git://ftp.safe.ca / safe / jmp / linux-2.6 / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
eCryptfs: Clear buffer before reading in metadata xattr
[safe/jmp/linux-2.6] / fs / ecryptfs / main.c
diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c
index 789cf2e..ea2f921 100644 (file)
--- a/fs/ecryptfs/main.c
+++ b/fs/ecryptfs/main.c
@@ -129,11 +129,10 @@ int ecryptfs_init_persistent_file(struct dentry *ecryptfs_dentry)
                lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry);
                rc = ecryptfs_privileged_open(&inode_info->lower_file,
                                              lower_dentry, lower_mnt, cred);
-               if (rc || IS_ERR(inode_info->lower_file)) {
+               if (rc) {
                        printk(KERN_ERR "Error opening lower persistent file "
                               "for lower_dentry [0x%p] and lower_mnt [0x%p]; "
                               "rc = [%d]\n", lower_dentry, lower_mnt, rc);
-                       rc = PTR_ERR(inode_info->lower_file);
                        inode_info->lower_file = NULL;
                }
        }
@@ -190,14 +189,14 @@ int ecryptfs_interpose(struct dentry *lower_dentry, struct dentry *dentry,
                init_special_inode(inode, lower_inode->i_mode,
                                   lower_inode->i_rdev);
        dentry->d_op = &ecryptfs_dops;
+       fsstack_copy_attr_all(inode, lower_inode);
+       /* This size will be overwritten for real files w/ headers and
+        * other metadata */
+       fsstack_copy_inode_size(inode, lower_inode);
        if (flags & ECRYPTFS_INTERPOSE_FLAG_D_ADD)
                d_add(dentry, inode);
        else
                d_instantiate(dentry, inode);
-       fsstack_copy_attr_all(inode, lower_inode, NULL);
-       /* This size will be overwritten for real files w/ headers and
-        * other metadata */
-       fsstack_copy_inode_size(inode, lower_inode);
 out:
        return rc;
 }
@@ -208,7 +207,7 @@ enum { ecryptfs_opt_sig, ecryptfs_opt_ecryptfs_sig,
        ecryptfs_opt_passthrough, ecryptfs_opt_xattr_metadata,
        ecryptfs_opt_encrypted_view, ecryptfs_opt_fnek_sig,
        ecryptfs_opt_fn_cipher, ecryptfs_opt_fn_cipher_key_bytes,
-       ecryptfs_opt_err };
+       ecryptfs_opt_unlink_sigs, ecryptfs_opt_err };
 
 static const match_table_t tokens = {
        {ecryptfs_opt_sig, "sig=%s"},
@@ -222,6 +221,7 @@ static const match_table_t tokens = {
        {ecryptfs_opt_fnek_sig, "ecryptfs_fnek_sig=%s"},
        {ecryptfs_opt_fn_cipher, "ecryptfs_fn_cipher=%s"},
        {ecryptfs_opt_fn_cipher_key_bytes, "ecryptfs_fn_key_bytes=%u"},
+       {ecryptfs_opt_unlink_sigs, "ecryptfs_unlink_sigs"},
        {ecryptfs_opt_err, NULL}
 };
 
@@ -319,7 +319,7 @@ static int ecryptfs_parse_options(struct super_block *sb, char *options)
                case ecryptfs_opt_ecryptfs_sig:
                        sig_src = args[0].from;
                        rc = ecryptfs_add_global_auth_tok(mount_crypt_stat,
-                                                         sig_src);
+                                                         sig_src, 0);
                        if (rc) {
                                printk(KERN_ERR "Error attempting to register "
                                       "global sig; rc = [%d]\n", rc);
@@ -370,7 +370,8 @@ static int ecryptfs_parse_options(struct super_block *sb, char *options)
                                ECRYPTFS_SIG_SIZE_HEX] = '\0';
                        rc = ecryptfs_add_global_auth_tok(
                                mount_crypt_stat,
-                               mount_crypt_stat->global_default_fnek_sig);
+                               mount_crypt_stat->global_default_fnek_sig,
+                               ECRYPTFS_AUTH_TOK_FNEK);
                        if (rc) {
                                printk(KERN_ERR "Error attempting to register "
                                       "global fnek sig [%s]; rc = [%d]\n",
@@ -401,6 +402,9 @@ static int ecryptfs_parse_options(struct super_block *sb, char *options)
                                fn_cipher_key_bytes;
                        fn_cipher_key_bytes_set = 1;
                        break;
+               case ecryptfs_opt_unlink_sigs:
+                       mount_crypt_stat->flags |= ECRYPTFS_UNLINK_SIGS;
+                       break;
                case ecryptfs_opt_err:
                default:
                        printk(KERN_WARNING
@@ -581,8 +585,8 @@ out:
  *                        with as much information as it can before needing
  *                        the lower filesystem.
  * ecryptfs_read_super(): this accesses the lower filesystem and uses
- *                        ecryptfs_interpolate to perform most of the linking
- * ecryptfs_interpolate(): links the lower filesystem into ecryptfs
+ *                        ecryptfs_interpose to perform most of the linking
+ * ecryptfs_interpose(): links the lower filesystem into ecryptfs (inode.c)
  */
 static int ecryptfs_get_sb(struct file_system_type *fs_type, int flags,
                        const char *dev_name, void *raw_data,
@@ -609,9 +613,8 @@ static int ecryptfs_get_sb(struct file_system_type *fs_type, int flags,
        }
        goto out;
 out_abort:
-       dput(sb->s_root);
-       up_write(&sb->s_umount);
-       deactivate_super(sb);
+       dput(sb->s_root); /* aka mnt->mnt_root, as set by get_sb_nodev() */
+       deactivate_locked_super(sb);
 out:
        return rc;
 }
Full containers within linux kernel