Revision 2172fa709ab32ca60e86179dc67d0857be8e2c98 authored by Stephen Smalley on 30 January 2014, 16:26:59 UTC, committed by Paul Moore on 05 February 2014, 17:20:51 UTC
Setting an empty security context (length=0) on a file will lead to incorrectly dereferencing the type and other fields of the security context structure, yielding a kernel BUG. As a zero-length security context is never valid, just reject all such security contexts whether coming from userspace via setxattr or coming from the filesystem upon a getxattr request by SELinux. Setting a security context value (empty or otherwise) unknown to SELinux in the first place is only possible for a root process (CAP_MAC_ADMIN), and, if running SELinux in enforcing mode, only if the corresponding SELinux mac_admin permission is also granted to the domain by policy. In Fedora policies, this is only allowed for specific domains such as livecd for setting down security contexts that are not defined in the build host policy. Reproducer: su setenforce 0 touch foo setfattr -n security.selinux foo Caveat: Relabeling or removing foo after doing the above may not be possible without booting with SELinux disabled. Any subsequent access to foo after doing the above will also trigger the BUG. BUG output from Matthew Thode: [ 473.893141] ------------[ cut here ]------------ [ 473.962110] kernel BUG at security/selinux/ss/services.c:654! [ 473.995314] invalid opcode: 0000 [#6] SMP [ 474.027196] Modules linked in: [ 474.058118] CPU: 0 PID: 8138 Comm: ls Tainted: G D I 3.13.0-grsec #1 [ 474.116637] Hardware name: Supermicro X8ST3/X8ST3, BIOS 2.0 07/29/10 [ 474.149768] task: ffff8805f50cd010 ti: ffff8805f50cd488 task.ti: ffff8805f50cd488 [ 474.183707] RIP: 0010:[<ffffffff814681c7>] [<ffffffff814681c7>] context_struct_compute_av+0xce/0x308 [ 474.219954] RSP: 0018:ffff8805c0ac3c38 EFLAGS: 00010246 [ 474.252253] RAX: 0000000000000000 RBX: ffff8805c0ac3d94 RCX: 0000000000000100 [ 474.287018] RDX: ffff8805e8aac000 RSI: 00000000ffffffff RDI: ffff8805e8aaa000 [ 474.321199] RBP: ffff8805c0ac3cb8 R08: 0000000000000010 R09: 0000000000000006 [ 474.357446] R10: 0000000000000000 R11: ffff8805c567a000 R12: 0000000000000006 [ 474.419191] R13: ffff8805c2b74e88 R14: 00000000000001da R15: 0000000000000000 [ 474.453816] FS: 00007f2e75220800(0000) GS:ffff88061fc00000(0000) knlGS:0000000000000000 [ 474.489254] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 474.522215] CR2: 00007f2e74716090 CR3: 00000005c085e000 CR4: 00000000000207f0 [ 474.556058] Stack: [ 474.584325] ffff8805c0ac3c98 ffffffff811b549b ffff8805c0ac3c98 ffff8805f1190a40 [ 474.618913] ffff8805a6202f08 ffff8805c2b74e88 00068800d0464990 ffff8805e8aac860 [ 474.653955] ffff8805c0ac3cb8 000700068113833a ffff880606c75060 ffff8805c0ac3d94 [ 474.690461] Call Trace: [ 474.723779] [<ffffffff811b549b>] ? lookup_fast+0x1cd/0x22a [ 474.778049] [<ffffffff81468824>] security_compute_av+0xf4/0x20b [ 474.811398] [<ffffffff8196f419>] avc_compute_av+0x2a/0x179 [ 474.843813] [<ffffffff8145727b>] avc_has_perm+0x45/0xf4 [ 474.875694] [<ffffffff81457d0e>] inode_has_perm+0x2a/0x31 [ 474.907370] [<ffffffff81457e76>] selinux_inode_getattr+0x3c/0x3e [ 474.938726] [<ffffffff81455cf6>] security_inode_getattr+0x1b/0x22 [ 474.970036] [<ffffffff811b057d>] vfs_getattr+0x19/0x2d [ 475.000618] [<ffffffff811b05e5>] vfs_fstatat+0x54/0x91 [ 475.030402] [<ffffffff811b063b>] vfs_lstat+0x19/0x1b [ 475.061097] [<ffffffff811b077e>] SyS_newlstat+0x15/0x30 [ 475.094595] [<ffffffff8113c5c1>] ? __audit_syscall_entry+0xa1/0xc3 [ 475.148405] [<ffffffff8197791e>] system_call_fastpath+0x16/0x1b [ 475.179201] Code: 00 48 85 c0 48 89 45 b8 75 02 0f 0b 48 8b 45 a0 48 8b 3d 45 d0 b6 00 8b 40 08 89 c6 ff ce e8 d1 b0 06 00 48 85 c0 49 89 c7 75 02 <0f> 0b 48 8b 45 b8 4c 8b 28 eb 1e 49 8d 7d 08 be 80 01 00 00 e8 [ 475.255884] RIP [<ffffffff814681c7>] context_struct_compute_av+0xce/0x308 [ 475.296120] RSP <ffff8805c0ac3c38> [ 475.328734] ---[ end trace f076482e9d754adc ]--- Reported-by: Matthew Thode <mthode@mthode.org> Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Cc: stable@vger.kernel.org Signed-off-by: Paul Moore <pmoore@redhat.com>
1 parent 6a96e15
pata_optidma.c
/*
* pata_optidma.c - Opti DMA PATA for new ATA layer
* (C) 2006 Red Hat Inc
*
* The Opti DMA controllers are related to the older PIO PCI controllers
* and indeed the VLB ones. The main differences are that the timing
* numbers are now based off PCI clocks not VLB and differ, and that
* MWDMA is supported.
*
* This driver should support Viper-N+, FireStar, FireStar Plus.
*
* These devices support virtual DMA for read (aka the CS5520). Later
* chips support UDMA33, but only if the rest of the board logic does,
* so you have to get this right. We don't support the virtual DMA
* but we do handle UDMA.
*
* Bits that are worth knowing
* Most control registers are shadowed into I/O registers
* 0x1F5 bit 0 tells you if the PCI/VLB clock is 33 or 25Mhz
* Virtual DMA registers *move* between rev 0x02 and rev 0x10
* UDMA requires a 66MHz FSB
*
*/
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/pci.h>
#include <linux/init.h>
#include <linux/blkdev.h>
#include <linux/delay.h>
#include <scsi/scsi_host.h>
#include <linux/libata.h>
#define DRV_NAME "pata_optidma"
#define DRV_VERSION "0.3.2"
enum {
READ_REG = 0, /* index of Read cycle timing register */
WRITE_REG = 1, /* index of Write cycle timing register */
CNTRL_REG = 3, /* index of Control register */
STRAP_REG = 5, /* index of Strap register */
MISC_REG = 6 /* index of Miscellaneous register */
};
static int pci_clock; /* 0 = 33 1 = 25 */
/**
* optidma_pre_reset - probe begin
* @link: ATA link
* @deadline: deadline jiffies for the operation
*
* Set up cable type and use generic probe init
*/
static int optidma_pre_reset(struct ata_link *link, unsigned long deadline)
{
struct ata_port *ap = link->ap;
struct pci_dev *pdev = to_pci_dev(ap->host->dev);
static const struct pci_bits optidma_enable_bits = {
0x40, 1, 0x08, 0x00
};
if (ap->port_no && !pci_test_config_bits(pdev, &optidma_enable_bits))
return -ENOENT;
return ata_sff_prereset(link, deadline);
}
/**
* optidma_unlock - unlock control registers
* @ap: ATA port
*
* Unlock the control register block for this adapter. Registers must not
* be unlocked in a situation where libata might look at them.
*/
static void optidma_unlock(struct ata_port *ap)
{
void __iomem *regio = ap->ioaddr.cmd_addr;
/* These 3 unlock the control register access */
ioread16(regio + 1);
ioread16(regio + 1);
iowrite8(3, regio + 2);
}
/**
* optidma_lock - issue temporary relock
* @ap: ATA port
*
* Re-lock the configuration register settings.
*/
static void optidma_lock(struct ata_port *ap)
{
void __iomem *regio = ap->ioaddr.cmd_addr;
/* Relock */
iowrite8(0x83, regio + 2);
}
/**
* optidma_mode_setup - set mode data
* @ap: ATA interface
* @adev: ATA device
* @mode: Mode to set
*
* Called to do the DMA or PIO mode setup. Timing numbers are all
* pre computed to keep the code clean. There are two tables depending
* on the hardware clock speed.
*
* WARNING: While we do this the IDE registers vanish. If we take an
* IRQ here we depend on the host set locking to avoid catastrophe.
*/
static void optidma_mode_setup(struct ata_port *ap, struct ata_device *adev, u8 mode)
{
struct ata_device *pair = ata_dev_pair(adev);
int pio = adev->pio_mode - XFER_PIO_0;
int dma = adev->dma_mode - XFER_MW_DMA_0;
void __iomem *regio = ap->ioaddr.cmd_addr;
u8 addr;
/* Address table precomputed with a DCLK of 2 */
static const u8 addr_timing[2][5] = {
{ 0x30, 0x20, 0x20, 0x10, 0x10 },
{ 0x20, 0x20, 0x10, 0x10, 0x10 }
};
static const u8 data_rec_timing[2][5] = {
{ 0x59, 0x46, 0x30, 0x20, 0x20 },
{ 0x46, 0x32, 0x20, 0x20, 0x10 }
};
static const u8 dma_data_rec_timing[2][3] = {
{ 0x76, 0x20, 0x20 },
{ 0x54, 0x20, 0x10 }
};
/* Switch from IDE to control mode */
optidma_unlock(ap);
/*
* As with many controllers the address setup time is shared
* and must suit both devices if present. FIXME: Check if we
* need to look at slowest of PIO/DMA mode of either device
*/
if (mode >= XFER_MW_DMA_0)
addr = 0;
else
addr = addr_timing[pci_clock][pio];
if (pair) {
u8 pair_addr;
/* Hardware constraint */
if (pair->dma_mode)
pair_addr = 0;
else
pair_addr = addr_timing[pci_clock][pair->pio_mode - XFER_PIO_0];
if (pair_addr > addr)
addr = pair_addr;
}
/* Commence primary programming sequence */
/* First we load the device number into the timing select */
iowrite8(adev->devno, regio + MISC_REG);
/* Now we load the data timings into read data/write data */
if (mode < XFER_MW_DMA_0) {
iowrite8(data_rec_timing[pci_clock][pio], regio + READ_REG);
iowrite8(data_rec_timing[pci_clock][pio], regio + WRITE_REG);
} else if (mode < XFER_UDMA_0) {
iowrite8(dma_data_rec_timing[pci_clock][dma], regio + READ_REG);
iowrite8(dma_data_rec_timing[pci_clock][dma], regio + WRITE_REG);
}
/* Finally we load the address setup into the misc register */
iowrite8(addr | adev->devno, regio + MISC_REG);
/* Programming sequence complete, timing 0 dev 0, timing 1 dev 1 */
iowrite8(0x85, regio + CNTRL_REG);
/* Switch back to IDE mode */
optidma_lock(ap);
/* Note: at this point our programming is incomplete. We are
not supposed to program PCI 0x43 "things we hacked onto the chip"
until we've done both sets of PIO/DMA timings */
}
/**
* optiplus_mode_setup - DMA setup for Firestar Plus
* @ap: ATA port
* @adev: device
* @mode: desired mode
*
* The Firestar plus has additional UDMA functionality for UDMA0-2 and
* requires we do some additional work. Because the base work we must do
* is mostly shared we wrap the Firestar setup functionality in this
