/* * Common values for serpent algorithms */ #ifndef _CRYPTO_SERPENT_H #define _CRYPTO_SERPENT_H #include #include #define SERPENT_MIN_KEY_SIZE 0 #define SERPENT_MAX_KEY_SIZE 32 #define SERPENT_EXPKEY_WORDS 132 #define SERPENT_BLOCK_SIZE 16 struct serpent_ctx { u32 expkey[SERPENT_EXPKEY_WORDS]; }; int __serpent_setkey(struct serpent_ctx *ctx, const u8 *key, unsigned int keylen); int serpent_setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen); void __serpent_encrypt(struct serpent_ctx *ctx, u8 *dst, const u8 *src); void __serpent_decrypt(struct serpent_ctx *ctx, u8 *dst, const u8 *src); #endif c='/cgit.png' alt='cgit logo'/> index : net-next.git
net-next plumbingsTobias Klauser
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEric W. Biederman <ebiederm@xmission.com>2012-12-28 18:58:39 -0800
committerEric W. Biederman <ebiederm@xmission.com>2013-01-26 22:11:41 -0800
commitc61a2810a2161986353705b44d9503e6bb079f4f (patch)
tree1f949f359d0344c2a47c8d0c597815aceb8091c0
parent923c7538236564c46ee80c253a416705321f13e3 (diff)
userns: Avoid recursion in put_user_ns
When freeing a deeply nested user namespace free_user_ns calls put_user_ns on it's parent which may in turn call free_user_ns again. When -fno-optimize-sibling-calls is passed to gcc one stack frame per user namespace is left on the stack, potentially overflowing the kernel stack. CONFIG_FRAME_POINTER forces -fno-optimize-sibling-calls so we can't count on gcc to optimize this code. Remove struct kref and use a plain atomic_t. Making the code more flexible and easier to comprehend. Make the loop in free_user_ns explict to guarantee that the stack does not overflow with CONFIG_FRAME_POINTER enabled. I have tested this fix with a simple program that uses unshare to create a deeply nested user namespace structure and then calls exit. With 1000 nesteuser namespaces before this change running my test program causes the kernel to die a horrible death. With 10,000,000 nested user namespaces after this change my test program runs to completion and causes no harm. Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Pointed-out-by: Vasily Kulikov <segoon@openwall.com> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>