* [PATCH] Security: List corruption occured during file system automation test
@ 2014-08-13 11:34 shivnandan.k
2014-08-13 12:30 ` Al Viro
0 siblings, 1 reply; 5+ messages in thread
From: shivnandan.k @ 2014-08-13 11:34 UTC (permalink / raw)
To: sds, james.l.morris, eparis, selinux
Cc: cpgs, shivnandan.k, ashish.kalra, mohammad.a2, rajat.suri,
shiv.jnumca08, linux-kernel, vidushi.koul, narendra.m1
From: Shivnandan Kumar <shivnandan.k@samsung.com>
List element was freed by inode_free_security and then it uses rcu
element to point inode_free_rcu, since it inside a union so it
shares memory, sb_finish_set_opts now also try to free list element,
but since it is overriden by rcu element , it found list is corrupted
which leads to kernel panic, We have removed union element so now
memory is not shared by list and rcu element
Signed-off-by: Shivnandan Kumar <shivnandan.k@samsung.com>
---
selinux/include/objsec.h | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/selinux/include/objsec.h b/selinux/include/objsec.h
index 7b1830b..2ba21ca 100644
--- a/selinux/include/objsec.h
+++ b/selinux/include/objsec.h
@@ -38,10 +38,8 @@ struct task_security_struct {
struct inode_security_struct {
struct inode *inode; /* back pointer to inode object */
- union {
- struct list_head list; /* list of inode_security_struct */
- struct rcu_head rcu; /* for freeing the inode_security_struct */
- };
+ struct list_head list; /* list of inode_security_struct */
+ struct rcu_head rcu; /* for freeing the inode_security_struct */
u32 task_sid; /* SID of creating task */
u32 sid; /* SID of this object */
u16 sclass; /* security class of this object */
--
1.7.9.5
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH] Security: List corruption occured during file system automation test
2014-08-13 11:34 shivnandan.k
@ 2014-08-13 12:30 ` Al Viro
2014-08-13 20:27 ` Eric Paris
0 siblings, 1 reply; 5+ messages in thread
From: Al Viro @ 2014-08-13 12:30 UTC (permalink / raw)
To: shivnandan.k
Cc: sds, james.l.morris, eparis, selinux, cpgs, ashish.kalra,
mohammad.a2, rajat.suri, shiv.jnumca08, linux-kernel,
vidushi.koul, narendra.m1
On Wed, Aug 13, 2014 at 05:04:13PM +0530, shivnandan.k@samsung.com wrote:
> From: Shivnandan Kumar <shivnandan.k@samsung.com>
>
> List element was freed by inode_free_security and then it uses rcu
> element to point inode_free_rcu, since it inside a union so it
> shares memory, sb_finish_set_opts now also try to free list element,
How in hell does it find that element?
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] Security: List corruption occured during file system automation test
2014-08-13 12:30 ` Al Viro
@ 2014-08-13 20:27 ` Eric Paris
0 siblings, 0 replies; 5+ messages in thread
From: Eric Paris @ 2014-08-13 20:27 UTC (permalink / raw)
To: Al Viro
Cc: shivnandan.k, Stephen Smalley, James Morris, SE-Linux, cpgs,
ashish.kalra, mohammad.a2, rajat.suri, shiv.jnumca08,
Linux Kernel Mailing List, vidushi.koul, narendra.m1
Do you have a backtrace?
On Wed, Aug 13, 2014 at 8:30 AM, Al Viro <viro@zeniv.linux.org.uk> wrote:
> On Wed, Aug 13, 2014 at 05:04:13PM +0530, shivnandan.k@samsung.com wrote:
>> From: Shivnandan Kumar <shivnandan.k@samsung.com>
>>
>> List element was freed by inode_free_security and then it uses rcu
>> element to point inode_free_rcu, since it inside a union so it
>> shares memory, sb_finish_set_opts now also try to free list element,
>
> How in hell does it find that element?
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] Security: List corruption occured during file system automation test
[not found] <83.72.04938.152E7145@epcpsbgx1.samsung.com>
@ 2014-09-16 7:34 ` Al Viro
0 siblings, 0 replies; 5+ messages in thread
From: Al Viro @ 2014-09-16 7:34 UTC (permalink / raw)
To: Shivnandan Kumar
Cc: Stephen Smalley, eparis@parisplace.org, james.l.morris@oracle.com,
selinux@tycho.nsa.gov, linux-kernel@vger.kernel.org, cpgs .,
Ashish Kalra, Mohammad Irfan Ansari, Rajat Suri
On Tue, Sep 16, 2014 at 07:10:09AM +0000, Shivnandan Kumar wrote: /
> <HTML><HEAD><TITLE>Samsung Enterprise Portal mySingle</TITLE> /
[snip arseloads of unreadable HTML]
.-.. . .- .-. -.
- ---
..- ... .
.-. . .- -.. .- -... .-.. .
..-. --- .-. -- .- - ...
--..--
.-- .- -. -.- . .-.
.-.-.-
...-.-
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH] Security: List corruption occured during file system automation test
@ 2014-09-16 8:55 Shivnandan Kumar
0 siblings, 0 replies; 5+ messages in thread
From: Shivnandan Kumar @ 2014-09-16 8:55 UTC (permalink / raw)
To: Shivnandan Kumar, Stephen Smalley, eparis@parisplace.org,
viro@zeniv.linux.org.uk, james.l.morris@oracle.com,
selinux@tycho.nsa.gov, linux-kernel@vger.kernel.org
Cc: cpgs ., Ashish Kalra, Mohammad Irfan Ansari, Rajat Suri
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain; charset=windows-1252, Size: 2114 bytes --]
Hi Stephen Smalley,
Reproduction path :-
We do random file system operation ( e.g. - Saving, Open, Play, Delete ) of files and during this some time we abruptly power off the device.
Thanks,
Shivnandan
------- Original Message -------
Sender : Stephen Smalley<sds@tycho.nsa.gov>
Date : Aug 26, 2014 23:46 (GMT+09:00)
Title : Re: [PATCH] Security: List corruption occured during file system automation test
Do you have a reproducer test case to trigger the bug?
On 08/21/2014 06:29 AM, Shivnandan Kumar wrote:
> Dear Eric Paris,
>
> Sorry for the late reply.
> Yes I have back trace and I am attaching it.
>
> First time the issue is reproduced then I have added some debug statement in the
> file kernel/security/selinux/hooks.c to narrow down the problem and then we
> reproduce the issue again.
> I am attaching complete back trace as well as my additional debug patch for
> your reference.
>
> Thanks,
>
> Shivnandan
>
> ------- *Original Message* -------
>
> *Sender* : Eric Paris
>
> *Date* : Aug 14, 2014 05:27 (GMT+09:00)
>
> *Title* : Re: [PATCH] Security: List corruption occured during file system
> automation test
>
> Do you have a backtrace?
>
> On Wed, Aug 13, 2014 at 8:30 AM, Al Viro wrote:
> > On Wed, Aug 13, 2014 at 05:04:13PM +0530, shivnandan.k@samsung.com wrote:
> >> From: Shivnandan Kumar
> >>
> >> List element was freed by inode_free_security and then it uses rcu
> >> element to point inode_free_rcu, since it inside a union so it
> >> shares memory, sb_finish_set_opts now also try to free list element,
> >
> > How in hell does it find that element?
>
> Thanks and Regards,
>
> Shivnandan Kumar
>
>
>
> _______________________________________________
> Selinux mailing list
> Selinux@tycho.nsa.gov
> To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
> To get help, send an email containing "help" to Selinux-request@tycho.nsa.gov.
>
Thanks and Regards,
Shivnandan Kumarÿôèº{.nÇ+‰·Ÿ®‰†+%ŠËÿ±éݶ\x17¥Šwÿº{.nÇ+‰·¥Š{±þG«éÿŠ{ayº\x1dʇڙë,j\a¢f£¢·hšïêÿ‘êçz_è®\x03(階ŠÝ¢j"ú\x1a¶^[m§ÿÿ¾\a«þG«éÿ¢¸?™¨èÚ&£ø§~á¶iO•æ¬z·švØ^\x14\x04\x1a¶^[m§ÿÿÃ\fÿ¶ìÿ¢¸?–I¥
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2014-09-16 8:55 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <83.72.04938.152E7145@epcpsbgx1.samsung.com>
2014-09-16 7:34 ` [PATCH] Security: List corruption occured during file system automation test Al Viro
2014-09-16 8:55 Shivnandan Kumar
-- strict thread matches above, loose matches on Subject: below --
2014-08-13 11:34 shivnandan.k
2014-08-13 12:30 ` Al Viro
2014-08-13 20:27 ` Eric Paris
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox