Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris...
[linux-3.10.git] / fs / ecryptfs / keystore.c
index d95dd50..c472533 100644 (file)
@@ -516,10 +516,11 @@ ecryptfs_find_global_auth_tok_for_sig(
                        goto out_invalid_auth_tok;
                }
 
+               down_write(&(walker->global_auth_tok_key->sem));
                rc = ecryptfs_verify_auth_tok_from_key(
                                walker->global_auth_tok_key, auth_tok);
                if (rc)
-                       goto out_invalid_auth_tok;
+                       goto out_invalid_auth_tok_unlock;
 
                (*auth_tok_key) = walker->global_auth_tok_key;
                key_get(*auth_tok_key);
@@ -527,6 +528,8 @@ ecryptfs_find_global_auth_tok_for_sig(
        }
        rc = -ENOENT;
        goto out;
+out_invalid_auth_tok_unlock:
+       up_write(&(walker->global_auth_tok_key->sem));
 out_invalid_auth_tok:
        printk(KERN_WARNING "Invalidating auth tok with sig = [%s]\n", sig);
        walker->flags |= ECRYPTFS_AUTH_TOK_INVALID;
@@ -596,8 +599,8 @@ struct ecryptfs_write_tag_70_packet_silly_stack {
        struct mutex *tfm_mutex;
        char *block_aligned_filename;
        struct ecryptfs_auth_tok *auth_tok;
-       struct scatterlist src_sg;
-       struct scatterlist dst_sg;
+       struct scatterlist src_sg[2];
+       struct scatterlist dst_sg[2];
        struct blkcipher_desc desc;
        char iv[ECRYPTFS_MAX_IV_BYTES];
        char hash[ECRYPTFS_TAG_70_DIGEST_SIZE];
@@ -813,23 +816,21 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes,
        memcpy(&s->block_aligned_filename[s->num_rand_bytes], filename,
               filename_size);
        rc = virt_to_scatterlist(s->block_aligned_filename,
-                                s->block_aligned_filename_size, &s->src_sg, 1);
-       if (rc != 1) {
+                                s->block_aligned_filename_size, s->src_sg, 2);
+       if (rc < 1) {
                printk(KERN_ERR "%s: Internal error whilst attempting to "
-                      "convert filename memory to scatterlist; "
-                      "expected rc = 1; got rc = [%d]. "
+                      "convert filename memory to scatterlist; rc = [%d]. "
                       "block_aligned_filename_size = [%zd]\n", __func__, rc,
                       s->block_aligned_filename_size);
                goto out_release_free_unlock;
        }
        rc = virt_to_scatterlist(&dest[s->i], s->block_aligned_filename_size,
-                                &s->dst_sg, 1);
-       if (rc != 1) {
+                                s->dst_sg, 2);
+       if (rc < 1) {
                printk(KERN_ERR "%s: Internal error whilst attempting to "
                       "convert encrypted filename memory to scatterlist; "
-                      "expected rc = 1; got rc = [%d]. "
-                      "block_aligned_filename_size = [%zd]\n", __func__, rc,
-                      s->block_aligned_filename_size);
+                      "rc = [%d]. block_aligned_filename_size = [%zd]\n",
+                      __func__, rc, s->block_aligned_filename_size);
                goto out_release_free_unlock;
        }
        /* The characters in the first block effectively do the job
@@ -852,7 +853,7 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes,
                       mount_crypt_stat->global_default_fn_cipher_key_bytes);
                goto out_release_free_unlock;
        }
-       rc = crypto_blkcipher_encrypt_iv(&s->desc, &s->dst_sg, &s->src_sg,
+       rc = crypto_blkcipher_encrypt_iv(&s->desc, s->dst_sg, s->src_sg,
                                         s->block_aligned_filename_size);
        if (rc) {
                printk(KERN_ERR "%s: Error attempting to encrypt filename; "
@@ -869,8 +870,10 @@ out_free_unlock:
 out_unlock:
        mutex_unlock(s->tfm_mutex);
 out:
-       if (auth_tok_key)
+       if (auth_tok_key) {
+               up_write(&(auth_tok_key->sem));
                key_put(auth_tok_key);
+       }
        kfree(s);
        return rc;
 }
@@ -886,8 +889,8 @@ struct ecryptfs_parse_tag_70_packet_silly_stack {
        struct mutex *tfm_mutex;
        char *decrypted_filename;
        struct ecryptfs_auth_tok *auth_tok;
-       struct scatterlist src_sg;
-       struct scatterlist dst_sg;
+       struct scatterlist src_sg[2];
+       struct scatterlist dst_sg[2];
        struct blkcipher_desc desc;
        char fnek_sig_hex[ECRYPTFS_SIG_SIZE_HEX + 1];
        char iv[ECRYPTFS_MAX_IV_BYTES];
@@ -1003,13 +1006,12 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size,
        }
        mutex_lock(s->tfm_mutex);
        rc = virt_to_scatterlist(&data[(*packet_size)],
-                                s->block_aligned_filename_size, &s->src_sg, 1);
-       if (rc != 1) {
+                                s->block_aligned_filename_size, s->src_sg, 2);
+       if (rc < 1) {
                printk(KERN_ERR "%s: Internal error whilst attempting to "
                       "convert encrypted filename memory to scatterlist; "
-                      "expected rc = 1; got rc = [%d]. "
-                      "block_aligned_filename_size = [%zd]\n", __func__, rc,
-                      s->block_aligned_filename_size);
+                      "rc = [%d]. block_aligned_filename_size = [%zd]\n",
+                      __func__, rc, s->block_aligned_filename_size);
                goto out_unlock;
        }
        (*packet_size) += s->block_aligned_filename_size;
@@ -1023,13 +1025,12 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size,
                goto out_unlock;
        }
        rc = virt_to_scatterlist(s->decrypted_filename,
-                                s->block_aligned_filename_size, &s->dst_sg, 1);
-       if (rc != 1) {
+                                s->block_aligned_filename_size, s->dst_sg, 2);
+       if (rc < 1) {
                printk(KERN_ERR "%s: Internal error whilst attempting to "
                       "convert decrypted filename memory to scatterlist; "
-                      "expected rc = 1; got rc = [%d]. "
-                      "block_aligned_filename_size = [%zd]\n", __func__, rc,
-                      s->block_aligned_filename_size);
+                      "rc = [%d]. block_aligned_filename_size = [%zd]\n",
+                      __func__, rc, s->block_aligned_filename_size);
                goto out_free_unlock;
        }
        /* The characters in the first block effectively do the job of
@@ -1060,7 +1061,7 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size,
                       mount_crypt_stat->global_default_fn_cipher_key_bytes);
                goto out_free_unlock;
        }
-       rc = crypto_blkcipher_decrypt_iv(&s->desc, &s->dst_sg, &s->src_sg,
+       rc = crypto_blkcipher_decrypt_iv(&s->desc, s->dst_sg, s->src_sg,
                                         s->block_aligned_filename_size);
        if (rc) {
                printk(KERN_ERR "%s: Error attempting to decrypt filename; "
@@ -1106,8 +1107,10 @@ out:
                (*filename_size) = 0;
                (*filename) = NULL;
        }
-       if (auth_tok_key)
+       if (auth_tok_key) {
+               up_write(&(auth_tok_key->sem));
                key_put(auth_tok_key);
+       }
        kfree(s);
        return rc;
 }
@@ -1632,15 +1635,19 @@ int ecryptfs_keyring_auth_tok_for_sig(struct key **auth_tok_key,
 
        (*auth_tok_key) = request_key(&key_type_user, sig, NULL);
        if (!(*auth_tok_key) || IS_ERR(*auth_tok_key)) {
-               printk(KERN_ERR "Could not find key with description: [%s]\n",
-                      sig);
-               rc = process_request_key_err(PTR_ERR(*auth_tok_key));
-               (*auth_tok_key) = NULL;
-               goto out;
+               (*auth_tok_key) = ecryptfs_get_encrypted_key(sig);
+               if (!(*auth_tok_key) || IS_ERR(*auth_tok_key)) {
+                       printk(KERN_ERR "Could not find key with description: [%s]\n",
+                             sig);
+                       rc = process_request_key_err(PTR_ERR(*auth_tok_key));
+                       (*auth_tok_key) = NULL;
+                       goto out;
+               }
        }
-
+       down_write(&(*auth_tok_key)->sem);
        rc = ecryptfs_verify_auth_tok_from_key(*auth_tok_key, auth_tok);
        if (rc) {
+               up_write(&(*auth_tok_key)->sem);
                key_put(*auth_tok_key);
                (*auth_tok_key) = NULL;
                goto out;
@@ -1865,6 +1872,7 @@ int ecryptfs_parse_packet_set(struct ecryptfs_crypt_stat *crypt_stat,
 find_next_matching_auth_tok:
        found_auth_tok = 0;
        if (auth_tok_key) {
+               up_write(&(auth_tok_key->sem));
                key_put(auth_tok_key);
                auth_tok_key = NULL;
        }
@@ -1951,8 +1959,10 @@ found_matching_auth_tok:
 out_wipe_list:
        wipe_auth_tok_list(&auth_tok_list);
 out:
-       if (auth_tok_key)
+       if (auth_tok_key) {
+               up_write(&(auth_tok_key->sem));
                key_put(auth_tok_key);
+       }
        return rc;
 }
 
@@ -2241,7 +2251,7 @@ write_tag_3_packet(char *dest, size_t *remaining_bytes,
                       auth_tok->token.password.session_key_encryption_key,
                       crypt_stat->key_size);
                ecryptfs_printk(KERN_DEBUG,
-                               "Cached session key " "encryption key: \n");
+                               "Cached session key encryption key:\n");
                if (ecryptfs_verbosity > 0)
                        ecryptfs_dump_hex(session_key_encryption_key, 16);
        }
@@ -2446,6 +2456,7 @@ ecryptfs_generate_key_packet_set(char *dest_base,
                        rc = -EINVAL;
                        goto out_free;
                }
+               up_write(&(auth_tok_key->sem));
                key_put(auth_tok_key);
                auth_tok_key = NULL;
        }
@@ -2460,8 +2471,10 @@ out_free:
 out:
        if (rc)
                (*len) = 0;
-       if (auth_tok_key)
+       if (auth_tok_key) {
+               up_write(&(auth_tok_key->sem));
                key_put(auth_tok_key);
+       }
 
        mutex_unlock(&crypt_stat->keysig_list_mutex);
        return rc;