Home » Mailing list archives » linux-kernel » 2007 » February » 21

[patch 20/21] Keys: Fix key serial number collision handling

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: Greg KH
Subject: [patch 20/21] Keys: Fix key serial number collision handling
Date: Tuesday, February 20, 2007 - 6:38 pm

-stable review patch.  If anyone has any objections, please let us know.

------------------
From: David Howells <dhowells@redhat.com>

[PATCH] Keys: Fix key serial number collision handling

Fix the key serial number collision avoidance code in key_alloc_serial().

This didn't use to be so much of a problem as the key serial numbers were
allocated from a simple incremental counter, and it would have to go through
two billion keys before it could possibly encounter a collision.  However, now
that random numbers are used instead, collisions are much more likely.

This is fixed by finding a hole in the rbtree where the next unused serial
number ought to be and using that by going almost back to the top of the
insertion routine and redoing the insertion with the new serial number rather
than trying to be clever and attempting to work out the insertion point
pointer directly.

This fixes kernel BZ #7727.

Signed-off-by: David Howells <dhowells@redhat.com>
Cc: Chuck Ebbert <cebbert@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

---
 security/keys/key.c |   33 ++++++++++++++-------------------
 1 file changed, 14 insertions(+), 19 deletions(-)

--- linux-2.6.19.4.orig/security/keys/key.c
+++ linux-2.6.19.4/security/keys/key.c
@@ -188,6 +188,7 @@ static inline void key_alloc_serial(stru
 
 	spin_lock(&key_serial_lock);
 
+attempt_insertion:
 	parent = NULL;
 	p = &key_serial_tree.rb_node;
 
@@ -202,39 +203,33 @@ static inline void key_alloc_serial(stru
 		else
 			goto serial_exists;
 	}
-	goto insert_here;
+
+	/* we've found a suitable hole - arrange for this key to occupy it */
+	rb_link_node(&key->serial_node, parent, p);
+	rb_insert_color(&key->serial_node, &key_serial_tree);
+
+	spin_unlock(&key_serial_lock);
+	return;
 
 	/* we found a key with the proposed serial number - walk the tree from
 	 * that point looking for the next unused serial number */
 serial_exists:
 	for (;;) {
 		key->serial++;
-		if (key->serial < 2)
-			key->serial = 2;
-
-		if (!rb_parent(parent))
-			p = &key_serial_tree.rb_node;
-		else if (rb_parent(parent)->rb_left == parent)
-			p = &(rb_parent(parent)->rb_left);
-		else
-			p = &(rb_parent(parent)->rb_right);
+		if (key->serial < 3) {
+			key->serial = 3;
+			goto attempt_insertion;
+		}
 
 		parent = rb_next(parent);
 		if (!parent)
-			break;
+			goto attempt_insertion;
 
 		xkey = rb_entry(parent, struct key, serial_node);
 		if (key->serial < xkey->serial)
-			goto insert_here;
+			goto attempt_insertion;
 	}
 
-	/* we've found a suitable hole - arrange for this key to occupy it */
-insert_here:
-	rb_link_node(&key->serial_node, parent, p);
-	rb_insert_color(&key->serial_node, &key_serial_tree);
-
-	spin_unlock(&key_serial_lock);
-
 } /* end key_alloc_serial() */
 
 /*****************************************************************************/

--
-
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
[patch 00/21] 2.6.19-stable review, Greg KH, (Tue Feb 20, 6:36 pm)
[patch 01/21] V4L: cx88: Fix lockup on suspend, Greg KH, (Tue Feb 20, 6:36 pm)
[patch 02/21] V4L: Fix quickcam communicator driver for bi ..., Greg KH, (Tue Feb 20, 6:36 pm)
[patch 03/21] V4L: fix ks0127 status flags, Greg KH, (Tue Feb 20, 6:36 pm)
[patch 04/21] V4L: tveeprom: autodetect LG TAPC G701D as t ..., Greg KH, (Tue Feb 20, 6:36 pm)
[patch 05/21] V4L: buf_qbuf: fix videobuf_queue-&gt;stream co ..., Greg KH, (Tue Feb 20, 6:37 pm)
[patch 06/21] net/smc911x: match up spin lock/unlock, Greg KH, (Tue Feb 20, 6:37 pm)
[patch 07/21] rtc-pcf8563: detect polarity of century bit ..., Greg KH, (Tue Feb 20, 6:37 pm)
[patch 08/21] aio: fix buggy put_ioctx call in aio_complet ..., Greg KH, (Tue Feb 20, 6:37 pm)
[patch 09/21] x86_64: fix 2.6.18 regression - PTRACE_OLDSE ..., Greg KH, (Tue Feb 20, 6:37 pm)
[patch 10/21] ide: fix drive side 80c cable check, Greg KH, (Tue Feb 20, 6:37 pm)
[patch 11/21] pata_amd: fix an obvious bug in cable detection, Greg KH, (Tue Feb 20, 6:37 pm)
[patch 12/21] bcm43xx: Fix for oops on resume, Greg KH, (Tue Feb 20, 6:37 pm)
[patch 13/21] bcm43xx: Fix for oops on ampdu status, Greg KH, (Tue Feb 20, 6:38 pm)
[patch 14/21] usb-audio: work around wrong frequency in CM ..., Greg KH, (Tue Feb 20, 6:38 pm)
[patch 15/21] usbaudio - Fix Oops with broken usb descriptors, Greg KH, (Tue Feb 20, 6:38 pm)
[patch 16/21] usbaudio - Fix Oops with unconventional samp ..., Greg KH, (Tue Feb 20, 6:38 pm)
[patch 17/21] Use different constraint for gcc &lt; 4.1 in bi ..., Greg KH, (Tue Feb 20, 6:38 pm)
[patch 18/21] prism54: correct assignment of DOT1XENABLE i ..., Greg KH, (Tue Feb 20, 6:38 pm)
[patch 19/21] net, 8139too.c: fix netpoll deadlock, Greg KH, (Tue Feb 20, 6:38 pm)
[patch 20/21] Keys: Fix key serial number collision handling, Greg KH, (Tue Feb 20, 6:38 pm)
[patch 21/21] knfsd: Fix a race in closing NFSd connections., Greg KH, (Tue Feb 20, 6:39 pm)
Re: [patch 00/21] 2.6.19-stable review, Stefan Richter, (Wed Feb 21, 6:36 am)
Re: [patch 00/21] 2.6.19-stable review, Stefan Richter, (Wed Feb 21, 6:37 am)
Re: [patch 00/21] 2.6.19-stable review, Chuck Ebbert, (Wed Feb 21, 9:38 am)
Re: [patch 00/21] 2.6.19-stable review, Chuck Ebbert, (Wed Feb 21, 9:50 am)
Re: [patch 00/21] 2.6.19-stable review, Chuck Ebbert, (Wed Feb 21, 12:31 pm)
Re: [patch 00/21] 2.6.19-stable review, Andrew Morton, (Wed Feb 21, 12:47 pm)
Re: [patch 00/21] 2.6.19-stable review, Linus Torvalds, (Wed Feb 21, 1:09 pm)
Re: [patch 00/21] 2.6.19-stable review, Eric W. Biederman, (Wed Feb 21, 1:13 pm)
Re: [patch 00/21] 2.6.19-stable review, Chuck Ebbert, (Wed Feb 21, 1:21 pm)
Re: [patch 00/21] 2.6.19-stable review, Greg KH, (Wed Feb 21, 1:39 pm)
Re: [patch 00/21] 2.6.19-stable review, Chuck Ebbert, (Wed Feb 21, 1:44 pm)
Re: [patch 00/21] 2.6.19-stable review, Andi Kleen, (Wed Feb 21, 3:19 pm)
Re: [patch 00/21] 2.6.19-stable review, Andi Kleen, (Wed Feb 21, 3:20 pm)
Re: [patch 00/21] 2.6.19-stable review, Chuck Ebbert, (Wed Feb 21, 3:33 pm)
Re: [patch 00/21] 2.6.19-stable review, Chuck Ebbert, (Wed Feb 21, 3:39 pm)
Re: [patch 00/21] 2.6.19-stable review, Chuck Ebbert, (Wed Feb 21, 3:43 pm)
Re: [patch 00/21] 2.6.19-stable review, Eric W. Biederman, (Wed Feb 21, 3:45 pm)
Re: [patch 01/21] V4L: cx88: Fix lockup on suspend, Chuck Ebbert, (Wed Feb 21, 6:00 pm)
Re: [patch 01/21] V4L: cx88: Fix lockup on suspend, Michael Krufky, (Wed Feb 21, 6:14 pm)
Re: [patch 00/21] 2.6.19-stable review, Andi Kleen, (Wed Feb 21, 6:19 pm)
Re: [patch 00/21] 2.6.19-stable review, Chuck Ebbert, (Thu Feb 22, 9:09 am)
Re: [patch 00/21] 2.6.19-stable review, Eric W. Biederman, (Tue Feb 27, 11:37 pm)
Re: [patch 00/21] 2.6.19-stable review, Zwane Mwaikambo, (Wed Feb 28, 1:51 am)
Re: [patch 00/21] 2.6.19-stable review, Eric W. Biederman, (Wed Feb 28, 5:28 am)
Re: [stable] [patch 00/21] 2.6.19-stable review, Greg KH, (Wed Feb 28, 12:52 pm)
Re: [stable] [patch 00/21] 2.6.19-stable review, Eric W. Biederman, (Wed Feb 28, 4:25 pm)
Re: [patch 00/21] 2.6.19-stable review, Adrian Bunk, (Thu Mar 8, 10:35 pm)