From: Kees Cook <kees@kernel.org>
To: Adrian Ratiu <adrian.ratiu@collabora.com>
Cc: linux-fsdevel@vger.kernel.org,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org,
linux-doc@vger.kernel.org, kernel@collabora.com, gbiv@google.com,
ryanbeltran@google.com, inglorion@google.com,
ajordanr@google.com, jorgelo@chromium.org,
Jann Horn <jannh@google.com>,
Christian Brauner <brauner@kernel.org>
Subject: Re: [PATCH v4 1/2] proc: pass file instead of inode to proc_mem_open
Date: Fri, 31 May 2024 14:14:04 -0700 [thread overview]
Message-ID: <202405311413.DF87BBE491@keescook> (raw)
In-Reply-To: <20240524192858.3206-1-adrian.ratiu@collabora.com>
On Fri, May 24, 2024 at 10:28:57PM +0300, Adrian Ratiu wrote:
> The file struct is required in proc_mem_open() so its
> f_mode can be checked when deciding whether to allow or
> deny /proc/*/mem open requests via the new read/write
> and foll_force restriction mechanism.
>
> Thus instead of directly passing the inode to the fun,
> we pass the file and get the inode inside it.
>
> Cc: Jann Horn <jannh@google.com>
> Cc: Kees Cook <keescook@chromium.org>
> Cc: Christian Brauner <brauner@kernel.org>
> Signed-off-by: Adrian Ratiu <adrian.ratiu@collabora.com>
With the nommu errors pointed out by 0day fixed:
Reviewed-by: Kees Cook <kees@kernel.org>
--
Kees Cook
prev parent reply other threads:[~2024-05-31 21:14 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-24 19:28 [PATCH v4 1/2] proc: pass file instead of inode to proc_mem_open Adrian Ratiu
2024-05-24 19:28 ` [PATCH v4 2/2] proc: restrict /proc/pid/mem Adrian Ratiu
2024-05-25 5:49 ` Randy Dunlap
2024-05-27 11:21 ` Adrian Ratiu
2024-05-31 21:29 ` Kees Cook
2024-05-24 21:05 ` [PATCH v4 1/2] proc: pass file instead of inode to proc_mem_open kernel test robot
2024-05-24 21:56 ` kernel test robot
2024-05-31 21:14 ` Kees Cook [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202405311413.DF87BBE491@keescook \
--to=kees@kernel.org \
--cc=adrian.ratiu@collabora.com \
--cc=ajordanr@google.com \
--cc=brauner@kernel.org \
--cc=gbiv@google.com \
--cc=inglorion@google.com \
--cc=jannh@google.com \
--cc=jorgelo@chromium.org \
--cc=kernel@collabora.com \
--cc=linux-doc@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=ryanbeltran@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.