Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp9131378pxu;
        Mon, 28 Dec 2020 07:23:31 -0800 (PST)
X-Google-Smtp-Source: ABdhPJz9q31+YOBfhKz6nR5BfxPKXk09NYQMoOOi/3hK/4uqtfnJFHr7Bpt2tzSJQLfbQX1uDqRV
X-Received: by 2002:a17:906:2d42:: with SMTP id e2mr43139589eji.292.1609169011164;
        Mon, 28 Dec 2020 07:23:31 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1609169011; cv=none;
        d=google.com; s=arc-20160816;
        b=RHDj7jhK2x15oaKJL2Us5zM2uY2Yfvz8Hi/Lk9pD72YK8eQViWYPxHuYxtGjqv/2OP
         tZ1JFYWnF4Sa4hB7VJzgGatwQxPmLlYRymTt2OHndKg0fS+a+VBd1C1QGJ1h8TDUukbN
         3HSKmzDiNDVfykcFfignPo9kKO+yFHxFyrEusawBUPRhZjCJDQ0bfbougD0qXhsa0Y4u
         ldVCwqMKI69o8kdYSQdtpK23cZd0l4Uyo2Bq7169Q1RamiQwuTzD83vgNyTVxxlW2FyG
         /yk1PEZdvstiuEa8O5mEGBDbiI/AlFAvPt3GVu/y1AL+YGJ3gF06GRe/5mXgFPwBm85E
         L9jw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=H2YGKCTG3+DXadfI2CVv7nZ77hE2JjSRXukvA51czHM=;
        b=OIMB/VhmgPdPP6h7OfSlYGuLOs0R+h4/uyW+1GseJSEtMMn/ta8iOi9KUpqKHqRdgW
         p3F29jXf36E1EcrbZ13vbs8/S69mAn78HXenIhKpR9sIrWpp7/vwCJwmJFZad9+dlSDZ
         ewlycV4X3dbzzUY0ANYXubOkoPA4QtPLXPaCD+stAsisS3Ymwf4NTDFiqrqvgQ+hhfH+
         /pAckmsYfjgJy/bp7d4CL9/C+X8q3l3WMzUEceC8cVa4WIfR7p23j4DXQn8v3n9jn1q4
         zzhb5khoOq6ypGXvtLBGoIbVrnMotapSuZMdcqPncxF1LflrX3R3ADX9L7PFNSEzLkJW
         3PDw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=JWsUacG4;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id x14si20379048edq.88.2020.12.28.07.23.08;
        Mon, 28 Dec 2020 07:23:31 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=JWsUacG4;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2391584AbgL1OCT (ORCPT <rfc822;lxz1983@gmail.com> + 99 others);
        Mon, 28 Dec 2020 09:02:19 -0500
Received: from mail.kernel.org ([198.145.29.99]:36026 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S2436819AbgL1OCR (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 28 Dec 2020 09:02:17 -0500
Received: by mail.kernel.org (Postfix) with ESMTPSA id 151F320791;
        Mon, 28 Dec 2020 14:01:35 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1609164096;
        bh=2iUSLg8J+BQBfdwTT7RiWWTz0ygXNDtQhc5x1WMPOQI=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=JWsUacG4p/Fm6rr8uubFVwSXXuHLPrU/ViBZ060/HJUbaPbTPWG/mivk7dgW3iAWg
         ymioClcX6oC8i9sKBHhQ6iDjxG95xHyKJpspbt52PyiPjsfKkluPFmNH3X8CGJ4meB
         w9iHvSyfOvDO5FCVmYdUn9dXC75MAPvuC6wehvgc=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Sven Schnelle <svens@linux.ibm.com>,
        Ondrej Mosnacek <omosnace@redhat.com>,
        Paul Moore <paul@paul-moore.com>,
        Sasha Levin <sashal@kernel.org>
Subject: [PATCH 5.10 059/717] selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling
Date:   Mon, 28 Dec 2020 13:40:57 +0100
Message-Id: <20201228125023.823333506@linuxfoundation.org>
X-Mailer: git-send-email 2.29.2
In-Reply-To: <20201228125020.963311703@linuxfoundation.org>
References: <20201228125020.963311703@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Paul Moore <paul@paul-moore.com>

[ Upstream commit 200ea5a2292dc444a818b096ae6a32ba3caa51b9 ]

A previous fix, commit 83370b31a915 ("selinux: fix error initialization
in inode_doinit_with_dentry()"), changed how failures were handled
before a SELinux policy was loaded.  Unfortunately that patch was
potentially problematic for two reasons: it set the isec->initialized
state without holding a lock, and it didn't set the inode's SELinux
label to the "default" for the particular filesystem.  The later can
be a problem if/when a later attempt to revalidate the inode fails
and SELinux reverts to the existing inode label.

This patch should restore the default inode labeling that existed
before the original fix, without affecting the LABEL_INVALID marking
such that revalidation will still be attempted in the future.

Fixes: 83370b31a915 ("selinux: fix error initialization in inode_doinit_with_dentry()")
Reported-by: Sven Schnelle <svens@linux.ibm.com>
Tested-by: Sven Schnelle <svens@linux.ibm.com>
Reviewed-by: Ondrej Mosnacek <omosnace@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 security/selinux/hooks.c | 31 +++++++++++++------------------
 1 file changed, 13 insertions(+), 18 deletions(-)

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 158fc47d8620d..c46312710e73e 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1451,13 +1451,7 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
 			 * inode_doinit with a dentry, before these inodes could
 			 * be used again by userspace.
 			 */
-			isec->initialized = LABEL_INVALID;
-			/*
-			 * There is nothing useful to jump to the "out"
-			 * label, except a needless spin lock/unlock
-			 * cycle.
-			 */
-			return 0;
+			goto out_invalid;
 		}
 
 		rc = inode_doinit_use_xattr(inode, dentry, sbsec->def_sid,
@@ -1513,15 +1507,8 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
 			 * inode_doinit() with a dentry, before these inodes
 			 * could be used again by userspace.
 			 */
-			if (!dentry) {
-				isec->initialized = LABEL_INVALID;
-				/*
-				 * There is nothing useful to jump to the "out"
-				 * label, except a needless spin lock/unlock
-				 * cycle.
-				 */
-				return 0;
-			}
+			if (!dentry)
+				goto out_invalid;
 			rc = selinux_genfs_get_sid(dentry, sclass,
 						   sbsec->flags, &sid);
 			if (rc) {
@@ -1546,11 +1533,10 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
 out:
 	spin_lock(&isec->lock);
 	if (isec->initialized == LABEL_PENDING) {
-		if (!sid || rc) {
+		if (rc) {
 			isec->initialized = LABEL_INVALID;
 			goto out_unlock;
 		}
-
 		isec->initialized = LABEL_INITIALIZED;
 		isec->sid = sid;
 	}
@@ -1558,6 +1544,15 @@ out:
 out_unlock:
 	spin_unlock(&isec->lock);
 	return rc;
+
+out_invalid:
+	spin_lock(&isec->lock);
+	if (isec->initialized == LABEL_PENDING) {
+		isec->initialized = LABEL_INVALID;
+		isec->sid = sid;
+	}
+	spin_unlock(&isec->lock);
+	return 0;
 }
 
 /* Convert a Linux signal to an access vector. */
-- 
2.27.0