eCryptfs: Cleanup and optimize ecryptfs_lookup_interpose()
ecryptfs_lookup_interpose() has turned into spaghetti code over the years. This is an effort to clean it up. - Shorten overly descriptive variable names such as ecryptfs_dentry - Simplify gotos and error paths - Create helper function for reading plaintext i_size from metadata It also includes an optimization when reading i_size from the metadata. A complete page-sized kmem_cache_alloc() was being done to read in 16 bytes of metadata. The buffer for that is now statically declared. Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
This commit is contained in:
parent
7a86617e55
commit
778aeb42a7
@ -1201,24 +1201,19 @@ int ecryptfs_cipher_code_to_string(char *str, u8 cipher_code)
|
||||
return rc;
|
||||
}
|
||||
|
||||
int ecryptfs_read_and_validate_header_region(char *data,
|
||||
struct inode *ecryptfs_inode)
|
||||
int ecryptfs_read_and_validate_header_region(struct inode *inode)
|
||||
{
|
||||
struct ecryptfs_crypt_stat *crypt_stat =
|
||||
&(ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat);
|
||||
u8 file_size[ECRYPTFS_SIZE_AND_MARKER_BYTES];
|
||||
u8 *marker = file_size + ECRYPTFS_FILE_SIZE_BYTES;
|
||||
int rc;
|
||||
|
||||
if (crypt_stat->extent_size == 0)
|
||||
crypt_stat->extent_size = ECRYPTFS_DEFAULT_EXTENT_SIZE;
|
||||
rc = ecryptfs_read_lower(data, 0, crypt_stat->extent_size,
|
||||
ecryptfs_inode);
|
||||
if (rc < 0) {
|
||||
printk(KERN_ERR "%s: Error reading header region; rc = [%d]\n",
|
||||
__func__, rc);
|
||||
goto out;
|
||||
}
|
||||
rc = ecryptfs_validate_marker(data + ECRYPTFS_FILE_SIZE_BYTES);
|
||||
out:
|
||||
rc = ecryptfs_read_lower(file_size, 0, ECRYPTFS_SIZE_AND_MARKER_BYTES,
|
||||
inode);
|
||||
if (rc < ECRYPTFS_SIZE_AND_MARKER_BYTES)
|
||||
return rc >= 0 ? -EINVAL : rc;
|
||||
rc = ecryptfs_validate_marker(marker);
|
||||
if (!rc)
|
||||
ecryptfs_i_size_init(file_size, inode);
|
||||
return rc;
|
||||
}
|
||||
|
||||
@ -1562,19 +1557,21 @@ out:
|
||||
return rc;
|
||||
}
|
||||
|
||||
int ecryptfs_read_and_validate_xattr_region(char *page_virt,
|
||||
int ecryptfs_read_and_validate_xattr_region(struct dentry *dentry,
|
||||
struct inode *inode)
|
||||
{
|
||||
u8 file_size[ECRYPTFS_SIZE_AND_MARKER_BYTES];
|
||||
u8 *marker = file_size + ECRYPTFS_FILE_SIZE_BYTES;
|
||||
int rc;
|
||||
|
||||
rc = ecryptfs_read_xattr_region(page_virt, inode);
|
||||
if (rc)
|
||||
goto out;
|
||||
rc = ecryptfs_validate_marker(page_virt + ECRYPTFS_FILE_SIZE_BYTES);
|
||||
if (rc)
|
||||
printk(KERN_WARNING "Valid data found in [%s] xattr, but "
|
||||
"the marker is invalid\n", ECRYPTFS_XATTR_NAME);
|
||||
out:
|
||||
rc = ecryptfs_getxattr_lower(ecryptfs_dentry_to_lower(dentry),
|
||||
ECRYPTFS_XATTR_NAME, file_size,
|
||||
ECRYPTFS_SIZE_AND_MARKER_BYTES);
|
||||
if (rc < ECRYPTFS_SIZE_AND_MARKER_BYTES)
|
||||
return rc >= 0 ? -EINVAL : rc;
|
||||
rc = ecryptfs_validate_marker(marker);
|
||||
if (!rc)
|
||||
ecryptfs_i_size_init(file_size, inode);
|
||||
return rc;
|
||||
}
|
||||
|
||||
|
@ -200,6 +200,8 @@ ecryptfs_get_key_payload_data(struct key *key)
|
||||
#define MAGIC_ECRYPTFS_MARKER 0x3c81b7f5
|
||||
#define MAGIC_ECRYPTFS_MARKER_SIZE_BYTES 8 /* 4*2 */
|
||||
#define ECRYPTFS_FILE_SIZE_BYTES (sizeof(u64))
|
||||
#define ECRYPTFS_SIZE_AND_MARKER_BYTES (ECRYPTFS_FILE_SIZE_BYTES \
|
||||
+ MAGIC_ECRYPTFS_MARKER_SIZE_BYTES)
|
||||
#define ECRYPTFS_DEFAULT_CIPHER "aes"
|
||||
#define ECRYPTFS_DEFAULT_KEY_BYTES 16
|
||||
#define ECRYPTFS_DEFAULT_HASH "md5"
|
||||
@ -659,9 +661,8 @@ int ecryptfs_new_file_context(struct dentry *ecryptfs_dentry);
|
||||
void ecryptfs_write_crypt_stat_flags(char *page_virt,
|
||||
struct ecryptfs_crypt_stat *crypt_stat,
|
||||
size_t *written);
|
||||
int ecryptfs_read_and_validate_header_region(char *data,
|
||||
struct inode *ecryptfs_inode);
|
||||
int ecryptfs_read_and_validate_xattr_region(char *page_virt,
|
||||
int ecryptfs_read_and_validate_header_region(struct inode *inode);
|
||||
int ecryptfs_read_and_validate_xattr_region(struct dentry *dentry,
|
||||
struct inode *inode);
|
||||
u8 ecryptfs_code_for_cipher_string(char *cipher_name, size_t key_bytes);
|
||||
int ecryptfs_cipher_code_to_string(char *str, u8 cipher_code);
|
||||
|
@ -307,105 +307,90 @@ out:
|
||||
return rc;
|
||||
}
|
||||
|
||||
/**
|
||||
* ecryptfs_lookup_interpose - Dentry interposition for a lookup
|
||||
*/
|
||||
static int ecryptfs_lookup_interpose(struct dentry *ecryptfs_dentry,
|
||||
struct dentry *lower_dentry,
|
||||
struct inode *ecryptfs_dir_inode)
|
||||
static int ecryptfs_i_size_read(struct dentry *dentry, struct inode *inode)
|
||||
{
|
||||
struct dentry *lower_dir_dentry;
|
||||
struct vfsmount *lower_mnt;
|
||||
struct inode *inode, *lower_inode;
|
||||
struct ecryptfs_crypt_stat *crypt_stat;
|
||||
char *page_virt = NULL;
|
||||
int put_lower = 0, rc = 0;
|
||||
int rc;
|
||||
|
||||
lower_dir_dentry = lower_dentry->d_parent;
|
||||
lower_mnt = mntget(ecryptfs_dentry_to_lower_mnt(
|
||||
ecryptfs_dentry->d_parent));
|
||||
lower_inode = lower_dentry->d_inode;
|
||||
fsstack_copy_attr_atime(ecryptfs_dir_inode, lower_dir_dentry->d_inode);
|
||||
BUG_ON(!lower_dentry->d_count);
|
||||
ecryptfs_set_dentry_private(ecryptfs_dentry,
|
||||
kmem_cache_alloc(ecryptfs_dentry_info_cache,
|
||||
GFP_KERNEL));
|
||||
if (!ecryptfs_dentry_to_private(ecryptfs_dentry)) {
|
||||
rc = -ENOMEM;
|
||||
printk(KERN_ERR "%s: Out of memory whilst attempting "
|
||||
"to allocate ecryptfs_dentry_info struct\n",
|
||||
__func__);
|
||||
goto out_put;
|
||||
}
|
||||
ecryptfs_set_dentry_lower(ecryptfs_dentry, lower_dentry);
|
||||
ecryptfs_set_dentry_lower_mnt(ecryptfs_dentry, lower_mnt);
|
||||
if (!lower_dentry->d_inode) {
|
||||
/* We want to add because we couldn't find in lower */
|
||||
d_add(ecryptfs_dentry, NULL);
|
||||
goto out;
|
||||
}
|
||||
inode = __ecryptfs_get_inode(lower_inode, ecryptfs_dir_inode->i_sb);
|
||||
if (IS_ERR(inode)) {
|
||||
rc = PTR_ERR(inode);
|
||||
printk(KERN_ERR "%s: Error interposing; rc = [%d]\n",
|
||||
__func__, rc);
|
||||
goto out;
|
||||
}
|
||||
if (!S_ISREG(inode->i_mode)) {
|
||||
if (inode->i_state & I_NEW)
|
||||
unlock_new_inode(inode);
|
||||
d_add(ecryptfs_dentry, inode);
|
||||
goto out;
|
||||
}
|
||||
/* Released in this function */
|
||||
page_virt = kmem_cache_zalloc(ecryptfs_header_cache_2, GFP_USER);
|
||||
if (!page_virt) {
|
||||
printk(KERN_ERR "%s: Cannot kmem_cache_zalloc() a page\n",
|
||||
__func__);
|
||||
rc = -ENOMEM;
|
||||
make_bad_inode(inode);
|
||||
goto out;
|
||||
}
|
||||
rc = ecryptfs_get_lower_file(ecryptfs_dentry, inode);
|
||||
rc = ecryptfs_get_lower_file(dentry, inode);
|
||||
if (rc) {
|
||||
printk(KERN_ERR "%s: Error attempting to initialize "
|
||||
"the lower file for the dentry with name "
|
||||
"[%s]; rc = [%d]\n", __func__,
|
||||
ecryptfs_dentry->d_name.name, rc);
|
||||
make_bad_inode(inode);
|
||||
goto out_free_kmem;
|
||||
dentry->d_name.name, rc);
|
||||
return rc;
|
||||
}
|
||||
put_lower = 1;
|
||||
|
||||
crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat;
|
||||
/* TODO: lock for crypt_stat comparison */
|
||||
if (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED))
|
||||
ecryptfs_set_default_sizes(crypt_stat);
|
||||
rc = ecryptfs_read_and_validate_header_region(page_virt, inode);
|
||||
ecryptfs_set_default_sizes(crypt_stat);
|
||||
|
||||
rc = ecryptfs_read_and_validate_header_region(inode);
|
||||
ecryptfs_put_lower_file(inode);
|
||||
if (rc) {
|
||||
memset(page_virt, 0, PAGE_CACHE_SIZE);
|
||||
rc = ecryptfs_read_and_validate_xattr_region(page_virt,
|
||||
inode);
|
||||
if (rc) {
|
||||
rc = 0;
|
||||
goto unlock_inode;
|
||||
}
|
||||
crypt_stat->flags |= ECRYPTFS_METADATA_IN_XATTR;
|
||||
rc = ecryptfs_read_and_validate_xattr_region(dentry, inode);
|
||||
if (!rc)
|
||||
crypt_stat->flags |= ECRYPTFS_METADATA_IN_XATTR;
|
||||
}
|
||||
ecryptfs_i_size_init(page_virt, inode);
|
||||
unlock_inode:
|
||||
|
||||
/* Must return 0 to allow non-eCryptfs files to be looked up, too */
|
||||
return 0;
|
||||
}
|
||||
|
||||
/**
|
||||
* ecryptfs_lookup_interpose - Dentry interposition for a lookup
|
||||
*/
|
||||
static int ecryptfs_lookup_interpose(struct dentry *dentry,
|
||||
struct dentry *lower_dentry,
|
||||
struct inode *dir_inode)
|
||||
{
|
||||
struct inode *inode, *lower_inode = lower_dentry->d_inode;
|
||||
struct ecryptfs_dentry_info *dentry_info;
|
||||
struct vfsmount *lower_mnt;
|
||||
int rc = 0;
|
||||
|
||||
lower_mnt = mntget(ecryptfs_dentry_to_lower_mnt(dentry->d_parent));
|
||||
fsstack_copy_attr_atime(dir_inode, lower_dentry->d_parent->d_inode);
|
||||
BUG_ON(!lower_dentry->d_count);
|
||||
|
||||
dentry_info = kmem_cache_alloc(ecryptfs_dentry_info_cache, GFP_KERNEL);
|
||||
ecryptfs_set_dentry_private(dentry, dentry_info);
|
||||
if (!dentry_info) {
|
||||
printk(KERN_ERR "%s: Out of memory whilst attempting "
|
||||
"to allocate ecryptfs_dentry_info struct\n",
|
||||
__func__);
|
||||
dput(lower_dentry);
|
||||
mntput(lower_mnt);
|
||||
d_drop(dentry);
|
||||
return -ENOMEM;
|
||||
}
|
||||
ecryptfs_set_dentry_lower(dentry, lower_dentry);
|
||||
ecryptfs_set_dentry_lower_mnt(dentry, lower_mnt);
|
||||
|
||||
if (!lower_dentry->d_inode) {
|
||||
/* We want to add because we couldn't find in lower */
|
||||
d_add(dentry, NULL);
|
||||
return 0;
|
||||
}
|
||||
inode = __ecryptfs_get_inode(lower_inode, dir_inode->i_sb);
|
||||
if (IS_ERR(inode)) {
|
||||
printk(KERN_ERR "%s: Error interposing; rc = [%ld]\n",
|
||||
__func__, PTR_ERR(inode));
|
||||
return PTR_ERR(inode);
|
||||
}
|
||||
if (S_ISREG(inode->i_mode)) {
|
||||
rc = ecryptfs_i_size_read(dentry, inode);
|
||||
if (rc) {
|
||||
make_bad_inode(inode);
|
||||
return rc;
|
||||
}
|
||||
}
|
||||
|
||||
if (inode->i_state & I_NEW)
|
||||
unlock_new_inode(inode);
|
||||
d_add(ecryptfs_dentry, inode);
|
||||
out_free_kmem:
|
||||
kmem_cache_free(ecryptfs_header_cache_2, page_virt);
|
||||
goto out;
|
||||
out_put:
|
||||
dput(lower_dentry);
|
||||
mntput(lower_mnt);
|
||||
d_drop(ecryptfs_dentry);
|
||||
out:
|
||||
if (put_lower)
|
||||
ecryptfs_put_lower_file(inode);
|
||||
d_add(dentry, inode);
|
||||
|
||||
return rc;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user