Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp5688120pxb; Wed, 26 Jan 2022 18:52:51 -0800 (PST) X-Google-Smtp-Source: ABdhPJzK6bDxy9KJtYJ+VjHRBuGF5Cx2AM4EDnPDCJprwYVrz90dvuFbinpYjl//RwfORljBg5bc X-Received: by 2002:a05:6402:c9b:: with SMTP id cm27mr1804761edb.100.1643251971221; Wed, 26 Jan 2022 18:52:51 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1643251971; cv=none; d=google.com; s=arc-20160816; b=OOphsjYbDZOBrSjCtCHS95b5FYaEABQXSYXr1nZnll2IdouRqM/bIzkaArxDtjLZCm nxQcMig5lglQgtUAPVldQK76jq58wKOykN0AZajEiedzB9HtA0l0sMGB7GK9Y4xOvipt aAAu467LjRgP8hcFD7rJ/iKDqHAY0kDlRglvHolrLOFfKUkTy/fo9yUD3LU3zR63Arkj SoEhWUsjH9UAvX4ug1crepxr4dwzhEiocT4V4ORXZH3iVI5moTxvv+Hqz7KXQnrvzOjg ysYyXr0X/lwa+OEgR2Ozh1aXsHdksZgbmTk4EzBoJGz0BQ0gv0Szh//68snqJTAT9OeM LLhw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=V1aVCQX9KOZPo5u/xsRU/PTSxGn2oEoP0AX8hOOQy5k=; b=zmWbx1DcyXV4Qm0Lbh3FYqC8f4fyM26nniuGN2H4XL0vwIsmUD1wg2mxkyTyN8TyQ2 uTRZ5Vsx5/hyNUEMUIL3Nby3hR8WDDJEyrLzRccLuf8bBnHPjFHWAGeJ0zE1GMGt5Qth KGg4rggm/vyq4u3e2QgQU6K4dEAqFc9MPgGr33KEsgTUwBDejLZoqXKsGCjlOwbDAtIO NZPAv507moOOSei8yFe8NUvgkQ5phHd4oiHNw5w5SVOJWacZyWJ+WwPJcasyF5v+FbAt mc8lvuDbtmcmzynCRLrn2qP/Jvj3pA6cCLShMlVVV0mUOKsuvDMxg8wtfuEGiZ4R04qR oD1g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b=PUexGqcI; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id he18si631617ejc.503.2022.01.26.18.52.26; Wed, 26 Jan 2022 18:52:51 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b=PUexGqcI; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229707AbiAZWh4 (ORCPT + 99 others); Wed, 26 Jan 2022 17:37:56 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59752 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229642AbiAZWhy (ORCPT ); Wed, 26 Jan 2022 17:37:54 -0500 Received: from mail-ej1-x634.google.com (mail-ej1-x634.google.com [IPv6:2a00:1450:4864:20::634]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A7CB5C06173B for ; Wed, 26 Jan 2022 14:37:53 -0800 (PST) Received: by mail-ej1-x634.google.com with SMTP id k25so1714004ejp.5 for ; Wed, 26 Jan 2022 14:37:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=V1aVCQX9KOZPo5u/xsRU/PTSxGn2oEoP0AX8hOOQy5k=; b=PUexGqcIVlaj1EtFvEn2PSWA9vQAteWtUkZ+SBG5roU+D7QWy3SizXM4RLxmiJb4y+ 21mBOEtVAyRn8nb9C4lDXvde8VLxHnfQnZ0on+zhj929ODZS2xaTEugtb5I1SNZ79be5 8ljRT/rUToeF+GpC+L/8IqXWiHtkcWEEh7ol95oLbGIk8WMtqlVeVFrWEPfAAQoHE/IB e5NMOscmd8hztmFpDP6mVt5uWMfQqlmUDFVvZqpggisNdFMHs9yBDlmWWnPV9jU76suv Ls0/JoEwllWu9cP+w1FEEyV5Qg/PPmKNA4Y/O8pIlMtBA3LqRX9kVPQhN0mOQmqi42If Ss8A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=V1aVCQX9KOZPo5u/xsRU/PTSxGn2oEoP0AX8hOOQy5k=; b=jFTbJ8Dr2vx0dW0RhJ2qrHbCLjEGPqvtHzVT3LwTUx0yuLCwFX0jF11cuxHusZLJAS eErnkuh/AJeVtSJLH21hrlKurWkcjdxnIMHgR+AG+R45fJvR7q9fecK+bNY/RWgemVzh tBf9HsZu1sXZyppv8ol5yCkb4xeYkaHIC97hoXK/VhLAxaNFXORwkbxU37RSRcZCwd7E yaEatJkoQuOZgWlxlmFghR565+a254B2G3K6ghh4GyOkOlSX982ZgWvxAohHy0fSOq+v vC4H7S4nTMad223FA8m9jjUeONQByix36C5lnZnGAPu0nR/jAocNPFM9k9CeQjPTkdeS OiNQ== X-Gm-Message-State: AOAM533IXQznpXdtmYTk2xO7qLG27Wf628QMbgVQ3Fwlmr8ItmtxHZ2C Sf3GCtH014Y7ufjGBU+XHZnKMPuQE4D3gM+3qAyi X-Received: by 2002:a17:906:2ed0:: with SMTP id s16mr676611eji.327.1643236672195; Wed, 26 Jan 2022 14:37:52 -0800 (PST) MIME-Version: 1.0 References: <018a9bb4-accb-c19a-5b0a-fde22f4bc822.ref@schaufler-ca.com> <018a9bb4-accb-c19a-5b0a-fde22f4bc822@schaufler-ca.com> <20211012103243.xumzerhvhklqrovj@wittgenstein> <20220126072442.he4fjegfqnh72kzp@wittgenstein> In-Reply-To: <20220126072442.he4fjegfqnh72kzp@wittgenstein> From: Paul Moore Date: Wed, 26 Jan 2022 17:37:41 -0500 Message-ID: Subject: Re: [PATCH] LSM: general protection fault in legacy_parse_param To: Christian Brauner Cc: Casey Schaufler , Christian Brauner , Christian Brauner , James Morris , Linux Security Module list , LKML , syzbot , David Howells , linux-fsdevel , selinux@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Jan 26, 2022 at 2:24 AM Christian Brauner wrote: > > On Tue, Jan 25, 2022 at 05:18:02PM -0500, Paul Moore wrote: > > On Tue, Oct 12, 2021 at 10:27 AM Casey Schaufler wrote: > > > On 10/12/2021 3:32 AM, Christian Brauner wrote: > > > > On Mon, Oct 11, 2021 at 03:40:22PM -0700, Casey Schaufler wrote: > > > >> The usual LSM hook "bail on fail" scheme doesn't work for cases where > > > >> a security module may return an error code indicating that it does not > > > >> recognize an input. In this particular case Smack sees a mount option > > > >> that it recognizes, and returns 0. A call to a BPF hook follows, which > > > >> returns -ENOPARAM, which confuses the caller because Smack has processed > > > >> its data. > > > >> > > > >> Reported-by: syzbot+d1e3b1d92d25abf97943@syzkaller.appspotmail.com > > > >> Signed-off-by: Casey Schaufler > > > >> --- > > > > Thanks! > > > > Note, I think that we still have the SELinux issue we discussed in the > > > > other thread: > > > > > > > > rc = selinux_add_opt(opt, param->string, &fc->security); > > > > if (!rc) { > > > > param->string = NULL; > > > > rc = 1; > > > > } > > > > > > > > SELinux returns 1 not the expected 0. Not sure if that got fixed or is > > > > queued-up for -next. In any case, this here seems correct independent of > > > > that: > > > > > > The aforementioned SELinux change depends on this patch. As the SELinux > > > code is today it blocks the problem seen with Smack, but introduces a > > > different issue. It prevents the BPF hook from being called. > > > > > > So the question becomes whether the SELinux change should be included > > > here, or done separately. Without the security_fs_context_parse_param() > > > change the selinux_fs_context_parse_param() change results in messy > > > failures for SELinux mounts. > > > > FWIW, this patch looks good to me, so: > > > > Acked-by: Paul Moore > > > > ... and with respect to the SELinux hook implementation returning 1 on > > success, I don't have a good answer and looking through my inbox I see > > David Howells hasn't responded either. I see nothing in the original > > commit explaining why, so I'm going to say let's just change it to > > zero and be done with it; the good news is that if we do it now we've > > > It was originally supposed to return 1 but then this got changed but - a > classic - the documentation wasn't. I'm shocked! :) Thanks Christian. -- paul-moore.com