[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1641293.WO3hAXq7Ps@sifl>
Date: Tue, 07 Aug 2012 18:23:55 -0400
From: Paul Moore <paul@...l-moore.com>
To: "Serge E. Hallyn" <serge@...lyn.com>
Cc: John Stultz <john.stultz@...aro.org>,
lkml <linux-kernel@...r.kernel.org>,
James Morris <james.l.morris@...cle.com>, selinux@...ho.nsa.gov
Subject: Re: NULL pointer dereference in selinux_ip_postroute_compat
On Tuesday, August 07, 2012 10:17:32 PM Serge E. Hallyn wrote:
> Quoting Paul Moore (paul@...l-moore.com):
> > On Tue, Aug 7, 2012 at 5:58 PM, John Stultz <john.stultz@...aro.org>
wrote:
> > > On 08/07/2012 02:50 PM, Paul Moore wrote:
> > >> On Tue, Aug 7, 2012 at 2:12 PM, John Stultz <john.stultz@...aro.org>
> > >>
> > >> wrote:
> > >>> Hi,
> > >>>
> > >>> With my kvm environment using 3.6-rc1+, I'm seeing NULL pointer
> > >>>
> > >>> dereferences in selinux_ip_postroute_compat(). It looks like the sksec
> > >>> value
> > >>>
> > >>> is null and we die in the following line:
> > >>> if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto))
> > >>>
> > >>> This triggers every time I shutdown the machine, but has also
> > >>> triggered
> > >>> randomly after a few hours.
> > >>>
> > >>> This is on an ubuntu 12.04 image, not using selinux.
> > >>
> > >> NOTE: Adding the SELinux list to the CC line
> > >
> > > Thanks!
> > >
> > >> Hi,
> > >>
> > >> I'm trying to understand this and I was hoping you could you clarify a
> > >> few things for me:
> > >>
> > >> * Is the panic in the Ubuntu 12.04 guest, or the host? If the host,
> > >> could you share what distribution you are using?
> > >
> > > Sorry, its a 12.04 guest. I think the host is Ubuntu 12.04 as well.
> > >
> > >> * When you say you are not using SELinux, could you be more specific?
> > >> It seems odd that you are not using SELinux but the panic is happening
> > >> in a SELinux hook.
> > >
> > > I just mean that, being Ubuntu, the system (userland) isn't configured
> > > to
> > > use selinux. SELinux is just enabled in the kernel config.
> >
> > Thanks for the quick response, I'll setup an Ubuntu guest and see if I
> > can reproduce this ... something is odd. Anything non-standard about
> > your guest install or anything else you think might be helpful?
>
> The problem seems to be that selinux_nf_ip_init() was called, which
> registers the selinux_ipv4_ops (and ipv6). Those should not get registered
> if selinux ends up not being loaded (as in, if apparmor is loaded first),
> since as you've found here the selinux lsm hooks won't be called to set
> call selinux_sk_alloc_security().
>
> I assume what's happening is that CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE
> was set to 1, but selinux ended up being set to disabled after the
> __initcall(selinux_nf_ip_init) ran? Weird.
Yeah, nothing obvious is jumping out at me in the code except for some weird
race condition like you mention above. I'm downloading an Ubuntu ISO right
now, it should be ready to play with tomorrow morning.
--
paul moore
www.paul-moore.com
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists