[PATCH] Do not require attributes for security_inode_init_security.
Paul Moore
paul at paul-moore.com
Mon Mar 25 21:08:54 UTC 2024
On Sun, Mar 24, 2024 at 6:33 PM Greg Wettstein <greg at enjellic.com> wrote:
>
> The integration of the Integrity Measurement Architecture (IMA)
> into the LSM infrastructure introduced a conditional check that
> denies access to the security_inode_init_security() event handler
> if the LSM extended attribute 'blob' size is 0.
>
> This changes the previous behavior of this event handler and
> results in variable behavior of LSM's depending on the LSM boot
> configuration.
>
> Modify the function so that it removes the need for a non-zero
> extended attribute blob size and bypasses the memory allocation
> and freeing that is not needed if the LSM infrastructure is not
> using extended attributes.
>
> Use a break statement to exit the loop that is iterating over the
> defined handlers for this event if a halting error condition is
> generated by one of the invoked LSM handlers. The checks for how
> to handle cleanup are executed at the end of the loop regardless
> of how the loop terminates.
>
> A two exit label strategy is implemented. One of the exit
> labels is a target for the no attribute case while the second is
> the target for the case where memory allocated for processing of
> extended attributes needs to be freed.
>
> Signed-off-by: Greg Wettstein <greg at enjellic.com>
> ---
> security/security.c | 24 ++++++++++++------------
> 1 file changed, 12 insertions(+), 12 deletions(-)
>
> diff --git a/security/security.c b/security/security.c
> index 7035ee35a393..a0b52b964688 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -1717,10 +1717,7 @@ int security_inode_init_security(struct inode *inode, struct inode *dir,
> if (unlikely(IS_PRIVATE(inode)))
> return 0;
>
> - if (!blob_sizes.lbs_xattr_count)
> - return 0;
> -
> - if (initxattrs) {
> + if (blob_sizes.lbs_xattr_count && initxattrs) {
> /* Allocate +1 for EVM and +1 as terminator. */
> new_xattrs = kcalloc(blob_sizes.lbs_xattr_count + 2,
> sizeof(*new_xattrs), GFP_NOFS);
> @@ -1733,7 +1730,7 @@ int security_inode_init_security(struct inode *inode, struct inode *dir,
> ret = hp->hook.inode_init_security(inode, dir, qstr, new_xattrs,
> &xattr_count);
> if (ret && ret != -EOPNOTSUPP)
> - goto out;
> + break;
> /*
> * As documented in lsm_hooks.h, -EOPNOTSUPP in this context
> * means that the LSM is not willing to provide an xattr, not
> @@ -1742,19 +1739,22 @@ int security_inode_init_security(struct inode *inode, struct inode *dir,
> */
> }
>
> - /* If initxattrs() is NULL, xattr_count is zero, skip the call. */
> - if (!xattr_count)
> - goto out;
> + /* Skip xattr processing if no attributes are in use. */
> + if (!blob_sizes.lbs_xattr_count)
> + goto out2;
> + /* No attrs or an LSM returned an actionable error code. */
> + if (!xattr_count || (ret && ret != -EOPNOTSUPP))
> + goto out1;
>
> ret = evm_inode_init_security(inode, dir, qstr, new_xattrs,
> &xattr_count);
> - if (ret)
> - goto out;
> - ret = initxattrs(inode, new_xattrs, fs_data);
> -out:
> + if (!ret)
> + ret = initxattrs(inode, new_xattrs, fs_data);
> + out1:
> for (; xattr_count > 0; xattr_count--)
> kfree(new_xattrs[xattr_count - 1].value);
> kfree(new_xattrs);
> + out2:
> return (ret == -EOPNOTSUPP) ? 0 : ret;
> }
> EXPORT_SYMBOL(security_inode_init_security);
> --
> 2.39.1
Looking at this quickly, why does something like the following not work?
[WARNING: copy-n-paste patch, likely whitespace damaged]
diff --git a/security/security.c b/security/security.c
index 7e118858b545..007ce438e636 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1712,10 +1712,7 @@ int security_inode_init_security(struct inode *inode, str
uct inode *dir,
if (unlikely(IS_PRIVATE(inode)))
return 0;
- if (!blob_sizes.lbs_xattr_count)
- return 0;
-
- if (initxattrs) {
+ if (initxattrs && blob_sizes.lbs_xattr_count) {
/* Allocate +1 as terminator. */
new_xattrs = kcalloc(blob_sizes.lbs_xattr_count + 1,
sizeof(*new_xattrs), GFP_NOFS);
--
paul-moore.com
More information about the Linux-security-module-archive
mailing list