UPSTREAM: selinux: ensure the policy has been loaded before reading t…

…he sidtab stats Check to make sure we have loaded a policy before we query the sidtab's hash stats. Failure to do so could result in a kernel panic/oops due to a dereferenced NULL pointer. Fixes: 66f8e2f03c02 ("selinux: sidtab reverse lookup hash table") Reported-by: kernel test robot <lkp@intel.com> Signed-off-by: Paul Moore <paul@paul-moore.com> (cherry picked from commit 15b590a81fcdd44ddcb4810f2a6334df8b6ca512) Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I9c9309341634ba0bdc6d151ec1ae4040a71dcd40
Atom-X-Devs · Nov 14, 2020 · 26d0b8d · 26d0b8d
1 parent b1ab580
commit 26d0b8d
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
@@ -1261,6 +1261,12 @@ int security_sidtab_hash_stats(struct selinux_state *state, char *page)
 {
 	int rc;
 
+	if (!state->initialized) {
+		pr_err("SELinux: %s:  called before initial load_policy\n",
+		       __func__);
+		return -EINVAL;
+	}
+
 	read_lock(&state->ss->policy_rwlock);
 	rc = sidtab_hash_stats(state->ss->sidtab, page);
 	read_unlock(&state->ss->policy_rwlock);