On 09/17/2018 04:49 AM, Greg KH wrote:

On Sun, Sep 09, 2018 at 04:04:18PM +0200, Loic wrote:

...

Hello,

Tested without any problem so please picked up this for 4.4 to fix the problem. The patch below is slightly modified to adapt to this version.

I would like to get an ack from one of the developers/maintainers of this patch before I accept it, as it does differ from the in-tree version a bit.

Greg the patch is good. Full explanation below

cherry-picking the original patch to 4.4, I get 2 conflicts

both modified: security/apparmor/lsm.c both modified: security/apparmor/policy_unpack.c

the lsm.c conflict is do to surrounding code changes and is handled correctly. The patch drops the policy_unpack.c change

diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c index b9b1c66a32a5..138120698f83 100644 --- a/security/apparmor/policy_unpack.c +++ b/security/apparmor/policy_unpack.c @@ -778,8 +778,7 @@ int aa_unpack(void *udata, size_t size, struct list_head *lh, const char **ns) if (error) goto fail_profile;

- if (aa_g_hash_policy) - error = aa_calc_profile_hash(profile, e.version, start, + error = aa_calc_profile_hash(profile, e.version, start, e.pos - start); if (error) goto fail_profile;

The conflict is caused by commit 31f75bfecd9cef7d485b1cda3c6c38cc0b4a5c6c in 4.11, which adds the conditional check that the upstream version of this patch is dropping again.

On Mon, Sep 17, 2018 at 09:45:47PM +0200, Loic wrote:

On Mon, 17 Sep 2018 15:58:56 +0200 Greg KH gregkh@linuxfoundation.org wrote:

...

On Sun, Sep 09, 2018 at 04:04:18PM +0200, Loic wrote:

...

Hello,

Tested without any problem so please picked up this for 4.4 to fix the problem. The patch below is slightly modified to adapt to this version.

[ Upstream commit 7616ac70d1bb4f2e9d25c1a82d283f3368a7b632 ]

The newly added Kconfig option could never work and just causes a build error when disabled:

security/apparmor/lsm.c:675:25: error: 'CONFIG_SECURITY_APPARMOR_HASH_DEFAULT' undeclared here (not in a function) bool aa_g_hash_policy = CONFIG_SECURITY_APPARMOR_HASH_DEFAULT;

The problem is that the macro undefined in this case, and we need to use the IS_ENABLED() helper to turn it into a boolean constant.

Another minor problem with the original patch is that the option is even offered in sysfs when SECURITY_APPARMOR_HASH is not enabled, so this also hides the option in that case.

Signed-off-by: Arnd Bergmann arnd@arndb.de Fixes: 6059f71f1e94 ("apparmor: add parameter to control whether policy hashing is used") Signed-off-by: John Johansen john.johansen@canonical.com Signed-off-by: James Morris james.l.morris@oracle.com

---

diff -Nurp a/security/apparmor/crypto.c b/security/apparmor/crypto.c --- a/security/apparmor/crypto.c +++ b/security/apparmor/crypto.c @@ -39,6 +39,9 @@ int aa_calc_profile_hash(struct aa_profi int error = -ENOMEM; u32 le32_version = cpu_to_le32(version);

• if (!aa_g_hash_policy)

• return 0;
  

• if (!apparmor_tfm) return 0;

diff -Nurp a/security/apparmor/lsm.c b/security/apparmor/lsm.c --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -692,6 +692,12 @@ enum profile_mode aa_g_profile_mode = AP module_param_call(mode, param_set_mode, param_get_mode, &aa_g_profile_mode, S_IRUSR | S_IWUSR);

+#ifdef CONFIG_SECURITY_APPARMOR_HASH +/* whether policy verification hashing is enabled */ +bool aa_g_hash_policy = IS_ENABLED(CONFIG_SECURITY_APPARMOR_HASH_DEFAULT); +module_param_named(hash_policy, aa_g_hash_policy, aabool, S_IRUSR | S_IWUSR); +#endif

/* Debug mode */ bool aa_g_debug; module_param_named(debug, aa_g_debug, aabool, S_IRUSR | S_IWUSR);

---

The patch is whitespace corrupted and can not be applied :(

Sorry, I noticed the problem afterwards. I opened a bug report to try to fix my mail client: https://github.com/roundcube/roundcubemail/issues/6438

...

Can you fix that up and resend it so that I can apply it?

No problem. Thanks for all.

Signed-off-by: Arnd Bergmann arnd@arndb.de Fixes: 6059f71f1e94 ("apparmor: add parameter to control whether policy hashing is used") Signed-off-by: John Johansen john.johansen@canonical.com Signed-off-by: James Morris james.l.morris@oracle.com

---

diff -Nurp a/security/apparmor/crypto.c b/security/apparmor/crypto.c --- a/security/apparmor/crypto.c +++ b/security/apparmor/crypto.c @@ -39,6 +39,9 @@ int aa_calc_profile_hash(struct aa_profi int error = -ENOMEM; u32 le32_version = cpu_to_le32(version);

• if (!aa_g_hash_policy)

• return 0;
  

• if (!apparmor_tfm) return 0;

diff -Nurp a/security/apparmor/lsm.c b/security/apparmor/lsm.c --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -692,6 +694,12 @@ enum profile_mode aa_g_profile_mode = AP module_param_call(mode, param_set_mode, param_get_mode, &aa_g_profile_mode, S_IRUSR | S_IWUSR); +#ifdef CONFIG_SECURITY_APPARMOR_HASH +/* whether policy verification hashing is enabled */ +bool aa_g_hash_policy = IS_ENABLED(CONFIG_SECURITY_APPARMOR_HASH_DEFAULT); +module_param_named(hash_policy, aa_g_hash_policy, aabool, S_IRUSR | S_IWUSR); +#endif

/* Debug mode */ bool aa_g_debug; module_param_named(debug, aa_g_debug, aabool, S_IRUSR | S_IWUSR);

THanks, that worked, now queued up.

greg k-h

On Mon, Sep 17, 2018 at 11:37:54PM +0200, Greg KH wrote:

On Mon, Sep 17, 2018 at 11:15:42PM +0200, Greg KH wrote:

...

On Mon, Sep 17, 2018 at 09:45:47PM +0200, Loic wrote:

...

On Mon, 17 Sep 2018 15:58:56 +0200 Greg KH gregkh@linuxfoundation.org wrote:

...

On Sun, Sep 09, 2018 at 04:04:18PM +0200, Loic wrote:

...

Hello,

Tested without any problem so please picked up this for 4.4 to fix the problem. The patch below is slightly modified to adapt to this version.

[ Upstream commit 7616ac70d1bb4f2e9d25c1a82d283f3368a7b632 ]

The newly added Kconfig option could never work and just causes a build error when disabled:

security/apparmor/lsm.c:675:25: error: 'CONFIG_SECURITY_APPARMOR_HASH_DEFAULT' undeclared here (not in a function) bool aa_g_hash_policy = CONFIG_SECURITY_APPARMOR_HASH_DEFAULT;

The problem is that the macro undefined in this case, and we need to use the IS_ENABLED() helper to turn it into a boolean constant.

Another minor problem with the original patch is that the option is even offered in sysfs when SECURITY_APPARMOR_HASH is not enabled, so this also hides the option in that case.

Signed-off-by: Arnd Bergmann arnd@arndb.de Fixes: 6059f71f1e94 ("apparmor: add parameter to control whether policy hashing is used") Signed-off-by: John Johansen john.johansen@canonical.com Signed-off-by: James Morris james.l.morris@oracle.com

---

diff -Nurp a/security/apparmor/crypto.c b/security/apparmor/crypto.c --- a/security/apparmor/crypto.c +++ b/security/apparmor/crypto.c @@ -39,6 +39,9 @@ int aa_calc_profile_hash(struct aa_profi int error = -ENOMEM; u32 le32_version = cpu_to_le32(version);

• if (!aa_g_hash_policy)

• return 0;
  

• if (!apparmor_tfm) return 0;

diff -Nurp a/security/apparmor/lsm.c b/security/apparmor/lsm.c --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -692,6 +692,12 @@ enum profile_mode aa_g_profile_mode = AP module_param_call(mode, param_set_mode, param_get_mode, &aa_g_profile_mode, S_IRUSR | S_IWUSR);

+#ifdef CONFIG_SECURITY_APPARMOR_HASH +/* whether policy verification hashing is enabled */ +bool aa_g_hash_policy = IS_ENABLED(CONFIG_SECURITY_APPARMOR_HASH_DEFAULT); +module_param_named(hash_policy, aa_g_hash_policy, aabool, S_IRUSR | S_IWUSR); +#endif

/* Debug mode */ bool aa_g_debug; module_param_named(debug, aa_g_debug, aabool, S_IRUSR | S_IWUSR);

---

The patch is whitespace corrupted and can not be applied :(

Sorry, I noticed the problem afterwards. I opened a bug report to try to fix my mail client: https://github.com/roundcube/roundcubemail/issues/6438

...

