From: James Morris <jmorris@namei.org>
To: Casey Schaufler <casey@schaufler-ca.com>
Cc: John Johansen <john.johansen@canonical.com>,
linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org, serge@hallyn.com
Subject: Re: WARNING in apparmor_cred_free
Date: Thu, 17 Jan 2019 08:14:45 +1100 (AEDT) [thread overview]
Message-ID: <alpine.LRH.2.21.1901170814170.7422@namei.org> (raw)
In-Reply-To: <99cd1f6b-682e-7d1f-35ad-b9092d46323f@schaufler-ca.com>
On Fri, 11 Jan 2019, Casey Schaufler wrote:
> >From 47134986133c822e1d88860fa2b108f92c97a7ff Mon Sep 17 00:00:00 2001
> From: Casey Schaufler <casey@schaufler-ca.com>
> Date: Fri, 11 Jan 2019 17:31:50 -0800
> Subject: [PATCH 1/2] LSM: Check for NULL cred-security on free
>
> Check that the cred security blob has been set before trying
> to clean it up. There is a case during credential initialization
> that could result in this.
>
> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
JJ: does this fix the problem?
> ---
> security/security.c | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/security/security.c b/security/security.c
> index a618e22df5c6..7bffc86d4e87 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -1477,6 +1477,13 @@ int security_cred_alloc_blank(struct cred *cred, gfp_t gfp)
>
> void security_cred_free(struct cred *cred)
> {
> + /*
> + * There is a failure case in prepare_creds() that
> + * may result in a call here with ->security being NULL.
> + */
> + if (unlikely(cred->security == NULL))
> + return;
> +
> call_void_hook(cred_free, cred);
>
> kfree(cred->security);
>
--
James Morris
<jmorris@namei.org>
next prev parent reply other threads:[~2019-01-16 21:14 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-11 9:43 WARNING in apparmor_cred_free syzbot
2019-01-11 22:11 ` Casey Schaufler
2019-01-11 22:30 ` John Johansen
2019-01-11 22:43 ` Casey Schaufler
2019-01-11 23:20 ` Casey Schaufler
2019-01-12 1:46 ` Casey Schaufler
2019-01-14 11:12 ` Dmitry Vyukov
2019-01-16 21:14 ` James Morris [this message]
2019-01-16 22:36 ` John Johansen
2019-01-16 23:44 ` James Morris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.LRH.2.21.1901170814170.7422@namei.org \
--to=jmorris@namei.org \
--cc=casey@schaufler-ca.com \
--cc=john.johansen@canonical.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=serge@hallyn.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).