Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / b5695d04634fa4ccca7dcbc05bb4a66522f02e0b^! / . / fs / ecryptfs / keystore.c
commitb5695d04634fa4ccca7dcbc05bb4a66522f02e0b[log] [tgz]
authorRoberto Sassu <roberto.sassu@polito.it>Mon Mar 21 16:00:55 2011 +0100
committerTyler Hicks <tyhicks@linux.vnet.ibm.com>Mon Mar 28 01:49:43 2011 -0500
tree568155380ea1b1fa3b9e68f68dd74cdd9d651229
parent950983fc04e02232e0d25717903461578a755ebb [diff] [blame]
eCryptfs: write lock requested keys

A requested key is write locked in order to prevent modifications on the
authentication token while it is being used.

Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>

diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c
index d95dd50..03e609c 100644
--- a/fs/ecryptfs/keystore.c
+++ b/fs/ecryptfs/keystore.c

@@ -516,10 +516,11 @@
 			goto out_invalid_auth_tok;
 		}
 
+		down_write(&(walker->global_auth_tok_key->sem));
 		rc = ecryptfs_verify_auth_tok_from_key(
 				walker->global_auth_tok_key, auth_tok);
 		if (rc)
-			goto out_invalid_auth_tok;
+			goto out_invalid_auth_tok_unlock;
 
 		(*auth_tok_key) = walker->global_auth_tok_key;
 		key_get(*auth_tok_key);
@@ -527,6 +528,8 @@
 	}
 	rc = -ENOENT;
 	goto out;
+out_invalid_auth_tok_unlock:
+	up_write(&(walker->global_auth_tok_key->sem));
 out_invalid_auth_tok:
 	printk(KERN_WARNING "Invalidating auth tok with sig = [%s]\n", sig);
 	walker->flags |= ECRYPTFS_AUTH_TOK_INVALID;
@@ -869,8 +872,10 @@
 out_unlock:
 	mutex_unlock(s->tfm_mutex);
 out:
-	if (auth_tok_key)
+	if (auth_tok_key) {
+		up_write(&(auth_tok_key->sem));
 		key_put(auth_tok_key);
+	}
 	kfree(s);
 	return rc;
 }
@@ -1106,8 +1111,10 @@
 		(*filename_size) = 0;
 		(*filename) = NULL;
 	}
-	if (auth_tok_key)
+	if (auth_tok_key) {
+		up_write(&(auth_tok_key->sem));
 		key_put(auth_tok_key);
+	}
 	kfree(s);
 	return rc;
 }
@@ -1638,9 +1645,10 @@
 		(*auth_tok_key) = NULL;
 		goto out;
 	}
-
+	down_write(&(*auth_tok_key)->sem);
 	rc = ecryptfs_verify_auth_tok_from_key(*auth_tok_key, auth_tok);
 	if (rc) {
+		up_write(&(*auth_tok_key)->sem);
 		key_put(*auth_tok_key);
 		(*auth_tok_key) = NULL;
 		goto out;
@@ -1865,6 +1873,7 @@
 find_next_matching_auth_tok:
 	found_auth_tok = 0;
 	if (auth_tok_key) {
+		up_write(&(auth_tok_key->sem));
 		key_put(auth_tok_key);
 		auth_tok_key = NULL;
 	}
@@ -1951,8 +1960,10 @@
 out_wipe_list:
 	wipe_auth_tok_list(&auth_tok_list);
 out:
-	if (auth_tok_key)
+	if (auth_tok_key) {
+		up_write(&(auth_tok_key->sem));
 		key_put(auth_tok_key);
+	}
 	return rc;
 }
 
@@ -2446,6 +2457,7 @@
 			rc = -EINVAL;
 			goto out_free;
 		}
+		up_write(&(auth_tok_key->sem));
 		key_put(auth_tok_key);
 		auth_tok_key = NULL;
 	}
@@ -2460,8 +2472,10 @@
 out:
 	if (rc)
 		(*len) = 0;
-	if (auth_tok_key)
+	if (auth_tok_key) {
+		up_write(&(auth_tok_key->sem));
 		key_put(auth_tok_key);
+	}
 
 	mutex_unlock(&crypt_stat->keysig_list_mutex);
 	return rc;