Package: src:linux
Version: 3.2.23-1
Severity: important

Dear Maintainer,

After a running into a full disk event with my ecrypts encrypted home directory
I get the following messages:

[ 1477.919780] Valid eCryptfs headers not found in file header region or
xattr region, inode 3328393
[ 1477.919788] Either the lower file is not in a valid eCryptfs format,
or the key could not be retrieved. Plaintext passthrough mode is not
enabled; returning -EIO

I see a lot of random broken files on my system:

~$ find $HOME/.Private/ -size 0c -exec ls '{}' ; | wc -l
84

See https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/957843

It seems that there are patches available by Ubuntu.

Thanks

-- Package-specific info:
** Version:
Linux version 3.2.0-3-amd64 (Debian 3.2.23-1) (debian-kernel@lists.debian.org) (gcc version 4.6.3 (Debian 4.6.3-8) ) #1 SMP Mon Jul 23 02:45:17 UTC 2012

** Command line:
BOOT_IMAGE=/boot/vmlinuz-3.2.0-3-amd64 root=UUID=797bb6e0-5087-4e85-a05b-28278b12e581 ro quiet splash pcie_aspm=force i915.i915_enable_rc6=1 i915.lvds_downclock=1

** Tainted: O (4096)
* Out-of-tree module has been loaded.

** Kernel log:
[ 1318.082537] Valid eCryptfs headers not found in file header region or xattr region, inode 3328393
[ 1318.082548] Either the lower file is not in a valid eCryptfs format, or the key could not be retrieved. Plaintext passthrough mode is not enabled; returning -EIO
[ 1318.082574] Valid eCryptfs headers not found in file header region or xattr region, inode 3328393
[ 1318.082581] Either the lower file is not in a valid eCryptfs format, or the key could not be retrieved. Plaintext passthrough mode is not enabled; returning -EIO
[ 1323.076714] Valid eCryptfs headers not found in file header region or xattr region, inode 3328393
[ 1323.076725] Either the lower file is not in a valid eCryptfs format, or the key could not be retrieved. Plaintext passthrough mode is not enabled; returning -EIO
[ 1323.076751] Valid eCryptfs headers not found in file header region or xattr region, inode 3328393
[ 1323.076758] Either the lower file is not in a valid eCryptfs format, or the key could not be retrieved. Plaintext passthrough mode is not enabled; returning -EIO
[ 1328.071473] Valid eCryptfs headers not found in file header region or xattr region, inode 3328393
[ 1328.071484] Either the lower file is not in a valid eCryptfs format, or the key could not be retrieved. Plaintext passthrough mode is not enabled; returning -EIO
[ 1328.071510] Valid eCryptfs headers not found in file header region or xattr region, inode 3328393
[ 1328.071518] Either the lower file is not in a valid eCryptfs format, or the key could not be retrieved. Plaintext passthrough mode is not enabled; returning -EIO
[ 1333.065588] Valid eCryptfs headers not found in file header region or xattr region, inode 3328393
[ 1333.065599] Either the lower file is not in a valid eCryptfs format, or the key could not be retrieved. Plaintext passthrough mode is not enabled; returning -EIO
[ 1333.065625] Valid eCryptfs headers not found in file header region or xattr region, inode 3328393
[ 1333.065632] Either the lower file is not in a valid eCryptfs format, or the key could not be retrieved. Plaintext passthrough mode is not enabled; returning -EIO
[ 1338.060585] Valid eCryptfs headers not found in file header region or xattr region, inode 3328393
[ 1338.060597] Either the lower file is not in a valid eCryptfs format, or the key could not be retrieved. Plaintext passthrough mode is not enabled; returning -EIO
[ 1338.060622] Valid eCryptfs headers not found in file header region or xattr region, inode 3328393
[ 1338.060630] Either the lower file is not in a valid eCryptfs format, or the key could not be retrieved. Plaintext passthrough mode is not enabled; returning -EIO
[ 1343.055335] Valid eCryptfs headers not found in file header region or xattr region, inode 3328393
[ 1343.055347] Either the lower file is not in a valid eCryptfs format, or the key could not be retrieved. Plaintext passthrough mode is not enabled; returning -EIO
[ 1343.055372] Valid eCryptfs headers not found in file header region or xattr region, inode 3328393
[ 1343.055380] Either the lower file is not in a valid eCryptfs format, or the key could not be retrieved. Plaintext passthrough mode is not enabled; returning -EIO
[ 1348.050229] Valid eCryptfs headers not found in file header region or xattr region, inode 3328393
[ 1348.050240] Either the lower file is not in a valid eCryptfs format, or the key could not be retrieved. Plaintext passthrough mode is not enabled; returning -EIO
[ 1348.050266] Valid eCryptfs headers not found in file header region or xattr region, inode 3328393
[ 1348.050273] Either the lower file is not in a valid eCryptfs format, or the key could not be retrieved. Plaintext passthrough mode is not enabled; returning -EIO
[ 1353.045191] Valid eCryptfs headers not found in file header region or xattr region, inode 3328393
[ 1353.045203] Either the lower file is not in a valid eCryptfs format, or the key could not be retrieved. Plaintext passthrough mode is not enabled; returning -EIO
[ 1353.045228] Valid eCryptfs headers not found in file header region or xattr region, inode 3328393
[ 1353.045236] Either the lower file is not in a valid eCryptfs format, or the key could not be retrieved. Plaintext passthrough mode is not enabled; returning -EIO
[ 1358.040753] Valid eCryptfs headers not found in file header region or xattr region, inode 3328393
[ 1358.040764] Either the lower file is not in a valid eCryptfs format, or the key could not be retrieved. Plaintext passthrough mode is not enabled; returning -EIO
[ 1358.040789] Valid eCryptfs headers not found in file header region or xattr region, inode 3328393
[ 1358.040797] Either the lower file is not in a valid eCryptfs format, or the key could not be retrieved. Plaintext passthrough mode is not enabled; returning -EIO
[ 1363.035423] Valid eCryptfs headers not found in file header region or xattr region, inode 3328393
[ 1363.035434] Either the lower file is not in a valid eCryptfs format, or the key could not be retrieved. Plaintext passthrough mode is not enabled; returning -EIO
[ 1363.035460] Valid eCryptfs headers not found in file header region or xattr region, inode 3328393
[ 1363.035468] Either the lower file is not in a valid eCryptfs format, or the key could not be retrieved. Plaintext passthrough mode is not enabled; returning -EIO
[ 1368.030677] Valid eCryptfs headers not found in file header region or xattr region, inode 3328393
[ 1368.030688] Either the lower file is not in a valid eCryptfs format, or the key could not be retrieved. Plaintext passthrough mode is not enabled; returning -EIO
[ 1368.030715] Valid eCryptfs headers not found in file header region or xattr region, inode 3328393
[ 1368.030722] Either the lower file is not in a valid eCryptfs format, or the key could not be retrieved. Plaintext passthrough mode is not enabled; returning -EIO
[ 1373.025400] Valid eCryptfs headers not found in file header region or xattr region, inode 3328393
[ 1373.025411] Either the lower file is not in a valid eCryptfs format, or the key could not be retrieved. Plaintext passthrough mode is not enabled; returning -EIO
[ 1373.025437] Valid eCryptfs headers not found in file header region or xattr region, inode 3328393
