Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp1860405ybt; Mon, 15 Jun 2020 11:15:10 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxTc3+rE2Xiowg+0hd6Tpx9pvIi8jnIWMMqODmJF2EYnimW6SF6GpOV1q3ezCfMbW9b2je1 X-Received: by 2002:a17:906:27c3:: with SMTP id k3mr25383511ejc.65.1592244910153; Mon, 15 Jun 2020 11:15:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1592244910; cv=none; d=google.com; s=arc-20160816; b=qHLh15EYsZZ6qh/fb0gnnTJl8Hx5v6hQBY9P0ZqeAj8xadVUrzTVjHKYF5v8Ws6RdL OUYkisIHH0HThMDNKC0NdhmThfMZNeqYgcrgtQHZZ8yq+x4eKWWr4SbINUKM/ZjeHJl2 aIzH+Nju9BBPtfVEAAnBpDX1ZBnS6qQMECnZz+18H9JW5FnRROhyDdcIsrDcfXoiK51B F7W2hiGoPzKdzOPM7EvWVvtISbUjbuQsAeP5b3H5Pt2/jeNpdTVzLm5be+0XCojj7mIu VKunrFbUJe37JvSaEqK0P0BwOB1d/3+uBVhKseHa3Cqh4/LPwkfONvIb9jb68Tjw6kxA wFUw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:from:subject:mime-version :message-id:date:dkim-signature; bh=Qo/ijuM+ow8dAc5wZ5WE1a+KxROlqopnh8Kv9W50dgE=; b=HJ0Ucdyf/AZHHjPv75q6xFFfaJYlGZz/GFLZrWSPsNddzQ53nycl5Z3pnv9RXCOIPq NusUNf2yJRCkKIZujqxPtNYT+ZLa+RRnBA2kEFZl63iBKFtOBoLrYJCPLE+tLl9I+xd2 q/rkZrJfeI4XEshs97C5bw0Zll75SXV2ov6+yB9e9yurbVtkb6OvRhthIfL4PVF59B+w BHxTZKQXNyzCRFqQqbVO1VN67HOoYXRn4hdy6lNgM8UTe4XALMMpfxnWnO7ejPRZ2pZo tI+MZxsgpqE5BIkgjE32FWTtmScEFSB9nLlgnp5f+gDgnktw7w3pqQytnnwyzNCdgFqr TlEw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=LJDUo22t; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id y3si8911440edt.330.2020.06.15.11.14.47; Mon, 15 Jun 2020 11:15:10 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=LJDUo22t; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729844AbgFOSMj (ORCPT + 99 others); Mon, 15 Jun 2020 14:12:39 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44292 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728585AbgFOSMi (ORCPT ); Mon, 15 Jun 2020 14:12:38 -0400 Received: from mail-qt1-x84a.google.com (mail-qt1-x84a.google.com [IPv6:2607:f8b0:4864:20::84a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8B991C061A0E for ; Mon, 15 Jun 2020 11:12:37 -0700 (PDT) Received: by mail-qt1-x84a.google.com with SMTP id t24so14669046qtj.15 for ; Mon, 15 Jun 2020 11:12:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:message-id:mime-version:subject:from:to:cc; bh=Qo/ijuM+ow8dAc5wZ5WE1a+KxROlqopnh8Kv9W50dgE=; b=LJDUo22t6hXKapYyqN9R7tj7xlwtHlZqlpX2Kvnahx4equE7eFy9ZeqZs8yzrvSvLU toYaZ870Rz0SA+eygx4eP7sJZWNNCXwHsN9dJiyRLNxLnhidBaxqDouSATPVQjsHXjka wQ2EMOeZp4bKP46wfk1reLheh6nthxQ1Q9jIIQ+0x1kQIqc7Ld7Npcx25QHHzTA4LwNs 4fU28+zWRzWNw7TjboUaX1yed+Ql5EwJ8R7QzN7+26TSYQwfCqdW2I2+78qEUCGWJJuA wnGwrKwfOAQuATJRUovlEtAwFw8vg3yKlOkUpnJrz9QettVnlE7IVTo7lpyKgLoqdZQy DVxg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:message-id:mime-version:subject:from:to:cc; bh=Qo/ijuM+ow8dAc5wZ5WE1a+KxROlqopnh8Kv9W50dgE=; b=mVPIKqvgYH/T3Lkv//S1bQipIVVlw13aCtvIKgyKRHrLSudPt8EZEBRkxXpKpQtpQf Nc6twzWlF/aG4RGqtQYNjZFe5LrprXaojGY1KmN+fNe3MiRJx4FMT3+WjIY8UhWDewIS GdFhkj0M43WCnSPn9JXIqUbV/HXY1BlAsaG8K8xyvf7JxHNBKXVDM+lD3lcmp1+84Zvb fRYXS1rPdcM40J2Qfft4xVXnWnx36juTDt7xWGchLohq0z/7HWID3K/TswvHZmfiGeZD LO/35NKG01RRhlR+oWyRoqgeeqsnRVyORknHhU65UsdP5l0wdxFu3z6gEFKIWu4l7JIA hj9g== X-Gm-Message-State: AOAM531/NKtR6kNNSDpNvdmhl8Aci89qSySoy2dYUD5D7CdjJz0b5i+N cJ9WCOUjmyMfiUzHM3MAukkTkEZW1ulcc+xJQI8= X-Received: by 2002:a0c:b712:: with SMTP id t18mr25455456qvd.245.1592244756513; Mon, 15 Jun 2020 11:12:36 -0700 (PDT) Date: Mon, 15 Jun 2020 11:12:32 -0700 Message-Id: <20200615181232.119491-1-samitolvanen@google.com> Mime-Version: 1.0 X-Mailer: git-send-email 2.27.0.290.gba653c62da-goog Subject: [PATCH] security: fix the key_permission LSM hook function type From: Sami Tolvanen To: David Howells , James Morris , Kees Cook , "Eric W. Biederman" , KP Singh , Casey Schaufler , Thomas Cedeno , Anders Roxell Cc: linux-kernel@vger.kernel.org, Sami Tolvanen Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Commit 8c0637e950d6 ("keys: Make the KEY_NEED_* perms an enum rather than a mask") changed the type of the key_permission callback functions, but didn't change the type of the hook, which trips indirect call checking with Control-Flow Integrity (CFI). This change fixes the issue by changing the hook type to match the functions. Fixes: 8c0637e950d6 ("keys: Make the KEY_NEED_* perms an enum rather than a mask") Signed-off-by: Sami Tolvanen --- include/linux/lsm_hook_defs.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h index 6791813cd439..24f6683f1cfc 100644 --- a/include/linux/lsm_hook_defs.h +++ b/include/linux/lsm_hook_defs.h @@ -360,7 +360,7 @@ LSM_HOOK(int, 0, key_alloc, struct key *key, const struct cred *cred, unsigned long flags) LSM_HOOK(void, LSM_RET_VOID, key_free, struct key *key) LSM_HOOK(int, 0, key_permission, key_ref_t key_ref, const struct cred *cred, - unsigned perm) + enum key_need_perm need_perm) LSM_HOOK(int, 0, key_getsecurity, struct key *key, char **_buffer) #endif /* CONFIG_KEYS */ base-commit: b3a9e3b9622ae10064826dccb4f7a52bd88c7407 -- 2.27.0.290.gba653c62da-goog