Re: [GIT] security / creds fixes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2009-09-16 at 15:02 +0200, Ingo Molnar wrote:
> i'm still getting crashes even with latest -git [0cb583f]:
> 
> 
> EXT3-fs: mounted filesystem with ordered data mode.
> VFS: Mounted root (ext3 filesystem) readonly on device 8:6.
> async_waiting @ 1
> async_continuing @ 1 after 0 usec
> debug: unmapping init memory ffffffff81f1e000..ffffffff81fb1000
> SELinux:  Disabled at runtime.
> BUG: unable to handle kernel NULL pointer dereference at (null)
> IP: [<ffffffff81122537>] kmem_cache_alloc+0x9a/0x185

sds, I'm not quite sure how to fix this, maybe you have some ideas?

One problem is that avc_disable() (which frees everything in the AVC and
then kmem_cache_destroy() the avc_node_cachep) is done before we do the
security_ops = secondary_ops call.  So other tasks could still call
selinux_ functions after the avc_node_cachep is free.  Fixing that
ordering would likely take care of most of the problems but it's not
complete.  We have no idea if anything is already passed the
security_ops->function() call and is just waiting to explode as soon as
the avc_node_cachep is freed.  Any ideas how we can be sure that
everything is out of selinux code so we can finish the free safely?

-Eric


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.

[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux