The patch titled
slim: fix bug with mm_users usage
has been added to the -mm tree. Its filename is
slim-main-patch-fix-bug-with-mm_users-usage.patch
See http://www.zip.com.au/~akpm/linux/patches/stuff/added-to-mm.txt to find
out what to do about this
------------------------------------------------------
Subject: slim: fix bug with mm_users usage
From: Kylene Jo Hall <kjhall@xxxxxxxxxx>
There is a NULL pointer dereference possible that was introduced in the
last round of modifications to the demotion code before merging.
current->mm should be checked for existence before it is dereferenced to
check the value of the mm_users field. This patch fixes all instances of
this bug.
Signed-off-by: Kylene Hall <kjhall@xxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxx>
---
security/slim/slm_main.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff -puN security/slim/slm_main.c~slim-main-patch-fix-bug-with-mm_users-usage security/slim/slm_main.c
--- a/security/slim/slm_main.c~slim-main-patch-fix-bug-with-mm_users-usage
+++ a/security/slim/slm_main.c
@@ -481,7 +481,7 @@ static int enforce_integrity_read(struct
spin_lock(&cur_tsec->lock);
if (!is_iac_less_than_or_exempt(level, cur_tsec->iac_r)) {
rc = has_file_wperm(level);
- if (atomic_read(¤t->mm->mm_users) != 1)
+ if (current->mm && atomic_read(¤t->mm->mm_users) != 1)
rc = 1;
if (rc)
spin_unlock(&cur_tsec->lock);
@@ -939,7 +939,7 @@ int slm_socket_create(int family, int ty
memset(&level, 0, sizeof(struct slm_file_xattr));
level.iac_level = SLM_IAC_UNTRUSTED;
rc = has_file_wperm(&level);
- if (atomic_read(¤t->mm->mm_users) != 1)
+ if (current->mm && atomic_read(¤t->mm->mm_users) != 1)
rc = 1;
if (rc) {
spin_unlock(&cur_tsec->lock);
@@ -1094,7 +1094,7 @@ static int enforce_integrity_execute(str
cur_tsec->iac_r = cur_tsec->iac_wx;
else {
rc = has_file_wperm(level);
- if (atomic_read(¤t->mm->mm_users) != 1)
+ if (current->mm && atomic_read(¤t->mm->mm_users) != 1)
rc = 1;
if (rc)
spin_unlock(&cur_tsec->lock);
_
Patches currently in -mm which might be from kjhall@xxxxxxxxxx are
mprotect-patch-for-use-by-slim.patch
integrity-service-api-and-dummy-provider.patch
integrity-service-api-and-dummy-provider-cleanup-use-of-configh.patch
integrity-service-api-and-dummy-provider-compilation-warning-fix.patch
slim-main-patch.patch
slim-main-patch-socket_post_create-hook-return-code.patch
slim-main-patch-misc-cleanups-requested-at-inclusion-time.patch
slim-main-patch-handle-failure-to-register.patch
slim-main-patch-fix-bug-with-mm_users-usage.patch
slim-secfs-patch.patch
slim-secfs-patch-slim-correct-use-of-snprintf.patch
slim-secfs-patch-cleanup-use-of-configh.patch
slim-make-and-config-stuff.patch
slim-make-and-config-stuff-makefile-fix.patch
slim-debug-output.patch
slim-fix-security-issue-with-the-task_post_setuid-hook.patch
slim-secfs-inode-i_private-build-fix.patch
slim-documentation.patch
-
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
