Review of an OpenCrypto patch
Benno Rice
benno at FreeBSD.org
Tue Jan 14 21:25:48 UTC 2014
Hi -security,
I work at EMC Isilon and one of our developers has found a race in opencyrpto and provided the attached patch to address it.
The situation as explained to me is that the crypto request queue and dequeue operate under CRYPTO_Q_LOCK, along with crypto_invoke and thus crypto processing. Meanwhile crypto_newsession (and thus all driver new session calls) operate under CRYPTO_DRIVER_LOCK.
This leads to a situation where resizing of the swcr_sessions array in swcr_newsession can interfere with the use of that array in swcr_process.
The attached patch protects the swcr_sessions array with a new rwlock.
Could somebody give this a look over and let me know if it’s commitable roughly as is or needs some work?
Cheers,
Benno.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: patch-117508.3
Type: application/octet-stream
Size: 3808 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20140115/64997980/attachment.obj>
-------------- next part --------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20140115/64997980/attachment.sig>
More information about the freebsd-security
mailing list