xfrm: redact SA secret with lockdown confidentiality (c7a5899e) · Commits · 戴 / test

include/linux/security.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -127,6 +127,7 @@ enum lockdown_reason {
		LOCKDOWN_PERF,
		LOCKDOWN_TRACEFS,
		LOCKDOWN_XMON_RW,
		LOCKDOWN_XFRM_SECRET,
		LOCKDOWN_CONFIDENTIALITY_MAX,
		};

net/xfrm/xfrm_user.c

+67 −7

Original line number	Diff line number	Diff line
		@@ -848,21 +848,84 @@ static int copy_user_offload(struct xfrm_state_offload xso, struct sk_buff skb
		return 0;
		}

		static bool xfrm_redact(void)
		{
		return IS_ENABLED(CONFIG_SECURITY) &&
		security_locked_down(LOCKDOWN_XFRM_SECRET);
		}

		static int copy_to_user_auth(struct xfrm_algo_auth auth, struct sk_buff skb)
		{
		struct xfrm_algo *algo;
		struct xfrm_algo_auth *ap;
		struct nlattr *nla;
		bool redact_secret = xfrm_redact();

		nla = nla_reserve(skb, XFRMA_ALG_AUTH,
		sizeof(*algo) + (auth->alg_key_len + 7) / 8);
		if (!nla)
		return -EMSGSIZE;

		algo = nla_data(nla);
		strncpy(algo->alg_name, auth->alg_name, sizeof(algo->alg_name));
		memcpy(algo->alg_key, auth->alg_key, (auth->alg_key_len + 7) / 8);

		if (redact_secret && auth->alg_key_len)
		memset(algo->alg_key, 0, (auth->alg_key_len + 7) / 8);
		else
		memcpy(algo->alg_key, auth->alg_key,
		(auth->alg_key_len + 7) / 8);
		algo->alg_key_len = auth->alg_key_len;

		nla = nla_reserve(skb, XFRMA_ALG_AUTH_TRUNC, xfrm_alg_auth_len(auth));
		if (!nla)
		return -EMSGSIZE;
		ap = nla_data(nla);
		memcpy(ap, auth, sizeof(struct xfrm_algo_auth));
		if (redact_secret && auth->alg_key_len)
		memset(ap->alg_key, 0, (auth->alg_key_len + 7) / 8);
		else
		memcpy(ap->alg_key, auth->alg_key,
		(auth->alg_key_len + 7) / 8);
		return 0;
		}

		static int copy_to_user_aead(struct xfrm_algo_aead aead, struct sk_buff skb)
		{
		struct nlattr *nla = nla_reserve(skb, XFRMA_ALG_AEAD, aead_len(aead));
		struct xfrm_algo_aead *ap;
		bool redact_secret = xfrm_redact();

		if (!nla)
		return -EMSGSIZE;

		ap = nla_data(nla);
		memcpy(ap, aead, sizeof(*aead));

		if (redact_secret && aead->alg_key_len)
		memset(ap->alg_key, 0, (aead->alg_key_len + 7) / 8);
		else
		memcpy(ap->alg_key, aead->alg_key,
		(aead->alg_key_len + 7) / 8);
		return 0;
		}

		static int copy_to_user_ealg(struct xfrm_algo ealg, struct sk_buff skb)
		{
		struct xfrm_algo *ap;
		bool redact_secret = xfrm_redact();
		struct nlattr *nla = nla_reserve(skb, XFRMA_ALG_CRYPT,
		xfrm_alg_len(ealg));
		if (!nla)
		return -EMSGSIZE;

		ap = nla_data(nla);
		memcpy(ap, ealg, sizeof(*ealg));

		if (redact_secret && ealg->alg_key_len)
		memset(ap->alg_key, 0, (ealg->alg_key_len + 7) / 8);
		else
		memcpy(ap->alg_key, ealg->alg_key,
		(ealg->alg_key_len + 7) / 8);

		return 0;
		}

		@@ -906,20 +969,17 @@ static int copy_to_user_state_extra(struct xfrm_state *x,
		goto out;
		}
		if (x->aead) {
		ret = nla_put(skb, XFRMA_ALG_AEAD, aead_len(x->aead), x->aead);
		ret = copy_to_user_aead(x->aead, skb);
		if (ret)
		goto out;
		}
		if (x->aalg) {
		ret = copy_to_user_auth(x->aalg, skb);
		if (!ret)
		ret = nla_put(skb, XFRMA_ALG_AUTH_TRUNC,
		xfrm_alg_auth_len(x->aalg), x->aalg);
		if (ret)
		goto out;
		}
		if (x->ealg) {
		ret = nla_put(skb, XFRMA_ALG_CRYPT, xfrm_alg_len(x->ealg), x->ealg);
		ret = copy_to_user_ealg(x->ealg, skb);
		if (ret)
		goto out;
		}

security/security.c

+1 −0

Original line number	Diff line number	Diff line
		@@ -65,6 +65,7 @@ const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1] = {
		[LOCKDOWN_PERF] = "unsafe use of perf",
		[LOCKDOWN_TRACEFS] = "use of tracefs",
		[LOCKDOWN_XMON_RW] = "xmon read and write access",
		[LOCKDOWN_XFRM_SECRET] = "xfrm SA secret",
		[LOCKDOWN_CONFIDENTIALITY_MAX] = "confidentiality",
		};

Admin message