)]}' { "log": [ { "commit": "d790d4d583aeaed9fc6f8a9f4d9f8ce6b1c15c7f", "tree": "854ab394486288d40fa8179cbfaf66e8bdc44b0f", "parents": [ "73b2c7165b76b20eb1290e7efebc33cfd21db1ca", "3a09b1be53d23df780a0cd0e4087a05e2ca4a00c" ], "author": { "name": "Jiri Kosina", "email": "jkosina@suse.cz", "time": "Wed Aug 04 15:14:38 2010 +0200" }, "committer": { "name": "Jiri Kosina", "email": "jkosina@suse.cz", "time": "Wed Aug 04 15:14:38 2010 +0200" }, "message": "Merge branch \u0027master\u0027 into for-next\n" }, { "commit": "a6f80fb7b5986fda663d94079d3bba0937a6b6ff", "tree": "b8a44b0ed1560ae3f00f1ff4e342f43b7422bcc3", "parents": [ "6c50e1a49b4377b760ee46f824ed04b17be913e3" ], "author": { "name": "Andre Osterhues", "email": "aosterhues@escrypt.com", "time": "Tue Jul 13 15:59:17 2010 -0500" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Jul 28 19:59:24 2010 -0700" }, "message": "ecryptfs: Bugfix for error related to ecryptfs_hash_buckets\n\nThe function ecryptfs_uid_hash wrongly assumes that the\nsecond parameter to hash_long() is the number of hash\nbuckets instead of the number of hash bits.\nThis patch fixes that and renames the variable\necryptfs_hash_buckets to ecryptfs_hash_bits to make it\nclearer.\n\nFixes: CVE-2010-2492\n\nSigned-off-by: Andre Osterhues \u003caosterhues@escrypt.com\u003e\nSigned-off-by: Tyler Hicks \u003ctyhicks@linux.vnet.ibm.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "f1bbbb6912662b9f6070c5bfc4ca9eb1f06a9d5b", "tree": "c2c130a74be25b0b2dff992e1a195e2728bdaadd", "parents": [ "fd0961ff67727482bb20ca7e8ea97b83e9de2ddb", "7e27d6e778cd87b6f2415515d7127eba53fe5d02" ], "author": { "name": "Jiri Kosina", "email": "jkosina@suse.cz", "time": "Wed Jun 16 18:08:13 2010 +0200" }, "committer": { "name": "Jiri Kosina", "email": "jkosina@suse.cz", "time": "Wed Jun 16 18:08:13 2010 +0200" }, "message": "Merge branch \u0027master\u0027 into for-next\n" }, { "commit": "421f91d21ad6f799dc7b489bb33cc560ccc56f98", "tree": "aaf9f6385233fdf9277e634603156c89ede7f770", "parents": [ "65155b3708137fabee865dc4da822763c0c41208" ], "author": { "name": "Uwe Kleine-König", "email": "u.kleine-koenig@pengutronix.de", "time": "Fri Jun 11 12:17:00 2010 +0200" }, "committer": { "name": "Jiri Kosina", "email": "jkosina@suse.cz", "time": "Wed Jun 16 18:05:05 2010 +0200" }, "message": "fix typos concerning \"initiali[zs]e\"\n\nSigned-off-by: Uwe Kleine-König \u003cu.kleine-koenig@pengutronix.de\u003e\nSigned-off-by: Jiri Kosina \u003cjkosina@suse.cz\u003e\n" }, { "commit": "15c6fd9786dfaab43547bf60df6fa63170fb64fc", "tree": "afd997b3402761e28b6c39f414fbd93c69fdcdce", "parents": [ "7bb46a6734a7e1ad4beaecc11cae7ed3ff81d30f" ], "author": { "name": "npiggin@suse.de", "email": "npiggin@suse.de", "time": "Thu May 27 01:05:34 2010 +1000" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu May 27 22:15:42 2010 -0400" }, "message": "kill spurious reference to vmtruncate\n\nLots of filesystems calls vmtruncate despite not implementing the old\n-\u003etruncate method. Switch them to use simple_setsize and add some\ncomments about the truncate code where it seems fitting.\n\nSigned-off-by: Christoph Hellwig \u003chch@lst.de\u003e\nSigned-off-by: Nick Piggin \u003cnpiggin@suse.de\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "7ea8085910ef3dd4f3cad6845aaa2b580d39b115", "tree": "d9c1edb5906f943f7d70bfb4b65106e29772d379", "parents": [ "cc967be54710d97c05229b2e5ba2d00df84ddd64" ], "author": { "name": "Christoph Hellwig", "email": "hch@lst.de", "time": "Wed May 26 17:53:25 2010 +0200" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu May 27 22:05:02 2010 -0400" }, "message": "drop unused dentry argument to -\u003efsync\n\nSigned-off-by: Christoph Hellwig \u003chch@lst.de\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "48c1e44aceca577aa35be509714bd9ec4b4c3837", "tree": "5fe7c1f352e21bf1d58763cb2f4158d94e080923", "parents": [ "02bd97997a07a89cb9311c7f00864cfc785c37f9" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri May 21 11:09:58 2010 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri May 21 18:31:28 2010 -0400" }, "message": "switch ecryptfs_write() to struct inode *, kill on-stack fake files\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "02bd97997a07a89cb9311c7f00864cfc785c37f9", "tree": "c962381bd79b8611bc4d3b3e369f2ce8fe3c6174", "parents": [ "bef5bc2464517cbbf8f85f09b5ade46904afec9a" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri May 21 11:02:14 2010 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri May 21 18:31:28 2010 -0400" }, "message": "switch ecryptfs_get_locked_page() to struct inode *\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "bef5bc2464517cbbf8f85f09b5ade46904afec9a", "tree": "34a41e84884e431647af4535147e4fab91cbf88e", "parents": [ "f6d335c08df48b318187a087c9c38ba3d416e115" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri May 21 10:56:12 2010 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri May 21 18:31:28 2010 -0400" }, "message": "simplify access to ecryptfs inodes in -\u003ereadpage() and friends\n\nwe can get to them from page-\u003emapping-\u003ehost, no need to mess with\nfile.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "4403158ba295c8e36f6736b1bb12d0f7e1923dac", "tree": "a85c276c7ba414ecc65a93488dcb2ef7972779c0", "parents": [ "ab9a79b9669c28734a69fa9384df6fb93152e53a" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon May 17 00:59:46 2010 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri May 21 18:31:27 2010 -0400" }, "message": "Ban ecryptfs over ecryptfs\n\nThis is a seriously simplified patch from Eric Sandeen; copy of\nrationale follows:\n\u003d\u003d\u003d\n mounting stacked ecryptfs on ecryptfs has been shown to lead to bugs\n in testing. For crypto info in xattr, there is no mechanism for handling\n this at all, and for normal file headers, we run into other trouble:\n\n BUG: unable to handle kernel NULL pointer dereference at 0000000000000008\n IP: [\u003cffffffffa015b0b3\u003e] ecryptfs_d_revalidate+0x43/0xa0 [ecryptfs]\n ...\n\n There doesn\u0027t seem to be any good usecase for this, so I\u0027d suggest just\n disallowing the configuration.\n\n Based on a patch originally, I believe, from Mike Halcrow.\n\u003d\u003d\u003d\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "8018ab057480974e7f26a387bf4ce040e9a5f6f1", "tree": "98298180bf60797a028eca4f24234dc67d38a9d4", "parents": [ "e970a573ce30a3976234dcfb67906c164b0df9ee" ], "author": { "name": "Christoph Hellwig", "email": "hch@lst.de", "time": "Mon Mar 22 17:32:25 2010 +0100" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri May 21 18:31:21 2010 -0400" }, "message": "sanitize vfs_fsync calling conventions\n\nNow that the last user passing a NULL file pointer is gone we can remove\nthe redundant dentry argument and associated hacks inside vfs_fsynmc_range.\n\nThe next step will be removig the dentry argument from -\u003efsync, but given\nthe luck with the last round of method prototype changes I\u0027d rather\ndefer this until after the main merge window.\n\nSigned-off-by: Christoph Hellwig \u003chch@lst.de\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "2ccde7c631f992bf79da8007b5fc8b6425eb0d6d", "tree": "d99cbae607223c76916fd373d7a827515ed022c0", "parents": [ "decabd6650915a9534dad09e967115513be12b24" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Mar 21 12:24:29 2010 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri May 21 18:31:13 2010 -0400" }, "message": "Clean ecryptfs -\u003eget_sb() up\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "decabd6650915a9534dad09e967115513be12b24", "tree": "3e4aa8ed78535f3a34b60e363e7b13efbd7ea62c", "parents": [ "894680710d813137077ad7cb351b713f64cabbdf" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Mar 20 22:32:26 2010 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri May 21 18:31:13 2010 -0400" }, "message": "fix a couple of ecryptfs leaks\n\nFirst of all, get_sb_nodev() grabs anon dev minor and we\nnever free it in ecryptfs -\u003ekill_sb(). Moreover, on one\nof the failure exits in ecryptfs_get_sb() we leak things -\nit happens before we set -\u003es_root and -\u003eput_super() won\u0027t\nbe called in that case. Solution: kill -\u003eput_super(), do\nall that stuff in -\u003ekill_sb(). And use kill_anon_sb() instead\nof generic_shutdown_super() to deal with anon dev leak.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "9df9c8b930156a2f9ce2b2ae66acb14bee2663f5", "tree": "35992d372a4587600f93c399eaa12b7c7bd77cbf", "parents": [ "5163d90076729413cb882d3dd5c3d3cfb5b9f035" ], "author": { "name": "Jens Axboe", "email": "jens.axboe@oracle.com", "time": "Thu Apr 22 12:22:04 2010 +0200" }, "committer": { "name": "Jens Axboe", "email": "jens.axboe@oracle.com", "time": "Thu Apr 22 12:22:04 2010 +0200" }, "message": "ecryptfs: add bdi backing to mount session\n\nThis ensures that dirty data gets flushed properly.\n\nSigned-off-by: Jens Axboe \u003cjens.axboe@oracle.com\u003e\n" }, { "commit": "9b030e2006546366c832911ca5eb9e785408795b", "tree": "fe2b5913249c047fc8d7f851f7a6a0049825e2d3", "parents": [ "76e506a754c9519ba0a948b475a62f31fac8b599", "9f37622f897a90ad3c3da5c14d94d8f3ffc62b70" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Apr 19 14:20:32 2010 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Apr 19 14:20:32 2010 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/ecryptfs/ecryptfs-2.6\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/ecryptfs/ecryptfs-2.6:\n eCryptfs: Turn lower lookup error messages into debug messages\n eCryptfs: Copy lower directory inode times and size on link\n ecryptfs: fix use with tmpfs by removing d_drop from ecryptfs_destroy_inode\n ecryptfs: fix error code for missing xattrs in lower fs\n eCryptfs: Decrypt symlink target for stat size\n eCryptfs: Strip metadata in xattr flag in encrypted view\n eCryptfs: Clear buffer before reading in metadata xattr\n eCryptfs: Rename ecryptfs_crypt_stat.num_header_bytes_at_front\n eCryptfs: Fix metadata in xattr feature regression\n" }, { "commit": "9f37622f897a90ad3c3da5c14d94d8f3ffc62b70", "tree": "dbed84aa76784f22b20c0fee847b43c15dd29f72", "parents": [ "3a8380c0754a7972668a46f645930910e304095c" ], "author": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Thu Mar 25 11:16:56 2010 -0500" }, "committer": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Mon Apr 19 14:42:18 2010 -0500" }, "message": "eCryptfs: Turn lower lookup error messages into debug messages\n\nVaugue warnings about ENAMETOOLONG errors when looking up an encrypted\nfile name have caused many users to become concerned about their data.\nSince this is a rather harmless condition, I\u0027m moving this warning to\nonly be printed when the ecryptfs_verbosity module param is 1.\n\nSigned-off-by: Tyler Hicks \u003ctyhicks@linux.vnet.ibm.com\u003e\n" }, { "commit": "3a8380c0754a7972668a46f645930910e304095c", "tree": "85bc2f8551aa121f0a40f4b5bb24b7c58da35b16", "parents": [ "133b8f9d632cc23715c6d72d1c5ac449e054a12a" ], "author": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Tue Mar 23 18:09:02 2010 -0500" }, "committer": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Mon Apr 19 14:42:15 2010 -0500" }, "message": "eCryptfs: Copy lower directory inode times and size on link\n\nThe timestamps and size of a lower inode involved in a link() call was\nbeing copied to the upper parent inode. Instead, we should be\ncopying lower parent inode\u0027s timestamps and size to the upper parent\ninode. I discovered this bug using the POSIX test suite at Tuxera.\n\nSigned-off-by: Tyler Hicks \u003ctyhicks@linux.vnet.ibm.com\u003e\n" }, { "commit": "133b8f9d632cc23715c6d72d1c5ac449e054a12a", "tree": "4559634958e6da3f7a3e2b5ae1229b9e3924d5fa", "parents": [ "cfce08c6bdfb20ade979284e55001ca1f100ed51" ], "author": { "name": "Jeff Mahoney", "email": "jeffm@jeffreymahoney.com", "time": "Fri Mar 19 15:35:46 2010 -0400" }, "committer": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Mon Apr 19 14:42:13 2010 -0500" }, "message": "ecryptfs: fix use with tmpfs by removing d_drop from ecryptfs_destroy_inode\n\nSince tmpfs has no persistent storage, it pins all its dentries in memory\nso they have d_count\u003d1 when other file systems would have d_count\u003d0.\n-\u003elookup is only used to create new dentries. If the caller doesn\u0027t\ninstantiate it, it\u0027s freed immediately at dput(). -\u003ereaddir reads\ndirectly from the dcache and depends on the dentries being hashed.\n\nWhen an ecryptfs mount is mounted, it associates the lower file and dentry\nwith the ecryptfs files as they\u0027re accessed. When it\u0027s umounted and\ndestroys all the in-memory ecryptfs inodes, it fput\u0027s the lower_files and\nd_drop\u0027s the lower_dentries. Commit 4981e081 added this and a d_delete in\n2008 and several months later commit caeeeecf removed the d_delete. I\nbelieve the d_drop() needs to be removed as well.\n\nThe d_drop effectively hides any file that has been accessed via ecryptfs\nfrom the underlying tmpfs since it depends on it being hashed for it to\nbe accessible. I\u0027ve removed the d_drop on my development node and see no\nill effects with basic testing on both tmpfs and persistent storage.\n\nAs a side effect, after ecryptfs d_drops the dentries on tmpfs, tmpfs\nBUGs on umount. This is due to the dentries being unhashed.\ntmpfs-\u003ekill_sb is kill_litter_super which calls d_genocide to drop\nthe reference pinning the dentry. It skips unhashed and negative dentries,\nbut shrink_dcache_for_umount_subtree doesn\u0027t. Since those dentries\nstill have an elevated d_count, we get a BUG().\n\nThis patch removes the d_drop call and fixes both issues.\n\nThis issue was reported at:\nhttps://bugzilla.novell.com/show_bug.cgi?id\u003d567887\n\nReported-by: Árpád Bíró \u003cbiroa@demasz.hu\u003e\nSigned-off-by: Jeff Mahoney \u003cjeffm@suse.com\u003e\nCc: Dustin Kirkland \u003ckirkland@canonical.com\u003e\nCc: stable@kernel.org\nSigned-off-by: Tyler Hicks \u003ctyhicks@linux.vnet.ibm.com\u003e\n" }, { "commit": "cfce08c6bdfb20ade979284e55001ca1f100ed51", "tree": "598510daaec037baf1088533cd366b5f37c05a1c", "parents": [ "3a60a1686f0d51c99bd0df8ac93050fb6dfce647" ], "author": { "name": "Christian Pulvermacher", "email": "pulvermacher@gmx.de", "time": "Tue Mar 23 11:51:38 2010 -0500" }, "committer": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Mon Apr 19 14:42:09 2010 -0500" }, "message": "ecryptfs: fix error code for missing xattrs in lower fs\n\nIf the lower file system driver has extended attributes disabled,\necryptfs\u0027 own access functions return -ENOSYS instead of -EOPNOTSUPP.\nThis breaks execution of programs in the ecryptfs mount, since the\nkernel expects the latter error when checking for security\ncapabilities in xattrs.\n\nSigned-off-by: Christian Pulvermacher \u003cpulvermacher@gmx.de\u003e\nCc: stable@kernel.org\nSigned-off-by: Tyler Hicks \u003ctyhicks@linux.vnet.ibm.com\u003e\n" }, { "commit": "3a60a1686f0d51c99bd0df8ac93050fb6dfce647", "tree": "8b1a32c122e86022f6397a9f5e82900783717aab", "parents": [ "f4e60e6b303bc46cdc477d3174dbf9cb5dd013aa" ], "author": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Mon Mar 22 00:41:35 2010 -0500" }, "committer": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Mon Apr 19 14:41:51 2010 -0500" }, "message": "eCryptfs: Decrypt symlink target for stat size\n\nCreate a getattr handler for eCryptfs symlinks that is capable of\nreading the lower target and decrypting its path. Prior to this patch,\na stat\u0027s st_size field would represent the strlen of the encrypted path,\nwhile readlink() would return the strlen of the decrypted path. This\ncould lead to confusion in some userspace applications, since the two\nvalues should be equal.\n\nhttps://bugs.launchpad.net/bugs/524919\n\nReported-by: Loïc Minier \u003cloic.minier@canonical.com\u003e\nCc: stable@kernel.org\nSigned-off-by: Tyler Hicks \u003ctyhicks@linux.vnet.ibm.com\u003e\n" }, { "commit": "5a0e3ad6af8660be21ca98a971cd00f331318c05", "tree": "5bfb7be11a03176a87296a43ac6647975c00a1d1", "parents": [ "ed391f4ebf8f701d3566423ce8f17e614cde9806" ], "author": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Wed Mar 24 17:04:11 2010 +0900" }, "committer": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Tue Mar 30 22:02:32 2010 +0900" }, "message": "include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h\n\npercpu.h is included by sched.h and module.h and thus ends up being\nincluded when building most .c files. percpu.h includes slab.h which\nin turn includes gfp.h making everything defined by the two files\nuniversally available and complicating inclusion dependencies.\n\npercpu.h -\u003e slab.h dependency is about to be removed. Prepare for\nthis change by updating users of gfp and slab facilities include those\nheaders directly instead of assuming availability. As this conversion\nneeds to touch large number of source files, the following script is\nused as the basis of conversion.\n\n http://userweb.kernel.org/~tj/misc/slabh-sweep.py\n\nThe script does the followings.\n\n* Scan files for gfp and slab usages and update includes such that\n only the necessary includes are there. ie. if only gfp is used,\n gfp.h, if slab is used, slab.h.\n\n* When the script inserts a new include, it looks at the include\n blocks and try to put the new include such that its order conforms\n to its surrounding. It\u0027s put in the include block which contains\n core kernel includes, in the same order that the rest are ordered -\n alphabetical, Christmas tree, rev-Xmas-tree or at the end if there\n doesn\u0027t seem to be any matching order.\n\n* If the script can\u0027t find a place to put a new include (mostly\n because the file doesn\u0027t have fitting include block), it prints out\n an error message indicating which .h file needs to be added to the\n file.\n\nThe conversion was done in the following steps.\n\n1. The initial automatic conversion of all .c files updated slightly\n over 4000 files, deleting around 700 includes and adding ~480 gfp.h\n and ~3000 slab.h inclusions. The script emitted errors for ~400\n files.\n\n2. Each error was manually checked. Some didn\u0027t need the inclusion,\n some needed manual addition while adding it to implementation .h or\n embedding .c file was more appropriate for others. This step added\n inclusions to around 150 files.\n\n3. The script was run again and the output was compared to the edits\n from #2 to make sure no file was left behind.\n\n4. Several build tests were done and a couple of problems were fixed.\n e.g. lib/decompress_*.c used malloc/free() wrappers around slab\n APIs requiring slab.h to be added manually.\n\n5. The script was run on all .h files but without automatically\n editing them as sprinkling gfp.h and slab.h inclusions around .h\n files could easily lead to inclusion dependency hell. Most gfp.h\n inclusion directives were ignored as stuff from gfp.h was usually\n wildly available and often used in preprocessor macros. Each\n slab.h inclusion directive was examined and added manually as\n necessary.\n\n6. percpu.h was updated not to include slab.h.\n\n7. Build test were done on the following configurations and failures\n were fixed. CONFIG_GCOV_KERNEL was turned off for all tests (as my\n distributed build env didn\u0027t work with gcov compiles) and a few\n more options had to be turned off depending on archs to make things\n build (like ipr on powerpc/64 which failed due to missing writeq).\n\n * x86 and x86_64 UP and SMP allmodconfig and a custom test config.\n * powerpc and powerpc64 SMP allmodconfig\n * sparc and sparc64 SMP allmodconfig\n * ia64 SMP allmodconfig\n * s390 SMP allmodconfig\n * alpha SMP allmodconfig\n * um on x86_64 SMP allmodconfig\n\n8. percpu.h modifications were reverted so that it could be applied as\n a separate patch and serve as bisection point.\n\nGiven the fact that I had only a couple of failures from tests on step\n6, I\u0027m fairly confident about the coverage of this conversion patch.\nIf there is a breakage, it\u0027s likely to be something in one of the arch\nheaders which should be easily discoverable easily on most builds of\nthe specific arch.\n\nSigned-off-by: Tejun Heo \u003ctj@kernel.org\u003e\nGuess-its-ok-by: Christoph Lameter \u003ccl@linux-foundation.org\u003e\nCc: Ingo Molnar \u003cmingo@redhat.com\u003e\nCc: Lee Schermerhorn \u003cLee.Schermerhorn@hp.com\u003e\n" }, { "commit": "f4e60e6b303bc46cdc477d3174dbf9cb5dd013aa", "tree": "36abefd614efd86f97ac812f57c86a583c7e484a", "parents": [ "1984c23f9e0cdb432d90a85ecf88b424d36878fc" ], "author": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Thu Feb 11 00:02:32 2010 -0600" }, "committer": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Tue Mar 23 12:31:35 2010 -0500" }, "message": "eCryptfs: Strip metadata in xattr flag in encrypted view\n\nThe ecryptfs_encrypted_view mount option provides a unified way of\nviewing encrypted eCryptfs files. If the metadata is stored in a xattr,\nthe metadata is moved to the file header when the file is read inside\nthe eCryptfs mount. Because of this, we should strip the\nECRYPTFS_METADATA_IN_XATTR flag from the header\u0027s flag section. This\nallows eCryptfs to treat the file as an eCryptfs file with a header\nat the front.\n\nReviewed-by: Eric Sandeen \u003csandeen@redhat.com\u003e\nSigned-off-by: Tyler Hicks \u003ctyhicks@linux.vnet.ibm.com\u003e\n" }, { "commit": "1984c23f9e0cdb432d90a85ecf88b424d36878fc", "tree": "1a4dc765c6d7f93c29c9c878d7b0a972bf49d2ac", "parents": [ "fa3ef1cb4e6e9958a9bfaa977c107c515907f102" ], "author": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Wed Feb 10 23:17:44 2010 -0600" }, "committer": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Tue Mar 23 12:31:09 2010 -0500" }, "message": "eCryptfs: Clear buffer before reading in metadata xattr\n\nWe initially read in the first PAGE_CACHE_SIZE of a file to if the\neCryptfs header marker can be found. If it isn\u0027t found and\necryptfs_xattr_metadata was given as a mount option, then the\nuser.ecryptfs xattr is read into the same buffer. Since the data from\nthe first page of the file wasn\u0027t cleared, it is possible that we think\nwe\u0027ve found a second tag 3 or tag 1 packet and then error out after the\npacket contents aren\u0027t as expected. This patch clears the buffer before\nfilling it with metadata from the user.ecryptfs xattr.\n\nReviewed-by: Eric Sandeen \u003csandeen@redhat.com\u003e\nSigned-off-by: Tyler Hicks \u003ctyhicks@linux.vnet.ibm.com\u003e\n" }, { "commit": "fa3ef1cb4e6e9958a9bfaa977c107c515907f102", "tree": "f297192533a0c8720534c76c6429e68ae92b94d9", "parents": [ "157f1071354db1aed885816094888e0e257c9d0a" ], "author": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Thu Feb 11 05:09:14 2010 -0600" }, "committer": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Tue Mar 23 12:30:41 2010 -0500" }, "message": "eCryptfs: Rename ecryptfs_crypt_stat.num_header_bytes_at_front\n\nThis patch renames the num_header_bytes_at_front variable to\nmetadata_size since it now contains the max size of the metadata.\n\nReviewed-by: Eric Sandeen \u003csandeen@redhat.com\u003e\nSigned-off-by: Tyler Hicks \u003ctyhicks@linux.vnet.ibm.com\u003e\n" }, { "commit": "157f1071354db1aed885816094888e0e257c9d0a", "tree": "711d00d7dce97f846342db0a27b4a61c6b1966a4", "parents": [ "220bf991b0366cc50a94feede3d7341fa5710ee4" ], "author": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Thu Feb 11 07:10:38 2010 -0600" }, "committer": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Tue Mar 23 12:29:49 2010 -0500" }, "message": "eCryptfs: Fix metadata in xattr feature regression\n\nFixes regression in 8faece5f906725c10e7a1f6caf84452abadbdc7b\n\nWhen using the ecryptfs_xattr_metadata mount option, eCryptfs stores the\nmetadata (normally stored at the front of the file) in the user.ecryptfs\nxattr. This causes ecryptfs_crypt_stat.num_header_bytes_at_front to be\n0, since there is no header data at the front of the file. This results\nin too much memory being requested and ENOMEM being returned from\necryptfs_write_metadata().\n\nThis patch fixes the problem by using the num_header_bytes_at_front\nvariable for specifying the max size of the metadata, despite whether it\nis stored in the header or xattr.\n\nReviewed-by: Eric Sandeen \u003csandeen@redhat.com\u003e\nSigned-off-by: Tyler Hicks \u003ctyhicks@linux.vnet.ibm.com\u003e\n" }, { "commit": "ece550f51ba175c14ec3ec047815927d7386ea1f", "tree": "759c930b24718b3feacf149a8e4759f7725ee8e5", "parents": [ "4aa25bcb7dac2d583f1557e2be2d0b598581da54" ], "author": { "name": "Dan Carpenter", "email": "error27@gmail.com", "time": "Tue Jan 19 12:34:32 2010 +0300" }, "committer": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Tue Jan 19 22:36:06 2010 -0600" }, "message": "ecryptfs: use after free\n\nThe \"full_alg_name\" variable is used on a couple error paths, so we\nshouldn\u0027t free it until the end.\n\nSigned-off-by: Dan Carpenter \u003cerror27@gmail.com\u003e\nCc: stable@kernel.org\nSigned-off-by: Tyler Hicks \u003ctyhicks@linux.vnet.ibm.com\u003e\n" }, { "commit": "4aa25bcb7dac2d583f1557e2be2d0b598581da54", "tree": "6627afceaed30b0897298e83ceb4ecd580eeb9f0", "parents": [ "fe0fc013cd8bbd2f4737c1b2694b37dd7fe459cb" ], "author": { "name": "Julia Lawall", "email": "julia@diku.dk", "time": "Sat Jan 16 17:00:26 2010 +0100" }, "committer": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Tue Jan 19 22:36:05 2010 -0600" }, "message": "ecryptfs: Eliminate useless code\n\nThe variable lower_dentry is initialized twice to the same (side effect-free)\nexpression. Drop one initialization.\n\nA simplified version of the semantic match that finds this problem is:\n(http://coccinelle.lip6.fr/)\n\n// \u003csmpl\u003e\n@forall@\nidexpression *x;\nidentifier f!\u003dERR_PTR;\n@@\n\nx \u003d f(...)\n... when !\u003d x\n(\nx \u003d f(...,\u003c+...x...+\u003e,...)\n|\n* x \u003d f(...)\n)\n// \u003c/smpl\u003e\n\nSigned-off-by: Julia Lawall \u003cjulia@diku.dk\u003e\nSigned-off-by: Tyler Hicks \u003ctyhicks@linux.vnet.ibm.com\u003e\n" }, { "commit": "fe0fc013cd8bbd2f4737c1b2694b37dd7fe459cb", "tree": "e14e4769d95b419be630547ad3d902bc63f71678", "parents": [ "3469b57329f80db5a41cf42d1c8f7690269f57e7" ], "author": { "name": "Erez Zadok", "email": "ezk@cs.sunysb.edu", "time": "Mon Jan 04 18:17:02 2010 -0500" }, "committer": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Tue Jan 19 22:36:03 2010 -0600" }, "message": "ecryptfs: fix interpose/interpolate typos in comments\n\nSigned-off-by: Erez Zadok \u003cezk@cs.sunysb.edu\u003e\nAcked-by: Dustin Kirkland \u003ckirkland@canonical.com\u003e\nSigned-off-by: Tyler Hicks \u003ctyhicks@linux.vnet.ibm.com\u003e\n" }, { "commit": "3469b57329f80db5a41cf42d1c8f7690269f57e7", "tree": "1672f23b8742dd5426cd3448ab2592342e99e091", "parents": [ "c44a66d674688f1e1d0b2f6f56bd9c6a1b061cae" ], "author": { "name": "Erez Zadok", "email": "ezk@cs.sunysb.edu", "time": "Sun Dec 06 18:51:15 2009 -0500" }, "committer": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Tue Jan 19 22:36:02 2010 -0600" }, "message": "ecryptfs: pass matching flags to interpose as defined and used there\n\necryptfs_interpose checks if one of the flags passed is\nECRYPTFS_INTERPOSE_FLAG_D_ADD, defined as 0x00000001 in ecryptfs_kernel.h.\nBut the only user of ecryptfs_interpose to pass a non-zero flag to it, has\nhard-coded the value as \"1\". This could spell trouble if any of these values\nchanges in the future.\n\nSigned-off-by: Erez Zadok \u003cezk@cs.sunysb.edu\u003e\nCc: Dustin Kirkland \u003ckirkland@canonical.com\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: Tyler Hicks \u003ctyhicks@linux.vnet.ibm.com\u003e\n" }, { "commit": "c44a66d674688f1e1d0b2f6f56bd9c6a1b061cae", "tree": "52ff029a1c19b11b75ccc25ed7a5e00619e05800", "parents": [ "0d132f7364694da8f7cafd49e2fc2721b73e96e4" ], "author": { "name": "Erez Zadok", "email": "ezk@cs.sunysb.edu", "time": "Sun Dec 06 18:05:30 2009 -0500" }, "committer": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Tue Jan 19 22:36:00 2010 -0600" }, "message": "ecryptfs: remove unnecessary d_drop calls in ecryptfs_link\n\nUnnecessary because it would unhash perfectly valid dentries, causing them\nto have to be re-looked up the next time they\u0027re needed, which presumably is\nright after.\n\nSigned-off-by: Aseem Rastogi \u003carastogi@cs.sunysb.edu\u003e\nSigned-off-by: Shrikar archak \u003cshrikar84@gmail.com\u003e\nSigned-off-by: Erez Zadok \u003cezk@cs.sunysb.edu\u003e\nCc: Saumitra Bhanage \u003csbhanage@cs.sunysb.edu\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: Tyler Hicks \u003ctyhicks@linux.vnet.ibm.com\u003e\n" }, { "commit": "0d132f7364694da8f7cafd49e2fc2721b73e96e4", "tree": "8603d76664307d039830796cc04a0e0363cf3b60", "parents": [ "e27759d7a333d1f25d628c4f7caf845c51be51c2" ], "author": { "name": "Erez Zadok", "email": "ezk@cs.sunysb.edu", "time": "Sat Dec 05 21:17:09 2009 -0500" }, "committer": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Tue Jan 19 22:35:59 2010 -0600" }, "message": "ecryptfs: don\u0027t ignore return value from lock_rename\n\nSigned-off-by: Erez Zadok \u003cezk@cs.sunysb.edu\u003e\nCc: Dustin Kirkland \u003ckirkland@canonical.com\u003e\nCc: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: Tyler Hicks \u003ctyhicks@linux.vnet.ibm.com\u003e\n" }, { "commit": "e27759d7a333d1f25d628c4f7caf845c51be51c2", "tree": "6181c5f5abe8b2e4b7bdc45f1231c769cc57a403", "parents": [ "38e3eaeedcac75360af8a92e7b66956ec4f334e5" ], "author": { "name": "Erez Zadok", "email": "ezk@cs.sunysb.edu", "time": "Thu Dec 03 13:35:27 2009 -0500" }, "committer": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Tue Jan 19 22:32:54 2010 -0600" }, "message": "ecryptfs: initialize private persistent file before dereferencing pointer\n\nEcryptfs_open dereferences a pointer to the private lower file (the one\nstored in the ecryptfs inode), without checking if the pointer is NULL.\nRight afterward, it initializes that pointer if it is NULL. Swap order of\nstatements to first initialize. Bug discovered by Duckjin Kang.\n\nSigned-off-by: Duckjin Kang \u003cfromdj2k@gmail.com\u003e\nSigned-off-by: Erez Zadok \u003cezk@cs.sunysb.edu\u003e\nCc: Dustin Kirkland \u003ckirkland@canonical.com\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: \u003cstable@kernel.org\u003e\nSigned-off-by: Tyler Hicks \u003ctyhicks@linux.vnet.ibm.com\u003e\n" }, { "commit": "38e3eaeedcac75360af8a92e7b66956ec4f334e5", "tree": "ba194b5451033e29137d4c797edd8d508c470d42", "parents": [ "f8f484d1b6677dd5cd5e7e605db747e8c30bbd47" ], "author": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Tue Nov 03 14:56:06 2009 -0600" }, "committer": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Tue Jan 19 22:32:11 2010 -0600" }, "message": "eCryptfs: Remove mmap from directory operations\n\nAdrian reported that mkfontscale didn\u0027t work inside of eCryptfs mounts.\nStrace revealed the following:\n\nopen(\"./\", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY|O_CLOEXEC) \u003d 3\nfcntl64(3, F_GETFD) \u003d 0x1 (flags FD_CLOEXEC)\nopen(\"./fonts.scale\", O_WRONLY|O_CREAT|O_TRUNC, 0666) \u003d 4\ngetdents(3, /* 80 entries */, 32768) \u003d 2304\nopen(\"./.\", O_RDONLY) \u003d 5\nfcntl64(5, F_SETFD, FD_CLOEXEC) \u003d 0\nfstat64(5, {st_mode\u003dS_IFDIR|0755, st_size\u003d16384, ...}) \u003d 0\nmmap2(NULL, 16384, PROT_READ, MAP_PRIVATE, 5, 0) \u003d 0xb7fcf000\nclose(5) \u003d 0\n--- SIGBUS (Bus error) @ 0 (0) ---\n+++ killed by SIGBUS +++\n\nThe mmap2() on a directory was successful, resulting in a SIGBUS\nsignal later. This patch removes mmap() from the list of possible\necryptfs_dir_fops so that mmap() isn\u0027t possible on eCryptfs directory\nfiles.\n\nhttps://bugs.launchpad.net/ecryptfs/+bug/400443\n\nReported-by: Adrian C. \u003canrxc@sysphere.org\u003e\nSigned-off-by: Tyler Hicks \u003ctyhicks@linux.vnet.ibm.com\u003e\n" }, { "commit": "f8f484d1b6677dd5cd5e7e605db747e8c30bbd47", "tree": "67acfc58f5e952e4fd2720d2e5e77409db40b6b8", "parents": [ "5f3ef64f4da1c587cdcfaaac72311225b7df094c" ], "author": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Wed Nov 04 02:48:01 2009 -0600" }, "committer": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Tue Jan 19 22:32:09 2010 -0600" }, "message": "eCryptfs: Add getattr function\n\nThe i_blocks field of an eCryptfs inode cannot be trusted, but\ngeneric_fillattr() uses it to instantiate the blocks field of a stat()\nsyscall when a filesystem doesn\u0027t implement its own getattr(). Users\nhave noticed that the output of du is incorrect on newly created files.\n\nThis patch creates ecryptfs_getattr() which calls into the lower\nfilesystem\u0027s getattr() so that eCryptfs can use its kstat.blocks value\nafter calling generic_fillattr(). It is important to note that the\nblock count includes the eCryptfs metadata stored in the beginning of\nthe lower file plus any padding used to fill an extent before\nencryption.\n\nhttps://bugs.launchpad.net/ecryptfs/+bug/390833\n\nReported-by: Dominic Sacré \u003cdominic.sacre@gmx.de\u003e\nSigned-off-by: Tyler Hicks \u003ctyhicks@linux.vnet.ibm.com\u003e\n" }, { "commit": "5f3ef64f4da1c587cdcfaaac72311225b7df094c", "tree": "0bdf086980df60d73bc650cdc520b59029faaa5a", "parents": [ "24bc7347da73a9ed3383056c3d0f28c0e361621e" ], "author": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Wed Oct 14 16:18:27 2009 -0500" }, "committer": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Tue Jan 19 22:32:07 2010 -0600" }, "message": "eCryptfs: Use notify_change for truncating lower inodes\n\nWhen truncating inodes in the lower filesystem, eCryptfs directly\ninvoked vmtruncate(). As Christoph Hellwig pointed out, vmtruncate() is\na filesystem helper function, but filesystems may need to do more than\njust a call to vmtruncate().\n\nThis patch moves the lower inode truncation out of ecryptfs_truncate()\nand renames the function to truncate_upper(). truncate_upper() updates\nan iattr for the lower inode to indicate if the lower inode needs to be\ntruncated upon return. ecryptfs_setattr() then calls notify_change(),\nusing the updated iattr for the lower inode, to complete the truncation.\n\nFor eCryptfs functions needing to truncate, ecryptfs_truncate() is\nreintroduced as a simple way to truncate the upper inode to a specified\nsize and then truncate the lower inode accordingly.\n\nhttps://bugs.launchpad.net/bugs/451368\n\nReported-by: Christoph Hellwig \u003chch@lst.de\u003e\nAcked-by: Dustin Kirkland \u003ckirkland@canonical.com\u003e\nCc: ecryptfs-devel@lists.launchpad.net\nCc: linux-fsdevel@vger.kernel.org\nSigned-off-by: Tyler Hicks \u003ctyhicks@linux.vnet.ibm.com\u003e\n" }, { "commit": "806892e9e12e731a0ca76c8f62ad95cf8eea9614", "tree": "a063df1524ed862ef2475052e1cc1c66de390dc2", "parents": [ "6d125529c6cbfe570ce3bf9a0728548f087499da" ], "author": { "name": "OGAWA Hirofumi", "email": "hirofumi@mail.parknet.co.jp", "time": "Tue Jan 12 03:36:14 2010 +0900" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Jan 14 09:05:26 2010 -0500" }, "message": "ecryptfs: Fix refcnt leak on ecryptfs_follow_link() error path\n\nIf -\u003efollow_link handler return the error, it should decrement\nnd-\u003epath refcnt. But, ecryptfs_follow_link() doesn\u0027t decrement.\n\nThis patch fix it by using usual nd_set_link() style error handling,\ninstead of playing with nd-\u003epath.\n\nSigned-off-by: OGAWA Hirofumi \u003chirofumi@mail.parknet.co.jp\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "9afa2fb6c13501e5b3536d15344fce4e5442c469", "tree": "470ff1993ad9e88e0ed3abf81cb7c9745919b33d", "parents": [ "cb59861f03a626196a23fdef5e20ddbb8cca6466" ], "author": { "name": "Erez Zadok", "email": "ezk@cs.sunysb.edu", "time": "Wed Dec 02 19:51:54 2009 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Dec 17 10:57:30 2009 -0500" }, "message": "fsstack/ecryptfs: remove unused get_nlinks param to fsstack_copy_attr_all\n\nThis get_nlinks parameter was never used by the only mainline user,\necryptfs; and it has never been used by unionfs or wrapfs either.\n\nAcked-by: Dustin Kirkland \u003ckirkland@canonical.com\u003e\nAcked-by: Tyler Hicks \u003ctyhicks@linux.vnet.ibm.com\u003e\nSigned-off-by: Erez Zadok \u003cezk@cs.sunysb.edu\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "b65a9cfc2c38eebc33533280b8ad5841caee8b6e", "tree": "d6e5b713615cc5e65c900162ab09235ae4847909", "parents": [ "0552f879d45cecc35d8e372a591fc5ed863bca58" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Dec 16 06:27:40 2009 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Dec 16 12:16:47 2009 -0500" }, "message": "Untangling ima mess, part 2: deal with counters\n\n* do ima_get_count() in __dentry_open()\n* stop doing that in followups\n* move ima_path_check() to right after nameidata_to_filp()\n* don\u0027t bump counters on it\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "36520be8e32b49bd85a63b7b8b40cd07c3da59a5", "tree": "09adf04fad980a8024de3c01d3560a0f263708cd", "parents": [ "ed1f21857e76a92a006e0f890a3d7f72953b1469" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Oct 05 14:25:44 2009 -0400" }, "committer": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Thu Oct 08 11:31:38 2009 -0500" }, "message": "ima: ecryptfs fix imbalance message\n\nThe unencrypted files are being measured. Update the counters to get\nrid of the ecryptfs imbalance message. (http://bugzilla.redhat.com/519737)\n\nReported-by: Sachin Garg\nCc: Eric Paris \u003ceparis@redhat.com\u003e\nCc: Dustin Kirkland \u003ckirkland@canonical.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: David Safford \u003csafford@watson.ibm.com\u003e\nCc: stable@kernel.org\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: Tyler Hicks \u003ctyhicks@linux.vnet.ibm.com\u003e\n" }, { "commit": "ed1f21857e76a92a006e0f890a3d7f72953b1469", "tree": "21645c57e1011e86fe803fa99544b2314e231cec", "parents": [ "664fc5a4e7d0d7f3487e5c856b79f7dac79567fd" ], "author": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Tue Sep 29 02:33:59 2009 -0500" }, "committer": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Thu Oct 08 11:31:36 2009 -0500" }, "message": "eCryptfs: Remove Kconfig NET dependency and select MD5\n\neCryptfs no longer uses a netlink interface to communicate with\necryptfsd, so NET is not a valid dependency anymore.\n\nMD5 is required and must be built for eCryptfs to be of any use.\n\nSigned-off-by: Tyler Hicks \u003ctyhicks@linux.vnet.ibm.com\u003e\n" }, { "commit": "664fc5a4e7d0d7f3487e5c856b79f7dac79567fd", "tree": "9413c8d73c86ce091ab16bce2acadc4397bffba0", "parents": [ "0eca52a92735f43462165efe00a7e394345fb38e" ], "author": { "name": "Randy Dunlap", "email": "randy.dunlap@oracle.com", "time": "Mon Sep 28 13:34:20 2009 -0700" }, "committer": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Thu Oct 08 11:21:12 2009 -0500" }, "message": "ecryptfs: depends on CRYPTO\n\necryptfs uses crypto APIs so it should depend on CRYPTO.\nOtherwise many build errors occur. [63 lines not pasted]\n\nSigned-off-by: Randy Dunlap \u003crandy.dunlap@oracle.com\u003e\nCc: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nCc: ecryptfs-devel@lists.launchpad.net\nSigned-off-by: Tyler Hicks \u003ctyhicks@linux.vnet.ibm.com\u003e\n" }, { "commit": "9c2d2056647790c5034d722bd24e9d913ebca73c", "tree": "38db96956ac0167b2a277429746c500b522bc5aa", "parents": [ "96a7b9c2f5df899f302ade45cf17ad753fe130fd" ], "author": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Tue Sep 22 12:52:17 2009 -0500" }, "committer": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Wed Sep 23 09:10:34 2009 -0500" }, "message": "eCryptfs: Prevent lower dentry from going negative during unlink\n\nWhen calling vfs_unlink() on the lower dentry, d_delete() turns the\ndentry into a negative dentry when the d_count is 1. This eventually\ncaused a NULL pointer deref when a read() or write() was done and the\nnegative dentry\u0027s d_inode was dereferenced in\necryptfs_read_update_atime() or ecryptfs_getxattr().\n\nPlacing mutt\u0027s tmpdir in an eCryptfs mount is what initially triggered\nthe oops and I was able to reproduce it with the following sequence:\n\nopen(\"/tmp/upper/foo\", O_RDWR|O_CREAT|O_EXCL|O_NOFOLLOW, 0600) \u003d 3\nlink(\"/tmp/upper/foo\", \"/tmp/upper/bar\") \u003d 0\nunlink(\"/tmp/upper/foo\") \u003d 0\nopen(\"/tmp/upper/bar\", O_RDWR|O_CREAT|O_NOFOLLOW, 0600) \u003d 4\nunlink(\"/tmp/upper/bar\") \u003d 0\nwrite(4, \"eCryptfs test\\n\"..., 14 \u003cunfinished ...\u003e\n+++ killed by SIGKILL +++\n\nhttps://bugs.launchpad.net/ecryptfs/+bug/387073\n\nReported-by: Loïc Minier \u003cloic.minier@canonical.com\u003e\nCc: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Dave Kleikamp \u003cshaggy@linux.vnet.ibm.com\u003e\nCc: ecryptfs-devel@lists.launchpad.net\nCc: stable \u003cstable@kernel.org\u003e\nSigned-off-by: Tyler Hicks \u003ctyhicks@linux.vnet.ibm.com\u003e\n" }, { "commit": "96a7b9c2f5df899f302ade45cf17ad753fe130fd", "tree": "096b67dbaad8e795344554994e28433a1e5b5de1", "parents": [ "3891959846709a19f76628e33478cd85edb0e79f" ], "author": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Wed Sep 16 19:04:20 2009 -0500" }, "committer": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Wed Sep 23 09:10:34 2009 -0500" }, "message": "eCryptfs: Propagate vfs_read and vfs_write return codes\n\nErrors returned from vfs_read() and vfs_write() calls to the lower\nfilesystem were being masked as -EINVAL. This caused some confusion to\nusers who saw EINVAL instead of ENOSPC when the disk was full, for\ninstance.\n\nAlso, the actual bytes read or written were not accessible by callers to\necryptfs_read_lower() and ecryptfs_write_lower(), which may be useful in\nsome cases. This patch updates the error handling logic where those\nfunctions are called in order to accept positive return codes indicating\nsuccess.\n\nCc: Eric Sandeen \u003cesandeen@redhat.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: ecryptfs-devel@lists.launchpad.net\nSigned-off-by: Tyler Hicks \u003ctyhicks@linux.vnet.ibm.com\u003e\n" }, { "commit": "3891959846709a19f76628e33478cd85edb0e79f", "tree": "5916035dc686c93b42c6b6b0045059db7c066f9c", "parents": [ "df6ad33ba1b9846bd5f0e2b9016c30c20bc2d948" ], "author": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Wed Aug 26 01:54:56 2009 -0500" }, "committer": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Wed Sep 23 09:10:32 2009 -0500" }, "message": "eCryptfs: Validate global auth tok keys\n\nWhen searching through the global authentication tokens for a given key\nsignature, verify that a matching key has not been revoked and has not\nexpired. This allows the `keyctl revoke` command to be properly used on\nkeys in use by eCryptfs.\n\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: ecryptfs-devel@lists.launchpad.net\nCc: stable \u003cstable@kernel.org\u003e\nSigned-off-by: Tyler Hicks \u003ctyhicks@linux.vnet.ibm.com\u003e\n" }, { "commit": "df6ad33ba1b9846bd5f0e2b9016c30c20bc2d948", "tree": "5bed7a289830867f2bac4dc05f076b7121e41ae3", "parents": [ "ac22ba23b659e34a5961aec8c945608e471b0d5b" ], "author": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Fri Aug 21 04:27:46 2009 -0500" }, "committer": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Wed Sep 23 09:10:32 2009 -0500" }, "message": "eCryptfs: Filename encryption only supports password auth tokens\n\nReturns -ENOTSUPP when attempting to use filename encryption with\nsomething other than a password authentication token, such as a private\ntoken from openssl. Using filename encryption with a userspace eCryptfs\nkey module is a future goal. Until then, this patch handles the\nsituation a little better than simply using a BUG_ON().\n\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: ecryptfs-devel@lists.launchpad.net\nCc: stable \u003cstable@kernel.org\u003e\nSigned-off-by: Tyler Hicks \u003ctyhicks@linux.vnet.ibm.com\u003e\n" }, { "commit": "ac22ba23b659e34a5961aec8c945608e471b0d5b", "tree": "6629c15380fe2db238fa078e912f4cf393708161", "parents": [ "b0105eaefa7cce8f4a941d0fc6354b250d30e745" ], "author": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Wed Aug 12 01:06:54 2009 -0500" }, "committer": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Wed Sep 23 09:10:32 2009 -0500" }, "message": "eCryptfs: Check for O_RDONLY lower inodes when opening lower files\n\nIf the lower inode is read-only, don\u0027t attempt to open the lower file\nread/write and don\u0027t hand off the open request to the privileged\neCryptfs kthread for opening it read/write. Instead, only try an\nunprivileged, read-only open of the file and give up if that fails.\nThis patch fixes an oops when eCryptfs is mounted on top of a read-only\nmount.\n\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Eric Sandeen \u003cesandeen@redhat.com\u003e\nCc: Dave Kleikamp \u003cshaggy@linux.vnet.ibm.com\u003e\nCc: ecryptfs-devel@lists.launchpad.net\nCc: stable \u003cstable@kernel.org\u003e\nSigned-off-by: Tyler Hicks \u003ctyhicks@linux.vnet.ibm.com\u003e\n" }, { "commit": "b0105eaefa7cce8f4a941d0fc6354b250d30e745", "tree": "60bed48ff88aa22d9ee36b64d23421cf9e50d2a8", "parents": [ "382684984e93039a3bbd83b04d341b0ceb831519" ], "author": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Tue Aug 11 00:36:32 2009 -0500" }, "committer": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Wed Sep 23 09:10:31 2009 -0500" }, "message": "eCryptfs: Handle unrecognized tag 3 cipher codes\n\nReturns an error when an unrecognized cipher code is present in a tag 3\npacket or an ecryptfs_crypt_stat cannot be initialized. Also sets an\ncrypt_stat-\u003etfm error pointer to NULL to ensure that it will not be\nincorrectly freed in ecryptfs_destroy_crypt_stat().\n\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: ecryptfs-devel@lists.launchpad.net\nCc: stable \u003cstable@kernel.org\u003e\nSigned-off-by: Tyler Hicks \u003ctyhicks@linux.vnet.ibm.com\u003e\n" }, { "commit": "382684984e93039a3bbd83b04d341b0ceb831519", "tree": "039aa99f6651066a2aac7aec42b06da0a9b55402", "parents": [ "aa06117f19944573cda0c4bee026c916b5256090" ], "author": { "name": "Dave Hansen", "email": "dave@linux.vnet.ibm.com", "time": "Thu Aug 27 09:47:07 2009 -0700" }, "committer": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Wed Sep 23 09:10:31 2009 -0500" }, "message": "ecryptfs: improved dependency checking and reporting\n\nSo, I compiled a 2.6.31-rc5 kernel with ecryptfs and loaded its module.\nWhen it came time to mount my filesystem, I got this in dmesg, and it\nrefused to mount:\n\n[93577.776637] Unable to allocate crypto cipher with name [aes]; rc \u003d [-2]\n[93577.783280] Error attempting to initialize key TFM cipher with name \u003d [aes]; rc \u003d [-2]\n[93577.791183] Error attempting to initialize cipher with name \u003d [aes] and key size \u003d [32]; rc \u003d [-2]\n[93577.800113] Error parsing options; rc \u003d [-22]\n\nI figured from the error message that I\u0027d either forgotten to load \"aes\"\nor that my key size was bogus. Neither one of those was the case. In\nfact, I was missing the CRYPTO_ECB config option and the \u0027ecb\u0027 module.\nUnfortunately, there\u0027s no trace of \u0027ecb\u0027 in that error message.\n\nI\u0027ve done two things to fix this. First, I\u0027ve modified ecryptfs\u0027s\nKconfig entry to select CRYPTO_ECB and CRYPTO_CBC. I also took CRYPTO\nout of the dependencies since the \u0027select\u0027 will take care of it for us.\n\nI\u0027ve also modified the error messages to print a string that should\ncontain both \u0027ecb\u0027 and \u0027aes\u0027 in my error case. That will give any\nfuture users a chance of finding the right modules and Kconfig options.\n\nI also wonder if we should:\n\n\tselect CRYPTO_AES if !EMBEDDED\n\nsince I think most ecryptfs users are using AES like me.\n\nCc: ecryptfs-devel@lists.launchpad.net\nCc: linux-fsdevel@vger.kernel.org\nCc: linux-kernel@vger.kernel.org\nCc: Dustin Kirkland \u003ckirkland@canonical.com\u003e\nSigned-off-by: Dave Hansen \u003cdave@linux.vnet.ibm.com\u003e\n[tyhicks@linux.vnet.ibm.com: Removed extra newline, 80-char violation]\nSigned-off-by: Tyler Hicks \u003ctyhicks@linux.vnet.ibm.com\u003e\n" }, { "commit": "aa06117f19944573cda0c4bee026c916b5256090", "tree": "e5cb24f500431a5201e7a50b1e9df62fbd24e1bb", "parents": [ "05dafedb906425fe935199f4c92700d87285e3e9" ], "author": { "name": "Roland Dreier", "email": "rdreier@cisco.com", "time": "Wed Jul 01 15:48:18 2009 -0700" }, "committer": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Wed Sep 23 09:10:30 2009 -0500" }, "message": "eCryptfs: Fix lockdep-reported AB-BA mutex issue\n\nLockdep reports the following valid-looking possible AB-BA deadlock with\nglobal_auth_tok_list_mutex and keysig_list_mutex:\n\n ecryptfs_new_file_context() -\u003e\n ecryptfs_copy_mount_wide_sigs_to_inode_sigs() -\u003e\n mutex_lock(\u0026mount_crypt_stat-\u003eglobal_auth_tok_list_mutex);\n -\u003e ecryptfs_add_keysig() -\u003e\n mutex_lock(\u0026crypt_stat-\u003ekeysig_list_mutex);\n\nvs\n\n ecryptfs_generate_key_packet_set() -\u003e\n mutex_lock(\u0026crypt_stat-\u003ekeysig_list_mutex);\n -\u003e ecryptfs_find_global_auth_tok_for_sig() -\u003e\n mutex_lock(\u0026mount_crypt_stat-\u003eglobal_auth_tok_list_mutex);\n\nie the two mutexes are taken in opposite orders in the two different\ncode paths. I\u0027m not sure if this is a real bug where two threads could\nactually hit the two paths in parallel and deadlock, but it at least\nmakes lockdep impossible to use with ecryptfs since this report triggers\nevery time and disables future lockdep reporting.\n\nSince ecryptfs_add_keysig() is called only from the single callsite in\necryptfs_copy_mount_wide_sigs_to_inode_sigs(), the simplest fix seems to\nbe to move the lock of keysig_list_mutex back up outside of the where\nglobal_auth_tok_list_mutex is taken. This patch does that, and fixes\nthe lockdep report on my system (and ecryptfs still works OK).\n\nThe full output of lockdep fixed by this patch is:\n\n\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\n[ INFO: possible circular locking dependency detected ]\n2.6.31-2-generic #14~rbd2\n-------------------------------------------------------\ngdm/2640 is trying to acquire lock:\n (\u0026mount_crypt_stat-\u003eglobal_auth_tok_list_mutex){+.+.+.}, at: [\u003cffffffff8121591e\u003e] ecryptfs_find_global_auth_tok_for_sig+0x2e/0x90\n\nbut task is already holding lock:\n (\u0026crypt_stat-\u003ekeysig_list_mutex){+.+.+.}, at: [\u003cffffffff81217728\u003e] ecryptfs_generate_key_packet_set+0x58/0x2b0\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-\u003e #1 (\u0026crypt_stat-\u003ekeysig_list_mutex){+.+.+.}:\n [\u003cffffffff8108c897\u003e] check_prev_add+0x2a7/0x370\n [\u003cffffffff8108cfc1\u003e] validate_chain+0x661/0x750\n [\u003cffffffff8108d2e7\u003e] __lock_acquire+0x237/0x430\n [\u003cffffffff8108d585\u003e] lock_acquire+0xa5/0x150\n [\u003cffffffff815526cd\u003e] __mutex_lock_common+0x4d/0x3d0\n [\u003cffffffff81552b56\u003e] mutex_lock_nested+0x46/0x60\n [\u003cffffffff8121526a\u003e] ecryptfs_add_keysig+0x5a/0xb0\n [\u003cffffffff81213299\u003e] ecryptfs_copy_mount_wide_sigs_to_inode_sigs+0x59/0xb0\n [\u003cffffffff81214b06\u003e] ecryptfs_new_file_context+0xa6/0x1a0\n [\u003cffffffff8120e42a\u003e] ecryptfs_initialize_file+0x4a/0x140\n [\u003cffffffff8120e54d\u003e] ecryptfs_create+0x2d/0x60\n [\u003cffffffff8113a7d4\u003e] vfs_create+0xb4/0xe0\n [\u003cffffffff8113a8c4\u003e] __open_namei_create+0xc4/0x110\n [\u003cffffffff8113d1c1\u003e] do_filp_open+0xa01/0xae0\n [\u003cffffffff8112d8d9\u003e] do_sys_open+0x69/0x140\n [\u003cffffffff8112d9f0\u003e] sys_open+0x20/0x30\n [\u003cffffffff81013132\u003e] system_call_fastpath+0x16/0x1b\n [\u003cffffffffffffffff\u003e] 0xffffffffffffffff\n\n-\u003e #0 (\u0026mount_crypt_stat-\u003eglobal_auth_tok_list_mutex){+.+.+.}:\n [\u003cffffffff8108c675\u003e] check_prev_add+0x85/0x370\n [\u003cffffffff8108cfc1\u003e] validate_chain+0x661/0x750\n [\u003cffffffff8108d2e7\u003e] __lock_acquire+0x237/0x430\n [\u003cffffffff8108d585\u003e] lock_acquire+0xa5/0x150\n [\u003cffffffff815526cd\u003e] __mutex_lock_common+0x4d/0x3d0\n [\u003cffffffff81552b56\u003e] mutex_lock_nested+0x46/0x60\n [\u003cffffffff8121591e\u003e] ecryptfs_find_global_auth_tok_for_sig+0x2e/0x90\n [\u003cffffffff812177d5\u003e] ecryptfs_generate_key_packet_set+0x105/0x2b0\n [\u003cffffffff81212f49\u003e] ecryptfs_write_headers_virt+0xc9/0x120\n [\u003cffffffff8121306d\u003e] ecryptfs_write_metadata+0xcd/0x200\n [\u003cffffffff8120e44b\u003e] ecryptfs_initialize_file+0x6b/0x140\n [\u003cffffffff8120e54d\u003e] ecryptfs_create+0x2d/0x60\n [\u003cffffffff8113a7d4\u003e] vfs_create+0xb4/0xe0\n [\u003cffffffff8113a8c4\u003e] __open_namei_create+0xc4/0x110\n [\u003cffffffff8113d1c1\u003e] do_filp_open+0xa01/0xae0\n [\u003cffffffff8112d8d9\u003e] do_sys_open+0x69/0x140\n [\u003cffffffff8112d9f0\u003e] sys_open+0x20/0x30\n [\u003cffffffff81013132\u003e] system_call_fastpath+0x16/0x1b\n [\u003cffffffffffffffff\u003e] 0xffffffffffffffff\n\nother info that might help us debug this:\n\n2 locks held by gdm/2640:\n #0: (\u0026sb-\u003es_type-\u003ei_mutex_key#11){+.+.+.}, at: [\u003cffffffff8113cb8b\u003e] do_filp_open+0x3cb/0xae0\n #1: (\u0026crypt_stat-\u003ekeysig_list_mutex){+.+.+.}, at: [\u003cffffffff81217728\u003e] ecryptfs_generate_key_packet_set+0x58/0x2b0\n\nstack backtrace:\nPid: 2640, comm: gdm Tainted: G C 2.6.31-2-generic #14~rbd2\nCall Trace:\n [\u003cffffffff8108b988\u003e] print_circular_bug_tail+0xa8/0xf0\n [\u003cffffffff8108c675\u003e] check_prev_add+0x85/0x370\n [\u003cffffffff81094912\u003e] ? __module_text_address+0x12/0x60\n [\u003cffffffff8108cfc1\u003e] validate_chain+0x661/0x750\n [\u003cffffffff81017275\u003e] ? print_context_stack+0x85/0x140\n [\u003cffffffff81089c68\u003e] ? find_usage_backwards+0x38/0x160\n [\u003cffffffff8108d2e7\u003e] __lock_acquire+0x237/0x430\n [\u003cffffffff8108d585\u003e] lock_acquire+0xa5/0x150\n [\u003cffffffff8121591e\u003e] ? ecryptfs_find_global_auth_tok_for_sig+0x2e/0x90\n [\u003cffffffff8108b0b0\u003e] ? check_usage_backwards+0x0/0xb0\n [\u003cffffffff815526cd\u003e] __mutex_lock_common+0x4d/0x3d0\n [\u003cffffffff8121591e\u003e] ? ecryptfs_find_global_auth_tok_for_sig+0x2e/0x90\n [\u003cffffffff8121591e\u003e] ? ecryptfs_find_global_auth_tok_for_sig+0x2e/0x90\n [\u003cffffffff8108c02c\u003e] ? mark_held_locks+0x6c/0xa0\n [\u003cffffffff81125b0d\u003e] ? kmem_cache_alloc+0xfd/0x1a0\n [\u003cffffffff8108c34d\u003e] ? trace_hardirqs_on_caller+0x14d/0x190\n [\u003cffffffff81552b56\u003e] mutex_lock_nested+0x46/0x60\n [\u003cffffffff8121591e\u003e] ecryptfs_find_global_auth_tok_for_sig+0x2e/0x90\n [\u003cffffffff812177d5\u003e] ecryptfs_generate_key_packet_set+0x105/0x2b0\n [\u003cffffffff81212f49\u003e] ecryptfs_write_headers_virt+0xc9/0x120\n [\u003cffffffff8121306d\u003e] ecryptfs_write_metadata+0xcd/0x200\n [\u003cffffffff81210240\u003e] ? ecryptfs_init_persistent_file+0x60/0xe0\n [\u003cffffffff8120e44b\u003e] ecryptfs_initialize_file+0x6b/0x140\n [\u003cffffffff8120e54d\u003e] ecryptfs_create+0x2d/0x60\n [\u003cffffffff8113a7d4\u003e] vfs_create+0xb4/0xe0\n [\u003cffffffff8113a8c4\u003e] __open_namei_create+0xc4/0x110\n [\u003cffffffff8113d1c1\u003e] do_filp_open+0xa01/0xae0\n [\u003cffffffff8129a93e\u003e] ? _raw_spin_unlock+0x5e/0xb0\n [\u003cffffffff8155410b\u003e] ? _spin_unlock+0x2b/0x40\n [\u003cffffffff81139e9b\u003e] ? getname+0x3b/0x240\n [\u003cffffffff81148a5a\u003e] ? alloc_fd+0xfa/0x140\n [\u003cffffffff8112d8d9\u003e] do_sys_open+0x69/0x140\n [\u003cffffffff81553b8f\u003e] ? trace_hardirqs_on_thunk+0x3a/0x3f\n [\u003cffffffff8112d9f0\u003e] sys_open+0x20/0x30\n [\u003cffffffff81013132\u003e] system_call_fastpath+0x16/0x1b\n\nSigned-off-by: Roland Dreier \u003crolandd@cisco.com\u003e\nSigned-off-by: Tyler Hicks \u003ctyhicks@linux.vnet.ibm.com\u003e\n" }, { "commit": "05dafedb906425fe935199f4c92700d87285e3e9", "tree": "7f3162455188c322baf9c6ca9a2890394380201d", "parents": [ "94e0fb086fc5663c38bbc0fe86d698be8314f82f" ], "author": { "name": "Roland Dreier", "email": "roland@digitalvampire.org", "time": "Tue Jul 14 13:32:56 2009 -0700" }, "committer": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Wed Sep 23 09:10:30 2009 -0500" }, "message": "ecryptfs: Remove unneeded locking that triggers lockdep false positives\n\nIn ecryptfs_destroy_inode(), inode_info-\u003elower_file_mutex is locked,\nand just after the mutex is unlocked, the code does:\n\n \tkmem_cache_free(ecryptfs_inode_info_cache, inode_info);\n\nThis means that if another context could possibly try to take the same\nmutex as ecryptfs_destroy_inode(), then it could end up getting the\nmutex just before the data structure containing the mutex is freed.\nSo any such use would be an obvious use-after-free bug (catchable with\nslab poisoning or mutex debugging), and therefore the locking in\necryptfs_destroy_inode() is not needed and can be dropped.\n\nSimilarly, in ecryptfs_destroy_crypt_stat(), crypt_stat-\u003ekeysig_list_mutex\nis locked, and then the mutex is unlocked just before the code does:\n\n \tmemset(crypt_stat, 0, sizeof(struct ecryptfs_crypt_stat));\n\nTherefore taking this mutex is similarly not necessary.\n\nRemoving this locking fixes false-positive lockdep reports such as the\nfollowing (and they are false-positives for exactly the same reason\nthat the locking is not needed):\n\n\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\n[ INFO: inconsistent lock state ]\n2.6.31-2-generic #14~rbd3\n---------------------------------\ninconsistent {RECLAIM_FS-ON-W} -\u003e {IN-RECLAIM_FS-W} usage.\nkswapd0/323 [HC0[0]:SC0[0]:HE1:SE1] takes:\n (\u0026inode_info-\u003elower_file_mutex){+.+.?.}, at: [\u003cffffffff81210d34\u003e] ecryptfs_destroy_inode+0x34/0x100\n{RECLAIM_FS-ON-W} state was registered at:\n [\u003cffffffff8108c02c\u003e] mark_held_locks+0x6c/0xa0\n [\u003cffffffff8108c10f\u003e] lockdep_trace_alloc+0xaf/0xe0\n [\u003cffffffff81125a51\u003e] kmem_cache_alloc+0x41/0x1a0\n [\u003cffffffff8113117a\u003e] get_empty_filp+0x7a/0x1a0\n [\u003cffffffff8112dd46\u003e] dentry_open+0x36/0xc0\n [\u003cffffffff8121a36c\u003e] ecryptfs_privileged_open+0x5c/0x2e0\n [\u003cffffffff81210283\u003e] ecryptfs_init_persistent_file+0xa3/0xe0\n [\u003cffffffff8120e838\u003e] ecryptfs_lookup_and_interpose_lower+0x278/0x380\n [\u003cffffffff8120f97a\u003e] ecryptfs_lookup+0x12a/0x250\n [\u003cffffffff8113930a\u003e] real_lookup+0xea/0x160\n [\u003cffffffff8113afc8\u003e] do_lookup+0xb8/0xf0\n [\u003cffffffff8113b518\u003e] __link_path_walk+0x518/0x870\n [\u003cffffffff8113bd9c\u003e] path_walk+0x5c/0xc0\n [\u003cffffffff8113be5b\u003e] do_path_lookup+0x5b/0xa0\n [\u003cffffffff8113bfe7\u003e] user_path_at+0x57/0xa0\n [\u003cffffffff811340dc\u003e] vfs_fstatat+0x3c/0x80\n [\u003cffffffff8113424b\u003e] vfs_stat+0x1b/0x20\n [\u003cffffffff81134274\u003e] sys_newstat+0x24/0x50\n [\u003cffffffff81013132\u003e] system_call_fastpath+0x16/0x1b\n [\u003cffffffffffffffff\u003e] 0xffffffffffffffff\nirq event stamp: 7811\nhardirqs last enabled at (7811): [\u003cffffffff810c037f\u003e] call_rcu+0x5f/0x90\nhardirqs last disabled at (7810): [\u003cffffffff810c0353\u003e] call_rcu+0x33/0x90\nsoftirqs last enabled at (3764): [\u003cffffffff810631da\u003e] __do_softirq+0x14a/0x220\nsoftirqs last disabled at (3751): [\u003cffffffff8101440c\u003e] call_softirq+0x1c/0x30\n\nother info that might help us debug this:\n2 locks held by kswapd0/323:\n #0: (shrinker_rwsem){++++..}, at: [\u003cffffffff810f67ed\u003e] shrink_slab+0x3d/0x190\n #1: (\u0026type-\u003es_umount_key#35){.+.+..}, at: [\u003cffffffff811429a1\u003e] prune_dcache+0xd1/0x1b0\n\nstack backtrace:\nPid: 323, comm: kswapd0 Tainted: G C 2.6.31-2-generic #14~rbd3\nCall Trace:\n [\u003cffffffff8108ad6c\u003e] print_usage_bug+0x18c/0x1a0\n [\u003cffffffff8108aff0\u003e] ? check_usage_forwards+0x0/0xc0\n [\u003cffffffff8108bac2\u003e] mark_lock_irq+0xf2/0x280\n [\u003cffffffff8108bd87\u003e] mark_lock+0x137/0x1d0\n [\u003cffffffff81164710\u003e] ? fsnotify_clear_marks_by_inode+0x30/0xf0\n [\u003cffffffff8108bee6\u003e] mark_irqflags+0xc6/0x1a0\n [\u003cffffffff8108d337\u003e] __lock_acquire+0x287/0x430\n [\u003cffffffff8108d585\u003e] lock_acquire+0xa5/0x150\n [\u003cffffffff81210d34\u003e] ? ecryptfs_destroy_inode+0x34/0x100\n [\u003cffffffff8108d2e7\u003e] ? __lock_acquire+0x237/0x430\n [\u003cffffffff815526ad\u003e] __mutex_lock_common+0x4d/0x3d0\n [\u003cffffffff81210d34\u003e] ? ecryptfs_destroy_inode+0x34/0x100\n [\u003cffffffff81164710\u003e] ? fsnotify_clear_marks_by_inode+0x30/0xf0\n [\u003cffffffff81210d34\u003e] ? ecryptfs_destroy_inode+0x34/0x100\n [\u003cffffffff8129a91e\u003e] ? _raw_spin_unlock+0x5e/0xb0\n [\u003cffffffff81552b36\u003e] mutex_lock_nested+0x46/0x60\n [\u003cffffffff81210d34\u003e] ecryptfs_destroy_inode+0x34/0x100\n [\u003cffffffff81145d27\u003e] destroy_inode+0x87/0xd0\n [\u003cffffffff81146b4c\u003e] generic_delete_inode+0x12c/0x1a0\n [\u003cffffffff81145832\u003e] iput+0x62/0x70\n [\u003cffffffff811423c8\u003e] dentry_iput+0x98/0x110\n [\u003cffffffff81142550\u003e] d_kill+0x50/0x80\n [\u003cffffffff81142623\u003e] prune_one_dentry+0xa3/0xc0\n [\u003cffffffff811428b1\u003e] __shrink_dcache_sb+0x271/0x290\n [\u003cffffffff811429d9\u003e] prune_dcache+0x109/0x1b0\n [\u003cffffffff81142abf\u003e] shrink_dcache_memory+0x3f/0x50\n [\u003cffffffff810f68dd\u003e] shrink_slab+0x12d/0x190\n [\u003cffffffff810f9377\u003e] balance_pgdat+0x4d7/0x640\n [\u003cffffffff8104c4c0\u003e] ? finish_task_switch+0x40/0x150\n [\u003cffffffff810f63c0\u003e] ? isolate_pages_global+0x0/0x60\n [\u003cffffffff810f95f7\u003e] kswapd+0x117/0x170\n [\u003cffffffff810777a0\u003e] ? autoremove_wake_function+0x0/0x40\n [\u003cffffffff810f94e0\u003e] ? kswapd+0x0/0x170\n [\u003cffffffff810773be\u003e] kthread+0x9e/0xb0\n [\u003cffffffff8101430a\u003e] child_rip+0xa/0x20\n [\u003cffffffff81013c90\u003e] ? restore_args+0x0/0x30\n [\u003cffffffff81077320\u003e] ? kthread+0x0/0xb0\n [\u003cffffffff81014300\u003e] ? child_rip+0x0/0x20\n\nSigned-off-by: Roland Dreier \u003croland@digitalvampire.org\u003e\nSigned-off-by: Tyler Hicks \u003ctyhicks@linux.vnet.ibm.com\u003e\n" }, { "commit": "7f09410bbc4306f592cfb43812389ea1c7905a20", "tree": "18f179435f70c4ec9231883501062d5ea0357af5", "parents": [ "ac4cfdd6d141c319a7af8655f750ed504c187a74" ], "author": { "name": "Alexey Dobriyan", "email": "adobriyan@gmail.com", "time": "Mon Sep 21 17:01:10 2009 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Sep 22 07:17:24 2009 -0700" }, "message": "const: mark remaining address_space_operations const\n\nSigned-off-by: Alexey Dobriyan \u003cadobriyan@gmail.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "f151cd2c54ddc7714e2f740681350476cda03a28", "tree": "81591bb25357c0d02a0549efadb62b67ba166434", "parents": [ "6352a29305373ae6196491e6d4669f301e26492e" ], "author": { "name": "Ramon de Carvalho Valle", "email": "ramon@risesecurity.org", "time": "Tue Jul 28 13:58:22 2009 -0500" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Jul 28 14:26:06 2009 -0700" }, "message": "eCryptfs: parse_tag_3_packet check tag 3 packet encrypted key size\n\nThe parse_tag_3_packet function does not check if the tag 3 packet contains a\nencrypted key size larger than ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES.\n\nSigned-off-by: Ramon de Carvalho Valle \u003cramon@risesecurity.org\u003e\n[tyhicks@linux.vnet.ibm.com: Added printk newline and changed goto to out_free]\nSigned-off-by: Tyler Hicks \u003ctyhicks@linux.vnet.ibm.com\u003e\nCc: stable@kernel.org (2.6.27 and 30)\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "6352a29305373ae6196491e6d4669f301e26492e", "tree": "ef68d8601812e1b190f67b69373ff5210191ea45", "parents": [ "4733fd328f14280900435d9dbae1487d110a4d56" ], "author": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Tue Jul 28 13:57:01 2009 -0500" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Jul 28 14:26:06 2009 -0700" }, "message": "eCryptfs: Check Tag 11 literal data buffer size\n\nTag 11 packets are stored in the metadata section of an eCryptfs file to\nstore the key signature(s) used to encrypt the file encryption key.\nAfter extracting the packet length field to determine the key signature\nlength, a check is not performed to see if the length would exceed the\nkey signature buffer size that was passed into parse_tag_11_packet().\n\nThanks to Ramon de Carvalho Valle for finding this bug using fsfuzzer.\n\nSigned-off-by: Tyler Hicks \u003ctyhicks@linux.vnet.ibm.com\u003e\nCc: stable@kernel.org (2.6.27 and 30)\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "6cfd0148425e528b859b26e436b01f23f6926224", "tree": "60e3257053554ff198fe5825e6f12a00c3b4422a", "parents": [ "a9e220f8322e2b0e0b8903fe00265461cffad3f0" ], "author": { "name": "Christoph Hellwig", "email": "hch@lst.de", "time": "Tue May 05 15:40:36 2009 +0200" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Jun 11 21:36:07 2009 -0400" }, "message": "push BKL down into -\u003eput_super\n\nMove BKL into -\u003eput_super from the only caller. A couple of\nfilesystems had trivial enough -\u003eput_super (only kfree and NULLing of\ns_fs_info + stuff in there) to not get any locking: coda, cramfs, efs,\nhugetlbfs, omfs, qnx4, shmem, all others got the full treatment. Most\nof them probably don\u0027t need it, but I\u0027d rather sort that out individually.\nPreferably after all the other BKL pushdowns in that area.\n\n[AV: original used to move lock_super() down as well; these changes are\nremoved since we don\u0027t do lock_super() at all in generic_shutdown_super()\nnow]\n[AV: fuse, btrfs and xfs are known to need no damn BKL, exempt]\n\nSigned-off-by: Christoph Hellwig \u003chch@lst.de\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "6f5bbff9a1b7d6864a495763448a363bbfa96324", "tree": "0067dca46f40def1c55541c34c262e06aeb8c4c8", "parents": [ "74dbbdd7fdc11763f4698d2f3e684cf4446951e6" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed May 06 01:34:22 2009 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat May 09 10:49:40 2009 -0400" }, "message": "Convert obvious places to deactivate_locked_super()\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "ac20100df7a7a042423dcb8847f42d9f6ddb8d00", "tree": "59aefe9f3a2a0a6216e60d3f4304862b26146047", "parents": [ "802b352f2934f799ec2e159f61db6506094a936e" ], "author": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Mon Apr 27 13:31:12 2009 -0500" }, "committer": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Mon Apr 27 13:31:12 2009 -0500" }, "message": "eCryptfs: Fix min function comparison warning\n\nThis warning shows up on 64 bit builds:\n\nfs/ecryptfs/inode.c:693: warning: comparison of distinct pointer types\nlacks a cast\n\nSigned-off-by: Tyler Hicks \u003ctyhicks@linux.vnet.ibm.com\u003e\n" }, { "commit": "802b352f2934f799ec2e159f61db6506094a936e", "tree": "969ddb6ff2432ae144e95d1c2558898f21da0da3", "parents": [ "3dacbdad2401c06b97d8d754974233a70c165536" ], "author": { "name": "Randy Dunlap", "email": "randy.dunlap@oracle.com", "time": "Mon Apr 27 21:24:28 2009 -0700" }, "committer": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Mon Apr 27 13:10:06 2009 -0500" }, "message": "ecryptfs: fix printk format warning\n\nfs/ecryptfs/inode.c:670: warning: format \u0027%d\u0027 expects type \u0027int\u0027, but argument 3 has type \u0027size_t\u0027\n\nSigned-off-by: Randy Dunlap \u003crandy.dunlap@oracle.com\u003e\nSigned-off-by: Tyler Hicks \u003ctyhicks@linux.vnet.ibm.com\u003e\nCc: Dustin Kirkland \u003ckirkland@canonical.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\n" }, { "commit": "3a6b42cadc112b01daf0525e5fcd90bb333a5bb3", "tree": "78cd37050a80e5c99eaa3ee97e20af834026c4d1", "parents": [ "ca8e34f2b05a8289b47907b083dc01dd654ecbde" ], "author": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Thu Apr 16 18:35:37 2009 -0500" }, "committer": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Wed Apr 22 17:02:46 2009 -0500" }, "message": "eCryptfs: Larger buffer for encrypted symlink targets\n\nWhen using filename encryption with eCryptfs, the value of the symlink\nin the lower filesystem is encrypted and stored as a Tag 70 packet.\nThis results in a longer symlink target than if the target value wasn\u0027t\nencrypted.\n\nUsers were reporting these messages in their syslog:\n\n[ 45.653441] ecryptfs_parse_tag_70_packet: max_packet_size is [56]; real\npacket size is [51]\n[ 45.653444] ecryptfs_decode_and_decrypt_filename: Could not parse tag\n70 packet from filename; copying through filename as-is\n\nThis was due to bufsiz, one the arguments in readlink(), being used to\nwhen allocating the buffer passed to the lower inode\u0027s readlink().\nThat symlink target may be very large, but when decoded and decrypted,\ncould end up being smaller than bufsize.\n\nTo fix this, the buffer passed to the lower inode\u0027s readlink() will\nalways be PATH_MAX in size when filename encryption is enabled. Any\nnecessary truncation occurs after the decoding and decrypting.\n\nSigned-off-by: Tyler Hicks \u003ctyhicks@linux.vnet.ibm.com\u003e\n" }, { "commit": "ca8e34f2b05a8289b47907b083dc01dd654ecbde", "tree": "eeedcd559c8add0b8ebc87489f8daf78258d59a1", "parents": [ "e77cc8d243f9f1e1d3f0799e23cc14e837ccc8c6" ], "author": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Wed Apr 22 16:27:12 2009 -0500" }, "committer": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Wed Apr 22 16:27:12 2009 -0500" }, "message": "eCryptfs: Lock lower directory inode mutex during lookup\n\nThis patch locks the lower directory inode\u0027s i_mutex before calling\nlookup_one_len() to find the appropriate dentry in the lower filesystem.\nThis bug was found thanks to the warning set in commit 2f9092e1.\n\nSigned-off-by: Tyler Hicks \u003ctyhicks@linux.vnet.ibm.com\u003e\n" }, { "commit": "e77cc8d243f9f1e1d3f0799e23cc14e837ccc8c6", "tree": "e71815e09c73e33bdd2c687f7508e3720c4d3ed7", "parents": [ "13a791b4e63eb0537a7f804a340d6527485983b4" ], "author": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Wed Apr 22 04:08:46 2009 -0500" }, "committer": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Wed Apr 22 04:08:46 2009 -0500" }, "message": "eCryptfs: Remove ecryptfs_unlink_sigs warnings\n\nA feature was added to the eCryptfs umount helper to automatically\nunlink the keys used for an eCryptfs mount from the kernel keyring upon\numount. This patch keeps the unrecognized mount option warnings for\necryptfs_unlink_sigs out of the logs.\n\nSigned-off-by: Tyler Hicks \u003ctyhicks@linux.vnet.ibm.com\u003e\n" }, { "commit": "13a791b4e63eb0537a7f804a340d6527485983b4", "tree": "ad3c74093e8efe0da14644a0dc16ac0c61b2e6e5", "parents": [ "3a5203ab3c0c31e0f1434c69e893bfb85c6e6657" ], "author": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Mon Apr 13 15:29:27 2009 -0500" }, "committer": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Wed Apr 22 03:54:13 2009 -0500" }, "message": "eCryptfs: Fix data corruption when using ecryptfs_passthrough\n\necryptfs_passthrough is a mount option that allows eCryptfs to allow\ndata to be written to non-eCryptfs files in the lower filesystem. The\npassthrough option was causing data corruption due to it not always\nbeing treated as a non-eCryptfs file.\n\nThe first 8 bytes of an eCryptfs file contains the decrypted file size.\nThis value was being written to the non-eCryptfs files, too. Also,\nextra 0x00 characters were being written to make the file size a\nmultiple of PAGE_CACHE_SIZE.