From patchwork Tue Feb 28 14:35:08 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stephen Smalley X-Patchwork-Id: 9595781 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 6703260574 for ; Tue, 28 Feb 2017 14:32:37 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5DA3B27816 for ; Tue, 28 Feb 2017 14:32:37 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 5279E26E56; Tue, 28 Feb 2017 14:32:37 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2B36527816 for ; Tue, 28 Feb 2017 14:32:36 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751898AbdB1Oce (ORCPT ); Tue, 28 Feb 2017 09:32:34 -0500 Received: from smtp.nsa.gov ([8.44.101.9]:55649 "EHLO emsm-gh1-uea11.nsa.gov" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751677AbdB1Occ (ORCPT ); Tue, 28 Feb 2017 09:32:32 -0500 X-IronPort-AV: E=Sophos;i="5.35,219,1484006400"; d="scan'208";a="3533269" IronPort-PHdr: =?us-ascii?q?9a23=3AxrItDh9zbchvQv9uRHKM819IXTAuvvDOBiVQ1KB2?= =?us-ascii?q?2u4cTK2v8tzYMVDF4r011RmSDNidsaIP1baempujcFRI2YyGvnEGfc4EfD4+ou?= =?us-ascii?q?JSoTYdBtWYA1bwNv/gYn9yNs1DUFh44yPzahANS47xaFLIv3K98yMZFAnhOgpp?= =?us-ascii?q?POT1HZPZg9iq2+yo9ZDeZwVFiCCjbb5xIxm7rArcvdQKjIV/Lao81gHHqWZSde?= =?us-ascii?q?RMwmNoK1OTnxLi6cq14ZVu7Sdete8/+sBZSan1cLg2QrJeDDQ9LmA6/9brugXZ?= =?us-ascii?q?TQuO/XQTTGMbmQdVDgff7RH6WpDxsjbmtud4xSKXM9H6QawyVD+/4ahrUhvogz?= =?us-ascii?q?oZOTA//m/cl8h8gLtFrB69ohByxZPfboOIO/pkZq7Tfc0US3dPUMhSUCJMGZ+w?= =?us-ascii?q?Y5cVAuYdJ+tUs5Xxql0TphW+HwmsA+bvxydViH/qw6I6y+QhHh/A3Ac9AtwOtW?= =?us-ascii?q?7brNHxNKgMUeG+0a7FzS7eYPNNwjr99IjJfQwhofGLR75wd9HRxlM1GwPKiVWQ?= =?us-ascii?q?t5XoMjWI3eoOq2iW9/dsWO2ghmI9qwx9vyKjytkjh4XXnI4Z11bJ/jhjzokvP9?= =?us-ascii?q?23Ukt7bMahEJtXqi6VKZN7QtgnQ2F0oCY6zaAGuYKjcCgK1psnwxnfZuSbc4eS?= =?us-ascii?q?+BLjVfuRISxiiHJ5eLOwmxay8U+6xu36Ssa0y0pFojBAktnNsnABzx3T6s6ZRf?= =?us-ascii?q?th5kqtxDmC2g/J5uxEPEw4j7TXJpE/zrIqi5YfqUHDETX3mEXygq+WbEIk+u2w?= =?us-ascii?q?5uT8f7rmvYSRN5N0iw7iMqQundazAeIjMgcURWSb9uO81KP78U3jXLpKluE2kr?= =?us-ascii?q?XesJ3CKsUbp7S2AwhR0oYk7Ra/AC2q0dQGknQcLVJFfg6HgJbtO13UPP/4CvK/?= =?us-ascii?q?iUy2kDh33/DGIqHhApLVI3jBi7fheaxy5FVcyQco1tBf+olUBa8bLP3vW077rM?= =?us-ascii?q?bYAQMhMwyo3+bnD81w1psEVmKSBq+UK7vSvkWV5uIrOuWMYYgVuDHnK/c7/fLh?= =?us-ascii?q?kXg5mVoFd6mzwZQXcGy4HuhhI0iBZXrsg9EBEXoFvwYnV+zllkGNUSNJZ3azQ6?= =?us-ascii?q?I95ig3CIehDYjeW4CthKKO0TylHp1ZeG9GEEqAEXT2eIWeXfcDdiaSLtVmkjwe?= =?us-ascii?q?WrirU5Uh2g22tA/m17pnKfLZ+i8CupLmytd1/PfflRUo+TxxCMSdyXuNT2Bvnm?= =?us-ascii?q?4TQD82xrpwrlB5ylidy6R3n/tYFdkAr89OBwUzMJPHieg8DtfoQAPaVtCTQV2i?= =?us-ascii?q?T5OtBjRiYMg2xoo1f0tlG9ikxivG1i6uDq5dw6eHH7Qo46nc2D73PM87xHHYgv?= =?us-ascii?q?pyx2I6S9dCYDX1zpV08BLeUsuTy0g=3D?= X-IPAS-Result: =?us-ascii?q?A2HmBAAHibVY/wHyM5BeHAEBBAEBCgEBFwEBBAEBCgEBgyW?= =?us-ascii?q?Bap4ZAQEBAQEGlEiEHBqGCIIrVwEBAQEBAQEBAgECXyiCMyKDGyiBKYlqDbMVJ?= =?us-ascii?q?gKLBzKGB4llb4IADIMNBZBSi1GSLAKBeYhnDIYoApMyWIEBGQgCEggdD4cpIjW?= =?us-ascii?q?HbII8AQEB?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea11.nsa.gov with ESMTP; 28 Feb 2017 14:31:44 +0000 Received: from moss-pluto.infosec.tycho.ncsc.mil (moss-pluto [192.168.25.131]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id v1SEVdwJ001154; Tue, 28 Feb 2017 09:31:39 -0500 From: Stephen Smalley To: james.l.morris@oracle.com Cc: linux-security-module@vger.kernel.org, paul@paul-moore.com, jslaby@suse.cz, selinux@tycho.nsa.gov, xiaolong.ye@intel.com, Stephen Smalley Subject: [PATCH] selinux: fix kernel BUG on prlimit(..., NULL, NULL) Date: Tue, 28 Feb 2017 09:35:08 -0500 Message-Id: <1488292508-32506-1-git-send-email-sds@tycho.nsa.gov> X-Mailer: git-send-email 2.7.4 Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP commit 79bcf325e6b32b3c ("prlimit,security,selinux: add a security hook for prlimit") introduced a security hook for prlimit() and implemented it for SELinux. However, if prlimit() is called with NULL arguments for both the new limit and the old limit, then the hook is called with 0 for the read/write flags, since the prlimit() will neither read nor write the process' limits. This would in turn lead to calling avc_has_perm() with 0 for the requested permissions, which triggers a BUG_ON() in avc_has_perm_noaudit() since the kernel should never be invoking avc_has_perm() with no permissions. Fix this in the SELinux hook by returning immediately if the flags are 0. Arguably prlimit64() itself ought to return immediately if both old_rlim and new_rlim are NULL since it is effectively a no-op in that case. Reported by the lkp-robot based on trinity testing. Signed-off-by: Stephen Smalley Acked-by: Paul Moore --- security/selinux/hooks.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 4a80bd8..af1ff15 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -3922,6 +3922,8 @@ int selinux_task_prlimit(const struct cred *cred, const struct cred *tcred, { u32 av = 0; + if (!flags) + return 0; if (flags & LSM_PRLIMIT_WRITE) av |= PROCESS__SETRLIMIT; if (flags & LSM_PRLIMIT_READ)