Re: security ima: Kernel BUG in ima_file_free -- bisected to commit6c21a7fb492bf7e2c4985937082ce58ddeca84bd

[Mimi Zohar]

Shi Weihua <shiwh@xxxxxxxxxxxxxx> wrote on 02/01/2010 12:06:44 AM:

> Hi, Mimi
> 
> Used the latest LTP to test 2.6.33-rc6, a Kernel BUG occured on my 
x86_64 (OS:
> Fedora 12).
> The message from dmesg is as following.
> The LTP case is testcases/kernel/syscalls/pipe/pipe06.c. For seeing code 
easily, I
> recreated a simple code to reproduce this BUG. please check the code in 
the attached.
> 
> I bisected a commit 6c21a7fb492bf7e2c4985937082ce58ddeca84bd,
>     --------
>     commit 6c21a7fb492bf7e2c4985937082ce58ddeca84bd
>     Author: Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx>
>     Date:   Thu Oct 22 17:30:13 2009 -0400
> 
>          LSM: imbed ima calls in the security hooks
>     --------
> Maybe you should fix it ;-)

Thanks for isolating the problem.  The problem is caused by 
free_write_pipe()
calling path_put(), which puts the dentry and mnt, before it calls 
put_filp(). 
The ordering should be like in __fput(), which puts the dentry and mnt as 
the
last thing it does.

Mimi
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/