Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ecryptfs/ecryptfs-2.6

				 &mount_crypt_stat->global_auth_tok_list,

				 mount_crypt_stat_list) {

		list_del(&auth_tok->mount_crypt_stat_list);

		mount_crypt_stat->num_global_auth_toks--;

		if (auth_tok->global_auth_tok_key

		    && !(auth_tok->flags & ECRYPTFS_AUTH_TOK_INVALID))

			key_put(auth_tok->global_auth_tok_key);

		rc = -ENOMEM;

		goto out;

	}

	/* Zeroed page ensures the in-header unencrypted i_size is set to 0 */

	rc = ecryptfs_write_headers_virt(virt, virt_len, &size, crypt_stat,

					 ecryptfs_dentry);

	if (unlikely(rc)) {

struct ecryptfs_key_sig {

	struct list_head crypt_stat_list;

	char keysig[ECRYPTFS_SIG_SIZE_HEX];

	char keysig[ECRYPTFS_SIG_SIZE_HEX + 1];

};

struct ecryptfs_filename {

struct ecryptfs_crypt_stat {

#define ECRYPTFS_STRUCT_INITIALIZED   0x00000001

#define ECRYPTFS_POLICY_APPLIED       0x00000002

#define ECRYPTFS_NEW_FILE             0x00000004

#define ECRYPTFS_ENCRYPTED            0x00000008

#define ECRYPTFS_SECURITY_WARNING     0x00000010

#define ECRYPTFS_ENABLE_HMAC          0x00000020

#define ECRYPTFS_ENCRYPT_IV_PAGES     0x00000040

#define ECRYPTFS_KEY_VALID            0x00000080

#define ECRYPTFS_METADATA_IN_XATTR    0x00000100

#define ECRYPTFS_VIEW_AS_ENCRYPTED    0x00000200

#define ECRYPTFS_KEY_SET              0x00000400

#define ECRYPTFS_ENCRYPT_FILENAMES    0x00000800

#define ECRYPTFS_ENCFN_USE_MOUNT_FNEK 0x00001000

#define ECRYPTFS_ENCFN_USE_FEK        0x00002000

#define ECRYPTFS_UNLINK_SIGS	      0x00004000

#define ECRYPTFS_ENCRYPTED            0x00000004

#define ECRYPTFS_SECURITY_WARNING     0x00000008

#define ECRYPTFS_ENABLE_HMAC          0x00000010

#define ECRYPTFS_ENCRYPT_IV_PAGES     0x00000020

#define ECRYPTFS_KEY_VALID            0x00000040

#define ECRYPTFS_METADATA_IN_XATTR    0x00000080

#define ECRYPTFS_VIEW_AS_ENCRYPTED    0x00000100

#define ECRYPTFS_KEY_SET              0x00000200

#define ECRYPTFS_ENCRYPT_FILENAMES    0x00000400

#define ECRYPTFS_ENCFN_USE_MOUNT_FNEK 0x00000800

#define ECRYPTFS_ENCFN_USE_FEK        0x00001000

#define ECRYPTFS_UNLINK_SIGS          0x00002000

	u32 flags;

	unsigned int file_version;

	size_t iv_bytes;

	struct inode vfs_inode;

	struct inode *wii_inode;

	struct file *lower_file;

	struct mutex lower_file_mutex;

	struct ecryptfs_crypt_stat crypt_stat;

};

	u32 flags;

	struct list_head mount_crypt_stat_list;

	struct key *global_auth_tok_key;

	struct ecryptfs_auth_tok *global_auth_tok;

	unsigned char sig[ECRYPTFS_SIG_SIZE_HEX + 1];

};

	u32 flags;

	struct list_head global_auth_tok_list;

	struct mutex global_auth_tok_list_mutex;

	size_t num_global_auth_toks;

	size_t global_default_cipher_key_size;

	size_t global_default_fn_cipher_key_bytes;

	unsigned char global_default_cipher_name[ECRYPTFS_MAX_CIPHER_NAME_SIZE

static int

ecryptfs_fsync(struct file *file, int datasync)

{

	return vfs_fsync(ecryptfs_file_to_lower(file), datasync);

	int rc = 0;

	rc = generic_file_fsync(file, datasync);

	if (rc)

		goto out;

	rc = vfs_fsync(ecryptfs_file_to_lower(file), datasync);

out:

	return rc;

}

static int ecryptfs_fasync(int fd, struct file *file, int flag)

	return rc;

}

/**

 * grow_file

 * @ecryptfs_dentry: the eCryptfs dentry

 *

 * This is the code which will grow the file to its correct size.

 */

static int grow_file(struct dentry *ecryptfs_dentry)

{

	struct inode *ecryptfs_inode = ecryptfs_dentry->d_inode;

	char zero_virt[] = { 0x00 };

	int rc = 0;

	rc = ecryptfs_write(ecryptfs_inode, zero_virt, 0, 1);

	i_size_write(ecryptfs_inode, 0);

	rc = ecryptfs_write_inode_size_to_metadata(ecryptfs_inode);

	ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat.flags |=

		ECRYPTFS_NEW_FILE;

	return rc;

}

/**

 * ecryptfs_initialize_file

 *

		crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);

		goto out;

	}

	crypt_stat->flags |= ECRYPTFS_NEW_FILE;

	ecryptfs_printk(KERN_DEBUG, "Initializing crypto context\n");

	rc = ecryptfs_new_file_context(ecryptfs_dentry);

	if (rc) {

		printk(KERN_ERR "Error writing headers; rc = [%d]\n", rc);

		goto out;

	}

	rc = grow_file(ecryptfs_dentry);

	if (rc)

		printk(KERN_ERR "Error growing file; rc = [%d]\n", rc);

out:

	return rc;

}

	return rc;

}

static int process_find_global_auth_tok_for_sig_err(int err_code)

{

	int rc = err_code;

	switch (err_code) {

	case -ENOENT:

		ecryptfs_printk(KERN_WARNING, "Missing auth tok\n");

		break;

	case -EINVAL:

		ecryptfs_printk(KERN_WARNING, "Invalid auth tok\n");

		break;

	default:

		rc = process_request_key_err(err_code);

		break;

	}

	return rc;

}

/**

 * ecryptfs_parse_packet_length

 * @data: Pointer to memory containing length at offset

	return rc;

}

/**

 * ecryptfs_verify_version

 * @version: The version number to confirm

 *

 * Returns zero on good version; non-zero otherwise

 */

static int ecryptfs_verify_version(u16 version)

{

	int rc = 0;

	unsigned char major;

	unsigned char minor;

	major = ((version >> 8) & 0xFF);

	minor = (version & 0xFF);

	if (major != ECRYPTFS_VERSION_MAJOR) {

		ecryptfs_printk(KERN_ERR, "Major version number mismatch. "

				"Expected [%d]; got [%d]\n",

				ECRYPTFS_VERSION_MAJOR, major);

		rc = -EINVAL;

		goto out;

	}

	if (minor != ECRYPTFS_VERSION_MINOR) {

		ecryptfs_printk(KERN_ERR, "Minor version number mismatch. "

				"Expected [%d]; got [%d]\n",

				ECRYPTFS_VERSION_MINOR, minor);

		rc = -EINVAL;

		goto out;

	}

out:

	return rc;

}

/**

 * ecryptfs_verify_auth_tok_from_key

 * @auth_tok_key: key containing the authentication token

 * @auth_tok: authentication token

 *

 * Returns zero on valid auth tok; -EINVAL otherwise

 */

static int

ecryptfs_verify_auth_tok_from_key(struct key *auth_tok_key,

				  struct ecryptfs_auth_tok **auth_tok)

{

	int rc = 0;

	(*auth_tok) = ecryptfs_get_key_payload_data(auth_tok_key);

	if (ecryptfs_verify_version((*auth_tok)->version)) {

		printk(KERN_ERR "Data structure version mismatch. Userspace "

		       "tools must match eCryptfs kernel module with major "

		       "version [%d] and minor version [%d]\n",

		       ECRYPTFS_VERSION_MAJOR, ECRYPTFS_VERSION_MINOR);

		rc = -EINVAL;

		goto out;

	}

	if ((*auth_tok)->token_type != ECRYPTFS_PASSWORD

	    && (*auth_tok)->token_type != ECRYPTFS_PRIVATE_KEY) {

		printk(KERN_ERR "Invalid auth_tok structure "

