 860 }
804 rc = ecryptfs_init_crypto(); 861 rc = ecryptfs_init_crypto();
805 if (rc) { 862 if (rc) {
806 printk(KERN_ERR "Failure whils 863 printk(KERN_ERR "Failure whilst attempting to init crypto; "
807 "rc = [%d]\n", rc); 864 "rc = [%d]\n", rc);
808 goto out_release_messaging; 865 goto out_release_messaging;
809 } 866 }
810 if (ecryptfs_verbosity > 0) 867 if (ecryptfs_verbosity > 0)
811 printk(KERN_CRIT "eCryptfs ver 868 printk(KERN_CRIT "eCryptfs verbosity set to %d. Secret values "
812 "will be written to th 869 "will be written to the syslog!\n", ecryptfs_verbosity);
813 870
814 goto out; 871 goto out;
815 out_release_messaging: 872 out_release_messaging:
816 ecryptfs_release_messaging(ecryptfs_tr !! 873 ecryptfs_release_messaging();
>> 874 out_destroy_kthread:
>> 875 ecryptfs_destroy_kthread();
817 out_do_sysfs_unregistration: 876 out_do_sysfs_unregistration:
818 do_sysfs_unregistration(); 877 do_sysfs_unregistration();
819 out_unregister_filesystem: 878 out_unregister_filesystem:
820 unregister_filesystem(&ecryptfs_fs_typ 879 unregister_filesystem(&ecryptfs_fs_type);
821 out_free_kmem_caches: 880 out_free_kmem_caches:
822 ecryptfs_free_kmem_caches(); 881 ecryptfs_free_kmem_caches();
823 out: 882 out:
824 return rc; 883 return rc;
825 } 884 }
826 885
827 static void __exit ecryptfs_exit(void) 886 static void __exit ecryptfs_exit(void)
828 { 887 {
829 int rc; 888 int rc;
830 889
831 rc = ecryptfs_destroy_crypto(); 890 rc = ecryptfs_destroy_crypto();
832 if (rc) 891 if (rc)
833 printk(KERN_ERR "Failure whils 892 printk(KERN_ERR "Failure whilst attempting to destroy crypto; "
834 "rc = [%d]\n", rc); 893 "rc = [%d]\n", rc);
835 ecryptfs_release_messaging(ecryptfs_tr !! 894 ecryptfs_release_messaging();
>> 895 ecryptfs_destroy_kthread();
836 do_sysfs_unregistration(); 896 do_sysfs_unregistration();
837 unregister_filesystem(&ecryptfs_fs_typ 897 unregister_filesystem(&ecryptfs_fs_type);
838 ecryptfs_free_kmem_caches(); 898 ecryptfs_free_kmem_caches();
839 } 899 }
840 900
841 MODULE_AUTHOR("Michael A. Halcrow <mhalcrow@us 901 MODULE_AUTHOR("Michael A. Halcrow <mhalcrow@us.ibm.com>");
842 MODULE_DESCRIPTION("eCryptfs"); 902 MODULE_DESCRIPTION("eCryptfs");
843 903
844 MODULE_LICENSE("GPL"); 904 MODULE_LICENSE("GPL");
845 905
846 module_init(ecryptfs_init) 906 module_init(ecryptfs_init)
847 module_exit(ecryptfs_exit) 907 module_exit(ecryptfs_exit)
848 908
|
This page was automatically generated by the
LXR engine.
|