* NULL pointer dereference in selinux_ip_postroute_compat
@ 2012-08-07 18:12 John Stultz
2012-08-07 21:50 ` Paul Moore
0 siblings, 1 reply; 47+ messages in thread
From: John Stultz @ 2012-08-07 18:12 UTC (permalink / raw)
To: lkml; +Cc: Serge E. Hallyn, James Morris
[-- Attachment #1: Type: text/plain, Size: 10405 bytes --]
Hi,
With my kvm environment using 3.6-rc1+, I'm seeing NULL pointer
dereferences in selinux_ip_postroute_compat(). It looks like the sksec
value is null and we die in the following line:
if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto))
This triggers every time I shutdown the machine, but has also triggered
randomly after a few hours.
This is on an ubuntu 12.04 image, not using selinux.
Running with the following kvm line:
kvm -nographic -smp 4 -m 1G -hda disk.img -net user -net
nic,model=virtio -redir tcp:4400::22 -kernel ./bzImage -initrd
initrd.img-1-jstultz -append
"root=UUID=b08aa86a-4b16-488f-a3de-33c2cf335bf0 ro console=ttyS0,115200n8"
Two different traces below. Config attached.
thanks
-john
Trace1 @ shutdown:
[ 69.272927] BUG: unable to handle kernel NULL pointer dereference at 0000000000000010
[ 69.273374] IP: [<ffffffff8132e7c4>] selinux_ip_postroute_compat+0xa4/0xe0
[ 69.273374] PGD 3a85b067 PUD 3f50b067 PMD 0
[ 69.273374] Oops: 0000 [#1] PREEMPT SMP
[ 69.273374] CPU 3
[ 69.273374] Pid: 2392, comm: hwclock Not tainted 3.6.0-rc1john+ #106 Bochs Bochs
[ 69.273374] RIP: 0010:[<ffffffff8132e7c4>] [<ffffffff8132e7c4>] selinux_ip_postroute_compat+0xa4/0xe0
[ 69.273374] RSP: 0018:ffff88003f003720 EFLAGS: 00010246
[ 69.273374] RAX: 0000000000000000 RBX: ffff88003f5fa9d8 RCX: 0000000000000006
[ 69.273374] RDX: ffff88003f003740 RSI: ffff88003c6b256c RDI: ffff88003f5fa9d8
[ OK ]
[ 69.273374] RBP: ffff88003f0037a0 R08: 0000000000000000 R09: ffff88003f1d0cc0
[ 69.273374] R10: 0000000000000003 R11: 0000000000000000 R12: 0000000000000000
[ 69.273374] R13: 0000000000000002 R14: ffff88003f0037c0 R15: 0000000000000004
[ 69.273374] FS: 00007fa398211700(0000) GS:ffff88003f000000(0000) knlGS:0000000000000000
[ 69.273374] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 69.273374] CR2: 0000000000000010 CR3: 000000003b52a000 CR4: 00000000000006e0
[ 69.273374] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 69.273374] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 69.273374] Process hwclock (pid: 2392, threadinfo ffff88003a0ee000, task ffff88003fa82b80)
[ 69.273374] Stack:
[ 69.273374] ffff88003c6b2558 0000000000000006 0000000000000000 0000160067d70002
[ 69.273374] 0f02000a0202000a 0000000000000000 0000000000000000 0000000000000000
[ 69.273374] ffff88003f003802 ffff88003f003728 ffff88003f1d42d0 ffff88003d6c3560
[ 69.273374] Call Trace:
[ 69.273374] <IRQ>
[ 69.273374] [<ffffffff8132eaab>] selinux_ip_postroute+0x2ab/0x3e0
[ 69.273374] [<ffffffff8132ec1c>] selinux_ipv4_postroute+0x1c/0x20
[ 69.273374] [<ffffffff8198265c>] nf_iterate+0xac/0x140
[ 69.273374] [<ffffffff8199be00>] ? ip_fragment+0xa20/0xa20
[ 69.273374] [<ffffffff819827a5>] nf_hook_slow+0xb5/0x210
[ 69.273374] [<ffffffff8199be00>] ? ip_fragment+0xa20/0xa20
[ 69.273374] [<ffffffff8199cbba>] ip_output+0xaa/0x150
[ 69.273374] [<ffffffff8199a9af>] ip_local_out+0x7f/0x110
[ 69.273374] [<ffffffff8199d82e>] ip_send_skb+0xe/0x40
[ 69.273374] [<ffffffff8199d88b>] ip_push_pending_frames+0x2b/0x30
[ 69.273374] [<ffffffff8199dc97>] ip_send_unicast_reply+0x2c7/0x3c0
[ 69.273374] [<ffffffff8117e275>] ? kmem_cache_free+0x285/0x3e0
[ 69.273374] [<ffffffff819bb215>] tcp_v4_send_reset+0x1f5/0x3f0
[ 69.273374] [<ffffffff819bf04b>] tcp_v4_rcv+0x2bb/0x1080
[ 69.273374] [<ffffffff81994d73>] ip_local_deliver_finish+0x133/0x4d0
[ 69.273374] [<ffffffff81994c9c>] ? ip_local_deliver_finish+0x5c/0x4d0
[ 69.273374] [<ffffffff819953e0>] ip_local_deliver+0x90/0xa0
[ 69.273374] [<ffffffff819945b2>] ip_rcv_finish+0x262/0x8f0
[ 69.273374] [<ffffffff81995742>] ip_rcv+0x352/0x3a0
[ 69.323844] [<ffffffff81925244>] __netif_receive_skb+0xcb4/0x10e0
[ 69.323844] [<ffffffff81924899>] ? __netif_receive_skb+0x309/0x10e0
[ 69.323844] [<ffffffff8117c176>] ? kmem_cache_alloc+0x256/0x4e0
[ 69.323844] [<ffffffff81917c24>] ? build_skb+0x34/0x1c0
[ 69.323844] [<ffffffff8192ba5d>] netif_receive_skb+0x18d/0x230
[ 69.323844] [<ffffffff81951da8>] ? eth_type_trans+0x168/0x190
[ 69.323844] [<ffffffff81746abc>] virtnet_poll+0x58c/0x7b0
[ 69.323844] [<ffffffff8192cf59>] net_rx_action+0x289/0x550
[ 69.323844] [<ffffffff8105846a>] __do_softirq+0x1da/0x560
[ 69.323844] [<ffffffff810ed8fb>] ? handle_edge_irq+0x12b/0x190
[ 69.323844] [<ffffffff81b5c2bc>] call_softirq+0x1c/0x30
[ 69.323844] [<ffffffff81004d75>] do_softirq+0x105/0x1e0
[ 69.323844] [<ffffffff81058bbe>] irq_exit+0x9e/0x100
[ 69.323844] [<ffffffff81b5c9d3>] do_IRQ+0x63/0xd0
[ 69.323844] [<ffffffff81b5a56f>] common_interrupt+0x6f/0x6f
[ 69.323844] <EOI>
[ 69.323844] [<ffffffff810b964e>] ? put_lock_stats.isra.19+0xe/0x40
[ 69.323844] [<ffffffff81115363>] ? ftrace_likely_update+0xf3/0x250
[ 69.323844] [<ffffffff810993ad>] __might_sleep+0x1cd/0x280
[ 69.323844] [<ffffffff810ad6fc>] ? getnstimeofday+0xdc/0x150
[ 69.323844] [<ffffffff81160e74>] might_fault+0x34/0xb0
[ 69.323844] [<ffffffff8105657e>] sys_gettimeofday+0xbe/0xf0
[ 69.323844] [<ffffffff81b5afe9>] system_call_fastpath+0x16/0x1b
[ 69.323844] Code: c0 45 31 c9 b1 01 ba 2a 00 00 00 e8 a7 89 ff ff 85 c0 b9 00 00 6f 00 74 0e 48 83 c4 70 89 c8 5b 41 5c 5d c3 0f 1f 00 0f b6 4d ef <41> 8b 7c 24 10 48 8d 55 c0 48 89 de e8 ab 6d 01 00 83 f8 01 19
[ 69.323844] RIP [<ffffffff8132e7c4>] selinux_ip_postroute_compat+0xa4/0xe0
[ 69.323844] RSP <ffff88003f003720>
[ 69.323844] CR2: 0000000000000010
[ 69.357489] ---[ end trace 0cd3e1a60dee6096 ]---
[ 69.358353] Kernel panic - not syncing: Fatal exception in interrupt
Trace2: After some uptime
[17169.735267] BUG: unable to handle kernel NULL pointer dereference at 0000000000000010
[17169.738338] IP: [<ffffffff8132e7c4>] selinux_ip_postroute_compat+0xa4/0xe0
[17169.738338] PGD 39a97067 PUD 3cc09067 PMD 0
[17169.738338] Oops: 0000 [#1] PREEMPT SMP
[17169.738338] CPU 3
[17169.738338] Pid: 0, comm: swapper/3 Not tainted 3.6.0-rc1john+ #106 Bochs Bochs
[17169.738338] RIP: 0010:[<ffffffff8132e7c4>] [<ffffffff8132e7c4>] selinux_ip_postroute_compat+0xa4/0xe0
[17169.738338] RSP: 0018:ffff88003f003700 EFLAGS: 00010246
[17169.738338] RAX: 0000000000000000 RBX: ffff88003a0ffd98 RCX: 0000000000000006
[17169.738338] RDX: ffff88003f003720 RSI: ffff88003980c2d4 RDI: ffff88003a0ffd98
[17169.738338] RBP: ffff88003f003780 R08: 0000000000000000 R09: ffff88003f1d0cc0
[17169.738338] R10: 0000000000000003 R11: 0000000000000000 R12: 0000000000000000
[17169.738338] R13: 0000000000000002 R14: ffff88003f0037a0 R15: 0000000000000004
[17169.738338] FS: 0000000000000000(0000) GS:ffff88003f000000(0000) knlGS:0000000000000000
[17169.738338] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[17169.738338] CR2: 0000000000000010 CR3: 0000000039bb7000 CR4: 00000000000006e0
[17169.738338] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[17169.738338] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[17169.738338] Process swapper/3 (pid: 0, threadinfo ffff88003d4da000, task ffff88003d4d82c0)
[17169.738338] Stack:
[17169.738338] ffff88003980c2c0 0000000000000006 0000000000000000 000034b450000002
[17169.738338] 0f02000a1e5bbd5b 0000000000000000 0000000000000000 0000000000000000
[17169.738338] ffff88003f003802 ffff88003f003708 ffff88003f1d42d0 ffff88003d719db0
[17169.738338] Call Trace:
[17169.738338] <IRQ>
[17169.738338] [<ffffffff8132eaab>] selinux_ip_postroute+0x2ab/0x3e0
[17169.738338] [<ffffffff8132ec1c>] selinux_ipv4_postroute+0x1c/0x20
[17169.738338] [<ffffffff8198265c>] nf_iterate+0xac/0x140
[17169.738338] [<ffffffff8199be00>] ? ip_fragment+0xa20/0xa20
[17169.738338] [<ffffffff819827a5>] nf_hook_slow+0xb5/0x210
[17169.738338] [<ffffffff8199be00>] ? ip_fragment+0xa20/0xa20
[17169.738338] [<ffffffff8199cbba>] ip_output+0xaa/0x150
[17169.738338] [<ffffffff8199a9af>] ip_local_out+0x7f/0x110
[17169.738338] [<ffffffff8199d82e>] ip_send_skb+0xe/0x40
[17169.738338] [<ffffffff8199d88b>] ip_push_pending_frames+0x2b/0x30
[17169.738338] [<ffffffff8199dc97>] ip_send_unicast_reply+0x2c7/0x3c0
[17169.738338] [<ffffffff810b9744>] ? lock_release_holdtime.part.20+0xc4/0x160
[17169.738338] [<ffffffff819bd1f6>] tcp_v4_send_ack.isra.33+0x176/0x280
[17169.738338] [<ffffffff8191f90a>] ? __skb_checksum_complete_head+0x8a/0xc0
[17169.738338] [<ffffffff819bf191>] tcp_v4_rcv+0x401/0x1080
[17169.738338] [<ffffffff81994d73>] ip_local_deliver_finish+0x133/0x4d0
[17169.738338] [<ffffffff81994c9c>] ? ip_local_deliver_finish+0x5c/0x4d0
[17169.738338] [<ffffffff819953e0>] ip_local_deliver+0x90/0xa0
[17169.738338] [<ffffffff819945b2>] ip_rcv_finish+0x262/0x8f0
[17169.738338] [<ffffffff81995742>] ip_rcv+0x352/0x3a0
[17169.738338] [<ffffffff81925244>] __netif_receive_skb+0xcb4/0x10e0
[17169.738338] [<ffffffff81924899>] ? __netif_receive_skb+0x309/0x10e0
[17169.738338] [<ffffffff8192ba5d>] netif_receive_skb+0x18d/0x230
[17169.738338] [<ffffffff81951da8>] ? eth_type_trans+0x168/0x190
[17169.738338] [<ffffffff81746abc>] virtnet_poll+0x58c/0x7b0
[17169.738338] [<ffffffff8192cf59>] net_rx_action+0x289/0x550
[17169.738338] [<ffffffff8105846a>] __do_softirq+0x1da/0x560
[17169.738338] [<ffffffff81b5c2bc>] call_softirq+0x1c/0x30
[17169.738338] [<ffffffff81004d75>] do_softirq+0x105/0x1e0
[17169.738338] [<ffffffff81058bbe>] irq_exit+0x9e/0x100
[17169.738338] [<ffffffff81b5caab>] smp_apic_timer_interrupt+0x6b/0x98
[17169.738338] [<ffffffff81b5bb2f>] apic_timer_interrupt+0x6f/0x80
[17169.738338] <EOI>
[17169.738338] [<ffffffff81037d66>] ? native_safe_halt+0x6/0x10
[17169.738338] [<ffffffff8100e5af>] default_idle+0x76f/0x780
[17169.738338] [<ffffffff8100f3e6>] cpu_idle+0x136/0x140
[17169.738338] [<ffffffff81b3aab2>] start_secondary+0x1cf/0x1d4
[17169.738338] Code: c0 45 31 c9 b1 01 ba 2a 00 00 00 e8 a7 89 ff ff 85 c0 b9 00 00 6f 00 74 0e 48 83 c4 70 89 c8 5b 41 5c 5d c3 0f 1f 00 0f b6 4d ef <41> 8b 7c 24 10 48 8d 55 c0 48 89 de e8 ab 6d 01 00 83 f8 01 19
[17169.738338] RIP [<ffffffff8132e7c4>] selinux_ip_postroute_compat+0xa4/0xe0
[17169.738338] RSP <ffff88003f003700>
[17169.738338] CR2: 0000000000000010
[17169.829670] ---[ end trace a3af16e2baf5b40e ]---
[17169.830629] Kernel panic - not syncing: Fatal exception in interrupt
[-- Attachment #2: .config --]
[-- Type: text/plain, Size: 83694 bytes --]
#
# Automatically generated file; DO NOT EDIT.
# Linux/x86_64 3.6.0-rc1 Kernel Configuration
#
CONFIG_64BIT=y
# CONFIG_X86_32 is not set
CONFIG_X86_64=y
CONFIG_X86=y
CONFIG_INSTRUCTION_DECODER=y
CONFIG_OUTPUT_FORMAT="elf64-x86-64"
CONFIG_ARCH_DEFCONFIG="arch/x86/configs/x86_64_defconfig"
CONFIG_LOCKDEP_SUPPORT=y
CONFIG_STACKTRACE_SUPPORT=y
CONFIG_HAVE_LATENCYTOP_SUPPORT=y
CONFIG_MMU=y
CONFIG_NEED_DMA_MAP_STATE=y
CONFIG_NEED_SG_DMA_LENGTH=y
CONFIG_GENERIC_ISA_DMA=y
CONFIG_GENERIC_BUG=y
CONFIG_GENERIC_BUG_RELATIVE_POINTERS=y
CONFIG_GENERIC_HWEIGHT=y
CONFIG_ARCH_MAY_HAVE_PC_FDC=y
# CONFIG_RWSEM_GENERIC_SPINLOCK is not set
CONFIG_RWSEM_XCHGADD_ALGORITHM=y
CONFIG_GENERIC_CALIBRATE_DELAY=y
CONFIG_ARCH_HAS_CPU_RELAX=y
CONFIG_ARCH_HAS_DEFAULT_IDLE=y
CONFIG_ARCH_HAS_CACHE_LINE_SIZE=y
CONFIG_ARCH_HAS_CPU_AUTOPROBE=y
CONFIG_HAVE_SETUP_PER_CPU_AREA=y
CONFIG_NEED_PER_CPU_EMBED_FIRST_CHUNK=y
CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK=y
CONFIG_ARCH_HIBERNATION_POSSIBLE=y
CONFIG_ARCH_SUSPEND_POSSIBLE=y
CONFIG_ZONE_DMA32=y
CONFIG_AUDIT_ARCH=y
CONFIG_ARCH_SUPPORTS_OPTIMIZED_INLINING=y
CONFIG_ARCH_SUPPORTS_DEBUG_PAGEALLOC=y
CONFIG_X86_64_SMP=y
CONFIG_X86_HT=y
CONFIG_ARCH_HWEIGHT_CFLAGS="-fcall-saved-rdi -fcall-saved-rsi -fcall-saved-rdx -fcall-saved-rcx -fcall-saved-r8 -fcall-saved-r9 -fcall-saved-r10 -fcall-saved-r11"
CONFIG_ARCH_CPU_PROBE_RELEASE=y
CONFIG_ARCH_SUPPORTS_UPROBES=y
CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config"
CONFIG_HAVE_IRQ_WORK=y
CONFIG_IRQ_WORK=y
CONFIG_BUILDTIME_EXTABLE_SORT=y
#
# General setup
#
CONFIG_EXPERIMENTAL=y
CONFIG_INIT_ENV_ARG_LIMIT=32
CONFIG_CROSS_COMPILE=""
CONFIG_LOCALVERSION="john"
# CONFIG_LOCALVERSION_AUTO is not set
CONFIG_HAVE_KERNEL_GZIP=y
CONFIG_HAVE_KERNEL_BZIP2=y
CONFIG_HAVE_KERNEL_LZMA=y
CONFIG_HAVE_KERNEL_XZ=y
CONFIG_HAVE_KERNEL_LZO=y
CONFIG_KERNEL_GZIP=y
# CONFIG_KERNEL_BZIP2 is not set
# CONFIG_KERNEL_LZMA is not set
# CONFIG_KERNEL_XZ is not set
# CONFIG_KERNEL_LZO is not set
CONFIG_DEFAULT_HOSTNAME="(none)"
CONFIG_SWAP=y
CONFIG_SYSVIPC=y
CONFIG_SYSVIPC_SYSCTL=y
CONFIG_POSIX_MQUEUE=y
CONFIG_POSIX_MQUEUE_SYSCTL=y
CONFIG_BSD_PROCESS_ACCT=y
# CONFIG_BSD_PROCESS_ACCT_V3 is not set
# CONFIG_FHANDLE is not set
CONFIG_TASKSTATS=y
CONFIG_TASK_DELAY_ACCT=y
# CONFIG_TASK_XACCT is not set
CONFIG_AUDIT=y
CONFIG_AUDITSYSCALL=y
CONFIG_AUDIT_WATCH=y
CONFIG_AUDIT_TREE=y
# CONFIG_AUDIT_LOGINUID_IMMUTABLE is not set
CONFIG_HAVE_GENERIC_HARDIRQS=y
#
# IRQ subsystem
#
CONFIG_GENERIC_HARDIRQS=y
CONFIG_GENERIC_IRQ_PROBE=y
CONFIG_GENERIC_IRQ_SHOW=y
CONFIG_GENERIC_PENDING_IRQ=y
CONFIG_IRQ_FORCED_THREADING=y
CONFIG_SPARSE_IRQ=y
CONFIG_CLOCKSOURCE_WATCHDOG=y
CONFIG_ARCH_CLOCKSOURCE_DATA=y
CONFIG_GENERIC_TIME_VSYSCALL=y
CONFIG_GENERIC_CLOCKEVENTS=y
CONFIG_GENERIC_CLOCKEVENTS_BUILD=y
CONFIG_GENERIC_CLOCKEVENTS_BROADCAST=y
CONFIG_GENERIC_CLOCKEVENTS_MIN_ADJUST=y
CONFIG_GENERIC_CMOS_UPDATE=y
#
# Timers subsystem
#
CONFIG_TICK_ONESHOT=y
CONFIG_NO_HZ=y
CONFIG_HIGH_RES_TIMERS=y
#
# RCU Subsystem
#
CONFIG_TREE_PREEMPT_RCU=y
CONFIG_PREEMPT_RCU=y
CONFIG_RCU_FANOUT=64
CONFIG_RCU_FANOUT_LEAF=16
# CONFIG_RCU_FANOUT_EXACT is not set
# CONFIG_RCU_FAST_NO_HZ is not set
CONFIG_TREE_RCU_TRACE=y
# CONFIG_RCU_BOOST is not set
CONFIG_IKCONFIG=y
CONFIG_IKCONFIG_PROC=y
CONFIG_LOG_BUF_SHIFT=17
CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y
CONFIG_CGROUPS=y
# CONFIG_CGROUP_DEBUG is not set
CONFIG_CGROUP_FREEZER=y
CONFIG_CGROUP_DEVICE=y
CONFIG_CPUSETS=y
CONFIG_PROC_PID_CPUSET=y
CONFIG_CGROUP_CPUACCT=y
CONFIG_RESOURCE_COUNTERS=y
# CONFIG_MEMCG is not set
# CONFIG_CGROUP_HUGETLB is not set
CONFIG_CGROUP_PERF=y
CONFIG_CGROUP_SCHED=y
CONFIG_FAIR_GROUP_SCHED=y
# CONFIG_CFS_BANDWIDTH is not set
CONFIG_RT_GROUP_SCHED=y
CONFIG_BLK_CGROUP=y
CONFIG_DEBUG_BLK_CGROUP=y
# CONFIG_CHECKPOINT_RESTORE is not set
CONFIG_NAMESPACES=y
# CONFIG_UTS_NS is not set
# CONFIG_IPC_NS is not set
# CONFIG_PID_NS is not set
# CONFIG_NET_NS is not set
# CONFIG_SCHED_AUTOGROUP is not set
# CONFIG_SYSFS_DEPRECATED is not set
CONFIG_RELAY=y
CONFIG_BLK_DEV_INITRD=y
CONFIG_INITRAMFS_SOURCE=""
CONFIG_RD_GZIP=y
CONFIG_RD_BZIP2=y
CONFIG_RD_LZMA=y
CONFIG_RD_XZ=y
CONFIG_RD_LZO=y
# CONFIG_CC_OPTIMIZE_FOR_SIZE is not set
CONFIG_SYSCTL=y
CONFIG_ANON_INODES=y
# CONFIG_EXPERT is not set
CONFIG_UID16=y
# CONFIG_SYSCTL_SYSCALL is not set
CONFIG_KALLSYMS=y
CONFIG_KALLSYMS_ALL=y
CONFIG_HOTPLUG=y
CONFIG_PRINTK=y
CONFIG_BUG=y
CONFIG_ELF_CORE=y
CONFIG_PCSPKR_PLATFORM=y
CONFIG_HAVE_PCSPKR_PLATFORM=y
CONFIG_BASE_FULL=y
CONFIG_FUTEX=y
CONFIG_EPOLL=y
CONFIG_SIGNALFD=y
CONFIG_TIMERFD=y
CONFIG_EVENTFD=y
CONFIG_SHMEM=y
CONFIG_AIO=y
# CONFIG_EMBEDDED is not set
CONFIG_HAVE_PERF_EVENTS=y
#
# Kernel Performance Events And Counters
#
CONFIG_PERF_EVENTS=y
# CONFIG_DEBUG_PERF_USE_VMALLOC is not set
CONFIG_VM_EVENT_COUNTERS=y
CONFIG_PCI_QUIRKS=y
CONFIG_COMPAT_BRK=y
CONFIG_SLAB=y
# CONFIG_SLUB is not set
CONFIG_PROFILING=y
CONFIG_TRACEPOINTS=y
CONFIG_OPROFILE=y
# CONFIG_OPROFILE_EVENT_MULTIPLEX is not set
CONFIG_HAVE_OPROFILE=y
CONFIG_OPROFILE_NMI_TIMER=y
# CONFIG_JUMP_LABEL is not set
CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS=y
CONFIG_HAVE_IOREMAP_PROT=y
CONFIG_HAVE_KPROBES=y
CONFIG_HAVE_KRETPROBES=y
CONFIG_HAVE_OPTPROBES=y
CONFIG_HAVE_ARCH_TRACEHOOK=y
CONFIG_HAVE_DMA_ATTRS=y
CONFIG_USE_GENERIC_SMP_HELPERS=y
CONFIG_GENERIC_SMP_IDLE_THREAD=y
CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y
CONFIG_HAVE_DMA_API_DEBUG=y
CONFIG_HAVE_HW_BREAKPOINT=y
CONFIG_HAVE_MIXED_BREAKPOINTS_REGS=y
CONFIG_HAVE_USER_RETURN_NOTIFIER=y
CONFIG_HAVE_PERF_EVENTS_NMI=y
CONFIG_HAVE_ARCH_JUMP_LABEL=y
CONFIG_ARCH_HAVE_NMI_SAFE_CMPXCHG=y
CONFIG_HAVE_CMPXCHG_LOCAL=y
CONFIG_HAVE_CMPXCHG_DOUBLE=y
CONFIG_ARCH_WANT_COMPAT_IPC_PARSE_VERSION=y
CONFIG_ARCH_WANT_OLD_COMPAT_IPC=y
CONFIG_HAVE_ARCH_SECCOMP_FILTER=y
#
# GCOV-based kernel profiling
#
# CONFIG_GCOV_KERNEL is not set
# CONFIG_HAVE_GENERIC_DMA_COHERENT is not set
CONFIG_SLABINFO=y
CONFIG_RT_MUTEXES=y
CONFIG_BASE_SMALL=0
# CONFIG_MODULES is not set
CONFIG_STOP_MACHINE=y
CONFIG_BLOCK=y
CONFIG_BLK_DEV_BSG=y
CONFIG_BLK_DEV_BSGLIB=y
# CONFIG_BLK_DEV_INTEGRITY is not set
# CONFIG_BLK_DEV_THROTTLING is not set
#
# Partition Types
#
CONFIG_PARTITION_ADVANCED=y
# CONFIG_ACORN_PARTITION is not set
CONFIG_OSF_PARTITION=y
CONFIG_AMIGA_PARTITION=y
# CONFIG_ATARI_PARTITION is not set
CONFIG_MAC_PARTITION=y
CONFIG_MSDOS_PARTITION=y
CONFIG_BSD_DISKLABEL=y
CONFIG_MINIX_SUBPARTITION=y
CONFIG_SOLARIS_X86_PARTITION=y
CONFIG_UNIXWARE_DISKLABEL=y
# CONFIG_LDM_PARTITION is not set
CONFIG_SGI_PARTITION=y
# CONFIG_ULTRIX_PARTITION is not set
CONFIG_SUN_PARTITION=y
CONFIG_KARMA_PARTITION=y
CONFIG_EFI_PARTITION=y
# CONFIG_SYSV68_PARTITION is not set
CONFIG_BLOCK_COMPAT=y
#
# IO Schedulers
#
CONFIG_IOSCHED_NOOP=y
CONFIG_IOSCHED_DEADLINE=y
CONFIG_IOSCHED_CFQ=y
# CONFIG_CFQ_GROUP_IOSCHED is not set
# CONFIG_DEFAULT_DEADLINE is not set
CONFIG_DEFAULT_CFQ=y
# CONFIG_DEFAULT_NOOP is not set
CONFIG_DEFAULT_IOSCHED="cfq"
# CONFIG_INLINE_SPIN_TRYLOCK is not set
# CONFIG_INLINE_SPIN_TRYLOCK_BH is not set
# CONFIG_INLINE_SPIN_LOCK is not set
# CONFIG_INLINE_SPIN_LOCK_BH is not set
# CONFIG_INLINE_SPIN_LOCK_IRQ is not set
# CONFIG_INLINE_SPIN_LOCK_IRQSAVE is not set
CONFIG_UNINLINE_SPIN_UNLOCK=y
# CONFIG_INLINE_SPIN_UNLOCK_BH is not set
# CONFIG_INLINE_SPIN_UNLOCK_IRQ is not set
# CONFIG_INLINE_SPIN_UNLOCK_IRQRESTORE is not set
# CONFIG_INLINE_READ_TRYLOCK is not set
# CONFIG_INLINE_READ_LOCK is not set
# CONFIG_INLINE_READ_LOCK_BH is not set
# CONFIG_INLINE_READ_LOCK_IRQ is not set
# CONFIG_INLINE_READ_LOCK_IRQSAVE is not set
# CONFIG_INLINE_READ_UNLOCK is not set
# CONFIG_INLINE_READ_UNLOCK_BH is not set
# CONFIG_INLINE_READ_UNLOCK_IRQ is not set
# CONFIG_INLINE_READ_UNLOCK_IRQRESTORE is not set
# CONFIG_INLINE_WRITE_TRYLOCK is not set
# CONFIG_INLINE_WRITE_LOCK is not set
# CONFIG_INLINE_WRITE_LOCK_BH is not set
# CONFIG_INLINE_WRITE_LOCK_IRQ is not set
# CONFIG_INLINE_WRITE_LOCK_IRQSAVE is not set
# CONFIG_INLINE_WRITE_UNLOCK is not set
# CONFIG_INLINE_WRITE_UNLOCK_BH is not set
# CONFIG_INLINE_WRITE_UNLOCK_IRQ is not set
# CONFIG_INLINE_WRITE_UNLOCK_IRQRESTORE is not set
# CONFIG_MUTEX_SPIN_ON_OWNER is not set
CONFIG_FREEZER=y
#
# Processor type and features
#
CONFIG_ZONE_DMA=y
CONFIG_SMP=y
CONFIG_X86_MPPARSE=y
CONFIG_X86_EXTENDED_PLATFORM=y
# CONFIG_X86_VSMP is not set
CONFIG_X86_SUPPORTS_MEMORY_FAILURE=y
CONFIG_SCHED_OMIT_FRAME_POINTER=y
CONFIG_PARAVIRT_GUEST=y
CONFIG_PARAVIRT_TIME_ACCOUNTING=y
# CONFIG_XEN is not set
# CONFIG_XEN_PRIVILEGED_GUEST is not set
CONFIG_KVM_CLOCK=y
CONFIG_KVM_GUEST=y
CONFIG_PARAVIRT=y
CONFIG_PARAVIRT_SPINLOCKS=y
CONFIG_PARAVIRT_CLOCK=y
CONFIG_PARAVIRT_DEBUG=y
CONFIG_NO_BOOTMEM=y
# CONFIG_MEMTEST is not set
# CONFIG_MK8 is not set
# CONFIG_MPSC is not set
# CONFIG_MCORE2 is not set
# CONFIG_MATOM is not set
CONFIG_GENERIC_CPU=y
CONFIG_X86_INTERNODE_CACHE_SHIFT=6
CONFIG_X86_CMPXCHG=y
CONFIG_X86_L1_CACHE_SHIFT=6
CONFIG_X86_XADD=y
CONFIG_X86_WP_WORKS_OK=y
CONFIG_X86_TSC=y
CONFIG_X86_CMPXCHG64=y
CONFIG_X86_CMOV=y
CONFIG_X86_MINIMUM_CPU_FAMILY=64
CONFIG_X86_DEBUGCTLMSR=y
CONFIG_CPU_SUP_INTEL=y
CONFIG_CPU_SUP_AMD=y
CONFIG_CPU_SUP_CENTAUR=y
CONFIG_HPET_TIMER=y
CONFIG_HPET_EMULATE_RTC=y
CONFIG_DMI=y
CONFIG_GART_IOMMU=y
# CONFIG_CALGARY_IOMMU is not set
CONFIG_SWIOTLB=y
CONFIG_IOMMU_HELPER=y
# CONFIG_MAXSMP is not set
CONFIG_NR_CPUS=128
CONFIG_SCHED_SMT=y
CONFIG_SCHED_MC=y
# CONFIG_IRQ_TIME_ACCOUNTING is not set
# CONFIG_PREEMPT_NONE is not set
# CONFIG_PREEMPT_VOLUNTARY is not set
CONFIG_PREEMPT=y
CONFIG_PREEMPT_COUNT=y
CONFIG_X86_LOCAL_APIC=y
CONFIG_X86_IO_APIC=y
# CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS is not set
CONFIG_X86_MCE=y
CONFIG_X86_MCE_INTEL=y
CONFIG_X86_MCE_AMD=y
CONFIG_X86_MCE_THRESHOLD=y
# CONFIG_X86_MCE_INJECT is not set
CONFIG_X86_THERMAL_VECTOR=y
# CONFIG_I8K is not set
CONFIG_MICROCODE=y
CONFIG_MICROCODE_INTEL=y
# CONFIG_MICROCODE_AMD is not set
CONFIG_MICROCODE_OLD_INTERFACE=y
CONFIG_X86_MSR=y
CONFIG_X86_CPUID=y
CONFIG_ARCH_PHYS_ADDR_T_64BIT=y
CONFIG_ARCH_DMA_ADDR_T_64BIT=y
CONFIG_DIRECT_GBPAGES=y
# CONFIG_NUMA is not set
CONFIG_ARCH_SPARSEMEM_ENABLE=y
CONFIG_ARCH_SPARSEMEM_DEFAULT=y
CONFIG_ARCH_SELECT_MEMORY_MODEL=y
CONFIG_ARCH_PROC_KCORE_TEXT=y
CONFIG_ILLEGAL_POINTER_VALUE=0xdead000000000000
CONFIG_SELECT_MEMORY_MODEL=y
CONFIG_SPARSEMEM_MANUAL=y
CONFIG_SPARSEMEM=y
CONFIG_HAVE_MEMORY_PRESENT=y
CONFIG_SPARSEMEM_EXTREME=y
CONFIG_SPARSEMEM_VMEMMAP_ENABLE=y
CONFIG_SPARSEMEM_ALLOC_MEM_MAP_TOGETHER=y
CONFIG_SPARSEMEM_VMEMMAP=y
CONFIG_HAVE_MEMBLOCK=y
CONFIG_HAVE_MEMBLOCK_NODE_MAP=y
CONFIG_ARCH_DISCARD_MEMBLOCK=y
# CONFIG_MEMORY_HOTPLUG is not set
CONFIG_PAGEFLAGS_EXTENDED=y
CONFIG_SPLIT_PTLOCK_CPUS=999999
# CONFIG_COMPACTION is not set
CONFIG_PHYS_ADDR_T_64BIT=y
CONFIG_ZONE_DMA_FLAG=1
CONFIG_BOUNCE=y
CONFIG_VIRT_TO_BUS=y
# CONFIG_KSM is not set
CONFIG_DEFAULT_MMAP_MIN_ADDR=4096
CONFIG_ARCH_SUPPORTS_MEMORY_FAILURE=y
# CONFIG_MEMORY_FAILURE is not set
# CONFIG_TRANSPARENT_HUGEPAGE is not set
CONFIG_CROSS_MEMORY_ATTACH=y
# CONFIG_CLEANCACHE is not set
# CONFIG_FRONTSWAP is not set
# CONFIG_X86_CHECK_BIOS_CORRUPTION is not set
CONFIG_X86_RESERVE_LOW=64
CONFIG_MTRR=y
CONFIG_MTRR_SANITIZER=y
CONFIG_MTRR_SANITIZER_ENABLE_DEFAULT=0
CONFIG_MTRR_SANITIZER_SPARE_REG_NR_DEFAULT=1
CONFIG_X86_PAT=y
CONFIG_ARCH_USES_PG_UNCACHED=y
CONFIG_ARCH_RANDOM=y
# CONFIG_EFI is not set
# CONFIG_SECCOMP is not set
# CONFIG_CC_STACKPROTECTOR is not set
# CONFIG_HZ_100 is not set
# CONFIG_HZ_250 is not set
CONFIG_HZ_300=y
# CONFIG_HZ_1000 is not set
CONFIG_HZ=300
CONFIG_SCHED_HRTICK=y
# CONFIG_KEXEC is not set
# CONFIG_CRASH_DUMP is not set
CONFIG_PHYSICAL_START=0x1000000
# CONFIG_RELOCATABLE is not set
CONFIG_PHYSICAL_ALIGN=0x1000000
CONFIG_HOTPLUG_CPU=y
CONFIG_COMPAT_VDSO=y
# CONFIG_CMDLINE_BOOL is not set
CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y
#
# Power management and ACPI options
#
CONFIG_SUSPEND=y
CONFIG_SUSPEND_FREEZER=y
# CONFIG_HIBERNATION is not set
CONFIG_PM_SLEEP=y
CONFIG_PM_SLEEP_SMP=y
# CONFIG_PM_AUTOSLEEP is not set
# CONFIG_PM_WAKELOCKS is not set
CONFIG_PM_RUNTIME=y
CONFIG_PM=y
CONFIG_PM_DEBUG=y
# CONFIG_PM_ADVANCED_DEBUG is not set
# CONFIG_PM_TEST_SUSPEND is not set
CONFIG_PM_SLEEP_DEBUG=y
# CONFIG_PM_TRACE_RTC is not set
CONFIG_ACPI=y
CONFIG_ACPI_SLEEP=y
CONFIG_ACPI_PROCFS=y
CONFIG_ACPI_PROCFS_POWER=y
# CONFIG_ACPI_EC_DEBUGFS is not set
CONFIG_ACPI_PROC_EVENT=y
CONFIG_ACPI_AC=y
CONFIG_ACPI_BATTERY=y
CONFIG_ACPI_BUTTON=y
CONFIG_ACPI_VIDEO=y
CONFIG_ACPI_FAN=y
CONFIG_ACPI_DOCK=y
CONFIG_ACPI_PROCESSOR=y
# CONFIG_ACPI_IPMI is not set
CONFIG_ACPI_HOTPLUG_CPU=y
# CONFIG_ACPI_PROCESSOR_AGGREGATOR is not set
CONFIG_ACPI_THERMAL=y
# CONFIG_ACPI_CUSTOM_DSDT is not set
CONFIG_ACPI_BLACKLIST_YEAR=0
# CONFIG_ACPI_DEBUG is not set
# CONFIG_ACPI_PCI_SLOT is not set
CONFIG_X86_PM_TIMER=y
CONFIG_ACPI_CONTAINER=y
CONFIG_ACPI_SBS=y
# CONFIG_ACPI_HED is not set
# CONFIG_ACPI_CUSTOM_METHOD is not set
# CONFIG_ACPI_BGRT is not set
# CONFIG_ACPI_APEI is not set
CONFIG_SFI=y
#
# CPU Frequency scaling
#
CONFIG_CPU_FREQ=y
CONFIG_CPU_FREQ_TABLE=y
CONFIG_CPU_FREQ_STAT=y
CONFIG_CPU_FREQ_STAT_DETAILS=y
# CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE is not set
CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE=y
# CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND is not set
# CONFIG_CPU_FREQ_DEFAULT_GOV_CONSERVATIVE is not set
CONFIG_CPU_FREQ_GOV_PERFORMANCE=y
CONFIG_CPU_FREQ_GOV_POWERSAVE=y
CONFIG_CPU_FREQ_GOV_USERSPACE=y
CONFIG_CPU_FREQ_GOV_ONDEMAND=y
CONFIG_CPU_FREQ_GOV_CONSERVATIVE=y
#
# x86 CPU frequency scaling drivers
#
# CONFIG_X86_PCC_CPUFREQ is not set
CONFIG_X86_ACPI_CPUFREQ=y
CONFIG_X86_POWERNOW_K8=y
CONFIG_X86_SPEEDSTEP_CENTRINO=y
# CONFIG_X86_P4_CLOCKMOD is not set
#
# shared options
#
# CONFIG_X86_SPEEDSTEP_LIB is not set
CONFIG_CPU_IDLE=y
CONFIG_CPU_IDLE_GOV_LADDER=y
CONFIG_CPU_IDLE_GOV_MENU=y
# CONFIG_ARCH_NEEDS_CPU_IDLE_COUPLED is not set
CONFIG_INTEL_IDLE=y
#
# Memory power savings
#
CONFIG_I7300_IDLE_IOAT_CHANNEL=y
CONFIG_I7300_IDLE=y
#
# Bus options (PCI etc.)
#
CONFIG_PCI=y
CONFIG_PCI_DIRECT=y
CONFIG_PCI_MMCONFIG=y
CONFIG_PCI_DOMAINS=y
# CONFIG_PCI_CNB20LE_QUIRK is not set
CONFIG_PCIEPORTBUS=y
CONFIG_PCIEAER=y
# CONFIG_PCIE_ECRC is not set
# CONFIG_PCIEAER_INJECT is not set
CONFIG_PCIEASPM=y
# CONFIG_PCIEASPM_DEBUG is not set
CONFIG_PCIEASPM_DEFAULT=y
# CONFIG_PCIEASPM_POWERSAVE is not set
# CONFIG_PCIEASPM_PERFORMANCE is not set
CONFIG_PCIE_PME=y
CONFIG_ARCH_SUPPORTS_MSI=y
CONFIG_PCI_MSI=y
# CONFIG_PCI_DEBUG is not set
# CONFIG_PCI_REALLOC_ENABLE_AUTO is not set
# CONFIG_PCI_STUB is not set
CONFIG_HT_IRQ=y
# CONFIG_PCI_IOV is not set
# CONFIG_PCI_PRI is not set
# CONFIG_PCI_PASID is not set
CONFIG_PCI_IOAPIC=y
CONFIG_PCI_LABEL=y
CONFIG_ISA_DMA_API=y
CONFIG_AMD_NB=y
# CONFIG_PCCARD is not set
# CONFIG_HOTPLUG_PCI is not set
# CONFIG_RAPIDIO is not set
#
# Executable file formats / Emulations
#
CONFIG_BINFMT_ELF=y
CONFIG_COMPAT_BINFMT_ELF=y
CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE=y
# CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS is not set
# CONFIG_HAVE_AOUT is not set
CONFIG_BINFMT_MISC=y
CONFIG_IA32_EMULATION=y
CONFIG_IA32_AOUT=y
# CONFIG_X86_X32 is not set
CONFIG_COMPAT=y
CONFIG_COMPAT_FOR_U64_ALIGNMENT=y
CONFIG_SYSVIPC_COMPAT=y
CONFIG_KEYS_COMPAT=y
CONFIG_HAVE_TEXT_POKE_SMP=y
CONFIG_X86_DEV_DMA_OPS=y
CONFIG_NET=y
#
# Networking options
#
CONFIG_PACKET=y
CONFIG_UNIX=y
# CONFIG_UNIX_DIAG is not set
CONFIG_XFRM=y
CONFIG_XFRM_ALGO=y
CONFIG_XFRM_USER=y
# CONFIG_XFRM_SUB_POLICY is not set
# CONFIG_XFRM_MIGRATE is not set
# CONFIG_XFRM_STATISTICS is not set
CONFIG_XFRM_IPCOMP=y
CONFIG_NET_KEY=y
# CONFIG_NET_KEY_MIGRATE is not set
CONFIG_INET=y
CONFIG_IP_MULTICAST=y
CONFIG_IP_ADVANCED_ROUTER=y
# CONFIG_IP_FIB_TRIE_STATS is not set
CONFIG_IP_MULTIPLE_TABLES=y
CONFIG_IP_ROUTE_MULTIPATH=y
CONFIG_IP_ROUTE_VERBOSE=y
CONFIG_IP_ROUTE_CLASSID=y
# CONFIG_IP_PNP is not set
CONFIG_NET_IPIP=y
# CONFIG_NET_IPGRE_DEMUX is not set
CONFIG_IP_MROUTE=y
# CONFIG_IP_MROUTE_MULTIPLE_TABLES is not set
CONFIG_IP_PIMSM_V1=y
CONFIG_IP_PIMSM_V2=y
# CONFIG_ARPD is not set
CONFIG_SYN_COOKIES=y
# CONFIG_NET_IPVTI is not set
CONFIG_INET_AH=y
CONFIG_INET_ESP=y
CONFIG_INET_IPCOMP=y
CONFIG_INET_XFRM_TUNNEL=y
CONFIG_INET_TUNNEL=y
CONFIG_INET_XFRM_MODE_TRANSPORT=y
CONFIG_INET_XFRM_MODE_TUNNEL=y
CONFIG_INET_XFRM_MODE_BEET=y
# CONFIG_INET_LRO is not set
CONFIG_INET_DIAG=y
CONFIG_INET_TCP_DIAG=y
# CONFIG_INET_UDP_DIAG is not set
CONFIG_TCP_CONG_ADVANCED=y
CONFIG_TCP_CONG_BIC=y
CONFIG_TCP_CONG_CUBIC=y
CONFIG_TCP_CONG_WESTWOOD=y
CONFIG_TCP_CONG_HTCP=y
CONFIG_TCP_CONG_HSTCP=y
CONFIG_TCP_CONG_HYBLA=y
CONFIG_TCP_CONG_VEGAS=y
CONFIG_TCP_CONG_SCALABLE=y
CONFIG_TCP_CONG_LP=y
CONFIG_TCP_CONG_VENO=y
# CONFIG_TCP_CONG_YEAH is not set
# CONFIG_TCP_CONG_ILLINOIS is not set
# CONFIG_DEFAULT_BIC is not set
CONFIG_DEFAULT_CUBIC=y
# CONFIG_DEFAULT_HTCP is not set
# CONFIG_DEFAULT_HYBLA is not set
# CONFIG_DEFAULT_VEGAS is not set
# CONFIG_DEFAULT_VENO is not set
# CONFIG_DEFAULT_WESTWOOD is not set
# CONFIG_DEFAULT_RENO is not set
CONFIG_DEFAULT_TCP_CONG="cubic"
# CONFIG_TCP_MD5SIG is not set
CONFIG_IPV6=y
CONFIG_IPV6_PRIVACY=y
CONFIG_IPV6_ROUTER_PREF=y
CONFIG_IPV6_ROUTE_INFO=y
# CONFIG_IPV6_OPTIMISTIC_DAD is not set
CONFIG_INET6_AH=y
CONFIG_INET6_ESP=y
CONFIG_INET6_IPCOMP=y
# CONFIG_IPV6_MIP6 is not set
CONFIG_INET6_XFRM_TUNNEL=y
CONFIG_INET6_TUNNEL=y
CONFIG_INET6_XFRM_MODE_TRANSPORT=y
CONFIG_INET6_XFRM_MODE_TUNNEL=y
CONFIG_INET6_XFRM_MODE_BEET=y
# CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION is not set
CONFIG_IPV6_SIT=y
# CONFIG_IPV6_SIT_6RD is not set
CONFIG_IPV6_NDISC_NODETYPE=y
CONFIG_IPV6_TUNNEL=y
CONFIG_IPV6_MULTIPLE_TABLES=y
# CONFIG_IPV6_SUBTREES is not set
# CONFIG_IPV6_MROUTE is not set
CONFIG_NETLABEL=y
CONFIG_NETWORK_SECMARK=y
# CONFIG_NETWORK_PHY_TIMESTAMPING is not set
CONFIG_NETFILTER=y
# CONFIG_NETFILTER_DEBUG is not set
CONFIG_NETFILTER_ADVANCED=y
CONFIG_BRIDGE_NETFILTER=y
#
# Core Netfilter Configuration
#
CONFIG_NETFILTER_NETLINK=y
# CONFIG_NETFILTER_NETLINK_ACCT is not set
CONFIG_NETFILTER_NETLINK_QUEUE=y
CONFIG_NETFILTER_NETLINK_LOG=y
# CONFIG_NF_CONNTRACK is not set
# CONFIG_NETFILTER_TPROXY is not set
CONFIG_NETFILTER_XTABLES=y
#
# Xtables combined modules
#
CONFIG_NETFILTER_XT_MARK=y
#
# Xtables targets
#
# CONFIG_NETFILTER_XT_TARGET_AUDIT is not set
# CONFIG_NETFILTER_XT_TARGET_CHECKSUM is not set
CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y
# CONFIG_NETFILTER_XT_TARGET_DSCP is not set
CONFIG_NETFILTER_XT_TARGET_HL=y
# CONFIG_NETFILTER_XT_TARGET_HMARK is not set
# CONFIG_NETFILTER_XT_TARGET_IDLETIMER is not set
# CONFIG_NETFILTER_XT_TARGET_LOG is not set
CONFIG_NETFILTER_XT_TARGET_MARK=y
# CONFIG_NETFILTER_XT_TARGET_NFLOG is not set
CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y
# CONFIG_NETFILTER_XT_TARGET_RATEEST is not set
# CONFIG_NETFILTER_XT_TARGET_TEE is not set
# CONFIG_NETFILTER_XT_TARGET_TRACE is not set
CONFIG_NETFILTER_XT_TARGET_SECMARK=y
# CONFIG_NETFILTER_XT_TARGET_TCPMSS is not set
# CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set
#
# Xtables matches
#
# CONFIG_NETFILTER_XT_MATCH_ADDRTYPE is not set
CONFIG_NETFILTER_XT_MATCH_COMMENT=y
# CONFIG_NETFILTER_XT_MATCH_CPU is not set
CONFIG_NETFILTER_XT_MATCH_DCCP=y
# CONFIG_NETFILTER_XT_MATCH_DEVGROUP is not set
# CONFIG_NETFILTER_XT_MATCH_DSCP is not set
CONFIG_NETFILTER_XT_MATCH_ECN=y
CONFIG_NETFILTER_XT_MATCH_ESP=y
# CONFIG_NETFILTER_XT_MATCH_HASHLIMIT is not set
CONFIG_NETFILTER_XT_MATCH_HL=y
# CONFIG_NETFILTER_XT_MATCH_IPRANGE is not set
CONFIG_NETFILTER_XT_MATCH_LENGTH=y
CONFIG_NETFILTER_XT_MATCH_LIMIT=y
CONFIG_NETFILTER_XT_MATCH_MAC=y
CONFIG_NETFILTER_XT_MATCH_MARK=y
CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y
# CONFIG_NETFILTER_XT_MATCH_NFACCT is not set
# CONFIG_NETFILTER_XT_MATCH_OSF is not set
# CONFIG_NETFILTER_XT_MATCH_OWNER is not set
CONFIG_NETFILTER_XT_MATCH_POLICY=y
CONFIG_NETFILTER_XT_MATCH_PHYSDEV=y
CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y
CONFIG_NETFILTER_XT_MATCH_QUOTA=y
# CONFIG_NETFILTER_XT_MATCH_RATEEST is not set
CONFIG_NETFILTER_XT_MATCH_REALM=y
# CONFIG_NETFILTER_XT_MATCH_RECENT is not set
CONFIG_NETFILTER_XT_MATCH_SCTP=y
CONFIG_NETFILTER_XT_MATCH_STATISTIC=y
CONFIG_NETFILTER_XT_MATCH_STRING=y
CONFIG_NETFILTER_XT_MATCH_TCPMSS=y
# CONFIG_NETFILTER_XT_MATCH_TIME is not set
# CONFIG_NETFILTER_XT_MATCH_U32 is not set
# CONFIG_IP_SET is not set
# CONFIG_IP_VS is not set
#
# IP: Netfilter Configuration
#
# CONFIG_NF_DEFRAG_IPV4 is not set
CONFIG_IP_NF_QUEUE=y
CONFIG_IP_NF_IPTABLES=y
CONFIG_IP_NF_MATCH_AH=y
CONFIG_IP_NF_MATCH_ECN=y
# CONFIG_IP_NF_MATCH_RPFILTER is not set
CONFIG_IP_NF_MATCH_TTL=y
CONFIG_IP_NF_FILTER=y
CONFIG_IP_NF_TARGET_REJECT=y
CONFIG_IP_NF_TARGET_ULOG=y
CONFIG_IP_NF_MANGLE=y
CONFIG_IP_NF_TARGET_ECN=y
CONFIG_IP_NF_TARGET_TTL=y
CONFIG_IP_NF_RAW=y
# CONFIG_IP_NF_SECURITY is not set
CONFIG_IP_NF_ARPTABLES=y
CONFIG_IP_NF_ARPFILTER=y
CONFIG_IP_NF_ARP_MANGLE=y
#
# IPv6: Netfilter Configuration
#
# CONFIG_NF_DEFRAG_IPV6 is not set
CONFIG_IP6_NF_IPTABLES=y
CONFIG_IP6_NF_MATCH_AH=y
CONFIG_IP6_NF_MATCH_EUI64=y
CONFIG_IP6_NF_MATCH_FRAG=y
CONFIG_IP6_NF_MATCH_OPTS=y
CONFIG_IP6_NF_MATCH_HL=y
CONFIG_IP6_NF_MATCH_IPV6HEADER=y
# CONFIG_IP6_NF_MATCH_MH is not set
# CONFIG_IP6_NF_MATCH_RPFILTER is not set
CONFIG_IP6_NF_MATCH_RT=y
CONFIG_IP6_NF_TARGET_HL=y
CONFIG_IP6_NF_FILTER=y
CONFIG_IP6_NF_TARGET_REJECT=y
CONFIG_IP6_NF_MANGLE=y
CONFIG_IP6_NF_RAW=y
# CONFIG_IP6_NF_SECURITY is not set
CONFIG_BRIDGE_NF_EBTABLES=y
CONFIG_BRIDGE_EBT_BROUTE=y
CONFIG_BRIDGE_EBT_T_FILTER=y
CONFIG_BRIDGE_EBT_T_NAT=y
CONFIG_BRIDGE_EBT_802_3=y
CONFIG_BRIDGE_EBT_AMONG=y
CONFIG_BRIDGE_EBT_ARP=y
CONFIG_BRIDGE_EBT_IP=y
# CONFIG_BRIDGE_EBT_IP6 is not set
CONFIG_BRIDGE_EBT_LIMIT=y
CONFIG_BRIDGE_EBT_MARK=y
CONFIG_BRIDGE_EBT_PKTTYPE=y
CONFIG_BRIDGE_EBT_STP=y
CONFIG_BRIDGE_EBT_VLAN=y
CONFIG_BRIDGE_EBT_ARPREPLY=y
CONFIG_BRIDGE_EBT_DNAT=y
CONFIG_BRIDGE_EBT_MARK_T=y
CONFIG_BRIDGE_EBT_REDIRECT=y
CONFIG_BRIDGE_EBT_SNAT=y
CONFIG_BRIDGE_EBT_LOG=y
CONFIG_BRIDGE_EBT_ULOG=y
# CONFIG_BRIDGE_EBT_NFLOG is not set
CONFIG_IP_DCCP=y
CONFIG_INET_DCCP_DIAG=y
#
# DCCP CCIDs Configuration (EXPERIMENTAL)
#
# CONFIG_IP_DCCP_CCID2_DEBUG is not set
CONFIG_IP_DCCP_CCID3=y
# CONFIG_IP_DCCP_CCID3_DEBUG is not set
CONFIG_IP_DCCP_TFRC_LIB=y
#
# DCCP Kernel Hacking
#
# CONFIG_IP_DCCP_DEBUG is not set
CONFIG_IP_SCTP=y
# CONFIG_SCTP_DBG_MSG is not set
# CONFIG_SCTP_DBG_OBJCNT is not set
# CONFIG_SCTP_HMAC_NONE is not set
# CONFIG_SCTP_HMAC_SHA1 is not set
CONFIG_SCTP_HMAC_MD5=y
# CONFIG_RDS is not set
CONFIG_TIPC=y
# CONFIG_TIPC_ADVANCED is not set
CONFIG_ATM=y
CONFIG_ATM_CLIP=y
# CONFIG_ATM_CLIP_NO_ICMP is not set
CONFIG_ATM_LANE=y
# CONFIG_ATM_MPOA is not set
CONFIG_ATM_BR2684=y
# CONFIG_ATM_BR2684_IPFILTER is not set
# CONFIG_L2TP is not set
CONFIG_STP=y
CONFIG_BRIDGE=y
CONFIG_BRIDGE_IGMP_SNOOPING=y
# CONFIG_NET_DSA is not set
CONFIG_VLAN_8021Q=y
# CONFIG_VLAN_8021Q_GVRP is not set
# CONFIG_DECNET is not set
CONFIG_LLC=y
# CONFIG_LLC2 is not set
# CONFIG_IPX is not set
# CONFIG_ATALK is not set
# CONFIG_X25 is not set
# CONFIG_LAPB is not set
# CONFIG_WAN_ROUTER is not set
# CONFIG_PHONET is not set
# CONFIG_IEEE802154 is not set
CONFIG_NET_SCHED=y
#
# Queueing/Scheduling
#
CONFIG_NET_SCH_CBQ=y
CONFIG_NET_SCH_HTB=y
CONFIG_NET_SCH_HFSC=y
CONFIG_NET_SCH_ATM=y
CONFIG_NET_SCH_PRIO=y
# CONFIG_NET_SCH_MULTIQ is not set
CONFIG_NET_SCH_RED=y
# CONFIG_NET_SCH_SFB is not set
CONFIG_NET_SCH_SFQ=y
CONFIG_NET_SCH_TEQL=y
CONFIG_NET_SCH_TBF=y
CONFIG_NET_SCH_GRED=y
CONFIG_NET_SCH_DSMARK=y
CONFIG_NET_SCH_NETEM=y
# CONFIG_NET_SCH_DRR is not set
# CONFIG_NET_SCH_MQPRIO is not set
# CONFIG_NET_SCH_CHOKE is not set
# CONFIG_NET_SCH_QFQ is not set
# CONFIG_NET_SCH_CODEL is not set
# CONFIG_NET_SCH_FQ_CODEL is not set
CONFIG_NET_SCH_INGRESS=y
# CONFIG_NET_SCH_PLUG is not set
#
# Classification
#
CONFIG_NET_CLS=y
CONFIG_NET_CLS_BASIC=y
CONFIG_NET_CLS_TCINDEX=y
CONFIG_NET_CLS_ROUTE4=y
CONFIG_NET_CLS_FW=y
CONFIG_NET_CLS_U32=y
CONFIG_CLS_U32_PERF=y
CONFIG_CLS_U32_MARK=y
CONFIG_NET_CLS_RSVP=y
CONFIG_NET_CLS_RSVP6=y
# CONFIG_NET_CLS_FLOW is not set
# CONFIG_NET_CLS_CGROUP is not set
CONFIG_NET_EMATCH=y
CONFIG_NET_EMATCH_STACK=32
CONFIG_NET_EMATCH_CMP=y
CONFIG_NET_EMATCH_NBYTE=y
CONFIG_NET_EMATCH_U32=y
CONFIG_NET_EMATCH_META=y
CONFIG_NET_EMATCH_TEXT=y
CONFIG_NET_CLS_ACT=y
CONFIG_NET_ACT_POLICE=y
CONFIG_NET_ACT_GACT=y
CONFIG_GACT_PROB=y
CONFIG_NET_ACT_MIRRED=y
CONFIG_NET_ACT_IPT=y
# CONFIG_NET_ACT_NAT is not set
CONFIG_NET_ACT_PEDIT=y
CONFIG_NET_ACT_SIMP=y
# CONFIG_NET_ACT_SKBEDIT is not set
# CONFIG_NET_ACT_CSUM is not set
CONFIG_NET_CLS_IND=y
CONFIG_NET_SCH_FIFO=y
# CONFIG_DCB is not set
CONFIG_DNS_RESOLVER=y
# CONFIG_BATMAN_ADV is not set
# CONFIG_OPENVSWITCH is not set
CONFIG_RPS=y
CONFIG_RFS_ACCEL=y
CONFIG_XPS=y
# CONFIG_NETPRIO_CGROUP is not set
CONFIG_BQL=y
#
# Network testing
#
CONFIG_NET_PKTGEN=y
# CONFIG_NET_DROP_MONITOR is not set
# CONFIG_HAMRADIO is not set
# CONFIG_CAN is not set
# CONFIG_IRDA is not set
# CONFIG_BT is not set
CONFIG_AF_RXRPC=y
# CONFIG_AF_RXRPC_DEBUG is not set
# CONFIG_RXKAD is not set
CONFIG_FIB_RULES=y
CONFIG_WIRELESS=y
# CONFIG_CFG80211 is not set
# CONFIG_LIB80211 is not set
#
# CFG80211 needs to be enabled for MAC80211
#
# CONFIG_WIMAX is not set
# CONFIG_RFKILL is not set
# CONFIG_NET_9P is not set
# CONFIG_CAIF is not set
# CONFIG_CEPH_LIB is not set
# CONFIG_NFC is not set
CONFIG_HAVE_BPF_JIT=y
#
# Device Drivers
#
#
# Generic Driver Options
#
CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug"
CONFIG_DEVTMPFS=y
CONFIG_DEVTMPFS_MOUNT=y
CONFIG_STANDALONE=y
CONFIG_PREVENT_FIRMWARE_BUILD=y
CONFIG_FW_LOADER=y
CONFIG_FIRMWARE_IN_KERNEL=y
CONFIG_EXTRA_FIRMWARE=""
# CONFIG_DEBUG_DRIVER is not set
# CONFIG_DEBUG_DEVRES is not set
# CONFIG_SYS_HYPERVISOR is not set
# CONFIG_GENERIC_CPU_DEVICES is not set
CONFIG_DMA_SHARED_BUFFER=y
CONFIG_CONNECTOR=y
CONFIG_PROC_EVENTS=y
# CONFIG_MTD is not set
# CONFIG_PARPORT is not set
CONFIG_PNP=y
CONFIG_PNP_DEBUG_MESSAGES=y
#
# Protocols
#
CONFIG_PNPACPI=y
CONFIG_BLK_DEV=y
# CONFIG_BLK_DEV_FD is not set
# CONFIG_BLK_DEV_PCIESSD_MTIP32XX is not set
# CONFIG_BLK_CPQ_DA is not set
# CONFIG_BLK_CPQ_CISS_DA is not set
# CONFIG_BLK_DEV_DAC960 is not set
CONFIG_BLK_DEV_UMEM=y
# CONFIG_BLK_DEV_COW_COMMON is not set
CONFIG_BLK_DEV_LOOP=y
CONFIG_BLK_DEV_LOOP_MIN_COUNT=8
CONFIG_BLK_DEV_CRYPTOLOOP=y
# CONFIG_BLK_DEV_DRBD is not set
# CONFIG_BLK_DEV_NBD is not set
# CONFIG_BLK_DEV_NVME is not set
CONFIG_BLK_DEV_SX8=y
# CONFIG_BLK_DEV_UB is not set
CONFIG_BLK_DEV_RAM=y
CONFIG_BLK_DEV_RAM_COUNT=16
CONFIG_BLK_DEV_RAM_SIZE=16384
# CONFIG_BLK_DEV_XIP is not set
CONFIG_CDROM_PKTCDVD=y
CONFIG_CDROM_PKTCDVD_BUFFERS=8
# CONFIG_CDROM_PKTCDVD_WCACHE is not set
# CONFIG_ATA_OVER_ETH is not set
# CONFIG_VIRTIO_BLK is not set
# CONFIG_BLK_DEV_HD is not set
# CONFIG_BLK_DEV_RBD is not set
#
# Misc devices
#
# CONFIG_SENSORS_LIS3LV02D is not set
# CONFIG_AD525X_DPOT is not set
# CONFIG_IBM_ASM is not set
# CONFIG_PHANTOM is not set
# CONFIG_INTEL_MID_PTI is not set
# CONFIG_SGI_IOC4 is not set
# CONFIG_TIFM_CORE is not set
# CONFIG_ICS932S401 is not set
# CONFIG_ENCLOSURE_SERVICES is not set
# CONFIG_HP_ILO is not set
# CONFIG_APDS9802ALS is not set
# CONFIG_ISL29003 is not set
# CONFIG_ISL29020 is not set
# CONFIG_SENSORS_TSL2550 is not set
# CONFIG_SENSORS_BH1780 is not set
# CONFIG_SENSORS_BH1770 is not set
# CONFIG_SENSORS_APDS990X is not set
# CONFIG_HMC6352 is not set
# CONFIG_DS1682 is not set
# CONFIG_VMWARE_BALLOON is not set
# CONFIG_BMP085_I2C is not set
# CONFIG_PCH_PHUB is not set
# CONFIG_USB_SWITCH_FSA9480 is not set
# CONFIG_C2PORT is not set
#
# EEPROM support
#
# CONFIG_EEPROM_AT24 is not set
# CONFIG_EEPROM_LEGACY is not set
# CONFIG_EEPROM_MAX6875 is not set
# CONFIG_EEPROM_93CX6 is not set
# CONFIG_CB710_CORE is not set
#
# Texas Instruments shared transport line discipline
#
# CONFIG_SENSORS_LIS3_I2C is not set
#
# Altera FPGA firmware download module
#
# CONFIG_ALTERA_STAPL is not set
# CONFIG_INTEL_MEI is not set
CONFIG_HAVE_IDE=y
# CONFIG_IDE is not set
#
# SCSI device support
#
CONFIG_SCSI_MOD=y
CONFIG_RAID_ATTRS=y
CONFIG_SCSI=y
CONFIG_SCSI_DMA=y
# CONFIG_SCSI_TGT is not set
CONFIG_SCSI_NETLINK=y
CONFIG_SCSI_PROC_FS=y
#
# SCSI support type (disk, tape, CD-ROM)
#
CONFIG_BLK_DEV_SD=y
CONFIG_CHR_DEV_ST=y
CONFIG_CHR_DEV_OSST=y
CONFIG_BLK_DEV_SR=y
CONFIG_BLK_DEV_SR_VENDOR=y
CONFIG_CHR_DEV_SG=y
CONFIG_CHR_DEV_SCH=y
CONFIG_SCSI_MULTI_LUN=y
# CONFIG_SCSI_CONSTANTS is not set
CONFIG_SCSI_LOGGING=y
# CONFIG_SCSI_SCAN_ASYNC is not set
#
# SCSI Transports
#
CONFIG_SCSI_SPI_ATTRS=y
CONFIG_SCSI_FC_ATTRS=y
CONFIG_SCSI_ISCSI_ATTRS=y
CONFIG_SCSI_SAS_ATTRS=y
CONFIG_SCSI_SAS_LIBSAS=y
# CONFIG_SCSI_SAS_ATA is not set
CONFIG_SCSI_SAS_HOST_SMP=y
# CONFIG_SCSI_SRP_ATTRS is not set
CONFIG_SCSI_LOWLEVEL=y
# CONFIG_ISCSI_TCP is not set
CONFIG_ISCSI_BOOT_SYSFS=y
# CONFIG_SCSI_CXGB3_ISCSI is not set
# CONFIG_SCSI_CXGB4_ISCSI is not set
# CONFIG_SCSI_BNX2_ISCSI is not set
# CONFIG_SCSI_BNX2X_FCOE is not set
# CONFIG_BE2ISCSI is not set
# CONFIG_BLK_DEV_3W_XXXX_RAID is not set
# CONFIG_SCSI_HPSA is not set
# CONFIG_SCSI_3W_9XXX is not set
# CONFIG_SCSI_3W_SAS is not set
# CONFIG_SCSI_ACARD is not set
# CONFIG_SCSI_AACRAID is not set
CONFIG_SCSI_AIC7XXX=y
CONFIG_AIC7XXX_CMDS_PER_DEVICE=4
CONFIG_AIC7XXX_RESET_DELAY_MS=15000
# CONFIG_AIC7XXX_DEBUG_ENABLE is not set
CONFIG_AIC7XXX_DEBUG_MASK=0
# CONFIG_AIC7XXX_REG_PRETTY_PRINT is not set
# CONFIG_SCSI_AIC7XXX_OLD is not set
# CONFIG_SCSI_AIC79XX is not set
CONFIG_SCSI_AIC94XX=y
# CONFIG_AIC94XX_DEBUG is not set
# CONFIG_SCSI_MVSAS is not set
# CONFIG_SCSI_MVUMI is not set
# CONFIG_SCSI_DPT_I2O is not set
# CONFIG_SCSI_ADVANSYS is not set
# CONFIG_SCSI_ARCMSR is not set
CONFIG_MEGARAID_NEWGEN=y
CONFIG_MEGARAID_MM=y
CONFIG_MEGARAID_MAILBOX=y
CONFIG_MEGARAID_LEGACY=y
CONFIG_MEGARAID_SAS=y
# CONFIG_SCSI_MPT2SAS is not set
# CONFIG_SCSI_UFSHCD is not set
# CONFIG_SCSI_HPTIOP is not set
# CONFIG_SCSI_BUSLOGIC is not set
# CONFIG_VMWARE_PVSCSI is not set
# CONFIG_LIBFC is not set
# CONFIG_LIBFCOE is not set
# CONFIG_FCOE is not set
# CONFIG_FCOE_FNIC is not set
# CONFIG_SCSI_DMX3191D is not set
# CONFIG_SCSI_EATA is not set
# CONFIG_SCSI_FUTURE_DOMAIN is not set
# CONFIG_SCSI_GDTH is not set
# CONFIG_SCSI_ISCI is not set
# CONFIG_SCSI_IPS is not set
# CONFIG_SCSI_INITIO is not set
# CONFIG_SCSI_INIA100 is not set
# CONFIG_SCSI_STEX is not set
# CONFIG_SCSI_SYM53C8XX_2 is not set
# CONFIG_SCSI_IPR is not set
# CONFIG_SCSI_QLOGIC_1280 is not set
CONFIG_SCSI_QLA_FC=y
CONFIG_SCSI_QLA_ISCSI=y
# CONFIG_SCSI_LPFC is not set
# CONFIG_SCSI_DC395x is not set
# CONFIG_SCSI_DC390T is not set
# CONFIG_SCSI_DEBUG is not set
# CONFIG_SCSI_PMCRAID is not set
# CONFIG_SCSI_PM8001 is not set
# CONFIG_SCSI_SRP is not set
# CONFIG_SCSI_BFA_FC is not set
# CONFIG_SCSI_VIRTIO is not set
# CONFIG_SCSI_DH is not set
# CONFIG_SCSI_OSD_INITIATOR is not set
CONFIG_ATA=y
# CONFIG_ATA_NONSTANDARD is not set
CONFIG_ATA_VERBOSE_ERROR=y
CONFIG_ATA_ACPI=y
CONFIG_SATA_PMP=y
#
# Controllers with non-SFF native interface
#
CONFIG_SATA_AHCI=y
CONFIG_SATA_AHCI_PLATFORM=y
# CONFIG_SATA_INIC162X is not set
# CONFIG_SATA_ACARD_AHCI is not set
# CONFIG_SATA_SIL24 is not set
CONFIG_ATA_SFF=y
#
# SFF controllers with custom DMA interface
#
# CONFIG_PDC_ADMA is not set
# CONFIG_SATA_QSTOR is not set
# CONFIG_SATA_SX4 is not set
CONFIG_ATA_BMDMA=y
#
# SATA SFF controllers with BMDMA
#
CONFIG_ATA_PIIX=y
# CONFIG_SATA_MV is not set
CONFIG_SATA_NV=y
# CONFIG_SATA_PROMISE is not set
# CONFIG_SATA_SIL is not set
# CONFIG_SATA_SIS is not set
# CONFIG_SATA_SVW is not set
# CONFIG_SATA_ULI is not set
# CONFIG_SATA_VIA is not set
# CONFIG_SATA_VITESSE is not set
#
# PATA SFF controllers with BMDMA
#
# CONFIG_PATA_ALI is not set
# CONFIG_PATA_AMD is not set
# CONFIG_PATA_ARTOP is not set
# CONFIG_PATA_ATIIXP is not set
# CONFIG_PATA_ATP867X is not set
# CONFIG_PATA_CMD64X is not set
# CONFIG_PATA_CS5520 is not set
# CONFIG_PATA_CS5530 is not set
# CONFIG_PATA_CS5536 is not set
# CONFIG_PATA_CYPRESS is not set
# CONFIG_PATA_EFAR is not set
# CONFIG_PATA_HPT366 is not set
# CONFIG_PATA_HPT37X is not set
# CONFIG_PATA_HPT3X2N is not set
# CONFIG_PATA_HPT3X3 is not set
# CONFIG_PATA_IT8213 is not set
# CONFIG_PATA_IT821X is not set
# CONFIG_PATA_JMICRON is not set
# CONFIG_PATA_MARVELL is not set
# CONFIG_PATA_NETCELL is not set
# CONFIG_PATA_NINJA32 is not set
# CONFIG_PATA_NS87415 is not set
# CONFIG_PATA_OLDPIIX is not set
# CONFIG_PATA_OPTIDMA is not set
# CONFIG_PATA_PDC2027X is not set
# CONFIG_PATA_PDC_OLD is not set
# CONFIG_PATA_RADISYS is not set
# CONFIG_PATA_RDC is not set
# CONFIG_PATA_SC1200 is not set
# CONFIG_PATA_SCH is not set
# CONFIG_PATA_SERVERWORKS is not set
# CONFIG_PATA_SIL680 is not set
# CONFIG_PATA_SIS is not set
# CONFIG_PATA_TOSHIBA is not set
# CONFIG_PATA_TRIFLEX is not set
# CONFIG_PATA_VIA is not set
# CONFIG_PATA_WINBOND is not set
#
# PIO-only SFF controllers
#
# CONFIG_PATA_CMD640_PCI is not set
# CONFIG_PATA_MPIIX is not set
# CONFIG_PATA_NS87410 is not set
# CONFIG_PATA_OPTI is not set
# CONFIG_PATA_RZ1000 is not set
#
# Generic fallback / legacy drivers
#
# CONFIG_PATA_ACPI is not set
# CONFIG_ATA_GENERIC is not set
# CONFIG_PATA_LEGACY is not set
CONFIG_MD=y
CONFIG_BLK_DEV_MD=y
CONFIG_MD_AUTODETECT=y
CONFIG_MD_LINEAR=y
CONFIG_MD_RAID0=y
CONFIG_MD_RAID1=y
CONFIG_MD_RAID10=y
CONFIG_MD_RAID456=y
# CONFIG_MULTICORE_RAID456 is not set
CONFIG_MD_MULTIPATH=y
CONFIG_MD_FAULTY=y
CONFIG_BLK_DEV_DM=y
# CONFIG_DM_DEBUG is not set
CONFIG_DM_CRYPT=y
CONFIG_DM_SNAPSHOT=y
# CONFIG_DM_THIN_PROVISIONING is not set
CONFIG_DM_MIRROR=y
# CONFIG_DM_RAID is not set
# CONFIG_DM_LOG_USERSPACE is not set
CONFIG_DM_ZERO=y
CONFIG_DM_MULTIPATH=y
# CONFIG_DM_MULTIPATH_QL is not set
# CONFIG_DM_MULTIPATH_ST is not set
# CONFIG_DM_DELAY is not set
# CONFIG_DM_UEVENT is not set
# CONFIG_DM_FLAKEY is not set
# CONFIG_DM_VERITY is not set
# CONFIG_TARGET_CORE is not set
CONFIG_FUSION=y
CONFIG_FUSION_SPI=y
CONFIG_FUSION_FC=y
CONFIG_FUSION_SAS=y
CONFIG_FUSION_MAX_SGE=40
CONFIG_FUSION_CTL=y
# CONFIG_FUSION_LOGGING is not set
#
# IEEE 1394 (FireWire) support
#
# CONFIG_FIREWIRE is not set
# CONFIG_FIREWIRE_NOSY is not set
# CONFIG_I2O is not set
# CONFIG_MACINTOSH_DRIVERS is not set
CONFIG_NETDEVICES=y
CONFIG_NET_CORE=y
CONFIG_BONDING=y
CONFIG_DUMMY=y
# CONFIG_EQUALIZER is not set
# CONFIG_NET_FC is not set
CONFIG_MII=y
CONFIG_IFB=y
# CONFIG_NET_TEAM is not set
# CONFIG_MACVLAN is not set
CONFIG_NETCONSOLE=y
CONFIG_NETCONSOLE_DYNAMIC=y
CONFIG_NETPOLL=y
# CONFIG_NETPOLL_TRAP is not set
CONFIG_NET_POLL_CONTROLLER=y
CONFIG_TUN=y
# CONFIG_VETH is not set
CONFIG_VIRTIO_NET=y
# CONFIG_ARCNET is not set
# CONFIG_ATM_DRIVERS is not set
#
# CAIF transport drivers
#
CONFIG_ETHERNET=y
# CONFIG_NET_VENDOR_3COM is not set
CONFIG_NET_VENDOR_ADAPTEC=y
# CONFIG_ADAPTEC_STARFIRE is not set
CONFIG_NET_VENDOR_ALTEON=y
# CONFIG_ACENIC is not set
CONFIG_NET_VENDOR_AMD=y
# CONFIG_AMD8111_ETH is not set
# CONFIG_PCNET32 is not set
CONFIG_NET_VENDOR_ATHEROS=y
# CONFIG_ATL2 is not set
# CONFIG_ATL1 is not set
# CONFIG_ATL1E is not set
# CONFIG_ATL1C is not set
CONFIG_NET_VENDOR_BROADCOM=y
# CONFIG_B44 is not set
CONFIG_BNX2=y
# CONFIG_CNIC is not set
CONFIG_TIGON3=y
# CONFIG_BNX2X is not set
CONFIG_NET_VENDOR_BROCADE=y
# CONFIG_BNA is not set
# CONFIG_NET_CALXEDA_XGMAC is not set
CONFIG_NET_VENDOR_CHELSIO=y
# CONFIG_CHELSIO_T1 is not set
# CONFIG_CHELSIO_T3 is not set
# CONFIG_CHELSIO_T4 is not set
# CONFIG_CHELSIO_T4VF is not set
CONFIG_NET_VENDOR_CISCO=y
# CONFIG_ENIC is not set
# CONFIG_DNET is not set
CONFIG_NET_VENDOR_DEC=y
# CONFIG_NET_TULIP is not set
CONFIG_NET_VENDOR_DLINK=y
# CONFIG_DL2K is not set
# CONFIG_SUNDANCE is not set
CONFIG_NET_VENDOR_EMULEX=y
# CONFIG_BE2NET is not set
CONFIG_NET_VENDOR_EXAR=y
# CONFIG_S2IO is not set
# CONFIG_VXGE is not set
CONFIG_NET_VENDOR_HP=y
# CONFIG_HP100 is not set
CONFIG_NET_VENDOR_INTEL=y
# CONFIG_E100 is not set
# CONFIG_E1000 is not set
# CONFIG_E1000E is not set
# CONFIG_IGB is not set
# CONFIG_IGBVF is not set
# CONFIG_IXGB is not set
# CONFIG_IXGBE is not set
# CONFIG_IXGBEVF is not set
CONFIG_NET_VENDOR_I825XX=y
# CONFIG_ZNET is not set
# CONFIG_IP1000 is not set
# CONFIG_JME is not set
CONFIG_NET_VENDOR_MARVELL=y
# CONFIG_SKGE is not set
# CONFIG_SKY2 is not set
CONFIG_NET_VENDOR_MELLANOX=y
# CONFIG_MLX4_EN is not set
# CONFIG_MLX4_CORE is not set
CONFIG_NET_VENDOR_MICREL=y
# CONFIG_KS8851_MLL is not set
# CONFIG_KSZ884X_PCI is not set
CONFIG_NET_VENDOR_MYRI=y
# CONFIG_MYRI10GE is not set
# CONFIG_FEALNX is not set
CONFIG_NET_VENDOR_NATSEMI=y
# CONFIG_NATSEMI is not set
# CONFIG_NS83820 is not set
CONFIG_NET_VENDOR_8390=y
# CONFIG_NE2K_PCI is not set
CONFIG_NET_VENDOR_NVIDIA=y
CONFIG_FORCEDETH=y
CONFIG_NET_VENDOR_OKI=y
# CONFIG_PCH_GBE is not set
# CONFIG_ETHOC is not set
# CONFIG_NET_PACKET_ENGINE is not set
CONFIG_NET_VENDOR_QLOGIC=y
# CONFIG_QLA3XXX is not set
# CONFIG_QLCNIC is not set
# CONFIG_QLGE is not set
# CONFIG_NETXEN_NIC is not set
CONFIG_NET_VENDOR_REALTEK=y
CONFIG_8139CP=y
CONFIG_8139TOO=y
CONFIG_8139TOO_PIO=y
# CONFIG_8139TOO_TUNE_TWISTER is not set
# CONFIG_8139TOO_8129 is not set
# CONFIG_8139_OLD_RX_RESET is not set
# CONFIG_R8169 is not set
CONFIG_NET_VENDOR_RDC=y
# CONFIG_R6040 is not set
CONFIG_NET_VENDOR_SEEQ=y
# CONFIG_SEEQ8005 is not set
CONFIG_NET_VENDOR_SILAN=y
# CONFIG_SC92031 is not set
CONFIG_NET_VENDOR_SIS=y
# CONFIG_SIS900 is not set
# CONFIG_SIS190 is not set
# CONFIG_SFC is not set
CONFIG_NET_VENDOR_SMSC=y
# CONFIG_EPIC100 is not set
# CONFIG_SMSC9420 is not set
CONFIG_NET_VENDOR_STMICRO=y
# CONFIG_STMMAC_ETH is not set
CONFIG_NET_VENDOR_SUN=y
# CONFIG_HAPPYMEAL is not set
# CONFIG_SUNGEM is not set
# CONFIG_CASSINI is not set
# CONFIG_NIU is not set
CONFIG_NET_VENDOR_TEHUTI=y
# CONFIG_TEHUTI is not set
CONFIG_NET_VENDOR_TI=y
# CONFIG_TLAN is not set
CONFIG_NET_VENDOR_VIA=y
# CONFIG_VIA_RHINE is not set
# CONFIG_VIA_VELOCITY is not set
CONFIG_NET_VENDOR_WIZNET=y
# CONFIG_WIZNET_W5100 is not set
# CONFIG_WIZNET_W5300 is not set
# CONFIG_FDDI is not set
# CONFIG_HIPPI is not set
# CONFIG_NET_SB1000 is not set
CONFIG_PHYLIB=y
#
# MII PHY device drivers
#
# CONFIG_AMD_PHY is not set
# CONFIG_MARVELL_PHY is not set
# CONFIG_DAVICOM_PHY is not set
# CONFIG_QSEMI_PHY is not set
# CONFIG_LXT_PHY is not set
# CONFIG_CICADA_PHY is not set
# CONFIG_VITESSE_PHY is not set
# CONFIG_SMSC_PHY is not set
# CONFIG_BROADCOM_PHY is not set
# CONFIG_BCM87XX_PHY is not set
# CONFIG_ICPLUS_PHY is not set
CONFIG_REALTEK_PHY=y
# CONFIG_NATIONAL_PHY is not set
# CONFIG_STE10XP is not set
# CONFIG_LSI_ET1011C_PHY is not set
# CONFIG_MICREL_PHY is not set
# CONFIG_FIXED_PHY is not set
# CONFIG_MDIO_BITBANG is not set
# CONFIG_PPP is not set
# CONFIG_SLIP is not set
#
# USB Network Adapters
#
CONFIG_USB_CATC=y
CONFIG_USB_KAWETH=y
CONFIG_USB_PEGASUS=y
CONFIG_USB_RTL8150=y
CONFIG_USB_USBNET=y
CONFIG_USB_NET_AX8817X=y
CONFIG_USB_NET_CDCETHER=y
# CONFIG_USB_NET_CDC_EEM is not set
CONFIG_USB_NET_CDC_NCM=y
# CONFIG_USB_NET_DM9601 is not set
# CONFIG_USB_NET_SMSC75XX is not set
# CONFIG_USB_NET_SMSC95XX is not set
CONFIG_USB_NET_GL620A=y
CONFIG_USB_NET_NET1080=y
CONFIG_USB_NET_PLUSB=y
# CONFIG_USB_NET_MCS7830 is not set
CONFIG_USB_NET_RNDIS_HOST=y
CONFIG_USB_NET_CDC_SUBSET=y
CONFIG_USB_ALI_M5632=y
CONFIG_USB_AN2720=y
CONFIG_USB_BELKIN=y
CONFIG_USB_ARMLINUX=y
CONFIG_USB_EPSON2888=y
# CONFIG_USB_KC2190 is not set
CONFIG_USB_NET_ZAURUS=y
# CONFIG_USB_NET_CX82310_ETH is not set
# CONFIG_USB_NET_KALMIA is not set
# CONFIG_USB_NET_QMI_WWAN is not set
# CONFIG_USB_NET_INT51X1 is not set
# CONFIG_USB_IPHETH is not set
# CONFIG_USB_SIERRA_NET is not set
# CONFIG_USB_VL600 is not set
# CONFIG_WLAN is not set
#
# Enable WiMAX (Networking options) to see the WiMAX drivers
#
# CONFIG_WAN is not set
# CONFIG_VMXNET3 is not set
# CONFIG_ISDN is not set
#
# Input device support
#
CONFIG_INPUT=y
CONFIG_INPUT_FF_MEMLESS=y
CONFIG_INPUT_POLLDEV=y
# CONFIG_INPUT_SPARSEKMAP is not set
# CONFIG_INPUT_MATRIXKMAP is not set
#
# Userland interfaces
#
CONFIG_INPUT_MOUSEDEV=y
# CONFIG_INPUT_MOUSEDEV_PSAUX is not set
CONFIG_INPUT_MOUSEDEV_SCREEN_X=1024
CONFIG_INPUT_MOUSEDEV_SCREEN_Y=768
CONFIG_INPUT_JOYDEV=y
CONFIG_INPUT_EVDEV=y
# CONFIG_INPUT_EVBUG is not set
#
# Input Device Drivers
#
CONFIG_INPUT_KEYBOARD=y
# CONFIG_KEYBOARD_ADP5588 is not set
# CONFIG_KEYBOARD_ADP5589 is not set
CONFIG_KEYBOARD_ATKBD=y
# CONFIG_KEYBOARD_QT1070 is not set
# CONFIG_KEYBOARD_QT2160 is not set
# CONFIG_KEYBOARD_LKKBD is not set
# CONFIG_KEYBOARD_TCA6416 is not set
# CONFIG_KEYBOARD_TCA8418 is not set
# CONFIG_KEYBOARD_LM8333 is not set
# CONFIG_KEYBOARD_MAX7359 is not set
# CONFIG_KEYBOARD_MCS is not set
# CONFIG_KEYBOARD_MPR121 is not set
# CONFIG_KEYBOARD_NEWTON is not set
# CONFIG_KEYBOARD_OPENCORES is not set
# CONFIG_KEYBOARD_STOWAWAY is not set
# CONFIG_KEYBOARD_SUNKBD is not set
# CONFIG_KEYBOARD_OMAP4 is not set
# CONFIG_KEYBOARD_XTKBD is not set
CONFIG_INPUT_MOUSE=y
CONFIG_MOUSE_PS2=y
CONFIG_MOUSE_PS2_ALPS=y
CONFIG_MOUSE_PS2_LOGIPS2PP=y
CONFIG_MOUSE_PS2_SYNAPTICS=y
CONFIG_MOUSE_PS2_LIFEBOOK=y
CONFIG_MOUSE_PS2_TRACKPOINT=y
# CONFIG_MOUSE_PS2_ELANTECH is not set
# CONFIG_MOUSE_PS2_SENTELIC is not set
# CONFIG_MOUSE_PS2_TOUCHKIT is not set
CONFIG_MOUSE_SERIAL=y
# CONFIG_MOUSE_APPLETOUCH is not set
# CONFIG_MOUSE_BCM5974 is not set
CONFIG_MOUSE_VSXXXAA=y
# CONFIG_MOUSE_SYNAPTICS_I2C is not set
# CONFIG_MOUSE_SYNAPTICS_USB is not set
CONFIG_INPUT_JOYSTICK=y
# CONFIG_JOYSTICK_ANALOG is not set
# CONFIG_JOYSTICK_A3D is not set
# CONFIG_JOYSTICK_ADI is not set
# CONFIG_JOYSTICK_COBRA is not set
# CONFIG_JOYSTICK_GF2K is not set
# CONFIG_JOYSTICK_GRIP is not set
# CONFIG_JOYSTICK_GRIP_MP is not set
# CONFIG_JOYSTICK_GUILLEMOT is not set
# CONFIG_JOYSTICK_INTERACT is not set
# CONFIG_JOYSTICK_SIDEWINDER is not set
# CONFIG_JOYSTICK_TMDC is not set
# CONFIG_JOYSTICK_IFORCE is not set
# CONFIG_JOYSTICK_WARRIOR is not set
# CONFIG_JOYSTICK_MAGELLAN is not set
# CONFIG_JOYSTICK_SPACEORB is not set
# CONFIG_JOYSTICK_SPACEBALL is not set
# CONFIG_JOYSTICK_STINGER is not set
CONFIG_JOYSTICK_TWIDJOY=y
# CONFIG_JOYSTICK_ZHENHUA is not set
# CONFIG_JOYSTICK_AS5011 is not set
CONFIG_JOYSTICK_JOYDUMP=y
# CONFIG_JOYSTICK_XPAD is not set
# CONFIG_INPUT_TABLET is not set
CONFIG_INPUT_TOUCHSCREEN=y
# CONFIG_TOUCHSCREEN_AD7879 is not set
# CONFIG_TOUCHSCREEN_ATMEL_MXT is not set
# CONFIG_TOUCHSCREEN_BU21013 is not set
# CONFIG_TOUCHSCREEN_CYTTSP_CORE is not set
# CONFIG_TOUCHSCREEN_DYNAPRO is not set
# CONFIG_TOUCHSCREEN_HAMPSHIRE is not set
# CONFIG_TOUCHSCREEN_EETI is not set
# CONFIG_TOUCHSCREEN_EGALAX is not set
# CONFIG_TOUCHSCREEN_FUJITSU is not set
# CONFIG_TOUCHSCREEN_ILI210X is not set
CONFIG_TOUCHSCREEN_GUNZE=y
CONFIG_TOUCHSCREEN_ELO=y
# CONFIG_TOUCHSCREEN_WACOM_W8001 is not set
# CONFIG_TOUCHSCREEN_WACOM_I2C is not set
# CONFIG_TOUCHSCREEN_MAX11801 is not set
# CONFIG_TOUCHSCREEN_MCS5000 is not set
# CONFIG_TOUCHSCREEN_MMS114 is not set
CONFIG_TOUCHSCREEN_MTOUCH=y
# CONFIG_TOUCHSCREEN_INEXIO is not set
CONFIG_TOUCHSCREEN_MK712=y
# CONFIG_TOUCHSCREEN_PENMOUNT is not set
# CONFIG_TOUCHSCREEN_EDT_FT5X06 is not set
# CONFIG_TOUCHSCREEN_TOUCHRIGHT is not set
# CONFIG_TOUCHSCREEN_TOUCHWIN is not set
# CONFIG_TOUCHSCREEN_PIXCIR is not set
# CONFIG_TOUCHSCREEN_USB_COMPOSITE is not set
# CONFIG_TOUCHSCREEN_TOUCHIT213 is not set
# CONFIG_TOUCHSCREEN_TSC_SERIO is not set
# CONFIG_TOUCHSCREEN_TSC2007 is not set
# CONFIG_TOUCHSCREEN_ST1232 is not set
# CONFIG_TOUCHSCREEN_TPS6507X is not set
CONFIG_INPUT_MISC=y
# CONFIG_INPUT_AD714X is not set
# CONFIG_INPUT_BMA150 is not set
CONFIG_INPUT_PCSPKR=y
# CONFIG_INPUT_MMA8450 is not set
# CONFIG_INPUT_MPU3050 is not set
# CONFIG_INPUT_ATLAS_BTNS is not set
# CONFIG_INPUT_ATI_REMOTE2 is not set
# CONFIG_INPUT_KEYSPAN_REMOTE is not set
# CONFIG_INPUT_KXTJ9 is not set
# CONFIG_INPUT_POWERMATE is not set
# CONFIG_INPUT_YEALINK is not set
# CONFIG_INPUT_CM109 is not set
CONFIG_INPUT_UINPUT=y
# CONFIG_INPUT_PCF8574 is not set
# CONFIG_INPUT_ADXL34X is not set
# CONFIG_INPUT_CMA3000 is not set
#
# Hardware I/O ports
#
CONFIG_SERIO=y
CONFIG_SERIO_I8042=y
CONFIG_SERIO_SERPORT=y
# CONFIG_SERIO_CT82C710 is not set
# CONFIG_SERIO_PCIPS2 is not set
CONFIG_SERIO_LIBPS2=y
CONFIG_SERIO_RAW=y
# CONFIG_SERIO_ALTERA_PS2 is not set
# CONFIG_SERIO_PS2MULT is not set
CONFIG_GAMEPORT=y
CONFIG_GAMEPORT_NS558=y
CONFIG_GAMEPORT_L4=y
CONFIG_GAMEPORT_EMU10K1=y
CONFIG_GAMEPORT_FM801=y
#
# Character devices
#
CONFIG_VT=y
CONFIG_CONSOLE_TRANSLATIONS=y
CONFIG_VT_CONSOLE=y
CONFIG_VT_CONSOLE_SLEEP=y
CONFIG_HW_CONSOLE=y
CONFIG_VT_HW_CONSOLE_BINDING=y
CONFIG_UNIX98_PTYS=y
# CONFIG_DEVPTS_MULTIPLE_INSTANCES is not set
# CONFIG_LEGACY_PTYS is not set
CONFIG_SERIAL_NONSTANDARD=y
# CONFIG_ROCKETPORT is not set
CONFIG_CYCLADES=y
# CONFIG_CYZ_INTR is not set
# CONFIG_MOXA_INTELLIO is not set
# CONFIG_MOXA_SMARTIO is not set
# CONFIG_SYNCLINK is not set
# CONFIG_SYNCLINKMP is not set
# CONFIG_SYNCLINK_GT is not set
# CONFIG_NOZOMI is not set
# CONFIG_ISI is not set
# CONFIG_N_HDLC is not set
# CONFIG_N_GSM is not set
# CONFIG_TRACE_SINK is not set
CONFIG_DEVKMEM=y
# CONFIG_STALDRV is not set
#
# Serial drivers
#
CONFIG_SERIAL_8250=y
CONFIG_SERIAL_8250_CONSOLE=y
CONFIG_FIX_EARLYCON_MEM=y
CONFIG_SERIAL_8250_PCI=y
CONFIG_SERIAL_8250_PNP=y
CONFIG_SERIAL_8250_NR_UARTS=32
CONFIG_SERIAL_8250_RUNTIME_UARTS=4
CONFIG_SERIAL_8250_EXTENDED=y
CONFIG_SERIAL_8250_MANY_PORTS=y
CONFIG_SERIAL_8250_SHARE_IRQ=y
CONFIG_SERIAL_8250_DETECT_IRQ=y
CONFIG_SERIAL_8250_RSA=y
#
# Non-8250 serial port support
#
# CONFIG_SERIAL_MFD_HSU is not set
CONFIG_SERIAL_CORE=y
CONFIG_SERIAL_CORE_CONSOLE=y
CONFIG_SERIAL_JSM=y
# CONFIG_SERIAL_TIMBERDALE is not set
# CONFIG_SERIAL_ALTERA_JTAGUART is not set
# CONFIG_SERIAL_ALTERA_UART is not set
# CONFIG_SERIAL_PCH_UART is not set
# CONFIG_SERIAL_XILINX_PS_UART is not set
# CONFIG_VIRTIO_CONSOLE is not set
CONFIG_IPMI_HANDLER=y
# CONFIG_IPMI_PANIC_EVENT is not set
CONFIG_IPMI_DEVICE_INTERFACE=y
CONFIG_IPMI_SI=y
CONFIG_IPMI_WATCHDOG=y
CONFIG_IPMI_POWEROFF=y
# CONFIG_HW_RANDOM is not set
CONFIG_NVRAM=y
# CONFIG_R3964 is not set
# CONFIG_APPLICOM is not set
# CONFIG_MWAVE is not set
CONFIG_RAW_DRIVER=y
CONFIG_MAX_RAW_DEVS=8192
CONFIG_HPET=y
# CONFIG_HPET_MMAP is not set
# CONFIG_HANGCHECK_TIMER is not set
# CONFIG_TCG_TPM is not set
# CONFIG_TELCLOCK is not set
CONFIG_DEVPORT=y
CONFIG_I2C=y
CONFIG_I2C_BOARDINFO=y
CONFIG_I2C_COMPAT=y
# CONFIG_I2C_CHARDEV is not set
# CONFIG_I2C_MUX is not set
CONFIG_I2C_HELPER_AUTO=y
CONFIG_I2C_SMBUS=y
CONFIG_I2C_ALGOBIT=y
#
# I2C Hardware Bus support
#
#
# PC SMBus host controller drivers
#
# CONFIG_I2C_ALI1535 is not set
# CONFIG_I2C_ALI1563 is not set
# CONFIG_I2C_ALI15X3 is not set
CONFIG_I2C_AMD756=y
CONFIG_I2C_AMD756_S4882=y
CONFIG_I2C_AMD8111=y
CONFIG_I2C_I801=y
# CONFIG_I2C_ISCH is not set
# CONFIG_I2C_PIIX4 is not set
CONFIG_I2C_NFORCE2=y
# CONFIG_I2C_NFORCE2_S4985 is not set
# CONFIG_I2C_SIS5595 is not set
# CONFIG_I2C_SIS630 is not set
CONFIG_I2C_SIS96X=y
CONFIG_I2C_VIA=y
CONFIG_I2C_VIAPRO=y
#
# ACPI drivers
#
# CONFIG_I2C_SCMI is not set
#
# I2C system bus drivers (mostly embedded / system-on-chip)
#
# CONFIG_I2C_DESIGNWARE_PCI is not set
# CONFIG_I2C_EG20T is not set
# CONFIG_I2C_INTEL_MID is not set
# CONFIG_I2C_OCORES is not set
# CONFIG_I2C_PCA_PLATFORM is not set
# CONFIG_I2C_PXA_PCI is not set
# CONFIG_I2C_SIMTEC is not set
# CONFIG_I2C_XILINX is not set
#
# External I2C/SMBus adapter drivers
#
# CONFIG_I2C_DIOLAN_U2C is not set
CONFIG_I2C_PARPORT_LIGHT=y
# CONFIG_I2C_TAOS_EVM is not set
# CONFIG_I2C_TINY_USB is not set
#
# Other I2C/SMBus bus drivers
#
# CONFIG_I2C_DEBUG_CORE is not set
# CONFIG_I2C_DEBUG_ALGO is not set
# CONFIG_I2C_DEBUG_BUS is not set
# CONFIG_SPI is not set
# CONFIG_HSI is not set
#
# PPS support
#
# CONFIG_PPS is not set
#
# PPS generators support
#
#
# PTP clock support
#
#
# Enable Device Drivers -> PPS to see the PTP clock options.
#
CONFIG_ARCH_WANT_OPTIONAL_GPIOLIB=y
# CONFIG_GPIOLIB is not set
# CONFIG_W1 is not set
CONFIG_POWER_SUPPLY=y
# CONFIG_POWER_SUPPLY_DEBUG is not set
# CONFIG_PDA_POWER is not set
# CONFIG_TEST_POWER is not set
# CONFIG_BATTERY_DS2780 is not set
# CONFIG_BATTERY_DS2781 is not set
# CONFIG_BATTERY_DS2782 is not set
# CONFIG_BATTERY_SBS is not set
# CONFIG_BATTERY_BQ27x00 is not set
# CONFIG_BATTERY_MAX17040 is not set
# CONFIG_BATTERY_MAX17042 is not set
# CONFIG_CHARGER_MAX8903 is not set
# CONFIG_CHARGER_LP8727 is not set
# CONFIG_CHARGER_SMB347 is not set
# CONFIG_POWER_AVS is not set
CONFIG_HWMON=y
# CONFIG_HWMON_VID is not set
# CONFIG_HWMON_DEBUG_CHIP is not set
#
# Native drivers
#
# CONFIG_SENSORS_ABITUGURU is not set
# CONFIG_SENSORS_ABITUGURU3 is not set
# CONFIG_SENSORS_AD7414 is not set
# CONFIG_SENSORS_AD7418 is not set
# CONFIG_SENSORS_ADM1021 is not set
# CONFIG_SENSORS_ADM1025 is not set
# CONFIG_SENSORS_ADM1026 is not set
# CONFIG_SENSORS_ADM1029 is not set
# CONFIG_SENSORS_ADM1031 is not set
# CONFIG_SENSORS_ADM9240 is not set
# CONFIG_SENSORS_ADT7411 is not set
# CONFIG_SENSORS_ADT7462 is not set
# CONFIG_SENSORS_ADT7470 is not set
# CONFIG_SENSORS_ADT7475 is not set
# CONFIG_SENSORS_ASC7621 is not set
# CONFIG_SENSORS_K8TEMP is not set
# CONFIG_SENSORS_K10TEMP is not set
# CONFIG_SENSORS_FAM15H_POWER is not set
# CONFIG_SENSORS_ASB100 is not set
# CONFIG_SENSORS_ATXP1 is not set
# CONFIG_SENSORS_DS620 is not set
# CONFIG_SENSORS_DS1621 is not set
# CONFIG_SENSORS_I5K_AMB is not set
# CONFIG_SENSORS_F71805F is not set
# CONFIG_SENSORS_F71882FG is not set
# CONFIG_SENSORS_F75375S is not set
# CONFIG_SENSORS_FSCHMD is not set
# CONFIG_SENSORS_G760A is not set
# CONFIG_SENSORS_GL518SM is not set
# CONFIG_SENSORS_GL520SM is not set
# CONFIG_SENSORS_HIH6130 is not set
# CONFIG_SENSORS_CORETEMP is not set
# CONFIG_SENSORS_IBMAEM is not set
# CONFIG_SENSORS_IBMPEX is not set
# CONFIG_SENSORS_IT87 is not set
# CONFIG_SENSORS_JC42 is not set
# CONFIG_SENSORS_LINEAGE is not set
# CONFIG_SENSORS_LM63 is not set
# CONFIG_SENSORS_LM73 is not set
# CONFIG_SENSORS_LM75 is not set
# CONFIG_SENSORS_LM77 is not set
# CONFIG_SENSORS_LM78 is not set
# CONFIG_SENSORS_LM80 is not set
# CONFIG_SENSORS_LM83 is not set
# CONFIG_SENSORS_LM85 is not set
# CONFIG_SENSORS_LM87 is not set
# CONFIG_SENSORS_LM90 is not set
# CONFIG_SENSORS_LM92 is not set
# CONFIG_SENSORS_LM93 is not set
# CONFIG_SENSORS_LTC4151 is not set
# CONFIG_SENSORS_LTC4215 is not set
# CONFIG_SENSORS_LTC4245 is not set
# CONFIG_SENSORS_LTC4261 is not set
# CONFIG_SENSORS_LM95241 is not set
# CONFIG_SENSORS_LM95245 is not set
# CONFIG_SENSORS_MAX16065 is not set
# CONFIG_SENSORS_MAX1619 is not set
# CONFIG_SENSORS_MAX1668 is not set
# CONFIG_SENSORS_MAX6639 is not set
# CONFIG_SENSORS_MAX6642 is not set
# CONFIG_SENSORS_MAX6650 is not set
# CONFIG_SENSORS_MCP3021 is not set
# CONFIG_SENSORS_NTC_THERMISTOR is not set
# CONFIG_SENSORS_PC87360 is not set
# CONFIG_SENSORS_PC87427 is not set
# CONFIG_SENSORS_PCF8591 is not set
# CONFIG_PMBUS is not set
# CONFIG_SENSORS_SHT21 is not set
# CONFIG_SENSORS_SIS5595 is not set
# CONFIG_SENSORS_SMM665 is not set
# CONFIG_SENSORS_DME1737 is not set
# CONFIG_SENSORS_EMC1403 is not set
# CONFIG_SENSORS_EMC2103 is not set
# CONFIG_SENSORS_EMC6W201 is not set
# CONFIG_SENSORS_SMSC47M1 is not set
# CONFIG_SENSORS_SMSC47M192 is not set
# CONFIG_SENSORS_SMSC47B397 is not set
# CONFIG_SENSORS_SCH56XX_COMMON is not set
# CONFIG_SENSORS_SCH5627 is not set
# CONFIG_SENSORS_SCH5636 is not set
# CONFIG_SENSORS_ADS1015 is not set
# CONFIG_SENSORS_ADS7828 is not set
# CONFIG_SENSORS_AMC6821 is not set
# CONFIG_SENSORS_INA2XX is not set
# CONFIG_SENSORS_THMC50 is not set
# CONFIG_SENSORS_TMP102 is not set
# CONFIG_SENSORS_TMP401 is not set
# CONFIG_SENSORS_TMP421 is not set
# CONFIG_SENSORS_VIA_CPUTEMP is not set
# CONFIG_SENSORS_VIA686A is not set
# CONFIG_SENSORS_VT1211 is not set
# CONFIG_SENSORS_VT8231 is not set
# CONFIG_SENSORS_W83781D is not set
# CONFIG_SENSORS_W83791D is not set
# CONFIG_SENSORS_W83792D is not set
# CONFIG_SENSORS_W83793 is not set
# CONFIG_SENSORS_W83795 is not set
# CONFIG_SENSORS_W83L785TS is not set
# CONFIG_SENSORS_W83L786NG is not set
# CONFIG_SENSORS_W83627HF is not set
# CONFIG_SENSORS_W83627EHF is not set
# CONFIG_SENSORS_APPLESMC is not set
#
# ACPI drivers
#
# CONFIG_SENSORS_ACPI_POWER is not set
# CONFIG_SENSORS_ATK0110 is not set
CONFIG_THERMAL=y
CONFIG_THERMAL_HWMON=y
CONFIG_WATCHDOG=y
CONFIG_WATCHDOG_CORE=y
# CONFIG_WATCHDOG_NOWAYOUT is not set
#
# Watchdog Device Drivers
#
CONFIG_SOFT_WATCHDOG=y
# CONFIG_ACQUIRE_WDT is not set
# CONFIG_ADVANTECH_WDT is not set
CONFIG_ALIM1535_WDT=y
CONFIG_ALIM7101_WDT=y
# CONFIG_F71808E_WDT is not set
# CONFIG_SP5100_TCO is not set
# CONFIG_SC520_WDT is not set
# CONFIG_SBC_FITPC2_WATCHDOG is not set
# CONFIG_EUROTECH_WDT is not set
# CONFIG_IB700_WDT is not set
CONFIG_IBMASR=y
# CONFIG_WAFER_WDT is not set
CONFIG_I6300ESB_WDT=y
# CONFIG_IE6XX_WDT is not set
# CONFIG_ITCO_WDT is not set
# CONFIG_IT8712F_WDT is not set
# CONFIG_IT87_WDT is not set
# CONFIG_HP_WATCHDOG is not set
# CONFIG_SC1200_WDT is not set
# CONFIG_PC87413_WDT is not set
# CONFIG_NV_TCO is not set
# CONFIG_60XX_WDT is not set
# CONFIG_SBC8360_WDT is not set
# CONFIG_CPU5_WDT is not set
# CONFIG_SMSC_SCH311X_WDT is not set
# CONFIG_SMSC37B787_WDT is not set
# CONFIG_VIA_WDT is not set
CONFIG_W83627HF_WDT=y
# CONFIG_W83697HF_WDT is not set
# CONFIG_W83697UG_WDT is not set
CONFIG_W83877F_WDT=y
CONFIG_W83977F_WDT=y
CONFIG_MACHZ_WDT=y
# CONFIG_SBC_EPX_C3_WATCHDOG is not set
#
# PCI-based Watchdog Cards
#
CONFIG_PCIPCWATCHDOG=y
CONFIG_WDTPCI=y
#
# USB-based Watchdog Cards
#
CONFIG_USBPCWATCHDOG=y
CONFIG_SSB_POSSIBLE=y
#
# Sonics Silicon Backplane
#
# CONFIG_SSB is not set
CONFIG_BCMA_POSSIBLE=y
#
# Broadcom specific AMBA
#
# CONFIG_BCMA is not set
#
# Multifunction device drivers
#
# CONFIG_MFD_CORE is not set
# CONFIG_MFD_88PM860X is not set
# CONFIG_MFD_88PM800 is not set
# CONFIG_MFD_88PM805 is not set
# CONFIG_MFD_SM501 is not set
# CONFIG_HTC_PASIC3 is not set
# CONFIG_MFD_LM3533 is not set
# CONFIG_TPS6105X is not set
# CONFIG_TPS6507X is not set
# CONFIG_MFD_TPS65217 is not set
# CONFIG_TWL4030_CORE is not set
# CONFIG_TWL6040_CORE is not set
# CONFIG_MFD_STMPE is not set
# CONFIG_MFD_TC3589X is not set
# CONFIG_MFD_TMIO is not set
# CONFIG_PMIC_DA903X is not set
# CONFIG_MFD_DA9052_I2C is not set
# CONFIG_PMIC_ADP5520 is not set
# CONFIG_MFD_MAX77686 is not set
# CONFIG_MFD_MAX77693 is not set
# CONFIG_MFD_MAX8925 is not set
# CONFIG_MFD_MAX8997 is not set
# CONFIG_MFD_MAX8998 is not set
# CONFIG_MFD_SEC_CORE is not set
# CONFIG_MFD_ARIZONA_I2C is not set
# CONFIG_MFD_WM8400 is not set
# CONFIG_MFD_WM831X_I2C is not set
# CONFIG_MFD_WM8350_I2C is not set
# CONFIG_MFD_WM8994 is not set
# CONFIG_MFD_PCF50633 is not set
# CONFIG_MFD_MC13XXX_I2C is not set
# CONFIG_ABX500_CORE is not set
# CONFIG_MFD_CS5535 is not set
# CONFIG_LPC_SCH is not set
# CONFIG_LPC_ICH is not set
# CONFIG_MFD_RDC321X is not set
# CONFIG_MFD_JANZ_CMODIO is not set
# CONFIG_MFD_VX855 is not set
# CONFIG_MFD_WL1273_CORE is not set
# CONFIG_MFD_TPS65090 is not set
# CONFIG_MFD_RC5T583 is not set
# CONFIG_MFD_PALMAS is not set
# CONFIG_REGULATOR is not set
# CONFIG_MEDIA_SUPPORT is not set
#
# Graphics support
#
CONFIG_AGP=y
CONFIG_AGP_AMD64=y
CONFIG_AGP_INTEL=y
# CONFIG_AGP_SIS is not set
# CONFIG_AGP_VIA is not set
CONFIG_VGA_ARB=y
CONFIG_VGA_ARB_MAX_GPUS=16
# CONFIG_VGA_SWITCHEROO is not set
CONFIG_DRM=y
CONFIG_DRM_KMS_HELPER=y
# CONFIG_DRM_LOAD_EDID_FIRMWARE is not set
CONFIG_DRM_TTM=y
# CONFIG_DRM_TDFX is not set
CONFIG_DRM_R128=y
CONFIG_DRM_RADEON=y
# CONFIG_DRM_RADEON_KMS is not set
CONFIG_DRM_NOUVEAU=y
CONFIG_DRM_NOUVEAU_BACKLIGHT=y
CONFIG_DRM_NOUVEAU_DEBUG=y
#
# I2C encoder or helper chips
#
CONFIG_DRM_I2C_CH7006=y
CONFIG_DRM_I2C_SIL164=y
# CONFIG_DRM_I915 is not set
# CONFIG_DRM_MGA is not set
# CONFIG_DRM_SIS is not set
# CONFIG_DRM_VIA is not set
# CONFIG_DRM_SAVAGE is not set
# CONFIG_DRM_VMWGFX is not set
# CONFIG_DRM_GMA500 is not set
# CONFIG_DRM_UDL is not set
# CONFIG_DRM_AST is not set
# CONFIG_DRM_MGAG200 is not set
# CONFIG_DRM_CIRRUS_QEMU is not set
# CONFIG_STUB_POULSBO is not set
# CONFIG_VGASTATE is not set
CONFIG_VIDEO_OUTPUT_CONTROL=y
CONFIG_FB=y
# CONFIG_FIRMWARE_EDID is not set
# CONFIG_FB_DDC is not set
# CONFIG_FB_BOOT_VESA_SUPPORT is not set
CONFIG_FB_CFB_FILLRECT=y
CONFIG_FB_CFB_COPYAREA=y
CONFIG_FB_CFB_IMAGEBLIT=y
# CONFIG_FB_CFB_REV_PIXELS_IN_BYTE is not set
# CONFIG_FB_SYS_FILLRECT is not set
# CONFIG_FB_SYS_COPYAREA is not set
# CONFIG_FB_SYS_IMAGEBLIT is not set
# CONFIG_FB_FOREIGN_ENDIAN is not set
# CONFIG_FB_SYS_FOPS is not set
# CONFIG_FB_WMT_GE_ROPS is not set
# CONFIG_FB_SVGALIB is not set
# CONFIG_FB_MACMODES is not set
CONFIG_FB_BACKLIGHT=y
# CONFIG_FB_MODE_HELPERS is not set
# CONFIG_FB_TILEBLITTING is not set
#
# Frame buffer hardware drivers
#
# CONFIG_FB_CIRRUS is not set
# CONFIG_FB_PM2 is not set
# CONFIG_FB_CYBER2000 is not set
# CONFIG_FB_ARC is not set
# CONFIG_FB_ASILIANT is not set
# CONFIG_FB_IMSTT is not set
# CONFIG_FB_VGA16 is not set
# CONFIG_FB_UVESA is not set
# CONFIG_FB_VESA is not set
# CONFIG_FB_N411 is not set
# CONFIG_FB_HGA is not set
# CONFIG_FB_S1D13XXX is not set
# CONFIG_FB_NVIDIA is not set
# CONFIG_FB_RIVA is not set
# CONFIG_FB_I740 is not set
# CONFIG_FB_LE80578 is not set
# CONFIG_FB_MATROX is not set
# CONFIG_FB_RADEON is not set
# CONFIG_FB_ATY128 is not set
# CONFIG_FB_ATY is not set
# CONFIG_FB_S3 is not set
# CONFIG_FB_SAVAGE is not set
# CONFIG_FB_SIS is not set
# CONFIG_FB_VIA is not set
# CONFIG_FB_NEOMAGIC is not set
# CONFIG_FB_KYRO is not set
# CONFIG_FB_3DFX is not set
# CONFIG_FB_VOODOO1 is not set
# CONFIG_FB_VT8623 is not set
# CONFIG_FB_TRIDENT is not set
# CONFIG_FB_ARK is not set
# CONFIG_FB_PM3 is not set
# CONFIG_FB_CARMINE is not set
# CONFIG_FB_GEODE is not set
# CONFIG_FB_SMSCUFX is not set
# CONFIG_FB_UDL is not set
# CONFIG_FB_VIRTUAL is not set
# CONFIG_FB_METRONOME is not set
# CONFIG_FB_MB862XX is not set
# CONFIG_FB_BROADSHEET is not set
# CONFIG_FB_AUO_K190X is not set
# CONFIG_EXYNOS_VIDEO is not set
CONFIG_BACKLIGHT_LCD_SUPPORT=y
CONFIG_LCD_CLASS_DEVICE=y
CONFIG_LCD_PLATFORM=y
CONFIG_BACKLIGHT_CLASS_DEVICE=y
CONFIG_BACKLIGHT_GENERIC=y
# CONFIG_BACKLIGHT_PROGEAR is not set
# CONFIG_BACKLIGHT_APPLE is not set
# CONFIG_BACKLIGHT_SAHARA is not set
# CONFIG_BACKLIGHT_ADP8860 is not set
# CONFIG_BACKLIGHT_ADP8870 is not set
# CONFIG_BACKLIGHT_LP855X is not set
#
# Console display driver support
#
CONFIG_VGA_CONSOLE=y
CONFIG_VGACON_SOFT_SCROLLBACK=y
CONFIG_VGACON_SOFT_SCROLLBACK_SIZE=64
CONFIG_DUMMY_CONSOLE=y
CONFIG_FRAMEBUFFER_CONSOLE=y
CONFIG_FRAMEBUFFER_CONSOLE_DETECT_PRIMARY=y
CONFIG_FRAMEBUFFER_CONSOLE_ROTATION=y
# CONFIG_FONTS is not set
CONFIG_FONT_8x8=y
CONFIG_FONT_8x16=y
# CONFIG_LOGO is not set
# CONFIG_SOUND is not set
#
# HID support
#
CONFIG_HID=y
# CONFIG_HID_BATTERY_STRENGTH is not set
# CONFIG_HIDRAW is not set
# CONFIG_UHID is not set
CONFIG_HID_GENERIC=y
#
# Special HID drivers
#
CONFIG_HID_A4TECH=y
# CONFIG_HID_ACRUX is not set
CONFIG_HID_APPLE=y
# CONFIG_HID_AUREAL is not set
CONFIG_HID_BELKIN=y
CONFIG_HID_CHERRY=y
CONFIG_HID_CHICONY=y
CONFIG_HID_CYPRESS=y
CONFIG_HID_DRAGONRISE=y
# CONFIG_DRAGONRISE_FF is not set
# CONFIG_HID_EMS_FF is not set
CONFIG_HID_EZKEY=y
# CONFIG_HID_HOLTEK is not set
# CONFIG_HID_KEYTOUCH is not set
CONFIG_HID_KYE=y
# CONFIG_HID_UCLOGIC is not set
# CONFIG_HID_WALTOP is not set
CONFIG_HID_GYRATION=y
CONFIG_HID_TWINHAN=y
CONFIG_HID_KENSINGTON=y
# CONFIG_HID_LCPOWER is not set
# CONFIG_HID_LENOVO_TPKBD is not set
CONFIG_HID_LOGITECH=y
CONFIG_HID_LOGITECH_DJ=y
CONFIG_LOGITECH_FF=y
# CONFIG_LOGIRUMBLEPAD2_FF is not set
# CONFIG_LOGIG940_FF is not set
CONFIG_LOGIWHEELS_FF=y
CONFIG_HID_MICROSOFT=y
CONFIG_HID_MONTEREY=y
# CONFIG_HID_MULTITOUCH is not set
CONFIG_HID_NTRIG=y
# CONFIG_HID_ORTEK is not set
CONFIG_HID_PANTHERLORD=y
# CONFIG_PANTHERLORD_FF is not set
CONFIG_HID_PETALYNX=y
# CONFIG_HID_PICOLCD is not set
# CONFIG_HID_PRIMAX is not set
# CONFIG_HID_ROCCAT is not set
# CONFIG_HID_SAITEK is not set
CONFIG_HID_SAMSUNG=y
CONFIG_HID_SONY=y
# CONFIG_HID_SPEEDLINK is not set
CONFIG_HID_SUNPLUS=y
CONFIG_HID_GREENASIA=y
# CONFIG_GREENASIA_FF is not set
CONFIG_HID_SMARTJOYPLUS=y
# CONFIG_SMARTJOYPLUS_FF is not set
# CONFIG_HID_TIVO is not set
CONFIG_HID_TOPSEED=y
CONFIG_HID_THRUSTMASTER=y
CONFIG_THRUSTMASTER_FF=y
CONFIG_HID_ZEROPLUS=y
# CONFIG_ZEROPLUS_FF is not set
# CONFIG_HID_ZYDACRON is not set
#
# USB HID support
#
CONFIG_USB_HID=y
CONFIG_HID_PID=y
CONFIG_USB_HIDDEV=y
CONFIG_USB_ARCH_HAS_OHCI=y
CONFIG_USB_ARCH_HAS_EHCI=y
CONFIG_USB_ARCH_HAS_XHCI=y
CONFIG_USB_SUPPORT=y
CONFIG_USB_COMMON=y
CONFIG_USB_ARCH_HAS_HCD=y
CONFIG_USB=y
# CONFIG_USB_DEBUG is not set
# CONFIG_USB_ANNOUNCE_NEW_DEVICES is not set
#
# Miscellaneous USB options
#
# CONFIG_USB_DYNAMIC_MINORS is not set
# CONFIG_USB_SUSPEND is not set
CONFIG_USB_MON=y
# CONFIG_USB_WUSB_CBAF is not set
#
# USB Host Controller Drivers
#
# CONFIG_USB_C67X00_HCD is not set
# CONFIG_USB_XHCI_HCD is not set
CONFIG_USB_EHCI_HCD=y
CONFIG_USB_EHCI_ROOT_HUB_TT=y
CONFIG_USB_EHCI_TT_NEWSCHED=y
# CONFIG_USB_OXU210HP_HCD is not set
CONFIG_USB_ISP116X_HCD=y
# CONFIG_USB_ISP1760_HCD is not set
# CONFIG_USB_ISP1362_HCD is not set
CONFIG_USB_OHCI_HCD=y
# CONFIG_USB_OHCI_HCD_PLATFORM is not set
# CONFIG_USB_EHCI_HCD_PLATFORM is not set
# CONFIG_USB_OHCI_BIG_ENDIAN_DESC is not set
# CONFIG_USB_OHCI_BIG_ENDIAN_MMIO is not set
CONFIG_USB_OHCI_LITTLE_ENDIAN=y
CONFIG_USB_UHCI_HCD=y
CONFIG_USB_SL811_HCD=y
# CONFIG_USB_SL811_HCD_ISO is not set
# CONFIG_USB_R8A66597_HCD is not set
# CONFIG_USB_CHIPIDEA is not set
#
# USB Device Class drivers
#
CONFIG_USB_ACM=y
CONFIG_USB_PRINTER=y
# CONFIG_USB_WDM is not set
# CONFIG_USB_TMC is not set
#
# NOTE: USB_STORAGE depends on SCSI but BLK_DEV_SD may
#
#
# also be needed; see USB_STORAGE Help for more info
#
CONFIG_USB_STORAGE=y
# CONFIG_USB_STORAGE_DEBUG is not set
# CONFIG_USB_STORAGE_REALTEK is not set
CONFIG_USB_STORAGE_DATAFAB=y
CONFIG_USB_STORAGE_FREECOM=y
# CONFIG_USB_STORAGE_ISD200 is not set
CONFIG_USB_STORAGE_USBAT=y
CONFIG_USB_STORAGE_SDDR09=y
CONFIG_USB_STORAGE_SDDR55=y
CONFIG_USB_STORAGE_JUMPSHOT=y
CONFIG_USB_STORAGE_ALAUDA=y
# CONFIG_USB_STORAGE_ONETOUCH is not set
# CONFIG_USB_STORAGE_KARMA is not set
# CONFIG_USB_STORAGE_CYPRESS_ATACB is not set
# CONFIG_USB_STORAGE_ENE_UB6250 is not set
# CONFIG_USB_UAS is not set
# CONFIG_USB_LIBUSUAL is not set
#
# USB Imaging devices
#
CONFIG_USB_MDC800=y
CONFIG_USB_MICROTEK=y
#
# USB port drivers
#
CONFIG_USB_SERIAL=y
# CONFIG_USB_SERIAL_CONSOLE is not set
CONFIG_USB_EZUSB=y
CONFIG_USB_SERIAL_GENERIC=y
# CONFIG_USB_SERIAL_AIRCABLE is not set
CONFIG_USB_SERIAL_ARK3116=y
CONFIG_USB_SERIAL_BELKIN=y
# CONFIG_USB_SERIAL_CH341 is not set
CONFIG_USB_SERIAL_WHITEHEAT=y
CONFIG_USB_SERIAL_DIGI_ACCELEPORT=y
# CONFIG_USB_SERIAL_CP210X is not set
CONFIG_USB_SERIAL_CYPRESS_M8=y
CONFIG_USB_SERIAL_EMPEG=y
CONFIG_USB_SERIAL_FTDI_SIO=y
CONFIG_USB_SERIAL_FUNSOFT=y
CONFIG_USB_SERIAL_VISOR=y
CONFIG_USB_SERIAL_IPAQ=y
CONFIG_USB_SERIAL_IR=y
CONFIG_USB_SERIAL_EDGEPORT=y
CONFIG_USB_SERIAL_EDGEPORT_TI=y
# CONFIG_USB_SERIAL_F81232 is not set
CONFIG_USB_SERIAL_GARMIN=y
CONFIG_USB_SERIAL_IPW=y
# CONFIG_USB_SERIAL_IUU is not set
CONFIG_USB_SERIAL_KEYSPAN_PDA=y
CONFIG_USB_SERIAL_KEYSPAN=y
CONFIG_USB_SERIAL_KEYSPAN_MPR=y
CONFIG_USB_SERIAL_KEYSPAN_USA28=y
CONFIG_USB_SERIAL_KEYSPAN_USA28X=y
CONFIG_USB_SERIAL_KEYSPAN_USA28XA=y
CONFIG_USB_SERIAL_KEYSPAN_USA28XB=y
CONFIG_USB_SERIAL_KEYSPAN_USA19=y
CONFIG_USB_SERIAL_KEYSPAN_USA18X=y
CONFIG_USB_SERIAL_KEYSPAN_USA19W=y
CONFIG_USB_SERIAL_KEYSPAN_USA19QW=y
CONFIG_USB_SERIAL_KEYSPAN_USA19QI=y
CONFIG_USB_SERIAL_KEYSPAN_USA49W=y
CONFIG_USB_SERIAL_KEYSPAN_USA49WLC=y
CONFIG_USB_SERIAL_KLSI=y
CONFIG_USB_SERIAL_KOBIL_SCT=y
CONFIG_USB_SERIAL_MCT_U232=y
# CONFIG_USB_SERIAL_METRO is not set
# CONFIG_USB_SERIAL_MOS7720 is not set
# CONFIG_USB_SERIAL_MOS7840 is not set
# CONFIG_USB_SERIAL_MOTOROLA is not set
CONFIG_USB_SERIAL_NAVMAN=y
CONFIG_USB_SERIAL_PL2303=y
# CONFIG_USB_SERIAL_OTI6858 is not set
# CONFIG_USB_SERIAL_QCAUX is not set
# CONFIG_USB_SERIAL_QUALCOMM is not set
# CONFIG_USB_SERIAL_SPCP8X5 is not set
CONFIG_USB_SERIAL_HP4X=y
CONFIG_USB_SERIAL_SAFE=y
CONFIG_USB_SERIAL_SAFE_PADDED=y
# CONFIG_USB_SERIAL_SIEMENS_MPI is not set
CONFIG_USB_SERIAL_SIERRAWIRELESS=y
# CONFIG_USB_SERIAL_SYMBOL is not set
CONFIG_USB_SERIAL_TI=y
CONFIG_USB_SERIAL_CYBERJACK=y
CONFIG_USB_SERIAL_XIRCOM=y
CONFIG_USB_SERIAL_WWAN=y
CONFIG_USB_SERIAL_OPTION=y
CONFIG_USB_SERIAL_OMNINET=y
# CONFIG_USB_SERIAL_OPTICON is not set
# CONFIG_USB_SERIAL_VIVOPAY_SERIAL is not set
# CONFIG_USB_SERIAL_ZIO is not set
# CONFIG_USB_SERIAL_SSU100 is not set
# CONFIG_USB_SERIAL_QT2 is not set
# CONFIG_USB_SERIAL_DEBUG is not set
#
# USB Miscellaneous drivers
#
CONFIG_USB_EMI62=y
CONFIG_USB_EMI26=y
# CONFIG_USB_ADUTUX is not set
# CONFIG_USB_SEVSEG is not set
CONFIG_USB_RIO500=y
CONFIG_USB_LEGOTOWER=y
CONFIG_USB_LCD=y
CONFIG_USB_LED=y
# CONFIG_USB_CYPRESS_CY7C63 is not set
# CONFIG_USB_CYTHERM is not set
CONFIG_USB_IDMOUSE=y
# CONFIG_USB_FTDI_ELAN is not set
CONFIG_USB_APPLEDISPLAY=y
CONFIG_USB_SISUSBVGA=y
CONFIG_USB_SISUSBVGA_CON=y
CONFIG_USB_LD=y
# CONFIG_USB_TRANCEVIBRATOR is not set
# CONFIG_USB_IOWARRIOR is not set
CONFIG_USB_TEST=y
# CONFIG_USB_ISIGHTFW is not set
# CONFIG_USB_YUREX is not set
#
# USB Physical Layer drivers
#
# CONFIG_USB_ISP1301 is not set
CONFIG_USB_ATM=y
CONFIG_USB_SPEEDTOUCH=y
CONFIG_USB_CXACRU=y
CONFIG_USB_UEAGLEATM=y
CONFIG_USB_XUSBATM=y
# CONFIG_USB_GADGET is not set
#
# OTG and related infrastructure
#
# CONFIG_NOP_USB_XCEIV is not set
# CONFIG_UWB is not set
CONFIG_MMC=y
# CONFIG_MMC_DEBUG is not set
# CONFIG_MMC_UNSAFE_RESUME is not set
# CONFIG_MMC_CLKGATE is not set
#
# MMC/SD/SDIO Card Drivers
#
CONFIG_MMC_BLOCK=y
CONFIG_MMC_BLOCK_MINORS=8
CONFIG_MMC_BLOCK_BOUNCE=y
CONFIG_SDIO_UART=y
# CONFIG_MMC_TEST is not set
#
# MMC/SD/SDIO Host Controller Drivers
#
# CONFIG_MMC_SDHCI is not set
# CONFIG_MMC_WBSD is not set
# CONFIG_MMC_TIFM_SD is not set
# CONFIG_MMC_CB710 is not set
# CONFIG_MMC_VIA_SDMMC is not set
# CONFIG_MMC_VUB300 is not set
# CONFIG_MMC_USHC is not set
# CONFIG_MEMSTICK is not set
# CONFIG_NEW_LEDS is not set
# CONFIG_ACCESSIBILITY is not set
# CONFIG_INFINIBAND is not set
# CONFIG_EDAC is not set
CONFIG_RTC_LIB=y
CONFIG_RTC_CLASS=y
# CONFIG_RTC_HCTOSYS is not set
CONFIG_RTC_DEBUG=y
#
# RTC interfaces
#
CONFIG_RTC_INTF_SYSFS=y
CONFIG_RTC_INTF_PROC=y
CONFIG_RTC_INTF_DEV=y
CONFIG_RTC_INTF_DEV_UIE_EMUL=y
# CONFIG_RTC_DRV_TEST is not set
#
# I2C RTC drivers
#
# CONFIG_RTC_DRV_DS1307 is not set
# CONFIG_RTC_DRV_DS1374 is not set
# CONFIG_RTC_DRV_DS1672 is not set
# CONFIG_RTC_DRV_DS3232 is not set
# CONFIG_RTC_DRV_MAX6900 is not set
# CONFIG_RTC_DRV_RS5C372 is not set
# CONFIG_RTC_DRV_ISL1208 is not set
# CONFIG_RTC_DRV_ISL12022 is not set
# CONFIG_RTC_DRV_X1205 is not set
# CONFIG_RTC_DRV_PCF8563 is not set
# CONFIG_RTC_DRV_PCF8583 is not set
# CONFIG_RTC_DRV_M41T80 is not set
# CONFIG_RTC_DRV_BQ32K is not set
# CONFIG_RTC_DRV_S35390A is not set
# CONFIG_RTC_DRV_FM3130 is not set
# CONFIG_RTC_DRV_RX8581 is not set
# CONFIG_RTC_DRV_RX8025 is not set
# CONFIG_RTC_DRV_EM3027 is not set
# CONFIG_RTC_DRV_RV3029C2 is not set
#
# SPI RTC drivers
#
#
# Platform RTC drivers
#
CONFIG_RTC_DRV_CMOS=y
# CONFIG_RTC_DRV_DS1286 is not set
# CONFIG_RTC_DRV_DS1511 is not set
# CONFIG_RTC_DRV_DS1553 is not set
# CONFIG_RTC_DRV_DS1742 is not set
# CONFIG_RTC_DRV_STK17TA8 is not set
# CONFIG_RTC_DRV_M48T86 is not set
# CONFIG_RTC_DRV_M48T35 is not set
# CONFIG_RTC_DRV_M48T59 is not set
# CONFIG_RTC_DRV_MSM6242 is not set
# CONFIG_RTC_DRV_BQ4802 is not set
# CONFIG_RTC_DRV_RP5C01 is not set
# CONFIG_RTC_DRV_V3020 is not set
#
# on-CPU RTC drivers
#
# CONFIG_DMADEVICES is not set
# CONFIG_AUXDISPLAY is not set
# CONFIG_UIO is not set
CONFIG_VIRTIO=y
CONFIG_VIRTIO_RING=y
#
# Virtio drivers
#
CONFIG_VIRTIO_PCI=y
# CONFIG_VIRTIO_BALLOON is not set
CONFIG_VIRTIO_MMIO=y
# CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES is not set
#
# Microsoft Hyper-V guest support
#
# CONFIG_HYPERV is not set
CONFIG_STAGING=y
# CONFIG_ET131X is not set
# CONFIG_SLICOSS is not set
# CONFIG_USBIP_CORE is not set
# CONFIG_ECHO is not set
# CONFIG_ASUS_OLED is not set
# CONFIG_RTS_PSTOR is not set
# CONFIG_RTS5139 is not set
# CONFIG_TRANZPORT is not set
# CONFIG_IDE_PHISON is not set
# CONFIG_USB_SERIAL_QUATECH2 is not set
# CONFIG_DX_SEP is not set
# CONFIG_ZSMALLOC is not set
# CONFIG_FB_SM7XX is not set
# CONFIG_CRYSTALHD is not set
# CONFIG_FB_XGI is not set
# CONFIG_ACPI_QUICKSTART is not set
# CONFIG_BCM_WIMAX is not set
# CONFIG_FT1000 is not set
#
# Speakup console speech
#
# CONFIG_SPEAKUP is not set
# CONFIG_TOUCHSCREEN_SYNAPTICS_I2C_RMI4 is not set
# CONFIG_STAGING_MEDIA is not set
#
# Android
#
CONFIG_ANDROID=y
# CONFIG_ANDROID_BINDER_IPC is not set
CONFIG_ASHMEM=y
# CONFIG_ANDROID_LOGGER is not set
CONFIG_ANDROID_TIMED_OUTPUT=y
# CONFIG_ANDROID_LOW_MEMORY_KILLER is not set
# CONFIG_ANDROID_INTF_ALARM_DEV is not set
# CONFIG_PHONE is not set
# CONFIG_USB_WPAN_HCD is not set
# CONFIG_IPACK_BUS is not set
# CONFIG_WIMAX_GDM72XX is not set
CONFIG_X86_PLATFORM_DEVICES=y
# CONFIG_ACER_WMI is not set
# CONFIG_ACERHDF is not set
# CONFIG_ASUS_LAPTOP is not set
# CONFIG_DELL_WMI is not set
# CONFIG_DELL_WMI_AIO is not set
# CONFIG_FUJITSU_LAPTOP is not set
# CONFIG_FUJITSU_TABLET is not set
# CONFIG_HP_ACCEL is not set
# CONFIG_HP_WMI is not set
# CONFIG_PANASONIC_LAPTOP is not set
# CONFIG_THINKPAD_ACPI is not set
# CONFIG_SENSORS_HDAPS is not set
# CONFIG_INTEL_MENLOW is not set
CONFIG_ACPI_WMI=y
# CONFIG_MSI_WMI is not set
# CONFIG_TOPSTAR_LAPTOP is not set
# CONFIG_ACPI_TOSHIBA is not set
# CONFIG_TOSHIBA_BT_RFKILL is not set
# CONFIG_ACPI_CMPC is not set
# CONFIG_INTEL_IPS is not set
# CONFIG_IBM_RTL is not set
# CONFIG_XO15_EBOOK is not set
# CONFIG_SAMSUNG_LAPTOP is not set
CONFIG_MXM_WMI=y
# CONFIG_SAMSUNG_Q10 is not set
# CONFIG_APPLE_GMUX is not set
#
# Hardware Spinlock drivers
#
CONFIG_CLKEVT_I8253=y
CONFIG_I8253_LOCK=y
CONFIG_CLKBLD_I8253=y
CONFIG_IOMMU_SUPPORT=y
# CONFIG_AMD_IOMMU is not set
# CONFIG_INTEL_IOMMU is not set
# CONFIG_IRQ_REMAP is not set
#
# Remoteproc drivers (EXPERIMENTAL)
#
#
# Rpmsg drivers (EXPERIMENTAL)
#
CONFIG_VIRT_DRIVERS=y
# CONFIG_PM_DEVFREQ is not set
# CONFIG_EXTCON is not set
# CONFIG_MEMORY is not set
# CONFIG_IIO is not set
# CONFIG_VME_BUS is not set
# CONFIG_PWM is not set
#
# Firmware Drivers
#
CONFIG_EDD=y
# CONFIG_EDD_OFF is not set
CONFIG_FIRMWARE_MEMMAP=y
# CONFIG_DELL_RBU is not set
# CONFIG_DCDBAS is not set
CONFIG_DMIID=y
# CONFIG_DMI_SYSFS is not set
# CONFIG_ISCSI_IBFT_FIND is not set
# CONFIG_GOOGLE_FIRMWARE is not set
#
# File systems
#
CONFIG_DCACHE_WORD_ACCESS=y
CONFIG_EXT2_FS=y
CONFIG_EXT2_FS_XATTR=y
CONFIG_EXT2_FS_POSIX_ACL=y
CONFIG_EXT2_FS_SECURITY=y
CONFIG_EXT2_FS_XIP=y
CONFIG_EXT3_FS=y
# CONFIG_EXT3_DEFAULTS_TO_ORDERED is not set
CONFIG_EXT3_FS_XATTR=y
CONFIG_EXT3_FS_POSIX_ACL=y
CONFIG_EXT3_FS_SECURITY=y
CONFIG_EXT4_FS=y
CONFIG_EXT4_FS_XATTR=y
CONFIG_EXT4_FS_POSIX_ACL=y
CONFIG_EXT4_FS_SECURITY=y
CONFIG_EXT4_DEBUG=y
CONFIG_FS_XIP=y
CONFIG_JBD=y
# CONFIG_JBD_DEBUG is not set
CONFIG_JBD2=y
# CONFIG_JBD2_DEBUG is not set
CONFIG_FS_MBCACHE=y
# CONFIG_REISERFS_FS is not set
# CONFIG_JFS_FS is not set
# CONFIG_XFS_FS is not set
# CONFIG_GFS2_FS is not set
# CONFIG_OCFS2_FS is not set
# CONFIG_BTRFS_FS is not set
# CONFIG_NILFS2_FS is not set
CONFIG_FS_POSIX_ACL=y
CONFIG_FILE_LOCKING=y
CONFIG_FSNOTIFY=y
CONFIG_DNOTIFY=y
CONFIG_INOTIFY_USER=y
# CONFIG_FANOTIFY is not set
CONFIG_QUOTA=y
# CONFIG_QUOTA_NETLINK_INTERFACE is not set
CONFIG_PRINT_QUOTA_WARNING=y
# CONFIG_QUOTA_DEBUG is not set
CONFIG_QUOTA_TREE=y
# CONFIG_QFMT_V1 is not set
CONFIG_QFMT_V2=y
CONFIG_QUOTACTL=y
CONFIG_QUOTACTL_COMPAT=y
CONFIG_AUTOFS4_FS=y
CONFIG_FUSE_FS=y
# CONFIG_CUSE is not set
CONFIG_GENERIC_ACL=y
#
# Caches
#
# CONFIG_FSCACHE is not set
#
# CD-ROM/DVD Filesystems
#
CONFIG_ISO9660_FS=y
CONFIG_JOLIET=y
CONFIG_ZISOFS=y
CONFIG_UDF_FS=y
CONFIG_UDF_NLS=y
#
# DOS/FAT/NT Filesystems
#
CONFIG_FAT_FS=y
CONFIG_MSDOS_FS=y
CONFIG_VFAT_FS=y
CONFIG_FAT_DEFAULT_CODEPAGE=437
CONFIG_FAT_DEFAULT_IOCHARSET="ascii"
# CONFIG_NTFS_FS is not set
#
# Pseudo filesystems
#
CONFIG_PROC_FS=y
CONFIG_PROC_KCORE=y
CONFIG_PROC_SYSCTL=y
CONFIG_PROC_PAGE_MONITOR=y
CONFIG_SYSFS=y
CONFIG_TMPFS=y
CONFIG_TMPFS_POSIX_ACL=y
CONFIG_TMPFS_XATTR=y
CONFIG_HUGETLBFS=y
CONFIG_HUGETLB_PAGE=y
CONFIG_CONFIGFS_FS=y
# CONFIG_MISC_FILESYSTEMS is not set
# CONFIG_NETWORK_FILESYSTEMS is not set
CONFIG_NLS=y
CONFIG_NLS_DEFAULT="utf8"
CONFIG_NLS_CODEPAGE_437=y
CONFIG_NLS_CODEPAGE_737=y
CONFIG_NLS_CODEPAGE_775=y
CONFIG_NLS_CODEPAGE_850=y
CONFIG_NLS_CODEPAGE_852=y
CONFIG_NLS_CODEPAGE_855=y
CONFIG_NLS_CODEPAGE_857=y
CONFIG_NLS_CODEPAGE_860=y
CONFIG_NLS_CODEPAGE_861=y
CONFIG_NLS_CODEPAGE_862=y
CONFIG_NLS_CODEPAGE_863=y
CONFIG_NLS_CODEPAGE_864=y
CONFIG_NLS_CODEPAGE_865=y
CONFIG_NLS_CODEPAGE_866=y
CONFIG_NLS_CODEPAGE_869=y
CONFIG_NLS_CODEPAGE_936=y
CONFIG_NLS_CODEPAGE_950=y
CONFIG_NLS_CODEPAGE_932=y
CONFIG_NLS_CODEPAGE_949=y
CONFIG_NLS_CODEPAGE_874=y
CONFIG_NLS_ISO8859_8=y
CONFIG_NLS_CODEPAGE_1250=y
CONFIG_NLS_CODEPAGE_1251=y
CONFIG_NLS_ASCII=y
CONFIG_NLS_ISO8859_1=y
CONFIG_NLS_ISO8859_2=y
CONFIG_NLS_ISO8859_3=y
CONFIG_NLS_ISO8859_4=y
CONFIG_NLS_ISO8859_5=y
CONFIG_NLS_ISO8859_6=y
CONFIG_NLS_ISO8859_7=y
CONFIG_NLS_ISO8859_9=y
CONFIG_NLS_ISO8859_13=y
CONFIG_NLS_ISO8859_14=y
CONFIG_NLS_ISO8859_15=y
CONFIG_NLS_KOI8_R=y
CONFIG_NLS_KOI8_U=y
# CONFIG_NLS_MAC_ROMAN is not set
# CONFIG_NLS_MAC_CELTIC is not set
# CONFIG_NLS_MAC_CENTEURO is not set
# CONFIG_NLS_MAC_CROATIAN is not set
# CONFIG_NLS_MAC_CYRILLIC is not set
# CONFIG_NLS_MAC_GAELIC is not set
# CONFIG_NLS_MAC_GREEK is not set
# CONFIG_NLS_MAC_ICELAND is not set
# CONFIG_NLS_MAC_INUIT is not set
# CONFIG_NLS_MAC_ROMANIAN is not set
# CONFIG_NLS_MAC_TURKISH is not set
CONFIG_NLS_UTF8=y
CONFIG_DLM=y
CONFIG_DLM_DEBUG=y
#
# Kernel hacking
#
CONFIG_TRACE_IRQFLAGS_SUPPORT=y
CONFIG_PRINTK_TIME=y
CONFIG_DEFAULT_MESSAGE_LOGLEVEL=4
CONFIG_ENABLE_WARN_DEPRECATED=y
# CONFIG_ENABLE_MUST_CHECK is not set
CONFIG_FRAME_WARN=2048
CONFIG_MAGIC_SYSRQ=y
# CONFIG_STRIP_ASM_SYMS is not set
# CONFIG_READABLE_ASM is not set
# CONFIG_UNUSED_SYMBOLS is not set
CONFIG_DEBUG_FS=y
# CONFIG_HEADERS_CHECK is not set
# CONFIG_DEBUG_SECTION_MISMATCH is not set
CONFIG_DEBUG_KERNEL=y
# CONFIG_DEBUG_SHIRQ is not set
# CONFIG_LOCKUP_DETECTOR is not set
# CONFIG_HARDLOCKUP_DETECTOR is not set
# CONFIG_PANIC_ON_OOPS is not set
CONFIG_PANIC_ON_OOPS_VALUE=0
CONFIG_DETECT_HUNG_TASK=y
CONFIG_DEFAULT_HUNG_TASK_TIMEOUT=120
# CONFIG_BOOTPARAM_HUNG_TASK_PANIC is not set
CONFIG_BOOTPARAM_HUNG_TASK_PANIC_VALUE=0
CONFIG_SCHED_DEBUG=y
CONFIG_SCHEDSTATS=y
CONFIG_TIMER_STATS=y
# CONFIG_DEBUG_OBJECTS is not set
CONFIG_DEBUG_SLAB=y
# CONFIG_DEBUG_SLAB_LEAK is not set
CONFIG_DEBUG_KMEMLEAK=y
CONFIG_DEBUG_KMEMLEAK_EARLY_LOG_SIZE=400
# CONFIG_DEBUG_KMEMLEAK_DEFAULT_OFF is not set
CONFIG_DEBUG_PREEMPT=y
CONFIG_DEBUG_RT_MUTEXES=y
CONFIG_DEBUG_PI_LIST=y
# CONFIG_RT_MUTEX_TESTER is not set
CONFIG_DEBUG_SPINLOCK=y
CONFIG_DEBUG_MUTEXES=y
CONFIG_DEBUG_LOCK_ALLOC=y
CONFIG_PROVE_LOCKING=y
CONFIG_PROVE_RCU=y
CONFIG_PROVE_RCU_REPEATEDLY=y
CONFIG_SPARSE_RCU_POINTER=y
CONFIG_LOCKDEP=y
CONFIG_LOCK_STAT=y
CONFIG_DEBUG_LOCKDEP=y
CONFIG_TRACE_IRQFLAGS=y
CONFIG_DEBUG_ATOMIC_SLEEP=y
# CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set
CONFIG_STACKTRACE=y
# CONFIG_DEBUG_STACK_USAGE is not set
# CONFIG_DEBUG_KOBJECT is not set
CONFIG_DEBUG_BUGVERBOSE=y
CONFIG_DEBUG_INFO=y
# CONFIG_DEBUG_INFO_REDUCED is not set
# CONFIG_DEBUG_VM is not set
# CONFIG_DEBUG_VIRTUAL is not set
# CONFIG_DEBUG_WRITECOUNT is not set
CONFIG_DEBUG_MEMORY_INIT=y
CONFIG_DEBUG_LIST=y
CONFIG_TEST_LIST_SORT=y
# CONFIG_DEBUG_SG is not set
# CONFIG_DEBUG_NOTIFIERS is not set
# CONFIG_DEBUG_CREDENTIALS is not set
CONFIG_ARCH_WANT_FRAME_POINTERS=y
CONFIG_FRAME_POINTER=y
# CONFIG_BOOT_PRINTK_DELAY is not set
# CONFIG_RCU_TORTURE_TEST is not set
CONFIG_RCU_CPU_STALL_TIMEOUT=60
CONFIG_RCU_CPU_STALL_VERBOSE=y
# CONFIG_RCU_CPU_STALL_INFO is not set
CONFIG_RCU_TRACE=y
# CONFIG_BACKTRACE_SELF_TEST is not set
# CONFIG_DEBUG_BLOCK_EXT_DEVT is not set
CONFIG_DEBUG_FORCE_WEAK_PER_CPU=y
# CONFIG_DEBUG_PER_CPU_MAPS is not set
# CONFIG_LKDTM is not set
# CONFIG_NOTIFIER_ERROR_INJECTION is not set
# CONFIG_FAULT_INJECTION is not set
# CONFIG_LATENCYTOP is not set
# CONFIG_DEBUG_PAGEALLOC is not set
CONFIG_USER_STACKTRACE_SUPPORT=y
CONFIG_NOP_TRACER=y
CONFIG_HAVE_FUNCTION_TRACER=y
CONFIG_HAVE_FUNCTION_GRAPH_TRACER=y
CONFIG_HAVE_FUNCTION_GRAPH_FP_TEST=y
CONFIG_HAVE_FUNCTION_TRACE_MCOUNT_TEST=y
CONFIG_HAVE_DYNAMIC_FTRACE=y
CONFIG_HAVE_FTRACE_MCOUNT_RECORD=y
CONFIG_HAVE_SYSCALL_TRACEPOINTS=y
CONFIG_HAVE_C_RECORDMCOUNT=y
CONFIG_TRACER_MAX_TRACE=y
CONFIG_RING_BUFFER=y
CONFIG_EVENT_TRACING=y
CONFIG_EVENT_POWER_TRACING_DEPRECATED=y
CONFIG_CONTEXT_SWITCH_TRACER=y
CONFIG_RING_BUFFER_ALLOW_SWAP=y
CONFIG_TRACING=y
CONFIG_GENERIC_TRACER=y
CONFIG_TRACING_SUPPORT=y
CONFIG_FTRACE=y
CONFIG_FUNCTION_TRACER=y
CONFIG_FUNCTION_GRAPH_TRACER=y
CONFIG_IRQSOFF_TRACER=y
CONFIG_PREEMPT_TRACER=y
CONFIG_SCHED_TRACER=y
CONFIG_FTRACE_SYSCALLS=y
CONFIG_TRACE_BRANCH_PROFILING=y
# CONFIG_BRANCH_PROFILE_NONE is not set
CONFIG_PROFILE_ANNOTATED_BRANCHES=y
# CONFIG_PROFILE_ALL_BRANCHES is not set
CONFIG_TRACING_BRANCHES=y
CONFIG_BRANCH_TRACER=y
# CONFIG_STACK_TRACER is not set
CONFIG_BLK_DEV_IO_TRACE=y
# CONFIG_UPROBE_EVENT is not set
# CONFIG_PROBE_EVENTS is not set
CONFIG_DYNAMIC_FTRACE=y
# CONFIG_FUNCTION_PROFILER is not set
CONFIG_FTRACE_MCOUNT_RECORD=y
# CONFIG_FTRACE_STARTUP_TEST is not set
# CONFIG_MMIOTRACE is not set
# CONFIG_RING_BUFFER_BENCHMARK is not set
# CONFIG_PROVIDE_OHCI1394_DMA_INIT is not set
# CONFIG_DYNAMIC_DEBUG is not set
# CONFIG_DMA_API_DEBUG is not set
# CONFIG_ATOMIC64_SELFTEST is not set
# CONFIG_ASYNC_RAID6_TEST is not set
# CONFIG_SAMPLES is not set
CONFIG_HAVE_ARCH_KGDB=y
# CONFIG_KGDB is not set
CONFIG_HAVE_ARCH_KMEMCHECK=y
# CONFIG_TEST_KSTRTOX is not set
# CONFIG_STRICT_DEVMEM is not set
CONFIG_X86_VERBOSE_BOOTUP=y
CONFIG_EARLY_PRINTK=y
# CONFIG_EARLY_PRINTK_DBGP is not set
# CONFIG_DEBUG_STACKOVERFLOW is not set
# CONFIG_X86_PTDUMP is not set
CONFIG_DEBUG_RODATA=y
CONFIG_DEBUG_RODATA_TEST=y
# CONFIG_DEBUG_TLBFLUSH is not set
# CONFIG_IOMMU_DEBUG is not set
# CONFIG_IOMMU_STRESS is not set
CONFIG_HAVE_MMIOTRACE_SUPPORT=y
CONFIG_IO_DELAY_TYPE_0X80=0
CONFIG_IO_DELAY_TYPE_0XED=1
CONFIG_IO_DELAY_TYPE_UDELAY=2
CONFIG_IO_DELAY_TYPE_NONE=3
CONFIG_IO_DELAY_0X80=y
# CONFIG_IO_DELAY_0XED is not set
# CONFIG_IO_DELAY_UDELAY is not set
# CONFIG_IO_DELAY_NONE is not set
CONFIG_DEFAULT_IO_DELAY_TYPE=0
# CONFIG_DEBUG_BOOT_PARAMS is not set
# CONFIG_CPA_DEBUG is not set
# CONFIG_OPTIMIZE_INLINING is not set
# CONFIG_DEBUG_NMI_SELFTEST is not set
#
# Security options
#
CONFIG_KEYS=y
# CONFIG_ENCRYPTED_KEYS is not set
CONFIG_KEYS_DEBUG_PROC_KEYS=y
# CONFIG_SECURITY_DMESG_RESTRICT is not set
CONFIG_SECURITY=y
# CONFIG_SECURITYFS is not set
CONFIG_SECURITY_NETWORK=y
CONFIG_SECURITY_NETWORK_XFRM=y
# CONFIG_SECURITY_PATH is not set
CONFIG_LSM_MMAP_MIN_ADDR=65536
CONFIG_SECURITY_SELINUX=y
CONFIG_SECURITY_SELINUX_BOOTPARAM=y
CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1
CONFIG_SECURITY_SELINUX_DISABLE=y
CONFIG_SECURITY_SELINUX_DEVELOP=y
CONFIG_SECURITY_SELINUX_AVC_STATS=y
CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
# CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX is not set
# CONFIG_SECURITY_SMACK is not set
# CONFIG_SECURITY_TOMOYO is not set
# CONFIG_SECURITY_APPARMOR is not set
# CONFIG_SECURITY_YAMA is not set
# CONFIG_IMA is not set
# CONFIG_EVM is not set
CONFIG_DEFAULT_SECURITY_SELINUX=y
# CONFIG_DEFAULT_SECURITY_DAC is not set
CONFIG_DEFAULT_SECURITY="selinux"
CONFIG_XOR_BLOCKS=y
CONFIG_ASYNC_CORE=y
CONFIG_ASYNC_MEMCPY=y
CONFIG_ASYNC_XOR=y
CONFIG_ASYNC_PQ=y
CONFIG_ASYNC_RAID6_RECOV=y
CONFIG_CRYPTO=y
#
# Crypto core or helper
#
CONFIG_CRYPTO_ALGAPI=y
CONFIG_CRYPTO_ALGAPI2=y
CONFIG_CRYPTO_AEAD=y
CONFIG_CRYPTO_AEAD2=y
CONFIG_CRYPTO_BLKCIPHER=y
CONFIG_CRYPTO_BLKCIPHER2=y
CONFIG_CRYPTO_HASH=y
CONFIG_CRYPTO_HASH2=y
CONFIG_CRYPTO_RNG2=y
CONFIG_CRYPTO_PCOMP2=y
CONFIG_CRYPTO_MANAGER=y
CONFIG_CRYPTO_MANAGER2=y
# CONFIG_CRYPTO_USER is not set
CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y
# CONFIG_CRYPTO_GF128MUL is not set
# CONFIG_CRYPTO_NULL is not set
# CONFIG_CRYPTO_PCRYPT is not set
CONFIG_CRYPTO_WORKQUEUE=y
# CONFIG_CRYPTO_CRYPTD is not set
CONFIG_CRYPTO_AUTHENC=y
#
# Authenticated Encryption with Associated Data
#
# CONFIG_CRYPTO_CCM is not set
# CONFIG_CRYPTO_GCM is not set
# CONFIG_CRYPTO_SEQIV is not set
#
# Block modes
#
CONFIG_CRYPTO_CBC=y
# CONFIG_CRYPTO_CTR is not set
# CONFIG_CRYPTO_CTS is not set
CONFIG_CRYPTO_ECB=y
# CONFIG_CRYPTO_LRW is not set
CONFIG_CRYPTO_PCBC=y
# CONFIG_CRYPTO_XTS is not set
#
# Hash modes
#
CONFIG_CRYPTO_HMAC=y
# CONFIG_CRYPTO_XCBC is not set
# CONFIG_CRYPTO_VMAC is not set
#
# Digest
#
CONFIG_CRYPTO_CRC32C=y
# CONFIG_CRYPTO_CRC32C_INTEL is not set
# CONFIG_CRYPTO_GHASH is not set
CONFIG_CRYPTO_MD4=y
CONFIG_CRYPTO_MD5=y
CONFIG_CRYPTO_MICHAEL_MIC=y
# CONFIG_CRYPTO_RMD128 is not set
# CONFIG_CRYPTO_RMD160 is not set
# CONFIG_CRYPTO_RMD256 is not set
# CONFIG_CRYPTO_RMD320 is not set
CONFIG_CRYPTO_SHA1=y
# CONFIG_CRYPTO_SHA1_SSSE3 is not set
CONFIG_CRYPTO_SHA256=y
CONFIG_CRYPTO_SHA512=y
CONFIG_CRYPTO_TGR192=y
CONFIG_CRYPTO_WP512=y
# CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL is not set
#
# Ciphers
#
CONFIG_CRYPTO_AES=y
CONFIG_CRYPTO_AES_X86_64=y
# CONFIG_CRYPTO_AES_NI_INTEL is not set
CONFIG_CRYPTO_ANUBIS=y
CONFIG_CRYPTO_ARC4=y
CONFIG_CRYPTO_BLOWFISH=y
CONFIG_CRYPTO_BLOWFISH_COMMON=y
# CONFIG_CRYPTO_BLOWFISH_X86_64 is not set
# CONFIG_CRYPTO_CAMELLIA is not set
# CONFIG_CRYPTO_CAMELLIA_X86_64 is not set
CONFIG_CRYPTO_CAST5=y
CONFIG_CRYPTO_CAST6=y
CONFIG_CRYPTO_DES=y
# CONFIG_CRYPTO_FCRYPT is not set
CONFIG_CRYPTO_KHAZAD=y
# CONFIG_CRYPTO_SALSA20 is not set
# CONFIG_CRYPTO_SALSA20_X86_64 is not set
# CONFIG_CRYPTO_SEED is not set
CONFIG_CRYPTO_SERPENT=y
# CONFIG_CRYPTO_SERPENT_SSE2_X86_64 is not set
# CONFIG_CRYPTO_SERPENT_AVX_X86_64 is not set
CONFIG_CRYPTO_TEA=y
CONFIG_CRYPTO_TWOFISH=y
CONFIG_CRYPTO_TWOFISH_COMMON=y
# CONFIG_CRYPTO_TWOFISH_X86_64 is not set
# CONFIG_CRYPTO_TWOFISH_X86_64_3WAY is not set
# CONFIG_CRYPTO_TWOFISH_AVX_X86_64 is not set
#
# Compression
#
CONFIG_CRYPTO_DEFLATE=y
# CONFIG_CRYPTO_ZLIB is not set
# CONFIG_CRYPTO_LZO is not set
#
# Random Number Generation
#
# CONFIG_CRYPTO_ANSI_CPRNG is not set
# CONFIG_CRYPTO_USER_API_HASH is not set
# CONFIG_CRYPTO_USER_API_SKCIPHER is not set
CONFIG_CRYPTO_HW=y
# CONFIG_CRYPTO_DEV_PADLOCK is not set
CONFIG_HAVE_KVM=y
# CONFIG_VIRTUALIZATION is not set
CONFIG_BINARY_PRINTF=y
#
# Library routines
#
CONFIG_RAID6_PQ=y
CONFIG_BITREVERSE=y
CONFIG_GENERIC_STRNCPY_FROM_USER=y
CONFIG_GENERIC_STRNLEN_USER=y
CONFIG_GENERIC_FIND_FIRST_BIT=y
CONFIG_GENERIC_PCI_IOMAP=y
CONFIG_GENERIC_IOMAP=y
CONFIG_GENERIC_IO=y
CONFIG_CRC_CCITT=y
CONFIG_CRC16=y
# CONFIG_CRC_T10DIF is not set
CONFIG_CRC_ITU_T=y
CONFIG_CRC32=y
# CONFIG_CRC32_SELFTEST is not set
CONFIG_CRC32_SLICEBY8=y
# CONFIG_CRC32_SLICEBY4 is not set
# CONFIG_CRC32_SARWATE is not set
# CONFIG_CRC32_BIT is not set
# CONFIG_CRC7 is not set
CONFIG_LIBCRC32C=y
# CONFIG_CRC8 is not set
CONFIG_ZLIB_INFLATE=y
CONFIG_ZLIB_DEFLATE=y
CONFIG_LZO_DECOMPRESS=y
CONFIG_XZ_DEC=y
CONFIG_XZ_DEC_X86=y
CONFIG_XZ_DEC_POWERPC=y
CONFIG_XZ_DEC_IA64=y
CONFIG_XZ_DEC_ARM=y
CONFIG_XZ_DEC_ARMTHUMB=y
CONFIG_XZ_DEC_SPARC=y
CONFIG_XZ_DEC_BCJ=y
# CONFIG_XZ_DEC_TEST is not set
CONFIG_DECOMPRESS_GZIP=y
CONFIG_DECOMPRESS_BZIP2=y
CONFIG_DECOMPRESS_LZMA=y
CONFIG_DECOMPRESS_XZ=y
CONFIG_DECOMPRESS_LZO=y
CONFIG_TEXTSEARCH=y
CONFIG_TEXTSEARCH_KMP=y
CONFIG_TEXTSEARCH_BM=y
CONFIG_TEXTSEARCH_FSM=y
CONFIG_HAS_IOMEM=y
CONFIG_HAS_IOPORT=y
CONFIG_HAS_DMA=y
CONFIG_CHECK_SIGNATURE=y
CONFIG_CPU_RMAP=y
CONFIG_DQL=y
CONFIG_NLATTR=y
CONFIG_ARCH_HAS_ATOMIC64_DEC_IF_POSITIVE=y
# CONFIG_AVERAGE is not set
# CONFIG_CORDIC is not set
# CONFIG_DDR is not set
^ permalink raw reply [flat|nested] 47+ messages in thread
* Re: NULL pointer dereference in selinux_ip_postroute_compat
2012-08-07 18:12 NULL pointer dereference in selinux_ip_postroute_compat John Stultz
@ 2012-08-07 21:50 ` Paul Moore
2012-08-07 21:58 ` John Stultz
0 siblings, 1 reply; 47+ messages in thread
From: Paul Moore @ 2012-08-07 21:50 UTC (permalink / raw)
To: John Stultz; +Cc: lkml, Serge E. Hallyn, James Morris, selinux
On Tue, Aug 7, 2012 at 2:12 PM, John Stultz <john.stultz@linaro.org> wrote:
> Hi,
> With my kvm environment using 3.6-rc1+, I'm seeing NULL pointer
> dereferences in selinux_ip_postroute_compat(). It looks like the sksec value
> is null and we die in the following line:
>
> if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto))
>
> This triggers every time I shutdown the machine, but has also triggered
> randomly after a few hours.
>
> This is on an ubuntu 12.04 image, not using selinux.
NOTE: Adding the SELinux list to the CC line
Hi,
I'm trying to understand this and I was hoping you could you clarify a
few things for me:
* Is the panic in the Ubuntu 12.04 guest, or the host? If the host,
could you share what distribution you are using?
* When you say you are not using SELinux, could you be more specific?
It seems odd that you are not using SELinux but the panic is happening
in a SELinux hook.
Thanks.
> Running with the following kvm line:
> kvm -nographic -smp 4 -m 1G -hda disk.img -net user -net nic,model=virtio
> -redir tcp:4400::22 -kernel ./bzImage -initrd initrd.img-1-jstultz -append
> "root=UUID=b08aa86a-4b16-488f-a3de-33c2cf335bf0 ro console=ttyS0,115200n8"
>
> Two different traces below. Config attached.
--
paul moore
www.paul-moore.com
^ permalink raw reply [flat|nested] 47+ messages in thread
* Re: NULL pointer dereference in selinux_ip_postroute_compat
2012-08-07 21:50 ` Paul Moore
@ 2012-08-07 21:58 ` John Stultz
2012-08-07 22:01 ` Paul Moore
0 siblings, 1 reply; 47+ messages in thread
From: John Stultz @ 2012-08-07 21:58 UTC (permalink / raw)
To: Paul Moore; +Cc: lkml, Serge E. Hallyn, James Morris, selinux
On 08/07/2012 02:50 PM, Paul Moore wrote:
> On Tue, Aug 7, 2012 at 2:12 PM, John Stultz <john.stultz@linaro.org> wrote:
>> Hi,
>> With my kvm environment using 3.6-rc1+, I'm seeing NULL pointer
>> dereferences in selinux_ip_postroute_compat(). It looks like the sksec value
>> is null and we die in the following line:
>>
>> if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto))
>>
>> This triggers every time I shutdown the machine, but has also triggered
>> randomly after a few hours.
>>
>> This is on an ubuntu 12.04 image, not using selinux.
> NOTE: Adding the SELinux list to the CC line
Thanks!
>
> Hi,
>
> I'm trying to understand this and I was hoping you could you clarify a
> few things for me:
>
> * Is the panic in the Ubuntu 12.04 guest, or the host? If the host,
> could you share what distribution you are using?
Sorry, its a 12.04 guest. I think the host is Ubuntu 12.04 as well.
> * When you say you are not using SELinux, could you be more specific?
> It seems odd that you are not using SELinux but the panic is happening
> in a SELinux hook.
I just mean that, being Ubuntu, the system (userland) isn't configured
to use selinux. SELinux is just enabled in the kernel config.
thanks
-john
^ permalink raw reply [flat|nested] 47+ messages in thread
* Re: NULL pointer dereference in selinux_ip_postroute_compat
2012-08-07 21:58 ` John Stultz
@ 2012-08-07 22:01 ` Paul Moore
2012-08-07 22:17 ` Serge E. Hallyn
2012-08-07 22:26 ` John Stultz
0 siblings, 2 replies; 47+ messages in thread
From: Paul Moore @ 2012-08-07 22:01 UTC (permalink / raw)
To: John Stultz; +Cc: lkml, Serge E. Hallyn, James Morris, selinux
On Tue, Aug 7, 2012 at 5:58 PM, John Stultz <john.stultz@linaro.org> wrote:
> On 08/07/2012 02:50 PM, Paul Moore wrote:
>>
>> On Tue, Aug 7, 2012 at 2:12 PM, John Stultz <john.stultz@linaro.org>
>> wrote:
>>>
>>> Hi,
>>> With my kvm environment using 3.6-rc1+, I'm seeing NULL pointer
>>> dereferences in selinux_ip_postroute_compat(). It looks like the sksec
>>> value
>>> is null and we die in the following line:
>>>
>>> if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto))
>>>
>>> This triggers every time I shutdown the machine, but has also triggered
>>> randomly after a few hours.
>>>
>>> This is on an ubuntu 12.04 image, not using selinux.
>>
>> NOTE: Adding the SELinux list to the CC line
>
> Thanks!
>
>> Hi,
>>
>> I'm trying to understand this and I was hoping you could you clarify a
>> few things for me:
>>
>> * Is the panic in the Ubuntu 12.04 guest, or the host? If the host,
>> could you share what distribution you are using?
>
> Sorry, its a 12.04 guest. I think the host is Ubuntu 12.04 as well.
>
>
>> * When you say you are not using SELinux, could you be more specific?
>> It seems odd that you are not using SELinux but the panic is happening
>> in a SELinux hook.
>
> I just mean that, being Ubuntu, the system (userland) isn't configured to
> use selinux. SELinux is just enabled in the kernel config.
Thanks for the quick response, I'll setup an Ubuntu guest and see if I
can reproduce this ... something is odd. Anything non-standard about
your guest install or anything else you think might be helpful?
--
paul moore
www.paul-moore.com
^ permalink raw reply [flat|nested] 47+ messages in thread
* Re: NULL pointer dereference in selinux_ip_postroute_compat
2012-08-07 22:01 ` Paul Moore
@ 2012-08-07 22:17 ` Serge E. Hallyn
2012-08-07 22:23 ` Paul Moore
` (2 more replies)
2012-08-07 22:26 ` John Stultz
1 sibling, 3 replies; 47+ messages in thread
From: Serge E. Hallyn @ 2012-08-07 22:17 UTC (permalink / raw)
To: Paul Moore; +Cc: John Stultz, lkml, Serge E. Hallyn, James Morris, selinux
Quoting Paul Moore (paul@paul-moore.com):
> On Tue, Aug 7, 2012 at 5:58 PM, John Stultz <john.stultz@linaro.org> wrote:
> > On 08/07/2012 02:50 PM, Paul Moore wrote:
> >>
> >> On Tue, Aug 7, 2012 at 2:12 PM, John Stultz <john.stultz@linaro.org>
> >> wrote:
> >>>
> >>> Hi,
> >>> With my kvm environment using 3.6-rc1+, I'm seeing NULL pointer
> >>> dereferences in selinux_ip_postroute_compat(). It looks like the sksec
> >>> value
> >>> is null and we die in the following line:
> >>>
> >>> if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto))
> >>>
> >>> This triggers every time I shutdown the machine, but has also triggered
> >>> randomly after a few hours.
> >>>
> >>> This is on an ubuntu 12.04 image, not using selinux.
> >>
> >> NOTE: Adding the SELinux list to the CC line
> >
> > Thanks!
> >
> >> Hi,
> >>
> >> I'm trying to understand this and I was hoping you could you clarify a
> >> few things for me:
> >>
> >> * Is the panic in the Ubuntu 12.04 guest, or the host? If the host,
> >> could you share what distribution you are using?
> >
> > Sorry, its a 12.04 guest. I think the host is Ubuntu 12.04 as well.
> >
> >
> >> * When you say you are not using SELinux, could you be more specific?
> >> It seems odd that you are not using SELinux but the panic is happening
> >> in a SELinux hook.
> >
> > I just mean that, being Ubuntu, the system (userland) isn't configured to
> > use selinux. SELinux is just enabled in the kernel config.
>
> Thanks for the quick response, I'll setup an Ubuntu guest and see if I
> can reproduce this ... something is odd. Anything non-standard about
> your guest install or anything else you think might be helpful?
The problem seems to be that selinux_nf_ip_init() was called, which
registers the selinux_ipv4_ops (and ipv6). Those should not get registered
if selinux ends up not being loaded (as in, if apparmor is loaded first),
since as you've found here the selinux lsm hooks won't be called to set
call selinux_sk_alloc_security().
I assume what's happening is that CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE was
set to 1, but selinux ended up being set to disabled after the
__initcall(selinux_nf_ip_init) ran? Weird.
-serge
^ permalink raw reply [flat|nested] 47+ messages in thread
* Re: NULL pointer dereference in selinux_ip_postroute_compat
2012-08-07 22:17 ` Serge E. Hallyn
@ 2012-08-07 22:23 ` Paul Moore
2012-08-07 22:37 ` John Stultz
2012-08-08 16:58 ` John Johansen
2 siblings, 0 replies; 47+ messages in thread
From: Paul Moore @ 2012-08-07 22:23 UTC (permalink / raw)
To: Serge E. Hallyn; +Cc: John Stultz, lkml, James Morris, selinux
On Tuesday, August 07, 2012 10:17:32 PM Serge E. Hallyn wrote:
> Quoting Paul Moore (paul@paul-moore.com):
> > On Tue, Aug 7, 2012 at 5:58 PM, John Stultz <john.stultz@linaro.org>
wrote:
> > > On 08/07/2012 02:50 PM, Paul Moore wrote:
> > >> On Tue, Aug 7, 2012 at 2:12 PM, John Stultz <john.stultz@linaro.org>
> > >>
> > >> wrote:
> > >>> Hi,
> > >>>
> > >>> With my kvm environment using 3.6-rc1+, I'm seeing NULL pointer
> > >>>
> > >>> dereferences in selinux_ip_postroute_compat(). It looks like the sksec
> > >>> value
> > >>>
> > >>> is null and we die in the following line:
> > >>> if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto))
> > >>>
> > >>> This triggers every time I shutdown the machine, but has also
> > >>> triggered
> > >>> randomly after a few hours.
> > >>>
> > >>> This is on an ubuntu 12.04 image, not using selinux.
> > >>
> > >> NOTE: Adding the SELinux list to the CC line
> > >
> > > Thanks!
> > >
> > >> Hi,
> > >>
> > >> I'm trying to understand this and I was hoping you could you clarify a
> > >> few things for me:
> > >>
> > >> * Is the panic in the Ubuntu 12.04 guest, or the host? If the host,
> > >> could you share what distribution you are using?
> > >
> > > Sorry, its a 12.04 guest. I think the host is Ubuntu 12.04 as well.
> > >
> > >> * When you say you are not using SELinux, could you be more specific?
> > >> It seems odd that you are not using SELinux but the panic is happening
> > >> in a SELinux hook.
> > >
> > > I just mean that, being Ubuntu, the system (userland) isn't configured
> > > to
> > > use selinux. SELinux is just enabled in the kernel config.
> >
> > Thanks for the quick response, I'll setup an Ubuntu guest and see if I
> > can reproduce this ... something is odd. Anything non-standard about
> > your guest install or anything else you think might be helpful?
>
> The problem seems to be that selinux_nf_ip_init() was called, which
> registers the selinux_ipv4_ops (and ipv6). Those should not get registered
> if selinux ends up not being loaded (as in, if apparmor is loaded first),
> since as you've found here the selinux lsm hooks won't be called to set
> call selinux_sk_alloc_security().
>
> I assume what's happening is that CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE
> was set to 1, but selinux ended up being set to disabled after the
> __initcall(selinux_nf_ip_init) ran? Weird.
Yeah, nothing obvious is jumping out at me in the code except for some weird
race condition like you mention above. I'm downloading an Ubuntu ISO right
now, it should be ready to play with tomorrow morning.
--
paul moore
www.paul-moore.com
^ permalink raw reply [flat|nested] 47+ messages in thread
* Re: NULL pointer dereference in selinux_ip_postroute_compat
2012-08-07 22:01 ` Paul Moore
2012-08-07 22:17 ` Serge E. Hallyn
@ 2012-08-07 22:26 ` John Stultz
2012-08-07 22:31 ` John Stultz
1 sibling, 1 reply; 47+ messages in thread
From: John Stultz @ 2012-08-07 22:26 UTC (permalink / raw)
To: Paul Moore; +Cc: lkml, Serge E. Hallyn, James Morris, selinux
On 08/07/2012 03:01 PM, Paul Moore wrote:
> On Tue, Aug 7, 2012 at 5:58 PM, John Stultz <john.stultz@linaro.org> wrote:
>> On 08/07/2012 02:50 PM, Paul Moore wrote:
>>> On Tue, Aug 7, 2012 at 2:12 PM, John Stultz <john.stultz@linaro.org>
>>> wrote:
>>>> Hi,
>>>> With my kvm environment using 3.6-rc1+, I'm seeing NULL pointer
>>>> dereferences in selinux_ip_postroute_compat(). It looks like the sksec
>>>> value
>>>> is null and we die in the following line:
>>>>
>>>> if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto))
>>>>
>>>> This triggers every time I shutdown the machine, but has also triggered
>>>> randomly after a few hours.
>>>>
>>>> This is on an ubuntu 12.04 image, not using selinux.
>>> NOTE: Adding the SELinux list to the CC line
>> Thanks!
>>
>>> Hi,
>>>
>>> I'm trying to understand this and I was hoping you could you clarify a
>>> few things for me:
>>>
>>> * Is the panic in the Ubuntu 12.04 guest, or the host? If the host,
>>> could you share what distribution you are using?
>> Sorry, its a 12.04 guest. I think the host is Ubuntu 12.04 as well.
>>
>>
>>> * When you say you are not using SELinux, could you be more specific?
>>> It seems odd that you are not using SELinux but the panic is happening
>>> in a SELinux hook.
>> I just mean that, being Ubuntu, the system (userland) isn't configured to
>> use selinux. SELinux is just enabled in the kernel config.
> Thanks for the quick response, I'll setup an Ubuntu guest and see if I
> can reproduce this ... something is odd. Anything non-standard about
> your guest install or anything else you think might be helpful?
Don't think so. Just a standard 64bit ubuntu 12.04 install.
Since I'm booting kernel/initrd from the commandline, the initrd *may*
be older then 12.04, I can't quite remember when I copied that out of
the image. I'll see if it still triggers if I copy the current initrd out.
thanks
-john
^ permalink raw reply [flat|nested] 47+ messages in thread
* Re: NULL pointer dereference in selinux_ip_postroute_compat
2012-08-07 22:26 ` John Stultz
@ 2012-08-07 22:31 ` John Stultz
0 siblings, 0 replies; 47+ messages in thread
From: John Stultz @ 2012-08-07 22:31 UTC (permalink / raw)
To: Paul Moore; +Cc: lkml, Serge E. Hallyn, James Morris, selinux
On 08/07/2012 03:26 PM, John Stultz wrote:
> On 08/07/2012 03:01 PM, Paul Moore wrote:
>> On Tue, Aug 7, 2012 at 5:58 PM, John Stultz <john.stultz@linaro.org>
>> wrote:
>>> On 08/07/2012 02:50 PM, Paul Moore wrote:
>>>> On Tue, Aug 7, 2012 at 2:12 PM, John Stultz <john.stultz@linaro.org>
>>>> wrote:
>>>>> Hi,
>>>>> With my kvm environment using 3.6-rc1+, I'm seeing NULL pointer
>>>>> dereferences in selinux_ip_postroute_compat(). It looks like the
>>>>> sksec
>>>>> value
>>>>> is null and we die in the following line:
>>>>>
>>>>> if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto))
>>>>>
>>>>> This triggers every time I shutdown the machine, but has also
>>>>> triggered
>>>>> randomly after a few hours.
>>>>>
>>>>> This is on an ubuntu 12.04 image, not using selinux.
>>>> NOTE: Adding the SELinux list to the CC line
>>> Thanks!
>>>
>>>> Hi,
>>>>
>>>> I'm trying to understand this and I was hoping you could you clarify a
>>>> few things for me:
>>>>
>>>> * Is the panic in the Ubuntu 12.04 guest, or the host? If the host,
>>>> could you share what distribution you are using?
>>> Sorry, its a 12.04 guest. I think the host is Ubuntu 12.04 as well.
>>>
>>>
>>>> * When you say you are not using SELinux, could you be more specific?
>>>> It seems odd that you are not using SELinux but the panic is happening
>>>> in a SELinux hook.
>>> I just mean that, being Ubuntu, the system (userland) isn't
>>> configured to
>>> use selinux. SELinux is just enabled in the kernel config.
>> Thanks for the quick response, I'll setup an Ubuntu guest and see if I
>> can reproduce this ... something is odd. Anything non-standard about
>> your guest install or anything else you think might be helpful?
> Don't think so. Just a standard 64bit ubuntu 12.04 install.
>
> Since I'm booting kernel/initrd from the commandline, the initrd *may*
> be older then 12.04, I can't quite remember when I copied that out of
> the image. I'll see if it still triggers if I copy the current initrd
> out.
Nope, that's not it, I just triggered the same thing w/ the Ubuntu 12.04
initrd on the image.
thanks
-john
^ permalink raw reply [flat|nested] 47+ messages in thread
* Re: NULL pointer dereference in selinux_ip_postroute_compat
2012-08-07 22:17 ` Serge E. Hallyn
2012-08-07 22:23 ` Paul Moore
@ 2012-08-07 22:37 ` John Stultz
2012-08-08 19:14 ` John Stultz
2012-08-08 16:58 ` John Johansen
2 siblings, 1 reply; 47+ messages in thread
From: John Stultz @ 2012-08-07 22:37 UTC (permalink / raw)
To: Serge E. Hallyn; +Cc: Paul Moore, lkml, James Morris, selinux
On 08/07/2012 03:17 PM, Serge E. Hallyn wrote:
> Quoting Paul Moore (paul@paul-moore.com):
>> On Tue, Aug 7, 2012 at 5:58 PM, John Stultz <john.stultz@linaro.org> wrote:
>>> On 08/07/2012 02:50 PM, Paul Moore wrote:
>>>> On Tue, Aug 7, 2012 at 2:12 PM, John Stultz <john.stultz@linaro.org>
>>>> wrote:
>>>>> Hi,
>>>>> With my kvm environment using 3.6-rc1+, I'm seeing NULL pointer
>>>>> dereferences in selinux_ip_postroute_compat(). It looks like the sksec
>>>>> value
>>>>> is null and we die in the following line:
>>>>>
>>>>> if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto))
>>>>>
>>>>> This triggers every time I shutdown the machine, but has also triggered
>>>>> randomly after a few hours.
>>>>>
>>>>> This is on an ubuntu 12.04 image, not using selinux.
>>>> NOTE: Adding the SELinux list to the CC line
>>> Thanks!
>>>
>>>> Hi,
>>>>
>>>> I'm trying to understand this and I was hoping you could you clarify a
>>>> few things for me:
>>>>
>>>> * Is the panic in the Ubuntu 12.04 guest, or the host? If the host,
>>>> could you share what distribution you are using?
>>> Sorry, its a 12.04 guest. I think the host is Ubuntu 12.04 as well.
>>>
>>>
>>>> * When you say you are not using SELinux, could you be more specific?
>>>> It seems odd that you are not using SELinux but the panic is happening
>>>> in a SELinux hook.
>>> I just mean that, being Ubuntu, the system (userland) isn't configured to
>>> use selinux. SELinux is just enabled in the kernel config.
>> Thanks for the quick response, I'll setup an Ubuntu guest and see if I
>> can reproduce this ... something is odd. Anything non-standard about
>> your guest install or anything else you think might be helpful?
> The problem seems to be that selinux_nf_ip_init() was called, which
> registers the selinux_ipv4_ops (and ipv6). Those should not get registered
> if selinux ends up not being loaded (as in, if apparmor is loaded first),
> since as you've found here the selinux lsm hooks won't be called to set
> call selinux_sk_alloc_security().
This sounds about right:
root@testvm:~# dmesg | grep SELinux
[ 0.004578] SELinux: Initializing.
[ 0.005704] SELinux: Starting in permissive mode
[ 2.235034] SELinux: Registering netfilter hooks
> I assume what's happening is that CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE was
> set to 1, but selinux ended up being set to disabled after the
> __initcall(selinux_nf_ip_init) ran? Weird.
This looks right as well:
# zcat config.gz | grep SELINUX
CONFIG_SECURITY_SELINUX=y
CONFIG_SECURITY_SELINUX_BOOTPARAM=y
CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1
CONFIG_SECURITY_SELINUX_DISABLE=y
CONFIG_SECURITY_SELINUX_DEVELOP=y
CONFIG_SECURITY_SELINUX_AVC_STATS=y
CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
# CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX is not set
CONFIG_DEFAULT_SECURITY_SELINUX=y
Since the problem isn't completely obvious, I'm starting a bisection to
narrow this down some more.
thanks
-john
^ permalink raw reply [flat|nested] 47+ messages in thread
* Re: NULL pointer dereference in selinux_ip_postroute_compat
2012-08-07 22:17 ` Serge E. Hallyn
2012-08-07 22:23 ` Paul Moore
2012-08-07 22:37 ` John Stultz
@ 2012-08-08 16:58 ` John Johansen
2 siblings, 0 replies; 47+ messages in thread
From: John Johansen @ 2012-08-08 16:58 UTC (permalink / raw)
To: Serge E. Hallyn; +Cc: Paul Moore, John Stultz, lkml, James Morris, selinux
On 08/07/2012 03:17 PM, Serge E. Hallyn wrote:
> Quoting Paul Moore (paul@paul-moore.com):
>> On Tue, Aug 7, 2012 at 5:58 PM, John Stultz <john.stultz@linaro.org> wrote:
>>> On 08/07/2012 02:50 PM, Paul Moore wrote:
>>>>
>>>> On Tue, Aug 7, 2012 at 2:12 PM, John Stultz <john.stultz@linaro.org>
>>>> wrote:
>>>>>
>>>>> Hi,
>>>>> With my kvm environment using 3.6-rc1+, I'm seeing NULL pointer
>>>>> dereferences in selinux_ip_postroute_compat(). It looks like the sksec
>>>>> value
>>>>> is null and we die in the following line:
>>>>>
>>>>> if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto))
>>>>>
>>>>> This triggers every time I shutdown the machine, but has also triggered
>>>>> randomly after a few hours.
>>>>>
>>>>> This is on an ubuntu 12.04 image, not using selinux.
>>>>
>>>> NOTE: Adding the SELinux list to the CC line
>>>
>>> Thanks!
>>>
>>>> Hi,
>>>>
>>>> I'm trying to understand this and I was hoping you could you clarify a
>>>> few things for me:
>>>>
>>>> * Is the panic in the Ubuntu 12.04 guest, or the host? If the host,
>>>> could you share what distribution you are using?
>>>
>>> Sorry, its a 12.04 guest. I think the host is Ubuntu 12.04 as well.
>>>
>>>
>>>> * When you say you are not using SELinux, could you be more specific?
>>>> It seems odd that you are not using SELinux but the panic is happening
>>>> in a SELinux hook.
>>>
>>> I just mean that, being Ubuntu, the system (userland) isn't configured to
>>> use selinux. SELinux is just enabled in the kernel config.
>>
>> Thanks for the quick response, I'll setup an Ubuntu guest and see if I
>> can reproduce this ... something is odd. Anything non-standard about
>> your guest install or anything else you think might be helpful?
>
> The problem seems to be that selinux_nf_ip_init() was called, which
> registers the selinux_ipv4_ops (and ipv6). Those should not get registered
> if selinux ends up not being loaded (as in, if apparmor is loaded first),
> since as you've found here the selinux lsm hooks won't be called to set
> call selinux_sk_alloc_security().
>
> I assume what's happening is that CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE was
> set to 1, but selinux ended up being set to disabled after the
> __initcall(selinux_nf_ip_init) ran? Weird.
>
Its not an Ubuntu kernel. The config has selinux set as the only LSM and
it is configured to be on by default
^ permalink raw reply [flat|nested] 47+ messages in thread
* Re: NULL pointer dereference in selinux_ip_postroute_compat
2012-08-07 22:37 ` John Stultz
@ 2012-08-08 19:14 ` John Stultz
2012-08-08 19:26 ` Paul Moore
2012-08-08 19:29 ` Eric Dumazet
0 siblings, 2 replies; 47+ messages in thread
From: John Stultz @ 2012-08-08 19:14 UTC (permalink / raw)
To: Serge E. Hallyn
Cc: Paul Moore, lkml, James Morris, selinux, Eric Dumazet,
john.johansen
On 08/07/2012 03:37 PM, John Stultz wrote:
> On 08/07/2012 03:17 PM, Serge E. Hallyn wrote:
>> Quoting Paul Moore (paul@paul-moore.com):
>>> On Tue, Aug 7, 2012 at 5:58 PM, John Stultz <john.stultz@linaro.org>
>>> wrote:
>>>> On 08/07/2012 02:50 PM, Paul Moore wrote:
>>>>> On Tue, Aug 7, 2012 at 2:12 PM, John Stultz <john.stultz@linaro.org>
>>>>> wrote:
>>>>>> Hi,
>>>>>> With my kvm environment using 3.6-rc1+, I'm seeing NULL
>>>>>> pointer
>>>>>> dereferences in selinux_ip_postroute_compat(). It looks like the
>>>>>> sksec
>>>>>> value
>>>>>> is null and we die in the following line:
>>>>>>
>>>>>> if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto))
>>>>>>
>>>>>> This triggers every time I shutdown the machine, but has also
>>>>>> triggered
>>>>>> randomly after a few hours.
[snip]
>> The problem seems to be that selinux_nf_ip_init() was called, which
>> registers the selinux_ipv4_ops (and ipv6). Those should not get
>> registered
>> if selinux ends up not being loaded (as in, if apparmor is loaded
>> first),
>> since as you've found here the selinux lsm hooks won't be called to set
>> call selinux_sk_alloc_security().
> This sounds about right:
> root@testvm:~# dmesg | grep SELinux
> [ 0.004578] SELinux: Initializing.
> [ 0.005704] SELinux: Starting in permissive mode
> [ 2.235034] SELinux: Registering netfilter hooks
>
>> I assume what's happening is that
>> CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE was
>> set to 1, but selinux ended up being set to disabled after the
>> __initcall(selinux_nf_ip_init) ran? Weird.
> This looks right as well:
>
> # zcat config.gz | grep SELINUX
> CONFIG_SECURITY_SELINUX=y
> CONFIG_SECURITY_SELINUX_BOOTPARAM=y
> CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1
> CONFIG_SECURITY_SELINUX_DISABLE=y
> CONFIG_SECURITY_SELINUX_DEVELOP=y
> CONFIG_SECURITY_SELINUX_AVC_STATS=y
> CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
> # CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX is not set
> CONFIG_DEFAULT_SECURITY_SELINUX=y
>
>
> Since the problem isn't completely obvious, I'm starting a bisection
> to narrow this down some more.
So I bisected this down and it seems to be the following commit:
commit be9f4a44e7d41cee50ddb5f038fc2391cbbb4046
Author: Eric Dumazet <edumazet@google.com>
Date: Thu Jul 19 07:34:03 2012 +0000
ipv4: tcp: remove per net tcp_sock
It doesn't revert totally cleanly, but after fixing up the rejections
and booting with this patch removed on top of Linus' head the oops on
shutdown goes away.
thanks
-john
^ permalink raw reply [flat|nested] 47+ messages in thread
* Re: NULL pointer dereference in selinux_ip_postroute_compat
2012-08-08 19:14 ` John Stultz
@ 2012-08-08 19:26 ` Paul Moore
2012-08-08 19:38 ` Eric Dumazet
2012-08-08 19:29 ` Eric Dumazet
1 sibling, 1 reply; 47+ messages in thread
From: Paul Moore @ 2012-08-08 19:26 UTC (permalink / raw)
To: John Stultz
Cc: Serge E. Hallyn, lkml, James Morris, selinux, Eric Dumazet,
john.johansen
On Wednesday, August 08, 2012 12:14:42 PM John Stultz wrote:
> So I bisected this down and it seems to be the following commit:
>
> commit be9f4a44e7d41cee50ddb5f038fc2391cbbb4046
> Author: Eric Dumazet <edumazet@google.com>
> Date: Thu Jul 19 07:34:03 2012 +0000
>
> ipv4: tcp: remove per net tcp_sock
>
>
> It doesn't revert totally cleanly, but after fixing up the rejections
> and booting with this patch removed on top of Linus' head the oops on
> shutdown goes away.
Thanks!
It looks the like there is a bug in ip_send_unicast_reply() which uses a
inet_sock/sock struct which does not have the LSM data properly initialized.
I'll put together a patch shortly.
--
paul moore
www.paul-moore.com
^ permalink raw reply [flat|nested] 47+ messages in thread
* Re: NULL pointer dereference in selinux_ip_postroute_compat
2012-08-08 19:14 ` John Stultz
2012-08-08 19:26 ` Paul Moore
@ 2012-08-08 19:29 ` Eric Dumazet
1 sibling, 0 replies; 47+ messages in thread
From: Eric Dumazet @ 2012-08-08 19:29 UTC (permalink / raw)
To: John Stultz
Cc: Serge E. Hallyn, Paul Moore, lkml, James Morris, selinux,
Eric Dumazet, john.johansen
On Wed, 2012-08-08 at 12:14 -0700, John Stultz wrote:
> On 08/07/2012 03:37 PM, John Stultz wrote:
> > On 08/07/2012 03:17 PM, Serge E. Hallyn wrote:
> >> Quoting Paul Moore (paul@paul-moore.com):
> >>> On Tue, Aug 7, 2012 at 5:58 PM, John Stultz <john.stultz@linaro.org>
> >>> wrote:
> >>>> On 08/07/2012 02:50 PM, Paul Moore wrote:
> >>>>> On Tue, Aug 7, 2012 at 2:12 PM, John Stultz <john.stultz@linaro.org>
> >>>>> wrote:
> >>>>>> Hi,
> >>>>>> With my kvm environment using 3.6-rc1+, I'm seeing NULL
> >>>>>> pointer
> >>>>>> dereferences in selinux_ip_postroute_compat(). It looks like the
> >>>>>> sksec
> >>>>>> value
> >>>>>> is null and we die in the following line:
> >>>>>>
> >>>>>> if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto))
> >>>>>>
> >>>>>> This triggers every time I shutdown the machine, but has also
> >>>>>> triggered
> >>>>>> randomly after a few hours.
> [snip]
> >> The problem seems to be that selinux_nf_ip_init() was called, which
> >> registers the selinux_ipv4_ops (and ipv6). Those should not get
> >> registered
> >> if selinux ends up not being loaded (as in, if apparmor is loaded
> >> first),
> >> since as you've found here the selinux lsm hooks won't be called to set
> >> call selinux_sk_alloc_security().
> > This sounds about right:
> > root@testvm:~# dmesg | grep SELinux
> > [ 0.004578] SELinux: Initializing.
> > [ 0.005704] SELinux: Starting in permissive mode
> > [ 2.235034] SELinux: Registering netfilter hooks
> >
> >> I assume what's happening is that
> >> CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE was
> >> set to 1, but selinux ended up being set to disabled after the
> >> __initcall(selinux_nf_ip_init) ran? Weird.
> > This looks right as well:
> >
> > # zcat config.gz | grep SELINUX
> > CONFIG_SECURITY_SELINUX=y
> > CONFIG_SECURITY_SELINUX_BOOTPARAM=y
> > CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1
> > CONFIG_SECURITY_SELINUX_DISABLE=y
> > CONFIG_SECURITY_SELINUX_DEVELOP=y
> > CONFIG_SECURITY_SELINUX_AVC_STATS=y
> > CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
> > # CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX is not set
> > CONFIG_DEFAULT_SECURITY_SELINUX=y
> >
> >
> > Since the problem isn't completely obvious, I'm starting a bisection
> > to narrow this down some more.
>
> So I bisected this down and it seems to be the following commit:
>
> commit be9f4a44e7d41cee50ddb5f038fc2391cbbb4046
> Author: Eric Dumazet <edumazet@google.com>
> Date: Thu Jul 19 07:34:03 2012 +0000
>
> ipv4: tcp: remove per net tcp_sock
>
>
> It doesn't revert totally cleanly, but after fixing up the rejections
> and booting with this patch removed on top of Linus' head the oops on
> shutdown goes away.
Thanks for doing this.
So sk_security is NULL and selinux crashes on it.
I guess I need to call security_sk_alloc().
^ permalink raw reply [flat|nested] 47+ messages in thread
* Re: NULL pointer dereference in selinux_ip_postroute_compat
2012-08-08 19:26 ` Paul Moore
@ 2012-08-08 19:38 ` Eric Dumazet
2012-08-08 19:49 ` John Stultz
` (2 more replies)
0 siblings, 3 replies; 47+ messages in thread
From: Eric Dumazet @ 2012-08-08 19:38 UTC (permalink / raw)
To: Paul Moore
Cc: John Stultz, Serge E. Hallyn, lkml, James Morris, selinux,
Eric Dumazet, john.johansen
On Wed, 2012-08-08 at 15:26 -0400, Paul Moore wrote:
> On Wednesday, August 08, 2012 12:14:42 PM John Stultz wrote:
> > So I bisected this down and it seems to be the following commit:
> >
> > commit be9f4a44e7d41cee50ddb5f038fc2391cbbb4046
> > Author: Eric Dumazet <edumazet@google.com>
> > Date: Thu Jul 19 07:34:03 2012 +0000
> >
> > ipv4: tcp: remove per net tcp_sock
> >
> >
> > It doesn't revert totally cleanly, but after fixing up the rejections
> > and booting with this patch removed on top of Linus' head the oops on
> > shutdown goes away.
>
> Thanks!
>
> It looks the like there is a bug in ip_send_unicast_reply() which uses a
> inet_sock/sock struct which does not have the LSM data properly initialized.
>
> I'll put together a patch shortly.
>
Something like this ?
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index ba39a52..027a331 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -1524,6 +1524,10 @@ void ip_send_unicast_reply(struct net *net, struct sk_buff *skb, __be32 daddr,
sk->sk_priority = skb->priority;
sk->sk_protocol = ip_hdr(skb)->protocol;
sk->sk_bound_dev_if = arg->bound_dev_if;
+#ifdef CONFIG_SECURITY
+ if (!sk->sk_security && security_sk_alloc(sk, PF_INET, GFP_ATOMIC))
+ goto out;
+#endif
sock_net_set(sk, net);
__skb_queue_head_init(&sk->sk_write_queue);
sk->sk_sndbuf = sysctl_wmem_default;
@@ -1539,7 +1543,7 @@ void ip_send_unicast_reply(struct net *net, struct sk_buff *skb, __be32 daddr,
skb_set_queue_mapping(nskb, skb_get_queue_mapping(skb));
ip_push_pending_frames(sk, &fl4);
}
-
+out:
put_cpu_var(unicast_sock);
ip_rt_put(rt);
^ permalink raw reply related [flat|nested] 47+ messages in thread
* Re: NULL pointer dereference in selinux_ip_postroute_compat
2012-08-08 19:38 ` Eric Dumazet
@ 2012-08-08 19:49 ` John Stultz
2012-08-08 20:04 ` Eric Dumazet
2012-08-08 19:50 ` Paul Moore
2012-08-08 19:59 ` Eric Paris
2 siblings, 1 reply; 47+ messages in thread
From: John Stultz @ 2012-08-08 19:49 UTC (permalink / raw)
To: Eric Dumazet
Cc: Paul Moore, Serge E. Hallyn, lkml, James Morris, selinux,
Eric Dumazet, john.johansen
On 08/08/2012 12:38 PM, Eric Dumazet wrote:
> On Wed, 2012-08-08 at 15:26 -0400, Paul Moore wrote:
>> It looks the like there is a bug in ip_send_unicast_reply() which uses a
>> inet_sock/sock struct which does not have the LSM data properly initialized.
>>
>> I'll put together a patch shortly.
> Something like this ?
>
> diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
> index ba39a52..027a331 100644
> --- a/net/ipv4/ip_output.c
> +++ b/net/ipv4/ip_output.c
> @@ -1524,6 +1524,10 @@ void ip_send_unicast_reply(struct net *net, struct sk_buff *skb, __be32 daddr,
> sk->sk_priority = skb->priority;
> sk->sk_protocol = ip_hdr(skb)->protocol;
> sk->sk_bound_dev_if = arg->bound_dev_if;
> +#ifdef CONFIG_SECURITY
> + if (!sk->sk_security && security_sk_alloc(sk, PF_INET, GFP_ATOMIC))
> + goto out;
> +#endif
> sock_net_set(sk, net);
> __skb_queue_head_init(&sk->sk_write_queue);
> sk->sk_sndbuf = sysctl_wmem_default;
> @@ -1539,7 +1543,7 @@ void ip_send_unicast_reply(struct net *net, struct sk_buff *skb, __be32 daddr,
> skb_set_queue_mapping(nskb, skb_get_queue_mapping(skb));
> ip_push_pending_frames(sk, &fl4);
> }
> -
> +out:
> put_cpu_var(unicast_sock);
>
> ip_rt_put(rt);
I can't comment on the patch itself, but I tested it against Linus' HEAD
and it seems to resolve the oops on shutdown for me.
thanks
-john
^ permalink raw reply [flat|nested] 47+ messages in thread
* Re: NULL pointer dereference in selinux_ip_postroute_compat
2012-08-08 19:38 ` Eric Dumazet
2012-08-08 19:49 ` John Stultz
@ 2012-08-08 19:50 ` Paul Moore
2012-08-08 20:04 ` Eric Dumazet
2012-08-08 19:59 ` Eric Paris
2 siblings, 1 reply; 47+ messages in thread
From: Paul Moore @ 2012-08-08 19:50 UTC (permalink / raw)
To: Eric Dumazet
Cc: John Stultz, Serge E. Hallyn, lkml, James Morris, selinux,
Eric Dumazet, john.johansen
On Wednesday, August 08, 2012 09:38:21 PM Eric Dumazet wrote:
> On Wed, 2012-08-08 at 15:26 -0400, Paul Moore wrote:
> > On Wednesday, August 08, 2012 12:14:42 PM John Stultz wrote:
> > > So I bisected this down and it seems to be the following commit:
> > >
> > > commit be9f4a44e7d41cee50ddb5f038fc2391cbbb4046
> > > Author: Eric Dumazet <edumazet@google.com>
> > > Date: Thu Jul 19 07:34:03 2012 +0000
> > >
> > > ipv4: tcp: remove per net tcp_sock
> > >
> > > It doesn't revert totally cleanly, but after fixing up the rejections
> > > and booting with this patch removed on top of Linus' head the oops on
> > > shutdown goes away.
> >
> > Thanks!
> >
> > It looks the like there is a bug in ip_send_unicast_reply() which uses a
> > inet_sock/sock struct which does not have the LSM data properly
> > initialized.
> >
> > I'll put together a patch shortly.
>
> Something like this ?
Yep. I was just trying to see if there was a way we could avoid having to
make it conditional on CONFIG_SECURITY, but I think this is a better approach
than the alternatives.
I'm also looking into making sure we get a sane LSM label on the per-cpu sock
as security_sk_alloc() just allocates and initializes the LSM blob to a basic
starting value (unlabeled_t in the case of SELinux) ... that is likely to be
the tricky bit.
Regardless, I'm okay with us merging the patch below now to fix the panic and
I'll supply a follow-up patch to fix the labeling once I figure out a solution
that seems reasonable. Does that work for you? David?
Acked-by: Paul Moore <paul@paul-moore.com>
> diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
> index ba39a52..027a331 100644
> --- a/net/ipv4/ip_output.c
> +++ b/net/ipv4/ip_output.c
> @@ -1524,6 +1524,10 @@ void ip_send_unicast_reply(struct net *net, struct
> sk_buff *skb, __be32 daddr, sk->sk_priority = skb->priority;
> sk->sk_protocol = ip_hdr(skb)->protocol;
> sk->sk_bound_dev_if = arg->bound_dev_if;
> +#ifdef CONFIG_SECURITY
> + if (!sk->sk_security && security_sk_alloc(sk, PF_INET, GFP_ATOMIC))
> + goto out;
> +#endif
> sock_net_set(sk, net);
> __skb_queue_head_init(&sk->sk_write_queue);
> sk->sk_sndbuf = sysctl_wmem_default;
> @@ -1539,7 +1543,7 @@ void ip_send_unicast_reply(struct net *net, struct
> sk_buff *skb, __be32 daddr, skb_set_queue_mapping(nskb,
> skb_get_queue_mapping(skb));
> ip_push_pending_frames(sk, &fl4);
> }
> -
> +out:
> put_cpu_var(unicast_sock);
>
> ip_rt_put(rt);
--
paul moore
www.paul-moore.com
^ permalink raw reply [flat|nested] 47+ messages in thread
* Re: NULL pointer dereference in selinux_ip_postroute_compat
2012-08-08 19:38 ` Eric Dumazet
2012-08-08 19:49 ` John Stultz
2012-08-08 19:50 ` Paul Moore
@ 2012-08-08 19:59 ` Eric Paris
2012-08-08 20:09 ` Eric Dumazet
2 siblings, 1 reply; 47+ messages in thread
From: Eric Paris @ 2012-08-08 19:59 UTC (permalink / raw)
To: Eric Dumazet
Cc: Paul Moore, John Stultz, Serge E. Hallyn, lkml, James Morris,
selinux, Eric Dumazet, john.johansen
On Wed, Aug 8, 2012 at 3:38 PM, Eric Dumazet <eric.dumazet@gmail.com> wrote:
> On Wed, 2012-08-08 at 15:26 -0400, Paul Moore wrote:
> diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
> index ba39a52..027a331 100644
> --- a/net/ipv4/ip_output.c
> +++ b/net/ipv4/ip_output.c
> @@ -1524,6 +1524,10 @@ void ip_send_unicast_reply(struct net *net, struct sk_buff *skb, __be32 daddr,
> sk->sk_priority = skb->priority;
> sk->sk_protocol = ip_hdr(skb)->protocol;
> sk->sk_bound_dev_if = arg->bound_dev_if;
> +#ifdef CONFIG_SECURITY
> + if (!sk->sk_security && security_sk_alloc(sk, PF_INET, GFP_ATOMIC))
> + goto out;
> +#endif
> sock_net_set(sk, net);
> __skb_queue_head_init(&sk->sk_write_queue);
> sk->sk_sndbuf = sysctl_wmem_default;
> @@ -1539,7 +1543,7 @@ void ip_send_unicast_reply(struct net *net, struct sk_buff *skb, __be32 daddr,
> skb_set_queue_mapping(nskb, skb_get_queue_mapping(skb));
> ip_push_pending_frames(sk, &fl4);
> }
> -
> +out:
> put_cpu_var(unicast_sock);
>
> ip_rt_put(rt);
Seems wrong. We shouldn't ever need ifdef CONFIG_SECURITY in core
code. Ifndef CONF_SECURITY then security_sk_alloc() is a static
inline return 0; I guess the question is "Where did the sk come
from"? Why wasn't security_sk_alloc() called when it was allocated?
Should it have been updated at some time and that wasn't done either?
Seems wrong to be putting packets on the queue for a socket where the
security data was never allocated and was never set to its proper
state.
there must be a bigger bug here...
-Eric
^ permalink raw reply [flat|nested] 47+ messages in thread
* Re: NULL pointer dereference in selinux_ip_postroute_compat
2012-08-08 19:50 ` Paul Moore
@ 2012-08-08 20:04 ` Eric Dumazet
0 siblings, 0 replies; 47+ messages in thread
From: Eric Dumazet @ 2012-08-08 20:04 UTC (permalink / raw)
To: Paul Moore
Cc: John Stultz, Serge E. Hallyn, lkml, James Morris, selinux,
Eric Dumazet, john.johansen
On Wed, 2012-08-08 at 15:50 -0400, Paul Moore wrote:
> Yep. I was just trying to see if there was a way we could avoid having to
> make it conditional on CONFIG_SECURITY, but I think this is a better approach
> than the alternatives.
>
> I'm also looking into making sure we get a sane LSM label on the per-cpu sock
> as security_sk_alloc() just allocates and initializes the LSM blob to a basic
> starting value (unlabeled_t in the case of SELinux) ... that is likely to be
> the tricky bit.
It seems previous code did the same thing in sk_prot_alloc() ?
>
> Regardless, I'm okay with us merging the patch below now to fix the panic and
> I'll supply a follow-up patch to fix the labeling once I figure out a solution
> that seems reasonable. Does that work for you? David?
>
> Acked-by: Paul Moore <paul@paul-moore.com>
John, could you confirm this fixes the problem ?
^ permalink raw reply [flat|nested] 47+ messages in thread
* Re: NULL pointer dereference in selinux_ip_postroute_compat
2012-08-08 19:49 ` John Stultz
@ 2012-08-08 20:04 ` Eric Dumazet
0 siblings, 0 replies; 47+ messages in thread
From: Eric Dumazet @ 2012-08-08 20:04 UTC (permalink / raw)
To: John Stultz
Cc: Paul Moore, Serge E. Hallyn, lkml, James Morris, selinux,
Eric Dumazet, john.johansen
On Wed, 2012-08-08 at 12:49 -0700, John Stultz wrote:
> I can't comment on the patch itself, but I tested it against Linus' HEAD
> and it seems to resolve the oops on shutdown for me.
OK, thanks !
^ permalink raw reply [flat|nested] 47+ messages in thread
* Re: NULL pointer dereference in selinux_ip_postroute_compat
2012-08-08 19:59 ` Eric Paris
@ 2012-08-08 20:09 ` Eric Dumazet
2012-08-08 20:32 ` Eric Dumazet
2012-08-08 20:35 ` NULL pointer dereference in selinux_ip_postroute_compat Paul Moore
0 siblings, 2 replies; 47+ messages in thread
From: Eric Dumazet @ 2012-08-08 20:09 UTC (permalink / raw)
To: Eric Paris
Cc: Paul Moore, John Stultz, Serge E. Hallyn, lkml, James Morris,
selinux, Eric Dumazet, john.johansen
On Wed, 2012-08-08 at 15:59 -0400, Eric Paris wrote:
> Seems wrong. We shouldn't ever need ifdef CONFIG_SECURITY in core
> code.
Sure but it seems include file misses an accessor for this.
We could add it on a future cleanup patch, as Paul mentioned.
> Ifndef CONF_SECURITY then security_sk_alloc() is a static
> inline return 0; I guess the question is "Where did the sk come
> from"? Why wasn't security_sk_alloc() called when it was allocated?
> Should it have been updated at some time and that wasn't done either?
> Seems wrong to be putting packets on the queue for a socket where the
> security data was never allocated and was never set to its proper
> state.
>
IMHO it seems wrong to even care about security for internal sockets.
They are per cpu, shared for all users on the machine.
What kind of security do you envision exactly ?
These unicast_sock are percpu, and preallocated.
/*
* Generic function to send a packet as reply to another packet.
* Used to send some TCP resets/acks so far.
*
* Use a fake percpu inet socket to avoid false sharing and contention.
*/
static DEFINE_PER_CPU(struct inet_sock, unicast_sock) = {
.sk = {
.__sk_common = {
.skc_refcnt = ATOMIC_INIT(1),
},
.sk_wmem_alloc = ATOMIC_INIT(1),
.sk_allocation = GFP_ATOMIC,
.sk_flags = (1UL << SOCK_USE_WRITE_QUEUE),
},
.pmtudisc = IP_PMTUDISC_WANT,
.uc_ttl = -1,
};
^ permalink raw reply [flat|nested] 47+ messages in thread
* Re: NULL pointer dereference in selinux_ip_postroute_compat
2012-08-08 20:09 ` Eric Dumazet
@ 2012-08-08 20:32 ` Eric Dumazet
2012-08-08 20:46 ` Paul Moore
2012-08-08 20:35 ` NULL pointer dereference in selinux_ip_postroute_compat Paul Moore
1 sibling, 1 reply; 47+ messages in thread
From: Eric Dumazet @ 2012-08-08 20:32 UTC (permalink / raw)
To: Eric Paris
Cc: Paul Moore, John Stultz, Serge E. Hallyn, lkml, James Morris,
selinux, Eric Dumazet, john.johansen
On Wed, 2012-08-08 at 22:09 +0200, Eric Dumazet wrote:
> On Wed, 2012-08-08 at 15:59 -0400, Eric Paris wrote:
>
> > Seems wrong. We shouldn't ever need ifdef CONFIG_SECURITY in core
> > code.
>
> Sure but it seems include file misses an accessor for this.
>
> We could add it on a future cleanup patch, as Paul mentioned.
I cooked following patch.
But smack/smack_lsm.c makes a reference to
smk_of_current()... so it seems we are in a hole...
It makes little sense to me to have any kind of security on this
internal sockets.
Maybe selinux should not crash if sk->sk_security is NULL ?
include/linux/security.h | 6 +++---
net/core/sock.c | 2 +-
net/ipv4/ip_output.c | 4 +++-
security/security.c | 4 ++--
security/selinux/hooks.c | 5 ++++-
security/smack/smack_lsm.c | 5 ++++-
6 files changed, 17 insertions(+), 9 deletions(-)
diff --git a/include/linux/security.h b/include/linux/security.h
index 4e5a73c..aa648b2 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1601,7 +1601,7 @@ struct security_operations {
int (*socket_sock_rcv_skb) (struct sock *sk, struct sk_buff *skb);
int (*socket_getpeersec_stream) (struct socket *sock, char __user *optval, int __user *optlen, unsigned len);
int (*socket_getpeersec_dgram) (struct socket *sock, struct sk_buff *skb, u32 *secid);
- int (*sk_alloc_security) (struct sock *sk, int family, gfp_t priority);
+ int (*sk_alloc_security) (struct sock *sk, int family, gfp_t priority, bool check);
void (*sk_free_security) (struct sock *sk);
void (*sk_clone_security) (const struct sock *sk, struct sock *newsk);
void (*sk_getsecid) (struct sock *sk, u32 *secid);
@@ -2539,7 +2539,7 @@ int security_sock_rcv_skb(struct sock *sk, struct sk_buff *skb);
int security_socket_getpeersec_stream(struct socket *sock, char __user *optval,
int __user *optlen, unsigned len);
int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid);
-int security_sk_alloc(struct sock *sk, int family, gfp_t priority);
+int security_sk_alloc(struct sock *sk, int family, gfp_t priority, bool check);
void security_sk_free(struct sock *sk);
void security_sk_clone(const struct sock *sk, struct sock *newsk);
void security_sk_classify_flow(struct sock *sk, struct flowi *fl);
@@ -2667,7 +2667,7 @@ static inline int security_socket_getpeersec_dgram(struct socket *sock, struct s
return -ENOPROTOOPT;
}
-static inline int security_sk_alloc(struct sock *sk, int family, gfp_t priority)
+static inline int security_sk_alloc(struct sock *sk, int family, gfp_t priority, bool check)
{
return 0;
}
diff --git a/net/core/sock.c b/net/core/sock.c
index 8f67ced..e00cadf 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -1186,7 +1186,7 @@ static struct sock *sk_prot_alloc(struct proto *prot, gfp_t priority,
if (sk != NULL) {
kmemcheck_annotate_bitfield(sk, flags);
- if (security_sk_alloc(sk, family, priority))
+ if (security_sk_alloc(sk, family, priority, false))
goto out_free;
if (!try_module_get(prot->owner))
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index 76dde25..b233d6e 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -1524,6 +1524,8 @@ void ip_send_unicast_reply(struct net *net, struct sk_buff *skb, __be32 daddr,
sk->sk_priority = skb->priority;
sk->sk_protocol = ip_hdr(skb)->protocol;
sk->sk_bound_dev_if = arg->bound_dev_if;
+ if (security_sk_alloc(sk, PF_INET, GFP_ATOMIC, true))
+ goto out;
sock_net_set(sk, net);
__skb_queue_head_init(&sk->sk_write_queue);
sk->sk_sndbuf = sysctl_wmem_default;
@@ -1539,7 +1541,7 @@ void ip_send_unicast_reply(struct net *net, struct sk_buff *skb, __be32 daddr,
skb_set_queue_mapping(nskb, skb_get_queue_mapping(skb));
ip_push_pending_frames(sk, &fl4);
}
-
+out:
put_cpu_var(unicast_sock);
ip_rt_put(rt);
diff --git a/security/security.c b/security/security.c
index 860aeb3..af7404e 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1146,9 +1146,9 @@ int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u
}
EXPORT_SYMBOL(security_socket_getpeersec_dgram);
-int security_sk_alloc(struct sock *sk, int family, gfp_t priority)
+int security_sk_alloc(struct sock *sk, int family, gfp_t priority, bool check)
{
- return security_ops->sk_alloc_security(sk, family, priority);
+ return security_ops->sk_alloc_security(sk, family, priority, check);
}
void security_sk_free(struct sock *sk)
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 6c77f63..459eca6 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -4289,10 +4289,13 @@ out:
return 0;
}
-static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority)
+static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority, bool check)
{
struct sk_security_struct *sksec;
+ if (check && sk->sk_security)
+ return 0;
+
sksec = kzalloc(sizeof(*sksec), priority);
if (!sksec)
return -ENOMEM;
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 8221514..8965cf1 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -1754,11 +1754,14 @@ static void smack_task_to_inode(struct task_struct *p, struct inode *inode)
*
* Returns 0 on success, -ENOMEM is there's no memory
*/
-static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags)
+static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags, bool check)
{
char *csp = smk_of_current();
struct socket_smack *ssp;
+ if (check && sk->sk_security)
+ return 0;
+
ssp = kzalloc(sizeof(struct socket_smack), gfp_flags);
if (ssp == NULL)
return -ENOMEM;
^ permalink raw reply related [flat|nested] 47+ messages in thread
* Re: NULL pointer dereference in selinux_ip_postroute_compat
2012-08-08 20:09 ` Eric Dumazet
2012-08-08 20:32 ` Eric Dumazet
@ 2012-08-08 20:35 ` Paul Moore
2012-08-08 20:51 ` Eric Paris
1 sibling, 1 reply; 47+ messages in thread
From: Paul Moore @ 2012-08-08 20:35 UTC (permalink / raw)
To: Eric Dumazet
Cc: Eric Paris, John Stultz, Serge E. Hallyn, lkml, James Morris,
selinux, Eric Dumazet, john.johansen
On Wednesday, August 08, 2012 10:09:38 PM Eric Dumazet wrote:
> On Wed, 2012-08-08 at 15:59 -0400, Eric Paris wrote:
> > Seems wrong. We shouldn't ever need ifdef CONFIG_SECURITY in core
> > code.
>
> Sure but it seems include file misses an accessor for this.
>
> We could add it on a future cleanup patch, as Paul mentioned.
Actually, the issue is that the shared socket doesn't have an init/alloc
function to do the LSM allocation like we do with other sockets so Eric's
patch does it as part of ip_send_unicast_reply().
If we look at the relevant part of Eric's patch:
+#ifdef CONFIG_SECURITY
+ if (!sk->sk_security && security_sk_alloc(sk, PF_INET, GFP_ATOMIC))
+ goto out;
+#endif
... if we were to remove the CONFIG_SECURITY conditional we would end up
calling security_sk_alloc() each time through in the CONFIG_SECURITY=n case as
sk->sk_security would never be initialized to a non-NULL value. In the
CONFIG_SECURITY=y case it should only be called once as security_sk_alloc()
should set sk->sk_security to a LSM blob.
> > Ifndef CONF_SECURITY then security_sk_alloc() is a static
> >
> > inline return 0; I guess the question is "Where did the sk come
> > from"? Why wasn't security_sk_alloc() called when it was allocated?
> > Should it have been updated at some time and that wasn't done either?
> > Seems wrong to be putting packets on the queue for a socket where the
> > security data was never allocated and was never set to its proper
> > state.
>
> IMHO it seems wrong to even care about security for internal sockets.
>
> They are per cpu, shared for all users on the machine.
The issue, from a security point of view, is that these sockets are sending
network traffic; even if it is just resets and timewait ACKs, it is still
network traffic and the LSMs need to be able to enforce security policy on
this traffic. After all, what would you say if your firewall let these same
packets pass without any filtering?
The issue I'm struggling with at present is how should we handle this traffic
from a LSM perspective. The label based LSMs, e.g. SELinux and Smack, use the
LSM blob assigned to locally generated outbound traffic to identify the
traffic and apply the security policy, so not only do we have to resolve the
issue of ensuring the traffic is labeled correctly, we have to do it with a
shared socket (although the patch didn't change the shared nature of the
socket).
For those who are interested, I think the reasonable labeling solution here is
to go with SECINITSID_KERNEL/kernel_t for SELinux and likely the ambient label
for Smack as in both the TCP reset and timewait ACK there shouldn't be any
actual user data present.
--
paul moore
www.paul-moore.com
^ permalink raw reply [flat|nested] 47+ messages in thread
* Re: NULL pointer dereference in selinux_ip_postroute_compat
2012-08-08 20:32 ` Eric Dumazet
@ 2012-08-08 20:46 ` Paul Moore
2012-08-08 21:54 ` Eric Dumazet
0 siblings, 1 reply; 47+ messages in thread
From: Paul Moore @ 2012-08-08 20:46 UTC (permalink / raw)
To: Eric Dumazet
Cc: Eric Paris, John Stultz, Serge E. Hallyn, lkml, James Morris,
selinux, Eric Dumazet, john.johansen
On Wednesday, August 08, 2012 10:32:52 PM Eric Dumazet wrote:
> On Wed, 2012-08-08 at 22:09 +0200, Eric Dumazet wrote:
> > On Wed, 2012-08-08 at 15:59 -0400, Eric Paris wrote:
> > > Seems wrong. We shouldn't ever need ifdef CONFIG_SECURITY in core
> > > code.
> >
> > Sure but it seems include file misses an accessor for this.
> >
> > We could add it on a future cleanup patch, as Paul mentioned.
>
> I cooked following patch.
> But smack/smack_lsm.c makes a reference to
> smk_of_current()... so it seems we are in a hole...
>
> It makes little sense to me to have any kind of security on this
> internal sockets.
>
> Maybe selinux should not crash if sk->sk_security is NULL ?
I realize our last emails probably passed each other mid-flight, but hopefully
it explains why we can't just pass packets when sk->sk_security is NULL.
Regardless, some quick comments below ...
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index 6c77f63..459eca6 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -4289,10 +4289,13 @@ out:
> return 0;
> }
>
> -static int selinux_sk_alloc_security(struct sock *sk, int family, ...
> +static int selinux_sk_alloc_security(struct sock *sk, int family, ...
> {
> struct sk_security_struct *sksec;
>
> + if (check && sk->sk_security)
> + return 0;
> +
> sksec = kzalloc(sizeof(*sksec), priority);
> if (!sksec)
> return -ENOMEM;
I think I might replace the "check" boolean with a "kern/kernel" boolean so
that in addition to the allocation we can also initialize the socket to
SECINITSID_KERNEL/kernel_t here in the case when the boolean is set. The only
place that would set the boolean to true would be ip_send_unicast_reply(), all
other callers would set it to false.
> diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
> index 8221514..8965cf1 100644
> --- a/security/smack/smack_lsm.c
> +++ b/security/smack/smack_lsm.c
> @@ -1754,11 +1754,14 @@ static void smack_task_to_inode(struct task_struct
> *p, struct inode *inode) *
> * Returns 0 on success, -ENOMEM is there's no memory
> */
> -static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t
> gfp_flags) +static int smack_sk_alloc_security(struct sock *sk, int family,
> gfp_t gfp_flags, bool check) {
> char *csp = smk_of_current();
> struct socket_smack *ssp;
>
> + if (check && sk->sk_security)
> + return 0;
> +
> ssp = kzalloc(sizeof(struct socket_smack), gfp_flags);
> if (ssp == NULL)
> return -ENOMEM;
In the case of Smack, when the kernel boolean is true I think the right
solution is to use smack_net_ambient.
--
paul moore
www.paul-moore.com
^ permalink raw reply [flat|nested] 47+ messages in thread
* Re: NULL pointer dereference in selinux_ip_postroute_compat
2012-08-08 20:35 ` NULL pointer dereference in selinux_ip_postroute_compat Paul Moore
@ 2012-08-08 20:51 ` Eric Paris
2012-08-08 21:03 ` Paul Moore
0 siblings, 1 reply; 47+ messages in thread
From: Eric Paris @ 2012-08-08 20:51 UTC (permalink / raw)
To: Paul Moore
Cc: Eric Dumazet, John Stultz, Serge E. Hallyn, lkml, James Morris,
selinux, Eric Dumazet, john.johansen
On Wed, Aug 8, 2012 at 4:35 PM, Paul Moore <paul@paul-moore.com> wrote:
> On Wednesday, August 08, 2012 10:09:38 PM Eric Dumazet wrote:
> Actually, the issue is that the shared socket doesn't have an init/alloc
> function to do the LSM allocation like we do with other sockets so Eric's
> patch does it as part of ip_send_unicast_reply().
>
> If we look at the relevant part of Eric's patch:
>
> +#ifdef CONFIG_SECURITY
> + if (!sk->sk_security && security_sk_alloc(sk, PF_INET, GFP_ATOMIC))
> + goto out;
> +#endif
>
> ... if we were to remove the CONFIG_SECURITY conditional we would end up
> calling security_sk_alloc() each time through in the CONFIG_SECURITY=n case as
> sk->sk_security would never be initialized to a non-NULL value. In the
> CONFIG_SECURITY=y case it should only be called once as security_sk_alloc()
> should set sk->sk_security to a LSM blob.
Ifndef SECURITY this turns into (because security_sk_alloc is a static
inline in that case)
if (!sk->sk_security && 0)
goto out;
Which I'd hope the compiler would optimize. So that only leaves us
caring about the case there CONFIG_SECURITY is true. In that case if
we need code which does if !alloc'd then alloc it seems we broke the
model of everything else in the code and added a branch needlessly.
Could we add a __init function which does the security_sk_alloc() in
the same file where we declared them?
>> IMHO it seems wrong to even care about security for internal sockets.
>>
>> They are per cpu, shared for all users on the machine.
>
> The issue, from a security point of view, is that these sockets are sending
> network traffic; even if it is just resets and timewait ACKs, it is still
> network traffic and the LSMs need to be able to enforce security policy on
> this traffic. After all, what would you say if your firewall let these same
> packets pass without any filtering?
>
> The issue I'm struggling with at present is how should we handle this traffic
> from a LSM perspective. The label based LSMs, e.g. SELinux and Smack, use the
> LSM blob assigned to locally generated outbound traffic to identify the
> traffic and apply the security policy, so not only do we have to resolve the
> issue of ensuring the traffic is labeled correctly, we have to do it with a
> shared socket (although the patch didn't change the shared nature of the
> socket).
>
> For those who are interested, I think the reasonable labeling solution here is
> to go with SECINITSID_KERNEL/kernel_t for SELinux and likely the ambient label
> for Smack as in both the TCP reset and timewait ACK there shouldn't be any
> actual user data present.
I'm willing to accept that argument from an SELinux perspective. I'd
also accept the argument that it is private and do something similar
to what we do with IS_PRIVATE on inodes. Although sockets probably
don't have a good field to use...
^ permalink raw reply [flat|nested] 47+ messages in thread
* Re: NULL pointer dereference in selinux_ip_postroute_compat
2012-08-08 20:51 ` Eric Paris
@ 2012-08-08 21:03 ` Paul Moore
2012-08-08 21:09 ` Eric Paris
0 siblings, 1 reply; 47+ messages in thread
From: Paul Moore @ 2012-08-08 21:03 UTC (permalink / raw)
To: Eric Paris
Cc: Eric Dumazet, John Stultz, Serge E. Hallyn, lkml, James Morris,
selinux, Eric Dumazet, john.johansen
On Wednesday, August 08, 2012 04:51:56 PM Eric Paris wrote:
> On Wed, Aug 8, 2012 at 4:35 PM, Paul Moore <paul@paul-moore.com> wrote:
> > On Wednesday, August 08, 2012 10:09:38 PM Eric Dumazet wrote:
> >
> > Actually, the issue is that the shared socket doesn't have an init/alloc
> > function to do the LSM allocation like we do with other sockets so Eric's
> > patch does it as part of ip_send_unicast_reply().
> >
> > If we look at the relevant part of Eric's patch:
> > +#ifdef CONFIG_SECURITY
> > + if (!sk->sk_security && security_sk_alloc(sk, PF_INET,
> > GFP_ATOMIC))
> > + goto out;
> > +#endif
> >
> > ... if we were to remove the CONFIG_SECURITY conditional we would end up
> > calling security_sk_alloc() each time through in the CONFIG_SECURITY=n
> > case as sk->sk_security would never be initialized to a non-NULL value.
> > In the CONFIG_SECURITY=y case it should only be called once as
> > security_sk_alloc() should set sk->sk_security to a LSM blob.
>
> Ifndef SECURITY this turns into (because security_sk_alloc is a static
> inline in that case)
>
> if (!sk->sk_security && 0)
> goto out;
>
> Which I'd hope the compiler would optimize. So that only leaves us
> caring about the case there CONFIG_SECURITY is true. In that case if
> we need code which does if !alloc'd then alloc it seems we broke the
> model of everything else in the code and added a branch needlessly.
>
> Could we add a __init function which does the security_sk_alloc() in
> the same file where we declared them?
Is it safe to call security_sk_alloc() from inside another __init function? I
think in both the case of SELinux and Smack it shouldn't be a problem, but I'm
concerned about the more general case of calling a LSM hook potentially before
the LSM has been initialized.
If that isn't an issue we could probably do something in ip_init().
> > The issue I'm struggling with at present is how should we handle this
> > traffic from a LSM perspective. The label based LSMs, e.g. SELinux and
> > Smack, use the LSM blob assigned to locally generated outbound traffic to
> > identify the traffic and apply the security policy, so not only do we
> > have to resolve the issue of ensuring the traffic is labeled correctly,
> > we have to do it with a shared socket (although the patch didn't change
> > the shared nature of the socket).
> >
> > For those who are interested, I think the reasonable labeling solution
> > here is to go with SECINITSID_KERNEL/kernel_t for SELinux and likely the
> > ambient label for Smack as in both the TCP reset and timewait ACK there
> > shouldn't be any actual user data present.
>
> I'm willing to accept that argument from an SELinux perspective. I'd
> also accept the argument that it is private and do something similar
> to what we do with IS_PRIVATE on inodes. Although sockets probably
> don't have a good field to use...
I'm not aware of one. See my comments on Eric's last patch posting (the other
Eric, not you).
--
paul moore
www.paul-moore.com
^ permalink raw reply [flat|nested] 47+ messages in thread
* Re: NULL pointer dereference in selinux_ip_postroute_compat
2012-08-08 21:03 ` Paul Moore
@ 2012-08-08 21:09 ` Eric Paris
0 siblings, 0 replies; 47+ messages in thread
From: Eric Paris @ 2012-08-08 21:09 UTC (permalink / raw)
To: Paul Moore
Cc: Eric Dumazet, John Stultz, Serge E. Hallyn, lkml, James Morris,
selinux, Eric Dumazet, john.johansen
On Wed, Aug 8, 2012 at 5:03 PM, Paul Moore <paul@paul-moore.com> wrote:
> On Wednesday, August 08, 2012 04:51:56 PM Eric Paris wrote:
>> Could we add a __init function which does the security_sk_alloc() in
>> the same file where we declared them?
>
> Is it safe to call security_sk_alloc() from inside another __init function? I
> think in both the case of SELinux and Smack it shouldn't be a problem, but I'm
> concerned about the more general case of calling a LSM hook potentially before
> the LSM has been initialized.
>
> If that isn't an issue we could probably do something in ip_init().
The security_initcall() functions should happen way before __init
functions. If an LSM busts, it's the LSM initializing itself too late
not the code here being wrong...
^ permalink raw reply [flat|nested] 47+ messages in thread
* Re: NULL pointer dereference in selinux_ip_postroute_compat
2012-08-08 20:46 ` Paul Moore
@ 2012-08-08 21:54 ` Eric Dumazet
2012-08-09 0:00 ` Casey Schaufler
0 siblings, 1 reply; 47+ messages in thread
From: Eric Dumazet @ 2012-08-08 21:54 UTC (permalink / raw)
To: Paul Moore
Cc: Eric Paris, John Stultz, Serge E. Hallyn, lkml, James Morris,
selinux, Eric Dumazet, john.johansen
On Wed, 2012-08-08 at 16:46 -0400, Paul Moore wrote:
> On Wednesday, August 08, 2012 10:32:52 PM Eric Dumazet wrote:
> > On Wed, 2012-08-08 at 22:09 +0200, Eric Dumazet wrote:
> > > On Wed, 2012-08-08 at 15:59 -0400, Eric Paris wrote:
> > > > Seems wrong. We shouldn't ever need ifdef CONFIG_SECURITY in core
> > > > code.
> > >
> > > Sure but it seems include file misses an accessor for this.
> > >
> > > We could add it on a future cleanup patch, as Paul mentioned.
> >
> > I cooked following patch.
> > But smack/smack_lsm.c makes a reference to
> > smk_of_current()... so it seems we are in a hole...
> >
> > It makes little sense to me to have any kind of security on this
> > internal sockets.
> >
> > Maybe selinux should not crash if sk->sk_security is NULL ?
>
> I realize our last emails probably passed each other mid-flight, but hopefully
> it explains why we can't just pass packets when sk->sk_security is NULL.
>
> Regardless, some quick comments below ...
>
> > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> > index 6c77f63..459eca6 100644
> > --- a/security/selinux/hooks.c
> > +++ b/security/selinux/hooks.c
> > @@ -4289,10 +4289,13 @@ out:
> > return 0;
> > }
> >
> > -static int selinux_sk_alloc_security(struct sock *sk, int family, ...
> > +static int selinux_sk_alloc_security(struct sock *sk, int family, ...
> > {
> > struct sk_security_struct *sksec;
> >
> > + if (check && sk->sk_security)
> > + return 0;
> > +
> > sksec = kzalloc(sizeof(*sksec), priority);
> > if (!sksec)
> > return -ENOMEM;
>
> I think I might replace the "check" boolean with a "kern/kernel" boolean so
> that in addition to the allocation we can also initialize the socket to
> SECINITSID_KERNEL/kernel_t here in the case when the boolean is set. The only
> place that would set the boolean to true would be ip_send_unicast_reply(), all
> other callers would set it to false.
>
> > diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
> > index 8221514..8965cf1 100644
> > --- a/security/smack/smack_lsm.c
> > +++ b/security/smack/smack_lsm.c
> > @@ -1754,11 +1754,14 @@ static void smack_task_to_inode(struct task_struct
> > *p, struct inode *inode) *
> > * Returns 0 on success, -ENOMEM is there's no memory
> > */
> > -static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t
> > gfp_flags) +static int smack_sk_alloc_security(struct sock *sk, int family,
> > gfp_t gfp_flags, bool check) {
> > char *csp = smk_of_current();
> > struct socket_smack *ssp;
> >
> > + if (check && sk->sk_security)
> > + return 0;
> > +
> > ssp = kzalloc(sizeof(struct socket_smack), gfp_flags);
> > if (ssp == NULL)
> > return -ENOMEM;
>
> In the case of Smack, when the kernel boolean is true I think the right
> solution is to use smack_net_ambient.
>
cool, here the last version :
diff --git a/include/linux/security.h b/include/linux/security.h
index 4e5a73c..4d8e454 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1601,7 +1601,7 @@ struct security_operations {
int (*socket_sock_rcv_skb) (struct sock *sk, struct sk_buff *skb);
int (*socket_getpeersec_stream) (struct socket *sock, char __user *optval, int __user *optlen, unsigned len);
int (*socket_getpeersec_dgram) (struct socket *sock, struct sk_buff *skb, u32 *secid);
- int (*sk_alloc_security) (struct sock *sk, int family, gfp_t priority);
+ int (*sk_alloc_security) (struct sock *sk, int family, gfp_t priority, bool kernel);
void (*sk_free_security) (struct sock *sk);
void (*sk_clone_security) (const struct sock *sk, struct sock *newsk);
void (*sk_getsecid) (struct sock *sk, u32 *secid);
@@ -2539,7 +2539,7 @@ int security_sock_rcv_skb(struct sock *sk, struct sk_buff *skb);
int security_socket_getpeersec_stream(struct socket *sock, char __user *optval,
int __user *optlen, unsigned len);
int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid);
-int security_sk_alloc(struct sock *sk, int family, gfp_t priority);
+int security_sk_alloc(struct sock *sk, int family, gfp_t priority, bool kernel);
void security_sk_free(struct sock *sk);
void security_sk_clone(const struct sock *sk, struct sock *newsk);
void security_sk_classify_flow(struct sock *sk, struct flowi *fl);
@@ -2667,7 +2667,7 @@ static inline int security_socket_getpeersec_dgram(struct socket *sock, struct s
return -ENOPROTOOPT;
}
-static inline int security_sk_alloc(struct sock *sk, int family, gfp_t priority)
+static inline int security_sk_alloc(struct sock *sk, int family, gfp_t priority, bool kernel)
{
return 0;
}
diff --git a/net/core/sock.c b/net/core/sock.c
index 8f67ced..e00cadf 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -1186,7 +1186,7 @@ static struct sock *sk_prot_alloc(struct proto *prot, gfp_t priority,
if (sk != NULL) {
kmemcheck_annotate_bitfield(sk, flags);
- if (security_sk_alloc(sk, family, priority))
+ if (security_sk_alloc(sk, family, priority, false))
goto out_free;
if (!try_module_get(prot->owner))
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index 76dde25..b233d6e 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -1524,6 +1524,8 @@ void ip_send_unicast_reply(struct net *net, struct sk_buff *skb, __be32 daddr,
sk->sk_priority = skb->priority;
sk->sk_protocol = ip_hdr(skb)->protocol;
sk->sk_bound_dev_if = arg->bound_dev_if;
+ if (security_sk_alloc(sk, PF_INET, GFP_ATOMIC, true))
+ goto out;
sock_net_set(sk, net);
__skb_queue_head_init(&sk->sk_write_queue);
sk->sk_sndbuf = sysctl_wmem_default;
@@ -1539,7 +1541,7 @@ void ip_send_unicast_reply(struct net *net, struct sk_buff *skb, __be32 daddr,
skb_set_queue_mapping(nskb, skb_get_queue_mapping(skb));
ip_push_pending_frames(sk, &fl4);
}
-
+out:
put_cpu_var(unicast_sock);
ip_rt_put(rt);
diff --git a/security/security.c b/security/security.c
index 860aeb3..23cf297 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1146,9 +1146,9 @@ int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u
}
EXPORT_SYMBOL(security_socket_getpeersec_dgram);
-int security_sk_alloc(struct sock *sk, int family, gfp_t priority)
+int security_sk_alloc(struct sock *sk, int family, gfp_t priority, bool kernel)
{
- return security_ops->sk_alloc_security(sk, family, priority);
+ return security_ops->sk_alloc_security(sk, family, priority, kernel);
}
void security_sk_free(struct sock *sk)
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 6c77f63..ccd4374 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -4289,10 +4289,13 @@ out:
return 0;
}
-static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority)
+static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority, bool kernel)
{
struct sk_security_struct *sksec;
+ if (kernel && sk->sk_security)
+ return 0;
+
sksec = kzalloc(sizeof(*sksec), priority);
if (!sksec)
return -ENOMEM;
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 8221514..207d9cc 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -1749,20 +1749,25 @@ static void smack_task_to_inode(struct task_struct *p, struct inode *inode)
* @sk: the socket
* @family: unused
* @gfp_flags: memory allocation flags
+ * @kernel: true if we should check sk_security being already set
*
* Assign Smack pointers to current
*
* Returns 0 on success, -ENOMEM is there's no memory
*/
-static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags)
+static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags, bool kernel)
{
char *csp = smk_of_current();
struct socket_smack *ssp;
+ if (kernel && sk->sk_security)
+ return 0;
+
ssp = kzalloc(sizeof(struct socket_smack), gfp_flags);
if (ssp == NULL)
return -ENOMEM;
-
+ /* kernel is true if called from ip_send_unicast_reply() */
+ csp = kernel ? smack_net_ambient : smk_of_current();
ssp->smk_in = csp;
ssp->smk_out = csp;
ssp->smk_packet = NULL;
^ permalink raw reply related [flat|nested] 47+ messages in thread
* Re: NULL pointer dereference in selinux_ip_postroute_compat
2012-08-08 21:54 ` Eric Dumazet
@ 2012-08-09 0:00 ` Casey Schaufler
2012-08-09 13:30 ` Paul Moore
0 siblings, 1 reply; 47+ messages in thread
From: Casey Schaufler @ 2012-08-09 0:00 UTC (permalink / raw)
To: Eric Dumazet
Cc: Paul Moore, Eric Paris, John Stultz, Serge E. Hallyn, lkml,
James Morris, selinux, Eric Dumazet, john.johansen, LSM,
Casey Schaufler
On 8/8/2012 2:54 PM, Eric Dumazet wrote:
By the way, once this proved to be an issue that involved
more than just SELinux it needed to go onto the LSM list as
well.
> On Wed, 2012-08-08 at 16:46 -0400, Paul Moore wrote:
>> On Wednesday, August 08, 2012 10:32:52 PM Eric Dumazet wrote:
>>> On Wed, 2012-08-08 at 22:09 +0200, Eric Dumazet wrote:
>>>> On Wed, 2012-08-08 at 15:59 -0400, Eric Paris wrote:
>>>>> Seems wrong. We shouldn't ever need ifdef CONFIG_SECURITY in core
>>>>> code.
>>>> Sure but it seems include file misses an accessor for this.
>>>>
>>>> We could add it on a future cleanup patch, as Paul mentioned.
>>> I cooked following patch.
>>> But smack/smack_lsm.c makes a reference to
>>> smk_of_current()... so it seems we are in a hole...
>>>
>>> It makes little sense to me to have any kind of security on this
>>> internal sockets.
>>>
>>> Maybe selinux should not crash if sk->sk_security is NULL ?
>> I realize our last emails probably passed each other mid-flight, but hopefully
>> it explains why we can't just pass packets when sk->sk_security is NULL.
>>
>> Regardless, some quick comments below ...
>>
>>> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
>>> index 6c77f63..459eca6 100644
>>> --- a/security/selinux/hooks.c
>>> +++ b/security/selinux/hooks.c
>>> @@ -4289,10 +4289,13 @@ out:
>>> return 0;
>>> }
>>>
>>> -static int selinux_sk_alloc_security(struct sock *sk, int family, ...
>>> +static int selinux_sk_alloc_security(struct sock *sk, int family, ...
>>> {
>>> struct sk_security_struct *sksec;
>>>
>>> + if (check && sk->sk_security)
>>> + return 0;
>>> +
>>> sksec = kzalloc(sizeof(*sksec), priority);
>>> if (!sksec)
>>> return -ENOMEM;
>> I think I might replace the "check" boolean with a "kern/kernel" boolean so
>> that in addition to the allocation we can also initialize the socket to
>> SECINITSID_KERNEL/kernel_t here in the case when the boolean is set. The only
>> place that would set the boolean to true would be ip_send_unicast_reply(), all
>> other callers would set it to false.
>>
>>> diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
>>> index 8221514..8965cf1 100644
>>> --- a/security/smack/smack_lsm.c
>>> +++ b/security/smack/smack_lsm.c
>>> @@ -1754,11 +1754,14 @@ static void smack_task_to_inode(struct task_struct
>>> *p, struct inode *inode) *
>>> * Returns 0 on success, -ENOMEM is there's no memory
>>> */
>>> -static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t
>>> gfp_flags) +static int smack_sk_alloc_security(struct sock *sk, int family,
>>> gfp_t gfp_flags, bool check) {
>>> char *csp = smk_of_current();
>>> struct socket_smack *ssp;
>>>
>>> + if (check && sk->sk_security)
>>> + return 0;
>>> +
>>> ssp = kzalloc(sizeof(struct socket_smack), gfp_flags);
>>> if (ssp == NULL)
>>> return -ENOMEM;
>> In the case of Smack, when the kernel boolean is true I think the right
>> solution is to use smack_net_ambient.
I confess that my understanding of unicast is limited.
If the intention is to send an unlabeled packet then
indeed smack_net_ambient is the way to go.
>>
> cool, here the last version :
>
> diff --git a/include/linux/security.h b/include/linux/security.h
> index 4e5a73c..4d8e454 100644
> --- a/include/linux/security.h
> +++ b/include/linux/security.h
> @@ -1601,7 +1601,7 @@ struct security_operations {
> int (*socket_sock_rcv_skb) (struct sock *sk, struct sk_buff *skb);
> int (*socket_getpeersec_stream) (struct socket *sock, char __user *optval, int __user *optlen, unsigned len);
> int (*socket_getpeersec_dgram) (struct socket *sock, struct sk_buff *skb, u32 *secid);
> - int (*sk_alloc_security) (struct sock *sk, int family, gfp_t priority);
> + int (*sk_alloc_security) (struct sock *sk, int family, gfp_t priority, bool kernel);
Is there no information already available in the sock
that will tell us this is a unicast operation?
> void (*sk_free_security) (struct sock *sk);
> void (*sk_clone_security) (const struct sock *sk, struct sock *newsk);
> void (*sk_getsecid) (struct sock *sk, u32 *secid);
> @@ -2539,7 +2539,7 @@ int security_sock_rcv_skb(struct sock *sk, struct sk_buff *skb);
> int security_socket_getpeersec_stream(struct socket *sock, char __user *optval,
> int __user *optlen, unsigned len);
> int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid);
> -int security_sk_alloc(struct sock *sk, int family, gfp_t priority);
> +int security_sk_alloc(struct sock *sk, int family, gfp_t priority, bool kernel);
> void security_sk_free(struct sock *sk);
> void security_sk_clone(const struct sock *sk, struct sock *newsk);
> void security_sk_classify_flow(struct sock *sk, struct flowi *fl);
> @@ -2667,7 +2667,7 @@ static inline int security_socket_getpeersec_dgram(struct socket *sock, struct s
> return -ENOPROTOOPT;
> }
>
> -static inline int security_sk_alloc(struct sock *sk, int family, gfp_t priority)
> +static inline int security_sk_alloc(struct sock *sk, int family, gfp_t priority, bool kernel)
> {
> return 0;
> }
> diff --git a/net/core/sock.c b/net/core/sock.c
> index 8f67ced..e00cadf 100644
> --- a/net/core/sock.c
> +++ b/net/core/sock.c
> @@ -1186,7 +1186,7 @@ static struct sock *sk_prot_alloc(struct proto *prot, gfp_t priority,
> if (sk != NULL) {
> kmemcheck_annotate_bitfield(sk, flags);
>
> - if (security_sk_alloc(sk, family, priority))
> + if (security_sk_alloc(sk, family, priority, false))
> goto out_free;
>
> if (!try_module_get(prot->owner))
> diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
> index 76dde25..b233d6e 100644
> --- a/net/ipv4/ip_output.c
> +++ b/net/ipv4/ip_output.c
> @@ -1524,6 +1524,8 @@ void ip_send_unicast_reply(struct net *net, struct sk_buff *skb, __be32 daddr,
> sk->sk_priority = skb->priority;
> sk->sk_protocol = ip_hdr(skb)->protocol;
> sk->sk_bound_dev_if = arg->bound_dev_if;
> + if (security_sk_alloc(sk, PF_INET, GFP_ATOMIC, true))
> + goto out;
> sock_net_set(sk, net);
> __skb_queue_head_init(&sk->sk_write_queue);
> sk->sk_sndbuf = sysctl_wmem_default;
> @@ -1539,7 +1541,7 @@ void ip_send_unicast_reply(struct net *net, struct sk_buff *skb, __be32 daddr,
> skb_set_queue_mapping(nskb, skb_get_queue_mapping(skb));
> ip_push_pending_frames(sk, &fl4);
> }
> -
> +out:
> put_cpu_var(unicast_sock);
>
> ip_rt_put(rt);
> diff --git a/security/security.c b/security/security.c
> index 860aeb3..23cf297 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -1146,9 +1146,9 @@ int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u
> }
> EXPORT_SYMBOL(security_socket_getpeersec_dgram);
>
> -int security_sk_alloc(struct sock *sk, int family, gfp_t priority)
> +int security_sk_alloc(struct sock *sk, int family, gfp_t priority, bool kernel)
> {
> - return security_ops->sk_alloc_security(sk, family, priority);
> + return security_ops->sk_alloc_security(sk, family, priority, kernel);
> }
>
> void security_sk_free(struct sock *sk)
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index 6c77f63..ccd4374 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -4289,10 +4289,13 @@ out:
> return 0;
> }
>
> -static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority)
> +static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority, bool kernel)
> {
> struct sk_security_struct *sksec;
>
> + if (kernel && sk->sk_security)
> + return 0;
> +
> sksec = kzalloc(sizeof(*sksec), priority);
> if (!sksec)
> return -ENOMEM;
> diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
> index 8221514..207d9cc 100644
> --- a/security/smack/smack_lsm.c
> +++ b/security/smack/smack_lsm.c
> @@ -1749,20 +1749,25 @@ static void smack_task_to_inode(struct task_struct *p, struct inode *inode)
> * @sk: the socket
> * @family: unused
> * @gfp_flags: memory allocation flags
> + * @kernel: true if we should check sk_security being already set
> *
> * Assign Smack pointers to current
> *
> * Returns 0 on success, -ENOMEM is there's no memory
> */
> -static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags)
> +static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags, bool kernel)
> {
> char *csp = smk_of_current();
> struct socket_smack *ssp;
>
> + if (kernel && sk->sk_security)
> + return 0;
> +
> ssp = kzalloc(sizeof(struct socket_smack), gfp_flags);
> if (ssp == NULL)
> return -ENOMEM;
> -
> + /* kernel is true if called from ip_send_unicast_reply() */
> + csp = kernel ? smack_net_ambient : smk_of_current();
How about ...
if (kernel)
csp = smack_net_ambient;
... as csp is set to smk_of_current() in the declaration.
That, or change the declaration.
> ssp->smk_in = csp;
> ssp->smk_out = csp;
> ssp->smk_packet = NULL;
>
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
>
^ permalink raw reply [flat|nested] 47+ messages in thread
* Re: NULL pointer dereference in selinux_ip_postroute_compat
2012-08-09 0:00 ` Casey Schaufler
@ 2012-08-09 13:30 ` Paul Moore
2012-08-09 14:27 ` Eric Dumazet
2012-08-09 14:50 ` [PATCH] ipv4: tcp: security_sk_alloc() needed for unicast_sock Eric Dumazet
0 siblings, 2 replies; 47+ messages in thread
From: Paul Moore @ 2012-08-09 13:30 UTC (permalink / raw)
To: Casey Schaufler
Cc: Eric Dumazet, Eric Paris, John Stultz, Serge E. Hallyn, lkml,
James Morris, selinux, Eric Dumazet, john.johansen, LSM
On Wednesday, August 08, 2012 05:00:26 PM Casey Schaufler wrote:
> On 8/8/2012 2:54 PM, Eric Dumazet wrote:
>
> By the way, once this proved to be an issue that involved
> more than just SELinux it needed to go onto the LSM list as
> well.
Yes, you're right.
> > On Wed, 2012-08-08 at 16:46 -0400, Paul Moore wrote:
> >> On Wednesday, August 08, 2012 10:32:52 PM Eric Dumazet wrote:
> >>> On Wed, 2012-08-08 at 22:09 +0200, Eric Dumazet wrote:
> >>> +static int smack_sk_alloc_security(struct sock *sk, int ...
> >>> {
> >>> char *csp = smk_of_current();
> >>> struct socket_smack *ssp;
> >>>
> >>> + if (check && sk->sk_security)
> >>> + return 0;
> >>> +
> >>>
> >>> ssp = kzalloc(sizeof(struct socket_smack), gfp_flags);
> >>> if (ssp == NULL)
> >>>
> >>> return -ENOMEM;
> >>
> >> In the case of Smack, when the kernel boolean is true I think the right
> >> solution is to use smack_net_ambient.
>
> I confess that my understanding of unicast is limited.
> If the intention is to send an unlabeled packet then
> indeed smack_net_ambient is the way to go.
Well, the intention isn't necessarily to send an unlabeled packet, although
that may be the end result.
In the case of a TCP reset the kernel/ambient label it is hard to argue that
the kernel/ambient label is not the correct solution; in this case there was
never an associated socket so the kernel itself needs to respond.
In the case of a TCP syn-recv and timewait ACK things are a little less clear.
Eric (Dumazet), it looks like we have a socket in tcp_v4_reqsk_send_ack() and
tcp_v4_timewait_ack(), any reason why we can't propagate the socket down to
ip_send_unicast_reply()?
--
paul moore
www.paul-moore.com
^ permalink raw reply [flat|nested] 47+ messages in thread
* Re: NULL pointer dereference in selinux_ip_postroute_compat
2012-08-09 13:30 ` Paul Moore
@ 2012-08-09 14:27 ` Eric Dumazet
2012-08-09 15:04 ` Paul Moore
2012-08-09 14:50 ` [PATCH] ipv4: tcp: security_sk_alloc() needed for unicast_sock Eric Dumazet
1 sibling, 1 reply; 47+ messages in thread
From: Eric Dumazet @ 2012-08-09 14:27 UTC (permalink / raw)
To: Paul Moore
Cc: Casey Schaufler, Eric Paris, John Stultz, Serge E. Hallyn, lkml,
James Morris, selinux, Eric Dumazet, john.johansen, LSM
On Thu, 2012-08-09 at 09:30 -0400, Paul Moore wrote:
> In the case of a TCP syn-recv and timewait ACK things are a little less clear.
> Eric (Dumazet), it looks like we have a socket in tcp_v4_reqsk_send_ack() and
> tcp_v4_timewait_ack(), any reason why we can't propagate the socket down to
> ip_send_unicast_reply()?
>
timewait 'sockets' are not full blown sockets.
We need a socket (well, a good part of it) to build the IP frame and
send it.
^ permalink raw reply [flat|nested] 47+ messages in thread
* [PATCH] ipv4: tcp: security_sk_alloc() needed for unicast_sock
2012-08-09 13:30 ` Paul Moore
2012-08-09 14:27 ` Eric Dumazet
@ 2012-08-09 14:50 ` Eric Dumazet
2012-08-09 15:07 ` Paul Moore
2012-08-09 20:06 ` Eric Paris
1 sibling, 2 replies; 47+ messages in thread
From: Eric Dumazet @ 2012-08-09 14:50 UTC (permalink / raw)
To: Paul Moore, David Miller
Cc: Casey Schaufler, Eric Paris, John Stultz, Serge E. Hallyn, lkml,
James Morris, selinux, john.johansen, LSM, netdev
From: Eric Dumazet <edumazet@google.com>
commit be9f4a44e7d41cee (ipv4: tcp: remove per net tcp_sock) added a
selinux regression, reported and bisected by John Stultz
selinux_ip_postroute_compat() expect to find a valid sk->sk_security
pointer, but this field is NULL for unicast_sock
Fix this by adding a new 'kernel' parameter to security_sk_alloc(),
set to true if socket might already have a valid sk->sk_security
pointer. ip_send_unicast_reply() uses a percpu fake socket, so the first
call to security_sk_alloc() will populate sk->sk_security pointer,
subsequent ones will reuse existing context.
Reported-by: John Stultz <johnstul@us.ibm.com>
Bisected-by: John Stultz <johnstul@us.ibm.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Paul Moore <paul@paul-moore.com>
Cc: Eric Paris <eparis@parisplace.org>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
---
include/linux/security.h | 6 +++---
net/core/sock.c | 2 +-
net/ipv4/ip_output.c | 4 +++-
security/security.c | 4 ++--
security/selinux/hooks.c | 5 ++++-
security/smack/smack_lsm.c | 10 ++++++++--
6 files changed, 21 insertions(+), 10 deletions(-)
diff --git a/include/linux/security.h b/include/linux/security.h
index 4e5a73c..4d8e454 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1601,7 +1601,7 @@ struct security_operations {
int (*socket_sock_rcv_skb) (struct sock *sk, struct sk_buff *skb);
int (*socket_getpeersec_stream) (struct socket *sock, char __user *optval, int __user *optlen, unsigned len);
int (*socket_getpeersec_dgram) (struct socket *sock, struct sk_buff *skb, u32 *secid);
- int (*sk_alloc_security) (struct sock *sk, int family, gfp_t priority);
+ int (*sk_alloc_security) (struct sock *sk, int family, gfp_t priority, bool kernel);
void (*sk_free_security) (struct sock *sk);
void (*sk_clone_security) (const struct sock *sk, struct sock *newsk);
void (*sk_getsecid) (struct sock *sk, u32 *secid);
@@ -2539,7 +2539,7 @@ int security_sock_rcv_skb(struct sock *sk, struct sk_buff *skb);
int security_socket_getpeersec_stream(struct socket *sock, char __user *optval,
int __user *optlen, unsigned len);
int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid);
-int security_sk_alloc(struct sock *sk, int family, gfp_t priority);
+int security_sk_alloc(struct sock *sk, int family, gfp_t priority, bool kernel);
void security_sk_free(struct sock *sk);
void security_sk_clone(const struct sock *sk, struct sock *newsk);
void security_sk_classify_flow(struct sock *sk, struct flowi *fl);
@@ -2667,7 +2667,7 @@ static inline int security_socket_getpeersec_dgram(struct socket *sock, struct s
return -ENOPROTOOPT;
}
-static inline int security_sk_alloc(struct sock *sk, int family, gfp_t priority)
+static inline int security_sk_alloc(struct sock *sk, int family, gfp_t priority, bool kernel)
{
return 0;
}
diff --git a/net/core/sock.c b/net/core/sock.c
index 8f67ced..e00cadf 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -1186,7 +1186,7 @@ static struct sock *sk_prot_alloc(struct proto *prot, gfp_t priority,
if (sk != NULL) {
kmemcheck_annotate_bitfield(sk, flags);
- if (security_sk_alloc(sk, family, priority))
+ if (security_sk_alloc(sk, family, priority, false))
goto out_free;
if (!try_module_get(prot->owner))
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index 76dde25..b233d6e 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -1524,6 +1524,8 @@ void ip_send_unicast_reply(struct net *net, struct sk_buff *skb, __be32 daddr,
sk->sk_priority = skb->priority;
sk->sk_protocol = ip_hdr(skb)->protocol;
sk->sk_bound_dev_if = arg->bound_dev_if;
+ if (security_sk_alloc(sk, PF_INET, GFP_ATOMIC, true))
+ goto out;
sock_net_set(sk, net);
__skb_queue_head_init(&sk->sk_write_queue);
sk->sk_sndbuf = sysctl_wmem_default;
@@ -1539,7 +1541,7 @@ void ip_send_unicast_reply(struct net *net, struct sk_buff *skb, __be32 daddr,
skb_set_queue_mapping(nskb, skb_get_queue_mapping(skb));
ip_push_pending_frames(sk, &fl4);
}
-
+out:
put_cpu_var(unicast_sock);
ip_rt_put(rt);
diff --git a/security/security.c b/security/security.c
index 860aeb3..23cf297 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1146,9 +1146,9 @@ int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u
}
EXPORT_SYMBOL(security_socket_getpeersec_dgram);
-int security_sk_alloc(struct sock *sk, int family, gfp_t priority)
+int security_sk_alloc(struct sock *sk, int family, gfp_t priority, bool kernel)
{
- return security_ops->sk_alloc_security(sk, family, priority);
+ return security_ops->sk_alloc_security(sk, family, priority, kernel);
}
void security_sk_free(struct sock *sk)
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 6c77f63..ccd4374 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -4289,10 +4289,13 @@ out:
return 0;
}
-static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority)
+static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority, bool kernel)
{
struct sk_security_struct *sksec;
+ if (kernel && sk->sk_security)
+ return 0;
+
sksec = kzalloc(sizeof(*sksec), priority);
if (!sksec)
return -ENOMEM;
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 8221514..0b066d0 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -1749,20 +1749,26 @@ static void smack_task_to_inode(struct task_struct *p, struct inode *inode)
* @sk: the socket
* @family: unused
* @gfp_flags: memory allocation flags
+ * @kernel: true if we should check sk_security being already set
*
* Assign Smack pointers to current
*
* Returns 0 on success, -ENOMEM is there's no memory
*/
-static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags)
+static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags, bool kernel)
{
- char *csp = smk_of_current();
+ char *csp;
struct socket_smack *ssp;
+ if (kernel && sk->sk_security)
+ return 0;
+
ssp = kzalloc(sizeof(struct socket_smack), gfp_flags);
if (ssp == NULL)
return -ENOMEM;
+ csp = kernel ? smack_net_ambient : smk_of_current();
+
ssp->smk_in = csp;
ssp->smk_out = csp;
ssp->smk_packet = NULL;
^ permalink raw reply related [flat|nested] 47+ messages in thread
* Re: NULL pointer dereference in selinux_ip_postroute_compat
2012-08-09 14:27 ` Eric Dumazet
@ 2012-08-09 15:04 ` Paul Moore
0 siblings, 0 replies; 47+ messages in thread
From: Paul Moore @ 2012-08-09 15:04 UTC (permalink / raw)
To: Eric Dumazet
Cc: Casey Schaufler, Eric Paris, John Stultz, Serge E. Hallyn, lkml,
James Morris, selinux, Eric Dumazet, john.johansen, LSM
On Thu, Aug 9, 2012 at 10:27 AM, Eric Dumazet <eric.dumazet@gmail.com> wrote:
> On Thu, 2012-08-09 at 09:30 -0400, Paul Moore wrote:
>
>> In the case of a TCP syn-recv and timewait ACK things are a little less clear.
>> Eric (Dumazet), it looks like we have a socket in tcp_v4_reqsk_send_ack() and
>> tcp_v4_timewait_ack(), any reason why we can't propagate the socket down to
>> ip_send_unicast_reply()?
>>
>
> timewait 'sockets' are not full blown sockets.
>
> We need a socket (well, a good part of it) to build the IP frame and
> send it.
Yes, of course you're right.
Ideally we need a better solution here from a LSM perspective, but I
don't think this should hold up the fix as the labeling was broken
even before the postroute_compat() code broke.
--
paul moore
www.paul-moore.com
^ permalink raw reply [flat|nested] 47+ messages in thread
* Re: [PATCH] ipv4: tcp: security_sk_alloc() needed for unicast_sock
2012-08-09 14:50 ` [PATCH] ipv4: tcp: security_sk_alloc() needed for unicast_sock Eric Dumazet
@ 2012-08-09 15:07 ` Paul Moore
2012-08-09 15:36 ` Eric Dumazet
2012-08-09 20:06 ` Eric Paris
1 sibling, 1 reply; 47+ messages in thread
From: Paul Moore @ 2012-08-09 15:07 UTC (permalink / raw)
To: Eric Dumazet
Cc: David Miller, Casey Schaufler, Eric Paris, John Stultz,
Serge E. Hallyn, lkml, James Morris, selinux, john.johansen, LSM,
netdev
On Thursday, August 09, 2012 04:50:33 PM Eric Dumazet wrote:
> From: Eric Dumazet <edumazet@google.com>
>
> commit be9f4a44e7d41cee (ipv4: tcp: remove per net tcp_sock) added a
> selinux regression, reported and bisected by John Stultz
>
> selinux_ip_postroute_compat() expect to find a valid sk->sk_security
> pointer, but this field is NULL for unicast_sock
>
> Fix this by adding a new 'kernel' parameter to security_sk_alloc(),
> set to true if socket might already have a valid sk->sk_security
> pointer. ip_send_unicast_reply() uses a percpu fake socket, so the first
> call to security_sk_alloc() will populate sk->sk_security pointer,
> subsequent ones will reuse existing context.
>
> Reported-by: John Stultz <johnstul@us.ibm.com>
> Bisected-by: John Stultz <johnstul@us.ibm.com>
> Signed-off-by: Eric Dumazet <edumazet@google.com>
> Cc: Paul Moore <paul@paul-moore.com>
> Cc: Eric Paris <eparis@parisplace.org>
> Cc: "Serge E. Hallyn" <serge@hallyn.com>
...
> diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
> index 76dde25..b233d6e 100644
> --- a/net/ipv4/ip_output.c
> +++ b/net/ipv4/ip_output.c
> @@ -1524,6 +1524,8 @@ void ip_send_unicast_reply(struct net *net, struct
> sk_buff *skb, __be32 daddr, sk->sk_priority = skb->priority;
> sk->sk_protocol = ip_hdr(skb)->protocol;
> sk->sk_bound_dev_if = arg->bound_dev_if;
> + if (security_sk_alloc(sk, PF_INET, GFP_ATOMIC, true))
> + goto out;
> sock_net_set(sk, net);
> __skb_queue_head_init(&sk->sk_write_queue);
> sk->sk_sndbuf = sysctl_wmem_default;
Is is possible to do the call to security_sk_alloc() in the ip_init() function
or does the per-cpu nature of the socket make this a pain?
--
paul moore
www.paul-moore.com
^ permalink raw reply [flat|nested] 47+ messages in thread
* Re: [PATCH] ipv4: tcp: security_sk_alloc() needed for unicast_sock
2012-08-09 15:07 ` Paul Moore
@ 2012-08-09 15:36 ` Eric Dumazet
2012-08-09 15:59 ` Paul Moore
2012-08-09 16:05 ` Eric Paris
0 siblings, 2 replies; 47+ messages in thread
From: Eric Dumazet @ 2012-08-09 15:36 UTC (permalink / raw)
To: Paul Moore
Cc: David Miller, Casey Schaufler, Eric Paris, John Stultz,
Serge E. Hallyn, lkml, James Morris, selinux, john.johansen, LSM,
netdev
On Thu, 2012-08-09 at 11:07 -0400, Paul Moore wrote:
> Is is possible to do the call to security_sk_alloc() in the ip_init() function
> or does the per-cpu nature of the socket make this a pain?
>
Its a pain, if we want NUMA affinity.
Here, each cpu should get memory from its closest node.
^ permalink raw reply [flat|nested] 47+ messages in thread
* Re: [PATCH] ipv4: tcp: security_sk_alloc() needed for unicast_sock
2012-08-09 15:36 ` Eric Dumazet
@ 2012-08-09 15:59 ` Paul Moore
2012-08-09 16:05 ` Eric Paris
1 sibling, 0 replies; 47+ messages in thread
From: Paul Moore @ 2012-08-09 15:59 UTC (permalink / raw)
To: Eric Dumazet
Cc: David Miller, Casey Schaufler, Eric Paris, John Stultz,
Serge E. Hallyn, lkml, James Morris, selinux, john.johansen, LSM,
netdev
On Thu, Aug 9, 2012 at 11:36 AM, Eric Dumazet <eric.dumazet@gmail.com> wrote:
> On Thu, 2012-08-09 at 11:07 -0400, Paul Moore wrote:
>
>> Is is possible to do the call to security_sk_alloc() in the ip_init() function
>> or does the per-cpu nature of the socket make this a pain?
>>
>
> Its a pain, if we want NUMA affinity.
>
> Here, each cpu should get memory from its closest node.
Okay, makes sense.
Acked-by: Paul Moore <paul@paul-moore.com>
--
paul moore
www.paul-moore.com
^ permalink raw reply [flat|nested] 47+ messages in thread
* Re: [PATCH] ipv4: tcp: security_sk_alloc() needed for unicast_sock
2012-08-09 15:36 ` Eric Dumazet
2012-08-09 15:59 ` Paul Moore
@ 2012-08-09 16:05 ` Eric Paris
2012-08-09 16:09 ` Paul Moore
2012-08-09 17:46 ` Eric Dumazet
1 sibling, 2 replies; 47+ messages in thread
From: Eric Paris @ 2012-08-09 16:05 UTC (permalink / raw)
To: Eric Dumazet
Cc: Paul Moore, David Miller, Casey Schaufler, John Stultz,
Serge E. Hallyn, lkml, James Morris, selinux, john.johansen, LSM,
netdev
On Thu, Aug 9, 2012 at 11:36 AM, Eric Dumazet <eric.dumazet@gmail.com> wrote:
> On Thu, 2012-08-09 at 11:07 -0400, Paul Moore wrote:
>
>> Is is possible to do the call to security_sk_alloc() in the ip_init() function
>> or does the per-cpu nature of the socket make this a pain?
>>
>
> Its a pain, if we want NUMA affinity.
>
> Here, each cpu should get memory from its closest node.
I really really don't like it. I won't say NAK, but it is the first
and only place in the kernel where I believe we allocate an object and
don't allocate the security blob until some random later point in
time. If it is such a performance issue to have the security blob in
the same numa node, isn't adding a number of branches and putting this
function call on every output at least as bad? Aren't we discouraged
from GFP_ATOMIC? In __init we can use GFP_KERNEL.
This still doesn't fix these sockets entirely. We now have the
security blob allocated, but it was never set to something useful.
Paul, are you looking into this? This is a bandaide, not a fix....
-Eric
^ permalink raw reply [flat|nested] 47+ messages in thread
* Re: [PATCH] ipv4: tcp: security_sk_alloc() needed for unicast_sock
2012-08-09 16:05 ` Eric Paris
@ 2012-08-09 16:09 ` Paul Moore
2012-08-09 17:46 ` Eric Dumazet
1 sibling, 0 replies; 47+ messages in thread
From: Paul Moore @ 2012-08-09 16:09 UTC (permalink / raw)
To: Eric Paris
Cc: Eric Dumazet, David Miller, Casey Schaufler, John Stultz,
Serge E. Hallyn, lkml, James Morris, selinux, john.johansen, LSM,
netdev
On Thu, Aug 9, 2012 at 12:05 PM, Eric Paris <eparis@parisplace.org> wrote:
> Paul, are you looking into this? This is a bandaide, not a fix....
Yep, I mentioned this a few times in the other thread. The problem is
there is not going to be an easy fix for the labeling so I'd rather we
see this patch, or something like it, go in now to resolve the kernel
panic, and fix the labeling later.
--
paul moore
www.paul-moore.com
^ permalink raw reply [flat|nested] 47+ messages in thread
* Re: [PATCH] ipv4: tcp: security_sk_alloc() needed for unicast_sock
2012-08-09 16:05 ` Eric Paris
2012-08-09 16:09 ` Paul Moore
@ 2012-08-09 17:46 ` Eric Dumazet
1 sibling, 0 replies; 47+ messages in thread
From: Eric Dumazet @ 2012-08-09 17:46 UTC (permalink / raw)
To: Eric Paris
Cc: Paul Moore, David Miller, Casey Schaufler, John Stultz,
Serge E. Hallyn, lkml, James Morris, selinux, john.johansen, LSM,
netdev
On Thu, 2012-08-09 at 12:05 -0400, Eric Paris wrote:
> On Thu, Aug 9, 2012 at 11:36 AM, Eric Dumazet <eric.dumazet@gmail.com> wrote:
> > On Thu, 2012-08-09 at 11:07 -0400, Paul Moore wrote:
> >
> >> Is is possible to do the call to security_sk_alloc() in the ip_init() function
> >> or does the per-cpu nature of the socket make this a pain?
> >>
> >
> > Its a pain, if we want NUMA affinity.
> >
> > Here, each cpu should get memory from its closest node.
>
> I really really don't like it. I won't say NAK, but it is the first
> and only place in the kernel where I believe we allocate an object and
> don't allocate the security blob until some random later point in
> time.
...
> If it is such a performance issue to have the security blob in
> the same numa node, isn't adding a number of branches and putting this
> function call on every output at least as bad? Aren't we discouraged
> from GFP_ATOMIC? In __init we can use GFP_KERNEL.
What a big deal. Its done _once_ time per cpu, and this is so small blob
of memory you'll have to show us one single failure out of one million
boots.
If the security_sk_alloc() fails, we dont care. We are about sending a
RESET or ACK packet. They can be lost by the network, or even skb
allocation can fail. Nobody ever noticed and complained.
Every time we accept() a new socket (and call security_sk_alloc()), its
done under soft irq, thus GFP_ATOMIC, and you didn't complain yet, while
a socket needs about 2 Kbytes of memory...
>
> This still doesn't fix these sockets entirely. We now have the
> security blob allocated, but it was never set to something useful.
> Paul, are you looking into this? This is a bandaide, not a fix....
>
Please do so, on a followup patch, dont pretend I must fix all this
stuff.
^ permalink raw reply [flat|nested] 47+ messages in thread
* Re: [PATCH] ipv4: tcp: security_sk_alloc() needed for unicast_sock
2012-08-09 14:50 ` [PATCH] ipv4: tcp: security_sk_alloc() needed for unicast_sock Eric Dumazet
2012-08-09 15:07 ` Paul Moore
@ 2012-08-09 20:06 ` Eric Paris
2012-08-09 20:19 ` Paul Moore
2012-08-09 21:29 ` Eric Dumazet
1 sibling, 2 replies; 47+ messages in thread
From: Eric Paris @ 2012-08-09 20:06 UTC (permalink / raw)
To: Eric Dumazet
Cc: Paul Moore, David Miller, Casey Schaufler, John Stultz,
Serge E. Hallyn, lkml, James Morris, selinux, john.johansen, LSM,
netdev
[-- Attachment #1: Type: text/plain, Size: 8961 bytes --]
NAK.
I personally think commit be9f4a44e7d41cee should be reverted until it
is fixed. Let me explain what all I believe it broke and how.
Old callchain of the creation of the 'equivalent' socket previous to
the patch in question just for reference:
inet_ctl_sock_create
sock_create_kern
__sock_create
pf->create (inet_create)
sk_alloc
sk_prot_alloc
security_sk_alloc()
This WAS working properly. All of it. The equivalent struct sock was
being created and allocated in inet_create(), which called to
sk_alloc->sk_prot_alloc->security_sk_alloc(). We all agree that
failing to call security_sk_alloc() is the first regression
introduced.
The second regression was the labeling issue. There was a call to
security_socket_post_create (from __sock_create) which was properly
setting the labels on both the socket and sock. This new patch broke
that as well. We don't expose an equivalent
security_sock_post_create() interface in the LSM currently, and until
we do, this can't be fixed. It's why I say it should be reverted.
I have a patch I'm testing right now which takes care of the first
part the way I like (and yes, I'm doing the allocation on the correct
number node). It basically looks like so:
+ for_each_possible_cpu(cpu) {
+ sock = &per_cpu(unicast_sock, cpu);
+ rc = security_sk_alloc(&sock->sk, PF_INET, GFP_KERNEL,
cpu_to_node(cpu));
+ if (rc)
+ return rc;
+ }
I'm going to work right now on exposing the equivalent struct sock LSM
interface so we can call that as well. But it's going to take me a
bit. Attached is the patch just to (hopefully untested) shut up the
panic.
-Eric
On Thu, Aug 9, 2012 at 10:50 AM, Eric Dumazet <eric.dumazet@gmail.com> wrote:
> From: Eric Dumazet <edumazet@google.com>
>
> commit be9f4a44e7d41cee (ipv4: tcp: remove per net tcp_sock) added a
> selinux regression, reported and bisected by John Stultz
>
> selinux_ip_postroute_compat() expect to find a valid sk->sk_security
> pointer, but this field is NULL for unicast_sock
>
> Fix this by adding a new 'kernel' parameter to security_sk_alloc(),
> set to true if socket might already have a valid sk->sk_security
> pointer. ip_send_unicast_reply() uses a percpu fake socket, so the first
> call to security_sk_alloc() will populate sk->sk_security pointer,
> subsequent ones will reuse existing context.
>
> Reported-by: John Stultz <johnstul@us.ibm.com>
> Bisected-by: John Stultz <johnstul@us.ibm.com>
> Signed-off-by: Eric Dumazet <edumazet@google.com>
> Cc: Paul Moore <paul@paul-moore.com>
> Cc: Eric Paris <eparis@parisplace.org>
> Cc: "Serge E. Hallyn" <serge@hallyn.com>
> ---
> include/linux/security.h | 6 +++---
> net/core/sock.c | 2 +-
> net/ipv4/ip_output.c | 4 +++-
> security/security.c | 4 ++--
> security/selinux/hooks.c | 5 ++++-
> security/smack/smack_lsm.c | 10 ++++++++--
> 6 files changed, 21 insertions(+), 10 deletions(-)
>
> diff --git a/include/linux/security.h b/include/linux/security.h
> index 4e5a73c..4d8e454 100644
> --- a/include/linux/security.h
> +++ b/include/linux/security.h
> @@ -1601,7 +1601,7 @@ struct security_operations {
> int (*socket_sock_rcv_skb) (struct sock *sk, struct sk_buff *skb);
> int (*socket_getpeersec_stream) (struct socket *sock, char __user *optval, int __user *optlen, unsigned len);
> int (*socket_getpeersec_dgram) (struct socket *sock, struct sk_buff *skb, u32 *secid);
> - int (*sk_alloc_security) (struct sock *sk, int family, gfp_t priority);
> + int (*sk_alloc_security) (struct sock *sk, int family, gfp_t priority, bool kernel);
> void (*sk_free_security) (struct sock *sk);
> void (*sk_clone_security) (const struct sock *sk, struct sock *newsk);
> void (*sk_getsecid) (struct sock *sk, u32 *secid);
> @@ -2539,7 +2539,7 @@ int security_sock_rcv_skb(struct sock *sk, struct sk_buff *skb);
> int security_socket_getpeersec_stream(struct socket *sock, char __user *optval,
> int __user *optlen, unsigned len);
> int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid);
> -int security_sk_alloc(struct sock *sk, int family, gfp_t priority);
> +int security_sk_alloc(struct sock *sk, int family, gfp_t priority, bool kernel);
> void security_sk_free(struct sock *sk);
> void security_sk_clone(const struct sock *sk, struct sock *newsk);
> void security_sk_classify_flow(struct sock *sk, struct flowi *fl);
> @@ -2667,7 +2667,7 @@ static inline int security_socket_getpeersec_dgram(struct socket *sock, struct s
> return -ENOPROTOOPT;
> }
>
> -static inline int security_sk_alloc(struct sock *sk, int family, gfp_t priority)
> +static inline int security_sk_alloc(struct sock *sk, int family, gfp_t priority, bool kernel)
> {
> return 0;
> }
> diff --git a/net/core/sock.c b/net/core/sock.c
> index 8f67ced..e00cadf 100644
> --- a/net/core/sock.c
> +++ b/net/core/sock.c
> @@ -1186,7 +1186,7 @@ static struct sock *sk_prot_alloc(struct proto *prot, gfp_t priority,
> if (sk != NULL) {
> kmemcheck_annotate_bitfield(sk, flags);
>
> - if (security_sk_alloc(sk, family, priority))
> + if (security_sk_alloc(sk, family, priority, false))
> goto out_free;
>
> if (!try_module_get(prot->owner))
> diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
> index 76dde25..b233d6e 100644
> --- a/net/ipv4/ip_output.c
> +++ b/net/ipv4/ip_output.c
> @@ -1524,6 +1524,8 @@ void ip_send_unicast_reply(struct net *net, struct sk_buff *skb, __be32 daddr,
> sk->sk_priority = skb->priority;
> sk->sk_protocol = ip_hdr(skb)->protocol;
> sk->sk_bound_dev_if = arg->bound_dev_if;
> + if (security_sk_alloc(sk, PF_INET, GFP_ATOMIC, true))
> + goto out;
> sock_net_set(sk, net);
> __skb_queue_head_init(&sk->sk_write_queue);
> sk->sk_sndbuf = sysctl_wmem_default;
> @@ -1539,7 +1541,7 @@ void ip_send_unicast_reply(struct net *net, struct sk_buff *skb, __be32 daddr,
> skb_set_queue_mapping(nskb, skb_get_queue_mapping(skb));
> ip_push_pending_frames(sk, &fl4);
> }
> -
> +out:
> put_cpu_var(unicast_sock);
>
> ip_rt_put(rt);
> diff --git a/security/security.c b/security/security.c
> index 860aeb3..23cf297 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -1146,9 +1146,9 @@ int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u
> }
> EXPORT_SYMBOL(security_socket_getpeersec_dgram);
>
> -int security_sk_alloc(struct sock *sk, int family, gfp_t priority)
> +int security_sk_alloc(struct sock *sk, int family, gfp_t priority, bool kernel)
> {
> - return security_ops->sk_alloc_security(sk, family, priority);
> + return security_ops->sk_alloc_security(sk, family, priority, kernel);
> }
>
> void security_sk_free(struct sock *sk)
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index 6c77f63..ccd4374 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -4289,10 +4289,13 @@ out:
> return 0;
> }
>
> -static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority)
> +static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority, bool kernel)
> {
> struct sk_security_struct *sksec;
>
> + if (kernel && sk->sk_security)
> + return 0;
> +
> sksec = kzalloc(sizeof(*sksec), priority);
> if (!sksec)
> return -ENOMEM;
> diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
> index 8221514..0b066d0 100644
> --- a/security/smack/smack_lsm.c
> +++ b/security/smack/smack_lsm.c
> @@ -1749,20 +1749,26 @@ static void smack_task_to_inode(struct task_struct *p, struct inode *inode)
> * @sk: the socket
> * @family: unused
> * @gfp_flags: memory allocation flags
> + * @kernel: true if we should check sk_security being already set
> *
> * Assign Smack pointers to current
> *
> * Returns 0 on success, -ENOMEM is there's no memory
> */
> -static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags)
> +static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags, bool kernel)
> {
> - char *csp = smk_of_current();
> + char *csp;
> struct socket_smack *ssp;
>
> + if (kernel && sk->sk_security)
> + return 0;
> +
> ssp = kzalloc(sizeof(struct socket_smack), gfp_flags);
> if (ssp == NULL)
> return -ENOMEM;
>
> + csp = kernel ? smack_net_ambient : smk_of_current();
> +
> ssp->smk_in = csp;
> ssp->smk_out = csp;
> ssp->smk_packet = NULL;
>
>
[-- Attachment #2: tmp.patch --]
[-- Type: application/octet-stream, Size: 12667 bytes --]
commit feaf4fe8a8e4509540286899d02cd88f09c0d343
Author: Eric Paris <eparis@redhat.com>
Date: Thu Aug 9 14:08:12 2012 -0400
Network/Security: allocate security data when we allocate unicast sockets
commit be9f4a44e7d41cee (ipv4: tcp: remove per net tcp_sock) added a
regression because it did not properly initialize the new per cpu sockets.
This was reported and bisected by John Stultz:
[ 69.272927] BUG: unable to handle kernel NULL pointer dereference at 0000000000000010
[ 69.273374] IP: [<ffffffff8132e7c4>] selinux_ip_postroute_compat+0xa4/0xe0
[ 69.273374] PGD 3a85b067 PUD 3f50b067 PMD 0
[ 69.273374] Oops: 0000 [#1] PREEMPT SMP
[ 69.273374] CPU 3
[ 69.273374] Pid: 2392, comm: hwclock Not tainted 3.6.0-rc1john+ #106 Bochs Bochs
[ 69.273374] RIP: 0010:[<ffffffff8132e7c4>] [<ffffffff8132e7c4>] selinux_ip_postroute_compat+0xa4/0xe0
[ 69.273374] RSP: 0018:ffff88003f003720 EFLAGS: 00010246
[ 69.273374] RAX: 0000000000000000 RBX: ffff88003f5fa9d8 RCX: 0000000000000006
[ 69.273374] RDX: ffff88003f003740 RSI: ffff88003c6b256c RDI: ffff88003f5fa9d8
[ OK ]
[ 69.273374] RBP: ffff88003f0037a0 R08: 0000000000000000 R09: ffff88003f1d0cc0
[ 69.273374] R10: 0000000000000003 R11: 0000000000000000 R12: 0000000000000000
[ 69.273374] R13: 0000000000000002 R14: ffff88003f0037c0 R15: 0000000000000004
[ 69.273374] FS: 00007fa398211700(0000) GS:ffff88003f000000(0000) knlGS:0000000000000000
[ 69.273374] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 69.273374] CR2: 0000000000000010 CR3: 000000003b52a000 CR4: 00000000000006e0
[ 69.273374] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 69.273374] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 69.273374] Process hwclock (pid: 2392, threadinfo ffff88003a0ee000, task ffff88003fa82b80)
[ 69.273374] Stack:
[ 69.273374] ffff88003c6b2558 0000000000000006 0000000000000000 0000160067d70002
[ 69.273374] 0f02000a0202000a 0000000000000000 0000000000000000 0000000000000000
[ 69.273374] ffff88003f003802 ffff88003f003728 ffff88003f1d42d0 ffff88003d6c3560
[ 69.273374] Call Trace:
[ 69.273374] <IRQ>
[ 69.273374] [<ffffffff8132eaab>] selinux_ip_postroute+0x2ab/0x3e0
[ 69.273374] [<ffffffff8132ec1c>] selinux_ipv4_postroute+0x1c/0x20
[ 69.273374] [<ffffffff8198265c>] nf_iterate+0xac/0x140
[ 69.273374] [<ffffffff819827a5>] nf_hook_slow+0xb5/0x210
[ 69.273374] [<ffffffff8199cbba>] ip_output+0xaa/0x150
[ 69.273374] [<ffffffff8199a9af>] ip_local_out+0x7f/0x110
[ 69.273374] [<ffffffff8199d82e>] ip_send_skb+0xe/0x40
[ 69.273374] [<ffffffff8199d88b>] ip_push_pending_frames+0x2b/0x30
[ 69.273374] [<ffffffff8199dc97>] ip_send_unicast_reply+0x2c7/0x3c0
[ 69.273374] [<ffffffff819bb215>] tcp_v4_send_reset+0x1f5/0x3f0
[ 69.273374] [<ffffffff819bf04b>] tcp_v4_rcv+0x2bb/0x1080
[ 69.273374] [<ffffffff81994d73>] ip_local_deliver_finish+0x133/0x4d0
[ 69.273374] [<ffffffff819953e0>] ip_local_deliver+0x90/0xa0
[ 69.273374] [<ffffffff819945b2>] ip_rcv_finish+0x262/0x8f0
[ 69.273374] [<ffffffff81995742>] ip_rcv+0x352/0x3a0
[ 69.323844] [<ffffffff81925244>] __netif_receive_skb+0xcb4/0x10e0
[ 69.323844] [<ffffffff8192ba5d>] netif_receive_skb+0x18d/0x230
[ 69.323844] [<ffffffff81746abc>] virtnet_poll+0x58c/0x7b0
[ 69.323844] [<ffffffff8192cf59>] net_rx_action+0x289/0x550
[ 69.323844] [<ffffffff8105846a>] __do_softirq+0x1da/0x560
[ 69.323844] [<ffffffff81b5c2bc>] call_softirq+0x1c/0x30
[ 69.323844] [<ffffffff81004d75>] do_softirq+0x105/0x1e0
[ 69.323844] [<ffffffff81058bbe>] irq_exit+0x9e/0x100
[ 69.323844] [<ffffffff81b5c9d3>] do_IRQ+0x63/0xd0
[ 69.323844] [<ffffffff81b5a56f>] common_interrupt+0x6f/0x6f
[ 69.323844] <EOI>
[ 69.323844] [<ffffffff810993ad>] __might_sleep+0x1cd/0x280
[ 69.323844] [<ffffffff81160e74>] might_fault+0x34/0xb0
[ 69.323844] [<ffffffff8105657e>] sys_gettimeofday+0xbe/0xf0
[ 69.323844] [<ffffffff81b5afe9>] system_call_fastpath+0x16/0x1b
[ 69.323844] Code: c0 45 31 c9 b1 01 ba 2a 00 00 00 e8 a7 89 ff ff 85 c0 b9 00 00 6f 00 74 0e 48 83 c4 70 89 c8 5b 41 5c 5d c3 0f 1f 00 0f b6 4d ef <41> 8b 7c 24 10 48 8d 55 c0 48 89 de e8 ab 6d 01 00 83 f8 01 19
[ 69.323844] RIP [<ffffffff8132e7c4>] selinux_ip_postroute_compat+0xa4/0xe0
[ 69.323844] RSP <ffff88003f003720>
[ 69.323844] CR2: 0000000000000010
[ 69.357489] ---[ end trace 0cd3e1a60dee6096 ]---
[ 69.358353] Kernel panic - not syncing: Fatal exception in interrupt
The reason for the regresion is because of how the new sock is created. The
old socket was created using inet_ctl_sock_create() which uses all generic
functions to establish the struct socket, struct sock, and do all of the
allocation and initialization of the socket and its appropriate security data.
aka:
inet_ctl_sock_create
sock_create_kern
__sock_create
pf->create (inet_create)
sk_alloc
sk_prot_alloc
sec_sk_alloc()
These new per_cpu skip all of that initialization and instead try to do it by
hand. Doing it by hand causes a second regression. The __sock_create()
function calls security_socket_post_create() which initializes the securty
state on both the socket and the sock. However here we don't set up the
security structure. I'd like to use security_socket_post_create() but it needs
the socket and in this case we skipped straight to the struct sock. Looks like
this custom hackary is going to require a second patch which exposes the inards
of security_socket_post_create() as security_sock_post_create() so we can do
the labeling of this created this way. But at least this one won't panic the
kernel.
Reported-by: John Stultz <johnstul@us.ibm.com>
Bisected-by: John Stultz <johnstul@us.ibm.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Paul Moore <paul@paul-moore.com>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
diff --git a/include/linux/security.h b/include/linux/security.h
index 4e5a73c..1e0c5a7 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1601,7 +1601,7 @@ struct security_operations {
int (*socket_sock_rcv_skb) (struct sock *sk, struct sk_buff *skb);
int (*socket_getpeersec_stream) (struct socket *sock, char __user *optval, int __user *optlen, unsigned len);
int (*socket_getpeersec_dgram) (struct socket *sock, struct sk_buff *skb, u32 *secid);
- int (*sk_alloc_security) (struct sock *sk, int family, gfp_t priority);
+ int (*sk_alloc_security) (struct sock *sk, int family, gfp_t priority, int numa_node);
void (*sk_free_security) (struct sock *sk);
void (*sk_clone_security) (const struct sock *sk, struct sock *newsk);
void (*sk_getsecid) (struct sock *sk, u32 *secid);
@@ -2539,7 +2539,7 @@ int security_sock_rcv_skb(struct sock *sk, struct sk_buff *skb);
int security_socket_getpeersec_stream(struct socket *sock, char __user *optval,
int __user *optlen, unsigned len);
int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid);
-int security_sk_alloc(struct sock *sk, int family, gfp_t priority);
+int security_sk_alloc(struct sock *sk, int family, gfp_t priority, int numa_node);
void security_sk_free(struct sock *sk);
void security_sk_clone(const struct sock *sk, struct sock *newsk);
void security_sk_classify_flow(struct sock *sk, struct flowi *fl);
@@ -2667,7 +2667,7 @@ static inline int security_socket_getpeersec_dgram(struct socket *sock, struct s
return -ENOPROTOOPT;
}
-static inline int security_sk_alloc(struct sock *sk, int family, gfp_t priority)
+static inline int security_sk_alloc(struct sock *sk, int family, gfp_t priority, int numa_node)
{
return 0;
}
diff --git a/include/net/ip.h b/include/net/ip.h
index bd5e444..340905d 100644
--- a/include/net/ip.h
+++ b/include/net/ip.h
@@ -105,7 +105,7 @@ extern void ip_send_check(struct iphdr *ip);
extern int __ip_local_out(struct sk_buff *skb);
extern int ip_local_out(struct sk_buff *skb);
extern int ip_queue_xmit(struct sk_buff *skb, struct flowi *fl);
-extern void ip_init(void);
+extern int ip_init(void);
extern int ip_append_data(struct sock *sk, struct flowi4 *fl4,
int getfrag(void *from, char *to, int offset, int len,
int odd, struct sk_buff *skb),
diff --git a/net/core/sock.c b/net/core/sock.c
index 8f67ced8..2cab455 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -1186,7 +1186,7 @@ static struct sock *sk_prot_alloc(struct proto *prot, gfp_t priority,
if (sk != NULL) {
kmemcheck_annotate_bitfield(sk, flags);
- if (security_sk_alloc(sk, family, priority))
+ if (security_sk_alloc(sk, family, priority, numa_node_id()))
goto out_free;
if (!try_module_get(prot->owner))
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index 6681ccf..3f79f37 100644
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -1720,7 +1720,8 @@ static int __init inet_init(void)
* Set the IP module up
*/
- ip_init();
+ if (ip_init() < 0)
+ panic("Failed to initialize ip.\n");
tcp_v4_init();
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index 76dde25..4a775b3 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -1545,12 +1545,23 @@ void ip_send_unicast_reply(struct net *net, struct sk_buff *skb, __be32 daddr,
ip_rt_put(rt);
}
-void __init ip_init(void)
+int __init ip_init(void)
{
+ struct inet_sock *sock;
+ int rc, cpu;
+
ip_rt_init();
inet_initpeers();
#if defined(CONFIG_IP_MULTICAST) && defined(CONFIG_PROC_FS)
igmp_mc_proc_init();
#endif
+
+ for_each_possible_cpu(cpu) {
+ sock = &per_cpu(unicast_sock, cpu);
+ rc = security_sk_alloc(&sock->sk, PF_INET, GFP_KERNEL, cpu_to_node(cpu));
+ if (rc)
+ return rc;
+ }
+ return 0;
}
diff --git a/security/capability.c b/security/capability.c
index 61095df..0525d28 100644
--- a/security/capability.c
+++ b/security/capability.c
@@ -650,7 +650,7 @@ static int cap_socket_getpeersec_dgram(struct socket *sock,
return -ENOPROTOOPT;
}
-static int cap_sk_alloc_security(struct sock *sk, int family, gfp_t priority)
+static int cap_sk_alloc_security(struct sock *sk, int family, gfp_t priority, int numa_node)
{
return 0;
}
diff --git a/security/security.c b/security/security.c
index 860aeb3..02a7f76 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1146,9 +1146,9 @@ int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u
}
EXPORT_SYMBOL(security_socket_getpeersec_dgram);
-int security_sk_alloc(struct sock *sk, int family, gfp_t priority)
+int security_sk_alloc(struct sock *sk, int family, gfp_t priority, int numa_node)
{
- return security_ops->sk_alloc_security(sk, family, priority);
+ return security_ops->sk_alloc_security(sk, family, priority, numa_node);
}
void security_sk_free(struct sock *sk)
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 6c77f63..bdcfd0c 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -4289,11 +4289,12 @@ out:
return 0;
}
-static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority)
+static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority,
+ int numa_node)
{
struct sk_security_struct *sksec;
- sksec = kzalloc(sizeof(*sksec), priority);
+ sksec = kmalloc_node(sizeof(*sksec), priority | __GFP_ZERO, numa_node);
if (!sksec)
return -ENOMEM;
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 8221514..b43ae5d 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -1754,12 +1754,14 @@ static void smack_task_to_inode(struct task_struct *p, struct inode *inode)
*
* Returns 0 on success, -ENOMEM is there's no memory
*/
-static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags)
+static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags,
+ int numa_node)
{
char *csp = smk_of_current();
struct socket_smack *ssp;
- ssp = kzalloc(sizeof(struct socket_smack), gfp_flags);
+ ssp = kmalloc_node(sizeof(struct socket_smack), gfp_flags | __GFP_ZERO,
+ numa_node);
if (ssp == NULL)
return -ENOMEM;
^ permalink raw reply related [flat|nested] 47+ messages in thread
* Re: [PATCH] ipv4: tcp: security_sk_alloc() needed for unicast_sock
2012-08-09 20:06 ` Eric Paris
@ 2012-08-09 20:19 ` Paul Moore
2012-08-09 21:29 ` Eric Dumazet
1 sibling, 0 replies; 47+ messages in thread
From: Paul Moore @ 2012-08-09 20:19 UTC (permalink / raw)
To: Eric Paris
Cc: Eric Dumazet, David Miller, Casey Schaufler, John Stultz,
Serge E. Hallyn, lkml, James Morris, selinux, john.johansen, LSM,
netdev
On Thu, Aug 9, 2012 at 4:06 PM, Eric Paris <eparis@parisplace.org> wrote:
> I'm going to work right now on exposing the equivalent struct sock LSM
> interface so we can call that as well. But it's going to take me a
> bit.
Before you go too far down this path, can you elaborate on what
exactly you mean by the above?
I'm asking because I'm not convinced the labeling, either the old way
or the new way, was 100% correct and I think we're going to need to
change things regardless. I'm just not sure what the right solution
is just yet.
--
paul moore
www.paul-moore.com
^ permalink raw reply [flat|nested] 47+ messages in thread
* Re: [PATCH] ipv4: tcp: security_sk_alloc() needed for unicast_sock
2012-08-09 20:06 ` Eric Paris
2012-08-09 20:19 ` Paul Moore
@ 2012-08-09 21:29 ` Eric Dumazet
2012-08-09 21:53 ` Casey Schaufler
2012-08-09 23:38 ` David Miller
1 sibling, 2 replies; 47+ messages in thread
From: Eric Dumazet @ 2012-08-09 21:29 UTC (permalink / raw)
To: Eric Paris
Cc: Paul Moore, David Miller, Casey Schaufler, John Stultz,
Serge E. Hallyn, lkml, James Morris, selinux, john.johansen, LSM,
netdev
On Thu, 2012-08-09 at 16:06 -0400, Eric Paris wrote:
> NAK.
>
> I personally think commit be9f4a44e7d41cee should be reverted until it
> is fixed. Let me explain what all I believe it broke and how.
>
Suggesting to revert this commit while we have known working fixes is a
bit of strange reaction.
I understand you are upset, but I believe we tried to fix it.
> Old callchain of the creation of the 'equivalent' socket previous to
> the patch in question just for reference:
>
> inet_ctl_sock_create
> sock_create_kern
> __sock_create
> pf->create (inet_create)
> sk_alloc
> sk_prot_alloc
> security_sk_alloc()
>
>
> This WAS working properly. All of it.
Nobody denies it. But acknowledge my patch uncovered a fundamental
issue.
What kind of 'security module' can decide to let RST packets being sent
or not, on a global scale ? (one socket for the whole machine)
smack_sk_alloc_security() uses smk_of_current() : What can be the
meaning of smk_of_current() in the context of 'kernel' sockets...
Your patch tries to maintain this status quo.
In fact I suggest the following one liner patch, unless you can really
demonstrate what can be the meaning of providing a fake socket for these
packets.
This mess only happened because ip_append_data()/ip_push_pending_frames()
are so complex and use an underlying socket.
But this socket should not be ever used outside of its scope.
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index 76dde25..ec410e0 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -1536,6 +1536,7 @@ void ip_send_unicast_reply(struct net *net, struct sk_buff *skb, __be32 daddr,
arg->csumoffset) = csum_fold(csum_add(nskb->csum,
arg->csum));
nskb->ip_summed = CHECKSUM_NONE;
+ skb_orphan(nskb);
skb_set_queue_mapping(nskb, skb_get_queue_mapping(skb));
ip_push_pending_frames(sk, &fl4);
}
^ permalink raw reply related [flat|nested] 47+ messages in thread
* Re: [PATCH] ipv4: tcp: security_sk_alloc() needed for unicast_sock
2012-08-09 21:29 ` Eric Dumazet
@ 2012-08-09 21:53 ` Casey Schaufler
2012-08-09 22:05 ` Eric Dumazet
2012-08-09 23:38 ` David Miller
1 sibling, 1 reply; 47+ messages in thread
From: Casey Schaufler @ 2012-08-09 21:53 UTC (permalink / raw)
To: Eric Dumazet
Cc: Eric Paris, Paul Moore, David Miller, John Stultz,
Serge E. Hallyn, lkml, James Morris, selinux, john.johansen, LSM,
netdev, Casey Schaufler
On 8/9/2012 2:29 PM, Eric Dumazet wrote:
> On Thu, 2012-08-09 at 16:06 -0400, Eric Paris wrote:
>> NAK.
>>
>> I personally think commit be9f4a44e7d41cee should be reverted until it
>> is fixed. Let me explain what all I believe it broke and how.
>>
> Suggesting to revert this commit while we have known working fixes is a
> bit of strange reaction.
A couple of potential short term workarounds have been identified,
but no one is happy with them for the long term. That does not
qualify as a "working fix" in engineering terms.
> I understand you are upset, but I believe we tried to fix it.
>
>> Old callchain of the creation of the 'equivalent' socket previous to
>> the patch in question just for reference:
>>
>> inet_ctl_sock_create
>> sock_create_kern
>> __sock_create
>> pf->create (inet_create)
>> sk_alloc
>> sk_prot_alloc
>> security_sk_alloc()
>>
>>
>> This WAS working properly. All of it.
> Nobody denies it. But acknowledge my patch uncovered a fundamental
> issue.
>
> What kind of 'security module' can decide to let RST packets being sent
> or not, on a global scale ? (one socket for the whole machine)
The short answer is "any security module that wants to".
And before we go any further, I'm a little surprised that
SELinux doesn't do this already.
>
> smack_sk_alloc_security() uses smk_of_current() : What can be the
> meaning of smk_of_current() in the context of 'kernel' sockets...
Yes, and all of it's callers - to date - have had an appropriate
value of current. It is using the API in the way it is supposed to.
It is assuming a properly formed socket. You want to give it a
cobbled together partial socket structure without task context.
Your predecessor did not have this problem.
>
> Your patch tries to maintain this status quo.
>
> In fact I suggest the following one liner patch, unless you can really
> demonstrate what can be the meaning of providing a fake socket for these
> packets.
>
> This mess only happened because ip_append_data()/ip_push_pending_frames()
> are so complex and use an underlying socket.
>
> But this socket should not be ever used outside of its scope.
>
> diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
> index 76dde25..ec410e0 100644
> --- a/net/ipv4/ip_output.c
> +++ b/net/ipv4/ip_output.c
> @@ -1536,6 +1536,7 @@ void ip_send_unicast_reply(struct net *net, struct sk_buff *skb, __be32 daddr,
> arg->csumoffset) = csum_fold(csum_add(nskb->csum,
> arg->csum));
> nskb->ip_summed = CHECKSUM_NONE;
> + skb_orphan(nskb);
> skb_set_queue_mapping(nskb, skb_get_queue_mapping(skb));
> ip_push_pending_frames(sk, &fl4);
> }
>
>
>
^ permalink raw reply [flat|nested] 47+ messages in thread
* Re: [PATCH] ipv4: tcp: security_sk_alloc() needed for unicast_sock
2012-08-09 21:53 ` Casey Schaufler
@ 2012-08-09 22:05 ` Eric Dumazet
2012-08-09 22:26 ` Casey Schaufler
0 siblings, 1 reply; 47+ messages in thread
From: Eric Dumazet @ 2012-08-09 22:05 UTC (permalink / raw)
To: Casey Schaufler
Cc: Eric Paris, Paul Moore, David Miller, John Stultz,
Serge E. Hallyn, lkml, James Morris, selinux, john.johansen, LSM,
netdev
On Thu, 2012-08-09 at 14:53 -0700, Casey Schaufler wrote:
> On 8/9/2012 2:29 PM, Eric Dumazet wrote:
> > smack_sk_alloc_security() uses smk_of_current() : What can be the
> > meaning of smk_of_current() in the context of 'kernel' sockets...
>
> Yes, and all of it's callers - to date - have had an appropriate
> value of current. It is using the API in the way it is supposed to.
> It is assuming a properly formed socket. You want to give it a
> cobbled together partial socket structure without task context.
> Your predecessor did not have this problem.
My predecessor ? You mean before the patch ?
tcp socket was preallocated by at kernel boot time.
What is the 'user' owning this socket ?
You guys focus on an implementation detail of TCP stack.
You should never use this fake socket.
I repeat : There are no true socket for these control packets.
If you want them, then you'll have to add fields in timewait socket.
I can decide to rewrite the whole thing just building a TCP packet on
its own, and send it without any fake socket.
Some guy 15 years ago tried to reuse some high level functions, able to
build super packets and use sophisticated tricks, while we only want so
send a 40 or 60 bytes packet.
^ permalink raw reply [flat|nested] 47+ messages in thread
* Re: [PATCH] ipv4: tcp: security_sk_alloc() needed for unicast_sock
2012-08-09 22:05 ` Eric Dumazet
@ 2012-08-09 22:26 ` Casey Schaufler
0 siblings, 0 replies; 47+ messages in thread
From: Casey Schaufler @ 2012-08-09 22:26 UTC (permalink / raw)
To: Eric Dumazet
Cc: Eric Paris, Paul Moore, David Miller, John Stultz,
Serge E. Hallyn, lkml, James Morris, selinux, john.johansen, LSM,
netdev, Casey Schaufler
On 8/9/2012 3:05 PM, Eric Dumazet wrote:
> On Thu, 2012-08-09 at 14:53 -0700, Casey Schaufler wrote:
>> On 8/9/2012 2:29 PM, Eric Dumazet wrote:
>>> smack_sk_alloc_security() uses smk_of_current() : What can be the
>>> meaning of smk_of_current() in the context of 'kernel' sockets...
>> Yes, and all of it's callers - to date - have had an appropriate
>> value of current. It is using the API in the way it is supposed to.
>> It is assuming a properly formed socket. You want to give it a
>> cobbled together partial socket structure without task context.
>> Your predecessor did not have this problem.
> My predecessor ? You mean before the patch ?
>
> tcp socket was preallocated by at kernel boot time.
>
> What is the 'user' owning this socket ?
>
> You guys focus on an implementation detail of TCP stack.
> You should never use this fake socket.
>
> I repeat : There are no true socket for these control packets.
>
> If you want them, then you'll have to add fields in timewait socket.
>
> I can decide to rewrite the whole thing just building a TCP packet on
> its own, and send it without any fake socket.
>
> Some guy 15 years ago tried to reuse some high level functions, able to
> build super packets and use sophisticated tricks, while we only want so
> send a 40 or 60 bytes packet.
OK, fine. You have an optimization. I'm good with that. Just don't
expect that the entire software stack you are taking advantage of
is going to change to accommodate your special case.
^ permalink raw reply [flat|nested] 47+ messages in thread
* Re: [PATCH] ipv4: tcp: security_sk_alloc() needed for unicast_sock
2012-08-09 21:29 ` Eric Dumazet
2012-08-09 21:53 ` Casey Schaufler
@ 2012-08-09 23:38 ` David Miller
2012-08-09 23:56 ` [PATCH] ipv4: tcp: unicast_sock should not land outside of TCP stack Eric Dumazet
1 sibling, 1 reply; 47+ messages in thread
From: David Miller @ 2012-08-09 23:38 UTC (permalink / raw)
To: eric.dumazet
Cc: eparis, paul, casey, johnstul, serge, linux-kernel,
james.l.morris, selinux, john.johansen, linux-security-module,
netdev
From: Eric Dumazet <eric.dumazet@gmail.com>
Date: Thu, 09 Aug 2012 23:29:03 +0200
> diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
> index 76dde25..ec410e0 100644
> --- a/net/ipv4/ip_output.c
> +++ b/net/ipv4/ip_output.c
> @@ -1536,6 +1536,7 @@ void ip_send_unicast_reply(struct net *net, struct sk_buff *skb, __be32 daddr,
> arg->csumoffset) = csum_fold(csum_add(nskb->csum,
> arg->csum));
> nskb->ip_summed = CHECKSUM_NONE;
> + skb_orphan(nskb);
> skb_set_queue_mapping(nskb, skb_get_queue_mapping(skb));
> ip_push_pending_frames(sk, &fl4);
> }
>
This is definitely the best fix, please submit this formally.
^ permalink raw reply [flat|nested] 47+ messages in thread
* [PATCH] ipv4: tcp: unicast_sock should not land outside of TCP stack
2012-08-09 23:38 ` David Miller
@ 2012-08-09 23:56 ` Eric Dumazet
2012-08-10 4:05 ` David Miller
0 siblings, 1 reply; 47+ messages in thread
From: Eric Dumazet @ 2012-08-09 23:56 UTC (permalink / raw)
To: David Miller
Cc: eparis, paul, casey, johnstul, serge, linux-kernel,
james.l.morris, selinux, john.johansen, linux-security-module,
netdev
From: Eric Dumazet <edumazet@google.com>
commit be9f4a44e7d41cee (ipv4: tcp: remove per net tcp_sock) added a
selinux regression, reported and bisected by John Stultz
selinux_ip_postroute_compat() expect to find a valid sk->sk_security
pointer, but this field is NULL for unicast_sock
It turns out that unicast_sock are really temporary stuff to be able
to reuse part of IP stack (ip_append_data()/ip_push_pending_frames())
Fact is that frames sent by ip_send_unicast_reply() should be orphaned
to not fool LSM.
Note IPv6 never had this problem, as tcp_v6_send_response() doesnt use a
fake socket at all. I'll probably implement tcp_v4_send_response() to
remove these unicast_sock in linux-3.7
Reported-by: John Stultz <johnstul@us.ibm.com>
Bisected-by: John Stultz <johnstul@us.ibm.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Paul Moore <paul@paul-moore.com>
Cc: Eric Paris <eparis@parisplace.org>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
---
net/ipv4/ip_output.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index 76dde25..ec410e0 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -1536,6 +1536,7 @@ void ip_send_unicast_reply(struct net *net, struct sk_buff *skb, __be32 daddr,
arg->csumoffset) = csum_fold(csum_add(nskb->csum,
arg->csum));
nskb->ip_summed = CHECKSUM_NONE;
+ skb_orphan(nskb);
skb_set_queue_mapping(nskb, skb_get_queue_mapping(skb));
ip_push_pending_frames(sk, &fl4);
}
^ permalink raw reply related [flat|nested] 47+ messages in thread
* Re: [PATCH] ipv4: tcp: unicast_sock should not land outside of TCP stack
2012-08-09 23:56 ` [PATCH] ipv4: tcp: unicast_sock should not land outside of TCP stack Eric Dumazet
@ 2012-08-10 4:05 ` David Miller
0 siblings, 0 replies; 47+ messages in thread
From: David Miller @ 2012-08-10 4:05 UTC (permalink / raw)
To: eric.dumazet
Cc: eparis, paul, casey, johnstul, serge, linux-kernel,
james.l.morris, selinux, john.johansen, linux-security-module,
netdev
From: Eric Dumazet <eric.dumazet@gmail.com>
Date: Fri, 10 Aug 2012 01:56:06 +0200
> From: Eric Dumazet <edumazet@google.com>
>
> commit be9f4a44e7d41cee (ipv4: tcp: remove per net tcp_sock) added a
> selinux regression, reported and bisected by John Stultz
>
> selinux_ip_postroute_compat() expect to find a valid sk->sk_security
> pointer, but this field is NULL for unicast_sock
>
> It turns out that unicast_sock are really temporary stuff to be able
> to reuse part of IP stack (ip_append_data()/ip_push_pending_frames())
>
> Fact is that frames sent by ip_send_unicast_reply() should be orphaned
> to not fool LSM.
>
> Note IPv6 never had this problem, as tcp_v6_send_response() doesnt use a
> fake socket at all. I'll probably implement tcp_v4_send_response() to
> remove these unicast_sock in linux-3.7
>
> Reported-by: John Stultz <johnstul@us.ibm.com>
> Bisected-by: John Stultz <johnstul@us.ibm.com>
> Signed-off-by: Eric Dumazet <edumazet@google.com>
Applied.
^ permalink raw reply [flat|nested] 47+ messages in thread
end of thread, other threads:[~2012-08-10 4:05 UTC | newest]
Thread overview: 47+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-08-07 18:12 NULL pointer dereference in selinux_ip_postroute_compat John Stultz
2012-08-07 21:50 ` Paul Moore
2012-08-07 21:58 ` John Stultz
2012-08-07 22:01 ` Paul Moore
2012-08-07 22:17 ` Serge E. Hallyn
2012-08-07 22:23 ` Paul Moore
2012-08-07 22:37 ` John Stultz
2012-08-08 19:14 ` John Stultz
2012-08-08 19:26 ` Paul Moore
2012-08-08 19:38 ` Eric Dumazet
2012-08-08 19:49 ` John Stultz
2012-08-08 20:04 ` Eric Dumazet
2012-08-08 19:50 ` Paul Moore
2012-08-08 20:04 ` Eric Dumazet
2012-08-08 19:59 ` Eric Paris
2012-08-08 20:09 ` Eric Dumazet
2012-08-08 20:32 ` Eric Dumazet
2012-08-08 20:46 ` Paul Moore
2012-08-08 21:54 ` Eric Dumazet
2012-08-09 0:00 ` Casey Schaufler
2012-08-09 13:30 ` Paul Moore
2012-08-09 14:27 ` Eric Dumazet
2012-08-09 15:04 ` Paul Moore
2012-08-09 14:50 ` [PATCH] ipv4: tcp: security_sk_alloc() needed for unicast_sock Eric Dumazet
2012-08-09 15:07 ` Paul Moore
2012-08-09 15:36 ` Eric Dumazet
2012-08-09 15:59 ` Paul Moore
2012-08-09 16:05 ` Eric Paris
2012-08-09 16:09 ` Paul Moore
2012-08-09 17:46 ` Eric Dumazet
2012-08-09 20:06 ` Eric Paris
2012-08-09 20:19 ` Paul Moore
2012-08-09 21:29 ` Eric Dumazet
2012-08-09 21:53 ` Casey Schaufler
2012-08-09 22:05 ` Eric Dumazet
2012-08-09 22:26 ` Casey Schaufler
2012-08-09 23:38 ` David Miller
2012-08-09 23:56 ` [PATCH] ipv4: tcp: unicast_sock should not land outside of TCP stack Eric Dumazet
2012-08-10 4:05 ` David Miller
2012-08-08 20:35 ` NULL pointer dereference in selinux_ip_postroute_compat Paul Moore
2012-08-08 20:51 ` Eric Paris
2012-08-08 21:03 ` Paul Moore
2012-08-08 21:09 ` Eric Paris
2012-08-08 19:29 ` Eric Dumazet
2012-08-08 16:58 ` John Johansen
2012-08-07 22:26 ` John Stultz
2012-08-07 22:31 ` John Stultz
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox