Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp2292996pxb; Tue, 12 Oct 2021 03:35:13 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxkxWaxtNSsO1I8KcPyg2Ik7xbX2rcVI1JHQQZTHoo2Ldj0VZz0j3nNCvWWIgmy9Z1zcp9a X-Received: by 2002:a05:6402:4304:: with SMTP id m4mr50902057edc.326.1634034913030; Tue, 12 Oct 2021 03:35:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1634034913; cv=none; d=google.com; s=arc-20160816; b=ImBh7YCcBCWb6PEkpSYqxciJYA9At/XxD1xCHWwQrMKloD6a/qr4/IpdOIV1XdatKg F2ttVZ4m0mq2tivcPeEYE49806lzuA27U6gB92eWBNqGPFtZcM78Ng4O+fpq8DWL07Lx fUabAaVodBBfXE6w28wveE7osFeo9Zl8GdJypAeh2Xp0Csj04/cT8XkDOaQBe81amNTB a7D9LZ/GSw2zXLwbE3fnsJgWxM8osM8X4dKf3Aq0Hp2Ec3+HNz+pLcqJsQ/BWgUjvN9+ qxHVyTBRSXn3tMwLgflz5WUEFNGInbhtkruR8wmxVgFA0734ruyepQxxi+yiWcoW01WS AQEA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=0S+uw80BrznB56g2rBKwJjJ5/FLkLJsct1UCDu9cSlg=; b=CEKz2RCrQqNYBgYIPLaWIQetQR3Iatjo7JyuwTYxb2YhcbinfOkj6wRMJXmt+IL7R3 bJeEa1qFv74gHdHulN4fMH9iVTubJmyONfiInwpFcJLkcL9S6i3dBIzdms+VWwlcvtk5 +PQq2b3c+2foRH1tUQRYgxJh1sbjTlO9DZldrTGWYbOhAJUBFY6iy68Dx2rKXl+isZM3 bRRWY9e3Dswwk+JXbp8+KdVX9uvSCFigTS5/fOqHu0IBCvSceSqT/Z//BAGyJgb6+u32 VuJK4WNfBYIVQVwBILsnlUpEk4LmJOh7nypJvuTVtfOEbefetXPPRk4A9ab1cdzBbIv9 klxA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id 9si16865958ejo.527.2021.10.12.03.34.47; Tue, 12 Oct 2021 03:35:13 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235900AbhJLKev (ORCPT + 99 others); Tue, 12 Oct 2021 06:34:51 -0400 Received: from mail.kernel.org ([198.145.29.99]:44680 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234014AbhJLKeu (ORCPT ); Tue, 12 Oct 2021 06:34:50 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 553E660E53; Tue, 12 Oct 2021 10:32:46 +0000 (UTC) Date: Tue, 12 Oct 2021 12:32:43 +0200 From: Christian Brauner To: Casey Schaufler Cc: Christian Brauner , Paul Moore , James Morris , Linux Security Module list , LKML , syzbot , David Howells , linux-fsdevel Subject: Re: [PATCH] LSM: general protection fault in legacy_parse_param Message-ID: <20211012103243.xumzerhvhklqrovj@wittgenstein> References: <018a9bb4-accb-c19a-5b0a-fde22f4bc822.ref@schaufler-ca.com> <018a9bb4-accb-c19a-5b0a-fde22f4bc822@schaufler-ca.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <018a9bb4-accb-c19a-5b0a-fde22f4bc822@schaufler-ca.com> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Oct 11, 2021 at 03:40:22PM -0700, Casey Schaufler wrote: > The usual LSM hook "bail on fail" scheme doesn't work for cases where > a security module may return an error code indicating that it does not > recognize an input. In this particular case Smack sees a mount option > that it recognizes, and returns 0. A call to a BPF hook follows, which > returns -ENOPARAM, which confuses the caller because Smack has processed > its data. > > Reported-by: syzbot+d1e3b1d92d25abf97943@syzkaller.appspotmail.com > Signed-off-by: Casey Schaufler > --- Thanks! Note, I think that we still have the SELinux issue we discussed in the other thread: rc = selinux_add_opt(opt, param->string, &fc->security); if (!rc) { param->string = NULL; rc = 1; } SELinux returns 1 not the expected 0. Not sure if that got fixed or is queued-up for -next. In any case, this here seems correct independent of that: Acked-by: Christian Brauner >  security/security.c | 14 +++++++++++++- > 1 file changed, 13 insertions(+), 1 deletion(-) > > diff --git a/security/security.c b/security/security.c > index 09533cbb7221..3cf0faaf1c5b 100644 > --- a/security/security.c > +++ b/security/security.c > @@ -885,7 +885,19 @@ int security_fs_context_dup(struct fs_context *fc, struct fs_context *src_fc) > > int security_fs_context_parse_param(struct fs_context *fc, struct fs_parameter *param) > { > - return call_int_hook(fs_context_parse_param, -ENOPARAM, fc, param); > + struct security_hook_list *hp; > + int trc; > + int rc = -ENOPARAM; > + > + hlist_for_each_entry(hp, &security_hook_heads.fs_context_parse_param, > + list) { > + trc = hp->hook.fs_context_parse_param(fc, param); > + if (trc == 0) > + rc = 0; > + else if (trc != -ENOPARAM) > + return trc; > + } > + return rc; > } > > int security_sb_alloc(struct super_block *sb) > >