linux-next: manual merge of the security tree with the mm tree

linux-next: manual merge of the security tree with the mm tree

[Stephen Rothwell]

[-- Attachment #1: Type: text/plain, Size: 1322 bytes --]

Hi all,

Today's linux-next merge of the security tree got conflicts in:

  include/linux/lsm_hooks.h
  security/security.c

between commit:

  3346ada04cf5 ("bcachefs: do not use PF_MEMALLOC_NORECLAIM")

from the mm-unstable branch of the mm tree and commit:

  711f5c5ce6c2 ("lsm: cleanup lsm_hooks.h")

from the security tree.

I fixed it up (I used the latter version ofinclude/linux/lsm_hooks.h
and see below) and can carry the fix as necessary. This is now fixed as
far as linux-next is concerned, but any non trivial conflicts should be
mentioned to your upstream maintainer when your tree is submitted for
merging.  You may also want to consider cooperating with the maintainer
of the conflicting tree to minimise any particularly complex conflicts.

-- 
Cheers,
Stephen Rothwell

diff --cc security/security.c
index 3581262da5ee,4564a0a1e4ef..000000000000
--- a/security/security.c
+++ b/security/security.c
@@@ -660,7 -745,7 +745,7 @@@ static int lsm_file_alloc(struct file *
   *
   * Returns 0, or -ENOMEM if memory can't be allocated.
   */
- int lsm_inode_alloc(struct inode *inode, gfp_t gfp)
 -static int lsm_inode_alloc(struct inode *inode)
++static int lsm_inode_alloc(struct inode *inode, gfp_t gfp)
  {
  	if (!lsm_inode_cache) {
  		inode->i_security = NULL;

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

Re: linux-next: manual merge of the security tree with the mm tree

[Paul Moore]

On Wed, Sep 11, 2024 at 12:28 AM Stephen Rothwell <sfr@canb.auug.org.au> wrote:
>
> Hi all,
>
> Today's linux-next merge of the security tree got conflicts in:
>
>   include/linux/lsm_hooks.h
>   security/security.c
>
> between commit:
>
>   3346ada04cf5 ("bcachefs: do not use PF_MEMALLOC_NORECLAIM")
>
> from the mm-unstable branch of the mm tree and commit:
>
>   711f5c5ce6c2 ("lsm: cleanup lsm_hooks.h")
>
> from the security tree.
>
> I fixed it up (I used the latter version ofinclude/linux/lsm_hooks.h
> and see below) and can carry the fix as necessary. This is now fixed as
> far as linux-next is concerned, but any non trivial conflicts should be
> mentioned to your upstream maintainer when your tree is submitted for
> merging.  You may also want to consider cooperating with the maintainer
> of the conflicting tree to minimise any particularly complex conflicts.

Thanks Stephen.

> diff --cc security/security.c
> index 3581262da5ee,4564a0a1e4ef..000000000000
> --- a/security/security.c
> +++ b/security/security.c
> @@@ -660,7 -745,7 +745,7 @@@ static int lsm_file_alloc(struct file *
>    *
>    * Returns 0, or -ENOMEM if memory can't be allocated.
>    */
> - int lsm_inode_alloc(struct inode *inode, gfp_t gfp)
>  -static int lsm_inode_alloc(struct inode *inode)
> ++static int lsm_inode_alloc(struct inode *inode, gfp_t gfp)
>   {
>         if (!lsm_inode_cache) {
>                 inode->i_security = NULL;



-- 
paul-moore.com

Re: linux-next: manual merge of the security tree with the mm tree

[Stephen Rothwell]

[-- Attachment #1: Type: text/plain, Size: 1585 bytes --]

Hi all,

On Wed, 11 Sep 2024 14:28:22 +1000 Stephen Rothwell <sfr@canb.auug.org.au> wrote:
>
> Today's linux-next merge of the security tree got conflicts in:
> 
>   include/linux/lsm_hooks.h
>   security/security.c
> 
> between commit:
> 
>   3346ada04cf5 ("bcachefs: do not use PF_MEMALLOC_NORECLAIM")
> 
> from the mm-unstable branch of the mm tree and commit:
> 
>   711f5c5ce6c2 ("lsm: cleanup lsm_hooks.h")
> 
> from the security tree.
> 
> I fixed it up (I used the latter version ofinclude/linux/lsm_hooks.h
> and see below) and can carry the fix as necessary. This is now fixed as
> far as linux-next is concerned, but any non trivial conflicts should be
> mentioned to your upstream maintainer when your tree is submitted for
> merging.  You may also want to consider cooperating with the maintainer
> of the conflicting tree to minimise any particularly complex conflicts.
> 
> -- 
> Cheers,
> Stephen Rothwell
> 
> diff --cc security/security.c
> index 3581262da5ee,4564a0a1e4ef..000000000000
> --- a/security/security.c
> +++ b/security/security.c
> @@@ -660,7 -745,7 +745,7 @@@ static int lsm_file_alloc(struct file *
>    *
>    * Returns 0, or -ENOMEM if memory can't be allocated.
>    */
> - int lsm_inode_alloc(struct inode *inode, gfp_t gfp)
>  -static int lsm_inode_alloc(struct inode *inode)
> ++static int lsm_inode_alloc(struct inode *inode, gfp_t gfp)
>   {
>   	if (!lsm_inode_cache) {
>   		inode->i_security = NULL;

