Bug 357541 - 2.6.23.1-37.fc8 BUG/NULL pointer dereference in selinux code
Summary: 2.6.23.1-37.fc8 BUG/NULL pointer dereference in selinux code
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: Fedora
Classification: Fedora
Component: kernel
Version: rawhide
Hardware: i386
OS: Linux
low
low
Target Milestone: ---
Assignee: Eric Paris
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
: 388061 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-10-30 02:28 UTC by Hans Ulrich Niedermann
Modified: 2007-12-07 23:24 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-11-12 21:37:47 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)
BUG log in dmesg (2.38 KB, text/plain)
2007-10-30 02:28 UTC, Hans Ulrich Niedermann 		no flags Details
dmesg from 2.6.23.1-37.fc8 (non-PAE version) (2.35 KB, patch)
2007-10-30 16:37 UTC, Hans Ulrich Niedermann 		no flags Details | Diff
View All

Description Hans Ulrich Niedermann 2007-10-30 02:28:07 UTC 
Description of problem:

  When I run "mock", it exits with code 139, and the dmesg
  buffer contains one more kernel BUG/Oops report.

Version-Release number of selected component (if applicable):

  kernel-PAE-2.6.23.1-37.fc8
  mock-0.7.6-1.fc8

How reproducible:

  Every time - at least on this machine. I don't have another with F8.

Steps to Reproduce:
1. Run "mock".
  
Actual results:

   exit code 139, kernel BUG/Oops.

Expected results:

   mock doing something useful.

Additional info:

  The system is not a fresh install of F8Tsomething, but has
  been "yum upgraded" from F7. So a few things might be amiss,
  but that should never cause NULL pointer dereferences in the
  kernel.
Comment 1 Hans Ulrich Niedermann 2007-10-30 02:28:07 UTC 
Created attachment 242621 [details]
BUG log in dmesg
Comment 2 Hans Ulrich Niedermann 2007-10-30 16:37:34 UTC 
Created attachment 243651 [details]
dmesg from 2.6.23.1-37.fc8 (non-PAE version)

Same issue with 2.6.23.1-37.fc8 as with 2.6.23.1-37.fc8PAE.
(As requested by Chuck Ebbert)
Comment 3 Hans Ulrich Niedermann 2007-10-30 16:41:31 UTC 
I have just rememberd... it may be a "broken" mock SELinux policy module
triggering this, as I have mucked around with a mock policy module around FC6.

As broken as that mock policy may be, I will not touch it for a few weeks in
order to help you guys figure out the in-kernel issue.
Comment 4 Hans Ulrich Niedermann 2007-10-30 17:33:23 UTC 
The Fedora Wiki has a page with a few hints about an SELinux policy. I once
tried to make those into a package. The remnants of this is what I have
installed here - the mock selinux policy module is still loaded, but the RPM
package has been uninstalled.

If you want to examine the actual policy module yourself, I have uploaded the
loaded mock.pp (file /etc/selinux/targeted/modules/active/modules/mock.pp) to
http://mock.lauft.net/mock.pp

This is probably generated from
http://mock.lauft.net/mock-selinux-policy-0.0.2-2.src.rpm
but I cannot find the exact noarch RPM used to install it any more.
Comment 5 Eric Paris 2007-11-12 21:37:47 UTC 
It is the buggy .pp file.  We can't figure out how it go built wrong but we have
added new checks upstream to make sure something like this gets rejected in the
future rather than oops.  The upstream patch is at:

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=45e5421eb5bbcd9efa037d682dd357284e3ef982

since this is root only and you could more easily destroy your system other ways
i don't feel strongly about putting this into the F8 kernel right now.  So I'm
going to close this as upstream and we'll get the extra validity checks when we
move to .24

If anyone feels strongly about having these validity checks in the F8 kernel let
 me know.
-Eric
Comment 6 Chuck Ebbert 2007-12-07 23:24:52 UTC 
*** Bug 388061 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.