From: Paul Moore <paul@paul-moore.com>
To: Roberto Sassu <roberto.sassu@huaweicloud.com>,
zohar@linux.ibm.com, dmitry.kasatkin@gmail.com,
eric.snowberg@oracle.com, jmorris@namei.org, serge@hallyn.com
Cc: linux-integrity@vger.kernel.org,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-cifs@vger.kernel.org, viro@zeniv.linux.org.uk,
pc@manguebit.com, christian@brauner.io,
Roberto Sassu <roberto.sassu@huawei.com>,
stable@vger.kernel.org, Steve French <smfrench@gmail.com>
Subject: Re: [PATCH 1/2] security: Handle dentries without inode in security_path_post_mknod()
Date: Fri, 29 Mar 2024 15:06:12 -0400 [thread overview]
Message-ID: <5ef810071fbdc40451e2b2ea1920da09@paul-moore.com> (raw)
In-Reply-To: <20240329105609.1566309-1-roberto.sassu@huaweicloud.com>
On Mar 29, 2024 Roberto Sassu <roberto.sassu@huaweicloud.com> wrote:
>
> Commit 08abce60d63fi ("security: Introduce path_post_mknod hook")
> introduced security_path_post_mknod(), to replace the IMA-specific call to
> ima_post_path_mknod().
>
> For symmetry with security_path_mknod(), security_path_post_mknod() is
> called after a successful mknod operation, for any file type, rather than
> only for regular files at the time there was the IMA call.
>
> However, as reported by VFS maintainers, successful mknod operation does
> not mean that the dentry always has an inode attached to it (for example,
> not for FIFOs on a SAMBA mount).
>
> If that condition happens, the kernel crashes when
> security_path_post_mknod() attempts to verify if the inode associated to
> the dentry is private.
>
> Add an extra check to first verify if there is an inode attached to the
> dentry, before checking if the inode is private. Also add the same check to
> the current users of the path_post_mknod hook, ima_post_path_mknod() and
> evm_post_path_mknod().
>
> Finally, use the proper helper, d_backing_inode(), to retrieve the inode
> from the dentry in ima_post_path_mknod().
>
> Cc: stable@vger.kernel.org # 6.8.x
> Reported-by: Steve French <smfrench@gmail.com>
> Closes: https://lore.kernel.org/linux-kernel/CAH2r5msAVzxCUHHG8VKrMPUKQHmBpE6K9_vjhgDa1uAvwx4ppw@mail.gmail.com/
> Fixes: 08abce60d63fi ("security: Introduce path_post_mknod hook")
> Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
> Acked-by: Mimi Zohar <zohar@linux.ibm.com>
> ---
> security/integrity/evm/evm_main.c | 6 ++++--
> security/integrity/ima/ima_main.c | 5 +++--
> security/security.c | 4 +++-
> 3 files changed, 10 insertions(+), 5 deletions(-)
In addition to the stable marking that Mimi already pointed out, I've
got one small comment below, but otherwise this looks fine to me.
Also, just to confirm, you're going to send patch 1/2 up to Linus during
the v6.9-rc1 phase and hold patch 2/2 for the next merge window, right?
Acked-by: Paul Moore <paul@paul-moore.com>
> diff --git a/security/security.c b/security/security.c
> index 7e118858b545..455f0749e1b0 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -1801,7 +1801,9 @@ EXPORT_SYMBOL(security_path_mknod);
> */
> void security_path_post_mknod(struct mnt_idmap *idmap, struct dentry *dentry)
> {
> - if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
> + /* Not all dentries have an inode attached after mknod. */
> + if (d_backing_inode(dentry) &&
> + unlikely(IS_PRIVATE(d_backing_inode(dentry))))
> return;
I don't know how much impact this would have on the compiled code, but
you could save yourself a call into d_backing_inode() by saving it to
a local variable:
struct inode *inode = d_backing_inode(dentry);
if (inode && unlikely(IS_PRIVATE(inode)))
return;
> call_void_hook(path_post_mknod, idmap, dentry);
> }
> --
> 2.34.1
--
paul-moore.com
prev parent reply other threads:[~2024-03-29 19:06 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-29 10:56 [PATCH 1/2] security: Handle dentries without inode in security_path_post_mknod() Roberto Sassu
2024-03-29 10:56 ` [PATCH 2/2] ima: evm: Rename *_post_path_mknod() to *_path_post_mknod() Roberto Sassu
2024-03-29 15:16 ` Mimi Zohar
2024-03-29 15:45 ` Roberto Sassu
2024-03-29 19:12 ` Paul Moore
2024-03-29 19:27 ` Mimi Zohar
2024-03-29 19:56 ` Paul Moore
2024-03-29 15:05 ` [PATCH 1/2] security: Handle dentries without inode in security_path_post_mknod() Mimi Zohar
2024-03-29 15:42 ` Roberto Sassu
2024-03-29 19:06 ` Paul Moore [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5ef810071fbdc40451e2b2ea1920da09@paul-moore.com \
--to=paul@paul-moore.com \
--cc=christian@brauner.io \
--cc=dmitry.kasatkin@gmail.com \
--cc=eric.snowberg@oracle.com \
--cc=jmorris@namei.org \
--cc=linux-cifs@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=pc@manguebit.com \
--cc=roberto.sassu@huawei.com \
--cc=roberto.sassu@huaweicloud.com \
--cc=serge@hallyn.com \
--cc=smfrench@gmail.com \
--cc=stable@vger.kernel.org \
--cc=viro@zeniv.linux.org.uk \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox