+ ecryptfs-more-intelligent-use-of-tfm-objects.patch added to -mm tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The patch titled

     ecryptfs: more intelligent use of TFM objects

has been added to the -mm tree.  Its filename is

     ecryptfs-more-intelligent-use-of-tfm-objects.patch

See http://www.zip.com.au/~akpm/linux/patches/stuff/added-to-mm.txt to find
out what to do about this

------------------------------------------------------
Subject: ecryptfs: more intelligent use of TFM objects
From: Mike Halcrow <mhalcrow@xxxxxxxxxx>


More intelligent use of crypto context (tfm) objects.  Add locking for tfm's
belonging to inode's.  Make the mount-wide crypt_stat referenced by each inode
crypt_stat.  Add a cipher validity check on mount.  Use the mount's tfm for
key encryption operations, since such operations only occur on file open.

This patch finishes the set of patches that, among a few other things,
provides the ability for the user to specify his cipher and key size at mount
time.

Signed-off-by: Michael Halcrow <mhalcrow@xxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxx>
---

 fs/ecryptfs/crypto.c          |  129 ++++++++++++++++++++++++++++++--
 fs/ecryptfs/ecryptfs_kernel.h |   10 ++
 fs/ecryptfs/keystore.c        |   45 ++++++++---
 fs/ecryptfs/main.c            |   57 +++++++++-----
 fs/ecryptfs/super.c           |    4 
 5 files changed, 208 insertions(+), 37 deletions(-)

diff -puN fs/ecryptfs/crypto.c~ecryptfs-more-intelligent-use-of-tfm-objects fs/ecryptfs/crypto.c
--- 25/fs/ecryptfs/crypto.c~ecryptfs-more-intelligent-use-of-tfm-objects	Tue Jun 20 17:37:47 2006
+++ 25-akpm/fs/ecryptfs/crypto.c	Tue Jun 20 17:37:47 2006
@@ -158,10 +158,13 @@ out:
  *
  * Initialize the crypt_stat structure.
  */
-void ecryptfs_init_crypt_stat(struct ecryptfs_crypt_stat *crypt_stat)
+void
+ecryptfs_init_crypt_stat(struct ecryptfs_crypt_stat *crypt_stat)
 {
 	memset((void *)crypt_stat, 0, sizeof(struct ecryptfs_crypt_stat));
 	mutex_init(&crypt_stat->cs_mutex);
+	mutex_init(&crypt_stat->cs_tfm_mutex);
+	mutex_init(&crypt_stat->cs_md5_tfm_mutex);
 	ECRYPTFS_SET_FLAG(crypt_stat->flags, ECRYPTFS_STRUCT_INITIALIZED);
 }
 
@@ -180,6 +183,17 @@ void ecryptfs_destruct_crypt_stat(struct
 	memset(crypt_stat, 0, sizeof(struct ecryptfs_crypt_stat));
 }
 
+void ecryptfs_destruct_mount_crypt_stat(
+	struct ecryptfs_mount_crypt_stat *mount_crypt_stat)
+{
+	printk(KERN_INFO "%s\n", __FUNCTION__);
+	if (mount_crypt_stat->global_auth_tok_key)
+		key_put(mount_crypt_stat->global_auth_tok_key);
+	if (mount_crypt_stat->global_key_tfm)
+		crypto_free_tfm(mount_crypt_stat->global_key_tfm);
+	memset(mount_crypt_stat, 0, sizeof(struct ecryptfs_mount_crypt_stat));
+}
+
 /**
  * virt_to_scatterlist
  * @addr: Virtual address
@@ -254,16 +268,19 @@ static int encrypt_scatterlist(struct ec
 				  crypt_stat->key_size);
 	}
 	/* Consider doing this once, when the file is opened */
+	mutex_lock(&crypt_stat->cs_tfm_mutex);
 	rc = crypto_cipher_setkey(crypt_stat->tfm, crypt_stat->key,
 				  crypt_stat->key_size);
 	if (rc) {
 		ecryptfs_printk(KERN_ERR, "Error setting key; rc = [%d]\n",
 				rc);
+		mutex_unlock(&crypt_stat->cs_tfm_mutex);
 		rc = -EINVAL;
 		goto out;
 	}
 	ecryptfs_printk(KERN_DEBUG, "Encrypting [%d] bytes.\n", size);
 	crypto_cipher_encrypt_iv(crypt_stat->tfm, dest_sg, src_sg, size, iv);
+	mutex_unlock(&crypt_stat->cs_tfm_mutex);
 out:
 	return rc;
 }
@@ -645,17 +662,20 @@ static int decrypt_scatterlist(struct ec
 	int rc = 0;
 
 	/* Consider doing this once, when the file is opened */
+	mutex_lock(&crypt_stat->cs_tfm_mutex);
 	rc = crypto_cipher_setkey(crypt_stat->tfm, crypt_stat->key,
 				  crypt_stat->key_size);
 	if (rc) {
 		ecryptfs_printk(KERN_ERR, "Error setting key; rc = [%d]\n",
 				rc);
+		mutex_unlock(&crypt_stat->cs_tfm_mutex);
 		rc = -EINVAL;
 		goto out;
 	}
 	ecryptfs_printk(KERN_DEBUG, "Decrypting [%d] bytes.\n", size);
 	rc = crypto_cipher_decrypt_iv(crypt_stat->tfm, dest_sg, src_sg, size,
 				      iv);
+	mutex_unlock(&crypt_stat->cs_tfm_mutex);
 	if (rc) {
 		ecryptfs_printk(KERN_ERR, "Error decrypting; rc = [%d]\n",
 				rc);
@@ -725,7 +745,7 @@ int ecryptfs_init_crypt_ctx(struct ecryp
 {
 	int rc = -EINVAL;
 
-	if (crypt_stat->cipher == NULL) {
+	if (!crypt_stat->cipher) {
 		ecryptfs_printk(KERN_ERR, "No cipher specified\n");
 		goto out;
 	}
@@ -738,12 +758,14 @@ int ecryptfs_init_crypt_ctx(struct ecryp
 		rc = 0;
 		goto out;
 	}
+	mutex_lock(&crypt_stat->cs_tfm_mutex);
 	crypt_stat->tfm = crypto_alloc_tfm(crypt_stat->cipher,
 					   ECRYPTFS_DEFAULT_CHAINING_MODE
 					   | CRYPTO_TFM_REQ_WEAK_KEY);
-	if (crypt_stat->tfm == NULL) {
-		ecryptfs_printk(KERN_ERR, "cryptfs: init_crypt_ctx(): Error "
-				"initializing cipher [%s]\n",
+	mutex_unlock(&crypt_stat->cs_tfm_mutex);
+	if (!crypt_stat->tfm) {
+		ecryptfs_printk(KERN_ERR, "cryptfs: init_crypt_ctx(): "
+				"Error initializing cipher [%s]\n",
 				crypt_stat->cipher);
 		goto out;
 	}
@@ -837,14 +859,16 @@ static void ecryptfs_generate_new_key(st
  *
  * Default values in the event that policy does not override them.
  */
-static void
-ecryptfs_set_default_crypt_stat_vals(struct ecryptfs_crypt_stat *crypt_stat)
+static void ecryptfs_set_default_crypt_stat_vals(
+	struct ecryptfs_crypt_stat *crypt_stat,
+	struct ecryptfs_mount_crypt_stat *mount_crypt_stat)
 {
 	ecryptfs_set_default_sizes(crypt_stat);
 	strcpy(crypt_stat->cipher, ECRYPTFS_DEFAULT_CIPHER);
 	crypt_stat->key_size = ECRYPTFS_DEFAULT_KEY_BYTES;
 	ECRYPTFS_CLEAR_FLAG(crypt_stat->flags, ECRYPTFS_KEY_VALID);
 	crypt_stat->file_version = ECRYPTFS_FILE_VERSION;
+	crypt_stat->mount_crypt_stat = mount_crypt_stat;
 }
 
 /**
@@ -877,7 +901,7 @@ int ecryptfs_new_file_context(struct den
 		    ecryptfs_dentry->d_sb)->mount_crypt_stat;
 	int cipher_name_len;
 
