Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755995AbbHYXxB (ORCPT ); Tue, 25 Aug 2015 19:53:01 -0400 Received: from tundra.namei.org ([65.99.196.166]:34773 "EHLO namei.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755223AbbHYXxA (ORCPT ); Tue, 25 Aug 2015 19:53:00 -0400 Date: Wed, 26 Aug 2015 09:52:58 +1000 (AEST) From: James Morris To: Linus Torvalds cc: linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org Subject: [GIT PULL] security: fix LSM regression for 4.2 Message-ID: User-Agent: Alpine 2.20 (LRH 67 2015-01-07) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 3010 Lines: 77 Please pull. The following changes since commit b1713b135fb1ae4d52531a55f0687f985bffe271: Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip (2015-08-25 09:01:05 -0700) are available in the git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git for-linus Jan Beulich (1): LSM: restore certain default error codes security/security.c | 11 ++++++----- 1 files changed, 6 insertions(+), 5 deletions(-) --- commit e308fd3bb2e469c4939d3f4bd22b468de3ed04ae Author: Jan Beulich Date: Mon Aug 24 06:22:25 2015 -0600 LSM: restore certain default error codes While in most cases commit b1d9e6b064 ("LSM: Switch to lists of hooks") retained previous error returns, in three cases it altered them without any explanation in the commit message. Restore all of them - in the security_old_inode_init_security() case this led to reiserfs using uninitialized data, sooner or later crashing the system (the only other user of this function - ocfs2 - was unaffected afaict, since it passes pre-initialized structures). Signed-off-by: Jan Beulich Signed-off-by: Casey Schaufler Signed-off-by: James Morris diff --git a/security/security.c b/security/security.c index 595fffa..9942836 100644 --- a/security/security.c +++ b/security/security.c @@ -380,8 +380,8 @@ int security_inode_init_security(struct inode *inode, struct inode *dir, return 0; if (!initxattrs) - return call_int_hook(inode_init_security, 0, inode, dir, qstr, - NULL, NULL, NULL); + return call_int_hook(inode_init_security, -EOPNOTSUPP, inode, + dir, qstr, NULL, NULL, NULL); memset(new_xattrs, 0, sizeof(new_xattrs)); lsm_xattr = new_xattrs; ret = call_int_hook(inode_init_security, -EOPNOTSUPP, inode, dir, qstr, @@ -409,8 +409,8 @@ int security_old_inode_init_security(struct inode *inode, struct inode *dir, { if (unlikely(IS_PRIVATE(inode))) return -EOPNOTSUPP; - return call_int_hook(inode_init_security, 0, inode, dir, qstr, - name, value, len); + return call_int_hook(inode_init_security, -EOPNOTSUPP, inode, dir, + qstr, name, value, len); } EXPORT_SYMBOL(security_old_inode_init_security); @@ -1281,7 +1281,8 @@ int security_socket_getpeersec_stream(struct socket *sock, char __user *optval, int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid) { - return call_int_hook(socket_getpeersec_dgram, 0, sock, skb, secid); + return call_int_hook(socket_getpeersec_dgram, -ENOPROTOOPT, sock, + skb, secid); } EXPORT_SYMBOL(security_socket_getpeersec_dgram); -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/