The patch titled
ecryptfs: fs/Makefile and fs/Kconfig
has been removed from the -mm tree. Its filename is
ecryptfs-fs-makefile-and-fs-kconfig.patch
This patch was dropped because it is obsolete
------------------------------------------------------
Subject: ecryptfs: fs/Makefile and fs/Kconfig
From: Phillip Hellewell <phillip@xxxxxxxxxxxxxxxxxxxx>
eCryptfs is a stacked cryptographic filesystem for Linux. It is derived from
Erez Zadok's Cryptfs, implemented through the FiST framework for generating
stacked filesystems. eCryptfs extends Cryptfs to provide advanced key
management and policy features. eCryptfs stores cryptographic metadata in the
header of each file written, so that encrypted files can be copied between
hosts; the file will be decryptable with the proper key, and there is no need
to keep track of any additional information aside from what is already in the
encrypted file itself.
This patch modifies the fs/Kconfig and fs/Makefile files to incorporate
eCryptfs into the kernel build.
Signed-off-by: Phillip Hellewell <phillip@xxxxxxxxxxxxxxxxxxxx>
Signed-off-by: Michael Halcrow <mhalcrow@xxxxxxxxxx>
Signed-off-by: Erez Zadok <ezk@xxxxxxxxxxxxx>
Date: Sat, 20 May 2006 10:57:40 +0100
I gave the code in -mm a quick look, and it still needs a lot of work.
- please kill ASSERT and always use BUG_ON.
- you don't need semaphore.h anymore
- please always use <linux/scatterlist.h> instead of <asm/scatterlist.h>
- please kill ECRYPTFS_SET_FLAG, ECRYPTFS_CLEAR_FLAG and ECRYPTFS_CHECK_FLAG
and just opencode them, it'll make the code a whole lot more readable
- why are so many fields on your data structures signed?
- please kill the reaming uint*_t uses
- there's definitly too many ifndefs in ecryptfs_kernel.h. Either
remove the or provide a good explanation why the macros could have
been defined already
( - you need endianess annotations and conversion for your ondisk data
structure. it's totally unacceptable a encrypted filesystem from a BE
machine can't be read on a LE one)
- pleaese get rid of the horrible (NULL == something) style, it makes
the code really hard to read
- in ecryptfs_d_revalidate just replacing the vfsmount/dentry in the
nameidata is dangerous, after that they aren't coherent with the
lookup data anymore. Either find a way to get a real nameidata that's
valid for a lookup on your filesystem or find away to get rid of passing
down the nameidata everywhere and replace it by a real lookup intent
structure. (or even better restructure the code to allow for a high-level
method replacing the lookup intents)
(ditto for various namespace operations in inode.c)
- please make sure touch_atime goes down to ->setattr for atime updates,
that way you don't need all that mess in your read/write. and in -mm
those routines need update for vectored and aio support
- in read_inode_size_from_header please do the kmap after calling ->readpage.
that also allows to swwitch to the more efficien kmap_atomic. also instead
of the memcpy just do
u64 *data_size == kmap_atomic(page, ..)
as kmap_atomic returns a void * (and even if it didn't you could cast
the return value) also you don't need i_size_write there since the inode
isn't life yet.
- ecryptfs_fsync is good sign for various issues all over the code:
o if the various _to_private methods could fail you have much worse
problems, they shouldn't return errors.
o the lower_* are too long and hurt the eye, just use l*
o file->f_op and inode->i_fop for a file instances of a file are
always the same, no need to duplicate all the code
o i_fop can't be NULL ever
With all that fixed the code in this case should look something like:
----------------- snip -----------------
static int
stackfs_fsync(struct file *file, struct dentry *dentry, int datasync)
{
struct file *lfile = file ? lower_file(file) : NULL;
struct dentry *ldentry = lower_dentry(dentry);
struct inode *linode = ldentry->d_inode;
int rc = -EINVAL;
if (linode->i_fop->fsync) {
mutex_lock(&linode->i_mutex);
rc = linode->i_fop->fsync(lfile, ldentry, datasync);
mutex_unlock(&ldentry->d_inode->i_mutex);
}
return rc;
}
----------------- snip -----------------
- NEVER EVER do things like copying locks_delete_block and
posix_lock_file_wait (as ecryptfs_posix_lock and based on a previous
version) to you code. It will get stale and create a maintaince nightmare.
talk with the subsystem maintainers on how to make the core functionality
accesible to you.
- similarly ecryptfs_setlk is totally non-acceptable. find a way with the
maintainer to reuse things from fcntl_setlk with a common helper
- copying things like lock_parent, unlock_parent and unlock_dir
- please split all the generic stackable filesystem passthorugh routines
into a separated stackfs layer, in a few files in fs/stackfs/ that
you depend on. They'll get _GPL exported to all possible stackable
filesystem. They'll need their own store underlying object helpers,
but that can be made to work by embedding the generic stackfs data
as first thing in the ecryptfs object.
that's how far I got today, that's not even half-through yet.
DESC
Remove ECRYPT_DEBUG from fs/Kconfig
EDESC
This patch removes ECRYPT_DEBUG from fs/Kconfig.
Signed-off-by: Michael Halcrow <mhalcrow@xxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxx>
---
fs/Kconfig | 10 ++++++++++
fs/Makefile | 1 +
2 files changed, 11 insertions(+)
diff -puN fs/Kconfig~ecryptfs-fs-makefile-and-fs-kconfig fs/Kconfig
--- a/fs/Kconfig~ecryptfs-fs-makefile-and-fs-kconfig
+++ a/fs/Kconfig
@@ -1030,6 +1030,16 @@ config AFFS_FS
To compile this file system support as a module, choose M here: the
module will be called affs. If unsure, say N.
+config ECRYPT_FS
+ tristate "eCrypt filesystem layer support (EXPERIMENTAL)"
+ depends on EXPERIMENTAL && KEYS && CRYPTO
+ help
+ Encrypted filesystem that operates on the VFS layer. See
+ Documentation/ecryptfs.txt to learn more about eCryptfs.
+
+ To compile this file system support as a module, choose M here: the
+ module will be called ecryptfs.
+
config HFS_FS
tristate "Apple Macintosh file system support (EXPERIMENTAL)"
depends on BLOCK && EXPERIMENTAL
diff -puN fs/Makefile~ecryptfs-fs-makefile-and-fs-kconfig fs/Makefile
--- a/fs/Makefile~ecryptfs-fs-makefile-and-fs-kconfig
+++ a/fs/Makefile
@@ -77,6 +77,7 @@ obj-$(CONFIG_BFS_FS) += bfs/
obj-$(CONFIG_ISO9660_FS) += isofs/
obj-$(CONFIG_HFSPLUS_FS) += hfsplus/ # Before hfs to find wrapped HFS+
obj-$(CONFIG_HFS_FS) += hfs/
+obj-$(CONFIG_ECRYPT_FS) += ecryptfs/
obj-$(CONFIG_VXFS_FS) += freevxfs/
obj-$(CONFIG_NFS_FS) += nfs/
obj-$(CONFIG_EXPORTFS) += exportfs/
_
Patches currently in -mm which might be from phillip@xxxxxxxxxxxxxxxxxxxx are
ecryptfs-superblock-cleanups.patch
ecryptfs-use-special_file.patch
-
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
