lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <17949.1238100921@redhat.com>
Date:	Thu, 26 Mar 2009 20:55:21 +0000
From:	David Howells <dhowells@...hat.com>
To:	Richard A Nelson <cowboy@...ux.vnet.ibm.com>
Cc:	dhowells@...hat.com, linux-kernel@...r.kernel.org,
	linux-nfs@...r.kernel.org, openafs-devel@...nafs.org
Subject: Re: NFS/AFS/Selinux issues with 2.26.29

Richard A Nelson <cowboy@...ux.vnet.ibm.com> wrote:

> Mar 24 21:09:20 el-ghor kernel: IP: [<ffffffff803628b7>] inode_has_perm+0x2c/0x72
> ...
> Mar 24 14:33:54 bandit-hall kernel: IP: [<c021ba99>] selinux_key_alloc+0x26/0x3b

This looks suspiciously like current->cred->security might be NULL.  Can you
try running with the attached patch applied to your kernel?

David
---
diff --git a/kernel/cred.c b/kernel/cred.c
index 3a03918..67f4de9 100644
--- a/kernel/cred.c
+++ b/kernel/cred.c
@@ -157,6 +157,9 @@ struct cred *prepare_creds(void)
 
 	if (security_prepare_creds(new, old, GFP_KERNEL) < 0)
 		goto error;
+#ifdef CONFIG_SECURITY_SELINUX
+	WARN_ON(!new->security);
+#endif
 	return new;
 
 error:
@@ -250,6 +253,9 @@ struct cred *prepare_usermodehelper_creds(void)
 #endif
 	if (security_prepare_creds(new, &init_cred, GFP_ATOMIC) < 0)
 		goto error;
+#ifdef CONFIG_SECURITY_SELINUX
+	WARN_ON(!new->security);
+#endif
 
 	BUG_ON(atomic_read(&new->usage) != 1);
 	return new;
@@ -331,6 +337,9 @@ int copy_creds(struct task_struct *p, unsigned long clone_flags)
 
 	atomic_inc(&new->user->processes);
 	p->cred = p->real_cred = get_cred(new);
+#ifdef CONFIG_SECURITY_SELINUX
+	WARN_ON(!new->security);
+#endif
 	return 0;
 
 error_put:
@@ -360,6 +369,9 @@ int commit_creds(struct cred *new)
 	BUG_ON(task->cred != task->real_cred);
 	BUG_ON(atomic_read(&task->real_cred->usage) < 2);
 	BUG_ON(atomic_read(&new->usage) < 1);
+#ifdef CONFIG_SECURITY_SELINUX
+	WARN_ON(!new->security);
+#endif
 
 	old = task->real_cred;
 	security_commit_creds(new, old);
@@ -444,6 +456,10 @@ const struct cred *override_creds(const struct cred *new)
 {
 	const struct cred *old = current->cred;
 
+#ifdef CONFIG_SECURITY_SELINUX
+	WARN_ON(!old->security);
+	WARN_ON(!new->security);
+#endif
 	rcu_assign_pointer(current->cred, get_cred(new));
 	return old;
 }
@@ -460,6 +476,10 @@ void revert_creds(const struct cred *old)
 {
 	const struct cred *override = current->cred;
 
+#ifdef CONFIG_SECURITY_SELINUX
+	WARN_ON(!old->security);
+	WARN_ON(!override->security);
+#endif
 	rcu_assign_pointer(current->cred, old);
 	put_cred(override);
 }
@@ -507,6 +527,10 @@ struct cred *prepare_kernel_cred(struct task_struct *daemon)
 	else
 		old = get_cred(&init_cred);
 
+#ifdef CONFIG_SECURITY_SELINUX
+	WARN_ON(!old->security);
+#endif
+
 	*new = *old;
 	get_uid(new->user);
 	get_group_info(new->group_info);
@@ -527,6 +551,9 @@ struct cred *prepare_kernel_cred(struct task_struct *daemon)
 
 	atomic_set(&new->usage, 1);
 	put_cred(old);
+#ifdef CONFIG_SECURITY_SELINUX
+	WARN_ON(!new->security);
+#endif
 	return new;
 
 error:
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 7c52ba2..25bb304 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -3236,7 +3236,7 @@ static int selinux_task_create(unsigned long clone_flags)
 static void selinux_cred_free(struct cred *cred)
 {
 	struct task_security_struct *tsec = cred->security;
-	cred->security = NULL;
+	cred->security = (void *) 0x7UL;
 	kfree(tsec);
 }
 
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