aboutsummaryrefslogtreecommitdiffstats
path: root/fs/ecryptfs
diff options
context:
space:
mode:
authorRoberto Sassu <roberto.sassu@polito.it>2011-03-21 11:00:54 -0400
committerTyler Hicks <tyhicks@linux.vnet.ibm.com>2011-03-28 02:49:42 -0400
commit950983fc04e02232e0d25717903461578a755ebb (patch)
treee78bd71ecfd12b87237db398116ac2c19082505b /fs/ecryptfs
parent0e1fc5ef470cc1d157005c437a434868d59fead4 (diff)
eCryptfs: move ecryptfs_find_auth_tok_for_sig() call before mutex_lock
The ecryptfs_find_auth_tok_for_sig() call is moved before the mutex_lock(s->tfm_mutex) instruction in order to avoid possible deadlocks that may occur by holding the lock on the two semaphores 'key->sem' and 's->tfm_mutex' in reverse order. Signed-off-by: Roberto Sassu <roberto.sassu@polito.it> Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
Diffstat (limited to 'fs/ecryptfs')
-rw-r--r--fs/ecryptfs/keystore.c38
1 files changed, 19 insertions, 19 deletions
diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c
index 3c4039cc18d1..d95dd505433e 100644
--- a/fs/ecryptfs/keystore.c
+++ b/fs/ecryptfs/keystore.c
@@ -635,6 +635,16 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes,
635 } 635 }
636 s->desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP; 636 s->desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
637 (*packet_size) = 0; 637 (*packet_size) = 0;
638 rc = ecryptfs_find_auth_tok_for_sig(
639 &auth_tok_key,
640 &s->auth_tok, mount_crypt_stat,
641 mount_crypt_stat->global_default_fnek_sig);
642 if (rc) {
643 printk(KERN_ERR "%s: Error attempting to find auth tok for "
644 "fnek sig [%s]; rc = [%d]\n", __func__,
645 mount_crypt_stat->global_default_fnek_sig, rc);
646 goto out;
647 }
638 rc = ecryptfs_get_tfm_and_mutex_for_cipher_name( 648 rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(
639 &s->desc.tfm, 649 &s->desc.tfm,
640 &s->tfm_mutex, mount_crypt_stat->global_default_fn_cipher_name); 650 &s->tfm_mutex, mount_crypt_stat->global_default_fn_cipher_name);
@@ -720,16 +730,6 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes,
720 goto out_free_unlock; 730 goto out_free_unlock;
721 } 731 }
722 dest[s->i++] = s->cipher_code; 732 dest[s->i++] = s->cipher_code;
723 rc = ecryptfs_find_auth_tok_for_sig(
724 &auth_tok_key,
725 &s->auth_tok, mount_crypt_stat,
726 mount_crypt_stat->global_default_fnek_sig);
727 if (rc) {
728 printk(KERN_ERR "%s: Error attempting to find auth tok for "
729 "fnek sig [%s]; rc = [%d]\n", __func__,
730 mount_crypt_stat->global_default_fnek_sig, rc);
731 goto out_free_unlock;
732 }
733 /* TODO: Support other key modules than passphrase for 733 /* TODO: Support other key modules than passphrase for
734 * filename encryption */ 734 * filename encryption */
735 if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) { 735 if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) {
@@ -983,6 +983,15 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size,
983 __func__, s->cipher_code); 983 __func__, s->cipher_code);
984 goto out; 984 goto out;
985 } 985 }
986 rc = ecryptfs_find_auth_tok_for_sig(&auth_tok_key,
987 &s->auth_tok, mount_crypt_stat,
988 s->fnek_sig_hex);
989 if (rc) {
990 printk(KERN_ERR "%s: Error attempting to find auth tok for "
991 "fnek sig [%s]; rc = [%d]\n", __func__, s->fnek_sig_hex,
992 rc);
993 goto out;
994 }
986 rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&s->desc.tfm, 995 rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&s->desc.tfm,
987 &s->tfm_mutex, 996 &s->tfm_mutex,
988 s->cipher_string); 997 s->cipher_string);
@@ -1029,15 +1038,6 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size,
1029 * >= ECRYPTFS_MAX_IV_BYTES. */ 1038 * >= ECRYPTFS_MAX_IV_BYTES. */
1030 memset(s->iv, 0, ECRYPTFS_MAX_IV_BYTES); 1039 memset(s->iv, 0, ECRYPTFS_MAX_IV_BYTES);
1031 s->desc.info = s->iv; 1040 s->desc.info = s->iv;
1032 rc = ecryptfs_find_auth_tok_for_sig(&auth_tok_key,
1033 &s->auth_tok, mount_crypt_stat,
1034 s->fnek_sig_hex);
1035 if (rc) {
1036 printk(KERN_ERR "%s: Error attempting to find auth tok for "
1037 "fnek sig [%s]; rc = [%d]\n", __func__, s->fnek_sig_hex,
1038 rc);
1039 goto out_free_unlock;
1040 }
1041 /* TODO: Support other key modules than passphrase for 1041 /* TODO: Support other key modules than passphrase for
1042 * filename encryption */ 1042 * filename encryption */
1043 if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) { 1043 if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) {