--- v29
+++ v12
@@ -1,643 +1,140 @@
-Replace the (secctx,seclen) pointer pair with a single
-lsmcontext pointer to allow return of the LSM identifier
-along with the context and context length. This allows
-security_release_secctx() to know how to release the
-context. Callers have been modified to use or save the
-returned data from the new structure.
+Change the security_dentry_init_security() interface to
+fill an lsmcontext structure instead of a void * data area
+and a length. The lone caller of this interface is NFS4,
+which may make copies of the data using its own mechanisms.
+A rework of the nfs4 code to use the lsmcontext properly
+is a significant project, so the coward's way out is taken,
+and the lsmcontext data from security_dentry_init_security()
+is copied, then released directly.
+
+This interface does not use the "display". There is currently
+not case where that is useful or reasonable.
Reviewed-by: Kees Cook <keescook@chromium.org>
-Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
-Acked-by: Paul Moore <paul@paul-moore.com>
+Reviewed-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
-Cc: netdev@vger.kernel.org
-Cc: linux-audit@redhat.com
-Cc: netfilter-devel@vger.kernel.org
---
- drivers/android/binder.c | 26 +++++++---------
- include/linux/security.h | 4 +--
- include/net/scm.h | 9 ++----
- kernel/audit.c | 39 +++++++++++-------------
- kernel/auditsc.c | 31 +++++++------------
- net/ipv4/ip_sockglue.c | 8 ++---
- net/netfilter/nf_conntrack_netlink.c | 18 +++++------
- net/netfilter/nf_conntrack_standalone.c | 7 ++---
- net/netfilter/nfnetlink_queue.c | 5 +++-
- net/netlabel/netlabel_unlabeled.c | 40 ++++++++-----------------
- net/netlabel/netlabel_user.c | 7 ++---
- security/security.c | 10 +++++--
- 12 files changed, 81 insertions(+), 123 deletions(-)
+ fs/nfs/nfs4proc.c | 26 ++++++++++++++++----------
+ include/linux/security.h | 7 +++----
+ security/security.c | 29 +++++++++++++++++++++++++----
+ 3 files changed, 44 insertions(+), 18 deletions(-)
-diff --git a/drivers/android/binder.c b/drivers/android/binder.c
-index 36e41b9e08fd..1159b4e44b28 100644
---- a/drivers/android/binder.c
-+++ b/drivers/android/binder.c
-@@ -2459,9 +2459,7 @@ static void binder_transaction(struct binder_proc *proc,
- binder_size_t last_fixup_min_off = 0;
- struct binder_context *context = proc->context;
- int t_debug_id = atomic_inc_return(&binder_last_id);
-- char *secctx = NULL;
-- u32 secctx_sz = 0;
+diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
+index a30e36654c57..78d63f7f0088 100644
+--- a/fs/nfs/nfs4proc.c
++++ b/fs/nfs/nfs4proc.c
+@@ -112,6 +112,7 @@ static inline struct nfs4_label *
+ nfs4_label_init_security(struct inode *dir, struct dentry *dentry,
+ struct iattr *sattr, struct nfs4_label *label)
+ {
++ struct lsmcontext context;
+ int err;
+
+ if (label == NULL)
+@@ -121,21 +122,26 @@ nfs4_label_init_security(struct inode *dir, struct dentry *dentry,
+ return NULL;
+
+ err = security_dentry_init_security(dentry, sattr->ia_mode,
+- &dentry->d_name, (void **)&label->label, &label->len);
+- if (err == 0)
+- return label;
++ &dentry->d_name, &context);
++
++ if (err)
++ return NULL;
++
++ label->label = kmemdup(context.context, context.len, GFP_KERNEL);
++ if (label->label == NULL)
++ label = NULL;
++ else
++ label->len = context.len;
++
++ security_release_secctx(&context);
++
++ return label;
+
+- return NULL;
+ }
+ static inline void
+ nfs4_label_release_security(struct nfs4_label *label)
+ {
- struct lsmcontext scaff; /* scaffolding */
-+ struct lsmcontext lsmctx = { };
-
- e = binder_transaction_log_add(&binder_transaction_log);
- e->debug_id = t_debug_id;
-@@ -2724,14 +2722,14 @@ static void binder_transaction(struct binder_proc *proc,
- * case well anyway.
