On Wed Mar 09, 2011 at 10:43:45AM +0800, Ethan Du <ethan.too@xxxxxxxxx> wrote:
> On Wed, Mar 9, 2011 at 7:21 AM, Tyler Hicks <tyhicks@xxxxxxxxxxxxxxxxxx> wrote:
> > On Wed Mar 02, 2011 at 11:09:25AM +0800, Ethan Du <ethan.too@xxxxxxxxx> wrote:
> >> With ecryptfs_create_plain mount option, newly created file will be
> >> plain lower fs file
> >> For those who want to read encrypted files, but want no more encrypted files
> >
> > Hi Ethan - Lets get the process issues out of the way. The gmail web
> > client seems to break patches. See Documentation/email-clients.txt for
> > details. Also, it is a good idea to include the maintainers and project
> > mailing list in your distribution list to make sure that the right
> > people see the patch. scripts/get_maintainer.pl works or you can
> > manually take a look at the MAINTAINERS file.
>
> Thanks for the info. I git-send-email to the mail list
> ecryptfs-devel@xxxxxxxxxxxxxxxxxxxx And then lazily forwarded it to
> here, maybe this is the reason.
ecryptfs-devel is moderated for all non-members, so that's probably to
blame. No worries, though. Just something to keep in mind to make sure
your future patches don't get lost.
>
> >
> > For the patch itself, I'm not sure that this mount option would get used
> > by many people, yet would add to the eCryptfs test burden. How do you
> > see this being used? I can't imagine many users wanting to disable
> > encrypted file creation at a mount wide level.
>
> I think for most users, when they want to disable encryption on a
> mount point, they will copy the files to elsewhere, and then unmount
> ecryptfs, and move them back.
Can you explain why you want to disable encryption on a mount point?
> However, I am on a phone, the internal storage is limited, and I am
> using ecryptfs on external micro SD card, the card could be 8/16/32GB,
> which may be a lot larger then the internal storage.
>
> So I can't do a one time copy. Another option is to convert those
> files one by one, however, even I can do it, if the micro SD card is
> unfortunately full, the process could last for hours, and phone may
> run out of battery. It is still hard to control.
>
> So adding this mount option is the lazy way for me.
>
> >
> > I see the usefulness of optionally creating plaintext files at a more
> > granular level. It has always been a goal to create an eCryptfs
> > encryption policy language that could define things like, "User tyhicks
> > uses key with sig deadbeefdeadbeef and aes-128", or "Files with the
> > svirt_image_t type get encrypted by key with sig feedbeeffeedbeef and
> > aes-256", or "Files under ~/public receive no encryption".
>
> Won't ecryptfs header exist in the lower file in such case?
These decisions would have to be made at file creation time. If the
decision was to not encrypt a file, then no eCryptfs header would be
written out during file creation.
>
> >
> > Another idea that popped up somewhat recently is to have per-mount
> > read and write keyrings. A process can clear their keyrings if they want
> > to do things like write plaintext or read ciphertext.
> >
> > However, I'll need a little more convincing before I see the value of
> > doing this with a mount option.
>
> I've been using the patch for a while, finally decide to send out in
> case someone else has the same requirement.
I really do appreciate you sending it out. I'm just hesitant to add
another mount opt which modifies the eCryptfs read and/or write paths
unless it is something very useful. It isn't easy to remove mount
options after the fact, so I'd rather err on the side of caution until I
hear of some more interest in this feature.
>
> Regards,
> -Ethan
>
> >
> > Tyler
> >
> >>
> >> Signed-off-by: Ethan.Du <ethan.too@xxxxxxxxx>
> >> ---
> >> fs/ecryptfs/ecryptfs_kernel.h | 1 +
> >> fs/ecryptfs/inode.c | 8 ++++++++
> >> fs/ecryptfs/main.c | 5 +++++
> >> fs/ecryptfs/mmap.c | 33 +++++++++++++++++++++++++--------
> >> fs/ecryptfs/super.c | 2 ++
> >> 5 files changed, 41 insertions(+), 8 deletions(-)
> >>
> >> diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h
> >> index e007534..4d0c5c4 100644
> >> --- a/fs/ecryptfs/ecryptfs_kernel.h
> >> +++ b/fs/ecryptfs/ecryptfs_kernel.h
> >> @@ -377,6 +377,7 @@ struct ecryptfs_mount_crypt_stat {
> >> #define ECRYPTFS_GLOBAL_ENCFN_USE_MOUNT_FNEK 0x00000020
> >> #define ECRYPTFS_GLOBAL_ENCFN_USE_FEK 0x00000040
> >> #define ECRYPTFS_GLOBAL_MOUNT_AUTH_TOK_ONLY 0x00000080
> >> +#define ECRYPTFS_CREATE_PLAIN_FILE 0x00000100
> >> u32 flags;
> >> struct list_head global_auth_tok_list;
> >> struct mutex global_auth_tok_list_mutex;
> >> diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c
