Fixes for 4.19

Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/queue-4.19/selinux-improve-error-checking-in-sel_write_load.patch b/queue-4.19/selinux-improve-error-checking-in-sel_write_load.patch
new file mode 100644 (file)
index 0000000..0ba8f50
--- /dev/null
+++ b/queue-4.19/selinux-improve-error-checking-in-sel_write_load.patch
@@ -0,0 +1,89 @@
+From d268e1b7b967314c610ad15ece96f690fac60d83 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 25 Oct 2024 11:21:29 -0300
+Subject: selinux: improve error checking in sel_write_load()
+
+From: Paul Moore <paul@paul-moore.com>
+
+[ Upstream commit 42c773238037c90b3302bf37a57ae3b5c3f6004a ]
+
+Move our existing input sanity checking to the top of sel_write_load()
+and add a check to ensure the buffer size is non-zero.
+
+Move a local variable initialization from the declaration to before it
+is used.
+
+Minor style adjustments.
+
+Reported-by: Sam Sun <samsun1006219@gmail.com>
+Signed-off-by: Paul Moore <paul@paul-moore.com>
+[cascardo: keep fsi initialization at its declaration point as it is used earlier]
+[cascardo: keep check for 64MiB size limit]
+Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ security/selinux/selinuxfs.c | 31 +++++++++++++++++--------------
+ 1 file changed, 17 insertions(+), 14 deletions(-)
+
+diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
+index 60b3f16bb5c7b..c35aab9f24471 100644
+--- a/security/selinux/selinuxfs.c
++++ b/security/selinux/selinuxfs.c
+@@ -536,6 +536,16 @@ static ssize_t sel_write_load(struct file *file, const char __user *buf,
+       ssize_t length;
+       void *data = NULL;
+ 
++      /* no partial writes */
++      if (*ppos)
++              return -EINVAL;
++      /* no empty policies */
++      if (!count)
++              return -EINVAL;
++
++      if (count > 64 * 1024 * 1024)
++              return -EFBIG;
++
+       mutex_lock(&fsi->mutex);
+ 
+       length = avc_has_perm(&selinux_state,
+@@ -544,23 +554,15 @@ static ssize_t sel_write_load(struct file *file, const char __user *buf,
+       if (length)
+               goto out;
+ 
+-      /* No partial writes. */
+-      length = -EINVAL;
+-      if (*ppos != 0)
+-              goto out;
+-
+-      length = -EFBIG;
+-      if (count > 64 * 1024 * 1024)
+-              goto out;
+-
+-      length = -ENOMEM;
+       data = vmalloc(count);
+-      if (!data)
++      if (!data) {
++              length = -ENOMEM;
+               goto out;
+-
+-      length = -EFAULT;
+-      if (copy_from_user(data, buf, count) != 0)
++      }
++      if (copy_from_user(data, buf, count) != 0) {
++              length = -EFAULT;
+               goto out;
++      }
+ 
+       length = security_load_policy(fsi->state, data, count);
+       if (length) {
+@@ -579,6 +581,7 @@ static ssize_t sel_write_load(struct file *file, const char __user *buf,
+               "auid=%u ses=%u lsm=selinux res=1",
+               from_kuid(&init_user_ns, audit_get_loginuid(current)),
+               audit_get_sessionid(current));
++
+ out:
+       mutex_unlock(&fsi->mutex);
+       vfree(data);
+-- 
+2.43.0
+

diff --git a/queue-4.19/series b/queue-4.19/series
index e5188d4254252d14c12b5bffecaa627649c6b0bd..c521cd854c2fb5e230fe0d67b8f92f4871bf4282 100644 (file)
--- a/queue-4.19/series
+++ b/queue-4.19/series
@@ -313,3 +313,4 @@ dt-bindings-power-add-r8a774b1-sysc-power-domain-def.patch
 net-usb-usbnet-fix-name-regression.patch
 posix-clock-posix-clock-fix-unbalanced-locking-in-pc.patch
 alsa-hda-realtek-update-default-depop-procedure.patch
+selinux-improve-error-checking-in-sel_write_load.patch