lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 19 Aug 2020 21:21:29 -0400
From:   Paul Moore <paul@...l-moore.com>
To:     Stephen Rothwell <sfr@...b.auug.org.au>
Cc:     Stephen Smalley <stephen.smalley.work@...il.com>,
        Andy Shevchenko <andy.shevchenko@...il.com>,
        Naresh Kamboju <naresh.kamboju@...aro.org>,
        Linux-Next Mailing List <linux-next@...r.kernel.org>,
        X86 ML <x86@...nel.org>, selinux@...r.kernel.org,
        open list <linux-kernel@...r.kernel.org>,
        lkft-triage@...ts.linaro.org,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Stephen Smalley <sds@...ho.nsa.gov>,
        Eric Paris <eparis@...isplace.org>,
        Ondrej Mosnacek <omosnace@...hat.com>, rgb@...hat.com,
        Kees Cook <keescook@...omium.org>,
        Casey Schaufler <casey@...aufler-ca.com>,
        YueHaibing <yuehaibing@...wei.com>, jeffv@...gle.com,
        Kent Overstreet <kent.overstreet@...il.com>
Subject: Re: Linux-next: Kernel panic - not syncing: Fatal exception in
 interrupt - RIP: 0010:security_port_sid

On Wed, Aug 19, 2020 at 6:31 PM Stephen Rothwell <sfr@...b.auug.org.au> wrote:
> Hi all,
>
> On Wed, 19 Aug 2020 11:12:44 -0400 Stephen Smalley <stephen.smalley.work@...il.com> wrote:
> >
> > Fix can be found at:https://patchwork.kernel.org/patch/11724203/
> > <https://patchwork.kernel.org/patch/11724203/>
>
> Thanks.
>
> I will add that to the selinux tree merge in linux-next until it turns
> up in the tree.

FYI, I just merged that patch into the selinux/next tree.

  commit 37ea433c66070fcef09c6d118492c36299eb72ba
  Author: Stephen Smalley <stephen.smalley.work@...il.com>
  Date:   Wed Aug 19 09:45:41 2020 -0400

   selinux: avoid dereferencing the policy prior to initialization

   Certain SELinux security server functions (e.g. security_port_sid,
   called during bind) were not explicitly testing to see if SELinux
   has been initialized (i.e. initial policy loaded) and handling
   the no-policy-loaded case.  In the past this happened to work
   because the policydb was statically allocated and could always
   be accessed, but with the recent encapsulation of policy state
   and conversion to dynamic allocation, we can no longer access
   the policy state prior to initialization.  Add a test of
   !selinux_initialized(state) to all of the exported functions that
   were missing them and handle appropriately.

   Fixes: 461698026ffa ("selinux: encapsulate policy state, refactor ...")
   Reported-by: Naresh Kamboju <naresh.kamboju@...aro.org>
   Tested-by: Andy Shevchenko <andy.shevchenko@...il.com>
   Signed-off-by: Stephen Smalley <stephen.smalley.work@...il.com>
   Signed-off-by: Paul Moore <paul@...l-moore.com>

-- 
paul moore
www.paul-moore.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