hollalinux
/
linux-sg2042
mirror of https://github.com/sophgo/linux-riscv.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

selinux/stable-6.0 PR 20220801 

-----BEGIN PGP SIGNATURE-----
 
 iQJIBAABCAAyFiEES0KozwfymdVUl37v6iDy2pc3iXMFAmLoEeIUHHBhdWxAcGF1
 bC1tb29yZS5jb20ACgkQ6iDy2pc3iXNSOhAAwWwRcmcHnk+k2agT9QjKrLo26NCO
 MQLE89o4y2ChEFHxC7F7SKoQRxtfYa323p1vmlGzKrlB+IZ6oqERVp4QNQQbXsfn
 n9VvVpxjRNHAetcRhCM9ZOchWjUdw6AMaJ8e3fdRNRESadAUUFDxifw1wpjgG9+i
 LmtDbfZ7vLs2grTf9OZy3JIl1VF3lVRUTI7ZBQggfJncMa+LXNWdVNmEe3yfyboA
 1MwpSao7K2si0hBGAQo/UGQz4b19Tm4xMg8bSy7oTsP5Lae5ciPkeI3qazvs9usp
 WScZYhQ8NugqLbDbjs7dm6QCpj4x3dUs6ei48LKe3GF2mcGesFfOPo9sNHao4kKv
 C9t0f9qw+EhGvnNL7uQIDDf8OuTjuLWDvZSrMLID/IJKFF5NJ3y+XzaS9aPM3VEY
 qyOsX+cEzheXGhD6xE1sCo+AyPUDYqNDMIKBj2wlIGCKlzDGa8RT6VsQuvgf3c3K
 43CnRCQeWDWOHCq3MnRe/fmYtW+JB7tsXiKAq4OJADacwPP36bsP3bqU8AlWYwDt
 tnuMa+LKusHnMEQpMPI8FW8qGdxwGSen+mymfLFIMgtwNGkV7WGRJ6Lbyn0SaR6v
 HyXgZASIOQRnamK3yZCDpxo0K81IVxPWJIjHyg53znqT5TCpXccPyV4HwbJKI/KG
 8PtHrXOdPOGCZ2g=
 =WWq1
 -----END PGP SIGNATURE-----

Merge tag 'selinux-pr-20220801' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux

Pull selinux updates from Paul Moore:
 "A relatively small set of patches for SELinux this time, eight patches
  in total with really only one significant change.

  The highlights are:

   - Add support for proper labeling of memfd_secret anonymous inodes.

     This will allow LSMs that implement the anonymous inode hooks to
     apply security policy to memfd_secret() fds.

   - Various small improvements to memory management: fixed leaks, freed
     memory when needed, boundary checks.

   - Hardened the selinux_audit_data struct with __randomize_layout.

   - A minor documentation tweak to fix a formatting/style issue"

* tag 'selinux-pr-20220801' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
  selinux: selinux_add_opt() callers free memory
  selinux: Add boundary check in put_entry()
  selinux: fix memleak in security_read_state_kernel()
  docs: selinux: add '=' signs to kernel boot options
  mm: create security context for memfd_secret inodes
  selinux: fix typos in comments
  selinux: drop unnecessary NULL check
  selinux: add __randomize_layout to selinux_audit_data
This commit is contained in:
Linus Torvalds 2022-08-02 14:51:47 -07:00
parent 6991a564f5 ef54ccb616
commit 79802ada87
7 changed files with 30 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Documentation/admin-guide/kernel-parameters.txt
View File

@ -556,7 +556,7 @@
nosocket -- Disable socket memory accounting. nosocket -- Disable socket memory accounting.
nokmem -- Disable kernel memory accounting. nokmem -- Disable kernel memory accounting.
checkreqprot [SELINUX] Set initial checkreqprot flag value. checkreqprot= [SELINUX] Set initial checkreqprot flag value.
Format: { "0" | "1" } Format: { "0" | "1" }
See security/selinux/Kconfig help text. See security/selinux/Kconfig help text.
0 -- check protection applied by kernel (includes 0 -- check protection applied by kernel (includes
@ -1445,7 +1445,7 @@
(in particular on some ATI chipsets). (in particular on some ATI chipsets).
The kernel tries to set a reasonable default. The kernel tries to set a reasonable default.
enforcing [SELINUX] Set initial enforcing status. enforcing= [SELINUX] Set initial enforcing status.
Format: {"0" | "1"} Format: {"0" | "1"}
See security/selinux/Kconfig help text. See security/selinux/Kconfig help text.
0 -- permissive (log only, no denials). 0 -- permissive (log only, no denials).

9
mm/secretmem.c
View File

@ -199,11 +199,20 @@ static struct file *secretmem_file_create(unsigned long flags)
{ {
struct file *file = ERR_PTR(-ENOMEM); struct file *file = ERR_PTR(-ENOMEM);
struct inode *inode; struct inode *inode;
const char *anon_name = "[secretmem]";
const struct qstr qname = QSTR_INIT(anon_name, strlen(anon_name));
int err;
inode = alloc_anon_inode(secretmem_mnt->mnt_sb); inode = alloc_anon_inode(secretmem_mnt->mnt_sb);
if (IS_ERR(inode)) if (IS_ERR(inode))
return ERR_CAST(inode); return ERR_CAST(inode);
err = security_inode_init_security_anon(inode, &qname, NULL);
if (err) {
file = ERR_PTR(err);
goto err_free_inode;
}
file = alloc_file_pseudo(inode, secretmem_mnt, "secretmem", file = alloc_file_pseudo(inode, secretmem_mnt, "secretmem",
O_RDWR, &secretmem_fops); O_RDWR, &secretmem_fops);
if (IS_ERR(file)) if (IS_ERR(file))

17
security/selinux/hooks.c
View File

@ -640,7 +640,7 @@ static int selinux_set_mnt_opts(struct super_block *sb,
* we need to skip the double mount verification. * we need to skip the double mount verification.
* *
* This does open a hole in which we will not notice if the first * This does open a hole in which we will not notice if the first
* mount using this sb set explict options and a second mount using * mount using this sb set explicit options and a second mount using
* this sb does not set any security options. (The first options * this sb does not set any security options. (The first options
* will be used for both mounts) * will be used for both mounts)
*/ */
@ -944,10 +944,12 @@ out:
return rc; return rc;
} }
/*
* NOTE: the caller is resposible for freeing the memory even if on error.
*/
static int selinux_add_opt(int token, const char *s, void **mnt_opts) static int selinux_add_opt(int token, const char *s, void **mnt_opts)
{ {
struct selinux_mnt_opts *opts = *mnt_opts; struct selinux_mnt_opts *opts = *mnt_opts;
bool is_alloc_opts = false;
u32 *dst_sid; u32 *dst_sid;
int rc; int rc;
@ -955,7 +957,7 @@ static int selinux_add_opt(int token, const char *s, void **mnt_opts)
/* eaten and completely ignored */ /* eaten and completely ignored */
return 0; return 0;
if (!s) if (!s)
return -ENOMEM; return -EINVAL;
if (!selinux_initialized(&selinux_state)) { if (!selinux_initialized(&selinux_state)) {
pr_warn("SELinux: Unable to set superblock options before the security server is initialized\n"); pr_warn("SELinux: Unable to set superblock options before the security server is initialized\n");
@ -967,7 +969,6 @@ static int selinux_add_opt(int token, const char *s, void **mnt_opts)
if (!opts) if (!opts)
return -ENOMEM; return -ENOMEM;
*mnt_opts = opts; *mnt_opts = opts;
is_alloc_opts = true;
} }
switch (token) { switch (token) {
@ -1002,10 +1003,6 @@ static int selinux_add_opt(int token, const char *s, void **mnt_opts)
return rc; return rc;
err: err:
if (is_alloc_opts) {
kfree(opts);
*mnt_opts = NULL;
}
pr_warn(SEL_MOUNT_FAIL_MSG); pr_warn(SEL_MOUNT_FAIL_MSG);
return -EINVAL; return -EINVAL;
} }
@ -1019,7 +1016,7 @@ static int show_sid(struct seq_file *m, u32 sid)
rc = security_sid_to_context(&selinux_state, sid, rc = security_sid_to_context(&selinux_state, sid,
&context, &len); &context, &len);
if (!rc) { if (!rc) {
bool has_comma = context && strchr(context, ','); bool has_comma = strchr(context, ',');
seq_putc(m, '='); seq_putc(m, '=');
if (has_comma) if (has_comma)
@ -6792,7 +6789,7 @@ static u32 bpf_map_fmode_to_av(fmode_t fmode)
} }
/* This function will check the file pass through unix socket or binder to see /* This function will check the file pass through unix socket or binder to see
* if it is a bpf related object. And apply correspinding checks on the bpf * if it is a bpf related object. And apply corresponding checks on the bpf
* object based on the type. The bpf maps and programs, not like other files and * object based on the type. The bpf maps and programs, not like other files and
* socket, are using a shared anonymous inode inside the kernel as their inode. * socket, are using a shared anonymous inode inside the kernel as their inode.
* So checking that inode cannot identify if the process have privilege to * So checking that inode cannot identify if the process have privilege to

2
security/selinux/include/audit.h
View File

@ -18,7 +18,7 @@
/** /**
* selinux_audit_rule_init - alloc/init an selinux audit rule structure. * selinux_audit_rule_init - alloc/init an selinux audit rule structure.
* @field: the field this rule refers to * @field: the field this rule refers to
* @op: the operater the rule uses * @op: the operator the rule uses
* @rulestr: the text "target" of the rule * @rulestr: the text "target" of the rule
* @rule: pointer to the new rule structure returned via this * @rule: pointer to the new rule structure returned via this
* *

2
security/selinux/include/avc.h
View File

@ -53,7 +53,7 @@ struct selinux_audit_data {
u32 denied; u32 denied;
int result; int result;
struct selinux_state *state; struct selinux_state *state;
}; } __randomize_layout;
/* /*
* AVC operations * AVC operations

2
security/selinux/ss/policydb.h
View File

@ -370,6 +370,8 @@ static inline int put_entry(const void *buf, size_t bytes, int num, struct polic
{ {
size_t len = bytes * num; size_t len = bytes * num;
if (len > fp->len)
return -EINVAL;
memcpy(fp->data, buf, len); memcpy(fp->data, buf, len);
fp->data += len; fp->data += len;
fp->len -= len; fp->len -= len;

9
security/selinux/ss/services.c
View File

@ -4048,6 +4048,7 @@ int security_read_policy(struct selinux_state *state,
int security_read_state_kernel(struct selinux_state *state, int security_read_state_kernel(struct selinux_state *state,
void **data, size_t *len) void **data, size_t *len)
{ {
int err;
struct selinux_policy *policy; struct selinux_policy *policy;
policy = rcu_dereference_protected( policy = rcu_dereference_protected(
@ -4060,5 +4061,11 @@ int security_read_state_kernel(struct selinux_state *state,
if (!*data) if (!*data)
return -ENOMEM; return -ENOMEM;
return __security_read_policy(policy, *data, len); err = __security_read_policy(policy, *data, len);
if (err) {
vfree(*data);
*data = NULL;
*len = 0;
}
return err;
} }