[ 1373.025444] Either the lower file is not in a valid eCryptfs format, or the key could not be retrieved. Plaintext passthrough mode is not enabled; returning -EIO
[ 1378.020364] Valid eCryptfs headers not found in file header region or xattr region, inode 3328393
[ 1378.020375] Either the lower file is not in a valid eCryptfs format, or the key could not be retrieved. Plaintext passthrough mode is not enabled; returning -EIO
[ 1378.020401] Valid eCryptfs headers not found in file header region or xattr region, inode 3328393
[ 1378.020408] Either the lower file is not in a valid eCryptfs format, or the key could not be retrieved. Plaintext passthrough mode is not enabled; returning -EIO
[ 1383.015850] Valid eCryptfs headers not found in file header region or xattr region, inode 3328393
[ 1383.015861] Either the lower file is not in a valid eCryptfs format, or the key could not be retrieved. Plaintext passthrough mode is not enabled; returning -EIO
[ 1383.015888] Valid eCryptfs headers not found in file header region or xattr region, inode 3328393
[ 1383.015895] Either the lower file is not in a valid eCryptfs format, or the key could not be retrieved. Plaintext passthrough mode is not enabled; returning -EIO
[ 1388.010728] Valid eCryptfs headers not found in file header region or xattr region, inode 3328393
[ 1388.010739] Either the lower file is not in a valid eCryptfs format, or the key could not be retrieved. Plaintext passthrough mode is not enabled; returning -EIO
[ 1388.010765] Valid eCryptfs headers not found in file header region or xattr region, inode 3328393
[ 1388.010773] Either the lower file is not in a valid eCryptfs format, or the key could not be retrieved. Plaintext passthrough mode is not enabled; returning -EIO
[ 1393.005367] Valid eCryptfs headers not found in file header region or xattr region, inode 3328393
[ 1393.005377] Either the lower file is not in a valid eCryptfs format, or the key could not be retrieved. Plaintext passthrough mode is not enabled; returning -EIO
[ 1393.005409] Valid eCryptfs headers not found in file header region or xattr region, inode 3328393
[ 1393.005416] Either the lower file is not in a valid eCryptfs format, or the key could not be retrieved. Plaintext passthrough mode is not enabled; returning -EIO
[ 1398.000344] Valid eCryptfs headers not found in file header region or xattr region, inode 3328393
[ 1398.000355] Either the lower file is not in a valid eCryptfs format, or the key could not be retrieved. Plaintext passthrough mode is not enabled; returning -EIO
[ 1398.000382] Valid eCryptfs headers not found in file header region or xattr region, inode 3328393
[ 1398.000389] Either the lower file is not in a valid eCryptfs format, or the key could not be retrieved. Plaintext passthrough mode is not enabled; returning -EIO
[ 1402.995364] Valid eCryptfs headers not found in file header region or xattr region, inode 3328393
[ 1402.995375] Either the lower file is not in a valid eCryptfs format, or the key could not be retrieved. Plaintext passthrough mode is not enabled; returning -EIO
[ 1402.995402] Valid eCryptfs headers not found in file header region or xattr region, inode 3328393
[ 1402.995409] Either the lower file is not in a valid eCryptfs format, or the key could not be retrieved. Plaintext passthrough mode is not enabled; returning -EIO
[ 1407.990201] Valid eCryptfs headers not found in file header region or xattr region, inode 3328393
[ 1407.990212] Either the lower file is not in a valid eCryptfs format, or the key could not be retrieved. Plaintext passthrough mode is not enabled; returning -EIO
[ 1407.990239] Valid eCryptfs headers not found in file header region or xattr region, inode 3328393
[ 1407.990246] Either the lower file is not in a valid eCryptfs format, or the key could not be retrieved. Plaintext passthrough mode is not enabled; returning -EIO
[ 1412.984709] Valid eCryptfs headers not found in file header region or xattr region, inode 3328393
[ 1412.984720] Either the lower file is not in a valid eCryptfs format, or the key could not be retrieved. Plaintext passthrough mode is not enabled; returning -EIO
[ 1412.984745] Valid eCryptfs headers not found in file header region or xattr region, inode 3328393
[ 1412.984753] Either the lower file is not in a valid eCryptfs format, or the key could not be retrieved. Plaintext passthrough mode is not enabled; returning -EIO
[ 1417.979808] Valid eCryptfs headers not found in file header region or xattr region, inode 3328393
[ 1417.979819] Either the lower file is not in a valid eCryptfs format, or the key could not be retrieved. Plaintext passthrough mode is not enabled; returning -EIO
[ 1417.979845] Valid eCryptfs headers not found in file header region or xattr region, inode 3328393
[ 1417.979852] Either the lower file is not in a valid eCryptfs format, or the key could not be retrieved. Plaintext passthrough mode is not enabled; returning -EIO
[ 1422.975123] Valid eCryptfs headers not found in file header region or xattr region, inode 3328393
[ 1422.975134] Either the lower file is not in a valid eCryptfs format, or the key could not be retrieved. Plaintext passthrough mode is not enabled; returning -EIO
[ 1422.975159] Valid eCryptfs headers not found in file header region or xattr region, inode 3328393
[ 1422.975167] Either the lower file is not in a valid eCryptfs format, or the key could not be retrieved. Plaintext passthrough mode is not enabled; returning -EIO
[ 1427.970175] Valid eCryptfs headers not found in file header region or xattr region, inode 3328393
[ 1427.970187] Either the lower file is not in a valid eCryptfs format, or the key could not be retrieved. Plaintext passthrough mode is not enabled; returning -EIO
[ 1427.970212] Valid eCryptfs headers not found in file header region or xattr region, inode 3328393
[ 1427.970219] Either the lower file is not in a valid eCryptfs format, or the key could not be retrieved. Plaintext passthrough mode is not enabled; returning -EIO
[ 1432.965965] Valid eCryptfs headers not found in file header region or xattr region, inode 3328393
[ 1432.965976] Either the lower file is not in a valid eCryptfs format, or the key could not be retrieved. Plaintext passthrough mode is not enabled; returning -EIO
[ 1432.966002] Valid eCryptfs headers not found in file header region or xattr region, inode 3328393
[ 1432.966010] Either the lower file is not in a valid eCryptfs format, or the key could not be retrieved. Plaintext passthrough mode is not enabled; returning -EIO
[ 1437.960667] Valid eCryptfs headers not found in file header region or xattr region, inode 3328393
[ 1437.960678] Either the lower file is not in a valid eCryptfs format, or the key could not be retrieved. Plaintext passthrough mode is not enabled; returning -EIO
[ 1437.960704] Valid eCryptfs headers not found in file header region or xattr region, inode 3328393
[ 1437.960711] Either the lower file is not in a valid eCryptfs format, or the key could not be retrieved. Plaintext passthrough mode is not enabled; returning -EIO

** Model information
sys_vendor: LENOVO
product_name: 4287CTO
product_version: ThinkPad X220
chassis_vendor: LENOVO
chassis_version: Not Available
bios_vendor: LENOVO
bios_version: 8DET52WW (1.22 )
board_vendor: LENOVO
board_name: 4287CTO
board_version: Not Available

** Loaded modules:
ecb
hidp
hid
ip6table_filter
ip6_tables
ebtable_nat
ebtables
ipt_MASQUERADE
iptable_nat
nf_nat
nf_conntrack_ipv4
nf_defrag_ipv4
xt_state
nf_conntrack
ipt_REJECT
xt_CHECKSUM
iptable_mangle
xt_tcpudp
iptable_filter
ip_tables
x_tables
bridge
stp
parport_pc
ppdev
lp
parport
rfcomm
bnep
pci_stub
vboxpci(O)
vboxnetadp(O)
cpufreq_powersave
vboxnetflt(O)
cpufreq_conservative
cpufreq_userspace
vboxdrv(O)
cpufreq_stats
xfrm_user
xfrm4_tunnel
tunnel4
ipcomp
xfrm_ipcomp
esp4
ah4
binfmt_misc
uinput
deflate
zlib_deflate
ctr
twofish_generic
twofish_x86_64_3way
twofish_x86_64
twofish_common
camellia
serpent
blowfish_generic
blowfish_x86_64
blowfish_common
cast5
des_generic
cbc
xcbc
rmd160
sha512_generic
sha256_generic
sha1_ssse3
sha1_generic
hmac
crypto_null
af_key
fuse
nfsd
nfs
nfs_acl
auth_rpcgss
fscache
lockd
sunrpc
loop
ecryptfs
dm_crypt
kvm_intel
kvm
joydev
snd_hda_codec_hdmi
snd_hda_codec_conexant
uvcvideo
videodev
cdc_wdm
v4l2_compat_ioctl32
media
cdc_ncm
usbnet
mii
cdc_acm
btusb
bluetooth
i915
snd_hda_intel
snd_hda_codec
snd_hwdep
arc4
iwlwifi
snd_pcm
snd_page_alloc
psmouse
thinkpad_acpi
drm_kms_helper
mac80211
drm
serio_raw
ac
tpm_tis
nvram
snd_seq
snd_seq_device
snd_timer
evdev
snd
battery
pcspkr
i2c_algo_bit
i2c_i801
i2c_core
tpm
iTCO_wdt
cfg80211
soundcore
coretemp
rfkill
power_supply
iTCO_vendor_support
tpm_bios
acpi_cpufreq
mperf
wmi
video
processor
button
ext4
crc16
jbd2
mbcache
dm_mod
sg
sd_mod
crc_t10dif
xhci_hcd
crc32c_intel
ghash_clmulni_intel
ahci
libahci
ehci_hcd
aesni_intel
usbcore
libata
usb_common
aes_x86_64
scsi_mod
aes_generic
cryptd
sdhci_pci
sdhci
e1000e
mmc_core
thermal
thermal_sys

** Network interface configuration:

auto lo
iface lo inet loopback

** Network status:
*** IP interfaces and addresses:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
link/ether f0:de:f1:5b:b6:7b brd ff:ff:ff:ff:ff:ff
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether a0:88:b4:41:04:6c brd ff:ff:ff:ff:ff:ff
inet 192.168.2.107/24 brd 192.168.2.255 scope global wlan0
inet6 2001:4dd0:ff00:8aa6:2cad:a1b4:1377:d6f6/64 scope global temporary dynamic
valid_lft 86179sec preferred_lft 14179sec
inet6 2001:4dd0:ff00:8aa6:a288:b4ff:fe41:46c/64 scope global dynamic
valid_lft 86179sec preferred_lft 14179sec
inet6 fe80::a288:b4ff:fe41:46c/64 scope link
valid_lft forever preferred_lft forever
4: usb0: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
link/ether 02:80:37:ec:02:00 brd ff:ff:ff:ff:ff:ff
5: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether f6:b3:9f:94:a1:7a brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0

*** Device statistics:
Inter-| Receive | Transmit
face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed
lo: 11044 143 0 0 0 0 0 0 11044 143 0 0 0 0 0 0
usb0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
virbr0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
wlan0: 2633503 4214 0 0 0 0 0 0 528440 2900 0 0 0 0 0 0
eth0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

*** Protocol statistics:
Ip:
1647 total packets received
0 forwarded
0 incoming packets discarded
1541 incoming packets delivered
1636 requests sent out
48 outgoing packets dropped
4 dropped because of missing route
Icmp:
56 ICMP messages received
0 input ICMP message failed.
ICMP input histogram:
destination unreachable: 56
56 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
destination unreachable: 56
IcmpMsg:
InType3: 56
OutType3: 56
Tcp:
100 active connections openings
0 passive connection openings
2 failed connection attempts
4 connection resets received
4 connections established
2603 segments received
2249 segments send out
20 segments retransmited
0 bad segments received.
40 resets sent
Udp:
661 packets received
56 packets to unknown port received.
0 packet receive errors
674 packets sent
UdpLite:
TcpExt:
50 TCP sockets finished time wait in fast timer
47 delayed acks sent
Quick ack mode was activated 4 times
1752 packet headers predicted
280 acknowledgments not containing data payload received
150 predicted acknowledgments
3 congestion windows recovered without slow start after partial ack
16 retransmits in slow start
4 other TCP timeouts
3 DSACKs sent for old packets
2 DSACKs received
12 connections reset due to unexpected data
4 connections reset due to early user close
TCPSackShiftFallback: 5
IpExt:
InNoRoutes: 3
InMcastPkts: 106
OutMcastPkts: 91
InBcastPkts: 108
OutBcastPkts: 105
InOctets: 697110
OutOctets: 237722
InMcastOctets: 12342
OutMcastOctets: 11051
InBcastOctets: 15449
OutBcastOctets: 14754


** PCI devices:
00:00.0 Host bridge [0600]: Intel Corporation 2nd Generation Core Processor Family DRAM Controller [8086:0104] (rev 09)
Subsystem: Lenovo Device [17aa:21da]
Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort+ >SERR- <PERR- INTx-
Latency: 0
Capabilities: <access denied>
Kernel driver in use: agpgart-intel

00:02.0 VGA compatible controller [0300]: Intel Corporation 2nd Generation Core Processor Family Integrated Graphics Controller [8086:0126] (rev 09) (prog-if 00 [VGA controller])
Subsystem: Lenovo Device [17aa:21da]
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+
Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0
Interrupt: pin A routed to IRQ 51
Region 0: Memory at f0000000 (64-bit, non-prefetchable) [size=4M]
Region 2: Memory at e0000000 (64-bit, prefetchable) [size=256M]
Region 4: I/O ports at 5000 [size=64]
Expansion ROM at <unassigned> [disabled]
Capabilities: <access denied>
Kernel driver in use: i915

00:16.0 Communication controller [0780]: Intel Corporation 6 Series/C200 Series Chipset Family MEI Controller #1 [8086:1c3a] (rev 04)
Subsystem: Lenovo Device [17aa:21da]
Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx+
Latency: 0
Interrupt: pin A routed to IRQ 11
Region 0: Memory at f2625000 (64-bit, non-prefetchable) [size=16]
Capabilities: <access denied>

00:16.3 Serial controller [0700]: Intel Corporation 6 Series/C200 Series Chipset Family KT Controller [8086:1c3d] (rev 04) (prog-if 02 [16550])
Subsystem: Lenovo Device [17aa:21da]
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
Status: Cap+ 66MHz+ UDF- FastB2B+ ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0
Interrupt: pin B routed to IRQ 19
Region 0: I/O ports at 50b0 [size=8]
Region 1: Memory at f262c000 (32-bit, non-prefetchable) [size=4K]
Capabilities: <access denied>
Kernel driver in use: serial

00:19.0 Ethernet controller [0200]: Intel Corporation 82579LM Gigabit Network Connection [8086:1502] (rev 04)
Subsystem: Lenovo Device [17aa:21ce]
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0
Interrupt: pin A routed to IRQ 42
Region 0: Memory at f2600000 (32-bit, non-prefetchable) [size=128K]
Region 1: Memory at f262b000 (32-bit, non-prefetchable) [size=4K]
Region 2: I/O ports at 5080 [size=32]
Capabilities: <access denied>
Kernel driver in use: e1000e

