linux/fs/ext4
Theodore Ts'o b7236e21d5 ext4 crypto: reorganize how we store keys in the inode
This is a pretty massive patch which does a number of different things:

1) The per-inode encryption information is now stored in an allocated
   data structure, ext4_crypt_info, instead of directly in the node.
   This reduces the size usage of an in-memory inode when it is not
   using encryption.

2) We drop the ext4_fname_crypto_ctx entirely, and use the per-inode
   encryption structure instead.  This remove an unnecessary memory
   allocation and free for the fname_crypto_ctx as well as allowing us
   to reuse the ctfm in a directory for multiple lookups and file
   creations.

3) We also cache the inode's policy information in the ext4_crypt_info
   structure so we don't have to continually read it out of the
   extended attributes.

4) We now keep the keyring key in the inode's encryption structure
   instead of releasing it after we are done using it to derive the
   per-inode key.  This allows us to test to see if the key has been
   revoked; if it has, we prevent the use of the derived key and free
   it.

5) When an inode is released (or when the derived key is freed), we
   will use memset_explicit() to zero out the derived key, so it's not
   left hanging around in memory.  This implies that when a user logs
   out, it is important to first revoke the key, and then unlink it,
   and then finally, to use "echo 3 > /proc/sys/vm/drop_caches" to
   release any decrypted pages and dcache entries from the system
   caches.

6) All this, and we also shrink the number of lines of code by around
   100.  :-)

Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2015-05-18 13:17:47 -04:00
..
acl.c ext4: remove unused header files 2015-04-02 23:47:42 -04:00
acl.h ext2/3/4: use generic posix ACL infrastructure 2014-01-25 23:58:19 -05:00
balloc.c ext4: remove unnecessary lock/unlock of i_block_reservation_lock 2015-04-03 00:02:53 -04:00
bitmap.c ext4: remove unused header files 2015-04-02 23:47:42 -04:00
block_validity.c ext4: remove unused header files 2015-04-02 23:47:42 -04:00
crypto_fname.c ext4 crypto: reorganize how we store keys in the inode 2015-05-18 13:17:47 -04:00
crypto_key.c ext4 crypto: reorganize how we store keys in the inode 2015-05-18 13:17:47 -04:00
crypto_policy.c ext4 crypto: reorganize how we store keys in the inode 2015-05-18 13:17:47 -04:00
crypto.c ext4 crypto: reorganize how we store keys in the inode 2015-05-18 13:17:47 -04:00
dir.c ext4 crypto: reorganize how we store keys in the inode 2015-05-18 13:17:47 -04:00
ext4_crypto.h ext4 crypto: reorganize how we store keys in the inode 2015-05-18 13:17:47 -04:00
ext4_extents.h ext4: teach ext4_ext_find_extent() to realloc path if necessary 2014-09-01 14:40:09 -04:00
ext4_jbd2.c ext4: fix NULL pointer dereference when journal restart fails 2015-05-14 18:55:18 -04:00
ext4_jbd2.h ext4: don't use MAXQUOTAS value 2014-09-11 11:15:15 -04:00
ext4.h ext4 crypto: reorganize how we store keys in the inode 2015-05-18 13:17:47 -04:00
extents_status.c ext4: fix data corruption caused by unwritten and delayed extents 2015-05-02 21:36:55 -04:00
extents_status.h ext4: introduce aging to extent status tree 2014-11-25 11:55:24 -05:00
extents.c ext4: fix an ext3 collapse range regression in xfstests 2015-05-15 00:24:10 -04:00
file.c ext4 crypto: reorganize how we store keys in the inode 2015-05-18 13:17:47 -04:00
fsync.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2015-04-26 17:22:07 -07:00
hash.c ext4: remove unused header files 2015-04-02 23:47:42 -04:00
ialloc.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2015-04-26 17:22:07 -07:00
indirect.c direct-io: only inc/dec inode->i_dio_count for file systems 2015-04-24 15:45:28 -04:00
inline.c ext4 crypto: optimize filename encryption 2015-05-18 13:14:47 -04:00
inode.c ext4: fix lazytime optimization 2015-05-14 18:19:01 -04:00
ioctl.c ext4 crypto: add encryption policy and password salt support 2015-04-11 07:48:01 -04:00
Kconfig ext4 crypto: do not select from EXT4_FS_ENCRYPTION 2015-05-02 10:29:19 -04:00
Makefile ext4 crypto: filename encryption facilities 2015-04-12 00:56:17 -04:00
mballoc.c ext4: Remove an unnecessary check for NULL before iput() 2014-11-25 20:01:37 -05:00
mballoc.h ext4: remove unused ac_ex_scanned 2014-02-20 13:32:10 -05:00
migrate.c VFS: normal filesystems (and lustre): d_inode() annotations 2015-04-15 15:06:57 -04:00
mmp.c ext4: Replace open coded mdata csum feature to helper function 2014-10-13 03:36:16 -04:00
move_extent.c move_extent_per_page(): get rid of unused w_flags 2014-12-17 06:43:56 -05:00
namei.c ext4 crypto: reorganize how we store keys in the inode 2015-05-18 13:17:47 -04:00
page-io.c A few bug fixes and add support for file-system level encryption in ext4. 2015-04-19 14:26:31 -07:00
readpage.c ext4 crypto: implement the ext4 decryption read path 2015-04-12 00:56:10 -04:00
resize.c ext4: fix growing of tiny filesystems 2015-05-02 23:58:32 -04:00
super.c ext4 crypto: reorganize how we store keys in the inode 2015-05-18 13:17:47 -04:00
symlink.c ext4 crypto: reorganize how we store keys in the inode 2015-05-18 13:17:47 -04:00
truncate.h ext4: move common truncate functions to header file 2011-06-27 19:16:04 -04:00
xattr_security.c VFS: normal filesystems (and lustre): d_inode() annotations 2015-04-15 15:06:57 -04:00
xattr_trusted.c VFS: normal filesystems (and lustre): d_inode() annotations 2015-04-15 15:06:57 -04:00
xattr_user.c VFS: normal filesystems (and lustre): d_inode() annotations 2015-04-15 15:06:57 -04:00
xattr.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2015-04-26 17:22:07 -07:00
xattr.h ext4 crypto: add encryption xattr support 2015-04-11 07:47:00 -04:00