Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751053AbbEGFyI (ORCPT ); Thu, 7 May 2015 01:54:08 -0400 Received: from mailout1.samsung.com ([203.254.224.24]:15194 "EHLO mailout1.samsung.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751135AbbEGFyE (ORCPT ); Thu, 7 May 2015 01:54:04 -0400 X-AuditID: cbfee68d-f79106d00000728c-79-554afdf082e8 Date: Thu, 07 May 2015 05:53:52 +0000 (GMT) From: Maninder Singh Subject: [EDT][Patch 1/1] socket family check in netlabel APIs To: Paul Moore , Maninder Singh Cc: "davem@davemloft.net" , "netdev@vger.kernel.org" , "linux-kernel@vger.kernel.org" , Vaneet Narang , AJEET YADAV Reply-to: maninder1.s@samsung.com MIME-version: 1.0 X-MTR: 20150507053944333@maninder1.s Msgkey: 20150507053944333@maninder1.s X-EPLocale: en_US.windows-1252 X-Priority: 3 X-EPWebmail-Msg-Type: personal X-EPWebmail-Reply-Demand: 0 X-EPApproval-Locale: X-EPHeader: ML X-MLAttribute: X-RootMTR: 20150507053944333@maninder1.s X-ParentMTR: X-ArchiveUser: X-CPGSPASS: N X-ConfirmMail: N,general Content-type: text/plain; charset=windows-1252 MIME-version: 1.0 Message-id: <612771736.621921430978030389.JavaMail.weblogic@epmlwas01d> X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrGIsWRmVeSWpSXmKPExsWyRsSkSvfDX69Qg29tXBaXd81hc2D0+LxJ LoAxissmJTUnsyy1SN8ugSvj3qN3TAVTlCvm/T3C3sA4R6mLkZNDSEBNYtHex2wgtoSAicSC 2euYIGwxiQv31gPFuYBqljJKPFu2lxGmaN2Cf1CJOYwS57/OZQdJsAioSBxo+wI2iU1AX+Ls 3nXMILawgJ3E4mUTwWpEBEIk5q5+zQzSzCzwjVFi+67t7BBnKEqsv/EEbAOvgKDEyZlPWCC2 qUj8/vKLFSKuKrH7+QpmiLicxJKpl6FO5ZWY0f6UBSY+7esaqBppifOzNjDCvLP4+2OoOL/E sds7oHoFJKaeOQhUwwFka0r8+qEPEeaTWLPwLQtM+a5Ty5lhVt3fMheqVUJia8sTsNOYgc6f 0v2QHcI2kDiyaA4ruld4Bdwljj1+ygryu4TARA6JFfsnM01gVJqFpG4WklmzkMxCVrOAkWUV o2hqQXJBcVJ6kaFecWJucWleul5yfu4mRmByOP3vWe8OxtsHrA8xCnAwKvHwCuz0ChViTSwr rsw9xGgKjKeJzFKiyfnAFJRXEm9obGZkYWpiamxkbmmmJM6rKPUzWEggPbEkNTs1tSC1KL6o NCe1+BAjEwenVANjT+WO1Tnf9i1nVziU1zaHXTan89zK98cOmT56fCQo4p4R7waNDd9F7DZJ Hju7/s4xHvYTiTdSehrf7Lw5cduqTynhSx99+/Fo0y2Xu//cZKbv8t5W99Laiutvu+/mjTXW 4rPsFqgb+Xz8VCRvvOlkfvQn7Ruha2UWS696M98gWr1Gb+JeZoVQcSWW4oxEQy3mouJEAHwD 4SUJAwAA X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrOKsWRmVeSWpSXmKPExsVy+t/tXt0Pf71CDW7+Y7K4vGsOmwOjx+dN cgGMUWk2GamJKalFCql5yfkpmXnptkrewfHO8aZmBoa6hpYW5koKeYm5qbZKLj4Bum6ZOUBD lRTKEnNKgUIBicXFSvp2NkX5pSWpChn5xSW2StGG5kZ6RgZ6pkZ6hqaxVoYGBkamQDUJaRn3 Hr1jKpiiXDHv7xH2BsY5Sl2MnBxCAmoSi/Y+ZgOxJQRMJNYt+Adli0lcuLceyOYCqpnDKHH+ 61x2kASLgIrEgbYvYEVsAvoSZ/euYwaxhQXsJBYvmwhWIyIQIjF39WtmkGZmgW+MEtt3bWeH 2KYosf7GE0YQm1dAUOLkzCcsENtUJH5/+cUKEVeV2P18BTNEXE5iydTLTBA2r8SM9qcsMPFp X9dA1UhLnJ+1gRHm6sXfH0PF+SWO3d4B1SsgMfXMQaAaDiBbU+LXD32IMJ/EmoVvWWDKd51a zgyz6v6WuVCtEhJbW56AncYMdP6U7ofsELaBxJFFc1jRvcIr4C5x7PFT1gmMsrOQpGYhaZ+F pB1ZzQJGllWMoqkFyQXFSekVRnrFibnFpXnpesn5uZsYwYno2aIdjP/OWx9iFOBgVOLhFdjp FSrEmlhWXJl7iFGCg1lJhHfuD6AQb0piZVVqUX58UWlOavEhRlNgrE1klhJNzgcmybySeENj E3NTY1MLA0NzczMlcd7/53JDhATSE0tSs1NTC1KLYPqYODilGhi5GFakVgbNjvrcx3NDV/hd 9udtQuYFtzO7mZc/3vJlutiujzonrgvMqyl9u/djttbloEKhSd0f/fP36J5/5jJH9cMa060B l7g615m/druvePLgd7/H7+9xF93PDdX4mZf7iE9F8uo+j59dNayz3a8xMyZvPfT4TMnWlHm7 Kx5+vH/auiToeISlEktxRqKhFnNRcSIAHuI7oloDAAA= DLP-Filter: Pass X-CFilter-Loop: Reflected Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by nfs id t475sGKp017787 Content-Length: 3352 Lines: 93 EP-E68D5E24548545C9BBB607A98ADD61E6 Hi Paul, >On Monday, March 30, 2015 11:09:00 AM Maninder Singh wrote: >> Dear All, >> we found One Kernel Crash issue in cipso_v4_sock_delattr :- >> As Cipso supports only inet sockets so cipso_v4_sock_delattr will crash when >> try to access any other socket type. cipso_v4_sock_delattr access >> sk_inet->inet_opt which may contain not NULL but invalid address. we found >> this issue with netlink socket.(reproducible by trinity using sendto system >> call .) >Hello, >First, please go read the Documentation/SubmittingPatches from the kernel >sources; your patch needs to be resubmitted and the instructions in that file >will show you how to do it correctly next time. >Second, this appears to only affect Smack based systems, yes? SELinux based >systems should have the proper checking in place to prevent this (the checks >are handled in the LSM). That said, it probably wouldn't hurt to add the >extra checking to netlbl_sock_delattr(). If you properly resubmit your patch >I'll ACK it. >-Paul >-- >paul moore >www.paul-moore.com As suggested resubmitting the patch . Subject : socket family check in netlabel APIs Adding check for socket family in netlbl_sock_delattr and netlbl_req_delattr as check present in netlbl_sock_setattr and netlbl_req_setattr respectively. as we faced crash in cipso_v4_sock_delattr due to other socket type. Crash Logs : [0-182.2400] [] (cipso_v4_sock_delattr+0x0/0x74) from [] (netlbl_sock_delattr+0x18/0x1c) [0-182.2497] r4:00000000 r3:c07872f8 [0-182.2531] [] (netlbl_sock_delattr+0x0/0x1c) from [] (smack_netlabel+0x88/0x9c) [0-182.2622] [] (smack_netlabel+0x0/0x9c) from [] (smack_netlabel_send+0x12c/0x144) [0-182.2714] r7 9ce9500 r6 7b67ef4 r5:c076f408 r4 8903dc0 [0-182.2770] [] (smack_netlabel_send+0x0/0x144) from [] (smack_socket_sendmsg+0x54/0x60) [0-182.2866] [] (smack_socket_sendmsg+0x0/0x60) from [] (security_socket_sendmsg+0x28/0x2c) [0-182.2966] [] (security_socket_sendmsg+0x0/0x2c) from [] (sock_sendmsg+0x68/0xc0) [0-182.3058] [] (sock_sendmsg+0x0/0xc0) from [] (SyS_sendto+0xd8/0x110) Signed-off-by: Vaneet Narang Signed-off-by: Maninder Singh Reviewed-by : Ajeet Yadav --- net/netlabel/netlabel_kapi.c | 16 ++++++++++++++-- 1 files changed, 14 insertions(+), 2 deletions(-) diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c index 28cddc8..606a5ce 100644 --- a/net/netlabel/netlabel_kapi.c +++ b/net/netlabel/netlabel_kapi.c @@ -824,7 +824,13 @@ socket_setattr_return: */ void netlbl_sock_delattr(struct sock *sk) { - cipso_v4_sock_delattr(sk); + switch (sk->sk_family) { + case AF_INET: + cipso_v4_sock_delattr(sk); + break; + default: + } + return; } /** @@ -987,7 +993,13 @@ req_setattr_return: */ void netlbl_req_delattr(struct request_sock *req) { - cipso_v4_req_delattr(req); + switch (req->rsk_ops->family) { + case AF_INET: + cipso_v4_req_delattr(req); + break; + default: + } + return; } /** -- 1.7.1????{.n?+???????+%?????ݶ??w??{.n?+????{??G?????{ay?ʇڙ?,j??f???h?????????z_??(?階?ݢj"???m??????G????????????&???~???iO???z??v?^?m???? ????????I?