Commit e2e091fd authored by Linus Torvalds's avatar Linus Torvalds

Merge tag 'ecryptfs-3.9-rc2-fixes' of...

Merge tag 'ecryptfs-3.9-rc2-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tyhicks/ecryptfs

Pull ecryptfs fixes from Tyler Hicks:
 "Minor code cleanups and new Kconfig option to disable /dev/ecryptfs

  The code cleanups fix up W=1 compiler warnings and some unnecessary
  checks.  The new Kconfig option, defaulting to N, allows the rarely
  used eCryptfs kernel to userspace communication channel to be compiled
  out.  This may be the first step in it being eventually removed."

Hmm.  I'm not sure whether these should be called "fixes", and it
probably should have gone in the merge window.  But I'll let it slide.

* tag 'ecryptfs-3.9-rc2-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tyhicks/ecryptfs:
  eCryptfs: allow userspace messaging to be disabled
  eCryptfs: Fix redundant error check on ecryptfs_find_daemon_by_euid()
  ecryptfs: ecryptfs_msg_ctx_alloc_to_free(): remove kfree() redundant null check
  eCryptfs: decrypt_pki_encrypted_session_key(): remove kfree() redundant null check
  eCryptfs: remove unneeded checks in virt_to_scatterlist()
  eCryptfs: Fix -Wmissing-prototypes warnings
  eCryptfs: Fix -Wunused-but-set-variable warnings
  eCryptfs: initialize payload_len in keystore.c
parents cd66acb4 290502be
...@@ -12,3 +12,11 @@ config ECRYPT_FS ...@@ -12,3 +12,11 @@ config ECRYPT_FS
To compile this file system support as a module, choose M here: the To compile this file system support as a module, choose M here: the
module will be called ecryptfs. module will be called ecryptfs.
config ECRYPT_FS_MESSAGING
bool "Enable notifications for userspace key wrap/unwrap"
depends on ECRYPT_FS
help
Enables the /dev/ecryptfs entry for use by ecryptfsd. This allows
for userspace to wrap/unwrap file encryption keys by other
backends, like OpenSSL.
# #
# Makefile for the Linux 2.6 eCryptfs # Makefile for the Linux eCryptfs
# #
obj-$(CONFIG_ECRYPT_FS) += ecryptfs.o obj-$(CONFIG_ECRYPT_FS) += ecryptfs.o
ecryptfs-objs := dentry.o file.o inode.o main.o super.o mmap.o read_write.o crypto.o keystore.o messaging.o miscdev.o kthread.o debug.o ecryptfs-y := dentry.o file.o inode.o main.o super.o mmap.o read_write.o \
crypto.o keystore.o kthread.o debug.o
ecryptfs-$(CONFIG_ECRYPT_FS_MESSAGING) += messaging.o miscdev.o
...@@ -301,16 +301,13 @@ int virt_to_scatterlist(const void *addr, int size, struct scatterlist *sg, ...@@ -301,16 +301,13 @@ int virt_to_scatterlist(const void *addr, int size, struct scatterlist *sg,
while (size > 0 && i < sg_size) { while (size > 0 && i < sg_size) {
pg = virt_to_page(addr); pg = virt_to_page(addr);
offset = offset_in_page(addr); offset = offset_in_page(addr);
if (sg)
sg_set_page(&sg[i], pg, 0, offset); sg_set_page(&sg[i], pg, 0, offset);
remainder_of_page = PAGE_CACHE_SIZE - offset; remainder_of_page = PAGE_CACHE_SIZE - offset;
if (size >= remainder_of_page) { if (size >= remainder_of_page) {
if (sg)
sg[i].length = remainder_of_page; sg[i].length = remainder_of_page;
addr += remainder_of_page; addr += remainder_of_page;
size -= remainder_of_page; size -= remainder_of_page;
} else { } else {
if (sg)
sg[i].length = size; sg[i].length = size;
addr += size; addr += size;
size = 0; size = 0;
......
...@@ -45,14 +45,12 @@ ...@@ -45,14 +45,12 @@
static int ecryptfs_d_revalidate(struct dentry *dentry, unsigned int flags) static int ecryptfs_d_revalidate(struct dentry *dentry, unsigned int flags)
{ {
struct dentry *lower_dentry; struct dentry *lower_dentry;
struct vfsmount *lower_mnt;
int rc = 1; int rc = 1;
if (flags & LOOKUP_RCU) if (flags & LOOKUP_RCU)
return -ECHILD; return -ECHILD;
lower_dentry = ecryptfs_dentry_to_lower(dentry); lower_dentry = ecryptfs_dentry_to_lower(dentry);
lower_mnt = ecryptfs_dentry_to_lower_mnt(dentry);
if (!lower_dentry->d_op || !lower_dentry->d_op->d_revalidate) if (!lower_dentry->d_op || !lower_dentry->d_op->d_revalidate)
goto out; goto out;
rc = lower_dentry->d_op->d_revalidate(lower_dentry, flags); rc = lower_dentry->d_op->d_revalidate(lower_dentry, flags);
......
...@@ -172,6 +172,19 @@ ecryptfs_get_key_payload_data(struct key *key) ...@@ -172,6 +172,19 @@ ecryptfs_get_key_payload_data(struct key *key)
#define ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE 24 #define ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE 24
#define ECRYPTFS_ENCRYPTED_DENTRY_NAME_LEN (18 + 1 + 4 + 1 + 32) #define ECRYPTFS_ENCRYPTED_DENTRY_NAME_LEN (18 + 1 + 4 + 1 + 32)
#ifdef CONFIG_ECRYPT_FS_MESSAGING
# define ECRYPTFS_VERSIONING_MASK_MESSAGING (ECRYPTFS_VERSIONING_DEVMISC \
| ECRYPTFS_VERSIONING_PUBKEY)
#else
# define ECRYPTFS_VERSIONING_MASK_MESSAGING 0
#endif
#define ECRYPTFS_VERSIONING_MASK (ECRYPTFS_VERSIONING_PASSPHRASE \
| ECRYPTFS_VERSIONING_PLAINTEXT_PASSTHROUGH \
| ECRYPTFS_VERSIONING_XATTR \
| ECRYPTFS_VERSIONING_MULTKEY \
| ECRYPTFS_VERSIONING_MASK_MESSAGING \
| ECRYPTFS_VERSIONING_FILENAME_ENCRYPTION)
struct ecryptfs_key_sig { struct ecryptfs_key_sig {
struct list_head crypt_stat_list; struct list_head crypt_stat_list;
char keysig[ECRYPTFS_SIG_SIZE_HEX + 1]; char keysig[ECRYPTFS_SIG_SIZE_HEX + 1];
...@@ -399,7 +412,9 @@ struct ecryptfs_daemon { ...@@ -399,7 +412,9 @@ struct ecryptfs_daemon {
struct hlist_node euid_chain; struct hlist_node euid_chain;
}; };
#ifdef CONFIG_ECRYPT_FS_MESSAGING
extern struct mutex ecryptfs_daemon_hash_mux; extern struct mutex ecryptfs_daemon_hash_mux;
#endif
static inline size_t static inline size_t
ecryptfs_lower_header_size(struct ecryptfs_crypt_stat *crypt_stat) ecryptfs_lower_header_size(struct ecryptfs_crypt_stat *crypt_stat)
...@@ -610,6 +625,7 @@ int ...@@ -610,6 +625,7 @@ int
ecryptfs_setxattr(struct dentry *dentry, const char *name, const void *value, ecryptfs_setxattr(struct dentry *dentry, const char *name, const void *value,
size_t size, int flags); size_t size, int flags);
int ecryptfs_read_xattr_region(char *page_virt, struct inode *ecryptfs_inode); int ecryptfs_read_xattr_region(char *page_virt, struct inode *ecryptfs_inode);
#ifdef CONFIG_ECRYPT_FS_MESSAGING
int ecryptfs_process_response(struct ecryptfs_daemon *daemon, int ecryptfs_process_response(struct ecryptfs_daemon *daemon,
struct ecryptfs_message *msg, u32 seq); struct ecryptfs_message *msg, u32 seq);
int ecryptfs_send_message(char *data, int data_len, int ecryptfs_send_message(char *data, int data_len,
...@@ -618,6 +634,24 @@ int ecryptfs_wait_for_response(struct ecryptfs_msg_ctx *msg_ctx, ...@@ -618,6 +634,24 @@ int ecryptfs_wait_for_response(struct ecryptfs_msg_ctx *msg_ctx,
struct ecryptfs_message **emsg); struct ecryptfs_message **emsg);
int ecryptfs_init_messaging(void); int ecryptfs_init_messaging(void);
void ecryptfs_release_messaging(void); void ecryptfs_release_messaging(void);
#else
static inline int ecryptfs_init_messaging(void)
{
return 0;
}
static inline void ecryptfs_release_messaging(void)
{ }
static inline int ecryptfs_send_message(char *data, int data_len,
