public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed
* [PATCH] Security: List corruption occured during file system automation test
@ 2014-09-16  8:55 Shivnandan Kumar
  0 siblings, 0 replies; 5+ messages in thread
From: Shivnandan Kumar @ 2014-09-16  8:55 UTC (permalink / raw)
  To: Shivnandan Kumar, Stephen Smalley, eparis@parisplace.org,
	viro@zeniv.linux.org.uk, james.l.morris@oracle.com,
	selinux@tycho.nsa.gov, linux-kernel@vger.kernel.org
  Cc: cpgs ., Ashish Kalra, Mohammad Irfan Ansari, Rajat Suri

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain; charset=windows-1252, Size: 2114 bytes --]



Hi  Stephen Smalley,

Reproduction path :- 
We do random  file system operation ( e.g. - Saving, Open, Play, Delete ) of files and during this some time we  abruptly power off the device.

Thanks,
Shivnandan

------- Original Message -------
Sender : Stephen Smalley<sds@tycho.nsa.gov>
Date : Aug 26, 2014 23:46 (GMT+09:00)
Title : Re: [PATCH] Security: List corruption occured during file system automation test

Do you have a reproducer test case to trigger the bug?

On 08/21/2014 06:29 AM, Shivnandan Kumar wrote:
> Dear Eric Paris,
> 
> Sorry for the late reply.
> Yes I have back trace and I am attaching it.
> 
> First time the issue is reproduced then I have added some debug statement in the 
> file kernel/security/selinux/hooks.c to narrow down the problem  and then we 
> reproduce the issue again.
> I am attaching  complete back trace as well as my additional debug patch for 
> your reference.
> 
> Thanks,
> 
> Shivnandan
> 
> ------- *Original Message* -------
> 
> *Sender* : Eric Paris
> 
> *Date* : Aug 14, 2014 05:27 (GMT+09:00)
> 
> *Title* : Re: [PATCH] Security: List corruption occured during file system 
> automation test
> 
> Do you have a backtrace?
> 
> On Wed, Aug 13, 2014 at 8:30 AM, Al Viro wrote:
>  > On Wed, Aug 13, 2014 at 05:04:13PM +0530, shivnandan.k@samsung.com wrote:
>  >> From: Shivnandan Kumar
>  >>
>  >> List element was freed by  inode_free_security and then it uses rcu
>  >> element to point inode_free_rcu, since it inside a union so it
>  >> shares memory, sb_finish_set_opts now also try to free list element,
>  >
>  > How in hell does it find that element?
> 
> Thanks and Regards,
> 
> Shivnandan Kumar
> 
> 
> 
> _______________________________________________
> Selinux mailing list
> Selinux@tycho.nsa.gov
> To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
> To get help, send an email containing "help" to Selinux-request@tycho.nsa.gov.
> 





Thanks and Regards,
Shivnandan Kumarÿôèº{.nÇ+‰·Ÿ®‰­†+%ŠËÿ±éݶ\x17¥Šwÿº{.nÇ+‰·¥Š{±þG«éÿŠ{ayº\x1dʇڙë,j\a­¢f£¢·hšïêÿ‘êçz_è®\x03(­éšŽŠÝ¢j"ú\x1a¶^[m§ÿÿ¾\a«þG«éÿ¢¸?™¨è­Ú&£ø§~á¶iO•æ¬z·švØ^\x14\x04\x1a¶^[m§ÿÿÃ\fÿ¶ìÿ¢¸?–I¥

^ permalink raw reply	[flat|nested] 5+ messages in thread
* [PATCH] Security: List corruption occured during file system automation test
@ 2014-08-13 11:34 shivnandan.k
  2014-08-13 12:30 ` Al Viro
  0 siblings, 1 reply; 5+ messages in thread
From: shivnandan.k @ 2014-08-13 11:34 UTC (permalink / raw)
  To: sds, james.l.morris, eparis, selinux
  Cc: cpgs, shivnandan.k, ashish.kalra, mohammad.a2, rajat.suri,
	shiv.jnumca08, linux-kernel, vidushi.koul, narendra.m1

From: Shivnandan Kumar <shivnandan.k@samsung.com>

List element was freed by  inode_free_security and then it uses rcu
element to point inode_free_rcu, since it inside a union so it
shares memory, sb_finish_set_opts now also try to free list element,
but since it is overriden by rcu element , it found list is corrupted
which leads to kernel panic, We have removed union element so now
memory is not shared by list and rcu element

Signed-off-by: Shivnandan Kumar <shivnandan.k@samsung.com>
---
 selinux/include/objsec.h |    6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/selinux/include/objsec.h b/selinux/include/objsec.h
index 7b1830b..2ba21ca 100644
--- a/selinux/include/objsec.h
+++ b/selinux/include/objsec.h
@@ -38,10 +38,8 @@ struct task_security_struct {
 
 struct inode_security_struct {
 	struct inode *inode;	/* back pointer to inode object */
-	union {
-		struct list_head list;	/* list of inode_security_struct */
-		struct rcu_head rcu;	/* for freeing the inode_security_struct */
-	};
+	struct list_head list;	/* list of inode_security_struct */
+	struct rcu_head rcu;	/* for freeing the inode_security_struct */
 	u32 task_sid;		/* SID of creating task */
 	u32 sid;		/* SID of this object */
 	u16 sclass;		/* security class of this object */
-- 
1.7.9.5


^ permalink raw reply related	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2014-09-16  8:55 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <83.72.04938.152E7145@epcpsbgx1.samsung.com>
2014-09-16  7:34 ` [PATCH] Security: List corruption occured during file system automation test Al Viro
2014-09-16  8:55 Shivnandan Kumar
  -- strict thread matches above, loose matches on Subject: below --
2014-08-13 11:34 shivnandan.k
2014-08-13 12:30 ` Al Viro
2014-08-13 20:27   ` Eric Paris

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox