From patchwork Wed Oct 25 09:42:11 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Michael_Wei=C3=9F?= X-Patchwork-Id: 157970 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce89:0:b0:403:3b70:6f57 with SMTP id p9csp2479179vqx; Wed, 25 Oct 2023 02:44:34 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGNcmL+iCjKzO9lR8LXGC/n8w0oT/HfVN6sk2g6BrOrgNl6BSQzuUS9BicDbV1Ws2tPRFjk X-Received: by 2002:a05:620a:4144:b0:773:f6b6:4085 with SMTP id k4-20020a05620a414400b00773f6b64085mr14787353qko.54.1698227073954; Wed, 25 Oct 2023 02:44:33 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1698227073; cv=pass; d=google.com; s=arc-20160816; b=MIvkpSWNPTtvNm+HNQM6f886tlt1WESGgyizvBIp1cQhrwoBpfp2VOv6iI6Q30JX9h 0AMTb+EX5Qzj9UA8WOhgxuuKazmxmvGHxTYjAC9SMhucXzs4lPnCZZ99QRr0/1t0T3zQ +oxle5l5+w0t+jHCojNuYrVYTHcmMY8iB2Kl1iF3+4ZsRhBJOFs/OpvI9nljLaokalm8 ZREyD96/OvRo/XUHyRSN/XrzxSHuWFcmJ7YDP4PnZhtGTUy7P6Evvver0xeSeee1xu/8 CeytluGzkAq95LLkbLnFdfEJJ4Xwk8LjZqvZLD3bVQX2cgxA1Geiwosuvk6VonmAeZsT B0jQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:content-transfer-encoding :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature:ironport-hdrordr:ironport-data:ironport-phdr :ironport-sdr:ironport-phdr:dkim-signature; bh=pmItj7lkIwuhol2iM4hM9jx316V5JBguShsE59bVwBM=; fh=U9u/esc0XBb8N/pVu7kudxJPwEQ0AyrThcmR2LpYyxQ=; b=F8stgzEe5D0XeWLQmLdzpt6EnDyLqD8misHFtqUx5b09TkKc4xGyUKllWqkeEKYWUg iDYVut4/4T06w2h2mvJM8MlSgx8MoljOCvyMGDjUJXJtPn+R0LhuaLAqxo7J2KvNCaJS h7dodf8/hwZY03jE02qx2ZLRG9TdPSnK5b4SlQUbV4fFTzTN2FV5fiARQs5r1DvKX27K DJro5qwa/b91IWz9Ppbfqr+w95BgpJu1UAysVhHOtz8vY0d/2Wn4F/31/vALeBKOW/9O ytB0AKh83qxLZoy+DHhQtcoIJfuAml6psdqNtI3KFX6qEcL1m2CIlwYDJNkGOZ/0W8cs mEVg== ARC-Authentication-Results: i=2; mx.google.com; dkim=fail header.i=@aisec.fraunhofer.de header.s=emailbd1 header.b=VsImCdJ5; dkim=pass header.i=@fraunhofer.onmicrosoft.com header.s=selector2-fraunhofer-onmicrosoft-com header.b=KWzJjcuK; arc=pass (i=1 spf=pass spfdomain=aisec.fraunhofer.de dkim=pass dkdomain=aisec.fraunhofer.de dmarc=pass fromdomain=aisec.fraunhofer.de); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from morse.vger.email (morse.vger.email. [23.128.96.31]) by mx.google.com with ESMTPS id 72-20020a25044b000000b00d9cb8051da7si9564070ybe.129.2023.10.25.02.44.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Oct 2023 02:44:33 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) client-ip=23.128.96.31; Authentication-Results: mx.google.com; dkim=fail header.i=@aisec.fraunhofer.de header.s=emailbd1 header.b=VsImCdJ5; dkim=pass header.i=@fraunhofer.onmicrosoft.com header.s=selector2-fraunhofer-onmicrosoft-com header.b=KWzJjcuK; arc=pass (i=1 spf=pass spfdomain=aisec.fraunhofer.de dkim=pass dkdomain=aisec.fraunhofer.de dmarc=pass fromdomain=aisec.fraunhofer.de); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by morse.vger.email (Postfix) with ESMTP id 52712801F896; Wed, 25 Oct 2023 02:44:30 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at morse.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234673AbjJYJoN (ORCPT + 26 others); Wed, 25 Oct 2023 05:44:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39066 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232808AbjJYJoJ (ORCPT ); Wed, 25 Oct 2023 05:44:09 -0400 Received: from mail-edgeka24.fraunhofer.de (mail-edgeka24.fraunhofer.de [IPv6:2a03:db80:4420:b000::25:24]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B9009DC; Wed, 25 Oct 2023 02:44:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=aisec.fraunhofer.de; i=@aisec.fraunhofer.de; q=dns/txt; s=emailbd1; t=1698227046; x=1729763046; h=from:to:cc:subject:date:message-id:in-reply-to: references:content-transfer-encoding:mime-version; bh=UvaaY0D2++qOD/ii0lqFtjoizSxctX+kms0LuYLxRQU=; b=VsImCdJ5NwKF2bDq+rZwfYe/sw24G3hauGr+3+QMJPW3tjC/ed2t/cM8 C5isAB9PI4ShWT7hGGi+jv4Zg7rKm62WbyaN+F/Dvp7ZQhZ6afmV4bY63 wL2UTQ33gci3MDevVrmcjwYdJ7UpAM2tOEh1mw4MI89oUeNg2mtGdm0ln 6oMH0Ov2z5r8Xnespabh0O91OEPma566i9RtBa77b6c10NLDBZwnGb2ci e6j0jfqz+D5wlFxGwXYw/MbJ/L4XOce6G/1C6xMU9xFMX4jsFbvTNpeNi /XXeIT+N8IKQ4gxKIgVjz91iIqt+3F/FIVUaShjFqsSEi9AtYVIbkvSv9 w==; X-CSE-ConnectionGUID: UsCzEJH8QGKJVSbJ/d1qnQ== X-CSE-MsgGUID: 1t6KDezzSF2yxEQnL9FvCw== Authentication-Results: mail-edgeka24.fraunhofer.de; dkim=pass (signature verified) header.i=@fraunhofer.onmicrosoft.com X-IPAS-Result: A2ElAABB4jhl/xwBYJlaHAEBAQEBAQcBARIBAQQEAQFAgTsHAQELAYI4gleEU4gdiUGcKiqBLBSBEQNWDwEBAQEBAQEBAQcBAUQEAQEDBIR1CgKHGic0CQ4BAgEDAQEBAQMCAwEBAQEBAQECAQEGAQEBAQEBBgYCgRmFLzkNhACBHgEBAQEBAQEBAQEBAR0CNVQCAQMjBAsBDQEBNwEPJQImAgIyJQYBDQWCfoIrAzGyGH8zgQGCCQEBBrAfGIEggR4JCQGBEC4Bg1uELgGENIEdhDWCT4EVNYEGgT5vhAYEHy+DRoJogVaCH4UAPAcygiKCejUpg0Vph1CBAUdaFhsDBwNZKhArBwQtIgYJFi0lBlEEFxYkCRMSPgSBZ4FRCoEDPw8OEYJCIgIHNjYZS4JbCRUMNQRJdhAqBBQXgRFuBRoVHjcREhcNAwh2HQIRIzwDBQMENAoVDQshBVcDRAZKCwMCGgUDAwSBNgUNHgIQLScDAxlNAhAUAzsDAwYDCzEDMFdHDFkDbB8aHAk8DwwfAhseDTIDCQMHBSwdQAMLGA1IESw1Bg4bRAFzB51NgXouRVg2AYE8PF8Rlh0BjBiiYQeCMYFeoQkaM5crkk8umA4goj6FSgIEAgQFAg4IgWOCFjM+gzZSGQ+OIAwWFoNAj3t0AjkCBwEKAQEDCYI5hjWCXQEB IronPort-PHdr: A9a23:JpXXBhHZqhiouQJblQvDn51Gf3BNhN3EVzX9l7I53usdOq325Y/re Vff7K8w0gyBVtDB5vZNm+fa9LrtXWUQ7JrS1RJKfMlCTRYYj8URkQE6RsmDDEzwNvnxaCImW s9FUQwt5CSgPExYE9r5fQeXrGe78DgSHRvyL09yIOH0EZTVlMO5y6W5/JiABmcAhG+Te7R3f jm/sQiDjdQcg4ZpNvQUxwDSq3RFPsV6l0hvI06emQq52tao8cxG0gF9/sws7dVBVqOoT+Edd vl1HD8mOmY66YjQuB/PQBGmylAcX24VwX8qSwLFuQn/f4vz7S/5l/Vg2C6eZ8zTEbARCDayt P41dkLKoigaDD4i3TyGgPJvpocO83fD7xYq4LHGQoOeKdlYIoHwJpAodXcYWstrZTxBBYH7N YQFMuEeZNgIgdTmrBxWhze1NAi2AvPmywJHmXn5+vML0bgYNRqZxyYaDdg/lC7W8enRZIAZf +qtyfiZlx/9a8176zPlsITMaE54h9a9Bapfa+z61UMUHQCVsnqAjqP5HWqpxNhSoS+488w/X s2hkzQYjAx2pRu16J89qoP1uLoPlEL+0ihUkZYPLvq/R2xwNI3sAN5RrSacL4xsXoY4Tnp1v Dpv0rQdos3TlEkizZ0mw1vSZ/OKcIHSvlTtTu+MJzd/in9/Pr6y1F6+8kmln/X1TdL8kE1Lo SxMjsTWuzgT2gbS5MmKRro1/kqo1TuVkQGGwu9eKF0yla3VJoRnxbg1l5EJtl/EEDOwk0Lz5 JI= X-Talos-CUID: 9a23:vX7no2PAj5FiUO5DZTJM5mM2OpAcXV7/8kzaAQi0UH9vcejA X-Talos-MUID: 9a23:qHyVKARTOcVEJvbQRXS1mG9BGMp68Z+AUlEdvKwAn5iqKwdvbmI= X-IronPort-Anti-Spam-Filtered: true X-IronPort-AV: E=Sophos;i="6.03,250,1694728800"; d="scan'208";a="1802487" Received: from mail-mtaka28.fraunhofer.de ([153.96.1.28]) by mail-edgeka24.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Oct 2023 11:42:56 +0200 IronPort-SDR: 6538e31e_SVkz+WtSrnIdaVjRtAd2dn2jlB4LrnOoT69w0XC6kpFrx50 ga2osAWbubpX5I0u/WiqWUdKZjdLJs1govSjWdA== X-IPAS-Result: A0A8AAC94Thl/3+zYZlaHAEBAQEBAQcBARIBAQQEAQFACRyBFgcBAQsBgWZSB4FLgQWEUoNNAQGETl+GQYIhOwGcGIEsFIERA1YPAQMBAQEBAQcBAUQEAQGEfAoChxcCJzQJDgECAQECAQEBAQMCAwEBAQEBAQMBAQUBAQECAQEGBIEKE4VoDYZNAgEDEhEECwENAQEUIwEPJQImAgIyBx4GAQ0FIoJcgisDMQIBAaUwAYFAAosifzOBAYIJAQEGBASwFxiBIIEeCQkBgRAuAYNbhC4BhDSBHYQ1gk+BFTWBBoE+b4QGBB+DdYJogVaCH4UAPAcygiKCejUpg0Vph1CBAUdaFhsDBwNZKhArBwQtIgYJFi0lBlEEFxYkCRMSPgSBZ4FRCoEDPw8OEYJCIgIHNjYZS4JbCRUMNQRJdhAqBBQXgRFuBRoVHjcREhcNAwh2HQIRIzwDBQMENAoVDQshBVcDRAZKCwMCGgUDAwSBNgUNHgIQLScDAxlNAhAUAzsDAwYDCzEDMFdHDFkDbB8WBBwJPA8MHwIbHg0yAwkDBwUsHUADCxgNSBEsNQYOG0QBcwedTYF6LkVYNgGBPDxfEZYdAYwYomEHgjGBXqEJGjOXK5JPLpgOIKI+hUoCBAIEBQIOAQEGgWM8gVkzPoM2TwMZD44gDBYWg0CPe0EzAjkCBwEKAQEDCYI5hjWCXAEB IronPort-PHdr: A9a23:T9zkzh+Bs0AUef9uWWy9ngc9DxPPxp3qa1dGopNykalHN7+j9s6/Y h+X7qB3gVvATYjXrOhJj+PGvqyzPA5I7cOPqnkfdpxLWRIfz8IQmg0rGsmeDkPnavXtan9yB 5FZWVto9G28KxIQFtz3elvSpXO/93sVHBD+PhByPeP7BsvZiMHksoL6+8j9eQJN1ha0fb4gF wi8rwjaqpszjJB5I6k8jzrl8FBPffhbw38tGUOLkkTZx+KduaBu6T9RvPRzx4tlauDXb684R LpXAXEdPmY56dfCmTLDQACMtR5+Gm8WxwJNIhTHsxX5f4jssiz+7OtYhCm/bM/mFulqZ2mAx ah2cx/zpXpWPQAm2kSC2akSxKgOgy2zhR503q3yPKO4b7lMTr6Eed4gd3pBWcQWDSNLP4ijN rVfIbcaNqEAhaX2lloUqwu3BDSjG+Xg7WF5hCPP+bZlyM4bAwv3+FYiQu4q4FPfgt/tMfZDC 8qLyJfl/zHbN/9Sw2mkzq/5KggOu9enQbhLe8mB9WY/MCzZrAysu7C6LXS2ysJSuEeV97Bfc u+ojE09hVlggjKT+P821JvzoY84m0D+/gJ+z6Q+cI7wWAt6e9miCJxKq2SAOpBrRt93W2hzo 3VSItwuvJe6eG0P1J0E7kSPLfKdepWO4hXtWfzXLTorzH5mebfqnx+p6gDg0ezzUMCozUxH5 jRIiNjCt30BllTT58GLR+E7/xKJ1yyGygbT7e9JOwYzk6/aIIQm2bk+itwYtkGrIw== IronPort-Data: A9a23:8yiHTauzQGnb6CCvG9drr9cStOfnVNJaMUV32f8akzHdYApBsoF/q tZmKTyAa/qLNDGnKoh0a9629UJXsJSDzdFrS1NprSg8FHsWgMeUXt7xwmUckM+xwm0vaGo9s q3yv/GZdJhcokf0/0vraP67xZVF/fngbqLmD+LZMTxGSwZhSSMw4TpugOdRbrRA2LBVOCvT/ 4upyyHjEAX9gWUtajhJs/vrRC5H5ZwehhtI5jTSWtgW5Dcyp1FNZLoDKKe4KWfPQ4U8NoZWk M6akdlVVkuAl/scIovNfoTTKyXmcZaOVeS6sUe6boD56vR0Soze5Y5gXBYUQR8/ZzxkBLmdw v0V3XC7YV9B0qEhBI3xXjEAexySM5Gq95f8HGmmq8K91nHdcl21/LY3KF4xGdUhr7Mf7WFmr ZT0KRgWawybwe+my7L9RPNlm8IjK8fmJsUTtxmMzxmAUK1gEM+FGvqbo4YCg1/chegWdRraT 88YYjpmYRCGfBBOIUw/AZMlkezuiGP2bjtYr1yYv+w77gA/ySQoi+W1b4WEI4fiqcN9w0uF/ 3yZw33FXz5ZZYCHwHm1yVX8ibqa9c/8cMdIfFGizdZjhFCDz2ofBQc+UFq7qP24gV+4HdlYL iQ88DAnsK4/7mSoQ8P7Uhn+p2SL1jYVQMZ4EOAg7gyJjK3O7G6xHmEZShZZYcEi8coxQiYnk FSOmrvBCTVpsbCRYXOa+bqdtzm1KW4TIHNqTSYCQREE4vHgrZs1gxaJScxseIawh8fpGDe2x zmXhCw/gagDy8IGyc2T5lfBjBqvq4LPQwpz4R/YNkq07hhRaoTjbIutgXDZ6vZGaoiQVUWIt nUCl+CR6ekPCdeGkynlaOYVB7Cv6PatMzDGh1NrWZ47+FyF4HKtVY9X5z56KQFiNcNsUT/gZ 0vOvite45hcOHbsZqhyC6qzDMAxxIDjGM7jW/SSacBBCrBoaQKB4CBoTU+L2H7klEUqjec0P pLzWditF3EyG6lhzSTwQ+YbzK9twToxg37QLbj+zhej1qG2f2yYU7oJMR2Oc4gR5aaFulqO8 tJ3OM6DyhEZW+r7CgHM/JQcIHgKJHw/FJawoMtSHsaJOgROBm4sEbnSzKkndogjmL5a/s/M/ 3egSgpbxUD5iHnvNwqHcDZgZanpUJI5qmg0VQQoPFC1yz0teoqi8qobX4U4cKNh9+F5y/NwC f4fdK297u9nE2mcvmVCKMCi/ck7LkvtmwfINGyrejEieZ5nSQHTvNPpFufyyBQz4uOMnZJWi 5WuzArGR5oESQl4SsHQbfOk1VSqunYB3ul1WiP1zhN7Iy0AKaA7enCjvex9OMwWNxTIyx2T0 gvcU19SpvDAr8VxuJPFjLyN5dXhWeZvPFtoL0+C55aPNA7e4jWCx61EW722Zjzzbj7/15ijQ uR39MvCFsM7smxEiKdGKIYz/5kCv4Pug5R40jVbGG76agX3K7F4fViD88p9loxM4b57uQKGf Ea+64RfMrCnYcngEEAjITQ0SuG50dAVhTjgwvAnK2rq5CJM3eSmUGcDGzKumSBiPL9OH4d9+ tgYuekS8B2ZthomFv2knxJk3T2AAVJYWpp2q6xAJpHgjzQa721rYLveO3fQ246OYdAdCXsaC GaYq4SajosN23eYVWQ4EEXM+u9vhZ4unhRu531aLnSrnuv1vNMG7Cdzwx8WEDsMlg5m1thtM FdFL0d2fKWC3wl5jfh5AlyDJVtzOw27yGfQlX0yi2zrf2u5XDfsLUo8G9q30mI3zmZ+RgVfr ZakkDvLcDCyZ8zg/DoAaWg8odzZcNFB3AnjmsemIse7I6cHcQfV2q+AWUdYqj/MI98Au0ncl Ow7oMdycfLaMAATkY0aCq6b96YaeCqbAGl8HcA78747G0PcdA7v3jLUGUS6e55OFcfr6m69M dRlfehUZiS91QGPjzEVPrENKLlKh8wU5MIOV7foBGweuZ6dk2ZZi43R/S3Am2MbedVivsIjI If3dTjZMGivqVZLum3K9u9oB3GZZIQaWQjCw+yFyuUFOJYduuVKc0tp8L+VvW2QATR37SCvo wLPSK/H/dNMkb02sdPXLZxCIAGoJffYdueCqlmzuusTS+L/C57FsgdNp2T3OwhTA6AqZO12s rawq//y4lLOuecncmLemqTZLZJz2+eJYLN1PP70fV5gpgnTfO/34hAGxXK0FowRrvNZ+fucZ lWZbOmeSIcrfulzlVNpbxpQKRI/M5jMT7zBoHq9psucCxJG3g3gKsimxEDTbmpaV3EpPrPmA VXKudKr1MFpnLpRDTBVAsNWIoJKD2LifYAEdNTBkyaSIUf1o1GFu5rkzQEB7xOSAFa6Mc/K2 7D3bTmgSwaT4YbmlMp4ta52tT0pVEdNu/E6JB8hyoQnmgKEA34jBsVDF5c/U7V/sDH4jbP8b xHzNFoSMz33B2l4QE+t8ebYf1mtA8IVMY3EPR0vxUSfbhm2CK6mALdM8iRB4W98SgD8zdOIe M0vxXntAiefmp1ZZ/4fxvies9dVwvn3wnEp+0ekt+fQBx0YI6sB1V0/PQ5reBHELfrwlxTwF TBofVxHfUC1dxegW4IoMXtYAwoQsz7T3i0lJ3XHisrWv4KAivZM0rvjMuX0yacOd9kOOKVIf 37sWm+R+CqD7xT/Y0fyVw4B2seY0c62I/U= IronPort-HdrOrdr: A9a23:+VWDVqxUEyFSRGE7w46oKrPwQ71zdoMgy1knxilNoH1uH/Bw+P rPoB1273XJYUgqOU3I8OroUMK9qBjnmaKdj7N/AV7bZmfbhFc= X-Talos-CUID: 9a23:lv5xrWtlwCJjhTKtiA+iUKq+6IseT2zE1nn+OnOjCEAwd/7MbUCX3Ptdxp8= X-Talos-MUID: 9a23:4rSwYQXvqHGbY6Pq/GLhmWh8a/tx3/mBSxFRiZxFi/KjZSMlbg== X-IronPort-Anti-Spam-Filtered: true X-IronPort-AV: E=Sophos;i="6.03,250,1694728800"; d="scan'208";a="135077913" Received: from 153-97-179-127.vm.c.fraunhofer.de (HELO smtp.exch.fraunhofer.de) ([153.97.179.127]) by mail-mtaKA28.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Oct 2023 11:42:53 +0200 Received: from XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) by XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.27; Wed, 25 Oct 2023 11:42:53 +0200 Received: from DEU01-FR2-obe.outbound.protection.outlook.com (104.47.11.168) by XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.27 via Frontend Transport; Wed, 25 Oct 2023 11:42:53 +0200 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=aZg46aljA1ZaPrmZW/IC1pQ37bPo6dOeNAYiyEhk7Yb18JkWQ5nRUeIPxnJBXlqJCUk3C7hZc2g5fkP9jiG2pl/bW2IFOEFwuiYFMrzmkcDryf5xbAYCVKd3ZGzuONkC4cnMo04hSaQoXueO+3TlUJgbvrawKHFRcreAAYs64VH0PacCBO53Zb2+9OhTChggiU/ZfgYy1AF0v+m2m9LCfnPdEkoyv2fnGmncgCACaajXkMlJjIom8YhCCFbQ/MZwClz1vNlazILy+mhDdKwhyU+G+0972Ack3gn+7GGzYiVp8VpLAdIfSUWa9MzF5xSNDT/iE9LoKRO+0cCbiRmcgg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=pmItj7lkIwuhol2iM4hM9jx316V5JBguShsE59bVwBM=; b=TmbAU09A9UN1rkR1oorAJvbs2SxyIBSsecpmG9kjjA3TiL0g2qdq+VsTNknHkkVwJs9zjjtTZj5XNkV42D9GdLBLOLGhiOlL+2ttDYA7FIfEoA86TzLpF/rXy9RxTq6lwVapzPhXCRhTQEcyzKExA1gP6vDGKGJt/ZGcfzt040+GIpLtlDbvuBv8mAG+NkTkTSYiKhh/AlyvV7wAViNntRg6wE9fHpPD/Pxk8fHsgB8N113Y2pzkW9veqFP47DCPDaap+SNEQc/C4uQFYZvFWrlE20kwpZOaWP0mtBF56TjqqreceUcK3B6bi1wNsAqk1mpKkvMuSCwZnT9c8lNXxQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=aisec.fraunhofer.de; dmarc=pass action=none header.from=aisec.fraunhofer.de; dkim=pass header.d=aisec.fraunhofer.de; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fraunhofer.onmicrosoft.com; s=selector2-fraunhofer-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pmItj7lkIwuhol2iM4hM9jx316V5JBguShsE59bVwBM=; b=KWzJjcuKN4JE3+ZXu1leRZxhoj/2gbUcw1V8F5sc/0BDcYirnxaiUgwngO6Yj4QLs7sBRzbYL2j5TL8OcFbpm992BVlVEZlp0dlr61NOY0pGrNCtbSbk8TGxOGtJ1TzT7z/KtN7cGfp2WOeooKrF0yHbTVPr6zROeE9xRcOogJc= Received: from BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:50::14) by BEZP281MB1814.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:5a::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6907.33; Wed, 25 Oct 2023 09:42:52 +0000 Received: from BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM ([fe80::7330:78f8:1bf2:2f4d]) by BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM ([fe80::7330:78f8:1bf2:2f4d%5]) with mapi id 15.20.6933.019; Wed, 25 Oct 2023 09:42:52 +0000 From: =?utf-8?q?Michael_Wei=C3=9F?= To: Alexander Mikhalitsyn , Christian Brauner , Alexei Starovoitov , Paul Moore CC: Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Quentin Monnet , Alexander Viro , Miklos Szeredi , Amir Goldstein , "Serge E. Hallyn" , , , , , =?utf-8?q?Michael_Wei=C3=9F?= Subject: [RESEND RFC PATCH v2 01/14] device_cgroup: Implement devcgroup hooks as lsm security hooks Date: Wed, 25 Oct 2023 11:42:11 +0200 Message-Id: <20231025094224.72858-2-michael.weiss@aisec.fraunhofer.de> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20231025094224.72858-1-michael.weiss@aisec.fraunhofer.de> References: <20231025094224.72858-1-michael.weiss@aisec.fraunhofer.de> X-ClientProxiedBy: FR4P281CA0420.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:d0::17) To BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:50::14) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BEZP281MB2791:EE_|BEZP281MB1814:EE_ X-MS-Office365-Filtering-Correlation-Id: 89133558-01a2-4e78-1f3b-08dbd53ec219 X-LD-Processed: f930300c-c97d-4019-be03-add650a171c4,ExtAddr X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: ScFY5SICWCi5VFR/ImqkvuiYTw7WuAsZjcHU4ycButAE4UsGUtOUynM1i7j41xF0+Z4Vfkmf6j5yXgNxKZqXJr7QrByiwAAtvDit802SR4mbqDe+y9veuXUTaSH9M7E9Lb4yyH441q+FQO5ZH/rqkGyYKm4yMjCmgT2KViaNu86YiDZRh76brPpdQTPGfA799WPxaOpn3S7agnRED79/m/4uxdoF2ODtfD9VdfyZgUIUiMYH9enVndYo8Ylma/8sPqI4qY+wLgTu5AuIbwZ8kenbOds2qw2x0H//1olC7mbommm7uQo3m3fybeLu++JEJHPaGeWMMyCgY6ptY7OBcyTS4MTmqnAYjsK0mmKuuEJkbR0WijtCugm/ft8Pkvn/GumY5QZ/0vjXSyDqqHmMY3dppHhGYxX/PVvlsK5TPS9wTwKErBkFPQEoWLwXG0mlhoYAzr4F69ToacOu85tj/ra+3