lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20090912072450.GA6767@elte.hu>
Date:	Sat, 12 Sep 2009 09:24:50 +0200
From:	Ingo Molnar <mingo@...e.hu>
To:	James Morris <jmorris@...ei.org>, Thomas Liu <tliu@...hat.com>,
	Eric Paris <eparis@...hat.com>
Cc:	linux-kernel@...r.kernel.org,
	Linus Torvalds <torvalds@...ux-foundation.org>
Subject: [origin tree boot crash] Revert "selinux: clean up avc node cache
	when disabling selinux"


James - i did not see a security pull request email from you in my 
lkml folder so i created this new thread. -tip testing found the 
easy crash below. It reverts cleanly so i went that easy route.

At a really quick 10-seconds glance the crash happens because we 
destroy the slab cache twice, if the sysctl is toggled twice?

	Ingo

----------------->
>From cb52c156f8eedbcd963e0178787c8e2a933a656b Mon Sep 17 00:00:00 2001
From: Ingo Molnar <mingo@...e.hu>
Date: Sat, 12 Sep 2009 09:17:42 +0200
Subject: [PATCH] Revert "selinux: clean up avc node cache when disabling selinux"

This reverts commit 89c86576ecde504da1eeb4f4882b2189ac2f9c4a.

Causes this crash:

[   21.280240] async_continuing @ 1 after 0 usec
[   21.289992] Freeing unused kernel memory: 616k freed
[   21.289992] Write protecting the kernel read-only data: 10216k
[   21.586068] SELinux:  Disabled at runtime.
[   21.590018] =============================================================================
[   21.598233] BUG avc_node: Objects remaining on kmem_cache_close()
[   21.600000] -----------------------------------------------------------------------------
[   21.600000]
[   21.600000] INFO: Slab 0xffffea00015de088 objects=30 used=6 fp=0xffff88003f9d3330 flags=0x100000000000082
[   21.600000] Pid: 1, comm: init Not tainted 2.6.31-00127-g2490138-dirty #12971
[   21.600000] Call Trace:
[   21.600000]  [<ffffffff811179f7>] slab_err+0xb0/0xd2
[   21.600000]  [<ffffffff81085ba7>] ? __lock_acquire+0x982/0x9e6
[   21.600000]  [<ffffffff816b8090>] ? _spin_unlock+0x3a/0x55
[   21.600000]  [<ffffffff811176b2>] ? add_partial+0x2e/0x94
[   21.600000]  [<ffffffff8111d254>] ? kmem_cache_destroy+0xcb/0x223
[   21.600000]  [<ffffffff81118f3a>] list_slab_objects+0xbc/0x18e
[   21.600000]  [<ffffffff816b8358>] ? _spin_lock_irqsave+0x4e/0x6e
[   21.600000]  [<ffffffff8111d2af>] kmem_cache_destroy+0x126/0x223
[   21.600000]  [<ffffffff816b43b2>] ? printk+0x50/0x66
[   21.600000]  [<ffffffff812324a5>] avc_disable+0x2d/0x43
[   21.600000]  [<ffffffff8123bd37>] selinux_disable+0x53/0xb5
[   21.600000]  [<ffffffff8123c55c>] sel_write_disable+0xa2/0x118
[   21.600000]  [<ffffffff81127291>] vfs_write+0xc6/0x17a
[   21.600000]  [<ffffffff81127445>] sys_write+0x5b/0x98
[   21.600000]  [<ffffffff8100bf6b>] system_call_fastpath+0x16/0x1b
[   21.600000] INFO: Object 0xffff88003f9d3000 @offset=0
[   21.600000] INFO: Allocated in avc_alloc_node+0x36/0x1c0 age=2167 cpu=0 pid=0
[   21.600000] INFO: Object 0xffff88003f9d3088 @offset=136
[   21.600000] INFO: Allocated in avc_alloc_node+0x36/0x1c0 age=2167 cpu=0 pid=0
[   21.600000] INFO: Object 0xffff88003f9d3110 @offset=272
[   21.600000] INFO: Allocated in avc_alloc_node+0x36/0x1c0 age=2158 cpu=0 pid=0
[   21.600000] INFO: Object 0xffff88003f9d3198 @offset=408
[   21.600000] INFO: Allocated in avc_alloc_node+0x36/0x1c0 age=1797 cpu=0 pid=1
[   21.600000] INFO: Object 0xffff88003f9d3220 @offset=544
[   21.600000] INFO: Allocated in avc_alloc_node+0x36/0x1c0 age=1798 cpu=0 pid=1
[   21.600000] INFO: Object 0xffff88003f9d32a8 @offset=680
[   21.600000] INFO: Allocated in avc_alloc_node+0x36/0x1c0 age=1115 cpu=0 pid=1
[   21.600000] =============================================================================
[   21.600000] BUG avc_node: Objects remaining on kmem_cache_close()
[   21.600000] -----------------------------------------------------------------------------
[   21.600000]
[   21.600000] INFO: Slab 0xffffea000158b7d8 objects=30 used=4 fp=0xffff88003ead1220 flags=0x100000000000082
[   21.600000] Pid: 1, comm: init Not tainted 2.6.31-00127-g2490138-dirty #12971
[   21.600000] Call Trace:
[   21.600000]  [<ffffffff811179f7>] slab_err+0xb0/0xd2
[   21.600000]  [<ffffffff816b43b2>] ? printk+0x50/0x66
[   21.600000]  [<ffffffff812326b7>] ? avc_alloc_node+0x36/0x1c0
[   21.600000]  [<ffffffff81118f3a>] list_slab_objects+0xbc/0x18e
[   21.600000]  [<ffffffff816b8358>] ? _spin_lock_irqsave+0x4e/0x6e
[   21.600000]  [<ffffffff8111d2af>] kmem_cache_destroy+0x126/0x223
[   21.600000]  [<ffffffff816b43b2>] ? printk+0x50/0x66
[   21.600000]  [<ffffffff812324a5>] avc_disable+0x2d/0x43
[   21.600000]  [<ffffffff8123bd37>] selinux_disable+0x53/0xb5
[   21.600000]  [<ffffffff8123c55c>] sel_write_disable+0xa2/0x118
[   21.600000]  [<ffffffff81127291>] vfs_write+0xc6/0x17a
[   21.600000]  [<ffffffff81127445>] sys_write+0x5b/0x98
[   21.600000]  [<ffffffff8100bf6b>] system_call_fastpath+0x16/0x1b
[   21.600000] INFO: Object 0xffff88003ead1000 @offset=0
[   21.600000] INFO: Allocated in avc_alloc_node+0x36/0x1c0 age=2113 cpu=1 pid=13
[   21.600000] INFO: Object 0xffff88003ead1088 @offset=136
[   21.600000] INFO: Allocated in avc_alloc_node+0x36/0x1c0 age=70 cpu=1 pid=1
[   21.600000] INFO: Object 0xffff88003ead1110 @offset=272
[   21.600000] INFO: Allocated in avc_alloc_node+0x36/0x1c0 age=58 cpu=1 pid=1
[   21.600000] INFO: Object 0xffff88003ead1198 @offset=408
[   21.600000] INFO: Allocated in avc_alloc_node+0x36/0x1c0 age=55 cpu=1 pid=1
[   21.950006] SLUB avc_node: kmem_cache_destroy called for cache that still has objects.
[   21.960003] Pid: 1, comm: init Not tainted 2.6.31-00127-g2490138-dirty #12971
[   21.970002] Call Trace:
[   21.972460]  [<ffffffff8111d347>] kmem_cache_destroy+0x1be/0x223
