1. 28 4月, 2009 2 次提交
  2. 23 4月, 2009 2 次提交
    • T
      eCryptfs: Larger buffer for encrypted symlink targets · 3a6b42ca
      Tyler Hicks 提交于
      When using filename encryption with eCryptfs, the value of the symlink
      in the lower filesystem is encrypted and stored as a Tag 70 packet.
      This results in a longer symlink target than if the target value wasn't
      encrypted.
      
      Users were reporting these messages in their syslog:
      
      [ 45.653441] ecryptfs_parse_tag_70_packet: max_packet_size is [56]; real
      packet size is [51]
      [ 45.653444] ecryptfs_decode_and_decrypt_filename: Could not parse tag
      70 packet from filename; copying through filename as-is
      
      This was due to bufsiz, one the arguments in readlink(), being used to
      when allocating the buffer passed to the lower inode's readlink().
      That symlink target may be very large, but when decoded and decrypted,
      could end up being smaller than bufsize.
      
      To fix this, the buffer passed to the lower inode's readlink() will
      always be PATH_MAX in size when filename encryption is enabled.  Any
      necessary truncation occurs after the decoding and decrypting.
      Signed-off-by: NTyler Hicks <tyhicks@linux.vnet.ibm.com>
      3a6b42ca
    • T
      eCryptfs: Lock lower directory inode mutex during lookup · ca8e34f2
      Tyler Hicks 提交于
      This patch locks the lower directory inode's i_mutex before calling
      lookup_one_len() to find the appropriate dentry in the lower filesystem.
      This bug was found thanks to the warning set in commit 2f9092e1.
      Signed-off-by: NTyler Hicks <tyhicks@linux.vnet.ibm.com>
      ca8e34f2
  3. 22 4月, 2009 1 次提交
    • T
      eCryptfs: Fix data corruption when using ecryptfs_passthrough · 13a791b4
      Tyler Hicks 提交于
      ecryptfs_passthrough is a mount option that allows eCryptfs to allow
      data to be written to non-eCryptfs files in the lower filesystem.  The
      passthrough option was causing data corruption due to it not always
      being treated as a non-eCryptfs file.
      
      The first 8 bytes of an eCryptfs file contains the decrypted file size.
      This value was being written to the non-eCryptfs files, too.  Also,
      extra 0x00 characters were being written to make the file size a
      multiple of PAGE_CACHE_SIZE.
      Signed-off-by: NTyler Hicks <tyhicks@linux.vnet.ibm.com>
      13a791b4
  4. 23 3月, 2009 1 次提交
  5. 07 1月, 2009 3 次提交
  6. 06 1月, 2009 1 次提交
    • A
      inode->i_op is never NULL · acfa4380
      Al Viro 提交于
      We used to have rather schizophrenic set of checks for NULL ->i_op even
      though it had been eliminated years ago.  You'd need to go out of your
      way to set it to NULL explicitly _and_ a bunch of code would die on
      such inodes anyway.  After killing two remaining places that still
      did that bogosity, all that crap can go away.
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      acfa4380
  7. 01 1月, 2009 1 次提交
  8. 27 7月, 2008 3 次提交
  9. 25 7月, 2008 3 次提交
  10. 13 5月, 2008 1 次提交
  11. 29 4月, 2008 3 次提交
  12. 15 2月, 2008 1 次提交
    • J
      Embed a struct path into struct nameidata instead of nd->{dentry,mnt} · 4ac91378
      Jan Blunck 提交于
      This is the central patch of a cleanup series. In most cases there is no good
      reason why someone would want to use a dentry for itself. This series reflects
      that fact and embeds a struct path into nameidata.
      
      Together with the other patches of this series
      - it enforced the correct order of getting/releasing the reference count on
        <dentry,vfsmount> pairs
      - it prepares the VFS for stacking support since it is essential to have a
        struct path in every place where the stack can be traversed
      - it reduces the overall code size:
      
      without patch series:
         text    data     bss     dec     hex filename
      5321639  858418  715768 6895825  6938d1 vmlinux
      
      with patch series:
         text    data     bss     dec     hex filename
      5320026  858418  715768 6894212  693284 vmlinux
      
      This patch:
      
      Switch from nd->{dentry,mnt} to nd->path.{dentry,mnt} everywhere.
      
      [akpm@linux-foundation.org: coding-style fixes]
      [akpm@linux-foundation.org: fix cifs]
      [akpm@linux-foundation.org: fix smack]
      Signed-off-by: NJan Blunck <jblunck@suse.de>
      Signed-off-by: NAndreas Gruenbacher <agruen@suse.de>
      Acked-by: NChristoph Hellwig <hch@lst.de>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Cc: Casey Schaufler <casey@schaufler-ca.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      4ac91378
  13. 07 2月, 2008 3 次提交
  14. 09 1月, 2008 1 次提交
    • M
      eCryptfs: fix dentry handling on create error, unlink, and inode destroy · caeeeecf
      Michael Halcrow 提交于
      This patch corrects some erroneous dentry handling in eCryptfs.
      
      If there is a problem creating the lower file, then there is nothing that
      the persistent lower file can do to really help us.  This patch makes a
      vfs_create() failure in the lower filesystem always lead to an
      unconditional do_create failure in eCryptfs.
      
      Under certain sequences of operations, the eCryptfs dentry can remain in
      the dcache after an unlink.  This patch calls d_drop() on the eCryptfs
      dentry to correct this.
      
      eCryptfs has no business calling d_delete() directly on a lower
      filesystem's dentry.  This patch removes the call to d_delete() on the
      lower persistent file's dentry in ecryptfs_destroy_inode().
      
      (Thanks to David Kleikamp, Eric Sandeen, and Jeff Moyer for helping
      identify and resolve this issue)
      Signed-off-by: NMichael Halcrow <mhalcrow@us.ibm.com>
      Cc: Dave Kleikamp <shaggy@austin.ibm.com>
      Cc: Eric Sandeen <sandeen@redhat.com>
      Cc: Jeff Moyer <jmoyer@redhat.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      caeeeecf
  15. 19 10月, 2007 1 次提交
  16. 17 10月, 2007 6 次提交
  17. 31 8月, 2007 1 次提交
  18. 23 8月, 2007 1 次提交
    • R
      eCryptfs: fix lookup error for special files · df068464
      Ryusuke Konishi 提交于
      When ecryptfs_lookup() is called against special files, eCryptfs generates
      the following errors because it tries to treat them like regular eCryptfs
      files.
      
      Error opening lower file for lower_dentry [0xffff810233a6f150], lower_mnt [0xffff810235bb4c80], and flags [0x8000]
      Error opening lower_file to read header region
      Error attempting to read the [user.ecryptfs] xattr from the lower file; return value = [-95]
      Valid metadata not found in header region or xattr region; treating file as unencrypted
      
      For instance, the problem can be reproduced by the steps below.
      
        # mkdir /root/crypt /mnt/crypt
        # mount -t ecryptfs /root/crypt /mnt/crypt
        # mknod /mnt/crypt/c0 c 0 0
        # umount /mnt/crypt
        # mount -t ecryptfs /root/crypt /mnt/crypt
        # ls -l /mnt/crypt
      
      This patch fixes it by adding a check similar to directories and
      symlinks.
      Signed-off-by: NRyusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
      Acked-by: NMichael Halcrow <mhalcrow@us.ibm.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      df068464
  19. 12 8月, 2007 1 次提交
    • R
      eCryptfs: fix lookup error for special files · 202a21d6
      Ryusuke Konishi 提交于
      When ecryptfs_lookup() is called against special files, eCryptfs generates
      the following errors because it tries to treat them like regular eCryptfs
      files.
      
      Error opening lower file for lower_dentry [0xffff810233a6f150], lower_mnt [0xffff810235bb4c80], and flags
      [0x8000]
      Error opening lower_file to read header region
      Error attempting to read the [user.ecryptfs] xattr from the lower file; return value = [-95]
      Valid metadata not found in header region or xattr region; treating file as unencrypted
      
      For instance, the problem can be reproduced by the steps below.
      
        # mkdir /root/crypt /mnt/crypt
        # mount -t ecryptfs /root/crypt /mnt/crypt
        # mknod /mnt/crypt/c0 c 0 0
        # umount /mnt/crypt
        # mount -t ecryptfs /root/crypt /mnt/crypt
        # ls -l /mnt/crypt
      
      This patch fixes it by adding a check similar to directories and
      symlinks.
      Signed-off-by: NRyusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
      Acked-by: NMichael Halcrow <mhalcrow@us.ibm.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      202a21d6
  20. 20 7月, 2007 1 次提交
  21. 18 7月, 2007 1 次提交
    • M
      Couple fixes to fs/ecryptfs/inode.c · c381bfcf
      Mika Kukkonen 提交于
      Following was uncovered by compiling the kernel with '-W' flag:
      
        CC [M]  fs/ecryptfs/inode.o
      fs/ecryptfs/inode.c: In function ‘ecryptfs_lookup’:
      fs/ecryptfs/inode.c:304: warning: comparison of unsigned expression < 0 is always false
      fs/ecryptfs/inode.c: In function ‘ecryptfs_symlink’:
      fs/ecryptfs/inode.c:486: warning: comparison of unsigned expression < 0 is always false
      
      Function ecryptfs_encode_filename() can return -ENOMEM, so change the
      variables to plain int, as in the first case the only real use actually
      expects int, and in latter case there is no use beoynd the error check.
      Signed-off-by: NMika Kukkonen <mikukkon@iki.fi>
      Cc: Michael Halcrow <mhalcrow@us.ibm.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      c381bfcf
  22. 29 6月, 2007 2 次提交
    • M
      eCryptfs: initialize crypt_stat in setattr · e10f281b
      Michael Halcrow 提交于
      Recent changes in eCryptfs have made it possible to get to ecryptfs_setattr()
      with an uninitialized crypt_stat struct.  This results in a wide and colorful
      variety of unpleasantries.  This patch properly initializes the crypt_stat
      structure in ecryptfs_setattr() when it is necessary to do so.
      Signed-off-by: NMichael Halcrow <mhalcrow@us.ibm.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      e10f281b
    • M
      eCryptfs: fix write zeros behavior · 240e2df5
      Michael Halcrow 提交于
      This patch fixes the processes involved in wiping regions of the data during
      truncate and write events, fixing a kernel hang in 2.6.22-rc4 while assuring
      that zero values are written out to the appropriate locations during events in
      which the i_size will change.
      
      The range passed to ecryptfs_truncate() from ecryptfs_prepare_write() includes
      the page that is the object of ecryptfs_prepare_write().  This leads to a
      kernel hang as read_cache_page() is executed on the same page in the
      ecryptfs_truncate() execution path.  This patch remedies this by limiting the
      range passed to ecryptfs_truncate() so as to exclude the page that is the
      object of ecryptfs_prepare_write(); it also adds code to
      ecryptfs_prepare_write() to zero out the region of its own page when writing
      past the i_size position.  This patch also modifies ecryptfs_truncate() so
      that when a file is truncated to a smaller size, eCryptfs will zero out the
      contents of the new last page from the new size through to the end of the last
      page.
      Signed-off-by: NMichael Halcrow <mhalcrow@us.ibm.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      240e2df5