-	ecryptfs_set_default_crypt_stat_vals(crypt_stat);
+	ecryptfs_set_default_crypt_stat_vals(crypt_stat, mount_crypt_stat);
 	/* See if there are mount crypt options */
 	if (mount_crypt_stat->global_auth_tok) {
 		ecryptfs_printk(KERN_DEBUG, "Initializing context for new "
@@ -1348,6 +1372,8 @@ int ecryptfs_read_headers_virt(char *pag
 	int bytes_read;
 
 	ecryptfs_set_default_sizes(crypt_stat);
+	crypt_stat->mount_crypt_stat = &ecryptfs_superblock_to_private(
+		ecryptfs_dentry->d_sb)->mount_crypt_stat;
 	offset = ECRYPTFS_FILE_SIZE_BYTES;
 	rc = contains_ecryptfs_marker(page_virt + offset);
 	if (rc == 0) {
@@ -1531,3 +1557,90 @@ ecryptfs_decode_filename(struct ecryptfs
 out:
 	return error;
 }
+
+/**
+ * ecryptfs_process_cipher - Perform cipher initialization.
+ * @tfm: Crypto context set by this function
+ * @key_tfm: Crypto context for key material, set by this function
+ * @cipher_name: Name of the cipher.
+ * @key_size: Size of the key in bytes.
+ *
+ * Returns zero on success. Any crypto_tfm structs allocated here
+ * should be released by other functions, such as on a superblock put
+ * event, regardless of whether this function succeeds for fails.
+ */
+int
+ecryptfs_process_cipher(struct crypto_tfm **tfm, struct crypto_tfm **key_tfm,
+			char *cipher_name, unsigned int key_size)
+{
+	char dummy_key[ECRYPTFS_MAX_KEY_BYTES];
+	int rc;
+
+	*tfm = *key_tfm = NULL;
+	if (key_size > ECRYPTFS_MAX_KEY_BYTES) {
+		rc = -EINVAL;
+		printk(KERN_ERR "Requested key size is [%d] bytes; maximum "
+		       "allowable is [%d]\n", key_size, ECRYPTFS_MAX_KEY_BYTES);
+		goto out;
+	}
+	*tfm = crypto_alloc_tfm(cipher_name, (ECRYPTFS_DEFAULT_CHAINING_MODE
+					      | CRYPTO_TFM_REQ_WEAK_KEY));
+	if (!(*tfm)) {
+		rc = -EINVAL;
+		printk(KERN_ERR "Unable to allocate crypto cipher with name "
+		       "[%s]\n", cipher_name);
+		goto out;
+	}
+	*key_tfm = crypto_alloc_tfm(cipher_name, CRYPTO_TFM_REQ_WEAK_KEY);
+	if (!(*key_tfm)) {
+		rc = -EINVAL;
+		printk(KERN_ERR "Unable to allocate crypto cipher with name "
+		       "[%s]\n", cipher_name);
+		goto out;
+	}
+	if (key_size < crypto_tfm_alg_min_keysize(*tfm)) {
+		rc = -EINVAL;
+		printk(KERN_ERR "Request key size is [%d]; minimum key size "
+		       "supported by cipher [%s] is [%d]\n", key_size,
+		       cipher_name, crypto_tfm_alg_min_keysize(*tfm));
+		goto out;
+	}
+	if (key_size < crypto_tfm_alg_min_keysize(*key_tfm)) {
+		rc = -EINVAL;
+		printk(KERN_ERR "Request key size is [%d]; minimum key size "
+		       "supported by cipher [%s] is [%d]\n", key_size,
+		       cipher_name, crypto_tfm_alg_min_keysize(*key_tfm));
+		goto out;
+	}
+	if (key_size > crypto_tfm_alg_max_keysize(*tfm)) {
+		rc = -EINVAL;
+		printk(KERN_ERR "Request key size is [%d]; maximum key size "
+		       "supported by cipher [%s] is [%d]\n", key_size,
+		       cipher_name, crypto_tfm_alg_min_keysize(*tfm));
+		goto out;
+	}
+	if (key_size > crypto_tfm_alg_max_keysize(*key_tfm)) {
+		rc = -EINVAL;
+		printk(KERN_ERR "Request key size is [%d]; maximum key size "
+		       "supported by cipher [%s] is [%d]\n", key_size,
+		       cipher_name, crypto_tfm_alg_min_keysize(*key_tfm));
+		goto out;
+	}
+	get_random_bytes(dummy_key, key_size);
+	rc = crypto_cipher_setkey(*tfm, dummy_key, key_size);
+	if (rc) {
+		printk(KERN_ERR "Error attempting to set key of size [%d] for "
+		       "cipher [%s]; rc = [%d]\n", key_size, cipher_name, rc);
+		rc = -EINVAL;
+		goto out;
+	}
+	rc = crypto_cipher_setkey(*key_tfm, dummy_key, key_size);
+	if (rc) {
+		printk(KERN_ERR "Error attempting to set key of size [%d] for "
+		       "cipher [%s]; rc = [%d]\n", key_size, cipher_name, rc);
+		rc = -EINVAL;
+		goto out;
+	}
+out:
+	return rc;
+}
diff -puN fs/ecryptfs/ecryptfs_kernel.h~ecryptfs-more-intelligent-use-of-tfm-objects fs/ecryptfs/ecryptfs_kernel.h
--- 25/fs/ecryptfs/ecryptfs_kernel.h~ecryptfs-more-intelligent-use-of-tfm-objects	Tue Jun 20 17:37:47 2006
+++ 25-akpm/fs/ecryptfs/ecryptfs_kernel.h	Tue Jun 20 17:37:47 2006
@@ -196,6 +196,7 @@ struct ecryptfs_crypt_stat {
 	unsigned int key_size;
 	unsigned int extent_shift;
 	unsigned int extent_mask;
+	struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
 	struct crypto_tfm *tfm;
 	struct crypto_tfm *md5_tfm; /* Crypto context for generating
 				     * the initialization vectors */
@@ -203,6 +204,8 @@ struct ecryptfs_crypt_stat {
 	unsigned char key[ECRYPTFS_MAX_KEY_BYTES];
 	unsigned char root_iv[ECRYPTFS_MAX_IV_BYTES];
 	unsigned char keysigs[ECRYPTFS_MAX_NUM_KEYSIGS][ECRYPTFS_SIG_SIZE_HEX];
+	struct mutex cs_tfm_mutex;
+	struct mutex cs_md5_tfm_mutex;
 	struct mutex cs_mutex;
 };
 
