Re: [PATCH] eCryptfs: support creating plain files

Tyler Hicks <tyhicks@xxxxxxxxxxxxxxxxxx> · Tue, 8 Mar 2011 17:21:57 -0600

On Wed Mar 02, 2011 at 11:09:25AM +0800, Ethan Du <ethan.too@xxxxxxxxx> wrote:
> With ecryptfs_create_plain mount option, newly created file will be
> plain lower fs file
> For those who want to read encrypted files, but want no more encrypted files

Hi Ethan - Lets get the process issues out of the way. The gmail web
client seems to break patches. See Documentation/email-clients.txt for
details. Also, it is a good idea to include the maintainers and project
mailing list in your distribution list to make sure that the right
people see the patch. scripts/get_maintainer.pl works or you can
manually take a look at the MAINTAINERS file.

For the patch itself, I'm not sure that this mount option would get used
by many people, yet would add to the eCryptfs test burden. How do you
see this being used? I can't imagine many users wanting to disable
encrypted file creation at a mount wide level.

I see the usefulness of optionally creating plaintext files at a more
granular level. It has always been a goal to create an eCryptfs
encryption policy language that could define things like, "User tyhicks
uses key with sig deadbeefdeadbeef and aes-128", or "Files with the
svirt_image_t type get encrypted by key with sig feedbeeffeedbeef and
aes-256", or "Files under ~/public receive no encryption".

Another idea that popped up somewhat recently is to have per-mount
read and write keyrings. A process can clear their keyrings if they want
to do things like write plaintext or read ciphertext.

However, I'll need a little more convincing before I see the value of
doing this with a mount option.

