diff options
| author | Eric Sandeen <sandeen@redhat.com> | 2008-02-06 04:38:37 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@woody.linux-foundation.org> | 2008-02-06 13:41:13 -0500 |
| commit | af440f52927e4b6941aa94e3cfc698adb0f22663 (patch) | |
| tree | 00a7fdc2b09e8e6146f0fd0bc055688d58eea939 /fs/ecryptfs/ecryptfs_kernel.h | |
| parent | 19e66a67e9b25874cd5e184e7d381ce1b955df11 (diff) | |
ecryptfs: check for existing key_tfm at mount time
Jeff Moyer pointed out that a mount; umount loop of ecryptfs, with the same
cipher & other mount options, created a new ecryptfs_key_tfm_cache item
each time, and the cache could grow quite large this way.
Looking at this with mhalcrow, we saw that ecryptfs_parse_options()
unconditionally called ecryptfs_add_new_key_tfm(), which is what was adding
these items.
Refactor ecryptfs_get_tfm_and_mutex_for_cipher_name() to create a new
helper function, ecryptfs_tfm_exists(), which checks for the cipher on the
cached key_tfm_list, and sets a pointer to it if it exists. This can then
be called from ecryptfs_parse_options(), and new key_tfm's can be added
only when a cached one is not found.
With list locking changes suggested by akpm.
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Cc: Michael Halcrow <mhalcrow@us.ibm.com>
Cc: Jeff Moyer <jmoyer@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'fs/ecryptfs/ecryptfs_kernel.h')
| -rw-r--r-- | fs/ecryptfs/ecryptfs_kernel.h | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h index f44f71b7605a..5007f788da01 100644 --- a/fs/ecryptfs/ecryptfs_kernel.h +++ b/fs/ecryptfs/ecryptfs_kernel.h | |||
| @@ -323,6 +323,8 @@ struct ecryptfs_key_tfm { | |||
| 323 | unsigned char cipher_name[ECRYPTFS_MAX_CIPHER_NAME_SIZE + 1]; | 323 | unsigned char cipher_name[ECRYPTFS_MAX_CIPHER_NAME_SIZE + 1]; |
| 324 | }; | 324 | }; |
| 325 | 325 | ||
| 326 | extern struct mutex key_tfm_list_mutex; | ||
| 327 | |||
| 326 | /** | 328 | /** |
| 327 | * This struct is to enable a mount-wide passphrase/salt combo. This | 329 | * This struct is to enable a mount-wide passphrase/salt combo. This |
| 328 | * is more or less a stopgap to provide similar functionality to other | 330 | * is more or less a stopgap to provide similar functionality to other |
| @@ -617,6 +619,7 @@ ecryptfs_add_new_key_tfm(struct ecryptfs_key_tfm **key_tfm, char *cipher_name, | |||
| 617 | size_t key_size); | 619 | size_t key_size); |
| 618 | int ecryptfs_init_crypto(void); | 620 | int ecryptfs_init_crypto(void); |
| 619 | int ecryptfs_destroy_crypto(void); | 621 | int ecryptfs_destroy_crypto(void); |
| 622 | int ecryptfs_tfm_exists(char *cipher_name, struct ecryptfs_key_tfm **key_tfm); | ||
| 620 | int ecryptfs_get_tfm_and_mutex_for_cipher_name(struct crypto_blkcipher **tfm, | 623 | int ecryptfs_get_tfm_and_mutex_for_cipher_name(struct crypto_blkcipher **tfm, |
| 621 | struct mutex **tfm_mutex, | 624 | struct mutex **tfm_mutex, |
| 622 | char *cipher_name); | 625 | char *cipher_name); |