tis 2005-04-12 klockan 21:58 +0300 skrev Jani Jaakkola: > SMP race handling is broken in key_user_lookup() in security/keys/key.c > (if CONFIG_KEYS is set to 'y'). This came up on our Samba servers, but is > not restricted to samba, though samba is probably the only software which > is likely to trigger this repeatedly (and it did happen allready four > times here in University of Helsinki, CS department). > > However, it only takes two setreuid() calls at the same instant, so this > may be responsible for some other mysterious random crashes. > > This is the same bug which was previously raported to LKML here (found by > google): > http://www.ussg.iu.edu/hypermail/linux/kernel/0502.2/0521.html > > Here is a small test program, which can be used to trigger the bug and > crash the machine where it is run. It might take a few seconds: > > #include<unistd.h> > #include<stdio.h> > int main() { > int i; > fork(); > while(1) { > for(i=0;i<60000;i++) { setreuid(i,0); } > putchar('.'); fflush(stdout); > }; > } > > The (rather obvious) problem is that key_user_lookup() does not properly > re-initialize the user lookup if there was a race. > > This patch applies to vanilla 2.6.11.7 and latest fedora kernel > 2.6.11-1.14_FC3. When applied, the test program runs just fine (and does > nothing useful).
A fix went into mainline for this two months ago (post 2.6.11), but I probably should have sent it into -stable aswell. For your own sake always use the latest kernel when looking at problems/fixes, things move fast around here :) - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
