On Tue, May 23, 2017 at 07:11:20AM +0200, David Gstir wrote:
> From: Daniel Walter
>
> fscrypt provides facilities to use different encryption algorithms which
> are selectable by userspace when setting the encryption policy. Currently,
> only AES-256-XTS for file contents and AES-256-CBC-CTS for
ix to them.
Agreed.
> Fixes: b7236e21d55f ("ext4 crypto: reorganize how we store keys in the inode")
> Cc: sta...@vger.kernel.org # v4.2+
> Signed-off-by: Eric Biggers
Acked-by: Michael Halcrow
> ---
> fs/crypto/crypto.c | 10 +
> fs/crypto/fname.c
On Fri, Oct 21, 2016 at 07:21:04PM +0200, Richard Weinberger wrote:
> On 21.10.2016 19:14, Michael Halcrow wrote:
> > Compress-before-encrypt is a hazard.
> >
> > http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf
>
> I'm fully aware of that. But as
On Fri, Oct 21, 2016 at 02:48:41PM +0200, Richard Weinberger wrote:
> Starting with version 5 the following properties change:
> - UBIFS_FLG_DOUBLE_HASH is mandatory
> - UBIFS_FLG_ENCRYPTION is optional but depdens on UBIFS_FLG_DOUBLE_HASH
> - Filesystems with unknown super block flags will be r
On Fri, Oct 21, 2016 at 02:48:30PM +0200, Richard Weinberger wrote:
> Signed-off-by: Richard Weinberger
> ---
> fs/ubifs/file.c| 36 ++
> fs/ubifs/journal.c | 105
> +++--
> fs/ubifs/super.c | 6 ++-
> fs/ubifs/ubifs.h |
On Wed, Oct 19, 2016 at 4:35 AM, Richard Weinberger wrote:
> Hi!
>
> Since file level encryption has more than one user, currently ext4, f2fs and
> soon ubifs
> it would be nice to have a single tool to control fscrypto from userspace.
>
> For ext4 we have already at least two tools, one as part
On Wed, Nov 11, 2015 at 12:03:35PM -, andr...@codeaurora.org wrote:
> > On 2015-11-10 15:20:59, andr...@codeaurora.org wrote:
> >> This is a hardware inline accelerator, meaning that it operates on much
> >> lower layer, block layer and device driver layer. The HW encrypts plain
> >> requests s
On Mon, Nov 09, 2015 at 08:56:02PM -, andr...@codeaurora.org wrote:
> Hello, Tyler
>
> I'll try to provide more detailed explanation, should it be satisfactory
> enough I will update the patch description.
>
> The problem with current eCryptfs is that it has total control on how and
> when th
On Fri, Jan 25, 2008 at 09:54:21AM -0800, Greg KH wrote:
> I could not find any userspace tools or documentation that used it
The version_str handle is only there as a potential convenience for
users who need to figure out what their module can and cannot do. I
mentioned it in an article in LJ las
On Thu, Jan 10, 2008 at 10:57:46AM -0500, Erez Zadok wrote:
> In message <[EMAIL PROTECTED]>, Christoph Hellwig
> writes:
> > On Thu, Jan 10, 2008 at 09:59:19AM -0500, Erez Zadok wrote:
> > >
> > > Dear Linus, Al, Christoph, and Andrew,
> > >
> > > As per your request, I'm posting for review the
On Mon, Jan 07, 2008 at 09:45:17PM -0800, Andrew Morton wrote:
> On Mon, 7 Jan 2008 23:25:42 -0600 Michael Halcrow <[EMAIL PROTECTED]> wrote:
>
> > --- a/fs/ecryptfs/inode.c
> > +++ b/fs/ecryptfs/inode.c
> > @@ -120,22 +120,9 @@ ecryptfs_do_create(struct inod
ct it will speed things up a
little.
I include an updated patch against 2.6.24-rc7.
Signed-off-by: Michael Halcrow <[EMAIL PROTECTED]>
---
fs/ecryptfs/crypto.c | 40 ++--
fs/ecryptfs/ecryptfs_kernel.h |1 +
2 files changed, 23 insertions(+)
s the call to d_delete() on the
lower persistent file's dentry in ecryptfs_destroy_inode().
(Thanks to David Kleikamp, Eric Sandeen, and Jeff Moyer for helping
identify and resolve this issue)
Signed-off-by: Michael Halcrow <[EMAIL PROTECTED]>
---
fs/ecryptfs/inode.c | 20
On Thu, Dec 20, 2007 at 11:18:49PM -0600, Eric Sandeen wrote:
> Jeff Moyer pointed out that a mount; umount loop of ecryptfs,
> with the same cipher & other mount options, created a new
> ecryptfs_key_tfm_cache item each time, and the cache could
> grow quite large this way.
>
> Looking at this w
The printk statements that result when the user does not have the
proper key available could use some refining.
Signed-off-by: Mike Halcrow <[EMAIL PROTECTED]>
---
diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c
index f8ef0af..beba580 100644
--- a/fs/ecryptfs/crypto.c
+++ b/fs/ecryptfs/cr
On Wed, Dec 19, 2007 at 11:34:25AM -0600, Eric Sandeen wrote:
> Thanks to Jeff Moyer for pointing this out.
>
> If the RDWR dentry_open() in ecryptfs_init_persistent_file fails,
> it will do a dput/mntput. Need to re-take references if we
> retry as RDONLY.
>
> Signed-off-by: Eric Sandeen <[EMAI
On Wed, Dec 19, 2007 at 11:50:19AM -0600, Eric Sandeen wrote:
> ecryptfs_debug really should not be a mount option; it is not
> per-mount, but rather sets a global "ecryptfs_verbosity" variable
> which affects all mounted filesysytems. It's already settable as a
> module load option, I think we ca
igned-off-by: Eric Sandeen <[EMAIL PROTECTED]>
Acked-by: Michael Halcrow <[EMAIL PROTECTED]>
I don't think this causes any issues outside of a couple of printk's
on error paths, but this should definitely go into the next -rc.
> --
anding
> as I read through the code.
>
> Signed-off-by: Eric Sandeen <[EMAIL PROTECTED]>
Acked-by: Michael Halcrow <[EMAIL PROTECTED]>
I recommend this for the next -rc release.
> ---
>
>
> Index: linux-2.6.24-rc3/fs/ecryptfs/mmap.c
> ===
On Fri, Dec 14, 2007 at 09:30:26AM -0600, Eric Sandeen wrote:
> eCryptfs wasn't setting s_blocksize in it's superblock; just pick
> it up from the lower FS. Having an s_blocksize of 0 made things
> like "filefrag" which call FIGETBSZ unhappy.
>
> Signed-off-by: Eric Sandeen <[EMAIL PROTECTED]>
A
page->index should be cast to loff_t instead of off_t.
Signed-off-by: Michael Halcrow <[EMAIL PROTECTED]>
Reported-by: Eric Sandeen <[EMAIL PROTECTED]>
---
fs/ecryptfs/read_write.c |2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/fs/ecryptfs/read_write.
ypto hash calls.
Signed-off-by: Michael Halcrow <[EMAIL PROTECTED]>
---
fs/ecryptfs/crypto.c | 26 ++
1 files changed, 22 insertions(+), 4 deletions(-)
diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c
index a0f53aa..70f7aab 100644
--- a/fs/ecryptfs/crypto.c
++
On Fri, Nov 02, 2007 at 01:10:31PM -0700, Andrew Morton wrote:
> On Fri, 2 Nov 2007 13:53:08 -0500
> Michael Halcrow <[EMAIL PROTECTED]> wrote:
>
> > There is no need to keep re-setting the same key for any given
> > eCryptfs inode. This patch optimizes the use of t
There is no need to keep re-setting the same key for any given
eCryptfs inode. This patch optimizes the use of the crypto API and
helps performance a bit.
Signed-off-by: Trevor Highland <[EMAIL PROTECTED]>
Signed-off-by: Michael Halcrow <[EMAIL PROTECTED]>
---
fs/ecryp
The extent_offset is getting incremented twice per loop iteration
through any given page. It should only be getting incremented
once. This bug should only impact hosts with >4K page sizes.
Signed-off-by: Michael Halcrow <[EMAIL PROTECTED]>
---
fs/ecryptfs/crypto.c |2 --
1 files c
Remove internal references to header extents; just keep track of
header bytes instead. Headers can easily span multiple pages with the
recent persistent file changes.
Signed-off-by: Michael Halcrow <[EMAIL PROTECTED]>
---
fs/ecryptfs/crypto.c
This patch set includes some minor fixes for eCryptfs, including:
- An enhancement to allow larger header regions
- A bugfix for hosts with page size >4K
- An enhancement to reduce crypto overhead
I recommend merging at least the bugfix into 2.6.24.
-
To unsubscribe from this list: send the
ight place to tear down the crypto
subsystem, and the code to undo subsystem initializations on various
error paths is unnecessarily duplicated. This patch addresses those
issues.
Signed-off-by: Michael Halcrow <[EMAIL PROTECTED]>
---
diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c
yptfs_decrypt_page(), and ecryptfs_copy_up_encrypted_with_header()
should have the responsibility of managing the page Uptodate
status. This patch gets rid of some of the ugliness that resulted from
trying to push some of the page flag setting too far down the stack.
Signed-off-by: Michael Halcrow <[EMAIL PROTECTED]&g
On Wed, Sep 19, 2007 at 10:48:17PM -0700, Andrew Morton wrote:
> On Mon, 17 Sep 2007 16:48:44 -0500 Michael Halcrow <[EMAIL PROTECTED]> wrote:
> > + if ((rc = ecryptfs_write_lower(ecryptfs_dentry->d_inode,
>
> checkpatch missed the assignment-in-an-if here.
Fi
e to review the
> whole patchset and perhaps the whole fs for this easy-to-do,
> hard-to-find bug.
Update data types and add casts in order to avoid potential overflow
issues.
Signed-off-by: Michael Halcrow <[EMAIL PROTECTED]>
---
diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/cry
alls which may block.
Signed-off-by: Michael Halcrow <[EMAIL PROTECTED]>
---
diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h
index bb92b74..ce7a5d4 100644
--- a/fs/ecryptfs/ecryptfs_kernel.h
+++ b/fs/ecryptfs/ecryptfs_kernel.h
@@ -648,6 +648,6 @@ int ecryptfs_read_lower_pa
On Wed, Sep 19, 2007 at 10:50:57PM -0700, Andrew Morton wrote:
> On Mon, 17 Sep 2007 16:50:16 -0500 Michael Halcrow <[EMAIL PROTECTED]> wrote:
> > +ecryptfs_copy_up_encrypted_with_header(struct page *page,
> > + struct ecryptfs_c
On Wed, Sep 19, 2007 at 10:46:26PM -0700, Andrew Morton wrote:
(from ecryptfs_encrypt_page()):
> > + enc_extent_virt = kmalloc(PAGE_CACHE_SIZE, GFP_USER);
>
> I'd have thought that alloc_page() would be nicer. After all, we _are_
> treating it as a page, and not as a random piece of memry.
>
>
Replace some magic numbers with sizeof() equivalents.
Signed-off-by: Michael Halcrow <[EMAIL PROTECTED]>
---
fs/ecryptfs/crypto.c |6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c
index 3b3cf27..425a144 100644
--
The switch to read_write.c routines and the persistent file make a
number of functions unnecessary. This patch removes them.
Signed-off-by: Michael Halcrow <[EMAIL PROTECTED]>
---
fs/ecryptfs/crypto.c | 150 --
fs/ecryptfs/ecryptfs_kernel.h | 21 +---
fs/ec
Initialize persistent lower file on inode create.
Signed-off-by: Michael Halcrow <[EMAIL PROTECTED]>
---
fs/ecryptfs/super.c | 13 +++--
1 files changed, 7 insertions(+), 6 deletions(-)
diff --git a/fs/ecryptfs/super.c b/fs/ecryptfs/super.c
index b97e210..f8cdab2 100644
--
Convert readpage, prepare_write, and commit_write to use read_write.c
routines. Remove sync_page; I cannot think of a good reason for
implementing that in eCryptfs.
Signed-off-by: Michael Halcrow <[EMAIL PROTECTED]>
---
fs/ecryptfs/mmap.c
ction.
Signed-off-by: Michael Halcrow <[EMAIL PROTECTED]>
---
fs/ecryptfs/crypto.c |2 +-
fs/ecryptfs/file.c | 50 --
fs/ecryptfs/inode.c | 113 +++---
3 files changed, 44 insertions(+), 121 deletions(-)
diff --git a/
eCryptfs getxattr.
Signed-off-by: Michael Halcrow <[EMAIL PROTECTED]>
---
fs/ecryptfs/crypto.c | 126 +++--
fs/ecryptfs/ecryptfs_kernel.h | 15 +++--
fs/ecryptfs/file.c|2 +-
fs/ecryptfs/inode.c
This patch sets up and destroys the persistent lower file for each
eCryptfs inode.
Signed-off-by: Michael Halcrow <[EMAIL PROTECTED]>
---
fs/ecryptfs/inode.c | 23 +++---
fs/ecryptfs/main.c | 65 +++
fs/ecryptfs/super.c
Replace page encryption and decryption routines and inode size write
routine with versions that utilize the read_write.c functions.
Signed-off-by: Michael Halcrow <[EMAIL PROTECTED]>
---
fs/ecryptfs/crypto.c | 427 ++--
fs/ecryptfs/ecryptfs_ke
is
patchset. For now, in order to keep from breaking the build, I am
putting dummy parameters in for those functions.
Signed-off-by: Michael Halcrow <[EMAIL PROTECTED]>
---
fs/ecryptfs/Makefile |2 +-
fs/ecryptfs/ecryptfs_kernel.h | 18 ++
fs/ecryptfs/mmap.c|
Remove assignments in if-statements.
Signed-off-by: Michael Halcrow <[EMAIL PROTECTED]>
---
fs/ecryptfs/crypto.c| 17 --
fs/ecryptfs/file.c |8 --
fs/ecryptfs/inode.c | 35 ++
fs/ecryptfs/keystore.c
There is no point to keeping a separate header_extent_size and an
extent_size. The total size of the header can always be represented as
some multiple of the regular data extent size.
Signed-off-by: Michael Halcrow <[EMAIL PROTECTED]>
---
fs/ecryptfs/crypto.c
Currently, eCryptfs directly accesses the lower inode address space,
doing things like grab_cache_page() on lower_inode->i_mapping. It
really should not do that. The main point of this patch set is to make
all I/O with the lower files go through vfs_read() and vfs_write()
instead.
In order to acco
eCryptfs fops splice_read to use
generic_file_splice_read.
Signed-off-by: Michael Halcrow <[EMAIL PROTECTED]>
--- linux-2.6.23-rc4-mm1.orig/fs/ecryptfs/file.c
+++ linux-2.6.23-rc4-mm1/fs/ecryptfs/file.c
@@ -338,21 +338,6 @@ static int ecryptfs_fasync(int fd, struc
return rc;
}
-static s
On Thu, Aug 23, 2007 at 04:42:59PM +0900, Ryusuke Konishi wrote:
> This will avoid a possible fault in ecryptfs_sync_page().
Acked-by: Michael Halcrow <[EMAIL PROTECTED]>
Note that there are other outstanding issues with eCryptfs on NFS. For
instance, prepare_write()/commit_write()
>
> Signed-off-by: Ryusuke Konishi <[EMAIL PROTECTED]>
Acked-by: Michael Halcrow <[EMAIL PROTECTED]>
> ---
> fs/ecryptfs/main.c | 18 +-
> 1 files changed, 13 insertions(+), 5 deletions(-)
>
> diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main
t /mnt/crypt
> # ls -l /mnt/crypt
>
> This patch fixes it by adding a check similar to directories and
> symlinks.
>
> Signed-off-by: Ryusuke Konishi <[EMAIL PROTECTED]>
Acked-by: Michael Halcrow <[EMAIL PROTECTED]>
> ---
> fs/ecryptfs/inode.c |4 +++
Andrew Morton wrote:
> Please check that all the newly-added global symbols do indeed need
> to be global.
Change symbols in keystore.c and crypto.o to static if they do not
need to be global.
Signed-off-by: Michael Halcrow <[EMAIL PROTECTED]>
---
fs/ecryptfs/crypto.c |
me unnecessary variable initializations. There may be a few
more such intializations remaining in the code base; a future patch
will take care of those.
Signed-off-by: Michael Halcrow <[EMAIL PROTECTED]>
---
fs/ecryptfs/keystore.c |6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
diff --git
tuff sometime)
This patch cleans up some of the existing comments and makes a couple
of line break tweaks. There is more work to do to bring eCryptfs into
full kerneldoc-compliance.
Signed-off-by: Michael Halcrow <[EMAIL PROTECTED]>
---
fs/ecryptfs/crypto.c | 69
key_tfm_list;
> > + unsigned char cipher_name[ECRYPTFS_MAX_CIPHER_NAME_SIZE + 1];
> > +};
>
> Please consider commenting your struct fields carefully: it's a
> great way to help other to understand your code.
Add some comments to the ecryptfs_global_auth_tok and ecr
Andrew Morton wrote:
> > +int ecryptfs_destruct_crypto(void)
>
> ecryptfs_destroy_crypto would be more grammatically correct ;)
Grammatical fix for some function names.
Signed-off-by: Michael Halcrow <[EMAIL PROTECTED]>
---
fs/ecryptfs/crypto.c |8 +++
mpiler with some manual help for
optimizing the setting of some flags.
Signed-off-by: Michael Halcrow <[EMAIL PROTECTED]>
---
fs/ecryptfs/crypto.c |3 +--
1 files changed, 1 insertions(+), 2 deletions(-)
diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c
index 14cc1f5..76bba73 1006
not have made
it into the final patch set in the first place. This patch removes it.
Signed-off-by: Michael Halcrow <[EMAIL PROTECTED]>
---
fs/ecryptfs/crypto.c |3 ---
1 files changed, 0 insertions(+), 3 deletions(-)
diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c
index 129ed13
This set of patches make trivial updates to eCryptfs to clean up some
of the code.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http:
On Thu, Jul 19, 2007 at 05:41:16PM -0400, Josef Sipek wrote:
> On Thu, Jul 19, 2007 at 04:28:01PM -0500, Michael Halcrow wrote:
> > Fix up the Tag 1 parsing code to handle size limits and boundaries
> > more explicitly. Initialize the new auth_tok's flags.
> ...
> > -
Trivial updates to comment and debug statement.
Signed-off-by: Michael Halcrow <[EMAIL PROTECTED]>
---
fs/ecryptfs/crypto.c |2 --
fs/ecryptfs/debug.c |2 --
2 files changed, 0 insertions(+), 4 deletions(-)
diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c
index 4f7d895..1
collision will occur with 7 bytes rather
than 8. This patch fixes the packet to use the full number of bytes
that were originally intended to be used for the key identifier.
Signed-off-by: Michael Halcrow <[EMAIL PROTECTED]>
---
fs/ecryptfs/keystore.c | 39 ++--
Fix up the Tag 11 parsing code to handle size limits and boundaries
more explicitly. Pay attention to *8* bytes for the key identifier
(literal data), no more, no less.
Signed-off-by: Michael Halcrow <[EMAIL PROTECTED]>
---
fs/ecryptfs/keystore.c
Fix up the Tag 3 parsing code to handle size limits and boundaries
more explicitly.
