|
 |
ce6a03 |
From 2bb0627a9730d7ff6f3c7c7d09e5318b00d2edf1 Mon Sep 17 00:00:00 2001
|
|
|
ce6a03 |
From: Joe Lawrence <joe.lawrence@redhat.com>
|
|
|
ce6a03 |
Date: Mon, 11 May 2020 16:59:29 -0400
|
|
|
ce6a03 |
Subject: [PATCH v2] netlabel: cope with NULL catmap
|
|
|
ce6a03 |
|
|
|
ce6a03 |
Kernels:
|
|
|
ce6a03 |
4.18.0-193.el8
|
|
|
ce6a03 |
|
|
|
ce6a03 |
Changes since last build:
|
|
|
ce6a03 |
arches: x86_64 ppc64le
|
|
|
ce6a03 |
|
|
|
ce6a03 |
---------------------------
|
|
|
ce6a03 |
|
|
|
ce6a03 |
Modifications:
|
|
|
ce6a03 |
- For minimal kpatch fix, update netlbl_catmap_getlong() to avoid NULL
|
|
|
ce6a03 |
pointetr dereference (suggested by Paolo).
|
|
|
ce6a03 |
- Add kpatch-build avoidance for ppc64le leaf functions (mcount calls
|
|
|
ce6a03 |
not replaced by nops).
|
|
|
ce6a03 |
|
|
|
ce6a03 |
(embargoed patch from rhkernel-team-list)
|
|
|
ce6a03 |
Author: Paolo Abeni <pabeni@redhat.com>
|
|
|
ce6a03 |
Date: Wed May 6 16:36:19 2020 +0200
|
|
|
ce6a03 |
|
|
|
ce6a03 |
netlabel: cope with NULL catmap
|
|
|
ce6a03 |
|
|
|
ce6a03 |
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1827251
|
|
|
ce6a03 |
Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=28403086
|
|
|
ce6a03 |
Tested: vs bz repro
|
|
|
ce6a03 |
CVE: CVE-2020-10711
|
|
|
ce6a03 |
Upstream status: RHEL-only
|
|
|
ce6a03 |
|
|
|
ce6a03 |
The cipso and calipso code can set the MLS_CAT attribute on
|
|
|
ce6a03 |
successful parsing, even if the corresponding catmap has
|
|
|
ce6a03 |
not be allocated, as per current configuration and external
|
|
|
ce6a03 |
input.
|
|
|
ce6a03 |
|
|
|
ce6a03 |
Later, selinux code tries tp access the catmap if the MLS_CAT flag
|
|
|
ce6a03 |
is present via netlbl_catmap_getlong(). That may cause null ptr
|
|
|
ce6a03 |
dereference while processing incoming network traffic.
|
|
|
ce6a03 |
|
|
|
ce6a03 |
Address the issue setting the MLS_CAT flag only if the catmap is
|
|
|
ce6a03 |
really allocated. Additionally let netlbl_catmap_getlong() cope
|
|
|
ce6a03 |
with NULL catmap
|
|
|
ce6a03 |
|
|
|
ce6a03 |
Fixes: 4b8feff251da ("netlabel: fix the horribly broken catmap functions")
|
|
|
ce6a03 |
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
|
|
|
ce6a03 |
|
|
|
ce6a03 |
Signed-off-by: Joe Lawrence <joe.lawrence@redhat.com>
|
|
|
ce6a03 |
---
|
|
|
ce6a03 |
|
|
|
ce6a03 |
Accompanying the kpatch will be a change to update kpatch.spec with a
|
|
|
ce6a03 |
v2-patch filename and .gitignore / sources updates to reflect the new
|
|
|
ce6a03 |
patch name.
|
|
|
ce6a03 |
|
|
|
ce6a03 |
net/netlabel/netlabel_kapi.c | 8 ++++++++
|
|
|
ce6a03 |
1 file changed, 8 insertions(+)
|
|
|
ce6a03 |
|
|
|
ce6a03 |
diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c
|
|
|
ce6a03 |
index ee3e5b6471a6..93807c049a5b 100644
|
|
|
ce6a03 |
--- a/net/netlabel/netlabel_kapi.c
|
|
|
ce6a03 |
+++ b/net/netlabel/netlabel_kapi.c
|
|
|
ce6a03 |
@@ -748,6 +748,14 @@ int netlbl_catmap_getlong(struct netlbl_lsm_catmap *catmap,
|
|
|
ce6a03 |
if ((off & (BITS_PER_LONG - 1)) != 0)
|
|
|
ce6a03 |
return -EINVAL;
|
|
|
ce6a03 |
|
|
|
ce6a03 |
+ /* a null catmap is equivalent to an empty one */
|
|
|
ce6a03 |
+ if (!catmap) {
|
|
|
ce6a03 |
+ if (jiffies == 0)
|
|
|
ce6a03 |
+ pr_debug("workaround for kpatch ppc64le leaf function\n");
|
|
|
ce6a03 |
+ *offset = (u32)-1;
|
|
|
ce6a03 |
+ return 0;
|
|
|
ce6a03 |
+ }
|
|
|
ce6a03 |
+
|
|
|
ce6a03 |
if (off < catmap->startbit) {
|
|
|
ce6a03 |
off = catmap->startbit;
|
|
|
ce6a03 |
*offset = off;
|
|
|
ce6a03 |
--
|
|
|
ce6a03 |
2.21.3
|
|
|
ce6a03 |
|