> >> index b592938..a6ffe89 100644
> >> --- a/fs/ecryptfs/inode.c
> >> +++ b/fs/ecryptfs/inode.c
> >> @@ -174,6 +174,9 @@ static int ecryptfs_initialize_file(struct dentry
> >> *ecryptfs_dentry)
> >> {
> >> struct ecryptfs_crypt_stat *crypt_stat =
> >> &ecryptfs_inode_to_private(ecryptfs_dentry->d_inode)->crypt_stat;
> >> + struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
> >> + &ecryptfs_superblock_to_private(ecryptfs_dentry->d_sb)->
> >> + mount_crypt_stat;
> >> int rc = 0;
> >>
> >> if (S_ISDIR(ecryptfs_dentry->d_inode->i_mode)) {
> >> @@ -182,6 +185,11 @@ static int ecryptfs_initialize_file(struct dentry
> >> *ecryptfs_dentry)
> >> goto out;
> >> }
> >> crypt_stat->flags |= ECRYPTFS_NEW_FILE;
> >> + if (mount_crypt_stat && (mount_crypt_stat->flags
> >> + & ECRYPTFS_CREATE_PLAIN_FILE)) {
> >> + crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
> >> + goto out;
> >> + }
> >> ecryptfs_printk(KERN_DEBUG, "Initializing crypto context\n");
> >> rc = ecryptfs_new_file_context(ecryptfs_dentry);
> >> if (rc) {
> >> diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c
> >> index 758323a..ee4e286 100644
> >> --- a/fs/ecryptfs/main.c
> >> +++ b/fs/ecryptfs/main.c
> >> @@ -218,6 +218,7 @@ enum { ecryptfs_opt_sig, ecryptfs_opt_ecryptfs_sig,
> >> ecryptfs_opt_encrypted_view, ecryptfs_opt_fnek_sig,
> >> ecryptfs_opt_fn_cipher, ecryptfs_opt_fn_cipher_key_bytes,
> >> ecryptfs_opt_unlink_sigs, ecryptfs_opt_mount_auth_tok_only,
> >> + ecryptfs_opt_create_plain,
> >> ecryptfs_opt_err };
> >>
> >> static const match_table_t tokens = {
> >> @@ -234,6 +235,7 @@ static const match_table_t tokens = {
> >> {ecryptfs_opt_fn_cipher_key_bytes, "ecryptfs_fn_key_bytes=%u"},
> >> {ecryptfs_opt_unlink_sigs, "ecryptfs_unlink_sigs"},
> >> {ecryptfs_opt_mount_auth_tok_only, "ecryptfs_mount_auth_tok_only"},
> >> + {ecryptfs_opt_create_plain, "ecryptfs_create_plain"},
> >> {ecryptfs_opt_err, NULL}
> >> };
> >>
> >> @@ -421,6 +423,9 @@ static int ecryptfs_parse_options(struct
> >> ecryptfs_sb_info *sbi, char *options)
> >> mount_crypt_stat->flags |=
> >> ECRYPTFS_GLOBAL_MOUNT_AUTH_TOK_ONLY;
> >> break;
> >> + case ecryptfs_opt_create_plain:
> >> + mount_crypt_stat->flags |= ECRYPTFS_CREATE_PLAIN_FILE;
> >> + break;
> >> case ecryptfs_opt_err:
> >> default:
> >> printk(KERN_WARNING
> >> diff --git a/fs/ecryptfs/mmap.c b/fs/ecryptfs/mmap.c
> >> index cc64fca..6c5786b 100644
> >> --- a/fs/ecryptfs/mmap.c
> >> +++ b/fs/ecryptfs/mmap.c
> >> @@ -60,18 +60,35 @@ struct page *ecryptfs_get_locked_page(struct inode
> >> *inode, loff_t index)
> >> */
> >> static int ecryptfs_writepage(struct page *page, struct writeback_control *wbc)
> >> {
> >> - int rc;
> >> + struct inode *ecryptfs_inode;
> >> + struct ecryptfs_crypt_stat *crypt_stat;
> >> + int rc = 0;
> >>
> >> - rc = ecryptfs_encrypt_page(page);
> >> - if (rc) {
> >> - ecryptfs_printk(KERN_WARNING, "Error encrypting "
> >> + ecryptfs_inode = page->mapping->host;
> >> + crypt_stat =
> >> + &(ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat);
> >> +
> >> + if (!crypt_stat
> >> + || !(crypt_stat->flags & ECRYPTFS_ENCRYPTED)
> >> + || (crypt_stat->flags & ECRYPTFS_NEW_FILE)) {
> >> + ecryptfs_printk(KERN_DEBUG,
> >> + "Passing through unencrypted page\n");
> >> + rc = ecryptfs_write_lower_page_segment(ecryptfs_inode, page,
> >> + 0, PAGE_CACHE_SIZE);
> >> + } else {
> >> + rc = ecryptfs_encrypt_page(page);
> >> + if (rc)
> >> + ecryptfs_printk(KERN_ERR, "Error encrypting "
> >> "page (upper index [0x%.16lx])\n", page->index);
> >> + }
> >> +
> >> + if (rc)
> >> ClearPageUptodate(page);
> >> - goto out;
> >> + else {
> >> + SetPageUptodate(page);
> >> + unlock_page(page);
> >> }
> >> - SetPageUptodate(page);
> >> - unlock_page(page);
> >> -out:
> >> +
> >> return rc;
> >> }
> >>
> >> diff --git a/fs/ecryptfs/super.c b/fs/ecryptfs/super.c
> >> index 3042fe1..dd19570 100644
> >> --- a/fs/ecryptfs/super.c
> >> +++ b/fs/ecryptfs/super.c
> >> @@ -191,6 +191,8 @@ static int ecryptfs_show_options(struct seq_file
> >> *m, struct vfsmount *mnt)
> >> seq_printf(m, ",ecryptfs_unlink_sigs");
> >> if (mount_crypt_stat->flags & ECRYPTFS_GLOBAL_MOUNT_AUTH_TOK_ONLY)
> >> seq_printf(m, ",ecryptfs_mount_auth_tok_only");
> >> + if (mount_crypt_stat->flags & ECRYPTFS_CREATE_PLAIN_FILE)
> >> + seq_printf(m, ",ecryptfs_create_plain");
> >>
> >> return 0;
> >> }
> >> --
> >> 1.7.2.3
> >> --
> >> To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
> >> the body of a message to majordomo@xxxxxxxxxxxxxxx
> >> More majordomo info at http://vger.kernel.org/majordomo-info.html
> >
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