@@ -230,6 +233,8 @@ struct ecryptfs_mount_crypt_stat {
 	struct ecryptfs_auth_tok *global_auth_tok;
 	struct key *global_auth_tok_key;
 	unsigned int global_default_cipher_key_size;
+	struct crypto_tfm *global_key_tfm;
+	struct mutex global_key_tfm_mutex;
 	unsigned char global_default_cipher_name[ECRYPTFS_MAX_CIPHER_NAME_SIZE
 						 + 1];
 	unsigned char global_auth_tok_sig[ECRYPTFS_SIG_SIZE_HEX + 1];
@@ -408,6 +413,8 @@ int ecryptfs_compute_root_iv(struct ecry
 void ecryptfs_rotate_iv(unsigned char *iv);
 void ecryptfs_init_crypt_stat(struct ecryptfs_crypt_stat *crypt_stat);
 void ecryptfs_destruct_crypt_stat(struct ecryptfs_crypt_stat *crypt_stat);
+void ecryptfs_destruct_mount_crypt_stat(
+	struct ecryptfs_mount_crypt_stat *mount_crypt_stat);
 int ecryptfs_init_crypt_ctx(struct ecryptfs_crypt_stat *crypt_stat);
 int ecryptfs_write_inode_size_to_header(struct file *lower_file,
 					struct inode *lower_inode,
@@ -465,5 +472,8 @@ int
 ecryptfs_parse_packet_set(struct ecryptfs_crypt_stat *crypt_stat,
 			  unsigned char *src, struct dentry *ecryptfs_dentry);
 int ecryptfs_truncate(struct dentry *dentry, loff_t new_length);
+int
+ecryptfs_process_cipher(struct crypto_tfm **tfm, struct crypto_tfm **key_tfm,
+			char *cipher_name, unsigned int key_size);
 