Signed-off-by: Michael Halcrow <[EMAIL PROTECTED]>
---
fs/ecryptfs/keystore.c | 89 +++-
1 files changed, 35 insertions(+), 54 deletions(-)
diff --git a/fs/ec
Fix up the Tag 1 parsing code to handle size limits and boundaries
more explicitly. Initialize the new auth_tok's flags.
Signed-off-by: Michael Halcrow <[EMAIL PROTECTED]>
---
fs/ecryptfs/keystore.c | 78 ---
1 files changed, 33 insert
Use list_for_each_entry_safe() when wiping the authentication token
list.
Signed-off-by: Michael Halcrow <[EMAIL PROTECTED]>
---
fs/ecryptfs/keystore.c | 15 ---
1 files changed, 4 insertions(+), 11 deletions(-)
diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c
Introduce kmem_cache objects for handling multiple keys per inode. Add
calls in the module init and exit code to call the key list
initialization/destruction functions.
Signed-off-by: Michael Halcrow <[EMAIL PROTECTED]>
---
fs/ecryptfs/main.c | 39 +++-
This series of patches to eCryptfs introduces support for associating
multiple keys with individual files. When mounting, eCryptfs will
register one key for each key signature/identifier specified by an
ecryptfs_sig= mount option. These keys will all be used to encrypt the
FEK for each eCryptfs ino
proceeding with operations related to the inode's
crypt_stat.
Thanks to Ryusuke Konishi for finding this bug and suggesting the fix.
Signed-off-by: Michael Halcrow <[EMAIL PROTECTED]>
---
fs/ecryptfs/inode.c |5 +++--
1 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/
nt on June 13th, are bugfixes
to try to clean up the recent llseek() hack job; hopefully they can be
merged before the release of 2.6.22 (I've noticed that we're already
at -rc6).
Signed-off-by: Michael Halcrow <[EMAIL PROTECTED]>
---
fs/ecryptfs/mmap.c |2 ++
1 files change
.
Signed-off-by: Michael Halcrow <[EMAIL PROTECTED]>
diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c
index 0981ae3..83e94fe 100644
--- a/fs/ecryptfs/inode.c
+++ b/fs/ecryptfs/inode.c
@@ -894,9 +894,54 @@ static int ecryptfs_setattr(struct dentry *dentry, struct
iattr *ia)
, eCryptfs will zero out the contents of the new last page
from the new size through to the end of the last page.
Signed-off-by: Michael Halcrow <[EMAIL PROTECTED]>
---
fs/ecryptfs/ecryptfs_kernel.h |2 +
fs/ecryptfs/inode.c | 19 ++
fs/ecryptfs/mmap.c
On Wed, May 23, 2007 at 09:40:20PM -0400, Josef 'Jeff' Sipek wrote:
> Signed-off-by: Josef 'Jeff' Sipek <[EMAIL PROTECTED]>
Acked-by: Michael Halcrow <[EMAIL PROTECTED]>
> ---
> Documentation/ecryptfs.txt | 77
> -
On Mon, May 21, 2007 at 09:07:08PM -0700, Andrew Morton wrote:
> On Mon, 21 May 2007 18:00:21 -0500 Michael Halcrow <[EMAIL PROTECTED]> wrote:
>
> > Delay writing 0's out in eCryptfs after a seek past the end of the
> > file until data is actually written.
>
>
Delay writing 0's out in eCryptfs after a seek past the end of the
file until data is actually written.
Signed-off-by: Michael Halcrow <[EMAIL PROTECTED]>
diff --git a/fs/ecryptfs/file.c b/fs/ecryptfs/file.c
index 9881b5c..59288d8 100644
--- a/fs/ecryptfs/file.c
+++ b/fs/ecry
condition
that the pointer is non-NULL.
Signed-off-by: Michael Halcrow <[EMAIL PROTECTED]>
---
fs/ecryptfs/dentry.c | 15 +--
1 files changed, 5 insertions(+), 10 deletions(-)
diff --git a/fs/ecryptfs/dentry.c b/fs/ecryptfs/dentry.c
index 329efcd..cb20b96 100644
--- a/fs/ec
On Wed, Feb 28, 2007 at 08:05:16PM +0300, Dmitriy Monakhov wrote:
> - ecryptfs_write_inode_size_to_metadata() error code was ignored.
> - i_op->setxattr() must be supported by lower fs because used below.
>
> Signed-off-by: Monakhov Dmitriy <[EMAIL PROTECTED]>
Acke
lookup error.
Signed-off-by: Michael Halcrow <[EMAIL PROTECTED]>
---
fs/ecryptfs/main.c |2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c
index 80044d1..812427e 100644
--- a/fs/ecryptfs/main.c
+++ b/fs/ecryptfs/mai
Remove unnecessary flush_dcache_page() call. Thanks to Dmitriy
Monakhov for pointing this out.
Signed-off-by: Michael Halcrow <[EMAIL PROTECTED]>
---
fs/ecryptfs/mmap.c |1 -
1 files changed, 0 insertions(+), 1 deletions(-)
diff --git a/fs/ecryptfs/mmap.c b/fs/ecryptfs/mmap.c
index 8
Dmitriy Monakhov <[EMAIL PROTECTED]> wrote:
> Lets explicitly add O_LARGEFILE to opened lower file flags as it
> done in unionfs and nfsd. Also remove unnecessery #define from
> ecryptfs_initialize_file().
O_LARGEFILE should be set here when opening the lower file.
Signed-off-by:
places page wasn't unmapped and unlocked after error.
Signed-off-by: Michael Halcrow <[EMAIL PROTECTED]>
---
fs/ecryptfs/mmap.c | 28 +++-
1 files changed, 23 insertions(+), 5 deletions(-)
diff --git a/fs/ecryptfs/mmap.c b/fs/ecryptfs/mmap.c
index 92a4147..09160
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
On Wed, Feb 21, 2007 at 01:07:22PM +0300, Dmitriy Monakhov wrote:
> Where is largefile issue in ecryptfs.
Thanks for your thorough work on resolving such issues. We will
integrate your patches and testcases into the next release as soon as
we get
On Wed, Feb 14, 2007 at 09:59:37PM +, David Howells wrote:
> Michael Halcrow <[EMAIL PROTECTED]> wrote:
>
> > Right now, eCryptfs just delegates its modular exponentiation
> > operations to a userspace daemon. If RSA ever finds its way into the
> > kernel, I mi
On Wed, Feb 14, 2007 at 07:40:57PM +, David Howells wrote:
> Hashing, yes; encryption, yes; signature checking: no from what I
> can see.
>
> It's possible that I can share code with eCryptFS, though at first
> sight that doesn't seem to overlap with what I want to do.
Right now, eCryptfs jus
eCryptfs is gobbling a lot of stack in
ecryptfs_generate_key_packet_set() because it allocates a temporary
memory-hungry ecryptfs_key_record struct. This patch introduces a new
kmem_cache for that struct and converts
ecryptfs_generate_key_packet_set() to use it.
Signed-off-by: Michael Halcrow
On Fri, Jan 19, 2007 at 02:04:47PM +0200, Pekka Enberg wrote:
> On 1/18/07, Michael Halcrow <[EMAIL PROTECTED]> wrote:
> >+ page_data = (char *)kmap_atomic(page, KM_USER0);
> >+ lower_page_data = (char *)kmap_atomic(lower_page, KM_USER1);
>
> Drop 'em r
Call the new lookup_one_len_nd() rather than lookup_one_len(). This
fixes an oops when stacked on NFS.
Note that there are still some issues with eCryptfs on NFS having to
do with directory deletion (I'm not getting an oops, just an -EBUSY).
Signed-off-by: Michael Halcrow <[EMAIL P
On Tue, Jan 09, 2007 at 02:42:03PM -0800, Andrew Morton wrote:
> On Tue, 9 Jan 2007 16:23:37 -0600
> Michael Halcrow <[EMAIL PROTECTED]> wrote:
> > + set_header_info(page_virt, crypt_stat);
> > + }
>
&
Open-code flag checking and manipulation.
