* Patch "selinux: fix mprotect PROT_EXEC regression caused by mm change" has been added to the 4.1-stable tree
@ 2015-07-31 0:43 gregkh
0 siblings, 0 replies; only message in thread
From: gregkh @ 2015-07-31 0:43 UTC (permalink / raw)
To: sds, gregkh, pmoore; +Cc: stable, stable-commits
This is a note to let you know that I've just added the patch titled
selinux: fix mprotect PROT_EXEC regression caused by mm change
to the 4.1-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
selinux-fix-mprotect-prot_exec-regression-caused-by-mm-change.patch
and it can be found in the queue-4.1 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.
>From 892e8cac99a71f6254f84fc662068d912e1943bf Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Fri, 10 Jul 2015 09:40:59 -0400
Subject: selinux: fix mprotect PROT_EXEC regression caused by mm change
From: Stephen Smalley <sds@tycho.nsa.gov>
commit 892e8cac99a71f6254f84fc662068d912e1943bf upstream.
commit 66fc13039422ba7df2d01a8ee0873e4ef965b50b ("mm: shmem_zero_setup
skip security check and lockdep conflict with XFS") caused a regression
for SELinux by disabling any SELinux checking of mprotect PROT_EXEC on
shared anonymous mappings. However, even before that regression, the
checking on such mprotect PROT_EXEC calls was inconsistent with the
checking on a mmap PROT_EXEC call for a shared anonymous mapping. On a
mmap, the security hook is passed a NULL file and knows it is dealing
with an anonymous mapping and therefore applies an execmem check and no
file checks. On a mprotect, the security hook is passed a vma with a
non-NULL vm_file (as this was set from the internally-created shmem
file during mmap) and therefore applies the file-based execute check
and no execmem check. Since the aforementioned commit now marks the
shmem zero inode with the S_PRIVATE flag, the file checks are disabled
and we have no checking at all on mprotect PROT_EXEC. Add a test to
the mprotect hook logic for such private inodes, and apply an execmem
check in that case. This makes the mmap and mprotect checking
consistent for shared anonymous mappings, as well as for /dev/zero and
ashmem.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <pmoore@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
security/selinux/hooks.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -3288,7 +3288,8 @@ static int file_map_prot_check(struct fi
int rc = 0;
if (default_noexec &&
- (prot & PROT_EXEC) && (!file || (!shared && (prot & PROT_WRITE)))) {
+ (prot & PROT_EXEC) && (!file || IS_PRIVATE(file_inode(file)) ||
+ (!shared && (prot & PROT_WRITE)))) {
/*
* We are making executable an anonymous mapping or a
* private file mapping that will also be writable.
Patches currently in stable-queue which might be from sds@tycho.nsa.gov are
queue-4.1/selinux-fix-mprotect-prot_exec-regression-caused-by-mm-change.patch
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2015-07-31 0:43 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-07-31 0:43 Patch "selinux: fix mprotect PROT_EXEC regression caused by mm change" has been added to the 4.1-stable tree gregkh
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).