lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20221110124118.37e626fb@canb.auug.org.au>
Date:   Thu, 10 Nov 2022 12:44:32 +1100
From:   Stephen Rothwell <sfr@...b.auug.org.au>
To:     Paul Moore <paul@...l-moore.com>
Cc:     "GONG, Ruiqi" <gongruiqi1@...wei.com>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Linux Next Mailing List <linux-next@...r.kernel.org>
Subject: linux-next: manual merge of the selinux tree with Linus' tree

Hi all,

Today's linux-next merge of the selinux tree got conflicts in:

  security/selinux/ss/services.c
  security/selinux/ss/sidtab.c
  security/selinux/ss/sidtab.h

between commit:

  abe3c631447d ("selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context()")

from Linus' tree and commit:

  048be156491f ("selinux: remove the sidtab context conversion indirect calls")

from the selinux tree.

I fixed it up (see below) and applied the following merge fix patch
as well and can carry the fix as necessary. This is now fixed as far as
linux-next is concerned, but any non trivial conflicts should be mentioned
to your upstream maintainer when your tree is submitted for merging.
You may also want to consider cooperating with the maintainer of the
conflicting tree to minimise any particularly complex conflicts.

From: Stephen Rothwell <sfr@...b.auug.org.au>
Date: Thu, 10 Nov 2022 12:38:01 +1100
Subject: [PATCH] selinux: fix up for "selinux: enable use of both GFP_KERNEL
 and GFP_ATOMIC in convert_context()"

Signed-off-by: Stephen Rothwell <sfr@...b.auug.org.au>
---
 security/selinux/ss/services.h | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/security/selinux/ss/services.h b/security/selinux/ss/services.h
index 6348c95ff0e5..c4301626487f 100644
--- a/security/selinux/ss/services.h
+++ b/security/selinux/ss/services.h
@@ -41,6 +41,7 @@ void services_compute_xperms_decision(struct extended_perms_decision *xpermd,
 				      struct avtab_node *node);
 
 int services_convert_context(struct convert_context_args *args,
-			     struct context *oldc, struct context *newc);
+			     struct context *oldc, struct context *newc,
+			     gfp_t gfp_flags);
 
 #endif	/* _SS_SERVICES_H_ */
-- 
2.35.1

-- 
Cheers,
Stephen Rothwell

diff --cc security/selinux/ss/services.c
index 64a6a37dc36d,e63c4f942fd6..9086c4ea0255
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@@ -2014,18 -2008,20 +2008,21 @@@ static inline int convert_context_handl
  	return 0;
  }
  
- /*
-  * Convert the values in the security context
-  * structure `oldc' from the values specified
-  * in the policy `p->oldp' to the values specified
-  * in the policy `p->newp', storing the new context
-  * in `newc'.  Verify that the context is valid
-  * under the new policy.
+ /**
+  * services_convert_context - Convert a security context across policies.
+  * @args: populated convert_context_args struct
+  * @oldc: original context
+  * @newc: converted context
+  *
+  * Convert the values in the security context structure @oldc from the values
+  * specified in the policy @args->oldp to the values specified in the policy
+  * @args->newp, storing the new context in @newc, and verifying that the
+  * context is valid under the new policy.
   */
- static int convert_context(struct context *oldc, struct context *newc, void *p,
- 			   gfp_t gfp_flags)
+ int services_convert_context(struct convert_context_args *args,
 -			     struct context *oldc, struct context *newc)
++			     struct context *oldc, struct context *newc,
++			     gfp_t gfp_flags)
  {
- 	struct convert_context_args *args;
  	struct ocontext *oc;
  	struct role_datum *role;
  	struct type_datum *typdatum;
@@@ -2034,10 -2030,8 +2031,8 @@@
  	u32 len;
  	int rc;
  
- 	args = p;
- 
  	if (oldc->str) {
 -		s = kstrdup(oldc->str, GFP_KERNEL);
 +		s = kstrdup(oldc->str, gfp_flags);
  		if (!s)
  			return -ENOMEM;
  
diff --cc security/selinux/ss/sidtab.c
index db5cce385bf8,1c3d2cda6b92..38d25173aebd
--- a/security/selinux/ss/sidtab.c
+++ b/security/selinux/ss/sidtab.c
@@@ -324,8 -327,8 +327,9 @@@ int sidtab_context_to_sid(struct sidta
  			goto out_unlock;
  		}
  
- 		rc = convert->func(context, &dst_convert->context,
- 				   convert->args, GFP_ATOMIC);
+ 		rc = services_convert_context(convert->args,
 -					      context, &dst_convert->context);
++					      context, &dst_convert->context,
++					      GFP_ATOMIC);
  		if (rc) {
  			context_destroy(&dst->context);
  			goto out_unlock;
@@@ -402,9 -405,9 +406,10 @@@ static int sidtab_convert_tree(union si
  		}
  		i = 0;
  		while (i < SIDTAB_LEAF_ENTRIES && *pos < count) {
- 			rc = convert->func(&esrc->ptr_leaf->entries[i].context,
- 					   &edst->ptr_leaf->entries[i].context,
- 					   convert->args, GFP_KERNEL);
+ 			rc = services_convert_context(convert->args,
+ 					&esrc->ptr_leaf->entries[i].context,
 -					&edst->ptr_leaf->entries[i].context);
++					&edst->ptr_leaf->entries[i].context,
++					GFP_KERNEL);
  			if (rc)
  				return rc;
  			(*pos)++;

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