Hardened sources 2.6.28 breaks crypsetup for dmcrypt due to an apparent race condition which has been fixed in 2.6.29-rc5. Since there are no hardened patches available yet for 2.6.29, is there any chance of having this (very small!) patch backported into 2.6.28? I'm using locally-hacked sources right now, and I'm sure lots of people could benefit from this patch. I will attach the patch file and GIT commit info momentarily. Reproducible: Always Steps to Reproduce:
Commit comment: commit b8e15992b420d09dae831125a623c474c8637cee Author: Herbert Xu <herbert@gondor.apana.org.au> Date: Wed Jan 28 14:09:59 2009 +1100 crypto: api - Fix algorithm test race that broke aead initialisation When we complete a test we'll notify everyone waiting on it, drop the mutex, and then remove the test larval (after reacquiring the mutex). If one of the notified parties tries to register another algorithm with the same driver name prior to the removal of the test larval, they will fail with EEXIST as only one algorithm of a given name can be tested at any time. This broke the initialisation of aead and givcipher algorithms as they will register two algorithms with the same driver name, in sequence. This patch fixes the problem by marking the larval as dead before we drop the mutex, and also ignoring all dead or dying algorithms on the registration path. Tested-by: Andreas Steffen <andreas.steffen@strongswan.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Created attachment 182315 [details, diff] The patch from git
Thanks. I've submitted this upstream with a view to having it incorporated in the next 2.6.28-stable tree release.
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff_plain;h=b8e15992b420d09dae831125a623c474c8637cee
Herbert's given it the thumbs up, so please add it to the next genpatches release if that occurs before the next stable tree release.
Oops, I was oblivious to the InSVN keyword whilst writing the previous comment :)
Fixed in gentoo-sources-2.6.28-r3
