Re: [PATCH] Fix for IPsec leakage with SELinux enabled

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: James Morris <jmorris@namei.org>
To: Evgeniy Polyakov <johnpol@2ka.mipt.ru>
Cc: "David S. Miller" <davem@davemloft.net>,
	Herbert Xu <herbert@gondor.apana.org.au>,
	netdev@vger.kernel.org, Stephen Smalley <sds@tycho.nsa.gov>,
	Venkat Yekkirala <vyekkirala@TrustedCS.com>,
	Paul Moore <paul.moore@hp.com>
Subject: Re: [PATCH] Fix for IPsec leakage with SELinux enabled
Date: Mon, 2 Oct 2006 09:31:36 -0400 (EDT)	[thread overview]
Message-ID: <Pine.LNX.4.64.0610020919050.9400@d.namei> (raw)
In-Reply-To: <20061002112050.GA772@2ka.mipt.ru>

On Mon, 2 Oct 2006, Evgeniy Polyakov wrote:

> > Evgeniy, please let me know if this fixes your problem.
> 
> With that patch applied I got kernel panic after some time.
> Unfortunately I have not installed serial console, so the most
> interesting bits of the stack dump are not visible.
> Here is the last ones which are on the screen:
> ip_rcv
> ip_rcv_finish
> packet_rcv_spkt
> ip_rcv
> netif_receive_skb
> sys_accept
> skge_poll
> 
> and some other uninteresting stuff like hrtimer, softirq and the like...
> 
> EIP is at xfrm_lookup+0x43d/0x470
> 
> Notice packet socket handler in the trace, may be it can help - I ran
> system with tcpdump started.

What kind of traffic was running over the system?  What is the IPsec and 
SELinux configuration?

Can you run gdb on vmlinux, find the start of xfrm_lookup then list what's 
at the EIP offset?

(gdb) p xfrm_lookup
$1 = {int (struct dst_entry **, struct flowi *, struct sock *, int)} 
0xc02cc7e2 <xfrm_lookup>
(gdb) l *(0xc02cc7e2 + 0x043d)


-- 
James Morris
<jmorris@namei.org>

next prev parent reply	other threads:[~2006-10-02 13:31 UTC|newest]

Thread overview: 45+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-09-22 11:29 Is TCP over IPsec broken in 2.6.18? Evgeniy Polyakov
2006-09-22 11:35 ` Evgeniy Polyakov
2006-09-22 12:19 ` Evgeniy Polyakov
2006-09-22 12:23   ` Patrick McHardy
2006-09-22 14:03     ` Evgeniy Polyakov
2006-09-22 15:15       ` James Morris
2006-09-22 15:47         ` James Morris
2006-09-23  4:29         ` Evgeniy Polyakov
2006-09-24  5:11           ` James Morris
2006-09-24  9:08             ` Patrick McHardy
2006-09-24 14:33               ` James Morris
2006-09-24 23:54                 ` Herbert Xu
     [not found]                   ` <20060925103836.GA13966@2ka.mipt.ru>
2006-09-25 11:27                     ` Herbert Xu
2006-09-25 12:05                       ` Evgeniy Polyakov
2006-09-25 12:55                         ` jamal
2006-09-30  5:06                         ` James Morris
2006-09-30  5:14                           ` James Morris
2006-09-30  7:41                             ` James Morris
2006-09-30 11:15                             ` Evgeniy Polyakov
2006-09-30 14:36                               ` James Morris
2006-09-30 14:40                                 ` Evgeniy Polyakov
2006-09-30 14:42                                   ` Evgeniy Polyakov
2006-09-30 14:44                                   ` James Morris
2006-10-01  6:27                                     ` [PATCH] Fix for IPsec leakage with SELinux enabled James Morris
2006-10-02 11:20                                       ` Evgeniy Polyakov
2006-10-02 13:31                                         ` James Morris [this message]
2006-10-02 13:42                                           ` Evgeniy Polyakov
2006-10-02 14:05                                             ` James Morris
2006-10-02 14:27                                               ` [PATCH] Fix for IPsec leakage with SELinux enabled - V.02 James Morris
2006-10-02 16:00                                                 ` Evgeniy Polyakov
2006-10-02 16:13                                                   ` James Morris
2006-10-02 16:30                                                     ` Evgeniy Polyakov
2006-10-02 16:41                                                       ` James Morris
2006-10-04  5:08                                                         ` Evgeniy Polyakov
2006-10-04 13:00                                                           ` James Morris
2006-10-03 23:18                                                 ` David Miller
2006-10-04  1:33                                                   ` James Morris
2006-10-04 13:41                                                   ` Herbert Xu
2006-10-05 20:58                                                   ` James Morris
2006-10-05 21:04                                                     ` David Miller
  -- strict thread matches above, loose matches on Subject: below --
2006-10-01 20:55 [PATCH] Fix for IPsec leakage with SELinux enabled Venkat Yekkirala
2006-10-02  1:44 ` James Morris
2006-10-02 17:09 Venkat Yekkirala
2006-10-02 18:39 ` James Morris
2006-10-02 18:59 Venkat Yekkirala

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Pine.LNX.4.64.0610020919050.9400@d.namei \
    --to=jmorris@namei.org \
    --cc=davem@davemloft.net \
    --cc=herbert@gondor.apana.org.au \
    --cc=johnpol@2ka.mipt.ru \
    --cc=netdev@vger.kernel.org \
    --cc=paul.moore@hp.com \
    --cc=sds@tycho.nsa.gov \
    --cc=vyekkirala@TrustedCS.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).