The patch titled
eCryptfs: Mutex fixes
has been added to the -mm tree. Its filename is
ecryptfs-crypto-functions-mutex-fixes.patch
See http://www.zip.com.au/~akpm/linux/patches/stuff/added-to-mm.txt to find
out what to do about this
------------------------------------------------------
Subject: eCryptfs: Mutex fixes
From: Michael Halcrow <mhalcrow@xxxxxxxxxx>
The MD5 TFM for an inode might be manipulated concurrently if two separate
reads on the same file occur. The crypt_stat struct for the same inode may
be manipulated concurrently if two open events on the same inode occur.
This patch adds mutex locks to resolve these issues.
Signed-off-by: Michael Halcrow <mhalcrow@xxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxx>
---
fs/ecryptfs/crypto.c | 2 ++
fs/ecryptfs/file.c | 6 ++++++
2 files changed, 8 insertions(+)
diff -puN fs/ecryptfs/crypto.c~ecryptfs-crypto-functions-mutex-fixes fs/ecryptfs/crypto.c
--- a/fs/ecryptfs/crypto.c~ecryptfs-crypto-functions-mutex-fixes
+++ a/fs/ecryptfs/crypto.c
@@ -86,6 +86,7 @@ int ecryptfs_calculate_md5(char *dst, st
int rc = 0;
struct scatterlist sg;
+ mutex_lock(&crypt_stat->cs_md5_tfm_mutex);
sg_init_one(&sg, (u8 *)src, len);
if (!crypt_stat->md5_tfm) {
crypt_stat->md5_tfm =
@@ -100,6 +101,7 @@ int ecryptfs_calculate_md5(char *dst, st
crypto_digest_init(crypt_stat->md5_tfm);
crypto_digest_update(crypt_stat->md5_tfm, &sg, 1);
crypto_digest_final(crypt_stat->md5_tfm, dst);
+ mutex_unlock(&crypt_stat->cs_md5_tfm_mutex);
out:
return rc;
}
diff -puN fs/ecryptfs/file.c~ecryptfs-crypto-functions-mutex-fixes fs/ecryptfs/file.c
--- a/fs/ecryptfs/file.c~ecryptfs-crypto-functions-mutex-fixes
+++ a/fs/ecryptfs/file.c
@@ -225,12 +225,14 @@ static int ecryptfs_open(struct inode *i
}
lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry);
crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat;
+ mutex_lock(&crypt_stat->cs_mutex);
if (!ECRYPTFS_CHECK_FLAG(crypt_stat->flags, ECRYPTFS_POLICY_APPLIED)) {
ecryptfs_printk(KERN_DEBUG, "Setting flags for stat...\n");
/* Policy code enabled in future release */
ECRYPTFS_SET_FLAG(crypt_stat->flags, ECRYPTFS_POLICY_APPLIED);
ECRYPTFS_SET_FLAG(crypt_stat->flags, ECRYPTFS_ENCRYPTED);
}
+ mutex_unlock(&crypt_stat->cs_mutex);
/* This mntget & dget is undone via fput when the file is released */
dget(lower_dentry);
lower_flags = file->f_flags;
@@ -256,10 +258,12 @@ static int ecryptfs_open(struct inode *i
rc = 0;
goto out;
}
+ mutex_lock(&crypt_stat->cs_mutex);
if (i_size_read(lower_inode) == 0) {
ecryptfs_printk(KERN_EMERG, "Zero-length lower file; "
"ecryptfs_create() had a problem?\n");
rc = -ENOENT;
+ mutex_unlock(&crypt_stat->cs_mutex);
goto out_puts;
} else if (!ECRYPTFS_CHECK_FLAG(crypt_stat->flags,
ECRYPTFS_POLICY_APPLIED)
@@ -276,9 +280,11 @@ static int ecryptfs_open(struct inode *i
* as-is to userspace. For release 0.1, we are
* going to default to -EIO. */
rc = -EIO;
+ mutex_unlock(&crypt_stat->cs_mutex);
goto out_puts;
}
}
+ mutex_unlock(&crypt_stat->cs_mutex);
ecryptfs_printk(KERN_DEBUG, "inode w/ addr = [0x%p], i_ino = [0x%.16x] "
"size: [0x%.16x]\n", inode, inode->i_ino,
i_size_read(inode));
_
Patches currently in -mm which might be from mhalcrow@xxxxxxxxxx are
lsm-remove-bsd-secure-level-security-module.patch
ecryptfs-fs-makefile-and-fs-kconfig.patch
ecryptfs-fs-makefile-and-fs-kconfig-kconfig-help-update.patch
ecryptfs-documentation.patch
ecryptfs-makefile.patch
ecryptfs-main-module-functions.patch
ecryptfs-header-declarations.patch
ecryptfs-superblock-operations.patch
ecryptfs-dentry-operations.patch
ecryptfs-file-operations.patch
ecryptfs-inode-operations.patch
ecryptfs-mmap-operations.patch
ecryptfs-mmap-operations-fix.patch
ecryptfs-keystore.patch
ecryptfs-crypto-functions.patch
ecryptfs-crypto-functions-mutex-fixes.patch
fs-ecryptfs-possible-cleanups.patch
ecryptfs-debug-functions.patch
ecryptfs-alpha-build-fix.patch
ecryptfs-convert-assert-to-bug_on.patch
ecryptfs-remove-pointless-bug_ons.patch
ecryptfs-remove-unnecessary-null-checks.patch
ecryptfs-rewrite-ecryptfs_fsync.patch
ecryptfs-overhaul-file-locking.patch
ecryptfs-dont-muck-with-the-existing-nameidata-structures.patch
ecryptfs-asm-scatterlisth-linux-scatterlisth.patch
ecryptfs-support-for-larger-maximum-key-size.patch
ecryptfs-add-codes-for-additional-ciphers.patch
ecryptfs-unencrypted-key-size-based-on-encrypted-key-size.patch
ecryptfs-packet-and-key-management-update-for-variable-key-size.patch
ecryptfs-add-ecryptfs_-prefix-to-mount-options-key-size-parameter.patch
ecryptfs-set-the-key-size-from-the-default-for-the-mount.patch
ecryptfs-check-for-weak-keys.patch
ecryptfs-add-define-values-for-cipher-codes-from-rfc2440-openpgp.patch
ecryptfs-convert-bits-to-bytes.patch
ecryptfs-more-elegant-aes-key-size-manipulation.patch
ecryptfs-more-intelligent-use-of-tfm-objects.patch
ecryptfs-remove-debugging-cruft.patch
ecryptfs-get_sb_dev-fix.patch
ecryptfs-validate-minimum-header-extent-size.patch
ecryptfs-validate-body-size.patch
ecryptfs-validate-packet-length-prior-to-parsing-add-comments.patch
ecryptfs-use-the-passed-in-max-value-as-the-upper-bound.patch
ecryptfs-change-the-maximum-size-check-when-writing-header.patch
ecryptfs-print-the-actual-option-that-is-problematic.patch
ecryptfs-add-a-maintainers-entry.patch
ecryptfs-partial-signed-integer-to-size_t-conversion-updated-ii.patch
ecryptfs-graceful-handling-of-mount-error.patch
ecryptfs-fix-printk-format-warnings.patch
ecryptfs-associate-vfsmount-with-dentry-rather-than-superblock.patch
-
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
