diff options
| author | Ondrej Mosnacek | 2018-10-23 09:02:17 +0200 |
|---|---|---|
| committer | Greg Kroah-Hartman | 2019-01-13 09:51:07 +0100 |
| commit | b37fdd94103684869a295c0d3740ac0043c13a1e (patch) | |
| tree | 44b805cbbd0305567fcc150cf879a409e9ad5e1d /security/selinux/xfrm.c | |
| parent | b43: Fix error in cordic routine (diff) | |
| download | kernel-qcow2-linux-b37fdd94103684869a295c0d3740ac0043c13a1e.tar.gz kernel-qcow2-linux-b37fdd94103684869a295c0d3740ac0043c13a1e.tar.xz kernel-qcow2-linux-b37fdd94103684869a295c0d3740ac0043c13a1e.zip | |
selinux: policydb - fix byte order and alignment issues
commit 5df275cd4cf51c86d49009f1397132f284ba515e upstream.
Do the LE conversions before doing the Infiniband-related range checks.
The incorrect checks are otherwise causing a failure to load any policy
with an ibendportcon rule on BE systems. This can be reproduced by
running (on e.g. ppc64):
cat >my_module.cil <<EOF
(type test_ibendport_t)
(roletype object_r test_ibendport_t)
(ibendportcon mlx4_0 1 (system_u object_r test_ibendport_t ((s0) (s0))))
EOF
semodule -i my_module.cil
Also, fix loading/storing the 64-bit subnet prefix for OCON_IBPKEY to
use a correctly aligned buffer.
Finally, do not use the 'nodebuf' (u32) buffer where 'buf' (__le32)
should be used instead.
Tested internally on a ppc64 machine with a RHEL 7 kernel with this
patch applied.
Cc: Daniel Jurgens <danielj@mellanox.com>
Cc: Eli Cohen <eli@mellanox.com>
Cc: James Morris <jmorris@namei.org>
Cc: Doug Ledford <dledford@redhat.com>
Cc: <stable@vger.kernel.org> # 4.13+
Fixes: a806f7a1616f ("selinux: Create policydb version for Infiniband support")
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'security/selinux/xfrm.c')
0 files changed, 0 insertions, 0 deletions