443481 – kernel BUG at security/selinux/hooks.c:761 during NFS install

Bug 443481 - kernel BUG at security/selinux/hooks.c:761 during NFS install

Summary: kernel BUG at security/selinux/hooks.c:761 during NFS install

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	kernel
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	urgent
Severity:	urgent
Target Milestone:	---
Assignee:	Eric Paris
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	F9KernelBlocker
TreeView+	depends on / blocked

Reported:	2008-04-21 19:46 UTC by Will Woods
Modified:	2008-04-25 01:35 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2008-04-25 01:35:49 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
change BUG_ON to safe handling if (!ss_initialized) (1.05 KB, patch) 2008-04-21 19:59 UTC, Eric Paris	no flags	Details \| Diff
View All

Description Will Woods 2008-04-21 19:46:16 UTC

Using today's rawhide (20080421, kernel-2.6.25-1.fc9.i586) I get a kernel BUG
when the system attempts to mount its nfs install source.

anaconda says:
  Running... /bin/mount -n -t nfs -o nolock [nfs target] /mnt/isodir
And then we get:

kernel BUG at security/selinux/hooks.c:761!
...
EIP is at selinux_sb_clone_mnt_opts+0x21/0xd9
...
Call Trace: [I'm trimming it to just function names]
security_sb_clone_mnt_opts
nfs_xdev_get_sb
vfs_kern_mount
nfs_follow_mountpoint
inode_has_perm
selinux_inode_follow_link
__link_path_walk
inode_has_perm
avc_has_perm
path_walk
do_path_lookup
__path_lookup_intent_open
path_lookup_open
open_namei
__dentry_open
do_filp_open
strncpy_from_user
do_sys_open
fput
sys_open
syscall_call
ht_enable_msi_mapping

This causes loader to SEGV and the install dies.

Comment 1 Eric Paris 2008-04-21 19:51:00 UTC

Well, I guess if the installer just isn't loading policy or disabling selinux
then we could hit this BUG_ON(!ss_initialized)

sds, what do you think, if !ss_initialized we know the parent sb couldn't have
had selinux mount options so there is no reason we can't just throw this sb on
the superblock_security_head list and deal with it later...

will send such a patch to selinux list in just a moment if I don't hear anything
different.

Comment 2 Eric Paris 2008-04-21 19:59:59 UTC

Created attachment 303195 [details]
change BUG_ON to safe handling if (!ss_initialized)

Comment 3 Stephen Smalley 2008-04-21 20:08:38 UTC

Looks sane, although I'm curious as to why we haven't loaded a policy before we
hit the clone.

Comment 4 Bill Nottingham 2008-04-21 20:15:50 UTC

policy is part of the second stage, and isn't loaded until after it's mounted.

Comment 5 Eric Paris 2008-04-21 21:06:38 UTC

I'm going to push the patch in comment #2 to F-9 kernel as soon as CVS opens back up

Comment 6 Chuck Ebbert 2008-04-23 13:57:56 UTC

Patch went in kernel 2.6.25-4. Can someone confirm this is fixed?

Comment 7 Will Woods 2008-04-24 16:35:40 UTC

I can't easily confirm this until a fixed kernel lands in rawhide - it needs to
be running during the install.

I'll see if it's possible to build custom boot images using the koji repos..

Comment 8 Will Woods 2008-04-24 23:55:39 UTC

Well, I built custom boot images with the new kernel and attempted an NFS
install. It didn't oops on NFS mount, and it seemed to mount stage2.img OK as well.

Unfortunately the tree is out-of-date so the install can't proceed past there.
But I think that confirms that the BUG is gone.

Note You need to log in before you can comment on or make changes to this bug.