mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-12 21:57:43 +00:00
5df275cd4c
Do the LE conversions before doing the Infiniband-related range checks.
The incorrect checks are otherwise causing a failure to load any policy
with an ibendportcon rule on BE systems. This can be reproduced by
running (on e.g. ppc64):
cat >my_module.cil <<EOF
(type test_ibendport_t)
(roletype object_r test_ibendport_t)
(ibendportcon mlx4_0 1 (system_u object_r test_ibendport_t ((s0) (s0))))
EOF
semodule -i my_module.cil
Also, fix loading/storing the 64-bit subnet prefix for OCON_IBPKEY to
use a correctly aligned buffer.
Finally, do not use the 'nodebuf' (u32) buffer where 'buf' (__le32)
should be used instead.
Tested internally on a ppc64 machine with a RHEL 7 kernel with this
patch applied.
Cc: Daniel Jurgens <danielj@mellanox.com>
Cc: Eli Cohen <eli@mellanox.com>
Cc: James Morris <jmorris@namei.org>
Cc: Doug Ledford <dledford@redhat.com>
Cc: <stable@vger.kernel.org> # 4.13+
Fixes:
|
||
|---|---|---|
| .. | ||
| avtab.c | ||
| avtab.h | ||
| conditional.c | ||
| conditional.h | ||
| constraint.h | ||
| context.h | ||
| ebitmap.c | ||
| ebitmap.h | ||
| hashtab.c | ||
| hashtab.h | ||
| mls.c | ||
| mls.h | ||
| mls_types.h | ||
| policydb.c | ||
| policydb.h | ||
| services.c | ||
| services.h | ||
| sidtab.c | ||
| sidtab.h | ||
| status.c | ||
| symtab.c | ||
| symtab.h | ||