[PATCH 5/9] LSM: Manage remaining security blobs

[PATCH 0/9] LSM: Stacking for major security modules - Based on 4.14-rc2 · casey@schaufler-ca.com (Casey Schaufler) · 2017-10-27
[PATCH 1/9] procfs: add smack subdir to attrs · casey@schaufler-ca.com (Casey Schaufler) · 2017-10-27
[PATCH 2/9] LSM: Manage credential security blobs · casey@schaufler-ca.com (Casey Schaufler) · 2017-10-27
[PATCH 3/9] LSM: Manage file security blobs · casey@schaufler-ca.com (Casey Schaufler) · 2017-10-27
[PATCH 3/9] LSM: Manage file security blobs · Stephen Smalley <hidden> · 2017-10-31
[PATCH 3/9] LSM: Manage file security blobs · casey@schaufler-ca.com (Casey Schaufler) · 2017-10-31
[PATCH 3/9] LSM: Manage file security blobs · john.johansen@canonical.com (John Johansen) · 2017-10-31
[PATCH 3/9] LSM: Manage file security blobs · casey@schaufler-ca.com (Casey Schaufler) · 2017-10-31
[PATCH 3/9] LSM: Manage file security blobs · casey@schaufler-ca.com (Casey Schaufler) · 2017-10-31
[PATCH 3/9] LSM: Manage file security blobs · Stephen Smalley <hidden> · 2017-11-01
[PATCH 4/9] LSM: Manage task security blobs · casey@schaufler-ca.com (Casey Schaufler) · 2017-10-27
[PATCH 5/9] LSM: Manage remaining security blobs · casey@schaufler-ca.com (Casey Schaufler) · 2017-10-27
[PATCH 5/9] LSM: Manage remaining security blobs · penguin-kernel@I-love.SAKURA.ne.jp (Tetsuo Handa) · 2017-11-29
[PATCH 5/9] LSM: Manage remaining security blobs · casey@schaufler-ca.com (Casey Schaufler) · 2017-11-29
[PATCH 5/9] LSM: Manage remaining security blobs · penguin-kernel@I-love.SAKURA.ne.jp (Tetsuo Handa) · 2017-12-05
[PATCH 5/9] LSM: Manage remaining security blobs · casey@schaufler-ca.com (Casey Schaufler) · 2017-12-05
[PATCH 6/9] LSM: General stacking · casey@schaufler-ca.com (Casey Schaufler) · 2017-10-27
[PATCH 7/9] LSM: Shared secids · casey@schaufler-ca.com (Casey Schaufler) · 2017-10-27
[PATCH 8/9] LSM: Multiple security mount options · casey@schaufler-ca.com (Casey Schaufler) · 2017-10-27
[PATCH 8/9] LSM: Multiple security mount options · Stephen Smalley <hidden> · 2017-10-31
[PATCH 8/9] LSM: Multiple security mount options · casey@schaufler-ca.com (Casey Schaufler) · 2017-10-31
[PATCH 9/9] LSM: Full security module stacking · casey@schaufler-ca.com (Casey Schaufler) · 2017-10-27
[PATCH 0/9] LSM: Stacking for major security modules - Based on 4.14-rc2 · James Morris <hidden> · 2017-11-06
[PATCH 0/9] LSM: Stacking for major security modules - Based on 4.14-rc2 · casey@schaufler-ca.com (Casey Schaufler) · 2017-11-06
[PATCH 0/9] LSM: Stacking for major security modules - Based on 4.14-rc2 · john.johansen@canonical.com (John Johansen) · 2017-11-06
[PATCH 0/9] LSM: Stacking for major security modules - Based on 4.14-rc2 · paul@paul-moore.com (Paul Moore) · 2017-11-11
[PATCH 0/9] LSM: Stacking for major security modules - Based on 4.14-rc2 · casey@schaufler-ca.com (Casey Schaufler) · 2017-11-11

STALE3113d

From: casey@schaufler-ca.com (Casey Schaufler)
Date: 2017-11-29 15:47:02

On 11/29/2017 3:21 AM, Tetsuo Handa wrote:

Hello.

I browsed https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1734686
and found a problem with how security blob is initialized.

Casey Schaufler wrote:

quoted

+/**
+ * lsm_sock_alloc - allocate a composite sock blob
+ * @sock: the sock that needs a blob
+ * @priority: allocation mode
+ *
+ * Allocate the sock blob for all the modules
+ *
+ * Returns 0, or -ENOMEM if memory can't be allocated.
+ */
+int lsm_sock_alloc(struct sock *sock, gfp_t priority)
+{
+#ifdef CONFIG_SECURITY_LSM_DEBUG
+	if (sock->sk_security)
+		pr_info("%s: Inbound sock blob is not NULL.\n", __func__);
+#endif

If none of LSM modules use sock->sk_security, sock->sk_security is not
initialized to NULL (and sk_prot_alloc() does not always use __GFP_ZERO).

Thank you. I will be working on the next revision real soon and
will include a fix for this.

quoted

+	if (blob_sizes.lbs_sock == 0)
+		return 0;
+
+	sock->sk_security = kzalloc(blob_sizes.lbs_sock, priority);
+	if (sock->sk_security == NULL)
+		return -ENOMEM;
+	return 0;
+}

@@ -1609,12 +1851,18 @@ EXPORT_SYMBOL(security_socket_getpeersec_dgram);
 
 int security_sk_alloc(struct sock *sk, int family, gfp_t priority)
 {
+	int rc = lsm_sock_alloc(sk, priority);
+
+	if (rc)
+		return rc;

In that report, no major LSMs are active because apparmor=0 is passed at
kernel command line. Thus, security_sk_alloc() does not initialize
sk->sk_security field and

quoted

 	return call_int_hook(sk_alloc_security, 0, sk, family, priority);
 }
 
 void security_sk_free(struct sock *sk)
 {
 	call_void_hook(sk_free_security, sk);

causes random oops at kfree().

quoted

+	kfree(sk->sk_security);
+	sk->sk_security = NULL;
 }

--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help