From: Paul Moore <paul@paul-moore.com>
To: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Cc: syzbot <syzbot+00a3779539a23cbee38c@syzkaller.appspotmail.com>,
syzkaller-bugs@googlegroups.com,
Roberto Sassu <roberto.sassu@huawei.com>,
Mimi Zohar <zohar@linux.ibm.com>,
Casey Schaufler <casey@schaufler-ca.com>,
reiserfs-devel@vger.kernel.org, glider@google.com,
linux-fsdevel@vger.kernel.org,
linux-security-module@vger.kernel.org
Subject: Re: [PATCH] reiserfs: Initialize sec->length in reiserfs_security_init().
Date: Thu, 25 May 2023 17:49:28 -0400 [thread overview]
Message-ID: <CAHC9VhSGwM9VXshWwopr3d2epVksFNZUbS-mQyFOg9bVBOC1aA@mail.gmail.com> (raw)
In-Reply-To: <CAHC9VhSEd5BK=ROaN7wMB4WtGMZ=vXz7gQk=xjjn1-mbp_RWSQ@mail.gmail.com>
On Sat, May 20, 2023 at 3:47 PM Paul Moore <paul@paul-moore.com> wrote:
> On Thu, May 11, 2023 at 10:49 AM Tetsuo Handa
> <penguin-kernel@i-love.sakura.ne.jp> wrote:
> >
> > syzbot is reporting that sec->length is not initialized.
> >
> > Since security_inode_init_security() returns 0 when initxattrs is provided
> > but call_int_hook(inode_init_security) returned -EOPNOTSUPP, control will
> > reach to "if (sec->length && ...) {" without initializing sec->length.
> >
> > Reported-by: syzbot <syzbot+00a3779539a23cbee38c@syzkaller.appspotmail.com>
> > Closes: https://syzkaller.appspot.com/bug?extid=00a3779539a23cbee38c
> > Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
> > Fixes: 52ca4b6435a4 ("reiserfs: Switch to security_inode_init_security()")
> > ---
> > fs/reiserfs/xattr_security.c | 1 +
> > 1 file changed, 1 insertion(+)
>
> Adding the LSM list to the CC line.
I haven't seen any objections, and it looks reasonable to me so I've
gone ahead and merged it into lsm/next. This is arguably
lsm/stable-6.4 material, but I'm going to stick with lsm/next in hopes
that Roberto can resolve the other reiserfs issue and we can push all
the reiser fixes up to Linus in one shot.
The reality is that LSM xattrs have been broken on reiserfs for a long
time and no one has complained, I figure a few more weeks isn't going
to matter that much.
Regardless, thanks for digging into this syzbot failure and sending a patch.
> > diff --git a/fs/reiserfs/xattr_security.c b/fs/reiserfs/xattr_security.c
> > index 6e0a099dd788..078dd8cc312f 100644
> > --- a/fs/reiserfs/xattr_security.c
> > +++ b/fs/reiserfs/xattr_security.c
> > @@ -67,6 +67,7 @@ int reiserfs_security_init(struct inode *dir, struct inode *inode,
> >
> > sec->name = NULL;
> > sec->value = NULL;
> > + sec->length = 0;
> >
> > /* Don't add selinux attributes on xattrs - they'll never get used */
> > if (IS_PRIVATE(dir))
> > --
> > 2.18.4
--
paul-moore.com
prev parent reply other threads:[~2023-05-25 21:49 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-10 21:49 [syzbot] [reiserfs?] KMSAN: uninit-value in reiserfs_security_init syzbot
2023-05-11 14:48 ` [PATCH] reiserfs: Initialize sec->length in reiserfs_security_init() Tetsuo Handa
2023-05-20 19:47 ` Paul Moore
2023-05-25 21:49 ` Paul Moore [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAHC9VhSGwM9VXshWwopr3d2epVksFNZUbS-mQyFOg9bVBOC1aA@mail.gmail.com \
--to=paul@paul-moore.com \
--cc=casey@schaufler-ca.com \
--cc=glider@google.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=penguin-kernel@i-love.sakura.ne.jp \
--cc=reiserfs-devel@vger.kernel.org \
--cc=roberto.sassu@huawei.com \
--cc=syzbot+00a3779539a23cbee38c@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).