12 Jul, 2013
1 commit
-
…el/git/tyhicks/ecryptfs
Pull eCryptfs updates from Tyler Hicks:
"Code cleanups and improved buffer handling during page crypto
operations:
- Remove redundant code by merging some encrypt and decrypt functions
- Get rid of a helper page allocation during page decryption by using
in-place decryption
- Better use of entire pages during page crypto operations
- Several code cleanups"* tag 'ecryptfs-3.11-rc1-cleanup' of git://git.kernel.org/pub/scm/linux/kernel/git/tyhicks/ecryptfs:
Use ecryptfs_dentry_to_lower_path in a couple of places
eCryptfs: Make extent and scatterlist crypt function parameters similar
eCryptfs: Collapse crypt_page_offset() into crypt_extent()
eCryptfs: Merge ecryptfs_encrypt_extent() and ecryptfs_decrypt_extent()
eCryptfs: Combine page_offset crypto functions
eCryptfs: Combine encrypt_scatterlist() and decrypt_scatterlist()
eCryptfs: Decrypt pages in-place
eCryptfs: Accept one offset parameter in page offset crypto functions
eCryptfs: Simplify lower file offset calculation
eCryptfs: Read/write entire page during page IO
eCryptfs: Use entire helper page during page crypto operations
eCryptfs: Cocci spatch "memdup.spatch"
10 Jul, 2013
1 commit
-
There are two places in ecryptfs that benefit from using
ecryptfs_dentry_to_lower_path() instead of separate calls to
ecryptfs_dentry_to_lower() and ecryptfs_dentry_to_lower_mnt(). Both
sites use fewer instructions and less stack (determined by examining
objdump output).Signed-off-by: Matthew Wilcox
Signed-off-by: Tyler Hicks
05 Jul, 2013
1 commit
-
Signed-off-by: Al Viro
29 Jun, 2013
3 commits
-
Signed-off-by: Al Viro
-
Signed-off-by: Al Viro
-
iterate_dir(): new helper, replacing vfs_readdir().
struct dir_context: contains the readdir callback (and will get more stuff
in it), embedded into whatever data that callback wants to deal with;
eventually, we'll be passing it to ->readdir() replacement instead of
(data,filldir) pair.Signed-off-by: Al Viro
08 Jun, 2013
11 commits
-
The 'dest' abbreviation is only used in crypt_scatterlist(), while all
other functions in crypto.c use 'dst' so dest_sg should be renamed to
dst_sg.The crypt_stat parameter is typically the first parameter in internal
eCryptfs functions so crypt_stat and dst_page should be swapped in
crypt_extent().Signed-off-by: Tyler Hicks
-
crypt_page_offset() simply initialized the two scatterlists and called
crypt_scatterlist() so it is simple enough to move into the only
function that calls it.Signed-off-by: Tyler Hicks
-
They are identical except if the src_page or dst_page index is used, so
they can be merged safely if page_index is conditionally assigned.Signed-off-by: Tyler Hicks
-
Combine ecryptfs_encrypt_page_offset() and
ecryptfs_decrypt_page_offset(). These two functions are functionally
identical so they can be safely merged if the caller can indicate
whether an encryption or decryption operation should occur.Signed-off-by: Tyler Hicks
-
These two functions are identical except for a debug printk and whether
they call crypto_ablkcipher_encrypt() or crypto_ablkcipher_decrypt(), so
they can be safely merged if the caller can indicate if encryption or
decryption should occur.The debug printk is useless so it is removed.
Two new #define's are created to indicate if an ENCRYPT or DECRYPT
operation is desired.Signed-off-by: Tyler Hicks
-
When reading in a page, eCryptfs would allocate a helper page, fill it
with encrypted data from the lower filesytem, and then decrypt the data
from the encrypted page and store the result in the eCryptfs page cache
page.The crypto API supports in-place crypto operations which means that the
allocation of the helper page is unnecessary when decrypting. This patch
gets rid of the unneeded page allocation by reading encrypted data from
the lower filesystem directly into the page cache page. The page cache
page is then decrypted in-place.Signed-off-by: Tyler Hicks
-
There is no longer a need to accept different offset values for the
source and destination pages when encrypting/decrypting an extent in an
eCryptfs page. The two offsets can be collapsed into a single parameter.Signed-off-by: Tyler Hicks
-
Now that lower filesystem IO operations occur for complete
PAGE_CACHE_SIZE bytes, the calculation for converting an eCryptfs extent
index into a lower file offset can be simplified.Signed-off-by: Tyler Hicks
-
When reading and writing encrypted pages, perform IO using the entire
page all at once rather than 4096 bytes at a time.This only affects architectures where PAGE_CACHE_SIZE is larger than
4096 bytes.Signed-off-by: Tyler Hicks
-
When encrypting eCryptfs pages and decrypting pages from the lower
filesystem, utilize the entire helper page rather than only the first
4096 bytes.This only affects architectures where PAGE_CACHE_SIZE is larger than
4096 bytes.Signed-off-by: Tyler Hicks
-
Signed-off-by: Thomas Meyer
Signed-off-by: Tyler Hicks
05 Jun, 2013
1 commit
-
Error out of ecryptfs_fsync() if filemap_write_and_wait() fails.
