releases/2.6.32.17/ecryptfs-bugfix-for-error-related-to-ecryptfs_hash_buckets.patch

   1 From a6f80fb7b5986fda663d94079d3bba0937a6b6ff Mon Sep 17 00:00:00 2001
   2 From: Andre Osterhues <aosterhues@escrypt.com>
   3 Date: Tue, 13 Jul 2010 15:59:17 -0500
   4 Subject: ecryptfs: Bugfix for error related to ecryptfs_hash_buckets
   5
   6 From: Andre Osterhues <aosterhues@escrypt.com>
   7
   8 commit a6f80fb7b5986fda663d94079d3bba0937a6b6ff upstream.
   9
  10 The function ecryptfs_uid_hash wrongly assumes that the
  11 second parameter to hash_long() is the number of hash
  12 buckets instead of the number of hash bits.
  13 This patch fixes that and renames the variable
  14 ecryptfs_hash_buckets to ecryptfs_hash_bits to make it
  15 clearer.
  16
  17 Fixes: CVE-2010-2492
  18
  19 Signed-off-by: Andre Osterhues <aosterhues@escrypt.com>
  20 Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
  21 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
  22 Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  23
  24 ---
  25  fs/ecryptfs/messaging.c |   17 +++++++++--------
  26  1 file changed, 9 insertions(+), 8 deletions(-)
  27
  28 --- a/fs/ecryptfs/messaging.c
  29 +++ b/fs/ecryptfs/messaging.c
  30 @@ -30,9 +30,9 @@ static struct mutex ecryptfs_msg_ctx_lis
  31
  32  static struct hlist_head *ecryptfs_daemon_hash;
  33  struct mutex ecryptfs_daemon_hash_mux;
  34 -static int ecryptfs_hash_buckets;
  35 +static int ecryptfs_hash_bits;
  36  #define ecryptfs_uid_hash(uid) \
  37 -        hash_long((unsigned long)uid, ecryptfs_hash_buckets)
  38 +        hash_long((unsigned long)uid, ecryptfs_hash_bits)
  39
  40  static u32 ecryptfs_msg_counter;
  41  static struct ecryptfs_msg_ctx *ecryptfs_msg_ctx_arr;
  42 @@ -485,18 +485,19 @@ int ecryptfs_init_messaging(void)
  43         }
  44         mutex_init(&ecryptfs_daemon_hash_mux);
  45         mutex_lock(&ecryptfs_daemon_hash_mux);
  46 -       ecryptfs_hash_buckets = 1;
  47 -       while (ecryptfs_number_of_users >> ecryptfs_hash_buckets)
  48 -               ecryptfs_hash_buckets++;
  49 +       ecryptfs_hash_bits = 1;
  50 +       while (ecryptfs_number_of_users >> ecryptfs_hash_bits)
  51 +               ecryptfs_hash_bits++;
  52         ecryptfs_daemon_hash = kmalloc((sizeof(struct hlist_head)
  53 -                                       * ecryptfs_hash_buckets), GFP_KERNEL);
  54 +                                       * (1 << ecryptfs_hash_bits)),
  55 +                                      GFP_KERNEL);
  56         if (!ecryptfs_daemon_hash) {
  57                 rc = -ENOMEM;
  58                 printk(KERN_ERR "%s: Failed to allocate memory\n", __func__);
  59                 mutex_unlock(&ecryptfs_daemon_hash_mux);
  60                 goto out;
  61         }
  62 -       for (i = 0; i < ecryptfs_hash_buckets; i++)
  63 +       for (i = 0; i < (1 << ecryptfs_hash_bits); i++)
  64                 INIT_HLIST_HEAD(&ecryptfs_daemon_hash[i]);
  65         mutex_unlock(&ecryptfs_daemon_hash_mux);
  66         ecryptfs_msg_ctx_arr = kmalloc((sizeof(struct ecryptfs_msg_ctx)
  67 @@ -553,7 +554,7 @@ void ecryptfs_release_messaging(void)
  68                 int i;
  69
  70                 mutex_lock(&ecryptfs_daemon_hash_mux);
  71 -               for (i = 0; i < ecryptfs_hash_buckets; i++) {
  72 +               for (i = 0; i < (1 << ecryptfs_hash_bits); i++) {
  73                         int rc;
  74
  75                         hlist_for_each_entry(daemon, elem,