 #endif /* #ifndef ECRYPTFS_KERNEL_H */
diff -puN fs/ecryptfs/keystore.c~ecryptfs-more-intelligent-use-of-tfm-objects fs/ecryptfs/keystore.c
--- 25/fs/ecryptfs/keystore.c~ecryptfs-more-intelligent-use-of-tfm-objects	Tue Jun 20 17:37:47 2006
+++ 25-akpm/fs/ecryptfs/keystore.c	Tue Jun 20 17:37:47 2006
@@ -460,6 +460,7 @@ static int decrypt_session_key(struct ec
 	struct ecryptfs_password *password_s_ptr;
 	struct crypto_tfm *tfm = NULL;
 	struct scatterlist src_sg[2], dst_sg[2];
+	struct mutex *tfm_mutex = NULL;
 	/* TODO: Use virt_to_scatterlist for these */
 	char *encrypted_session_key;
 	char *session_key;
@@ -476,12 +477,19 @@ static int decrypt_session_key(struct ec
 		ecryptfs_dump_hex(password_s_ptr->session_key_encryption_key,
 				  password_s_ptr->
 				  session_key_encryption_key_bytes);
-	tfm = crypto_alloc_tfm(crypt_stat->cipher, 0);
-	if (!tfm) {
-		ecryptfs_printk(KERN_ERR, "Error allocating crypto "
-				"context\n");
-		rc = -ENOMEM;
-		goto out;
+	if (!strcmp(crypt_stat->cipher,
+		    crypt_stat->mount_crypt_stat->global_default_cipher_name)
+	    && crypt_stat->mount_crypt_stat->global_key_tfm) {
+		tfm = crypt_stat->mount_crypt_stat->global_key_tfm;
+		tfm_mutex = &crypt_stat->mount_crypt_stat->global_key_tfm_mutex;
+	} else {
+		tfm = crypto_alloc_tfm(crypt_stat->cipher,
+				       CRYPTO_TFM_REQ_WEAK_KEY);
+		if (!tfm) {
+			printk(KERN_ERR "Error allocating crypto context\n");
+			rc = -ENOMEM;
+			goto out;
+		}
 	}
 	if (password_s_ptr->session_key_encryption_key_bytes
 	    < crypto_tfm_alg_min_keysize(tfm)) {
@@ -492,6 +500,8 @@ static int decrypt_session_key(struct ec
 		rc = -EINVAL;
 		goto out;
 	}
+	if (tfm_mutex)
+		mutex_lock(tfm_mutex);
 	crypto_cipher_setkey(tfm, password_s_ptr->session_key_encryption_key,
 			     crypt_stat->key_size);
 	/* TODO: virt_to_scatterlist */
@@ -539,7 +549,10 @@ static int decrypt_session_key(struct ec
 	memset(session_key, 0, PAGE_CACHE_SIZE);
 	free_page((unsigned long)session_key);
 out_free_tfm:
-	crypto_free_tfm(tfm);
+	if (tfm_mutex)
+		mutex_unlock(tfm_mutex);
+	else
+		crypto_free_tfm(tfm);
 out:
 	return rc;
 }
@@ -796,6 +809,7 @@ write_tag_3_packet(char *dest, int max, 
 	struct scatterlist dest_sg[2];
 	struct scatterlist src_sg[2];
 	struct crypto_tfm *tfm = NULL;
+	struct mutex *tfm_mutex = NULL;
 	int key_rec_size;
 	int packet_size_length;
 	int cipher_code;
@@ -862,16 +876,27 @@ write_tag_3_packet(char *dest, int max, 
 		rc = -ENOMEM;
 		goto out;
 	}
-	if ((tfm = crypto_alloc_tfm(crypt_stat->cipher, 0)) == NULL) {
+	if (!strcmp(crypt_stat->cipher,
+		    crypt_stat->mount_crypt_stat->global_default_cipher_name)
+	    && crypt_stat->mount_crypt_stat->global_key_tfm) {
+		tfm = crypt_stat->mount_crypt_stat->global_key_tfm;
+		tfm_mutex = &crypt_stat->mount_crypt_stat->global_key_tfm_mutex;
+	} else
+		tfm = crypto_alloc_tfm(crypt_stat->cipher, 0);
+	if (!tfm) {
 		ecryptfs_printk(KERN_ERR, "Could not initialize crypto "
 				"context for cipher [%s]\n",
 				crypt_stat->cipher);
 		rc = -EINVAL;
 		goto out;
 	}
+	if (tfm_mutex)
+		mutex_lock(tfm_mutex);
 	rc = crypto_cipher_setkey(tfm, session_key_encryption_key,
 				  crypt_stat->key_size);
 	if (rc < 0) {
+		if (tfm_mutex)
+			mutex_unlock(tfm_mutex);
 		ecryptfs_printk(KERN_ERR, "Error setting key for crypto "
 				"context\n");
 		goto out;
@@ -881,6 +906,8 @@ write_tag_3_packet(char *dest, int max, 
 			crypt_stat->key_size);
 	crypto_cipher_encrypt(tfm, dest_sg, src_sg,
 			      (*key_rec).enc_key_size);
+	if (tfm_mutex)
+		mutex_unlock(tfm_mutex);
 	ecryptfs_printk(KERN_DEBUG, "This should be the encrypted key:\n");
 	if (ecryptfs_verbosity > 0)
 		ecryptfs_dump_hex((*key_rec).enc_key,
@@ -941,7 +968,7 @@ encrypted_session_key_set:
 	       (*key_rec).enc_key_size);
 	(*packet_size) += (*key_rec).enc_key_size;
 out:
-	if (tfm)
+	if (tfm && !tfm_mutex)
 		crypto_free_tfm(tfm);
 	if (rc)
 		(*packet_size) = 0;
diff -puN fs/ecryptfs/main.c~ecryptfs-more-intelligent-use-of-tfm-objects fs/ecryptfs/main.c
--- 25/fs/ecryptfs/main.c~ecryptfs-more-intelligent-use-of-tfm-objects	Tue Jun 20 17:37:47 2006
+++ 25-akpm/fs/ecryptfs/main.c	Tue Jun 20 17:37:47 2006
@@ -28,6 +28,7 @@
 #include <linux/module.h>
 #include <linux/namei.h>
 #include <linux/skbuff.h>
+#include <linux/crypto.h>
 #include <linux/netlink.h>
 #include <linux/mount.h>
 #include <linux/dcache.h>
@@ -212,6 +213,7 @@ static int ecryptfs_parse_options(struct
 	char *cipher_name_dst;
 	char *cipher_name_src;
 	char *cipher_key_bytes_src;
+	struct crypto_tfm *tmp_tfm;
 	int cipher_name_len;
 
 	if (!options) {
@@ -311,6 +313,22 @@ static int ecryptfs_parse_options(struct
 				mount_crypt_stat->
 				global_default_cipher_key_size);
 	}
+	rc = ecryptfs_process_cipher(
+		&tmp_tfm,
+		&mount_crypt_stat->global_key_tfm,
+		mount_crypt_stat->global_default_cipher_name,
+		mount_crypt_stat->global_default_cipher_key_size);
+	if (tmp_tfm)
+		crypto_free_tfm(tmp_tfm);
+	if (rc) {
+		printk(KERN_ERR "Error attempting to initialize cipher [%s] "
+		       "with key size [%d] bytes; rc = [%d]\n",
+		       mount_crypt_stat->global_default_cipher_name,
+		       mount_crypt_stat->global_default_cipher_key_size, rc);
+		rc = -EINVAL;
+		goto out;
+	}
+	mutex_init(&mount_crypt_stat->global_key_tfm_mutex);
 	ecryptfs_printk(KERN_DEBUG, "Requesting the key with description: "
 			"[%s]\n", mount_crypt_stat->global_auth_tok_sig);
 	/* The reference to this key is held until umount is done The
@@ -494,11 +512,13 @@ static struct super_block *ecryptfs_get_
 	}
 	rc = ecryptfs_parse_options(sb, raw_data);
 	if (rc) {
+		deactivate_super(sb);
 		sb = ERR_PTR(rc);
 		goto out;
 	}
 	rc = ecryptfs_read_super(sb, dev_name);
 	if (rc) {
+		deactivate_super(sb);
 		sb = ERR_PTR(rc);
 		ecryptfs_printk(KERN_ERR, "Reading sb failed. "
 				"sb = [%p]\n", sb);
@@ -516,10 +536,9 @@ out:
  */
 static void ecryptfs_kill_block_super(struct super_block *sb)
 {
-	struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
-		&(ecryptfs_superblock_to_private(sb)->mount_crypt_stat);
-
-	memset(mount_crypt_stat, 0, sizeof(struct ecryptfs_mount_crypt_stat));
+	printk(KERN_INFO "%s\n", __FUNCTION__);
+/*	ecryptfs_destruct_mount_crypt_stat(
+	&(ecryptfs_superblock_to_private(sb)->mount_crypt_stat)); */
 	generic_shutdown_super(sb);
 }
 
@@ -549,19 +568,19 @@ inode_info_init_once(void *vptr, struct 
 /* This provides a means of backing out cache creations out of the kernel
  * so that we can elegantly fail should we run out of memory.
  */
-#define ECRYPTFS_AUTH_TOK_LIST_ITEM_CACHE 	0x0001
-#define ECRYPTFS_AUTH_TOK_PKT_SET_CACHE         0x0002
-#define ECRYPTFS_AUTH_TOK_REQUEST_CACHE         0x0004
-#define ECRYPTFS_AUTH_TOK_REQUEST_BLOB_CACHE    0x0008
-#define ECRYPTFS_FILE_INFO_CACHE 		0x0010
-#define ECRYPTFS_DENTRY_INFO_CACHE 		0x0020
-#define ECRYPTFS_INODE_INFO_CACHE 		0x0040
-#define ECRYPTFS_SB_INFO_CACHE 			0x0080
-#define ECRYPTFS_HEADER_CACHE_0 		0x0100
-#define ECRYPTFS_HEADER_CACHE_1 		0x0200
-#define ECRYPTFS_HEADER_CACHE_2 		0x0400
-#define ECRYPTFS_LOWER_PAGE_CACHE 		0x0800
-#define ECRYPTFS_CACHE_CREATION_SUCCESS		0x0FF1
+#define ECRYPTFS_AUTH_TOK_LIST_ITEM_CACHE    0x0001
+#define ECRYPTFS_AUTH_TOK_PKT_SET_CACHE      0x0002
+#define ECRYPTFS_AUTH_TOK_REQUEST_CACHE      0x0004
+#define ECRYPTFS_AUTH_TOK_REQUEST_BLOB_CACHE 0x0008
+#define ECRYPTFS_FILE_INFO_CACHE             0x0010
+#define ECRYPTFS_DENTRY_INFO_CACHE           0x0020
+#define ECRYPTFS_INODE_INFO_CACHE            0x0040
+#define ECRYPTFS_SB_INFO_CACHE               0x0080
+#define ECRYPTFS_HEADER_CACHE_0              0x0100
+#define ECRYPTFS_HEADER_CACHE_1              0x0200
+#define ECRYPTFS_HEADER_CACHE_2              0x0400
+#define ECRYPTFS_LOWER_PAGE_CACHE            0x0800
+#define ECRYPTFS_CACHE_CREATION_SUCCESS      0x0FF1
 
 static short ecryptfs_allocated_caches;
 
@@ -599,13 +618,13 @@ static int ecryptfs_init_kmem_caches(voi
 				"kmem_cache_create failed\n");
 
 	ecryptfs_dentry_info_cache =
-	    kmem_cache_create("ecryptfs_dentry_cache",
+	    kmem_cache_create("ecryptfs_dentry_info_cache",
 			      sizeof(struct ecryptfs_dentry_info),
 			      0, SLAB_HWCACHE_ALIGN, NULL, NULL);
 	if (ecryptfs_dentry_info_cache)
 		rc |= ECRYPTFS_DENTRY_INFO_CACHE;
 	else
-		ecryptfs_printk(KERN_WARNING, "ecryptfs_dentry_cache "
+		ecryptfs_printk(KERN_WARNING, "ecryptfs_dentry_info_cache "
 				"kmem_cache_create failed\n");
 
