← Back to branch summary

~ubuntu-branches/ubuntu/precise/linux-ti-omap4/precise

« back to all changes in this revision

Viewing changes to fs/ecryptfs/keystore.c

  • Committer: Bazaar Package Importer
  • Author(s): Paolo Pisati
  • Date: 2011-06-29 15:23:51 UTC
  • mfrom: (26.1.1 natty-proposed)
  • Revision ID: james.westby@ubuntu.com-20110629152351-xs96tm303d95rpbk
Tags: 3.0.0-1200.2
* Rebased against 3.0.0-6.7
* BSP from TI based on 3.0.0

Show diffs side-by-side

added added

removed removed

Lines of Context:
fs/ecryptfs/keystore.c
65
65
        return rc;
66
66
}
67
67
 
 
68
static int process_find_global_auth_tok_for_sig_err(int err_code)
 
69
{
 
70
        int rc = err_code;
 
71
 
 
72
        switch (err_code) {
 
73
        case -ENOENT:
 
74
                ecryptfs_printk(KERN_WARNING, "Missing auth tok\n");
 
75
                break;
 
76
        case -EINVAL:
 
77
                ecryptfs_printk(KERN_WARNING, "Invalid auth tok\n");
 
78
                break;
 
79
        default:
 
80
                rc = process_request_key_err(err_code);
 
81
                break;
 
82
        }
 
83
        return rc;
 
84
}
 
85
 
68
86
/**
69
87
 * ecryptfs_parse_packet_length
70
88
 * @data: Pointer to memory containing length at offset
403
421
        return rc;
404
422
}
405
423
 
 
424
/**
 
425
 * ecryptfs_verify_version
 
426
 * @version: The version number to confirm
 
427
 *
 
428
 * Returns zero on good version; non-zero otherwise
 
429
 */
 
430
static int ecryptfs_verify_version(u16 version)
 
431
{
 
432
        int rc = 0;
 
433
        unsigned char major;
 
434
        unsigned char minor;
 
435
 
 
436
        major = ((version >> 8) & 0xFF);
 
437
        minor = (version & 0xFF);
 
438
        if (major != ECRYPTFS_VERSION_MAJOR) {
 
439
                ecryptfs_printk(KERN_ERR, "Major version number mismatch. "
 
440
                                "Expected [%d]; got [%d]\n",
 
441
                                ECRYPTFS_VERSION_MAJOR, major);
 
442
                rc = -EINVAL;
 
443
                goto out;
 
444
        }
 
445
        if (minor != ECRYPTFS_VERSION_MINOR) {
 
446
                ecryptfs_printk(KERN_ERR, "Minor version number mismatch. "
 
447
                                "Expected [%d]; got [%d]\n",
 
448
                                ECRYPTFS_VERSION_MINOR, minor);
 
449
                rc = -EINVAL;
 
450
                goto out;
 
451
        }
 
452
out:
 
453
        return rc;
 
454
}
 
455
 
 
456
/**
 
457
 * ecryptfs_verify_auth_tok_from_key
 
458
 * @auth_tok_key: key containing the authentication token
 
459
 * @auth_tok: authentication token
 
460
 *
 
461
 * Returns zero on valid auth tok; -EINVAL otherwise
 
462
 */
 
463
static int
 
464
ecryptfs_verify_auth_tok_from_key(struct key *auth_tok_key,
 
465
                                  struct ecryptfs_auth_tok **auth_tok)
 
466
{
 
467
        int rc = 0;
 
468
 
 
469
        (*auth_tok) = ecryptfs_get_key_payload_data(auth_tok_key);
 
470
        if (ecryptfs_verify_version((*auth_tok)->version)) {
 
471
                printk(KERN_ERR "Data structure version mismatch. Userspace "
 
472
                       "tools must match eCryptfs kernel module with major "
 
473
                       "version [%d] and minor version [%d]\n",
 
474
                       ECRYPTFS_VERSION_MAJOR, ECRYPTFS_VERSION_MINOR);
 
475
                rc = -EINVAL;
 
476
                goto out;
 
477
        }
 
478
        if ((*auth_tok)->token_type != ECRYPTFS_PASSWORD
 
479
            && (*auth_tok)->token_type != ECRYPTFS_PRIVATE_KEY) {
 
480
                printk(KERN_ERR "Invalid auth_tok structure "
 
481
                       "returned from key query\n");
 
482
                rc = -EINVAL;
 
483
                goto out;
 
484
        }
 
485
out:
 
486
        return rc;
 
487
}
 
488
 
406
489
static int
407
490
ecryptfs_find_global_auth_tok_for_sig(
408
 
        struct ecryptfs_global_auth_tok **global_auth_tok,
 
491
        struct key **auth_tok_key,
 
492
        struct ecryptfs_auth_tok **auth_tok,
409
493
        struct ecryptfs_mount_crypt_stat *mount_crypt_stat, char *sig)
410
494
{
411
495
        struct ecryptfs_global_auth_tok *walker;
412
496
        int rc = 0;
413
497
 
414
 
        (*global_auth_tok) = NULL;
 
498
        (*auth_tok_key) = NULL;
 
499
        (*auth_tok) = NULL;
415
500
        mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex);
416
501
        list_for_each_entry(walker,
417
502
                            &mount_crypt_stat->global_auth_tok_list,
418
503
                            mount_crypt_stat_list) {
419
 
                if (memcmp(walker->sig, sig, ECRYPTFS_SIG_SIZE_HEX) == 0) {
420
 
                        rc = key_validate(walker->global_auth_tok_key);
421
 
                        if (!rc)
422
 
                                (*global_auth_tok) = walker;
 
504
                if (memcmp(walker->sig, sig, ECRYPTFS_SIG_SIZE_HEX))
 
505
                        continue;
 
506
 
 
507
                if (walker->flags & ECRYPTFS_AUTH_TOK_INVALID) {
 
508
                        rc = -EINVAL;
423
509
                        goto out;
424
510
                }
 
511
 
 
512
                rc = key_validate(walker->global_auth_tok_key);
 
513
                if (rc) {
 
514
                        if (rc == -EKEYEXPIRED)
 
515
                                goto out;
 
516
                        goto out_invalid_auth_tok;
 
517
                }
 
518
 
 
519
                down_write(&(walker->global_auth_tok_key->sem));
 
520
                rc = ecryptfs_verify_auth_tok_from_key(
 
521
                                walker->global_auth_tok_key, auth_tok);
 
522
                if (rc)
 
523
                        goto out_invalid_auth_tok_unlock;
 
524
 
 
525
                (*auth_tok_key) = walker->global_auth_tok_key;
 
526
                key_get(*auth_tok_key);
 
527
                goto out;
425
528
        }
426
 
        rc = -EINVAL;
 
529
        rc = -ENOENT;
 
530
        goto out;
 
531
out_invalid_auth_tok_unlock:
 
532
        up_write(&(walker->global_auth_tok_key->sem));
 
533
out_invalid_auth_tok:
 
534
        printk(KERN_WARNING "Invalidating auth tok with sig = [%s]\n", sig);
 
535
        walker->flags |= ECRYPTFS_AUTH_TOK_INVALID;
 
536
        key_put(walker->global_auth_tok_key);
 
537
        walker->global_auth_tok_key = NULL;
427
538
out:
428
539
        mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex);
429
540
        return rc;
451
562
        struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
452
563
        char *sig)
453
564
{
454
 
        struct ecryptfs_global_auth_tok *global_auth_tok;
455
565
        int rc = 0;
456
566
 
457
 
        (*auth_tok_key) = NULL;
458
 
        (*auth_tok) = NULL;
459
 
        if (ecryptfs_find_global_auth_tok_for_sig(&global_auth_tok,
460
 
                                                  mount_crypt_stat, sig)) {
461
 
 
 
567
        rc = ecryptfs_find_global_auth_tok_for_sig(auth_tok_key, auth_tok,
 
568
                                                   mount_crypt_stat, sig);
 
569
        if (rc == -ENOENT) {
462
570
                /* if the flag ECRYPTFS_GLOBAL_MOUNT_AUTH_TOK_ONLY is set in the
463
571
                 * mount_crypt_stat structure, we prevent to use auth toks that
464
572
                 * are not inserted through the ecryptfs_add_global_auth_tok
470
578
 
471
579
                rc = ecryptfs_keyring_auth_tok_for_sig(auth_tok_key, auth_tok,
472
580
                                                       sig);
473
 
        } else
474
 
                (*auth_tok) = global_auth_tok->global_auth_tok;
 
581
        }
475
582
        return rc;
476
583
}
477
584
 
492
599
        struct mutex *tfm_mutex;
493
600
        char *block_aligned_filename;
494
601
        struct ecryptfs_auth_tok *auth_tok;
495
 
        struct scatterlist src_sg;
496
 
        struct scatterlist dst_sg;
 
602
        struct scatterlist src_sg[2];
 
603
        struct scatterlist dst_sg[2];
497
604
        struct blkcipher_desc desc;
498
605
        char iv[ECRYPTFS_MAX_IV_BYTES];
499
606
        char hash[ECRYPTFS_TAG_70_DIGEST_SIZE];
531
638
        }
532
639
        s->desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
533
640
        (*packet_size) = 0;
 
641
        rc = ecryptfs_find_auth_tok_for_sig(
 
642
                &auth_tok_key,
 
643
                &s->auth_tok, mount_crypt_stat,
 
644
                mount_crypt_stat->global_default_fnek_sig);
 
645
        if (rc) {
 
646
                printk(KERN_ERR "%s: Error attempting to find auth tok for "
 
647
                       "fnek sig [%s]; rc = [%d]\n", __func__,
 
648
                       mount_crypt_stat->global_default_fnek_sig, rc);
 
649
                goto out;
 
650
        }
534
651
        rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(
535
652
                &s->desc.tfm,
536
653
                &s->tfm_mutex, mount_crypt_stat->global_default_fn_cipher_name);
616
733
                goto out_free_unlock;
617
734
        }
618
735
        dest[s->i++] = s->cipher_code;
619
 
        rc = ecryptfs_find_auth_tok_for_sig(
620
 
                &auth_tok_key,
621
 
                &s->auth_tok, mount_crypt_stat,
622
 
                mount_crypt_stat->global_default_fnek_sig);
623
 
        if (rc) {
624
 
                printk(KERN_ERR "%s: Error attempting to find auth tok for "
625
 
                       "fnek sig [%s]; rc = [%d]\n", __func__,
626
 
                       mount_crypt_stat->global_default_fnek_sig, rc);
627
 
                goto out_free_unlock;
628
 
        }
629
736
        /* TODO: Support other key modules than passphrase for
630
737
         * filename encryption */
631
738
        if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) {
709
816
        memcpy(&s->block_aligned_filename[s->num_rand_bytes], filename,
710
817
               filename_size);
711
818
        rc = virt_to_scatterlist(s->block_aligned_filename,
712
 
                                 s->block_aligned_filename_size, &s->src_sg, 1);
713
 
        if (rc != 1) {
 
819
                                 s->block_aligned_filename_size, s->src_sg, 2);
 
820
        if (rc < 1) {
714
821
                printk(KERN_ERR "%s: Internal error whilst attempting to "
715
 
                       "convert filename memory to scatterlist; "
716
 
                       "expected rc = 1; got rc = [%d]. "
 
822
                       "convert filename memory to scatterlist; rc = [%d]. "
717
823
                       "block_aligned_filename_size = [%zd]\n", __func__, rc,
718
824
                       s->block_aligned_filename_size);
719
825
                goto out_release_free_unlock;
720
826
        }
721
827
        rc = virt_to_scatterlist(&dest[s->i], s->block_aligned_filename_size,
722
 
                                 &s->dst_sg, 1);
723
 
        if (rc != 1) {
 
828
                                 s->dst_sg, 2);
 
829
        if (rc < 1) {
724
830
                printk(KERN_ERR "%s: Internal error whilst attempting to "
725
831
                       "convert encrypted filename memory to scatterlist; "
726
 
                       "expected rc = 1; got rc = [%d]. "
727
 
                       "block_aligned_filename_size = [%zd]\n", __func__, rc,
728
 
                       s->block_aligned_filename_size);
 
832
                       "rc = [%d]. block_aligned_filename_size = [%zd]\n",
 
833
                       __func__, rc, s->block_aligned_filename_size);
729
834
                goto out_release_free_unlock;
730
835
        }
731
836
        /* The characters in the first block effectively do the job
748
853
                       mount_crypt_stat->global_default_fn_cipher_key_bytes);
749
854
                goto out_release_free_unlock;
750
855
        }
751
 
        rc = crypto_blkcipher_encrypt_iv(&s->desc, &s->dst_sg, &s->src_sg,
 
856
        rc = crypto_blkcipher_encrypt_iv(&s->desc, s->dst_sg, s->src_sg,
752
857
                                         s->block_aligned_filename_size);
753
858
        if (rc) {
754
859
                printk(KERN_ERR "%s: Error attempting to encrypt filename; "
765
870
out_unlock:
766
871
        mutex_unlock(s->tfm_mutex);
767
872
out:
768
 
        if (auth_tok_key)
 
873
        if (auth_tok_key) {
 
874
                up_write(&(auth_tok_key->sem));
769
875
                key_put(auth_tok_key);
 
876
        }
770
877
        kfree(s);
771
878
        return rc;
772
879
}
782
889
        struct mutex *tfm_mutex;
783
890
        char *decrypted_filename;
784
891
        struct ecryptfs_auth_tok *auth_tok;
785
 
        struct scatterlist src_sg;
786
 
        struct scatterlist dst_sg;
 
892
        struct scatterlist src_sg[2];
 
893
        struct scatterlist dst_sg[2];
787
894
        struct blkcipher_desc desc;
788
895
        char fnek_sig_hex[ECRYPTFS_SIG_SIZE_HEX + 1];
789
896
        char iv[ECRYPTFS_MAX_IV_BYTES];
879
986
                       __func__, s->cipher_code);
880
987
                goto out;
881
988
        }
 
989
        rc = ecryptfs_find_auth_tok_for_sig(&auth_tok_key,
 
990
                                            &s->auth_tok, mount_crypt_stat,
 
991
                                            s->fnek_sig_hex);
 
992
        if (rc) {
 
993
                printk(KERN_ERR "%s: Error attempting to find auth tok for "
 
994
                       "fnek sig [%s]; rc = [%d]\n", __func__, s->fnek_sig_hex,
 
995
                       rc);
 
996
                goto out;
 
997
        }
882
998
        rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&s->desc.tfm,
883
999
                                                        &s->tfm_mutex,
884
1000
                                                        s->cipher_string);
890
1006
        }
891
1007
        mutex_lock(s->tfm_mutex);
892
1008
        rc = virt_to_scatterlist(&data[(*packet_size)],
893
 
                                 s->block_aligned_filename_size, &s->src_sg, 1);
894
 
        if (rc != 1) {
 
1009
                                 s->block_aligned_filename_size, s->src_sg, 2);
 
1010
        if (rc < 1) {
895
1011
                printk(KERN_ERR "%s: Internal error whilst attempting to "
896
1012
                       "convert encrypted filename memory to scatterlist; "
897
 
                       "expected rc = 1; got rc = [%d]. "
898
 
                       "block_aligned_filename_size = [%zd]\n", __func__, rc,
899
 
                       s->block_aligned_filename_size);
 
1013
                       "rc = [%d]. block_aligned_filename_size = [%zd]\n",
 
1014
                       __func__, rc, s->block_aligned_filename_size);
900
1015
                goto out_unlock;
901
1016
        }
902
1017
        (*packet_size) += s->block_aligned_filename_size;
910
1025
                goto out_unlock;
911
1026
        }
912
1027
        rc = virt_to_scatterlist(s->decrypted_filename,
913
 
                                 s->block_aligned_filename_size, &s->dst_sg, 1);
914
 
        if (rc != 1) {
 
1028
                                 s->block_aligned_filename_size, s->dst_sg, 2);
 
1029
        if (rc < 1) {
915
1030
                printk(KERN_ERR "%s: Internal error whilst attempting to "
916
1031
                       "convert decrypted filename memory to scatterlist; "
917
 
                       "expected rc = 1; got rc = [%d]. "
918
 
                       "block_aligned_filename_size = [%zd]\n", __func__, rc,
919
 
                       s->block_aligned_filename_size);
 
1032
                       "rc = [%d]. block_aligned_filename_size = [%zd]\n",
 
1033
                       __func__, rc, s->block_aligned_filename_size);
920
1034
                goto out_free_unlock;
921
1035
        }
922
1036
        /* The characters in the first block effectively do the job of
925
1039
         * >= ECRYPTFS_MAX_IV_BYTES. */
926
1040
        memset(s->iv, 0, ECRYPTFS_MAX_IV_BYTES);
927
1041
        s->desc.info = s->iv;
928
 
        rc = ecryptfs_find_auth_tok_for_sig(&auth_tok_key,
929
 
                                            &s->auth_tok, mount_crypt_stat,
930
 
                                            s->fnek_sig_hex);
931
 
        if (rc) {
932
 
                printk(KERN_ERR "%s: Error attempting to find auth tok for "
933
 
                       "fnek sig [%s]; rc = [%d]\n", __func__, s->fnek_sig_hex,
934
 
                       rc);
935
 
                goto out_free_unlock;
936
 
        }
937
1042
        /* TODO: Support other key modules than passphrase for
938
1043
         * filename encryption */
939
1044
        if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) {
956
1061
                       mount_crypt_stat->global_default_fn_cipher_key_bytes);
957
1062
                goto out_free_unlock;
958
1063
        }
959
 
