[PATCH 5/9] LSM: Manage remaining security blobs

Casey Schaufler casey at schaufler-ca.com
Wed Nov 29 15:47:02 UTC 2017 

On 11/29/2017 3:21 AM, Tetsuo Handa wrote:
> Hello.
>
> I browsed https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1734686
> and found a problem with how security blob is initialized.
>
> Casey Schaufler wrote:
>> +/**
>> + * lsm_sock_alloc - allocate a composite sock blob
>> + * @sock: the sock that needs a blob
>> + * @priority: allocation mode
>> + *
>> + * Allocate the sock blob for all the modules
>> + *
>> + * Returns 0, or -ENOMEM if memory can't be allocated.
>> + */
>> +int lsm_sock_alloc(struct sock *sock, gfp_t priority)
>> +{
>> +#ifdef CONFIG_SECURITY_LSM_DEBUG
>> +	if (sock->sk_security)
>> +		pr_info("%s: Inbound sock blob is not NULL.\n", __func__);
>> +#endif
> If none of LSM modules use sock->sk_security, sock->sk_security is not
> initialized to NULL (and sk_prot_alloc() does not always use __GFP_ZERO).

Thank you. I will be working on the next revision real soon and
will include a fix for this.


>
>> +	if (blob_sizes.lbs_sock == 0)
>> +		return 0;
>> +
>> +	sock->sk_security = kzalloc(blob_sizes.lbs_sock, priority);
>> +	if (sock->sk_security == NULL)
>> +		return -ENOMEM;
>> +	return 0;
>> +}
>> @@ -1609,12 +1851,18 @@ EXPORT_SYMBOL(security_socket_getpeersec_dgram);
>>  
>>  int security_sk_alloc(struct sock *sk, int family, gfp_t priority)
>>  {
>> +	int rc = lsm_sock_alloc(sk, priority);
>> +
>> +	if (rc)
>> +		return rc;
> In that report, no major LSMs are active because apparmor=0 is passed at
> kernel command line. Thus, security_sk_alloc() does not initialize
> sk->sk_security field and
>
>>  	return call_int_hook(sk_alloc_security, 0, sk, family, priority);
>>  }
>>  
>>  void security_sk_free(struct sock *sk)
>>  {
>>  	call_void_hook(sk_free_security, sk);
> causes random oops at kfree().
>
>> +	kfree(sk->sk_security);
>> +	sk->sk_security = NULL;
>>  }
> --
> To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
> the body of a message to majordomo at vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>

--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

More information about the Linux-security-module-archive mailing list