On Wed, Mar 13, 2024 at 9:44 PM Paul Moore [off-list ref] wrote:

On Wed, Mar 13, 2024 at 6:48 PM Casey Schaufler [off-list ref] wrote:

quoted

On 3/13/2024 3:37 PM, Paul Moore wrote:

quoted

On Wed, Mar 13, 2024 at 4:07 PM Paul Moore [off-list ref] wrote:

quoted

On Mar 13, 2024 Casey Schaufler [off-list ref] wrote:

quoted

LSM: use 32 bit compatible data types in LSM syscalls.

Change the size parameters in lsm_list_modules(), lsm_set_self_attr()
and lsm_get_self_attr() from size_t to u32. This avoids the need to
have different interfaces for 32 and 64 bit systems.

Cc: stable@vger.kernel.org
Fixes: a04a1198088a: ("LSM: syscalls for current process attributes")
Fixes: ad4aff9ec25f: ("LSM: Create lsm_list_modules system call")
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Reported-and-reviewed-by: Dmitry V. Levin [off-list ref]
---
 include/linux/lsm_hook_defs.h                        |  4 ++--
 include/linux/security.h                             |  8 ++++----
 security/apparmor/lsm.c                              |  4 ++--
 security/lsm_syscalls.c                              | 10 +++++-----
 security/security.c                                  | 12 ++++++------
 security/selinux/hooks.c                             |  4 ++--
 security/smack/smack_lsm.c                           |  4 ++--
 tools/testing/selftests/lsm/common.h                 |  6 +++---
 tools/testing/selftests/lsm/lsm_get_self_attr_test.c | 10 +++++-----
 tools/testing/selftests/lsm/lsm_list_modules_test.c  |  8 ++++----
 tools/testing/selftests/lsm/lsm_set_self_attr_test.c |  6 +++---
 11 files changed, 38 insertions(+), 38 deletions(-)

Okay, this looks better, I'm going to merge this into lsm/stable-6.9
and put it through the usual automated testing as well as a kselftest
run to make sure everything there is still okay.  Assuming all goes
well and no one raises any objections, I'll likely send this up to
Linus tomorrow.

Thanks everyone!

Unfortunately it looks like we have a kselftest failure (below).  I'm
pretty sure that this was working at some point, but it's possible I
missed it when I ran the selftests previously.  I've got to break for
a personal appt right now, but I'll dig into this later tonight.

In v2:

diff --git a/security/security.c b/security/security.c
index 7035ee35a393..a0f9caf89ae1 100644
--- a/security/security.c
+++ b/security/security.c

@@ -810,7 +810,7 @@ int lsm_fill_user_ctx(struct lsm_ctx __user *uctx, size_t *uctx_len,
        nctx->ctx_len = val_len;
        memcpy(nctx->ctx, val, val_len);

-       if (copy_to_user(uctx, nctx, nctx_len))
+       if (uctx && copy_to_user(uctx, nctx, nctx_len))
                rc = -EFAULT;

 out:

This addresses the case where NULL is passed in the call to lsm_get_self_attr()
to get the buffer size required.

Yeah, thanks.  I didn't get a chance to look at the failure before I
had to leave, but now that I'm looking at it I agree.  It looks like
it used to work prior to d7cf3412a9f6c, but I broke things when I
consolidated the processing into lsm_fill_user_ctx() - oops :/

I'll start working on the patch right now and post it as soon as it
passes testing.

The patch posted below passes the kselftests and all my other sanity checks:

https://lore.kernel.org/linux-security-module/20240314022202.599471-2-paul@paul-moore.com (local)

-- 
paul-moore.com