Bug#307553: CAN-2005-1368: DoS possibility through inproper SMP race handling in key_user_lookup()
Package: kernel-source-2.6.8
Severity: important
Tags: security
<akpm@osdl.org>
[PATCH] Fix reproducible SMP crash in security/keys/key.c
Jani Jaakkola <jjaakkol@cs.Helsinki.FI> wrote:
>
> SMP race handling is broken in key_user_lookup() in security/keys/key.c
This was fixed post-2.6.11. Can you confirm that 2.6.12-rc2 works OK?
This is the patch we used. It should go into -stable if it's not already
there.
From: Alexander Nyberg <alexn@dsv.su.se>
I looked at some of the oops reports against keyrings, I think the problem
is that the search isn't restarted after dropping the key_user_lock, *p
will still be NULL when we get back to try_again and look through the tree.
It looks like the intention was that the search start over from scratch.
Signed-off-by: Alexander Nyberg <alexn@dsv.su.se>
Cc: David Howells <dhowells@redhat.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Chris Wright <chrisw@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
The fix is part of the 2.6.11.8 series:
www.kernel.org/diff/diffview.cgi?file=%2Fpub%2Flinux%2Fkernel%2Fv2.6%2Fincr%2Fpatch-2.6.11.7-8.bz2;z=13
Cheers,
Moritz
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.11
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)
Reply to: