From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_SANE_1 autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3DBBFC3A5A3 for ; Tue, 27 Aug 2019 17:07:19 +0000 (UTC) Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id BD1782173E for ; Tue, 27 Aug 2019 17:07:18 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org BD1782173E Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=suse.cz Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=linux-erofs-bounces+linux-erofs=archiver.kernel.org@lists.ozlabs.org Received: from bilbo.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 46HwKJ0Rg4zDqXV for ; Wed, 28 Aug 2019 03:07:16 +1000 (AEST) Authentication-Results: lists.ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=suse.cz (client-ip=195.135.220.15; helo=mx1.suse.de; envelope-from=dsterba@suse.cz; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=suse.cz Received: from mx1.suse.de (mx2.suse.de [195.135.220.15]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 46HwJl0cqpzDq77 for ; Wed, 28 Aug 2019 03:06:46 +1000 (AEST) X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id 6C032B03C; Tue, 27 Aug 2019 17:06:41 +0000 (UTC) Received: by ds.suse.cz (Postfix, from userid 10065) id D57F2DA809; Tue, 27 Aug 2019 19:07:00 +0200 (CEST) Date: Tue, 27 Aug 2019 19:07:00 +0200 From: David Sterba To: Mark Salyzyn Subject: Re: [PATCH v8] Add flags option to get xattr method paired to __vfs_getxattr Message-ID: <20190827170700.GW2752@suse.cz> Mail-Followup-To: dsterba@suse.cz, Mark Salyzyn , linux-kernel@vger.kernel.org, kernel-team@android.com, Tyler Hicks , Dominique Martinet , "David S. Miller" , Mathieu Malaterre , Andreas Dilger , devel@driverdev.osuosl.org, Vyacheslav Dubeyko , Joel Becker , Mark Fasheh , Chris Mason , Artem Bityutskiy , Eric Van Hensbergen , Ilya Dryomov , Bharath Vedartham , Eric Biggers , Hugh Dickins , Jann Horn , Serge Hallyn , Trond Myklebust , Gao Xiang , Chao Yu , David Woodhouse , Adrian Hunter , Latchesar Ionkov , Jaegeuk Kim , Jeff Layton , Dave Kleikamp , Tejun Heo , linux-mm@kvack.org, Andrew Morton , Joseph Qi , Mimi Zohar , Greg Kroah-Hartman , linux-afs@lists.infradead.org, linux-mtd@lists.infradead.org, devel@lists.orangefs.org, linux-erofs@lists.ozlabs.org, samba-technical@lists.samba.org, jfs-discussion@lists.sourceforge.net, linux-f2fs-devel@lists.sourceforge.net, v9fs-developer@lists.sourceforge.net, Jonathan Corbet , Theodore Ts'o , James Morris , Anna Schumaker , Richard Weinberger , Mike Marshall , Martin Brandenburg , Allison Henderson , "Darrick J. Wong" , ocfs2-devel@oss.oracle.com, Eric Paris , Paul Moore , Andreas Gruenbacher , Benjamin Coddington , "J. Bruce Fields" , Brian Foster , cluster-devel@redhat.com, Dave Chinner , David Howells , Bob Peterson , Sage Weil , Steve French , Eric Sandeen , Casey Schaufler , Phillip Lougher , David Sterba , Jan Kara , Jan Kara , Miklos Szeredi , Josef Bacik , Stephen Smalley , ceph-devel@vger.kernel.org, ecryptfs@vger.kernel.org, linux-btrfs@vger.kernel.org, linux-cifs@vger.kernel.org, linux-doc@vger.kernel.org, linux-ext4@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-integrity@vger.kernel.org, linux-nfs@vger.kernel.org, linux-security-module@vger.kernel.org, linux-unionfs@vger.kernel.org, linux-xfs@vger.kernel.org, netdev@vger.kernel.org, reiserfs-devel@vger.kernel.org, selinux@vger.kernel.org, stable@vger.kernel.org, Alexander Viro References: <20190827150544.151031-1-salyzyn@android.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20190827150544.151031-1-salyzyn@android.com> User-Agent: Mutt/1.5.23.1-rc1 (2014-03-12) X-BeenThere: linux-erofs@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development of Linux EROFS file system List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: dsterba@suse.cz Cc: Latchesar Ionkov , Eric Sandeen , Mike Marshall , James Morris , devel@lists.orangefs.org, Eric Van Hensbergen , Joel Becker , Trond Myklebust , Mathieu Malaterre , Greg Kroah-Hartman , linux-kernel@vger.kernel.org, Jan Kara , Casey Schaufler , Andrew Morton , Dave Kleikamp , linux-doc@vger.kernel.org, Jeff Layton , Mimi Zohar , "David S. Miller" , linux-cifs@vger.kernel.org, Paul Moore , "Darrick J. Wong" , Hugh Dickins , kernel-team@android.com, selinux@vger.kernel.org, Brian Foster , reiserfs-devel@vger.kernel.org, linux-fsdevel@vger.kernel.org, Jaegeuk Kim , Theodore Ts'o , Miklos Szeredi , linux-f2fs-devel@lists.sourceforge.net, Benjamin Coddington , linux-integrity@vger.kernel.org, Martin Brandenburg , Chris Mason , linux-mtd@lists.infradead.org, linux-afs@lists.infradead.org, Jonathan Corbet , Vyacheslav Dubeyko , Allison Henderson , Ilya Dryomov , linux-ext4@vger.kernel.org, Stephen Smalley , Serge Hallyn , Eric Paris , ceph-devel@vger.kernel.org, linux-nfs@vger.kernel.org, Joseph Qi , samba-technical@lists.samba.org, linux-xfs@vger.kernel.org, Bob Peterson , Tejun Heo , linux-erofs@lists.ozlabs.org, Anna Schumaker , ocfs2-devel@oss.oracle.com, jfs-discussion@lists.sourceforge.net, Jan Kara , Eric Biggers , Dominique Martinet , linux-unionfs@vger.kernel.org, David Howells , linux-mm@kvack.org, Andreas Dilger , devel@driverdev.osuosl.org, "J. Bruce Fields" , Andreas Gruenbacher , Sage Weil , Richard Weinberger , Mark Fasheh , cluster-devel@redhat.com, Steve French , v9fs-developer@lists.sourceforge.net, Bharath Vedartham , Jann Horn , ecryptfs@vger.kernel.org, Josef Bacik , Dave Chinner , David Sterba , Artem Bityutskiy , netdev@vger.kernel.org, Adrian Hunter , stable@vger.kernel.org, Tyler Hicks , linux-security-module@vger.kernel.org, Phillip Lougher , David Woodhouse , linux-btrfs@vger.kernel.org, Alexander Viro Errors-To: linux-erofs-bounces+linux-erofs=archiver.kernel.org@lists.ozlabs.org Sender: "Linux-erofs" On Tue, Aug 27, 2019 at 08:05:15AM -0700, Mark Salyzyn wrote: > Replace arguments for get and set xattr methods, and __vfs_getxattr > and __vfs_setaxtr functions with a reference to the following now > common argument structure: > > struct xattr_gs_args { > struct dentry *dentry; > struct inode *inode; > const char *name; > union { > void *buffer; > const void *value; > }; > size_t size; > int flags; > }; > > Which in effect adds a flags option to the get method and > __vfs_getxattr function. > > Add a flag option to get xattr method that has bit flag of > XATTR_NOSECURITY passed to it. XATTR_NOSECURITY is generally then > set in the __vfs_getxattr path when called by security > infrastructure. > > This handles the case of a union filesystem driver that is being > requested by the security layer to report back the xattr data. > > For the use case where access is to be blocked by the security layer. > > The path then could be security(dentry) -> > __vfs_getxattr({dentry...XATTR_NOSECURITY}) -> > handler->get({dentry...XATTR_NOSECURITY}) -> > __vfs_getxattr({lower_dentry...XATTR_NOSECURITY}) -> > lower_handler->get({lower_dentry...XATTR_NOSECURITY}) > which would report back through the chain data and success as > expected, the logging security layer at the top would have the > data to determine the access permissions and report back the target > context that was blocked. > > Without the get handler flag, the path on a union filesystem would be > the errant security(dentry) -> __vfs_getxattr(dentry) -> > handler->get(dentry) -> vfs_getxattr(lower_dentry) -> nested -> > security(lower_dentry, log off) -> lower_handler->get(lower_dentry) > which would report back through the chain no data, and -EACCES. > > For selinux for both cases, this would translate to a correctly > determined blocked access. In the first case with this change a correct avc > log would be reported, in the second legacy case an incorrect avc log > would be reported against an uninitialized u:object_r:unlabeled:s0 > context making the logs cosmetically useless for audit2allow. > > This patch series is inert and is the wide-spread addition of the > flags option for xattr functions, and a replacement of __vfs_getxattr > with __vfs_getxattr({...XATTR_NOSECURITY}). > > Signed-off-by: Mark Salyzyn > Reviewed-by: Jan Kara > Cc: Stephen Smalley > Cc: linux-kernel@vger.kernel.org > Cc: kernel-team@android.com > Cc: linux-security-module@vger.kernel.org > Cc: stable@vger.kernel.org # 4.4, 4.9, 4.14 & 4.19 > --- > v8: > - Documentation reported 'struct xattr_gs_flags' rather than > 'struct xattr_gs_flags *args' as argument to get and set methods. For btrfs > fs/btrfs/xattr.c | 36 +++++----- Acked-by: David Sterba