[   21.978497]  [<ffffffff816b43b2>] ? printk+0x50/0x66
[   21.980004]  [<ffffffff812324a5>] avc_disable+0x2d/0x43
[   21.985241]  [<ffffffff8123bd37>] selinux_disable+0x53/0xb5
[   21.990004]  [<ffffffff8123c55c>] sel_write_disable+0xa2/0x118
[   22.000004]  [<ffffffff81127291>] vfs_write+0xc6/0x17a
[   22.005185]  [<ffffffff81127445>] sys_write+0x5b/0x98
[   22.010013]  [<ffffffff8100bf6b>] system_call_fastpath+0x16/0x1b
[   22.025687] khelper used greatest stack depth: 4104 bytes left
[   22.030152] SELinux:  Unregistering netfilter hooks
[   22.170024] type=1404 audit(1252760072.170:2): selinux=0 auid=4294967295 ses=4294967295
INIT: version 2.86 booting
[   22.280812] CRED: Invalid credentials
[   22.284469] CRED: At kernel/cred.c:295
[   22.288212] CRED: Specified credentials: ffff88003d467500
[   22.290007] CRED: ->magic=43736564, put_addr=(null)
[   22.294874] CRED: ->usage=1, subscr=0
[   22.300003] CRED: ->*uid = { 0,0,0,0 }
[   22.303749] CRED: ->*gid = { 0,0,0,0 }
[   22.307490] CRED: ->security is (null)
[   22.310011] ------------[ cut here ]------------
[   22.314624] kernel BUG at kernel/cred.c:823!
[   22.318893] invalid opcode: 0000 [#1] SMP
[   22.320000] last sysfs file:
[   22.320000] CPU 1
[   22.320000] Modules linked in:
[   22.320000] Pid: 1, comm: init Not tainted 2.6.31-00127-g2490138-dirty #12971 System Product Name
[   22.320000] RIP: 0010:[<ffffffff8107911e>]  [<ffffffff8107911e>] __invalid_creds+0x60/0x64
[   22.320000] RSP: 0018:ffff88003ea4be88  EFLAGS: 00010292
[   22.320000] RAX: 0000000000000000 RBX: 0000000000000127 RCX: 0000000000000000
[   22.320000] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff88003ea4bd78
[   22.320000] RBP: ffff88003ea4beb8 R08: 00000000bb1f063d R09: 0000000000000000
[   22.320000] R10: 00000000bb1f063d R11: 0000000000018600 R12: ffffffff818e1647
[   22.320000] R13: ffff88003d467500 R14: 0000000000000004 R15: 00000000020f88f8
[   22.320000] FS:  00007f03df0ff780(0000) GS:ffff88000248f000(0000) knlGS:0000000000000000
[   22.320000] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[   22.320000] CR2: 000000311090e004 CR3: 000000003d599000 CR4: 00000000000006a0
[   22.320000] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   22.320000] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[   22.320000] Process init (pid: 1, threadinfo ffff88003ea4a000, task ffff88003ea50000)
[   22.320000] Stack:
[   22.320000]  00000000bb1f063d 00000000bb1f063d 00000000bb1f063d ffff88003d467500
[   22.320000] <0> ffff88003ea50000 00000000ffffff9c ffff88003ea4bef8 ffffffff81079a7c
[   22.320000] <0> ffffffff8106445a ffff88003d618000 00000000bb1f063d 00000000bb1f063d
[   22.320000] Call Trace:
[   22.320000]  [<ffffffff81079a7c>] prepare_creds+0x107/0x133
[   22.320000]  [<ffffffff8106445a>] ? sigprocmask+0x46/0xfb
[   22.320000]  [<ffffffff81125512>] sys_faccessat+0x46/0x1d4
[   22.320000]  [<ffffffff811256cb>] sys_access+0x2b/0x41
[   22.320000]  [<ffffffff8100bf6b>] system_call_fastpath+0x16/0x1b
[   22.320000] Code: 89 da 4c 89 e6 48 c7 c7 fd 15 8e 81 31 c0 e8 5c b2 63 00 48 c7 c6 73 16 8e 81 4c 89 ef 65 48 8b 14 25 00 b0 00 00 e8 d6 fc ff ff <0f> 0b eb fe 55 48 89 e5 41 54 53 48 83 ec 10 0f 1f 44 00 00 65
[   22.320000] RIP  [<ffffffff8107911e>] __invalid_creds+0x60/0x64
[   22.320000]  RSP <ffff88003ea4be88>
[   22.520003] ---[ end trace f1d1365aeb345558 ]---
[   22.524612] Kernel panic - not syncing: Fatal exception
[   22.529826] Pid: 1, comm: init Tainted: G      D    2.6.31-00127-g2490138-dirty #12971
[   22.530001] Call Trace:
[   22.540008]  [<ffffffff816b42b2>] panic+0x89/0x139
[   22.544790]  [<ffffffff816b9686>] oops_end+0xb9/0xe0
[   22.550003]  [<ffffffff816b9746>] ? oops_begin+0x99/0xb7
[   22.555311]  [<ffffffff8100fd81>] die+0x6d/0x8c
[   22.559839]  [<ffffffff816b8ff8>] do_trap+0x11f/0x142
[   22.560004]  [<ffffffff81077d7d>] ? notify_die+0x3d/0x53
[   22.570004]  [<ffffffff8100db30>] do_invalid_op+0xab/0xcb
[   22.575397]  [<ffffffff8107911e>] ? __invalid_creds+0x60/0x64
[   22.580004]  [<ffffffff8100cd95>] invalid_op+0x15/0x20
[   22.585138]  [<ffffffff8107911e>] ? __invalid_creds+0x60/0x64
[   22.590004]  [<ffffffff8107911e>] ? __invalid_creds+0x60/0x64
[   22.595744]  [<ffffffff81079a7c>] prepare_creds+0x107/0x133
[   22.600004]  [<ffffffff8106445a>] ? sigprocmask+0x46/0xfb
[   22.605397]  [<ffffffff81125512>] sys_faccessat+0x46/0x1d4
[   22.610004]  [<ffffffff811256cb>] sys_access+0x2b/0x41
[   22.615137]  [<ffffffff8100bf6b>] system_call_fastpath+0x16/0x1b
[   22.620006] Rebooting in 1 seconds..Press any key to enter the menu

Signed-off-by: Ingo Molnar <mingo@...e.hu>
---
 security/selinux/avc.c         |    6 ------
 security/selinux/hooks.c       |    3 ---
 security/selinux/include/avc.h |    3 ---
 3 files changed, 0 insertions(+), 12 deletions(-)

diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index e3d1901..d07cd64 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -855,9 +855,3 @@ u32 avc_policy_seqno(void)
 {
 	return avc_cache.latest_notif;
 }
-
-void avc_disable(void)
-{
-	if (avc_node_cachep)
-		kmem_cache_destroy(avc_node_cachep);
-}
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 417f7c9..d7afdb1 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -5830,9 +5830,6 @@ int selinux_disable(void)
 	selinux_disabled = 1;
 	selinux_enabled = 0;
 
-	/* Try to destroy the avc node cache */
-	avc_disable();
-
 	/* Reset security_ops to the secondary module, dummy or capability. */
 	security_ops = secondary_ops;
 
diff --git a/security/selinux/include/avc.h b/security/selinux/include/avc.h
index e94e82f..e57f2ba 100644
--- a/security/selinux/include/avc.h
+++ b/security/selinux/include/avc.h
@@ -92,9 +92,6 @@ int avc_add_callback(int (*callback)(u32 event, u32 ssid, u32 tsid,
 int avc_get_hash_stats(char *page);
 extern unsigned int avc_cache_threshold;
 
-/* Attempt to free avc node cache */
-void avc_disable(void);
-
 #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS
 DECLARE_PER_CPU(struct avc_cache_stats, avc_cache_stats);
 #endif

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