Bug 357541 - 2.6.23.1-37.fc8 BUG/NULL pointer dereference in selinux code
2.6.23.1-37.fc8 BUG/NULL pointer dereference in selinux code
Status: CLOSED UPSTREAM
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
rawhide
i386 Linux
low Severity low
: ---
: ---
Assigned To: Eric Paris
Fedora Extras Quality Assurance
:
: 388061 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-10-29 22:28 EDT by Hans Ulrich Niedermann
Modified: 2007-12-07 18:24 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-11-12 16:37:47 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
BUG log in dmesg (2.38 KB, text/plain)
2007-10-29 22:28 EDT, Hans Ulrich Niedermann
no flags Details
dmesg from 2.6.23.1-37.fc8 (non-PAE version) (2.35 KB, patch)
2007-10-30 12:37 EDT, Hans Ulrich Niedermann
no flags Details | Diff

  None (edit)
Description Hans Ulrich Niedermann 2007-10-29 22:28:07 EDT
Description of problem:

  When I run "mock", it exits with code 139, and the dmesg
  buffer contains one more kernel BUG/Oops report.

Version-Release number of selected component (if applicable):

  kernel-PAE-2.6.23.1-37.fc8
  mock-0.7.6-1.fc8

How reproducible:

  Every time - at least on this machine. I don't have another with F8.

Steps to Reproduce:
1. Run "mock".
  
Actual results:

   exit code 139, kernel BUG/Oops.

Expected results:

   mock doing something useful.

Additional info:

  The system is not a fresh install of F8Tsomething, but has
  been "yum upgraded" from F7. So a few things might be amiss,
  but that should never cause NULL pointer dereferences in the
  kernel.
Comment 1 Hans Ulrich Niedermann 2007-10-29 22:28:07 EDT
Created attachment 242621 [details]
BUG log in dmesg
Comment 2 Hans Ulrich Niedermann 2007-10-30 12:37:34 EDT
Created attachment 243651 [details]
dmesg from 2.6.23.1-37.fc8 (non-PAE version)

Same issue with 2.6.23.1-37.fc8 as with 2.6.23.1-37.fc8PAE.
(As requested by Chuck Ebbert)
Comment 3 Hans Ulrich Niedermann 2007-10-30 12:41:31 EDT
I have just rememberd... it may be a "broken" mock SELinux policy module
triggering this, as I have mucked around with a mock policy module around FC6.

As broken as that mock policy may be, I will not touch it for a few weeks in
order to help you guys figure out the in-kernel issue.
Comment 4 Hans Ulrich Niedermann 2007-10-30 13:33:23 EDT
The Fedora Wiki has a page with a few hints about an SELinux policy. I once
tried to make those into a package. The remnants of this is what I have
installed here - the mock selinux policy module is still loaded, but the RPM
package has been uninstalled.

If you want to examine the actual policy module yourself, I have uploaded the
loaded mock.pp (file /etc/selinux/targeted/modules/active/modules/mock.pp) to
http://mock.lauft.net/mock.pp

This is probably generated from
http://mock.lauft.net/mock-selinux-policy-0.0.2-2.src.rpm
but I cannot find the exact noarch RPM used to install it any more.
Comment 5 Eric Paris 2007-11-12 16:37:47 EST
It is the buggy .pp file.  We can't figure out how it go built wrong but we have
added new checks upstream to make sure something like this gets rejected in the
future rather than oops.  The upstream patch is at:

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=45e5421eb5bbcd9efa037d682dd357284e3ef982

since this is root only and you could more easily destroy your system other ways
i don't feel strongly about putting this into the F8 kernel right now.  So I'm
going to close this as upstream and we'll get the extra validity checks when we
move to .24

If anyone feels strongly about having these validity checks in the F8 kernel let
 me know.
-Eric
Comment 6 Chuck Ebbert 2007-12-07 18:24:52 EST
*** Bug 388061 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.