lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 3 Aug 2006 10:20:12 +1000 From: Neil Brown <neilb@...e.de> To: Philipp Matthias Hahn <pmhahn@....Informatik.Uni-Oldenburg.de> Cc: nfs@...ts.sourceforge.net, akpm@...l.org, stable@...nel.org, linux-kernel@...r.kernel.org Subject: [PATCH for stable] Re: [Fwd: moradin 2006-08-02 11:02 System Events] On Wednesday August 2, pmhahn@....Informatik.Uni-Oldenburg.de wrote: > Hello! > > Rebooting one of our NFS file servers with 2.6.17.7, I just got the > following OOPS: Thanks for the report. The bug was fairly easy to find and fix. I think this would be appropriate for the next 2.6.17.x stable kernel, and definitely for 2.6.18. (hence 'akpm' and 'stable' cc:ed). It is not relevant for earlier kernels (e.g. 2.6.16). Patch was made against 2.6.18-rc2-mm1, but applies equally to 2.6.17.7. Thanks again, NeilBrown --------------------------------------------- Fix race related problem when adding items to and svcrpc auth cache. If we don't find the item we are lookng for, we allocate a new one, and then grab the lock again and search to see if it has been added while we did the alloc. If it had been added we need to 'cache_put' the newly created item that we are never going to use. But as it hasn't been initialised properly, putting it can cause an oops. So move the ->init call earlier to that it will always be fully initilised if we have to put it. Thanks to Philipp Matthias Hahn <pmhahn@....Informatik.Uni-Oldenburg.de> for reporting the problem. Signed-off-by: Neil Brown <neilb@...e.de> ### Diffstat output ./net/sunrpc/cache.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff .prev/net/sunrpc/cache.c ./net/sunrpc/cache.c --- .prev/net/sunrpc/cache.c 2006-08-03 10:07:33.000000000 +1000 +++ ./net/sunrpc/cache.c 2006-08-03 10:08:36.000000000 +1000 @@ -71,7 +71,12 @@ struct cache_head *sunrpc_cache_lookup(s new = detail->alloc(); if (!new) return NULL; + /* must fully initialise 'new', else + * we might get lose if we need to + * cache_put it soon. + */ cache_init(new); + detail->init(new, key); write_lock(&detail->hash_lock); @@ -85,7 +90,6 @@ struct cache_head *sunrpc_cache_lookup(s return tmp; } } - detail->init(new, key); new->next = *head; *head = new; detail->entries++; - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists