From: "Serge E. Hallyn" <serge@hallyn.com>
To: Paul Moore <paul@paul-moore.com>
Cc: John Stultz <john.stultz@linaro.org>,
lkml <linux-kernel@vger.kernel.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
James Morris <james.l.morris@oracle.com>,
selinux@tycho.nsa.gov
Subject: Re: NULL pointer dereference in selinux_ip_postroute_compat
Date: Tue, 7 Aug 2012 22:17:32 +0000 [thread overview]
Message-ID: <20120807221731.GA25441@mail.hallyn.com> (raw)
In-Reply-To: <CAHC9VhTd-d9NgWoU6_o9qw0bq4ZbuTEj8E_jRYyDXPWQaLLdog@mail.gmail.com>
Quoting Paul Moore (paul@paul-moore.com):
> On Tue, Aug 7, 2012 at 5:58 PM, John Stultz <john.stultz@linaro.org> wrote:
> > On 08/07/2012 02:50 PM, Paul Moore wrote:
> >>
> >> On Tue, Aug 7, 2012 at 2:12 PM, John Stultz <john.stultz@linaro.org>
> >> wrote:
> >>>
> >>> Hi,
> >>> With my kvm environment using 3.6-rc1+, I'm seeing NULL pointer
> >>> dereferences in selinux_ip_postroute_compat(). It looks like the sksec
> >>> value
> >>> is null and we die in the following line:
> >>>
> >>> if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto))
> >>>
> >>> This triggers every time I shutdown the machine, but has also triggered
> >>> randomly after a few hours.
> >>>
> >>> This is on an ubuntu 12.04 image, not using selinux.
> >>
> >> NOTE: Adding the SELinux list to the CC line
> >
> > Thanks!
> >
> >> Hi,
> >>
> >> I'm trying to understand this and I was hoping you could you clarify a
> >> few things for me:
> >>
> >> * Is the panic in the Ubuntu 12.04 guest, or the host? If the host,
> >> could you share what distribution you are using?
> >
> > Sorry, its a 12.04 guest. I think the host is Ubuntu 12.04 as well.
> >
> >
> >> * When you say you are not using SELinux, could you be more specific?
> >> It seems odd that you are not using SELinux but the panic is happening
> >> in a SELinux hook.
> >
> > I just mean that, being Ubuntu, the system (userland) isn't configured to
> > use selinux. SELinux is just enabled in the kernel config.
>
> Thanks for the quick response, I'll setup an Ubuntu guest and see if I
> can reproduce this ... something is odd. Anything non-standard about
> your guest install or anything else you think might be helpful?
The problem seems to be that selinux_nf_ip_init() was called, which
registers the selinux_ipv4_ops (and ipv6). Those should not get registered
if selinux ends up not being loaded (as in, if apparmor is loaded first),
since as you've found here the selinux lsm hooks won't be called to set
call selinux_sk_alloc_security().
I assume what's happening is that CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE was
set to 1, but selinux ended up being set to disabled after the
__initcall(selinux_nf_ip_init) ran? Weird.
-serge
next prev parent reply other threads:[~2012-08-07 22:16 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-08-07 18:12 NULL pointer dereference in selinux_ip_postroute_compat John Stultz
2012-08-07 21:50 ` Paul Moore
2012-08-07 21:58 ` John Stultz
2012-08-07 22:01 ` Paul Moore
2012-08-07 22:17 ` Serge E. Hallyn [this message]
2012-08-07 22:23 ` Paul Moore
2012-08-07 22:37 ` John Stultz
2012-08-08 19:14 ` John Stultz
2012-08-08 19:26 ` Paul Moore
2012-08-08 19:38 ` Eric Dumazet
2012-08-08 19:49 ` John Stultz
2012-08-08 20:04 ` Eric Dumazet
2012-08-08 19:50 ` Paul Moore
2012-08-08 20:04 ` Eric Dumazet
2012-08-08 19:59 ` Eric Paris
2012-08-08 20:09 ` Eric Dumazet
2012-08-08 20:32 ` Eric Dumazet
2012-08-08 20:46 ` Paul Moore
2012-08-08 21:54 ` Eric Dumazet
2012-08-09 0:00 ` Casey Schaufler
2012-08-09 13:30 ` Paul Moore
2012-08-09 14:27 ` Eric Dumazet
2012-08-09 15:04 ` Paul Moore
2012-08-09 14:50 ` [PATCH] ipv4: tcp: security_sk_alloc() needed for unicast_sock Eric Dumazet
2012-08-09 15:07 ` Paul Moore
2012-08-09 15:36 ` Eric Dumazet
2012-08-09 15:59 ` Paul Moore
2012-08-09 16:05 ` Eric Paris
2012-08-09 16:09 ` Paul Moore
2012-08-09 17:46 ` Eric Dumazet
2012-08-09 20:06 ` Eric Paris
2012-08-09 20:19 ` Paul Moore
2012-08-09 21:29 ` Eric Dumazet
2012-08-09 21:53 ` Casey Schaufler
2012-08-09 22:05 ` Eric Dumazet
2012-08-09 22:26 ` Casey Schaufler
2012-08-09 23:38 ` David Miller
2012-08-09 23:56 ` [PATCH] ipv4: tcp: unicast_sock should not land outside of TCP stack Eric Dumazet
2012-08-10 4:05 ` David Miller
2012-08-08 20:35 ` NULL pointer dereference in selinux_ip_postroute_compat Paul Moore
2012-08-08 20:51 ` Eric Paris
2012-08-08 21:03 ` Paul Moore
2012-08-08 21:09 ` Eric Paris
2012-08-08 19:29 ` Eric Dumazet
2012-08-08 16:58 ` John Johansen
2012-08-07 22:26 ` John Stultz
2012-08-07 22:31 ` John Stultz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120807221731.GA25441@mail.hallyn.com \
--to=serge@hallyn.com \
--cc=james.l.morris@oracle.com \
--cc=john.stultz@linaro.org \
--cc=linux-kernel@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox