From: Sasha Levin Date: Mon, 28 Oct 2024 00:24:29 +0000 (-0400) Subject: Fixes for 6.6 X-Git-Tag: v5.15.170~24^2~5 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5943f099f1a84cfc8798313fa269e7c18db99cc9;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 6.6 Signed-off-by: Sasha Levin --- diff --git a/queue-6.6/selinux-improve-error-checking-in-sel_write_load.patch b/queue-6.6/selinux-improve-error-checking-in-sel_write_load.patch new file mode 100644 index 00000000000..c463325bf30 --- /dev/null +++ b/queue-6.6/selinux-improve-error-checking-in-sel_write_load.patch @@ -0,0 +1,101 @@ +From ff6a20175559e87b34d2b0457d32cd53b4ac7884 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 25 Oct 2024 11:20:21 -0300 +Subject: selinux: improve error checking in sel_write_load() + +From: Paul Moore + +[ Upstream commit 42c773238037c90b3302bf37a57ae3b5c3f6004a ] + +Move our existing input sanity checking to the top of sel_write_load() +and add a check to ensure the buffer size is non-zero. + +Move a local variable initialization from the declaration to before it +is used. + +Minor style adjustments. + +Reported-by: Sam Sun +Signed-off-by: Paul Moore +Signed-off-by: Thadeu Lima de Souza Cascardo +Signed-off-by: Sasha Levin +--- + security/selinux/selinuxfs.c | 30 ++++++++++++++++-------------- + 1 file changed, 16 insertions(+), 14 deletions(-) + +diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c +index 2c23a5a286086..54bc18e8164b3 100644 +--- a/security/selinux/selinuxfs.c ++++ b/security/selinux/selinuxfs.c +@@ -582,11 +582,18 @@ static ssize_t sel_write_load(struct file *file, const char __user *buf, + size_t count, loff_t *ppos) + + { +- struct selinux_fs_info *fsi = file_inode(file)->i_sb->s_fs_info; ++ struct selinux_fs_info *fsi; + struct selinux_load_state load_state; + ssize_t length; + void *data = NULL; + ++ /* no partial writes */ ++ if (*ppos) ++ return -EINVAL; ++ /* no empty policies */ ++ if (!count) ++ return -EINVAL; ++ + mutex_lock(&selinux_state.policy_mutex); + + length = avc_has_perm(current_sid(), SECINITSID_SECURITY, +@@ -594,26 +601,22 @@ static ssize_t sel_write_load(struct file *file, const char __user *buf, + if (length) + goto out; + +- /* No partial writes. */ +- length = -EINVAL; +- if (*ppos != 0) +- goto out; +- +- length = -ENOMEM; + data = vmalloc(count); +- if (!data) ++ if (!data) { ++ length = -ENOMEM; + goto out; +- +- length = -EFAULT; +- if (copy_from_user(data, buf, count) != 0) ++ } ++ if (copy_from_user(data, buf, count) != 0) { ++ length = -EFAULT; + goto out; ++ } + + length = security_load_policy(data, count, &load_state); + if (length) { + pr_warn_ratelimited("SELinux: failed to load policy\n"); + goto out; + } +- ++ fsi = file_inode(file)->i_sb->s_fs_info; + length = sel_make_policy_nodes(fsi, load_state.policy); + if (length) { + pr_warn_ratelimited("SELinux: failed to initialize selinuxfs\n"); +@@ -622,13 +625,12 @@ static ssize_t sel_write_load(struct file *file, const char __user *buf, + } + + selinux_policy_commit(&load_state); +- + length = count; +- + audit_log(audit_context(), GFP_KERNEL, AUDIT_MAC_POLICY_LOAD, + "auid=%u ses=%u lsm=selinux res=1", + from_kuid(&init_user_ns, audit_get_loginuid(current)), + audit_get_sessionid(current)); ++ + out: + mutex_unlock(&selinux_state.policy_mutex); + vfree(data); +-- +2.43.0 + diff --git a/queue-6.6/series b/queue-6.6/series index ffe134c010d..a050d33b1e0 100644 --- a/queue-6.6/series +++ b/queue-6.6/series @@ -174,3 +174,4 @@ alsa-hda-realtek-update-default-depop-procedure.patch smb-client-handle-kstrdup-failures-for-passwords.patch cpufreq-cppc-move-and-rename-cppc_cpufreq_-perf_to_k.patch cpufreq-cppc-fix-perf_to_khz-khz_to_perf-conversion-.patch +selinux-improve-error-checking-in-sel_write_load.patch