Re: [PATCH v5] evm: Correct inode_init_security hooks behaviors

linux-security-module.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Roberto Sassu <roberto.sassu@huaweicloud.com>
To: Mimi Zohar <zohar@linux.ibm.com>,
	Nicolas Bouchinet <nicolas.bouchinet@clip-os.org>,
	linux-integrity@vger.kernel.org,
	Roberto Sassu <roberto.sassu@huawei.com>
Cc: philippe.trebuchet@ssi.gouv.fr, dmitry.kasatkin@gmail.com,
	paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com,
	casey@schaufler-ca.com, davem@davemloft.net,
	lucien.xin@gmail.com, vgoyal@redhat.com, omosnace@redhat.com,
	mortonm@chromium.org, nicolas.bouchinet@ssi.gouv.fr,
	mic@digikod.net, cgzones@googlemail.com,
	linux-security-module@vger.kernel.org, kpsingh@kernel.org,
	revest@chromium.org, jackmanb@chromium.org, bpf@vger.kernel.org
Subject: Re: [PATCH v5] evm: Correct inode_init_security hooks behaviors
Date: Tue, 29 Nov 2022 13:21:59 +0100	[thread overview]
Message-ID: <dca37353573cbf4c9eb3f870c5a9d825e431a680.camel@huaweicloud.com> (raw)
In-Reply-To: <086b6d26895b84ad4086ac9f191ede6f705f9b6b.camel@linux.ibm.com>

On Tue, 2022-11-29 at 06:28 -0500, Mimi Zohar wrote:
> On Fri, 2022-11-25 at 16:57 +0100, Nicolas Bouchinet wrote:
> > From: Nicolas Bouchinet <nicolas.bouchinet@ssi.gouv.fr>
> > 
> > Fixes a NULL pointer dereference occurring in the
> > `evm_protected_xattr_common` function of the EVM LSM. The bug is
> > triggered if a `inode_init_security` hook returns 0 without initializing
> > the given `struct xattr` fields (which is the case of BPF) and if no
> > other LSM overrides thoses fields after. This also leads to memory
> > leaks.
> > 
> > The `call_int_hook_xattr` macro has been inlined into the
> > `security_inode_init_security` hook in order to check hooks return
> > values and skip ones who doesn't init `xattrs`.
> > 
> > Modify `evm_init_hmac` function to init the EVM hmac using every
> > entry of the given xattr array.
> > 
> > The `MAX_LSM_EVM_XATTR` value is now based on the security modules
> > compiled in, which gives room for SMACK, SELinux, Apparmor, BPF and
> > IMA/EVM security attributes.
> > 
> > Changes the default return value of the `inode_init_security` hook
> > definition to `-EOPNOTSUPP`.
> > 
> > Changes the hook documentation to match the behavior of the LSMs using
> > it (only xattr->value is initialised with kmalloc and thus is the only
> > one that should be kfreed by the caller).
> > 
> > Cc: roberto.sassu@huaweicloud.com
> > Signed-off-by: Nicolas Bouchinet <nicolas.bouchinet@ssi.gouv.fr>
> 
> What  is the relationship between this patch and Roberto's patch set? 
> Roberto, if there is an overlap, then at minimum there should be a
> Reported-by tag indicating that your patch set addresses a bug reported
> by Nicolas.

Agreed, I will add a Reported-by for the bug reported by Nicolas.

For the rest, my patch set introduces a similar functionality, with the
difference that it uses the reservation mechanism instead of static
allocation for xattrs, as suggested by Paul.

Roberto

next prev parent reply	other threads:[~2022-11-29 12:22 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-11-25 15:57 [PATCH v5] evm: Correct inode_init_security hooks behaviors Nicolas Bouchinet
2022-11-29 11:28 ` Mimi Zohar
2022-11-29 12:21   ` Roberto Sassu [this message]
2022-11-29 12:58   ` Nicolas Bouchinet
2022-11-29 13:10     ` Roberto Sassu
2022-11-29 14:31       ` Nicolas Bouchinet
2022-11-29 14:33         ` Roberto Sassu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=dca37353573cbf4c9eb3f870c5a9d825e431a680.camel@huaweicloud.com \
    --to=roberto.sassu@huaweicloud.com \
    --cc=bpf@vger.kernel.org \
    --cc=casey@schaufler-ca.com \
    --cc=cgzones@googlemail.com \
    --cc=davem@davemloft.net \
    --cc=dmitry.kasatkin@gmail.com \
    --cc=jackmanb@chromium.org \
    --cc=jmorris@namei.org \
    --cc=kpsingh@kernel.org \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=lucien.xin@gmail.com \
    --cc=mic@digikod.net \
    --cc=mortonm@chromium.org \
    --cc=nicolas.bouchinet@clip-os.org \
    --cc=nicolas.bouchinet@ssi.gouv.fr \
    --cc=omosnace@redhat.com \
    --cc=paul@paul-moore.com \
    --cc=philippe.trebuchet@ssi.gouv.fr \
    --cc=revest@chromium.org \
    --cc=roberto.sassu@huawei.com \
    --cc=serge@hallyn.com \
    --cc=vgoyal@redhat.com \
    --cc=zohar@linux.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).