rpms/kernel/devel linux-2.6-selinux-empty-tty-files.patch, NONE, 1.1 kernel.spec, 1.1111, 1.1112
Eric Paris
eparis at fedoraproject.org
Mon Nov 3 14:23:32 UTC 2008
Author: eparis
Update of /cvs/pkgs/rpms/kernel/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv23975
Modified Files:
kernel.spec
Added Files:
linux-2.6-selinux-empty-tty-files.patch
Log Message:
BZ 469079 linus git 37dd0bd04a3240d2922786d501e2f12cec858fbf
Allow ppc64 machines without plymouth to boot. Improper handling of empty tty_files list
linux-2.6-selinux-empty-tty-files.patch:
--- NEW FILE linux-2.6-selinux-empty-tty-files.patch ---
From: Eric Paris <eparis at redhat.com>
Date: Fri, 31 Oct 2008 21:40:00 +0000 (-0400)
Subject: SELinux: properly handle empty tty_files list
X-Git-Tag: v2.6.28-rc3~17^2
X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=37dd0bd04a3240d2922786d501e2f12cec858fbf
SELinux: properly handle empty tty_files list
SELinux has wrongly (since 2004) had an incorrect test for an empty
tty->tty_files list. With an empty list selinux would be pointing to part
of the tty struct itself and would then proceed to dereference that value
and again dereference that result. An F10 change to plymouth on a ppc64
system is actually currently triggering this bug. This patch uses
list_empty() to handle empty lists rather than looking at a meaningless
location.
[note, this fixes the oops reported in
https://bugzilla.redhat.com/show_bug.cgi?id=469079]
Signed-off-by: Eric Paris <eparis at redhat.com>
Signed-off-by: James Morris <jmorris at namei.org>
---
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 3e3fde7..f85597a 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2126,14 +2126,16 @@ static inline void flush_unauthorized_files(struct files_struct *files)
tty = get_current_tty();
if (tty) {
file_list_lock();
- file = list_entry(tty->tty_files.next, typeof(*file), f_u.fu_list);
- if (file) {
+ if (!list_empty(&tty->tty_files)) {
+ struct inode *inode;
+
/* Revalidate access to controlling tty.
Use inode_has_perm on the tty inode directly rather
than using file_has_perm, as this particular open
file may belong to another process and we are only
interested in the inode-based check here. */
- struct inode *inode = file->f_path.dentry->d_inode;
+ file = list_first_entry(&tty->tty_files, struct file, f_u.fu_list);
+ inode = file->f_path.dentry->d_inode;
if (inode_has_perm(current, inode,
FILE__READ | FILE__WRITE, NULL)) {
drop_tty = 1;
Index: kernel.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/devel/kernel.spec,v
retrieving revision 1.1111
retrieving revision 1.1112
diff -u -r1.1111 -r1.1112
--- kernel.spec 3 Nov 2008 12:49:35 -0000 1.1111
+++ kernel.spec 3 Nov 2008 14:23:02 -0000 1.1112
@@ -733,6 +733,9 @@
# Add better support for DMI-based autoloading
Patch3110: linux-2.6-dmi-autoload.patch
+# SELinux: Fix handling of empty tty_files. 37dd0bd04a3240d2922786d501e2f12cec858fbf BZ469079
+Patch3120: linux-2.6-selinux-empty-tty-files.patch
+
%endif
BuildRoot: %{_tmppath}/kernel-%{KVERREL}-root
@@ -1325,6 +1328,9 @@
# EC storms aren't anything you can fix, shut up already
ApplyPatch linux-2.6.27-acpi-ec-drizzle.patch
+# SELinux on ppc64 without plymouth can't boot
+ApplyPatch linux-2.6-selinux-empty-tty-files.patch
+
# END OF PATCH APPLICATIONS
%endif
More information about the fedora-extras-commits
mailing list