diff options
| author | akpm@osdl.org <akpm@osdl.org> | 2005-04-29 18:01:08 -0700 |
|---|---|---|
| committer | Greg KH <gregkh@suse.de> | 2005-05-12 10:00:21 -0700 |
| commit | 4b4f0b12c48b92ce1b63311b5dba5284b896b947 (patch) | |
| tree | 976f919a4b54b6d01e2a2869e0c19af0e123ff73 | |
| parent | 64ffae4fd89885a42a39ce91348e008a9f92166a (diff) | |
| download | linux-stable-4b4f0b12c48b92ce1b63311b5dba5284b896b947.tar.gz linux-stable-4b4f0b12c48b92ce1b63311b5dba5284b896b947.tar.bz2 linux-stable-4b4f0b12c48b92ce1b63311b5dba5284b896b947.zip | |
[PATCH] Fix reproducible SMP crash in security/keys/key.c
Jani Jaakkola <jjaakkol@cs.Helsinki.FI> wrote:
>
> SMP race handling is broken in key_user_lookup() in security/keys/key.c
This was fixed post-2.6.11. Can you confirm that 2.6.12-rc2 works OK?
This is the patch we used. It should go into -stable if it's not already
there.
From: Alexander Nyberg <alexn@dsv.su.se>
I looked at some of the oops reports against keyrings, I think the problem
is that the search isn't restarted after dropping the key_user_lock, *p
will still be NULL when we get back to try_again and look through the tree.
It looks like the intention was that the search start over from scratch.
Signed-off-by: Alexander Nyberg <alexn@dsv.su.se>
Cc: David Howells <dhowells@redhat.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Chris Wright <chrisw@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
| -rw-r--r-- | security/keys/key.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/security/keys/key.c b/security/keys/key.c index e3d0359f5f7e..59402c843203 100644 --- a/security/keys/key.c +++ b/security/keys/key.c @@ -57,9 +57,10 @@ struct key_user *key_user_lookup(uid_t uid) { struct key_user *candidate = NULL, *user; struct rb_node *parent = NULL; - struct rb_node **p = &key_user_tree.rb_node; + struct rb_node **p; try_again: + p = &key_user_tree.rb_node; spin_lock(&key_user_lock); /* search the tree for a user record with a matching UID */ |