eCryptfs: Handle failed metadata read in lookup

[linux-flexiantxendom0-natty.git] / fs / ecryptfs / crypto.c

diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c
index ea2afd2..97b0a86 100644 (file)
--- a/fs/ecryptfs/crypto.c
+++ b/fs/ecryptfs/crypto.c
@@ -33,6 +33,7 @@
 #include <linux/crypto.h>
 #include <linux/file.h>
 #include <linux/scatterlist.h>
+#include <linux/slab.h>
 #include <asm/unaligned.h>
 #include "ecryptfs_kernel.h"
 
@@ -245,13 +246,11 @@ void ecryptfs_destroy_crypt_stat(struct ecryptfs_crypt_stat *crypt_stat)
                crypto_free_blkcipher(crypt_stat->tfm);
        if (crypt_stat->hash_tfm)
                crypto_free_hash(crypt_stat->hash_tfm);
-       mutex_lock(&crypt_stat->keysig_list_mutex);
        list_for_each_entry_safe(key_sig, key_sig_tmp,
                                 &crypt_stat->keysig_list, crypt_stat_list) {
                list_del(&key_sig->crypt_stat_list);
                kmem_cache_free(ecryptfs_key_sig_cache, key_sig);
        }
-       mutex_unlock(&crypt_stat->keysig_list_mutex);
        memset(crypt_stat, 0, sizeof(struct ecryptfs_crypt_stat));
 }
 
@@ -349,7 +348,7 @@ static int encrypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat,
        BUG_ON(!crypt_stat || !crypt_stat->tfm
               || !(crypt_stat->flags & ECRYPTFS_STRUCT_INITIALIZED));
        if (unlikely(ecryptfs_verbosity > 0)) {
-               ecryptfs_printk(KERN_DEBUG, "Key size [%d]; key:\n",
+               ecryptfs_printk(KERN_DEBUG, "Key size [%zd]; key:\n",
                                crypt_stat->key_size);
                ecryptfs_dump_hex(crypt_stat->key,
                                  crypt_stat->key_size);
@@ -383,8 +382,8 @@ out:
 static void ecryptfs_lower_offset_for_extent(loff_t *offset, loff_t extent_num,
                                             struct ecryptfs_crypt_stat *crypt_stat)
 {
-       (*offset) = (crypt_stat->num_header_bytes_at_front
-                    + (crypt_stat->extent_size * extent_num));
+       (*offset) = ecryptfs_lower_header_size(crypt_stat)
+                   + (crypt_stat->extent_size * extent_num);
 }
 
 /**
@@ -414,10 +413,9 @@ static int ecryptfs_encrypt_extent(struct page *enc_extent_page,
        rc = ecryptfs_derive_iv(extent_iv, crypt_stat,
                                (extent_base + extent_offset));
        if (rc) {
-               ecryptfs_printk(KERN_ERR, "Error attempting to "
-                               "derive IV for extent [0x%.16x]; "
-                               "rc = [%d]\n", (extent_base + extent_offset),
-                               rc);
+               ecryptfs_printk(KERN_ERR, "Error attempting to derive IV for "
+                       "extent [0x%.16llx]; rc = [%d]\n",
+                       (unsigned long long)(extent_base + extent_offset), rc);
                goto out;
        }
        if (unlikely(ecryptfs_verbosity > 0)) {
@@ -444,9 +442,9 @@ static int ecryptfs_encrypt_extent(struct page *enc_extent_page,
        }
        rc = 0;
        if (unlikely(ecryptfs_verbosity > 0)) {
-               ecryptfs_printk(KERN_DEBUG, "Encrypt extent [0x%.16x]; "
-                               "rc = [%d]\n", (extent_base + extent_offset),
-                               rc);
+               ecryptfs_printk(KERN_DEBUG, "Encrypt extent [0x%.16llx]; "
+                       "rc = [%d]\n",
+                       (unsigned long long)(extent_base + extent_offset), rc);
                ecryptfs_printk(KERN_DEBUG, "First 8 bytes after "
                                "encryption:\n");
                ecryptfs_dump_hex((char *)(page_address(enc_extent_page)), 8);
@@ -483,15 +481,7 @@ int ecryptfs_encrypt_page(struct page *page)
        ecryptfs_inode = page->mapping->host;
        crypt_stat =
                &(ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat);
-       if (!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) {
-               rc = ecryptfs_write_lower_page_segment(ecryptfs_inode, page,
-                                                      0, PAGE_CACHE_SIZE);
-               if (rc)
-                       printk(KERN_ERR "%s: Error attempting to copy "
-                              "page at index [%ld]\n", __func__,
-                              page->index);
-               goto out;
-       }
+       BUG_ON(!(crypt_stat->flags & ECRYPTFS_ENCRYPTED));
        enc_extent_page = alloc_page(GFP_USER);
        if (!enc_extent_page) {
                rc = -ENOMEM;
@@ -519,13 +509,14 @@ int ecryptfs_encrypt_page(struct page *page)
                                  + extent_offset), crypt_stat);
                rc = ecryptfs_write_lower(ecryptfs_inode, enc_extent_virt,
                                          offset, crypt_stat->extent_size);
-               if (rc) {
+               if (rc < 0) {
                        ecryptfs_printk(KERN_ERR, "Error attempting "
                                        "to write lower page; rc = [%d]"
                                        "\n", rc);
                        goto out;
                }
        }
+       rc = 0;
 out:
        if (enc_extent_page) {
                kunmap(enc_extent_page);
@@ -548,10 +539,9 @@ static int ecryptfs_decrypt_extent(struct page *page,
        rc = ecryptfs_derive_iv(extent_iv, crypt_stat,
                                (extent_base + extent_offset));
        if (rc) {
-               ecryptfs_printk(KERN_ERR, "Error attempting to "
-                               "derive IV for extent [0x%.16x]; "
-                               "rc = [%d]\n", (extent_base + extent_offset),
-                               rc);
+               ecryptfs_printk(KERN_ERR, "Error attempting to derive IV for "
+                       "extent [0x%.16llx]; rc = [%d]\n",
+                       (unsigned long long)(extent_base + extent_offset), rc);
                goto out;
        }
        if (unlikely(ecryptfs_verbosity > 0)) {
@@ -579,9 +569,9 @@ static int ecryptfs_decrypt_extent(struct page *page,
        }
        rc = 0;
        if (unlikely(ecryptfs_verbosity > 0)) {
-               ecryptfs_printk(KERN_DEBUG, "Decrypt extent [0x%.16x]; "
-                               "rc = [%d]\n", (extent_base + extent_offset),
-                               rc);
+               ecryptfs_printk(KERN_DEBUG, "Decrypt extent [0x%.16llx]; "
+                       "rc = [%d]\n",
+                       (unsigned long long)(extent_base + extent_offset), rc);
                ecryptfs_printk(KERN_DEBUG, "First 8 bytes after "
                                "decryption:\n");
                ecryptfs_dump_hex((char *)(page_address(page)
@@ -620,16 +610,7 @@ int ecryptfs_decrypt_page(struct page *page)
        ecryptfs_inode = page->mapping->host;
        crypt_stat =
                &(ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat);
-       if (!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) {
-               rc = ecryptfs_read_lower_page_segment(page, page->index, 0,
-                                                     PAGE_CACHE_SIZE,
-                                                     ecryptfs_inode);
-               if (rc)
-                       printk(KERN_ERR "%s: Error attempting to copy "
-                              "page at index [%ld]\n", __func__,
-                              page->index);
-               goto out;
-       }
+       BUG_ON(!(crypt_stat->flags & ECRYPTFS_ENCRYPTED));
        enc_extent_page = alloc_page(GFP_USER);
        if (!enc_extent_page) {
                rc = -ENOMEM;
@@ -650,7 +631,7 @@ int ecryptfs_decrypt_page(struct page *page)
                rc = ecryptfs_read_lower(enc_extent_virt, offset,
                                         crypt_stat->extent_size,
                                         ecryptfs_inode);
-               if (rc) {
+               if (rc < 0) {
                        ecryptfs_printk(KERN_ERR, "Error attempting "
                                        "to read lower page; rc = [%d]"
                                        "\n", rc);
@@ -779,7 +760,7 @@ ecryptfs_decrypt_page_offset(struct ecryptfs_crypt_stat *crypt_stat,
 
