[PATCH v10 04/11] landlock: Support file truncation
Günther Noack
gnoack3000 at gmail.com
Tue Oct 18 18:29:57 UTC 2022
To simplify the review - let me highlight the part that is new in V10
and which fixes the bug which Nathan spotted on ARM64.
(The other changes in V10 are only changes to documentation pulled
from Mickaël's -next branch.)
On Tue, Oct 18, 2022 at 08:22:09PM +0200, Günther Noack wrote:
> Introduce the LANDLOCK_ACCESS_FS_TRUNCATE flag for file truncation.
> ...
> In security/security.c, allocate security blobs at pointer-aligned
> offsets. This fixes the problem where one LSM's security blob can
> shift another LSM's security blob to an unaligned address. (Reported
> by Nathan Chancellor)
The corresponding implementation is:
> diff --git a/security/security.c b/security/security.c
> index b55596958d0c..e0fe4ba39eb9 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -185,11 +185,12 @@ static void __init lsm_set_blob_size(int *need, int *lbs)
> {
> int offset;
>
> - if (*need > 0) {
> - offset = *lbs;
> - *lbs += *need;
> - *need = offset;
> - }
> + if (*need <= 0)
> + return;
> +
> + offset = ALIGN(*lbs, sizeof(void *));
> + *lbs = offset + *need;
> + *need = offset;
> }
(As discussed previously in
https://lore.kernel.org/all/Y07rP%2FYNYxvQzOei@nuc/)
—Günther
--
More information about the Linux-security-module-archive
mailing list