struct ecryptfs_msg_ctx **msg_ctx)
{
return -ENOTCONN;
}
static inline int ecryptfs_wait_for_response(struct ecryptfs_msg_ctx *msg_ctx,
struct ecryptfs_message **emsg)
{
return -ENOMSG;
}
#endif
void void
ecryptfs_write_header_metadata(char *virt, ecryptfs_write_header_metadata(char *virt,
...@@ -655,12 +689,11 @@ int ecryptfs_read_lower_page_segment(struct page *page_for_ecryptfs, ...@@ -655,12 +689,11 @@ int ecryptfs_read_lower_page_segment(struct page *page_for_ecryptfs,
size_t offset_in_page, size_t size, size_t offset_in_page, size_t size,
struct inode *ecryptfs_inode); struct inode *ecryptfs_inode);
struct page *ecryptfs_get_locked_page(struct inode *inode, loff_t index); struct page *ecryptfs_get_locked_page(struct inode *inode, loff_t index);
int ecryptfs_exorcise_daemon(struct ecryptfs_daemon *daemon);
int ecryptfs_find_daemon_by_euid(struct ecryptfs_daemon **daemon);
int ecryptfs_parse_packet_length(unsigned char *data, size_t *size, int ecryptfs_parse_packet_length(unsigned char *data, size_t *size,
size_t *length_size); size_t *length_size);
int ecryptfs_write_packet_length(char *dest, size_t size, int ecryptfs_write_packet_length(char *dest, size_t size,
size_t *packet_size_length); size_t *packet_size_length);
#ifdef CONFIG_ECRYPT_FS_MESSAGING
int ecryptfs_init_ecryptfs_miscdev(void); int ecryptfs_init_ecryptfs_miscdev(void);
void ecryptfs_destroy_ecryptfs_miscdev(void); void ecryptfs_destroy_ecryptfs_miscdev(void);
int ecryptfs_send_miscdev(char *data, size_t data_size, int ecryptfs_send_miscdev(char *data, size_t data_size,
...@@ -669,6 +702,9 @@ int ecryptfs_send_miscdev(char *data, size_t data_size, ...@@ -669,6 +702,9 @@ int ecryptfs_send_miscdev(char *data, size_t data_size,
void ecryptfs_msg_ctx_alloc_to_free(struct ecryptfs_msg_ctx *msg_ctx); void ecryptfs_msg_ctx_alloc_to_free(struct ecryptfs_msg_ctx *msg_ctx);
int int
ecryptfs_spawn_daemon(struct ecryptfs_daemon **daemon, struct file *file); ecryptfs_spawn_daemon(struct ecryptfs_daemon **daemon, struct file *file);
int ecryptfs_exorcise_daemon(struct ecryptfs_daemon *daemon);
int ecryptfs_find_daemon_by_euid(struct ecryptfs_daemon **daemon);
#endif
int ecryptfs_init_kthread(void); int ecryptfs_init_kthread(void);
void ecryptfs_destroy_kthread(void); void ecryptfs_destroy_kthread(void);
int ecryptfs_privileged_open(struct file **lower_file, int ecryptfs_privileged_open(struct file **lower_file,
......
...@@ -199,7 +199,6 @@ static int ecryptfs_open(struct inode *inode, struct file *file) ...@@ -199,7 +199,6 @@ static int ecryptfs_open(struct inode *inode, struct file *file)
struct dentry *ecryptfs_dentry = file->f_path.dentry; struct dentry *ecryptfs_dentry = file->f_path.dentry;
/* Private value of ecryptfs_dentry allocated in /* Private value of ecryptfs_dentry allocated in
* ecryptfs_lookup() */ * ecryptfs_lookup() */
struct dentry *lower_dentry;
struct ecryptfs_file_info *file_info; struct ecryptfs_file_info *file_info;
mount_crypt_stat = &ecryptfs_superblock_to_private( mount_crypt_stat = &ecryptfs_superblock_to_private(
...@@ -222,7 +221,6 @@ static int ecryptfs_open(struct inode *inode, struct file *file) ...@@ -222,7 +221,6 @@ static int ecryptfs_open(struct inode *inode, struct file *file)
rc = -ENOMEM; rc = -ENOMEM;
goto out; goto out;
} }
lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry);
crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat; crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat;
mutex_lock(&crypt_stat->cs_mutex); mutex_lock(&crypt_stat->cs_mutex);
if (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED)) { if (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED)) {
......
