Received: by 2002:a25:c593:0:0:0:0:0 with SMTP id v141csp6900099ybe; Wed, 18 Sep 2019 10:52:39 -0700 (PDT) X-Google-Smtp-Source: APXvYqwlV58UgvncQIiPgnjTE98zerEORQttr7Yf85ZiwpbRep8fZwt6TFp0G8165lHY2W1c2E7h X-Received: by 2002:a17:907:20c4:: with SMTP id qq4mr10705090ejb.161.1568829158942; Wed, 18 Sep 2019 10:52:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1568829158; cv=none; d=google.com; s=arc-20160816; b=LQE1YfnB8QvxcXzr3+FGBF/C3D7EHAtvSmczL3ZcgOnng81WQ0WDxZGvWxR1GzWn+h QT0PCDglTT3TmzH3rDjt6tAc9VcKk3Au4pHM1LpVXIvvTGgSV8GFof2KvgjRjXy0K2nd gAF1ha3MXfHEAt27RfUzt7Vkvoq5y3QBRMsL250zmucyUdZRJZdxSeIAAoIOWcM3nb6i aWFgwVSrikEwLwKfmj8fPUnS29rUc+W5/nvK+PIyupEZ4SHUQFPE7jCi1MLSvJVerzW6 h9/P3/T9DI8IFwOi+kzvB0532GOD22kHKu0NSVqT9eDlmGIESI9lgtBxn/IdG3SXl/1B jF+g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:to:subject:message-id:date:from :mime-version:dkim-signature; bh=jm0GKZ+zs79GqNNWF0bZqXAiPqdnJ7mX725LngqNeLU=; b=Kq0SSED2DEJzJ/VKgNwsl8m/KxFca19v9t5gweBZ6yOQcbpIfU7giq/a6cSiKMcuCE gApbpgsldJAitSJczzZQhHqSQzEWWXGkeN6QqjOaZkOBPytrW0R8hxlHh/uHNdQVPjRP HJhM4KtRQPCCD5MVTxRytIAb7U6DcohEjRRBvDvm14OpNBvdxtOlJnZ8wgjkTtQFUOgu 7EkGeJgb9+/mK994GS4S1oKVVSxsAIMqvYl2QNBeG0ToPzuPiTUjrHTV+VsPXxsjNL91 r+M30SGs96zUIMoYwvfQ2DN2lbWIYgq2VNCX8pXJ1HJQDL5hN8WVKo4YXhYhj33tFTo6 SBWw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=AyH57jpK; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h15si3278931ejx.211.2019.09.18.10.52.15; Wed, 18 Sep 2019 10:52:38 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=AyH57jpK; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728793AbfIRRlS (ORCPT + 99 others); Wed, 18 Sep 2019 13:41:18 -0400 Received: from mail-io1-f68.google.com ([209.85.166.68]:39116 "EHLO mail-io1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727397AbfIRRlR (ORCPT ); Wed, 18 Sep 2019 13:41:17 -0400 Received: by mail-io1-f68.google.com with SMTP id a1so1172834ioc.6 for ; Wed, 18 Sep 2019 10:41:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:from:date:message-id:subject:to; bh=jm0GKZ+zs79GqNNWF0bZqXAiPqdnJ7mX725LngqNeLU=; b=AyH57jpKls0MoQw6pX8sOAAZtlVmhb3SwrHEHMt+yhenFGJbwuB3oo/i2VhokOepSL dshCfEkqojr3985fj9V639uHHEyl+N7jKzSr1MoOZ/S5/BxHiwxLh4Sexxgt/gp0yaU1 URrtQmewbGhlOzKmUy1zhzP8+82zQ2ADJwkDY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=jm0GKZ+zs79GqNNWF0bZqXAiPqdnJ7mX725LngqNeLU=; b=fedZH8RPqG70YlT05gtsdoRIEZKfOvTijG+J7d1Lm5gMPuXSSJDqj8XJsZtw7QxqPZ MIrRR/g1i4yIIkrbY3lKoI4YVgGsLWxGT4KeFflDjIQNrlueoju4WwT8E/+h7lJ2cuN6 1nvqBkbDlH3/jaNMOeukcIrwrMDQ+mCiT/Jm34p9bMTe3k3aKdmN78pySnBFUODAkq9x hNYkV15oP/FYYrcbtvE/BClKhjsMpovBP9K9hWegvidY6rU6/pDnWkz/TAcr6gdJkZ9F K7hx1C4UyNVwwtnSsLlGf6j/Us4fg9leAwYzO4DyjPk+xPooJAZ1VDiEQdLLOBvZ3ckR 1/rg== X-Gm-Message-State: APjAAAXuOBEboLcGStOSHIFlC1bYz2+joYVjOgr9Cy6hJbdLWTvuxnBn r3w/UmkbO4Z3wQGW/twtdvWGaSqUpPLsWxPFUvFSKK9Fy7o= X-Received: by 2002:a5d:9f17:: with SMTP id q23mr6584195iot.301.1568828476751; Wed, 18 Sep 2019 10:41:16 -0700 (PDT) MIME-Version: 1.0 From: Micah Morton Date: Wed, 18 Sep 2019 10:41:06 -0700 Message-ID: Subject: [GIT PULL] SafeSetID LSM changes for 5.4 To: Linus Torvalds , Linux Kernel Mailing List , linux-security-module Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The following changes since commit 609488bc979f99f805f34e9a32c1e3b71179d10b: Linux 5.3-rc2 (2019-07-28 12:47:02 -0700) are available in the Git repository at: https://github.com/micah-morton/linux.git tags/safesetid-bugfix-5.4 for you to fetch changes up to 21ab8580b383f27b7f59b84ac1699cb26d6c3d69: LSM: SafeSetID: Stop releasing uninitialized ruleset (2019-09-17 11:27:05 -0700) ---------------------------------------------------------------- Fix for SafeSetID bug that was introduced in 5.3 Jann Horn sent some patches to fix some bugs in SafeSetID for 5.3. After he had done his testing there were a couple small code tweaks that went in and caused this bug. From what I can see SafeSetID is broken in 5.3 and crashes the kernel every time during initialization if you try to use it. I came across this bug when backporting Jann's changes for 5.3 to older kernels (4.14 and 4.19). I've tested on a Chrome OS device and verified that this change fixes things. Unless I'm missing something it doesn't seem super useful to have this change bake in linux-next, since it is completely broken in 5.3 and nobody noticed. Signed-off-by: Micah Morton ---------------------------------------------------------------- Micah Morton (1): LSM: SafeSetID: Stop releasing uninitialized ruleset security/safesetid/securityfs.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)