From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752871AbbC3LJH (ORCPT ); Mon, 30 Mar 2015 07:09:07 -0400 Received: from mailout2.samsung.com ([203.254.224.25]:53408 "EHLO mailout2.samsung.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752679AbbC3LJE (ORCPT ); Mon, 30 Mar 2015 07:09:04 -0400 X-AuditID: cbfee68e-f79b46d000002b74-6b-55192ecd45f8 Date: Mon, 30 Mar 2015 11:09:00 +0000 (GMT) From: Maninder Singh Subject: [Fix kernel crash in cipso_v4_sock_delattr ] To: Maninder Singh , "paul@paul-moore.com" , "davem@davemloft.net" Cc: "netdev@vger.kernel.org" , "linux-kernel@vger.kernel.org" , Vaneet Narang , AJEET YADAV Reply-to: maninder1.s@samsung.com MIME-version: 1.0 X-MTR: 20150330110804715@maninder1.s Msgkey: 20150330110804715@maninder1.s X-EPLocale: en_US.windows-1252 X-Priority: 3 X-EPWebmail-Msg-Type: personal X-EPWebmail-Reply-Demand: 0 X-EPApproval-Locale: X-EPHeader: ML X-MLAttribute: X-RootMTR: 20150330103826772@maninder1.s X-ParentMTR: 20150330104717250@maninder1.s X-ArchiveUser: X-CPGSPASS: N X-ConfirmMail: N,general Content-type: text/plain; charset=windows-1252 MIME-version: 1.0 Message-id: <1603159082.92241427713739372.JavaMail.weblogic@epmlwas01c> X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrGIsWRmVeSWpSXmKPExsWyRsSkSvesnmSowdoLIhaXd81hc2D0+LxJ LoAxissmJTUnsyy1SN8ugStjzfI97AXzRCt29f9jbGC8ItLFyMkhJKAmsWjvYzYQW0LARGJC wzxWCFtM4sK99UBxLqCapYwSh++/YIUpaj72kB0iMYdR4tnpP0AOBweLgKrEukdCIDVsAvoS Z/euYwYJCwuYSWybGgtSLiLQwygx+8QNRhCHWeA4o8TDjkNMEFcoSqy/8YQRxOYVEJQ4OfMJ C8QyFYnrtxvYIeKqEjca10HF5SSWTL3MBGHzSsxofwoXn/Z1DTOELS1xftYGRphvFn9/DBXn lzh2ewdUr4DE1DMHoWo0JWbemQ81R1ui7+MxRpj6XaeWM8Psur9lLlSvhMTWlifgQGEGun9K 90N2CNtA4siiOazofuEVcJdY8fs5C8jzEgITOSTOvnrANoFRaRaSullIZs1CMgtZzQJGllWM oqkFyQXFSelFRnrFibnFpXnpesn5uZsYgcnh9L9nfTsYbx6wPsQowMGoxMPrUC8RKsSaWFZc mXuI0RQYTxOZpUST84EpKK8k3tDYzMjC1MTU2Mjc0kxJnDdB6mewkEB6YklqdmpqQWpRfFFp TmrxIUYmDk6pBsbiZs3D+gWfpgZLSbxi+uWgsG/qyfe/foZqPHCcnRj47nvGgU7PLSs+coUG fo3QYO++ZbF/m8+akk8no2J9DzTle+2LUZno426hdNnSa06cbMTC5tOsXZu0Hh+uXdL9xmrV l115kpa98geYwvzvxNb6/bpQmbd6SRj/Lmljr3lCc4wvM+yL71FiKc5INNRiLipOBAAE1tkH CQMAAA== X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrOKsWRmVeSWpSXmKPExsVy+t/tft0zepKhBrN2WFlc3jWHzYHR4/Mm uQDGqDSbjNTElNQihdS85PyUzLx0WyXv4HjneFMzA0NdQ0sLcyWFvMTcVFslF58AXbfMHKCh SgpliTmlQKGAxOJiJX07m6L80pJUhYz84hJbpWhDcyM9IwM9UyM9Q9NYK0MDAyNToJqEtIw1 y/ewF8wTrdjV/4+xgfGKSBcjJ4eQgJrEor2P2UBsCQETieZjD9khbDGJC/fWA8W5gGrmMEo8 