tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'lsm-pr-20240923' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm

Pull LSM fixes from Paul Moore:

- Add a missing security_mmap_file() check to the remap_file_pages()
syscall

- Properly reference the SELinux and Smack LSM blobs in the
security_watch_key() LSM hook

- Fix a random IPE selftest crash caused by a missing list terminator
in the test

* tag 'lsm-pr-20240923' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm:
ipe: Add missing terminator to list of unit tests
selinux,smack: properly reference the LSM blob in security_watch_key()
mm: call the security_mmap_file() LSM hook in remap_file_pages()

Linus Torvalds 5c36498d abf2050f

+9 -11
+4
mm/mmap.c
··· 1689 1689 flags |= MAP_LOCKED; 1690 1690 1691 1691 file = get_file(vma->vm_file); 1692 + ret = security_mmap_file(vma->vm_file, prot, flags); 1693 + if (ret) 1694 + goto out_fput; 1692 1695 ret = do_mmap(vma->vm_file, start, size, 1693 1696 prot, flags, 0, pgoff, &populate, NULL); 1697 + out_fput: 1694 1698 fput(file); 1695 1699 out: 1696 1700 mmap_write_unlock(mm);
+1
security/ipe/policy_tests.c
··· 286 286 static struct kunit_case ipe_parser_test_cases[] = { 287 287 KUNIT_CASE_PARAM(ipe_parser_unsigned_test, ipe_policies_gen_params), 288 288 KUNIT_CASE(ipe_parser_widestring_test), 289 + { } 289 290 }; 290 291 291 292 static struct kunit_suite ipe_parser_test_suite = {
+1 -1
security/selinux/hooks.c
··· 6735 6735 #ifdef CONFIG_KEY_NOTIFICATIONS 6736 6736 static int selinux_watch_key(struct key *key) 6737 6737 { 6738 - struct key_security_struct *ksec = key->security; 6738 + struct key_security_struct *ksec = selinux_key(key); 6739 6739 u32 sid = current_sid(); 6740 6740 6741 6741 return avc_has_perm(sid, ksec->sid, SECCLASS_KEY, KEY__VIEW, NULL);
+3 -10
security/smack/smack_lsm.c
··· 4629 4629 { 4630 4630 struct smk_audit_info ad; 4631 4631 struct smack_known *tkp = smk_of_current(); 4632 + struct smack_known **blob = smack_key(key); 4632 4633 int rc; 4633 4634 4634 - if (key == NULL) 4635 - return -EINVAL; 4636 - /* 4637 - * If the key hasn't been initialized give it access so that 4638 - * it may do so. 4639 - */ 4640 - if (key->security == NULL) 4641 - return 0; 4642 4635 /* 4643 4636 * This should not occur 4644 4637 */ ··· 4646 4653 ad.a.u.key_struct.key = key->serial; 4647 4654 ad.a.u.key_struct.key_desc = key->description; 4648 4655 #endif 4649 - rc = smk_access(tkp, key->security, MAY_READ, &ad); 4650 - rc = smk_bu_note("key watch", tkp, key->security, MAY_READ, rc); 4656 + rc = smk_access(tkp, *blob, MAY_READ, &ad); 4657 + rc = smk_bu_note("key watch", tkp, *blob, MAY_READ, rc); 4651 4658 return rc; 4652 4659 } 4653 4660 #endif /* CONFIG_KEY_NOTIFICATIONS */