diff options
Diffstat (limited to 'security')
| -rw-r--r-- | security/inode.c | 15 | ||||
| -rw-r--r-- | security/keys/big_key.c | 30 | ||||
| -rw-r--r-- | security/smack/smack_access.c | 4 | ||||
| -rw-r--r-- | security/tomoyo/memory.c | 2 | ||||
| -rw-r--r-- | security/tomoyo/util.c | 2 |
5 files changed, 28 insertions, 25 deletions
diff --git a/security/inode.c b/security/inode.c index 28414b0207ce..e3df905ab5b1 100644 --- a/security/inode.c +++ b/security/inode.c @@ -186,24 +186,21 @@ EXPORT_SYMBOL_GPL(securityfs_create_dir); */ void securityfs_remove(struct dentry *dentry) { - struct dentry *parent; + struct inode *dir; if (!dentry || IS_ERR(dentry)) return; - parent = dentry->d_parent; - if (!parent || d_really_is_negative(parent)) - return; - - inode_lock(d_inode(parent)); + dir = d_inode(dentry->d_parent); + inode_lock(dir); if (simple_positive(dentry)) { if (d_is_dir(dentry)) - simple_rmdir(d_inode(parent), dentry); + simple_rmdir(dir, dentry); else - simple_unlink(d_inode(parent), dentry); + simple_unlink(dir, dentry); dput(dentry); } - inode_unlock(d_inode(parent)); + inode_unlock(dir); simple_release_fs(&mount, &mount_count); } EXPORT_SYMBOL_GPL(securityfs_remove); diff --git a/security/keys/big_key.c b/security/keys/big_key.c index 9e443fccad4c..c0b3030b5634 100644 --- a/security/keys/big_key.c +++ b/security/keys/big_key.c @@ -18,6 +18,7 @@ #include <keys/user-type.h> #include <keys/big_key-type.h> #include <crypto/rng.h> +#include <crypto/skcipher.h> /* * Layout of key payload words. @@ -74,7 +75,7 @@ static const char big_key_alg_name[] = "ecb(aes)"; * Crypto algorithms for big_key data encryption */ static struct crypto_rng *big_key_rng; -static struct crypto_blkcipher *big_key_blkcipher; +static struct crypto_skcipher *big_key_skcipher; /* * Generate random key to encrypt big_key data @@ -91,22 +92,26 @@ static int big_key_crypt(enum big_key_op op, u8 *data, size_t datalen, u8 *key) { int ret = -EINVAL; struct scatterlist sgio; - struct blkcipher_desc desc; + SKCIPHER_REQUEST_ON_STACK(req, big_key_skcipher); - if (crypto_blkcipher_setkey(big_key_blkcipher, key, ENC_KEY_SIZE)) { + if (crypto_skcipher_setkey(big_key_skcipher, key, ENC_KEY_SIZE)) { ret = -EAGAIN; goto error; } - desc.flags = 0; - desc.tfm = big_key_blkcipher; + skcipher_request_set_tfm(req, big_key_skcipher); + skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP, + NULL, NULL); sg_init_one(&sgio, data, datalen); + skcipher_request_set_crypt(req, &sgio, &sgio, datalen, NULL); if (op == BIG_KEY_ENC) - ret = crypto_blkcipher_encrypt(&desc, &sgio, &sgio, datalen); + ret = crypto_skcipher_encrypt(req); else - ret = crypto_blkcipher_decrypt(&desc, &sgio, &sgio, datalen); + ret = crypto_skcipher_decrypt(req); + + skcipher_request_zero(req); error: return ret; @@ -140,7 +145,7 @@ int big_key_preparse(struct key_preparsed_payload *prep) * * File content is stored encrypted with randomly generated key. */ - size_t enclen = ALIGN(datalen, crypto_blkcipher_blocksize(big_key_blkcipher)); + size_t enclen = ALIGN(datalen, crypto_skcipher_blocksize(big_key_skcipher)); /* prepare aligned data to encrypt */ data = kmalloc(enclen, GFP_KERNEL); @@ -288,7 +293,7 @@ long big_key_read(const struct key *key, char __user *buffer, size_t buflen) struct file *file; u8 *data; u8 *enckey = (u8 *)key->payload.data[big_key_data]; - size_t enclen = ALIGN(datalen, crypto_blkcipher_blocksize(big_key_blkcipher)); + size_t enclen = ALIGN(datalen, crypto_skcipher_blocksize(big_key_skcipher)); data = kmalloc(enclen, GFP_KERNEL); if (!data) @@ -359,9 +364,10 @@ static int __init big_key_crypto_init(void) goto error; /* init block cipher */ - big_key_blkcipher = crypto_alloc_blkcipher(big_key_alg_name, 0, 0); - if (IS_ERR(big_key_blkcipher)) { - big_key_blkcipher = NULL; + big_key_skcipher = crypto_alloc_skcipher(big_key_alg_name, + 0, CRYPTO_ALG_ASYNC); + if (IS_ERR(big_key_skcipher)) { + big_key_skcipher = NULL; ret = -EFAULT; goto error; } diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c index a283f9e796c1..23e5808a0970 100644 --- a/security/smack/smack_access.c +++ b/security/smack/smack_access.c @@ -413,7 +413,7 @@ void smk_insert_entry(struct smack_known *skp) unsigned int hash; struct hlist_head *head; - hash = full_name_hash(skp->smk_known, strlen(skp->smk_known)); + hash = full_name_hash(NULL, skp->smk_known, strlen(skp->smk_known)); head = &smack_known_hash[hash & (SMACK_HASH_SLOTS - 1)]; hlist_add_head_rcu(&skp->smk_hashed, head); @@ -433,7 +433,7 @@ struct smack_known *smk_find_entry(const char *string) struct hlist_head *head; struct smack_known *skp; - hash = full_name_hash(string, strlen(string)); + hash = full_name_hash(NULL, string, strlen(string)); head = &smack_known_hash[hash & (SMACK_HASH_SLOTS - 1)]; hlist_for_each_entry_rcu(skp, head, smk_hashed) diff --git a/security/tomoyo/memory.c b/security/tomoyo/memory.c index 0e995716cc25..1598b559ac42 100644 --- a/security/tomoyo/memory.c +++ b/security/tomoyo/memory.c @@ -154,7 +154,7 @@ const struct tomoyo_path_info *tomoyo_get_name(const char *name) if (!name) return NULL; len = strlen(name) + 1; - hash = full_name_hash((const unsigned char *) name, len - 1); + hash = full_name_hash(NULL, (const unsigned char *) name, len - 1); head = &tomoyo_name_list[hash_long(hash, TOMOYO_HASH_BITS)]; if (mutex_lock_interruptible(&tomoyo_policy_lock)) return NULL; diff --git a/security/tomoyo/util.c b/security/tomoyo/util.c index b974a6997d7f..5fe3679137ae 100644 --- a/security/tomoyo/util.c +++ b/security/tomoyo/util.c @@ -666,7 +666,7 @@ void tomoyo_fill_path_info(struct tomoyo_path_info *ptr) ptr->const_len = tomoyo_const_part_length(name); ptr->is_dir = len && (name[len - 1] == '/'); ptr->is_patterned = (ptr->const_len < len); - ptr->hash = full_name_hash(name, len); + ptr->hash = full_name_hash(NULL, name, len); } /** |