22 Feb, 2011
1 commit
-
Allow for NULL nameidata pointers in eCryptfs create, lookup, and
d_revalidate functions.Signed-off-by: Tyler Hicks
18 Jan, 2011
2 commits
-
Add __attribute__((format... to __ecryptfs_printk
Make formats and arguments match.
Add casts to (unsigned long long) for %llu.Signed-off-by: Joe Perches
[tyhicks: 80 columns cleanup and fixed typo]
Signed-off-by: Tyler Hicks -
The definition of ECRYPTFS_SUPER_MAGIC has been moved to the include
file 'linux/magic.h' to become available to other kernel subsystems.Signed-off-by: Roberto Sassu
Signed-off-by: Tyler Hicks
30 Oct, 2010
1 commit
-
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ecryptfs/ecryptfs-2.6:
eCryptfs: Print mount_auth_tok_only param in ecryptfs_show_options
ecryptfs: added ecryptfs_mount_auth_tok_only mount parameter
ecryptfs: checking return code of ecryptfs_find_auth_tok_for_sig()
ecryptfs: release keys loaded in ecryptfs_keyring_auth_tok_for_sig()
eCryptfs: Clear LOOKUP_OPEN flag when creating lower file
ecryptfs: call vfs_setxattr() in ecryptfs_setxattr()
29 Oct, 2010
1 commit
-
This patch adds a new mount parameter 'ecryptfs_mount_auth_tok_only' to
force ecryptfs to use only authentication tokens which signature has
been specified at mount time with parameters 'ecryptfs_sig' and
'ecryptfs_fnek_sig'. In this way, after disabling the passthrough and
the encrypted view modes, it's possible to make available to users only
files encrypted with the specified authentication token.Signed-off-by: Roberto Sassu
Cc: Dustin Kirkland
Cc: James Morris
[Tyler: Clean up coding style errors found by checkpatch]
Signed-off-by: Tyler Hicks
23 Sep, 2010
1 commit
-
Signed-off-by: Joe Perches
Signed-off-by: Jiri Kosina
22 May, 2010
2 commits
-
Signed-off-by: Al Viro
-
Signed-off-by: Al Viro
22 Apr, 2010
1 commit
-
This ensures that dirty data gets flushed properly.
Signed-off-by: Jens Axboe
24 Mar, 2010
3 commits
-
The ecryptfs_encrypted_view mount option provides a unified way of
viewing encrypted eCryptfs files. If the metadata is stored in a xattr,
the metadata is moved to the file header when the file is read inside
the eCryptfs mount. Because of this, we should strip the
ECRYPTFS_METADATA_IN_XATTR flag from the header's flag section. This
allows eCryptfs to treat the file as an eCryptfs file with a header
at the front.Reviewed-by: Eric Sandeen
Signed-off-by: Tyler Hicks -
This patch renames the num_header_bytes_at_front variable to
metadata_size since it now contains the max size of the metadata.Reviewed-by: Eric Sandeen
Signed-off-by: Tyler Hicks -
Fixes regression in 8faece5f906725c10e7a1f6caf84452abadbdc7b
When using the ecryptfs_xattr_metadata mount option, eCryptfs stores the
metadata (normally stored at the front of the file) in the user.ecryptfs
xattr. This causes ecryptfs_crypt_stat.num_header_bytes_at_front to be
0, since there is no header data at the front of the file. This results
in too much memory being requested and ENOMEM being returned from
ecryptfs_write_metadata().This patch fixes the problem by using the num_header_bytes_at_front
variable for specifying the max size of the metadata, despite whether it
is stored in the header or xattr.Reviewed-by: Eric Sandeen
Signed-off-by: Tyler Hicks
22 Sep, 2009
1 commit
-
Signed-off-by: Alexey Dobriyan
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
22 Apr, 2009
1 commit
-
A feature was added to the eCryptfs umount helper to automatically
unlink the keys used for an eCryptfs mount from the kernel keyring upon
umount. This patch keeps the unrecognized mount option warnings for
ecryptfs_unlink_sigs out of the logs.Signed-off-by: Tyler Hicks
28 Mar, 2009
1 commit
-
Signed-off-by: Al Viro
23 Mar, 2009
1 commit
-
If ecryptfs_encrypted_view or ecryptfs_xattr_metadata were being
specified as mount options, a NULL pointer dereference of crypt_stat
was possible during lookup.This patch moves the crypt_stat assignment into
ecryptfs_lookup_and_interpose_lower(), ensuring that crypt_stat
will not be NULL before we attempt to dereference it.Thanks to Dan Carpenter and his static analysis tool, smatch, for
finding this bug.Signed-off-by: Tyler Hicks
Acked-by: Dustin Kirkland
Cc: Dan Carpenter
Cc: Serge Hallyn
Signed-off-by: Linus Torvalds
15 Mar, 2009
1 commit
-
eCryptfs has file encryption keys (FEK), file encryption key encryption
keys (FEKEK), and filename encryption keys (FNEK). The per-file FEK is
encrypted with one or more FEKEKs and stored in the header of the
encrypted file. I noticed that the FEK is also being encrypted by the
FNEK. This is a problem if a user wants to use a different FNEK than
their FEKEK, as their file contents will still be accessible with the
FNEK.This is a minimalistic patch which prevents the FNEKs signatures from
being copied to the inode signatures list. Ultimately, it keeps the FEK
from being encrypted with a FNEK.Signed-off-by: Tyler Hicks
Cc: Serge Hallyn
Acked-by: Dustin Kirkland
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
07 Jan, 2009
3 commits
-
Make the requisite modifications to ecryptfs_filldir(), ecryptfs_lookup(),
and ecryptfs_readlink() to call out to filename encryption functions.
Propagate filename encryption policy flags from mount-wide crypt_stat to
inode crypt_stat.Signed-off-by: Michael Halcrow
Cc: Dustin Kirkland
Cc: Eric Sandeen
Cc: Tyler Hicks
Cc: David Kleikamp
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Extensions to the header file to support filename encryption.
Signed-off-by: Michael Halcrow
Cc: Dustin Kirkland
Cc: Eric Sandeen
Cc: Tyler Hicks
Cc: David Kleikamp
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
This patchset implements filename encryption via a passphrase-derived
mount-wide Filename Encryption Key (FNEK) specified as a mount parameter.
Each encrypted filename has a fixed prefix indicating that eCryptfs should
try to decrypt the filename. When eCryptfs encounters this prefix, it
decodes the filename into a tag 70 packet and then decrypts the packet
contents using the FNEK, setting the filename to the decrypted filename.
Both unencrypted and encrypted filenames can reside in the same lower
filesystem.Because filename encryption expands the length of the filename during the
encoding stage, eCryptfs will not properly handle filenames that are
already near the maximum filename length.In the present implementation, eCryptfs must be able to produce a match
against the lower encrypted and encoded filename representation when given
a plaintext filename. Therefore, two files having the same plaintext name
will encrypt and encode into the same lower filename if they are both
encrypted using the same FNEK. This can be changed by finding a way to
replace the prepended bytes in the blocked-aligned filename with random
characters; they are hashes of the FNEK right now, so that it is possible
to deterministically map from a plaintext filename to an encrypted and
encoded filename in the lower filesystem. An implementation using random
characters will have to decode and decrypt every single directory entry in
any given directory any time an event occurs wherein the VFS needs to
determine whether a particular file exists in the lower directory and the
decrypted and decoded filenames have not yet been extracted for that
directory.Thanks to Tyler Hicks and David Kleikamp for assistance in the development
of this patchset.This patch:
A tag 70 packet contains a filename encrypted with a Filename Encryption
Key (FNEK). This patch implements functions for writing and parsing tag
70 packets. This patch also adds definitions and extends structures to
support filename encryption.Signed-off-by: Michael Halcrow
Cc: Dustin Kirkland
Cc: Eric Sandeen
Cc: Tyler Hicks
Cc: David Kleikamp
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
14 Nov, 2008
1 commit
-
Pass credentials through dentry_open() so that the COW creds patch can have
SELinux's flush_unauthorized_files() pass the appropriate creds back to itself
when it opens its null chardev.The security_dentry_open() call also now takes a creds pointer, as does the
dentry_open hook in struct security_operations.Signed-off-by: David Howells
Acked-by: James Morris
Signed-off-by: James Morris
17 Oct, 2008
1 commit
-
The netlink transport code has not worked for a while and the miscdev
transport is a simpler solution. This patch removes the netlink code and
makes the miscdev transport the only eCryptfs kernel to userspace
transport.Signed-off-by: Tyler Hicks
Cc: Michael Halcrow
Cc: Dustin Kirkland
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
25 Jul, 2008
3 commits
-
There is no good reason to immediately open the lower file, and that can
cause problems with files that the user does not intend to immediately
open, such as device nodes.This patch removes the persistent file open from the interpose step and
pushes that to the locations where eCryptfs really does need the lower
persistent file, such as just before reading or writing the metadata
stored in the lower file header.Two functions are jumping to out_dput when they should just be jumping to
out on error paths. This patch also fixes these.Signed-off-by: Michael Halcrow
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
When creating device nodes, eCryptfs needs to delay actually opening the lower
persistent file until an application tries to open. Device handles may not be
backed by anything when they first come into existence.[Valdis.Kletnieks@vt.edu: build fix]
Signed-off-by: Michael Halcrow
Cc:
Signed-off-by: Linus Torvalds -
eCryptfs would really like to have read-write access to all files in the
lower filesystem. Right now, the persistent lower file may be opened
read-only if the attempt to open it read-write fails. One way to keep
from having to do that is to have a privileged kthread that can open the
lower persistent file on behalf of the user opening the eCryptfs file;
this patch implements this functionality.This patch will properly allow a less-privileged user to open the eCryptfs
file, followed by a more-privileged user opening the eCryptfs file, with
the first user only being able to read and the second user being able to
both read and write. eCryptfs currently does this wrong; it will wind up
calling vfs_write() on a file that was opened read-only. This is fixed in
this patch.Signed-off-by: Michael Halcrow
Cc: Dave Kleikamp
Cc: Serge Hallyn
Cc: Eric Sandeen
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
07 Jun, 2008
1 commit
-
The page decrypt calls in ecryptfs_write() are both pointless and buggy.
Pointless because ecryptfs_get_locked_page() has already brought the page
up to date, and buggy because prior mmap writes will just be blown away by
the decrypt call.This patch also removes the declaration of a now-nonexistent function
ecryptfs_write_zeros().Thanks to Eric Sandeen and David Kleikamp for helping to track this
down.Eric said:
fsx w/ mmap dies quickly ( < 100 ops) without this, and survives
nicely (to millions of ops+) with it in place.Signed-off-by: Michael Halcrow
Cc: Eric Sandeen
Cc: Dave Kleikamp
Cc:
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
29 Apr, 2008
3 commits
-
Make eCryptfs key module subsystem respect namespaces.