uRvPhX1om6rMOlURkAIJN1d21IHgK5XchMudbPn66BvVNe/B02tBWFK54YHGlchzbIOfKm+LBHu8Smuf1mkI7UUh7FUUlse3mY0ZgJHc5Q9hz0RUm2pU7x1VHUmh9XHkZFKmxAb6Cp1E1yVtUk= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230031)(136003)(376002)(346002)(396003)(366004)(39860400002)(230922051799003)(186009)(1800799009)(451199024)(64100799003)(110136005)(38100700002)(41300700001)(2906002)(7416002)(86362001)(5660300002)(15650500001)(8676002)(8936002)(4326008)(6666004)(6506007)(478600001)(107886003)(54906003)(1076003)(82960400001)(66476007)(66946007)(316002)(66556008)(2616005)(83380400001)(6512007)(6486002)(52116002);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?ETjrZ5w+YGVamEwcY1h1OWNHR4Y1?= =?utf-8?q?q05QFSAMzQlpgZNHoFAjLKukJ1OBF/6npKCPs5gqzuN8irruVizDjMzYhj1Bl/XHZ?= =?utf-8?q?09MyMfueOBamv/Xc2ZT8hw8Yi1TGW11Qm1+Lr8mzB3FCybgGFgpwdIt7WorA/ReIx?= =?utf-8?q?rA9fvSTMygeXqbQz2acPB65f10VH23jBpF/Xk2tOILuf7nd7KUVoc6Foucf7CrvkK?= =?utf-8?q?+X0x8D36Rn+0GM2TEdl4raty0xxfKVLGkF52Gf4DJWCqSrE3d+nByHg90yLdMqbvO?= =?utf-8?q?N+1ITZ3atq2fGVWymgb0zpcjQ2fWIdG0f4Qlqn6PVFbUC9CcGtsgzXa6XAF7YWFog?= =?utf-8?q?myownr1v/SFE5SoyXs5Cv4kw4X3H8jnCMqEL6H2SKmWZyV2jqZr4PNHo+ZUEiXZ16?= =?utf-8?q?9KFPLWQW/yZbM1qlOF083sqZ73JWXTzro5kRk9eqBU4lzGGni4AV7qAWEd2yqbCvS?= =?utf-8?q?SdAaO8WQs23bhmA+55FXjg4zOGu1VYskkPY15qlep+H1tpxYCbaCSzu6ntD744O/G?= =?utf-8?q?DnL//mWZHjYZliNwL58Z+flbgsOzs8EjBbLAjdAwRD4p/b+xJiUoD9N95pgbDnVb0?= =?utf-8?q?C9EkhfMuXt3xALwZN7hT8Gi5qm4VGuWheM7Ot2Iu6+1RhyokPg5dk/ZTmaXArf5UW?= =?utf-8?q?y3TP9B5Y/TKKZmJxIsWqxkm5a/tvnccA+JxcWZM32Xnt3DtGCNjKPnF+Eb9PoTvww?= =?utf-8?q?RrMxDC1aUFehyIoneeBWL0+epgrcSwa+6lrEuxyIwijX9Ul5th+8jcCIdJpPdjcIz?= =?utf-8?q?C+VKH1UoosO3Drhf41yegM6X2BwXxcbS6zFihIp/KrD2BTQS9+MPs623DmPAAcPuR?= =?utf-8?q?OCivWP+rRVVEkMpQMgUAKFEZVmjiQiqd3da6jmI2fsNnONp8GOx4f3JRoZSYyXIOM?= =?utf-8?q?zfIjJopeO7sk06gHp8Gw8dO4TX5V+LfrB2ohn+TmcGIsA1Yyz4lptRu+as8YI2cwp?= =?utf-8?q?gOZA7Le/kP6x159ydC2SN+eQ2ybS4r+K+omkj6uWpzTUR4Mhsnhkf3Bnq7hlBYiFv?= =?utf-8?q?odJdTfKAjm3YkkLJWH92rnqPnKsrZtMt/jJu+eXWRUIsZwecjDIk7C6VMrE5Usbv/?= =?utf-8?q?f7vgzabxqkvpdg+GO0jnQjbU1pYxKMCiTnin/Fa59dJoUmv5OIdIBCk87S7hRVK0+?= =?utf-8?q?BAQuMLg3h6j22y4bhyNgaKGJAuq8O4zGD4lDZMwvxfqOP3cC1Uhjq4NpXUNAyHNX4?= =?utf-8?q?b5dUzLWi46qwgy02xcTS/YMLtXSQOwbvrpdckKhlj9nxqMp/4I13H4tas5rCj9KnR?= =?utf-8?q?UkCfDPnKEqi2TIwjJNofT/eiCtlfGpQGEUijjwD+kMdyHaomEblL8w2f2k1egTzBp?= =?utf-8?q?wC6xqeQRLO+Tk7FcqGSNgxlTHTxogyOYPPaxrW6SAoozEayu/3WhawLpj8u25kFrA?= =?utf-8?q?UDoDwHn7JZQ/3XQOFz8T1I8Pki/WekC93KYLbfcc49a2F7jnzvODHQVADJD0wo+mx?= =?utf-8?q?ALlxStiTH/oeddROi48rqP+145kEeIsH9d0/EQJYVwrfv1tCRtXzggrPT3Z4Lbs9G?= =?utf-8?q?vPnhm16s98n5qaHgb3U/E2Gq2XsZUbEVRI83PEpwj4783t1KEFlUqQ+85vNz939Ht?= =?utf-8?q?TjoH8gro8dIZXCGdwUxECxOFGZpWOaGUeix6uNQ6PP3n6FItHoUcbI=3D?= X-MS-Exchange-CrossTenant-Network-Message-Id: 89133558-01a2-4e78-1f3b-08dbd53ec219 X-MS-Exchange-CrossTenant-AuthSource: BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Oct 2023 09:42:52.5908 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f930300c-c97d-4019-be03-add650a171c4 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: wlB/ngqRoJJyjF/5UCmh/JKp5moB6LgnBl4R8bHyIafHah6+J7SNpaeY5ijT5sLxwe3doTiQ/R1+uHMPq+U5YmFrLEeWQ8ni/amBa8Z5haZid0526YfrjPUm9Ml0hovX X-MS-Exchange-Transport-CrossTenantHeadersStamped: BEZP281MB1814 X-OriginatorOrg: aisec.fraunhofer.de X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on morse.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (morse.vger.email [0.0.0.0]); Wed, 25 Oct 2023 02:44:30 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1780720152312679354 X-GMAIL-MSGID: 1780720152312679354 devcgroup_inode_mknod and devcgroup_inode_permission hooks are called at place where already the corresponding lsm hooks security_inode_mknod and security_inode_permission are called to govern device access. Though introduce a small LSM which implements those two security hooks instead of the additional explicit devcgroup calls. The explicit API will be removed when corresponding subsystems will drop the direct call to devcgroup hooks. Signed-off-by: Michael Weiß --- init/Kconfig | 4 + security/Kconfig | 1 + security/Makefile | 2 +- security/device_cgroup/Kconfig | 7 ++ security/device_cgroup/Makefile | 4 + security/{ => device_cgroup}/device_cgroup.c | 0 security/device_cgroup/lsm.c | 82 ++++++++++++++++++++ 7 files changed, 99 insertions(+), 1 deletion(-) create mode 100644 security/device_cgroup/Kconfig create mode 100644 security/device_cgroup/Makefile rename security/{ => device_cgroup}/device_cgroup.c (100%) create mode 100644 security/device_cgroup/lsm.c diff --git a/init/Kconfig b/init/Kconfig index 6d35728b94b2..5ed28dc821f3 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -1111,6 +1111,8 @@ config PROC_PID_CPUSET config CGROUP_DEVICE bool "Device controller" + select SECURITY + select SECURITY_DEVICE_CGROUP help Provides a cgroup controller implementing whitelists for devices which a process in the cgroup can mknod or open. @@ -1136,6 +1138,8 @@ config CGROUP_BPF bool "Support for eBPF programs attached to cgroups" depends on BPF_SYSCALL select SOCK_CGROUP_DATA + select SECURITY + select SECURITY_DEVICE_CGROUP help Allow attaching eBPF programs to a cgroup using the bpf(2) syscall command BPF_PROG_ATTACH. diff --git a/security/Kconfig b/security/Kconfig index 52c9af08ad35..0a0e60fc50e1 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -194,6 +194,7 @@ source "security/yama/Kconfig" source "security/safesetid/Kconfig" source "security/lockdown/Kconfig" source "security/landlock/Kconfig" +source "security/device_cgroup/Kconfig" source "security/integrity/Kconfig" diff --git a/security/Makefile b/security/Makefile index 18121f8f85cd..7000cb8a69e8 100644 --- a/security/Makefile +++ b/security/Makefile @@ -21,7 +21,7 @@ obj-$(CONFIG_SECURITY_YAMA) += yama/ obj-$(CONFIG_SECURITY_LOADPIN) += loadpin/ obj-$(CONFIG_SECURITY_SAFESETID) += safesetid/ obj-$(CONFIG_SECURITY_LOCKDOWN_LSM) += lockdown/ -obj-$(CONFIG_CGROUPS) += device_cgroup.o +obj-$(CONFIG_SECURITY_DEVICE_CGROUP) += device_cgroup/ obj-$(CONFIG_BPF_LSM) += bpf/ obj-$(CONFIG_SECURITY_LANDLOCK) += landlock/ diff --git a/security/device_cgroup/Kconfig b/security/device_cgroup/Kconfig new file mode 100644 index 000000000000..93934bda3b8e --- /dev/null +++ b/security/device_cgroup/Kconfig @@ -0,0 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only +config SECURITY_DEVICE_CGROUP + bool "Device Cgroup Support" + depends on SECURITY + help + Provides the necessary security framework integration + for cgroup device controller implementations. diff --git a/security/device_cgroup/Makefile b/security/device_cgroup/Makefile new file mode 100644 index 000000000000..c715b2b96388 --- /dev/null +++ b/security/device_cgroup/Makefile @@ -0,0 +1,4 @@ +# SPDX-License-Identifier: GPL-2.0-only +obj-$(CONFIG_SECURITY_DEVICE_CGROUP) += devcgroup.o + +devcgroup-y := lsm.o device_cgroup.o diff --git a/security/device_cgroup.c b/security/device_cgroup/device_cgroup.c similarity index 100% rename from security/device_cgroup.c rename to security/device_cgroup/device_cgroup.c diff --git a/security/device_cgroup/lsm.c b/security/device_cgroup/lsm.c new file mode 100644 index 000000000000..ef30cff1f610 --- /dev/null +++ b/security/device_cgroup/lsm.c @@ -0,0 +1,82 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Device cgroup security module + * + * This file contains device cgroup LSM hooks. + * + * Copyright (C) 2023 Fraunhofer AISEC. All rights reserved. + * Based on code copied from (which has no copyright) + * + * Authors: Michael Weiß + */ + +#include +#include +#include + +static int devcg_inode_permission(struct inode *inode, int mask) +{ + short type, access = 0; + + if (likely(!inode->i_rdev)) + return 0; + + if (S_ISBLK(inode->i_mode)) + type = DEVCG_DEV_BLOCK; + else if (S_ISCHR(inode->i_mode)) + type = DEVCG_DEV_CHAR; + else + return 0; + + if (mask & MAY_WRITE) + access |= DEVCG_ACC_WRITE; + if (mask & MAY_READ) + access |= DEVCG_ACC_READ; + + return devcgroup_check_permission(type, imajor(inode), iminor(inode), + access); +} + +static int __devcg_inode_mknod(int mode, dev_t dev, short access) +{ + short type; + + if (!S_ISBLK(mode) && !S_ISCHR(mode)) + return 0; + + if (S_ISCHR(mode) && dev == WHITEOUT_DEV) + return 0; + + if (S_ISBLK(mode)) + type = DEVCG_DEV_BLOCK; + else + type = DEVCG_DEV_CHAR; + + return devcgroup_check_permission(type, MAJOR(dev), MINOR(dev), + access); +} + +static int devcg_inode_mknod(struct inode *dir, struct dentry *dentry, + umode_t mode, dev_t dev) +{ + return __devcg_inode_mknod(mode, dev, DEVCG_ACC_MKNOD); +} + +static struct security_hook_list devcg_hooks[] __ro_after_init = { + LSM_HOOK_INIT(inode_permission, devcg_inode_permission), + LSM_HOOK_INIT(inode_mknod, devcg_inode_mknod), +}; + +static int __init devcgroup_init(void) +{ + security_add_hooks(devcg_hooks, ARRAY_SIZE(devcg_hooks), + "devcgroup"); + pr_info("device cgroup initialized\n"); + return 0; +} + +DEFINE_LSM(devcgroup) = { + .name = "devcgroup", + .order = LSM_ORDER_FIRST, + .init = devcgroup_init, +};