From patchwork Wed Nov 23 05:02:54 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Vishal Goel <vishal.goel@samsung.com>
X-Patchwork-Id: 9442623
Return-Path: <linux-security-module-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	69DDB6075F
	for <patchwork-linux-security-module@patchwork.kernel.org>;
	Wed, 23 Nov 2016 05:08:20 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5C8D71FFCA
	for <patchwork-linux-security-module@patchwork.kernel.org>;
	Wed, 23 Nov 2016 05:08:20 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 5117720700; Wed, 23 Nov 2016 05:08:20 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI
	autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A26681FFCA
	for <patchwork-linux-security-module@patchwork.kernel.org>;
	Wed, 23 Nov 2016 05:08:16 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1750916AbcKWFIP (ORCPT
	<rfc822;patchwork-linux-security-module@patchwork.kernel.org>);
	Wed, 23 Nov 2016 00:08:15 -0500
Received: from mailout2.samsung.com ([203.254.224.25]:41270 "EHLO
	mailout2.samsung.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1750857AbcKWFIP (ORCPT
	<rfc822;linux-security-module@vger.kernel.org>);
	Wed, 23 Nov 2016 00:08:15 -0500
Received: from epcpsbgm2new.samsung.com (epcpsbgm2 [203.254.230.27])
	by mailout2.samsung.com
	(Oracle Communications Messaging Server 7.0.5.31.0 64bit (built May 5
	2014)) with ESMTP id <0OH202A8TWWDUD20@mailout2.samsung.com> for
	linux-security-module@vger.kernel.org;
	Wed, 23 Nov 2016 14:07:25 +0900 (KST)
X-AuditID: cbfee61b-f796f6d000004092-96-5835240d9f35
Received: from epmmp2 ( [203.254.227.17]) by epcpsbgm2new.samsung.com
	(EPCPMTA) with SMTP id 64.20.16530.D0425385;
	Wed, 23 Nov 2016 14:07:25 +0900 (KST)
Received: from localhost.localdomain ([107.108.92.210])
	by mmp2.samsung.com (Oracle Communications Messaging Server
	7.0.5.31.0 64bit (built May 5 2014)) with ESMTPA id
	<0OH200M9BWW1BTC0@mmp2.samsung.com>; Wed,
	23 Nov 2016 14:07:25 +0900 (KST)
From: Vishal Goel <vishal.goel@samsung.com>
To: casey@schaufler-ca.com, linux-security-module@vger.kernel.org
Cc: vishal.goel@samsung.com, himanshu.sh@samsung.com,
	Vishal Goel <vishal.goel@samsung.com>,
	Himanshu Shukla <himanshu.sh@samsung.com>
Subject: [PATCH 3/3] Smack: Fix the issue of wrong SMACK label update in
	socket bind fail case
Date: Wed, 23 Nov 2016 10:32:54 +0530
Message-id: <1479877374-23604-1-git-send-email-vishal.goel@samsung.com>
X-Mailer: git-send-email 1.9.1
X-Brightmail-Tracker: 
 H4sIAAAAAAAAA+NgFtrDLMWRmVeSWpSXmKPExsVy+t9jQV1eFdMIg+mXFS3ubfvFZrH3SQur
	xYeeR2wW626fZnRg8ejbsorR4+j+RWwenzfJBTBHudlkpCampBYppOYl56dk5qXbKoWGuOla
	KCnkJeam2ipF6PqGBCkplCXmlAJ5RgZowME5wD1YSd8uwS3j4sq3jAXLpCtmT9BoYNwo1sXI
	ySEhYCKxoeMRM4QtJnHh3nq2LkYuDiGBWYwS2/YeYIJwfjJKPGzdDVbFJqAt0TvvLhOILSLg
	KNF4ajlYEbNAF6PE2WmdrCAJYYEEiebeT4wgNouAqsSC85fA4rwC7hJ93W9ZINbJSZw8Npl1
	AiP3AkaGVYwSqQXJBcVJ6blGeanlesWJucWleel6yfm5mxjBIfdMegfj4V3uhxgFOBiVeHg1
	tphECLEmlhVX5h5ilOBgVhLhjZUzjRDiTUmsrEotyo8vKs1JLT7EaAp0wERmKdHkfGA85JXE
	G5qYm5gbG1iYW1qaGCmJ8zbOfhYuJJCeWJKanZpakFoE08fEwSnVwKiwinvqg7jt9z6J/ryQ
	Xad27+nz+LOCLVNTLM4c3xDDznH5nH1D/qb2KNtI+WlRSz/cdPy66IZXzTnGD4eWzuVSzAwW
	4rVkd7xnty1x5Tb+AoGVbpGiV9a0pKt1BU7/f6U51kmQaye3l5BY4VIbHfvr/zVerLik0KK4
	bILigz98keFOD0yutCqxFGckGmoxFxUnAgAUm3aNTwIAAA==
X-MTR: 20000000000000000@CPGS
Sender: owner-linux-security-module@vger.kernel.org
Precedence: bulk
List-ID: <linux-security-module.vger.kernel.org>
X-Virus-Scanned: ClamAV using ClamSMTP

Fix the issue of wrong SMACK label (SMACK64IPIN) update when a second bind
call is made to same IP address & port, but with different SMACK label
(SMACK64IPIN) by second instance of server. In this case server returns
with "Bind:Address already in use" error but before returning, SMACK label
is updated in SMACK port-label mapping list inside smack_socket_bind() hook

To fix this issue a new check has been added in smk_ipv6_port_label()
function before updating the existing port entry. It checks whether the
socket for matching port entry is closed or not. If it is closed then it
means port is not bound and it is safe to update the existing port entry
else return if port is still getting used. For checking whether socket is
closed or not, one more field "smk_can_reuse" has been added in the
"smk_port_label" structure. This field will be set to '1' in
"smack_sk_free_security()" function which is called to free the socket
security blob when the socket is being closed. In this function, port entry
is searched in the SMACK port-label mapping list for the closing socket.
If entry is found then "smk_can_reuse" field is set to '1'.Initially
"smk_can_reuse" field is set to '0' in smk_ipv6_port_label() function after
creating a new entry in the list which indicates that socket is in use.

Signed-off-by: Vishal Goel <vishal.goel@samsung.com>
Signed-off-by: Himanshu Shukla <himanshu.sh@samsung.com>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
---
 security/smack/smack.h     |  1 +
 security/smack/smack_lsm.c | 20 ++++++++++++++++++++
 2 files changed, 21 insertions(+)

diff --git a/security/smack/smack.h b/security/smack/smack.h
index 7d92c74..3ea0cc6 100644
--- a/security/smack/smack.h
+++ b/security/smack/smack.h
@@ -174,6 +174,7 @@ struct smk_port_label {
 	struct smack_known	*smk_in;	/* inbound label */
 	struct smack_known	*smk_out;	/* outgoing label */
 	short			sock_type;	/*Socket type*/
+	short			smk_can_reuse;
 };
 #endif /* SMACK_IPV6_PORT_LABELING */
 
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 0ed61e9..8b8b496 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -2355,6 +2355,20 @@ static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags)
  */
 static void smack_sk_free_security(struct sock *sk)
 {
+#ifdef SMACK_IPV6_PORT_LABELING
+	struct smk_port_label *spp;
+
+	if (sk->sk_family == PF_INET6) {
+		rcu_read_lock();
+		list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
+			if (spp->smk_sock != sk)
+				continue;
+			spp->smk_can_reuse = 1;
+			break;
+		}
+		rcu_read_unlock();
+	}
+#endif
 	kfree(sk->sk_security);
 }
 
@@ -2638,10 +2652,15 @@ static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address)
 	list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
 		if (spp->smk_port != port || spp->sock_type != sock->type)
 			continue;
+		if (spp->smk_can_reuse != 1) {
+			rcu_read_unlock();
+			return;
+		}
 		spp->smk_port = port;
 		spp->smk_sock = sk;
 		spp->smk_in = ssp->smk_in;
 		spp->smk_out = ssp->smk_out;
+		spp->smk_can_reuse = 0;
 		rcu_read_unlock();
 		return;
 	}
@@ -2658,6 +2677,7 @@ static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address)
 	spp->smk_in = ssp->smk_in;
 	spp->smk_out = ssp->smk_out;
 	spp->sock_type = sock->type;
+	spp->smk_can_reuse = 0;
 
 	mutex_lock(&smack_ipv6_lock);
 	list_add_rcu(&spp->list, &smk_ipv6_port_list);