[v2,4/6] Wire UFFD up to SELinux

Message ID	20200211225547.235083-5-dancol@google.com (mailing list archive)
State	Superseded
Headers	show Return-Path: <SRS0=fAir=37=vger.kernel.org=selinux-owner@kernel.org> Date: Tue, 11 Feb 2020 14:55:45 -0800 In-Reply-To: <20200211225547.235083-1-dancol@google.com> Message-Id: <20200211225547.235083-5-dancol@google.com> Mime-Version: 1.0 References: <20200211225547.235083-1-dancol@google.com> Subject: [PATCH v2 4/6] Wire UFFD up to SELinux From: Daniel Colascione <dancol@google.com> To: dancol@google.com, timmurray@google.com, nosh@google.com, nnk@google.com, lokeshgidra@google.com, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, selinux@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Sender: selinux-owner@vger.kernel.org Precedence: bulk
Series	Harden userfaultfd \| expand [v2,0/6] Harden userfaultfd [v2,1/6] Add a new flags-accepting interface for anonymous inodes [v2,2/6] Add a concept of a "secure" anonymous file [v2,3/6] Teach SELinux about a new userfaultfd class [v2,4/6] Wire UFFD up to SELinux [v2,5/6] Let userfaultfd opt out of handling kernel-mode faults [v2,6/6] Add a new sysctl for limiting userfaultfd to user mode faults

Message ID

20200211225547.235083-5-dancol@google.com (mailing list archive)

State

Superseded

Headers

Date: Tue, 11 Feb 2020 14:55:45 -0800
In-Reply-To: <20200211225547.235083-1-dancol@google.com>
Message-Id: <20200211225547.235083-5-dancol@google.com>
Mime-Version: 1.0
References: <20200211225547.235083-1-dancol@google.com>
Subject: [PATCH v2 4/6] Wire UFFD up to SELinux
From: Daniel Colascione <dancol@google.com>
To: dancol@google.com, timmurray@google.com, nosh@google.com,
        nnk@google.com, lokeshgidra@google.com,
        linux-kernel@vger.kernel.org, linux-api@vger.kernel.org,
        selinux@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
Sender: selinux-owner@vger.kernel.org
Precedence: bulk

Series

Harden userfaultfd | expand

Commit Message

Daniel Colascione Feb. 11, 2020, 10:55 p.m. UTC

This change gives userfaultfd file descriptors a real security
context, allowing policy to act on them.

Signed-off-by: Daniel Colascione <dancol@google.com>
---
 fs/userfaultfd.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c
index 07b0f6e03849..11227b94a5a7 100644
--- a/fs/userfaultfd.c
+++ b/fs/userfaultfd.c
@@ -1020,6 +1020,8 @@  static int resolve_userfault_fork(struct userfaultfd_ctx *ctx,
 {
 	int fd;
 
+	/* Regular inode here is okay: only CAP_SYS_PTRACE callers
+	 * can monitor forks.  */
 	fd = anon_inode_getfd("[userfaultfd]", &userfaultfd_fops, new,
 			      O_RDWR | (new->flags & UFFD_SHARED_FCNTL_FLAGS));
 	if (fd < 0)
@@ -1972,8 +1974,9 @@  SYSCALL_DEFINE1(userfaultfd, int, flags)
 	/* prevent the mm struct to be freed */
 	mmgrab(ctx->mm);
 
-	fd = anon_inode_getfd("[userfaultfd]", &userfaultfd_fops, ctx,
-			      O_RDWR | (flags & UFFD_SHARED_FCNTL_FLAGS));
+	fd = anon_inode_getfd2("[userfaultfd]", &userfaultfd_fops, ctx,
+			       O_RDWR | (flags & UFFD_SHARED_FCNTL_FLAGS),
+			       ANON_INODE_SECURE);
 	if (fd < 0) {
 		mmdrop(ctx->mm);
 		kmem_cache_free(userfaultfd_ctx_cachep, ctx);

[v2,4/6] Wire UFFD up to SELinux

Commit Message

Patch