Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 147464 Details for
Bug 227394
CVE-2007-0006 spinlock cpu recursion
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
Patch to fix the key serial no. collision problem
key-fix.patch (text/plain), 2.62 KB, created by
David Howells
on 2007-02-06 13:41:11 UTC
(
hide
)
Description:
Patch to fix the key serial no. collision problem
Filename:
MIME Type:
Creator:
David Howells
Created:
2007-02-06 13:41:11 UTC
Size:
2.62 KB
patch
obsolete
>KEYS: Fix key serial number collision handling > >From: David Howells <dhowells@redhat.com> > >Fix the key serial number collision avoidance code in key_alloc_serial(). > >This didn't use to be so much of a problem as the key serial numbers were >allocated from a simple incremental counter, and it would have to go through >two billion keys before it could possibly encounter a collision. However, now >that random numbers are used instead, collisions are much more likely. > >This is fixed by finding a hole in the rbtree where the next unused serial >number ought to be and using that by going almost back to the top of the >insertion routine and redoing the insertion with the new serial number rather >than trying to be clever and attempting to work out the insertion point >pointer directly. > >Signed-Off-By: David Howells <dhowells@redhat.com> >--- > > security/keys/key.c | 33 ++++++++++++++------------------- > 1 files changed, 14 insertions(+), 19 deletions(-) > >diff --git a/security/keys/key.c b/security/keys/key.c >index ac9326c..700400d 100644 >--- a/security/keys/key.c >+++ b/security/keys/key.c >@@ -188,6 +188,7 @@ static inline void key_alloc_serial(stru > > spin_lock(&key_serial_lock); > >+attempt_insertion: > parent = NULL; > p = &key_serial_tree.rb_node; > >@@ -202,39 +203,33 @@ static inline void key_alloc_serial(stru > else > goto serial_exists; > } >- goto insert_here; >+ >+ /* we've found a suitable hole - arrange for this key to occupy it */ >+ rb_link_node(&key->serial_node, parent, p); >+ rb_insert_color(&key->serial_node, &key_serial_tree); >+ >+ spin_unlock(&key_serial_lock); >+ return; > > /* we found a key with the proposed serial number - walk the tree from > * that point looking for the next unused serial number */ > serial_exists: > for (;;) { > key->serial++; >- if (key->serial < 2) >- key->serial = 2; >- >- if (!rb_parent(parent)) >- p = &key_serial_tree.rb_node; >- else if (rb_parent(parent)->rb_left == parent) >- p = &(rb_parent(parent)->rb_left); >- else >- p = &(rb_parent(parent)->rb_right); >+ if (key->serial < 3) { >+ key->serial = 3; >+ goto attempt_insertion; >+ } > > parent = rb_next(parent); > if (!parent) >- break; >+ goto attempt_insertion; > > xkey = rb_entry(parent, struct key, serial_node); > if (key->serial < xkey->serial) >- goto insert_here; >+ goto attempt_insertion; > } > >- /* we've found a suitable hole - arrange for this key to occupy it */ >-insert_here: >- rb_link_node(&key->serial_node, parent, p); >- rb_insert_color(&key->serial_node, &key_serial_tree); >- >- spin_unlock(&key_serial_lock); >- > } /* end key_alloc_serial() */ > > /*****************************************************************************/
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=147464">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 227394
:
147394
| 147464