From: Andrew Morton <akpm@linux-foundation.org>
To: David Howells <dhowells@redhat.com>
Cc: torvalds@linux-foundation.org,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org,
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Subject: Re: [PATCH 1/2] CRED: Fix BUG() upon security_cred_alloc_blank() failure
Date: Mon, 7 Feb 2011 15:23:30 -0800 [thread overview]
Message-ID: <20110207152330.3771a11c.akpm@linux-foundation.org> (raw)
In-Reply-To: <20110207133610.18389.5602.stgit@warthog.procyon.org.uk>
On Mon, 07 Feb 2011 13:36:10 +0000
David Howells <dhowells@redhat.com> wrote:
> In cred_alloc_blank() since 2.6.32, abort_creds(new) is called with
> new->security == NULL and new->magic == 0 when security_cred_alloc_blank()
> returns an error. As a result, BUG() will be triggered if SELinux is enabled
> or CONFIG_DEBUG_CREDENTIALS=y.
>
> If CONFIG_DEBUG_CREDENTIALS=y, BUG() is called from __invalid_creds() because
> cred->magic == 0. Failing that, BUG() is called from selinux_cred_free()
> because selinux_cred_free() is not expecting cred->security == NULL. This does
> not affect smack_cred_free(), tomoyo_cred_free() or apparmor_cred_free().
>
> Fix these bugs by
>
> (1) Set new->magic before calling security_cred_alloc_blank().
>
> (2) Handle null cred->security in creds_are_invalid() and selinux_cred_free().
You don't feel that these two patches should be backported into -stable?
next prev parent reply other threads:[~2011-02-07 23:24 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-02-07 13:36 [PATCH 1/2] CRED: Fix BUG() upon security_cred_alloc_blank() failure David Howells
2011-02-07 13:36 ` [PATCH 2/2] CRED: Fix memory and refcount leaks upon security_prepare_creds() failure David Howells
2011-02-07 23:57 ` David Howells
2011-02-07 23:23 ` Andrew Morton [this message]
2011-02-07 23:56 ` [PATCH 1/2] CRED: Fix BUG() upon security_cred_alloc_blank() failure David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110207152330.3771a11c.akpm@linux-foundation.org \
--to=akpm@linux-foundation.org \
--cc=dhowells@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=penguin-kernel@I-love.SAKURA.ne.jp \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.