[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#307553: CAN-2005-1368: DoS possibility through inproper SMP race handling in key_user_lookup()

Package: kernel-source-2.6.8
Severity: important
Tags: security

        [PATCH] Fix reproducible SMP crash in security/keys/key.c

        Jani Jaakkola <jjaakkol@cs.Helsinki.FI> wrote:
        > SMP race handling is broken in key_user_lookup() in security/keys/key.c

        This was fixed post-2.6.11.  Can you confirm that 2.6.12-rc2 works OK?

        This is the patch we used.  It should go into -stable if it's not already

        From: Alexander Nyberg <alexn@dsv.su.se>

        I looked at some of the oops reports against keyrings, I think the problem
        is that the search isn't restarted after dropping the key_user_lock, *p
        will still be NULL when we get back to try_again and look through the tree.

        It looks like the intention was that the search start over from scratch.

        Signed-off-by: Alexander Nyberg <alexn@dsv.su.se>
        Cc: David Howells <dhowells@redhat.com>
        Signed-off-by: Andrew Morton <akpm@osdl.org>
        Signed-off-by: Chris Wright <chrisw@osdl.org>
        Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

The fix is part of the series:


-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.11
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)

Reply to: