On Thu, Aug 9, 2012 at 10:27 AM, Eric Dumazet wrote:
> On Thu, 2012-08-09 at 09:30 -0400, Paul Moore wrote:
>
>> In the case of a TCP syn-recv and timewait ACK things are a little less
>> clear.
>> Eric (Dumazet), it looks like we have a socket in tcp_v4_reqsk_send_ack() and
>>
On Thu, 2012-08-09 at 09:30 -0400, Paul Moore wrote:
> In the case of a TCP syn-recv and timewait ACK things are a little less
> clear.
> Eric (Dumazet), it looks like we have a socket in tcp_v4_reqsk_send_ack() and
> tcp_v4_timewait_ack(), any reason why we can't propagate the socket down to
On Wednesday, August 08, 2012 05:00:26 PM Casey Schaufler wrote:
> On 8/8/2012 2:54 PM, Eric Dumazet wrote:
>
> By the way, once this proved to be an issue that involved
> more than just SELinux it needed to go onto the LSM list as
> well.
Yes, you're right.
> > On Wed, 2012-08-08 at 16:46
On Wednesday, August 08, 2012 05:00:26 PM Casey Schaufler wrote:
On 8/8/2012 2:54 PM, Eric Dumazet wrote:
By the way, once this proved to be an issue that involved
more than just SELinux it needed to go onto the LSM list as
well.
Yes, you're right.
On Wed, 2012-08-08 at 16:46 -0400, Paul
On Thu, 2012-08-09 at 09:30 -0400, Paul Moore wrote:
In the case of a TCP syn-recv and timewait ACK things are a little less
clear.
Eric (Dumazet), it looks like we have a socket in tcp_v4_reqsk_send_ack() and
tcp_v4_timewait_ack(), any reason why we can't propagate the socket down to
On Thu, Aug 9, 2012 at 10:27 AM, Eric Dumazet eric.duma...@gmail.com wrote:
On Thu, 2012-08-09 at 09:30 -0400, Paul Moore wrote:
In the case of a TCP syn-recv and timewait ACK things are a little less
clear.
Eric (Dumazet), it looks like we have a socket in tcp_v4_reqsk_send_ack() and
On 8/8/2012 2:54 PM, Eric Dumazet wrote:
By the way, once this proved to be an issue that involved
more than just SELinux it needed to go onto the LSM list as
well.
> On Wed, 2012-08-08 at 16:46 -0400, Paul Moore wrote:
>> On Wednesday, August 08, 2012 10:32:52 PM Eric Dumazet wrote:
>>> On Wed,
On Wed, 2012-08-08 at 16:46 -0400, Paul Moore wrote:
> On Wednesday, August 08, 2012 10:32:52 PM Eric Dumazet wrote:
> > On Wed, 2012-08-08 at 22:09 +0200, Eric Dumazet wrote:
> > > On Wed, 2012-08-08 at 15:59 -0400, Eric Paris wrote:
> > > > Seems wrong. We shouldn't ever need ifdef
On Wed, Aug 8, 2012 at 5:03 PM, Paul Moore wrote:
> On Wednesday, August 08, 2012 04:51:56 PM Eric Paris wrote:
>> Could we add a __init function which does the security_sk_alloc() in
>> the same file where we declared them?
>
> Is it safe to call security_sk_alloc() from inside another __init
On Wednesday, August 08, 2012 04:51:56 PM Eric Paris wrote:
> On Wed, Aug 8, 2012 at 4:35 PM, Paul Moore wrote:
> > On Wednesday, August 08, 2012 10:09:38 PM Eric Dumazet wrote:
> >
> > Actually, the issue is that the shared socket doesn't have an init/alloc
> > function to do the LSM allocation
On Wed, Aug 8, 2012 at 4:35 PM, Paul Moore wrote:
> On Wednesday, August 08, 2012 10:09:38 PM Eric Dumazet wrote:
> Actually, the issue is that the shared socket doesn't have an init/alloc
> function to do the LSM allocation like we do with other sockets so Eric's
> patch does it as part of
On Wednesday, August 08, 2012 10:32:52 PM Eric Dumazet wrote:
> On Wed, 2012-08-08 at 22:09 +0200, Eric Dumazet wrote:
> > On Wed, 2012-08-08 at 15:59 -0400, Eric Paris wrote:
> > > Seems wrong. We shouldn't ever need ifdef CONFIG_SECURITY in core
> > > code.
> >
> > Sure but it seems include
On Wednesday, August 08, 2012 10:09:38 PM Eric Dumazet wrote:
> On Wed, 2012-08-08 at 15:59 -0400, Eric Paris wrote:
> > Seems wrong. We shouldn't ever need ifdef CONFIG_SECURITY in core
> > code.
>
> Sure but it seems include file misses an accessor for this.
>
> We could add it on a future
On Wed, 2012-08-08 at 22:09 +0200, Eric Dumazet wrote:
> On Wed, 2012-08-08 at 15:59 -0400, Eric Paris wrote:
>
> > Seems wrong. We shouldn't ever need ifdef CONFIG_SECURITY in core
> > code.
>
> Sure but it seems include file misses an accessor for this.
>
> We could add it on a future
On Wed, 2012-08-08 at 15:59 -0400, Eric Paris wrote:
> Seems wrong. We shouldn't ever need ifdef CONFIG_SECURITY in core
> code.
Sure but it seems include file misses an accessor for this.
We could add it on a future cleanup patch, as Paul mentioned.
> Ifndef CONF_SECURITY then
On Wed, 2012-08-08 at 12:49 -0700, John Stultz wrote:
> I can't comment on the patch itself, but I tested it against Linus' HEAD
> and it seems to resolve the oops on shutdown for me.
OK, thanks !
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a
On Wed, 2012-08-08 at 15:50 -0400, Paul Moore wrote:
> Yep. I was just trying to see if there was a way we could avoid having to
> make it conditional on CONFIG_SECURITY, but I think this is a better approach
> than the alternatives.
>
> I'm also looking into making sure we get a sane LSM
On Wed, Aug 8, 2012 at 3:38 PM, Eric Dumazet wrote:
> On Wed, 2012-08-08 at 15:26 -0400, Paul Moore wrote:
> diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
> index ba39a52..027a331 100644
> --- a/net/ipv4/ip_output.c
> +++ b/net/ipv4/ip_output.c
> @@ -1524,6 +1524,10 @@ void
On Wednesday, August 08, 2012 09:38:21 PM Eric Dumazet wrote:
> On Wed, 2012-08-08 at 15:26 -0400, Paul Moore wrote:
> > On Wednesday, August 08, 2012 12:14:42 PM John Stultz wrote:
> > > So I bisected this down and it seems to be the following commit:
> > >
> > > commit
On 08/08/2012 12:38 PM, Eric Dumazet wrote:
On Wed, 2012-08-08 at 15:26 -0400, Paul Moore wrote:
It looks the like there is a bug in ip_send_unicast_reply() which uses a
inet_sock/sock struct which does not have the LSM data properly initialized.
I'll put together a patch shortly.
Something
On Wed, 2012-08-08 at 15:26 -0400, Paul Moore wrote:
> On Wednesday, August 08, 2012 12:14:42 PM John Stultz wrote:
> > So I bisected this down and it seems to be the following commit:
> >
> > commit be9f4a44e7d41cee50ddb5f038fc2391cbbb4046
> > Author: Eric Dumazet
> > Date: Thu Jul 19
On Wed, 2012-08-08 at 12:14 -0700, John Stultz wrote:
> On 08/07/2012 03:37 PM, John Stultz wrote:
> > On 08/07/2012 03:17 PM, Serge E. Hallyn wrote:
> >> Quoting Paul Moore (p...@paul-moore.com):
> >>> On Tue, Aug 7, 2012 at 5:58 PM, John Stultz
> >>> wrote:
> On 08/07/2012 02:50 PM, Paul
On Wednesday, August 08, 2012 12:14:42 PM John Stultz wrote:
> So I bisected this down and it seems to be the following commit:
>
> commit be9f4a44e7d41cee50ddb5f038fc2391cbbb4046
> Author: Eric Dumazet
> Date: Thu Jul 19 07:34:03 2012 +
>
> ipv4: tcp: remove per net tcp_sock
>
>
>
On 08/07/2012 03:37 PM, John Stultz wrote:
On 08/07/2012 03:17 PM, Serge E. Hallyn wrote:
Quoting Paul Moore (p...@paul-moore.com):
On Tue, Aug 7, 2012 at 5:58 PM, John Stultz
wrote:
On 08/07/2012 02:50 PM, Paul Moore wrote:
On Tue, Aug 7, 2012 at 2:12 PM, John Stultz
wrote:
Hi,
On 08/07/2012 03:17 PM, Serge E. Hallyn wrote:
> Quoting Paul Moore (p...@paul-moore.com):
>> On Tue, Aug 7, 2012 at 5:58 PM, John Stultz wrote:
>>> On 08/07/2012 02:50 PM, Paul Moore wrote:
On Tue, Aug 7, 2012 at 2:12 PM, John Stultz
wrote:
>
> Hi,
> With my kvm
On 08/07/2012 03:17 PM, Serge E. Hallyn wrote:
Quoting Paul Moore (p...@paul-moore.com):
On Tue, Aug 7, 2012 at 5:58 PM, John Stultz john.stu...@linaro.org wrote:
On 08/07/2012 02:50 PM, Paul Moore wrote:
On Tue, Aug 7, 2012 at 2:12 PM, John Stultz john.stu...@linaro.org
wrote:
Hi,
On 08/07/2012 03:37 PM, John Stultz wrote:
On 08/07/2012 03:17 PM, Serge E. Hallyn wrote:
Quoting Paul Moore (p...@paul-moore.com):
On Tue, Aug 7, 2012 at 5:58 PM, John Stultz john.stu...@linaro.org
wrote:
On 08/07/2012 02:50 PM, Paul Moore wrote:
On Tue, Aug 7, 2012 at 2:12 PM, John Stultz
On Wednesday, August 08, 2012 12:14:42 PM John Stultz wrote:
So I bisected this down and it seems to be the following commit:
commit be9f4a44e7d41cee50ddb5f038fc2391cbbb4046
Author: Eric Dumazet eduma...@google.com
Date: Thu Jul 19 07:34:03 2012 +
ipv4: tcp: remove per net
On Wed, 2012-08-08 at 12:14 -0700, John Stultz wrote:
On 08/07/2012 03:37 PM, John Stultz wrote:
On 08/07/2012 03:17 PM, Serge E. Hallyn wrote:
Quoting Paul Moore (p...@paul-moore.com):
On Tue, Aug 7, 2012 at 5:58 PM, John Stultz john.stu...@linaro.org
wrote:
On 08/07/2012 02:50 PM,
On Wed, 2012-08-08 at 15:26 -0400, Paul Moore wrote:
On Wednesday, August 08, 2012 12:14:42 PM John Stultz wrote:
So I bisected this down and it seems to be the following commit:
commit be9f4a44e7d41cee50ddb5f038fc2391cbbb4046
Author: Eric Dumazet eduma...@google.com
Date: Thu Jul 19
On 08/08/2012 12:38 PM, Eric Dumazet wrote:
On Wed, 2012-08-08 at 15:26 -0400, Paul Moore wrote:
It looks the like there is a bug in ip_send_unicast_reply() which uses a
inet_sock/sock struct which does not have the LSM data properly initialized.
I'll put together a patch shortly.
Something
On Wednesday, August 08, 2012 09:38:21 PM Eric Dumazet wrote:
On Wed, 2012-08-08 at 15:26 -0400, Paul Moore wrote:
On Wednesday, August 08, 2012 12:14:42 PM John Stultz wrote:
So I bisected this down and it seems to be the following commit:
commit
On Wed, Aug 8, 2012 at 3:38 PM, Eric Dumazet eric.duma...@gmail.com wrote:
On Wed, 2012-08-08 at 15:26 -0400, Paul Moore wrote:
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index ba39a52..027a331 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -1524,6 +1524,10 @@
On Wed, 2012-08-08 at 15:50 -0400, Paul Moore wrote:
Yep. I was just trying to see if there was a way we could avoid having to
make it conditional on CONFIG_SECURITY, but I think this is a better approach
than the alternatives.
I'm also looking into making sure we get a sane LSM label on
On Wed, 2012-08-08 at 12:49 -0700, John Stultz wrote:
I can't comment on the patch itself, but I tested it against Linus' HEAD
and it seems to resolve the oops on shutdown for me.
OK, thanks !
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message
On Wed, 2012-08-08 at 15:59 -0400, Eric Paris wrote:
Seems wrong. We shouldn't ever need ifdef CONFIG_SECURITY in core
code.
Sure but it seems include file misses an accessor for this.
We could add it on a future cleanup patch, as Paul mentioned.
Ifndef CONF_SECURITY then
On Wed, 2012-08-08 at 22:09 +0200, Eric Dumazet wrote:
On Wed, 2012-08-08 at 15:59 -0400, Eric Paris wrote:
Seems wrong. We shouldn't ever need ifdef CONFIG_SECURITY in core
code.
Sure but it seems include file misses an accessor for this.
We could add it on a future cleanup patch,
On Wednesday, August 08, 2012 10:09:38 PM Eric Dumazet wrote:
On Wed, 2012-08-08 at 15:59 -0400, Eric Paris wrote:
Seems wrong. We shouldn't ever need ifdef CONFIG_SECURITY in core
code.
Sure but it seems include file misses an accessor for this.
We could add it on a future cleanup
On Wednesday, August 08, 2012 10:32:52 PM Eric Dumazet wrote:
On Wed, 2012-08-08 at 22:09 +0200, Eric Dumazet wrote:
On Wed, 2012-08-08 at 15:59 -0400, Eric Paris wrote:
Seems wrong. We shouldn't ever need ifdef CONFIG_SECURITY in core
code.
Sure but it seems include file misses an
On Wed, Aug 8, 2012 at 4:35 PM, Paul Moore p...@paul-moore.com wrote:
On Wednesday, August 08, 2012 10:09:38 PM Eric Dumazet wrote:
Actually, the issue is that the shared socket doesn't have an init/alloc
function to do the LSM allocation like we do with other sockets so Eric's
patch does it
On Wednesday, August 08, 2012 04:51:56 PM Eric Paris wrote:
On Wed, Aug 8, 2012 at 4:35 PM, Paul Moore p...@paul-moore.com wrote:
On Wednesday, August 08, 2012 10:09:38 PM Eric Dumazet wrote:
Actually, the issue is that the shared socket doesn't have an init/alloc
function to do the LSM
On Wed, Aug 8, 2012 at 5:03 PM, Paul Moore p...@paul-moore.com wrote:
On Wednesday, August 08, 2012 04:51:56 PM Eric Paris wrote:
Could we add a __init function which does the security_sk_alloc() in
the same file where we declared them?
Is it safe to call security_sk_alloc() from inside
On Wed, 2012-08-08 at 16:46 -0400, Paul Moore wrote:
On Wednesday, August 08, 2012 10:32:52 PM Eric Dumazet wrote:
On Wed, 2012-08-08 at 22:09 +0200, Eric Dumazet wrote:
On Wed, 2012-08-08 at 15:59 -0400, Eric Paris wrote:
Seems wrong. We shouldn't ever need ifdef CONFIG_SECURITY in
On 8/8/2012 2:54 PM, Eric Dumazet wrote:
By the way, once this proved to be an issue that involved
more than just SELinux it needed to go onto the LSM list as
well.
On Wed, 2012-08-08 at 16:46 -0400, Paul Moore wrote:
On Wednesday, August 08, 2012 10:32:52 PM Eric Dumazet wrote:
On Wed,
On 08/07/2012 03:26 PM, John Stultz wrote:
On 08/07/2012 03:01 PM, Paul Moore wrote:
On Tue, Aug 7, 2012 at 5:58 PM, John Stultz
wrote:
On 08/07/2012 02:50 PM, Paul Moore wrote:
On Tue, Aug 7, 2012 at 2:12 PM, John Stultz
wrote:
Hi,
With my kvm environment using 3.6-rc1+, I'm seeing
On 08/07/2012 03:17 PM, Serge E. Hallyn wrote:
Quoting Paul Moore (p...@paul-moore.com):
On Tue, Aug 7, 2012 at 5:58 PM, John Stultz wrote:
On 08/07/2012 02:50 PM, Paul Moore wrote:
On Tue, Aug 7, 2012 at 2:12 PM, John Stultz
wrote:
Hi,
With my kvm environment using 3.6-rc1+, I'm
On 08/07/2012 03:01 PM, Paul Moore wrote:
On Tue, Aug 7, 2012 at 5:58 PM, John Stultz wrote:
On 08/07/2012 02:50 PM, Paul Moore wrote:
On Tue, Aug 7, 2012 at 2:12 PM, John Stultz
wrote:
Hi,
With my kvm environment using 3.6-rc1+, I'm seeing NULL pointer
dereferences in
On Tuesday, August 07, 2012 10:17:32 PM Serge E. Hallyn wrote:
> Quoting Paul Moore (p...@paul-moore.com):
> > On Tue, Aug 7, 2012 at 5:58 PM, John Stultz
wrote:
> > > On 08/07/2012 02:50 PM, Paul Moore wrote:
> > >> On Tue, Aug 7, 2012 at 2:12 PM, John Stultz
> > >>
> > >> wrote:
> > >>> Hi,
Quoting Paul Moore (p...@paul-moore.com):
> On Tue, Aug 7, 2012 at 5:58 PM, John Stultz wrote:
> > On 08/07/2012 02:50 PM, Paul Moore wrote:
> >>
> >> On Tue, Aug 7, 2012 at 2:12 PM, John Stultz
> >> wrote:
> >>>
> >>> Hi,
> >>> With my kvm environment using 3.6-rc1+, I'm seeing NULL
On Tue, Aug 7, 2012 at 5:58 PM, John Stultz wrote:
> On 08/07/2012 02:50 PM, Paul Moore wrote:
>>
>> On Tue, Aug 7, 2012 at 2:12 PM, John Stultz
>> wrote:
>>>
>>> Hi,
>>> With my kvm environment using 3.6-rc1+, I'm seeing NULL pointer
>>> dereferences in selinux_ip_postroute_compat(). It
On 08/07/2012 02:50 PM, Paul Moore wrote:
On Tue, Aug 7, 2012 at 2:12 PM, John Stultz wrote:
Hi,
With my kvm environment using 3.6-rc1+, I'm seeing NULL pointer
dereferences in selinux_ip_postroute_compat(). It looks like the sksec value
is null and we die in the following line:
if
On Tue, Aug 7, 2012 at 2:12 PM, John Stultz wrote:
> Hi,
> With my kvm environment using 3.6-rc1+, I'm seeing NULL pointer
> dereferences in selinux_ip_postroute_compat(). It looks like the sksec value
> is null and we die in the following line:
>
> if
On Tue, Aug 7, 2012 at 2:12 PM, John Stultz john.stu...@linaro.org wrote:
Hi,
With my kvm environment using 3.6-rc1+, I'm seeing NULL pointer
dereferences in selinux_ip_postroute_compat(). It looks like the sksec value
is null and we die in the following line:
if
On 08/07/2012 02:50 PM, Paul Moore wrote:
On Tue, Aug 7, 2012 at 2:12 PM, John Stultz john.stu...@linaro.org wrote:
Hi,
With my kvm environment using 3.6-rc1+, I'm seeing NULL pointer
dereferences in selinux_ip_postroute_compat(). It looks like the sksec value
is null and we die in the
On Tue, Aug 7, 2012 at 5:58 PM, John Stultz john.stu...@linaro.org wrote:
On 08/07/2012 02:50 PM, Paul Moore wrote:
On Tue, Aug 7, 2012 at 2:12 PM, John Stultz john.stu...@linaro.org
wrote:
Hi,
With my kvm environment using 3.6-rc1+, I'm seeing NULL pointer
dereferences in
Quoting Paul Moore (p...@paul-moore.com):
On Tue, Aug 7, 2012 at 5:58 PM, John Stultz john.stu...@linaro.org wrote:
On 08/07/2012 02:50 PM, Paul Moore wrote:
On Tue, Aug 7, 2012 at 2:12 PM, John Stultz john.stu...@linaro.org
wrote:
Hi,
With my kvm environment using 3.6-rc1+,
On Tuesday, August 07, 2012 10:17:32 PM Serge E. Hallyn wrote:
Quoting Paul Moore (p...@paul-moore.com):
On Tue, Aug 7, 2012 at 5:58 PM, John Stultz john.stu...@linaro.org
wrote:
On 08/07/2012 02:50 PM, Paul Moore wrote:
On Tue, Aug 7, 2012 at 2:12 PM, John Stultz john.stu...@linaro.org
On 08/07/2012 03:01 PM, Paul Moore wrote:
On Tue, Aug 7, 2012 at 5:58 PM, John Stultz john.stu...@linaro.org wrote:
On 08/07/2012 02:50 PM, Paul Moore wrote:
On Tue, Aug 7, 2012 at 2:12 PM, John Stultz john.stu...@linaro.org
wrote:
Hi,
With my kvm environment using 3.6-rc1+, I'm seeing
On 08/07/2012 03:17 PM, Serge E. Hallyn wrote:
Quoting Paul Moore (p...@paul-moore.com):
On Tue, Aug 7, 2012 at 5:58 PM, John Stultz john.stu...@linaro.org wrote:
On 08/07/2012 02:50 PM, Paul Moore wrote:
On Tue, Aug 7, 2012 at 2:12 PM, John Stultz john.stu...@linaro.org
wrote:
Hi,
On 08/07/2012 03:26 PM, John Stultz wrote:
On 08/07/2012 03:01 PM, Paul Moore wrote:
On Tue, Aug 7, 2012 at 5:58 PM, John Stultz john.stu...@linaro.org
wrote:
On 08/07/2012 02:50 PM, Paul Moore wrote:
On Tue, Aug 7, 2012 at 2:12 PM, John Stultz john.stu...@linaro.org
wrote:
Hi,
With my
60 matches
Mail list logo