Re: [PATCH v5] evm: Correct inode_init_security hooks behaviors

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Nicolas Bouchinet <nicolas.bouchinet@clip-os.org>
To: Mimi Zohar <zohar@linux.ibm.com>
Cc: linux-integrity@vger.kernel.org,
	Roberto Sassu <roberto.sassu@huawei.com>,
	philippe.trebuchet@ssi.gouv.fr, dmitry.kasatkin@gmail.com,
	paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com,
	casey@schaufler-ca.com, davem@davemloft.net,
	lucien.xin@gmail.com, vgoyal@redhat.com, omosnace@redhat.com,
	mortonm@chromium.org, nicolas.bouchinet@ssi.gouv.fr,
	mic@digikod.net, cgzones@googlemail.com,
	linux-security-module@vger.kernel.org, kpsingh@kernel.org,
	revest@chromium.org, jackmanb@chromium.org, bpf@vger.kernel.org,
	roberto.sassu@huaweicloud.com
Subject: Re: [PATCH v5] evm: Correct inode_init_security hooks behaviors
Date: Tue, 29 Nov 2022 13:58:58 +0100	[thread overview]
Message-ID: <Y4YCElqX9jp5r8sO@archlinux> (raw)
In-Reply-To: <086b6d26895b84ad4086ac9f191ede6f705f9b6b.camel@linux.ibm.com>

Hi Mimi,

On Tue, Nov 29, 2022 at 06:28:09AM -0500, Mimi Zohar wrote:
> On Fri, 2022-11-25 at 16:57 +0100, Nicolas Bouchinet wrote:
> > From: Nicolas Bouchinet <nicolas.bouchinet@ssi.gouv.fr>
> > 
> > Fixes a NULL pointer dereference occurring in the
> > `evm_protected_xattr_common` function of the EVM LSM. The bug is
> > triggered if a `inode_init_security` hook returns 0 without initializing
> > the given `struct xattr` fields (which is the case of BPF) and if no
> > other LSM overrides thoses fields after. This also leads to memory
> > leaks.
> > 
> > The `call_int_hook_xattr` macro has been inlined into the
> > `security_inode_init_security` hook in order to check hooks return
> > values and skip ones who doesn't init `xattrs`.
> > 
> > Modify `evm_init_hmac` function to init the EVM hmac using every
> > entry of the given xattr array.
> > 
> > The `MAX_LSM_EVM_XATTR` value is now based on the security modules
> > compiled in, which gives room for SMACK, SELinux, Apparmor, BPF and
> > IMA/EVM security attributes.
> > 
> > Changes the default return value of the `inode_init_security` hook
> > definition to `-EOPNOTSUPP`.
> > 
> > Changes the hook documentation to match the behavior of the LSMs using
> > it (only xattr->value is initialised with kmalloc and thus is the only
> > one that should be kfreed by the caller).
> > 
> > Cc: roberto.sassu@huaweicloud.com
> > Signed-off-by: Nicolas Bouchinet <nicolas.bouchinet@ssi.gouv.fr>
> 
> What  is the relationship between this patch and Roberto's patch set? 
> Roberto, if there is an overlap, then at minimum there should be a
> Reported-by tag indicating that your patch set addresses a bug reported
> by Nicolas.

This patch fixes the EVM NULL pointer dereference I have reported, and additionally
improves the stackability of this LSM hook. This latter improvement was originally
addressed by Roberto's patchset, and thus I see no problem for my fix to be merged
within his patchset.
> 
> -- 
> thanks,
> 
> Mimi
> 

Thanks for your time,

Nicolas Bouchinet

next prev parent reply	other threads:[~2022-11-29 12:59 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-11-25 15:57 [PATCH v5] evm: Correct inode_init_security hooks behaviors Nicolas Bouchinet
2022-11-29 11:28 ` Mimi Zohar
2022-11-29 12:21   ` Roberto Sassu
2022-11-29 12:58   ` Nicolas Bouchinet [this message]
2022-11-29 13:10     ` Roberto Sassu
2022-11-29 14:31       ` Nicolas Bouchinet
2022-11-29 14:33         ` Roberto Sassu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Y4YCElqX9jp5r8sO@archlinux \
    --to=nicolas.bouchinet@clip-os.org \
    --cc=bpf@vger.kernel.org \
    --cc=casey@schaufler-ca.com \
    --cc=cgzones@googlemail.com \
    --cc=davem@davemloft.net \
    --cc=dmitry.kasatkin@gmail.com \
    --cc=jackmanb@chromium.org \
    --cc=jmorris@namei.org \
    --cc=kpsingh@kernel.org \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=lucien.xin@gmail.com \
    --cc=mic@digikod.net \
    --cc=mortonm@chromium.org \
    --cc=nicolas.bouchinet@ssi.gouv.fr \
    --cc=omosnace@redhat.com \
    --cc=paul@paul-moore.com \
    --cc=philippe.trebuchet@ssi.gouv.fr \
    --cc=revest@chromium.org \
    --cc=roberto.sassu@huawei.com \
    --cc=roberto.sassu@huaweicloud.com \
    --cc=serge@hallyn.com \
    --cc=vgoyal@redhat.com \
    --cc=zohar@linux.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.