lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 22 Mar 2013 16:48:32 +0100
From:	Ján Stanček <jan.stancek@...il.com>
To:	Paul Moore <paul@...l-moore.com>
Cc:	netdev@...r.kernel.org, eparis@...hat.com, sds@...ho.nsa.gov
Subject: Re: NULL pointer deref, selinux_socket_unix_may_send+0x34/0x90

On Fri, Mar 22, 2013 at 4:24 PM, Paul Moore <paul@...l-moore.com> wrote:
> On Thursday, March 21, 2013 11:19:22 PM Ján Stanček wrote:
>> Hi,
>>
>> I'm occasionally seeing a panic early after system booted and while
>> systemd is starting other services.
>>
>> I made a reproducer which is quite reliable on my system (32 CPU Intel)
>> and can usually trigger this issue within a minute or two. I can reproduce
>> this issue with 3.9.0-rc3 as root or unprivileged user (see call trace
>> below).
>>
>> I'm attaching my reproducer and (experimental) patch, which fixes the
>> issue for me.
>
> Hi Jan,
>
> I've heard some similar reports over the past few years but I've never been
> able to reproduce the problem and the reporters have never show enough
> interest to be able to help me diagnose the problem.  Your information about
> the size of the machine and the reproducer may help, thank you!
>
> I'll try your reproducer but since I don't happen to have a machine handy that
> is the same size as yours would you mind trying the attached (also pasted
> inline for others to comment on) patch?  I can't promise it will solve your
> problem but it was the best idea I could come up with a few years ago when I
> first became aware of the problem.  I think you are right in that there is a
> race condition somewhere with the AF_UNIX sockets shutting down, I'm just not
> yet certain where it is ...

Hi Paul,

thanks for reply, I'll try your patch and let you know.

I'm not certain about cause either, but patch I sent in last email
makes it go away,
so maybe that can help in some way.

I made a v2 of the reproducer (attached), which triggers the issue a lot faster
on 2 systems I tried (32 CPU and 4 CPU systems) - just in couple of seconds.

Regards,
Jan

View attachment "selinux_socket_unix_may_send_v2.c" of type "text/x-csrc" (3762 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