- ecryptfs-enable-plaintext-passthrough.patch removed from -mm tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The patch titled

     eCryptfs: Enable plaintext passthrough

has been removed from the -mm tree.  Its filename is

     ecryptfs-enable-plaintext-passthrough.patch

This patch was dropped because it was folded into ecryptfs-fs-makefile-and-fs-kconfig.patch

------------------------------------------------------
Subject: eCryptfs: Enable plaintext passthrough
From: Michael Halcrow <mhalcrow@xxxxxxxxxx>

Code that is currently unused in mmap.c can simply pass through unencrypted
data.  This patch adds a mount option to enable that functionality.

Note that, with this patch, one can encrypt a directory full of unencrypted
files by doing something like this for each file:

cp file.txt .file.txt; mv .file.txt file.txt

Signed-off-by: Michael Halcrow <mhalcrow@xxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxx>
---

 fs/ecryptfs/crypto.c          |    4 ---
 fs/ecryptfs/ecryptfs_kernel.h |    5 +++-
 fs/ecryptfs/file.c            |   40 +++++++++++++++++++++++---------
 fs/ecryptfs/inode.c           |    4 +--
 fs/ecryptfs/main.c            |    7 ++++-
 5 files changed, 41 insertions(+), 19 deletions(-)

diff -puN fs/ecryptfs/crypto.c~ecryptfs-enable-plaintext-passthrough fs/ecryptfs/crypto.c
--- a/fs/ecryptfs/crypto.c~ecryptfs-enable-plaintext-passthrough
+++ a/fs/ecryptfs/crypto.c
@@ -1394,8 +1394,6 @@ static int ecryptfs_read_headers_virt(ch
 	offset = ECRYPTFS_FILE_SIZE_BYTES;
 	rc = contains_ecryptfs_marker(page_virt + offset);
 	if (rc == 0) {
-		ecryptfs_printk(KERN_WARNING, "Valid eCryptfs marker not "
-				"found\n");
 		rc = -EINVAL;
 		goto out;
 	}
@@ -1463,8 +1461,6 @@ int ecryptfs_read_headers(struct dentry 
 					    &lower_file->f_pos);
 	set_fs(oldfs);
 	if (bytes_read != ECRYPTFS_DEFAULT_EXTENT_SIZE) {
-		ecryptfs_printk(KERN_ERR, "Expected size of header not read."
-				"Instead [%d] bytes were read\n", bytes_read);
 		rc = -EINVAL;
 		goto out;
 	}
diff -puN fs/ecryptfs/ecryptfs_kernel.h~ecryptfs-enable-plaintext-passthrough fs/ecryptfs/ecryptfs_kernel.h
--- a/fs/ecryptfs/ecryptfs_kernel.h~ecryptfs-enable-plaintext-passthrough
+++ a/fs/ecryptfs/ecryptfs_kernel.h
@@ -42,7 +42,8 @@
 #define ECRYPTFS_VERSIONING_PUBKEY 0x00000002
 #define ECRYPTFS_VERSIONING_PLAINTEXT_PASSTHROUGH 0x00000004
 #define ECRYPTFS_VERSIONING_POLICY 0x00000008
-#define ECRYPTFS_VERSIONING_MASK (ECRYPTFS_VERSIONING_PASSPHRASE)
+#define ECRYPTFS_VERSIONING_MASK (ECRYPTFS_VERSIONING_PASSPHRASE \
+                                  | ECRYPTFS_VERSIONING_PLAINTEXT_PASSTHROUGH)
 
