Skip to content

Commit

Permalink
selinux: fix kernel BUG on prlimit(..., NULL, NULL)
Browse files Browse the repository at this point in the history 
commit 79bcf325e6b32b3c ("prlimit,security,selinux: add a security hook
for prlimit") introduced a security hook for prlimit() and implemented it
for SELinux.  However, if prlimit() is called with NULL arguments for both
the new limit and the old limit, then the hook is called with 0 for the
read/write flags, since the prlimit() will neither read nor write the
process' limits.  This would in turn lead to calling avc_has_perm() with 0
for the requested permissions, which triggers a BUG_ON() in
avc_has_perm_noaudit() since the kernel should never be invoking
avc_has_perm() with no permissions.  Fix this in the SELinux hook by
returning immediately if the flags are 0.  Arguably prlimit64() itself
ought to return immediately if both old_rlim and new_rlim are NULL since
it is effectively a no-op in that case.

Reported by the lkp-robot based on trinity testing.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
  • Loading branch information
Stephen Smalley authored and James Morris committed Mar 5, 2017
1 parent 791ec49 commit 84e6885
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions security/selinux/hooks.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3925,6 +3925,8 @@ int selinux_task_prlimit(const struct cred *cred, const struct cred *tcred,
{
u32 av = 0;

if (!flags)
return 0;
if (flags & LSM_PRLIMIT_WRITE)
av |= PROCESS__SETRLIMIT;
if (flags & LSM_PRLIMIT_READ)
Expand Down

0 comments on commit 84e6885

Please sign in to comment.