1 /** 2 * eCryptfs: Linux filesystem encryption layer 3 * This is where eCryptfs coordinates the symmetric encryption and 4 * decryption of the file data as it passes between the lower 5 * encrypted file and the upper decrypted file. 6 * 7 * Copyright (C) 1997-2003 Erez Zadok 8 * Copyright (C) 2001-2003 Stony Brook University 9 * Copyright (C) 2004-2007 International Business Machines Corp. 10 * Author(s): Michael A. Halcrow <mahalcro@us.ibm.com> 11 * 12 * This program is free software; you can redistribute it and/or 13 * modify it under the terms of the GNU General Public License as 14 * published by the Free Software Foundation; either version 2 of the 15 * License, or (at your option) any later version. 16 * 17 * This program is distributed in the hope that it will be useful, but 18 * WITHOUT ANY WARRANTY; without even the implied warranty of 19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 20 * General Public License for more details. 21 * 22 * You should have received a copy of the GNU General Public License 23 * along with this program; if not, write to the Free Software 24 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 25 * 02111-1307, USA. 26 */ 27 28 #include <linux/pagemap.h> 29 #include <linux/writeback.h> 30 #include <linux/page-flags.h> 31 #include <linux/mount.h> 32 #include <linux/file.h> 33 #include <linux/crypto.h> 34 #include <linux/scatterlist.h> 35 #include "ecryptfs_kernel.h" 36 37 struct kmem_cache *ecryptfs_lower_page_cache; 38 39 /** 40 * ecryptfs_get1page 41 * 42 * Get one page from cache or lower f/s, return error otherwise. 43 * 44 * Returns unlocked and up-to-date page (if ok), with increased 45 * refcnt. 46 */ 47 static struct page *ecryptfs_get1page(struct file *file, int index) 48 { 49 struct page *page; 50 struct dentry *dentry; 51 struct inode *inode; 52 struct address_space *mapping; 53 54 dentry = file->f_path.dentry; 55 inode = dentry->d_inode; 56 mapping = inode->i_mapping; 57 page = read_cache_page(mapping, index, 58 (filler_t *)mapping->a_ops->readpage, 59 (void *)file); 60 if (IS_ERR(page)) 61 goto out; 62 wait_on_page_locked(page); 63 out: 64 return page; 65 } 66 67 static 68 int write_zeros(struct file *file, pgoff_t index, int start, int num_zeros); 69 70 /** 71 * ecryptfs_fill_zeros 72 * @file: The ecryptfs file 73 * @new_length: The new length of the data in the underlying file; 74 * everything between the prior end of the file and the 75 * new end of the file will be filled with zero's. 76 * new_length must be greater than current length 77 * 78 * Function for handling lseek-ing past the end of the file. 79 * 80 * This function does not support shrinking, only growing a file. 81 * 82 * Returns zero on success; non-zero otherwise. 83 */ 84 int ecryptfs_fill_zeros(struct file *file, loff_t new_length) 85 { 86 int rc = 0; 87 struct dentry *dentry = file->f_path.dentry; 88 struct inode *inode = dentry->d_inode; 89 pgoff_t old_end_page_index = 0; 90 pgoff_t index = old_end_page_index; 91 int old_end_pos_in_page = -1; 92 pgoff_t new_end_page_index; 93 int new_end_pos_in_page; 94 loff_t cur_length = i_size_read(inode); 95 96 if (cur_length != 0) { 97 index = old_end_page_index = 98 ((cur_length - 1) >> PAGE_CACHE_SHIFT); 99 old_end_pos_in_page = ((cur_length - 1) & ~PAGE_CACHE_MASK); 100 } 101 new_end_page_index = ((new_length - 1) >> PAGE_CACHE_SHIFT); 102 new_end_pos_in_page = ((new_length - 1) & ~PAGE_CACHE_MASK); 103 ecryptfs_printk(KERN_DEBUG, "old_end_page_index = [0x%.16x]; " 104 "old_end_pos_in_page = [%d]; " 105 "new_end_page_index = [0x%.16x]; " 106 "new_end_pos_in_page = [%d]\n", 107 old_end_page_index, old_end_pos_in_page, 108 new_end_page_index, new_end_pos_in_page); 109 if (old_end_page_index == new_end_page_index) { 110 /* Start and end are in the same page; we just need to 111 * set a portion of the existing page to zero's */ 112 rc = write_zeros(file, index, (old_end_pos_in_page + 1), 113 (new_end_pos_in_page - old_end_pos_in_page)); 114 if (rc) 115 ecryptfs_printk(KERN_ERR, "write_zeros(file=[%p], " 116 "index=[0x%.16x], " 117 "old_end_pos_in_page=[d], " 118 "(PAGE_CACHE_SIZE - new_end_pos_in_page" 119 "=[%d]" 120 ")=[d]) returned [%d]\n", file, index, 121 old_end_pos_in_page, 122 new_end_pos_in_page, 123 (PAGE_CACHE_SIZE - new_end_pos_in_page), 124 rc); 125 goto out; 126 } 127 /* Fill the remainder of the previous last page with zeros */ 128 rc = write_zeros(file, index, (old_end_pos_in_page + 1), 129 ((PAGE_CACHE_SIZE - 1) - old_end_pos_in_page)); 130 if (rc) { 131 ecryptfs_printk(KERN_ERR, "write_zeros(file=[%p], " 132 "index=[0x%.16x], old_end_pos_in_page=[d], " 133 "(PAGE_CACHE_SIZE - old_end_pos_in_page)=[d]) " 134 "returned [%d]\n", file, index, 135 old_end_pos_in_page, 136 (PAGE_CACHE_SIZE - old_end_pos_in_page), rc); 137 goto out; 138 } 139 index++; 140 while (index < new_end_page_index) { 141 /* Fill all intermediate pages with zeros */ 142 rc = write_zeros(file, index, 0, PAGE_CACHE_SIZE); 143 if (rc) { 144 ecryptfs_printk(KERN_ERR, "write_zeros(file=[%p], " 145 "index=[0x%.16x], " 146 "old_end_pos_in_page=[d], " 147 "(PAGE_CACHE_SIZE - new_end_pos_in_page" 148 "=[%d]" 149 ")=[d]) returned [%d]\n", file, index, 150 old_end_pos_in_page, 151 new_end_pos_in_page, 152 (PAGE_CACHE_SIZE - new_end_pos_in_page), 153 rc); 154 goto out; 155 } 156 index++; 157 } 158 /* Fill the portion at the beginning of the last new page with 159 * zero's */ 160 rc = write_zeros(file, index, 0, (new_end_pos_in_page + 1)); 161 if (rc) { 162 ecryptfs_printk(KERN_ERR, "write_zeros(file=" 163 "[%p], index=[0x%.16x], 0, " 164 "new_end_pos_in_page=[%d]" 165 "returned [%d]\n", file, index, 166 new_end_pos_in_page, rc); 167 goto out; 168 } 169 out: 170 return rc; 171 } 172 173 /** 174 * ecryptfs_writepage 175 * @page: Page that is locked before this call is made 176 * 177 * Returns zero on success; non-zero otherwise 178 */ 179 static int ecryptfs_writepage(struct page *page, struct writeback_control *wbc) 180 { 181 struct ecryptfs_page_crypt_context ctx; 182 int rc; 183 184 ctx.page = page; 185 ctx.mode = ECRYPTFS_WRITEPAGE_MODE; 186 ctx.param.wbc = wbc; 187 rc = ecryptfs_encrypt_page(&ctx); 188 if (rc) { 189 ecryptfs_printk(KERN_WARNING, "Error encrypting " 190 "page (upper index [0x%.16x])\n", page->index); 191 ClearPageUptodate(page); 192 goto out; 193 } 194 SetPageUptodate(page); 195 unlock_page(page); 196 out: 197 return rc; 198 } 199 200 /** 201 * Reads the data from the lower file file at index lower_page_index 202 * and copies that data into page. 203 * 204 * @param page Page to fill 205 * @param lower_page_index Index of the page in the lower file to get 206 */ 207 int ecryptfs_do_readpage(struct file *file, struct page *page, 208 pgoff_t lower_page_index) 209 { 210 int rc; 211 struct dentry *dentry; 212 struct file *lower_file; 213 struct dentry *lower_dentry; 214 struct inode *inode; 215 struct inode *lower_inode; 216 char *page_data; 217 struct page *lower_page = NULL; 218 char *lower_page_data; 219 const struct address_space_operations *lower_a_ops; 220 221 dentry = file->f_path.dentry; 222 lower_file = ecryptfs_file_to_lower(file); 223 lower_dentry = ecryptfs_dentry_to_lower(dentry); 224 inode = dentry->d_inode; 225 lower_inode = ecryptfs_inode_to_lower(inode); 226 lower_a_ops = lower_inode->i_mapping->a_ops; 227 lower_page = read_cache_page(lower_inode->i_mapping, lower_page_index, 228 (filler_t *)lower_a_ops->readpage, 229 (void *)lower_file); 230 if (IS_ERR(lower_page)) { 231 rc = PTR_ERR(lower_page); 232 lower_page = NULL; 233 ecryptfs_printk(KERN_ERR, "Error reading from page cache\n"); 234 goto out; 235 } 236 wait_on_page_locked(lower_page); 237 page_data = kmap_atomic(page, KM_USER0); 238 lower_page_data = kmap_atomic(lower_page, KM_USER1); 239 memcpy(page_data, lower_page_data, PAGE_CACHE_SIZE); 240 kunmap_atomic(lower_page_data, KM_USER1); 241 kunmap_atomic(page_data, KM_USER0); 242 flush_dcache_page(page); 243 rc = 0; 244 out: 245 if (likely(lower_page)) 246 page_cache_release(lower_page); 247 if (rc == 0) 248 SetPageUptodate(page); 249 else 250 ClearPageUptodate(page); 251 return rc; 252 } 253 /** 254 * Header Extent: 255 * Octets 0-7: Unencrypted file size (big-endian) 256 * Octets 8-15: eCryptfs special marker 257 * Octets 16-19: Flags 258 * Octet 16: File format version number (between 0 and 255) 259 * Octets 17-18: Reserved 260 * Octet 19: Bit 1 (lsb): Reserved 261 * Bit 2: Encrypted? 262 * Bits 3-8: Reserved 263 * Octets 20-23: Header extent size (big-endian) 264 * Octets 24-25: Number of header extents at front of file 265 * (big-endian) 266 * Octet 26: Begin RFC 2440 authentication token packet set 267 */ 268 static void set_header_info(char *page_virt, 269 struct ecryptfs_crypt_stat *crypt_stat) 270 { 271 size_t written; 272 int save_num_header_extents_at_front = 273 crypt_stat->num_header_extents_at_front; 274 275 crypt_stat->num_header_extents_at_front = 1; 276 ecryptfs_write_header_metadata(page_virt + 20, crypt_stat, &written); 277 crypt_stat->num_header_extents_at_front = 278 save_num_header_extents_at_front; 279 } 280 281 /** 282 * ecryptfs_readpage 283 * @file: This is an ecryptfs file 284 * @page: ecryptfs associated page to stick the read data into 285 * 286 * Read in a page, decrypting if necessary. 287 * 288 * Returns zero on success; non-zero on error. 289 */ 290 static int ecryptfs_readpage(struct file *file, struct page *page) 291 { 292 int rc = 0; 293 struct ecryptfs_crypt_stat *crypt_stat; 294 295 BUG_ON(!(file && file->f_path.dentry && file->f_path.dentry->d_inode)); 296 crypt_stat = &ecryptfs_inode_to_private(file->f_path.dentry->d_inode) 297 ->crypt_stat; 298 if (!crypt_stat 299 || !(crypt_stat->flags & ECRYPTFS_ENCRYPTED) 300 || (crypt_stat->flags & ECRYPTFS_NEW_FILE)) { 301 ecryptfs_printk(KERN_DEBUG, 302 "Passing through unencrypted page\n"); 303 rc = ecryptfs_do_readpage(file, page, page->index); 304 if (rc) { 305 ecryptfs_printk(KERN_ERR, "Error reading page; rc = " 306 "[%d]\n", rc); 307 goto out; 308 } 309 } else if (crypt_stat->flags & ECRYPTFS_VIEW_AS_ENCRYPTED) { 310 if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR) { 311 int num_pages_in_header_region = 312 (crypt_stat->header_extent_size 313 / PAGE_CACHE_SIZE); 314 315 if (page->index < num_pages_in_header_region) { 316 char *page_virt; 317 318 page_virt = kmap_atomic(page, KM_USER0); 319 memset(page_virt, 0, PAGE_CACHE_SIZE); 320 if (page->index == 0) { 321 rc = ecryptfs_read_xattr_region( 322 page_virt, file->f_path.dentry); 323 set_header_info(page_virt, crypt_stat); 324 } 325 kunmap_atomic(page_virt, KM_USER0); 326 flush_dcache_page(page); 327 if (rc) { 328 printk(KERN_ERR "Error reading xattr " 329 "region\n"); 330 goto out; 331 } 332 } else { 333 rc = ecryptfs_do_readpage( 334 file, page, 335 (page->index 336 - num_pages_in_header_region)); 337 if (rc) { 338 printk(KERN_ERR "Error reading page; " 339 "rc = [%d]\n", rc); 340 goto out; 341 } 342 } 343 } else { 344 rc = ecryptfs_do_readpage(file, page, page->index); 345 if (rc) { 346 printk(KERN_ERR "Error reading page; rc = " 347 "[%d]\n", rc); 348 goto out; 349 } 350 } 351 } else { 352 rc = ecryptfs_decrypt_page(file, page); 353 if (rc) { 354 ecryptfs_printk(KERN_ERR, "Error decrypting page; " 355 "rc = [%d]\n", rc); 356 goto out; 357 } 358 } 359 SetPageUptodate(page); 360 out: 361 if (rc) 362 ClearPageUptodate(page); 363 ecryptfs_printk(KERN_DEBUG, "Unlocking page with index = [0x%.16x]\n", 364 page->index); 365 unlock_page(page); 366 return rc; 367 } 368 369 /** 370 * Called with lower inode mutex held. 371 */ 372 static int fill_zeros_to_end_of_page(struct page *page, unsigned int to) 373 { 374 struct inode *inode = page->mapping->host; 375 int end_byte_in_page; 376 char *page_virt; 377 378 if ((i_size_read(inode) / PAGE_CACHE_SIZE) != page->index) 379 goto out; 380 end_byte_in_page = i_size_read(inode) % PAGE_CACHE_SIZE; 381 if (to > end_byte_in_page) 382 end_byte_in_page = to; 383 page_virt = kmap_atomic(page, KM_USER0); 384 memset((page_virt + end_byte_in_page), 0, 385 (PAGE_CACHE_SIZE - end_byte_in_page)); 386 kunmap_atomic(page_virt, KM_USER0); 387 flush_dcache_page(page); 388 out: 389 return 0; 390 } 391 392 static int ecryptfs_prepare_write(struct file *file, struct page *page, 393 unsigned from, unsigned to) 394 { 395 int rc = 0; 396 397 if (from == 0 && to == PAGE_CACHE_SIZE) 398 goto out; /* If we are writing a full page, it will be 399 up to date. */ 400 if (!PageUptodate(page)) 401 rc = ecryptfs_do_readpage(file, page, page->index); 402 out: 403 return rc; 404 } 405 406 int ecryptfs_writepage_and_release_lower_page(struct page *lower_page, 407 struct inode *lower_inode, 408 struct writeback_control *wbc) 409 { 410 int rc = 0; 411 412 rc = lower_inode->i_mapping->a_ops->writepage(lower_page, wbc); 413 if (rc) { 414 ecryptfs_printk(KERN_ERR, "Error calling lower writepage(); " 415 "rc = [%d]\n", rc); 416 goto out; 417 } 418 lower_inode->i_mtime = lower_inode->i_ctime = CURRENT_TIME; 419 page_cache_release(lower_page); 420 out: 421 return rc; 422 } 423 424 static 425 void ecryptfs_release_lower_page(struct page *lower_page, int page_locked) 426 { 427 if (page_locked) 428 unlock_page(lower_page); 429 page_cache_release(lower_page); 430 } 431 432 /** 433 * ecryptfs_write_inode_size_to_header 434 * 435 * Writes the lower file size to the first 8 bytes of the header. 436 * 437 * Returns zero on success; non-zero on error. 438 */ 439 static int ecryptfs_write_inode_size_to_header(struct file *lower_file, 440 struct inode *lower_inode, 441 struct inode *inode) 442 { 443 int rc = 0; 444 struct page *header_page; 445 char *header_virt; 446 const struct address_space_operations *lower_a_ops; 447 u64 file_size; 448 449 retry: 450 header_page = grab_cache_page(lower_inode->i_mapping, 0); 451 if (!header_page) { 452 ecryptfs_printk(KERN_ERR, "grab_cache_page for " 453 "lower_page_index 0 failed\n"); 454 rc = -EINVAL; 455 goto out; 456 } 457 lower_a_ops = lower_inode->i_mapping->a_ops; 458 rc = lower_a_ops->prepare_write(lower_file, header_page, 0, 8); 459 if (rc) { 460 if (rc == AOP_TRUNCATED_PAGE) { 461 ecryptfs_release_lower_page(header_page, 0); 462 goto retry; 463 } else 464 ecryptfs_release_lower_page(header_page, 1); 465 goto out; 466 } 467 file_size = (u64)i_size_read(inode); 468 ecryptfs_printk(KERN_DEBUG, "Writing size: [0x%.16x]\n", file_size); 469 file_size = cpu_to_be64(file_size); 470 header_virt = kmap_atomic(header_page, KM_USER0); 471 memcpy(header_virt, &file_size, sizeof(u64)); 472 kunmap_atomic(header_virt, KM_USER0); 473 flush_dcache_page(header_page); 474 rc = lower_a_ops->commit_write(lower_file, header_page, 0, 8); 475 if (rc < 0) 476 ecryptfs_printk(KERN_ERR, "Error commiting header page " 477 "write\n"); 478 if (rc == AOP_TRUNCATED_PAGE) { 479 ecryptfs_release_lower_page(header_page, 0); 480 goto retry; 481 } else 482 ecryptfs_release_lower_page(header_page, 1); 483 lower_inode->i_mtime = lower_inode->i_ctime = CURRENT_TIME; 484 mark_inode_dirty_sync(inode); 485 out: 486 return rc; 487 } 488 489 static int ecryptfs_write_inode_size_to_xattr(struct inode *lower_inode, 490 struct inode *inode, 491 struct dentry *ecryptfs_dentry, 492 int lower_i_mutex_held) 493 { 494 ssize_t size; 495 void *xattr_virt; 496 struct dentry *lower_dentry; 497 u64 file_size; 498 int rc; 499 500 xattr_virt = kmem_cache_alloc(ecryptfs_xattr_cache, GFP_KERNEL); 501 if (!xattr_virt) { 502 printk(KERN_ERR "Out of memory whilst attempting to write " 503 "inode size to xattr\n"); 504 rc = -ENOMEM; 505 goto out; 506 } 507 lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry); 508 if (!lower_dentry->d_inode->i_op->getxattr || 509 !lower_dentry->d_inode->i_op->setxattr) { 510 printk(KERN_WARNING 511 "No support for setting xattr in lower filesystem\n"); 512 rc = -ENOSYS; 513 kmem_cache_free(ecryptfs_xattr_cache, xattr_virt); 514 goto out; 515 } 516 if (!lower_i_mutex_held) 517 mutex_lock(&lower_dentry->d_inode->i_mutex); 518 size = lower_dentry->d_inode->i_op->getxattr(lower_dentry, 519 