Eric Lee / smarc-fsl-linux-kernel

10 Aug, 2011

1 commit

30 May, 2011

3 commits

  • 306328705   eCryptfs: Remove ecryptfs_header_cache_2 ... Browse Code »

    Now that ecryptfs_lookup_interpose() is no longer using
    ecryptfs_header_cache_2 to read in metadata, the kmem_cache can be
    removed and the ecryptfs_header_cache_1 kmem_cache can be renamed to
    ecryptfs_header_cache.

    Signed-off-by: Tyler Hicks

    Tyler Hicks
     
  • 3b06b3ebf   eCryptfs: Fix new inode race condition ... Browse Code »

    Only unlock and d_add() new inodes after the plaintext inode size has
    been read from the lower filesystem. This fixes a race condition that
    was sometimes seen during a multi-job kernel build in an eCryptfs mount.

    https://bugzilla.kernel.org/show_bug.cgi?id=36002

    Signed-off-by: Tyler Hicks
    Reported-by: David
    Tested-by: David

    Tyler Hicks
     
  • c4f790736   eCryptfs: Consolidate inode functions into inode.c ... Browse Code »

    These functions should live in inode.c since their focus is on inodes
    and they're primarily used by functions in inode.c.

    Also does a simple cleanup of ecryptfs_inode_test() and rolls
    ecryptfs_init_inode() into ecryptfs_inode_set().

    Signed-off-by: Tyler Hicks
    Tested-by: David

    Tyler Hicks
     

26 Apr, 2011

1 commit

  • 332ab16f8   eCryptfs: Add reference counting to lower files ... Browse Code »

    For any given lower inode, eCryptfs keeps only one lower file open and
    multiplexes all eCryptfs file operations through that lower file. The
    lower file was considered "persistent" and stayed open from the first
    lookup through the lifetime of the inode.

    This patch keeps the notion of a single, per-inode lower file, but adds
    reference counting around the lower file so that it is closed when not
    currently in use. If the reference count is at 0 when an operation (such
    as open, create, etc.) needs to use the lower file, a new lower file is
    opened. Since the file is no longer persistent, all references to the
    term persistent file are changed to lower file.

    Locking is added around the sections of code that opens the lower file
    and assign the pointer in the inode info, as well as the code the fputs
    the lower file when all eCryptfs users are done with it.

    This patch is needed to fix issues, when mounted on top of the NFSv3
    client, where the lower file is left silly renamed until the eCryptfs
    inode is destroyed.

    Signed-off-by: Tyler Hicks

    Tyler Hicks
     

31 Mar, 2011

1 commit

28 Mar, 2011

3 commits

  • b5695d046   eCryptfs: write lock requested keys ... Browse Code »
    1

    A requested key is write locked in order to prevent modifications on the
    authentication token while it is being used.

    Signed-off-by: Roberto Sassu
    Signed-off-by: Tyler Hicks

    Roberto Sassu
     
  • 0e1fc5ef4   eCryptfs: verify authentication tokens before their use ... Browse Code »

    Authentication tokens content may change if another requestor calls the
    update() method of the corresponding key. The new function
    ecryptfs_verify_auth_tok_from_key() retrieves the authentication token from
    the provided key and verifies if it is still valid before being used to
    encrypt or decrypt an eCryptfs file.

    Signed-off-by: Roberto Sassu
    [tyhicks: Minor formatting changes]
    Signed-off-by: Tyler Hicks

    Roberto Sassu
     
  • 57db4e8d7   ecryptfs: modify write path to encrypt page in writepage ... Browse Code »
    43

    Change the write path to encrypt the data only when the page is written to
    disk in ecryptfs_writepage. Previously, ecryptfs encrypts the page in
    ecryptfs_write_end which means that if there are multiple write requests to
    the same page, ecryptfs ends up re-encrypting that page over and over again.
    This patch minimizes the number of encryptions needed.

    Signed-off-by: Thieu Le
    [tyhicks: Changed NULL .drop_inode sop pointer to generic_drop_inode]
    Signed-off-by: Tyler Hicks

    Thieu Le
     

18 Jan, 2011

2 commits

14 Jan, 2011

1 commit

  • 6254b32b5   ecryptfs: fix broken build ... Browse Code »

    Stephen Rothwell reports that the vfs merge broke the build of ecryptfs.
    The breakage comes from commit 66cb76666d69 ("sanitize ecryptfs
    ->mount()") which was obviously not even build tested. Tssk, tssk, Al.

    This is the minimal build fixup for the situation, although I don't have
    a filesystem to actually test it with.

    Reported-by: Stephen Rothwell
    Cc: Al Viro
    Signed-off-by: Linus Torvalds

    Linus Torvalds
     

13 Jan, 2011

1 commit

07 Jan, 2011

1 commit

  • fb045adb9   fs: dcache reduce branches in lookup path ... Browse Code »

    Reduce some branches and memory accesses in dcache lookup by adding dentry
    flags to indicate common d_ops are set, rather than having to check them.
    This saves a pointer memory access (dentry->d_op) in common path lookup
    situations, and saves another pointer load and branch in cases where we
    have d_op but not the particular operation.

    Patched with:

    git grep -E '[.>]([[:space:]])*d_op([[:space:]])*=' | xargs sed -e 's/\([^\t ]*\)->d_op = \(.*\);/d_set_d_op(\1, \2);/' -e 's/\([^\t ]*\)\.d_op = \(.*\);/d_set_d_op(\&\1, \2);/' -i

    Signed-off-by: Nick Piggin

    Nick Piggin
     

30 Oct, 2010

1 commit

29 Oct, 2010

2 commits

  • f16feb511   ecryptfs: added ecryptfs_mount_auth_tok_only mount parameter ... Browse Code »

    This patch adds a new mount parameter 'ecryptfs_mount_auth_tok_only' to
    force ecryptfs to use only authentication tokens which signature has
    been specified at mount time with parameters 'ecryptfs_sig' and
    'ecryptfs_fnek_sig'. In this way, after disabling the passthrough and
    the encrypted view modes, it's possible to make available to users only
    files encrypted with the specified authentication token.

    Signed-off-by: Roberto Sassu
    Cc: Dustin Kirkland
    Cc: James Morris
    [Tyler: Clean up coding style errors found by checkpatch]
    Signed-off-by: Tyler Hicks

    Roberto Sassu
     
  • 4d143beb0   convert ecryptfs ... Browse Code »

    Signed-off-by: Al Viro

    Al Viro
     

22 May, 2010

3 commits

  • 4403158ba   Ban ecryptfs over ecryptfs ... Browse Code »

    This is a seriously simplified patch from Eric Sandeen; copy of
    rationale follows:
    ===
    mounting stacked ecryptfs on ecryptfs has been shown to lead to bugs
    in testing. For crypto info in xattr, there is no mechanism for handling
    this at all, and for normal file headers, we run into other trouble:

    BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
    IP: [] ecryptfs_d_revalidate+0x43/0xa0 [ecryptfs]
    ...

    There doesn't seem to be any good usecase for this, so I'd suggest just
    disallowing the configuration.

    Based on a patch originally, I believe, from Mike Halcrow.
    ===

    Signed-off-by: Al Viro

    Al Viro
     
  • 2ccde7c63   Clean ecryptfs ->get_sb() up ... Browse Code »

    Signed-off-by: Al Viro

    Al Viro
     
  • decabd665   fix a couple of ecryptfs leaks ... Browse Code »

    First of all, get_sb_nodev() grabs anon dev minor and we
    never free it in ecryptfs ->kill_sb(). Moreover, on one
    of the failure exits in ecryptfs_get_sb() we leak things -
    it happens before we set ->s_root and ->put_super() won't
    be called in that case. Solution: kill ->put_super(), do
    all that stuff in ->kill_sb(). And use kill_anon_sb() instead
    of generic_shutdown_super() to deal with anon dev leak.

    Signed-off-by: Al Viro

    Al Viro
     

22 Apr, 2010

1 commit

30 Mar, 2010

1 commit

  • 5a0e3ad6a   include cleanup: Update gfp.h and slab.h includes to prepare for breaking implic… ... Browse Code »

    …it slab.h inclusion from percpu.h

    percpu.h is included by sched.h and module.h and thus ends up being
    included when building most .c files. percpu.h includes slab.h which
    in turn includes gfp.h making everything defined by the two files
    universally available and complicating inclusion dependencies.

    percpu.h -> slab.h dependency is about to be removed. Prepare for
    this change by updating users of gfp and slab facilities include those
    headers directly instead of assuming availability. As this conversion
    needs to touch large number of source files, the following script is
    used as the basis of conversion.

    http://userweb.kernel.org/~tj/misc/slabh-sweep.py

    The script does the followings.

    * Scan files for gfp and slab usages and update includes such that
    only the necessary includes are there. ie. if only gfp is used,
    gfp.h, if slab is used, slab.h.

    * When the script inserts a new include, it looks at the include
    blocks and try to put the new include such that its order conforms
    to its surrounding. It's put in the include block which contains
    core kernel includes, in the same order that the rest are ordered -
    alphabetical, Christmas tree, rev-Xmas-tree or at the end if there
    doesn't seem to be any matching order.

    * If the script can't find a place to put a new include (mostly
    because the file doesn't have fitting include block), it prints out
    an error message indicating which .h file needs to be added to the
    file.

    The conversion was done in the following steps.

    1. The initial automatic conversion of all .c files updated slightly
    over 4000 files, deleting around 700 includes and adding ~480 gfp.h
    and ~3000 slab.h inclusions. The script emitted errors for ~400
    files.

    2. Each error was manually checked. Some didn't need the inclusion,
    some needed manual addition while adding it to implementation .h or
    embedding .c file was more appropriate for others. This step added
    inclusions to around 150 files.

    3. The script was run again and the output was compared to the edits
    from #2 to make sure no file was left behind.

    4. Several build tests were done and a couple of problems were fixed.
    e.g. lib/decompress_*.c used malloc/free() wrappers around slab
    APIs requiring slab.h to be added manually.

    5. The script was run on all .h files but without automatically
    editing them as sprinkling gfp.h and slab.h inclusions around .h
    files could easily lead to inclusion dependency hell. Most gfp.h
    inclusion directives were ignored as stuff from gfp.h was usually
    wildly available and often used in preprocessor macros. Each
    slab.h inclusion directive was examined and added manually as
    necessary.

    6. percpu.h was updated not to include slab.h.

    7. Build test were done on the following configurations and failures
    were fixed. CONFIG_GCOV_KERNEL was turned off for all tests (as my
    distributed build env didn't work with gcov compiles) and a few
    more options had to be turned off depending on archs to make things
    build (like ipr on powerpc/64 which failed due to missing writeq).

    * x86 and x86_64 UP and SMP allmodconfig and a custom test config.
    * powerpc and powerpc64 SMP allmodconfig
    * sparc and sparc64 SMP allmodconfig
    * ia64 SMP allmodconfig
    * s390 SMP allmodconfig
    * alpha SMP allmodconfig
    * um on x86_64 SMP allmodconfig

    8. percpu.h modifications were reverted so that it could be applied as
    a separate patch and serve as bisection point.

    Given the fact that I had only a couple of failures from tests on step
    6, I'm fairly confident about the coverage of this conversion patch.
    If there is a breakage, it's likely to be something in one of the arch
    headers which should be easily discoverable easily on most builds of
    the specific arch.

    Signed-off-by: Tejun Heo <tj@kernel.org>
    Guess-its-ok-by: Christoph Lameter <cl@linux-foundation.org>
    Cc: Ingo Molnar <mingo@redhat.com>
    Cc: Lee Schermerhorn <Lee.Schermerhorn@hp.com>

    Tejun Heo
     

20 Jan, 2010

1 commit

17 Dec, 2009

2 commits

09 Oct, 2009

1 commit

  • 36520be8e   ima: ecryptfs fix imbalance message ... Browse Code »

    The unencrypted files are being measured. Update the counters to get
    rid of the ecryptfs imbalance message. (http://bugzilla.redhat.com/519737)

    Reported-by: Sachin Garg
    Cc: Eric Paris
    Cc: Dustin Kirkland
    Cc: James Morris
    Cc: David Safford
    Cc: stable@kernel.org
    Signed-off-by: Mimi Zohar
    Signed-off-by: Tyler Hicks

    Mimi Zohar
     

23 Sep, 2009

1 commit

  • ac22ba23b   eCryptfs: Check for O_RDONLY lower inodes when opening lower files ... Browse Code »

    If the lower inode is read-only, don't attempt to open the lower file
    read/write and don't hand off the open request to the privileged
    eCryptfs kthread for opening it read/write. Instead, only try an
    unprivileged, read-only open of the file and give up if that fails.
    This patch fixes an oops when eCryptfs is mounted on top of a read-only
    mount.

