• Stefan Berger's avatar
    fs: Pass AT_GETATTR_NOSEC flag to getattr interface function · 8a924db2
    Stefan Berger authored
    When vfs_getattr_nosec() calls a filesystem's getattr interface function
    then the 'nosec' should propagate into this function so that
    vfs_getattr_nosec() can again be called from the filesystem's gettattr
    rather than vfs_getattr(). The latter would add unnecessary security
    checks that the initial vfs_getattr_nosec() call wanted to avoid.
    Therefore, introduce the getattr flag GETATTR_NOSEC and allow to pass
    with the new getattr_flags parameter to the getattr interface function.
    In overlayfs and ecryptfs use this flag to determine which one of the
    two functions to call.
    
    In a recent code change introduced to IMA vfs_getattr_nosec() ended up
    calling vfs_getattr() in overlayfs, which in turn called
    security_inode_getattr() on an exiting process that did not have
    current->fs set anymore, which then caused a kernel NULL pointer
    dereference. With this change the call to security_inode_getattr() can
    be avoided, thus avoiding the NULL pointer dereference.
    
    Reported-by: <syzbot+a67fc5321ffb4b311c98@syzkaller.appspotmail.com>
    Fixes: db1d1e8b ("IMA: use vfs_getattr_nosec to get the i_version")
    Cc: Alexander Viro <viro@zeniv.linux.org.uk>
    Cc: <linux-fsdevel@vger.kernel.org>
    Cc: Miklos Szeredi <miklos@szeredi.hu>
    Cc: Amir Goldstein <amir73il@gmail.com>
    Cc: Tyler Hicks <code@tyhicks.com>
    Cc: Mimi Zohar <zohar@linux.ibm.com>
    Suggested-by: default avatarChristian Brauner <brauner@kernel.org>
    Co-developed-by: default avatarAmir Goldstein <amir73il@gmail.com>
    Signed-off-by: default avatarStefan Berger <stefanb@linux.ibm.com>
    Link: https://lore.kernel.org/r/20231002125733.1251467-1-stefanb@linux.vnet.ibm.comReviewed-by: default avatarAmir Goldstein <amir73il@gmail.com>
    Signed-off-by: default avatarChristian Brauner <brauner@kernel.org>
    8a924db2
stat.c 23 KB