[PATCH] selinux_sb_copy_data requires a whole page?

[Eric Paris <eparis@xxxxxxxxxxxxxx>]

Currently selinux_sb_copy_data requires an entire page be allocated to
void *orig when the function is called.  This "requirement" is based on
the fact that we call copy_page(in_save, nosec_save); and in_save =
orig.  Problem is that the lustre filesystem was calling do_kern_mount
with about 10 bytes of options, which got passed here and then we
corrupted page size - 10 bytes of memory (with all zeros.)  Causing a
panic.

The first fix and one that seems we might want to do is change copy_page
to memcpy(in_save, nosec_save, strlen(nosec_save)) so we only copy back
what we need to.

The lustre fs people have agreed to allocate a whole page because
"that's the way sys_mount does it."  

Is there a good reason I'm missing why we should require a whole page?
Maybe somebody else (or an old version of lustre) is going to hit on
this.  Comments?

Eric

--- linux-2.6.9/security/selinux/hooks.c.cor	2005-06-23 16:53:05.000000000 -0400
+++ linux-2.6.9/security/selinux/hooks.c	2005-06-23 16:54:01.000000000 -0400
@@ -1980,7 +1980,7 @@ static int selinux_sb_copy_data(struct f
 		}
 	} while (*in_end++);
 
-	copy_page(in_save, nosec_save);
+	memcpy(in_save, nosec_save, strlen(nosec_save));
 	free_page((unsigned long)nosec_save);
 out:
 	return rc;



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.