Received: by 2002:a05:6a11:4021:0:0:0:0 with SMTP id ky33csp1795794pxb; Thu, 16 Sep 2021 16:07:58 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxxKL5Ggg/rSvjuw3sg48A+aAvBCV09Qy9zTskagsGuPHp4O5NgEC2L7eRS+jGIC/NgzZ+K X-Received: by 2002:a5e:8511:: with SMTP id i17mr3329660ioj.108.1631833678271; Thu, 16 Sep 2021 16:07:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1631833678; cv=none; d=google.com; s=arc-20160816; b=OFVUYgC1iOnTm7JJniEJVIaRZoBORrA76VZGpbgTF4X1XuNbNG+lAZFTzxLHeUqmBj fEXC03ibE/uQGrQYmCgeMjDxZ9saMTl2WgpOZARzUHXZkLt0GuJDYshT9jaP3FP7p50u vryzHlkUknj6tDHFk9ctB0R0wKTmOxgW+4pO2sMhHhZun/81iUBk9quwciy64FkBzzNh d7B620WQeBFpYEGAzvAk8hya8+Gm/2E5hbaQumWSp+ztKJAR9DoP84ythIo7V89PEbyG 3P6Neh09YWBBxEvG0q1cZRbZpnerNNIatTqXfnPfwXaUQzzcprMNnQBjqJ2GTsqUylTZ Q7Jw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=uu4ZAi6B07Mtkvm5Ygu+nWRsYYVLFjt+gj+C9vR0gYw=; b=R0sL4dnGGtCpG65NAQC8z4mgcLkJ8FexsEcVedenqmibWg5Vni9okGOQcCaUS2EcR5 JrtyHtMJLOjdDNoEPhHqzk/QfBc+wJahMIn5/Vp42at2mTJg4Tvl14XXL9nDytJwdgR/ fuRMorIyakFz/iSGRqBCke3lr3Qvouem8TVzAaXf4sUhUuwAuw0zaeYIdBOXo2J2VyU2 uI4kGde8lrsFvjQAoT4sqCXAUBw70Xg1euyi+Gx1stFusOWJoZbRYRvaV0kfdyhdOVwL jxEadSsLml6K5NzIh1o+7FV3VeT1bQ8GYEIvMOAclMODy+CXI6H/asFYj9yuoyLVii++ iyeQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=tGdTskoD; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id k126si1764402iof.103.2021.09.16.16.07.47; Thu, 16 Sep 2021 16:07:58 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=tGdTskoD; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242346AbhIPQrX (ORCPT + 99 others); Thu, 16 Sep 2021 12:47:23 -0400 Received: from mail.kernel.org ([198.145.29.99]:52386 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S245632AbhIPQmC (ORCPT ); Thu, 16 Sep 2021 12:42:02 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 5C022613B1; Thu, 16 Sep 2021 16:24:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1631809465; bh=6mcHWBWcWXuC5Tmts2xdto8ZuoMFECF0/tuKk/l87Uw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=tGdTskoDGHsA8vhCJcf/2FrDY19/YI86mG9sXPdFe/eTdf2Pu82688qer6jID27T1 9YmxdnADQgHV3/VyMg4dxDfraJO2QV5NDitrYMrP+wBIr10Fgh/P82mPFnkS0ZpTgG HI0CvOtQ2M8dorVYkVjK0w4mpq+4QPeHVZVlm6VE= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Tianjia Zhang , Casey Schaufler , Sasha Levin Subject: [PATCH 5.13 164/380] Smack: Fix wrong semantics in smk_access_entry() Date: Thu, 16 Sep 2021 17:58:41 +0200 Message-Id: <20210916155809.664284642@linuxfoundation.org> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20210916155803.966362085@linuxfoundation.org> References: <20210916155803.966362085@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Tianjia Zhang [ Upstream commit 6d14f5c7028eea70760df284057fe198ce7778dd ] In the smk_access_entry() function, if no matching rule is found in the rust_list, a negative error code will be used to perform bit operations with the MAY_ enumeration value. This is semantically wrong. This patch fixes this issue. Signed-off-by: Tianjia Zhang Signed-off-by: Casey Schaufler Signed-off-by: Sasha Levin --- security/smack/smack_access.c | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c index 7eabb448acab..169929c6c4eb 100644 --- a/security/smack/smack_access.c +++ b/security/smack/smack_access.c @@ -81,23 +81,22 @@ int log_policy = SMACK_AUDIT_DENIED; int smk_access_entry(char *subject_label, char *object_label, struct list_head *rule_list) { - int may = -ENOENT; struct smack_rule *srp; list_for_each_entry_rcu(srp, rule_list, list) { if (srp->smk_object->smk_known == object_label && srp->smk_subject->smk_known == subject_label) { - may = srp->smk_access; - break; + int may = srp->smk_access; + /* + * MAY_WRITE implies MAY_LOCK. + */ + if ((may & MAY_WRITE) == MAY_WRITE) + may |= MAY_LOCK; + return may; } } - /* - * MAY_WRITE implies MAY_LOCK. - */ - if ((may & MAY_WRITE) == MAY_WRITE) - may |= MAY_LOCK; - return may; + return -ENOENT; } /** -- 2.30.2