Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp1250577pxb; Sat, 29 Jan 2022 00:13:32 -0800 (PST) X-Google-Smtp-Source: ABdhPJxSd7yJEa1qKqrETf5b/y0yxCbWZBXcWY9zIz8y28Ztt25wxwdzZIvXfrmWCSSp6bi9zy58 X-Received: by 2002:a17:907:728b:: with SMTP id dt11mr9683102ejc.70.1643444012490; Sat, 29 Jan 2022 00:13:32 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1643444012; cv=none; d=google.com; s=arc-20160816; b=PACvb8+UaXBnMyRMxFegyo61XD2gs4j5Xm+4YE+b8sATvML/aQNGCPD1csGbRd8Wg/ OEEe57PEtYJQNt8GFqTNny6xhZRuZhZNjcLFyYWderBndHWZkm9zXyoEcakztrbKq5dx DgkZYApTS6RsAuu4qRmRjTGRIDo63cHVkKerXTZdCK85f7Zl354WC3dtzknspjGZg+TW 3XJWaGgnVKBfk204am/1sJvVyoh2X9EwSepkOFRYnigiA6teiKPQ4vPlpdruMaknFpRe ZoPYs28acg927bvolFZ2VSWT8KtNgq1s3ubRmfRVb2wPQUTIk1sF8DVNyogLu4ytq6Gj Jc0Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=iYXIIUyrLfzJaPeKZf3W/sgGrDvN0wMAV7bAC7WPD3M=; b=hcFmiMXvfY2feBRINtQuIJ8Sa0NDkRL3PhvnvqMuUgRKwBtBCTDO3XeGRZSutzMQll uG4wUc86YHgTIiTceEHKAnYvcD2A+n2op/1FjrqgLRtpn5i0iJ6ska3PbCvJU/NQv2Th gkTKVpl+yC9AeqO18fj9NWALJ8/jv4sHqUhFpHsgf5MXC+if9afCiEuPjuJWihCrx0XQ 4w5/0DRF3yPRIinU0SnFM8Rmw30hsuR+IyCJ/N9z/QC62pHoBcrcK8RSFczafLxVJ0ig Kc63aK5pf5U/XILISo55opyLsP0s1+fgIMD3zDHoz+BF9e5hmtRa+hcuaSVg/iDOIYit A8fg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b=1KTeQNu1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id ga3si4628377ejc.998.2022.01.29.00.13.08; Sat, 29 Jan 2022 00:13:32 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b=1KTeQNu1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345158AbiA1Bow (ORCPT + 99 others); Thu, 27 Jan 2022 20:44:52 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36824 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345144AbiA1Bov (ORCPT ); Thu, 27 Jan 2022 20:44:51 -0500 Received: from mail-ed1-x536.google.com (mail-ed1-x536.google.com [IPv6:2a00:1450:4864:20::536]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1CE92C06173B for ; Thu, 27 Jan 2022 17:44:51 -0800 (PST) Received: by mail-ed1-x536.google.com with SMTP id c24so6649165edy.4 for ; Thu, 27 Jan 2022 17:44:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=iYXIIUyrLfzJaPeKZf3W/sgGrDvN0wMAV7bAC7WPD3M=; b=1KTeQNu1m8qReF3FsqMysxKY1VxJzC4sYVTjAyHhsq+a1vlVLpM2YLsiNMZS0x3wXm Y0VJVuyXs9YWnnBcgzbPTYFgF617dw+mg/0Eb3g9Wmao8ObSTU2P1ITppGOx1iXWCCpw 0DSwoAM6EKzCh3OJQA0PwxS1xJElPjgoBpclzHHZokRNXUmNdMN6JkPqR/Nala+VLtYB suqI6XxfkTZARJ+9S/b/C7d0dRPHa6UJ5D2iXTSQBpTd0NDRsxKzGiVG4SZaeKbEonVc Phanfy++vHctLte9yA7dBz+90Od82cx10pUo7k7Rz6AUjPn1YAIe5KVF5O17qkw0J7FX xj8w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=iYXIIUyrLfzJaPeKZf3W/sgGrDvN0wMAV7bAC7WPD3M=; b=ONeDB26NMwLymkCIsVy93RRjfes8agVYyY7B4V8dYuOLylXaaWQsxZCgDkpA1v9mXA YWoF4POk29u3MtZkY6zqGI7cVG6/ikXUZxv4CF/n+JggpSi03eyQo9GQfbXmFcxAQT9S p3pXzD21/14ZPmtmMESDTxNHW9CllP1f4oMs4LLFUWsALep7l/jiKZmVbBJIUNceGTPJ QQmafXD6HE3hUrKv/lKPgVMEtrAVagLMPqZJ05KhoozTDmn71kBfEBBtmaUrPyPbJax9 veVpyQSr/H51CvlCsFUVN7j3cbo8M4J/YA0X3tO7YypVnh4YF7g1ikh42GZzws6N3bbe 9QCg== X-Gm-Message-State: AOAM532Ew2O9xoKKIWq78OHtFLZMk6ZSQrvqFyj1qy5oP/zH5Kxb2hnE 4h0prAjdDNmywB/vpZQ70hmaWtQMdE8A0u+IY/yz X-Received: by 2002:a05:6402:2683:: with SMTP id w3mr6080257edd.405.1643334289633; Thu, 27 Jan 2022 17:44:49 -0800 (PST) MIME-Version: 1.0 References: <018a9bb4-accb-c19a-5b0a-fde22f4bc822.ref@schaufler-ca.com> <018a9bb4-accb-c19a-5b0a-fde22f4bc822@schaufler-ca.com> <20211012103243.xumzerhvhklqrovj@wittgenstein> <3daaf037-2e67-e939-805f-57a61d67f7b8@namei.org> In-Reply-To: <3daaf037-2e67-e939-805f-57a61d67f7b8@namei.org> From: Paul Moore Date: Thu, 27 Jan 2022 20:44:38 -0500 Message-ID: Subject: Re: [PATCH v2] LSM: general protection fault in legacy_parse_param To: James Morris Cc: Casey Schaufler , Christian Brauner , Christian Brauner , Linux Security Module list , LKML , syzbot , David Howells , linux-fsdevel , selinux@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Jan 27, 2022 at 12:46 PM James Morris wrote: > On Thu, 27 Jan 2022, Casey Schaufler wrote: > > > The usual LSM hook "bail on fail" scheme doesn't work for cases where > > a security module may return an error code indicating that it does not > > recognize an input. In this particular case Smack sees a mount option > > that it recognizes, and returns 0. A call to a BPF hook follows, which > > returns -ENOPARAM, which confuses the caller because Smack has processed > > its data. > > > > The SELinux hook incorrectly returns 1 on success. There was a time > > when this was correct, however the current expectation is that it > > return 0 on success. This is repaired. > > > > Reported-by: syzbot+d1e3b1d92d25abf97943@syzkaller.appspotmail.com > > Signed-off-by: Casey Schaufler > > > Acked-by: James Morris Looks good to me too, thanks Casey. Since James' already ACK'd it, I went ahead and pulled this into selinux/next. > > --- > > security/security.c | 17 +++++++++++++++-- > > security/selinux/hooks.c | 5 ++--- > > 2 files changed, 17 insertions(+), 5 deletions(-) > > > > diff --git a/security/security.c b/security/security.c > > index 3d4eb474f35b..e649c8691be2 100644 > > --- a/security/security.c > > +++ b/security/security.c > > @@ -884,9 +884,22 @@ int security_fs_context_dup(struct fs_context *fc, struct > > fs_context *src_fc) > > return call_int_hook(fs_context_dup, 0, fc, src_fc); > > } > > > > -int security_fs_context_parse_param(struct fs_context *fc, struct > > fs_parameter *param) > > +int security_fs_context_parse_param(struct fs_context *fc, > > + struct fs_parameter *param) > > { > > - return call_int_hook(fs_context_parse_param, -ENOPARAM, fc, param); > > + struct security_hook_list *hp; > > + int trc; > > + int rc = -ENOPARAM; > > + > > + hlist_for_each_entry(hp, &security_hook_heads.fs_context_parse_param, > > + list) { > > + trc = hp->hook.fs_context_parse_param(fc, param); > > + if (trc == 0) > > + rc = 0; > > + else if (trc != -ENOPARAM) > > + return trc; > > + } > > + return rc; > > } > > > > int security_sb_alloc(struct super_block *sb) > > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c > > index 5b6895e4fc29..371f67a37f9a 100644 > > --- a/security/selinux/hooks.c > > +++ b/security/selinux/hooks.c > > @@ -2860,10 +2860,9 @@ static int selinux_fs_context_parse_param(struct > > fs_context *fc, > > return opt; > > > > rc = selinux_add_opt(opt, param->string, &fc->security); > > - if (!rc) { > > + if (!rc) > > param->string = NULL; > > - rc = 1; > > - } > > + > > return rc; > > } -- paul-moore.com