From patchwork Tue Oct 24 21:35:27 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Paul Moore X-Patchwork-Id: 13435295 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 57B4AC25B6C for ; Tue, 24 Oct 2023 21:39:25 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344380AbjJXVjZ (ORCPT ); Tue, 24 Oct 2023 17:39:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53270 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344155AbjJXVjX (ORCPT ); Tue, 24 Oct 2023 17:39:23 -0400 Received: from mail-qv1-xf31.google.com (mail-qv1-xf31.google.com [IPv6:2607:f8b0:4864:20::f31]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B4B28A3 for ; Tue, 24 Oct 2023 14:39:21 -0700 (PDT) Received: by mail-qv1-xf31.google.com with SMTP id 6a1803df08f44-66d0f945893so1871726d6.1 for ; Tue, 24 Oct 2023 14:39:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore.com; s=google; t=1698183561; x=1698788361; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ZjTMEISiQyqSL5KoF43HD/+4pfQYcxZ2sBm71VjlMpk=; b=VdAQLuQXMQRy04wS5BlH+OlEbocd1N1O5tLm7p/DN6ah9TxiwsgXEFtbxDN4dPCS/5 6d1AkMPQ0DcVnzaY/yuyVwEQ30Vc5qWbbsj4GXknsmQMCIm1vcFDJ6ndMV+fVJtzzsVB mvPHSNDW2gAvrpt5F8WJMI7c7jMBoGIKYiyoxzbFi1rfIVEkGZqnGKJKBcOiP8BD+JkL h/F3M2QiWFr44fJ+7MWX5h91dcf1lr2Yfqx7P205mJeTBM/m60I15aWXooxve+7CUhAF Kl/Dvw8ZvybFplvC2BLmYo+eW+2XeJVEAjdeXj9zOBo+DfZ8ARGmNjZWq/32X+vxIBbP j1fw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698183561; x=1698788361; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ZjTMEISiQyqSL5KoF43HD/+4pfQYcxZ2sBm71VjlMpk=; b=k/IO8ycKrAwvj3fvenY6jxAtjZUpw2Q1CjRBHBfuvtpwA/4n4azY6kIIevpTxRnk6M G87Y3OAwXPsMs1f7zdbM5utFIsPaZxKc0pLvK6W/P99HW+MhzbvfBNe8nARcGIVZdvpZ ZfkmCqEkOpIBLIjG55gtJvt8VdAG7ZG1bk1N6O+mXHpFsJ0ccYgg9PqcRzajA95xMNPk 983YIEHbqq6JLCtz2Bs71NiS3EGMInSBd2JhSr1ZEtSPTpV4Q3pjNF2AAiqje4ztSJWe 0jsF2j+DLUZL91d468lBIGGkCuSi8MXf6qs4LafxbOJqFPedavEyxtfuQDwzwxyfVn6I z9WQ== X-Gm-Message-State: AOJu0YzBpSbY6jKINlWq8HzFxGEVHQfQ5IVxYXq/dyFZo5fdzDzZNgxx DwVlrLVwVcCKZTVl5gZiUmDk X-Google-Smtp-Source: AGHT+IHOuQHns/GYhmCR03t6WsVY/oOoqhUbLX5QdnzhAK9ktwgZ0YVg7twVBLUunFkqklLULJNZZA== X-Received: by 2002:a0c:fa0d:0:b0:65a:feb1:ec46 with SMTP id q13-20020a0cfa0d000000b0065afeb1ec46mr20501400qvn.6.1698183560677; Tue, 24 Oct 2023 14:39:20 -0700 (PDT) Received: from localhost ([70.22.175.108]) by smtp.gmail.com with ESMTPSA id ej17-20020ad45a51000000b0065b17ec4b49sm3916793qvb.46.2023.10.24.14.39.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Oct 2023 14:39:20 -0700 (PDT) From: Paul Moore To: linux-security-module@vger.kernel.org Cc: selinux@vger.kernel.org, Casey Schaufler , John Johansen , =?utf-8?q?Micka=C3=ABl_Sala?= =?utf-8?q?=C3=BCn?= Subject: [RFC PATCH 1/3] lsm: cleanup the size counters in security_getselfattr() Date: Tue, 24 Oct 2023 17:35:27 -0400 Message-ID: <20231024213525.361332-5-paul@paul-moore.com> X-Mailer: git-send-email 2.42.0 In-Reply-To: <20231024213525.361332-4-paul@paul-moore.com> References: <20231024213525.361332-4-paul@paul-moore.com> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=717; i=paul@paul-moore.com; h=from:subject; bh=bjn4ACkmuLnd0P4W632t3EraMA+01QVS8C0h2ClX7dM=; b=owEBbQKS/ZANAwAIAeog8tqXN4lzAcsmYgBlODidDFq8xVpew9e/pzfh7bWOcq9bF2LodQJma O9/Hs9w9r2JAjMEAAEIAB0WIQRLQqjPB/KZ1VSXfu/qIPLalzeJcwUCZTg4nQAKCRDqIPLalzeJ c1fAD/9s/boix7BEfKNfA4LbTNzZlgF6gVOl6VEENcrRBO2hy9Fd9mDEvEzWg1cNfjND/sAUoHm 4y5Iw3c4Y6ZB+CBD7gN/nwYr205ctThe7dh6qyryjEtxXkV3m1CBMJboM/VmPEp1kkDtf6etwIg FXrZ51fWish9WDE9Gzg3L1bNUZ61Qu6Na99LgtMohr2Pp9MqBBC3p5VKvoOjFt+uW1EJzi2f55O 4AcoyWxlKtvwmBMuvy8jKRJzSNVAoXYqmFWVXYyO1S9QpKaY4Ov6p/Zkmz0gEPiWmdwq6ZbzacN eZXj+a6yX6IQyX8NGcyOHo9zyeO/5QMDz4SOyii8IgLPtmCGXNSvLW/btM5lj0LagsKzEPpN6Oz 7MpLsSlG3AFJkBk9UYYBrMecZJTl+chn25H0SHBFOadgMenFk0hsuBkfvj2mQEkzBgLGytQeRVj zx6+GPeeRKELy/r8Bf/yY96UjkRBdbYyfnQqD3QMbYBP+lx5BZ78CY1YzqifEZ0723F7i3sdxu7 9Cb5q8RWGtAy+PpXphufItC19sYU5e2+hDVKKvGzIkkarYf6relzu4HYHS7jsMajagxXVnf8GvB o350djYM51dF8vrRRsQA4d+wDEkUpGd9i+BeUzYac/1JEqp0DK6AYG2v34mvOZfBp15BXatC5e7 4e0SXWYjaKupY2w== X-Developer-Key: i=paul@paul-moore.com; a=openpgp; fpr=7100AADFAE6E6E940D2E0AD655E45A5AE8CA7C8A Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Zero out all of the size counters in the -E2BIG case (buffer too small) to help make the current code a bit more robust in the face of future code changes. Signed-off-by: Paul Moore Acked-by: Casey Schaufler Reviewed-by: Mickaël Salaün --- security/security.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/security/security.c b/security/security.c index 988483fcf153..9c63acded4ee 100644 --- a/security/security.c +++ b/security/security.c @@ -3951,8 +3951,9 @@ int security_getselfattr(unsigned int attr, struct lsm_ctx __user *uctx, continue; } if (rc == -E2BIG) { - toobig = true; + rc = 0; left = 0; + toobig = true; } else if (rc < 0) return rc; else From patchwork Tue Oct 24 21:35:28 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Paul Moore X-Patchwork-Id: 13435296 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 10120C25B6E for ; Tue, 24 Oct 2023 21:39:26 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344405AbjJXVjZ (ORCPT ); Tue, 24 Oct 2023 17:39:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53298 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344401AbjJXVjY (ORCPT ); Tue, 24 Oct 2023 17:39:24 -0400 Received: from mail-qk1-x729.google.com (mail-qk1-x729.google.com [IPv6:2607:f8b0:4864:20::729]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8F07610CF for ; Tue, 24 Oct 2023 14:39:22 -0700 (PDT) Received: by mail-qk1-x729.google.com with SMTP id af79cd13be357-778af1b5b1eso297811685a.2 for ; Tue, 24 Oct 2023 14:39:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore.com; s=google; t=1698183561; x=1698788361; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=pTx+DIfzldeq2eksqP2wI1c/+N/k0A9DAE4XeLDgNso=; b=ZFCwqRdWGhlcBGQmTi8dpw/weAW5Scr4HzaUx9mEvJJ6kohx3dOBprFhmtr2ph4AGf d3An6SjyG5jGAsZNUzggGg+IshdMbPT0gvYO+QzucbgRMxJO3yUd3Qb7d/v4ZLIIPgWf 83Qk/4sYrwc0XIoqjQyjGRHoypGuxxv5pde/Qi02BJISIDCKk3xnKK00ANXiIwfIa3r2 Bng0tVqypbfcIDmsMU6dqNHcIW/oyJDm/o7xRRhAdCOC75ApUag6Dp4YBPMoAmfmX2bF CsfvFNw66kuU9YLO3gNHjbI/UaFXlMSMmQV2bWS3n1W3ED/7ZA1tlGbNtqB/VwUV0tVO Ltcg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698183561; x=1698788361; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=pTx+DIfzldeq2eksqP2wI1c/+N/k0A9DAE4XeLDgNso=; b=d69Vl5ThwXxESE5M47r0aBzyFUleTVoqkC0z1+o/+biTXfDzFGJaDwCQnTPAM3QBe2 ejQvPN0t58d6SPezFvopLwt25asFgNkBwvJABU6JCCo6cAj7zTgwT77gmqtMPhq9T7yO /oS53Qs9rEHSJU98R3WQJ6k0UU/k7b8HrbopXE56YUp94ycCriWczqxZAMmMSKPjOeWN m/rp1nwI7SJBaW+SmGWG2kRBC/PrUlDQHNWX/lKHLupA2Tho+VBkDhKWnJVTA+IZU4UE CANxgzibTXcm57yXDCW/sYAhIBpozJVBzegngyaoTpZteSaOQ3o1tT5fet/7kRwYwVjG QkwA== X-Gm-Message-State: AOJu0YzXl27a2nW1eGpTg5riebWocy8c/1TozVLkh+TXcMazpvGGAnOE 18BmgnB1hPIOAjOulWpi6k2H X-Google-Smtp-Source: AGHT+IH2vXirvG66RY5GJljwobv0W8adgDMxAyjbEXzXm/HabPb9i6fcmcHpcNXBAOZf86IeIX4M0w== X-Received: by 2002:a05:620a:c44:b0:773:a028:71b6 with SMTP id u4-20020a05620a0c4400b00773a02871b6mr16505512qki.65.1698183561628; Tue, 24 Oct 2023 14:39:21 -0700 (PDT) Received: from localhost ([70.22.175.108]) by smtp.gmail.com with ESMTPSA id p5-20020a05620a132500b0076d08d5f93asm3717190qkj.60.2023.10.24.14.39.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Oct 2023 14:39:21 -0700 (PDT) From: Paul Moore To: linux-security-module@vger.kernel.org Cc: selinux@vger.kernel.org, Casey Schaufler , John Johansen , =?utf-8?q?Micka=C3=ABl_Sala?= =?utf-8?q?=C3=BCn?= Subject: [RFC PATCH 2/3] lsm: correct error codes in security_getselfattr() Date: Tue, 24 Oct 2023 17:35:28 -0400 Message-ID: <20231024213525.361332-6-paul@paul-moore.com> X-Mailer: git-send-email 2.42.0 In-Reply-To: <20231024213525.361332-4-paul@paul-moore.com> References: <20231024213525.361332-4-paul@paul-moore.com> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=863; i=paul@paul-moore.com; h=from:subject; bh=ugmNzfzXFsYvckNvX1aV6BAeCvMbabcAjQNIQgYTuco=; b=owEBbQKS/ZANAwAIAeog8tqXN4lzAcsmYgBlODijlub3W8kIgCE1sgtbxoM/CkMFXdZjbwjNM nW5DjAuiKGJAjMEAAEIAB0WIQRLQqjPB/KZ1VSXfu/qIPLalzeJcwUCZTg4owAKCRDqIPLalzeJ c8FTD/4lOcUYhpZNUihf5dlWbswCIms6JVFNXf1+CzvmYz0/RooImhZPCETqhdfR9V+Ruff9qDa MhUEMO1rAgjnY/02/tU+qSUS0yL137LR2Q2zcrR1HAfnZLQgsSidsbL2u70DCdOUvlhFr96p5b5 j7T6wNjDO5HvUt/DuUnJBhoK779Uii9zHAEJoxJvWd9uwVMRAvE3shsl32O9docivyWMh1roMgT b78VW42g21zdZxs7j2YUXud08raTVD8SYbSt3P4wbUy2rODDqclkZvn0fZc18gm08omuPY0SI+/ Nu5pxCisJ2oMgMNghjOmZthbfFKkVB+1Bs2QVFGaaSxEVIZ/GsXk2gGRG0g3AX5O+uwk1gIgbDO Q12a9/0MPdGaC7uDxXYH7y7eRMXJ73yLIZTC2uX71feSbQUJLlW2pFqPrhgMIqdCmevs9oN6fQi zEeq13PBO8wuXpn7AVY+kxyVzPrThwi+KbgbD6l7droMbDKXSs7YHZ0xNkQGRiga9XXVUmEBeN1 a95EqUE2De0B7RidRQUCZHy7kIEaxuCwY7h+gV7WaWYbFNl3wuOPYQNLN/MOWg5qOqx4z6LknUO z755PVVtrgmTcIpEb9M4EpQOw32HbsfmGrL5a4S97EksDGuPg02OBSfxA4XeBXqa7E7I12i3IGR B6CkhPqoDOLPAlw== X-Developer-Key: i=paul@paul-moore.com; a=openpgp; fpr=7100AADFAE6E6E940D2E0AD655E45A5AE8CA7C8A Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org We should return -EINVAL if the user specifies LSM_FLAG_SINGLE without supplying a valid lsm_ctx struct buffer. Signed-off-by: Paul Moore Acked-by: Casey Schaufler Reviewed-by: Mickaël Salaün --- security/security.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/security/security.c b/security/security.c index 9c63acded4ee..67ded406a5ea 100644 --- a/security/security.c +++ b/security/security.c @@ -3923,9 +3923,9 @@ int security_getselfattr(unsigned int attr, struct lsm_ctx __user *uctx, /* * Only flag supported is LSM_FLAG_SINGLE */ - if (flags != LSM_FLAG_SINGLE) + if (flags != LSM_FLAG_SINGLE || !uctx) return -EINVAL; - if (uctx && copy_from_user(&lctx, uctx, sizeof(lctx))) + if (copy_from_user(&lctx, uctx, sizeof(lctx))) return -EFAULT; /* * If the LSM ID isn't specified it is an error. From patchwork Tue Oct 24 21:35:29 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul Moore X-Patchwork-Id: 13435297 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 89AB8C07545 for ; Tue, 24 Oct 2023 21:39:31 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344393AbjJXVjb (ORCPT ); Tue, 24 Oct 2023 17:39:31 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53364 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344406AbjJXVjZ (ORCPT ); Tue, 24 Oct 2023 17:39:25 -0400 Received: from mail-qk1-x72b.google.com (mail-qk1-x72b.google.com [IPv6:2607:f8b0:4864:20::72b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A1020A3 for ; Tue, 24 Oct 2023 14:39:23 -0700 (PDT) Received: by mail-qk1-x72b.google.com with SMTP id af79cd13be357-773ac11de71so332489785a.2 for ; Tue, 24 Oct 2023 14:39:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore.com; s=google; t=1698183562; x=1698788362; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=TV6wd0akEm8D1jwc3OAbX/cpERi3WI4MnifvYq0Bh4c=; b=FMAsIZe1yJKuxSHNmSkDG8rpuK8fPoyrDmDUiBUCda8DHSgEv+y0zKfZGn9fyRcG+S lMQ699NbZBEphkXe5KLSRB8lf+xtvU8PCG+PFy0wnm1b78tPQpdbsZLSvWGE6Jn8EBpr L41unPiRGZLQCjkDMhrszDB6M1716IBkwjDR0gkMVakxrdsLJ87pw2jg8nj1xcoiKV2L eZyzUVXaVCijccLzAsh2ipaQ/EJ0d9DePKilbueTC1fO61rqR5Q0PoRW2C2wD3Saussg TO5WKQy0BGWTWXuxumVU80x+Vrctl2PNfclKob6z9LonISiz6GZ4laOlPlf6detj9x8f aBnQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698183562; x=1698788362; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=TV6wd0akEm8D1jwc3OAbX/cpERi3WI4MnifvYq0Bh4c=; b=J6SOur/sB/090/XmUjbabnXa+9L+5FyNHJpa92gp1XOxO0qG3FONUScMWFGWl0QdUx B90cqxzKh7aXm8RUI8RuOOyK+H9fTjZOt3bImN2hERhL2IivpWb3u9drXbKHNuqLJVpL b1SMQ0o/+OtJYpYArhdu3STpA244EJZYU+284LNx1GF2c0kxvgQK+HZNWiEipvt9mnvB qzBEfSdQ/GDDC09r4+W/vBJbdn2cTPeMSg+lvCLCFrna0yGPoyTY3ioFPNyBin5P10Zx P68XlIXrL0QE1Lzx2IfBvrG/T6VHaVuKqjuCQIlYXIkEFQJudigYJxFAfVK9S1KcYugX Vwrw== X-Gm-Message-State: AOJu0YxuSfr9WDMHs5KmY4zv9Ifb6pihfZLVEsJLfadsgHpUnM0/A58G nWKDfrtodd80ApMNnFUE2Qd1 X-Google-Smtp-Source: AGHT+IFZ4qQcNPvt/gJomhwy6hlaiFRx1+Y2XD0yA4YA5YbFoXG9urH7AUzsZDrlyOkCa8LtqMejVQ== X-Received: by 2002:a05:620a:4088:b0:779:e90c:f203 with SMTP id f8-20020a05620a408800b00779e90cf203mr4127984qko.9.1698183562605; Tue, 24 Oct 2023 14:39:22 -0700 (PDT) Received: from localhost ([70.22.175.108]) by smtp.gmail.com with ESMTPSA id x3-20020a05620a0b4300b0076db1caab16sm3714554qkg.22.2023.10.24.14.39.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Oct 2023 14:39:22 -0700 (PDT) From: Paul Moore To: linux-security-module@vger.kernel.org Cc: selinux@vger.kernel.org, Casey Schaufler , John Johansen , =?utf-8?q?Micka=C3=ABl_Sala?= =?utf-8?q?=C3=BCn?= Subject: [RFC PATCH 3/3] lsm: consolidate buffer size handling into lsm_fill_user_ctx() Date: Tue, 24 Oct 2023 17:35:29 -0400 Message-ID: <20231024213525.361332-7-paul@paul-moore.com> X-Mailer: git-send-email 2.42.0 In-Reply-To: <20231024213525.361332-4-paul@paul-moore.com> References: <20231024213525.361332-4-paul@paul-moore.com> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=8479; i=paul@paul-moore.com; h=from:subject; bh=h/lckAfTZWGlyy8p82g+1YRIL1yzLy457ahSA/PaVv8=; b=owEBbQKS/ZANAwAIAeog8tqXN4lzAcsmYgBlODip9GBf2e12iuV9/BlpReC0qCAIZkwCw9KHV HTih10RgwGJAjMEAAEIAB0WIQRLQqjPB/KZ1VSXfu/qIPLalzeJcwUCZTg4qQAKCRDqIPLalzeJ c/p9EADaGs2B9RwQNY4hy4xuL1s0GOiXnxTNO26gq8/jSFHi0iKUWO9t53GYKuMwa858/E0SIkp Z79MUfelwSKEDlTd79bbzKc8Q3uR1sKo8nsTHp4SDMilzM3mKW0UjaYWH99G526jzg1+cwlK3ZU GwaONylO5S16HO1fqNH7zovkWC9m1SaqCu8paLbczURfcljynRGoUBdFc9U7KILHS0bZFUvHwbG aGeCjMRORvp4NL4PcQ85VaObGGhWFCHkcnEcsiDHpkAkx3xM6mSHrMvj4+rhVseoRgfUWYwEVP7 lPhGsMVmJh7k/75MWhj3mIW4s9AzZLrq3OfZgzYnPAuVjxXcUAo1ocKs65flYWdvCR3nL/mvmqu rYVCM/zbebJC31Uy5r8+c4eq66CQQuwV7HJtohxTlS3t/RHAD4Vi43C4j4HD7Uf1MdT9uIFtfJL X2XU3/BcIyN1PQ2DOCm90LIt9au96mCOe60QG2P4a9VvhetGTQQiQ5eRXJHjxULcw/phprkAEBi ccYAIyLrypzvDCi2BFrAQGeDKtMVakAZn42aoFoM+ApCSQLNyGFHZsJA8zOzsICL4d81wnLzycF ECv7+wSSlhfjDOD2FZBUdMbhosjktZDLgZkdbbxFjCbYQMud335zTRvyE5JuWcSRUkTTDUyzyDL 7mhT8S5DWw9kiPw== X-Developer-Key: i=paul@paul-moore.com; a=openpgp; fpr=7100AADFAE6E6E940D2E0AD655E45A5AE8CA7C8A Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org While we have a lsm_fill_user_ctx() helper function designed to make life easier for LSMs which return lsm_ctx structs to userspace, we didn't include all of the buffer length safety checks and buffer padding adjustments in the helper. This led to code duplication across the different LSMs and the possibility for mistakes across the different LSM subsystems. In order to reduce code duplication and decrease the chances of silly mistakes, we're consolidating all of this code into the lsm_fill_user_ctx() helper. The buffer padding is also modified from a fixed 8-byte alignment to an alignment that matches the word length of the machine (BITS_PER_LONG / 8). Signed-off-by: Paul Moore --- include/linux/security.h | 9 ++++--- security/apparmor/lsm.c | 15 +++-------- security/security.c | 55 +++++++++++++++++++++----------------- security/selinux/hooks.c | 42 +++++++++++++++-------------- security/smack/smack_lsm.c | 23 +++++----------- 5 files changed, 67 insertions(+), 77 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index 334f75aa7289..750130a7b9dd 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -492,8 +492,8 @@ int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen); int security_locked_down(enum lockdown_reason what); -int lsm_fill_user_ctx(struct lsm_ctx __user *ctx, void *context, - size_t context_size, u64 id, u64 flags); +int lsm_fill_user_ctx(struct lsm_ctx __user *uctx, size_t *uctx_len, + void *val, size_t val_len, u64 id, u64 flags); #else /* CONFIG_SECURITY */ static inline int call_blocking_lsm_notifier(enum lsm_event event, void *data) @@ -1424,8 +1424,9 @@ static inline int security_locked_down(enum lockdown_reason what) { return 0; } -static inline int lsm_fill_user_ctx(struct lsm_ctx __user *ctx, void *context, - size_t context_size, u64 id, u64 flags) +static inline int lsm_fill_user_ctx(struct lsm_ctx __user *uctx, + size_t *uctx_len, void *val, size_t val_len, + u64 id, u64 flags) { return -EOPNOTSUPP; } diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 5e16c03936b9..6df97eb6e7d9 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -636,7 +636,6 @@ static int apparmor_getselfattr(unsigned int attr, struct lsm_ctx __user *lx, int error = -ENOENT; struct aa_task_ctx *ctx = task_ctx(current); struct aa_label *label = NULL; - size_t total_len = 0; char *value; switch (attr) { @@ -658,22 +657,14 @@ static int apparmor_getselfattr(unsigned int attr, struct lsm_ctx __user *lx, if (label) { error = aa_getprocattr(label, &value, false); - if (error > 0) { - total_len = ALIGN(struct_size(lx, ctx, error), 8); - if (total_len > *size) - error = -E2BIG; - else if (lx) - error = lsm_fill_user_ctx(lx, value, error, - LSM_ID_APPARMOR, 0); - else - error = 1; - } + if (error > 0) + error = lsm_fill_user_ctx(lx, size, value, error, + LSM_ID_APPARMOR, 0); kfree(value); } aa_put_label(label); - *size = total_len; if (error < 0) return error; return 1; diff --git a/security/security.c b/security/security.c index 67ded406a5ea..45c4f5440c95 100644 --- a/security/security.c +++ b/security/security.c @@ -773,42 +773,49 @@ static int lsm_superblock_alloc(struct super_block *sb) /** * lsm_fill_user_ctx - Fill a user space lsm_ctx structure - * @ctx: an LSM context to be filled - * @context: the new context value - * @context_size: the size of the new context value + * @uctx: a userspace LSM context to be filled + * @uctx_len: available uctx size (input), used uctx size (output) + * @val: the new LSM context value + * @val_len: the size of the new LSM context value * @id: LSM id * @flags: LSM defined flags * - * Fill all of the fields in a user space lsm_ctx structure. - * Caller is assumed to have verified that @ctx has enough space - * for @context. + * Fill all of the fields in a userspace lsm_ctx structure. * - * Returns 0 on success, -EFAULT on a copyout error, -ENOMEM - * if memory can't be allocated. + * Returns 0 on success, -E2BIG if userspace buffer is not large enough, + * -EFAULT on a copyout error, -ENOMEM if memory can't be allocated. */ -int lsm_fill_user_ctx(struct lsm_ctx __user *ctx, void *context, - size_t context_size, u64 id, u64 flags) +int lsm_fill_user_ctx(struct lsm_ctx __user *uctx, size_t *uctx_len, + void *val, size_t val_len, + u64 id, u64 flags) { - struct lsm_ctx *lctx; - size_t locallen = struct_size(lctx, ctx, context_size); + struct lsm_ctx *nctx = NULL; + size_t nctx_len; int rc = 0; - lctx = kzalloc(locallen, GFP_KERNEL); - if (lctx == NULL) - return -ENOMEM; + nctx_len = ALIGN(struct_size(nctx, ctx, val_len), BITS_PER_LONG / 8); + if (nctx_len > *uctx_len) { + rc = -E2BIG; + goto out; + } - lctx->id = id; - lctx->flags = flags; - lctx->ctx_len = context_size; - lctx->len = locallen; + nctx = kzalloc(nctx_len, GFP_KERNEL); + if (nctx == NULL) { + rc = -ENOMEM; + goto out; + } + nctx->id = id; + nctx->flags = flags; + nctx->len = nctx_len; + nctx->ctx_len = val_len; + memcpy(nctx->ctx, val, val_len); - memcpy(lctx->ctx, context, context_size); - - if (copy_to_user(ctx, lctx, locallen)) + if (copy_to_user(uctx, nctx, nctx_len)) rc = -EFAULT; - kfree(lctx); - +out: + kfree(nctx); + *uctx_len = nctx_len; return rc; } diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 1fe30e635923..c32794979aab 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -6480,30 +6480,32 @@ static int selinux_lsm_setattr(u64 attr, void *value, size_t size) return error; } +/** + * selinux_getselfattr - Get SELinux current task attributes + * @attr: the requested attribute + * @ctx: buffer to receive the result + * @size: buffer size (input), buffer size used (output) + * @flags: unused + * + * Fill the passed user space @ctx with the details of the requested + * attribute. + * + * Returns the number of attributes on success, an error code otherwise. + * There will only ever be one attribute. + */ static int selinux_getselfattr(unsigned int attr, struct lsm_ctx __user *ctx, size_t *size, u32 flags) { - char *value; - size_t total_len; - int len; - int rc = 0; + int rc; + char *val; + int val_len; - len = selinux_lsm_getattr(attr, current, &value); - if (len < 0) - return len; - - total_len = ALIGN(struct_size(ctx, ctx, len), 8); - - if (total_len > *size) - rc = -E2BIG; - else if (ctx) - rc = lsm_fill_user_ctx(ctx, value, len, LSM_ID_SELINUX, 0); - - kfree(value); - *size = total_len; - if (rc < 0) - return rc; - return 1; + val_len = selinux_lsm_getattr(attr, current, &val); + if (val_len < 0) + return val_len; + rc = lsm_fill_user_ctx(ctx, size, val, val_len, LSM_ID_SELINUX, 0); + kfree(val); + return (!rc ? 1 : rc); } static int selinux_setselfattr(unsigned int attr, struct lsm_ctx *ctx, diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 12160d060cc1..99664c8cf867 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -3642,28 +3642,17 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) static int smack_getselfattr(unsigned int attr, struct lsm_ctx __user *ctx, size_t *size, u32 flags) { - struct smack_known *skp = smk_of_current(); - int total; - int slen; int rc; + struct smack_known *skp; if (attr != LSM_ATTR_CURRENT) return -EOPNOTSUPP; - slen = strlen(skp->smk_known) + 1; - total = ALIGN(slen + sizeof(*ctx), 8); - if (total > *size) - rc = -E2BIG; - else if (ctx) - rc = lsm_fill_user_ctx(ctx, skp->smk_known, slen, LSM_ID_SMACK, - 0); - else - rc = 1; - - *size = total; - if (rc >= 0) - return 1; - return rc; + skp = smk_of_current(); + rc = lsm_fill_user_ctx(ctx, size, + skp->smk_known, strlen(skp->smk_known) + 1, + LSM_ID_SMACK, 0); + return (!rc ? 1 : rc); } /**