On 06/24/2013 03:59 PM, Herbert Xu wrote:
...
Author: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Date: Mon Jun 24 21:57:42 2013 +0800
crypto: algboss - Hold ref count on larval
...
The use of wait_for_completion_interruptible is intentional so that
we don't lock up the thread if a bug causes us to never wake up.
This bug is caused by the helper thread using the larval without
holding a reference count on it. If the helper thread completes
after the original thread requesting for help has gone away and
destroyed the larval, then we get the crash above.
So the fix is to hold a reference count on the larval.
Cc: <stable@xxxxxxxxxxxxxxx> # 3.6+
Reported-by: Daniel Borkmann <dborkman@xxxxxxxxxx>
Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Tested-by: Daniel Borkmann <dborkman@xxxxxxxxxx>
This fixes the panic for me with the reproducer I sent off-list.
Thanks Herbert !
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
