[PATCH v2] LSM: general protection fault in legacy_parse_param
Christian Brauner
brauner at kernel.org
Fri Jan 28 08:59:14 UTC 2022
On Thu, Jan 27, 2022 at 08:51:44AM -0800, Casey Schaufler wrote:
> The usual LSM hook "bail on fail" scheme doesn't work for cases where
> a security module may return an error code indicating that it does not
> recognize an input. In this particular case Smack sees a mount option
> that it recognizes, and returns 0. A call to a BPF hook follows, which
> returns -ENOPARAM, which confuses the caller because Smack has processed
> its data.
>
> The SELinux hook incorrectly returns 1 on success. There was a time
> when this was correct, however the current expectation is that it
> return 0 on success. This is repaired.
>
> Reported-by: syzbot+d1e3b1d92d25abf97943 at syzkaller.appspotmail.com
> Signed-off-by: Casey Schaufler <casey at schaufler-ca.com>
> ---
Looks good,
Acked-by: Christian Brauner <brauner at kernel.org>
More information about the Linux-security-module-archive
mailing list