From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753478AbbC3RZ6 (ORCPT <rfc822;w@1wt.eu>);
	Mon, 30 Mar 2015 13:25:58 -0400
Received: from smtp106.biz.mail.bf1.yahoo.com ([98.139.244.54]:33140 "EHLO
	smtp106.biz.mail.bf1.yahoo.com" rhost-flags-OK-OK-OK-OK)
	by vger.kernel.org with ESMTP id S1753127AbbC3RZy (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Mon, 30 Mar 2015 13:25:54 -0400
X-Yahoo-Newman-Property: ymail-3
X-YMail-OSG: BCUq4H4VM1mNkF53Be9XS8jP4XIAYAsegwCNf2PcjoGSG6D
 ynuPk8GN_6B1pB9fbLaUWlWzTclciOPvbebcCeYBkxQM56tx8BLjQhWsEDuV
 6jzEM_C8DoZNbcd8ZhoZGJDSv7LUcypriRbpNuzYQfk0NmHt9QPpFmiVX4oB
 p3unTfffKIfS2NRMJ5xSu_3cGaV6fnuo2opFs2IXK3KN47CHSYj.37Ak_.vu
 nT8YW0wGQWjNhZJq6xIbgF4U0dSjTnwxeKMl5rD3cBD9Ml2o6zcsb4KOjYkV
 9QzQluG4aQs2Jk2ZhHsL9_J7Okfg9rCXD_cG.ZeOxX3tX4QfXFP.bAwvLpjO
 w8KHEXX4zG96c3lK0FRgnuzq7RdSTU0NjGBUPXqNCPbaKjCZhFh4Av65G6uw
 7nfiwqdd_ZtNYiDHOBo6DrvFM3DxusVohSRX0peG70nUCEkF6wnwEaELEDA9
 k8vqzUOj.ge_ojC3Og7dTQ0VM6cViz7Gba5sd8JdBb1etSreJ1GvO27KLOx9
 H4zl5U_PBhN78Vsx.SpnQpmxIqcRJZzbjZHJDfPylSw--
X-Yahoo-SMTP: OIJXglSswBDfgLtXluJ6wiAYv6_cnw--
Message-ID: <5519871B.5020402@schaufler-ca.com>
Date: Mon, 30 Mar 2015 10:25:47 -0700
From: Casey Schaufler <casey@schaufler-ca.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0
MIME-Version: 1.0
To: Paul Moore <paul@paul-moore.com>, maninder1.s@samsung.com
CC: "davem@davemloft.net" <davem@davemloft.net>,
        "netdev@vger.kernel.org" <netdev@vger.kernel.org>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        Vaneet Narang <v.narang@samsung.com>,
        AJEET YADAV <ajeet.y@samsung.com>,
        Casey Schaufler <casey@schaufler-ca.com>
Subject: Re: [Fix kernel crash in cipso_v4_sock_delattr ]
References: <1603159082.92241427713739372.JavaMail.weblogic@epmlwas01c> <129817526.SFnNKPuWia@sifl>
In-Reply-To: <129817526.SFnNKPuWia@sifl>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 3/30/2015 4:32 AM, Paul Moore wrote:
> On Monday, March 30, 2015 11:09:00 AM Maninder Singh wrote:
>> Dear All,
>> we found One Kernel Crash issue in cipso_v4_sock_delattr :-
>> As Cipso supports only inet sockets so cipso_v4_sock_delattr will crash when
>> try to access any other socket type.  cipso_v4_sock_delattr access
>> sk_inet->inet_opt which may contain not NULL but invalid address. we found
>> this issue with netlink socket.(reproducible by trinity using sendto system
>> call .) 
> Hello,
>
> First, please go read the Documentation/SubmittingPatches from the kernel 
> sources; your patch needs to be resubmitted and the instructions in that file 
> will show you how to do it correctly next time.
>
> Second, this appears to only affect Smack based systems, yes?  SELinux based 
> systems should have the proper checking in place to prevent this (the checks 
> are handled in the LSM).

This looks like a problem that was fixed some time ago.
The current Smack code clearly checks for this. What kernel
version are you testing against?

> That said, it probably wouldn't hurt to add the 
> extra checking to netlbl_sock_delattr().  If you properly resubmit your patch 
> I'll ACK it.
>
> -Paul
>