From: Christian Brauner <brauner@kernel.org>
To: Kees Cook <keescook@chromium.org>
Cc: "Mimi Zohar" <zohar@linux.ibm.com>,
"Dmitry Kasatkin" <dmitry.kasatkin@gmail.com>,
"Paul Moore" <paul@paul-moore.com>,
"James Morris" <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
"Petr Vorel" <pvorel@suse.cz>,
"Jonathan McDowell" <noodles@fb.com>,
"Borislav Petkov" <bp@suse.de>, "Takashi Iwai" <tiwai@suse.de>,
linux-integrity@vger.kernel.org,
linux-security-module@vger.kernel.org,
"Mickaël Salaün" <mic@digikod.net>,
"KP Singh" <kpsingh@kernel.org>,
"Casey Schaufler" <casey@schaufler-ca.com>,
"John Johansen" <john.johansen@canonical.com>,
linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org
Subject: Re: [PATCH 4/9] ima: Move ima_file_free() into LSM
Date: Tue, 18 Oct 2022 17:02:13 +0200 [thread overview]
Message-ID: <20221018150213.7n4sv7rtsh6lshd5@wittgenstein> (raw)
In-Reply-To: <20221013223654.659758-4-keescook@chromium.org>
On Thu, Oct 13, 2022 at 03:36:49PM -0700, Kees Cook wrote:
> The file_free_security hook already exists for managing notification of
> released files. Use the LSM hook instead of open-coded stacking.
>
> Cc: Mimi Zohar <zohar@linux.ibm.com>
> Cc: Dmitry Kasatkin <dmitry.kasatkin@gmail.com>
> Cc: Paul Moore <paul@paul-moore.com>
> Cc: James Morris <jmorris@namei.org>
> Cc: "Serge E. Hallyn" <serge@hallyn.com>
> Cc: Petr Vorel <pvorel@suse.cz>
> Cc: Jonathan McDowell <noodles@fb.com>
> Cc: Borislav Petkov <bp@suse.de>
> Cc: Takashi Iwai <tiwai@suse.de>
> Cc: linux-integrity@vger.kernel.org
> Cc: linux-security-module@vger.kernel.org
> Signed-off-by: Kees Cook <keescook@chromium.org>
> ---
> fs/file_table.c | 1 -
> include/linux/ima.h | 6 ------
> security/integrity/ima/ima_main.c | 3 ++-
> 3 files changed, 2 insertions(+), 8 deletions(-)
>
> diff --git a/fs/file_table.c b/fs/file_table.c
> index 99c6796c9f28..fa707d221a43 100644
> --- a/fs/file_table.c
> +++ b/fs/file_table.c
> @@ -311,7 +311,6 @@ static void __fput(struct file *file)
> eventpoll_release(file);
> locks_remove_file(file);
>
> - ima_file_free(file);
> if (unlikely(file->f_flags & FASYNC)) {
> if (file->f_op->fasync)
> file->f_op->fasync(-1, file, 0);
> diff --git a/include/linux/ima.h b/include/linux/ima.h
> index 6dc5143f89f2..9f18df366064 100644
> --- a/include/linux/ima.h
> +++ b/include/linux/ima.h
> @@ -19,7 +19,6 @@ extern enum hash_algo ima_get_current_hash_algo(void);
> extern int ima_file_check(struct file *file, int mask);
> extern void ima_post_create_tmpfile(struct user_namespace *mnt_userns,
> struct inode *inode);
> -extern void ima_file_free(struct file *file);
> extern void ima_post_path_mknod(struct user_namespace *mnt_userns,
> struct dentry *dentry);
> extern int ima_file_hash(struct file *file, char *buf, size_t buf_size);
> @@ -56,11 +55,6 @@ static inline void ima_post_create_tmpfile(struct user_namespace *mnt_userns,
> {
> }
>
> -static inline void ima_file_free(struct file *file)
> -{
> - return;
> -}
> -
> static inline void ima_post_path_mknod(struct user_namespace *mnt_userns,
> struct dentry *dentry)
> {
> diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
> index b3b79d030a67..94379ba40b58 100644
> --- a/security/integrity/ima/ima_main.c
> +++ b/security/integrity/ima/ima_main.c
> @@ -183,7 +183,7 @@ static void ima_check_last_writer(struct integrity_iint_cache *iint,
> *
> * Flag files that changed, based on i_version
> */
> -void ima_file_free(struct file *file)
> +static void ima_file_free(struct file *file)
> {
> struct inode *inode = file_inode(file);
> struct integrity_iint_cache *iint;
> @@ -1085,6 +1085,7 @@ static struct security_hook_list ima_hooks[] __lsm_ro_after_init = {
> LSM_HOOK_INIT(bprm_check_security, ima_bprm_check),
> LSM_HOOK_INIT(mmap_file, ima_file_mmap),
> LSM_HOOK_INIT(file_mprotect, ima_file_mprotect),
> + LSM_HOOK_INIT(file_free_security, ima_file_free),
This doesn't work afaict. If the file is opened for writing ima may
update xattrs. But by the time security_file_free() is called
put_file_access() has already been called which will have given up write
access to the file's mount.
