From: penguin-kernel@I-love.SAKURA.ne.jp (Tetsuo Handa)
To: linux-security-module@vger.kernel.org
Subject: [PATCH 5/9] LSM: Manage remaining security blobs
Date: Wed, 29 Nov 2017 20:21:33 +0900 [thread overview]
Message-ID: <201711292021.CIC57334.OSQMFHOtOJFVLF@I-love.SAKURA.ne.jp> (raw)
In-Reply-To: <d3bd7b64-020b-ac7c-8fef-eed6a1ad5185@schaufler-ca.com>
Hello.
I browsed https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1734686
and found a problem with how security blob is initialized.
Casey Schaufler wrote:
> +/**
> + * lsm_sock_alloc - allocate a composite sock blob
> + * @sock: the sock that needs a blob
> + * @priority: allocation mode
> + *
> + * Allocate the sock blob for all the modules
> + *
> + * Returns 0, or -ENOMEM if memory can't be allocated.
> + */
> +int lsm_sock_alloc(struct sock *sock, gfp_t priority)
> +{
> +#ifdef CONFIG_SECURITY_LSM_DEBUG
> + if (sock->sk_security)
> + pr_info("%s: Inbound sock blob is not NULL.\n", __func__);
> +#endif
If none of LSM modules use sock->sk_security, sock->sk_security is not
initialized to NULL (and sk_prot_alloc() does not always use __GFP_ZERO).
> + if (blob_sizes.lbs_sock == 0)
> + return 0;
> +
> + sock->sk_security = kzalloc(blob_sizes.lbs_sock, priority);
> + if (sock->sk_security == NULL)
> + return -ENOMEM;
> + return 0;
> +}
> @@ -1609,12 +1851,18 @@ EXPORT_SYMBOL(security_socket_getpeersec_dgram);
>
> int security_sk_alloc(struct sock *sk, int family, gfp_t priority)
> {
> + int rc = lsm_sock_alloc(sk, priority);
> +
> + if (rc)
> + return rc;
In that report, no major LSMs are active because apparmor=0 is passed at
kernel command line. Thus, security_sk_alloc() does not initialize
sk->sk_security field and
> return call_int_hook(sk_alloc_security, 0, sk, family, priority);
> }
>
> void security_sk_free(struct sock *sk)
> {
> call_void_hook(sk_free_security, sk);
causes random oops at kfree().
> + kfree(sk->sk_security);
> + sk->sk_security = NULL;
> }
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2017-11-29 11:21 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-27 21:34 [PATCH 0/9] LSM: Stacking for major security modules - Based on 4.14-rc2 Casey Schaufler
2017-10-27 21:45 ` [PATCH 1/9] procfs: add smack subdir to attrs Casey Schaufler
2017-10-27 21:45 ` [PATCH 2/9] LSM: Manage credential security blobs Casey Schaufler
2017-10-27 21:45 ` [PATCH 3/9] LSM: Manage file " Casey Schaufler
2017-10-31 15:25 ` Stephen Smalley
2017-10-31 16:16 ` Casey Schaufler
2017-10-31 17:32 ` John Johansen
2017-10-31 21:30 ` Casey Schaufler
2017-10-31 21:57 ` Casey Schaufler
2017-11-01 12:20 ` Stephen Smalley
2017-10-27 21:45 ` [PATCH 4/9] LSM: Manage task " Casey Schaufler
2017-10-27 21:45 ` [PATCH 5/9] LSM: Manage remaining " Casey Schaufler
2017-11-29 11:21 ` Tetsuo Handa [this message]
2017-11-29 15:47 ` Casey Schaufler
2017-12-05 10:29 ` Tetsuo Handa
2017-12-05 16:29 ` Casey Schaufler
2017-10-27 21:45 ` [PATCH 6/9] LSM: General stacking Casey Schaufler
2017-10-27 21:45 ` [PATCH 7/9] LSM: Shared secids Casey Schaufler
2017-10-27 21:45 ` [PATCH 8/9] LSM: Multiple security mount options Casey Schaufler
2017-10-31 15:29 ` Stephen Smalley
2017-10-31 16:27 ` Casey Schaufler
2017-10-27 21:45 ` [PATCH 9/9] LSM: Full security module stacking Casey Schaufler
2017-11-06 16:11 ` [PATCH 0/9] LSM: Stacking for major security modules - Based on 4.14-rc2 James Morris
2017-11-06 16:17 ` Casey Schaufler
2017-11-06 17:15 ` John Johansen
2017-11-11 15:48 ` Paul Moore
2017-11-11 20:18 ` Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201711292021.CIC57334.OSQMFHOtOJFVLF@I-love.SAKURA.ne.jp \
--to=penguin-kernel@i-love.sakura.ne.jp \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).