From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753540AbaAIW2X (ORCPT ); Thu, 9 Jan 2014 17:28:23 -0500 Received: from zeniv.linux.org.uk ([195.92.253.2]:39647 "EHLO ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751330AbaAIW2N (ORCPT ); Thu, 9 Jan 2014 17:28:13 -0500 Date: Thu, 9 Jan 2014 22:28:10 +0000 From: Al Viro To: Eric Paris Cc: Steven Rostedt , LKML , Stephen Smalley , James Morris , Paul Moore , Andrew Morton , "Paul E. McKenney" , stable , selinux@tycho.nsa.gov, linux-security-module@vger.kernel.org Subject: Re: [PATCH] SELinux: Fix possible NULL pointer dereference in selinux_inode_permission() Message-ID: <20140109222809.GL10323@ZenIV.linux.org.uk> References: <20140109101932.0508dec7@gandalf.local.home> <20140109105114.5c409fef@gandalf.local.home> <1389283030.15209.56.camel@localhost> <1389283545.15209.59.camel@localhost> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1389283545.15209.59.camel@localhost> User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Jan 09, 2014 at 11:05:45AM -0500, Eric Paris wrote: > [adding lsm and selinux] > > Am I just crazy, or was this bug discussed (and obviously not fixed) > some time ago? > > VFS can still use inodes after security_inode_free_security() was > called... Unrelated bug. > > Assuming the VFS guys say that delaying __destroy_inode() is safe like > > that, I like it better. It also means that this is fixed for all LSMs, > > not just SELinux... Recall what your own code called from __destroy_inode() (fsnotify horrors) is doing - you can't grab a mutex from RCU callback... From mboxrd@z Thu Jan 1 00:00:00 1970 Date: Thu, 9 Jan 2014 22:28:10 +0000 From: Al Viro To: Eric Paris Subject: Re: [PATCH] SELinux: Fix possible NULL pointer dereference in selinux_inode_permission() Message-ID: <20140109222809.GL10323@ZenIV.linux.org.uk> References: <20140109101932.0508dec7@gandalf.local.home> <20140109105114.5c409fef@gandalf.local.home> <1389283030.15209.56.camel@localhost> <1389283545.15209.59.camel@localhost> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii In-Reply-To: <1389283545.15209.59.camel@localhost> Sender: Al Viro Cc: LKML , Steven Rostedt , linux-security-module@vger.kernel.org, stable , James Morris , Andrew Morton , "Paul E. McKenney" , Stephen Smalley , selinux@tycho.nsa.gov List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: On Thu, Jan 09, 2014 at 11:05:45AM -0500, Eric Paris wrote: > [adding lsm and selinux] > > Am I just crazy, or was this bug discussed (and obviously not fixed) > some time ago? > > VFS can still use inodes after security_inode_free_security() was > called... Unrelated bug. > > Assuming the VFS guys say that delaying __destroy_inode() is safe like > > that, I like it better. It also means that this is fixed for all LSMs, > > not just SELinux... Recall what your own code called from __destroy_inode() (fsnotify horrors) is doing - you can't grab a mutex from RCU callback...