This is now a conflict between the mm tree and Linus' tree.

-- 
Cheers,
Stephen Rothwell

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

Re: linux-next: manual merge of the security tree with the mm tree

[Michal Hocko]

On Tue 17-09-24 09:30:48, Stephen Rothwell wrote:
> Hi all,
> 
> On Wed, 11 Sep 2024 14:28:22 +1000 Stephen Rothwell <sfr@canb.auug.org.au> wrote:
> >
> > Today's linux-next merge of the security tree got conflicts in:
> > 
> >   include/linux/lsm_hooks.h
> >   security/security.c
> > 
> > between commit:
> > 
> >   3346ada04cf5 ("bcachefs: do not use PF_MEMALLOC_NORECLAIM")
> > 
> > from the mm-unstable branch of the mm tree and commit:
> > 
> >   711f5c5ce6c2 ("lsm: cleanup lsm_hooks.h")
> > 
> > from the security tree.
> > 
> > I fixed it up (I used the latter version ofinclude/linux/lsm_hooks.h
> > and see below) and can carry the fix as necessary. This is now fixed as
> > far as linux-next is concerned, but any non trivial conflicts should be
> > mentioned to your upstream maintainer when your tree is submitted for
> > merging.  You may also want to consider cooperating with the maintainer
> > of the conflicting tree to minimise any particularly complex conflicts.
> > 
> > -- 
> > Cheers,
> > Stephen Rothwell
> > 
> > diff --cc security/security.c
> > index 3581262da5ee,4564a0a1e4ef..000000000000
> > --- a/security/security.c
> > +++ b/security/security.c
> > @@@ -660,7 -745,7 +745,7 @@@ static int lsm_file_alloc(struct file *
> >    *
> >    * Returns 0, or -ENOMEM if memory can't be allocated.
> >    */
> > - int lsm_inode_alloc(struct inode *inode, gfp_t gfp)
> >  -static int lsm_inode_alloc(struct inode *inode)
> > ++static int lsm_inode_alloc(struct inode *inode, gfp_t gfp)
> >   {
> >   	if (!lsm_inode_cache) {
> >   		inode->i_security = NULL;
> 
> This is now a conflict between the mm tree and Linus' tree.

Andrew said he would drop the mm patches and I will resubmit when merge
window closes.


-- 
Michal Hocko
SUSE Labs

Re: linux-next: manual merge of the security tree with the mm tree

[Stephen Rothwell]

[-- Attachment #1: Type: text/plain, Size: 2121 bytes --]

Hi Michal,

On Tue, 17 Sep 2024 09:51:05 +0200 Michal Hocko <mhocko@suse.com> wrote:
>
> On Tue 17-09-24 09:30:48, Stephen Rothwell wrote:
> > 
> > On Wed, 11 Sep 2024 14:28:22 +1000 Stephen Rothwell <sfr@canb.auug.org.au> wrote:  
> > >
> > > Today's linux-next merge of the security tree got conflicts in:
> > > 
> > >   include/linux/lsm_hooks.h
> > >   security/security.c
> > > 
> > > between commit:
> > > 
> > >   3346ada04cf5 ("bcachefs: do not use PF_MEMALLOC_NORECLAIM")
> > > 
> > > from the mm-unstable branch of the mm tree and commit:
> > > 
> > >   711f5c5ce6c2 ("lsm: cleanup lsm_hooks.h")
> > > 
> > > from the security tree.
> > > 
> > > I fixed it up (I used the latter version ofinclude/linux/lsm_hooks.h
> > > and see below) and can carry the fix as necessary. This is now fixed as
> > > far as linux-next is concerned, but any non trivial conflicts should be
> > > mentioned to your upstream maintainer when your tree is submitted for
> > > merging.  You may also want to consider cooperating with the maintainer
> > > of the conflicting tree to minimise any particularly complex conflicts.
> > > 
> > > -- 
> > > Cheers,
> > > Stephen Rothwell
> > > 
> > > diff --cc security/security.c
> > > index 3581262da5ee,4564a0a1e4ef..000000000000
> > > --- a/security/security.c
> > > +++ b/security/security.c
> > > @@@ -660,7 -745,7 +745,7 @@@ static int lsm_file_alloc(struct file *
> > >    *
> > >    * Returns 0, or -ENOMEM if memory can't be allocated.
> > >    */
> > > - int lsm_inode_alloc(struct inode *inode, gfp_t gfp)
> > >  -static int lsm_inode_alloc(struct inode *inode)
> > > ++static int lsm_inode_alloc(struct inode *inode, gfp_t gfp)
> > >   {
> > >   	if (!lsm_inode_cache) {
> > >   		inode->i_security = NULL;  
> > 
> > This is now a conflict between the mm tree and Linus' tree.  
> 
> Andrew said he would drop the mm patches and I will resubmit when merge
> window closes.

Yeah, I normally drop the unstable parts of the mm tree during the merge
window, so I will do that from tomorrow.

-- 
Cheers,
Stephen Rothwell

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

linux-next: manual merge of the security tree with the mm tree

[Stephen Rothwell]

[-- Attachment #1: Type: text/plain, Size: 2348 bytes --]

Hi all,

Today's linux-next merge of the security tree got a conflict in:

  kernel/auditsc.c

between commit:

  cd39427be833 ("auditsc: replace memcpy() with strscpy()")

from the mm-nonmm-unstable branch of the mm tree and commits:

  37f670aacd48 ("lsm: use lsm_prop in security_current_getsecid")
  13d826e564e2 ("audit: change context data from secid to lsm_prop")

from the security tree.

I fixed it up (see below) and can carry the fix as necessary. This
is now fixed as far as linux-next is concerned, but any non trivial
conflicts should be mentioned to your upstream maintainer when your tree
is submitted for merging.  You may also want to consider cooperating
with the maintainer of the conflicting tree to minimise any particularly
complex conflicts.

-- 
Cheers,
Stephen Rothwell

diff --cc kernel/auditsc.c
index 7adc67d5aafb,f28fd513d047..000000000000
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@@ -2729,8 -2728,8 +2728,8 @@@ void __audit_ptrace(struct task_struct 
  	context->target_auid = audit_get_loginuid(t);
  	context->target_uid = task_uid(t);
  	context->target_sessionid = audit_get_sessionid(t);
- 	security_task_getsecid_obj(t, &context->target_sid);
+ 	security_task_getlsmprop_obj(t, &context->target_ref);
 -	memcpy(context->target_comm, t->comm, TASK_COMM_LEN);
 +	strscpy(context->target_comm, t->comm);
  }
  
  /**
@@@ -2756,8 -2755,8 +2755,8 @@@ int audit_signal_info_syscall(struct ta
  		ctx->target_auid = audit_get_loginuid(t);
  		ctx->target_uid = t_uid;
  		ctx->target_sessionid = audit_get_sessionid(t);
- 		security_task_getsecid_obj(t, &ctx->target_sid);
+ 		security_task_getlsmprop_obj(t, &ctx->target_ref);
 -		memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN);
 +		strscpy(ctx->target_comm, t->comm);
  		return 0;
  	}
  
@@@ -2777,8 -2776,8 +2776,8 @@@
  	axp->target_auid[axp->pid_count] = audit_get_loginuid(t);
  	axp->target_uid[axp->pid_count] = t_uid;
  	axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t);
- 	security_task_getsecid_obj(t, &axp->target_sid[axp->pid_count]);
+ 	security_task_getlsmprop_obj(t, &axp->target_ref[axp->pid_count]);
 -	memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN);
 +	strscpy(axp->target_comm[axp->pid_count], t->comm);
  	axp->pid_count++;
  
  	return 0;

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

linux-next: manual merge of the security tree with the mm tree

[Stephen Rothwell]

[-- Attachment #1: Type: text/plain, Size: 1634 bytes --]

Hi all,

Today's linux-next merge of the security tree got a conflict in:

  security/lsm_audit.c

between commit:

  b62d29a06242 ("security: replace memcpy() with get_task_comm()")

from the mm-nonmm-unstable branch of the mm tree and commit:

  cfb1f7e5c9a7 ("lsm: Add audit_log_lsm_data() helper")

from the security tree.

I fixed it up (see below) and can carry the fix as necessary. This
is now fixed as far as linux-next is concerned, but any non trivial
conflicts should be mentioned to your upstream maintainer when your tree
is submitted for merging.  You may also want to consider cooperating
with the maintainer of the conflicting tree to minimise any particularly
complex conflicts.

-- 
Cheers,
Stephen Rothwell

diff --cc security/lsm_audit.c
index 9a8352972086,de29ce8ff708..000000000000
--- a/security/lsm_audit.c
+++ b/security/lsm_audit.c
@@@ -428,6 -422,21 +422,21 @@@ void audit_log_lsm_data(struct audit_bu
  	} /* switch (a->type) */
  }
  
+ /**
+  * dump_common_audit_data - helper to dump common audit data
+  * @ab : the audit buffer
+  * @a : common audit data
+  */
+ static void dump_common_audit_data(struct audit_buffer *ab,
+ 				   const struct common_audit_data *a)
+ {
+ 	char comm[sizeof(current->comm)];
+ 
+ 	audit_log_format(ab, " pid=%d comm=", task_tgid_nr(current));
 -	audit_log_untrustedstring(ab, memcpy(comm, current->comm, sizeof(comm)));
++	audit_log_untrustedstring(ab, get_task_comm(comm, current));
+ 	audit_log_lsm_data(ab, a);
+ }
+ 
  /**
   * common_lsm_audit - generic LSM auditing function
   * @a:  auxiliary audit data

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

Re: linux-next: manual merge of the security tree with the mm tree

[Stephen Rothwell]

[-- Attachment #1: Type: text/plain, Size: 2628 bytes --]

Hi all,

On Mon, 14 Oct 2024 14:46:48 +1100 Stephen Rothwell <sfr@canb.auug.org.au> wrote:
>
> Today's linux-next merge of the security tree got a conflict in:
> 
>   kernel/auditsc.c
> 
> between commit:
> 
>   cd39427be833 ("auditsc: replace memcpy() with strscpy()")
> 
> from the mm-nonmm-unstable branch of the mm tree and commits:
> 
>   37f670aacd48 ("lsm: use lsm_prop in security_current_getsecid")
>   13d826e564e2 ("audit: change context data from secid to lsm_prop")
> 
> from the security tree.
> 
> I fixed it up (see below) and can carry the fix as necessary. This
> is now fixed as far as linux-next is concerned, but any non trivial
> conflicts should be mentioned to your upstream maintainer when your tree
> is submitted for merging.  You may also want to consider cooperating
> with the maintainer of the conflicting tree to minimise any particularly
> complex conflicts.
> 
> diff --cc kernel/auditsc.c
> index 7adc67d5aafb,f28fd513d047..000000000000
> --- a/kernel/auditsc.c
> +++ b/kernel/auditsc.c
> @@@ -2729,8 -2728,8 +2728,8 @@@ void __audit_ptrace(struct task_struct 
>   	context->target_auid = audit_get_loginuid(t);
>   	context->target_uid = task_uid(t);
>   	context->target_sessionid = audit_get_sessionid(t);
> - 	security_task_getsecid_obj(t, &context->target_sid);
> + 	security_task_getlsmprop_obj(t, &context->target_ref);
>  -	memcpy(context->target_comm, t->comm, TASK_COMM_LEN);
>  +	strscpy(context->target_comm, t->comm);
>   }
>   
>   /**
> @@@ -2756,8 -2755,8 +2755,8 @@@ int audit_signal_info_syscall(struct ta
>   		ctx->target_auid = audit_get_loginuid(t);
>   		ctx->target_uid = t_uid;
>   		ctx->target_sessionid = audit_get_sessionid(t);
> - 		security_task_getsecid_obj(t, &ctx->target_sid);
> + 		security_task_getlsmprop_obj(t, &ctx->target_ref);
>  -		memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN);
>  +		strscpy(ctx->target_comm, t->comm);
>   		return 0;
>   	}
>   
> @@@ -2777,8 -2776,8 +2776,8 @@@
>   	axp->target_auid[axp->pid_count] = audit_get_loginuid(t);
>   	axp->target_uid[axp->pid_count] = t_uid;
>   	axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t);
> - 	security_task_getsecid_obj(t, &axp->target_sid[axp->pid_count]);
> + 	security_task_getlsmprop_obj(t, &axp->target_ref[axp->pid_count]);
>  -	memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN);
>  +	strscpy(axp->target_comm[axp->pid_count], t->comm);
>   	axp->pid_count++;
>   
>   	return 0;

This is now a conflict between the mm-nonmm-stable tree and Linus' tree.

-- 
Cheers,
Stephen Rothwell

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]