On 3/29/2024 4:05 PM, Mimi Zohar wrote:
On Fri, 2024-03-29 at 11:56 +0100, Roberto Sassu wrote:
From: Roberto Sassu roberto.sassu@huawei.com
Commit 08abce60d63fi ("security: Introduce path_post_mknod hook") introduced security_path_post_mknod(), to replace the IMA-specific call to ima_post_path_mknod().
For symmetry with security_path_mknod(), security_path_post_mknod() is called after a successful mknod operation, for any file type, rather than only for regular files at the time there was the IMA call.
However, as reported by VFS maintainers, successful mknod operation does not mean that the dentry always has an inode attached to it (for example, not for FIFOs on a SAMBA mount).
If that condition happens, the kernel crashes when security_path_post_mknod() attempts to verify if the inode associated to the dentry is private.
Add an extra check to first verify if there is an inode attached to the dentry, before checking if the inode is private. Also add the same check to the current users of the path_post_mknod hook, ima_post_path_mknod() and evm_post_path_mknod().
Finally, use the proper helper, d_backing_inode(), to retrieve the inode from the dentry in ima_post_path_mknod().
Cc: stable@vger.kernel.org # 6.8.x
Huh? It doesn't need to be backported.
Ehm, sorry. To be removed.
Reported-by: Steve French smfrench@gmail.com Closes: https://lore.kernel.org/linux-kernel/CAH2r5msAVzxCUHHG8VKrMPUKQHmBpE6K9_vjhg... Fixes: 08abce60d63fi ("security: Introduce path_post_mknod hook")
-> 08abce60d63f
Ok.
Thanks
Roberto
Signed-off-by: Roberto Sassu roberto.sassu@huawei.com
Acked-by: Mimi Zohar zohar@linux.ibm.com