| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 28 Dec 2020 13:45:43 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-kernel@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
stable@...r.kernel.org, Sven Schnelle <svens@...ux.ibm.com>,
Ondrej Mosnacek <omosnace@...hat.com>,
Paul Moore <paul@...l-moore.com>,
Sasha Levin <sashal@...nel.org>
Subject: [PATCH 5.4 107/453] selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling
From: Paul Moore <paul@...l-moore.com>
[ Upstream commit 200ea5a2292dc444a818b096ae6a32ba3caa51b9 ]
A previous fix, commit 83370b31a915 ("selinux: fix error initialization
in inode_doinit_with_dentry()"), changed how failures were handled
before a SELinux policy was loaded. Unfortunately that patch was
potentially problematic for two reasons: it set the isec->initialized
state without holding a lock, and it didn't set the inode's SELinux
label to the "default" for the particular filesystem. The later can
be a problem if/when a later attempt to revalidate the inode fails
and SELinux reverts to the existing inode label.
This patch should restore the default inode labeling that existed
before the original fix, without affecting the LABEL_INVALID marking
such that revalidation will still be attempted in the future.
Fixes: 83370b31a915 ("selinux: fix error initialization in inode_doinit_with_dentry()")
Reported-by: Sven Schnelle <svens@...ux.ibm.com>
Tested-by: Sven Schnelle <svens@...ux.ibm.com>
Reviewed-by: Ondrej Mosnacek <omosnace@...hat.com>
Signed-off-by: Paul Moore <paul@...l-moore.com>
Signed-off-by: Sasha Levin <sashal@...nel.org>
---
security/selinux/hooks.c | 31 +++++++++++++------------------
1 file changed, 13 insertions(+), 18 deletions(-)
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 76f7eb5690c8e..717a398ef4d05 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1499,13 +1499,7 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
* inode_doinit with a dentry, before these inodes could
* be used again by userspace.
*/
- isec->initialized = LABEL_INVALID;
- /*
- * There is nothing useful to jump to the "out"
- * label, except a needless spin lock/unlock
- * cycle.
- */
- return 0;
+ goto out_invalid;
}
rc = inode_doinit_use_xattr(inode, dentry, sbsec->def_sid,
@@ -1559,15 +1553,8 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
* inode_doinit() with a dentry, before these inodes
* could be used again by userspace.
*/
- if (!dentry) {
- isec->initialized = LABEL_INVALID;
- /*
- * There is nothing useful to jump to the "out"
- * label, except a needless spin lock/unlock
- * cycle.
- */
- return 0;
- }
+ if (!dentry)
+ goto out_invalid;
rc = selinux_genfs_get_sid(dentry, sclass,
sbsec->flags, &sid);
if (rc) {
@@ -1592,11 +1579,10 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
out:
spin_lock(&isec->lock);
if (isec->initialized == LABEL_PENDING) {
- if (!sid || rc) {
+ if (rc) {
isec->initialized = LABEL_INVALID;
goto out_unlock;
}
-
isec->initialized = LABEL_INITIALIZED;
isec->sid = sid;
}
@@ -1604,6 +1590,15 @@ out:
out_unlock:
spin_unlock(&isec->lock);
return rc;
+
+out_invalid:
+ spin_lock(&isec->lock);
+ if (isec->initialized == LABEL_PENDING) {
+ isec->initialized = LABEL_INVALID;
+ isec->sid = sid;
+ }
+ spin_unlock(&isec->lock);
+ return 0;
}
/* Convert a Linux signal to an access vector. */
--
2.27.0
Powered by blists - more mailing lists