From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752177Ab0BGH5W (ORCPT ); Sun, 7 Feb 2010 02:57:22 -0500 Received: from zeniv.linux.org.uk ([195.92.253.2]:48100 "EHLO ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751906Ab0BGH5U (ORCPT ); Sun, 7 Feb 2010 02:57:20 -0500 Date: Sun, 7 Feb 2010 07:56:58 +0000 From: Al Viro To: James Morris Cc: Linus Torvalds , Xiaotian Feng , Eric Paris , linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, serue@linux.vnet.ibm.com, Eugene Teo , Mimi Zohar Subject: Re: [GIT][IMA] fix null pointer deref Message-ID: <20100207075658.GF30031@ZenIV.linux.org.uk> References: <1265364881-8140-1-git-send-email-dfeng@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.20 (2009-08-17) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Feb 07, 2010 at 06:34:51PM +1100, James Morris wrote: > Linus, > > Please pull this bugfix. I've verified that it fixes the null pointer > deref. NAK. In that form it's simply wrong; we should never get there with NULL file->f_dentry->d_inode at all. This is papering over the real bug; I'll post a saner fix shortly. The real problem is BS hiding of ima_file_free() inside a hook, with condition that kinda-sorta happens to avoid bogus call most of the time. ima_path_check() side is also of BUG_ON() variety (and isn't triggered).