        rc = crypto_blkcipher_decrypt_iv(&s->desc, &s->dst_sg, &s->src_sg,
 
1064
        rc = crypto_blkcipher_decrypt_iv(&s->desc, s->dst_sg, s->src_sg,
960
1065
                                         s->block_aligned_filename_size);
961
1066
        if (rc) {
962
1067
                printk(KERN_ERR "%s: Error attempting to decrypt filename; "
1002
1107
                (*filename_size) = 0;
1003
1108
                (*filename) = NULL;
1004
1109
        }
1005
 
        if (auth_tok_key)
 
1110
        if (auth_tok_key) {
 
1111
                up_write(&(auth_tok_key->sem));
1006
1112
                key_put(auth_tok_key);
 
1113
        }
1007
1114
        kfree(s);
1008
1115
        return rc;
1009
1116
}
1520
1627
        return rc;
1521
1628
}
1522
1629
 
1523
 
/**
1524
 
 * ecryptfs_verify_version
1525
 
 * @version: The version number to confirm
1526
 
 *
1527
 
 * Returns zero on good version; non-zero otherwise
1528
 
 */
1529
 
static int ecryptfs_verify_version(u16 version)
1530
 
{
1531
 
        int rc = 0;
1532
 
        unsigned char major;
1533
 
        unsigned char minor;
1534
 
 
1535
 
        major = ((version >> 8) & 0xFF);
1536
 
        minor = (version & 0xFF);
1537
 
        if (major != ECRYPTFS_VERSION_MAJOR) {
1538
 
                ecryptfs_printk(KERN_ERR, "Major version number mismatch. "
1539
 
                                "Expected [%d]; got [%d]\n",
1540
 
                                ECRYPTFS_VERSION_MAJOR, major);
1541
 
                rc = -EINVAL;
1542
 
                goto out;
1543
 
        }
1544
 
        if (minor != ECRYPTFS_VERSION_MINOR) {
1545
 
                ecryptfs_printk(KERN_ERR, "Minor version number mismatch. "
1546
 
                                "Expected [%d]; got [%d]\n",
1547
 
                                ECRYPTFS_VERSION_MINOR, minor);
1548
 
                rc = -EINVAL;
1549
 
                goto out;
1550
 
        }
1551
 
out:
1552
 
        return rc;
1553
 
}
1554
 
 
1555
1630
int ecryptfs_keyring_auth_tok_for_sig(struct key **auth_tok_key,
1556
1631
                                      struct ecryptfs_auth_tok **auth_tok,
1557
1632
                                      char *sig)
1566
1641
                (*auth_tok_key) = NULL;
1567
1642
                goto out;
1568
1643
        }
1569
 
        (*auth_tok) = ecryptfs_get_key_payload_data(*auth_tok_key);
1570
 
        if (ecryptfs_verify_version((*auth_tok)->version)) {
1571
 
                printk(KERN_ERR
1572
 
                       "Data structure version mismatch. "
1573
 
                       "Userspace tools must match eCryptfs "
1574
 
                       "kernel module with major version [%d] "
1575
 
                       "and minor version [%d]\n",
1576
 
                       ECRYPTFS_VERSION_MAJOR,
1577
 
                       ECRYPTFS_VERSION_MINOR);
1578
 
                rc = -EINVAL;
1579
 
                goto out_release_key;
1580
 
        }
1581
 
        if ((*auth_tok)->token_type != ECRYPTFS_PASSWORD
1582
 
            && (*auth_tok)->token_type != ECRYPTFS_PRIVATE_KEY) {
1583
 
                printk(KERN_ERR "Invalid auth_tok structure "
1584
 
                       "returned from key query\n");
1585
 
                rc = -EINVAL;
1586
 
                goto out_release_key;
1587
 
        }
1588
 
out_release_key:
 
1644
        down_write(&(*auth_tok_key)->sem);
 
1645
        rc = ecryptfs_verify_auth_tok_from_key(*auth_tok_key, auth_tok);
1589
1646
        if (rc) {
 
1647
                up_write(&(*auth_tok_key)->sem);
1590
1648
                key_put(*auth_tok_key);
1591
1649
                (*auth_tok_key) = NULL;
 
1650
                goto out;
1592
1651
        }
1593
1652
out:
1594
1653
        return rc;
1810
1869
find_next_matching_auth_tok:
1811
1870
        found_auth_tok = 0;
1812
1871
        if (auth_tok_key) {
 
1872
                up_write(&(auth_tok_key->sem));
1813
1873
                key_put(auth_tok_key);
1814
1874
                auth_tok_key = NULL;
1815
1875
        }
1896
1956
out_wipe_list:
1897
1957
        wipe_auth_tok_list(&auth_tok_list);
1898
1958
out:
1899
 
        if (auth_tok_key)
 
1959
        if (auth_tok_key) {
 
1960
                up_write(&(auth_tok_key->sem));
1900
1961
                key_put(auth_tok_key);
 
1962
        }
1901
1963
        return rc;
1902
1964
}
1903
1965
 
2325
2387
                                 size_t max)
2326
2388
{
2327
2389
        struct ecryptfs_auth_tok *auth_tok;
2328
 
        struct ecryptfs_global_auth_tok *global_auth_tok;
 
2390
        struct key *auth_tok_key = NULL;
2329
2391
        struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
2330
2392
                &ecryptfs_superblock_to_private(
2331
2393
                        ecryptfs_dentry->d_sb)->mount_crypt_stat;
2344
2406
        list_for_each_entry(key_sig, &crypt_stat->keysig_list,
2345
2407
                            crypt_stat_list) {
2346
2408
                memset(key_rec, 0, sizeof(*key_rec));
2347
 
                rc = ecryptfs_find_global_auth_tok_for_sig(&global_auth_tok,
 
2409
                rc = ecryptfs_find_global_auth_tok_for_sig(&auth_tok_key,
 
2410
                                                           &auth_tok,
2348
2411
                                                           mount_crypt_stat,
2349
2412
                                                           key_sig->keysig);
2350
2413
                if (rc) {
2351
 
                        printk(KERN_ERR "Error attempting to get the global "
2352
 
                               "auth_tok; rc = [%d]\n", rc);
 
2414
                        printk(KERN_WARNING "Unable to retrieve auth tok with "
 
2415
                               "sig = [%s]\n", key_sig->keysig);
 
2416
                        rc = process_find_global_auth_tok_for_sig_err(rc);
2353
2417
                        goto out_free;
2354
2418
                }
2355
 
                if (global_auth_tok->flags & ECRYPTFS_AUTH_TOK_INVALID) {
2356
 
                        printk(KERN_WARNING
2357
 
                               "Skipping invalid auth tok with sig = [%s]\n",
2358
 
                               global_auth_tok->sig);
2359
 
                        continue;
2360
 
                }
2361
 
                auth_tok = global_auth_tok->global_auth_tok;
2362
2419
                if (auth_tok->token_type == ECRYPTFS_PASSWORD) {
2363
2420
                        rc = write_tag_3_packet((dest_base + (*len)),
2364
2421
                                                &max, auth_tok,
2396
2453
                        rc = -EINVAL;
2397
2454
                        goto out_free;
2398
2455
                }
 
2456
                up_write(&(auth_tok_key->sem));
 
2457
                key_put(auth_tok_key);
 
2458
                auth_tok_key = NULL;
2399
2459
        }
2400
2460
        if (likely(max > 0)) {
2401
2461
                dest_base[(*len)] = 0x00;
2408
2468
out:
2409
2469
        if (rc)
2410
2470
                (*len) = 0;
 
2471
        if (auth_tok_key) {
 
2472
                up_write(&(auth_tok_key->sem));
 
2473
                key_put(auth_tok_key);
 
2474
        }
 
2475
 
2411
2476
        mutex_unlock(&crypt_stat->keysig_list_mutex);
2412
2477
        return rc;
2413
2478
}
2425
2490
                return -ENOMEM;
2426
2491
        }
2427
2492
        memcpy(new_key_sig->keysig, sig, ECRYPTFS_SIG_SIZE_HEX);
 
2493
        new_key_sig->keysig[ECRYPTFS_SIG_SIZE_HEX] = '\0';
2428
2494
        /* Caller must hold keysig_list_mutex */
2429
2495
        list_add(&new_key_sig->crypt_stat_list, &crypt_stat->keysig_list);
2430
2496
 
2454
2520
        mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex);
2455
2521
        list_add(&new_auth_tok->mount_crypt_stat_list,
2456
2522
                 &mount_crypt_stat->global_auth_tok_list);
2457
 
        mount_crypt_stat->num_global_auth_toks++;
2458
2523
        mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex);
2459
2524
out:
2460
2525
        return rc;