summaryrefslogtreecommitdiff
path: root/security/security.c
diff options
context:
space:
mode:
authorPaul Moore <paul@paul-moore.com>2024-03-14 04:37:48 +0300
committerPaul Moore <paul@paul-moore.com>2024-03-14 18:31:26 +0300
commiteaf0e7a3d2711018789e9fdb89191d19aa139c47 (patch)
treeb169f84cd0df5431f622a3a729e135606a9fae84 /security/security.c
parenta5a858f622a0aff5cdb5e271442cd01b2a01467f (diff)
downloadlinux-eaf0e7a3d2711018789e9fdb89191d19aa139c47.tar.xz
lsm: handle the NULL buffer case in lsm_fill_user_ctx()
Passing a NULL buffer into the lsm_get_self_attr() syscall is a valid way to quickly determine the minimum size of the buffer needed to for the syscall to return all of the LSM attributes to the caller. Unfortunately we/I broke that behavior in commit d7cf3412a9f6 ("lsm: consolidate buffer size handling into lsm_fill_user_ctx()") such that it returned an error to the caller; this patch restores the original desired behavior of using the NULL buffer as a quick way to correctly size the attribute buffer. Cc: stable@vger.kernel.org Fixes: d7cf3412a9f6 ("lsm: consolidate buffer size handling into lsm_fill_user_ctx()") Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security/security.c')
-rw-r--r--security/security.c8
1 files changed, 7 insertions, 1 deletions
diff --git a/security/security.c b/security/security.c
index 5b2e0a15377d..7e118858b545 100644
--- a/security/security.c
+++ b/security/security.c
@@ -780,7 +780,9 @@ static int lsm_superblock_alloc(struct super_block *sb)
* @id: LSM id
* @flags: LSM defined flags
*
- * Fill all of the fields in a userspace lsm_ctx structure.
+ * Fill all of the fields in a userspace lsm_ctx structure. If @uctx is NULL
+ * simply calculate the required size to output via @utc_len and return
+ * success.
*
* Returns 0 on success, -E2BIG if userspace buffer is not large enough,
* -EFAULT on a copyout error, -ENOMEM if memory can't be allocated.
@@ -799,6 +801,10 @@ int lsm_fill_user_ctx(struct lsm_ctx __user *uctx, u32 *uctx_len,
goto out;
}
+ /* no buffer - return success/0 and set @uctx_len to the req size */
+ if (!uctx)
+ goto out;
+
nctx = kzalloc(nctx_len, GFP_KERNEL);
if (nctx == NULL) {
rc = -ENOMEM;