Bug 510563 - Add missing syswraps for lsm_get_self_attr and lsm_set_self_attr
Summary: Add missing syswraps for lsm_get_self_attr and lsm_set_self_attr
Status: RESOLVED FIXED
Alias: None
Product: valgrind
Classification: Developer tools
Component: general (other bugs)
Version First Reported In: 3.26 GIT
Platform: Other Linux
: NOR normal
Target Milestone: ---
Assignee: mcermak
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2025-10-13 12:50 UTC by mcermak
Modified: 2025-12-08 12:22 UTC (History)
1 user (show)

See Also:
Latest Commit:
Version Fixed/Implemented In:
Sentry Crash Report:

Attachments
proposed patch (13.06 KB, patch)
2025-10-14 13:40 UTC, mcermak 		Details
updated patch (15.17 KB, patch)
2025-11-27 12:35 UTC, mcermak 		Details
Show Obsolete (1) View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description mcermak 2025-10-13 12:50:30 UTC 
$ git tag --contains a04a1198088a1378d0389c250cc684f649bcc91e | head -1
v6.10
$ 
--------------------------------------------------------------------------------------------------
commit a04a1198088a1378d0389c250cc684f649bcc91e
Author: Casey Schaufler <casey@schaufler-ca.com>
Date:   Tue Sep 12 13:56:49 2023 -0700

    LSM: syscalls for current process attributes
    
    Create a system call lsm_get_self_attr() to provide the security
    module maintained attributes of the current process.
    Create a system call lsm_set_self_attr() to set a security
    module maintained attribute of the current process.
    Historically these attributes have been exposed to user space via
    entries in procfs under /proc/self/attr.
    
    The attribute value is provided in a lsm_ctx structure. The structure
    identifies the size of the attribute, and the attribute value. The format
    of the attribute value is defined by the security module. A flags field
    is included for LSM specific information. It is currently unused and must
    be 0. The total size of the data, including the lsm_ctx structure and any
    padding, is maintained as well.
    
    struct lsm_ctx {
            __u64 id;
            __u64 flags;
            __u64 len;
            __u64 ctx_len;
            __u8 ctx[];
    };
    
    Two new LSM hooks are used to interface with the LSMs.
    security_getselfattr() collects the lsm_ctx values from the
    LSMs that support the hook, accounting for space requirements.
    security_setselfattr() identifies which LSM the attribute is
    intended for and passes it along.

[ ... stuff deleted ... ]

--------------------------------------------------------------------------------------------------

/**
 * sys_lsm_set_self_attr - Set current task's security module attribute
 * @attr: which attribute to set
 * @ctx: the LSM contexts
 * @size: size of @ctx
 * @flags: reserved for future use
 *
 * Sets the calling task's LSM context. On success this function
 * returns 0. If the attribute specified cannot be set a negative
 * value indicating the reason for the error is returned.
 */
SYSCALL_DEFINE4(lsm_set_self_attr, unsigned int, attr, struct lsm_ctx __user *,
                ctx, u32, size, u32, flags)
{
        return security_setselfattr(attr, ctx, size, flags);
}

/**
 * sys_lsm_get_self_attr - Return current task's security module attributes
 * @attr: which attribute to return
 * @ctx: the user-space destination for the information, or NULL
 * @size: pointer to the size of space available to receive the data
 * @flags: special handling options. LSM_FLAG_SINGLE indicates that only
 * attributes associated with the LSM identified in the passed @ctx be
 * reported.
 *
 * Returns the calling task's LSM contexts. On success this
 * function returns the number of @ctx array elements. This value
 * may be zero if there are no LSM contexts assigned. If @size is
 * insufficient to contain the return data -E2BIG is returned and
 * @size is set to the minimum required size. In all other cases
 * a negative value indicating the error is returned.
 */
SYSCALL_DEFINE4(lsm_get_self_attr, unsigned int, attr, struct lsm_ctx __user *,
                ctx, u32 __user *, size, u32, flags)
{
        return security_getselfattr(attr, ctx, size, flags);
}
Comment 1 mcermak 2025-10-14 13:40:36 UTC 
Created attachment 185764 [details]
proposed patch

Tests in progress: https://builder.sourceware.org/buildbot/#/changes/98109
Comment 2 Mark Wielaard 2025-11-24 14:08:04 UTC 
- Missing NEWS entry
- vki-scnums-shared-linux.h defines shared _NR constants. OK
- vki-linux.h defines new vki_lsm_ctx. OK
- priv_syswrap-linux.h defines templates for sm_[get|set]_self_attr. OK
- syswrap-*-linux.c defines all PRE/POST handlers for sm_[get|set]_self_attr. OK
- Note in lsm_get_self_attr PRE handler that size (ARG3) is a pointer to an u32 that is being read and written to.
  So it needs to be checked whether it is valid memory.
- lsm_get_self_attr POST, same comment, so needs to use *ARG3.
- lsm_set_self_attr PRE handler is missing a PRE_MEM_READ("lsm_get_self_attr(ctx)", ARG2, ARG3);
  (here it isn't a pointer to size, so can be used directly)
Comment 3 mcermak 2025-11-27 12:35:12 UTC 
Created attachment 187204 [details]
updated patch

Thank you for the review!  Updated patch attached, buildbots running...
Comment 6 Mark Wielaard 2025-12-08 11:55:38 UTC 
(In reply to mcermak from comment #3)
> Created attachment 187204 [details]
> updated patch
> 
> Thank you for the review!  Updated patch attached, buildbots running...

- The bug number in NEWS is wrong (185764 should be 510563)
- PRE(sys_lsm_get_self_attr) looks OK now checking ARG3 as u32 *.
- Likewise lsm_get_self_attr POST, OK.
- lsm_set_self_attr PRE handler now checks ctx size. OK.

Test results also look good. ltp lsm_get/set_self_attr test pass.
(There is also a new lsm_list_modules syscall that we aren't handling yet, is there a bug for that?)

So, with the NEWS entry bug number fixes this looks good to push. Thanks.
Comment 7 mcermak 2025-12-08 12:22:53 UTC 
Thank you!  Pushed as commit 4ad2f953c4132140eac15221ac0a7ca2f89b348c .