summaryrefslogtreecommitdiffstats
path: root/security/integrity
diff options
context:
space:
mode:
authorDmitry Kasatkin <dmitry.kasatkin@intel.com>2011-12-05 12:17:42 +0100
committerJames Morris <jmorris@namei.org>2011-12-08 00:06:12 +0100
commit143b01d33221e4937d3930e6bb2b63d70b7c7a65 (patch)
tree5cae452fecfd8b1fb6b0ae1f159929ada81d8b1f /security/integrity
parentevm: key must be set once during initialization (diff)
downloadlinux-143b01d33221e4937d3930e6bb2b63d70b7c7a65.tar.xz
linux-143b01d33221e4937d3930e6bb2b63d70b7c7a65.zip
evm: prevent racing during tfm allocation
There is a small chance of racing during tfm allocation. This patch fixes it. Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com> Acked-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/integrity')
-rw-r--r--security/integrity/evm/evm_crypto.c14
1 files changed, 11 insertions, 3 deletions
diff --git a/security/integrity/evm/evm_crypto.c b/security/integrity/evm/evm_crypto.c
index 3b9f5a080e4f..f1d4ad0cea2c 100644
--- a/security/integrity/evm/evm_crypto.c
+++ b/security/integrity/evm/evm_crypto.c
@@ -28,9 +28,11 @@ static int evmkey_len = MAX_KEY_SIZE;
struct crypto_shash *hmac_tfm;
struct crypto_shash *hash_tfm;
+static DEFINE_MUTEX(mutex);
+
static struct shash_desc *init_desc(const char type)
{
- int rc;
+ long rc;
char *algo;
struct crypto_shash **tfm;
struct shash_desc *desc;
@@ -44,12 +46,15 @@ static struct shash_desc *init_desc(const char type)
}
if (*tfm == NULL) {
+ mutex_lock(&mutex);
+ if (*tfm)
+ goto out;
*tfm = crypto_alloc_shash(algo, 0, CRYPTO_ALG_ASYNC);
if (IS_ERR(*tfm)) {
- pr_err("Can not allocate %s (reason: %ld)\n",
- algo, PTR_ERR(*tfm));
rc = PTR_ERR(*tfm);
+ pr_err("Can not allocate %s (reason: %ld)\n", algo, rc);
*tfm = NULL;
+ mutex_unlock(&mutex);
return ERR_PTR(rc);
}
if (type == EVM_XATTR_HMAC) {
@@ -57,9 +62,12 @@ static struct shash_desc *init_desc(const char type)
if (rc) {
crypto_free_shash(*tfm);
*tfm = NULL;
+ mutex_unlock(&mutex);
return ERR_PTR(rc);
}
}
+out:
+ mutex_unlock(&mutex);
}
desc = kmalloc(sizeof(*desc) + crypto_shash_descsize(*tfm),