selinux: ensure the policy has been loaded before reading the sidtab stats

Check to make sure we have loaded a policy before we query the sidtab's hash stats. Failure to do so could result in a kernel panic/oops due to a dereferenced NULL pointer. Fixes: 66f8e2f03c02 ("selinux: sidtab reverse lookup hash table") Reported-by: kernel test robot <lkp@intel.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
author: Paul Moore <paul@paul-moore.com> 2019-12-23 16:38:36 -0500
committer: Paul Moore <paul@paul-moore.com> 2019-12-23 16:38:36 -0500
commit: 15b590a81fcdd44ddcb4810f2a6334df8b6ca512 (patch)
tree: 02a5e1441d741d2629d391a63ec0c54d4c6a6ce7 /security
parent: 030b995ad9ece9fa2d218af4429c1c78c2342096 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 743b85ede4ef..c9e38f1ede02 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -1286,6 +1286,12 @@ int security_sidtab_hash_stats(struct selinux_state *state, char *page)
 {
 	int rc;
 
+	if (!state->initialized) {
+		pr_err("SELinux: %s:  called before initial load_policy\n",
+		       __func__);
+		return -EINVAL;
+	}
+
 	read_lock(&state->ss->policy_rwlock);
 	rc = sidtab_hash_stats(state->ss->sidtab, page);
 	read_unlock(&state->ss->policy_rwlock);
author	Paul Moore <paul@paul-moore.com>	2019-12-23 16:38:36 -0500
committer	Paul Moore <paul@paul-moore.com>	2019-12-23 16:38:36 -0500
commit	15b590a81fcdd44ddcb4810f2a6334df8b6ca512 (patch)
tree	02a5e1441d741d2629d391a63ec0c54d4c6a6ce7 /security
parent	030b995ad9ece9fa2d218af4429c1c78c2342096 (diff)