Message ID | 20231025094224.72858-15-michael.weiss@aisec.fraunhofer.de |
---|---|
State | New |
Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce89:0:b0:403:3b70:6f57 with SMTP id p9csp2479858vqx; Wed, 25 Oct 2023 02:46:17 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGrrgoepqw1AvFaPHfAetSGv5Ff72+mAlFL006mFYhDQEWRcipMImdcIxgJ3R3HfarcgoF/ X-Received: by 2002:a0d:db08:0:b0:5a8:250f:687c with SMTP id d8-20020a0ddb08000000b005a8250f687cmr17457757ywe.15.1698227177690; Wed, 25 Oct 2023 02:46:17 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1698227177; cv=pass; d=google.com; s=arc-20160816; b=zweCFCKVImQezioXju0a/43i1jivzee0SXxtiX52KKY5mXuu3p2qhmAtZfKbyFwyIH rrT6hxekXuXUvuTwqqPTkDdRTksf2R4VWyE0isrJbH/yAxqVaJ5g6in8LWUsThgDSMDX MJ6veKm7ffW/ksAOi1UyNAaUJQnrfuS0b9/4aBCTAtalJb1iKN+hWhbvou0hKYPOBdVq l5ZzatmwVXlWfdZBiv3QMnwVJ2p2PeG8Tp/VZ0QLK1ttD8mwmcHBS5l0ifk9hyAuYMfC ZadkqR9kfYdwDYEA+UKdVgwrunc9egdWon7+cpyVcieL+uKtYujMd6Ux66uTgXCoVgwl 3HwA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:content-transfer-encoding :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature:ironport-hdrordr:ironport-data:ironport-phdr :ironport-sdr:ironport-phdr:dkim-signature; bh=DoBalLWLPB6Ex/PCn/0LGWfZ/GMPhkIwzBLLpsE+xXI=; fh=U9u/esc0XBb8N/pVu7kudxJPwEQ0AyrThcmR2LpYyxQ=; b=x/KKDXLBlCFM153Wl2a4ZijVkfDgve9Wt6WCzzLaDbBfFlwL6DFTb2RWuDcPI4lcrr Rxw6NuotdzoXkrh8u2nen1iMReOVY78/xSZqngVdCb7hhQFR8PXEAZWjgrpKUE72Ae1H oLv2FnPtRQgXm8ZNjEpsq/uJDIBF99MjY2D03eMZiFHcNRiljuReg0EpIcDjR5WPKNEq 19hdGZ6Apjm3tEFLsw6npJoaPMO7xR7CyXcDmc7g/rfTb9WmMfnhvBOv0t9QjPDbM1xK 0Nr0ZEH7l/OdkUaNHWkpUs9szV2ncQbWTLNHI6iIhsotKWFbpx+74kb1VvRuKn9KtGfH xUiA== ARC-Authentication-Results: i=2; mx.google.com; dkim=fail header.i=@aisec.fraunhofer.de header.s=emailbd1 header.b=HZhUoJq6; dkim=pass header.i=@fraunhofer.onmicrosoft.com header.s=selector2-fraunhofer-onmicrosoft-com header.b=OXA40DVp; arc=pass (i=1 spf=pass spfdomain=aisec.fraunhofer.de dkim=pass dkdomain=aisec.fraunhofer.de dmarc=pass fromdomain=aisec.fraunhofer.de); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from morse.vger.email (morse.vger.email. [2620:137:e000::3:1]) by mx.google.com with ESMTPS id w18-20020a814912000000b0059c0f98ec97si9874641ywa.311.2023.10.25.02.46.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Oct 2023 02:46:17 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) client-ip=2620:137:e000::3:1; Authentication-Results: mx.google.com; dkim=fail header.i=@aisec.fraunhofer.de header.s=emailbd1 header.b=HZhUoJq6; dkim=pass header.i=@fraunhofer.onmicrosoft.com header.s=selector2-fraunhofer-onmicrosoft-com header.b=OXA40DVp; arc=pass (i=1 spf=pass spfdomain=aisec.fraunhofer.de dkim=pass dkdomain=aisec.fraunhofer.de dmarc=pass fromdomain=aisec.fraunhofer.de); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by morse.vger.email (Postfix) with ESMTP id C39C3809E8BE; Wed, 25 Oct 2023 02:45:14 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at morse.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234615AbjJYJpA (ORCPT <rfc822;aposhian.dev@gmail.com> + 26 others); Wed, 25 Oct 2023 05:45:00 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37428 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234728AbjJYJoi (ORCPT <rfc822;linux-kernel@vger.kernel.org>); Wed, 25 Oct 2023 05:44:38 -0400 Received: from mail-edgeka27.fraunhofer.de (mail-edgeka27.fraunhofer.de [IPv6:2a03:db80:4420:b000::25:27]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C5A3FDC; Wed, 25 Oct 2023 02:44:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=aisec.fraunhofer.de; i=@aisec.fraunhofer.de; q=dns/txt; s=emailbd1; t=1698227056; x=1729763056; h=from:to:cc:subject:date:message-id:in-reply-to: references:content-transfer-encoding:mime-version; bh=qzVt3VB4NoMV3791Rxk9znEgZCQUazCxH50RMqNmfz8=; b=HZhUoJq6CSA/ACbbNvk3a8Gjx86om/EXS/O32Fnij5WiJxiVCH/5b+nl T+fHNI111YqWyCCkFwUfrn/lVClZG4eANAY2PlwBayVysI+L4aXnoMo4S Wi4MuSuu3Dj+rMsIFgBRu3ISh+SlSo+/doiclMKb6ovp4N+TIEZ2+/nKR GqgWEzjQ5sMQ/GXPS+lX7rjbshmz/On+dS7kP8gxL27Gz5thrfNVVYIx5 sKGtnJm+MrTykq+LzCpx3L/kRK+HD7MmpZAPCAyVXN+xiG3CjU7LagiSF O/R3mimbaB8GNbN2Zg3Ctvc8rmGtDrjvbus7siSOQHAuaiFolDydL4eH0 w==; X-CSE-ConnectionGUID: Ci1Zmj02Q5+mZ5bmad/g6g== X-CSE-MsgGUID: 4RqfGTtARkG5zBguGsmWnA== Authentication-Results: mail-edgeka27.fraunhofer.de; dkim=pass (signature verified) header.i=@fraunhofer.onmicrosoft.com X-IPAS-Result: A2E2AABB4jhl/xoBYJlaHQEBAQEJARIBBQUBQIE7CAELAYI4gleEU4gdiUGcKiqBLIElA1YPAQEBAQEBAQEBBwEBRAQBAQMEhH8ChxonNAkOAQIBAwEBAQEDAgMBAQEBAQEBAgEBBgEBAQEBAQYGAoEZhS85DYQAgR4BAQEBAQEBAQEBAQEdAjVUAgEDIwQLAQ0BATcBDyUCJgICMiUGAQ0Fgn6CKwMxshh/M4EBggkBAQawHxiBIIEeCQkBgRAuAYNbhC4BhDSBHYQ1gk+BSoJEb4RYg0aCaIN1hTwHMoIigy8pi36BAUdaFhsDBwNZKhArBwQtIgYJFi0lBlEEFxYkCRMSPgSBZ4FRCoEDPw8OEYJCIgIHNjYZS4JbCRUMNQRJdhAqBBQXgRFuBRoVHjcREgUSDQMIdh0CESM8AwUDBDQKFQ0LIQVXA0QGSgsDAhoFAwMEgTYFDR4CEC0nAwMZTQIQFAM7AwMGAwsxAzBXRwxZA2wfGhwJPA8MHwIbHg0yAwkDBwUsHUADCxgNSBEsNQYOG0QBcwedTYJNGQeBDnliIlsckk+DQwGueQeCMYFeoQkaBC+XK5JPLpgOIKgIAgQCBAUCDgiBY4IWMz5PgmdSGQ+OIAwWFoNAj3t0AjkCBwEKAQEDCYI5hBSEfgEB IronPort-PHdr: A9a23:z5bbSR8KWx2Npf9uWXO9ngc9DxPPxp3qa1dGopNykalHN7+j9s6/Y h+X7qB3gVvATYjXrOhJj+PGvqyzPA5I7cOPqnkfdpxLWRIfz8IQmg0rGsmeDkPnavXtan9yB 5FZWVto9G28KxIQFtz3elvSpXO/93sVHBD+PhByPeP7BsvZiMHksoL6+8j9eQJN1ha0fb4gF wi8rwjaqpszjJB5I6k8jzrl8FBPffhbw38tGUOLkkTZx+KduaBu6T9RvPRzx4tlauDXb684R LpXAXEdPmY56dfCmTLDQACMtR5+Gm8WxzZPKQHByC7eZr2vnzu9jsF7n3G+EvL4f/cbfAyi7 IZ0WjXMrD8cGn0pwECC2akSxKgOhyKI+0RT/ZaJXIKpNb1FQoT8TdZCXXptcfRcVClPDpOZN ZoCU9oQesgDsq2trncNpgSxKgb3JszvzwVioy/p87wR1tolGEbe3zc4DvkKunfSncWuZb8vQ /qb/bfzzB7aaNh72mblz9nvdQgz/fSBZI9OUOOK6kwEST3Zggm2p4fdeBWLj+oJimi23rs4b ser0UQ3tTB1hCmUls4Pm472pbs6lUnG3g9Sm6gEcI7wWAt6e9miCJxKq2SAOpBrRt93W2hzo 3VSItwuvJe6eG0HxJsqxBeFNLqJaYGV5BLkWuuLZzt11zppe7O60g676lPoivb9Wc+9zEtQo 2Jbn8PNuHEA212b6sWORvZnuEb08TiV3h3V6uZKLFpykqzeKpU7xaU3mIZVukPGdhI= X-Talos-CUID: 9a23:CBfdiWwn537T4fnfRamqBgU/G5kXd3+Flk6NYEqKVGxsQbHSRgGfrfY= X-Talos-MUID: 9a23:fmtPbghqjBmjjkJiBICC+MMpaP1x7YuSFGk3krpbqeOLKANrPgibpWHi X-IronPort-Anti-Spam-Filtered: true X-IronPort-AV: E=Sophos;i="6.03,250,1694728800"; d="scan'208";a="1597282" Received: from mail-mtaka26.fraunhofer.de ([153.96.1.26]) by mail-edgeka27.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Oct 2023 11:43:11 +0200 IronPort-SDR: 6538e32e_j66fqEKm0PJE88y0HQlU39rkjzJ4/UyWhB1Plu45Tg+nE2z xSTxrN96tLjfq0JZlBu8iwr4WcW38MdujSt5xJg== X-IPAS-Result: A0BZAABB4jhl/3+zYZlaHQEBAQEJARIBBQUBQAkcgRYIAQsBgWZSB4FLgQWEUoNNAQGETl+GQYIhOwGcGIEsgSUDVg8BAwEBAQEBBwEBRAQBAYUGAocXAic0CQ4BAgEBAgEBAQEDAgMBAQEBAQEDAQEFAQEBAgEBBgSBChOFaA2GTQIBAxIRBAsBDQEBFCMBDyUCJgICMgceBgENBSKCXIIrAzECAQGlLwGBQAKLIn8zgQGCCQEBBgQEsBcYgSCBHgkJAYEQLgGDW4QuAYQ0gR2ENYJPgUqCRG+IHoJog3WFPAcygiKDLymLfoEBR1oWGwMHA1kqECsHBC0iBgkWLSUGUQQXFiQJExI+BIFngVEKgQM/Dw4RgkIiAgc2NhlLglsJFQw1BEl2ECoEFBeBEW4FGhUeNxESBRINAwh2HQIRIzwDBQMENAoVDQshBVcDRAZKCwMCGgUDAwSBNgUNHgIQLScDAxlNAhAUAzsDAwYDCzEDMFdHDFkDbB8WBBwJPA8MHwIbHg0yAwkDBwUsHUADCxgNSBEsNQYOG0QBcwedTYJNGQeBDnliIlsckk+DQwGueQeCMYFeoQkaBC+XK5JPLpgOIKgIAgQCBAUCDgEBBoFjPIFZMz5PgmdPAxkPjiAMFhaDQI97QTMCOQIHAQoBAQMJgjmEFIR9AQE IronPort-PHdr: A9a23:jwvf0BcPoGpij1yC0tdIxGHZlGM+/N/LVj580XJao6wbK/fr9sH4J 0Wa/vVk1gKXDs3QvuhJj+PGvqynQ2EE6IaMvCNnEtRAAhEfgNgQnwsuDdTDDkv+LfXwaDc9E tgEX1hgrDmgZFNYHMv1e1rI+Di89zcPHBX4OwdvY+PzH4/ZlcOs0O6uvpbUZlYt5nK9NJ1oK xDkgQzNu5stnIFgJ60tmD7EuWBBdOkT5E86DlWVgxv6+oKM7YZuoQFxnt9kycNaSqT9efYIC JljSRk2OGA84sLm8CLOSweC/FIweWUbmRkbZmqN5hGvcpDbuy/eic5F8ne3LYrOZrZzARCN0 KlZDzDNsCcEFiEr2kXzktddz7JrgUfywn43ydvzUKjJbNZAZv7hfu8bAlF9eedhUnRZEq+TX YYMCuQNLcMCvoShl0pJg0CjIVmlKODk1TBniSTU8q0/6c4EQR7ozSclIdYH92zXl83kH6MYU uaE3PKZ1QjRdd1nxwz8w5HPWT0i8OmrDJV3adiNzEQWKj3kpw6zrKe7AS+ZisIDuFDcyfQ5W +aWi0MW+llKhzz17Ncyu43vl7lFw3PV8hpa+alqPN+TYmUgT+/xQ9NA8iCAMI1uRdk+Bntlo zs+1ugesIWgL0Diqbwizh/bLvmbequhuEylWvyYPDF4g3xoYvSzikX6/Uuhz7jkX9KvmBZRr yVDm8XRrH1FyRHJ68aGR/c8tkes0DqCzUbSv8lKO0kpk6rcJZM7hLk2k5sYq0PYGSHq3k7xi cer IronPort-Data: A9a23:SAHpj66KcDwUI4vem0pfrwxRtL3DchMFZxGqfqrLsTDasY5as4F+v jAXDTqCOvzcZmDxeIt+b9++9UoFuJbcm4NmGVBrpSthZn8b8sCt6fZ1gavT04N+CuWZESqLO u1HMoGowPgcFyOa/FH3WlTYhSEU/bmSQbbhA/LzNCl0RAt1IA8skhsLd9QR2+aEuvDnRVvW0 T/Oi5eHYgT8g2Qpajt8B5+r8XuDgtyi4Fv0gXRjPZinjHeG/1EJAZQWI72GLneQauG4ycbjG o4vZJnglo/o109F5uGNy94XQWVWKlLmBjViv1INM0SUbriukQRpukozHKJ0hU66EFxllfgpo DlGncTYpQvEosQglcxFOyS0HR2SMoVo9I/3en3vt/Ws7BGBazzi2/5JK28faNhwFuZfWQmi9 NQDLSwVKB2TjOLwzqiyV+9sgcouNo/nMevzuFk5kGqfXKlgGM+SBfyQure03x9o7ixKNfPfb MoQZD4pcxnBeAZnM1YMBZl4kv2hm3//dDNVshSZqMLb5kCNnFAhjuO3aLI5fPSGeO4NpWyFr F7I4nnTJRsZNeG27WaspyfEaujn2HmTtJgpPLS8++5jhlGe3EQWCR0fUVqwsP//gUm7M/pVM UUJ/Cc0has/7kqmSp/6RRLQiHefojYfVsBWHul87xuCooLM6hudLnANUzoEbdshrsJwTjsvv neFltXoCDhHsbqaRHuH/LCE6zW/JUA9JGkOfy4FZQgI+d/upMc0lB2nZtNqCrK0iJvxECzYx zGMsTh4i7gN5eYQ0KO01VPKmTShot7OVAFdzhTXRUqr5EVyY4vNT46v6V6d4/9bMI+TQ1+Nl HcBksmaqusJCPmllzSWQeMCHJmq6uyDPTmahkRgd7E6+zqF9HmkcoRdpjp5IS9BMs8DfSLuS EDUvgxV6dlYO37CRa1wZ5m4I8cn167tEZLiTP+8RsNTb55tdQmv/Tppe0eU0mbx1kMrlMkXJ 5aBdu6+AHAbF+JjzTyrV6Eay7Bt2yNW7WbSRpT81Dy8w7eEaXKUD7cYWHOHa+Ejs/iFpC3a9 t9eM42BzBA3ePbzeCba2Y4aKVQbKz4wApWeg8ZPeMadLQd8XmIsEfncxfUmYYMNt6BUkPrYu 3KwQElVzHLhinDdbwaHcHZubPXoR5kXhXY6OzE8eFiz13U9bIKH8qgSbd00cKMh+eglyuR7J 8TpYO3ZX68KG2uComtMKMCn88p8cVKgwwyUNjejYD8xcoQmSwGhFsLYQzYDPRImV0KfncUkq qCm1gTVTIBFQAJnDc3Mb+mowU/3tn8Y8N+elWOWSjWKUBS9rNpZOGbqg+UpIsoBDxzGy3HIn 0yVGBoU762F6YM87NCD1+jOopaLAtlOOBNQP1DayrKqagjc3G6omrFbXMiyIDvyaWLT+YeZX 9tz8c3SCvM8sWxxg9JOKIozlaMazPnzloBe1TVhTSnqbUz0K7ZOIUum/Mhot49Nz49/vTqnB 0eE//cDM7CJJvHgLk81ITAhT+Wc1MM7nivZwuQ1LX7bug523uujemdDMyacjBdyKONOD7ok5 uM6qegq6wCboTg7AOas1yx72TyFES0dbv8BqJofPr7OtiMq7VNzObrnFS785cC0WeVma0UFD Gedu/vfuu562EHHTnsUEErN18p7gbAlmkhD7H0GFmSztuv1vN0F9zwPzm1vVSVQ9AtN7MxrM GsyN0FVG7SHzw01uOd9BVKTCyNzLzzH3Hfuymk5tnzTFGipcW3vEFcTG8iw+GIhzmYNWQQDo Z+5zj7+XCfIbfPB+HI4eXRYpszJSf1z8Qz/m/6bIfmVIqliYRTZr/+vQUEqtyrYBdgAgRybh Otyo8d1R67JFQ8RhKwZGYOq76s0TS7YFTZNXMNn3qMFIjzbcmuA3TOPdkODQeJWBvnw6UTjI ddfFsFOcBWf1Si1sTEQA5AXEYJ0hPIE4NkjeKvhAGw774uksTtitazP+hjEhGMER8tkleA/I Njzcw2uP3Oxh3wOvUPwt+hBZ3SFZOcbaD3G3Oya9PsDE7QBurpOdWAwyr6FgGWHAjB4/h67v BLxWIGO9rZMkb9TporLFrlPIy6WKtmpDeSBz12VguR0NNjKNZ/DihMRplzZJD9pBLo2Welst LGzodXyjVLkvrE3bjjjoKO/NZJ1vOe8YOkGFfjMDih+vTCDU8rS8Rc86ziGCZhWouh8uOijZ SWFMfWVS/BEdetZ9nNvbwpmLy08EIXyN6fpmjO8pa+DCz8byg32E+mk/n7IM0BeWDcDYaP8L grGqsee2M1Rg9VJNi8lGsNJPp5cC33gUJsAaNfem2S5DG6po1XaoZrkt0Mqxg/qA0m+MvTRw Mz6VDmnUzrqo4DO7tVSk7Iqjy0tFHwn3NUBJBMMyeB5mxWRLTAgL91EFb4kF5sNsCj59K+gV QH3dGF4VBnMB2VVQy7dvubmcByUXNEVG9HDITcswUOYRgG2CK6EA5pj7i1Q2Gh3SBSy0NCYL cwixVOoMiiT2p1JQcMh1s6/i8pjxdLYwSss0mL5mMrQHR0fIOsr0FpMIQlzbhHEQvr9zBjzG WsIRG56GRDxDQa7FMt7YHdaFS0IpD6lnX1icS6Lx82ZoImBivFJzPrkIezoz7kfd4IwKaUTQ W/sDX64i4xMNqf/ZYNy0z7xvZJJNA== IronPort-HdrOrdr: A9a23:xZH4bK9yVjpisfWi52Zuk+HRdb1zdoMgy1knxilNoENuHfBwxv rDoB1E73LJYVYqOU3Jmbi7Sc29qBTnhOJICOgqTMqftWzd1ldAQ7sSi7cKrweQeREWs9Qtrp uIEJIOeeEYc2IK9PoSiTPQe71LoKjlzEnrv5al854Ed3AVV0gK1XYfNu/0KDwSeOEQbqBJa6 Z1haJ81nidkSt9VLX+OpFhN9Kz5OEj2aiWFyLvQHUcmXyzpALtzIS/PwmT3x8YXT8K66wl63 L5nwvw4bjmm+2nyzfHvlWjpKh+qZ/E8J9uFcaMgs8aJnHHkQCzfrlsXLWEoXQcvPyv0lA3i9 PByi1Qd/ib00mhM11dnCGdlzUJiF0VmjDfIB6j8DLeSPXCNXgH45Erv/MWTvKW0TtggDhG6t M444uojesmMfr+plWP2zGxbWATqqOVmwtXrQdBtQ0pbWK1Us4Q3MsiFQVuYdI9IB4= X-Talos-CUID: 9a23:icDzJGmq7kwBPX/iZjg8t+KpErHXOVPR/EeLJh++MFlKFPqNDlGI84RDveM7zg== X-Talos-MUID: 9a23:gJA+kgxBFqTCNE1KuTM3Ejj8PMqaqKiTIxg2u4gMh8eZKAZXMTScsR2THqZyfw== X-IronPort-Anti-Spam-Filtered: true X-IronPort-AV: E=Sophos;i="6.03,250,1694728800"; d="scan'208";a="68486320" Received: from 153-97-179-127.vm.c.fraunhofer.de (HELO smtp.exch.fraunhofer.de) ([153.97.179.127]) by mail-mtaKA26.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Oct 2023 11:43:10 +0200 Received: from XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) by XCH-HYBRID-03.ads.fraunhofer.de (10.225.9.57) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.27; Wed, 25 Oct 2023 11:43:09 +0200 Received: from DEU01-FR2-obe.outbound.protection.outlook.com (104.47.11.169) by XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.27 via Frontend Transport; Wed, 25 Oct 2023 11:43:09 +0200 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=IfDRYR/Q5+DZRHCcfiMo2+5flEmg5AOuadpqe4ZJ1psNYgKCTblPG25UL4QIp+cQCEin++Fsc5Y6RV/v7zi/0gTPdcaDnYkw3njSnyU0Pjrdi22ESXWWuS16FteDZv6FlsmeaqIIdgiG+3se4rW+7oOdFsTmyKuZk6CPAbZN3hZVucLRpnl6xsvtOnuT38RjZ7lTNBiwtAN8K2oEqPtXPX28BoX3jNHar3bDIHxmkoHQI0TBtbE2E1bXN+tWCTLn7p3cYRbU4IKr9vB+vpQsp+WePHqOTwngfudFvc4QpYgbYQVmVe/nSKMV2CWi7hwTiwGLqyCkwPwv6WQsTN0bgA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=DoBalLWLPB6Ex/PCn/0LGWfZ/GMPhkIwzBLLpsE+xXI=; b=Gj3DQu/b/hzAn5HHX+okmqhIPf522URAnlISz3OJ4MTvbO2H41jA3SB0jYjHlnru9UtXmaZQ2VEVvElRJgM0hPVnlDUtyHLEFLLu+inJx2EzE4sEgDYwKK7OfqoFVjMBYvPaBxVCZpgG3CHcBafvDeD+y9PK6yAa88ju3lAuxwXBlpIbvNDINw5HqkgYBERjHt8x6LnZtpJpmB6sm9js29ztKvizHDepZxbiWGypSDZQB6OEbmmNd9Ozaxzkx3MKLu6B8OuR2/AfT0vtm9eKPSamz9z2OEnWte6yVgWpPCbSN75LiXMaBrl2RgRZBdQtPYCb67q93Os7/OYTjAgrXw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=aisec.fraunhofer.de; dmarc=pass action=none header.from=aisec.fraunhofer.de; dkim=pass header.d=aisec.fraunhofer.de; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fraunhofer.onmicrosoft.com; s=selector2-fraunhofer-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DoBalLWLPB6Ex/PCn/0LGWfZ/GMPhkIwzBLLpsE+xXI=; b=OXA40DVp5TkTi/STOIXm0pxDGZekmfdxM2ye4Xy/F3uL8aDkcwgGg3JGhmRBM8wFyCmVla/pkSpyClbknYx39pUzrFYvSiCqoCEk9pO9Oopz4meQUVIA3KmC6Vtd4NfcP/Nv1flQhEY90SMl2BxvYlNyS8aKyoWKQG7qjCBC3FY= Received: from BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:50::14) by BE0P281MB0116.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:f::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6933.19; Wed, 25 Oct 2023 09:43:08 +0000 Received: from BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM ([fe80::7330:78f8:1bf2:2f4d]) by BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM ([fe80::7330:78f8:1bf2:2f4d%5]) with mapi id 15.20.6933.019; Wed, 25 Oct 2023 09:43:08 +0000 From: =?utf-8?q?Michael_Wei=C3=9F?= <michael.weiss@aisec.fraunhofer.de> To: Alexander Mikhalitsyn <alexander@mihalicyn.com>, Christian Brauner <brauner@kernel.org>, Alexei Starovoitov <ast@kernel.org>, Paul Moore <paul@paul-moore.com> CC: Daniel Borkmann <daniel@iogearbox.net>, Andrii Nakryiko <andrii@kernel.org>, Martin KaFai Lau <martin.lau@linux.dev>, Song Liu <song@kernel.org>, Yonghong Song <yhs@fb.com>, John Fastabend <john.fastabend@gmail.com>, KP Singh <kpsingh@kernel.org>, Stanislav Fomichev <sdf@google.com>, Hao Luo <haoluo@google.com>, Jiri Olsa <jolsa@kernel.org>, Quentin Monnet <quentin@isovalent.com>, Alexander Viro <viro@zeniv.linux.org.uk>, Miklos Szeredi <miklos@szeredi.hu>, Amir Goldstein <amir73il@gmail.com>, "Serge E. Hallyn" <serge@hallyn.com>, <bpf@vger.kernel.org>, <linux-kernel@vger.kernel.org>, <linux-fsdevel@vger.kernel.org>, <gyroidos@aisec.fraunhofer.de>, =?utf-8?q?Michael_Wei=C3=9F?= <michael.weiss@aisec.fraunhofer.de> Subject: [RESEND RFC PATCH v2 14/14] device_cgroup: Allow mknod in non-initial userns if guarded Date: Wed, 25 Oct 2023 11:42:24 +0200 Message-Id: <20231025094224.72858-15-michael.weiss@aisec.fraunhofer.de> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20231025094224.72858-1-michael.weiss@aisec.fraunhofer.de> References: <20231025094224.72858-1-michael.weiss@aisec.fraunhofer.de> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-ClientProxiedBy: FR4P281CA0420.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:d0::17) To BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:50::14) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BEZP281MB2791:EE_|BE0P281MB0116:EE_ X-MS-Office365-Filtering-Correlation-Id: ea45e0e1-34be-418f-00ee-08dbd53ecb86 X-LD-Processed: f930300c-c97d-4019-be03-add650a171c4,ExtAddr X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: xp9vHEDO7YKQGdJBEgpvTdwBY/OZvvOdNSTsjNFJO7Hhn0fKtjuYeJEBjp8/KSbuhPyyxSAVQfoHukT//WsfLBpe/uPYQqs3BL+2aBicE9Vi/43+g8NMzd00WTTbBm0J+ADYuF2WUiz4iMqZSDt02dDEVxFm8YJEM6/WPTGDpqbqn0H5vAIrO/+ltq/D3e/tvcvnT4u3+f6w1lHxxmJPa/O4O4nUw7IBvz8a11ySUMJTGr55qeqiQ2xIvuBzDJbD6gBZySeFJS3cX4rfsF3YdtfSdelXC4AvvITvKweOVPhSdzLuj3EVxesHlTtZhbjRQHBbStM08chUMdqpkuJu/eZKUKtKx0LQOpLtYQ8lNLrzycaLVG31DhSA/ttfgxX6ooCMSvyu2SWsIsLA/YFGeRJysTOCzuMjlLgWfl08sqigubmZnjqlqR4SyFcjDb1zNBsBpeJz1x4dIjuOzDIQCPZ4LBwZhj/upjpJP1L38s7H3KUEmvLsD+gVnLpzDACLDK/8ZEySqQTU82Vzj2yE8SWOSKga4+OB+qIcoFwQF1Fi77JpAKgpFmfuTYqN5R4lwtq+aDaA/p18VzDHqxwTyWl17PZxknH//FNoIKR/WQg= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230031)(366004)(346002)(136003)(396003)(376002)(39860400002)(230922051799003)(1800799009)(186009)(64100799003)(451199024)(66946007)(83380400001)(316002)(38100700002)(6486002)(478600001)(6666004)(54906003)(110136005)(66556008)(66476007)(1076003)(107886003)(52116002)(6506007)(2616005)(6512007)(7416002)(2906002)(86362001)(4326008)(8936002)(82960400001)(8676002)(41300700001)(5660300002);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?QNvpCRmPirIocUNuXAHH5hlox10a?= =?utf-8?q?7eQGZnLlZvP8kPW64h2MgvXN4wrUc1DvowuDNIcu4q8O8bTjDcj9wWeyWHEmG1k7u?= =?utf-8?q?CMnxabmDw3tsI27X/KETxdV5EEtS2ORqqe4Sk+ogneyQe3jwkOA9Hfy9/lZbxsnWk?