Re: [RFC PATCH 2/2] integrity: double check iint_cache was initialized

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2021/03/20 5:03, Mimi Zohar wrote:
> The integrity's "iint_cache" is initialized at security_init().  Only
> after an IMA policy is loaded, which is initialized at late_initcall,
> is a file's integrity status stored in the "iint_cache".
> 
> All integrity_inode_get() callers first verify that the IMA policy has
> been loaded, before calling it.  Yet for some reason, it is still being
> called, causing a NULL pointer dereference.
> 
> qemu-system-x86_64 (...snipped...) lsm=smack (...snipped...)

Hmm, why are you using lsm=smack instead of security=smack ?
Since use of lsm= overrides CONFIG_LSM="lockdown,yama,safesetid,integrity,tomoyo,smack,bpf" settings,
only smack is activated, which means that integrity_iintcache_init() will not be called by

  DEFINE_LSM(integrity) = {
  	.name = "integrity",
  	.init = integrity_iintcache_init,
  };

declaration. That's the reason iint_cache == NULL when integrity_inode_get() is called.




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux