Linux-Security-Module Archive on
 help / color / Atom feed
* [PATCH] LSM: SafeSetID: Stop releasing uninitialized ruleset
@ 2019-09-16 15:29 mortonm
  0 siblings, 0 replies; only message in thread
From: mortonm @ 2019-09-16 15:29 UTC (permalink / raw)
  To: linux-security-module; +Cc: Micah Morton, Jann Horn

From: Micah Morton <>

The first time a rule set is configured for SafeSetID, we shouldn't be
trying to release the previously configured ruleset, since there isn't
one. Currently, the pointer that would point to a previously configured
ruleset is uninitialized on first rule set configuration, leading to a
crash when we try to call release_ruleset with that pointer.

Acked-by: Jann Horn <>
Signed-off-by: Micah Morton <>
 security/safesetid/securityfs.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/security/safesetid/securityfs.c b/security/safesetid/securityfs.c
index d568e17dd773..74a13d432ed8 100644
--- a/security/safesetid/securityfs.c
+++ b/security/safesetid/securityfs.c
@@ -187,7 +187,8 @@ static ssize_t handle_policy_update(struct file *file,
-	release_ruleset(pol);
+	if (pol)
+                release_ruleset(pol);
 	return err;

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, back to index

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-09-16 15:29 [PATCH] LSM: SafeSetID: Stop releasing uninitialized ruleset mortonm

Linux-Security-Module Archive on

Archives are clonable:
	git clone --mirror linux-security-module/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-security-module linux-security-module/ \
	public-inbox-index linux-security-module

Example config snippet for mirrors

Newsgroup available over NNTP:

AGPL code for this site: git clone