Patch "lsm: handle the NULL buffer case in lsm_fill_user_ctx()" has been added to the 6.8-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Wed, 27 Mar 2024 07:16:25 -0400

This is a note to let you know that I've just added the patch titled

    lsm: handle the NULL buffer case in lsm_fill_user_ctx()

to the 6.8-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     lsm-handle-the-null-buffer-case-in-lsm_fill_user_ctx.patch
and it can be found in the queue-6.8 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 444f77392a1f79026ca17f50c5cc504707daab58
Author: Paul Moore <paul@xxxxxxxxxxxxxx>
Date:   Wed Mar 13 21:37:48 2024 -0400

    lsm: handle the NULL buffer case in lsm_fill_user_ctx()
    
    [ Upstream commit eaf0e7a3d2711018789e9fdb89191d19aa139c47 ]
    
    Passing a NULL buffer into the lsm_get_self_attr() syscall is a valid
    way to quickly determine the minimum size of the buffer needed to for
    the syscall to return all of the LSM attributes to the caller.
    Unfortunately we/I broke that behavior in commit d7cf3412a9f6
    ("lsm: consolidate buffer size handling into lsm_fill_user_ctx()")
    such that it returned an error to the caller; this patch restores the
    original desired behavior of using the NULL buffer as a quick way to
    correctly size the attribute buffer.
    
    Cc: stable@xxxxxxxxxxxxxxx
    Fixes: d7cf3412a9f6 ("lsm: consolidate buffer size handling into lsm_fill_user_ctx()")
    Signed-off-by: Paul Moore <paul@xxxxxxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/security/security.c b/security/security.c
index fb7505c734853..a344b8fa5530d 100644
--- a/security/security.c
+++ b/security/security.c
@@ -780,7 +780,9 @@ static int lsm_superblock_alloc(struct super_block *sb)
  * @id: LSM id
  * @flags: LSM defined flags
  *
- * Fill all of the fields in a userspace lsm_ctx structure.
+ * Fill all of the fields in a userspace lsm_ctx structure.  If @uctx is NULL
+ * simply calculate the required size to output via @utc_len and return
+ * success.
  *
  * Returns 0 on success, -E2BIG if userspace buffer is not large enough,
  * -EFAULT on a copyout error, -ENOMEM if memory can't be allocated.
@@ -799,6 +801,10 @@ int lsm_fill_user_ctx(struct lsm_ctx __user *uctx, u32 *uctx_len,
 		goto out;
 	}
 
+	/* no buffer - return success/0 and set @uctx_len to the req size */
+	if (!uctx)
+		goto out;
+
 	nctx = kzalloc(nctx_len, GFP_KERNEL);
 	if (nctx == NULL) {
 		rc = -ENOMEM;