 /**
  * ecryptfs_init_crypt_ctx
- * @crypt_stat: Uninitilized crypt stats structure
+ * @crypt_stat: Uninitialized crypt stats structure
  *
  * Initialize the crypto context.
  *
@@ -797,7 +778,7 @@ int ecryptfs_init_crypt_ctx(struct ecryptfs_crypt_stat *crypt_stat)
        }
        ecryptfs_printk(KERN_DEBUG,
                        "Initializing cipher [%s]; strlen = [%d]; "
-                       "key_size_bits = [%d]\n",
+                       "key_size_bits = [%zd]\n",
                        crypt_stat->cipher, (int)strlen(crypt_stat->cipher),
                        crypt_stat->key_size << 3);
        if (crypt_stat->tfm) {
@@ -814,6 +795,7 @@ int ecryptfs_init_crypt_ctx(struct ecryptfs_crypt_stat *crypt_stat)
        kfree(full_alg_name);
        if (IS_ERR(crypt_stat->tfm)) {
                rc = PTR_ERR(crypt_stat->tfm);
+               crypt_stat->tfm = NULL;
                ecryptfs_printk(KERN_ERR, "cryptfs: init_crypt_ctx(): "
                                "Error initializing cipher [%s]\n",
                                crypt_stat->cipher);
@@ -851,13 +833,13 @@ void ecryptfs_set_default_sizes(struct ecryptfs_crypt_stat *crypt_stat)
        set_extent_mask_and_shift(crypt_stat);
        crypt_stat->iv_bytes = ECRYPTFS_DEFAULT_IV_BYTES;
        if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR)
-               crypt_stat->num_header_bytes_at_front = 0;
+               crypt_stat->metadata_size = ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE;
        else {
                if (PAGE_CACHE_SIZE <= ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE)
-                       crypt_stat->num_header_bytes_at_front =
+                       crypt_stat->metadata_size =
                                ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE;
                else
-                       crypt_stat->num_header_bytes_at_front = PAGE_CACHE_SIZE;
+                       crypt_stat->metadata_size = PAGE_CACHE_SIZE;
        }
 }
 
@@ -942,20 +924,24 @@ static int ecryptfs_copy_mount_wide_sigs_to_inode_sigs(
        struct ecryptfs_global_auth_tok *global_auth_tok;
        int rc = 0;
 
+       mutex_lock(&crypt_stat->keysig_list_mutex);
        mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex);
+
        list_for_each_entry(global_auth_tok,
                            &mount_crypt_stat->global_auth_tok_list,
                            mount_crypt_stat_list) {
+               if (global_auth_tok->flags & ECRYPTFS_AUTH_TOK_FNEK)
+                       continue;
                rc = ecryptfs_add_keysig(crypt_stat, global_auth_tok->sig);
                if (rc) {
                        printk(KERN_ERR "Error adding keysig; rc = [%d]\n", rc);
-                       mutex_unlock(
-                               &mount_crypt_stat->global_auth_tok_list_mutex);
                        goto out;
                }
        }
-       mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex);
+
 out:
+       mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex);
+       mutex_unlock(&crypt_stat->keysig_list_mutex);
        return rc;
 }
 
@@ -1120,9 +1106,9 @@ static void write_ecryptfs_marker(char *page_virt, size_t *written)
        (*written) = MAGIC_ECRYPTFS_MARKER_SIZE_BYTES;
 }
 
