From patchwork Tue Mar 14 08:17:15 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Roberto Sassu X-Patchwork-Id: 13173896 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aib29ajc250.phx1.oracleemaildelivery.com (aib29ajc250.phx1.oracleemaildelivery.com [192.29.103.250]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 874C7C6FD1F for ; Tue, 14 Mar 2023 08:18:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=oss-phx-1109; d=oss.oracle.com; h=Date:To:From:Subject:Message-Id:MIME-Version:Sender; bh=5c4P1WDTTAgylsd7CpFi7oPLgc3rlTHvmvqfZGbB3Ws=; b=OtNWhyjzoybX2mcaiAmERh/phdZN7TvFux8kX6rOky6JLT9rN937QUM8kpzEG4i9txGsK4C9sZAD skFUqs3qXDe2FJFXpstCsrBY4OMEpG66xl7CBDTtdXxWSeuGXeYUkfvvYm9+4RRczf3yBKE6Wmfk +t1dV/KZvea8Fr8LMAPZ8ft57YPOtDZc3vUNeXfjpGWIr+zghr9ZD0y4IV1Ar/W06G2PtE/lkv2i wsUkFyE27Tz1QFQTNJTYpu4sim+QHz7ddww54LciXsFlu1WvQMckW6EzpEuvZZIvZqvDvrqbt6eP uqmyglSvx1rIZmzjyEdi8seZUtS04NN1ipZBKg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=prod-phx-20191217; d=phx1.rp.oracleemaildelivery.com; h=Date:To:From:Subject:Message-Id:MIME-Version:Sender; bh=5c4P1WDTTAgylsd7CpFi7oPLgc3rlTHvmvqfZGbB3Ws=; b=RQ07+sHAzW42vY9YjeMZ9xXg+ufjEwv9Pmxp9/oQ4UAeB0Ios6tfHR3p449OozBfXiXDZ29rK8SY M6+Ae9a34+WNE0WNyoJkbKWRQtMON7uw8cvVhXcuAYf5AZqtJLFGA88Rd+Dsb/zGJPljMaclKqva 1RfoSXiw0BQC4nrcDJ1tzyCSfuJ0cSVXaIiVAxouw7TbOFZZirD3h9Y6FBk7+iefzmoQXZjSVvku VQqEusD6pVMSMP79m25JjhSiKrnDo6IMEZ4cZybrZGdi4JL1E+kRPnQw/AmBo0U94NTcWFnI/Ohg DeUVZb6jhNsV/YoonMqZ1+kmjV3wtehkVzdKFQ== Received: by omta-ad2-fd3-201-us-phoenix-1.omtaad2.vcndpphx.oraclevcn.com (Oracle Communications Messaging Server 8.1.0.1.20230214 64bit (built Feb 14 2023)) with ESMTPS id <0RRI004Z54FKN060@omta-ad2-fd3-201-us-phoenix-1.omtaad2.vcndpphx.oraclevcn.com> for ocfs2-devel@archiver.kernel.org; Tue, 14 Mar 2023 08:18:56 +0000 (GMT) To: mark@fasheh.com, jlbec@evilplan.org, joseph.qi@linux.alibaba.com, zohar@linux.ibm.com, dmitry.kasatkin@gmail.com, paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com, stephen.smalley.work@gmail.com, eparis@parisplace.org, casey@schaufler-ca.com Date: Tue, 14 Mar 2023 09:17:15 +0100 Message-id: <20230314081720.4158676-2-roberto.sassu@huaweicloud.com> X-Mailer: git-send-email 2.25.1 In-reply-to: <20230314081720.4158676-1-roberto.sassu@huaweicloud.com> References: <20230314081720.4158676-1-roberto.sassu@huaweicloud.com> MIME-version: 1.0 X-Source-IP: 14.137.139.23 X-Proofpoint-Virus-Version: vendor=nai engine=6500 definitions=10648 signatures=596816 X-Proofpoint-Spam-Details: rule=tap_notspam policy=tap score=0 bulkscore=0 spamscore=0 priorityscore=0 phishscore=0 impostorscore=0 lowpriorityscore=0 malwarescore=0 adultscore=0 clxscore=100 mlxscore=0 mlxlogscore=999 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2303140070 Cc: nicolas.bouchinet@clip-os.org, keescook@chromium.org, selinux@vger.kernel.org, Roberto Sassu , reiserfs-devel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, linux-integrity@vger.kernel.org, ocfs2-devel@oss.oracle.com Subject: [Ocfs2-devel] [PATCH v8 1/6] reiserfs: Switch to security_inode_init_security() X-BeenThere: ocfs2-devel@oss.oracle.com X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Roberto Sassu via Ocfs2-devel Reply-to: Roberto Sassu Content-type: text/plain; charset="us-ascii" Content-transfer-encoding: 7bit Errors-to: ocfs2-devel-bounces@oss.oracle.com X-CM-TRANSID: GxC2BwBnNl2zLRBkenSXAQ--.34127S3 X-Coremail-Antispam: 1UD129KBjvJXoWxur45GF1DJry5Wr15JFW7twb_yoW5Xw13pF 47K3WUKr4kJF1Igr1Fya13W3WSgrWfGw47JrsxKrWDAanrJw18trW0yw13u34rGrZ7Jr1I qw409wsxCws8JwUanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUUBjb4IE77IF4wAFF20E14v26rWj6s0DM7CY07I20VC2zVCF04k2 6cxKx2IYs7xG6rWj6s0DM7CIcVAFz4kK6r1j6r18M28IrcIa0xkI8VA2jI8067AKxVWUGw A2048vs2IY020Ec7CjxVAFwI0_Gr0_Xr1l8cAvFVAK0II2c7xJM28CjxkF64kEwVA0rcxS w2x7M28EF7xvwVC0I7IYx2IY67AKxVWUJVWUCwA2z4x0Y4vE2Ix0cI8IcVCY1x0267AKxV W8JVWxJwA2z4x0Y4vEx4A2jsIE14v26r4j6F4UM28EF7xvwVC2z280aVCY1x0267AKxVW8 JVW8Jr1le2I262IYc4CY6c8Ij28IcVAaY2xG8wAqx4xG64xvF2IEw4CE5I8CrVC2j2WlYx 0E2Ix0cI8IcVAFwI0_Jr0_Jr4lYx0Ex4A2jsIE14v26r1j6r4UMcvjeVCFs4IE7xkEbVWU JVW8JwACjcxG0xvY0x0EwIxGrwACI402YVCY1x02628vn2kIc2xKxwCF04k20xvY0x0EwI xGrwCFx2IqxVCFs4IE7xkEbVWUJVW8JwC20s026c02F40E14v26r1j6r18MI8I3I0E7480 Y4vE14v26r106r1rMI8E67AF67kF1VAFwI0_GFv_WrylIxkGc2Ij64vIr41lIxAIcVC0I7 IYx2IY67AKxVWUJVWUCwCI42IY6xIIjxv20xvEc7CjxVAFwI0_Gr0_Cr1lIxAIcVCF04k2 6cxKx2IYs7xG6r1j6r1xMIIF0xvEx4A2jsIE14v26r1j6r4UMIIF0xvEx4A2jsIEc7CjxV AFwI0_Gr0_Gr1UYxBIdaVFxhVjvjDU0xZFpf9x07jn9N3UUUUU= X-CM-SenderInfo: purev21wro2thvvxqx5xdzvxpfor3voofrz/1tbiAQAQBF1jj4qHYQAAsI X-CFilter-Loop: Reflected X-ServerName: frasgout11.his.huawei.com X-Proofpoint-SPF-Result: pass X-Proofpoint-SPF-Record: v=spf1 ip4:45.249.212.51 ip4:45.249.212.56 ip4:185.176.79.53 ip4:14.137.139.23 ip4:14.137.139.154 ip4:14.137.139.46 ip4:124.71.93.99 ip4:124.71.93.112 ip4:124.71.94.104 include:spf.saas.huaweicloud.com -all X-Spam: Clean X-Proofpoint-GUID: MekMB3SKgiPsW50X3K92LUsnMO3nPyBU X-Proofpoint-ORIG-GUID: MekMB3SKgiPsW50X3K92LUsnMO3nPyBU Reporting-Meta: AAH5/lD5wjmhv62vYEtqGZsJvwNt8jk7w6hZmbQUZbyJtsBILorNjwjyrkrysbg4 gWgHY2KcvT69Srxzj6bhYJYIU6F/gZwzaOfQRErUV2hsa47nVdBFZsU7Di/J5oOk wZl980TNTQdJzPN5/3NNQtNX278T77lO6UDcIvXmLKgRmlDxqZ08HblaXFHoR3pw Oi0sIhL/B+0R/4f2IHQnwr/LhlYGlxl0O7xsz+5YMCJcpfSk2Q8Wb/IhXbNzNNA+ 4rmPHj6okoiox7EwOhWkdRMojdy3ez5XoGqI7WYJRMdICtjOu+B6VY+ZqWRNidRY ghTTLxvRgD6XZqBIvc6y6N422XynHKPzT1bWYcu11SfqlsaHcQWXKh3G0lw8TFIf V12yoMy14mrhsrZRndNBmuScHk8DviAU+/JNDw5TIsBxFb5qBuXV+VWRjY+RAsBk /iwH+hV08W2MnsXAdFA0ctLhrMorQQ0cDH7N16HO4EplyPUxW2WTe+8ZUgTZMMuX NVDhzjt/+bjjHVS5Kgz3kVqAV6uuVsMdwzpY3AVWBmnH From: Roberto Sassu In preparation for removing security_old_inode_init_security(), switch to security_inode_init_security(). Commit 572302af1258 ("reiserfs: Add missing calls to reiserfs_security_free()") fixed possible memory leaks and another issue related to adding an xattr at inode creation time. Define the initxattrs callback reiserfs_initxattrs(), to populate the name/value/len triple in the reiserfs_security_handle() with the first xattr provided by LSMs. Make a copy of the xattr value, as security_inode_init_security() frees it. After the call to security_inode_init_security(), remove the check for returning -EOPNOTSUPP, as security_inode_init_security() changes it to zero. Multiple xattrs are currently not supported, as the reiserfs_security_handle structure is exported to user space. As a consequence, even if EVM is invoked, it will not provide an xattr (if it is not the first to set it, its xattr will be discarded; if it is the first, it does not have xattrs to calculate the HMAC on). Signed-off-by: Roberto Sassu Reviewed-by: Casey Schaufler Reviewed-by: Mimi Zohar --- fs/reiserfs/xattr_security.c | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/fs/reiserfs/xattr_security.c b/fs/reiserfs/xattr_security.c index 41c0ea84fbf..6bffdf9a4fd 100644 --- a/fs/reiserfs/xattr_security.c +++ b/fs/reiserfs/xattr_security.c @@ -39,6 +39,22 @@ static bool security_list(struct dentry *dentry) return !IS_PRIVATE(d_inode(dentry)); } +static int +reiserfs_initxattrs(struct inode *inode, const struct xattr *xattr_array, + void *fs_info) +{ + struct reiserfs_security_handle *sec = fs_info; + + sec->value = kmemdup(xattr_array->value, xattr_array->value_len, + GFP_KERNEL); + if (!sec->value) + return -ENOMEM; + + sec->name = xattr_array->name; + sec->length = xattr_array->value_len; + return 0; +} + /* Initializes the security context for a new inode and returns the number * of blocks needed for the transaction. If successful, reiserfs_security * must be released using reiserfs_security_free when the caller is done. */ @@ -56,12 +72,9 @@ int reiserfs_security_init(struct inode *dir, struct inode *inode, if (IS_PRIVATE(dir)) return 0; - error = security_old_inode_init_security(inode, dir, qstr, &sec->name, - &sec->value, &sec->length); + error = security_inode_init_security(inode, dir, qstr, + &reiserfs_initxattrs, sec); if (error) { - if (error == -EOPNOTSUPP) - error = 0; - sec->name = NULL; sec->value = NULL; sec->length = 0; From patchwork Tue Mar 14 08:17:16 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Roberto Sassu X-Patchwork-Id: 13173898 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aib29ajc249.phx1.oracleemaildelivery.com (aib29ajc249.phx1.oracleemaildelivery.com [192.29.103.249]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id B4D3EC6FD1F for ; Tue, 14 Mar 2023 08:19:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=oss-phx-1109; d=oss.oracle.com; h=Date:To:From:Subject:Message-Id:MIME-Version:Sender; bh=3+FzQam2/LkENdzD/2kTIUdDEENT2RwDI29nO5cJPhE=; b=ZIMaV0XD86550ByiUu8l23daKBli1cchadCwEqrMYOsWO3yWJvaNWo6R57HYZ+OtzeK2ZAlsY/BQ x+rkzrJD60lB+2hMRkcYP899jqku3nj/ua6igGt3v8uvltk6sFi5pmlLENplvqAY+zWEkt3tMXS1 HMwZTv0xlbzl8XOxN84tmZbcwxO3miXAtzw4gzDdgAtNQothTv6oBz+fg5JPVEBMTquBDo9LNh1L AE/dZgxwyt1/Y/EjI/AOezO84G+TCTUezTWIqLs5xlqohFC+5roO3gDfATkZ9kchBrkSwfh3hoDr y4Ej6L5ML5H0RM3aYyDH1rgKB97Kvt9PIvgfug== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=prod-phx-20191217; d=phx1.rp.oracleemaildelivery.com; h=Date:To:From:Subject:Message-Id:MIME-Version:Sender; bh=3+FzQam2/LkENdzD/2kTIUdDEENT2RwDI29nO5cJPhE=; b=S7yzw8H8BUYRBI23EAl5ZyNgIsdD8vZBRJ0fWvM/pLLCDkD6hXHdr6ANtUSTxp4XAcdHU+xp5N3p nkht3aVNDJ03LT5rf2xO9jPou1/wTG6fo4QfETDMHZiAXRXJj0NWbZ1P8VCHbVRjOTOWniJdYxaX ydyBPuZj9tq9SEU71eNsb1EINxzRXZqkEHwJG/kj7qu5u90IX1DOldCyh3ooPkamCnVZu9AvdhmL 9JcgTPwe0SZyntIRXtD96THGUdH5+7MBo8y0PBizYOVd9Jza+A2GJSKfI1KLmcOfZH4/pNHCx3rm wCQ0yKkBfWpFFITFrRggeCR7GnWu7vRvafP+tw== Received: by omta-ad2-fd1-202-us-phoenix-1.omtaad2.vcndpphx.oraclevcn.com (Oracle Communications Messaging Server 8.1.0.1.20230214 64bit (built Feb 14 2023)) with ESMTPS id <0RRI00ESO4G5DA20@omta-ad2-fd1-202-us-phoenix-1.omtaad2.vcndpphx.oraclevcn.com> for ocfs2-devel@archiver.kernel.org; Tue, 14 Mar 2023 08:19:18 +0000 (GMT) To: mark@fasheh.com, jlbec@evilplan.org, joseph.qi@linux.alibaba.com, zohar@linux.ibm.com, dmitry.kasatkin@gmail.com, paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com, stephen.smalley.work@gmail.com, eparis@parisplace.org, casey@schaufler-ca.com Date: Tue, 14 Mar 2023 09:17:16 +0100 Message-id: <20230314081720.4158676-3-roberto.sassu@huaweicloud.com> X-Mailer: git-send-email 2.25.1 In-reply-to: <20230314081720.4158676-1-roberto.sassu@huaweicloud.com> References: <20230314081720.4158676-1-roberto.sassu@huaweicloud.com> MIME-version: 1.0 X-Source-IP: 14.137.139.46 X-Proofpoint-Virus-Version: vendor=nai engine=6500 definitions=10648 signatures=596816 X-Proofpoint-Spam-Details: rule=tap_notspam policy=tap score=0 adultscore=0 spamscore=0 suspectscore=0 phishscore=0 mlxlogscore=999 malwarescore=0 mlxscore=0 clxscore=50 bulkscore=0 priorityscore=0 lowpriorityscore=0 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2303140070 Cc: nicolas.bouchinet@clip-os.org, keescook@chromium.org, selinux@vger.kernel.org, Roberto Sassu , reiserfs-devel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, linux-integrity@vger.kernel.org, ocfs2-devel@oss.oracle.com Subject: [Ocfs2-devel] [PATCH v8 2/6] ocfs2: Switch to security_inode_init_security() X-BeenThere: ocfs2-devel@oss.oracle.com X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Roberto Sassu via Ocfs2-devel Reply-to: Roberto Sassu Content-type: text/plain; charset="us-ascii" Content-transfer-encoding: 7bit Errors-to: ocfs2-devel-bounces@oss.oracle.com X-CM-TRANSID: GxC2BwBnNl2zLRBkenSXAQ--.34127S4 X-Coremail-Antispam: 1UD129KBjvJXoWxCw4rKFyxJrWkZFy8Gr17ZFb_yoWrWr15pa n8K3W5tr1fJFy8WrWrJr4rua1SgrWfGrsrJr93GryDZFs8Cr1ftryFyr1UCas8XrZ8JFyk tF4Ykrn3Cwn8Ja7anT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUUBYb4IE77IF4wAFF20E14v26rWj6s0DM7CY07I20VC2zVCF04k2 6cxKx2IYs7xG6rWj6s0DM7CIcVAFz4kK6r1j6r18M28IrcIa0xkI8VA2jI8067AKxVWUXw A2048vs2IY020Ec7CjxVAFwI0_Xr0E3s1l8cAvFVAK0II2c7xJM28CjxkF64kEwVA0rcxS w2x7M28EF7xvwVC0I7IYx2IY67AKxVWUJVWUCwA2z4x0Y4vE2Ix0cI8IcVCY1x0267AKxV WxJVW8Jr1l84ACjcxK6I8E87Iv67AKxVW8JVWxJwA2z4x0Y4vEx4A2jsIEc7CjxVAFwI0_ Gr0_Gr1UM2AIxVAIcxkEcVAq07x20xvEncxIr21l5I8CrVACY4xI64kE6c02F40Ex7xfMc Ij6xIIjxv20xvE14v26r1j6r18McIj6I8E87Iv67AKxVWUJVW8JwAm72CE4IkC6x0Yz7v_ Jr0_Gr1lF7xvr2IYc2Ij64vIr41lFIxGxcIEc7CjxVA2Y2ka0xkIwI1l42xK82IYc2Ij64 vIr41l4I8I3I0E4IkC6x0Yz7v_Jr0_Gr1lx2IqxVAqx4xG67AKxVWUJVWUGwC20s026x8G jcxK67AKxVWUGVWUWwC2zVAF1VAY17CE14v26r4a6rW5MIIYrxkI7VAKI48JMIIF0xvE2I x0cI8IcVAFwI0_Jr0_JF4lIxAIcVC0I7IYx2IY6xkF7I0E14v26F4j6r4UJwCI42IY6xAI w20EY4v20xvaj40_Jr0_JF4lIxAIcVC2z280aVAFwI0_Jr0_Gr1lIxAIcVC2z280aVCY1x 0267AKxVW8JVW8JrUvcSsGvfC2KfnxnUUI43ZEXa7IU1sa9DUUUUU== X-CM-SenderInfo: purev21wro2thvvxqx5xdzvxpfor3voofrz/1tbiAgAQBF1jj4aJfgAAsW X-CFilter-Loop: Reflected X-ServerName: frasgout13.his.huawei.com X-Proofpoint-SPF-Result: pass X-Proofpoint-SPF-Record: v=spf1 ip4:45.249.212.51 ip4:45.249.212.56 ip4:185.176.79.53 ip4:14.137.139.23 ip4:14.137.139.154 ip4:14.137.139.46 ip4:124.71.93.99 ip4:124.71.93.112 ip4:124.71.94.104 include:spf.saas.huaweicloud.com -all X-Spam: Clean X-Proofpoint-GUID: lY8cX5MvT2IRQ-TxIaMOsP_zeu6QNQmF X-Proofpoint-ORIG-GUID: lY8cX5MvT2IRQ-TxIaMOsP_zeu6QNQmF Reporting-Meta: AAGax+zOIWwdglihKGrcKQZUghj6EP6eMArOLrjvkrZ7lM2jzu7UPj758YO/ODVH NgslivHQy8vumd9QlwyNDjOdODxdDTKQH9DagAQw87A0TQcszuvvmt45i6kzEBlr ZqXl/Gy6fF4R0j2YWZ97pzbLHoCNW4fro3Ygd+07gFENfF8HH13DltNQXY2y/xr/ eKsraoHQwfhrEB5W0PtyOmAh12RmmfJYqtjo9WfEgnei7b9nsHsgvuOQL2JehvZD pwBtDq+dOkc+TphPMnG8yDDrU5RcGZYQIv7NEdI44Lhw+H2RhE5Ajl30YQEH0ZdN fDNZPiaudf1NuHf8/mvvqf/ZBhu6weoAXu9ChxFe0bxOmMux6WhjWye0+1aDBPpX SVLrhLDxaOHdgOzKEkfhV38P5+apL7iGza75Uzhl4qJbgS7IRenX7KCvxX4vozSp H0Ba7pWV+75rYSeUI+0KXuXtmxoCoGdoi2E1WLlyeVneoyrZYfsi3y3iSRRgpcJI V4igoyBX9MsGtOuqQQQ/93ueSyA8epfPGONv9ERFtDlvAw== From: Roberto Sassu In preparation for removing security_old_inode_init_security(), switch to security_inode_init_security(). Extend the existing ocfs2_initxattrs() to take the ocfs2_security_xattr_info structure from fs_info, and populate the name/value/len triple with the first xattr provided by LSMs. As fs_info was not used before, ocfs2_initxattrs() can now handle the case of replicating the behavior of security_old_inode_init_security(), i.e. just obtaining the xattr, in addition to setting all xattrs provided by LSMs. Supporting multiple xattrs is not currently supported where security_old_inode_init_security() was called (mknod, symlink), as it requires non-trivial changes that can be done at a later time. Like for reiserfs, even if EVM is invoked, it will not provide an xattr (if it is not the first to set it, its xattr will be discarded; if it is the first, it does not have xattrs to calculate the HMAC on). Finally, since security_inode_init_security(), unlike security_old_inode_init_security(), returns zero instead of -EOPNOTSUPP if no xattrs were provided by LSMs or if inodes are private, additionally check in ocfs2_init_security_get() if the xattr name is set. If not, act as if security_old_inode_init_security() returned -EOPNOTSUPP, and set si->enable to zero to notify to the functions following ocfs2_init_security_get() that no xattrs are available. Signed-off-by: Roberto Sassu Reviewed-by: Casey Schaufler Acked-by: Joseph Qi Reviewed-by: Mimi Zohar --- fs/ocfs2/namei.c | 2 ++ fs/ocfs2/xattr.c | 30 ++++++++++++++++++++++++++---- 2 files changed, 28 insertions(+), 4 deletions(-) diff --git a/fs/ocfs2/namei.c b/fs/ocfs2/namei.c index 9175dbc4720..17c52225b87 100644 --- a/fs/ocfs2/namei.c +++ b/fs/ocfs2/namei.c @@ -242,6 +242,7 @@ static int ocfs2_mknod(struct mnt_idmap *idmap, int want_meta = 0; int xattr_credits = 0; struct ocfs2_security_xattr_info si = { + .name = NULL, .enable = 1, }; int did_quota_inode = 0; @@ -1805,6 +1806,7 @@ static int ocfs2_symlink(struct mnt_idmap *idmap, int want_clusters = 0; int xattr_credits = 0; struct ocfs2_security_xattr_info si = { + .name = NULL, .enable = 1, }; int did_quota = 0, did_quota_inode = 0; diff --git a/fs/ocfs2/xattr.c b/fs/ocfs2/xattr.c index 389308efe85..469ec45baee 100644 --- a/fs/ocfs2/xattr.c +++ b/fs/ocfs2/xattr.c @@ -7259,9 +7259,21 @@ static int ocfs2_xattr_security_set(const struct xattr_handler *handler, static int ocfs2_initxattrs(struct inode *inode, const struct xattr *xattr_array, void *fs_info) { + struct ocfs2_security_xattr_info *si = fs_info; const struct xattr *xattr; int err = 0; + if (si) { + si->value = kmemdup(xattr_array->value, xattr_array->value_len, + GFP_KERNEL); + if (!si->value) + return -ENOMEM; + + si->name = xattr_array->name; + si->value_len = xattr_array->value_len; + return 0; + } + for (xattr = xattr_array; xattr->name != NULL; xattr++) { err = ocfs2_xattr_set(inode, OCFS2_XATTR_INDEX_SECURITY, xattr->name, xattr->value, @@ -7277,13 +7289,23 @@ int ocfs2_init_security_get(struct inode *inode, const struct qstr *qstr, struct ocfs2_security_xattr_info *si) { + int ret; + /* check whether ocfs2 support feature xattr */ if (!ocfs2_supports_xattr(OCFS2_SB(dir->i_sb))) return -EOPNOTSUPP; - if (si) - return security_old_inode_init_security(inode, dir, qstr, - &si->name, &si->value, - &si->value_len); + if (si) { + ret = security_inode_init_security(inode, dir, qstr, + &ocfs2_initxattrs, si); + /* + * security_inode_init_security() does not return -EOPNOTSUPP, + * we have to check the xattr ourselves. + */ + if (!ret && !si->name) + si->enable = 0; + + return ret; + } return security_inode_init_security(inode, dir, qstr, &ocfs2_initxattrs, NULL); From patchwork Tue Mar 14 08:17:17 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Roberto Sassu X-Patchwork-Id: 13173897 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aib29ajc250.phx1.oracleemaildelivery.com (aib29ajc250.phx1.oracleemaildelivery.com [192.29.103.250]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 200CAC6FD1F for ; Tue, 14 Mar 2023 08:19:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=oss-phx-1109; d=oss.oracle.com; h=Date:To:From:Subject:Message-Id:MIME-Version:Sender; bh=89yJYzSGd288FmXNmuZW5B3u+CcA64sGvuKTaO6eOT8=; b=1eoXtljUw0Cem4dmZlvKnOejxhxmIocX3m6Vp1VYfuBz1U197l9qh2BDHV3qCd3FZz7Hc/xuHVfU ZJs3x/UVLhCgvFi1UsWePWl+DdDbW73gqZPjOILLUON0C/RW5WhAak8/1TJgYGo+eEDGYAm0ywr/ wefwYG3J3mM3psK4Y9S1GjN1OlE/to83p6tumIG11NrCxmLmW1KvFn8TUP1y5PeGjF18BwhA9WlZ EU+zMaguLyQyggqr96qyIeWXU3AdazAAUMr+DpCGt7Hayb/cIscrljNFvHr6wUqxlDpWZSbp1Lro OI52ScCVc4ane+Amb2bftqt0cCF2nsK3BQV1lQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=prod-phx-20191217; d=phx1.rp.oracleemaildelivery.com; h=Date:To:From:Subject:Message-Id:MIME-Version:Sender; bh=89yJYzSGd288FmXNmuZW5B3u+CcA64sGvuKTaO6eOT8=; b=gpxB+EsAUQflvJkRBd1zEg4FTnF0clUKDxBv/0KH0znh1LATNFmUXH/piCmNk9W0AWpp/20Sy+I7 sp2dV8WrH3orFIHV8Z5sNeA1RwXS4V6Lpd4wQqdi2dBOdWXDbaKgl5Zl+40ibCnmrZw3GnQ8mWLp Y5UG63EYuFu5W0hqIKoC/iPiA5GuwdqgutrJEQ4Sh207mmRXXC3QYrKD16Vl7L526P/5xOihbDMH hl+7ctdoJBlTd/lq4yS3CXbJYuR13b1JmJyezZpnpQ3xL9sryO+1OITjLmjdvIvZxtnae70nUPjd gVTn+VtYEaBYTNZoBL9jkdFZfPrOJzmMUwnFBQ== Received: by omta-ad2-fd3-201-us-phoenix-1.omtaad2.vcndpphx.oraclevcn.com (Oracle Communications Messaging Server 8.1.0.1.20230214 64bit (built Feb 14 2023)) with ESMTPS id <0RRI004ZJ4FYN060@omta-ad2-fd3-201-us-phoenix-1.omtaad2.vcndpphx.oraclevcn.com> for ocfs2-devel@archiver.kernel.org; Tue, 14 Mar 2023 08:19:10 +0000 (GMT) To: mark@fasheh.com, jlbec@evilplan.org, joseph.qi@linux.alibaba.com, zohar@linux.ibm.com, dmitry.kasatkin@gmail.com, paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com, stephen.smalley.work@gmail.com, eparis@parisplace.org, casey@schaufler-ca.com Date: Tue, 14 Mar 2023 09:17:17 +0100 Message-id: <20230314081720.4158676-4-roberto.sassu@huaweicloud.com> X-Mailer: git-send-email 2.25.1 In-reply-to: <20230314081720.4158676-1-roberto.sassu@huaweicloud.com> References: <20230314081720.4158676-1-roberto.sassu@huaweicloud.com> MIME-version: 1.0 X-Source-IP: 14.137.139.154 X-Proofpoint-Virus-Version: vendor=nai engine=6500 definitions=10648 signatures=596816 X-Proofpoint-Spam-Details: rule=tap_notspam policy=tap score=0 clxscore=51 spamscore=0 lowpriorityscore=0 suspectscore=0 malwarescore=0 phishscore=0 mlxscore=0 priorityscore=0 mlxlogscore=999 bulkscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2303140070 Cc: nicolas.bouchinet@clip-os.org, keescook@chromium.org, selinux@vger.kernel.org, Roberto Sassu , reiserfs-devel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, linux-integrity@vger.kernel.org, ocfs2-devel@oss.oracle.com Subject: [Ocfs2-devel] [PATCH v8 3/6] security: Remove security_old_inode_init_security() X-BeenThere: ocfs2-devel@oss.oracle.com X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Roberto Sassu via Ocfs2-devel Reply-to: Roberto Sassu Content-type: text/plain; charset="us-ascii" Content-transfer-encoding: 7bit Errors-to: ocfs2-devel-bounces@oss.oracle.com X-CM-TRANSID: GxC2BwBnNl2zLRBkenSXAQ--.34127S5 X-Coremail-Antispam: 1UD129KBjvJXoWxGryDZrW7Xw18WryDZry7ZFb_yoW5GryrpF 43t3WUGr1rJFyUWr1vyF17uF1SgFWrKrsrJrsakwnrJFnxZr1rtF1Fyr17CFyrJrW8Ww1I qw4a9r43Gr4DJrDanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUUBYb4IE77IF4wAFF20E14v26rWj6s0DM7CY07I20VC2zVCF04k2 6cxKx2IYs7xG6rWj6s0DM7CIcVAFz4kK6r1j6r18M28IrcIa0xkI8VA2jI8067AKxVWUWw A2048vs2IY020Ec7CjxVAFwI0_Xr0E3s1l8cAvFVAK0II2c7xJM28CjxkF64kEwVA0rcxS w2x7M28EF7xvwVC0I7IYx2IY67AKxVWUJVWUCwA2z4x0Y4vE2Ix0cI8IcVCY1x0267AKxV WxJVW8Jr1l84ACjcxK6I8E87Iv67AKxVW8JVWxJwA2z4x0Y4vEx4A2jsIEc7CjxVAFwI0_ Gr0_Gr1UM2AIxVAIcxkEcVAq07x20xvEncxIr21l5I8CrVACY4xI64kE6c02F40Ex7xfMc Ij6xIIjxv20xvE14v26r1j6r18McIj6I8E87Iv67AKxVWUJVW8JwAm72CE4IkC6x0Yz7v_ Jr0_Gr1lF7xvr2IYc2Ij64vIr41lFIxGxcIEc7CjxVA2Y2ka0xkIwI1l42xK82IYc2Ij64 vIr41l4I8I3I0E4IkC6x0Yz7v_Jr0_Gr1lx2IqxVAqx4xG67AKxVWUJVWUGwC20s026x8G jcxK67AKxVWUGVWUWwC2zVAF1VAY17CE14v26r4a6rW5MIIYrxkI7VAKI48JMIIF0xvE2I x0cI8IcVAFwI0_Jr0_JF4lIxAIcVC0I7IYx2IY6xkF7I0E14v26F4j6r4UJwCI42IY6xAI w20EY4v20xvaj40_Jr0_JF4lIxAIcVC2z280aVAFwI0_Jr0_Gr1lIxAIcVC2z280aVCY1x 0267AKxVW8JVW8JrUvcSsGvfC2KfnxnUUI43ZEXa7IU1c4S7UUUUU== X-CM-SenderInfo: purev21wro2thvvxqx5xdzvxpfor3voofrz/1tbiAgAQBF1jj4aJfgABsX X-CFilter-Loop: Reflected X-ServerName: frasgout12.his.huawei.com X-Proofpoint-SPF-Result: pass X-Proofpoint-SPF-Record: v=spf1 ip4:45.249.212.51 ip4:45.249.212.56 ip4:185.176.79.53 ip4:14.137.139.23 ip4:14.137.139.154 ip4:14.137.139.46 ip4:124.71.93.99 ip4:124.71.93.112 ip4:124.71.94.104 include:spf.saas.huaweicloud.com -all X-Spam: Clean X-Proofpoint-GUID: 7lmv4nEhbDt_AALX9NSQ7-lQbTPw6R9l X-Proofpoint-ORIG-GUID: 7lmv4nEhbDt_AALX9NSQ7-lQbTPw6R9l Reporting-Meta: AAHP6rdkZDLuDR/qCxiDXam7DUmd5OayeRN06d8k9d2oTQMgeBMxLOXUCsoYw4OL j0ZspfLG1Ult2qdFG3E53pu5WB7dOyx57nHov6jW/QGGRxjPCPHkCVxIufWOv1TB BG3i/f4adal5pStqASSCT61FHtO4wY8j4JzAWKQSNGQqXc30EahUfqOEMyoGExwj SsTg1ixbuQLM4uVOOaGL35D2j87Ns68uB7iwccJ9dabNlRKxIv5IUgsEHJlJvW0Q 6U05Oq0MlknWF0MU2wqkubJdKB4A8uSUxNAyQETqFqWEsNwhpzfRecndRxmH327t NkLSJZ9pWr6YEpiOPKn5xYHA4gDaalqjsyGObTZbXWSbNq+YbR3JfvyQlNfAP6sR g2bZX7cZQqRNrV4QQdxHZhl2k8mpGVu18tU8xJBU5nQZT+OKx5q0jWZFBiB0DXQa zDu0kqznRpbj2sjl0tc4ogeCBs53NCLN2hPy6EUKbqJHAl9oo7hEPxi2+X9wHq7x 6m+bVH9Z6so0lT//T4/+PQEhZGxBU9bYsIU21RTaYxs1 From: Roberto Sassu As the remaining two users reiserfs and ocfs2 switched to security_inode_init_security(), security_old_inode_init_security() can be now removed. Out-of-tree kernel modules should switch to security_inode_init_security() too. Signed-off-by: Roberto Sassu Reviewed-by: Casey Schaufler Reviewed-by: Mimi Zohar --- include/linux/security.h | 12 ------------ security/security.c | 11 ----------- 2 files changed, 23 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index 5984d0d550b..cd23221ce9e 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -336,9 +336,6 @@ int security_inode_init_security(struct inode *inode, struct inode *dir, int security_inode_init_security_anon(struct inode *inode, const struct qstr *name, const struct inode *context_inode); -int security_old_inode_init_security(struct inode *inode, struct inode *dir, - const struct qstr *qstr, const char **name, - void **value, size_t *len); int security_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode); int security_inode_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry); @@ -778,15 +775,6 @@ static inline int security_inode_init_security_anon(struct inode *inode, return 0; } -static inline int security_old_inode_init_security(struct inode *inode, - struct inode *dir, - const struct qstr *qstr, - const char **name, - void **value, size_t *len) -{ - return -EOPNOTSUPP; -} - static inline int security_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode) diff --git a/security/security.c b/security/security.c index b808e1b8655..f4170efcddd 100644 --- a/security/security.c +++ b/security/security.c @@ -1655,17 +1655,6 @@ int security_inode_init_security_anon(struct inode *inode, context_inode); } -int security_old_inode_init_security(struct inode *inode, struct inode *dir, - const struct qstr *qstr, const char **name, - void **value, size_t *len) -{ - if (unlikely(IS_PRIVATE(inode))) - return -EOPNOTSUPP; - return call_int_hook(inode_init_security, -EOPNOTSUPP, inode, dir, - qstr, name, value, len); -} -EXPORT_SYMBOL(security_old_inode_init_security); - #ifdef CONFIG_SECURITY_PATH /** * security_path_mknod() - Check if creating a special file is allowed From patchwork Tue Mar 14 08:17:18 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Roberto Sassu X-Patchwork-Id: 13173899 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aib29ajc244.phx1.oracleemaildelivery.com (aib29ajc244.phx1.oracleemaildelivery.com [192.29.103.244]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id CDDD0C6FD1F for ; Tue, 14 Mar 2023 08:19:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=oss-phx-1109; d=oss.oracle.com; h=Date:To:From:Subject:Message-Id:MIME-Version:Sender; bh=cMmCsR70CHNsBcDD1gw72y98KDy96vlQrcPI/TPjJCM=; b=do3Vf+9i7Ag1Jy4kfv23hHGecLjYqHzwSIwtY68fmjtPDqD2Nm2vo16RTG31cwfjpIGXouNzshpR DORP2cVjdDJhCN9RZ9eosuH4JBTRuqfdC/+QVGu7L6UtY5UJxL4r2ZCJC+71nfSSES/ICH7CiSBn 1RwLqn6MdZIf+aTnBryNIYMNX5SwVJF+3DlFykcRbmCDE/aRxt37FfWmVA8i94yqUzsc6luJpH2z UEyxF8qsfGiAQoZdmXdeDnoESTkvetD7XmabWHQhU5RauzK/LrfqRaRQ6vL0gD56AqmziPGyzSmd 0Y93Vtd48fEkCKSJC9/WiZ1/HAbeczcZgWyh4w== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=prod-phx-20191217; d=phx1.rp.oracleemaildelivery.com; h=Date:To:From:Subject:Message-Id:MIME-Version:Sender; bh=cMmCsR70CHNsBcDD1gw72y98KDy96vlQrcPI/TPjJCM=; b=lYrqkNldtRII9F/PoN3mc6Wf0v5Pq1ZvVw2FjSGEKj0k4FWG13V1NrlJMPTtU6yZDdabJeQgvOC1 8IQdIbqgPIxRXCpot3Eu66bpKS6G9oG8Rp6Ub+5w0bOADAlxLXf0jLlHqYpjGo11R4NItT3//APS wyurhjOzsF3glDDgAbanhTgrRNs4uhKU1dg1U0wAcifKI2YNK6gBHj6rzwuKhvja+jQhwNhA1SeM tLH+MLUU1loQ/zC8Xb1ZimLKAb7qqEBOlHcZeNPM0iqvVaKVL9CueiPUwfKYLHNlFrqDnHX0+rj0 U2LEJTryAzSu43uE4kBYu9vGKdU6H2s6IZsZcA== Received: by omta-ad1-fd1-101-us-phoenix-1.omtaad1.vcndpphx.oraclevcn.com (Oracle Communications Messaging Server 8.1.0.1.20230214 64bit (built Feb 14 2023)) with ESMTPS id <0RRI005NR4GCSQ60@omta-ad1-fd1-101-us-phoenix-1.omtaad1.vcndpphx.oraclevcn.com> for ocfs2-devel@archiver.kernel.org; Tue, 14 Mar 2023 08:19:24 +0000 (GMT) To: mark@fasheh.com, jlbec@evilplan.org, joseph.qi@linux.alibaba.com, zohar@linux.ibm.com, dmitry.kasatkin@gmail.com, paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com, stephen.smalley.work@gmail.com, eparis@parisplace.org, casey@schaufler-ca.com Date: Tue, 14 Mar 2023 09:17:18 +0100 Message-id: <20230314081720.4158676-5-roberto.sassu@huaweicloud.com> X-Mailer: git-send-email 2.25.1 In-reply-to: <20230314081720.4158676-1-roberto.sassu@huaweicloud.com> References: <20230314081720.4158676-1-roberto.sassu@huaweicloud.com> MIME-version: 1.0 X-Source-IP: 14.137.139.154 X-Proofpoint-Virus-Version: vendor=nai engine=6500 definitions=10648 signatures=596816 X-Proofpoint-Spam-Details: rule=tap_notspam policy=tap score=0 suspectscore=0 malwarescore=0 mlxlogscore=999 spamscore=0 phishscore=0 adultscore=0 lowpriorityscore=0 bulkscore=0 priorityscore=0 mlxscore=0 impostorscore=0 clxscore=48 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2303140070 Cc: nicolas.bouchinet@clip-os.org, keescook@chromium.org, selinux@vger.kernel.org, Roberto Sassu , reiserfs-devel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, linux-integrity@vger.kernel.org, ocfs2-devel@oss.oracle.com Subject: [Ocfs2-devel] [PATCH v8 4/6] security: Allow all LSMs to provide xattrs for inode_init_security hook X-BeenThere: ocfs2-devel@oss.oracle.com X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Roberto Sassu via Ocfs2-devel Reply-to: Roberto Sassu Content-type: text/plain; charset="us-ascii" Content-transfer-encoding: 7bit Errors-to: ocfs2-devel-bounces@oss.oracle.com X-CM-TRANSID: GxC2BwBnNl2zLRBkenSXAQ--.34127S6 X-Coremail-Antispam: 1UD129KBjvAXoW3Kr1DWw4kCrykJw4fJw1xAFb_yoW8XFy8Zo WxJwsrZrW0gr17KrW5u3Z7JFWDuayrWr4fAr1Fvr45A3Zxtw1UCw13Xa18XFW3WryrKr48 t34Iya40qrWqqrn5n29KB7ZKAUJUUUUU529EdanIXcx71UUUUU7v73VFW2AGmfu7bjvjm3 AaLaJ3UjIYCTnIWjp_UUUYu7kC6x804xWl14x267AKxVWrJVCq3wAFc2x0x2IEx4CE42xK 8VAvwI8IcIk0rVWrJVCq3wAFIxvE14AKwVWUJVWUGwA2048vs2IY020E87I2jVAFwI0_JF 0E3s1l82xGYIkIc2x26xkF7I0E14v26ryj6s0DM28lY4IEw2IIxxk0rwA2F7IY1VAKz4vE j48ve4kI8wA2z4x0Y4vE2Ix0cI8IcVAFwI0_JFI_Gr1l84ACjcxK6xIIjxv20xvEc7CjxV AFwI0_Gr1j6F4UJwA2z4x0Y4vEx4A2jsIE14v26r4j6F4UM28EF7xvwVC2z280aVCY1x02 67AKxVW8Jr0_Cr1UM2AIxVAIcxkEcVAq07x20xvEncxIr21l5I8CrVACY4xI64kE6c02F4 0Ex7xfMcIj6xIIjxv20xvE14v26r1j6r18McIj6I8E87Iv67AKxVWUJVW8JwAm72CE4IkC 6x0Yz7v_Jr0_Gr1lF7xvr2IYc2Ij64vIr41lFIxGxcIEc7CjxVA2Y2ka0xkIwI1l42xK82 IYc2Ij64vIr41l4I8I3I0E4IkC6x0Yz7v_Jr0_Gr1lx2IqxVAqx4xG67AKxVWUJVWUGwC2 0s026x8GjcxK67AKxVWUGVWUWwC2zVAF1VAY17CE14v26r4a6rW5MIIYrxkI7VAKI48JMI IF0xvE2Ix0cI8IcVAFwI0_Jr0_JF4lIxAIcVC0I7IYx2IY6xkF7I0E14v26F4j6r4UJwCI 42IY6xAIw20EY4v20xvaj40_Jr0_JF4lIxAIcVC2z280aVAFwI0_Jr0_Gr1lIxAIcVC2z2 80aVCY1x0267AKxVW8JVW8JrUvcSsGvfC2KfnxnUUI43ZEXa7IU13l1DUUUUU== X-CM-SenderInfo: purev21wro2thvvxqx5xdzvxpfor3voofrz/1tbiAQAQBF1jj4qHYwAAsK X-CFilter-Loop: Reflected X-ServerName: frasgout12.his.huawei.com X-Proofpoint-SPF-Result: pass X-Proofpoint-SPF-Record: v=spf1 ip4:45.249.212.51 ip4:45.249.212.56 ip4:185.176.79.53 ip4:14.137.139.23 ip4:14.137.139.154 ip4:14.137.139.46 ip4:124.71.93.99 ip4:124.71.93.112 ip4:124.71.94.104 include:spf.saas.huaweicloud.com -all X-Spam: Clean X-Proofpoint-GUID: fXhsL5kxURYSu0XuKcKRNoAx3SVELK_- X-Proofpoint-ORIG-GUID: fXhsL5kxURYSu0XuKcKRNoAx3SVELK_- Reporting-Meta: AAH3HnWsoUXRvk8DhGZ/mheKa7MC6nWwy5xpf4rvdknePTLosHiw1nbkAKRJJjhb nAT64ol1BgHKeHK9Dt4j0g6xseaq87q8P0zIK/kGcp6t+qEh4+yZqoKHZDCyO9Wt 9KPgkGhFEiP9nH5/dY+CinyhrURs2zR+1++f4VCTOFpuoYSP90aIHF2xPk0TOzOa nc2R2RB6WXqYAn/AHqJH8FsQhqW3u7Dj38ol+EiSjm9wI8HTMDl9DZ+FPkL4itkb 8BnDqkEPC0Ql99rYM6HVQXh8VuKwDKaQroT2H3r7OpSB+pkRwI96QHG+JpHL/dzE ZBPX6uSRTz/0DZPkl9igtAX6jMqY+R0Ucfwk58GcfjSI5L57zzoyDnF91Szc7SPF N6tPNq+6U45yCEFCYUl0rCGk8NZO4DADK6vYZA6uNK1zrxtniIz5gVnPm3tGKgER Efd07mhGEhCQ3zAvng3Hijq2MKsEjFWSOfbLJSf0HVmn07TzTvP5ikRg+JQfDRjC EjicTax+KRw2+ToE9iy2gw06lVUVr3AnQQ2igDTyMo62 From: Roberto Sassu Currently, security_inode_init_security() supports only one LSM providing an xattr and EVM calculating the HMAC on that xattr, plus other inode metadata. Allow all LSMs to provide one or multiple xattrs, by extending the security blob reservation mechanism. Introduce the new lbs_xattr field of the lsm_blob_sizes structure, so that each LSM can specify how many xattrs it needs, and the LSM infrastructure knows how many xattr slots it should allocate. Dynamically allocate the xattrs array to be populated by LSMs with the inode_init_security hook, and pass it to the latter instead of the name/value/len triple. Update the documentation accordingly, and fix the description of the xattr name, as it is not allocated anymore. Since the LSM infrastructure, at initialization time, updates the number of the requested xattrs provided by each LSM with a corresponding offset in the security blob (in this case the xattr array), it makes straightforward for an LSM to access the right position in the xattr array. There is still the issue that an LSM might not fill the xattr, even if it requests it (legitimate case, for example it might have been loaded but not initialized with a policy). Since users