    Acked-by: Serge Hallyn
    Cc: Eric Sandeen
    Cc: Dave Kleikamp
    Cc: ecryptfs-devel@lists.launchpad.net
    Cc: stable
    Signed-off-by: Tyler Hicks

    Tyler Hicks
     

09 May, 2009

1 commit

22 Apr, 2009

2 commits

  • e77cc8d24   eCryptfs: Remove ecryptfs_unlink_sigs warnings ... Browse Code »

    A feature was added to the eCryptfs umount helper to automatically
    unlink the keys used for an eCryptfs mount from the kernel keyring upon
    umount. This patch keeps the unrecognized mount option warnings for
    ecryptfs_unlink_sigs out of the logs.

    Signed-off-by: Tyler Hicks

    Tyler Hicks
     
  • ae6e84596   eCryptfs: Copy lower inode attrs before dentry instantiation ... Browse Code »

    Copies the lower inode attributes to the upper inode before passing the
    upper inode to d_instantiate(). This is important for
    security_d_instantiate().

    The problem was discovered by a user seeing SELinux denials like so:

    type=AVC msg=audit(1236812817.898:47): avc: denied { 0x100000 } for
    pid=3584 comm="httpd" name="testdir" dev=ecryptfs ino=943872
    scontext=root:system_r:httpd_t:s0
    tcontext=root:object_r:httpd_sys_content_t:s0 tclass=file

    Notice target class is file while testdir is really a directory,
    confusing the permission translation (0x100000) due to the wrong i_mode.

    Signed-off-by: Tyler Hicks

    Tyler Hicks
     

15 Mar, 2009

1 commit

  • 84814d642   eCryptfs: don't encrypt file key with filename key ... Browse Code »

    eCryptfs has file encryption keys (FEK), file encryption key encryption
    keys (FEKEK), and filename encryption keys (FNEK). The per-file FEK is
    encrypted with one or more FEKEKs and stored in the header of the
    encrypted file. I noticed that the FEK is also being encrypted by the
    FNEK. This is a problem if a user wants to use a different FNEK than
    their FEKEK, as their file contents will still be accessible with the
    FNEK.

    This is a minimalistic patch which prevents the FNEKs signatures from
    being copied to the inode signatures list. Ultimately, it keeps the FEK
    from being encrypted with a FNEK.

    Signed-off-by: Tyler Hicks
    Cc: Serge Hallyn
    Acked-by: Dustin Kirkland
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Tyler Hicks
     

07 Jan, 2009

1 commit

  • 87c94c4df   eCryptfs: Filename Encryption: mount option ... Browse Code »

    Enable mount-wide filename encryption by providing the Filename Encryption
    Key (FNEK) signature as a mount option. Note that the ecryptfs-utils
    userspace package versions 61 or later support this option.

    When mounting with ecryptfs-utils version 61 or later, the mount helper
    will detect the availability of the passphrase-based filename encryption
    in the kernel (via the eCryptfs sysfs handle) and query the user
    interactively as to whether or not he wants to enable the feature for the
    mount. If the user enables filename encryption, the mount helper will
    then prompt for the FNEK signature that the user wishes to use, suggesting
    by default the signature for the mount passphrase that the user has
    already entered for encrypting the file contents.

    When not using the mount helper, the user can specify the signature for
    the passphrase key with the ecryptfs_fnek_sig= mount option. This key
    must be available in the user's keyring. The mount helper usually takes
    care of this step. If, however, the user is not mounting with the mount
    helper, then he will need to enter the passphrase key into his keyring
    with some other utility prior to mounting, such as ecryptfs-manager.

    Signed-off-by: Michael Halcrow
    Cc: Dustin Kirkland
    Cc: Eric Sandeen
    Cc: Tyler Hicks
    Cc: David Kleikamp
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Michael Halcrow
     

14 Nov, 2008

1 commit

  • 745ca2475   CRED: Pass credentials through dentry_open() ... Browse Code »

    Pass credentials through dentry_open() so that the COW creds patch can have
    SELinux's flush_unauthorized_files() pass the appropriate creds back to itself
    when it opens its null chardev.

    The security_dentry_open() call also now takes a creds pointer, as does the
    dentry_open hook in struct security_operations.

    Signed-off-by: David Howells
    Acked-by: James Morris
    Signed-off-by: James Morris

    David Howells
     

23 Oct, 2008

1 commit

17 Oct, 2008

1 commit

  • 624ae5284   eCryptfs: remove netlink transport ... Browse Code »

    The netlink transport code has not worked for a while and the miscdev
    transport is a simpler solution. This patch removes the netlink code and
    makes the miscdev transport the only eCryptfs kernel to userspace
    transport.

    Signed-off-by: Tyler Hicks
    Cc: Michael Halcrow
    Cc: Dustin Kirkland
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Tyler Hicks
     

14 Oct, 2008

1 commit

  • a447c0932   vfs: Use const for kernel parser table ... Browse Code »

    This is a much better version of a previous patch to make the parser
    tables constant. Rather than changing the typedef, we put the "const" in
    all the various places where its required, allowing the __initconst
    exception for nfsroot which was the cause of the previous trouble.

    This was posted for review some time ago and I believe its been in -mm
    since then.

    Signed-off-by: Steven Whitehouse
    Cc: Alexander Viro
    Signed-off-by: Linus Torvalds

    Steven Whitehouse
     

27 Jul, 2008

1 commit

  • 51cc50685   SL*B: drop kmem cache argument from constructor ... Browse Code »

    Kmem cache passed to constructor is only needed for constructors that are
    themselves multiplexeres. Nobody uses this "feature", nor does anybody uses
    passed kmem cache in non-trivial way, so pass only pointer to object.

    Non-trivial places are:
    arch/powerpc/mm/init_64.c
    arch/powerpc/mm/hugetlbpage.c

    This is flag day, yes.

    Signed-off-by: Alexey Dobriyan
    Acked-by: Pekka Enberg
    Acked-by: Christoph Lameter
    Cc: Jon Tollefson
    Cc: Nick Piggin
    Cc: Matt Mackall
    [akpm@linux-foundation.org: fix arch/powerpc/mm/hugetlbpage.c]
    [akpm@linux-foundation.org: fix mm/slab.c]
    [akpm@linux-foundation.org: fix ubifs]
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Alexey Dobriyan
     

25 Jul, 2008

3 commits

  • 391b52f98   eCryptfs: Make all persistent file opens delayed ... Browse Code »

    There is no good reason to immediately open the lower file, and that can
    cause problems with files that the user does not intend to immediately
    open, such as device nodes.

    This patch removes the persistent file open from the interpose step and
    pushes that to the locations where eCryptfs really does need the lower
    persistent file, such as just before reading or writing the metadata
    stored in the lower file header.

    Two functions are jumping to out_dput when they should just be jumping to
    out on error paths. This patch also fixes these.

    Signed-off-by: Michael Halcrow
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Michael Halcrow
     
  • 72b55fffd   eCryptfs: do not try to open device files on mknod ... Browse Code »

    When creating device nodes, eCryptfs needs to delay actually opening the lower
    persistent file until an application tries to open. Device handles may not be
    backed by anything when they first come into existence.

    [Valdis.Kletnieks@vt.edu: build fix]
    Signed-off-by: Michael Halcrow
    Cc:
    Signed-off-by: Linus Torvalds

    Michael Halcrow
     
  • 8f2368095   ecryptfs: string copy cleanup ... Browse Code »

    Clean up overcomplicated string copy, which also gets rid of this
    bogus warning:

    fs/ecryptfs/main.c: In function 'ecryptfs_parse_options':
    include/asm/arch/string_32.h:75: warning: array subscript is above array bounds

    Signed-off-by: Miklos Szeredi
    Cc: Michael Halcrow
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Miklos Szeredi