From: "Günther Noack" <gnoack@google.com>
To: "Mickaël Salaün" <mic@digikod.net>
Cc: linux-security-module@vger.kernel.org,
Jeff Xu <jeffxu@google.com>,
Jorge Lucangeli Obes <jorgelo@chromium.org>,
Allen Webb <allenwebb@google.com>,
Dmitry Torokhov <dtor@google.com>,
Paul Moore <paul@paul-moore.com>,
Konstantin Meskhidze <konstantin.meskhidze@huawei.com>,
Matt Bobrowski <repnop@google.com>,
linux-fsdevel@vger.kernel.org
Subject: Re: [PATCH v6 4/9] landlock: Add IOCTL access right
Date: Fri, 1 Dec 2023 15:04:57 +0100 [thread overview]
Message-ID: <ZWnoCYXcS74axxA8@google.com> (raw)
In-Reply-To: <20231128.ahdoSh2bag5u@digikod.net>
On Thu, Nov 30, 2023 at 10:28:44AM +0100, Mickaël Salaün wrote:
> On Fri, Nov 24, 2023 at 06:30:21PM +0100, Günther Noack wrote:
> > --- a/security/landlock/fs.c
> > +++ b/security/landlock/fs.c
> > @@ -83,6 +86,141 @@ static const struct landlock_object_underops landlock_fs_underops = {
> > .release = release_inode
> > };
> >
> > +/* IOCTL helpers */
> > +
> > +/*
> > + * These are synthetic access rights, which are only used within the kernel, but
> > + * not exposed to callers in userspace. The mapping between these access rights
> > + * and IOCTL commands is defined in the required_ioctl_access() helper function.
> > + */
> > +#define LANDLOCK_ACCESS_FS_IOCTL_GROUP1 (LANDLOCK_LAST_PUBLIC_ACCESS_FS << 1)
> > +#define LANDLOCK_ACCESS_FS_IOCTL_GROUP2 (LANDLOCK_LAST_PUBLIC_ACCESS_FS << 2)
> > +#define LANDLOCK_ACCESS_FS_IOCTL_GROUP3 (LANDLOCK_LAST_PUBLIC_ACCESS_FS << 3)
> > +#define LANDLOCK_ACCESS_FS_IOCTL_GROUP4 (LANDLOCK_LAST_PUBLIC_ACCESS_FS << 4)
> > +
> > +/* ioctl_groups - all synthetic access rights for IOCTL command groups */
> > +static const access_mask_t ioctl_groups =
>
> I find it easier to read and maintain with an ORed right per line, which
> requires clang-format on/off marks.
Done.
I turned this into a #define as well, so that the static_assert() works even in
the GCC9-based PowerPC configuration where the compile previouly failed. (I
have not reproduced this, but it seems obvious that this is the problem; the old
compiler does not realize yet that a "const int" is constant enough.)
> > +/**
> > + * landlock_expand_access_fs() - Returns @access with the synthetic IOCTL group
> > + * flags enabled if necessary.
> > + *
> > + * @handled: Handled FS access rights.
> > + * @access: FS access rights to expand.
> > + *
> > + * Returns: @access expanded by the necessary flags for the synthetic IOCTL
> > + * access rights.
> > + */
> > +static access_mask_t landlock_expand_access_fs(const access_mask_t handled,
> > + const access_mask_t access)
> > +{
> > + static_assert((ioctl_groups & LANDLOCK_MASK_ACCESS_FS) == ioctl_groups);
>
> You can move the static_assert() call just after the ioctl_groups
> declaration (contrary to BUILD_BUG_ON() calls which must be in a
> function).
Done.
> > + * Returns: @handled, with the bits for the synthetic IOCTL access rights set,
> > + * if %LANDLOCK_ACCESS_FS_IOCTL is handled
>
> Missing final dot.
Thanks, added here and also in a few other places where I missed it.
—Günther
next prev parent reply other threads:[~2023-12-01 14:05 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-24 17:30 [PATCH v6 0/9] Landlock: IOCTL support Günther Noack
2023-11-24 17:30 ` [PATCH v6 1/9] landlock: Remove remaining "inline" modifiers in .c files Günther Noack
2023-11-30 9:27 ` Mickaël Salaün
2023-12-01 14:05 ` Günther Noack
2023-11-24 17:30 ` [PATCH v6 2/9] selftests/landlock: Rename "permitted" to "allowed" in ftruncate tests Günther Noack
2023-11-24 17:30 ` [PATCH v6 3/9] landlock: Optimize the number of calls to get_access_mask slightly Günther Noack
2023-11-24 17:30 ` [PATCH v6 4/9] landlock: Add IOCTL access right Günther Noack
2023-11-26 7:23 ` kernel test robot
2023-11-30 9:28 ` Mickaël Salaün
2023-12-01 14:04 ` Günther Noack [this message]
2023-11-24 17:30 ` [PATCH v6 5/9] selftests/landlock: Test IOCTL support Günther Noack
2023-11-30 9:30 ` Mickaël Salaün
2023-11-24 17:30 ` [PATCH v6 6/9] selftests/landlock: Test IOCTL with memfds Günther Noack
2023-11-24 17:30 ` [PATCH v6 7/9] selftests/landlock: Test ioctl(2) and ftruncate(2) with open(O_PATH) Günther Noack
2023-11-24 17:30 ` [PATCH v6 8/9] samples/landlock: Add support for LANDLOCK_ACCESS_FS_IOCTL Günther Noack
2023-11-24 17:30 ` [PATCH v6 9/9] landlock: Document IOCTL support Günther Noack
-- strict thread matches above, loose matches on Subject: below --
2023-11-25 6:20 [PATCH v6 4/9] landlock: Add IOCTL access right kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZWnoCYXcS74axxA8@google.com \
--to=gnoack@google.com \
--cc=allenwebb@google.com \
--cc=dtor@google.com \
--cc=jeffxu@google.com \
--cc=jorgelo@chromium.org \
--cc=konstantin.meskhidze@huawei.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mic@digikod.net \
--cc=paul@paul-moore.com \
--cc=repnop@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.