Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 923017 Details for
Bug 1119662
BUG: NetLabel lead to kernel panic on some SELinux levels
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
01-netlbl-catmap_fix.patch
01-netlbl-catmap_fix.patch (text/plain), 6.93 KB, created by
Paul Moore
on 2014-07-31 18:26:02 UTC
(
hide
)
Description:
01-netlbl-catmap_fix.patch
Filename:
MIME Type:
Creator:
Paul Moore
Created:
2014-07-31 18:26:02 UTC
Size:
6.93 KB
patch
obsolete
>netlabel: fix a problem when setting bits below the previously lowest bit > >From: Paul Moore <pmoore@redhat.com> > >The NetLabel category (catmap) functions have a problem in that they >assume categories will be set in an increasing manner, e.g. the next >category set will always be larger than the last. Unfortunately, this >is not a valid assumption and could result in problems when attempting >to set categories less than the startbit in the lowest catmap node. >In some cases kernel panics and other nasties can result. > >This patch corrects the problem by checking for this and allocating a >new catmap node instance and placing it at the front of the list. > >Please consider this fix for the stable kernel releases. > >Cc: stable@vger.kernel.org >Reported-by: Christian Evans <frodox@zoho.com> >Signed-off-by: Paul Moore <pmoore@redhat.com> >--- > include/net/netlabel.h | 8 ++++---- > net/ipv4/cipso_ipv4.c | 6 +++--- > net/netlabel/netlabel_kapi.c | 26 ++++++++++++++++++-------- > security/smack/smack_access.c | 2 +- > 4 files changed, 26 insertions(+), 16 deletions(-) > >diff --git a/include/net/netlabel.h b/include/net/netlabel.h >index 4fe018c..1c40d65 100644 >--- a/include/net/netlabel.h >+++ b/include/net/netlabel.h >@@ -394,10 +394,10 @@ int netlbl_secattr_catmap_walk(struct netlbl_lsm_secattr_catmap *catmap, > u32 offset); > int netlbl_secattr_catmap_walk_rng(struct netlbl_lsm_secattr_catmap *catmap, > u32 offset); >-int netlbl_secattr_catmap_setbit(struct netlbl_lsm_secattr_catmap *catmap, >+int netlbl_secattr_catmap_setbit(struct netlbl_lsm_secattr_catmap **catmap, > u32 bit, > gfp_t flags); >-int netlbl_secattr_catmap_setrng(struct netlbl_lsm_secattr_catmap *catmap, >+int netlbl_secattr_catmap_setrng(struct netlbl_lsm_secattr_catmap **catmap, > u32 start, > u32 end, > gfp_t flags); >@@ -505,14 +505,14 @@ static inline int netlbl_secattr_catmap_walk_rng( > return -ENOENT; > } > static inline int netlbl_secattr_catmap_setbit( >- struct netlbl_lsm_secattr_catmap *catmap, >+ struct netlbl_lsm_secattr_catmap **catmap, > u32 bit, > gfp_t flags) > { > return 0; > } > static inline int netlbl_secattr_catmap_setrng( >- struct netlbl_lsm_secattr_catmap *catmap, >+ struct netlbl_lsm_secattr_catmap **catmap, > u32 start, > u32 end, > gfp_t flags) >diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c >index 69e77c8..dd433c9 100644 >--- a/net/ipv4/cipso_ipv4.c >+++ b/net/ipv4/cipso_ipv4.c >@@ -973,7 +973,7 @@ static int cipso_v4_map_cat_rbm_ntoh(const struct cipso_v4_doi *doi_def, > return -EPERM; > break; > } >- ret_val = netlbl_secattr_catmap_setbit(secattr->attr.mls.cat, >+ ret_val = netlbl_secattr_catmap_setbit(&secattr->attr.mls.cat, > host_spot, > GFP_ATOMIC); > if (ret_val != 0) >@@ -1075,7 +1075,7 @@ static int cipso_v4_map_cat_enum_ntoh(const struct cipso_v4_doi *doi_def, > u32 iter; > > for (iter = 0; iter < net_cat_len; iter += 2) { >- ret_val = netlbl_secattr_catmap_setbit(secattr->attr.mls.cat, >+ ret_val = netlbl_secattr_catmap_setbit(&secattr->attr.mls.cat, > get_unaligned_be16(&net_cat[iter]), > GFP_ATOMIC); > if (ret_val != 0) >@@ -1217,7 +1217,7 @@ static int cipso_v4_map_cat_rng_ntoh(const struct cipso_v4_doi *doi_def, > else > cat_low = 0; > >- ret_val = netlbl_secattr_catmap_setrng(secattr->attr.mls.cat, >+ ret_val = netlbl_secattr_catmap_setrng(&secattr->attr.mls.cat, > cat_low, > cat_high, > GFP_ATOMIC); >diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c >index 3045a96..84e810b 100644 >--- a/net/netlabel/netlabel_kapi.c >+++ b/net/netlabel/netlabel_kapi.c >@@ -522,7 +522,7 @@ int netlbl_secattr_catmap_walk_rng(struct netlbl_lsm_secattr_catmap *catmap, > > /** > * netlbl_secattr_catmap_setbit - Set a bit in a LSM secattr catmap >- * @catmap: the category bitmap >+ * @catmap: pointer to the category bitmap > * @bit: the bit to set > * @flags: memory allocation flags > * >@@ -531,18 +531,25 @@ int netlbl_secattr_catmap_walk_rng(struct netlbl_lsm_secattr_catmap *catmap, > * negative values on failure. > * > */ >-int netlbl_secattr_catmap_setbit(struct netlbl_lsm_secattr_catmap *catmap, >+int netlbl_secattr_catmap_setbit(struct netlbl_lsm_secattr_catmap **catmap, > u32 bit, > gfp_t flags) > { >- struct netlbl_lsm_secattr_catmap *iter = catmap; >+ struct netlbl_lsm_secattr_catmap *iter = *catmap; > u32 node_bit; > u32 node_idx; > > while (iter->next != NULL && > bit >= (iter->startbit + NETLBL_CATMAP_SIZE)) > iter = iter->next; >- if (bit >= (iter->startbit + NETLBL_CATMAP_SIZE)) { >+ if (bit < iter->startbit) { >+ iter = netlbl_secattr_catmap_alloc(flags); >+ if (iter == NULL) >+ return -ENOMEM; >+ iter->next = *catmap; >+ iter->startbit = bit & ~(NETLBL_CATMAP_SIZE - 1); >+ *catmap = iter; >+ } else if (bit >= (iter->startbit + NETLBL_CATMAP_SIZE)) { > iter->next = netlbl_secattr_catmap_alloc(flags); > if (iter->next == NULL) > return -ENOMEM; >@@ -560,7 +567,7 @@ int netlbl_secattr_catmap_setbit(struct netlbl_lsm_secattr_catmap *catmap, > > /** > * netlbl_secattr_catmap_setrng - Set a range of bits in a LSM secattr catmap >- * @catmap: the category bitmap >+ * @catmap: pointer to the category bitmap > * @start: the starting bit > * @end: the last bit in the string > * @flags: memory allocation flags >@@ -570,15 +577,16 @@ int netlbl_secattr_catmap_setbit(struct netlbl_lsm_secattr_catmap *catmap, > * on success, negative values on failure. > * > */ >-int netlbl_secattr_catmap_setrng(struct netlbl_lsm_secattr_catmap *catmap, >+int netlbl_secattr_catmap_setrng(struct netlbl_lsm_secattr_catmap **catmap, > u32 start, > u32 end, > gfp_t flags) > { > int ret_val = 0; >- struct netlbl_lsm_secattr_catmap *iter = catmap; >+ struct netlbl_lsm_secattr_catmap *iter = *catmap; > u32 iter_max_spot; > u32 spot; >+ u32 orig_spot = iter->startbit; > > /* XXX - This could probably be made a bit faster by combining writes > * to the catmap instead of setting a single bit each time, but for >@@ -596,7 +604,9 @@ int netlbl_secattr_catmap_setrng(struct netlbl_lsm_secattr_catmap *catmap, > iter = iter->next; > iter_max_spot = iter->startbit + NETLBL_CATMAP_SIZE; > } >- ret_val = netlbl_secattr_catmap_setbit(iter, spot, flags); >+ ret_val = netlbl_secattr_catmap_setbit(&iter, spot, flags); >+ if (iter->startbit < orig_spot) >+ *catmap = iter; > } > > return ret_val; >diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c >index 14293cd..9ecf4f4 100644 >--- a/security/smack/smack_access.c >+++ b/security/smack/smack_access.c >@@ -444,7 +444,7 @@ int smk_netlbl_mls(int level, char *catset, struct netlbl_lsm_secattr *sap, > for (m = 0x80; m != 0; m >>= 1, cat++) { > if ((m & *cp) == 0) > continue; >- rc = netlbl_secattr_catmap_setbit(sap->attr.mls.cat, >+ rc = netlbl_secattr_catmap_setbit(&sap->attr.mls.cat, > cat, GFP_ATOMIC); > if (rc < 0) { > netlbl_secattr_catmap_free(sap->attr.mls.cat);
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1119662
:
918084
| 923017 |
923018
|
923019
|
923020