From patchwork Wed Oct 18 10:50:20 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Michael_Wei=C3=9F?= X-Patchwork-Id: 154805 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2908:b0:403:3b70:6f57 with SMTP id ib8csp4701220vqb; Wed, 18 Oct 2023 03:51:52 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHCs9v42S6DcH1LTh1YR786nbqoOxcTnSh7THl+LrOyFczYEganpOkdOdzFSWi2+lbDBDKr X-Received: by 2002:a05:6a00:1d09:b0:6bc:ff89:a2fc with SMTP id a9-20020a056a001d0900b006bcff89a2fcmr4847344pfx.2.1697626312303; Wed, 18 Oct 2023 03:51:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697626312; cv=none; d=google.com; s=arc-20160816; b=r9+p2CMgaZl5WTIWsjiWs1l2prKQPnlmyawwqTQKKe9GgIRh6XF369LGju1t4gIis8 U6LMNH+mwb3O7rSMRc3pLK5QzM93cm2JyNgKn5tCjKiHljntbl3e7pHyeRBMGbGMWaQs /6/g3gVf7nM+SE5ZFNexteep0x2v/41X/2LK+NBGJyIlfRWhy4g/ETQ3W21Mdqj8PJoc 8wHuE+Qyz2ksFtyfQnc6Fc6zO+fQ/eBE827lLwOyrBj3I3D/wnz7ymOdYwt+B3GMsMEE Ki4mcUIcaz6JkV4d9iG/R7RvIxXNpKyqlhBdlF9tS4aVk0LMfx7zjtUuqDQcfgcLuKm0 klsw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:ui-outboundreport:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=pmItj7lkIwuhol2iM4hM9jx316V5JBguShsE59bVwBM=; fh=c4ql7d5QsFreQmYQr7ycbAsMayBEmNUOv2nmR/PVp9M=; b=N9WQsFUK5z13+pGRxmmHoJOsCn5tvekZmOXRVtddNtnxf2gmDoaVCz7TwE1Y/gES+b T/VXRLXleEYrSueAezrpnEmnJsgCcAP9J9bVLcxpeUfcYtFwW9aACcGx+N0H7z7+AMO0 EL4v34PyVItSgM0eo2AUn290YEm0qp9gYbnqxFdaqIQVcEfbu5ONCAm/J0/SRK6zDxZu Npnc2Snd5NVo8SilywribiqP3K1IcAvmwpmBQwqEL0MizXoBysZ1JFt8f7B3dEDY4oF2 NZhJM3jEAJUpEfc7N7OhBzvEII6w+XcmCWj5z1yjWCndYgJBiIBnyaR450JZhJQsmtzy gbEA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from snail.vger.email (snail.vger.email. [2620:137:e000::3:7]) by mx.google.com with ESMTPS id r201-20020a632bd2000000b005acf91427cfsi1815564pgr.628.2023.10.18.03.51.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Oct 2023 03:51:52 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) client-ip=2620:137:e000::3:7; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 706B98134CDE; Wed, 18 Oct 2023 03:51:51 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235172AbjJRKvk (ORCPT + 24 others); Wed, 18 Oct 2023 06:51:40 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48968 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230107AbjJRKvc (ORCPT ); Wed, 18 Oct 2023 06:51:32 -0400 Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2E06AEA; Wed, 18 Oct 2023 03:51:26 -0700 (PDT) Received: from weisslap.aisec.fraunhofer.de ([91.67.186.133]) by mrelayeu.kundenserver.de (mreue012 [212.227.15.167]) with ESMTPSA (Nemesis) id 1MV2Sk-1r0Fxo2dio-00S59G; Wed, 18 Oct 2023 12:50:54 +0200 From: =?utf-8?q?Michael_Wei=C3=9F?= To: Alexander Mikhalitsyn , Christian Brauner , Alexei Starovoitov , Paul Moore Cc: Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Quentin Monnet , Alexander Viro , Miklos Szeredi , Amir Goldstein , "Serge E. Hallyn" , bpf@vger.kernel.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, gyroidos@aisec.fraunhofer.de, =?utf-8?q?Mich?= =?utf-8?q?ael_Wei=C3=9F?= Subject: [RFC PATCH v2 01/14] device_cgroup: Implement devcgroup hooks as lsm security hooks Date: Wed, 18 Oct 2023 12:50:20 +0200 Message-Id: <20231018105033.13669-2-michael.weiss@aisec.fraunhofer.de> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20231018105033.13669-1-michael.weiss@aisec.fraunhofer.de> References: <20231018105033.13669-1-michael.weiss@aisec.fraunhofer.de> MIME-Version: 1.0 X-Provags-ID: V03:K1:NYn2Q/FJsBpPLwL6AYRbw6g+mvD9uXm7MaGGQ06m5jjG1FNv7WU 2QTVffPny26UCwr+vVG/VsOvJeacDtyPD2cEohjwK10jpsaM9yjlzhyo06yNdXHT4qA3ltF jOwkVSym6NcX4BC5vvMfHaA6UiAMhWIAhlWsvtcbBXSfQopFNFUM3akIwD2/YRJuZR0StAa /6EDn8+trYkP+8p5/x1Bg== UI-OutboundReport: notjunk:1;M01:P0:aqgkTipOigE=;YCpIJ+5sW523xU65I2Dfqei/MFg Qdqu1xWW1cIDqsky2u2vbp/3rW9K7eCtKjEwne/qlAH/tzYmw7Uz3wD9zuE3VRCv/7MGtdYAF rYZ4FXtv7v4sVyTjxcDV0Z/dIIvD2I97tY+4eIbrzzyiUkE/pJD9qpS8hXyrirca0TZKhURFO oaAKalshJVI/0fmSIOes5YfLNmwDUPKAzhLHYyqYRaEYabgIY66B5Hhn6xAdZQYVlsE5p/B9D UVTYd59JJP80yhbATGiB1erA6OneCjJLPxSVU8zoHyZRn37ePgadxQ+7qDzEbp2g31RvglCQ1 MXcSqv/FVP08kQXfYQ4MgElcN1fMlfvBNEnnalBWcmRfkUstJ3k8Wl605di5wnblhcKkWJFMy piztMydvWeWfI56BaEy9GiGgOp7Je6sIVMS0BGmZnSvjBj6SPcp7PB3/wU3pW2r+lMb5Phq1q 5A9Z1gIbiD1upPVf9K57t5UYsqcRp4EP9Vtf4SGmA8phxe7zP3B9HNJ2RK/0xhizRxeUsOpf5 FFToK5jrwyxx6oa7MohYpzV4y7mXs6HdueqB/HGDMMyv0bLMf275reksEtVX8qxgkNGqlv2hn B1lLyszJktFNpRd6348xQTSLFPCQF6sVwfHqtVJFQi1GW+mYhQPS7Bo1gZMwDPPPHSxT22tGv 7vQMLUZwLEWdMvVwnXyrPdfqpyGevQb/3qcZ3Ep788TYcjaJs4r+e81j4ndgDyHzMlATEcL0H IQGjlL/OVklULuuqo0b24//j7tavwra5ri/xLJndvPx3xGz266lrCPI6AtH3Mlc0ltRPzBt6Q y0Wm+Em8hhE4+6DyviRBVOy7cYZNlyBIpHIqqjEhTE7/GTHnogOBBd3QZNHxTR7TyG6xUJWBN wcfNVOblIO4FTwA== X-Spam-Status: No, score=-1.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_SOFTFAIL autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Wed, 18 Oct 2023 03:51:51 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1780090208284534642 X-GMAIL-MSGID: 1780090208284534642 devcgroup_inode_mknod and devcgroup_inode_permission hooks are called at place where already the corresponding lsm hooks security_inode_mknod and security_inode_permission are called to govern device access. Though introduce a small LSM which implements those two security hooks instead of the additional explicit devcgroup calls. The explicit API will be removed when corresponding subsystems will drop the direct call to devcgroup hooks. Signed-off-by: Michael Weiß --- init/Kconfig | 4 + security/Kconfig | 1 + security/Makefile | 2 +- security/device_cgroup/Kconfig | 7 ++ security/device_cgroup/Makefile | 4 + security/{ => device_cgroup}/device_cgroup.c | 0 security/device_cgroup/lsm.c | 82 ++++++++++++++++++++ 7 files changed, 99 insertions(+), 1 deletion(-) create mode 100644 security/device_cgroup/Kconfig create mode 100644 security/device_cgroup/Makefile rename security/{ => device_cgroup}/device_cgroup.c (100%) create mode 100644 security/device_cgroup/lsm.c diff --git a/init/Kconfig b/init/Kconfig index 6d35728b94b2..5ed28dc821f3 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -1111,6 +1111,8 @@ config PROC_PID_CPUSET config CGROUP_DEVICE bool "Device controller" + select SECURITY + select SECURITY_DEVICE_CGROUP help Provides a cgroup controller implementing whitelists for devices which a process in the cgroup can mknod or open. @@ -1136,6 +1138,8 @@ config CGROUP_BPF bool "Support for eBPF programs attached to cgroups" depends on BPF_SYSCALL select SOCK_CGROUP_DATA + select SECURITY + select SECURITY_DEVICE_CGROUP help Allow attaching eBPF programs to a cgroup using the bpf(2) syscall command BPF_PROG_ATTACH. diff --git a/security/Kconfig b/security/Kconfig index 52c9af08ad35..0a0e60fc50e1 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -194,6 +194,7 @@ source "security/yama/Kconfig" source "security/safesetid/Kconfig" source "security/lockdown/Kconfig" source "security/landlock/Kconfig" +source "security/device_cgroup/Kconfig" source "security/integrity/Kconfig" diff --git a/security/Makefile b/security/Makefile index 18121f8f85cd..7000cb8a69e8 100644 --- a/security/Makefile +++ b/security/Makefile @@ -21,7 +21,7 @@ obj-$(CONFIG_SECURITY_YAMA) += yama/ obj-$(CONFIG_SECURITY_LOADPIN) += loadpin/ obj-$(CONFIG_SECURITY_SAFESETID) += safesetid/ obj-$(CONFIG_SECURITY_LOCKDOWN_LSM) += lockdown/ -obj-$(CONFIG_CGROUPS) += device_cgroup.o +obj-$(CONFIG_SECURITY_DEVICE_CGROUP) += device_cgroup/ obj-$(CONFIG_BPF_LSM) += bpf/ obj-$(CONFIG_SECURITY_LANDLOCK) += landlock/ diff --git a/security/device_cgroup/Kconfig b/security/device_cgroup/Kconfig new file mode 100644 index 000000000000..93934bda3b8e --- /dev/null +++ b/security/device_cgroup/Kconfig @@ -0,0 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only +config SECURITY_DEVICE_CGROUP + bool "Device Cgroup Support" + depends on SECURITY + help + Provides the necessary security framework integration + for cgroup device controller implementations. diff --git a/security/device_cgroup/Makefile b/security/device_cgroup/Makefile new file mode 100644 index 000000000000..c715b2b96388 --- /dev/null +++ b/security/device_cgroup/Makefile @@ -0,0 +1,4 @@ +# SPDX-License-Identifier: GPL-2.0-only +obj-$(CONFIG_SECURITY_DEVICE_CGROUP) += devcgroup.o + +devcgroup-y := lsm.o device_cgroup.o diff --git a/security/device_cgroup.c b/security/device_cgroup/device_cgroup.c similarity index 100% rename from security/device_cgroup.c rename to security/device_cgroup/device_cgroup.c diff --git a/security/device_cgroup/lsm.c b/security/device_cgroup/lsm.c new file mode 100644 index 000000000000..ef30cff1f610 --- /dev/null +++ b/security/device_cgroup/lsm.c @@ -0,0 +1,82 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Device cgroup security module + * + * This file contains device cgroup LSM hooks. + * + * Copyright (C) 2023 Fraunhofer AISEC. All rights reserved. + * Based on code copied from (which has no copyright) + * + * Authors: Michael Weiß + */ + +#include +#include +#include + +static int devcg_inode_permission(struct inode *inode, int mask) +{ + short type, access = 0; + + if (likely(!inode->i_rdev)) + return 0; + + if (S_ISBLK(inode->i_mode)) + type = DEVCG_DEV_BLOCK; + else if (S_ISCHR(inode->i_mode)) + type = DEVCG_DEV_CHAR; + else + return 0; + + if (mask & MAY_WRITE) + access |= DEVCG_ACC_WRITE; + if (mask & MAY_READ) + access |= DEVCG_ACC_READ; + + return devcgroup_check_permission(type, imajor(inode), iminor(inode), + access); +} + +static int __devcg_inode_mknod(int mode, dev_t dev, short access) +{ + short type; + + if (!S_ISBLK(mode) && !S_ISCHR(mode)) + return 0; + + if (S_ISCHR(mode) && dev == WHITEOUT_DEV) + return 0; + + if (S_ISBLK(mode)) + type = DEVCG_DEV_BLOCK; + else + type = DEVCG_DEV_CHAR; + + return devcgroup_check_permission(type, MAJOR(dev), MINOR(dev), + access); +} + +static int devcg_inode_mknod(struct inode *dir, struct dentry *dentry, + umode_t mode, dev_t dev) +{ + return __devcg_inode_mknod(mode, dev, DEVCG_ACC_MKNOD); +} + +static struct security_hook_list devcg_hooks[] __ro_after_init = { + LSM_HOOK_INIT(inode_permission, devcg_inode_permission), + LSM_HOOK_INIT(inode_mknod, devcg_inode_mknod), +}; + +static int __init devcgroup_init(void) +{ + security_add_hooks(devcg_hooks, ARRAY_SIZE(devcg_hooks), + "devcgroup"); + pr_info("device cgroup initialized\n"); + return 0; +} + +DEFINE_LSM(devcgroup) = { + .name = "devcgroup", + .order = LSM_ORDER_FIRST, + .init = devcgroup_init, +}; From patchwork Wed Oct 18 10:50:21 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Michael_Wei=C3=9F?= X-Patchwork-Id: 154817 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2908:b0:403:3b70:6f57 with SMTP id ib8csp4703356vqb; Wed, 18 Oct 2023 03:57:28 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGPVhXG5YVIm0E7h1UttT3YP+KyDJU+egOlCpkS+BMJMqFD4GxnrSsHyL2CSPJiTbHoAIP+ X-Received: by 2002:a05:6a00:330c:b0:68e:2fd4:288a with SMTP id cq12-20020a056a00330c00b0068e2fd4288amr4671486pfb.3.1697626648262; Wed, 18 Oct 2023 03:57:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697626648; cv=none; d=google.com; s=arc-20160816; b=hi3No7uoZbg3hkipHPCStesyYmL8WJVd9j97wQULXk9EWOrfa3AmtUi+//SOHa1nu6 b7qVEgqfNqnC4AIW5JJqgkWvWLwbocC3OUg6CA2FqWu2iwfNxvcNJLoNM/j7iM3GCaSP ZRk0zxDtPyMfDA90PW1c50VYdt5N6iIG/tng08IEEK6nZZK9mP6c/d1mHtu9w1lfhrV+ Lec/9BK8GtWhoVtxvJRY319PRb5lkqPEshJeYb3+5ZaSfDY3Suc91X3MSdf1YfgJXT4Y 4aL1AoLXyoagQAS7f6iV6d6qSyxLkQA2/pLfMpdevBanFnvgm4pK7R950kL85mhIPh2l USkg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:ui-outboundreport:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=aCT4SgUoL/0yussYGEXY6ao3ykL3wUcuHQGDwrCZVEU=; fh=c4ql7d5QsFreQmYQr7ycbAsMayBEmNUOv2nmR/PVp9M=; b=E+7MrYopPV/7DdH6SHd4MSFIDN81OaYwsm8xzxMD8fFGV+kqeZA52cJcc8Gf5pXnw6 uQnZQghwNs7FNUNuLJqGNOU8hDgQ11+KPaSnfBBziorSVEFctvz7rsijzVmvEf/70eNx uq7MM4Us9irefFlUEUE6ZBSssrscjx15ockSQ1L1fxO2hxBh4EnqJnGREg+MiEyyZ+RU FmT1Ah+3MNffDrJzywa0IHUjYUvWXlsx6gGoXMc06r8uy/7NdcbDxhF5EaIX1sUnN7zf fEfcJC7WQhu6ubRKzBZEoa0Q+XrurGPad4ENTYHueYZ+I+Bd6TcdoRYRRCTOpI7D0OwQ Ibfg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from snail.vger.email (snail.vger.email. [2620:137:e000::3:7]) by mx.google.com with ESMTPS id v67-20020a626146000000b006bd92819450si1350952pfb.170.2023.10.18.03.57.