From: Casey Schaufler <casey@schaufler-ca.com>
To: Paul Moore <paul@paul-moore.com>, maninder1.s@samsung.com
Cc: "davem@davemloft.net" <davem@davemloft.net>,
"netdev@vger.kernel.org" <netdev@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Vaneet Narang <v.narang@samsung.com>,
AJEET YADAV <ajeet.y@samsung.com>,
Casey Schaufler <casey@schaufler-ca.com>
Subject: Re: [Fix kernel crash in cipso_v4_sock_delattr ]
Date: Mon, 30 Mar 2015 10:25:47 -0700 [thread overview]
Message-ID: <5519871B.5020402@schaufler-ca.com> (raw)
In-Reply-To: <129817526.SFnNKPuWia@sifl>
On 3/30/2015 4:32 AM, Paul Moore wrote:
> On Monday, March 30, 2015 11:09:00 AM Maninder Singh wrote:
>> Dear All,
>> we found One Kernel Crash issue in cipso_v4_sock_delattr :-
>> As Cipso supports only inet sockets so cipso_v4_sock_delattr will crash when
>> try to access any other socket type. cipso_v4_sock_delattr access
>> sk_inet->inet_opt which may contain not NULL but invalid address. we found
>> this issue with netlink socket.(reproducible by trinity using sendto system
>> call .)
> Hello,
>
> First, please go read the Documentation/SubmittingPatches from the kernel
> sources; your patch needs to be resubmitted and the instructions in that file
> will show you how to do it correctly next time.
>
> Second, this appears to only affect Smack based systems, yes? SELinux based
> systems should have the proper checking in place to prevent this (the checks
> are handled in the LSM).
This looks like a problem that was fixed some time ago.
The current Smack code clearly checks for this. What kernel
version are you testing against?
> That said, it probably wouldn't hurt to add the
> extra checking to netlbl_sock_delattr(). If you properly resubmit your patch
> I'll ACK it.
>
> -Paul
>
next prev parent reply other threads:[~2015-03-30 17:25 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-03-30 11:09 [Fix kernel crash in cipso_v4_sock_delattr ] Maninder Singh
2015-03-30 11:09 ` Maninder Singh
2015-03-30 11:32 ` Paul Moore
2015-03-30 17:25 ` Casey Schaufler [this message]
-- strict thread matches above, loose matches on Subject: below --
2015-03-31 5:09 Maninder Singh
2015-03-31 17:52 ` Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5519871B.5020402@schaufler-ca.com \
--to=casey@schaufler-ca.com \
--cc=ajeet.y@samsung.com \
--cc=davem@davemloft.net \
--cc=linux-kernel@vger.kernel.org \
--cc=maninder1.s@samsung.com \
--cc=netdev@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=v.narang@samsung.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.