From: Bradley Morgan <include@grrlz.net>
To: linux-security-module@vger.kernel.org, bpf@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, Bradley Morgan <include@grrlz.net>,
stable@vger.kernel.org, Paul Moore <paul@paul-moore.com>,
James Morris <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
Shuah Khan <shuah@kernel.org>,
linux-kselftest@vger.kernel.org
Subject: [PATCH 2/2] lsm: fix size queries for getselfattr with NULL buffer
Date: Fri, 19 Jun 2026 13:03:04 +0000 [thread overview]
Message-ID: <20260619130305.27779-2-include@grrlz.net> (raw)
In-Reply-To: <20260619130305.27779-1-include@grrlz.net>
The lsm_get_self_attr() syscall allows callers to pass in a NULL context
buffer to find out the size of the output needed. That path still
compared the computed entry size against the caller provided size first,
so a NULL buffer with size 0 incorrectly returned -E2BIG rather than
reporting the required size.
Only enforce the available buffer length after checking for the NULL
buffer. Cover the zero length sizing query in the self test.
Fixes: d7cf3412a9f6 ("lsm: consolidate buffer size handling into lsm_fill_user_ctx()")
Cc: stable@vger.kernel.org
Signed-off-by: Bradley Morgan <include@grrlz.net>
---
security/security.c | 8 ++++----
tools/testing/selftests/lsm/lsm_get_self_attr_test.c | 5 ++---
2 files changed, 6 insertions(+), 7 deletions(-)
diff --git a/security/security.c b/security/security.c
index 71aea8fdf014..fa0d7e036249 100644
--- a/security/security.c
+++ b/security/security.c
@@ -406,15 +406,15 @@ int lsm_fill_user_ctx(struct lsm_ctx __user *uctx, u32 *uctx_len,
int rc = 0;
nctx_len = ALIGN(struct_size(nctx, ctx, val_len), sizeof(void *));
+ /* no buffer - return success/0 and set @uctx_len to the req size */
+ if (!uctx)
+ goto out;
+
if (nctx_len > *uctx_len) {
rc = -E2BIG;
goto out;
}
- /* no buffer - return success/0 and set @uctx_len to the req size */
- if (!uctx)
- goto out;
-
nctx = kzalloc(nctx_len, GFP_KERNEL);
if (nctx == NULL) {
rc = -ENOMEM;
diff --git a/tools/testing/selftests/lsm/lsm_get_self_attr_test.c b/tools/testing/selftests/lsm/lsm_get_self_attr_test.c
index 60caf8528f81..2f5ababc2b95 100644
--- a/tools/testing/selftests/lsm/lsm_get_self_attr_test.c
+++ b/tools/testing/selftests/lsm/lsm_get_self_attr_test.c
@@ -39,15 +39,14 @@ TEST(size_null_lsm_get_self_attr)
TEST(ctx_null_lsm_get_self_attr)
{
- const long page_size = sysconf(_SC_PAGESIZE);
- __u32 size = page_size;
+ __u32 size = 0;
int rc;
rc = lsm_get_self_attr(LSM_ATTR_CURRENT, NULL, &size, 0);
if (attr_lsm_count()) {
ASSERT_NE(-1, rc);
- ASSERT_NE(1, size);
+ ASSERT_NE(0, size);
} else {
ASSERT_EQ(-1, rc);
}
--
2.53.0
prev parent reply other threads:[~2026-06-19 13:10 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-19 13:03 [PATCH 1/2] bpf: lsm: disable xfrm_decode_session hook attachment Bradley Morgan
2026-06-19 13:03 ` Bradley Morgan [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260619130305.27779-2-include@grrlz.net \
--to=include@grrlz.net \
--cc=bpf@vger.kernel.org \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=serge@hallyn.com \
--cc=shuah@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.