lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <17617.16700.274788.869486@cse.unsw.edu.au>
Date:	Thu, 3 Aug 2006 10:20:12 +1000
From:	Neil Brown <neilb@...e.de>
To:	Philipp Matthias Hahn <pmhahn@....Informatik.Uni-Oldenburg.de>
Cc:	nfs@...ts.sourceforge.net, akpm@...l.org, stable@...nel.org,
	linux-kernel@...r.kernel.org
Subject: [PATCH for stable] Re: [Fwd: moradin 2006-08-02 11:02 System Events]

On Wednesday August 2, pmhahn@....Informatik.Uni-Oldenburg.de wrote:
> Hello!
> 
> Rebooting one of our NFS file servers with 2.6.17.7, I just got the
> following OOPS:

Thanks for the report.
The bug was fairly easy to find and fix.
I think this would be appropriate for the next 2.6.17.x stable kernel,
and definitely for 2.6.18. (hence 'akpm' and 'stable' cc:ed).

It is not relevant for earlier kernels (e.g. 2.6.16).

Patch was made against 2.6.18-rc2-mm1, but applies equally to
2.6.17.7.

Thanks again,
NeilBrown


---------------------------------------------
Fix race related problem when adding items to and svcrpc auth cache.

If we don't find the item we are lookng for, we allocate a new one,
and then grab the lock again and search to see if it has been added
while we did the alloc.
If it had been added we need to 'cache_put' the newly created item 
that we are never going to use.  But as it hasn't been initialised
properly, putting it can cause an oops.

So move the ->init call earlier to that it will always be fully
initilised if we have to put it.

Thanks to Philipp Matthias Hahn <pmhahn@....Informatik.Uni-Oldenburg.de>
for reporting the problem.

Signed-off-by: Neil Brown <neilb@...e.de>

### Diffstat output
 ./net/sunrpc/cache.c |    6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff .prev/net/sunrpc/cache.c ./net/sunrpc/cache.c
--- .prev/net/sunrpc/cache.c	2006-08-03 10:07:33.000000000 +1000
+++ ./net/sunrpc/cache.c	2006-08-03 10:08:36.000000000 +1000
@@ -71,7 +71,12 @@ struct cache_head *sunrpc_cache_lookup(s
 	new = detail->alloc();
 	if (!new)
 		return NULL;
+	/* must fully initialise 'new', else
+	 * we might get lose if we need to
+	 * cache_put it soon.
+	 */
 	cache_init(new);
+	detail->init(new, key);
 
 	write_lock(&detail->hash_lock);
 
@@ -85,7 +90,6 @@ struct cache_head *sunrpc_cache_lookup(s
 			return tmp;
 		}
 	}
-	detail->init(new, key);
 	new->next = *head;
 	*head = new;
 	detail->entries++;
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