rpms/kernel/devel linux-2.6-selinux-empty-tty-files.patch, NONE, 1.1 kernel.spec, 1.1111, 1.1112

Eric Paris eparis at fedoraproject.org
Mon Nov 3 14:23:32 UTC 2008 

Author: eparis

Update of /cvs/pkgs/rpms/kernel/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv23975

Modified Files:
	kernel.spec 
Added Files:
	linux-2.6-selinux-empty-tty-files.patch 
Log Message:
BZ 469079 linus git 37dd0bd04a3240d2922786d501e2f12cec858fbf

Allow ppc64 machines without plymouth to boot.  Improper handling of empty tty_files list


linux-2.6-selinux-empty-tty-files.patch:

--- NEW FILE linux-2.6-selinux-empty-tty-files.patch ---
From: Eric Paris <eparis at redhat.com>
Date: Fri, 31 Oct 2008 21:40:00 +0000 (-0400)
Subject: SELinux: properly handle empty tty_files list
X-Git-Tag: v2.6.28-rc3~17^2
X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=37dd0bd04a3240d2922786d501e2f12cec858fbf

SELinux: properly handle empty tty_files list

SELinux has wrongly (since 2004) had an incorrect test for an empty
tty->tty_files list.  With an empty list selinux would be pointing to part
of the tty struct itself and would then proceed to dereference that value
and again dereference that result.  An F10 change to plymouth on a ppc64
system is actually currently triggering this bug.  This patch uses
list_empty() to handle empty lists rather than looking at a meaningless
location.

[note, this fixes the oops reported in
https://bugzilla.redhat.com/show_bug.cgi?id=469079]

Signed-off-by: Eric Paris <eparis at redhat.com>
Signed-off-by: James Morris <jmorris at namei.org>
---

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 3e3fde7..f85597a 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2126,14 +2126,16 @@ static inline void flush_unauthorized_files(struct files_struct *files)
 	tty = get_current_tty();
 	if (tty) {
 		file_list_lock();
-		file = list_entry(tty->tty_files.next, typeof(*file), f_u.fu_list);
-		if (file) {
+		if (!list_empty(&tty->tty_files)) {
+			struct inode *inode;
+
 			/* Revalidate access to controlling tty.
 			   Use inode_has_perm on the tty inode directly rather
 			   than using file_has_perm, as this particular open
 			   file may belong to another process and we are only
 			   interested in the inode-based check here. */
-			struct inode *inode = file->f_path.dentry->d_inode;
+			file = list_first_entry(&tty->tty_files, struct file, f_u.fu_list);
+			inode = file->f_path.dentry->d_inode;
 			if (inode_has_perm(current, inode,
 					   FILE__READ | FILE__WRITE, NULL)) {
 				drop_tty = 1;


Index: kernel.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/devel/kernel.spec,v
retrieving revision 1.1111
retrieving revision 1.1112
diff -u -r1.1111 -r1.1112
--- kernel.spec	3 Nov 2008 12:49:35 -0000	1.1111
+++ kernel.spec	3 Nov 2008 14:23:02 -0000	1.1112
@@ -733,6 +733,9 @@
 # Add better support for DMI-based autoloading
 Patch3110: linux-2.6-dmi-autoload.patch
 
+# SELinux: Fix handling of empty tty_files. 37dd0bd04a3240d2922786d501e2f12cec858fbf BZ469079
+Patch3120: linux-2.6-selinux-empty-tty-files.patch
+
 %endif
 
 BuildRoot: %{_tmppath}/kernel-%{KVERREL}-root
@@ -1325,6 +1328,9 @@
 # EC storms aren't anything you can fix, shut up already
 ApplyPatch linux-2.6.27-acpi-ec-drizzle.patch
 
+# SELinux on ppc64 without plymouth can't boot
+ApplyPatch linux-2.6-selinux-empty-tty-files.patch
+
 # END OF PATCH APPLICATIONS
 
 %endif

More information about the fedora-extras-commits mailing list