Tyler

> 
> Signed-off-by: Ethan.Du <ethan.too@xxxxxxxxx>
> ---
>  fs/ecryptfs/ecryptfs_kernel.h |    1 +
>  fs/ecryptfs/inode.c           |    8 ++++++++
>  fs/ecryptfs/main.c            |    5 +++++
>  fs/ecryptfs/mmap.c            |   33 +++++++++++++++++++++++++--------
>  fs/ecryptfs/super.c           |    2 ++
>  5 files changed, 41 insertions(+), 8 deletions(-)
> 
> diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h
> index e007534..4d0c5c4 100644
> --- a/fs/ecryptfs/ecryptfs_kernel.h
> +++ b/fs/ecryptfs/ecryptfs_kernel.h
> @@ -377,6 +377,7 @@ struct ecryptfs_mount_crypt_stat {
>  #define ECRYPTFS_GLOBAL_ENCFN_USE_MOUNT_FNEK   0x00000020
>  #define ECRYPTFS_GLOBAL_ENCFN_USE_FEK          0x00000040
>  #define ECRYPTFS_GLOBAL_MOUNT_AUTH_TOK_ONLY    0x00000080
> +#define ECRYPTFS_CREATE_PLAIN_FILE             0x00000100
>        u32 flags;
>        struct list_head global_auth_tok_list;
>        struct mutex global_auth_tok_list_mutex;
> diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c
> index b592938..a6ffe89 100644
> --- a/fs/ecryptfs/inode.c
> +++ b/fs/ecryptfs/inode.c
> @@ -174,6 +174,9 @@ static int ecryptfs_initialize_file(struct dentry
> *ecryptfs_dentry)
>  {
>        struct ecryptfs_crypt_stat *crypt_stat =
>                &ecryptfs_inode_to_private(ecryptfs_dentry->d_inode)->crypt_stat;
> +       struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
> +               &ecryptfs_superblock_to_private(ecryptfs_dentry->d_sb)->
> +                       mount_crypt_stat;
>        int rc = 0;
> 
>        if (S_ISDIR(ecryptfs_dentry->d_inode->i_mode)) {
> @@ -182,6 +185,11 @@ static int ecryptfs_initialize_file(struct dentry
> *ecryptfs_dentry)
>                goto out;
>        }
>        crypt_stat->flags |= ECRYPTFS_NEW_FILE;
> +       if (mount_crypt_stat && (mount_crypt_stat->flags
> +                       & ECRYPTFS_CREATE_PLAIN_FILE)) {
> +               crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
> +               goto out;
> +       }
>        ecryptfs_printk(KERN_DEBUG, "Initializing crypto context\n");
>        rc = ecryptfs_new_file_context(ecryptfs_dentry);
>        if (rc) {
> diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c
> index 758323a..ee4e286 100644
> --- a/fs/ecryptfs/main.c
> +++ b/fs/ecryptfs/main.c
> @@ -218,6 +218,7 @@ enum { ecryptfs_opt_sig, ecryptfs_opt_ecryptfs_sig,
>        ecryptfs_opt_encrypted_view, ecryptfs_opt_fnek_sig,
>        ecryptfs_opt_fn_cipher, ecryptfs_opt_fn_cipher_key_bytes,
>        ecryptfs_opt_unlink_sigs, ecryptfs_opt_mount_auth_tok_only,
> +       ecryptfs_opt_create_plain,
>        ecryptfs_opt_err };
> 
>  static const match_table_t tokens = {
> @@ -234,6 +235,7 @@ static const match_table_t tokens = {
>        {ecryptfs_opt_fn_cipher_key_bytes, "ecryptfs_fn_key_bytes=%u"},
>        {ecryptfs_opt_unlink_sigs, "ecryptfs_unlink_sigs"},
>        {ecryptfs_opt_mount_auth_tok_only, "ecryptfs_mount_auth_tok_only"},
> +       {ecryptfs_opt_create_plain, "ecryptfs_create_plain"},
>        {ecryptfs_opt_err, NULL}
>  };
> 
> @@ -421,6 +423,9 @@ static int ecryptfs_parse_options(struct
> ecryptfs_sb_info *sbi, char *options)
>                        mount_crypt_stat->flags |=
>                                ECRYPTFS_GLOBAL_MOUNT_AUTH_TOK_ONLY;
>                        break;
> +               case ecryptfs_opt_create_plain:
> +                       mount_crypt_stat->flags |= ECRYPTFS_CREATE_PLAIN_FILE;
> +                       break;
>                case ecryptfs_opt_err:
>                default:
>                        printk(KERN_WARNING
> diff --git a/fs/ecryptfs/mmap.c b/fs/ecryptfs/mmap.c
> index cc64fca..6c5786b 100644
> --- a/fs/ecryptfs/mmap.c
> +++ b/fs/ecryptfs/mmap.c
> @@ -60,18 +60,35 @@ struct page *ecryptfs_get_locked_page(struct inode
> *inode, loff_t index)
>  */
>  static int ecryptfs_writepage(struct page *page, struct writeback_control *wbc)
>  {
> -       int rc;
> +       struct inode *ecryptfs_inode;
> +       struct ecryptfs_crypt_stat *crypt_stat;
> +       int rc = 0;
> 
> -       rc = ecryptfs_encrypt_page(page);
> -       if (rc) {
> -               ecryptfs_printk(KERN_WARNING, "Error encrypting "
> +       ecryptfs_inode = page->mapping->host;
> +       crypt_stat =
> +               &(ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat);
> +
> +       if (!crypt_stat
> +           || !(crypt_stat->flags & ECRYPTFS_ENCRYPTED)
> +           || (crypt_stat->flags & ECRYPTFS_NEW_FILE)) {
> +               ecryptfs_printk(KERN_DEBUG,
> +                       "Passing through unencrypted page\n");
> +               rc = ecryptfs_write_lower_page_segment(ecryptfs_inode, page,
> +                       0, PAGE_CACHE_SIZE);
> +       } else {
> +               rc = ecryptfs_encrypt_page(page);
> +               if (rc)
> +                       ecryptfs_printk(KERN_ERR, "Error encrypting "
>                                "page (upper index [0x%.16lx])\n", page->index);
> +       }
> +
> +       if (rc)
>                ClearPageUptodate(page);
> -               goto out;
> +       else {
> +               SetPageUptodate(page);
> +               unlock_page(page);
>        }
> -       SetPageUptodate(page);
> -       unlock_page(page);
> -out:
> +
>        return rc;
>  }
> 
> diff --git a/fs/ecryptfs/super.c b/fs/ecryptfs/super.c
> index 3042fe1..dd19570 100644
> --- a/fs/ecryptfs/super.c
> +++ b/fs/ecryptfs/super.c
> @@ -191,6 +191,8 @@ static int ecryptfs_show_options(struct seq_file
> *m, struct vfsmount *mnt)
>                seq_printf(m, ",ecryptfs_unlink_sigs");
>        if (mount_crypt_stat->flags & ECRYPTFS_GLOBAL_MOUNT_AUTH_TOK_ONLY)
>                seq_printf(m, ",ecryptfs_mount_auth_tok_only");
> +       if (mount_crypt_stat->flags & ECRYPTFS_CREATE_PLAIN_FILE)
> +               seq_printf(m, ",ecryptfs_create_plain");
> 
>        return 0;
>  }
> --
> 1.7.2.3
> --
> To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html