From: Greg KH <gregkh@suse.de>
To: jjaakkol@cs.Helsinki.FI, dhowells@redhat.com
Cc: linux-kernel@vger.kernel.org, stable@kernel.org,
Justin Forbes <jmforbes@linuxtx.org>,
Zwane Mwaikambo <zwane@arm.linux.org.uk>,
Cliff White <cliffw@osdl.org>, "Theodore Ts'o" <tytso@mit.edu>,
"Randy.Dunlap" <rddunlap@osdl.org>,
Chuck Wolber <chuckw@quantumlinux.com>,
torvalds@osdl.org, akpm@osdl.org, alan@lxorguk.ukuu.org.uk
Subject: [05/07] [PATCH] Fix reproducible SMP crash in security/keys/key.c
Date: Wed, 27 Apr 2005 10:16:39 -0700 [thread overview]
Message-ID: <20050427171639.GF3195@kroah.com> (raw)
In-Reply-To: <20050427171446.GA3195@kroah.com>
-stable review patch. If anyone has any objections, please let us know.
------------------
Jani Jaakkola <jjaakkol@cs.Helsinki.FI> wrote:
>
> SMP race handling is broken in key_user_lookup() in security/keys/key.c
This was fixed post-2.6.11. Can you confirm that 2.6.12-rc2 works OK?
This is the patch we used. It should go into -stable if it's not already
there.
From: Alexander Nyberg <alexn@dsv.su.se>
I looked at some of the oops reports against keyrings, I think the problem
is that the search isn't restarted after dropping the key_user_lock, *p
will still be NULL when we get back to try_again and look through the tree.
It looks like the intention was that the search start over from scratch.
Signed-off-by: Alexander Nyberg <alexn@dsv.su.se>
Cc: David Howells <dhowells@redhat.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Chris Wright <chrisw@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
25-akpm/security/keys/key.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletion(-)
diff -puN security/keys/key.c~race-against-parent-deletion-in-key_user_lookup security/keys/key.c
--- 25/security/keys/key.c~race-against-parent-deletion-in-key_user_lookup 2005-03-10 00:38:38.000000000 -0800
+++ 25-akpm/security/keys/key.c 2005-03-10 00:38:38.000000000 -0800
@@ -57,9 +57,10 @@ struct key_user *key_user_lookup(uid_t u
{
struct key_user *candidate = NULL, *user;
struct rb_node *parent = NULL;
- struct rb_node **p = &key_user_tree.rb_node;
+ struct rb_node **p;
try_again:
+ p = &key_user_tree.rb_node;
spin_lock(&key_user_lock);
/* search the tree for a user record with a matching UID */
_
next prev parent reply other threads:[~2005-04-27 17:19 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-04-27 17:14 [00/07] -stable review Greg KH
2005-04-27 17:15 ` [01/07] uml: add nfsd syscall when nfsd is modular Greg KH
2005-04-27 16:33 ` Alan Cox
2005-04-27 17:46 ` Chris Wright
2005-04-27 17:23 ` Alan Cox
2005-04-27 18:47 ` Chris Wright
2005-04-29 4:16 ` Greg KH
2005-04-27 17:16 ` [02/07] [fix Bug 4395] modprobe bttv freezes the computer Greg KH
2005-04-27 17:16 ` [03/07] I2C: Fix incorrect sysfs file permissions in it87 and via686a drivers Greg KH
2005-04-27 19:41 ` Dmitry Torokhov
2005-04-27 19:49 ` Dmitry Torokhov
2005-04-28 5:47 ` Dmitry Torokhov
2005-04-27 17:16 ` [04/07] partitions/msdos.c fix Greg KH
2005-04-27 20:34 ` Andries Brouwer
2005-04-27 20:49 ` Erik Tews
2005-04-27 22:08 ` Andries Brouwer
2005-04-27 20:35 ` Pavel Machek
2005-04-27 17:16 ` Greg KH [this message]
2005-04-27 17:16 ` [06/07] [PATCH] SCSI tape security: require CAP_ADMIN for SG_IO etc Greg KH
2005-04-27 16:38 ` Alan Cox
2005-04-27 18:26 ` Greg KH
2005-04-27 17:51 ` Alan Cox
2005-04-28 5:43 ` Kai Makisara
2005-04-28 12:49 ` Arjan van de Ven
2005-04-28 13:21 ` Alan Cox
2005-04-29 4:20 ` Greg KH
2005-04-29 20:16 ` Alan Cox
2005-04-29 20:38 ` Greg KH
2005-04-30 5:52 ` Kai Makisara
2005-04-30 5:10 ` Greg KH
2005-04-30 8:10 ` Kai Makisara
2005-04-27 17:17 ` [07/07] uml: quick fix syscall table Greg KH
2005-04-27 18:26 ` [00/07] -stable review Chris Wright
2005-04-27 18:31 ` [08/07] sparc64: Fix copy_siginfo_to_user32() Chris Wright
2005-04-27 18:35 ` [09/07] sparc64: use message queue compat syscalls Chris Wright
2005-04-27 18:38 ` [10/07] sparc: Fix PTRACE_CONT bogosity Chris Wright
2005-04-27 17:53 ` Alan Cox
2005-04-28 0:13 ` [00/07] -stable review Nick Piggin
2005-04-28 1:33 ` Chris Wright
2005-04-28 1:43 ` Nick Piggin
2005-04-29 4:14 ` Rules about the -stable tree Greg KH
2005-04-28 1:51 ` [00/07] -stable review Zwane Mwaikambo
2005-04-28 1:51 ` Nick Piggin
2005-04-28 1:54 ` Justin M. Forbes
2005-04-28 6:49 ` Gregor Jasny
2005-04-28 6:59 ` [stable] " Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050427171639.GF3195@kroah.com \
--to=gregkh@suse.de \
--cc=akpm@osdl.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=chuckw@quantumlinux.com \
--cc=cliffw@osdl.org \
--cc=dhowells@redhat.com \
--cc=jjaakkol@cs.Helsinki.FI \
--cc=jmforbes@linuxtx.org \
--cc=linux-kernel@vger.kernel.org \
--cc=rddunlap@osdl.org \
--cc=stable@kernel.org \
--cc=torvalds@osdl.org \
--cc=tytso@mit.edu \
--cc=zwane@arm.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).