[v3,35/68] cachefiles: Add security derivation

Message ID	163967138138.1823006.7620933448261939504.stgit@warthog.procyon.org.uk (mailing list archive)
State	New, archived
Headers	show Return-Path: <linux-nfs-owner@kernel.org> Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 Subject: [PATCH v3 35/68] cachefiles: Add security derivation From: David Howells <dhowells@redhat.com> To: linux-cachefs@redhat.com Cc: dhowells@redhat.com, Trond Myklebust <trondmy@hammerspace.com>, Anna Schumaker <anna.schumaker@netapp.com>, Steve French <sfrench@samba.org>, Dominique Martinet <asmadeus@codewreck.org>, Jeff Layton <jlayton@kernel.org>, Matthew Wilcox <willy@infradead.org>, Alexander Viro <viro@zeniv.linux.org.uk>, Omar Sandoval <osandov@osandov.com>, JeffleXu <jefflexu@linux.alibaba.com>, Linus Torvalds <torvalds@linux-foundation.org>, linux-afs@lists.infradead.org, linux-nfs@vger.kernel.org, linux-cifs@vger.kernel.org, ceph-devel@vger.kernel.org, v9fs-developer@lists.sourceforge.net, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org Date: Thu, 16 Dec 2021 16:16:21 +0000 Message-ID: <163967138138.1823006.7620933448261939504.stgit@warthog.procyon.org.uk> In-Reply-To: <163967073889.1823006.12237147297060239168.stgit@warthog.procyon.org.uk> References: <163967073889.1823006.12237147297060239168.stgit@warthog.procyon.org.uk> User-Agent: StGit/0.23 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Precedence: bulk
Series	fscache, cachefiles: Rewrite \| expand [v3,00/68] fscache, cachefiles: Rewrite [v3,01/68] fscache, cachefiles: Disable configuration [v3,04/68] netfs: Display the netfs inode number in the netfs_read tracepoint [v3,05/68] netfs: Pass a flag to ->prepare_write() to say if there's no alloc'd space [v3,06/68] fscache: Introduce new driver [v3,07/68] fscache: Implement a hash function [v3,08/68] fscache: Implement cache registration [v3,09/68] fscache: Implement volume registration [v3,10/68] fscache: Implement cookie registration [v3,11/68] fscache: Implement cache-level access helpers [v3,12/68] fscache: Implement volume-level access helpers [v3,13/68] fscache: Implement cookie-level access helpers [v3,14/68] fscache: Implement functions add/remove a cache [v3,15/68] fscache: Provide and use cache methods to lookup/create/free a volume [v3,16/68] fscache: Add a function for a cache backend to note an I/O error [v3,17/68] fscache: Implement simple cookie state machine [v3,18/68] fscache: Implement cookie user counting and resource pinning [v3,19/68] fscache: Implement cookie invalidation [v3,20/68] fscache: Provide a means to begin an operation [v3,21/68] fscache: Count data storage objects in a cache [v3,22/68] fscache: Provide read/write stat counters for the cache [v3,23/68] fscache: Provide a function to let the netfs update its coherency data [v3,24/68] netfs: Pass more information on how to deal with a hole in the cache [v3,25/68] fscache: Implement raw I/O interface [v3,26/68] fscache: Implement higher-level write I/O interface [v3,27/68] vfs, fscache: Implement pinning of cache usage for writeback [v3,28/68] fscache: Provide a function to note the release of a page [v3,29/68] fscache: Provide a function to resize a cookie [v3,30/68] cachefiles: Introduce rewritten driver [v3,31/68] cachefiles: Define structs [v3,32/68] cachefiles: Add some error injection support [v3,33/68] cachefiles: Add a couple of tracepoints for logging errors [v3,34/68] cachefiles: Add cache error reporting macro [v3,35/68] cachefiles: Add security derivation [v3,36/68] cachefiles: Register a miscdev and parse commands over it [v3,37/68] cachefiles: Provide a function to check how much space there is [v3,38/68] vfs, cachefiles: Mark a backing file in use with an inode flag [v3,39/68] cachefiles: Implement a function to get/create a directory in the cache [v3,40/68] cachefiles: Implement cache registration and withdrawal [v3,41/68] cachefiles: Implement volume support [v3,42/68] cachefiles: Add tracepoints for calls to the VFS [v3,43/68] cachefiles: Implement object lifecycle funcs [v3,44/68] cachefiles: Implement key to filename encoding [v3,45/68] cachefiles: Implement metadata/coherency data storage in xattrs [v3,46/68] cachefiles: Mark a backing file in use with an inode flag [v3,47/68] cachefiles: Implement culling daemon commands [v3,48/68] cachefiles: Implement backing file wrangling [v3,49/68] cachefiles: Implement begin and end I/O operation [v3,50/68] cachefiles: Implement cookie resize for truncate [v3,51/68] cachefiles: Implement the I/O routines [v3,52/68] fscache, cachefiles: Store the volume coherency data [v3,53/68] cachefiles: Allow cachefiles to actually function [v3,54/68] fscache, cachefiles: Display stats of no-space events [v3,55/68] fscache, cachefiles: Display stat of culling events [v3,56/68] afs: Handle len being extending over page end in write_begin/write_end [v3,57/68] afs: Fix afs_write_end() to handle len > page size [v3,58/68] afs: Convert afs to use the new fscache API [v3,59/68] afs: Copy local writes to the cache when writing to the server [v3,60/68] afs: Skip truncation on the server of data we haven't written yet [v3,61/68] 9p: Use fscache indexing rewrite and reenable caching [v3,62/68] 9p: Copy local writes to the cache when writing to the server [v3,63/68] nfs: Convert to new fscache volume/cookie API [v3,64/68] nfs: Implement cache I/O by accessing the cache directly [v3,65/68] cifs: Support fscache indexing rewrite (untested) [v3,66/68] ceph: conversion to new fscache API [v3,67/68] ceph: add fscache writeback support

Message ID

163967138138.1823006.7620933448261939504.stgit@warthog.procyon.org.uk (mailing list archive)

State

New, archived

Headers

Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley
        Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United
        Kingdom.
        Registered in England and Wales under Company Registration No. 3798903
Subject: [PATCH v3 35/68] cachefiles: Add security derivation
From: David Howells <dhowells@redhat.com>
To: linux-cachefs@redhat.com
Cc: dhowells@redhat.com, Trond Myklebust <trondmy@hammerspace.com>,
        Anna Schumaker <anna.schumaker@netapp.com>,
        Steve French <sfrench@samba.org>,
        Dominique Martinet <asmadeus@codewreck.org>,
        Jeff Layton <jlayton@kernel.org>,
        Matthew Wilcox <willy@infradead.org>,
        Alexander Viro <viro@zeniv.linux.org.uk>,
        Omar Sandoval <osandov@osandov.com>,
        JeffleXu <jefflexu@linux.alibaba.com>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        linux-afs@lists.infradead.org, linux-nfs@vger.kernel.org,
        linux-cifs@vger.kernel.org, ceph-devel@vger.kernel.org,
        v9fs-developer@lists.sourceforge.net,
        linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org
Date: Thu, 16 Dec 2021 16:16:21 +0000
Message-ID: 
 <163967138138.1823006.7620933448261939504.stgit@warthog.procyon.org.uk>
In-Reply-To: 
 <163967073889.1823006.12237147297060239168.stgit@warthog.procyon.org.uk>
References: 
 <163967073889.1823006.12237147297060239168.stgit@warthog.procyon.org.uk>
User-Agent: StGit/0.23
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Precedence: bulk

Series

fscache, cachefiles: Rewrite | expand

Commit Message

David Howells Dec. 16, 2021, 4:16 p.m. UTC

Implement code to derive a new set of creds for the cachefiles to use when
making VFS or I/O calls and to change the auditing info since the
application interacting with the network filesystem is not accessing the
cache directly.  Cachefiles uses override_creds() to change the effective
creds temporarily.

set_security_override_from_ctx() is called to derive the LSM 'label' that
the cachefiles driver will act with.  set_create_files_as() is called to
determine the LSM 'label' that will be applied to files and directories
created in the cache.  These functions alter the new creds.

Also implement a couple of functions to wrap the calls to begin/end cred
overriding.

Signed-off-by: David Howells <dhowells@redhat.com>
cc: linux-cachefs@redhat.com
Link: https://lore.kernel.org/r/163819627469.215744.3603633690679962985.stgit@warthog.procyon.org.uk/ # v1
Link: https://lore.kernel.org/r/163906928172.143852.15886637013364286786.stgit@warthog.procyon.org.uk/ # v2
---

 fs/cachefiles/Makefile   |    3 +
 fs/cachefiles/internal.h |   20 ++++++++
 fs/cachefiles/security.c |  112 ++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 134 insertions(+), 1 deletion(-)
 create mode 100644 fs/cachefiles/security.c

diff --git a/fs/cachefiles/Makefile b/fs/cachefiles/Makefile
index 183fb5f3b8b1..28bbb0d14868 100644
--- a/fs/cachefiles/Makefile
+++ b/fs/cachefiles/Makefile
@@ -4,7 +4,8 @@ 
 #
 
 cachefiles-y := \
-	main.o
+	main.o \
+	security.o
 
 cachefiles-$(CONFIG_CACHEFILES_ERROR_INJECTION) += error_inject.o
 
diff --git a/fs/cachefiles/internal.h b/fs/cachefiles/internal.h
index b2adcb59b4ce..e57ce5ef875c 100644
--- a/fs/cachefiles/internal.h
+++ b/fs/cachefiles/internal.h
@@ -104,6 +104,26 @@  static inline int cachefiles_inject_remove_error(void)
 	return cachefiles_error_injection_state & 2 ? -EIO : 0;
 }
 
+/*
+ * security.c
+ */
+extern int cachefiles_get_security_ID(struct cachefiles_cache *cache);
+extern int cachefiles_determine_cache_security(struct cachefiles_cache *cache,
+					       struct dentry *root,
+					       const struct cred **_saved_cred);
+
+static inline void cachefiles_begin_secure(struct cachefiles_cache *cache,
+					   const struct cred **_saved_cred)
+{
+	*_saved_cred = override_creds(cache->cache_cred);
+}
+
+static inline void cachefiles_end_secure(struct cachefiles_cache *cache,
+					 const struct cred *saved_cred)
+{
+	revert_creds(saved_cred);
+}
+
 /*
  * Error handling
  */
diff --git a/fs/cachefiles/security.c b/fs/cachefiles/security.c
new file mode 100644
index 000000000000..fe777164f1d8
--- /dev/null
+++ b/fs/cachefiles/security.c
@@ -0,0 +1,112 @@ 
+// SPDX-License-Identifier: GPL-2.0-or-later
+/* CacheFiles security management
+ *
+ * Copyright (C) 2007, 2021 Red Hat, Inc. All Rights Reserved.
+ * Written by David Howells (dhowells@redhat.com)
+ */
+
+#include <linux/fs.h>
+#include <linux/cred.h>
+#include "internal.h"
+
+/*
+ * determine the security context within which we access the cache from within
+ * the kernel
+ */
+int cachefiles_get_security_ID(struct cachefiles_cache *cache)
+{
+	struct cred *new;
+	int ret;
+
+	_enter("{%s}", cache->secctx);
+
+	new = prepare_kernel_cred(current);
+	if (!new) {
+		ret = -ENOMEM;
+		goto error;
+	}
+
+	if (cache->secctx) {
+		ret = set_security_override_from_ctx(new, cache->secctx);
+		if (ret < 0) {
+			put_cred(new);
+			pr_err("Security denies permission to nominate security context: error %d\n",
+			       ret);
+			goto error;
+		}
+	}
+
+	cache->cache_cred = new;
+	ret = 0;
+error:
+	_leave(" = %d", ret);
+	return ret;
+}
+
+/*
+ * see if mkdir and create can be performed in the root directory
+ */
+static int cachefiles_check_cache_dir(struct cachefiles_cache *cache,
+				      struct dentry *root)
+{
+	int ret;
+
+	ret = security_inode_mkdir(d_backing_inode(root), root, 0);
+	if (ret < 0) {
+		pr_err("Security denies permission to make dirs: error %d",
+		       ret);
+		return ret;
+	}
+
+	ret = security_inode_create(d_backing_inode(root), root, 0);
+	if (ret < 0)
+		pr_err("Security denies permission to create files: error %d",
+		       ret);
+
+	return ret;
+}
+
+/*
+ * check the security details of the on-disk cache
+ * - must be called with security override in force
+ * - must return with a security override in force - even in the case of an
+ *   error
+ */
+int cachefiles_determine_cache_security(struct cachefiles_cache *cache,
+					struct dentry *root,
+					const struct cred **_saved_cred)
+{
+	struct cred *new;
+	int ret;
+
+	_enter("");
+
+	/* duplicate the cache creds for COW (the override is currently in
+	 * force, so we can use prepare_creds() to do this) */
+	new = prepare_creds();
+	if (!new)
+		return -ENOMEM;
+
+	cachefiles_end_secure(cache, *_saved_cred);
+
+	/* use the cache root dir's security context as the basis with
+	 * which create files */
+	ret = set_create_files_as(new, d_backing_inode(root));
+	if (ret < 0) {
+		abort_creds(new);
+		cachefiles_begin_secure(cache, _saved_cred);
+		_leave(" = %d [cfa]", ret);
+		return ret;
+	}
+
+	put_cred(cache->cache_cred);
+	cache->cache_cred = new;
+
+	cachefiles_begin_secure(cache, _saved_cred);
+	ret = cachefiles_check_cache_dir(cache, root);
+
+	if (ret == -EOPNOTSUPP)
+		ret = 0;
+	_leave(" = %d", ret);
+	return ret;
+}

[v3,35/68] cachefiles: Add security derivation

Commit Message

Patch