-static void
-write_ecryptfs_flags(char *page_virt, struct ecryptfs_crypt_stat *crypt_stat,
-                    size_t *written)
+void ecryptfs_write_crypt_stat_flags(char *page_virt,
+                                    struct ecryptfs_crypt_stat *crypt_stat,
+                                    size_t *written)
 {
        u32 flags = 0;
        int i;
@@ -1227,14 +1213,15 @@ int ecryptfs_read_and_validate_header_region(char *data,
                crypt_stat->extent_size = ECRYPTFS_DEFAULT_EXTENT_SIZE;
        rc = ecryptfs_read_lower(data, 0, crypt_stat->extent_size,
                                 ecryptfs_inode);
-       if (rc) {
+       if (rc < 0) {
                printk(KERN_ERR "%s: Error reading header region; rc = [%d]\n",
                       __func__, rc);
                goto out;
        }
        if (!contains_ecryptfs_marker(data + ECRYPTFS_FILE_SIZE_BYTES)) {
                rc = -EINVAL;
-       }
+       } else
+               rc = 0;
 out:
        return rc;
 }
@@ -1249,8 +1236,7 @@ ecryptfs_write_header_metadata(char *virt,
 
        header_extent_size = (u32)crypt_stat->extent_size;
        num_header_extents_at_front =
-               (u16)(crypt_stat->num_header_bytes_at_front
-                     / crypt_stat->extent_size);
+               (u16)(crypt_stat->metadata_size / crypt_stat->extent_size);
        put_unaligned_be32(header_extent_size, virt);
        virt += 4;
        put_unaligned_be16(num_header_extents_at_front, virt);
@@ -1303,7 +1289,8 @@ static int ecryptfs_write_headers_virt(char *page_virt, size_t max,
        offset = ECRYPTFS_FILE_SIZE_BYTES;
        write_ecryptfs_marker((page_virt + offset), &written);
        offset += written;
-       write_ecryptfs_flags((page_virt + offset), crypt_stat, &written);
+       ecryptfs_write_crypt_stat_flags((page_virt + offset), crypt_stat,
+                                       &written);
        offset += written;
        ecryptfs_write_header_metadata((page_virt + offset), crypt_stat,
                                       &written);
@@ -1322,24 +1309,23 @@ static int ecryptfs_write_headers_virt(char *page_virt, size_t max,
 }
 
 static int
-ecryptfs_write_metadata_to_contents(struct ecryptfs_crypt_stat *crypt_stat,
-                                   struct dentry *ecryptfs_dentry,
-                                   char *virt)
+ecryptfs_write_metadata_to_contents(struct dentry *ecryptfs_dentry,
+                                   char *virt, size_t virt_len)
 {
        int rc;
 
        rc = ecryptfs_write_lower(ecryptfs_dentry->d_inode, virt,
-                                 0, crypt_stat->num_header_bytes_at_front);
-       if (rc)
+                                 0, virt_len);
+       if (rc < 0)
                printk(KERN_ERR "%s: Error attempting to write header "
-                      "information to lower file; rc = [%d]\n", __func__,
-                      rc);
+                      "information to lower file; rc = [%d]\n", __func__, rc);
+       else
+               rc = 0;
        return rc;
 }
 
 static int
 ecryptfs_write_metadata_to_xattr(struct dentry *ecryptfs_dentry,
-                                struct ecryptfs_crypt_stat *crypt_stat,
                                 char *page_virt, size_t size)
 {
        int rc;
@@ -1349,6 +1335,17 @@ ecryptfs_write_metadata_to_xattr(struct dentry *ecryptfs_dentry,
        return rc;
 }
 
+static unsigned long ecryptfs_get_zeroed_pages(gfp_t gfp_mask,
+                                              unsigned int order)
+{
+       struct page *page;
+
+       page = alloc_pages(gfp_mask | __GFP_ZERO, order);
+       if (page)
+               return (unsigned long) page_address(page);
+       return 0;
+}
+
 /**
  * ecryptfs_write_metadata
  * @ecryptfs_dentry: The eCryptfs dentry
@@ -1365,7 +1362,9 @@ int ecryptfs_write_metadata(struct dentry *ecryptfs_dentry)
 {
        struct ecryptfs_crypt_stat *crypt_stat =
                &ecryptfs_inode_to_private(ecryptfs_dentry->d_inode)->crypt_stat;
+       unsigned int order;
        char *virt;
+       size_t virt_len;
        size_t size = 0;
        int rc = 0;
 
