* [PATCH 1/1] sel_avc_get_stat_idx should increase position index
@ 2020-01-24 6:32 Vasily Averin
2020-01-31 12:55 ` Paul Moore
0 siblings, 1 reply; 5+ messages in thread
From: Vasily Averin @ 2020-01-24 6:32 UTC (permalink / raw)
To: selinux; +Cc: Paul Moore, Stephen Smalley, Eric Paris
if seq_file .next fuction does not change position index,
read after some lseek can generate unexpected output.
https://bugzilla.kernel.org/show_bug.cgi?id=206283
Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
---
security/selinux/selinuxfs.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index ee94fa4..ad5530e 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -1504,6 +1504,7 @@ static struct avc_cache_stats *sel_avc_get_stat_idx(loff_t *idx)
*idx = cpu + 1;
return &per_cpu(avc_cache_stats, cpu);
}
+ (*idx)++;
return NULL;
}
--
1.8.3.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH 1/1] sel_avc_get_stat_idx should increase position index
2020-01-24 6:32 [PATCH 1/1] sel_avc_get_stat_idx should increase position index Vasily Averin
@ 2020-01-31 12:55 ` Paul Moore
2020-02-01 7:47 ` [PATCH v2] selinux: " Vasily Averin
0 siblings, 1 reply; 5+ messages in thread
From: Paul Moore @ 2020-01-31 12:55 UTC (permalink / raw)
To: Vasily Averin; +Cc: selinux, Stephen Smalley, Eric Paris
On Fri, Jan 24, 2020 at 1:33 AM Vasily Averin <vvs@virtuozzo.com> wrote:
>
> if seq_file .next fuction does not change position index,
> read after some lseek can generate unexpected output.
>
> https://bugzilla.kernel.org/show_bug.cgi?id=206283
> Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
> ---
> security/selinux/selinuxfs.c | 1 +
> 1 file changed, 1 insertion(+)
It would be very nice if you could update this patch similar to what
you did for the keys subsystem (archive link below). You included
most of that information in your cover letter, but unfortunately cover
letters don't make their way into the git log, only the individual
commit descriptions.
https://lore.kernel.org/linux-security-module/af9dcaa7-6e4f-281a-2bae-fb605cc55d2d@virtuozzo.com
Thank you.
> diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
> index ee94fa4..ad5530e 100644
> --- a/security/selinux/selinuxfs.c
> +++ b/security/selinux/selinuxfs.c
> @@ -1504,6 +1504,7 @@ static struct avc_cache_stats *sel_avc_get_stat_idx(loff_t *idx)
> *idx = cpu + 1;
> return &per_cpu(avc_cache_stats, cpu);
> }
> + (*idx)++;
> return NULL;
> }
>
> --
> 1.8.3.1
--
paul moore
www.paul-moore.com
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH v2] selinux: sel_avc_get_stat_idx should increase position index
2020-01-31 12:55 ` Paul Moore
@ 2020-02-01 7:47 ` Vasily Averin
2020-02-05 15:56 ` Stephen Smalley
2020-02-05 23:21 ` Paul Moore
0 siblings, 2 replies; 5+ messages in thread
From: Vasily Averin @ 2020-02-01 7:47 UTC (permalink / raw)
To: selinux; +Cc: Paul Moore, Stephen Smalley, Eric Paris
If seq_file .next function does not change position index,
read after some lseek can generate unexpected output.
$ dd if=/sys/fs/selinux/avc/cache_stats # usual output
lookups hits misses allocations reclaims frees
817223 810034 7189 7189 6992 7037
1934894 1926896 7998 7998 7632 7683
1322812 1317176 5636 5636 5456 5507
1560571 1551548 9023 9023 9056 9115
0+1 records in
0+1 records out
189 bytes copied, 5,1564e-05 s, 3,7 MB/s
$# read after lseek to midle of last line
$ dd if=/sys/fs/selinux/avc/cache_stats bs=180 skip=1
dd: /sys/fs/selinux/avc/cache_stats: cannot skip to specified offset
056 9115 <<<< end of last line
1560571 1551548 9023 9023 9056 9115 <<< whole last line once again
0+1 records in
0+1 records out
45 bytes copied, 8,7221e-05 s, 516 kB/s
$# read after lseek beyond end of of file
$ dd if=/sys/fs/selinux/avc/cache_stats bs=1000 skip=1
dd: /sys/fs/selinux/avc/cache_stats: cannot skip to specified offset
1560571 1551548 9023 9023 9056 9115 <<<< generates whole last line
0+1 records in
0+1 records out
36 bytes copied, 9,0934e-05 s, 396 kB/s
https://bugzilla.kernel.org/show_bug.cgi?id=206283
Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
---
security/selinux/selinuxfs.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index ee94fa4..ad5530e 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -1504,6 +1504,7 @@ static struct avc_cache_stats *sel_avc_get_stat_idx(loff_t *idx)
*idx = cpu + 1;
return &per_cpu(avc_cache_stats, cpu);
}
+ (*idx)++;
return NULL;
}
--
1.8.3.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH v2] selinux: sel_avc_get_stat_idx should increase position index
2020-02-01 7:47 ` [PATCH v2] selinux: " Vasily Averin
@ 2020-02-05 15:56 ` Stephen Smalley
2020-02-05 23:21 ` Paul Moore
1 sibling, 0 replies; 5+ messages in thread
From: Stephen Smalley @ 2020-02-05 15:56 UTC (permalink / raw)
To: Vasily Averin, selinux; +Cc: Paul Moore, Eric Paris
On 2/1/20 2:47 AM, Vasily Averin wrote:
> If seq_file .next function does not change position index,
> read after some lseek can generate unexpected output.
>
> $ dd if=/sys/fs/selinux/avc/cache_stats # usual output
> lookups hits misses allocations reclaims frees
> 817223 810034 7189 7189 6992 7037
> 1934894 1926896 7998 7998 7632 7683
> 1322812 1317176 5636 5636 5456 5507
> 1560571 1551548 9023 9023 9056 9115
> 0+1 records in
> 0+1 records out
> 189 bytes copied, 5,1564e-05 s, 3,7 MB/s
>
> $# read after lseek to midle of last line
> $ dd if=/sys/fs/selinux/avc/cache_stats bs=180 skip=1
> dd: /sys/fs/selinux/avc/cache_stats: cannot skip to specified offset
> 056 9115 <<<< end of last line
> 1560571 1551548 9023 9023 9056 9115 <<< whole last line once again
> 0+1 records in
> 0+1 records out
> 45 bytes copied, 8,7221e-05 s, 516 kB/s
>
> $# read after lseek beyond end of of file
> $ dd if=/sys/fs/selinux/avc/cache_stats bs=1000 skip=1
> dd: /sys/fs/selinux/avc/cache_stats: cannot skip to specified offset
> 1560571 1551548 9023 9023 9056 9115 <<<< generates whole last line
> 0+1 records in
> 0+1 records out
> 36 bytes copied, 9,0934e-05 s, 396 kB/s
>
> https://bugzilla.kernel.org/show_bug.cgi?id=206283
> Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
> ---
> security/selinux/selinuxfs.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
> index ee94fa4..ad5530e 100644
> --- a/security/selinux/selinuxfs.c
> +++ b/security/selinux/selinuxfs.c
> @@ -1504,6 +1504,7 @@ static struct avc_cache_stats *sel_avc_get_stat_idx(loff_t *idx)
> *idx = cpu + 1;
> return &per_cpu(avc_cache_stats, cpu);
> }
> + (*idx)++;
> return NULL;
> }
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH v2] selinux: sel_avc_get_stat_idx should increase position index
2020-02-01 7:47 ` [PATCH v2] selinux: " Vasily Averin
2020-02-05 15:56 ` Stephen Smalley
@ 2020-02-05 23:21 ` Paul Moore
1 sibling, 0 replies; 5+ messages in thread
From: Paul Moore @ 2020-02-05 23:21 UTC (permalink / raw)
To: Vasily Averin; +Cc: selinux, Stephen Smalley, Eric Paris
On Sat, Feb 1, 2020 at 2:49 AM Vasily Averin <vvs@virtuozzo.com> wrote:
>
> If seq_file .next function does not change position index,
> read after some lseek can generate unexpected output.
>
> $ dd if=/sys/fs/selinux/avc/cache_stats # usual output
> lookups hits misses allocations reclaims frees
> 817223 810034 7189 7189 6992 7037
> 1934894 1926896 7998 7998 7632 7683
> 1322812 1317176 5636 5636 5456 5507
> 1560571 1551548 9023 9023 9056 9115
> 0+1 records in
> 0+1 records out
> 189 bytes copied, 5,1564e-05 s, 3,7 MB/s
>
> $# read after lseek to midle of last line
> $ dd if=/sys/fs/selinux/avc/cache_stats bs=180 skip=1
> dd: /sys/fs/selinux/avc/cache_stats: cannot skip to specified offset
> 056 9115 <<<< end of last line
> 1560571 1551548 9023 9023 9056 9115 <<< whole last line once again
> 0+1 records in
> 0+1 records out
> 45 bytes copied, 8,7221e-05 s, 516 kB/s
>
> $# read after lseek beyond end of of file
> $ dd if=/sys/fs/selinux/avc/cache_stats bs=1000 skip=1
> dd: /sys/fs/selinux/avc/cache_stats: cannot skip to specified offset
> 1560571 1551548 9023 9023 9056 9115 <<<< generates whole last line
> 0+1 records in
> 0+1 records out
> 36 bytes copied, 9,0934e-05 s, 396 kB/s
>
> https://bugzilla.kernel.org/show_bug.cgi?id=206283
> Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
> ---
> security/selinux/selinuxfs.c | 1 +
> 1 file changed, 1 insertion(+)
This is better, thank you. I've queued this up for selinux/next,
you'll see it in the repo once the merge window closes.
> diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
> index ee94fa4..ad5530e 100644
> --- a/security/selinux/selinuxfs.c
> +++ b/security/selinux/selinuxfs.c
> @@ -1504,6 +1504,7 @@ static struct avc_cache_stats *sel_avc_get_stat_idx(loff_t *idx)
> *idx = cpu + 1;
> return &per_cpu(avc_cache_stats, cpu);
> }
> + (*idx)++;
> return NULL;
> }
>
> --
> 1.8.3.1
>
--
paul moore
www.paul-moore.com
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2020-02-05 23:21 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-01-24 6:32 [PATCH 1/1] sel_avc_get_stat_idx should increase position index Vasily Averin
2020-01-31 12:55 ` Paul Moore
2020-02-01 7:47 ` [PATCH v2] selinux: " Vasily Averin
2020-02-05 15:56 ` Stephen Smalley
2020-02-05 23:21 ` Paul Moore
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.