2.6.27-stable review patch. If anyone has any objections, please let us know. ------------------ From: Paul Moore commit d7f59dc4642ce2fc7b79fcd4ec02ffce7f21eb02 upstream. Rick McNeal from LSI identified a panic in selinux_netlbl_inode_permission() caused by a certain sequence of SUNRPC operations. The problem appears to be due to the lack of NULL pointer checking in the function; this patch adds the pointer checks so the function will exit safely in the cases where the socket is not completely initialized. Signed-off-by: Paul Moore Signed-off-by: James Morris Cc: Chuck Ebbert Signed-off-by: Greg Kroah-Hartman --- security/selinux/netlabel.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) --- a/security/selinux/netlabel.c +++ b/security/selinux/netlabel.c @@ -236,11 +236,12 @@ int selinux_netlbl_inode_permission(stru if (!S_ISSOCK(inode->i_mode) || ((mask & (MAY_WRITE | MAY_APPEND)) == 0)) return 0; - sock = SOCKET_I(inode); sk = sock->sk; + if (sk == NULL) + return 0; sksec = sk->sk_security; - if (sksec->nlbl_state != NLBL_REQUIRE) + if (sksec == NULL || sksec->nlbl_state != NLBL_REQUIRE) return 0; local_bh_disable(); -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/