Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ecryptfs/ecryptfs-2.6

config ECRYPT_FS

	tristate "eCrypt filesystem layer support (EXPERIMENTAL)"

	depends on EXPERIMENTAL && KEYS && CRYPTO && NET

	depends on EXPERIMENTAL && KEYS && NET

	select CRYPTO_ECB

	select CRYPTO_CBC

	help

	  Encrypted filesystem that operates on the VFS layer.  See

	  <file:Documentation/filesystems/ecryptfs.txt> to learn more about

		crypto_free_blkcipher(crypt_stat->tfm);

	if (crypt_stat->hash_tfm)

		crypto_free_hash(crypt_stat->hash_tfm);

	mutex_lock(&crypt_stat->keysig_list_mutex);

	list_for_each_entry_safe(key_sig, key_sig_tmp,

				 &crypt_stat->keysig_list, crypt_stat_list) {

		list_del(&key_sig->crypt_stat_list);

		kmem_cache_free(ecryptfs_key_sig_cache, key_sig);

	}

	mutex_unlock(&crypt_stat->keysig_list_mutex);

	memset(crypt_stat, 0, sizeof(struct ecryptfs_crypt_stat));

}

				  + extent_offset), crypt_stat);

		rc = ecryptfs_write_lower(ecryptfs_inode, enc_extent_virt,

					  offset, crypt_stat->extent_size);

		if (rc) {

		if (rc < 0) {

			ecryptfs_printk(KERN_ERR, "Error attempting "

					"to write lower page; rc = [%d]"

					"\n", rc);

			goto out;

		}

	}

	rc = 0;

out:

	if (enc_extent_page) {

		kunmap(enc_extent_page);

		rc = ecryptfs_read_lower(enc_extent_virt, offset,

					 crypt_stat->extent_size,

					 ecryptfs_inode);

		if (rc) {

		if (rc < 0) {

			ecryptfs_printk(KERN_ERR, "Error attempting "

					"to read lower page; rc = [%d]"

					"\n", rc);

	kfree(full_alg_name);

	if (IS_ERR(crypt_stat->tfm)) {

		rc = PTR_ERR(crypt_stat->tfm);

		crypt_stat->tfm = NULL;

		ecryptfs_printk(KERN_ERR, "cryptfs: init_crypt_ctx(): "

				"Error initializing cipher [%s]\n",

				crypt_stat->cipher);

	struct ecryptfs_global_auth_tok *global_auth_tok;

	int rc = 0;

	mutex_lock(&crypt_stat->keysig_list_mutex);

	mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex);

	list_for_each_entry(global_auth_tok,

			    &mount_crypt_stat->global_auth_tok_list,

			    mount_crypt_stat_list) {

		rc = ecryptfs_add_keysig(crypt_stat, global_auth_tok->sig);

		if (rc) {

			printk(KERN_ERR "Error adding keysig; rc = [%d]\n", rc);

			mutex_unlock(

				&mount_crypt_stat->global_auth_tok_list_mutex);

			goto out;

		}

	}

	mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex);

out:

	mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex);

	mutex_unlock(&crypt_stat->keysig_list_mutex);

	return rc;

}

		crypt_stat->extent_size = ECRYPTFS_DEFAULT_EXTENT_SIZE;

	rc = ecryptfs_read_lower(data, 0, crypt_stat->extent_size,

				 ecryptfs_inode);

	if (rc) {

	if (rc < 0) {

		printk(KERN_ERR "%s: Error reading header region; rc = [%d]\n",

		       __func__, rc);

		goto out;

	}

	if (!contains_ecryptfs_marker(data + ECRYPTFS_FILE_SIZE_BYTES)) {

		rc = -EINVAL;

	}

	} else

		rc = 0;

out:

	return rc;

}

	rc = ecryptfs_write_lower(ecryptfs_dentry->d_inode, virt,

				  0, virt_len);

	if (rc)

	if (rc < 0)

		printk(KERN_ERR "%s: Error attempting to write header "

		       "information to lower file; rc = [%d]\n", __func__,

		       rc);

		       "information to lower file; rc = [%d]\n", __func__, rc);

	else

		rc = 0;

	return rc;

}

	}

	rc = ecryptfs_read_lower(page_virt, 0, crypt_stat->extent_size,

				 ecryptfs_inode);

	if (!rc)

	if (rc >= 0)

		rc = ecryptfs_read_headers_virt(page_virt, crypt_stat,

						ecryptfs_dentry,

						ECRYPTFS_VALIDATE_HEADER_SIZE);

	} else {

		printk(KERN_ERR "%s: No support for requested filename "

		       "encryption method in this release\n", __func__);

		rc = -ENOTSUPP;

		rc = -EOPNOTSUPP;

		goto out;

	}

out:

	if (IS_ERR(*key_tfm)) {

		rc = PTR_ERR(*key_tfm);

		printk(KERN_ERR "Unable to allocate crypto cipher with name "

		       "[%s]; rc = [%d]\n", cipher_name, rc);

		       "[%s]; rc = [%d]\n", full_alg_name, rc);

		goto out;

	}

	crypto_blkcipher_set_flags(*key_tfm, CRYPTO_TFM_REQ_WEAK_KEY);

	rc = crypto_blkcipher_setkey(*key_tfm, dummy_key, *key_size);

	if (rc) {

		printk(KERN_ERR "Error attempting to set key of size [%zd] for "

		       "cipher [%s]; rc = [%d]\n", *key_size, cipher_name, rc);

		       "cipher [%s]; rc = [%d]\n", *key_size, full_alg_name,

		       rc);

		rc = -EINVAL;

		goto out;

	}

			(*encoded_name)[(*encoded_name_size)] = '\0';

			(*encoded_name_size)++;

		} else {

			rc = -ENOTSUPP;

			rc = -EOPNOTSUPP;

		}

		if (rc) {

			printk(KERN_ERR "%s: Error attempting to encode "

	struct inode *lower_dir_inode = ecryptfs_inode_to_lower(dir);

	struct dentry *lower_dir_dentry;

	dget(lower_dentry);

	lower_dir_dentry = lock_parent(lower_dentry);

	rc = vfs_unlink(lower_dir_inode, lower_dentry);

	if (rc) {

	d_drop(dentry);

out_unlock:

	unlock_dir(lower_dir_dentry);

	dput(lower_dentry);

	return rc;

}

			    &mount_crypt_stat->global_auth_tok_list,

			    mount_crypt_stat_list) {

		if (memcmp(walker->sig, sig, ECRYPTFS_SIG_SIZE_HEX) == 0) {

			rc = key_validate(walker->global_auth_tok_key);

			if (!rc)

				(*global_auth_tok) = walker;

			goto out;

		}

	}

	/* TODO: Support other key modules than passphrase for

	 * filename encryption */

	BUG_ON(s->auth_tok->token_type != ECRYPTFS_PASSWORD);

	if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) {

		rc = -EOPNOTSUPP;

		printk(KERN_INFO "%s: Filename encryption only supports "

		       "password tokens\n", __func__);

		goto out_free_unlock;

	}

	sg_init_one(

		&s->hash_sg,

		(u8 *)s->auth_tok->token.password.session_key_encryption_key,

	}

	/* TODO: Support other key modules than passphrase for

	 * filename encryption */

	BUG_ON(s->auth_tok->token_type != ECRYPTFS_PASSWORD);

	if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) {

		rc = -EOPNOTSUPP;

		printk(KERN_INFO "%s: Filename encryption only supports "

		       "password tokens\n", __func__);

		goto out_free_unlock;

	}

	rc = crypto_blkcipher_setkey(

		s->desc.tfm,

		s->auth_tok->token.password.session_key_encryption_key,

		rc = -EINVAL;

		goto out_free;

	}

	ecryptfs_cipher_code_to_string(crypt_stat->cipher,

	rc = ecryptfs_cipher_code_to_string(crypt_stat->cipher,

					    (u16)data[(*packet_size)]);

	if (rc)

		goto out_free;

	/* A little extra work to differentiate among the AES key

	 * sizes; see RFC2440 */

	switch(data[(*packet_size)++]) {

		crypt_stat->key_size =

			(*new_auth_tok)->session_key.encrypted_key_size;

	}

	ecryptfs_init_crypt_ctx(crypt_stat);

	rc = ecryptfs_init_crypt_ctx(crypt_stat);

	if (rc)

		goto out_free;

	if (unlikely(data[(*packet_size)++] != 0x03)) {

		printk(KERN_WARNING "Only S2K ID 3 is currently supported\n");

		rc = -ENOSYS;

int ecryptfs_add_keysig(struct ecryptfs_crypt_stat *crypt_stat, char *sig)

{

	struct ecryptfs_key_sig *new_key_sig;

	int rc = 0;

	new_key_sig = kmem_cache_alloc(ecryptfs_key_sig_cache, GFP_KERNEL);

	if (!new_key_sig) {

		rc = -ENOMEM;

		printk(KERN_ERR

		       "Error allocating from ecryptfs_key_sig_cache\n");

		goto out;

		return -ENOMEM;

	}

	memcpy(new_key_sig->keysig, sig, ECRYPTFS_SIG_SIZE_HEX);

	mutex_lock(&crypt_stat->keysig_list_mutex);

	/* Caller must hold keysig_list_mutex */

	list_add(&new_key_sig->crypt_stat_list, &crypt_stat->keysig_list);

	mutex_unlock(&crypt_stat->keysig_list_mutex);

out:

	return rc;

	return 0;

}

struct kmem_cache *ecryptfs_global_auth_tok_cache;

			     const struct cred *cred)

{

	struct ecryptfs_open_req *req;

	int flags = O_LARGEFILE;

	int rc = 0;

	/* Corresponding dput() and mntput() are done when the

	 * destroyed. */

	dget(lower_dentry);

	mntget(lower_mnt);

	(*lower_file) = dentry_open(lower_dentry, lower_mnt,

				    (O_RDWR | O_LARGEFILE), cred);

	flags |= IS_RDONLY(lower_dentry->d_inode) ? O_RDONLY : O_RDWR;

	(*lower_file) = dentry_open(lower_dentry, lower_mnt, flags, cred);

	if (!IS_ERR(*lower_file))

		goto out;

	if (flags & O_RDONLY) {

		rc = PTR_ERR((*lower_file));

		goto out;

	}

	req = kmem_cache_alloc(ecryptfs_open_req_cache, GFP_KERNEL);

	if (!req) {

		rc = -ENOMEM;

		       __func__);

		goto out_unlock;

	}

	if (IS_ERR(*req->lower_file)) {

	if (IS_ERR(*req->lower_file))

		rc = PTR_ERR(*req->lower_file);

		dget(lower_dentry);

		mntget(lower_mnt);

		(*lower_file) = dentry_open(lower_dentry, lower_mnt,

					    (O_RDONLY | O_LARGEFILE), cred);

		if (IS_ERR(*lower_file)) {

			rc = PTR_ERR(*req->lower_file);

			(*lower_file) = NULL;

			printk(KERN_WARNING "%s: Error attempting privileged "

			       "open of lower file with either RW or RO "

			       "perms; rc = [%d]. Giving up.\n",

			       __func__, rc);

		}

	}

out_unlock:

	mutex_unlock(&req->mux);

out_free: