Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v6.11.8 2024-10-04T14:38:53+00:00 2024-10-04T14:38:53+00:00 Casey Schaufler casey@schaufler-ca.com 2024-07-10T21:32:25+00:00 urn:sha1:6033ffb6532ae3c3f6b6552ea61032372af01b7b [ Upstream commit 2aff9d20d50ac45dd13a013ef5231f4fb8912356 ] Move management of the sock->sk_security blob out of the individual security modules and into the security infrastructure. Instead of allocating the blobs from within the modules the modules tell the infrastructure how much space is required, and the space is allocated there. Acked-by: Paul Moore <paul@paul-moore.com> Reviewed-by: Kees Cook <keescook@chromium.org> Reviewed-by: John Johansen <john.johansen@canonical.com> Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> [PM: subject tweak] Signed-off-by: Paul Moore <paul@paul-moore.com> Stable-dep-of: 63dff3e48871 ("lsm: add the inode_free_security_rcu() LSM implementation hook") Signed-off-by: Sasha Levin <sashal@kernel.org> 2024-08-30T18:33:59+00:00 Linus Torvalds torvalds@linux-foundation.org 2024-08-30T18:33:59+00:00 urn:sha1:fb24560f31f9dff2c97707cfed6029bfebebaf1c Pull lsm fix from Paul Moore: "One small patch to correct a NFS permissions problem with SELinux and Smack" * tag 'lsm-pr-20240830' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm: selinux,smack: don't bypass permissions check in inode_setsecctx hook 2024-08-28T23:12:44+00:00 Scott Mayhew smayhew@redhat.com 2024-08-28T19:51:29+00:00 urn:sha1:76a0e79bc84f466999fa501fce5bf7a07641b8a7 Marek Gresko reports that the root user on an NFS client is able to change the security labels on files on an NFS filesystem that is exported with root squashing enabled. The end of the kerneldoc comment for __vfs_setxattr_noperm() states: * This function requires the caller to lock the inode's i_mutex before it * is executed. It also assumes that the caller will make the appropriate * permission checks. nfsd_setattr() does do permissions checking via fh_verify() and nfsd_permission(), but those don't do all the same permissions checks that are done by security_inode_setxattr() and its related LSM hooks do. Since nfsd_setattr() is the only consumer of security_inode_setsecctx(), simplest solution appears to be to replace the call to __vfs_setxattr_noperm() with a call to __vfs_setxattr_locked(). This fixes the above issue and has the added benefit of causing nfsd to recall conflicting delegations on a file when a client tries to change its security label. Cc: stable@kernel.org Reported-by: Marek Gresko <marek.gresko@protonmail.com> Link: https://bugzilla.kernel.org/show_bug.cgi?id=218809 Signed-off-by: Scott Mayhew <smayhew@redhat.com> Tested-by: Stephen Smalley <stephen.smalley.work@gmail.com> Reviewed-by: Stephen Smalley <stephen.smalley.work@gmail.com> Reviewed-by: Chuck Lever <chuck.lever@oracle.com> Reviewed-by: Jeff Layton <jlayton@kernel.org> Acked-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Paul Moore <paul@paul-moore.com> 2024-08-08T20:22:47+00:00 Paul Moore paul@paul-moore.com 2024-08-08T15:57:38+00:00 urn:sha1:05a3d6e9307250a5911d75308e4363466794ab21 Unfortunately it appears that vma_is_initial_heap() is currently broken for applications that do not currently have any heap allocated, e.g. brk == start_brk. The breakage is such that it will cause SELinux to check for the process/execheap permission on memory regions that cross brk/start_brk even when there is no heap. The proper fix would be to correct vma_is_initial_heap(), but as there are multiple callers I am hesitant to unilaterally modify the helper out of concern that I would end up breaking some other subsystem. The mm developers have been made aware of the situation and hopefully they will have a fix at some point in the future, but we need a fix soon so we are simply going to revert our use of vma_is_initial_heap() in favor of our old logic/code which works as expected, even in the face of a zero size heap. We can return to using vma_is_initial_heap() at some point in the future when it is fixed. Cc: stable@vger.kernel.org Reported-by: Marc Reisner <reisner.marc@gmail.com> Closes: https://lore.kernel.org/all/ZrPmoLKJEf1wiFmM@marcreisner.com Fixes: 68df1baf158f ("selinux: use vma_is_initial_stack() and vma_is_initial_heap()") Signed-off-by: Paul Moore <paul@paul-moore.com> 2024-08-07T19:14:36+00:00 Zhen Lei thunder.leizhen@huawei.com 2024-08-07T09:00:56+00:00 urn:sha1:6dd1e4c045afa6a4ba5d46f044c83bd357c593c2 When avc_add_xperms_decision() fails, the information recorded by the new avc node is incomplete. In this case, the new avc node should be released instead of replacing the old avc node. Cc: stable@vger.kernel.org Fixes: fa1aa143ac4a ("selinux: extended permissions for ioctls") Suggested-by: Stephen Smalley <stephen.smalley.work@gmail.com> Signed-off-by: Zhen Lei <thunder.leizhen@huawei.com> Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com> Signed-off-by: Paul Moore <paul@paul-moore.com> 2024-08-06T21:52:27+00:00 Zhen Lei thunder.leizhen@huawei.com 2024-08-06T06:51:13+00:00 urn:sha1:379d9af3f3da2da1bbfa67baf1820c72a080d1f1 The count increases only when a node is successfully added to the linked list. Cc: stable@vger.kernel.org Fixes: fa1aa143ac4a ("selinux: extended permissions for ioctls") Signed-off-by: Zhen Lei <thunder.leizhen@huawei.com> Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com> Signed-off-by: Paul Moore <paul@paul-moore.com> 2024-07-16T21:50:44+00:00 Linus Torvalds torvalds@linux-foundation.org 2024-07-16T21:50:44+00:00 urn:sha1:11ab4cd5ec3f5f531ca0cb3014b7c6869c4aea5d Pull lsm updates from Paul Moore: "Two LSM patches focused on cleaning up the inode xattr capability handling" * tag 'lsm-pr-20240715' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm: selinux,smack: remove the capability checks in the removexattr hooks lsm: fixup the inode xattr capability handling 2024-07-16T21:43:28+00:00 Linus Torvalds torvalds@linux-foundation.org 2024-07-16T21:43:28+00:00 urn:sha1:dad8d1a383a8a2123be2a067098fa25afa2ddad7 Pull selinux update from Paul Moore: "A single SELinux patch to change the type of a pre-processor constant to better match its use" * tag 'selinux-pr-20240715' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux: selinux: Use 1UL for EBITMAP_BIT to match maps type 2024-07-09T19:15:57+00:00 Paul Moore paul@paul-moore.com 2024-07-03T21:00:20+00:00 urn:sha1:dd44477e7fa15ba3b100dfc67bf7cf083f3dccf6 Commit 61df7b828204 ("lsm: fixup the inode xattr capability handling") moved the responsibility of doing the inode xattr capability checking out of the individual LSMs and into the LSM framework itself. Unfortunately, while the original commit added the capability checks to both the setxattr and removexattr code in the LSM framework, it only removed the setxattr capability checks from the individual LSMs, leaving duplicated removexattr capability checks in both the SELinux and Smack code. This patch removes the duplicated code from SELinux and Smack. Fixes: 61df7b828204 ("lsm: fixup the inode xattr capability handling") Acked-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Paul Moore <paul@paul-moore.com> 2024-07-02T15:41:05+00:00 Canfeng Guo guocanfeng@uniontech.com 2024-06-29T04:10:12+00:00 urn:sha1:e123134b39dc40af94e8aec49227ae55b5e087a8 This patch modifies the definition of EBITMAP_BIT in security/selinux/ss/ebitmap.h from 1ULL to 1UL to match the type of elements in the ebitmap_node maps array. This change does not affect the functionality or correctness of the code but aims to enhance code quality by adhering to good programming practices and avoiding unnecessary type conversions. Signed-off-by: Canfeng Guo <guocanfeng@uniontech.com> Signed-off-by: Paul Moore <paul@paul-moore.com>