diff options
author | Roberto Sassu <roberto.sassu@polito.it> | 2011-03-21 11:00:54 -0400 |
---|---|---|
committer | Tyler Hicks <tyhicks@linux.vnet.ibm.com> | 2011-03-28 02:49:42 -0400 |
commit | 950983fc04e02232e0d25717903461578a755ebb (patch) | |
tree | e78bd71ecfd12b87237db398116ac2c19082505b /fs/ecryptfs | |
parent | 0e1fc5ef470cc1d157005c437a434868d59fead4 (diff) |
eCryptfs: move ecryptfs_find_auth_tok_for_sig() call before mutex_lock
The ecryptfs_find_auth_tok_for_sig() call is moved before the
mutex_lock(s->tfm_mutex) instruction in order to avoid possible deadlocks
that may occur by holding the lock on the two semaphores 'key->sem' and
's->tfm_mutex' in reverse order.
Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
Diffstat (limited to 'fs/ecryptfs')
-rw-r--r-- | fs/ecryptfs/keystore.c | 38 |
1 files changed, 19 insertions, 19 deletions
diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c index 3c4039cc18d1..d95dd505433e 100644 --- a/fs/ecryptfs/keystore.c +++ b/fs/ecryptfs/keystore.c | |||
@@ -635,6 +635,16 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes, | |||
635 | } | 635 | } |
636 | s->desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP; | 636 | s->desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP; |
637 | (*packet_size) = 0; | 637 | (*packet_size) = 0; |
638 | rc = ecryptfs_find_auth_tok_for_sig( | ||
639 | &auth_tok_key, | ||
640 | &s->auth_tok, mount_crypt_stat, | ||
641 | mount_crypt_stat->global_default_fnek_sig); | ||
642 | if (rc) { | ||
643 | printk(KERN_ERR "%s: Error attempting to find auth tok for " | ||
644 | "fnek sig [%s]; rc = [%d]\n", __func__, | ||
645 | mount_crypt_stat->global_default_fnek_sig, rc); | ||
646 | goto out; | ||
647 | } | ||
638 | rc = ecryptfs_get_tfm_and_mutex_for_cipher_name( | 648 | rc = ecryptfs_get_tfm_and_mutex_for_cipher_name( |
639 | &s->desc.tfm, | 649 | &s->desc.tfm, |
640 | &s->tfm_mutex, mount_crypt_stat->global_default_fn_cipher_name); | 650 | &s->tfm_mutex, mount_crypt_stat->global_default_fn_cipher_name); |
@@ -720,16 +730,6 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes, | |||
720 | goto out_free_unlock; | 730 | goto out_free_unlock; |
721 | } | 731 | } |
722 | dest[s->i++] = s->cipher_code; | 732 | dest[s->i++] = s->cipher_code; |
723 | rc = ecryptfs_find_auth_tok_for_sig( | ||
724 | &auth_tok_key, | ||
725 | &s->auth_tok, mount_crypt_stat, | ||
726 | mount_crypt_stat->global_default_fnek_sig); | ||
727 | if (rc) { | ||
728 | printk(KERN_ERR "%s: Error attempting to find auth tok for " | ||
729 | "fnek sig [%s]; rc = [%d]\n", __func__, | ||
730 | mount_crypt_stat->global_default_fnek_sig, rc); | ||
731 | goto out_free_unlock; | ||
732 | } | ||
733 | /* TODO: Support other key modules than passphrase for | 733 | /* TODO: Support other key modules than passphrase for |
734 | * filename encryption */ | 734 | * filename encryption */ |
735 | if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) { | 735 | if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) { |
@@ -983,6 +983,15 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size, | |||
983 | __func__, s->cipher_code); | 983 | __func__, s->cipher_code); |
984 | goto out; | 984 | goto out; |
985 | } | 985 | } |
986 | rc = ecryptfs_find_auth_tok_for_sig(&auth_tok_key, | ||
987 | &s->auth_tok, mount_crypt_stat, | ||
988 | s->fnek_sig_hex); | ||
989 | if (rc) { | ||
990 | printk(KERN_ERR "%s: Error attempting to find auth tok for " | ||
991 | "fnek sig [%s]; rc = [%d]\n", __func__, s->fnek_sig_hex, | ||
992 | rc); | ||
993 | goto out; | ||
994 | } | ||
986 | rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&s->desc.tfm, | 995 | rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&s->desc.tfm, |
987 | &s->tfm_mutex, | 996 | &s->tfm_mutex, |
988 | s->cipher_string); | 997 | s->cipher_string); |
@@ -1029,15 +1038,6 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size, | |||
1029 | * >= ECRYPTFS_MAX_IV_BYTES. */ | 1038 | * >= ECRYPTFS_MAX_IV_BYTES. */ |
1030 | memset(s->iv, 0, ECRYPTFS_MAX_IV_BYTES); | 1039 | memset(s->iv, 0, ECRYPTFS_MAX_IV_BYTES); |
1031 | s->desc.info = s->iv; | 1040 | s->desc.info = s->iv; |
1032 | rc = ecryptfs_find_auth_tok_for_sig(&auth_tok_key, | ||
1033 | &s->auth_tok, mount_crypt_stat, | ||
1034 | s->fnek_sig_hex); | ||
1035 | if (rc) { | ||
1036 | printk(KERN_ERR "%s: Error attempting to find auth tok for " | ||
1037 | "fnek sig [%s]; rc = [%d]\n", __func__, s->fnek_sig_hex, | ||
1038 | rc); | ||
1039 | goto out_free_unlock; | ||
1040 | } | ||
1041 | /* TODO: Support other key modules than passphrase for | 1041 | /* TODO: Support other key modules than passphrase for |
1042 | * filename encryption */ | 1042 | * filename encryption */ |
1043 | if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) { | 1043 | if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) { |