Re: [PATCH v2] general protection fault in sock_has_perm

[Mark Salyzyn]

On 02/01/2018 08:00 AM, Paul Moore wrote:
> On Thu, Feb 1, 2018 at 10:37 AM, Mark Salyzyn <salyzyn@xxxxxxxxxxx> wrote:
> > In the absence of commit a4298e4522d6 ("net: add SOCK_RCU_FREE socket
> > flag") and all the associated infrastructure changes to take advantage
> > of a RCU grace period before freeing, there is a heightened
> > possibility that a security check is performed while an ill-timed
> > setsockopt call races in from user space.  It then is prudent to null
> > check sk_security, and if the case, reject the permissions.
> >
> > . . .
> > ---[ end trace 7b5aaf788fef6174 ]---
> >
> > Signed-off-by: Mark Salyzyn <salyzyn@xxxxxxxxxxx>
> > Signed-off-by: Paul Moore <paul@xxxxxxxxxxxxxxxxxxx>
> No, in the previous thread I gave my ack, not my sign-off; please be
> more careful in the future.  It may seem silly, especially in this
> particular case, but it is an important distinction when things like
> the DCO are concerned.
>
> Anyway, here is my ack again.
>
> Acked-by: Paul Moore <paul@xxxxxxxxxxxxxx>
Ok, both Greg KH and yours should be considered Acked-By. Been 
overstepping this boundary for _years_. AFAIK Signed-off-by is still 
pending from Stephen Smalley <sds@xxxxxxxxxxxxx> before this can roll in.

Lesson lurned

-- Mark