From: Matthew Garrett <mjg59@google.com>
To: Stephen Smalley <sds@tycho.nsa.gov>
Cc: Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
linux-integrity <linux-integrity@vger.kernel.org>,
linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov,
David Howells <dhowells@redhat.com>
Subject: Re: [PATCH V3 1/2] security: Add a cred_getsecid hook
Date: Tue, 14 Nov 2017 11:42:29 -0800 [thread overview]
Message-ID: <CACdnJuvymPL4hiz2ZhdAxknVhGdnS9_XCkrk7mR_CDWXwgW5gg@mail.gmail.com> (raw)
In-Reply-To: <1509383027.10174.5.camel@tycho.nsa.gov>
On Mon, Oct 30, 2017 at 10:03 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
> On Mon, 2017-10-30 at 10:57 +0000, Matthew Garrett via Selinux wrote:
>> On Thu, Oct 26, 2017 at 3:20 PM, Stephen Smalley <sds@tycho.nsa.gov>
>> wrote:
>> > On Thu, 2017-10-26 at 01:40 -0700, Matthew Garrett via Selinux
>> > wrote:
>> > > +static void selinux_cred_getsecid(const struct cred *c, u32
>> > > *secid)
>> > > +{
>> > > + rcu_read_lock();
>> > > + *secid = cred_sid(c);
>> > > + rcu_read_unlock();
>> >
>> > Is rcu_read_lock() necessary here? Seems like we use cred_sid() in
>> > many
>> > places without it.
>>
>> Ah, I thought it was based on task_sid(), but I guess that's actually
>> protecting the __task_cred()?
>
> It appears to me that in all other cases, we are either dealing with
> the current cred, or something in the call chain of cred_sid() is
> holding a reference to the cred, or something in the call chain of
> cred_sid() has called rcu_read_lock() already. I might have missed
> something though, and I don't know how safe it is to assume that all
> future callers will do this. cc'd David for his thoughts.
Hi David,
Any opinion on this?
Thanks!
WARNING: multiple messages have this Message-ID (diff)
From: mjg59@google.com (Matthew Garrett)
To: linux-security-module@vger.kernel.org
Subject: [PATCH V3 1/2] security: Add a cred_getsecid hook
Date: Tue, 14 Nov 2017 11:42:29 -0800 [thread overview]
Message-ID: <CACdnJuvymPL4hiz2ZhdAxknVhGdnS9_XCkrk7mR_CDWXwgW5gg@mail.gmail.com> (raw)
In-Reply-To: <1509383027.10174.5.camel@tycho.nsa.gov>
On Mon, Oct 30, 2017 at 10:03 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
> On Mon, 2017-10-30 at 10:57 +0000, Matthew Garrett via Selinux wrote:
>> On Thu, Oct 26, 2017 at 3:20 PM, Stephen Smalley <sds@tycho.nsa.gov>
>> wrote:
>> > On Thu, 2017-10-26 at 01:40 -0700, Matthew Garrett via Selinux
>> > wrote:
>> > > +static void selinux_cred_getsecid(const struct cred *c, u32
>> > > *secid)
>> > > +{
>> > > + rcu_read_lock();
>> > > + *secid = cred_sid(c);
>> > > + rcu_read_unlock();
>> >
>> > Is rcu_read_lock() necessary here? Seems like we use cred_sid() in
>> > many
>> > places without it.
>>
>> Ah, I thought it was based on task_sid(), but I guess that's actually
>> protecting the __task_cred()?
>
> It appears to me that in all other cases, we are either dealing with
> the current cred, or something in the call chain of cred_sid() is
> holding a reference to the cred, or something in the call chain of
> cred_sid() has called rcu_read_lock() already. I might have missed
> something though, and I don't know how safe it is to assume that all
> future callers will do this. cc'd David for his thoughts.
Hi David,
Any opinion on this?
Thanks!
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2017-11-14 23:39 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-26 8:40 [PATCH V3 1/2] security: Add a cred_getsecid hook Matthew Garrett
2017-10-26 8:40 ` Matthew Garrett
2017-10-26 8:40 ` [PATCH V3 2/2] IMA: Support using new creds in appraisal policy Matthew Garrett
2017-10-26 8:40 ` Matthew Garrett
2017-10-26 9:11 ` James Morris
2017-10-26 9:11 ` James Morris
2017-11-28 20:48 ` Mimi Zohar
2017-11-28 20:48 ` Mimi Zohar
2017-11-28 20:48 ` Mimi Zohar
2017-11-28 21:22 ` Matthew Garrett
2017-11-28 21:22 ` Matthew Garrett
2017-11-28 21:35 ` Mimi Zohar
2017-11-28 21:35 ` Mimi Zohar
2017-11-28 21:35 ` Mimi Zohar
2017-11-28 21:37 ` Matthew Garrett
2017-11-28 21:37 ` Matthew Garrett
2017-11-28 22:33 ` Mimi Zohar
2017-11-28 22:33 ` Mimi Zohar
2017-12-15 22:24 ` Matthew Garrett
2017-12-15 22:24 ` Matthew Garrett
2017-12-15 22:35 ` Matthew Garrett
2017-12-15 22:35 ` Matthew Garrett
2017-12-18 15:39 ` Mimi Zohar
2017-12-18 15:39 ` Mimi Zohar
2017-12-18 15:39 ` Mimi Zohar
2017-10-26 9:04 ` [PATCH V3 1/2] security: Add a cred_getsecid hook James Morris
2017-10-26 9:04 ` James Morris
2017-10-26 13:21 ` Casey Schaufler
2017-10-26 13:21 ` Casey Schaufler
2017-10-30 10:54 ` Matthew Garrett
2017-10-30 10:54 ` Matthew Garrett
2017-10-26 14:20 ` Stephen Smalley
2017-10-26 14:20 ` Stephen Smalley
2017-10-26 14:20 ` Stephen Smalley
2017-10-30 10:57 ` Matthew Garrett
2017-10-30 10:57 ` Matthew Garrett
2017-10-30 17:03 ` Stephen Smalley
2017-10-30 17:03 ` Stephen Smalley
2017-10-30 17:03 ` Stephen Smalley
2017-11-14 19:42 ` Matthew Garrett [this message]
2017-11-14 19:42 ` Matthew Garrett
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CACdnJuvymPL4hiz2ZhdAxknVhGdnS9_XCkrk7mR_CDWXwgW5gg@mail.gmail.com \
--to=mjg59@google.com \
--cc=dhowells@redhat.com \
--cc=dmitry.kasatkin@gmail.com \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.