tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

ecryptfs: Bugfix for error related to ecryptfs_hash_buckets

The function ecryptfs_uid_hash wrongly assumes that the
second parameter to hash_long() is the number of hash
buckets instead of the number of hash bits.
This patch fixes that and renames the variable
ecryptfs_hash_buckets to ecryptfs_hash_bits to make it
clearer.

Fixes: CVE-2010-2492

Signed-off-by: Andre Osterhues <aosterhues@escrypt.com>
Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

authored by

Andre Osterhues and committed by
Linus Torvalds a6f80fb7 6c50e1a4

+9 -8
+9 -8
fs/ecryptfs/messaging.c
··· 31 31 32 32 static struct hlist_head *ecryptfs_daemon_hash; 33 33 struct mutex ecryptfs_daemon_hash_mux; 34 - static int ecryptfs_hash_buckets; 34 + static int ecryptfs_hash_bits; 35 35 #define ecryptfs_uid_hash(uid) \ 36 - hash_long((unsigned long)uid, ecryptfs_hash_buckets) 36 + hash_long((unsigned long)uid, ecryptfs_hash_bits) 37 37 38 38 static u32 ecryptfs_msg_counter; 39 39 static struct ecryptfs_msg_ctx *ecryptfs_msg_ctx_arr; ··· 486 486 } 487 487 mutex_init(&ecryptfs_daemon_hash_mux); 488 488 mutex_lock(&ecryptfs_daemon_hash_mux); 489 - ecryptfs_hash_buckets = 1; 490 - while (ecryptfs_number_of_users >> ecryptfs_hash_buckets) 491 - ecryptfs_hash_buckets++; 489 + ecryptfs_hash_bits = 1; 490 + while (ecryptfs_number_of_users >> ecryptfs_hash_bits) 491 + ecryptfs_hash_bits++; 492 492 ecryptfs_daemon_hash = kmalloc((sizeof(struct hlist_head) 493 - * ecryptfs_hash_buckets), GFP_KERNEL); 493 + * (1 << ecryptfs_hash_bits)), 494 + GFP_KERNEL); 494 495 if (!ecryptfs_daemon_hash) { 495 496 rc = -ENOMEM; 496 497 printk(KERN_ERR "%s: Failed to allocate memory\n", __func__); 497 498 mutex_unlock(&ecryptfs_daemon_hash_mux); 498 499 goto out; 499 500 } 500 - for (i = 0; i < ecryptfs_hash_buckets; i++) 501 + for (i = 0; i < (1 << ecryptfs_hash_bits); i++) 501 502 INIT_HLIST_HEAD(&ecryptfs_daemon_hash[i]); 502 503 mutex_unlock(&ecryptfs_daemon_hash_mux); 503 504 ecryptfs_msg_ctx_arr = kmalloc((sizeof(struct ecryptfs_msg_ctx) ··· 555 554 int i; 556 555 557 556 mutex_lock(&ecryptfs_daemon_hash_mux); 558 - for (i = 0; i < ecryptfs_hash_buckets; i++) { 557 + for (i = 0; i < (1 << ecryptfs_hash_bits); i++) { 559 558 int rc; 560 559 561 560 hlist_for_each_entry(daemon, elem,