eCryptfs: Unlock keys needed by ecryptfsd
authorTyler Hicks <tyhicks@linux.vnet.ibm.com>
Wed, 27 Jul 2011 00:47:08 +0000 (19:47 -0500)
committerTyler Hicks <tyhicks@linux.vnet.ibm.com>
Fri, 29 Jul 2011 04:30:09 +0000 (23:30 -0500)
commitb2987a5e05ec7a1af7ca42e5d5349d7a22753031
treebe0a56d227b5f6b661c0f8eecf960b61051d05d6
parent55f9c40ff632d03c527d6a6ceddcda0a224587a6
eCryptfs: Unlock keys needed by ecryptfsd

Fixes a regression caused by b5695d04634fa4ccca7dcbc05bb4a66522f02e0b

Kernel keyring keys containing eCryptfs authentication tokens should not
be write locked when calling out to ecryptfsd to wrap and unwrap file
encryption keys. The eCryptfs kernel code can not hold the key's write
lock because ecryptfsd needs to request the key after receiving such a
request from the kernel.

Without this fix, all file opens and creates will timeout and fail when
using the eCryptfs PKI infrastructure. This is not an issue when using
passphrase-based mount keys, which is the most widely deployed eCryptfs
configuration.

Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
Acked-by: Roberto Sassu <roberto.sassu@polito.it>
Tested-by: Roberto Sassu <roberto.sassu@polito.it>
Tested-by: Alexis Hafner1 <haf@zurich.ibm.com>
Cc: <stable@kernel.org> [2.6.39+]
fs/ecryptfs/keystore.c