From patchwork Wed Oct 25 09:42:11 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Michael_Wei=C3=9F?= X-Patchwork-Id: 157970 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce89:0:b0:403:3b70:6f57 with SMTP id p9csp2479179vqx; Wed, 25 Oct 2023 02:44:34 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGNcmL+iCjKzO9lR8LXGC/n8w0oT/HfVN6sk2g6BrOrgNl6BSQzuUS9BicDbV1Ws2tPRFjk X-Received: by 2002:a05:620a:4144:b0:773:f6b6:4085 with SMTP id k4-20020a05620a414400b00773f6b64085mr14787353qko.54.1698227073954; Wed, 25 Oct 2023 02:44:33 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1698227073; cv=pass; d=google.com; s=arc-20160816; b=MIvkpSWNPTtvNm+HNQM6f886tlt1WESGgyizvBIp1cQhrwoBpfp2VOv6iI6Q30JX9h 0AMTb+EX5Qzj9UA8WOhgxuuKazmxmvGHxTYjAC9SMhucXzs4lPnCZZ99QRr0/1t0T3zQ +oxle5l5+w0t+jHCojNuYrVYTHcmMY8iB2Kl1iF3+4ZsRhBJOFs/OpvI9nljLaokalm8 ZREyD96/OvRo/XUHyRSN/XrzxSHuWFcmJ7YDP4PnZhtGTUy7P6Evvver0xeSeee1xu/8 CeytluGzkAq95LLkbLnFdfEJJ4Xwk8LjZqvZLD3bVQX2cgxA1Geiwosuvk6VonmAeZsT B0jQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:content-transfer-encoding :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature:ironport-hdrordr:ironport-data:ironport-phdr :ironport-sdr:ironport-phdr:dkim-signature; bh=pmItj7lkIwuhol2iM4hM9jx316V5JBguShsE59bVwBM=; fh=U9u/esc0XBb8N/pVu7kudxJPwEQ0AyrThcmR2LpYyxQ=; b=F8stgzEe5D0XeWLQmLdzpt6EnDyLqD8misHFtqUx5b09TkKc4xGyUKllWqkeEKYWUg iDYVut4/4T06w2h2mvJM8MlSgx8MoljOCvyMGDjUJXJtPn+R0LhuaLAqxo7J2KvNCaJS h7dodf8/hwZY03jE02qx2ZLRG9TdPSnK5b4SlQUbV4fFTzTN2FV5fiARQs5r1DvKX27K DJro5qwa/b91IWz9Ppbfqr+w95BgpJu1UAysVhHOtz8vY0d/2Wn4F/31/vALeBKOW/9O ytB0AKh83qxLZoy+DHhQtcoIJfuAml6psdqNtI3KFX6qEcL1m2CIlwYDJNkGOZ/0W8cs mEVg== ARC-Authentication-Results: i=2; mx.google.com; dkim=fail header.i=@aisec.fraunhofer.de header.s=emailbd1 header.b=VsImCdJ5; dkim=pass header.i=@fraunhofer.onmicrosoft.com header.s=selector2-fraunhofer-onmicrosoft-com header.b=KWzJjcuK; arc=pass (i=1 spf=pass spfdomain=aisec.fraunhofer.de dkim=pass dkdomain=aisec.fraunhofer.de dmarc=pass fromdomain=aisec.fraunhofer.de); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from morse.vger.email (morse.vger.email. [23.128.96.31]) by mx.google.com with ESMTPS id 72-20020a25044b000000b00d9cb8051da7si9564070ybe.129.2023.10.25.02.44.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Oct 2023 02:44:33 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) client-ip=23.128.96.31; Authentication-Results: mx.google.com; dkim=fail header.i=@aisec.fraunhofer.de header.s=emailbd1 header.b=VsImCdJ5; dkim=pass header.i=@fraunhofer.onmicrosoft.com header.s=selector2-fraunhofer-onmicrosoft-com header.b=KWzJjcuK; arc=pass (i=1 spf=pass spfdomain=aisec.fraunhofer.de dkim=pass dkdomain=aisec.fraunhofer.de dmarc=pass fromdomain=aisec.fraunhofer.de); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by morse.vger.email (Postfix) with ESMTP id 52712801F896; Wed, 25 Oct 2023 02:44:30 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at morse.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234673AbjJYJoN (ORCPT + 26 others); Wed, 25 Oct 2023 05:44:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39066 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232808AbjJYJoJ (ORCPT ); Wed, 25 Oct 2023 05:44:09 -0400 Received: from mail-edgeka24.fraunhofer.de (mail-edgeka24.fraunhofer.de [IPv6:2a03:db80:4420:b000::25:24]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B9009DC; Wed, 25 Oct 2023 02:44:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=aisec.fraunhofer.de; i=@aisec.fraunhofer.de; q=dns/txt; s=emailbd1; t=1698227046; x=1729763046; h=from:to:cc:subject:date:message-id:in-reply-to: references:content-transfer-encoding:mime-version; bh=UvaaY0D2++qOD/ii0lqFtjoizSxctX+kms0LuYLxRQU=; b=VsImCdJ5NwKF2bDq+rZwfYe/sw24G3hauGr+3+QMJPW3tjC/ed2t/cM8 C5isAB9PI4ShWT7hGGi+jv4Zg7rKm62WbyaN+F/Dvp7ZQhZ6afmV4bY63 wL2UTQ33gci3MDevVrmcjwYdJ7UpAM2tOEh1mw4MI89oUeNg2mtGdm0ln 6oMH0Ov2z5r8Xnespabh0O91OEPma566i9RtBa77b6c10NLDBZwnGb2ci e6j0jfqz+D5wlFxGwXYw/MbJ/L4XOce6G/1C6xMU9xFMX4jsFbvTNpeNi /XXeIT+N8IKQ4gxKIgVjz91iIqt+3F/FIVUaShjFqsSEi9AtYVIbkvSv9 w==; X-CSE-ConnectionGUID: UsCzEJH8QGKJVSbJ/d1qnQ== X-CSE-MsgGUID: 1t6KDezzSF2yxEQnL9FvCw== Authentication-Results: mail-edgeka24.fraunhofer.de; dkim=pass (signature verified) header.i=@fraunhofer.onmicrosoft.com X-IPAS-Result: A2ElAABB4jhl/xwBYJlaHAEBAQEBAQcBARIBAQQEAQFAgTsHAQELAYI4gleEU4gdiUGcKiqBLBSBEQNWDwEBAQEBAQEBAQcBAUQEAQEDBIR1CgKHGic0CQ4BAgEDAQEBAQMCAwEBAQEBAQECAQEGAQEBAQEBBgYCgRmFLzkNhACBHgEBAQEBAQEBAQEBAR0CNVQCAQMjBAsBDQEBNwEPJQImAgIyJQYBDQWCfoIrAzGyGH8zgQGCCQEBBrAfGIEggR4JCQGBEC4Bg1uELgGENIEdhDWCT4EVNYEGgT5vhAYEHy+DRoJogVaCH4UAPAcygiKCejUpg0Vph1CBAUdaFhsDBwNZKhArBwQtIgYJFi0lBlEEFxYkCRMSPgSBZ4FRCoEDPw8OEYJCIgIHNjYZS4JbCRUMNQRJdhAqBBQXgRFuBRoVHjcREhcNAwh2HQIRIzwDBQMENAoVDQshBVcDRAZKCwMCGgUDAwSBNgUNHgIQLScDAxlNAhAUAzsDAwYDCzEDMFdHDFkDbB8aHAk8DwwfAhseDTIDCQMHBSwdQAMLGA1IESw1Bg4bRAFzB51NgXouRVg2AYE8PF8Rlh0BjBiiYQeCMYFeoQkaM5crkk8umA4goj6FSgIEAgQFAg4IgWOCFjM+gzZSGQ+OIAwWFoNAj3t0AjkCBwEKAQEDCYI5hjWCXQEB IronPort-PHdr: A9a23:JpXXBhHZqhiouQJblQvDn51Gf3BNhN3EVzX9l7I53usdOq325Y/re Vff7K8w0gyBVtDB5vZNm+fa9LrtXWUQ7JrS1RJKfMlCTRYYj8URkQE6RsmDDEzwNvnxaCImW s9FUQwt5CSgPExYE9r5fQeXrGe78DgSHRvyL09yIOH0EZTVlMO5y6W5/JiABmcAhG+Te7R3f jm/sQiDjdQcg4ZpNvQUxwDSq3RFPsV6l0hvI06emQq52tao8cxG0gF9/sws7dVBVqOoT+Edd vl1HD8mOmY66YjQuB/PQBGmylAcX24VwX8qSwLFuQn/f4vz7S/5l/Vg2C6eZ8zTEbARCDayt P41dkLKoigaDD4i3TyGgPJvpocO83fD7xYq4LHGQoOeKdlYIoHwJpAodXcYWstrZTxBBYH7N YQFMuEeZNgIgdTmrBxWhze1NAi2AvPmywJHmXn5+vML0bgYNRqZxyYaDdg/lC7W8enRZIAZf +qtyfiZlx/9a8176zPlsITMaE54h9a9Bapfa+z61UMUHQCVsnqAjqP5HWqpxNhSoS+488w/X s2hkzQYjAx2pRu16J89qoP1uLoPlEL+0ihUkZYPLvq/R2xwNI3sAN5RrSacL4xsXoY4Tnp1v Dpv0rQdos3TlEkizZ0mw1vSZ/OKcIHSvlTtTu+MJzd/in9/Pr6y1F6+8kmln/X1TdL8kE1Lo SxMjsTWuzgT2gbS5MmKRro1/kqo1TuVkQGGwu9eKF0yla3VJoRnxbg1l5EJtl/EEDOwk0Lz5 JI= X-Talos-CUID: 9a23:vX7no2PAj5FiUO5DZTJM5mM2OpAcXV7/8kzaAQi0UH9vcejA X-Talos-MUID: 9a23:qHyVKARTOcVEJvbQRXS1mG9BGMp68Z+AUlEdvKwAn5iqKwdvbmI= X-IronPort-Anti-Spam-Filtered: true X-IronPort-AV: E=Sophos;i="6.03,250,1694728800"; d="scan'208";a="1802487" Received: from mail-mtaka28.fraunhofer.de ([153.96.1.28]) by mail-edgeka24.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Oct 2023 11:42:56 +0200 IronPort-SDR: 6538e31e_SVkz+WtSrnIdaVjRtAd2dn2jlB4LrnOoT69w0XC6kpFrx50 ga2osAWbubpX5I0u/WiqWUdKZjdLJs1govSjWdA== X-IPAS-Result: A0A8AAC94Thl/3+zYZlaHAEBAQEBAQcBARIBAQQEAQFACRyBFgcBAQsBgWZSB4FLgQWEUoNNAQGETl+GQYIhOwGcGIEsFIERA1YPAQMBAQEBAQcBAUQEAQGEfAoChxcCJzQJDgECAQECAQEBAQMCAwEBAQEBAQMBAQUBAQECAQEGBIEKE4VoDYZNAgEDEhEECwENAQEUIwEPJQImAgIyBx4GAQ0FIoJcgisDMQIBAaUwAYFAAosifzOBAYIJAQEGBASwFxiBIIEeCQkBgRAuAYNbhC4BhDSBHYQ1gk+BFTWBBoE+b4QGBB+DdYJogVaCH4UAPAcygiKCejUpg0Vph1CBAUdaFhsDBwNZKhArBwQtIgYJFi0lBlEEFxYkCRMSPgSBZ4FRCoEDPw8OEYJCIgIHNjYZS4JbCRUMNQRJdhAqBBQXgRFuBRoVHjcREhcNAwh2HQIRIzwDBQMENAoVDQshBVcDRAZKCwMCGgUDAwSBNgUNHgIQLScDAxlNAhAUAzsDAwYDCzEDMFdHDFkDbB8WBBwJPA8MHwIbHg0yAwkDBwUsHUADCxgNSBEsNQYOG0QBcwedTYF6LkVYNgGBPDxfEZYdAYwYomEHgjGBXqEJGjOXK5JPLpgOIKI+hUoCBAIEBQIOAQEGgWM8gVkzPoM2TwMZD44gDBYWg0CPe0EzAjkCBwEKAQEDCYI5hjWCXAEB IronPort-PHdr: A9a23:T9zkzh+Bs0AUef9uWWy9ngc9DxPPxp3qa1dGopNykalHN7+j9s6/Y h+X7qB3gVvATYjXrOhJj+PGvqyzPA5I7cOPqnkfdpxLWRIfz8IQmg0rGsmeDkPnavXtan9yB 5FZWVto9G28KxIQFtz3elvSpXO/93sVHBD+PhByPeP7BsvZiMHksoL6+8j9eQJN1ha0fb4gF wi8rwjaqpszjJB5I6k8jzrl8FBPffhbw38tGUOLkkTZx+KduaBu6T9RvPRzx4tlauDXb684R LpXAXEdPmY56dfCmTLDQACMtR5+Gm8WxwJNIhTHsxX5f4jssiz+7OtYhCm/bM/mFulqZ2mAx ah2cx/zpXpWPQAm2kSC2akSxKgOgy2zhR503q3yPKO4b7lMTr6Eed4gd3pBWcQWDSNLP4ijN rVfIbcaNqEAhaX2lloUqwu3BDSjG+Xg7WF5hCPP+bZlyM4bAwv3+FYiQu4q4FPfgt/tMfZDC 8qLyJfl/zHbN/9Sw2mkzq/5KggOu9enQbhLe8mB9WY/MCzZrAysu7C6LXS2ysJSuEeV97Bfc u+ojE09hVlggjKT+P821JvzoY84m0D+/gJ+z6Q+cI7wWAt6e9miCJxKq2SAOpBrRt93W2hzo 3VSItwuvJe6eG0P1J0E7kSPLfKdepWO4hXtWfzXLTorzH5mebfqnx+p6gDg0ezzUMCozUxH5 jRIiNjCt30BllTT58GLR+E7/xKJ1yyGygbT7e9JOwYzk6/aIIQm2bk+itwYtkGrIw== IronPort-Data: A9a23:8yiHTauzQGnb6CCvG9drr9cStOfnVNJaMUV32f8akzHdYApBsoF/q tZmKTyAa/qLNDGnKoh0a9629UJXsJSDzdFrS1NprSg8FHsWgMeUXt7xwmUckM+xwm0vaGo9s q3yv/GZdJhcokf0/0vraP67xZVF/fngbqLmD+LZMTxGSwZhSSMw4TpugOdRbrRA2LBVOCvT/ 4upyyHjEAX9gWUtajhJs/vrRC5H5ZwehhtI5jTSWtgW5Dcyp1FNZLoDKKe4KWfPQ4U8NoZWk M6akdlVVkuAl/scIovNfoTTKyXmcZaOVeS6sUe6boD56vR0Soze5Y5gXBYUQR8/ZzxkBLmdw v0V3XC7YV9B0qEhBI3xXjEAexySM5Gq95f8HGmmq8K91nHdcl21/LY3KF4xGdUhr7Mf7WFmr ZT0KRgWawybwe+my7L9RPNlm8IjK8fmJsUTtxmMzxmAUK1gEM+FGvqbo4YCg1/chegWdRraT 88YYjpmYRCGfBBOIUw/AZMlkezuiGP2bjtYr1yYv+w77gA/ySQoi+W1b4WEI4fiqcN9w0uF/ 3yZw33FXz5ZZYCHwHm1yVX8ibqa9c/8cMdIfFGizdZjhFCDz2ofBQc+UFq7qP24gV+4HdlYL iQ88DAnsK4/7mSoQ8P7Uhn+p2SL1jYVQMZ4EOAg7gyJjK3O7G6xHmEZShZZYcEi8coxQiYnk FSOmrvBCTVpsbCRYXOa+bqdtzm1KW4TIHNqTSYCQREE4vHgrZs1gxaJScxseIawh8fpGDe2x zmXhCw/gagDy8IGyc2T5lfBjBqvq4LPQwpz4R/YNkq07hhRaoTjbIutgXDZ6vZGaoiQVUWIt nUCl+CR6ekPCdeGkynlaOYVB7Cv6PatMzDGh1NrWZ47+FyF4HKtVY9X5z56KQFiNcNsUT/gZ 0vOvite45hcOHbsZqhyC6qzDMAxxIDjGM7jW/SSacBBCrBoaQKB4CBoTU+L2H7klEUqjec0P pLzWditF3EyG6lhzSTwQ+YbzK9twToxg37QLbj+zhej1qG2f2yYU7oJMR2Oc4gR5aaFulqO8 tJ3OM6DyhEZW+r7CgHM/JQcIHgKJHw/FJawoMtSHsaJOgROBm4sEbnSzKkndogjmL5a/s/M/ 3egSgpbxUD5iHnvNwqHcDZgZanpUJI5qmg0VQQoPFC1yz0teoqi8qobX4U4cKNh9+F5y/NwC f4fdK297u9nE2mcvmVCKMCi/ck7LkvtmwfINGyrejEieZ5nSQHTvNPpFufyyBQz4uOMnZJWi 5WuzArGR5oESQl4SsHQbfOk1VSqunYB3ul1WiP1zhN7Iy0AKaA7enCjvex9OMwWNxTIyx2T0 gvcU19SpvDAr8VxuJPFjLyN5dXhWeZvPFtoL0+C55aPNA7e4jWCx61EW722Zjzzbj7/15ijQ uR39MvCFsM7smxEiKdGKIYz/5kCv4Pug5R40jVbGG76agX3K7F4fViD88p9loxM4b57uQKGf Ea+64RfMrCnYcngEEAjITQ0SuG50dAVhTjgwvAnK2rq5CJM3eSmUGcDGzKumSBiPL9OH4d9+ tgYuekS8B2ZthomFv2knxJk3T2AAVJYWpp2q6xAJpHgjzQa721rYLveO3fQ246OYdAdCXsaC GaYq4SajosN23eYVWQ4EEXM+u9vhZ4unhRu531aLnSrnuv1vNMG7Cdzwx8WEDsMlg5m1thtM FdFL0d2fKWC3wl5jfh5AlyDJVtzOw27yGfQlX0yi2zrf2u5XDfsLUo8G9q30mI3zmZ+RgVfr ZakkDvLcDCyZ8zg/DoAaWg8odzZcNFB3AnjmsemIse7I6cHcQfV2q+AWUdYqj/MI98Au0ncl Ow7oMdycfLaMAATkY0aCq6b96YaeCqbAGl8HcA78747G0PcdA7v3jLUGUS6e55OFcfr6m69M dRlfehUZiS91QGPjzEVPrENKLlKh8wU5MIOV7foBGweuZ6dk2ZZi43R/S3Am2MbedVivsIjI If3dTjZMGivqVZLum3K9u9oB3GZZIQaWQjCw+yFyuUFOJYduuVKc0tp8L+VvW2QATR37SCvo wLPSK/H/dNMkb02sdPXLZxCIAGoJffYdueCqlmzuusTS+L/C57FsgdNp2T3OwhTA6AqZO12s rawq//y4lLOuecncmLemqTZLZJz2+eJYLN1PP70fV5gpgnTfO/34hAGxXK0FowRrvNZ+fucZ lWZbOmeSIcrfulzlVNpbxpQKRI/M5jMT7zBoHq9psucCxJG3g3gKsimxEDTbmpaV3EpPrPmA VXKudKr1MFpnLpRDTBVAsNWIoJKD2LifYAEdNTBkyaSIUf1o1GFu5rkzQEB7xOSAFa6Mc/K2 7D3bTmgSwaT4YbmlMp4ta52tT0pVEdNu/E6JB8hyoQnmgKEA34jBsVDF5c/U7V/sDH4jbP8b xHzNFoSMz33B2l4QE+t8ebYf1mtA8IVMY3EPR0vxUSfbhm2CK6mALdM8iRB4W98SgD8zdOIe M0vxXntAiefmp1ZZ/4fxvies9dVwvn3wnEp+0ekt+fQBx0YI6sB1V0/PQ5reBHELfrwlxTwF TBofVxHfUC1dxegW4IoMXtYAwoQsz7T3i0lJ3XHisrWv4KAivZM0rvjMuX0yacOd9kOOKVIf 37sWm+R+CqD7xT/Y0fyVw4B2seY0c62I/U= IronPort-HdrOrdr: A9a23:+VWDVqxUEyFSRGE7w46oKrPwQ71zdoMgy1knxilNoH1uH/Bw+P rPoB1273XJYUgqOU3I8OroUMK9qBjnmaKdj7N/AV7bZmfbhFc= X-Talos-CUID: 9a23:lv5xrWtlwCJjhTKtiA+iUKq+6IseT2zE1nn+OnOjCEAwd/7MbUCX3Ptdxp8= X-Talos-MUID: 9a23:4rSwYQXvqHGbY6Pq/GLhmWh8a/tx3/mBSxFRiZxFi/KjZSMlbg== X-IronPort-Anti-Spam-Filtered: true X-IronPort-AV: E=Sophos;i="6.03,250,1694728800"; d="scan'208";a="135077913" Received: from 153-97-179-127.vm.c.fraunhofer.de (HELO smtp.exch.fraunhofer.de) ([153.97.179.127]) by mail-mtaKA28.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Oct 2023 11:42:53 +0200 Received: from XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) by XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.27; Wed, 25 Oct 2023 11:42:53 +0200 Received: from DEU01-FR2-obe.outbound.protection.outlook.com (104.47.11.168) by XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.27 via Frontend Transport; Wed, 25 Oct 2023 11:42:53 +0200 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=aZg46aljA1ZaPrmZW/IC1pQ37bPo6dOeNAYiyEhk7Yb18JkWQ5nRUeIPxnJBXlqJCUk3C7hZc2g5fkP9jiG2pl/bW2IFOEFwuiYFMrzmkcDryf5xbAYCVKd3ZGzuONkC4cnMo04hSaQoXueO+3TlUJgbvrawKHFRcreAAYs64VH0PacCBO53Zb2+9OhTChggiU/ZfgYy1AF0v+m2m9LCfnPdEkoyv2fnGmncgCACaajXkMlJjIom8YhCCFbQ/MZwClz1vNlazILy+mhDdKwhyU+G+0972Ack3gn+7GGzYiVp8VpLAdIfSUWa9MzF5xSNDT/iE9LoKRO+0cCbiRmcgg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=pmItj7lkIwuhol2iM4hM9jx316V5JBguShsE59bVwBM=; b=TmbAU09A9UN1rkR1oorAJvbs2SxyIBSsecpmG9kjjA3TiL0g2qdq+VsTNknHkkVwJs9zjjtTZj5XNkV42D9GdLBLOLGhiOlL+2ttDYA7FIfEoA86TzLpF/rXy9RxTq6lwVapzPhXCRhTQEcyzKExA1gP6vDGKGJt/ZGcfzt040+GIpLtlDbvuBv8mAG+NkTkTSYiKhh/AlyvV7wAViNntRg6wE9fHpPD/Pxk8fHsgB8N113Y2pzkW9veqFP47DCPDaap+SNEQc/C4uQFYZvFWrlE20kwpZOaWP0mtBF56TjqqreceUcK3B6bi1wNsAqk1mpKkvMuSCwZnT9c8lNXxQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=aisec.fraunhofer.de; dmarc=pass action=none header.from=aisec.fraunhofer.de; dkim=pass header.d=aisec.fraunhofer.de; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fraunhofer.onmicrosoft.com; s=selector2-fraunhofer-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pmItj7lkIwuhol2iM4hM9jx316V5JBguShsE59bVwBM=; b=KWzJjcuKN4JE3+ZXu1leRZxhoj/2gbUcw1V8F5sc/0BDcYirnxaiUgwngO6Yj4QLs7sBRzbYL2j5TL8OcFbpm992BVlVEZlp0dlr61NOY0pGrNCtbSbk8TGxOGtJ1TzT7z/KtN7cGfp2WOeooKrF0yHbTVPr6zROeE9xRcOogJc= Received: from BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:50::14) by BEZP281MB1814.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:5a::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6907.33; Wed, 25 Oct 2023 09:42:52 +0000 Received: from BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM ([fe80::7330:78f8:1bf2:2f4d]) by BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM ([fe80::7330:78f8:1bf2:2f4d%5]) with mapi id 15.20.6933.019; Wed, 25 Oct 2023 09:42:52 +0000 From: =?utf-8?q?Michael_Wei=C3=9F?= To: Alexander Mikhalitsyn , Christian Brauner , Alexei Starovoitov , Paul Moore CC: Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Quentin Monnet , Alexander Viro , Miklos Szeredi , Amir Goldstein , "Serge E. Hallyn" , , , , , =?utf-8?q?Michael_Wei=C3=9F?= Subject: [RESEND RFC PATCH v2 01/14] device_cgroup: Implement devcgroup hooks as lsm security hooks Date: Wed, 25 Oct 2023 11:42:11 +0200 Message-Id: <20231025094224.72858-2-michael.weiss@aisec.fraunhofer.de> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20231025094224.72858-1-michael.weiss@aisec.fraunhofer.de> References: <20231025094224.72858-1-michael.weiss@aisec.fraunhofer.de> X-ClientProxiedBy: FR4P281CA0420.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:d0::17) To BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:50::14) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BEZP281MB2791:EE_|BEZP281MB1814:EE_ X-MS-Office365-Filtering-Correlation-Id: 89133558-01a2-4e78-1f3b-08dbd53ec219 X-LD-Processed: f930300c-c97d-4019-be03-add650a171c4,ExtAddr X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: ScFY5SICWCi5VFR/ImqkvuiYTw7WuAsZjcHU4ycButAE4UsGUtOUynM1i7j41xF0+Z4Vfkmf6j5yXgNxKZqXJr7QrByiwAAtvDit802SR4mbqDe+y9veuXUTaSH9M7E9Lb4yyH441q+FQO5ZH/rqkGyYKm4yMjCmgT2KViaNu86YiDZRh76brPpdQTPGfA799WPxaOpn3S7agnRED79/m/4uxdoF2ODtfD9VdfyZgUIUiMYH9enVndYo8Ylma/8sPqI4qY+wLgTu5AuIbwZ8kenbOds2qw2x0H//1olC7mbommm7uQo3m3fybeLu++JEJHPaGeWMMyCgY6ptY7OBcyTS4MTmqnAYjsK0mmKuuEJkbR0WijtCugm/ft8Pkvn/GumY5QZ/0vjXSyDqqHmMY3dppHhGYxX/PVvlsK5TPS9wTwKErBkFPQEoWLwXG0mlhoYAzr4F69ToacOu85tj/ra+3uRvPhX1om6rMOlURkAIJN1d21IHgK5XchMudbPn66BvVNe/B02tBWFK54YHGlchzbIOfKm+LBHu8Smuf1mkI7UUh7FUUlse3mY0ZgJHc5Q9hz0RUm2pU7x1VHUmh9XHkZFKmxAb6Cp1E1yVtUk= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230031)(136003)(376002)(346002)(396003)(366004)(39860400002)(230922051799003)(186009)(1800799009)(451199024)(64100799003)(110136005)(38100700002)(41300700001)(2906002)(7416002)(86362001)(5660300002)(15650500001)(8676002)(8936002)(4326008)(6666004)(6506007)(478600001)(107886003)(54906003)(1076003)(82960400001)(66476007)(66946007)(316002)(66556008)(2616005)(83380400001)(6512007)(6486002)(52116002);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?ETjrZ5w+YGVamEwcY1h1OWNHR4Y1?= =?utf-8?q?q05QFSAMzQlpgZNHoFAjLKukJ1OBF/6npKCPs5gqzuN8irruVizDjMzYhj1Bl/XHZ?= =?utf-8?q?09MyMfueOBamv/Xc2ZT8hw8Yi1TGW11Qm1+Lr8mzB3FCybgGFgpwdIt7WorA/ReIx?= =?utf-8?q?rA9fvSTMygeXqbQz2acPB65f10VH23jBpF/Xk2tOILuf7nd7KUVoc6Foucf7CrvkK?= =?utf-8?q?+X0x8D36Rn+0GM2TEdl4raty0xxfKVLGkF52Gf4DJWCqSrE3d+nByHg90yLdMqbvO?= =?utf-8?q?N+1ITZ3atq2fGVWymgb0zpcjQ2fWIdG0f4Qlqn6PVFbUC9CcGtsgzXa6XAF7YWFog?= =?utf-8?q?myownr1v/SFE5SoyXs5Cv4kw4X3H8jnCMqEL6H2SKmWZyV2jqZr4PNHo+ZUEiXZ16?= =?utf-8?q?9KFPLWQW/yZbM1qlOF083sqZ73JWXTzro5kRk9eqBU4lzGGni4AV7qAWEd2yqbCvS?= =?utf-8?q?SdAaO8WQs23bhmA+55FXjg4zOGu1VYskkPY15qlep+H1tpxYCbaCSzu6ntD744O/G?= =?utf-8?q?DnL//mWZHjYZliNwL58Z+flbgsOzs8EjBbLAjdAwRD4p/b+xJiUoD9N95pgbDnVb0?= =?utf-8?q?C9EkhfMuXt3xALwZN7hT8Gi5qm4VGuWheM7Ot2Iu6+1RhyokPg5dk/ZTmaXArf5UW?= =?utf-8?q?y3TP9B5Y/TKKZmJxIsWqxkm5a/tvnccA+JxcWZM32Xnt3DtGCNjKPnF+Eb9PoTvww?= =?utf-8?q?RrMxDC1aUFehyIoneeBWL0+epgrcSwa+6lrEuxyIwijX9Ul5th+8jcCIdJpPdjcIz?= =?utf-8?q?C+VKH1UoosO3Drhf41yegM6X2BwXxcbS6zFihIp/KrD2BTQS9+MPs623DmPAAcPuR?= =?utf-8?q?OCivWP+rRVVEkMpQMgUAKFEZVmjiQiqd3da6jmI2fsNnONp8GOx4f3JRoZSYyXIOM?= =?utf-8?q?zfIjJopeO7sk06gHp8Gw8dO4TX5V+LfrB2ohn+TmcGIsA1Yyz4lptRu+as8YI2cwp?= =?utf-8?q?gOZA7Le/kP6x159ydC2SN+eQ2ybS4r+K+omkj6uWpzTUR4Mhsnhkf3Bnq7hlBYiFv?= =?utf-8?q?odJdTfKAjm3YkkLJWH92rnqPnKsrZtMt/jJu+eXWRUIsZwecjDIk7C6VMrE5Usbv/?= =?utf-8?q?f7vgzabxqkvpdg+GO0jnQjbU1pYxKMCiTnin/Fa59dJoUmv5OIdIBCk87S7hRVK0+?= =?utf-8?q?BAQuMLg3h6j22y4bhyNgaKGJAuq8O4zGD4lDZMwvxfqOP3cC1Uhjq4NpXUNAyHNX4?= =?utf-8?q?b5dUzLWi46qwgy02xcTS/YMLtXSQOwbvrpdckKhlj9nxqMp/4I13H4tas5rCj9KnR?= =?utf-8?q?UkCfDPnKEqi2TIwjJNofT/eiCtlfGpQGEUijjwD+kMdyHaomEblL8w2f2k1egTzBp?= =?utf-8?q?wC6xqeQRLO+Tk7FcqGSNgxlTHTxogyOYPPaxrW6SAoozEayu/3WhawLpj8u25kFrA?= =?utf-8?q?UDoDwHn7JZQ/3XQOFz8T1I8Pki/WekC93KYLbfcc49a2F7jnzvODHQVADJD0wo+mx?= =?utf-8?q?ALlxStiTH/oeddROi48rqP+145kEeIsH9d0/EQJYVwrfv1tCRtXzggrPT3Z4Lbs9G?= =?utf-8?q?vPnhm16s98n5qaHgb3U/E2Gq2XsZUbEVRI83PEpwj4783t1KEFlUqQ+85vNz939Ht?= =?utf-8?q?TjoH8gro8dIZXCGdwUxECxOFGZpWOaGUeix6uNQ6PP3n6FItHoUcbI=3D?= X-MS-Exchange-CrossTenant-Network-Message-Id: 89133558-01a2-4e78-1f3b-08dbd53ec219 X-MS-Exchange-CrossTenant-AuthSource: BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Oct 2023 09:42:52.5908 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f930300c-c97d-4019-be03-add650a171c4 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: wlB/ngqRoJJyjF/5UCmh/JKp5moB6LgnBl4R8bHyIafHah6+J7SNpaeY5ijT5sLxwe3doTiQ/R1+uHMPq+U5YmFrLEeWQ8ni/amBa8Z5haZid0526YfrjPUm9Ml0hovX X-MS-Exchange-Transport-CrossTenantHeadersStamped: BEZP281MB1814 X-OriginatorOrg: aisec.fraunhofer.de X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on morse.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (morse.vger.email [0.0.0.0]); Wed, 25 Oct 2023 02:44:30 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1780720152312679354 X-GMAIL-MSGID: 1780720152312679354 devcgroup_inode_mknod and devcgroup_inode_permission hooks are called at place where already the corresponding lsm hooks security_inode_mknod and security_inode_permission are called to govern device access. Though introduce a small LSM which implements those two security hooks instead of the additional explicit devcgroup calls. The explicit API will be removed when corresponding subsystems will drop the direct call to devcgroup hooks. Signed-off-by: Michael Weiß --- init/Kconfig | 4 + security/Kconfig | 1 + security/Makefile | 2 +- security/device_cgroup/Kconfig | 7 ++ security/device_cgroup/Makefile | 4 + security/{ => device_cgroup}/device_cgroup.c | 0 security/device_cgroup/lsm.c | 82 ++++++++++++++++++++ 7 files changed, 99 insertions(+), 1 deletion(-) create mode 100644 security/device_cgroup/Kconfig create mode 100644 security/device_cgroup/Makefile rename security/{ => device_cgroup}/device_cgroup.c (100%) create mode 100644 security/device_cgroup/lsm.c diff --git a/init/Kconfig b/init/Kconfig index 6d35728b94b2..5ed28dc821f3 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -1111,6 +1111,8 @@ config PROC_PID_CPUSET config CGROUP_DEVICE bool "Device controller" + select SECURITY + select SECURITY_DEVICE_CGROUP help Provides a cgroup controller implementing whitelists for devices which a process in the cgroup can mknod or open. @@ -1136,6 +1138,8 @@ config CGROUP_BPF bool "Support for eBPF programs attached to cgroups" depends on BPF_SYSCALL select SOCK_CGROUP_DATA + select SECURITY + select SECURITY_DEVICE_CGROUP help Allow attaching eBPF programs to a cgroup using the bpf(2) syscall command BPF_PROG_ATTACH. diff --git a/security/Kconfig b/security/Kconfig index 52c9af08ad35..0a0e60fc50e1 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -194,6 +194,7 @@ source "security/yama/Kconfig" source "security/safesetid/Kconfig" source "security/lockdown/Kconfig" source "security/landlock/Kconfig" +source "security/device_cgroup/Kconfig" source "security/integrity/Kconfig" diff --git a/security/Makefile b/security/Makefile index 18121f8f85cd..7000cb8a69e8 100644 --- a/security/Makefile +++ b/security/Makefile @@ -21,7 +21,7 @@ obj-$(CONFIG_SECURITY_YAMA) += yama/ obj-$(CONFIG_SECURITY_LOADPIN) += loadpin/ obj-$(CONFIG_SECURITY_SAFESETID) += safesetid/ obj-$(CONFIG_SECURITY_LOCKDOWN_LSM) += lockdown/ -obj-$(CONFIG_CGROUPS) += device_cgroup.o +obj-$(CONFIG_SECURITY_DEVICE_CGROUP) += device_cgroup/ obj-$(CONFIG_BPF_LSM) += bpf/ obj-$(CONFIG_SECURITY_LANDLOCK) += landlock/ diff --git a/security/device_cgroup/Kconfig b/security/device_cgroup/Kconfig new file mode 100644 index 000000000000..93934bda3b8e --- /dev/null +++ b/security/device_cgroup/Kconfig @@ -0,0 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only +config SECURITY_DEVICE_CGROUP + bool "Device Cgroup Support" + depends on SECURITY + help + Provides the necessary security framework integration + for cgroup device controller implementations. diff --git a/security/device_cgroup/Makefile b/security/device_cgroup/Makefile new file mode 100644 index 000000000000..c715b2b96388 --- /dev/null +++ b/security/device_cgroup/Makefile @@ -0,0 +1,4 @@ +# SPDX-License-Identifier: GPL-2.0-only +obj-$(CONFIG_SECURITY_DEVICE_CGROUP) += devcgroup.o + +devcgroup-y := lsm.o device_cgroup.o diff --git a/security/device_cgroup.c b/security/device_cgroup/device_cgroup.c similarity index 100% rename from security/device_cgroup.c rename to security/device_cgroup/device_cgroup.c diff --git a/security/device_cgroup/lsm.c b/security/device_cgroup/lsm.c new file mode 100644 index 000000000000..ef30cff1f610 --- /dev/null +++ b/security/device_cgroup/lsm.c @@ -0,0 +1,82 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Device cgroup security module + * + * This file contains device cgroup LSM hooks. + * + * Copyright (C) 2023 Fraunhofer AISEC. All rights reserved. + * Based on code copied from (which has no copyright) + * + * Authors: Michael Weiß + */ + +#include +#include +#include + +static int devcg_inode_permission(struct inode *inode, int mask) +{ + short type, access = 0; + + if (likely(!inode->i_rdev)) + return 0; + + if (S_ISBLK(inode->i_mode)) + type = DEVCG_DEV_BLOCK; + else if (S_ISCHR(inode->i_mode)) + type = DEVCG_DEV_CHAR; + else + return 0; + + if (mask & MAY_WRITE) + access |= DEVCG_ACC_WRITE; + if (mask & MAY_READ) + access |= DEVCG_ACC_READ; + + return devcgroup_check_permission(type, imajor(inode), iminor(inode), + access); +} + +static int __devcg_inode_mknod(int mode, dev_t dev, short access) +{ + short type; + + if (!S_ISBLK(mode) && !S_ISCHR(mode)) + return 0; + + if (S_ISCHR(mode) && dev == WHITEOUT_DEV) + return 0; + + if (S_ISBLK(mode)) + type = DEVCG_DEV_BLOCK; + else + type = DEVCG_DEV_CHAR; + + return devcgroup_check_permission(type, MAJOR(dev), MINOR(dev), + access); +} + +static int devcg_inode_mknod(struct inode *dir, struct dentry *dentry, + umode_t mode, dev_t dev) +{ + return __devcg_inode_mknod(mode, dev, DEVCG_ACC_MKNOD); +} + +static struct security_hook_list devcg_hooks[] __ro_after_init = { + LSM_HOOK_INIT(inode_permission, devcg_inode_permission), + LSM_HOOK_INIT(inode_mknod, devcg_inode_mknod), +}; + +static int __init devcgroup_init(void) +{ + security_add_hooks(devcg_hooks, ARRAY_SIZE(devcg_hooks), + "devcgroup"); + pr_info("device cgroup initialized\n"); + return 0; +} + +DEFINE_LSM(devcgroup) = { + .name = "devcgroup", + .order = LSM_ORDER_FIRST, + .init = devcgroup_init, +}; From patchwork Wed Oct 25 09:42:12 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Michael_Wei=C3=9F?= X-Patchwork-Id: 157973 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce89:0:b0:403:3b70:6f57 with SMTP id p9csp2479291vqx; Wed, 25 Oct 2023 02:44:52 -0700 (PDT) X-Google-Smtp-Source: AGHT+IF/eVv0E2G9wGMPdBBC2heAu2wvTDmJukRNdKrSdYzoNrKj5D079EfMn0XWgHlb5YMNAHwJ X-Received: by 2002:a67:ef11:0:b0:457:c8f5:60d9 with SMTP id j17-20020a67ef11000000b00457c8f560d9mr13238996vsr.12.1698227092241; Wed, 25 Oct 2023 02:44:52 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1698227092; cv=pass; d=google.com; s=arc-20160816; b=D0q+OXtnzp1bbKyZX9sohFRDNVuGhvUYzR7GB35QbqKMRPk0KoqE2WVOHmmby7Hey5 eoYrNb64JgSbOalklktt4GWQUAodkG7Qc758iiq537IbSysDPBfK0XHvnoMrCxJl2XXG RNaasFTbyEsZABfrIDLu82uX1xpMxNMXi3u4AHf8NHHt4hPpGZ3fXevA+zqYPXPApwBw e+b4DJ4VGmJPJbnEggWUoIotpSsUqyvuQpXvaJ9B9GR/wLYKt2+zdDIURAQ1qeru7X4+ /zxHEO7i8pxUgbuwzGWxg7Xn2h//yi6HIxXqPLkjL+/qBCCmfzbw8pbJhT/HY2jPaTvd J0dg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:content-transfer-encoding :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature:ironport-hdrordr:ironport-data:ironport-phdr :ironport-sdr:ironport-phdr:dkim-signature; bh=aCT4SgUoL/0yussYGEXY6ao3ykL3wUcuHQGDwrCZVEU=; fh=U9u/esc0XBb8N/pVu7kudxJPwEQ0AyrThcmR2LpYyxQ=; b=uu6NJXCTqLZDoQpUuZUeIA/5cfbvbT7p7DVvd1whWxXzR4fiKk8OJa1goTnLJ13APD vFyZJUXy6HqfKxf/68uknE2JjEg1jqX8Dw2MHVyRNPgpeU8v83clSn4BK83B2l2EMGL0 mHXSlAqaBPv0o1UvFOLmNmyAMb4ymmRBp4SG7E1H0X0tt+MUQS5r9Op18lYxRTX0bU4H MJQiVY2gy20Y6dLQxQbI3kbabstOs3tg0WBYoHZ9sQPbD/BI0DfWn88XonhxBXvvv0r8 pGyyePxDmZFDQ6TKFErlZMHDy3OhHab4Ntky6zGNt4HJ+byUwDcO55ZST34vA/fbVA+3 kang== ARC-Authentication-Results: i=2; mx.google.com; dkim=fail header.i=@aisec.fraunhofer.de header.s=emailbd1 header.b=FtUk04Xf; dkim=pass header.i=@fraunhofer.onmicrosoft.com header.s=selector2-fraunhofer-onmicrosoft-com header.b=I5GgAjek; arc=pass (i=1 spf=pass spfdomain=aisec.fraunhofer.de dkim=pass dkdomain=aisec.fraunhofer.de dmarc=pass fromdomain=aisec.fraunhofer.de); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from pete.vger.email (pete.vger.email. [2620:137:e000::3:6]) by mx.google.com with ESMTPS id v5-20020a25fc05000000b00d743f0cb67dsi10420555ybd.119.2023.10.25.02.44.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Oct 2023 02:44:52 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) client-ip=2620:137:e000::3:6; Authentication-Results: mx.google.com; dkim=fail header.i=@aisec.fraunhofer.de header.s=emailbd1 header.b=FtUk04Xf; dkim=pass header.i=@fraunhofer.onmicrosoft.com header.s=selector2-fraunhofer-onmicrosoft-com header.b=I5GgAjek; arc=pass (i=1 spf=pass spfdomain=aisec.fraunhofer.de dkim=pass dkdomain=aisec.fraunhofer.de dmarc=pass fromdomain=aisec.fraunhofer.de); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by pete.vger.email (Postfix) with ESMTP id 7E754802869E; Wed, 25 Oct 2023 02:44:41 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at pete.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234626AbjJYJoL (ORCPT + 26 others); Wed, 25 Oct 2023 05:44:11 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39026 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234034AbjJYJoJ (ORCPT ); Wed, 25 Oct 2023 05:44:09 -0400 X-Greylist: delayed 63 seconds by postgrey-1.37 at lindbergh.monkeyblade.net; Wed, 25 Oct 2023 02:44:03 PDT Received: from mail-edgeka24.fraunhofer.de (mail-edgeka24.fraunhofer.de [IPv6:2a03:db80:4420:b000::25:24]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C33CD9D; Wed, 25 Oct 2023 02:44:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=aisec.fraunhofer.de; i=@aisec.fraunhofer.de; q=dns/txt; s=emailbd1; t=1698227044; x=1729763044; h=from:to:cc:subject:date:message-id:in-reply-to: references:content-transfer-encoding:mime-version; bh=jhb96eHx5V3sQacscu38ciSxM56ElbvGxM/gwY8kaFY=; b=FtUk04XfiQrRT1jUi8zFO0xU1gKWiLbpL39QXcQu7lHSIQ4lEGzmkelq fCYAW4v6ZTFGOSGPF4M1vkqt2SyxZmVkK56XbVqA6snXloQOHi5f9gQaR j7dShGp+isCa/hnVfu8J8SY+WMBT10eY8nV9IuINlEWLh+o2g7891CeL6 zBlnkpdidIJD7Ubcgo3dMrlcPr6p1Xdrim14ffQHw/gZLULcnyr04VthP cQeRFZ+W+0XHme+JhrwKmCXtiSiBtI/J/UO21Rk3HxVG7RTKR2QNDeKQW tbgsvkSSXR3o3rIwpP2uplxwh0fPWK5nW+FhjRUsK95WupEg8BJBmxrON A==; X-CSE-ConnectionGUID: kEM4vVTeQPm7VCLzIwglLg== X-CSE-MsgGUID: ND91yhsXTAOEFXVHLdsJaA== Authentication-Results: mail-edgeka24.fraunhofer.de; dkim=pass (signature verified) header.i=@fraunhofer.onmicrosoft.com X-IPAS-Result: A2H4BABB4jhl/xwBYJlaHgEBCxIMQIQIgleEU64IKoJRA1YPAQEBAQEBAQEBBwEBRAQBAQMEhH8ChxonOBMBAgEDAQEBAQMCAwEBAQEBAQECAQEGAQEBAQEBBgYCgRmFLzkNhACBHgEBAQEBAQEBAQEBAR0CNVQCAQMjDwENAQE3AQ8lAiYCAjIlBgENBYJ+gisDMbIYgTKBAYIJAQEGsB8YgSCBHgkJAYEQLoNchC4BhDSBHYQ1gk+BSoMzhFiDRoJog3WFPAcygiKDLymLfoEBR1oWGwMHA1kqECsHBC0iBgkWLSUGUQQXFiQJExI+BIFngVEKgQM/Dw4RgkIiAgc2NhlLglsJFQw1BEl2ECoEFBeBEW4FGhUeNxESBRINAwh2HQIRIzwDBQMENAoVDQshBVcDRAZKCwMCGgUDAwSBNgUNHgIQLScDAxlNAhAUAzsDAwYDCzEDMFdHDFkDbB8aHAk8DwwfAhseDTIDCQMHBSwdQAMLGA1IESw1Bg4bRAFzB51Ngm17E4Ipll0BrnkHgjGBXqEJGjOXK5JPLpgOIKI+JoUkAgQCBAUCDgiBeoF/Mz6DNlIZD4EbjQULF4NWj3t0AjkCBwEKAQEDCYI5iRIBAQ IronPort-PHdr: A9a23:sbks8xFNZzetKhKsCytat51Gf3BNhN3EVzX9l7I53usdOq325Y/re Vff7K8w0gyBVtDB5vZNm+fa9LrtXWUQ7JrS1RJKfMlCTRYYj8URkQE6RsmDDEzwNvnxaCImW s9FUQwt5CSgPExYE9r5fQeXrGe78DgSHRvyL09yIOH0EZTVlMO5y6W5/JiABmcAhG+Te7R3f jm/sQiDjdQcg4ZpNvQUxwDSq3RFPsV6l0hvI06emQq52tao8cxG0gF9/sws7dVBVqOoT+Edd vl1HD8mOmY66YjQuB/PQBGmylAcX24VwX8qSwLFuRjRYsvKvRb9kq0lyTSBJvzZYIAFBz2lt LZobET3tSwaFwcW3H7Nof5OoZ8O83fD7xYq4tP7b6iXOfl7I5v3Te0mb0NqBNcMXAxkPIqOS 7YlMPAvHMt4sZbWo3cS8SfgW1TwXNnE9Bpnhybp0Pdg0+kEUkL+9hU7AM8h4VTlqIj8G7cJS eWy0ZGZ1GvyLNUPnizN6dTlQhANqveQB5xresH6xmUzClrdn27JkZHKBRmEju0wsnCHxsw7c sKiu0t2oT9Y/QOr/Pwc27voudlIx07F5xxW/qoSe8KqS3RKNI3sAN5RrSacL4xsXoY4Tnp1v Dpv0rQdos3TlEkizZ0mw1vSZ/OKcIHSvlTtTu+MJzd/in9/Pr6y1F6+8kmln/X1TdL8kE1Lo SxMjsTWuzgT2gbS5MmKRro1/kqo1TuVkQGGwu9eKF0yla3VJoRnxbg1l5EJtl/EEDOwk0Lz5 JI= X-Talos-CUID: 9a23:eAQr4m2Po/pco9za6y64aLxfGe0ALmPj8HrpG0rnN01NWpyKRlu09/Yx X-Talos-MUID: 9a23:sF9B0wU06PsWcXjq/BnA1WhzNNxY342JJW49r7Uit9KmPAUlbg== X-IronPort-Anti-Spam-Filtered: true X-IronPort-AV: E=Sophos;i="6.03,250,1694728800"; d="scan'208";a="1802490" Received: from mail-mtaka28.fraunhofer.de ([153.96.1.28]) by mail-edgeka24.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Oct 2023 11:42:56 +0200 IronPort-SDR: 6538e320_pDqJ/Zbj0YhgknOVNjseWRoy3ormceWTyF5I0ck7jZi5W5q pRn7ey0hlVC58rt0SGpfncYL5P/jdCaTn515a+Q== X-IPAS-Result: A0CtBgC94Thl/3+zYZlaHQEBAQEJARIBBQUBQAkcgSqBZ1IHgUuBBYRSg00BAYUthkGCXAGcGIJRA1YPAQMBAQEBAQcBAUQEAQGFBgKHFwInOBMBAgEBAgEBAQEDAgMBAQEBAQEDAQEFAQEBAgEBBgSBChOFaA2GTQIBAxIRDwENAQEUIwEPJQImAgIyBx4GAQ0FIoJcgisDMQIBAaUwAYFAAosigTKBAYIJAQEGBASwFxiBIIEeCQkBgRAug1yELgGENIEdhDWCT4FKgzOIHoJog3WFPAcygiKDLymLfoEBR1oWGwMHA1kqECsHBC0iBgkWLSUGUQQXFiQJExI+BIFngVEKgQM/Dw4RgkIiAgc2NhlLglsJFQw1BEl2ECoEFBeBEW4FGhUeNxESBRINAwh2HQIRIzwDBQMENAoVDQshBVcDRAZKCwMCGgUDAwSBNgUNHgIQLScDAxlNAhAUAzsDAwYDCzEDMFdHDFkDbB8WBBwJPA8MHwIbHg0yAwkDBwUsHUADCxgNSBEsNQYOG0QBcwedTYJtexOCKZZdAa55B4IxgV6hCRozlyuSTy6YDiCiPiaFJAIEAgQFAg4BAQaBeiWBWTM+gzZPAxkPgRuNBQsXg1aPe0EzAjkCBwEKAQEDCYI5iREBAQ IronPort-PHdr: A9a23:espShxc3Y9AvDPqgveobLASWlGM+/N/LVj580XJao6wbK/fr9sH4J 0Wa/vVk1gKXDs3QvuhJj+PGvqynQ2EE6IaMvCNnEtRAAhEfgNgQnwsuDdTDDkv+LfXwaDc9E tgEX1hgrDmgZFNYHMv1e1rI+Di89zcPHBX4OwdvY+PzH4/ZlcOs0O6uvpbUZlYt5nK9NJ1oK xDkgQzNu5stnIFgJ60tmD7EuWBBdOkT5E86DlWVgxv6+oKM7YZuoQFxnt9kycNaSqT9efYIC JljSRk2OGA84sLm8CLOSweC/FIweWUbmRkbZmqN5hGvV7zN7hD1i+1Zn3GLINbtfJ8ZaQX85 qAwWRzM0zg6PCMZyU77ldZbvpx2nUfywn43ydv1Pa6aHfhzfaaARfkqe1Zrd+0LRnFKIqaCZ rkrMsA+J8h5gqnjuHAKgQfiOVfyWb+38BR2o1D3hLI3ib4hHCSFnzQKBskRrVuFjOTxaa49Q futya7V9WTaMcIV/26687jJLj0Rod2HW64qX9HawmIgOx/Y102BktXdIhyv/PVVulWa9/ZJc 7mIq2MXjlB7nBHw/cMWsbmYtKMqkQ3J6yRr+akLCfrmV1x4W+/xQ9NA8iCAMI1uRdk+Bntlo zs+1ugesIWgL0Diqbwizh/bLvmbequhuEKlWvyYPDF4g3xoYvSzikX6/Uuhz7jkX9KvmBZRr yVDm8XRrH1FyRHJ68aGR/c8tkes0DqCzUbSv8lKO0kpk6rcJZM7hLk2k5sYq0PYGSHq3k7xi cer IronPort-Data: A9a23:porHu60HpMWIh8DQDPbD5Vd1kn2cJEfYwER7XKvMYLTBsI5bpzYDy WFNW2vUaPeKYTGhe4xwaI2/8UIF6Jfdx9IwTgBl3Hw8FHgiRegpqji6wuccGwvIc6UvmWo+t 512huHodZxyFDmGzvuUGuCJhWFm0q2VTabLBufBOyRgLSdpUy5JZShLwobVuaY2x4Dia++xk Ymq+ZaGYAX4g2cc3l88sspvljs/5JwehxtF5jTSVdgT1HfCmn8cCo4oJK3ZBxMUlaENQ4ZW7 86apF2I1juxEyUFU7tJoZ6nGqE+eYM+CCDV4pZgtwhOtTAZzsA6+v5T2PPx8i67gR3R9zx64 I0lWZBd1W7FM4WU8NnxXSW0HAkvbKZexqPBCET4oMm0l3DkVFL2n61xWRRe0Y0woo6bAElV8 OAAbj0dZRDFifi/3bS7TedhnIIvIaEHPqtG5yomnG6fVKl3B8mZHM0m5vcAtNs0rsVPFvbXa s5fdjdudw/oahxUN1xRBog3geGogXfyaXtUpTp5oIJuuDWLk1MgiuGF3Nz9ZuGVROVzxW+kl Emf8zz8BA09asLA8G/Qmp6rrqqV9c/hY6obELCo//hmjUe7w20TARkXXkq95/K+jyaWUchWN koZ4AItoLI0+UjtScPyNzWxu2KsvRMGXddUVeog52ml0qPJ5y6BD3UACztGb8Yr8sQxQFQC2 laPnt7tLT1ov7CcU3ia5vGSoC/aESETIXUDZAcHQBED7t2lp5s85jrKR8x/EajzitToMTXxx S2a6iQzmd07lskN2I248ErBjjbqoYLGJiYk5h7/UGjj5QR8DKanYIyur1bS9upJJoufQnGOu XEFn46V6+VmJZKVjy2LT+UlH7yz4fuBdjrGjjZHBJUv3zuq/HGncMZb5zQWDEdgNcIZfhfmZ 0jcvQ4X75hWVFOoaqtsaqqyBt4swKymEs7qPtjNc9dIfpl3XA6c+z9nYUOWwybml01Eub8+I 5CzY8uqDGhcDaVh0SrwQP0Sl6Iorgg7xGDXQovT1Aaqy7eSZTiVVN8tOV6PdL9i7aesrwDc8 tIZPMyPoz1EXffxbwHX+IoXPFZMJn8+bbj8s8J/aOGOOExlFXsnBvuXxqkuE6RhnqJIhqLL8 2u7V0tw1lXynzvEJB+MZ3Qlb6ngNb57rHQmLWkiJlqlxXUnSZig4b1ZdJYte7Qjsut5wpZJo +ItIpjbR6UQD22YqnFEN8a7sokkf1KlnwuTOSqibjUlOZJtL+DUxuLZksLU3HBmJgK5r8Ijp b2n2A7BB50FQgVpFsHNb/yziVi2uBAgdChaBCMk+/ECKRm+w5sgMCHrkP48LucFLBiJlHPQ1 B+bDV1c7aPBqpM8uouBz62VjZabI80nFGpjHk7f8emXMwve9TGd2oNuaruDUg3cc2LWw5+cQ 9tp4cvyC9A9p2YSgbFAS+5q6Ykc++rQo6Rry1U4PXfTMHWuJLBSAliH+shttqR94LtoqFazU Ueho9NfOau7Pf30NFsrICskceWx+vUGkRbC7fkOARvb5Q0m2JGlQEltLx23pygFF4RMMaQh2 vYHhM4azyedmygaGI+KoQ4M/lvdM0Fadbsss68rJbPCiy0p+wlkWoPdACqn26O/QYxAHWdyK wDFmZeYoapXw3fDVH8BFXLt++55rrZWsTBoyG4yHXi4quDntNQWgiIIqS8WSz5LxCppy+hwY 2hnF3NkLJW0ogtHupJxYHCOKSpgWjui5U3D+3kYnjb4Tm6pdFD3Ak8TBOKvxH0dokVgJmV13 bfA02v0cyfYTOeo1AsIZENVgfjCT9twyw78pP6aD/m1R5kUXRe1g4uFR3Y5lB/8MMZg2GzFv bZL+chzW43aNAkRgb8xO7OF8bEuFCHeK3FwR9Nh8JxUGmuGSjW52GWNGXuQYeJIHeTBqmWjO vxtJ+VOdhWw7zmPpTYlHpwxI6d4sfoqxdgacJbpGDI2iKSepT9Xr57gzCjyq2s1SdFIk8xmC IfuWx+dM26X3114pnTsqZRaB2+GftU0Xg3w8+Sr+uEvFZhYkuVNc1k344SkrUeuLwpr0BKFj jztP5aM4bRZ9r1tuI/wHoFoJQa+c4rzXdvV1jGDiY1FaNeXPPresw8QlELcAD1XGrksQPVyq 6WGtY/m/UHCvYtuaVvjpbu6K/Br6/mxDc1tCeCmCFlBnCCHZt3g3AtbxUC8Nq5ysY184uuJe lKGTfWeJPApX+VT/nl3UxRlMg08Dv33Z5jwpCnmoPWrDAMc4DP9L9im1CHIaE9DfXU2Obn7O B7Fi8iz7/8JqbZ8JQI2KMxnJ7RaI1bTf7QsWPOslDufD0iu2kijvJm7nzUeyDj7MFu2O+ek3 oDkHz/QLA+TvoPMx/Fn671ChAUdVitBsLNhb3Aj9M5ToBHkKmw/dMA2E4gMU7NQmQzMjKDIX inHNjYeOH+sTAZ/UEvO5fr4VV2iHc0IANDyIwIp826yayubAIChAqNrxhx/4kVZKyfS8+W6F e4wonHAHAC94pVMd9Yh4vaWheRGxPSD4lkq/Uv7sdL5AjdAILEs+UFiIjFwVn38I5mQrHnIG Gk7ezkVCgXzA0v8Ct1pdHNpCQkU9mGnhSkhaSCUhs3TocOHxelH0+fyIPz3zqZFVskROboSX jnicgNhOYxNNqA74sPFY+4UvJI= IronPort-HdrOrdr: A9a23:TGxyaa4+D/yWjKNCZAPXwV+BI+orL9Y04lQ7vn2ZFiY7TiXIra yTdaoguCMc0AxhIE3I6urwQ5VoIEmsvaKdhLN+AV7MZniBhILFFvAA0WKA+UyqJ8SdzJ8l6U 4IScEXY7eQbWSS5fyKpTVQeOxQpeVvhZrY4ts2uE0dKT2CBZsQjTtRO0K+KAlbVQNGDZ02GN 63/cxcvQetfnwRc4CSGmQFd/KrnayAqLvWJTo9QzI34giHij2lrJTgFQKD4xsYWzRThZ8/7G n+lRDj7KnLiYD39vac7R6e031loqqu9jJxPr3MtiHTEESttu+cXvUvZ1RFhkF3nAjg0idprD CGmWZbAy060QKtQojym2qo5+Co6kdT11byjVCfmnftusr/WXYzDNdAn5tQdl/D51Mnp8wU6t M944s3jesmMfrsplWJ2zHzbWAfqmOk5X451eIDhX1WVoUTLLdXsIwE5UtQVJMNBjjz5owrGP RnSJi03oceTXqKK3TC+mV/yt2lWXo+Wh+AX0gZo8SQlzxbhmpwwUcUzNEW2n0A6JU+QZ9Z4P msCNUfqJheCssNKa5tDuYIRsW6TmTLXBLXKWqXZU/qEakWUki92aIfII9Fl91CVKZ4vafawq 6xL2+wnVRCBX7TNQ== X-Talos-CUID: 9a23:2Ug9ymMKcjpFT+5DCXhs7HAIHOkZNWzY6y/tAWiREzoxV+jA X-Talos-MUID: 9a23:79ZKvQ2zxysStDMAJCcUFU9cTjUj/5mxCWAryrw6ieLdOXR1PSu60iroe9py X-IronPort-Anti-Spam-Filtered: true X-IronPort-AV: E=Sophos;i="6.03,250,1694728800"; d="scan'208";a="135077921" Received: from 153-97-179-127.vm.c.fraunhofer.de (HELO smtp.exch.fraunhofer.de) ([153.97.179.127]) by mail-mtaKA28.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Oct 2023 11:42:55 +0200 Received: from XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) by XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.27; Wed, 25 Oct 2023 11:42:55 +0200 Received: from DEU01-FR2-obe.outbound.protection.outlook.com (104.47.11.169) by XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.27 via Frontend Transport; Wed, 25 Oct 2023 11:42:55 +0200 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Jnef7P7QOVWsWNV1P6QO74uh3gVlqM8wF4OQtdHS0/aVufedd237u2C7lRzcwVRaS04dYmeoiV0NlZt1Cf9NyzuYarIWZOCQXlRj9bFA/zXMxkr/46bfSatHxLcnFaBhgh8gxf7qlUEjt2DztFvMZuxrIu4gSftC+ilOBt6hpCy0m2l+zzlSxIQ6UVDwxqhUfQZsSp/ko9vXHg3mj86yMYVGHn0/Dsha9++eK6rVDF4RnGU1E6Y2/i9wc1apSqmSnt5NAY6QyZisurPguSSZgbSWvCJvOPKO3Vx4r4+Q2CSFuQ5f3m4tc2BnnvMZRzjCePQ6MHDr6GmJneHzjoQl8g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=aCT4SgUoL/0yussYGEXY6ao3ykL3wUcuHQGDwrCZVEU=; b=YSkvaVdcrqZifjbuPv3fDjmRkzSN0C4wc0jzkBgibgnxRsn+3/QIlUf1dcxG/EQiq1Vgt2CwHrsMtITsY6keHTOhfQ7avnM5K1neIUq/5/fKmesrGpXQke7ySs8hbJy/q86JOxYvmWe8+e0FZUgA5Df83upIAPumpT8cCwmxvotb5KBaOClTNQWxOw0LRh9l8rfkqRi4MNjowgdIq1U8vLLcbQJzIaBqx5gWImogszE5J4K8JWvsRZow+rriXdeYKWEkujD3oma9IDfjGtD91Zhfxgkqn7faH6BewvX+hu0pJJnPvrXtFttLwX07RFLocp/fbCHoVb1snOEtFouTuw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=aisec.fraunhofer.de; dmarc=pass action=none header.from=aisec.fraunhofer.de; dkim=pass header.d=aisec.fraunhofer.de; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fraunhofer.onmicrosoft.com; s=selector2-fraunhofer-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=aCT4SgUoL/0yussYGEXY6ao3ykL3wUcuHQGDwrCZVEU=; b=I5GgAjekm5PBXVTBAC2y5cHMVaZLUBWrFIEHvwClDt4T66540RCVMGi1we22heM++PBqswuG9HYl5aGxspmouP9q6Y+N1/sXi4EXhDcnt2FsccCgDtu1pyS1PuGRBy0aUiptAN3OHeXM9bVA7SlRSX9ZIW35evizQGVDO6wzkRY= Received: from BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:50::14) by BE0P281MB0116.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:f::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6933.19; Wed, 25 Oct 2023 09:42:54 +0000 Received: from BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM ([fe80::7330:78f8:1bf2:2f4d]) by BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM ([fe80::7330:78f8:1bf2:2f4d%5]) with mapi id 15.20.6933.019; Wed, 25 Oct 2023 09:42:53 +0000 From: =?utf-8?q?Michael_Wei=C3=9F?= To: Alexander Mikhalitsyn , Christian Brauner , Alexei Starovoitov , Paul Moore CC: Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Quentin Monnet , Alexander Viro , Miklos Szeredi , Amir Goldstein , "Serge E. Hallyn" , , , , , =?utf-8?q?Michael_Wei=C3=9F?= Subject: [RESEND RFC PATCH v2 02/14] vfs: Remove explicit devcgroup_inode calls Date: Wed, 25 Oct 2023 11:42:12 +0200 Message-Id: <20231025094224.72858-3-michael.weiss@aisec.fraunhofer.de> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20231025094224.72858-1-michael.weiss@aisec.fraunhofer.de> References: <20231025094224.72858-1-michael.weiss@aisec.fraunhofer.de> X-ClientProxiedBy: FR4P281CA0420.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:d0::17) To BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:50::14) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BEZP281MB2791:EE_|BE0P281MB0116:EE_ X-MS-Office365-Filtering-Correlation-Id: e1f8b819-4272-4858-a1c7-08dbd53ec2dc X-LD-Processed: f930300c-c97d-4019-be03-add650a171c4,ExtAddr X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: f9VvorlZKgkslf3oJMirlkDDUVXdlX7B2XEWwUI/+JFLUqfFL7D66R4WLaEnhexqYP/lhnmrHaf9NMZ6nN04LsVZ5tURLY3tnLlXWGlCuNykl9cHCUg6zmItms2jfm7Rkm3HHRLkl7yFhXKfwS9gqa28bSETsmJmnfH96V+gHL11zc47uud2TJST7yIXya8xLpleDhSNHnz3HQyOnZZJZtHuMOkFzTkVWb92+pMpq9GG4jOo9bFp4jGsiHlC2L9JFXJKTuq/7cvxJRNg1OZisqcAkGfvhkM/+W/45DLcSCxIeQg4/Z7B3mtjRYYEYfDWDvsLG/W8VKHYPyVCwkVTkYrDe9f2UX4opvgEMUMPXkHttx1Ti5XBim0d61GaciOGL2o+BJlMX8IMtSPyYQ9Xg3/oHBcSJkYd7Yeo7ZUcuBzFQ58izEFdbw9h3KCe71ew+jZ0IxX/1vJSWhRKITme4SJm+LTykWwjUrXMLfG/0UgZC/i6ooUrvBpjVsq/28BXFRMGE8IOfs8xesc/fysraVDCDf+rzg3l0vAWvccsemQJ1oAZAwCn51+tKxNx1nI7+HSX3EEAMyjnbh4JwgmIHBFRy98HRKdy60/80lt8e2w= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230031)(366004)(346002)(136003)(396003)(376002)(39860400002)(230922051799003)(1800799009)(186009)(64100799003)(451199024)(66946007)(83380400001)(316002)(38100700002)(6486002)(478600001)(6666004)(54906003)(110136005)(66556008)(66476007)(1076003)(107886003)(52116002)(6506007)(2616005)(6512007)(7416002)(2906002)(86362001)(4326008)(8936002)(82960400001)(8676002)(41300700001)(5660300002);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?YS3D2+0BRy/shrvAQ261eEEMD5mE?= =?utf-8?q?HOUB+C07jkjcWh+Gev3ToETI9FN7AoukHkBtAy+iFb/5VbZMcIPsERy890pJlBpZW?= =?utf-8?q?NsdtXZUVVLcxFjsdoZa4OyNmtC/DjINVSznyITps7A2Asuw9m3hs33McGlb8kVP3A?= =?utf-8?q?YfAZ97zjfl69tURWSvsVnss8+8vFsLCdiI01p89LE7O86ITwVdTR1MLUIQ7nbmNSo?= =?utf-8?q?ql8BPmm8mga2oIENVRMIEesob/iZvaT7Puq8MLPgRuHIcHfRWYB+TKwK3Vz3WzeHV?= =?utf-8?q?FMA8CbZmMAFLl1WPqPvXfxfw4/jAu5Ez8L4OS8sF5C3P5j7fK+PCzb/k4gwKi1Leb?= =?utf-8?q?EOO+yUrc2lZkoaT/RAuFCNj+sdztbOOoYtNBe7qyzKN2RCQ1ihmUOFURK1xkMWUpq?= =?utf-8?q?fcxI3MjvtIn/hYW+r4dtPvYkDR9MOBAbjSCyjECL/aLb9CIfiUlMau+Rdp9JnT3u4?= =?utf-8?q?NXCxludlecRX+if4JSbJRI4k2oX2ITNMSx50aK9mh/0KokzC4iJ58j/P3I00JZqo7?= =?utf-8?q?cNeqvRHBnvYsZR93TMlZXUeciFSi55PSRFs7Ksz0qVlsf+dAT7bQKZIoffRy3uFag?= =?utf-8?q?26HH0KcWHZXH4785r+MpovSL/tLsdxE/mxZVqsR9bzHyj6oiwfhTtf9qPrPsQmxFv?= =?utf-8?q?vWRyWJeu1vtIPsgbno0xv4Jg/px3q5BhnpcWV0D6pC35tYbMNMPdKJlymTldXQvSq?= =?utf-8?q?wyWqcmiH1okqA/KSHQmju0JLI7VNqKAKd3COTc3ygzy1o1oadwglIceEy261PtQvO?= =?utf-8?q?A9pjFDabPNIW0dC8bFpWuuv0fLHLtDdcxBFmW1jdT9PnxhDnhSZpoHXpxNHsI5OnD?= =?utf-8?q?iNn99qItZL7s6gqabWeZmchbGI1B8sfiLdrjBUP9FDGo3bMAfgbVuvN8GTZa/SNG3?= =?utf-8?q?LLRWRYAAf1qjgZXoq5XmuDM53j+b4xDMUq1pKeCUcdcH7v8b3wf1EsVeoIN8qpWtt?= =?utf-8?q?cIlMkAsH1VCYdISHOxpq0btWVKnl0UrWCRYwYqwvx9aKNMyyYuO2fimXIIW5M79IR?= =?utf-8?q?M1BB4FWPy2T/MgolssfEGWf9XoZrJM+owHnW/D0+66PjDaLiDvFxF16CranySKIbH?= =?utf-8?q?y6LXrTPlqVjWKVXizmRpvbNMliH/y63GzLf4SL1upKqOcREKyO0NaL11UM7CkfKif?= =?utf-8?q?mo6cZ2CzMcbcYndnk5w6WnzNIgT1+ja1irEkaDWcNmvpGwzI+rn884KFSA2ZE1PJU?= =?utf-8?q?BUUkxqty4onBspovBhKmMiewAAmy9EoRH3ILiRId131KT4fI7gI1VFjO53Qw40XLL?= =?utf-8?q?fp2EfTDtrirTpf158tmgQS91m5Sr9IAlWVMNuSHONbUL/p/Y6U7f0hKJEH9stEZ0/?= =?utf-8?q?bT5ev2dxJK7cMULOz8oOMQmUb4jBjEmXg2bSC5KZ5ddX4XyP3sQ7bgNqYGarg7J9p?= =?utf-8?q?reQYPUfIESlhrcxtgxF6t4/ul8XkUpIA1zZjGd6vBjKKZefLVOwKJ6SBscDV1MAG0?= =?utf-8?q?KvDlI3am+VgghHkZtJB7mh2ItM5NUYlVpr9nGle8hHtgK7+WVTJaVKU9weFWjRaN3?= =?utf-8?q?/JetB8V2YTSTTTugRbPMDsDyKzPPq2s3kIDlUKLxdPF3Oys4BcRTVIkXucAhYjAcS?= =?utf-8?q?14TO3HBW9SBF8nCWkmHJSSqXyrPXvxguM8mzpBi7mANhvOlYAbmjJA=3D?= X-MS-Exchange-CrossTenant-Network-Message-Id: e1f8b819-4272-4858-a1c7-08dbd53ec2dc X-MS-Exchange-CrossTenant-AuthSource: BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Oct 2023 09:42:53.8515 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f930300c-c97d-4019-be03-add650a171c4 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: kLA/SPFiVYZIdu2tFQBaXrsERJE48HWs9r9jkhiTDhoxiNeRLdUY8ra5AGOQnBt2OfSxF0A9rB17VAseAelC9PUU2Wi8R3G1vNSLe4xTt48EeLW+fyXler0J/IWrWKgC X-MS-Exchange-Transport-CrossTenantHeadersStamped: BE0P281MB0116 X-OriginatorOrg: aisec.fraunhofer.de X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on pete.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (pete.vger.email [0.0.0.0]); Wed, 25 Oct 2023 02:44:41 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1780720171282029681 X-GMAIL-MSGID: 1780720171282029681 Since the new lsm-based cgroup device access control is settled, the explicit calls to devcgroup_inode_permission and devcgroup_inode_mknod in fs/namei.c are redundant and can safely be dropped. The corresponding security_inode_permission and security_inode_mknod hooks are taking over. Signed-off-by: Michael Weiß --- fs/namei.c | 8 -------- 1 file changed, 8 deletions(-) diff --git a/fs/namei.c b/fs/namei.c index 567ee547492b..f601fcbdc4d2 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -34,7 +34,6 @@ #include #include #include -#include #include #include #include @@ -529,10 +528,6 @@ int inode_permission(struct mnt_idmap *idmap, if (retval) return retval; - retval = devcgroup_inode_permission(inode, mask); - if (retval) - return retval; - return security_inode_permission(inode, mask); } EXPORT_SYMBOL(inode_permission); @@ -3987,9 +3982,6 @@ int vfs_mknod(struct mnt_idmap *idmap, struct inode *dir, return -EPERM; mode = vfs_prepare_mode(idmap, dir, mode, mode, mode); - error = devcgroup_inode_mknod(mode, dev); - if (error) - return error; error = security_inode_mknod(dir, dentry, mode, dev); if (error) From patchwork Wed Oct 25 09:42:13 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Michael_Wei=C3=9F?= X-Patchwork-Id: 157979 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce89:0:b0:403:3b70:6f57 with SMTP id p9csp2479759vqx; Wed, 25 Oct 2023 02:46:03 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEuIUbOUe/SScB+DGIPZgghXpwEe3NfH+kMSKE3/8Z6e1AAlxwa4gPwBNjoEiIjXJV72ecy X-Received: by 2002:a25:e641:0:b0:da0:454d:cf57 with SMTP id d62-20020a25e641000000b00da0454dcf57mr5429896ybh.16.1698227163269; Wed, 25 Oct 2023 02:46:03 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1698227163; cv=pass; d=google.com; s=arc-20160816; b=yfHUnpHKqInXuoL+v01mgdnKbIaRBLlr9vzuyh8rzsMXahxhaUsDsh2AWULW85Kz87 mrGFNsylG0hlfshK+thZfsfvWuh/J7b7Z4FPGjPkndBSFbjEwa9pwJ9wwgYa33a0yDyQ +mCCborH6p+OjYITk2JEGnqr3rzzLNMCB3X86cQLuAv8+aKytIGByA5fK0ORDBxuSnbo tEbHfz5f2RR7bR1AXCP6zlPgxt1XTlWTEKd4okuQHpdQve1ucC8sjMpOYnublTCmvTGJ HqU70IVHA0N+MprMLwlHX3gU8Q647ANucenw2e6wEJb4oIzXwsLS0Rwnc9+itrHKVvvn vlhg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:content-transfer-encoding :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature:ironport-hdrordr:ironport-data:ironport-phdr :ironport-sdr:ironport-phdr:dkim-signature; bh=jCQjkLBQou1K1XlAT1aHJgI/ZpqOx9/gRhKcqbH3k+s=; fh=U9u/esc0XBb8N/pVu7kudxJPwEQ0AyrThcmR2LpYyxQ=; b=WeRRMF6OhfRlsY+BlaKoEMAeTCP3/8HqFNEkDCzzedxoYSpy6gmH00TGKhA7NECp22 mnnhbXg2MS+TbJwqKEob3p8sX1fSBJWEgwe8WLjdTDFFrVJxes3AKmKSszyMMwHT97AI Kbg7HanvItebny+IqM6KpzKQ30HZTUNEe1lPEJOlrygmRQXzIskkwioSrCbmkCQG8Ghz uhmRYX7TrHWcFsWlnlEHkzlOqvuOXYHHaGpONlbFZQewaoTKA4HhFrTqj8Tv6OXvhjDB dmaToWF/hvTwEqgvf0PGVFvrr1mUraHAiFe6AzKOC/sQlR8UVf+KH2W6Rz4kyErV5yXM gLBA== ARC-Authentication-Results: i=2; mx.google.com; dkim=fail header.i=@aisec.fraunhofer.de header.s=emailbd1 header.b=kBc2+AsX; dkim=pass header.i=@fraunhofer.onmicrosoft.com header.s=selector2-fraunhofer-onmicrosoft-com header.b=LEHzHxtF; arc=pass (i=1 spf=pass spfdomain=aisec.fraunhofer.de dkim=pass dkdomain=aisec.fraunhofer.de dmarc=pass fromdomain=aisec.fraunhofer.de); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from morse.vger.email (morse.vger.email. [23.128.96.31]) by mx.google.com with ESMTPS id r3-20020a254403000000b00d9ca4853316si10097762yba.694.2023.10.25.02.46.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Oct 2023 02:46:03 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) client-ip=23.128.96.31; Authentication-Results: mx.google.com; dkim=fail header.i=@aisec.fraunhofer.de header.s=emailbd1 header.b=kBc2+AsX; dkim=pass header.i=@fraunhofer.onmicrosoft.com header.s=selector2-fraunhofer-onmicrosoft-com header.b=LEHzHxtF; arc=pass (i=1 spf=pass spfdomain=aisec.fraunhofer.de dkim=pass dkdomain=aisec.fraunhofer.de dmarc=pass fromdomain=aisec.fraunhofer.de); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by morse.vger.email (Postfix) with ESMTP id 5B6CB801F89F; Wed, 25 Oct 2023 02:45:04 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at morse.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234722AbjJYJoa (ORCPT + 26 others); Wed, 25 Oct 2023 05:44:30 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39096 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234587AbjJYJoK (ORCPT ); Wed, 25 Oct 2023 05:44:10 -0400 Received: from mail-edgeka24.fraunhofer.de (mail-edgeka24.fraunhofer.de [IPv6:2a03:db80:4420:b000::25:24]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 17472DE; Wed, 25 Oct 2023 02:44:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=aisec.fraunhofer.de; i=@aisec.fraunhofer.de; q=dns/txt; s=emailbd1; t=1698227047; x=1729763047; h=from:to:cc:subject:date:message-id:in-reply-to: references:content-transfer-encoding:mime-version; bh=6IS3qnmwyCNRIjvUFp2Jg7LA5SbSx9BBFQUcZ1ZIxA4=; b=kBc2+AsXYkIuJIJzy20otbVqCx7nmm1hk9jMnBEx8IstYupwpPe6CbZD dpZ5hB3DVkyHGaN8y13OiRY/6wVZQHicNFAl4qFC7lZVe5PHq+BjZN+Br DT+YjC86x3KlMYxFYI8tJ9YBnLR1JCv6/Rk8bFfTGGpdT6B1PO8I+zeiU UQgW8ADVdv97fN75ikva0h0JCX0dBABmTIdeS+V36NHjs4rhOiduyJIrw ow1i7KLH6rPz3a40s96eBAx10weH6mUIODJvFEom7MZ8H8H9c3JHQ22Xj EG3y3pbrxnCJJfLcbRt6fkhBjtiwC51aYs1IqSfqTCd35oX4f08otSZqJ A==; X-CSE-ConnectionGUID: RzyV6OS0RqeDLXDwHmvM6A== X-CSE-MsgGUID: aTEi1QIdQNS22hvwL+hBTw== Authentication-Results: mail-edgeka24.fraunhofer.de; dkim=pass (signature verified) header.i=@fraunhofer.onmicrosoft.com X-IPAS-Result: A2E2AABB4jhl/xwBYJlaHQEBAQEJARIBBQUBQIE7CAELAYI4gleEU4gdpWsqgSwUgREDVg8BAQEBAQEBAQEHAQFEBAEBAwSEfwKHGic0CQ4BAgEDAQEBAQMCAwEBAQEBAQECAQEGAQEBAQEBBgYCgRmFLzkNhACBHgEBAQEBAQEBAQEBAR0CNVQCAQMjBAsBDQEBNwEPJQImAgIyJQYBDQWCfoIrAzGyGH8zgQGCCQEBBrAfGIEggR4JCQGBEC4Bg1uELgGENIEdhDWCT4FKgQaCLYQpL4NGgmiDdYU8BzKCIoMvKYt+gQFHWhYbAwcDWSoQKwcELSIGCRYtJQZRBBcWJAkTEj4EgWeBUQqBAz8PDhGCQiICBzY2GUuCWwkVDDUESXYQKgQUF4ERbgUaFR43ERIXDQMIdh0CESM8AwUDBDQKFQ0LIQVXA0QGSgsDAhoFAwMEgTYFDR4CEC0nAwMZTQIQFAM7AwMGAwsxAzBXRwxZA2wfGhwJPA8MHwIbHg0yAwkDBwUsHUADCxgNSBEsNQYOG0QBcwedTYJtgQ6CKU2Se4MVAa55B4IxgV6hCRozlyuSTy6YDiCiPoVKAgQCBAUCDgiBY4IWMz6DNlIZD44gg3iPe3QCOQIHAQoBAQMJgjmJEgEB IronPort-PHdr: A9a23:3rWe0h2ruMTvgC8GsmDO+QUyDhhOgF2JFhBAs8lvgudUaa3m5JTrZ hGBtr1m2UXEWYzL5v4DkefSurDtVT9lg96N5X4YeYFKVxgLhN9QmAolAcWfDlb8IuKsZCs/T 4xZAURo+3ywLU9PQoPwfVTPpH214zMIXxL5MAt+POPuHYDOys+w0rPXmdXTNitSgz/vTbpuI UeNsA/Tu8IK065vMb04xRaMg1caUONQ2W5uORevjg7xtOKR2bMmzSlKoPMm8ZxwFIDBOokoR rxRCjsrdls44sHmrzDvZguC7XhPNwdemBodASP87hLedK72r3LZ79p58RXDNO3UQpFzayy7y Lc6DxDSiAQMLjQZq2KUkZkj6cATqkeFijxt457ITsaYKd5OTITcftUlQToQHYVUdzZsIIHtN bQsFMQvNM0EtYD24F0ngBiUJ1L9Asni7mJEllzM2bMY8OkCEDvtnykwR9MCkizZno6rJuRDd 8eUnanN1CTMUKwR4Tbf9ZfuYisRkM6XQ6BoLvvz5lhwSgLOi2nNoLD1YymY+uMgnk239steU uGhpV8+khlK+BmN980Gt87GvdkM8Fnu62J7/Lp2f9LtGwZrJN++F51IsDuGcpF7Wd4mXzRws T0hmdXu2La+dSkOjZkryBPcYqbbNYaS6w/lVOGfLC0+iH82ML68hhPn6UG70aW8Tci71l9Ws zBI2sfBrHED1hHfq4CHR/Jx813n2GOn2Rra9+dEJk45j+zcLZsgyaQ3jZ0drQLIGSqepQ== X-Talos-CUID: 9a23:FAbIUGM7QxAag+5DYjt2yhAzIZgfa3Dx6Ef8PG+9F0M3YejA X-Talos-MUID: 9a23:y4txPwQZtDcbqUvqRXTluBxjbf5J752IMxpXkYsZn4qEHxBvbmI= X-IronPort-Anti-Spam-Filtered: true X-IronPort-AV: E=Sophos;i="6.03,250,1694728800"; d="scan'208";a="1802491" Received: from mail-mtaka28.fraunhofer.de ([153.96.1.28]) by mail-edgeka24.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Oct 2023 11:42:57 +0200 IronPort-SDR: 6538e321_973YP11K0hq3C6HMmfGN+/8ABaxTXSb4AhUFMyoWpxQ/HW9 hY5h4JdyAOEtKEvgEYj83a6moneVCK/wwhJL6LA== X-IPAS-Result: A0BZAAC94Thl/3+zYZlaHQEBAQEJARIBBQUBQAkcgRYIAQsBgWZSB4FLgQWEUoNNAQGETl+GQYJcAZwYgSwUgREDVg8BAwEBAQEBBwEBRAQBAYUGAocXAic0CQ4BAgEBAgEBAQEDAgMBAQEBAQEDAQEFAQEBAgEBBgSBChOFaA2GTQIBAxIRBAsBDQEBFCMBDyUCJgICMgceBgENBSKCXIIrAzECAQGlMAGBQAKLIn8zgQGCCQEBBgQEsBcYgSCBHgkJAYEQLgGDW4QuAYQ0gR2ENYJPgUqBBoIthCmDdYJog3WFPAcygiKDLymLfoEBR1oWGwMHA1kqECsHBC0iBgkWLSUGUQQXFiQJExI+BIFngVEKgQM/Dw4RgkIiAgc2NhlLglsJFQw1BEl2ECoEFBeBEW4FGhUeNxESFw0DCHYdAhEjPAMFAwQ0ChUNCyEFVwNEBkoLAwIaBQMDBIE2BQ0eAhAtJwMDGU0CEBQDOwMDBgMLMQMwV0cMWQNsHxYEHAk8DwwfAhseDTIDCQMHBSwdQAMLGA1IESw1Bg4bRAFzB51Ngm2BDoIpTZJ7gxUBrnkHgjGBXqEJGjOXK5JPLpgOIKI+hUoCBAIEBQIOAQEGgWM8gVkzPoM2TwMZD44gg3iPe0EzAjkCBwEKAQEDCYI5iREBAQ IronPort-PHdr: A9a23:D+O7khVWKy1Hc/+xim2MzOwCQojV8KyzVDF92vMcY89mbPH6rNzra VbE7LB2jFaTANuIo/kRkefSurDtVSsa7JKIoH0OI/kuHxNQh98fggogB8CIEwv8KvvrZDY9B 8NMSBlu+HToeVMAA8v6albOpWfoqDAIEwj5NQ17K/6wHYjXjs+t0Pu19YGWaAJN11/fKbMnA g+xqFf9v9Ub07B/IKQ8wQebh3ZTYO1ZyCZJCQC4mBDg68GsuaJy6ykCntME2ot+XL/hfqM+H 4wdKQ9jHnA+5MTtuhSGdgaJ6nYGe0k9khdDAFugjlnwXsLzmRL4tc5X4S6HZO6vfbQdZW2rz 4VkaVjakD4gJ29+/1vXqcdphoIAo1G68k8aocbeNaW4FOhebr/zOt4HYVpzecdSURNFUtL/L I4vFccjP7cCkKrmiXUHhkekDALrAsrCyRVq3S7w96AejugxMjvCwi4DEvEPil+XicWtNaswC e2Hl/fajmTlSNIH2TLk+Yf3LVcZoNORQpRgSvrg9lIxBRuav3e/uNO4PjiQ6rkEj3jH9edMU s+CrkI+ij92oTaB994VkrKTp6AkwHr5sipCm58PLPemD0xHXZ3+H84D/zHfNpFxRNslWX0to ish17ka7IayZzNZoHxG7xvWavjCdpSBwTu5BKCfOz5lgnJidr+lwRq/ogCsyez5A9G9y00C7 jFEnd/Fqm0X2lTN59KGRPpw8gbp2TuG2w3JrOARCU4unLfdK5kvz6R2kZwWsE/ZGTTxllmwh 6iTHng= IronPort-Data: A9a23:HEIPpqD4pXyOARVW/63nw5YqxClBgxIJ4kV8jS/XYbTApDx01D0An GscXmvVOPeKM2Wnco0iYIyw8UsH7cPRx95kOVdlrnsFo1CmBibm6XR1Cm+qYkt+++WaFBoPA /02M4WGdoZuJpPljk/FGqD7qnVh3r2/SLP5CerVUgh8XgYMpB0J0HqPoMZnxNYz6TSFK1nV4 4ir+5eCYAbNNwNcawr41YrT8HuDg9yv4Fv0jnRmDdhXsVnXkWUiDZ53Dcld+FOhH+G4tsbjL wry5OnRElHxpn/BOfv5+lrPSXDmd5aJVeS4Ztq6bID56vRKjnRaPq/Wr5PwY28P49mCt4gZJ NmgKfVcRC9xVpAgltjxXDFXDT1ROfVG6YPieyOBku+W0WqeSljFlqAG4EEeZeX0+85sBH1Ws /EIIzBLYAqKmuS2x7y2UK9gi6zPLuGyYdhZ6y4mlG6IS698HvgvQI2SjTNc9DIxjcBHEPKYe McYciFHZRXbbhYJNE0eFZQ+m+mlnD/zflW0rXrM/vdvvDeCllIZPL7FNtvvWta0H+BphWnfr F/D0kvTLyAlK4nKodaC2jf27gPVpgvyXI8CHbu0++RChVyTz2gSAwwQE1C8pJGRgFS3RtRSM WQX9zAooKx081akJvH0RAGQo3OeuBMYHd1KHIUS8AiQzoLM6hudQ20DSSRMLtchsaceSTUs1 1KNt9LuCjFmqreSWTSb+6v8hTq0NTIULEcBaDUCQA9D5MPsyKk2hwjTT9AlFKeoptn0Hyzgh TyHskAWnLIVguYI2r+98FSBhCijzrDYThUd6A+RVWWghit7Y46jIYKh8kTS5/tGIK6WS1CAu D4PnM32xOMWFpCLmyylQ+gXGrytofGfP1X0mlJhN5Ym8Dup9jioeoU4yDF3I0N0Ne4LfjjmZ EKVsgRUjLdRO3+xZId0bpi3BsBsyrLvffz8S/3ScttISplqcxGO+CxoeQib2GWFuFYti6YXK 5qdcNjqCXccFLQhyyC5AfoeuZcuxyM6wnj7XoL21Rmr0PyeeRa9QLIEKgTVb+QR46aNoQGT+ NFaX+ORxg9QXcX+ay3T4IhVJlcPRVAxHZ7etcNabKiALxBgFWVnDOXeqZsleop4j+FWm/3O8 3WVREBV0hz8iGfBJAHMbWpsAJvrXJBivTc1JiAhI1us82YsbJzp76oFcZYzO749+4ReIeVcF qRePpTfR60QG3GeoWtbc5y7p8psbh22gwKJMSe/JjQyF3J9ezH0FhbfVlKH3AEAFCOqs8s5r bC6kATdRJsIXQN5C8jKLvmoyjuMUbI1w4qehmOZc4UBS1am64VwNS36g9k+JsxGe12JxSKX2 0zSSV0UrPXE6d19utTYp7G2n6HwGctHH21eAzb665SyPnLk5WaN+9JLf9uJWjH/b1nK3pueS 99b9cyhD81frm1269J9N51J0ZMB48Deou4G7wZ8Q1TOQVeZKpJhBXik3cB/kKl81+Jcsg6YA 0iK+sdoPIuYHMbfFH8QOwsXQeCR3t4EmjTpzKoUIWerwARV7ba4QUFpEB3UsxNkLZxxK5ID/ ectnOU0+j6PoEMmHfjehx8F6lnWCGILVpsWk60zAajpu1IN8U5Da5mNMR3GysiDRPsUO3Z7P wLOorTJgold4U/wc3ATM3zp9sgFjLQsvCF69nMzF26rqPHk2MBuhAZw9A4pRDt71h9EiuJ/G lZ6Pn1PeJmhwW1au9hhbUuNRSd6Gxyrym7gwQAolUrYbXWSeE7jEWkfAduJrWclqz9yXz4D5 7yJ6nfXYRCzduHL4yYCc0pEqfvicN9PyjP/iP2XR8SoIp1rTgfm04mPZHUJoSTJGckeplPKj sg08fdSaZ/UDz8xoao6Oraex4YvbQ22Ik5CTc48+6lTL2XXeWyx6wOvMGG0QNtGfNbRwH+7C utvB8NBbAu/3yCwtQImBbYADrt3vfwx7v8AR+/bHnEHuL6hsTZZipLc2SzgjmsNQd81s8ICB q7OVjCFSEq8uGB1njLTkcx6JWaIW9kISwni1uST8u9SNZYisvlpQH4iwImPoHSZHwt2zS265 DqZSfft8NVj7oBwk6/HMKZJXVy0IOyuctW4ylm4ttAWYO7fNcvLiRgulWDmGAZrJpoUZcV8k OWckdzw3X6dho0MbULip8CjGZVKtOKIZ8gGFuLsLXJfozmOZ9+03TsH5FKDCMJolPFz25CZY jWWOeqKSM4tetZCxXdqRTBUPDQDBo/WMKrxhyOPgM6dKxoa0AeddYus3iLtYE59cQsNCYzPO jHpstn/4+JojZl+KyIFI9pEAJZIBkDpdoV7Vt/2tBieVnKJhHHbsJTctBMQ0xP5IVjaL9Tbu LXrHgPfcja2s4H2lOBpiZR45EArPSwskNsOcVI40P8orTKDVUotD/kXaLcCAbFqyh3C7onyP mzxXTFzGBfGfGp2dDvn647eRSaZPOsFP+n5KhEP/0+5bySXBpuKMIB+9xVPsmtHRT/+8N6Jc d0u2GX8HhyU8KFbQew+4v+ag+A+4tj4wnkO2172ku2sIhI4LIgJ6kdcH1t2ZXSaK/3OqUTFG zFkDyQMCkS2UlX4HstcamZYUkNR9i/myzIzKzyD2pDDsoGc1/dN0+D7J/q16LAYccAWP/Qbc BsbnYdWD7y+gRT/YZcUhu8= IronPort-HdrOrdr: A9a23:d3B/gq1Ywk/rNvkf769bIgqjBEwkLtp133Aq2lEZdPU1SKylf6 LHpp4mPHrP5Qr5N0tQ/exoVJPtfZq/z/BICOAqVN/IYOCMggqVxe9ZgrfK8nnJAC30/qpxyb xpeK1zJNn5DV0/sN3z6gu1CPYsqeP3lZyAtKP31HdnRUVNcKFv7wBwFwadHAlfXRBCBZAwCZ qb4aN81lidUEVSRt+6DXFAefPCqd3NnI/nZhBDPBIu7Q3mt0LK1ILH X-Talos-CUID: 9a23:9U4Cs2jI6AjdSO0qQVEEEAMuhjJufWPB43OII16ELDwydp62TEG3oJpHup87 X-Talos-MUID: 9a23:9qVo2wWPJzT4XGHq/DntvhFoCp1N37+BT0owlLgpkeS1CjMlbg== X-IronPort-Anti-Spam-Filtered: true X-IronPort-AV: E=Sophos;i="6.03,250,1694728800"; d="scan'208";a="135077926" Received: from 153-97-179-127.vm.c.fraunhofer.de (HELO smtp.exch.fraunhofer.de) ([153.97.179.127]) by mail-mtaKA28.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Oct 2023 11:42:56 +0200 Received: from XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) by XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.27; Wed, 25 Oct 2023 11:42:56 +0200 Received: from DEU01-FR2-obe.outbound.protection.outlook.com (104.47.11.169) by XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.27 via Frontend Transport; Wed, 25 Oct 2023 11:42:56 +0200 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=AXKx87xGk6CMIe7UNiRrfp74FFe2111/bF7U5Q74kf2r/tGdGUX/8Wc+FHsRvrznndVThXTb888DIrq86XtbMBmms43J9eGtOoaFPBYqSmoazak42aZJ5efaSiCvkb2ZbJ1zYFrgJx9xJt0cNpZwswCvofrr38xY2NgBxMEal7rJdOVzNLzrfysaCNrpGSR+kGTBNlyz9iasxP2JFYOZeAi3KWaE05Klb8rEZ0mmsYFJi2noVIYxEIzr3I/0MdySNCfKEqRV+AMqh+fV5yCi3eoTGryaDD+RTV6bPlyT2iRZ+pAbl1otkNRxptg4VUKkEIGFYmzBVibvtZpgfRtUbA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=jCQjkLBQou1K1XlAT1aHJgI/ZpqOx9/gRhKcqbH3k+s=; b=Vk3qfNohnK6HblcjNgRCdX8zL+VWTABIeNckYYpkj+fkl25RwliTGudIOYc8EyxN1JHK/RSHFG3q0S7VC2oHdVJ/CDqf4U0//1OAmkN8TrARj7owIUv99gdTBeN8G8LkfsyQr67h4EUIE7sreQ4xTFKHcr/4KRZFOUUcBis8DaGxV5qEdVw7iIcbLK42eCShsXxyYNMmFRumXDsDm1FN6Tg922U4kkRsQMNZjx7D+duqUOvBqfyGjiQxG8TXOBszN2+T5nFtyfS/9wq2xpMkJQv8kbtEFJUFQiNknXBYqBlvwv0HOIrqdlc5GVlpKmhwyTpZJjiRbxIu61zWzU5hhQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=aisec.fraunhofer.de; dmarc=pass action=none header.from=aisec.fraunhofer.de; dkim=pass header.d=aisec.fraunhofer.de; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fraunhofer.onmicrosoft.com; s=selector2-fraunhofer-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jCQjkLBQou1K1XlAT1aHJgI/ZpqOx9/gRhKcqbH3k+s=; b=LEHzHxtF/euLXZOiknWl89++mHrEJj92WKsFFaC4rac/nAEkBJ39nBeL5dxKRlvJKeKiRC+Mx0idJ0eZ36z+9NOI9hmqygW7/PiJuwNxSXYWsvzp7YJGy75icmT5aTx4reDoEEMDqIVokfFYqQpS2IJYbBU/gS3qRaBv/jTT+2g= Received: from BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:50::14) by BE0P281MB0116.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:f::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6933.19; Wed, 25 Oct 2023 09:42:55 +0000 Received: from BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM ([fe80::7330:78f8:1bf2:2f4d]) by BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM ([fe80::7330:78f8:1bf2:2f4d%5]) with mapi id 15.20.6933.019; Wed, 25 Oct 2023 09:42:55 +0000 From: =?utf-8?q?Michael_Wei=C3=9F?= To: Alexander Mikhalitsyn , Christian Brauner , Alexei Starovoitov , Paul Moore CC: Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Quentin Monnet , Alexander Viro , Miklos Szeredi , Amir Goldstein , "Serge E. Hallyn" , , , , , =?utf-8?q?Michael_Wei=C3=9F?= Subject: [RESEND RFC PATCH v2 03/14] device_cgroup: Remove explicit devcgroup_inode hooks Date: Wed, 25 Oct 2023 11:42:13 +0200 Message-Id: <20231025094224.72858-4-michael.weiss@aisec.fraunhofer.de> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20231025094224.72858-1-michael.weiss@aisec.fraunhofer.de> References: <20231025094224.72858-1-michael.weiss@aisec.fraunhofer.de> X-ClientProxiedBy: FR4P281CA0420.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:d0::17) To BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:50::14) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BEZP281MB2791:EE_|BE0P281MB0116:EE_ X-MS-Office365-Filtering-Correlation-Id: eee12d09-c658-47ff-116e-08dbd53ec38d X-LD-Processed: f930300c-c97d-4019-be03-add650a171c4,ExtAddr X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: dm49FTuTQ8jNfzqt2mYOslgd6QfM3A2lGeXCUighYa+9L33GJ/1lupIJMCFi4KWFGFoX14fYrc1cErG5oEerTCbPXTijD8H4NPcFJo5dLUEyZRfKjjwCb84iwXGSEAwCzeD0XHKSksxVCSAXfM9YXXG4JbxgBYajBx8+MFSq484GQRfGyM6H/ZO8U7vQAD9BRm83uw8mS+UeXp/f7te/6Phjz/SD5RKLYtN/pYMNleNrAya9hnO46I+u1eMwtBWG1SGYlo3deAcUKpbi5ZsiFWzM0L6I5t1aOuOlI2kan2dLZe2IOahqDUaQHDULgBIXB3YsFg/CLIgbFubpTyoAzRIhVrEUvWpKl5HxJrBSfv4nRH5eCMhUNUHq6h7ZRy1J1h7k5LCvkslxNA0u8iC66tDgEMgFZ97vu6M6IP0uGjFNFGSVrfjVfOSQNFA+xweHgk4tP5OF6Kb+XKoeeJImKGcYRo6tobER/h9R+aq5p6wAYa7+XJ4cUdJDF5x6myOgO7qdaiXdzuk2WYiiW0qah4CpqvI7oplLb+CGDQsHdoqjzDlysItPqeCiGnY0jowVh0E7g8/LEMDRuu3rTbK4SIiHFqQQZK2L4PkunbI+FKE= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230031)(366004)(346002)(136003)(396003)(376002)(39860400002)(230922051799003)(1800799009)(186009)(64100799003)(451199024)(66946007)(83380400001)(316002)(38100700002)(6486002)(478600001)(6666004)(54906003)(110136005)(66556008)(66476007)(1076003)(107886003)(52116002)(6506007)(2616005)(6512007)(7416002)(2906002)(86362001)(4326008)(8936002)(82960400001)(8676002)(41300700001)(5660300002);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?8e9EE1KnCm0EZP12a2xbmPxMtDwx?= =?utf-8?q?H9Ky3p0rNdK32JK0UfgfhdF48JdxkUcJgSOYi7uGPw577wkuP/KFUJOVwq6yqD4FW?= =?utf-8?q?Q8uFk2sCb5+Fga6Awk/OsOt+CwWcEcX/0A00N4oCtnE9mp6iq6GELr0HKDi1REkb3?= =?utf-8?q?5BoXLeVTmbrVROf/dfVIjCqZiK8wZlcSvCHGZii41uMl3wNojmvGDdJnkGZ9c8f6n?= =?utf-8?q?xV9wcoQtaVaTbuyfys5dgso99W5VoXkAFSJFPoXT4FnlG9D3sDthZEiIKP6UgSZ+D?= =?utf-8?q?Ri7csEkSjDRDXjQ87IDhFSyEx1u5KeRjEF0uugRZPBVwI01qQ+snMZY87ArCVE0Yg?= =?utf-8?q?KmX2C+h6TbrSs0D60hbbPEOullwf3kY9EMFTUKktEk5KG/cQ+PrIQu8Sx6nn3bVWO?= =?utf-8?q?7EIohZ15kqF2yVYq6pTdr6ajiaiYogvxjacRbk/f+nsOCY28XWtSaZqwOLw62cbGg?= =?utf-8?q?fmws14cjvDzad0i66AbePcS9fqcb4EQOnk5Isp3rTjJZlgtC4pzd84IXKtSalLjEE?= =?utf-8?q?wM7TrdaokrrihGpox9O6zeM7MuYjsBbnHJ6rRCAS0KVuCqGvOkZz/4cjFna9mMcxR?= =?utf-8?q?z2bG0WZPbOffdE7Z2D3WopL42fHZdttehawLdZUHgzABo0UIPC/QGpZw6pnWSIzq7?= =?utf-8?q?OVbEYl5PHsb+FTbWabX+IV/ZydBblh+GiDZY2gXQh23URmrszKEMYMEayVKSEYWa+?= =?utf-8?q?UT1FmRh3JgnIWa+gBfwnWVNaUPfItx0qJhc+yHi3vCEW7TeqUX4wjNe/Jn5DT+95r?= =?utf-8?q?xqsxWAT46kTXA42lZo3xIRkP+ntO5xnKarVRdM0/v0fD0HWmFUPsDfV0v7dEIQXT4?= =?utf-8?q?+6IIUWsWZXueVjiVu1tCLT4K9tlWQlWgefPYvXpGE38ESqTA36xN9SetdDPbJ+Ku7?= =?utf-8?q?FduRQwvvhVwToK1w8QyXWrLW6214MJnYLyjFxylz+2V3mH6C6OwOsTFDXbgCz0UtZ?= =?utf-8?q?Qt2PsTNL8QbC+sG8LWbTxPq1y/N4DMYN5XKR9UHXf7lCBpJUq0OZ3j7DIqAAt3Ml5?= =?utf-8?q?kC7a9joYGR2l2QmZS2ur+9Fw2kWN39gTt8B/85Wog4Gz1ufXOX5/XlYdkyylBYonI?= =?utf-8?q?GQZ6JjS4JrzXp1TPk4CaqCTqXPdy9uKe9fyRBcFG1Y0UwNbA53mehOMrZWwrYNxEJ?= =?utf-8?q?XyPpvRDEtZ3oJZEsWo5O7cEg9I5CN36/3zKTEIi3/uNrc807HYtlpQue6Pu0Z7Bsy?= =?utf-8?q?xYhT4kyFYhAuFr3tqS8HzLJfnELQJWxaVZyMdCzrGQwjK81nJQdYUndhfYgtdUDWF?= =?utf-8?q?RQc4lvo8ktI6+czVnN91bg/r1p+ogmXoHjG1hltIYFviPubHJf+hZvIv2aaFsCkWh?= =?utf-8?q?s4lZtM7mQuxGKmPpbriUAWKgZwtF0Hanx0ip1nUgjkkcd0UjL4/dN/pGB8rVAtWd4?= =?utf-8?q?AiHCGNh+gBLeF83r5F+vUGg2OCjr2h5RKMzXyzu+MM7ki3wf4LlbcsTWa47eRmiJx?= =?utf-8?q?xKx7MZ2rh4qDooDJuOzaYnAHDcnCIpCE6M+MOxI3BFkJvXluVMU24snJqpUOeqpKB?= =?utf-8?q?JOCw6b6QcE8Hkl0w6+QqgE5fD4q89rCFaOBebhtpOCiL+FMSZTkDVHwBCcbu1/y3S?= =?utf-8?q?fVjZaeL0VzVYPBpT4+NktEtmqgYSVoW0GcfzXbS4nRyzbMxyJn4fB0=3D?= X-MS-Exchange-CrossTenant-Network-Message-Id: eee12d09-c658-47ff-116e-08dbd53ec38d X-MS-Exchange-CrossTenant-AuthSource: BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Oct 2023 09:42:55.1248 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f930300c-c97d-4019-be03-add650a171c4 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Bz5/VyBR5xryOsAMINHSUV8RoCrXgbMTUczQOV7ZplwvciOnn7ZAHXNTwgrvZXc+OfFzEvppd76qFHZ09bKZXpW6zwlc2iyRe4IWje4kltmq1hR0FQmYmOX+SFSo64Sy X-MS-Exchange-Transport-CrossTenantHeadersStamped: BE0P281MB0116 X-OriginatorOrg: aisec.fraunhofer.de X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on morse.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (morse.vger.email [0.0.0.0]); Wed, 25 Oct 2023 02:45:04 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1780720246253990935 X-GMAIL-MSGID: 1780720246253990935 All users (actually just fs/namei) of devcgroup_inode_mknod and devcgroup_inode_permission are removed. Now drop the API completely. Signed-off-by: Michael Weiß --- include/linux/device_cgroup.h | 47 ----------------------------------- 1 file changed, 47 deletions(-) diff --git a/include/linux/device_cgroup.h b/include/linux/device_cgroup.h index d02f32b7514e..d9a62b0cff87 100644 --- a/include/linux/device_cgroup.h +++ b/include/linux/device_cgroup.h @@ -14,54 +14,7 @@ #if defined(CONFIG_CGROUP_DEVICE) || defined(CONFIG_CGROUP_BPF) int devcgroup_check_permission(short type, u32 major, u32 minor, short access); -static inline int devcgroup_inode_permission(struct inode *inode, int mask) -{ - short type, access = 0; - - if (likely(!inode->i_rdev)) - return 0; - - if (S_ISBLK(inode->i_mode)) - type = DEVCG_DEV_BLOCK; - else if (S_ISCHR(inode->i_mode)) - type = DEVCG_DEV_CHAR; - else - return 0; - - if (mask & MAY_WRITE) - access |= DEVCG_ACC_WRITE; - if (mask & MAY_READ) - access |= DEVCG_ACC_READ; - - return devcgroup_check_permission(type, imajor(inode), iminor(inode), - access); -} - -static inline int devcgroup_inode_mknod(int mode, dev_t dev) -{ - short type; - - if (!S_ISBLK(mode) && !S_ISCHR(mode)) - return 0; - - if (S_ISCHR(mode) && dev == WHITEOUT_DEV) - return 0; - - if (S_ISBLK(mode)) - type = DEVCG_DEV_BLOCK; - else - type = DEVCG_DEV_CHAR; - - return devcgroup_check_permission(type, MAJOR(dev), MINOR(dev), - DEVCG_ACC_MKNOD); -} - #else static inline int devcgroup_check_permission(short type, u32 major, u32 minor, short access) -{ return 0; } -static inline int devcgroup_inode_permission(struct inode *inode, int mask) -{ return 0; } -static inline int devcgroup_inode_mknod(int mode, dev_t dev) -{ return 0; } #endif From patchwork Wed Oct 25 09:42:14 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Michael_Wei=C3=9F?= X-Patchwork-Id: 157972 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce89:0:b0:403:3b70:6f57 with SMTP id p9csp2479259vqx; Wed, 25 Oct 2023 02:44:47 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFdWmQxOoKJ7IIHLQvpO0vb3LDYb8AF+4ipgp3OTBG4HSLx6GoqVMItw8JZqXixRTdPtbG6 X-Received: by 2002:a25:820a:0:b0:d9c:c939:488b with SMTP id q10-20020a25820a000000b00d9cc939488bmr18014626ybk.12.1698227087774; Wed, 25 Oct 2023 02:44:47 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1698227087; cv=pass; d=google.com; s=arc-20160816; b=nCtAj+sjJ1wIE9TXb4XYocsauXc0v2AtQqplXVKXtxAX50q3wBB1QEqSSrDjq7GGHN xbmw168unaRKctcLs9VdyJPmYiHFJVZErEJWtNoAF4OEXziMba3q9pRnEbyWe4WaBlpQ /A43n2wBk37f2sFME9pltXNjH5lRDKa6tgPj0cMlj5fq1sh9BchPL9S7/d22e+bYkLYU bXtX1Fyc+7US2/xA217FFzb/nZZQUH326Du8lGFAqKgMqjs1q/LF2t7+OZY4GubNIqH1 c7ZqgXeX91/k1G9PFvxBezInVxYjJm1V1+k0Gt2eswA7NxXIBT8NYh9JK6Ey2qZ1lfkV aoWA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:content-transfer-encoding :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature:ironport-hdrordr:ironport-data:ironport-phdr :ironport-sdr:ironport-phdr:dkim-signature; bh=3YPtGlbfOhek7kyGmSLTW4S5wb/tN5rq46dW3ushdds=; fh=U9u/esc0XBb8N/pVu7kudxJPwEQ0AyrThcmR2LpYyxQ=; b=zin+5UKn2kWkQimnKPlux7RVCSFpwhcTsJdur5NWrkP6ed24UaPqqqHAKVn9XAQOGp KwguG9zpzRcQCy4tkEn/0cNSt9rK4j5p4FbYoimE+6D6g45GDOk4c74yB+YcywMO+MAu Ep0SxKTuMuNjejZHAiDzvHIDbX0+MEuTlhV2cEzzhyhW5JKRD2aYqdOVAGMqtISIvlYF Zr+YgvMJoDftsUEoZwkfktR8iBEMc1OwyQ6AKVQ4aH/rrwPlrNNdhCS3sWuSWEAqS+jQ G8xJsRcKNIlIGELPvAeLUMUrd57udz/jSSmlSWLOsi+N3USIX3AwuFSTuCHfiZLOmQYA 0gPg== ARC-Authentication-Results: i=2; mx.google.com; dkim=fail header.i=@aisec.fraunhofer.de header.s=emailbd1 header.b=ViWaggDo; dkim=pass header.i=@fraunhofer.onmicrosoft.com header.s=selector2-fraunhofer-onmicrosoft-com header.b=IfNeqAB7; arc=pass (i=1 spf=pass spfdomain=aisec.fraunhofer.de dkim=pass dkdomain=aisec.fraunhofer.de dmarc=pass fromdomain=aisec.fraunhofer.de); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from lipwig.vger.email (lipwig.vger.email. [23.128.96.33]) by mx.google.com with ESMTPS id o136-20020a25418e000000b00d781ae9d7ccsi9839627yba.585.2023.10.25.02.44.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Oct 2023 02:44:47 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) client-ip=23.128.96.33; Authentication-Results: mx.google.com; dkim=fail header.i=@aisec.fraunhofer.de header.s=emailbd1 header.b=ViWaggDo; dkim=pass header.i=@fraunhofer.onmicrosoft.com header.s=selector2-fraunhofer-onmicrosoft-com header.b=IfNeqAB7; arc=pass (i=1 spf=pass spfdomain=aisec.fraunhofer.de dkim=pass dkdomain=aisec.fraunhofer.de dmarc=pass fromdomain=aisec.fraunhofer.de); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by lipwig.vger.email (Postfix) with ESMTP id 0377B807C576; Wed, 25 Oct 2023 02:44:45 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at lipwig.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234702AbjJYJoZ (ORCPT + 26 others); Wed, 25 Oct 2023 05:44:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39050 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233364AbjJYJoJ (ORCPT ); Wed, 25 Oct 2023 05:44:09 -0400 Received: from mail-edgeDD24.fraunhofer.de (mail-edgedd24.fraunhofer.de [IPv6:2a03:db80:1504:d267::25:24]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 66505CE; Wed, 25 Oct 2023 02:44:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=aisec.fraunhofer.de; i=@aisec.fraunhofer.de; q=dns/txt; s=emailbd1; t=1698227045; x=1729763045; h=from:to:cc:subject:date:message-id:in-reply-to: references:content-transfer-encoding:mime-version; bh=u8J4QNl6bGHBAAGKFG1CKmom9uj9k0VkWpIZmDvdvHw=; b=ViWaggDoEuen0RvTIMG1GXBw4zRsp3EFjhUe1CbyLOCOjQvKz31p+58L 7vDVn7kv3rHW5VbOk3MexREiD0wd5ppH63u5IWn0x13k4P6WGRjtnKr/i ZU+qK8tBawkmdDGAvEMcpmqPp5nUGRXqa1p8ffw7WQUCDDyWkuF0NyQGf ZWAuLgoXdGho0rvPxNSJcQBTEYFkiZzOzcOBGyCoyuvznNI/NxUip0sLk F3zSdypHjY+tbMdBg5cWo19LoymBWeBjinxwXvA7pxTbvayEsKhPJNe5M 9VYc7hL2VJdsTmevWfxFGKjXAVj4zJSM/8QQMRuxkBdz+bNHCea3Tgmnx w==; X-CSE-ConnectionGUID: bGpp7yw1Qb+D08fO5o1H0g== X-CSE-MsgGUID: NZUdsIxMSmWvBHD1r8+GvA== Authentication-Results: mail-edgeDD24.fraunhofer.de; dkim=pass (signature verified) header.i=@fraunhofer.onmicrosoft.com X-IPAS-Result: A2E2AABB4jhl/xoBYJlaHQEBAQEJARIBBQUBQIE7CAELAYIQKIJXhFOIHYlBmCaEBCqBLIElA1YPAQEBAQEBAQEBBwEBRAQBAQMEhH8ChxonNAkOAQIBAwEBAQEDAgMBAQEBAQEBAgEBBgEBAQEBAQYGAoEZhS85DYQAgR4BAQEBAQEBAQEBAQEdAjVUAgEDIw8BDQEBNwEPJQImAgIyJQYBDQWCJliCKwMxshiBMoEBggkBAQawHxiBIIEeCQkBgRAuAYNbhC4BhDSBHYQ1gk+BSoEGgTd2g3tdg0aCaIN1hTwHMoIigy8pi36BAUdaFhsDBwNZKhArBwQtIgYJFi0lBlEEFxYkCRMSPgSBZ4FRCoEDPw8OEYJCIgIHNjYZS4JbCRUMNQRJdhAqBBQXgRFuBRoVHjcREhcNAwh2HQIRIzwDBQMENAoVDQshBVcDRAZKCwMCGgUDAwSBNgUNHgIQLScDAxlNAhAUAzsDAwYDCzEDMFdHDFkDbB8aHAk8DwwfAhseDTIDCQMHBSwdQAMLGA1IESw1Bg4bRAFzB51Ngm0BNlcBgVorUpYuAa55B4IxgV6hCRozlyuSTy6HRpBIIKI+QoUIAgQCBAUCDgiBY4IWMz6DNlIZD44gDBaDVo97dAI5AgcBCgEBAwmCOYZGgkwBAQ IronPort-PHdr: A9a23:YLtoMBfm5VeEmyS1DH01krdjlGM+49/LVj580XJao6wbK/fr9sH4J 0Wa/vVk1gKXDs3QvuhJj+PGvqynQ2EE6IaMvCNnEtRAAhEfgNgQnwsuDdTDDkv+LfXwaDc9E tgEX1hgrDmgZFNYHMv1e1rI+Di89zcPHBX4OwdvY+PzH4/ZlcOs0O6uvpbUZlYt5nK9NJ1oK xDkgQzNu5stnIFgJ60tmD7EuWBBdOkT5E86DlWVgxv6+oKM7YZuoQFxnt9kycNaSqT9efYIC JljSRk2OGA84sLm8CLOSweC/FIweWUbmRkbZmqN5hGvBabJrgT+vORa2CSZYs7nYrUPfQids 5w2VxWvlAFaLSdlrm3o0dFrjK5Xu0fywn43ydv1bqeYLdNUIfz7XYMka3R+ZeRKB3BvLqa+b LMWM+QsBb9FobWlugAwkwmQWy+RGP22yiMUqifu7IYB1/4mSiKf0VA8J+M/vSjuk9HcZaU0V fqp7PH60zzqMu5E2TD36LaWch8Y/9uGfaM3Nsv+zVEBFCrVigSxqoffZyvJ0vgKs1Oa4u4jB eujl3wOmSJ+k3+BwMgi1MrIgLw52lvuzyN/wJQvAoSmEFNpMcHxQ9NA8iCAMI1uRdk+Bntlo zs+1ugesIWgL0Diqbwizh/bLvGLfIWkzki/EuiLKCp+hHVrdaj5ixvhuUSjy+ipTsCvyx4Kt StKlNDQq2oAnwLe8MmJS/Zxvw+h1D+D2hqV67RsL1o9iKzbLJAs2Pg3kJ8Sul7EBSj4hAP9i 6r+Sw== X-Talos-CUID: 9a23:bpVleG8EV3vpS7NjwviVv0Q7Ath6Y2KE9X2TDxfoB0E0T+S1EVDFrQ== X-Talos-MUID: 9a23:Yb8i2AWc82zNiljq/BneuT15FddN2KGRFmotvcwc64qrKwUlbg== X-IronPort-Anti-Spam-Filtered: true X-IronPort-AV: E=Sophos;i="6.03,250,1694728800"; d="scan'208";a="71347887" Received: from mail-mtaka26.fraunhofer.de ([153.96.1.26]) by mail-edgeDD24.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Oct 2023 11:42:58 +0200 IronPort-SDR: 6538e321_8uYvttgzKjzemzUDq3GF7/M7Ych4sU7/REFbzrxKIGAcXaX +ALTrQ/Bym+v+lRHkrxupvO8EPpsovw9xTFleZA== X-IPAS-Result: A0BZAABB4jhl/3+zYZlaHQEBAQEJARIBBQUBQAkcgRYIAQsBgWYqKAeBS4EFhFKDTQEBhE5fhkGCITsBl2qELoEsgSUDVg8BAwEBAQEBBwEBRAQBAYUGAocXAic0CQ4BAgEBAgEBAQEDAgMBAQEBAQEDAQEFAQEBAgEBBgSBChOFaA2GTQIBAxIRDwENAQEUIwEPJQImAgIyBx4GAQ0FIoIEWIIrAzECAQGlLwGBQAKLIoEygQGCCQEBBgQEsBcYgSCBHgkJAYEQLgGDW4QuAYQ0gR2ENYJPgUqBBoE3doN7hCOCaIN1hTwHMoIigy8pi36BAUdaFhsDBwNZKhArBwQtIgYJFi0lBlEEFxYkCRMSPgSBZ4FRCoEDPw8OEYJCIgIHNjYZS4JbCRUMNQRJdhAqBBQXgRFuBRoVHjcREhcNAwh2HQIRIzwDBQMENAoVDQshBVcDRAZKCwMCGgUDAwSBNgUNHgIQLScDAxlNAhAUAzsDAwYDCzEDMFdHDFkDbB8WBBwJPA8MHwIbHg0yAwkDBwUsHUADCxgNSBEsNQYOG0QBcwedTYJtATZXAYFaK1KWLgGueQeCMYFeoQkaM5crkk8uh0aQSCCiPkKFCAIEAgQFAg4BAQaBYzyBWTM+gzZPAxkPjiAMFoNWj3tBMwI5AgcBCgEBAwmCOYZGgksBAQ IronPort-PHdr: A9a23:1DOoMhHh3nJzvaA+sPt+9p1Gf29NhN3EVzX9l7I53usdOq325Y/re Vff7K8w0gyBVtDB5vZNm+fa9LrtXWUQ7JrS1RJKfMlCTRYYj8URkQE6RsmDDEzwNvnxaCImW s9FUQwt5CSgPExYE9r5fQeXrGe78DgSHRvyL09yIOH0EZTVlMO5y6W5/JiABmcAhG+Te7R3f jm/sQiDjdQcg4ZpNvQUxwDSq3RFPsV6l0hvI06emQq52tao8cxG0gF9/sws7dVBVqOoT+Edd vl1HD8mOmY66YjQuB/PQBGmylAcX24VwX8qSwLFuUrLZovetiH0kepw23aZLOLzdpQIZmiZs rhhDwPO1T0ea2A1zzrKkcx8gLkO83fD7xYq4oDybZi8HqUhWIONQ/0EelFjRZYNeQBkAICEd rcBItJYIOhk95SmmWUcg0WYOBWyXePzlhMQnk7d5qkg1L8CSAyawDQRLt9SikvQhYT3EqMIT cDt/rfB5GjeffNR0zfDtojHS04Lq9GdGvVxXs7J50oGBweUr1abk9T9YzeJ0eQ2smWfrLppW f69olwEpDA2jD6gyJlvi4/3qpIe4GrC8yVr2qFsO4WlWh5kNI3sAN5RrSacL4xsXoY4Tnp1v Dpv0rQdos3TlEkizZ0mw1vad/WkWtLWpBz5XfuXITB2iWgjdL/szxqx8E310uTnTYH0y1dFq CNZj8PB/m4AzR3d68WLC7N9806t1CzJ1lX75PtNPEY0kqTWMdgmxLsxnYAUqkPNAmn9n0Ces Q== IronPort-Data: A9a23:KE+0tqAHvBV3oRVW/6znw5YqxClBgxIJ4kV8jS/XYbTApD8qgjFUz mIWWGuPP/bZNjOmfNkgPYm3pxsOsMeGmINkOVdlrnsFo1CmBibm6XR1Cm+qYkt+++WaFBoPA /02M4WGdoZuJpPljk/FGqD7qnVh3r2/SLP5CerVUgh8XgYMpB0J0HqPoMZnxNYz6TSFK1nV4 4ir+5eCYAbNNwNcawr41YrT8HuDg9yv4Fv0jnRmDdhXsVnXkWUiDZ53Dcld+FOhH+G4tsbjL wry5OnRElHxpn/BOfv5+lrPSXDmd5aJVeS4Ztq6bID56vRKjnRaPq/Wr5PwY28P49mCt4gZJ NmgKfVcRC9xVpAgltjxXDFVOBphGrFjxYOABiSgjtLD/UT7VETFlqAG4EEeZeX0+85sBH1Ws /EIIzBLYAqKmuS2x7y2UK9gi6zPLuGyYdhZ6y4mlG6IS698HvgvQI2SjTNc9DIxjcBHEPKYe McYciFHZRXbbhYJNE0eFZQ+m+mlnD/zflW0rXrL9fZnvTKMkGSd1pC9HuHOdPvJX/x+j3ek9 j7C+k/XXiAjYYn3JT2ttyjEavX0tSr/VZIbErG17NZvgV2awm0YGRtQXly+ydGzkEejXd9FA 08Z4Cwjqe417kPDZtDmQzW7rWSCsxpaXMBfe8Ui4RyJ4rLd/gLcA28DVDMHY9sj3Oc6TDor2 1uhntTmCDV1urqFD3SQ6t+8pDW+IykUBWwPfykJSU0C+daLiIQ6lA7OSJBnGbOditzzBCG2z z2UxAAlgLMcpc0GzaO2+RbAmT3EjonJVSY77EPcWWfNxgF+ZIjjaYWz9VHR4PBMBImcR1iF+ nMDnqC27/gVDJeClASOTf8LEbXv4OyKWBXHjVBHEJ4m+DCgvXWkeOh44Dh5IFpuGskDfjDtb QnYvgY5zJ1UOGCjRax6eYS8D4It16eIPc34W/bIb9xmY4N2agaD8SdyI0WX2gjFjkk2loktN JGab4CoDHAHGeJg1jXwWuR1+boqxSQ53kvIV53hwhiml7qDDFacTLYfbwCPasg26aqFpEPe9 NM3H9CH0RpSeO33Zi3G98gYKlViBXIjC7jopMFNMO2OOAxrHCcmEfC56bcgfZF12qdYjOHF+ lmjVUJCjlnyn3vKLUONcH8LQLfuW4tv6HwgMSEyMFKAxXcue8Cs4b0Zep9xeqMonNGP1tYtE qJAKprFW6seD22dpHIDaN/26oJ4fQmthQWAMjDjbDVXk4NcejElM+TMJ2PH3CcUBzextcwwr qfm0QXeQJEZQB9lAtqQY/Wqp25dd1BH8A6rdxqZfotgaw/3/ZJ0Kif8qPYyLoteYV/A3zaWn ULeSxsRueCH8cd//cjrlJK0id6jM9J/OU5GQEjdz7K9bhfB8kSZnIRvbeevfBLmbl3SxpmMX +tv8qzDAKU1p2oS64tYOJR3/J06/Orq9uN7zBw7PXDlbGaLK7JHI1uG1Plpspxcm7pSvCXvU EeP5OtfB6StPfnhMV8OJTgKavaI+uEUlwLzs9U0AhTezw1m8IWXVX59O0G3txVcC79uIaUZw esFk+wH2TyV0xYFHI6PsXFJyj6qMHcFbZQCirgbJ43a0iwQ1VBIZM3nOB/cuZ2gRY1FDRg3H 2WymqHHurV7w3jCeVoVEVzm/7JUpbYKiSBw4G4yHXa7sfubuaZvxzxUyyo9cSpNxBYe0+5TB HliB3coGYqwpQVXlOpxdEHyPTpeBS+p2F37kHoIs2z7c3OGdELwKE8FBOLc23xBrkx9eGBA8 aC62VTVd2/gXPvM0xsYXW9nrP3eTuJNyDDSpfD/H+m4G8gVXDm0pI6vemsClDX/C+wTmkDsh Ldn7cRwW4LBJA8SpKwKNI2I54s1VSKCBmxOfqxm9vk7GWrdJTKA4hmVCkWLYsgWDef7wUy5L M1PJ8x0SBW10hiVnA0bHaIhJ7xVnuYjwdg/JoPQOm8NtoWAogpTsJ7/8jb0gEkpSY5MlfkRB 5zwdTXYNECtnlpRxnHwqfdbNlqCYdUrYBP22Ma3+r4rE7MBqORdTlEg4ICrvnm6MBpVwDzMh VntP5Tp9u1FzZhgu6DOEa8ZXgW9Fo7VZdSyqQu2t4xDUMPLPcLwrDgqk1jAPTlNHL4vSt9yx KWsstn24Rv/h4wIcVvlwruPK6oYwv+JfrtzEtn2J3xkjye9SJfSwx8cyVuZd71Nsv1gv/eCe SXpSfGNZeY0WshczkJ7cyJxMQgQIIWpY7bCpRGSleWtCB8c2laedNiMqHvkQkdcUio6KqzON BL9lKer1OB5sbZjOR4gLNNlCq9eP1XMd/YHddrwlD/AFUiuoAqIlYXDnCoaywPgKye7Auejx rydXTn4VhC5mJ+Q/eFjq4Yo4yEmVidss9c/bmc22oBQiQnjKEUkMO5EE5ENKq8MoxzIzJuiO Q38NjozOx7cAwZBXw73uun4fwGlAecLBNf1Cxop826QaAa0HImwO6RgxAgx/0ZJfibf88//J eE84nHQOj2D8qNtT8sX5d25hr5D7dHezXQq50v8spLTBzAzPLY070FiTTF9DXH/L8LwlUv1f Dl/ASgORUygUkf+HPpxY3MfSllToDrryC5udiuVhsrWv4KA1uBb1fnjIKfJ36YeaNgRbqs7L Z8tq7BhP0jNspDLhZYUhg== IronPort-HdrOrdr: A9a23:7n0efKAmlQrleynlHemR55DYdb4zR+YMi2TDj3oBLCC9Afbo8/ xG/c5rrSMc5wxhO03I9ertBEDiewKmyXcW2/hyAV7KZmCP0wHEEGgI1+XfKkjbexEWgdQ96U 4PScdD4ZbLfD9HZI7BkW+F+vgbsaC6zJw= X-Talos-CUID: 9a23:e/u9R2O/XP3VSu5DVQJc62kIP/0ZNVqB00jOc32xNEFWYejA X-Talos-MUID: 9a23:qV95HAoKSLWOWKMOCCcez2FMD9xmxOe0MWscoKlW582BHgIsCg7I2Q== X-IronPort-Anti-Spam-Filtered: true X-IronPort-AV: E=Sophos;i="6.03,250,1694728800"; d="scan'208";a="68486274" Received: from 153-97-179-127.vm.c.fraunhofer.de (HELO smtp.exch.fraunhofer.de) ([153.97.179.127]) by mail-mtaKA26.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Oct 2023 11:42:57 +0200 Received: from XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) by XCH-HYBRID-03.ads.fraunhofer.de (10.225.9.57) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.27; Wed, 25 Oct 2023 11:42:57 +0200 Received: from DEU01-FR2-obe.outbound.protection.outlook.com (104.47.11.169) by XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.27 via Frontend Transport; Wed, 25 Oct 2023 11:42:57 +0200 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BN2rXsY9QnihpXD5Zd8rBkELaQwvCD3OQ+kKNr+/P4R5Z3lOQOahIamHo7SkmbUM4/MDc1k/oeeqRrx6sDFou6pqPdUlTBNy80eE2mEIbXyxLh8BKQpR06gd2+DaEwqmAFz9ZsOH3Vp29WQYsDNvpc64rFrMlj7LjPlFcEEtRoKa6EiXBoeRTlTfT5AetOxDiyzVYyaE4/eQqpkwrnLN7813rMnqzXEzNhTyNhPydFUOftcg1fax6pZDma0wQmDNPM78St2hOOnjplpmcYaWhLYtJ6LK5s73N1QaSwuHhkHb1hoNEmuQ3xZfYSK/9VCv2GyfL85DnsQKq1RdCxSeAQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=3YPtGlbfOhek7kyGmSLTW4S5wb/tN5rq46dW3ushdds=; b=nmR0tfo0eHGpYGcsnZHIXqPJEsU+2k8AvPxatGJeNKvF2YK1XCFgrWfBxDigzMGo2sUDMfxs/CLwQNd6sNzHOfEos9z8z4tOIeiBu5lgBhOI9ZKitTFVylLNETX5aJk87qHDQL9wkPwYEFzk0sLgYoL9mFZca/6tmMdZUFXhD9KkPp34aLE3q3WEe1SGKVlsRjDThoWsxq6AJUIBL/onpDeUbKaYyp1efRvk2+FHJVRRPGAIAhRf9HPcjb7kiIfJir5Qj3pFdDxfrpBKy4xOjpKAua181s/vW2ZQbLLnx/y/gLQ2Zv4BUsKeRTV+fzV52+TWk0PhAWmY31Vw66VXrg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=aisec.fraunhofer.de; dmarc=pass action=none header.from=aisec.fraunhofer.de; dkim=pass header.d=aisec.fraunhofer.de; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fraunhofer.onmicrosoft.com; s=selector2-fraunhofer-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3YPtGlbfOhek7kyGmSLTW4S5wb/tN5rq46dW3ushdds=; b=IfNeqAB77NH8VFvWSJs84FDMjkPqTfEP1ufT0u3VVzF6NUtv1ht4D0pYCSlro3K1e4tPYYe4RWlA9jNlrtH0ZvaA5uzhobhV6hgQ6BbHy//iGlpFkAxl9IkcR0p4ltohSiel+8adtzAZKgY/Fngf6+inVDxcBRnnhzrO1v0uz8w= Received: from BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:50::14) by BE0P281MB0116.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:f::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6933.19; Wed, 25 Oct 2023 09:42:56 +0000 Received: from BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM ([fe80::7330:78f8:1bf2:2f4d]) by BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM ([fe80::7330:78f8:1bf2:2f4d%5]) with mapi id 15.20.6933.019; Wed, 25 Oct 2023 09:42:56 +0000 From: =?utf-8?q?Michael_Wei=C3=9F?= To: Alexander Mikhalitsyn , Christian Brauner , Alexei Starovoitov , Paul Moore CC: Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Quentin Monnet , Alexander Viro , Miklos Szeredi , Amir Goldstein , "Serge E. Hallyn" , , , , , =?utf-8?q?Michael_Wei=C3=9F?= Subject: [RESEND RFC PATCH v2 04/14] lsm: Add security_dev_permission() hook Date: Wed, 25 Oct 2023 11:42:14 +0200 Message-Id: <20231025094224.72858-5-michael.weiss@aisec.fraunhofer.de> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20231025094224.72858-1-michael.weiss@aisec.fraunhofer.de> References: <20231025094224.72858-1-michael.weiss@aisec.fraunhofer.de> X-ClientProxiedBy: FR4P281CA0420.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:d0::17) To BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:50::14) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BEZP281MB2791:EE_|BE0P281MB0116:EE_ X-MS-Office365-Filtering-Correlation-Id: 25109b51-b884-4bf4-bd14-08dbd53ec457 X-LD-Processed: f930300c-c97d-4019-be03-add650a171c4,ExtAddr X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: qKuTr92LRkKjBsNEJJug/7v2Tf1byhv63SiyvdpcP+m3j7CImijZwvx3ytKTpUzsoU3CnoU4tE9hj9c0YXRHzHhxkkbkeYb4JjU5KKMcOdSjykVcutIT94AxAMWsfpwNXD1OmbZWPWT8Q+NU2rhXFM+m1uU7rdX4QGgIH0+vWVcabtHrpmwuh3wWHrRblimEiXCiZYb3EqUOl65Bjo/7jPiQGXdqoV4PB8KN3J4AiuHkLWU/r3izOgiSIWqLyARrxcAzdpaL02bWZDDjgMPEmAG1GT4RpFf/ucswYUAVFX8nyUsZNhT5Ln34oiTQwI92bZLQoX9MPq8qKcZUxo/NR5OU2r9nnXi37ZhRz7ly2TZES6KdU3s1GpBNtJo8+fBQpwbEClOLgxWgELHwGh5yCv20x7BsrGQNKH/t1TwDymTfAQ8efOleLIsGGBbSq1mTUdpHjOCdBZmlgT4f1Fg2eAIRsspCzFAvqnpxyeOzbBt6PjKHOnOWGmME06edN/epAaT40TzAS1FmG1v4xJHlNv1VIuEfefg/zY4ApsZssZMNz9EzplEvmO4rWPzxw/TOb5VeDemizYq8KX1zIRwvy66xsuHSTvCTi4TEVNoHcSg= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230031)(366004)(346002)(136003)(396003)(376002)(39860400002)(230922051799003)(1800799009)(186009)(64100799003)(451199024)(66946007)(83380400001)(316002)(38100700002)(6486002)(478600001)(6666004)(54906003)(110136005)(66556008)(66476007)(1076003)(107886003)(52116002)(6506007)(2616005)(6512007)(15650500001)(7416002)(2906002)(86362001)(4326008)(8936002)(82960400001)(8676002)(41300700001)(5660300002);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?pwZBH8NyRlZedlqa48AHsCLhhfjk?= =?utf-8?q?NOWM4wlzX2bbQ+qm9K0BX0Qb4C26F1I3Ub5FHPJ3IcgqksL0KzMygodkLCHOzbkgt?= =?utf-8?q?yaB2p85BNiIN1N+oYG3hyldgBpJDsqgRF3liDysq/nDMUlBTIvXrgmSt239hrqDft?= =?utf-8?q?GH+sgmNi1eci8ugsEyKeaaTW9EX90Ku8lEA5CC2fkMua4SOwbJyjOFNumHXeAjzHI?= =?utf-8?q?PQD+9DlWuLKnEW8dkVFBHgaZQ6yrjKFWWdrUtkO306gVT62bzmmViL82V6xl4F4ch?= =?utf-8?q?7K1ep3n9zVXjAWZAgtBPvqfIIzZulAr7QLb311vLPx5dn9f5L6N++cOhNwjpvY4U/?= =?utf-8?q?sgINCxcIzmiP/UanvsBNrInUsOY6xANTIxXPyIaLN/ARJAIxrNDP3YVr/y42xaMy2?= =?utf-8?q?3XdRmTwKhQZNrBnE9Q/1E7XVu4cU7xKlM63Paq12bfkKdBYHBhKsWnZfEJeKXikiA?= =?utf-8?q?cw9uGZi1MEBBkxH+omCHZFOgxxMbIoPNlSXtGW+2wmxtmsQifd4CyyUqVIwHgZI6E?= =?utf-8?q?uPyeqPqcdbhAz5ic75kd8oWLAAVtad0Nq2NKT4t4DWN6Ith6l8O1DmWdC7bKqL+ql?= =?utf-8?q?QA5nafIOwRpBQdpZIqaF9X3RXku5gZIdn8kqMfbmE9UQHyt49m5am13Z4sg1gTd9Y?= =?utf-8?q?6fphi7KVrTaSSZPjN1NS6oEt6E9hi3KM/d0VuqcE7T9kOyGF49wYL6hE7QEyreuFY?= =?utf-8?q?BW6Z7+Sawl7al/VY0WAkCXAnpdW99AjQOTQcPsYQMZFZ4bmOYb6gKvYVUBvSoUZso?= =?utf-8?q?0H6nm8IvTnOHQeuGc6/dmtwb5/4dxw2gI8DSVW1JREwoKBX4OeUtZV94JjCUkfbeh?= =?utf-8?q?m1lU6+hfd55bDwd8s1DuLKNBNWbzBk7Q4LU2pt7X44M41gMhuMo1LyE6mpBXRbV95?= =?utf-8?q?/2kaX6AJeDw+6t9mmVtVs9zfX9HflJ0QK/zAjLvXANV7TPVksRBSufxXGZiyVkblQ?= =?utf-8?q?qGp3lKjwL5gLG6++/ACIlYdY+e8NkQZMjSxviR8803BuXMs5Hcs9JNU8A+bG73sHn?= =?utf-8?q?NbnuS9ArGqOAZuNcKgL3mOMesPZzB+UrSRd2gSs8xNlcf3sWE89GhSyRV6dBhrokI?= =?utf-8?q?Vv/JPQMFtlAcyOgdINIoQdyaXlQj6c2hbYJwNKAimiILgqdfsmdYl7SvGVW0RseZd?= =?utf-8?q?kfl9Z4S578tDo93GUULbvbLVCjNvteQGxPwllqJ25sJlFjUgttSp2S+0Zr3XyihAt?= =?utf-8?q?ZEFIUUSGPkUKbXoetHJl72kYTO6Q4bE3zpUR3bdbbFUyahvcQeleqab+L+gykttV9?= =?utf-8?q?Kk3MFuvphR8qQt5Tja0/kxvP4kdFZQf/WS0oV/XhQEHmR7KIKSXm60IrgWOM47RQI?= =?utf-8?q?cbw4ASVWdJC8eqL37AKzwLDr/Be41f3vhDWEQalO2MhT2q5OWsRbit6Fm7xSARBi1?= =?utf-8?q?wXl4hg2ua7t2A2Tx6uXqy9yrPB3ZEKKgHstiGF4gP3vxzJzLjYdvCCxrteXT6FEXt?= =?utf-8?q?dHzCWkkel0uorroN1YztW1F/UdMjHJio3Ni6qtpzIccTrTuJGbNSrQ7jGqsnSASRe?= =?utf-8?q?NjDBPhZHrlcUqtFY2X/NCOuO1AKmIn5HTfDUJ19sYpZ6SnUd7fVvdGdcNBN1ZJw7p?= =?utf-8?q?I8b79dBp+oPjaPNNGCNsWnnys0/gepIGAAicK4TyHvTeXFN4n2V+nA=3D?= X-MS-Exchange-CrossTenant-Network-Message-Id: 25109b51-b884-4bf4-bd14-08dbd53ec457 X-MS-Exchange-CrossTenant-AuthSource: BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Oct 2023 09:42:56.3254 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f930300c-c97d-4019-be03-add650a171c4 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: nNQFbFkTT2YqM3/5C6BGsxNfAQU+B4F02gvmmxjusFyHMl7TPimZLaGldB65yPFx3B4pfTH1ZCNJWJtCNkcX5NzcxOQ/QCEdmJnTxa/XydIt0Q882WfPYW/s3frcqXx2 X-MS-Exchange-Transport-CrossTenantHeadersStamped: BE0P281MB0116 X-OriginatorOrg: aisec.fraunhofer.de X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Wed, 25 Oct 2023 02:44:45 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1780720166765793512 X-GMAIL-MSGID: 1780720166765793512 Provide a new lsm hook which may be used to check permission on a device by its dev_t representation only. This could be used if an inode is not available and the security_inode_permission check is not applicable. A first lsm to use this will be the lately converted cgroup_device module, to allow permission checks inside driver implementations. Signed-off-by: Michael Weiß --- include/linux/lsm_hook_defs.h | 1 + include/linux/security.h | 5 +++++ security/security.c | 18 ++++++++++++++++++ 3 files changed, 24 insertions(+) diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h index ac962c4cb44b..a868982725a9 100644 --- a/include/linux/lsm_hook_defs.h +++ b/include/linux/lsm_hook_defs.h @@ -275,6 +275,7 @@ LSM_HOOK(int, 0, inode_notifysecctx, struct inode *inode, void *ctx, u32 ctxlen) LSM_HOOK(int, 0, inode_setsecctx, struct dentry *dentry, void *ctx, u32 ctxlen) LSM_HOOK(int, 0, inode_getsecctx, struct inode *inode, void **ctx, u32 *ctxlen) +LSM_HOOK(int, 0, dev_permission, umode_t mode, dev_t dev, int mask) #if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE) LSM_HOOK(int, 0, post_notification, const struct cred *w_cred, diff --git a/include/linux/security.h b/include/linux/security.h index 5f16eecde00b..8bc6ac8816c6 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -484,6 +484,7 @@ int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen); int security_locked_down(enum lockdown_reason what); +int security_dev_permission(umode_t mode, dev_t dev, int mask); #else /* CONFIG_SECURITY */ static inline int call_blocking_lsm_notifier(enum lsm_event event, void *data) @@ -1395,6 +1396,10 @@ static inline int security_locked_down(enum lockdown_reason what) { return 0; } +static inline int security_dev_permission(umode_t mode, dev_t dev, int mask) +{ + return 0; +} #endif /* CONFIG_SECURITY */ #if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE) diff --git a/security/security.c b/security/security.c index 23b129d482a7..40f6787df3b1 100644 --- a/security/security.c +++ b/security/security.c @@ -4016,6 +4016,24 @@ int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) } EXPORT_SYMBOL(security_inode_getsecctx); +/** + * security_dev_permission() - Check if accessing a dev is allowed + * @mode: file mode holding device type + * @dev: device + * @mask: access mask + * + * Check permission before accessing an device by its major minor. + * This hook is called by drivers which may not have an inode but only + * the dev_t representation of a device to check permission. + * + * Return: Returns 0 if permission is granted. + */ +int security_dev_permission(umode_t mode, dev_t dev, int mask) +{ + return call_int_hook(dev_permission, 0, mode, dev, mask); +} +EXPORT_SYMBOL(security_dev_permission); + #ifdef CONFIG_WATCH_QUEUE /** * security_post_notification() - Check if a watch notification can be posted From patchwork Wed Oct 25 09:42:15 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Michael_Wei=C3=9F?= X-Patchwork-Id: 157971 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce89:0:b0:403:3b70:6f57 with SMTP id p9csp2479236vqx; Wed, 25 Oct 2023 02:44:45 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFK5CfkEAHd0OM0pcU+txbt27G8/3TGYgha34VySVqeFsRfumynWBpqP4uZla7+1gb5O0Mi X-Received: by 2002:a05:6808:61a:b0:3af:658f:14f9 with SMTP id y26-20020a056808061a00b003af658f14f9mr14606510oih.41.1698227084940; Wed, 25 Oct 2023 02:44:44 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1698227084; cv=pass; d=google.com; s=arc-20160816; b=OZKMXCApz2/hTZWd4zFagesUZgUpJlrfWZkbsA+ycomJjsr4HakqHgmuhSPiuG6MdZ GWpqdfaMeA2PG1Qt6+zAYiVFIAOn8CW+faRfD9SZjpNKV9T/2yYl4mnTyoGbGCr1NUOg BB0amDUUny8a0TwN2TmRe3GUNrIrcNE0WFgT/LLhkysIzgb5q0j2ePcZjBBsQNfBBPjn HngxA9fLPTYVCCc0esvUjSZGkQwobKplqCz/sbxY4gxNPUiuf4swBglQw/7bmLD/blGL FYD3tKZ8tb8u1jHM9jzvnQ4W4QbyyDIlrByl+/FnT2ZY8TPIylxyErLQUX3cOjqIP4V7 oZEA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:content-transfer-encoding :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature:ironport-hdrordr:ironport-data:ironport-phdr :ironport-sdr:ironport-phdr:dkim-signature; bh=9B3vG4AqSkyndYqXFCb2qiY7Gja6nxIbjcaEafCQSuo=; fh=U9u/esc0XBb8N/pVu7kudxJPwEQ0AyrThcmR2LpYyxQ=; b=N10dbgdGnk7UMZ7VahOBxWOZXTVYkmq/KS2lA7mJaxTwxDqcBuVbYKTtA3EhkMhWhn UC0yznGEFLwq5KDn6RecpuFhJajjMv1X6hl2+b/cjHToegdrjTxCPMfr593dVzB6oeAc 3xiHXbMyLtz/c7PjiV5LYvoAtK6WcrBAHC7hsnYojAigV2d9yfi+CuewRuYbIHlaf8n5 RhhO5AvFUKMrb6wFGMgeN3FqsQZE6qcp33XhnyfiFnXPdKT/x64/f78VlQZaxDu6+6E/ KKxSeZbfiFPArsTpIsLa9eMfFUR48vZSYqJZ0VDGTDrbUR+wsDyvOdExNmgc+yFHQRan CsKQ== ARC-Authentication-Results: i=2; mx.google.com; dkim=fail header.i=@aisec.fraunhofer.de header.s=emailbd1 header.b=xS+RGo9s; dkim=pass header.i=@fraunhofer.onmicrosoft.com header.s=selector2-fraunhofer-onmicrosoft-com header.b=HVNRq5uD; arc=pass (i=1 spf=pass spfdomain=aisec.fraunhofer.de dkim=pass dkdomain=aisec.fraunhofer.de dmarc=pass fromdomain=aisec.fraunhofer.de); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from agentk.vger.email (agentk.vger.email. [23.128.96.32]) by mx.google.com with ESMTPS id y123-20020a25dc81000000b00d9cb5b26d71si9686237ybe.634.2023.10.25.02.44.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Oct 2023 02:44:44 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) client-ip=23.128.96.32; Authentication-Results: mx.google.com; dkim=fail header.i=@aisec.fraunhofer.de header.s=emailbd1 header.b=xS+RGo9s; dkim=pass header.i=@fraunhofer.onmicrosoft.com header.s=selector2-fraunhofer-onmicrosoft-com header.b=HVNRq5uD; arc=pass (i=1 spf=pass spfdomain=aisec.fraunhofer.de dkim=pass dkdomain=aisec.fraunhofer.de dmarc=pass fromdomain=aisec.fraunhofer.de); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by agentk.vger.email (Postfix) with ESMTP id 93BBB802F234; Wed, 25 Oct 2023 02:44:41 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at agentk.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234695AbjJYJoW (ORCPT + 26 others); Wed, 25 Oct 2023 05:44:22 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39076 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234519AbjJYJoJ (ORCPT ); Wed, 25 Oct 2023 05:44:09 -0400 Received: from mail-edgeka27.fraunhofer.de (mail-edgeka27.fraunhofer.de [IPv6:2a03:db80:4420:b000::25:27]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 06EB9DD; Wed, 25 Oct 2023 02:44:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=aisec.fraunhofer.de; i=@aisec.fraunhofer.de; q=dns/txt; s=emailbd1; t=1698227046; x=1729763046; h=from:to:cc:subject:date:message-id:in-reply-to: references:content-transfer-encoding:mime-version; bh=gv9yrbDlT55tNu9gSi5nUtsqTT5sNurOJOivF+/yNDw=; b=xS+RGo9shBJCSWeJtZT/8ZKPAamFLIPU1UYDbQKuPFE6n1/DCdWpwqgL ZqaHdMTvyV6ZEnK2dnB+UTwVrwAtChriUstUfd4FWZvlH5MS1gRakWYwi 0PNDSYSh0kixV+wrNgdyj3wuE6j5UGzPmSAK/n6DsQGk7+9vr0dFN9PXU GCf/a+Rs60a/JCLgEcvZntdRF+ubSemE4QnklFDm5YE5nWDyypUGLMvXi zriSjHAqHqyMWwUmiT7/miHx8nTW7QKgTGnIzDAAKiIK9iTd6/0ZPI15M afGA/L1SxFk9L6tKknnFhxNICms7aYdJeLNXjc8XvBUxG6tr3TM9+Kuql w==; X-CSE-ConnectionGUID: i+AxNexJRu+qNaabQM866A== X-CSE-MsgGUID: X8UfNcKgSD2EPuLqF5Ciyw== Authentication-Results: mail-edgeka27.fraunhofer.de; dkim=pass (signature verified) header.i=@fraunhofer.onmicrosoft.com X-IPAS-Result: A2E2AABB4jhl/x0BYJlaHQEBAQEJARIBBQUBQIE7CAELAYI4gleEU4gdpWsqgSyBJQNWDwEBAQEBAQEBAQcBAUQEAQEDBIR/AocaJzQJDgECAQMBAQEBAwIDAQEBAQEBAQIBAQYBAQEBAQEGBgKBGYUvOQ2EAIEeAQEBAQEBAQEBAQEBHQI1VAIBAyMECwENAQE3AQ8lAiYCAjIlBgENBYJ+gisDMbIYfzOBAYIJAQEGsB8YgSCBHgkJAYEQLgGDW4QuAYQ0gR2ENYJPgUqBBoIthFiDRoJog3WFPAcygiKDLymLfoEBR1oWGwMHA1kqECsHBC0iBgkWLSUGUQQXFiQJExI+BIFngVEKgQM/Dw4RgkIiAgc2NhlLglsJFQw1BEl2ECoEFBeBEW4FGhUeNxESFw0DCHYdAhEjPAMFAwQ0ChUNCyEFVwNEBkoLAwIaBQMDBIE2BQ0eAhAtJwMDGU0CEBQDOwMDBgMLMQMwV0cMWQNsHxocCTwPDB8CGx4NMgMJAwcFLB1AAwsYDUgRLDUGDhtEAXMHnU2CbYEOgliWLgGueQeCMYFeoQkaM5crkk8umA4goj6FSgIEAgQFAg4IgWOCFjM+gzZSGQ+OIAwWg1aPe3QCOQIHAQoBAQMJgjmJEgEB IronPort-PHdr: A9a23:sVzF9RBsaOfoHmq1OLKhUyQUPkIY04WdBeZowoRy0uEGe/G55J2nJ 0zWv6gz3xfCCJ/W7/tUhuaRqa3kUHwN7cXk0jgOJZJWXgIDicIYkhZmB8iACEbhK+XtYTB8F 8NHBxd+qmq2NUVeBMHkPRjcuHSv6z4VFBjlcA1zI+X+AInJiMqrkuu1/s62AU1I0RSnZrYgA ByqoFfqq8MUjIB+eIM80QDArXYNWsgE7mRuOV+Vg1PA99+9rrtC1gkVhf877M9HV/fKOoEDC JFIBzQvNW84ofbmsxXOVyKjzXsRWWZF93gACQiQvTuhQLitmzLBtft71BiDDePdR+otWAX9w KViFhn4qS0FPDcU+W/8s/dti/cIxXDprUlf/ajuedyIGOJRRJv6UPVDGWBefe9eCnBqUqmcd 7IdP7paE75+n5PToHocqB6gL1a0KOj+zR9Y22PX/IMz7M45Plzi4z18HehRlTfkt8/fNoUtf +Ll57f44xj+ZbQL5mfetoXTVjELnq3UXIkpS5uS02YNGQ7U0UmBitH+Dm2KiPownHWZydA5C N2zjF47igJypwSw7eMMjZPv17Mc81vfqABa3K8TJ+SoUBIuMpa0VZpKsCeCMJFqB9kvWHxsp HMiw6Yd6vZTHQAPwZUjghPTZPGEetLXpBz5XfuXITB2iWgjdL/szxqx8E310uTnTYH0y1dFq CNZj8PB/m4AzR3d68WLC7N9806t1CzJ1lX75PtNPEY0kqTWMdgmxLsxnYAUqkPNAmn9n0Ces Q== X-Talos-CUID: 9a23:ZQbSXGDurzwbMMb6Eygk3V4yF9AHSGCe1VHZKkWBLDY3FpTAHA== X-Talos-MUID: 9a23:C7P2AwSi9cAikfNCRXTc1AxsEsxL7J+CUm01jLEflZSvND1vbmI= X-IronPort-Anti-Spam-Filtered: true X-IronPort-AV: E=Sophos;i="6.03,250,1694728800"; d="scan'208";a="1597260" Received: from mail-mtaka29.fraunhofer.de ([153.96.1.29]) by mail-edgeka27.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Oct 2023 11:43:01 +0200 IronPort-SDR: 6538e323_4JQlWwXat3Mn6HlFJZA6SkSVpu8cvPY28xR2+8iCx8lJ1Un m9trjJ27v1/lnRBwjc8W1LIahWzpTFyEBi0x6MQ== X-IPAS-Result: A0BZAAC94Thl/3+zYZlaHQEBAQEJARIBBQUBQAkcgRYIAQsBgWZSB4FLgQWEUoNNAQGETl+GQYJcAZwYgSyBJQNWDwEDAQEBAQEHAQFEBAEBhQYChxcCJzQJDgECAQECAQEBAQMCAwEBAQEBAQMBAQUBAQECAQEGBIEKE4VoDYZNAgEDEhEECwENAQEUIwEPJQImAgIyBx4GAQ0FIoJcgisDMQIBAaUwAYFAAosifzOBAYIJAQEGBASwFxiBIIEeCQkBgRAuAYNbhC4BhDSBHYQ1gk+BSoEGgi2IHoJog3WFPAcygiKDLymLfoEBR1oWGwMHA1kqECsHBC0iBgkWLSUGUQQXFiQJExI+BIFngVEKgQM/Dw4RgkIiAgc2NhlLglsJFQw1BEl2ECoEFBeBEW4FGhUeNxESFw0DCHYdAhEjPAMFAwQ0ChUNCyEFVwNEBkoLAwIaBQMDBIE2BQ0eAhAtJwMDGU0CEBQDOwMDBgMLMQMwV0cMWQNsHxYEHAk8DwwfAhseDTIDCQMHBSwdQAMLGA1IESw1Bg4bRAFzB51Ngm2BDoJYli4BrnkHgjGBXqEJGjOXK5JPLpgOIKI+hUoCBAIEBQIOAQEGgWM8gVkzPoM2TwMZD44gDBaDVo97QTMCOQIHAQoBAQMJgjmJEQEB IronPort-PHdr: A9a23:b0dI4h0vScq9Q4LosmDO5gUyDhhOgF2JFhBAs8lvgudUaa3m5JTrZ hGBtr1m2UXEWYzL5v4DkefSurDtVT9lg96N5X4YeYFKVxgLhN9QmAolAcWfDlb8IuKsZCs/T 4xZAURo+3ywLU9PQoPwfVTPpH214zMIXxL5MAt+POPuHYDOys+w0rPXmdXTNitSgz/vTbpuI UeNsA/Tu8IK065vMb04xRaMg1caUONQ2W5uORevjg7xtOKR2bMmzSlKoPMm8ZxwFIDBOokoR rxRCjsrdls44sHmrzDvZguC7XhPNwdemBodUiKe8j6md47KsTr8uttk6AexN5fvTIFrdjars aF7aRXqgy4qPjASyVrKjZkj6cATqkeBmTpF2tPJTJm6DsJZU4WEIdkFZkNOA5p6BwZhGrquX 9tUIbInDfx2qKjvol4Qh0SmKQK9A8P/lyNpp1H/4oci/LkFLjCa3jZ/OpE+q27+rvfKGqVCe v6F4oT1x3KeUKN1hzrmzKniTUx5oMrVZ+Mza+Xzx0Q+SB/UrQiLmNL6YS2o+fkPlVLCstV8U tKzqm0krj1uiRyPwd0K27jAv4kOl3Xn6Qxfwr8lPYHtGwZrJN++F51IsDuGcpF7Wd4mXzRws T0hmdXu2La+dSkOjZE7zj32Ma3BfZKB/xTjU+icO3F0iSEtdLG+gkOq+FO7gq3nV8ay2UpXt CcNjNTWt34M2hCSosiKQ/dw5AGgjB6BzQnO7OFDL00u063dLp8q2LkrkZQP90/EG0fL IronPort-Data: A9a23:NZWTKqvVBRlvZVbN+1ml3gXRQ+fnVNNaMUV32f8akzHdYApBsoF/q tZmKTjQOPjeNmvyc98kbd608RgO75OEx4NkSwdk/C43EHkQgMeUXt7xwmUckM+xwm0vaGo9s q3yv/GZdJhcokf0/0vraP67xZVF/fngbqLmD+LZMTxGSwZhSSMw4TpugOdRbrRA2LBVOCvT/ 4upyyHjEAX9gWUtajhJs/vrRC5H5ZwehhtI5jTSWtgW5Dcyp1FNZLoDKKe4KWfPQ4U8NoZWk M6akdlVVkuAl/scIovNfoTTKyXmcZaOVeS6sUe6boD56vR0Soze5Y5gXBYUQR8/ZzxkBLmdw v0V3XC7YV9B0qEhBI3xXjEAexySM5Gq95flD12WruGp/nfDKWq00dBNNFsOJowxr7Mf7WFmr ZT0KRgWawybwe+my7L9RPNlm8IjK8fmJsUTtxmMzxmAUK1gEM+FGvqbo4YCg1/chegWdRraT 88YYjpmYRCGfBBOIUw/AZMlkezuiGP2bjtYr1yYv+w77gA/ySQvjOW1bIeJI7RmQ+1Xn3iS+ DvN+V7GPRQjMMfC7DWH8XSF07qncSTTHdh6+KeD3vdujU2awGAeEjUTVFuypfiym0j4UNVaQ 2Qe4CMzq6Uo3E+mVN/wW1u/unHslhcHR/JTHvc85QXLzbDbiy6BD3UAZiZIddhjscgxXzFs3 ViM9/vlDDpuvbm9SHWS+76OpzSify4YMQcqbCkIVwoEy9ruuoc+ilTIVNkLOKu8lMH0H3f0y i2iqCk4mqVVgcMVv42g+lbIqzGhvJ7ESkgy/Aq/dnOl9St3bsiuYInAwVrc7fAGIo+CUlCLs X4Is8eb5eEKS5qKkUSlQ/0WHbem596GPSfajFopGIMunxy293CLcodX7zVzYkxuN64seTbuZ FLUkQxW45BXMT2haqofS4C2D98j5avtD9LoUrbTdNUmSoFseQmb/SdGZFWXwWnpnU4w16o4P P+zb8e2Cl4IBKJm0nyyRuEAwfks3C942GC7bZX6zBCgypKFdnOPRLsEdluTBsgw6aKe/17U9 /5QMsKLz1NUV+iWSjLa64EeBVADKXwqA9b9rMk/XuSbLCJ4F2w7Tfzc27Usf8pihas9vuPJ+ GytH0xV0lzygVXZJgiQLHNucrXiWdB4t31TFSgtO0u4nnY4bYux4aM3aZQ6Z/8k+fZlwPoyS OMKE/hsGdwWF2+CqmtYNMas6dU4K1K1gESFeSS/aSU5f5luShaP9tKMkhbTyRTixxGf7KMWi 7O63x7dQZ0NSh4kC8DTafm1yEi2s2Rbk+V3N3Yk6PEIEKk12Nk7d37CnbUsLtsSKB7O4DKf2 kzESV0bvOTB6ct9utXAmanO/c/jHvpcD3hqOTDRzY+3Ei3GoUul44tLC9iTcR7nCWjbxaSFZ Mdu9c/aDsEpplhwjtdDI+5Z9p5mv9rLjJ1G/ztgB0TOPgiKCKs/A3yo3vtvl6xqx51ZsDuQX nOep9xRPJvQMsblDmwUGhsBa96H9PALmwv96eY+D1X66RRWopuGcxR2FDudhBNNKIBaNNse/ t4gn8oN+iqDihYOGfSXvBB+rmijACQJbPQ6i8s8HoTutDsO9nhDRp7tUgnN/5CFboR3AHkAe zO7qvLLuOVB+xDkbXE2KHnq2Nhdj7QovDRh7gcLB3aNq+r/qs4H5j9j2hVpcV0N1TRC6fx5B UZzPU4sJamuwSZhtPIeY0+SQTN+FD+r0W2v7WAWlV/pbViiDU3MC2wfBdyj3m4k90BkQzwK2 43AlUjEV27xcdDTzxkCfxdvi8beQOxb8izAn8GaHPq5IaQqXAq9goKTYTsnlhi2J+Iwm0zNm sdy9slSd6DQFHAdso87OaagxJUSTxG1G2hQc85E4ZEPP2HQR2y102K8L0uwJ8B/HN3R0EqCE 8c1DNl+Zxe/8yevrz4gGq8HJYFvrsMp/NYvfrDKJ3YMlrmi8gpSr5Pb8xbhiF8RQ9lBldg3L qXTfWmgFlO8qGR1mWiXiuV5IUu9PMc5YTPj0NCP8OkmE4wJtMduexoQ1pq2p3CkDxt1zSmLv Q/sZ77k8MI68N5Cx7DTK6RkAxm4DfjRV+7SqQC6jIloXOP1aMzLs1sYl0njMwFoJoAuYtVQl 4mWkdvJzUjA7acXUWfYpsG7LJN3x/6OBchZDsGmC0Nhv3qmeNTt6B496WyHOcR3sNdC1PKGG Sq8SuWNLOAwZfkM5UdoexB/EgkcAZvZdq3Phz2whNXSBwk/0T7oFsKG93joZjsCLiQjZpnzJ Snzn/Oc9+FokplFK04BNcFHHq1XHV7Hcoklfu3XqjO3IDSJgFSDm726jjsmy2jBJUelGfbAw 6DuZ0bBZjXrn4+Q1/BfkYh5niNPPUZHmeNqI34soY9nuQ61HEstDLo7M6xfLrp2jyar9pXzR A+VXVsYES+nAAh1K0Tt0u/CADWaKPcFYOriBzoT+EiRVSe6KaWADJZl9QZi+31GQSTi/s72N eAh/mDMATbpzqFLXeoz4tmJsdVjzN7exVMK/hnZuO72CBA8H74L9SJAGCxgaC/5KPzOxX77f TUNeWN5QU+FEB+7VY4qfnNOAxgWsQ/+1zhiP2/F3N/bvJ7d1+FajuH2P+boyLAYccAWP/g0S GjqQ3eWqXWjspDJVXDFZ/py6UOsNc+2Iw== IronPort-HdrOrdr: A9a23:7YmcYajFRMZLlXzps3wKGAcVDHBQXiQji2hC6mlwRA09TyX4ra CTdJZy73XJYVMqNU3I9urwXJVoLUmxyXcW2+cs1N6ZNWGMhILCFuBfBOXZrAHIKmnX7e5X3e NMb7N3A9j9IVxzjcO/3RKxGdQt2/mLmZrY4Nv2/jNEVgFgY+VH9Ad2CgGSD01wSk1vHIM9FJ CV+8pAoFObCBYqR/X+LmIEVOCGgcbKmpLgaQMHABBi0wWHiDfA0s+YLySl X-Talos-CUID: 9a23:Xx0RpG9ojZRbiLQNMeiVv2w6P+k6X0fs9nKKMheqLEVRUoWOSHbFrQ== X-Talos-MUID: 9a23:8Vy02QTm2u3QgnheRXTuhQ9oap5j5Z6RN0U0lY5bnsaGNipZbmI= X-IronPort-Anti-Spam-Filtered: true X-IronPort-AV: E=Sophos;i="6.03,250,1694728800"; d="scan'208";a="64504541" Received: from 153-97-179-127.vm.c.fraunhofer.de (HELO smtp.exch.fraunhofer.de) ([153.97.179.127]) by mail-mtaKA29.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Oct 2023 11:42:58 +0200 Received: from XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) by XCH-HYBRID-03.ads.fraunhofer.de (10.225.9.57) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.27; Wed, 25 Oct 2023 11:42:58 +0200 Received: from DEU01-FR2-obe.outbound.protection.outlook.com (104.47.11.168) by XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.27 via Frontend Transport; Wed, 25 Oct 2023 11:42:58 +0200 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=L/HEfxQoU3o4NJzhOW2WBmpBBW8gJgF470SySJWi0rcRwSDQQO0BXX8RjvSfrl5z2irIjkTdlTdqLqfOHdgHlmXz//wYW8n0fG5dyX7O11wQSeDcOHGfYkIsd8t95rCEC6p/iGjm5HBLrKBjHaxhM3s7Wme6eZUiX+//jaFhDSQoDdG9O6trFatXYSwQKoVtBKIcTetsaIC7ZiWqNQQRfQIRSmTmL4gzfjWcKHkdJo6WdAPgzwenatpRE4HibJoYgeocC9vmW8LFR18OpwjrV3OCDcKF5PPrvHpbu7+ihuVMHUepu0Iq8QzzIcs4Oi70LM2Yh8TVyue+qpqerlRhWg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=9B3vG4AqSkyndYqXFCb2qiY7Gja6nxIbjcaEafCQSuo=; b=Piqo+u6AdWzZi8dseXJBAGBhY239UElLIZ8Ek306XUeL09RvHmHmCDHGKWUKWWdJibadROmH6lLoq/5gz+cDk7gYyoh0j8WRdVCK6uObe/4uJ5Fa8JyEUY+YnKbW+15nF9J+9RQgfmtx3vuAm8ZxHLmU9PFqynKB8ogDL5YhLstGT4D38vOGcG+Iq6K7a+XjqNIviwD0s4FpT4hi8clK4Z22OYlXAMy1hN5XngkwVf8tGCN7L6JH1BYZpl/w+kN2DyaaprPXaFszyXdn2eSV6M3RspdvvFpbk50jOnm8RavQsd+mHhds5ixcWtVkW+81fnX72hcJPy9r/9QLmsuGFQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=aisec.fraunhofer.de; dmarc=pass action=none header.from=aisec.fraunhofer.de; dkim=pass header.d=aisec.fraunhofer.de; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fraunhofer.onmicrosoft.com; s=selector2-fraunhofer-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9B3vG4AqSkyndYqXFCb2qiY7Gja6nxIbjcaEafCQSuo=; b=HVNRq5uDpGRPOEN14bwKAg54C8BHpQzX83F0NXrFoIzmmvB7pDcyoHx5tIIFaWBpG5LWY4jR7M+XsrBjJWFj8CvXFEUb/5W8K6esLIBW40iS1R9+rGJfey7tyK5sY6w6vUGujNR15WtoXtIkkmTwCLHorN9YaQcs5MKtANjQxp4= Received: from BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:50::14) by BE0P281MB0116.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:f::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6933.19; Wed, 25 Oct 2023 09:42:57 +0000 Received: from BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM ([fe80::7330:78f8:1bf2:2f4d]) by BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM ([fe80::7330:78f8:1bf2:2f4d%5]) with mapi id 15.20.6933.019; Wed, 25 Oct 2023 09:42:57 +0000 From: =?utf-8?q?Michael_Wei=C3=9F?= To: Alexander Mikhalitsyn , Christian Brauner , Alexei Starovoitov , Paul Moore CC: Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Quentin Monnet , Alexander Viro , Miklos Szeredi , Amir Goldstein , "Serge E. Hallyn" , , , , , =?utf-8?q?Michael_Wei=C3=9F?= Subject: [RESEND RFC PATCH v2 05/14] device_cgroup: Implement dev_permission() hook Date: Wed, 25 Oct 2023 11:42:15 +0200 Message-Id: <20231025094224.72858-6-michael.weiss@aisec.fraunhofer.de> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20231025094224.72858-1-michael.weiss@aisec.fraunhofer.de> References: <20231025094224.72858-1-michael.weiss@aisec.fraunhofer.de> X-ClientProxiedBy: FR4P281CA0420.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:d0::17) To BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:50::14) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BEZP281MB2791:EE_|BE0P281MB0116:EE_ X-MS-Office365-Filtering-Correlation-Id: 2a0e69d7-6565-44a9-6605-08dbd53ec503 X-LD-Processed: f930300c-c97d-4019-be03-add650a171c4,ExtAddr X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: iRFrLvHz+bi/+pCJOT/RCSM4JL5AdLfabO1RJNi/Y51PNRTbEReB0BU3dSuEFYo0eQ4bZQJKC8XXBuGxeWnzjJz3zqHGLFI+dcELerXBRYPvna48q0XyR/olnZ0OCfOQ/35X9lZns+CX7QgMF/gjwlb8q24T3wQbDk41VwjWnuTr9XLIDI3XES4xsLPM/QcOvgQi7Nxnwf4Z+OTsStR0TWdLvhhCSmlzFduzIWiwDDrCDwbbxSw1YcQ7PUb8BzPJ1HO3S/i8vv3EqgQPUY8RAe5I2pCYVAGpAhfKLJqepbIx8pc9DudZ/TWyitjtdN6EbFOUoOMqi20Pmge7pkVpQexd4DT5ZLCCK/ATDQHWuU7MJJR+w3Wz03NyIszXfZo1w+f3AMZQmo6CvKX/NqM8gGwYxtk0cDE9PaLWNgPt5WEIE2QIajmkV2vxpHYIJCsq16BpuwD7M2+RS1yZvDgKcHYELuvw3n8uTuG6+EjoWUWwXhaEd3G+7AQPwmpQjmdvLpja8mWsPnp4BqXIvh0CKAB+K0A3zynt0DP1uR25UfuTSIP7mHLIkgwP1BmaL2DHrRKqShAgRRdDZZy42KFbf5sFDisyYCwBQfFcm9Fh488= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230031)(366004)(346002)(136003)(396003)(376002)(39860400002)(230922051799003)(1800799009)(186009)(64100799003)(451199024)(66946007)(83380400001)(316002)(38100700002)(6486002)(478600001)(6666004)(54906003)(110136005)(66556008)(66476007)(1076003)(107886003)(52116002)(6506007)(2616005)(6512007)(7416002)(2906002)(86362001)(4326008)(8936002)(82960400001)(8676002)(41300700001)(5660300002);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?d3h2XSWAxBCJGe7ZVC6rwUYtn0Ey?= =?utf-8?q?2ysjKYaxpnFw6Fvwnt2f8IsNoof8/+LQvJdmNLVR0BHOQjpMDJaBIcErPkW+3MvAn?= =?utf-8?q?ve57aW6PZAXIDWGic0MAoDDyJFZEVWUK6ADZX4SXFkVulK8+v55qDjNUIfPuC9ETv?= =?utf-8?q?R4zRZKTx1Ix58yZk7S5ANJOSiMDWuiIyBXS7OyFJsAXhw/Bu8IXhSl8YJ54vGZaLx?= =?utf-8?q?kfGL760Dp8FcPmcYsEufRiBlRt1m8ozaGSAFpg+ttwF3J1r4DKzqUr9hRNEUR7A3K?= =?utf-8?q?JI4AV+A5Yq8TkBcB7/4fhXkrKQ58xtkh61x597i+it2Nu7oC2BYaLBbQIl4S/mJZu?= =?utf-8?q?XVvEww497a4K83TXocfkpREhnFQ9bWWGRk1jQXzfQhLorpkom6v3C1A4GIRUFwUrl?= =?utf-8?q?TRUA0Qq6mQIR8Sbm2iunFSh5u/WrdcuESiiZk9XBw1cP0rQ5oCkcWnsBaSdg0nkZB?= =?utf-8?q?LB2NdRi62gMw/W/MLAgc/HYKYzhszT+Rgk4jdXxUQ3F9+66538pckwkLydw2yN8Z1?= =?utf-8?q?RJlobBtOMc9cFvOUSV4IsKsuplzeG92efXgnkWwSE4nRxUv63z2KMYm19dj63IV2h?= =?utf-8?q?4UQQBRDL8lTYpyXpI0Wf5RgZ0YEpFugbvHxp/q9KP77ZgeSCgSOFnvCFBrHDCiRTi?= =?utf-8?q?4RWwYiavOumy3+YUe/iSoSxIuJkQgd2BKuTGahBANYTCBVDurBUwU0xnTsNd8/0kR?= =?utf-8?q?3rPTXtPvgxYZp9X86Gr1mqnOLGFJT5TwcRsitsTzh2e8jTYxiyL20FX7oBi67tC8z?= =?utf-8?q?F9FETZn9sg6DPDNKfc7VkmM4Dx0TaAq/2y01i0liatYy6C0kfxxU/nBEFblQKyhiA?= =?utf-8?q?7oWpT1P1w4pW1y/nQLWdlxkBq9+Ls0d9u70rX8hqJXRqVxVZ3MXvJS6ZdD39zT/7B?= =?utf-8?q?mqgXf8Y5nXQY5CEdmMu9HIWUjngUmzdNR2ynRVPF1Hx1cU65oBsozPveYdWHpl9UO?= =?utf-8?q?0f+405Ylg55rP6hHgPYOD87Enn3EfQ/TecmYoaJoGHycBwCeXYG3XotuLNXrh8r4f?= =?utf-8?q?gkizGuGw/fVa17irHyvptIbCAi6CXTKYNwnvQPgTID4icPbe1xlxVxbthjhWJuWsj?= =?utf-8?q?YQx1N6HmGZAbtl3j0aDTmOagQ0yQmX0OnGryc9SxFr0sXAYXQ4aDrLTmlE6SSCNaB?= =?utf-8?q?jdKETIdenFAv9tyJq4a9dmhYPZTa8LPNe5qnbfJTS857SN3bHF8fO5r+mr1smebhc?= =?utf-8?q?5j6AG7WIevhAFztjamvbBEIBuvuA5PFBVMXrfh6sHL1IZdaFiWmZTQGRSUUaVjWF9?= =?utf-8?q?E60hJo5dclMyTu+IfgSodaYB6ZKhilVoqz9tkKr8k0j5QACpBmjGyeP6bqnoB53S9?= =?utf-8?q?ZYu3BEJU67MvuACLvDpjgeqPWcGz4wqsGYJmPvjGfr1mTFZfpvAfTVZ+6cLnw6g0L?= =?utf-8?q?xr0I49PkuJbouLLgt7tuRz70ql2Woa0p7A0ejn7+buAJbHB4KvGwlj9KfQLzbC8v3?= =?utf-8?q?rEcoNdY6XPVUmwU65IjipxXoQNw091p2OuqLwkfTLeePl/QIZrkylfoyvr17DFvPx?= =?utf-8?q?YnSvHZ19pCI7QnsXnoCQcB3qH91OeP+HqZeQiRejUjx4KVcYdUU48Zmvguuy7nzBe?= =?utf-8?q?SKJkrGvEngBUdhliJDhWuWCKR+xaSUT9GobkcTkk/cKYBYfPiC0ho4=3D?= X-MS-Exchange-CrossTenant-Network-Message-Id: 2a0e69d7-6565-44a9-6605-08dbd53ec503 X-MS-Exchange-CrossTenant-AuthSource: BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Oct 2023 09:42:57.4355 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f930300c-c97d-4019-be03-add650a171c4 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: nJFKSi7qN4GDjSpm4p59ogIROeXx/9+GGfkvzU/cJ6Wcym482w5KH/Ssuaab3wmEkqPw9/P+rgireMePHwE7E6WDV3bkcETBk+XJMisBM6D2Ix8LTPiz3wTi+88RYQww X-MS-Exchange-Transport-CrossTenantHeadersStamped: BE0P281MB0116 X-OriginatorOrg: aisec.fraunhofer.de X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Wed, 25 Oct 2023 02:44:41 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1780720164055977258 X-GMAIL-MSGID: 1780720164055977258 Wrap devcgroup_check_permission() by implementing the new security hook dev_permission(). Signed-off-by: Michael Weiß --- security/device_cgroup/lsm.c | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/security/device_cgroup/lsm.c b/security/device_cgroup/lsm.c index ef30cff1f610..987d2c20a577 100644 --- a/security/device_cgroup/lsm.c +++ b/security/device_cgroup/lsm.c @@ -14,29 +14,32 @@ #include #include -static int devcg_inode_permission(struct inode *inode, int mask) +static int devcg_dev_permission(umode_t mode, dev_t dev, int mask) { short type, access = 0; - if (likely(!inode->i_rdev)) - return 0; - - if (S_ISBLK(inode->i_mode)) + if (S_ISBLK(mode)) type = DEVCG_DEV_BLOCK; - else if (S_ISCHR(inode->i_mode)) - type = DEVCG_DEV_CHAR; else - return 0; + type = DEVCG_DEV_CHAR; if (mask & MAY_WRITE) access |= DEVCG_ACC_WRITE; if (mask & MAY_READ) access |= DEVCG_ACC_READ; - return devcgroup_check_permission(type, imajor(inode), iminor(inode), + return devcgroup_check_permission(type, MAJOR(dev), MINOR(dev), access); } +static int devcg_inode_permission(struct inode *inode, int mask) +{ + if (likely(!inode->i_rdev)) + return 0; + + return devcg_dev_permission(inode->i_mode, inode->i_rdev, mask); +} + static int __devcg_inode_mknod(int mode, dev_t dev, short access) { short type; @@ -65,6 +68,7 @@ static int devcg_inode_mknod(struct inode *dir, struct dentry *dentry, static struct security_hook_list devcg_hooks[] __ro_after_init = { LSM_HOOK_INIT(inode_permission, devcg_inode_permission), LSM_HOOK_INIT(inode_mknod, devcg_inode_mknod), + LSM_HOOK_INIT(dev_permission, devcg_dev_permission), }; static int __init devcgroup_init(void) From patchwork Wed Oct 25 09:42:16 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Michael_Wei=C3=9F?= X-Patchwork-Id: 157978 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce89:0:b0:403:3b70:6f57 with SMTP id p9csp2479755vqx; Wed, 25 Oct 2023 02:46:03 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGDSQIwizklnZQ5/m+lnvy5Hlm8d8kB9nCfN2GupfVmTlXP89NP4wmgL6Ids6gP+u3UeZ6y X-Received: by 2002:a25:cb01:0:b0:da0:5ba1:7b2f with SMTP id b1-20020a25cb01000000b00da05ba17b2fmr3401912ybg.31.1698227162965; Wed, 25 Oct 2023 02:46:02 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1698227162; cv=pass; d=google.com; s=arc-20160816; b=QCqRq6k3DBKYCpJnQZM3ljICzcCQ+PGWPwTqR0q7ujRp2t5Z94Y74FjekLGd5fN8UY 7Oxp6RfB/r+DhD4dPsNoYzD4o/CVkyu+NP4rxwLkDC+ef13dzmI7ZKlmz24RkXupK/Mo lgfWDF+2Tf+XhNnsZd7DCfHBnrL2ygWuJPb0KMbp1Vn5qDMjSMItjmOYM2J5jNeVN3Mi qrFA1tWN+M/qguqiI2csA1otmRvxeOMaad6y6zITGIQd2KsAf7ERaVGisfykC7u4NTOu 4N/d5D7lUGrH7GBMP431T0MsbspGwK3cuwzscQIA8KwyKd4d0GuaKXxrFx1ObHr9hII7 dqKA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:content-transfer-encoding :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature:ironport-hdrordr:ironport-data:ironport-phdr :ironport-sdr:ironport-phdr:dkim-signature; bh=la0XwQPiL4K+HekaltsyfcU3g+yKZuBbZKvtFkOu0Rk=; fh=U9u/esc0XBb8N/pVu7kudxJPwEQ0AyrThcmR2LpYyxQ=; b=uRPZHt1aXTdvDLZ4QnOFNQQ1h1k6tadaZ3oTJIyLp8K2ocs54lRFH5uDg/ZtSM1ntH WuqV3A+DvcHOohAz/QhdCJdFZgt4BqA6wNLl75r1hZzH9XZTp1PwhJVF//3T/Vq3SfR7 SBjRL49Q04sp7c3Dz5wOuVgChYr9StOLpBG+CAay1vYZ6M/5AEPYA56RFKEOVeySZ+SM +U4cSj+xN9MmJhhDw8M8gZ929iDhYXlO/37v3pJQR8pDRZob9nCxp0enKmBuNaPE4e2z FkNowEpkPRkYMchK4QwB4xJLnkHBO0A9k86Jg4vEyXTz7aYoc3Pa8xyLYlPafRyCk7Q8 kjnw== ARC-Authentication-Results: i=2; mx.google.com; dkim=fail header.i=@aisec.fraunhofer.de header.s=emailbd1 header.b="t/sioXLL"; dkim=pass header.i=@fraunhofer.onmicrosoft.com header.s=selector2-fraunhofer-onmicrosoft-com header.b=d7Fp07fv; arc=pass (i=1 spf=pass spfdomain=aisec.fraunhofer.de dkim=pass dkdomain=aisec.fraunhofer.de dmarc=pass fromdomain=aisec.fraunhofer.de); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from morse.vger.email (morse.vger.email. [2620:137:e000::3:1]) by mx.google.com with ESMTPS id v5-20020a25fc05000000b00d8184353dcdsi10185883ybd.342.2023.10.25.02.46.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Oct 2023 02:46:02 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) client-ip=2620:137:e000::3:1; Authentication-Results: mx.google.com; dkim=fail header.i=@aisec.fraunhofer.de header.s=emailbd1 header.b="t/sioXLL"; dkim=pass header.i=@fraunhofer.onmicrosoft.com header.s=selector2-fraunhofer-onmicrosoft-com header.b=d7Fp07fv; arc=pass (i=1 spf=pass spfdomain=aisec.fraunhofer.de dkim=pass dkdomain=aisec.fraunhofer.de dmarc=pass fromdomain=aisec.fraunhofer.de); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by morse.vger.email (Postfix) with ESMTP id 4319E807E444; Wed, 25 Oct 2023 02:45:05 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at morse.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1343508AbjJYJoe (ORCPT + 26 others); Wed, 25 Oct 2023 05:44:34 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39090 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234536AbjJYJoK (ORCPT ); Wed, 25 Oct 2023 05:44:10 -0400 Received: from mail-edgeDD24.fraunhofer.de (mail-edgedd24.fraunhofer.de [IPv6:2a03:db80:1504:d267::25:24]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4CCE8E5; Wed, 25 Oct 2023 02:44:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=aisec.fraunhofer.de; i=@aisec.fraunhofer.de; q=dns/txt; s=emailbd1; t=1698227047; x=1729763047; h=from:to:cc:subject:date:message-id:in-reply-to: references:content-transfer-encoding:mime-version; bh=lj4vIchilQSP7CJzsy23e8C9QwMXZ+lNYzOtv4p9Euw=; b=t/sioXLL7rsHWoj8k2wV9yqvEz8td3lYvgTSYPMkPsmAdBvHm/nkPxss 9dqazrYmghgAJIVwZdd3mOKOuVivjgwdsyysfpCdFrp96W1N77fc6QURm u5npcLAzjYxXbAzoKToBsIHGfk2SbYQXVPq4rLJ5cwDqTwiQehTHuGNH2 WmzFzNeB2+2qPy83JGtx9o0WT4+KtOtRyWM8bAxnAh4r1w6faOacrQ2nZ C0Ke0nG4BGJ1S79X9jYBWFHjUm9sGo1Diygz3tlgbfAs6mJr1Jm2Q7K6o dcC/0c6aaEq3ivZ1n4FDrUqT6WVdzK7aPJ/vyBi1Aki/cwth8wZiIFqXA w==; X-CSE-ConnectionGUID: hwgJjR/STN+eETh6yYxBVg== X-CSE-MsgGUID: aZ9kKngjSJG9CobO4vsqtQ== Authentication-Results: mail-edgeDD24.fraunhofer.de; dkim=pass (signature verified) header.i=@fraunhofer.onmicrosoft.com X-IPAS-Result: A2HeAwBB4jhl/xoBYJlaHgEBCxIMQIFEC4I5gleEU5FemCaEBCqBLIElA1YPAQEBAQEBAQEBBwEBRAQBAQMEhH8ChxonNQgOAQIBAwEBAQEDAgMBAQEBAQEBAgEBBgEBAQEBAQYGAoEZhS85DYQAgR4BAQEBAQEBAQEBAQEdAjVUAgEDIw8BDQEBNwEPJQImAgIyJQYBDQWCfoIrAzGyGIEygQGCCQEBBrAfGIEggR4JCQGBEC6DXIQuAYQ0gR2ENYJPgUqBBoIthFiDRoJog3WFPAcygiKDLymLfoEBR1oWGwMHA1kqECsHBC0iBgkWLSUGUQQXFiQJExI+BIFngVEKgQM/Dw4RgkIiAgc2NhlLglsJFQw1BEl2ECoEFBeBEW4FGhUeNxESFw0DCHYdAhEjPAMFAwQ0ChUNCyEFVwNEBkoLAwIaBQMDBIE2BQ0eAhAtJwMDGU0CEBQDOwMDBgMLMQMwV0cMWQNsHxocCTwPDB8CGx4NMgMJAwcFLB1AAwsYDUgRLDUGDhtEAXMHnU2CTSABgQ0ngTR9li4BrnkHgjGBXqEJGjOXK5JPLodGkEggoj6FSgIEAgQFAg4IgWQBghQzPoM2UhkPgRuNBQwWFoNAj3t0AjkCBwEKAQEDCYI5iRIBAQ IronPort-PHdr: A9a23:wY1uXhd0HcpMl0W4bQbCtOgQlGM+49/LVj580XJao6wbK/fr9sH4J 0Wa/vVk1gKXDs3QvuhJj+PGvqynQ2EE6IaMvCNnEtRAAhEfgNgQnwsuDdTDDkv+LfXwaDc9E tgEX1hgrDmgZFNYHMv1e1rI+Di89zcPHBX4OwdvY+PzH4/ZlcOs0O6uvpbUZlYt5nK9NJ1oK xDkgQzNu5stnIFgJ60tmD7EuWBBdOkT5E86DlWVgxv6+oKM7YZuoQFxnt9kycNaSqT9efYIC JljSRk2OGA84sLm8CLOSweC/FIweWUbmRkbZmqN5hGvWp6pgjTDjutZhArZHcD1RLQoQiWs5 JowR1z5qxUaHTQL03/LpM9Xkfpho0fywn43ydvYP6+NbKVwYL3zJYkHTkxxbJdgRS9tRbKHM KAIEeNRL/plirvM+3lVvT6HIAypVLzy7TNPiFHLhqkT6/0MDAvK3g14PdAuu3rXkOivEfYXW 8ec3fiWzRydV+sR5T3P2M/CSBUgosC1GqBzSNbawA52FSGdoGyQtL6mGmKW5P8qtXSZ7+lNd dCm0zE+iQ1p/RWWyc1rtdWOu5kS2HyU6zgj7KIFe+SYUmJDf/vxQ9NA8iCAMI1uRdk+Bntlo zs+1ugesIWgL0Diqbwizh/bLvGLfIWkzki/EuiLKCp+hHVrdaj5ixvhuUSjy+ipTsCvyx4Kt StKlNDQq2oAnwLe8MmJS/Zxvw+h1D+D2hqV67RsL1o9iKzbLJAs2Pg3kJ8Sul7EBSj4hAP9i 6r+Sw== X-Talos-CUID: 9a23:Ts6jim0qJvETZe/kvvUpWbxfGt8qUH/ni0zsBQy1JFppFqykWXWu9/Yx X-Talos-MUID: 9a23:xujrkARfK7+NfJW7RXTltmBhF8Fn4Z+MJxEmlp8h59efLDBJbmI= X-IronPort-Anti-Spam-Filtered: true X-IronPort-AV: E=Sophos;i="6.03,250,1694728800"; d="scan'208";a="71347900" Received: from mail-mtaka26.fraunhofer.de ([153.96.1.26]) by mail-edgeDD24.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Oct 2023 11:43:00 +0200 IronPort-SDR: 6538e324_DggGUANX/jrqBoGx0oGFxp6RILZHjWiQ7HkbaAvtfqaaEjX tFEz7emnYY0XArFoLUv3XZKvS2Y+F5IvYONMvLQ== X-IPAS-Result: A0BEBgBB4jhl/3+zYZlaHgEBCxIMQAkcgR8LgWdSB4FLgQWEUoNNAQGFLYZBgiE7AZdqhC6BLIElA1YPAQMBAQEBAQcBAUQEAQGFBgKHFwInNQgOAQIBAQIBAQEBAwIDAQEBAQEBAwEBBQEBAQIBAQYEgQoThWgNhk0CAQMSEQ8BDQEBFCMBDyUCJgICMgceBgENBSKCXIIrAzECAQGlLwGBQAKLIoEygQGCCQEBBgQEsBcYgSCBHgkJAYEQLoNchC4BhDSBHYQ1gk+BSoEGgi2IHoJog3WFPAcygiKDLymLfoEBR1oWGwMHA1kqECsHBC0iBgkWLSUGUQQXFiQJExI+BIFngVEKgQM/Dw4RgkIiAgc2NhlLglsJFQw1BEl2ECoEFBeBEW4FGhUeNxESFw0DCHYdAhEjPAMFAwQ0ChUNCyEFVwNEBkoLAwIaBQMDBIE2BQ0eAhAtJwMDGU0CEBQDOwMDBgMLMQMwV0cMWQNsHxYEHAk8DwwfAhseDTIDCQMHBSwdQAMLGA1IESw1Bg4bRAFzB51Ngk0gAYENJ4E0fZYuAa55B4IxgV6hCRozlyuSTy6HRpBIIKI+hUoCBAIEBQIOAQEGgWQBOoFZMz6DNk8DGQ+BG40FDBYWg0CPe0EzAjkCBwEKAQEDCYI5iREBAQ IronPort-PHdr: A9a23:gc6kIR0z+RLqnuBwsmDO5gUyDhhOgF2JFhBAs8lvgudUaa3m5JTrZ hGBtr1m2UXEWYzL5v4DkefSurDtVT9lg96N5X4YeYFKVxgLhN9QmAolAcWfDlb8IuKsZCs/T 4xZAURo+3ywLU9PQoPwfVTPpH214zMIXxL5MAt+POPuHYDOys+w0rPXmdXTNitSgz/vTbpuI UeNsA/Tu8IK065vMb04xRaMg1caUONQ2W5uORevjg7xtOKR2bMmzSlKoPMm8ZxwFIDBOokoR rxRCjsrdls44sHmrzDvZguC7XhPNwdemBodBwGd3A7DZpbV7gi5lud+0S2GJtz4Ro1vVnezz JV2YhXaqzkbGT0e7TntiZkj6cATqket+DJnm9Hafp+7bKBjdYXtT4IrV2ltGfdqCAdGHIrsf ZcyKtgwYcQDv6zEgl4L/USjIgWrCs3SkTthvmbbwKc20eV5MwPm1wIjI+9UlSXRpvLcJfZMU cnr9LGP8T/xX7Rc4zL867nxNQIimO2HVPUpc+iJ53AvCjGGqwSTm5fCOS+X1ucgk1qSt7V5d +631EMepAs2nWTo+9wrmKWZmJ9P5nT0qxxZ2qoNO/jtGwZrJN++F51IsDuGcpF7Wd4mXzRws T0hmdXu2La+dSkOjZE7zj32MaLBfZKB/xTjU+icO3F0iSEtdLG+gkOq+FO7gq3nV8ay2UpXt CcNjNTWt34M2hCSosiKQ/dw5AGgjB6BzQnO7OFDL00u063dLp8q2LkrkZQP90/EG0fL IronPort-Data: A9a23:P4cEUaMJM0sp+eHvrR0gk8FynXyQoLVcMsEvi/4bfWQNrUong2QPz DMYXWuBOKuNMGf8ftgkOonkoRsP7ZWEzIMySHM5pCpnJ55oRWUpJjg5wmPYZX76whjrFRo/h ykmQoCcappyFBcwnz/1WpD5t35wyKqUcbT1De/AK0hZSBRtIMsboUsLd9UR3Mgw2rBVPyvX4 Ymp+pWFZQf8s9JJGjt8B5yr+EsHUMva5WtwUmwWPZhjoFLYnn8JO5MTTYnZw6zQG9Q88kaSH o4v/Znhlo/r105F5uCNzt4XRnY3rov6ZmBivJb2t5+K2XCurgRqukoy2WF1hU1/011llPgpo DlBWADZpQoBZsXxdOohvxZwNQ9kNI5X1478Gybl7s/I3xLaTmDH3KA7ZK02FdVwFudfGmRS7 boVODsNKB6Zjv+wwLW1R/MqislLwMvDZd5E/CA/i2iGXLB/G8+rr6bivbe02B81h8tOFPvaI dUUaCF0RB3BeBBEfFkNAY84nOCmi2O5fzAwRFe9+/prszaJk1MZPL7FbYrZdteqRptvl3m8i mTv+H/UAhgLDYnKodaC2jf27gPVpgvyXI8CHbu0++RChVyTz2gSAwwQE1C8pJGRgFS3RtRSM WQX9zAooKx081akJvH0RAGQo3OeuBMYHd1KHIUS8AiQzoLM6hudQ20DSSRMLtchsaceSTUs1 1KNt9LuCjFmqreSWTSb+6v8hTq0NTIULEcBaDUCQA9D5MPsyKk2hwjTT9AlFKeoptn0Hyzgh TyHskAWnLIVguYI2r+98FSBhCijzrDYThUd6A+RVWWghit7Y46jIYKh8kTS5/tGIK6WS1CAu D4PnM32xOMWFpCLmyylQ+gXGrytofGfP1X0mlJhN5Ym8Dup9jioeoU4yDF3I0N0Ne4LfjjmZ EKVsgRUjLdRO3+xZId0bpi3BsBsyrLvffz8S/3ScttISplqcxGO+CxoeQib2GWFuFYti6YXK 5qdcNjqCXccFLQhyyC5AfoeuZcuxyM6wnj7XoL21Rmr0PyeeRa9QLIEKgTVb+QR46aNoQGT+ NFaX+ORxg9QXcX+ay3T4IhVJlcPRVAxHZ7etcNabKiALxBgFWVnDOXeqZsleop4j+FWm/3O8 3WVREBV0hz8iGfBJAHMbWpsAJvrXJBivTc1JiAhI1us82YsbJzp76oFcZYzO749+4ReIeVcF qRePpTfR60QG3GeoWtbc5y7p8psbh22gwKJMSe/JjQyF3J9ezH0FhbfVlKH3AEAFCOqs8s5r bC6kATdRJsIXQN5C8jKLvmoyjuMUbI1xIqehmOZc4UBS1am64VwNS36g9k+JsxGe12JxSKX2 0zSSV0UrPXE6d19utTYp7G2n6HwGctHH21eAzb665SyPnLk5WaN+9JLf9uJWjH/b1nK3pueS 99b9NzGC81frm1269J9N51J0ZMB48Deou4G7wZ8Q1TOQVeZKpJhBXik3cB/kKl81+Jcsg6YA 0iK+sdoPIuYHMbfFH8QOwsXQeCR3t4EmjTpzKoUIWerwARV7ba4QUFpEB3UsxNkLZxxK5ID/ ectnOU0+j6PoEMmHfjehx8F6lnWCGILVpsWk60zAajpu1IN8U5Da5mNMR3GysiDRPsUO3Z7P wLOorTJgold4U/wc3ATM3zp9sgFjLQsvCF69nMzF26rqPHk2MBuhAZw9A4pRDt71h9EiuJ/G lZ6Pn1PeJmhwW1au9hhbUuNRSd6Gxyrym7gwQAolUrYbXWSeE7jEWkfAduJrWclqz9yXz4D5 7yJ6nfXYRCzduHL4yYCc0pEqfvicN9PyjP/iP2XR8SrI7RqYB7OoLOfWm4Tmh62XeIznBLmo MdpzsZRaIr6Fzwak5ckL4ykiYVKRw22Ik5CTc48+6lTL2XXeWyx6wOvMGG0QNtGfNbRwH+7C utvB8NBbAu/3yCwtQImBbYADrt3vfwx7v8AR+/bHnEHuL6hsTZZipLc2SzgjmsNQd81s8ICB q7OVjCFSEq8uGB1njLTkcx6JWaIW9kISwni1uST8u9SNZYisvlpQH4iwImPoHSZHwt2zS265 DqZSfft8NVj7oBwk6/HMKZJXVy0IOyuctW4ylm4ttAWYO7fNcvLiRgulWDmGAZrJpoUZcV8k OWckdzw3X6dho0MbULip8CjGZVKtOKIZ8gGFuLsLXJfozmOZ9+03TsH5FKDCMJolPFz25CZY jWWOeWMcewbYdN//EFuSjN/Fk8dApvnb627qiKaqe+NOycn0gfGDY2G8FHxZjtldAsNCYzPO jHpstn/4+JojZl+KyIFI9pEAJZIBkDpdoV7Vt/2tBieVnKJhHHbsJTctBMQ0xP5IVjaL9Tbu LXrHgPfcja2s4H2lOBpiZR45EArPSwskNsOcVI40P8orTKDVUotD/kXaLcCAbFqyh3C7onyP mzxXTFzGBfGfGp2dDvn647eRSaZPOsFP+n5KhEP/0+5bySXBpuKMIB+9xVPsmtHRT/+8N6Jc d0u2GX8HhyU8KFbQew+4v+ag+A+4tj4wnkO2172ku2sIhI4LIgJ6kdcH1t2ZXSaK/3OqUTFG zFkDyQMCkS2UlX4HstcamZYUkNR9i/myzIzKzyD2pDDsoGc1/dN0+D7J/q16LAYccAWP/Qbc BsbnYdWD7y+gRT/YZcUhu8= IronPort-HdrOrdr: A9a23:rAnOHKtpP+sXlNTlEgkHMKFl7skDctV00zEX/kB9WHVpm6uj5q aTdZUgpHjJYVMqMk3I9urvBEDtexzhHP1OkOss1NWZLW3bUQKTRekP0WKF+UyCJ8SXzIVgPM xbEpSWZueRMbErt6vHCEvRKadE/OW6 X-Talos-CUID: 9a23:49GctWEwnTPqUw83qmJB2lQdOdEKQ0bnki2PIBSoVnpUU5aKHAo= X-Talos-MUID: 9a23:c1KelggZK6Q+5EkY8iK+88MpaZdk76+OCx43mKoil8+tMjddOz6MtWHi X-IronPort-Anti-Spam-Filtered: true X-IronPort-AV: E=Sophos;i="6.03,250,1694728800"; d="scan'208";a="68486277" Received: from 153-97-179-127.vm.c.fraunhofer.de (HELO smtp.exch.fraunhofer.de) ([153.97.179.127]) by mail-mtaKA26.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Oct 2023 11:42:59 +0200 Received: from XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) by XCH-HYBRID-03.ads.fraunhofer.de (10.225.9.57) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.27; Wed, 25 Oct 2023 11:42:59 +0200 Received: from DEU01-FR2-obe.outbound.protection.outlook.com (104.47.11.168) by XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.27 via Frontend Transport; Wed, 25 Oct 2023 11:42:59 +0200 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fqpIjms/NYp1U9pHDasUBGtcns2zDrTzpbmZ3s1F67VY6etH0S1qCH9KhDxC9XwyV1dV15DfoU163bU1j2HPTUwIWoX1msmvFgJm+Ef2BwZuxaOCnY3/2WJ9og3rLwkLYhzWH6kjHhaer1T83wv4feTc3dFbHOIgdCDQ2THqUUYsR9wOWYtVr+jpDBdpdaQejKwjFV8j7f51tjOgiUEMK6aqM9Pq7eEKmESOauuYUDJkMVCtqWBPUd6JCotT7bta2yPR7zD72hC5tKLA1tZCPP/QdSX1uMEJ+vSZdwbAzk0B9aEinkiwP/diRzDp8+HU6vWBzBjCPMtV5WxkSgt5Dg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=la0XwQPiL4K+HekaltsyfcU3g+yKZuBbZKvtFkOu0Rk=; b=QBak9s4qYpByf83gS7u0qFlZh5YK/C6Q/1robqsr9HdEFA06C/5D/MIxyljTeHYjd0osIPKC8xZsIwsOkiLTV82gkkxbhsArXPQ8RKzScYCDLOsA103CW4jdTLDxS4IyTe6/kSb0F9vnmSkL0zqAqDm5013xn1T8MKC5XAjDt+qTBhAL8sKWOw0DYxbn+sWyPmRaOTsLl3AQ/76w7x3Agw8DtSjRMGzTjjjYRvAfr7L95L0csEiecuecIifcRefZSQ2zOwddktarBPJoCKiLYE7ohZA8CGT3GRpGZsBlSHqx6BaF3mkV77qqCCGQMZukXTOu2+UwiptwgDMF25nrog== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=aisec.fraunhofer.de; dmarc=pass action=none header.from=aisec.fraunhofer.de; dkim=pass header.d=aisec.fraunhofer.de; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fraunhofer.onmicrosoft.com; s=selector2-fraunhofer-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=la0XwQPiL4K+HekaltsyfcU3g+yKZuBbZKvtFkOu0Rk=; b=d7Fp07fvvF02ucNXZ9YzkD/YS7Cova8ztUMZY4J3xMQMmm87uOdofFU3lAPqEubdji0JjHcfkTU2M9mbOAy96hA6Pp/TbZX/bRmikYQ/zkQtca/1jJ0FQhuZ+M9kZsOntjhkEHZa07qJdp7EQgb/W4/UsozD8vu2DLX6QHrDPvM= Received: from BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:50::14) by BE0P281MB0116.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:f::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6933.19; Wed, 25 Oct 2023 09:42:58 +0000 Received: from BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM ([fe80::7330:78f8:1bf2:2f4d]) by BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM ([fe80::7330:78f8:1bf2:2f4d%5]) with mapi id 15.20.6933.019; Wed, 25 Oct 2023 09:42:58 +0000 From: =?utf-8?q?Michael_Wei=C3=9F?= To: Alexander Mikhalitsyn , Christian Brauner , Alexei Starovoitov , Paul Moore CC: Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Quentin Monnet , Alexander Viro , Miklos Szeredi , Amir Goldstein , "Serge E. Hallyn" , , , , , =?utf-8?q?Michael_Wei=C3=9F?= Subject: [RESEND RFC PATCH v2 06/14] block: Switch from devcgroup_check_permission to security hook Date: Wed, 25 Oct 2023 11:42:16 +0200 Message-Id: <20231025094224.72858-7-michael.weiss@aisec.fraunhofer.de> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20231025094224.72858-1-michael.weiss@aisec.fraunhofer.de> References: <20231025094224.72858-1-michael.weiss@aisec.fraunhofer.de> X-ClientProxiedBy: FR4P281CA0420.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:d0::17) To BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:50::14) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BEZP281MB2791:EE_|BE0P281MB0116:EE_ X-MS-Office365-Filtering-Correlation-Id: ac42e99c-262b-4c25-733b-08dbd53ec5b1 X-LD-Processed: f930300c-c97d-4019-be03-add650a171c4,ExtAddr X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 0LxokPclv89QKj1UIGoSMqhDLjoyO45hVrJ+uFd0/PXAWKEGPTQ+ik258KpGHufB50OwQCs9aGc6RXb/Vt7U57kGoqhBB1yqkLW36NWgyML+N4XC0X0O9pe936e/yJp2FX2ABz3fDYJlbg07e8R3Tc3OzsNQmAPy4556acPft95aQPZEf4G0xsE8gr8KpGzJISKiJFVvm2WYZkRlE4oAjjQmtT4i4/kdZGJDel+WcKFcDGq9aNTPDOGB/aJDVnzN+E1oe2FQWQnPUVD8MhUToCPpB5cf3lJ61U84g98SaMALhhc6yHYgZDSzJ2gHrcCmP2RkFnZg70SZw81li3KgQi3ujrkgS0B0I591X0JjK7mawntiC4RcJBV7s5MFTS3Dj37hIpng1JNS+BsLYDQCYVGmQ0F7N2l566B11PD3OSb+b2Z0Nj5m5PnTw3mFFJe1BIA1Y6UtAkOeoiiPQ9ucSxJTIdcMkFh3QvRjYb5xwJRnaTzsy/h7DphyqZKNdqfgWD9c98RMHB/0B2AcJQJA9gonUn770j3q5sp0kSxW4sN+2xHAbak1RI0EqAtXxswqrVJdEQ0EDsu9ISKf1evYwMBqvMg4FQvGPMmt3h5sRrc= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230031)(366004)(346002)(136003)(396003)(376002)(39860400002)(230922051799003)(1800799009)(186009)(64100799003)(451199024)(66946007)(83380400001)(316002)(38100700002)(6486002)(478600001)(6666004)(54906003)(110136005)(66556008)(66476007)(1076003)(107886003)(52116002)(6506007)(2616005)(6512007)(15650500001)(7416002)(2906002)(86362001)(4326008)(8936002)(82960400001)(8676002)(41300700001)(5660300002);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?FT7Oy5IqpD6zNl8rKjg6PWpHO4J3?= =?utf-8?q?f7DZpCO1rIJJykg20fuopPOW/8Fblis0PgDyZZpIeXtu3xnWY+pyH44ihOxNn3wvl?= =?utf-8?q?X41VtSbYutKWwMo9/MYYKHuYh301ijV+xsyzGFmeWZBgrKwsulRtdJZv2iV1CI5bF?= =?utf-8?q?0WVxgc1rpxgTWQ+XuRBVYqN76awDHdIbjiZGtgoeCTSg/FOqmU2BSDGtuKsS2vkLZ?= =?utf-8?q?5jNwwz4TL8SYaNom0PEhmi4go1XylBdcxzST8jPf0rviTqQ8hovICHmQ8xMME0beI?= =?utf-8?q?SdqAE5f2qH8/oDcr+U5LtmftiWsr7Z3uHLaE9wwr8BcF2T+yGbU3CUMgvXfGP6ofg?= =?utf-8?q?vHB9OV7MHM9TNV66cdl42iWFMrqM9zHBPoLDHG4XUsAEE5XupAfrYD4tKkGqU4Gzr?= =?utf-8?q?HR9zcg35fnGsoahdBXgpqL4DjsiQXIqPKcqskVPoDaUtJcVB2MRDTxhtu4TYRzUYW?= =?utf-8?q?MTvRZMU8jMwsdlcBLn9ppUwF0Vh663P8gBrZZcSp+Eoy0ao/XtKC4R81Hyx2oJZku?= =?utf-8?q?lqmiRKR1PtuDIdFe2kjNdhWyDacht6hFc4XxR5yxZhN4J4IP9+0O6rRMhs3n8TmMW?= =?utf-8?q?80BIqDwooGv73d3a62En4uZKb/kQiE1tW51rJutoDXgdwqf/kvSel+5JrTlxghp7h?= =?utf-8?q?+F7WEsnbGYIElikBHKcfve5NU31bf979/3S6upj0k813wSwpMbf9HI68B/Jk33lRH?= =?utf-8?q?k7wIFJlYvJWacAkyd1xONB3FvMHSpXD9qVRdhYgIBny3QVwDgufhbSMO/GTmQ+pk0?= =?utf-8?q?+eTx9c/AJZMsu+Sb6t9GvK+n5vC1fRt4QjMfUVHki6osNoEuBhtRmkIutc89oS2re?= =?utf-8?q?259WYGt9KJ2jJvo/zK3WH21tkuvYQIsaaHrE1NxU47sV4keCDRpCEknOkXvzlu//N?= =?utf-8?q?qGs7lUspV2+iJzvmofTQLLKWWsJaICBLVDLYmRfTHXHubqK8CtzWVkTHXWc11/qOe?= =?utf-8?q?t9HqYWFszknbLsCqWUpMGW5MtxK1Wxio/wC4toBq7fyO4bPCVfacHYgz6IhTrdoMq?= =?utf-8?q?5APPZ3BaQVDrGGSdVlRfvHE+sbYoJYzoVsWwKOuc1EFo3+0NVFBSeF7sfObvWcwdB?= =?utf-8?q?yJqCDO/N4A5h9hBFGSh8WqlCUD2BCh6dAzo45NZuLu9HsmOhjOd4kwDJvdbn6pr6F?= =?utf-8?q?WRvyAsLrn3E2c7dacrq2qU0Q5zhXyw2S1DmxUlSyEaBffObduA9iHTC6526t5Uvzn?= =?utf-8?q?CMoMmz7SrNEhe5H4l06wjSMtMM+i/RZ9kFMPCxZ/VEmnyis0RvHPLnS3jGhqAD88x?= =?utf-8?q?PkJYZ6neZCTayQ4Z4vSIEZE2IgsAqfLVkz8dZKWny1jkkTG6+VVo4IUiPXtzXU9p3?= =?utf-8?q?gMeE+Cq8V7Jlf3UO1pyTwRyadm40bm8DCpMDCpHQV+WVvUr9MINjR+9ZTm6Q0Oqkk?= =?utf-8?q?uVdzIt49CRxktvSqpXKteQ3WE12CvCKiKs4c9nPYzbhjhs03O/B4Pl9RY8RNnaRwp?= =?utf-8?q?e7YxieqTIHgM1o+tp1QnRJON4Arh6hn+ki11v73lREzbxpvPnOhYyDLJhjDgg4aQu?= =?utf-8?q?U2ly59T2rLN/j+dpyOl1qnJWwlri+d/dZ+m+5kzxA773fJaD3mbejuNp231Q3vWan?= =?utf-8?q?68V6pvCEYj1LfYATk58lTIKnyZAF2wsIMZVFAbZOtAU3WAFtzNlwqI=3D?= X-MS-Exchange-CrossTenant-Network-Message-Id: ac42e99c-262b-4c25-733b-08dbd53ec5b1 X-MS-Exchange-CrossTenant-AuthSource: BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Oct 2023 09:42:58.5664 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f930300c-c97d-4019-be03-add650a171c4 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: A6cb3h8jL2TwWkg39T2EApG5kUW9tOA7sARXaoURhB++RNw0p5V1llkySFOH9OyIVa9NMuCKedeudF2S+A83u+4VgDum80S2gwCOEd12P/ALbJkGzSo858hvA3GLoqcC X-MS-Exchange-Transport-CrossTenantHeadersStamped: BE0P281MB0116 X-OriginatorOrg: aisec.fraunhofer.de X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on morse.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (morse.vger.email [0.0.0.0]); Wed, 25 Oct 2023 02:45:05 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1780720245534985958 X-GMAIL-MSGID: 1780720245534985958 The new lsm-based cgroup device access control provides an equivalent hook to check device permission. Thus, switch to the more generic security hook security_dev_permission() instead of directly calling devcgroup_check_permission(). Signed-off-by: Michael Weiß --- block/bdev.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/block/bdev.c b/block/bdev.c index f3b13aa1b7d4..fc6de4e2a80b 100644 --- a/block/bdev.c +++ b/block/bdev.c @@ -10,7 +10,6 @@ #include #include #include -#include #include #include #include @@ -27,6 +26,7 @@ #include #include #include +#include #include "../fs/internal.h" #include "blk.h" @@ -757,10 +757,9 @@ struct block_device *blkdev_get_by_dev(dev_t dev, blk_mode_t mode, void *holder, struct gendisk *disk; int ret; - ret = devcgroup_check_permission(DEVCG_DEV_BLOCK, - MAJOR(dev), MINOR(dev), - ((mode & BLK_OPEN_READ) ? DEVCG_ACC_READ : 0) | - ((mode & BLK_OPEN_WRITE) ? DEVCG_ACC_WRITE : 0)); + ret = security_dev_permission(S_IFBLK, dev, + ((mode & BLK_OPEN_READ) ? MAY_READ : 0) | + ((mode & BLK_OPEN_WRITE) ? MAY_WRITE : 0)); if (ret) return ERR_PTR(ret); From patchwork Wed Oct 25 09:42:17 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Michael_Wei=C3=9F?= X-Patchwork-Id: 157974 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce89:0:b0:403:3b70:6f57 with SMTP id p9csp2479358vqx; Wed, 25 Oct 2023 02:45:00 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFGjeoKHA7c7W0h1odVp2R6dS7egg7GzqHPxe2F5N8yNQ+mkHPj0hCa+0XPZjbMRSIYazOC X-Received: by 2002:a05:6808:1a94:b0:3b2:ef72:f59e with SMTP id bm20-20020a0568081a9400b003b2ef72f59emr15169132oib.24.1698227100136; Wed, 25 Oct 2023 02:45:00 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1698227100; cv=pass; d=google.com; s=arc-20160816; b=wHlzZY139YLuDDPIrEAComHIJq3VFvuLletGIiu9lpdrzGUoH67FJyBVbZ7evDlxmQ jNqFZu4PibvBRYUGcuzpavcwQuS/Q0NvzQQjNmotBQF+ztRl7muY+7WtVACfdMNRaOG/ 3lujuYgnmpmM6lu7ER9sNMaup3KKWd6ZKzeCzWBBnc3s/nZjYkjxlFgwAgNDiLOSCqD2 rteWFGAzAKVz6Q6rFi/8YVKXPTZtfPMDjkYh7dIPeXiJMcH/O0TBjNvpJpAwGcSDNZ77 9FNGl0b22w81cAFjL8HXZC2iLO5wYZ1FhVhrnap5KCiFNjAKAqb0WhwV1CRxW1ND3adJ hSbg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:content-transfer-encoding :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature:ironport-hdrordr:ironport-data:ironport-phdr :ironport-sdr:ironport-phdr:dkim-signature; bh=9vf1ixH2qLJzlXFGb64g2kEhkedNPAsYtGmzXincPmU=; fh=U9u/esc0XBb8N/pVu7kudxJPwEQ0AyrThcmR2LpYyxQ=; b=AoKNpHKMlZaKL58wnHRnRzbKsOy19Nqx/IufZtPCntuL4e9J82aQVBzosTDjvHoAQ2 S/TnAkatzyFubWp05nOVIdzWZ5SQzvkd9jIeb7rAEAPZ5mv0qjuTtoabHbUGqyT+35Lb Nkq5tf8fJPKBx1qSdhNWSUgIPFbzG0ZnxvB6sGM3/045+cZzp4SVe6//S7VSYyZGmy0S 9XjVKLDd+I/WO/aB1iJvH2l/4h4Xlw28vflHkIdinKvOrfmQQaloWQVNvdOyakWkhaGA P+kBxgSv0tKugcwreWfx7szXvBin9BEmpxQJlAatEqvtvozoTco66MoQC9PsuimAss9f oC+Q== ARC-Authentication-Results: i=2; mx.google.com; dkim=fail header.i=@aisec.fraunhofer.de header.s=emailbd1 header.b=EeaG7Rw+; dkim=pass header.i=@fraunhofer.onmicrosoft.com header.s=selector2-fraunhofer-onmicrosoft-com header.b=OO7+q2w+; arc=pass (i=1 spf=pass spfdomain=aisec.fraunhofer.de dkim=pass dkdomain=aisec.fraunhofer.de dmarc=pass fromdomain=aisec.fraunhofer.de); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from agentk.vger.email (agentk.vger.email. [23.128.96.32]) by mx.google.com with ESMTPS id d12-20020a25360c000000b00d8677aa06ecsi10529806yba.341.2023.10.25.02.44.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Oct 2023 02:45:00 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) client-ip=23.128.96.32; Authentication-Results: mx.google.com; dkim=fail header.i=@aisec.fraunhofer.de header.s=emailbd1 header.b=EeaG7Rw+; dkim=pass header.i=@fraunhofer.onmicrosoft.com header.s=selector2-fraunhofer-onmicrosoft-com header.b=OO7+q2w+; arc=pass (i=1 spf=pass spfdomain=aisec.fraunhofer.de dkim=pass dkdomain=aisec.fraunhofer.de dmarc=pass fromdomain=aisec.fraunhofer.de); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by agentk.vger.email (Postfix) with ESMTP id 95C66802F226; Wed, 25 Oct 2023 02:44:57 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at agentk.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1343521AbjJYJoi (ORCPT + 26 others); Wed, 25 Oct 2023 05:44:38 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39112 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234634AbjJYJoL (ORCPT ); Wed, 25 Oct 2023 05:44:11 -0400 Received: from mail-edgeka24.fraunhofer.de (mail-edgeka24.fraunhofer.de [IPv6:2a03:db80:4420:b000::25:24]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A375110A; Wed, 25 Oct 2023 02:44:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=aisec.fraunhofer.de; i=@aisec.fraunhofer.de; q=dns/txt; s=emailbd1; t=1698227049; x=1729763049; h=from:to:cc:subject:date:message-id:in-reply-to: references:content-transfer-encoding:mime-version; bh=eKElJcu7Id5sldol2s8MOyzTK9+7fV+g6NYwtKozuZg=; b=EeaG7Rw+yl3KJeSGh4Og437zykxXpDvM9cpFeu7GLNcj3JSZie9W52dy QXwt4ShHwaGyi5ilfgP+IMivp7LBzNKuitOiTSimMoxNgcDW40GapQq1n 6qVR04W6T9wYPZ0LCn/xhTJYo1kQlQnDpq/CUvA/J2ulCZ4yUtJU+5uwN nuU40paR4qf1VzfTrqWXnfVfNLg9QgttHMcAQ7zwNvVAD/giHiOGg3fpZ bPqcXAfu0VUuhocW0BmyURwGJf5DLjZ/473uEbqZJXksKe82lMfm/7RXv mSVTBWbKsKyFX9YnUzZG9wcxey0FCYeoNEgsGUet5XffdMVb9bcwKyVty Q==; X-CSE-ConnectionGUID: Oar3O4eMQGmOAAyffpgzYA== X-CSE-MsgGUID: DROKL+LfSdGdHNyU3Ffiqg== Authentication-Results: mail-edgeka24.fraunhofer.de; dkim=pass (signature verified) header.i=@fraunhofer.onmicrosoft.com X-IPAS-Result: A2EqAwBB4jhl/xmnZsBaHgEBCxIMQIFEC4I5gleEU6oEhAQqgSyBJQNWDwEBAQEBAQEBAQcBAUQEAQEDBIR/AocaJzQJDgECAQMBAQEBAwIDAQEBAQEBAQIBAQYBAQEBAQEGBgKBGYUvOQ2EAIEeAQEBAQEBAQEBAQEBHQI1VAIBAyMECwENAQE3AQ8lAiYCAjIlBgENBYJ+gisDMbIYfzOBAYIJAQEGsB8YgSCBHgkJAYEQLoNchC4BhDSBHYQ1gk+BSoEGgi2EWINGgmiDdYU8B4JUgy8pi36BAUdaFhsDBwNZKhArBwQtIgYJFi0lBlEEFxYkCRMSPgSBZ4FRCoEDPw8OEYJCIgIHNjYZS4JbCRUMNQRJdhAqBBQXgRFuBRoVHjcREhcNAwh2HQIRIzwDBQMENAoVDQshBVcDRAZKCwMCGgUDAwSBNgUNHgIQLScDAxlNAhAUAzsDAwYDCzEDMFdHDFkDbB8aHAk8DwwfAhseDTIDCQMHBSwdQAMLGA1IESw1Bg4bRAFzB51Ngm0BgQ2BW32WLgGueQeCMYFeoQkaM5crkk8uh0aQSCCiPoVKAgQCBAUCDgiBY4IWMz6DNlIZD4EbjQU4g0CPe3QCOQIHAQoBAQMJgjmJEgEB IronPort-PHdr: A9a23:CFKR8RQniMpNkGXxX7O91BFdstpsou2eAWYlg6HP9ppQJ/3wt523J lfWoO5thQWUA9aT4Kdehu7fo63sHnYN5Z+RvXxRFf4EW0oLk8wLmQwnDsOfT0r9Kf/hdSshG 8peElRi+iLzKh1OFcLzbEHVuCf34yQbBxP/MgR4PKHyHIvThN6wzOe859jYZAAb4Vj1YeZcN hKz/ynYqsREupZoKKs61knsr2BTcutbgEJEd3mUmQrx4Nv1wI97/nZ1mtcMsvBNS777eKJqf fl9N3ELI2s17cvkuFz4QA2D62E1fk4WnxFLUG2npBv6C8bvvHL7psonwQ24L8nGY58+B2itt aRGSBzlhAE/HiUI7E7SmPxxiqljpS/09Hkdi4SBR6bKd+MkYeDjWPxGaFcYf/gLCwpPJZGTV ogrX7UFMuN9sbjf5GtQrgOuAzCUWPLI7z9MjSLr/o83kNYELRrAhFwEI/U1km3rp/Xvc6MPC vmE0vKL1m6cfdVH5S3j85LoVC09/PKFbIxsduTR0Hk0EAbMkW28m4bObmjN9MgMnm+f3udle 9iRhUMY9DosiQO1/9kio67JhKww4W2D1Stg2oIpI42SWmRLRPmvRcgYp2SbLYxwWsQ4XyRyt T0nzqFToZegZ3tiIPUPwhfeb7mKf4eF4Ru5CKCfOz5lgnJidr+lwRq/ogCsyez5A9G9y00C7 jFEnd/Fqm0X2lTN59KGRPpw8gbp2TuG2w3JrOARCU4unLfdK5kvz6R2kZwWsE/ZGTTxllmwh 6iTHng= X-Talos-CUID: 9a23:I6tyOWPBZ39xWO5DfyB9r2lIF+UcXXj65V7BLUGgBnRYYejA X-Talos-MUID: 9a23:k5P0Jwn5V1VVswmSpSq+dnpODuBLx+eKBnsBvpkmndi5bgJ+Oi6S2WE= X-IronPort-Anti-Spam-Filtered: true X-IronPort-AV: E=Sophos;i="6.03,250,1694728800"; d="scan'208";a="1802503" Received: from mail-mtadd25.fraunhofer.de ([192.102.167.25]) by mail-edgeka24.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Oct 2023 11:43:02 +0200 IronPort-SDR: 6538e325_vEal4lnTu32ysoXXPPkFmYXiAftA6WmewohagMT40cLgkXK G6s6YC3m5gyCrw2lp8fRwb/U4vt0zSy2covv0kg== X-IPAS-Result: A0BZAAC94Thl/3+zYZlaHQEBAQEJARIBBQUBQAkcgRYIAQsBgWZSB4FLgQWEUoNNAQGETl+GQYJcAZdqhC6BLIElA1YPAQMBAQEBAQcBAUQEAQGFBgKHFwInNAkOAQIBAQIBAQEBAwIDAQEBAQEBAwEBBQEBAQIBAQYEgQoThWgNhk0CAQMSEQQLAQ0BARQjAQ8lAiYCAjIHHgYBDQUiglyCKwMxAgEBpTABgUACiyJ/M4EBggkBAQYEBLAXGIEggR4JCQGBEC4Bg1uELgGENIEdhDWCT4FKgQaCLYgegmiDdYU8B4JUgy8pi36BAUdaFhsDBwNZKhArBwQtIgYJFi0lBlEEFxYkCRMSPgSBZ4FRCoEDPw8OEYJCIgIHNjYZS4JbCRUMNQRJdhAqBBQXgRFuBRoVHjcREhcNAwh2HQIRIzwDBQMENAoVDQshBVcDRAZKCwMCGgUDAwSBNgUNHgIQLScDAxlNAhAUAzsDAwYDCzEDMFdHDFkDbB8WBBwJPA8MHwIbHg0yAwkDBwUsHUADCxgNSBEsNQYOG0QBcwedTYJtAYENgVt9li4BrnkHgjGBXqEJGjOXK5JPLodGkEggoj6FSgIEAgQFAg4BAQaBYzyBWTM+gzZPAxkPgRuNBTiDQI97QTMCOQIHAQoBAQMJgjmJEQEB IronPort-PHdr: A9a23:x5yH0RbTUb4ZIAlKXeBzA5v/LTFg0YqcDmcuAucPlecXIeyqqo75N QnE5fw30QGaFY6O8f9Agvrbv+f6VGgJ8ZuN4xVgOJAZWQUMlMMWmAItGoiCD0j6J+TtdCs0A IJJU1o2t2ruKkVRFc3iYEeI53Oo5CMUGhLxOBAwIeLwG4XIiN+w2fz38JrWMGAqzDroT6l1K UeapBnc5PILi4lvIbpj7xbSuXJHdqF36TFDIlSPkhDgo/uh5JMx1gV1lrcf+tRbUKL8LZR9a IcdISQtM2kz68CujhTFQQaVz1c3UmgdkUktYUDP7ESrQJmoszva7PNZ+jueDePZR+5oVm6hw qdoRRPOsA4cBiIW9XPni8p7tKdm9UHExVR1lqnzP8KMbuU9QIbyIf4nHEt/BJp3WQtTLbq/S 9tQC+UEGPhpjcrN+VgWvR2HPVW9I8bvzjQVm1zU0O4I9tg6F1mW+DAHJPAXj3/0tpLxKfwLY P7uj7KTkiflfs9MxyznyK71bk0iqMCyQbVecdPh0k4qHhz9omeagt2+ZxG518kKt1mW6sRaa +yCtDEc9ipKuAGxyO4Liovno6kojXDK7D993IBlD8+SeGtcaov3WIsVtjudMZNxWN9nWWxzp SImn6UPooXoFMBr4JEuxhqabuCOX6TSv1TtTu+MJzd/in9/Pr6y1F6+8kmln/X1TdL8kE1Lo SxMjsTWuzgT2gbS5MmKRro1/kqo1TuVkQGGwu9eKF0yla3VJoRnxbg1l5EJtl/EEDOwk0Lz5 JI= IronPort-Data: A9a23:IcEOfqI1kUBbXCbLFE+RVZElxSXFcZb7ZxGr2PjKsXjdYENS12cFm 2EcWzyPa/+PNmb2c9skYIrj9RkBsZKDzdNhTQEd+CA2RRqmiyZq6fd1jqvUF3nPRiEWZBs/t 63yUvGZcIZuCCW0Si6FatDJtWN72byDWo3yAevFPjEZbQJ/QU/Nszo68wICqtAu2YPR7z+l4 4uo+JSHYgL9glaYD0pNg069gEM31BjNkG5A1rAOTagjlEPTkXATEKUeKcmZR5cvatAJdgISb 7+rIICRpgs1zT90Yj+WuuqTnnkxf1LnFVPmZky6+0SVqkMqSiQais7XPReHAKtdo23hc9tZk L2huXEsIOskFvWkpQgTb/VXOzt1Lfd5w5LfG3eUmt6I6Wfla0X+/Nw7WSnaPaVAkgp2KXpL6 eReJSAGblaNneurxrK8ROR2wMguRCXpFNpC4TcxkneAUqdgGMqcK0nJzYcwMDMYg8FFHf/TY 4wGZDt0dzzJYgZCMREZEpsjmueviHTlNTFVwL6QjfNnszSClVEujtABNvLqJvnJY8ZPnH+So znt/U3XDVYfMcWQnG/tHnWEw7WncTnAcIsWGa2x8PJnmnWWx2waDBwdRF39qv684ma0QdtCL UEO0ikjt64/8AqsVNaVdxSjvFaHswQaVt4WFPc1gCmVw7fQyx6QG2xBSzlGctFgv8gzLRQm3 1mIktfBBDtgvbSPQ3WNsLGZsVuaMC4ZN24DTSwJVw0I55/kuo5bphfGVMpiFuixh8DdHTD23 iDMoCUg750IisgE/6a251bKh3SrvJehZh81/S3ZVCSu6QYRTIyiZ4ru51HA8f9KIYCVZlaEt XkA3cOZ6YgmDomWlSqCQM0OEauv6vLDNyfT6XZ0E5cJ+DOq9HquO4tX5VlWJE5uNtsDUTDuZ 0DXtEVa45o7FHmtabR+S4G8EcInye7nD9uNfunJY9xSY55ZdRSA4ihqaEiMmWvqlSAEj6AlP r+JfMCtEzAeCKJ63HyxXehbzLxD7iU/xmfUXrjg3Rm93LafIn6IIZ8MNVqUMbs46IuLpQzU9 5BUMM7i4w5SSuLzSine9YoCKxYBKn1TLZrupeRJeeOZZAlrAmcsD7nW27xJU4hkmblF0+TF5 HewXmdGx1flw37KMwOHbjZkcryHdZJ+q28reCI3MVu21nwLf4mi9uEceoExcL1h8/ZspcOYV NFcJp7FU6sKE2uWvm1HMt/jqcppMhqxjB+IPy2rbSJ5c5MIqxH1x+IItzDHrUEmJiStvNY4o 7qu2xmdRpwGRg94C93RZu7pxFS01UXxUsooN6cRCogCJBff48JxJjbvj/Q6BcgJJF+RjnGZz guaS1NQ7+XEv4Z/opGDiLGmvrWZNbJ0PnNbOG3HspewFy3RpVS4zaF6De2nQDH6VUHPwpuEW 9l79f/GDaA4rA54iLYkS7dP5oAi1uTrvI5fn1hFHm2UTlGFCYFAA3ih3OtPv51rwo5I5A69X 2zW8NxaJ4eMBtLBFWQVBQs6b9as0eMftSnS4M8UfmT7xn5T15iWXXpCOyKjjHRmE4J0F4c+0 MEduMIywC6uuCoAa9qpoHhdyDWREyYmTa4iiKA/PKbqrQgaknd5fp3WD37N0qGlMtljHBEjH W6JufDkmb9Z+0vldkgzH1jr2c52p8wHmDJO/W84C2W5oPj3rd5p40QJ6hUydBpf8Ttf2eEqO mRLCVx8FZ/TwxhW3vp8T0KeMCAfIiaG+37B6UoDz0zYaEiKalbjDkMAPcS1wURI1F4EIxZ6+ umDxXfHQATaWpj7/hEPVH5Pr93hSt1M9TP+pv23IvTdH7QHZWvKv6z/Q0sJtBrtPu0pjmLlu +RB3bh9eI/7BwEqsow5DIir6rACei+hOV5EY/Ftw/4OFzvufDqzhDu8EGGqW8Z3P/eR21SJO 89vAcNuVhqFyyeFqA4AN5MMO7NZmP0I5sIIX7HWeV49rLqUqwR2vKLq9iTRgHEhR/Nsm50fL rz9Wi2jEGvKo1dpgE7I8dd5P1Snbek+ZAHT2P6/9MMLHckhtMBuaUQD7aumjU6KMQdI/wOmg y2bXvX4l9dd8IVLm5fgNo5hBA/ucNP6a7muwTCJ6t9LaYvCDNfKuwYrsWLYBgVxP4YKetFJh L+I4c/W3kTEge4MaFrnuaK9TotH2cbje9BsEJPTDGJbli68SsPT80M922SnG6dozvJZxOeaH jWdVuXhVOQoS+98xWJUYRdwCxwyKbr6RYa+qDKfr8ajMAk80wvGJ4n+rXTCMGVWWQkPH5jMG z7EheunyYFdnrRtGS0rOvBCKL17KW/FRqEJWYDQtz6ZL2/wmXKEmOLouiQB4AHxKEuvMZjF8 7OcYTambzW0mqXD7O8BgrxIphdNUUpM27ghTHwS6/tdqm6cDldfCc8/LJ9fKJVfshKq5aHCf DuXMVcTU3Tsbw9lLyf5zs/oBDqEJ+o0Pdz8GDwl0mWUZwqyB6KCGLFRzThh0VgnZgrcyPybF v9G9k3SJhSRxrRbddQX7NG/gsZlwar+7VAM8kbfjcfzIkg/BZMn6X9fJzdOBBf3S5z1qEb2J GYLHDEOBAnxTEPqCs9vdkJEABxT7nul0zwsajzJ29rF/ZmSyOpb0vDkJuXvyfs5Yd8XIKIVD 2bCL4dXD7t6BlRI0Ufxh+8UvA== IronPort-HdrOrdr: A9a23:RZ8ZcKpE7yzNIpJcSDx02wgaV5oveYIsimQD101hICG9Ffbo8f xG/c5rsiMc7Qx6ZJhOo7690cW7Lk80lqQFg7X5X43SODUO0VHARO1fBO3Zsl7d8kXFndK1vp 0AT0ERMr3N5AhB4PoTomGDYrMd/OU= X-Talos-CUID: 9a23:QIwa6G90eT2iqJG25PuVv1QfCpoaSVDF9nj7CF2jL0xKUIOHdnbFrQ== X-Talos-MUID: 9a23:WWakWQZVyTZtVOBTiGPJxxdhLsVR6aH1I0Ikv5pBvsydOnkl X-IronPort-Anti-Spam-Filtered: true X-IronPort-AV: E=Sophos;i="6.03,250,1694728800"; d="scan'208";a="188491576" Received: from 153-97-179-127.vm.c.fraunhofer.de (HELO smtp.exch.fraunhofer.de) ([153.97.179.127]) by mail-mtaDD25.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Oct 2023 11:43:00 +0200 Received: from XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) by XCH-HYBRID-03.ads.fraunhofer.de (10.225.9.57) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.27; Wed, 25 Oct 2023 11:43:00 +0200 Received: from DEU01-FR2-obe.outbound.protection.outlook.com (104.47.11.169) by XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.27 via Frontend Transport; Wed, 25 Oct 2023 11:43:00 +0200 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lg9iLr8G6916I7kCYC2wWi1OI7WjKUcRV58hV5n75Oqb/r1jTvy2iuDhDLw3ecGsLkLOrQZPtwwk8Xy0/fX63CdzIqLU9u9Kitq5GfXlWaFIG5GDFVlkGAVjfaRJL+qE5Z9ynVewD9ivePGj0z8nkk6QywaZHXKaxPzOWoKVlr2tZ0vzeDijY7gsnbkgVI59Awqjc4r3Zw/Cg83+gpovO2qEUoKh9FJnx1+pKnO/+D5g9S3zysmy41Cfo2m9PWDbHQcNCw120KRDaL1R/qJF01/snbfYiQ0IFeZl+4/1BPX9Gx+dAEWdPhWYecRa3TikiB6Ubql8LS0cfkVgNJLrXw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=9vf1ixH2qLJzlXFGb64g2kEhkedNPAsYtGmzXincPmU=; b=jgmKdhOiviBX5SQCIz5ycw/EosOE9ZSCk2vKRnIELHkz9F1JDo/HbnOGdELIdJ8fx5VzpJ1YRmvE1JtfqjQrEezgHDUP4GBEp2CopO+QFQdq3XCtEqcAQAPO/GUBnB+cu+G2FCFnJVJg1PwcKXtXhjHIqjU2PnPR+X5pEbflOgr48Kwtli/h26D+OwzcK031DACNkWrcdSgggV1R2yCE40XZZ14+6jq0/UhdlYFz5CSVUS4Tkhd5i66vk38dFYwsiIxiwc8rFfnn9HZer/AzXAT4arg2MomelnOrl/veMmuw292eU+50EdgTE6RdOMpg+rFk0KAeWgsO4/zlRWtZHw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=aisec.fraunhofer.de; dmarc=pass action=none header.from=aisec.fraunhofer.de; dkim=pass header.d=aisec.fraunhofer.de; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fraunhofer.onmicrosoft.com; s=selector2-fraunhofer-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9vf1ixH2qLJzlXFGb64g2kEhkedNPAsYtGmzXincPmU=; b=OO7+q2w+VMG4EU1IV24NfOzGQkL87lgmMvYJ+X6kpxnQP4yOMhlc5uKJe+ZMTsn08LTOSJqWcHr/lu3qYv3+s37zNyTrvsrHNUt5kaYVtoFhqXsomawPDZbC930JDiEolYemFRVfEW7S5CSrQvfAOhjFMCU/Hfqrltn8BzBXMOc= Received: from BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:50::14) by BE0P281MB0116.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:f::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6933.19; Wed, 25 Oct 2023 09:42:59 +0000 Received: from BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM ([fe80::7330:78f8:1bf2:2f4d]) by BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM ([fe80::7330:78f8:1bf2:2f4d%5]) with mapi id 15.20.6933.019; Wed, 25 Oct 2023 09:42:59 +0000 From: =?utf-8?q?Michael_Wei=C3=9F?= To: Alexander Mikhalitsyn , Christian Brauner , Alexei Starovoitov , Paul Moore CC: Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Quentin Monnet , Alexander Viro , Miklos Szeredi , Amir Goldstein , "Serge E. Hallyn" , , , , , =?utf-8?q?Michael_Wei=C3=9F?= Subject: [RESEND RFC PATCH v2 07/14] drm/amdkfd: Switch from devcgroup_check_permission to security hook Date: Wed, 25 Oct 2023 11:42:17 +0200 Message-Id: <20231025094224.72858-8-michael.weiss@aisec.fraunhofer.de> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20231025094224.72858-1-michael.weiss@aisec.fraunhofer.de> References: <20231025094224.72858-1-michael.weiss@aisec.fraunhofer.de> X-ClientProxiedBy: FR4P281CA0420.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:d0::17) To BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:50::14) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BEZP281MB2791:EE_|BE0P281MB0116:EE_ X-MS-Office365-Filtering-Correlation-Id: 1b2dd8f3-608b-4c5a-1e21-08dbd53ec65d X-LD-Processed: f930300c-c97d-4019-be03-add650a171c4,ExtAddr X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: O23ydpS7Q4O/fZ1BIHXAfRW8N1PmHcR4YLsIgpB+KYu5GTgpfH4NRP7H7NeuJ3gCHniy9YXaoIpzzqpht3yzcuLVSyOGNFCdwjnCQlecBMSC9f7m1oW64D/gXF9a26m7dOwEg1i54cvXBOHh4kdAJs5wN901ar7WIrEegfQwPSmg3RSx9sO8lea3ZAOdbX/FMBWV/CNKTtKVRaxwvskvQt0tSzZwF478vYhDOZGGjwHN952BbrjrfHFzy0SEIXdEDaujYGxs9l3i6FM91C2LCWVNFvxp7dBFY6jhQ9wT8gwSLIbZcn5cxXllJGrrWXnYvHmoX1MC4JzKr/TJuQZ5v0F6NxRnAFlWY1XErxZ924+liXO3EAPcZTxF4jAdgZkqRLFOAlX8C/M4ergvMKmchiTv+zMWOY8PXOEo8VdsRlZTTi35C0lMM96L1na1npFA2JWVM14WAJeawqAlNfz/EP62s0Ck4Wz8piLvvyyiJ1D8laTg5a1CwannsuzwfqyPKtwasVzBEHDVKbMEnM7fDQpD1EXBCap/K6NhELKW6G3Sys3yXq0POX2XeTr+B2N20wPTfUAQY9kdjPRjcbiRxDZhr55Nyor3n/kL7DznJgM= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230031)(366004)(346002)(136003)(396003)(376002)(39860400002)(230922051799003)(1800799009)(186009)(64100799003)(451199024)(66946007)(83380400001)(316002)(38100700002)(6486002)(478600001)(6666004)(54906003)(110136005)(66556008)(66476007)(1076003)(107886003)(52116002)(6506007)(2616005)(6512007)(15650500001)(7416002)(2906002)(86362001)(4326008)(8936002)(82960400001)(8676002)(41300700001)(5660300002);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?83vro7+cn+rndxjHdxHRmNLwmCsX?= =?utf-8?q?RkPRM+KvG88+8RIfsWv7TaQrrlQC4Khtr/aBuYvGOUbzapCRSTJ41UNCZ1As8pqkO?= =?utf-8?q?R5s46uDV10HuQ+SIix877Z7qBk/DfHg4hRRLnCM7gCgxCPkqJURW9qzH77Ff5pddP?= =?utf-8?q?vVL3VJly5nI52lTFF1gNpD9RoRHhqKxMoB43ZH4ZmkR13LGkG+Sw/1XrCnGOr143V?= =?utf-8?q?5D7pnrWevJc52Xv/KLXCY02VzpZcLadzHIH8n6k+IzSbSR28fTYPqkFLLGEsbjUoI?= =?utf-8?q?LOX3mV5lukFPyNrliGUGBMQPkpBx+lQ6Z0doCH6ZLR/wluctukePj+FjGgjehmOON?= =?utf-8?q?6iWQ0YmnKYSC4aVFcIjiMtXAm6EU4P7DPYTAAVYlgXSG6cwxl+xApP2+1rcGsUl74?= =?utf-8?q?cm07/IqRNpFeMBwa9Qi6tJNKl2mWDil/07xbPnBY7iwkiLwG/IFh9Ub7lu8ElPc0y?= =?utf-8?q?T9+48Q5i4UsCAcAwhiqhrEWt4efYgArdA1Ct6U2qpvSCTDJhlCmTOPQHB7JppwxgO?= =?utf-8?q?wDb4qAqrgoz7Uh3bmShaCow8kQ4kzOTW+B++lqDx/54o1sePguylV2wHivFU1HrMg?= =?utf-8?q?JlG18wvh0O+MiysbpVF7fbvxMOPIkpXkxnIRhM71ccsEAF3v2jjWLuoKh/4S2b4zV?= =?utf-8?q?gP04+QGgi7EsdvJkDuvDX5Zg7Y/MT/Ix0g+wyOi9ALGAIGg17K2Z+a+g15U3Rrk0E?= =?utf-8?q?UsZdU09KNe24wcGecYoJBWXlmkbceCsfELKzbfl6ICHIYJHsjubb255akEna8eoOk?= =?utf-8?q?t6UeboDnBpy8njmoiGl0MWLBktqZRpqjQwxFsOWAusHC/jSAoCdwMo8+VEyYKeV8o?= =?utf-8?q?LjPOygVNGESiveIemdbWNpTA3DBKON6CotLdG9IVeYMNqFV9qzGwQywuEpwxIaweL?= =?utf-8?q?oQcXnP1Ht+O81o2aXCznPg6uWKjwOhPZGcg5kV3aGukQY3ObwMzInOwJnrzUjHfJ+?= =?utf-8?q?UUF1BqnT3HEUp7txtRV9Uvf0WdxYPVRgRNAUFZoddCh+DXpeZP5XrariIiFzM4MhB?= =?utf-8?q?8j+SJ6etHPG76ljVXMA1fil9LwU1DSHLqPNDTC7OAK/ZfYJ0TkQGRg29K0RFyVWBn?= =?utf-8?q?JmvWqAjtpsE83FdErqfcfNpXMxnSr0dltYX2FKb2ASTKiUAkkYe8kntc/31Kukfee?= =?utf-8?q?BVGVlH4xGsgyw+6KxPkMaeN5Dkpf+zci2G92VBzJlNRjI9vQqb+Pza0HznynPT/fb?= =?utf-8?q?8vQc54eFwvexTn3Xps5CmEhm/qAmKCW8zYNJ+YwarrGaXq8w1lZHz5xuIRcA6k4vq?= =?utf-8?q?WxQy93oBBmHNO1pqPTlEv+tySdojc6BvOXzdXzPp1Upz1EPK8ZEkCPDkX53SgkL+W?= =?utf-8?q?BajcN4PxLzHf652ZLb27EJSjlgn03HnvkH0zNfaVZ7Fbex4EmBDBc4l9IcTkagvLx?= =?utf-8?q?sGE7oKkSYsgIiY/kJh4CsIHvD/cB+vQDqEYv7l3tfhapSIj3G084mC5zL7z1/4kO6?= =?utf-8?q?fhW/VlSN4PletoFm+NLdBnoAbUD2khMwa4qAnvaMFsW1xTwAOIQ6oMUNHVw4b2H9f?= =?utf-8?q?d7xu4aVwPeZ+gFKlmfAF4l4NIkDuZ0+2xend01IQ8ckUUEh4RX7gR8fHtnzjsN6NK?= =?utf-8?q?0mFoa0mcE2BLnF4eBX4mv9OYcr4+OFjYK3pqKsPC5UsuxlZdnTcQlI=3D?= X-MS-Exchange-CrossTenant-Network-Message-Id: 1b2dd8f3-608b-4c5a-1e21-08dbd53ec65d X-MS-Exchange-CrossTenant-AuthSource: BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Oct 2023 09:42:59.7039 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f930300c-c97d-4019-be03-add650a171c4 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: BhSYmiedWO3oUym7gS3eVavdGcHH09CWT+7c0prcN8iiPWCBz8kMf/eF17UFrRF7pCRGwbXw5Fiu2V5HpO8hXH6H5VQdpll8ps7A+M1FerIWv0J4BEC9tPf4bjJVpoRP X-MS-Exchange-Transport-CrossTenantHeadersStamped: BE0P281MB0116 X-OriginatorOrg: aisec.fraunhofer.de X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Wed, 25 Oct 2023 02:44:57 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1780720179462872315 X-GMAIL-MSGID: 1780720179462872315 The new lsm-based cgroup device access control provides an equivalent hook to check device permission. Thus, switch to the more generic security hook security_dev_permission() instead of directly calling devcgroup_check_permission(). Signed-off-by: Michael Weiß --- drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_priv.h b/drivers/gpu/drm/amd/amdkfd/kfd_priv.h index fa24e1852493..50979f332e38 100644 --- a/drivers/gpu/drm/amd/amdkfd/kfd_priv.h +++ b/drivers/gpu/drm/amd/amdkfd/kfd_priv.h @@ -38,7 +38,7 @@ #include #include #include -#include +#include #include #include #include @@ -1487,9 +1487,8 @@ static inline int kfd_devcgroup_check_permission(struct kfd_node *kfd) #if defined(CONFIG_CGROUP_DEVICE) || defined(CONFIG_CGROUP_BPF) struct drm_device *ddev = adev_to_drm(kfd->adev); - return devcgroup_check_permission(DEVCG_DEV_CHAR, DRM_MAJOR, - ddev->render->index, - DEVCG_ACC_WRITE | DEVCG_ACC_READ); + return security_dev_permission(S_IFCHR, MKDEV(DRM_MAJOR, ddev->render->index), + MAY_WRITE | MAY_READ); #else return 0; #endif From patchwork Wed Oct 25 09:42:18 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Michael_Wei=C3=9F?= X-Patchwork-Id: 157975 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce89:0:b0:403:3b70:6f57 with SMTP id p9csp2479368vqx; Wed, 25 Oct 2023 02:45:01 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFrQcp5Qs8dmyOPpfQtQlvJfnxxFocyqOdJRPePlShfDfBtqKYmjGjnKG2mJupNN1Nu4J5v X-Received: by 2002:a05:620a:280b:b0:76d:bda0:e48e with SMTP id f11-20020a05620a280b00b0076dbda0e48emr16917369qkp.46.1698227101665; Wed, 25 Oct 2023 02:45:01 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1698227101; cv=pass; d=google.com; s=arc-20160816; b=u/clx9Zj8I8+bM+zn8A3rulAsS3VSHRozl75e1rAlZ9KW+y5KaD/TqS89sh/6E30Vm Sq9Cra7o0MelefHKukBkkNaeerYiWw5c+GAhWSTtmBTBf9dpHp+d80chGBToCxWqC3UL XrfcYtGyHw4UCR27aZ1tUfw3AY7VAOCPTEl4DsltqhCrY0m7+DfhE+SAxF7+J6CExeTl KdFR7hNKzzH7YJI7b50qAJQgrTTXaFGbijX7zyQBdNLj4CsTIoMAfiEsPEO5B+BVjvAo SONZ7d44VUy4mfOXlzFfzaLpojpwIU/2EdF8lrOkHwFEeovz5CDb6lYnRINup7bR989k vOGQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:content-transfer-encoding :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature:ironport-hdrordr:ironport-data:ironport-phdr :ironport-sdr:ironport-phdr:dkim-signature; bh=Zwg/Y0GePJgGtxfcuoj4iZKlnQIH9Xb1Bi5dMRcfvw4=; fh=U9u/esc0XBb8N/pVu7kudxJPwEQ0AyrThcmR2LpYyxQ=; b=R5IMsSU6JRuXATJ6B2K3DNqgrs1hlZyCEevmywCrlSybo8qEUuisUJov+2elNPkq73 EAKhkXfvs//umz2Rc6ROalRAMIifcxfXugdh2GRNP0QvhE1qGojODsyFe6hlyQ82T21u okhXAJ/oxIs2eWxyQmQSV7h4g/D4EEEgUzVitR6zKObygkBHVD9ccDvwnYtdbnwWtUJs nJS5upS84e9Y6x6qvJv535F0ATvX1bsmFWkV+amX43dBHMsIsDnq3iSyazplX6IP7rdD gK8tKaiRaeDIYVp8sexjBdB22i6a4pQA6B6NR6+aFc9Z7mRzqYTdRENcu+Cz+PSoZ8C3 1twA== ARC-Authentication-Results: i=2; mx.google.com; dkim=fail header.i=@aisec.fraunhofer.de header.s=emailbd1 header.b=hgqRT+mw; dkim=pass header.i=@fraunhofer.onmicrosoft.com header.s=selector2-fraunhofer-onmicrosoft-com header.b=jefJQZW6; arc=pass (i=1 spf=pass spfdomain=aisec.fraunhofer.de dkim=pass dkdomain=aisec.fraunhofer.de dmarc=pass fromdomain=aisec.fraunhofer.de); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from fry.vger.email (fry.vger.email. [2620:137:e000::3:8]) by mx.google.com with ESMTPS id w62-20020a25c741000000b00d9adea86ff6si9648962ybe.97.2023.10.25.02.45.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Oct 2023 02:45:01 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) client-ip=2620:137:e000::3:8; Authentication-Results: mx.google.com; dkim=fail header.i=@aisec.fraunhofer.de header.s=emailbd1 header.b=hgqRT+mw; dkim=pass header.i=@fraunhofer.onmicrosoft.com header.s=selector2-fraunhofer-onmicrosoft-com header.b=jefJQZW6; arc=pass (i=1 spf=pass spfdomain=aisec.fraunhofer.de dkim=pass dkdomain=aisec.fraunhofer.de dmarc=pass fromdomain=aisec.fraunhofer.de); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by fry.vger.email (Postfix) with ESMTP id EF0C880FC1AD; Wed, 25 Oct 2023 02:44:57 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at fry.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234694AbjJYJop (ORCPT + 26 others); Wed, 25 Oct 2023 05:44:45 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39118 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234676AbjJYJoO (ORCPT ); Wed, 25 Oct 2023 05:44:14 -0400 Received: from mail-edgeka27.fraunhofer.de (mail-edgeka27.fraunhofer.de [IPv6:2a03:db80:4420:b000::25:27]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C61EC9D; Wed, 25 Oct 2023 02:44:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=aisec.fraunhofer.de; i=@aisec.fraunhofer.de; q=dns/txt; s=emailbd1; t=1698227052; x=1729763052; h=from:to:cc:subject:date:message-id:in-reply-to: references:content-transfer-encoding:mime-version; bh=oxWDGcnVMwXFlfg3W7IKT59Jzi+dyHx6V1yuIAZISXo=; b=hgqRT+mwQhxyaA+qw67e5IGLuRJAtdBXd5i4aItZYcgHCd+2g2gPu3e5 Z6rNtYA+5jxP39y9WoJ50S4cAXPOSNrAWt7PQAA5skoDGr9q2Ihe3eq2a kViIccFitbxFzStCZnByI2fB4c+uGmllltzO7t8obFM34inAC8OptSb4l 1B+9nKwyAheCGfoKzMzxTHYjZ5bLElkFLJj8zEZTS5vhqYw7vcfo6TBrA dsEPdimLjZjZdx5MQtYmv4XHLbI9MRS1AzxDFcapIAINbztx87yPZzpCY I3BGoJv0u/s2sljlQR+X/BuSDNBScjN06CldltTAGoyOsGEc/rprnBbM/ w==; X-CSE-ConnectionGUID: WZHM/xG6QeWg+jJ8GvC5uw== X-CSE-MsgGUID: eDYbp71HQcCRAwDxhgYgxA== Authentication-Results: mail-edgeka27.fraunhofer.de; dkim=pass (signature verified) header.i=@fraunhofer.onmicrosoft.com X-IPAS-Result: A2E2AABB4jhl/xoBYJlaHQEBAQEJARIBBQUBQIE7CAELAYI4gleEU4gdpWsqgSwUgREDVg8BAQEBAQEBAQEHAQFEBAEBAwSEdQoChxonNAkOAQIBAwEBAQEDAgMBAQEBAQEBAgEBBgEBAQEBAQYGAoEZhS85DYQAgR4BAQEBAQEBAQEBAQEdAjVUAgEDIw8BDQEBNwEPJQImAgIyJQYBDQWCfoIrAzGyGIEygQGCCQEBBrAfGIEggR4JCQGBEC4Bg1uELgGENIEdhDWCT4FKgQaBPm+EKS+DRoJog3WFPAcygiKDLymLfoEBR1oWGwMHA1kqECsHBC0iBgkWLSUGUQQXFiQJExI+BIFngVEKgQM/Dw4RgkIiAgc2NhlLglsJFQw1BDUUdhAqBBQXgRFuBRoVHjcREhcNAwh2HQIRIzwDBQMENAoVDQshBVcDRAZKCwMCGgUDAwSBNgUNHgIQLScDAxlNAhAUAzsDAwYDCzEDMFdHDFkDbB8aHAk8DwwfAhseDTIDCQMHBSwdQAMLGA1IESw1Bg4bRAFzB51Ngm2BD4JXHpYQAa55B4IxgV6hCRozlyuSTy6YDiCiPoVKAgQCBAUCDgiBY4IWMz5PgmdSGQ+OIDiDQI97dAI5AgcBCgEBAwmCOYkSAQE IronPort-PHdr: A9a23:uecSFBdbpU/jXvmQ7rrk1DJFlGM+49/LVj580XJao6wbK/fr9sH4J 0Wa/vVk1gKXDs3QvuhJj+PGvqynQ2EE6IaMvCNnEtRAAhEfgNgQnwsuDdTDDkv+LfXwaDc9E tgEX1hgrDmgZFNYHMv1e1rI+Di89zcPHBX4OwdvY+PzH4/ZlcOs0O6uvpbUZlYt5nK9NJ1oK xDkgQzNu5stnIFgJ60tmD7EuWBBdOkT5E86DlWVgxv6+oKM7YZuoQFxnt9kycNaSqT9efYIC JljSRk2OGA84sLm8CLOSweC/FIweWUbmRkbZmqN5hGvbIj+9RqimedF+ia1Id34Rq0zW2ij3 YRvTibJqHY3PWcT8Tzbr/Z7grxE/Efywn43ydvWbY+3DchBILjAcvczQltcePRdRQUcA7GdV ocENvceEssI98re+mot9EPmD1WLHOi+6WJkg27kz/0K2OV6DSXsgTYhO/YXsUj0tN/VbIcUV +uelqTK4BaAbtJHwRDS0tXJakgNsdzdYptUKteM11kRSh+dkHOVmJLXbjOZ+fYdmW+lvro4b P6UonMekjNjiAqo6egW27PMuZgx51TvrCFV3IosfP+JUGcqYsXxQ9NA8iCAMI1uRdk+Bntlo zs+1ugesIWgL0Diqbwizh/bLvGLfIWL60i8EuiLKCp+hHVrdaj5ixvhuUSjy+ipTsCvyx4Kt StKlNDQq2oAnwLe8MmJS/Zxvw+h1D+D2hqV67RsL1o9iKzbLJAs2Pg3kJ8Sul7EBSj4hAP9i 6r+Sw== X-Talos-CUID: 9a23:bJKUxGt+N9rr676lHSnkJBbq6IsaQF34i2f/fXa1NmkqSp/FZkG7pb57xp8= X-Talos-MUID: 9a23:n06HvwRO/ILW5gDsRXThqABoLJgxw52lI3okjrkWu8a1OjxZbmI= X-IronPort-Anti-Spam-Filtered: true X-IronPort-AV: E=Sophos;i="6.03,250,1694728800"; d="scan'208";a="1597276" Received: from mail-mtaka26.fraunhofer.de ([153.96.1.26]) by mail-edgeka27.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Oct 2023 11:43:08 +0200 IronPort-SDR: 6538e32b_8LqzoNYC0Pmo74MEZcaqQl9pyx4ENdrFiwt7t/1q/dtkCxh jl8UKPABgPl54arDzuUoGNz11WXyKfz5eZG+y3g== X-IPAS-Result: A0BZAABB4jhl/3+zYZlaHQEBAQEJARIBBQUBQAkcgRYIAQsBgWZSB4FLgQWEUoNNAQGETl+GQYJcAZwYgSwUgREDVg8BAwEBAQEBBwEBRAQBAYR8CgKHFwInNAkOAQIBAQIBAQEBAwIDAQEBAQEBAwEBBQEBAQIBAQYEgQoThWgNhk0CAQMSEQ8BDQEBFCMBDyUCJgICMgceBgENBSKCXIIrAzECAQGlLwGBQAKLIoEygQGCCQEBBgQEsBcYgSCBHgkJAYEQLgGDW4QuAYQ0gR2ENYJPgUqBBoE+b4Qpg3WCaIN1hTwHMoIigy8pi36BAUdaFhsDBwNZKhArBwQtIgYJFi0lBlEEFxYkCRMSPgSBZ4FRCoEDPw8OEYJCIgIHNjYZS4JbCRUMNQQ1FHYQKgQUF4ERbgUaFR43ERIXDQMIdh0CESM8AwUDBDQKFQ0LIQVXA0QGSgsDAhoFAwMEgTYFDR4CEC0nAwMZTQIQFAM7AwMGAwsxAzBXRwxZA2wfFgQcCTwPDB8CGx4NMgMJAwcFLB1AAwsYDUgRLDUGDhtEAXMHnU2CbYEPglcelhABrnkHgjGBXqEJGjOXK5JPLpgOIKI+hUoCBAIEBQIOAQEGgWM8gVkzPk+CZ08DGQ+OIDiDQI97QTMCOQIHAQoBAQMJgjmJEQEB IronPort-PHdr: A9a23:X5LsFxNxlPUN3uk3KMEl6nZKDBdPi9zP1nM99M9+2PpHJ7649tH5P EWFuKs+xFScR4jf4uJJh63MvqTpSWEMsvPj+HxXfoZFShkFjssbhUonBsuEAlf8N/nkc2oxG 8ERHEQw5Hy/PENJH9ykIlPIq2C07TkcFw+6MgxwJ+/vHZXVgdjy3Oe3qPixKwUdqiC6ZOFeJ Qm7/z7MvMsbipcwD6sq0RLGrz5pV7Z9wmV0KFSP2irt/sri2b9G3mFutug69slGA5W/Wp99Y KxTDD0gPG1w38DtuRTZZCek5nYXUTZz8FJCA1338x69b8/evxPYucVhyCeRIMr0EbEGejCk1 oZLGS/i0Q0GajIcymrZlNMs2fE+wlqr8h5yzaztUr7LL+dxWoraTM48d2ZTd5tQZQ14DoiFc pQgIrpZfsUFnqqk/wME8TymDliPWc/q2y1a1k/93PYm9858KwDi+BUhI/IWulSMjNPzP4xIX OKY7+rJ7CTbSNxshDblsKTYX0EeiNXXQO9uYfSM1RExMQb0kGfBqYDKLSO/0dpc4zCi89FJS NuWuXwNmQZejQL+/MITkK3kgqlMznzY+Twg4rctDIy7UxsoKc7hEYFXsTmdLZczWM45XmV07 T4z0aZV0XbaVC0DyZBiwgLWSNXdLc6G+Bv+UuaWLzpiwn5oK/qzhBe3pFCp0fa0FtK131BDs jdfn5HSu2oM2R3e5onPSvZ08kq7nzfa/w7J4/xCIUc6mLCdLJgkw7UqkYEUv1iFFSjz8Hg= IronPort-Data: A9a23:oHqU6qxWgngo1oaj/yV6t+eywirEfRIJ4+MujC+fZmUNrF6WrkVSz 2FOXW2APqmCZGH0Ko91O9u19kkP6sfRytEyTgFk/1hgHilAwSbn6Xt1DatQ0we6dJCroJdPt p1GAjX4BJloCCWa/H9BC5C5xVFkz6aEW7HgP+DNPyF1VGdMRTwo4f5Zs7dRbrVA357hWGthh fuo+5eEYQf/hmYtWo4pw/vrRC1H7KyaVAww4wRWicBj5Df2i3QTBZQDEqC9R1OQrl58R7PSq 07rldlVz0uBl/sfIorNfoXTLiXmdoXv0T2m0RK6bUQCbi9q/UTe2o5jXBYVhNw+Zz+hx7idw /0V3XC8pJtA0qDkwIwgvxdk/y5WBfdE6pqYAV2DjtGJ0Uqca0ToydhVExRjVWEY0r4f7WBm7 vkEMHYAfhuDweysya+9Su5ii95lIMSD0IE34yw7i2CGS695ENaaGfqiCdxwhF/cguhLHP3eb scdLyVibQ/bSxROIVocTpwklfquhn7xficepF/9Sa8fvTiPnFIqiOiF3Nz9df7NfOR6xRait 2+auGX1PCsQPuHH8G/Qmp6rrqqV9c/hY6obELCo//hmjUe7w20TARkXXkq95/K+jyaWUchWN koZ4AItoLI0+UjtScPyNzWxu2KsvRMGXddUVeog52ml0qPJ5y6BD3UACztGb8Yr8sQxQFQC2 laPnt7tLT1ov7CcU3ia5vGSoC/aESETIXUDZAcHQBED7t2lp5s85jrKR8x/EajzitToMTXxx S2a6iQzmd07lskN2I248ErBjjbqoYLGJiYk5h7/UGjj5QR8DKanYIyur1bS9upJJoufQnGOu XEFn46V6+VmJZKVjy2LT+UlH7yz4fuBdjrGjjZHBJUv3zuq/HGncMZb5zQWDEdgNcIZfhfmZ 0jcvQ4X75hWVFOoaqtsaqqyBt4swKymEs7qPtjNc9dIfpl3XA6c+z9nYUOWwybml01Eub8+I 5CzY8uqDGhcDaVh0SrwQP0Sl6Iorgg7xGDXQovT1Aaqy7eSZTiVVN8tOV6PdL9i7aesrwDc8 tIZPMyPoz1EXffxbwHX+IoXPFZMJn8+bbj8s8J/aOGOOExlFXsnBvuXxqkuE6RhnqJIhqLL8 2u7V0tw1lXynzvEJB+MZ3Qlb6ngNb57rHQmLWkiJlqlxXUnSZig4b1ZdJYte7Qjsut5wpZJo +ItIpjbR6UQD22YqnFEN8a7sokkf1KlnwuTOSqibjUlOZJtL+DUxuLZksLU3HBmJgK5r8Ijp b2n2A7BB50FQgVpFsHNb/yziVi2uBAgdChaBiMk+/ECKRm+w5sgMCHrkP48LucFLBiJlHPQ1 B+bDV1c7aPBqpM8uouBz62VjZabI80nFGpjHk7f8emXMwve9TGd2oNuaruDUg3cc2LWw5+cQ 9tp4cvyC9A5uWpbkpFdFu9rxJ0u5tG0qL59yB9lLUrxbF+qK+1BJF+a0elmq599xr1QklazU Ueho9NfOau7Pf30NFsrICskceWx+vUGkRbC7fkOARvb5Q0m2JGlQEltLx23pygFF4RMMaQh2 vYHhM4azyedmygaGI+KoQ4M/lvdM0Fadbsss68rJbPCiy0p+wlkWoPdACqn26O/QYxAHWdyK wDFmZeYoapXw3fDVH8BFXLt++55rrZWsTBoyG4yHXi4quDntNQWgiIIqS8WSz5LxCppy+hwY 2hnF3NkLJW0ogtHupJxYHCOKSpgWjui5U3D+3kYnjb4Tm6pdFD3Ak8TBOKvxH0dokVgJmV13 bfA02v0cyfYTOeo1AsIZENVgfjCT9twyw78pP6aD/m1R5kXXD60rZKtNEwpqgTmC/wfnEfoh /dn18cuZLzZNRw/mbwaCY6b5IsUWiK7AXFwR9Nh8JxUGmuGSjW52GWNGXuQYeJIHeTBqmWjO vxtJ+VOdhWw7zmPpTYlHpwxI6d4sfoqxdgacJbpGDI2iKSepT9Xr57gzCjyq2s1SdFIk8xmC IfuWx+dM26X3114pnTsqZRaB2+GftU0Xg3w8+Sr+uEvFZhYkuVNc1k344SkrUeuLwpr0BKFj jztP5aM4bRZ9r1tuI/wHoFoJQa+c4rzXdvV1jGDiY1FaNeXPPresw8QlELcAD1XGrksQPVyq 6WGtY/m/UHCvYtuaVvjpbu6K/Br6/mxDc1tCeCmCFlBnCCHZt3g3AtbxUC8Nq5ysY184uuJe lKGTfWeJPApX+VT/nl3UxRlMg08Dv33Z5jwpCnmoPWrDAMc4DP9L9im1CHIaE9DfXU2Obn7O B7Fi8iz7/8JqbZ8JQI2KMxnJ7RaI1bTf7QsWPOslDufD0iu2kijvJm7nzUeyDj7MFu2O+ek3 oDkHz/QLA+TvoPMx/Fn671ChAUdVitBsLNhb3Aj9M5ToBHkKmw/dMA2E4gMU7NQmQzMjKDIX inHNjYeOH+sTAZ/UEvO5fr4VV2iHc0IANDyIwIp826yayubAIChAqNrxhx/4kVZKyfS8+W6F e4wonHAHAC94pVMd9Yh4vaWheRGxPSD4lkq/Uv7sdL5AjdAILEs+UFiIjFwVn38I5mQrHnIG Gk7ezkVCgXzA0v8Ct1pdHNpCQkU9mGnhSkhaSCUhs3TocOHxelH0+fyIPz3zqZFVskROboSX jnicgNhOYxNNqA74sPFY+4UvJI= IronPort-HdrOrdr: A9a23:VpQ6yqvSp2SKoYIyXEu1mfc17skCf4Mji2hC6mlwRA09TyXGra +TdaUguSMc1gx9ZJhBo7G90KnpewK5yXcT2/hsAV7CZniahILMFu9fBOTZslvd8kHFh4xgPO JbAtND4b7LfClHZLjBkXCF+r8bqbHtmsDY5ts2jU0dNz2CA5sQkTuRYTzrdXGeKjM2YKbQQ/ Gnl7V6T1nJQwVUUizlbUN1G9QqwrXw5dHbiFM9dmgaAE7kt0Lc1JfKVzyjmjsOWTJGxrkvtU LflRbi26mlu/anjjfBym769f1t6ZDc4+oGIPbJptkeKz3qhArtTp9mQae+sDc8p/zqwEo2ke PLvwwrM61Imjvsl1mO0FbQMjTboXoTAyeI8y7WvZKjm72xeNsCMbsKuWoDGSGppXbI8usMkZ 6j5Fjpxaa/PSmw7BgV2OK4JC2C7nDE2UbKsdRj+0C3ArFuH4O5B7ZvvDITLH5HJlO+1Lwa X-Talos-CUID: 9a23:rYO3PGpwZiokpX4hEZS3p3zmUfh/cG/4k1f1H3ClE3huEqWqTVW9w7wxxg== X-Talos-MUID: 9a23:s8+vRw2mSwWOLRugLEVTEq/7jjUj7IbpMWEiysU8qsTYci18BQ2Xhgnve9py X-IronPort-Anti-Spam-Filtered: true X-IronPort-AV: E=Sophos;i="6.03,250,1694728800"; d="scan'208";a="68486308" Received: from 153-97-179-127.vm.c.fraunhofer.de (HELO smtp.exch.fraunhofer.de) ([153.97.179.127]) by mail-mtaKA26.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Oct 2023 11:43:07 +0200 Received: from XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) by XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.27; Wed, 25 Oct 2023 11:43:06 +0200 Received: from DEU01-BE0-obe.outbound.protection.outlook.com (104.47.7.168) by XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.27 via Frontend Transport; Wed, 25 Oct 2023 11:43:06 +0200 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gxc6IZKHi3PG8yYtV04uOu/dGg+DwwKj0OmO61lMow8WiaeGU+MyuFrcWelcpn1u7wp8S4vHCNe/DH51cIO71d61jk6lpv6/v/LHm5DnqNCrNl4VwJu3wdT/9SgEzYq+RbQrNZYkXclSR9VDxiAB5SUAmvu1XoYrlIcGB9zT0JPfusVUZ5IsAUSQs8K9+vns3l1XDw/mqo+12/Es6y7U9a9vD9hzoHlyNzMD65H1EY5UJn4QZsEKc0TrSkqhI0AhmSqfEKBZkrKVOd3TrR65MW6/oO54HiOu6e3z/q4byePQsxsMzEKUgivdU4EsI/k8pjrk8VEcvcPd+XJep5w0Zg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Zwg/Y0GePJgGtxfcuoj4iZKlnQIH9Xb1Bi5dMRcfvw4=; b=Oelfl45kD/cELO3Si57nGwi3mO3SMqqz48rK3vuBz5U66dqoJmQBwK8rBJAQAj1GayvULbfRthnT+vCIm6EUZ/XxgoPWd5S0YB13l1sGv+wqvrYUYJirYgMHGdV4YhHjeW6VjtkFYanT9w8AoLfLRV/Ttj/sqL1jnk9Sy/TuXIBQ5x6ULUYTMDCJCasyMLF+QwnpbT+duAlZQ2rs6je38v9dabaSuO81UEdEbT9uESoQdiC+kAmvzEUUsXPg92Gc/5nKBIOe9xEnKKTvLvMaNOTWCUDmrH+abPvF6UKuGgVO4sl4jo6l9TeR2XU6wYoG6pPNaTE6wD2rSCkp6VSHuw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=aisec.fraunhofer.de; dmarc=pass action=none header.from=aisec.fraunhofer.de; dkim=pass header.d=aisec.fraunhofer.de; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fraunhofer.onmicrosoft.com; s=selector2-fraunhofer-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Zwg/Y0GePJgGtxfcuoj4iZKlnQIH9Xb1Bi5dMRcfvw4=; b=jefJQZW6sugLAoYuNZdzA5iZIQdcQuwGE80+K5YK100b4Opc9K5Dmyzz8Xci3tLB5RiLLqiTHpbH0HnncC2ejEK+iIypOGR5ip0DxE9WAL3u5vxV5t0vNmYvZ9hdGzxBoV980QtSAuQQZzBZoGGR9RmWrLElC1lDtdq1JYpA9ks= Received: from BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:50::14) by BE0P281MB0116.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:f::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6933.19; Wed, 25 Oct 2023 09:43:00 +0000 Received: from BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM ([fe80::7330:78f8:1bf2:2f4d]) by BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM ([fe80::7330:78f8:1bf2:2f4d%5]) with mapi id 15.20.6933.019; Wed, 25 Oct 2023 09:43:00 +0000 From: =?utf-8?q?Michael_Wei=C3=9F?= To: Alexander Mikhalitsyn , Christian Brauner , Alexei Starovoitov , Paul Moore CC: Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Quentin Monnet , Alexander Viro , Miklos Szeredi , Amir Goldstein , "Serge E. Hallyn" , , , , , =?utf-8?q?Michael_Wei=C3=9F?= Subject: [RESEND RFC PATCH v2 08/14] device_cgroup: Hide devcgroup functionality completely in lsm Date: Wed, 25 Oct 2023 11:42:18 +0200 Message-Id: <20231025094224.72858-9-michael.weiss@aisec.fraunhofer.de> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20231025094224.72858-1-michael.weiss@aisec.fraunhofer.de> References: <20231025094224.72858-1-michael.weiss@aisec.fraunhofer.de> X-ClientProxiedBy: FR4P281CA0420.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:d0::17) To BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:50::14) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BEZP281MB2791:EE_|BE0P281MB0116:EE_ X-MS-Office365-Filtering-Correlation-Id: 8d886489-78f6-4591-3f95-08dbd53ec6ff X-LD-Processed: f930300c-c97d-4019-be03-add650a171c4,ExtAddr X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: ndlma0MVWI/LgjB6ouDGoxg0X6efYczAJ5OJ1x0o+Nzzy+q/LU0T7beIb23bdlLfpn3hSUfdrqzDpb89bwMNawkFfHBkakfsOqx5Q3ugBg2YbNFVCJm6MmVBSffGsyyMlj1UXv7aZlD9sMyfzpXRX06qoI9aBhwJThD8yPRXKspUYGrlSUkJ1WPIKVSIsalqSz/+IhByDSonZYyEii8o1krSrN1lS6/hwrdk1X2b4gH1/7Jng7Y+w/BjeXDB0NOD/QmQeJaf5BVGF+PwlDBswn+7FP+ea6uTn2B+SKW4gUeBWTg6+q3gTB2WysYqMvAwK6wpUa3k7mr2pAKTpRFbCN4KooYn0d2+yEefmn2vInjJbVLYaoiPXfPY2df+aEL7h/LU1PXD4uyfdWHQGNLfCk7x3HOJLv3HCAhaseVbf9GGNbxpoJ1L3LHDf4VYA5fKy9hw01HMwubfxsJeair9vDli0kXRvaBVxxrv+tx/4AMLRv2HeMo14Qf9vP6L4bVBX+rE6IH72rJ7Cbklq85OpCwUGrMlOVIxCBpYsTo0emgSQUGj9IjvcWATpmNG9NGyf/Ko2oC13apcHcUSdDRSK6KPFrApQprHkV8z+iN87s0= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230031)(366004)(346002)(136003)(396003)(376002)(39860400002)(230922051799003)(1800799009)(186009)(64100799003)(451199024)(66946007)(83380400001)(316002)(38100700002)(6486002)(478600001)(6666004)(54906003)(110136005)(66556008)(66476007)(1076003)(107886003)(52116002)(6506007)(2616005)(6512007)(7416002)(2906002)(86362001)(4326008)(8936002)(82960400001)(8676002)(41300700001)(5660300002);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?u27QFYJvEXBcIKlwmuoTG4cF+KHv?= =?utf-8?q?XslKVvKHgo+n3n1sUcGBawbDEoqZWn9QP4JOcsie/sTKdRi98Bilipv9badK9NwlA?= =?utf-8?q?sE8VlbLb5JT09EpZ+wuSzIOrfqUwlBhjTdVBZFm050NGc+2AxiykUfcpHI9Uhwgx7?= =?utf-8?q?whgDI5GYmWA4x9/8TvrApWo3pkGsHLs1G2ebVKRhr2ZCF9hcLncGQeKJ96n4ekRff?= =?utf-8?q?pJEgyIhPiQ6rEMDBwYy/CbSM7B5Y2c6fFQ9O988um7sXlcHQ4YEB0TPi3tK3Mga6x?= =?utf-8?q?bDk3VPhXjtDMBsYXjgjOxzGpmXplzCPZbUKPRRrOUKO0i01LQAuaZKz6Fzejzc6Wq?= =?utf-8?q?DhejAYODgeq2Rl9DETwgS4kY2x8FvUCcsUv33tHx5HpWJIQpm0xYpgQg2G5TrS9LD?= =?utf-8?q?hyBVlbWdWX0g5IxuEwCwiUB568jqGc2c+VHl5Fj0KLbcg/A4iuKc/Q2PG7jlZL/z0?= =?utf-8?q?SJBSTiyJI5PLaa0k1nzG0E3M4EIZpmT2400I6Rppn8RT0QboT7P+yCN/+UBcU/JBs?= =?utf-8?q?excq7BwpcSgzfcSqPrW9+DFVz5aFpLljDUdlAympSxl5362It1rWd4NJ4jhgqrAIl?= =?utf-8?q?uKD937nTlviJ3xo8WT2jk2APZ7u6X58DJkSr2jcX1T+VE11GG/1daWv1n6FoHcHSp?= =?utf-8?q?AV46GfAPSvn5mHnbwa+SrD29HhlIZd/BixI/hoszgu2f6Xu7mmNpqtK9aX3a1zyl+?= =?utf-8?q?DD/Wkp1Tu31nTsKyCb3SEw+B8onKFqhX21Ar9573sVU3WaipPVYkQay0rcAGCdbXk?= =?utf-8?q?S3MUGL2dj3Bj//Q52LSWxEbTmFqXTB8JWVLMS+1oBtERbWicFlJb1yTletnOzryUt?= =?utf-8?q?TAYaAC1+EbcaBeopoC8lSVS1KxGJdhhQTybT04E+Y6esYkUTuFXpD/LXLp0Af9pRq?= =?utf-8?q?tQk4TKQmW37qQZvVrwgE8my+icJKRWRAiT5JPw78dYhjmy9j+H3yQVx7dytustBju?= =?utf-8?q?5Ee4zE/eEo+0lKPNR2uXK93vLCkU3HPNDsyK8e80HEZZhOvBOacc2NBMCNzeFihgT?= =?utf-8?q?czyf/uX7YSrWyOiKrdxGrUI0Gc5sf1cbxTREzVDtgaOB/AoCDwwtzfWd/oXTY2kT5?= =?utf-8?q?+Lt5W7r51tQqwATCW0by1xKIP6Y5LvDv+tVWbbAtG//p+X1Db1Ckw4ktF10km67Lr?= =?utf-8?q?st/pEJdx7iRtrzMzOJYAaLpQsmz47QsMuT2n2RnCdJiuOigADYWHHasNlplYXDIeo?= =?utf-8?q?5M/2/ie8F+XGS5hQ8F0h/fZrAbxd8vjvnNLmthuxIlhTrnohNS9EnpXwb2iBRWkdz?= =?utf-8?q?JHLOErZPSGQWAh5P3rGIu61/ddYgeC2N8PSw4ZNh4DRFORNkKu3DwZ0eNJ9xDqv7K?= =?utf-8?q?IAKyJXDPiz87R7hpMb5KnaZq+wk5tc+E4PFvzWqioYyuIU4doM6q3slE3rUrqJtut?= =?utf-8?q?o0RETSBDcE9R7I7YippWZ/cD+qKOIHSjUvL+Bw5vp38WCn5c0tzo2m7mMxJ4ET2va?= =?utf-8?q?yX0jIzvnfvNrCOIcGQ+caJ/a2QPNSPnTzVb0yxGPsl3BCIbBK87WsFZNTS7AAdZ4F?= =?utf-8?q?02HKuEX6Ot9Iw1d0d5Qn/1k3rlvhoob/18ekXFPVD60Eq5lww9bbCdvdy9pJedBnz?= =?utf-8?q?g2OkW9TmxSKQUN5NW+0rmcaLvp42z9G4w4jzFmq5WaZxybCgQHdFlQ=3D?= X-MS-Exchange-CrossTenant-Network-Message-Id: 8d886489-78f6-4591-3f95-08dbd53ec6ff X-MS-Exchange-CrossTenant-AuthSource: BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Oct 2023 09:43:00.7572 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f930300c-c97d-4019-be03-add650a171c4 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: of5JJ0/Dbvv/Mv5uDI+VRSliwBdlVUTne3G70JgQhm1qEM/3iGp/hpiGLjHq9pGRqPe8beFEOiHch394T5MJDVJpBsTksKXQ0VciK42KIonwLUBXJXn9roOLvwl+DxOQ X-MS-Exchange-Transport-CrossTenantHeadersStamped: BE0P281MB0116 X-OriginatorOrg: aisec.fraunhofer.de X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on fry.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (fry.vger.email [0.0.0.0]); Wed, 25 Oct 2023 02:44:58 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1780720181217926447 X-GMAIL-MSGID: 1780720181217926447 Now since all users of devcgroup_check_permission() have been removed, all device cgroup related functionality is covered by security hooks. Thus, move the public device_cgroup.h header into the subfolder of the lsm module. Signed-off-by: Michael Weiß --- security/device_cgroup/device_cgroup.c | 3 ++- {include/linux => security/device_cgroup}/device_cgroup.h | 0 security/device_cgroup/lsm.c | 3 ++- 3 files changed, 4 insertions(+), 2 deletions(-) rename {include/linux => security/device_cgroup}/device_cgroup.h (100%) diff --git a/security/device_cgroup/device_cgroup.c b/security/device_cgroup/device_cgroup.c index dc4df7475081..1a8190929ec3 100644 --- a/security/device_cgroup/device_cgroup.c +++ b/security/device_cgroup/device_cgroup.c @@ -6,7 +6,6 @@ */ #include -#include #include #include #include @@ -16,6 +15,8 @@ #include #include +#include "device_cgroup.h" + #ifdef CONFIG_CGROUP_DEVICE static DEFINE_MUTEX(devcgroup_mutex); diff --git a/include/linux/device_cgroup.h b/security/device_cgroup/device_cgroup.h similarity index 100% rename from include/linux/device_cgroup.h rename to security/device_cgroup/device_cgroup.h diff --git a/security/device_cgroup/lsm.c b/security/device_cgroup/lsm.c index 987d2c20a577..a963536d0a15 100644 --- a/security/device_cgroup/lsm.c +++ b/security/device_cgroup/lsm.c @@ -11,9 +11,10 @@ */ #include -#include #include +#include "device_cgroup.h" + static int devcg_dev_permission(umode_t mode, dev_t dev, int mask) { short type, access = 0; From patchwork Wed Oct 25 09:42:19 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Michael_Wei=C3=9F?= X-Patchwork-Id: 157983 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce89:0:b0:403:3b70:6f57 with SMTP id p9csp2479917vqx; Wed, 25 Oct 2023 02:46:28 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFYNSVDInrBGdv7Aeb6s377ja8lMQlucj14eevMv1DhVUo+bWsOYY/I2qGZNYWP9H8hr11F X-Received: by 2002:a05:690c:10c:b0:5a7:b560:12df with SMTP id bd12-20020a05690c010c00b005a7b56012dfmr16524608ywb.8.1698227187797; Wed, 25 Oct 2023 02:46:27 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1698227187; cv=pass; d=google.com; s=arc-20160816; b=XbKHUxUe4IanrbQrtxKMKc7qipV9/TPh8K8AlU5wjY7vVJxjjwtOWjdidlvl344AwA NMGbzl0UsDj6aO1WUAeyo30SmwJkv8lvkEJPbawvlIpeLQUH90kkQJqKKNRW98vgFlgd bF0EzkV1QK6gR2kCSDHmf3QwjjfyZ/Zpl80S6AU7lJGmKZO0RAP3jx9x+UJAXOP2Pcj/ 6JzqBU9M+c4TvG5VEYc0TTdUZIbbisFpIGHawx7IS7DLjA9BmFD0se7kMMgeylsvRc4P y3Gp1kH45xOldcGOptlX6OBI3mGhTX7mWHbsmEiPLdcOUXLiQMsNGyysUNFsnTA+UxeE hRaQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:content-transfer-encoding :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature:ironport-hdrordr:ironport-data:ironport-phdr :ironport-sdr:ironport-phdr:dkim-signature; bh=+wYA09Ez/WIUe3DVS+b/j50bQggTuJu8rqzdBeEY/5g=; fh=U9u/esc0XBb8N/pVu7kudxJPwEQ0AyrThcmR2LpYyxQ=; b=yZPqtSI1yp6GsZzxq43+f6xRNaDPkso4nhi6ftkbVU9KHGlVbRph7b6kUGa7ObYWEi 73zP04ZyBpex022vMW12X5a2mo3suR3X9b0U6awAbTDCW0d5DytvXM5fUXdD4zBckEpc zdtiMKdbJPKqPprAXsODjzcx163PHfPbaFmoRCzwsDV5Nmx1+8a/2G/IUibyjNS/IQ3t tlw1QGsu/jFDtkDwrkhBiUV4mjuOFfrNa+itv33486Mq3wUh6PYIVjRQHcplS/R5G3A0 r5skLptPA7EoaO0CbbQCik5FCM2CxLd4uikjfzLM2NUr3E0yTPeVbFYj6hrvSnFPKse9 UBpQ== ARC-Authentication-Results: i=2; mx.google.com; dkim=fail header.i=@aisec.fraunhofer.de header.s=emailbd1 header.b="i5xXELR/"; dkim=pass header.i=@fraunhofer.onmicrosoft.com header.s=selector2-fraunhofer-onmicrosoft-com header.b=Yp8EZet+; arc=pass (i=1 spf=pass spfdomain=aisec.fraunhofer.de dkim=pass dkdomain=aisec.fraunhofer.de dmarc=pass fromdomain=aisec.fraunhofer.de); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from groat.vger.email (groat.vger.email. [2620:137:e000::3:5]) by mx.google.com with ESMTPS id v4-20020a818504000000b00579e8b962adsi10668092ywf.175.2023.10.25.02.46.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Oct 2023 02:46:27 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) client-ip=2620:137:e000::3:5; Authentication-Results: mx.google.com; dkim=fail header.i=@aisec.fraunhofer.de header.s=emailbd1 header.b="i5xXELR/"; dkim=pass header.i=@fraunhofer.onmicrosoft.com header.s=selector2-fraunhofer-onmicrosoft-com header.b=Yp8EZet+; arc=pass (i=1 spf=pass spfdomain=aisec.fraunhofer.de dkim=pass dkdomain=aisec.fraunhofer.de dmarc=pass fromdomain=aisec.fraunhofer.de); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id 9A1168075B2D; Wed, 25 Oct 2023 02:45:54 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1343502AbjJYJpR (ORCPT + 26 others); Wed, 25 Oct 2023 05:45:17 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37526 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234733AbjJYJo6 (ORCPT ); Wed, 25 Oct 2023 05:44:58 -0400 Received: from mail-edgeka24.fraunhofer.de (mail-edgeka24.fraunhofer.de [IPv6:2a03:db80:4420:b000::25:24]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0B574193; Wed, 25 Oct 2023 02:44:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=aisec.fraunhofer.de; i=@aisec.fraunhofer.de; q=dns/txt; s=emailbd1; t=1698227060; x=1729763060; h=from:to:cc:subject:date:message-id:in-reply-to: references:content-transfer-encoding:mime-version; bh=zc6r04OKntnGPN69WQoGkeaQsx/13umKCd1ZT4QXIiI=; b=i5xXELR/bcFcu/siOxROTO9mw47uDR4k5ge6en+opDR3Pk3K9TiA+YFY z7VnDCwyfLbXW8kBURAKnNXn62VzyUbzFbwzfgPuYDmWzwEecrU60ysSB jKCOeGD3KAHX+nLv1wX8rIzIM5bMV1Cqe3yFIveMXXju9Ov2plzgfWD7h TmWzX5RsiXq6Kq4Ga3wEW32Xk7/I8SKYhO7x+bUaoKuKa7eNfjDn6cV3d hhBePM55eb2TVBQpti8zBn9JlmMmZT3AZ4Sh1C8P9qSJV+r8E9o1A/tE3 Tu+5bTJP09GJbt+vGbLtJUMcD8/lfcCZL9y+cWvOBfDgYdV8fY8eAhGFW g==; X-CSE-ConnectionGUID: HgCSW4cHRT2lw+NhGAh6tg== X-CSE-MsgGUID: 8wZWZV3fSdCjnpLJoco2Qw== Authentication-Results: mail-edgeka24.fraunhofer.de; dkim=pass (signature verified) header.i=@fraunhofer.onmicrosoft.com X-IPAS-Result: A2GuAABB4jhl/xmnZsBaHAEBAQEBAQcBARIBAQQEAQFAgT4EAQELAYIQKIJXhFORXpgmhAQqglEDVg8BAQEBAQEBAQEHAQFEBAEBAwSEfwKHGic3Bg4BAgEDAQEBAQMCAwEBAQEBAQECAQEGAQEBAQEBBgYCgRmFLzkNhACBHgEBAQEBAQEBAQEBAR0CNVQCAQMjBAsBDQEBNwEPJQImAgIyJQYBDQWCJliCKwMxshh/M4EBggkBAQawHxiBIIEeCQkBgRAuAYNbhC4BhDSBHYQ1gk+BSoEGgTd2hFiDRoJog3WFPAcygiKDLymLfoEBR1oWGwMHA1kqECsHBC0iBgkWLSUGUQQXFiQJExI+BIFngVEKgQM/Dw4RgkIiAgc2NhlLglsJFQw1BEl2ECoEFBeBEW4FGhUeNxESFw0DCHYdAhEjPAMFAwQ0ChUNCyEFVwNEBkoLAwIaBQMDBIE2BQ0eAhAtJwMDGU0CEBQDOwMDBgMLMQMwV0cMWQNsHxocCTwPDB8CGx4NMgMJAwcFLB1AAwsYDUgRLDUGDhtEAXMHnU2CbQE2RAkKAYEwVVIclhIBrnkHgjGBXqEJGgQvlyuSTy6HRpBIIKI+QoUIAgQCBAUCDgiBeYIAMz5PgmdSGQ+OIAwWg1aPe3QCOQIHAQoBAQMJgjmJEgEB IronPort-PHdr: A9a23:5HLOhRIdfDTsVc70ZdmcuDdnWUAX0o4cQyYLv8N0w7sbaL+quo/iN RaCu6YlhwrTUIHS+/9IzPDbt6nwVGBThPTJvCUMapVRUR8Ch8gM2QsmBc+OE0rgK/D2KSc9G ZcKTwp+8nW2OlRSApy7aUfbv3uy6jAfAFD4Mw90Lf7yAYnck4G80OXhnv+bY1Bmnj24M597M BjklhjbtMQdndlHJ70qwxTE51pkKc9Rw39lI07Wowfk65WV3btOthpdoekg8MgSYeDfROEVX bdYBTIpPiUO6cvnuAPqYSCP63AfAQB02hBIVkva3TiiD7rj9RTbi+cm9BehfsexT+1sUw2t4 Jt2agK4kj4VOxQ03VCQ18Ml38c56Bj0lgQv7rzZfMK2NthmfKfRc/UFHDRIZMoNbyhuXoOgQ bQDC7AQOudSvbajjFUUoDiTPwqiG83UwDJzoXXd4LQ66uInVifZ/Qp+P/Ict3v5j4zzH7cRD d64yIPi4DbgV+193R2stKn4Sw4ThNOUdqhUf9iJzRZyEDHAtASIsKzAFje5/d82sGOEt/Rva LqV1XcssyNU+Gadm54Uh67j15w0zH2Y5HhC7J8fZoKRHR0zcZulCpxWryaAK85sT9g/R309o C8h0e5uUf+TeSELzNEqyxHSaPXdL86G+Bv+UuaWLzpiwn5oK/qzhBe3pFCp0fa0FtK131BDs jdfn5HSu2oM2R3e5onPSvZ08kq7nzfa/w7J4/xCIUc6mLCdLJgkw7UqkYEUv1iFFSjz8Hg= X-Talos-CUID: 9a23:+aI0MmxVISnN7Tpc/YDGBgU0FeseTSHW7E3seUunSkBpZ5SVF0OfrfY= X-Talos-MUID: 9a23:6rJ+UwZu/MDiK+BT5yDeuwNcb8lT74+sDlgps5INvJO9Knkl X-IronPort-Anti-Spam-Filtered: true X-IronPort-AV: E=Sophos;i="6.03,250,1694728800"; d="scan'208";a="1802519" Received: from mail-mtadd25.fraunhofer.de ([192.102.167.25]) by mail-edgeka24.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Oct 2023 11:43:08 +0200 IronPort-SDR: 6538e32b_U3zacnnPsKZ3xGk6c341IlpSq4jaFx0096SuLkK3RE68Uhn ysGwwLRSC6fEcG6NC/egrYu1QmrmcISluIu582Q== X-IPAS-Result: A0AcAQC94Thl/3+zYZlaHAEBAQEBAQcBARIBAQQEAQFACRyBGQQBAQsBgWYqKAeBS4EFhFKDTQEBhS2GQYIhOwGXaoQuglEDVg8BAwEBAQEBBwEBRAQBAYUGAocXAic3Bg4BAgEBAgEBAQEDAgMBAQEBAQEDAQEFAQEBAgEBBgSBChOFaA2GTQIBAxIRBAsBDQEBFCMBDyUCJgICMgceBgENBSKCBFiCKwMxAgEBpTABgUACiyJ/M4EBggkBAQYEBLAXGIEggR4JCQGBEC4Bg1uELgGENIEdhDWCT4FKgQaBN3aIHoJog3WFPAcygiKDLymLfoEBR1oWGwMHA1kqECsHBC0iBgkWLSUGUQQXFiQJExI+BIFngVEKgQM/Dw4RgkIiAgc2NhlLglsJFQw1BEl2ECoEFBeBEW4FGhUeNxESFw0DCHYdAhEjPAMFAwQ0ChUNCyEFVwNEBkoLAwIaBQMDBIE2BQ0eAhAtJwMDGU0CEBQDOwMDBgMLMQMwV0cMWQNsHxYEHAk8DwwfAhseDTIDCQMHBSwdQAMLGA1IESw1Bg4bRAFzB51Ngm0BNkQJCgGBMFVSHJYSAa55B4IxgV6hCRoEL5crkk8uh0aQSCCiPkKFCAIEAgQFAg4BAQaBeSaBWTM+T4JnTwMZD44gDBaDVo97QTMCOQIHAQoBAQMJgjmJEQEB IronPort-PHdr: A9a23:lm+lThVn8LMB/Akmi+IVZ2jSJojV8KyzVDF92vMcY89mbPH6rNzra VbE7LB2jFaTANuIo/kRkefSurDtVSsa7JKIoH0OI/kuHxNQh98fggogB8CIEwv8KvvrZDY9B 8NMSBlu+HToeVMAA8v6albOpWfoqDAIEwj5NQ17K/6wHYjXjs+t0Pu19YGWaAJN11/fKbMnA g+xqFf9v9Ub07B/IKQ8wQebh3ZTYO1ZyCZJCQC4mBDg68GsuaJy6ykCntME2ot+XL/hfqM+H 4wdKQ9jHnA+5MTtuhSGdgaJ6nYGe0k9khdDAFugjlnwXsKyrRrT7rtQym6lHPD7FpwKYneoq KU2EBXRhyg7KhwkoHvOmMBagY9q50+u8k8aocbeNbCNZNdMc7+eXtE4XWhFUsh3SHUfC7mwM 7MLILYBIchno42ntlwPpwmBWyKiHu7M5wVLiGDY5qc36MMrOjzf3DUmGZUor1XS8vXVJqAdf MPsyoLYzmn9Yvd88xr+y7DWWRQL8K2tbYtuQ+/z0WI1Mw3X1lHP9IvXOgnEzv0tlkGfw8Fbb uGklDY5pDwpmGa2zd8Or9OXtN9M8l3j33Rn4YAYeczlc2JiS537Oc4D/zHfNpFxRNslWX0to ish17ka7IayZzNZoHxG7xvWavjCdpSBzj65CaCfOz5lgnJidr+lwRq/ogCsyez5A9G9y00C7 jFEnd/Fqm0X2lTN59KGRPpw8gbp2TuG2w3JrOARCU4unLfdK5kvz6R2kZwWsE/ZGTTxllmwh 6iTHng= IronPort-Data: A9a23:Qt00ray91deCC1/K5pp6t+ezwirEfRIJ4+MujC+fZmUNrF6WrkUEn GQbXD2AOfzZNmLzKYxyPo6x8UoF7cCAnd5jQAZtqFhgHilAwSbn6Xt1DatQ0we6dJCroJdPt p1GAjX4BJloCCWa/H9BC5C5xVFkz6aEW7HgP+DNPyF1VGdMRTwo4f5Zs7dRbrVA357hWGthh fuo+5eEYQf/hmYtWo4pw/vrRC1H7KyaVAww4wRWicBj5Df2i3QTBZQDEqC9R1OQrl58R7PSq 07rldlVz0uBl/sfIorNfoXTLiXmdoXv0T2m0RK6bUQCbi9q/UTe2o5jXBYVhNw+Zz+hx7idw /0V3XC8pJtA0qDkwIwgvxdk/y5WO+pKo7DsJSOFgZaK8w75dGvx7rZNNRRjVWEY0r4f7WBm7 vkEMHYAfhuDweysya+9Su5ii95lIMSD0IE34yw7i2CGS695ENaaGfqiCdxwhF/cguhLHP3eb scdLyVibQ/bSxROIVocTpwklfquhn7xficepF/9Sa8fujiDkF0ojuC1WDbTUoG7HttNvWOFn 1z59lnyHSg1H+Xc1CXQpxpAgceKx0sXQrk6Hbm15vdsjFCJ7mkSCBQSVFCqp7+yjUvWc9hFI lES9zAGrqUo8kGvCN7nUHWQqWWYlh0RQdxdF6s98g7l4rLd/gKxHmEZSntEb9s8uYk9QjlC/ lOAmdLkARRut7KYQGiX8afSqz6uUQAcK2MYZC4sTgYf5dTn5oYpgXrnS995DK+zyNn8BBn0w jaXvG4yiqt7pdUM0aqT/l3dhT+o4J/TQWYd9wXMdmyvqAh+YeaNZYuo7x7V5O1cJYyUSFWps 30NmszY5+cLZbmOjDeMRuoNNLKk/fCINHvbm1EHN4It+Ryi/HmseY0W6zZ7TG9pO8EAZDjBb 0jUtgdcopRUOROCb6hzeIuZCMkwy6XkU9P/WZj8d8dDZIRwcieG5yZwbEqd2Xyrm08p+YkhO I2cWdShC3cET6BmyiemAeAH3vk2xUgWwGLQQZfg5w+13KCTaH/TSaptGFKLb/pmt6KAiArQ+ tdbccCNzn13S+DkbST/8YcXKUEMa3M8APjeodRZXvCMLxAgG2w7DfLVh7Q7dORNm6VTi/eN/ XynXEJc4ETwiGeBKgiQbH1nLrT1Uv5XqXM9IDxpM02k1mYuZa6x46oFMZg6Z78q8Kpk1/Ecc hUeU5zdWbEeFXGepGVYNMOi6pJnMh/tixiHIiylZzYyZdhsSmQl5+PZQ+cmzwFXZgKfu9E3v rug0Q3WW9wEQQFjB9zRc/Wh0xW6un11pQ64dxGgzgB7KRSwort5YTf8lOE2KMwqIBDOjGnSn QWPDBtS4aGHr4Yp+ZObzeqJvqW4IdtYR0B6Jmj86arpFC/4+mH4/5RMftzVdh/gVUT12p6YW 8Nr89/GPsYqpm1667hHL+4zzIYVxcfemLtB/wE1QFTJdwuKD51jEFmn3O5OlK1E9pldiBrrX 0mK1IBQPLWXCsbbAXoUHg4Eb/uC594QiDL9/fQ4G2SkxS5VrZ6sc1ReAAmIswNZdIBKCYICx fwwnvIW5yiUqAsYAvzfgg96r22zf2E9CYM5vZQkMarXowsMyGAaR6fDCyXzsaq9W/8VPmYEe jar1bf/3ZJCzU//cl02J3jH/cxZob8s4Blq7lszF26lq+r/pM0c/UNuqGwsbwFv0B94/fp5O TFrO21LNKy+xWpUq/YZbV+8OTNqJUO/wVPw+WsrhWeCbkiPV07xFkMfF9uJ3ngk9zN7QmAG0 pCekH3oQBT7TvHXhyESY3Nom9bnbN529zDBpvyZItS4L8EERgTh04CTZjsuihr4AMkOqlXNi st08c1RN6DqFy4ijJcqKoud1IUvTAK2G0lfc/dD/K82QGbWIgO20jnTKHKKW9hsIsbS+hSSE P1eJcNoVjW/2h2RrzsdO7U+Hr9skNMt5/sAYrnOJ1Nag4CArzFsjo3cxhL+iEAvXd9qt8Q3c aHVSB6vDU2SgiFyt1LWjcwZJFe9X8YIVDf80M+x7u8NMZAJ68NoUEMq14qLr2enCxRm8z2Ur TH8SffvlcI68rtVnqzoDqlnLCe3I4mqVO23rSaCg+4XZtbLacrzpwcZr2f8BDtvPJwTZs9Wk Iqcu9umzWLHu7cLC1rioaejLJUQx8uOX7twCPnVfV16hiqJXfH+7yQTo16YLYN7q/IDx82Fa TbhVu6OW480YepN/FxUdClULDgFAYvVcKrLhH2wvtaMODcnwC3FK9KsryaxZkoGciInHZraD z3lisaQ+9l3/YF+ND4ZNd5bArtTAlzqaY05ffLf6BiaCWiJhAuZm73AzBAP1xDCOkOmIu3bv 63XZ0HZWkypmafqyNp5jdRDjicPBiwgvdhqL1MvxdFmrhubUkgEFL05GrcbAMh2lifS6snJV AvVZjF/NRSnDCV2SjSi0tHNRQzFO/cvPO3+LTkX/0+5TSe6KYeDIbl5/Bdb/HZEVWr//d6jN O0h1CX8DjqpzrFtYNQj1PixrONk5/Hdn1Yj20T2le7sCBc/X5QO8lFcHzR2aC+WKPGVyX33J lU0S14dEQv/AQT0HN17cnFYJAABsXm9h380ZCOI25DEt5/d0OREz+blNvru1qEYKv4HP6MKW Wi9Ul7lD7p6AZDPkfBBVwoVvJJJ IronPort-HdrOrdr: A9a23:udbVVazkvSrN4imnzHDpKrPwKL1zdoMgy1knxilNoHtuA6qlfq GV7ZMmPHrP4gr5N0tPpTntAsa9qBDnhPxICOsqTNOftWDd0QPFEGgF1/qA/9SJIUbDH4VmtJ uIHZIfNDShNzVHZYST2njcL+od X-Talos-CUID: 9a23:gFI0fmkzMFTiXhUi93bioQjiUS7XOXuawCzfCEvjM1YzUYHWdliA5Y4nsPM7zg== X-Talos-MUID: 9a23:GpZjHghM8gIT20o7nhiXPsMpafYz/byNLV00r6oPhsKbDANbAnSAk2Hi X-IronPort-Anti-Spam-Filtered: true X-IronPort-AV: E=Sophos;i="6.03,250,1694728800"; d="scan'208";a="188491600" Received: from 153-97-179-127.vm.c.fraunhofer.de (HELO smtp.exch.fraunhofer.de) ([153.97.179.127]) by mail-mtaDD25.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Oct 2023 11:43:07 +0200 Received: from XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) by XCH-HYBRID-03.ads.fraunhofer.de (10.225.9.57) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.27; Wed, 25 Oct 2023 11:43:07 +0200 Received: from DEU01-BE0-obe.outbound.protection.outlook.com (104.47.7.168) by XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.27 via Frontend Transport; Wed, 25 Oct 2023 11:43:07 +0200 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ckPCgIhynrw4ahf7Fgk+mzT9cbA4C/zoX3Bh62y7GMBrdugDnTM3tzRFa+cmp2cHHyVIEAU8ib5IJynpL7fWjx/NWFmYJ5TNiaCTGGADe5zxLPrhlf31yeHeO+4YRLf3nWdq/a9MhWVbyfUcyPNQFYhAN5aK0iGaJWaHbJ78Z4IKdQ3ls9YH7uiKNqz6XcR0ECNqrj9Cym000DDcxPXqdyhSPSSann/smRHEzTuqGCkMqkmTtTFtpbbb297iYDtOrPhM9HagEo0QwIk68j+Uo9L4A9y6hel0Aiv3gqUbN1/IccHJIfKq2NKuXGpsIx6Fb2aLsQjnsTYqsAQjktHS0w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=+wYA09Ez/WIUe3DVS+b/j50bQggTuJu8rqzdBeEY/5g=; b=DAvYpHdt5DIx6i5WA0RWUEDAYGVkqvRuVSrQxl5jXFfZwiIGIDWi32cqIF8KB+ry/f/PDvxwxUA7ODwjnBl9m1gvoEL72soJM/IalH4UqXVaf6yrvsmiMTKJJExL1/+v9OZt6saKRo4JYyCZuy5Kn0dDaDQpgl8BUfTT+rNWNbkILK6WXP/MYUNi09TWFrEnLd/+NN48dJ9Ua9c5RQdCibq9740Hnwwif0IZycmLqi22/qhusSWop5D1POrzKGqOTvKV0N7xqC0LLRyvMYZYNaTdRVvSsmWfUiP0pNYQ0TYdB81Io5KkbY2MZvAbpN1cfRBFWbiRMsDhYXNOO1B49A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=aisec.fraunhofer.de; dmarc=pass action=none header.from=aisec.fraunhofer.de; dkim=pass header.d=aisec.fraunhofer.de; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fraunhofer.onmicrosoft.com; s=selector2-fraunhofer-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+wYA09Ez/WIUe3DVS+b/j50bQggTuJu8rqzdBeEY/5g=; b=Yp8EZet+KjJpjldfNw16aRd4PlG4htFWdl2yoibzW6CfreKERkfwFSbeSObCUqhQnn/NwIn6HHzogEK1nCxk4VelBBEkKPvClB94IXQvZMJpCrLfz0l75oZmR9pqHMAlDCSSkcw0vgU0R6qcpJM26Z51PeOB9vInE4y5SDqB+7A= Received: from BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:50::14) by BE0P281MB0116.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:f::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6933.19; Wed, 25 Oct 2023 09:43:02 +0000 Received: from BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM ([fe80::7330:78f8:1bf2:2f4d]) by BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM ([fe80::7330:78f8:1bf2:2f4d%5]) with mapi id 15.20.6933.019; Wed, 25 Oct 2023 09:43:02 +0000 From: =?utf-8?q?Michael_Wei=C3=9F?= To: Alexander Mikhalitsyn , Christian Brauner , Alexei Starovoitov , Paul Moore CC: Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Quentin Monnet , Alexander Viro , Miklos Szeredi , Amir Goldstein , "Serge E. Hallyn" , , , , , =?utf-8?q?Michael_Wei=C3=9F?= Subject: [RESEND RFC PATCH v2 09/14] lsm: Add security_inode_mknod_nscap() hook Date: Wed, 25 Oct 2023 11:42:19 +0200 Message-Id: <20231025094224.72858-10-michael.weiss@aisec.fraunhofer.de> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20231025094224.72858-1-michael.weiss@aisec.fraunhofer.de> References: <20231025094224.72858-1-michael.weiss@aisec.fraunhofer.de> X-ClientProxiedBy: FR4P281CA0420.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:d0::17) To BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:50::14) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BEZP281MB2791:EE_|BE0P281MB0116:EE_ X-MS-Office365-Filtering-Correlation-Id: fd20babc-28cd-4fe9-8807-08dbd53ec7a8 X-LD-Processed: f930300c-c97d-4019-be03-add650a171c4,ExtAddr X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 3L0OwalW8Pcf3pnS90WB3/jKX9qQRFLjrV/v9SDEX4QESAkYO2NdKHisbPB1T9PfSUUU1q3VmN3dm3QEYLHD+Sqnutycnn7jOuyryc0udT1+UhG0jYotDNZplfBkm0etv2X6Kolq7cOXJ86JgR6kPu/ZFxHVeNJcinYv7fRyi6P/WCVWamjYnblEqh4NxkB3QjW15cVbthlxXUc8gFq0KdwYxRyHuFlUhDB1jScwhjWiJQVvskgj4VJNHDghtdFAsIwj7bqsUjy3Pj/fOFcbYtDwGe2MN3TEXXN3tAlky9ohV1/GuOyGiKSDHEanfLBQkKrKTZX+GzXROJdsX+7jHAn5bK2dcmA4CpWd6tTueoIoBORMKPE/IBFMELSO8KvsI7DS/PrGSlrhdyg6azuRb2SLdwnySqTUmZ232ukRx4ecffWyW3MMjIzg2TeHlxfAe9icS/0OB+f9kkyjb8wHS5R73V4LRCRyQElJGugWz5ldalHdhvas1KHw/SIpHpUEWsyJmddny3Um/aH/cly6YwQIwT0hxOm2OZo6OCznMvN1kUk+NbGnuHHA+88rmgtQ3XBTY4ha3u8Fi3LC4CoKnEiegUEUNL55Jtpi+fo5FLE= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230031)(366004)(346002)(136003)(396003)(376002)(39860400002)(230922051799003)(1800799009)(186009)(64100799003)(451199024)(66946007)(83380400001)(316002)(38100700002)(6486002)(478600001)(6666004)(54906003)(110136005)(66556008)(66476007)(1076003)(107886003)(52116002)(6506007)(2616005)(6512007)(15650500001)(7416002)(2906002)(86362001)(4326008)(8936002)(82960400001)(8676002)(41300700001)(5660300002);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?GuuTZbf4ZHRjNV3c2L/tLdsGCi5u?= =?utf-8?q?LSby7YyDvh682GOu3ed/AcR6xltutP7OaU9rvNK2WwitcEA97G+uKujCh3/P4ufwY?= =?utf-8?q?NXzcE4noQsCvk14d+TA2h6lQ5imPFh4JdrmuL9lOHddzK/4HHkTG5YQxt8s2dR0h9?= =?utf-8?q?NXRAT0nPczCeMH+WHwCucKwKHWhWn7K1TNejhlwEw52XjrjybF7woXmdXU6gN9865?= =?utf-8?q?VLmQTf0O461o3MfJwxPjUdVq88cxipYjRyrHjlvfz53tySFgZ0XmKkMrvD3ip0Wz4?= =?utf-8?q?//t8Xg1OM82rxlTeKhLIvajDvXLrXZUpJcE74HfI/tF+l8o4rp0yan6gUUoWwRO6A?= =?utf-8?q?IKpUCIvAKMJk5zykoNxq7rQWXo4exoeNDql0wJvTIrlGsBEc5CcpHb/EAKhWP7ItJ?= =?utf-8?q?XyenyxuYuV0odQGfX9VnOUoIfVxQtZEjOIfoPvzzHmdzI3f3Sct12tPp2BWRqCbj4?= =?utf-8?q?jojmw8PFFg1U4UTfe562ABg9IeLdxY196fLGU5IQTi9mXoYF8rgn0OAUw/l1Ex16M?= =?utf-8?q?k2/i+bmJAju/uh5FwRshPeigfTAqEfWAtTAKm3c2DTf5I9pzg44LT5EPvhz6q7D8p?= =?utf-8?q?obbMAWvX9cMoeMLq0KaoQ6AKcfO0P+Mw7uTX2yIundf3HFTjP43gwzW7+J0k7f4ES?= =?utf-8?q?ixSkUq/AlvqULhGl2eKVFWXLyqKvumJR+fPi3U4ru9iqoYWZcK/YXhT7siua+0BLK?= =?utf-8?q?48j7Rzitd5rlwykyzGHjzvnLuLF5S8BVSz0WuzlorN51g60qvIVJJaYs16IrTRq6s?= =?utf-8?q?bEB4ZRUb4NuuV7XUI+oHRGiEhKGz9MbQjm7GwdITO1S694LRkBvGbDGol9oK0hvEY?= =?utf-8?q?21K63cwAQKDDGVFtUxK2RWYMntwdu+S2YLS5SIVL8y4sA19twadgyt/tsONQTnIIL?= =?utf-8?q?+KESt3EvYTHrEUoYRwvTJ/sJZP+fDXNoPiSsug6KMgHMAj1A291bEH0+TX2XeEtXx?= =?utf-8?q?kPzxE5o2rj+HPs23Sj6BDMsGzVuI/pc/mUIYJmyIkHKayfZSZ3JaLM1YMYIXzCDDo?= =?utf-8?q?5F1MNp8OAwXHabP+Cp9GsM0jQvZU7BenL9np0b+H1GUj207TYnY7wyXR9PwfkTff2?= =?utf-8?q?8TUN3RMrD9MrUpLvro8IlIZYK0eZzAj8F1HbsK0XvurmRpcrRQ54eVXQIvSErqnH3?= =?utf-8?q?Is49tKc5y8JfAzPJL7vJrUSnidkQFhk7LNS+Dmlj0FW/sevHd70IGqW+yjKvZjt7s?= =?utf-8?q?HO+p6Jon8qjIntC6isflLj7jKY3KwcJ8usEqAKQE3hRhLA2vMF4TQHwGn9ebWmMqd?= =?utf-8?q?RTJ0emRjJZYquH5trMrDM6iegFfHxkb+BDQZotz8VnNP6bcHOJC6f9zasUGRi4hk6?= =?utf-8?q?7YZK2SwaSiYsSuahKFbzbsgkU2QguVcB8P7Q7cMYuCYNCzQBbH0+c7n643E8GMV8Z?= =?utf-8?q?fUaQ3tLVb3KrHwOc2kGlRds45wbZVRds2BXY7VaBSSjj00HrFvN2GH/2mo07hwCu2?= =?utf-8?q?Zut5v1sGTIAZzY435tnMapp1zH1fYAfOI0FJo1cnFZphnwy5noPXbXT0qWSNGf0S6?= =?utf-8?q?3wFKl2ETgCoU1Z39jyJPbFogtkFJGusn9CgfS1+Os7lugHhiNsi2AcQnIG7yZXCBo?= =?utf-8?q?3vKfF9Tg61yXUcVBKl6QPIWrX+Q2m5BXtBGt00CNHFfqEKAf7UzxhE=3D?= X-MS-Exchange-CrossTenant-Network-Message-Id: fd20babc-28cd-4fe9-8807-08dbd53ec7a8 X-MS-Exchange-CrossTenant-AuthSource: BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Oct 2023 09:43:01.9232 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f930300c-c97d-4019-be03-add650a171c4 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: i17tVnSt+K4uX1eDD0MLlzzeLFTb3HVld8pidfmBqZ3Zv8IBBg7K/qOE/+PGE44wqbS8uBu74a0sSfiCFRjlXwy5O+TeZZOIRxP5HA29c+TK5MFchOdoPqFk/inlWUO9 X-MS-Exchange-Transport-CrossTenantHeadersStamped: BE0P281MB0116 X-OriginatorOrg: aisec.fraunhofer.de X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Wed, 25 Oct 2023 02:45:54 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1780720272037218609 X-GMAIL-MSGID: 1780720272037218609 Provide a new lsm hook which may be used to allow mknod in non-initial userns. If access to the device is guarded by this hook, access to mknod may be granted by checking cap mknod for unprivileged user namespaces. By default this will return -EPERM if no lsm implements the hook. A first lsm to use this will be the lately converted cgroup_device module. Signed-off-by: Michael Weiß --- include/linux/lsm_hook_defs.h | 2 ++ include/linux/security.h | 8 ++++++++ security/security.c | 31 +++++++++++++++++++++++++++++++ 3 files changed, 41 insertions(+) diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h index a868982725a9..f4fa01182910 100644 --- a/include/linux/lsm_hook_defs.h +++ b/include/linux/lsm_hook_defs.h @@ -276,6 +276,8 @@ LSM_HOOK(int, 0, inode_setsecctx, struct dentry *dentry, void *ctx, u32 ctxlen) LSM_HOOK(int, 0, inode_getsecctx, struct inode *inode, void **ctx, u32 *ctxlen) LSM_HOOK(int, 0, dev_permission, umode_t mode, dev_t dev, int mask) +LSM_HOOK(int, -EPERM, inode_mknod_nscap, struct inode *dir, struct dentry *dentry, + umode_t mode, dev_t dev) #if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE) LSM_HOOK(int, 0, post_notification, const struct cred *w_cred, diff --git a/include/linux/security.h b/include/linux/security.h index 8bc6ac8816c6..bad6992877f4 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -485,6 +485,8 @@ int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen); int security_locked_down(enum lockdown_reason what); int security_dev_permission(umode_t mode, dev_t dev, int mask); +int security_inode_mknod_nscap(struct inode *dir, struct dentry *dentry, + umode_t mode, dev_t dev); #else /* CONFIG_SECURITY */ static inline int call_blocking_lsm_notifier(enum lsm_event event, void *data) @@ -1400,6 +1402,12 @@ static inline int security_dev_permission(umode_t mode, dev_t dev, int mask) { return 0; } +static inline int security_inode_mknod_nscap(struct inode *dir, + struct dentry *dentry, + umode_t mode, dev_t dev); +{ + return -EPERM; +} #endif /* CONFIG_SECURITY */ #if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE) diff --git a/security/security.c b/security/security.c index 40f6787df3b1..7708374b6d7e 100644 --- a/security/security.c +++ b/security/security.c @@ -4034,6 +4034,37 @@ int security_dev_permission(umode_t mode, dev_t dev, int mask) } EXPORT_SYMBOL(security_dev_permission); +/** + * security_inode_mknod_nscap() - Check if device is guarded + * @dir: parent directory + * @dentry: new file + * @mode: new file mode + * @dev: device number + * + * If access to the device is guarded by this hook, access to mknod may be granted by + * checking cap mknod for unprivileged user namespaces. + * + * Return: Returns 0 on success, error on failure. + */ +int security_inode_mknod_nscap(struct inode *dir, struct dentry *dentry, + umode_t mode, dev_t dev) +{ + int thisrc; + int rc = LSM_RET_DEFAULT(inode_mknod_nscap); + struct security_hook_list *hp; + + hlist_for_each_entry(hp, &security_hook_heads.inode_mknod_nscap, list) { + thisrc = hp->hook.inode_mknod_nscap(dir, dentry, mode, dev); + if (thisrc != LSM_RET_DEFAULT(inode_mknod_nscap)) { + rc = thisrc; + if (thisrc != 0) + break; + } + } + return rc; +} +EXPORT_SYMBOL(security_inode_mknod_nscap); + #ifdef CONFIG_WATCH_QUEUE /** * security_post_notification() - Check if a watch notification can be posted From patchwork Wed Oct 25 09:42:20 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Michael_Wei=C3=9F?= X-Patchwork-Id: 157984 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce89:0:b0:403:3b70:6f57 with SMTP id p9csp2479965vqx; Wed, 25 Oct 2023 02:46:37 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGbbWKwxznD5lz/Lza7uA5lJLPdkVtHMnX7pbIxgur9jJQ8kUz0n8lE38FRf97fQ3oiDgap X-Received: by 2002:a0d:eb8c:0:b0:5a5:65e:b847 with SMTP id u134-20020a0deb8c000000b005a5065eb847mr15368178ywe.34.1698227197692; Wed, 25 Oct 2023 02:46:37 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1698227197; cv=pass; d=google.com; s=arc-20160816; b=aJFMuoXy1sM6WOCWTOAss7VJRIepqMPAxOADrsp8Qf0Cwj62Ptsv1Oe1PFUb0cIUF7 tRCZApSEczt/nZrTkWWDc8nzqvXdCaJo7olkPoQGRanUCmCOaNVe/+N8BsTduHZn09iy obduHUoceT6GN0ALyRpPFP5+VZtkqDFixt3Ye0F282RknTl0tEjkNsGeBuivpgtqjiWr tezkORfGjeouiOBtveOzLJ1ATy/w5MhAJAjfJs1GjKnhk64Kz1YROB3qu0wo1UFBZdT4 Pu2gAPhjMJw4wk8fr4FfnItAx1v0y0tIrydkVdwub5njOt48yOeQ2oBQj5etDdA39DM2 vE/Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:content-transfer-encoding :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature:ironport-hdrordr:ironport-data:ironport-phdr :ironport-sdr:ironport-phdr:dkim-signature; bh=cIOTMO6yC7WdeCt0aKqWADZaSZCE3fJU0LTeLb0YV08=; fh=U9u/esc0XBb8N/pVu7kudxJPwEQ0AyrThcmR2LpYyxQ=; b=Rrf/mpD3nvE32PSvU837R8W0HMAGsPTEkH3JceWeV2O/wiiYZultBxqbGjjI28yl33 NISoKboDZYFyt7ZUpRpPxPS1mgE+I1IYrQuw6Gdk8QpZH05ZN8G+0Ehxl8UaZ+Xz3eKK ZuaLhO7ZB8e+GOrFeyDtIRCXyzep5ymuRxx3sfW03AUs4i5qriLPyRoeUdO+0MaGN8u0 Hs1r9Pb7rOeHFll3dJ0rwe9rzaqmjJgnwbpprd3tbtky8a28kGZmmdfBxTd7ptEpqii6 KxsELALYElwZunHdwf3pbvicC6fkGTYUFge3EGrirfiJi15vpyhXYeKBsNxNY/1Orn5D pu8Q== ARC-Authentication-Results: i=2; mx.google.com; dkim=fail header.i=@aisec.fraunhofer.de header.s=emailbd1 header.b=ETN9AftI; dkim=pass header.i=@fraunhofer.onmicrosoft.com header.s=selector2-fraunhofer-onmicrosoft-com header.b=dNUXAbV1; arc=pass (i=1 spf=pass spfdomain=aisec.fraunhofer.de dkim=pass dkdomain=aisec.fraunhofer.de dmarc=pass fromdomain=aisec.fraunhofer.de); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from morse.vger.email (morse.vger.email. [23.128.96.31]) by mx.google.com with ESMTPS id x62-20020a0dd541000000b0059f57c89016si10867809ywd.119.2023.10.25.02.46.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Oct 2023 02:46:37 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) client-ip=23.128.96.31; Authentication-Results: mx.google.com; dkim=fail header.i=@aisec.fraunhofer.de header.s=emailbd1 header.b=ETN9AftI; dkim=pass header.i=@fraunhofer.onmicrosoft.com header.s=selector2-fraunhofer-onmicrosoft-com header.b=dNUXAbV1; arc=pass (i=1 spf=pass spfdomain=aisec.fraunhofer.de dkim=pass dkdomain=aisec.fraunhofer.de dmarc=pass fromdomain=aisec.fraunhofer.de); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by morse.vger.email (Postfix) with ESMTP id E8B5580BE7FD; Wed, 25 Oct 2023 02:45:46 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at morse.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234841AbjJYJpW (ORCPT + 26 others); Wed, 25 Oct 2023 05:45:22 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37508 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234735AbjJYJo6 (ORCPT ); Wed, 25 Oct 2023 05:44:58 -0400 Received: from mail-edgeF24.fraunhofer.de (mail-edgef24.fraunhofer.de [IPv6:2a03:db80:3004:d210::25:24]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 78A4818C; Wed, 25 Oct 2023 02:44:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=aisec.fraunhofer.de; i=@aisec.fraunhofer.de; q=dns/txt; s=emailbd1; t=1698227060; x=1729763060; h=from:to:cc:subject:date:message-id:in-reply-to: references:content-transfer-encoding:mime-version; bh=gFNlG21hG/sxMF1KBM1RHVr2MMnDPrrmCyHPmjqTDOU=; b=ETN9AftI2VH5xZ+m0AI1/Qn1qe449Jt8fX1CnOfLnArXAeDMlbzAD5J3 UU9ROMInm6hzQvJiN3PKC4RfmWVvIUTUFwn4PSB0xE9YtnMKJaLNnYk/N w/NIVVhDWh70dtHAgY8ipn3mJXWv6OyMw84H0gr0aKikyf8TX4ZrRgADR 9fRzr/5xZlJ2Uy2MRcoPe9vB9I/q/p/DnplFSGGyaAkX6dVfNcRXo4jWf xGtQLmd5Vi0DSuUTl4mPOnJcdA0aiBqA2TT3v/qXOq1BE5l1yhDHO4flY r4yOr3zTLsS0Y9YF7XLCbiegVAB9CVUPflPbBLWltTxaI4laOQfK8YJ55 Q==; X-CSE-ConnectionGUID: FNRhH9OYR72QJYuNmKwI2g== X-CSE-MsgGUID: Em72RxrxRKisqQg4dlw01g== Authentication-Results: mail-edgeF24.fraunhofer.de; dkim=pass (signature verified) header.i=@fraunhofer.onmicrosoft.com X-IPAS-Result: A2ElAABB4jhl/xwBYJlaHAEBAQEBAQcBARIBAQQEAQFAgTsHAQELAYIQKIJXhFOIHYlBmCaEBCqBLIElA1YPAQEBAQEBAQEBBwEBRAQBAQMEhH8ChxonNAkOAQIBAwEBAQEDAgMBAQEBAQEBAgEBBgEBAQEBAQYGAoEZhS85DYQAgR4BAQEBAQEBAQEBAQEdAjVUAgEDIwQLAQ0BATcBDyUCJgICMiUGAQ0FgiZYgisDMbIYfzOBAYIJAQEGsB8YgSCBHgkJAYEQLgGDW4QuAYQ0gR2ENYJPgUqBBoE3doRYg0aCaIN1hTwHMoIigy8pi36BAUdaFhsDBwNZKhArBwQtIgYJFi0lBlEEFxYkCRMSPgSBZ4FRCoEDPw8OEYJCIgIHNjYZS4JbCRUMNQRJdhAqBBQXgRFuBRoVHjcREgUSDQMIdh0CESM8AwUDBDQKFQ0LIQVXA0QGSgsDAhoFAwMEgTYFDR4CEC0nAwMZTQIQFAM7AwMGAwsxAzBXRwxZA2wfGhwJPA8MHwIbHg0yAwkDBwUsHUADCxgNSBEsNQYOG0QBcwedTYJtATZECQuCBVIclhIBrnkHgjGBXqEJGgQvlyuSTy6HRpBIIKI+QoUIAgQCBAUCDgiBY4IWMz5PgmdSGQ+OIAwWg1aPe3QCOQIHAQoBAQMJgjmJEgEB IronPort-PHdr: A9a23:eEZLuhJkiVNlqM5m39mcuChnWUAX0o4cQyYLv8N0w7sbaL+quo/iN RaCu6YlhwrTUIHS+/9IzPDbt6nwVGBThPTJvCUMapVRUR8Ch8gM2QsmBc+OE0rgK/D2KSc9G ZcKTwp+8nW2OlRSApy7aUfbv3uy6jAfAFD4Mw90Lf7yAYnck4G80OXhnv+bY1Bmnj24M597M BjklhjbtMQdndlHJ70qwxTE51pkKc9Rw39lI07Wowfk65WV3btOthpdoekg8MgSYeDfROEVX bdYBTIpPiUO6cvnuAPqYSCP63AfAQB02hBIVgPkyy3fecngmXTFuudWxHGTHtTJZJwGUA+Qx IowRj3V0AM7OhozqFDp0pwl38c56Bj0qzpC86feXtilBOR6V/33Jv8HHjsefvhcCnRGRYm/f 5IjIeMFHLwDlamglUdU8jaROQutI/js1DR6gVnEmqo076N+Eg7sxTQlEYohl3n3po6yG7wvD v6N/rDYwxngQON//Rnns9fVdk96rsydf49tLePA6GAWLyXVhViAl4XcExOW9+crqlKD3/V4C Pv1lFY7lTohnB6k2uIAio6Zrb0Ww1Lc9GIi+942YuS7HR0zcZulCpxWryaAK85sT9g/R309o C8h0e5uUf+TeSELzNEqyxHSRabbNYaS6w/lVOGfLC0+iH82ML68hhPn6UG70aW8Tci71l9Ws zBI2sfBrHED1hHfq4CHR/Jx813n2GOn2Rra9+dEJk45j+zcLZsgyaQ3jZ0drQLIGSqepQ== X-Talos-CUID: 9a23:1E5CkmB2LER7pKT6EwdBzk40S+cUSCKH9VXhPmm9KnlIErLAHA== X-Talos-MUID: 9a23:oRpsBwbCKfluSuBTmjqz3gtyLtdSwKW1EXkCzZkCpJHdOnkl X-IronPort-Anti-Spam-Filtered: true X-IronPort-AV: E=Sophos;i="6.03,250,1694728800"; d="scan'208";a="62757490" Received: from mail-mtaka28.fraunhofer.de ([153.96.1.28]) by mail-edgeF24.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Oct 2023 11:43:10 +0200 IronPort-SDR: 6538e32d_qqFUkNDfE+GaAo77s5JplLIbgmHxK1JyQ2+Knb8aIqCaohb 4QUEFxf5fUoJMNQFxPw7VF3SLuqrO3ByhgM+XGA== X-IPAS-Result: A0A8AAC94Thl/3+zYZlaHAEBAQEBAQcBARIBAQQEAQFACRyBFgcBAQsBgWYqKAeBS4EFhFKDTQEBhE5fhkGCITsBl2qELoEsgSUDVg8BAwEBAQEBBwEBRAQBAYUGAocXAic0CQ4BAgEBAgEBAQEDAgMBAQEBAQEDAQEFAQEBAgEBBgSBChOFaA2GTQIBAxIRBAsBDQEBFCMBDyUCJgICMgceBgENBSKCBFiCKwMxAgEBpTABgUACiyJ/M4EBggkBAQYEBLAXGIEggR4JCQGBEC4Bg1uELgGENIEdhDWCT4FKgQaBN3aIHoJog3WFPAcygiKDLymLfoEBR1oWGwMHA1kqECsHBC0iBgkWLSUGUQQXFiQJExI+BIFngVEKgQM/Dw4RgkIiAgc2NhlLglsJFQw1BEl2ECoEFBeBEW4FGhUeNxESBRINAwh2HQIRIzwDBQMENAoVDQshBVcDRAZKCwMCGgUDAwSBNgUNHgIQLScDAxlNAhAUAzsDAwYDCzEDMFdHDFkDbB8WBBwJPA8MHwIbHg0yAwkDBwUsHUADCxgNSBEsNQYOG0QBcwedTYJtATZECQuCBVIclhIBrnkHgjGBXqEJGgQvlyuSTy6HRpBIIKI+QoUIAgQCBAUCDgEBBoFjPIFZMz5PgmdPAxkPjiAMFoNWj3tBMwI5AgcBCgEBAwmCOYkRAQE IronPort-PHdr: A9a23:6zXrWBT+0EVSYsnXMXNFXV55E9psovKeAWYlg6HP9ppQJ/3wt523J lfWoO5thQWUA9aT4Kdehu7fo63sHnYN5Z+RvXxRFf4EW0oLk8wLmQwnDsOfT0r9Kf/hdSshG 8peElRi+iLzKh1OFcLzbEHVuCf34yQbBxP/MgR4PKHyHIvThN6wzOe859jYZAAb4Vj1YeZcN hKz/ynYqsREupZoKKs61knsr2BTcutbgEJEd3mUmQrx4Nv1wI97/nZ1mtcMsvBNS777eKJqf fl9N3ELI2s17cvkuFz4QA2D62E1fk4WnxFLUG2npBv6C5zQlRffkbRs83alMcDdUeg9ei2dx otZQSTaowpcORwEqEXrh+h61JNl+EL09Hkdi4SBbKeoBNN0QPrtTc0ebDRrBepMDH0eIr2xM tMISOACLf90gYD5hgFVlzvjNxX2W87A9j1JoWT1w6YI1MITVgbI4Et/HN0kqUzRoo3aE6oxW 7vy47L1kiv7XepG1xvex5jhVj47+q6RWe0rfvfA63QySyrUr3ypkar1ND6F6O00n0iYzulGT Ni3u3E/9hgrvQCz+Px8tK/Cmqc5yleU3hp6yYQtJJrjcxZ4JuenRcgYp2SbLYxwWsQ4XyRyt T0nzqFToZegZ3tiIPUPwhfeb7mCb4Gry0izEuiLKCp+hHVrdaj5ixvhuUSjy+ipTsCvyx4Kt StKlNDQq2oAnwLe8MmJS/Zxvw+h1D+D2hqV67RsL1o9iKzbLJAs2Pg3kJ8Sul7EBSj4hAP9i 6r+Sw== IronPort-Data: A9a23:/4GW7K9XJWpSyEoPCj00DrUDBHqTJUtcMsCJ2f8bNWPcYEJGY0x3x jEYD2vXafyIamT3Kt1+bomwpEkHscDVyt83SgU++HpEQiMRo6IpJzg2wmQcn8+2BpeeJK6yx 5xGMrEsFOhtEjmG4E3F3oHJ9RFUzbuPSqf3FNnKMyVwQR4MYCo6gHqPocZg6mJTqYb/W1jlV e/a+ZWFYwb9gWMsawr41orawP9RlKSq0N8nlgFmDRx7lAe2v2UYCpsZOZawIxPQKmWDNrfnL wpr5OjRElLxp3/BOPv8+lrIWhFirorpAOS7oiE+t55OIvR1jndaPq4TbJLwYKrM4tmDt4gZJ N5l7fRcReq1V0HBsLx1bvVWL81xFaEY0o/pIimHjZeo9HbvVVrvxrI1L2hjaOX0+s4vaY1P3 ecdNChLYwCIh6S42rumTOlriMk5asXmVG8dkig9lneIUrB/HsGFGv+VjTNb9G9YasRmGPfVZ 8MUbXxwYRXbeDVGO0waA9Qwhu61gHn4fTBC7l6YzUYyyzGIkVQuj+mwYbI5fPS7QcZagEW6r 1vl+kX8LU1ED8K87zyspyfEaujn2HmTtJgpPLS8++5jhlGe3EQWCR0fUVqwsP//gUm7M/pVM UUJ/Cc0has/7kqmSp/6RRLQiHefojYfVsBWHul87xuCooLM6hudLnANUzoEbdshrsJwTjsvv neFltXoCDhHsbqaRHuH/LCE6zW/JUA9JGkOfy4FZQgI+d/upMc0lB2nZtNqCrK0iJvxECzYx zGMsTh4i7gN5eYQ0KO01VPKmTShot7OVAFdzhTXRUqr5EVyY4vNT46v6V6d4/9bMI+TQ1+Nl HcBksmaqusJCPmllzSWQeMCHJmq6uyDPTmahkRgd7E6+zqF9HmkcoRdpjp5IS9BMs8DfSLuS EDUvgxV6dlYO37CRa1wZ5m4I8cn167tEZLiTP+8RsNTb55tdQmv/Tppe0eU0mbx1kMrlMkXJ 5aBdu6+AHAbF+JjzTyrV6Eay7Bt2yNW7WbSRpT81Dy8w7eEaXKUD7cYWHOHa+Ejs/iFpC3a9 t9eM42BzBA3ePbzeCba2Y4aKVQbKz4wApWeg8ZPeMadLQd8XmIsEfncxfUmYYMNt6BUkPrYu 3KwQElVzHLhinDdbwaHcHZubPXoR5kXhXY6OzE8eFiz13U9bIKH8qgSbd00cKMh+eglyuR7J 8TpYO3ZX68KG2uComtMKMCn88p8cVKgwwyUNjejYD8xcoQmSwGhFsLYQzYDPRImV0KfncUkq qCm1gTVTIBFQAJnDc3Mb+mowU/3tn8Y8N+elWOSSjWKUBS9rNpZOGbqg+UpIsoBDxzGy3HIn 0yVGBoU762F6YM87NCD1+jOopaLAtlOOBNQP1DayrKqagjc3G6omrFbXMiyIDvyaWLT+YeZX 9tz8c3SCvM8sWxxg9JOKIozlaMazPnzloBe1TVhTSnqbUz0K7ZOIUum/Mhot49Nz49/vTqnB 0eE//cDM7CJJvHgLk81ITAhT+Wc1MM7nivZwuQ1LX7bug523uujemdDMyacjBdyKONOD7ok5 uM6qegq6wCboTg7AOas1yx72TyFES0dbv8BqJofPr7OtiMq7VNzObrnFS785cC0WeVma0UFD Gedu/vfuu562EHHTnsUEErN18p7gbAlmkhD7H0GFmSztuv1vN0F9zwPzm1vVSVQ9AtN7MxrM GsyN0FVG7SHzw01uOd9BVKTCyNzLzzH3Hfuymk5tnzTFGipcW3vEFcTG8iw+GIhzmYNWQQDo Z+5zj7+XCfIbfPB+HI4eXRYpszJSf1z8Qz/m/6bIfmVIqliYRTZr/+vQUEqtyrYBdgAgRybh Otyo8d1R67JFQ8RhKwZGYOq76s0TS7YFTZNXMNn3qMFIjzbcmuA3TOPdkODQeJWBvnw6UTjI ddfFsFOcBWf1Si1sTEQA5AXEYJ0hPIE4NkjeKvhAGw774uksTtitazP+hjEhGMER8tkleA/I Njzcw2uP3Oxh3wOvUPwt+hBZ3SFZOcbaD3G3Oya9PsDE7QBurpOdWAwyr6FgGWHAjB4/h67v BLxWIGO9rZMkb9TporLFrlPIy6WKtmpDeSBz12VguR0NNjKNZ/DihMRplzZJD9pBLo2Welst LGzodXyjVLkvrE3bjjjoKO/NZJ1vOe8YOkGFfjMDih+vTCDU8rS8Rc86ziGCZhWouh8uOijZ SWFMfWVS/BEdetZ9nNvbwpmLy08EIXyN6fpmjO8pa+DCz8byg32E+mk/n7IM0BeWDcDYaP8L grGqsee2M1Rg9VJNi8lGsNJPp5cC33gUJsAaNfem2S5DG6po1XaoZrkt0Mqxg/qA0m+MvTRw Mz6VDmnUzrqo4DO7tVSk7Iqjy0tFHwn3NUBJBMMyeB5mxWRLTAgL91EFb4kF5sNsCj59K+gV QH3dGF4VBnMB2VVQy7dvubmcByUXNEVG9HDITcswUOYRgG2CK6EA5pj7i1Q2Gh3SBSy0NCYL cwixVOoMiiT2p1JQcMh1s6/i8pjxdLYwSss0mL5mMrQHR0fIOsr0FpMIQlzbhHEQvr9zBjzG WsIRG56GRDxDQa7FMt7YHdaFS0IpD6lnX1icS6Lx82ZoImBivFJzPrkIezoz7kfd4IwKaUTQ W/sDX64i4xMNqf/ZYNy0z7xvZJJNA== IronPort-HdrOrdr: A9a23:1ECvRKM9OzLtw8BcTvyjsMiBIKoaSvp037By7TEVdfUnSL39qy nOpoVi6faaskdzZJhNo7y90cq7MAjhHPxOkOss1N6ZNWGM0gaVxepZg7cKtgeBJ8SIzI9gPM lbHJSWQ+eAamSSxfyKhjVQPexQueW6zA== X-Talos-CUID: 9a23:Xr3eSm59CeGjma3vadss+BA+Ku4mI0Xhl0zrGGaeKGVsD+a2YArF X-Talos-MUID: 9a23:7Czu4QTdESZ0R/1hRXTdgDJtKsRK6p2NDWEIvslYgNenEypZbmI= X-IronPort-Anti-Spam-Filtered: true X-IronPort-AV: E=Sophos;i="6.03,250,1694728800"; d="scan'208";a="135077959" Received: from 153-97-179-127.vm.c.fraunhofer.de (HELO smtp.exch.fraunhofer.de) ([153.97.179.127]) by mail-mtaKA28.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Oct 2023 11:43:08 +0200 Received: from XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) by XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.27; Wed, 25 Oct 2023 11:43:08 +0200 Received: from DEU01-FR2-obe.outbound.protection.outlook.com (104.47.11.169) by XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.27 via Frontend Transport; Wed, 25 Oct 2023 11:43:08 +0200 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=e2hzgb8r7hZalJF0ZM2bkrYt5zOI2Yeh52VSsO3MiBtOm8Abdht3AAeWtavVWCcro6E0QUsykMYy0HbvogvfsTVvfaXttf5gV43jY36KsPR9iefohkGUC2mldifWnxWwcsJVym0VrzqI1dmEPHatbeuz3M26KdWVpSkqkJSVTkL7+GubtL1Hq1iDwvClKd66clXm9mOOVifEUJrxxDNjhxt4W34wACV6WXFCKBF+QQSoDEvBfu/7NR1eISf1zJTfBADh+6wnR73/S7b9v7ztmr01JFhcmhhSlJHeeunx/5iQbKAvRYcvBUdMkD7sAjgCeTiPEYwiaVSQ0eA2oUUjHg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=cIOTMO6yC7WdeCt0aKqWADZaSZCE3fJU0LTeLb0YV08=; b=Qpb5n5l+AqRU/0oum+MBrunSDz1eWoTtXIrg5+0o42NyfYCA9VYSEvexjkhsGOlNfOui7hHLvH6uidZXs3eVn/0LtWnxf2IW1PLjTIEaorg4LOTJtk3m04CvYxYJqs/XXKyU5CLZ2IY2elRZMhqReamQ350nGXtqaeKl27XUlqV64MlKh0KjJK5vCleFQcP0vQZj739foVMg7drFAXm2hwVLNI9vSsZwWxZ0YgnsJTgxBxTOzkhKiTS6HtZ7mnAIB876N1IVAxJyQgjZWJq3YhOot0gouvqlFRpbJ3HCVVuvaSFUKvjVtNZgVrJ4HSS+KfcqJ8QfORuDDnbxTi9C5w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=aisec.fraunhofer.de; dmarc=pass action=none header.from=aisec.fraunhofer.de; dkim=pass header.d=aisec.fraunhofer.de; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fraunhofer.onmicrosoft.com; s=selector2-fraunhofer-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=cIOTMO6yC7WdeCt0aKqWADZaSZCE3fJU0LTeLb0YV08=; b=dNUXAbV1XXvlA6B3Du397HVe50o/bkxqDFalI23RH5Zt27EGTjiOskvcZoNZ/ofT/7kgBqPmf0GOeKb3/GsU7vPZqxfDKGxALFr37ul73gUyJUu4AyIAQPNxcexVaQDHkIkNqRpXwp5q2wPtVS8VNctMDho8CWkajpi/3S0k/Qk= Received: from BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:50::14) by BE0P281MB0116.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:f::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6933.19; Wed, 25 Oct 2023 09:43:03 +0000 Received: from BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM ([fe80::7330:78f8:1bf2:2f4d]) by BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM ([fe80::7330:78f8:1bf2:2f4d%5]) with mapi id 15.20.6933.019; Wed, 25 Oct 2023 09:43:03 +0000 From: =?utf-8?q?Michael_Wei=C3=9F?= To: Alexander Mikhalitsyn , Christian Brauner , Alexei Starovoitov , Paul Moore CC: Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Quentin Monnet , Alexander Viro , Miklos Szeredi , Amir Goldstein , "Serge E. Hallyn" , , , , , =?utf-8?q?Michael_Wei=C3=9F?= Subject: [RESEND RFC PATCH v2 10/14] lsm: Add security_sb_alloc_userns() hook Date: Wed, 25 Oct 2023 11:42:20 +0200 Message-Id: <20231025094224.72858-11-michael.weiss@aisec.fraunhofer.de> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20231025094224.72858-1-michael.weiss@aisec.fraunhofer.de> References: <20231025094224.72858-1-michael.weiss@aisec.fraunhofer.de> X-ClientProxiedBy: FR4P281CA0420.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:d0::17) To BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:50::14) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BEZP281MB2791:EE_|BE0P281MB0116:EE_ X-MS-Office365-Filtering-Correlation-Id: ce86aa94-ab14-4c5e-f490-08dbd53ec8b5 X-LD-Processed: f930300c-c97d-4019-be03-add650a171c4,ExtAddr X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: QbgbIKIngUxtsPJvgT/sCum3eicU7A48hQd8rzkB01YSVWePCPn9urLE6xLhCr+8DwAvftzISqEaQ3ywUOz7iscGXT5WP2+De4wlqlV71djhDgtobVw6myqlPkMYZbh7aAkP3joQXuCB0F5ocb4tyJdKu87qDEIUnd056cT+fjjGRtz6keVpC01roAa2Wxko4AogCHnrS5tOctiNMq5JP/89Dpa+K8sHTNLNPRoOvvv4NCnghvbYCIb7tCc8u9OaD/PxxhCBGDiq2aqo1EAU2iudgKYKDhzAttJRHQTyMB9vU1PtzcZtPKMa2TAu4tvf8+Fv1uqoktkW5EOol4jhoJvYUlBBaVdlrdQK9LLewv6M6BJbOk1ClyKIkrV/JWLHvlXahVeXdZ1/tH0mZ59uP5AOuvcvodbGn+Oqgc0HRMdcG/OnDXQix//9cAJ6XQBIRbIM/KrFGNcGvahrLyQHaDOb9bja1zP5IPMkgJaxaV5qZrlILa8BLyGXl0tp9hkfg2UTq7ySzvd01PNJ/8OVBonSOuxg100v/uNz6X63KS+mch8Iu14OCW1DyxbmrDmvF0gKDroaK3fURtyxn0zVWkdqUO2lMaBBunEzhXZ7WzU= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230031)(366004)(346002)(136003)(396003)(376002)(39860400002)(230922051799003)(1800799009)(186009)(64100799003)(451199024)(66946007)(83380400001)(316002)(38100700002)(6486002)(478600001)(6666004)(54906003)(110136005)(66556008)(66476007)(1076003)(107886003)(52116002)(6506007)(2616005)(6512007)(15650500001)(7416002)(2906002)(86362001)(4326008)(8936002)(82960400001)(8676002)(41300700001)(5660300002);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?dj1BvMTw1m21SSIcSmRzNEd9rBlE?= =?utf-8?q?ldpElMrWV+Gjr4ySiNIo+h28jM4ZmrU48pGQxkhv1WZnJbJnJ0Z9apOSWF8QbfcBk?= =?utf-8?q?H0YN5On7Bxtx8zbDSJQMS/aUMCzPZ+8yobS9VG5uUFKRXdR+PPpjM1+mV7cA3ROP6?= =?utf-8?q?P28nqNAjJPZASAPKYSpLzot1ednc+Gugp/4PeR+5+LqVghRZeUV75cH3o4ypKJaK/?= =?utf-8?q?YAhmJ9gdA7dI4yCt1rgZjNeBiynlyH5TotzxDOtphQYVgXPb0CYUfJMLD0R1RqFQz?= =?utf-8?q?shgxYAjDwzwrzW8uWIdwCHAXUkySGO2xIhKUc3kUJx4ckO2IluMZU/Eh5jafY5zcE?= =?utf-8?q?FgX2oeuDtypVkWrDlGgWvVBsO70qu4mxF2Zy7qtY2+LweyGJLuOuxzCRapoGXkbcS?= =?utf-8?q?6M4K/aUkZLh7KM9Aa1l+WzhbZN8EwC27lDPAE+c0vRk6MIFggMn85gAInTPzvGj0f?= =?utf-8?q?/9HQdvDXOMMI7z6TA5L+6Wk2UsPmGEj9QmnNccTHTf5xeJNpQmLYavJteS4jvrU8C?= =?utf-8?q?9Vn9CqoeFcNA5uk0Xn1Hutlx4vRDh3ye8omtDtzd1l1QS3a4B9EoEM+Bw4Q+clzk2?= =?utf-8?q?ZTcgDXJpmHsPXNJ/po0ZrosZFj/KBjCoz2sqhoZ5mQpztEEDLzAqo2YRv60MLyPHP?= =?utf-8?q?HS39lxt+C0UW5qoz1Q3/7YHDnWyCeNaVGpdu8vLVuqL4hNUjPyTTrJhJP65twEDUw?= =?utf-8?q?2nVLSuPF2iORQO+LCPLL/Bzc3SaG2LQaJKXqXuKo2P5jlFFmDVni6fWsNRwNTi/Vu?= =?utf-8?q?Oj1NBfKYUaiS/TzTdTzULhahnwssQxtPNzh4kX9yeCx2a1TMflrMadQAegwhBuz0f?= =?utf-8?q?+TTQAaZqWOWFhRuFxBwNuYDJ5KlC1iuCek8HwQB3ObrUaKfr1jlHs2x1Mrj7hBOfg?= =?utf-8?q?7E0URDuMrQRFEx+7CbtDJFrU/OUwfiutgaIPm9D+VrAxiUvruVjrl5tnPSAMQA2K1?= =?utf-8?q?zmxqmmxrORTNoRulJegdBT+5B7L/3aML+M5AkttL+GaQDtD2ylPlucFtOOApwEQW4?= =?utf-8?q?SQzdmLzaAniijbwc+gJnEsVW5HSZmExOsnOeyUguSkYBFhD6WAzV46wyB2bjCC76C?= =?utf-8?q?f9qSDab5Pxjx8V2bJsPpzkBtpLCiN5ouEDuwwsNTPBOsiV6OfuK3sPZnLIVkIgP76?= =?utf-8?q?i2qqT0hkIZb3bwBhkdNXtTOiS3dlyrGqZzsvNyX3alqpfR7JWaw3xtCmZ4uzIKPs6?= =?utf-8?q?uA7MzlNUE09q+f3VOMhVjSdxlpwp+KiD9hUQcb3SmbhEpjIie2SQKIzr0KKpUUWpK?= =?utf-8?q?X/7MD4aIShD39fWfPYRGN2IU2dzJV4jYofW5XkE4+JBmzSb9E1imhKmYaqvY/o79I?= =?utf-8?q?K8XXnH5eTgGbhi3RwWTlr3fhI3QI5tL7YIpOEe9HA9NcVx/CfUQh2YwoV6g0YRXHv?= =?utf-8?q?CLsrpkjc+9ytJQcJcg82IGPvfkw/28l5eKBcXFz2N71jQh/puDo9ruZsDLTOO09Xa?= =?utf-8?q?NNXczV0m9ln9OUqY6Zgkh+YaK7Bw76UOOOpLHrn2K4r3aGsoW9zbmxpbG7QqEnGXq?= =?utf-8?q?DWuHH7x3vm5BOmKBm5SosdiJ3yYm4ro7ui/XghS2awd0huzIgOsz/wT/KnBT6CKC3?= =?utf-8?q?vo3aXBXLt2+ayn/+SlXnuLdx8E715HKeKC312uXWCAv5Czigv4Tq1A=3D?= X-MS-Exchange-CrossTenant-Network-Message-Id: ce86aa94-ab14-4c5e-f490-08dbd53ec8b5 X-MS-Exchange-CrossTenant-AuthSource: BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Oct 2023 09:43:03.6216 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f930300c-c97d-4019-be03-add650a171c4 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: JgeP67re2q74JkCUO30lzjbAs+YaH9mKGtX3aa1EDydjk67ULJNDox/xr3C+mEVtIbzR0v14mz4P5IHzheYMFWb9xw3QkIN/bArfkH1/gJ4+r/cHrfLfBk1yhrOHCDkF X-MS-Exchange-Transport-CrossTenantHeadersStamped: BE0P281MB0116 X-OriginatorOrg: aisec.fraunhofer.de X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on morse.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (morse.vger.email [0.0.0.0]); Wed, 25 Oct 2023 02:45:47 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1780720282297418368 X-GMAIL-MSGID: 1780720282297418368 Provide a new lsm hook which may be used to allow access to device nodes for super blocks created in unprivileged namespaces if some sort of device guard to control access is implemented. By default this will return -EPERM if no lsm implements the hook. A first lsm to use this will be the lately converted cgroup_device module. Signed-off-by: Michael Weiß --- include/linux/lsm_hook_defs.h | 1 + include/linux/security.h | 5 +++++ security/security.c | 26 ++++++++++++++++++++++++++ 3 files changed, 32 insertions(+) diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h index f4fa01182910..0f734a0a5ebc 100644 --- a/include/linux/lsm_hook_defs.h +++ b/include/linux/lsm_hook_defs.h @@ -278,6 +278,7 @@ LSM_HOOK(int, 0, inode_getsecctx, struct inode *inode, void **ctx, LSM_HOOK(int, 0, dev_permission, umode_t mode, dev_t dev, int mask) LSM_HOOK(int, -EPERM, inode_mknod_nscap, struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev) +LSM_HOOK(int, -EPERM, sb_alloc_userns, struct super_block *sb) #if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE) LSM_HOOK(int, 0, post_notification, const struct cred *w_cred, diff --git a/include/linux/security.h b/include/linux/security.h index bad6992877f4..0f66be1ed1ed 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -487,6 +487,7 @@ int security_locked_down(enum lockdown_reason what); int security_dev_permission(umode_t mode, dev_t dev, int mask); int security_inode_mknod_nscap(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev); +int security_sb_alloc_userns(struct super_block *sb); #else /* CONFIG_SECURITY */ static inline int call_blocking_lsm_notifier(enum lsm_event event, void *data) @@ -1408,6 +1409,10 @@ static inline int security_inode_mknod_nscap(struct inode *dir, { return -EPERM; } +static inline int security_sb_alloc_userns(struct super_block *sb) +{ + return -EPERM; +} #endif /* CONFIG_SECURITY */ #if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE) diff --git a/security/security.c b/security/security.c index 7708374b6d7e..9d5d4ec28e62 100644 --- a/security/security.c +++ b/security/security.c @@ -4065,6 +4065,32 @@ int security_inode_mknod_nscap(struct inode *dir, struct dentry *dentry, } EXPORT_SYMBOL(security_inode_mknod_nscap); +/** + * security_sb_alloc_userns() - Grand access to device nodes on sb in userns + * + * If device access is provided elsewere, this hook will grand access to device nodes + * on the allocated sb for unprivileged user namespaces. + * + * Return: Returns 0 on success, error on failure. + */ +int security_sb_alloc_userns(struct super_block *sb) +{ + int thisrc; + int rc = LSM_RET_DEFAULT(sb_alloc_userns); + struct security_hook_list *hp; + + hlist_for_each_entry(hp, &security_hook_heads.sb_alloc_userns, list) { + thisrc = hp->hook.sb_alloc_userns(sb); + if (thisrc != LSM_RET_DEFAULT(sb_alloc_userns)) { + rc = thisrc; + if (thisrc != 0) + break; + } + } + return rc; +} +EXPORT_SYMBOL(security_sb_alloc_userns); + #ifdef CONFIG_WATCH_QUEUE /** * security_post_notification() - Check if a watch notification can be posted From patchwork Wed Oct 25 09:42:21 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Michael_Wei=C3=9F?= X-Patchwork-Id: 157981 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce89:0:b0:403:3b70:6f57 with SMTP id p9csp2479889vqx; Wed, 25 Oct 2023 02:46:22 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEAScAB32U2Hm/1jyAq1JYfwsF+wXGTuohMzgAOQVTFt2OZN6h025vwN2jb19ByMMYyUmKT X-Received: by 2002:a05:622a:c7:b0:41c:bae1:ca6c with SMTP id p7-20020a05622a00c700b0041cbae1ca6cmr16454809qtw.65.1698227181918; Wed, 25 Oct 2023 02:46:21 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1698227181; cv=pass; d=google.com; s=arc-20160816; b=wPSbHIYmg0BMFmbjOOIjT1LTzV5Hn3CG7ChPplKiFfHpitfu0xp1FAx1tcpF8mH513 nHXAevUqqkHZxuhFkt0cb6A9CKdE/0MyDB6NDUl9YkgGdctRJpPCnyU+BGUJBMMMw6EU dxuMTHzDtU3X27Mn8XSCtHns8VNBVndbS1HmrhK9jwk9KDk4ooK8om6CLqBLWl8gNaW0 p4N7Gib68Tpiwx1D9lZSdmeMWHDzn6gICA4bsbe8bUhx03zCynGq2JsZ+PrzhYcv0bR7 bHkoaj364nJH0tShMPYe51CqwevUZ3iaeQ8DouzuEaxPDn6mVs1dpr8Z9j+KvgSmcYQo VRdA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:content-transfer-encoding :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature:ironport-hdrordr:ironport-data:ironport-phdr :ironport-sdr:ironport-phdr:dkim-signature; bh=JK4xGcnayFbI5sxwc/4vs/SiYIfxPr/AFIou6AXHkss=; fh=U9u/esc0XBb8N/pVu7kudxJPwEQ0AyrThcmR2LpYyxQ=; b=Xs4GnWxFs+otajUub23AAToiCYRvVAOzt1xlTpOw0J5ipv/7yaFtz7uOZ5wG1GyTMc Rxqf04Sta0GJZu9CDOSY2QeEjSjFcQRXSB/hX3UAlt2smHUWJHUrUs61Byl5cMgyst2A oXwqe/ofFdw0QiLPPGv8iBXRUOwnLfA5KUQa3xvS/2dj882PMAs6ONGrsWkJ9FVoAxiI eQE0vBTO3dEoo5SbPWB+kx03dr73gUzqwOzgPZ9Ikj/toja5K2PkD9N9spyYcdI04Sxy hnYEhGzaTZfQ5TKN5/5q6BGO7yKJDjrmNFnPvk7ZJbg4q/mfNG22PMJxL+XytpkhlJEg kdjA== ARC-Authentication-Results: i=2; mx.google.com; dkim=fail header.i=@aisec.fraunhofer.de header.s=emailbd1 header.b=c2jzdJXP; dkim=pass header.i=@fraunhofer.onmicrosoft.com header.s=selector2-fraunhofer-onmicrosoft-com header.b=QNBpFHpp; arc=pass (i=1 spf=pass spfdomain=aisec.fraunhofer.de dkim=pass dkdomain=aisec.fraunhofer.de dmarc=pass fromdomain=aisec.fraunhofer.de); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from pete.vger.email (pete.vger.email. [2620:137:e000::3:6]) by mx.google.com with ESMTPS id c7-20020a0dc107000000b005a7c58be512si10005344ywd.522.2023.10.25.02.46.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Oct 2023 02:46:21 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) client-ip=2620:137:e000::3:6; Authentication-Results: mx.google.com; dkim=fail header.i=@aisec.fraunhofer.de header.s=emailbd1 header.b=c2jzdJXP; dkim=pass header.i=@fraunhofer.onmicrosoft.com header.s=selector2-fraunhofer-onmicrosoft-com header.b=QNBpFHpp; arc=pass (i=1 spf=pass spfdomain=aisec.fraunhofer.de dkim=pass dkdomain=aisec.fraunhofer.de dmarc=pass fromdomain=aisec.fraunhofer.de); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by pete.vger.email (Postfix) with ESMTP id C8F6B8089849; Wed, 25 Oct 2023 02:45:48 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at pete.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234088AbjJYJpK (ORCPT + 26 others); Wed, 25 Oct 2023 05:45:10 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37472 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234744AbjJYJoj (ORCPT ); Wed, 25 Oct 2023 05:44:39 -0400 X-Greylist: delayed 64 seconds by postgrey-1.37 at lindbergh.monkeyblade.net; Wed, 25 Oct 2023 02:44:16 PDT Received: from mail-edgeF24.fraunhofer.de (mail-edgef24.fraunhofer.de [IPv6:2a03:db80:3004:d210::25:24]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AB8AF111; Wed, 25 Oct 2023 02:44:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=aisec.fraunhofer.de; i=@aisec.fraunhofer.de; q=dns/txt; s=emailbd1; t=1698227057; x=1729763057; h=from:to:cc:subject:date:message-id:in-reply-to: references:content-transfer-encoding:mime-version; bh=LisGFJtmoMraL3Xn+b4+s7LDuexwXcQjYJczf7X3VJI=; b=c2jzdJXPQt9xZBomLZRtQkd4dnGbz2ksbumvvP7hgvjSiwN6tRDj662k Gdq/8XVeYKFAGnZy4/nF7a0F17Js5dl3XvtRfhoTDx/m2cYk5OesXNTRE NaEBB+FzUgaSJy1BF3LinTbbltCWuuAwz0Zh7UwGCjUGySBI6cChTmLc/ /mKqD79M+Lm7/nrrSof9sLwWGgTuyrRcW88KqV//ewBJf+sfbB9F+r4xM vb3gg2JYIlXUQnDiyG2RCJJ5b4s3Ow51AeIljF4vNcxgqVY8YiXPtf50W yz8zRtygIy2gql6iNQTcc6zgAcXXnd3cd2Ihwp9pIHMnhS/uJUMbjwKsN Q==; X-CSE-ConnectionGUID: yF1TmqScQcizelVPON5AOA== X-CSE-MsgGUID: +3Bc1tHOTpGvzjHknweORg== Authentication-Results: mail-edgeF24.fraunhofer.de; dkim=pass (signature verified) header.i=@fraunhofer.onmicrosoft.com X-IPAS-Result: A2E6AABB4jhl/xwBYJlaHAEBAQEBAQcBARIBAQQEAQFAgTwGAQELAYI4gleEU5FenCoqgSyBJQNWDwEBAQEBAQEBAQcBAUQEAQEDBIR/AocaJzUIDgECAQMBAQEBAwIDAQEBAQEBAQIBAQYBAQEBAQEGBgKBGYUvOQ2EAIEeAQEBAQEBAQEBAQEBHQI1VAIBAyMECwENAQE3AQ8lAiYCAjIlBgENBYJ+gisDMbIYfzOBAYIJAQEGsB8YgSCBHgkJAYEQLgGDW4QuAYQ0gR2ENYJPgUqCRG+BKIMwg0aCaIN1hTwHMoIigy8pi36BAUdaFhsDBwNZKhArBwQtIgYJFi0lBlEEFxYkCRMSPgSBZ4FRCoEDPw8OEYJCIgIHNjYZS4JbCRUMNQRJdhAqBBQXgRFuBRoVHjcREhcNAwh2HQIRIzwDBQMENAoVDQshBVcDRAZKCwMCGgUDAwSBNgUNHgIQLScDAxlNAhAUAzsDAwYDCzEDMFdHDFkDbB8aHAk8CwQMHwIbHg0yAwkDBwUsHUADCxgNSBEsNQYOG0QBcwedTYJNGQcBehMBglcckwmDCQGueQeCMYFeoQkaBC+XK5JPh2yQUCCiPoVKAgQCBAUCDgiBZQGCEzM+gzZSGQ+OIDiDQI97dAI5AgcBCgEBAwmCOYkSAQE IronPort-PHdr: A9a23:hAvQGBfa1JXOlQzY4yEmL8CKlGM+/N/LVj580XJao6wbK/fr9sH4J 0Wa/vVk1gKXDs3QvuhJj+PGvqynQ2EE6IaMvCNnEtRAAhEfgNgQnwsuDdTDDkv+LfXwaDc9E tgEX1hgrDmgZFNYHMv1e1rI+Di89zcPHBX4OwdvY+PzH4/ZlcOs0O6uvpbUZlYt5nK9NJ1oK xDkgQzNu5stnIFgJ60tmD7EuWBBdOkT5E86DlWVgxv6+oKM7YZuoQFxnt9kycNaSqT9efYIC JljSRk2OGA84sLm8CLOSweC/FIweWUbmRkbZmqN5hGvfLStogTxsONs9iO7YNbmUrtzBSq5q JxqeT7mmB8dcBcX0WbK1OVArKFAu0fywn43ydvtRquNGtpmZozXPtwBamdnQepQD3RtM6+YV YQfBvdaObxzgLm6vgoMnUGHLBeNP7zzlBtVgn+x37YRzdouCirr9x4SB/dWu23QndHEGKMIV /+V57jU7W/iYs1qyBz/7rSPbzcY+t+LXZZud+DrmGcISBjdg1iT6qv5DwqfiMkQtHiAxNVGD LuulkwVjzlLpTad99csoLvjm7kJkFDH9B5H2JcuJcCdaXVmQOPxQ9NA8iCAMI1uRdk+Bntlo zs+1ugesIWgL0Diqbwizh/bLvGLfIWmuE6lWvyYPDF4g3xoYvSzikX6/Uuhz7jkX9KvmBZRr yVDm8XRrH1FyRHJ68aGR/c8tkes0DqCzUbSv8lKO0kpk6rcJZM7hLk2k5sYq0PYGSHq3k7xi cer X-Talos-CUID: 9a23:3HlCLG5QqIMbiN8rCtss5WBNJsU8SXbkx3bCLkuGMUFPFZSyYArF X-Talos-MUID: 9a23:CMu/xw7+Su/8hM8eZ3IeIV82xowruI6lUVwttqkelNeWNwxzPSiQqw64F9o= X-IronPort-Anti-Spam-Filtered: true X-IronPort-AV: E=Sophos;i="6.03,250,1694728800"; d="scan'208";a="62757485" Received: from mail-mtaka28.fraunhofer.de ([153.96.1.28]) by mail-edgeF24.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Oct 2023 11:43:09 +0200 IronPort-SDR: 6538e32c_b493myw0R909fuRaR4AsmG+OCYaq6+vLKwYCQSlVYmhkVdu k4dZezblnxLIG8wZcXXyPhh4jz4yZsVOZpB1ayQ== X-IPAS-Result: A0BgAAC94Thl/3+zYZlaHAEBAQEBAQcBARIBAQQEAQFACRyBFwYBAQsBgWZSB4FLgQWEUoNNAQGFLYZBgiE7AZwYgSyBJQNWDwEDAQEBAQEHAQFEBAEBhQYChxcCJzUIDgECAQECAQEBAQMCAwEBAQEBAQMBAQUBAQECAQEGBIEKE4VoDYZNAgEDEhEECwENAQEUIwEPJQImAgIyBx4GAQ0FIoJcgisDMQIBAaUwAYFAAosifzOBAYIJAQEGBASwFxiBIIEeCQkBgRAuAYNbhC4BhDSBHYQ1gk+BSoJEb4EohnaCaIN1hTwHMoIigy8pi36BAUdaFhsDBwNZKhArBwQtIgYJFi0lBlEEFxYkCRMSPgSBZ4FRCoEDPw8OEYJCIgIHNjYZS4JbCRUMNQRJdhAqBBQXgRFuBRoVHjcREhcNAwh2HQIRIzwDBQMENAoVDQshBVcDRAZKCwMCGgUDAwSBNgUNHgIQLScDAxlNAhAUAzsDAwYDCzEDMFdHDFkDbB8WBBwJPAsEDB8CGx4NMgMJAwcFLB1AAwsYDUgRLDUGDhtEAXMHnU2CTRkHAXoTAYJXHJMJgwkBrnkHgjGBXqEJGgQvlyuST4dskFAgoj6FSgIEAgQFAg4BAQaBZQE5gVkzPoM2TwMZD44gOINAj3tBMwI5AgcBCgEBAwmCOYkRAQE IronPort-PHdr: A9a23:yEIcARWLInvLpmtnAO0xufYdv/HV8KyzVDF92vMcY89mbPH6rNzra VbE7LB2jFaTANuIo/kRkefSurDtVSsa7JKIoH0OI/kuHxNQh98fggogB8CIEwv8KvvrZDY9B 8NMSBlu+HToeVMAA8v6albOpWfoqDAIEwj5NQ17K/6wHYjXjs+t0Pu19YGWaAJN11/fKbMnA g+xqFf9v9Ub07B/IKQ8wQebh3ZTYO1ZyCZJCQC4mBDg68GsuaJy6ykCntME2ot+XL/hfqM+H 4wdKQ9jHnA+5MTtuhSGdgaJ6nYGe0k9khdDAFugjlnwXsLTkXfqmeF70Ti0N+yrVqArUnP+8 bwscx7ZqSkXDyR+2U/2jdEupZJ7owm68k8aocbeNbizHuJQXrvFUtlZSnFuU+BOey0ZWq+NQ 681APoIIL1c9aLSlxwX/BmOXzCFGsLUlSMWomLy3eo4yM8/Lw7d9yELDeAWlSzftdHEMJY+V fqz04nj3CnjNdJb5wvsw4rOTlc8hsjXc7VwVdTX43N+OSSalU2dpI+mGC+l7+5TnnWc//FLa sT20m86iTNVmgKoyPUdmonjtKgI8Uye9SZ4+7gtNMa4VWtaWsOFLc4D/zHfNpFxRNslWX0to ish17ka7IayZzNZoHxG7xvWavjCdpSBwTu5BKCfOz5lgnJidr+lwRq/ogCsyez5A9G9y00C7 jFEnd/Fqm0X2lTN59KGRPpw8gbp2TuG2w3JrOARCU4unLfdK5kvz6R2kZwWsE/ZGTTxllmwh 6iTHng= IronPort-Data: A9a23:jXAvXqmYSmgTRfPjQKFO0v/o5gwFIkRdPkR7XQ2eYbSJt1+Wr1Gzt xIXD2iEOveOYzD3eIsnbYTl9BkBsceHnYBqHgRtrHtmEVtH+JHPbTi7wugcHM8ywunrFh8PA xA2M4GYRCwMZiaA4E3raNANlFEkvYmQXL3wFeXYDS54QA5gWU8JhAlq8wIDqtcAbeORXUXV4 rsen+WFYAX+gmYubzpNg06+gEoHUMra6GtwUmMWOKgjUG/2zxE9EJ8ZLKetGHr0KqE88jmSH rurIBmRpws1zj91Yj+Xuu+Tnn4iHtY+CTOzZk9+AMBOtPTiShsaic7XPNJEAateZq7gc9pZk L2hvrToIesl0zGldOk1C3Fl/y9C0aJu2OGXP1uWss2oxA6cLTjz6tBlAREvFNhNkgp3KTkmG f0wMzURdlaOl+m2hryhQ/RqhsMtIdOtMI53VnNIlGyCS6d5B8mcEuOTv4AwMDQY3qiiGd7bZ sEZYDdrKgvNYgZUEl4WE5812umyj2T5czpWpUjTqadfD237lVcsiOeyYYeOEjCMbdRqxl/Ig mnpxWXCGzsbMu240zXf/m3504cjmgu+Aur+DoaQ//pnkFSVymEJIBgXVVK/oPKojAi1XNc3A 0YO8zcooLIa90GxSNT5GRqirxastwUAc9ldCes37EeK0KW8yx6QG2wsVjdcbJkjs8gsSHoh0 Vrht9/gAz1itJWUTn2Q/62eqiP0PyUJRUcLYyMeTAot4NT5pow3yBXVQb5LFaevktzzXzX53 hiOrS4jl/MfgNBj/768+1/vgD+2oJXNCAkv6W3/T2K+xg1zIoWiYuSA61/b67BOJZ2FR1OMu nQslM2X7eRIBpaI/ASOWP4MGr6pz/WIKjvRhRhoBZZJ3y+h9Vaseodf5Dw4L0BsWu4EcDjtf Uj7tgRW65teenCtaMdfYYW1EM0CzqX6E9nhEPfOYbJme4V8chOG+glvfkmO1mTgllRqmqY6U b+FcNyrJWQXD6V5ij63QfoNl7gxyWYjxgv7QJH4yxO8+aGMaWSYRbZDMEbmRuk87bnb+wTR2 9laPsqOjR5YVYXWeSTN/oM7LVkOKWk9Q5vxrqR/fPaNChRpFXtnCPLLx74lPYt/kMx9kubO4 2H4WUJCzlf7rWPIJB/MaX15br7rG5FlohoTOS0qIEbt1WMvbJii6I8BeJYtO7oq7upuybhzV fZtRimbKq0SEXGWpHFEMsi49dY9MgquwwnIMTCsfT4/eJBtXUrF97cIYzfSycXHNQLu3eMWr aepywXbRpQOXUJlCsPXY+io1FS/oT4Wn+caYqcCCoA7lJzEodk2eR/ixOQ6Od8NIhjlzz6Xn VTeSxQBqOWH58d//NDVjOrW582kAslvLHp8RmP71LeRMTWF32yBxYQbbv2EUwqAX0zJ+YKjR 95v8dfCDNM9kmx37rVMS4RQ8fpm5v/EhaNr8QB/LXCaM3WpEuxBJ1eF7+lut4pM5L9QiS2ya 1PS/9JfF+yDPcP7IlsvNS4gVOCi1O4VqBbW//8aMEX33w4p3bulAGF5HQiAtzxZF5RxaLga+ OYGvNUHzTC/hj4BEMe0vgoN+0uidnU/Arga7LcEC4rVuy8X41BlY62ELBTp4ZuKOu5+AmNzL hC63KP91qlhnGzceH8OFF/I7+pXpbIKnDtolFYiBVC4quDpt88N/i960GoIF1xO7xB9zehMF HBhNBR1KYWw7j5YvpV/cF72KT5RJi+y2xLX8EQIpl37XkPzd23qLU8BA8iv0n0d0Vpheml8w OnF5kfjCS3nbePg7BsUAERFkcHuffZ11w/Fmf2kIfi7IokHUWLlr5KqNEU1qErBIMIuhUf4i /Fg08RuZIbaayMBga0JJLOL9LYXSSG7IH5wftR8zqUrHW3jJTa4gwqKIEHsefF2Bufr9HWgA JdEPfN/VBWZ1QePoAsEBKUKHaRGof4x6PcGeZLpPWQjsYbDngF2sZnVyDfytFUrT/pqj8w5D IHbLBCGLUC9mlpWnDXrgPRfG2/lf+QBWhLw7Nq1/MoNCZgHluNmKmM287msukSqIBlVxA2Vs CzDdp3p4bRbk6o0pLTVE4JHGwmQAvHwXr7R8AmM7vJ/XemWOsLK7w4oul3rOjpNBoQoWvN1q K+steDm10aUrZc0VGHkw6O6LZdr3vnrfuRrMZPQFkJ4zA+iQ87n5iUR91+ocaJplMxv3ej5Z g+aRvbpS/srdYZ8/kBFUwlfDBcXNIrvZIjCuy6WjqqBGzod4yP9PfKl8n7iNzgDfQRVP5DRL AjQvsS/1+BmsY1jVRo2N9B7MbBFIXvIe6gvR/vuvxa2U0iqhVKjvOP5tBwCsDvkNFiNIPzY0 7nkGCfsVU2VlvnT7dd7t4dSgEUmPExli7NtQnNHqs9EtT+qKUUnc8IfCMwiIbNJmHXQ0JrYW mn8XFE6A3+gYQUeIATO2/W9bAKxHedUB8zYIAYu9EaqayubIoOMLb9i1yV46UdNZTrR47C7G O4a50HPEEC98rNxScYXw86Ls+Nt6/fZ53APoGTWscj5BTQACrQril1lOidwVhL8LsKcr3WTe FAJRl1FTn/iGAS1WYxldmVOER4UgCL3wn96JW2TydLYoMOAwPcG1PT7PPrp36YeaNgRYoQDX m7zW3DH9lX+Nqb/Ykf1k4lBbXdINM+2 IronPort-HdrOrdr: A9a23:7Q8696rWnhh9g0u9/MmzokcaV5pEeYIsimQD101hICG9E/b0qy nAppQmPHPP4gr5JktApTnoAsDpKk80nqQY3WB+B9iftXHd1leVEA== X-Talos-CUID: 9a23:tMGknWAtKwJK28b6Ewk5pFA3M8MkSXaelimTPGadAms5UZTAHA== X-Talos-MUID: 9a23:/mARSQwgxj+mAjSklcmDZ6dpbayaqLWRUFldtZ4pgci/LAZxPQa6ljvtTpByfw== X-IronPort-Anti-Spam-Filtered: true X-IronPort-AV: E=Sophos;i="6.03,250,1694728800"; d="scan'208";a="135077953" Received: from 153-97-179-127.vm.c.fraunhofer.de (HELO smtp.exch.fraunhofer.de) ([153.97.179.127]) by mail-mtaKA28.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Oct 2023 11:43:07 +0200 Received: from XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) by XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.27; Wed, 25 Oct 2023 11:43:07 +0200 Received: from DEU01-FR2-obe.outbound.protection.outlook.com (104.47.11.169) by XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.27 via Frontend Transport; Wed, 25 Oct 2023 11:43:07 +0200 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Bs+S8UwYlKnYI4ov1SzOpkRhIyplMOn9bOSMFpllLLYIAfBC0smn5YygVHsYznPyM7Fg/bjloEW6r1u4fujfb1GiCsTcgoNX1hkUUp4i2UuxHuGmxVXCOd5hJFxS3MKVVdz8pr1LGvUh7YZqE1ISxIGGFsdYqHT3A2stytbZPqqb4NbwFGMaVMhP+qc5CEHjhN6rmvILSQ0f/gGOloMZKeMBzJYGraCTnNWA0z2U6jU7imkYCPqfl14I8vGEwN9OUTYSIHS1oVA/0kRFZfzIcSqKJuPl4i5imV9BypstXuVJOOXpfosWuyI+LDxBQq6Dlrax0ztR+9GLE6oqSgb10w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=JK4xGcnayFbI5sxwc/4vs/SiYIfxPr/AFIou6AXHkss=; b=VWYYX3qaoZPFMBZbofGfZsjFBwBGjHt6NEBlZWRTIZpb4g5z1NuFojsHcQA3M4OFharEugZH4pl1i4b/Amo0zmD+ShbCm+w3BxMSincvLyGVfj2flDl8LaeZttOSMg3TFEPzeyEsObdx3iRiwQnrpkrXUHVcP4sE6SrOsjA1WWzg8oefSVqHdLFXt816ZdUwZNFRyXYGAWERBZ6CwXecvK7MEeOjcpbjIXw8K2FhbnDDw4j+gE/3G4DibpdviwhZhCAvVeIMpRteSa5+ayvQcZiIMudrwlvdG+aOjmCQ4qqOFIqlMFZ2qFXPetIdpoWtiRK/u6wKlGogUQWvb7FQ0g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=aisec.fraunhofer.de; dmarc=pass action=none header.from=aisec.fraunhofer.de; dkim=pass header.d=aisec.fraunhofer.de; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fraunhofer.onmicrosoft.com; s=selector2-fraunhofer-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JK4xGcnayFbI5sxwc/4vs/SiYIfxPr/AFIou6AXHkss=; b=QNBpFHppGb+gsGeNwDi00DYDLRgxau3l2CGX/q9jX2QAvIS7t6Lulh/jsCvVgsCECzZpM0cqlYlYDlrnwHCytH2IeVTyCjnT/uOQ3FohLvnBR9FO7speek+OtXQb6EuoxsCWN11iuJZLPRofZYxhBZBuSt2hkiSVpyshuMISuIU= Received: from BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:50::14) by BE0P281MB0116.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:f::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6933.19; Wed, 25 Oct 2023 09:43:04 +0000 Received: from BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM ([fe80::7330:78f8:1bf2:2f4d]) by BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM ([fe80::7330:78f8:1bf2:2f4d%5]) with mapi id 15.20.6933.019; Wed, 25 Oct 2023 09:43:04 +0000 From: =?utf-8?q?Michael_Wei=C3=9F?= To: Alexander Mikhalitsyn , Christian Brauner , Alexei Starovoitov , Paul Moore CC: Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Quentin Monnet , Alexander Viro , Miklos Szeredi , Amir Goldstein , "Serge E. Hallyn" , , , , , =?utf-8?q?Michael_Wei=C3=9F?= Subject: [RESEND RFC PATCH v2 11/14] vfs: Wire up security hooks for lsm-based device guard in userns Date: Wed, 25 Oct 2023 11:42:21 +0200 Message-Id: <20231025094224.72858-12-michael.weiss@aisec.fraunhofer.de> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20231025094224.72858-1-michael.weiss@aisec.fraunhofer.de> References: <20231025094224.72858-1-michael.weiss@aisec.fraunhofer.de> X-ClientProxiedBy: FR4P281CA0420.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:d0::17) To BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:50::14) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BEZP281MB2791:EE_|BE0P281MB0116:EE_ X-MS-Office365-Filtering-Correlation-Id: b9833b15-f62b-4867-3cac-08dbd53ec95f X-LD-Processed: f930300c-c97d-4019-be03-add650a171c4,ExtAddr X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: aEYq8zw0nbTULRmdCjI1RSphFKaK/BSHK43AtyWLZqjhqvHMnNsZmnIeYR5HI3jTgiAs9KnOUnozWHeWJOLOi/iAEzJaPjn9qNaRMro81EwsIpfSTsvZBdzZhal/kiE7ppMcVt2wToCg3M2R/KLgcagcA0BdyN8XzkwafTGJhZfBpQh47K5UDaojGB7rb5vdM4A9nwBiDaUNYSsX9WDzELopziMJKAzK9Vij3Uz99G6sWdBTPWepTNBfZEeeRxuJOCG5rgdVTI8loSW/6QBSY1BBkktksmj1v+OoZYy6SIXrQa/l60h4jsCQxqCMzqGFSUW9O11WR++bwgwJMihsemmKoNyaQUD2CjRSNBA5orPN12SMFUQP7sVsSc1/tReLteavk0BhdGXVb6CnrlUIqnxJ0vWprqWnJaJOpaXEuTg3Yiq77zUH75XhNgh+kNnKot9JCwRgyoPAw3xd1JFkqEPivXJ1ErIYwQfu3kVa4PnGc0SC7My+jSTzfbQE/Xp9LwZx/LZZVCKL3jfmhATOJbdFx9lQicYpeCW5L3lb9u+JRd/HViOsl8zTqv2Qy/fHeLT5fRGae0V4CYXisaBT10tHizUxYUtAjYKbi0jPS3g= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230031)(366004)(346002)(136003)(396003)(376002)(39860400002)(230922051799003)(1800799009)(186009)(64100799003)(451199024)(66946007)(83380400001)(316002)(38100700002)(6486002)(478600001)(6666004)(54906003)(110136005)(66556008)(66476007)(1076003)(107886003)(52116002)(6506007)(2616005)(6512007)(15650500001)(7416002)(2906002)(86362001)(4326008)(8936002)(82960400001)(8676002)(41300700001)(5660300002);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?gfiOKf4GJ5Fnli2RkM8st1i1YENA?= =?utf-8?q?JFz1qOtoyvwsw0gxH58HWqyIGqrmgMKXFUqM7bXPCYFWBvqzrFLViLpIanrjbMc2G?= =?utf-8?q?nv5rRt+6W4QajJr7ej9mp2YVQ79FJpadNTh3N+s/yrKgAQfDmnkAzJt8zZB9CJdfZ?= =?utf-8?q?GOyLagPhKYRut74Q27gHiXAbL8C1GbkdwCDFqwSMaKbc1kHYKfFTL2pRF+NXaqe9c?= =?utf-8?q?fr63sVdeDfPcgpndd1KgnXAtLgy/GzRTvBUjkKJtKWA0lYej7U7P8LZ4hH8pFF1hb?= =?utf-8?q?IjOjO0qCigQQM7Sp9dJb7C2P1Ys1xBBAEQWuWHu4r4/K7SJsJKbCB3EnN1ixsLDLT?= =?utf-8?q?DM8HcFHq3gKLgJ1bfC1mzTMPM/3el6X9PLh4SdzXLqOI3ltZlcSV4eIakKU9zKdyh?= =?utf-8?q?SUG2Scoc2pSrqoc/5x0Vh60u4fGDRrJEyF5caqgtq+NtHWFJ3asSo2l+0h/Nz+Yoi?= =?utf-8?q?h713DM5E4HJP7kD+9gIaDorIZnrd3BLt3g8H1ozsb4zvVbMgk6i8dbKNQbFeiMSo6?= =?utf-8?q?Qbgb2wivktSv8bOv9tn4HjN2ho8KTR3eRKFuVY7sjs8RIZFs1bUdvco7jC0y8aKQ6?= =?utf-8?q?bsQ3FTfgAa3f2VeZxhbKIHSqANiClL9nuE1vgKOutQHcG09R6PPEKisHFu+zKgSvs?= =?utf-8?q?bB6olI+soBHa0Ht9HwK9eDNDAE+6INJKHNwFxdXs3pp28bI56VoWhERejXuSAlQ5t?= =?utf-8?q?dkiB7nOPGyh7UtHNkCY8l4alQS8dIzgxxBbYb9k607EML77vin3UThJQm7fIghwhX?= =?utf-8?q?QmrV7lYP3pfD6yfj5nhXW7bL8tWV6V78yPM1uBLbDefSe9/MMkhFq5TV5wfDwRQ/k?= =?utf-8?q?cUQARVKqxMHeN1yxZwB37jeTcQfmPldro/Mx9H1rXG9mrkQf+aNSl0DDuOhgS1Bx8?= =?utf-8?q?RhgRztW1M8XwHeyDPJV1cH/Xkg9SVnRzml468yMFREupHZ7uWxB2SD071vDH+MNMr?= =?utf-8?q?1VeTK865tbKwL0ChdtgThuZwAj8Qztas8xpDA/7Nn8o6DJdIzkPabdevJTcdrh+fi?= =?utf-8?q?CyIoBaJyFC4jts1d1j6UhYmPJXGNIqCq2+kpHppuRYFjdCllsuO59YwfQGr4Dygp1?= =?utf-8?q?RyF8TmLkhSXD3etsS1AizfJEGko1ArQnzTkbMdwwt4Gwf2sZ4NJj5UjAKW0IJeKfE?= =?utf-8?q?lSIBKKn3duuIuDMvwkQMPaQGF15JbKTo2p0aztoJo0n9+sUPWSwuSwjLuf4GjUyMv?= =?utf-8?q?rbrmv4QbkdQYE+uGQc7uRnDYQYntI7ELzrHOEWIVTCRZxIieiTQiusi3SkZeWzpmh?= =?utf-8?q?2HAU05CVQoA6sriZzVXcI/8JftAvBflqXGbWl47GHsot4n7iLptlrv+3InW5b4ky+?= =?utf-8?q?BeitNWLZV9sGxtIIQrx54Zk1zzuX5Ozrq979ymWwfbUyNVdZjAkVTzpY0vt79r3eP?= =?utf-8?q?mNsysEdbugE8LqKfkEt005FfxnTBAjWEaQRdoHYESg8S6nDg6zb0aWB/GeMoKShIm?= =?utf-8?q?C2j6WqLPl1rwge+6zLaNvdM4w7fosVvTk9mHx93BLSgpT7ZMVSh2v0nnRtHE1gQAA?= =?utf-8?q?TWK/0ynQHRrqDMCKYfuU28IdwzEcIYyiMrwLrgZlcY+xoBbkJ+0KVq+9MCfXrVPE6?= =?utf-8?q?rBpaZLF08VNqGgZ8rFEDfdjGv1lBLfIFTNpvhldyj5i0VhvqLqobgw=3D?= X-MS-Exchange-CrossTenant-Network-Message-Id: b9833b15-f62b-4867-3cac-08dbd53ec95f X-MS-Exchange-CrossTenant-AuthSource: BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Oct 2023 09:43:04.7497 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f930300c-c97d-4019-be03-add650a171c4 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: z+ZRML4Ps91BZxiS4XCWPJgpEwPkJspdC0VNOCc56xKMj4oHJ2gUuFBSHO9WHrY/awuAyLgQqrWpBcRMBepHFJTqwU3QmkYh58/wL9QCbJ+Y99h9r6BBC6lIbRKdjSiU X-MS-Exchange-Transport-CrossTenantHeadersStamped: BE0P281MB0116 X-OriginatorOrg: aisec.fraunhofer.de X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on pete.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (pete.vger.email [0.0.0.0]); Wed, 25 Oct 2023 02:45:49 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1780720265232037798 X-GMAIL-MSGID: 1780720265232037798 Wire up security_inode_mknod_capns() in fs/namei.c. If implemented and access is granted by an lsm, check ns_capable() instead of the global CAP_MKNOD. Wire up security_sb_alloc_userns() in fs/super.c. If implemented and access is granted by an lsm, the created super block will allow access to device nodes also if it was created in a non-inital userns. Signed-off-by: Michael Weiß --- fs/namei.c | 16 +++++++++++++++- fs/super.c | 6 +++++- 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/fs/namei.c b/fs/namei.c index f601fcbdc4d2..1f68d160e2c0 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -3949,6 +3949,20 @@ inline struct dentry *user_path_create(int dfd, const char __user *pathname, } EXPORT_SYMBOL(user_path_create); +static bool mknod_capable(struct inode *dir, struct dentry *dentry, + umode_t mode, dev_t dev) +{ + /* + * In case of a security hook implementation check mknod in user + * namespace. Otherwise just check global capability. + */ + int error = security_inode_mknod_nscap(dir, dentry, mode, dev); + if (!error) + return ns_capable(current_user_ns(), CAP_MKNOD); + else + return capable(CAP_MKNOD); +} + /** * vfs_mknod - create device node or file * @idmap: idmap of the mount the inode was found from @@ -3975,7 +3989,7 @@ int vfs_mknod(struct mnt_idmap *idmap, struct inode *dir, return error; if ((S_ISCHR(mode) || S_ISBLK(mode)) && !is_whiteout && - !capable(CAP_MKNOD)) + !mknod_capable(dir, dentry, mode, dev)) return -EPERM; if (!dir->i_op->mknod) diff --git a/fs/super.c b/fs/super.c index 2d762ce67f6e..bb01db6d9986 100644 --- a/fs/super.c +++ b/fs/super.c @@ -362,7 +362,11 @@ static struct super_block *alloc_super(struct file_system_type *type, int flags, } s->s_bdi = &noop_backing_dev_info; s->s_flags = flags; - if (s->s_user_ns != &init_user_ns) + /* + * We still have to think about this here. Several concerns exist + * about the security model, especially about malicious fuse. + */ + if (s->s_user_ns != &init_user_ns && security_sb_alloc_userns(s)) s->s_iflags |= SB_I_NODEV; INIT_HLIST_NODE(&s->s_instances); INIT_HLIST_BL_HEAD(&s->s_roots); From patchwork Wed Oct 25 09:42:22 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Michael_Wei=C3=9F?= X-Patchwork-Id: 157982 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce89:0:b0:403:3b70:6f57 with SMTP id p9csp2479900vqx; Wed, 25 Oct 2023 02:46:24 -0700 (PDT) X-Google-Smtp-Source: AGHT+IH7RVbIRUBjBTP94y2JwsubO9zvDG3e63uUHpp5ZtgsW39eqCenJpiFRN43b3SWjh9HZ5CQ X-Received: by 2002:a81:a115:0:b0:5a7:a817:be43 with SMTP id y21-20020a81a115000000b005a7a817be43mr16555611ywg.6.1698227184142; Wed, 25 Oct 2023 02:46:24 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1698227184; cv=pass; d=google.com; s=arc-20160816; b=0mfWQi/Tbqq003ZHCZbH3DNEt0IlKAtF0O0jD1PaCLB+fRdVW8xiSJGMpT17YCaKOc DUSWzoHHAvvY/abxGwSBZFRVvT2wEM1Yu6bQi0rmTaFeYcWTMBGeENviJgHv08zJP3bf ut8Qu/ceCAVmXUE+FilisEflQtkIXVuxgTJi7drlmMCqoavSgV7M0o9UTK6bj0MuymeP DsXKIgBqbLxXnC5wHiLyivA+dtLHhLH74B/j0JW+bHarbcQPbwPzly01fH+zLExHwMa4 R2S1XF69w0g/MT3s480pxf4IjJZrZMaj0neXnSGw9+94eUliNYtCuXiff62alaDfeX4x 7Qww== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:content-transfer-encoding :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature:ironport-hdrordr:ironport-data:ironport-phdr :ironport-sdr:ironport-phdr:dkim-signature; bh=HdAPg1z7sS0AGvd4vqaFHr3rIQ9eRjIceGAqFce53I8=; fh=U9u/esc0XBb8N/pVu7kudxJPwEQ0AyrThcmR2LpYyxQ=; b=ttOxS6FqmlrW6CZvT1Qoh21SQWK0a+NCZqms4faS+r5KNEOgUxQMJCCbIf2AoLFP8V HD/uiEBNmOqeoGn2DkYswKaSJ6SzfkVLc7wBIdKyic01uOuEswWbun87cdG8hXNJyU4x nXZQBKrc6H13Kf71D3fFNGtI84JKsXzY533g6pSuDReLsfr/ul2B/Tp3GmZAcl86vOSd vHQzZCVA3//uuuBHSGJ3L2zVv/3CnyQQvQpIcvSPbo1jc5Ze3+lbHvB1NxIOL8ewAfjn MEKqY6dkGd/aEwXrQbbHiDLaCFL/vyX4yeAdoVcFDfz2Am7ihLa4j4It5zdk+wfghSDQ GKMA== ARC-Authentication-Results: i=2; mx.google.com; dkim=fail header.i=@aisec.fraunhofer.de header.s=emailbd1 header.b=3THhlKvI; dkim=pass header.i=@fraunhofer.onmicrosoft.com header.s=selector2-fraunhofer-onmicrosoft-com header.b=DeY+m+M8; arc=pass (i=1 spf=pass spfdomain=aisec.fraunhofer.de dkim=pass dkdomain=aisec.fraunhofer.de dmarc=pass fromdomain=aisec.fraunhofer.de); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from groat.vger.email (groat.vger.email. [2620:137:e000::3:5]) by mx.google.com with ESMTPS id y65-20020a0dd644000000b00585e261fcc9si9641839ywd.2.2023.10.25.02.46.23 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Oct 2023 02:46:24 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) client-ip=2620:137:e000::3:5; Authentication-Results: mx.google.com; dkim=fail header.i=@aisec.fraunhofer.de header.s=emailbd1 header.b=3THhlKvI; dkim=pass header.i=@fraunhofer.onmicrosoft.com header.s=selector2-fraunhofer-onmicrosoft-com header.b=DeY+m+M8; arc=pass (i=1 spf=pass spfdomain=aisec.fraunhofer.de dkim=pass dkdomain=aisec.fraunhofer.de dmarc=pass fromdomain=aisec.fraunhofer.de); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id A0EB7807830A; Wed, 25 Oct 2023 02:45:21 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234772AbjJYJpF (ORCPT + 26 others); Wed, 25 Oct 2023 05:45:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37504 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234748AbjJYJoj (ORCPT ); Wed, 25 Oct 2023 05:44:39 -0400 Received: from mail-edgeka24.fraunhofer.de (mail-edgeka24.fraunhofer.de [IPv6:2a03:db80:4420:b000::25:24]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D76B3128; Wed, 25 Oct 2023 02:44:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=aisec.fraunhofer.de; i=@aisec.fraunhofer.de; q=dns/txt; s=emailbd1; t=1698227057; x=1729763057; h=from:to:cc:subject:date:message-id:in-reply-to: references:content-transfer-encoding:mime-version; bh=tlRlv8SptwBYts2cjF86uNCt02+ed/rSd9mi5MNlHwE=; b=3THhlKvIRhGFtQFVbZHQIrRX/zD8FbYSKqkenNe06Efyh2eg6FqGWBcc fdy6JKNeQEQxCT9FLee7csTIjRdh/mJ1SXQpNQaY0a3/8sHyhE3Dfh4xh /6Fz+yV3Hy/0V0PbK0q5xq7SF0ZLQJ9QKZ3Zl42wD56X7AMGw0pwdzo2z FgNcRmXT7VSaLpHHqEVy+o8rx6emQwInntTXTsztmY8JyPVv/stP6mdmW V793lqFKBxZYyCcmJwkXePUA5DUOW8MkDo52tPMRxk1bhYqIPG+VvSSMW YBU9f8vda7vN64X/eLbVPUhq1c+5FNOqGmsjN2DuO0WoCaCCsAxbsUUkL Q==; X-CSE-ConnectionGUID: X5z6DShRSF6mhsKDMkc/bw== X-CSE-MsgGUID: us5IRIdjTkKClrNB+xe6RA== Authentication-Results: mail-edgeka24.fraunhofer.de; dkim=pass (signature verified) header.i=@fraunhofer.onmicrosoft.com X-IPAS-Result: A2H8AABB4jhl/xmnZsBaHQEBAQEJARIBBQUBQIE+BQELAYI4gleEU6oEhAQqglEDVg8BAQEBAQEBAQEHAQFEBAEBAwSEfwKHGic3Bg4BAgEDAQEBAQMCAwEBAQEBAQECAQEGAQEBAQEBBgYCgRmFLzkNhACBHgEBAQEBAQEBAQEBAR0CNVQCAQMjDwENAQE3AQ8lAiYCAjIlBgENBYJ+gisDMbIYgTKBAYIJAQEGsB8YgSCBHgkJAYEQLgGDW4QuAYQ0gR2ENYJPgUqDM4RYg0aCaIN1hTwHglSDLymLfoEBR1oWGwMHA1kqECsHBC0iBgkWLSUGUQQXFiQJExI+BIFngVEKgQM/Dw4RgkIiAgc2NhlLglsJFQw1BEl2ECoEFBeBEW4FGhUeNxESFw0DCHYdAhEjPAMFAwQ0ChUNCyEFVwNEBkoLAwIaBQMDBIE2BQ0eAhAtJwMDGU0CEBQDOwMDBgMLMQMwV0cMWQNsHxocCTwLBAwfAhseDTIDCQMHBSwdQAMLGA1IESw1Bg4bRAFzB51Ngm2BDoJ0lhIBrnkHgjGBXqEJGgQvlyuSTy6HPgiQSCCiPoVKAgQCBAUCDgiBeYIAMz6DNlIZD44gOINAj3t0AjkCBwEKAQEDCYI5iRIBAQ IronPort-PHdr: A9a23:cSN9DxzDyXu5w63XCzKPy1BlVkEcU8jcIFtMudIu3qhVe+G4/524Y RKMrf44llLNVJXW57Vehu7fo63sCgliqZrUvmoLbZpMUBEIk4MRmQkhC9SCEkr1MLjhaClpV N8XT1Jh8nqnNlIPXcjkbkDUonq84CRXHRP6NAFvIf/yFJKXhMOyhIXQs52GTR9PgWiRaK9/f i6rpwfcvdVEpIZ5Ma8+x17ojiljfOJKyGV0YG6Chxuuw+aV0dtd/j5LuvUnpf4FdJ6/UrQzT bVeAzljCG0z6MDxnDXoTQaE5Sh5MC0ckk9oDyH940joAYzK6gLVqOYhxjCTE+3sFqoVYGWv1 aVKQxLHoT4pPDNkq0CH358V7upR9T6sll96gKuEPtilbdBBc4XMV9QcflgeUetheSJCHsClT 6kMBfINFP1cn6/Nn1Uls0uCLAO0Ce7lz29UxVHUgYR936MnGwzlhwUKNNwAuliEkOfkNuQMA cun4ZfS1G+cQdIN/Re+uYr4fDlx+a2RZrdtaPvI5G0ITRneq0S+qIDmBGLW+98DtUmrrNdbT fz310NglS1VhiadxecF2qn21qAswWyc9z1YwdcrKojrAF4+YMSjFoNXrT3fLYZtX8c+Fnlho z1polVnkZuyfSxPxZgoyh3WMaDBfZKB/xTjU+icO3F0iSEtdLG+gkOq+FO7gq3nV8ay2UpXt CcNjNTWt34M2hCSosiKQ/dw5AGgjB6BzQnO7OFDL00u063dLp8q2LkrkZQP90/EG0fL X-Talos-CUID: 9a23:LBsvp2F37yfBPum+qmJXqVxKNvslSEbzknLQOGyULGViD7eKHAo= X-Talos-MUID: 9a23:bTtK3w726eq4v83gjNEzWCMTxox1+PmPMmEBk6kFmOKALwpaeCeQ0g6eF9o= X-IronPort-Anti-Spam-Filtered: true X-IronPort-AV: E=Sophos;i="6.03,250,1694728800"; d="scan'208";a="1802524" Received: from mail-mtadd25.fraunhofer.de ([192.102.167.25]) by mail-edgeka24.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Oct 2023 11:43:09 +0200 IronPort-SDR: 6538e32d_b/52dP1ggGLqKsCp8ZDpm+8+pOPPzqR6dSt1kc8MYf50BLo 6kwysTKcVMWjf+Fs5yWMeUS4TeWBhcy51vcERfw== X-IPAS-Result: A0AbAQC94Thl/3+zYZlaHAEBAQEBAQcBARIBAQQEAQFACRyBGQQBAQsBgWZSB4FLgQWEUoNNAQGFLYZBglwBl2qELoJRA1YPAQMBAQEBAQcBAUQEAQGFBgKHFwInNwYOAQIBAQIBAQEBAwIDAQEBAQEBAwEBBQEBAQIBAQYEgQoThWgNhk0CAQMSEQ8BDQEBFCMBDyUCJgICMgceBgENBSKCXIIrAzECAQGlMAGBQAKLIoEygQGCCQEBBgQEsBcYgSCBHgkJAYEQLgGDW4QuAYQ0gR2ENYJPgUqDM4gegmiDdYU8B4JUgy8pi36BAUdaFhsDBwNZKhArBwQtIgYJFi0lBlEEFxYkCRMSPgSBZ4FRCoEDPw8OEYJCIgIHNjYZS4JbCRUMNQRJdhAqBBQXgRFuBRoVHjcREhcNAwh2HQIRIzwDBQMENAoVDQshBVcDRAZKCwMCGgUDAwSBNgUNHgIQLScDAxlNAhAUAzsDAwYDCzEDMFdHDFkDbB8WBBwJPAsEDB8CGx4NMgMJAwcFLB1AAwsYDUgRLDUGDhtEAXMHnU2CbYEOgnSWEgGueQeCMYFeoQkaBC+XK5JPLoc+CJBIIKI+hUoCBAIEBQIOAQEGgXkmgVkzPoM2TwMZD44gOINAj3tBMwI5AgcBCgEBAwmCOYkRAQE IronPort-PHdr: A9a23:yLG4uBSo74peuRLfCfJvHvuoLtpsovKeAWYlg6HP9ppQJ/3wt523J lfWoO5thQWUA9aT4Kdehu7fo63sHnYN5Z+RvXxRFf4EW0oLk8wLmQwnDsOfT0r9Kf/hdSshG 8peElRi+iLzKh1OFcLzbEHVuCf34yQbBxP/MgR4PKHyHIvThN6wzOe859jYZAAb4Vj1YeZcN hKz/ynYqsREupZoKKs61knsr2BTcutbgEJEd3mUmQrx4Nv1wI97/nZ1mtcMsvBNS777eKJqf fl9N3ELI2s17cvkuFz4QA2D62E1fk4WnxFLUG2npBv6C7f9mxP17/giwxLCFOLoQewqQD2Mz 70wUj7R2So9NR8y/U7+k+J7gf8AgUL09Hkdi4SBTIykd/89W/ODJONDb1VMeNd7UCp6MNyzQ rshAekdfv94jYr3v1cnth+OIzmUCsjxmgNhjGf70Kc/g/hiPyOa9UssWNQEvVePpf/eOqkYf bCJ/rjKjiuTROF75y3kstfmU0sFgbLdX4J+WJqJlVQUEh7cv0y9jau/JSiwx8oMv2ugvqlNb uypql5kljppvGDz64ASpq3tmLAW6nmU1Rop4r8+GYW6UG96MMCrRcgYp2SbLYxwWsQ4XyRyt T0nzqFToZegZ3tiIPUPwhfeb7mCb4Gkzki+EuiLKCp+hHVrdaj5ixvhuUSjy+ipTsCvyx4Kt StKlNDQq2oAnwLe8MmJS/Zxvw+h1D+D2hqV67RsL1o9iKzbLJAs2Pg3kJ8Sul7EBSj4hAP9i 6r+Sw== IronPort-Data: A9a23:NtqDva8/6YGJlFV24uwnDrUDBHqTJUtcMsCJ2f8bNWPcYEJGY0x3n 2NLUGGPbvuLZWD8eIogYIWzoEhS65SGnNJqQQNlritEQiMRo6IpJzg2wmQcn8+2BpeeJK6yx 5xGMrEsFOhtEjmG4E3F3oHJ9RFUzbuPSqf3FNnKMyVwQR4MYCo6gHqPocZg6mJTqYb/W1jlV e/a+ZWFYwb9gWMsawr41orawP9RlKSq0N8nlgFmDRx7lAe2v2UYCpsZOZawIxPQKmWDNrfnL wpr5OjRElLxp3/BOPv8+lrIWhFirorpAOS7oiE+t55OIvR1jndaPq4TbJLwYKrM4tmDt4gZJ N5l7fRcReq1V0HBsLx1bvVWL81xFaps5q//EUWNi5TN8nfNc3ixx8t8M2hjaOX0+s4vaY1P3 ecdNChLYwCIh6S42rumTOlriMk5asXmVG8dkig9lneIUrB/HsGFGv+VjTNb9G9YasRmGPfVZ 8MUbXxwYRXbeDVGO0waA9Qwhu61gHn4fTBC7l6YzUYyyzGDnFAgiea0bbI5fPSBGPVP3We7p lnM/nu+A0oeN+WQ7GG8pyfEaujn2HmTtJgpPLS8++5jhlGe3EQWCR0fUVqwsP//gUm7M/pVM UUJ/Cc0has/7kqmSp/6RRLQiHefojYfVsBWHul87xuCooLM6hudLnANUzoEbdshrsJwTjsvv neFltXoCDhHsbqaRHuH/LCE6zW/JUA9JGkOfy4FZQgI+d/upMc0lB2nZtNqCrK0iJvxECzYx zGMsTh4i7gN5eYQ0KO01VPKmTShot7OVAFdzhTXRUqr5EVyY4vNT46v6V6d4/9bMI+TQ1+Nl HcBksmaqusJCPmllzSWQeMCHJmq6uyDPTmahkRgd7E6+zqF9HmkcoRdpjp5IS9BMs8DfSLuS EDUvgxV6dlYO37CRa1wZ5m4I8cn167tEZLiTP+8RsNTb55tdQmv/Tppe0eU0mbx1kMrlMkXJ 5aBdu6+AHAbF+JjzTyrV6Eay7Bt2yNW7WbSRpT81Dy8w7eEaXKUD7cYWHOHa+Ejs/iFpC3a9 t9eM42BzBA3ePbzeCba2Y4aKVQbKz4wApWeg8ZPeMadLQd8XmIsEfncxfUmYYMNt6BUkPrYu 3KwQElVzHLhinDdbwaHcHZubPXoR5kXhXY6OzE8eFiz13U9bIKH8qgSbd00cKMh+eglyuR7J 8TpYO3ZX68KG2uComtMKMCn88p8cVKgwwyUNjejYD8xcoQmSwGhFsLYQzYDPRImV0KfncUkq qCm1gTVTIBFQAJnDc3Mb+mowU/3tn8Y8N+elWOUSjWKUBS9rNpZOGbqg+UpIsoBDxzGy3HIn 0yVGBoU762F6YM87NCD1+jOopaLAtlOOBNQP1DayrKqagjc3G6omrFbXMiyIDvyaWLT+YeZX 9tz8c3SCvM8sWxxg9JOKIozlaMazPnzloBe1TVhTSnqbUz0K7ZOIUum/Mhot49Nz49/vTqnB 0eE//cDM7CJJvHgLk81ITAhT+Wc1MM7nivZwuQ1LX7bug523uujemdDMyacjBdyKONOD7ok5 uM6qegq6wCboTg7AOas1yx72TyFES0dbv8BqJofPr7OtiMq7VNzObrnFS785cC0WeVma0UFD Gedu/vfuu562EHHTnsUEErN18p7gbAlmkhD7H0GFmSztuv1vN0F9zwPzm1vVSVQ9AtN7MxrM GsyN0FVG7SHzw01uOd9BVKTCyNzLzzH3Hfuymk5tnzTFGipcW3vEFcTG8iw+GIhzmYNWQQDo Z+5zj7+XCfIbfPB+HI4eXRYpszJSf1z8Qz/m/6bIfmVIqliYRTZr/+vQUEqtyrYBdgAgRybh Otyo8d1R67JFQ8RhKwZGYOq76s0TS7YFTZNXMNn3qMFIjzbcmuA3TOPdkODQeJWBvnw6UTjI ddfFsFOcBWf1Si1sTEQA5AXEYJ0hPIE4NkjeKvhAGw774uksTtitazP+hjEhGMER8tkleA/I Njzcw2uP3Oxh3wOvUPwt+hBZ3SFZOcbaD3G3Oya9PsDE7QBurpOdWAwyr6FgGWHAjB4/h67v BLxWIGO9rZMkb9TporLFrlPIy6WKtmpDeSBz12VguR0NNjKNZ/DihMRplzZJD9pBLo2Welst LGzodXyjVLkvrE3bjjjoKO/NZJ1vOe8YOkGFfjMDih+vTCDU8rS8Rc86ziGCZhWouh8uOijZ SWFMfWVS/BEdetZ9nNvbwpmLy08EIXyN6fpmjO8pa+DCz8byg32E+mk/n7IM0BeWDcDYaP8L grGqsee2M1Rg9VJNi8lGsNJPp5cC33gUJsAaNfem2S5DG6po1XaoZrkt0Mqxg/qA0m+MvTRw Mz6VDmnUzrqo4DO7tVSk7Iqjy0tFHwn3NUBJBMMyeB5mxWRLTAgL91EFb4kF5sNsCj59K+gV QH3dGF4VBnMB2VVQy7dvubmcByUXNEVG9HDITcswUOYRgG2CK6EA5pj7i1Q2Gh3SBSy0NCYL cwixVOoMiiT2p1JQcMh1s6/i8pjxdLYwSss0mL5mMrQHR0fIOsr0FpMIQlzbhHEQvr9zBjzG WsIRG56GRDxDQa7FMt7YHdaFS0IpD6lnX1icS6Lx82ZoImBivFJzPrkIezoz7kfd4IwKaUTQ W/sDX64i4xMNqf/ZYNy0z7xvZJJNA== IronPort-HdrOrdr: A9a23:V2UiFqBJ1v8dKhblHehOsceALOsnbusQ8zAXPh9KJiC9I/b1qy nxppkmPH/P6Qr4WBkb6LS90c67MA/hHP9OkPQs1NKZMjUO11HYSr2KgbGSoQEIXheOjdK1tp 0QApSWdueAdGSS5PySiGLTc6dC/DDEytHTuQ639QYScegAUdAG0+4WMHf/LqUgLzM2eqbRWa Dsrvau4FGbCAEqR/X+IkNAc/nIptXNmp6jSRkaByQ/4A3LqT+z8rb1HzWRwx9bClp0sP0f2F mAtza8yrSosvm9xBOZ/2jP765OkN+k7tdYHsSDhuUcNz2poAe1Y4ZKXaGEoVkO0aqSwWdvtO OJjwYrPsx15X+UVmapoSH10w2l6zoq42+K8y7uvVLT5ejCAB4qActIgoxUNjHD7VA7gd162K VXm0qEqpt+F3r77WvAzumNcysvulu/oHIkn+JWpWdYS5EiZLhYqpFa1F9JEa0HADnx5OkcYa VT5fnnlbdrmG6hHjDkVjEF+q3uYp1zJGbKfqE6gL3a79AM90oJjXfxx6Qk7wM9HdwGOtx5Dt //Q9ZVfYF1P78rhJ1GdZQ8qLOMexTwqDL3QRSvyAfcZeg60jT22trK3Ik= X-Talos-CUID: 9a23:AOnfv2Bu+Hkqj5/6Ey5N6l4sKv0XSCWD8U3bI0zlDVh7d5TAHA== X-Talos-MUID: 9a23:ngP/Rw6xooopnBfYduwjm8PMxoxjvpS0S2Euka4MutbDNHd0OA6SqW+OF9o= X-IronPort-Anti-Spam-Filtered: true X-IronPort-AV: E=Sophos;i="6.03,250,1694728800"; d="scan'208";a="188491615" Received: from 153-97-179-127.vm.c.fraunhofer.de (HELO smtp.exch.fraunhofer.de) ([153.97.179.127]) by mail-mtaDD25.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Oct 2023 11:43:08 +0200 Received: from XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) by XCH-HYBRID-03.ads.fraunhofer.de (10.225.9.57) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.27; Wed, 25 Oct 2023 11:43:07 +0200 Received: from DEU01-FR2-obe.outbound.protection.outlook.com (104.47.11.169) by XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.27 via Frontend Transport; Wed, 25 Oct 2023 11:43:07 +0200 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Z7pGiGztWSHWs7VchjmqAumX84Y9CO3UgbEZCikIa2hcRotO70DBYDKdqq78dJz5axnXilrNWN16JvhlxhxsOzhrG/buDJ609c+Q2aLBtMJPr/jOzC/P8BKPxLlInOryZT1s3VVA3HadqD9sqPoOXrTBwBc08ue5Kf8EnatBBHUz7uWz+KywAhgfx6I1oTF8P5+as+UWvONWAtG2HlOFy30fSdAakcpGeMlhB27trnQEkD3JmIyujT5ycBWAoQ55TJiQelBqsl/t/TyELe5lVj9LBa/EomcBhE56PU/rg+eAG7FKHyRUJrw9J9MlWoplhkySkcQR1PFUcbajgexQfw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=HdAPg1z7sS0AGvd4vqaFHr3rIQ9eRjIceGAqFce53I8=; b=VbWUJoY2+2fjcXUfqYqNNuz3w2HZv8eIIacaYPUS1ghcvUqZBor24c/WeXBnmrtSkq3OfjXfzbF45jncvfPBt56Sp2CJqG45qbbcqTTjnxdZbl5hF3QtenRsXsTDsszna9LvLjb2qn9O+aaTYQ8gSBKlArI/Iru5YghgHVJr53zu9N0O1SV/iTgltiG3iQH34muxotImkFgh+SuMcjLWW40kS7PRLe9nQVC3pxdB/oebNqgEAs0GZNJf7xkOsVeBLcrg0BocgIeateTGb5yKTU7yCSITwNpq0BupCqUNBTf91U21iAYzLLlF42f6/xnyKn8nqtaEH/9fqY7cwS0BIw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=aisec.fraunhofer.de; dmarc=pass action=none header.from=aisec.fraunhofer.de; dkim=pass header.d=aisec.fraunhofer.de; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fraunhofer.onmicrosoft.com; s=selector2-fraunhofer-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HdAPg1z7sS0AGvd4vqaFHr3rIQ9eRjIceGAqFce53I8=; b=DeY+m+M861X1BWeNyBonSZ7gEXFfkt+qHJkbpdAslXNXPfCv8TAbpeebm8t+FJ4A/d/nbeK3aBCffbD8TZyj+v8CzEVrq27FI3LH+9jXfA804uSmuqYqELO2rsMyFidkS9+ESfnIX+USpv04E/VDLLvZkHA8HW8JQcT0jpIi9vg= Received: from BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:50::14) by BE0P281MB0116.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:f::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6933.19; Wed, 25 Oct 2023 09:43:06 +0000 Received: from BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM ([fe80::7330:78f8:1bf2:2f4d]) by BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM ([fe80::7330:78f8:1bf2:2f4d%5]) with mapi id 15.20.6933.019; Wed, 25 Oct 2023 09:43:06 +0000 From: =?utf-8?q?Michael_Wei=C3=9F?= To: Alexander Mikhalitsyn , Christian Brauner , Alexei Starovoitov , Paul Moore CC: Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Quentin Monnet , Alexander Viro , Miklos Szeredi , Amir Goldstein , "Serge E. Hallyn" , , , , , =?utf-8?q?Michael_Wei=C3=9F?= Subject: [RESEND RFC PATCH v2 12/14] bpf: Add flag BPF_DEVCG_ACC_MKNOD_UNS for device access Date: Wed, 25 Oct 2023 11:42:22 +0200 Message-Id: <20231025094224.72858-13-michael.weiss@aisec.fraunhofer.de> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20231025094224.72858-1-michael.weiss@aisec.fraunhofer.de> References: <20231025094224.72858-1-michael.weiss@aisec.fraunhofer.de> X-ClientProxiedBy: FR4P281CA0420.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:d0::17) To BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:50::14) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BEZP281MB2791:EE_|BE0P281MB0116:EE_ X-MS-Office365-Filtering-Correlation-Id: 82c39ad8-a557-480b-9859-08dbd53eca1b X-LD-Processed: f930300c-c97d-4019-be03-add650a171c4,ExtAddr X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: jY/SBV1iK7Scw2xqGFz3YbLeilwnDgW0w7dH5GXvsLuGeriEagVdlOP/VG0IobOQqDtJ9NHOCVHBWHVHCC/Ktv99AStyJATndzCRcFyphwwaA2f1Nr5bQ2KSXp9UF+VxbYd24ZlXADZQqEOYJjbIsrNhd34ip+D6+XgH2X2Y/OgidbbrHVPWT3nAUPkrLTLKJDZ0VSMAcH57DwIhWrdKrFgaJqUY4qnCGFQwNvyTp0N6riPUwrcUBij4iSsjOO3RHcDue50+Eum+qXLK1SCwblNEwzat8gSvB3QmqhAOXS1FYiyIAqTYftHPN9M/x7A1ZSMqJm5C43W/UEOv7jsO2XXnTOJuJhlWmUd0rw3Jd3NWPAwxYaZXs51wa7Zpcp1u2O4CILzOOrVsJUAK1Tagsb8YDB6BH4U8MOe9rbxiBTl5kqu3yN2tDf5AChssTIkd6y1uhgE+tfIXkpzT+A2XfnwYXf/6p2f1SEnudUHMrLb39uvUvtmCdEaqU3Nu71/yptL65WInpdjaSmjCL0WLQAP0waX0+yVpxzX5S1qoixx/+ugQzgcbFKP9QskSqg0CSFr9qU3Q1OWc95LbqWZO/4QWg7TEq29eVII4gFpqtS8= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230031)(366004)(346002)(136003)(396003)(376002)(39860400002)(230922051799003)(1800799009)(186009)(64100799003)(451199024)(66946007)(83380400001)(316002)(38100700002)(6486002)(478600001)(6666004)(54906003)(110136005)(66556008)(66476007)(1076003)(107886003)(52116002)(6506007)(2616005)(6512007)(7416002)(4744005)(2906002)(86362001)(4326008)(8936002)(82960400001)(8676002)(41300700001)(5660300002);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?4SaUmWhscnGhg6qG5VZFdpT+MByJ?= =?utf-8?q?xvQdfPqHt2ZGx3rQqyVhFMxBwE/T6+zgL90ZDAyr+qQU8aE8bCi8by1S6oljJQB+D?= =?utf-8?q?oo/BoYvPIYUaAU2r7PYDUZ8qdJoWIyey2negCtR8LZp/kfhaN7EpH1d8IzMmmj5hw?= =?utf-8?q?PW6HQNEoVHAyT6ThebBegnnJ7lApktwDfA+HVu4V/vzt3FL8Mz+RB+xl6iZ+Ewl3C?= =?utf-8?q?QfYxgjdb6ErgoEBvsjxr3/MeUP2MERAiiO5kEUScxm3LX6HMPICK6gKo3vKoAkt59?= =?utf-8?q?1g4zS0vHYBYQpKgYBzND7o45CMMZA4/swBScYPlmCJYxLYmZR9onfhWf4pizjPxJw?= =?utf-8?q?5o4ZjF6PUuTsNhBSIMhZO2Tz5HbrZBGm4nu54Lj/bVgudg409rfbfpz7eF6s2gCTK?= =?utf-8?q?/ItYT7LA00ILw6j/vAAt58JABRGrm5ZC54eV4QNYRlYtboJUrvlwmEjaOvElz7Uwg?= =?utf-8?q?yxCh9uoTHodc5FQQ+dxRQ5Q3en15aha/X35wJWbBv6vjzO3w/wyFrHqw8xtrS5zhG?= =?utf-8?q?Jb/hE/EP8Dx26WHyi73ImwNdUHT4cIJl71+r2GE+AABq1kRU4L00cKv6mnR7KYOAW?= =?utf-8?q?dI/SWMh/d2ew4J1MmVaqvatxQwFhfRFWOCxaIDvmAe6d4/qXwXLurpkdAcf84+KWy?= =?utf-8?q?YeUg2CwwvREDjlLKNuwijN11aJhMe6TdJAbdxcq8zIQCrTDjE5z/3ZXA7Y5SY07Zm?= =?utf-8?q?4/OVTzn6Hu1ztmz4D2t1+oHeg2Xzdqq4eOYRNeDeT0e4DQidTJXccrCrJHexKoHR+?= =?utf-8?q?m0tf+Th4XzDsRXm+qnXnSr4LRwvMREZW2/tWETDcvFEk2Zdxe5dkVOn7HmGarJeqx?= =?utf-8?q?ApA+kKmnkQoGN0poAm0H9APCST4pvqj/m/7+lqYd4jO1eGFyJdsv4eZtPplnyhwXh?= =?utf-8?q?9n9iZjKB6dyTBJVnQf3X3qBRWX3udnCYSevEm8hCPmYUiJ26FOWgwyl4ZZdSHGZhJ?= =?utf-8?q?p3if3W2EJj4WVtFuEFwz1gBBZRzwdXZ/S9nkz6ObQuQkBqC4bMfSifvG+g4KCkqNJ?= =?utf-8?q?nRaZNpKelMk7JKA04djyKEZ5t3y/kpcPwGIWrxz7QA2XrjvsNz/PKHAq3BBcKNoTt?= =?utf-8?q?Na/ljFREQO5fozLkwRQF1/7xuFnZvejSwwmgRUaf/dHUM7QNHUIvHfxFbbz00ZEbp?= =?utf-8?q?ftD9XKiJ3nbTsRcgHOw+wKZAPbYCspKsDLU0WU3qoLC8mUsDrfpMXejnqNETzx79d?= =?utf-8?q?jFEEJh3ofEUTHki4RwZmBPYiGE6wSoHE5I+muku2sA3qztcrw23QXy/7cnfk+fLWY?= =?utf-8?q?FyV5NYWmvf+puwnUgXHJ2b1VdNIKkrw2N2L+oNtgD3/3BSmKNdkeYcDj0GWefqQGa?= =?utf-8?q?XLV2h2G9W4HCq0FYoqNvHAgccZc8OOTQxQxBiQbSTX5WfPmWrW4wn6b6P1AV+mY9S?= =?utf-8?q?bhCdDTeEJIccgmDRx7qp0BpEYPxGj1QnlxpbnK5kzXuDeNxjCeOBBkqpZJ/XBEb0C?= =?utf-8?q?I0f1xQzvtIawmtufeZ9ZvnHe63BDdEuO5oVUh+IThAd4k/xywL/pr05sl0c1MAH9W?= =?utf-8?q?Q+6sPxG52UmTeK6bfBb64P9LKvcJT9HOGKG6KcRyvhh/f2v7jcA/1hPqe0Hkbv7m8?= =?utf-8?q?bZ2W/nNtHPPOIMLBl0LacPQ2zYb6LCOzND8Djg8svE7gcJ9rd0OCWg=3D?= X-MS-Exchange-CrossTenant-Network-Message-Id: 82c39ad8-a557-480b-9859-08dbd53eca1b X-MS-Exchange-CrossTenant-AuthSource: BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Oct 2023 09:43:05.9749 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f930300c-c97d-4019-be03-add650a171c4 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: ARggjbMX13nOsPVFNakzq2jKHDqc6UAyDb+ZxMo4hf7sRjo026m+qhLCkJj34UbpVUbel2h50n153oT1n3lS8pei00gQNbKaYLBMA8hXZ1uIjJ00Va/ONokFnMitOKZa X-MS-Exchange-Transport-CrossTenantHeadersStamped: BE0P281MB0116 X-OriginatorOrg: aisec.fraunhofer.de X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Wed, 25 Oct 2023 02:45:21 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1780720267359794556 X-GMAIL-MSGID: 1780720267359794556 With this new flag for bpf cgroup device programs, it should be possible to guard mknod() access in non-initial user namespaces later on. Signed-off-by: Michael Weiß --- include/uapi/linux/bpf.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h index 0448700890f7..0196b9c72d3e 100644 --- a/include/uapi/linux/bpf.h +++ b/include/uapi/linux/bpf.h @@ -6927,6 +6927,7 @@ enum { BPF_DEVCG_ACC_MKNOD = (1ULL << 0), BPF_DEVCG_ACC_READ = (1ULL << 1), BPF_DEVCG_ACC_WRITE = (1ULL << 2), + BPF_DEVCG_ACC_MKNOD_UNS = (1ULL << 3), }; enum { From patchwork Wed Oct 25 09:42:23 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Michael_Wei=C3=9F?= X-Patchwork-Id: 157977 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce89:0:b0:403:3b70:6f57 with SMTP id p9csp2479742vqx; Wed, 25 Oct 2023 02:46:01 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGTJFvk2KIeTELPp5nJ7V8fTHC0z9yD7lA6ufJvUIgckYYXOlGQa2LvmRiK8ozFL4vWPK4D X-Received: by 2002:a05:620a:190d:b0:773:af20:43f7 with SMTP id bj13-20020a05620a190d00b00773af2043f7mr18311743qkb.54.1698227161588; Wed, 25 Oct 2023 02:46:01 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1698227161; cv=pass; d=google.com; s=arc-20160816; b=sGLNmwiBuaJvsbLaVZmifXSL689skPfmFhd5KORJ4uIBkx3KmABfFXpKyoDwlUEHtp gXVeVR5Lxc1hMz/ZFwpsGiyG0QUyVytaIoFSoL8ivhLErzJpnwAth7WN+ij3pFkwVvZB OhZ3AbKReWF832bq7PDfEP1Dk1LoHNMlYTsF5Y/moubbpq5ZLkAqno8yxBePe6hu9V+6 SixHJnLtDY7oZ1PB/rs+bU9NvM0Dz05O3PUe3pY5OW5uO+m1a5EO+J8u+XMIClmh3eO3 LOlt8bavP0MQZnpgUSlvKw9pTtthuO7XjrqZ3IZl4ywoP07Yg3RDEvwA8Ovaj7x1Ws1i 1njA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:content-transfer-encoding :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature:ironport-hdrordr:ironport-data:ironport-phdr :ironport-sdr:ironport-phdr:dkim-signature; bh=TM3rWZ37iOm/+kXlAfc2yttJ28JWP9yMUE/Bl4wxnbM=; fh=z3ksJh+wv3D7xBEXa7uqO9NpOoCTaO1mFrFJSZ6Twwg=; b=SjJBQgouER/FT3dMeaAinHEYgFuoKzcGrnf4o12onpbTnQ56k/EdiLdXwImUyCRSxa VMiqiaHb1p7FYhHEJ7I0VrqZw0rOLbArcTrna04eI3tsheTwT0/ynIk2rog6Mv3heJg0 bBxmz5/IEGzlGs0yy0c2eg1BP9welWE699Mju/En51ZmGT06+AayzIQFtv0zPLFIsDCN arzxNZJ/zz7BR2bdcOyIIuF7y1aD7MYxq0soDlWnzNNZjFMMYtojeNXsnGHAZ1zUfeOm JGCTpN9W3mcM0ncCL5jkLc1qnOHSCuNSHKhffQD6PWTXbWNCKTi+sL0vQGe3hqVs+Kzd 3pzw== ARC-Authentication-Results: i=2; mx.google.com; dkim=fail header.i=@aisec.fraunhofer.de header.s=emailbd1 header.b=CCqEVald; dkim=pass header.i=@fraunhofer.onmicrosoft.com header.s=selector2-fraunhofer-onmicrosoft-com header.b=HujE1mML; arc=pass (i=1 spf=pass spfdomain=aisec.fraunhofer.de dkim=pass dkdomain=aisec.fraunhofer.de dmarc=pass fromdomain=aisec.fraunhofer.de); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from fry.vger.email (fry.vger.email. [23.128.96.38]) by mx.google.com with ESMTPS id c14-20020a81df0e000000b005a7af9a753asi9977927ywn.327.2023.10.25.02.46.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Oct 2023 02:46:01 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) client-ip=23.128.96.38; Authentication-Results: mx.google.com; dkim=fail header.i=@aisec.fraunhofer.de header.s=emailbd1 header.b=CCqEVald; dkim=pass header.i=@fraunhofer.onmicrosoft.com header.s=selector2-fraunhofer-onmicrosoft-com header.b=HujE1mML; arc=pass (i=1 spf=pass spfdomain=aisec.fraunhofer.de dkim=pass dkdomain=aisec.fraunhofer.de dmarc=pass fromdomain=aisec.fraunhofer.de); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by fry.vger.email (Postfix) with ESMTP id D2C3480FCBDF; Wed, 25 Oct 2023 02:45:58 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at fry.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234378AbjJYJpc (ORCPT + 26 others); Wed, 25 Oct 2023 05:45:32 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50334 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234687AbjJYJpB (ORCPT ); Wed, 25 Oct 2023 05:45:01 -0400 Received: from mail-edgeF24.fraunhofer.de (mail-edgef24.fraunhofer.de [IPv6:2a03:db80:3004:d210::25:24]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C7D1E19F; Wed, 25 Oct 2023 02:44:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=aisec.fraunhofer.de; i=@aisec.fraunhofer.de; q=dns/txt; s=emailbd1; t=1698227061; x=1729763061; h=from:to:cc:subject:date:message-id:in-reply-to: references:content-transfer-encoding:mime-version; bh=xfHIWfu+FOq/jbmo/K/PtYK8ttjna13orZaG8aVLYp8=; b=CCqEVald44HACVKh7rXm6tuLjzdB1LZNL1E0JV3lXmkaW2Cql7OIM63T pXZcxoz5pFWC4Mv12nDjvA55aKfH+ImvpCtwNdySrmCA5vIXqy2axSPaC UceL301tr6XIWyfUv0CQb7dPN+ewnxet8kJCvYK9XjFkybf88aOl6lkyH Xc8yGci2V1DUHPCnJ8NcKI7dS3CUf+ohmF0DI1LlUOgoOzBKja/JGUTu7 7YMqVpG/mBQ8hrPHVVdwTeL1bJ5LgHDFxDed3cwR+/SaO6u95is5ArH9E cpYDbgVBhJ+/CEsxZ7Vvod28a8J8vBnPS2VUklRLjA4NaPIAZeMqt5VQ9 g==; X-CSE-ConnectionGUID: THgPYn6KQriXTyw5tn6oBg== X-CSE-MsgGUID: wfq6KoI1Q/SLsQsLFZUN2g== Authentication-Results: mail-edgeF24.fraunhofer.de; dkim=pass (signature verified) header.i=@fraunhofer.onmicrosoft.com X-IPAS-Result: A2E2AABB4jhl/xwBYJlaHQEBAQEJARIBBQUBQIE7CAELAYI4gleEU4gdiUGYJoQEKoEsgSUDVg8BAQEBAQEBAQEHAQFEBAEBAwSEfwKHGic0CQ4BAgEDAQEBAQMCAwEBAQEBAQECAQEGAQEBAQEBBgYCgRmFLzkNhACBHgEBAQEBAQEBAQEBAR0CNVQCAQMjBAsBDQEBNwEPJQImAgIyJQYBDQWCfoIrAzGyGH8zgQGCCQEBBrAfGIEggR4JCQGBEC4Bg1uELgGENIEdhDWCT4FKgQaCLYRYg0aCaIN1hTwHMoIigy8phASHeoEBR1oWGwMHA1kqECsHBC0iBgkWLSUGUQQXFiQJExI+BIFngVEKgQM/Dw4RgkIiAgc2NhlLglsJFQw1BEl2ECoEFBeBEW4FGhUeNxESFw0DCHYdAhEjPAMFAwQ0ChUNCyEFVwNEBkoLAwIaBQMDBIE2BQ0eAhAtJwMDGU0CEBQDOwMDBgMLMQMwV0cMWQNsHxocCTwPDB8CGx4NMgMJAwcFLB1AAwsYDUgRLDUGDhtEAXMHnU2CbQE8LSWBbg5DlkYBrnkHgjGBXqEJGgQvlyuSTy6HRpBIIKgIAgQCBAUCDgiBY4IWMz6DNlIZD44gOINAj3t0AjkCBwEKAQEDCYI5iRIBAQ IronPort-PHdr: A9a23:ViDUjRTNaSgIxZFKTT9G4EQdHNpsovKeAWYlg6HP9ppQJ/3wt523J lfWoO5thQWUA9aT4Kdehu7fo63sHnYN5Z+RvXxRFf4EW0oLk8wLmQwnDsOfT0r9Kf/hdSshG 8peElRi+iLzKh1OFcLzbEHVuCf34yQbBxP/MgR4PKHyHIvThN6wzOe859jYZAAb4Vj1YeZcN hKz/ynYqsREupZoKKs61knsr2BTcutbgEJEd3mUmQrx4Nv1wI97/nZ1mtcMsvBNS777eKJqf fl9N3ELI2s17cvkuFz4QA2D62E1fk4WnxFLUG2npBv6C6vU6THFhLEi2Q6feo71fbQdVz/4/ rt3akW4qhg/Zi8czUyQoMgsk7Jdqjf09Hkdi4SBQJyXGaN7W4fDdM8FGzR8dJpNWyJBRYXsX a0CIPI7FMRnqNnegmITtTa1CCCVCcPiwCZi3kW11ogn7bpwNV7s5VIRJ/4qnWr6h8zILKUXc uaIkKjBlD/bdvJ0iQzXxarneE8Hi6GgZ/FRX9Tuk3kiKT/mgguqhYPfYjPEzflVnEqp3tt8b dKtmT8IqSpYmRKt3v18i7j0nd062Eza/ngoy48lfsOgaxFXQfP0RcgYp2SbLYxwWsQ4XyRyt T0nzqFToZegZ3tiIPUPwhfeb7mKf4eFzEi/EuiLKCp+hHVrdaj5ixvhuUSjy+ipTsCvyx4Kt StKlNDQq2oAnwLe8MmJS/Zxvw+h1D+D2hqV67RsL1o9iKzbLJAs2Pg3kJ8Sul7EBSj4hAP9i 6r+Sw== X-Talos-CUID: 9a23:JHfu2G9ZvDlDvEV06OyVv3I0FfgUdCP+9W3RE3OpFjt1TuOSY1DFrQ== X-Talos-MUID: 9a23:zWAcjgVqQ60yIt3q/CDinW9BM+Yx2uOVLFs0irEoifSibyMlbg== X-IronPort-Anti-Spam-Filtered: true X-IronPort-AV: E=Sophos;i="6.03,250,1694728800"; d="scan'208";a="62757492" Received: from mail-mtaka28.fraunhofer.de ([153.96.1.28]) by mail-edgeF24.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Oct 2023 11:43:10 +0200 IronPort-SDR: 6538e32e_u995T+0f3oI3d8Xb2kCivg0XfYFggWJCbsif8dTsb2Rtm+Z gO48y34Lg4sdYqOE2vKa1KF9YJV1dCJIWD7GB4w== X-IPAS-Result: A0A8AAC94Thl/3+zYZlaHAEBAQEBAQcBARIBAQQEAQFACRyBFgcBAQsBgWZSB4FLgQWEUoNNAQGETl+GQYIhOwGXaoQugSyBJQNWDwEDAQEBAQEHAQFEBAEBhQYChxcCJzQJDgECAQECAQEBAQMCAwEBAQEBAQMBAQUBAQECAQEGBIEKE4VoDYZNAgEDEhEECwENAQEUIwEPJQImAgIyBx4GAQ0FIoJcgisDMQIBAaUwAYFAAosifzOBAYIJAQEGBASwFxiBIIEeCQkBgRAuAYNbhC4BhDSBHYQ1gk+BSoEGgi2IHoJog3WFPAcygiKDLymEBId6gQFHWhYbAwcDWSoQKwcELSIGCRYtJQZRBBcWJAkTEj4EgWeBUQqBAz8PDhGCQiICBzY2GUuCWwkVDDUESXYQKgQUF4ERbgUaFR43ERIXDQMIdh0CESM8AwUDBDQKFQ0LIQVXA0QGSgsDAhoFAwMEgTYFDR4CEC0nAwMZTQIQFAM7AwMGAwsxAzBXRwxZA2wfFgQcCTwPDB8CGx4NMgMJAwcFLB1AAwsYDUgRLDUGDhtEAXMHnU2CbQE8LSWBbg5DlkYBrnkHgjGBXqEJGgQvlyuSTy6HRpBIIKgIAgQCBAUCDgEBBoFjPIFZMz6DNk8DGQ+OIDiDQI97QTMCOQIHAQoBAQMJgjmJEQEB IronPort-PHdr: A9a23:lvyQWB/TwSp4Kv9uWWy9ngc9DxPPxp3qa1dGopNykalHN7+j9s6/Y h+X7qB3gVvATYjXrOhJj+PGvqyzPA5I7cOPqnkfdpxLWRIfz8IQmg0rGsmeDkPnavXtan9yB 5FZWVto9G28KxIQFtz3elvSpXO/93sVHBD+PhByPeP7BsvZiMHksoL6+8j9eQJN1ha0fb4gF wi8rwjaqpszjJB5I6k8jzrl8FBPffhbw38tGUOLkkTZx+KduaBu6T9RvPRzx4tlauDXb684R LpXAXEdPmY56dfCmTLDQACMtR5+Gm8WxyZtWBL63kqlX7D09Wj5hu5U1iLALNHqb+pkewuav rZOdTKvoiNbKC4/+kSC2akSxKgOgA+jikV65qrKaZ2KaqRDVP/Bcd0aAmwRbOBceDR7K6GDa NssKtMcJctToqDEqnsDpwKUXTPvD8by9GEZoiDc5PML68gFPB/o9xUdB9ALk3Lp8NT8ba0KS OGXnJLi4BfsZaxw82fR0svpXA4e+8GBY45TfZTr5UYVSgOUlUjIhq7XDgKJ7tQPoTm07cFJb sitk1R3qjBMuWeA1NsygdSYjYsFkU7c1npV4KtlcI7wWAt6e9miCJxKq2SAOpBrRt93W2hzo 3VSItwuvJe6eG0P1J0E7kSPLfKdepWO4hXtWfzXLTorzH5mebfqnx+p6gDg0ezzUMCozUxH5 jRIiNjCt30BllTT58GLR+E7/xKJ1yyGygbT7e9JOwYzk6/aIIQm2bk+itwYtkGrIw== IronPort-Data: A9a23:oYHBOKgCIlWznsTOLJMp7fOHX161wxQKZh0ujC45NGQN5FlHY01je htvXm2Ha/7cNzGnLd1/OoS/8EIHv5XXyIdlGwZr+Ck2RnhjpJueD7x1DKtf0wB+jiHnZBg6h ynLQoCYdKjYdleF+lH3dOKJQUBUjcmgXqD7BPPPJhd/TAplTDZJoR94kobVuKYx6TSCK13L4 YiaT/H3Ygf/gGcsaD9MsspvlTs21BjMkGNA1rABTa0T1LPuvyF9JI4SI6i3M0z5TuF8dgJtb 7+epF0R1jqxEyYFUrtJoJ6iGqE5auK60Ty1t5Zjc/PKbi6uBsAF+v1T2PI0MS+7gtgS9jx74 I0lWZeYEW/FMkBQ8QgQe0EwLs1wAUFJ0OX6IVmwk8Oo9W75eiXRnvB1EmExApJNr46bAUkWn RAZACsIcgjFivK9wPS1UOBxgMQkIsTxeo8S0p1i5WiEVrB3HtaaHPSMvIUHtNszrpgm8fL2Y ssSaTNiaFLfbhxUIX8eCYkzl6GmnHDidT1fpl+P46Y6i4TW5FUqjeCyb4uLIrRmQ+0Mp33Eo zv29l7aORo6KIehy2PfrUOj07qncSTTHdh6+KeD3vdujU2awGAeEjUTVFuypfiym0j4UNVaQ 2Qe4CMzq6Uo3E+mVN/wW1u/unHslhcHR/JTHvc85QXLzbDbiy6BD3UAZiZIddhjscgxXzFs3 ViM9/vlDDpuvbm9SHWS+76OpzSify4YMQcqbCkIVwoEy9ruuoc+ilTIVNkLOKu8lMH0H3f0y i2iqCk4mqVVgcMVv42g+lbIqzGhvJ7ESkgy/Aq/dnOl9St3bsiuYInAwVrc7fAGIo+CUlCLs X4Is8eb5eEKS5qKkUSlQ/0WHbem596GPSfajFopGIMunxy293CLcodX7zVzYkxuN64seTbuZ FLUkQxW45BXMT2haqofS4C2D98j5avtD9LoUrbTdNUmSoFseQmb/SdGZFWXwWnpnU4w16o4P P+zb8e2Cl4IBKJm0nyyRuEAwfks3C942GC7bZX6zBCgypKFdnOPRLsEdluTBsgw6aKe/17U9 /5QMsKLz1NUV+iWSjLa64EeBVADKXwqA9b9rMk/XuSbLCJ4F2w7Tfzc27Usf8pihas9vuPJ+ GytH0xV0lzygVXZJgiQLHNucrXiWdB4t31TFSgtO0u4nnY4bYux4aM3aZQ6Z/8k+fZlwPoyS OMKE+2JBvlMUT3B9y5baJj+rIVmdQiwlASmNCOjZz4+dJdkAQfO/7fZkhDHrXRVS3vo8JJh8 vj5jFydX59FTEJsFs/LbvKowV6r+3QQ8A5vY3b1zhBoUByE2KBkMSXsiP8wLcwWbxLFwzqRz QGNBhkE4+LKpucIHBPh3Mhodq/4QrcsLVkQBGTB87e9OA/T+2fpk8cKU/+FcXqZHCn48bmrL 7cdhfztEuw1rHATuapFEpFv0f0f4fnrrORk1QhKJijAQGmqLbJCGUO4+/dzmJdD/ZJjgjvua HmzooFbHZ6rJPLaFEUgIVt5T+abitARtDrgzdU0B0TY5CZH2r62QBhXNByi0SZYLKVHNb005 eIbvO8X9A2NpR44OfmWji1v1jqtL15Rd44Fp50lEIvQpQ5z8W57YLvYET7Q3JGDT/5uI3saC GaYq4SajosN23eYVWQ4EEb8+NZ0hLMMiUhs90ADLVHYoej1rKY78zMJ+AtmUzkP6AtM1t9yH W1ZN0dVA6Gq1BUwjehhW1GcIS1wNCe7yGfQlWRQzHb4SnO2XFPjNGc+YOaB3H4I+lJmIwR0w uuq93bHYx3LIufKwSoAaWx0oafCTPtw1DH4tuKJIsCnJ6Q+MB3Z2vKARGxQsBb2I9IDtGuer 8lQwetAQ6naNykRnq4FN7enxYkgEBCqGEESQNVK3r84ImXHSTTjhRmMMx+Qf+1OFdzr8Gi5K d5kFvhQcxGAiBfUoS0pA4wML4Apm/Rz1t4Je+7oF1UnqJqalCJi67jLxxj9hUgqYtRgqtk8I YXvbAC/EnScqH9Xum3VpuxGBzaIWsYFbwjCw+yFyuUFOJYduuVKc0tp8L+Lk1iKEQlgpTS4g RjiYvLI8ulc1ohcpYvgPaFdDQGSK9moduCp8hi2gutef+H0LsbCmAMEmGbJZz0ME+MqZO12s rCRvPrc/kDP5u82Wl+EvaixLfBC4MHqUddHNs7yEmJhohKDf83R+DoGxXGzLM1YsdFa5/T/f TCCVumLSYc3VetelVpvUAoPNzYGCq/yULXsmjPlkdSIFSom8FLmKPGJyCbXSF91JwE0P6/wM AvWg8qVx8t5qd1MDSAUBvs9DJ5fJkTiaJQcdNbwlGe5C0ewiQm8uJ/npwsR2Q/WA1bVFfTKw I/3aSX/UD+Qu6j46s5TnKIvnx8QDVd72fIReGBE8fFIqjmKNkw0BsVDDocnU7Z6yjfT0rP8b xHzNFoSMz33B2l4QE+t8ebdURe6Lc1QHNXAfxgC3V6eMgWyD6O+WIpRzD9quSpKS2Gy3dOcC I8s/1PrNUKM2bBvf+EY48K7jcpBxv/3wnEp+1j3o/ftAiQxUKk763h8IDVjDSD3MdnBtEHuF 1gHQWppREKaS0moNe1Cf3VTOg8SvRKx7jEOQBqM/u3iuNSg/LUd8MH8BuD97ORSJoBCbrsDX mj+SGax8nibkC5b87cgv9Uyx7R4E7SXF8y9N7XuXhAWg7r20Gk8IscehmAaeanOIuKE/4/1z VFAO0QDOXk= IronPort-HdrOrdr: A9a23:4sS34Kj1sgRPnOtVEqjzEqcxHnBQXrUji2hC6mlwRA09TyX4ra 2TdZsgtSMc5Ax6ZJhfo7G90cC7KBu2yXcf2+Us1NmZMzUOwFHHEL1f X-Talos-CUID: 9a23:A78ZVGu0APgybVnfmAGCzAa+6It/T338w1XfGHWbNm83deCQUkGw/5x7xp8= X-Talos-MUID: 9a23:iJDVyAR7qWe9CuvORXS1vQo+MZ5Y6p6NM0stjc44uZDeah1/bmI= X-IronPort-Anti-Spam-Filtered: true X-IronPort-AV: E=Sophos;i="6.03,250,1694728800"; d="scan'208";a="135077960" Received: from 153-97-179-127.vm.c.fraunhofer.de (HELO smtp.exch.fraunhofer.de) ([153.97.179.127]) by mail-mtaKA28.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Oct 2023 11:43:09 +0200 Received: from XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) by XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.27; Wed, 25 Oct 2023 11:43:08 +0200 Received: from DEU01-FR2-obe.outbound.protection.outlook.com (104.47.11.169) by XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.27 via Frontend Transport; Wed, 25 Oct 2023 11:43:08 +0200 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hzTY+qYKCrJ1Du9XpxOLo5BVp3unINjF6DIACG4E2bhWNXOhWVNKPX3JG92Er2QUIhgMhEzD8r+ketflkrYrGRc/E/vHu8wNRgCNZ35HmAwMeCJNCPEJyLKx+CEeiwFt3cRp3/Goqf4B4LkB8Q956D2tS7+pYRIGsgDKI26aOpe3l2n5zzlXEE0KkEBLBBSTLl94tSnMrDbNJCr5fln2piCo5fNicxNwk0zN+v+Y0h4Zk8zGfBouiOUxbZ34mA/+Z9rQzrCrrAygicDdg0+fvDALWlyLeROVwmSlS9nZsEf9CLG9yEzQJYQnHhslf5NIvE5GNZs1XOA9zkeeCZljFA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=TM3rWZ37iOm/+kXlAfc2yttJ28JWP9yMUE/Bl4wxnbM=; b=K1NQ63z07pLciFXWK0lHVbwPVoNSCroBLFIyBFn5GU1y2Qix1tlkcIaN84edP4rNTtNxOoTP63P+IdcKGIchmmj5k8i5IbFeUz1lkil3q0mZo1dUWNB0ij5YJjMFqDeLxRNea0ON3RkO0Fff/urLdaKym5oeOiElicJkLp4OEplBIAj+jlO/OihEZlUjgWBi5o5f4NUoaaLJeuokHRhw/1l+ofblssEDsNqcE0fX3enNXrxD4yBOQRHhfCAkfgg62FRvKMiUKBXZIfbtDQD+6ui3Rbko6hYt3ph3e+gkfksFXVLwrR3ywq0/u+j6kq4KCR2jlHzLuL0AemQHLcK16A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=aisec.fraunhofer.de; dmarc=pass action=none header.from=aisec.fraunhofer.de; dkim=pass header.d=aisec.fraunhofer.de; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fraunhofer.onmicrosoft.com; s=selector2-fraunhofer-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=TM3rWZ37iOm/+kXlAfc2yttJ28JWP9yMUE/Bl4wxnbM=; b=HujE1mMLvatw66UB4tdfh/n8ZNeGpRAJWo8KMQupEceAQeHebqB0R+cMuV69L7BQ6YPDLEvFCqUpjmKnU4ia1bpqiJ8SBEJGb7NB8DR+IFvW2XeVTKd6RDgR5h9su0GJZYYtPXjz9GjCASBjpR8iYUs7Gztvc59cax3vpK7DHE8= Received: from BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:50::14) by BE0P281MB0116.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:f::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6933.19; Wed, 25 Oct 2023 09:43:07 +0000 Received: from BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM ([fe80::7330:78f8:1bf2:2f4d]) by BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM ([fe80::7330:78f8:1bf2:2f4d%5]) with mapi id 15.20.6933.019; Wed, 25 Oct 2023 09:43:07 +0000 From: =?utf-8?q?Michael_Wei=C3=9F?= To: Alexander Mikhalitsyn , Christian Brauner , Alexei Starovoitov , Paul Moore CC: Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Quentin Monnet , Alexander Viro , Miklos Szeredi , Amir Goldstein , "Serge E. Hallyn" , , , , , =?utf-8?q?Michael_Wei=C3=9F?= , Alexander Mikhalitsyn Subject: [RESEND RFC PATCH v2 13/14] bpf: cgroup: Introduce helper cgroup_bpf_current_enabled() Date: Wed, 25 Oct 2023 11:42:23 +0200 Message-Id: <20231025094224.72858-14-michael.weiss@aisec.fraunhofer.de> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20231025094224.72858-1-michael.weiss@aisec.fraunhofer.de> References: <20231025094224.72858-1-michael.weiss@aisec.fraunhofer.de> X-ClientProxiedBy: FR4P281CA0420.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:d0::17) To BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:50::14) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BEZP281MB2791:EE_|BE0P281MB0116:EE_ X-MS-Office365-Filtering-Correlation-Id: e03c1c06-6d09-4730-cc83-08dbd53ecad0 X-LD-Processed: f930300c-c97d-4019-be03-add650a171c4,ExtAddr X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: iZ2y04VC63LLTwCwdU8DZ47eWNOLifKQxnujmUKHc+nJn4BDMSR2gCRUvB3j9t8U4LYIhr0dtpk8hmSqo24+AqqIG1rso3y7QkkQLBqdCjvn3AlNIp9owNFSHCofd3zX8Yq9TuBzH2YmFIRxePyPRZLJbylN7zx/7pVtWPd2MZwC3eLSzYRPxHNI8m4wq9bn9txWRb8+5tYGVLMe7MROSPYw8GDTvF0FVurURdZ2TLEUmBnXkITPspU5/X9n7sZZsTdQvJ01SwqrLG2wpYSag15/APv/ZrqH3/zTS6t2AGLaR+PkG++fP0ZNfDdo3LF6J413Eu8eTUXIIc1TNFj3MjaF1L2vqkubZSyG+OZ3aWisvhz+Io77YNByT0pNBw6xw5MLpK9wqby2JKmtWTTi++t8LuPjnUj9Qmj9e9GQwNdSbydkDfbioIzq2mso2Ie7bsS2VloFLl94/KJEirPIhVSFHNVF44ez0rnVvZKlR7SAefv3SUC/W3eOZy4Sz9PVw0PskP51st1/TqdQisb0Mn0e91xFAjGzzpZCYBp4qYwsBgZFSwISz7P0DLXKqFEhjkHQSZBlqmHHWbM+RaI+dcLzRxNoeknbxkh1mmBJiQg= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230031)(366004)(346002)(136003)(396003)(376002)(39860400002)(230922051799003)(1800799009)(186009)(64100799003)(451199024)(66946007)(83380400001)(316002)(38100700002)(6486002)(478600001)(6666004)(54906003)(110136005)(66556008)(66476007)(1076003)(52116002)(6506007)(2616005)(6512007)(7416002)(2906002)(86362001)(4326008)(8936002)(82960400001)(8676002)(41300700001)(5660300002);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?zC3wRZvOoYk4ZYwBtcQrxyePSHWw?= =?utf-8?q?n+mDHwxk+3Ho5UrLNfjwVdYc1euoddgiGSYMQHc/LLC+Ix2yg1oagdtmuXDUAYGvx?= =?utf-8?q?4Y7JaCrgP8pFcHDCU096gl6w1lQvIdvrBMUniqy3Mt1p5FxJxlX1pKbaX18JXCgPx?= =?utf-8?q?gaNDWIJI77/TJ891cHgIv2XaM3+EG3/KOcQ06Yxi3RWQB1QQFc4K6PNqmXqyPRBw1?= =?utf-8?q?Ld0HtPSBB15h+8myQxdXId7uxYsorecrzU11XduK8ZmnsLECtVrc/m07Fo/FV5wxA?= =?utf-8?q?mWHRsq8VDG5Zswxk9fy3wPGuuFPdZQpGV5H1yJ8Gp1kESRskoAsGymchCWTnD4ktt?= =?utf-8?q?+I0nMxb1xnWihSHFW9Yf9b3wcu3gQ6P0kgRbS5+gHp8EaIk2jeklnCHn7eVo3g91s?= =?utf-8?q?ZCz67G6qK9S4njjMILEmlnztgsumY2VuotEcoESjeuRuQulw7paaLddL4SIysB0UK?= =?utf-8?q?w8ZPX5m476YqmD8nIuGJYmueXFbFkAIs1+UJgFHf3MjBoHfhy842ua6hUIbj2vFL0?= =?utf-8?q?mDl2nTkuyJZmJm3AGDeRzvV7wDCupoXMILtFHzoPG3VYTQuWXAiLsEi5iIY8TrABp?= =?utf-8?q?qOwntykPQIkXEtDpJ/xX+xx3Nha0N3mGM46jdYM+hXA4zMDc/F+tUiOpMkI0p3qLH?= =?utf-8?q?HOfGtNfFMi+1VJmqTjY7CuG3EfrsNGRnfgsKC9QDM10ViB3XIRSl9olcf/UfrOhvr?= =?utf-8?q?fqf1vskmpBqYu9j5I2g1b5TFMbRBS6rCUkZxkzkjSj1/75oUUmu3UW2DyZzFjE8bn?= =?utf-8?q?EvZwwt5SLsY3/SY0rgEZHXShd/lDXjt3/F1MbeATabKsZRVpTMzlL5erhQW7IouNn?= =?utf-8?q?4e44kWxzF/O/K9J3HGYXITFz+42EbhXg9CWqoXmFJGMbcxQJNRKJOVYqXliLjoqRu?= =?utf-8?q?49n6sXYtDworoz5Lb5mDDDEASXa+65KqTBYZa2VhQjv0T2eOeYpREdmUxYW9MmRdv?= =?utf-8?q?6x6Z6ihMEu5KpMOzgZh2BNfJjsHBIP0MyoRtEFt9Qye/hio/fSTD2MR68xe/1Edkh?= =?utf-8?q?euNCXxVTetXLDPcPSJibn2CHvC0+0TGfYjenzP2nuyro9qM+d23dGrmKXKgXEVQ42?= =?utf-8?q?8oMzpcnHg46yTbbLUYRZHF/CRT9AXPOX0mEdrBZlgiGhN9657vqhomOZWQ3jfuvDR?= =?utf-8?q?ef6IuPaxMzGlxKDmGmnXSMW4oiR91RrTc3bz2BMkBp5y/tjcO+1QKNWoGapmn4j4M?= =?utf-8?q?HAh3rgOhUoMXQ4YHlpiTBJ1+HKHGSoBe2N6zGk1OuPz8E/Oc9KLjDwlI4aJzyfaYq?= =?utf-8?q?1uHzh6MyRjY9OVUxxP6bTx8nSCBI4tyvsM0tLHG5qKqfYbe5xg7C2Ju1k20a0qL24?= =?utf-8?q?EqRpEV2FSWd6+5f2LCQGh+jIdXfwZiGvmXnMQwcX4OoLnpzDZnD6SEeHJBISg8RtG?= =?utf-8?q?csITiExDK0/FHetElLA6BK9ckSjxnOb81bCxWw9yFx2bF/ZD7Qd5zzCKP0GpcpZ9P?= =?utf-8?q?+V1M+avKvpohUdojWOftBzZIwGFkXIbuHyrwnROnqIaTztz0qJ1EFo9H6FpV2e3rS?= =?utf-8?q?2N9NT1Aq8ukGOagfjbS4K7wxBpfwGXjT+HbjQksTWvLf7Yytq/CR6gEgzNxUva44d?= =?utf-8?q?uz8XmqHyMUEm2Q7UOgspyo2wOslYsSI2q35G+iUT3GoJy4RXsZleWc=3D?= X-MS-Exchange-CrossTenant-Network-Message-Id: e03c1c06-6d09-4730-cc83-08dbd53ecad0 X-MS-Exchange-CrossTenant-AuthSource: BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Oct 2023 09:43:07.1760 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f930300c-c97d-4019-be03-add650a171c4 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: YGBrTQLBBxYvBDOPV23YGMx640pRU+21xc5d9X0e0w9rvkPgrR8oe/7vdwP+S7je6G2gTimxcZgaZaMOJvAGVoWJasj3f40XqUdM3aZTfycXfQdazJYqOPQ2sFeIZQ7D X-MS-Exchange-Transport-CrossTenantHeadersStamped: BE0P281MB0116 X-OriginatorOrg: aisec.fraunhofer.de X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on fry.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (fry.vger.email [0.0.0.0]); Wed, 25 Oct 2023 02:45:58 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1780720244028275205 X-GMAIL-MSGID: 1780720244028275205 This helper can be used to check if a cgroup-bpf specific program is active for the current task. Signed-off-by: Michael Weiß Reviewed-by: Alexander Mikhalitsyn --- include/linux/bpf-cgroup.h | 2 ++ kernel/bpf/cgroup.c | 14 ++++++++++++++ 2 files changed, 16 insertions(+) diff --git a/include/linux/bpf-cgroup.h b/include/linux/bpf-cgroup.h index 8506690dbb9c..655697c2a620 100644 --- a/include/linux/bpf-cgroup.h +++ b/include/linux/bpf-cgroup.h @@ -184,6 +184,8 @@ static inline bool cgroup_bpf_sock_enabled(struct sock *sk, return array != &bpf_empty_prog_array.hdr; } +bool cgroup_bpf_current_enabled(enum cgroup_bpf_attach_type type); + /* Wrappers for __cgroup_bpf_run_filter_skb() guarded by cgroup_bpf_enabled. */ #define BPF_CGROUP_RUN_PROG_INET_INGRESS(sk, skb) \ ({ \ diff --git a/kernel/bpf/cgroup.c b/kernel/bpf/cgroup.c index 03b3d4492980..19ae3d037db7 100644 --- a/kernel/bpf/cgroup.c +++ b/kernel/bpf/cgroup.c @@ -24,6 +24,20 @@ DEFINE_STATIC_KEY_ARRAY_FALSE(cgroup_bpf_enabled_key, MAX_CGROUP_BPF_ATTACH_TYPE); EXPORT_SYMBOL(cgroup_bpf_enabled_key); +bool cgroup_bpf_current_enabled(enum cgroup_bpf_attach_type type) +{ + struct cgroup *cgrp; + struct bpf_prog_array *array; + + rcu_read_lock(); + cgrp = task_dfl_cgroup(current); + rcu_read_unlock(); + + array = rcu_access_pointer(cgrp->bpf.effective[type]); + return array != &bpf_empty_prog_array.hdr; +} +EXPORT_SYMBOL(cgroup_bpf_current_enabled); + /* __always_inline is necessary to prevent indirect call through run_prog * function pointer. */ From patchwork Wed Oct 25 09:42:24 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Michael_Wei=C3=9F?= X-Patchwork-Id: 157980 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce89:0:b0:403:3b70:6f57 with SMTP id p9csp2479858vqx; Wed, 25 Oct 2023 02:46:17 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGrrgoepqw1AvFaPHfAetSGv5Ff72+mAlFL006mFYhDQEWRcipMImdcIxgJ3R3HfarcgoF/ X-Received: by 2002:a0d:db08:0:b0:5a8:250f:687c with SMTP id d8-20020a0ddb08000000b005a8250f687cmr17457757ywe.15.1698227177690; Wed, 25 Oct 2023 02:46:17 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1698227177; cv=pass; d=google.com; s=arc-20160816; b=zweCFCKVImQezioXju0a/43i1jivzee0SXxtiX52KKY5mXuu3p2qhmAtZfKbyFwyIH rrT6hxekXuXUvuTwqqPTkDdRTksf2R4VWyE0isrJbH/yAxqVaJ5g6in8LWUsThgDSMDX MJ6veKm7ffW/ksAOi1UyNAaUJQnrfuS0b9/4aBCTAtalJb1iKN+hWhbvou0hKYPOBdVq l5ZzatmwVXlWfdZBiv3QMnwVJ2p2PeG8Tp/VZ0QLK1ttD8mwmcHBS5l0ifk9hyAuYMfC ZadkqR9kfYdwDYEA+UKdVgwrunc9egdWon7+cpyVcieL+uKtYujMd6Ux66uTgXCoVgwl 3HwA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:content-transfer-encoding :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature:ironport-hdrordr:ironport-data:ironport-phdr :ironport-sdr:ironport-phdr:dkim-signature; bh=DoBalLWLPB6Ex/PCn/0LGWfZ/GMPhkIwzBLLpsE+xXI=; fh=U9u/esc0XBb8N/pVu7kudxJPwEQ0AyrThcmR2LpYyxQ=; b=x/KKDXLBlCFM153Wl2a4ZijVkfDgve9Wt6WCzzLaDbBfFlwL6DFTb2RWuDcPI4lcrr Rxw6NuotdzoXkrh8u2nen1iMReOVY78/xSZqngVdCb7hhQFR8PXEAZWjgrpKUE72Ae1H oLv2FnPtRQgXm8ZNjEpsq/uJDIBF99MjY2D03eMZiFHcNRiljuReg0EpIcDjR5WPKNEq 19hdGZ6Apjm3tEFLsw6npJoaPMO7xR7CyXcDmc7g/rfTb9WmMfnhvBOv0t9QjPDbM1xK 0Nr0ZEH7l/OdkUaNHWkpUs9szV2ncQbWTLNHI6iIhsotKWFbpx+74kb1VvRuKn9KtGfH xUiA== ARC-Authentication-Results: i=2; mx.google.com; dkim=fail header.i=@aisec.fraunhofer.de header.s=emailbd1 header.b=HZhUoJq6; dkim=pass header.i=@fraunhofer.onmicrosoft.com header.s=selector2-fraunhofer-onmicrosoft-com header.b=OXA40DVp; arc=pass (i=1 spf=pass spfdomain=aisec.fraunhofer.de dkim=pass dkdomain=aisec.fraunhofer.de dmarc=pass fromdomain=aisec.fraunhofer.de); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from morse.vger.email (morse.vger.email. [2620:137:e000::3:1]) by mx.google.com with ESMTPS id w18-20020a814912000000b0059c0f98ec97si9874641ywa.311.2023.10.25.02.46.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Oct 2023 02:46:17 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) client-ip=2620:137:e000::3:1; Authentication-Results: mx.google.com; dkim=fail header.i=@aisec.fraunhofer.de header.s=emailbd1 header.b=HZhUoJq6; dkim=pass header.i=@fraunhofer.onmicrosoft.com header.s=selector2-fraunhofer-onmicrosoft-com header.b=OXA40DVp; arc=pass (i=1 spf=pass spfdomain=aisec.fraunhofer.de dkim=pass dkdomain=aisec.fraunhofer.de dmarc=pass fromdomain=aisec.fraunhofer.de); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by morse.vger.email (Postfix) with ESMTP id C39C3809E8BE; Wed, 25 Oct 2023 02:45:14 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at morse.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234615AbjJYJpA (ORCPT + 26 others); Wed, 25 Oct 2023 05:45:00 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37428 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234728AbjJYJoi (ORCPT ); Wed, 25 Oct 2023 05:44:38 -0400 Received: from mail-edgeka27.fraunhofer.de (mail-edgeka27.fraunhofer.de [IPv6:2a03:db80:4420:b000::25:27]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C5A3FDC; Wed, 25 Oct 2023 02:44:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=aisec.fraunhofer.de; i=@aisec.fraunhofer.de; q=dns/txt; s=emailbd1; t=1698227056; x=1729763056; h=from:to:cc:subject:date:message-id:in-reply-to: references:content-transfer-encoding:mime-version; bh=qzVt3VB4NoMV3791Rxk9znEgZCQUazCxH50RMqNmfz8=; b=HZhUoJq6CSA/ACbbNvk3a8Gjx86om/EXS/O32Fnij5WiJxiVCH/5b+nl T+fHNI111YqWyCCkFwUfrn/lVClZG4eANAY2PlwBayVysI+L4aXnoMo4S Wi4MuSuu3Dj+rMsIFgBRu3ISh+SlSo+/doiclMKb6ovp4N+TIEZ2+/nKR GqgWEzjQ5sMQ/GXPS+lX7rjbshmz/On+dS7kP8gxL27Gz5thrfNVVYIx5 sKGtnJm+MrTykq+LzCpx3L/kRK+HD7MmpZAPCAyVXN+xiG3CjU7LagiSF O/R3mimbaB8GNbN2Zg3Ctvc8rmGtDrjvbus7siSOQHAuaiFolDydL4eH0 w==; X-CSE-ConnectionGUID: Ci1Zmj02Q5+mZ5bmad/g6g== X-CSE-MsgGUID: 4RqfGTtARkG5zBguGsmWnA== Authentication-Results: mail-edgeka27.fraunhofer.de; dkim=pass (signature verified) header.i=@fraunhofer.onmicrosoft.com X-IPAS-Result: A2E2AABB4jhl/xoBYJlaHQEBAQEJARIBBQUBQIE7CAELAYI4gleEU4gdiUGcKiqBLIElA1YPAQEBAQEBAQEBBwEBRAQBAQMEhH8ChxonNAkOAQIBAwEBAQEDAgMBAQEBAQEBAgEBBgEBAQEBAQYGAoEZhS85DYQAgR4BAQEBAQEBAQEBAQEdAjVUAgEDIwQLAQ0BATcBDyUCJgICMiUGAQ0Fgn6CKwMxshh/M4EBggkBAQawHxiBIIEeCQkBgRAuAYNbhC4BhDSBHYQ1gk+BSoJEb4RYg0aCaIN1hTwHMoIigy8pi36BAUdaFhsDBwNZKhArBwQtIgYJFi0lBlEEFxYkCRMSPgSBZ4FRCoEDPw8OEYJCIgIHNjYZS4JbCRUMNQRJdhAqBBQXgRFuBRoVHjcREgUSDQMIdh0CESM8AwUDBDQKFQ0LIQVXA0QGSgsDAhoFAwMEgTYFDR4CEC0nAwMZTQIQFAM7AwMGAwsxAzBXRwxZA2wfGhwJPA8MHwIbHg0yAwkDBwUsHUADCxgNSBEsNQYOG0QBcwedTYJNGQeBDnliIlsckk+DQwGueQeCMYFeoQkaBC+XK5JPLpgOIKgIAgQCBAUCDgiBY4IWMz5PgmdSGQ+OIAwWFoNAj3t0AjkCBwEKAQEDCYI5hBSEfgEB IronPort-PHdr: A9a23:z5bbSR8KWx2Npf9uWXO9ngc9DxPPxp3qa1dGopNykalHN7+j9s6/Y h+X7qB3gVvATYjXrOhJj+PGvqyzPA5I7cOPqnkfdpxLWRIfz8IQmg0rGsmeDkPnavXtan9yB 5FZWVto9G28KxIQFtz3elvSpXO/93sVHBD+PhByPeP7BsvZiMHksoL6+8j9eQJN1ha0fb4gF wi8rwjaqpszjJB5I6k8jzrl8FBPffhbw38tGUOLkkTZx+KduaBu6T9RvPRzx4tlauDXb684R LpXAXEdPmY56dfCmTLDQACMtR5+Gm8WxzZPKQHByC7eZr2vnzu9jsF7n3G+EvL4f/cbfAyi7 IZ0WjXMrD8cGn0pwECC2akSxKgOhyKI+0RT/ZaJXIKpNb1FQoT8TdZCXXptcfRcVClPDpOZN ZoCU9oQesgDsq2trncNpgSxKgb3JszvzwVioy/p87wR1tolGEbe3zc4DvkKunfSncWuZb8vQ /qb/bfzzB7aaNh72mblz9nvdQgz/fSBZI9OUOOK6kwEST3Zggm2p4fdeBWLj+oJimi23rs4b ser0UQ3tTB1hCmUls4Pm472pbs6lUnG3g9Sm6gEcI7wWAt6e9miCJxKq2SAOpBrRt93W2hzo 3VSItwuvJe6eG0HxJsqxBeFNLqJaYGV5BLkWuuLZzt11zppe7O60g676lPoivb9Wc+9zEtQo 2Jbn8PNuHEA212b6sWORvZnuEb08TiV3h3V6uZKLFpykqzeKpU7xaU3mIZVukPGdhI= X-Talos-CUID: 9a23:CBfdiWwn537T4fnfRamqBgU/G5kXd3+Flk6NYEqKVGxsQbHSRgGfrfY= X-Talos-MUID: 9a23:fmtPbghqjBmjjkJiBICC+MMpaP1x7YuSFGk3krpbqeOLKANrPgibpWHi X-IronPort-Anti-Spam-Filtered: true X-IronPort-AV: E=Sophos;i="6.03,250,1694728800"; d="scan'208";a="1597282" Received: from mail-mtaka26.fraunhofer.de ([153.96.1.26]) by mail-edgeka27.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Oct 2023 11:43:11 +0200 IronPort-SDR: 6538e32e_j66fqEKm0PJE88y0HQlU39rkjzJ4/UyWhB1Plu45Tg+nE2z xSTxrN96tLjfq0JZlBu8iwr4WcW38MdujSt5xJg== X-IPAS-Result: A0BZAABB4jhl/3+zYZlaHQEBAQEJARIBBQUBQAkcgRYIAQsBgWZSB4FLgQWEUoNNAQGETl+GQYIhOwGcGIEsgSUDVg8BAwEBAQEBBwEBRAQBAYUGAocXAic0CQ4BAgEBAgEBAQEDAgMBAQEBAQEDAQEFAQEBAgEBBgSBChOFaA2GTQIBAxIRBAsBDQEBFCMBDyUCJgICMgceBgENBSKCXIIrAzECAQGlLwGBQAKLIn8zgQGCCQEBBgQEsBcYgSCBHgkJAYEQLgGDW4QuAYQ0gR2ENYJPgUqCRG+IHoJog3WFPAcygiKDLymLfoEBR1oWGwMHA1kqECsHBC0iBgkWLSUGUQQXFiQJExI+BIFngVEKgQM/Dw4RgkIiAgc2NhlLglsJFQw1BEl2ECoEFBeBEW4FGhUeNxESBRINAwh2HQIRIzwDBQMENAoVDQshBVcDRAZKCwMCGgUDAwSBNgUNHgIQLScDAxlNAhAUAzsDAwYDCzEDMFdHDFkDbB8WBBwJPA8MHwIbHg0yAwkDBwUsHUADCxgNSBEsNQYOG0QBcwedTYJNGQeBDnliIlsckk+DQwGueQeCMYFeoQkaBC+XK5JPLpgOIKgIAgQCBAUCDgEBBoFjPIFZMz5PgmdPAxkPjiAMFhaDQI97QTMCOQIHAQoBAQMJgjmEFIR9AQE IronPort-PHdr: A9a23:jwvf0BcPoGpij1yC0tdIxGHZlGM+/N/LVj580XJao6wbK/fr9sH4J 0Wa/vVk1gKXDs3QvuhJj+PGvqynQ2EE6IaMvCNnEtRAAhEfgNgQnwsuDdTDDkv+LfXwaDc9E tgEX1hgrDmgZFNYHMv1e1rI+Di89zcPHBX4OwdvY+PzH4/ZlcOs0O6uvpbUZlYt5nK9NJ1oK xDkgQzNu5stnIFgJ60tmD7EuWBBdOkT5E86DlWVgxv6+oKM7YZuoQFxnt9kycNaSqT9efYIC JljSRk2OGA84sLm8CLOSweC/FIweWUbmRkbZmqN5hGvcpDbuy/eic5F8ne3LYrOZrZzARCN0 KlZDzDNsCcEFiEr2kXzktddz7JrgUfywn43ydvzUKjJbNZAZv7hfu8bAlF9eedhUnRZEq+TX YYMCuQNLcMCvoShl0pJg0CjIVmlKODk1TBniSTU8q0/6c4EQR7ozSclIdYH92zXl83kH6MYU uaE3PKZ1QjRdd1nxwz8w5HPWT0i8OmrDJV3adiNzEQWKj3kpw6zrKe7AS+ZisIDuFDcyfQ5W +aWi0MW+llKhzz17Ncyu43vl7lFw3PV8hpa+alqPN+TYmUgT+/xQ9NA8iCAMI1uRdk+Bntlo zs+1ugesIWgL0Diqbwizh/bLvmbequhuEylWvyYPDF4g3xoYvSzikX6/Uuhz7jkX9KvmBZRr yVDm8XRrH1FyRHJ68aGR/c8tkes0DqCzUbSv8lKO0kpk6rcJZM7hLk2k5sYq0PYGSHq3k7xi cer IronPort-Data: A9a23:SAHpj66KcDwUI4vem0pfrwxRtL3DchMFZxGqfqrLsTDasY5as4F+v jAXDTqCOvzcZmDxeIt+b9++9UoFuJbcm4NmGVBrpSthZn8b8sCt6fZ1gavT04N+CuWZESqLO u1HMoGowPgcFyOa/FH3WlTYhSEU/bmSQbbhA/LzNCl0RAt1IA8skhsLd9QR2+aEuvDnRVvW0 T/Oi5eHYgT8g2Qpajt8B5+r8XuDgtyi4Fv0gXRjPZinjHeG/1EJAZQWI72GLneQauG4ycbjG o4vZJnglo/o109F5uGNy94XQWVWKlLmBjViv1INM0SUbriukQRpukozHKJ0hU66EFxllfgpo DlGncTYpQvEosQglcxFOyS0HR2SMoVo9I/3en3vt/Ws7BGBazzi2/5JK28faNhwFuZfWQmi9 NQDLSwVKB2TjOLwzqiyV+9sgcouNo/nMevzuFk5kGqfXKlgGM+SBfyQure03x9o7ixKNfPfb MoQZD4pcxnBeAZnM1YMBZl4kv2hm3//dDNVshSZqMLb5kCNnFAhjuO3aLI5fPSGeO4NpWyFr F7I4nnTJRsZNeG27WaspyfEaujn2HmTtJgpPLS8++5jhlGe3EQWCR0fUVqwsP//gUm7M/pVM UUJ/Cc0has/7kqmSp/6RRLQiHefojYfVsBWHul87xuCooLM6hudLnANUzoEbdshrsJwTjsvv neFltXoCDhHsbqaRHuH/LCE6zW/JUA9JGkOfy4FZQgI+d/upMc0lB2nZtNqCrK0iJvxECzYx zGMsTh4i7gN5eYQ0KO01VPKmTShot7OVAFdzhTXRUqr5EVyY4vNT46v6V6d4/9bMI+TQ1+Nl HcBksmaqusJCPmllzSWQeMCHJmq6uyDPTmahkRgd7E6+zqF9HmkcoRdpjp5IS9BMs8DfSLuS EDUvgxV6dlYO37CRa1wZ5m4I8cn167tEZLiTP+8RsNTb55tdQmv/Tppe0eU0mbx1kMrlMkXJ 5aBdu6+AHAbF+JjzTyrV6Eay7Bt2yNW7WbSRpT81Dy8w7eEaXKUD7cYWHOHa+Ejs/iFpC3a9 t9eM42BzBA3ePbzeCba2Y4aKVQbKz4wApWeg8ZPeMadLQd8XmIsEfncxfUmYYMNt6BUkPrYu 3KwQElVzHLhinDdbwaHcHZubPXoR5kXhXY6OzE8eFiz13U9bIKH8qgSbd00cKMh+eglyuR7J 8TpYO3ZX68KG2uComtMKMCn88p8cVKgwwyUNjejYD8xcoQmSwGhFsLYQzYDPRImV0KfncUkq qCm1gTVTIBFQAJnDc3Mb+mowU/3tn8Y8N+elWOWSjWKUBS9rNpZOGbqg+UpIsoBDxzGy3HIn 0yVGBoU762F6YM87NCD1+jOopaLAtlOOBNQP1DayrKqagjc3G6omrFbXMiyIDvyaWLT+YeZX 9tz8c3SCvM8sWxxg9JOKIozlaMazPnzloBe1TVhTSnqbUz0K7ZOIUum/Mhot49Nz49/vTqnB 0eE//cDM7CJJvHgLk81ITAhT+Wc1MM7nivZwuQ1LX7bug523uujemdDMyacjBdyKONOD7ok5 uM6qegq6wCboTg7AOas1yx72TyFES0dbv8BqJofPr7OtiMq7VNzObrnFS785cC0WeVma0UFD Gedu/vfuu562EHHTnsUEErN18p7gbAlmkhD7H0GFmSztuv1vN0F9zwPzm1vVSVQ9AtN7MxrM GsyN0FVG7SHzw01uOd9BVKTCyNzLzzH3Hfuymk5tnzTFGipcW3vEFcTG8iw+GIhzmYNWQQDo Z+5zj7+XCfIbfPB+HI4eXRYpszJSf1z8Qz/m/6bIfmVIqliYRTZr/+vQUEqtyrYBdgAgRybh Otyo8d1R67JFQ8RhKwZGYOq76s0TS7YFTZNXMNn3qMFIjzbcmuA3TOPdkODQeJWBvnw6UTjI ddfFsFOcBWf1Si1sTEQA5AXEYJ0hPIE4NkjeKvhAGw774uksTtitazP+hjEhGMER8tkleA/I Njzcw2uP3Oxh3wOvUPwt+hBZ3SFZOcbaD3G3Oya9PsDE7QBurpOdWAwyr6FgGWHAjB4/h67v BLxWIGO9rZMkb9TporLFrlPIy6WKtmpDeSBz12VguR0NNjKNZ/DihMRplzZJD9pBLo2Welst LGzodXyjVLkvrE3bjjjoKO/NZJ1vOe8YOkGFfjMDih+vTCDU8rS8Rc86ziGCZhWouh8uOijZ SWFMfWVS/BEdetZ9nNvbwpmLy08EIXyN6fpmjO8pa+DCz8byg32E+mk/n7IM0BeWDcDYaP8L grGqsee2M1Rg9VJNi8lGsNJPp5cC33gUJsAaNfem2S5DG6po1XaoZrkt0Mqxg/qA0m+MvTRw Mz6VDmnUzrqo4DO7tVSk7Iqjy0tFHwn3NUBJBMMyeB5mxWRLTAgL91EFb4kF5sNsCj59K+gV QH3dGF4VBnMB2VVQy7dvubmcByUXNEVG9HDITcswUOYRgG2CK6EA5pj7i1Q2Gh3SBSy0NCYL cwixVOoMiiT2p1JQcMh1s6/i8pjxdLYwSss0mL5mMrQHR0fIOsr0FpMIQlzbhHEQvr9zBjzG WsIRG56GRDxDQa7FMt7YHdaFS0IpD6lnX1icS6Lx82ZoImBivFJzPrkIezoz7kfd4IwKaUTQ W/sDX64i4xMNqf/ZYNy0z7xvZJJNA== IronPort-HdrOrdr: A9a23:xZH4bK9yVjpisfWi52Zuk+HRdb1zdoMgy1knxilNoENuHfBwxv rDoB1E73LJYVYqOU3Jmbi7Sc29qBTnhOJICOgqTMqftWzd1ldAQ7sSi7cKrweQeREWs9Qtrp uIEJIOeeEYc2IK9PoSiTPQe71LoKjlzEnrv5al854Ed3AVV0gK1XYfNu/0KDwSeOEQbqBJa6 Z1haJ81nidkSt9VLX+OpFhN9Kz5OEj2aiWFyLvQHUcmXyzpALtzIS/PwmT3x8YXT8K66wl63 L5nwvw4bjmm+2nyzfHvlWjpKh+qZ/E8J9uFcaMgs8aJnHHkQCzfrlsXLWEoXQcvPyv0lA3i9 PByi1Qd/ib00mhM11dnCGdlzUJiF0VmjDfIB6j8DLeSPXCNXgH45Erv/MWTvKW0TtggDhG6t M444uojesmMfr+plWP2zGxbWATqqOVmwtXrQdBtQ0pbWK1Us4Q3MsiFQVuYdI9IB4= X-Talos-CUID: 9a23:icDzJGmq7kwBPX/iZjg8t+KpErHXOVPR/EeLJh++MFlKFPqNDlGI84RDveM7zg== X-Talos-MUID: 9a23:gJA+kgxBFqTCNE1KuTM3Ejj8PMqaqKiTIxg2u4gMh8eZKAZXMTScsR2THqZyfw== X-IronPort-Anti-Spam-Filtered: true X-IronPort-AV: E=Sophos;i="6.03,250,1694728800"; d="scan'208";a="68486320" Received: from 153-97-179-127.vm.c.fraunhofer.de (HELO smtp.exch.fraunhofer.de) ([153.97.179.127]) by mail-mtaKA26.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Oct 2023 11:43:10 +0200 Received: from XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) by XCH-HYBRID-03.ads.fraunhofer.de (10.225.9.57) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.27; Wed, 25 Oct 2023 11:43:09 +0200 Received: from DEU01-FR2-obe.outbound.protection.outlook.com (104.47.11.169) by XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.27 via Frontend Transport; Wed, 25 Oct 2023 11:43:09 +0200 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=IfDRYR/Q5+DZRHCcfiMo2+5flEmg5AOuadpqe4ZJ1psNYgKCTblPG25UL4QIp+cQCEin++Fsc5Y6RV/v7zi/0gTPdcaDnYkw3njSnyU0Pjrdi22ESXWWuS16FteDZv6FlsmeaqIIdgiG+3se4rW+7oOdFsTmyKuZk6CPAbZN3hZVucLRpnl6xsvtOnuT38RjZ7lTNBiwtAN8K2oEqPtXPX28BoX3jNHar3bDIHxmkoHQI0TBtbE2E1bXN+tWCTLn7p3cYRbU4IKr9vB+vpQsp+WePHqOTwngfudFvc4QpYgbYQVmVe/nSKMV2CWi7hwTiwGLqyCkwPwv6WQsTN0bgA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=DoBalLWLPB6Ex/PCn/0LGWfZ/GMPhkIwzBLLpsE+xXI=; b=Gj3DQu/b/hzAn5HHX+okmqhIPf522URAnlISz3OJ4MTvbO2H41jA3SB0jYjHlnru9UtXmaZQ2VEVvElRJgM0hPVnlDUtyHLEFLLu+inJx2EzE4sEgDYwKK7OfqoFVjMBYvPaBxVCZpgG3CHcBafvDeD+y9PK6yAa88ju3lAuxwXBlpIbvNDINw5HqkgYBERjHt8x6LnZtpJpmB6sm9js29ztKvizHDepZxbiWGypSDZQB6OEbmmNd9Ozaxzkx3MKLu6B8OuR2/AfT0vtm9eKPSamz9z2OEnWte6yVgWpPCbSN75LiXMaBrl2RgRZBdQtPYCb67q93Os7/OYTjAgrXw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=aisec.fraunhofer.de; dmarc=pass action=none header.from=aisec.fraunhofer.de; dkim=pass header.d=aisec.fraunhofer.de; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fraunhofer.onmicrosoft.com; s=selector2-fraunhofer-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DoBalLWLPB6Ex/PCn/0LGWfZ/GMPhkIwzBLLpsE+xXI=; b=OXA40DVp5TkTi/STOIXm0pxDGZekmfdxM2ye4Xy/F3uL8aDkcwgGg3JGhmRBM8wFyCmVla/pkSpyClbknYx39pUzrFYvSiCqoCEk9pO9Oopz4meQUVIA3KmC6Vtd4NfcP/Nv1flQhEY90SMl2BxvYlNyS8aKyoWKQG7qjCBC3FY= Received: from BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:50::14) by BE0P281MB0116.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:f::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6933.19; Wed, 25 Oct 2023 09:43:08 +0000 Received: from BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM ([fe80::7330:78f8:1bf2:2f4d]) by BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM ([fe80::7330:78f8:1bf2:2f4d%5]) with mapi id 15.20.6933.019; Wed, 25 Oct 2023 09:43:08 +0000 From: =?utf-8?q?Michael_Wei=C3=9F?= To: Alexander Mikhalitsyn , Christian Brauner , Alexei Starovoitov , Paul Moore CC: Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Quentin Monnet , Alexander Viro , Miklos Szeredi , Amir Goldstein , "Serge E. Hallyn" , , , , , =?utf-8?q?Michael_Wei=C3=9F?= Subject: [RESEND RFC PATCH v2 14/14] device_cgroup: Allow mknod in non-initial userns if guarded Date: Wed, 25 Oct 2023 11:42:24 +0200 Message-Id: <20231025094224.72858-15-michael.weiss@aisec.fraunhofer.de> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20231025094224.72858-1-michael.weiss@aisec.fraunhofer.de> References: <20231025094224.72858-1-michael.weiss@aisec.fraunhofer.de> X-ClientProxiedBy: FR4P281CA0420.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:d0::17) To BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:50::14) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BEZP281MB2791:EE_|BE0P281MB0116:EE_ X-MS-Office365-Filtering-Correlation-Id: ea45e0e1-34be-418f-00ee-08dbd53ecb86 X-LD-Processed: f930300c-c97d-4019-be03-add650a171c4,ExtAddr X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: xp9vHEDO7YKQGdJBEgpvTdwBY/OZvvOdNSTsjNFJO7Hhn0fKtjuYeJEBjp8/KSbuhPyyxSAVQfoHukT//WsfLBpe/uPYQqs3BL+2aBicE9Vi/43+g8NMzd00WTTbBm0J+ADYuF2WUiz4iMqZSDt02dDEVxFm8YJEM6/WPTGDpqbqn0H5vAIrO/+ltq/D3e/tvcvnT4u3+f6w1lHxxmJPa/O4O4nUw7IBvz8a11ySUMJTGr55qeqiQ2xIvuBzDJbD6gBZySeFJS3cX4rfsF3YdtfSdelXC4AvvITvKweOVPhSdzLuj3EVxesHlTtZhbjRQHBbStM08chUMdqpkuJu/eZKUKtKx0LQOpLtYQ8lNLrzycaLVG31DhSA/ttfgxX6ooCMSvyu2SWsIsLA/YFGeRJysTOCzuMjlLgWfl08sqigubmZnjqlqR4SyFcjDb1zNBsBpeJz1x4dIjuOzDIQCPZ4LBwZhj/upjpJP1L38s7H3KUEmvLsD+gVnLpzDACLDK/8ZEySqQTU82Vzj2yE8SWOSKga4+OB+qIcoFwQF1Fi77JpAKgpFmfuTYqN5R4lwtq+aDaA/p18VzDHqxwTyWl17PZxknH//FNoIKR/WQg= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230031)(366004)(346002)(136003)(396003)(376002)(39860400002)(230922051799003)(1800799009)(186009)(64100799003)(451199024)(66946007)(83380400001)(316002)(38100700002)(6486002)(478600001)(6666004)(54906003)(110136005)(66556008)(66476007)(1076003)(107886003)(52116002)(6506007)(2616005)(6512007)(7416002)(2906002)(86362001)(4326008)(8936002)(82960400001)(8676002)(41300700001)(5660300002);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?QNvpCRmPirIocUNuXAHH5hlox10a?= =?utf-8?q?7eQGZnLlZvP8kPW64h2MgvXN4wrUc1DvowuDNIcu4q8O8bTjDcj9wWeyWHEmG1k7u?= =?utf-8?q?CMnxabmDw3tsI27X/KETxdV5EEtS2ORqqe4Sk+ogneyQe3jwkOA9Hfy9/lZbxsnWk?= =?utf-8?q?DBeDnb+ih+gzdUYe8zWyKFEh7Uqw2IxuU7/Jh/11/Z3IoqyvShg6eUSw2NS9bg1IR?= =?utf-8?q?wkIcj/B2pVlzzSoMZe4xQJ7n7+5C06T98LVn8JPzzzmAKeyHK36aOB8pIV6SECN30?= =?utf-8?q?gfQmLSovk1+Vc/8gLfwaXwvPZdB4NVuRDQrJR7NhEwCTc5ULBOtLaYd40snaS9K0M?= =?utf-8?q?cfVDvPcxci+7aaZ3nw5Ufd6VwtzbkpWLKDt+LKp9rDdwvX07yD5h+1/I/z/4Zwm1F?= =?utf-8?q?G3Ndkb0TWE1/r27teuTnA4JBKearIvkrwegAfBtKbVzHPBkFSsIVC1Suuix8mh3Pb?= =?utf-8?q?tMwHESDcJVFFwK4nQ5ugsnv86976Ql9HdX+DKbMtXhZBo6+hcee02M6X/Mv0Kb1NK?= =?utf-8?q?0P5iJfA+rW5UtrvB/WxpiQjDZ22aMpsDOfAisUArxPNpBY1z70fQoLcXXWkmjkNjO?= =?utf-8?q?rlfaumpBkmllQQQPnz5m20rCkG9c/h0v1Tu+rALjjqyxfHmyP7NJNXcfq/ehw3uuj?= =?utf-8?q?mODDwK9UzgTFmgaQMEtoy+SsnZRbOVTOU4NJuLK3fdsuBwMFc5g7FYSlyKeW+USt2?= =?utf-8?q?aCyurVTZ6jzZOfqZxn1+17V6p72MgwoOffYvQK9DXSXJ9gP6qwDk5aquYUtmJoZCA?= =?utf-8?q?AR/8ewzbuw1qwgw8BTNopqygovtiZkKHwsas+OY6fDqrbutDCRDB3hE32vc5HYsp/?= =?utf-8?q?NObonOtcaU3NU531gL+brkvzJoud1NEop2uvoM9JZRDeZFrHuwBVzSR4JbWfcL5T6?= =?utf-8?q?xZR3v6RXWOI+wBrCh3KKxSTZXHj3XIIsgxnFAtvie8rHzHUbiCoXNGtZh8jV9GKQe?= =?utf-8?q?D3f1MX47UQuzgdQg2v5IXfr7pGHkODtOoCGNJUsjy83MPSpuZz/hkW2lZP+bo9WA2?= =?utf-8?q?YW9AzF/LH97DUUb8POTAZfz7nCVLDyZ0RMJnHc2PqK6MobWJJa7IKu6HW2AUZ4QR8?= =?utf-8?q?DEpM/RO3sgL7cgi0lNdJrMljDBDkwz3Z3yoN4Uu45hbiChkQEanstJIKxuS/4ej3v?= =?utf-8?q?5H9BiVDf++hDfmjktOhby1ntGCay4gr7dYuO1uQEbwmNd6qBM8q1nxibFZhGjStbv?= =?utf-8?q?7Rs6ZSdBbJ1Rhx1ZsI8LvGK3QjrrZT2MrtZF6uL5X2g5xHJvJF5TbdYk2DeXBdurJ?= =?utf-8?q?qBPJsJcMudMtvZHYb7+SImN6Hsx/ONdQkxHk6aLDoW7/kqbnyUuNcK9mO/k1j8A6x?= =?utf-8?q?EU45ZU9+x+qwE1QdRNXX66W9q8z5Sjubhnoh8pDF5YaOXFVtDH5FIbWTcbdVZ6Eue?= =?utf-8?q?59vbVAhZCfoThAAaf909P3uMzzwJxs3YSwYfrDN/QaR+Mxz7uudlO754DYjUgrst+?= =?utf-8?q?koXIWKLoLBdv3fhwqzqPjd7kQTkEH09hv+Slybljo7M24Fczg2TQrszsCdC5FPRZh?= =?utf-8?q?c0Djljqlz5I09J1mvDIGL9Q7wSdwNkC0ZCu4mzzHIg5fDC9CcL5HwzITo2MGaPiI/?= =?utf-8?q?4KCENG/4w0jsKfUaqrpCrMF316NWrq0tde+GMsYf28bVqY/zbLLiWI=3D?= X-MS-Exchange-CrossTenant-Network-Message-Id: ea45e0e1-34be-418f-00ee-08dbd53ecb86 X-MS-Exchange-CrossTenant-AuthSource: BEZP281MB2791.DEUP281.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Oct 2023 09:43:08.4202 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f930300c-c97d-4019-be03-add650a171c4 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Z032ILo5eW7I8M+KBfdtf1e0rMwDPPIOXQExBCaJmEgcIpSqrTqqI8upd6o3CV8zOR56tK3qR9iIL6m+Mtsloeo04bS7dWN+jZSPqUjCIA21sPyuzRUWrTr2Ca/lV8Zw X-MS-Exchange-Transport-CrossTenantHeadersStamped: BE0P281MB0116 X-OriginatorOrg: aisec.fraunhofer.de X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on morse.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (morse.vger.email [0.0.0.0]); Wed, 25 Oct 2023 02:45:14 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1780720261041846790 X-GMAIL-MSGID: 1780720261041846790 If a container manager restricts its unprivileged (user namespaced) children by a device cgroup, it is not necessary to deny mknod() anymore. Thus, user space applications may map devices on different locations in the file system by using mknod() inside the container. A use case for this, we also use in GyroidOS, is to run virsh for VMs inside an unprivileged container. virsh creates device nodes, e.g., "/var/run/libvirt/qemu/11-fgfg.dev/null" which currently fails in a non-initial userns, even if a cgroup device white list with the corresponding major, minor of /dev/null exists. Thus, in this case the usual bind mounts or pre populated device nodes under /dev are not sufficient. To circumvent this limitation, allow mknod() by checking CAP_MKNOD in the userns by implementing the security_inode_mknod_nscap(). The hook implementation checks if the corresponding permission flag BPF_DEVCG_ACC_MKNOD_UNS is set for the device in the bpf program. To avoid to create unusable inodes in user space the hook also checks SB_I_NODEV on the corresponding super block. Further, the security_sb_alloc_userns() hook is implemented using cgroup_bpf_current_enabled() to allow usage of device nodes on super blocks mounted by a guarded task. Signed-off-by: Michael Weiß --- security/device_cgroup/lsm.c | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/security/device_cgroup/lsm.c b/security/device_cgroup/lsm.c index a963536d0a15..6bc984d9c9d1 100644 --- a/security/device_cgroup/lsm.c +++ b/security/device_cgroup/lsm.c @@ -66,10 +66,37 @@ static int devcg_inode_mknod(struct inode *dir, struct dentry *dentry, return __devcg_inode_mknod(mode, dev, DEVCG_ACC_MKNOD); } +#ifdef CONFIG_CGROUP_BPF +static int devcg_sb_alloc_userns(struct super_block *sb) +{ + if (cgroup_bpf_current_enabled(CGROUP_DEVICE)) + return 0; + + return -EPERM; +} + +static int devcg_inode_mknod_nscap(struct inode *dir, struct dentry *dentry, + umode_t mode, dev_t dev) +{ + if (!cgroup_bpf_current_enabled(CGROUP_DEVICE)) + return -EPERM; + + // avoid to create unusable inodes in user space + if (dentry->d_sb->s_iflags & SB_I_NODEV) + return -EPERM; + + return __devcg_inode_mknod(mode, dev, BPF_DEVCG_ACC_MKNOD_UNS); +} +#endif /* CONFIG_CGROUP_BPF */ + static struct security_hook_list devcg_hooks[] __ro_after_init = { LSM_HOOK_INIT(inode_permission, devcg_inode_permission), LSM_HOOK_INIT(inode_mknod, devcg_inode_mknod), LSM_HOOK_INIT(dev_permission, devcg_dev_permission), +#ifdef CONFIG_CGROUP_BPF + LSM_HOOK_INIT(sb_alloc_userns, devcg_sb_alloc_userns), + LSM_HOOK_INIT(inode_mknod_nscap, devcg_inode_mknod_nscap), +#endif }; static int __init devcgroup_init(void)