KASAN slab-out-of-bounds in tun_chr_open/sock_init_data (Was: Re: [PATCH v14 00/23] LSM: Module stacking for AppArmor)

Casey Schaufler casey at schaufler-ca.com
Mon Jan 27 17:34:33 UTC 2020

On 1/27/2020 8:56 AM, Stephen Smalley wrote:
> On 1/27/20 11:14 AM, Stephen Smalley wrote:
>> On 1/24/20 4:49 PM, Casey Schaufler wrote:
>>> On 1/24/2020 1:04 PM, Stephen Smalley wrote:
>>>> On 1/23/20 7:22 PM, Casey Schaufler wrote:
>>>>> This patchset provides the changes required for
>>>>> the AppArmor security module to stack safely with any other.
>>>>> v14: Rebase to 5.5-rc5
>>>>>        Incorporate feedback from v13
>>>>>        - Use an array of audit rules (patch 0002)
>>>>>        - Significant change, removed Acks (patch 0002)
>>>>>        - Remove unneeded include (patch 0013)
>>>>>        - Use context.len correctly (patch 0015)
>>>>>        - Reorder code to be more sensible (patch 0016)
>>>>>        - Drop SO_PEERCONTEXT as it's not needed yet (patch 0023)
>>>> I don't know for sure if this is your bug, but it happens every time I boot with your patches applied and not at all on stock v5.5-rc5 so here it is.  Will try to bisect as time permits but not until next week. Trigger seems to be loading the tun driver.
>>> Thanks. I will have a look as well.
>> Bisection led to the first patch in the series, "LSM: Infrastructure management of the sock security". Still not sure if the bug is in the patch itself or just being surfaced by it.
> Looks like the bug is pre-existing to me and just exposed by your patch.

OK, thanks. I don't see how moving the allocation ought to have
perturbed that, but it's good to know what happened. 

More information about the Linux-security-module-archive mailing list