From: chrisw@osdl.org <chrisw@osdl.org>
Date: Wed, 13 Apr 2005 17:09:13 +0000 (-0700)
Subject: [PATCH] add race-against-parent-deletion-in-key_user_lookup.patch
X-Git-Tag: v2.6.11.9~12
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=da3051baab2f55e0d415e37ce927c030d037d276;p=thirdparty%2Fkernel%2Fstable-queue.git

[PATCH] add race-against-parent-deletion-in-key_user_lookup.patch
---

diff --git a/queue/race-against-parent-deletion-in-key_user_lookup.patch b/queue/race-against-parent-deletion-in-key_user_lookup.patch
new file mode 100644
index 00000000000..aada9a4e0ba
--- /dev/null
+++ b/queue/race-against-parent-deletion-in-key_user_lookup.patch
@@ -0,0 +1,50 @@
+From stable-bounces@linux.kernel.org  Wed Apr 13 02:03:47 2005
+Date: Wed, 13 Apr 2005 02:02:46 -0700
+From: Andrew Morton <akpm@osdl.org>
+To: Jani Jaakkola <jjaakkol@cs.Helsinki.FI>
+Cc: dhowells@redhat.com, linux-kernel@vger.kernel.org, stable@kernel.org
+Subject: [stable] Re: [PATCH] Fix reproducible SMP crash in security/keys/key.c
+
+Jani Jaakkola <jjaakkol@cs.Helsinki.FI> wrote:
+>
+> SMP race handling is broken in key_user_lookup() in security/keys/key.c
+
+This was fixed post-2.6.11.  Can you confirm that 2.6.12-rc2 works OK?
+
+This is the patch we used.  It should go into -stable if it's not already
+there.
+
+
+From: Alexander Nyberg <alexn@dsv.su.se>
+
+I looked at some of the oops reports against keyrings, I think the problem
+is that the search isn't restarted after dropping the key_user_lock, *p
+will still be NULL when we get back to try_again and look through the tree.
+
+It looks like the intention was that the search start over from scratch.
+
+Signed-off-by: Alexander Nyberg <alexn@dsv.su.se>
+Cc: David Howells <dhowells@redhat.com>
+Signed-off-by: Andrew Morton <akpm@osdl.org>
+Signed-off-by: Chris Wright <chrisw@osdl.org>
+---
+
+ 25-akpm/security/keys/key.c |    3 ++-
+ 1 files changed, 2 insertions(+), 1 deletion(-)
+
+diff -puN security/keys/key.c~race-against-parent-deletion-in-key_user_lookup security/keys/key.c
+--- 25/security/keys/key.c~race-against-parent-deletion-in-key_user_lookup	2005-03-10 00:38:38.000000000 -0800
++++ 25-akpm/security/keys/key.c	2005-03-10 00:38:38.000000000 -0800
+@@ -57,9 +57,10 @@ struct key_user *key_user_lookup(uid_t u
+ {
+ 	struct key_user *candidate = NULL, *user;
+ 	struct rb_node *parent = NULL;
+-	struct rb_node **p = &key_user_tree.rb_node;
++	struct rb_node **p;
+ 
+  try_again:
++	p = &key_user_tree.rb_node;
+ 	spin_lock(&key_user_lock);
+ 
+ 	/* search the tree for a user record with a matching UID */
+_