diff options
| author | Dmitry Kasatkin <dmitry.kasatkin@intel.com> | 2011-12-05 06:17:42 -0500 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2011-12-07 18:06:12 -0500 |
| commit | 143b01d33221e4937d3930e6bb2b63d70b7c7a65 (patch) | |
| tree | 5cae452fecfd8b1fb6b0ae1f159929ada81d8b1f /security/integrity | |
| parent | 88d7ed35085184f15a2af3d9e88d775059b2f307 (diff) | |
evm: prevent racing during tfm allocation
There is a small chance of racing during tfm allocation.
This patch fixes it.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Acked-by: Mimi Zohar <zohar@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/integrity')
| -rw-r--r-- | security/integrity/evm/evm_crypto.c | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/security/integrity/evm/evm_crypto.c b/security/integrity/evm/evm_crypto.c index 3b9f5a080e4f..f1d4ad0cea2c 100644 --- a/security/integrity/evm/evm_crypto.c +++ b/security/integrity/evm/evm_crypto.c | |||
| @@ -28,9 +28,11 @@ static int evmkey_len = MAX_KEY_SIZE; | |||
| 28 | struct crypto_shash *hmac_tfm; | 28 | struct crypto_shash *hmac_tfm; |
| 29 | struct crypto_shash *hash_tfm; | 29 | struct crypto_shash *hash_tfm; |
| 30 | 30 | ||
| 31 | static DEFINE_MUTEX(mutex); | ||
| 32 | |||
| 31 | static struct shash_desc *init_desc(const char type) | 33 | static struct shash_desc *init_desc(const char type) |
| 32 | { | 34 | { |
| 33 | int rc; | 35 | long rc; |
| 34 | char *algo; | 36 | char *algo; |
| 35 | struct crypto_shash **tfm; | 37 | struct crypto_shash **tfm; |
| 36 | struct shash_desc *desc; | 38 | struct shash_desc *desc; |
| @@ -44,12 +46,15 @@ static struct shash_desc *init_desc(const char type) | |||
| 44 | } | 46 | } |
| 45 | 47 | ||
| 46 | if (*tfm == NULL) { | 48 | if (*tfm == NULL) { |
| 49 | mutex_lock(&mutex); | ||
| 50 | if (*tfm) | ||
| 51 | goto out; | ||
| 47 | *tfm = crypto_alloc_shash(algo, 0, CRYPTO_ALG_ASYNC); | 52 | *tfm = crypto_alloc_shash(algo, 0, CRYPTO_ALG_ASYNC); |
| 48 | if (IS_ERR(*tfm)) { | 53 | if (IS_ERR(*tfm)) { |
| 49 | pr_err("Can not allocate %s (reason: %ld)\n", | ||
| 50 | algo, PTR_ERR(*tfm)); | ||
| 51 | rc = PTR_ERR(*tfm); | 54 | rc = PTR_ERR(*tfm); |
| 55 | pr_err("Can not allocate %s (reason: %ld)\n", algo, rc); | ||
| 52 | *tfm = NULL; | 56 | *tfm = NULL; |
| 57 | mutex_unlock(&mutex); | ||
| 53 | return ERR_PTR(rc); | 58 | return ERR_PTR(rc); |
| 54 | } | 59 | } |
| 55 | if (type == EVM_XATTR_HMAC) { | 60 | if (type == EVM_XATTR_HMAC) { |
| @@ -57,9 +62,12 @@ static struct shash_desc *init_desc(const char type) | |||
| 57 | if (rc) { | 62 | if (rc) { |
| 58 | crypto_free_shash(*tfm); | 63 | crypto_free_shash(*tfm); |
| 59 | *tfm = NULL; | 64 | *tfm = NULL; |
| 65 | mutex_unlock(&mutex); | ||
| 60 | return ERR_PTR(rc); | 66 | return ERR_PTR(rc); |
| 61 | } | 67 | } |
| 62 | } | 68 | } |
| 69 | out: | ||
| 70 | mutex_unlock(&mutex); | ||
| 63 | } | 71 | } |
| 64 | 72 | ||
| 65 | desc = kmalloc(sizeof(*desc) + crypto_shash_descsize(*tfm), | 73 | desc = kmalloc(sizeof(*desc) + crypto_shash_descsize(*tfm), |