提交 9c6043f4 编写于 作者: T Tyler Hicks

eCryptfs: Decrypt pages in-place

When reading in a page, eCryptfs would allocate a helper page, fill it
with encrypted data from the lower filesytem, and then decrypt the data
from the encrypted page and store the result in the eCryptfs page cache
page.

The crypto API supports in-place crypto operations which means that the
allocation of the helper page is unnecessary when decrypting. This patch
gets rid of the unneeded page allocation by reading encrypted data from
the lower filesystem directly into the page cache page. The page cache
page is then decrypted in-place.
Signed-off-by: NTyler Hicks <tyhicks@canonical.com>
上级 28916d1a
...@@ -586,8 +586,7 @@ int ecryptfs_decrypt_page(struct page *page) ...@@ -586,8 +586,7 @@ int ecryptfs_decrypt_page(struct page *page)
{ {
struct inode *ecryptfs_inode; struct inode *ecryptfs_inode;
struct ecryptfs_crypt_stat *crypt_stat; struct ecryptfs_crypt_stat *crypt_stat;
char *enc_extent_virt; char *page_virt;
struct page *enc_extent_page = NULL;
unsigned long extent_offset; unsigned long extent_offset;
loff_t lower_offset; loff_t lower_offset;
int rc = 0; int rc = 0;
...@@ -596,19 +595,12 @@ int ecryptfs_decrypt_page(struct page *page) ...@@ -596,19 +595,12 @@ int ecryptfs_decrypt_page(struct page *page)
crypt_stat = crypt_stat =
&(ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat); &(ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat);
BUG_ON(!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)); BUG_ON(!(crypt_stat->flags & ECRYPTFS_ENCRYPTED));
enc_extent_page = alloc_page(GFP_USER);
if (!enc_extent_page) {
rc = -ENOMEM;
ecryptfs_printk(KERN_ERR, "Error allocating memory for "
"encrypted extent\n");
goto out;
}
lower_offset = lower_offset_for_page(crypt_stat, page); lower_offset = lower_offset_for_page(crypt_stat, page);
enc_extent_virt = kmap(enc_extent_page); page_virt = kmap(page);
rc = ecryptfs_read_lower(enc_extent_virt, lower_offset, PAGE_CACHE_SIZE, rc = ecryptfs_read_lower(page_virt, lower_offset, PAGE_CACHE_SIZE,
ecryptfs_inode); ecryptfs_inode);
kunmap(enc_extent_page); kunmap(page);
if (rc < 0) { if (rc < 0) {
ecryptfs_printk(KERN_ERR, ecryptfs_printk(KERN_ERR,
"Error attempting to read lower page; rc = [%d]\n", "Error attempting to read lower page; rc = [%d]\n",
...@@ -619,7 +611,7 @@ int ecryptfs_decrypt_page(struct page *page) ...@@ -619,7 +611,7 @@ int ecryptfs_decrypt_page(struct page *page)
for (extent_offset = 0; for (extent_offset = 0;
extent_offset < (PAGE_CACHE_SIZE / crypt_stat->extent_size); extent_offset < (PAGE_CACHE_SIZE / crypt_stat->extent_size);
extent_offset++) { extent_offset++) {
rc = ecryptfs_decrypt_extent(page, crypt_stat, enc_extent_page, rc = ecryptfs_decrypt_extent(page, crypt_stat, page,
extent_offset); extent_offset);
if (rc) { if (rc) {
printk(KERN_ERR "%s: Error encrypting extent; " printk(KERN_ERR "%s: Error encrypting extent; "
...@@ -628,9 +620,6 @@ int ecryptfs_decrypt_page(struct page *page) ...@@ -628,9 +620,6 @@ int ecryptfs_decrypt_page(struct page *page)
} }
} }
out: out:
if (enc_extent_page) {
__free_page(enc_extent_page);
}
return rc; return rc;
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册