Re: [PATCH] security: fix the key_permission LSM hook function type

From: James Morris
Date: Mon Jun 22 2020 - 13:38:31 EST

Next message: yunaixin03610: "[PATCH 5/5] Huawei BMA: Adding Huawei BMA driver: host_kbox_drv"
Previous message: Bruno Meneguele: "Re: [PATCH] Revert "kernel/printk: add kmsg SEEK_CUR handling""
In reply to: Kees Cook: "Re: [PATCH] security: fix the key_permission LSM hook function type"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 15 Jun 2020, Sami Tolvanen wrote:

> Commit 8c0637e950d6 ("keys: Make the KEY_NEED_* perms an enum rather than
> a mask") changed the type of the key_permission callback functions, but
> didn't change the type of the hook, which trips indirect call checking with
> Control-Flow Integrity (CFI). This change fixes the issue by changing the
> hook type to match the functions.
>
> Fixes: 8c0637e950d6 ("keys: Make the KEY_NEED_* perms an enum rather than a mask")
> Signed-off-by: Sami Tolvanen <samitolvanen@xxxxxxxxxx>

Applied to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git fixes-v5.8

NOTE: please cc: the LSM list with patches such as these.

--
James Morris
<jmorris@xxxxxxxxx>

Next message: yunaixin03610: "[PATCH 5/5] Huawei BMA: Adding Huawei BMA driver: host_kbox_drv"
Previous message: Bruno Meneguele: "Re: [PATCH] Revert "kernel/printk: add kmsg SEEK_CUR handling""
In reply to: Kees Cook: "Re: [PATCH] security: fix the key_permission LSM hook function type"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]