ECRYPTFS_XATTR_NAME, 520 xattr_virt, 521 PAGE_CACHE_SIZE); 522 if (!lower_i_mutex_held) 523 mutex_unlock(&lower_dentry->d_inode->i_mutex); 524 if (size < 0) 525 size = 8; 526 file_size = (u64)i_size_read(inode); 527 file_size = cpu_to_be64(file_size); 528 memcpy(xattr_virt, &file_size, sizeof(u64)); 529 if (!lower_i_mutex_held) 530 mutex_lock(&lower_dentry->d_inode->i_mutex); 531 rc = lower_dentry->d_inode->i_op->setxattr(lower_dentry, 532 ECRYPTFS_XATTR_NAME, 533 xattr_virt, size, 0); 534 if (!lower_i_mutex_held) 535 mutex_unlock(&lower_dentry->d_inode->i_mutex); 536 if (rc) 537 printk(KERN_ERR "Error whilst attempting to write inode size " 538 "to lower file xattr; rc = [%d]\n", rc); 539 kmem_cache_free(ecryptfs_xattr_cache, xattr_virt); 540 out: 541 return rc; 542 } 543 544 int 545 ecryptfs_write_inode_size_to_metadata(struct file *lower_file, 546 struct inode *lower_inode, 547 struct inode *inode, 548 struct dentry *ecryptfs_dentry, 549 int lower_i_mutex_held) 550 { 551 struct ecryptfs_crypt_stat *crypt_stat; 552 553 crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat; 554 if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR) 555 return ecryptfs_write_inode_size_to_xattr(lower_inode, inode, 556 ecryptfs_dentry, 557 lower_i_mutex_held); 558 else 559 return ecryptfs_write_inode_size_to_header(lower_file, 560 lower_inode, 561 inode); 562 } 563 564 int ecryptfs_get_lower_page(struct page **lower_page, struct inode *lower_inode, 565 struct file *lower_file, 566 unsigned long lower_page_index, int byte_offset, 567 int region_bytes) 568 { 569 int rc = 0; 570 571 retry: 572 *lower_page = grab_cache_page(lower_inode->i_mapping, lower_page_index); 573 if (!(*lower_page)) { 574 rc = -EINVAL; 575 ecryptfs_printk(KERN_ERR, "Error attempting to grab " 576 "lower page with index [0x%.16x]\n", 577 lower_page_index); 578 goto out; 579 } 580 rc = lower_inode->i_mapping->a_ops->prepare_write(lower_file, 581 (*lower_page), 582 byte_offset, 583 region_bytes); 584 if (rc) { 585 if (rc == AOP_TRUNCATED_PAGE) { 586 ecryptfs_release_lower_page(*lower_page, 0); 587 goto retry; 588 } else { 589 ecryptfs_printk(KERN_ERR, "prepare_write for " 590 "lower_page_index = [0x%.16x] failed; rc = " 591 "[%d]\n", lower_page_index, rc); 592 ecryptfs_release_lower_page(*lower_page, 1); 593 (*lower_page) = NULL; 594 } 595 } 596 out: 597 return rc; 598 } 599 600 /** 601 * ecryptfs_commit_lower_page 602 * 603 * Returns zero on success; non-zero on error 604 */ 605 int 606 ecryptfs_commit_lower_page(struct page *lower_page, struct inode *lower_inode, 607 struct file *lower_file, int byte_offset, 608 int region_size) 609 { 610 int page_locked = 1; 611 int rc = 0; 612 613 rc = lower_inode->i_mapping->a_ops->commit_write( 614 lower_file, lower_page, byte_offset, region_size); 615 if (rc == AOP_TRUNCATED_PAGE) 616 page_locked = 0; 617 if (rc < 0) { 618 ecryptfs_printk(KERN_ERR, 619 "Error committing write; rc = [%d]\n", rc); 620 } else 621 rc = 0; 622 ecryptfs_release_lower_page(lower_page, page_locked); 623 return rc; 624 } 625 626 /** 627 * ecryptfs_copy_page_to_lower 628 * 629 * Used for plaintext pass-through; no page index interpolation 630 * required. 