On Fri, Jul 23, 2021 at 10:52 AM Sujithra P <sujithrap@xxxxxxxxx> wrote: > Thanks Ondrej. Sorry about that, please find the details below. > > On Fri, Jul 23, 2021 at 1:31 AM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote: > > > > On Thu, Jul 22, 2021 at 9:25 PM Sujithra P <sujithrap@xxxxxxxxx> wrote: > > > Thanks Ondrej. > > > > > > Kernel version: Linux #2 SMP Fri Apr 23 09:05:57 PDT 2021 x86_64 > > > x86_64 x86_64 GNU/Linux > > > > Somehow that string doesn't contain the actual version :) uname -r > > should return the right version string (something like > > "4.18.0-305.el8.x86_64"). > > uname -r > 5.4.17-2102.201.3.el8uek.x86_64 Ah, so this was actually a crucial bit of information. When I installed this kernel from Oracle, I was able to reproduce the bug using my artificial reproducer. I also reproduced it on plain 5.4.17 upstream kernel, so it's not related to Oracle's modifications. The bug was indeed caused by the race condition I found, but in kernels before 5.6 the code used to be a little different and lead to the bug you are seeing. After commit 66f8e2f03c02 ("selinux: sidtab reverse lookup hash table"), the race condition was still there, but it wasn't able to cause the bug any more (or it became extremely unlikely, at least). So to avoid the bug you need to either switch to a kernel that includes the aforementioned commit (hint: stock RHEL/CentOS kernels in version 8.3 and above already have that commit backported) or get Oracle to either backport the commit (+ any relevant follow ups) or fix the race condition. I will submit a patch to fix the race condition upstream so if you decide to report this problem to Oracle I can provide you a link to the patch once I post it (it may take a couple of days/weeks before I get it ready). Hope this helps, -- Ondrej Mosnacek Software Engineer, Linux Security - SELinux kernel Red Hat, Inc. _______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure