From: David Howells <dhowells@redhat.com> To: torvalds@linux-foundation.org, viro@zeniv.linux.org.uk Cc: dhowells@redhat.comdhowells@redhat.com, casey@schaufler-ca.com, sds@tycho.nsa.gov, nicolas.dichtel@6wind.com, raven@themaw.net, christian@brauner.io, andres@anarazel.de, jlayton@redhat.com, dray@redhat.com, kzak@redhat.com, keyrings@vger.kernel.org, linux-api@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [RFC PATCH 15/17] watch_queue: Introduce a non-repeating system-unique superblock ID [ver #4] Date: Mon, 09 Mar 2020 12:19:28 +0000 [thread overview] Message-ID: <158375636846.334846.3569223596340231054.stgit@warthog.procyon.org.uk> (raw) In-Reply-To: <158375623086.334846.16121725232323108842.stgit@warthog.procyon.org.uk> Introduce an (effectively) non-repeating system-unique superblock ID that can be used to determine that two object are in the same superblock without risking reuse of the ID in the meantime (as is possible with device IDs). The ID is time-based to make it harder to use it as a covert communications channel. In future patches, this ID will be used to tag superblock notification messages. It will also be made queryable. Signed-off-by: David Howells <dhowells@redhat.com> --- fs/internal.h | 1 + fs/super.c | 24 ++++++++++++++++++++++++ include/linux/fs.h | 3 +++ 3 files changed, 28 insertions(+) diff --git a/fs/internal.h b/fs/internal.h index f3f280b952a3..a0d90f23593c 100644 --- a/fs/internal.h +++ b/fs/internal.h @@ -109,6 +109,7 @@ extern int reconfigure_super(struct fs_context *); extern bool trylock_super(struct super_block *sb); extern struct super_block *user_get_super(dev_t); extern bool mount_capable(struct fs_context *); +extern void vfs_generate_unique_id(u64 *); /* * open.c diff --git a/fs/super.c b/fs/super.c index cd352530eca9..ececa5695fd1 100644 --- a/fs/super.c +++ b/fs/super.c @@ -44,6 +44,8 @@ static int thaw_super_locked(struct super_block *sb); static LIST_HEAD(super_blocks); static DEFINE_SPINLOCK(sb_lock); +static u64 vfs_last_identifier; +static u64 vfs_identifier_offset; static char *sb_writers_name[SB_FREEZE_LEVELS] = { "sb_writers", @@ -273,6 +275,7 @@ static struct super_block *alloc_super(struct file_system_type *type, int flags, goto fail; if (list_lru_init_memcg(&s->s_inode_lru, &s->s_shrink)) goto fail; + vfs_generate_unique_id(&s->s_unique_id); return s; fail: @@ -1867,3 +1870,24 @@ int thaw_super(struct super_block *sb) return thaw_super_locked(sb); } EXPORT_SYMBOL(thaw_super); + +/* + * Generate a unique identifier for a superblock or mount object. + */ +void vfs_generate_unique_id(u64 *_id) +{ + u64 id = ktime_to_ns(ktime_get()); + + spin_lock(&sb_lock); + + id += vfs_identifier_offset; + if (id <= vfs_last_identifier) { + id = vfs_last_identifier + 1; + vfs_identifier_offset = vfs_last_identifier - id; + } + + vfs_last_identifier = id; + spin_unlock(&sb_lock); + + *_id = id; +} diff --git a/include/linux/fs.h b/include/linux/fs.h index 3cd4fe6b845e..9de6bfe41016 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -1548,6 +1548,9 @@ struct super_block { spinlock_t s_inode_wblist_lock; struct list_head s_inodes_wb; /* writeback inodes */ + + /* Superblock event notifications */ + u64 s_unique_id; } __randomize_layout; /* Helper functions so that in most cases filesystems will
WARNING: multiple messages have this Message-ID (diff)
From: David Howells <dhowells@redhat.com> To: torvalds@linux-foundation.org, viro@zeniv.linux.org.uk Cc: dhowells@redhat.com, dhowells@redhat.com, casey@schaufler-ca.com, sds@tycho.nsa.gov, nicolas.dichtel@6wind.com, raven@themaw.net, christian@brauner.io, andres@anarazel.de, jlayton@redhat.com, dray@redhat.com, kzak@redhat.com, keyrings@vger.kernel.org, linux-api@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [RFC PATCH 15/17] watch_queue: Introduce a non-repeating system-unique superblock ID [ver #4] Date: Mon, 09 Mar 2020 12:19:28 +0000 [thread overview] Message-ID: <158375636846.334846.3569223596340231054.stgit@warthog.procyon.org.uk> (raw) In-Reply-To: <158375623086.334846.16121725232323108842.stgit@warthog.procyon.org.uk> Introduce an (effectively) non-repeating system-unique superblock ID that can be used to determine that two object are in the same superblock without risking reuse of the ID in the meantime (as is possible with device IDs). The ID is time-based to make it harder to use it as a covert communications channel. In future patches, this ID will be used to tag superblock notification messages. It will also be made queryable. Signed-off-by: David Howells <dhowells@redhat.com> --- fs/internal.h | 1 + fs/super.c | 24 ++++++++++++++++++++++++ include/linux/fs.h | 3 +++ 3 files changed, 28 insertions(+) diff --git a/fs/internal.h b/fs/internal.h index f3f280b952a3..a0d90f23593c 100644 --- a/fs/internal.h +++ b/fs/internal.h @@ -109,6 +109,7 @@ extern int reconfigure_super(struct fs_context *); extern bool trylock_super(struct super_block *sb); extern struct super_block *user_get_super(dev_t); extern bool mount_capable(struct fs_context *); +extern void vfs_generate_unique_id(u64 *); /* * open.c diff --git a/fs/super.c b/fs/super.c index cd352530eca9..ececa5695fd1 100644 --- a/fs/super.c +++ b/fs/super.c @@ -44,6 +44,8 @@ static int thaw_super_locked(struct super_block *sb); static LIST_HEAD(super_blocks); static DEFINE_SPINLOCK(sb_lock); +static u64 vfs_last_identifier; +static u64 vfs_identifier_offset; static char *sb_writers_name[SB_FREEZE_LEVELS] = { "sb_writers", @@ -273,6 +275,7 @@ static struct super_block *alloc_super(struct file_system_type *type, int flags, goto fail; if (list_lru_init_memcg(&s->s_inode_lru, &s->s_shrink)) goto fail; + vfs_generate_unique_id(&s->s_unique_id); return s; fail: @@ -1867,3 +1870,24 @@ int thaw_super(struct super_block *sb) return thaw_super_locked(sb); } EXPORT_SYMBOL(thaw_super); + +/* + * Generate a unique identifier for a superblock or mount object. + */ +void vfs_generate_unique_id(u64 *_id) +{ + u64 id = ktime_to_ns(ktime_get()); + + spin_lock(&sb_lock); + + id += vfs_identifier_offset; + if (id <= vfs_last_identifier) { + id = vfs_last_identifier + 1; + vfs_identifier_offset = vfs_last_identifier - id; + } + + vfs_last_identifier = id; + spin_unlock(&sb_lock); + + *_id = id; +} diff --git a/include/linux/fs.h b/include/linux/fs.h index 3cd4fe6b845e..9de6bfe41016 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -1548,6 +1548,9 @@ struct super_block { spinlock_t s_inode_wblist_lock; struct list_head s_inodes_wb; /* writeback inodes */ + + /* Superblock event notifications */ + u64 s_unique_id; } __randomize_layout; /* Helper functions so that in most cases filesystems will
next prev parent reply other threads:[~2020-03-09 12:19 UTC|newest] Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-03-09 12:17 [RFC PATCH 00/17] pipe: Keyrings, mount and superblock notifications [ver #4] David Howells 2020-03-09 12:17 ` David Howells 2020-03-09 12:17 ` [RFC PATCH 01/17] uapi: General notification queue definitions " David Howells 2020-03-09 12:17 ` David Howells 2020-03-09 12:17 ` [RFC PATCH 02/17] security: Add hooks to rule on setting a watch " David Howells 2020-03-09 12:17 ` David Howells 2020-03-09 12:17 ` [RFC PATCH 03/17] security: Add a hook for the point of notification insertion " David Howells 2020-03-09 12:17 ` David Howells 2020-03-09 12:17 ` [RFC PATCH 04/17] pipe: Add O_NOTIFICATION_PIPE " David Howells 2020-03-09 12:17 ` David Howells 2020-03-09 12:17 ` [RFC PATCH 05/17] pipe: Add general notification queue support " David Howells 2020-03-09 12:17 ` David Howells 2020-03-09 12:18 ` [RFC PATCH 06/17] watch_queue: Add a key/keyring notification facility " David Howells 2020-03-09 12:18 ` David Howells 2020-03-09 12:18 ` [RFC PATCH 07/17] Add sample notification program " David Howells 2020-03-09 12:18 ` David Howells 2020-03-09 12:18 ` [RFC PATCH 08/17] pipe: Allow buffers to be marked read-whole-or-error for notifications " David Howells 2020-03-09 12:18 ` David Howells 2020-03-09 12:18 ` [RFC PATCH 09/17] pipe: Add notification lossage handling " David Howells 2020-03-09 12:18 ` David Howells 2020-03-09 12:18 ` [RFC PATCH 10/17] selinux: Implement the watch_key security hook " David Howells 2020-03-09 12:18 ` David Howells 2020-03-09 12:18 ` [RFC PATCH 11/17] smack: Implement the watch_key and post_notification hooks " David Howells 2020-03-09 12:18 ` David Howells 2020-03-09 12:19 ` [RFC PATCH 12/17] watch_queue: Add security hooks to rule on setting mount and sb watches " David Howells 2020-03-09 12:19 ` David Howells 2020-03-09 12:19 ` [RFC PATCH 13/17] watch_queue: Implement mount topology and attribute change notifications " David Howells 2020-03-09 12:19 ` David Howells 2020-03-09 12:19 ` [RFC PATCH 14/17] watch_queue: sample: Display mount tree " David Howells 2020-03-09 12:19 ` David Howells 2020-03-09 12:19 ` David Howells [this message] 2020-03-09 12:19 ` [RFC PATCH 15/17] watch_queue: Introduce a non-repeating system-unique superblock ID " David Howells 2020-03-09 12:19 ` [RFC PATCH 16/17] watch_queue: Add superblock notifications " David Howells 2020-03-09 12:19 ` David Howells 2020-03-09 12:19 ` [RFC PATCH 17/17] watch_queue: sample: Display " David Howells 2020-03-09 12:19 ` David Howells
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=158375636846.334846.3569223596340231054.stgit@warthog.procyon.org.uk \ --to=dhowells@redhat.com \ --cc=dhowells@redhat.comdhowells \ --cc=torvalds@linux-foundation.org \ --cc=viro@zeniv.linux.org.uk \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.