LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
From: Greg KH <greg@kroah.com>
To: linux-kernel@vger.kernel.org, stable@kernel.org
Cc: Justin Forbes <jmforbes@linuxtx.org>,
Zwane Mwaikambo <zwane@arm.linux.org.uk>,
"Theodore Ts'o" <tytso@mit.edu>,
Randy Dunlap <rdunlap@xenotime.net>,
Dave Jones <davej@redhat.com>,
Chuck Wolber <chuckw@quantumlinux.com>,
Chris Wedgwood <reviews@ml.cw.f00f.org>,
Michael Krufky <mkrufky@linuxtv.org>,
torvalds@linux-foundation.org, akpm@linux-foundation.org,
alan@lxorguk.ukuu.org.uk, David Howells <dhowells@redhat.com>,
Chuck Ebbert <cebbert@redhat.com>
Subject: [patch 20/21] Keys: Fix key serial number collision handling
Date: Tue, 20 Feb 2007 17:38:53 -0800 [thread overview]
Message-ID: <20070221013853.GU30227@kroah.com> (raw)
In-Reply-To: <20070221013619.GA30227@kroah.com>
[-- Attachment #1: keys-fix-key-serial-number-collision-handling.patch --]
[-- Type: text/plain, Size: 2910 bytes --]
-stable review patch. If anyone has any objections, please let us know.
------------------
From: David Howells <dhowells@redhat.com>
[PATCH] Keys: Fix key serial number collision handling
Fix the key serial number collision avoidance code in key_alloc_serial().
This didn't use to be so much of a problem as the key serial numbers were
allocated from a simple incremental counter, and it would have to go through
two billion keys before it could possibly encounter a collision. However, now
that random numbers are used instead, collisions are much more likely.
This is fixed by finding a hole in the rbtree where the next unused serial
number ought to be and using that by going almost back to the top of the
insertion routine and redoing the insertion with the new serial number rather
than trying to be clever and attempting to work out the insertion point
pointer directly.
This fixes kernel BZ #7727.
Signed-off-by: David Howells <dhowells@redhat.com>
Cc: Chuck Ebbert <cebbert@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
security/keys/key.c | 33 ++++++++++++++-------------------
1 file changed, 14 insertions(+), 19 deletions(-)
--- linux-2.6.19.4.orig/security/keys/key.c
+++ linux-2.6.19.4/security/keys/key.c
@@ -188,6 +188,7 @@ static inline void key_alloc_serial(stru
spin_lock(&key_serial_lock);
+attempt_insertion:
parent = NULL;
p = &key_serial_tree.rb_node;
@@ -202,39 +203,33 @@ static inline void key_alloc_serial(stru
else
goto serial_exists;
}
- goto insert_here;
+
+ /* we've found a suitable hole - arrange for this key to occupy it */
+ rb_link_node(&key->serial_node, parent, p);
+ rb_insert_color(&key->serial_node, &key_serial_tree);
+
+ spin_unlock(&key_serial_lock);
+ return;
/* we found a key with the proposed serial number - walk the tree from
* that point looking for the next unused serial number */
serial_exists:
for (;;) {
key->serial++;
- if (key->serial < 2)
- key->serial = 2;
-
- if (!rb_parent(parent))
- p = &key_serial_tree.rb_node;
- else if (rb_parent(parent)->rb_left == parent)
- p = &(rb_parent(parent)->rb_left);
- else
- p = &(rb_parent(parent)->rb_right);
+ if (key->serial < 3) {
+ key->serial = 3;
+ goto attempt_insertion;
+ }
parent = rb_next(parent);
if (!parent)
- break;
+ goto attempt_insertion;
xkey = rb_entry(parent, struct key, serial_node);
if (key->serial < xkey->serial)
- goto insert_here;
+ goto attempt_insertion;
}
- /* we've found a suitable hole - arrange for this key to occupy it */
-insert_here:
- rb_link_node(&key->serial_node, parent, p);
- rb_insert_color(&key->serial_node, &key_serial_tree);
-
- spin_unlock(&key_serial_lock);
-
} /* end key_alloc_serial() */
/*****************************************************************************/
--
next prev parent reply other threads:[~2007-02-21 1:41 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20070221012758.925122216@mini.kroah.org>
2007-02-21 1:36 ` [patch 00/21] 2.6.19-stable review Greg KH
2007-02-21 1:36 ` [patch 01/21] V4L: cx88: Fix lockup on suspend Greg KH
2007-02-22 1:00 ` Chuck Ebbert
2007-02-22 1:14 ` Michael Krufky
2007-02-21 1:36 ` [patch 02/21] V4L: Fix quickcam communicator driver for big endian architectures Greg KH
2007-02-21 1:36 ` [patch 03/21] V4L: fix ks0127 status flags Greg KH
2007-02-21 1:36 ` [patch 04/21] V4L: tveeprom: autodetect LG TAPC G701D as tuner type 37 Greg KH
2007-02-21 1:37 ` [patch 05/21] V4L: buf_qbuf: fix videobuf_queue->stream corruption and lockup Greg KH
2007-02-21 1:37 ` [patch 06/21] net/smc911x: match up spin lock/unlock Greg KH
2007-02-21 1:37 ` [patch 07/21] rtc-pcf8563: detect polarity of century bit automatically Greg KH
2007-02-21 1:37 ` [patch 08/21] aio: fix buggy put_ioctx call in aio_complete - v2 Greg KH
2007-02-21 1:37 ` [patch 09/21] x86_64: fix 2.6.18 regression - PTRACE_OLDSETOPTIONS should be accepted Greg KH
2007-02-21 1:37 ` [patch 10/21] ide: fix drive side 80c cable check Greg KH
2007-02-21 1:37 ` [patch 11/21] pata_amd: fix an obvious bug in cable detection Greg KH
2007-02-21 1:37 ` [patch 12/21] bcm43xx: Fix for oops on resume Greg KH
2007-02-21 1:38 ` [patch 13/21] bcm43xx: Fix for oops on ampdu status Greg KH
2007-02-21 1:38 ` [patch 14/21] usb-audio: work around wrong frequency in CM6501 descriptors Greg KH
2007-02-21 1:38 ` [patch 15/21] usbaudio - Fix Oops with broken usb descriptors Greg KH
2007-02-21 1:38 ` [patch 16/21] usbaudio - Fix Oops with unconventional sample rates Greg KH
2007-02-21 1:38 ` [patch 17/21] Use different constraint for gcc < 4.1 in bitops Greg KH
2007-02-21 1:38 ` [patch 18/21] prism54: correct assignment of DOT1XENABLE in WE-19 codepaths Greg KH
2007-02-21 1:38 ` [patch 19/21] net, 8139too.c: fix netpoll deadlock Greg KH
2007-02-21 1:38 ` Greg KH [this message]
2007-02-21 1:39 ` [patch 21/21] knfsd: Fix a race in closing NFSd connections Greg KH
2007-02-21 13:36 ` [patch 00/21] 2.6.19-stable review Stefan Richter
2007-02-21 13:37 ` Stefan Richter
2007-03-09 5:35 ` Adrian Bunk
2007-02-21 16:38 ` Chuck Ebbert
2007-02-21 16:50 ` Chuck Ebbert
2007-02-21 19:31 ` Chuck Ebbert
2007-02-21 19:47 ` Andrew Morton
2007-02-21 20:09 ` Linus Torvalds
2007-02-21 22:45 ` Eric W. Biederman
2007-02-28 6:37 ` Eric W. Biederman
2007-02-28 8:51 ` Zwane Mwaikambo
2007-02-28 12:28 ` Eric W. Biederman
2007-02-28 19:52 ` [stable] " Greg KH
2007-02-28 23:25 ` Eric W. Biederman
2007-02-21 20:13 ` Eric W. Biederman
2007-02-21 20:21 ` Chuck Ebbert
2007-02-21 22:19 ` Andi Kleen
2007-02-21 22:20 ` Andi Kleen
2007-02-21 22:39 ` Chuck Ebbert
2007-02-22 1:19 ` Andi Kleen
2007-02-21 20:39 ` Greg KH
2007-02-21 20:44 ` Chuck Ebbert
2007-02-21 22:33 ` Chuck Ebbert
2007-02-21 22:35 ` Chuck Ebbert
2007-02-21 22:43 ` Chuck Ebbert
2007-02-22 16:09 ` Chuck Ebbert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070221013853.GU30227@kroah.com \
--to=greg@kroah.com \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=cebbert@redhat.com \
--cc=chuckw@quantumlinux.com \
--cc=davej@redhat.com \
--cc=dhowells@redhat.com \
--cc=jmforbes@linuxtx.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mkrufky@linuxtv.org \
--cc=rdunlap@xenotime.net \
--cc=reviews@ml.cw.f00f.org \
--cc=stable@kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=tytso@mit.edu \
--cc=zwane@arm.linux.org.uk \
--subject='Re: [patch 20/21] Keys: Fix key serial number collision handling' \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).