Re: [PATCH v1 1/2] landlock: Handle weird files

linux-security-module.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: "Günther Noack" <gnoack3000@gmail.com>
To: "Mickaël Salaün" <mic@digikod.net>
Cc: "Günther Noack" <gnoack@google.com>,
	linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
	linux-security-module@vger.kernel.org,
	"Paul Moore" <paul@paul-moore.com>,
	"Dave Chinner" <david@fromorbit.com>,
	"Kent Overstreet" <kent.overstreet@linux.dev>,
	syzbot+34b68f850391452207df@syzkaller.appspotmail.com,
	syzbot+360866a59e3c80510a62@syzkaller.appspotmail.com,
	"Ubisectech Sirius" <bugreport@ubisectech.com>
Subject: Re: [PATCH v1 1/2] landlock: Handle weird files
Date: Fri, 10 Jan 2025 17:37:26 +0100	[thread overview]
Message-ID: <20250110.3421eeaaf069@gnoack.org> (raw)
In-Reply-To: <20250110153918.241810-1-mic@digikod.net>

On Fri, Jan 10, 2025 at 04:39:13PM +0100, Mickaël Salaün wrote:
> A corrupted filesystem (e.g. bcachefs) might return weird files.
> Instead of throwing a warning and allowing access to such file, treat
> them as regular files.
> 
> Cc: Dave Chinner <david@fromorbit.com>
> Cc: Günther Noack <gnoack@google.com>
> Cc: Kent Overstreet <kent.overstreet@linux.dev>
> Cc: Paul Moore <paul@paul-moore.com>
> Reported-by: syzbot+34b68f850391452207df@syzkaller.appspotmail.com
> Closes: https://lore.kernel.org/r/000000000000a65b35061cffca61@google.com
> Reported-by: syzbot+360866a59e3c80510a62@syzkaller.appspotmail.com
> Closes: https://lore.kernel.org/r/67379b3f.050a0220.85a0.0001.GAE@google.com
> Reported-by: Ubisectech Sirius <bugreport@ubisectech.com>
> Closes: https://lore.kernel.org/r/c426821d-8380-46c4-a494-7008bbd7dd13.bugreport@ubisectech.com
> Fixes: cb2c7d1a1776 ("landlock: Support filesystem access-control")
> Signed-off-by: Mickaël Salaün <mic@digikod.net>
> ---
>  security/landlock/fs.c | 11 +++++------
>  1 file changed, 5 insertions(+), 6 deletions(-)
> 
> diff --git a/security/landlock/fs.c b/security/landlock/fs.c
> index e31b97a9f175..7adb25150488 100644
> --- a/security/landlock/fs.c
> +++ b/security/landlock/fs.c
> @@ -937,10 +937,6 @@ static access_mask_t get_mode_access(const umode_t mode)
>  	switch (mode & S_IFMT) {
>  	case S_IFLNK:
>  		return LANDLOCK_ACCESS_FS_MAKE_SYM;
> -	case 0:
> -		/* A zero mode translates to S_IFREG. */
> -	case S_IFREG:
> -		return LANDLOCK_ACCESS_FS_MAKE_REG;
>  	case S_IFDIR:
>  		return LANDLOCK_ACCESS_FS_MAKE_DIR;
>  	case S_IFCHR:
> @@ -951,9 +947,12 @@ static access_mask_t get_mode_access(const umode_t mode)
>  		return LANDLOCK_ACCESS_FS_MAKE_FIFO;
>  	case S_IFSOCK:
>  		return LANDLOCK_ACCESS_FS_MAKE_SOCK;
> +	case S_IFREG:
> +	case 0:
> +		/* A zero mode translates to S_IFREG. */
>  	default:
> -		WARN_ON_ONCE(1);
> -		return 0;
> +		/* Treats weird files as regular files. */
> +		return LANDLOCK_ACCESS_FS_MAKE_REG;
>  	}
>  }
>  
> -- 
> 2.47.1
> 

Reviewed-by: Günther Noack <gnoack3000@gmail.com>

Makes sense to me, since this is enforcing a stronger check than before
and can only happen in the case of corruption.

I do not have a good intuition about what happens afterwards when the
file system is in such a state.  I imagine that this will usually give
an error shortly afterwards, as the opening of the file continues?  Is
that right?

–Günther

next prev parent reply	other threads:[~2025-01-10 16:37 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-01-10 15:39 [PATCH v1 1/2] landlock: Handle weird files Mickaël Salaün
2025-01-10 15:39 ` [PATCH v1 2/2] landlock: Constify get_mode_access() Mickaël Salaün
2025-01-10 16:39   ` Günther Noack
2025-01-10 16:37 ` Günther Noack [this message]
2025-01-11 15:38   ` [PATCH v1 1/2] landlock: Handle weird files Mickaël Salaün
2025-01-15  7:15     ` Christoph Hellwig
2025-01-15 10:54       ` Christian Brauner

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20250110.3421eeaaf069@gnoack.org \
    --to=gnoack3000@gmail.com \
    --cc=bugreport@ubisectech.com \
    --cc=david@fromorbit.com \
    --cc=gnoack@google.com \
    --cc=kent.overstreet@linux.dev \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=mic@digikod.net \
    --cc=paul@paul-moore.com \
    --cc=syzbot+34b68f850391452207df@syzkaller.appspotmail.com \
    --cc=syzbot+360866a59e3c80510a62@syzkaller.appspotmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).