 	ecryptfs_inode_info_cache =
diff -puN fs/ecryptfs/super.c~ecryptfs-more-intelligent-use-of-tfm-objects fs/ecryptfs/super.c
--- 25/fs/ecryptfs/super.c~ecryptfs-more-intelligent-use-of-tfm-objects	Tue Jun 20 17:37:47 2006
+++ 25-akpm/fs/ecryptfs/super.c	Tue Jun 20 17:37:47 2006
@@ -27,6 +27,7 @@
 #include <linux/mount.h>
 #include <linux/key.h>
 #include <linux/seq_file.h>
+#include <linux/crypto.h>
 #include "ecryptfs_kernel.h"
 
 struct kmem_cache *ecryptfs_inode_info_cache;
@@ -107,8 +108,9 @@ static void ecryptfs_put_super(struct su
 {
 	struct ecryptfs_sb_info *sb_info = ecryptfs_superblock_to_private(sb);
 
+	printk(KERN_INFO "%s\n", __FUNCTION__);
 	mntput(sb_info->lower_mnt);
-	key_put(sb_info->mount_crypt_stat.global_auth_tok_key);
+	ecryptfs_destruct_mount_crypt_stat(&sb_info->mount_crypt_stat);
 	kmem_cache_free(ecryptfs_sb_info_cache, sb_info);
 	ecryptfs_set_superblock_private(sb, NULL);
 }
_

Patches currently in -mm which might be from mhalcrow@xxxxxxxxxx are

ecryptfs-fs-makefile-and-fs-kconfig.patch
ecryptfs-fs-makefile-and-fs-kconfig-remove-ecrypt_debug-from-fs-kconfig.patch
ecryptfs-documentation.patch
ecryptfs-makefile.patch
ecryptfs-main-module-functions.patch
ecryptfs-main-module-functions-uint16_t-u16.patch
ecryptfs-header-declarations.patch
ecryptfs-header-declarations-update.patch
ecryptfs-header-declarations-update-convert-signed-data-types-to-unsigned-data-types.patch
ecryptfs-header-declarations-remove-unnecessary-ifndefs.patch
ecryptfs-superblock-operations.patch
ecryptfs-dentry-operations.patch
ecryptfs-file-operations.patch
ecryptfs-file-operations-remove-null-==-syntax.patch
ecryptfs-file-operations-remove-extraneous-read-of-inode-size-from-header.patch
ecryptfs-file-operations-fix.patch
ecryptfs-file-operations-fix-premature-release-of-file_info-memory.patch
ecryptfs-inode-operations.patch
ecryptfs-mmap-operations.patch
mark-address_space_operations-const-vs-ecryptfs-mmap-operations.patch
ecryptfs-keystore.patch
ecryptfs-crypto-functions.patch
ecryptfs-debug-functions.patch
ecryptfs-alpha-build-fix.patch
ecryptfs-convert-assert-to-bug_on.patch
ecryptfs-remove-unnecessary-null-checks.patch
ecryptfs-rewrite-ecryptfs_fsync.patch
ecryptfs-overhaul-file-locking.patch
ecryptfs-dont-muck-with-the-existing-nameidata-structures.patch
ecryptfs-asm-scatterlisth-linux-scatterlisth.patch
ecryptfs-support-for-larger-maximum-key-size.patch
ecryptfs-add-codes-for-additional-ciphers.patch
ecryptfs-unencrypted-key-size-based-on-encrypted-key-size.patch
ecryptfs-packet-and-key-management-update-for-variable-key-size.patch
ecryptfs-add-ecryptfs_-prefix-to-mount-options-key-size-parameter.patch
ecryptfs-set-the-key-size-from-the-default-for-the-mount.patch
ecryptfs-check-for-weak-keys.patch
ecryptfs-add-define-values-for-cipher-codes-from-rfc2440-openpgp.patch
ecryptfs-convert-bits-to-bytes.patch
ecryptfs-more-elegant-aes-key-size-manipulation.patch
ecryptfs-more-elegant-aes-key-size-manipulation-tidy.patch
ecryptfs-more-intelligent-use-of-tfm-objects.patch

-
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Kernel Newbies FAQ]     [Kernel Archive]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [Bugtraq]     [Photo]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]

  Powered by Linux