5.12-stable patches

added patches:
	perf-core-fix-unconditional-security_locked_down-call.patch

diff --git a/queue-5.12/perf-core-fix-unconditional-security_locked_down-call.patch b/queue-5.12/perf-core-fix-unconditional-security_locked_down-call.patch
new file mode 100644 (file)
index 0000000..afd9182
--- /dev/null
+++ b/queue-5.12/perf-core-fix-unconditional-security_locked_down-call.patch
@@ -0,0 +1,54 @@
+From 08ef1af4de5fe7de9c6d69f1e22e51b66e385d9b Mon Sep 17 00:00:00 2001
+From: Ondrej Mosnacek <omosnace@redhat.com>
+Date: Wed, 24 Feb 2021 22:56:28 +0100
+Subject: perf/core: Fix unconditional security_locked_down() call
+
+From: Ondrej Mosnacek <omosnace@redhat.com>
+
+commit 08ef1af4de5fe7de9c6d69f1e22e51b66e385d9b upstream.
+
+Currently, the lockdown state is queried unconditionally, even though
+its result is used only if the PERF_SAMPLE_REGS_INTR bit is set in
+attr.sample_type. While that doesn't matter in case of the Lockdown LSM,
+it causes trouble with the SELinux's lockdown hook implementation.
+
+SELinux implements the locked_down hook with a check whether the current
+task's type has the corresponding "lockdown" class permission
+("integrity" or "confidentiality") allowed in the policy. This means
+that calling the hook when the access control decision would be ignored
+generates a bogus permission check and audit record.
+
+Fix this by checking sample_type first and only calling the hook when
+its result would be honored.
+
+Fixes: b0c8fdc7fdb7 ("lockdown: Lock down perf when in confidentiality mode")
+Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
+Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
+Reviewed-by: Paul Moore <paul@paul-moore.com>
+Link: https://lkml.kernel.org/r/20210224215628.192519-1-omosnace@redhat.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ kernel/events/core.c |   12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+--- a/kernel/events/core.c
++++ b/kernel/events/core.c
+@@ -11829,12 +11829,12 @@ SYSCALL_DEFINE5(perf_event_open,
+                       return err;
+       }
+ 
+-      err = security_locked_down(LOCKDOWN_PERF);
+-      if (err && (attr.sample_type & PERF_SAMPLE_REGS_INTR))
+-              /* REGS_INTR can leak data, lockdown must prevent this */
+-              return err;
+-
+-      err = 0;
++      /* REGS_INTR can leak data, lockdown must prevent this */
++      if (attr.sample_type & PERF_SAMPLE_REGS_INTR) {
++              err = security_locked_down(LOCKDOWN_PERF);
++              if (err)
++                      return err;
++      }
+ 
+       /*
+        * In cgroup mode, the pid argument is used to pass the fd

diff --git a/queue-5.12/series b/queue-5.12/series
index 8ac3534e709f27553370432c3bdb8443421c3864..7cd5dd3f364dc9d8c3f6677b8d8365c9650119bb 100644 (file)
--- a/queue-5.12/series
+++ b/queue-5.12/series
@@ -14,3 +14,4 @@ usb-add-reset-resume-quirk-for-wd19-s-realtek-hub.patch
 asoc-ak4458-add-module_device_table.patch
 asoc-ak5558-add-module_device_table.patch
 platform-x86-thinkpad_acpi-correct-thermal-sensor-allocation.patch
+perf-core-fix-unconditional-security_locked_down-call.patch