1. 28 Feb, 2022 1 commit
    • Wan Jiabing's avatar
      docs: fix 'make htmldocs' warning in SCTP.rst · 70868c6b
      Wan Jiabing authored
      Fix following 'make htmldocs' warnings:
      ./Documentation/security/SCTP.rst:123: WARNING: Title underline too short.
      security_sctp_assoc_established()
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      ./Documentation/security/SCTP.rst:123: WARNING: Title underline too short.
      security_sctp_assoc_established()
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      ./Documentation/security/SCTP.rst:273: WARNING: Title underline too short.
      security_sctp_assoc_established()
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      ./Documentation/security/SCTP.rst:273: WARNING: Title underline too short.
      security_sctp_assoc_established()
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Fixes: 5e50f5d4 ("security: add sctp_assoc_established hook")
      Signed-off-by: default avatarWan Jiabing <wanjiabing@vivo.com>
      Reviewed-by: default avatarXin Long <lucien.xin@gmail.com>
      Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
      70868c6b
  2. 25 Feb, 2022 1 commit
  3. 18 Feb, 2022 2 commits
  4. 15 Feb, 2022 2 commits
    • Ondrej Mosnacek's avatar
      security: implement sctp_assoc_established hook in selinux · 3eb8eaf2
      Ondrej Mosnacek authored
      Do this by extracting the peer labeling per-association logic from
      selinux_sctp_assoc_request() into a new helper
      selinux_sctp_process_new_assoc() and use this helper in both
      selinux_sctp_assoc_request() and selinux_sctp_assoc_established(). This
      ensures that the peer labeling behavior as documented in
      Documentation/security/SCTP.rst is applied both on the client and server
      side:
      """
      An SCTP socket will only have one peer label assigned to it. This will be
      assigned during the establishment of the first association. Any further
      associations on this socket will have their packet peer label compared to
      the sockets peer label, and only if they are different will the
      ``association`` permission be validated. This is validated by checking the
      socket peer sid against the received packets peer sid to determine whether
      the association should be allowed or denied.
      """
      
      At the same time, it also ensures that the peer label of the association
      is set to the correct value, such that if it is peeled off into a new
      socket, the socket's peer label  will then be set to the association's
      peer label, same as it already works on the server side.
      
      While selinux_inet_conn_established() (which we are replacing by
      selinux_sctp_assoc_established() for SCTP) only deals with assigning a
      peer label to the connection (socket), in case of SCTP we need to also
      copy the (local) socket label to the association, so that
      selinux_sctp_sk_clone() can then pick it up for the new socket in case
      of SCTP peeloff.
      
      Careful readers will notice that the selinux_sctp_process_new_assoc()
      helper also includes the "IPv4 packet received over an IPv6 socket"
      check, even though it hadn't been in selinux_sctp_assoc_request()
      before. While such check is not necessary in
      selinux_inet_conn_request() (because struct request_sock's family field
      is already set according to the skb's family), here it is needed, as we
      don't have request_sock and we take the initial family from the socket.
      In selinux_sctp_assoc_established() it is similarly needed as well (and
      also selinux_inet_conn_established() already has it).
      
      Fixes: 72e89f50 ("security: Add support for SCTP security hooks")
      Reported-by: default avatarPrashanth Prahlad <pprahlad@redhat.com>
      Based-on-patch-by: default avatarXin Long <lucien.xin@gmail.com>
      Reviewed-by: default avatarXin Long <lucien.xin@gmail.com>
      Tested-by: default avatarRichard Haines <richard_c_haines@btinternet.com>
      Signed-off-by: default avatarOndrej Mosnacek <omosnace@redhat.com>
      Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
      3eb8eaf2
    • Ondrej Mosnacek's avatar
      security: add sctp_assoc_established hook · 5e50f5d4
      Ondrej Mosnacek authored
      security_sctp_assoc_established() is added to replace
      security_inet_conn_established() called in
      sctp_sf_do_5_1E_ca(), so that asoc can be accessed in security
      subsystem and save the peer secid to asoc->peer_secid.
      
      Fixes: 72e89f50 ("security: Add support for SCTP security hooks")
      Reported-by: default avatarPrashanth Prahlad <pprahlad@redhat.com>
      Based-on-patch-by: default avatarXin Long <lucien.xin@gmail.com>
      Reviewed-by: default avatarXin Long <lucien.xin@gmail.com>
      Tested-by: default avatarRichard Haines <richard_c_haines@btinternet.com>
      Signed-off-by: default avatarOndrej Mosnacek <omosnace@redhat.com>
      Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
      5e50f5d4
  5. 04 Feb, 2022 1 commit
    • Ondrej Mosnacek's avatar
      selinux: parse contexts for mount options early · 70f4169a
      Ondrej Mosnacek authored
      Commit b8b87fd9 ("selinux: Fix selinux_sb_mnt_opts_compat()")
      started to parse mount options into SIDs in selinux_add_opt() if policy
      has already been loaded. Since it's extremely unlikely that anyone would
      depend on the ability to set SELinux contexts on fs_context before
      loading the policy and then mounting that context after simplify the
      logic by always parsing the options early.
      
