adulau/aha
1
0
Fork 0
mirror of https://github.com/adulau/aha.git synced 2024-12-29 04:06:22 +00:00
Code Issues Projects Releases Packages Wiki Activity

eCryptfs: Fix data corruption when using ecryptfs_passthrough

Browse source 
ecryptfs_passthrough is a mount option that allows eCryptfs to allow
data to be written to non-eCryptfs files in the lower filesystem.  The
passthrough option was causing data corruption due to it not always
being treated as a non-eCryptfs file.

The first 8 bytes of an eCryptfs file contains the decrypted file size.
This value was being written to the non-eCryptfs files, too.  Also,
extra 0x00 characters were being written to make the file size a
multiple of PAGE_CACHE_SIZE.

Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
This commit is contained in:
Tyler Hicks 2009-04-13 15:29:27 -05:00
parent 3a5203ab3c
commit 13a791b4e6
4 changed files with 41 additions and 32 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
fs/ecryptfs/crypto.c
View file

@ -483,15 +483,7 @@ int ecryptfs_encrypt_page(struct page *page)
ecryptfs_inode = page->mapping->host; ecryptfs_inode = page->mapping->host;
crypt_stat = crypt_stat =
&(ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat); &(ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat);
if (!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) { BUG_ON(!(crypt_stat->flags & ECRYPTFS_ENCRYPTED));
rc = ecryptfs_write_lower_page_segment(ecryptfs_inode, page,
0, PAGE_CACHE_SIZE);
if (rc)
printk(KERN_ERR "%s: Error attempting to copy "
"page at index [%ld]\n", __func__,
page->index);
goto out;
}
enc_extent_page = alloc_page(GFP_USER); enc_extent_page = alloc_page(GFP_USER);
if (!enc_extent_page) { if (!enc_extent_page) {
rc = -ENOMEM; rc = -ENOMEM;
@ -620,16 +612,7 @@ int ecryptfs_decrypt_page(struct page *page)
ecryptfs_inode = page->mapping->host; ecryptfs_inode = page->mapping->host;
crypt_stat = crypt_stat =
&(ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat); &(ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat);
if (!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) { BUG_ON(!(crypt_stat->flags & ECRYPTFS_ENCRYPTED));
rc = ecryptfs_read_lower_page_segment(page, page->index, 0,
PAGE_CACHE_SIZE,
ecryptfs_inode);
if (rc)
printk(KERN_ERR "%s: Error attempting to copy "
"page at index [%ld]\n", __func__,
page->index);
goto out;
}
enc_extent_page = alloc_page(GFP_USER); enc_extent_page = alloc_page(GFP_USER);
if (!enc_extent_page) { if (!enc_extent_page) {
rc = -ENOMEM; rc = -ENOMEM;

9
fs/ecryptfs/inode.c
View file

@ -814,6 +814,13 @@ int ecryptfs_truncate(struct dentry *dentry, loff_t new_length)
size_t num_zeros = (PAGE_CACHE_SIZE size_t num_zeros = (PAGE_CACHE_SIZE
- (new_length & ~PAGE_CACHE_MASK)); - (new_length & ~PAGE_CACHE_MASK));
if (!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) {
rc = vmtruncate(inode, new_length);
if (rc)
goto out_free;
rc = vmtruncate(lower_dentry->d_inode, new_length);
goto out_free;
}
if (num_zeros) { if (num_zeros) {
char *zeros_virt; char *zeros_virt;
@ -915,8 +922,6 @@ static int ecryptfs_setattr(struct dentry *dentry, struct iattr *ia)
} }
rc = 0; rc = 0;
crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED); crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
mutex_unlock(&crypt_stat->cs_mutex);
goto out;
} }
} }
mutex_unlock(&crypt_stat->cs_mutex); mutex_unlock(&crypt_stat->cs_mutex);

11
fs/ecryptfs/mmap.c
View file

@ -449,6 +449,7 @@ int ecryptfs_write_inode_size_to_metadata(struct inode *ecryptfs_inode)
struct ecryptfs_crypt_stat *crypt_stat; struct ecryptfs_crypt_stat *crypt_stat;
crypt_stat = &ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat; crypt_stat = &ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat;
BUG_ON(!(crypt_stat->flags & ECRYPTFS_ENCRYPTED));
if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR) if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR)
return ecryptfs_write_inode_size_to_xattr(ecryptfs_inode); return ecryptfs_write_inode_size_to_xattr(ecryptfs_inode);
else else
@ -490,6 +491,16 @@ static int ecryptfs_write_end(struct file *file,
ecryptfs_printk(KERN_DEBUG, "Not a new file\n"); ecryptfs_printk(KERN_DEBUG, "Not a new file\n");
ecryptfs_printk(KERN_DEBUG, "Calling fill_zeros_to_end_of_page" ecryptfs_printk(KERN_DEBUG, "Calling fill_zeros_to_end_of_page"
"(page w/ index = [0x%.16x], to = [%d])\n", index, to); "(page w/ index = [0x%.16x], to = [%d])\n", index, to);
if (!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) {
rc = ecryptfs_write_lower_page_segment(ecryptfs_inode, page, 0,
to);
if (!rc) {
rc = copied;
fsstack_copy_inode_size(ecryptfs_inode,
ecryptfs_inode_to_lower(ecryptfs_inode));
}
goto out;
}
/* Fills in zeros if 'to' goes beyond inode size */ /* Fills in zeros if 'to' goes beyond inode size */
rc = fill_zeros_to_end_of_page(page, to); rc = fill_zeros_to_end_of_page(page, to);
if (rc) { if (rc) {

18
fs/ecryptfs/read_write.c
View file

@ -117,13 +117,15 @@ int ecryptfs_write(struct file *ecryptfs_file, char *data, loff_t offset,
size_t size) size_t size)
{ {
struct page *ecryptfs_page; struct page *ecryptfs_page;
struct ecryptfs_crypt_stat *crypt_stat;
struct inode *ecryptfs_inode = ecryptfs_file->f_dentry->d_inode;
char *ecryptfs_page_virt; char *ecryptfs_page_virt;
loff_t ecryptfs_file_size = loff_t ecryptfs_file_size = i_size_read(ecryptfs_inode);
i_size_read(ecryptfs_file->f_dentry->d_inode);
loff_t data_offset = 0; loff_t data_offset = 0;
loff_t pos; loff_t pos;
int rc = 0; int rc = 0;
crypt_stat = &ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat;
/* /*
* if we are writing beyond current size, then start pos * if we are writing beyond current size, then start pos
* at the current size - we'll fill in zeros from there. * at the current size - we'll fill in zeros from there.
@ -184,7 +186,13 @@ int ecryptfs_write(struct file *ecryptfs_file, char *data, loff_t offset,
flush_dcache_page(ecryptfs_page); flush_dcache_page(ecryptfs_page);
SetPageUptodate(ecryptfs_page); SetPageUptodate(ecryptfs_page);
unlock_page(ecryptfs_page); unlock_page(ecryptfs_page);
if (crypt_stat->flags & ECRYPTFS_ENCRYPTED)
rc = ecryptfs_encrypt_page(ecryptfs_page); rc = ecryptfs_encrypt_page(ecryptfs_page);
else
rc = ecryptfs_write_lower_page_segment(ecryptfs_inode,
ecryptfs_page,
start_offset_in_page,
data_offset);
page_cache_release(ecryptfs_page); page_cache_release(ecryptfs_page);
if (rc) { if (rc) {
printk(KERN_ERR "%s: Error encrypting " printk(KERN_ERR "%s: Error encrypting "
@ -194,9 +202,10 @@ int ecryptfs_write(struct file *ecryptfs_file, char *data, loff_t offset,
pos += num_bytes; pos += num_bytes;
} }
if ((offset + size) > ecryptfs_file_size) { if ((offset + size) > ecryptfs_file_size) {
i_size_write(ecryptfs_file->f_dentry->d_inode, (offset + size)); i_size_write(ecryptfs_inode, (offset + size));
if (crypt_stat->flags & ECRYPTFS_ENCRYPTED) {
rc = ecryptfs_write_inode_size_to_metadata( rc = ecryptfs_write_inode_size_to_metadata(
ecryptfs_file->f_dentry->d_inode); ecryptfs_inode);
if (rc) { if (rc) {
printk(KERN_ERR "Problem with " printk(KERN_ERR "Problem with "
"ecryptfs_write_inode_size_to_metadata; " "ecryptfs_write_inode_size_to_metadata; "
@ -204,6 +213,7 @@ int ecryptfs_write(struct file *ecryptfs_file, char *data, loff_t offset,
goto out; goto out;
} }
} }
}
out: out:
return rc; return rc;
} }