1. 30 5月, 2011 4 次提交
  2. 26 4月, 2011 2 次提交
    • T
      eCryptfs: Handle failed metadata read in lookup · 3aeb86ea
      Tyler Hicks 提交于
      When failing to read the lower file's crypto metadata during a lookup,
      eCryptfs must continue on without throwing an error. For example, there
      may be a plaintext file in the lower mount point that the user wants to
      delete through the eCryptfs mount.
      
      If an error is encountered while reading the metadata in lookup(), the
      eCryptfs inode's size could be incorrect. We must be sure to reread the
      plaintext inode size from the metadata when performing an open() or
      setattr(). The metadata is already being read in those paths, so this
      adds minimal performance overhead.
      
      This patch introduces a flag which will track whether or not the
      plaintext inode size has been read so that an incorrect i_size can be
      fixed in the open() or setattr() paths.
      
      https://bugs.launchpad.net/bugs/509180
      
      Cc: <stable@kernel.org>
      Signed-off-by: NTyler Hicks <tyhicks@linux.vnet.ibm.com>
      3aeb86ea
    • T
      eCryptfs: Add reference counting to lower files · 332ab16f
      Tyler Hicks 提交于
      For any given lower inode, eCryptfs keeps only one lower file open and
      multiplexes all eCryptfs file operations through that lower file. The
      lower file was considered "persistent" and stayed open from the first
      lookup through the lifetime of the inode.
      
      This patch keeps the notion of a single, per-inode lower file, but adds
      reference counting around the lower file so that it is closed when not
      currently in use. If the reference count is at 0 when an operation (such
      as open, create, etc.) needs to use the lower file, a new lower file is
      opened. Since the file is no longer persistent, all references to the
      term persistent file are changed to lower file.
      
      Locking is added around the sections of code that opens the lower file
      and assign the pointer in the inode info, as well as the code the fputs
      the lower file when all eCryptfs users are done with it.
      
      This patch is needed to fix issues, when mounted on top of the NFSv3
      client, where the lower file is left silly renamed until the eCryptfs
      inode is destroyed.
      Signed-off-by: NTyler Hicks <tyhicks@linux.vnet.ibm.com>
      332ab16f
  3. 28 3月, 2011 5 次提交
  4. 22 2月, 2011 1 次提交
  5. 18 1月, 2011 2 次提交
  6. 29 10月, 2010 1 次提交
    • R
      ecryptfs: added ecryptfs_mount_auth_tok_only mount parameter · f16feb51
      Roberto Sassu 提交于
      This patch adds a new mount parameter 'ecryptfs_mount_auth_tok_only' to
      force ecryptfs to use only authentication tokens which signature has
      been specified at mount time with parameters 'ecryptfs_sig' and
      'ecryptfs_fnek_sig'. In this way, after disabling the passthrough and
      the encrypted view modes, it's possible to make available to users only
      files encrypted with the specified authentication token.
      Signed-off-by: NRoberto Sassu <roberto.sassu@polito.it>
      Cc: Dustin Kirkland <kirkland@canonical.com>
      Cc: James Morris <jmorris@namei.org>
      [Tyler: Clean up coding style errors found by checkpatch]
      Signed-off-by: NTyler Hicks <tyhicks@linux.vnet.ibm.com>
      f16feb51
  7. 23 9月, 2010 1 次提交
  8. 22 5月, 2010 2 次提交
  9. 22 4月, 2010 1 次提交
  10. 24 3月, 2010 3 次提交
  11. 22 9月, 2009 1 次提交
  12. 22 4月, 2009 1 次提交
  13. 28 3月, 2009 1 次提交
  14. 23 3月, 2009 1 次提交
  15. 15 3月, 2009 1 次提交
  16. 07 1月, 2009 3 次提交
    • M
      eCryptfs: Filename Encryption: filldir, lookup, and readlink · addd65ad
      Michael Halcrow 提交于
      Make the requisite modifications to ecryptfs_filldir(), ecryptfs_lookup(),
      and ecryptfs_readlink() to call out to filename encryption functions.
      Propagate filename encryption policy flags from mount-wide crypt_stat to
      inode crypt_stat.
      Signed-off-by: NMichael Halcrow <mhalcrow@us.ibm.com>
      Cc: Dustin Kirkland <dustin.kirkland@gmail.com>
      Cc: Eric Sandeen <sandeen@redhat.com>
      Cc: Tyler Hicks <tchicks@us.ibm.com>
      Cc: David Kleikamp <shaggy@us.ibm.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      addd65ad
    • M
      eCryptfs: Filename Encryption: Header updates · a34f60f7
      Michael Halcrow 提交于
      Extensions to the header file to support filename encryption.
      Signed-off-by: NMichael Halcrow <mhalcrow@us.ibm.com>
      Cc: Dustin Kirkland <dustin.kirkland@gmail.com>
      Cc: Eric Sandeen <sandeen@redhat.com>
      Cc: Tyler Hicks <tchicks@us.ibm.com>
      Cc: David Kleikamp <shaggy@us.ibm.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      a34f60f7
    • M
      eCryptfs: Filename Encryption: Tag 70 packets · 9c79f34f
      Michael Halcrow 提交于
      This patchset implements filename encryption via a passphrase-derived
      mount-wide Filename Encryption Key (FNEK) specified as a mount parameter.
      Each encrypted filename has a fixed prefix indicating that eCryptfs should
      try to decrypt the filename.  When eCryptfs encounters this prefix, it
      decodes the filename into a tag 70 packet and then decrypts the packet
      contents using the FNEK, setting the filename to the decrypted filename.
      Both unencrypted and encrypted filenames can reside in the same lower
      filesystem.
      
