[PATCH] eCryptfs: Reduce stack usage in ecryptfs_generate_key_packet_set()
authorMichael Halcrow <mhalcrow@us.ibm.com>
Fri, 16 Feb 2007 09:28:40 +0000 (01:28 -0800)
committerLinus Torvalds <torvalds@woody.linux-foundation.org>
Fri, 16 Feb 2007 16:14:01 +0000 (08:14 -0800)
eCryptfs is gobbling a lot of stack in ecryptfs_generate_key_packet_set()
because it allocates a temporary memory-hungry ecryptfs_key_record struct.
This patch introduces a new kmem_cache for that struct and converts
ecryptfs_generate_key_packet_set() to use it.

Signed-off-by: Michael Halcrow <mhalcrow@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
fs/ecryptfs/ecryptfs_kernel.h
fs/ecryptfs/keystore.c
fs/ecryptfs/main.c

index b3609b7..403e3ba 100644 (file)
@@ -467,6 +467,7 @@ extern struct kmem_cache *ecryptfs_header_cache_1;
 extern struct kmem_cache *ecryptfs_header_cache_2;
 extern struct kmem_cache *ecryptfs_xattr_cache;
 extern struct kmem_cache *ecryptfs_lower_page_cache;
+extern struct kmem_cache *ecryptfs_key_record_cache;
 
 int ecryptfs_interpose(struct dentry *hidden_dentry,
                       struct dentry *this_dentry, struct super_block *sb,
index 81156e9..b550dea 100644 (file)
@@ -1638,6 +1638,8 @@ out:
        return rc;
 }
 
+struct kmem_cache *ecryptfs_key_record_cache;
+
 /**
  * ecryptfs_generate_key_packet_set
  * @dest: Virtual address from which to write the key record set
@@ -1664,50 +1666,55 @@ ecryptfs_generate_key_packet_set(char *dest_base,
                &ecryptfs_superblock_to_private(
                        ecryptfs_dentry->d_sb)->mount_crypt_stat;
        size_t written;
-       struct ecryptfs_key_record key_rec;
+       struct ecryptfs_key_record *key_rec;
        int rc = 0;
 
        (*len) = 0;
+       key_rec = kmem_cache_alloc(ecryptfs_key_record_cache, GFP_KERNEL);
+       if (!key_rec) {
+               rc = -ENOMEM;
+               goto out;
+       }
        if (mount_crypt_stat->global_auth_tok) {
                auth_tok = mount_crypt_stat->global_auth_tok;
                if (auth_tok->token_type == ECRYPTFS_PASSWORD) {
                        rc = write_tag_3_packet((dest_base + (*len)),
                                                max, auth_tok,
-                                               crypt_stat, &key_rec,
+                                               crypt_stat, key_rec,
                                                &written);
                        if (rc) {
                                ecryptfs_printk(KERN_WARNING, "Error "
                                                "writing tag 3 packet\n");
-                               goto out;
+                               goto out_free;
                        }
                        (*len) += written;
                        /* Write auth tok signature packet */
                        rc = write_tag_11_packet(
                                (dest_base + (*len)),
                                (max - (*len)),
-                               key_rec.sig, ECRYPTFS_SIG_SIZE, &written);
+                               key_rec->sig, ECRYPTFS_SIG_SIZE, &written);
                        if (rc) {
                                ecryptfs_printk(KERN_ERR, "Error writing "
                                                "auth tok signature packet\n");
-                               goto out;
+                               goto out_free;
                        }
                        (*len) += written;
                } else if (auth_tok->token_type == ECRYPTFS_PRIVATE_KEY) {
                        rc = write_tag_1_packet(dest_base + (*len),
                                                max, auth_tok,
                                                crypt_stat,mount_crypt_stat,
-                                               &key_rec, &written);
+                                               key_rec, &written);
                        if (rc) {
                                ecryptfs_printk(KERN_WARNING, "Error "
                                                "writing tag 1 packet\n");
-                               goto out;
+                               goto out_free;
                        }
                        (*len) += written;
                } else {
                        ecryptfs_printk(KERN_WARNING, "Unsupported "
                                        "authentication token type\n");
                        rc = -EINVAL;
-                       goto out;
+                       goto out_free;
                }
        } else
                BUG();
@@ -1717,6 +1724,9 @@ ecryptfs_generate_key_packet_set(char *dest_base,
                ecryptfs_printk(KERN_ERR, "Error writing boundary byte\n");
                rc = -EIO;
        }
+
+out_free:
+       kmem_cache_free(ecryptfs_key_record_cache, key_rec);
 out:
        if (rc)
                (*len) = 0;
index 26fe405..80044d1 100644 (file)
@@ -651,6 +651,11 @@ static struct ecryptfs_cache_info {
                .name = "ecryptfs_lower_page_cache",
                .size = PAGE_CACHE_SIZE,
        },
+       {
+               .cache = &ecryptfs_key_record_cache,
+               .name = "ecryptfs_key_record_cache",
+               .size = sizeof(struct ecryptfs_key_record),
+       },
 };
 
 static void ecryptfs_free_kmem_caches(void)