00:1a.0 USB controller [0c03]: Intel Corporation 6 Series/C200 Series Chipset Family USB Enhanced Host Controller #2 [8086:1c2d] (rev 04) (prog-if 20 [EHCI])
Subsystem: Lenovo Device [17aa:21da]
Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0
Interrupt: pin A routed to IRQ 16
Region 0: Memory at f262a000 (32-bit, non-prefetchable) [size=1K]
Capabilities: <access denied>
Kernel driver in use: ehci_hcd

00:1b.0 Audio device [0403]: Intel Corporation 6 Series/C200 Series Chipset Family High Definition Audio Controller [8086:1c20] (rev 04)
Subsystem: Lenovo Device [17aa:21da]
Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0, Cache Line Size: 64 bytes
Interrupt: pin A routed to IRQ 50
Region 0: Memory at f2620000 (64-bit, non-prefetchable) [size=16K]
Capabilities: <access denied>
Kernel driver in use: snd_hda_intel

00:1c.0 PCI bridge [0604]: Intel Corporation 6 Series/C200 Series Chipset Family PCI Express Root Port 1 [8086:1c10] (rev b4) (prog-if 00 [Normal decode])
Control: I/O- Mem- BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0, Cache Line Size: 64 bytes
Bus: primary=00, secondary=02, subordinate=02, sec-latency=0
Secondary status: 66MHz- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort+ <SERR- <PERR-
BridgeCtl: Parity- SERR- NoISA- VGA- MAbort- >Reset- FastB2B-
PriDiscTmr- SecDiscTmr- DiscTmrStat- DiscTmrSERREn-
Capabilities: <access denied>
Kernel driver in use: pcieport

00:1c.1 PCI bridge [0604]: Intel Corporation 6 Series/C200 Series Chipset Family PCI Express Root Port 2 [8086:1c12] (rev b4) (prog-if 00 [Normal decode])
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0, Cache Line Size: 64 bytes
Bus: primary=00, secondary=03, subordinate=03, sec-latency=0
Memory behind bridge: f2500000-f25fffff
Secondary status: 66MHz- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort+ <SERR- <PERR-
BridgeCtl: Parity- SERR- NoISA- VGA- MAbort- >Reset- FastB2B-
PriDiscTmr- SecDiscTmr- DiscTmrStat- DiscTmrSERREn-
Capabilities: <access denied>
Kernel driver in use: pcieport

00:1c.3 PCI bridge [0604]: Intel Corporation 6 Series/C200 Series Chipset Family PCI Express Root Port 4 [8086:1c16] (rev b4) (prog-if 00 [Normal decode])
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0, Cache Line Size: 64 bytes
Bus: primary=00, secondary=05, subordinate=0c, sec-latency=0
I/O behind bridge: 00004000-00004fff
Memory behind bridge: f1d00000-f24fffff
Prefetchable memory behind bridge: 00000000f0400000-00000000f0bfffff
Secondary status: 66MHz- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- <SERR- <PERR-
BridgeCtl: Parity- SERR- NoISA- VGA- MAbort- >Reset- FastB2B-
PriDiscTmr- SecDiscTmr- DiscTmrStat- DiscTmrSERREn-
Capabilities: <access denied>
Kernel driver in use: pcieport

00:1c.4 PCI bridge [0604]: Intel Corporation 6 Series/C200 Series Chipset Family PCI Express Root Port 5 [8086:1c18] (rev b4) (prog-if 00 [Normal decode])
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0, Cache Line Size: 64 bytes
Bus: primary=00, secondary=0d, subordinate=0d, sec-latency=0
I/O behind bridge: 00003000-00003fff
Memory behind bridge: f1500000-f1cfffff
Prefetchable memory behind bridge: 00000000f0c00000-00000000f13fffff
Secondary status: 66MHz- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- <SERR- <PERR-
BridgeCtl: Parity- SERR- NoISA- VGA- MAbort- >Reset- FastB2B-
PriDiscTmr- SecDiscTmr- DiscTmrStat- DiscTmrSERREn-
Capabilities: <access denied>
Kernel driver in use: pcieport

00:1c.6 PCI bridge [0604]: Intel Corporation 6 Series/C200 Series Chipset Family PCI Express Root Port 7 [8086:1c1c] (rev b4) (prog-if 00 [Normal decode])
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0, Cache Line Size: 64 bytes
Bus: primary=00, secondary=0e, subordinate=0e, sec-latency=0
Memory behind bridge: f1400000-f14fffff
Secondary status: 66MHz- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort+ <SERR- <PERR-
BridgeCtl: Parity- SERR- NoISA- VGA- MAbort- >Reset- FastB2B-
PriDiscTmr- SecDiscTmr- DiscTmrStat- DiscTmrSERREn-
Capabilities: <access denied>
Kernel driver in use: pcieport

00:1d.0 USB controller [0c03]: Intel Corporation 6 Series/C200 Series Chipset Family USB Enhanced Host Controller #1 [8086:1c26] (rev 04) (prog-if 20 [EHCI])
Subsystem: Lenovo Device [17aa:21da]
Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0
Interrupt: pin A routed to IRQ 23
Region 0: Memory at f2629000 (32-bit, non-prefetchable) [size=1K]
Capabilities: <access denied>
Kernel driver in use: ehci_hcd

00:1f.0 ISA bridge [0601]: Intel Corporation QM67 Express Chipset Family LPC Controller [8086:1c4f] (rev 04)
Subsystem: Lenovo Device [17aa:21da]
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0
Capabilities: <access denied>

00:1f.2 SATA controller [0106]: Intel Corporation 6 Series/C200 Series Chipset Family 6 port SATA AHCI Controller [8086:1c03] (rev 04) (prog-if 01 [AHCI 1.0])
Subsystem: Lenovo Device [17aa:21da]
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+
Status: Cap+ 66MHz+ UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0
Interrupt: pin B routed to IRQ 48
Region 0: I/O ports at 50a8 [size=8]
Region 1: I/O ports at 50bc [size=4]
Region 2: I/O ports at 50a0 [size=8]
Region 3: I/O ports at 50b8 [size=4]
Region 4: I/O ports at 5060 [size=32]
Region 5: Memory at f2628000 (32-bit, non-prefetchable) [size=2K]
Capabilities: <access denied>
Kernel driver in use: ahci

00:1f.3 SMBus [0c05]: Intel Corporation 6 Series/C200 Series Chipset Family SMBus Controller [8086:1c22] (rev 04)
Subsystem: Lenovo Device [17aa:21da]
Control: I/O+ Mem+ BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
Status: Cap- 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Interrupt: pin C routed to IRQ 18
Region 0: Memory at f2624000 (64-bit, non-prefetchable) [size=256]
Region 4: I/O ports at efa0 [size=32]
Kernel driver in use: i801_smbus

03:00.0 Network controller [0280]: Intel Corporation Centrino Advanced-N 6205 [8086:0085] (rev 34)
Subsystem: Intel Corporation Centrino Advanced-N 6205 AGN [8086:1311]
Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0, Cache Line Size: 64 bytes
Interrupt: pin A routed to IRQ 49
Region 0: Memory at f2500000 (64-bit, non-prefetchable) [size=8K]
Capabilities: <access denied>
Kernel driver in use: iwlwifi

0d:00.0 System peripheral [0880]: Ricoh Co Ltd MMC/SD Host Controller [1180:e822] (rev 07) (prog-if 01)
Subsystem: Lenovo Device [17aa:21da]
Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0, Cache Line Size: 64 bytes
Interrupt: pin A routed to IRQ 16
Region 0: Memory at f1500000 (32-bit, non-prefetchable) [size=256]
Capabilities: <access denied>
Kernel driver in use: sdhci-pci

0e:00.0 USB controller [0c03]: NEC Corporation uPD720200 USB 3.0 Host Controller [1033:0194] (rev 04) (prog-if 30 [XHCI])
Subsystem: Lenovo Device [17aa:21da]
Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0, Cache Line Size: 64 bytes
Interrupt: pin A routed to IRQ 18
Region 0: Memory at f1400000 (64-bit, non-prefetchable) [size=8K]
Capabilities: <access denied>
Kernel driver in use: xhci_hcd


** USB devices:
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 004 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 003 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub
Bus 004 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub
Bus 003 Device 003: ID 147e:2016 Upek Biometric Touchchip/Touchstrip Fingerprint Sensor
Bus 003 Device 004: ID 0a5c:217f Broadcom Corp. Bluetooth Controller
Bus 003 Device 005: ID 04f2:b217 Chicony Electronics Co., Ltd Lenovo Integrated Camera (0.3MP)
Bus 004 Device 003: ID 0bdb:1911 Ericsson Business Mobile Networks BV
Bus 004 Device 004: ID 08e6:34ec Gemplus


-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (700, 'testing'), (600, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages linux-image-3.2.0-3-amd64 depends on:
ii debconf [debconf-2.0] 1.5.46
ii initramfs-tools [linux-initramfs-tool] 0.108
ii kmod 9-2
ii linux-base 3.5
ii module-init-tools 9-2

Versions of packages linux-image-3.2.0-3-amd64 recommends:
ii firmware-linux-free 3.1

Versions of packages linux-image-3.2.0-3-amd64 suggests:
pn debian-kernel-handbook <none>
ii extlinux 2:4.05+dfsg-6
ii grub-pc 1.99-23
pn linux-doc-3.2 <none>

Versions of packages linux-image-3.2.0-3-amd64 is related to:
pn firmware-atheros <none>
pn firmware-bnx2 <none>
pn firmware-bnx2x <none>
pn firmware-brcm80211 <none>
ii firmware-intelwimax 0.36
ii firmware-ipw2x00 0.36
pn firmware-ivtv <none>
ii firmware-iwlwifi 0.36
pn firmware-libertas <none>
pn firmware-linux <none>
ii firmware-linux-nonfree 0.36
pn firmware-myricom <none>
pn firmware-netxen <none>
pn firmware-qlogic <none>
pn firmware-ralink <none>
pn firmware-realtek <none>
pn xen-hypervisor <none>

-- debconf information:
linux-image-3.2.0-3-amd64/postinst/depmod-error-initrd-3.2.0-3-amd64: false
linux-image-3.2.0-3-amd64/prerm/removing-running-kernel-3.2.0-3-amd64: true
linux-image-3.2.0-3-amd64/postinst/ignoring-ramdisk:
linux-image-3.2.0-3-amd64/postinst/missing-firmware-3.2.0-3-amd64:


--
To UNSUBSCRIBE, email to debian-kernel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/20121009173522.5563.81022.reportbug@klapprechner

tags 690071 + upstream patch moreinfo
quit

Hi Sebastian,

Sebastian Heinlein wrote:

> After a running into a full disk event with my ecrypts encrypted home directory
[...]
> I see a lot of random broken files on my system:
[...]
> https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/957843

Please test the attached patches against a 3.2.y kernel, for example
using the following instructions:

0. prerequisites

apt-get install git build-essential

1. get the kernel history, if you don't already have it

git clone
git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

2. fetch point releases

cd linux
git remote add stable
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git
git fetch stable

3. configure, build, test

git checkout stable/linux-3.2.y
cp /boot/config-$(uname -r) .config; # current configuration
scripts/config --disable DEBUG_INFO
make localmodconfig; # optional: minimize configuration
make deb-pkg; # optionally with -j<num> for parallel build
dpkg -i ../<name of package>; # as root
reboot
... test test test ...

Hopefully it reproduces the bug, so

4. try the patches

cd linux
git am -3sc $(ls -1 /path/to/patches/0*)
make deb-pkg; # maybe with -j4
dpkg -i ../<name of package>; # as root
reboot
... test test test ...

Hope that helps,
Jonathan
From: Tyler Hicks <tyhicks@canonical.com>
Date: Tue, 22 May 2012 15:09:50 -0500
Subject: eCryptfs: Unlink lower inode when ecryptfs_create() fails

commit 8bc2d3cf612994a960c2e8eaea37f6676f67082a upstream.

ecryptfs_create() creates a lower inode, allocates an eCryptfs inode,
initializes the eCryptfs inode and cryptographic metadata attached to
the inode, and then writes the metadata to the header of the file.

If an error was to occur after the lower inode was created, an empty
lower file would be left in the lower filesystem. This is a problem
because ecryptfs_open() refuses to open any lower files which do not
have the appropriate metadata in the file header.

This patch properly unlinks the lower inode when an error occurs in the
later stages of ecryptfs_create(), reducing the chance that an empty
lower file will be left in the lower filesystem.

https://launchpad.net/bugs/872905

Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Cc: John Johansen <john.johansen@canonical.com>
Cc: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
---
fs/ecryptfs/inode.c | 55 ++++++++++++++++++++++++++++++---------------------
1 file changed, 32 insertions(+), 23 deletions(-)

diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c
index 7c7556b4e56f..c393c04f37ce 100644
--- a/fs/ecryptfs/inode.c
+++ b/fs/ecryptfs/inode.c
@@ -143,6 +143,31 @@ static int ecryptfs_interpose(struct dentry *lower_dentry,
return 0;
}

+static int ecryptfs_do_unlink(struct inode *dir, struct dentry *dentry,
+ struct inode *inode)
+{
+ struct dentry *lower_dentry = ecryptfs_dentry_to_lower(dentry);
+ struct inode *lower_dir_inode = ecryptfs_inode_to_lower(dir);
+ struct dentry *lower_dir_dentry;
+ int rc;
+
+ dget(lower_dentry);
+ lower_dir_dentry = lock_parent(lower_dentry);
+ rc = vfs_unlink(lower_dir_inode, lower_dentry);
+ if (rc) {
+ printk(KERN_ERR "Error in vfs_unlink; rc = [%d]
", rc);
+ goto out_unlock;
+ }
+ fsstack_copy_attr_times(dir, lower_dir_inode);
+ set_nlink(inode, ecryptfs_inode_to_lower(inode)->i_nlink);
+ inode->i_ctime = dir->i_ctime;
+ d_drop(dentry);
+out_unlock:
+ unlock_dir(lower_dir_dentry);
+ dput(lower_dentry);
+ return rc;
+}
+
/**
* ecryptfs_create_underlying_file
* @lower_dir_inode: inode of the parent in the lower fs of the new file
@@ -201,8 +226,10 @@ ecryptfs_do_create(struct inode *directory_inode,
}
inode = __ecryptfs_get_inode(lower_dentry->d_inode,
directory_inode->i_sb);
- if (IS_ERR(inode))
+ if (IS_ERR(inode)) {
+ vfs_unlink(lower_dir_dentry->d_inode, lower_dentry);
goto out_lock;
+ }
fsstack_copy_attr_times(directory_inode, lower_dir_dentry->d_inode);
fsstack_copy_inode_size(directory_inode, lower_dir_dentry->d_inode);
out_lock:
@@ -284,7 +311,9 @@ ecryptfs_create(struct inode *directory_inode, struct dentry *ecryptfs_dentry,
* that this on disk file is prepared to be an ecryptfs file */
rc = ecryptfs_initialize_file(ecryptfs_dentry, ecryptfs_inode);
if (rc) {
- drop_nlink(ecryptfs_inode);
+ ecryptfs_do_unlink(directory_inode, ecryptfs_dentry,
+ ecryptfs_inode);
+ make_bad_inode(ecryptfs_inode);
unlock_new_inode(ecryptfs_inode);
iput(ecryptfs_inode);
goto out;
@@ -496,27 +525,7 @@ out_lock:

static int ecryptfs_unlink(struct inode *dir, struct dentry *dentry)
{
- int rc = 0;
- struct dentry *lower_dentry = ecryptfs_dentry_to_lower(dentry);
- struct inode *lower_dir_inode = ecryptfs_inode_to_lower(dir);
- struct dentry *lower_dir_dentry;
-
- dget(lower_dentry);
- lower_dir_dentry = lock_parent(lower_dentry);
- rc = vfs_unlink(lower_dir_inode, lower_dentry);
- if (rc) {
- printk(KERN_ERR "Error in vfs_unlink; rc = [%d]
", rc);
- goto out_unlock;
- }
- fsstack_copy_attr_times(dir, lower_dir_inode);
- set_nlink(dentry->d_inode,
- ecryptfs_inode_to_lower(dentry->d_inode)->i_nlink);
- dentry->d_inode->i_ctime = dir->i_ctime;
- d_drop(dentry);
-out_unlock:
- unlock_dir(lower_dir_dentry);
- dput(lower_dentry);
- return rc;
+ return ecryptfs_do_unlink(dir, dentry, dentry->d_inode);
}

static int ecryptfs_symlink(struct inode *dir, struct dentry *dentry,
--
1.7.10.4

From: Tyler Hicks <tyhicks@canonical.com>
Date: Wed, 20 Jun 2012 23:50:59 -0700
Subject: eCryptfs: Initialize empty lower files when opening them

commit e3ccaa9761200952cc269b1f4b7d7bb77a5e071b upstream.

Historically, eCryptfs has only initialized lower files in the
ecryptfs_create() path. Lower file initialization is the act of writing
the cryptographic metadata from the inode's crypt_stat to the header of
the file. The ecryptfs_open() path already expects that metadata to be
in the header of the file.

A number of users have reported empty lower files in beneath their
eCryptfs mounts. Most of the causes for those empty files being left
around have been addressed, but the presence of empty files causes
problems due to the lack of proper cryptographic metadata.

To transparently solve this problem, this patch initializes empty lower
files in the ecryptfs_open() error path. If the metadata is unreadable
due to the lower inode size being 0, plaintext passthrough support is
not in use, and the metadata is stored in the header of the file (as
opposed to the user.ecryptfs extended attribute), the lower file will be
initialized.

The number of nested conditionals in ecryptfs_open() was getting out of
hand, so a helper function was created. To avoid the same nested
conditional problem, the conditional logic was reversed inside of the
helper function.

https://launchpad.net/bugs/911507

Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Cc: John Johansen <john.johansen@canonical.com>
Cc: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
---
fs/ecryptfs/ecryptfs_kernel.h | 2 ++
fs/ecryptfs/file.c | 71 ++++++++++++++++++++++++++---------------
fs/ecryptfs/inode.c | 4 +--
3 files changed, 49 insertions(+), 28 deletions(-)

diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h
index a9f29b12fbf2..2262a77872cf 100644
--- a/fs/ecryptfs/ecryptfs_kernel.h
+++ b/fs/ecryptfs/ecryptfs_kernel.h
@@ -559,6 +559,8 @@ struct ecryptfs_open_req {
struct inode *ecryptfs_get_inode(struct inode *lower_inode,
struct super_block *sb);
void ecryptfs_i_size_init(const char *page_virt, struct inode *inode);
+int ecryptfs_initialize_file(struct dentry *ecryptfs_dentry,
+ struct inode *ecryptfs_inode);
int ecryptfs_decode_and_decrypt_filename(char **decrypted_name,
size_t *decrypted_name_size,
struct dentry *ecryptfs_dentry,
diff --git a/fs/ecryptfs/file.c b/fs/ecryptfs/file.c
index d3f95f941c47..ae56a50a5a3d 100644
--- a/fs/ecryptfs/file.c
+++ b/fs/ecryptfs/file.c
@@ -162,6 +162,48 @@ static int ecryptfs_file_mmap(struct file *file, struct vm_area_struct *vma)

struct kmem_cache *ecryptfs_file_info_cache;

+static int read_or_initialize_metadata(struct dentry *dentry)
+{
+ struct inode *inode = dentry->d_inode;
+ struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
+ struct ecryptfs_crypt_stat *crypt_stat;
+ int rc;
+
+ crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat;
+ mount_crypt_stat = &ecryptfs_superblock_to_private(
+ inode->i_sb)->mount_crypt_stat;
+ mutex_lock(&crypt_stat->cs_mutex);
+
+ if (crypt_stat->flags & ECRYPTFS_POLICY_APPLIED &&
+ crypt_stat->flags & ECRYPTFS_KEY_VALID) {
+ rc = 0;
+ goto out;
+ }
+
+ rc = ecryptfs_read_metadata(dentry);
+ if (!rc)
+ goto out;
+
+ if (mount_crypt_stat->flags & ECRYPTFS_PLAINTEXT_PASSTHROUGH_ENABLED) {
+ crypt_stat->flags &= ~(ECRYPTFS_I_SIZE_INITIALIZED
+ | ECRYPTFS_ENCRYPTED);
+ rc = 0;
+ goto out;
+ }
+
+ if (!(mount_crypt_stat->flags & ECRYPTFS_XATTR_METADATA_ENABLED) &&
+ !i_size_read(ecryptfs_inode_to_lower(inode))) {
+ rc = ecryptfs_initialize_file(dentry, inode);
+ if (!rc)
+ goto out;
+ }
+
+ rc = -EIO;
+out:
+ mutex_unlock(&crypt_stat->cs_mutex);
+ return rc;
+}
+
/**
* ecryptfs_open
* @inode: inode speciying file to open
@@ -237,32 +279,9 @@ static int ecryptfs_open(struct inode *inode, struct file *file)
rc = 0;
goto out;
}
- mutex_lock(&crypt_stat->cs_mutex);
- if (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED)
- || !(crypt_stat->flags & ECRYPTFS_KEY_VALID)) {
- rc = ecryptfs_read_metadata(ecryptfs_dentry);
- if (rc) {
- ecryptfs_printk(KERN_DEBUG,
- "Valid headers not found
");
- if (!(mount_crypt_stat->flags
- & ECRYPTFS_PLAINTEXT_PASSTHROUGH_ENABLED)) {
- rc = -EIO;
- printk(KERN_WARNING "Either the lower file "
- "is not in a valid eCryptfs format, "
- "or the key could not be retrieved. "
- "Plaintext passthrough mode is not "
- "enabled; returning -EIO
");
- mutex_unlock(&crypt_stat->cs_mutex);
- goto out_put;
- }
- rc = 0;
- crypt_stat->flags &= ~(ECRYPTFS_I_SIZE_INITIALIZED
- | ECRYPTFS_ENCRYPTED);
- mutex_unlock(&crypt_stat->cs_mutex);
- goto out;
- }
- }
- mutex_unlock(&crypt_stat->cs_mutex);
+ rc = read_or_initialize_metadata(ecryptfs_dentry);
+ if (rc)
+ goto out_put;
ecryptfs_printk(KERN_DEBUG, "inode w/ addr = [0x%p], i_ino = "
"[0x%.16lx] size: [0x%.16llx]
", inode, inode->i_ino,
(unsigned long long)i_size_read(inode));
diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c
index c393c04f37ce..2e6e3dfad0aa 100644
--- a/fs/ecryptfs/inode.c
+++ b/fs/ecryptfs/inode.c
@@ -246,8 +246,8 @@ out:
*
* Returns zero on success
*/
-static int ecryptfs_initialize_file(struct dentry *ecryptfs_dentry,
- struct inode *ecryptfs_inode)
+int ecryptfs_initialize_file(struct dentry *ecryptfs_dentry,
+ struct inode *ecryptfs_inode)
{
struct ecryptfs_crypt_stat *crypt_stat =
&ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat;
--
1.7.10.4

From: Tyler Hicks <tyhicks@canonical.com>
Date: Tue, 3 Jul 2012 16:50:57 -0700
Subject: eCryptfs: Revert to a writethrough cache model

commit 821f7494a77627fb1ab539591c57b22cdca702d6 upstream.

A change was made about a year ago to get eCryptfs to better utilize its
page cache during writes. The idea was to do the page encryption
operations during page writeback, rather than doing them when initially
writing into the page cache, to reduce the number of page encryption
operations during sequential writes. This meant that the encrypted page
would only be written to the lower filesystem during page writeback,
which was a change from how eCryptfs had previously wrote to the lower
filesystem in ecryptfs_write_end().

The change caused a few eCryptfs-internal bugs that were shook out.
Unfortunately, more grave side effects have been identified that will
force changes outside of eCryptfs. Because the lower filesystem isn't
consulted until page writeback, eCryptfs has no way to pass lower write
errors (ENOSPC, mainly) back to userspace. Additionaly, it was reported
that quotas could be bypassed because of the way eCryptfs may sometimes
open the lower filesystem using a privileged kthread.

It would be nice to resolve the latest issues, but it is best if the
eCryptfs commits be reverted to the old behavior in the meantime.

This reverts:
32001d6f "eCryptfs: Flush file in vma close"
5be79de2 "eCryptfs: Flush dirty pages in setattr"
57db4e8d "ecryptfs: modify write path to encrypt page in writepage"

Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Tested-by: Colin King <colin.king@canonical.com>
Cc: Colin King <colin.king@canonical.com>
Cc: Thieu Le <thieule@google.com>
Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
---
fs/ecryptfs/file.c | 33 ++-------------------------------
fs/ecryptfs/inode.c | 6 ------
fs/ecryptfs/mmap.c | 39 +++++++++++++--------------------------
3 files changed, 15 insertions(+), 63 deletions(-)

diff --git a/fs/ecryptfs/file.c b/fs/ecryptfs/file.c
index ae56a50a5a3d..0747a43e0c17 100644
--- a/fs/ecryptfs/file.c
+++ b/fs/ecryptfs/file.c
@@ -139,27 +139,6 @@ out:
return rc;
}

-static void ecryptfs_vma_close(struct vm_area_struct *vma)
-{
- filemap_write_and_wait(vma->vm_file->f_mapping);
-}
-
-static const struct vm_operations_struct ecryptfs_file_vm_ops = {
- .close = ecryptfs_vma_close,
- .fault = filemap_fault,
-};
-
-static int ecryptfs_file_mmap(struct file *file, struct vm_area_struct *vma)
-{
- int rc;
-
- rc = generic_file_mmap(file, vma);
- if (!rc)
- vma->vm_ops = &ecryptfs_file_vm_ops;
-
- return rc;
-}
-
struct kmem_cache *ecryptfs_file_info_cache;

static int read_or_initialize_metadata(struct dentry *dentry)
@@ -312,15 +291,7 @@ static int ecryptfs_release(struct inode *inode, struct file *file)
static int
ecryptfs_fsync(struct file *file, loff_t start, loff_t end, int datasync)
{
- int rc = 0;
-
- rc = generic_file_fsync(file, start, end, datasync);
- if (rc)
- goto out;
- rc = vfs_fsync_range(ecryptfs_file_to_lower(file), start, end,
- datasync);
-out:
- return rc;
+ return vfs_fsync(ecryptfs_file_to_lower(file), datasync);
}

static int ecryptfs_fasync(int fd, struct file *file, int flag)
@@ -389,7 +360,7 @@ const struct file_operations ecryptfs_main_fops = {
#ifdef CONFIG_COMPAT
.compat_ioctl = ecryptfs_compat_ioctl,
#endif
- .mmap = ecryptfs_file_mmap,
+ .mmap = generic_file_mmap,
.open = ecryptfs_open,
.flush = ecryptfs_flush,
.release = ecryptfs_release,
diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c
index 2e6e3dfad0aa..1b01323e6196 100644
--- a/fs/ecryptfs/inode.c
+++ b/fs/ecryptfs/inode.c
@@ -1035,12 +1035,6 @@ static int ecryptfs_setattr(struct dentry *dentry, struct iattr *ia)
goto out;
}

- if (S_ISREG(inode->i_mode)) {
- rc = filemap_write_and_wait(inode->i_mapping);
- if (rc)
- goto out;
- fsstack_copy_attr_all(inode, lower_inode);
- }
memcpy(&lower_ia, ia, sizeof(lower_ia));
if (ia->ia_valid & ATTR_FILE)
lower_ia.ia_file = ecryptfs_file_to_lower(ia->ia_file);
diff --git a/fs/ecryptfs/mmap.c b/fs/ecryptfs/mmap.c
index 6a44148c5fb9..93a998a21374 100644
--- a/fs/ecryptfs/mmap.c
+++ b/fs/ecryptfs/mmap.c
@@ -62,18 +62,6 @@ static int ecryptfs_writepage(struct page *page, struct writeback_control *wbc)
{
int rc;

- /*
- * Refuse to write the page out if we are called from reclaim context
- * since our writepage() path may potentially allocate memory when
- * calling into the lower fs vfs_write() which may in turn invoke
- * us again.
- */
- if (current->flags & PF_MEMALLOC) {
- redirty_page_for_writepage(wbc, page);
- rc = 0;
- goto out;
- }
-
rc = ecryptfs_encrypt_page(page);
if (rc) {
ecryptfs_printk(KERN_WARNING, "Error encrypting "
@@ -498,7 +486,6 @@ static int ecryptfs_write_end(struct file *file,
struct ecryptfs_crypt_stat *crypt_stat =
&ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat;
int rc;
- int need_unlock_page = 1;

ecryptfs_printk(KERN_DEBUG, "Calling fill_zeros_to_end_of_page"
"(page w/ index = [0x%.16lx], to = [%d])
", index, to);
@@ -519,26 +506,26 @@ static int ecryptfs_write_end(struct file *file,
"zeros in page with index = [0x%.16lx]
", index);
goto out;
}
- set_page_dirty(page);
- unlock_page(page);
- need_unlock_page = 0;
+ rc = ecryptfs_encrypt_page(page);
+ if (rc) {
+ ecryptfs_printk(KERN_WARNING, "Error encrypting page (upper "
+ "index [0x%.16lx])
", index);
+ goto out;
+ }
if (pos + copied > i_size_read(ecryptfs_inode)) {
i_size_write(ecryptfs_inode, pos + copied);
ecryptfs_printk(KERN_DEBUG, "Expanded file size to "
"[0x%.16llx]
",
(unsigned long long)i_size_read(ecryptfs_inode));
- balance_dirty_pages_ratelimited(mapping);
- rc = ecryptfs_write_inode_size_to_metadata(ecryptfs_ino de);
- if (rc) {
- printk(KERN_ERR "Error writing inode size to metadata; "
- "rc = [%d]
", rc);
- goto out;
- }
}
- rc = copied;
+ rc = ecryptfs_write_inode_size_to_metadata(ecryptfs_ino de);
+ if (rc)
+ printk(KERN_ERR "Error writing inode size to metadata; "
+ "rc = [%d]
", rc);
+ else
+ rc = copied;
out:
- if (need_unlock_page)
- unlock_page(page);
+ unlock_page(page);
page_cache_release(page);
return rc;
}
--
1.7.10.4

I had a short conversation with one of the upstream developers, Tyler
Hicks. It seems that there are still two other patches required:
"For completeness, I wanted to point out two more patches which should
be added to the list I gave in comment 20. 821f749 introduced a
regression and these two patches are needed to fix the regression:

64e6651 eCryptfs: Call lower ->flush() from ecryptfs_flush()
7149f25 eCryptfs: Write out all dirty pages just before releasing the
lower file

Actually, 7149f25 is the only one required but I recommend 64e6651, as
well."

https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/957843/comments/22


The IRC chat:
<glatzor> tyhicks, hello
<tyhicks> glatzor: Hi
* mwhudson hat die Verbindung getrennt (Ping timeout: 246 seconds)
<glatzor> tyhicks, I run an ecryptfs protected home dir on my debian
wheezy system and run into the corrupted files on disk full error
<glatzor> tyhicks, see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=
+%09690071
* dholbach hat die Verbindung getrennt (Read error: Connection reset by
peer)
<glatzor> tyhicks, you mentioned that some patches to fix this problem
have been applied in ubuntu. but I still get the problem with the
patches applied
<glatzor> tyhicks, are there any further patches missing?
* dholbach (~daniel@ubuntu/member/dholbach) hat #ubuntu-devel betreten
<tyhicks> glatzor: You applied the 3 patches mentioned at the bottom of
that bug?
<glatzor> tyhicks, right.
<glatzor> tyhicks, with the applied patches the command to fill up the
disk failed correctly by a disk full error. I used dd if=/dev/zero
of=disk-full bs=1M
<glatzor> tyhicks, but without the patches the dd command tries to write
for ever
* babyface__ hat die Verbindung getrennt (Quit: Ex-Chat)
<tyhicks> glatzor: With the patches applied, it sounds like things are
working correctly. Why do you think there is still a problem?
* TJ- (tj@yes.iam.tj) hat #ubuntu-devel betreten
* mvo hat die Verbindung getrennt (Quit: Ex-Chat)
<glatzor> tyhicks, because I still get files of zero size in
$HOME/.Private/ that cause problems
* mvo (~egon@p5B09B69A.dip.t-dialin.net) hat #ubuntu-devel betreten
* tsdgeos hat die Verbindung getrennt (Remote host closed the
connection)
<tyhicks> glatzor: FYI, see
https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/957843/comments/22
<ubottu> Launchpad bug 957843 in eCryptfs "files in eCryptFS Private
directory get corrupted" [High,Fix released]
<yhicks> glatzor: Those two extra patches don't fix the problem that
you're seeing, but they're needed if you carry the other three patches
<glatzor> tyhicks, Is it ok if I add this conversation to the bug? I
will try with the other two patches
<tyhicks> glatzor: Sure
<tyhicks> glatzor: I'm going to have to step away shortly. If you're
sure that you're still seing zero length files, please file an upstream
eCryptfs bug at https://bugs.launchpad.net/ecryptfs/+filebug and I'll
take a look at it tomorrow.


Am Dienstag, den 09.10.2012, 12:33 -0700 schrieb Jonathan Nieder:
> tags 690071 + upstream patch moreinfo
> quit
>
> Hi Sebastian,
>
> Sebastian Heinlein wrote:
>
> > After a running into a full disk event with my ecrypts encrypted home directory
> [...]
> > I see a lot of random broken files on my system:
> [...]
> > https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/957843
>
> Please test the attached patches against a 3.2.y kernel, for example
> using the following instructions:
>
> 0. prerequisites
>
> apt-get install git build-essential
>
> 1. get the kernel history, if you don't already have it
>
> git clone
> git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
>
> 2. fetch point releases
>
> cd linux
> git remote add stable
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git
> git fetch stable
>
> 3. configure, build, test
>
> git checkout stable/linux-3.2.y
> cp /boot/config-$(uname -r) .config; # current configuration
> scripts/config --disable DEBUG_INFO
> make localmodconfig; # optional: minimize configuration
> make deb-pkg; # optionally with -j<num> for parallel build
> dpkg -i ../<name of package>; # as root
> reboot
> ... test test test ...
>
> Hopefully it reproduces the bug, so
>
> 4. try the patches
>
> cd linux
> git am -3sc $(ls -1 /path/to/patches/0*)
> make deb-pkg; # maybe with -j4
> dpkg -i ../<name of package>; # as root
> reboot
> ... test test test ...
>
> Hope that helps,
> Jonathan


--
To UNSUBSCRIBE, email to debian-kernel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/1349864504.5016.13.camel@klapprechner

Hello Jonathan und Thyler,

Applying all 5 patches fixed all issues for me.

I don't get any zero sized files anymore with a full disk (find
$HOME/.Private/ -size 0c). I can even login with the user having a full
disk (before often a broken .ICEauthority made this inpossible. I could
not see any data corruptions in applications (Evolution, Iceweasel).

The dd command which fills up the disk also exits correctly.

Thanks

$ dd if=/dev/zero of=disk-full
dd: Schreiben von „disk-full“: Auf dem Gerät ist kein Speicherplatz mehr
verfügbar
6579+0 Datensätze ein
6578+0 Datensätze aus
6898343936 Bytes (6,9 GB) kopiert, 75,1908 s, 91,7 MB/s

I see a lot of errors in dmesg, but these seem to be related to the full
disk write operation:

[ 554.634486] ecryptfs_encrypt_page: Error attempting to write lower
page; rc = [-28]
[ 554.634492] ecryptfs_write_end: Error encrypting page (upper index
[0x0000000000000054])
[ 570.567506] ecryptfs_write_metadata_to_contents: Error attempting to
write header information to lower file; rc = [-28]
[ 570.567517] ecryptfs_write_metadata: Error writing metadata out to
lower file; rc = [-28]
[ 570.567524] Error writing headers; rc = [-28]
[ 580.071153] ecryptfs_write_metadata_to_contents: Error attempting to
write header information to lower file; rc = [-28]
[ 580.071164] ecryptfs_write_metadata: Error writing metadata out to
lower file; rc = [-28]


--
To UNSUBSCRIBE, email to debian-kernel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/1349874250.6874.6.camel@klapprechner

On 2012-10-10 15:04:10, Sebastian Heinlein wrote:
> Applying all 5 patches fixed all issues for me.

Good to hear!

> I see a lot of errors in dmesg, but these seem to be related to the full
> disk write operation:

This is just eCryptfs being too chatty in error situations. This is
expected at the moment, but it is something that needs to be fixed in
the future.

Tyler

tags 690071 - moreinfo
forwarded 690071 http://thread.gmane.org/gmane.comp.file-systems.ecryptfs.general/280
quit

Sebastian Heinlein wrote:

> Applying all 5 patches fixed all issues for me.

Thanks; passed upstream. Hopefully these patches can be included in
kernel.org point releases soon so everyone benefits from them.


--
To UNSUBSCRIBE, email to debian-kernel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/20121010215856.GF4517@elie.Belkin