Re: [PATCH] Selinux/hooks.c: Fix a NULL pointer dereference caused by semop()

[Ethan Zhao]

Davidlohrï

    I read your commit 53dad6d3a8e5ac1af8bacc6ac2134ae1a8b085f1,
    ipc: fix race with LSMs

    The issue we hit without the above patch, the race may happen  when
process call semctl with IPC_RMID just as  Manfred Spraul mentioned:

Thread A:
   IPC_RMID
   -> freeary()
       ->wake_up_sem_queue_do()
                                                                   Thread B:
       ->security_sem_free()                           semtimedop()

->ipcperms()
       ->ipc_rcu_putref()

   If this is the only race, the bug should be fixed with your patch applied
  (not verified yet on my case).


Thanks,
Ethan



On Fri, Jan 23, 2015 at 11:30 AM, Davidlohr Bueso <dave@xxxxxxxxxxxx> wrote:
> On Fri, 2015-01-23 at 10:19 +0800, ethan zhao wrote:
>> >   If not, what kernel
>> > version were you running when you triggered the bug?
>>   To be honest, a kernel from distro, but not released, but before we
>> get it clear, we wouldn't public more.
>
> Sheesh, could Oracle be any more (ridiculously) secretive about what the
> hell kernel(s) they run... it's like pulling teeth. *sigh*
>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/