Created attachment 100971 [details]
linux-3.9.0 kernel config
After updating Arch Linux with custom 3.9.0 kernel from systemd-202 to systemd-203 I get the following:
BUG: unable to handle kernel NULL pointer dereference at 0000000000000018
At first all I've got was drm_warn_on_modeset_not_all_locked warning but as described here:
when I've compiled the kernel with this patch:
I get the real reason for the panic (picture attached).
I've reported this on the freedesktop bugzilla here:
Lennart had his point of view on this one, so in the lack of evidence otherwise I had to report it here.
Contents of the /etc/fstab:
UUID=992352a9-7eaf-4cc4-bc3c-d3b1de96b279 / ext4 rw,noatime,discard,data=ordered 0 1
UUID=643C40B93C4087CE /storage ntfs-3g defaults,uid=combuster,gid=users,dmask=027,fmask=137 0 0
I'll attach the .config for the kernel and an image of the panic.
Please move this to the appropriate section, I haven't had a clue where to report this one.
Created attachment 100981 [details]
Image of the panic
This appears to have crept in with the cgroups xattr support. It looks as if the dentry may not be complete when passed to Smack.
__d_xattr() references dentry->d_inode->i_mode, however d_inode is not set when d_instantiate() is called. When Smack goes looking to see if there are attributes associated with the dentry we get a NULL pointer reference. SELinux does not see this problem because cgroups are mounted without xattr based labeling enabled.
The quick and dirty fix is to add a check:
if (dp->d_inode == NULL)
prior to the buffer allocation in smk_fetch() in security/smack/smack_lsm.c
This won't solve the problem for SELinux with xattr based labeling enabled, but I suspect that if they wanted to run in that mode they's already be doing so.
This patch seems to fix the problem. It was tested by Ivan Bulatovic. I would prefer that the cgroup xattr code get fixed so that it initializes the dentry prior to calling d_instantiate, but this should do for now.
security/smack/smack_lsm.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index d52c780..2ceafae 100644
@@ -59,7 +59,8 @@ static char *smk_fetch(const char *name, struct inode *ip, struct dentry *dp)
char *result = NULL;
- if (ip->i_op->getxattr == NULL)
+ if (ip->i_op->getxattr == NULL || dp->d_inode == NULL ||
+ dp->d_fsdata == NULL)
buffer = kzalloc(SMK_LONGLABEL, GFP_KERNEL);
Do not use the patch above. The commit: cgroup: initialize xattr before calling d_instantiate() d6cbf35dac8a3dadb9103379820c96d7c85df3d9 fixes the real problem.