[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: SELinux related kernel oops

From: Jason Baron <jbaron redhat com>
To: Jack Neely <jjneely pams ncsu edu>
Cc: nahant-list redhat com, James Morris <jmorris redhat com>, Dave Anderson <anderson redhat com>
Subject: Re: SELinux related kernel oops
Date: Fri, 24 Mar 2006 16:39:11 -0500 (EST)

On Thu, 23 Mar 2006, Jack Neely wrote:

> Folks,
> 
> I received a strange kernel oops that I'm trying to dig up some more
> information about before I start filing bug reports.
> 
>     http://anduril.pams.ncsu.edu/~slack/oops-20060323
> 
> This is a RHEL 4 server running kernel 2.6.9-22.0.2.ELsmp with SELinux
> in enforcing mode.  It has an Apple XRAID attached via an LSI fiber
> channel card that Apple ships and a SCSI HD array.  (Software raid.)
> The server is a fairly busy NFS server.  Loads between 1 and 2 are
> common.
> 
> Any ideas where this came from and how to avoid it in the future?
> 
> Jack Neely
> 

hi Jack,

We've taken a bit of a look at this and what's happening is that 'strnlen' 
which is being called by 'vsnprintf' is being passed a bogus string 
pointer. Specifically, the address is 0001c200, which is invalid. The 
bogus string is originating in 'avc_dump_query' where the index into the 
'class_to_string[tclass]' array is bogus. You can also see this from the 
message 'security_compute_av:  unrecognized class 14080'. This index is 
outside the range of the class_to_string[] array and is thus generating a 
bogus string. It would appear that when this message is generated we 
should handle this error case...

Turning off selinux, setting selinux=0 at the kernel command line, will 
certainly make this issue go away, but it be nice to actually get to 
the bottom of the real fix...

thanks,

-Jason

References:
- SELinux related kernel oops
  - From: Jack Neely

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]