From patchwork Wed Feb 21 21:24:36 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Seth Forshee (DigitalOcean)" X-Patchwork-Id: 204440 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:693c:2685:b0:108:e6aa:91d0 with SMTP id mn5csp1309080dyc; Wed, 21 Feb 2024 13:31:57 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCUrVR+rrh9kf4QS4Fq4LVw9iVOgo+LWz9ab/u2krkMPx6JqcfbbI10c5+zzbaZ+Go06HXWfHppaVTAjzEG8UYl6PvmSwQ== X-Google-Smtp-Source: AGHT+IHKXSpHnkd24Qbti0Gc0ymqfoBIBYCaptxg6g2u/5Duv/hNEUJARpgzStmG09TqhXZ/vD+f X-Received: by 2002:a17:902:fc48:b0:1db:ab9e:8f90 with SMTP id me8-20020a170902fc4800b001dbab9e8f90mr16916203plb.37.1708551117525; Wed, 21 Feb 2024 13:31:57 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708551117; cv=pass; d=google.com; s=arc-20160816; b=B5WuL1UCn7/AqmzEsrzgKggou9+b0Ztg/E2ilGDf2bq6jp9wFo6kdJ3uU+ZKG8Ett/ eLeSbWHFe5Ado/I7aemVE06UXn93xl+S0X2qebsUDsVWcBYev6T44RjA3IKG/jVcb49t klmD0NsdKGt1C/OVALCRmg9hSwvXk1p3qO69P8WWXVTvLcvKTzYE1dZHJNxnk3qsRLlc YXyXfVjolm7XRD6BAWWl44IMATBH0Kx2MFJECVN47hf9vNARyDXInJqMCFnEaUIHclTn PbdYkpvlPru525scRpZPlct2oklXcoi0Uy4UqajIcDXzc66FsRNAIbnTu0N+vyapNHqt bMgw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :subject:date:from:dkim-signature; bh=aarMjRi0WuargejYC9IOxGS7CLuX4jgItHRLXm2Uqxg=; fh=hxP78V52DM11AQyZLnuoXzboSedtf373GjK953393po=; b=RMr9b8At55d9wvYh9gWUO/M3snUKl6yaaX86ovBYatnqlLpezLEtlQ+emMuWdxwTFY n4MXoLt/3DB2JdU/F+Ab7vj5YDh8E5gSR8rYhGeaJQDGUIlW4X0gAdsu3cElxYeFqBeT Ix0A5uspdIpxhdSz2dHfuz+JVbiMMX4xEkAJ+3G3/R9Zw9DFvzpww1/0UqhNng2pcSdg mU+7FQjknLX+hffKQ5zY4gQp7C4SSpUpqHkbcaZSpwTYccM/iHk0ZD7QWheJocc/lCWy +xeO/dQx7Cz7pB9SNHy0YWJOKsXlrE32AC6/7Y1xaz/mQFFyum+sqy1skj/vgnHbHpzv 9KXw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=XjwxMbdv; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-75526-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-75526-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id cp1-20020a170902e78100b001dbf15e6984si6138724plb.329.2024.02.21.13.31.57 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 21 Feb 2024 13:31:57 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-75526-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=XjwxMbdv; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-75526-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-75526-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 5BB5028279E for ; Wed, 21 Feb 2024 21:31:57 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 8CDA6153BE7; Wed, 21 Feb 2024 21:25:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="XjwxMbdv" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 64B73128394; Wed, 21 Feb 2024 21:25:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708550706; cv=none; b=Q4q8JKsmPlno6NaoZkrWCcxn1MSitML1Zes745M4k/I2ohzcWTulvSU+Ae+Mw0yovjndjFXDEdggd18tE4VAj/cUGRAn8456kYzcRhRjlkVcPkHjUY62s597aHe7nzqfEJsqXrcTFCk1oS4lyZU6o0JKhn5UIFLbCbSa2633Vt8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708550706; c=relaxed/simple; bh=YMHnxXBEI/P1sDB6/aXu4KjyTt4t2HZBNesMC/3zNhs=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=DlgR4cYhTE+BjJubSU8YMlbKueXkTuvxL+OqT/ys4zNA0pIowotpo+9642R0bMYVXdkyWmc+ZAxPY+vcKKPdvXujaFJ4CCF+NwxSPBShVo+uTLFoE/e2OJpcSJA0GsKCu5cuDIJluZ0yuBnTXm2fQytvQN2y3kq4um1ZCpLAOWE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=XjwxMbdv; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPS id DA736C43142; Wed, 21 Feb 2024 21:25:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1708550705; bh=YMHnxXBEI/P1sDB6/aXu4KjyTt4t2HZBNesMC/3zNhs=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=XjwxMbdvpIklZ8ZuHRgo1ZSr3vrHNwetBmLgeLQE2/bMuolrgZlbTjx8oPW9vwdgi cLmH0Q2OwPUDxt0zRKR/wdErY+SE0avhim9OvOhNSVr8N1OkjwZFA6YgwD7LElt12Z 5QNuTTmceyB+2/4GW5sZzuzVlJlGSF0xbhruokYGvZYf3iQkr62QmX/uw+8a2XmCVh 9/box8wK3rfkiM0mxilfKZuDCdkYKM/vEn/t/JdMKq8sjN/J8TDYURff8m0KjUKgIL bCu4g1Nv7T5UvRVIbNvsSLgkeF351qz1KsZphPgu4QwgHP+oJvwcSYHFqphnW0jBXy pEYIHqTPQLAAQ== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C73FCC5478C; Wed, 21 Feb 2024 21:25:05 +0000 (UTC) From: "Seth Forshee (DigitalOcean)" Date: Wed, 21 Feb 2024 15:24:36 -0600 Subject: [PATCH v2 05/25] capability: use vfsuid_t for vfs_caps rootids Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20240221-idmap-fscap-refactor-v2-5-3039364623bd@kernel.org> References: <20240221-idmap-fscap-refactor-v2-0-3039364623bd@kernel.org> In-Reply-To: <20240221-idmap-fscap-refactor-v2-0-3039364623bd@kernel.org> To: Christian Brauner , Seth Forshee , Serge Hallyn , Paul Moore , Eric Paris , James Morris , Alexander Viro , Jan Kara , Stephen Smalley , Ondrej Mosnacek , Casey Schaufler , Mimi Zohar , Roberto Sassu , Dmitry Kasatkin , Eric Snowberg , "Matthew Wilcox (Oracle)" , Jonathan Corbet , Miklos Szeredi , Amir Goldstein Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, audit@vger.kernel.org, selinux@vger.kernel.org, linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org, linux-unionfs@vger.kernel.org X-Mailer: b4 0.12.4 X-Developer-Signature: v=1; a=openpgp-sha256; l=2813; i=sforshee@kernel.org; h=from:subject:message-id; bh=YMHnxXBEI/P1sDB6/aXu4KjyTt4t2HZBNesMC/3zNhs=; =?utf-8?q?b=3DowEBbQGS/pANAwAKAVMDma7l9DHJAcsmYgBl1moc9PlzOKO/Kyx+lBa/M3xom?= =?utf-8?q?Z3GPJVZxjtiE7L2_DuW0zcKJATMEAAEKAB0WIQSQnt+rKAvnETy4Hc9TA5mu5fQxy?= =?utf-8?q?QUCZdZqHAAKCRBTA5mu5fQxyWfCB/_43YTrTvfhVuOT0q1B/D6FhejPBxQNkO/BnY?= =?utf-8?q?Q3ZrnKJbTbp44bZUF5mGs5jcP2xDdmAjW4CEnAhSy9M_pSzcb+7UKv6auwA0B0Y6B?= =?utf-8?q?d0Rabx/8z/3pnoUYWlLrgXWJluVZbFhrZmEhI0nSpdP/a3wwqdkBRl7xn_ATu5t0u?= =?utf-8?q?CHGnbdr9CRQvE2DGGQiB0rHgAD6mxoWAPQpW+fKMiBNbPOwu7YKPvaynD5JTZ6Evl?= =?utf-8?q?TiSlrf_whTtvzTnkpe2dGqZVxeEsNQ35AkJQgMEAYwSro7u4f2w9R/b5hO7M8WOg8?= =?utf-8?q?/KkOoZBzahTBqYE+QJg2?= KzNOWFT6FYRXRuHJ01Uf7V739eWk+C X-Developer-Key: i=sforshee@kernel.org; a=openpgp; fpr=2ABCA7498D83E1D32D51D3B5AB4800A62DB9F73A X-Endpoint-Received: by B4 Relay for sforshee@kernel.org/default with auth_id=103 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1791545696520891676 X-GMAIL-MSGID: 1791545696520891676 The rootid is a kuid_t, but it contains an id which maped into a mount idmapping, so it is really a vfsuid. This is confusing and creates potential for misuse of the value, so change it to vfsuid_t. Acked-by: Paul Moore Signed-off-by: Seth Forshee (DigitalOcean) Reviewed-by: Christian Brauner --- include/linux/capability.h | 3 ++- kernel/auditsc.c | 5 +++-- security/commoncap.c | 2 +- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/include/linux/capability.h b/include/linux/capability.h index c24477e660fc..eb46d346bbbc 100644 --- a/include/linux/capability.h +++ b/include/linux/capability.h @@ -16,6 +16,7 @@ #include #include #include +#include #define _KERNEL_CAPABILITY_VERSION _LINUX_CAPABILITY_VERSION_3 @@ -26,7 +27,7 @@ typedef struct { u64 val; } kernel_cap_t; /* same as vfs_ns_cap_data but in cpu endian and always filled completely */ struct vfs_caps { __u32 magic_etc; - kuid_t rootid; + vfsuid_t rootid; kernel_cap_t permitted; kernel_cap_t inheritable; }; diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 783d0bf69ca5..65691450b080 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -65,6 +65,7 @@ #include #include // struct open_how #include +#include #include "audit.h" @@ -2260,7 +2261,7 @@ static inline int audit_copy_fcaps(struct audit_names *name, name->fcap.permitted = caps.permitted; name->fcap.inheritable = caps.inheritable; name->fcap.fE = !!(caps.magic_etc & VFS_CAP_FLAGS_EFFECTIVE); - name->fcap.rootid = caps.rootid; + name->fcap.rootid = AS_KUIDT(caps.rootid); name->fcap_ver = (caps.magic_etc & VFS_CAP_REVISION_MASK) >> VFS_CAP_REVISION_SHIFT; @@ -2816,7 +2817,7 @@ int __audit_log_bprm_fcaps(struct linux_binprm *bprm, ax->fcap.permitted = vcaps.permitted; ax->fcap.inheritable = vcaps.inheritable; ax->fcap.fE = !!(vcaps.magic_etc & VFS_CAP_FLAGS_EFFECTIVE); - ax->fcap.rootid = vcaps.rootid; + ax->fcap.rootid = AS_KUIDT(vcaps.rootid); ax->fcap_ver = (vcaps.magic_etc & VFS_CAP_REVISION_MASK) >> VFS_CAP_REVISION_SHIFT; ax->old_pcap.permitted = old->cap_permitted; diff --git a/security/commoncap.c b/security/commoncap.c index 7cda247dc7e9..a0b5c9740759 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -711,7 +711,7 @@ int get_vfs_caps_from_disk(struct mnt_idmap *idmap, cpu_caps->permitted.val &= CAP_VALID_MASK; cpu_caps->inheritable.val &= CAP_VALID_MASK; - cpu_caps->rootid = vfsuid_into_kuid(rootvfsuid); + cpu_caps->rootid = rootvfsuid; return 0; }