git.openpandora.org / pandora-kernel.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
ecryptfs: don't allow mmap when the lower fs doesn't support it
[pandora-kernel.git] / fs / ecryptfs / file.c
diff --git a/fs/ecryptfs/file.c b/fs/ecryptfs/file.c
index c6ac98c..298f5b2 100644 (file)
--- a/fs/ecryptfs/file.c
+++ b/fs/ecryptfs/file.c
@@ -141,6 +141,61 @@ out:
 
 struct kmem_cache *ecryptfs_file_info_cache;
 
+static int read_or_initialize_metadata(struct dentry *dentry)
+{
+       struct inode *inode = dentry->d_inode;
+       struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
+       struct ecryptfs_crypt_stat *crypt_stat;
+       int rc;
+
+       crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat;
+       mount_crypt_stat = &ecryptfs_superblock_to_private(
+                                               inode->i_sb)->mount_crypt_stat;
+       mutex_lock(&crypt_stat->cs_mutex);
+
+       if (crypt_stat->flags & ECRYPTFS_POLICY_APPLIED &&
+           crypt_stat->flags & ECRYPTFS_KEY_VALID) {
+               rc = 0;
+               goto out;
+       }
+
+       rc = ecryptfs_read_metadata(dentry);
+       if (!rc)
+               goto out;
+
+       if (mount_crypt_stat->flags & ECRYPTFS_PLAINTEXT_PASSTHROUGH_ENABLED) {
+               crypt_stat->flags &= ~(ECRYPTFS_I_SIZE_INITIALIZED
+                                      | ECRYPTFS_ENCRYPTED);
+               rc = 0;
+               goto out;
+       }
+
+       if (!(mount_crypt_stat->flags & ECRYPTFS_XATTR_METADATA_ENABLED) &&
+           !i_size_read(ecryptfs_inode_to_lower(inode))) {
+               rc = ecryptfs_initialize_file(dentry, inode);
+               if (!rc)
+                       goto out;
+       }
+
+       rc = -EIO;
+out:
+       mutex_unlock(&crypt_stat->cs_mutex);
+       return rc;
+}
+
+static int ecryptfs_mmap(struct file *file, struct vm_area_struct *vma)
+{
+       struct file *lower_file = ecryptfs_file_to_lower(file);
+       /*
+        * Don't allow mmap on top of file systems that don't support it
+        * natively.  If FILESYSTEM_MAX_STACK_DEPTH > 2 or ecryptfs
+        * allows recursive mounting, this will need to be extended.
+        */
+       if (!lower_file->f_op->mmap)
+               return -ENODEV;
+       return generic_file_mmap(file, vma);
+}
+
 /**
  * ecryptfs_open
  * @inode: inode speciying file to open
@@ -154,24 +209,12 @@ static int ecryptfs_open(struct inode *inode, struct file *file)
 {
        int rc = 0;
        struct ecryptfs_crypt_stat *crypt_stat = NULL;
-       struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
        struct dentry *ecryptfs_dentry = file->f_path.dentry;
        /* Private value of ecryptfs_dentry allocated in
         * ecryptfs_lookup() */
        struct dentry *lower_dentry;
        struct ecryptfs_file_info *file_info;
 
-       mount_crypt_stat = &ecryptfs_superblock_to_private(
-               ecryptfs_dentry->d_sb)->mount_crypt_stat;
-       if ((mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED)
-           && ((file->f_flags & O_WRONLY) || (file->f_flags & O_RDWR)
-               || (file->f_flags & O_CREAT) || (file->f_flags & O_TRUNC)
-               || (file->f_flags & O_APPEND))) {
-               printk(KERN_WARNING "Mount has encrypted view enabled; "
-                      "files may only be read\n");
-               rc = -EPERM;
-               goto out;
-       }
        /* Released in ecryptfs_release or end of function if failure */
        file_info = kmem_cache_zalloc(ecryptfs_file_info_cache, GFP_KERNEL);
        ecryptfs_set_file_private(file, file_info);
@@ -216,32 +259,9 @@ static int ecryptfs_open(struct inode *inode, struct file *file)
                rc = 0;
                goto out;
        }
-       mutex_lock(&crypt_stat->cs_mutex);
-       if (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED)
-           || !(crypt_stat->flags & ECRYPTFS_KEY_VALID)) {
-               rc = ecryptfs_read_metadata(ecryptfs_dentry);
-               if (rc) {
-                       ecryptfs_printk(KERN_DEBUG,
-                                       "Valid headers not found\n");
-                       if (!(mount_crypt_stat->flags
-                             & ECRYPTFS_PLAINTEXT_PASSTHROUGH_ENABLED)) {
-                               rc = -EIO;
-                               printk(KERN_WARNING "Either the lower file "
-                                      "is not in a valid eCryptfs format, "
-                                      "or the key could not be retrieved. "
-                                      "Plaintext passthrough mode is not "
-                                      "enabled; returning -EIO\n");
-                               mutex_unlock(&crypt_stat->cs_mutex);
-                               goto out_put;
-                       }
-                       rc = 0;
-                       crypt_stat->flags &= ~(ECRYPTFS_I_SIZE_INITIALIZED
-                                              | ECRYPTFS_ENCRYPTED);
-                       mutex_unlock(&crypt_stat->cs_mutex);
-                       goto out;
-               }
-       }
-       mutex_unlock(&crypt_stat->cs_mutex);
+       rc = read_or_initialize_metadata(ecryptfs_dentry);
+       if (rc)
+               goto out_put;
        ecryptfs_printk(KERN_DEBUG, "inode w/ addr = [0x%p], i_ino = "
                        "[0x%.16lx] size: [0x%.16llx]\n", inode, inode->i_ino,
                        (unsigned long long)i_size_read(inode));
@@ -257,8 +277,14 @@ out:
 
 static int ecryptfs_flush(struct file *file, fl_owner_t td)
 {
-       return file->f_mode & FMODE_WRITE
-              ? filemap_write_and_wait(file->f_mapping) : 0;
+       struct file *lower_file = ecryptfs_file_to_lower(file);
+
+       if (lower_file->f_op && lower_file->f_op->flush) {
+               filemap_write_and_wait(file->f_mapping);
+               return lower_file->f_op->flush(lower_file, td);
+       }
+
+       return 0;
 }
 
 static int ecryptfs_release(struct inode *inode, struct file *file)
@@ -272,15 +298,7 @@ static int ecryptfs_release(struct inode *inode, struct file *file)
 static int
 ecryptfs_fsync(struct file *file, loff_t start, loff_t end, int datasync)
 {
-       int rc = 0;
-
-       rc = generic_file_fsync(file, start, end, datasync);
-       if (rc)
-               goto out;
-       rc = vfs_fsync_range(ecryptfs_file_to_lower(file), start, end,
-                            datasync);
-out:
-       return rc;
+       return vfs_fsync(ecryptfs_file_to_lower(file), datasync);
 }
 
 static int ecryptfs_fasync(int fd, struct file *file, int flag)
@@ -302,9 +320,23 @@ ecryptfs_unlocked_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
 
        if (ecryptfs_file_to_private(file))
                lower_file = ecryptfs_file_to_lower(file);
-       if (lower_file && lower_file->f_op && lower_file->f_op->unlocked_ioctl)
+       if (!(lower_file && lower_file->f_op && lower_file->f_op->unlocked_ioctl))
+               return rc;
+
+       switch (cmd) {
+       case FITRIM:
+       case FS_IOC_GETFLAGS:
+       case FS_IOC_SETFLAGS:
+       case FS_IOC_GETVERSION:
+       case FS_IOC_SETVERSION:
                rc = lower_file->f_op->unlocked_ioctl(lower_file, cmd, arg);
-       return rc;
+               fsstack_copy_attr_all(file->f_path.dentry->d_inode,
+                                     lower_file->f_path.dentry->d_inode);
+
+               return rc;
+       default:
+               return rc;
+       }
 }
 
 #ifdef CONFIG_COMPAT
@@ -316,9 +348,23 @@ ecryptfs_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
 
        if (ecryptfs_file_to_private(file))
                lower_file = ecryptfs_file_to_lower(file);
-       if (lower_file && lower_file->f_op && lower_file->f_op->compat_ioctl)
+       if (!(lower_file && lower_file->f_op && lower_file->f_op->compat_ioctl))
+               return rc;
+
+       switch (cmd) {
+       case FITRIM:
+       case FS_IOC32_GETFLAGS:
+       case FS_IOC32_SETFLAGS:
+       case FS_IOC32_GETVERSION:
+       case FS_IOC32_SETVERSION:
                rc = lower_file->f_op->compat_ioctl(lower_file, cmd, arg);
-       return rc;
+               fsstack_copy_attr_all(file->f_path.dentry->d_inode,
+                                     lower_file->f_path.dentry->d_inode);
+
+               return rc;
+       default:
+               return rc;
+       }
 }
 #endif
 
@@ -349,7 +395,7 @@ const struct file_operations ecryptfs_main_fops = {
 #ifdef CONFIG_COMPAT
        .compat_ioctl = ecryptfs_compat_ioctl,
 #endif
-       .mmap = generic_file_mmap,
+       .mmap = ecryptfs_mmap,
        .open = ecryptfs_open,
        .flush = ecryptfs_flush,
        .release = ecryptfs_release,
Pandora Kernel Repository