--- v11
+++ v24
@@ -1,613 +1,565 @@
-Replace the (secctx,seclen) pointer pair with a single
-lsmcontext pointer to allow return of the LSM identifier
-along with the context and context length. This allows
-security_release_secctx() to know how to release the
-context. Callers have been modified to use or save the
-returned data from the new structure.
+Add a new lsmcontext data structure to hold all the information
+about a "security context", including the string, its size and
+which LSM allocated the string. The allocation information is
+necessary because LSMs have different policies regarding the
+lifecycle of these strings. SELinux allocates and destroys
+them on each use, whereas Smack provides a pointer to an entry
+in a list that never goes away.
+Reviewed-by: Kees Cook <keescook@chromium.org>
+Reviewed-by: John Johansen <john.johansen@canonical.com>
+Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
-cc: netdev@vger.kernel.org
+Cc: linux-integrity@vger.kernel.org
+Cc: netdev@vger.kernel.org
+Cc: linux-audit@redhat.com
+Cc: netfilter-devel@vger.kernel.org
+To: Pablo Neira Ayuso <pablo@netfilter.org>
+Cc: linux-nfs@vger.kernel.org
---
- drivers/android/binder.c | 26 +++++++---------
- include/linux/security.h | 4 +--
- include/net/scm.h | 10 ++-----
- kernel/audit.c | 29 +++++++-----------
- kernel/auditsc.c | 31 +++++++------------
- net/ipv4/ip_sockglue.c | 7 ++---
- net/netfilter/nf_conntrack_netlink.c | 14 +++++----
- net/netfilter/nf_conntrack_standalone.c | 7 ++---
- net/netfilter/nfnetlink_queue.c | 5 +++-
- net/netlabel/netlabel_unlabeled.c | 40 ++++++++-----------------
- net/netlabel/netlabel_user.c | 7 ++---
- security/security.c | 10 +++++--
- 12 files changed, 74 insertions(+), 116 deletions(-)
+ drivers/android/binder.c | 10 ++++---
+ fs/ceph/xattr.c | 6 ++++-
+ fs/nfs/nfs4proc.c | 8 ++++--
+ fs/nfsd/nfs4xdr.c | 7 +++--
+ include/linux/security.h | 35 +++++++++++++++++++++++--
+ include/net/scm.h | 5 +++-
+ kernel/audit.c | 14 +++++++---
+ kernel/auditsc.c | 12 ++++++---
+ net/ipv4/ip_sockglue.c | 4 ++-
+ net/netfilter/nf_conntrack_netlink.c | 4 ++-
+ net/netfilter/nf_conntrack_standalone.c | 4 ++-
+ net/netfilter/nfnetlink_queue.c | 13 ++++++---
+ net/netlabel/netlabel_unlabeled.c | 19 +++++++++++---
+ net/netlabel/netlabel_user.c | 4 ++-
+ security/security.c | 11 ++++----
+ 15 files changed, 121 insertions(+), 35 deletions(-)
diff --git a/drivers/android/binder.c b/drivers/android/binder.c
-index 49b84b6fafd9..cc81d0f540fd 100644
+index 1a15e9e19e22..f74a72867ec9 100644
--- a/drivers/android/binder.c
+++ b/drivers/android/binder.c
-@@ -2863,9 +2863,7 @@ static void binder_transaction(struct binder_proc *proc,
- binder_size_t last_fixup_min_off = 0;
- struct binder_context *context = proc->context;
+@@ -2448,6 +2448,7 @@ static void binder_transaction(struct binder_proc *proc,
int t_debug_id = atomic_inc_return(&binder_last_id);
-- char *secctx = NULL;
-- u32 secctx_sz = 0;
-- struct lsmcontext scaff; /* scaffolding */
-+ struct lsmcontext lsmctx = { };
+ char *secctx = NULL;
+ u32 secctx_sz = 0;
++ struct lsmcontext scaff; /* scaffolding */
e = binder_transaction_log_add(&binder_transaction_log);
e->debug_id = t_debug_id;
-@@ -3113,14 +3111,14 @@ static void binder_transaction(struct binder_proc *proc,
- size_t added_size;
-
- security_task_getsecid(proc->tsk, &blob);
-- ret = security_secid_to_secctx(&blob, &secctx, &secctx_sz);
-+ ret = security_secid_to_secctx(&blob, &lsmctx);
- if (ret) {
- return_error = BR_FAILED_REPLY;
- return_error_param = ret;
- return_error_line = __LINE__;
- goto err_get_secctx_failed;
- }
-- added_size = ALIGN(secctx_sz, sizeof(u64));
-+ added_size = ALIGN(lsmctx.len, sizeof(u64));
- extra_buffers_size += added_size;
- if (extra_buffers_size < added_size) {
- /* integer overflow of extra_buffers_size */
-@@ -3147,24 +3145,22 @@ static void binder_transaction(struct binder_proc *proc,
- t->buffer = NULL;
- goto err_binder_alloc_buf_failed;
- }
-- if (secctx) {
-+ if (lsmctx.context) {
- int err;
- size_t buf_offset = ALIGN(tr->data_size, sizeof(void *)) +
- ALIGN(tr->offsets_size, sizeof(void *)) +
- ALIGN(extra_buffers_size, sizeof(void *)) -
-- ALIGN(secctx_sz, sizeof(u64));
-+ ALIGN(lsmctx.len, sizeof(u64));
-
- t->security_ctx = (uintptr_t)t->buffer->user_data + buf_offset;
- err = binder_alloc_copy_to_buffer(&target_proc->alloc,
- t->buffer, buf_offset,
-- secctx, secctx_sz);
-+ lsmctx.context, lsmctx.len);
- if (err) {
+@@ -2750,7 +2751,8 @@ static void binder_transaction(struct binder_proc *proc,
t->security_ctx = 0;
WARN_ON(1);
}
-- lsmcontext_init(&scaff, secctx, secctx_sz, 0);
-- security_release_secctx(&scaff);
-- secctx = NULL;
-+ security_release_secctx(&lsmctx);
+- security_release_secctx(secctx, secctx_sz);
++ lsmcontext_init(&scaff, secctx, secctx_sz, 0);
++ security_release_secctx(&scaff);
+ secctx = NULL;
}
t->buffer->debug_id = t->debug_id;
- t->buffer->transaction = t;
-@@ -3220,7 +3216,7 @@ static void binder_transaction(struct binder_proc *proc,
- off_end_offset = off_start_offset + tr->offsets_size;
- sg_buf_offset = ALIGN(off_end_offset, sizeof(void *));
- sg_buf_end_offset = sg_buf_offset + extra_buffers_size -
-- ALIGN(secctx_sz, sizeof(u64));
-+ ALIGN(lsmctx.len, sizeof(u64));
- off_min = 0;
- for (buffer_offset = off_start_offset; buffer_offset < off_end_offset;
- buffer_offset += sizeof(binder_size_t)) {
-@@ -3496,10 +3492,8 @@ static void binder_transaction(struct binder_proc *proc,
+@@ -3084,8 +3086,10 @@ static void binder_transaction(struct binder_proc *proc,
binder_alloc_free_buf(&target_proc->alloc, t->buffer);
err_binder_alloc_buf_failed:
err_bad_extra_size:
-- if (secctx) {
-- lsmcontext_init(&scaff, secctx, secctx_sz, 0);
-- security_release_secctx(&scaff);
-- }
-+ if (lsmctx.context)
-+ security_release_secctx(&lsmctx);
+- if (secctx)
+- security_release_secctx(secctx, secctx_sz);
++ if (secctx) {
++ lsmcontext_init(&scaff, secctx, secctx_sz, 0);
++ security_release_secctx(&scaff);
++ }
err_get_secctx_failed:
kfree(tcomplete);
binder_stats_deleted(BINDER_STAT_TRANSACTION_COMPLETE);
+diff --git a/fs/ceph/xattr.c b/fs/ceph/xattr.c
+index 24997982de01..cc4f911f0d74 100644
+--- a/fs/ceph/xattr.c
++++ b/fs/ceph/xattr.c
+@@ -1348,12 +1348,16 @@ int ceph_security_init_secctx(struct dentry *dentry, umode_t mode,
+
+ void ceph_release_acl_sec_ctx(struct ceph_acl_sec_ctx *as_ctx)
+ {
++#ifdef CONFIG_CEPH_FS_SECURITY_LABEL
++ struct lsmcontext scaff; /* scaffolding */
++#endif
+ #ifdef CONFIG_CEPH_FS_POSIX_ACL
+ posix_acl_release(as_ctx->acl);
+ posix_acl_release(as_ctx->default_acl);
+ #endif
+ #ifdef CONFIG_CEPH_FS_SECURITY_LABEL
+- security_release_secctx(as_ctx->sec_ctx, as_ctx->sec_ctxlen);
++ lsmcontext_init(&scaff, as_ctx->sec_ctx, as_ctx->sec_ctxlen, 0);
++ security_release_secctx(&scaff);
+ #endif
+ if (as_ctx->pagelist)
+ ceph_pagelist_release(as_ctx->pagelist);
+diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
+index 0ce04e0e5d82..d3c29eb2e9dd 100644
+--- a/fs/nfs/nfs4proc.c
++++ b/fs/nfs/nfs4proc.c
+@@ -139,8 +139,12 @@ nfs4_label_init_security(struct inode *dir, struct dentry *dentry,
+ static inline void
+ nfs4_label_release_security(struct nfs4_label *label)
+ {
+- if (label)
+- security_release_secctx(label->label, label->len);
++ struct lsmcontext scaff; /* scaffolding */
++
++ if (label) {
++ lsmcontext_init(&scaff, label->label, label->len, 0);
++ security_release_secctx(&scaff);
++ }
+ }
+ static inline u32 *nfs4_bitmask(struct nfs_server *server, struct nfs4_label *label)
+ {
+diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c
+index 45ee6b12ce5b..43698f15a52b 100644
+--- a/fs/nfsd/nfs4xdr.c
++++ b/fs/nfsd/nfs4xdr.c
+@@ -2834,6 +2834,7 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp,
+ int err;
+ struct nfs4_acl *acl = NULL;
+ #ifdef CONFIG_NFSD_V4_SECURITY_LABEL
++ struct lsmcontext scaff; /* scaffolding */
+ void *context = NULL;
+ int contextlen;
+ #endif
+@@ -3335,8 +3336,10 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp,
+
+ out:
+ #ifdef CONFIG_NFSD_V4_SECURITY_LABEL
+- if (context)
+- security_release_secctx(context, contextlen);
++ if (context) {
++ lsmcontext_init(&scaff, context, contextlen, 0); /*scaffolding*/
++ security_release_secctx(&scaff);
++ }
+ #endif /* CONFIG_NFSD_V4_SECURITY_LABEL */
+ kfree(acl);
+ if (tempfh) {
diff --git a/include/linux/security.h b/include/linux/security.h
-index 9bb11d9f1348..e47cef3d62f0 100644
+index e4a4816f1b94..cfa19eb9533b 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
-@@ -528,7 +528,7 @@ int security_setprocattr(const char *lsm, const char *name, void *value,
- size_t size);
- int security_netlink_send(struct sock *sk, struct sk_buff *skb);
- int security_ismaclabel(const char *name);
--int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen);
-+int security_secid_to_secctx(struct lsmblob *blob, struct lsmcontext *cp);
+@@ -133,6 +133,37 @@ enum lockdown_reason {
+
+ extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1];
+
++/*
++ * A "security context" is the text representation of
++ * the information used by LSMs.
