From patchwork Wed Feb 21 21:24:32 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Seth Forshee (DigitalOcean)" X-Patchwork-Id: 204448 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:693c:2685:b0:108:e6aa:91d0 with SMTP id mn5csp1311208dyc; Wed, 21 Feb 2024 13:37:06 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCXFVacx9QB4WMraTwOweIqZOSkKA/yjzRUGrEwCdOjtfvPBuDnPpI38GGojnZVbkr0ZfxK5UdFC4iVIVDkoFP1adVadmg== X-Google-Smtp-Source: AGHT+IEzwsrELozTFRvaX73/8BSOb3rbrrBg7bbqgz/wC9uplknmsHJU46VcaYgB8VH110RoCkfV X-Received: by 2002:a05:6a00:4185:b0:6e4:6062:e978 with SMTP id ca5-20020a056a00418500b006e46062e978mr11953802pfb.1.1708551426135; Wed, 21 Feb 2024 13:37:06 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708551426; cv=pass; d=google.com; s=arc-20160816; b=Ub52eKN5efcPPSlOLpThQhXLCJZQ8H+qEvKs2orLpEPxnX2qm5uBTaFWq9PGncFxMr G682qcaLX/58LVKvKo6J0M7JdfSoP4kzMo54MPNZJoStpRbxi8E7TD0nx+TpPVWAJzdK YdPXB7jfyhQszfd/Fho9PAaR1JDXeeODpRd/GJyAFVbyKmU6kuxjZPW1q+ejl9nthJD7 YcAJySk2YjgtRfVVQ66rmrbqAf4WjDfkAdOQvBpDRtJQR50R6eCOwjmjHJKDd9HRbtDq OzB5DDsDMVVnJlLa2RHd1Hzm1oCSUC1D1h1Nut2JGV5GabGlMJw5oFIg3Y9i+f+Km54R yK5g== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :subject:date:from:dkim-signature; bh=7bQucsGPtkKtu+NfyF8eMzvGeNOQfUqaZzFw/7uBLaw=; fh=hxP78V52DM11AQyZLnuoXzboSedtf373GjK953393po=; b=qxlAFrrZGeI0Rbn9C7DZqXVGNpXn5ALLj+q0K2fTheCCZXQGUqETImBFvVmI5hsq61 Hs9LWN/9OGqZIezBinMGrqkr6+A+oqhDDhb5dnzeHjPUYSFrq+g0w96hrZPQi9PSQypk 5K4Q58jDqt2tsy/tRwiuh0AxJexAVaytCE37+9HJsyrwz6qtgOi9q/LTHT1niQ2ZQJ6m X8dLfVlqPBUrP1prjJADs0yXXFopTsRqaDwjYyc6M9IJg5C49APITdq76TpGe9d+mhEV qdbtzeKpZ8fqVvVYKAm2MtObEshmJYsEsmPGzzOFxc+4/gSIPMBnlcGLqLbhMXdNSXxF 4YPw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=qqKvgODs; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-75522-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-75522-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id s6-20020a056a00178600b006e48c57e8b9si2341680pfg.268.2024.02.21.13.37.05 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 21 Feb 2024 13:37:06 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-75522-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=qqKvgODs; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-75522-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-75522-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id B7CCEB266A4 for ; Wed, 21 Feb 2024 21:30:04 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 2E81714D446; Wed, 21 Feb 2024 21:25:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="qqKvgODs" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 051B685927; Wed, 21 Feb 2024 21:25:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708550706; cv=none; b=ksBBUscTtNeHVRKTQ33gs+xmRpnyL0aORIEHsxnRrWU4OmLZ7peDs1c1VTCQI5ZALVKjYui9bdOvmU2460SRa/HOpKLe1HfJCnjeJP5egAQfCAXhEftNil5lrtaT9kkpSyLBst7Kvw9ZKlH7bf/fNsTu80TO+qMWDYS7hKc7hzw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708550706; c=relaxed/simple; bh=POA0PrUTN0FKS/Ur9K0S38PgsRMyq3Vpis2kmg0j4iE=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=RTJk0VYZUCc1fi2aZSS62mVxQdaFSBKjnvXCglN2MzO1zz0M+NL/83MsZV6jtskgoHdIzvoum19G5kDMMhbauWVdVyX/6HBBZ29ym9453svLME0EdK56POTiLVJ7XDtv+eD+3/0PMkajYbHKrNnSq6DNbu5sUDhcF/X4HMnoIQk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=qqKvgODs; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPS id A553EC43390; Wed, 21 Feb 2024 21:25:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1708550705; bh=POA0PrUTN0FKS/Ur9K0S38PgsRMyq3Vpis2kmg0j4iE=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=qqKvgODsKJnsTaYg73BSok+1W6QS0nZeWSmY/OoFMRN/Yo2iKo6D60IXChaqGt0wq jQmnQX6sifPQ9jgl5rOuzwWgepvyOLtBnNKJOoPbWl9J63yZGl80o8XheQ9C00pTs7 r8NYLFy7jIuV8FkFcwy9/0jl0+wDbHf7JZoGdUXnwaNl2KDP0QhfJYgQhSenOfNqwS gtqUCdl2HpfLiDCqBXUtodU9lzsHmM/fu1J11vvZJ+8X9ZsF/UEp7XI7TiArFRD5kc /0OyZ9SGhM5UYp9qfKqB0zy3LoY1c4UuL8ne4EpevTlFG68XePgGCMiIibWi9MH+Au P1gK6wgVgmP5g== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 89D7CC5478B; Wed, 21 Feb 2024 21:25:05 +0000 (UTC) From: "Seth Forshee (DigitalOcean)" Date: Wed, 21 Feb 2024 15:24:32 -0600 Subject: [PATCH v2 01/25] mnt_idmapping: split out core vfs[ug]id_t definitions into vfsid.h Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20240221-idmap-fscap-refactor-v2-1-3039364623bd@kernel.org> References: <20240221-idmap-fscap-refactor-v2-0-3039364623bd@kernel.org> In-Reply-To: <20240221-idmap-fscap-refactor-v2-0-3039364623bd@kernel.org> To: Christian Brauner , Seth Forshee , Serge Hallyn , Paul Moore , Eric Paris , James Morris , Alexander Viro , Jan Kara , Stephen Smalley , Ondrej Mosnacek , Casey Schaufler , Mimi Zohar , Roberto Sassu , Dmitry Kasatkin , Eric Snowberg , "Matthew Wilcox (Oracle)" , Jonathan Corbet , Miklos Szeredi , Amir Goldstein Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, audit@vger.kernel.org, selinux@vger.kernel.org, linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org, linux-unionfs@vger.kernel.org X-Mailer: b4 0.12.4 X-Developer-Signature: v=1; a=openpgp-sha256; l=5431; i=sforshee@kernel.org; h=from:subject:message-id; bh=POA0PrUTN0FKS/Ur9K0S38PgsRMyq3Vpis2kmg0j4iE=; =?utf-8?q?b=3DowEBbQGS/pANAwAKAVMDma7l9DHJAcsmYgBl1moYRgftQvnaAhwOC79xM2UkR?= =?utf-8?q?CSDp2SfLboi/uca_yap7limJATMEAAEKAB0WIQSQnt+rKAvnETy4Hc9TA5mu5fQxy?= =?utf-8?q?QUCZdZqGAAKCRBTA5mu5fQxydMWCA_CHRl2ahpZ1XKaT9DAva+dTXDWZTZpLPKpm7?= =?utf-8?q?33cX3EuV3oihFi32EJQ+Hbq/1ldRB2eErVaDK91yBAd_VYE7/nJsEKc/ba9Ky35Ow?= =?utf-8?q?IschvNvH9KXD5jqpQpkd+kPdAd1T/X46nbVnBjZ0aWzPPeZmct0OAi+wG_Y2Y5ALq?= =?utf-8?q?TlJpHmtT8g2DFxWNYq8K08IvK+3vID7WhxzDmcUTeLKxMWiIqPrybnPekmiscIc5D?= =?utf-8?q?oUrMxz_Hn2Em05Yu8OId/6I1Kz9rtmzWSYPJqM6lFPekAY3jtogoHVIU9dmN9HkZE?= =?utf-8?q?WzCTpB8PPDUCjuGqD5J5?= +VK4khbwbHHVfmKGEE64anWErIPwII X-Developer-Key: i=sforshee@kernel.org; a=openpgp; fpr=2ABCA7498D83E1D32D51D3B5AB4800A62DB9F73A X-Endpoint-Received: by B4 Relay for sforshee@kernel.org/default with auth_id=103 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1791546020479596485 X-GMAIL-MSGID: 1791546020479596485 The rootid member of cpu_vfs_cap_data is a kuid_t, but it should be a vfsuid_t as the id stored there is mapped into the mount idmapping. It's currently impossible to use vfsuid_t within cred.h though as it is defined in mnt_idmapping.h, which uses definitions from cred.h. Split out the core vfsid type definitions into a separate file which can be included from cred.h. Signed-off-by: Seth Forshee (DigitalOcean) Reviewed-by: Christian Brauner --- MAINTAINERS | 1 + include/linux/mnt_idmapping.h | 66 +------------------------------------- include/linux/vfsid.h | 74 +++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 76 insertions(+), 65 deletions(-) diff --git a/MAINTAINERS b/MAINTAINERS index 73d898383e51..6286d78a759a 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -8210,6 +8210,7 @@ S: Maintained F: Documentation/filesystems/idmappings.rst F: fs/mnt_idmapping.c F: include/linux/mnt_idmapping.* +F: include/linux/vfsid.h F: tools/testing/selftests/mount_setattr/ FILESYSTEMS [IOMAP] diff --git a/include/linux/mnt_idmapping.h b/include/linux/mnt_idmapping.h index cd4d5c8781f5..f463b9e1e258 100644 --- a/include/linux/mnt_idmapping.h +++ b/include/linux/mnt_idmapping.h @@ -4,6 +4,7 @@ #include #include +#include struct mnt_idmap; struct user_namespace; @@ -11,61 +12,6 @@ struct user_namespace; extern struct mnt_idmap nop_mnt_idmap; extern struct user_namespace init_user_ns; -typedef struct { - uid_t val; -} vfsuid_t; - -typedef struct { - gid_t val; -} vfsgid_t; - -static_assert(sizeof(vfsuid_t) == sizeof(kuid_t)); -static_assert(sizeof(vfsgid_t) == sizeof(kgid_t)); -static_assert(offsetof(vfsuid_t, val) == offsetof(kuid_t, val)); -static_assert(offsetof(vfsgid_t, val) == offsetof(kgid_t, val)); - -#ifdef CONFIG_MULTIUSER -static inline uid_t __vfsuid_val(vfsuid_t uid) -{ - return uid.val; -} - -static inline gid_t __vfsgid_val(vfsgid_t gid) -{ - return gid.val; -} -#else -static inline uid_t __vfsuid_val(vfsuid_t uid) -{ - return 0; -} - -static inline gid_t __vfsgid_val(vfsgid_t gid) -{ - return 0; -} -#endif - -static inline bool vfsuid_valid(vfsuid_t uid) -{ - return __vfsuid_val(uid) != (uid_t)-1; -} - -static inline bool vfsgid_valid(vfsgid_t gid) -{ - return __vfsgid_val(gid) != (gid_t)-1; -} - -static inline bool vfsuid_eq(vfsuid_t left, vfsuid_t right) -{ - return vfsuid_valid(left) && __vfsuid_val(left) == __vfsuid_val(right); -} - -static inline bool vfsgid_eq(vfsgid_t left, vfsgid_t right) -{ - return vfsgid_valid(left) && __vfsgid_val(left) == __vfsgid_val(right); -} - /** * vfsuid_eq_kuid - check whether kuid and vfsuid have the same value * @vfsuid: the vfsuid to compare @@ -96,16 +42,6 @@ static inline bool vfsgid_eq_kgid(vfsgid_t vfsgid, kgid_t kgid) return vfsgid_valid(vfsgid) && __vfsgid_val(vfsgid) == __kgid_val(kgid); } -/* - * vfs{g,u}ids are created from k{g,u}ids. - * We don't allow them to be created from regular {u,g}id. - */ -#define VFSUIDT_INIT(val) (vfsuid_t){ __kuid_val(val) } -#define VFSGIDT_INIT(val) (vfsgid_t){ __kgid_val(val) } - -#define INVALID_VFSUID VFSUIDT_INIT(INVALID_UID) -#define INVALID_VFSGID VFSGIDT_INIT(INVALID_GID) - /* * Allow a vfs{g,u}id to be used as a k{g,u}id where we want to compare * whether the mapped value is identical to value of a k{g,u}id. diff --git a/include/linux/vfsid.h b/include/linux/vfsid.h new file mode 100644 index 000000000000..90262944b042 --- /dev/null +++ b/include/linux/vfsid.h @@ -0,0 +1,74 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +#ifndef _LINUX_MNT_VFSID_H +#define _LINUX_MNT_VFSID_H + +#include +#include +#include + +typedef struct { + uid_t val; +} vfsuid_t; + +typedef struct { + gid_t val; +} vfsgid_t; + +static_assert(sizeof(vfsuid_t) == sizeof(kuid_t)); +static_assert(sizeof(vfsgid_t) == sizeof(kgid_t)); +static_assert(offsetof(vfsuid_t, val) == offsetof(kuid_t, val)); +static_assert(offsetof(vfsgid_t, val) == offsetof(kgid_t, val)); + +#ifdef CONFIG_MULTIUSER +static inline uid_t __vfsuid_val(vfsuid_t uid) +{ + return uid.val; +} + +static inline gid_t __vfsgid_val(vfsgid_t gid) +{ + return gid.val; +} +#else +static inline uid_t __vfsuid_val(vfsuid_t uid) +{ + return 0; +} + +static inline gid_t __vfsgid_val(vfsgid_t gid) +{ + return 0; +} +#endif + +static inline bool vfsuid_valid(vfsuid_t uid) +{ + return __vfsuid_val(uid) != (uid_t)-1; +} + +static inline bool vfsgid_valid(vfsgid_t gid) +{ + return __vfsgid_val(gid) != (gid_t)-1; +} + +static inline bool vfsuid_eq(vfsuid_t left, vfsuid_t right) +{ + return vfsuid_valid(left) && __vfsuid_val(left) == __vfsuid_val(right); +} + +static inline bool vfsgid_eq(vfsgid_t left, vfsgid_t right) +{ + return vfsgid_valid(left) && __vfsgid_val(left) == __vfsgid_val(right); +} + +/* + * vfs{g,u}ids are created from k{g,u}ids. + * We don't allow them to be created from regular {u,g}id. + */ +#define VFSUIDT_INIT(val) (vfsuid_t){ __kuid_val(val) } +#define VFSGIDT_INIT(val) (vfsgid_t){ __kgid_val(val) } + +#define INVALID_VFSUID VFSUIDT_INIT(INVALID_UID) +#define INVALID_VFSGID VFSGIDT_INIT(INVALID_GID) + +#endif /* _LINUX_MNT_VFSID_H */ From patchwork Wed Feb 21 21:24:33 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Seth Forshee (DigitalOcean)" X-Patchwork-Id: 204438 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:693c:2685:b0:108:e6aa:91d0 with SMTP id mn5csp1308053dyc; Wed, 21 Feb 2024 13:29:49 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCU2yIwVbQyUE6vURL4ZdcLfyz+49eUvMSIG28BAkB3j0Q9XLavf6qgPxPZpN9mSXch2yQox0pzjFqJINsXqsuc037tIGA== X-Google-Smtp-Source: AGHT+IFkAGjRAS1ahb8YrzXJpADg0bwOhjHB+Ht1j1CZypLKpWCzlqPc8g91zYk8WyaQ0Y9kugEC X-Received: by 2002:a17:90a:17a1:b0:299:d96f:9145 with SMTP id q30-20020a17090a17a100b00299d96f9145mr7074053pja.0.1708550989148; Wed, 21 Feb 2024 13:29:49 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708550989; cv=pass; d=google.com; s=arc-20160816; b=GlhIXhlU7lzblrUHpuIdCI3PWeY6DB9nHqqW88hD9gX0JJ2+OQEA7IsBixskZwQO1t DcVhqomGj7Jnyz4Ze1/cbyhknsRG4zGvBIQmLnUnwzSd482otKq/OmSKa75oNS4Zd34S 5d2Ffp9W4orUDMCOEKRfgsna7W7vWds2Up8JVVIVytgKkskl60u9a5gk/spzFBfD4zk1 P8irqv45SiXGyVvWi8wPQDS79x0ZKhMHjPJFHiL1tURXp2YITRN1vNS0SFnTEEWBAN/P QxnYvn76JcZpLc8s0uhkZR+XuRURkcfQ/44aIFQSatQ2tGROQ/M699LIIz1ZcdqKLi+6 FCoQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :subject:date:from:dkim-signature; bh=NMHZF4qNteFyVRrfU3ZolRoDHIx3grL/WE+F5SaQ6jk=; fh=hxP78V52DM11AQyZLnuoXzboSedtf373GjK953393po=; b=tbEGx0qb/8cX+4iJj9MWIuIWKKVA1V86QweG//Up6LiL5tn0nyqxDdw+8k35S83ROD JfOyD6yV762ucFKR/54Sj30WdBNGoIwNUEMhQf2rG6eb0vNwM8F19mnmoOmT4wmETlHS mnQzf6agZ0B7iji54Qr2qIq9pezoeYUh5+kaD/tLI54NF2s85aTfGz2cD5vwI2sSnuvp A0oaFYBrEAVZK4FmJ0S55Qm4wxPnmTiMRoKAddOBnu3BC7V6M5GXsecjhIRp7TJyMzwq JtdyTh8+TnL3/wyr+22f2+W0X3t2qnAs4QmnaEoTj9fGNI+rTXX4IFyZuGV1TNJc8lHB KBvQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=uXPYl07o; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-75523-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-75523-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id d16-20020a17090ad99000b002996b6e08cesi2184538pjv.25.2024.02.21.13.29.49 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 21 Feb 2024 13:29:49 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-75523-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=uXPYl07o; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-75523-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-75523-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id F413E2867DD for ; Wed, 21 Feb 2024 21:29:48 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id AEB5C14C59B; Wed, 21 Feb 2024 21:25:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="uXPYl07o" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1A7EC126F2A; Wed, 21 Feb 2024 21:25:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708550706; cv=none; b=joUsvo0W/cyCmTR0gUF0Stldrr5XoHonDBnEkACQM5dAkQZ+9fmC/Skl9GTIJUowi13KL0wuXGsv+YJ5iAdllkGr/OF03CkDae4k51olsaejIS+HiL413pSMxF21Xfa5GzOWtAbufl84JBXjVQveEGGB9XatKavFtmtHLgJIPEQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708550706; c=relaxed/simple; bh=s8BhiBRhiwiAP2lDz8YD4FeHbwY0FdRcy4khC2QXOeo=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=O0ZOSo3bUG4inu5/QzZDulXaIEk0zkszcoTjQUHgFtXHbLP8ULgEu1Rr2TuxCndOYDZVn4H2IHzip4hChwCHtWXQGnt0iu9nxU1LJbQWhAPnZhAe1S5tple5nIYdmGXNOoNXd23viUmnSTE+48zdfRAWT5s7V/WfYx8ShiNFn+c= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=uXPYl07o; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPS id B86F8C43399; Wed, 21 Feb 2024 21:25:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1708550705; bh=s8BhiBRhiwiAP2lDz8YD4FeHbwY0FdRcy4khC2QXOeo=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=uXPYl07oVJX+lSh2eI/G9ENNQzwWI9Mvd+lPPnS6208khlfYH04meDoyVGSUGw3vD Y5dT61JFbTj9wiNDaIw/OrzWU9sphp7z0rSs4bU2n9aiPNCnvZiq1PgoJc6pv8ZUeK iFQslb7CZGoiI7eahfCmzZiklTbrNC2fa6pYy5Q15bhI84I36YOjG/0nAz3cdtqBvp mVdJlooRtDlj5cx14RgtR2sX1xQ4lRc0gLLmPpMa7YN0j4tLMP8bxmVhYkwg/4UEW3 NQJgDWDfuuWKAoe3A+ehgmX5GcrurfMsCXplT5qOaUjzLxp7o0QQkdgHx2gQ9meX2J ZxY03ei4WaFIQ== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 987E5C48BEB; Wed, 21 Feb 2024 21:25:05 +0000 (UTC) From: "Seth Forshee (DigitalOcean)" Date: Wed, 21 Feb 2024 15:24:33 -0600 Subject: [PATCH v2 02/25] mnt_idmapping: include cred.h Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20240221-idmap-fscap-refactor-v2-2-3039364623bd@kernel.org> References: <20240221-idmap-fscap-refactor-v2-0-3039364623bd@kernel.org> In-Reply-To: <20240221-idmap-fscap-refactor-v2-0-3039364623bd@kernel.org> To: Christian Brauner , Seth Forshee , Serge Hallyn , Paul Moore , Eric Paris , James Morris , Alexander Viro , Jan Kara , Stephen Smalley , Ondrej Mosnacek , Casey Schaufler , Mimi Zohar , Roberto Sassu , Dmitry Kasatkin , Eric Snowberg , "Matthew Wilcox (Oracle)" , Jonathan Corbet , Miklos Szeredi , Amir Goldstein Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, audit@vger.kernel.org, selinux@vger.kernel.org, linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org, linux-unionfs@vger.kernel.org X-Mailer: b4 0.12.4 X-Developer-Signature: v=1; a=openpgp-sha256; l=615; i=sforshee@kernel.org; h=from:subject:message-id; bh=s8BhiBRhiwiAP2lDz8YD4FeHbwY0FdRcy4khC2QXOeo=; =?utf-8?q?b=3DowEBbQGS/pANAwAKAVMDma7l9DHJAcsmYgBl1moZWJyTYqEQXXwQLJ5EhCO4I?= =?utf-8?q?sZaODJ1GwzPRkjR_O9Ooj0yJATMEAAEKAB0WIQSQnt+rKAvnETy4Hc9TA5mu5fQxy?= =?utf-8?q?QUCZdZqGQAKCRBTA5mu5fQxycLAB/_4gilqSDMXmqmW5ACdjlSaK8IVbKVXj692sO?= =?utf-8?q?mAd52ZU7RyDpRMqErfeo+jKA9HZ4jpNMRinnIbv5ZJc_IgyPm1VNoeYHtZ3uI+nzh?= =?utf-8?q?AuZFC6/OM+l+muPeJwJFVYuiRHY0MnqLcJ402ZyYNVL5NCRfHg0HB09x+_p8g4irx?= =?utf-8?q?XYe4CvbNPE7Hj4Nl8+MePzf15MKpUJS1fMu5eW+uEkv0BRqLqbIkXGqoGLyP28E8x?= =?utf-8?q?hjA0HY_Il7EAF6BoAhxoG52+v9loCyzJZjiN4oMZ5A1QRkvhA9MEZRXmz386l+/K1?= =?utf-8?q?dmGAwPxn6EbEOtRlfb55?= qnL3LrPDn/o6PZFFOlK7G26VetuwcU X-Developer-Key: i=sforshee@kernel.org; a=openpgp; fpr=2ABCA7498D83E1D32D51D3B5AB4800A62DB9F73A X-Endpoint-Received: by B4 Relay for sforshee@kernel.org/default with auth_id=103 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1791545561957177158 X-GMAIL-MSGID: 1791545561957177158 mnt_idmapping.h uses declarations from cred.h, so it should include that file directly. Signed-off-by: Seth Forshee (DigitalOcean) Reviewed-by: Christian Brauner --- include/linux/mnt_idmapping.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/linux/mnt_idmapping.h b/include/linux/mnt_idmapping.h index f463b9e1e258..6deba8d5481e 100644 --- a/include/linux/mnt_idmapping.h +++ b/include/linux/mnt_idmapping.h @@ -5,6 +5,7 @@ #include #include #include +#include struct mnt_idmap; struct user_namespace; From patchwork Wed Feb 21 21:24:34 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Seth Forshee (DigitalOcean)" X-Patchwork-Id: 204447 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:693c:2685:b0:108:e6aa:91d0 with SMTP id mn5csp1311110dyc; Wed, 21 Feb 2024 13:36:46 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCXsb40O55SPE2d1EjVsQlFOdkbFfWLy0IEFJkkc5D3qj3X8PA5XuXOjriG6lxnlMCS+r+0RzsiVRjm4ipLtkwPkL8ok1A== X-Google-Smtp-Source: AGHT+IGRtgpubVEEI1FscMIFFroVo/H555DKM2vRXrDsdyVXq+AMwrb82xK8G2MWeVlL/gItHN1V X-Received: by 2002:a05:6a21:1645:b0:19e:3136:1727 with SMTP id no5-20020a056a21164500b0019e31361727mr15356013pzb.53.1708551406573; Wed, 21 Feb 2024 13:36:46 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708551406; cv=pass; d=google.com; s=arc-20160816; b=ylLPqTs5IdrH0TH6zWofaDVt1gnm0x2ZnpTGibaEoNjs5Si3SBKjehdgbNX6vdkO5Z YLoGA+SUpKCv46gH/vjJJzu69ATwuUIFdpnGqJqPI9FvHVEj5SM+b9Lv0qjEPx4Ra3tl fRoEX3FLYVxNKjOwk5AKxw9wP/o6EdS5YjfKYNsGx7D4V5XplxLSHyS0+qgi9axpLccT zST5XDcFzJP3QlI62N/xcZ4uhMo438nxe/0Qpoo8z/vRMpW4W2dkXeBjVMJnfCJCsIfD KlCbZQR2BqwIrWtD9DOokXRvXeVx/POiQi2Yi+bUPWzZSX5IoYhMGAqrW5Iav/j1oNOH UfAA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :subject:date:from:dkim-signature; bh=ZClMFQPnnX300dsK4J1CYHxViUoX0CGgOe9Vosl6ObM=; fh=hxP78V52DM11AQyZLnuoXzboSedtf373GjK953393po=; b=vh4vQwNmPaATrruF5KdYQpkOGYR7U/PtO1WeSIfYOGlfB23mCVzKKKLegalgH4FJPN hPzWyRpR/XYyatNMx5BMAynTOc8fiBdCBQdgr3/M68qAwmbiXNIzpYwcEfjuYSdlzsDJ owrZodaFz3xRVB/iea0DjIRKUCmjt0cjtD5RZOIpribCxaCeeF2ZYyGqeReV3dcym/Ck eBuAKTTz/hz30xjLdQZtTp4nAtMGr8lOVbvJRYacSG9ztn+siw8zoCK36VIDOFNJ52eC 4DpnZVv2+vJtcvyoqXBg2JvYfuXhon3f8XOL5mTg4VjGaX+JG0CELA5vG/R7I5WUZ1KF x3eg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="AOHOscL/"; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-75525-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-75525-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id e7-20020a056a0000c700b006e3a4766c74si7492482pfj.328.2024.02.21.13.36.46 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 21 Feb 2024 13:36:46 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-75525-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="AOHOscL/"; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-75525-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-75525-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id DDB87B263E6 for ; Wed, 21 Feb 2024 21:29:51 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id B6FC314C5A8; Wed, 21 Feb 2024 21:25:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="AOHOscL/" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1A847126F37; Wed, 21 Feb 2024 21:25:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708550706; cv=none; b=s+Tyb/1adFhbgjmvpSOn16ahmo+bvHVa99SDNGqBz+iBTHEUM7SuJeBZzrvScsMEXqhTp1AwJcqmdHkHAz3ot+nZcnH9+Utjcn52sWNa7S5rSghCdG5zQXyaWVuFEqifVBoUQ3+U8MRR0Nms1+bExFY2WHY3mCEp01lGO7CBOXs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708550706; c=relaxed/simple; bh=bxTL27ZkILW3Z/PzdK+zkxv1J47CpCEVsrwmLCLu4uQ=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=QF50VmNq9egvcicmhu7XRlB0hduNG4nQ0xCLssKiu6UcZnp4ennrpCGl32gBGOlpah/RKiM8IJM62IvD3QqL0qX0LMTAmSFOkK3f2ZahGzVwg4/EI2RgMTLJuQDoXiEWUpL7WZrju336yeCB5qaGRYYNA0Wt3WhoN2YcKn/VDYs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=AOHOscL/; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPS id C711BC43394; Wed, 21 Feb 2024 21:25:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1708550705; bh=bxTL27ZkILW3Z/PzdK+zkxv1J47CpCEVsrwmLCLu4uQ=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=AOHOscL/gjT4JPVPVXnI5f9pRqdhqa/wBBC75l1WdNJ6VbSJSV31AtM1BKILqsmUA sjYzkl1/isGO7UsLJOsgrnlLXrX05mSEhr1WiSOTZEz7ig2nmpG7W8J6frSzVd9LG+ Z2ybF5x+PHjg1EAllZ3tvUZu2YDU8e7KnFimS2EFFEClLob/yjzuGf7jkU9sfYOZWq /NWaLnD9y4GFIlQalpBw2q6tuQGWIJKUk3cObd/ODZW9JERyRtyJ1E9vKF8QEdwra4 MBeM617WCZQUqFp/utwbyPkujJtwOzKN3tQHgqTX1Gouv3+FIWWEosjryZOgo75+nS pWriqrFtdh4yQ== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A8FDEC5478D; Wed, 21 Feb 2024 21:25:05 +0000 (UTC) From: "Seth Forshee (DigitalOcean)" Date: Wed, 21 Feb 2024 15:24:34 -0600 Subject: [PATCH v2 03/25] capability: add static asserts for comapatibility of vfs_cap_data and vfs_ns_cap_data Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20240221-idmap-fscap-refactor-v2-3-3039364623bd@kernel.org> References: <20240221-idmap-fscap-refactor-v2-0-3039364623bd@kernel.org> In-Reply-To: <20240221-idmap-fscap-refactor-v2-0-3039364623bd@kernel.org> To: Christian Brauner , Seth Forshee , Serge Hallyn , Paul Moore , Eric Paris , James Morris , Alexander Viro , Jan Kara , Stephen Smalley , Ondrej Mosnacek , Casey Schaufler , Mimi Zohar , Roberto Sassu , Dmitry Kasatkin , Eric Snowberg , "Matthew Wilcox (Oracle)" , Jonathan Corbet , Miklos Szeredi , Amir Goldstein Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, audit@vger.kernel.org, selinux@vger.kernel.org, linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org, linux-unionfs@vger.kernel.org X-Mailer: b4 0.12.4 X-Developer-Signature: v=1; a=openpgp-sha256; l=1385; i=sforshee@kernel.org; h=from:subject:message-id; bh=bxTL27ZkILW3Z/PzdK+zkxv1J47CpCEVsrwmLCLu4uQ=; =?utf-8?q?b=3DowEBbQGS/pANAwAKAVMDma7l9DHJAcsmYgBl1moa/fJIxAg3DN6LOTcQsDvH+?= =?utf-8?q?cZkYg8eiXdC9JTK_9qLOZZKJATMEAAEKAB0WIQSQnt+rKAvnETy4Hc9TA5mu5fQxy?= =?utf-8?q?QUCZdZqGgAKCRBTA5mu5fQxyYwTB/_0d04ClkP7dmDAlcfihBhhJW2R5p6fTL0P2e?= =?utf-8?q?SnUHdh3EIvIuiO7fUd8A1x3SG34fs+5Dvuh9su7zIEW_EIkSiAN6/ApACZYiaq8hA?= =?utf-8?q?6USOPOYTJoprKB9gxYdSZnwtM0jBsTQJJBWeniB0tmsNqNK5IcG+4zjzf_9T+E79h?= =?utf-8?q?tjMvGDgTfzhPO4Rz4RDUXIp4f743XGZig4ke+wGBits11N8mEtI93rEHrj2RYYHjs?= =?utf-8?q?bFC5wB_spyh4kqE0A8w5lxKuce5v4NGcHPr8rawPMXMe/3gbFJTGSB1biA/M9v2Sa?= =?utf-8?q?lORt97iZEgk3CuwSNFuW?= mtlO95lKDpr28Q6/Y6GSGWAay4GQM9 X-Developer-Key: i=sforshee@kernel.org; a=openpgp; fpr=2ABCA7498D83E1D32D51D3B5AB4800A62DB9F73A X-Endpoint-Received: by B4 Relay for sforshee@kernel.org/default with auth_id=103 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1791545999286729611 X-GMAIL-MSGID: 1791545999286729611 Capability code depends on vfs_ns_cap_data being an extension of vfs_cap_data, so verify this at compile time. Suggested-by: Christian Brauner Signed-off-by: Seth Forshee (DigitalOcean) Reviewed-by: Christian Brauner --- include/uapi/linux/capability.h | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/include/uapi/linux/capability.h b/include/uapi/linux/capability.h index 5bb906098697..0fd75aab9754 100644 --- a/include/uapi/linux/capability.h +++ b/include/uapi/linux/capability.h @@ -16,6 +16,10 @@ #include +#ifdef __KERNEL__ +#include +#endif + /* User-level do most of the mapping between kernel and user capabilities based on the version tag given by the kernel. The kernel might be somewhat backwards compatible, but don't bet on @@ -100,6 +104,15 @@ struct vfs_ns_cap_data { #define _LINUX_CAPABILITY_VERSION _LINUX_CAPABILITY_VERSION_1 #define _LINUX_CAPABILITY_U32S _LINUX_CAPABILITY_U32S_1 +#else + +static_assert(offsetof(struct vfs_cap_data, magic_etc) == + offsetof(struct vfs_ns_cap_data, magic_etc)); +static_assert(offsetof(struct vfs_cap_data, data) == + offsetof(struct vfs_ns_cap_data, data)); +static_assert(sizeof(struct vfs_cap_data) == + offsetof(struct vfs_ns_cap_data, rootid)); + #endif From patchwork Wed Feb 21 21:24:35 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Seth Forshee (DigitalOcean)" X-Patchwork-Id: 204439 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:693c:2685:b0:108:e6aa:91d0 with SMTP id mn5csp1308121dyc; Wed, 21 Feb 2024 13:29:59 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCUrEu5dwYitZs25bpiVEGHlWQo2LJG2zDpdVCl5rFzWtvu4fwCP6TD47DrEekNjjyNvzMnH+UTCLOsTcHMU2X7lbD9MwQ== X-Google-Smtp-Source: AGHT+IGp5TGxyEfU0Rc+Gfy+mc5LCwAS6w1vSRzqaV47MhOSqBuYKqocjlrXv7TkiFIO6cTMLJpa X-Received: by 2002:a17:906:6d0b:b0:a3f:51ed:2d4f with SMTP id m11-20020a1709066d0b00b00a3f51ed2d4fmr1519010ejr.49.1708550999626; Wed, 21 Feb 2024 13:29:59 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708550999; cv=pass; d=google.com; s=arc-20160816; b=yRZIkq7xPnO2WN4A0ijPvhuVz3f7SDuxkEKfYD42fd2umez1fKna7OW0mwQv/Homin XUqubIzkDvUkYDdrLkNDPIoy7/qiP7sBpsLbJPt0qsZ8+FKks3iYsRf1A3nUt+zE7cNu P95V9eDMZi0II80jBLHWEKoswo8IMzT9Y2UTVEjFjoSB29Yyd2O4luaQBY5ieQ6t+qcT M971JqYt6UGe2D7Hcca9tCsbNC7cihpqaEo4xRRyqPvOGWvSjezLiDTNTph5VGcNo4SC ZO925Pe5In4ecbeMN14Z5+HstNLW5w1w1tBpC8rKCbujPNUsLM1VR14GhWPCJxSguHHx F1Pg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :subject:date:from:dkim-signature; bh=vBPKIN57KclvTw+WLBDp0KNO9aT3r6Qws881KazwgqM=; fh=hxP78V52DM11AQyZLnuoXzboSedtf373GjK953393po=; b=bNjrRD0c+tCkLpg3YF5V96w3t3/LI/TJhJ0KwbVPv8T6tBnV2ueXK2QERiMuipZM+F o6aybBeUm6Vm2lRnhfDS4g9WA+M/NKAYRM1YdCwOpYpTSgi0PoaAtsqkm1+3vPu4O/8R xMyFMQzhX0CuIQVeb/hn7EyLlRrwhaE/LJs0tFOUxvWAQ+gOZfJb5ALwZLepvGggaOpz UewGRxjjgpz2VX/1bf/YG0bq0hzNmhYwbcbryBsinwg3v3DigREI7CGzOeu81zp424hQ +WnD57BBbFByC8BDzJHakMVxjDm5UgI9qur1h4N8b8MXpQoWN5gdS13Euc7rcEQ5UjIj g1YA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Fcm3hib9; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-75524-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-75524-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id qf5-20020a1709077f0500b00a3ec9d2cdf5si2720253ejc.452.2024.02.21.13.29.59 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 21 Feb 2024 13:29:59 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-75524-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Fcm3hib9; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-75524-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-75524-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id D6E5F1F230D9 for ; Wed, 21 Feb 2024 21:29:58 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id E99F414D435; Wed, 21 Feb 2024 21:25:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="Fcm3hib9" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1A4D5126F22; Wed, 21 Feb 2024 21:25:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708550706; cv=none; b=epMT59YZR/00MVkLCi3Rns9b/ElM2uRGDgeuwoWWwLSof2Ff5ix5Qur1D3xNBNU9e7/xUwaXWvJ/nPBh0qTtl/cKgLPYCnqzHepPoNFgGJSdcWNsIjzeZP8h3BC7rInaDN9ojzvNoSB5mtZGtV04arp4WgEERMTnaECnndUoYWM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708550706; c=relaxed/simple; bh=Y5Y30p4SCfTGfQg8oU5oIf6A+JB4LZOuEG/nIXEuQzs=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=XJ91hQbpw/n3pbHyyqa0aZhABKBG0aVG/ge/eva84oQAyAHR/ztMQ3T2i+FWJtoLWy+P1Q1zU9mCJ9NBohjdXLybAqZK1qUhMcf0mjl6+WVeTZHIL5IvDCL9Kg70ZkLluUf/H3Kp//xGE4KzppHRKPVp1Wk/qFJHGbrw8Ppc5u4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=Fcm3hib9; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPS id CBABDC43601; Wed, 21 Feb 2024 21:25:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1708550705; bh=Y5Y30p4SCfTGfQg8oU5oIf6A+JB4LZOuEG/nIXEuQzs=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=Fcm3hib9cZ7v6IA4PdMbWds9TcIQjq1Pe0abjXDgnWnXea7U66tAyZEJ9AqU/WzOr k0Ke9qMTzeRQcrCl1ZpoW9YR5mrz/NZxsxXlQiXvhqIsQ3ZwYE9XzF3oG0P9PV4Y+U REMePuXyccPVR9aXWY3Y72WgxLUnON1uU3jbNBAtEZ+Hd6SRJvkYXCyBLN+GWOwHYh g1cIu/yHGW9iwkbs1qFnkRLb9NZXFxQhQmDPgOKHaeigRwEf7TOAJdNJsB5qhIKB7r 2gtYPmo4bvWYmah5ftVUSetfRzgnfUMSIjq+EJHd0t9g8erLoOuByKpelp5tIWm/+B qSAHqbhs6UoCQ== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id B8FDBC5478A; Wed, 21 Feb 2024 21:25:05 +0000 (UTC) From: "Seth Forshee (DigitalOcean)" Date: Wed, 21 Feb 2024 15:24:35 -0600 Subject: [PATCH v2 04/25] capability: rename cpu_vfs_cap_data to vfs_caps Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20240221-idmap-fscap-refactor-v2-4-3039364623bd@kernel.org> References: <20240221-idmap-fscap-refactor-v2-0-3039364623bd@kernel.org> In-Reply-To: <20240221-idmap-fscap-refactor-v2-0-3039364623bd@kernel.org> To: Christian Brauner , Seth Forshee , Serge Hallyn , Paul Moore , Eric Paris , James Morris , Alexander Viro , Jan Kara , Stephen Smalley , Ondrej Mosnacek , Casey Schaufler , Mimi Zohar , Roberto Sassu , Dmitry Kasatkin , Eric Snowberg , "Matthew Wilcox (Oracle)" , Jonathan Corbet , Miklos Szeredi , Amir Goldstein Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, audit@vger.kernel.org, selinux@vger.kernel.org, linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org, linux-unionfs@vger.kernel.org X-Mailer: b4 0.12.4 X-Developer-Signature: v=1; a=openpgp-sha256; l=3545; i=sforshee@kernel.org; h=from:subject:message-id; bh=Y5Y30p4SCfTGfQg8oU5oIf6A+JB4LZOuEG/nIXEuQzs=; =?utf-8?q?b=3DowEBbQGS/pANAwAKAVMDma7l9DHJAcsmYgBl1mobLp7u/pdNjeacbXMjbSmEj?= =?utf-8?q?yV6rMwMwivWNU01_Kh0BkwWJATMEAAEKAB0WIQSQnt+rKAvnETy4Hc9TA5mu5fQxy?= =?utf-8?q?QUCZdZqGwAKCRBTA5mu5fQxyY9qB/_9zUYtdKwx4X8HLo4wnjsbAIGYaWULalOUka?= =?utf-8?q?xXnOKjI5Cs4QTHrFSqLwolWhCcuwuJCqxufBU3HxTnc_mxPuO1+61LNNhi/pCD44c?= =?utf-8?q?/qRrZUVVTkRAtKBczWgUu6i3XXeeqJLm6XeipSXmdG8cXmXYG8Z187Qbq_F5NubGa?= =?utf-8?q?dgplNl+QZZZQxAr5Ejyxm7NmVVnTwEBMdlEobRDFUGTFx2dSAaIon/Yk9iw58upAs?= =?utf-8?q?iDc80O_IxJbm6qPqST7KMcaLpBxCduVum8Kw1Ljhi2YFVnvMFzw1j5/byvyaLLhuW?= =?utf-8?q?5jFhzBU4PIXJo3y89Kng?= MOIi8lpcWkKwus9TggxdTwSRIABNLw X-Developer-Key: i=sforshee@kernel.org; a=openpgp; fpr=2ABCA7498D83E1D32D51D3B5AB4800A62DB9F73A X-Endpoint-Received: by B4 Relay for sforshee@kernel.org/default with auth_id=103 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1791545573417370946 X-GMAIL-MSGID: 1791545573417370946 vfs_caps is a more generic name which is better suited to the broader use this struct will see in subsequent commits. Reviewed-by: Christian Brauner Acked-by: Paul Moore Signed-off-by: Seth Forshee (DigitalOcean) --- include/linux/capability.h | 4 ++-- kernel/auditsc.c | 4 ++-- security/commoncap.c | 8 ++++---- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/include/linux/capability.h b/include/linux/capability.h index 0c356a517991..c24477e660fc 100644 --- a/include/linux/capability.h +++ b/include/linux/capability.h @@ -24,7 +24,7 @@ extern int file_caps_enabled; typedef struct { u64 val; } kernel_cap_t; /* same as vfs_ns_cap_data but in cpu endian and always filled completely */ -struct cpu_vfs_cap_data { +struct vfs_caps { __u32 magic_etc; kuid_t rootid; kernel_cap_t permitted; @@ -211,7 +211,7 @@ static inline bool checkpoint_restore_ns_capable(struct user_namespace *ns) /* audit system wants to get cap info from files as well */ int get_vfs_caps_from_disk(struct mnt_idmap *idmap, const struct dentry *dentry, - struct cpu_vfs_cap_data *cpu_caps); + struct vfs_caps *cpu_caps); int cap_convert_nscap(struct mnt_idmap *idmap, struct dentry *dentry, const void **ivalue, size_t size); diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 6f0d6fb6523f..783d0bf69ca5 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -2247,7 +2247,7 @@ void __audit_getname(struct filename *name) static inline int audit_copy_fcaps(struct audit_names *name, const struct dentry *dentry) { - struct cpu_vfs_cap_data caps; + struct vfs_caps caps; int rc; if (!dentry) @@ -2800,7 +2800,7 @@ int __audit_log_bprm_fcaps(struct linux_binprm *bprm, { struct audit_aux_data_bprm_fcaps *ax; struct audit_context *context = audit_context(); - struct cpu_vfs_cap_data vcaps; + struct vfs_caps vcaps; ax = kmalloc(sizeof(*ax), GFP_KERNEL); if (!ax) diff --git a/security/commoncap.c b/security/commoncap.c index 162d96b3a676..7cda247dc7e9 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -584,7 +584,7 @@ int cap_convert_nscap(struct mnt_idmap *idmap, struct dentry *dentry, * Calculate the new process capability sets from the capability sets attached * to a file. */ -static inline int bprm_caps_from_vfs_caps(struct cpu_vfs_cap_data *caps, +static inline int bprm_caps_from_vfs_caps(struct vfs_caps *caps, struct linux_binprm *bprm, bool *effective, bool *has_fcap) @@ -635,7 +635,7 @@ static inline int bprm_caps_from_vfs_caps(struct cpu_vfs_cap_data *caps, */ int get_vfs_caps_from_disk(struct mnt_idmap *idmap, const struct dentry *dentry, - struct cpu_vfs_cap_data *cpu_caps) + struct vfs_caps *cpu_caps) { struct inode *inode = d_backing_inode(dentry); __u32 magic_etc; @@ -646,7 +646,7 @@ int get_vfs_caps_from_disk(struct mnt_idmap *idmap, vfsuid_t rootvfsuid; struct user_namespace *fs_ns; - memset(cpu_caps, 0, sizeof(struct cpu_vfs_cap_data)); + memset(cpu_caps, 0, sizeof(struct vfs_caps)); if (!inode) return -ENODATA; @@ -725,7 +725,7 @@ static int get_file_caps(struct linux_binprm *bprm, const struct file *file, bool *effective, bool *has_fcap) { int rc = 0; - struct cpu_vfs_cap_data vcaps; + struct vfs_caps vcaps; cap_clear(bprm->cred->cap_permitted); From patchwork Wed Feb 21 21:24:36 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Seth Forshee (DigitalOcean)" X-Patchwork-Id: 204440 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:693c:2685:b0:108:e6aa:91d0 with SMTP id mn5csp1309080dyc; Wed, 21 Feb 2024 13:31:57 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCUrVR+rrh9kf4QS4Fq4LVw9iVOgo+LWz9ab/u2krkMPx6JqcfbbI10c5+zzbaZ+Go06HXWfHppaVTAjzEG8UYl6PvmSwQ== X-Google-Smtp-Source: AGHT+IHKXSpHnkd24Qbti0Gc0ymqfoBIBYCaptxg6g2u/5Duv/hNEUJARpgzStmG09TqhXZ/vD+f X-Received: by 2002:a17:902:fc48:b0:1db:ab9e:8f90 with SMTP id me8-20020a170902fc4800b001dbab9e8f90mr16916203plb.37.1708551117525; Wed, 21 Feb 2024 13:31:57 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708551117; cv=pass; d=google.com; s=arc-20160816; b=B5WuL1UCn7/AqmzEsrzgKggou9+b0Ztg/E2ilGDf2bq6jp9wFo6kdJ3uU+ZKG8Ett/ eLeSbWHFe5Ado/I7aemVE06UXn93xl+S0X2qebsUDsVWcBYev6T44RjA3IKG/jVcb49t klmD0NsdKGt1C/OVALCRmg9hSwvXk1p3qO69P8WWXVTvLcvKTzYE1dZHJNxnk3qsRLlc YXyXfVjolm7XRD6BAWWl44IMATBH0Kx2MFJECVN47hf9vNARyDXInJqMCFnEaUIHclTn PbdYkpvlPru525scRpZPlct2oklXcoi0Uy4UqajIcDXzc66FsRNAIbnTu0N+vyapNHqt bMgw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :subject:date:from:dkim-signature; bh=aarMjRi0WuargejYC9IOxGS7CLuX4jgItHRLXm2Uqxg=; fh=hxP78V52DM11AQyZLnuoXzboSedtf373GjK953393po=; b=RMr9b8At55d9wvYh9gWUO/M3snUKl6yaaX86ovBYatnqlLpezLEtlQ+emMuWdxwTFY n4MXoLt/3DB2JdU/F+Ab7vj5YDh8E5gSR8rYhGeaJQDGUIlW4X0gAdsu3cElxYeFqBeT Ix0A5uspdIpxhdSz2dHfuz+JVbiMMX4xEkAJ+3G3/R9Zw9DFvzpww1/0UqhNng2pcSdg mU+7FQjknLX+hffKQ5zY4gQp7C4SSpUpqHkbcaZSpwTYccM/iHk0ZD7QWheJocc/lCWy +xeO/dQx7Cz7pB9SNHy0YWJOKsXlrE32AC6/7Y1xaz/mQFFyum+sqy1skj/vgnHbHpzv 9KXw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=XjwxMbdv; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-75526-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-75526-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id cp1-20020a170902e78100b001dbf15e6984si6138724plb.329.2024.02.21.13.31.57 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 21 Feb 2024 13:31:57 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-75526-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=XjwxMbdv; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-75526-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-75526-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 5BB5028279E for ; Wed, 21 Feb 2024 21:31:57 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 8CDA6153BE7; Wed, 21 Feb 2024 21:25:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="XjwxMbdv" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 64B73128394; Wed, 21 Feb 2024 21:25:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708550706; cv=none; b=Q4q8JKsmPlno6NaoZkrWCcxn1MSitML1Zes745M4k/I2ohzcWTulvSU+Ae+Mw0yovjndjFXDEdggd18tE4VAj/cUGRAn8456kYzcRhRjlkVcPkHjUY62s597aHe7nzqfEJsqXrcTFCk1oS4lyZU6o0JKhn5UIFLbCbSa2633Vt8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708550706; c=relaxed/simple; bh=YMHnxXBEI/P1sDB6/aXu4KjyTt4t2HZBNesMC/3zNhs=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=DlgR4cYhTE+BjJubSU8YMlbKueXkTuvxL+OqT/ys4zNA0pIowotpo+9642R0bMYVXdkyWmc+ZAxPY+vcKKPdvXujaFJ4CCF+NwxSPBShVo+uTLFoE/e2OJpcSJA0GsKCu5cuDIJluZ0yuBnTXm2fQytvQN2y3kq4um1ZCpLAOWE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=XjwxMbdv; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPS id DA736C43142; Wed, 21 Feb 2024 21:25:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1708550705; bh=YMHnxXBEI/P1sDB6/aXu4KjyTt4t2HZBNesMC/3zNhs=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=XjwxMbdvpIklZ8ZuHRgo1ZSr3vrHNwetBmLgeLQE2/bMuolrgZlbTjx8oPW9vwdgi cLmH0Q2OwPUDxt0zRKR/wdErY+SE0avhim9OvOhNSVr8N1OkjwZFA6YgwD7LElt12Z 5QNuTTmceyB+2/4GW5sZzuzVlJlGSF0xbhruokYGvZYf3iQkr62QmX/uw+8a2XmCVh 9/box8wK3rfkiM0mxilfKZuDCdkYKM/vEn/t/JdMKq8sjN/J8TDYURff8m0KjUKgIL bCu4g1Nv7T5UvRVIbNvsSLgkeF351qz1KsZphPgu4QwgHP+oJvwcSYHFqphnW0jBXy pEYIHqTPQLAAQ== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C73FCC5478C; Wed, 21 Feb 2024 21:25:05 +0000 (UTC) From: "Seth Forshee (DigitalOcean)" Date: Wed, 21 Feb 2024 15:24:36 -0600 Subject: [PATCH v2 05/25] capability: use vfsuid_t for vfs_caps rootids Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20240221-idmap-fscap-refactor-v2-5-3039364623bd@kernel.org> References: <20240221-idmap-fscap-refactor-v2-0-3039364623bd@kernel.org> In-Reply-To: <20240221-idmap-fscap-refactor-v2-0-3039364623bd@kernel.org> To: Christian Brauner , Seth Forshee , Serge Hallyn , Paul Moore , Eric Paris , James Morris , Alexander Viro , Jan Kara , Stephen Smalley , Ondrej Mosnacek , Casey Schaufler , Mimi Zohar , Roberto Sassu , Dmitry Kasatkin , Eric Snowberg , "Matthew Wilcox (Oracle)" , Jonathan Corbet , Miklos Szeredi , Amir Goldstein Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, audit@vger.kernel.org, selinux@vger.kernel.org, linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org, linux-unionfs@vger.kernel.org X-Mailer: b4 0.12.4 X-Developer-Signature: v=1; a=openpgp-sha256; l=2813; i=sforshee@kernel.org; h=from:subject:message-id; bh=YMHnxXBEI/P1sDB6/aXu4KjyTt4t2HZBNesMC/3zNhs=; =?utf-8?q?b=3DowEBbQGS/pANAwAKAVMDma7l9DHJAcsmYgBl1moc9PlzOKO/Kyx+lBa/M3xom?= =?utf-8?q?Z3GPJVZxjtiE7L2_DuW0zcKJATMEAAEKAB0WIQSQnt+rKAvnETy4Hc9TA5mu5fQxy?= =?utf-8?q?QUCZdZqHAAKCRBTA5mu5fQxyWfCB/_43YTrTvfhVuOT0q1B/D6FhejPBxQNkO/BnY?= =?utf-8?q?Q3ZrnKJbTbp44bZUF5mGs5jcP2xDdmAjW4CEnAhSy9M_pSzcb+7UKv6auwA0B0Y6B?= =?utf-8?q?d0Rabx/8z/3pnoUYWlLrgXWJluVZbFhrZmEhI0nSpdP/a3wwqdkBRl7xn_ATu5t0u?= =?utf-8?q?CHGnbdr9CRQvE2DGGQiB0rHgAD6mxoWAPQpW+fKMiBNbPOwu7YKPvaynD5JTZ6Evl?= =?utf-8?q?TiSlrf_whTtvzTnkpe2dGqZVxeEsNQ35AkJQgMEAYwSro7u4f2w9R/b5hO7M8WOg8?= =?utf-8?q?/KkOoZBzahTBqYE+QJg2?= KzNOWFT6FYRXRuHJ01Uf7V739eWk+C X-Developer-Key: i=sforshee@kernel.org; a=openpgp; fpr=2ABCA7498D83E1D32D51D3B5AB4800A62DB9F73A X-Endpoint-Received: by B4 Relay for sforshee@kernel.org/default with auth_id=103 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1791545696520891676 X-GMAIL-MSGID: 1791545696520891676 The rootid is a kuid_t, but it contains an id which maped into a mount idmapping, so it is really a vfsuid. This is confusing and creates potential for misuse of the value, so change it to vfsuid_t. Acked-by: Paul Moore Signed-off-by: Seth Forshee (DigitalOcean) Reviewed-by: Christian Brauner --- include/linux/capability.h | 3 ++- kernel/auditsc.c | 5 +++-- security/commoncap.c | 2 +- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/include/linux/capability.h b/include/linux/capability.h index c24477e660fc..eb46d346bbbc 100644 --- a/include/linux/capability.h +++ b/include/linux/capability.h @@ -16,6 +16,7 @@ #include #include #include +#include #define _KERNEL_CAPABILITY_VERSION _LINUX_CAPABILITY_VERSION_3 @@ -26,7 +27,7 @@ typedef struct { u64 val; } kernel_cap_t; /* same as vfs_ns_cap_data but in cpu endian and always filled completely */ struct vfs_caps { __u32 magic_etc; - kuid_t rootid; + vfsuid_t rootid; kernel_cap_t permitted; kernel_cap_t inheritable; }; diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 783d0bf69ca5..65691450b080 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -65,6 +65,7 @@ #include #include // struct open_how #include +#include #include "audit.h" @@ -2260,7 +2261,7 @@ static inline int audit_copy_fcaps(struct audit_names *name, name->fcap.permitted = caps.permitted; name->fcap.inheritable = caps.inheritable; name->fcap.fE = !!(caps.magic_etc & VFS_CAP_FLAGS_EFFECTIVE); - name->fcap.rootid = caps.rootid; + name->fcap.rootid = AS_KUIDT(caps.rootid); name->fcap_ver = (caps.magic_etc & VFS_CAP_REVISION_MASK) >> VFS_CAP_REVISION_SHIFT; @@ -2816,7 +2817,7 @@ int __audit_log_bprm_fcaps(struct linux_binprm *bprm, ax->fcap.permitted = vcaps.permitted; ax->fcap.inheritable = vcaps.inheritable; ax->fcap.fE = !!(vcaps.magic_etc & VFS_CAP_FLAGS_EFFECTIVE); - ax->fcap.rootid = vcaps.rootid; + ax->fcap.rootid = AS_KUIDT(vcaps.rootid); ax->fcap_ver = (vcaps.magic_etc & VFS_CAP_REVISION_MASK) >> VFS_CAP_REVISION_SHIFT; ax->old_pcap.permitted = old->cap_permitted; diff --git a/security/commoncap.c b/security/commoncap.c index 7cda247dc7e9..a0b5c9740759 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -711,7 +711,7 @@ int get_vfs_caps_from_disk(struct mnt_idmap *idmap, cpu_caps->permitted.val &= CAP_VALID_MASK; cpu_caps->inheritable.val &= CAP_VALID_MASK; - cpu_caps->rootid = vfsuid_into_kuid(rootvfsuid); + cpu_caps->rootid = rootvfsuid; return 0; } From patchwork Wed Feb 21 21:24:37 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Seth Forshee (DigitalOcean)" X-Patchwork-Id: 204451 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:693c:2685:b0:108:e6aa:91d0 with SMTP id mn5csp1312317dyc; Wed, 21 Feb 2024 13:39:58 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCXkQnRLN4QU+O95SlN1dcHVujoAYRNZFAGcAzNPnzl8YkFcXwfiIkXUDgk8Em0f86aPpoj/AU9daQMW4fLRCuD/U4LeVA== X-Google-Smtp-Source: AGHT+IGmhqn6+jnolzCFSX9UEa6GNcgbqLH3sj3gFRKo8tYgQUImGyZ1I8m50s7zn097gnEYuwiK X-Received: by 2002:a17:902:da87:b0:1d8:f129:a0bc with SMTP id j7-20020a170902da8700b001d8f129a0bcmr19874767plx.13.1708551598481; Wed, 21 Feb 2024 13:39:58 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708551598; cv=pass; d=google.com; s=arc-20160816; b=K/hK1t9a6MnND7IcjNr7LL+sHIFi16OTK8vRQbH0nl0c8H7eRbUmQoGg33ncfuBjUk PZntUkdo7ACGnWn4v6uNboFMmkwJbPWHn9z6n+Jnybz7GZL1wogUZTr0fwojlDnX40tT Tln7ipSQUTFU+HzhLh83+I586WXhgcWmakRF/s5e98Jmi41W/iPw8WyNK9OaQqI1iaoU 2Ec8NrgX4nPKReHhavWa2mu3qIkl/HT2Qdm1GQChlyjjucUdcoN4yx0qE/pEBpv+AVE7 3097UZgnBt+s/L2ENv9jaHbawKohlYuUTT7f7l7VEjSS4+EGuTe9kkMGmjDzqR8HUR6l pHQA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :subject:date:from:dkim-signature; bh=dqAS6+nxKdLgflkdAtITPA41xZq4w8VBBL1yjAezuGg=; fh=hxP78V52DM11AQyZLnuoXzboSedtf373GjK953393po=; b=MZxByLVMxl9RYcfKb0/xNyOyz1UOeFrz9Bbf+pqkgOYj83UxRgxN7wmG3+dCZMRi/N p232M6ljrgxECveOJ97T9Sw5UV2HQsRv7gpeHqiZEPtcljpFy5THwg2Km/q7AINsPh5d 46TBeg9xOi49uwwUyF0POZfX14YHQbL6t/mjRoAXZNgpekSm7l1uXfDsW16MZbAcjLgd 3BaiS5aNuqsrfuQ04dRrTRiafEs1AvQQ3BREeZZiLVi2eJTLYNk2KS+YaOtVaSZL+Rp+ xEHdvollNx4pAB2gd+upxhIKR33CXh7K7v/yLMidTNDuSOzGcM1WxxSv6mAGzUMwVZJC ip6g==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=tdMpuRoC; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-75527-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-75527-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id v1-20020a170903238100b001db80f8fbf2si5436342plh.262.2024.02.21.13.39.58 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 21 Feb 2024 13:39:58 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-75527-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=tdMpuRoC; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-75527-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-75527-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 71AC8287D39 for ; Wed, 21 Feb 2024 21:33:23 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 83350156974; Wed, 21 Feb 2024 21:25:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="tdMpuRoC" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 64BC512839A; Wed, 21 Feb 2024 21:25:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708550706; cv=none; b=HfzGVwEVeGYAbE/kIbKUkJLg1awgCry22FfH6+EIGW4I0EmAk0DAsbxoBRYnRqaWWsoVNfQ+JXzc5LJTTZh5aAbwo4S0nipMgkTLIgaMUXutxeQVrHZ8kZl6MD1oeo3l8s0MayJyTbNnPoSYNAo/BTe6m2gpa09sergJWEvyomQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708550706; c=relaxed/simple; bh=KV67NQ3jY16wtebp+H7T3tkKlXDYN1N/ejbqZKr3l94=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=kTKbvoPZfgk87YyJIoirED3/JXQsaoAaMpWKDWEp0PIz8TyWybe4sbQYL8oba08xnRUJJR0vAALSi2mVsbRBPxdhf+KxBzSHC/jITUEDLBX/9Lb0NlH4RnBFIRymObwpT972xNlG3JFDOejGGzj/TtyFHoRiHQ8arTi05MVJgtA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=tdMpuRoC; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPS id 062F9C4166D; Wed, 21 Feb 2024 21:25:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1708550706; bh=KV67NQ3jY16wtebp+H7T3tkKlXDYN1N/ejbqZKr3l94=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=tdMpuRoC3KRrCsZbyIG1qt+q1GFq3KoiPjqrICz36gS5wz1CP2h0hpSqfJ5U9BbJs nUb5YDHmg5qSfeA9p6Jh8HqXx1uofZAPRUSUwdKOmXAmtk+a7KEUfSK8j1atP2hONS 7QRML7jrkapTT5C12iX+ZUhUg0nxsAL9f7LU3Xl9hQFO1KGnZQSxaWXyXGj8WW6E52 aoRTEBVS9qtuFFIqgWrGHzVuw58kwyf4vszeUlYfX/1xgpMlircLrDeM7hTBwY/1Ld IfLaHPTrxmJMGQIB7uRJ4nnFUrBoWZqhE/o8xBJmMdnbfuSw0pQb2zf4M1aW+hYNrv HxW1NuFvhYEEQ== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E7B54C48BEB; Wed, 21 Feb 2024 21:25:05 +0000 (UTC) From: "Seth Forshee (DigitalOcean)" Date: Wed, 21 Feb 2024 15:24:37 -0600 Subject: [PATCH v2 06/25] capability: provide helpers for converting between xattrs and vfs_caps Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20240221-idmap-fscap-refactor-v2-6-3039364623bd@kernel.org> References: <20240221-idmap-fscap-refactor-v2-0-3039364623bd@kernel.org> In-Reply-To: <20240221-idmap-fscap-refactor-v2-0-3039364623bd@kernel.org> To: Christian Brauner , Seth Forshee , Serge Hallyn , Paul Moore , Eric Paris , James Morris , Alexander Viro , Jan Kara , Stephen Smalley , Ondrej Mosnacek , Casey Schaufler , Mimi Zohar , Roberto Sassu , Dmitry Kasatkin , Eric Snowberg , "Matthew Wilcox (Oracle)" , Jonathan Corbet , Miklos Szeredi , Amir Goldstein Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, audit@vger.kernel.org, selinux@vger.kernel.org, linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org, linux-unionfs@vger.kernel.org X-Mailer: b4 0.12.4 X-Developer-Signature: v=1; a=openpgp-sha256; l=11618; i=sforshee@kernel.org; h=from:subject:message-id; bh=KV67NQ3jY16wtebp+H7T3tkKlXDYN1N/ejbqZKr3l94=; =?utf-8?q?b=3DowGbwMvMwMUYzDxz3dMvhicZT6slMaRey5L9sT2C27hXw2e3XWJbx5+YymITz?= =?utf-8?q?i362vFF8xZty9M/_byHdyWjMwsDIxSArpsgyYd791RrczwVtdsiehxnEygQyhYGLU?= =?utf-8?q?wAm4rad/X+g8zyJNnf7WoOgs5U3n6_18k1ZeYR/J/0d5s+vVDpvbJqbP/6ZdE97vs?= =?utf-8?q?ZWj9udDda0ag+Xn1b3N1TIinUNiM9gKKywLpgn2XlN/_6JEup8NZvseR55rte2ezD?= =?utf-8?q?5Kp2mXf5J7P3cTI8H9mhMC3OcHh+c3zrxr9SJbO2XDZUTZ+4YZg8dk3vC_74ngsrn?= =?utf-8?q?38p5k64YGz434v3WthuH1WK2xqt+ExVlIlnye245wt8jPKjnu3l5C3QkOauPCcp3D?= =?utf-8?q?AhSKR1_57HW8ymHbzqLdG5vvKnD5Xl9441bceXxXn6hgj690/6a3m1+7z1li/sXG7?= =?utf-8?q?4/LmZb7milT+V5mC84LX?= ZWjY5Iinf5y9rD21/cv7O8XVAWAA== X-Developer-Key: i=sforshee@kernel.org; a=openpgp; fpr=2ABCA7498D83E1D32D51D3B5AB4800A62DB9F73A X-Endpoint-Received: by B4 Relay for sforshee@kernel.org/default with auth_id=103 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1791546200645684640 X-GMAIL-MSGID: 1791546200645684640 To pass around vfs_caps instead of raw xattr data we will need to convert between the two representations near userspace and disk boundaries. We already convert xattrs from disks to vfs_caps, so move that code into a helper, and change get_vfs_caps_from_disk() to use the helper. When converting vfs_caps to xattrs we have different considerations depending on the destination of the xattr data. For xattrs which will be written to disk we need to reject the xattr if the rootid does not map into the filesystem's user namespace, whereas xattrs read by userspace may need to undergo a conversion from v3 to v2 format when the rootid does not map. So this helper is split into an internal and an external interface. The internal interface does not return an error if the rootid has no mapping in the target user namespace and will be used for conversions targeting userspace. The external interface returns EOVERFLOW if the rootid has no mapping and will be used for all other conversions. Signed-off-by: Seth Forshee (DigitalOcean) --- include/linux/capability.h | 10 ++ security/commoncap.c | 228 +++++++++++++++++++++++++++++++++++---------- 2 files changed, 187 insertions(+), 51 deletions(-) diff --git a/include/linux/capability.h b/include/linux/capability.h index eb46d346bbbc..a0893ac4664b 100644 --- a/include/linux/capability.h +++ b/include/linux/capability.h @@ -209,6 +209,16 @@ static inline bool checkpoint_restore_ns_capable(struct user_namespace *ns) ns_capable(ns, CAP_SYS_ADMIN); } +/* helpers to convert between xattr and in-kernel representations */ +int vfs_caps_from_xattr(struct mnt_idmap *idmap, + struct user_namespace *src_userns, + struct vfs_caps *vfs_caps, + const void *data, size_t size); +ssize_t vfs_caps_to_xattr(struct mnt_idmap *idmap, + struct user_namespace *dest_userns, + const struct vfs_caps *vfs_caps, + void *data, size_t size); + /* audit system wants to get cap info from files as well */ int get_vfs_caps_from_disk(struct mnt_idmap *idmap, const struct dentry *dentry, diff --git a/security/commoncap.c b/security/commoncap.c index a0b5c9740759..7531c9634997 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -619,54 +619,41 @@ static inline int bprm_caps_from_vfs_caps(struct vfs_caps *caps, } /** - * get_vfs_caps_from_disk - retrieve vfs caps from disk + * vfs_caps_from_xattr - convert raw caps xattr data to vfs_caps * - * @idmap: idmap of the mount the inode was found from - * @dentry: dentry from which @inode is retrieved - * @cpu_caps: vfs capabilities + * @idmap: idmap of the mount the inode was found from + * @src_userns: user namespace for ids in xattr data + * @vfs_caps: destination buffer for vfs_caps data + * @data: rax xattr caps data + * @size: size of xattr data * - * Extract the on-exec-apply capability sets for an executable file. + * Converts a raw security.capability xattr into the kernel-internal + * capabilities format. * - * If the inode has been found through an idmapped mount the idmap of - * the vfsmount must be passed through @idmap. This function will then - * take care to map the inode according to @idmap before checking - * permissions. On non-idmapped mounts or if permission checking is to be - * performed on the raw inode simply pass @nop_mnt_idmap. + * If the xattr is being read or written through an idmapped mount the + * idmap of the vfsmount must be passed through @idmap. This function + * will then take care to map the rootid according to @idmap. + * + * Return: On success, return 0; on error, return < 0. */ -int get_vfs_caps_from_disk(struct mnt_idmap *idmap, - const struct dentry *dentry, - struct vfs_caps *cpu_caps) +int vfs_caps_from_xattr(struct mnt_idmap *idmap, + struct user_namespace *src_userns, + struct vfs_caps *vfs_caps, + const void *data, size_t size) { - struct inode *inode = d_backing_inode(dentry); __u32 magic_etc; - int size; - struct vfs_ns_cap_data data, *nscaps = &data; - struct vfs_cap_data *caps = (struct vfs_cap_data *) &data; + const struct vfs_ns_cap_data *ns_caps = data; + struct vfs_cap_data *caps = (struct vfs_cap_data *)ns_caps; kuid_t rootkuid; - vfsuid_t rootvfsuid; - struct user_namespace *fs_ns; - - memset(cpu_caps, 0, sizeof(struct vfs_caps)); - - if (!inode) - return -ENODATA; - fs_ns = inode->i_sb->s_user_ns; - size = __vfs_getxattr((struct dentry *)dentry, inode, - XATTR_NAME_CAPS, &data, XATTR_CAPS_SZ); - if (size == -ENODATA || size == -EOPNOTSUPP) - /* no data, that's ok */ - return -ENODATA; - - if (size < 0) - return size; + memset(vfs_caps, 0, sizeof(*vfs_caps)); if (size < sizeof(magic_etc)) return -EINVAL; - cpu_caps->magic_etc = magic_etc = le32_to_cpu(caps->magic_etc); + vfs_caps->magic_etc = magic_etc = le32_to_cpu(caps->magic_etc); - rootkuid = make_kuid(fs_ns, 0); + rootkuid = make_kuid(src_userns, 0); switch (magic_etc & VFS_CAP_REVISION_MASK) { case VFS_CAP_REVISION_1: if (size != XATTR_CAPS_SZ_1) @@ -679,39 +666,178 @@ int get_vfs_caps_from_disk(struct mnt_idmap *idmap, case VFS_CAP_REVISION_3: if (size != XATTR_CAPS_SZ_3) return -EINVAL; - rootkuid = make_kuid(fs_ns, le32_to_cpu(nscaps->rootid)); + rootkuid = make_kuid(src_userns, le32_to_cpu(ns_caps->rootid)); break; default: return -EINVAL; } - rootvfsuid = make_vfsuid(idmap, fs_ns, rootkuid); - if (!vfsuid_valid(rootvfsuid)) - return -ENODATA; + vfs_caps->rootid = make_vfsuid(idmap, src_userns, rootkuid); + if (!vfsuid_valid(vfs_caps->rootid)) + return -EOVERFLOW; - /* Limit the caps to the mounter of the filesystem - * or the more limited uid specified in the xattr. + vfs_caps->permitted.val = le32_to_cpu(caps->data[0].permitted); + vfs_caps->inheritable.val = le32_to_cpu(caps->data[0].inheritable); + + /* + * Rev1 had just a single 32-bit word, later expanded + * to a second one for the high bits */ - if (!rootid_owns_currentns(rootvfsuid)) - return -ENODATA; + if ((magic_etc & VFS_CAP_REVISION_MASK) != VFS_CAP_REVISION_1) { + vfs_caps->permitted.val += (u64)le32_to_cpu(caps->data[1].permitted) << 32; + vfs_caps->inheritable.val += (u64)le32_to_cpu(caps->data[1].inheritable) << 32; + } + + vfs_caps->permitted.val &= CAP_VALID_MASK; + vfs_caps->inheritable.val &= CAP_VALID_MASK; + + return 0; +} + +/* + * Inner implementation of vfs_caps_to_xattr() which does not return an + * error if the rootid does not map into @dest_userns. + */ +static ssize_t __vfs_caps_to_xattr(struct mnt_idmap *idmap, + struct user_namespace *dest_userns, + const struct vfs_caps *vfs_caps, + void *data, size_t size) +{ + struct vfs_ns_cap_data *ns_caps = data; + struct vfs_cap_data *caps = (struct vfs_cap_data *)ns_caps; + kuid_t rootkuid; + uid_t rootid; + + memset(ns_caps, 0, size); + + rootid = 0; + switch (vfs_caps->magic_etc & VFS_CAP_REVISION_MASK) { + case VFS_CAP_REVISION_1: + if (size < XATTR_CAPS_SZ_1) + return -EINVAL; + size = XATTR_CAPS_SZ_1; + break; + case VFS_CAP_REVISION_2: + if (size < XATTR_CAPS_SZ_2) + return -EINVAL; + size = XATTR_CAPS_SZ_2; + break; + case VFS_CAP_REVISION_3: + if (size < XATTR_CAPS_SZ_3) + return -EINVAL; + size = XATTR_CAPS_SZ_3; + rootkuid = from_vfsuid(idmap, dest_userns, vfs_caps->rootid); + rootid = from_kuid(dest_userns, rootkuid); + ns_caps->rootid = cpu_to_le32(rootid); + break; - cpu_caps->permitted.val = le32_to_cpu(caps->data[0].permitted); - cpu_caps->inheritable.val = le32_to_cpu(caps->data[0].inheritable); + default: + return -EINVAL; + } + + caps->magic_etc = cpu_to_le32(vfs_caps->magic_etc); + + caps->data[0].permitted = cpu_to_le32(lower_32_bits(vfs_caps->permitted.val)); + caps->data[0].inheritable = cpu_to_le32(lower_32_bits(vfs_caps->inheritable.val)); /* * Rev1 had just a single 32-bit word, later expanded * to a second one for the high bits */ - if ((magic_etc & VFS_CAP_REVISION_MASK) != VFS_CAP_REVISION_1) { - cpu_caps->permitted.val += (u64)le32_to_cpu(caps->data[1].permitted) << 32; - cpu_caps->inheritable.val += (u64)le32_to_cpu(caps->data[1].inheritable) << 32; + if ((vfs_caps->magic_etc & VFS_CAP_REVISION_MASK) != VFS_CAP_REVISION_1) { + caps->data[1].permitted = + cpu_to_le32(upper_32_bits(vfs_caps->permitted.val)); + caps->data[1].inheritable = + cpu_to_le32(upper_32_bits(vfs_caps->inheritable.val)); } - cpu_caps->permitted.val &= CAP_VALID_MASK; - cpu_caps->inheritable.val &= CAP_VALID_MASK; + return size; +} + + +/** + * vfs_caps_to_xattr - convert vfs_caps to raw caps xattr data + * + * @idmap: idmap of the mount the inode was found from + * @dest_userns: user namespace for ids in xattr data + * @vfs_caps: source vfs_caps data + * @data: destination buffer for rax xattr caps data + * @size: size of the @data buffer + * + * Converts a kernel-internal capability into the raw security.capability + * xattr format. + * + * If the xattr is being read or written through an idmapped mount the + * idmap of the vfsmount must be passed through @idmap. This function + * will then take care to map the rootid according to @idmap. + * + * Return: On success, return the size of the xattr data. On error, + * return < 0. + */ +ssize_t vfs_caps_to_xattr(struct mnt_idmap *idmap, + struct user_namespace *dest_userns, + const struct vfs_caps *vfs_caps, + void *data, size_t size) +{ + struct vfs_ns_cap_data *caps = data; + int ret; + + ret = __vfs_caps_to_xattr(idmap, dest_userns, vfs_caps, data, size); + if (ret > 0 && + (vfs_caps->magic_etc & VFS_CAP_REVISION_MASK) == VFS_CAP_REVISION_3 && + le32_to_cpu(caps->rootid) == (uid_t)-1) + return -EOVERFLOW; + return ret; +} + +/** + * get_vfs_caps_from_disk - retrieve vfs caps from disk + * + * @idmap: idmap of the mount the inode was found from + * @dentry: dentry from which @inode is retrieved + * @cpu_caps: vfs capabilities + * + * Extract the on-exec-apply capability sets for an executable file. + * + * If the inode has been found through an idmapped mount the idmap of + * the vfsmount must be passed through @idmap. This function will then + * take care to map the inode according to @idmap before checking + * permissions. On non-idmapped mounts or if permission checking is to be + * performed on the raw inode simply pass @nop_mnt_idmap. + */ +int get_vfs_caps_from_disk(struct mnt_idmap *idmap, + const struct dentry *dentry, + struct vfs_caps *cpu_caps) +{ + struct inode *inode = d_backing_inode(dentry); + int size, ret; + struct vfs_ns_cap_data data, *nscaps = &data; + + if (!inode) + return -ENODATA; - cpu_caps->rootid = rootvfsuid; + size = __vfs_getxattr((struct dentry *)dentry, inode, + XATTR_NAME_CAPS, &data, XATTR_CAPS_SZ); + if (size == -ENODATA || size == -EOPNOTSUPP) + /* no data, that's ok */ + return -ENODATA; + + if (size < 0) + return size; + + ret = vfs_caps_from_xattr(idmap, inode->i_sb->s_user_ns, + cpu_caps, nscaps, size); + if (ret == -EOVERFLOW) + return -ENODATA; + if (ret) + return ret; + + /* Limit the caps to the mounter of the filesystem + * or the more limited uid specified in the xattr. + */ + if (!rootid_owns_currentns(cpu_caps->rootid)) + return -ENODATA; return 0; } From patchwork Wed Feb 21 21:24:38 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Seth Forshee (DigitalOcean)" X-Patchwork-Id: 204441 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:693c:2685:b0:108:e6aa:91d0 with SMTP id mn5csp1309200dyc; Wed, 21 Feb 2024 13:32:15 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCXpNEbvip0j8iCoxKmmnPNfIPutG4yM8z9851RH2zi3hs1ctTmqs4hyxD4b3OkIM3TfsQoI77JfbipMwDtaUH0mDlOyUw== X-Google-Smtp-Source: AGHT+IHt/C9xibr405UAJBKEFnbF4sbUENFUlg0oJgwx7G/9YyyBmr4EYlj6dKUkwjWgOPfkwGzX X-Received: by 2002:a05:6a20:c888:b0:1a0:c3e6:3133 with SMTP id hb8-20020a056a20c88800b001a0c3e63133mr2431302pzb.9.1708551135267; Wed, 21 Feb 2024 13:32:15 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708551135; cv=pass; d=google.com; s=arc-20160816; b=pV2r/WX1KxP2XIgn+sDcjPVBR9hQzh8jHacHIT9iBdO/siDYco7uf4p76mvzjeFA23 8CLx8bORzC/Jr4OzIJJfnRL0ZMXKHmyByF8ywG9ZVi5HqQIynVo4k3E5k05d1aE07vnc IX5xoeeTHGv8frmk085/OI8fXKH0eLfnB4ltpVMB8lSCvaELR/j16eegJXRwi5ZdAj1F rt1PukxBGp9vNk43ZPMW4nkIbU3zSSiAiOO+1i9F/ij/YNSC1+Yy7W9PBwcylX+JtX1m EgzGoNLo8UkaBl3juC6nxosRRTzoRKF7FfNcXatVfUdqQ6AJlbUkF80Fc9bWrARZtBZX 77TQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :subject:date:from:dkim-signature; bh=oCdebmDIUwe7nXTXEFRHKYYDn3Jk95jH+G5DwgZWkjQ=; fh=hxP78V52DM11AQyZLnuoXzboSedtf373GjK953393po=; b=XkAbl6PqRPl1uBK6GNsni7X5W2OgELssca41iGu5vVI1Lue5GiK3sOLooO94CYaJFE Ag+ASjsXUZgy+LB1B4wEXQZxcjwC+V9xVVQobIiBBgkxFcehjWIjhNyLzi/lyZPeu8CX xsh+2ggp+YCr2KpFoDWNd3uRcZ0q+fPTRJqoFPb6HlPvxm0/upOEGYc2oFti6kZOLO+1 wqsvNzdxC9fu785lAEFiOC8tWoVSXBF4XVCvy8IykOXq0CmATe3755jULt0Zqo0GWmvt dkj1ld49mCKdNuy4qllviH6/ajqPahtxxu0M7zuBEt9tehR7+yM5uL/Qpexkn2gXA+k0 GuRA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=RZlkCZR8; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-75528-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-75528-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id c9-20020a056a00008900b006e45d8bc55esi6468944pfj.361.2024.02.21.13.32.15 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 21 Feb 2024 13:32:15 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-75528-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=RZlkCZR8; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-75528-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-75528-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 151F22830D7 for ; Wed, 21 Feb 2024 21:32:15 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 0297A154BE3; Wed, 21 Feb 2024 21:25:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="RZlkCZR8" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 74082128819; Wed, 21 Feb 2024 21:25:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708550706; cv=none; b=XmFZyYXmXVX50b8ufSxdjg3F1sN8kGvjB3m9VTxOLmBydO851FkizF7fp7Wp7xTu94KBDaTVFsRj5rjy1PI+PIHNuPCA05uWhhF8rBMeItvhD+Hc1vRbzqtAyZxUahaqDOcyAjnd6pnWDpH8ozBpr+E2hP6APVtw5/nR0FheoTE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708550706; c=relaxed/simple; bh=OhFFK2aqwLPE1WOUvtrX8svKCrxfnUe+iJ8IlWQVyNc=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=tYB1YnHxIwzGatyRWOScTdI0L3OG9DXzJCi+ZQRK9OLaN+ftkwTAeoGXlwL5g7ucUtuMLqmcbJkJg/C0fjbkD/WC3KgAfiQyaz0TH2/LiyHMhRRbZaPDdefoHN3jl8cqfULtEEY7ZG/jwFOYrg/2CRwO0dyutrBdcRH91H6xiTE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=RZlkCZR8; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPS id 39E73C41679; Wed, 21 Feb 2024 21:25:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1708550706; bh=OhFFK2aqwLPE1WOUvtrX8svKCrxfnUe+iJ8IlWQVyNc=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=RZlkCZR8EhACEKs533voXeKxdPegitqhuX3z+DURsKNsWzw1nUSRXg2qO1/O6bxVa hD7SyJbDNexmwxY61JfdIwdNgEW6W7AFebONEMq3JprI4reQniICejGasqx21vLFe8 dz/LgdGWyvQxSaMlRaqObz2+vDyr5myLud3DDlJs38QPVyyPnLD+RDini2/Yrpswhz W0l9eQB0jsOGpSmO6FLVQxpfGYwxztqIwdmwpEfvMJjJFLLERzKZHmKXYZGQ3vVtco 9mCq8U5hUgfCLcx/54VhcMsDn70tRVjAUfrxbSYtg6L1PV3X0t3uVI7zjwzETq+Ojj 3eh/MiuqF1P+A== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 04FC0C54791; Wed, 21 Feb 2024 21:25:06 +0000 (UTC) From: "Seth Forshee (DigitalOcean)" Date: Wed, 21 Feb 2024 15:24:38 -0600 Subject: [PATCH v2 07/25] capability: provide a helper for converting vfs_caps to xattr for userspace Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20240221-idmap-fscap-refactor-v2-7-3039364623bd@kernel.org> References: <20240221-idmap-fscap-refactor-v2-0-3039364623bd@kernel.org> In-Reply-To: <20240221-idmap-fscap-refactor-v2-0-3039364623bd@kernel.org> To: Christian Brauner , Seth Forshee , Serge Hallyn , Paul Moore , Eric Paris , James Morris , Alexander Viro , Jan Kara , Stephen Smalley , Ondrej Mosnacek , Casey Schaufler , Mimi Zohar , Roberto Sassu , Dmitry Kasatkin , Eric Snowberg , "Matthew Wilcox (Oracle)" , Jonathan Corbet , Miklos Szeredi , Amir Goldstein Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, audit@vger.kernel.org, selinux@vger.kernel.org, linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org, linux-unionfs@vger.kernel.org X-Mailer: b4 0.12.4 X-Developer-Signature: v=1; a=openpgp-sha256; l=4882; i=sforshee@kernel.org; h=from:subject:message-id; bh=OhFFK2aqwLPE1WOUvtrX8svKCrxfnUe+iJ8IlWQVyNc=; =?utf-8?q?b=3DowEBbQGS/pANAwAKAVMDma7l9DHJAcsmYgBl1moe+AhIBa2iFKus4HKFQ2il7?= =?utf-8?q?yas4jPP3dyS1+Ne_5Mxo69eJATMEAAEKAB0WIQSQnt+rKAvnETy4Hc9TA5mu5fQxy?= =?utf-8?q?QUCZdZqHgAKCRBTA5mu5fQxybNwB/_0Q84CMY/0WnJZlUjjtKZuKkVW2vuFaN8zeS?= =?utf-8?q?2QYvI/A8cu38Pd7o4lvanR9S9hXj4vl4S6oG1Mty8l9_rvg72P/DOk5fedO0P0xte?= =?utf-8?q?tekIGcH2ISDFUwuzWZV6bEEezmJxftYAfqlz43NxT/FQmhxVP0HxL/T7C_6axOrX9?= =?utf-8?q?+LATljuFCYBTlmEJxQYbvp8gb/zhITu0gcFUULQFVRJRLB6qe+6k4BQbXc9MO5E5Y?= =?utf-8?q?Q8d0NA_k+rEqS6CmssspC20ypVSjz2/p2jiq8s2SQRQOicbBpeL5eObtE35O2Aa2h?= =?utf-8?q?gGTIjwO9eFWGTjh3O3Ca?= xgnvBlVxCegczqxtnWEXgMFeBGeNVF X-Developer-Key: i=sforshee@kernel.org; a=openpgp; fpr=2ABCA7498D83E1D32D51D3B5AB4800A62DB9F73A X-Endpoint-Received: by B4 Relay for sforshee@kernel.org/default with auth_id=103 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1791545715400285369 X-GMAIL-MSGID: 1791545715400285369 cap_inode_getsecurity() implements a handful of policies for capability xattrs read by userspace: - It returns EINVAL if the on-disk capability is in v1 format. - It masks off all bits in magic_etc except for the version and VFS_CAP_FLAGS_EFFECTIVE. - v3 capabilities are converted to v2 format if the rootid returned to userspace would be 0 or if the rootid corresponds to root in an ancestor user namespace. - It returns EOVERFLOW for a v3 capability whose rootid does not map to a valid id in current_user_ns() or to root in an ancestor namespace. These policies must be maintained when converting vfs_caps to an xattr for userspace. Provide a vfs_caps_to_user_xattr() helper which will enforce these policies. Signed-off-by: Seth Forshee (DigitalOcean) Reviewed-by: Christian Brauner --- include/linux/capability.h | 4 +++ security/commoncap.c | 78 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 82 insertions(+) diff --git a/include/linux/capability.h b/include/linux/capability.h index a0893ac4664b..eb06d7c6224b 100644 --- a/include/linux/capability.h +++ b/include/linux/capability.h @@ -218,6 +218,10 @@ ssize_t vfs_caps_to_xattr(struct mnt_idmap *idmap, struct user_namespace *dest_userns, const struct vfs_caps *vfs_caps, void *data, size_t size); +ssize_t vfs_caps_to_user_xattr(struct mnt_idmap *idmap, + struct user_namespace *dest_userns, + const struct vfs_caps *vfs_caps, + void *data, size_t size); /* audit system wants to get cap info from files as well */ int get_vfs_caps_from_disk(struct mnt_idmap *idmap, diff --git a/security/commoncap.c b/security/commoncap.c index 7531c9634997..289530e58c37 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -791,6 +791,84 @@ ssize_t vfs_caps_to_xattr(struct mnt_idmap *idmap, return ret; } +/** + * vfs_caps_to_user_xattr - convert vfs_caps to caps xattr for userspace + * + * @idmap: idmap of the mount the inode was found from + * @dest_userns: user namespace for ids in xattr data + * @vfs_caps: source vfs_caps data + * @data: destination buffer for rax xattr caps data + * @size: size of the @data buffer + * + * Converts a kernel-internal capability into the raw security.capability + * xattr format. Implements the following policies required for fscaps + * returned to userspace: + * + * - Returns -EINVAL if the on-disk capability is in v1 format. + * - Masks off all bits in magic_etc except for the version and + * VFS_CAP_FLAGS_EFFECTIVE. + * - Converts v3 capabilities to v2 format if the rootid returned to + * userspace would be 0 or if the rootid corresponds to root in an + * ancestor user namespace. + * - Returns EOVERFLOW for a v3 capability whose rootid does not map to a + * valid id in current_user_ns() or to root in an ancestor namespace. + * + * If the xattr is being read or written through an idmapped mount the + * idmap of the vfsmount must be passed through @idmap. This function + * will then take care to map the rootid according to @idmap. + * + * Return: On success, return the size of the xattr data. On error, + * return < 0. + */ +ssize_t vfs_caps_to_user_xattr(struct mnt_idmap *idmap, + struct user_namespace *dest_userns, + const struct vfs_caps *vfs_caps, + void *data, size_t size) +{ + struct vfs_ns_cap_data *ns_caps = data; + bool is_v3; + u32 magic; + + /* Preserve previous behavior of returning EINVAL for v1 caps */ + if ((vfs_caps->magic_etc & VFS_CAP_REVISION_MASK) == VFS_CAP_REVISION_1) + return -EINVAL; + + size = __vfs_caps_to_xattr(idmap, dest_userns, vfs_caps, data, size); + if (size < 0) + return size; + + magic = vfs_caps->magic_etc & + (VFS_CAP_REVISION_MASK | VFS_CAP_FLAGS_EFFECTIVE); + ns_caps->magic_etc = cpu_to_le32(magic); + + /* + * If this is a v3 capability with a valid, non-zero rootid, return + * the v3 capability to userspace. A v3 capability with a rootid of + * 0 will be converted to a v2 capability below for compatibility + * with old userspace. + */ + is_v3 = (vfs_caps->magic_etc & VFS_CAP_REVISION_MASK) == VFS_CAP_REVISION_3; + if (is_v3) { + uid_t rootid = le32_to_cpu(ns_caps->rootid); + if (rootid != (uid_t)-1 && rootid != (uid_t)0) + return size; + } + + if (!rootid_owns_currentns(vfs_caps->rootid)) + return -EOVERFLOW; + + /* This comes from a parent namespace. Return as a v2 capability. */ + if (is_v3) { + magic = VFS_CAP_REVISION_2 | + (vfs_caps->magic_etc & VFS_CAP_FLAGS_EFFECTIVE); + ns_caps->magic_etc = cpu_to_le32(magic); + ns_caps->rootid = cpu_to_le32(0); + size = XATTR_CAPS_SZ_2; + } + + return size; +} + /** * get_vfs_caps_from_disk - retrieve vfs caps from disk * From patchwork Wed Feb 21 21:24:39 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Seth Forshee (DigitalOcean)" X-Patchwork-Id: 204449 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:693c:2685:b0:108:e6aa:91d0 with SMTP id mn5csp1312149dyc; Wed, 21 Feb 2024 13:39:32 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCV9ItUs/7Is+68RRQ9hTvVZbLX7qiui2RGZcI5zR2XMlXFKIy7y7p9Sy1W5+gfMoAJz0bJQGYsMHi5Abvfsw2+6JiucsQ== X-Google-Smtp-Source: AGHT+IFzUfkgp/Uvbf8DLGStem9+3QOjHBKa3ntWshJaoKTeStr6PvE4lPc9nEDjIeoDO267IE2G X-Received: by 2002:a17:90a:17a1:b0:299:d96f:9145 with SMTP id q30-20020a17090a17a100b00299d96f9145mr7099458pja.0.1708551572441; Wed, 21 Feb 2024 13:39:32 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708551572; cv=pass; d=google.com; s=arc-20160816; b=CUAuzGeqtAE9b7GFN5vIOwiqXT7aeIGgO4YTgeHxXP8sk9VDQw95KIwzRv4afpx1qB TLhZQ96nZKIa49TwZn/pccT1Hs5TyGki8YrDamiJuA87iO8FvQJIzPFNyNkpNsobPIA/ H3kyCKXABQ3qB7zrqkpd0XzipYR7jW5TuQ7Te+d/tm2JtoyclNYY2TW/ik0pGU2pdKDY 9s0mkdT3jIkMZjp1epL2+s1MiTHPkqIDt212oQwfJwGHRfv4FqhtXW49JSd9QXF0ssF8 SkkuA3qgijm/gyjFYmYq20QeS/Vs+BVHTztjiy1fZVB/7nBzaxlrs/yZKVt+ZdX2ose2 aV+Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :subject:date:from:dkim-signature; bh=BkLBpIKEwYytEb9SXQod1PsCgTqoR9vd3+A8vZDA3jM=; fh=hxP78V52DM11AQyZLnuoXzboSedtf373GjK953393po=; b=CDDsuHIYK0ZzKDS25r/EzT5PdhYMlZx4bS+pTVBMQ3c0UfR3p6uJ2sjmExpGY36ukg kmQ0/mkLWM1lyI77gYnoQshuCTQQpBsfQ+gknb3dx72RpYNX7OeDWqPhxrdRBKGDrxgq lefftpSHB3NYQa31Y/5EFWgkaSjh6h89Eb/a9HHmXUN1m6cBa1NeFlP9Q6gKJDbWwLH1 yOjg7H7DK7e4s7Snbh62QwM31suYbb+nVHR1N2xNB0gy4etqm0/UzyTnW/9caURLBjQB OMtqRNrvMsjnnDU3mh6SUjP4CExed9VP/+wMsmd33JBEvem8f2UPP+e7c+UoXPs6HRV4 r/YA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=G+32nzQs; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-75529-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-75529-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id pg15-20020a17090b1e0f00b0029a3bbc9244si608697pjb.39.2024.02.21.13.39.32 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 21 Feb 2024 13:39:32 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-75529-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=G+32nzQs; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-75529-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-75529-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 30CB6B2771C for ; Wed, 21 Feb 2024 21:31:45 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 33641153BC8; Wed, 21 Feb 2024 21:25:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="G+32nzQs" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 95A761292F2; Wed, 21 Feb 2024 21:25:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708550706; cv=none; b=OUhjUqUp9GAagDE/p+8QTS7s6gMyuGFOZT58Kp08OSIDhHok3xTJPp07e0nedtkrVzyCp6V7Fh5U1P9Ekq8CaD7XetOwP2knhK3aVundWbkH/KRGrF4JvnjmEs7KwRbW+FtGa+qwQN0lKS7GgRi+wGMDM48l+HWKYfVenduRtOI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708550706; c=relaxed/simple; bh=MjPDmuGYxTwVV3XD9s9x96VSdlRd13Fx8UY16afoWLI=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=dHBnN2FQAk/IZKQ+qavkZvjRz2BAu24srcaL3wQqWxH5JT0sxHYWSrkndUr/TFV9BK4d83pUBHACMm6VNHLi36D1l7oLePl+Uo8UrgvM4IvEs0Y5QeYjxTjCJbr47vlXPiBCke8XZl3kjBTE3yX1poXeih9vfVbyFRMkGAyNUEo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=G+32nzQs; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPS id 4790EC43390; Wed, 21 Feb 2024 21:25:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1708550706; bh=MjPDmuGYxTwVV3XD9s9x96VSdlRd13Fx8UY16afoWLI=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=G+32nzQsv2yA6coHTy2HUa1t9RBiDR2AasBhQofnI4QyW/IVAwvXXtib5syKL9VI1 XYeuJazXkEnUDWxhHFfB30px/QQ4SZ/lM2CQjtlruAVC7gHMI5V339a0r19mU3WKr7 pxQFGREc7DUro23NFpTz4WpsaaqIhWsbSeSqXDix962HqnmSMg38nn8fZcH+cp4GpR y8cRFE8J63EdITcOIkUI6OFpmlgs0znPBuyzPWB2OFW4RKCYY32zWkqnziQ+o0/LDA mFAYc2ntRvNmb8wPKZXXv+G9IziYus6/LQ1MFu9rb5vtZr1bAxNPAGvKYyTt3yocWG RUyg3VTXWCdwA== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 36F87C5478B; Wed, 21 Feb 2024 21:25:06 +0000 (UTC) From: "Seth Forshee (DigitalOcean)" Date: Wed, 21 Feb 2024 15:24:39 -0600 Subject: [PATCH v2 08/25] xattr: add is_fscaps_xattr() helper Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20240221-idmap-fscap-refactor-v2-8-3039364623bd@kernel.org> References: <20240221-idmap-fscap-refactor-v2-0-3039364623bd@kernel.org> In-Reply-To: <20240221-idmap-fscap-refactor-v2-0-3039364623bd@kernel.org> To: Christian Brauner , Seth Forshee , Serge Hallyn , Paul Moore , Eric Paris , James Morris , Alexander Viro , Jan Kara , Stephen Smalley , Ondrej Mosnacek , Casey Schaufler , Mimi Zohar , Roberto Sassu , Dmitry Kasatkin , Eric Snowberg , "Matthew Wilcox (Oracle)" , Jonathan Corbet , Miklos Szeredi , Amir Goldstein Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, audit@vger.kernel.org, selinux@vger.kernel.org, linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org, linux-unionfs@vger.kernel.org X-Mailer: b4 0.12.4 X-Developer-Signature: v=1; a=openpgp-sha256; l=898; i=sforshee@kernel.org; h=from:subject:message-id; bh=MjPDmuGYxTwVV3XD9s9x96VSdlRd13Fx8UY16afoWLI=; =?utf-8?q?b=3DowEBbQGS/pANAwAKAVMDma7l9DHJAcsmYgBl1mofpeDW0VRFpT+qzsFdS/fHW?= =?utf-8?q?j5IKuhck4JZotJG_3ni+RRWJATMEAAEKAB0WIQSQnt+rKAvnETy4Hc9TA5mu5fQxy?= =?utf-8?q?QUCZdZqHwAKCRBTA5mu5fQxyRAAB/_9E0ZBYKot+MRKSR27p0Kv0vDG4b1T8VUYNX?= =?utf-8?q?dxn7GTVrucCBGVtpVtqSyN8mJcxmFFj6dgjcjWE/8Fq_5ZjeTdXL+YyPRBKcf0KBr?= =?utf-8?q?bLryipvjsqSujzheGkbqC8maXAS3ScS4R+vuzpQuiMRBhwd432RWhFkRu_ALGbz9F?= =?utf-8?q?zAX6BGGK/+JaabY7XD/jynxRjg5i8POSN19q0OJlsOqUpYJrmjTusaT4lCzgC+6ix?= =?utf-8?q?XcwFzw_+z6fBZXxwGNAJ/G0yohMDqfv4/nS298M7iKZhieHyKr5Hz/dZ+rOFIiwoG?= =?utf-8?q?WzyRw8ccnmGTkNSWT3Dq?= Yxtsflp7R+yVNxyPqIPgRpugwoXtdA X-Developer-Key: i=sforshee@kernel.org; a=openpgp; fpr=2ABCA7498D83E1D32D51D3B5AB4800A62DB9F73A X-Endpoint-Received: by B4 Relay for sforshee@kernel.org/default with auth_id=103 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1791546173224539725 X-GMAIL-MSGID: 1791546173224539725 Add a helper to determine if an xattr time is XATTR_NAME_CAPS instead of open-coding a string comparision. Suggested-by: Amir Goldstein Signed-off-by: Seth Forshee (DigitalOcean) Reviewed-by: Christian Brauner --- include/linux/xattr.h | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/include/linux/xattr.h b/include/linux/xattr.h index d20051865800..cbacfb4d74fa 100644 --- a/include/linux/xattr.h +++ b/include/linux/xattr.h @@ -28,6 +28,11 @@ static inline bool is_posix_acl_xattr(const char *name) (strcmp(name, XATTR_NAME_POSIX_ACL_DEFAULT) == 0); } +static inline bool is_fscaps_xattr(const char *name) +{ + return strcmp(name, XATTR_NAME_CAPS) == 0; +} + /* * struct xattr_handler: When @name is set, match attributes with exactly that * name. When @prefix is set instead, match attributes with that prefix and From patchwork Wed Feb 21 21:24:40 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Seth Forshee (DigitalOcean)" X-Patchwork-Id: 204454 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:693c:2685:b0:108:e6aa:91d0 with SMTP id mn5csp1312475dyc; Wed, 21 Feb 2024 13:40:19 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCU2HppiWqALQ3st/nb7/1fQ/4Q9YjgvJm65siKEl9AkCvdybs6oLtOPFunM+KPKIdZ1nEqxI2jkRahfD/EwW+qi4v3ZBA== X-Google-Smtp-Source: AGHT+IEJGG1Y0hVoltyMFo6VERDUZqzSYYpWQTvkANFgP//oKV1xce6H94uj0tGsDyxkvMNGgfsn X-Received: by 2002:a17:903:449:b0:1db:8fd9:ba0d with SMTP id iw9-20020a170903044900b001db8fd9ba0dmr18050627plb.23.1708551619599; Wed, 21 Feb 2024 13:40:19 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708551619; cv=pass; d=google.com; s=arc-20160816; b=06vkyWSkRa0ja4Hf/X+wYFmQI34xbGFwn9Hu8bulLhpp3TRJdJjILClmKf5NILfQvV U3pQmQcfJXCP3Np9HeP0Qgho2O4PrwevLvyKiFBi+EloCQdGHsqgTPLiKR8P22QikRaK CGRJn1Ptgg+rzv6sAOUUnhCNclgLWKvLFfcK389DVR3hlHGuFhKrisJxwlsbn8r2sEn7 Uekk6/6yqSFK5d7J7lXssorEZLigim7oD5vpvMsWx2GodjQEXv8rdWn9iRmcytTlKGaL BiqLoaPsO+YvwbY+d1SjD1/dxQyEhWKwNPUw5PDszXGan7m35RpDIpUFdSlGE8twfwds 66uw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :subject:date:from:dkim-signature; bh=Nc8pz1p/8hlQDejp0QNHXNPbif+E5H1GA0CGLhquCEo=; fh=hxP78V52DM11AQyZLnuoXzboSedtf373GjK953393po=; b=svqB7rnQvsawPkFYRisH0t3BD789WMSsbKKrYZxv9A1Ta17i9icr7hNftgnfQjtDX6 q9hq1VzOx3IIQ5lOrRuII1KntGSZkcZPO2xXQrZDww8tX4tYqmRfHxO575KGlJDEB2+9 GZI7DVC3ZoR7O6oXj16Dz/vYzlKZQjHqyoCKm3H9J2ZFFjAV2nSGUfOfRKztiyVUgOv9 HQC8mgmJ0+ObJAtjp2VNjqUj28hlskVpZSoktIx6tgd5Qftjz2IxXJstlULWPDlC0y2O VAQ6URhKIoMxYjPyF2SxeZVayl2BEP5I52FFIceJjaEqNU5o3HYwqre6xhmyocNUQzrX ln+A==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=H4NDZ9Yn; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-75532-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-75532-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161]) by mx.google.com with ESMTPS id lk4-20020a17090308c400b001dbcc3280f3si8162477plb.232.2024.02.21.13.40.19 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 21 Feb 2024 13:40:19 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-75532-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=H4NDZ9Yn; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-75532-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-75532-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id E588EB2787D for ; Wed, 21 Feb 2024 21:32:13 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id EE5DC154451; Wed, 21 Feb 2024 21:25:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="H4NDZ9Yn" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9BDC9129A66; Wed, 21 Feb 2024 21:25:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708550706; cv=none; b=PW9yPz5xZBz4e/8ZDHG/QhwWbmae9CMKl7ZJgv+I227ztFV24o4Gs3V7kWX7qepelMoaf7QobYEIiykOPw0EHbEBZLDvnl6LirdejzZUipxatoMkoUUd4pz/zFV7MqAH3ESgDW5AXovfUl19RviveDOeJ4HHw5oWF1GiG6Q83kY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708550706; c=relaxed/simple; bh=4t7VYe2pfzhO0kZ+94iPfJDYCD1vDaacDt9TOtFcBjg=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=ZiN6/S4x5rCfz5ZDSdocvpHcrRS8Utix04RHxBfIV8QF5e1b1/48XanMunTdHIiUXYqmRh6aCQLsCPLZbrYXkKm2LYa+YTB1NXSs6qD53ABOPobqvqQiExl5x0sjoJBptMPadRvPl9xzm1dBwtSNIy0WFuUfr0qAl0ZoIQiJSXE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=H4NDZ9Yn; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPS id 56CF4C32781; Wed, 21 Feb 2024 21:25:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1708550706; bh=4t7VYe2pfzhO0kZ+94iPfJDYCD1vDaacDt9TOtFcBjg=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=H4NDZ9Yn8LguadXM61Cv/+vC8MjNfXRmyxgNTVcyElmxvP+ZVw35iZ9BJ7IdwcyOr klDsbyltojrU0OZIrg8apY3dBD2mSdC9xU4iNyYTVOU+M7zy9hRPndMTn9IsdtNmGd +NGF0WBfpQ/oslQMoZB282va2ZI//vz8DD+t6UG5UTpaoI7rIHvvb7jfcDYEcaa+Mb giTO54jW/xYtFV4hilLZPOJpxEgkHYGZnrNk0IHVgTmsWiPXt0ryuHgHBoBoVoQ3bT oqSiQ+KhKGX5vi4s7hXECA+uIRFLqgZfgsuBoIokLmn0KsVR1p8kXZYZqesP1XLXpj NjPpJnOPGKXBg== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 45A39C48BEB; Wed, 21 Feb 2024 21:25:06 +0000 (UTC) From: "Seth Forshee (DigitalOcean)" Date: Wed, 21 Feb 2024 15:24:40 -0600 Subject: [PATCH v2 09/25] commoncap: use is_fscaps_xattr() Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20240221-idmap-fscap-refactor-v2-9-3039364623bd@kernel.org> References: <20240221-idmap-fscap-refactor-v2-0-3039364623bd@kernel.org> In-Reply-To: <20240221-idmap-fscap-refactor-v2-0-3039364623bd@kernel.org> To: Christian Brauner , Seth Forshee , Serge Hallyn , Paul Moore , Eric Paris , James Morris , Alexander Viro , Jan Kara , Stephen Smalley , Ondrej Mosnacek , Casey Schaufler , Mimi Zohar , Roberto Sassu , Dmitry Kasatkin , Eric Snowberg , "Matthew Wilcox (Oracle)" , Jonathan Corbet , Miklos Szeredi , Amir Goldstein Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, audit@vger.kernel.org, selinux@vger.kernel.org, linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org, linux-unionfs@vger.kernel.org X-Mailer: b4 0.12.4 X-Developer-Signature: v=1; a=openpgp-sha256; l=972; i=sforshee@kernel.org; h=from:subject:message-id; bh=4t7VYe2pfzhO0kZ+94iPfJDYCD1vDaacDt9TOtFcBjg=; =?utf-8?q?b=3DowEBbQGS/pANAwAKAVMDma7l9DHJAcsmYgBl1mogZOFLFrTJHOsqMGqEXCfSc?= =?utf-8?q?BiIf9AXwC8KoSVV_frhhLcCJATMEAAEKAB0WIQSQnt+rKAvnETy4Hc9TA5mu5fQxy?= =?utf-8?q?QUCZdZqIAAKCRBTA5mu5fQxyQbxCA_CB/noEJJlpI9g151/fViGjdeWOgiQrNeYPr?= =?utf-8?q?agty6p9bGZUks5yPjNApObB+aefC+H5tKHvGXzIrbEB_n9MzhIumjZYNHrsibS1d5?= =?utf-8?q?sAG1Bwqgggfi9Sx3VOvIsDip4pg6NtDhmVtW5+Yt20+5GnTd/jGezJryP_a1EhXCI?= =?utf-8?q?xhToqhCm8BjKwufrx88FED6FORWo9DmD92IwhJWEvf6SQrnn5DKY/aXw9kF7Fzdce?= =?utf-8?q?VCDrAw_kxY/MZXXVqwEedLkAlP4Q3sx8JCqZPzpoVZj2Q7z9g1oNDJDGWXr/KWOlB?= =?utf-8?q?YRxWFr5V1dFQ0WXy9iP4?= Ig0HUzkQv1L68QjY8iH4SVVE9ldej/ X-Developer-Key: i=sforshee@kernel.org; a=openpgp; fpr=2ABCA7498D83E1D32D51D3B5AB4800A62DB9F73A X-Endpoint-Received: by B4 Relay for sforshee@kernel.org/default with auth_id=103 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1791546223161122854 X-GMAIL-MSGID: 1791546223161122854 Signed-off-by: Seth Forshee (DigitalOcean) Reviewed-by: Christian Brauner --- security/commoncap.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/security/commoncap.c b/security/commoncap.c index 289530e58c37..19affcfa3126 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -1205,7 +1205,7 @@ int cap_inode_setxattr(struct dentry *dentry, const char *name, * For XATTR_NAME_CAPS the check will be done in * cap_convert_nscap(), called by setxattr() */ - if (strcmp(name, XATTR_NAME_CAPS) == 0) + if (is_fscaps_xattr(name)) return 0; if (!ns_capable(user_ns, CAP_SYS_ADMIN)) @@ -1242,7 +1242,7 @@ int cap_inode_removexattr(struct mnt_idmap *idmap, XATTR_SECURITY_PREFIX_LEN) != 0) return 0; - if (strcmp(name, XATTR_NAME_CAPS) == 0) { + if (is_fscaps_xattr(name)) { /* security.capability gets namespaced */ struct inode *inode = d_backing_inode(dentry); if (!inode) From patchwork Wed Feb 21 21:24:41 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Seth Forshee (DigitalOcean)" X-Patchwork-Id: 204450 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:693c:2685:b0:108:e6aa:91d0 with SMTP id mn5csp1312288dyc; Wed, 21 Feb 2024 13:39:52 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCW+QxlDfHm/T/xlJQWTG+ZtRpXY88ZkjMMAHa2FSw8KHYmLUTGr9gYbX7iS2xCKlRPcv19irrq801l2AKUhogpHzmScyw== X-Google-Smtp-Source: AGHT+IEiTBiQpMpKP0bK5gzZfAixG3PWrxLabRYNiM/sMWwUbTNncSTYj9WhE0Llns31qCBf8vea X-Received: by 2002:a17:902:eb8f:b0:1db:b8f9:ea69 with SMTP id q15-20020a170902eb8f00b001dbb8f9ea69mr17581014plg.34.1708551592540; Wed, 21 Feb 2024 13:39:52 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708551592; cv=pass; d=google.com; s=arc-20160816; b=Hl7n2Y3xOJ7gpuHXwxpzlRnRZl2D739SK5wvEUKWFKFENPv3n6KYO3e+b1N6b4d3IL JNEbjXfj7glpjZcq3nYCt/Y8Q6Yvy5mJHojSeFyYrMqMJPFTcJiizECZYbZn5XjGn+um jDBhflEwVF7WXEKOAOD1nYQXJqbU/HN25yPrmetRPr6xxREKA/jS1Ob7kHv0safC9Qio 6/MM1XUH3RlbfxAeE06rjgDj66zZHPBIACyXKBj7wObaRDX8837nYFJyh/K/nIn80713 bIuZKn+8R3rR3MqG/a8YnQ1nTa5aYZzRwEWzzyM9J/71iu2B6sPgx+9XApxUV8zvMCLY YXUA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :subject:date:from:dkim-signature; bh=q5wwB1gqeaJhopnjh+767mls1BdR79sfYj8nU17Vbrs=; fh=hxP78V52DM11AQyZLnuoXzboSedtf373GjK953393po=; b=KMPwUoMDxj+9JcPMml9kFeR+whI9IXQB7TMjjft5ylDpweQIeh9vgjdGKqxtwy1MnM twb8qX7c3mHfi64nk8Q1JOGHp96d+ayDC7+dQgINFJkMPkYAUcQIZHrJuaJjusxgTK3M LWyeG/WAERQbVpljLTmlo55/FfABUzy0m5BpC8arMLI3umEvAlpO7edqpA9t9BvatzZB vZw9vkandgKFqgVzUZNz54chjuRAGJmmoZW/T23C8T+HsR/u2YNDMB9M+FlR0QhlA1Qg NzVirx7TJh9Eh/gG5Ijo0dwdW/QplmC9pJ4IaqoJBbBe/r3Kphj7m1GI37nFBQAGps5Y TkAg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=UC2BZrnh; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-75531-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-75531-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id f2-20020a170902ce8200b001dbf7f6a733si6089296plg.377.2024.02.21.13.39.52 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 21 Feb 2024 13:39:52 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-75531-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=UC2BZrnh; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-75531-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-75531-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id E00F1B2814E for ; Wed, 21 Feb 2024 21:31:56 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 7DE8E153BE2; Wed, 21 Feb 2024 21:25:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="UC2BZrnh" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9BD851292FF; Wed, 21 Feb 2024 21:25:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708550706; cv=none; b=E3HFdt8o9s0cxvn/tY9H5AjLk0foBJB39WHHBnVIkgItBL4aMFO4gxsC0v7gOF0XUJrQp0Fq9fSxX6VWjBzPPlxYaP3QEwRfYsO6JJvL/llPPTQyw+tu1/jNHGX33ZDYAKrcMOPDJuAozHwjuD/Fncl4PQxI6ZZKQmDey3jJn+0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708550706; c=relaxed/simple; bh=lEHQXdLzM8XZmLEljh/ycw/4aa43YTvfIWETR64S7L4=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=Mq6PcSOuxWw2NQO20b2/ULW/n/9jdn0BsA82pLQdmuYptzVcDf8RMeBfOK65tR3jUeHL1SRHHCaLIfIj8WZ9IH7zFRL7Fv7qBhnMFdwzo3lLXXhOj6SsXIYdnffy1ZxsjXfCSeKowAxC6Hb8LPjbbGcDjAyVJYWzj+ookU6xsZY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=UC2BZrnh; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPS id 662C0C32784; Wed, 21 Feb 2024 21:25:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1708550706; bh=lEHQXdLzM8XZmLEljh/ycw/4aa43YTvfIWETR64S7L4=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=UC2BZrnh4lZXsjpnjx7aANMXeCVkZvoQtXOjOZOT8xxnq7bJsb0arNGCdzXPhB79M CRZgleKWNdeC+ZerEGDq2Q9NZr4JJau/CRBGKV0m/lNO/MgnJPlkC236U8Q1VUvwcE gekbp89+TKBF2TDd5vAbzCjWkLtYJE9MTac2VPDPKxvptO0t/JWF6u9r3k/XUCz/zU y9barmElKlj5vGlpuHAjm00yLb/7UoUvR3J0vRzDdrfJgiIw1WSmfltoAdvPvep33w BV2cIqgqZD2xLGRoYHm1KMpuySNQNViUrDL/TlyKPSYs655oBmI+NgnQJSxLLPR5/1 65LN77kcX4EuA== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 51D3BC54793; Wed, 21 Feb 2024 21:25:06 +0000 (UTC) From: "Seth Forshee (DigitalOcean)" Date: Wed, 21 Feb 2024 15:24:41 -0600 Subject: [PATCH v2 10/25] xattr: use is_fscaps_xattr() Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20240221-idmap-fscap-refactor-v2-10-3039364623bd@kernel.org> References: <20240221-idmap-fscap-refactor-v2-0-3039364623bd@kernel.org> In-Reply-To: <20240221-idmap-fscap-refactor-v2-0-3039364623bd@kernel.org> To: Christian Brauner , Seth Forshee , Serge Hallyn , Paul Moore , Eric Paris , James Morris , Alexander Viro , Jan Kara , Stephen Smalley , Ondrej Mosnacek , Casey Schaufler , Mimi Zohar , Roberto Sassu , Dmitry Kasatkin , Eric Snowberg , "Matthew Wilcox (Oracle)" , Jonathan Corbet , Miklos Szeredi , Amir Goldstein Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, audit@vger.kernel.org, selinux@vger.kernel.org, linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org, linux-unionfs@vger.kernel.org X-Mailer: b4 0.12.4 X-Developer-Signature: v=1; a=openpgp-sha256; l=597; i=sforshee@kernel.org; h=from:subject:message-id; bh=lEHQXdLzM8XZmLEljh/ycw/4aa43YTvfIWETR64S7L4=; =?utf-8?q?b=3DowEBbQGS/pANAwAKAVMDma7l9DHJAcsmYgBl1mohq2XZVoBy8FgqIjMltMFNu?= =?utf-8?q?zAWaj/Pn1Cc2fiJ_PO+HZrOJATMEAAEKAB0WIQSQnt+rKAvnETy4Hc9TA5mu5fQxy?= =?utf-8?q?QUCZdZqIQAKCRBTA5mu5fQxyQ77B/_9KzJ+i0X5eDYLpwTJQmYMCRqYN6k0Iuk1pw?= =?utf-8?q?bpwXjF9ph8I+iLw/R/XYDD3yf025kbMHTCQC+Z0TYiw_Wh64DvoVlVS+FkNp+7sCJ?= =?utf-8?q?ETr3Lmx3gEs2vJNh+zIRRm9awNuEhnAezPVeOC9vXAOEB4vxQMJwWjjNG_apBxkgO?= =?utf-8?q?4CvmpusSXAZOJhK6Uo5XqCiEgjcl0DXRtnMbTph6y2KmqFVanvM1qba2HEXNFpL87?= =?utf-8?q?fAwpST_UDykJ5pSN8a964iteXDvWw/PLqFS33BKI9sLHcykFsgV4nTYUWM+hpTJJV?= =?utf-8?q?1rOFRiE2YRaSB35mPMvF?= 52ifUub/2VOnPAqvb376YvVerDPSZW X-Developer-Key: i=sforshee@kernel.org; a=openpgp; fpr=2ABCA7498D83E1D32D51D3B5AB4800A62DB9F73A X-Endpoint-Received: by B4 Relay for sforshee@kernel.org/default with auth_id=103 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1791546194924204416 X-GMAIL-MSGID: 1791546194924204416 Signed-off-by: Seth Forshee (DigitalOcean) Reviewed-by: Christian Brauner --- fs/xattr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/xattr.c b/fs/xattr.c index 09d927603433..06290e4ebc03 100644 --- a/fs/xattr.c +++ b/fs/xattr.c @@ -310,7 +310,7 @@ vfs_setxattr(struct mnt_idmap *idmap, struct dentry *dentry, const void *orig_value = value; int error; - if (size && strcmp(name, XATTR_NAME_CAPS) == 0) { + if (size && is_fscaps_xattr(name)) { error = cap_convert_nscap(idmap, dentry, &value, size); if (error < 0) return error; From patchwork Wed Feb 21 21:24:42 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Seth Forshee (DigitalOcean)" X-Patchwork-Id: 204458 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:693c:2685:b0:108:e6aa:91d0 with SMTP id mn5csp1312976dyc; Wed, 21 Feb 2024 13:41:39 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCUxpKKrzy4dcfxDD+PmmThDBtWqVrsEL3VNoNdmwOm7wzvbMZ01ohtxoRZ2j1qNroA1u3Cpj3f8RON1Sqem7G8j8/eK6w== X-Google-Smtp-Source: AGHT+IHwWNHgO3+CpiniSVLRSHXPbHqbeQxvBNWxVnUGO72PEowdEQO/FzNSO0zT4KrM/oL9yIZP X-Received: by 2002:a05:6a00:d77:b0:6e3:b465:66e6 with SMTP id n55-20020a056a000d7700b006e3b46566e6mr11512453pfv.30.1708551699221; Wed, 21 Feb 2024 13:41:39 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708551699; cv=pass; d=google.com; s=arc-20160816; b=Mewimj5Val5ZgvatVc+ZAIuUAg/NvB4ChaJQRhnOW/pFLYgAQMZauVeqtl/jee/H+O 0WNkTBXYADMs2YPZhjkxY4bxNpFqqt8W79o+ogM8/Mda5uiayqc6QCXUpm5BMUqfTGXZ UE6TtTD5cIk+z+yxqMKwMHlVIA36HZAY1XGj88isSrrymKC5x0LIkf2/JXA6MmsLQM6g 82oVtzWIMf0Fb/4M/cidu1ovXxXzEePRT6ciYdtQWsHhwjRJ7JTRn3IDtzcrtteRbDQ6 DELAr1M8mQdxGTMZmipRoQde5ggMFwsaMMi/QY9ZWeOtdcCqg5Xvurpt2UlNHFV6ISpC +1bw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :subject:date:from:dkim-signature; bh=1G5QVf6qr3DXA3IwxDxEI6yxQxahcvhgvZu3sduaCRA=; fh=hxP78V52DM11AQyZLnuoXzboSedtf373GjK953393po=; b=qDQk7M4fz1ERiqusL46tZzWUtTaCyFSoB63vOALi6EMUIq4B3wSujH+uF43WscX8fj WpaxYSdaxW84vmnBzybIlERlRZXj/Y6svhfz+J8f+tf3LMmdywJjyN+CVbbAyoHBIp1A hYFDwStAhQWOgddrd25SqbSao8eQE9jE8o2DRrTKfVCAVwAFjDvSxr27ToREVm2QFvDX z7g0AKJ3TwfIc3un7aKTehclp9SPeDMyexvE7Db26McA8kw9yjS/f87JsWNsVENqxSTX cr+6G/fODq684LkZ1lkVag/IBf4xMUW8EKu2lGGu2CDq88jOeKpyteOAIgcXT0AJRBOS gzTg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=FcGjqVa6; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-75533-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-75533-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161]) by mx.google.com with ESMTPS id q6-20020aa79826000000b006e476b1fc3esi4293773pfl.139.2024.02.21.13.41.38 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 21 Feb 2024 13:41:39 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-75533-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=FcGjqVa6; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-75533-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-75533-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id C386CB27AA6 for ; Wed, 21 Feb 2024 21:33:03 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 11203155A46; Wed, 21 Feb 2024 21:25:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="FcGjqVa6" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B53DB12A159; Wed, 21 Feb 2024 21:25:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708550706; cv=none; b=Hhr/StRxHc3WsK2BxTkX0KRd+v3FRga5bJuGpWPjuU/aldbaUUz7WrcHeLO5+IHS1QkwzSz/ues9CHEKj8Kiwyz9h8hRy6GeGqphwY4qvDZ+kjdjKTC3XAqoRGlXEAArTy0Tv/IZWsydkqSEKRXXoBe3eo/PhI7g1WydDLRDx7w= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708550706; c=relaxed/simple; bh=bU1CcTjoAErUmCcImLT8MBeG6twr7o4CKTQE5qVrAgQ=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=R98W8t02rueguCO9l1ED1Zjm15qEUJfB5zTXEQztggDkyLx9HjvMHiT/cH/tMSZkJzJrHfPhDSaUDdHO12F7sN9d2brJhL1kC83EYAW7lE7CHXMdxnu6MNYaWYiT73M5oQQpm2kK6mCmQcMaYpY4JQzHKH+VlgZx0r1DFF6+W90= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=FcGjqVa6; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPS id 787C8C32785; Wed, 21 Feb 2024 21:25:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1708550706; bh=bU1CcTjoAErUmCcImLT8MBeG6twr7o4CKTQE5qVrAgQ=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=FcGjqVa6LFtv3wIisQX3ULDicQYa/7JUNgjsOxVOxVbBN2XRKtt4vccq6xj9Gg/UL 5W+QHPa31Tm++/4yeexKz1kIqJWieCefTCFEudO9BXLtaxfQ56UTNPEKKXwFOECfG0 zaxRPGXu6muDcX8/b2TWgdd++UA+Jv8tMmcuP7dZUhlshRqWZWnxUUceHir+xqAXNL /4Z/kBljMAkI3uBcjW2ihJRj0Z3WARjJKDXjYVmtXOC8oje28yVXhxoAoAEtkIumOt PkCru4mDI9qYc3RH/TkC/DUCv/G5BSkUKupMfd8XJszSZMRYhatK4ijIx3sWYNSG/1 rXQxNtC4NzCyA== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 64819C5478B; Wed, 21 Feb 2024 21:25:06 +0000 (UTC) From: "Seth Forshee (DigitalOcean)" Date: Wed, 21 Feb 2024 15:24:42 -0600 Subject: [PATCH v2 11/25] security: add hooks for set/get/remove of fscaps Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20240221-idmap-fscap-refactor-v2-11-3039364623bd@kernel.org> References: <20240221-idmap-fscap-refactor-v2-0-3039364623bd@kernel.org> In-Reply-To: <20240221-idmap-fscap-refactor-v2-0-3039364623bd@kernel.org> To: Christian Brauner , Seth Forshee , Serge Hallyn , Paul Moore , Eric Paris , James Morris , Alexander Viro , Jan Kara , Stephen Smalley , Ondrej Mosnacek , Casey Schaufler , Mimi Zohar , Roberto Sassu , Dmitry Kasatkin , Eric Snowberg , "Matthew Wilcox (Oracle)" , Jonathan Corbet , Miklos Szeredi , Amir Goldstein Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, audit@vger.kernel.org, selinux@vger.kernel.org, linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org, linux-unionfs@vger.kernel.org X-Mailer: b4 0.12.4 X-Developer-Signature: v=1; a=openpgp-sha256; l=6068; i=sforshee@kernel.org; h=from:subject:message-id; bh=bU1CcTjoAErUmCcImLT8MBeG6twr7o4CKTQE5qVrAgQ=; =?utf-8?q?b=3DowEBbQGS/pANAwAKAVMDma7l9DHJAcsmYgBl1moiOmBWOkW3C2D6watYerA1n?= =?utf-8?q?6u6GpH/leMlBqw7_WLNKqEiJATMEAAEKAB0WIQSQnt+rKAvnETy4Hc9TA5mu5fQxy?= =?utf-8?q?QUCZdZqIgAKCRBTA5mu5fQxyX4hB/_4gHtUbOV115lPuC//xfy9D4S1XJ5dcZzKpX?= =?utf-8?q?27IoQgRAB8iadS9qTPZMY9JzN+fEAEJjKFFAFM94cF0_rLytBPDiTKSoKBhm83DGI?= =?utf-8?q?fLJyy9gdXXFGXFzmy5MzY4VkuLjCzBltyOieqCT8M64K49wiTDIWCrTku_mf3oZbj?= =?utf-8?q?kX8CKEyWzC5OjK08smBtBMLPrNQbDTlb5J2i75XOVmI2yrPuZMCJojB8IN39jKaJ8?= =?utf-8?q?UX3Hjc_HElICYbTk+WAYh9ZuZUpzzyo7IEH0c3YjbR8PLFH7Xg0ZTT5jPH6Ccksrf?= =?utf-8?q?7oNmjUcAAUf7e/S7Xd7K?= vW7wHQVxNqrw0G7gjCWEoB0nJW9wrt X-Developer-Key: i=sforshee@kernel.org; a=openpgp; fpr=2ABCA7498D83E1D32D51D3B5AB4800A62DB9F73A X-Endpoint-Received: by B4 Relay for sforshee@kernel.org/default with auth_id=103 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1791546306306569776 X-GMAIL-MSGID: 1791546306306569776 In preparation for moving fscaps out of the xattr code paths, add new security hooks. These hooks are largely needed because common kernel code will pass around struct vfs_caps pointers, which EVM will need to convert to raw xattr data for verification and updates of its hashes. Signed-off-by: Seth Forshee (DigitalOcean) Acked-by: Paul Moore Reviewed-by: Christian Brauner --- include/linux/lsm_hook_defs.h | 7 +++++ include/linux/security.h | 33 +++++++++++++++++++++ security/security.c | 69 +++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 109 insertions(+) diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h index 76458b6d53da..7b3c23f9e4a5 100644 --- a/include/linux/lsm_hook_defs.h +++ b/include/linux/lsm_hook_defs.h @@ -152,6 +152,13 @@ LSM_HOOK(int, 0, inode_get_acl, struct mnt_idmap *idmap, struct dentry *dentry, const char *acl_name) LSM_HOOK(int, 0, inode_remove_acl, struct mnt_idmap *idmap, struct dentry *dentry, const char *acl_name) +LSM_HOOK(int, 0, inode_set_fscaps, struct mnt_idmap *idmap, + struct dentry *dentry, const struct vfs_caps *caps, int flags); +LSM_HOOK(void, LSM_RET_VOID, inode_post_set_fscaps, struct mnt_idmap *idmap, + struct dentry *dentry, const struct vfs_caps *caps, int flags); +LSM_HOOK(int, 0, inode_get_fscaps, struct mnt_idmap *idmap, struct dentry *dentry); +LSM_HOOK(int, 0, inode_remove_fscaps, struct mnt_idmap *idmap, + struct dentry *dentry); LSM_HOOK(int, 0, inode_need_killpriv, struct dentry *dentry) LSM_HOOK(int, 0, inode_killpriv, struct mnt_idmap *idmap, struct dentry *dentry) diff --git a/include/linux/security.h b/include/linux/security.h index d0eb20f90b26..40be548e5e12 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -378,6 +378,13 @@ int security_inode_getxattr(struct dentry *dentry, const char *name); int security_inode_listxattr(struct dentry *dentry); int security_inode_removexattr(struct mnt_idmap *idmap, struct dentry *dentry, const char *name); +int security_inode_set_fscaps(struct mnt_idmap *idmap, struct dentry *dentry, + const struct vfs_caps *caps, int flags); +void security_inode_post_set_fscaps(struct mnt_idmap *idmap, + struct dentry *dentry, + const struct vfs_caps *caps, int flags); +int security_inode_get_fscaps(struct mnt_idmap *idmap, struct dentry *dentry); +int security_inode_remove_fscaps(struct mnt_idmap *idmap, struct dentry *dentry); int security_inode_need_killpriv(struct dentry *dentry); int security_inode_killpriv(struct mnt_idmap *idmap, struct dentry *dentry); int security_inode_getsecurity(struct mnt_idmap *idmap, @@ -935,6 +942,32 @@ static inline int security_inode_removexattr(struct mnt_idmap *idmap, return cap_inode_removexattr(idmap, dentry, name); } +static inline int security_inode_set_fscaps(struct mnt_idmap *idmap, + struct dentry *dentry, + const struct vfs_caps *caps, + int flags) +{ + return 0; +} +static void security_inode_post_set_fscaps(struct mnt_idmap *idmap, + struct dentry *dentry, + const