From patchwork Fri Dec 13 13:50:05 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Howells X-Patchwork-Id: 13907061 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 36535E7717F for ; Fri, 13 Dec 2024 13:51:07 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id BF1B26B0095; Fri, 13 Dec 2024 08:51:06 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id BA1376B0096; Fri, 13 Dec 2024 08:51:06 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id A430B6B0098; Fri, 13 Dec 2024 08:51:06 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 86BB66B0095 for ; Fri, 13 Dec 2024 08:51:06 -0500 (EST) Received: from smtpin27.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 04F63140F46 for ; Fri, 13 Dec 2024 13:51:05 +0000 (UTC) X-FDA: 82890071040.27.3DACDDA Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by imf08.hostedemail.com (Postfix) with ESMTP id 2D876160009 for ; Fri, 13 Dec 2024 13:50:46 +0000 (UTC) Authentication-Results: imf08.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=JcRstcy+; spf=pass (imf08.hostedemail.com: domain of dhowells@redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=dhowells@redhat.com; dmarc=pass (policy=none) header.from=redhat.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1734097852; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=PgqF6qS7NlWWtrfijPJ59f4qec6LLBa+L5U7UdJSTDg=; b=L7GfTS1Bx3IWrHyt3NoxgR7UDaeszCH5wNt5hId9VlxHkDOFrIsjInApkId6yD+dxYqMKw CRWGxN0paPEUG++m/ZNOMuAjO7b+8f1G+1X+465hqhBeFUM0NvbB5d1Biwu5jti95Y30F3 /zAxDn/Mz5kaXLkKxr9FtAvuuQ07jSU= ARC-Authentication-Results: i=1; imf08.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=JcRstcy+; spf=pass (imf08.hostedemail.com: domain of dhowells@redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=dhowells@redhat.com; dmarc=pass (policy=none) header.from=redhat.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1734097852; a=rsa-sha256; cv=none; b=ANdqrWoX0yRwXia1Z78rgBFik/brCUuWQPxfclFhbR/uhlYJuIqDLh7RXmMsuHetYStEF3 ZRJqaDeLeMSJAvl0JNRHxKO52ADGiRjCkzq8FKXHvbrXQaCcBiX0lgzGhl8HtkqSBhOMUZ E7G/oSeCHA/2FA8m8a8qC6+c9YJO24A= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1734097863; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=PgqF6qS7NlWWtrfijPJ59f4qec6LLBa+L5U7UdJSTDg=; b=JcRstcy+VCNxqmVKzfis+b1DzdeNB1Gi5Es4W1U0wCY5NQXUpHEnVUumgKNG8BMRrKr5bw 2xniJS12sRPyqh/rev13K+4+gGYslCE66AYlg1Fo6Z5Y20wwaGurmPcyLP33EV3VTP1kKh RY3o6ttNu9Fqm4NXfXd5l0q4FNwL5fY= Received: from mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-144-5qCQLS_NOjiuU8cdRRSGCw-1; Fri, 13 Dec 2024 08:50:58 -0500 X-MC-Unique: 5qCQLS_NOjiuU8cdRRSGCw-1 X-Mimecast-MFC-AGG-ID: 5qCQLS_NOjiuU8cdRRSGCw Received: from mx-prod-int-04.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-04.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.40]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 8DA8F1955F54; Fri, 13 Dec 2024 13:50:55 +0000 (UTC) Received: from warthog.procyon.org.uk.com (unknown [10.42.28.48]) by mx-prod-int-04.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 51D89195605A; Fri, 13 Dec 2024 13:50:50 +0000 (UTC) From: David Howells To: Christian Brauner Cc: David Howells , Max Kellermann , Ilya Dryomov , Xiubo Li , Trond Myklebust , Jeff Layton , Matthew Wilcox , netfs@lists.linux.dev, linux-afs@lists.infradead.org, linux-cifs@vger.kernel.org, linux-nfs@vger.kernel.org, ceph-devel@vger.kernel.org, v9fs@lists.linux.dev, linux-erofs@lists.ozlabs.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [PATCH 05/10] cachefiles: Parse the "secctx" immediately Date: Fri, 13 Dec 2024 13:50:05 +0000 Message-ID: <20241213135013.2964079-6-dhowells@redhat.com> In-Reply-To: <20241213135013.2964079-1-dhowells@redhat.com> References: <20241213135013.2964079-1-dhowells@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.0 on 10.30.177.40 X-Rspamd-Queue-Id: 2D876160009 X-Stat-Signature: 81xoxca9yn4k4ofujwkieydc7y1qtbyn X-Rspam-User: X-Rspamd-Server: rspam11 X-HE-Tag: 1734097846-292073 X-HE-Meta: U2FsdGVkX19XFLbonnDcOm2xzHrVCTfEGUctb3mUZ75hIxsXdC8Pfv/h9ud5XG9Py9kKeHHX/34pOZdk8REMIOpcudqdaiG81QA8KyqkM8KFJsgljU6lWKCy+hmSHWSAaaY2Rg8g3/oE343tGUc+Cz9UYYqtcr1z0DBM7OtR3foYcJRWOaTWRIcTAFrDyd0MMfmrZnG2rzlFAMHv6D+P8ASCUWmN6K0CUWdzTt/DVD/DzP3PY6VXcEyYckyGZXXJau5UXK1MN2xWLhkfqe3VoRhYgN/3zQ4fm+pqzTAZzh2qPr2/dxjR0WeNCMUQS1kstVkXPQT7WSCoqqgZdu8MfavPqAdtoqe6zSIfb8BoKEZZxFdt+zLaXthc3jiANE6PTrGk4RRK/d6AK87hl8WiEAqbwnseKgSE7SGv+AXycH7r2ZuYT2+X4P3QV+8FY1p4B8fiW5dSX9aFt8M7GtYVh1CfvAv1ixgBeNE8xp8QObkTooEwnbzUonC9ZLYJ5q15YaC4jfZipIGsmCNJ0DKqYc+VTpm08dNDU1JoHYoge8n1BoWnS2CNFgcTJf/E70G9JJpYoI2QrTkzA3eg7FAb59h5Mv1tOT8+1gLbvQ5vm1zunN9Ej12Tf5WpN32B1T30V3xONiHlwZOQfSbwzAeo0sEnDvDZZCW6IZaE+t6txxLUOHroS6lGXa3JNIGgKNXLor/Ksi7zdJA23Diq+GG8nHM0l+SGDPplocQ8qAX3WdoBpWiWrTTwocLvxNXUt2Bal8pYJzgMA2rFpr2w67IsV4JsN2pNzlxefRB/iZ3m2hyKTTMcKfn22pl7m608gETRp6ESBtYMwRe4KxUeDA3oCwt2YbOiN2KVS4q20rmTKowEwQZf2fVZBov2qBClzQ1B2cp7LSuEDpgJDVAZE8k++CnwVg9tkLVem2gC7BzVcj6YZ2jRxOcQ+J2Yn/k4vWgzJPX7UoaeD2GefTo64ph nFUdsakK ctkga+8uC7AUHBdSlDQaZyt+b6Jh5kpHIJP4LYAuMcR9KHgOaiCfliG+2o30DQazCn3Ea4EwmPBmzs9kSHyQ7FaI7KQnlY7kahgQpAh7zRGS/drOspFULhoPQeewR1hCMRWlquB2pUt4j3AnOCKb2VW9wbfYmGBRsaK3L84I/T50Z+SJd5jUvjEl4fQDsCod3g6TtZXObyit2ZCI9/BoAfsDGWDb+tVnzZRNjPE2vAdklPc+tCy43BPQWqgEZhNX6OXwGC9YDE/vXbmRHdMdEHSzkFPtu4MBSTTtCLwT+0skvse8h2y4ptvjbd5tozfvyzGfOI3txDb4aAGPihAxd64Xtz0sRp9eXVoX18IeasN8oYnVdbJQZenP7FEP9g0/o/elVlUkgJTjJGT1qfugvIVReMw== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: From: Max Kellermann Instead of storing an opaque string, call security_secctx_to_secid() right in the "secctx" command handler and store only the numeric "secid". This eliminates an unnecessary string allocation and allows the daemon to receive errors when writing the "secctx" command instead of postponing the error to the "bind" command handler. For example, if the kernel was built without `CONFIG_SECURITY`, "bind" will return `EOPNOTSUPP`, but the daemon doesn't know why. With this patch, the "secctx" will instead return `EOPNOTSUPP` which is the right context for this error. This patch adds a boolean flag `have_secid` because I'm not sure if we can safely assume that zero is the special secid value for "not set". This appears to be true for SELinux, Smack and AppArmor, but since this attribute is not documented, I'm unable to derive a stable guarantee for that. Signed-off-by: Max Kellermann Signed-off-by: David Howells Link: https://lore.kernel.org/r/20241209141554.638708-1-max.kellermann@ionos.com/ --- fs/cachefiles/daemon.c | 14 +++++++------- fs/cachefiles/internal.h | 3 ++- fs/cachefiles/security.c | 6 +++--- 3 files changed, 12 insertions(+), 11 deletions(-) diff --git a/fs/cachefiles/daemon.c b/fs/cachefiles/daemon.c index 89b11336a836..1806bff8e59b 100644 --- a/fs/cachefiles/daemon.c +++ b/fs/cachefiles/daemon.c @@ -15,6 +15,7 @@ #include #include #include +#include #include #include #include @@ -576,7 +577,7 @@ static int cachefiles_daemon_dir(struct cachefiles_cache *cache, char *args) */ static int cachefiles_daemon_secctx(struct cachefiles_cache *cache, char *args) { - char *secctx; + int err; _enter(",%s", args); @@ -585,16 +586,16 @@ static int cachefiles_daemon_secctx(struct cachefiles_cache *cache, char *args) return -EINVAL; } - if (cache->secctx) { + if (cache->have_secid) { pr_err("Second security context specified\n"); return -EINVAL; } - secctx = kstrdup(args, GFP_KERNEL); - if (!secctx) - return -ENOMEM; + err = security_secctx_to_secid(args, strlen(args), &cache->secid); + if (err) + return err; - cache->secctx = secctx; + cache->have_secid = true; return 0; } @@ -820,7 +821,6 @@ static void cachefiles_daemon_unbind(struct cachefiles_cache *cache) put_cred(cache->cache_cred); kfree(cache->rootdirname); - kfree(cache->secctx); kfree(cache->tag); _leave(""); diff --git a/fs/cachefiles/internal.h b/fs/cachefiles/internal.h index 7b99bd98de75..38c236e38cef 100644 --- a/fs/cachefiles/internal.h +++ b/fs/cachefiles/internal.h @@ -122,7 +122,6 @@ struct cachefiles_cache { #define CACHEFILES_STATE_CHANGED 3 /* T if state changed (poll trigger) */ #define CACHEFILES_ONDEMAND_MODE 4 /* T if in on-demand read mode */ char *rootdirname; /* name of cache root directory */ - char *secctx; /* LSM security context */ char *tag; /* cache binding tag */ refcount_t unbind_pincount;/* refcount to do daemon unbind */ struct xarray reqs; /* xarray of pending on-demand requests */ @@ -130,6 +129,8 @@ struct cachefiles_cache { struct xarray ondemand_ids; /* xarray for ondemand_id allocation */ u32 ondemand_id_next; u32 msg_id_next; + u32 secid; /* LSM security id */ + bool have_secid; /* whether "secid" was set */ }; static inline bool cachefiles_in_ondemand_mode(struct cachefiles_cache *cache) diff --git a/fs/cachefiles/security.c b/fs/cachefiles/security.c index fe777164f1d8..fc6611886b3b 100644 --- a/fs/cachefiles/security.c +++ b/fs/cachefiles/security.c @@ -18,7 +18,7 @@ int cachefiles_get_security_ID(struct cachefiles_cache *cache) struct cred *new; int ret; - _enter("{%s}", cache->secctx); + _enter("{%u}", cache->have_secid ? cache->secid : 0); new = prepare_kernel_cred(current); if (!new) { @@ -26,8 +26,8 @@ int cachefiles_get_security_ID(struct cachefiles_cache *cache) goto error; } - if (cache->secctx) { - ret = set_security_override_from_ctx(new, cache->secctx); + if (cache->have_secid) { + ret = set_security_override(new, cache->secid); if (ret < 0) { put_cred(new); pr_err("Security denies permission to nominate security context: error %d\n",