		       "returned from key query\n");

		rc = -EINVAL;

		goto out;

	}

out:

	return rc;

}

static int

ecryptfs_find_global_auth_tok_for_sig(

	struct ecryptfs_global_auth_tok **global_auth_tok,

	struct key **auth_tok_key,

	struct ecryptfs_auth_tok **auth_tok,

	struct ecryptfs_mount_crypt_stat *mount_crypt_stat, char *sig)

{

	struct ecryptfs_global_auth_tok *walker;

	int rc = 0;

	(*global_auth_tok) = NULL;

	(*auth_tok_key) = NULL;

	(*auth_tok) = NULL;

	mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex);

	list_for_each_entry(walker,

			    &mount_crypt_stat->global_auth_tok_list,

			    mount_crypt_stat_list) {

		if (memcmp(walker->sig, sig, ECRYPTFS_SIG_SIZE_HEX) == 0) {

		if (memcmp(walker->sig, sig, ECRYPTFS_SIG_SIZE_HEX))

			continue;

		if (walker->flags & ECRYPTFS_AUTH_TOK_INVALID) {

			rc = -EINVAL;

			goto out;

		}

		rc = key_validate(walker->global_auth_tok_key);

			if (!rc)

				(*global_auth_tok) = walker;

		if (rc) {

			if (rc == -EKEYEXPIRED)

				goto out;

			goto out_invalid_auth_tok;

		}

		down_write(&(walker->global_auth_tok_key->sem));

		rc = ecryptfs_verify_auth_tok_from_key(

				walker->global_auth_tok_key, auth_tok);

		if (rc)

			goto out_invalid_auth_tok_unlock;

		(*auth_tok_key) = walker->global_auth_tok_key;

		key_get(*auth_tok_key);

		goto out;

	}

	rc = -EINVAL;

	rc = -ENOENT;

	goto out;

out_invalid_auth_tok_unlock:

	up_write(&(walker->global_auth_tok_key->sem));

out_invalid_auth_tok:

	printk(KERN_WARNING "Invalidating auth tok with sig = [%s]\n", sig);

	walker->flags |= ECRYPTFS_AUTH_TOK_INVALID;

	key_put(walker->global_auth_tok_key);

	walker->global_auth_tok_key = NULL;

out:

	mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex);

	return rc;

	struct ecryptfs_mount_crypt_stat *mount_crypt_stat,

	char *sig)

{

	struct ecryptfs_global_auth_tok *global_auth_tok;

	int rc = 0;

	(*auth_tok_key) = NULL;

	(*auth_tok) = NULL;

	if (ecryptfs_find_global_auth_tok_for_sig(&global_auth_tok,

						  mount_crypt_stat, sig)) {

	rc = ecryptfs_find_global_auth_tok_for_sig(auth_tok_key, auth_tok,

						   mount_crypt_stat, sig);

	if (rc == -ENOENT) {

		/* if the flag ECRYPTFS_GLOBAL_MOUNT_AUTH_TOK_ONLY is set in the

		 * mount_crypt_stat structure, we prevent to use auth toks that

		 * are not inserted through the ecryptfs_add_global_auth_tok

		rc = ecryptfs_keyring_auth_tok_for_sig(auth_tok_key, auth_tok,

						       sig);

	} else

		(*auth_tok) = global_auth_tok->global_auth_tok;

	}

	return rc;

}

	}

	s->desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP;

	(*packet_size) = 0;

	rc = ecryptfs_find_auth_tok_for_sig(

		&auth_tok_key,

		&s->auth_tok, mount_crypt_stat,

		mount_crypt_stat->global_default_fnek_sig);

	if (rc) {

		printk(KERN_ERR "%s: Error attempting to find auth tok for "

		       "fnek sig [%s]; rc = [%d]\n", __func__,

		       mount_crypt_stat->global_default_fnek_sig, rc);

		goto out;

	}

	rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(

		&s->desc.tfm,

		&s->tfm_mutex, mount_crypt_stat->global_default_fn_cipher_name);

		goto out_free_unlock;

	}

	dest[s->i++] = s->cipher_code;

	rc = ecryptfs_find_auth_tok_for_sig(

		&auth_tok_key,

		&s->auth_tok, mount_crypt_stat,

		mount_crypt_stat->global_default_fnek_sig);

	if (rc) {

		printk(KERN_ERR "%s: Error attempting to find auth tok for "

		       "fnek sig [%s]; rc = [%d]\n", __func__,

		       mount_crypt_stat->global_default_fnek_sig, rc);

		goto out_free_unlock;

	}

	/* TODO: Support other key modules than passphrase for

	 * filename encryption */

	if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) {

out_unlock:

	mutex_unlock(s->tfm_mutex);

out:

	if (auth_tok_key)

	if (auth_tok_key) {

		up_write(&(auth_tok_key->sem));

		key_put(auth_tok_key);

	}

	kfree(s);

	return rc;

}

		       __func__, s->cipher_code);

		goto out;

	}

	rc = ecryptfs_find_auth_tok_for_sig(&auth_tok_key,

					    &s->auth_tok, mount_crypt_stat,

					    s->fnek_sig_hex);

	if (rc) {

		printk(KERN_ERR "%s: Error attempting to find auth tok for "

		       "fnek sig [%s]; rc = [%d]\n", __func__, s->fnek_sig_hex,

		       rc);

		goto out;

	}

	rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&s->desc.tfm,

							&s->tfm_mutex,

							s->cipher_string);

	 * >= ECRYPTFS_MAX_IV_BYTES. */

	memset(s->iv, 0, ECRYPTFS_MAX_IV_BYTES);

	s->desc.info = s->iv;

	rc = ecryptfs_find_auth_tok_for_sig(&auth_tok_key,

					    &s->auth_tok, mount_crypt_stat,

					    s->fnek_sig_hex);

	if (rc) {

		printk(KERN_ERR "%s: Error attempting to find auth tok for "

		       "fnek sig [%s]; rc = [%d]\n", __func__, s->fnek_sig_hex,

		       rc);

		goto out_free_unlock;

	}

	/* TODO: Support other key modules than passphrase for

	 * filename encryption */

	if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) {

		(*filename_size) = 0;

		(*filename) = NULL;

	}

	if (auth_tok_key)

	if (auth_tok_key) {

		up_write(&(auth_tok_key->sem));

		key_put(auth_tok_key);

	}

	kfree(s);

	return rc;

}

	return rc;

}

/**

 * ecryptfs_verify_version

 * @version: The version number to confirm

 *

 * Returns zero on good version; non-zero otherwise

 */

static int ecryptfs_verify_version(u16 version)

{

	int rc = 0;

	unsigned char major;

	unsigned char minor;

	major = ((version >> 8) & 0xFF);

	minor = (version & 0xFF);

	if (major != ECRYPTFS_VERSION_MAJOR) {

		ecryptfs_printk(KERN_ERR, "Major version number mismatch. "

				"Expected [%d]; got [%d]\n",

				ECRYPTFS_VERSION_MAJOR, major);

		rc = -EINVAL;

		goto out;

	}

	if (minor != ECRYPTFS_VERSION_MINOR) {

		ecryptfs_printk(KERN_ERR, "Minor version number mismatch. "

				"Expected [%d]; got [%d]\n",

				ECRYPTFS_VERSION_MINOR, minor);

		rc = -EINVAL;

		goto out;

	}

out:

	return rc;

}

int ecryptfs_keyring_auth_tok_for_sig(struct key **auth_tok_key,

				      struct ecryptfs_auth_tok **auth_tok,

				      char *sig)

		printk(KERN_ERR "Could not find key with description: [%s]\n",

		       sig);

		rc = process_request_key_err(PTR_ERR(*auth_tok_key));

		(*auth_tok_key) = NULL;

		goto out;

	}

	(*auth_tok) = ecryptfs_get_key_payload_data(*auth_tok_key);

	if (ecryptfs_verify_version((*auth_tok)->version)) {

		printk(KERN_ERR

		       "Data structure version mismatch. "

		       "Userspace tools must match eCryptfs "

		       "kernel module with major version [%d] "

		       "and minor version [%d]\n",

		       ECRYPTFS_VERSION_MAJOR,

		       ECRYPTFS_VERSION_MINOR);

		rc = -EINVAL;

		goto out_release_key;

	}

	if ((*auth_tok)->token_type != ECRYPTFS_PASSWORD

	    && (*auth_tok)->token_type != ECRYPTFS_PRIVATE_KEY) {

		printk(KERN_ERR "Invalid auth_tok structure "

		       "returned from key query\n");

		rc = -EINVAL;

		goto out_release_key;

	}

out_release_key:

	down_write(&(*auth_tok_key)->sem);

	rc = ecryptfs_verify_auth_tok_from_key(*auth_tok_key, auth_tok);

	if (rc) {

		up_write(&(*auth_tok_key)->sem);

		key_put(*auth_tok_key);

		(*auth_tok_key) = NULL;

		goto out;

	}

out:

	return rc;

find_next_matching_auth_tok:

	found_auth_tok = 0;

	if (auth_tok_key) {

		up_write(&(auth_tok_key->sem));

		key_put(auth_tok_key);

		auth_tok_key = NULL;

	}

out_wipe_list:

	wipe_auth_tok_list(&auth_tok_list);

out:

	if (auth_tok_key)

	if (auth_tok_key) {

		up_write(&(auth_tok_key->sem));

		key_put(auth_tok_key);

	}

	return rc;

}

				 size_t max)

{

	struct ecryptfs_auth_tok *auth_tok;

	struct ecryptfs_global_auth_tok *global_auth_tok;

	struct key *auth_tok_key = NULL;

	struct ecryptfs_mount_crypt_stat *mount_crypt_stat =

		&ecryptfs_superblock_to_private(

			ecryptfs_dentry->d_sb)->mount_crypt_stat;

	list_for_each_entry(key_sig, &crypt_stat->keysig_list,

			    crypt_stat_list) {

		memset(key_rec, 0, sizeof(*key_rec));

		rc = ecryptfs_find_global_auth_tok_for_sig(&global_auth_tok,

		rc = ecryptfs_find_global_auth_tok_for_sig(&auth_tok_key,

							   &auth_tok,

							   mount_crypt_stat,

							   key_sig->keysig);

		if (rc) {

			printk(KERN_ERR "Error attempting to get the global "

			       "auth_tok; rc = [%d]\n", rc);

			printk(KERN_WARNING "Unable to retrieve auth tok with "

			       "sig = [%s]\n", key_sig->keysig);

			rc = process_find_global_auth_tok_for_sig_err(rc);

			goto out_free;

		}

		if (global_auth_tok->flags & ECRYPTFS_AUTH_TOK_INVALID) {

			printk(KERN_WARNING

			       "Skipping invalid auth tok with sig = [%s]\n",

			       global_auth_tok->sig);

			continue;

		}

		auth_tok = global_auth_tok->global_auth_tok;

		if (auth_tok->token_type == ECRYPTFS_PASSWORD) {

			rc = write_tag_3_packet((dest_base + (*len)),

						&max, auth_tok,

			rc = -EINVAL;

			goto out_free;

		}

		up_write(&(auth_tok_key->sem));

		key_put(auth_tok_key);

		auth_tok_key = NULL;

	}

	if (likely(max > 0)) {

		dest_base[(*len)] = 0x00;

out:

	if (rc)

		(*len) = 0;

	if (auth_tok_key) {

		up_write(&(auth_tok_key->sem));

		key_put(auth_tok_key);

	}

	mutex_unlock(&crypt_stat->keysig_list_mutex);

	return rc;

}

		return -ENOMEM;

	}

	memcpy(new_key_sig->keysig, sig, ECRYPTFS_SIG_SIZE_HEX);

	new_key_sig->keysig[ECRYPTFS_SIG_SIZE_HEX] = '\0';

	/* Caller must hold keysig_list_mutex */

	list_add(&new_key_sig->crypt_stat_list, &crypt_stat->keysig_list);

	mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex);

	list_add(&new_auth_tok->mount_crypt_stat_list,

		 &mount_crypt_stat->global_auth_tok_list);

	mount_crypt_stat->num_global_auth_toks++;

	mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex);

out:

	return rc;