Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp9445928pxu;
        Mon, 28 Dec 2020 16:51:05 -0800 (PST)
X-Google-Smtp-Source: ABdhPJyfS1WNnT819zXnkgUFk/H4JahRMKjjKKQzBFW+BgOtOiRLEtQmOCXjE9/UuzSHF8wdNaWf
X-Received: by 2002:aa7:c355:: with SMTP id j21mr42956239edr.338.1609203064936;
        Mon, 28 Dec 2020 16:51:04 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1609203064; cv=none;
        d=google.com; s=arc-20160816;
        b=i1F/RY0ROmLSzlpaAwqu6FW1gcMoqUUyF2QyJSzY98Foen3esJOGsTCGJcs9vhKZ0n
         vNvSrbd+cN9CMsjW9aOWSs7oOC794z6NbaSummyTvaXvuYWU4LQY9kUwY6DtnVP2PpMc
         Y8d716fn7JyfnT+x2U8qBTnzySVi0YHZxZY4X4TAtujhb87PALW7dwBcHVY9dqdyCZGB
         y+/Enq/ou7+qTmR6JkizFjUQJJfBgYSLP4t21xHQBXC1ifbnwl975hq9i0+CQw/zVBVy
         r98uACPu6U3xUuzX14g0KxeUkTQTDquGScIGM6FXLqZ13ahZsRwaSQpIrdo/ZXj8IP5q
         E+rQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=KxUwTT978rr7RTfK47ffiK46q9oixHHWXj+kdnf6h6Y=;
        b=wXny7yhc/eEeC688Km9CEPyClg8Em3IWXRWvK5pcqjw8Bj4OqEO7EZqjgyWK2LPVcT
         ErV83cZqkFIwh1VGYNdygQDSusMo33BL8oZfGBoHFufIV18q/6J9NNwxjnUTRAq8Xyow
         lSzdhfDDHVB6nRyKdNZHjGH3lvDFjpMCouaE2J68Fid9d9ai6ve4vq+JDuIotXYj1DmB
         fRJLnnDoY9nJv93z2HugOivaOZox3eFZoZh/cbXV/AvR14Vu6AFl0ShJUZQst0RA/g+W
         +zXdBMnFsGGVXtdMnJIcfzydpi8MNNKQnP5/OIip7LsnvXq57vo9ziToUOp636UBU0RR
         ohYA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=PPdglN8u;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id m17si19130331ejn.194.2020.12.28.16.50.43;
        Mon, 28 Dec 2020 16:51:04 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=PPdglN8u;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2632859AbgL1QG7 (ORCPT <rfc822;lxz1983@gmail.com> + 99 others);
        Mon, 28 Dec 2020 11:06:59 -0500
Received: from mail.kernel.org ([198.145.29.99]:55328 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S2389494AbgL1N0b (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 28 Dec 2020 08:26:31 -0500
Received: by mail.kernel.org (Postfix) with ESMTPSA id A374220728;
        Mon, 28 Dec 2020 13:25:49 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1609161950;
        bh=L29C2rA1dyuGhtjDbgne65PWnPns4sq593oj4UkwEus=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=PPdglN8uye48WLxSPZnGliE5Oj3ClnkCdi+SuTE52hqObMeYLp3gkkYA6utxBF2vP
         GQQJHbPE0GrpJ9Qp+9GDNfXN/53aQfOovQtAU3CyOtf7renvDcl05wuZFy8eqKZ6TS
         NjSEhNhx8wgIOrCJfsrxKeKijxwOZ9NiHnCHAZro=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Sven Schnelle <svens@linux.ibm.com>,
        Ondrej Mosnacek <omosnace@redhat.com>,
        Paul Moore <paul@paul-moore.com>,
        Sasha Levin <sashal@kernel.org>
Subject: [PATCH 4.19 120/346] selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling
Date:   Mon, 28 Dec 2020 13:47:19 +0100
Message-Id: <20201228124925.596058220@linuxfoundation.org>
X-Mailer: git-send-email 2.29.2
In-Reply-To: <20201228124919.745526410@linuxfoundation.org>
References: <20201228124919.745526410@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Paul Moore <paul@paul-moore.com>

[ Upstream commit 200ea5a2292dc444a818b096ae6a32ba3caa51b9 ]

A previous fix, commit 83370b31a915 ("selinux: fix error initialization
in inode_doinit_with_dentry()"), changed how failures were handled
before a SELinux policy was loaded.  Unfortunately that patch was
potentially problematic for two reasons: it set the isec->initialized
state without holding a lock, and it didn't set the inode's SELinux
label to the "default" for the particular filesystem.  The later can
be a problem if/when a later attempt to revalidate the inode fails
and SELinux reverts to the existing inode label.

This patch should restore the default inode labeling that existed
before the original fix, without affecting the LABEL_INVALID marking
such that revalidation will still be attempted in the future.

Fixes: 83370b31a915 ("selinux: fix error initialization in inode_doinit_with_dentry()")
Reported-by: Sven Schnelle <svens@linux.ibm.com>
Tested-by: Sven Schnelle <svens@linux.ibm.com>
Reviewed-by: Ondrej Mosnacek <omosnace@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 security/selinux/hooks.c | 31 +++++++++++++------------------
 1 file changed, 13 insertions(+), 18 deletions(-)

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 02afe52a55d0d..08833bbb97aab 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1618,13 +1618,7 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
 			 * inode_doinit with a dentry, before these inodes could
 			 * be used again by userspace.
 			 */
-			isec->initialized = LABEL_INVALID;
-			/*
-			 * There is nothing useful to jump to the "out"
-			 * label, except a needless spin lock/unlock
-			 * cycle.
-			 */
-			return 0;
+			goto out_invalid;
 		}
 
 		len = INITCONTEXTLEN;
@@ -1739,15 +1733,8 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
 			 * inode_doinit() with a dentry, before these inodes
 			 * could be used again by userspace.
 			 */
-			if (!dentry) {
-				isec->initialized = LABEL_INVALID;
-				/*
-				 * There is nothing useful to jump to the "out"
-				 * label, except a needless spin lock/unlock
-				 * cycle.
-				 */
-				return 0;
-			}
+			if (!dentry)
+				goto out_invalid;
 			rc = selinux_genfs_get_sid(dentry, sclass,
 						   sbsec->flags, &sid);
 			dput(dentry);
@@ -1760,11 +1747,10 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
 out:
 	spin_lock(&isec->lock);
 	if (isec->initialized == LABEL_PENDING) {
-		if (!sid || rc) {
+		if (rc) {
 			isec->initialized = LABEL_INVALID;
 			goto out_unlock;
 		}
-
 		isec->initialized = LABEL_INITIALIZED;
 		isec->sid = sid;
 	}
@@ -1772,6 +1758,15 @@ out:
 out_unlock:
 	spin_unlock(&isec->lock);
 	return rc;
+
+out_invalid:
+	spin_lock(&isec->lock);
+	if (isec->initialized == LABEL_PENDING) {
+		isec->initialized = LABEL_INVALID;
+		isec->sid = sid;
+	}
+	spin_unlock(&isec->lock);
+	return 0;
 }
 
 /* Convert a Linux signal to an access vector. */
-- 
2.27.0