      Note that the multi-step mounting is only possible with the new
      fscontext mount API and wasn't possible before its introduction.
      Signed-off-by: default avatarOndrej Mosnacek <omosnace@redhat.com>
      Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
      70f4169a
  6. 02 Feb, 2022 1 commit
  7. 01 Feb, 2022 2 commits
  8. 28 Jan, 2022 1 commit
    • Casey Schaufler's avatar
      LSM: general protection fault in legacy_parse_param · ecff3057
      Casey Schaufler authored
      The usual LSM hook "bail on fail" scheme doesn't work for cases where
      a security module may return an error code indicating that it does not
      recognize an input.  In this particular case Smack sees a mount option
      that it recognizes, and returns 0. A call to a BPF hook follows, which
      returns -ENOPARAM, which confuses the caller because Smack has processed
      its data.
      
      The SELinux hook incorrectly returns 1 on success. There was a time
      when this was correct, however the current expectation is that it
      return 0 on success. This is repaired.
      
      Reported-by: syzbot+d1e3b1d92d25abf97943@syzkaller.appspotmail.com
      Signed-off-by: default avatarCasey Schaufler <casey@schaufler-ca.com>
      Acked-by: default avatarJames Morris <jamorris@linux.microsoft.com>
      Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
      ecff3057
  9. 27 Jan, 2022 1 commit
    • Paul Moore's avatar
      selinux: fix a type cast problem in cred_init_security() · cdeea454
      Paul Moore authored
      In the process of removing an explicit type cast to preserve a cred
      const qualifier in cred_init_security() we ran into a problem where
      the task_struct::real_cred field is defined with the "__rcu"
      attribute but the selinux_cred() function parameter is not, leading
      to a sparse warning:
      
        security/selinux/hooks.c:216:36: sparse: sparse:
          incorrect type in argument 1 (different address spaces)
          @@     expected struct cred const *cred
          @@     got struct cred const [noderef] __rcu *real_cred
      
      As we don't want to add the "__rcu" attribute to the selinux_cred()
      parameter, we're going to add an explicit cast back to
      cred_init_security().
      
      Fixes: b084e189 ("selinux: simplify cred_init_security")
      Reported-by: default avatarkernel test robot <lkp@intel.com>
      Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
      cdeea454
  10. 26 Jan, 2022 9 commits
  11. 25 Jan, 2022 1 commit
  12. 23 Jan, 2022 6 commits
    • Linus Torvalds's avatar
      Linux 5.17-rc1 · e783362e
      Linus Torvalds authored
      e783362e
    • Linus Torvalds's avatar
      Merge tag 'perf-tools-for-v5.17-2022-01-22' of... · 40c84321
      Linus Torvalds authored
      Merge tag 'perf-tools-for-v5.17-2022-01-22' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux
      
      Pull more perf tools updates from Arnaldo Carvalho de Melo:
      
       - Fix printing 'phys_addr' in 'perf script'.
      
       - Fix failure to add events with 'perf probe' in ppc64 due to not
         removing leading dot (ppc64 ABIv1).
      
       - Fix cpu_map__item() python binding building.
      
       - Support event alias in form foo-bar-baz, add pmu-events and
         parse-event tests for it.
      
       - No need to setup affinities when starting a workload or attaching to
         a pid.
      
       - Use path__join() to compose a path instead of ad-hoc snprintf()
         equivalent.
      
       - Override attr->sample_period for non-libpfm4 events.
      
       - Use libperf cpumap APIs instead of accessing the internal state
         directly.
      
       - Sync x86 arch prctl headers and files changed by the new
         set_mempolicy_home_node syscall with the kernel sources.
      
       - Remove duplicate include in cpumap.h.
      
       - Remove redundant err variable.
      
      * tag 'perf-tools-for-v5.17-2022-01-22' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux:
        perf tools: Remove redundant err variable
        perf test: Add parse-events test for aliases with hyphens
        perf test: Add pmu-events test for aliases with hyphens
        perf parse-events: Support event alias in form foo-bar-baz
        perf evsel: Override attr->sample_period for non-libpfm4 events
        perf cpumap: Remove duplicate include in cpumap.h
        perf cpumap: Migrate to libperf cpumap api
        perf python: Fix cpu_map__item() building
        perf script: Fix printing 'phys_addr' failure issue
        tools headers UAPI: Sync files changed by new set_mempolicy_home_node syscall
        tools headers UAPI: Sync x86 arch prctl headers with the kernel sources
        perf machine: Use path__join() to compose a path instead of snprintf(dir, '/', filename)
        perf evlist: No need to setup affinities when disabling events for pid targets
        perf evlist: No need to setup affinities when enabling events for pid targets
        perf stat: No need to setup affinities when starting a workload
        perf affinity: Allow passing a NULL arg to affinity__cleanup()
        perf probe: Fix ppc64 'perf probe add events failed' case
      40c84321
    • Linus Torvalds's avatar
      Merge tag 'trace-v5.17-3' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace · 67bfce0e
      Linus Torvalds authored
      Pull ftrace fix from Steven Rostedt:
       "Fix s390 breakage from sorting mcount tables.
      
        The latest merge of the tracing tree sorts the mcount table at build
        time. But s390 appears to do things differently (like always) and
        replaces the sorted table back to the original unsorted one. As the
        ftrace algorithm depends on it being sorted, bad things happen when it
        is not, and s390 experienced those bad things.
      
        Add a new config to tell the boot if the mcount table is sorted or
        not, and allow s390 to opt out of it"
      
      * tag 'trace-v5.17-3' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
        ftrace: Fix assuming build time sort works for s390
      67bfce0e
    • Steven Rostedt (Google)'s avatar
      ftrace: Fix assuming build time sort works for s390 · 6b9b6413
      Steven Rostedt (Google) authored
      To speed up the boot process, as mcount_loc needs to be sorted for ftrace
      to work properly, sorting it at build time is more efficient than boot up
      and can save milliseconds of time. Unfortunately, this change broke s390
      as it will modify the mcount_loc location after the sorting takes place
      and will put back the unsorted locations. Since the sorting is skipped at
      boot up if it is believed that it was sorted at run time, ftrace can crash
      as its algorithms are dependent on the list being sorted.
      
      Add a new config BUILDTIME_MCOUNT_SORT that is set when
      BUILDTIME_TABLE_SORT but not if S390 is set. Use this config to determine
      if sorting should take place at boot up.
      
      Link: https://lore.kernel.org/all/yt9dee51ctfn.fsf@linux.ibm.com/
      
      Fixes: 72b3942a ("scripts: ftrace - move the sort-processing in ftrace_init")
      Reported-by: default avatarSven Schnelle <svens@linux.ibm.com>
      Tested-by: default avatarHeiko Carstens <hca@linux.ibm.com>
      Signed-off-by: default avatarSteven Rostedt (Google) <rostedt@goodmis.org>
      6b9b6413
    • Linus Torvalds's avatar
      Merge tag 'kbuild-fixes-v5.17' of... · 473aec0e
      Linus Torvalds authored
      Merge tag 'kbuild-fixes-v5.17' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
      
      Pull Kbuild fixes from Masahiro Yamada:
      
       - Bring include/uapi/linux/nfc.h into the UAPI compile-test coverage
      
       - Revert the workaround of CONFIG_CC_IMPLICIT_FALLTHROUGH
      
       - Fix build errors in certs/Makefile
      
      * tag 'kbuild-fixes-v5.17' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild:
        certs: Fix build error when CONFIG_MODULE_SIG_KEY is empty
        certs: Fix build error when CONFIG_MODULE_SIG_KEY is PKCS#11 URI
        Revert "Makefile: Do not quote value for CONFIG_CC_IMPLICIT_FALLTHROUGH"
        usr/include/Makefile: add linux/nfc.h to the compile-test coverage
      473aec0e
    • Linus Torvalds's avatar
      Merge tag 'bitmap-5.17-rc1' of git://github.com/norov/linux · 3689f9f8
      Linus Torvalds authored
      Pull bitmap updates from Yury Norov:
      
       - introduce for_each_set_bitrange()
      
       - use find_first_*_bit() instead of find_next_*_bit() where possible
      
       - unify for_each_bit() macros
      
      * tag 'bitmap-5.17-rc1' of git://github.com/norov/linux:
        vsprintf: rework bitmap_list_string
        lib: bitmap: add performance test for bitmap_print_to_pagebuf
        bitmap: unify find_bit operations
        mm/percpu: micro-optimize pcpu_is_populated()
        Replace for_each_*_bit_from() with for_each_*_bit() where appropriate
        find: micro-optimize for_each_{set,clear}_bit()
        include/linux: move for_each_bit() macros from bitops.h to find.h
        cpumask: replace cpumask_next_* with cpumask_first_* where appropriate
        tools: sync tools/bitmap with mother linux
        all: replace find_next{,_zero}_bit with find_first{,_zero}_bit where appropriate
        cpumask: use find_first_and_bit()
        lib: add find_first_and_bit()
        arch: remove GENERIC_FIND_FIRST_BIT entirely
        include: move find.h from asm_generic to linux
        bitops: move find_bit_*_le functions from le.h to find.h
        bitops: protect find_first_{,zero}_bit properly
      3689f9f8
  13. 22 Jan, 2022 12 commits