Dear All, we found One Kernel Crash issue in cipso_v4_sock_delattr :- As Cipso supports only inet sockets so cipso_v4_sock_delattr will crash when try to access any other socket type. cipso_v4_sock_delattr access sk_inet->inet_opt which may contain not NULL but invalid address. we found this issue with netlink socket.(reproducible by trinity using sendto system call .) Crash Logs : [0-182.2400] [] (cipso_v4_sock_delattr+0x0/0x74) from [] (netlbl_sock_delattr+0x18/0x1c) [0-182.2497] r4:00000000 r3:c07872f8 [0-182.2531] [] (netlbl_sock_delattr+0x0/0x1c) from [] (smack_netlabel+0x88/0x9c) [0-182.2622] [] (smack_netlabel+0x0/0x9c) from [] (smack_netlabel_send+0x12c/0x144) [0-182.2714] r7 9ce9500 r6 7b67ef4 r5:c076f408 r4 8903dc0 [0-182.2770] [] (smack_netlabel_send+0x0/0x144) from [] (smack_socket_sendmsg+0x54/0x60) [0-182.2866] [] (smack_socket_sendmsg+0x0/0x60) from [] (security_socket_sendmsg+0x28/0x2c) [0-182.2966] [] (security_socket_sendmsg+0x0/0x2c) from [] (sock_sendmsg+0x68/0xc0) [0-182.3058] [] (sock_sendmsg+0x0/0xc0) from [] (SyS_sendto+0xd8/0x110) Signed-off-by: Vaneet Narang Signed-off-by: Maninder Singh Reviewed-by : Ajeet Yadav --- net/netlabel/netlabel_kapi.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c index 7c94aed..7a2c6f5 100755 --- a/net/netlabel/netlabel_kapi.c +++ b/net/netlabel/netlabel_kapi.c @@ -700,7 +700,13 @@ socket_setattr_return: */ void netlbl_sock_delattr(struct sock *sk) { - cipso_v4_sock_delattr(sk); + switch (sk->sk_family) { + case AF_INET: + cipso_v4_sock_delattr(sk); + break; + default: + break; + } } /** -- 1.7.9.5 Thanks and Regards, Maninder Singh{.n++%ݶw{.n+{G{ayʇڙ,jfhz_(階ݢj"mG?&~iOzv^m ?I