@@ -1381,33 +1380,35 @@ int ecryptfs_write_metadata(struct dentry *ecryptfs_dentry)
                rc = -EINVAL;
                goto out;
        }
+       virt_len = crypt_stat->metadata_size;
+       order = get_order(virt_len);
        /* Released in this function */
-       virt = (char *)get_zeroed_page(GFP_KERNEL);
+       virt = (char *)ecryptfs_get_zeroed_pages(GFP_KERNEL, order);
        if (!virt) {
                printk(KERN_ERR "%s: Out of memory\n", __func__);
                rc = -ENOMEM;
                goto out;
        }
-       rc = ecryptfs_write_headers_virt(virt, PAGE_CACHE_SIZE, &size,
-                                        crypt_stat, ecryptfs_dentry);
+       rc = ecryptfs_write_headers_virt(virt, virt_len, &size, crypt_stat,
+                                        ecryptfs_dentry);
        if (unlikely(rc)) {
                printk(KERN_ERR "%s: Error whilst writing headers; rc = [%d]\n",
                       __func__, rc);
                goto out_free;
        }
        if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR)
-               rc = ecryptfs_write_metadata_to_xattr(ecryptfs_dentry,
-                                                     crypt_stat, virt, size);
+               rc = ecryptfs_write_metadata_to_xattr(ecryptfs_dentry, virt,
+                                                     size);
        else
-               rc = ecryptfs_write_metadata_to_contents(crypt_stat,
-                                                        ecryptfs_dentry, virt);
+               rc = ecryptfs_write_metadata_to_contents(ecryptfs_dentry, virt,
+                                                        virt_len);
        if (rc) {
                printk(KERN_ERR "%s: Error writing metadata out to lower file; "
                       "rc = [%d]\n", __func__, rc);
                goto out_free;
        }
 out_free:
-       free_page((unsigned long)virt);
+       free_pages((unsigned long)virt, order);
 out:
        return rc;
 }
@@ -1425,16 +1426,15 @@ static int parse_header_metadata(struct ecryptfs_crypt_stat *crypt_stat,
        header_extent_size = get_unaligned_be32(virt);
        virt += sizeof(__be32);
        num_header_extents_at_front = get_unaligned_be16(virt);
-       crypt_stat->num_header_bytes_at_front =
-               (((size_t)num_header_extents_at_front
-                 * (size_t)header_extent_size));
+       crypt_stat->metadata_size = (((size_t)num_header_extents_at_front
+                                    * (size_t)header_extent_size));
        (*bytes_read) = (sizeof(__be32) + sizeof(__be16));
        if ((validate_header_size == ECRYPTFS_VALIDATE_HEADER_SIZE)
-           && (crypt_stat->num_header_bytes_at_front
+           && (crypt_stat->metadata_size
                < ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE)) {
                rc = -EINVAL;
                printk(KERN_WARNING "Invalid header size: [%zd]\n",
-                      crypt_stat->num_header_bytes_at_front);
+                      crypt_stat->metadata_size);
        }
        return rc;
 }
@@ -1449,8 +1449,26 @@ static int parse_header_metadata(struct ecryptfs_crypt_stat *crypt_stat,
  */
 static void set_default_header_data(struct ecryptfs_crypt_stat *crypt_stat)
 {
-       crypt_stat->num_header_bytes_at_front =
-               ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE;
+       crypt_stat->metadata_size = ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE;
+}
+
+void ecryptfs_i_size_init(const char *page_virt, struct inode *inode)
+{
+       struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
+       struct ecryptfs_crypt_stat *crypt_stat;
+       u64 file_size;
+
+       crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat;
+       mount_crypt_stat =
+               &ecryptfs_superblock_to_private(inode->i_sb)->mount_crypt_stat;
+       if (mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED) {
+               file_size = i_size_read(ecryptfs_inode_to_lower(inode));
+               if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR)
+                       file_size += crypt_stat->metadata_size;
+       } else
+               file_size = get_unaligned_be64(page_virt);
+       i_size_write(inode, (loff_t)file_size);
+       crypt_stat->flags |= ECRYPTFS_I_SIZE_INITIALIZED;
 }
 
