kernel/linux.git/security/smack, branch v5.11.6

smackfs: restrict bytes count in smackfs write functions

2021-03-07T11:35:45+00:00

commit 7ef4c19d245f3dc233fd4be5acea436edd1d83d8 upstream. syzbot found WARNINGs in several smackfs write operations where bytes count is passed to memdup_user_nul which exceeds GFP MAX_ORDER. Check count size if bigger than PAGE_SIZE. Per smackfs doc, smk_write_net4addr accepts any label or -CIPSO, smk_write_net6addr accepts any label or -DELETE. I couldn't find any general rule for other label lengths except SMK_LABELLEN, SMK_LONGLABEL, SMK_CIPSOMAX which are documented. Let's constrain, in general, smackfs label lengths for PAGE_SIZE. Although fuzzer crashes write to smackfs/netlabel on 0x400000 length. Here is a quick way to reproduce the WARNING: python -c "print('A' * 0x400000)" > /sys/fs/smackfs/netlabel Reported-by: syzbot+a71a442385a0b2815497@syzkaller.appspotmail.com Signed-off-by: Sabyrzhan Tasbolatov Signed-off-by: Casey Schaufler Signed-off-by: Greg Kroah-Hartman

Merge tag 'Smack-for-5.11-io_uring-fix' of git://github.com/cschaufler/smack-next

2020-12-24T22:08:43+00:00

Pull smack fix from Casey Schaufler: "Provide a fix for the incorrect handling of privilege in the face of io_uring's use of kernel threads. That invalidated an long standing assumption regarding the privilege of kernel threads. The fix is simple and safe. It was provided by Jens Axboe and has been tested" * tag 'Smack-for-5.11-io_uring-fix' of git://github.com/cschaufler/smack-next: Smack: Handle io_uring kernel thread privileges

Smack: Handle io_uring kernel thread privileges

2020-12-22T23:34:24+00:00

Smack assumes that kernel threads are privileged for smackfs operations. This was necessary because the credential of the kernel thread was not related to a user operation. With io_uring the credential does reflect a user's rights and can be used. Suggested-by: Jens Axboe Acked-by: Jens Axboe Acked-by: Eric W. Biederman Signed-off-by: Casey Schaufler

Merge tag 'Smack-for-5.11' of git://github.com/cschaufler/smack-next

2020-12-16T19:11:58+00:00

Pull smack updates from Casey Schaufler: "There are no functional changes. Just one minor code clean-up and a set of corrections in function header comments" * tag 'Smack-for-5.11' of git://github.com/cschaufler/smack-next: security/smack: remove unused varible 'rc' Smack: fix kernel-doc interface on functions

security: add const qualifier to struct sock in various places

2020-12-03T20:56:03+00:00

A followup change to tcp_request_sock_op would have to drop the 'const' qualifier from the 'route_req' function as the 'security_inet_conn_request' call is moved there - and that function expects a 'struct sock *'. However, it turns out its also possible to add a const qualifier to security_inet_conn_request instead. Signed-off-by: Florian Westphal Acked-by: James Morris Signed-off-by: Jakub Kicinski

security/smack: remove unused varible 'rc'

2020-11-17T01:26:31+00:00

This varible isn't used and can be removed to avoid a gcc warning: security/smack/smack_lsm.c:3873:6: warning: variable ‘rc’ set but not used [-Wunused-but-set-variable] Signed-off-by: Alex Shi Cc: Casey Schaufler Cc: James Morris Cc: "Serge E. Hallyn" Cc: linux-security-module@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Casey Schaufler

Smack: fix kernel-doc interface on functions

2020-11-13T19:50:44+00:00

The are some kernel-doc interface issues: security/smack/smackfs.c:1950: warning: Function parameter or member 'list' not described in 'smk_parse_label_list' security/smack/smackfs.c:1950: warning: Excess function parameter 'private' description in 'smk_parse_label_list' security/smack/smackfs.c:1979: warning: Function parameter or member 'list' not described in 'smk_destroy_label_list' security/smack/smackfs.c:1979: warning: Excess function parameter 'head' description in 'smk_destroy_label_list' security/smack/smackfs.c:2141: warning: Function parameter or member 'count' not described in 'smk_read_logging' security/smack/smackfs.c:2141: warning: Excess function parameter 'cn' description in 'smk_read_logging' security/smack/smackfs.c:2278: warning: Function parameter or member 'format' not described in 'smk_user_access' Correct them in this patch. Signed-off-by: Alex Shi Cc: Casey Schaufler Cc: James Morris Cc: "Serge E. Hallyn" Cc: linux-security-module@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Casey Schaufler

Merge tag 'Smack-for-5.10' of git://github.com/cschaufler/smack-next

2020-10-13T23:18:51+00:00

Pull smack updates from Casey Schaufler: "Two minor fixes and one performance enhancement to Smack. The performance improvement is significant and the new code is more like its counterpart in SELinux. - Two kernel test robot suggested clean-ups. - Teach Smack to use the IPv4 netlabel cache. This results in a 12-14% improvement on TCP benchmarks" * tag 'Smack-for-5.10' of git://github.com/cschaufler/smack-next: Smack: Remove unnecessary variable initialization Smack: Fix build when NETWORK_SECMARK is not set Smack: Use the netlabel cache Smack: Set socket labels only once Smack: Consolidate uses of secmark into a function

Smack: Remove unnecessary variable initialization

2020-10-05T21:20:51+00:00

The initialization of rc in smack_from_netlbl() is pointless. Reported-by: kernel test robot Signed-off-by: Casey Schaufler

Smack: Fix build when NETWORK_SECMARK is not set

2020-09-22T21:59:31+00:00

Use proper conditional compilation for the secmark field in the network skb. Reported-by: kernel test robot Signed-off-by: Casey Schaufler