Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp987273imu; Fri, 11 Jan 2019 12:46:40 -0800 (PST) X-Google-Smtp-Source: ALg8bN4zpakW3mDUHj4YRPD8vhMIYHJKpk22xN09HfJEd10k3BWeSYD8MnnhvHWeFzgFAZgglgAJ X-Received: by 2002:a62:7dcb:: with SMTP id y194mr16156216pfc.113.1547239600235; Fri, 11 Jan 2019 12:46:40 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1547239600; cv=none; d=google.com; s=arc-20160816; b=XnjCiLA62VNu7LwNJo5XQbvI/M1RntW6KEcmxuAo13P2399OsU3FK+LrOFVlyD3H7/ k5qrcsJ/xVKzS83OZm8PGNb9Y6Gh/mbt/08lOygSYbQWJUW71DUYjFwuqDs1tma/mGVY yzgvOTnD7VgakYOBSmjGBbKYwMGbNCjr6NQReH7Q/GmyLv7L+rxJ3s48uNHwpA+Q+czR MbCSbNB0GySsbftsYfkHjAr99ZNDUyOqSxpn4P4KrgR7rQSP3iq0EULbPy5KDAzuGmmu GKdgYDbqP1pjSK/Rk8DcMSqfWCttXHBHk8lOkVW7e3B8DHM37PjniEYqV0vkEyNO0w0J 9Ngw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=IyA0z/daIWlKM/ECyX3o7LJtdQtfR37hjxk52FNaNNU=; b=ioQnZaF4rh/LzpuCRWgduVQYvT8aog7DI7YyZhEHB3UrwWDrPezEf5thgSenz0z9WS Dt8pK97en7PHZhnatRIbrbrhG4h155e6zzqVOElZnJjWEkj2/l8yAZcmY7CkymEkEZ+K iLlpTW8nbw40nXQf4gwh/oQ46rAVZyfkSbzoggHjuiUHDZjRZTy9seAULmn/L1iOYecj +fDh7J16uYpATqZKLR4JIgznpmQtGapZyjuPEjFhjv60/uRSgTNdu2djc+6Wz0pudUhS EMhAW8zHa3QAVuIGSyDtTNBnzYU6tsffjrD7qGmWV5fZ/sUnJmKeDSmjfmx2NXY50NeL 6Xpw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=FOeR84QZ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n30si3153546pgb.406.2019.01.11.12.46.24; Fri, 11 Jan 2019 12:46:40 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=FOeR84QZ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2404608AbfAKOoZ (ORCPT + 99 others); Fri, 11 Jan 2019 09:44:25 -0500 Received: from mail.kernel.org ([198.145.29.99]:37334 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2403771AbfAKOoX (ORCPT ); Fri, 11 Jan 2019 09:44:23 -0500 Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 1E807206B6; Fri, 11 Jan 2019 14:44:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1547217862; bh=N0lSpPT41xUhxm188eCX34il2LokFKjZDge80XPQQjc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=FOeR84QZiXw/JN8hM1KcbvKa2lAnQhZCt2yg7unPvYGnEKHy7+ShZFTKA6RBpzV+6 UiITSwqU/v4s6enqbDxoH3x5hZyPYIykBcoEXvwevRgd+Evz23QE7FfUSt41gTBIiN MwdiaaZfNTkfd+AQZ44fH6HgkW69nc694tUW8Eds= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Daniel Jurgens , Eli Cohen , James Morris , Doug Ledford , Ondrej Mosnacek , Stephen Smalley , Paul Moore Subject: [PATCH 4.20 36/65] selinux: policydb - fix byte order and alignment issues Date: Fri, 11 Jan 2019 15:15:22 +0100 Message-Id: <20190111131101.606156425@linuxfoundation.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190111131055.331350141@linuxfoundation.org> References: <20190111131055.331350141@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review X-Patchwork-Hint: ignore MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.20-stable review patch. If anyone has any objections, please let me know. ------------------ From: Ondrej Mosnacek commit 5df275cd4cf51c86d49009f1397132f284ba515e upstream. Do the LE conversions before doing the Infiniband-related range checks. The incorrect checks are otherwise causing a failure to load any policy with an ibendportcon rule on BE systems. This can be reproduced