Linux Kernel https://git.stealer.net/cgit.cgi/user/sven/linux.git/atom?h=v4.19.53 2019-06-09T07:17:21Z 2019-06-09T07:17:21Z Roberto Sassu roberto.sassu@huawei.com 2019-05-29T13:30:33Z urn:sha1:6e322a9e42cd9099121e786b326bc840ac28b5e0 commit 221be106d75c1b511973301542f47d6000d0b63e upstream. This patch prevents memory access beyond the evm_tfm array by checking the validity of the index (hash algorithm) passed to init_desc(). The hash algorithm can be arbitrarily set if the security.ima xattr type is not EVM_XATTR_HMAC. Fixes: 5feeb61183dde ("evm: Allow non-SHA1 digital signatures") Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> Cc: stable@vger.kernel.org Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2019-06-09T07:17:21Z Roberto Sassu roberto.sassu@huawei.com 2019-05-29T13:30:35Z urn:sha1:f85b87a9a2a8bdd2eee28a378a7124d775800122 commit 8cdc23a3d9ec0944000ad43bad588e36afdc38cd upstream. Show the '^' character when a policy rule has flag IMA_INMASK. Fixes: 80eae209d63ac ("IMA: allow reading back the current IMA policy") Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> Cc: stable@vger.kernel.org Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2019-05-31T13:46:31Z Arnd Bergmann arnd@arndb.de 2019-03-25T14:23:11Z urn:sha1:a2ace9b243878ab2c3392a08df47faaca1edaf14 [ Upstream commit 98bbbb76f2edcfb8fb2b8f4b3ccc7b6e99d64bd8 ] clang correctly points out a code path that would lead to an uninitialized variable use: security/selinux/netlabel.c:310:6: error: variable 'addr' is used uninitialized whenever 'if' condition is false [-Werror,-Wsometimes-uninitialized] if (ip_hdr(skb)->version == 4) { ^~~~~~~~~~~~~~~~~~~~~~~~~ security/selinux/netlabel.c:322:40: note: uninitialized use occurs here rc = netlbl_conn_setattr(ep->base.sk, addr, &secattr); ^~~~ security/selinux/netlabel.c:310:2: note: remove the 'if' if its condition is always true if (ip_hdr(skb)->version == 4) { ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ security/selinux/netlabel.c:291:23: note: initialize the variable 'addr' to silence this warning struct sockaddr *addr; ^ = NULL This is probably harmless since we should not see ipv6 packets of CONFIG_IPV6 is disabled, but it's better to rearrange the code so this cannot happen. Signed-off-by: Arnd Bergmann <arnd@arndb.de> [PM: removed old patchwork link, fixed checkpatch.pl style errors] Signed-off-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Sasha Levin <sashal@kernel.org> 2019-05-25T16:23:42Z Al Viro viro@zeniv.linux.org.uk 2019-04-10T18:04:34Z urn:sha1:b21ca2769b0f79840749674b98b3e3b7f5730e17 [ Upstream commit f51dcd0f621caac5380ce90fbbeafc32ce4517ae ] symlink body shouldn't be freed without an RCU delay. Switch apparmorfs to ->destroy_inode() and use of call_rcu(); free both the inode and symlink body in the callback. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Sasha Levin <sashal@kernel.org> 2019-05-25T16:23:42Z Al Viro viro@zeniv.linux.org.uk 2019-04-10T18:03:45Z urn:sha1:9a0467e1f67155c126e5857b1d3ae2ac8b009aa5 [ Upstream commit 46c874419652bbefdfed17420fd6e88d8a31d9ec ] symlink body shouldn't be freed without an RCU delay. Switch securityfs to ->destroy_inode() and use of call_rcu(); free both the inode and symlink body in the callback. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Sasha Levin <sashal@kernel.org> 2019-05-16T17:41:30Z Paolo Abeni pabeni@redhat.com 2019-05-08T13:32:51Z urn:sha1:dfdfad3d188f6c524c06b469d3bbfe6af5004f71 [ Upstream commit c7e0d6cca86581092cbbf2cd868b3601495554cf ] calling connect(AF_UNSPEC) on an already connected TCP socket is an established way to disconnect() such socket. After commit 68741a8adab9 ("selinux: Fix ltp test connect-syscall failure") it no longer works and, in the above scenario connect() fails with EAFNOSUPPORT. Fix the above falling back to the generic/old code when the address family is not AF_INET{4,6}, but leave the SCTP code path untouched, as it has specific constraints. Fixes: 68741a8adab9 ("selinux: Fix ltp test connect-syscall failure") Reported-by: Tom Deseyn <tdeseyn@redhat.com> Signed-off-by: Paolo Abeni <pabeni@redhat.com> Reviewed-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2019-05-08T05:21:54Z Ondrej Mosnacek omosnace@redhat.com 2018-12-21T20:18:52Z urn:sha1:574be221407e4f4780c413a87f1fc27dea86995f commit a83d6ddaebe541570291205cb538e35ad4ff94f9 upstream. In the SECURITY_FS_USE_MNTPOINT case we never want to allow relabeling files/directories, so we should never set the SBLABEL_MNT flag. The 'special handling' in selinux_is_sblabel_mnt() is only intended for when the behavior is set to SECURITY_FS_USE_GENFS. While there, make the logic in selinux_is_sblabel_mnt() more explicit and add a BUILD_BUG_ON() to make sure that introducing a new SECURITY_FS_USE_* forces a review of the logic. Fixes: d5f3a5f6e7e7 ("selinux: add security in-core xattr support for pstore and debugfs") Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> Reviewed-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2019-05-08T05:21:54Z Stephen Smalley sds@tycho.nsa.gov 2018-12-12T15:10:55Z urn:sha1:6b13ae52ac75da7970fde9d08c495a5671605473 commit 3a28cff3bd4bf43f02be0c4e7933aebf3dc8197e upstream. commit 0dc1ba24f7fff6 ("SELINUX: Make selinux cache VFS RCU walks safe") results in no audit messages at all if in permissive mode because the cache is updated during the rcu walk and thus no denial occurs on the subsequent ref walk. Fix this by not updating the cache when performing a non-blocking permission check. This only affects search and symlink read checks during rcu walk. Fixes: 0dc1ba24f7fff6 ("SELINUX: Make selinux cache VFS RCU walks safe") Reported-by: BMK <bmktuwien@gmail.com> Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2019-05-04T07:20:10Z Paulo Alcantara paulo@paulo.ac 2019-02-25T00:55:28Z urn:sha1:145f6a70bb9b422a6df5fb8b9408046151f3e4f9 commit dfbd199a7cfe3e3cd8531e1353cdbd7175bfbc5e upstream. When compiling genheaders and mdp from a newer host kernel, the following error happens: In file included from scripts/selinux/genheaders/genheaders.c:18: ./security/selinux/include/classmap.h:238:2: error: #error New address family defined, please update secclass_map. #error New address family defined, please update secclass_map. ^~~~~ make[3]: *** [scripts/Makefile.host:107: scripts/selinux/genheaders/genheaders] Error 1 make[2]: *** [scripts/Makefile.build:599: scripts/selinux/genheaders] Error 2 make[1]: *** [scripts/Makefile.build:599: scripts/selinux] Error 2 make[1]: *** Waiting for unfinished jobs.... Instead of relying on the host definition, include linux/socket.h in classmap.h to have PF_MAX. Cc: stable@vger.kernel.org Signed-off-by: Paulo Alcantara <paulo@paulo.ac> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> [PM: manually merge in mdp.c, subject line tweaks] Signed-off-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2019-04-27T07:36:40Z Jann Horn jannh@google.com 2019-03-19T01:36:59Z urn:sha1:628c99a836dde71a4e415859359b7ebecdb3d363 commit 0fcc4c8c044e117ac126ab6df4138ea9a67fa2a9 upstream. When dev_exception_add() returns an error (due to a failed memory allocation), make sure that we move the RCU preemption count back to where it was before we were called. We dropped the RCU read lock inside the loop body, so we can't just "break". sparse complains about this, too: $ make -s C=2 security/device_cgroup.o ./include/linux/rcupdate.h:647:9: warning: context imbalance in 'propagate_exception' - unexpected unlock Fixes: d591fb56618f ("device_cgroup: simplify cgroup tree walk in propagate_exception()") Cc: stable@vger.kernel.org Signed-off-by: Jann Horn <jannh@google.com> Acked-by: Michal Hocko <mhocko@suse.com> Signed-off-by: Tejun Heo <tj@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>