lsm: fix default return value for inode_getsecctx
stable inclusion from stable-v6.6.3 commit 37dab33f754abd24b384d2b7b07349dc6611381b category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I8LBQP Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=37dab33f754abd24b384d2b7b07349dc6611381b -------------------------------- commit b36995b8609a5a8fe5cf259a1ee768fcaed919f8 upstream. -EOPNOTSUPP is the return value that implements a "no-op" hook, not 0. Without this fix having only the BPF LSM enabled (with no programs attached) can cause uninitialized variable reads in nfsd4_encode_fattr(), because the BPF hook returns 0 without touching the 'ctxlen' variable and the corresponding 'contextlen' variable in nfsd4_encode_fattr() remains uninitialized, yet being treated as valid based on the 0 return value. Cc: stable@vger.kernel.org Fixes: 98e828a0 ("security: Refactor declaration of LSM hooks") Reported-by:Benjamin Coddington <bcodding@redhat.com> Signed-off-by:
Loading
Please sign in to comment