Message ID | 20230331123221.3273328-2-roberto.sassu@huaweicloud.com |
---|---|
State | New |
Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp535580vqo; Fri, 31 Mar 2023 05:46:41 -0700 (PDT) X-Google-Smtp-Source: AKy350bpx8ec2V4d79ZVOo0NCq5TTfnwSPvjaZDwJ7JjYTO6pVsK3piyQTdcayyA5eRMkJEZPuNL X-Received: by 2002:a17:906:298c:b0:933:37f4:2fe0 with SMTP id x12-20020a170906298c00b0093337f42fe0mr28505104eje.46.1680266801253; Fri, 31 Mar 2023 05:46:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1680266801; cv=none; d=google.com; s=arc-20160816; b=u3J+GYYKNEheiJcnH1IDDTYgy8Nfd6X9M8OiNULWj00pBsQmlWqjqVcvra2v8CQFNo 5VtEBg9bdZiZHHwBasTTjgo/Ngnn8uWGKWXCGTG818g9HV+yrzJ6Hyg/vEazZGm76g1E t8e3sYfOcJDARYcTOgpaTMfW7dmFBUWyhF7FsEn4YwMqbypRjilgCiUGyhbxNcDtCeKw LKvz9UTdtNNXei9k0duVCRvRbtEskxlpJ2qe+/IK1k0XJFnMjYbv3FkNaHfukt7BtmnJ ZNs7tvKO0ftwToTxk0/5guUzAUuIvfJ1la5wy6GjcQFjKzxAR567R6qw2ZWpETIen9sJ kLKw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=EMVWw3xh0cgdul7y1bYDO1qWiggFpZKxWJtt9w7/vVU=; b=oy+8uij77ZCgWYGcsJ+oYamdx3eRbcK0Kbj/06kocCPD3lhfsERQyLPZxBqxynWUtY Qtf5k3p5ntFav0St25Wy1yALfEtec3U1hPn08VhMt2CgyGv4c9QilP3SXRXLPH34cW1F SYgd9RE3GSLkw4W5bSWpIb2Rldjv/AVnMoqQgnpeGKVAxMmSGAjh2sF2DWLfpEWbe+kL vSTBsgQ0C/O3uP3atcP8xRVgDd3kyM7N4kjtEUSVYsvnDS3Fg7WDpUZA3WCqwo1CrJT+ tidNJd1woIa9VmiP8Co6insmVRqL2q9H/5Jfzd5SYFFshM+FLBoeOugCjrp8bP74bopX YeKQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id pk10-20020a170906d7aa00b0092bf1091806si220083ejb.748.2023.03.31.05.46.17; Fri, 31 Mar 2023 05:46:41 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232474AbjCaMdT (ORCPT <rfc822;hjfbswb@gmail.com> + 99 others); Fri, 31 Mar 2023 08:33:19 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52026 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231576AbjCaMdL (ORCPT <rfc822;linux-kernel@vger.kernel.org>); Fri, 31 Mar 2023 08:33:11 -0400 Received: from frasgout11.his.huawei.com (frasgout11.his.huawei.com [14.137.139.23]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E59EE1D2DB; Fri, 31 Mar 2023 05:33:09 -0700 (PDT) Received: from mail02.huawei.com (unknown [172.18.147.227]) by frasgout11.his.huawei.com (SkyGuard) with ESMTP id 4Pnzwq51mxz9xHvc; Fri, 31 Mar 2023 20:23:55 +0800 (CST) Received: from huaweicloud.com (unknown [10.204.63.22]) by APP2 (Coremail) with SMTP id GxC2BwDnumHa0iZkr6ziAQ--.5882S3; Fri, 31 Mar 2023 13:32:45 +0100 (CET) From: Roberto Sassu <roberto.sassu@huaweicloud.com> To: zohar@linux.ibm.com, dmitry.kasatkin@gmail.com, paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com, stephen.smalley.work@gmail.com, eparis@parisplace.org, casey@schaufler-ca.com Cc: reiserfs-devel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, bpf@vger.kernel.org, kpsingh@kernel.org, keescook@chromium.org, nicolas.bouchinet@clip-os.org, Roberto Sassu <roberto.sassu@huawei.com>, stable@vger.kernel.org Subject: [PATCH v10 1/4] reiserfs: Add security prefix to xattr name in reiserfs_security_write() Date: Fri, 31 Mar 2023 14:32:18 +0200 Message-Id: <20230331123221.3273328-2-roberto.sassu@huaweicloud.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230331123221.3273328-1-roberto.sassu@huaweicloud.com> References: <20230331123221.3273328-1-roberto.sassu@huaweicloud.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-CM-TRANSID: GxC2BwDnumHa0iZkr6ziAQ--.5882S3 X-Coremail-Antispam: 1UD129KBjvJXoW7Zw17Aw13Xr18GrW3tFW5KFg_yoW8ur15pF WUKa4DCr1DJFnFg3sayanrua4IgrWrGrW7WwsxJ34DAanxZw1xtFW8Kry3WrWxGFWDJr9F qa1UKw45A3WrAwUanT9S1TB71UUUUU7qnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUUPqb4IE77IF4wAFF20E14v26rWj6s0DM7CY07I20VC2zVCF04k2 6cxKx2IYs7xG6rWj6s0DM7CIcVAFz4kK6r1j6r18M28IrcIa0xkI8VA2jI8067AKxVWUGw A2048vs2IY020Ec7CjxVAFwI0_Gr0_Xr1l8cAvFVAK0II2c7xJM28CjxkF64kEwVA0rcxS w2x7M28EF7xvwVC0I7IYx2IY67AKxVWUCVW8JwA2z4x0Y4vE2Ix0cI8IcVCY1x0267AKxV W8Jr0_Cr1UM28EF7xvwVC2z280aVAFwI0_Gr0_Cr1l84ACjcxK6I8E87Iv6xkF7I0E14v2 6r4UJVWxJr1le2I262IYc4CY6c8Ij28IcVAaY2xG8wAqx4xG64xvF2IEw4CE5I8CrVC2j2 WlYx0E2Ix0cI8IcVAFwI0_Jrv_JF1lYx0Ex4A2jsIE14v26r1j6r4UMcvjeVCFs4IE7xkE bVWUJVW8JwACjcxG0xvY0x0EwIxGrwACI402YVCY1x02628vn2kIc2xKxwCY1x0262kKe7 AKxVW8ZVWrXwCF04k20xvY0x0EwIxGrwCFx2IqxVCFs4IE7xkEbVWUJVW8JwC20s026c02 F40E14v26r1j6r18MI8I3I0E7480Y4vE14v26r106r1rMI8E67AF67kF1VAFwI0_GFv_Wr ylIxkGc2Ij64vIr41lIxAIcVC0I7IYx2IY67AKxVWUCVW8JwCI42IY6xIIjxv20xvEc7Cj xVAFwI0_Gr1j6F4UJwCI42IY6xAIw20EY4v20xvaj40_Jr0_JF4lIxAIcVC2z280aVAFwI 0_Gr0_Cr1lIxAIcVC2z280aVCY1x0267AKxVW8Jr0_Cr1UYxBIdaVFxhVjvjDU0xZFpf9x 07j6pB-UUUUU= X-CM-SenderInfo: purev21wro2thvvxqx5xdzvxpfor3voofrz/1tbiAQANBF1jj4tpgQAAsa X-CFilter-Loop: Reflected X-Spam-Status: No, score=0.0 required=5.0 tests=SPF_HELO_NONE,SPF_NONE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: <linux-kernel.vger.kernel.org> X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1761887441606098055?= X-GMAIL-MSGID: =?utf-8?q?1761887441606098055?= |
Series |
evm: Do HMAC of multiple per LSM xattrs for new inodes
|
|
Commit Message
Roberto Sassu
March 31, 2023, 12:32 p.m. UTC
From: Roberto Sassu <roberto.sassu@huawei.com> Reiserfs sets a security xattr at inode creation time in two stages: first, it calls reiserfs_security_init() to obtain the xattr from active LSMs; then, it calls reiserfs_security_write() to actually write that xattr. Unfortunately, it seems there is a wrong expectation that LSMs provide the full xattr name in the form 'security.<suffix>'. However, LSMs always provided just the suffix, causing reiserfs to not write the xattr at all (if the suffix is shorter than the prefix), or to write an xattr with the wrong name. Add a temporary buffer in reiserfs_security_write(), and write to it the full xattr name, before passing it to reiserfs_xattr_set_handle(). Also replace the name length check with a check that the full xattr name is not larger than XATTR_NAME_MAX. Cc: stable@vger.kernel.org # v2.6.x Fixes: 57fe60df6241 ("reiserfs: add atomic addition of selinux attributes during inode creation") Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> --- fs/reiserfs/xattr_security.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-)
Comments
On Fri, Mar 31, 2023 at 8:33 AM Roberto Sassu <roberto.sassu@huaweicloud.com> wrote: > > From: Roberto Sassu <roberto.sassu@huawei.com> > > Reiserfs sets a security xattr at inode creation time in two stages: first, > it calls reiserfs_security_init() to obtain the xattr from active LSMs; > then, it calls reiserfs_security_write() to actually write that xattr. > > Unfortunately, it seems there is a wrong expectation that LSMs provide the > full xattr name in the form 'security.<suffix>'. However, LSMs always > provided just the suffix, causing reiserfs to not write the xattr at all > (if the suffix is shorter than the prefix), or to write an xattr with the > wrong name. > > Add a temporary buffer in reiserfs_security_write(), and write to it the > full xattr name, before passing it to reiserfs_xattr_set_handle(). > > Also replace the name length check with a check that the full xattr name is > not larger than XATTR_NAME_MAX. > > Cc: stable@vger.kernel.org # v2.6.x > Fixes: 57fe60df6241 ("reiserfs: add atomic addition of selinux attributes during inode creation") > Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> > --- > fs/reiserfs/xattr_security.c | 8 ++++++-- > 1 file changed, 6 insertions(+), 2 deletions(-) This looks good to me, thanks. While normally I would merge something like this into the lsm/stable-X.Y branch, I'm going to merge it into lsm/next to give it a week or two of extra testing. I think anyone who is using reiserfs+LSM (doubtful as it looks horribly broken) would be okay with waiting a few more days at this point :)
diff --git a/fs/reiserfs/xattr_security.c b/fs/reiserfs/xattr_security.c index 6bffdf9a4fd..6e0a099dd78 100644 --- a/fs/reiserfs/xattr_security.c +++ b/fs/reiserfs/xattr_security.c @@ -95,11 +95,15 @@ int reiserfs_security_write(struct reiserfs_transaction_handle *th, struct inode *inode, struct reiserfs_security_handle *sec) { + char xattr_name[XATTR_NAME_MAX + 1] = XATTR_SECURITY_PREFIX; int error; - if (strlen(sec->name) < sizeof(XATTR_SECURITY_PREFIX)) + + if (XATTR_SECURITY_PREFIX_LEN + strlen(sec->name) > XATTR_NAME_MAX) return -EINVAL; - error = reiserfs_xattr_set_handle(th, inode, sec->name, sec->value, + strlcat(xattr_name, sec->name, sizeof(xattr_name)); + + error = reiserfs_xattr_set_handle(th, inode, xattr_name, sec->value, sec->length, XATTR_CREATE); if (error == -ENODATA || error == -EOPNOTSUPP) error = 0;