CVE-2022-50699

In the Linux kernel, the following vulnerability has been resolved:

selinux: enable use of both GFPKERNEL and GFPATOMIC in convert_context()

The following warning was triggered on a hardware environment:

SELinux: Converting 162 SID table entries... BUG: sleeping function called from invalid context at __mightsleep+0x60/0x74 0x0 inatomic(): 1, irqs_disabled(): 128, nonblock: 0, pid: 5943, name: tar CPU: 7 PID: 5943 Comm: tar Tainted: P O 5.10.0 #1 Call trace: dumpbacktrace+0x0/0x1c8 showstack+0x18/0x28 dumpstack+0xe8/0x15c ___might_sleep+0x168/0x17c __might_sleep+0x60/0x74 __kmalloctrackcaller+0xa0/0x7dc kstrdup+0x54/0xac convertcontext+0x48/0x2e4 sidtabcontexttosid+0x1c4/0x36c security_contexttosidcore+0x168/0x238 securitycontexttosiddefault+0x14/0x24 inodedoinitusexattr+0x164/0x1e4 inodedoinitwithdentry+0x1c0/0x488 selinuxdinstantiate+0x20/0x34 securitydinstantiate+0x70/0xbc dsplicealias+0x4c/0x3c0 ext4lookup+0x1d8/0x200 [ext4] __lookupslow+0x12c/0x1e4 walkcomponent+0x100/0x200 path_lookupat+0x88/0x118 filenamelookup+0x98/0x130 userpathatempty+0x48/0x60 vfsstatx+0x84/0x140 vfsfstatat+0x20/0x30 __sesysnewfstatat+0x30/0x74 _arm64sysnewfstatat+0x1c/0x2c el0svccommon.constprop.0+0x100/0x184 doel0svc+0x1c/0x2c el0svc+0x20/0x34 el0synchandler+0x80/0x17c el0sync+0x13c/0x140 SELinux: Context systemu:objectr:pssprsysloglogt:s0:c0 is not valid (left unmapped).

It was found that within a critical section of spinlockirqsave in sidtabcontexttosid(), convertcontext() (hooked by sidtabconvertparams.func) might cause the process to sleep via allocating memory with GFP_KERNEL, which is problematic.

As Ondrej pointed out [1], convertcontext()/sidtabconvertparams.func has another caller sidtabconverttree(), which is okay with GFPKERNEL. Therefore, fix this problem by adding a gfpt argument for convertcontext()/sidtabconvertparams.func and pass GFP_KERNEL/_ATOMIC properly in individual callers.

[PM: wrap long BUG() output lines, tweak subject line]