by running (on e.g. ppc64): cat >my_module.cil < Cc: Eli Cohen Cc: James Morris Cc: Doug Ledford Cc: # 4.13+ Fixes: a806f7a1616f ("selinux: Create policydb version for Infiniband support") Signed-off-by: Ondrej Mosnacek Acked-by: Stephen Smalley Signed-off-by: Paul Moore Signed-off-by: Greg Kroah-Hartman --- security/selinux/ss/policydb.c | 51 ++++++++++++++++++++++++++++------------- 1 file changed, 36 insertions(+), 15 deletions(-) --- a/security/selinux/ss/policydb.c +++ b/security/selinux/ss/policydb.c @@ -2108,6 +2108,7 @@ static int ocontext_read(struct policydb { int i, j, rc; u32 nel, len; + __be64 prefixbuf[1]; __le32 buf[3]; struct ocontext *l, *c; u32 nodebuf[8]; @@ -2217,21 +2218,30 @@ static int ocontext_read(struct policydb goto out; break; } - case OCON_IBPKEY: - rc = next_entry(nodebuf, fp, sizeof(u32) * 4); + case OCON_IBPKEY: { + u32 pkey_lo, pkey_hi; + + rc = next_entry(prefixbuf, fp, sizeof(u64)); + if (rc) + goto out; + + /* we need to have subnet_prefix in CPU order */ + c->u.ibpkey.subnet_prefix = be64_to_cpu(prefixbuf[0]); + + rc = next_entry(buf, fp, sizeof(u32) * 2); if (rc) goto out; - c->u.ibpkey.subnet_prefix = be64_to_cpu(*((__be64 *)nodebuf)); + pkey_lo = le32_to_cpu(buf[0]); + pkey_hi = le32_to_cpu(buf[1]); - if (nodebuf[2] > 0xffff || - nodebuf[3] > 0xffff) { + if (pkey_lo > U16_MAX || pkey_hi > U16_MAX) { rc = -EINVAL; goto out; } - c->u.ibpkey.low_pkey = le32_to_cpu(nodebuf[2]); - c->u.ibpkey.high_pkey = le32_to_cpu(nodebuf[3]); + c->u.ibpkey.low_pkey = pkey_lo; + c->u.ibpkey.high_pkey = pkey_hi; rc = context_read_and_validate(&c->context[0], p, @@ -2239,7 +2249,10 @@ static int ocontext_read(struct policydb if (rc) goto out; break; - case OCON_IBENDPORT: + } + case OCON_IBENDPORT: { + u32 port; + rc = next_entry(buf, fp, sizeof(u32) * 2); if (rc) goto out; @@ -2249,12 +2262,13 @@ static int ocontext_read(struct policydb if (rc) goto out; - if (buf[1] > 0xff || buf[1] == 0) { + port = le32_to_cpu(buf[1]); + if (port > U8_MAX || port == 0) { rc = -EINVAL; goto out; } - c->u.ibendport.port = le32_to_cpu(buf[1]); + c->u.ibendport.port = port; rc = context_read_and_validate(&c->context[0], p, @@ -2262,7 +2276,8 @@ static int ocontext_read(struct policydb if (rc) goto out; break; - } + } /* end case */ + } /* end switch */ } } rc = 0; @@ -3105,6 +3120,7 @@ static int ocontext_write(struct policyd { unsigned int i, j, rc; size_t nel, len; + __be64 prefixbuf[1]; __le32 buf[3]; u32 nodebuf[8]; struct ocontext *c; @@ -3192,12 +3208,17 @@ static int ocontext_write(struct policyd return rc; break; case OCON_IBPKEY: - *((__be64 *)nodebuf) = cpu_to_be64(c->u.ibpkey.subnet_prefix); + /* subnet_prefix is in CPU order */ + prefixbuf[0] = cpu_to_be64(c->u.ibpkey.subnet_prefix); - nodebuf[2] = cpu_to_le32(c->u.ibpkey.low_pkey); - nodebuf[3] = cpu_to_le32(c->u.ibpkey.high_pkey); + rc = put_entry(prefixbuf, sizeof(u64), 1, fp); + if (rc) + return rc; + + buf[0] = cpu_to_le32(c->u.ibpkey.low_pkey); + buf[1] = cpu_to_le32(c->u.ibpkey.high_pkey); - rc = put_entry(nodebuf, sizeof(u32), 4, fp); + rc = put_entry(buf, sizeof(u32), 2, fp); if (rc) return rc; rc = context_write(p, &c->context[0], fp);