eCryptfs: Fix encrypted file name lookup regression

Fixes a regression caused by 21edad32205e97dc7ccb81a85234c77e760364c8 When file name encryption was enabled, ecryptfs_lookup() failed to use the encrypted and encoded version of the upper, plaintext, file name when performing a lookup in the lower file system. This made it impossible to lookup existing encrypted file names and any newly created files would have plaintext file names in the lower file system. https://bugs.launchpad.net/ecryptfs/+bug/623087 Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>

eCryptfs: Fix encrypted file name lookup regression
Fixes a regression caused by 21edad32205e97dc7ccb81a85234c77e760364c8 When file name encryption was enabled, ecryptfs_lookup() failed to use the encrypted and encoded version of the upper, plaintext, file name when performing a lookup in the lower file system. This made it impossible to lookup existing encrypted file names and any newly created files would have plaintext file names in the lower file system. https://bugs.launchpad.net/ecryptfs/+bug/623087 Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
Tyler Hicks
1 parent 7371a38201
Showing 2 changed files with 24 additions and 8 deletions Side-by-side Diff
fs/ecryptfs/crypto.c
fs/ecryptfs/inode.c
@@ -2169,7 +2169,6 @@
 				(ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE
 				 + encoded_name_no_prefix_size);
 			(*encoded_name)[(*encoded_name_size)] = '\0';
-			(*encoded_name_size)++;
 		} else {
 			rc = -EOPNOTSUPP;
 		}
@@ -349,7 +349,7 @@
  
 /**
  * ecryptfs_new_lower_dentry
- * @ename: The name of the new dentry.
+ * @name: The name of the new dentry.
  * @lower_dir_dentry: Parent directory of the new dentry.
  * @nd: nameidata from last lookup.
  *
  
  
  
@@ -386,20 +386,19 @@
  * ecryptfs_lookup_one_lower
  * @ecryptfs_dentry: The eCryptfs dentry that we are looking up
  * @lower_dir_dentry: lower parent directory
+ * @name: lower file name
  *
  * Get the lower dentry from vfs. If lower dentry does not exist yet,
  * create it.
  */
 static struct dentry *
 ecryptfs_lookup_one_lower(struct dentry *ecryptfs_dentry,
-			  struct dentry *lower_dir_dentry)
+			  struct dentry *lower_dir_dentry, struct qstr *name)
 {
 	struct nameidata nd;
 	struct vfsmount *lower_mnt;
-	struct qstr *name;
 	int err;
  
-	name = &ecryptfs_dentry->d_name;
 	lower_mnt = mntget(ecryptfs_dentry_to_lower_mnt(
 				    ecryptfs_dentry->d_parent));
 	err = vfs_path_lookup(lower_dir_dentry, lower_mnt, name->name , 0, &nd);
@@ -434,6 +433,7 @@
 	size_t encrypted_and_encoded_name_size;
 	struct ecryptfs_mount_crypt_stat *mount_crypt_stat = NULL;
 	struct dentry *lower_dir_dentry, *lower_dentry;
+	struct qstr lower_name;
 	int rc = 0;
  
 	ecryptfs_dentry->d_op = &ecryptfs_dops;
  
@@ -444,9 +444,17 @@
 		goto out_d_drop;
 	}
 	lower_dir_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry->d_parent);
-
+	lower_name.name = ecryptfs_dentry->d_name.name;
+	lower_name.len = ecryptfs_dentry->d_name.len;
+	lower_name.hash = ecryptfs_dentry->d_name.hash;
+	if (lower_dir_dentry->d_op && lower_dir_dentry->d_op->d_hash) {
+		rc = lower_dir_dentry->d_op->d_hash(lower_dir_dentry,
+						    &lower_name);
+		if (rc < 0)
+			goto out_d_drop;
+	}
 	lower_dentry = ecryptfs_lookup_one_lower(ecryptfs_dentry,
-						 lower_dir_dentry);
+						 lower_dir_dentry, &lower_name);
 	if (IS_ERR(lower_dentry)) {
 		rc = PTR_ERR(lower_dentry);
 		ecryptfs_printk(KERN_DEBUG, "%s: lookup_one_lower() returned "
  
@@ -471,8 +479,17 @@
 		       "filename; rc = [%d]\n", __func__, rc);
 		goto out_d_drop;
 	}
+	lower_name.name = encrypted_and_encoded_name;
+	lower_name.len = encrypted_and_encoded_name_size;
+	lower_name.hash = full_name_hash(lower_name.name, lower_name.len);
+	if (lower_dir_dentry->d_op && lower_dir_dentry->d_op->d_hash) {
+		rc = lower_dir_dentry->d_op->d_hash(lower_dir_dentry,
+						    &lower_name);
+		if (rc < 0)
+			goto out_d_drop;
+	}
 	lower_dentry = ecryptfs_lookup_one_lower(ecryptfs_dentry,
-						 lower_dir_dentry);
+						 lower_dir_dentry, &lower_name);
 	if (IS_ERR(lower_dentry)) {
 		rc = PTR_ERR(lower_dentry);
 		ecryptfs_printk(KERN_DEBUG, "%s: lookup_one_lower() returned "
...	...	@@ -2169,7 +2169,6 @@
2169	2169	(ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE
2170	2170	+ encoded_name_no_prefix_size);
2171	2171	(encoded_name)[(encoded_name_size)] = '\0';
2172		- (*encoded_name_size)++;
2173	2172	} else {
2174	2173	rc = -EOPNOTSUPP;
2175	2174	}
...	...	@@ -349,7 +349,7 @@
349	349
350	350	/**
351	351	* ecryptfs_new_lower_dentry
352		- * @ename: The name of the new dentry.
	352	+ * @name: The name of the new dentry.
353	353	* @lower_dir_dentry: Parent directory of the new dentry.
354	354	* @nd: nameidata from last lookup.
355	355	*
356	356
357	357
358	358
...	...	@@ -386,20 +386,19 @@
386	386	* ecryptfs_lookup_one_lower
387	387	* @ecryptfs_dentry: The eCryptfs dentry that we are looking up
388	388	* @lower_dir_dentry: lower parent directory
	389	+ * @name: lower file name
389	390	*
390	391	* Get the lower dentry from vfs. If lower dentry does not exist yet,
391	392	* create it.
392	393	*/
393	394	static struct dentry *
394	395	ecryptfs_lookup_one_lower(struct dentry *ecryptfs_dentry,
395		- struct dentry *lower_dir_dentry)
	396	+ struct dentry lower_dir_dentry, struct qstr name)
396	397	{
397	398	struct nameidata nd;
398	399	struct vfsmount *lower_mnt;
399		- struct qstr *name;
400	400	int err;
401	401
402		- name = &ecryptfs_dentry->d_name;
403	402	lower_mnt = mntget(ecryptfs_dentry_to_lower_mnt(
404	403	ecryptfs_dentry->d_parent));
405	404	err = vfs_path_lookup(lower_dir_dentry, lower_mnt, name->name , 0, &nd);
...	...	@@ -434,6 +433,7 @@
434	433	size_t encrypted_and_encoded_name_size;
435	434	struct ecryptfs_mount_crypt_stat *mount_crypt_stat = NULL;
436	435	struct dentry lower_dir_dentry, lower_dentry;
	436	+ struct qstr lower_name;
437	437	int rc = 0;
438	438
439	439	ecryptfs_dentry->d_op = &ecryptfs_dops;
440	440
...	...	@@ -444,9 +444,17 @@
444	444	goto out_d_drop;
445	445	}
446	446	lower_dir_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry->d_parent);
447		-
	447	+ lower_name.name = ecryptfs_dentry->d_name.name;
	448	+ lower_name.len = ecryptfs_dentry->d_name.len;
	449	+ lower_name.hash = ecryptfs_dentry->d_name.hash;
	450	+ if (lower_dir_dentry->d_op && lower_dir_dentry->d_op->d_hash) {
	451	+ rc = lower_dir_dentry->d_op->d_hash(lower_dir_dentry,
	452	+ &lower_name);
	453	+ if (rc < 0)
	454	+ goto out_d_drop;
	455	+ }
448	456	lower_dentry = ecryptfs_lookup_one_lower(ecryptfs_dentry,
449		- lower_dir_dentry);
	457	+ lower_dir_dentry, &lower_name);
450	458	if (IS_ERR(lower_dentry)) {
451	459	rc = PTR_ERR(lower_dentry);
452	460	ecryptfs_printk(KERN_DEBUG, "%s: lookup_one_lower() returned "
453	461
...	...	@@ -471,8 +479,17 @@
471	479	"filename; rc = [%d]\n", __func__, rc);
472	480	goto out_d_drop;
473	481	}
	482	+ lower_name.name = encrypted_and_encoded_name;
	483	+ lower_name.len = encrypted_and_encoded_name_size;
	484	+ lower_name.hash = full_name_hash(lower_name.name, lower_name.len);
	485	+ if (lower_dir_dentry->d_op && lower_dir_dentry->d_op->d_hash) {
	486	+ rc = lower_dir_dentry->d_op->d_hash(lower_dir_dentry,
	487	+ &lower_name);
	488	+ if (rc < 0)
	489	+ goto out_d_drop;
	490	+ }
474	491	lower_dentry = ecryptfs_lookup_one_lower(ecryptfs_dentry,
475		- lower_dir_dentry);
	492	+ lower_dir_dentry, &lower_name);
476	493	if (IS_ERR(lower_dentry)) {
477	494	rc = PTR_ERR(lower_dentry);
478	495	ecryptfs_printk(KERN_DEBUG, "%s: lookup_one_lower() returned "