linux/drivers/char
Andrew Morton 8b76f46a2d drivers/char/random.c: fix a race which can lead to a bogus BUG()
Fix a bug reported by and diagnosed by Aaron Straus.

This is a regression intruduced into 2.6.26 by

    commit adc782dae6
    Author: Matt Mackall <mpm@selenic.com>
    Date:   Tue Apr 29 01:03:07 2008 -0700

        random: simplify and rename credit_entropy_store

credit_entropy_bits() does:

	spin_lock_irqsave(&r->lock, flags);
	...
	if (r->entropy_count > r->poolinfo->POOLBITS)
		r->entropy_count = r->poolinfo->POOLBITS;

so there is a time window in which this BUG_ON():

static size_t account(struct entropy_store *r, size_t nbytes, int min,
		      int reserved)
{
	unsigned long flags;

	BUG_ON(r->entropy_count > r->poolinfo->POOLBITS);

	/* Hold lock while accounting */
	spin_lock_irqsave(&r->lock, flags);

can trigger.

We could fix this by moving the assertion inside the lock, but it seems
safer and saner to revert to the old behaviour wherein
entropy_store.entropy_count at no time exceeds
entropy_store.poolinfo->POOLBITS.

Reported-by: Aaron Straus <aaron@merfinllc.com>
Cc: Matt Mackall <mpm@selenic.com>
Cc: Theodore Ts'o <tytso@mit.edu>
Cc: <stable@kernel.org>		[2.6.26.x]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-09-02 19:21:40 -07:00
..
agp agp: fix SIS 5591/5592 wrong PCI id 2008-08-12 10:13:38 +10:00
hw_random crypto: padlock - fix VIA PadLock instruction usage with irq_ts_save/restore() 2008-08-13 22:02:26 +10:00
ip2 ip2: push BKL down for the firmware interface 2008-07-25 10:53:43 -07:00
ipmi drivers/char/ipmi/ipmi_si_intf.c:default_find_bmc(): fix leak 2008-08-20 15:40:31 -07:00
mwave mwave: ioctl BKL pushdown 2008-07-25 10:53:43 -07:00
pcmcia removed unused #include <version.h> 2008-08-16 17:21:58 -07:00
rio rio: push down the BKL into the firmware ioctl handler 2008-07-25 10:53:43 -07:00
tpm tpm: Use correct data types for sizes in tpm_write() and tpm_read() 2008-07-26 12:00:04 -07:00
xilinx_hwicap removed unused #include <linux/version.h>'s 2008-08-23 12:14:12 -07:00
.gitignore
amiserial.c m68k/amiserial: fix fallout of tty break handling rework 2008-08-06 13:24:41 -07:00
apm-emulation.c APM emulation: Notify about all suspend events, not just APM invoked ones (v2) 2008-07-16 23:27:02 +02:00
applicom.c char serial: switch drivers to ioremap_nocache 2008-04-30 08:29:48 -07:00
applicom.h
bfin-otp.c Blackfin char driver for Blackfin on-chip OTP memory (v3) 2008-04-25 08:04:56 +08:00
briq_panel.c briq_panel: BKL pushdown 2008-06-20 14:05:55 -06:00
bsr.c powerpc: Add driver for Barrier Synchronization Register 2008-07-15 12:24:55 +10:00
cd1865.h
ChangeLog
consolemap.c Basic braille screen reader support 2008-04-30 08:29:52 -07:00
cp437.uni
cs5535_gpio.c Add a bunch of cycle_kernel_lock() calls 2008-06-20 14:05:53 -06:00
cyclades.c tty: rework break handling 2008-07-22 13:03:28 -07:00
defkeymap.c_shipped Fix default compose table initialization 2008-03-03 14:53:16 -08:00
defkeymap.map
digi1.h
digiFep1.h
digiPCI.h
ds1286.c ds1286: BKL pushdown 2008-06-20 14:05:56 -06:00
ds1302.c ds1302: push down the BKL into the driver ioctl code 2008-07-25 10:53:43 -07:00
ds1620.c [ARM] Move include/asm-arm/arch-* to arch/arm/*/include/mach 2008-08-07 09:55:48 +01:00
dsp56k.c dsp56k: Fix BKL pushdown 2008-07-26 13:22:56 -07:00
dtlk.c Add a bunch of cycle_kernel_lock() calls 2008-06-20 14:05:53 -06:00
efirtc.c drivers/char/efirtc.c: removed duplicated #include 2008-08-04 16:59:56 -07:00
epca.c Fix the epca driver to permit epca_setup() to be invoked from the kernel cmdline 2008-07-22 13:03:28 -07:00
epca.h epca: use tty_port 2008-07-20 17:12:36 -07:00
epcaconfig.h
esp.c tty: rework break handling 2008-07-22 13:03:28 -07:00
generic_nvram.c driver/char/generic_nvram: fix banner 2008-06-12 18:05:41 -07:00
generic_serial.c gs: use tty_port 2008-07-20 17:12:36 -07:00
genrtc.c genrtc: BKL pushdown 2008-06-20 14:05:57 -06:00
hangcheck-timer.c drivers/char/: Spelling fixes 2008-02-03 17:11:42 +02:00
hpet.c #if 0 hpet_unregister() 2008-07-25 10:53:43 -07:00
hvc_beat.c [POWERPC] hvcbeat: Fix buffer manipulation 2008-04-17 07:46:10 +10:00
hvc_console.c fix spinlock recursion in hvc_console 2008-08-12 17:52:55 +10:00
hvc_console.h powerpc: Move include files to arch/powerpc/include/asm 2008-08-04 12:02:00 +10:00
hvc_irq.c hvc_console: rework setup to replace irq functions with callbacks 2008-07-25 12:06:06 +10:00
hvc_iseries.c hvc_console: rework setup to replace irq functions with callbacks 2008-07-25 12:06:06 +10:00
hvc_rtas.c [POWERPC] hvc_rtas_init() must be __init 2008-02-14 22:11:02 +11:00
hvc_vio.c hvc_console: rework setup to replace irq functions with callbacks 2008-07-25 12:06:06 +10:00
hvc_xen.c hvc_console: rework setup to replace irq functions with callbacks 2008-07-25 12:06:06 +10:00
hvcs.c powerpc: Move include files to arch/powerpc/include/asm 2008-08-04 12:02:00 +10:00
hvsi.c drivers/char: replace remaining __FUNCTION__ occurrences 2008-04-30 08:29:54 -07:00
i8k.c i8k: make fan multiplier tunable with a module parameter 2008-05-01 08:04:00 -07:00
ip27-rtc.c ip27-rtc: BKL pushdown 2008-06-20 14:05:57 -06:00
isicom.c isicom: restore using hardware break support 2008-07-22 13:03:28 -07:00
istallion.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core-2.6 2008-07-22 13:13:47 -07:00
Kconfig powerpc/iseries: remove the old viocons driver 2008-08-07 18:07:10 -07:00
keyboard.c Merge master.kernel.org:/pub/scm/linux/kernel/git/torvalds/linux-2.6 into next 2008-07-21 00:55:14 -04:00
lp.c device create: char: convert device_create to device_create_drvdata 2008-07-21 21:54:41 -07:00
Makefile powerpc/iseries: remove the old viocons driver 2008-08-07 18:07:10 -07:00
mbcs.c mbcs: cdev lock_kernel() pushdown 2008-06-20 14:05:48 -06:00
mbcs.h MBCS: convert dmareadlock to mutex 2008-02-07 08:42:25 -08:00
mem.c use generic_access_phys for /dev/mem mappings 2008-07-24 10:47:15 -07:00
misc.c device create: char: convert device_create to device_create_drvdata 2008-07-21 21:54:41 -07:00
mmtimer.c mmtimer: Push BKL down into the ioctl handler 2008-07-17 11:34:49 -07:00
moxa.c tty: rework break handling 2008-07-22 13:03:28 -07:00
moxa.h Char: moxa, cleanup rx/tx 2008-04-30 08:29:43 -07:00
mspec.c mspec: convert nopfn to fault 2008-07-24 10:47:14 -07:00
mxser.c Char: mxser, ratelimit ioctl warning 2008-07-30 09:41:45 -07:00
mxser.h mxser: convert large macros to functions 2008-04-30 08:29:49 -07:00
n_hdlc.c n_hdlc: honor O_NONBLOCK on write 2008-07-22 13:03:28 -07:00
n_r3964.c tty: Ldisc revamp 2008-07-20 17:12:34 -07:00
n_tty.c tty: Ldisc revamp 2008-07-20 17:12:34 -07:00
nozomi.c drivers/char: replace remaining __FUNCTION__ occurrences 2008-04-30 08:29:54 -07:00
nsc_gpio.c [PATCH] struct path: convert char-drivers 2006-12-08 08:28:44 -08:00
nvram.c drivers/char/nvram.c: Removed duplicated include 2008-07-23 09:36:23 -07:00
nwbutton.c [PATCH] Char: timers cleanup 2007-02-12 09:48:30 -08:00
nwbutton.h
nwflash.c [ARM] fix nwflash.c: 6ee8928d94 2008-07-26 16:29:24 +01:00
pc8736x_gpio.c Add a bunch of cycle_kernel_lock() calls 2008-06-20 14:05:53 -06:00
ppdev.c ppdev: wrap ioctl handler in driver and push lock down 2008-07-25 10:53:43 -07:00
ps3flash.c ps3: FLASH ROM Storage Driver 2007-07-21 17:49:16 -07:00
pty.c tty: Ldisc revamp 2008-07-20 17:12:34 -07:00
random.c drivers/char/random.c: fix a race which can lead to a bogus BUG() 2008-09-02 19:21:40 -07:00
raw.c device create: char: convert device_create to device_create_drvdata 2008-07-21 21:54:41 -07:00
riscom8_reg.h
riscom8.c riscom8: Restore driver using new break functionality 2008-07-22 13:03:28 -07:00
riscom8.h tty: add more tty_port fields 2008-07-20 17:12:38 -07:00
rocket_int.h tty: add more tty_port fields 2008-07-20 17:12:38 -07:00
rocket.c tty: rework break handling 2008-07-22 13:03:28 -07:00
rocket.h tty: add more tty_port fields 2008-07-20 17:12:38 -07:00
rtc.c drivers/char/rtc.c: removed duplicated include 2008-08-12 16:07:30 -07:00
scc.h
scx200_gpio.c Add a bunch of cycle_kernel_lock() calls 2008-06-20 14:05:53 -06:00
selection.c tty: Ldisc revamp 2008-07-20 17:12:34 -07:00
ser_a2232.c m68k: gs: use tty_port fixes 2008-07-26 20:29:03 -07:00
ser_a2232.h
ser_a2232fw.ax
ser_a2232fw.h
serial167.c m68k: serial167 missing return value in cy_put_char() 2008-05-05 12:37:02 -07:00
snsc_event.c byteorder: don't directly include linux/byteorder/generic.h 2008-05-16 12:01:45 -07:00
snsc.c device create: char: convert device_create to device_create_drvdata 2008-07-21 21:54:41 -07:00
snsc.h Convert asm/semaphore.h users to linux/semaphore.h 2008-04-18 22:22:54 -04:00
sonypi.c sonypi: BKL pushdown 2008-07-02 15:06:25 -06:00
specialix_io8.h tty: add more tty_port fields 2008-07-20 17:12:38 -07:00
specialix.c specialix: restore driver using new break functionality 2008-07-22 13:03:28 -07:00
stallion.c stallion: removed unused variable 2008-07-24 10:47:30 -07:00
sx.c sx: push BKL down into the firmware ioctl handler 2008-07-25 10:53:43 -07:00
sx.h Char: char/serial, remove SERIAL_TYPE_NORMAL redefines 2008-02-07 08:42:33 -08:00
sxboards.h
sxwindow.h
synclink_gt.c removed unused #include <version.h> 2008-08-16 17:21:58 -07:00
synclink.c Merge branch 'for-jeff' of git://git.kernel.org/pub/scm/linux/kernel/git/chris/linux-2.6 into tmp 2008-08-07 04:05:46 -04:00
synclinkmp.c Merge branch 'for-jeff' of git://git.kernel.org/pub/scm/linux/kernel/git/chris/linux-2.6 into tmp 2008-08-07 04:05:46 -04:00
sysrq.c fix: "smp_call_function: get rid of the unused nonatomic/retry argument" 2008-06-27 11:52:45 +02:00
tb0219.c Add a bunch of cycle_kernel_lock() calls 2008-06-20 14:05:53 -06:00
tlclk.c tlckl: BKL pushdown 2008-06-20 14:05:51 -06:00
toshiba.c toshiba: use ioremap_cached 2008-04-30 23:15:34 +02:00
tty_audit.c [PATCH] split linux/file.h 2008-05-01 13:08:16 -04:00
tty_io.c tty: Fix termios tty window resize race with pty/tty pair 2008-08-27 14:37:09 -07:00
tty_ioctl.c tty: TIOCGSOFTCAR/SSOFTCAR on pty is wron 2008-08-27 14:37:09 -07:00
tty_ldisc.c try harder to load tty ldisc driver 2008-08-01 12:50:15 -07:00
vc_screen.c device create: char: convert device_create to device_create_drvdata 2008-07-21 21:54:41 -07:00
viotape.c device create: char: convert device_create to device_create_drvdata 2008-07-21 21:54:41 -07:00
virtio_console.c virtio_console: use virtqueue notification for hvc_console 2008-07-25 12:06:06 +10:00
vme_scc.c m68k: gs: use tty_port fixes 2008-07-26 20:29:03 -07:00
vr41xx_giu.c Add a bunch of cycle_kernel_lock() calls 2008-06-20 14:05:53 -06:00
vt_ioctl.c tty: remove resize window special case 2008-08-15 10:34:07 -07:00
vt.c tty: remove resize window special case 2008-08-15 10:34:07 -07:00