-
由 Casey Schaufler 提交于
stable inclusion from stable-v5.10.110 commit 2784604c8c6fc523248f8f80a421c313a9d790b7 bugzilla: https://gitee.com/openeuler/kernel/issues/I574AL Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=2784604c8c6fc523248f8f80a421c313a9d790b7 -------------------------------- [ Upstream commit ecff3057 ] The usual LSM hook "bail on fail" scheme doesn't work for cases where a security module may return an error code indicating that it does not recognize an input. In this particular case Smack sees a mount option that it recognizes, and returns 0. A call to a BPF hook follows, which returns -ENOPARAM, which confuses the caller because Smack has processed its data. The SELinux hook incorrectly returns 1 on success. There was a time when this was correct, however the current expectation is that it return 0 on success. This is repaired. Reported-by: syzbot+d1e3b1d92d25abf97943@syzkaller.appspotmail.com Signed-off-by: NCasey Schaufler <casey@schaufler-ca.com> Acked-by: NJames Morris <jamorris@linux.microsoft.com> Signed-off-by: NPaul Moore <paul@paul-moore.com> Signed-off-by: NSasha Levin <sashal@kernel.org> Signed-off-by: NYu Liao <liaoyu15@huawei.com> Reviewed-by: NWei Li <liwei391@huawei.com> Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>
e2408e12