O/0HKMHBwSKgKrHukRBIDZuAvsTZveuYQcLCAmYS26bGgpSLCPQwSsw+cYMRxGEWOM4o8bDj EBPEMkWJ9TeeMILYvAKCEidnPmGBWKYicf12AztEXFXiRuM6qLicxJKpl5kgbF6JGe1P4eLT vq5hhrClJc7P2sAIc/Ti74+h4vwSx27vgOoVkJh65iBUjabEzDvzoeZoS/R9PMYIU7/r1HJm mF33t8yF6pWQ2NryhBXEZga6f0o3JICYBQwkjiyaw4ruF14Bd4kVv5+zTGCUnYUkNQtJ+ywk 7chqFjCyrGIUTS1ILihOSq8w0itOzC0uzUvXS87P3cQITkTPFu1g/Hfe+hCjAAejEg+vQ71E qBBrYllxZe4hRgkOZiUR3l51yVAh3pTEyqrUovz4otKc1OJDjKbAWJvILCWanA9Mknkl8YbG JuamxqYWBobm5mZK4rz/z+WGCAmkJ5akZqemFqQWwfQxcXBKNTBuPMl28m/torD/8UnBb60W Gzz7pGp16qaWapi48eGrO87eqD14YcqJ5cnBEk1SJjOCT9y/U8q96eCS9IWs16x9O4+sX3Un 5jjfK8unkYUx76Ut9S5ON/uhIqAcxyor57Jv8oV1XNmP87Sa+81E4k/tVFHoWiB9uevSkh9b mlqV77z1XyTydu4aJZbijERDLeai4kQAMX+YV1oDAAA= DLP-Filter: Pass X-CFilter-Loop: Reflected Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by nfs id t2UB9BQM017875 Dear All, we found One Kernel Crash issue in cipso_v4_sock_delattr :- As Cipso supports only inet sockets so cipso_v4_sock_delattr will crash when try to access any other socket type. cipso_v4_sock_delattr access sk_inet->inet_opt which may contain not NULL but invalid address. we found this issue with netlink socket.(reproducible by trinity using sendto system call .) Crash Logs : [0-182.2400] [] (cipso_v4_sock_delattr+0x0/0x74) from [] (netlbl_sock_delattr+0x18/0x1c) [0-182.2497] r4:00000000 r3:c07872f8 [0-182.2531] [] (netlbl_sock_delattr+0x0/0x1c) from [] (smack_netlabel+0x88/0x9c) [0-182.2622] [] (smack_netlabel+0x0/0x9c) from [] (smack_netlabel_send+0x12c/0x144) [0-182.2714] r7 9ce9500 r6 7b67ef4 r5:c076f408 r4 8903dc0 [0-182.2770] [] (smack_netlabel_send+0x0/0x144) from [] (smack_socket_sendmsg+0x54/0x60) [0-182.2866] [] (smack_socket_sendmsg+0x0/0x60) from [] (security_socket_sendmsg+0x28/0x2c) [0-182.2966] [] (security_socket_sendmsg+0x0/0x2c) from [] (sock_sendmsg+0x68/0xc0) [0-182.3058] [] (sock_sendmsg+0x0/0xc0) from [] (SyS_sendto+0xd8/0x110) Signed-off-by: Vaneet Narang Signed-off-by: Maninder Singh Reviewed-by : Ajeet Yadav --- net/netlabel/netlabel_kapi.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c index 7c94aed..7a2c6f5 100755 --- a/net/netlabel/netlabel_kapi.c +++ b/net/netlabel/netlabel_kapi.c @@ -700,7 +700,13 @@ socket_setattr_return: */ void netlbl_sock_delattr(struct sock *sk) { - cipso_v4_sock_delattr(sk); + switch (sk->sk_family) { + case AF_INET: + cipso_v4_sock_delattr(sk); + break; + default: + break; + } } /** -- 1.7.9.5 Thanks and Regards, Maninder Singh{.n++%ݶw{.n+{G{ayʇڙ,jfhz_(階ݢj"mG?&~iOzv^m ?I