So you would have to - just one of the possibilities - have to move
security_file_free() out of file_free() and into the old ima_file_free()
location. But that might cause semantic changes for other LSMs.
next prev parent reply other threads:[~2022-10-18 15:02 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-13 22:36 [PATCH 0/9] integrity: Move hooks into LSM Kees Cook
2022-10-13 22:36 ` [PATCH 1/9] integrity: Prepare for having "ima" and "evm" available in "integrity" LSM Kees Cook
2022-10-14 14:40 ` Mickaël Salaün
2022-10-14 17:59 ` Kees Cook
2022-10-17 9:26 ` Mickaël Salaün
2022-10-17 18:11 ` Kees Cook
2022-10-19 18:33 ` Kees Cook
2022-10-19 19:13 ` Mimi Zohar
2022-10-19 22:37 ` Kees Cook
2022-10-19 14:34 ` Mimi Zohar
2022-10-19 18:28 ` Kees Cook
2022-10-13 22:36 ` [PATCH 2/9] security: Move trivial IMA hooks into LSM Kees Cook
2022-10-19 14:34 ` Mimi Zohar
2022-10-19 18:59 ` Kees Cook
2022-10-19 20:45 ` Mimi Zohar
2022-10-19 23:41 ` Kees Cook
2022-10-20 12:17 ` Mimi Zohar
2022-10-21 14:53 ` Dr. Greg
2022-10-21 15:09 ` Casey Schaufler
2022-10-13 22:36 ` [PATCH 3/9] ima: Move xattr " Kees Cook
2022-10-18 15:07 ` Christian Brauner
2022-10-19 13:24 ` Mimi Zohar
2022-10-13 22:36 ` [PATCH 4/9] ima: Move ima_file_free() " Kees Cook
2022-10-18 15:02 ` Christian Brauner [this message]
2022-10-18 15:32 ` Roberto Sassu
2022-10-18 18:29 ` Kees Cook
2022-10-19 6:55 ` Roberto Sassu
2022-10-20 15:47 ` Paul Moore
2022-10-13 22:36 ` [PATCH 5/9] LSM: Introduce inode_post_setattr hook Kees Cook
2022-10-17 10:16 ` kernel test robot
2022-10-17 11:27 ` kernel test robot
2022-10-18 14:50 ` Christian Brauner
2022-10-13 22:36 ` [PATCH 6/9] fs: Introduce file_to_perms() helper Kees Cook
2022-10-18 14:10 ` Christian Brauner
2022-10-18 18:25 ` Kees Cook
2022-10-20 17:29 ` Casey Schaufler
2022-10-20 23:04 ` Kees Cook
2022-10-13 22:36 ` [PATCH 7/9] ima: Move ima_file_check() into LSM Kees Cook
2022-10-13 22:36 ` [PATCH 8/9] integrity: Move trivial hooks " Kees Cook
2022-10-13 22:36 ` [PATCH 9/9] integrity: Move integrity_inode_get() out of global header Kees Cook
2022-10-13 22:47 ` [PATCH 0/9] integrity: Move hooks into LSM Paul Moore
2022-10-14 1:16 ` Mimi Zohar
2022-10-18 15:31 ` Mickaël Salaün
2022-10-18 15:38 ` Roberto Sassu
2022-10-18 18:31 ` Kees Cook
2022-10-20 17:36 ` Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221018150213.7n4sv7rtsh6lshd5@wittgenstein \
--to=brauner@kernel.org \
--cc=bp@suse.de \
--cc=casey@schaufler-ca.com \
--cc=dmitry.kasatkin@gmail.com \
--cc=jmorris@namei.org \
--cc=john.johansen@canonical.com \
--cc=keescook@chromium.org \
--cc=kpsingh@kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mic@digikod.net \
--cc=noodles@fb.com \
--cc=paul@paul-moore.com \
--cc=pvorel@suse.cz \
--cc=serge@hallyn.com \
--cc=tiwai@suse.de \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.