UbiquitousOS
/
OpenCloudOS-Kernel
mirror of https://gitee.com/OpenCloudOS/OpenCloudOS-Kernel.git
11
0
Fork 0
Code Issues Projects Releases Wiki Activity
OpenCloudOS-Kernel/security
History
Jiawei Ye 72eef5226f smackfs: Use rcu_assign_pointer() to ensure safe assignment in smk_set_cipso 
[ Upstream commit 2749749afa071f8a0e405605de9da615e771a7ce ]

In the `smk_set_cipso` function, the `skp->smk_netlabel.attr.mls.cat`
field is directly assigned to a new value without using the appropriate
RCU pointer assignment functions. According to RCU usage rules, this is
illegal and can lead to unpredictable behavior, including data
inconsistencies and impossible-to-diagnose memory corruption issues.

This possible bug was identified using a static analysis tool developed
by myself, specifically designed to detect RCU-related issues.

To address this, the assignment is now done using rcu_assign_pointer(),
which ensures that the pointer assignment is done safely, with the
necessary memory barriers and synchronization. This change prevents
potential RCU dereference issues by ensuring that the `cat` field is
safely updated while still adhering to RCU's requirements.

Fixes: 0817534ff9 ("smackfs: Fix use-after-free in netlbl_catmap_walk()")
Signed-off-by: Jiawei Ye <jiawei.ye@foxmail.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2024-10-04 16:29:20 +02:00
..
apparmor apparmor: fix possible NULL pointer dereference 2024-09-08 07:54:40 +02:00
bpf selinux: remove the runtime disable functionality 2023-03-20 12:34:23 -04:00
integrity evm: don't copy up 'security.evm' xattr 2024-08-29 17:33:31 +02:00
keys task_work: s/task_work_cancel()/task_work_cancel_func()/ 2024-08-03 08:54:16 +02:00
landlock landlock: Don't lose track of restrictions on cred_transfer 2024-08-03 08:54:11 +02:00
loadpin LoadPin: Annotate struct dm_verity_loadpin_trusted_root_digest with __counted_by 2023-08-25 16:07:30 -07:00
lockdown selinux: remove the runtime disable functionality 2023-03-20 12:34:23 -04:00
safesetid SafeSetID: fix UID printed instead of GID 2023-06-20 20:26:00 -04:00
selinux selinux,smack: don't bypass permissions check in inode_setsecctx hook 2024-09-04 13:28:24 +02:00
smack smackfs: Use rcu_assign_pointer() to ensure safe assignment in smk_set_cipso 2024-10-04 16:29:20 +02:00
tomoyo tomoyo: fix UAF write bug in tomoyo_write_control() 2024-03-06 14:48:39 +00:00
yama sysctl-6.4-rc1 2023-04-27 16:52:33 -07:00
Kconfig mm/slab: remove HAVE_HARDENED_USERCOPY_ALLOCATOR 2023-05-24 15:38:17 +02:00
Kconfig.hardening hardening: Move BUG_ON_DATA_CORRUPTION to hardening options 2023-08-15 14:57:25 -07:00
Makefile security: remove unneeded subdir-$(CONFIG_...) 2021-09-03 08:17:20 +09:00
commoncap.c lsm: constify the 'target' parameter in security_capget() 2023-08-08 16:48:47 -04:00
device_cgroup.c device_cgroup: Fix kernel-doc warnings in device_cgroup 2023-06-21 09:30:49 -04:00
inode.c security: convert to ctime accessor functions 2023-07-24 10:30:08 +02:00
lsm_audit.c lsm: fix a number of misspellings 2023-05-25 17:52:15 -04:00
min_addr.c sysctl: pass kernel pointers to ->proc_handler 2020-04-27 02:07:40 -04:00
security.c evm: don't copy up 'security.evm' xattr 2024-08-29 17:33:31 +02:00