diff options
author | Trond Myklebust <Trond.Myklebust@netapp.com> | 2009-12-03 08:10:17 -0500 |
---|---|---|
committer | Trond Myklebust <Trond.Myklebust@netapp.com> | 2009-12-03 08:10:17 -0500 |
commit | f0380f3d16df8f9e2fcd1d8c16fb0d94370bea99 (patch) | |
tree | 447798d04462a3c45390a8840502c65330ffb5f9 /security/integrity | |
parent | feb8ca37cc3d83c07fd042509ef1e176cfeb2cfa (diff) |
RPC: Fix two potential races in put_rpccred
It is possible for rpcauth_destroy_credcache() to cause the rpc credentials
to be unhashed while put_rpccred is waiting for the rpc_credcache_lock on
another cpu. Should this happen, then we can end up calling
hlist_del_rcu(&cred->cr_hash) a second time in put_rpccred, thus causing
list corruption.
Should the credential actually be hashed, it is also possible for
rpcauth_lookup_credcache to find and reference it before we get round to
unhashing it. In this case, the call to rpcauth_unhash_cred will fail, and
so we should just exit without destroying the cred.
Reported-by: Neil Brown <neilb@suse.de>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Diffstat (limited to 'security/integrity')
0 files changed, 0 insertions, 0 deletions