Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp1296611imu; Wed, 16 Jan 2019 16:38:44 -0800 (PST) X-Google-Smtp-Source: ALg8bN4b8ngb49cr4X+3AqxXkqpOXlYvYg8/hhOmeCcOY5fj9fkFcCT/dZzkR/N+Op3gmt7oIs31 X-Received: by 2002:a63:6442:: with SMTP id y63mr11415861pgb.450.1547685524451; Wed, 16 Jan 2019 16:38:44 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1547685524; cv=none; d=google.com; s=arc-20160816; b=j5HkMrghQOW+dnNSf5J2BMuCYD8C2cw2vobrVhd64JZE6lvkmW/zV3u81XlqvWGcF1 sjE+8WpAVdm33Wp20o4FQDKbT21WcJRAbshDTo3qY4ty9Y43P5wtZgPhqMxwsCRBGNvM cp6b0ETgL69qq2bJRTlaImI1wDx5cJVGyfN6tmNP+IQeuQ3lkcLWZSZaLx+yzMBUh1Vx kppCpekINZMfgFvJKvSaUl2dL4/lgMm46M3D/tK9RNCG5CEzBBBPq4l7bG1/RUfaQZTc 39rmob2aUTn2aOwQYl1U1vuNQ6R84+h4pSVRfEl6iOAg7cW7wBVPnmV5K0cqnIT9K2hm 7NUA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date; bh=84dKGgvCj3ngckkwaQuNFnTjhXDVrySvvzmI2WuCR5w=; b=FRyIV7mc2oJ+Dbejkp2c/SgexURPjblSNW9bqx5Z38/XBao020bE5p+3jBBA5Y/lKs XqkdIRWyavNoAvHDSIt3DWBFCtWy2lbw1RB0pTpIG1xHnZoZ2IbjtaarmV5yGLmvsoK9 qYlNr2WIeftHekSR9GAFa82Hs1ZxztVogb3wU4gZ4uMDchekdf9dyHr2VLai6nk4AgbB Ax26IOhw1TpOKTutpgz20UjpaXsH6twdtSuaBGycbNN6Ss5wl+quKx5vyzmOw0wcdckv 80XfauF+lmpxAP++G6EsRM33UbgMhp0SFJnbmXo8SA+NT0pQ97W32icU2EYpbhwOZqTR AuFA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u24si7910913pgj.489.2019.01.16.16.38.25; Wed, 16 Jan 2019 16:38:44 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728207AbfAPVOx (ORCPT + 99 others); Wed, 16 Jan 2019 16:14:53 -0500 Received: from namei.org ([65.99.196.166]:56382 "EHLO namei.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726924AbfAPVOx (ORCPT ); Wed, 16 Jan 2019 16:14:53 -0500 Received: from localhost (localhost [127.0.0.1]) by namei.org (8.14.4/8.14.4) with ESMTP id x0GLEjAL007529; Wed, 16 Jan 2019 21:14:45 GMT Date: Thu, 17 Jan 2019 08:14:45 +1100 (AEDT) From: James Morris To: Casey Schaufler cc: John Johansen , linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, serge@hallyn.com Subject: Re: WARNING in apparmor_cred_free In-Reply-To: <99cd1f6b-682e-7d1f-35ad-b9092d46323f@schaufler-ca.com> Message-ID: References: <0000000000007f604f057f2b8509@google.com> <6213e783-4377-489d-cdfb-1a83f4497076@schaufler-ca.com> <2ccf6281-3f4b-a94a-ed71-31905e583fa6@schaufler-ca.com> <234c868b-4521-0707-a135-d8c24bc179bd@schaufler-ca.com> <99cd1f6b-682e-7d1f-35ad-b9092d46323f@schaufler-ca.com> User-Agent: Alpine 2.21 (LRH 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, 11 Jan 2019, Casey Schaufler wrote: > >From 47134986133c822e1d88860fa2b108f92c97a7ff Mon Sep 17 00:00:00 2001 > From: Casey Schaufler > Date: Fri, 11 Jan 2019 17:31:50 -0800 > Subject: [PATCH 1/2] LSM: Check for NULL cred-security on free > > Check that the cred security blob has been set before trying > to clean it up. There is a case during credential initialization > that could result in this. > > Signed-off-by: Casey Schaufler JJ: does this fix the problem? > --- > security/security.c | 7 +++++++ > 1 file changed, 7 insertions(+) > > diff --git a/security/security.c b/security/security.c > index a618e22df5c6..7bffc86d4e87 100644 > --- a/security/security.c > +++ b/security/security.c > @@ -1477,6 +1477,13 @@ int security_cred_alloc_blank(struct cred *cred, gfp_t gfp) > > void security_cred_free(struct cred *cred) > { > + /* > + * There is a failure case in prepare_creds() that > + * may result in a call here with ->security being NULL. > + */ > + if (unlikely(cred->security == NULL)) > + return; > + > call_void_hook(cred_free, cred); > > kfree(cred->security); > -- James Morris