Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753004AbaDYSX0 (ORCPT ); Fri, 25 Apr 2014 14:23:26 -0400 Received: from mx1.redhat.com ([209.132.183.28]:9469 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752723AbaDYSXX (ORCPT ); Fri, 25 Apr 2014 14:23:23 -0400 Date: Fri, 25 Apr 2014 20:23:10 +0200 From: Oleg Nesterov To: Dmitry Kasatkin , "Eric W. Biederman" Cc: linux-security-module , john.johansen@canonical.com, Mimi Zohar , James Morris , viro@ZenIV.linux.org.uk, Linux Kernel Mailing List , kernel-team@lists.ubuntu.com Subject: Re: Kernel panic at Ubuntu: IMA + Apparmor Message-ID: <20140425182310.GA9128@redhat.com> References: <535A5C78.1070901@samsung.com> <535A75C1.3050901@samsung.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <535A75C1.3050901@samsung.com> User-Agent: Mutt/1.5.18 (2008-05-17) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 04/25, Dmitry Kasatkin wrote: > > On 25/04/14 16:00, Dmitry Kasatkin wrote: > > Hello, > > > > I discovered a kernel panic on system running Ubuntu when IMA is enabled. > > It happens on reboot. > > > > ---------------------- > > [ 106.750100] NSPROXY is NULL: error.log (/var/log/mysql/error.log) > > [ 106.750167] BUG: unable to handle kernel NULL pointer dereference at > > 0000000000000018 > > [ 106.750221] IP: [] our_mnt+0x1a/0x30 ... > > [ 106.751149] Call Trace: > > [ 106.751172] [] ? aa_path_name+0x2ab/0x430 > > [ 106.751199] [] ? sched_clock+0x9/0x10 > > [ 106.751225] [] aa_path_perm+0x7d/0x170 > > [ 106.751250] [] ? native_sched_clock+0x15/0x80 > > [ 106.751276] [] aa_file_perm+0x33/0x40 > > [ 106.751301] [] common_file_perm+0x8e/0xb0 > > [ 106.751327] [] apparmor_file_permission+0x18/0x20 > > [ 106.751355] [] security_file_permission+0x23/0xa0 > > [ 106.751382] [] rw_verify_area+0x52/0xe0 > > [ 106.751407] [] vfs_read+0x6d/0x170 > > [ 106.751432] [] kernel_read+0x41/0x60 > > [ 106.751457] [] ima_calc_file_hash+0x225/0x280 > > [ 106.751483] [] ? ima_calc_file_hash+0x32/0x280 > > [ 106.751509] [] ima_collect_measurement+0x9d/0x160 > > [ 106.751536] [] ? trace_hardirqs_on+0xd/0x10 > > [ 106.751562] [] ? ima_file_free+0x6c/0xd0 > > [ 106.751587] [] ima_update_xattr+0x34/0x60 > > [ 106.751612] [] ima_file_free+0xc0/0xd0 > > [ 106.751637] [] __fput+0xd5/0x300 fantastic ;) > > [ 106.751662] [] ____fput+0xe/0x10 > > [ 106.751687] [] task_work_run+0xc4/0xe0 > > [ 106.751712] [] do_exit+0x2bd/0xa90 > > [ 106.751738] [] ? retint_swapgs+0x13/0x1b > > [ 106.751763] [] do_group_exit+0x4c/0xc0 ... > It seems the problem is the order of functions in do_exit > > do_exit() > { > ... > exit_task_namespaces(tsk); > exit_task_work(tsk); Yes. Eric, this makes me think again that we should do exit_task_namespaces() after exit_task_work(). We already discussed this before, but this looks like another indication this change makes sense. The problem with fput() from free_nsproxy() was hopefully also fixed by e7b2c4069252. The main motivation for "move" was "outside of exit_notify". Even if we fix the paths above task_work_add() can have another user which wants ->nsproxy. What do you think? Oleg. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/