* [GIT PULL] lsm/lsm-pr-20240314
@ 2024-03-14 20:31 Paul Moore
2024-03-14 23:05 ` Linus Torvalds
2024-03-14 23:14 ` pr-tracker-bot
0 siblings, 2 replies; 4+ messages in thread
From: Paul Moore @ 2024-03-14 20:31 UTC (permalink / raw
To: Linus Torvalds; +Cc: linux-security-module, linux-kernel
Hi Linus,
Two patches to address issues with the LSM syscalls that we shipped in
Linux v6.8. The first patch might be a bit controversial, but the
second is a rather straightforward fix; more on both below.
The first fix from Casey addresses a problem that should have been
caught during the ~16 month (?) review cycle, but sadly was not. The
good news is that Dmitry caught it very quickly once Linux v6.8 was
released. The core issue is the use of size_t parameters to pass
buffer sizes back and forth in the syscall; while we could have solved
this with a compat syscall definition, given the newness of the syscalls
I wanted to attempt to just redefine the size_t parameters as u32 types
and avoid the work associated with a set of compat syscalls. However,
this is technically a change in the syscall's signature/API so I can
understand if you're opposed to this, even if the syscalls are less
than a week old.
The second fix is a rather trivial fix to allow userspace to call into
the lsm_get_self_attr() syscall with a NULL buffer to quickly determine
a minimum required size for the buffer. We do have kselftests for this
very case, I'm not sure why I didn't notice the failure; I'm going to
guess stupidity, tired eyes, I dunno. My apologies we didn't catch
this earlier.
I would like if you could merge these patches, I believe fixing the
syscall signature problem now poses very little risk and will help us
avoid the management overhead of compat syscall variants in the future.
However, I'll understand if you're opposed, just let me know and I'll
get you a compat version of this pull request as soon as we can get
something written/tested/verfified.
Thanks,
-Paul
--
The following changes since commit b0546776ad3f332e215cebc0b063ba4351971cca:
Merge tag 'printk-for-6.9' of
git://git.kernel.org/pub/scm/linux/kernel/git/printk/linux
(2024-03-12 20:54:50 -0700)
are available in the Git repository at:
https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm.git
tags/lsm-pr-20240314
for you to fetch changes up to eaf0e7a3d2711018789e9fdb89191d19aa139c47:
lsm: handle the NULL buffer case in lsm_fill_user_ctx()
(2024-03-14 11:31:26 -0400)
----------------------------------------------------------------
lsm/stable-6.9 PR 20240314
----------------------------------------------------------------
Casey Schaufler (1):
lsm: use 32-bit compatible data types in LSM syscalls
Paul Moore (1):
lsm: handle the NULL buffer case in lsm_fill_user_ctx()
include/linux/lsm_hook_defs.h | 4 ++--
include/linux/security.h | 8 ++++----
include/linux/syscalls.h | 6 +++---
security/apparmor/lsm.c | 4 ++--
security/lsm_syscalls.c | 10 +++++-----
security/security.c | 20 +++++++++++-----
security/selinux/hooks.c | 4 ++--
security/smack/smack_lsm.c | 4 ++--
tools/testing/selftests/lsm/common.h | 6 +++---
tools/testing/selftests/lsm/lsm_get_self_attr_test.c | 10 +++++-----
tools/testing/selftests/lsm/lsm_list_modules_test.c | 8 ++++----
tools/testing/selftests/lsm/lsm_set_self_attr_test.c | 6 +++---
12 files changed, 48 insertions(+), 42 deletions(-)
--
paul-moore.com
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [GIT PULL] lsm/lsm-pr-20240314
2024-03-14 20:31 [GIT PULL] lsm/lsm-pr-20240314 Paul Moore
@ 2024-03-14 23:05 ` Linus Torvalds
2024-03-14 23:17 ` Paul Moore
2024-03-14 23:14 ` pr-tracker-bot
1 sibling, 1 reply; 4+ messages in thread
From: Linus Torvalds @ 2024-03-14 23:05 UTC (permalink / raw
To: Paul Moore; +Cc: linux-security-module, linux-kernel
On Thu, 14 Mar 2024 at 13:31, Paul Moore <paul@paul-moore.com> wrote:
>
> I would like if you could merge these patches, I believe fixing the
> syscall signature problem now poses very little risk and will help us
> avoid the management overhead of compat syscall variants in the future.
> However, I'll understand if you're opposed, just let me know and I'll
> get you a compat version of this pull request as soon as we can get
> something written/tested/verfified.
No, attempting to just fix it after-the-fact in the hopes that nobody
actually uses the new system call yet sounds like the right thing to
do.
6.8 has been out for just days, and I see it's marked for stable, so
hopefully nobody ever even sees the mistake. I can't imagine that the
new system call is that eagerly used.
Famous last wods.
Linus
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [GIT PULL] lsm/lsm-pr-20240314
2024-03-14 20:31 [GIT PULL] lsm/lsm-pr-20240314 Paul Moore
2024-03-14 23:05 ` Linus Torvalds
@ 2024-03-14 23:14 ` pr-tracker-bot
1 sibling, 0 replies; 4+ messages in thread
From: pr-tracker-bot @ 2024-03-14 23:14 UTC (permalink / raw
To: Paul Moore; +Cc: Linus Torvalds, linux-security-module, linux-kernel
The pull request you sent on Thu, 14 Mar 2024 16:31:05 -0400:
> https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm.git tags/lsm-pr-20240314
has been merged into torvalds/linux.git:
https://git.kernel.org/torvalds/c/c0a614e82ece41d15b7a66f43ee79f4dbdbc925a
Thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/prtracker.html
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [GIT PULL] lsm/lsm-pr-20240314
2024-03-14 23:05 ` Linus Torvalds
@ 2024-03-14 23:17 ` Paul Moore
0 siblings, 0 replies; 4+ messages in thread
From: Paul Moore @ 2024-03-14 23:17 UTC (permalink / raw
To: Linus Torvalds; +Cc: linux-security-module, linux-kernel
On Thu, Mar 14, 2024 at 7:05 PM Linus Torvalds
<torvalds@linux-foundation.org> wrote:
> On Thu, 14 Mar 2024 at 13:31, Paul Moore <paul@paul-moore.com> wrote:
> >
> > I would like if you could merge these patches, I believe fixing the
> > syscall signature problem now poses very little risk and will help us
> > avoid the management overhead of compat syscall variants in the future.
> > However, I'll understand if you're opposed, just let me know and I'll
> > get you a compat version of this pull request as soon as we can get
> > something written/tested/verfified.
>
> No, attempting to just fix it after-the-fact in the hopes that nobody
> actually uses the new system call yet sounds like the right thing to
> do.
>
> 6.8 has been out for just days, and I see it's marked for stable, so
> hopefully nobody ever even sees the mistake. I can't imagine that the
> new system call is that eagerly used.
Thanks, that was our thought too.
> Famous last wods.
>
> Linus
--
paul-moore.com
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2024-03-14 23:17 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-03-14 20:31 [GIT PULL] lsm/lsm-pr-20240314 Paul Moore
2024-03-14 23:05 ` Linus Torvalds
2024-03-14 23:17 ` Paul Moore
2024-03-14 23:14 ` pr-tracker-bot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).