1. 11 Feb, 2015 1 commit
    • Paul Moore's avatar
      cipso: don't use IPCB() to locate the CIPSO IP option · 04f81f01
      Paul Moore authored
      Using the IPCB() macro to get the IPv4 options is convenient, but
      unfortunately NetLabel often needs to examine the CIPSO option outside
      of the scope of the IP layer in the stack.  While historically IPCB()
      worked above the IP layer, due to the inclusion of the inet_skb_param
      struct at the head of the {tcp,udp}_skb_cb structs, recent commit
      971f10ec ("tcp: better TCP_SKB_CB layout to reduce cache line misses")
      reordered the tcp_skb_cb struct and invalidated this IPCB() trick.
      
      This patch fixes the problem by creating a new function,
      cipso_v4_optptr(), which locates the CIPSO option inside the IP header
      without calling IPCB().  Unfortunately, this isn't as fast as a simple
      lookup so some additional tweaks were made to limit the use of this
      new function.
      
      Cc: <stable@vger.kernel.org> # 3.18
      Reported-by: default avatarCasey Schaufler <casey@schaufler-ca.com>
      Signed-off-by: default avatarPaul Moore <pmoore@redhat.com>
      Tested-by: default avatarCasey Schaufler <casey@schaufler-ca.com>
      04f81f01
  2. 04 Feb, 2015 4 commits
  3. 02 Feb, 2015 1 commit
  4. 29 Jan, 2015 2 commits
  5. 23 Jan, 2015 3 commits
    • Casey Schaufler's avatar
      Smack: Repair netfilter dependency · 82b0b2c2
      Casey Schaufler authored
      On 1/23/2015 8:20 AM, Jim Davis wrote:
      > Building with the attached random configuration file,
      >
      > security/smack/smack_netfilter.c: In function ‘smack_ipv4_output’:
      > security/smack/smack_netfilter.c:55:6: error: ‘struct sk_buff’ has no
      > member named ‘secmark’
      >    skb->secmark = skp->smk_secid;
      >       ^
      > make[2]: *** [security/smack/smack_netfilter.o] Error 1
      
      The existing Makefile used the wrong configuration option to
      determine if smack_netfilter should be built. This sets it right.
      Signed-off-by: default avatarCasey Schaufler <casey@schaufler-ca.com>
      82b0b2c2
    • Arnd Bergmann's avatar
      X.509: silence asn1 compiler debug output · e994393a
      Arnd Bergmann authored
      The asn1_compiler process is particularly chatty and produces
      about the only stdout output for an allmodconfig kernel.
      
      In order to follow the general concept of 'no news is good
      news' for building kernels, this hides all the existing output
      unless the KBUILD_VERBOSE environment variable is set.
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      e994393a
    • Arnd Bergmann's avatar
      X.509: shut up about included cert for silent build · 89f703f0
      Arnd Bergmann authored
      Every kernel build that includes X.509 support prints out
      a message like
      
       - Including cert signing_key.x509
      
      This may be useful for some cases, but when doing automated
      build tests, it just means noise.
      
      To hide the message, this uses '$(kecho)' for printing the
      message, which means we still see it when building with V=1,
      but not at the normal level or when building with 'make -s'.
      Signed-off-by: default avatarArnd Bergmann <arnd@arnd.de>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      89f703f0
  6. 22 Jan, 2015 4 commits
  7. 21 Jan, 2015 4 commits
    • Andrey Ryabinin's avatar
      smack: fix possible use after frees in task_security() callers · 6d1cff2a
      Andrey Ryabinin authored
      We hit use after free on dereferncing pointer to task_smack struct in
      smk_of_task() called from smack_task_to_inode().
      
      task_security() macro uses task_cred_xxx() to get pointer to the task_smack.
      task_cred_xxx() could be used only for non-pointer members of task's
      credentials. It cannot be used for pointer members since what they point
      to may disapper after dropping RCU read lock.
      
      Mainly task_security() used this way:
      	smk_of_task(task_security(p))
      
      Intead of this introduce function smk_of_task_struct() which
      takes task_struct as argument and returns pointer to smk_known struct
      and do this under RCU read lock.
      Bogus task_security() macro is not used anymore, so remove it.
      
      KASan's report for this:
      
      	AddressSanitizer: use after free in smack_task_to_inode+0x50/0x70 at addr c4635600
      	=============================================================================
      	BUG kmalloc-64 (Tainted: PO): kasan error
      	-----------------------------------------------------------------------------
      
      	Disabling lock debugging due to kernel taint
      	INFO: Allocated in new_task_smack+0x44/0xd8 age=39 cpu=0 pid=1866
      		kmem_cache_alloc_trace+0x88/0x1bc
      		new_task_smack+0x44/0xd8
      		smack_cred_prepare+0x48/0x21c
      		security_prepare_creds+0x44/0x4c
      		prepare_creds+0xdc/0x110
      		smack_setprocattr+0x104/0x150
      		security_setprocattr+0x4c/0x54
      		proc_pid_attr_write+0x12c/0x194
      		vfs_write+0x1b0/0x370
      		SyS_write+0x5c/0x94
      		ret_fast_syscall+0x0/0x48
      	INFO: Freed in smack_cred_free+0xc4/0xd0 age=27 cpu=0 pid=1564
      		kfree+0x270/0x290
      		smack_cred_free+0xc4/0xd0
      		security_cred_free+0x34/0x3c
      		put_cred_rcu+0x58/0xcc
      		rcu_process_callbacks+0x738/0x998
      		__do_softirq+0x264/0x4cc
      		do_softirq+0x94/0xf4
      		irq_exit+0xbc/0x120
      		handle_IRQ+0x104/0x134
      		gic_handle_irq+0x70/0xac
      		__irq_svc+0x44/0x78
      		_raw_spin_unlock+0x18/0x48
      		sync_inodes_sb+0x17c/0x1d8
      		sync_filesystem+0xac/0xfc
      		vdfs_file_fsync+0x90/0xc0
      		vfs_fsync_range+0x74/0x7c
      	INFO: Slab 0xd3b23f50 objects=32 used=31 fp=0xc4635600 flags=0x4080
      	INFO: Object 0xc4635600 @offset=5632 fp=0x  (null)
      
      	Bytes b4 c46355f0: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a  ZZZZZZZZZZZZZZZZ
      	Object c4635600: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
      	Object c4635610: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
      	Object c4635620: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
      	Object c4635630: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b a5  kkkkkkkkkkkkkkk.
      	Redzone c4635640: bb bb bb bb                                      ....
      	Padding c46356e8: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a  ZZZZZZZZZZZZZZZZ
      	Padding c46356f8: 5a 5a 5a 5a 5a 5a 5a 5a                          ZZZZZZZZ
      	CPU: 5 PID: 834 Comm: launchpad_prelo Tainted: PBO 3.10.30 #1
      	Backtrace:
      	[<c00233a4>] (dump_backtrace+0x0/0x158) from [<c0023dec>] (show_stack+0x20/0x24)
      	 r7:c4634010 r6:d3b23f50 r5:c4635600 r4:d1002140
      	[<c0023dcc>] (show_stack+0x0/0x24) from [<c06d6d7c>] (dump_stack+0x20/0x28)
      	[<c06d6d5c>] (dump_stack+0x0/0x28) from [<c01c1d50>] (print_trailer+0x124/0x144)
      	[<c01c1c2c>] (print_trailer+0x0/0x144) from [<c01c1e88>] (object_err+0x3c/0x44)
      	 r7:c4635600 r6:d1002140 r5:d3b23f50 r4:c4635600
      	[<c01c1e4c>] (object_err+0x0/0x44) from [<c01cac18>] (kasan_report_error+0x2b8/0x538)
      	 r6:d1002140 r5:d3b23f50 r4:c6429cf8 r3:c09e1aa7
      	[<c01ca960>] (kasan_report_error+0x0/0x538) from [<c01c9430>] (__asan_load4+0xd4/0xf8)
      	[<c01c935c>] (__asan_load4+0x0/0xf8) from [<c031e168>] (smack_task_to_inode+0x50/0x70)
      	 r5:c4635600 r4:ca9da000
      	[<c031e118>] (smack_task_to_inode+0x0/0x70) from [<c031af64>] (security_task_to_inode+0x3c/0x44)
      	 r5:cca25e80 r4:c0ba9780
      	[<c031af28>] (security_task_to_inode+0x0/0x44) from [<c023d614>] (pid_revalidate+0x124/0x178)
      	 r6:00000000 r5:cca25e80 r4:cbabe3c0 r3:00008124
      	[<c023d4f0>] (pid_revalidate+0x0/0x178) from [<c01db98c>] (lookup_fast+0x35c/0x43y4)
      	 r9:c6429efc r8:00000101 r7:c079d940 r6:c6429e90 r5:c6429ed8 r4:c83c4148
      	[<c01db630>] (lookup_fast+0x0/0x434) from [<c01deec8>] (do_last.isra.24+0x1c0/0x1108)
      	[<c01ded08>] (do_last.isra.24+0x0/0x1108) from [<c01dff04>] (path_openat.isra.25+0xf4/0x648)
      	[<c01dfe10>] (path_openat.isra.25+0x0/0x648) from [<c01e1458>] (do_filp_open+0x3c/0x88)
      	[<c01e141c>] (do_filp_open+0x0/0x88) from [<c01ccb28>] (do_sys_open+0xf0/0x198)
      	 r7:00000001 r6:c0ea2180 r5:0000000b r4:00000000
      	[<c01cca38>] (do_sys_open+0x0/0x198) from [<c01ccc00>] (SyS_open+0x30/0x34)
      	[<c01ccbd0>] (SyS_open+0x0/0x34) from [<c001db80>] (ret_fast_syscall+0x0/0x48)
      	Read of size 4 by thread T834:
      	Memory state around the buggy address:
      	 c4635380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
      	 c4635400: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
      	 c4635480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
      	 c4635500: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
      	 c4635580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
      	>c4635600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
      	           ^
      	 c4635680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
      	 c4635700: 00 00 00 00 04 fc fc fc fc fc fc fc fc fc fc fc
      	 c4635780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
      	 c4635800: 00 00 00 00 00 00 04 fc fc fc fc fc fc fc fc fc
      	 c4635880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
      	==================================================================
      Signed-off-by: default avatarAndrey Ryabinin <a.ryabinin@samsung.com>
      Cc: <stable@vger.kernel.org>
      6d1cff2a
    • Rafal Krypa's avatar
      smack: Add missing logging in bidirectional UDS connect check · 138a868f
      Rafal Krypa authored
      During UDS connection check, both sides are checked for write access to
      the other side. But only the first check is performed with audit support.
      The second one didn't produce any audit logs. This simple patch fixes that.
      Signed-off-by: default avatarRafal Krypa <r.krypa@samsung.com>
      138a868f
    • Casey Schaufler's avatar
      Smack: secmark support for netfilter · 69f287ae
      Casey Schaufler authored
      Smack uses CIPSO to label internet packets and thus provide
      for access control on delivery of packets. The netfilter facility
      was not used to allow for Smack to work properly without netfilter
      configuration. Smack does not need netfilter, however there are
      cases where it would be handy.
      
      As a side effect, the labeling of local IPv4 packets can be optimized
      and the handling of local IPv6 packets is just all out better.
      
      The best part is that the netfilter tools use "contexts" that
      are just strings, and they work just as well for Smack as they
      do for SELinux.
      
      All of the conditional compilation for IPv6 was implemented
      by Rafal Krypa <r.krypa@samsung.com>
      Signed-off-by: default avatarCasey Schaufler <casey@schaufler-ca.com>
      69f287ae
    • Casey Schaufler's avatar
      Smack: Rework file hooks · 5e7270a6
      Casey Schaufler authored
      This is one of those cases where you look at code you did
      years ago and wonder what you might have been thinking.
      There are a number of LSM hooks that work off of file pointers,
      and most of them really want the security data from the inode.
      Some, however, really want the security context that the process
      had when the file was opened. The difference went undetected in
      Smack until it started getting used in a real system with real
      testing. At that point it was clear that something was amiss.
      
      This patch corrects the misuse of the f_security value in several
      of the hooks. The behavior will not usually be any different, as
      the process had to be able to open the file in the first place, and
      the old check almost always succeeded, as will the new, but for
      different reasons.
      
      Thanks to the Samsung Tizen development team that identified this.
      Signed-off-by: default avatarCasey Schaufler <casey@schaufler-ca.com>
      5e7270a6
  8. 20 Jan, 2015 1 commit
  9. 19 Jan, 2015 5 commits
  10. 18 Jan, 2015 1 commit
  11. 17 Jan, 2015 14 commits