From: Jinliang Zheng <alexjlzheng@gmail.com>
To: wufan@kernel.org
Cc: alexjlzheng@gmail.com, alexjlzheng@tencent.com, chrisw@osdl.org,
greg@kroah.com, jmorris@namei.org, linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org, paul@paul-moore.com,
serge@hallyn.com, viro@zeniv.linux.org.uk,
linux-efi@vger.kernel.org
Subject: Re: [PATCH v3] securityfs: fix missing of d_delete() in securityfs_remove()
Date: Fri, 9 May 2025 10:45:39 +0800 [thread overview]
Message-ID: <20250509024539.364945-1-alexjlzheng@tencent.com> (raw)
In-Reply-To: <CAKtyLkGK3JH7amgskrjMyUz1KZeVtAO_4bA_8iuBYvykgHRsRQ@mail.gmail.com>
On Thu, 8 May 2025 18:55:30 -0700, Fan Wu <wufan@kernel.org> wrote:
> On Thu, May 8, 2025 at 7:11 AM <alexjlzheng@gmail.com> wrote:
> >
> > From: Jinliang Zheng <alexjlzheng@tencent.com>
> >
> > Consider the following execution flow:
> >
> > Thread 0: securityfs_create_dir("A")
> > Thread 1: cd /sys/kernel/security/A <- we hold 'A'
> > Thread 0: securityfs_remove(dentry) <- 'A' don't go away
> > Thread 0: securityfs_create_dir("A") <- Failed: File exists!
> >
> > Although the LSM module will not be dynamically added or deleted after
> > the kernel is started, it may dynamically add or delete pseudo files
> > for status export or function configuration in userspace according to
> > different status, which we are not prohibited from doing so.
> >
> > In addition, securityfs_recursive_remove() avoids this problem by calling
> > __d_drop() directly. As a non-recursive version, it is somewhat strange
> > that securityfs_remove() does not clean up the deleted dentry.
> >
> > Fix this by adding d_delete() in securityfs_remove().
> >
> > Fixes: b67dbf9d4c198 ("[PATCH] add securityfs for all LSMs to use")
> > Signed-off-by: Jinliang Zheng <alexjlzheng@tencent.com>
> > ---
> > changelog:
> > v3: Modify the commit message to avoid readers mistakenly thinking that the LSM is being dynamically loaded
> > v2: https://lore.kernel.org/all/20250507111204.2585739-1-alexjlzheng@tencent.com/
> > v1: https://lore.kernel.org/all/20250425092548.6828-1-alexjlzheng@tencent.com/
> > ---
> > security/inode.c | 1 +
> > 1 file changed, 1 insertion(+)
> >
> > diff --git a/security/inode.c b/security/inode.c
> > index da3ab44c8e57..d99baf26350a 100644
> > --- a/security/inode.c
> > +++ b/security/inode.c
> > @@ -306,6 +306,7 @@ void securityfs_remove(struct dentry *dentry)
> > simple_rmdir(dir, dentry);
> > else
> > simple_unlink(dir, dentry);
> > + d_delete(dentry);
> > dput(dentry);
> > }
> > inode_unlock(dir);
> > --
> > 2.49.0
> >
> >
>
> Since this could impact efi_secret_unlink(), I would suggest adding linux-efi.
Thank you for your reply. :)
Did you mean cc to linux-efi?
thanks,
Jinliang Zheng.
>
> -Fan
next prev parent reply other threads:[~2025-05-09 2:45 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-08 14:04 [PATCH v3] securityfs: fix missing of d_delete() in securityfs_remove() alexjlzheng
2025-05-09 1:55 ` Fan Wu
2025-05-09 2:45 ` Jinliang Zheng [this message]
2025-05-09 3:23 ` Al Viro
2025-05-09 4:37 ` Al Viro
2025-05-09 4:46 ` Al Viro
2025-05-12 21:19 ` Paul Moore
2025-05-12 22:24 ` Al Viro
2025-05-13 0:10 ` Fan Wu
2025-05-09 4:37 ` [PATCH 1/8] securityfs: don't pin dentries twice, once is enough Al Viro
2025-05-13 23:13 ` Paul Moore
2025-05-09 4:38 ` [PATCH 2/8] securityfs: pin filesystem only for objects directly in root Al Viro
2025-05-09 4:39 ` [PATCH 3/8] fix locking in efi_secret_unlink() Al Viro
2025-05-09 4:39 ` [PATCH 4/8] make securityfs_remove() remove the entire subtree Al Viro
2025-05-09 4:40 ` [PATCH 5/8] efi_secret: clean securityfs use up Al Viro
2025-05-09 4:40 ` [PATCH 6/8] ima_fs: don't bother with removal of files in directory we'll be removing Al Viro
2025-05-09 4:41 ` [PATCH 7/8] ima_fs: get rid of lookup-by-dentry stuff Al Viro
2025-05-09 4:41 ` [PATCH 8/8] evm_secfs: clear securityfs interactions Al Viro
-- strict thread matches above, loose matches on Subject: below --
2025-05-07 22:12 [PATCH v2] securityfs: fix missing of d_delete() in securityfs_remove() Paul Moore
2025-05-09 2:41 ` [PATCH v3] " Jinliang Zheng
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250509024539.364945-1-alexjlzheng@tencent.com \
--to=alexjlzheng@gmail.com \
--cc=alexjlzheng@tencent.com \
--cc=chrisw@osdl.org \
--cc=greg@kroah.com \
--cc=jmorris@namei.org \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=serge@hallyn.com \
--cc=viro@zeniv.linux.org.uk \
--cc=wufan@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).