Linux kernel development work - see feature branches https://git.zx2c4.com/linux-dev/atom/security/smack?h=master 2022-10-07T00:31:02Z 2022-10-07T00:31:02Z Linus Torvalds torvalds@linux-foundation.org 2022-10-07T00:31:02Z urn:sha1:4c0ed7d8d6e3dc013c4599a837de84794baa5b62 Pull vfs constification updates from Al Viro: "whack-a-mole: constifying struct path *" * tag 'pull-path' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: ecryptfs: constify path spufs: constify path nd_jump_link(): constify path audit_init_parent(): constify path __io_setxattr(): constify path do_proc_readlink(): constify path overlayfs: constify path fs/notify: constify path may_linkat(): constify path do_sys_name_to_handle(): constify path ->getprocattr(): attribute name is const char *, TYVM... 2022-10-04T00:38:09Z Linus Torvalds torvalds@linux-foundation.org 2022-10-04T00:38:09Z urn:sha1:74a0f84590eefaf0b55941e8bd8c476b35cdd40b Pull smack updates from Casey Schaufler: "Two minor code clean-ups: one removes constants left over from the old mount API, while the other gets rid of an unneeded variable. The other change fixes a flaw in handling IPv6 labeling" * tag 'Smack-for-6.1' of https://github.com/cschaufler/smack-next: smack: cleanup obsolete mount option flags smack: lsm: remove the unneeded result variable SMACK: Add sk_clone_security LSM hook 2022-09-27T17:33:03Z Xiu Jianfeng xiujianfeng@huawei.com 2022-09-08T10:35:43Z urn:sha1:cc71271f5b793d619f8a7d2ef905374102533c75 These mount option flags are obsolete since commit 12085b14a444 ("smack: switch to private smack_mnt_opts"), remove them. Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> 2022-09-27T17:33:03Z Xu Panda xu.panda@zte.com.cn 2022-09-12T10:05:36Z urn:sha1:d3f84f5c9627576b555976c7584514a2ca3ed02e Return the value smk_ptrace_rule_check() directly instead of storing it in another redundant variable. Reported-by: Zeal Robot <zealci@zte.com.cn> Signed-off-by: Xu Panda <xu.panda@zte.com.cn> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> 2022-09-27T17:33:03Z Lontke Michael michael.lontke@elektrobit.com 2022-08-31T12:03:26Z urn:sha1:4ca165fc6c49c3b0100f61524ffbca4743d46e8d Using smk_of_current() during sk_alloc_security hook leads in rare cases to a faulty initialization of the security context of the created socket. By adding the LSM hook sk_clone_security to SMACK this initialization fault is corrected by copying the security context of the old socket pointer to the newly cloned one. Co-authored-by: Martin Ostertag: <martin.ostertag@elektrobit.com> Signed-off-by: Lontke Michael <michael.lontke@elektrobit.com> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> 2022-09-01T21:34:39Z Al Viro viro@zeniv.linux.org.uk 2022-01-31T00:57:52Z urn:sha1:c8e477c649b40c1a073b7a843d89e51dc0037db7 cast of ->d_name.name to char * is completely wrong - nothing is allowed to modify its contents. Reviewed-by: Christian Brauner (Microsoft) <brauner@kernel.org> Acked-by: Paul Moore <paul@paul-moore.com> Acked-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2022-08-26T18:56:35Z Casey Schaufler casey@schaufler-ca.com 2022-08-23T23:46:18Z urn:sha1:dd9373402280cf4715fdc8fd5070f7d039e43511 Limit io_uring "cmd" options to files for which the caller has Smack read access. There may be cases where the cmd option may be closer to a write access than a read, but there is no way to make that determination. Cc: stable@vger.kernel.org Fixes: ee692a21e9bf ("fs,io_uring: add infrastructure for uring-cmd") Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Paul Moore <paul@paul-moore.com> 2022-08-01T18:26:09Z Xiu Jianfeng xiujianfeng@huawei.com 2022-06-10T09:23:07Z urn:sha1:aa16fb4b9e7e1057008d999138e7ae68a40bf167 It's not possible for inode->i_security to be NULL here because every inode will call inode_init_always and then lsm_inode_alloc to alloc memory for inode->security, this is what LSM infrastructure management do, so remove this redundant code. Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> 2022-08-01T18:26:09Z GONG, Ruiqi gongruiqi1@huawei.com 2022-06-06T08:17:14Z urn:sha1:63c3b5d2ca96b4a2a88ae01bea94021e874ce8fe Simplify the code by using kstrndup instead of kzalloc and strncpy in smk_parse_smack(), which meanwhile remove strncpy as [1] suggests. [1]: https://github.com/KSPP/linux/issues/90 Signed-off-by: GONG, Ruiqi <gongruiqi1@huawei.com> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> 2022-06-05T02:00:05Z Linus Torvalds torvalds@linux-foundation.org 2022-06-05T02:00:05Z urn:sha1:cbd76edeabd5ed078391abb2323b7aee790cdc04 Pull mount handling updates from Al Viro: "Cleanups (and one fix) around struct mount handling. The fix is usermode_driver.c one - once you've done kern_mount(), you must kern_unmount(); simple mntput() will end up with a leak. Several failure exits in there messed up that way... In practice you won't hit those particular failure exits without fault injection, though" * tag 'pull-18-rc1-work.mount' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: move mount-related externs from fs.h to mount.h blob_to_mnt(): kern_unmount() is needed to undo kern_mount() m->mnt_root->d_inode->i_sb is a weird way to spell m->mnt_sb... linux/mount.h: trim includes uninline may_mount() and don't opencode it in fspick(2)/fsopen(2)