Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tyhicks/ecryptfs

ECRYPT FILE SYSTEM

M:	Tyler Hicks <tyhicks@canonical.com>

M:	Dustin Kirkland <kirkland@canonical.com>

M:	Dustin Kirkland <dustin.kirkland@gazzang.com>

L:	ecryptfs@vger.kernel.org

W:	https://launchpad.net/ecryptfs

S:	Supported

			(unsigned long long)(extent_base + extent_offset), rc);

		goto out;

	}

	if (unlikely(ecryptfs_verbosity > 0)) {

		ecryptfs_printk(KERN_DEBUG, "Encrypting extent "

				"with iv:\n");

		ecryptfs_dump_hex(extent_iv, crypt_stat->iv_bytes);

		ecryptfs_printk(KERN_DEBUG, "First 8 bytes before "

				"encryption:\n");

		ecryptfs_dump_hex((char *)

				  (page_address(page)

				   + (extent_offset * crypt_stat->extent_size)),

				  8);

	}

	rc = ecryptfs_encrypt_page_offset(crypt_stat, enc_extent_page, 0,

					  page, (extent_offset

						 * crypt_stat->extent_size),

		goto out;

	}

	rc = 0;

	if (unlikely(ecryptfs_verbosity > 0)) {

		ecryptfs_printk(KERN_DEBUG, "Encrypt extent [0x%.16llx]; "

			"rc = [%d]\n",

			(unsigned long long)(extent_base + extent_offset), rc);

		ecryptfs_printk(KERN_DEBUG, "First 8 bytes after "

				"encryption:\n");

		ecryptfs_dump_hex((char *)(page_address(enc_extent_page)), 8);

	}

out:

	return rc;

}

			(unsigned long long)(extent_base + extent_offset), rc);

		goto out;

	}

	if (unlikely(ecryptfs_verbosity > 0)) {

		ecryptfs_printk(KERN_DEBUG, "Decrypting extent "

				"with iv:\n");

		ecryptfs_dump_hex(extent_iv, crypt_stat->iv_bytes);

		ecryptfs_printk(KERN_DEBUG, "First 8 bytes before "

				"decryption:\n");

		ecryptfs_dump_hex((char *)

				  (page_address(enc_extent_page)

				   + (extent_offset * crypt_stat->extent_size)),

				  8);

	}

	rc = ecryptfs_decrypt_page_offset(crypt_stat, page,

					  (extent_offset

					   * crypt_stat->extent_size),

		goto out;

	}

	rc = 0;

	if (unlikely(ecryptfs_verbosity > 0)) {

		ecryptfs_printk(KERN_DEBUG, "Decrypt extent [0x%.16llx]; "

			"rc = [%d]\n",

			(unsigned long long)(extent_base + extent_offset), rc);

		ecryptfs_printk(KERN_DEBUG, "First 8 bytes after "

				"decryption:\n");

		ecryptfs_dump_hex((char *)(page_address(page)

					   + (extent_offset

					      * crypt_stat->extent_size)), 8);

	}

out:

	return rc;

}

 */

int ecryptfs_read_metadata(struct dentry *ecryptfs_dentry)

{

	int rc = 0;

	char *page_virt = NULL;

	int rc;

	char *page_virt;

	struct inode *ecryptfs_inode = ecryptfs_dentry->d_inode;

	struct ecryptfs_crypt_stat *crypt_stat =

	    &ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat;

						ecryptfs_dentry,

						ECRYPTFS_VALIDATE_HEADER_SIZE);

	if (rc) {

		/* metadata is not in the file header, so try xattrs */

		memset(page_virt, 0, PAGE_CACHE_SIZE);

		rc = ecryptfs_read_xattr_region(page_virt, ecryptfs_inode);

		if (rc) {

			printk(KERN_DEBUG "Valid eCryptfs headers not found in "

			       "file header region or xattr region\n");

			       "file header region or xattr region, inode %lu\n",

				ecryptfs_inode->i_ino);

			rc = -EINVAL;

			goto out;

		}

						ECRYPTFS_DONT_VALIDATE_HEADER_SIZE);

		if (rc) {

			printk(KERN_DEBUG "Valid eCryptfs headers not found in "

			       "file xattr region either\n");

			       "file xattr region either, inode %lu\n",

				ecryptfs_inode->i_ino);

			rc = -EINVAL;

		}

		if (crypt_stat->mount_crypt_stat->flags

			       "crypto metadata only in the extended attribute "

			       "region, but eCryptfs was mounted without "

			       "xattr support enabled. eCryptfs will not treat "

			       "this like an encrypted file.\n");

			       "this like an encrypted file, inode %lu\n",

				ecryptfs_inode->i_ino);

			rc = -EINVAL;

		}

	}

					  * dentry name */

#define ECRYPTFS_TAG_73_PACKET_TYPE 0x49 /* FEK-encrypted filename as

					  * metadata */

#define ECRYPTFS_MIN_PKT_LEN_SIZE 1 /* Min size to specify packet length */

#define ECRYPTFS_MAX_PKT_LEN_SIZE 2 /* Pass at least this many bytes to

				     * ecryptfs_parse_packet_length() and

				     * ecryptfs_write_packet_length()

				     */

/* Constraint: ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES >=

 * ECRYPTFS_MAX_IV_BYTES */

#define ECRYPTFS_FILENAME_MIN_RANDOM_PREPEND_BYTES 16

		size_t num_zeros = (PAGE_CACHE_SIZE

				    - (ia->ia_size & ~PAGE_CACHE_MASK));

		/*

		 * XXX(truncate) this should really happen at the begginning

		 * of ->setattr.  But the code is too messy to that as part

		 * of a larger patch.  ecryptfs is also totally missing out

		 * on the inode_change_ok check at the beginning of

		 * ->setattr while would include this.

		 */

		rc = inode_newsize_ok(inode, ia->ia_size);

		if (rc)

			goto out;

		if (!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) {

			truncate_setsize(inode, ia->ia_size);

			lower_ia->ia_size = ia->ia_size;

	return rc;

}

static int ecryptfs_inode_newsize_ok(struct inode *inode, loff_t offset)

{

	struct ecryptfs_crypt_stat *crypt_stat;

	loff_t lower_oldsize, lower_newsize;

	crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat;

	lower_oldsize = upper_size_to_lower_size(crypt_stat,

						 i_size_read(inode));

	lower_newsize = upper_size_to_lower_size(crypt_stat, offset);

	if (lower_newsize > lower_oldsize) {

		/*

		 * The eCryptfs inode and the new *lower* size are mixed here

		 * because we may not have the lower i_mutex held and/or it may

		 * not be appropriate to call inode_newsize_ok() with inodes

		 * from other filesystems.

		 */

		return inode_newsize_ok(inode, lower_newsize);

	}

	return 0;

}

/**

 * ecryptfs_truncate

 * @dentry: The ecryptfs layer dentry

	struct iattr lower_ia = { .ia_valid = 0 };

	int rc;

	rc = ecryptfs_inode_newsize_ok(dentry->d_inode, new_length);

	if (rc)

		return rc;

	rc = truncate_upper(dentry, &ia, &lower_ia);

	if (!rc && lower_ia.ia_valid & ATTR_SIZE) {

		struct dentry *lower_dentry = ecryptfs_dentry_to_lower(dentry);

		}

	}

	mutex_unlock(&crypt_stat->cs_mutex);

	rc = inode_change_ok(inode, ia);

	if (rc)

		goto out;

	if (ia->ia_valid & ATTR_SIZE) {

		rc = ecryptfs_inode_newsize_ok(inode, ia->ia_size);

		if (rc)

			goto out;

	}

	if (S_ISREG(inode->i_mode)) {

		rc = filemap_write_and_wait(inode->i_mapping);

		if (rc)

		(*size) += ((unsigned char)(data[1]) + 192);

		(*length_size) = 2;

	} else if (data[0] == 255) {

		/* Five-byte length; we're not supposed to see this */

		/* If support is added, adjust ECRYPTFS_MAX_PKT_LEN_SIZE */

		ecryptfs_printk(KERN_ERR, "Five-byte packet length not "

				"supported\n");

		rc = -EINVAL;

/**

 * ecryptfs_write_packet_length

 * @dest: The byte array target into which to write the length. Must

 *        have at least 5 bytes allocated.

 *        have at least ECRYPTFS_MAX_PKT_LEN_SIZE bytes allocated.

 * @size: The length to write.

 * @packet_size_length: The number of bytes used to encode the packet

 *                      length is written to this address.

		dest[1] = ((size - 192) % 256);

		(*packet_size_length) = 2;

	} else {

		/* If support is added, adjust ECRYPTFS_MAX_PKT_LEN_SIZE */

		rc = -EINVAL;

		ecryptfs_printk(KERN_WARNING,

				"Unsupported packet size: [%zd]\n", size);