rtime.felk.cvut.cz Git - lisovros/linux

author	Andrew Morton <akpm@linux-foundation.org>
	Wed, 3 Sep 2008 02:35:02 +0000 (02:35 +0000)
committer	Greg Kroah-Hartman <gregkh@suse.de>
	Mon, 8 Sep 2008 11:44:20 +0000 (04:44 -0700)
commit	b6cdf4eeaf022b84c7d41cc8c1e20c2a0be7100d
tree	10b9c12beb4a00ef03fedfa098c5225bd479c744	tree \| snapshot
parent	db809e440eda6cc9a7e6633420668ea14c16ce6a	commit \| diff

drivers/char/random.c: fix a race which can lead to a bogus BUG()

commit 8b76f46a2db29407fed66cf4aca19d61b3dcb3e1 upstream

Fix a bug reported by and diagnosed by Aaron Straus.

This is a regression intruduced into 2.6.26 by

    commit adc782dae6c4c0f6fb679a48a544cfbcd79ae3dc
    Author: Matt Mackall <mpm@selenic.com>
    Date:   Tue Apr 29 01:03:07 2008 -0700

        random: simplify and rename credit_entropy_store

credit_entropy_bits() does:

spin_lock_irqsave(&r->lock, flags);
...
if (r->entropy_count > r->poolinfo->POOLBITS)
r->entropy_count = r->poolinfo->POOLBITS;

so there is a time window in which this BUG_ON():

static size_t account(struct entropy_store *r, size_t nbytes, int min,
      int reserved)
{
unsigned long flags;

BUG_ON(r->entropy_count > r->poolinfo->POOLBITS);

/* Hold lock while accounting */
spin_lock_irqsave(&r->lock, flags);

can trigger.

We could fix this by moving the assertion inside the lock, but it seems
safer and saner to revert to the old behaviour wherein
entropy_store.entropy_count at no time exceeds
entropy_store.poolinfo->POOLBITS.

Reported-by: Aaron Straus <aaron@merfinllc.com>
Cc: Matt Mackall <mpm@selenic.com>
Cc: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>