Re: Linux-next: Kernel panic - not syncing: Fatal exception in interrupt - RIP: 0010:security_port_sid

[Paul Moore]

On Wed, Aug 19, 2020 at 6:31 PM Stephen Rothwell <sfr@xxxxxxxxxxxxxxxx> wrote:
> Hi all,
>
> On Wed, 19 Aug 2020 11:12:44 -0400 Stephen Smalley <stephen.smalley.work@xxxxxxxxx> wrote:
> >
> > Fix can be found at:https://patchwork.kernel.org/patch/11724203/
> > <https://patchwork.kernel.org/patch/11724203/>
>
> Thanks.
>
> I will add that to the selinux tree merge in linux-next until it turns
> up in the tree.

FYI, I just merged that patch into the selinux/next tree.

  commit 37ea433c66070fcef09c6d118492c36299eb72ba
  Author: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
  Date:   Wed Aug 19 09:45:41 2020 -0400

   selinux: avoid dereferencing the policy prior to initialization

   Certain SELinux security server functions (e.g. security_port_sid,
   called during bind) were not explicitly testing to see if SELinux
   has been initialized (i.e. initial policy loaded) and handling
   the no-policy-loaded case.  In the past this happened to work
   because the policydb was statically allocated and could always
   be accessed, but with the recent encapsulation of policy state
   and conversion to dynamic allocation, we can no longer access
   the policy state prior to initialization.  Add a test of
   !selinux_initialized(state) to all of the exported functions that
   were missing them and handle appropriately.

   Fixes: 461698026ffa ("selinux: encapsulate policy state, refactor ...")
   Reported-by: Naresh Kamboju <naresh.kamboju@xxxxxxxxxx>
   Tested-by: Andy Shevchenko <andy.shevchenko@xxxxxxxxx>
   Signed-off-by: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
   Signed-off-by: Paul Moore <paul@xxxxxxxxxxxxxx>

-- 
paul moore
www.paul-moore.com