From patchwork Tue Jun 28 00:55:53 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Casey Schaufler <casey@schaufler-ca.com>
X-Patchwork-Id: 12897421
Return-Path: <linux-nfs-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 4B4C0C433EF
	for <linux-nfs@archiver.kernel.org>; Tue, 28 Jun 2022 01:07:21 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S242875AbiF1BHT (ORCPT <rfc822;linux-nfs@archiver.kernel.org>);
        Mon, 27 Jun 2022 21:07:19 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35088 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S242811AbiF1BHS (ORCPT
        <rfc822;linux-nfs@vger.kernel.org>); Mon, 27 Jun 2022 21:07:18 -0400
Received: from sonic304-28.consmr.mail.ne1.yahoo.com
 (sonic304-28.consmr.mail.ne1.yahoo.com [66.163.191.154])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 01DF322539
        for <linux-nfs@vger.kernel.org>; Mon, 27 Jun 2022 18:07:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1656378434; bh=aw7sdlRZ8+yTH4ZutWyqDOvJ3351w3XteiZy62cDUVM=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To;
 b=YY3r3riZc5HbOfs1ic71Qou6blZT/88EC6ngwEPCvV9b9cpIUKvxLDXQ3QmD2Wr8pwUzrx8kLEzaVl942vQrjVqfFmwUSh91lR4MAZiBOJLITUDTIEq28dt91ghMiCDRLpuk4pkW8bDrDzTpMYqM5HN/S8ghvQks2pvikPlyYAJlz0TiDg4fscTB/YlbO84VYVdDX07go28lGNLhWGwBp3g4o6kGIhr+pQxIpLGGV1DQjUuReIgXoNgpENMQd5Fl6keA+LuvQ+sgIajg3C0V7PsoUnfBwR6edguomDAMtk1JFNkyfsXljcCmTU2nXXnR6JftzLVlClUCY2sSHbafkA==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1656378434; bh=8a8JxfEKsl4hP/RPXhvPmjxxfyzvrLjdGGuivDs/i8j=;
 h=X-Sonic-MF:From:To:Subject:Date:From:Subject;
 b=QzDolqyQvbaT/HFve69pyXUkioiPYQCRGyC0x4LRgAtay2osjmTpsW7TAyRcb9mYkAQAd1CfcmV4GLVKY6f56rngB8mAguVedevjbmW8Nf2otDppW/0RXjWGf8k8yJE2ubz8V2Xk1DEpdS2f1OjIJIvEiTcCuktZHsE/gOvwrnNBCi8Q2pk+0x8eOrUCxVB7SC9WXeN/PTG5gRq2YSs4i3pbF2jHG2WZyfEvECqEefeMP1TBi4mFtVHrF7VnPSF6czNL4O5lvHknandJcANHQWY2ENNQ5a6boDfT4J6l+rbsqcPLXH688zwbjxGYAwuChZ58/LwNdt4PckltadmXUQ==
X-YMail-OSG: BbX5a8YVM1kl0nymA5_sb.E2emLuMr8Qnnz2kRiSToGaxeefgOUzTChJXMPlQTa
 yZPOd.IkJ3u7gJ_hul50fUbt38PtctvZL7cBgaAMDkRlyI81DEN8Px.LXoPfqEFbiorYyLpLUQri
 YmvKp3loecIEMnn4NEaywv.3bW4m1MXe_Zz19Y.R0oZbYH7CPXWU_dQ6U98TClQD.K8k4uD7NU_M
 a3pFSRbnYf9RbRzzjde3kZhepxVvbIGIwPsftbc_BA8BXvBhhpk7EYyvCKIdEzDEzkiFounJcdJP
 wtCksL7hyhK08v2o1.lAkh70162SyN3.S0eO5agnmsDk3HATjT5JNH4FOuDbMlwJrWrAm.4V8eZy
 uLdWkXWizImwt4FpwYLWiv43zEhbisVqNRkpIRbjj2guzlk1CVDqdTI9WcVHLhcK0Q7XUs8fUuO9
 YTMbIGxQqlMrDHcQK6i5vBN4FiVYaNDoVlLkeQIquRa5YdOcUKRPRBLgrRCgBszBG8XgZbU1QbAH
 oErJS1wiHvxaknYKfJmIK6vPo_YR8B.ZOfblH7Lb3YhJn7lja3cg87DTVen65VVsMpCoWSM8o2.D
 ck_zkEFBnnTCI0DClKOt.delWEF8owamdYW_VHs7tmQzEDIWq6fFLywugjax9eQ2JxqFDR8g9040
 MVanoYx0pjuaEJby94tqucTxp0i1PlHHcHkASVK4AkvGoISHfBWVjXN9ICp2oSwLkaqMwEZXPi5i
 m7KN0eNbf7fgINAnZax0PxTjoMdl2BDhAHlrWHDJdiKseoi28lgYZIHTvyNKqnL5qe8o6u7Xre7Z
 AXV6jnAy92s07tPXyTuYmm1nmglLdQg0E2YmQjYeti8ye8fm2fHgclTWiVDKyGvmoO2XaTpihgiA
 87QQ42J5hatGyD9wCfwhQImN9BJ3BrR8xIB6UEhjlQRuMu3mjsZXYqRzvngjrIJND._D2jv0dMZF
 ZT4zMo_TrjrdNhvrKE7vbsJq7enyFfKgPZln2jWT_glfC3znc4RSROL6DRYyB5o65dKW.PbxEcw5
 pqlhPu4u2uPk4feS4tR6od1tXc0km92QD98OVfxjAlMGLTD07JFfnwSqbvzFth91.rKHTNdTW9dM
 dgh6y8weZXojz8Ri3RkZijVgTYP1pwtlB3dkgHTGIyjUj8TW05anEq_ho0fdPAKcCZ2fH8kTPSf8
 KbRKq10cSCmo_apxyz5uHYz1LJKj1vna4M2zhlmNNty3BoTdTZ_NFhwBqWd2xsgIRrpEfji_q0Dj
 6_EJrWXll74C.5FvF_FevNDkVqGF9nTgDW_6B1Qt9IERoxdzHJOPIucqLOo5i0rXDKTZ6Jrivky7
 _MyJAMOYAdzc67jglh.npV.4T94jKJZOD2aE.oHmQSX_VHYYlhuXJpvPLN0cn0LrbNfblTOFTHZS
 RXXILoStZM8GvxViETAvjHXQMKYLit31zIAaZ7UMlZscEXcunHSAUssXV6JGZP4JY4AVLNktvH2I
 HtfAAV4yTnkpe_rkZoUHnoxxcLdY.oRP_s7Q3zlzKfYVcmHxfEGfqbtyHcxRXOnyI.2BcVKZ9pMN
 3jxvCGzKjN.nbDGSkCEOo9vjD.lI3EmQaRN5mTmb_ttULAR00dGQyOVHC8QsKb5yx41lJxwrkIjF
 fVtBw2HOKJ99sOEaNnLUwWLWPCkEP3qH6Iaif3Aoy0S_y5dCecJ1eqv7kmynwQFHvnNRPq2NRXfF
 UjXtqM9pt3SC36beAgV.gZV0TZCV_A9Wz5AcYRqGPl0i6rBcYLKgyx4hd_gbdwHbYNU3gKbxP6fP
 .mc.YtgJdrwXmwE51XCKaGYAPdJptwds5Qfuc5RTvciMWRujhpvx3FTvoyc1HvjB0yEBGKsrJ58u
 pxrhvs.FrQtsqnkXxdkqVwmiC9YanaSLkE.SsrT9gsbaStdoVC3SNmoiTqeIU87rnEd1vT8aNvaG
 dQ6_tZ4bpv5poWo.Vs3GWh_kE2yA9TQzl7hciRBUZYNLU9C7qVK528jg3MS34r1PxDgQ.20X5zZy
 NnckRrOv9f3e.IloOxFN_qeqPoL6VfDkNfaJr4iTpkM5tTbRZHKWjV58fKPR6QHWSQszZlPGhXTq
 9bnX5IWL41MEYzwUjZ1EYyX1uMRlyGZhfuNQLIu32LlhuZHtg6m.w.JzWOwPrkFoIopU_ihPzviD
 oqRmcIWVhLkiJpihDVUKp84pkyn.SAtC.uicsz1e1avV52Vxsn4f.w.n5O7p1x_ar6ArW5vlZ1.b
 zzpDiFdTyHuYpCuqzxyErN_9tnYSoqLe6c7jXSqD1v34PagBtPepfNzpNUrIEbzdC7MJh_ekJazq
 Jv62nkJWb3S6kY4F6eDIhnHfL_x0dw_qdxHZENyMAhIGFiKpYbSsxWObm.O2XAueV
X-Sonic-MF: <casey@schaufler-ca.com>
Received: from sonic.gate.mail.ne1.yahoo.com by
 sonic304.consmr.mail.ne1.yahoo.com with HTTP; Tue, 28 Jun 2022 01:07:14 +0000
Received: by hermes--production-ne1-7459d5c5c9-fdkvw (Yahoo Inc. Hermes SMTP
 Server) with ESMTPA ID 2b15a6d5cfb14c238c7aa5ef58eb279b;
          Tue, 28 Jun 2022 01:07:12 +0000 (UTC)
From: Casey Schaufler <casey@schaufler-ca.com>
To: casey.schaufler@intel.com, jmorris@namei.org,
        linux-security-module@vger.kernel.org, selinux@vger.kernel.org
Cc: casey@schaufler-ca.com, linux-audit@redhat.com,
        keescook@chromium.org, john.johansen@canonical.com,
        penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com,
        stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org,
        Chuck Lever <chuck.lever@oracle.com>,
        linux-integrity@vger.kernel.org, netdev@vger.kernel.org,
        netfilter-devel@vger.kernel.org, linux-nfs@vger.kernel.org
Subject: [PATCH v37 15/33] LSM: Ensure the correct LSM context releaser
Date: Mon, 27 Jun 2022 17:55:53 -0700
Message-Id: <20220628005611.13106-16-casey@schaufler-ca.com>
X-Mailer: git-send-email 2.36.1
In-Reply-To: <20220628005611.13106-1-casey@schaufler-ca.com>
References: <20220628005611.13106-1-casey@schaufler-ca.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <linux-nfs.vger.kernel.org>
X-Mailing-List: linux-nfs@vger.kernel.org

Add a new lsmcontext data structure to hold all the information
about a "security context", including the string, its size and
which LSM allocated the string. The allocation information is
necessary because LSMs have different policies regarding the
lifecycle of these strings. SELinux allocates and destroys
them on each use, whereas Smack provides a pointer to an entry
in a list that never goes away.

Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: John Johansen <john.johansen@canonical.com>
Acked-by: Paul Moore <paul@paul-moore.com>
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Acked-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Cc: linux-integrity@vger.kernel.org
Cc: netdev@vger.kernel.org
Cc: linux-audit@redhat.com
Cc: netfilter-devel@vger.kernel.org
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: linux-nfs@vger.kernel.org
---
 drivers/android/binder.c                | 10 ++++---
 fs/ceph/xattr.c                         |  6 ++++-
 fs/nfs/nfs4proc.c                       |  8 ++++--
 fs/nfsd/nfs4xdr.c                       |  7 +++--
 include/linux/security.h                | 35 +++++++++++++++++++++++--
 include/net/scm.h                       |  5 +++-
 kernel/audit.c                          | 14 +++++++---
 kernel/auditsc.c                        | 12 ++++++---
 net/ipv4/ip_sockglue.c                  |  4 ++-
 net/netfilter/nf_conntrack_netlink.c    |  4 ++-
 net/netfilter/nf_conntrack_standalone.c |  4 ++-
 net/netfilter/nfnetlink_queue.c         | 13 ++++++---
 net/netlabel/netlabel_unlabeled.c       | 19 +++++++++++---
 net/netlabel/netlabel_user.c            |  4 ++-
 security/security.c                     | 11 ++++----
 15 files changed, 121 insertions(+), 35 deletions(-)

diff --git a/drivers/android/binder.c b/drivers/android/binder.c
index c2f71c22a90e..9c1ed7fbda87 100644
--- a/drivers/android/binder.c
+++ b/drivers/android/binder.c
@@ -2783,6 +2783,7 @@ static void binder_transaction(struct binder_proc *proc,
 	int t_debug_id = atomic_inc_return(&binder_last_id);
 	char *secctx = NULL;
 	u32 secctx_sz = 0;
+	struct lsmcontext scaff; /* scaffolding */
 	struct list_head sgc_head;
 	struct list_head pf_head;
 	const void __user *user_buffer = (const void __user *)
@@ -3116,7 +3117,8 @@ static void binder_transaction(struct binder_proc *proc,
 			t->security_ctx = 0;
 			WARN_ON(1);
 		}
-		security_release_secctx(secctx, secctx_sz);
+		lsmcontext_init(&scaff, secctx, secctx_sz, 0);
+		security_release_secctx(&scaff);
 		secctx = NULL;
 	}
 	t->buffer->debug_id = t->debug_id;
@@ -3532,8 +3534,10 @@ static void binder_transaction(struct binder_proc *proc,
 	binder_alloc_free_buf(&target_proc->alloc, t->buffer);
 err_binder_alloc_buf_failed:
 err_bad_extra_size:
-	if (secctx)
-		security_release_secctx(secctx, secctx_sz);
+	if (secctx) {
+		lsmcontext_init(&scaff, secctx, secctx_sz, 0);
+		security_release_secctx(&scaff);
+	}
 err_get_secctx_failed:
 	kfree(tcomplete);
 	binder_stats_deleted(BINDER_STAT_TRANSACTION_COMPLETE);
diff --git a/fs/ceph/xattr.c b/fs/ceph/xattr.c
index f141f5246163..4c4dad4713b6 100644
--- a/fs/ceph/xattr.c
+++ b/fs/ceph/xattr.c
@@ -1391,12 +1391,16 @@ int ceph_security_init_secctx(struct dentry *dentry, umode_t mode,
 
 void ceph_release_acl_sec_ctx(struct ceph_acl_sec_ctx *as_ctx)
 {
+#ifdef CONFIG_CEPH_FS_SECURITY_LABEL
+	struct lsmcontext scaff; /* scaffolding */
+#endif
 #ifdef CONFIG_CEPH_FS_POSIX_ACL
 	posix_acl_release(as_ctx->acl);
 	posix_acl_release(as_ctx->default_acl);
 #endif
 #ifdef CONFIG_CEPH_FS_SECURITY_LABEL
-	security_release_secctx(as_ctx->sec_ctx, as_ctx->sec_ctxlen);
+	lsmcontext_init(&scaff, as_ctx->sec_ctx, as_ctx->sec_ctxlen, 0);
+	security_release_secctx(&scaff);
 #endif
 	if (as_ctx->pagelist)
 		ceph_pagelist_release(as_ctx->pagelist);
diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
index c0fdcf8c0032..d6bdb0868729 100644
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -133,8 +133,12 @@ nfs4_label_init_security(struct inode *dir, struct dentry *dentry,
 static inline void
 nfs4_label_release_security(struct nfs4_label *label)
 {
-	if (label)
-		security_release_secctx(label->label, label->len);
+	struct lsmcontext scaff; /* scaffolding */
+
+	if (label) {
+		lsmcontext_init(&scaff, label->label, label->len, 0);
+		security_release_secctx(&scaff);
+	}
 }
 static inline u32 *nfs4_bitmask(struct nfs_server *server, struct nfs4_label *label)
 {
diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c
index 61b2aae81abb..512ad208d62a 100644
--- a/fs/nfsd/nfs4xdr.c
+++ b/fs/nfsd/nfs4xdr.c
@@ -2830,6 +2830,7 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp,
 	int err;
 	struct nfs4_acl *acl = NULL;
 #ifdef CONFIG_NFSD_V4_SECURITY_LABEL
+	struct lsmcontext scaff; /* scaffolding */
 	void *context = NULL;
 	int contextlen;
 #endif
@@ -3341,8 +3342,10 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp,
 
 out:
 #ifdef CONFIG_NFSD_V4_SECURITY_LABEL
-	if (context)
-		security_release_secctx(context, contextlen);
+	if (context) {
+		lsmcontext_init(&scaff, context, contextlen, 0); /*scaffolding*/
+		security_release_secctx(&scaff);
+	}
 #endif /* CONFIG_NFSD_V4_SECURITY_LABEL */
 	kfree(acl);
 	if (tempfh) {
diff --git a/include/linux/security.h b/include/linux/security.h
index a7a445bac8ce..a20fc156c697 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -137,6 +137,37 @@ enum lockdown_reason {
 
 extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1];
 
+/*
+ * A "security context" is the text representation of
+ * the information used by LSMs.
+ * This structure contains the string, its length, and which LSM
+ * it is useful for.
+ */
+struct lsmcontext {
+	char	*context;	/* Provided by the module */
+	u32	len;
+	int	slot;		/* Identifies the module */
+};
+
+/**
+ * lsmcontext_init - initialize an lsmcontext structure.
+ * @cp: Pointer to the context to initialize
+ * @context: Initial context, or NULL
+ * @size: Size of context, or 0
+ * @slot: Which LSM provided the context
+ *
+ * Fill in the lsmcontext from the provided information.
+ * This is a scaffolding function that will be removed when
+ * lsmcontext integration is complete.
+ */
+static inline void lsmcontext_init(struct lsmcontext *cp, char *context,
+				   u32 size, int slot)
+{
+	cp->slot = slot;
+	cp->context = context;
+	cp->len = size;
+}
+
 /*
  * Data exported by the security modules
  *
@@ -589,7 +620,7 @@ int security_ismaclabel(const char *name);
 int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen);
 int security_secctx_to_secid(const char *secdata, u32 seclen,
 			     struct lsmblob *blob);
-void security_release_secctx(char *secdata, u32 seclen);
+void security_release_secctx(struct lsmcontext *cp);
 void security_inode_invalidate_secctx(struct inode *inode);
 int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen);
 int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen);
@@ -1453,7 +1484,7 @@ static inline int security_secctx_to_secid(const char *secdata,
 	return -EOPNOTSUPP;
 }
 
-static inline void security_release_secctx(char *secdata, u32 seclen)
+static inline void security_release_secctx(struct lsmcontext *cp)
 {
 }
 
diff --git a/include/net/scm.h b/include/net/scm.h
index 23a35ff1b3f2..f273c4d777ec 100644
--- a/include/net/scm.h
+++ b/include/net/scm.h
@@ -92,6 +92,7 @@ static __inline__ int scm_send(struct socket *sock, struct msghdr *msg,
 #ifdef CONFIG_SECURITY_NETWORK
 static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm)
 {
+	struct lsmcontext context;
 	struct lsmblob lb;
 	char *secdata;
 	u32 seclen;
@@ -106,7 +107,9 @@ static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct sc
 
 		if (!err) {
 			put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata);
-			security_release_secctx(secdata, seclen);
+			/*scaffolding*/
+			lsmcontext_init(&context, secdata, seclen, 0);
+			security_release_secctx(&context);
 		}
 	}
 }
diff --git a/kernel/audit.c b/kernel/audit.c
index f67f1eb7f4fa..23c8f8cbe8a6 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -1214,6 +1214,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
 	struct audit_sig_info   *sig_data;
 	char			*ctx = NULL;
 	u32			len;
+	struct lsmcontext	scaff; /* scaffolding */
 
 	err = audit_netlink_ok(skb, msg_type);
 	if (err)
@@ -1471,15 +1472,18 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
 		}
 		sig_data = kmalloc(struct_size(sig_data, ctx, len), GFP_KERNEL);
 		if (!sig_data) {
-			if (lsmblob_is_set(&audit_sig_lsm))
-				security_release_secctx(ctx, len);
+			if (lsmblob_is_set(&audit_sig_lsm)) {
+				lsmcontext_init(&scaff, ctx, len, 0);
+				security_release_secctx(&scaff);
+			}
 			return -ENOMEM;
 		}
 		sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid);
 		sig_data->pid = audit_sig_pid;
 		if (lsmblob_is_set(&audit_sig_lsm)) {
 			memcpy(sig_data->ctx, ctx, len);
-			security_release_secctx(ctx, len);
+			lsmcontext_init(&scaff, ctx, len, 0);
+			security_release_secctx(&scaff);
 		}
 		audit_send_reply(skb, seq, AUDIT_SIGNAL_INFO, 0, 0,
 				 sig_data, struct_size(sig_data, ctx, len));
@@ -2171,6 +2175,7 @@ int audit_log_task_context(struct audit_buffer *ab)
 	unsigned len;
 	int error;
 	struct lsmblob blob;
+	struct lsmcontext scaff; /* scaffolding */
 
 	security_current_getsecid_subj(&blob);
 	if (!lsmblob_is_set(&blob))
@@ -2185,7 +2190,8 @@ int audit_log_task_context(struct audit_buffer *ab)
 	}
 
 	audit_log_format(ab, " subj=%s", ctx);
-	security_release_secctx(ctx, len);
+	lsmcontext_init(&scaff, ctx, len, 0);
+	security_release_secctx(&scaff);
 	return 0;
 
 error_path:
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index fa3cfe569ce2..9ed58db58965 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -1121,6 +1121,7 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid,
 				 struct lsmblob *blob, char *comm)
 {
 	struct audit_buffer *ab;
+	struct lsmcontext lsmcxt;
 	char *ctx = NULL;
 	u32 len;
 	int rc = 0;
@@ -1138,7 +1139,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid,
 			rc = 1;
 		} else {
 			audit_log_format(ab, " obj=%s", ctx);
-			security_release_secctx(ctx, len);
+			lsmcontext_init(&lsmcxt, ctx, len, 0); /*scaffolding*/
+			security_release_secctx(&lsmcxt);
 		}
 	}
 	audit_log_format(ab, " ocomm=");
@@ -1398,6 +1400,7 @@ static void audit_log_time(struct audit_context *context, struct audit_buffer **
 
 static void show_special(struct audit_context *context, int *call_panic)
 {
+	struct lsmcontext lsmcxt;
 	struct audit_buffer *ab;
 	int i;
 
@@ -1432,7 +1435,8 @@ static void show_special(struct audit_context *context, int *call_panic)
 				*call_panic = 1;
 			} else {
 				audit_log_format(ab, " obj=%s", ctx);
-				security_release_secctx(ctx, len);
+				lsmcontext_init(&lsmcxt, ctx, len, 0);
+				security_release_secctx(&lsmcxt);
 			}
 		}
 		if (context->ipc.has_perm) {
@@ -1594,6 +1598,7 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n,
 		char *ctx = NULL;
 		u32 len;
 		struct lsmblob blob;
+		struct lsmcontext lsmcxt;
 
 		lsmblob_init(&blob, n->osid);
 		if (security_secid_to_secctx(&blob, &ctx, &len)) {
@@ -1602,7 +1607,8 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n,
 				*call_panic = 2;
 		} else {
 			audit_log_format(ab, " obj=%s", ctx);
-			security_release_secctx(ctx, len);
+			lsmcontext_init(&lsmcxt, ctx, len, 0); /* scaffolding */
+			security_release_secctx(&lsmcxt);
 		}
 	}
 
diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
index 933a8f94f93a..70ca4510ea35 100644
--- a/net/ipv4/ip_sockglue.c
+++ b/net/ipv4/ip_sockglue.c
@@ -130,6 +130,7 @@ static void ip_cmsg_recv_checksum(struct msghdr *msg, struct sk_buff *skb,
 
 static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb)
 {
+	struct lsmcontext context;
 	struct lsmblob lb;
 	char *secdata;
 	u32 seclen, secid;
@@ -145,7 +146,8 @@ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb)
 		return;
 
 	put_cmsg(msg, SOL_IP, SCM_SECURITY, seclen, secdata);
-	security_release_secctx(secdata, seclen);
+	lsmcontext_init(&context, secdata, seclen, 0); /* scaffolding */
+	security_release_secctx(&context);
 }
 
 static void ip_cmsg_recv_dstaddr(struct msghdr *msg, struct sk_buff *skb)
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index ddc8cd65ed12..da36301e2185 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -348,6 +348,7 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct)
 	int len, ret;
 	char *secctx;
 	struct lsmblob blob;
+	struct lsmcontext context;
 
 	/* lsmblob_init() puts ct->secmark into all of the secids in blob.
 	 * security_secid_to_secctx() will know which security module
@@ -368,7 +369,8 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct)
 
 	ret = 0;
 nla_put_failure:
-	security_release_secctx(secctx, len);
+	lsmcontext_init(&context, secctx, len, 0); /* scaffolding */
+	security_release_secctx(&context);
 	return ret;
 }
 #else
diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c
index 2c1f3280d56e..644dec6a8ef5 100644
--- a/net/netfilter/nf_conntrack_standalone.c
+++ b/net/netfilter/nf_conntrack_standalone.c
@@ -179,6 +179,7 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct)
 	u32 len;
 	char *secctx;
 	struct lsmblob blob;
+	struct lsmcontext context;
 
 	lsmblob_init(&blob, ct->secmark);
 	ret = security_secid_to_secctx(&blob, &secctx, &len);
@@ -187,7 +188,8 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct)
 
 	seq_printf(s, "secctx=%s ", secctx);
 
-	security_release_secctx(secctx, len);
+	lsmcontext_init(&context, secctx, len, 0); /* scaffolding */
+	security_release_secctx(&context);
 }
 #else
 static inline void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct)
diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
index 6269fe122345..f69d5e997da2 100644
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -397,6 +397,7 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue,
 	enum ip_conntrack_info ctinfo = 0;
 	const struct nfnl_ct_hook *nfnl_ct;
 	bool csum_verify;
+	struct lsmcontext scaff; /* scaffolding */
 	char *secdata = NULL;
 	u32 seclen = 0;
 	ktime_t tstamp;
@@ -634,8 +635,10 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue,
 	}
 
 	nlh->nlmsg_len = skb->len;
-	if (seclen)
-		security_release_secctx(secdata, seclen);
+	if (seclen) {
+		lsmcontext_init(&scaff, secdata, seclen, 0);
+		security_release_secctx(&scaff);
+	}
 	return skb;
 
 nla_put_failure:
@@ -643,8 +646,10 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue,
 	kfree_skb(skb);
 	net_err_ratelimited("nf_queue: error creating packet message\n");
 nlmsg_failure:
-	if (seclen)
-		security_release_secctx(secdata, seclen);
+	if (seclen) {
+		lsmcontext_init(&scaff, secdata, seclen, 0);
+		security_release_secctx(&scaff);
+	}
 	return NULL;
 }
 
diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c
index bbb3b6a4f0d7..b3e3d920034d 100644
--- a/net/netlabel/netlabel_unlabeled.c
+++ b/net/netlabel/netlabel_unlabeled.c
@@ -374,6 +374,7 @@ int netlbl_unlhsh_add(struct net *net,
 	struct net_device *dev;
 	struct netlbl_unlhsh_iface *iface;
 	struct audit_buffer *audit_buf = NULL;
+	struct lsmcontext context;
 	char *secctx = NULL;
 	u32 secctx_len;
 	struct lsmblob blob;
@@ -447,7 +448,9 @@ int netlbl_unlhsh_add(struct net *net,
 					     &secctx,
 					     &secctx_len) == 0) {
 			audit_log_format(audit_buf, " sec_obj=%s", secctx);
-			security_release_secctx(secctx, secctx_len);
+			/* scaffolding */
+			lsmcontext_init(&context, secctx, secctx_len, 0);
+			security_release_secctx(&context);
 		}
 		audit_log_format(audit_buf, " res=%u", ret_val == 0 ? 1 : 0);
 		audit_log_end(audit_buf);
@@ -478,6 +481,7 @@ static int netlbl_unlhsh_remove_addr4(struct net *net,
 	struct netlbl_unlhsh_addr4 *entry;
 	struct audit_buffer *audit_buf;
 	struct net_device *dev;
+	struct lsmcontext context;
 	char *secctx;
 	u32 secctx_len;
 	struct lsmblob blob;
@@ -508,7 +512,9 @@ static int netlbl_unlhsh_remove_addr4(struct net *net,
 		    security_secid_to_secctx(&blob,
 					     &secctx, &secctx_len) == 0) {
 			audit_log_format(audit_buf, " sec_obj=%s", secctx);
-			security_release_secctx(secctx, secctx_len);
+			/* scaffolding */
+			lsmcontext_init(&context, secctx, secctx_len, 0);
+			security_release_secctx(&context);
 		}
 		audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0);
 		audit_log_end(audit_buf);
@@ -545,6 +551,7 @@ static int netlbl_unlhsh_remove_addr6(struct net *net,
 	struct netlbl_unlhsh_addr6 *entry;
 	struct audit_buffer *audit_buf;
 	struct net_device *dev;
+	struct lsmcontext context;
 	char *secctx;
 	u32 secctx_len;
 	struct lsmblob blob;
@@ -574,7 +581,8 @@ static int netlbl_unlhsh_remove_addr6(struct net *net,
 		    security_secid_to_secctx(&blob,
 					     &secctx, &secctx_len) == 0) {
 			audit_log_format(audit_buf, " sec_obj=%s", secctx);
-			security_release_secctx(secctx, secctx_len);
+			lsmcontext_init(&context, secctx, secctx_len, 0);
+			security_release_secctx(&context);
 		}
 		audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0);
 		audit_log_end(audit_buf);
@@ -1093,6 +1101,7 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd,
 	int ret_val = -ENOMEM;
 	struct netlbl_unlhsh_walk_arg *cb_arg = arg;
 	struct net_device *dev;
+	struct lsmcontext context;
 	void *data;
 	u32 secid;
 	char *secctx;
@@ -1163,7 +1172,9 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd,
 			  NLBL_UNLABEL_A_SECCTX,
 			  secctx_len,
 			  secctx);
-	security_release_secctx(secctx, secctx_len);
+	/* scaffolding */
+	lsmcontext_init(&context, secctx, secctx_len, 0);
+	security_release_secctx(&context);
 	if (ret_val != 0)
 		goto list_cb_failure;
 
diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c
index 893301ae0131..ef139d8ae7cd 100644
--- a/net/netlabel/netlabel_user.c
+++ b/net/netlabel/netlabel_user.c
@@ -84,6 +84,7 @@ struct audit_buffer *netlbl_audit_start_common(int type,
 					       struct netlbl_audit *audit_info)
 {
 	struct audit_buffer *audit_buf;
+	struct lsmcontext context;
 	char *secctx;
 	u32 secctx_len;
 	struct lsmblob blob;
@@ -103,7 +104,8 @@ struct audit_buffer *netlbl_audit_start_common(int type,
 	if (audit_info->secid != 0 &&
 	    security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) {
 		audit_log_format(audit_buf, " subj=%s", secctx);
-		security_release_secctx(secctx, secctx_len);
+		lsmcontext_init(&context, secctx, secctx_len, 0);/*scaffolding*/
+		security_release_secctx(&context);
 	}
 
 	return audit_buf;
diff --git a/security/security.c b/security/security.c
index d60bc6abaa40..e434f085afab 100644
--- a/security/security.c
+++ b/security/security.c
@@ -2373,16 +2373,17 @@ int security_secctx_to_secid(const char *secdata, u32 seclen,
 }
 EXPORT_SYMBOL(security_secctx_to_secid);
 
-void security_release_secctx(char *secdata, u32 seclen)
+void security_release_secctx(struct lsmcontext *cp)
 {
 	struct security_hook_list *hp;
-	int ilsm = lsm_task_ilsm(current);
 
 	hlist_for_each_entry(hp, &security_hook_heads.release_secctx, list)
-		if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot) {
-			hp->hook.release_secctx(secdata, seclen);
-			return;
+		if (cp->slot == hp->lsmid->slot) {
+			hp->hook.release_secctx(cp->context, cp->len);
+			break;
 		}
+
+	memset(cp, 0, sizeof(*cp));
 }
 EXPORT_SYMBOL(security_release_secctx);
 

From patchwork Tue Jun 28 00:55:55 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Casey Schaufler <casey@schaufler-ca.com>
X-Patchwork-Id: 12897422
Return-Path: <linux-nfs-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 716C5C433EF
	for <linux-nfs@archiver.kernel.org>; Tue, 28 Jun 2022 01:08:07 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S242864AbiF1BIF (ORCPT <rfc822;linux-nfs@archiver.kernel.org>);
        Mon, 27 Jun 2022 21:08:05 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35156 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S242899AbiF1BHW (ORCPT
        <rfc822;linux-nfs@vger.kernel.org>); Mon, 27 Jun 2022 21:07:22 -0400
Received: from sonic302-26.consmr.mail.ne1.yahoo.com
 (sonic302-26.consmr.mail.ne1.yahoo.com [66.163.186.152])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 85FEF205EB
        for <linux-nfs@vger.kernel.org>; Mon, 27 Jun 2022 18:07:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1656378440; bh=FN94LEWzwUDDYtALZrFGtv3Fq1k9e81NgNZU/g6SJyc=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To;
 b=MANiyw22EhfLWbwhyqCW4KjrClAoFR8epQ/SBuw94qw/oQf6cVgxRhBC1NwswLY5Vz3qsLgY/yXu/tqE0DCetJMu2JdEuE/LWEhi30HHcFrxdlef0w48CoY2Da81ze/KHJp8OhAq/mb4wbdueUi3eIcpxUB3p+M7I7o8rYXnjsHJivvYpWw/4JlsZt/sRJHECz66NE54hzHubw1CIF0cXhgyXpXqB+gHK+bdKgMBGt/vNLgOWDMqW+Ec9VInCInZyOmgnYcljBNmSC6pXDMChPahg6WPAuzmK0aU2JyWGk5yPe8bAkuaPHxBm1b9Wl2xAA9xEigSUWZ6nMky9xp/Pg==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1656378440; bh=PYmmTdTxxHW7kUJqiEbzlTal8wzsRZE9Hh+8i/+6owp=;
 h=X-Sonic-MF:From:To:Subject:Date:From:Subject;
 b=J8fZ7WJCb9Je4gkOv0PZMV4s4iIZLTQb49M7ir5EFhWYdtYQbSxdbNofOqFyc57CPTzQTuGfmZmU2McCpIvVea5IKqyZ2ItCIuF6n01j9yhoXtz4X41cNbosyryui1iPqjTsVTHTZiDQSDKN3LNMI+TFlMpNtOGSem2QRjlG2UZBj0ABpRnpiy45r5VLkRxxI1igJgeNvEsZPTzKYekx6nh9SYQNu475jViBx5ZSzyLrEDcxKR7s8euOqF2ws6l7gzOmvlaipPph16jx8TaaDkaB7F7x5JWllTSB9pp7m1InZIBc/6c6/rAfUqg59SfbsCsQuOhpUY3IKjpcsqycsA==
X-YMail-OSG: 4qknKVYVM1lxC1E1LYGsrZ3EESCczJB2g4cY1QZQ0kOTanuzq4onJeFYSUgCBF3
 dtmeZntkAWW_JPWYDE3oGeqyg27g2l99ffTr51lsYRNJ44JCctaMyxTdoTtKxYNR7EyjOnkoEHU6
 vEqnZGKv7cn11HqDCapAcK82W1atxCV0uWAfr7cAcvNpYPZietC7lpJo6pCEZsRu3hhCPzm393gB
 QzWvIEhNK4XOXZk4yR_FAxNyMVGr.JT4BtoRgVFkML84NMhudvzmQ84Kxg9Cl0kSH7Y0hLCZ8mIw
 zIkoa5.nqfOmaAYZ5mSFDdeFq6BznNnwmObtlt_i43sCp_l1AIldRFt01AYoGk.PBavGXNlHkHPX
 QDhHhWQxZZyPaoQSUKSUW8oQVO5wWJVgqORIP1EEK0_.8COBKdXBfqeGEr7Bnt.5IuFK6WKjlP9l
 cVC1S0Xzt9QAQZgoFwU3L53ocOYbGI8XH5zK4HW1Ei4BG4mZs8ty3C3JxxfLlkmUFXB8P8lZSdDN
 HQZd.gnR_w8As8uIcWv6WaD2sbtdNgRpV.LZZ._lsqOnxY7f5zUIWeBlRhwTwK5Bi9GNIS7uTzUW
 f5OPqnd4aDk.JQ50YQtN5SBfYx7bvzGEL9FN_otkqjmsM.zK_bqHyo94_Kqr.90G5wm6NDdOgclS
 8YDVm7Jvd9KpZuDhcpjdW0p2AXv8bO99xxdsRefQ4VdyZEuwoSCAUA9jhlTrqV2ijxZ8mqcqeTii
 FW0BGSz699U_45L62R4P_vibO5vfTB.O6mm..Q_quFAqJ9w7TYNBw1_KUWmwAo6Ib1_bD_0yXKKQ
 jww9t4JlOnxqc62lZx2k6PqzE6qbU6xPNCmFRJ77PzP7ufUTd.HiZcr_mE3Do128Z0J1jBDZ49wd
 F0OTWltgVC9AToWv9lyyEQtnmZn.Y2.o7FqzoCvpXcV4Ien69FKA1KVitWEI9gCdOAqsbZjEy3XO
 WIHBwikZ027xzhKv8vzt9X9vCmGHF6uk2YPasRpKfGC4ZN47gB76ufJRgaL6IDhdXtxD3NNbft4U
 YDFV_GscZbxhaeBikDF6kGxgACX0GlxLpz2TDKrCjv2alWxJTLvvXjaMozeAMfEHsT5zwsd0ED6a
 DzJ3NU81LxS9CgEjL2efSpcDejQ3FGP6szTXTLlE7EMEXm7YkfrjxJaXRg2WSFnYVEgzIYw.1t8G
 NY0uF58dhv0N2bXHR3gGFzlQBOjsLeInTPi98ZH0jvlQaS5jzmnck6azBUjMzd4zoEtk7vpe8Wwl
 3GJ7NXZMAbxj0iE1BdiJerYsCZ9ZBlRZB2LGo351_4hPyLH_FZwTPs0Crv8mEbhq18zawP62K.LX
 wz9NJdklHngrAr150Q2KWnIzRHBWY_UBdXT5G0SdYxEHs77B.BaGq3NbF_pWhevfX6BjGdr4kaH8
 HmOnm3K_eqLok_8b3FTj4AWAdaYfPzRWdVhf0cPYxJjaOP.NaZLefvzH5i7zR_3nji.J4FQ6nYQp
 KzOjNHUeC0.5vMz8LhcqaM01WqQE._StF9DB395FO1ne7E78GW.lf_ur0Sou70Gyx6LZR2B6Qh8Y
 nmUzv1YxBnX8hP.x6k1mH2xrqRPM0SmI7vlnAxMi05DQFmZhjRic7jUoQ0501rxfL_b6fuZ6FS7j
 x1qKs5dKDkW6LK3D3deM7UTNBIn.PSytJonQxXG8XPulOOM1SLYi.HQHnx8AzYQ1hl5cWT6G4iJg
 YPm3L1S1AC2CaEp93CwaH8PrgVOMLYXPUp3zLqTMcrMnDqvuHhpkr3WO0OflEwYJiqjae1NMMRKD
 OnAb7x2khsPBykTzmmjd.FJzryOeiJO4i7tHVLXJSR4LnfwdP_MurWwRclqjSJQezV.Wths6vZSH
 L9PB3laaHPzxUYk68K8Zr4T_m3mTZ1AxixymvJS6KzxHk3DEwXtjp0Vyq2N2dvOtvoWVUpWEePrH
 IhSYNf_McPc4nJtqKpoPiJ6G_kX_zBMQ1B56cWbQLR.jHsAB1PrVHPt36raAt_OuRwr.C_PRNNp0
 HAXPLAZgOdmij0Qt4FDQqkpvsFGLsQCpi7s774x3zuxxnLQBkZs3lir_l_qdIZc9YHIQBevESJ.8
 n4RhAab08WWM305VuthNurZC2CIqMFPaIl.7l9uJBKzFdQp6poCWYggCByhF8UD39AbIH25zLJo3
 tevf7MazrKB_v2GxAywSJcmgc.oZeGriKgZ5cq60qg5yDsNXGdHULFrGwyR7uTJXxOkmBSTbeMk9
 YDoBx.rXqV6A02.DR8hP0Eo3J2d9icYcIkIug5khMnK5TrGjkOFMFa70-
X-Sonic-MF: <casey@schaufler-ca.com>
Received: from sonic.gate.mail.ne1.yahoo.com by
 sonic302.consmr.mail.ne1.yahoo.com with HTTP; Tue, 28 Jun 2022 01:07:20 +0000
Received: by hermes--production-ne1-7459d5c5c9-fdkvw (Yahoo Inc. Hermes SMTP
 Server) with ESMTPA ID 2b15a6d5cfb14c238c7aa5ef58eb279b;
          Tue, 28 Jun 2022 01:07:16 +0000 (UTC)
From: Casey Schaufler <casey@schaufler-ca.com>
To: casey.schaufler@intel.com, jmorris@namei.org,
        linux-security-module@vger.kernel.org, selinux@vger.kernel.org
Cc: casey@schaufler-ca.com, linux-audit@redhat.com,
        keescook@chromium.org, john.johansen@canonical.com,
        penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com,
        stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org,
        Chuck Lever <chuck.lever@oracle.com>, linux-nfs@vger.kernel.org
Subject: [PATCH v37 17/33] LSM: Use lsmcontext in security_inode_getsecctx
Date: Mon, 27 Jun 2022 17:55:55 -0700
Message-Id: <20220628005611.13106-18-casey@schaufler-ca.com>
X-Mailer: git-send-email 2.36.1
In-Reply-To: <20220628005611.13106-1-casey@schaufler-ca.com>
References: <20220628005611.13106-1-casey@schaufler-ca.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <linux-nfs.vger.kernel.org>
X-Mailing-List: linux-nfs@vger.kernel.org

Change the security_inode_getsecctx() interface to fill
a lsmcontext structure instead of data and length pointers.
This provides the information about which LSM created the
context so that security_release_secctx() can use the
correct hook.

Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Acked-by: Paul Moore <paul@paul-moore.com>
Acked-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Cc: linux-nfs@vger.kernel.org
---
 fs/nfsd/nfs4xdr.c        | 23 +++++++++--------------
 include/linux/security.h |  5 +++--
 security/security.c      | 13 +++++++++++--
 3 files changed, 23 insertions(+), 18 deletions(-)

diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c
index 512ad208d62a..3e42738df71a 100644
--- a/fs/nfsd/nfs4xdr.c
+++ b/fs/nfsd/nfs4xdr.c
@@ -2713,11 +2713,11 @@ nfsd4_encode_layout_types(struct xdr_stream *xdr, u32 layout_types)
 #ifdef CONFIG_NFSD_V4_SECURITY_LABEL
 static inline __be32
 nfsd4_encode_security_label(struct xdr_stream *xdr, struct svc_rqst *rqstp,
-			    void *context, int len)
+			    struct lsmcontext *context)
 {
 	__be32 *p;
 
-	p = xdr_reserve_space(xdr, len + 4 + 4 + 4);
+	p = xdr_reserve_space(xdr, context->len + 4 + 4 + 4);
 	if (!p)
 		return nfserr_resource;
 
@@ -2727,13 +2727,13 @@ nfsd4_encode_security_label(struct xdr_stream *xdr, struct svc_rqst *rqstp,
 	 */
 	*p++ = cpu_to_be32(0); /* lfs */
 	*p++ = cpu_to_be32(0); /* pi */
-	p = xdr_encode_opaque(p, context, len);
+	p = xdr_encode_opaque(p, context->context, context->len);
 	return 0;
 }
 #else
 static inline __be32
 nfsd4_encode_security_label(struct xdr_stream *xdr, struct svc_rqst *rqstp,
-			    void *context, int len)
+			    struct lsmcontext *context)
 { return 0; }
 #endif
 
@@ -2830,9 +2830,7 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp,
 	int err;
 	struct nfs4_acl *acl = NULL;
 #ifdef CONFIG_NFSD_V4_SECURITY_LABEL
-	struct lsmcontext scaff; /* scaffolding */
-	void *context = NULL;
-	int contextlen;
+	struct lsmcontext context = { };
 #endif
 	bool contextsupport = false;
 	struct nfsd4_compoundres *resp = rqstp->rq_resp;
@@ -2893,7 +2891,7 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp,
 	     bmval0 & FATTR4_WORD0_SUPPORTED_ATTRS) {
 		if (exp->ex_flags & NFSEXP_SECURITY_LABEL)
 			err = security_inode_getsecctx(d_inode(dentry),
-						&context, &contextlen);
+						       &context);
 		else
 			err = -EOPNOTSUPP;
 		contextsupport = (err == 0);
@@ -3320,8 +3318,7 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp,
 
 #ifdef CONFIG_NFSD_V4_SECURITY_LABEL
 	if (bmval2 & FATTR4_WORD2_SECURITY_LABEL) {
-		status = nfsd4_encode_security_label(xdr, rqstp, context,
-								contextlen);
+		status = nfsd4_encode_security_label(xdr, rqstp, &context);
 		if (status)
 			goto out;
 	}
@@ -3342,10 +3339,8 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp,
 
 out:
 #ifdef CONFIG_NFSD_V4_SECURITY_LABEL
-	if (context) {
-		lsmcontext_init(&scaff, context, contextlen, 0); /*scaffolding*/
-		security_release_secctx(&scaff);
-	}
+	if (context.context)
+		security_release_secctx(&context);
 #endif /* CONFIG_NFSD_V4_SECURITY_LABEL */
 	kfree(acl);
 	if (tempfh) {
diff --git a/include/linux/security.h b/include/linux/security.h
index 5afd0148a1a5..ca2ed1909608 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -624,7 +624,7 @@ void security_release_secctx(struct lsmcontext *cp);
 void security_inode_invalidate_secctx(struct inode *inode);
 int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen);
 int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen);
-int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen);
+int security_inode_getsecctx(struct inode *inode, struct lsmcontext *cp);
 int security_locked_down(enum lockdown_reason what);
 #else /* CONFIG_SECURITY */
 
@@ -1500,7 +1500,8 @@ static inline int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32
 {
 	return -EOPNOTSUPP;
 }
-static inline int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
+static inline int security_inode_getsecctx(struct inode *inode,
+					   struct lsmcontext *cp)
 {
 	return -EOPNOTSUPP;
 }
diff --git a/security/security.c b/security/security.c
index b52c7c55a092..72df3d0cd233 100644
--- a/security/security.c
+++ b/security/security.c
@@ -2428,9 +2428,18 @@ int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
 }
 EXPORT_SYMBOL(security_inode_setsecctx);
 
-int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
+int security_inode_getsecctx(struct inode *inode, struct lsmcontext *cp)
 {
-	return call_int_hook(inode_getsecctx, -EOPNOTSUPP, inode, ctx, ctxlen);
+	struct security_hook_list *hp;
+
+	memset(cp, 0, sizeof(*cp));
+
+	hlist_for_each_entry(hp, &security_hook_heads.inode_getsecctx, list) {
+		cp->slot = hp->lsmid->slot;
+		return hp->hook.inode_getsecctx(inode, (void **)&cp->context,
+						&cp->len);
+	}
+	return -EOPNOTSUPP;
 }
 EXPORT_SYMBOL(security_inode_getsecctx);