[RFC PATCH 2/2] integrity: double check iint_cache was initialized

Tetsuo Handa penguin-kernel at i-love.sakura.ne.jp
Tue Mar 23 01:46:52 UTC 2021

On 2021/03/20 5:03, Mimi Zohar wrote:
> The integrity's "iint_cache" is initialized at security_init().  Only
> after an IMA policy is loaded, which is initialized at late_initcall,
> is a file's integrity status stored in the "iint_cache".
> All integrity_inode_get() callers first verify that the IMA policy has
> been loaded, before calling it.  Yet for some reason, it is still being
> called, causing a NULL pointer dereference.
> qemu-system-x86_64 (...snipped...) lsm=smack (...snipped...)

Hmm, why are you using lsm=smack instead of security=smack ?
Since use of lsm= overrides CONFIG_LSM="lockdown,yama,safesetid,integrity,tomoyo,smack,bpf" settings,
only smack is activated, which means that integrity_iintcache_init() will not be called by

  DEFINE_LSM(integrity) = {
  	.name = "integrity",
  	.init = integrity_iintcache_init,

declaration. That's the reason iint_cache == NULL when integrity_inode_get() is called.

More information about the Linux-security-module-archive mailing list