| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 10 Nov 2022 12:44:32 +1100
From: Stephen Rothwell <sfr@...b.auug.org.au>
To: Paul Moore <paul@...l-moore.com>
Cc: "GONG, Ruiqi" <gongruiqi1@...wei.com>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Linux Next Mailing List <linux-next@...r.kernel.org>
Subject: linux-next: manual merge of the selinux tree with Linus' tree
Hi all,
Today's linux-next merge of the selinux tree got conflicts in:
security/selinux/ss/services.c
security/selinux/ss/sidtab.c
security/selinux/ss/sidtab.h
between commit:
abe3c631447d ("selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context()")
from Linus' tree and commit:
048be156491f ("selinux: remove the sidtab context conversion indirect calls")
from the selinux tree.
I fixed it up (see below) and applied the following merge fix patch
as well and can carry the fix as necessary. This is now fixed as far as
linux-next is concerned, but any non trivial conflicts should be mentioned
to your upstream maintainer when your tree is submitted for merging.
You may also want to consider cooperating with the maintainer of the
conflicting tree to minimise any particularly complex conflicts.
From: Stephen Rothwell <sfr@...b.auug.org.au>
Date: Thu, 10 Nov 2022 12:38:01 +1100
Subject: [PATCH] selinux: fix up for "selinux: enable use of both GFP_KERNEL
and GFP_ATOMIC in convert_context()"
Signed-off-by: Stephen Rothwell <sfr@...b.auug.org.au>
---
security/selinux/ss/services.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/security/selinux/ss/services.h b/security/selinux/ss/services.h
index 6348c95ff0e5..c4301626487f 100644
--- a/security/selinux/ss/services.h
+++ b/security/selinux/ss/services.h
@@ -41,6 +41,7 @@ void services_compute_xperms_decision(struct extended_perms_decision *xpermd,
struct avtab_node *node);
int services_convert_context(struct convert_context_args *args,
- struct context *oldc, struct context *newc);
+ struct context *oldc, struct context *newc,
+ gfp_t gfp_flags);
#endif /* _SS_SERVICES_H_ */
--
2.35.1
--
Cheers,
Stephen Rothwell
diff --cc security/selinux/ss/services.c
index 64a6a37dc36d,e63c4f942fd6..9086c4ea0255
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@@ -2014,18 -2008,20 +2008,21 @@@ static inline int convert_context_handl
return 0;
}
- /*
- * Convert the values in the security context
- * structure `oldc' from the values specified
- * in the policy `p->oldp' to the values specified
- * in the policy `p->newp', storing the new context
- * in `newc'. Verify that the context is valid
- * under the new policy.
+ /**
+ * services_convert_context - Convert a security context across policies.
+ * @args: populated convert_context_args struct
+ * @oldc: original context
+ * @newc: converted context
+ *
+ * Convert the values in the security context structure @oldc from the values
+ * specified in the policy @args->oldp to the values specified in the policy
+ * @args->newp, storing the new context in @newc, and verifying that the
+ * context is valid under the new policy.
*/
- static int convert_context(struct context *oldc, struct context *newc, void *p,
- gfp_t gfp_flags)
+ int services_convert_context(struct convert_context_args *args,
- struct context *oldc, struct context *newc)
++ struct context *oldc, struct context *newc,
++ gfp_t gfp_flags)
{
- struct convert_context_args *args;
struct ocontext *oc;
struct role_datum *role;
struct type_datum *typdatum;
@@@ -2034,10 -2030,8 +2031,8 @@@
u32 len;
int rc;
- args = p;
-
if (oldc->str) {
- s = kstrdup(oldc->str, GFP_KERNEL);
+ s = kstrdup(oldc->str, gfp_flags);
if (!s)
return -ENOMEM;
diff --cc security/selinux/ss/sidtab.c
index db5cce385bf8,1c3d2cda6b92..38d25173aebd
--- a/security/selinux/ss/sidtab.c
+++ b/security/selinux/ss/sidtab.c
@@@ -324,8 -327,8 +327,9 @@@ int sidtab_context_to_sid(struct sidta
goto out_unlock;
}
- rc = convert->func(context, &dst_convert->context,
- convert->args, GFP_ATOMIC);
+ rc = services_convert_context(convert->args,
- context, &dst_convert->context);
++ context, &dst_convert->context,
++ GFP_ATOMIC);
if (rc) {
context_destroy(&dst->context);
goto out_unlock;
@@@ -402,9 -405,9 +406,10 @@@ static int sidtab_convert_tree(union si
}
i = 0;
while (i < SIDTAB_LEAF_ENTRIES && *pos < count) {
- rc = convert->func(&esrc->ptr_leaf->entries[i].context,
- &edst->ptr_leaf->entries[i].context,
- convert->args, GFP_KERNEL);
+ rc = services_convert_context(convert->args,
+ &esrc->ptr_leaf->entries[i].context,
- &edst->ptr_leaf->entries[i].context);
++ &edst->ptr_leaf->entries[i].context,
++ GFP_KERNEL);
if (rc)
return rc;
(*pos)++;
Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists