[PATCH] Security: List corruption occured during file system automation test
From: shivnandan . k
Date: Wed Aug 13 2014 - 07:34:43 EST
From: Shivnandan Kumar <shivnandan.k@xxxxxxxxxxx>
List element was freed by inode_free_security and then it uses rcu
element to point inode_free_rcu, since it inside a union so it
shares memory, sb_finish_set_opts now also try to free list element,
but since it is overriden by rcu element , it found list is corrupted
which leads to kernel panic, We have removed union element so now
memory is not shared by list and rcu element
Signed-off-by: Shivnandan Kumar <shivnandan.k@xxxxxxxxxxx>
---
selinux/include/objsec.h | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/selinux/include/objsec.h b/selinux/include/objsec.h
index 7b1830b..2ba21ca 100644
--- a/selinux/include/objsec.h
+++ b/selinux/include/objsec.h
@@ -38,10 +38,8 @@ struct task_security_struct {
struct inode_security_struct {
struct inode *inode; /* back pointer to inode object */
- union {
- struct list_head list; /* list of inode_security_struct */
- struct rcu_head rcu; /* for freeing the inode_security_struct */
- };
+ struct list_head list; /* list of inode_security_struct */
+ struct rcu_head rcu; /* for freeing the inode_security_struct */
u32 task_sid; /* SID of creating task */
u32 sid; /* SID of this object */
u16 sclass; /* security class of this object */
--
1.7.9.5
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/