Since I will be removing the netlink interface in a future patch, I just made
changes to the netlink.c code so that it will not break the build. With my
recent patches, the kernel module currently defaults to the device handle
interface rather than the netlink interface.[akpm@linux-foundation.org: export free_user_ns()]
Signed-off-by: Michael Halcrow
Acked-by: Serge Hallyn
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Update the versioning information. Make the message types generic. Add an
outgoing message queue to the daemon struct. Make the functions to parse
and write the packet lengths available to the rest of the module. Add
functions to create and destroy the daemon structs. Clean up some of the
comments and make the code a little more consistent with itself.[akpm@linux-foundation.org: printk fixes]
Signed-off-by: Michael Halcrow
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
__FUNCTION__ is gcc-specific, use __func__
Signed-off-by: Harvey Harrison
Cc: Michael Halcrow
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
07 Feb, 2008
5 commits
-
Jeff Moyer pointed out that a mount; umount loop of ecryptfs, with the same
cipher & other mount options, created a new ecryptfs_key_tfm_cache item
each time, and the cache could grow quite large this way.Looking at this with mhalcrow, we saw that ecryptfs_parse_options()
unconditionally called ecryptfs_add_new_key_tfm(), which is what was adding
these items.Refactor ecryptfs_get_tfm_and_mutex_for_cipher_name() to create a new
helper function, ecryptfs_tfm_exists(), which checks for the cipher on the
cached key_tfm_list, and sets a pointer to it if it exists. This can then
be called from ecryptfs_parse_options(), and new key_tfm's can be added
only when a cached one is not found.With list locking changes suggested by akpm.
Signed-off-by: Eric Sandeen
Cc: Michael Halcrow
Cc: Jeff Moyer
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Only the lower byte of cipher_code is ever used, so it makes sense
for its type to be u8.Signed-off-by: Trevor Highland
Cc: Michael Halcrow
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
There is no need to keep re-setting the same key for any given eCryptfs inode.
This patch optimizes the use of the crypto API and helps performance a bit.Signed-off-by: Trevor Highland
Signed-off-by: Michael Halcrow
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Remove internal references to header extents; just keep track of header bytes
instead. Headers can easily span multiple pages with the recent persistent
file changes.Signed-off-by: Michael Halcrow
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
- make the following needlessly global code static:
- crypto.c:ecryptfs_lower_offset_for_extent()
- crypto.c:key_tfm_list
- crypto.c:key_tfm_list_mutex
- inode.c:ecryptfs_getxattr()
- main.c:ecryptfs_init_persistent_file()- remove the no longer used mmap.c:ecryptfs_lower_page_cache
- #if 0 the unused read_write.c:ecryptfs_read()
Signed-off-by: Adrian Bunk
Cc: Michael Halcrow
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
17 Oct, 2007
6 commits
-
The functions that eventually call down to ecryptfs_read_lower(),
ecryptfs_decrypt_page(), and ecryptfs_copy_up_encrypted_with_header()
should have the responsibility of managing the page Uptodate
status. This patch gets rid of some of the ugliness that resulted from
trying to push some of the page flag setting too far down the stack.Signed-off-by: Michael Halcrow
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
The switch to read_write.c routines and the persistent file make a number of
functions unnecessary. This patch removes them.Signed-off-by: Michael Halcrow
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Update the metadata read/write functions and grow_file() to use the
read_write.c routines. Do not open another lower file; use the persistent
lower file instead. Provide a separate function for
crypto.c::ecryptfs_read_xattr_region() to get to the lower xattr without
having to go through the eCryptfs getxattr.Signed-off-by: Michael Halcrow
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Replace page encryption and decryption routines and inode size write routine
with versions that utilize the read_write.c functions.Signed-off-by: Michael Halcrow
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Add a set of functions through which all I/O to lower files is consolidated.
This patch adds a new inode_info reference to a persistent lower file for each
eCryptfs inode; another patch later in this series will set that up. This
persistent lower file is what the read_write.c functions use to call
vfs_read() and vfs_write() on the lower filesystem, so even when reads and
writes come in through aops->readpage and aops->writepage, we can satisfy them
without resorting to direct access to the lower inode's address space.
Several function declarations are going to be changing with this patchset.
For now, in order to keep from breaking the build, I am putting dummy
parameters in for those functions.Signed-off-by: Michael Halcrow
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
There is no point to keeping a separate header_extent_size and an extent_size.
The total size of the header can always be represented as some multiple of
the regular data extent size.[randy.dunlap@oracle.com: ecryptfs: fix printk format warning]
Signed-off-by: Michael Halcrow
Signed-off-by: Randy Dunlap
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds