[PATCH 0/2] lsm: fix default return values for some hooks

[PATCH 0/2] lsm: fix default return values for some hooks

[Ondrej Mosnacek]

Some of the default return values listed in <linux/lsm_hook_defs.h>
don't match the actual no-op value and can be trivially fixed.

Ondrej Mosnacek (2):
  lsm: fix default return value for vm_enough_memory
  lsm: fix default return value for inode_getsecctx

 include/linux/lsm_hook_defs.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

-- 
2.41.0

[PATCH 1/2] lsm: fix default return value for vm_enough_memory

[Ondrej Mosnacek]

1 is the return value that implements a "no-op" hook, not 0.

Fixes: 98e828a0650f ("security: Refactor declaration of LSM hooks")
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
---
 include/linux/lsm_hook_defs.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h
index 99b8176c3738d..4dd55fdfec267 100644
--- a/include/linux/lsm_hook_defs.h
+++ b/include/linux/lsm_hook_defs.h
@@ -48,7 +48,7 @@ LSM_HOOK(int, 0, quota_on, struct dentry *dentry)
 LSM_HOOK(int, 0, syslog, int type)
 LSM_HOOK(int, 0, settime, const struct timespec64 *ts,
 	 const struct timezone *tz)
-LSM_HOOK(int, 0, vm_enough_memory, struct mm_struct *mm, long pages)
+LSM_HOOK(int, 1, vm_enough_memory, struct mm_struct *mm, long pages)
 LSM_HOOK(int, 0, bprm_creds_for_exec, struct linux_binprm *bprm)
 LSM_HOOK(int, 0, bprm_creds_from_file, struct linux_binprm *bprm, const struct file *file)
 LSM_HOOK(int, 0, bprm_check_security, struct linux_binprm *bprm)
-- 
2.41.0

[PATCH 2/2] lsm: fix default return value for inode_getsecctx

[Ondrej Mosnacek]

-EOPNOTSUPP is the return value that implements a "no-op" hook, not 0.

Without this fix having only the BPF LSM enabled (with no programs
attached) can cause uninitialized variable reads in
nfsd4_encode_fattr(), because the BPF hook returns 0 without touching
the 'ctxlen' variable and the corresponding 'contextlen' variable in
nfsd4_encode_fattr() remains uninitialized, yet being treated as valid
based on the 0 return value.

Reported-by: Benjamin Coddington <bcodding@redhat.com>
Fixes: 98e828a0650f ("security: Refactor declaration of LSM hooks")
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
---
 include/linux/lsm_hook_defs.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h
index 4dd55fdfec267..ff217a5ce5521 100644
--- a/include/linux/lsm_hook_defs.h
+++ b/include/linux/lsm_hook_defs.h
@@ -273,7 +273,7 @@ LSM_HOOK(void, LSM_RET_VOID, release_secctx, char *secdata, u32 seclen)
 LSM_HOOK(void, LSM_RET_VOID, inode_invalidate_secctx, struct inode *inode)
 LSM_HOOK(int, 0, inode_notifysecctx, struct inode *inode, void *ctx, u32 ctxlen)
 LSM_HOOK(int, 0, inode_setsecctx, struct dentry *dentry, void *ctx, u32 ctxlen)
-LSM_HOOK(int, 0, inode_getsecctx, struct inode *inode, void **ctx,
+LSM_HOOK(int, -EOPNOTSUPP, inode_getsecctx, struct inode *inode, void **ctx,
 	 u32 *ctxlen)
 
 #if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE)
-- 
2.41.0

Re: [PATCH 0/2] lsm: fix default return values for some hooks

[Paul Moore]

On Tue, Oct 31, 2023 at 8:32 AM Ondrej Mosnacek <omosnace@redhat.com> wrote:
>
> Some of the default return values listed in <linux/lsm_hook_defs.h>
> don't match the actual no-op value and can be trivially fixed.
>
> Ondrej Mosnacek (2):
>   lsm: fix default return value for vm_enough_memory
>   lsm: fix default return value for inode_getsecctx
>
>  include/linux/lsm_hook_defs.h | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)

These both look like reasonable -stable candidates to me, what do you think?

-- 
paul-moore.com

Re: [PATCH 0/2] lsm: fix default return values for some hooks

[Ondrej Mosnacek]

On Wed, Nov 8, 2023 at 4:12 AM Paul Moore <paul@paul-moore.com> wrote:
>
> On Tue, Oct 31, 2023 at 8:32 AM Ondrej Mosnacek <omosnace@redhat.com> wrote:
> >
> > Some of the default return values listed in <linux/lsm_hook_defs.h>
> > don't match the actual no-op value and can be trivially fixed.
> >
> > Ondrej Mosnacek (2):
> >   lsm: fix default return value for vm_enough_memory
> >   lsm: fix default return value for inode_getsecctx
> >
> >  include/linux/lsm_hook_defs.h | 4 ++--
> >  1 file changed, 2 insertions(+), 2 deletions(-)
>
> These both look like reasonable -stable candidates to me, what do you think?

Yes, that would be my assessment as well.

-- 
Ondrej Mosnacek
Senior Software Engineer, Linux Security - SELinux kernel
Red Hat, Inc.

Re: [PATCH 0/2] lsm: fix default return values for some hooks

[Paul Moore]

On Wed, Nov 8, 2023 at 4:30 AM Ondrej Mosnacek <omosnace@redhat.com> wrote:
> On Wed, Nov 8, 2023 at 4:12 AM Paul Moore <paul@paul-moore.com> wrote:
> > On Tue, Oct 31, 2023 at 8:32 AM Ondrej Mosnacek <omosnace@redhat.com> wrote:
> > >
> > > Some of the default return values listed in <linux/lsm_hook_defs.h>
> > > don't match the actual no-op value and can be trivially fixed.
> > >
> > > Ondrej Mosnacek (2):
> > >   lsm: fix default return value for vm_enough_memory
> > >   lsm: fix default return value for inode_getsecctx
> > >
> > >  include/linux/lsm_hook_defs.h | 4 ++--
> > >  1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > These both look like reasonable -stable candidates to me, what do you think?
>
> Yes, that would be my assessment as well.

Okay, good.  I've just gone ahead and merged these into lsm/stable-6.7
and I'll plan to send them up to Linus on Thursday or Friday this
week.  Thanks.

-- 
paul-moore.com