--- /dev/null
+From db0ccc44a20b4bb3039c0f6885a1f9c3323c7673 Mon Sep 17 00:00:00 2001
+From: Jens Axboe <axboe@kernel.dk>
+Date: Thu, 16 Feb 2023 07:57:32 -0700
+Subject: brd: return 0/-error from brd_insert_page()
+
+From: Jens Axboe <axboe@kernel.dk>
+
+commit db0ccc44a20b4bb3039c0f6885a1f9c3323c7673 upstream.
+
+It currently returns a page, but callers just check for NULL/page to
+gauge success. Clean this up and return the appropriate error directly
+instead.
+
+Cc: stable@vger.kernel.org # 5.10+
+Reviewed-by: Christoph Hellwig <hch@lst.de>
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/block/brd.c | 26 ++++++++++++--------------
+ 1 file changed, 12 insertions(+), 14 deletions(-)
+
+--- a/drivers/block/brd.c
++++ b/drivers/block/brd.c
+@@ -78,11 +78,9 @@ static struct page *brd_lookup_page(stru
+ }
+
+ /*
+- * Look up and return a brd's page for a given sector.
+- * If one does not exist, allocate an empty page, and insert that. Then
+- * return it.
++ * Insert a new page for a given sector, if one does not already exist.
+ */
+-static struct page *brd_insert_page(struct brd_device *brd, sector_t sector)
++static int brd_insert_page(struct brd_device *brd, sector_t sector)
+ {
+ pgoff_t idx;
+ struct page *page;
+@@ -90,7 +88,7 @@ static struct page *brd_insert_page(stru
+
+ page = brd_lookup_page(brd, sector);
+ if (page)
+- return page;
++ return 0;
+
+ /*
+ * Must use NOIO because we don't want to recurse back into the
+@@ -99,11 +97,11 @@ static struct page *brd_insert_page(stru
+ gfp_flags = GFP_NOIO | __GFP_ZERO | __GFP_HIGHMEM;
+ page = alloc_page(gfp_flags);
+ if (!page)
+- return NULL;
++ return -ENOMEM;
+
+ if (radix_tree_preload(GFP_NOIO)) {
+ __free_page(page);
+- return NULL;
++ return -ENOMEM;
+ }
+
+ spin_lock(&brd->brd_lock);
+@@ -120,8 +118,7 @@ static struct page *brd_insert_page(stru
+ spin_unlock(&brd->brd_lock);
+
+ radix_tree_preload_end();
+-
+- return page;
++ return 0;
+ }
+
+ /*
+@@ -174,16 +171,17 @@ static int copy_to_brd_setup(struct brd_
+ {
+ unsigned int offset = (sector & (PAGE_SECTORS-1)) << SECTOR_SHIFT;
+ size_t copy;
++ int ret;
+
+ copy = min_t(size_t, n, PAGE_SIZE - offset);
+- if (!brd_insert_page(brd, sector))
+- return -ENOSPC;
++ ret = brd_insert_page(brd, sector);
++ if (ret)
++ return ret;
+ if (copy < n) {
+ sector += copy >> SECTOR_SHIFT;
+- if (!brd_insert_page(brd, sector))
+- return -ENOSPC;
++ ret = brd_insert_page(brd, sector);
+ }
+- return 0;
++ return ret;
+ }
+
+ /*
--- /dev/null
+From 4971c268b85e1c7a734a61622fc0813c86e2362e Mon Sep 17 00:00:00 2001
+From: Roberto Sassu <roberto.sassu@huawei.com>
+Date: Tue, 31 Jan 2023 18:42:43 +0100
+Subject: ima: Align ima_file_mmap() parameters with mmap_file LSM hook
+
+From: Roberto Sassu <roberto.sassu@huawei.com>
+
+commit 4971c268b85e1c7a734a61622fc0813c86e2362e upstream.
+
+Commit 98de59bfe4b2f ("take calculation of final prot in
+security_mmap_file() into a helper") moved the code to update prot, to be
+the actual protections applied to the kernel, to a new helper called
+mmap_prot().
+
+However, while without the helper ima_file_mmap() was getting the updated
+prot, with the helper ima_file_mmap() gets the original prot, which
+contains the protections requested by the application.
+
+A possible consequence of this change is that, if an application calls
+mmap() with only PROT_READ, and the kernel applies PROT_EXEC in addition,
+that application would have access to executable memory without having this
+event recorded in the IMA measurement list. This situation would occur for
+example if the application, before mmap(), calls the personality() system
+call with READ_IMPLIES_EXEC as the first argument.
+
+Align ima_file_mmap() parameters with those of the mmap_file LSM hook, so
+that IMA can receive both the requested prot and the final prot. Since the
+requested protections are stored in a new variable, and the final
+protections are stored in the existing variable, this effectively restores
+the original behavior of the MMAP_CHECK hook.
+
+Cc: stable@vger.kernel.org
+Fixes: 98de59bfe4b2 ("take calculation of final prot in security_mmap_file() into a helper")
+Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
+Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
+Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ include/linux/ima.h | 6 ++++--
+ security/integrity/ima/ima_main.c | 7 +++++--
+ security/security.c | 7 ++++---
+ 3 files changed, 13 insertions(+), 7 deletions(-)
+
+--- a/include/linux/ima.h
++++ b/include/linux/ima.h
+@@ -21,7 +21,8 @@ extern int ima_file_check(struct file *f
+ extern void ima_post_create_tmpfile(struct user_namespace *mnt_userns,
+ struct inode *inode);
+ extern void ima_file_free(struct file *file);
+-extern int ima_file_mmap(struct file *file, unsigned long prot);
++extern int ima_file_mmap(struct file *file, unsigned long reqprot,
++ unsigned long prot, unsigned long flags);
+ extern int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot);
+ extern int ima_load_data(enum kernel_load_data_id id, bool contents);
+ extern int ima_post_load_data(char *buf, loff_t size,
+@@ -91,7 +92,8 @@ static inline void ima_file_free(struct
+ return;
+ }
+
+-static inline int ima_file_mmap(struct file *file, unsigned long prot)
++static inline int ima_file_mmap(struct file *file, unsigned long reqprot,
++ unsigned long prot, unsigned long flags)
+ {
+ return 0;
+ }
+--- a/security/integrity/ima/ima_main.c
++++ b/security/integrity/ima/ima_main.c
+@@ -395,7 +395,9 @@ out:
+ /**
+ * ima_file_mmap - based on policy, collect/store measurement.
+ * @file: pointer to the file to be measured (May be NULL)
+- * @prot: contains the protection that will be applied by the kernel.
++ * @reqprot: protection requested by the application
++ * @prot: protection that will be applied by the kernel
++ * @flags: operational flags
+ *
+ * Measure files being mmapped executable based on the ima_must_measure()
+ * policy decision.
+@@ -403,7 +405,8 @@ out:
+ * On success return 0. On integrity appraisal error, assuming the file
+ * is in policy and IMA-appraisal is in enforcing mode, return -EACCES.
+ */
+-int ima_file_mmap(struct file *file, unsigned long prot)
++int ima_file_mmap(struct file *file, unsigned long reqprot,
++ unsigned long prot, unsigned long flags)
+ {
+ u32 secid;
+
+--- a/security/security.c
++++ b/security/security.c
+@@ -1592,12 +1592,13 @@ static inline unsigned long mmap_prot(st
+ int security_mmap_file(struct file *file, unsigned long prot,
+ unsigned long flags)
+ {
++ unsigned long prot_adj = mmap_prot(file, prot);
+ int ret;
+- ret = call_int_hook(mmap_file, 0, file, prot,
+- mmap_prot(file, prot), flags);
++
++ ret = call_int_hook(mmap_file, 0, file, prot, prot_adj, flags);
+ if (ret)
+ return ret;
+- return ima_file_mmap(file, prot);
++ return ima_file_mmap(file, prot, prot_adj, flags);
+ }
+
+ int security_mmap_addr(unsigned long addr)
projects / thirdparty / kernel / stable-queue.git / commitdiff
