android/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
993,483 Commits 2 Branches 0 Tags 2.3 GiB
C 97.8%
Assembly 1.2%
Shell 0.3%
Makefile 0.3%
Python 0.2%
Other 0.1%
311dc5afad
Go to file
Alfred Piccioni 311dc5afad lsm: new security_file_ioctl_compat() hook 
commit f1bb47a31dff6d4b34fb14e99850860ee74bb003 upstream.

Some ioctl commands do not require ioctl permission, but are routed to
other permissions such as FILE_GETATTR or FILE_SETATTR. This routing is
done by comparing the ioctl cmd to a set of 64-bit flags (FS_IOC_*).

However, if a 32-bit process is running on a 64-bit kernel, it emits
32-bit flags (FS_IOC32_*) for certain ioctl operations. These flags are
being checked erroneously, which leads to these ioctl operations being
routed to the ioctl permission, rather than the correct file
permissions.

This was also noted in a RED-PEN finding from a while back -
"/* RED-PEN how should LSM module know it's handling 32bit? */".

This patch introduces a new hook, security_file_ioctl_compat(), that is
called from the compat ioctl syscall. All current LSMs have been changed
to support this hook.

Reviewing the three places where we are currently using
security_file_ioctl(), it appears that only SELinux needs a dedicated
compat change; TOMOYO and SMACK appear to be functional without any
change.

Cc: stable@vger.kernel.org
Fixes: 0b24dcb7f2 ("Revert "selinux: simplify ioctl checking"")
Signed-off-by: Alfred Piccioni <alpic@google.com>
Reviewed-by: Stephen Smalley <stephen.smalley.work@gmail.com>
[PM: subject tweak, line length fixes, and alignment corrections]
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-02-23 08:41:53 +01:00
arch arm64: dts: qcom: sdm845: fix USB DP/DM HS PHY interrupts 2024-02-23 08:41:53 +01:00
block blk-throttle: fix lockdep warning of "cgroup_mutex or RCU read lock required!" 2023-12-20 15:44:31 +01:00
certs certs/blacklist_hashes.c: fix const confusion in certs blacklist 2022-06-22 14:13:17 +02:00
crypto crypto: api - Disallow identical driver names 2024-02-23 08:41:52 +01:00
Documentation dt-bindings: nvmem: mxs-ocotp: Document fsl,ocotp 2024-01-05 15:12:28 +01:00
drivers bus: mhi: host: Drop chan lock before queuing buffers 2024-02-23 08:41:53 +01:00
fs lsm: new security_file_ioctl_compat() hook 2024-02-23 08:41:53 +01:00
include lsm: new security_file_ioctl_compat() hook 2024-02-23 08:41:53 +01:00
init rootfs: Fix support for rootfstype= when root= is given 2024-01-25 14:37:52 -08:00
io_uring io_uring/rw: ensure io->bytes_done is always initialized 2024-01-25 14:37:52 -08:00
ipc ipc/sem: Fix dangling sem_array access in semtimedop race 2022-12-08 11:24:00 +01:00
kernel async: Introduce async_schedule_dev_nocall() 2024-02-23 08:41:53 +01:00
lib ida: Fix crash in ida_free when the bitmap is empty 2024-01-25 14:37:38 -08:00
LICENSES LICENSES/deprecated: add Zlib license text 2020-09-16 14:33:49 +02:00
mm mm: fix unmap_mapping_range high bits shift bug 2024-01-15 18:48:06 +01:00
net ethtool: netlink: Add missing ethnl_ops_begin/complete 2024-01-25 14:37:56 -08:00
samples samples/hw_breakpoint: fix building without module unloading 2023-09-23 11:01:09 +02:00
scripts sign-file: Fix incorrect return values check 2023-12-20 15:44:29 +01:00
security lsm: new security_file_ioctl_compat() hook 2024-02-23 08:41:53 +01:00
sound ALSA: hda/relatek: Enable Mute LED on HP Laptop 15s-fq2xxx 2024-01-25 14:37:52 -08:00
tools selftests: mlxsw: qos_pfc: Adjust the test to support 8 lanes 2024-01-25 14:37:56 -08:00
usr usr/include/Makefile: add linux/nfc.h to the compile-test coverage 2022-02-01 17:25:48 +01:00
virt KVM: fix memoryleak in kvm_init() 2023-04-05 11:23:43 +02:00
.clang-format RDMA 5.10 pull request 2020-10-17 11:18:18 -07:00
.cocciconfig scripts: add Linux .cocciconfig for coccinelle 2016-07-22 12:13:39 +02:00
.get_maintainer.ignore Opt out of scripts/get_maintainer.pl 2019-05-16 10:53:40 -07:00
.gitattributes .gitattributes: use 'dts' diff driver for dts files 2019-12-04 19:44:11 -08:00
.gitignore kbuild: generate Module.symvers only when vmlinux exists 2021-05-19 10:12:59 +02:00
.mailmap mailmap: add two more addresses of Uwe Kleine-König 2020-12-06 10:19:07 -08:00
COPYING COPYING: state that all contributions really are covered by this file 2020-02-10 13:32:20 -08:00
CREDITS MAINTAINERS: Move Jason Cooper to CREDITS 2020-11-30 10:20:34 +01:00
Kbuild kbuild: rename hostprogs-y/always to hostprogs/always-y 2020-02-04 01:53:07 +09:00
Kconfig kbuild: ensure full rebuild when the compiler is updated 2020-05-12 13:28:33 +09:00
MAINTAINERS Remove DECnet support from kernel 2023-06-21 15:45:38 +02:00
Makefile Linux 5.10.209 2024-01-25 14:37:57 -08:00
README Drop all 00-INDEX files from Documentation/ 2018-09-09 15:08:58 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.