From patchwork Fri Dec  8 17:59:04 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Joseph Salisbury <joseph.salisbury@canonical.com>
X-Patchwork-Id: 846388
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com
	(client-ip=91.189.94.19; helo=huckleberry.canonical.com;
	envelope-from=kernel-team-bounces@lists.ubuntu.com;
	receiver=<UNKNOWN>)
Received: from huckleberry.canonical.com (huckleberry.canonical.com
	[91.189.94.19])
	by ozlabs.org (Postfix) with ESMTP id 3ytg8f4vNpz9s7B;
	Sat,  9 Dec 2017 04:59:14 +1100 (AEDT)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1eNMvU-0000F0-AS; Fri, 08 Dec 2017 17:59:08 +0000
Received: from youngberry.canonical.com ([91.189.89.112])
	by huckleberry.canonical.com with esmtps
	(TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128)
	(Exim 4.86_2) (envelope-from <joseph.salisbury@canonical.com>)
	id 1eNMvS-0000ES-CT
	for kernel-team@lists.ubuntu.com; Fri, 08 Dec 2017 17:59:06 +0000
Received: from 1.general.jsalisbury.us.vpn ([10.172.67.212] helo=salisbury)
	by youngberry.canonical.com with esmtpsa
	(TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
	(Exim 4.76) (envelope-from <joseph.salisbury@canonical.com>)
	id 1eNMvS-0007j9-2C
	for kernel-team@lists.ubuntu.com; Fri, 08 Dec 2017 17:59:06 +0000
Received: by salisbury (Postfix, from userid 1000)
	id 106BF7E0CC6; Fri,  8 Dec 2017 12:59:05 -0500 (EST)
From: Joseph Salisbury <joseph.salisbury@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [SRU][Artful][Bionic][PATCH 1/2] Revert "UBUNTU: SAUCE: LSM
	stacking: add stacking support to apparmor network hooks"
Date: Fri,  8 Dec 2017 12:59:04 -0500
Message-Id: 
 <d8929e60e6e505c25be54ae4f1c651e7c83d92d0.1512755253.git.joseph.salisbury@canonical.com>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <cover.1512755253.git.joseph.salisbury@canonical.com>
References: <cover.1512755253.git.joseph.salisbury@canonical.com>
In-Reply-To: <cover.1512755253.git.joseph.salisbury@canonical.com>
References: <cover.1512755253.git.joseph.salisbury@canonical.com>
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
MIME-Version: 1.0
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

BugLink: http://bugs.launchpad.net/bugs/1734327

This reverts commit 4ae2508f0bedb1acddf1ef2f474d8105cf003f80.
---
 security/apparmor/include/net.h | 12 +-----------
 security/apparmor/lsm.c         | 15 +++++++++------
 2 files changed, 10 insertions(+), 17 deletions(-)

diff --git a/security/apparmor/include/net.h b/security/apparmor/include/net.h
index d378b5f..0ae4524 100644
--- a/security/apparmor/include/net.h
+++ b/security/apparmor/include/net.h
@@ -17,7 +17,6 @@
 
 #include <net/sock.h>
 #include <linux/path.h>
-#include <linux/lsm_hooks.h>
 
 #include "apparmorfs.h"
 #include "label.h"
@@ -57,16 +56,7 @@ struct aa_sk_ctx {
 	struct path path;
 };
 
-extern struct lsm_blob_sizes apparmor_blob_sizes;
-static inline struct aa_sk_ctx *apparmor_sock(const struct sock *sk)
-{
-#ifdef CONFIG_SECURITY_STACKING
-	return sk->sk_security + apparmor_blob_sizes.lbs_sock;
-#else
-	return sk->sk_security;
-#endif
-}
-#define SK_CTX(X) apparmor_sock(X)
+#define SK_CTX(X) ((X)->sk_security)
 #define SOCK_ctx(X) SOCK_INODE(X)->i_security
 #define DEFINE_AUDIT_NET(NAME, OP, SK, F, T, P)				  \
 	struct lsm_network_audit NAME ## _net = { .sk = (SK),		  \
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 792264c..8ccbf04 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -748,7 +748,13 @@ static int apparmor_task_kill(struct task_struct *target, struct siginfo *info,
  */
 static int apparmor_sk_alloc_security(struct sock *sk, int family, gfp_t flags)
 {
-	/* allocated and cleared by LSM */
+	struct aa_sk_ctx *ctx;
+
+	ctx = kzalloc(sizeof(*ctx), flags);
+	if (!ctx)
+		return -ENOMEM;
+
+	SK_CTX(sk) = ctx;
 
 	return 0;
 }
@@ -760,13 +766,11 @@ static void apparmor_sk_free_security(struct sock *sk)
 {
 	struct aa_sk_ctx *ctx = SK_CTX(sk);
 
+	SK_CTX(sk) = NULL;
 	aa_put_label(ctx->label);
-	ctx->label = NULL;
 	aa_put_label(ctx->peer);
-	ctx->peer = NULL;
 	path_put(&ctx->path);
-	ctx->path.dentry = NULL;
-	ctx->path.mnt = NULL;
+	kfree(ctx);
 }
 
 /**
@@ -1147,7 +1151,6 @@ static void apparmor_sock_graft(struct sock *sk, struct socket *parent)
 struct lsm_blob_sizes apparmor_blob_sizes = {
 	.lbs_cred = sizeof(struct aa_task_ctx),
 	.lbs_file = sizeof(struct aa_file_ctx),
-	.lbs_sock = sizeof(struct aa_sk_ctx),
 };
 
 static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = {