Received: by 2002:a25:868d:0:0:0:0:0 with SMTP id z13csp532323ybk;
        Wed, 20 May 2020 06:00:23 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJwIzo/3fPSMEb7xgj6E2KWgYnBB4/ilZ73eBdzBHVwCkFOtQ8wgfI1q8WdzqOaDfmtatP1F
X-Received: by 2002:a50:e70a:: with SMTP id a10mr3450125edn.124.1589979623822;
        Wed, 20 May 2020 06:00:23 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1589979623; cv=none;
        d=google.com; s=arc-20160816;
        b=JgljA1R/Tdq7fG07X2W0QJEH7Amv61llbXQq8u4I0ADG3mjQG4Dg6hboxtSrj2qlVv
         JN3B7y28YvkQvRaBNRpfe+8S9y91sTrFHXXqiOp/bK6za2MmHfLKZSoHSCU6Hr0VQOI0
         zdm9vqD+UKK0mA6VkYHZ9LQlIeOrjVAsTxwSN5C9J347EAXuTK+hYi4wq0Hh8446JvOC
         VOYnUTESitoogu9lQHZoIz2Ic7d6sm/rXCBkPMyTLWLr4OBhUiBF2KvMIqC7aqVv0u8N
         qujKk8lccbcHRktORFY+HbUDyhYk6Vk96RIss071hWyQCYZ/1B+lunl6ut/VH9NgbNqo
         tvGQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from:dkim-signature;
        bh=FRf0IXb8hQkrdaL1fqV3l4f1s2bF25mDJk/8LzKBDyk=;
        b=X2CvtZiLbnk75vjtvekiH3nLMZbtAoJ7DPqICWjXvO1vfopzyB7u0jIZz4Z4GrICsn
         ny2aNlMx+naRlbtHF/bD8AzJsVHqo8vZcFPXuAe/FUacVvsOpykopkzYQK8qLRfYzJUO
         V0ZLjC63JVUXafS7xqM6OwxDfc+G5TB79Z0xqV5g0k+lpoyTp+UkuqZfy/TYZtUbyhfu
         ZrAfYq9EjAeKgZwBK61JS6YA0aSs4SW40C5zMcCntlhr/dv52AaowJ0a4W+cb79VJ7Kj
         8A4EvsMcrSl+WFPzPWIdVu0MgJ8ZHMnaZMM3p4qJI514OL9AuiLOFpEh2UE8x4lqiOVd
         dBjQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@chromium.org header.s=google header.b=FcM3iKpm;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id dg11si1418578edb.59.2020.05.20.06.00.00;
        Wed, 20 May 2020 06:00:23 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@chromium.org header.s=google header.b=FcM3iKpm;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726810AbgETM42 (ORCPT <rfc822;sunnyliangjy@gmail.com>
        + 99 others); Wed, 20 May 2020 08:56:28 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41676 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726691AbgETM4Y (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 20 May 2020 08:56:24 -0400
Received: from mail-wr1-x442.google.com (mail-wr1-x442.google.com [IPv6:2a00:1450:4864:20::442])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 15BA5C05BD43
        for <linux-kernel@vger.kernel.org>; Wed, 20 May 2020 05:56:24 -0700 (PDT)
Received: by mail-wr1-x442.google.com with SMTP id l18so3039931wrn.6
        for <linux-kernel@vger.kernel.org>; Wed, 20 May 2020 05:56:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google;
        h=from:to:cc:subject:date:message-id:mime-version
         :content-transfer-encoding;
        bh=FRf0IXb8hQkrdaL1fqV3l4f1s2bF25mDJk/8LzKBDyk=;
        b=FcM3iKpmGOIcheIq2sv7UBjccYXgY5UfnFjB4xNjwyYn/tsB62nOO1DlESb5YDOJW0
         sqFXADpYAoyt8FhrnVZr8S0nV8jXbRhFgVllGSXhkdtwDwjB2N1piQYgke2bBl7yz4Cu
         VYa9mPs5vM6n6ad8Zc7RtsTFPTTusIOL3Oj7Q=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version
         :content-transfer-encoding;
        bh=FRf0IXb8hQkrdaL1fqV3l4f1s2bF25mDJk/8LzKBDyk=;
        b=F8OHh9+bPC1u3fRrRVgNDAJhzHNdkMj9RzrsdBYaqDkZVEBh0oipzRi9gZ12sm02zp
         EchnwQ1z04QDjBBRHBF2+hcKjjyZWNwwsBXUObfV4kI1245yPFOB36B3iTfNiO3c3v5k
         i2YBj1XY+2T6yFpM7lgfCfc/nPpaju5QpCt8EzsGY15Vi5cNlP5gr5bcQRljQyo3ktCC
         B75H0ycktXKUj6SNXr4Yx3qCNCCfFfRt5PDnChGISNAuBRSbRqhggHbKRdBrpUBWrEME
         UEeNgcGZP4G6B6NRXEyyg/fnVDBmuZRIxaqwzvEQ1ZYWlG3Q7e4IbBIJgErtC4eP8yer
         7QFw==
X-Gm-Message-State: AOAM530RriRbMBaPggAkAsrh1alK5rTh4UlqKwsf0y8ivrfw6cxmr+Gq
        DOqjc4vO9XwX9nJ1NGV6JpOzoZpqrvo=
X-Received: by 2002:adf:e703:: with SMTP id c3mr4169330wrm.252.1589979382402;
        Wed, 20 May 2020 05:56:22 -0700 (PDT)
Received: from kpsingh.zrh.corp.google.com ([81.6.44.51])
        by smtp.gmail.com with ESMTPSA id i11sm2961978wrc.35.2020.05.20.05.56.21
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 20 May 2020 05:56:21 -0700 (PDT)
From:   KP Singh <kpsingh@chromium.org>
To:     linux-kernel@vger.kernel.org, bpf@vger.kernel.org,
        linux-security-module@vger.kernel.org
Cc:     Alexei Starovoitov <ast@kernel.org>,
        Daniel Borkmann <daniel@iogearbox.net>,
        James Morris <jmorris@namei.org>,
        Anders Roxell <anders.roxell@linaro.org>,
        Casey Schaufler <casey@schaufler-ca.com>
Subject: [PATCH bpf] security: Fix hook iteration for secid_to_secctx
Date:   Wed, 20 May 2020 14:56:16 +0200
Message-Id: <20200520125616.193765-1-kpsingh@chromium.org>
X-Mailer: git-send-email 2.26.2.761.g0e0b3e54be-goog
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: KP Singh <kpsingh@google.com>

secid_to_secctx is not stackable, and since the BPF LSM registers this
hook by default, the call_int_hook logic is not suitable which
"bails-on-fail" and casues issues when other LSMs register this hook and
eventually breaks Audit.

In order to fix this, directly iterate over the security hooks instead
of using call_int_hook as suggested in:

https: //lore.kernel.org/bpf/9d0eb6c6-803a-ff3a-5603-9ad6d9edfc00@schaufler-ca.com/#t

Fixes: 98e828a0650f ("security: Refactor declaration of LSM hooks")
Fixes: 625236ba3832 ("security: Fix the default value of secid_to_secctx hook"
Reported-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: KP Singh <kpsingh@google.com>
---
 security/security.c | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/security/security.c b/security/security.c
index 7fed24b9d57e..51de970fbb1e 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1965,8 +1965,20 @@ EXPORT_SYMBOL(security_ismaclabel);
 
 int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
 {
-	return call_int_hook(secid_to_secctx, -EOPNOTSUPP, secid, secdata,
-				seclen);
+	struct security_hook_list *hp;
+	int rc;
+
+	/*
+	 * Currently, only one LSM can implement secid_to_secctx (i.e this
+	 * LSM hook is not "stackable").
+	 */
+	hlist_for_each_entry(hp, &security_hook_heads.secid_to_secctx, list) {
+		rc = hp->hook.secid_to_secctx(secid, secdata, seclen);
+		if (rc != LSM_RET_DEFAULT(secid_to_secctx))
+			return rc;
+	}
+
+	return LSM_RET_DEFAULT(secid_to_secctx);
 }
 EXPORT_SYMBOL(security_secid_to_secctx);
 
-- 
2.26.2.761.g0e0b3e54be-goog