Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 923019 Details for
Bug 1119662
BUG: NetLabel lead to kernel panic on some SELinux levels
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
03-netlbl-catmap_walk_fix.patch
03-netlbl-catmap_walk_fix.patch (text/plain), 6.04 KB, created by
Paul Moore
on 2014-07-31 18:26:41 UTC
(
hide
)
Description:
03-netlbl-catmap_walk_fix.patch
Filename:
MIME Type:
Creator:
Paul Moore
Created:
2014-07-31 18:26:41 UTC
Size:
6.04 KB
patch
obsolete
>netlabel: fix the catmap walking functions > >From: Paul Moore <pmoore@redhat.com> > >The two NetLabel LSM secattr catmap walk functions didn't handle >certain edge conditions correctly, causing incorrect security labels >to be generated in some cases. This patch corrects these problems and >converts the functions to use the new _netlbl_secattr_catmap_getnode() >function in order to reduce the amount of repeated code. > >Cc: stable@vger.kernel.org >Signed-off-by: Paul Moore <pmoore@redhat.com> >--- > net/netlabel/netlabel_kapi.c | 102 ++++++++++++++++++++++-------------------- > 1 file changed, 54 insertions(+), 48 deletions(-) > >diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c >index d9e1046..bc38838 100644 >--- a/net/netlabel/netlabel_kapi.c >+++ b/net/netlabel/netlabel_kapi.c >@@ -407,6 +407,7 @@ out_entry: > > #define _CM_F_NONE 0x00000000 > #define _CM_F_ALLOC 0x00000001 >+#define _CM_F_WALK 0x00000002 > > /** > * _netlbl_secattr_catmap_getnode - Get a individual node from a catmap >@@ -416,10 +417,11 @@ out_entry: > * @gfp_flags: memory allocation flags > * > * Description: >- * Iterate through the catmap looking for the node associated with @offset; if >- * the _CM_F_ALLOC flag is set in @cm_flags and there is no associated node, >- * one will be created and inserted into the catmap. Returns a pointer to the >- * node on success, NULL on failure. >+ * Iterate through the catmap looking for the node associated with @offset. >+ * If the _CM_F_ALLOC flag is set in @cm_flags and there is no associated node, >+ * one will be created and inserted into the catmap. If the _CM_F_WALK flag is >+ * set in @cm_flags and there is no associated node, the next highest node will >+ * be returned. Returns a pointer to the node on success, NULL on failure. > * > */ > static struct netlbl_lsm_secattr_catmap *_netlbl_secattr_catmap_getnode( >@@ -431,17 +433,22 @@ static struct netlbl_lsm_secattr_catmap *_netlbl_secattr_catmap_getnode( > struct netlbl_lsm_secattr_catmap *iter = *catmap; > struct netlbl_lsm_secattr_catmap *prev = NULL; > >- if (iter == NULL || offset < iter->startbit) >+ if (iter == NULL) > goto secattr_catmap_getnode_alloc; >+ if (offset < iter->startbit) >+ goto secattr_catmap_getnode_walk; > while (iter && offset >= (iter->startbit + NETLBL_CATMAP_SIZE)) { > prev = iter; > iter = iter->next; > } > if (iter == NULL || offset < iter->startbit) >- goto secattr_catmap_getnode_alloc; >+ goto secattr_catmap_getnode_walk; > > return iter; > >+secattr_catmap_getnode_walk: >+ if (cm_flags & _CM_F_WALK) >+ return iter; > secattr_catmap_getnode_alloc: > if (!(cm_flags & _CM_F_ALLOC)) > return NULL; >@@ -476,43 +483,41 @@ int netlbl_secattr_catmap_walk(struct netlbl_lsm_secattr_catmap *catmap, > u32 offset) > { > struct netlbl_lsm_secattr_catmap *iter = catmap; >- u32 node_idx; >- u32 node_bit; >+ u32 idx; >+ u32 bit; > NETLBL_CATMAP_MAPTYPE bitmap; > >+ iter = _netlbl_secattr_catmap_getnode(&catmap, offset, _CM_F_WALK, 0); >+ if (iter == NULL) >+ return -ENOENT; > if (offset > iter->startbit) { >- while (offset >= (iter->startbit + NETLBL_CATMAP_SIZE)) { >- iter = iter->next; >- if (iter == NULL) >- return -ENOENT; >- } >- node_idx = (offset - iter->startbit) / NETLBL_CATMAP_MAPSIZE; >- node_bit = offset - iter->startbit - >- (NETLBL_CATMAP_MAPSIZE * node_idx); >+ offset -= iter->startbit; >+ idx = offset / NETLBL_CATMAP_MAPSIZE; >+ bit = offset % NETLBL_CATMAP_MAPSIZE; > } else { >- node_idx = 0; >- node_bit = 0; >+ idx = 0; >+ bit = 0; > } >- bitmap = iter->bitmap[node_idx] >> node_bit; >+ bitmap = iter->bitmap[idx] >> bit; > > for (;;) { > if (bitmap != 0) { > while ((bitmap & NETLBL_CATMAP_BIT) == 0) { > bitmap >>= 1; >- node_bit++; >+ bit++; > } > return iter->startbit + >- (NETLBL_CATMAP_MAPSIZE * node_idx) + node_bit; >+ (NETLBL_CATMAP_MAPSIZE * idx) + bit; > } >- if (++node_idx >= NETLBL_CATMAP_MAPCNT) { >+ if (++idx >= NETLBL_CATMAP_MAPCNT) { > if (iter->next != NULL) { > iter = iter->next; >- node_idx = 0; >+ idx = 0; > } else > return -ENOENT; > } >- bitmap = iter->bitmap[node_idx]; >- node_bit = 0; >+ bitmap = iter->bitmap[idx]; >+ bit = 0; > } > > return -ENOENT; >@@ -532,46 +537,47 @@ int netlbl_secattr_catmap_walk(struct netlbl_lsm_secattr_catmap *catmap, > int netlbl_secattr_catmap_walk_rng(struct netlbl_lsm_secattr_catmap *catmap, > u32 offset) > { >- struct netlbl_lsm_secattr_catmap *iter = catmap; >- u32 node_idx; >- u32 node_bit; >+ struct netlbl_lsm_secattr_catmap *iter; >+ struct netlbl_lsm_secattr_catmap *prev = NULL; >+ u32 idx; >+ u32 bit; > NETLBL_CATMAP_MAPTYPE bitmask; > NETLBL_CATMAP_MAPTYPE bitmap; > >+ iter = _netlbl_secattr_catmap_getnode(&catmap, offset, _CM_F_WALK, 0); >+ if (iter == NULL) >+ return -ENOENT; > if (offset > iter->startbit) { >- while (offset >= (iter->startbit + NETLBL_CATMAP_SIZE)) { >- iter = iter->next; >- if (iter == NULL) >- return -ENOENT; >- } >- node_idx = (offset - iter->startbit) / NETLBL_CATMAP_MAPSIZE; >- node_bit = offset - iter->startbit - >- (NETLBL_CATMAP_MAPSIZE * node_idx); >+ offset -= iter->startbit; >+ idx = offset / NETLBL_CATMAP_MAPSIZE; >+ bit = offset % NETLBL_CATMAP_MAPSIZE; > } else { >- node_idx = 0; >- node_bit = 0; >+ idx = 0; >+ bit = 0; > } >- bitmask = NETLBL_CATMAP_BIT << node_bit; >+ bitmask = NETLBL_CATMAP_BIT << bit; > > for (;;) { >- bitmap = iter->bitmap[node_idx]; >+ bitmap = iter->bitmap[idx]; > while (bitmask != 0 && (bitmap & bitmask) != 0) { > bitmask <<= 1; >- node_bit++; >+ bit++; > } > >- if (bitmask != 0) >+ if (prev && idx == 0 && bit == 0) >+ return prev->startbit + NETLBL_CATMAP_SIZE - 1; >+ else if (bitmask != 0) > return iter->startbit + >- (NETLBL_CATMAP_MAPSIZE * node_idx) + >- node_bit - 1; >- else if (++node_idx >= NETLBL_CATMAP_MAPCNT) { >+ (NETLBL_CATMAP_MAPSIZE * idx) + bit - 1; >+ else if (++idx >= NETLBL_CATMAP_MAPCNT) { > if (iter->next == NULL) >- return iter->startbit + NETLBL_CATMAP_SIZE - 1; >+ return iter->startbit + NETLBL_CATMAP_SIZE - 1; >+ prev = iter; > iter = iter->next; >- node_idx = 0; >+ idx = 0; > } > bitmask = NETLBL_CATMAP_BIT; >- node_bit = 0; >+ bit = 0; > } > > return -ENOENT;
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=923019">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1119662
:
918084
|
923017
|
923018
| 923019 |
923020