mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-12 21:57:43 +00:00
5df275cd4c
Do the LE conversions before doing the Infiniband-related range checks.
The incorrect checks are otherwise causing a failure to load any policy
with an ibendportcon rule on BE systems. This can be reproduced by
running (on e.g. ppc64):
cat >my_module.cil <<EOF
(type test_ibendport_t)
(roletype object_r test_ibendport_t)
(ibendportcon mlx4_0 1 (system_u object_r test_ibendport_t ((s0) (s0))))
EOF
semodule -i my_module.cil
Also, fix loading/storing the 64-bit subnet prefix for OCON_IBPKEY to
use a correctly aligned buffer.
Finally, do not use the 'nodebuf' (u32) buffer where 'buf' (__le32)
should be used instead.
Tested internally on a ppc64 machine with a RHEL 7 kernel with this
patch applied.
Cc: Daniel Jurgens <danielj@mellanox.com>
Cc: Eli Cohen <eli@mellanox.com>
Cc: James Morris <jmorris@namei.org>
Cc: Doug Ledford <dledford@redhat.com>
Cc: <stable@vger.kernel.org> # 4.13+
Fixes:
|
||
---|---|---|
.. | ||
avtab.c | ||
avtab.h | ||
conditional.c | ||
conditional.h | ||
constraint.h | ||
context.h | ||
ebitmap.c | ||
ebitmap.h | ||
hashtab.c | ||
hashtab.h | ||
mls.c | ||
mls.h | ||
mls_types.h | ||
policydb.c | ||
policydb.h | ||
services.c | ||
services.h | ||
sidtab.c | ||
sidtab.h | ||
status.c | ||
symtab.c | ||
symtab.h |