24 Nov, 2011
1 commit
-
The file creation path prematurely called d_instantiate() and
unlock_new_inode() before the eCryptfs inode info was fully
allocated and initialized and before the eCryptfs metadata was written
to the lower file.This could result in race conditions in subsequent file and inode
operations leading to unexpected error conditions or a null pointer
dereference while attempting to use the unallocated memory.https://launchpad.net/bugs/813146
Signed-off-by: Tyler Hicks
Cc: stable@kernel.org
01 Nov, 2011
1 commit
-
Standardize the style for compiler based printf format verification.
Standardized the location of __printf too.Done via script and a little typing.
$ grep -rPl --include=*.[ch] -w "__attribute__" * | \
grep -vP "^(tools|scripts|include/linux/compiler-gcc.h)" | \
xargs perl -n -i -e 'local $/; while (<>) { s/\b__attribute__\s*\(\s*\(\s*format\s*\(\s*printf\s*,\s*(.+)\s*,\s*(.+)\s*\)\s*\)\s*\)/__printf($1, $2)/g ; print; }'[akpm@linux-foundation.org: revert arch bits]
Signed-off-by: Joe Perches
Cc: "Kirill A. Shutemov"
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
27 Jun, 2011
2 commits
-
The function ecryptfs_keyring_auth_tok_for_sig() has been modified in order
to search keys of both 'user' and 'encrypted' types.Signed-off-by: Roberto Sassu
Acked-by: Gianluca Ramunno
Acked-by: Tyler Hicks
Signed-off-by: Mimi Zohar -
Some eCryptfs specific definitions, such as the current version and the
authentication token structure, are moved to the new include file
'include/linux/ecryptfs.h', in order to be available for all kernel
subsystems.Signed-off-by: Roberto Sassu
Acked-by: Gianluca Ramunno
Acked-by: Tyler Hicks
Acked-by: David Howells
Signed-off-by: Mimi Zohar
30 May, 2011
5 commits
-
Now that ecryptfs_lookup_interpose() is no longer using
ecryptfs_header_cache_2 to read in metadata, the kmem_cache can be
removed and the ecryptfs_header_cache_1 kmem_cache can be renamed to
ecryptfs_header_cache.Signed-off-by: Tyler Hicks
-
ecryptfs_lookup_interpose() has turned into spaghetti code over the
years. This is an effort to clean it up.- Shorten overly descriptive variable names such as ecryptfs_dentry
- Simplify gotos and error paths
- Create helper function for reading plaintext i_size from metadataIt also includes an optimization when reading i_size from the metadata.
A complete page-sized kmem_cache_alloc() was being done to read in 16
bytes of metadata. The buffer for that is now statically declared.Signed-off-by: Tyler Hicks
-
Only unlock and d_add() new inodes after the plaintext inode size has
been read from the lower filesystem. This fixes a race condition that
was sometimes seen during a multi-job kernel build in an eCryptfs mount.https://bugzilla.kernel.org/show_bug.cgi?id=36002
Signed-off-by: Tyler Hicks
Reported-by: David
Tested-by: David -
The eCryptfs inode get, initialization, and dentry interposition code
has two separate paths. One is for when dentry interposition is needed
after doing things like a mkdir in the lower filesystem and the other
is needed after a lookup. Unlocking new inodes and doing a d_add() needs
to happen at different times, depending on which type of dentry
interposing is being done.This patch cleans up the inode get and initialization code paths and
splits them up so that the locking and d_add() differences mentioned
above can be handled appropriately in a later patch.Signed-off-by: Tyler Hicks
Tested-by: David -
These functions should live in inode.c since their focus is on inodes
and they're primarily used by functions in inode.c.Also does a simple cleanup of ecryptfs_inode_test() and rolls
ecryptfs_init_inode() into ecryptfs_inode_set().Signed-off-by: Tyler Hicks
Tested-by: David
26 Apr, 2011
2 commits
-
When failing to read the lower file's crypto metadata during a lookup,
eCryptfs must continue on without throwing an error. For example, there
may be a plaintext file in the lower mount point that the user wants to
delete through the eCryptfs mount.If an error is encountered while reading the metadata in lookup(), the
eCryptfs inode's size could be incorrect. We must be sure to reread the
plaintext inode size from the metadata when performing an open() or
setattr(). The metadata is already being read in those paths, so this
adds minimal performance overhead.This patch introduces a flag which will track whether or not the
plaintext inode size has been read so that an incorrect i_size can be
fixed in the open() or setattr() paths.https://bugs.launchpad.net/bugs/509180
Cc:
Signed-off-by: Tyler Hicks -
For any given lower inode, eCryptfs keeps only one lower file open and
multiplexes all eCryptfs file operations through that lower file. The
lower file was considered "persistent" and stayed open from the first
lookup through the lifetime of the inode.This patch keeps the notion of a single, per-inode lower file, but adds
reference counting around the lower file so that it is closed when not
currently in use. If the reference count is at 0 when an operation (such
as open, create, etc.) needs to use the lower file, a new lower file is
opened. Since the file is no longer persistent, all references to the
term persistent file are changed to lower file.Locking is added around the sections of code that opens the lower file
and assign the pointer in the inode info, as well as the code the fputs
the lower file when all eCryptfs users are done with it.This patch is needed to fix issues, when mounted on top of the NFSv3
client, where the lower file is left silly renamed until the eCryptfs
inode is destroyed.Signed-off-by: Tyler Hicks
28 Mar, 2011
5 commits
-
Authentication tokens content may change if another requestor calls the
update() method of the corresponding key. The new function
ecryptfs_verify_auth_tok_from_key() retrieves the authentication token from
the provided key and verifies if it is still valid before being used to
encrypt or decrypt an eCryptfs file.Signed-off-by: Roberto Sassu
[tyhicks: Minor formatting changes]
Signed-off-by: Tyler Hicks -
The size of the 'keysig' array is incremented of one byte in order to make
room for the NULL character. The 'keysig' variable is used, in the function
ecryptfs_generate_key_packet_set(), to find an authentication token with
the given signature and is printed a debug message if it cannot be
retrieved.Signed-off-by: Roberto Sassu
Signed-off-by: Tyler Hicks -
This patch removes the 'num_global_auth_toks' field of the
ecryptfs_mount_crypt_stat structure, used to count the number of items in
the 'global_auth_tok_list' list. This variable is not needed because there
are no checks based upon it.Signed-off-by: Roberto Sassu
Signed-off-by: Tyler Hicks -
Change the write path to encrypt the data only when the page is written to
disk in ecryptfs_writepage. Previously, ecryptfs encrypts the page in
ecryptfs_write_end which means that if there are multiple write requests to
the same page, ecryptfs ends up re-encrypting that page over and over again.
This patch minimizes the number of encryptions needed.Signed-off-by: Thieu Le
[tyhicks: Changed NULL .drop_inode sop pointer to generic_drop_inode]
Signed-off-by: Tyler Hicks -
Now that grow_file() is not called in the ecryptfs_create() path, the
ECRYPTFS_NEW_FILE flag is no longer needed. It helped
ecryptfs_readpage() know not to decrypt zeroes that were read from the
lower file in the grow_file() path.Signed-off-by: Tyler Hicks
22 Feb, 2011
1 commit
-
Allow for NULL nameidata pointers in eCryptfs create, lookup, and
d_revalidate functions.Signed-off-by: Tyler Hicks
18 Jan, 2011
2 commits
-
Add __attribute__((format... to __ecryptfs_printk
Make formats and arguments match.
Add casts to (unsigned long long) for %llu.Signed-off-by: Joe Perches
[tyhicks: 80 columns cleanup and fixed typo]
Signed-off-by: Tyler Hicks -
The definition of ECRYPTFS_SUPER_MAGIC has been moved to the include
file 'linux/magic.h' to become available to other kernel subsystems.Signed-off-by: Roberto Sassu
Signed-off-by: Tyler Hicks
30 Oct, 2010
1 commit
-
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ecryptfs/ecryptfs-2.6:
eCryptfs: Print mount_auth_tok_only param in ecryptfs_show_options
ecryptfs: added ecryptfs_mount_auth_tok_only mount parameter
ecryptfs: checking return code of ecryptfs_find_auth_tok_for_sig()
ecryptfs: release keys loaded in ecryptfs_keyring_auth_tok_for_sig()
eCryptfs: Clear LOOKUP_OPEN flag when creating lower file
ecryptfs: call vfs_setxattr() in ecryptfs_setxattr()
29 Oct, 2010
1 commit
-
This patch adds a new mount parameter 'ecryptfs_mount_auth_tok_only' to
force ecryptfs to use only authentication tokens which signature has
been specified at mount time with parameters 'ecryptfs_sig' and
'ecryptfs_fnek_sig'. In this way, after disabling the passthrough and
the encrypted view modes, it's possible to make available to users only
files encrypted with the specified authentication token.Signed-off-by: Roberto Sassu
Cc: Dustin Kirkland
Cc: James Morris
[Tyler: Clean up coding style errors found by checkpatch]
Signed-off-by: Tyler Hicks
23 Sep, 2010
1 commit
-
Signed-off-by: Joe Perches
Signed-off-by: Jiri Kosina
22 May, 2010
2 commits
-
Signed-off-by: Al Viro
-
Signed-off-by: Al Viro
22 Apr, 2010
1 commit
-
This ensures that dirty data gets flushed properly.
Signed-off-by: Jens Axboe
24 Mar, 2010
3 commits
-
The ecryptfs_encrypted_view mount option provides a unified way of
viewing encrypted eCryptfs files. If the metadata is stored in a xattr,
the metadata is moved to the file header when the file is read inside
the eCryptfs mount. Because of this, we should strip the
ECRYPTFS_METADATA_IN_XATTR flag from the header's flag section. This
allows eCryptfs to treat the file as an eCryptfs file with a header
at the front.Reviewed-by: Eric Sandeen
Signed-off-by: Tyler Hicks -
This patch renames the num_header_bytes_at_front variable to
metadata_size since it now contains the max size of the metadata.Reviewed-by: Eric Sandeen
Signed-off-by: Tyler Hicks -
Fixes regression in 8faece5f906725c10e7a1f6caf84452abadbdc7b
When using the ecryptfs_xattr_metadata mount option, eCryptfs stores the
metadata (normally stored at the front of the file) in the user.ecryptfs
xattr. This causes ecryptfs_crypt_stat.num_header_bytes_at_front to be
0, since there is no header data at the front of the file. This results
in too much memory being requested and ENOMEM being returned from
ecryptfs_write_metadata().This patch fixes the problem by using the num_header_bytes_at_front
variable for specifying the max size of the metadata, despite whether it
is stored in the header or xattr.Reviewed-by: Eric Sandeen
Signed-off-by: Tyler Hicks
22 Sep, 2009
1 commit
-
Signed-off-by: Alexey Dobriyan
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
22 Apr, 2009
1 commit
-
A feature was added to the eCryptfs umount helper to automatically
unlink the keys used for an eCryptfs mount from the kernel keyring upon
umount. This patch keeps the unrecognized mount option warnings for
ecryptfs_unlink_sigs out of the logs.Signed-off-by: Tyler Hicks
28 Mar, 2009
1 commit
-
Signed-off-by: Al Viro
23 Mar, 2009
1 commit
-
If ecryptfs_encrypted_view or ecryptfs_xattr_metadata were being
specified as mount options, a NULL pointer dereference of crypt_stat
was possible during lookup.This patch moves the crypt_stat assignment into
ecryptfs_lookup_and_interpose_lower(), ensuring that crypt_stat
will not be NULL before we attempt to dereference it.Thanks to Dan Carpenter and his static analysis tool, smatch, for
finding this bug.Signed-off-by: Tyler Hicks
Acked-by: Dustin Kirkland
Cc: Dan Carpenter
Cc: Serge Hallyn
Signed-off-by: Linus Torvalds
15 Mar, 2009
1 commit
-
eCryptfs has file encryption keys (FEK), file encryption key encryption
keys (FEKEK), and filename encryption keys (FNEK). The per-file FEK is
encrypted with one or more FEKEKs and stored in the header of the
encrypted file. I noticed that the FEK is also being encrypted by the
FNEK. This is a problem if a user wants to use a different FNEK than
their FEKEK, as their file contents will still be accessible with the
FNEK.This is a minimalistic patch which prevents the FNEKs signatures from
being copied to the inode signatures list. Ultimately, it keeps the FEK
from being encrypted with a FNEK.Signed-off-by: Tyler Hicks
Cc: Serge Hallyn
Acked-by: Dustin Kirkland
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
07 Jan, 2009
3 commits
-
Make the requisite modifications to ecryptfs_filldir(), ecryptfs_lookup(),
and ecryptfs_readlink() to call out to filename encryption functions.
Propagate filename encryption policy flags from mount-wide crypt_stat to
inode crypt_stat.Signed-off-by: Michael Halcrow
Cc: Dustin Kirkland
Cc: Eric Sandeen
Cc: Tyler Hicks
Cc: David Kleikamp
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Extensions to the header file to support filename encryption.
Signed-off-by: Michael Halcrow
Cc: Dustin Kirkland
Cc: Eric Sandeen
Cc: Tyler Hicks
Cc: David Kleikamp
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
This patchset implements filename encryption via a passphrase-derived
mount-wide Filename Encryption Key (FNEK) specified as a mount parameter.
Each encrypted filename has a fixed prefix indicating that eCryptfs should
try to decrypt the filename. When eCryptfs encounters this prefix, it
decodes the filename into a tag 70 packet and then decrypts the packet
contents using the FNEK, setting the filename to the decrypted filename.
Both unencrypted and encrypted filenames can reside in the same lower
filesystem.Because filename encryption expands the length of the filename during the
encoding stage, eCryptfs will not properly handle filenames that are
already near the maximum filename length.In the present implementation, eCryptfs must be able to produce a match
against the lower encrypted and encoded filename representation when given
a plaintext filename. Therefore, two files having the same plaintext name
will encrypt and encode into the same lower filename if they are both
encrypted using the same FNEK. This can be changed by finding a way to
replace the prepended bytes in the blocked-aligned filename with random
characters; they are hashes of the FNEK right now, so that it is possible
to deterministically map from a plaintext filename to an encrypted and
encoded filename in the lower filesystem. An implementation using random
characters will have to decode and decrypt every single directory entry in
any given directory any time an event occurs wherein the VFS needs to
determine whether a particular file exists in the lower directory and the
decrypted and decoded filenames have not yet been extracted for that
directory.Thanks to Tyler Hicks and David Kleikamp for assistance in the development
of this patchset.This patch:
A tag 70 packet contains a filename encrypted with a Filename Encryption
Key (FNEK). This patch implements functions for writing and parsing tag
70 packets. This patch also adds definitions and extends structures to
support filename encryption.Signed-off-by: Michael Halcrow
Cc: Dustin Kirkland
Cc: Eric Sandeen
Cc: Tyler Hicks
Cc: David Kleikamp
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
14 Nov, 2008
1 commit
-
Pass credentials through dentry_open() so that the COW creds patch can have
SELinux's flush_unauthorized_files() pass the appropriate creds back to itself
when it opens its null chardev.The security_dentry_open() call also now takes a creds pointer, as does the
dentry_open hook in struct security_operations.Signed-off-by: David Howells
Acked-by: James Morris
Signed-off-by: James Morris
17 Oct, 2008
1 commit
-
The netlink transport code has not worked for a while and the miscdev
transport is a simpler solution. This patch removes the netlink code and
makes the miscdev transport the only eCryptfs kernel to userspace
transport.Signed-off-by: Tyler Hicks
Cc: Michael Halcrow
Cc: Dustin Kirkland
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
25 Jul, 2008
2 commits
-
There is no good reason to immediately open the lower file, and that can
cause problems with files that the user does not intend to immediately
open, such as device nodes.This patch removes the persistent file open from the interpose step and
pushes that to the locations where eCryptfs really does need the lower
persistent file, such as just before reading or writing the metadata
stored in the lower file header.Two functions are jumping to out_dput when they should just be jumping to
out on error paths. This patch also fixes these.Signed-off-by: Michael Halcrow
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
When creating device nodes, eCryptfs needs to delay actually opening the lower
persistent file until an application tries to open. Device handles may not be
backed by anything when they first come into existence.[Valdis.Kletnieks@vt.edu: build fix]
Signed-off-by: Michael Halcrow
Cc:
Signed-off-by: Linus Torvalds