From: John Stultz <johnstul@us.ibm.com>
To: Paul Moore <paul@paul-moore.com>
Cc: lkml <linux-kernel@vger.kernel.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
James Morris <james.l.morris@oracle.com>,
selinux@tycho.nsa.gov
Subject: Re: NULL pointer dereference in selinux_ip_postroute_compat
Date: Tue, 07 Aug 2012 15:31:21 -0700 [thread overview]
Message-ID: <50219739.7080505@us.ibm.com> (raw)
In-Reply-To: <50219628.1080909@linaro.org>
On 08/07/2012 03:26 PM, John Stultz wrote:
> On 08/07/2012 03:01 PM, Paul Moore wrote:
>> On Tue, Aug 7, 2012 at 5:58 PM, John Stultz <john.stultz@linaro.org>
>> wrote:
>>> On 08/07/2012 02:50 PM, Paul Moore wrote:
>>>> On Tue, Aug 7, 2012 at 2:12 PM, John Stultz <john.stultz@linaro.org>
>>>> wrote:
>>>>> Hi,
>>>>> With my kvm environment using 3.6-rc1+, I'm seeing NULL pointer
>>>>> dereferences in selinux_ip_postroute_compat(). It looks like the
>>>>> sksec
>>>>> value
>>>>> is null and we die in the following line:
>>>>>
>>>>> if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto))
>>>>>
>>>>> This triggers every time I shutdown the machine, but has also
>>>>> triggered
>>>>> randomly after a few hours.
>>>>>
>>>>> This is on an ubuntu 12.04 image, not using selinux.
>>>> NOTE: Adding the SELinux list to the CC line
>>> Thanks!
>>>
>>>> Hi,
>>>>
>>>> I'm trying to understand this and I was hoping you could you clarify a
>>>> few things for me:
>>>>
>>>> * Is the panic in the Ubuntu 12.04 guest, or the host? If the host,
>>>> could you share what distribution you are using?
>>> Sorry, its a 12.04 guest. I think the host is Ubuntu 12.04 as well.
>>>
>>>
>>>> * When you say you are not using SELinux, could you be more specific?
>>>> It seems odd that you are not using SELinux but the panic is happening
>>>> in a SELinux hook.
>>> I just mean that, being Ubuntu, the system (userland) isn't
>>> configured to
>>> use selinux. SELinux is just enabled in the kernel config.
>> Thanks for the quick response, I'll setup an Ubuntu guest and see if I
>> can reproduce this ... something is odd. Anything non-standard about
>> your guest install or anything else you think might be helpful?
> Don't think so. Just a standard 64bit ubuntu 12.04 install.
>
> Since I'm booting kernel/initrd from the commandline, the initrd *may*
> be older then 12.04, I can't quite remember when I copied that out of
> the image. I'll see if it still triggers if I copy the current initrd
> out.
Nope, that's not it, I just triggered the same thing w/ the Ubuntu 12.04
initrd on the image.
thanks
-john
prev parent reply other threads:[~2012-08-07 23:24 UTC|newest]
Thread overview: 71+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-08-07 18:12 NULL pointer dereference in selinux_ip_postroute_compat John Stultz
2012-08-07 21:50 ` Paul Moore
2012-08-07 21:50 ` Paul Moore
2012-08-07 21:58 ` John Stultz
2012-08-07 22:01 ` Paul Moore
2012-08-07 22:01 ` Paul Moore
2012-08-07 22:17 ` Serge E. Hallyn
2012-08-07 22:17 ` Serge E. Hallyn
2012-08-07 22:23 ` Paul Moore
2012-08-07 22:23 ` Paul Moore
2012-08-07 22:37 ` John Stultz
2012-08-08 19:14 ` John Stultz
2012-08-08 19:26 ` Paul Moore
2012-08-08 19:26 ` Paul Moore
2012-08-08 19:38 ` Eric Dumazet
2012-08-08 19:49 ` John Stultz
2012-08-08 20:04 ` Eric Dumazet
2012-08-08 19:50 ` Paul Moore
2012-08-08 19:50 ` Paul Moore
2012-08-08 20:04 ` Eric Dumazet
2012-08-08 19:59 ` Eric Paris
2012-08-08 19:59 ` Eric Paris
2012-08-08 20:09 ` Eric Dumazet
2012-08-08 20:32 ` Eric Dumazet
2012-08-08 20:46 ` Paul Moore
2012-08-08 20:46 ` Paul Moore
2012-08-08 21:54 ` Eric Dumazet
2012-08-09 0:00 ` Casey Schaufler
2012-08-09 0:00 ` Casey Schaufler
2012-08-09 13:30 ` Paul Moore
2012-08-09 13:30 ` Paul Moore
2012-08-09 14:27 ` Eric Dumazet
2012-08-09 15:04 ` Paul Moore
2012-08-09 15:04 ` Paul Moore
2012-08-09 14:50 ` [PATCH] ipv4: tcp: security_sk_alloc() needed for unicast_sock Eric Dumazet
2012-08-09 15:07 ` Paul Moore
2012-08-09 15:07 ` Paul Moore
2012-08-09 15:36 ` Eric Dumazet
2012-08-09 15:59 ` Paul Moore
2012-08-09 15:59 ` Paul Moore
2012-08-09 16:05 ` Eric Paris
2012-08-09 16:05 ` Eric Paris
2012-08-09 16:09 ` Paul Moore
2012-08-09 16:09 ` Paul Moore
2012-08-09 17:46 ` Eric Dumazet
2012-08-09 20:06 ` Eric Paris
2012-08-09 20:19 ` Paul Moore
2012-08-09 20:19 ` Paul Moore
2012-08-09 20:19 ` Paul Moore
2012-08-09 21:29 ` Eric Dumazet
2012-08-09 21:53 ` Casey Schaufler
2012-08-09 21:53 ` Casey Schaufler
2012-08-09 22:05 ` Eric Dumazet
2012-08-09 22:26 ` Casey Schaufler
2012-08-09 22:26 ` Casey Schaufler
2012-08-09 22:26 ` Casey Schaufler
2012-08-09 23:38 ` David Miller
2012-08-09 23:56 ` [PATCH] ipv4: tcp: unicast_sock should not land outside of TCP stack Eric Dumazet
2012-08-10 4:05 ` David Miller
2012-08-08 20:35 ` NULL pointer dereference in selinux_ip_postroute_compat Paul Moore
2012-08-08 20:35 ` Paul Moore
2012-08-08 20:51 ` Eric Paris
2012-08-08 20:51 ` Eric Paris
2012-08-08 21:03 ` Paul Moore
2012-08-08 21:03 ` Paul Moore
2012-08-08 21:09 ` Eric Paris
2012-08-08 21:09 ` Eric Paris
2012-08-08 19:29 ` Eric Dumazet
2012-08-08 16:58 ` John Johansen
2012-08-07 22:26 ` John Stultz
2012-08-07 22:31 ` John Stultz [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=50219739.7080505@us.ibm.com \
--to=johnstul@us.ibm.com \
--cc=james.l.morris@oracle.com \
--cc=linux-kernel@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=selinux@tycho.nsa.gov \
--cc=serge@hallyn.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.