Can you fix that up and resend it so that I can apply it?

No problem. Thanks for all.

Signed-off-by: Arnd Bergmann arnd@arndb.de Fixes: 6059f71f1e94 ("apparmor: add parameter to control whether policy hashing is used") Signed-off-by: John Johansen john.johansen@canonical.com Signed-off-by: James Morris james.l.morris@oracle.com

---

diff -Nurp a/security/apparmor/crypto.c b/security/apparmor/crypto.c --- a/security/apparmor/crypto.c +++ b/security/apparmor/crypto.c @@ -39,6 +39,9 @@ int aa_calc_profile_hash(struct aa_profi int error = -ENOMEM; u32 le32_version = cpu_to_le32(version);

• if (!aa_g_hash_policy)

• return 0;
  

• if (!apparmor_tfm) return 0;

diff -Nurp a/security/apparmor/lsm.c b/security/apparmor/lsm.c --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -692,6 +694,12 @@ enum profile_mode aa_g_profile_mode = AP module_param_call(mode, param_set_mode, param_get_mode, &aa_g_profile_mode, S_IRUSR | S_IWUSR); +#ifdef CONFIG_SECURITY_APPARMOR_HASH +/* whether policy verification hashing is enabled */ +bool aa_g_hash_policy = IS_ENABLED(CONFIG_SECURITY_APPARMOR_HASH_DEFAULT); +module_param_named(hash_policy, aa_g_hash_policy, aabool, S_IRUSR | S_IWUSR); +#endif

/* Debug mode */ bool aa_g_debug; module_param_named(debug, aa_g_debug, aabool, S_IRUSR | S_IWUSR);

THanks, that worked, now queued up.

And dropped as this patch broke the build. I'm guessing this really isn't needed if you didn't even test it worked :(

Please fix all of this up, test it properly, and then send it as a "clean" patch that I can apply easily.

thanks,

greg k-h

Commit 6059f71f1e94 ("apparmor: add parameter to control whether policy hashing is used") didn't even come in until 4.8 and SECURITY_APPARMOR_HASH_DEFAULT isn't defined anywhere in 4.4. Fairly certain this isn't needed at all.

Cheers, Nathan

Le 2018-09-18 00:12, John Johansen a écrit :

On 09/17/2018 02:56 PM, Nathan Chancellor wrote:

...

On Mon, Sep 17, 2018 at 11:37:54PM +0200, Greg KH wrote:

...

On Mon, Sep 17, 2018 at 11:15:42PM +0200, Greg KH wrote:

...

On Mon, Sep 17, 2018 at 09:45:47PM +0200, Loic wrote:

...

On Mon, 17 Sep 2018 15:58:56 +0200 Greg KH gregkh@linuxfoundation.org wrote:

...

On Sun, Sep 09, 2018 at 04:04:18PM +0200, Loic wrote: > Hello, > > Tested without any problem so please picked up this for 4.4 to > fix the > problem. > The patch below is slightly modified to adapt to this version. > > [ Upstream commit 7616ac70d1bb4f2e9d25c1a82d283f3368a7b632 ] > > The newly added Kconfig option could never work and just causes a > build > error > when disabled: > > security/apparmor/lsm.c:675:25: error: > 'CONFIG_SECURITY_APPARMOR_HASH_DEFAULT' undeclared here (not in a > function) > bool aa_g_hash_policy = CONFIG_SECURITY_APPARMOR_HASH_DEFAULT; > > The problem is that the macro undefined in this case, and we need > to use the > IS_ENABLED() > helper to turn it into a boolean constant. > > Another minor problem with the original patch is that the option > is even > offered > in sysfs when SECURITY_APPARMOR_HASH is not enabled, so this also > hides the > option > in that case. > > Signed-off-by: Arnd Bergmann arnd@arndb.de > Fixes: 6059f71f1e94 ("apparmor: add parameter to control whether > policy > hashing is used") > Signed-off-by: John Johansen john.johansen@canonical.com > Signed-off-by: James Morris james.l.morris@oracle.com > --- > diff -Nurp a/security/apparmor/crypto.c > b/security/apparmor/crypto.c > --- a/security/apparmor/crypto.c > +++ b/security/apparmor/crypto.c > @@ -39,6 +39,9 @@ int aa_calc_profile_hash(struct aa_profi > int error = -ENOMEM; > u32 le32_version = cpu_to_le32(version); > > + if (!aa_g_hash_policy) > + return 0; > + > if (!apparmor_tfm) > return 0; > > diff -Nurp a/security/apparmor/lsm.c b/security/apparmor/lsm.c > --- a/security/apparmor/lsm.c > +++ b/security/apparmor/lsm.c > @@ -692,6 +692,12 @@ enum profile_mode aa_g_profile_mode = AP > module_param_call(mode, param_set_mode, param_get_mode, > &aa_g_profile_mode, S_IRUSR | S_IWUSR); > > +#ifdef CONFIG_SECURITY_APPARMOR_HASH > +/* whether policy verification hashing is enabled */ > +bool aa_g_hash_policy = > IS_ENABLED(CONFIG_SECURITY_APPARMOR_HASH_DEFAULT); > +module_param_named(hash_policy, aa_g_hash_policy, aabool, > S_IRUSR | > S_IWUSR); > +#endif > + > /* Debug mode */ > bool aa_g_debug; > module_param_named(debug, aa_g_debug, aabool, S_IRUSR | > S_IWUSR); > ---

The patch is whitespace corrupted and can not be applied :(

Sorry, I noticed the problem afterwards. I opened a bug report to try to fix my mail client: https://github.com/roundcube/roundcubemail/issues/6438

...

Can you fix that up and resend it so that I can apply it?

No problem. Thanks for all.

Signed-off-by: Arnd Bergmann arnd@arndb.de Fixes: 6059f71f1e94 ("apparmor: add parameter to control whether policy hashing is used") Signed-off-by: John Johansen john.johansen@canonical.com Signed-off-by: James Morris james.l.morris@oracle.com

---

diff -Nurp a/security/apparmor/crypto.c b/security/apparmor/crypto.c --- a/security/apparmor/crypto.c +++ b/security/apparmor/crypto.c @@ -39,6 +39,9 @@ int aa_calc_profile_hash(struct aa_profi int error = -ENOMEM; u32 le32_version = cpu_to_le32(version);

• if (!aa_g_hash_policy)

• return 0;
  

• if (!apparmor_tfm) return 0;

diff -Nurp a/security/apparmor/lsm.c b/security/apparmor/lsm.c --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -692,6 +694,12 @@ enum profile_mode aa_g_profile_mode = AP module_param_call(mode, param_set_mode, param_get_mode, &aa_g_profile_mode, S_IRUSR | S_IWUSR);

+#ifdef CONFIG_SECURITY_APPARMOR_HASH +/* whether policy verification hashing is enabled */ +bool aa_g_hash_policy = IS_ENABLED(CONFIG_SECURITY_APPARMOR_HASH_DEFAULT); +module_param_named(hash_policy, aa_g_hash_policy, aabool, S_IRUSR | S_IWUSR); +#endif

/* Debug mode */ bool aa_g_debug; module_param_named(debug, aa_g_debug, aabool, S_IRUSR | S_IWUSR);

THanks, that worked, now queued up.

And dropped as this patch broke the build. I'm guessing this really isn't needed if you didn't even test it worked :(

Please fix all of this up, test it properly, and then send it as a "clean" patch that I can apply easily.

thanks,

greg k-h

Commit 6059f71f1e94 ("apparmor: add parameter to control whether policy hashing is used") didn't even come in until 4.8 and SECURITY_APPARMOR_HASH_DEFAULT isn't defined anywhere in 4.4. Fairly certain this isn't needed at all.

Sorry when I did my initial check on the patch backport deviating from the upstream patch I didn't build test (assumed that had already been done my bad), nor did I look into if it was valid (also my bad). I should have.

I'm the one following sorry, I forgot to report the Kconfig of the latest version of the 4.9 kernel that I used during my tests. I admit my mistakes and learn from them. Please excuse me!

I agree with your assessment, this isn't needed. 4.4 does not have the kconfig nor code that uses it.

It's not really the backport functionality that's interesting but the return 0. Can you certify to me that "return 0" would be of no use?

Greg do not take this patch. I am sorry I wasted you time by missing this on my initial check.

It's me, I'm going to review my method of submitting a patch.