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Oct 2023 03:57:28 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) client-ip=2620:137:e000::3:7; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 5A83181393C0; Wed, 18 Oct 2023 03:57:27 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230019AbjJRK5T (ORCPT + 24 others); Wed, 18 Oct 2023 06:57:19 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40420 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229966AbjJRK5H (ORCPT ); Wed, 18 Oct 2023 06:57:07 -0400 Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.134]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 29D99FE; Wed, 18 Oct 2023 03:57:01 -0700 (PDT) Received: from weisslap.aisec.fraunhofer.de ([91.67.186.133]) by mrelayeu.kundenserver.de (mreue012 [212.227.15.167]) with ESMTPSA (Nemesis) id 1MhWx1-1rVgc83BZ5-00eePP; Wed, 18 Oct 2023 12:50:55 +0200 From: =?utf-8?q?Michael_Wei=C3=9F?= To: Alexander Mikhalitsyn , Christian Brauner , Alexei Starovoitov , Paul Moore Cc: Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Quentin Monnet , Alexander Viro , Miklos Szeredi , Amir Goldstein , "Serge E. Hallyn" , bpf@vger.kernel.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, gyroidos@aisec.fraunhofer.de, =?utf-8?q?Mich?= =?utf-8?q?ael_Wei=C3=9F?= Subject: [RFC PATCH v2 02/14] vfs: Remove explicit devcgroup_inode calls Date: Wed, 18 Oct 2023 12:50:21 +0200 Message-Id: <20231018105033.13669-3-michael.weiss@aisec.fraunhofer.de> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20231018105033.13669-1-michael.weiss@aisec.fraunhofer.de> References: <20231018105033.13669-1-michael.weiss@aisec.fraunhofer.de> MIME-Version: 1.0 X-Provags-ID: V03:K1:MwrgA482pCeYk6KYV5/2aD7JrSA7beredsb42ak4qjUk29yCG4F 7ozM/orvi5JvxuxaHlfd7s3x0H6l8BEfSx9VyqBcaIMLhD2HvadYIa310SbPVj9WBZNA5hN eyEBw2WJnInrwDmOLPUoqvtPwe9sY67pqLb7cEuGdcA/Yz8Qz3Zy7I/E6gv2ci5xum09k4D o1DVQbV79xFvjqjsXz2pQ== UI-OutboundReport: notjunk:1;M01:P0:1PbBlzRlcpE=;1PQasu6XjQfwCddLHV02Vs2Km+I mCHapxjy4piWul7yxhld7hFtIyqov59KRgk/xxmmWaDICYqlPkE7cQ/e/TgZXI1rYvmt932js NB6XZ5PZxAlDZdC/GcfnM28zEVKaVAw7s0PwS5uEUvI9jy+szhJqcABicjROD6csQWS3mqJi5 cTjQsE/5DDjUi94ATRXwsoeQKJ19Sj9o1615svODHUtw02Sef+9nYRb/ak8qSYwewJyANFrUA eiKDldV1luSBV9xgikMW7JeHh9rmfQVJvbcwh8CHfhA9vcMotyoEwoZ5tsN6tTWCrScXw5y3e chcPudB3+H3NdPqfRFUq67+xxz3I2Sqx8PcSxkVZlCMPe7Q/3KGKkZHGftG37q02lAsRczTxg qNySApya/dYiqVM7AYXSmt2zjhCq0m5fzNAk6kHRjL+G/RTCS0HJkmkxq0XtULXKA42bR3b/P pspj/yaxSe8m1Mo5ub0FAqv0e969zM3zhAF7RDAQjGWonGD7kBii0cH/mYSSrqAoEAK1eo4jw t0wlLEfkxYML28X7/003vWddEB3a27aKLHdGHnf1sXzuTzeJiCektpr0ppgvoxAmUYwRkOd7U XcVV4otNWI5FPR/JdkAcH5Rv6aVUsjEEwUQny8xwZrj8oHXDB41KEkZTI159qq9XnpTGxpBpO N7htj1qHtJY0sMZ/IejuxmBWZPJYCtsNOQ0swLTnvhhYTxyP/LlN/gmi1NwUNUDRAIK3FKsZQ KgNfJDJVAWJFCt4oPmGKNHrTP5wPFCx3NLRsW1Dk0jnXp/tLtSgwuf6W+GJf2ZtK78H79ROOG zE8tMIMWL4gPQouWVfAv7rvp2nTsbmZ/1ir6hbBIAiySGjsLKTIZyiY+pnIoKjVgh/bxO6nrZ RV/jBc5FLTsgYN3Pl9orJp06QaHtJjLnnfhI= X-Spam-Status: No, score=-1.2 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H5,RCVD_IN_MSPIKE_WL, SPF_HELO_NONE,SPF_SOFTFAIL autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Wed, 18 Oct 2023 03:57:27 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1780090560329107683 X-GMAIL-MSGID: 1780090560329107683 Since the new lsm-based cgroup device access control is settled, the explicit calls to devcgroup_inode_permission and devcgroup_inode_mknod in fs/namei.c are redundant and can safely be dropped. The corresponding security_inode_permission and security_inode_mknod hooks are taking over. Signed-off-by: Michael Weiß --- fs/namei.c | 8 -------- 1 file changed, 8 deletions(-) diff --git a/fs/namei.c b/fs/namei.c index 567ee547492b..f601fcbdc4d2 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -34,7 +34,6 @@ #include #include #include -#include #include #include #include @@ -529,10 +528,6 @@ int inode_permission(struct mnt_idmap *idmap, if (retval) return retval; - retval = devcgroup_inode_permission(inode, mask); - if (retval) - return retval; - return security_inode_permission(inode, mask); } EXPORT_SYMBOL(inode_permission); @@ -3987,9 +3982,6 @@ int vfs_mknod(struct mnt_idmap *idmap, struct inode *dir, return -EPERM; mode = vfs_prepare_mode(idmap, dir, mode, mode, mode); - error = devcgroup_inode_mknod(mode, dev); - if (error) - return error; error = security_inode_mknod(dir, dentry, mode, dev); if (error) From patchwork Wed Oct 18 10:50:22 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Michael_Wei=C3=9F?= X-Patchwork-Id: 154804 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2908:b0:403:3b70:6f57 with SMTP id ib8csp4701168vqb; Wed, 18 Oct 2023 03:51:45 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEhKlGodR5F5Lf3ct5ikuupIFgd8Rk6WP9gpk9F/xwFaTBmQnvD5pmLEeTnjnfJDeYx0Kfq X-Received: by 2002:a17:902:ec89:b0:1ca:85b4:b962 with SMTP id x9-20020a170902ec8900b001ca85b4b962mr4808503plg.4.1697626305203; Wed, 18 Oct 2023 03:51:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697626305; cv=none; d=google.com; s=arc-20160816; b=lApoNtoiHRHTDKDiezItzV6RAK34snJ3uXkqfmwffYySifsru/jFWRPfcj0xUVDSIJ JHHIdDj/fQzyPXSyyzOw/wb9L/GaJmaX4lmQgwTDfXDOAmvmwHargD4MMbDFvat/Gxix nejTv0QnvQHMdYEF/W2B8hOi8O1embEo73RlCmezw4cw8Dwfll1x3lbKZzM/0nrERUkf s0eUDwzW1xtEWxKU3o8wkLlHw62Hv8k4kHJIvdQ0g83F6weK8wwPRGkPnSbqtqBy3KJ8 8eVTFuzSXNjY4KyiMxWZUnKkSgWUwLX44kX2nYKGe+8ukhEZultKUpKhnovtjMK4FzmH hq9w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:ui-outboundreport:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=jCQjkLBQou1K1XlAT1aHJgI/ZpqOx9/gRhKcqbH3k+s=; fh=c4ql7d5QsFreQmYQr7ycbAsMayBEmNUOv2nmR/PVp9M=; b=vjlOrU7oGgkkn8v8YV8g3+xicPgzys2Z5ViKODRZJVopS18u//webIIoks4UjgWXqe z2Il3fPHZtSXdnX8zl9pD3UJBv2BpHEaOY6iElcEI/gGBlIXM0Z3oQO4TQI7d+veDVL6 Zomlx2EmcGx1PLgLyEmJdB0mr9NbFBea3sGjeXnc2soVkaTpkLbW5hsj06gWPPcvjSBZ zzZmPSHhIemGvuQ23kvPkLPyDHUcAcrwazPFDNHUwQpKgyX7vPiZ17SP+ObJu0hiFv7s uZMgXuJbDmttfvPQk5xg8x0w6MvpJAGsXvZz4gTHVmEWuSDMMWZXTqDSl38HlO+IiOn3 WNLw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from snail.vger.email (snail.vger.email. [23.128.96.37]) by mx.google.com with ESMTPS id q14-20020a17090311ce00b001bb8a57d518si4262847plh.379.2023.10.18.03.51.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Oct 2023 03:51:45 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) client-ip=23.128.96.37; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id D488B808E640; Wed, 18 Oct 2023 03:51:43 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235147AbjJRKvg (ORCPT + 24 others); Wed, 18 Oct 2023 06:51:36 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48982 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230316AbjJRKvc (ORCPT ); Wed, 18 Oct 2023 06:51:32 -0400 Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.187]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 76C7FFF; Wed, 18 Oct 2023 03:51:28 -0700 (PDT) Received: from weisslap.aisec.fraunhofer.de ([91.67.186.133]) by mrelayeu.kundenserver.de (mreue012 [212.227.15.167]) with ESMTPSA (Nemesis) id 1MpTpc-1rKN122hCu-00pxt2; Wed, 18 Oct 2023 12:50:56 +0200 From: =?utf-8?q?Michael_Wei=C3=9F?= To: Alexander Mikhalitsyn , Christian Brauner , Alexei Starovoitov , Paul Moore Cc: Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Quentin Monnet , Alexander Viro , Miklos Szeredi , Amir Goldstein , "Serge E. Hallyn" , bpf@vger.kernel.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, gyroidos@aisec.fraunhofer.de, =?utf-8?q?Mich?= =?utf-8?q?ael_Wei=C3=9F?= Subject: [RFC PATCH v2 03/14] device_cgroup: Remove explicit devcgroup_inode hooks Date: Wed, 18 Oct 2023 12:50:22 +0200 Message-Id: <20231018105033.13669-4-michael.weiss@aisec.fraunhofer.de> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20231018105033.13669-1-michael.weiss@aisec.fraunhofer.de> References: <20231018105033.13669-1-michael.weiss@aisec.fraunhofer.de> MIME-Version: 1.0 X-Provags-ID: V03:K1:9txzexZlGvSwb4okFwepV4A/xdE7L+En6yWfSM7Ob2qFS8xwk0B RNfCtlU26HDOIiVtyVENVGHclRnYkLubq56knGJ51Qnw6ZKsh1SW9LuRyybOxSDZIUIKxNv AN3CLFTohgXBzt8w8DrZ9YVVEYjtxF8dwDLsEOmjAvd+roOOsqvaAaeWGEtp06qWBl9o7XP aqMAqctBfV8LCg07WwDaQ== UI-OutboundReport: notjunk:1;M01:P0:Az/RNyG4D6U=;jVudnFj5FTPOi2y/60oGrCFlaQ2 k32k0rlRq18W2bEI8ApBH75+5UQK+P1MesrQM5UTngTIRJjxFO37BoR10eN+MAgd6HNE5xNw9 C8vCjLnds4fGSXhVNO/BnqQiCLl+jv109Q5M1nqrH4Xtx1KQp5G8J9sZANbw1/EjDi/afQksW 0cTYl6bFkJI+y+bZyGhy4N2CcKBGtOU/LPz9Oem5+Wr7BRL38TPYCaszJMbFwOrwCduUfhmzb 0suSv2C+bn6O41gp15tf+vvKBJiidOwMhdTTMrvpPtSaA4vHk/mwXZyLcKtH/u/O02PWoAA4e h+QJ9o6AOkW1Q0ZuU1MaXaKTVEBNvKmYSmTlmyiEK7ecA5HkjulkqCFk0NgptO4b43LPTEpCb KSbqyLdZAwyn2ToVQCyUk0W2WBDpaCpFP9Y437NgGHV2JP99bVjPD7tz3XZIrKm5vxs8KQPa1 nOMv2gKf7povpJszKmzXKpuHyKD6okbnYExjnU0sJPV+ZDqeJWC9lfQ9/bD7AOlDKvjem81vV 4TFats2vvFWCt8bSyjraoQXSwLiU615Yn/bVwbZ1tUTCMrcKng4/Hfl+ddnwEhdYbtwTlcpQP JI0YKmVGm+pMJWuD9qJnYO+VRNdnE5r2GjzbByp52N7pbw1fbVAE9xY2Ow8pA89L5VREdD+r3 lcRJGhaTbwhXeAfipkHIc5MYwFabJ54Eoy4i8TDMNE5MbV9uKp42lKBeafgF7y4PwTbFxlQE/ v08r8kfpkQ7vPbbdiXxMpq/36zwVydHLfPaixlg5s/nVgxGDZaHmOC46AlxUZUWbk0eC7jUjk YitFlaPxHyNEojlvFTlHcec808NTzpXX/EnM9SZvqKGb6htXFLHqKuftmKy9Oe3tP2Y3zVlQZ JTICdwF1R5bVQ60TLAlcNdx2wt3UfijH+md4= X-Spam-Status: No, score=-1.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_SOFTFAIL autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Wed, 18 Oct 2023 03:51:43 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1780090200795682322 X-GMAIL-MSGID: 1780090200795682322 All users (actually just fs/namei) of devcgroup_inode_mknod and devcgroup_inode_permission are removed. Now drop the API completely. Signed-off-by: Michael Weiß --- include/linux/device_cgroup.h | 47 ----------------------------------- 1 file changed, 47 deletions(-) diff --git a/include/linux/device_cgroup.h b/include/linux/device_cgroup.h index d02f32b7514e..d9a62b0cff87 100644 --- a/include/linux/device_cgroup.h +++ b/include/linux/device_cgroup.h @@ -14,54 +14,7 @@ #if defined(CONFIG_CGROUP_DEVICE) || defined(CONFIG_CGROUP_BPF) int devcgroup_check_permission(short type, u32 major, u32 minor, short access); -static inline int devcgroup_inode_permission(struct inode *inode, int mask) -{ - short type, access = 0; - - if (likely(!inode->i_rdev)) - return 0; - - if (S_ISBLK(inode->i_mode)) - type = DEVCG_DEV_BLOCK; - else if (S_ISCHR(inode->i_mode)) - type = DEVCG_DEV_CHAR; - else - return 0; - - if (mask & MAY_WRITE) - access |= DEVCG_ACC_WRITE; - if (mask & MAY_READ) - access |= DEVCG_ACC_READ; - - return devcgroup_check_permission(type, imajor(inode), iminor(inode), - access); -} - -static inline int devcgroup_inode_mknod(int mode, dev_t dev) -{ - short type; - - if (!S_ISBLK(mode) && !S_ISCHR(mode)) - return 0; - - if (S_ISCHR(mode) && dev == WHITEOUT_DEV) - return 0; - - if (S_ISBLK(mode)) - type = DEVCG_DEV_BLOCK; - else - type = DEVCG_DEV_CHAR; - - return devcgroup_check_permission(type, MAJOR(dev), MINOR(dev), - DEVCG_ACC_MKNOD); -} - #else static inline int devcgroup_check_permission(short type, u32 major, u32 minor, short access) -{ return 0; } -static inline int devcgroup_inode_permission(struct inode *inode, int mask) -{ return 0; } -static inline int devcgroup_inode_mknod(int mode, dev_t dev) -{ return 0; } #endif From patchwork Wed Oct 18 10:50:23 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Michael_Wei=C3=9F?= X-Patchwork-Id: 154809 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2908:b0:403:3b70:6f57 with SMTP id ib8csp4701417vqb; Wed, 18 Oct 2023 03:52:21 -0700 (PDT) X-Google-Smtp-Source: AGHT+IH4yIUDD0rJpYJmWmIsY+R+38wWgHNmGZmvPeMBIpcWXRNzEe7a8+dmNnJa0sCYTMBQyC3S X-Received: by 2002:a17:903:290c:b0:1c6:2902:24f9 with SMTP id lh12-20020a170903290c00b001c6290224f9mr5012044plb.1.1697626340833; Wed, 18 Oct 2023 03:52:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697626340; cv=none; d=google.com; s=arc-20160816; b=uvtMWhZ/wJoRs3tloE7qNBklHbgXuoQNHNEpENSe39DX72NwHSfMmlbTVTg/LcKd2d 6JJcpI9uNEnkJjTyHo2OOVIL57s6OClh138yA0t+jLQGXzROaJmIVi2oBtsrCqwlCJsv ikglTt/8soBKasHD1kzo2zZgrqKx86tW+NEShDd0KmDqi1/fTAyGyUZAS24YLnUiD4A+ Hj2IsQYhXihSlj7XbV/CEcff5VMUPe5E7id4aI0KCgWEkoj14GdOwMI0yoON9vrsHl8s brTPNsS5ge3Vu0+y2nxmmkuhwlESYMcRzmYOUpVqvxRffjWvdxiqdHVgbmiF3nq/SV/b c/Ng== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:ui-outboundreport:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=3YPtGlbfOhek7kyGmSLTW4S5wb/tN5rq46dW3ushdds=; fh=c4ql7d5QsFreQmYQr7ycbAsMayBEmNUOv2nmR/PVp9M=; b=eNA5R7VCDf3s+K7CJ2VvwOwnH95MgEVYTnt2SgmQHMFcuERPs5hv6vPZUACIjcE1nK Gb4CaKe/VVuJ2G125k8uka4xStPBrBudZqqOqgq05S5shLDdKkBxfnAvGeU3hr/WkRKg GxbbR+GxrcgEspC8YHIaFOfo2xNe2eGNrbEY3tKsdvSQ1UgJYy7aPzp1XvrwPp9KgzNc KzgvzoqHqyS6b/S0NXDU1kLDJd9s62QYQntcZjjDetNvr5fwraplvooU6Kto1Xo2Ir31 JUEeJofEKwO8iI6H+SB/gPOoLSUs88qQ2pHl2xvofeeyxokSA7IavNEugF5ii0I99nnT wzoA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from lipwig.vger.email (lipwig.vger.email. [2620:137:e000::3:3]) by mx.google.com with ESMTPS id g11-20020a170902740b00b001c60a0a8d2asi3563291pll.282.2023.10.18.03.52.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Oct 2023 03:52:20 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) client-ip=2620:137:e000::3:3; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by lipwig.vger.email (Postfix) with ESMTP id 58F49816F003; Wed, 18 Oct 2023 03:52:18 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at lipwig.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235252AbjJRKwD (ORCPT + 24 others); Wed, 18 Oct 2023 06:52:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49010 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234836AbjJRKvc (ORCPT ); Wed, 18 Oct 2023 06:51:32 -0400 Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.187]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 76E76100; Wed, 18 Oct 2023 03:51:28 -0700 (PDT) Received: from weisslap.aisec.fraunhofer.de ([91.67.186.133]) by mrelayeu.kundenserver.de (mreue012 [212.227.15.167]) with ESMTPSA (Nemesis) id 1MgiPE-1rTChh25ls-00h8BM; Wed, 18 Oct 2023 12:50:57 +0200 From: =?utf-8?q?Michael_Wei=C3=9F?= To: Alexander Mikhalitsyn , Christian Brauner , Alexei Starovoitov , Paul Moore Cc: Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Quentin Monnet , Alexander Viro , Miklos Szeredi , Amir Goldstein , "Serge E. Hallyn" , bpf@vger.kernel.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, gyroidos@aisec.fraunhofer.de, =?utf-8?q?Mich?= =?utf-8?q?ael_Wei=C3=9F?= Subject: [RFC PATCH v2 04/14] lsm: Add security_dev_permission() hook Date: Wed, 18 Oct 2023 12:50:23 +0200 Message-Id: <20231018105033.13669-5-michael.weiss@aisec.fraunhofer.de> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20231018105033.13669-1-michael.weiss@aisec.fraunhofer.de> References: <20231018105033.13669-1-michael.weiss@aisec.fraunhofer.de> MIME-Version: 1.0 X-Provags-ID: V03:K1:38OgFLKeLVyUNOGAHePjb9eXHvugerr9x590L1H0mtjlQz8+EhP XV0kjjYTVCFzyaGkdhflveir1VfTbHqWmEmrXQtyoLpF30n5KODUjF3UU+cpbTyyK1iwGUL 98DKPB1ud8WTDseAR2vCjioz+6oMKBxUcVxt/HrIf66Xag9WZPXIjI0gSRad84Fo9+Qg+f+ r8wUVsa/nedGZEQ7akf6g== UI-OutboundReport: notjunk:1;M01:P0:h+FTMlalFCk=;nEnL1o6Gxl+hnMse0JkKqyiTNUJ ZAsW1h9B9jFe9bGHwcaWr467ig8PZpstHYQG7WQb1NchktAHHKDokiRO+JrvwTk4Av+LyUoiS L5q8T9Fb7ZHcO32E1EeceOoInCWL9znSy7i8DVTwFw2t8G4Kk3PrRxHP9uqBorYYZt4E3NChi ZysfQvdgvpn6Qp415qcslsXB52+IBzvoQOjnpD4ke5Ls9A3Qe0pY5f3C0uP4vLU154f+IB5xC Sa/NUMrKYPewac4z/4M1hF3IF320oOaO8IOqHE52C/XOGPmIVmSyXix5PHxeToJN/9CK7et4D DXxg/OT4E83tyI42zOoo8FFUL6GIrimliJRSpQmVIrfuJn7SIAG6ddhs1Efqq02voeqfrVVgi QcDozmGbeDOEtVn0gcJMhGLl/b7gfe6Hbl5wgLEJKWzIBEDX+Y1IbVpXN2o/qjo8wXFmygbW6 IgIJNNFEzUf/UMI4As47VOBj6F2umR3Cc09C3M/GWv3mYXipKH2kcj7m5ccDGkx+PO25Auwis TO/7DJ33E+EgDrMr04RTMIqYsUUW5s+/4rusgFphWcvx0NnNGYhLxwv3HGCS67vTzfG2SJGYu VLB1YWLZvyl1rWt6oYGhp82pZbS4vGLVh5QM5r86idKGBpdsdzOsDcOlRpDwsNKFCJFv0YeCg XJgsbSmSP+XVk9BEz6ouI47jOic5UBkWqacPs34puXKn/r7ocNFHV5Z8V+1YfUg2GXPouWg1U cpJKJsJH8rmEnQ+uAzvjY4NzgajwUzaMMIAoAJZ9H5qKc/Yyhi/EBAkpPqyY+ab/lLQbw/0qH 1xjOpR+6kspKQ9DIMs02Nq48Ezkj3R8zk/0KaoK1UInHp8JdPjMvsI3pezMofo0hEBA+KrT6J VhdlJzkEMdwdOW6VrM/Tt3Wzlq203rPvQM+E= X-Spam-Status: No, score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Wed, 18 Oct 2023 03:52:18 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1780090237718704629 X-GMAIL-MSGID: 1780090237718704629 Provide a new lsm hook which may be used to check permission on a device by its dev_t representation only. This could be used if an inode is not available and the security_inode_permission check is not applicable. A first lsm to use this will be the lately converted cgroup_device module, to allow permission checks inside driver implementations. Signed-off-by: Michael Weiß --- include/linux/lsm_hook_defs.h | 1 + include/linux/security.h | 5 +++++ security/security.c | 18 ++++++++++++++++++ 3 files changed, 24 insertions(+) diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h index ac962c4cb44b..a868982725a9 100644 --- a/include/linux/lsm_hook_defs.h +++ b/include/linux/lsm_hook_defs.h @@ -275,6 +275,7 @@ LSM_HOOK(int, 0, inode_notifysecctx, struct inode *inode, void *ctx, u32 ctxlen) LSM_HOOK(int, 0, inode_setsecctx, struct dentry *dentry, void *ctx, u32 ctxlen) LSM_HOOK(int, 0, inode_getsecctx, struct inode *inode, void **ctx, u32 *ctxlen) +LSM_HOOK(int, 0, dev_permission, umode_t mode, dev_t dev, int mask) #if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE) LSM_HOOK(int, 0, post_notification, const struct cred *w_cred, diff --git a/include/linux/security.h b/include/linux/security.h index 5f16eecde00b..8bc6ac8816c6 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -484,6 +484,7 @@ int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen); int security_locked_down(enum lockdown_reason what); +int security_dev_permission(umode_t mode, dev_t dev, int mask); #else /* CONFIG_SECURITY */ static inline int call_blocking_lsm_notifier(enum lsm_event event, void *data) @@ -1395,6 +1396,10 @@ static inline int security_locked_down(enum lockdown_reason what) { return 0; } +static inline int security_dev_permission(umode_t mode, dev_t dev, int mask) +{ + return 0; +} #endif /* CONFIG_SECURITY */ #if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE) diff --git a/security/security.c b/security/security.c index 23b129d482a7..40f6787df3b1 100644 --- a/security/security.c +++ b/security/security.c @@ -4016,6 +4016,24 @@ int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) } EXPORT_SYMBOL(security_inode_getsecctx); +/** + * security_dev_permission() - Check if accessing a dev is allowed + * @mode: file mode holding device type + * @dev: device + * @mask: access mask + * + * Check permission before accessing an device by its major minor. + * This hook is called by drivers which may not have an inode but only + * the dev_t representation of a device to check permission. + * + * Return: Returns 0 if permission is granted. + */ +int security_dev_permission(umode_t mode, dev_t dev, int mask) +{ + return call_int_hook(dev_permission, 0, mode, dev, mask); +} +EXPORT_SYMBOL(security_dev_permission); + #ifdef CONFIG_WATCH_QUEUE /** * security_post_notification() - Check if a watch notification can be posted From patchwork Wed Oct 18 10:50:24 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Michael_Wei=C3=9F?= X-Patchwork-Id: 154819 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2908:b0:403:3b70:6f57 with SMTP id ib8csp4703471vqb; Wed, 18 Oct 2023 03:57:43 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHrc0q7whj8MmD0YdWYdkLEQ2tdBJf8M1On3pO4oKacKFfwXK9Qh1/QiE6vuYHBZrk5DREB X-Received: by 2002:a05:6359:8001:b0:166:db65:af9a with SMTP id rc1-20020a056359800100b00166db65af9amr4182270rwb.2.1697626663137; Wed, 18 Oct 2023 03:57:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697626663; cv=none; d=google.com; s=arc-20160816; b=CoV+jKlE+3AmI5dP+Cj5V1TyJu42bCCqJ4vNJTXMLqw14cUwOPXw0TYBbymIC89+gH y9BfRJeAZQwZZX9R8RKCZDYpO9IXUHmSJxi4uJQ+yXjHSu+b5/8RCL+8sAi2UPw6U1y9 Bg/yh0/SFoLGryT8qSywgVHoonZqLuPktaerMtoCU8GGEveyIn/EMgKMUw1DEA8Bua/R HWkAxfZc1VZC+GvxKm8YkME57IYZYQNGKY8UcLFcKRuIcMoUG1Lrvt6ee088WPF3cmHO V9J2xSYt5aHscDbM9JpfLcpvYs1ilAviPudRG3+pfBUni2ME7Z0thgQRJIhJPI4/qPDg aqlw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:ui-outboundreport:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=9B3vG4AqSkyndYqXFCb2qiY7Gja6nxIbjcaEafCQSuo=; fh=c4ql7d5QsFreQmYQr7ycbAsMayBEmNUOv2nmR/PVp9M=; b=PiYTK25c1gC0N/C4gHs3pBiTe0tbrmYk6m3Ow8xwy+4TbYmQoplIwmM8RM330SAfIA KBtRsSlwQOngAb4FpUQ4gIWpIXiejJMtzwS71U7FPW/7sU5YS1SfifFRyRYrLeNihA8z RLpZpU7g3GE8JgqjdEQLDHFu73M3dsDbnH4kryWUUb1fEcnpyDx0tCBVdYNSENSonMhG fU/D0Bo3kaWFB8uAeqxIiBHn6sLlJSfldwfGIzuRXJMc9bXZG3/wIyqaqRNsm04iBTBV b8Qfs+7Na8pY1vK9keeCc8Op3zHGeTrm+dITcuQ8axRpOKWSwSGm5sUyTZiK8SMzZRRs /lDQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from lipwig.vger.email (lipwig.vger.email. [2620:137:e000::3:3]) by mx.google.com with ESMTPS id m18-20020a056a00081200b0068fcf6fe22esi3964804pfk.306.2023.10.18.03.57.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Oct 2023 03:57:43 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) client-ip=2620:137:e000::3:3; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by lipwig.vger.email (Postfix) with ESMTP id 8AE7B8179070; Wed, 18 Oct 2023 03:57:40 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at lipwig.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229853AbjJRK5Q (ORCPT + 24 others); Wed, 18 Oct 2023 06:57:16 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40492 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229957AbjJRK5H (ORCPT ); Wed, 18 Oct 2023 06:57:07 -0400 Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.130]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F054D10F; Wed, 18 Oct 2023 03:57:00 -0700 (PDT) Received: from weisslap.aisec.fraunhofer.de ([91.67.186.133]) by mrelayeu.kundenserver.de (mreue012 [212.227.15.167]) with ESMTPSA (Nemesis) id 1MMH2M-1r95ee1XaI-00JFRa; Wed, 18 Oct 2023 12:50:58 +0200 From: =?utf-8?q?Michael_Wei=C3=9F?= To: Alexander Mikhalitsyn , Christian Brauner , Alexei Starovoitov , Paul Moore Cc: Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Quentin Monnet , Alexander Viro , Miklos Szeredi , Amir Goldstein , "Serge E. Hallyn" , bpf@vger.kernel.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, gyroidos@aisec.fraunhofer.de, =?utf-8?q?Mich?= =?utf-8?q?ael_Wei=C3=9F?= Subject: [RFC PATCH v2 05/14] device_cgroup: Implement dev_permission() hook Date: Wed, 18 Oct 2023 12:50:24 +0200 Message-Id: <20231018105033.13669-6-michael.weiss@aisec.fraunhofer.de> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20231018105033.13669-1-michael.weiss@aisec.fraunhofer.de> References: <20231018105033.13669-1-michael.weiss@aisec.fraunhofer.de> MIME-Version: 1.0 X-Provags-ID: V03:K1:6fQpbyJ4yqJDdtOE6U4o2qVRNJKIJVyBf29udf+uc+/N6tF9IoH 8t1C1cC3mS3KGqZ/fM8NSuVnL6Vku/6d75OreD1W+PTZyYWT+AMUoZD8nvd5WUkz4It8oYV mgBzW/YuC1VAn4JxY8EG2yvXiiH+neM+67Kx7SQvAdbY4iqGXZEZfndLZ2yjmFqmQKH7x7O WCKWWnxi80y53tE+xJeDQ== UI-OutboundReport: notjunk:1;M01:P0:KPld94mI8N4=;N5vkTOFrb90fmkbkDDAVyBwDY1S iSSlHRHjf4q3fcYpQi2uV4atpZakxYxRd5K/nnE5ZtC5OHztPnS+HrvCIicEdHDg0+dFvoP10 9+osU9/vMqFSITdyeVzNKkDAcnG1s+80I0sonWh4ew4v/+uO9NOcfPV41jbKxk9finPj+wCYx Kf/R8sfgSSQdwc5WD7Jf912gqMx8ZJCk832N1cOv1dJta18N5Fp5zugPTrbgJ4nBN8VF1Dp34 deE1sQxseptMz9Nu/2Jaq/FgSikZltEcyTYxvgLdpjKrCgt0yAzYk0mRp6qzZxldPIhp72DqE oCmYvd15SWqbRtsAk8Kosrwm2aOsaf63lOBgYL3TwYACa6U6jA/RlGVr7/0zNrLqJGSfXOHew Fija+0MTBFjwPztpJjjuRe/UV5oVpRqo+R/RpPbX6ZVtZlIJNO0j7V2HUqqGIvXDHqKDdhBDV 0+qNsqdffVqcNUEzfM2SFk/ldpy6XAwm/rtuqhLPN8eDNdAGThTMVwHZrv1Tk2UiZ+ITMhjU+ 54q4O5fgJvI1Z/m3dfpahcZNyaPh9rJp+4EkzdtRthcZbK+aNpVtL2+3GQPYeuXNwzjMqS3+j 0uL1A59J6xyLXFa0hBymQ7mB7SyOMUDCbwK9HxPrxBW3v3Q/E+d39PNe1+l/TKGp8a3nTEMVg ENSiswgiFJ0GYnRIDO85VWmEue6ZDo0jLMR0+vJOOJNY7+wGCpawu+w1R1VYSVhhto1BWjz9d 1I99ijX+DKqk0YMLZchWWuaUpjODgCG4U2v/OEhdR74RUTdLqtIapgRVU5F5+zBjHm2QlrYC2 SbQE1DWntVeHqDajVQJBuN4lODsT3u+riJIlOMK7El+bDwq+ZtxUxaweSmGRJYJYYa8ut2Y01 Y1xFRIGWq0aAocm8sER2aELs2LbzJwq4bxJw= X-Spam-Status: No, score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Wed, 18 Oct 2023 03:57:40 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1780090576096828997 X-GMAIL-MSGID: 1780090576096828997 Wrap devcgroup_check_permission() by implementing the new security hook dev_permission(). Signed-off-by: Michael Weiß --- security/device_cgroup/lsm.c | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/security/device_cgroup/lsm.c b/security/device_cgroup/lsm.c index ef30cff1f610..987d2c20a577 100644 --- a/security/device_cgroup/lsm.c +++ b/security/device_cgroup/lsm.c @@ -14,29 +14,32 @@ #include #include -static int devcg_inode_permission(struct inode *inode, int mask) +static int devcg_dev_permission(umode_t mode, dev_t dev, int mask) { short type, access = 0; - if (likely(!inode->i_rdev)) - return 0; - - if (S_ISBLK(inode->i_mode)) + if (S_ISBLK(mode)) type = DEVCG_DEV_BLOCK; - else if (S_ISCHR(inode->i_mode)) - type = DEVCG_DEV_CHAR; else - return 0; + type = DEVCG_DEV_CHAR; if (mask & MAY_WRITE) access |= DEVCG_ACC_WRITE; if (mask & MAY_READ) access |= DEVCG_ACC_READ; - return devcgroup_check_permission(type, imajor(inode), iminor(inode), + return devcgroup_check_permission(type, MAJOR(dev), MINOR(dev), access); } +static int devcg_inode_permission(struct inode *inode, int mask) +{ + if (likely(!inode->i_rdev)) + return 0; + + return devcg_dev_permission(inode->i_mode, inode->i_rdev, mask); +} + static int __devcg_inode_mknod(int mode, dev_t dev, short access) { short type; @@ -65,6 +68,7 @@ static int devcg_inode_mknod(struct inode *dir, struct dentry *dentry, static struct security_hook_list devcg_hooks[] __ro_after_init = { LSM_HOOK_INIT(inode_permission, devcg_inode_permission), LSM_HOOK_INIT(inode_mknod, devcg_inode_mknod), + LSM_HOOK_INIT(dev_permission, devcg_dev_permission), }; static int __init devcgroup_init(void) From patchwork Wed Oct 18 10:50:25 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Michael_Wei=C3=9F?= X-Patchwork-Id: 154818 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2908:b0:403:3b70:6f57 with SMTP id ib8csp4703398vqb; Wed, 18 Oct 2023 03:57:33 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHam7ukkXKZdigFoQl9XcQCE5KAvXGvRHcxtHpAvTrzZF6+Z7LSd/jYr3HaFVQKPW494+9j X-Received: by 2002:a05:6808:168e:b0:3ad:f5d8:2da9 with SMTP id bb14-20020a056808168e00b003adf5d82da9mr5858833oib.4.1697626653154; Wed, 18 Oct 2023 03:57:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697626653; cv=none; d=google.com; s=arc-20160816; b=cGyA/Eb1XW8mLZEIZbaEz5uWPqI/yhFYnV2Gd5WJxr5lKDIZN3i9sIg5n/7jdgQeSg g0roXjjWX7WsXPnWCWAS2tGyre5446U7fVJWN5sZjhrUSIbDLlZvZ6wjec/MKCXqvZMS jwx9CWBnxvOnVaYjZYrqsgjmrwDGlj3jaNb0RtCdLdY6NwwiwYiHzAoqfKHq8It9w23s 0PQ94Vc4J7jrG6bdVg9HBj5lUdoV1mBKToE7ld3XHGG9nG/PGkeOky+mXdcjqeH73oKA eC5Z8CKJ23wJ63OjTRczrQRsn+P69mh+GHi/lqhF40f718JEOmkiBciVOW30hqsuooyq IH1g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:ui-outboundreport:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=la0XwQPiL4K+HekaltsyfcU3g+yKZuBbZKvtFkOu0Rk=; fh=c4ql7d5QsFreQmYQr7ycbAsMayBEmNUOv2nmR/PVp9M=; b=j9yWCMeRpK5jGKAOvckHy0T3yANblnjPcpoi9ovwxNoaeEVAhAfGXhPMcwx6rYCpaw 4ocSWiWgEtl5617eG17prfpBvBbC/7THUp+fLSj/LehXePexq2/ISRlKLHIyiynjnzSE 4IPiCk7r6QxTvpiFTMvb7S0blBlb6G+hKbwi+tEOaATvfiJd0r/cUfpB/jtEA/OQQ7yu E/pmFgZ/SGW6pWZxlMerQ1g2bK1pZrljMYtUxPX36KcRcwv4zbWXcWjGVdgDAOHonZPI kxdP8WgcqssNIMZpVcNxom4+2ks54T756ECJ6rrVXxA3SpBhdlVu6scFDwKO03XnES1R 0giA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.36 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from pete.vger.email (pete.vger.email. [23.128.96.36]) by mx.google.com with ESMTPS id a26-20020aa78e9a000000b0068fc7ab1fd5si3606248pfr.269.2023.10.18.03.57.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Oct 2023 03:57:33 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.36 as permitted sender) client-ip=23.128.96.36; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.36 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by pete.vger.email (Postfix) with ESMTP id 551938023753; Wed, 18 Oct 2023 03:57:30 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at pete.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230038AbjJRK5N (ORCPT + 24 others); Wed, 18 Oct 2023 06:57:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40444 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229918AbjJRK5G (ORCPT ); Wed, 18 Oct 2023 06:57:06 -0400 Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.134]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F2C18112; Wed, 18 Oct 2023 03:57:00 -0700 (PDT) Received: from weisslap.aisec.fraunhofer.de ([91.67.186.133]) by mrelayeu.kundenserver.de (mreue012 [212.227.15.167]) with ESMTPSA (Nemesis) id 1M9Ib1-1qvWya16jX-006PWF; Wed, 18 Oct 2023 12:50:59 +0200 From: =?utf-8?q?Michael_Wei=C3=9F?= To: Alexander Mikhalitsyn , Christian Brauner , Alexei Starovoitov , Paul Moore Cc: Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Quentin Monnet , Alexander Viro , Miklos Szeredi , Amir Goldstein , "Serge E. Hallyn" , bpf@vger.kernel.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, gyroidos@aisec.fraunhofer.de, =?utf-8?q?Mich?= =?utf-8?q?ael_Wei=C3=9F?= Subject: [RFC PATCH v2 06/14] block: Switch from devcgroup_check_permission to security hook Date: Wed, 18 Oct 2023 12:50:25 +0200 Message-Id: <20231018105033.13669-7-michael.weiss@aisec.fraunhofer.de> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20231018105033.13669-1-michael.weiss@aisec.fraunhofer.de> References: <20231018105033.13669-1-michael.weiss@aisec.fraunhofer.de> MIME-Version: 1.0 X-Provags-ID: V03:K1:g2BQi8jhy6myxnCus8ZQPoNW58k4bHpqaw0EG5w9henscj1hzwh +LRuATaGTnBWBWkD6WqjEFcQ2oo8oocdg45yWtogdxsTACLQLaTrVi/wC0nt3/pzp/HwB7l WbXaEvirGLkTgf1rTZHblrr/Ij+/xiLQhErhPbKLn88BU0G2c8pYTNh6rS+z1bruMVDNP6g fHJxRmLTFHsoJ8N+Aq7ww== UI-OutboundReport: notjunk:1;M01:P0:JXHVyhNThiA=;cyZuFiGGc0TW4/kMx14p4/R+huY yNY4t5YbgqKc/8n6xoDjinZccz47BgP5UVdZxa85ZQt9DYeKBataf98xF8MxWxynC/YhUweXI M48qBzu6COM3TvjVWMzzB7BxmpevoBQlmdSMX5vHwq3NYj2ZyuCheQT17No7DsfVHw9IFBAkA v/grs9MhuLPTciXhgYjTvWv0deyNIkjiakQRLjUayb7a9vA41LeoOsceIHVfo2Poym9T/SV0O P7zqahNznxNAOYRtBTEmEKqjHhJYy1JfaK+bBU2FC3tndeb5YBQo7ge8x9eRPmlre0+NQmKHX 8RPAyzvuRgBukbLPlk2kTbU/I/nnsyk7Qq9v+fBBPVQmLj0jC9dwITHFzyulC1qeDpjx4MAit qFctqbf8B5L2HgSJ5OTnBYtVA5wnL6u4Swi5qCrEplqVYNScX6UoWsTf+tj+BOGEYGNhSO0xe 1EabzTnaK5SLzISTInCVw3v+Av0SewD5io4bpLZIqveLkZLrMDK08U/SiDgj0t6wZfvtk4mik k9O/etP0/M10ZGqFi0Ty4ZRiR3c0r2GLiWreIgO/WWLzP6YoMBADEdRWzzHK4tP9rqlghlKzu 0/6gxAWsJqykevu/GbFjp0BUyWuU5bR84YiO06z9H5HW1M8kGam1MUwBl5cKmqup9wQrO9Exx kWU8cT+oQHJf9GT9IErHeV9uYHZdK0ZfEH7PwgJsuVJ1gItz7Mxwa13JYKGqwoAlAD7kx049H 5AywXgxU3wvNGP9lVGRvEDsPVCkGoiy12bJlR2fUy5p8+35ks7NZeBihThQ9hdtI695zc3vvH b48pbPFaKeeRxoPb+uXfkhT3zIdIKX3m7e6AJ8nxGwXnTz5nYsyRNhOtY3n6sfhl2N6/wG9r/ f4q9SG0yLyvLSog== X-Spam-Status: No, score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on pete.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (pete.vger.email [0.0.0.0]); Wed, 18 Oct 2023 03:57:30 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1780090565277852563 X-GMAIL-MSGID: 1780090565277852563 The new lsm-based cgroup device access control provides an equivalent hook to check device permission. Thus, switch to the more generic security hook security_dev_permission() instead of directly calling devcgroup_check_permission(). Signed-off-by: Michael Weiß --- block/bdev.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/block/bdev.c b/block/bdev.c index f3b13aa1b7d4..fc6de4e2a80b 100644 --- a/block/bdev.c +++ b/block/bdev.c @@ -10,7 +10,6 @@ #include #include #include -#include #include #include #include @@ -27,6 +26,7 @@ #include #include #include +#include #include "../fs/internal.h" #include "blk.h" @@ -757,10 +757,9 @@ struct block_device *blkdev_get_by_dev(dev_t dev, blk_mode_t mode, void *holder, struct gendisk *disk; int ret; - ret = devcgroup_check_permission(DEVCG_DEV_BLOCK, - MAJOR(dev), MINOR(dev), - ((mode & BLK_OPEN_READ) ? DEVCG_ACC_READ : 0) | - ((mode & BLK_OPEN_WRITE) ? DEVCG_ACC_WRITE : 0)); + ret = security_dev_permission(S_IFBLK, dev, + ((mode & BLK_OPEN_READ) ? MAY_READ : 0) | + ((mode & BLK_OPEN_WRITE) ? MAY_WRITE : 0)); if (ret) return ERR_PTR(ret); From patchwork Wed Oct 18 10:50:26 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Michael_Wei=C3=9F?= X-Patchwork-Id: 154816 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2908:b0:403:3b70:6f57 with SMTP id ib8csp4703306vqb; Wed, 18 Oct 2023 03:57:21 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFfi3WpjfmhJRj8QwBWw/UBrI3g9FQ/UqPcOTIJMu3a3/m3R23i7VAjwQPbww2O6Ss6rhCE X-Received: by 2002:a17:90b:1b44:b0:274:60c7:e15a with SMTP id nv4-20020a17090b1b4400b0027460c7e15amr5186431pjb.4.1697626641542; Wed, 18 Oct 2023 03:57:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697626641; cv=none; d=google.com; s=arc-20160816; b=AXu70gxQeVvJczFWLjN9/P/JuJSNtjMh8wDlwhM472LO1BQcdbuowYOSLSGkE64Ks8 jVjjuXC5bwmWLUzDA0PROblItmVFJ+0HutLrhkmywB8vhvJsvdwqxVWr2pl9Yct+2SRK ZjnVY6SNKNuW414CmaLOOF9H/zMIOL25+KMkADtFp0GZnygeQIypKJmJCo70ZyzBNpCq JbUVNuRnTzJoi/gJ3Q/0CZ/WMKCQBEUB25JAvfE6Qy26jpZ2sT//tw9got5XfYdz+Cm/ pBG+OhSEYEFA9TTNkjQLhOGHyWCqtyq8iwRz1k2xjvo6Ls+3HB3q73ngwiOGCMoCkOkE /TUQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:ui-outboundreport:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=9vf1ixH2qLJzlXFGb64g2kEhkedNPAsYtGmzXincPmU=; fh=c4ql7d5QsFreQmYQr7ycbAsMayBEmNUOv2nmR/PVp9M=; b=p+MtDuY1nHuEAEa5wI3nwk2vqiuqdK7SOngPZv9cOfpUYbqLzHZAnIwNhGefv3yD6+ LQdnQS1jsCgZEMSPe1LRm9lEOTWcCZ6WFPF4P2kqFRyE/UuzprNEbAltkuiOnq2Cc36v k0i2Uj5zNZZZx9NBKkEOermNvSLHNnfq+RQ0ZN3Kfcved9QY+nMnUQNpYxPCaThdxM09 vEuQgdK5XzAZtcO9IDkBjCHxdc7eGu+dfdx5X1KsDqYQwPfTIq3QdJuGwxURrkaT55CR Mg+DeJpxu1kBWrCIlL1r4DnyYkeJz5mHVPHPbDVadT13oVu5hRcD77ks458Ok6moAyhv 5FMw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from lipwig.vger.email (lipwig.vger.email. [2620:137:e000::3:3]) by mx.google.com with ESMTPS id mh14-20020a17090b4ace00b0027d06db85ffsi1397602pjb.38.2023.10.18.03.57.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Oct 2023 03:57:21 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) client-ip=2620:137:e000::3:3; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by lipwig.vger.email (Postfix) with ESMTP id E991C817905C; Wed, 18 Oct 2023 03:57:16 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at lipwig.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229956AbjJRK5H (ORCPT + 24 others); Wed, 18 Oct 2023 06:57:07 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40444 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229453AbjJRK5C (ORCPT ); Wed, 18 Oct 2023 06:57:02 -0400 X-Greylist: delayed 332 seconds by postgrey-1.37 at lindbergh.monkeyblade.net; Wed, 18 Oct 2023 03:56:59 PDT Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.131]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E5D3E10A; Wed, 18 Oct 2023 03:56:59 -0700 (PDT) Received: from weisslap.aisec.fraunhofer.de ([91.67.186.133]) by mrelayeu.kundenserver.de (mreue012 [212.227.15.167]) with ESMTPSA (Nemesis) id 1Myevl-1rkb8513aX-00ywBN; Wed, 18 Oct 2023 12:51:00 +0200 From: =?utf-8?q?Michael_Wei=C3=9F?= To: Alexander Mikhalitsyn , Christian Brauner , Alexei Starovoitov , Paul Moore Cc: Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Quentin Monnet , Alexander Viro , Miklos Szeredi , Amir Goldstein , "Serge E. Hallyn" , bpf@vger.kernel.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, gyroidos@aisec.fraunhofer.de, =?utf-8?q?Mich?= =?utf-8?q?ael_Wei=C3=9F?= Subject: [RFC PATCH v2 07/14] drm/amdkfd: Switch from devcgroup_check_permission to security hook Date: Wed, 18 Oct 2023 12:50:26 +0200 Message-Id: <20231018105033.13669-8-michael.weiss@aisec.fraunhofer.de> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20231018105033.13669-1-michael.weiss@aisec.fraunhofer.de> References: <20231018105033.13669-1-michael.weiss@aisec.fraunhofer.de> MIME-Version: 1.0 X-Provags-ID: V03:K1:5hEHFJ1ImyT/QBoZt+16PZOB0PG8GCYi6JjwGtaP6iS7hUpeti4 SQkmld3M5LO4Um0eZThRUP8ulZFPP+a7w11JYT5kc+yKewkRv47KcwH+ZUHSnHecFJqezO1 kmiKN3Jv2MKghSH9lFZYmT8Jk7fJvfL2Y+iJ4CREoeJGJJGWsyQtOo9/38siC3NrBZnmenN bR0USbbnxTsgNCcwoS86Q== UI-OutboundReport: notjunk:1;M01:P0:GtiADAAjAwY=;LC6o+4QflxJbOhLM1dykXA+PqWA DXAh9zy91am0hr7PYpYyD4+FPQqw7awKB7Gcpw5icJ6sQUly0ayUAUWqy/aWUqkIM5Nn7Dkiy WiJk7AzjBK0puAEu89YWyyWS+F5mfZIGUCFRuEzGWpoIo3HuCnRT1BYULf2Wsjl0zQGWF3QSF u7AAH7MrCJwKgv5P1nz+5xGqDmytVwALHJys+Bke29D7IzdFNx8e1T9WBAJPFszCwaVfpIf4k ERBxSLBRNZfVd2kf2AGI4+tAyd3J18rhisnNysVUjl/4eeBPw48jRtMx+k5LC7rJ1ftwc4G/3 EugVRAdbqmmEb/S4Cr73MaIPdCJK3e+md+9X5DfYYy+cPB0yayJeYTJT65mEzO29RN1YTeEDd UUhDHcZvhMtpkHIwLLL8kpkUuf1K7HUO8BrwEjATSlRrjXqaYJWoP5eua8yKaDNsNupmET7n2 Eeerq5i/DZWD0t14Jy4xh/BuAdBwFwvbFpMjaqqdgFiP3MdgarW9ayr9idjmPlZb6n6G5Foj4 NMCDT5uQPjbGM6gFMdjqJg8Sx6vZM3SbsIaGaY4JbBZyRtyAnDGfycaLGsBzGpRJOe0DQ/6NW Yv+dc66TYfV+IlVu+T0OYwgAJwrFTWPE7k25Pn0AkVjOfH2adPwAGsM4Ujms/4D8TfdMGuQkN QM3BJuC64orDPjgDXm/6aYne4+HExF3wazTVThD3kepQkPPpiqGHZKwhObk+8fmtLu8QZfgIF E8yfPKJKZCb9VPRQRIqYCFnabCE8FJ4KmWDXoqJp4kmUCs9uaqLbAClyfwwCxs1j1ZwOI0azk 81t+E0E+AWYMxSTff25Cl+HLAmFD+hsn4EBgD0vujsbgWcGc4y/ETnw4mCMwJCwGNVoSCxVNs vVEcbR9TcxtzDHw== X-Spam-Status: No, score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Wed, 18 Oct 2023 03:57:17 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1780090553369516579 X-GMAIL-MSGID: 1780090553369516579 The new lsm-based cgroup device access control provides an equivalent hook to check device permission. Thus, switch to the more generic security hook security_dev_permission() instead of directly calling devcgroup_check_permission(). Signed-off-by: Michael Weiß --- drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_priv.h b/drivers/gpu/drm/amd/amdkfd/kfd_priv.h index fa24e1852493..50979f332e38 100644 --- a/drivers/gpu/drm/amd/amdkfd/kfd_priv.h +++ b/drivers/gpu/drm/amd/amdkfd/kfd_priv.h @@ -38,7 +38,7 @@ #include #include #include -#include +#include #include #include #include @@ -1487,9 +1487,8 @@ static inline int kfd_devcgroup_check_permission(struct kfd_node *kfd) #if defined(CONFIG_CGROUP_DEVICE) || defined(CONFIG_CGROUP_BPF) struct drm_device *ddev = adev_to_drm(kfd->adev); - return devcgroup_check_permission(DEVCG_DEV_CHAR, DRM_MAJOR, - ddev->render->index, - DEVCG_ACC_WRITE | DEVCG_ACC_READ); + return security_dev_permission(S_IFCHR, MKDEV(DRM_MAJOR, ddev->render->index), + MAY_WRITE | MAY_READ); #else return 0; #endif From patchwork Wed Oct 18 10:50:27 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Michael_Wei=C3=9F?= X-Patchwork-Id: 154810 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2908:b0:403:3b70:6f57 with SMTP id ib8csp4701414vqb; Wed, 18 Oct 2023 03:52:21 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFso4eDL05rHkOI+Dlq1lFBWYAVG/G9kqAkSAiXn3eRYUgxgdO50NjiZKWAUMxwtlnPQzCT X-Received: by 2002:a05:6a20:ceaa:b0:13f:65ca:52a2 with SMTP id if42-20020a056a20ceaa00b0013f65ca52a2mr4595568pzb.5.1697626340815; Wed, 18 Oct 2023 03:52:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697626340; cv=none; d=google.com; s=arc-20160816; b=guP6jRHDzsK4hBUYBLaaY1YQWtYexLbDzFD24c4cqy4n/PYl1rzaDWbmbdA4vGzOwQ pStunfi6eRZCwsJtjXtU9lKUDouU6v51Qv5jdsCOV22GRtPZhxAX6Z/uT7xTxel/2/U1 Mabg8Wlao9NDTWPiE1AGp2dhA9MGLkm6hRTlFDVtKME12C5FdA4Co8fECnTax92phDhx AQCIVLmYSOA0ToaP88LnHVsrchdROF4S235qAmdcXwaKWlQ9vLsd324MZoqa6fQl/46S UUVJTulcdUr6mypVi1LvtfQIZLlO9AXT5jjeaykWoooZQc3dnYQgVKOZ5QU2iEVTdDZt h+KA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:ui-outboundreport:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=Zwg/Y0GePJgGtxfcuoj4iZKlnQIH9Xb1Bi5dMRcfvw4=; fh=c4ql7d5QsFreQmYQr7ycbAsMayBEmNUOv2nmR/PVp9M=; b=vgk/PQKjnq+X1lXPJzfA25b9XBC0zpldXizQG8dYEWaAs36Ujb7jh86iz4oZe/W03N qYTq/X6c7C55aY0uRt7w8ZDYHyW2qyCABp8mcEgnv1TZ/qVF/uo3PNxvnGvwQ1s0ib3b KFFJ4gRc2G7BvyKVMJWZ9thTvCQdqA9b7zIfqrDN8iBVMIIWhx/+pbeMRdLsyoSriCSl CqP72CtPZliUZQjP2Rtxr/84UGo0RFrBWE6nXx+aDwC6cEveaXDAbdylENE8lVn2l+Xo 6xztCEbR0FavmSbNdmiwYs2z4aCmbcbu3vNljwdnxxeoaa/3RCCt/cC3xKznND4dnXWP ZS8Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from pete.vger.email (pete.vger.email. [2620:137:e000::3:6]) by mx.google.com with ESMTPS id d15-20020a170903230f00b001c724f99804si4197922plh.615.2023.10.18.03.52.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Oct 2023 03:52:20 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) client-ip=2620:137:e000::3:6; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by pete.vger.email (Postfix) with ESMTP id 691BD80239E1; Wed, 18 Oct 2023 03:52:13 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at pete.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344208AbjJRKvy (ORCPT + 24 others); Wed, 18 Oct 2023 06:51:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48998 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231284AbjJRKvc (ORCPT ); Wed, 18 Oct 2023 06:51:32 -0400 Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.187]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4C8AC103; Wed, 18 Oct 2023 03:51:29 -0700 (PDT) Received: from weisslap.aisec.fraunhofer.de ([91.67.186.133]) by mrelayeu.kundenserver.de (mreue012 [212.227.15.167]) with ESMTPSA (Nemesis) id 1M1aQN-1qq2Gs12CZ-0036fn; Wed, 18 Oct 2023 12:51:01 +0200 From: =?utf-8?q?Michael_Wei=C3=9F?= To: Alexander Mikhalitsyn , Christian Brauner , Alexei Starovoitov , Paul Moore Cc: Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Quentin Monnet , Alexander Viro , Miklos Szeredi , Amir Goldstein , "Serge E. Hallyn" , bpf@vger.kernel.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, gyroidos@aisec.fraunhofer.de, =?utf-8?q?Mich?= =?utf-8?q?ael_Wei=C3=9F?= Subject: [RFC PATCH v2 08/14] device_cgroup: Hide devcgroup functionality completely in lsm Date: Wed, 18 Oct 2023 12:50:27 +0200 Message-Id: <20231018105033.13669-9-michael.weiss@aisec.fraunhofer.de> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20231018105033.13669-1-michael.weiss@aisec.fraunhofer.de> References: <20231018105033.13669-1-michael.weiss@aisec.fraunhofer.de> MIME-Version: 1.0 X-Provags-ID: V03:K1:QIZpME4s742DfC8hMrFvAacnvaXAx9F7or1EdcOHr+AXfut/SnS K6PvdolrKyhFOfbwgo6zO9HIJZWfATHtgheagP3jvEL3r7NfZs+FK5OtlSXaKPY4GarpFI3 5uk0w5KCb+cm+yqlenyUSwPZ99B00YYM20wsm6r17+X3pLOmtvGlKDmqajqp6RSo1otdAQv alXFP2b4DJGalNjTPXoqQ== UI-OutboundReport: notjunk:1;M01:P0:jpKdQdwRLw4=;wsgzDyAf38qIa7+WwRQQUz3gqmB 2vY2tGjqoo5K3tm391K5lFPaziCAI0ErJbr/vb3HMKM9sdrbx+tK3uXjXpuVslj67xW0Q8Sdc irrrx6nngTbxBss7n4At4NQoLCbXW/6a2ghH2K6TJui5lNW2H3e2ilKs1rhiWCA7vUiPvFiqc +h+9YUoteIb05YHA1ztCpOEvQiB6dlYAai2n02WDORs4a089mRw0UgwFjpAvCccXOMzLjM7DK 6k5pIDLrk9ErjnaPAhRsXroh0conCREbU1gE7PnieG9R7eHg/csPBLcBrJ+Jti9pvdz4CoIIh uUX7ajXbM2B9ny+fNiY1IGJJT3Y7wOcApc2Bf36BydixTwKb/0zADjR2RjMN4RNi8KhQ2XAIf FJ40MacIoATrA0QsYux5RVvrfL31w2peGIA+WLTIFEV/MhjKQdDp++CZ0O/2nk2EtAQGjUX6D am9tEcTpcp7Jb80LVLsNCPUF7PdIjeEZ3UvW1u42br4XoMV8mrtsg+aGW3+Q6eT/dST7FUjJF 6KnhFxOk9k0cSrflsUumg4R9sBl8iVdjlZK27IJq2Qi08AOSKYZBkSNmvikxLv9D2K7eHLeiD ME8Mkm/5varpzCkvKRH6mwEYH8F3Ps6xmKnM/YKettwu6wdyeo28BsbO4DsyrQPkRpAv0buSq ZnnBd7p7AHaryp+IJ+LzvT/lMLi81ojLxdWNC1nXq4MB2zCqHgvh7D6dn6ZiZUFrfs9EKe81U uLt0eEfqAxkC4tqmgbCImy8kZOJsVH1kcMoO/k5kYsPlu1K/tQgMWzcysV7VqoJMrT0QDtHr8 lDHNMndtXdwV//y9ZSbPq/w/nDFNCKLVBlHu2jNbobLS30j34GQ9ZHOwPbGF7FCAdPKZuaNfC DJcDxI27E/HwTng== X-Spam-Status: No, score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on pete.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (pete.vger.email [0.0.0.0]); Wed, 18 Oct 2023 03:52:13 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1780090237750486399 X-GMAIL-MSGID: 1780090237750486399 Now since all users of devcgroup_check_permission() have been removed, all device cgroup related functionality is covered by security hooks. Thus, move the public device_cgroup.h header into the subfolder of the lsm module. Signed-off-by: Michael Weiß --- security/device_cgroup/device_cgroup.c | 3 ++- {include/linux => security/device_cgroup}/device_cgroup.h | 0 security/device_cgroup/lsm.c | 3 ++- 3 files changed, 4 insertions(+), 2 deletions(-) rename {include/linux => security/device_cgroup}/device_cgroup.h (100%) diff --git a/security/device_cgroup/device_cgroup.c b/security/device_cgroup/device_cgroup.c index dc4df7475081..1a8190929ec3 100644 --- a/security/device_cgroup/device_cgroup.c +++ b/security/device_cgroup/device_cgroup.c @@ -6,7 +6,6 @@ */ #include -#include #include #include #include @@ -16,6 +15,8 @@ #include #include +#include "device_cgroup.h" + #ifdef CONFIG_CGROUP_DEVICE static DEFINE_MUTEX(devcgroup_mutex); diff --git a/include/linux/device_cgroup.h b/security/device_cgroup/device_cgroup.h similarity index 100% rename from include/linux/device_cgroup.h rename to security/device_cgroup/device_cgroup.h diff --git a/security/device_cgroup/lsm.c b/security/device_cgroup/lsm.c index 987d2c20a577..a963536d0a15 100644 --- a/security/device_cgroup/lsm.c +++ b/security/device_cgroup/lsm.c @@ -11,9 +11,10 @@ */ #include -#include #include +#include "device_cgroup.h" + static int devcg_dev_permission(umode_t mode, dev_t dev, int mask) { short type, access = 0; From patchwork Wed Oct 18 10:50:28 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Michael_Wei=C3=9F?= X-Patchwork-Id: 154807 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2908:b0:403:3b70:6f57 with SMTP id ib8csp4701370vqb; Wed, 18 Oct 2023 03:52:15 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFYAzZRrLV2JoB3p6pOzpumBdzFiDoRu1gEDLoIyZ3FHkwNEYBCjxgfBX+rFholawO5/dbV X-Received: by 2002:a05:6a20:d80d:b0:163:ab09:193e with SMTP id iv13-20020a056a20d80d00b00163ab09193emr4771701pzb.1.1697626335235; Wed, 18 Oct 2023 03:52:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697626335; cv=none; d=google.com; s=arc-20160816; b=FFM0FprSCL4bBBGuhUXkjMi88YtQbURGk/x4cl+dTw/C6gflJs4lPbQYp1IEyigNeX GPFgXpSlEvxhoJyoyH64wG84Q2Ohkqga9v8GOjF8D0FKUEBzTNp/tTHU4LYSg0bVe7Xc s8jv6hs1JY6HkrZZ99z3bQp3nK0r/lUX8Q/uXPGbKrFFtSzyGOFA9MKo3EJRjcGQ5964 me3cDGVs/h1UKYTL22RH2mdRRVlKMGs+P1I+q6SMeSBcu4S2JkajnQ7hLfpnfQ4ZEFT9 T0+6qVYn4SNbs14j0HJSddNQUwM1sjEkzfMQeBy/OfjmNFDHYZ80S7HEzhZGDTt7Ymnn RCdA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:ui-outboundreport:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=+wYA09Ez/WIUe3DVS+b/j50bQggTuJu8rqzdBeEY/5g=; fh=c4ql7d5QsFreQmYQr7ycbAsMayBEmNUOv2nmR/PVp9M=; b=G9EUiyv5E9NdicfggGUa3st9GXZtS9doveawtPknkYE1PHjXTDgR/M+JWGh6Emtix3 OR348m+l5BakjZJkguMAjvMngRUcZEeafbAuiajxzl6iISl8c9R6IuMYPvZRxSf4booI MyHeCMbOc6lFBAOmPVjOSgdbWiZIUkBBfd4t+TUQCz4lNWnSlmEnOkxEmnCykhZ5knb8 /EbJrb1KZoBGkHXViQIfCmI5kasHmP5wNQesckDT64hnMcAuV12y6sx9tNUZ2gN3HIee T0e4dnEcUn7lP0zETytw0VfRMqinYQIgVmvEwspcgnfRCgKsFPLegcVV5RUhEBCLXAXk 79Nw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from lipwig.vger.email (lipwig.vger.email. [23.128.96.33]) by mx.google.com with ESMTPS id e13-20020a170902d38d00b001c62e42ad8bsi3769654pld.72.2023.10.18.03.52.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Oct 2023 03:52:15 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) client-ip=23.128.96.33; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by lipwig.vger.email (Postfix) with ESMTP id 73B3C8172970; Wed, 18 Oct 2023 03:52:11 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at lipwig.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235233AbjJRKv6 (ORCPT + 24 others); Wed, 18 Oct 2023 06:51:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49022 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235013AbjJRKvc (ORCPT ); Wed, 18 Oct 2023 06:51:32 -0400 Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.187]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4D99D109; Wed, 18 Oct 2023 03:51:29 -0700 (PDT) Received: from weisslap.aisec.fraunhofer.de ([91.67.186.133]) by mrelayeu.kundenserver.de (mreue012 [212.227.15.167]) with ESMTPSA (Nemesis) id 1MAtoX-1qhkY30v9N-00BOPd; Wed, 18 Oct 2023 12:51:02 +0200 From: =?utf-8?q?Michael_Wei=C3=9F?= To: Alexander Mikhalitsyn , Christian Brauner , Alexei Starovoitov , Paul Moore Cc: Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Quentin Monnet , Alexander Viro , Miklos Szeredi , Amir Goldstein , "Serge E. Hallyn" , bpf@vger.kernel.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, gyroidos@aisec.fraunhofer.de, =?utf-8?q?Mich?= =?utf-8?q?ael_Wei=C3=9F?= Subject: [RFC PATCH v2 09/14] lsm: Add security_inode_mknod_nscap() hook Date: Wed, 18 Oct 2023 12:50:28 +0200 Message-Id: <20231018105033.13669-10-michael.weiss@aisec.fraunhofer.de> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20231018105033.13669-1-michael.weiss@aisec.fraunhofer.de> References: <20231018105033.13669-1-michael.weiss@aisec.fraunhofer.de> MIME-Version: 1.0 X-Provags-ID: V03:K1:5lxDhBdnRK6z/qneyHrExxpGGfNqKmn9/t+GHCV67i7gdyqABcu sqNuzvbWCst+BiDlXc96S54DVuWryXVblKlyxZ0G+0XC241SZV/ZSM5WIzaOYnGa2HwVhD7 w12pjkFUdUUIkGyG6Y/MWWJZTpEwRid3PsLC7MyY+Om2nm6t0bHDIB2WtzcILbedxiB17w1 Bpg7935I0mCv9jw2zLkcg== UI-OutboundReport: notjunk:1;M01:P0:2+i2Uh/X6wo=;2uxYOw5HC84hKPQexFNKPLKAGkt fQYhBSxyE+Ny/qlYqBNh/lRNoj42Lvenpzoqt2sOm2fb+ItLxK2aqhvRnBuFWEBxBV2pkGfJP LAqSq1V7TtAdHMMxnT6flWVbEJw+eHAGjOobF7hT2NJYUGKT21zIJ7HY5dUUVbNLy5y/vRBD8 1T8q4EotydMXbeuFrz8QJx0J+W8yFO2rFizCl7PrsLIOJ/cCvLfdoD8xj9lTUa3Ea/OLXBUJ8 iDtALlENbL5H32dD4XJjmauzfESGsfYA1O5BC2zco6zwEP0IFpAMzK3ptiddi64N9yyk4VFu8 lu31rT2lrrjcuz1QwvaME+6njgIpYTvLZcrKN0P4Q8ZcpY1JyBbnnYnUghq4+3LrIbTa5nTOc 4QzBp6H7vYMPeDLhlGokJggteXh7QlSbtGyom1xXBxlhk9FrQNg0WX2AdqGqIQIhKsz2DShs8 VHMOQHRqat2gdEuf76pB5RSMak36+SS16dZpeJCjNq0vuasSM+Q5hq8MwyaEPoaWUdhY+IeE8 5Gobc5CWqypvuYQGijWmwNT/5O2bmLmBaP8B1DuzVi5bWN30oioawo2FEmbyu32jDVyV42ZVD 2Khd2mrRFNcUge6Xc05REdy4mMIc4pmF+6D4qU9+nZ2fPHum1D4GN43IzUAi/fQVR6Cj3VM2w WuCnLxjl9jrN2xRPoyd6iXZdeHgKhpyuKqOvd7/b/rmstCPY23TZqiFDNqfQKrYnDCXEuHNYM i3jM5RmJVmJ2993fmi1/CK2zJVhsHYRyn9a/1Iwf9lnX6x8eSvO2X6k4ONeKEpUDX9+S4PzJT NlmyYPjb+abDxWdmHgRnZN6yEMH6yPeUt6QpqbwMmqmvsJhMuko00/NRJEpAFW8Qe/VrgQ6hC d0PA89QcvI6H7fw== X-Spam-Status: No, score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Wed, 18 Oct 2023 03:52:11 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1780090231632328666 X-GMAIL-MSGID: 1780090231632328666 Provide a new lsm hook which may be used to allow mknod in non-initial userns. If access to the device is guarded by this hook, access to mknod may be granted by checking cap mknod for unprivileged user namespaces. By default this will return -EPERM if no lsm implements the hook. A first lsm to use this will be the lately converted cgroup_device module. Signed-off-by: Michael Weiß --- include/linux/lsm_hook_defs.h | 2 ++ include/linux/security.h | 8 ++++++++ security/security.c | 31 +++++++++++++++++++++++++++++++ 3 files changed, 41 insertions(+) diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h index a868982725a9..f4fa01182910 100644 --- a/include/linux/lsm_hook_defs.h +++ b/include/linux/lsm_hook_defs.h @@ -276,6 +276,8 @@ LSM_HOOK(int, 0, inode_setsecctx, struct dentry *dentry, void *ctx, u32 ctxlen) LSM_HOOK(int, 0, inode_getsecctx, struct inode *inode, void **ctx, u32 *ctxlen) LSM_HOOK(int, 0, dev_permission, umode_t mode, dev_t dev, int mask) +LSM_HOOK(int, -EPERM, inode_mknod_nscap, struct inode *dir, struct dentry *dentry, + umode_t mode, dev_t dev) #if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE) LSM_HOOK(int, 0, post_notification, const struct cred *w_cred, diff --git a/include/linux/security.h b/include/linux/security.h index 8bc6ac8816c6..bad6992877f4 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -485,6 +485,8 @@ int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen); int security_locked_down(enum lockdown_reason what); int security_dev_permission(umode_t mode, dev_t dev, int mask); +int security_inode_mknod_nscap(struct inode *dir, struct dentry *dentry, + umode_t mode, dev_t dev); #else /* CONFIG_SECURITY */ static inline int call_blocking_lsm_notifier(enum lsm_event event, void *data) @@ -1400,6 +1402,12 @@ static inline int security_dev_permission(umode_t mode, dev_t dev, int mask) { return 0; } +static inline int security_inode_mknod_nscap(struct inode *dir, + struct dentry *dentry, + umode_t mode, dev_t dev); +{ + return -EPERM; +} #endif /* CONFIG_SECURITY */ #if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE) diff --git a/security/security.c b/security/security.c index 40f6787df3b1..7708374b6d7e 100644 --- a/security/security.c +++ b/security/security.c @@ -4034,6 +4034,37 @@ int security_dev_permission(umode_t mode, dev_t dev, int mask) } EXPORT_SYMBOL(security_dev_permission); +/** + * security_inode_mknod_nscap() - Check if device is guarded + * @dir: parent directory + * @dentry: new file + * @mode: new file mode + * @dev: device number + * + * If access to the device is guarded by this hook, access to mknod may be granted by + * checking cap mknod for unprivileged user namespaces. + * + * Return: Returns 0 on success, error on failure. + */ +int security_inode_mknod_nscap(struct inode *dir, struct dentry *dentry, + umode_t mode, dev_t dev) +{ + int thisrc; + int rc = LSM_RET_DEFAULT(inode_mknod_nscap); + struct security_hook_list *hp; + + hlist_for_each_entry(hp, &security_hook_heads.inode_mknod_nscap, list) { + thisrc = hp->hook.inode_mknod_nscap(dir, dentry, mode, dev); + if (thisrc != LSM_RET_DEFAULT(inode_mknod_nscap)) { + rc = thisrc; + if (thisrc != 0) + break; + } + } + return rc; +} +EXPORT_SYMBOL(security_inode_mknod_nscap); + #ifdef CONFIG_WATCH_QUEUE /** * security_post_notification() - Check if a watch notification can be posted From patchwork Wed Oct 18 10:50:29 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Michael_Wei=C3=9F?= X-Patchwork-Id: 154815 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2908:b0:403:3b70:6f57 with SMTP id ib8csp4703291vqb; Wed, 18 Oct 2023 03:57:16 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFB/0Z8c/0RdFn2heBzn1C984AVwNO7yuxdEGwEKnP8OhcsNkhz28nEgmchn8Ldf3W1Ph3y X-Received: by 2002:a05:6a20:d80d:b0:15d:f804:6907 with SMTP id iv13-20020a056a20d80d00b0015df8046907mr4796238pzb.0.1697626636608; Wed, 18 Oct 2023 03:57:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697626636; cv=none; d=google.com; s=arc-20160816; b=vSBkU5zSZKIkZWkWkBGC/O2FBL1pouWPMW1F9V7HyjVgJ/0iDbFapQz56YX3jYJ+ja COnyB2T0N188sD80YwQ44DwrNetnxE+1/B11L74KNcS1/eL3xvZiq96BACi/zj31A+8I XbObqe49gn2HsmJ+fYDeS1zaFM/5tmIhq0m45IrAITkcj3516g+k2vKw4GqYTmDous9h 14+o7/nUUjxdizuiTVITNREgtfX8IJACxT0tr65jH4L/JZ5s6ZAtZ8vBN6W4XJqYjxad wWG2F7UpThm2e3u9N6K5n/Tpd9lRt0zZoE2tn0aVkomRUxYOyDj1KlCgAr7nek+8SIkJ AT6Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:ui-outboundreport:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=cIOTMO6yC7WdeCt0aKqWADZaSZCE3fJU0LTeLb0YV08=; fh=c4ql7d5QsFreQmYQr7ycbAsMayBEmNUOv2nmR/PVp9M=; b=QNDY1WBPlv0+SIML4RVwkgFSao8TKm5uPNhCti1aBJIEXzqszvxYLA5Th19W4gS15x o6CQkGgh5uWIpjt1LsqlawH5Jbfe8DtlUqOKdNxlUcYdN6zvrcUUqPppGfxLc8M9iNi4 bsmJfgF5dsiafpxtCpi1jcXr4vUZVM3ZE/jwQdW/2dpcQvnxOa2PQ2aqmB2QOunPhC9c 0VBiOCVVAXuq/ft+SHFG3lOiKlKUjJXV8fhYRlOGdyyLHpl/muIjjgclSVGS2p2Hql7y wn4lcmIi9ZUyDlMUEffQd00Ji9esXMroJEU8u18O1/3zBGON8D3FLsTrZmAT2RnUEuZr VnFA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from snail.vger.email (snail.vger.email. [2620:137:e000::3:7]) by mx.google.com with ESMTPS id j8-20020a170903024800b001c9b15bf939si3900535plh.358.2023.10.18.03.57.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Oct 2023 03:57:16 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) client-ip=2620:137:e000::3:7; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 965FB8051B7A; Wed, 18 Oct 2023 03:57:15 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229846AbjJRK5J (ORCPT + 24 others); Wed, 18 Oct 2023 06:57:09 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40424 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229984AbjJRK5E (ORCPT ); Wed, 18 Oct 2023 06:57:04 -0400 Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.131]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DCEEB92; Wed, 18 Oct 2023 03:57:01 -0700 (PDT) Received: from weisslap.aisec.fraunhofer.de ([91.67.186.133]) by mrelayeu.kundenserver.de (mreue012 [212.227.15.167]) with ESMTPSA (Nemesis) id 1MpCz1-1rJY4G0S1H-00qmy3; Wed, 18 Oct 2023 12:51:03 +0200 From: =?utf-8?q?Michael_Wei=C3=9F?= To: Alexander Mikhalitsyn , Christian Brauner , Alexei Starovoitov , Paul Moore Cc: Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Quentin Monnet , Alexander Viro , Miklos Szeredi , Amir Goldstein , "Serge E. Hallyn" , bpf@vger.kernel.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, gyroidos@aisec.fraunhofer.de, =?utf-8?q?Mich?= =?utf-8?q?ael_Wei=C3=9F?= Subject: [RFC PATCH v2 10/14] lsm: Add security_sb_alloc_userns() hook Date: Wed, 18 Oct 2023 12:50:29 +0200 Message-Id: <20231018105033.13669-11-michael.weiss@aisec.fraunhofer.de> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20231018105033.13669-1-michael.weiss@aisec.fraunhofer.de> References: <20231018105033.13669-1-michael.weiss@aisec.fraunhofer.de> MIME-Version: 1.0 X-Provags-ID: V03:K1:1r5RyqGAN9dy40dCcTVA8P+ZdQrnAWjyMfT7NWw+AjP5k7SdSAx KK6ojyZeqMoIKXoNN5B05l8hRYYrpxg2YsWGs0W0oVR5FlK/vd0aZOYdG0AL/l+CQ5iGm5e O0YnfYkhugXo/lJhVr+PA2rOcH47EsknuLQQnKrXL07VgH3KwnC4ufExd7KzXs9PeBLvufI ET/oTA9gKppKW3e2BLdgQ== UI-OutboundReport: notjunk:1;M01:P0:7me07hlkTME=;sNgRW1+b87bFkPd2ci/jNOKxrY/ E3OsrEQIpRvOmvjffQg2b9fa3t3DZkvTrHLDkqf3oYKKFUgeSxdR5qG18aSrsBOK1Pa00KKbL /UQcWTQ/nuYrv0QvLDl50sf086WdgoBfJ2/URhBwnTv3KRQ7t1il7cgJceSozFxcemIogxidQ LL3M7TsNkb7ASSMhpnDNiMHiNTkCb1yiA82Nrq/W/9+yDZxO2s49HocioaBiV1xOGuEPUMONT 5U3G+4fXY7tdTs13VnJmVlLF92Z5idVgVqYYm/5QZ5uKKT4maSQSfG00nf94lEsDFTiPIkn+S ZtHGKa+F96ZkdZjnU8HvdbGCQebFMQIM08okjd5W441mzGfzGU9FrScSOsOeecy9/uxvBGh3a o1NprWiXBUNBGiz81EQMjrmU3nCGoIFu9sjU7jb+HlsX6va7+AhzTp2gZDMHaOv+v2LTx7PCv JFP3BiK90WUmdBc1poLC6wEhfDmVzclkLzJ30wAC089UquOrE90adQwCB5QcDQMN9ffOqWgcd PiH00bjbtVzeuknhKCGGOYCVepoOa32lfVdtoXIlqaQOaa2WHt55aPihU/lIfuAdkTHb4HR4E b2I/CdlUPHHEg1y5An6i9eeJ/e4H4K0lGCHxR9Dw2sTu0iJFz7I06zTgsrXPoVkEopPu0r/48 hY7IU5/UR9hiCk9hCcwQ8C/RkZiX0ZtNwi9crKi+5zomHZoKB22oZlbH/Cx00W6i9rUJAetZe KJ+cOaHVobJZdbTDq8FHjFDCH1XKnYFYP+kv+m289poYuRD09l91FbFx4B2n4y0zC4jKHAndJ Twfv3u/b7Mwi6HYZXKp8uVign0Z2zewzMYSYzTlx4nMib1DuCWW8mNEDVEuw6HK7uKorvcUhW sfBrRi+IYWzODCABGVCbEVEkHzTs9PrJrERU= X-Spam-Status: No, score=-1.2 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H5,RCVD_IN_MSPIKE_WL, SPF_HELO_NONE,SPF_SOFTFAIL autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Wed, 18 Oct 2023 03:57:15 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1780090547795061603 X-GMAIL-MSGID: 1780090547795061603 Provide a new lsm hook which may be used to allow access to device nodes for super blocks created in unprivileged namespaces if some sort of device guard to control access is implemented. By default this will return -EPERM if no lsm implements the hook. A first lsm to use this will be the lately converted cgroup_device module. Signed-off-by: Michael Weiß --- include/linux/lsm_hook_defs.h | 1 + include/linux/security.h | 5 +++++ security/security.c | 26 ++++++++++++++++++++++++++ 3 files changed, 32 insertions(+) diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h index f4fa01182910..0f734a0a5ebc 100644 --- a/include/linux/lsm_hook_defs.h +++ b/include/linux/lsm_hook_defs.h @@ -278,6 +278,7 @@ LSM_HOOK(int, 0, inode_getsecctx, struct inode *inode, void **ctx, LSM_HOOK(int, 0, dev_permission, umode_t mode, dev_t dev, int mask) LSM_HOOK(int, -EPERM, inode_mknod_nscap, struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev) +LSM_HOOK(int, -EPERM, sb_alloc_userns, struct super_block *sb) #if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE) LSM_HOOK(int, 0, post_notification, const struct cred *w_cred, diff --git a/include/linux/security.h b/include/linux/security.h index bad6992877f4..0f66be1ed1ed 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -487,6 +487,7 @@ int security_locked_down(enum lockdown_reason what); int security_dev_permission(umode_t mode, dev_t dev, int mask); int security_inode_mknod_nscap(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev); +int security_sb_alloc_userns(struct super_block *sb); #else /* CONFIG_SECURITY */ static inline int call_blocking_lsm_notifier(enum lsm_event event, void *data) @@ -1408,6 +1409,10 @@ static inline int security_inode_mknod_nscap(struct inode *dir, { return -EPERM; } +static inline int security_sb_alloc_userns(struct super_block *sb) +{ + return -EPERM; +} #endif /* CONFIG_SECURITY */ #if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE) diff --git a/security/security.c b/security/security.c index 7708374b6d7e..9d5d4ec28e62 100644 --- a/security/security.c +++ b/security/security.c @@ -4065,6 +4065,32 @@ int security_inode_mknod_nscap(struct inode *dir, struct dentry *dentry, } EXPORT_SYMBOL(security_inode_mknod_nscap); +/** + * security_sb_alloc_userns() - Grand access to device nodes on sb in userns + * + * If device access is provided elsewere, this hook will grand access to device nodes + * on the allocated sb for unprivileged user namespaces. + * + * Return: Returns 0 on success, error on failure. + */ +int security_sb_alloc_userns(struct super_block *sb) +{ + int thisrc; + int rc = LSM_RET_DEFAULT(sb_alloc_userns); + struct security_hook_list *hp; + + hlist_for_each_entry(hp, &security_hook_heads.sb_alloc_userns, list) { + thisrc = hp->hook.sb_alloc_userns(sb); + if (thisrc != LSM_RET_DEFAULT(sb_alloc_userns)) { + rc = thisrc; + if (thisrc != 0) + break; + } + } + return rc; +} +EXPORT_SYMBOL(security_sb_alloc_userns); + #ifdef CONFIG_WATCH_QUEUE /** * security_post_notification() - Check if a watch notification can be posted From patchwork Wed Oct 18 10:50:30 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Michael_Wei=C3=9F?= X-Patchwork-Id: 154808 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2908:b0:403:3b70:6f57 with SMTP id ib8csp4701379vqb; Wed, 18 Oct 2023 03:52:16 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGcDQZlYSLmSSu33TzJ3qaLkD1H8Cj1aZCPmUw4x8WqE32bdaIkdHXXkxYQXLoa00WZcdOd X-Received: by 2002:a05:6e02:1d8a:b0:34e:2a69:883c with SMTP id h10-20020a056e021d8a00b0034e2a69883cmr5802703ila.1.1697626336246; Wed, 18 Oct 2023 03:52:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697626336; cv=none; d=google.com; s=arc-20160816; b=Tx1E+l1725GtXumB79lYegHlXLhbWATqiSAwx2dDiZwp7dIiYIB4UWUChWoaayIFTB Xo90D5/F8s9rr8LLp8vuAaVRflEwln8ikRoqEAJSeG9CXVfucCAMD1khlgQzisqekqRb 6mfw7HDFA56T0EUwp9bJR1o5Sziol2ALRAIJEgK+nU9sMYbdNUtVr0fSWTbvC3GbnKwT o22C91XixEcE2b0FoSHTwP4vyegSntMNDN0D6Xzq3yg4XFHpuQZBtghny+NZ4QkoYKI7 kYydH3llhOJASMW2p4TK4CwCmIN+PDr20CrNg0NCR5AdC7TMqq1RDVknkq5Yoi6i0LYR nWmQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:ui-outboundreport:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=JK4xGcnayFbI5sxwc/4vs/SiYIfxPr/AFIou6AXHkss=; fh=c4ql7d5QsFreQmYQr7ycbAsMayBEmNUOv2nmR/PVp9M=; b=K33ohTGdH+mCl37NjqrRXWeKHwA5iQWNmK9q86mqbehWVr97097fthX6OqJnTtDe9c Y5cCWkUDDe8wXuxSpWoWReP1iOGYV4N2CK8UM+bcCaV63y7/WPTlsB4Yqympte9vHMon iJqJ94lJObc5NjU7Wu8/db8npr+6JrZAvA7UUh4rONyr1HDQgqkdKrNItlhTIXRQtNrG WP9WI1E16Kg3wRKlVjEl72feXGfNVlqsYXhG6StcajWEH7DRmT85Jipy1u7EVQnHZx0z CWcYFDubtJKwWryPsWNvnqBipf79DwzgT5h/uzF/wvEv3LbBm1OvqgTYH+I0nRG5Fat2 7QtQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from snail.vger.email (snail.vger.email. [2620:137:e000::3:7]) by mx.google.com with ESMTPS id by37-20020a056a0205a500b0059b64b153f6si2215581pgb.845.2023.10.18.03.52.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Oct 2023 03:52:16 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) client-ip=2620:137:e000::3:7; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 3176A81393D3; Wed, 18 Oct 2023 03:52:15 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235174AbjJRKwI (ORCPT + 24 others); Wed, 18 Oct 2023 06:52:08 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48992 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230526AbjJRKvc (ORCPT ); Wed, 18 Oct 2023 06:51:32 -0400 Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.135]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8809F101; Wed, 18 Oct 2023 03:51:28 -0700 (PDT) Received: from weisslap.aisec.fraunhofer.de ([91.67.186.133]) by mrelayeu.kundenserver.de (mreue012 [212.227.15.167]) with ESMTPSA (Nemesis) id 1N8EdM-1rfLHD3yTI-014Buu; Wed, 18 Oct 2023 12:51:04 +0200 From: =?utf-8?q?Michael_Wei=C3=9F?= To: Alexander Mikhalitsyn , Christian Brauner , Alexei Starovoitov , Paul Moore Cc: Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Quentin Monnet , Alexander Viro , Miklos Szeredi , Amir Goldstein , "Serge E. Hallyn" , bpf@vger.kernel.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, gyroidos@aisec.fraunhofer.de, =?utf-8?q?Mich?= =?utf-8?q?ael_Wei=C3=9F?= Subject: [RFC PATCH v2 11/14] vfs: Wire up security hooks for lsm-based device guard in userns Date: Wed, 18 Oct 2023 12:50:30 +0200 Message-Id: <20231018105033.13669-12-michael.weiss@aisec.fraunhofer.de> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20231018105033.13669-1-michael.weiss@aisec.fraunhofer.de> References: <20231018105033.13669-1-michael.weiss@aisec.fraunhofer.de> MIME-Version: 1.0 X-Provags-ID: V03:K1:QKuNcHsyjzZeVFhJge7r9EgZaJUd1hSQUNm5KrdnKw9WPc7MzKn oARcftJeCxBau0k8RbuFVQsbaKvoER/ApOI5iziIof3ikARFUAYuQ/e3CpGm2DvTbMneYjZ 3mAX2olG5AbqRXD86FY2w3uJ7IS/uhVx/WgvP8bUqG6rm8A9UyrXr2PJ8PYZ5hkTbfiuPsc R65uN8EIxjOlPB7Uel4gg== UI-OutboundReport: notjunk:1;M01:P0:UsmMmelH1QY=;Te31CKQmgxElaICDoMa60Hv9NZr V7G+LrLIi9tu0IPzzq2E4kLeXGgyZnPSxd4kOwZQGmR+qzhpNrEKSesPDqB/jdYVUzYevhqkU JasgoppivfgdH7GD47iRzHYMH+Ba3JEcNFoIcXGt313SnBMDRQMv32dBKGVzbx4kGSP9WhOFV nwfvj9+HHXgmUCEBukfuf9VNUDl2rdO7i83v1xmJl4Cg9O3MI3sANH3Ff7LjbbjJQwtshK7S4 q7Nco8SVY99bn3hIKBxk5TiEMWUYRB53apBZ8cT7RwjaN5LYFnIWdnOrUkGUPETqffBVymt+F xePopQ1rUUR+6t1U4kzi8E8LDVtjqQhSVTsf3lLxYMuRChNAnEMvLLLViyVCWQcOKiTrPj2NU vhV85ztJkAkDnQwv5oI3uPKPeDnDjKMmnYQfE9y9ZX8wKKzG9TKcGbe7EAi3jWyMoaqXZRuzk JbyzfpiiTzcnWM5QJugsTt+qPJoTEQvuPpVYy1JJT2/faj9V35B4fEJzZgQ1LkAld78JVwcD2 4tH4DE7joCdgoNdPIQsHTNIjfpMHrPjGs5uk4R8l6PWmKxwhdF8GYifopLp8HnrUcznBxqRmH jAbig9gTzAfKD/KLTCxrE2ORxhfyVvmaOw2oG028cicY/hXniY5taOu29c+l20ZiBHOkYr7QW zZmjytwe7FKRBT7p8jD9C90WMRXXDBn+UtKTiUATgzZhlxK2mGxvGXy4Ox94qvEDhpXQbaWam Ua3y7egjlnbF0P/3ji4700ALzjAYV5ZjlY++leIpVqA6Z5EZ18DL2XQCTrwjygDe9rcqNhCxm a/KNT4V6WtGUrp86t4Q/tXpHjkl/1iWtd/0bJUE8V/nGKq/Hf+3nm/4n0FitxEAER+klCFsL2 DZRdVItQ32YjjNA== X-Spam-Status: No, score=-1.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H5,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_SOFTFAIL autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Wed, 18 Oct 2023 03:52:15 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1780090232905595940 X-GMAIL-MSGID: 1780090232905595940 Wire up security_inode_mknod_capns() in fs/namei.c. If implemented and access is granted by an lsm, check ns_capable() instead of the global CAP_MKNOD. Wire up security_sb_alloc_userns() in fs/super.c. If implemented and access is granted by an lsm, the created super block will allow access to device nodes also if it was created in a non-inital userns. Signed-off-by: Michael Weiß --- fs/namei.c | 16 +++++++++++++++- fs/super.c | 6 +++++- 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/fs/namei.c b/fs/namei.c index f601fcbdc4d2..1f68d160e2c0 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -3949,6 +3949,20 @@ inline struct dentry *user_path_create(int dfd, const char __user *pathname, } EXPORT_SYMBOL(user_path_create); +static bool mknod_capable(struct inode *dir, struct dentry *dentry, + umode_t mode, dev_t dev) +{ + /* + * In case of a security hook implementation check mknod in user + * namespace. Otherwise just check global capability. + */ + int error = security_inode_mknod_nscap(dir, dentry, mode, dev); + if (!error) + return ns_capable(current_user_ns(), CAP_MKNOD); + else + return capable(CAP_MKNOD); +} + /** * vfs_mknod - create device node or file * @idmap: idmap of the mount the inode was found from @@ -3975,7 +3989,7 @@ int vfs_mknod(struct mnt_idmap *idmap, struct inode *dir, return error; if ((S_ISCHR(mode) || S_ISBLK(mode)) && !is_whiteout && - !capable(CAP_MKNOD)) + !mknod_capable(dir, dentry, mode, dev)) return -EPERM; if (!dir->i_op->mknod) diff --git a/fs/super.c b/fs/super.c index 2d762ce67f6e..bb01db6d9986 100644 --- a/fs/super.c +++ b/fs/super.c @@ -362,7 +362,11 @@ static struct super_block *alloc_super(struct file_system_type *type, int flags, } s->s_bdi = &noop_backing_dev_info; s->s_flags = flags; - if (s->s_user_ns != &init_user_ns) + /* + * We still have to think about this here. Several concerns exist + * about the security model, especially about malicious fuse. + */ + if (s->s_user_ns != &init_user_ns && security_sb_alloc_userns(s)) s->s_iflags |= SB_I_NODEV; INIT_HLIST_NODE(&s->s_instances); INIT_HLIST_BL_HEAD(&s->s_roots); From patchwork Wed Oct 18 10:50:31 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Michael_Wei=C3=9F?= X-Patchwork-Id: 154806 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2908:b0:403:3b70:6f57 with SMTP id ib8csp4701319vqb; Wed, 18 Oct 2023 03:52:07 -0700 (PDT) X-Google-Smtp-Source: AGHT+IELUhUYr2VAcVzEHYnOlRV4Q6rnf948yK3TS0WNf3YChKwqke2jgPst5yeZkM5Ys4gDyJ8h X-Received: by 2002:a17:902:760d:b0:1c6:2b3d:d918 with SMTP id k13-20020a170902760d00b001c62b3dd918mr4974343pll.3.1697626327133; Wed, 18 Oct 2023 03:52:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697626327; cv=none; d=google.com; s=arc-20160816; b=dNcfn++s5FKb6LXA1q3umK857MjUkRXs5QwbrwQIluHGPefsDmzaYjqnwQLtOPYkZY +rmmnuwOIi9EJTWee5kj2DArNHvorYKaL3esTuECuJ++HZcKmepkcBpNHc4KlOgA16OY ipFgJv0NDqWXYvPSX2Jl1s17e/AWnbzqYWZ2ZE3LdmRSg/S8df5rEBrfGaCvZ66p+NeD gbPJuO1Z5uUhOEG0msSlAy80e2x/BivWSVDM3kL6J+aW3UoFcZVTCX/P3iyMASWuhMt8 0jxFJahaEUrFNKIQlNn+6x4zVIaWwen5Bm7lV/++4k8EpGmBLeMFFWIWdGdUmHE1JMsn Fp0Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:ui-outboundreport:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=HdAPg1z7sS0AGvd4vqaFHr3rIQ9eRjIceGAqFce53I8=; fh=c4ql7d5QsFreQmYQr7ycbAsMayBEmNUOv2nmR/PVp9M=; b=KLnNQ3uXxZSU6/IK6TprLLtF8AAfvKhAVCaZLm53W+MehhUz0jHogFeVAO9JN0iWr7 QkawX82TgHVeg7BvJiXuQQjFTmaY2Aasq3sr38b1zSPCAj+HDTcYmm8NxK9Twzdmx9gD OLqzWvKbm3XMKYZ75mvVW1EXmbJL8xIcxdvTpKCyAf38TTD555Ua8KmIxeg/ufkoMnO7 PuOs0hmBA8t/hrp7Ara76KYBK+GCOcC2tRng4LL72hGVrZNQDpM6+p5bS5gaa+vrPmRj e/YV20KsVPz1YTEcUFZxYuozQUkXr8mQ8zc/iIxbD9PB9hGTr5j6CJL66urwEjN2wjeN /w9A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from morse.vger.email (morse.vger.email. [2620:137:e000::3:1]) by mx.google.com with ESMTPS id h12-20020a170902704c00b001c62139b164si3869737plt.38.2023.10.18.03.52.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Oct 2023 03:52:07 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) client-ip=2620:137:e000::3:1; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by morse.vger.email (Postfix) with ESMTP id 2C7568031AEE; Wed, 18 Oct 2023 03:52:05 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at morse.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230398AbjJRKvu (ORCPT + 24 others); Wed, 18 Oct 2023 06:51:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48966 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229605AbjJRKvc (ORCPT ); Wed, 18 Oct 2023 06:51:32 -0400 Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.135]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 45F30F9; Wed, 18 Oct 2023 03:51:27 -0700 (PDT) Received: from weisslap.aisec.fraunhofer.de ([91.67.186.133]) by mrelayeu.kundenserver.de (mreue012 [212.227.15.167]) with ESMTPSA (Nemesis) id 1MfL5v-1rTTgR3Mkt-00grKp; Wed, 18 Oct 2023 12:51:04 +0200 From: =?utf-8?q?Michael_Wei=C3=9F?= To: Alexander Mikhalitsyn , Christian Brauner , Alexei Starovoitov , Paul Moore Cc: Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Quentin Monnet , Alexander Viro , Miklos Szeredi , Amir Goldstein , "Serge E. Hallyn" , bpf@vger.kernel.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, gyroidos@aisec.fraunhofer.de, =?utf-8?q?Mich?= =?utf-8?q?ael_Wei=C3=9F?= Subject: [RFC PATCH v2 12/14] bpf: Add flag BPF_DEVCG_ACC_MKNOD_UNS for device access Date: Wed, 18 Oct 2023 12:50:31 +0200 Message-Id: <20231018105033.13669-13-michael.weiss@aisec.fraunhofer.de> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20231018105033.13669-1-michael.weiss@aisec.fraunhofer.de> References: <20231018105033.13669-1-michael.weiss@aisec.fraunhofer.de> MIME-Version: 1.0 X-Provags-ID: V03:K1:jFFIwS4qwpApd71uT5/zzBofJHrQqQbMnQCJHEMIWW1Lqc23Bv6 CLaXIgZryPTHHNnoyvu1YqBoKOYSFhL+2PrXRkZWBsk2opEc0nVBAFlgDl0hobyxG49s0Ud 9YG/8xesCxM8FUqNmbqiQ6caI/0dbJYKNpvwSg28bF8XMhCPg66tLPMklXLhksz8jbOX5Be XCthwxUiwm541vxbY+hXA== UI-OutboundReport: notjunk:1;M01:P0:MNEgPA54IMs=;me9EvLyitsl0wTv0UsXt+4LxB3G Eh0yoMuL7/IahwR85VE3A2qEg6zChPO0GZuzIR1zs5Jg9SQnajBFHzvj7/g7SVxDbaGwPtDbu F7Hh5GIa0i+RmWI2OzLgXPGBCqe1A7h2DTWlvI0zAdlwwinvGaZhoqZ/NaZcM7ktbEvFazgys +ivqxBeoHVCwclRyx88ZiwSpRjr7SNnUbuRV/dqHyTy5KHLL7dNamTRD92l9Xvpsu5E1MmTA8 c9ethuj7kCZbBt3Hso5+dXjLc5K+xJp9sV9uJhSh9jYzP5ZxTSygD/VTo6gjBfUO/QqwHgDiz DN2b3nPQ/Ka+xDOyXiogyMb+RiDo5eN28l7YLzEZPZvOIlPKyR1gniVBBmHIN1hGqPnHaSUmq b096EXkbEEbEKE+sSxGYr8MAb8Xjc/tEqzIIQ8yAW1iJquYM1rZGrICDCSHwkSblINPpsfULD OdI1QFuBmuuSEYvCwaFLYlELH/MEGqntz5GEbi2VrFAQs7RNDTYrKHHwz0V3HECnp0MHGCyla iIDYh6MStky1f2Z112vlezC18zvZI7y5xmNfx4rMXFvaPoYgP1J5I4aBxDVhvdBZVUpQ/9WWq WCQSyKBPIt7tOt1AM4T9pEtbme68dVzHEj00Wu0WrfYAA9EttXA75nqVYaJNdFdSkaklL6sqq OMnVc+K/LfD5LpC5oMG9OB3Jl4ELffgkabBtNhPqXE3IZDE5g0pkAdhiM75yPFDKgXL+KleWt IMJuv7bdK+xSGELVf0mabwDYZ+t2hJx2tfHTDauWnBOqCEULvpciMaMv2o/ulUR7MMl/umNkW YpMPYmf7O+6hjzc9yOYOXJEHoSp2/IbkkvZhSkf2YDawB4xecEGdSdap2eMAwzEW6v+VOUjNx E6VXNm2pv7kGcVsIISJwHqEvFCyj8YoVj7KA= X-Spam-Status: No, score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on morse.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (morse.vger.email [0.0.0.0]); Wed, 18 Oct 2023 03:52:05 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1780090224025498579 X-GMAIL-MSGID: 1780090224025498579 With this new flag for bpf cgroup device programs, it should be possible to guard mknod() access in non-initial user namespaces later on. Signed-off-by: Michael Weiß --- include/uapi/linux/bpf.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h index 0448700890f7..0196b9c72d3e 100644 --- a/include/uapi/linux/bpf.h +++ b/include/uapi/linux/bpf.h @@ -6927,6 +6927,7 @@ enum { BPF_DEVCG_ACC_MKNOD = (1ULL << 0), BPF_DEVCG_ACC_READ = (1ULL << 1), BPF_DEVCG_ACC_WRITE = (1ULL << 2), + BPF_DEVCG_ACC_MKNOD_UNS = (1ULL << 3), }; enum { From patchwork Wed Oct 18 10:50:32 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Michael_Wei=C3=9F?= X-Patchwork-Id: 154812 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2908:b0:403:3b70:6f57 with SMTP id ib8csp4701581vqb; Wed, 18 Oct 2023 03:52:53 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEC64AKTgFRrT91UNuBpoTDx5hTsz2Pjo6NtXR4ijy856UHr3HY0FLwjnalzkBz4tn1Ak4b X-Received: by 2002:a17:902:e847:b0:1c0:bf60:ba82 with SMTP id t7-20020a170902e84700b001c0bf60ba82mr4869138plg.5.1697626372871; Wed, 18 Oct 2023 03:52:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697626372; cv=none; d=google.com; s=arc-20160816; b=m6ouIaqosg6/DLNwUGBcJDdrfNlTsPiQMuyAzxX+D2n0f7GteHuZI30yeuE2iE6aDz ImAWIyh20kIqGqIBSPBQySOmKAetH6JfmurZAvLhaF9TGsSyeThQAufdRk3W4eUPPwgW brko/xFpd+foKJ0Ejqu0Wp616eu6485d0Ukpfrs9f9hVJFLQRABB8vrdqATHgkMsXTPw QU1vnWTsxzPsNTeTzTUgEaSJx+AgUXRuoadJRcAqVhJ+ibQmrcX24KiSpZuROr9HZbth rouPFOS/g4I3nq1Rb3G2vgVhaC/Qnp7liFWhy66qnnWGXNFXec9WZ2OJ20CCSFb+y2nQ XfHg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:ui-outboundreport:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=TM3rWZ37iOm/+kXlAfc2yttJ28JWP9yMUE/Bl4wxnbM=; fh=sVVIn897szWoO+H28al5UBPIRGv9RL6uKs2mQbnPU9Q=; b=KY5R8nnGJeYLHO+1Qifzkwf3BI0RHNZg4tKKJsQ2Qr37l7zxuPO0SP5qWR6qJTtHep lvGf163HRGFM7Ids86oDj/W3YPZfKCupqOlxrxCxGoROBHLL6zQKEVW/enm7ZrXyZDmD yaUzbUCcg9dlTqRI34QhWpVgROxBWsCK96jNYo8wnsiuaKUqIjCp0mazObNS/ZD1Iqeu wkh75NkzVicNcb7KLOsp4Z3enkXfrEBkogEwNNpV6lWyEW2XpQ6z9esUc+McxzuTAcw0 1oftAeVECJ+rYkdwm6TtPW6SA322Qqyy3URwgDiBHA0u/AfZvYFL6NZg6sZvT8pIr2aq me0w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from pete.vger.email (pete.vger.email. [2620:137:e000::3:6]) by mx.google.com with ESMTPS id b11-20020a170902bd4b00b001c9de56a7d4si3712849plx.398.2023.10.18.03.52.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Oct 2023 03:52:52 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) client-ip=2620:137:e000::3:6; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by pete.vger.email (Postfix) with ESMTP id B4C4280BA439; Wed, 18 Oct 2023 03:52:50 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at pete.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230057AbjJRKwO (ORCPT + 24 others); Wed, 18 Oct 2023 06:52:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49044 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235038AbjJRKvc (ORCPT ); Wed, 18 Oct 2023 06:51:32 -0400 Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 058E410C; Wed, 18 Oct 2023 03:51:30 -0700 (PDT) Received: from weisslap.aisec.fraunhofer.de ([91.67.186.133]) by mrelayeu.kundenserver.de (mreue012 [212.227.15.167]) with ESMTPSA (Nemesis) id 1MIbzB-1qnFFs3Lb3-00EhG5; Wed, 18 Oct 2023 12:51:05 +0200 From: =?utf-8?q?Michael_Wei=C3=9F?= To: Alexander Mikhalitsyn , Christian Brauner , Alexei Starovoitov , Paul Moore Cc: Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Quentin Monnet , Alexander Viro , Miklos Szeredi , Amir Goldstein , "Serge E. Hallyn" , bpf@vger.kernel.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, gyroidos@aisec.fraunhofer.de, =?utf-8?q?Mich?= =?utf-8?q?ael_Wei=C3=9F?= , Alexander Mikhalitsyn Subject: [RFC PATCH v2 13/14] bpf: cgroup: Introduce helper cgroup_bpf_current_enabled() Date: Wed, 18 Oct 2023 12:50:32 +0200 Message-Id: <20231018105033.13669-14-michael.weiss@aisec.fraunhofer.de> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20231018105033.13669-1-michael.weiss@aisec.fraunhofer.de> References: <20231018105033.13669-1-michael.weiss@aisec.fraunhofer.de> MIME-Version: 1.0 X-Provags-ID: V03:K1:c7boRBZce2o/4oyHXPUGFehTs5JEo4g6y6oz3dtk/Y6oo6Xq1OZ DyXf2R5XCAR9DzvSH64sG4crHyJQcx4oZLXOjTppA/Y29rRBvUthw5BF1I90tp85AhOeaEV c1i9nOH12egtUOHVDUgcg/Jwmabwg9DrnHrEGcJQt4+Qz+rnH1TqlyzQGjfc7d/4VKVcvHk 6AsVvg4MCFwyIP4TKCUZQ== UI-OutboundReport: notjunk:1;M01:P0:3YIXBCIAPsI=;VvwaHwhP8dS0yqCdMME8AKSP4u3 t11wuyWmmbY4TIWIOAk+AMDBYGk87iFjxb0mIzvfGEHhvGxQH7Frw+5HgP4N8v6JfwSTzadTR bY7l7r80uVWW9czZ70/gzjsZzsvRXOt3pFzUtmVsLjqz/Asuvs/jZP4w5wYzRbYf695kiWZz2 ai2fOmzF6kL4CuVbcgG8njL2jcatb7IsEz/88D9Y8CThrR4+BaPcrA8Ui69i/oTEkQzA5dXKM v9On9Q3AL7haTuz262+8HvgNoWyYg8RVD67z6XR7DSEp16hrupaDMwMuB2H9DEF8GesQWATNr WKPlj8R7bSFqNsWtr9MF0OcKJ4T2hfMzHGYl33inbj5lkMHm4aHArxKLle4p4ZenKpTjxJ+Cs AKjTOtB3ZBer8bPQwhDobC4qPB/kst1LezQybTmht5rdmO7rs1bcV1Y0VoxIH8InRbLTXbyCJ pnvnBTSKf8HslIjI2A1+E6IlswwutDjM81ds7L6K6Qgg0Z1pVV2s2V4ynNC22WKCnmJwFBfuo 9upJNxY2uT5d512Hy6X13vSOHXbAWw/VeCx7in1qpMeWtev6mPN3LxYUw9QyqVs1C9WtJLaeX 3b1WGpZEyBNdKvt3WUBhTmYLtqyxGz3FUIItFYaEbkrb6Ck1vXrbY3tziBHnhZPoAh1crM4bQ 624UK5nwJtArRMyNpgpqtNVrO69T81tkHYuD08L9wM/p/Tlwi7ASU7a4LTvFnK/FpmZ7RgVgT D8yHsHwCVreZSedhBfh0LqWTTf4dNsvUorbV6EAgRX6Y9XRhzzSjam1/ZrRnYJKWiUKQuFEye MYGwTUwt4Q3QrwatpTk4/fYjQZ/zvEtpmfOU2kHb5HJ1HgbeJ8IFQyLxUehS4A6qtG0LB60Ae 6BxrnuZmsGObyTg== X-Spam-Status: No, score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on pete.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (pete.vger.email [0.0.0.0]); Wed, 18 Oct 2023 03:52:50 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1780090271620969996 X-GMAIL-MSGID: 1780090271620969996 This helper can be used to check if a cgroup-bpf specific program is active for the current task. Signed-off-by: Michael Weiß Reviewed-by: Alexander Mikhalitsyn --- include/linux/bpf-cgroup.h | 2 ++ kernel/bpf/cgroup.c | 14 ++++++++++++++ 2 files changed, 16 insertions(+) diff --git a/include/linux/bpf-cgroup.h b/include/linux/bpf-cgroup.h index 8506690dbb9c..655697c2a620 100644 --- a/include/linux/bpf-cgroup.h +++ b/include/linux/bpf-cgroup.h @@ -184,6 +184,8 @@ static inline bool cgroup_bpf_sock_enabled(struct sock *sk, return array != &bpf_empty_prog_array.hdr; } +bool cgroup_bpf_current_enabled(enum cgroup_bpf_attach_type type); + /* Wrappers for __cgroup_bpf_run_filter_skb() guarded by cgroup_bpf_enabled. */ #define BPF_CGROUP_RUN_PROG_INET_INGRESS(sk, skb) \ ({ \ diff --git a/kernel/bpf/cgroup.c b/kernel/bpf/cgroup.c index 03b3d4492980..19ae3d037db7 100644 --- a/kernel/bpf/cgroup.c +++ b/kernel/bpf/cgroup.c @@ -24,6 +24,20 @@ DEFINE_STATIC_KEY_ARRAY_FALSE(cgroup_bpf_enabled_key, MAX_CGROUP_BPF_ATTACH_TYPE); EXPORT_SYMBOL(cgroup_bpf_enabled_key); +bool cgroup_bpf_current_enabled(enum cgroup_bpf_attach_type type) +{ + struct cgroup *cgrp; + struct bpf_prog_array *array; + + rcu_read_lock(); + cgrp = task_dfl_cgroup(current); + rcu_read_unlock(); + + array = rcu_access_pointer(cgrp->bpf.effective[type]); + return array != &bpf_empty_prog_array.hdr; +} +EXPORT_SYMBOL(cgroup_bpf_current_enabled); + /* __always_inline is necessary to prevent indirect call through run_prog * function pointer. */ From patchwork Wed Oct 18 10:50:33 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Michael_Wei=C3=9F?= X-Patchwork-Id: 154811 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2908:b0:403:3b70:6f57 with SMTP id ib8csp4701441vqb; Wed, 18 Oct 2023 03:52:25 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGGWgKF+h+tuOLLNUqSzCZpUfxmxS2dnlwqqA5mMmTIhFo9gag1FQHfRbYC6iecHoeWYcQq X-Received: by 2002:a05:6359:740b:b0:166:d97d:c5c3 with SMTP id va11-20020a056359740b00b00166d97dc5c3mr3954391rwb.1.1697626345214; Wed, 18 Oct 2023 03:52:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697626345; cv=none; d=google.com; s=arc-20160816; b=qSCPMeTrj1z+wuU1zXxgP4uXbDRc/BqHdXwopQox/OkPDkJqEi+ByLEOFikubbnQ8o OtaDxedqwmTLtWSWRgB6crucL391hFclzCdXSASoE+SabiuG/ZHnBvqJOd/moMleW5Pl Vf7zQPIsIS/EprI6hw7v7qrq5FyxHBZSvIOsM1n+siMkrGU5CepO50XAglcUyec7CCGp ROnJDACi9RC4YVdtMi5xefr5HoVGNwGt4y2OdfYMNR4yQPFlyPTfY9QPjGiu+zWMuAmO yrh6NX+zDIa803WhIrGffwAkjbO+nWbxIki1eRKZPgxcdjkUrcIe0LJWQpFTdko4+QQH Xlxg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:ui-outboundreport:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=DoBalLWLPB6Ex/PCn/0LGWfZ/GMPhkIwzBLLpsE+xXI=; fh=c4ql7d5QsFreQmYQr7ycbAsMayBEmNUOv2nmR/PVp9M=; b=EuS5a5uPzqy0Ao7dgkGpBO1DQSvrg8stEjAS8Wo71YDMc7SToJfhMi6Ic6zl+Mo2gw cBje4AjX48i/udwgmvyzHfkkBji2l6ipkcW5cWUWe5riXv25k8UIyRKzxXsGU7N/PxOL wM7w3WKC+VYjL4coRkTPTdSn0PUcpYKlKa+V93Bwoel/zw5ADz+kHxequYos7n9LVHKh asqVVS6LKmS/pT1p3U5VDtfZ03R0tKTEsypVo14vVpiABCCNjcrH430KwOmogDs3UUL2 h4cIoxWrY4aWm+4ZCRSSPtilQhcEqTelRE2hMO8thoheWcZm6aoyEtUQ8rqrsbQnLrQ/ 3+3w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from lipwig.vger.email (lipwig.vger.email. [23.128.96.33]) by mx.google.com with ESMTPS id a6-20020aa78e86000000b006bdfb718e16si3498193pfr.80.2023.10.18.03.52.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Oct 2023 03:52:25 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) client-ip=23.128.96.33; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by lipwig.vger.email (Postfix) with ESMTP id A883D8172963; Wed, 18 Oct 2023 03:52:21 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at lipwig.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235180AbjJRKvq (ORCPT + 24 others); Wed, 18 Oct 2023 06:51:46 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48972 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229690AbjJRKvc (ORCPT ); Wed, 18 Oct 2023 06:51:32 -0400 Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2B995FE; Wed, 18 Oct 2023 03:51:28 -0700 (PDT) Received: from weisslap.aisec.fraunhofer.de ([91.67.186.133]) by mrelayeu.kundenserver.de (mreue012 [212.227.15.167]) with ESMTPSA (Nemesis) id 1M2Plu-1qpDK02lgs-003vUA; Wed, 18 Oct 2023 12:51:06 +0200 From: =?utf-8?q?Michael_Wei=C3=9F?= To: Alexander Mikhalitsyn , Christian Brauner , Alexei Starovoitov , Paul Moore Cc: Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Quentin Monnet , Alexander Viro , Miklos Szeredi , Amir Goldstein , "Serge E. Hallyn" , bpf@vger.kernel.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, gyroidos@aisec.fraunhofer.de, =?utf-8?q?Mich?= =?utf-8?q?ael_Wei=C3=9F?= Subject: [RFC PATCH v2 14/14] device_cgroup: Allow mknod in non-initial userns if guarded Date: Wed, 18 Oct 2023 12:50:33 +0200 Message-Id: <20231018105033.13669-15-michael.weiss@aisec.fraunhofer.de> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20231018105033.13669-1-michael.weiss@aisec.fraunhofer.de> References: <20231018105033.13669-1-michael.weiss@aisec.fraunhofer.de> MIME-Version: 1.0 X-Provags-ID: V03:K1:p+Jv7n/tSXj9VOdub/TyRhRZeiciOIbTx11fcWiGi9mKRboHY1V l3Y/axn61Mwfb1USZtNvgmraJ1CvN/YuyhUiM8MPPLLy3N9UcB3qIkXNVazSm0dD2d1J8N7 uPKVlmahAJpd7/TQyOQPb7QixZrgDlGBQnVqsB55vJGRa/srXyHE/FYrh62/Xb6SLAiNIAZ EMgJSuPBLUzKhU2OZ8/jg== UI-OutboundReport: notjunk:1;M01:P0:bWVLZ0m+uHw=;xZezacsXngGcvH0Bz/M7eP4ELMi 4AKs7tVSf04OhugwkXmK4kLGTy79PUmq3E2OhojNEXh7mA/P5Hpkd6Gu0iNxVex7N+b38m1mw VG5DJO61uPkIhhatZiKXD6Vx3zU+0tf3LRFT/ESZuNw5udUo0lkQnujM0x5hWzT0LyrE9+d/b bhjdwEyoyDQQGmcD0CppnWSXW89XpgCccRVLuKCdu4QHEusAaK4MVVDJTGfR01NXZmSjNWjOb ltu5zGJg5ezN8IwQ2hNHvQExD5LjaoTZ+7P4RqikOQc1i9kld9B3P23uCh1tIV8G4zdldqNeg lyBqE5//uO9VydAokKzr3xW9nbaXMMtXLRk7mGYWQdYcrk3HsUQ4TBjUzHNicacwq75pWhbxS 7lBcWLXhK67HHijf88W4b9QMXfQMRzh5X3DN2XItGKVjt7GbFuXNSf+XLYThWQSqztBliLqW5 i/4Hj6LkNwZ4Eud3ros5+f8VhB25d7CCBHPyd5iisNKQK6/KUAgJ5TRp9/ML5g+oWw39N7o+G IOhGCaGWeKEgKHLFxhSt4RPDyAd79tLzKBm/f1ayZmE3jLkXNlI3WWtuLVH4BHMeru1gfnRQL H53jjRvlxHM8oJnEkMFMSVOy1heQJoZdn4L6b/iLuwMS3bthXFxHdR5BMcTZ+aiyXck2IawtF Fv6ynUUeUInBWzpwk9fteyiPvcGHZ6d1lFvMvzlR0+CoeeOHLuHXDmbeoqptZAqR54RdpT0j1 yYmDGKaAf+ECfucMZWyjtBcHEnq5oeAh7poy5o9pnUOVCgwB6JexbEOSsbIPR4G5VqU9fUBGO l2558RO1KZDEekYpURHUWxC7tDkKBFud3PReNx1rcIcp33BT2sCWJ/hBXh//CIptigA+47bzj s8PUNBkPd2dr2ko+XFC1YNa8YlxpfKA4R0w0= X-Spam-Status: No, score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Wed, 18 Oct 2023 03:52:21 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1780090242507047754 X-GMAIL-MSGID: 1780090242507047754 If a container manager restricts its unprivileged (user namespaced) children by a device cgroup, it is not necessary to deny mknod() anymore. Thus, user space applications may map devices on different locations in the file system by using mknod() inside the container. A use case for this, we also use in GyroidOS, is to run virsh for VMs inside an unprivileged container. virsh creates device nodes, e.g., "/var/run/libvirt/qemu/11-fgfg.dev/null" which currently fails in a non-initial userns, even if a cgroup device white list with the corresponding major, minor of /dev/null exists. Thus, in this case the usual bind mounts or pre populated device nodes under /dev are not sufficient. To circumvent this limitation, allow mknod() by checking CAP_MKNOD in the userns by implementing the security_inode_mknod_nscap(). The hook implementation checks if the corresponding permission flag BPF_DEVCG_ACC_MKNOD_UNS is set for the device in the bpf program. To avoid to create unusable inodes in user space the hook also checks SB_I_NODEV on the corresponding super block. Further, the security_sb_alloc_userns() hook is implemented using cgroup_bpf_current_enabled() to allow usage of device nodes on super blocks mounted by a guarded task. Signed-off-by: Michael Weiß --- security/device_cgroup/lsm.c | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/security/device_cgroup/lsm.c b/security/device_cgroup/lsm.c index a963536d0a15..6bc984d9c9d1 100644 --- a/security/device_cgroup/lsm.c +++ b/security/device_cgroup/lsm.c @@ -66,10 +66,37 @@ static int devcg_inode_mknod(struct inode *dir, struct dentry *dentry, return __devcg_inode_mknod(mode, dev, DEVCG_ACC_MKNOD); } +#ifdef CONFIG_CGROUP_BPF +static int devcg_sb_alloc_userns(struct super_block *sb) +{ + if (cgroup_bpf_current_enabled(CGROUP_DEVICE)) + return 0; + + return -EPERM; +} + +static int devcg_inode_mknod_nscap(struct inode *dir, struct dentry *dentry, + umode_t mode, dev_t dev) +{ + if (!cgroup_bpf_current_enabled(CGROUP_DEVICE)) + return -EPERM; + + // avoid to create unusable inodes in user space + if (dentry->d_sb->s_iflags & SB_I_NODEV) + return -EPERM; + + return __devcg_inode_mknod(mode, dev, BPF_DEVCG_ACC_MKNOD_UNS); +} +#endif /* CONFIG_CGROUP_BPF */ + static struct security_hook_list devcg_hooks[] __ro_after_init = { LSM_HOOK_INIT(inode_permission, devcg_inode_permission), LSM_HOOK_INIT(inode_mknod, devcg_inode_mknod), LSM_HOOK_INIT(dev_permission, devcg_dev_permission), +#ifdef CONFIG_CGROUP_BPF + LSM_HOOK_INIT(sb_alloc_userns, devcg_sb_alloc_userns), + LSM_HOOK_INIT(inode_mknod_nscap, devcg_inode_mknod_nscap), +#endif }; static int __init devcgroup_init(void)