linux_dsm_epyc7002/fs/ecryptfs
Tyler Hicks 84814d642a eCryptfs: don't encrypt file key with filename key
eCryptfs has file encryption keys (FEK), file encryption key encryption
keys (FEKEK), and filename encryption keys (FNEK).  The per-file FEK is
encrypted with one or more FEKEKs and stored in the header of the
encrypted file.  I noticed that the FEK is also being encrypted by the
FNEK.  This is a problem if a user wants to use a different FNEK than
their FEKEK, as their file contents will still be accessible with the
FNEK.

This is a minimalistic patch which prevents the FNEKs signatures from
being copied to the inode signatures list.  Ultimately, it keeps the FEK
from being encrypted with a FNEK.

Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
Cc: Serge Hallyn <serue@us.ibm.com>
Acked-by: Dustin Kirkland <kirkland@canonical.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-03-14 11:57:22 -07:00
..
crypto.c eCryptfs: don't encrypt file key with filename key 2009-03-14 11:57:22 -07:00
debug.c eCryptfs: update comment and debug statement 2007-10-16 09:43:11 -07:00
dentry.c eCryptfs: Swap dput() and mntput() 2008-03-19 18:53:36 -07:00
ecryptfs_kernel.h eCryptfs: don't encrypt file key with filename key 2009-03-14 11:57:22 -07:00
file.c eCryptfs: Fix data types (int/size_t) 2009-01-06 15:59:22 -08:00
inode.c fs/ecryptfs/inode.c: cleanup kerneldoc 2009-01-06 15:59:22 -08:00
Kconfig fs/Kconfig: move ecryptfs out 2009-01-22 13:15:56 +03:00
keystore.c eCryptfs: don't encrypt file key with filename key 2009-03-14 11:57:22 -07:00
kthread.c CRED: Pass credentials through dentry_open() 2008-11-14 10:39:22 +11:00
main.c eCryptfs: don't encrypt file key with filename key 2009-03-14 11:57:22 -07:00
Makefile eCryptfs: remove netlink transport 2008-10-16 11:21:39 -07:00
messaging.c eCryptfs: Replace %Z with %z 2009-01-06 15:59:22 -08:00
miscdev.c eCryptfs: Replace %Z with %z 2009-01-06 15:59:22 -08:00
mmap.c fs: symlink write_begin allocation context fix 2009-01-04 13:33:20 -08:00
read_write.c eCryptfs: remove unnecessary page decrypt call 2008-06-06 11:29:09 -07:00
super.c ecryptfs: remove debug as mount option, and warn if set via modprobe 2008-02-06 10:41:12 -08:00