- */
- security_task_getsecid_obj(proc->tsk, &blob);
-- ret = security_secid_to_secctx(&blob, &secctx, &secctx_sz);
-+ ret = security_secid_to_secctx(&blob, &lsmctx);
- if (ret) {
- return_error = BR_FAILED_REPLY;
- return_error_param = ret;
- return_error_line = __LINE__;
- goto err_get_secctx_failed;
- }
-- added_size = ALIGN(secctx_sz, sizeof(u64));
-+ added_size = ALIGN(lsmctx.len, sizeof(u64));
- extra_buffers_size += added_size;
- if (extra_buffers_size < added_size) {
- /* integer overflow of extra_buffers_size */
-@@ -2758,24 +2756,22 @@ static void binder_transaction(struct binder_proc *proc,
- t->buffer = NULL;
- goto err_binder_alloc_buf_failed;
- }
-- if (secctx) {
-+ if (lsmctx.context) {
- int err;
- size_t buf_offset = ALIGN(tr->data_size, sizeof(void *)) +
- ALIGN(tr->offsets_size, sizeof(void *)) +
- ALIGN(extra_buffers_size, sizeof(void *)) -
-- ALIGN(secctx_sz, sizeof(u64));
-+ ALIGN(lsmctx.len, sizeof(u64));
-
- t->security_ctx = (uintptr_t)t->buffer->user_data + buf_offset;
- err = binder_alloc_copy_to_buffer(&target_proc->alloc,
- t->buffer, buf_offset,
-- secctx, secctx_sz);
-+ lsmctx.context, lsmctx.len);
- if (err) {
- t->security_ctx = 0;
- WARN_ON(1);
- }
-- lsmcontext_init(&scaff, secctx, secctx_sz, 0);
-- security_release_secctx(&scaff);
-- secctx = NULL;
-+ security_release_secctx(&lsmctx);
- }
- t->buffer->debug_id = t->debug_id;
- t->buffer->transaction = t;
-@@ -2832,7 +2828,7 @@ static void binder_transaction(struct binder_proc *proc,
- off_end_offset = off_start_offset + tr->offsets_size;
- sg_buf_offset = ALIGN(off_end_offset, sizeof(void *));
- sg_buf_end_offset = sg_buf_offset + extra_buffers_size -
-- ALIGN(secctx_sz, sizeof(u64));
-+ ALIGN(lsmctx.len, sizeof(u64));
- off_min = 0;
- for (buffer_offset = off_start_offset; buffer_offset < off_end_offset;
- buffer_offset += sizeof(binder_size_t)) {
-@@ -3116,10 +3112,8 @@ static void binder_transaction(struct binder_proc *proc,
- binder_alloc_free_buf(&target_proc->alloc, t->buffer);
- err_binder_alloc_buf_failed:
- err_bad_extra_size:
-- if (secctx) {
-- lsmcontext_init(&scaff, secctx, secctx_sz, 0);
+-
+- if (label) {
+- lsmcontext_init(&scaff, label->label, label->len, 0);
- security_release_secctx(&scaff);
- }
-+ if (lsmctx.context)
-+ security_release_secctx(&lsmctx);
- err_get_secctx_failed:
- kfree(tcomplete);
- binder_stats_deleted(BINDER_STAT_TRANSACTION_COMPLETE);
++ kfree(label->label);
+ }
+ static inline u32 *nfs4_bitmask(struct nfs_server *server, struct nfs4_label *label)
+ {
diff --git a/include/linux/security.h b/include/linux/security.h
-index 580eec268138..eed281367895 100644
+index 00421941f683..a5eba06a9382 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
-@@ -579,7 +579,7 @@ int security_setprocattr(const char *lsm, const char *name, void *value,
- size_t size);
- int security_netlink_send(struct sock *sk, struct sk_buff *skb);
- int security_ismaclabel(const char *name);
--int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen);
-+int security_secid_to_secctx(struct lsmblob *blob, struct lsmcontext *cp);
