|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH] Fix boot crash on xsm/flask enabled builds when no policy module is present
>>> On 26.08.13 at 12:03, Tomasz Wroblewski <tomasz.wroblewski@xxxxxxxxxx>
>>> wrote:
> Xen crashes on boot of xsm/flask enabled builds, if policy module is not
> specified.
> This seems to have worked on 4.1 at least.
Looking at the code (4.1.5) I can't see what would prevent the
same NULL pointer deref. Care to explain?
> Can be fixed by testing whether
> policy_buffer
> is NULL before attempting to load from it - it's a global which is set to
> non-NULL when
> policy module is detected.
>
> Signed-off-by: Tomasz Wroblewski <tomasz.wroblewski@xxxxxxxxxx>
> ---
> xen/xsm/flask/hooks.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
> index fa0589a..cfa2929 100644
> --- a/xen/xsm/flask/hooks.c
> +++ b/xen/xsm/flask/hooks.c
> @@ -1585,7 +1585,8 @@ static __init int flask_init(void)
> if ( register_xsm(&flask_ops) )
> panic("Flask: Unable to register with XSM.\n");
>
> - ret = security_load_policy(policy_buffer, policy_size);
> + if ( policy_buffer )
> + ret = security_load_policy(policy_buffer, policy_size);
Question is whether policy_buffer == NULL really isn't supposed
to result in a -E... return value (as in fact flask initialization failed).
Jan
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |