diff options
| author | Roberto Sassu <roberto.sassu@polito.it> | 2011-03-21 11:00:54 -0400 |
|---|---|---|
| committer | Tyler Hicks <tyhicks@linux.vnet.ibm.com> | 2011-03-28 02:49:42 -0400 |
| commit | 950983fc04e02232e0d25717903461578a755ebb (patch) | |
| tree | e78bd71ecfd12b87237db398116ac2c19082505b /fs | |
| parent | 0e1fc5ef470cc1d157005c437a434868d59fead4 (diff) | |
eCryptfs: move ecryptfs_find_auth_tok_for_sig() call before mutex_lock
The ecryptfs_find_auth_tok_for_sig() call is moved before the
mutex_lock(s->tfm_mutex) instruction in order to avoid possible deadlocks
that may occur by holding the lock on the two semaphores 'key->sem' and
's->tfm_mutex' in reverse order.
Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
Diffstat (limited to 'fs')
| -rw-r--r-- | fs/ecryptfs/keystore.c | 38 |
1 files changed, 19 insertions, 19 deletions
diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c index 3c4039cc18d1..d95dd505433e 100644 --- a/fs/ecryptfs/keystore.c +++ b/fs/ecryptfs/keystore.c | |||
| @@ -635,6 +635,16 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes, | |||
| 635 | } | 635 | } |
| 636 | s->desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP; | 636 | s->desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP; |
| 637 | (*packet_size) = 0; | 637 | (*packet_size) = 0; |
| 638 | rc = ecryptfs_find_auth_tok_for_sig( | ||
| 639 | &auth_tok_key, | ||
| 640 | &s->auth_tok, mount_crypt_stat, | ||
| 641 | mount_crypt_stat->global_default_fnek_sig); | ||
| 642 | if (rc) { | ||
| 643 | printk(KERN_ERR "%s: Error attempting to find auth tok for " | ||
| 644 | "fnek sig [%s]; rc = [%d]\n", __func__, | ||
| 645 | mount_crypt_stat->global_default_fnek_sig, rc); | ||
| 646 | goto out; | ||
| 647 | } | ||
| 638 | rc = ecryptfs_get_tfm_and_mutex_for_cipher_name( | 648 | rc = ecryptfs_get_tfm_and_mutex_for_cipher_name( |
| 639 | &s->desc.tfm, | 649 | &s->desc.tfm, |
| 640 | &s->tfm_mutex, mount_crypt_stat->global_default_fn_cipher_name); | 650 | &s->tfm_mutex, mount_crypt_stat->global_default_fn_cipher_name); |
| @@ -720,16 +730,6 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes, | |||
| 720 | goto out_free_unlock; | 730 | goto out_free_unlock; |
| 721 | } | 731 | } |
| 722 | dest[s->i++] = s->cipher_code; | 732 | dest[s->i++] = s->cipher_code; |
| 723 | rc = ecryptfs_find_auth_tok_for_sig( | ||
| 724 | &auth_tok_key, | ||
| 725 | &s->auth_tok, mount_crypt_stat, | ||
| 726 | mount_crypt_stat->global_default_fnek_sig); | ||
| 727 | if (rc) { | ||
| 728 | printk(KERN_ERR "%s: Error attempting to find auth tok for " | ||
| 729 | "fnek sig [%s]; rc = [%d]\n", __func__, | ||
| 730 | mount_crypt_stat->global_default_fnek_sig, rc); | ||
| 731 | goto out_free_unlock; | ||
| 732 | } | ||
| 733 | /* TODO: Support other key modules than passphrase for | 733 | /* TODO: Support other key modules than passphrase for |
| 734 | * filename encryption */ | 734 | * filename encryption */ |
| 735 | if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) { | 735 | if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) { |
| @@ -983,6 +983,15 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size, | |||
| 983 | __func__, s->cipher_code); | 983 | __func__, s->cipher_code); |
| 984 | goto out; | 984 | goto out; |
| 985 | } | 985 | } |
| 986 | rc = ecryptfs_find_auth_tok_for_sig(&auth_tok_key, | ||
| 987 | &s->auth_tok, mount_crypt_stat, | ||
| 988 | s->fnek_sig_hex); | ||
| 989 | if (rc) { | ||
| 990 | printk(KERN_ERR "%s: Error attempting to find auth tok for " | ||
| 991 | "fnek sig [%s]; rc = [%d]\n", __func__, s->fnek_sig_hex, | ||
| 992 | rc); | ||
| 993 | goto out; | ||
| 994 | } | ||
| 986 | rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&s->desc.tfm, | 995 | rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&s->desc.tfm, |
| 987 | &s->tfm_mutex, | 996 | &s->tfm_mutex, |
| 988 | s->cipher_string); | 997 | s->cipher_string); |
| @@ -1029,15 +1038,6 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size, | |||
| 1029 | * >= ECRYPTFS_MAX_IV_BYTES. */ | 1038 | * >= ECRYPTFS_MAX_IV_BYTES. */ |
| 1030 | memset(s->iv, 0, ECRYPTFS_MAX_IV_BYTES); | 1039 | memset(s->iv, 0, ECRYPTFS_MAX_IV_BYTES); |
| 1031 | s->desc.info = s->iv; | 1040 | s->desc.info = s->iv; |
| 1032 | rc = ecryptfs_find_auth_tok_for_sig(&auth_tok_key, | ||
| 1033 | &s->auth_tok, mount_crypt_stat, | ||
| 1034 | s->fnek_sig_hex); | ||
| 1035 | if (rc) { | ||
| 1036 | printk(KERN_ERR "%s: Error attempting to find auth tok for " | ||
| 1037 | "fnek sig [%s]; rc = [%d]\n", __func__, s->fnek_sig_hex, | ||
| 1038 | rc); | ||
| 1039 | goto out_free_unlock; | ||
| 1040 | } | ||
| 1041 | /* TODO: Support other key modules than passphrase for | 1041 | /* TODO: Support other key modules than passphrase for |
| 1042 | * filename encryption */ | 1042 | * filename encryption */ |
| 1043 | if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) { | 1043 | if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) { |