kernel/linux.git/security/tomoyo/common.c, branch v6.6.134

tomoyo: don't emit warning in tomoyo_write_control()

2025-02-17T08:40:07+00:00

[ Upstream commit 3df7546fc03b8f004eee0b9e3256369f7d096685 ] syzbot is reporting too large allocation warning at tomoyo_write_control(), for one can write a very very long line without new line character. To fix this warning, I use __GFP_NOWARN rather than checking for KMALLOC_MAX_SIZE, for practically a valid line should be always shorter than 32KB where the "too small to fail" memory-allocation rule applies. One might try to write a valid line that is longer than 32KB, but such request will likely fail with -ENOMEM. Therefore, I feel that separately returning -EINVAL when a line is longer than KMALLOC_MAX_SIZE is redundant. There is no need to distinguish over-32KB and over-KMALLOC_MAX_SIZE. Reported-by: syzbot+7536f77535e5210a5c76@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=7536f77535e5210a5c76 Reported-by: Leo Stone Closes: https://lkml.kernel.org/r/20241216021459.178759-2-leocstone@gmail.com Signed-off-by: Tetsuo Handa Signed-off-by: Sasha Levin

tomoyo: fix UAF write bug in tomoyo_write_control()

2024-03-06T14:48:39+00:00

commit 2f03fc340cac9ea1dc63cbf8c93dd2eb0f227815 upstream. Since tomoyo_write_control() updates head->write_buf when write() of long lines is requested, we need to fetch head->write_buf after head->io_sem is held. Otherwise, concurrent write() requests can cause use-after-free-write and double-free problems. Reported-by: Sam Sun Closes: https://lkml.kernel.org/r/CAEkJfYNDspuGxYx5kym8Lvp--D36CMDUErg4rxfWFJuPbbji8g@mail.gmail.com Fixes: bd03a3e4c9a9 ("TOMOYO: Add policy namespace support.") Cc: # Linux 3.1+ Signed-off-by: Tetsuo Handa Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman

tomoyo: add format attributes to functions

2023-07-23T12:25:28+00:00

Format attributes on functions taking format string can help compilers detect argument type or count mismatches. Please the compiler when building with W=1: security/tomoyo/audit.c: In function ‘tomoyo_init_log’: security/tomoyo/audit.c:290:9: error: function ‘tomoyo_init_log’ might be a candidate for ‘gnu_printf’ format attribute [-Werror=suggest-attribute=format] 290 | vsnprintf(buf + pos, len - pos, fmt, args); | ^~~~~~~~~ security/tomoyo/audit.c: In function ‘tomoyo_write_log2’: security/tomoyo/audit.c:376:9: error: function ‘tomoyo_write_log2’ might be a candidate for ‘gnu_printf’ format attribute [-Werror=suggest-attribute=format] 376 | buf = tomoyo_init_log(r, len, fmt, args); | ^~~ security/tomoyo/common.c: In function ‘tomoyo_addprintf’: security/tomoyo/common.c:193:9: error: function ‘tomoyo_addprintf’ might be a candidate for ‘gnu_printf’ format attribute [-Werror=suggest-attribute=format] 193 | vsnprintf(buffer + pos, len - pos - 1, fmt, args); | ^~~~~~~~~ Signed-off-by: Christian Göttsche Signed-off-by: Tetsuo Handa

tomoyo: replace tomoyo_round2() with kmalloc_size_roundup()

2023-03-01T14:46:12+00:00

It seems tomoyo has had its own implementation of what kmalloc_size_roundup() does today. Remove the function tomoyo_round2() and replace it with kmalloc_size_roundup(). It provides more accurate results and doesn't contain a while loop. Signed-off-by: Vlastimil Babka Signed-off-by: Tetsuo Handa

tomoyo: use vsnprintf() properly

2022-08-21T15:50:42+00:00

Idiomatic way to find how much space sprintf output would take is len = snprintf(NULL, 0, ...) + 1; Once upon a time there'd been libc implementations that blew chunks on that and somebody had come up with the following "cute" trick: len = snprintf((char *) &len, 1, ...) + 1; for doing the same. However, that's unidiomatic, harder to follow *and* any such libc implementation would violate both C99 and POSIX (since 2001). IOW, this kludge is best buried along with such libc implementations, nevermind getting cargo-culted into newer code. Our vsnprintf() does not suffer that braindamage, TYVM. Acked-by: Tetsuo Handa Signed-off-by: Al Viro

tomoyo: Use str_yes_no()

2022-02-07T21:04:44+00:00

Remove the local yesno() implementation and adopt the str_yes_no() from linux/string_helpers.h. Signed-off-by: Lucas De Marchi Reviewed-by: Sakari Ailus Link: https://patchwork.freedesktop.org/patch/msgid/20220126093951.1470898-11-lucas.demarchi@intel.com

tomoyo: Fix typo in comments.

2020-12-06T04:44:57+00:00

Spotted by developers and codespell program. Co-developed-by: Xiaoming Ni Signed-off-by: Xiaoming Ni Co-developed-by: Souptick Joarder Signed-off-by: Souptick Joarder Signed-off-by: Tetsuo Handa

tomoyo: Fix null pointer check

2020-11-27T10:36:11+00:00

Since tomoyo_memory_ok() will check for null pointer returned by kzalloc() in tomoyo_assign_profile(), tomoyo_assign_namespace(), tomoyo_get_name() and tomoyo_commit_ok(), then emit OOM warnings if needed. And this is the expected behavior as informed by Tetsuo Handa. Let's add __GFP_NOWARN to kzalloc() in those related functions. Besides, to achieve this goal, remove the null check for entry right after kzalloc() in tomoyo_assign_namespace(). Reported-by: Hulk Robot Suggested-by: Tetsuo Handa Signed-off-by: Zheng Zengkai Signed-off-by: Tetsuo Handa

treewide: Use fallthrough pseudo-keyword

2020-08-23T22:36:59+00:00

Replace the existing /* fall through */ comments and its variants with the new pseudo-keyword macro fallthrough[1]. Also, remove unnecessary fall-through markings when it is the case. [1] https://www.kernel.org/doc/html/v5.7/process/deprecated.html?highlight=fallthrough#implicit-switch-case-fall-through Signed-off-by: Gustavo A. R. Silva

Merge tag 'tomoyo-pr-20200601' of git://git.osdn.net/gitroot/tomoyo/tomoyo-test1

2020-06-03T00:12:07+00:00

Pull tomoyo update from Tetsuo Handa: "One patch for suppressing coccicheck's warning" * tag 'tomoyo-pr-20200601' of git://git.osdn.net/gitroot/tomoyo/tomoyo-test1: tomoyo: use true for bool variable