* [GIT PULL] security: Fix the default value of fs_context_parse_param hook
@ 2020-05-07 23:45 James Morris
2020-05-08 2:45 ` pr-tracker-bot
0 siblings, 1 reply; 2+ messages in thread
From: James Morris @ 2020-05-07 23:45 UTC (permalink / raw)
To: Linus Torvalds; +Cc: linux-security-module, linux-kernel, KP Singh
Please pull this fix from KP Singh (several folks are reporting issues
around this):
The following changes since commit c45e8bccecaf633480d378daff11e122dfd5e96d:
Merge tag 'for-5.7/dm-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm (2020-04-30 16:45:08 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git for-v5.7
for you to fetch changes up to 54261af473be4c5481f6196064445d2945f2bdab:
security: Fix the default value of fs_context_parse_param hook (2020-04-30 20:29:34 -0700)
----------------------------------------------------------------
KP Singh (1):
security: Fix the default value of fs_context_parse_param hook
include/linux/lsm_hook_defs.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
---
commit 54261af473be4c5481f6196064445d2945f2bdab
Author: KP Singh <kpsingh@google.com>
Date: Thu Apr 30 17:52:40 2020 +0200
security: Fix the default value of fs_context_parse_param hook
security_fs_context_parse_param is called by vfs_parse_fs_param and
a succussful return value (i.e 0) implies that a parameter will be
consumed by the LSM framework. This stops all further parsing of the
parmeter by VFS. Furthermore, if an LSM hook returns a success, the
remaining LSM hooks are not invoked for the parameter.
The current default behavior of returning success means that all the
parameters are expected to be parsed by the LSM hook and none of them
end up being populated by vfs in fs_context
This was noticed when lsm=bpf is supplied on the command line before any
other LSM. As the bpf lsm uses this default value to implement a default
hook, this resulted in a failure to parse any fs_context parameters and
a failure to mount the root filesystem.
Fixes: 98e828a0650f ("security: Refactor declaration of LSM hooks")
Reported-by: Mikko Ylinen <mikko.ylinen@linux.intel.com>
Signed-off-by: KP Singh <kpsingh@google.com>
Signed-off-by: James Morris <jmorris@namei.org>
diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h
index 9cd4455528e5..1bdd027766d4 100644
--- a/include/linux/lsm_hook_defs.h
+++ b/include/linux/lsm_hook_defs.h
@@ -55,7 +55,7 @@ LSM_HOOK(void, LSM_RET_VOID, bprm_committing_creds, struct linux_binprm *bprm)
LSM_HOOK(void, LSM_RET_VOID, bprm_committed_creds, struct linux_binprm *bprm)
LSM_HOOK(int, 0, fs_context_dup, struct fs_context *fc,
struct fs_context *src_sc)
-LSM_HOOK(int, 0, fs_context_parse_param, struct fs_context *fc,
+LSM_HOOK(int, -ENOPARAM, fs_context_parse_param, struct fs_context *fc,
struct fs_parameter *param)
LSM_HOOK(int, 0, sb_alloc_security, struct super_block *sb)
LSM_HOOK(void, LSM_RET_VOID, sb_free_security, struct super_block *sb)
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [GIT PULL] security: Fix the default value of fs_context_parse_param hook
2020-05-07 23:45 [GIT PULL] security: Fix the default value of fs_context_parse_param hook James Morris
@ 2020-05-08 2:45 ` pr-tracker-bot
0 siblings, 0 replies; 2+ messages in thread
From: pr-tracker-bot @ 2020-05-08 2:45 UTC (permalink / raw)
To: James Morris
Cc: Linus Torvalds, linux-security-module, linux-kernel, KP Singh
The pull request you sent on Fri, 8 May 2020 09:45:11 +1000 (AEST):
> git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git for-v5.7
has been merged into torvalds/linux.git:
https://git.kernel.org/torvalds/c/79dede78c0573618e3137d3d8cbf78c84e25fabd
Thank you!
--
Deet-doot-dot, I am a bot.
https://korg.wiki.kernel.org/userdoc/prtracker
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-05-08 2:45 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-05-07 23:45 [GIT PULL] security: Fix the default value of fs_context_parse_param hook James Morris
2020-05-08 2:45 ` pr-tracker-bot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).