| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAHC9VhQyje1KdbXLKhZ3atgDbf2mNHB409BHtNyE_RSBACpB7g@mail.gmail.com>
Date: Wed, 13 Mar 2024 21:44:48 -0400
From: Paul Moore <paul@...l-moore.com>
To: Casey Schaufler <casey@...aufler-ca.com>
Cc: "Dmitry V. Levin" <ldv@...ace.io>, LSM List <linux-security-module@...r.kernel.org>,
Linux kernel mailing list <linux-kernel@...r.kernel.org>, linux-api@...r.kernel.org,
Mickaël Salaün <mic@...ikod.net>,
James Morris <jmorris@...ei.org>, Serge Hallyn <serge@...lyn.com>,
John Johansen <john.johansen@...onical.com>,
Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>,
Stephen Smalley <stephen.smalley.work@...il.com>
Subject: Re: [PATCH v3] LSM: use 32 bit compatible data types in LSM syscalls.
On Wed, Mar 13, 2024 at 6:48 PM Casey Schaufler <casey@...aufler-cacom> wrote:
> On 3/13/2024 3:37 PM, Paul Moore wrote:
> > On Wed, Mar 13, 2024 at 4:07 PM Paul Moore <paul@...l-moore.com> wrote:
> >> On Mar 13, 2024 Casey Schaufler <casey@...aufler-ca.com> wrote:
> >>> LSM: use 32 bit compatible data types in LSM syscalls.
> >>>
> >>> Change the size parameters in lsm_list_modules(), lsm_set_self_attr()
> >>> and lsm_get_self_attr() from size_t to u32. This avoids the need to
> >>> have different interfaces for 32 and 64 bit systems.
> >>>
> >>> Cc: stable@...r.kernel.org
> >>> Fixes: a04a1198088a: ("LSM: syscalls for current process attributes")
> >>> Fixes: ad4aff9ec25f: ("LSM: Create lsm_list_modules system call")
> >>> Signed-off-by: Casey Schaufler <casey@...aufler-ca.com>
> >>> Reported-and-reviewed-by: Dmitry V. Levin <ldv@...ace.io>
> >>> ---
> >>> include/linux/lsm_hook_defs.h | 4 ++--
> >>> include/linux/security.h | 8 ++++----
> >>> security/apparmor/lsm.c | 4 ++--
> >>> security/lsm_syscalls.c | 10 +++++-----
> >>> security/security.c | 12 ++++++------
> >>> security/selinux/hooks.c | 4 ++--
> >>> security/smack/smack_lsm.c | 4 ++--
> >>> tools/testing/selftests/lsm/common.h | 6 +++---
> >>> tools/testing/selftests/lsm/lsm_get_self_attr_test.c | 10 +++++-----
> >>> tools/testing/selftests/lsm/lsm_list_modules_test.c | 8 ++++----
> >>> tools/testing/selftests/lsm/lsm_set_self_attr_test.c | 6 +++---
> >>> 11 files changed, 38 insertions(+), 38 deletions(-)
> >> Okay, this looks better, I'm going to merge this into lsm/stable-6.9
> >> and put it through the usual automated testing as well as a kselftest
> >> run to make sure everything there is still okay. Assuming all goes
> >> well and no one raises any objections, I'll likely send this up to
> >> Linus tomorrow.
> >>
> >> Thanks everyone!
> >
> > Unfortunately it looks like we have a kselftest failure (below). I'm
> > pretty sure that this was working at some point, but it's possible I
> > missed it when I ran the selftests previously. I've got to break for
> > a personal appt right now, but I'll dig into this later tonight.
>
> In v2:
>
> diff --git a/security/security.c b/security/security.c
> index 7035ee35a393..a0f9caf89ae1 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -810,7 +810,7 @@ int lsm_fill_user_ctx(struct lsm_ctx __user *uctx, size_t *uctx_len,
> nctx->ctx_len = val_len;
> memcpy(nctx->ctx, val, val_len);
>
> - if (copy_to_user(uctx, nctx, nctx_len))
> + if (uctx && copy_to_user(uctx, nctx, nctx_len))
> rc = -EFAULT;
>
> out:
>
> This addresses the case where NULL is passed in the call to lsm_get_self_attr()
> to get the buffer size required.
Yeah, thanks. I didn't get a chance to look at the failure before I
had to leave, but now that I'm looking at it I agree. It looks like
it used to work prior to d7cf3412a9f6c, but I broke things when I
consolidated the processing into lsm_fill_user_ctx() - oops :/
I'll start working on the patch right now and post it as soon as it
passes testing.
--
paul-moore.com
Powered by blists - more mailing lists