Doug / smarc-fsl-linux-kernel

Download as
Browse Code ยป

Commit b5695d04634fa4ccca7dcbc05bb4a66522f02e0b

Authored by Roberto Sassu
Committed by Tyler Hicks
1 parent 950983fc04
Exists in master and in 7 other branches imx_3.0.35_4.1.0, imx_3.10.17_1.0.1_ga, imx_3.10.53_1.1.0_ga, imx_3.14.28_1.0.0_ga, smarc-imx_3.10.53_1.1.0_ga, smarc-imx_3.14.28_1.0.0_ga, smarc-l5.0.0_1.0.0-ga

eCryptfs: write lock requested keys 

A requested key is write locked in order to prevent modifications on the
authentication token while it is being used.

Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>

Showing 2 changed files with 23 additions and 7 deletions Side-by-side Diff

fs/ecryptfs/keystore.c
Diff comments   View file @ b5695d0
... ... @@ -516,10 +516,11 @@
516 516 goto out_invalid_auth_tok;
517 517 }
518 518  
  519 + down_write(&(walker->global_auth_tok_key->sem));
519 520 rc = ecryptfs_verify_auth_tok_from_key(
520 521 walker->global_auth_tok_key, auth_tok);
521 522 if (rc)
522   - goto out_invalid_auth_tok;
  523 + goto out_invalid_auth_tok_unlock;
523 524  
524 525 (*auth_tok_key) = walker->global_auth_tok_key;
525 526 key_get(*auth_tok_key);
... ... @@ -527,6 +528,8 @@
527 528 }
528 529 rc = -ENOENT;
529 530 goto out;
  531 +out_invalid_auth_tok_unlock:
  532 + up_write(&(walker->global_auth_tok_key->sem));
530 533 out_invalid_auth_tok:
531 534 printk(KERN_WARNING "Invalidating auth tok with sig = [%s]\n", sig);
532 535 walker->flags |= ECRYPTFS_AUTH_TOK_INVALID;
533 536  
... ... @@ -869,8 +872,10 @@
869 872 out_unlock:
870 873 mutex_unlock(s->tfm_mutex);
871 874 out:
872   - if (auth_tok_key)
  875 + if (auth_tok_key) {
  876 + up_write(&(auth_tok_key->sem));
873 877 key_put(auth_tok_key);
  878 + }
874 879 kfree(s);
875 880 return rc;
876 881 }
877 882  
... ... @@ -1106,8 +1111,10 @@
1106 1111 (*filename_size) = 0;
1107 1112 (*filename) = NULL;
1108 1113 }
1109   - if (auth_tok_key)
  1114 + if (auth_tok_key) {
  1115 + up_write(&(auth_tok_key->sem));
1110 1116 key_put(auth_tok_key);
  1117 + }
1111 1118 kfree(s);
1112 1119 return rc;
1113 1120 }
1114 1121  
... ... @@ -1638,9 +1645,10 @@
1638 1645 (*auth_tok_key) = NULL;
1639 1646 goto out;
1640 1647 }
1641   -
  1648 + down_write(&(*auth_tok_key)->sem);
1642 1649 rc = ecryptfs_verify_auth_tok_from_key(*auth_tok_key, auth_tok);
1643 1650 if (rc) {
  1651 + up_write(&(*auth_tok_key)->sem);
1644 1652 key_put(*auth_tok_key);
1645 1653 (*auth_tok_key) = NULL;
1646 1654 goto out;
... ... @@ -1865,6 +1873,7 @@
1865 1873 find_next_matching_auth_tok:
1866 1874 found_auth_tok = 0;
1867 1875 if (auth_tok_key) {
  1876 + up_write(&(auth_tok_key->sem));
1868 1877 key_put(auth_tok_key);
1869 1878 auth_tok_key = NULL;
1870 1879 }
1871 1880  
... ... @@ -1951,8 +1960,10 @@
1951 1960 out_wipe_list:
1952 1961 wipe_auth_tok_list(&auth_tok_list);
1953 1962 out:
1954   - if (auth_tok_key)
  1963 + if (auth_tok_key) {
  1964 + up_write(&(auth_tok_key->sem));
1955 1965 key_put(auth_tok_key);
  1966 + }
1956 1967 return rc;
1957 1968 }
1958 1969  
... ... @@ -2446,6 +2457,7 @@
2446 2457 rc = -EINVAL;
2447 2458 goto out_free;
2448 2459 }
  2460 + up_write(&(auth_tok_key->sem));
2449 2461 key_put(auth_tok_key);
2450 2462 auth_tok_key = NULL;
2451 2463 }
2452 2464  
... ... @@ -2460,8 +2472,10 @@
2460 2472 out:
2461 2473 if (rc)
2462 2474 (*len) = 0;
2463   - if (auth_tok_key)
  2475 + if (auth_tok_key) {
  2476 + up_write(&(auth_tok_key->sem));
2464 2477 key_put(auth_tok_key);
  2478 + }
2465 2479  
2466 2480 mutex_unlock(&crypt_stat->keysig_list_mutex);
2467 2481 return rc;
... ... @@ -254,8 +254,10 @@
254 254 "option: [%s]\n", global_auth_tok->sig);
255 255 global_auth_tok->flags |= ECRYPTFS_AUTH_TOK_INVALID;
256 256 goto out;
257   - } else
  257 + } else {
258 258 global_auth_tok->flags &= ~ECRYPTFS_AUTH_TOK_INVALID;
  259 + up_write(&(global_auth_tok->global_auth_tok_key)->sem);
  260 + }
259 261 }
260 262 out:
261 263 return rc;