Signed-off-by: Tyler Hicks
Cc: Paul Taysom
Cc: Olof Johansson
Cc: stable@vger.kernel.org # v3.6+
25 May, 2013
1 commit
-
When msync is called on a memory mapped file, that
data is not flushed to the disk.In Linux, msync calls fsync for the file. For ecryptfs,
fsync just calls the lower level file system's fsync.
Changed the ecryptfs fsync code to call filemap_write_and_wait
before calling the lower level fsync.Addresses the problem described in http://crbug.com/239536
Signed-off-by: Paul Taysom
Signed-off-by: Tyler Hicks
Cc: stable@vger.kernel.org # v3.6+
11 May, 2013
1 commit
-
…ernel/git/tyhicks/ecryptfs
Pull eCryptfs update from Tyler Hicks:
"Improve performance when AES-NI (and most likely other crypto
accelerators) is available by moving to the ablkcipher crypto API.
The improvement is more apparent on faster storage devices.There's no noticeable change when hardware crypto is not available"
* tag 'ecryptfs-3.10-rc1-ablkcipher' of git://git.kernel.org/pub/scm/linux/kernel/git/tyhicks/ecryptfs:
eCryptfs: Use the ablkcipher crypto API
10 May, 2013
3 commits
-
Make the switch from the blkcipher kernel crypto interface to the
ablkcipher interface.encrypt_scatterlist() and decrypt_scatterlist() now use the ablkcipher
interface but, from the eCryptfs standpoint, still treat the crypto
operation as a synchronous operation. They submit the async request and
then wait until the operation is finished before they return. Most of
the changes are contained inside those two functions.Despite waiting for the completion of the crypto operation, the
ablkcipher interface provides performance increases in most cases when
used on AES-NI capable hardware.Signed-off-by: Tyler Hicks
Acked-by: Colin King
Reviewed-by: Zeev Zilberman
Cc: Dustin Kirkland
Cc: Tim Chen
Cc: Ying Huang
Cc: Thieu Le
Cc: Li Wang
Cc: Jarkko Sakkinen -
Pull more vfs fixes from Al Viro:
"Regression fix from Geert + yet another open-coded kernel_read()"* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
ecryptfs: don't open-code kernel_read()
xtensa simdisk: Fix proc_create_data() conversion fallout -
Signed-off-by: Al Viro
08 May, 2013
1 commit
-
Faster kernel compiles by way of fewer unnecessary includes.
[akpm@linux-foundation.org: fix fallout]
[akpm@linux-foundation.org: fix build]
Signed-off-by: Kent Overstreet
Cc: Zach Brown
Cc: Felipe Balbi
Cc: Greg Kroah-Hartman
Cc: Mark Fasheh
Cc: Joel Becker
Cc: Rusty Russell
Cc: Jens Axboe
Cc: Asai Thambi S P
Cc: Selvan Mani
Cc: Sam Bradshaw
Cc: Jeff Moyer
Cc: Al Viro
Cc: Benjamin LaHaise
Reviewed-by: "Theodore Ts'o"
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
10 Apr, 2013
1 commit
-
Signed-off-by: Al Viro
10 Mar, 2013
1 commit
-
Pull namespace bugfixes from Eric Biederman:
"This is three simple fixes against 3.9-rc1. I have tested each of
these fixes and verified they work correctly.The userns oops in key_change_session_keyring and the BUG_ON triggered
by proc_ns_follow_link were found by Dave Jones.I am including the enhancement for mount to only trigger requests of
filesystem modules here instead of delaying this for the 3.10 merge
window because it is both trivial and the kind of change that tends to
bit-rot if left untouched for two months."* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace:
proc: Use nd_jump_link in proc_ns_follow_link
fs: Limit sys_mount to only request filesystem modules (Part 2).
fs: Limit sys_mount to only request filesystem modules.
