From: Paul Moore <paul@paul-moore.com>
To: Roberto Sassu <roberto.sassu@huaweicloud.com>
Cc: zohar@linux.ibm.com, dmitry.kasatkin@gmail.com,
jmorris@namei.org, serge@hallyn.com,
stephen.smalley.work@gmail.com, eparis@parisplace.org,
casey@schaufler-ca.com, linux-integrity@vger.kernel.org,
linux-security-module@vger.kernel.org, selinux@vger.kernel.org,
reiserfs-devel@vger.kernel.org, linux-kernel@vger.kernel.org,
keescook@chromium.org, nicolas.bouchinet@clip-os.org,
Roberto Sassu <roberto.sassu@huawei.com>,
stable@vger.kernel.org, Jeff Mahoney <jeffm@suse.com>,
Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Subject: Re: [PATCH v4 1/5] reiserfs: Add missing calls to reiserfs_security_free()
Date: Tue, 22 Nov 2022 17:47:31 -0500 [thread overview]
Message-ID: <CAHC9VhRBc_XeeCki3zqP40tpO-z2xja=yyMadr9_yLhGcgU3Vg@mail.gmail.com> (raw)
In-Reply-To: <aa51b845dca6021282b5b2ae260020a3a5cfb5c6.camel@huaweicloud.com>
On Tue, Nov 22, 2022 at 3:12 AM Roberto Sassu
<roberto.sassu@huaweicloud.com> wrote:
> On Mon, 2022-11-21 at 18:41 -0500, Paul Moore wrote:
> > On Thu, Nov 10, 2022 at 4:47 AM Roberto Sassu
> > <roberto.sassu@huaweicloud.com> wrote:
> > > From: Roberto Sassu <roberto.sassu@huawei.com>
> > >
> > > Commit 57fe60df6241 ("reiserfs: add atomic addition of selinux attributes
> > > during inode creation") defined reiserfs_security_free() to free the name
> > > and value of a security xattr allocated by the active LSM through
> > > security_old_inode_init_security(). However, this function is not called
> > > in the reiserfs code.
> > >
> > > Thus, add a call to reiserfs_security_free() whenever
> > > reiserfs_security_init() is called, and initialize value to NULL, to avoid
> > > to call kfree() on an uninitialized pointer.
> > >
> > > Finally, remove the kfree() for the xattr name, as it is not allocated
> > > anymore.
> > >
> > > Fixes: 57fe60df6241 ("reiserfs: add atomic addition of selinux attributes during inode creation")
> > > Cc: stable@vger.kernel.org
> > > Cc: Jeff Mahoney <jeffm@suse.com>
> > > Cc: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
> > > Reported-by: Mimi Zohar <zohar@linux.ibm.com>
> > > Reported-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
> > > Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
> > > ---
> > > fs/reiserfs/namei.c | 4 ++++
> > > fs/reiserfs/xattr_security.c | 2 +-
> > > 2 files changed, 5 insertions(+), 1 deletion(-)
> >
> > If I'm understanding this patch correctly, this is a standalone
> > bugfix, right? Any reason this shouldn't be merged now, independent
> > of the rest of patches in this patchset?
>
> Yes. It would be fine for me to pick this sooner.
Okay, as it's been almost two weeks with no comments from the reiserfs
folks and this looks okay to me I'm going to go ahead and pull this
into the lsm/next branch as it's at least "LSM adjacent" :) As it is
lsm/next and not lsm/stable-6.1, this should give the reiserfs folks
another couple of weeks to object if they find this to be problematic.
Thanks all.
--
paul-moore.com
next prev parent reply other threads:[~2022-11-22 22:47 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-10 9:46 [PATCH v4 0/5] evm: Prepare for moving to the LSM infrastructure Roberto Sassu
2022-11-10 9:46 ` [PATCH v4 1/5] reiserfs: Add missing calls to reiserfs_security_free() Roberto Sassu
2022-11-16 21:03 ` Mimi Zohar
2022-11-21 23:41 ` Paul Moore
2022-11-22 8:11 ` Roberto Sassu
2022-11-22 22:47 ` Paul Moore [this message]
2022-11-10 9:46 ` [PATCH v4 2/5] security: Rewrite security_old_inode_init_security() Roberto Sassu
2022-11-17 13:03 ` Mimi Zohar
2022-11-18 9:04 ` Roberto Sassu
2022-11-21 9:45 ` Roberto Sassu
2022-11-21 20:54 ` Mimi Zohar
2022-11-21 23:55 ` Paul Moore
2022-11-22 8:29 ` Roberto Sassu
2022-11-10 9:46 ` [PATCH v4 3/5] security: Allow all LSMs to provide xattrs for inode_init_security hook Roberto Sassu
2022-11-17 16:05 ` Mimi Zohar
2022-11-17 17:18 ` Casey Schaufler
2022-11-17 17:24 ` Mimi Zohar
2022-11-17 17:40 ` Casey Schaufler
2022-11-17 18:07 ` Mimi Zohar
2022-11-18 9:32 ` Roberto Sassu
2022-11-18 15:33 ` Mimi Zohar
2022-11-18 9:14 ` Roberto Sassu
2022-11-18 15:10 ` Mimi Zohar
2022-11-18 17:31 ` Casey Schaufler
2022-11-21 13:29 ` Roberto Sassu
2022-11-21 20:58 ` Mimi Zohar
2022-11-18 17:15 ` Casey Schaufler
2022-11-10 9:46 ` [PATCH v4 4/5] evm: Align evm_inode_init_security() definition with LSM infrastructure Roberto Sassu
2022-11-17 17:07 ` Mimi Zohar
2022-11-18 9:30 ` Roberto Sassu
2022-11-18 14:45 ` Mimi Zohar
2022-11-18 15:11 ` Mimi Zohar
2022-11-10 9:46 ` [PATCH v4 5/5] evm: Support multiple LSMs providing an xattr Roberto Sassu
2022-11-17 17:09 ` Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAHC9VhRBc_XeeCki3zqP40tpO-z2xja=yyMadr9_yLhGcgU3Vg@mail.gmail.com' \
--to=paul@paul-moore.com \
--cc=casey@schaufler-ca.com \
--cc=dmitry.kasatkin@gmail.com \
--cc=eparis@parisplace.org \
--cc=jeffm@suse.com \
--cc=jmorris@namei.org \
--cc=keescook@chromium.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=nicolas.bouchinet@clip-os.org \
--cc=penguin-kernel@i-love.sakura.ne.jp \
--cc=reiserfs-devel@vger.kernel.org \
--cc=roberto.sassu@huawei.com \
--cc=roberto.sassu@huaweicloud.com \
--cc=selinux@vger.kernel.org \
--cc=serge@hallyn.com \
--cc=stable@vger.kernel.org \
--cc=stephen.smalley.work@gmail.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).