1. 04 3月, 2013 1 次提交
  2. 26 2月, 2013 1 次提交
  3. 23 7月, 2012 1 次提交
  4. 09 7月, 2012 3 次提交
    • T
      eCryptfs: Initialize empty lower files when opening them · e3ccaa97
      Tyler Hicks 提交于
      Historically, eCryptfs has only initialized lower files in the
      ecryptfs_create() path. Lower file initialization is the act of writing
      the cryptographic metadata from the inode's crypt_stat to the header of
      the file. The ecryptfs_open() path already expects that metadata to be
      in the header of the file.
      
      A number of users have reported empty lower files in beneath their
      eCryptfs mounts. Most of the causes for those empty files being left
      around have been addressed, but the presence of empty files causes
      problems due to the lack of proper cryptographic metadata.
      
      To transparently solve this problem, this patch initializes empty lower
      files in the ecryptfs_open() error path. If the metadata is unreadable
      due to the lower inode size being 0, plaintext passthrough support is
      not in use, and the metadata is stored in the header of the file (as
      opposed to the user.ecryptfs extended attribute), the lower file will be
      initialized.
      
      The number of nested conditionals in ecryptfs_open() was getting out of
      hand, so a helper function was created. To avoid the same nested
      conditional problem, the conditional logic was reversed inside of the
      helper function.
      
      https://launchpad.net/bugs/911507Signed-off-by: NTyler Hicks <tyhicks@canonical.com>
      Cc: John Johansen <john.johansen@canonical.com>
      Cc: Colin Ian King <colin.king@canonical.com>
      e3ccaa97
    • T
      eCryptfs: Make all miscdev functions use daemon ptr in file private_data · 2ecaf55d
      Tyler Hicks 提交于
      Now that a pointer to a valid struct ecryptfs_daemon is stored in the
      private_data of an opened /dev/ecryptfs file, the remaining miscdev
      functions can utilize the pointer rather than looking up the
      ecryptfs_daemon at the beginning of each operation.
      
      The security model of /dev/ecryptfs is simplified a little bit with this
      patch. Upon opening /dev/ecryptfs, a per-user ecryptfs_daemon is
      registered. Another daemon cannot be registered for that user until the
      last file reference is released. During the lifetime of the
      ecryptfs_daemon, access checks are not performed on the /dev/ecryptfs
      operations because it is assumed that the application securely handles
      the opened file descriptor and does not unintentionally leak it to
      processes that are not trusted.
      Signed-off-by: NTyler Hicks <tyhicks@canonical.com>
      Cc: Sasha Levin <levinsasha928@gmail.com>
      2ecaf55d
    • T
      eCryptfs: Remove unused messaging declarations and function · 56696886
      Tyler Hicks 提交于
      These are no longer needed.
      Signed-off-by: NTyler Hicks <tyhicks@canonical.com>
      Cc: Sasha Levin <levinsasha928@gmail.com>
      56696886
  5. 17 2月, 2012 1 次提交
  6. 26 1月, 2012 1 次提交
  7. 24 11月, 2011 1 次提交
    • T
      eCryptfs: Prevent file create race condition · b59db43a
      Tyler Hicks 提交于
      The file creation path prematurely called d_instantiate() and
      unlock_new_inode() before the eCryptfs inode info was fully
      allocated and initialized and before the eCryptfs metadata was written
      to the lower file.
      
      This could result in race conditions in subsequent file and inode
      operations leading to unexpected error conditions or a null pointer
      dereference while attempting to use the unallocated memory.
      
      https://launchpad.net/bugs/813146Signed-off-by: NTyler Hicks <tyhicks@canonical.com>
      Cc: stable@kernel.org
      b59db43a
  8. 01 11月, 2011 1 次提交
  9. 27 6月, 2011 2 次提交
  10. 30 5月, 2011 5 次提交
  11. 26 4月, 2011 2 次提交
    • T
      eCryptfs: Handle failed metadata read in lookup · 3aeb86ea
      Tyler Hicks 提交于
      When failing to read the lower file's crypto metadata during a lookup,
      eCryptfs must continue on without throwing an error. For example, there
      may be a plaintext file in the lower mount point that the user wants to
      delete through the eCryptfs mount.
      
      If an error is encountered while reading the metadata in lookup(), the
      eCryptfs inode's size could be incorrect. We must be sure to reread the
      plaintext inode size from the metadata when performing an open() or
      setattr(). The metadata is already being read in those paths, so this
      adds minimal performance overhead.
      
      This patch introduces a flag which will track whether or not the
      plaintext inode size has been read so that an incorrect i_size can be
      fixed in the open() or setattr() paths.
      
      https://bugs.launchpad.net/bugs/509180
      
      Cc: <stable@kernel.org>
      Signed-off-by: NTyler Hicks <tyhicks@linux.vnet.ibm.com>
      3aeb86ea
    • T
      eCryptfs: Add reference counting to lower files · 332ab16f
      Tyler Hicks 提交于
      For any given lower inode, eCryptfs keeps only one lower file open and
      multiplexes all eCryptfs file operations through that lower file. The
      lower file was considered "persistent" and stayed open from the first
      lookup through the lifetime of the inode.
      
      This patch keeps the notion of a single, per-inode lower file, but adds
      reference counting around the lower file so that it is closed when not
      currently in use. If the reference count is at 0 when an operation (such
      as open, create, etc.) needs to use the lower file, a new lower file is
      opened. Since the file is no longer persistent, all references to the
      term persistent file are changed to lower file.
      
      Locking is added around the sections of code that opens the lower file
      and assign the pointer in the inode info, as well as the code the fputs
      the lower file when all eCryptfs users are done with it.
      
      This patch is needed to fix issues, when mounted on top of the NFSv3
      client, where the lower file is left silly renamed until the eCryptfs
      inode is destroyed.
      Signed-off-by: NTyler Hicks <tyhicks@linux.vnet.ibm.com>
      332ab16f
  12. 28 3月, 2011 5 次提交
  13. 22 2月, 2011 1 次提交
  14. 18 1月, 2011 2 次提交
  15. 29 10月, 2010 1 次提交
    • R
      ecryptfs: added ecryptfs_mount_auth_tok_only mount parameter · f16feb51
      Roberto Sassu 提交于
      This patch adds a new mount parameter 'ecryptfs_mount_auth_tok_only' to
      force ecryptfs to use only authentication tokens which signature has
      been specified at mount time with parameters 'ecryptfs_sig' and
      'ecryptfs_fnek_sig'. In this way, after disabling the passthrough and
      the encrypted view modes, it's possible to make available to users only
      files encrypted with the specified authentication token.
      Signed-off-by: NRoberto Sassu <roberto.sassu@polito.it>
      Cc: Dustin Kirkland <kirkland@canonical.com>
      Cc: James Morris <jmorris@namei.org>
      [Tyler: Clean up coding style errors found by checkpatch]
      Signed-off-by: NTyler Hicks <tyhicks@linux.vnet.ibm.com>
      f16feb51
  16. 23 9月, 2010 1 次提交
  17. 22 5月, 2010 2 次提交
  18. 22 4月, 2010 1 次提交
  19. 24 3月, 2010 3 次提交
  20. 22 9月, 2009 1 次提交
  21. 22 4月, 2009 1 次提交
  22. 28 3月, 2009 1 次提交
  23. 23 3月, 2009 1 次提交
  24. 15 3月, 2009 1 次提交