From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev,
Max Kellermann <max.kellermann@ionos.com>,
David Howells <dhowells@redhat.com>,
Christian Brauner <brauner@kernel.org>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 6.1 23/64] cachefiles: Parse the "secctx" immediately
Date: Tue, 21 Jan 2025 18:52:22 +0100 [thread overview]
Message-ID: <20250121174522.441412434@linuxfoundation.org> (raw)
In-Reply-To: <20250121174521.568417761@linuxfoundation.org>
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Max Kellermann <max.kellermann@ionos.com>
[ Upstream commit e5a8b6446c0d370716f193771ccacf3260a57534 ]
Instead of storing an opaque string, call security_secctx_to_secid()
right in the "secctx" command handler and store only the numeric
"secid". This eliminates an unnecessary string allocation and allows
the daemon to receive errors when writing the "secctx" command instead
of postponing the error to the "bind" command handler. For example,
if the kernel was built without `CONFIG_SECURITY`, "bind" will return
`EOPNOTSUPP`, but the daemon doesn't know why. With this patch, the
"secctx" will instead return `EOPNOTSUPP` which is the right context
for this error.
This patch adds a boolean flag `have_secid` because I'm not sure if we
can safely assume that zero is the special secid value for "not set".
This appears to be true for SELinux, Smack and AppArmor, but since
this attribute is not documented, I'm unable to derive a stable
guarantee for that.
Signed-off-by: Max Kellermann <max.kellermann@ionos.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Link: https://lore.kernel.org/r/20241209141554.638708-1-max.kellermann@ionos.com/
Link: https://lore.kernel.org/r/20241213135013.2964079-6-dhowells@redhat.com
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/cachefiles/daemon.c | 14 +++++++-------
fs/cachefiles/internal.h | 3 ++-
fs/cachefiles/security.c | 6 +++---
3 files changed, 12 insertions(+), 11 deletions(-)
diff --git a/fs/cachefiles/daemon.c b/fs/cachefiles/daemon.c
index 89b11336a8369..1806bff8e59bc 100644
--- a/fs/cachefiles/daemon.c
+++ b/fs/cachefiles/daemon.c
@@ -15,6 +15,7 @@
#include <linux/namei.h>
#include <linux/poll.h>
#include <linux/mount.h>
+#include <linux/security.h>
#include <linux/statfs.h>
#include <linux/ctype.h>
#include <linux/string.h>
@@ -576,7 +577,7 @@ static int cachefiles_daemon_dir(struct cachefiles_cache *cache, char *args)
*/
static int cachefiles_daemon_secctx(struct cachefiles_cache *cache, char *args)
{
- char *secctx;
+ int err;
_enter(",%s", args);
@@ -585,16 +586,16 @@ static int cachefiles_daemon_secctx(struct cachefiles_cache *cache, char *args)
return -EINVAL;
}
- if (cache->secctx) {
+ if (cache->have_secid) {
pr_err("Second security context specified\n");
return -EINVAL;
}
- secctx = kstrdup(args, GFP_KERNEL);
- if (!secctx)
- return -ENOMEM;
+ err = security_secctx_to_secid(args, strlen(args), &cache->secid);
+ if (err)
+ return err;
- cache->secctx = secctx;
+ cache->have_secid = true;
return 0;
}
@@ -820,7 +821,6 @@ static void cachefiles_daemon_unbind(struct cachefiles_cache *cache)
put_cred(cache->cache_cred);
kfree(cache->rootdirname);
- kfree(cache->secctx);
kfree(cache->tag);
_leave("");
diff --git a/fs/cachefiles/internal.h b/fs/cachefiles/internal.h
index 111ad6ecd4baf..4421a12960a66 100644
--- a/fs/cachefiles/internal.h
+++ b/fs/cachefiles/internal.h
@@ -122,7 +122,6 @@ struct cachefiles_cache {
#define CACHEFILES_STATE_CHANGED 3 /* T if state changed (poll trigger) */
#define CACHEFILES_ONDEMAND_MODE 4 /* T if in on-demand read mode */
char *rootdirname; /* name of cache root directory */
- char *secctx; /* LSM security context */
char *tag; /* cache binding tag */
refcount_t unbind_pincount;/* refcount to do daemon unbind */
struct xarray reqs; /* xarray of pending on-demand requests */
@@ -130,6 +129,8 @@ struct cachefiles_cache {
struct xarray ondemand_ids; /* xarray for ondemand_id allocation */
u32 ondemand_id_next;
u32 msg_id_next;
+ u32 secid; /* LSM security id */
+ bool have_secid; /* whether "secid" was set */
};
static inline bool cachefiles_in_ondemand_mode(struct cachefiles_cache *cache)
diff --git a/fs/cachefiles/security.c b/fs/cachefiles/security.c
index fe777164f1d89..fc6611886b3b5 100644
--- a/fs/cachefiles/security.c
+++ b/fs/cachefiles/security.c
@@ -18,7 +18,7 @@ int cachefiles_get_security_ID(struct cachefiles_cache *cache)
struct cred *new;
int ret;
- _enter("{%s}", cache->secctx);
+ _enter("{%u}", cache->have_secid ? cache->secid : 0);
new = prepare_kernel_cred(current);
if (!new) {
@@ -26,8 +26,8 @@ int cachefiles_get_security_ID(struct cachefiles_cache *cache)
goto error;
}
- if (cache->secctx) {
- ret = set_security_override_from_ctx(new, cache->secctx);
+ if (cache->have_secid) {
+ ret = set_security_override(new, cache->secid);
if (ret < 0) {
put_cred(new);
pr_err("Security denies permission to nominate security context: error %d\n",
--
2.39.5
next prev parent reply other threads:[~2025-01-21 18:04 UTC|newest]
Thread overview: 74+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-21 17:51 [PATCH 6.1 00/64] 6.1.127-rc1 review Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 6.1 01/64] net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field() Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 6.1 02/64] bpf: Fix bpf_sk_select_reuseport() memory leak Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 6.1 03/64] openvswitch: fix lockup on tx to unregistering netdev with carrier Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 6.1 04/64] pktgen: Avoid out-of-bounds access in get_imix_entries Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 6.1 05/64] net: add exit_batch_rtnl() method Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 6.1 06/64] gtp: use " Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 6.1 07/64] gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp() Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 6.1 08/64] gtp: Destroy device along with udp sockets netns dismantle Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 6.1 09/64] nfp: bpf: prevent integer overflow in nfp_bpf_event_output() Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 6.1 10/64] net: xilinx: axienet: Fix IRQ coalescing packet count overflow Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 6.1 11/64] net/mlx5: Fix RDMA TX steering prio Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 6.1 12/64] net/mlx5: Clear port select structure when fail to create Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 6.1 13/64] drm/v3d: Ensure job pointer is set to NULL after job completion Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 6.1 14/64] hwmon: (tmp513) Fix division of negative numbers Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 6.1 15/64] Revert "mtd: spi-nor: core: replace dummy buswidth from addr to data" Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 6.1 16/64] i2c: mux: demux-pinctrl: check initial mux selection, too Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 6.1 17/64] i2c: rcar: fix NACK handling when being a target Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 6.1 18/64] nvmet: propagate npwg topology Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 6.1 19/64] mac802154: check local interfaces before deleting sdata list Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 6.1 20/64] hfs: Sanity check the root record Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 6.1 21/64] fs: fix missing declaration of init_files Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 6.1 22/64] kheaders: Ignore silly-rename files Greg Kroah-Hartman
2025-01-21 17:52 ` Greg Kroah-Hartman [this message]
2025-01-21 17:52 ` [PATCH 6.1 24/64] scsi: ufs: core: Honor runtime/system PM levels if set by host controller drivers Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 6.1 25/64] selftests: tc-testing: reduce rshift value Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 6.1 26/64] ACPI: resource: acpi_dev_irq_override(): Check DMI match last Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 6.1 27/64] iomap: avoid avoid truncating 64-bit offset to 32 bits Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 6.1 28/64] poll_wait: add mb() to fix theoretical race between waitqueue_active() and .poll() Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 6.1 29/64] x86/asm: Make serialize() always_inline Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 6.1 30/64] ALSA: hda/realtek: Add support for Ayaneo System using CS35L41 HDA Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 6.1 31/64] zram: fix potential UAF of zram table Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 6.1 32/64] mptcp: be sure to send ack when mptcp-level window re-opens Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 6.1 33/64] selftests: mptcp: avoid spurious errors on disconnect Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 6.1 34/64] net: ethernet: xgbe: re-add aneg to supported features in PHY quirks Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 6.1 35/64] vsock/virtio: discard packets if the transport changes Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 6.1 36/64] vsock/virtio: cancel close work in the destructor Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 6.1 37/64] vsock: reset socket state when de-assigning the transport Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 6.1 38/64] vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 6.1 39/64] filemap: avoid truncating 64-bit offset to 32 bits Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 6.1 40/64] fs/proc: fix softlockup in __read_vmcore (part 2) Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 6.1 41/64] gpiolib: cdev: Fix use after free in lineinfo_changed_notify Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 6.1 42/64] pmdomain: imx8mp-blk-ctrl: add missing loop break condition Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 6.1 43/64] irqchip: Plug a OF node reference leak in platform_irqchip_probe() Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 6.1 44/64] irqchip/gic-v3: Handle CPU_PM_ENTER_FAILED correctly Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 6.1 45/64] irqchip/gic-v3-its: Dont enable interrupts in its_irq_set_vcpu_affinity() Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 6.1 46/64] hrtimers: Handle CPU state correctly on hotplug Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 6.1 47/64] drm/i915/fb: Relax clear color alignment to 64 bytes Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 6.1 48/64] Revert "PCI: Use preserve_config in place of pci_flags" Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 6.1 49/64] iio: imu: inv_icm42600: fix spi burst write not supported Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 6.1 50/64] iio: imu: inv_icm42600: fix timestamps after suspend if sensor is on Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 6.1 51/64] iio: adc: rockchip_saradc: fix information leak in triggered buffer Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 6.1 52/64] drm/amd/display: Fix out-of-bounds access in dcn21_link_encoder_create Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 6.1 53/64] drm/amdgpu: fix usage slab after free Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 6.1 54/64] block: fix uaf for flush rq while iterating tags Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 6.1 55/64] Revert "drm/amdgpu: rework resume handling for display (v2)" Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 6.1 56/64] RDMA/rxe: Fix the qp flush warnings in req Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 6.1 57/64] scsi: sg: Fix slab-use-after-free read in sg_release() Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 6.1 58/64] Revert "regmap: detach regmap from dev on regmap_exit" Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 6.1 59/64] wifi: ath10k: avoid NULL pointer error during sdio remove Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 6.1 60/64] erofs: tidy up EROFS on-disk naming Greg Kroah-Hartman
2025-01-21 17:53 ` [PATCH 6.1 61/64] erofs: handle NONHEAD !delta[1] lclusters gracefully Greg Kroah-Hartman
2025-01-21 17:53 ` [PATCH 6.1 62/64] nfsd: add list_head nf_gc to struct nfsd_file Greg Kroah-Hartman
2025-01-21 17:53 ` [PATCH 6.1 63/64] x86/xen: fix SLS mitigation in xen_hypercall_iret() Greg Kroah-Hartman
2025-01-21 17:53 ` [PATCH 6.1 64/64] net: fix data-races around sk->sk_forward_alloc Greg Kroah-Hartman
2025-01-21 18:44 ` [PATCH 6.1 00/64] 6.1.127-rc1 review Florian Fainelli
2025-01-21 19:32 ` Peter Schneider
2025-01-21 21:57 ` Salvatore Bonaccorso
2025-01-22 7:35 ` Greg Kroah-Hartman
2025-01-22 7:38 ` Greg Kroah-Hartman
2025-01-22 5:32 ` Ron Economos
2025-01-21 23:35 ` Shuah Khan
2025-01-21 23:46 ` SeongJae Park
2025-01-22 20:17 ` [PATCH 6.1] " Hardik Garg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250121174522.441412434@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=brauner@kernel.org \
--cc=dhowells@redhat.com \
--cc=max.kellermann@ionos.com \
--cc=patches@lists.linux.dev \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox