Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 259332

Summary: 2.6.28 kernel regression: race condition in crypto API breaks cryptsetup
Product: Gentoo Linux Reporter: Christopher Head <bugs>
Component: [OLD] Core systemAssignee: Gentoo Kernel Bug Wranglers and Kernel Maintainers <kernel>
Status: VERIFIED FIXED    
Severity: normal CC: kfm
Priority: High Keywords: InVCS
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: [linux-2.6.28-regression] [linux >= 2.6.28 <= 2.6.28.7]
Package list:
Runtime testing required: ---
Attachments: The patch from git

Description Christopher Head 2009-02-17 08:54:00 UTC 
Hardened sources 2.6.28 breaks crypsetup for dmcrypt due to an apparent race condition which has been fixed in 2.6.29-rc5. Since there are no hardened patches available yet for 2.6.29, is there any chance of having this (very small!) patch backported into 2.6.28? I'm using locally-hacked sources right now, and I'm sure lots of people could benefit from this patch.

I will attach the patch file and GIT commit info momentarily.

Reproducible: Always

Steps to Reproduce:
Comment 1 Christopher Head 2009-02-17 08:54:20 UTC 
Commit comment:
commit b8e15992b420d09dae831125a623c474c8637cee
Author: Herbert Xu <herbert@gondor.apana.org.au>
Date:   Wed Jan 28 14:09:59 2009 +1100

    crypto: api - Fix algorithm test race that broke aead initialisation
    
    When we complete a test we'll notify everyone waiting on it, drop
    the mutex, and then remove the test larval (after reacquiring the
    mutex).  If one of the notified parties tries to register another
    algorithm with the same driver name prior to the removal of the
    test larval, they will fail with EEXIST as only one algorithm of
    a given name can be tested at any time.
    
    This broke the initialisation of aead and givcipher algorithms as
    they will register two algorithms with the same driver name, in
    sequence.
    
    This patch fixes the problem by marking the larval as dead before
    we drop the mutex, and also ignoring all dead or dying algorithms
    on the registration path.
    
    Tested-by: Andreas Steffen <andreas.steffen@strongswan.org>
    Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Comment 2 Christopher Head 2009-02-17 08:55:18 UTC 
Created attachment 182315 [details, diff]
The patch from git
Comment 3 kfm 2009-02-21 21:11:50 UTC 
Thanks. I've submitted this upstream with a view to having it incorporated in the next 2.6.28-stable tree release.
Comment 5 kfm 2009-02-22 02:02:45 UTC 
Herbert's given it the thumbs up, so please add it to the next genpatches release if that occurs before the next stable tree release.
Comment 6 kfm 2009-02-22 02:05:10 UTC 
Oops, I was oblivious to the InSVN keyword whilst writing the previous comment :)
Comment 7 Mike Pagano gentoo-dev 2009-03-08 11:32:33 UTC 
Fixed in gentoo-sources-2.6.28-r3