diff options
author | Dmitry Kasatkin <dmitry.kasatkin@intel.com> | 2011-12-05 13:17:42 +0200 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2011-12-08 10:06:12 +1100 |
commit | 143b01d33221e4937d3930e6bb2b63d70b7c7a65 (patch) | |
tree | 5cae452fecfd8b1fb6b0ae1f159929ada81d8b1f /security/integrity | |
parent | 88d7ed35085184f15a2af3d9e88d775059b2f307 (diff) | |
download | lwn-143b01d33221e4937d3930e6bb2b63d70b7c7a65.tar.gz lwn-143b01d33221e4937d3930e6bb2b63d70b7c7a65.zip |
evm: prevent racing during tfm allocation
There is a small chance of racing during tfm allocation.
This patch fixes it.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Acked-by: Mimi Zohar <zohar@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/integrity')
-rw-r--r-- | security/integrity/evm/evm_crypto.c | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/security/integrity/evm/evm_crypto.c b/security/integrity/evm/evm_crypto.c index 3b9f5a080e4f..f1d4ad0cea2c 100644 --- a/security/integrity/evm/evm_crypto.c +++ b/security/integrity/evm/evm_crypto.c @@ -28,9 +28,11 @@ static int evmkey_len = MAX_KEY_SIZE; struct crypto_shash *hmac_tfm; struct crypto_shash *hash_tfm; +static DEFINE_MUTEX(mutex); + static struct shash_desc *init_desc(const char type) { - int rc; + long rc; char *algo; struct crypto_shash **tfm; struct shash_desc *desc; @@ -44,12 +46,15 @@ static struct shash_desc *init_desc(const char type) } if (*tfm == NULL) { + mutex_lock(&mutex); + if (*tfm) + goto out; *tfm = crypto_alloc_shash(algo, 0, CRYPTO_ALG_ASYNC); if (IS_ERR(*tfm)) { - pr_err("Can not allocate %s (reason: %ld)\n", - algo, PTR_ERR(*tfm)); rc = PTR_ERR(*tfm); + pr_err("Can not allocate %s (reason: %ld)\n", algo, rc); *tfm = NULL; + mutex_unlock(&mutex); return ERR_PTR(rc); } if (type == EVM_XATTR_HMAC) { @@ -57,9 +62,12 @@ static struct shash_desc *init_desc(const char type) if (rc) { crypto_free_shash(*tfm); *tfm = NULL; + mutex_unlock(&mutex); return ERR_PTR(rc); } } +out: + mutex_unlock(&mutex); } desc = kmalloc(sizeof(*desc) + crypto_shash_descsize(*tfm), |