Signed-off-by: Michael Halcrow <[EMAIL PROTECTED]>
Signed-off-by: Trevor Highland <[EMAIL PROTECTED]>
---
fs/ecryptfs/crypto.c | 37 +++--
fs/ecryptfs/debug.c |6 +++---
On Tue, Jan 09, 2007 at 02:42:03PM -0800, Andrew Morton wrote:
> On Tue, 9 Jan 2007 16:23:37 -0600
> Michael Halcrow <[EMAIL PROTECTED]> wrote:
>
> > + page_virt = (char *)kmap(page);
>
> Do we _have_ to use kmap here? It's sl
Andrew Morton wrote:
> On Tue, 9 Jan 2007 16:22:55 -0600
> Michael Halcrow <[EMAIL PROTECTED]> wrote:
>
> > + lower_file->f_op->write(lower_file, (char __user *)page_virt,
> > + PAGE_CACHE_SIZE, &lower_file->f_pos);
>
> hm. sys_write() takes a local
On Tue, Jan 09, 2007 at 02:42:03PM -0800, Andrew Morton wrote:
> On Tue, 9 Jan 2007 16:23:37 -0600
> Michael Halcrow <[EMAIL PROTECTED]> wrote:
>
> > + page_virt = (char *)kmap(page);
>
> Do we _have_ to use kmap here? It's
On Tue, Jan 09, 2007 at 02:35:19PM -0800, Andrew Morton wrote:
> On Tue, 9 Jan 2007 16:21:07 -0600
> Michael Halcrow <[EMAIL PROTECTED]> wrote:
>
> > This patch set introduces the ability to store cryptographic metadata
> > into an lower file extended attribute
that do not preserve the extended
attributes when directly accessing the lower files.
With this option enabled, the files under the eCryptfs mount point
will be read-only.
Signed-off-by: Michael Halcrow <[EMAIL PROTECTED]>
---
fs/ecryptfs/crypto.c | 15 ++--
fs/ec
Generalize the metadata reading and writing mechanisms, with two
targets for now: metadata in file header and metadata in the
user.ecryptfs xattr of the lower file.
Signed-off-by: Michael Halcrow <[EMAIL PROTECTED]>
---
fs/ecryptfs/crypto.c
Add extended attribute support to version bit vector, flags to
indicate when xattr or encrypted view modes are enabled, and support
for the new mount options.
Signed-off-by: Michael Halcrow <[EMAIL PROTECTED]>
---
fs/ecryptfs/crypto.c | 20
fs/ec
This patch set introduces the ability to store cryptographic metadata
into an lower file extended attribute rather than the lower file
header region.
This patch set implements two new mount options:
ecryptfs_xattr_metadata
- When set, newly created files will have their cryptographic
metadata
On Mon, Jan 08, 2007 at 03:51:31PM -0500, Erez Zadok wrote:
> BTW, this is a problem with all stackable file systems, including
> ecryptfs. To be fair, our Unionfs users have come up against this
> problem, usually for the first time they use Unionfs :-).
I suspect that the only reason why this h
eds to be yanked in 2.6.20.
I think the simplest solution, from eCryptfs' perspective, is to just
remove the inode size copy. Jeff, please let me know if this approach
will work for you, or let me know if you have another idea.
Thanks,
Mike
---
Remove inode size copy in general fs
CRYPTFS=y is
> > > possible, it won't build.
> >
> > Then shouldn't ECRYPTFS depend on CONFIG_NET ?
>
> yup, that's what I meant..
Add net build dependency to eCryptfs Kconfig entry.
Signed-off-by: Michael Halcrow <[EMAI
On Wed, Dec 06, 2006 at 09:55:55PM -0800, Andrew Morton wrote:
> On Wed, 6 Dec 2006 17:06:38 -0600
> Michael Halcrow <[EMAIL PROTECTED]> wrote:
>
> > This is a re-submission of the same public key patches (updated for
> > 2.6.19-rc6-mm2) that were submitted for review
1 - 100 of 111 matches
Mail list logo