631 */ 632 int ecryptfs_copy_page_to_lower(struct page *page, struct inode *lower_inode, 633 struct file *lower_file) 634 { 635 int rc = 0; 636 struct page *lower_page; 637 638 rc = ecryptfs_get_lower_page(&lower_page, lower_inode, lower_file, 639 page->index, 0, PAGE_CACHE_SIZE); 640 if (rc) { 641 ecryptfs_printk(KERN_ERR, "Error attempting to get page " 642 "at index [0x%.16x]\n", page->index); 643 goto out; 644 } 645 /* TODO: aops */ 646 memcpy((char *)page_address(lower_page), page_address(page), 647 PAGE_CACHE_SIZE); 648 rc = ecryptfs_commit_lower_page(lower_page, lower_inode, lower_file, 649 0, PAGE_CACHE_SIZE); 650 if (rc) 651 ecryptfs_printk(KERN_ERR, "Error attempting to commit page " 652 "at index [0x%.16x]\n", page->index); 653 out: 654 return rc; 655 } 656 657 struct kmem_cache *ecryptfs_xattr_cache; 658 659 /** 660 * ecryptfs_commit_write 661 * @file: The eCryptfs file object 662 * @page: The eCryptfs page 663 * @from: Ignored (we rotate the page IV on each write) 664 * @to: Ignored 665 * 666 * This is where we encrypt the data and pass the encrypted data to 667 * the lower filesystem. In OpenPGP-compatible mode, we operate on 668 * entire underlying packets. 669 */ 670 static int ecryptfs_commit_write(struct file *file, struct page *page, 671 unsigned from, unsigned to) 672 { 673 struct ecryptfs_page_crypt_context ctx; 674 loff_t pos; 675 struct inode *inode; 676 struct inode *lower_inode; 677 struct file *lower_file; 678 struct ecryptfs_crypt_stat *crypt_stat; 679 int rc; 680 681 inode = page->mapping->host; 682 lower_inode = ecryptfs_inode_to_lower(inode); 683 lower_file = ecryptfs_file_to_lower(file); 684 mutex_lock(&lower_inode->i_mutex); 685 crypt_stat = &ecryptfs_inode_to_private(file->f_path.dentry->d_inode) 686 ->crypt_stat; 687 if (crypt_stat->flags & ECRYPTFS_NEW_FILE) { 688 ecryptfs_printk(KERN_DEBUG, "ECRYPTFS_NEW_FILE flag set in " 689 "crypt_stat at memory location [%p]\n", crypt_stat); 690 crypt_stat->flags &= ~(ECRYPTFS_NEW_FILE); 691 } else 692 ecryptfs_printk(KERN_DEBUG, "Not a new file\n"); 693 ecryptfs_printk(KERN_DEBUG, "Calling fill_zeros_to_end_of_page" 694 "(page w/ index = [0x%.16x], to = [%d])\n", page->index, 695 to); 696 rc = fill_zeros_to_end_of_page(page, to); 697 if (rc) { 698 ecryptfs_printk(KERN_WARNING, "Error attempting to fill " 699 "zeros in page with index = [0x%.16x]\n", 700 page->index); 701 goto out; 702 } 703 ctx.page = page; 704 ctx.mode = ECRYPTFS_PREPARE_COMMIT_MODE; 705 ctx.param.lower_file = lower_file; 706 rc = ecryptfs_encrypt_page(&ctx); 707 if (rc) { 708 ecryptfs_printk(KERN_WARNING, "Error encrypting page (upper " 709 "index [0x%.16x])\n", page->index); 710 goto out; 711 } 712 inode->i_blocks = lower_inode->i_blocks; 713 pos = (page->index << PAGE_CACHE_SHIFT) + to; 714 if (pos > i_size_read(inode)) { 715 i_size_write(inode, pos); 716 ecryptfs_printk(KERN_DEBUG, "Expanded file size to " 717 "[0x%.16x]\n", i_size_read(inode)); 718 } 719 rc = ecryptfs_write_inode_size_to_metadata(lower_file, lower_inode, 720 inode, file->f_dentry, 721 ECRYPTFS_LOWER_I_MUTEX_HELD); 722 if (rc) 723 printk(KERN_ERR "Error writing inode size to metadata; " 724 "rc = [%d]\n", rc); 725 lower_inode->i_mtime = lower_inode->i_ctime = CURRENT_TIME; 726 mark_inode_dirty_sync(inode); 727 out: 728 if (rc < 0) 729 ClearPageUptodate(page); 730 else 731 SetPageUptodate(page); 732 mutex_unlock(&lower_inode->i_mutex); 733 return rc; 734 } 735 736 /** 737 * write_zeros 738 * @file: The ecryptfs file 739 * @index: The index in which we are writing 740 * @start: The position after the last block of data 741 * @num_zeros: The number of zeros to write 742 * 743 * Write a specified number of zero's to a page. 744 * 745 * (start + num_zeros) must be less than or equal to PAGE_CACHE_SIZE 746 */ 747 static 748 int write_zeros(struct file *file, pgoff_t index, int start, int num_zeros) 749 { 750 int rc = 0; 751 struct page *tmp_page; 752 char *tmp_page_virt; 753 754 tmp_page = ecryptfs_get1page(file, index); 755 if (IS_ERR(tmp_page)) { 756 ecryptfs_printk(KERN_ERR, "Error getting page at index " 757 "[0x%.16x]\n", index); 758 rc = PTR_ERR(tmp_page); 759 goto out; 760 } 761 rc = ecryptfs_prepare_write(file, tmp_page, start, start + num_zeros); 762 if (rc) { 763 ecryptfs_printk(KERN_ERR, "Error preparing to write zero's " 764 "to remainder of page at index [0x%.16x]\n", 765 index); 766 page_cache_release(tmp_page); 767 goto out; 768 } 769 tmp_page_virt = kmap_atomic(tmp_page, KM_USER0); 770 memset(((char *)tmp_page_virt + start), 0, num_zeros); 771 kunmap_atomic(tmp_page_virt, KM_USER0); 772 flush_dcache_page(tmp_page); 773 rc = ecryptfs_commit_write(file, tmp_page, start, start + num_zeros); 774 if (rc < 0) { 775 ecryptfs_printk(KERN_ERR, "Error attempting to write zero's " 776 "to remainder of page at index [0x%.16x]\n", 777 index); 778 page_cache_release(tmp_page); 779 goto out; 780 } 781 rc = 0; 782 page_cache_release(tmp_page); 783 out: 784 return rc; 785 } 786 787 static sector_t ecryptfs_bmap(struct address_space *mapping, sector_t block) 788 { 789 int rc = 0; 790 struct inode *inode; 791 struct inode *lower_inode; 792 793 inode = (struct inode *)mapping->host; 794 lower_inode = ecryptfs_inode_to_lower(inode); 795 if (lower_inode->i_mapping->a_ops->bmap) 796 rc = lower_inode->i_mapping->a_ops->bmap(lower_inode->i_mapping, 797 block); 798 return rc; 799 } 800 801 static void ecryptfs_sync_page(struct page *page) 802 { 803 struct inode *inode; 804 struct inode *lower_inode; 805 struct page *lower_page; 806 807 inode = page->mapping->host; 808 lower_inode = ecryptfs_inode_to_lower(inode); 809 /* NOTE: Recently swapped with grab_cache_page(), since 810 * sync_page() just makes sure that pending I/O gets done. */ 811 lower_page = find_lock_page(lower_inode->i_mapping, page->index); 812 if (!lower_page) { 813 ecryptfs_printk(KERN_DEBUG, "find_lock_page failed\n"); 814 return; 815 } 816 lower_page->mapping->a_ops->sync_page(lower_page); 817 ecryptfs_printk(KERN_DEBUG, "Unlocking page with index = [0x%.16x]\n", 818 lower_page->index); 819 unlock_page(lower_page); 820 page_cache_release(lower_page); 821 } 822 823 struct address_space_operations ecryptfs_aops = { 824 .writepage = ecryptfs_writepage, 825 .readpage = ecryptfs_readpage, 826 .prepare_write = ecryptfs_prepare_write, 827 .commit_write = ecryptfs_commit_write, 828 .bmap = ecryptfs_bmap, 829 .sync_page = ecryptfs_sync_page, 830 }; 831