From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4FF8C2C697; Mon, 28 Oct 2024 06:45:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730097900; cv=none; b=O7MioHtryW1V27IYGinyc5JjNF0toaE6Qcn19h/5jCWpPbafkD2ZfdZ8rjFb9fR6kdrOWGKCzK15xCns9MczCnAkqQBGVNWeDGDSQfmOGRq6X0WJ1on7oxVMA1mcdGH9aS6G+4tITaW8fa6Za2Pw/81sR9MOdolhHhzbYCUgyJk= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730097900; c=relaxed/simple; bh=WohzecJNGJXIyCigm8cvxUXFCpXUH6PUSxgknx1o+G4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=BEwmB63qAs4ygjYVMsBqvzOu2EPJT1lEDnL3/bJNFYFOb8ZMpbPu3mBRKonaSh0T1YtnUWk9fwkIBm2JiiGw1uHXimC9TXAbkKTjmlJepH5Alzb4glRMk5eun+husTmTTItsQ8jTxFSw9Em7QR1KkO7h0dwYsBqHUtaBHc+RYso= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=pNFS+KN0; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="pNFS+KN0" Received: by smtp.kernel.org (Postfix) with ESMTPSA id E3B05C4CEC3; Mon, 28 Oct 2024 06:44:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1730097900; bh=WohzecJNGJXIyCigm8cvxUXFCpXUH6PUSxgknx1o+G4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=pNFS+KN0+oc2sKQLmpGesZ8esoLOuyCx1LmoTfom43pR0rqYx24V+jIr8Ui5tH7BY nJScV5uJVQXKr9VWvGpTbLGewZVCvwGDuf6VDNb2oUQmBvef+iAI/9x9hBsxlrq3pa kOOd8SbDyle3nygbEnIxgCiGVxfgkk1Y0Au3E3kY= From: Greg Kroah-Hartman To: stable@vger.kernel.org Cc: Greg Kroah-Hartman , patches@lists.linux.dev, Sam Sun , Paul Moore , Thadeu Lima de Souza Cascardo , Sasha Levin Subject: [PATCH 6.6 197/208] selinux: improve error checking in sel_write_load() Date: Mon, 28 Oct 2024 07:26:17 +0100 Message-ID: <20241028062311.486427318@linuxfoundation.org> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241028062306.649733554@linuxfoundation.org> References: <20241028062306.649733554@linuxfoundation.org> User-Agent: quilt/0.67 X-stable: review X-Patchwork-Hint: ignore Precedence: bulk X-Mailing-List: patches@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit 6.6-stable review patch. If anyone has any objections, please let me know. ------------------ From: Paul Moore [ Upstream commit 42c773238037c90b3302bf37a57ae3b5c3f6004a ] Move our existing input sanity checking to the top of sel_write_load() and add a check to ensure the buffer size is non-zero. Move a local variable initialization from the declaration to before it is used. Minor style adjustments. Reported-by: Sam Sun Signed-off-by: Paul Moore Signed-off-by: Thadeu Lima de Souza Cascardo Signed-off-by: Sasha Levin --- security/selinux/selinuxfs.c | 30 ++++++++++++++++-------------- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index 2c23a5a286086..54bc18e8164b3 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -582,11 +582,18 @@ static ssize_t sel_write_load(struct file *file, const char __user *buf, size_t count, loff_t *ppos) { - struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info; + struct selinux_fs_info *fsi; struct selinux_load_state load_state; ssize_t length; void *data = NULL; + /* no partial writes */ + if (*ppos) + return -EINVAL; + /* no empty policies */ + if (!count) + return -EINVAL; + mutex_lock(&selinux_state.policy_mutex); length = avc_has_perm(current_sid(), SECINITSID_SECURITY, @@ -594,26 +601,22 @@ static ssize_t sel_write_load(struct file *file, const char __user *buf, if (length) goto out; - /* No partial writes. */ - length = -EINVAL; - if (*ppos != 0) - goto out; - - length = -ENOMEM; data = vmalloc(count); - if (!data) + if (!data) { + length = -ENOMEM; goto out; - - length = -EFAULT; - if (copy_from_user(data, buf, count) != 0) + } + if (copy_from_user(data, buf, count) != 0) { + length = -EFAULT; goto out; + } length = security_load_policy(data, count, &load_state); if (length) { pr_warn_ratelimited("SELinux: failed to load policy\n"); goto out; } - + fsi = file_inode(file)->i_sb->s_fs_info; length = sel_make_policy_nodes(fsi, load_state.policy); if (length) { pr_warn_ratelimited("SELinux: failed to initialize selinuxfs\n"); @@ -622,13 +625,12 @@ static ssize_t sel_write_load(struct file *file, const char __user *buf, } selinux_policy_commit(&load_state); - length = count; - audit_log(audit_context(), GFP_KERNEL, AUDIT_MAC_POLICY_LOAD, "auid=%u ses=%u lsm=selinux res=1", from_kuid(&init_user_ns, audit_get_loginuid(current)), audit_get_sessionid(current)); + out: mutex_unlock(&selinux_state.policy_mutex); vfree(data); -- 2.43.0