Received: by 10.192.165.156 with SMTP id m28csp263245imm; Tue, 17 Apr 2018 09:44:38 -0700 (PDT) X-Google-Smtp-Source: AIpwx4+wnICzCnPqq3FGMlv6RbHkXjmPraiWFC4obJJxZZjAps98qTiqMkdSRpCR8fqLCulwWiAu X-Received: by 10.99.149.10 with SMTP id p10mr2332996pgd.217.1523983478395; Tue, 17 Apr 2018 09:44:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1523983478; cv=none; d=google.com; s=arc-20160816; b=cpXPEz19j/9ltxjdVoul6U9WH7j+lj1TTkJ948myBNNEgYYIWHaJhBkn6CFECeYsb7 TtjrjoR7ZhvRdRmClKyZt1XLuvc44GgVBGcmcxZHzwnfOSlHnrf04WFPm1ZA8/oBiCMN 4A9rYft6XcuZoHh8Gc+R+5qPcJofkzkhzSwfZ4G47Md/EBFZVIz7WO1mRvxIUf7s7FBI puKR1zWisae5hTtoi9Z3F49bzcGIovKkeWNL9P624wDw5n5CK9kIBIZsuGtc4C6DaHGy Ok/bvOyjHdCpo2pqPSoRJ85Z9o7iwVwz+Yl7H3fIytVEZtEQ/pinoniG32x4NIRzlz/w I2xw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=PVXk7OzlwxFRoIfhVwOH3/GMOxyCiJwbmHbPenLIwxA=; b=UOBhILS0Uqzcp1WO8iW82ttWlmNQLndr6DHqTtmlykj0FsPT2/6l3zUsFILcDPuQET IgounEWgowayWiGxRntGIJjqbh3MaIQpXgQSt1MF5wem6cK4wg9PLdD26RbRxGp2pW1w nGNEuEbmo/VoASVyaov9ffkJ+VB3FTQKNIQnnQ+XAw0bueFmosQRHnxPZDLqU2XccLFR fMfDlQ4jl7UGFLoOKVJPIBmjqh5dP8LMML5AfC+NRY/4x2RDQMcq/mvJO/dFIVUoKC0+ zgvUy2VMS7UsCwzUWCMQR3hjIP0NsDIJfjYmpX19T4pKrSAAuf3wQgdMZINDazxwEIJu uysQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id s10si12094790pge.41.2018.04.17.09.44.24; Tue, 17 Apr 2018 09:44:38 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755261AbeDQQlY (ORCPT + 99 others); Tue, 17 Apr 2018 12:41:24 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:34808 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754113AbeDQQGZ (ORCPT ); Tue, 17 Apr 2018 12:06:25 -0400 Received: from localhost (unknown [46.44.180.42]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id 0DF68E3A; Tue, 17 Apr 2018 16:06:24 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, John Johansen Subject: [PATCH 4.14 23/49] apparmor: fix logging of the existence test for signals Date: Tue, 17 Apr 2018 17:59:02 +0200 Message-Id: <20180417155716.137395187@linuxfoundation.org> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180417155715.032245882@linuxfoundation.org> References: <20180417155715.032245882@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.14-stable review patch. If anyone has any objections, please let me know. ------------------ From: John Johansen commit 98cf5bbff413eadf1b9cb195a7b80cc61c72a50e upstream. The existence test is not being properly logged as the signal mapping maps it to the last entry in the named signal table. This is done to help catch bugs by making the 0 mapped signal value invalid so that we can catch the signal value not being filled in. When fixing the off-by-one comparision logic the reporting of the existence test was broken, because the logic behind the mapped named table was hidden. Fix this by adding a define for the name lookup and using it. Cc: Stable Fixes: f7dc4c9a855a1 ("apparmor: fix off-by-one comparison on MAXMAPPED_SIG") Signed-off-by: John Johansen Signed-off-by: Greg Kroah-Hartman --- security/apparmor/include/sig_names.h | 4 +++- security/apparmor/ipc.c | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) --- a/security/apparmor/include/sig_names.h +++ b/security/apparmor/include/sig_names.h @@ -2,6 +2,8 @@ #define SIGUNKNOWN 0 #define MAXMAPPED_SIG 35 +#define MAXMAPPED_SIGNAME (MAXMAPPED_SIG + 1) + /* provide a mapping of arch signal to internal signal # for mediation * those that are always an alias SIGCLD for SIGCLHD and SIGPOLL for SIGIO * map to the same entry those that may/or may not get a separate entry @@ -56,7 +58,7 @@ static const int sig_map[MAXMAPPED_SIG] }; /* this table is ordered post sig_map[sig] mapping */ -static const char *const sig_names[MAXMAPPED_SIG + 1] = { +static const char *const sig_names[MAXMAPPED_SIGNAME] = { "unknown", "hup", "int", --- a/security/apparmor/ipc.c +++ b/security/apparmor/ipc.c @@ -174,7 +174,7 @@ static void audit_signal_cb(struct audit audit_signal_mask(ab, aad(sa)->denied); } } - if (aad(sa)->signal < MAXMAPPED_SIG) + if (aad(sa)->signal < MAXMAPPED_SIGNAME) audit_log_format(ab, " signal=%s", sig_names[aad(sa)->signal]); else audit_log_format(ab, " signal=rtmin+%d",