userns: Stop oopsing in key_change_session_keyring
08 Mar, 2013
1 commit
-
Pull ecryptfs fixes from Tyler Hicks:
"Minor code cleanups and new Kconfig option to disable /dev/ecryptfsThe code cleanups fix up W=1 compiler warnings and some unnecessary
checks. The new Kconfig option, defaulting to N, allows the rarely
used eCryptfs kernel to userspace communication channel to be compiled
out. This may be the first step in it being eventually removed."Hmm. I'm not sure whether these should be called "fixes", and it
probably should have gone in the merge window. But I'll let it slide.* tag 'ecryptfs-3.9-rc2-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tyhicks/ecryptfs:
eCryptfs: allow userspace messaging to be disabled
eCryptfs: Fix redundant error check on ecryptfs_find_daemon_by_euid()
ecryptfs: ecryptfs_msg_ctx_alloc_to_free(): remove kfree() redundant null check
eCryptfs: decrypt_pki_encrypted_session_key(): remove kfree() redundant null check
eCryptfs: remove unneeded checks in virt_to_scatterlist()
eCryptfs: Fix -Wmissing-prototypes warnings
eCryptfs: Fix -Wunused-but-set-variable warnings
eCryptfs: initialize payload_len in keystore.c
04 Mar, 2013
2 commits
-
When the userspace messaging (for the less common case of userspace key
wrap/unwrap via ecryptfsd) is not needed, allow eCryptfs to build with
it removed. This saves on kernel code size and reduces potential attack
surface by removing the /dev/ecryptfs node.Signed-off-by: Kees Cook
Signed-off-by: Tyler Hicks -
Modify the request_module to prefix the file system type with "fs-"
and add aliases to all of the filesystems that can be built as modules
to match.A common practice is to build all of the kernel code and leave code
that is not commonly needed as modules, with the result that many
users are exposed to any bug anywhere in the kernel.Looking for filesystems with a fs- prefix limits the pool of possible
modules that can be loaded by mount to just filesystems trivially
making things safer with no real cost.Using aliases means user space can control the policy of which
filesystem modules are auto-loaded by editing /etc/modprobe.d/*.conf
with blacklist and alias directives. Allowing simple, safe,
well understood work-arounds to known problematic software.This also addresses a rare but unfortunate problem where the filesystem
name is not the same as it's module name and module auto-loading
would not work. While writing this patch I saw a handful of such
cases. The most significant being autofs that lives in the module
autofs4.This is relevant to user namespaces because we can reach the request
module in get_fs_type() without having any special permissions, and
people get uncomfortable when a user specified string (in this case
the filesystem type) goes all of the way to request_module.After having looked at this issue I don't think there is any
particular reason to perform any filtering or permission checks beyond
making it clear in the module request that we want a filesystem
module. The common pattern in the kernel is to call request_module()
without regards to the users permissions. In general all a filesystem
module does once loaded is call register_filesystem() and go to sleep.
Which means there is not much attack surface exposed by loading a
filesytem module unless the filesystem is mounted. In a user
namespace filesystems are not mounted unless .fs_flags = FS_USERNS_MOUNT,
which most filesystems do not set today.Acked-by: Serge Hallyn
Acked-by: Kees Cook
Reported-by: Kees Cook
Signed-off-by: "Eric W. Biederman"
28 Feb, 2013
2 commits
-
I'm not sure why, but the hlist for each entry iterators were conceived
list_for_each_entry(pos, head, member)
The hlist ones were greedy and wanted an extra parameter:
hlist_for_each_entry(tpos, pos, head, member)
Why did they need an extra pos parameter? I'm not quite sure. Not only
they don't really need it, it also prevents the iterator from looking
exactly like the list iterator, which is unfortunate.Besides the semantic patch, there was some manual work required:
- Fix up the actual hlist iterators in linux/list.h
- Fix up the declaration of other iterators based on the hlist ones.
- A very small amount of places were using the 'node' parameter, this
was modified to use 'obj->member' instead.
- Coccinelle didn't handle the hlist_for_each_entry_safe iterator
properly, so those had to be fixed up manually.The semantic patch which is mostly the work of Peter Senna Tschudin is here:
@@
iterator name hlist_for_each_entry, hlist_for_each_entry_continue, hlist_for_each_entry_from, hlist_for_each_entry_rcu, hlist_for_each_entry_rcu_bh, hlist_for_each_entry_continue_rcu_bh, for_each_busy_worker, ax25_uid_for_each, ax25_for_each, inet_bind_bucket_for_each, sctp_for_each_hentry, sk_for_each, sk_for_each_rcu, sk_for_each_from, sk_for_each_safe, sk_for_each_bound, hlist_for_each_entry_safe, hlist_for_each_entry_continue_rcu, nr_neigh_for_each, nr_neigh_for_each_safe, nr_node_for_each, nr_node_for_each_safe, for_each_gfn_indirect_valid_sp, for_each_gfn_sp, for_each_host;type T;
expression a,c,d,e;
identifier b;
statement S;
@@-T b;
[akpm@linux-foundation.org: drop bogus change from net/ipv4/raw.c]
[akpm@linux-foundation.org: drop bogus hunk from net/ipv6/raw.c]
[akpm@linux-foundation.org: checkpatch fixes]
[akpm@linux-foundation.org: fix warnings]
[akpm@linux-foudnation.org: redo intrusive kvm changes]
Tested-by: Peter Senna Tschudin
Acked-by: Paul E. McKenney
Signed-off-by: Sasha Levin
Cc: Wu Fengguang
Cc: Marcelo Tosatti
Cc: Gleb Natapov
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
It is sufficient to check the return code of
ecryptfs_find_daemon_by_euid(). If it returns 0, it always sets the
daemon pointer to point to a valid ecryptfs_daemon.Signed-off-by: Tyler Hicks
Reported-by: Kees Cook
27 Feb, 2013
1 commit
-
Pull vfs pile (part one) from Al Viro:
"Assorted stuff - cleaning namei.c up a bit, fixing ->d_name/->d_parent
locking violations, etc.The most visible changes here are death of FS_REVAL_DOT (replaced with
"has ->d_weak_revalidate()") and a new helper getting from struct file
to inode. Some bits of preparation to xattr method interface changes.Misc patches by various people sent this cycle *and* ocfs2 fixes from
several cycles ago that should've been upstream right then.PS: the next vfs pile will be xattr stuff."
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (46 commits)
saner proc_get_inode() calling conventions
proc: avoid extra pde_put() in proc_fill_super()
fs: change return values from -EACCES to -EPERM
fs/exec.c: make bprm_mm_init() static
ocfs2/dlm: use GFP_ATOMIC inside a spin_lock
ocfs2: fix possible use-after-free with AIO
ocfs2: Fix oops in ocfs2_fast_symlink_readpage() code path
get_empty_filp()/alloc_file() leave both ->f_pos and ->f_version zero
target: writev() on single-element vector is pointless
export kernel_write(), convert open-coded instances
fs: encode_fh: return FILEID_INVALID if invalid fid_type
kill f_vfsmnt
vfs: kill FS_REVAL_DOT by adding a d_weak_revalidate dentry op
nfsd: handle vfs_getattr errors in acl protocol
switch vfs_getattr() to struct path
default SET_PERSONALITY() in linux/elf.h
ceph: prepopulate inodes only when request is aborted
d_hash_and_lookup(): export, switch open-coded instances
9p: switch v9fs_set_create_acl() to inode+fid, do it before d_instantiate()
9p: split dropping the acls from v9fs_set_create_acl()
...
26 Feb, 2013
2 commits
-
Signed-off-by: Al Viro
-
Signed-off-by: Al Viro
23 Feb, 2013
1 commit
-
Signed-off-by: Al Viro
13 Feb, 2013
2 commits
-
smatch analysis:
fs/ecryptfs/messaging.c:101 ecryptfs_msg_ctx_alloc_to_free() info:
redundant null check on msg_ctx->msg calling kfree()Cc: Dustin Kirkland
Cc: ecryptfs@vger.kernel.org
Signed-off-by: Tim Gardner
Signed-off-by: Tyler Hicks -
smatch analysis:
fs/ecryptfs/keystore.c:1206 decrypt_pki_encrypted_session_key() info:
redundant null check on msg calling kfree()Cc: Dustin Kirkland
Cc: ecryptfs@vger.kernel.org
Signed-off-by: Tim Gardner
Signed-off-by: Tyler Hicks
29 Jan, 2013
1 commit
-
This is always called with a valid "sg" pointer. My static checker
complains because the call to sg_init_table() dereferences "sg" before
we reach the checks.Signed-off-by: Dan Carpenter
Signed-off-by: Tyler Hicks
18 Jan, 2013
2 commits
-
Mark two inode operation fuctions as static. Fixes warnings when
building with W=1.Signed-off-by: Tyler Hicks
-
These two variables are no longer used and can be removed. Fixes
warnings when building with W=1.Signed-off-by: Tyler Hicks