of the xattr array (e.g. the initxattrs() callbacks) detect the end of the xattr array by checking if the xattr name is NULL, not filling an xattr would cause those users to stop scanning xattrs prematurely. Solve that issue by introducing security_check_compact_filled_xattrs(), which does a basic check of the xattr array (if the xattr name is filled, the xattr value should be too, and viceversa), and compacts the xattr array by removing the holes. An alternative solution would be to let users of the xattr array know the number of elements of that array, so that they don't have to check the termination. However, this seems more invasive, compared to a simple move of few array elements. security_check_compact_filled_xattrs() also determines how many xattrs in the xattr array have been filled. If there is none, skip evm_inode_init_security() and initxattrs(). Skipping the former also avoids EVM to crash the kernel, as it is expecting a filled xattr. Finally, adapt both SELinux and Smack to use the new definition of the inode_init_security hook, and to correctly fill the designated slots in the xattr array. For Smack, reserve space for the other defined xattrs although they are not set yet in smack_inode_init_security(). Reported-by: Nicolas Bouchinet (EVM crash) Link: https://lore.kernel.org/linux-integrity/Y1FTSIo+1x+4X0LS@archlinux/ Signed-off-by: Roberto Sassu Reviewed-by: Casey Schaufler Reviewed-by: Mimi Zohar --- include/linux/lsm_hook_defs.h | 3 +- include/linux/lsm_hooks.h | 1 + security/security.c | 119 +++++++++++++++++++++++++++++----- security/selinux/hooks.c | 19 ++++-- security/smack/smack_lsm.c | 33 ++++++---- 5 files changed, 137 insertions(+), 38 deletions(-) diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h index 6bb55e61e8e..b814955ae70 100644 --- a/include/linux/lsm_hook_defs.h +++ b/include/linux/lsm_hook_defs.h @@ -112,8 +112,7 @@ LSM_HOOK(int, 0, path_notify, const struct path *path, u64 mask, LSM_HOOK(int, 0, inode_alloc_security, struct inode *inode) LSM_HOOK(void, LSM_RET_VOID, inode_free_security, struct inode *inode) LSM_HOOK(int, 0, inode_init_security, struct inode *inode, - struct inode *dir, const struct qstr *qstr, const char **name, - void **value, size_t *len) + struct inode *dir, const struct qstr *qstr, struct xattr *xattrs) LSM_HOOK(int, 0, inode_init_security_anon, struct inode *inode, const struct qstr *name, const struct inode *context_inode) LSM_HOOK(int, 0, inode_create, struct inode *dir, struct dentry *dentry, diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index c2be66c669a..75a2f85b49d 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -63,6 +63,7 @@ struct lsm_blob_sizes { int lbs_ipc; int lbs_msg_msg; int lbs_task; + int lbs_xattr; /* number of xattr slots in new_xattrs array */ }; /* diff --git a/security/security.c b/security/security.c index f4170efcddd..f1f5f62f7fa 100644 --- a/security/security.c +++ b/security/security.c @@ -31,8 +31,6 @@ #include #include -#define MAX_LSM_EVM_XATTR 2 - /* How many LSMs were built into the kernel? */ #define LSM_COUNT (__end_lsm_info - __start_lsm_info) @@ -212,6 +210,7 @@ static void __init lsm_set_blob_sizes(struct lsm_blob_sizes *needed) lsm_set_blob_size(&needed->lbs_msg_msg, &blob_sizes.lbs_msg_msg); lsm_set_blob_size(&needed->lbs_superblock, &blob_sizes.lbs_superblock); lsm_set_blob_size(&needed->lbs_task, &blob_sizes.lbs_task); + lsm_set_blob_size(&needed->lbs_xattr, &blob_sizes.lbs_xattr); } /* Prepare LSM for initialization. */ @@ -378,6 +377,7 @@ static void __init ordered_lsm_init(void) init_debug("msg_msg blob size = %d\n", blob_sizes.lbs_msg_msg); init_debug("superblock blob size = %d\n", blob_sizes.lbs_superblock); init_debug("task blob size = %d\n", blob_sizes.lbs_task); + init_debug("xattr slots = %d\n", blob_sizes.lbs_xattr); /* * Create any kmem_caches needed for blobs @@ -1579,6 +1579,52 @@ int security_dentry_create_files_as(struct dentry *dentry, int mode, } EXPORT_SYMBOL(security_dentry_create_files_as); +/** + * security_check_compact_filled_xattrs - check xattrs and make array contiguous + * @xattrs: xattr array filled by LSMs + * @num_xattrs: length of xattr array + * @num_filled_xattrs: number of already processed xattrs + * + * Ensure that each xattr slot is correctly filled and close the gaps in the + * xattr array if an LSM didn't provide an xattr for which it asked space + * (legitimate case, it might have been loaded but not initialized). An LSM + * might request space in the xattr array for one or multiple xattrs. The LSM + * infrastructure ensures that all requests by LSMs are satisfied. + * + * Track the number of filled xattrs in @num_filled_xattrs, so that it is easy + * to determine whether the currently processed xattr is fine in its position + * (if all previous xattrs were filled) or it should be moved after the last + * filled xattr. + * + * Return: zero if all xattrs are valid, -EINVAL otherwise. + */ +static int security_check_compact_filled_xattrs(struct xattr *xattrs, + int num_xattrs, + int *num_filled_xattrs) +{ + int i; + + for (i = *num_filled_xattrs; i < num_xattrs; i++) { + if ((!xattrs[i].name && xattrs[i].value) || + (xattrs[i].name && !xattrs[i].value)) + return -EINVAL; + + if (!xattrs[i].name) + continue; + + if (i == *num_filled_xattrs) { + (*num_filled_xattrs)++; + continue; + } + + memcpy(xattrs + (*num_filled_xattrs)++, xattrs + i, + sizeof(*xattrs)); + memset(xattrs + i, 0, sizeof(*xattrs)); + } + + return 0; +} + /** * security_inode_init_security() - Initialize an inode's LSM context * @inode: the inode @@ -1591,9 +1637,13 @@ EXPORT_SYMBOL(security_dentry_create_files_as); * created inode and set up the incore security field for the new inode. This * hook is called by the fs code as part of the inode creation transaction and * provides for atomic labeling of the inode, unlike the post_create/mkdir/... - * hooks called by the VFS. The hook function is expected to allocate the name - * and value via kmalloc, with the caller being responsible for calling kfree - * after using them. If the security module does not use security attributes + * hooks called by the VFS. The hook function is expected to populate the + * @xattrs array, depending on how many xattrs have been specified by the + * security module in the lbs_xattr field of the lsm_blob_sizes structure. For + * each array element, the hook function is expected to set ->name to the + * attribute name suffix (e.g. selinux), to allocate ->value (will be freed by + * the caller) and set it to the attribute value, to set ->value_len to the + * length of the value. If the security module does not use security attributes * or does not wish to put a security attribute on this particular inode, then * it should return -EOPNOTSUPP to skip this processing. * @@ -1604,33 +1654,66 @@ int security_inode_init_security(struct inode *inode, struct inode *dir, const struct qstr *qstr, const initxattrs initxattrs, void *fs_data) { - struct xattr new_xattrs[MAX_LSM_EVM_XATTR + 1]; - struct xattr *lsm_xattr, *evm_xattr, *xattr; - int ret; + struct security_hook_list *P; + struct xattr *new_xattrs; + struct xattr *xattr; + int ret = -EOPNOTSUPP, num_filled_xattrs = 0; if (unlikely(IS_PRIVATE(inode))) return 0; + if (!blob_sizes.lbs_xattr) + return 0; + if (!initxattrs) return call_int_hook(inode_init_security, -EOPNOTSUPP, inode, - dir, qstr, NULL, NULL, NULL); - memset(new_xattrs, 0, sizeof(new_xattrs)); - lsm_xattr = new_xattrs; - ret = call_int_hook(inode_init_security, -EOPNOTSUPP, inode, dir, qstr, - &lsm_xattr->name, - &lsm_xattr->value, - &lsm_xattr->value_len); - if (ret) + dir, qstr, NULL); + /* Allocate +1 for EVM and +1 as terminator. */ + new_xattrs = kcalloc(blob_sizes.lbs_xattr + 2, sizeof(*new_xattrs), + GFP_NOFS); + if (!new_xattrs) + return -ENOMEM; + + hlist_for_each_entry(P, &security_hook_heads.inode_init_security, + list) { + ret = P->hook.inode_init_security(inode, dir, qstr, new_xattrs); + if (ret && ret != -EOPNOTSUPP) + goto out; + /* + * As documented in lsm_hooks.h, -EOPNOTSUPP in this context + * means that the LSM is not willing to provide an xattr, not + * that it wants to signal an error. Thus, continue to invoke + * the remaining LSMs. + */ + if (ret == -EOPNOTSUPP) + continue; + /* + * As the number of xattrs reserved by LSMs is not directly + * available, directly use the total number blob_sizes.lbs_xattr + * to keep the code simple, while being not the most efficient + * way. + */ + ret = security_check_compact_filled_xattrs(new_xattrs, + blob_sizes.lbs_xattr, + &num_filled_xattrs); + if (ret < 0) { + ret = -ENOMEM; + goto out; + } + } + + if (!num_filled_xattrs) goto out; - evm_xattr = lsm_xattr + 1; - ret = evm_inode_init_security(inode, lsm_xattr, evm_xattr); + ret = evm_inode_init_security(inode, new_xattrs, + new_xattrs + num_filled_xattrs); if (ret) goto out; ret = initxattrs(inode, new_xattrs, fs_data); out: for (xattr = new_xattrs; xattr->value != NULL; xattr++) kfree(xattr->value); + kfree(new_xattrs); return (ret == -EOPNOTSUPP) ? 0 : ret; } EXPORT_SYMBOL(security_inode_init_security); diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 9a5bdfc2131..3e4308dd336 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -104,6 +104,8 @@ #include "audit.h" #include "avc_ss.h" +#define SELINUX_INODE_INIT_XATTRS 1 + struct selinux_state selinux_state; /* SECMARK reference count */ @@ -2868,11 +2870,11 @@ static int selinux_dentry_create_files_as(struct dentry *dentry, int mode, static int selinux_inode_init_security(struct inode *inode, struct inode *dir, const struct qstr *qstr, - const char **name, - void **value, size_t *len) + struct xattr *xattrs) { const struct task_security_struct *tsec = selinux_cred(current_cred()); struct superblock_security_struct *sbsec; + struct xattr *xattr = NULL; u32 newsid, clen; int rc; char *context; @@ -2899,16 +2901,18 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir, !(sbsec->flags & SBLABEL_MNT)) return -EOPNOTSUPP; - if (name) - *name = XATTR_SELINUX_SUFFIX; + if (xattrs) + xattr = xattrs + selinux_blob_sizes.lbs_xattr; + + if (xattr) { + xattr->name = XATTR_SELINUX_SUFFIX; - if (value && len) { rc = security_sid_to_context_force(&selinux_state, newsid, &context, &clen); if (rc) return rc; - *value = context; - *len = clen; + xattr->value = context; + xattr->value_len = clen; } return 0; @@ -6918,6 +6922,7 @@ struct lsm_blob_sizes selinux_blob_sizes __lsm_ro_after_init = { .lbs_ipc = sizeof(struct ipc_security_struct), .lbs_msg_msg = sizeof(struct msg_security_struct), .lbs_superblock = sizeof(struct superblock_security_struct), + .lbs_xattr = SELINUX_INODE_INIT_XATTRS, }; #ifdef CONFIG_PERF_EVENTS diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index cfcbb748da2..c8cf8df268b 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -52,6 +52,15 @@ #define SMK_RECEIVING 1 #define SMK_SENDING 2 +/* + * Smack uses multiple xattrs. + * SMACK64 - for access control, SMACK64EXEC - label for the program, + * SMACK64MMAP - controls library loading, + * SMACK64TRANSMUTE - label initialization, + * Not saved on files - SMACK64IPIN and SMACK64IPOUT + */ +#define SMACK_INODE_INIT_XATTRS 4 + #ifdef SMACK_IPV6_PORT_LABELING static DEFINE_MUTEX(smack_ipv6_lock); static LIST_HEAD(smk_ipv6_port_list); @@ -939,26 +948,27 @@ static int smack_inode_alloc_security(struct inode *inode) * @inode: the newly created inode * @dir: containing directory object * @qstr: unused - * @name: where to put the attribute name - * @value: where to put the attribute value - * @len: where to put the length of the attribute + * @xattrs: where to put the attributes * * Returns 0 if it all works out, -ENOMEM if there's no memory */ static int smack_inode_init_security(struct inode *inode, struct inode *dir, - const struct qstr *qstr, const char **name, - void **value, size_t *len) + const struct qstr *qstr, + struct xattr *xattrs) { struct inode_smack *issp = smack_inode(inode); struct smack_known *skp = smk_of_current(); struct smack_known *isp = smk_of_inode(inode); struct smack_known *dsp = smk_of_inode(dir); + struct xattr *xattr = NULL; int may; - if (name) - *name = XATTR_SMACK_SUFFIX; + if (xattrs) + xattr = xattrs + smack_blob_sizes.lbs_xattr; + + if (xattr) { + xattr->name = XATTR_SMACK_SUFFIX; - if (value && len) { rcu_read_lock(); may = smk_access_entry(skp->smk_known, dsp->smk_known, &skp->smk_rules); @@ -976,11 +986,11 @@ static int smack_inode_init_security(struct inode *inode, struct inode *dir, issp->smk_flags |= SMK_INODE_CHANGED; } - *value = kstrdup(isp->smk_known, GFP_NOFS); - if (*value == NULL) + xattr->value = kstrdup(isp->smk_known, GFP_NOFS); + if (xattr->value == NULL) return -ENOMEM; - *len = strlen(isp->smk_known); + xattr->value_len = strlen(isp->smk_known); } return 0; @@ -4854,6 +4864,7 @@ struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = { .lbs_ipc = sizeof(struct smack_known *), .lbs_msg_msg = sizeof(struct smack_known *), .lbs_superblock = sizeof(struct superblock_smack), + .lbs_xattr = SMACK_INODE_INIT_XATTRS, }; static struct security_hook_list smack_hooks[] __lsm_ro_after_init = { From patchwork Tue Mar 14 08:17:19 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Roberto Sassu X-Patchwork-Id: 13173900 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aib29ajc248.phx1.oracleemaildelivery.com (aib29ajc248.phx1.oracleemaildelivery.com [192.29.103.248]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id C767BC6FD1C for ; Tue, 14 Mar 2023 08:19:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=oss-phx-1109; d=oss.oracle.com; h=Date:To:From:Subject:Message-Id:MIME-Version:Sender; bh=i4sVm8cc7rtdbAw0gyOdgNR4ekpJwy0oBzbbmkAXshw=; b=2Nu8/rxIKeWK+KhaiLou3du87yoh2HRKT1YP7yMJuvHSCZtv//o1guMqZ3j9lv4mHwYqau4zuiZV hFMVPNUlGKQeVX58yqnoGYoDIGXzAJ+Mub1WaxLcI6cjuazZQ46bM4gi5Y2C+IaBunzevNGhG2Cf 6/FXqNi9yGkszmFwmGAR/k/UKfu9wi3KFBH54zHqiMvwBJwVWq8ndQAAmLLORZ/JmsKitHKU3sHa LNUtEcn/jadIM6FEP9Lr33+syFvQLgClWpavKtBGW1cAv5UzfizidGuD2MhZHI6pWyjjJGoLJytG QIU2UUnebTcvIHQkCJLNYGgzMjZxc5mq4o6Axg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=prod-phx-20191217; d=phx1.rp.oracleemaildelivery.com; h=Date:To:From:Subject:Message-Id:MIME-Version:Sender; bh=i4sVm8cc7rtdbAw0gyOdgNR4ekpJwy0oBzbbmkAXshw=; b=C4lUJdrXlP/IGDdiZ6Q4pn4FdujQIL24aaE165mk1SjXX+Uiy9p14HeSrRjjGykwtyIqCu5O97Fh OZqRzTwaODU+KtV9zzpKljs8mGiE3EuAZi42BCnLdMWJkp6N8KrZaeaS77UeSjwRRHMeUe4+vJda 30n8CM6QRD65RL7AN5+6B7mO8BmKXEy9PrApuRP9HEnkaex+GM9+09PIruF34N9kD+5asJSQK5sw HJIYk03+r6gJfu9Ab5w7DarnqvCV40zuETBOB8SS/T/DUlzh2X06cTYIR965wGv0FbNMe7Ja+uFp L9Bi0qBmwxU1v6eEAHjWz4n2knKgwNJsBmtSBw== Received: by omta-ad2-fd1-201-us-phoenix-1.omtaad2.vcndpphx.oraclevcn.com (Oracle Communications Messaging Server 8.1.0.1.20230214 64bit (built Feb 14 2023)) with ESMTPS id <0RRI00JTU4GM11B0@omta-ad2-fd1-201-us-phoenix-1.omtaad2.vcndpphx.oraclevcn.com> for ocfs2-devel@archiver.kernel.org; Tue, 14 Mar 2023 08:19:34 +0000 (GMT) To: mark@fasheh.com, jlbec@evilplan.org, joseph.qi@linux.alibaba.com, zohar@linux.ibm.com, dmitry.kasatkin@gmail.com, paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com, stephen.smalley.work@gmail.com, eparis@parisplace.org, casey@schaufler-ca.com Date: Tue, 14 Mar 2023 09:17:19 +0100 Message-id: <20230314081720.4158676-6-roberto.sassu@huaweicloud.com> X-Mailer: git-send-email 2.25.1 In-reply-to: <20230314081720.4158676-1-roberto.sassu@huaweicloud.com> References: <20230314081720.4158676-1-roberto.sassu@huaweicloud.com> MIME-version: 1.0 X-Source-IP: 14.137.139.154 X-Proofpoint-Virus-Version: vendor=nai engine=6500 definitions=10648 signatures=596816 X-Proofpoint-Spam-Details: rule=tap_notspam policy=tap score=0 adultscore=0 spamscore=0 suspectscore=0 phishscore=0 mlxlogscore=999 malwarescore=0 mlxscore=0 clxscore=62 bulkscore=0 priorityscore=0 lowpriorityscore=0 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2303140070 Cc: nicolas.bouchinet@clip-os.org, keescook@chromium.org, selinux@vger.kernel.org, Roberto Sassu , reiserfs-devel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, linux-integrity@vger.kernel.org, ocfs2-devel@oss.oracle.com Subject: [Ocfs2-devel] [PATCH v8 5/6] evm: Align evm_inode_init_security() definition with LSM infrastructure X-BeenThere: ocfs2-devel@oss.oracle.com X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Roberto Sassu via Ocfs2-devel Reply-to: Roberto Sassu Content-type: text/plain; charset="us-ascii" Content-transfer-encoding: 7bit Errors-to: ocfs2-devel-bounces@oss.oracle.com X-CM-TRANSID: GxC2BwBnNl2zLRBkenSXAQ--.34127S7 X-Coremail-Antispam: 1UD129KBjvJXoWxXF43tw1DXry7Kry5AF45Awb_yoWrKryUpa y3ta4UCr1rJFyUWryFyF4xu3WSgFWrGr4Ut393GryjyF1Dtr1xtrySyr15Cry5X3y8GFnY qw42vr1rWwn8t3DanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUUBvb4IE77IF4wAFF20E14v26rWj6s0DM7CY07I20VC2zVCF04k2 6cxKx2IYs7xG6rWj6s0DM7CIcVAFz4kK6r1j6r18M28IrcIa0xkI8VA2jI8067AKxVWUAV Cq3wA2048vs2IY020Ec7CjxVAFwI0_Xr0E3s1l8cAvFVAK0II2c7xJM28CjxkF64kEwVA0 rcxSw2x7M28EF7xvwVC0I7IYx2IY67AKxVWUCVW8JwA2z4x0Y4vE2Ix0cI8IcVCY1x0267 AKxVW8Jr0_Cr1UM28EF7xvwVC2z280aVAFwI0_Gr0_Cr1l84ACjcxK6I8E87Iv6xkF7I0E 14v26r4UJVWxJr1le2I262IYc4CY6c8Ij28IcVAaY2xG8wAqx4xG64xvF2IEw4CE5I8CrV C2j2WlYx0E2Ix0cI8IcVAFwI0_Jr0_Jr4lYx0Ex4A2jsIE14v26r1j6r4UMcvjeVCFs4IE 7xkEbVWUJVW8JwACjcxG0xvY0x0EwIxGrwACI402YVCY1x02628vn2kIc2xKxwCF04k20x vY0x0EwIxGrwCFx2IqxVCFs4IE7xkEbVWUJVW8JwC20s026c02F40E14v26r1j6r18MI8I 3I0E7480Y4vE14v26r106r1rMI8E67AF67kF1VAFwI0_GFv_WrylIxkGc2Ij64vIr41lIx AIcVC0I7IYx2IY67AKxVWUCVW8JwCI42IY6xIIjxv20xvEc7CjxVAFwI0_Gr1j6F4UJwCI 42IY6xAIw20EY4v20xvaj40_Jr0_JF4lIxAIcVC2z280aVAFwI0_Jr0_Gr1lIxAIcVC2z2 80aVCY1x0267AKxVW8Jr0_Cr1UYxBIdaVFxhVjvjDU0xZFpf9x07UZo7tUUUUU= X-CM-SenderInfo: purev21wro2thvvxqx5xdzvxpfor3voofrz/1tbiAQAQBF1jj4qHYwABsL X-CFilter-Loop: Reflected X-ServerName: frasgout12.his.huawei.com X-Proofpoint-SPF-Result: pass X-Proofpoint-SPF-Record: v=spf1 ip4:45.249.212.51 ip4:45.249.212.56 ip4:185.176.79.53 ip4:14.137.139.23 ip4:14.137.139.154 ip4:14.137.139.46 ip4:124.71.93.99 ip4:124.71.93.112 ip4:124.71.94.104 include:spf.saas.huaweicloud.com -all X-Spam: Clean X-Proofpoint-GUID: 54Hqol6pPdH6H2ZJ7UBNUFpytI8NrPFy X-Proofpoint-ORIG-GUID: 54Hqol6pPdH6H2ZJ7UBNUFpytI8NrPFy Reporting-Meta: AAHbbExDFXmV4RwxxS1fO4jigmWgC8yRZE7VrhPaFuQcqzjdVJ5E0r+NhGoTE0g/ 4f6KYQ6J5OTAlQakj7xxbXCgxrfdVmUN3RuhJpgS7YG88p26T55ocnEVOpXDTMw3 HLhMJBC77mottjUYQJ1U/Rls+scILmSrBPBUsW+2XrIbi/PFCrWuS4x5zq+e5VwM GLVz3LDxrcgCnfPyDOIImyEnufK6vBoYSYEKWftxyFEnyjDhG27cAqpdimrPmVw9 7g0gWnH4jxSeln5kCxdtIulUrprmJ6TBCljFuH3+kkGlBMJOCA3wVwty7MWmfgz9 R8J9IJtpW9nUp75pgqOEs/Xmzw0GqpACH5PCQk1e9yx/E4SnlW+8zEqAAPSFhIq2 /zBV+2RR6p910YyqRAzfsPYvGHqZE6eNLE4r1WfsXY4vs5FjNrCw7VY3rU/fZtBn HTBn/o9/cvkbbkaEipZ16tSuzdsNfeCwKdPDbQI2xCX0IBWnRdnOZYn2ycWJNl7W YF4JsB5gD6n7O1qv3dM+gmWG8jc3bnYgqYqLOK9hZx+fOA== From: Roberto Sassu Change the evm_inode_init_security() definition to align with the LSM infrastructure. Keep the existing behavior of including in the HMAC calculation only the first xattr provided by LSMs. Changing the evm_inode_init_security() definition requires passing only the xattr array allocated by security_inode_init_security(), instead of the first LSM xattr and the place where the EVM xattr should be filled. In lieu of passing the EVM xattr, EVM must position itself after the last filled xattr (by checking the xattr name), since only the beginning of the xattr array is given. Finally, make evm_inode_init_security() return value compatible with the inode_init_security hook conventions, i.e. return -EOPNOTSUPP if it is not setting an xattr. EVM is a bit tricky, because xattrs is both an input and an output. If it was just output, EVM should have returned zero if xattrs is NULL. But, since xattrs is also input, EVM is unable to do its calculations, so return -EOPNOTSUPP and handle this error in security_inode_init_security(). Signed-off-by: Roberto Sassu Reviewed-by: Casey Schaufler Reviewed-by: Mimi Zohar --- include/linux/evm.h | 12 ++++++------ security/integrity/evm/evm_main.c | 25 ++++++++++++++++++------- security/security.c | 5 ++--- 3 files changed, 26 insertions(+), 16 deletions(-) diff --git a/include/linux/evm.h b/include/linux/evm.h index 7dc1ee74169..cc64cea354e 100644 --- a/include/linux/evm.h +++ b/include/linux/evm.h @@ -56,9 +56,9 @@ static inline void evm_inode_post_set_acl(struct dentry *dentry, { return evm_inode_post_setxattr(dentry, acl_name, NULL, 0); } -extern int evm_inode_init_security(struct inode *inode, - const struct xattr *xattr_array, - struct xattr *evm); +extern int evm_inode_init_security(struct inode *inode, struct inode *dir, + const struct qstr *qstr, + struct xattr *xattrs); extern bool evm_revalidate_status(const char *xattr_name); extern int evm_protected_xattr_if_enabled(const char *req_xattr_name); extern int evm_read_protected_xattrs(struct dentry *dentry, u8 *buffer, @@ -157,9 +157,9 @@ static inline void evm_inode_post_set_acl(struct dentry *dentry, return; } -static inline int evm_inode_init_security(struct inode *inode, - const struct xattr *xattr_array, - struct xattr *evm) +static inline int evm_inode_init_security(struct inode *inode, struct inode *dir, + const struct qstr *qstr, + struct xattr *xattrs) { return 0; } diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c index cf24c525558..7d20ce83915 100644 --- a/security/integrity/evm/evm_main.c +++ b/security/integrity/evm/evm_main.c @@ -864,23 +864,34 @@ void evm_inode_post_setattr(struct dentry *dentry, int ia_valid) /* * evm_inode_init_security - initializes security.evm HMAC value */ -int evm_inode_init_security(struct inode *inode, - const struct xattr *lsm_xattr, - struct xattr *evm_xattr) +int evm_inode_init_security(struct inode *inode, struct inode *dir, + const struct qstr *qstr, + struct xattr *xattrs) { struct evm_xattr *xattr_data; + struct xattr *xattr, *evm_xattr; int rc; - if (!(evm_initialized & EVM_INIT_HMAC) || - !evm_protected_xattr(lsm_xattr->name)) - return 0; + if (!(evm_initialized & EVM_INIT_HMAC) || !xattrs || + !evm_protected_xattr(xattrs->name)) + return -EOPNOTSUPP; + + /* + * security_inode_init_security() makes sure that the xattrs array is + * contiguous, there is enough space for security.evm, and that there is + * a terminator at the end of the array. + */ + for (xattr = xattrs; xattr->name != NULL; xattr++) + ; + + evm_xattr = xattr; xattr_data = kzalloc(sizeof(*xattr_data), GFP_NOFS); if (!xattr_data) return -ENOMEM; xattr_data->data.type = EVM_XATTR_HMAC; - rc = evm_init_hmac(inode, lsm_xattr, xattr_data->digest); + rc = evm_init_hmac(inode, xattrs, xattr_data->digest); if (rc < 0) goto out; diff --git a/security/security.c b/security/security.c index f1f5f62f7fa..d0e20b26b6c 100644 --- a/security/security.c +++ b/security/security.c @@ -1705,9 +1705,8 @@ int security_inode_init_security(struct inode *inode, struct inode *dir, if (!num_filled_xattrs) goto out; - ret = evm_inode_init_security(inode, new_xattrs, - new_xattrs + num_filled_xattrs); - if (ret) + ret = evm_inode_init_security(inode, dir, qstr, new_xattrs); + if (ret && ret != -EOPNOTSUPP) goto out; ret = initxattrs(inode, new_xattrs, fs_data); out: From patchwork Tue Mar 14 08:17:20 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Roberto Sassu X-Patchwork-Id: 13173901 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aib29ajc247.phx1.oracleemaildelivery.com (aib29ajc247.phx1.oracleemaildelivery.com [192.29.103.247]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 19955C6FD1F for ; Tue, 14 Mar 2023 08:19:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=oss-phx-1109; d=oss.oracle.com; h=Date:To:From:Subject:Message-Id:MIME-Version:Sender; bh=23MAMuhAorHkfLjL5Xw18Z8Z6/EPcMfOL7PBKNkG5hs=; b=UXbGpthU3Hm+yi9dtdBphFCHM9qetFRI96e2fOU7QQ0JympDTk7iKMTByyM7JZi+SFhL0OQc3nud 8tHOwBVwV/TNICkfoF7wcMNPGbp0CL0YmB8c72lGEtRJNoK5CbGgqfPxSJukTj9VlV6z5zV0T8qi pc6Vv+yg/1ciley5qtcdmhH7PgEgbF56dpjYM/tpGrkmwMgLWxJ8aySHR9IsbhMUhwAu/y42wWDC K5mAV/0jTQjCxFRpWF4hA9GOjnaOSVa5gcppeT3iGCxTMJ44PEhVMAr/WVchlGRnIqX5N3GTSVN4 tI8H1AtMuXs4tDU2rpDwKHOeWMeg/5lvSRD2SQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=prod-phx-20191217; d=phx1.rp.oracleemaildelivery.com; h=Date:To:From:Subject:Message-Id:MIME-Version:Sender; bh=23MAMuhAorHkfLjL5Xw18Z8Z6/EPcMfOL7PBKNkG5hs=; b=rIvTvCzk0Iw8HUeX2t4RaxIy1E0zLMC3RQOk/LGLlsyJ4kBxKoij8BJ701CnE1mgqA9VqzM87t79 0RWvyCU0dupvC+6Xk/nbNn8AQsUdbQLAW03onQPH5rnS8jGdhZGcdAHpKAwJTxGQ0Uary9c/owSh jSswGl9KlS73Zhss6fsExM9tqXHco68yYb3Mw3tWwfaf0TAOKxgRa2fPs+76rcvRgfZuas4II3Up jcuWsREbFp6qY8kYTsMs6RnB+clqK+cPzrGXlAwxm+7nZxJbNyesgWe3mlnrm2N23VqOtAYzTqT1 43ufXr/fddWwYEX7JEcowYv/3zhMo154InpV7A== Received: by omta-ad1-fd3-102-us-phoenix-1.omtaad1.vcndpphx.oraclevcn.com (Oracle Communications Messaging Server 8.1.0.1.20230214 64bit (built Feb 14 2023)) with ESMTPS id <0RRI00C834GVSTA0@omta-ad1-fd3-102-us-phoenix-1.omtaad1.vcndpphx.oraclevcn.com> for ocfs2-devel@archiver.kernel.org; Tue, 14 Mar 2023 08:19:43 +0000 (GMT) To: mark@fasheh.com, jlbec@evilplan.org, joseph.qi@linux.alibaba.com, zohar@linux.ibm.com, dmitry.kasatkin@gmail.com, paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com, stephen.smalley.work@gmail.com, eparis@parisplace.org, casey@schaufler-ca.com Date: Tue, 14 Mar 2023 09:17:20 +0100 Message-id: <20230314081720.4158676-7-roberto.sassu@huaweicloud.com> X-Mailer: git-send-email 2.25.1 In-reply-to: <20230314081720.4158676-1-roberto.sassu@huaweicloud.com> References: <20230314081720.4158676-1-roberto.sassu@huaweicloud.com> MIME-version: 1.0 X-Source-IP: 14.137.139.154 X-Proofpoint-Virus-Version: vendor=nai engine=6500 definitions=10648 signatures=596816 X-Proofpoint-Spam-Details: rule=tap_notspam policy=tap score=0 suspectscore=0 mlxscore=0 priorityscore=0 impostorscore=0 adultscore=0 mlxlogscore=999 phishscore=0 spamscore=0 clxscore=72 bulkscore=0 malwarescore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2303140070 Cc: nicolas.bouchinet@clip-os.org, keescook@chromium.org, selinux@vger.kernel.org, Roberto Sassu , reiserfs-devel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, linux-integrity@vger.kernel.org, ocfs2-devel@oss.oracle.com Subject: [Ocfs2-devel] [PATCH v8 6/6] evm: Support multiple LSMs providing an xattr X-BeenThere: ocfs2-devel@oss.oracle.com X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Roberto Sassu via Ocfs2-devel Reply-to: Roberto Sassu Content-type: text/plain; charset="us-ascii" Content-transfer-encoding: 7bit Errors-to: ocfs2-devel-bounces@oss.oracle.com X-CM-TRANSID: GxC2BwBnNl2zLRBkenSXAQ--.34127S8 X-Coremail-Antispam: 1UD129KBjvJXoWxGryktFy8Jr45JrWUJFWfAFb_yoWrJFWkpa 98ta9rCrn5GFyUur9ayF48ua4SgrWrKw4UKwsxCr1jyFnFqr1Iqryxtr1Uur98WryrJrna vw40vw15Cw15t3DanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUUBvb4IE77IF4wAFF20E14v26rWj6s0DM7CY07I20VC2zVCF04k2 6cxKx2IYs7xG6rWj6s0DM7CIcVAFz4kK6r1j6r18M28IrcIa0xkI8VA2jI8067AKxVWUAV Cq3wA2048vs2IY020Ec7CjxVAFwI0_Xr0E3s1l8cAvFVAK0II2c7xJM28CjxkF64kEwVA0 rcxSw2x7M28EF7xvwVC0I7IYx2IY67AKxVWUCVW8JwA2z4x0Y4vE2Ix0cI8IcVCY1x0267 AKxVW8Jr0_Cr1UM28EF7xvwVC2z280aVAFwI0_Gr0_Cr1l84ACjcxK6I8E87Iv6xkF7I0E 14v26r4UJVWxJr1le2I262IYc4CY6c8Ij28IcVAaY2xG8wAqx4xG64xvF2IEw4CE5I8CrV C2j2WlYx0E2Ix0cI8IcVAFwI0_Jr0_Jr4lYx0Ex4A2jsIE14v26r1j6r4UMcvjeVCFs4IE 7xkEbVWUJVW8JwACjcxG0xvY0x0EwIxGrwACI402YVCY1x02628vn2kIc2xKxwCF04k20x vY0x0EwIxGrwCFx2IqxVCFs4IE7xkEbVWUJVW8JwC20s026c02F40E14v26r1j6r18MI8I 3I0E7480Y4vE14v26r106r1rMI8E67AF67kF1VAFwI0_GFv_WrylIxkGc2Ij64vIr41lIx AIcVC0I7IYx2IY67AKxVWUCVW8JwCI42IY6xIIjxv20xvEc7CjxVAFwI0_Gr1j6F4UJwCI 42IY6xAIw20EY4v20xvaj40_Jr0_JF4lIxAIcVC2z280aVAFwI0_Jr0_Gr1lIxAIcVC2z2 80aVCY1x0267AKxVW8Jr0_Cr1UYxBIdaVFxhVjvjDU0xZFpf9x07UZo7tUUUUU= X-CM-SenderInfo: purev21wro2thvvxqx5xdzvxpfor3voofrz/1tbiAgAQBF1jj4aJggAAsq X-CFilter-Loop: Reflected X-ServerName: frasgout12.his.huawei.com X-Proofpoint-SPF-Result: pass X-Proofpoint-SPF-Record: v=spf1 ip4:45.249.212.51 ip4:45.249.212.56 ip4:185.176.79.53 ip4:14.137.139.23 ip4:14.137.139.154 ip4:14.137.139.46 ip4:124.71.93.99 ip4:124.71.93.112 ip4:124.71.94.104 include:spf.saas.huaweicloud.com -all X-Spam: Clean X-Proofpoint-GUID: zZ6wwTPNjRo_2DWaEFXHCBSPkf0vlo9c X-Proofpoint-ORIG-GUID: zZ6wwTPNjRo_2DWaEFXHCBSPkf0vlo9c Reporting-Meta: AAH3HnWsoUXRvk8DhGZ/mheKa7MC6nWwy5xpf4rvdknePTLosHiw1nbkAKRJJjhb nAT64ol1BgHKeHK9Dt4z0g6xseaq87q8P0ym/zLf+4Ww4nk/OT1kl8KTfaPtbmvQ 2+oRzXpbZVPmGVrDczh89KTA/OCmiEUIz4Xf1CIvF2DV9rRO/xHgJ6h67CmveN/X Z2SWshee4vkJcoStyu/IjPhr1Z4pMaOXCMRn8/cpiTMyjA1emm6F1oe5RDhdwoNW BUvuf2B+pQtPy7O7NQqz5cn/qOI0G1q5cIz/iTnkaYVfjnhsF6bTyPl5ljXTcWds s7pMTUh7ZINaMDgahznDWBZnB7HyNLa8JyKIrI8i/8EyhFlgt773TT0R8g4Y0xKv /nulisF+W/8KP1YcREpye8iFySZzSVpY6K2JmAe0oMQC91DL95Dyhh8TBtiY3j1Z +8fLyEgmHAPIxubb6YV+RoQ7CNVCC99iBFeEwdXB0mVZtpVaN05DyZXHqyixOiPu neOvekPLJ9L0Uy71dV7VYxtCrPV/ob4E/et+/adCazzf From: Roberto Sassu Currently, evm_inode_init_security() processes a single LSM xattr from the array passed by security_inode_init_security(), and calculates the HMAC on it and other inode metadata. Given that initxattrs() callbacks, called by security_inode_init_security(), expect that this array is terminated when the xattr name is set to NULL, reuse the same assumption to scan all xattrs and to calculate the HMAC on all of them. Signed-off-by: Roberto Sassu Reviewed-by: Casey Schaufler Reviewed-by: Mimi Zohar --- security/integrity/evm/evm.h | 2 ++ security/integrity/evm/evm_crypto.c | 9 ++++++++- security/integrity/evm/evm_main.c | 16 +++++++++++----- 3 files changed, 21 insertions(+), 6 deletions(-) diff --git a/security/integrity/evm/evm.h b/security/integrity/evm/evm.h index f8b8c5004fc..f799d72a59f 100644 --- a/security/integrity/evm/evm.h +++ b/security/integrity/evm/evm.h @@ -46,6 +46,8 @@ struct evm_digest { char digest[IMA_MAX_DIGEST_SIZE]; } __packed; +int evm_protected_xattr(const char *req_xattr_name); + int evm_init_key(void); int evm_update_evmxattr(struct dentry *dentry, const char *req_xattr_name, diff --git a/security/integrity/evm/evm_crypto.c b/security/integrity/evm/evm_crypto.c index 033804f5a5f..5d8b5ecf594 100644 --- a/security/integrity/evm/evm_crypto.c +++ b/security/integrity/evm/evm_crypto.c @@ -389,6 +389,7 @@ int evm_init_hmac(struct inode *inode, const struct xattr *lsm_xattr, char *hmac_val) { struct shash_desc *desc; + const struct xattr *xattr; desc = init_desc(EVM_XATTR_HMAC, HASH_ALGO_SHA1); if (IS_ERR(desc)) { @@ -396,7 +397,13 @@ int evm_init_hmac(struct inode *inode, const struct xattr *lsm_xattr, return PTR_ERR(desc); } - crypto_shash_update(desc, lsm_xattr->value, lsm_xattr->value_len); + for (xattr = lsm_xattr; xattr->name != NULL; xattr++) { + if (!evm_protected_xattr(xattr->name)) + continue; + + crypto_shash_update(desc, xattr->value, xattr->value_len); + } + hmac_add_misc(desc, inode, EVM_XATTR_HMAC, hmac_val); kfree(desc); return 0; diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c index 7d20ce83915..013eb220cc5 100644 --- a/security/integrity/evm/evm_main.c +++ b/security/integrity/evm/evm_main.c @@ -305,7 +305,7 @@ static int evm_protected_xattr_common(const char *req_xattr_name, return found; } -static int evm_protected_xattr(const char *req_xattr_name) +int evm_protected_xattr(const char *req_xattr_name) { return evm_protected_xattr_common(req_xattr_name, false); } @@ -870,10 +870,10 @@ int evm_inode_init_security(struct inode *inode, struct inode *dir, { struct evm_xattr *xattr_data; struct xattr *xattr, *evm_xattr; + bool evm_protected_xattrs = false; int rc; - if (!(evm_initialized & EVM_INIT_HMAC) || !xattrs || - !evm_protected_xattr(xattrs->name)) + if (!(evm_initialized & EVM_INIT_HMAC) || !xattrs) return -EOPNOTSUPP; /* @@ -881,8 +881,14 @@ int evm_inode_init_security(struct inode *inode, struct inode *dir, * contiguous, there is enough space for security.evm, and that there is * a terminator at the end of the array. */ - for (xattr = xattrs; xattr->name != NULL; xattr++) - ; + for (xattr = xattrs; xattr->name != NULL; xattr++) { + if (evm_protected_xattr(xattr->name)) + evm_protected_xattrs = true; + } + + /* EVM xattr not needed. */ + if (!evm_protected_xattrs) + return -EOPNOTSUPP; evm_xattr = xattr;