From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id A88FDC433EF
	for <linux-mm@archiver.kernel.org>; Mon, 13 Jun 2022 14:49:57 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 1543F8D0190; Mon, 13 Jun 2022 10:49:57 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 1041D8D0171; Mon, 13 Jun 2022 10:49:57 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id F36128D0190; Mon, 13 Jun 2022 10:49:56 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17])
	by kanga.kvack.org (Postfix) with ESMTP id E38998D0171
	for <linux-mm@kvack.org>; Mon, 13 Jun 2022 10:49:56 -0400 (EDT)
Received: from smtpin25.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay10.hostedemail.com (Postfix) with ESMTP id A6D36B0F
	for <linux-mm@kvack.org>; Mon, 13 Jun 2022 14:49:56 +0000 (UTC)
X-FDA: 79573497192.25.41FA03D
Received: from mail-oi1-f180.google.com (mail-oi1-f180.google.com [209.85.167.180])
	by imf19.hostedemail.com (Postfix) with ESMTP id 2E40C1A0249
	for <linux-mm@kvack.org>; Mon, 13 Jun 2022 14:48:49 +0000 (UTC)
Received: by mail-oi1-f180.google.com with SMTP id y69so7993709oia.7
        for <linux-mm@kvack.org>; Mon, 13 Jun 2022 07:48:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=cloudflare.com; s=google;
        h=message-id:date:mime-version:user-agent:subject:content-language:to
         :cc:references:from:in-reply-to:content-transfer-encoding;
        bh=F8034aqgQYOIDnTJYbKnqdxe/P3NxT2RcNrYib0/ruQ=;
        b=R4MMR5hyemRuM3l2mh4JZIS+Ysd67mGMs9w57QzxuAYNivT2oR2uA0ccLItOXx/Nff
         HI6/bkCTWcHzuf8uaxK0aZVKIRxAzJmo3pQ4NckjHUXisjQlQKqlTIlGGFMleFZ26TS5
         XrbPJQzMEXp3LBINHndQ9fwG3XW2+NnK70OZQ=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:message-id:date:mime-version:user-agent:subject
         :content-language:to:cc:references:from:in-reply-to
         :content-transfer-encoding;
        bh=F8034aqgQYOIDnTJYbKnqdxe/P3NxT2RcNrYib0/ruQ=;
        b=N7PjLyaCesw2OtNWZFBRKVMmshex6j3aYnSiGAglN3PTzpGoKSWP/Hfj7oftx455rS
         k57a71C2uZb6UO3PIdxEgAf9WZGlbCM7TDkvsvSsd4NckA/ulQS6VnOyLZ0JOzkGdrZL
         qvnjUfsro18rYOnlR798s75yG2UxLFmnWvzq0PRlAOJ1AQbJwlI4pVGEXSueFEwcO9z0
         n9MzYaItmk51WlxlRDCjmR6YAqlpF+JcQXGp37Vx6FP5Acl4MUp/86xq1b+bioCszdWl
         Pll723+s8DTtTpWX1y6+vAMoeR41p7Tqfaw7FO776BCQdcSgdUMyouEL2Hxz4e++EhXs
         EHLg==
X-Gm-Message-State: AOAM532umvXJwTATJhHAYjSdJoW4RYmWjp16kE5HGfSEgQ40aqHyqKbT
	gDKUyW627DfyzbMdEUvP/YQvO76ZlDg5OQ==
X-Google-Smtp-Source: ABdhPJxMf2Qm5H8GA35Xq5n+x+nRvAKUAEETko5C92sldqd/ieCBtB6EHAADbYtdN68bTfZpGjw0Ow==
X-Received: by 2002:aca:b744:0:b0:32f:4c19:cec1 with SMTP id h65-20020acab744000000b0032f4c19cec1mr1696209oif.43.1655128012170;
        Mon, 13 Jun 2022 06:46:52 -0700 (PDT)
Received: from [192.168.0.41] ([184.4.90.121])
        by smtp.gmail.com with ESMTPSA id o20-20020a4ad494000000b0035eb4e5a6b5sm3699171oos.11.2022.06.13.06.46.50
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Mon, 13 Jun 2022 06:46:51 -0700 (PDT)
Message-ID: <b4113083-73de-3ab6-e23f-32c6627d177e@cloudflare.com>
Date: Mon, 13 Jun 2022 08:46:49 -0500
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
 Thunderbird/91.10.0
Subject: Re: [PATCH v3] cred: Propagate security_prepare_creds() error code
Content-Language: en-US
To: Eric Biggers <ebiggers@kernel.org>
Cc: linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org,
 linux-aio@kvack.org, linux-fsdevel@vger.kernel.org,
 linux-cachefs@redhat.com, linux-cifs@vger.kernel.org,
 samba-technical@lists.samba.org, linux-mm@kvack.org,
 linux-nfs@vger.kernel.org, linux-unionfs@vger.kernel.org,
 linux-security-module@vger.kernel.org, netdev@vger.kernel.org,
 keyrings@vger.kernel.org, selinux@vger.kernel.org, serge@hallyn.com,
 amir73il@gmail.com, kernel-team@cloudflare.com,
 Jeff Moyer <jmoyer@redhat.com>, Paul Moore <paul@paul-moore.com>
References: <20220608150942.776446-1-fred@cloudflare.com>
 <YqJ/0W3wxPThWqgC@sol.localdomain>
From: Frederick Lawler <fred@cloudflare.com>
In-Reply-To: <YqJ/0W3wxPThWqgC@sol.localdomain>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
ARC-Authentication-Results: i=1;
	imf19.hostedemail.com;
	dkim=pass header.d=cloudflare.com header.s=google header.b=R4MMR5hy;
	spf=none (imf19.hostedemail.com: domain of fred@cloudflare.com has no SPF policy when checking 209.85.167.180) smtp.mailfrom=fred@cloudflare.com;
	dmarc=pass (policy=reject) header.from=cloudflare.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1655131730;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=F8034aqgQYOIDnTJYbKnqdxe/P3NxT2RcNrYib0/ruQ=;
	b=LKoPSwzxYHMDbJP4E0LnGapq8uABk/P4h8oXc6izjNKXcC3XDFSlnSsjAXQzKEhCzuLvkI
	vLsFQJrfat6HqmtH/1wQxu0otuNrOPShT9OXU7l3BgWSSyaGy7CJbfbS2lvmcDKOu808U0
	Ayn1izOdMULeX+B0SaeiQlYSKtH2srk=
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1655131730; a=rsa-sha256;
	cv=none;
	b=Uzj9LWj4J4+QsQHX9rwqKX1tQcwvoDK9gWD3eusJzppadOj2vEbSw7dDPtqrRgIwg3c6lR
	keCzdXquvQVpcVfCMwCnZp6zy/KOl2zUYvhaTXm7iE3PgBI07OcM73K6EbCmr2gM82cvYi
	eLnRJCLReqCCBkQ0ZQAyFaspZ4CUNBg=
X-Stat-Signature: 3ohaz7sbdnhyi3oswrj8cdaca1uj4kh4
X-Rspamd-Queue-Id: 2E40C1A0249
Authentication-Results: imf19.hostedemail.com;
	dkim=pass header.d=cloudflare.com header.s=google header.b=R4MMR5hy;
	spf=none (imf19.hostedemail.com: domain of fred@cloudflare.com has no SPF policy when checking 209.85.167.180) smtp.mailfrom=fred@cloudflare.com;
	dmarc=pass (policy=reject) header.from=cloudflare.com
X-Rspam-User: 
X-Rspamd-Server: rspam02
X-HE-Tag: 1655131729-1206
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

Hi Eric,

On 6/9/22 6:18 PM, Eric Biggers wrote:
> On Wed, Jun 08, 2022 at 10:09:42AM -0500, Frederick Lawler wrote:
>> diff --git a/fs/aio.c b/fs/aio.c
>> index 3c249b938632..5abbe88c3ca7 100644
>> --- a/fs/aio.c
>> +++ b/fs/aio.c
>> @@ -1620,6 +1620,8 @@ static void aio_fsync_work(struct work_struct *work)
>>   static int aio_fsync(struct fsync_iocb *req, const struct iocb *iocb,
>>   		     bool datasync)
>>   {
>> +	int err;
>> +
>>   	if (unlikely(iocb->aio_buf || iocb->aio_offset || iocb->aio_nbytes ||
>>   			iocb->aio_rw_flags))
>>   		return -EINVAL;
>> @@ -1628,8 +1630,11 @@ static int aio_fsync(struct fsync_iocb *req, const struct iocb *iocb,
>>   		return -EINVAL;
>>   
>>   	req->creds = prepare_creds();
>> -	if (!req->creds)
>> -		return -ENOMEM;
>> +	if (IS_ERR(req->creds)) {
>> +		err = PTR_ERR(req->creds);
>> +		req->creds = NULL;
>> +		return err;
>> +	}
> 
> This part is a little ugly.  How about doing:
> 
> 	creds = prepare_creds();
> 	if (IS_ERR(creds))
> 		return PTR_ERR(creds);
> 	req->creds = creds;
> 

I can do that, and same for below.

>> diff --git a/fs/exec.c b/fs/exec.c
>> index 0989fb8472a1..02624783e40e 100644
>> --- a/fs/exec.c
>> +++ b/fs/exec.c
>> @@ -1468,15 +1468,19 @@ EXPORT_SYMBOL(finalize_exec);
>>    */
>>   static int prepare_bprm_creds(struct linux_binprm *bprm)
>>   {
>> +	int err = -ERESTARTNOINTR;
>>   	if (mutex_lock_interruptible(&current->signal->cred_guard_mutex))
>> -		return -ERESTARTNOINTR;
>> +		return err;
>>   
>>   	bprm->cred = prepare_exec_creds();
>> -	if (likely(bprm->cred))
>> -		return 0;
>> +	if (IS_ERR(bprm->cred)) {
>> +		err = PTR_ERR(bprm->cred);
>> +		bprm->cred = NULL;
>> +		mutex_unlock(&current->signal->cred_guard_mutex);
>> +		return err;
>> +	}
>>   
>> -	mutex_unlock(&current->signal->cred_guard_mutex);
>> -	return -ENOMEM;
>> +	return 0;
>>   }
> 
> Similarly:
> 
> static int prepare_bprm_creds(struct linux_binprm *bprm)
> {
> 	struct cred *cred;
> 
> 	if (mutex_lock_interruptible(&current->signal->cred_guard_mutex))
> 		return -ERESTARTNOINTR;
> 
> 	cred = prepare_exec_creds();
> 	if (IS_ERR(cred)) {
> 		mutex_unlock(&current->signal->cred_guard_mutex);
> 		return PTR_ERR(cred);
> 	}
> 	bprm->cred = cred;
> 	return 0;
> }
> 
>> diff --git a/kernel/nsproxy.c b/kernel/nsproxy.c
>> index eec72ca962e2..6cf75aa83b6c 100644
>> --- a/kernel/nsproxy.c
>> +++ b/kernel/nsproxy.c
>> @@ -311,6 +311,7 @@ static void put_nsset(struct nsset *nsset)
>>   
>>   static int prepare_nsset(unsigned flags, struct nsset *nsset)
>>   {
>> +	int err = -ENOMEM;
>>   	struct task_struct *me = current;
>>   
>>   	nsset->nsproxy = create_new_namespaces(0, me, current_user_ns(), me->fs);
>> @@ -324,6 +325,12 @@ static int prepare_nsset(unsigned flags, struct nsset *nsset)
>>   	if (!nsset->cred)
>>   		goto out;
>>   
>> +	if (IS_ERR(nsset->cred)) {
>> +		err = PTR_ERR(nsset->cred);
>> +		nsset->cred = NULL;
>> +		goto out;
>> +	}
> 
> Why is the NULL check above being kept?
> 

In the branch prior:

	if (flags & CLONE_NEWUSER) {
		nsset->cred = prepare_creds();
	else
		nsset->cred = current_cred();

I don't see cases where others are checking for null after 
current_cred(), therefore I can remove that check.

> Also, drivers/crypto/ccp/sev-dev.c needs to be updated.
> 

Nice catch! I clearly missed addition after the merge window.

> - Eric