      Because filename encryption expands the length of the filename during the
      encoding stage, eCryptfs will not properly handle filenames that are
      already near the maximum filename length.
      
      In the present implementation, eCryptfs must be able to produce a match
      against the lower encrypted and encoded filename representation when given
      a plaintext filename.  Therefore, two files having the same plaintext name
      will encrypt and encode into the same lower filename if they are both
      encrypted using the same FNEK.  This can be changed by finding a way to
      replace the prepended bytes in the blocked-aligned filename with random
      characters; they are hashes of the FNEK right now, so that it is possible
      to deterministically map from a plaintext filename to an encrypted and
      encoded filename in the lower filesystem.  An implementation using random
      characters will have to decode and decrypt every single directory entry in
      any given directory any time an event occurs wherein the VFS needs to
      determine whether a particular file exists in the lower directory and the
      decrypted and decoded filenames have not yet been extracted for that
      directory.
      
      Thanks to Tyler Hicks and David Kleikamp for assistance in the development
      of this patchset.
      
      This patch:
      
      A tag 70 packet contains a filename encrypted with a Filename Encryption
      Key (FNEK).  This patch implements functions for writing and parsing tag
      70 packets.  This patch also adds definitions and extends structures to
      support filename encryption.
      Signed-off-by: NMichael Halcrow <mhalcrow@us.ibm.com>
      Cc: Dustin Kirkland <dustin.kirkland@gmail.com>
      Cc: Eric Sandeen <sandeen@redhat.com>
      Cc: Tyler Hicks <tchicks@us.ibm.com>
      Cc: David Kleikamp <shaggy@us.ibm.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      9c79f34f
  17. 14 11月, 2008 1 次提交
  18. 17 10月, 2008 1 次提交
  19. 25 7月, 2008 3 次提交
  20. 07 6月, 2008 1 次提交
    • M
      eCryptfs: remove unnecessary page decrypt call · d3e49afb
      Michael Halcrow 提交于
      The page decrypt calls in ecryptfs_write() are both pointless and buggy.
      Pointless because ecryptfs_get_locked_page() has already brought the page
      up to date, and buggy because prior mmap writes will just be blown away by
      the decrypt call.
      
      This patch also removes the declaration of a now-nonexistent function
      ecryptfs_write_zeros().
      
      Thanks to Eric Sandeen and David Kleikamp for helping to track this
      down.
      
      Eric said:
      
         fsx w/ mmap dies quickly ( < 100 ops) without this, and survives
         nicely (to millions of ops+) with it in place.
      Signed-off-by: NMichael Halcrow <mhalcrow@us.ibm.com>
      Cc: Eric Sandeen <sandeen@redhat.com>
      Cc: Dave Kleikamp <shaggy@austin.ibm.com>
      Cc: <stable@kernel.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      d3e49afb
  21. 29 4月, 2008 3 次提交
  22. 07 2月, 2008 1 次提交
    • E
      ecryptfs: check for existing key_tfm at mount time · af440f52
      Eric Sandeen 提交于
      Jeff Moyer pointed out that a mount; umount loop of ecryptfs, with the same
      cipher & other mount options, created a new ecryptfs_key_tfm_cache item
      each time, and the cache could grow quite large this way.
      
      Looking at this with mhalcrow, we saw that ecryptfs_parse_options()
      unconditionally called ecryptfs_add_new_key_tfm(), which is what was adding
      these items.
      
      Refactor ecryptfs_get_tfm_and_mutex_for_cipher_name() to create a new
      helper function, ecryptfs_tfm_exists(), which checks for the cipher on the
      cached key_tfm_list, and sets a pointer to it if it exists.  This can then
      be called from ecryptfs_parse_options(), and new key_tfm's can be added
      only when a cached one is not found.
      
      With list locking changes suggested by akpm.
      Signed-off-by: NEric Sandeen <sandeen@redhat.com>
      Cc: Michael Halcrow <mhalcrow@us.ibm.com>
      Cc: Jeff Moyer <jmoyer@redhat.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      af440f52