aboutsummaryrefslogtreecommitdiff
path: root/Documentation/ioctl
diff options
context:
space:
mode:
authorAndrew Morton <akpm@linux-foundation.org>2008-09-02 14:36:14 -0700
committerLinus Torvalds <torvalds@linux-foundation.org>2008-09-02 19:21:40 -0700
commit8b76f46a2db29407fed66cf4aca19d61b3dcb3e1 (patch)
treef908592be7c11065b56573722a71dc468817b925 /Documentation/ioctl
parent9d3593574702ae1899e23a1535da1ac71f928042 (diff)
drivers/char/random.c: fix a race which can lead to a bogus BUG()
Fix a bug reported by and diagnosed by Aaron Straus. This is a regression intruduced into 2.6.26 by commit adc782dae6c4c0f6fb679a48a544cfbcd79ae3dc Author: Matt Mackall <mpm@selenic.com> Date: Tue Apr 29 01:03:07 2008 -0700 random: simplify and rename credit_entropy_store credit_entropy_bits() does: spin_lock_irqsave(&r->lock, flags); ... if (r->entropy_count > r->poolinfo->POOLBITS) r->entropy_count = r->poolinfo->POOLBITS; so there is a time window in which this BUG_ON(): static size_t account(struct entropy_store *r, size_t nbytes, int min, int reserved) { unsigned long flags; BUG_ON(r->entropy_count > r->poolinfo->POOLBITS); /* Hold lock while accounting */ spin_lock_irqsave(&r->lock, flags); can trigger. We could fix this by moving the assertion inside the lock, but it seems safer and saner to revert to the old behaviour wherein entropy_store.entropy_count at no time exceeds entropy_store.poolinfo->POOLBITS. Reported-by: Aaron Straus <aaron@merfinllc.com> Cc: Matt Mackall <mpm@selenic.com> Cc: Theodore Ts'o <tytso@mit.edu> Cc: <stable@kernel.org> [2.6.26.x] Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'Documentation/ioctl')
0 files changed, 0 insertions, 0 deletions