4.19-stable patches

added patches:
	ima-align-ima_file_mmap-parameters-with-mmap_file-lsm-hook.patch

diff --git a/queue-4.19/ima-align-ima_file_mmap-parameters-with-mmap_file-lsm-hook.patch b/queue-4.19/ima-align-ima_file_mmap-parameters-with-mmap_file-lsm-hook.patch
new file mode 100644 (file)
index 0000000..f354a66
--- /dev/null
+++ b/queue-4.19/ima-align-ima_file_mmap-parameters-with-mmap_file-lsm-hook.patch
@@ -0,0 +1,107 @@
+From 4971c268b85e1c7a734a61622fc0813c86e2362e Mon Sep 17 00:00:00 2001
+From: Roberto Sassu <roberto.sassu@huawei.com>
+Date: Tue, 31 Jan 2023 18:42:43 +0100
+Subject: ima: Align ima_file_mmap() parameters with mmap_file LSM hook
+
+From: Roberto Sassu <roberto.sassu@huawei.com>
+
+commit 4971c268b85e1c7a734a61622fc0813c86e2362e upstream.
+
+Commit 98de59bfe4b2f ("take calculation of final prot in
+security_mmap_file() into a helper") moved the code to update prot, to be
+the actual protections applied to the kernel, to a new helper called
+mmap_prot().
+
+However, while without the helper ima_file_mmap() was getting the updated
+prot, with the helper ima_file_mmap() gets the original prot, which
+contains the protections requested by the application.
+
+A possible consequence of this change is that, if an application calls
+mmap() with only PROT_READ, and the kernel applies PROT_EXEC in addition,
+that application would have access to executable memory without having this
+event recorded in the IMA measurement list. This situation would occur for
+example if the application, before mmap(), calls the personality() system
+call with READ_IMPLIES_EXEC as the first argument.
+
+Align ima_file_mmap() parameters with those of the mmap_file LSM hook, so
+that IMA can receive both the requested prot and the final prot. Since the
+requested protections are stored in a new variable, and the final
+protections are stored in the existing variable, this effectively restores
+the original behavior of the MMAP_CHECK hook.
+
+Cc: stable@vger.kernel.org
+Fixes: 98de59bfe4b2 ("take calculation of final prot in security_mmap_file() into a helper")
+Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
+Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
+Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ include/linux/ima.h               |    6 ++++--
+ security/integrity/ima/ima_main.c |    7 +++++--
+ security/security.c               |    7 ++++---
+ 3 files changed, 13 insertions(+), 7 deletions(-)
+
+--- a/include/linux/ima.h
++++ b/include/linux/ima.h
+@@ -19,7 +19,8 @@ struct linux_binprm;
+ extern int ima_bprm_check(struct linux_binprm *bprm);
+ extern int ima_file_check(struct file *file, int mask);
+ extern void ima_file_free(struct file *file);
+-extern int ima_file_mmap(struct file *file, unsigned long prot);
++extern int ima_file_mmap(struct file *file, unsigned long reqprot,
++                       unsigned long prot, unsigned long flags);
+ extern int ima_load_data(enum kernel_load_data_id id);
+ extern int ima_read_file(struct file *file, enum kernel_read_file_id id);
+ extern int ima_post_read_file(struct file *file, void *buf, loff_t size,
+@@ -46,7 +47,8 @@ static inline void ima_file_free(struct
+       return;
+ }
+ 
+-static inline int ima_file_mmap(struct file *file, unsigned long prot)
++static inline int ima_file_mmap(struct file *file, unsigned long reqprot,
++                              unsigned long prot, unsigned long flags)
+ {
+       return 0;
+ }
+--- a/security/integrity/ima/ima_main.c
++++ b/security/integrity/ima/ima_main.c
+@@ -323,7 +323,9 @@ out:
+ /**
+  * ima_file_mmap - based on policy, collect/store measurement.
+  * @file: pointer to the file to be measured (May be NULL)
+- * @prot: contains the protection that will be applied by the kernel.
++ * @reqprot: protection requested by the application
++ * @prot: protection that will be applied by the kernel
++ * @flags: operational flags
+  *
+  * Measure files being mmapped executable based on the ima_must_measure()
+  * policy decision.
+@@ -331,7 +333,8 @@ out:
+  * On success return 0.  On integrity appraisal error, assuming the file
+  * is in policy and IMA-appraisal is in enforcing mode, return -EACCES.
+  */
+-int ima_file_mmap(struct file *file, unsigned long prot)
++int ima_file_mmap(struct file *file, unsigned long reqprot,
++                unsigned long prot, unsigned long flags)
+ {
+       u32 secid;
+ 
+--- a/security/security.c
++++ b/security/security.c
+@@ -926,12 +926,13 @@ static inline unsigned long mmap_prot(st
+ int security_mmap_file(struct file *file, unsigned long prot,
+                       unsigned long flags)
+ {
++      unsigned long prot_adj = mmap_prot(file, prot);
+       int ret;
+-      ret = call_int_hook(mmap_file, 0, file, prot,
+-                                      mmap_prot(file, prot), flags);
++
++      ret = call_int_hook(mmap_file, 0, file, prot, prot_adj, flags);
+       if (ret)
+               return ret;
+-      return ima_file_mmap(file, prot);
++      return ima_file_mmap(file, prot, prot_adj, flags);
+ }
+ 
+ int security_mmap_addr(unsigned long addr)

diff --git a/queue-4.19/series b/queue-4.19/series
index 71576367de1cf9643003a8b94222ad424128696e..688a9151fe9642c7d8a25a98164a88dc7a72a1b6 100644 (file)
--- a/queue-4.19/series
+++ b/queue-4.19/series
@@ -165,3 +165,4 @@ x86-microcode-amd-add-a-cpu-parameter-to-the-reloading-functions.patch
 x86-microcode-amd-fix-mixed-steppings-support.patch
 x86-speculation-allow-enabling-stibp-with-legacy-ibrs.patch
 documentation-hw-vuln-document-the-interaction-between-ibrs-and-stibp.patch
+ima-align-ima_file_mmap-parameters-with-mmap_file-lsm-hook.patch