Subject : 2.6.37-rc5: NULL pointer oops in selinux_socket_unix_stream_connect Submitter : Jeremy Fitzhardinge <jeremy@goop.org> Date : 2010-12-08 21:09 Message-ID : 4CFFF3F3.90100@goop.org References : http://marc.info/?l=linux-kernel&m=129184256629712&w=2 This entry is being used for tracking a regression from 2.6.36. Please don't close it until the problem is fixed in the mainline.
On Monday, January 10, 2011, David Miller wrote: > From: "Rafael J. Wysocki" <rjw@sisk.pl> > Date: Wed, 29 Dec 2010 23:59:38 +0100 (CET) > > > Bug-Entry : http://bugzilla.kernel.org/show_bug.cgi?id=24592 > > Subject : 2.6.37-rc5: NULL pointer oops in > selinux_socket_unix_stream_connect > > Submitter : Jeremy Fitzhardinge <jeremy@goop.org> > > Date : 2010-12-08 21:09 (22 days old) > > This bug is intended to be fixed by: > > commit 3610cda53f247e176bcbb7a7cca64bc53b12acdb > Author: David S. Miller <davem@davemloft.net> > Date: Wed Jan 5 15:38:53 2011 -0800 > > af_unix: Avoid socket->sk NULL OOPS in stream connect security hooks. > > unix_release() can asynchornously set socket->sk to NULL, and > it does so without holding the unix_state_lock() on "other" > during stream connects. > > However, the reverse mapping, sk->sk_socket, is only transitioned > to NULL under the unix_state_lock(). > > Therefore make the security hooks follow the reverse mapping instead > of the forward mapping. > > Reported-by: Jeremy Fitzhardinge <jeremy@goop.org> > Reported-by: Linus Torvalds <torvalds@linux-foundation.org> > Signed-off-by: David S. Miller <davem@davemloft.net>