- int security_secctx_to_secid(const char *secdata, u32 seclen,
- struct lsmblob *blob);
- void security_release_secctx(struct lsmcontext *cp);
-@@ -1434,7 +1434,7 @@ static inline int security_ismaclabel(const char *name)
- }
-
- static inline int security_secid_to_secctx(struct lsmblob *blob,
-- char **secdata, u32 *seclen)
-+ struct lsmcontext *cp)
+@@ -398,8 +398,8 @@ int security_add_mnt_opt(const char *option, const char *val,
+ int len, void **mnt_opts);
+ int security_move_mount(const struct path *from_path, const struct path *to_path);
+ int security_dentry_init_security(struct dentry *dentry, int mode,
+- const struct qstr *name, void **ctx,
+- u32 *ctxlen);
++ const struct qstr *name,
++ struct lsmcontext *ctx);
+ int security_dentry_create_files_as(struct dentry *dentry, int mode,
+ struct qstr *name,
+ const struct cred *old,
+@@ -790,8 +790,7 @@ static inline void security_inode_free(struct inode *inode)
+ static inline int security_dentry_init_security(struct dentry *dentry,
+ int mode,
+ const struct qstr *name,
+- void **ctx,
+- u32 *ctxlen)
++ struct lsmcontext *ctx)
{
return -EOPNOTSUPP;
}
-diff --git a/include/net/scm.h b/include/net/scm.h
-index f273c4d777ec..b77a52f93389 100644
---- a/include/net/scm.h
-+++ b/include/net/scm.h
-@@ -94,8 +94,6 @@ static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct sc
- {
- struct lsmcontext context;
- struct lsmblob lb;
-- char *secdata;
-- u32 seclen;
- int err;
-
- if (test_bit(SOCK_PASSSEC, &sock->flags)) {
-@@ -103,12 +101,11 @@ static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct sc
- * and the infrastructure will know which it is.
- */
- lsmblob_init(&lb, scm->secid);
-- err = security_secid_to_secctx(&lb, &secdata, &seclen);
-+ err = security_secid_to_secctx(&lb, &context);
-
- if (!err) {
-- put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata);
-- /*scaffolding*/
-- lsmcontext_init(&context, secdata, seclen, 0);
-+ put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, context.len,
-+ context.context);
- security_release_secctx(&context);
- }
- }
-diff --git a/kernel/audit.c b/kernel/audit.c
-index c17ec23158c4..841123390d41 100644
---- a/kernel/audit.c
-+++ b/kernel/audit.c
-@@ -1190,9 +1190,6 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
- struct audit_buffer *ab;
- u16 msg_type = nlh->nlmsg_type;
- struct audit_sig_info *sig_data;
-- char *ctx = NULL;
-- u32 len;
-- struct lsmcontext scaff; /* scaffolding */
-
- err = audit_netlink_ok(skb, msg_type);
- if (err)
-@@ -1440,33 +1437,34 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
- kfree(new);
- break;
- }
-- case AUDIT_SIGNAL_INFO:
-- len = 0;
-+ case AUDIT_SIGNAL_INFO: {
-+ struct lsmcontext context = { };
-+ int len = 0;
-+
- if (lsmblob_is_set(&audit_sig_lsm)) {
-- err = security_secid_to_secctx(&audit_sig_lsm, &ctx,
-- &len);
-+ err = security_secid_to_secctx(&audit_sig_lsm,
-+ &context);
- if (err)
- return err;
- }
-- sig_data = kmalloc(sizeof(*sig_data) + len, GFP_KERNEL);
-+ sig_data = kmalloc(sizeof(*sig_data) + context.len, GFP_KERNEL);
- if (!sig_data) {
-- if (lsmblob_is_set(&audit_sig_lsm)) {
-- lsmcontext_init(&scaff, ctx, len, 0);
-- security_release_secctx(&scaff);
-- }
-+ if (lsmblob_is_set(&audit_sig_lsm))
-+ security_release_secctx(&context);
- return -ENOMEM;
- }
- sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid);
- sig_data->pid = audit_sig_pid;
- if (lsmblob_is_set(&audit_sig_lsm)) {
-- memcpy(sig_data->ctx, ctx, len);
-- lsmcontext_init(&scaff, ctx, len, 0);
-- security_release_secctx(&scaff);
-+ len = context.len;
-+ memcpy(sig_data->ctx, context.context, len);
-+ security_release_secctx(&context);
- }
- audit_send_reply(skb, seq, AUDIT_SIGNAL_INFO, 0, 0,
- sig_data, sizeof(*sig_data) + len);
- kfree(sig_data);
- break;
-+ }
- case AUDIT_TTY_GET: {
- struct audit_tty_status s;
- unsigned int t;
-@@ -2132,26 +2130,23 @@ void audit_log_key(struct audit_buffer *ab, char *key)
-
- int audit_log_task_context(struct audit_buffer *ab)
- {
-- char *ctx = NULL;
-- unsigned len;
- int error;
- struct lsmblob blob;
-- struct lsmcontext scaff; /* scaffolding */
-+ struct lsmcontext context;
-
- security_task_getsecid_subj(current, &blob);
- if (!lsmblob_is_set(&blob))
- return 0;
-
-- error = security_secid_to_secctx(&blob, &ctx, &len);
-+ error = security_secid_to_secctx(&blob, &context);
- if (error) {
- if (error != -EINVAL)
- goto error_path;
- return 0;
- }
-
-- audit_log_format(ab, " subj=%s", ctx);
-- lsmcontext_init(&scaff, ctx, len, 0);
-- security_release_secctx(&scaff);
-+ audit_log_format(ab, " subj=%s", context.context);
-+ security_release_secctx(&context);
- return 0;
-
- error_path:
-diff --git a/kernel/auditsc.c b/kernel/auditsc.c
-index 1b1ddd62de6c..d198f307a4d8 100644
---- a/kernel/auditsc.c
-+++ b/kernel/auditsc.c
-@@ -1002,9 +1002,7 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid,
- struct lsmblob *blob, char *comm)
- {
- struct audit_buffer *ab;
-- struct lsmcontext lsmcxt;
-- char *ctx = NULL;
-- u32 len;
-+ struct lsmcontext lsmctx;
- int rc = 0;
-
- ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID);
-@@ -1015,13 +1013,12 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid,
- from_kuid(&init_user_ns, auid),
- from_kuid(&init_user_ns, uid), sessionid);
- if (lsmblob_is_set(blob)) {
-- if (security_secid_to_secctx(blob, &ctx, &len)) {
-+ if (security_secid_to_secctx(blob, &lsmctx)) {
- audit_log_format(ab, " obj=(none)");
- rc = 1;
- } else {
-- audit_log_format(ab, " obj=%s", ctx);
-- lsmcontext_init(&lsmcxt, ctx, len, 0); /*scaffolding*/
-- security_release_secctx(&lsmcxt);
-+ audit_log_format(ab, " obj=%s", lsmctx.context);
-+ security_release_secctx(&lsmctx);
- }
- }
- audit_log_format(ab, " ocomm=");
-@@ -1234,7 +1231,6 @@ static void audit_log_fcaps(struct audit_buffer *ab, struct audit_names *name)
-
- static void show_special(struct audit_context *context, int *call_panic)
- {
-- struct lsmcontext lsmcxt;
- struct audit_buffer *ab;
- int i;
-
-@@ -1259,17 +1255,15 @@ static void show_special(struct audit_context *context, int *call_panic)
- from_kgid(&init_user_ns, context->ipc.gid),
- context->ipc.mode);
- if (osid) {
-- char *ctx = NULL;
-- u32 len;
-+ struct lsmcontext lsmcxt;
- struct lsmblob blob;
-
- lsmblob_init(&blob, osid);
-- if (security_secid_to_secctx(&blob, &ctx, &len)) {
-+ if (security_secid_to_secctx(&blob, &lsmcxt)) {
- audit_log_format(ab, " osid=%u", osid);
- *call_panic = 1;
- } else {
-- audit_log_format(ab, " obj=%s", ctx);
-- lsmcontext_init(&lsmcxt, ctx, len, 0);
-+ audit_log_format(ab, " obj=%s", lsmcxt.context);
- security_release_secctx(&lsmcxt);
- }
- }
-@@ -1418,20 +1412,17 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n,
- MAJOR(n->rdev),
- MINOR(n->rdev));
- if (n->osid != 0) {
-- char *ctx = NULL;
-- u32 len;
- struct lsmblob blob;
-- struct lsmcontext lsmcxt;
-+ struct lsmcontext lsmctx;
-
- lsmblob_init(&blob, n->osid);
-- if (security_secid_to_secctx(&blob, &ctx, &len)) {
-+ if (security_secid_to_secctx(&blob, &lsmctx)) {
- audit_log_format(ab, " osid=%u", n->osid);
- if (call_panic)
- *call_panic = 2;
- } else {
-- audit_log_format(ab, " obj=%s", ctx);
-- lsmcontext_init(&lsmcxt, ctx, len, 0); /* scaffolding */
-- security_release_secctx(&lsmcxt);
-+ audit_log_format(ab, " obj=%s", lsmctx.context);
-+ security_release_secctx(&lsmctx);
- }
- }
-
-diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
-index bf32ab6f81c7..588e4d2dcd15 100644
---- a/net/ipv4/ip_sockglue.c
-+++ b/net/ipv4/ip_sockglue.c
-@@ -132,8 +132,7 @@ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb)
- {
- struct lsmcontext context;
- struct lsmblob lb;
-- char *secdata;
-- u32 seclen, secid;
-+ u32 secid;
- int err;
-
- err = security_socket_getpeersec_dgram(NULL, skb, &secid);
-@@ -141,12 +140,11 @@ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb)
- return;
-
- lsmblob_init(&lb, secid);
-- err = security_secid_to_secctx(&lb, &secdata, &seclen);
-+ err = security_secid_to_secctx(&lb, &context);
- if (err)
- return;
-
-- put_cmsg(msg, SOL_IP, SCM_SECURITY, seclen, secdata);
-- lsmcontext_init(&context, secdata, seclen, 0); /* scaffolding */
-+ put_cmsg(msg, SOL_IP, SCM_SECURITY, context.len, context.context);
- security_release_secctx(&context);
+diff --git a/security/security.c b/security/security.c
+index 4ba1a6ed36e0..8aa107b57af9 100644
+--- a/security/security.c
++++ b/security/security.c
+@@ -1011,12 +1011,33 @@ void security_inode_free(struct inode *inode)
+ inode_free_by_rcu);
}
-diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
-index de223234963d..0c3e1a8aaf2b 100644
---- a/net/netfilter/nf_conntrack_netlink.c
-+++ b/net/netfilter/nf_conntrack_netlink.c
-@@ -339,8 +339,7 @@ static int ctnetlink_dump_mark(struct sk_buff *skb, const struct nf_conn *ct)
- static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct)
++/*
++ * security_dentry_init_security - initial context for a dentry
++ * @dentry: directory entry
++ * @mode: access mode
++ * @name: path name
++ * @context: resulting security context
++ *
++ * Use at most one security module to get the initial
++ * security context. Do not use the "display".
++ *
++ * Returns -EOPNOTSUPP if not supplied by any module or the module result.
++ */
+ int security_dentry_init_security(struct dentry *dentry, int mode,
+- const struct qstr *name, void **ctx,
+- u32 *ctxlen)
++ const struct qstr *name,
++ struct lsmcontext *cp)
{
- struct nlattr *nest_secctx;
-- int len, ret;
-- char *secctx;
-+ int ret;
- struct lsmblob blob;
- struct lsmcontext context;
+- return call_int_hook(dentry_init_security, -EOPNOTSUPP, dentry, mode,
+- name, ctx, ctxlen);
++ struct security_hook_list *hp;
++
++ hlist_for_each_entry(hp, &security_hook_heads.dentry_init_security,
++ list) {
++ cp->slot = hp->lsmid->slot;
++ return hp->hook.dentry_init_security(dentry, mode, name,
++ (void **)&cp->context,
++ &cp->len);
++ }
++
++ return -EOPNOTSUPP;
+ }
+ EXPORT_SYMBOL(security_dentry_init_security);
-@@ -348,7 +347,7 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct)
- * security_secid_to_secctx() will know which security module
- * to use to create the secctx. */
- lsmblob_init(&blob, ct->secmark);
-- ret = security_secid_to_secctx(&blob, &secctx, &len);
-+ ret = security_secid_to_secctx(&blob, &context);
- if (ret)
- return 0;
-
-@@ -357,13 +356,12 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct)
- if (!nest_secctx)
- goto nla_put_failure;
-
-- if (nla_put_string(skb, CTA_SECCTX_NAME, secctx))
-+ if (nla_put_string(skb, CTA_SECCTX_NAME, context.context))
- goto nla_put_failure;
- nla_nest_end(skb, nest_secctx);
-
- ret = 0;
- nla_put_failure:
-- lsmcontext_init(&context, secctx, len, 0); /* scaffolding */
- security_release_secctx(&context);
- return ret;
- }
-@@ -658,15 +656,15 @@ static inline int ctnetlink_secctx_size(const struct nf_conn *ct)
- #ifdef CONFIG_NF_CONNTRACK_SECMARK
- int len, ret;
- struct lsmblob blob;
-+ struct lsmcontext context;
-
-- /* lsmblob_init() puts ct->secmark into all of the secids in blob.
-- * security_secid_to_secctx() will know which security module
-- * to use to create the secctx. */
-- lsmblob_init(&blob, ct->secmark);
-- ret = security_secid_to_secctx(&blob, NULL, &len);
-+ ret = security_secid_to_secctx(&blob, &context);
- if (ret)
- return 0;
-
-+ len = context.len;
-+ security_release_secctx(&context);
-+
- return nla_total_size(0) /* CTA_SECCTX */
- + nla_total_size(sizeof(char) * len); /* CTA_SECCTX_NAME */
- #else
-diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c
-index 3fcf44342b14..c8825e89a21e 100644
---- a/net/netfilter/nf_conntrack_standalone.c
-+++ b/net/netfilter/nf_conntrack_standalone.c
-@@ -176,19 +176,16 @@ static void ct_seq_stop(struct seq_file *s, void *v)
- static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct)
- {
- int ret;
-- u32 len;
-- char *secctx;
- struct lsmblob blob;
- struct lsmcontext context;
-
- lsmblob_init(&blob, ct->secmark);
-- ret = security_secid_to_secctx(&blob, &secctx, &len);
-+ ret = security_secid_to_secctx(&blob, &context);
- if (ret)
- return;
-
-- seq_printf(s, "secctx=%s ", secctx);
-+ seq_printf(s, "secctx=%s ", context.context);
-
-- lsmcontext_init(&context, secctx, len, 0); /* scaffolding */
- security_release_secctx(&context);
- }
- #else
-diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
-index 3603bd938b74..4490bcb2a8b6 100644
---- a/net/netfilter/nfnetlink_queue.c
-+++ b/net/netfilter/nfnetlink_queue.c
-@@ -306,6 +306,7 @@ static u32 nfqnl_get_sk_secctx(struct sk_buff *skb, char **secdata)
- u32 seclen = 0;
- #if IS_ENABLED(CONFIG_NETWORK_SECMARK)
- struct lsmblob blob;
-+ struct lsmcontext context = { };
-
- if (!skb || !sk_fullsock(skb->sk))
- return 0;
-@@ -317,10 +318,12 @@ static u32 nfqnl_get_sk_secctx(struct sk_buff *skb, char **secdata)
- * blob. security_secid_to_secctx() will know which security
- * module to use to create the secctx. */
- lsmblob_init(&blob, skb->secmark);
-- security_secid_to_secctx(&blob, secdata, &seclen);
-+ security_secid_to_secctx(&blob, &context);
-+ *secdata = context.context;
- }
-
- read_unlock_bh(&skb->sk->sk_callback_lock);
-+ seclen = context.len;
- #endif
- return seclen;
- }
-diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c
-index 7cb6f27c8cb2..596a75814fbf 100644
---- a/net/netlabel/netlabel_unlabeled.c
-+++ b/net/netlabel/netlabel_unlabeled.c
-@@ -375,8 +375,6 @@ int netlbl_unlhsh_add(struct net *net,
- struct netlbl_unlhsh_iface *iface;
- struct audit_buffer *audit_buf = NULL;
- struct lsmcontext context;
-- char *secctx = NULL;
-- u32 secctx_len;
- struct lsmblob blob;
-
- if (addr_len != sizeof(struct in_addr) &&
-@@ -444,12 +442,9 @@ int netlbl_unlhsh_add(struct net *net,
- * security_secid_to_secctx() will know which security module
- * to use to create the secctx. */
- lsmblob_init(&blob, secid);
-- if (security_secid_to_secctx(&blob,
-- &secctx,
-- &secctx_len) == 0) {
-- audit_log_format(audit_buf, " sec_obj=%s", secctx);
-- /* scaffolding */
-- lsmcontext_init(&context, secctx, secctx_len, 0);
-+ if (security_secid_to_secctx(&blob, &context) == 0) {
-+ audit_log_format(audit_buf, " sec_obj=%s",
-+ context.context);
- security_release_secctx(&context);
- }
- audit_log_format(audit_buf, " res=%u", ret_val == 0 ? 1 : 0);
-@@ -482,8 +477,6 @@ static int netlbl_unlhsh_remove_addr4(struct net *net,
- struct audit_buffer *audit_buf;
- struct net_device *dev;
- struct lsmcontext context;
-- char *secctx;
-- u32 secctx_len;
- struct lsmblob blob;
-
- spin_lock(&netlbl_unlhsh_lock);
-@@ -509,11 +502,9 @@ static int netlbl_unlhsh_remove_addr4(struct net *net,
- if (entry != NULL)
- lsmblob_init(&blob, entry->secid);
- if (entry != NULL &&
-- security_secid_to_secctx(&blob,
-- &secctx, &secctx_len) == 0) {
-- audit_log_format(audit_buf, " sec_obj=%s", secctx);
-- /* scaffolding */
-- lsmcontext_init(&context, secctx, secctx_len, 0);
-+ security_secid_to_secctx(&blob, &context) == 0) {
-+ audit_log_format(audit_buf, " sec_obj=%s",
-+ context.context);
- security_release_secctx(&context);
- }
- audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0);
-@@ -552,8 +543,6 @@ static int netlbl_unlhsh_remove_addr6(struct net *net,
- struct audit_buffer *audit_buf;
- struct net_device *dev;
- struct lsmcontext context;
-- char *secctx;
-- u32 secctx_len;
- struct lsmblob blob;
-
- spin_lock(&netlbl_unlhsh_lock);
-@@ -578,10 +567,9 @@ static int netlbl_unlhsh_remove_addr6(struct net *net,
- if (entry != NULL)
- lsmblob_init(&blob, entry->secid);
- if (entry != NULL &&
-- security_secid_to_secctx(&blob,
-- &secctx, &secctx_len) == 0) {
-- audit_log_format(audit_buf, " sec_obj=%s", secctx);
-- lsmcontext_init(&context, secctx, secctx_len, 0);
-+ security_secid_to_secctx(&blob, &context) == 0) {
-+ audit_log_format(audit_buf, " sec_obj=%s",
-+ context.context);
- security_release_secctx(&context);
- }
- audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0);
-@@ -1104,8 +1092,6 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd,
- struct lsmcontext context;
- void *data;
- u32 secid;
-- char *secctx;
-- u32 secctx_len;
- struct lsmblob blob;
-
- data = genlmsg_put(cb_arg->skb, NETLINK_CB(cb_arg->nl_cb->skb).portid,
-@@ -1165,15 +1151,13 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd,
- * security_secid_to_secctx() will know which security module
- * to use to create the secctx. */
- lsmblob_init(&blob, secid);
-- ret_val = security_secid_to_secctx(&blob, &secctx, &secctx_len);
-+ ret_val = security_secid_to_secctx(&blob, &context);
- if (ret_val != 0)
- goto list_cb_failure;
- ret_val = nla_put(cb_arg->skb,
- NLBL_UNLABEL_A_SECCTX,
-- secctx_len,
-- secctx);
-- /* scaffolding */
-- lsmcontext_init(&context, secctx, secctx_len, 0);
-+ context.len,
-+ context.context);
- security_release_secctx(&context);
- if (ret_val != 0)
- goto list_cb_failure;
-diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c
-index ef139d8ae7cd..951ba0639d20 100644
---- a/net/netlabel/netlabel_user.c
-+++ b/net/netlabel/netlabel_user.c
-@@ -85,8 +85,6 @@ struct audit_buffer *netlbl_audit_start_common(int type,
- {
- struct audit_buffer *audit_buf;
- struct lsmcontext context;
-- char *secctx;
-- u32 secctx_len;
- struct lsmblob blob;
-
- if (audit_enabled == AUDIT_OFF)
-@@ -102,9 +100,8 @@ struct audit_buffer *netlbl_audit_start_common(int type,
-
- lsmblob_init(&blob, audit_info->secid);
- if (audit_info->secid != 0 &&
-- security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) {
-- audit_log_format(audit_buf, " subj=%s", secctx);
-- lsmcontext_init(&context, secctx, secctx_len, 0);/*scaffolding*/
-+ security_secid_to_secctx(&blob, &context) == 0) {
-+ audit_log_format(audit_buf, " subj=%s", context.context);
- security_release_secctx(&context);
- }
-
-diff --git a/security/security.c b/security/security.c
-index e9a56d44ab6e..f8d306b0dfb8 100644
---- a/security/security.c
-+++ b/security/security.c
-@@ -2326,18 +2326,22 @@ int security_ismaclabel(const char *name)
- }
- EXPORT_SYMBOL(security_ismaclabel);
-
--int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen)
-+int security_secid_to_secctx(struct lsmblob *blob, struct lsmcontext *cp)
- {
- struct security_hook_list *hp;
- int ilsm = lsm_task_ilsm(current);
-
-+ memset(cp, 0, sizeof(*cp));
-+
- hlist_for_each_entry(hp, &security_hook_heads.secid_to_secctx, list) {
- if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot))
- continue;
-- if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot)
-+ if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot) {
-+ cp->slot = hp->lsmid->slot;
- return hp->hook.secid_to_secctx(
- blob->secid[hp->lsmid->slot],
-- secdata, seclen);
-+ &cp->context, &cp->len);
-+ }
- }
-
- return LSM_RET_DEFAULT(secid_to_secctx);
--
-2.31.1
+2.20.1