 #define ECRYPTFS_MAX_PASSWORD_LENGTH 64
 #define ECRYPTFS_MAX_PASSPHRASE_BYTES ECRYPTFS_MAX_PASSWORD_LENGTH
@@ -238,6 +239,8 @@ struct ecryptfs_dentry_info {
  */
 struct ecryptfs_mount_crypt_stat {
 	/* Pointers to memory we do not own, do not free these */
+#define ECRYPTFS_PLAINTEXT_PASSTHROUGH_ENABLED 0x00000001
+	u32 flags;
 	struct ecryptfs_auth_tok *global_auth_tok;
 	struct key *global_auth_tok_key;
 	size_t global_default_cipher_key_size;
diff -puN fs/ecryptfs/file.c~ecryptfs-enable-plaintext-passthrough fs/ecryptfs/file.c
--- a/fs/ecryptfs/file.c~ecryptfs-enable-plaintext-passthrough
+++ a/fs/ecryptfs/file.c
@@ -211,6 +211,7 @@ static int ecryptfs_open(struct inode *i
 {
 	int rc = 0;
 	struct ecryptfs_crypt_stat *crypt_stat = NULL;
+	struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
 	struct dentry *ecryptfs_dentry = file->f_dentry;
 	/* Private value of ecryptfs_dentry allocated in
 	 * ecryptfs_lookup() */
@@ -233,6 +234,8 @@ static int ecryptfs_open(struct inode *i
 	memset(file_info, 0, sizeof(*file_info));
 	lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry);
 	crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat;
+	mount_crypt_stat = &ecryptfs_superblock_to_private(
+		ecryptfs_dentry->d_sb)->mount_crypt_stat;
 	mutex_lock(&crypt_stat->cs_mutex);
 	if (!ECRYPTFS_CHECK_FLAG(crypt_stat->flags, ECRYPTFS_POLICY_APPLIED)) {
 		ecryptfs_printk(KERN_DEBUG, "Setting flags for stat...\n");
@@ -267,12 +270,21 @@ static int ecryptfs_open(struct inode *i
 		goto out;
 	}
 	mutex_lock(&crypt_stat->cs_mutex);
-	if (i_size_read(lower_inode) == 0) {
-		ecryptfs_printk(KERN_EMERG, "Zero-length lower file; "
-				"ecryptfs_create() had a problem?\n");
-		rc = -ENOENT;
+	if (i_size_read(lower_inode) < ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE) {
+		if (!(mount_crypt_stat->flags
+		      & ECRYPTFS_PLAINTEXT_PASSTHROUGH_ENABLED)) {
+			rc = -EIO;
+			printk(KERN_WARNING "Attempt to read file that is "
+			       "not in a valid eCryptfs format, and plaintext "
+			       "passthrough mode is not enabled; returning "
+			       "-EIO\n");
+			mutex_unlock(&crypt_stat->cs_mutex);
+			goto out_puts;
+		}
+		crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
+		rc = 0;
 		mutex_unlock(&crypt_stat->cs_mutex);
-		goto out_puts;
+		goto out;
 	} else if (!ECRYPTFS_CHECK_FLAG(crypt_stat->flags,
 					ECRYPTFS_POLICY_APPLIED)
 		   || !ECRYPTFS_CHECK_FLAG(crypt_stat->flags,
@@ -281,15 +293,21 @@ static int ecryptfs_open(struct inode *i
 		if (rc) {
 			ecryptfs_printk(KERN_DEBUG,
 					"Valid headers not found\n");
+			if (!(mount_crypt_stat->flags
+			      & ECRYPTFS_PLAINTEXT_PASSTHROUGH_ENABLED)) {
+				rc = -EIO;
+				printk(KERN_WARNING "Attempt to read file that "
+				       "is not in a valid eCryptfs format, "
+				       "and plaintext passthrough mode is not "
+				       "enabled; returning -EIO\n");
+				mutex_unlock(&crypt_stat->cs_mutex);
+				goto out_puts;
+			}
 			ECRYPTFS_CLEAR_FLAG(crypt_stat->flags,
 					    ECRYPTFS_ENCRYPTED);
-			/* At this point, we could just move on and
-			 * have the encrypted data passed through
-			 * as-is to userspace. For release 0.1, we are
-			 * going to default to -EIO. */
-			rc = -EIO;
+			rc = 0;
 			mutex_unlock(&crypt_stat->cs_mutex);
-			goto out_puts;
+			goto out;
 		}
 	}
 	mutex_unlock(&crypt_stat->cs_mutex);
diff -puN fs/ecryptfs/inode.c~ecryptfs-enable-plaintext-passthrough fs/ecryptfs/inode.c
--- a/fs/ecryptfs/inode.c~ecryptfs-enable-plaintext-passthrough
+++ a/fs/ecryptfs/inode.c
@@ -436,8 +436,8 @@ static struct dentry *ecryptfs_lookup(st
 	} else {
 		if (!contains_ecryptfs_marker(page_virt
 					      + ECRYPTFS_FILE_SIZE_BYTES)) {
-			ecryptfs_printk(KERN_WARNING, "Underlying file "
-					"lacks recognizable eCryptfs marker\n");
+			kmem_cache_free(ecryptfs_header_cache_2, page_virt);
+			goto out;
 		}
 		memcpy(&file_size, page_virt, sizeof(file_size));
 		file_size = be64_to_cpu(file_size);
diff -puN fs/ecryptfs/main.c~ecryptfs-enable-plaintext-passthrough fs/ecryptfs/main.c
--- a/fs/ecryptfs/main.c~ecryptfs-enable-plaintext-passthrough
+++ a/fs/ecryptfs/main.c
@@ -126,7 +126,7 @@ out:
 enum { ecryptfs_opt_sig, ecryptfs_opt_ecryptfs_sig, ecryptfs_opt_debug,
        ecryptfs_opt_ecryptfs_debug, ecryptfs_opt_cipher,
        ecryptfs_opt_ecryptfs_cipher, ecryptfs_opt_ecryptfs_key_bytes,
-       ecryptfs_opt_err };
+       ecryptfs_opt_passthrough, ecryptfs_opt_err };
 
 static match_table_t tokens = {
 	{ecryptfs_opt_sig, "sig=%s"},
@@ -136,6 +136,7 @@ static match_table_t tokens = {
 	{ecryptfs_opt_cipher, "cipher=%s"},
 	{ecryptfs_opt_ecryptfs_cipher, "ecryptfs_cipher=%s"},
 	{ecryptfs_opt_ecryptfs_key_bytes, "ecryptfs_key_bytes=%u"},
+	{ecryptfs_opt_passthrough, "ecryptfs_passthrough"},
 	{ecryptfs_opt_err, NULL}
 };
 
@@ -273,6 +274,10 @@ static int ecryptfs_parse_options(struct
 					global_default_cipher_key_size);
 			cipher_key_bytes_set = 1;
 			break;
+		case ecryptfs_opt_passthrough:
+			mount_crypt_stat->flags |=
+				ECRYPTFS_PLAINTEXT_PASSTHROUGH_ENABLED;
+			break;
 		case ecryptfs_opt_err:
 		default:
 			ecryptfs_printk(KERN_WARNING,
_

Patches currently in -mm which might be from mhalcrow@xxxxxxxxxx are

origin.patch
ecryptfs-fs-makefile-and-fs-kconfig.patch
ecryptfs-enable-plaintext-passthrough.patch

-
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Kernel Newbies FAQ]     [Kernel Archive]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [Bugtraq]     [Photo]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]

  Powered by Linux