lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240223125027.1c9f4f07@canb.auug.org.au>
Date: Fri, 23 Feb 2024 12:50:27 +1100
From: Stephen Rothwell <sfr@...b.auug.org.au>
To: Paul Moore <paul@...l-moore.com>, David Miller <davem@...emloft.net>,
 Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>
Cc: Networking <netdev@...r.kernel.org>, Alexei Starovoitov
 <ast@...nel.org>, Andrii Nakryiko <andrii@...nel.org>, Linux Kernel Mailing
 List <linux-kernel@...r.kernel.org>, Linux Next Mailing List
 <linux-next@...r.kernel.org>, Ondrej Mosnacek <omosnace@...hat.com>
Subject: linux-next: manual merge of the security tree with the net-next
 tree

Hi all,

Today's linux-next merge of the security tree got a conflict in:

  security/security.c

between commits:

  1b67772e4e3f ("bpf,lsm: Refactor bpf_prog_alloc/bpf_prog_free LSM hooks")
  a2431c7eabcf ("bpf,lsm: Refactor bpf_map_alloc/bpf_map_free LSM hooks")
  f568a3d49af9 ("bpf,lsm: Add BPF token LSM hooks")

from the net-next tree and commit:

  260017f31a8c ("lsm: use default hook return value in call_int_hook()")

from the security tree.

I fixed it up (I think, see below) and can carry the fix as
necessary. This is now fixed as far as linux-next is concerned, but any
non trivial conflicts should be mentioned to your upstream maintainer
when your tree is submitted for merging.  You may also want to consider
cooperating with the maintainer of the conflicting tree to minimise any
particularly complex conflicts.

-- 
Cheers,
Stephen Rothwell

diff --cc security/security.c
index aef69632d0a9,b95772333d05..000000000000
--- a/security/security.c
+++ b/security/security.c
@@@ -5458,10 -5436,9 +5439,10 @@@ int security_bpf_prog(struct bpf_prog *
   *
   * Return: Returns 0 on success, error on failure.
   */
 -int security_bpf_map_alloc(struct bpf_map *map)
 +int security_bpf_map_create(struct bpf_map *map, union bpf_attr *attr,
 +			    struct bpf_token *token)
  {
- 	return call_int_hook(bpf_map_create, 0, map, attr, token);
 -	return call_int_hook(bpf_map_alloc_security, map);
++	return call_int_hook(bpf_map_create, map, attr, token);
  }
  
  /**
@@@ -5476,59 -5449,9 +5457,59 @@@
   *
   * Return: Returns 0 on success, error on failure.
   */
 -int security_bpf_prog_alloc(struct bpf_prog_aux *aux)
 +int security_bpf_prog_load(struct bpf_prog *prog, union bpf_attr *attr,
 +			   struct bpf_token *token)
  {
- 	return call_int_hook(bpf_prog_load, 0, prog, attr, token);
 -	return call_int_hook(bpf_prog_alloc_security, aux);
++	return call_int_hook(bpf_prog_load, prog, attr, token);
 +}
 +
 +/**
 + * security_bpf_token_create() - Check if creating of BPF token is allowed
 + * @token: BPF token object
 + * @attr: BPF syscall attributes used to create BPF token
 + * @path: path pointing to BPF FS mount point from which BPF token is created
 + *
 + * Do a check when the kernel instantiates a new BPF token object from BPF FS
 + * instance. This is also the point where LSM blob can be allocated for LSMs.
 + *
 + * Return: Returns 0 on success, error on failure.
 + */
 +int security_bpf_token_create(struct bpf_token *token, union bpf_attr *attr,
 +			      struct path *path)
 +{
- 	return call_int_hook(bpf_token_create, 0, token, attr, path);
++	return call_int_hook(bpf_token_create, token, attr, path);
 +}
 +
 +/**
 + * security_bpf_token_cmd() - Check if BPF token is allowed to delegate
 + * requested BPF syscall command
 + * @token: BPF token object
 + * @cmd: BPF syscall command requested to be delegated by BPF token
 + *
 + * Do a check when the kernel decides whether provided BPF token should allow
 + * delegation of requested BPF syscall command.
 + *
 + * Return: Returns 0 on success, error on failure.
 + */
 +int security_bpf_token_cmd(const struct bpf_token *token, enum bpf_cmd cmd)
 +{
- 	return call_int_hook(bpf_token_cmd, 0, token, cmd);
++	return call_int_hook(bpf_token_cmd, token, cmd);
 +}
 +
 +/**
 + * security_bpf_token_capable() - Check if BPF token is allowed to delegate
 + * requested BPF-related capability
 + * @token: BPF token object
 + * @cap: capabilities requested to be delegated by BPF token
 + *
 + * Do a check when the kernel decides whether provided BPF token should allow
 + * delegation of requested BPF-related capabilities.
 + *
 + * Return: Returns 0 on success, error on failure.
 + */
 +int security_bpf_token_capable(const struct bpf_token *token, int cap)
 +{
- 	return call_int_hook(bpf_token_capable, 0, token, cap);
++	return call_int_hook(bpf_token_capable, token, cap);
  }
  
  /**

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