eCryptfs: write lock requested keys

author Roberto Sassu <roberto.sassu@polito.it>

Mon, 21 Mar 2011 15:00:55 +0000 (16:00 +0100)

committer Tyler Hicks <tyhicks@linux.vnet.ibm.com>

Mon, 28 Mar 2011 06:49:43 +0000 (01:49 -0500)
author Roberto Sassu <roberto.sassu@polito.it>
Mon, 21 Mar 2011 15:00:55 +0000 (16:00 +0100)
committer Tyler Hicks <tyhicks@linux.vnet.ibm.com>
Mon, 28 Mar 2011 06:49:43 +0000 (01:49 -0500)
diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c

index d95dd505433e90f20ba88902dba20f0638e4d225..03e609c450120674673a5a6e07460b2014751ed0 100644 (file)
--- a/fs/ecryptfs/keystore.c
+++ b/fs/ecryptfs/keystore.c
@@ -516,10 +516,11 @@ ecryptfs_find_global_auth_tok_for_sig(
                         goto out_invalid_auth_tok;
                 }
  
+               down_write(&(walker->global_auth_tok_key->sem));
                 rc = ecryptfs_verify_auth_tok_from_key(
                                 walker->global_auth_tok_key, auth_tok);
                 if (rc)
-                       goto out_invalid_auth_tok;
+                       goto out_invalid_auth_tok_unlock;
  
                 (*auth_tok_key) = walker->global_auth_tok_key;
                 key_get(*auth_tok_key);
@@ -527,6 +528,8 @@ ecryptfs_find_global_auth_tok_for_sig(
         }
         rc = -ENOENT;
         goto out;
+out_invalid_auth_tok_unlock:
+       up_write(&(walker->global_auth_tok_key->sem));
  out_invalid_auth_tok:
         printk(KERN_WARNING "Invalidating auth tok with sig = [%s]\n", sig);
         walker->flags |= ECRYPTFS_AUTH_TOK_INVALID;
@@ -869,8 +872,10 @@ out_free_unlock:
  out_unlock:
         mutex_unlock(s->tfm_mutex);
  out:
-       if (auth_tok_key)
+       if (auth_tok_key) {
+               up_write(&(auth_tok_key->sem));
                 key_put(auth_tok_key);
+       }
         kfree(s);
         return rc;
  }
@@ -1106,8 +1111,10 @@ out:
                 (*filename_size) = 0;
                 (*filename) = NULL;
         }
-       if (auth_tok_key)
+       if (auth_tok_key) {
+               up_write(&(auth_tok_key->sem));
                 key_put(auth_tok_key);
+       }
         kfree(s);
         return rc;
  }
@@ -1638,9 +1645,10 @@ int ecryptfs_keyring_auth_tok_for_sig(struct key **auth_tok_key,
                 (*auth_tok_key) = NULL;
                 goto out;
         }
-
+       down_write(&(*auth_tok_key)->sem);
         rc = ecryptfs_verify_auth_tok_from_key(*auth_tok_key, auth_tok);
         if (rc) {
+               up_write(&(*auth_tok_key)->sem);
                 key_put(*auth_tok_key);
                 (*auth_tok_key) = NULL;
                 goto out;
@@ -1865,6 +1873,7 @@ int ecryptfs_parse_packet_set(struct ecryptfs_crypt_stat *crypt_stat,
  find_next_matching_auth_tok:
         found_auth_tok = 0;
         if (auth_tok_key) {
+               up_write(&(auth_tok_key->sem));
                 key_put(auth_tok_key);
                 auth_tok_key = NULL;
         }
@@ -1951,8 +1960,10 @@ found_matching_auth_tok:
  out_wipe_list:
         wipe_auth_tok_list(&auth_tok_list);
  out:
-       if (auth_tok_key)
+       if (auth_tok_key) {
+               up_write(&(auth_tok_key->sem));
                 key_put(auth_tok_key);
+       }
         return rc;
  }
  
@@ -2446,6 +2457,7 @@ ecryptfs_generate_key_packet_set(char *dest_base,
                         rc = -EINVAL;
                         goto out_free;
                 }
+               up_write(&(auth_tok_key->sem));
                 key_put(auth_tok_key);
                 auth_tok_key = NULL;
         }
@@ -2460,8 +2472,10 @@ out_free:
  out:
         if (rc)
                 (*len) = 0;
-       if (auth_tok_key)
+       if (auth_tok_key) {
+               up_write(&(auth_tok_key->sem));
                 key_put(auth_tok_key);
+       }
  
         mutex_unlock(&crypt_stat->keysig_list_mutex);
         return rc;
diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c

index 520d05f5ad01ed13e679df57bc86ce51c7244e40..c27c0ecf90bcec2394b5f44eece394fe3a7acb26 100644 (file)
--- a/fs/ecryptfs/main.c
+++ b/fs/ecryptfs/main.c
@@ -254,8 +254,10 @@ static int ecryptfs_init_global_auth_toks(
                                "option: [%s]\n", global_auth_tok->sig);
                         global_auth_tok->flags |= ECRYPTFS_AUTH_TOK_INVALID;
                         goto out;
-               } else
+               } else {
                         global_auth_tok->flags &= ~ECRYPTFS_AUTH_TOK_INVALID;
+                       up_write(&(global_auth_tok->global_auth_tok_key)->sem);
+               }
         }
  out:
         return rc;
author	Roberto Sassu <roberto.sassu@polito.it>
	Mon, 21 Mar 2011 15:00:55 +0000 (16:00 +0100)
committer	Tyler Hicks <tyhicks@linux.vnet.ibm.com>
	Mon, 28 Mar 2011 06:49:43 +0000 (01:49 -0500)
fs/ecryptfs/keystore.c		patch \| blob \| blame \| history
fs/ecryptfs/main.c		patch \| blob \| blame \| history