mirror of https://gitee.com/openkylin/linux.git
Minor fixes for v5.14
-----BEGIN PGP SIGNATURE----- iQJLBAABCAA1FiEEC+9tH1YyUwIQzUIeOKUVfIxDyBEFAmDbkQIXHGNhc2V5QHNj aGF1Zmxlci1jYS5jb20ACgkQOKUVfIxDyBHYIQ//R3osf+EHW/kA48sMmQDljX4/ c08+Id0OlnfFAwWJwr0t3CAXuhiczkKJm6kTGg3WDjSESQ/wPouGFW3RF9seECgs iAIlKSEOuTFqf4nexgoJr0OWNQ4YJpXGGThrwybitEtsZ+Vhy5kioRTuAlI87B9Q WB9oPHUOQ2MTNOr4xpAAd1EtVEBSqy3qRIpptVUvQG7uzAFgAlOfq4WGhC8DtD7n beK+NeyA/JQUNMXZ+geI+kWeiVnqhPynB86bVOotHsK4KwelKb92IP1dHyZz+H3l CVDuwdq0/UDNOEmcVeGmEHOX5oKiPoMw/Kc/l2BRU1GEVOjPpWpe4POI4LM1E2DN k1LZmAA6JZ1EucxWPPSA8Zd1gmMQXgRXwLT5cDxgByFJ/ExupIRn9hq5PLtSPpou bFqZCZhnQdG2Ocm2Kyl0I51NVq1JsQb3G4uI/bKfVFLOxJeusOxhik6LU8iOrGIs rIOcZliYe8xEbH6kdrAOD0UGAQTwgFsmGNow24FsxbsvfACtZHTBIQNJtWgASaVL IZVRlVOGY/aOu50YFuOiDe0HwFbIuu0QxemEGc/+oYRvdDc/75eVOElQhTmK0sIa rOkZ9Zjz2E0QEAwiCdgbt9BvVjXJbE5LmGU5RM6ljzJ8gsxoty9qRgiWN86bad4a Os1AhAfO2UiNsu6qXwU= =mDii -----END PGP SIGNATURE----- Merge tag 'Smack-for-5.14' of git://github.com/cschaufler/smack-next Pull smack updates from Casey Schaufler: "There is nothing more significant than an improvement to a byte count check in smackfs. All changes have been in next for weeks" * tag 'Smack-for-5.14' of git://github.com/cschaufler/smack-next: Smack: fix doc warning Revert "Smack: Handle io_uring kernel thread privileges" smackfs: restrict bytes count in smk_set_cipso() security/smack/: fix misspellings using codespell tool
This commit is contained in:
commit
5c874a5b29
|
@ -332,7 +332,7 @@ static void smack_log_callback(struct audit_buffer *ab, void *a)
|
||||||
* @object_label : smack label of the object being accessed
|
* @object_label : smack label of the object being accessed
|
||||||
* @request: requested permissions
|
* @request: requested permissions
|
||||||
* @result: result from smk_access
|
* @result: result from smk_access
|
||||||
* @a: auxiliary audit data
|
* @ad: auxiliary audit data
|
||||||
*
|
*
|
||||||
* Audit the granting or denial of permissions in accordance
|
* Audit the granting or denial of permissions in accordance
|
||||||
* with the policy.
|
* with the policy.
|
||||||
|
@ -396,6 +396,7 @@ struct hlist_head smack_known_hash[SMACK_HASH_SLOTS];
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* smk_insert_entry - insert a smack label into a hash map,
|
* smk_insert_entry - insert a smack label into a hash map,
|
||||||
|
* @skp: smack label
|
||||||
*
|
*
|
||||||
* this function must be called under smack_known_lock
|
* this function must be called under smack_known_lock
|
||||||
*/
|
*/
|
||||||
|
@ -476,8 +477,10 @@ char *smk_parse_smack(const char *string, int len)
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* smk_netlbl_mls - convert a catset to netlabel mls categories
|
* smk_netlbl_mls - convert a catset to netlabel mls categories
|
||||||
|
* @level: MLS sensitivity level
|
||||||
* @catset: the Smack categories
|
* @catset: the Smack categories
|
||||||
* @sap: where to put the netlabel categories
|
* @sap: where to put the netlabel categories
|
||||||
|
* @len: number of bytes for the levels in a CIPSO IP option
|
||||||
*
|
*
|
||||||
* Allocates and fills attr.mls
|
* Allocates and fills attr.mls
|
||||||
* Returns 0 on success, error code on failure.
|
* Returns 0 on success, error code on failure.
|
||||||
|
@ -688,10 +691,9 @@ bool smack_privileged_cred(int cap, const struct cred *cred)
|
||||||
bool smack_privileged(int cap)
|
bool smack_privileged(int cap)
|
||||||
{
|
{
|
||||||
/*
|
/*
|
||||||
* Kernel threads may not have credentials we can use.
|
* All kernel tasks are privileged
|
||||||
* The io_uring kernel threads do have reliable credentials.
|
|
||||||
*/
|
*/
|
||||||
if ((current->flags & (PF_KTHREAD | PF_IO_WORKER)) == PF_KTHREAD)
|
if (unlikely(current->flags & PF_KTHREAD))
|
||||||
return true;
|
return true;
|
||||||
|
|
||||||
return smack_privileged_cred(cap, current_cred());
|
return smack_privileged_cred(cap, current_cred());
|
||||||
|
|
|
@ -380,7 +380,7 @@ static int smk_parse_rule(const char *data, struct smack_parsed_rule *rule,
|
||||||
* @data: string to be parsed, null terminated
|
* @data: string to be parsed, null terminated
|
||||||
* @rule: Will be filled with Smack parsed rule
|
* @rule: Will be filled with Smack parsed rule
|
||||||
* @import: if non-zero, import labels
|
* @import: if non-zero, import labels
|
||||||
* @tokens: numer of substrings expected in data
|
* @tokens: number of substrings expected in data
|
||||||
*
|
*
|
||||||
* Returns number of processed bytes on success, -ERRNO on failure.
|
* Returns number of processed bytes on success, -ERRNO on failure.
|
||||||
*/
|
*/
|
||||||
|
@ -855,6 +855,8 @@ static ssize_t smk_set_cipso(struct file *file, const char __user *buf,
|
||||||
if (format == SMK_FIXED24_FMT &&
|
if (format == SMK_FIXED24_FMT &&
|
||||||
(count < SMK_CIPSOMIN || count > SMK_CIPSOMAX))
|
(count < SMK_CIPSOMIN || count > SMK_CIPSOMAX))
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
if (count > PAGE_SIZE)
|
||||||
|
return -EINVAL;
|
||||||
|
|
||||||
data = memdup_user_nul(buf, count);
|
data = memdup_user_nul(buf, count);
|
||||||
if (IS_ERR(data))
|
if (IS_ERR(data))
|
||||||
|
|
Loading…
Reference in New Issue