Re: [PATCH v2] LSM: general protection fault in legacy_parse_param

From: Christian Brauner
Date: Fri Jan 28 2022 - 03:59:25 EST

Next message: Shawn Guo: "Re: [PATCH] arm64: dts: imx8: add mu5/6 node"
Previous message: Christian Brauner: "Re: [PATCH] selftests: fixup build warnings in pidfd / clone3 tests"
In reply to: Casey Schaufler: "Re: [PATCH v2] LSM: general protection fault in legacy_parse_param"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Jan 27, 2022 at 08:51:44AM -0800, Casey Schaufler wrote:
> The usual LSM hook "bail on fail" scheme doesn't work for cases where
> a security module may return an error code indicating that it does not
> recognize an input. In this particular case Smack sees a mount option
> that it recognizes, and returns 0. A call to a BPF hook follows, which
> returns -ENOPARAM, which confuses the caller because Smack has processed
> its data.
>
> The SELinux hook incorrectly returns 1 on success. There was a time
> when this was correct, however the current expectation is that it
> return 0 on success. This is repaired.
>
> Reported-by: syzbot+d1e3b1d92d25abf97943@xxxxxxxxxxxxxxxxxxxxxxxxx
> Signed-off-by: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
> ---

Looks good,
Acked-by: Christian Brauner <brauner@xxxxxxxxxx>

Next message: Shawn Guo: "Re: [PATCH] arm64: dts: imx8: add mu5/6 node"
Previous message: Christian Brauner: "Re: [PATCH] selftests: fixup build warnings in pidfd / clone3 tests"
In reply to: Casey Schaufler: "Re: [PATCH v2] LSM: general protection fault in legacy_parse_param"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]