lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <502198B4.8040503@linaro.org>
Date:	Tue, 07 Aug 2012 15:37:40 -0700
From:	John Stultz <john.stultz@...aro.org>
To:	"Serge E. Hallyn" <serge@...lyn.com>
CC:	Paul Moore <paul@...l-moore.com>,
	lkml <linux-kernel@...r.kernel.org>,
	James Morris <james.l.morris@...cle.com>, selinux@...ho.nsa.gov
Subject: Re: NULL pointer dereference in selinux_ip_postroute_compat

On 08/07/2012 03:17 PM, Serge E. Hallyn wrote:
> Quoting Paul Moore (paul@...l-moore.com):
>> On Tue, Aug 7, 2012 at 5:58 PM, John Stultz <john.stultz@...aro.org> wrote:
>>> On 08/07/2012 02:50 PM, Paul Moore wrote:
>>>> On Tue, Aug 7, 2012 at 2:12 PM, John Stultz <john.stultz@...aro.org>
>>>> wrote:
>>>>> Hi,
>>>>>       With my kvm environment using 3.6-rc1+, I'm seeing NULL pointer
>>>>> dereferences in selinux_ip_postroute_compat(). It looks like the sksec
>>>>> value
>>>>> is null and we die in the following line:
>>>>>
>>>>>       if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto))
>>>>>
>>>>> This triggers every time I shutdown the machine, but has also triggered
>>>>> randomly after a few hours.
>>>>>
>>>>> This is on an ubuntu 12.04 image, not using selinux.
>>>> NOTE: Adding the SELinux list to the CC line
>>> Thanks!
>>>
>>>> Hi,
>>>>
>>>> I'm trying to understand this and I was hoping you could you clarify a
>>>> few things for me:
>>>>
>>>> * Is the panic in the Ubuntu 12.04 guest, or the host?  If the host,
>>>> could you share what distribution you are using?
>>> Sorry, its a 12.04 guest.  I think the host is Ubuntu 12.04 as well.
>>>
>>>
>>>> * When you say you are not using SELinux, could you be more specific?
>>>> It seems odd that you are not using SELinux but the panic is happening
>>>> in a SELinux hook.
>>> I just mean that, being Ubuntu,  the system (userland) isn't configured to
>>> use selinux.  SELinux is just enabled in the kernel config.
>> Thanks for the quick response, I'll setup an Ubuntu guest and see if I
>> can reproduce this ... something is odd.  Anything non-standard about
>> your guest install or anything else you think might be helpful?
> The problem seems to be that selinux_nf_ip_init() was called, which
> registers the selinux_ipv4_ops (and ipv6).  Those should not get registered
> if selinux ends up not being loaded (as in, if apparmor is loaded first),
> since as you've found here the selinux lsm hooks won't be called to set
> call selinux_sk_alloc_security().
This sounds about right:
root@...tvm:~# dmesg | grep SELinux
[    0.004578] SELinux:  Initializing.
[    0.005704] SELinux:  Starting in permissive mode
[    2.235034] SELinux:  Registering netfilter hooks


> I assume what's happening is that CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE was
> set to 1, but selinux ended up being set to disabled after the
> __initcall(selinux_nf_ip_init) ran?  Weird.
This looks right as well:

# zcat config.gz | grep SELINUX
CONFIG_SECURITY_SELINUX=y
CONFIG_SECURITY_SELINUX_BOOTPARAM=y
CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1
CONFIG_SECURITY_SELINUX_DISABLE=y
CONFIG_SECURITY_SELINUX_DEVELOP=y
CONFIG_SECURITY_SELINUX_AVC_STATS=y
CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
# CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX is not set
CONFIG_DEFAULT_SECURITY_SELINUX=y


Since the problem isn't completely obvious, I'm starting a bisection to 
narrow this down some more.

thanks
-john

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