ecryptfs: Bugfix for error related to ecryptfs_hash_buckets

The function ecryptfs_uid_hash wrongly assumes that the
second parameter to hash_long() is the number of hash
buckets instead of the number of hash bits.
This patch fixes that and renames the variable
ecryptfs_hash_buckets to ecryptfs_hash_bits to make it
clearer.

Fixes: CVE-2010-2492

Signed-off-by: Andre Osterhues <aosterhues@escrypt.com>
Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
Andre Osterhues 2010-07-13 15:59:17 -05:00 committed by Linus Torvalds
parent 6c50e1a49b
commit a6f80fb7b5
1 changed files with 9 additions and 8 deletions

View File

@ -31,9 +31,9 @@ static struct mutex ecryptfs_msg_ctx_lists_mux;
static struct hlist_head *ecryptfs_daemon_hash; static struct hlist_head *ecryptfs_daemon_hash;
struct mutex ecryptfs_daemon_hash_mux; struct mutex ecryptfs_daemon_hash_mux;
static int ecryptfs_hash_buckets; static int ecryptfs_hash_bits;
#define ecryptfs_uid_hash(uid) \ #define ecryptfs_uid_hash(uid) \
hash_long((unsigned long)uid, ecryptfs_hash_buckets) hash_long((unsigned long)uid, ecryptfs_hash_bits)
static u32 ecryptfs_msg_counter; static u32 ecryptfs_msg_counter;
static struct ecryptfs_msg_ctx *ecryptfs_msg_ctx_arr; static struct ecryptfs_msg_ctx *ecryptfs_msg_ctx_arr;
@ -486,18 +486,19 @@ int ecryptfs_init_messaging(void)
} }
mutex_init(&ecryptfs_daemon_hash_mux); mutex_init(&ecryptfs_daemon_hash_mux);
mutex_lock(&ecryptfs_daemon_hash_mux); mutex_lock(&ecryptfs_daemon_hash_mux);
ecryptfs_hash_buckets = 1; ecryptfs_hash_bits = 1;
while (ecryptfs_number_of_users >> ecryptfs_hash_buckets) while (ecryptfs_number_of_users >> ecryptfs_hash_bits)
ecryptfs_hash_buckets++; ecryptfs_hash_bits++;
ecryptfs_daemon_hash = kmalloc((sizeof(struct hlist_head) ecryptfs_daemon_hash = kmalloc((sizeof(struct hlist_head)
* ecryptfs_hash_buckets), GFP_KERNEL); * (1 << ecryptfs_hash_bits)),
GFP_KERNEL);
if (!ecryptfs_daemon_hash) { if (!ecryptfs_daemon_hash) {
rc = -ENOMEM; rc = -ENOMEM;
printk(KERN_ERR "%s: Failed to allocate memory\n", __func__); printk(KERN_ERR "%s: Failed to allocate memory\n", __func__);
mutex_unlock(&ecryptfs_daemon_hash_mux); mutex_unlock(&ecryptfs_daemon_hash_mux);
goto out; goto out;
} }
for (i = 0; i < ecryptfs_hash_buckets; i++) for (i = 0; i < (1 << ecryptfs_hash_bits); i++)
INIT_HLIST_HEAD(&ecryptfs_daemon_hash[i]); INIT_HLIST_HEAD(&ecryptfs_daemon_hash[i]);
mutex_unlock(&ecryptfs_daemon_hash_mux); mutex_unlock(&ecryptfs_daemon_hash_mux);
ecryptfs_msg_ctx_arr = kmalloc((sizeof(struct ecryptfs_msg_ctx) ecryptfs_msg_ctx_arr = kmalloc((sizeof(struct ecryptfs_msg_ctx)
@ -554,7 +555,7 @@ void ecryptfs_release_messaging(void)
int i; int i;
mutex_lock(&ecryptfs_daemon_hash_mux); mutex_lock(&ecryptfs_daemon_hash_mux);
for (i = 0; i < ecryptfs_hash_buckets; i++) { for (i = 0; i < (1 << ecryptfs_hash_bits); i++) {
int rc; int rc;
hlist_for_each_entry(daemon, elem, hlist_for_each_entry(daemon, elem,