Re: [PATCH] Smack: fix use-after-free in smk_write_relabel_self()

linux-security-module.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Sasha Levin <sashal@kernel.org>
To: Sasha Levin <sashal@kernel.org>
To: Eric Biggers <ebiggers@kernel.org>
To: Eric Biggers <ebiggers@google.com>
To: linux-security-module@vger.kernel.org
Cc: syzkaller-bugs@googlegroups.com, linux-kernel@vger.kernel.org
Cc: stable@vger.kernel.org
Subject: Re: [PATCH] Smack: fix use-after-free in smk_write_relabel_self()
Date: Thu, 16 Jul 2020 00:27:29 +0000	[thread overview]
Message-ID: <20200716002730.26E14206F5@mail.kernel.org> (raw)
In-Reply-To: <20200708201520.140376-1-ebiggers@kernel.org>

Hi

[This is an automated email]

This commit has been processed because it contains a "Fixes:" tag
fixing commit: 38416e53936e ("Smack: limited capability for changing process label").

The bot has tested the following trees: v5.7.8, v5.4.51, v4.19.132, v4.14.188, v4.9.230, v4.4.230.

v5.7.8: Build OK!
v5.4.51: Build OK!
v4.19.132: Failed to apply! Possible dependencies:
    b17103a8b8ae9 ("Smack: Abstract use of cred security blob")

v4.14.188: Failed to apply! Possible dependencies:
    03450e271a160 ("fs: add ksys_fchmod() and do_fchmodat() helpers and ksys_chmod() wrapper; remove in-kernel calls to syscall")
    312db1aa1dc7b ("fs: add ksys_mount() helper; remove in-kernel calls to sys_mount()")
    3a18ef5c1b393 ("fs: add ksys_umount() helper; remove in-kernel call to sys_umount()")
    447016e968196 ("fs: add ksys_chdir() helper; remove in-kernel calls to sys_chdir()")
    819671ff849b0 ("syscalls: define and explain goal to not call syscalls in the kernel")
    9481769208b5e ("->file_open(): lose cred argument")
    a16fe33ab5572 ("fs: add ksys_chroot() helper; remove-in kernel calls to sys_chroot()")
    ae2bb293a3e8a ("get rid of cred argument of vfs_open() and do_dentry_open()")
    af04fadcaa932 ("Revert "fs: fold open_check_o_direct into do_dentry_open"")
    b17103a8b8ae9 ("Smack: Abstract use of cred security blob")
    c7248321a3d42 ("fs: add ksys_dup{,3}() helper; remove in-kernel calls to sys_dup{,3}()")
    d19dfe58b7ecb ("Smack: Privilege check on key operations")
    dcb569cf6ac99 ("Smack: ptrace capability use fixes")
    e3f20ae21079e ("security_file_open(): lose cred argument")
    e7a3e8b2edf54 ("fs: add ksys_write() helper; remove in-kernel calls to sys_write()")

v4.9.230: Failed to apply! Possible dependencies:
    078c73c63fb28 ("apparmor: add profile and ns params to aa_may_manage_policy()")
    121d4a91e3c12 ("apparmor: rename sid to secid")
    12557dcba21b0 ("apparmor: move lib definitions into separate lib include")
    2bd8dbbf22fe9 ("apparmor: add ns being viewed as a param to policy_view_capable()")
    5ac8c355ae001 ("apparmor: allow introspecting the loaded policy pre internal transform")
    637f688dc3dc3 ("apparmor: switch from profiles to using labels on contexts")
    73688d1ed0b8f ("apparmor: refactor prepare_ns() and make usable from different views")
    9481769208b5e ("->file_open(): lose cred argument")
    98849dff90e27 ("apparmor: rename namespace to ns to improve code line lengths")
    9a2d40c12d00e ("apparmor: add strn version of aa_find_ns")
    a6f233003b1af ("apparmor: allow specifying the profile doing the management")
    b17103a8b8ae9 ("Smack: Abstract use of cred security blob")
    cff281f6861e7 ("apparmor: split apparmor policy namespaces code into its own file")
    d19dfe58b7ecb ("Smack: Privilege check on key operations")
    dcb569cf6ac99 ("Smack: ptrace capability use fixes")
    f28e783ff668c ("Smack: Use cap_capable in privilege check")
    fd2a80438d736 ("apparmor: add ns being viewed as a param to policy_admin_capable()")
    fe6bb31f590c9 ("apparmor: split out shared policy_XXX fns to lib")

v4.4.230: Failed to apply! Possible dependencies:
    078c73c63fb28 ("apparmor: add profile and ns params to aa_may_manage_policy()")
    121d4a91e3c12 ("apparmor: rename sid to secid")
    12557dcba21b0 ("apparmor: move lib definitions into separate lib include")
    2bd8dbbf22fe9 ("apparmor: add ns being viewed as a param to policy_view_capable()")
    5ac8c355ae001 ("apparmor: allow introspecting the loaded policy pre internal transform")
    637f688dc3dc3 ("apparmor: switch from profiles to using labels on contexts")
    73688d1ed0b8f ("apparmor: refactor prepare_ns() and make usable from different views")
    79be093500791 ("Smack: File receive for sockets")
    9481769208b5e ("->file_open(): lose cred argument")
    98849dff90e27 ("apparmor: rename namespace to ns to improve code line lengths")
    9a2d40c12d00e ("apparmor: add strn version of aa_find_ns")
    a6f233003b1af ("apparmor: allow specifying the profile doing the management")
    b17103a8b8ae9 ("Smack: Abstract use of cred security blob")
    c60b906673eeb ("Smack: Signal delivery as an append operation")
    cff281f6861e7 ("apparmor: split apparmor policy namespaces code into its own file")
    d19dfe58b7ecb ("Smack: Privilege check on key operations")
    dcb569cf6ac99 ("Smack: ptrace capability use fixes")
    f28e783ff668c ("Smack: Use cap_capable in privilege check")
    fd2a80438d736 ("apparmor: add ns being viewed as a param to policy_admin_capable()")
    fe6bb31f590c9 ("apparmor: split out shared policy_XXX fns to lib")


NOTE: The patch will not be queued to stable trees until it is upstream.

How should we proceed with this patch?

-- 
Thanks
Sasha

next prev parent reply	other threads:[~2020-07-16  0:27 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-06-08 21:56 KASAN: use-after-free Read in smk_write_relabel_self syzbot
2020-07-08 20:15 ` [PATCH] Smack: fix use-after-free in smk_write_relabel_self() Eric Biggers
2020-07-16  0:27   ` Sasha Levin [this message]
2020-07-21  0:38   ` Eric Biggers
2020-07-21  0:57     ` Casey Schaufler

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200716002730.26E14206F5@mail.kernel.org \
    --to=sashal@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=syzkaller-bugs@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).