From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id t68Ij4QM003094 for ; Wed, 8 Jul 2015 14:45:04 -0400 Message-ID: <559D6FAC.4000606@schaufler-ca.com> Date: Wed, 08 Jul 2015 11:45:00 -0700 From: Casey Schaufler MIME-Version: 1.0 To: William Roberts Subject: Re: Linux 4.2-rc1 References: <559D623D.405@schaufler-ca.com> In-Reply-To: Content-Type: multipart/alternative; boundary="------------000202050205060709080305" Cc: Greg Kroah-Hartman , Ming Lei , Linux Kernel Mailing List , Shuah Khan , Shuah Khan , SE Linux , Linus Torvalds List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: This is a multi-part message in MIME format. --------------000202050205060709080305 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit On 7/8/2015 11:07 AM, William Roberts wrote: > > > On Wed, Jul 8, 2015 at 10:47 AM, Casey Schaufler > > wrote: > > On 7/8/2015 10:29 AM, Linus Torvalds wrote: > > On Wed, Jul 8, 2015 at 10:17 AM, Linus Torvalds > > > wrote: > >> Decoding the "Code:" line shows that this is the "->fw_id" > dereference in > >> > >> if (add_uevent_var(env, "FIRMWARE=%s", > fw_priv->buf->fw_id)) > >> return -ENOMEM; > >> > >> and that "fw_priv->buf" pointer is NULL. > >> > >> However, I don't see anything that looks like it should have > changed > >> any of this since 4.1. > > Looking at the otehr uses of "fw_priv->buf", they all check that > > pointer for NULL. I see code like > > > > fw_buf = fw_priv->buf; > > if (!fw_buf) > > goto out; > > > > etc. > > > > Also, it looks like you need to hold the "fw_lock" to even look at > > that pointer, since the buffer can get reallocated etc. > > > > So that uevent code really looks buggy. It just doesn't look like a > > *new* bug to me. That code looks old, going back to 2012 and commit > > 1244691c73b2. > > There have been SELinux changes to kernfs for 4.2. William, > you might want to have a look here. > > > My changes were never merged AFAIK and can tell. I was still working > on this > but we had some changes internally to SELinux that let us handle this, > although > we should correct this on kernfs at some point, its low priority for > me now. Also > commit fb029 makes kernfs_get_inode() public, so I need to rethink > some things. OK, false alarm. Not an SELinux issue. It might be useful to see if the problem occurs with AppArmor off. > > > > > > > Ming Lei? > > > > Linus > > -- > > To unsubscribe from this list: send the line "unsubscribe > linux-kernel" in > > the body of a message to majordomo@vger.kernel.org > > > More majordomo info at http://vger.kernel.org/majordomo-info.html > > Please read the FAQ at http://www.tux.org/lkml/ > > > > _______________________________________________ > Selinux mailing list > Selinux@tycho.nsa.gov > To unsubscribe, send email to Selinux-leave@tycho.nsa.gov > . > To get help, send an email containing "help" to > Selinux-request@tycho.nsa.gov . > > > > > -- > Respectfully, > > William C Roberts > --------------000202050205060709080305 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 8bit
On 7/8/2015 11:07 AM, William Roberts wrote:


On Wed, Jul 8, 2015 at 10:47 AM, Casey Schaufler <casey@schaufler-ca.com> wrote:
On 7/8/2015 10:29 AM, Linus Torvalds wrote:
> On Wed, Jul 8, 2015 at 10:17 AM, Linus Torvalds
> <torvalds@linux-foundation.org> wrote:
>> Decoding the "Code:" line shows that this is the "->fw_id" dereference in
>>
>>         if (add_uevent_var(env, "FIRMWARE=%s", fw_priv->buf->fw_id))
>>                 return -ENOMEM;
>>
>> and that "fw_priv->buf" pointer is NULL.
>>
>> However, I don't see anything that looks like it should have changed
>> any of this since 4.1.
> Looking at the otehr uses of "fw_priv->buf", they all check that
> pointer for NULL. I see code like
>
>         fw_buf = fw_priv->buf;
>         if (!fw_buf)
>                 goto out;
>
> etc.
>
> Also, it looks like you need to hold the "fw_lock" to even look at
> that pointer, since the buffer can get reallocated etc.
>
> So that uevent code really looks buggy. It just doesn't look like a
> *new* bug to me. That code looks old, going back to 2012 and commit
> 1244691c73b2.

There have been SELinux changes to kernfs for 4.2. William,
you might want to have a look here.

My changes were never merged AFAIK and can tell. I was still working on this
but we had some changes internally to SELinux that let us handle this, although
we should correct this on kernfs at some point, its low priority for me now. Also
commit fb029 makes kernfs_get_inode() public, so I need to rethink some things.
OK, false alarm. Not an SELinux issue. It might be useful
to see if the problem occurs with AppArmor off.
 

>
> Ming Lei?
>
>                  Linus
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/
>

_______________________________________________
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
To get help, send an email containing "help" to Selinux-request@tycho.nsa.gov.



--
Respectfully,

William C Roberts


--------------000202050205060709080305--