++ * This structure contains the string, its length, and which LSM
++ * it is useful for.
++ */
++struct lsmcontext {
++ char *context; /* Provided by the module */
++ u32 len;
++ int slot; /* Identifies the module */
++};
++
++/**
++ * lsmcontext_init - initialize an lsmcontext structure.
++ * @cp: Pointer to the context to initialize
++ * @context: Initial context, or NULL
++ * @size: Size of context, or 0
++ * @slot: Which LSM provided the context
++ *
++ * Fill in the lsmcontext from the provided information.
++ * This is a scaffolding function that will be removed when
++ * lsmcontext integration is complete.
++ */
++static inline void lsmcontext_init(struct lsmcontext *cp, char *context,
++ u32 size, int slot)
++{
++ cp->slot = slot;
++ cp->context = context;
++ cp->len = size;
++}
++
+ /*
+ * Data exported by the security modules
+ *
+@@ -536,7 +567,7 @@ int security_ismaclabel(const char *name);
+ int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen);
int security_secctx_to_secid(const char *secdata, u32 seclen,
struct lsmblob *blob);
- void security_release_secctx(struct lsmcontext *cp);
-@@ -1333,7 +1333,7 @@ static inline int security_ismaclabel(const char *name)
- }
-
- static inline int security_secid_to_secctx(struct lsmblob *blob,
-- char **secdata, u32 *seclen)
-+ struct lsmcontext *cp)
- {
+-void security_release_secctx(char *secdata, u32 seclen);
++void security_release_secctx(struct lsmcontext *cp);
+ void security_inode_invalidate_secctx(struct inode *inode);
+ int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen);
+ int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen);
+@@ -1371,7 +1402,7 @@ static inline int security_secctx_to_secid(const char *secdata,
return -EOPNOTSUPP;
}
+
+-static inline void security_release_secctx(char *secdata, u32 seclen)
++static inline void security_release_secctx(struct lsmcontext *cp)
+ {
+ }
+
diff --git a/include/net/scm.h b/include/net/scm.h
-index 30ba801c91bd..4a6ad8caf423 100644
+index 23a35ff1b3f2..f273c4d777ec 100644
--- a/include/net/scm.h
+++ b/include/net/scm.h
-@@ -93,18 +93,14 @@ static __inline__ int scm_send(struct socket *sock, struct msghdr *msg,
+@@ -92,6 +92,7 @@ static __inline__ int scm_send(struct socket *sock, struct msghdr *msg,
+ #ifdef CONFIG_SECURITY_NETWORK
static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm)
{
- struct lsmcontext context;
-- char *secdata;
-- u32 seclen;
- int err;
-
- if (test_bit(SOCK_PASSSEC, &sock->flags)) {
-- err = security_secid_to_secctx(&scm->lsmblob, &secdata,
-- &seclen);
-+ err = security_secid_to_secctx(&scm->lsmblob, &context);
++ struct lsmcontext context;
+ struct lsmblob lb;
+ char *secdata;
+ u32 seclen;
+@@ -106,7 +107,9 @@ static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct sc
if (!err) {
-- put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata);
-- /*scaffolding*/
-- lsmcontext_init(&context, secdata, seclen, 0);
-+ put_cmsg(msg, SOL_SOCKET, SCM_SECURITY,
-+ context.len, context.context);
- security_release_secctx(&context);
- }
- }
+ put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata);
+- security_release_secctx(secdata, seclen);
++ /*scaffolding*/
++ lsmcontext_init(&context, secdata, seclen, 0);
++ security_release_secctx(&context);
+ }
+ }
+ }
diff --git a/kernel/audit.c b/kernel/audit.c
-index 35970e7191b6..cd0024c89807 100644
+index f6af7b27a6fa..902962ea9be6 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
-@@ -1178,9 +1178,8 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
- struct audit_buffer *ab;
- u16 msg_type = nlh->nlmsg_type;
+@@ -1192,6 +1192,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
struct audit_sig_info *sig_data;
-- char *ctx = NULL;
+ char *ctx = NULL;
u32 len;
-- struct lsmcontext scaff; /* scaffolding */
-+ struct lsmcontext context = { };
++ struct lsmcontext scaff; /* scaffolding */
err = audit_netlink_ok(skb, msg_type);
if (err)
-@@ -1418,25 +1417,22 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
- case AUDIT_SIGNAL_INFO:
- len = 0;
- if (lsmblob_is_set(&audit_sig_lsm)) {
-- err = security_secid_to_secctx(&audit_sig_lsm, &ctx,
-- &len);
-+ err = security_secid_to_secctx(&audit_sig_lsm,
-+ &context);
- if (err)
- return err;
+@@ -1449,15 +1450,18 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
}
sig_data = kmalloc(sizeof(*sig_data) + len, GFP_KERNEL);
if (!sig_data) {
-- if (lsmblob_is_set(&audit_sig_lsm)) {
-- lsmcontext_init(&scaff, ctx, len, 0);
-- security_release_secctx(&scaff);
-- }
-+ if (lsmblob_is_set(&audit_sig_lsm))
-+ security_release_secctx(&context);
+- if (lsmblob_is_set(&audit_sig_lsm))
+- security_release_secctx(ctx, len);
++ if (lsmblob_is_set(&audit_sig_lsm)) {
++ lsmcontext_init(&scaff, ctx, len, 0);
++ security_release_secctx(&scaff);
++ }
return -ENOMEM;
}
sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid);
sig_data->pid = audit_sig_pid;
if (lsmblob_is_set(&audit_sig_lsm)) {
-- memcpy(sig_data->ctx, ctx, len);
-- lsmcontext_init(&scaff, ctx, len, 0);
-- security_release_secctx(&scaff);
-+ memcpy(sig_data->ctx, context.context, context.len);
-+ security_release_secctx(&context);
+ memcpy(sig_data->ctx, ctx, len);
+- security_release_secctx(ctx, len);
++ lsmcontext_init(&scaff, ctx, len, 0);
++ security_release_secctx(&scaff);
}
audit_send_reply(skb, seq, AUDIT_SIGNAL_INFO, 0, 0,
sig_data, sizeof(*sig_data) + len);
-@@ -2061,26 +2057,23 @@ void audit_log_key(struct audit_buffer *ab, char *key)
-
- int audit_log_task_context(struct audit_buffer *ab)
- {
-- char *ctx = NULL;
-- unsigned len;
+@@ -2132,6 +2136,7 @@ int audit_log_task_context(struct audit_buffer *ab)
+ unsigned len;
int error;
struct lsmblob blob;
-- struct lsmcontext scaff; /* scaffolding */
-+ struct lsmcontext context;
++ struct lsmcontext scaff; /* scaffolding */
security_task_getsecid(current, &blob);
if (!lsmblob_is_set(&blob))
- return 0;
-
-- error = security_secid_to_secctx(&blob, &ctx, &len);
-+ error = security_secid_to_secctx(&blob, &context);
- if (error) {
- if (error != -EINVAL)
- goto error_path;
- return 0;
- }
-
-- audit_log_format(ab, " subj=%s", ctx);
-- lsmcontext_init(&scaff, ctx, len, 0);
-- security_release_secctx(&scaff);
-+ audit_log_format(ab, " subj=%s", context.context);
-+ security_release_secctx(&context);
+@@ -2145,7 +2150,8 @@ int audit_log_task_context(struct audit_buffer *ab)
+ }
+
+ audit_log_format(ab, " subj=%s", ctx);
+- security_release_secctx(ctx, len);
++ lsmcontext_init(&scaff, ctx, len, 0);
++ security_release_secctx(&scaff);
return 0;
error_path:
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
-index 8790e7aafa7d..6d273183dd87 100644
+index c766502b58f2..a73253515bc9 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
-@@ -962,9 +962,7 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid,
+@@ -998,6 +998,7 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid,
struct lsmblob *blob, char *comm)
{
struct audit_buffer *ab;
-- struct lsmcontext lsmcxt;
-- char *ctx = NULL;
-- u32 len;
-+ struct lsmcontext lsmctx;
++ struct lsmcontext lsmcxt;
+ char *ctx = NULL;
+ u32 len;
int rc = 0;
-
- ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID);
-@@ -975,13 +973,12 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid,
- from_kuid(&init_user_ns, auid),
- from_kuid(&init_user_ns, uid), sessionid);
- if (lsmblob_is_set(blob)) {
-- if (security_secid_to_secctx(blob, &ctx, &len)) {
-+ if (security_secid_to_secctx(blob, &lsmctx)) {
- audit_log_format(ab, " obj=(none)");
+@@ -1015,7 +1016,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid,
rc = 1;
} else {
-- audit_log_format(ab, " obj=%s", ctx);
-- lsmcontext_init(&lsmcxt, ctx, len, 0); /*scaffolding*/
-- security_release_secctx(&lsmcxt);
-+ audit_log_format(ab, " obj=%s", lsmctx.context);
-+ security_release_secctx(&lsmctx);
+ audit_log_format(ab, " obj=%s", ctx);
+- security_release_secctx(ctx, len);
++ lsmcontext_init(&lsmcxt, ctx, len, 0); /*scaffolding*/
++ security_release_secctx(&lsmcxt);
}
}
audit_log_format(ab, " ocomm=");
-@@ -1194,7 +1191,6 @@ static void audit_log_fcaps(struct audit_buffer *ab, struct audit_names *name)
+@@ -1228,6 +1230,7 @@ static void audit_log_fcaps(struct audit_buffer *ab, struct audit_names *name)
static void show_special(struct audit_context *context, int *call_panic)
{
-- struct lsmcontext lsmcxt;
++ struct lsmcontext lsmcxt;
struct audit_buffer *ab;
int i;
-@@ -1218,17 +1214,15 @@ static void show_special(struct audit_context *context, int *call_panic)
- from_kgid(&init_user_ns, context->ipc.gid),
- context->ipc.mode);
- if (osid) {
-- char *ctx = NULL;
-- u32 len;
-+ struct lsmcontext lsmcxt;
- struct lsmblob blob;
-
- lsmblob_init(&blob, osid);
-- if (security_secid_to_secctx(&blob, &ctx, &len)) {
-+ if (security_secid_to_secctx(&blob, &lsmcxt)) {
- audit_log_format(ab, " osid=%u", osid);
+@@ -1261,7 +1264,8 @@ static void show_special(struct audit_context *context, int *call_panic)
*call_panic = 1;
} else {
-- audit_log_format(ab, " obj=%s", ctx);
-- lsmcontext_init(&lsmcxt, ctx, len, 0);
-+ audit_log_format(ab, " obj=%s", lsmcxt.context);
- security_release_secctx(&lsmcxt);
+ audit_log_format(ab, " obj=%s", ctx);
+- security_release_secctx(ctx, len);
++ lsmcontext_init(&lsmcxt, ctx, len, 0);
++ security_release_secctx(&lsmcxt);
}
}
-@@ -1372,20 +1366,17 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n,
- MAJOR(n->rdev),
- MINOR(n->rdev));
- if (n->osid != 0) {
-- char *ctx = NULL;
-- u32 len;
+ if (context->ipc.has_perm) {
+@@ -1410,6 +1414,7 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n,
+ char *ctx = NULL;
+ u32 len;
struct lsmblob blob;
-- struct lsmcontext lsmcxt;
-+ struct lsmcontext lsmctx;
++ struct lsmcontext lsmcxt;
lsmblob_init(&blob, n->osid);
-- if (security_secid_to_secctx(&blob, &ctx, &len)) {
-+ if (security_secid_to_secctx(&blob, &lsmctx)) {
- audit_log_format(ab, " osid=%u", n->osid);
- if (call_panic)
+ if (security_secid_to_secctx(&blob, &ctx, &len)) {
+@@ -1418,7 +1423,8 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n,
*call_panic = 2;
} else {
-- audit_log_format(ab, " obj=%s", ctx);
-- lsmcontext_init(&lsmcxt, ctx, len, 0); /* scaffolding */
-- security_release_secctx(&lsmcxt);
-+ audit_log_format(ab, " obj=%s", lsmctx.context);
-+ security_release_secctx(&lsmctx);
+ audit_log_format(ab, " obj=%s", ctx);
+- security_release_secctx(ctx, len);
++ lsmcontext_init(&lsmcxt, ctx, len, 0); /* scaffolding */
++ security_release_secctx(&lsmcxt);
}
}
diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
-index 96d56a30ecca..27af7a6b8780 100644
+index 2f089733ada7..a7e4c1b34b6c 100644
--- a/net/ipv4/ip_sockglue.c
+++ b/net/ipv4/ip_sockglue.c
-@@ -132,20 +132,17 @@ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb)
- {
- struct lsmcontext context;
+@@ -130,6 +130,7 @@ static void ip_cmsg_recv_checksum(struct msghdr *msg, struct sk_buff *skb,
+
+ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb)
+ {
++ struct lsmcontext context;
struct lsmblob lb;
-- char *secdata;
-- u32 seclen;
- int err;
-
- err = security_socket_getpeersec_dgram(NULL, skb, &lb);
- if (err)
+ char *secdata;
+ u32 seclen, secid;
+@@ -145,7 +146,8 @@ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb)
return;
-- err = security_secid_to_secctx(&lb, &secdata, &seclen);
-+ err = security_secid_to_secctx(&lb, &context);
- if (err)
- return;
-
-- put_cmsg(msg, SOL_IP, SCM_SECURITY, seclen, secdata);
-- lsmcontext_init(&context, secdata, seclen, 0); /* scaffolding */
-+ put_cmsg(msg, SOL_IP, SCM_SECURITY, context.len, context.context);
- security_release_secctx(&context);
- }
-
+ put_cmsg(msg, SOL_IP, SCM_SECURITY, seclen, secdata);
+- security_release_secctx(secdata, seclen);
++ lsmcontext_init(&context, secdata, seclen, 0); /* scaffolding */
++ security_release_secctx(&context);
+ }
+
+ static void ip_cmsg_recv_dstaddr(struct msghdr *msg, struct sk_buff *skb)
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
-index 78791e015d8b..7c8a7edac36d 100644
+index d4902d120799..3b9cf2a1fed7 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
-@@ -329,13 +329,12 @@ static int ctnetlink_dump_mark(struct sk_buff *skb, const struct nf_conn *ct)
- static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct)
- {
- struct nlattr *nest_secctx;
-- int len, ret;
-- char *secctx;
-+ int ret;
- struct lsmblob blob;
- struct lsmcontext context;
-
- lsmblob_init(&blob, ct->secmark);
-- ret = security_secid_to_secctx(&blob, &secctx, &len);
-+ ret = security_secid_to_secctx(&blob, &context);
- if (ret)
- return 0;
-
-@@ -344,13 +343,12 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct)
- if (!nest_secctx)
- goto nla_put_failure;
-
-- if (nla_put_string(skb, CTA_SECCTX_NAME, secctx))
-+ if (nla_put_string(skb, CTA_SECCTX_NAME, context.context))
- goto nla_put_failure;
- nla_nest_end(skb, nest_secctx);
+@@ -339,6 +339,7 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct)
+ int len, ret;
+ char *secctx;
+ struct lsmblob blob;
++ struct lsmcontext context;
+
+ /* lsmblob_init() puts ct->secmark into all of the secids in blob.
+ * security_secid_to_secctx() will know which security module
+@@ -359,7 +360,8 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct)
ret = 0;
nla_put_failure:
-- lsmcontext_init(&context, secctx, len, 0); /* scaffolding */
- security_release_secctx(&context);
+- security_release_secctx(secctx, len);
++ lsmcontext_init(&context, secctx, len, 0); /* scaffolding */
++ security_release_secctx(&context);
return ret;
}
-@@ -626,12 +624,16 @@ static inline int ctnetlink_secctx_size(const struct nf_conn *ct)
- #ifdef CONFIG_NF_CONNTRACK_SECMARK
- int len, ret;
- struct lsmblob blob;
-+ struct lsmcontext context;
-
- lsmblob_init(&blob, ct->secmark);
-- ret = security_secid_to_secctx(&blob, NULL, &len);
-+ ret = security_secid_to_secctx(&blob, &context);
- if (ret)
- return 0;
-
-+ len = context.len;
-+ security_release_secctx(&context);
-+
- return nla_total_size(0) /* CTA_SECCTX */
- + nla_total_size(sizeof(char) * len); /* CTA_SECCTX_NAME */
#else
diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c
-index 8601fcb99f7a..8969754d7fe9 100644
+index 54da1a3e8cb1..e2bdc851a477 100644
--- a/net/netfilter/nf_conntrack_standalone.c
+++ b/net/netfilter/nf_conntrack_standalone.c
-@@ -173,19 +173,16 @@ static void ct_seq_stop(struct seq_file *s, void *v)
- static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct)
- {
- int ret;
-- u32 len;
-- char *secctx;
- struct lsmblob blob;
- struct lsmcontext context;
+@@ -176,6 +176,7 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct)
+ u32 len;
+ char *secctx;
+ struct lsmblob blob;
++ struct lsmcontext context;
lsmblob_init(&blob, ct->secmark);
-- ret = security_secid_to_secctx(&blob, &secctx, &len);
-+ ret = security_secid_to_secctx(&blob, &context);
- if (ret)
- return;
-
-- seq_printf(s, "secctx=%s ", secctx);
-+ seq_printf(s, "secctx=%s ", context.context);
-
-- lsmcontext_init(&context, secctx, len, 0); /* scaffolding */
- security_release_secctx(&context);
+ ret = security_secid_to_secctx(&blob, &secctx, &len);
+@@ -184,7 +185,8 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct)
+
+ seq_printf(s, "secctx=%s ", secctx);
+
+- security_release_secctx(secctx, len);
++ lsmcontext_init(&context, secctx, len, 0); /* scaffolding */
++ security_release_secctx(&context);
}
#else
+ static inline void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct)
diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
-index cc3ef03ee198..2d6668fd026c 100644
+index a6dbef71fc32..dcc31cb7f287 100644
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
-@@ -306,6 +306,7 @@ static u32 nfqnl_get_sk_secctx(struct sk_buff *skb, char **secdata)
+@@ -398,6 +398,7 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue,
+ enum ip_conntrack_info ctinfo;
+ struct nfnl_ct_hook *nfnl_ct;
+ bool csum_verify;
++ struct lsmcontext scaff; /* scaffolding */
+ char *secdata = NULL;
u32 seclen = 0;
- #if IS_ENABLED(CONFIG_NETWORK_SECMARK)
- struct lsmblob blob;
-+ struct lsmcontext context = { };
-
- if (!skb || !sk_fullsock(skb->sk))
- return 0;
-@@ -314,10 +315,12 @@ static u32 nfqnl_get_sk_secctx(struct sk_buff *skb, char **secdata)
-
- if (skb->secmark) {
- lsmblob_init(&blob, skb->secmark);
-- security_secid_to_secctx(&blob, secdata, &seclen);
-+ security_secid_to_secctx(&blob, &context);
-+ *secdata = context.context;
- }
-
- read_unlock_bh(&skb->sk->sk_callback_lock);
-+ seclen = context.len;
- #endif
- return seclen;
- }
+
+@@ -628,8 +629,10 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue,
+ }
+
+ nlh->nlmsg_len = skb->len;
+- if (seclen)
+- security_release_secctx(secdata, seclen);
++ if (seclen) {
++ lsmcontext_init(&scaff, secdata, seclen, 0);
++ security_release_secctx(&scaff);
++ }
+ return skb;
+
+ nla_put_failure:
+@@ -637,8 +640,10 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue,
+ kfree_skb(skb);
+ net_err_ratelimited("nf_queue: error creating packet message\n");
+ nlmsg_failure:
+- if (seclen)
+- security_release_secctx(secdata, seclen);
++ if (seclen) {
++ lsmcontext_init(&scaff, secdata, seclen, 0);
++ security_release_secctx(&scaff);
++ }
+ return NULL;
+ }
+
diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c
-index 288c005b44c7..c03fe9a4f7b9 100644
+index 93240432427f..32b6eea7ba0c 100644
--- a/net/netlabel/netlabel_unlabeled.c
+++ b/net/netlabel/netlabel_unlabeled.c
-@@ -374,8 +374,6 @@ int netlbl_unlhsh_add(struct net *net,
+@@ -374,6 +374,7 @@ int netlbl_unlhsh_add(struct net *net,
+ struct net_device *dev;
struct netlbl_unlhsh_iface *iface;
struct audit_buffer *audit_buf = NULL;
- struct lsmcontext context;
-- char *secctx = NULL;
-- u32 secctx_len;
- struct lsmblob blob;
-
- if (addr_len != sizeof(struct in_addr) &&
-@@ -440,12 +438,9 @@ int netlbl_unlhsh_add(struct net *net,
- rcu_read_unlock();
- if (audit_buf != NULL) {
- lsmblob_init(&blob, secid);
-- if (security_secid_to_secctx(&blob,
-- &secctx,
-- &secctx_len) == 0) {
-- audit_log_format(audit_buf, " sec_obj=%s", secctx);
-- /* scaffolding */
-- lsmcontext_init(&context, secctx, secctx_len, 0);
-+ if (security_secid_to_secctx(&blob, &context) == 0) {
-+ audit_log_format(audit_buf, " sec_obj=%s",
-+ context.context);
- security_release_secctx(&context);
++ struct lsmcontext context;
+ char *secctx = NULL;
+ u32 secctx_len;
+ struct lsmblob blob;
+@@ -447,7 +448,9 @@ int netlbl_unlhsh_add(struct net *net,
+ &secctx,
+ &secctx_len) == 0) {
+ audit_log_format(audit_buf, " sec_obj=%s", secctx);
+- security_release_secctx(secctx, secctx_len);
++ /* scaffolding */
++ lsmcontext_init(&context, secctx, secctx_len, 0);
++ security_release_secctx(&context);
}
audit_log_format(audit_buf, " res=%u", ret_val == 0 ? 1 : 0);
-@@ -478,8 +473,6 @@ static int netlbl_unlhsh_remove_addr4(struct net *net,
+ audit_log_end(audit_buf);
+@@ -478,6 +481,7 @@ static int netlbl_unlhsh_remove_addr4(struct net *net,
+ struct netlbl_unlhsh_addr4 *entry;
struct audit_buffer *audit_buf;
struct net_device *dev;
- struct lsmcontext context;
-- char *secctx;
-- u32 secctx_len;
- struct lsmblob blob;
-
- spin_lock(&netlbl_unlhsh_lock);
-@@ -503,11 +496,9 @@ static int netlbl_unlhsh_remove_addr4(struct net *net,
- if (entry != NULL)
- lsmblob_init(&blob, entry->secid);
- if (entry != NULL &&
-- security_secid_to_secctx(&blob,
-- &secctx, &secctx_len) == 0) {
-- audit_log_format(audit_buf, " sec_obj=%s", secctx);
-- /* scaffolding */
-- lsmcontext_init(&context, secctx, secctx_len, 0);
-+ security_secid_to_secctx(&blob, &context) == 0) {
-+ audit_log_format(audit_buf, " sec_obj=%s",
-+ context.context);
- security_release_secctx(&context);
++ struct lsmcontext context;
+ char *secctx;
+ u32 secctx_len;
+ struct lsmblob blob;
+@@ -509,7 +513,9 @@ static int netlbl_unlhsh_remove_addr4(struct net *net,
+ security_secid_to_secctx(&blob,
+ &secctx, &secctx_len) == 0) {
+ audit_log_format(audit_buf, " sec_obj=%s", secctx);
+- security_release_secctx(secctx, secctx_len);
++ /* scaffolding */
++ lsmcontext_init(&context, secctx, secctx_len, 0);
++ security_release_secctx(&context);
}
audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0);
-@@ -546,8 +537,6 @@ static int netlbl_unlhsh_remove_addr6(struct net *net,
+ audit_log_end(audit_buf);
+@@ -546,6 +552,7 @@ static int netlbl_unlhsh_remove_addr6(struct net *net,
+ struct netlbl_unlhsh_addr6 *entry;
struct audit_buffer *audit_buf;
struct net_device *dev;
- struct lsmcontext context;
-- char *secctx;
-- u32 secctx_len;
- struct lsmblob blob;
-
- spin_lock(&netlbl_unlhsh_lock);
-@@ -570,10 +559,9 @@ static int netlbl_unlhsh_remove_addr6(struct net *net,
- if (entry != NULL)
- lsmblob_init(&blob, entry->secid);
- if (entry != NULL &&
-- security_secid_to_secctx(&blob,
-- &secctx, &secctx_len) == 0) {
-- audit_log_format(audit_buf, " sec_obj=%s", secctx);
-- lsmcontext_init(&context, secctx, secctx_len, 0);
-+ security_secid_to_secctx(&blob, &context) == 0) {
-+ audit_log_format(audit_buf, " sec_obj=%s",
-+ context.context);
- security_release_secctx(&context);
++ struct lsmcontext context;
+ char *secctx;
+ u32 secctx_len;
+ struct lsmblob blob;
+@@ -576,7 +583,8 @@ static int netlbl_unlhsh_remove_addr6(struct net *net,
+ security_secid_to_secctx(&blob,
+ &secctx, &secctx_len) == 0) {
+ audit_log_format(audit_buf, " sec_obj=%s", secctx);
+- security_release_secctx(secctx, secctx_len);
++ lsmcontext_init(&context, secctx, secctx_len, 0);
++ security_release_secctx(&context);
}
audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0);
-@@ -1091,8 +1079,6 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd,
- struct lsmcontext context;
+ audit_log_end(audit_buf);
+@@ -1095,6 +1103,7 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd,
+ int ret_val = -ENOMEM;
+ struct netlbl_unlhsh_walk_arg *cb_arg = arg;
+ struct net_device *dev;
++ struct lsmcontext context;
void *data;
u32 secid;
-- char *secctx;
-- u32 secctx_len;
- struct lsmblob blob;
-
- data = genlmsg_put(cb_arg->skb, NETLINK_CB(cb_arg->nl_cb->skb).portid,
-@@ -1149,15 +1135,13 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd,
- }
-
- lsmblob_init(&blob, secid);
-- ret_val = security_secid_to_secctx(&blob, &secctx, &secctx_len);
-+ ret_val = security_secid_to_secctx(&blob, &context);
+ char *secctx;
+@@ -1165,7 +1174,9 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd,
+ NLBL_UNLABEL_A_SECCTX,
+ secctx_len,
+ secctx);
+- security_release_secctx(secctx, secctx_len);
++ /* scaffolding */
++ lsmcontext_init(&context, secctx, secctx_len, 0);
++ security_release_secctx(&context);
if (ret_val != 0)
goto list_cb_failure;
- ret_val = nla_put(cb_arg->skb,
- NLBL_UNLABEL_A_SECCTX,
-- secctx_len,
-- secctx);
-- /* scaffolding */
-- lsmcontext_init(&context, secctx, secctx_len, 0);
-+ context.len,
-+ context.context);
- security_release_secctx(&context);
- if (ret_val != 0)
- goto list_cb_failure;
+
diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c
-index ef139d8ae7cd..951ba0639d20 100644
+index 893301ae0131..ef139d8ae7cd 100644
--- a/net/netlabel/netlabel_user.c
+++ b/net/netlabel/netlabel_user.c
-@@ -85,8 +85,6 @@ struct audit_buffer *netlbl_audit_start_common(int type,
+@@ -84,6 +84,7 @@ struct audit_buffer *netlbl_audit_start_common(int type,
+ struct netlbl_audit *audit_info)
{
struct audit_buffer *audit_buf;
- struct lsmcontext context;
-- char *secctx;
-- u32 secctx_len;
- struct lsmblob blob;
-
- if (audit_enabled == AUDIT_OFF)
-@@ -102,9 +100,8 @@ struct audit_buffer *netlbl_audit_start_common(int type,
-
- lsmblob_init(&blob, audit_info->secid);
++ struct lsmcontext context;
+ char *secctx;
+ u32 secctx_len;
+ struct lsmblob blob;
+@@ -103,7 +104,8 @@ struct audit_buffer *netlbl_audit_start_common(int type,
if (audit_info->secid != 0 &&
-- security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) {
-- audit_log_format(audit_buf, " subj=%s", secctx);
-- lsmcontext_init(&context, secctx, secctx_len, 0);/*scaffolding*/
-+ security_secid_to_secctx(&blob, &context) == 0) {
-+ audit_log_format(audit_buf, " subj=%s", context.context);
- security_release_secctx(&context);
- }
-
+ security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) {
+ audit_log_format(audit_buf, " subj=%s", secctx);
+- security_release_secctx(secctx, secctx_len);
++ lsmcontext_init(&context, secctx, secctx_len, 0);/*scaffolding*/
++ security_release_secctx(&context);
+ }
+
+ return audit_buf;
diff --git a/security/security.c b/security/security.c
-index c05ef9d0c8ed..618d4f90936b 100644
+index 517623ba81dc..904ae6c46be0 100644
--- a/security/security.c
+++ b/security/security.c
-@@ -2109,18 +2109,22 @@ int security_ismaclabel(const char *name)
- }
- EXPORT_SYMBOL(security_ismaclabel);
-
--int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen)
-+int security_secid_to_secctx(struct lsmblob *blob, struct lsmcontext *cp)
+@@ -2288,16 +2288,17 @@ int security_secctx_to_secid(const char *secdata, u32 seclen,
+ }
+ EXPORT_SYMBOL(security_secctx_to_secid);
+
+-void security_release_secctx(char *secdata, u32 seclen)
++void security_release_secctx(struct lsmcontext *cp)
{
struct security_hook_list *hp;
- int display = lsm_task_display(current);
-
+- int ilsm = lsm_task_ilsm(current);
+
+ hlist_for_each_entry(hp, &security_hook_heads.release_secctx, list)
+- if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot) {
+- hp->hook.release_secctx(secdata, seclen);
+- return;
++ if (cp->slot == hp->lsmid->slot) {
++ hp->hook.release_secctx(cp->context, cp->len);
++ break;
+ }
++
+ memset(cp, 0, sizeof(*cp));
-+
- hlist_for_each_entry(hp, &security_hook_heads.secid_to_secctx, list) {
- if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot))
- continue;
-- if (display == LSMBLOB_INVALID || display == hp->lsmid->slot)
-+ if (display == LSMBLOB_INVALID || display == hp->lsmid->slot) {
-+ cp->slot = hp->lsmid->slot;
- return hp->hook.secid_to_secctx(
- blob->secid[hp->lsmid->slot],
-- secdata, seclen);
-+ &cp->context, &cp->len);
-+ }
- }
- return 0;
- }
+ }
+ EXPORT_SYMBOL(security_release_secctx);
+
--
-2.20.1
+2.25.4