...@@ -999,7 +999,7 @@ static int ecryptfs_setattr(struct dentry *dentry, struct iattr *ia) ...@@ -999,7 +999,7 @@ static int ecryptfs_setattr(struct dentry *dentry, struct iattr *ia)
return rc; return rc;
} }
int ecryptfs_getattr_link(struct vfsmount *mnt, struct dentry *dentry, static int ecryptfs_getattr_link(struct vfsmount *mnt, struct dentry *dentry,
struct kstat *stat) struct kstat *stat)
{ {
struct ecryptfs_mount_crypt_stat *mount_crypt_stat; struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
...@@ -1021,7 +1021,7 @@ int ecryptfs_getattr_link(struct vfsmount *mnt, struct dentry *dentry, ...@@ -1021,7 +1021,7 @@ int ecryptfs_getattr_link(struct vfsmount *mnt, struct dentry *dentry,
return rc; return rc;
} }
int ecryptfs_getattr(struct vfsmount *mnt, struct dentry *dentry, static int ecryptfs_getattr(struct vfsmount *mnt, struct dentry *dentry,
struct kstat *stat) struct kstat *stat)
{ {
struct kstat lower_stat; struct kstat lower_stat;
......
...@@ -1150,7 +1150,7 @@ decrypt_pki_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok, ...@@ -1150,7 +1150,7 @@ decrypt_pki_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
struct ecryptfs_message *msg = NULL; struct ecryptfs_message *msg = NULL;
char *auth_tok_sig; char *auth_tok_sig;
char *payload; char *payload;
size_t payload_len; size_t payload_len = 0;
int rc; int rc;
rc = ecryptfs_get_auth_tok_sig(&auth_tok_sig, auth_tok); rc = ecryptfs_get_auth_tok_sig(&auth_tok_sig, auth_tok);
...@@ -1168,7 +1168,7 @@ decrypt_pki_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok, ...@@ -1168,7 +1168,7 @@ decrypt_pki_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
rc = ecryptfs_send_message(payload, payload_len, &msg_ctx); rc = ecryptfs_send_message(payload, payload_len, &msg_ctx);
if (rc) { if (rc) {
ecryptfs_printk(KERN_ERR, "Error sending message to " ecryptfs_printk(KERN_ERR, "Error sending message to "
"ecryptfsd\n"); "ecryptfsd: %d\n", rc);
goto out; goto out;
} }
rc = ecryptfs_wait_for_response(msg_ctx, &msg); rc = ecryptfs_wait_for_response(msg_ctx, &msg);
...@@ -1202,7 +1202,6 @@ decrypt_pki_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok, ...@@ -1202,7 +1202,6 @@ decrypt_pki_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
crypt_stat->key_size); crypt_stat->key_size);
} }
out: out:
if (msg)
kfree(msg); kfree(msg);
return rc; return rc;
} }
...@@ -1989,7 +1988,7 @@ pki_encrypt_session_key(struct key *auth_tok_key, ...@@ -1989,7 +1988,7 @@ pki_encrypt_session_key(struct key *auth_tok_key,
rc = ecryptfs_send_message(payload, payload_len, &msg_ctx); rc = ecryptfs_send_message(payload, payload_len, &msg_ctx);
if (rc) { if (rc) {
ecryptfs_printk(KERN_ERR, "Error sending message to " ecryptfs_printk(KERN_ERR, "Error sending message to "
"ecryptfsd\n"); "ecryptfsd: %d\n", rc);
goto out; goto out;
} }
rc = ecryptfs_wait_for_response(msg_ctx, &msg); rc = ecryptfs_wait_for_response(msg_ctx, &msg);
......
...@@ -97,7 +97,6 @@ static void ecryptfs_msg_ctx_free_to_alloc(struct ecryptfs_msg_ctx *msg_ctx) ...@@ -97,7 +97,6 @@ static void ecryptfs_msg_ctx_free_to_alloc(struct ecryptfs_msg_ctx *msg_ctx)
void ecryptfs_msg_ctx_alloc_to_free(struct ecryptfs_msg_ctx *msg_ctx) void ecryptfs_msg_ctx_alloc_to_free(struct ecryptfs_msg_ctx *msg_ctx)
{ {
list_move(&(msg_ctx->node), &ecryptfs_msg_ctx_free_list); list_move(&(msg_ctx->node), &ecryptfs_msg_ctx_free_list);
if (msg_ctx->msg)
kfree(msg_ctx->msg); kfree(msg_ctx->msg);
msg_ctx->msg = NULL; msg_ctx->msg = NULL;
msg_ctx->state = ECRYPTFS_MSG_CTX_STATE_FREE; msg_ctx->state = ECRYPTFS_MSG_CTX_STATE_FREE;
...@@ -283,7 +282,7 @@ ecryptfs_send_message_locked(char *data, int data_len, u8 msg_type, ...@@ -283,7 +282,7 @@ ecryptfs_send_message_locked(char *data, int data_len, u8 msg_type,
int rc; int rc;
rc = ecryptfs_find_daemon_by_euid(&daemon); rc = ecryptfs_find_daemon_by_euid(&daemon);
if (rc || !daemon) { if (rc) {
rc = -ENOTCONN; rc = -ENOTCONN;
goto out; goto out;
} }
......
...@@ -6,9 +6,8 @@ ...@@ -6,9 +6,8 @@
#define ECRYPTFS_VERSION_MINOR 0x04 #define ECRYPTFS_VERSION_MINOR 0x04
#define ECRYPTFS_SUPPORTED_FILE_VERSION 0x03 #define ECRYPTFS_SUPPORTED_FILE_VERSION 0x03
/* These flags indicate which features are supported by the kernel /* These flags indicate which features are supported by the kernel
* module; userspace tools such as the mount helper read * module; userspace tools such as the mount helper read the feature
* ECRYPTFS_VERSIONING_MASK from a sysfs handle in order to determine * bits from a sysfs handle in order to determine how to behave. */
* how to behave. */
#define ECRYPTFS_VERSIONING_PASSPHRASE 0x00000001 #define ECRYPTFS_VERSIONING_PASSPHRASE 0x00000001
#define ECRYPTFS_VERSIONING_PUBKEY 0x00000002 #define ECRYPTFS_VERSIONING_PUBKEY 0x00000002
#define ECRYPTFS_VERSIONING_PLAINTEXT_PASSTHROUGH 0x00000004 #define ECRYPTFS_VERSIONING_PLAINTEXT_PASSTHROUGH 0x00000004
...@@ -19,13 +18,6 @@ ...@@ -19,13 +18,6 @@
#define ECRYPTFS_VERSIONING_HMAC 0x00000080 #define ECRYPTFS_VERSIONING_HMAC 0x00000080
#define ECRYPTFS_VERSIONING_FILENAME_ENCRYPTION 0x00000100 #define ECRYPTFS_VERSIONING_FILENAME_ENCRYPTION 0x00000100
#define ECRYPTFS_VERSIONING_GCM 0x00000200 #define ECRYPTFS_VERSIONING_GCM 0x00000200
#define ECRYPTFS_VERSIONING_MASK (ECRYPTFS_VERSIONING_PASSPHRASE \
| ECRYPTFS_VERSIONING_PLAINTEXT_PASSTHROUGH \
| ECRYPTFS_VERSIONING_PUBKEY \
| ECRYPTFS_VERSIONING_XATTR \
| ECRYPTFS_VERSIONING_MULTKEY \
| ECRYPTFS_VERSIONING_DEVMISC \
| ECRYPTFS_VERSIONING_FILENAME_ENCRYPTION)
#define ECRYPTFS_MAX_PASSWORD_LENGTH 64 #define ECRYPTFS_MAX_PASSWORD_LENGTH 64
#define ECRYPTFS_MAX_PASSPHRASE_BYTES ECRYPTFS_MAX_PASSWORD_LENGTH #define ECRYPTFS_MAX_PASSPHRASE_BYTES ECRYPTFS_MAX_PASSWORD_LENGTH
#define ECRYPTFS_SALT_SIZE 8 #define ECRYPTFS_SALT_SIZE 8
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment