On Thu, Aug 9, 2012 at 10:27 AM, Eric Dumazet wrote:
> On Thu, 2012-08-09 at 09:30 -0400, Paul Moore wrote:
>
>> In the case of a TCP syn-recv and timewait ACK things are a little less
>> clear.
>> Eric (Dumazet), it looks like we have a socket in tcp_v4_reqsk_send_ack() and
>> tcp_v4_timewait_ac
On Thu, 2012-08-09 at 09:30 -0400, Paul Moore wrote:
> In the case of a TCP syn-recv and timewait ACK things are a little less
> clear.
> Eric (Dumazet), it looks like we have a socket in tcp_v4_reqsk_send_ack() and
> tcp_v4_timewait_ack(), any reason why we can't propagate the socket down to
On Wednesday, August 08, 2012 05:00:26 PM Casey Schaufler wrote:
> On 8/8/2012 2:54 PM, Eric Dumazet wrote:
>
> By the way, once this proved to be an issue that involved
> more than just SELinux it needed to go onto the LSM list as
> well.
Yes, you're right.
> > On Wed, 2012-08-08 at 16:46 -0400,
On 8/8/2012 2:54 PM, Eric Dumazet wrote:
By the way, once this proved to be an issue that involved
more than just SELinux it needed to go onto the LSM list as
well.
> On Wed, 2012-08-08 at 16:46 -0400, Paul Moore wrote:
>> On Wednesday, August 08, 2012 10:32:52 PM Eric Dumazet wrote:
>>> On Wed,
On Wed, 2012-08-08 at 16:46 -0400, Paul Moore wrote:
> On Wednesday, August 08, 2012 10:32:52 PM Eric Dumazet wrote:
> > On Wed, 2012-08-08 at 22:09 +0200, Eric Dumazet wrote:
> > > On Wed, 2012-08-08 at 15:59 -0400, Eric Paris wrote:
> > > > Seems wrong. We shouldn't ever need ifdef CONFIG_SECURI
On Wed, Aug 8, 2012 at 5:03 PM, Paul Moore wrote:
> On Wednesday, August 08, 2012 04:51:56 PM Eric Paris wrote:
>> Could we add a __init function which does the security_sk_alloc() in
>> the same file where we declared them?
>
> Is it safe to call security_sk_alloc() from inside another __init fu
On Wednesday, August 08, 2012 04:51:56 PM Eric Paris wrote:
> On Wed, Aug 8, 2012 at 4:35 PM, Paul Moore wrote:
> > On Wednesday, August 08, 2012 10:09:38 PM Eric Dumazet wrote:
> >
> > Actually, the issue is that the shared socket doesn't have an init/alloc
> > function to do the LSM allocation
On Wed, Aug 8, 2012 at 4:35 PM, Paul Moore wrote:
> On Wednesday, August 08, 2012 10:09:38 PM Eric Dumazet wrote:
> Actually, the issue is that the shared socket doesn't have an init/alloc
> function to do the LSM allocation like we do with other sockets so Eric's
> patch does it as part of ip_se
On Wednesday, August 08, 2012 10:32:52 PM Eric Dumazet wrote:
> On Wed, 2012-08-08 at 22:09 +0200, Eric Dumazet wrote:
> > On Wed, 2012-08-08 at 15:59 -0400, Eric Paris wrote:
> > > Seems wrong. We shouldn't ever need ifdef CONFIG_SECURITY in core
> > > code.
> >
> > Sure but it seems include fil
On Wednesday, August 08, 2012 10:09:38 PM Eric Dumazet wrote:
> On Wed, 2012-08-08 at 15:59 -0400, Eric Paris wrote:
> > Seems wrong. We shouldn't ever need ifdef CONFIG_SECURITY in core
> > code.
>
> Sure but it seems include file misses an accessor for this.
>
> We could add it on a future cle
On Wed, 2012-08-08 at 22:09 +0200, Eric Dumazet wrote:
> On Wed, 2012-08-08 at 15:59 -0400, Eric Paris wrote:
>
> > Seems wrong. We shouldn't ever need ifdef CONFIG_SECURITY in core
> > code.
>
> Sure but it seems include file misses an accessor for this.
>
> We could add it on a future cleanu
On Wed, 2012-08-08 at 15:59 -0400, Eric Paris wrote:
> Seems wrong. We shouldn't ever need ifdef CONFIG_SECURITY in core
> code.
Sure but it seems include file misses an accessor for this.
We could add it on a future cleanup patch, as Paul mentioned.
> Ifndef CONF_SECURITY then security_sk_a
On Wed, 2012-08-08 at 12:49 -0700, John Stultz wrote:
> I can't comment on the patch itself, but I tested it against Linus' HEAD
> and it seems to resolve the oops on shutdown for me.
OK, thanks !
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a mess
On Wed, 2012-08-08 at 15:50 -0400, Paul Moore wrote:
> Yep. I was just trying to see if there was a way we could avoid having to
> make it conditional on CONFIG_SECURITY, but I think this is a better approach
> than the alternatives.
>
> I'm also looking into making sure we get a sane LSM labe
On Wed, Aug 8, 2012 at 3:38 PM, Eric Dumazet wrote:
> On Wed, 2012-08-08 at 15:26 -0400, Paul Moore wrote:
> diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
> index ba39a52..027a331 100644
> --- a/net/ipv4/ip_output.c
> +++ b/net/ipv4/ip_output.c
> @@ -1524,6 +1524,10 @@ void ip_send_uni
On Wednesday, August 08, 2012 09:38:21 PM Eric Dumazet wrote:
> On Wed, 2012-08-08 at 15:26 -0400, Paul Moore wrote:
> > On Wednesday, August 08, 2012 12:14:42 PM John Stultz wrote:
> > > So I bisected this down and it seems to be the following commit:
> > >
> > > commit be9f4a44e7d41cee50ddb5f038
On 08/08/2012 12:38 PM, Eric Dumazet wrote:
On Wed, 2012-08-08 at 15:26 -0400, Paul Moore wrote:
It looks the like there is a bug in ip_send_unicast_reply() which uses a
inet_sock/sock struct which does not have the LSM data properly initialized.
I'll put together a patch shortly.
Something li
On Wed, 2012-08-08 at 15:26 -0400, Paul Moore wrote:
> On Wednesday, August 08, 2012 12:14:42 PM John Stultz wrote:
> > So I bisected this down and it seems to be the following commit:
> >
> > commit be9f4a44e7d41cee50ddb5f038fc2391cbbb4046
> > Author: Eric Dumazet
> > Date: Thu Jul 19 07:34:03
On Wed, 2012-08-08 at 12:14 -0700, John Stultz wrote:
> On 08/07/2012 03:37 PM, John Stultz wrote:
> > On 08/07/2012 03:17 PM, Serge E. Hallyn wrote:
> >> Quoting Paul Moore (p...@paul-moore.com):
> >>> On Tue, Aug 7, 2012 at 5:58 PM, John Stultz
> >>> wrote:
> On 08/07/2012 02:50 PM, Paul M
On Wednesday, August 08, 2012 12:14:42 PM John Stultz wrote:
> So I bisected this down and it seems to be the following commit:
>
> commit be9f4a44e7d41cee50ddb5f038fc2391cbbb4046
> Author: Eric Dumazet
> Date: Thu Jul 19 07:34:03 2012 +
>
> ipv4: tcp: remove per net tcp_sock
>
>
>
On 08/07/2012 03:37 PM, John Stultz wrote:
On 08/07/2012 03:17 PM, Serge E. Hallyn wrote:
Quoting Paul Moore (p...@paul-moore.com):
On Tue, Aug 7, 2012 at 5:58 PM, John Stultz
wrote:
On 08/07/2012 02:50 PM, Paul Moore wrote:
On Tue, Aug 7, 2012 at 2:12 PM, John Stultz
wrote:
Hi,
With
On 08/07/2012 03:17 PM, Serge E. Hallyn wrote:
> Quoting Paul Moore (p...@paul-moore.com):
>> On Tue, Aug 7, 2012 at 5:58 PM, John Stultz wrote:
>>> On 08/07/2012 02:50 PM, Paul Moore wrote:
On Tue, Aug 7, 2012 at 2:12 PM, John Stultz
wrote:
>
> Hi,
> With my kvm e
On 08/07/2012 03:26 PM, John Stultz wrote:
On 08/07/2012 03:01 PM, Paul Moore wrote:
On Tue, Aug 7, 2012 at 5:58 PM, John Stultz
wrote:
On 08/07/2012 02:50 PM, Paul Moore wrote:
On Tue, Aug 7, 2012 at 2:12 PM, John Stultz
wrote:
Hi,
With my kvm environment using 3.6-rc1+, I'm seeing N
On 08/07/2012 03:17 PM, Serge E. Hallyn wrote:
Quoting Paul Moore (p...@paul-moore.com):
On Tue, Aug 7, 2012 at 5:58 PM, John Stultz wrote:
On 08/07/2012 02:50 PM, Paul Moore wrote:
On Tue, Aug 7, 2012 at 2:12 PM, John Stultz
wrote:
Hi,
With my kvm environment using 3.6-rc1+, I'm seei
On 08/07/2012 03:01 PM, Paul Moore wrote:
On Tue, Aug 7, 2012 at 5:58 PM, John Stultz wrote:
On 08/07/2012 02:50 PM, Paul Moore wrote:
On Tue, Aug 7, 2012 at 2:12 PM, John Stultz
wrote:
Hi,
With my kvm environment using 3.6-rc1+, I'm seeing NULL pointer
dereferences in selinux_ip_postr
On Tuesday, August 07, 2012 10:17:32 PM Serge E. Hallyn wrote:
> Quoting Paul Moore (p...@paul-moore.com):
> > On Tue, Aug 7, 2012 at 5:58 PM, John Stultz
wrote:
> > > On 08/07/2012 02:50 PM, Paul Moore wrote:
> > >> On Tue, Aug 7, 2012 at 2:12 PM, John Stultz
> > >>
> > >> wrote:
> > >>> Hi,
>
Quoting Paul Moore (p...@paul-moore.com):
> On Tue, Aug 7, 2012 at 5:58 PM, John Stultz wrote:
> > On 08/07/2012 02:50 PM, Paul Moore wrote:
> >>
> >> On Tue, Aug 7, 2012 at 2:12 PM, John Stultz
> >> wrote:
> >>>
> >>> Hi,
> >>> With my kvm environment using 3.6-rc1+, I'm seeing NULL pointer
On Tue, Aug 7, 2012 at 5:58 PM, John Stultz wrote:
> On 08/07/2012 02:50 PM, Paul Moore wrote:
>>
>> On Tue, Aug 7, 2012 at 2:12 PM, John Stultz
>> wrote:
>>>
>>> Hi,
>>> With my kvm environment using 3.6-rc1+, I'm seeing NULL pointer
>>> dereferences in selinux_ip_postroute_compat(). It loo
On 08/07/2012 02:50 PM, Paul Moore wrote:
On Tue, Aug 7, 2012 at 2:12 PM, John Stultz wrote:
Hi,
With my kvm environment using 3.6-rc1+, I'm seeing NULL pointer
dereferences in selinux_ip_postroute_compat(). It looks like the sksec value
is null and we die in the following line:
if (
On Tue, Aug 7, 2012 at 2:12 PM, John Stultz wrote:
> Hi,
> With my kvm environment using 3.6-rc1+, I'm seeing NULL pointer
> dereferences in selinux_ip_postroute_compat(). It looks like the sksec value
> is null and we die in the following line:
>
> if (selinux_xfrm_postroute_last(sksec->s
30 matches
Mail list logo
