[RFC PATCH 2/2] integrity: double check iint_cache was initialized
Tetsuo Handa
penguin-kernel at i-love.sakura.ne.jp
Tue Mar 23 01:46:52 UTC 2021
On 2021/03/20 5:03, Mimi Zohar wrote:
> The integrity's "iint_cache" is initialized at security_init(). Only
> after an IMA policy is loaded, which is initialized at late_initcall,
> is a file's integrity status stored in the "iint_cache".
>
> All integrity_inode_get() callers first verify that the IMA policy has
> been loaded, before calling it. Yet for some reason, it is still being
> called, causing a NULL pointer dereference.
>
> qemu-system-x86_64 (...snipped...) lsm=smack (...snipped...)
Hmm, why are you using lsm=smack instead of security=smack ?
Since use of lsm= overrides CONFIG_LSM="lockdown,yama,safesetid,integrity,tomoyo,smack,bpf" settings,
only smack is activated, which means that integrity_iintcache_init() will not be called by
DEFINE_LSM(integrity) = {
.name = "integrity",
.init = integrity_iintcache_init,
};
declaration. That's the reason iint_cache == NULL when integrity_inode_get() is called.
More information about the Linux-security-module-archive
mailing list