From patchwork Sun Mar 24 22:32:31 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Dr. Greg" X-Patchwork-Id: 13600982 X-Patchwork-Delegate: paul@paul-moore.com Received: from blizzard.enjellic.com (wind.enjellic.com [76.10.64.91]) by smtp.subspace.kernel.org (Postfix) with ESMTP id A57C23F9E1 for ; Sun, 24 Mar 2024 22:33:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=76.10.64.91 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711319591; cv=none; b=nT1NvyJtvIDoif+3spGh+d93dMtWBFuGDiTrmZGdtUKTAfJaOF+9WCWoG5NeHFkRkXFASoe5aGmFhB/5PO2J8qmeAcQx+rOcA16R/It1MFF1NdKmYpLVuFIyTkNbSo8h2PCdcmI8l/sTLta4vGFXGp3q7XtVhRwJ7N+iScTmO+c= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711319591; c=relaxed/simple; bh=8zBMnQk/V9WBHUHFdvAFXUZAnoU+jGhda5Pl/lbEmkU=; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version; b=KK9TW7AQS+fmGAGf3FcnhI+Y/3adH9fi2Cfar17r32hNkwAnQi/mqNwCJfHT4t+wa3eEC4GiryeRIe9+oOQjySao0Kz3iUu8ECW+cVDus1ovLadXGsiQiQ2toAzePQ0Tlxib0Luhy5jNivdwVyXcW4JZHw+/I3/tKNc+y5unBHM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=enjellic.com; spf=pass smtp.mailfrom=enjellic.com; arc=none smtp.client-ip=76.10.64.91 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=enjellic.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=enjellic.com Received: from blizzard.enjellic.com (localhost [127.0.0.1]) by blizzard.enjellic.com (8.15.2/8.15.2) with ESMTP id 42OMWW2r006259; Sun, 24 Mar 2024 17:32:32 -0500 Received: (from greg@localhost) by blizzard.enjellic.com (8.15.2/8.15.2/Submit) id 42OMWVrU006257; Sun, 24 Mar 2024 17:32:31 -0500 X-Authentication-Warning: blizzard.enjellic.com: greg set sender to greg@enjellic.com using -f From: Greg Wettstein To: linux-security-module@vger.kernel.org Cc: roberto.sassu@huaweicloud.com Subject: [PATCH] Do not require attributes for security_inode_init_security. Date: Sun, 24 Mar 2024 17:32:31 -0500 Message-Id: <20240324223231.6249-1-greg@enjellic.com> X-Mailer: git-send-email 2.39.1 Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 The integration of the Integrity Measurement Architecture (IMA) into the LSM infrastructure introduced a conditional check that denies access to the security_inode_init_security() event handler if the LSM extended attribute 'blob' size is 0. This changes the previous behavior of this event handler and results in variable behavior of LSM's depending on the LSM boot configuration. Modify the function so that it removes the need for a non-zero extended attribute blob size and bypasses the memory allocation and freeing that is not needed if the LSM infrastructure is not using extended attributes. Use a break statement to exit the loop that is iterating over the defined handlers for this event if a halting error condition is generated by one of the invoked LSM handlers. The checks for how to handle cleanup are executed at the end of the loop regardless of how the loop terminates. A two exit label strategy is implemented. One of the exit labels is a target for the no attribute case while the second is the target for the case where memory allocated for processing of extended attributes needs to be freed. Signed-off-by: Greg Wettstein --- security/security.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/security/security.c b/security/security.c index 7035ee35a393..a0b52b964688 100644 --- a/security/security.c +++ b/security/security.c @@ -1717,10 +1717,7 @@ int security_inode_init_security(struct inode *inode, struct inode *dir, if (unlikely(IS_PRIVATE(inode))) return 0; - if (!blob_sizes.lbs_xattr_count) - return 0; - - if (initxattrs) { + if (blob_sizes.lbs_xattr_count && initxattrs) { /* Allocate +1 for EVM and +1 as terminator. */ new_xattrs = kcalloc(blob_sizes.lbs_xattr_count + 2, sizeof(*new_xattrs), GFP_NOFS); @@ -1733,7 +1730,7 @@ int security_inode_init_security(struct inode *inode, struct inode *dir, ret = hp->hook.inode_init_security(inode, dir, qstr, new_xattrs, &xattr_count); if (ret && ret != -EOPNOTSUPP) - goto out; + break; /* * As documented in lsm_hooks.h, -EOPNOTSUPP in this context * means that the LSM is not willing to provide an xattr, not @@ -1742,19 +1739,22 @@ int security_inode_init_security(struct inode *inode, struct inode *dir, */ } - /* If initxattrs() is NULL, xattr_count is zero, skip the call. */ - if (!xattr_count) - goto out; + /* Skip xattr processing if no attributes are in use. */ + if (!blob_sizes.lbs_xattr_count) + goto out2; + /* No attrs or an LSM returned an actionable error code. */ + if (!xattr_count || (ret && ret != -EOPNOTSUPP)) + goto out1; ret = evm_inode_init_security(inode, dir, qstr, new_xattrs, &xattr_count); - if (ret) - goto out; - ret = initxattrs(inode, new_xattrs, fs_data); -out: + if (!ret) + ret = initxattrs(inode, new_xattrs, fs_data); + out1: for (; xattr_count > 0; xattr_count--) kfree(new_xattrs[xattr_count - 1].value); kfree(new_xattrs); + out2: return (ret == -EOPNOTSUPP) ? 0 : ret; } EXPORT_SYMBOL(security_inode_init_security);