Received: by 2002:a25:23cc:0:0:0:0:0 with SMTP id j195csp1168789ybj; Thu, 7 May 2020 16:47:12 -0700 (PDT) X-Google-Smtp-Source: APiQypLl/A4QL1tHuUnWQpFae1uplR1q5oW9D/vKSXwVg34Kc81vbMjYwSizZpIuu5vQTO8YZ+jy X-Received: by 2002:aa7:c1cf:: with SMTP id d15mr13691810edp.266.1588895232518; Thu, 07 May 2020 16:47:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1588895232; cv=none; d=google.com; s=arc-20160816; b=Qgbv6JSwPffNFoGR1/nVW0aO1bMXje3OewBWBtYV/RTehHQiW8v13k0RuYHctMmwBS 5IA2GijsLbDclTlKyTw/ewj+JMvy3BagueWqmmXKSWnS6he0fV2+dKKkefv+w6dRbtHC IjxpxMCe5jGLOdhrHkp+KhlE7sPKhBMq4E6lBxPh+ZD7KildiMv4A6IaMjoU/PdLleMq QjN97Ee79186/YqN2rikInuD+6vWzZQZPwix6jkgcz1h0hAEx+1Jx4ug872p1xBTynwG erVg8QrKhF8T+2C+EjzXepYbbbbUxjMm0bmeUU87ghRWEZtRxHH7o93lquvJL0UP4ttW 5f0w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:message-id :subject:cc:to:from:date; bh=9zD0Ntu52yDifZMYqMHvoYdZeXx8l6vJGfHBdEtenTU=; b=mk6P3ufbY9OX4LD8lmbUOph1qZqaPEW4a9qEngG8ydv/H8yUmVZhmzuCl5dn/J2Arx /qkTt7QP6USlyPFw2Zg0jpVgDYv//byx0bGELL5K9v+NHi0OAnCNCJwhntxeBNZg0xXg kOqPuSlsuGuKJQX3ThpRaWYhkVXww+LezUg/Zrg4guHAp33ypZ++CFk27LV+7wkplzr8 PnClKY4zOgrp6KfBmwgQY2L53znK5eyFFmJFzrtgPGUzKn7OwK7LaFphw0zuynZSvHKn uNFxmWnHGTxrW7NIqyz7N3CB1ob7AHrMB4qg3V0wE1U2rOVvISkFRygPyVM96mtfSPPr EfNg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id j17si4099660edq.404.2020.05.07.16.46.49; Thu, 07 May 2020 16:47:12 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726538AbgEGXpR (ORCPT + 99 others); Thu, 7 May 2020 19:45:17 -0400 Received: from namei.org ([65.99.196.166]:57630 "EHLO namei.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726476AbgEGXpR (ORCPT ); Thu, 7 May 2020 19:45:17 -0400 Received: from localhost (localhost [127.0.0.1]) by namei.org (8.14.4/8.14.4) with ESMTP id 047NjBCx016267; Thu, 7 May 2020 23:45:11 GMT Date: Fri, 8 May 2020 09:45:11 +1000 (AEST) From: James Morris To: Linus Torvalds cc: linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, KP Singh Subject: [GIT PULL] security: Fix the default value of fs_context_parse_param hook Message-ID: User-Agent: Alpine 2.21 (LRH 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Please pull this fix from KP Singh (several folks are reporting issues around this): The following changes since commit c45e8bccecaf633480d378daff11e122dfd5e96d: Merge tag 'for-5.7/dm-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm (2020-04-30 16:45:08 -0700) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git for-v5.7 for you to fetch changes up to 54261af473be4c5481f6196064445d2945f2bdab: security: Fix the default value of fs_context_parse_param hook (2020-04-30 20:29:34 -0700) ---------------------------------------------------------------- KP Singh (1): security: Fix the default value of fs_context_parse_param hook include/linux/lsm_hook_defs.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- commit 54261af473be4c5481f6196064445d2945f2bdab Author: KP Singh Date: Thu Apr 30 17:52:40 2020 +0200 security: Fix the default value of fs_context_parse_param hook security_fs_context_parse_param is called by vfs_parse_fs_param and a succussful return value (i.e 0) implies that a parameter will be consumed by the LSM framework. This stops all further parsing of the parmeter by VFS. Furthermore, if an LSM hook returns a success, the remaining LSM hooks are not invoked for the parameter. The current default behavior of returning success means that all the parameters are expected to be parsed by the LSM hook and none of them end up being populated by vfs in fs_context This was noticed when lsm=bpf is supplied on the command line before any other LSM. As the bpf lsm uses this default value to implement a default hook, this resulted in a failure to parse any fs_context parameters and a failure to mount the root filesystem. Fixes: 98e828a0650f ("security: Refactor declaration of LSM hooks") Reported-by: Mikko Ylinen Signed-off-by: KP Singh Signed-off-by: James Morris diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h index 9cd4455528e5..1bdd027766d4 100644 --- a/include/linux/lsm_hook_defs.h +++ b/include/linux/lsm_hook_defs.h @@ -55,7 +55,7 @@ LSM_HOOK(void, LSM_RET_VOID, bprm_committing_creds, struct linux_binprm *bprm) LSM_HOOK(void, LSM_RET_VOID, bprm_committed_creds, struct linux_binprm *bprm) LSM_HOOK(int, 0, fs_context_dup, struct fs_context *fc, struct fs_context *src_sc) -LSM_HOOK(int, 0, fs_context_parse_param, struct fs_context *fc, +LSM_HOOK(int, -ENOPARAM, fs_context_parse_param, struct fs_context *fc, struct fs_parameter *param) LSM_HOOK(int, 0, sb_alloc_security, struct super_block *sb) LSM_HOOK(void, LSM_RET_VOID, sb_free_security, struct super_block *sb)