\n\nSigned-off-by: Tyler Hicks \u003ctyhicks@linux.vnet.ibm.com\u003e\n" }, { "commit": "3a5203ab3c0c31e0f1434c69e893bfb85c6e6657", "tree": "76edf493f4737f57448e5705cd7d29fddeb4a66a", "parents": [ "57ea34d19963781d05eb12f9b31bd4f70d61ec16" ], "author": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Mon Mar 16 12:35:12 2009 -0500" }, "committer": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Wed Apr 22 03:54:13 2009 -0500" }, "message": "eCryptfs: Print FNEK sig properly in /proc/mounts\n\nThe filename encryption key signature is not properly displayed in\n/proc/mounts. The \"ecryptfs_sig\u003d\" mount option name is displayed for\nall global authentication tokens, included those for filename keys.\n\nThis patch checks the global authentication token flags to determine if\nthe key is a FEKEK or FNEK and prints the appropriate mount option name\nbefore the signature.\n\nSigned-off-by: Tyler Hicks \u003ctyhicks@linux.vnet.ibm.com\u003e\n" }, { "commit": "57ea34d19963781d05eb12f9b31bd4f70d61ec16", "tree": "5a912a7515234eb73147c32197ecbc7ca429bde8", "parents": [ "ae6e84596e7b321d9a08e81679c6a3f799634636" ], "author": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Sun Mar 15 14:17:01 2009 -0500" }, "committer": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Wed Apr 22 03:54:13 2009 -0500" }, "message": "eCryptfs: NULL pointer dereference in ecryptfs_send_miscdev()\n\nIf data is NULL, msg_ctx-\u003emsg is set to NULL and then dereferenced\nafterwards. ecryptfs_send_raw_message() is the only place that\necryptfs_send_miscdev() is called with data being NULL, but the only\ncaller of that function (ecryptfs_process_helo()) is never called. In\nshort, there is currently no way to trigger the NULL pointer\ndereference.\n\nThis patch removes the two unused functions and modifies\necryptfs_send_miscdev() to remove the NULL dereferences.\n\nSigned-off-by: Tyler Hicks \u003ctyhicks@linux.vnet.ibm.com\u003e\n" }, { "commit": "ae6e84596e7b321d9a08e81679c6a3f799634636", "tree": "a81baed56b7384321cf3d282e2d41f785fe30853", "parents": [ "091069740304c979f957ceacec39c461d0192158" ], "author": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Thu Mar 12 00:19:46 2009 -0500" }, "committer": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Wed Apr 22 03:54:12 2009 -0500" }, "message": "eCryptfs: Copy lower inode attrs before dentry instantiation\n\nCopies the lower inode attributes to the upper inode before passing the\nupper inode to d_instantiate(). This is important for\nsecurity_d_instantiate().\n\nThe problem was discovered by a user seeing SELinux denials like so:\n\ntype\u003dAVC msg\u003daudit(1236812817.898:47): avc: denied { 0x100000 } for\npid\u003d3584 comm\u003d\"httpd\" name\u003d\"testdir\" dev\u003decryptfs ino\u003d943872\nscontext\u003droot:system_r:httpd_t:s0\ntcontext\u003droot:object_r:httpd_sys_content_t:s0 tclass\u003dfile\n\nNotice target class is file while testdir is really a directory,\nconfusing the permission translation (0x100000) due to the wrong i_mode.\n\nSigned-off-by: Tyler Hicks \u003ctyhicks@linux.vnet.ibm.com\u003e\n" }, { "commit": "fd56d242b3b80b6f2ca174272b20029aae61df75", "tree": "57f51b3471dc6fdb8bcb92bff5bfdc8f4c441cd1", "parents": [ "a9482ebcdedbc5872ed34a266e6a45c35116f264" ], "author": { "name": "Li Zefan", "email": "lizf@cn.fujitsu.com", "time": "Wed Apr 08 15:09:29 2009 +0800" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Apr 20 23:02:51 2009 -0400" }, "message": "ecryptfs: use memdup_user()\n\nRemove open-coded memdup_user().\n\nSigned-off-by: Li Zefan \u003clizf@cn.fujitsu.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "00fcf2cb6f6bb421851c3ba062c0a36760ea6e53", "tree": "741afc144a87af1aa7915d812924da7d7418611f", "parents": [ "e2801806de1c9c1d03b7d1bfcb2e01dd4d389e80" ], "author": { "name": "Johannes Weiner", "email": "hannes@cmpxchg.org", "time": "Tue Mar 31 15:24:42 2009 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Apr 01 08:59:23 2009 -0700" }, "message": "ecryptfs: use kzfree()\n\nUse kzfree() instead of memset() + kfree().\n\nSigned-off-by: Johannes Weiner \u003channes@cmpxchg.org\u003e\nReviewed-by: Pekka Enberg \u003cpenberg@cs.helsinki.fi\u003e\nAcked-by: Tyler Hicks \u003ctyhicks@linux.vnet.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "5a3fd05a9bb2f104020fbfc4551ad4aaed4660a4", "tree": "4614ad0df3002edbb8c40c451310a33033af053d", "parents": [ "4fd03e84d8f4e6304cef19698a24dee84039ef01" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Feb 20 05:57:52 2009 +0000" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Mar 27 14:44:01 2009 -0400" }, "message": "constify dentry_operations: ecryptfs\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "2aac0cf88681bfa092f731553bc7fbd23516be73", "tree": "b723cbe9c67b0cafa9081690d03b4ecec038d9f6", "parents": [ "8faece5f906725c10e7a1f6caf84452abadbdc7b" ], "author": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Fri Mar 20 02:23:57 2009 -0500" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sun Mar 22 11:20:43 2009 -0700" }, "message": "eCryptfs: NULL crypt_stat dereference during lookup\n\nIf ecryptfs_encrypted_view or ecryptfs_xattr_metadata were being\nspecified as mount options, a NULL pointer dereference of crypt_stat\nwas possible during lookup.\n\nThis patch moves the crypt_stat assignment into\necryptfs_lookup_and_interpose_lower(), ensuring that crypt_stat\nwill not be NULL before we attempt to dereference it.\n\nThanks to Dan Carpenter and his static analysis tool, smatch, for\nfinding this bug.\n\nSigned-off-by: Tyler Hicks \u003ctyhicks@linux.vnet.ibm.com\u003e\nAcked-by: Dustin Kirkland \u003ckirkland@canonical.com\u003e\nCc: Dan Carpenter \u003cerror27@gmail.com\u003e\nCc: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "8faece5f906725c10e7a1f6caf84452abadbdc7b", "tree": "bbe7d6cba67c909fbc86fc63dbfa1cf0d3cb12bc", "parents": [ "18a0d89e54ca0f6f33582f99ae39867b2c975559" ], "author": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Fri Mar 20 01:25:09 2009 -0500" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sun Mar 22 11:20:43 2009 -0700" }, "message": "eCryptfs: Allocate a variable number of pages for file headers\n\nWhen allocating the memory used to store the eCryptfs header contents, a\nsingle, zeroed page was being allocated with get_zeroed_page().\nHowever, the size of an eCryptfs header is either PAGE_CACHE_SIZE or\nECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE (8192), whichever is larger, and is\nstored in the file\u0027s private_data-\u003ecrypt_stat-\u003enum_header_bytes_at_front\nfield.\n\necryptfs_write_metadata_to_contents() was using\nnum_header_bytes_at_front to decide how many bytes should be written to\nthe lower filesystem for the file header. Unfortunately, at least 8K\nwas being written from the page, despite the chance of the single,\nzeroed page being smaller than 8K. This resulted in random areas of\nkernel memory being written between the 0x1000 and 0x1FFF bytes offsets\nin the eCryptfs file headers if PAGE_SIZE was 4K.\n\nThis patch allocates a variable number of pages, calculated with\nnum_header_bytes_at_front, and passes the number of allocated pages\nalong to ecryptfs_write_metadata_to_contents().\n\nThanks to Florian Streibelt for reporting the data leak and working with\nme to find the problem. 2.6.28 is the only kernel release with this\nvulnerability. Corresponds to CVE-2009-0787\n\nSigned-off-by: Tyler Hicks \u003ctyhicks@linux.vnet.ibm.com\u003e\nAcked-by: Dustin Kirkland \u003ckirkland@canonical.com\u003e\nReviewed-by: Eric Sandeen \u003csandeen@redhat.com\u003e\nReviewed-by: Eugene Teo \u003ceugeneteo@kernel.sg\u003e\nCc: Greg KH \u003cgreg@kroah.com\u003e\nCc: dann frazier \u003cdannf@dannf.org\u003e\nCc: Serge E. Hallyn \u003cserue@us.ibm.com\u003e\nCc: Florian Streibelt \u003cflorian@f-streibelt.de\u003e\nCc: stable@kernel.org\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "84814d642a4f1f294bd675ab11aae1ca54c6cedb", "tree": "4ae91cce54c8d9578dc3217b6454a921b91833a3", "parents": [ "15e7b8767605dc0cb9bd4594caabfec392385210" ], "author": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Fri Mar 13 13:51:59 2009 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Mar 14 11:57:22 2009 -0700" }, "message": "eCryptfs: don\u0027t encrypt file key with filename key\n\neCryptfs has file encryption keys (FEK), file encryption key encryption\nkeys (FEKEK), and filename encryption keys (FNEK). The per-file FEK is\nencrypted with one or more FEKEKs and stored in the header of the\nencrypted file. I noticed that the FEK is also being encrypted by the\nFNEK. This is a problem if a user wants to use a different FNEK than\ntheir FEKEK, as their file contents will still be accessible with the\nFNEK.\n\nThis is a minimalistic patch which prevents the FNEKs signatures from\nbeing copied to the inode signatures list. Ultimately, it keeps the FEK\nfrom being encrypted with a FNEK.\n\nSigned-off-by: Tyler Hicks \u003ctyhicks@linux.vnet.ibm.com\u003e\nCc: Serge Hallyn \u003cserue@us.ibm.com\u003e\nAcked-by: Dustin Kirkland \u003ckirkland@canonical.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "fd9fc842bbab0cb5560b0d52ce4598c898707863", "tree": "ff8fc9b1c964debf18ba662558b26bf7bb7513cc", "parents": [ "eeb94855beeb7fde5f9e2ed72fe6a8b24cd5a3c7" ], "author": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Fri Feb 06 18:06:51 2009 -0600" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Feb 06 18:36:40 2009 -0800" }, "message": "eCryptfs: Regression in unencrypted filename symlinks\n\nThe addition of filename encryption caused a regression in unencrypted\nfilename symlink support. ecryptfs_copy_filename() is used when dealing\nwith unencrypted filenames and it reported that the new, copied filename\nwas a character longer than it should have been.\n\nThis caused the return value of readlink() to count the NULL byte of the\nsymlink target. Most applications don\u0027t care about the extra NULL byte,\nbut a version control system (bzr) helped in discovering the bug.\n\nSigned-off-by: Tyler Hicks \u003ctyhicks@linux.vnet.ibm.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "295c896cb95de18004ef5e1b53f44c2ad001f936", "tree": "ec81dda0af7cb2c683541385c329af3c3d064bb8", "parents": [ "10951bf05d952bf6d13094f66a0dccd11dec311e" ], "author": { "name": "Alexey Dobriyan", "email": "adobriyan@gmail.com", "time": "Thu Jan 22 10:50:50 2009 +0300" }, "committer": { "name": "Alexey Dobriyan", "email": "adobriyan@gmail.com", "time": "Thu Jan 22 13:15:56 2009 +0300" }, "message": "fs/Kconfig: move ecryptfs out\n\nSigned-off-by: Alexey Dobriyan \u003cadobriyan@gmail.com\u003e\n" }, { "commit": "f70f582f0072f37790d2984647198deb3e7782a3", "tree": "acdeaf347fdd017346c15d9da858ee02f1b99224", "parents": [ "71c11c378f46e42ca67c1e227646ce23bf43a8c6" ], "author": { "name": "Qinghuang Feng", "email": "qhfeng.kernel@gmail.com", "time": "Tue Jan 06 14:42:05 2009 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Jan 06 15:59:22 2009 -0800" }, "message": "fs/ecryptfs/inode.c: cleanup kerneldoc\n\nArguments lower_dentry and ecryptfs_dentry in ecryptfs_create_underlying_file()\nhave been merged into dentry, now fix it.\n\nSigned-off-by: Qinghuang Feng \u003cqhfeng.kernel@gmail.com\u003e\nCc: Randy Dunlap \u003crandy.dunlap@oracle.com\u003e\nCc: Michael Halcrow \u003cmhalcrow@us.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "71c11c378f46e42ca67c1e227646ce23bf43a8c6", "tree": "5762c267801a47bc5efd54242661820472827960", "parents": [ "7d8bc2be51706152828164b305e969b4a8471041" ], "author": { "name": "Michael Halcrow", "email": "mhalcrow@us.ibm.com", "time": "Tue Jan 06 14:42:05 2009 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Jan 06 15:59:22 2009 -0800" }, "message": "eCryptfs: Clean up ecryptfs_decode_from_filename()\n\nFlesh out the comments for ecryptfs_decode_from_filename(). Remove the\nreturn condition, since it is always 0.\n\nSigned-off-by: Michael Halcrow \u003cmhalcrow@us.ibm.com\u003e\nCc: Dustin Kirkland \u003cdustin.kirkland@gmail.com\u003e\nCc: Eric Sandeen \u003csandeen@redhat.com\u003e\nCc: Tyler Hicks \u003ctchicks@us.ibm.com\u003e\nCc: David Kleikamp \u003cshaggy@us.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "7d8bc2be51706152828164b305e969b4a8471041", "tree": "3020b62d6e94005ed20e59361e10c0891ceba796", "parents": [ "a8f12864c52f8ab8520568dc97969c1749ae60bf" ], "author": { "name": "Michael Halcrow", "email": "mhalcrow@us.ibm.com", "time": "Tue Jan 06 14:42:04 2009 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Jan 06 15:59:22 2009 -0800" }, "message": "eCryptfs: kerneldoc for ecryptfs_parse_tag_70_packet()\n\nKerneldoc updates for ecryptfs_parse_tag_70_packet().\n\nSigned-off-by: Michael Halcrow \u003cmhalcrow@us.ibm.com\u003e\nCc: Dustin Kirkland \u003cdustin.kirkland@gmail.com\u003e\nCc: Eric Sandeen \u003csandeen@redhat.com\u003e\nCc: Tyler Hicks \u003ctchicks@us.ibm.com\u003e\nCc: David Kleikamp \u003cshaggy@us.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "a8f12864c52f8ab8520568dc97969c1749ae60bf", "tree": "9b65cf578ce80fb0fc139371b7dd7594ed79a6f0", "parents": [ "df261c52abdef147084c76ecf14473184e907547" ], "author": { "name": "Michael Halcrow", "email": "mhalcrow@us.ibm.com", "time": "Tue Jan 06 14:42:03 2009 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Jan 06 15:59:22 2009 -0800" }, "message": "eCryptfs: Fix data types (int/size_t)\n\nCorrect several format string data type specifiers. Correct filename size\ndata types; they should be size_t rather than int when passed as\nparameters to some other functions (although note that the filenames will\nnever be larger than int).\n\nSigned-off-by: Michael Halcrow \u003cmhalcrow@us.ibm.com\u003e\nCc: Dustin Kirkland \u003cdustin.kirkland@gmail.com\u003e\nCc: Eric Sandeen \u003csandeen@redhat.com\u003e\nCc: Tyler Hicks \u003ctchicks@us.ibm.com\u003e\nCc: David Kleikamp \u003cshaggy@us.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "df261c52abdef147084c76ecf14473184e907547", "tree": "f1f423ba612dbacace82193f2b088252f169a9c6", "parents": [ "87c94c4df0149786ad91d8a03c738a03369ee9c8" ], "author": { "name": "Michael Halcrow", "email": "mhalcrow@us.ibm.com", "time": "Tue Jan 06 14:42:02 2009 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Jan 06 15:59:22 2009 -0800" }, "message": "eCryptfs: Replace %Z with %z\n\n%Z is a gcc-ism. Using %z instead.\n\nSigned-off-by: Michael Halcrow \u003cmhalcrow@us.ibm.com\u003e\nCc: Dustin Kirkland \u003cdustin.kirkland@gmail.com\u003e\nCc: Eric Sandeen \u003csandeen@redhat.com\u003e\nCc: Tyler Hicks \u003ctchicks@us.ibm.com\u003e\nCc: David Kleikamp \u003cshaggy@us.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "87c94c4df0149786ad91d8a03c738a03369ee9c8", "tree": "6b7ee0b3c3e15d94fdeccb59e8bfab6c9d2a4498", "parents": [ "addd65ad8d19a7d7982130b16f957d5d01d3f8df" ], "author": { "name": "Michael Halcrow", "email": "mhalcrow@us.ibm.com", "time": "Tue Jan 06 14:42:01 2009 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Jan 06 15:59:22 2009 -0800" }, "message": "eCryptfs: Filename Encryption: mount option\n\nEnable mount-wide filename encryption by providing the Filename Encryption\nKey (FNEK) signature as a mount option. Note that the ecryptfs-utils\nuserspace package versions 61 or later support this option.\n\nWhen mounting with ecryptfs-utils version 61 or later, the mount helper\nwill detect the availability of the passphrase-based filename encryption\nin the kernel (via the eCryptfs sysfs handle) and query the user\ninteractively as to whether or not he wants to enable the feature for the\nmount. If the user enables filename encryption, the mount helper will\nthen prompt for the FNEK signature that the user wishes to use, suggesting\nby default the signature for the mount passphrase that the user has\nalready entered for encrypting the file contents.\n\nWhen not using the mount helper, the user can specify the signature for\nthe passphrase key with the ecryptfs_fnek_sig\u003d mount option. This key\nmust be available in the user\u0027s keyring. The mount helper usually takes\ncare of this step. If, however, the user is not mounting with the mount\nhelper, then he will need to enter the passphrase key into his keyring\nwith some other utility prior to mounting, such as ecryptfs-manager.\n\nSigned-off-by: Michael Halcrow \u003cmhalcrow@us.ibm.com\u003e\nCc: Dustin Kirkland \u003cdustin.kirkland@gmail.com\u003e\nCc: Eric Sandeen \u003csandeen@redhat.com\u003e\nCc: Tyler Hicks \u003ctchicks@us.ibm.com\u003e\nCc: David Kleikamp \u003cshaggy@us.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "addd65ad8d19a7d7982130b16f957d5d01d3f8df", "tree": "2263b4a4b7a6269410bd161a3995d2b4af3f7bcf", "parents": [ "51ca58dcc9f0d6b1e78954d08bd4954fb6a1421c" ], "author": { "name": "Michael Halcrow", "email": "mhalcrow@us.ibm.com", "time": "Tue Jan 06 14:42:00 2009 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Jan 06 15:59:22 2009 -0800" }, "message": "eCryptfs: Filename Encryption: filldir, lookup, and readlink\n\nMake the requisite modifications to ecryptfs_filldir(), ecryptfs_lookup(),\nand ecryptfs_readlink() to call out to filename encryption functions.\nPropagate filename encryption policy flags from mount-wide crypt_stat to\ninode crypt_stat.\n\nSigned-off-by: Michael Halcrow \u003cmhalcrow@us.ibm.com\u003e\nCc: Dustin Kirkland \u003cdustin.kirkland@gmail.com\u003e\nCc: Eric Sandeen \u003csandeen@redhat.com\u003e\nCc: Tyler Hicks \u003ctchicks@us.ibm.com\u003e\nCc: David Kleikamp \u003cshaggy@us.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "51ca58dcc9f0d6b1e78954d08bd4954fb6a1421c", "tree": "0bd80a0a9322150527b2d2160d7b37d0e067f389", "parents": [ "a34f60f748c6fe5d791e9b54cffe442201428254" ], "author": { "name": "Michael Halcrow", "email": "mhalcrow@us.ibm.com", "time": "Tue Jan 06 14:41:59 2009 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Jan 06 15:59:21 2009 -0800" }, "message": "eCryptfs: Filename Encryption: Encoding and encryption functions\n\nThese functions support encrypting and encoding the filename contents.\nThe encrypted filename contents may consist of any ASCII characters. This\npatch includes a custom encoding mechanism to map the ASCII characters to\na reduced character set that is appropriate for filenames.\n\nSigned-off-by: Michael Halcrow \u003cmhalcrow@us.ibm.com\u003e\nCc: Dustin Kirkland \u003cdustin.kirkland@gmail.com\u003e\nCc: Eric Sandeen \u003csandeen@redhat.com\u003e\nCc: Tyler Hicks \u003ctchicks@us.ibm.com\u003e\nCc: David Kleikamp \u003cshaggy@us.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "a34f60f748c6fe5d791e9b54cffe442201428254", "tree": "1b5378b49773c0f57bb5f892c3d2096da3c9a803", "parents": [ "9c79f34f7ee71cd28272332b424ca64b2be006ab" ], "author": { "name": "Michael Halcrow", "email": "mhalcrow@us.ibm.com", "time": "Tue Jan 06 14:41:58 2009 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Jan 06 15:59:21 2009 -0800" }, "message": "eCryptfs: Filename Encryption: Header updates\n\nExtensions to the header file to support filename encryption.\n\nSigned-off-by: Michael Halcrow \u003cmhalcrow@us.ibm.com\u003e\nCc: Dustin Kirkland \u003cdustin.kirkland@gmail.com\u003e\nCc: Eric Sandeen \u003csandeen@redhat.com\u003e\nCc: Tyler Hicks \u003ctchicks@us.ibm.com\u003e\nCc: David Kleikamp \u003cshaggy@us.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "9c79f34f7ee71cd28272332b424ca64b2be006ab", "tree": "1a818b78d8f0497c4b97a77a6464718dfaaf12c1", "parents": [ "14bca6c39d8245a0313f55309bfeb6bf60cc17c8" ], "author": { "name": "Michael Halcrow", "email": "mhalcrow@us.ibm.com", "time": "Tue Jan 06 14:41:57 2009 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Jan 06 15:59:21 2009 -0800" }, "message": "eCryptfs: Filename Encryption: Tag 70 packets\n\nThis patchset implements filename encryption via a passphrase-derived\nmount-wide Filename Encryption Key (FNEK) specified as a mount parameter.\nEach encrypted filename has a fixed prefix indicating that eCryptfs should\ntry to decrypt the filename. When eCryptfs encounters this prefix, it\ndecodes the filename into a tag 70 packet and then decrypts the packet\ncontents using the FNEK, setting the filename to the decrypted filename.\nBoth unencrypted and encrypted filenames can reside in the same lower\nfilesystem.\n\nBecause filename encryption expands the length of the filename during the\nencoding stage, eCryptfs will not properly handle filenames that are\nalready near the maximum filename length.\n\nIn the present implementation, eCryptfs must be able to produce a match\nagainst the lower encrypted and encoded filename representation when given\na plaintext filename. Therefore, two files having the same plaintext name\nwill encrypt and encode into the same lower filename if they are both\nencrypted using the same FNEK. This can be changed by finding a way to\nreplace the prepended bytes in the blocked-aligned filename with random\ncharacters; they are hashes of the FNEK right now, so that it is possible\nto deterministically map from a plaintext filename to an encrypted and\nencoded filename in the lower filesystem. An implementation using random\ncharacters will have to decode and decrypt every single directory entry in\nany given directory any time an event occurs wherein the VFS needs to\ndetermine whether a particular file exists in the lower directory and the\ndecrypted and decoded filenames have not yet been extracted for that\ndirectory.\n\nThanks to Tyler Hicks and David Kleikamp for assistance in the development\nof this patchset.\n\nThis patch:\n\nA tag 70 packet contains a filename encrypted with a Filename Encryption\nKey (FNEK). This patch implements functions for writing and parsing tag\n70 packets. This patch also adds definitions and extends structures to\nsupport filename encryption.\n\nSigned-off-by: Michael Halcrow \u003cmhalcrow@us.ibm.com\u003e\nCc: Dustin Kirkland \u003cdustin.kirkland@gmail.com\u003e\nCc: Eric Sandeen \u003csandeen@redhat.com\u003e\nCc: Tyler Hicks \u003ctchicks@us.ibm.com\u003e\nCc: David Kleikamp \u003cshaggy@us.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "520c85346666d4d9a6fcaaa8450542302dc28b91", "tree": "9c9cc9e2493b606104dd8602302ae28258ebeac0", "parents": [ "e8c82c2e23e3527e0c9dc195e432c16784d270fa", "4ae8978cf92a96257cd8998a49e781be83571d64" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Jan 05 18:32:06 2009 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Jan 05 18:32:06 2009 -0800" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6:\n inotify: fix type errors in interfaces\n fix breakage in reiserfs_new_inode()\n fix the treatment of jfs special inodes\n vfs: remove duplicate code in get_fs_type()\n add a vfs_fsync helper\n sys_execve and sys_uselib do not call into fsnotify\n zero i_uid/i_gid on inode allocation\n inode-\u003ei_op is never NULL\n ntfs: don\u0027t NULL i_op\n isofs check for NULL -\u003ei_op in root directory is dead code\n affs: do not zero -\u003ei_op\n kill suid bit only for regular files\n vfs: lseek(fd, 0, SEEK_CUR) race condition\n" }, { "commit": "4c728ef583b3d82266584da5cb068294c09df31e", "tree": "1252fa82b5a7cf60c0898c3da810228b4c34ebb3", "parents": [ "6110e3abbff8b785907d4db50240e63c1be726e3" ], "author": { "name": "Christoph Hellwig", "email": "hch@lst.de", "time": "Mon Dec 22 21:11:15 2008 +0100" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Jan 05 11:54:28 2009 -0500" }, "message": "add a vfs_fsync helper\n\nFsync currently has a fdatawrite/fdatawait pair around the method call,\nand a mutex_lock/unlock of the inode mutex. All callers of fsync have\nto duplicate this, but we have a few and most of them don\u0027t quite get\nit right. This patch adds a new vfs_fsync that takes care of this.\nIt\u0027s a little more complicated as usual as -\u003efsync might get a NULL file\npointer and just a dentry from nfsd, but otherwise gets afile and we\nwant to take the mapping and file operations from it when it is there.\n\nNotes on the fsync callers:\n\n - ecryptfs wasn\u0027t calling filemap_fdatawrite / filemap_fdatawait on the\n \tlower file\n - coda wasn\u0027t calling filemap_fdatawrite / filemap_fdatawait on the host\n\tfile, and returning 0 when -\u003efsync was missing\n - shm wasn\u0027t calling either filemap_fdatawrite / filemap_fdatawait nor\n taking i_mutex. Now given that shared memory doesn\u0027t have disk\n backing not doing anything in fsync seems fine and I left it out of\n the vfs_fsync conversion for now, but in that case we might just\n not pass it through to the lower file at all but just call the no-op\n simple_sync_file directly.\n\n[and now actually export vfs_fsync]\n\nSigned-off-by: Christoph Hellwig \u003chch@lst.de\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "acfa4380efe77e290d3a96b11cd4c9f24f4fbb18", "tree": "d656232c7ef39c83681c2de4c8e28ba439242f66", "parents": [ "9742df331deb3fce95b321f38d4ea0c4e75edb63" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Dec 04 10:06:33 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Jan 05 11:54:28 2009 -0500" }, "message": "inode-\u003ei_op is never NULL\n\nWe used to have rather schizophrenic set of checks for NULL -\u003ei_op even\nthough it had been eliminated years ago. You\u0027d need to go out of your\nway to set it to NULL explicitly _and_ a bunch of code would die on\nsuch inodes anyway. After killing two remaining places that still\ndid that bogosity, all that crap can go away.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "54566b2c1594c2326a645a3551f9d989f7ba3c5e", "tree": "b373f3283fe5e197d0df29cd6b645c35adf1076c", "parents": [ "e687d691cb3790d25e31c74f5941fd7c565e9df5" ], "author": { "name": "Nick Piggin", "email": "npiggin@suse.de", "time": "Sun Jan 04 12:00:53 2009 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sun Jan 04 13:33:20 2009 -0800" }, "message": "fs: symlink write_begin allocation context fix\n\nWith the write_begin/write_end aops, page_symlink was broken because it\ncould no longer pass a GFP_NOFS type mask into the point where the\nallocations happened. They are done in write_begin, which would always\nassume that the filesystem can be entered from reclaim. This bug could\ncause filesystem deadlocks.\n\nThe funny thing with having a gfp_t mask there is that it doesn\u0027t really\nallow the caller to arbitrarily tinker with the context in which it can be\ncalled. It couldn\u0027t ever be GFP_ATOMIC, for example, because it needs to\ntake the page lock. The only thing any callers care about is __GFP_FS\nanyway, so turn that into a single flag.\n\nAdd a new flag for write_begin, AOP_FLAG_NOFS. Filesystems can now act on\nthis flag in their write_begin function. Change __grab_cache_page to\naccept a nofs argument as well, to honour that flag (while we\u0027re there,\nchange the name to grab_cache_page_write_begin which is more instructive\nand does away with random leading underscores).\n\nThis is really a more flexible way to go in the end anyway -- if a\nfilesystem happens to want any extra allocations aside from the pagecache\nones in ints write_begin function, it may now use GFP_KERNEL (rather than\nGFP_NOFS) for common case allocations (eg. ocfs2_alloc_write_ctxt, for a\nrandom example).\n\n[kosaki.motohiro@jp.fujitsu.com: fix ubifs]\n[kosaki.motohiro@jp.fujitsu.com: fix fuse]\nSigned-off-by: Nick Piggin \u003cnpiggin@suse.de\u003e\nReviewed-by: KOSAKI Motohiro \u003ckosaki.motohiro@jp.fujitsu.com\u003e\nCc: \u003cstable@kernel.org\u003e\t\t[2.6.28.x]\nSigned-off-by: KOSAKI Motohiro \u003ckosaki.motohiro@jp.fujitsu.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\n[ Cleaned up the calling convention: just pass in the AOP flags\n untouched to the grab_cache_page_write_begin() function. That\n just simplifies everybody, and may even allow future expansion of the\n logic. - Linus ]\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "a17d5232de7b53d34229de79ec22f4bb04adb7e4", "tree": "d42a96bf5e0806e4a67404709a8fdf0ed4e551c0", "parents": [ "5cc4a0341a1295ea56b2e62eb70d96d8fdb94ded" ], "author": { "name": "Duane Griffin", "email": "duaneg@dghda.com", "time": "Fri Dec 19 20:47:10 2008 +0000" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Dec 31 18:07:38 2008 -0500" }, "message": "eCryptfs: check readlink result was not an error before using it\n\nThe result from readlink is being used to index into the link name\nbuffer without checking whether it is a valid length. If readlink\nreturns an error this will fault or cause memory corruption.\n\nCc: Tyler Hicks \u003ctyhicks@linux.vnet.ibm.com\u003e\nCc: Dustin Kirkland \u003ckirkland@canonical.com\u003e\nCc: ecryptfs-devel@lists.launchpad.net\nSigned-off-by: Duane Griffin \u003cduaneg@dghda.com\u003e\nAcked-by: Michael Halcrow \u003cmhalcrow@us.ibm.com\u003e\nAcked-by: Tyler Hicks \u003ctyhicks@linux.vnet.ibm.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "ec98ce480ada787f2cfbd696980ff3564415505b", "tree": "1a4d644b38f9f1e4b4e086fde0b195df4a92cf84", "parents": [ "3496f92beb9aa99ef21fccc154a36c7698e9c538", "feaf3848a813a106f163013af6fcf6c4bfec92d9" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Dec 04 17:16:36 2008 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Dec 04 17:16:36 2008 +1100" }, "message": "Merge branch \u0027master\u0027 into next\n\nConflicts:\n\tfs/nfsd/nfs4recover.c\n\nManually fixed above to use new creds API functions, e.g.\nnfs4_save_creds().\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "18b6e0414e42d95183f07d8177e3ff0241abd825", "tree": "91ca2f2d442055e31eb7bb551bf7060f3f4c4cc7", "parents": [ "9789cfe22e5d7bc10cad841a4ea96ecedb34b267" ], "author": { "name": "Serge Hallyn", "email": "serue@us.ibm.com", "time": "Wed Oct 15 16:38:45 2008 -0500" }, "committer": { "name": "Serge E. Hallyn", "email": "serue@us.ibm.com", "time": "Mon Nov 24 18:57:41 2008 -0500" }, "message": "User namespaces: set of cleanups (v2)\n\nThe user_ns is moved from nsproxy to user_struct, so that a struct\ncred by itself is sufficient to determine access (which it otherwise\nwould not be). Corresponding ecryptfs fixes (by David Howells) are\nhere as well.\n\nFix refcounting. The following rules now apply:\n 1. The task pins the user struct.\n 2. The user struct pins its user namespace.\n 3. The user namespace pins the struct user which created it.\n\nUser namespaces are cloned during copy_creds(). Unsharing a new user_ns\nis no longer possible. (We could re-add that, but it\u0027ll cause code\nduplication and doesn\u0027t seem useful if PAM doesn\u0027t need to clone user\nnamespaces).\n\nWhen a user namespace is created, its first user (uid 0) gets empty\nkeyrings and a clean group_info.\n\nThis incorporates a previous patch by David Howells. Here\nis his original patch description:\n\n\u003eI suggest adding the attached incremental patch. It makes the following\n\u003echanges:\n\u003e\n\u003e (1) Provides a current_user_ns() macro to wrap accesses to current\u0027s user\n\u003e namespace.\n\u003e\n\u003e (2) Fixes eCryptFS.\n\u003e\n\u003e (3) Renames create_new_userns() to create_user_ns() to be more consistent\n\u003e with the other associated functions and because the \u0027new\u0027 in the name is\n\u003e superfluous.\n\u003e\n\u003e (4) Moves the argument and permission checks made for CLONE_NEWUSER to the\n\u003e beginning of do_fork() so that they\u0027re done prior to making any attempts\n\u003e at allocation.\n\u003e\n\u003e (5) Calls create_user_ns() after prepare_creds(), and gives it the new creds\n\u003e to fill in rather than have it return the new root user. I don\u0027t imagine\n\u003e the new root user being used for anything other than filling in a cred\n\u003e struct.\n\u003e\n\u003e This also permits me to get rid of a get_uid() and a free_uid(), as the\n\u003e reference the creds were holding on the old user_struct can just be\n\u003e transferred to the new namespace\u0027s creator pointer.\n\u003e\n\u003e (6) Makes create_user_ns() reset the UIDs and GIDs of the creds under\n\u003e preparation rather than doing it in copy_creds().\n\u003e\n\u003eDavid\n\n\u003eSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\n\nChangelog:\n\tOct 20: integrate dhowells comments\n\t\t1. leave thread_keyring alone\n\t\t2. use current_user_ns() in set_user()\n\nSigned-off-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\n" }, { "commit": "ac97b9f9a2d0b83488e0bbcb8517b229d5c9b142", "tree": "118785d6a53390fb15177fc762f744a1bc0a79a4", "parents": [ "3b45d6380c392e402adc460e4ccf7d41e0caf82a" ], "author": { "name": "Michael Halcrow", "email": "mhalcrow@us.ibm.com", "time": "Wed Nov 19 15:36:28 2008 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Nov 19 18:49:58 2008 -0800" }, "message": "eCryptfs: Allocate up to two scatterlists for crypto ops on keys\n\nI have received some reports of out-of-memory errors on some older AMD\narchitectures. These errors are what I would expect to see if\ncrypt_stat-\u003ekey were split between two separate pages. eCryptfs should\nnot assume that any of the memory sent through virt_to_scatterlist() is\nall contained in a single page, and so this patch allocates two\nscatterlist structs instead of one when processing keys. I have received\nconfirmation from one person affected by this bug that this patch resolves\nthe issue for him, and so I am submitting it for inclusion in a future\nstable release.\n\nNote that virt_to_scatterlist() runs sg_init_table() on the scatterlist\nstructs passed to it, so the calls to sg_init_table() in\ndecrypt_passphrase_encrypted_session_key() are redundant.\n\nSigned-off-by: Michael Halcrow \u003cmhalcrow@us.ibm.com\u003e\nReported-by: Paulo J. S. Silva \u003cpjssilva@ime.usp.br\u003e\nCc: \"Leon Woestenberg\" \u003cleon.woestenberg@gmail.com\u003e\nCc: Tim Gardner \u003ctim.gardner@canonical.com\u003e\nCc: \u003cstable@kernel.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "745ca2475a6ac596e3d8d37c2759c0fbe2586227", "tree": "f87c34bdfbc8542477b16a014bbb4e3b415b286a", "parents": [ "88e67f3b8898c5ea81d2916dd5b8bc9c0c35ba13" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri Nov 14 10:39:22 2008 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Nov 14 10:39:22 2008 +1100" }, "message": "CRED: Pass credentials through dentry_open()\n\nPass credentials through dentry_open() so that the COW creds patch can have\nSELinux\u0027s flush_unauthorized_files() pass the appropriate creds back to itself\nwhen it opens its null chardev.\n\nThe security_dentry_open() call also now takes a creds pointer, as does the\ndentry_open hook in struct security_operations.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "4eea03539d9a8e3f5056aed690efde1f75535e7b", "tree": "1dd58dee9a286459c7a70b8f82edcb63d20b2c07", "parents": [ "ec4c2aacd16672febca053109eb9ddf672108ca1" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri Nov 14 10:38:49 2008 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Nov 14 10:38:49 2008 +1100" }, "message": "CRED: Wrap task credential accesses in the eCryptFS filesystem\n\nWrap access to task credentials so that they can be separated more easily from\nthe task_struct during the introduction of COW creds.\n\nChange most current-\u003e(|e|s|fs)[ug]id to current_(|e|s|fs)[ug]id().\n\nChange some task-\u003ee?[ug]id to task_e?[ug]id(). In some places it makes more\nsense to use RCU directly rather than a convenient wrapper; these will be\naddressed by later patches.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nReviewed-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Mike Halcrow \u003cmhalcrow@us.ibm.com\u003e\nCc: Phillip Hellewell \u003cphillip@hellewell.homeip.net\u003e\nCc: ecryptfs-devel@lists.sourceforge.net\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "87b811c3f96559e466403e22b1fa99d472571625", "tree": "319179f5d9a1cffaa3ae32aa41076d0fb10aab10", "parents": [ "ce05fcc30ea41c85f9d50bee1ce289f7cb7fb223" ], "author": { "name": "Eric Sandeen", "email": "sandeen@redhat.com", "time": "Wed Oct 29 14:01:08 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Oct 30 11:38:46 2008 -0700" }, "message": "ecryptfs: fix memory corruption when storing crypto info in xattrs\n\nWhen ecryptfs allocates space to write crypto headers into, before copying\nit out to file headers or to xattrs, it looks at the value of\ncrypt_stat-\u003enum_header_bytes_at_front to determine how much space it\nneeds. This is also used as the file offset to the actual encrypted data,\nso for xattr-stored crypto info, the value was zero.\n\nSo, we kzalloc\u0027d 0 bytes, and then ran off to write to that memory.\n(Which returned as ZERO_SIZE_PTR, so we explode quickly).\n\nThe right answer is to always allocate a page to write into; the current\ncode won\u0027t ever write more than that (this is enforced by the\n(PAGE_CACHE_SIZE - offset) length in the call to\necryptfs_generate_key_packet_set). To be explicit about this, we now send\nin a \"max\" parameter, rather than magically using PAGE_CACHE_SIZE there.\n\nAlso, since the pointer we pass down the callchain eventually gets the\nvirt_to_page() treatment, we should be using a alloc_page variant, not\nkzalloc (see also 7fcba054373d5dfc43d26e243a5c9b92069972ee)\n\nSigned-off-by: Eric Sandeen \u003csandeen@redhat.com\u003e\nAcked-by: Michael Halcrow \u003cmhalcrow@us.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "421748ecde8e69a6364e5ae66eb3bf87e1f995c0", "tree": "50ef878f8c46b1ec729625ed678d04aaeaaee6dd", "parents": [ "a63bb99660d82dfe7c51588e1f9aadefb756ba51" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Aug 02 01:04:36 2008 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Oct 23 05:12:52 2008 -0400" }, "message": "[PATCH] assorted path_lookup() -\u003e kern_path() conversions\n\nmore nameidata eviction\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "624ae5284516870657505103ada531c64dba2a9a", "tree": "1098d75abc1f4d335e2276dd9dde00a60ee568b5", "parents": [ "807b7ebe41ab80d96e89a53bc290d49613e56f48" ], "author": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Wed Oct 15 22:02:51 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Oct 16 11:21:39 2008 -0700" }, "message": "eCryptfs: remove netlink transport\n\nThe netlink transport code has not worked for a while and the miscdev\ntransport is a simpler solution. This patch removes the netlink code and\nmakes the miscdev transport the only eCryptfs kernel to userspace\ntransport.\n\nSigned-off-by: Tyler Hicks \u003ctyhicks@linux.vnet.ibm.com\u003e\nCc: Michael Halcrow \u003cmhalcrow@us.ibm.com\u003e\nCc: Dustin Kirkland \u003ckirkland@canonical.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "807b7ebe41ab80d96e89a53bc290d49613e56f48", "tree": "79a73c4982d4572c33bf7ad71e92b42650c1636e", "parents": [ "7d6c7045581d3736c5f14053eb59342aa0b2cc07" ], "author": { "name": "Badari Pulavarty", "email": "pbadari@us.ibm.com", "time": "Wed Oct 15 22:02:50 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Oct 16 11:21:39 2008 -0700" }, "message": "ecryptfs: convert to use new aops\n\nConvert ecryptfs to use write_begin/write_end\n\nSigned-off-by: Nick Piggin \u003cnpiggin@suse.de\u003e\nSigned-off-by: Badari Pulavarty \u003cpbadari@us.ibm.com\u003e\nAcked-by: Michael Halcrow \u003cmhalcrow@us.ibm.com\u003e\nCc: Dave Kleikamp \u003cshaggy@austin.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "7d6c7045581d3736c5f14053eb59342aa0b2cc07", "tree": "3906a3e8b0d4a2e4752c4eb19defc62691d200d7", "parents": [ "9d793b0bcbbbc37d80241862dfa5257963d5415e" ], "author": { "name": "Michael Halcrow", "email": "mhalcrow@us.ibm.com", "time": "Wed Oct 15 22:02:49 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Oct 16 11:21:38 2008 -0700" }, "message": "eCryptfs: remove retry loop in ecryptfs_readdir()\n\nThe retry block in ecryptfs_readdir() has been in the eCryptfs code base\nfor a while, apparently for no good reason. This loop could potentially\nrun without terminating. This patch removes the loop, instead erroring\nout if vfs_readdir() on the lower file fails.\n\nSigned-off-by: Michael Halcrow \u003cmhalcrow@us.ibm.com\u003e\nReported-by: Al Viro \u003cviro@ZinIV.linux.org.uk\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "a447c0932445f92ce6f4c1bd020f62c5097a7842", "tree": "bacf05bc7f9764515cdd6f7dc5e2254776b4f160", "parents": [ "54cebc68c81eacac41a21bdfe99dc889d3882c60" ], "author": { "name": "Steven Whitehouse", "email": "swhiteho@redhat.com", "time": "Mon Oct 13 10:46:57 2008 +0100" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Oct 13 10:10:37 2008 -0700" }, "message": "vfs: Use const for kernel parser table\n\nThis is a much better version of a previous patch to make the parser\ntables constant. Rather than changing the typedef, we put the \"const\" in\nall the various places where its required, allowing the __initconst\nexception for nfsroot which was the cause of the previous trouble.\n\nThis was posted for review some time ago and I believe its been in -mm\nsince then.\n\nSigned-off-by: Steven Whitehouse \u003cswhiteho@redhat.com\u003e\nCc: Alexander Viro \u003caviro@redhat.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "7fcba054373d5dfc43d26e243a5c9b92069972ee", "tree": "3503fba122a654946b5455bc95fa3978cbc4f68b", "parents": [ "25947d5ac56004378d8c2d31ebf22600d5bc0c02" ], "author": { "name": "Eric Sandeen", "email": "sandeen@redhat.com", "time": "Mon Jul 28 15:46:39 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Jul 28 16:30:21 2008 -0700" }, "message": "eCryptfs: use page_alloc not kmalloc to get a page of memory\n\nWith SLUB debugging turned on in 2.6.26, I was getting memory corruption\nwhen testing eCryptfs. The root cause turned out to be that eCryptfs was\ndoing kmalloc(PAGE_CACHE_SIZE); virt_to_page() and treating that as a nice\npage-aligned chunk of memory. But at least with SLUB debugging on, this\nis not always true, and the page we get from virt_to_page does not\nnecessarily match the PAGE_CACHE_SIZE worth of memory we got from kmalloc.\n\nMy simple testcase was 2 loops doing \"rm -f fileX; cp /tmp/fileX .\" for 2\ndifferent multi-megabyte files. With this change I no longer see the\ncorruption.\n\nSigned-off-by: Eric Sandeen \u003csandeen@redhat.com\u003e\nAcked-by: Michael Halcrow \u003cmhalcrow@us.ibm.com\u003e\nAcked-by: Rik van Riel \u003criel@redhat.com\u003e\nCc: \u003cstable@kernel.org\u003e\t\t[2.6.25.x, 2.6.26.x]\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "f419a2e3b64def707e1384ee38abb77f99af5f6d", "tree": "adbe12c510f04cf25ca6f822ee8004c8679a3a63", "parents": [ "30524472c2f728c20d6bf35191042a5d455c0a64" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jul 22 00:07:17 2008 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Jul 26 20:53:31 2008 -0400" }, "message": "[PATCH] kill nameidata passing to permission(), rename to inode_permission()\n\nIncidentally, the name that gives hundreds of false positives on grep\nis not a good idea...\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" } ], "next": "db2e747b14991a4c6a5c98b0e5f552a193237c03" }