* one
*/
static void optiplus_mode_setup(struct ata_port *ap, struct ata_device *adev, u8 mode)
{
struct pci_dev *pdev = to_pci_dev(ap->host->dev);
u8 udcfg;
u8 udslave;
int dev2 = 2 * adev->devno;
int unit = 2 * ap->port_no + adev->devno;
int udma = mode - XFER_UDMA_0;
pci_read_config_byte(pdev, 0x44, &udcfg);
if (mode <= XFER_UDMA_0) {
udcfg &= ~(1 << unit);
optidma_mode_setup(ap, adev, adev->dma_mode);
} else {
udcfg |= (1 << unit);
if (ap->port_no) {
pci_read_config_byte(pdev, 0x45, &udslave);
udslave &= ~(0x03 << dev2);
udslave |= (udma << dev2);
pci_write_config_byte(pdev, 0x45, udslave);
} else {
udcfg &= ~(0x30 << dev2);
udcfg |= (udma << dev2);
}
}
pci_write_config_byte(pdev, 0x44, udcfg);
}
/**
* optidma_set_pio_mode - PIO setup callback
* @ap: ATA port
* @adev: Device
*
* The libata core provides separate functions for handling PIO and
* DMA programming. The architecture of the Firestar makes it easier
* for us to have a common function so we provide wrappers
*/
static void optidma_set_pio_mode(struct ata_port *ap, struct ata_device *adev)
{
optidma_mode_setup(ap, adev, adev->pio_mode);
}
/**
* optidma_set_dma_mode - DMA setup callback
* @ap: ATA port
* @adev: Device
*
* The libata core provides separate functions for handling PIO and
* DMA programming. The architecture of the Firestar makes it easier
* for us to have a common function so we provide wrappers
*/
static void optidma_set_dma_mode(struct ata_port *ap, struct ata_device *adev)
{
optidma_mode_setup(ap, adev, adev->dma_mode);
}
/**
* optiplus_set_pio_mode - PIO setup callback
* @ap: ATA port
* @adev: Device
*
* The libata core provides separate functions for handling PIO and
* DMA programming. The architecture of the Firestar makes it easier
* for us to have a common function so we provide wrappers
*/
static void optiplus_set_pio_mode(struct ata_port *ap, struct ata_device *adev)
{
optiplus_mode_setup(ap, adev, adev->pio_mode);
}
/**
* optiplus_set_dma_mode - DMA setup callback
* @ap: ATA port
* @adev: Device
*
* The libata core provides separate functions for handling PIO and
* DMA programming. The architecture of the Firestar makes it easier
* for us to have a common function so we provide wrappers
*/
static void optiplus_set_dma_mode(struct ata_port *ap, struct ata_device *adev)
{
optiplus_mode_setup(ap, adev, adev->dma_mode);
}
/**
* optidma_make_bits - PCI setup helper
* @adev: ATA device
*
* Turn the ATA device setup into PCI configuration bits
* for register 0x43 and return the two bits needed.
*/
static u8 optidma_make_bits43(struct ata_device *adev)
{
static const u8 bits43[5] = {
0, 0, 0, 1, 2
};
if (!ata_dev_enabled(adev))
return 0;
if (adev->dma_mode)
return adev->dma_mode - XFER_MW_DMA_0;
return bits43[adev->pio_mode - XFER_PIO_0];
}
/**
* optidma_set_mode - mode setup
* @link: link to set up
*
* Use the standard setup to tune the chipset and then finalise the
* configuration by writing the nibble of extra bits of data into
* the chip.
*/
static int optidma_set_mode(struct ata_link *link, struct ata_device **r_failed)
{
struct ata_port *ap = link->ap;
u8 r;
int nybble = 4 * ap->port_no;
struct pci_dev *pdev = to_pci_dev(ap->host->dev);
int rc = ata_do_set_mode(link, r_failed);
if (rc == 0) {
pci_read_config_byte(pdev, 0x43, &r);
r &= (0x0F << nybble);
r |= (optidma_make_bits43(&link->device[0]) +
(optidma_make_bits43(&link->device[0]) << 2)) << nybble;
pci_write_config_byte(pdev, 0x43, r);
}
return rc;
}
static struct scsi_host_template optidma_sht = {
ATA_BMDMA_SHT(DRV_NAME),
};
static struct ata_port_operations optidma_port_ops = {
.inherits = &ata_bmdma_port_ops,
.cable_detect = ata_cable_40wire,
.set_piomode = optidma_set_pio_mode,
.set_dmamode = optidma_set_dma_mode,
.set_mode = optidma_set_mode,
.prereset = optidma_pre_reset,
};
static struct ata_port_operations optiplus_port_ops = {
.inherits = &optidma_port_ops,
.set_piomode = optiplus_set_pio_mode,
.set_dmamode = optiplus_set_dma_mode,
};
/**
* optiplus_with_udma - Look for UDMA capable setup
* @pdev; ATA controller
*/
static int optiplus_with_udma(struct pci_dev *pdev)
{
u8 r;
int ret = 0;
int ioport = 0x22;
struct pci_dev *dev1;
/* Find function 1 */
dev1 = pci_get_device(0x1045, 0xC701, NULL);
if (dev1 == NULL)
return 0;
/* Rev must be >= 0x10 */
pci_read_config_byte(dev1, 0x08, &r);
if (r < 0x10)
goto done_nomsg;
/* Read the chipset system configuration to check our mode */
pci_read_config_byte(dev1, 0x5F, &r);
ioport |= (r << 8);
outb(0x10, ioport);
/* Must be 66Mhz sync */
if ((inb(ioport + 2) & 1) == 0)
goto done;
/* Check the ATA arbitration/timing is suitable */
pci_read_config_byte(pdev, 0x42, &r);
if ((r & 0x36) != 0x36)
goto done;
pci_read_config_byte(dev1, 0x52, &r);
if (r & 0x80) /* IDEDIR disabled */
ret = 1;
done:
printk(KERN_WARNING "UDMA not supported in this configuration.\n");
done_nomsg: /* Wrong chip revision */
pci_dev_put(dev1);
return ret;
}
static int optidma_init_one(struct pci_dev *dev, const struct pci_device_id *id)
{
static const struct ata_port_info info_82c700 = {
.flags = ATA_FLAG_SLAVE_POSS,
.pio_mask = ATA_PIO4,
.mwdma_mask = ATA_MWDMA2,
.port_ops = &optidma_port_ops
};
static const struct ata_port_info info_82c700_udma = {
.flags = ATA_FLAG_SLAVE_POSS,
.pio_mask = ATA_PIO4,
.mwdma_mask = ATA_MWDMA2,
.udma_mask = ATA_UDMA2,
.port_ops = &optiplus_port_ops
};
const struct ata_port_info *ppi[] = { &info_82c700, NULL };
int rc;
ata_print_version_once(&dev->dev, DRV_VERSION);
rc = pcim_enable_device(dev);
if (rc)
return rc;
/* Fixed location chipset magic */
inw(0x1F1);
inw(0x1F1);
pci_clock = inb(0x1F5) & 1; /* 0 = 33Mhz, 1 = 25Mhz */
if (optiplus_with_udma(dev))
ppi[0] = &info_82c700_udma;
return ata_pci_bmdma_init_one(dev, ppi, &optidma_sht, NULL, 0);
}
static const struct pci_device_id optidma[] = {
{ PCI_VDEVICE(OPTI, 0xD568), }, /* Opti 82C700 */
{ },
};
static struct pci_driver optidma_pci_driver = {
.name = DRV_NAME,
.id_table = optidma,
.probe = optidma_init_one,
.remove = ata_pci_remove_one,
#ifdef CONFIG_PM
.suspend = ata_pci_device_suspend,
.resume = ata_pci_device_resume,
#endif
};
module_pci_driver(optidma_pci_driver);
MODULE_AUTHOR("Alan Cox");
MODULE_DESCRIPTION("low-level driver for Opti Firestar/Firestar Plus");
MODULE_LICENSE("GPL");
MODULE_DEVICE_TABLE(pci, optidma);
MODULE_VERSION(DRV_VERSION);
Computing file changes ...