= =?utf-8?q?DBeDnb+ih+gzdUYe8zWyKFEh7Uqw2IxuU7/Jh/11/Z3IoqyvShg6eUSw2NS9bg1IR?= =?utf-8?q?wkIcj/B2pVlzzSoMZe4xQJ7n7+5C06T98LVn8JPzzzmAKeyHK36aOB8pIV6SECN30?= =?utf-8?q?gfQmLSovk1+Vc/8gLfwaXwvPZdB4NVuRDQrJR7NhEwCTc5ULBOtLaYd40snaS9K0M?= =?utf-8?q?cfVDvPcxci+7aaZ3nw5Ufd6VwtzbkpWLKDt+LKp9rDdwvX07yD5h+1/I/z/4Zwm1F?= =?utf-8?q?G3Ndkb0TWE1/r27teuTnA4JBKearIvkrwegAfBtKbVzHPBkFSsIVC1Suuix8mh3Pb?= =?utf-8?q?tMwHESDcJVFFwK4nQ5ugsnv86976Ql9HdX+DKbMtXhZBo6+hcee02M6X/Mv0Kb1NK?= =?utf-8?q?0P5iJfA+rW5UtrvB/WxpiQjDZ22aMpsDOfAisUArxPNpBY1z70fQoLcXXWkmjkNjO?= =?utf-8?q?rlfaumpBkmllQQQPnz5m20rCkG9c/h0v1Tu+rALjjqyxfHmyP7NJNXcfq/ehw3uuj?= =?utf-8?q?mODDwK9UzgTFmgaQMEtoy+SsnZRbOVTOU4NJuLK3fdsuBwMFc5g7FYSlyKeW+USt2?= =?utf-8?q?aCyurVTZ6jzZOfqZxn1+17V6p72MgwoOffYvQK9DXSXJ9gP6qwDk5aquYUtmJoZCA?= =?utf-8?q?AR/8ewzbuw1qwgw8BTNopqygovtiZkKHwsas+OY6fDqrbutDCRDB3hE32vc5HYsp/?= =?utf-8?q?NObonOtcaU3NU531gL+brkvzJoud1NEop2uvoM9JZRDeZFrHuwBVzSR4JbWfcL5T6?= =?utf-8?q?xZR3v6RXWOI+wBrCh3KKxSTZXHj3XIIsgxnFAtvie8rHzHUbiCoXNGtZh8jV9GKQe?= =?utf-8?q?D3f1MX47UQuzgdQg2v5IXfr7pGHkODtOoCGNJUsjy83MPSpuZz/hkW2lZP+bo9WA2?= =?utf-8?q?YW9AzF/LH97DUUb8POTAZfz7nCVLDyZ0RMJnHc2PqK6MobWJJa7IKu6HW2AUZ4QR8?= =?utf-8?q?DEpM/RO3sgL7cgi0lNdJrMljDBDkwz3Z3yoN4Uu45hbiChkQEanstJIKxuS/4ej3v?= =?utf-8?q?5H9BiVDf++hDfmjktOhby1ntGCay4gr7dYuO1uQEbwmNd6qBM8q1nxibFZhGjStbv?= =?utf-8?q?7Rs6ZSdBbJ1Rhx1ZsI8LvGK3QjrrZT2MrtZF6uL5X2g5xHJvJF5TbdYk2DeXBdurJ?= =?utf-8?q?qBPJsJcMudMtvZHYb7+SImN6Hsx/ONdQkxHk6aLDoW7/kqbnyUuNcK9mO/k1j8A6x?= =?utf-8?q?EU45ZU9+x+qwE1QdRNXX66W9q8z5Sjubhnoh8pDF5YaOXFVtDH5FIbWTcbdVZ6Eue?= =?utf-8?q?59vbVAhZCfoThAAaf909P3uMzzwJxs3YSwYfrDN/QaR+Mxz7uudlO754DYjUgrst+?= =?utf-8?q?koXIWKLoLBdv3fhwqzqPjd7kQTkEH09hv+Slybljo7M24Fczg2TQrszsCdC5FPRZh?= =?utf-8?q?c0Djljqlz5I09J1mvDIGL9Q7wSdwNkC0ZCu4mzzHIg5fDC9CcL5HwzITo2MGaPiI/?= =?utf-8?q?4KCENG/4w0jsKfUaqrpCrMF316NWrq0tde+GMsYf28bVqY/zbLLiWI=3D?= X-MS-Exchange-CrossTenant-Network-Message-Id: ea45e0e1-34be-418f-00ee-08dbd53ecb86 X-MS-Exchange-CrossTenant-AuthSource: BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Oct 2023 09:43:08.4202 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f930300c-c97d-4019-be03-add650a171c4 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Z032ILo5eW7I8M+KBfdtf1e0rMwDPPIOXQExBCaJmEgcIpSqrTqqI8upd6o3CV8zOR56tK3qR9iIL6m+Mtsloeo04bS7dWN+jZSPqUjCIA21sPyuzRUWrTr2Ca/lV8Zw X-MS-Exchange-Transport-CrossTenantHeadersStamped: BE0P281MB0116 X-OriginatorOrg: aisec.fraunhofer.de X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on morse.vger.email Precedence: bulk List-ID: <linux-kernel.vger.kernel.org> X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (morse.vger.email [0.0.0.0]); Wed, 25 Oct 2023 02:45:14 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1780720261041846790 X-GMAIL-MSGID: 1780720261041846790 |
Series |
device_cgroup: guard mknod for non-initial user namespace
|
|
Commit Message
Michael Weiß
Oct. 25, 2023, 9:42 a.m. UTC
If a container manager restricts its unprivileged (user namespaced)
children by a device cgroup, it is not necessary to deny mknod()
anymore. Thus, user space applications may map devices on different
locations in the file system by using mknod() inside the container.
A use case for this, we also use in GyroidOS, is to run virsh for
VMs inside an unprivileged container. virsh creates device nodes,
e.g., "/var/run/libvirt/qemu/11-fgfg.dev/null" which currently fails
in a non-initial userns, even if a cgroup device white list with the
corresponding major, minor of /dev/null exists. Thus, in this case
the usual bind mounts or pre populated device nodes under /dev are
not sufficient.
To circumvent this limitation, allow mknod() by checking CAP_MKNOD
in the userns by implementing the security_inode_mknod_nscap(). The
hook implementation checks if the corresponding permission flag
BPF_DEVCG_ACC_MKNOD_UNS is set for the device in the bpf program.
To avoid to create unusable inodes in user space the hook also checks
SB_I_NODEV on the corresponding super block.
Further, the security_sb_alloc_userns() hook is implemented using
cgroup_bpf_current_enabled() to allow usage of device nodes on super
blocks mounted by a guarded task.
Signed-off-by: Michael Weiß <michael.weiss@aisec.fraunhofer.de>
---
security/device_cgroup/lsm.c | 27 +++++++++++++++++++++++++++
1 file changed, 27 insertions(+)
diff --git a/security/device_cgroup/lsm.c b/security/device_cgroup/lsm.c index a963536d0a15..6bc984d9c9d1 100644 --- a/security/device_cgroup/lsm.c +++ b/security/device_cgroup/lsm.c @@ -66,10 +66,37 @@ static int devcg_inode_mknod(struct inode *dir, struct dentry *dentry, return __devcg_inode_mknod(mode, dev, DEVCG_ACC_MKNOD); } +#ifdef CONFIG_CGROUP_BPF +static int devcg_sb_alloc_userns(struct super_block *sb) +{ + if (cgroup_bpf_current_enabled(CGROUP_DEVICE)) + return 0; + + return -EPERM; +} + +static int devcg_inode_mknod_nscap(struct inode *dir, struct dentry *dentry, + umode_t mode, dev_t dev) +{ + if (!cgroup_bpf_current_enabled(CGROUP_DEVICE)) + return -EPERM; + + // avoid to create unusable inodes in user space + if (dentry->d_sb->s_iflags & SB_I_NODEV) + return -EPERM; + + return __devcg_inode_mknod(mode, dev, BPF_DEVCG_ACC_MKNOD_UNS); +} +#endif /* CONFIG_CGROUP_BPF */ + static struct security_hook_list devcg_hooks[] __ro_after_init = { LSM_HOOK_INIT(inode_permission, devcg_inode_permission), LSM_HOOK_INIT(inode_mknod, devcg_inode_mknod), LSM_HOOK_INIT(dev_permission, devcg_dev_permission), +#ifdef CONFIG_CGROUP_BPF + LSM_HOOK_INIT(sb_alloc_userns, devcg_sb_alloc_userns), + LSM_HOOK_INIT(inode_mknod_nscap, devcg_inode_mknod_nscap), +#endif }; static int __init devcgroup_init(void)