 /**
@@ -1483,6 +1501,8 @@ static int ecryptfs_read_headers_virt(char *page_virt,
                rc = -EINVAL;
                goto out;
        }
+       if (!(crypt_stat->flags & ECRYPTFS_I_SIZE_INITIALIZED))
+               ecryptfs_i_size_init(page_virt, ecryptfs_dentry->d_inode);
        offset += MAGIC_ECRYPTFS_MARKER_SIZE_BYTES;
        rc = ecryptfs_process_flags(crypt_stat, (page_virt + offset),
                                    &bytes_read);
@@ -1599,11 +1619,12 @@ int ecryptfs_read_metadata(struct dentry *ecryptfs_dentry)
        }
        rc = ecryptfs_read_lower(page_virt, 0, crypt_stat->extent_size,
                                 ecryptfs_inode);
-       if (!rc)
+       if (rc >= 0)
                rc = ecryptfs_read_headers_virt(page_virt, crypt_stat,
                                                ecryptfs_dentry,
                                                ECRYPTFS_VALIDATE_HEADER_SIZE);
        if (rc) {
+               memset(page_virt, 0, PAGE_CACHE_SIZE);
                rc = ecryptfs_read_xattr_region(page_virt, ecryptfs_inode);
                if (rc) {
                        printk(KERN_DEBUG "Valid eCryptfs headers not found in "
@@ -1679,7 +1700,7 @@ ecryptfs_encrypt_filename(struct ecryptfs_filename *filename,
                        kmalloc(filename->encrypted_filename_size, GFP_KERNEL);
                if (!filename->encrypted_filename) {
                        printk(KERN_ERR "%s: Out of memory whilst attempting "
-                              "to kmalloc [%Zd] bytes\n", __func__,
+                              "to kmalloc [%zd] bytes\n", __func__,
                               filename->encrypted_filename_size);
                        rc = -ENOMEM;
                        goto out;
@@ -1704,7 +1725,7 @@ ecryptfs_encrypt_filename(struct ecryptfs_filename *filename,
        } else {
                printk(KERN_ERR "%s: No support for requested filename "
                       "encryption method in this release\n", __func__);
-               rc = -ENOTSUPP;
+               rc = -EOPNOTSUPP;
                goto out;
        }
 out:
@@ -1716,7 +1737,7 @@ static int ecryptfs_copy_filename(char **copied_name, size_t *copied_name_size,
 {
        int rc = 0;
 
-       (*copied_name) = kmalloc((name_size + 2), GFP_KERNEL);
+       (*copied_name) = kmalloc((name_size + 1), GFP_KERNEL);
        if (!(*copied_name)) {
                rc = -ENOMEM;
                goto out;
@@ -1726,7 +1747,7 @@ static int ecryptfs_copy_filename(char **copied_name, size_t *copied_name_size,
                                                 * in printing out the
                                                 * string in debug
                                                 * messages */
-       (*copied_name_size) = (name_size + 1);
+       (*copied_name_size) = name_size;
 out:
        return rc;
 }
@@ -1746,13 +1767,13 @@ ecryptfs_process_key_cipher(struct crypto_blkcipher **key_tfm,
                            char *cipher_name, size_t *key_size)
 {
        char dummy_key[ECRYPTFS_MAX_KEY_BYTES];
-       char *full_alg_name;
+       char *full_alg_name = NULL;
        int rc;
 
        *key_tfm = NULL;
        if (*key_size > ECRYPTFS_MAX_KEY_BYTES) {
                rc = -EINVAL;
-               printk(KERN_ERR "Requested key size is [%Zd] bytes; maximum "
+               printk(KERN_ERR "Requested key size is [%zd] bytes; maximum "
                      "allowable is [%d]\n", *key_size, ECRYPTFS_MAX_KEY_BYTES);
                goto out;
        }
@@ -1761,11 +1782,10 @@ ecryptfs_process_key_cipher(struct crypto_blkcipher **key_tfm,
        if (rc)
                goto out;
        *key_tfm = crypto_alloc_blkcipher(full_alg_name, 0, CRYPTO_ALG_ASYNC);
-       kfree(full_alg_name);
        if (IS_ERR(*key_tfm)) {
                rc = PTR_ERR(*key_tfm);
                printk(KERN_ERR "Unable to allocate crypto cipher with name "
-                      "[%s]; rc = [%d]\n", cipher_name, rc);
+                      "[%s]; rc = [%d]\n", full_alg_name, rc);
                goto out;
        }
        crypto_blkcipher_set_flags(*key_tfm, CRYPTO_TFM_REQ_WEAK_KEY);
@@ -1777,12 +1797,14 @@ ecryptfs_process_key_cipher(struct crypto_blkcipher **key_tfm,
        get_random_bytes(dummy_key, *key_size);
        rc = crypto_blkcipher_setkey(*key_tfm, dummy_key, *key_size);
        if (rc) {
-               printk(KERN_ERR "Error attempting to set key of size [%Zd] for "
-                      "cipher [%s]; rc = [%d]\n", *key_size, cipher_name, rc);
+               printk(KERN_ERR "Error attempting to set key of size [%zd] for "
+                      "cipher [%s]; rc = [%d]\n", *key_size, full_alg_name,
+                      rc);
                rc = -EINVAL;
                goto out;
        }
 out:
+       kfree(full_alg_name);
        return rc;
 }
 
@@ -1790,7 +1812,7 @@ struct kmem_cache *ecryptfs_key_tfm_cache;
 static struct list_head key_tfm_list;
 struct mutex key_tfm_list_mutex;
 
-int ecryptfs_init_crypto(void)
+int __init ecryptfs_init_crypto(void)
 {
        mutex_init(&key_tfm_list_mutex);
        INIT_LIST_HEAD(&key_tfm_list);
@@ -1931,7 +1953,7 @@ static unsigned char *portable_filename_chars = ("-.0123456789ABCD"
 
 /* We could either offset on every reverse map or just pad some 0x00's
  * at the front here */
-static unsigned char filename_rev_map[] = {
+static const unsigned char filename_rev_map[] = {
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 7 */
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 15 */
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 23 */
@@ -2012,16 +2034,30 @@ out:
        return;
 }
 
-int ecryptfs_decode_from_filename(unsigned char *dst, size_t *dst_size,
-                                 const unsigned char *src, size_t src_size)
+/**
+ * ecryptfs_decode_from_filename
+ * @dst: If NULL, this function only sets @dst_size and returns. If
+ *       non-NULL, this function decodes the encoded octets in @src
+ *       into the memory that @dst points to.
+ * @dst_size: Set to the size of the decoded string.
+ * @src: The encoded set of octets to decode.
+ * @src_size: The size of the encoded set of octets to decode.
+ */
+static void
+ecryptfs_decode_from_filename(unsigned char *dst, size_t *dst_size,
+                             const unsigned char *src, size_t src_size)
 {
        u8 current_bit_offset = 0;
        size_t src_byte_offset = 0;
        size_t dst_byte_offset = 0;
-       int rc = 0;
 
        if (dst == NULL) {
-               /* Not exact; conservatively long */
+               /* Not exact; conservatively long. Every block of 4
+                * encoded characters decodes into a block of 3
+                * decoded characters. This segment of code provides
+                * the caller with the maximum amount of allocated
+                * space that @dst will need to point to in a
+                * subsequent call. */
                (*dst_size) = (((src_size + 1) * 3) / 4);
                goto out;
        }
@@ -2055,7 +2091,7 @@ int ecryptfs_decode_from_filename(unsigned char *dst, size_t *dst_size,
        }
        (*dst_size) = dst_byte_offset;
 out:
-       return rc;
+       return;
 }
 
 /**
@@ -2093,7 +2129,7 @@ int ecryptfs_encrypt_and_encode_filename(
                filename = kzalloc(sizeof(*filename), GFP_KERNEL);
                if (!filename) {
                        printk(KERN_ERR "%s: Out of memory whilst attempting "
-                              "to kzalloc [%d] bytes\n", __func__,
+                              "to kzalloc [%zd] bytes\n", __func__,
                               sizeof(*filename));
                        rc = -ENOMEM;
                        goto out;
@@ -2127,7 +2163,7 @@ int ecryptfs_encrypt_and_encode_filename(
                (*encoded_name) = kmalloc((*encoded_name_size) + 1, GFP_KERNEL);
                if (!(*encoded_name)) {
                        printk(KERN_ERR "%s: Out of memory whilst attempting "
-                              "to kzalloc [%d] bytes\n", __func__,
+                              "to kzalloc [%zd] bytes\n", __func__,
                               (*encoded_name_size));
                        rc = -ENOMEM;
                        kfree(filename->encrypted_filename);
@@ -2152,9 +2188,8 @@ int ecryptfs_encrypt_and_encode_filename(
                                (ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE
                                 + encoded_name_no_prefix_size);
                        (*encoded_name)[(*encoded_name_size)] = '\0';
-                       (*encoded_name_size)++;
                } else {
-                       rc = -ENOTSUPP;
+                       rc = -EOPNOTSUPP;
                }
                if (rc) {
                        printk(KERN_ERR "%s: Error attempting to encode "
@@ -2192,51 +2227,36 @@ int ecryptfs_decode_and_decrypt_filename(char **plaintext_name,
                                         struct dentry *ecryptfs_dir_dentry,
                                         const char *name, size_t name_size)
 {
+       struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
+               &ecryptfs_superblock_to_private(
+                       ecryptfs_dir_dentry->d_sb)->mount_crypt_stat;
        char *decoded_name;
        size_t decoded_name_size;
        size_t packet_size;
        int rc = 0;
 
-       if ((name_size > ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE)
+       if ((mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES)
+           && !(mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED)
+           && (name_size > ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE)
            && (strncmp(name, ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX,
                        ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE) == 0)) {
-               struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
-                       &ecryptfs_superblock_to_private(
-                               ecryptfs_dir_dentry->d_sb)->mount_crypt_stat;
                const char *orig_name = name;
                size_t orig_name_size = name_size;
 
                name += ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE;
                name_size -= ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE;
-               rc = ecryptfs_decode_from_filename(NULL, &decoded_name_size,
-                                                  name, name_size);
-               if (rc) {
-                       printk(KERN_ERR "%s: Error attempting to decode "
-                              "filename; rc = [%d]\n", __func__, rc);
-                       rc = ecryptfs_copy_filename(plaintext_name,
-                                                   plaintext_name_size,
-                                                   orig_name, orig_name_size);
-                       goto out;
-               }
+               ecryptfs_decode_from_filename(NULL, &decoded_name_size,
+                                             name, name_size);
                decoded_name = kmalloc(decoded_name_size, GFP_KERNEL);
                if (!decoded_name) {
                        printk(KERN_ERR "%s: Out of memory whilst attempting "
-                              "to kmalloc [%Zd] bytes\n", __func__,
+                              "to kmalloc [%zd] bytes\n", __func__,
                               decoded_name_size);
                        rc = -ENOMEM;
                        goto out;
                }
-               rc = ecryptfs_decode_from_filename(decoded_name,
-                                                  &decoded_name_size,
-                                                  name, name_size);
-               if (rc) {
-                       printk(KERN_ERR "%s: Error attempting to decode "
-                              "filename; rc = [%d]\n", __func__, rc);
-                       rc = ecryptfs_copy_filename(plaintext_name,
-                                                   plaintext_name_size,
-                                                   orig_name, orig_name_size);
-                       goto out_free;
-               }
+               ecryptfs_decode_from_filename(decoded_name, &decoded_name_size,
+                                             name, name_size);
                rc = ecryptfs_parse_tag_70_packet(plaintext_name,
                                                  plaintext_name_size,
                                                  &packet_size,