struct vfs_caps *caps, + int flags) +{ +} + +static int security_inode_get_fscaps(struct mnt_idmap *idmap, + struct dentry *dentry) +{ + return 0; +} + +static int security_inode_remove_fscaps(struct mnt_idmap *idmap, + struct dentry *dentry) +{ + return 0; +} + static inline int security_inode_need_killpriv(struct dentry *dentry) { return cap_inode_need_killpriv(dentry); diff --git a/security/security.c b/security/security.c index 3aaad75c9ce8..0d210da9862c 100644 --- a/security/security.c +++ b/security/security.c @@ -2351,6 +2351,75 @@ int security_inode_remove_acl(struct mnt_idmap *idmap, return evm_inode_remove_acl(idmap, dentry, acl_name); } +/** + * security_inode_set_fscaps() - Check if setting fscaps is allowed + * @idmap: idmap of the mount + * @dentry: file + * @caps: fscaps to be written + * @flags: flags for setxattr + * + * Check permission before setting the file capabilities given in @vfs_caps. + * + * Return: Returns 0 if permission is granted. + */ +int security_inode_set_fscaps(struct mnt_idmap *idmap, struct dentry *dentry, + const struct vfs_caps *caps, int flags) +{ + if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) + return 0; + return call_int_hook(inode_set_fscaps, 0, idmap, dentry, caps, flags); +} + +/** + * security_inode_post_set_fscaps() - Update the inode after setting fscaps + * @idmap: idmap of the mount + * @dentry: file + * @caps: fscaps to be written + * @flags: flags for setxattr + * + * Update inode security field after successfully setting fscaps. + * + */ +void security_inode_post_set_fscaps(struct mnt_idmap *idmap, + struct dentry *dentry, + const struct vfs_caps *caps, int flags) +{ + if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) + return; + call_void_hook(inode_post_set_fscaps, idmap, dentry, caps, flags); +} + +/** + * security_inode_get_fscaps() - Check if reading fscaps is allowed + * @dentry: file + * + * Check permission before getting fscaps. + * + * Return: Returns 0 if permission is granted. + */ +int security_inode_get_fscaps(struct mnt_idmap *idmap, struct dentry *dentry) +{ + if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) + return 0; + return call_int_hook(inode_get_fscaps, 0, idmap, dentry); +} + +/** + * security_inode_remove_fscaps() - Check if removing fscaps is allowed + * @idmap: idmap of the mount + * @dentry: file + * + * Check permission before removing fscaps. + * + * Return: Returns 0 if permission is granted. + */ +int security_inode_remove_fscaps(struct mnt_idmap *idmap, struct dentry *dentry) +{ + if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) + return 0; + return call_int_hook(inode_remove_fscaps, 0, idmap, dentry); +} + /** * security_inode_post_setxattr() - Update the inode after a setxattr operation * @dentry: file From patchwork Wed Feb 21 21:24:43 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Seth Forshee (DigitalOcean)" X-Patchwork-Id: 204453 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:693c:2685:b0:108:e6aa:91d0 with SMTP id mn5csp1312406dyc; Wed, 21 Feb 2024 13:40:09 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCVSLtzaC3Czmh/o9TmMl2igXPUEVH7HgxxVqRBtWq2XrOit9N9PAhgLViPbe4CAquQPGauiqerV/j4KpLjpH9YN9NwtBA== X-Google-Smtp-Source: AGHT+IEDwZzSZAt6z8LnSiujTb38FLhTuaBVqVzbRGLV0IwkUgpeFLwgRvzTRVVnNDGdfxP0luCz X-Received: by 2002:a17:902:cec8:b0:1db:cbdd:53f3 with SMTP id d8-20020a170902cec800b001dbcbdd53f3mr14072803plg.38.1708551608899; Wed, 21 Feb 2024 13:40:08 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708551608; cv=pass; d=google.com; s=arc-20160816; b=pj4uisJdjmEZ6YA531fZ5mJM6YQ+xdVqIaFTXczZMfAOTRUcfD1P+excBY1I3AzT/6 IWyRT8WeYl0SfoCCX1gP4uKCQPRSq6nKtysDDQZ6F+MjJj7k/N7uQYw9o5lq8X6CS0Xm KgGqbfI7Xcu03ARPHpQchPu7ZXoqCTiQklmUlk2LaFNZ07oIyqh6r08df93Nqzlcdeg0 1PgDFNwwo/NVTuNRzOZfm628owB8e2glplzSEfKOrwIMIztEVwbe+2S8gGOzb6FrRxKe CBVgouzSmWB85Yekc9aG8gKGCvG2ZvXgvIrXqmflucPtyXJWGpQWLJZW4HmBKH6p2P0x DizA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :subject:date:from:dkim-signature; bh=B9aO7lzpzW3mhyv5YYM8uPpHhTU6vCNpV+hU3DZw2HA=; fh=hxP78V52DM11AQyZLnuoXzboSedtf373GjK953393po=; b=f84QHpVPFZcKJC0ou8gVlMkMHgWxmWbZu5M1cDe1R04vl81rvMcqh9gBFLeLZ1ZkoA t7STd1tsKmYVTmXr4JctbZgbVnXWbMFnIrnbGuAelYxVexsLXxLPcZAngJHEXId9IFKG Qid4ohRys8kEhbokY3WuIR09bzjqH62KLTWw0BOGcjo47dS+2S8tSFeVQY7bo2/dI4th 9kUfI9znvHensH4nDclOeGkyvgnhTrzN2nI0IwRu6f5hUIBA7elOJtpFy8ORDcp8yWs9 ZbADag9l99LcE9ClKq6S+rLGOoFmiEVQ9PcFkSG3X0uluR2xbX1oucLFmwdEkki46EE3 3S/g==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=OE5GYKrN; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-75530-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-75530-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161]) by mx.google.com with ESMTPS id mc3-20020a1709032b0300b001db29be3cafsi8973951plb.564.2024.02.21.13.40.08 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 21 Feb 2024 13:40:08 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-75530-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=OE5GYKrN; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-75530-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-75530-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 7D860B278F0 for ; Wed, 21 Feb 2024 21:32:06 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id C036E154422; Wed, 21 Feb 2024 21:25:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="OE5GYKrN" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A9BA1129A8D; Wed, 21 Feb 2024 21:25:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708550706; cv=none; b=hlK3VS9pe3vS8yvfj6p1JgKAw1i++EvxUKM9r2uLCFfTawzXh1aUUYaxcEPaZtN8NDRjnFibz2GGFQ2bXtodeT4ciDAqwiKcCqdT+e/ffwwnZxNaGirOogw/ACLF/zusf48N+svsZwe6IbRVA9tEvFvTxfnVK/EudO6j+r1yjlc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708550706; c=relaxed/simple; bh=pUWNt9mRsWKZJ1yXibvTabhp6NyYRplMYf4ol2PV1qs=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=myVhcc/Iz1ClZYr66H2sFLie8UTmCTDeYLHO1hr/dkFtGfOEcZS/XNdx+mdZrgR70f8Lrk8tG+fa9H9PIwC0fHG3aafF0Ju/vNWwx/GV9M9nfBIgOpp6TlJ/0Vua29DjZbxlKQ4m0WwL+As7HkdlNUY4K33S/feof2s/W/SHS40= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=OE5GYKrN; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPS id 88E21C3278A; Wed, 21 Feb 2024 21:25:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1708550706; bh=pUWNt9mRsWKZJ1yXibvTabhp6NyYRplMYf4ol2PV1qs=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=OE5GYKrNXbhCRoyzeq1Uxwh+7AvoyiVU4RFHWWAkBoyH2PSfR8louMEYypCkFSBHp /QK88SLmFCXh8vrQRwW+V2vYmQew9jhciIYuZIwtD6xTZjSIyY1SE3xc655mOeYw1K fw6eKTosn8jH4AMfW10Lsbdwxj/xat0kDSqrBjrzfKG+wqDiStz/Dt/Wvp0ddA9006 TWwXHU7e+0tqwxbmUtQi3P2onMllhLHQvTIIMzq1bttKhrawupE4GXNXfGp+rOVXV9 kheVg+z1IPObzaqroVcFaD9glXefaelF990s79FRkFSxhQabeAsHZZj5NNSuc2QG4P QLQVMHn9/W5BA== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 76D09C5478C; Wed, 21 Feb 2024 21:25:06 +0000 (UTC) From: "Seth Forshee (DigitalOcean)" Date: Wed, 21 Feb 2024 15:24:43 -0600 Subject: [PATCH v2 12/25] selinux: add hooks for fscaps operations Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20240221-idmap-fscap-refactor-v2-12-3039364623bd@kernel.org> References: <20240221-idmap-fscap-refactor-v2-0-3039364623bd@kernel.org> In-Reply-To: <20240221-idmap-fscap-refactor-v2-0-3039364623bd@kernel.org> To: Christian Brauner , Seth Forshee , Serge Hallyn , Paul Moore , Eric Paris , James Morris , Alexander Viro , Jan Kara , Stephen Smalley , Ondrej Mosnacek , Casey Schaufler , Mimi Zohar , Roberto Sassu , Dmitry Kasatkin , Eric Snowberg , "Matthew Wilcox (Oracle)" , Jonathan Corbet , Miklos Szeredi , Amir Goldstein Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, audit@vger.kernel.org, selinux@vger.kernel.org, linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org, linux-unionfs@vger.kernel.org X-Mailer: b4 0.12.4 X-Developer-Signature: v=1; a=openpgp-sha256; l=2028; i=sforshee@kernel.org; h=from:subject:message-id; bh=pUWNt9mRsWKZJ1yXibvTabhp6NyYRplMYf4ol2PV1qs=; =?utf-8?q?b=3DowEBbQGS/pANAwAKAVMDma7l9DHJAcsmYgBl1mojvJhyZw9emud3TEu0eTTg0?= =?utf-8?q?ZvRpxQbx/wYTlv3_1foWLWqJATMEAAEKAB0WIQSQnt+rKAvnETy4Hc9TA5mu5fQxy?= =?utf-8?q?QUCZdZqIwAKCRBTA5mu5fQxyUwiB/_94Hwww+Nvwr2i0mm92V1m/muLDxNZ3ichSg?= =?utf-8?q?SbVTXRmFnGLWiqqjMZl3IjV8bIU9kY0uE4x7zfEpBpX_rTcdD3t9JeMPtm8WcBoFc?= =?utf-8?q?lqIlyRYkgBIkPLFiY2Vb+GmlW/HPp0p7gXrkdXLnqRb2JLOEGjY3ReRrm_gx2B15b?= =?utf-8?q?lpH1tEHAitlNwTMg6Wlt+MkUqvPIXsiYP4hseEFG3GRmrmtLK8VDfPFmy0HO4Mkay?= =?utf-8?q?GhMzDS_piT9CYjbYEIlnSpJFWwC7agQMDtzoUNqlU4zRIOSjOTGd+/O8lHnI0mqol?= =?utf-8?q?xe+jhCS0DXiQ3StnEUTj?= AJXJqyr0z/OYbUCf//HFYSGghhbxur X-Developer-Key: i=sforshee@kernel.org; a=openpgp; fpr=2ABCA7498D83E1D32D51D3B5AB4800A62DB9F73A X-Endpoint-Received: by B4 Relay for sforshee@kernel.org/default with auth_id=103 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1791546211893030364 X-GMAIL-MSGID: 1791546211893030364 Add hooks for set/get/remove fscaps operations which perform the same checks as the xattr hooks would have done for XATTR_NAME_CAPS. Signed-off-by: Seth Forshee (DigitalOcean) --- security/selinux/hooks.c | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index a6bf90ace84c..da129a387b34 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -3367,6 +3367,29 @@ static int selinux_inode_removexattr(struct mnt_idmap *idmap, return -EACCES; } +static int selinux_inode_set_fscaps(struct mnt_idmap *idmap, + struct dentry *dentry, + const struct vfs_caps *caps, int flags) +{ + return dentry_has_perm(current_cred(), dentry, FILE__SETATTR); +} + +static int selinux_inode_get_fscaps(struct mnt_idmap *idmap, + struct dentry *dentry) +{ + return dentry_has_perm(current_cred(), dentry, FILE__GETATTR); +} + +static int selinux_inode_remove_fscaps(struct mnt_idmap *idmap, + struct dentry *dentry) +{ + int rc = cap_inode_removexattr(idmap, dentry, XATTR_NAME_CAPS); + if (rc) + return rc; + + return dentry_has_perm(current_cred(), dentry, FILE__SETATTR); +} + static int selinux_path_notify(const struct path *path, u64 mask, unsigned int obj_type) { @@ -7165,6 +7188,9 @@ static struct security_hook_list selinux_hooks[] __ro_after_init = { LSM_HOOK_INIT(inode_set_acl, selinux_inode_set_acl), LSM_HOOK_INIT(inode_get_acl, selinux_inode_get_acl), LSM_HOOK_INIT(inode_remove_acl, selinux_inode_remove_acl), + LSM_HOOK_INIT(inode_set_fscaps, selinux_inode_set_fscaps), + LSM_HOOK_INIT(inode_get_fscaps, selinux_inode_get_fscaps), + LSM_HOOK_INIT(inode_remove_fscaps, selinux_inode_remove_fscaps), LSM_HOOK_INIT(inode_getsecurity, selinux_inode_getsecurity), LSM_HOOK_INIT(inode_setsecurity, selinux_inode_setsecurity), LSM_HOOK_INIT(inode_listsecurity, selinux_inode_listsecurity), From patchwork Wed Feb 21 21:24:44 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Seth Forshee (DigitalOcean)" X-Patchwork-Id: 204442 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:693c:2685:b0:108:e6aa:91d0 with SMTP id mn5csp1309561dyc; Wed, 21 Feb 2024 13:33:00 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCWIRU3uehdXLFpeLrIBrRG1/SszpQFVXTVie4PJljZcM9Kt25bh4UynDFcTD0u/nR6hpmjTgdfPVtwKtZ32cNytSLwRgg== X-Google-Smtp-Source: AGHT+IGidVs1oMeOvG81RVZgTAVS9IrlWjRR9DI1OAvQXUib+HQZRT2ubNFL/bRNtBe2I2Qkn5Gn X-Received: by 2002:a0c:dc05:0:b0:68f:3df6:cd6f with SMTP id s5-20020a0cdc05000000b0068f3df6cd6fmr15102944qvk.23.1708551180767; Wed, 21 Feb 2024 13:33:00 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708551180; cv=pass; d=google.com; s=arc-20160816; b=jX0ovK8q50fRycbbdlOjVYv5UCGAhGGdzrrOZLp82H5iVyPGotbdRNvx2YDfvFGxO9 d+ipPzwVZ9xQiZXYebf1jLPVeiasdGRzlsWRwO0ZCNbEbkpzdwwsH6xIh88gu3TXIRqf Es0p34ZQ/Rw2pfPqaX8kM2HqeTk9i5vY4ISZOqVNIV64igjhQ81/Jk5jEocJKCw4r37q j2sBjkZeBlPmxnoqXerjwaR8FZcpcx7ElV3/PXpEsKJ/GoSTiOBQSyW1vfrEnQUYGAOQ lsC1OhCZoGEM0FyKXW27tbduv3eUgWAxfBUCXHc+DqvqKbp8Nmpc50MRddblrFuLfPdt nMUA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :subject:date:from:dkim-signature; bh=94Z5nefCyFNPlwFFck9rbBosDtshjyTkuNdUw6UCVBw=; fh=hxP78V52DM11AQyZLnuoXzboSedtf373GjK953393po=; b=bLw3zJ9hnP3sPLeiVePZJjiolvA/BGEx4KtwLC5ccAsf3bkmUhs0dAL9w5robQYPOy xDkvTPwQpLvVErfjxGpH0gCdOb5LCmjIa2G5uw6gPyhwU67a1EvayD1IG+AuaKAm6CiI MmQ6nSTCsUHCA1yT9frM7VNBh/4cs6hTP/3tBqfIoTkz7Y80rPaMZuBzNhkc4zfMKD20 KUZtH684+M1ENU7ToTExKZHHf7f1OL/Z2M9JFBm1r6bu6qkcwlJiK477GXoOTWFIkvbZ WYnZfcaFSdT1huEm3yCYt0JKRY/KzoMqoQpyd/PWbnajS8fKkMI0uNZkCTkEmPlUhoMy OBqw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=PDKdLcLA; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-75534-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-75534-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id 10-20020a0562140d4a00b0068f5fe88aa6si9010229qvr.34.2024.02.21.13.33.00 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 21 Feb 2024 13:33:00 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-75534-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=PDKdLcLA; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-75534-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-75534-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 6D8CF1C21EB5 for ; Wed, 21 Feb 2024 21:33:00 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 0F8A0155A43; Wed, 21 Feb 2024 21:25:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="PDKdLcLA" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C577212AACD; Wed, 21 Feb 2024 21:25:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708550706; cv=none; b=IHNZD6d39L87TCy94cWelc33WtjygsZ0xr1PBrYKxK7if0yUx4JyzPKrinCJd4vh1l8IAw50RWqvPAb4L5wtGGLojCpv/g8881Qts1rXwR01C84mKsVJsJ+wCAdUXGKB+RQu3gNzokSxI7NIXSBTFKWkDvTTBzw+LfLaS6tlO6E= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708550706; c=relaxed/simple; bh=YiCWnmvB8338QqWiqSd4eJ/jOoBDPxjCWf8ETipJD0I=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=akAcypcQxT6ZiaFrOTP/g/cWCqiY7eFXCr5a5oNEHRT8HM99wRgr66l/vsepBhDAN+NtIAOROtw0RDx/l9IAPgBIz0R0ms5PzrXzMqRz0Wciw0QmaOBgBIxn+KRvTbzdZqyvqyzfVBcsblmDRsKBlsD69oHKKSOM0VI7leJTdg8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=PDKdLcLA; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPS id 9CD28C3278C; Wed, 21 Feb 2024 21:25:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1708550706; bh=YiCWnmvB8338QqWiqSd4eJ/jOoBDPxjCWf8ETipJD0I=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=PDKdLcLANpifEiadIoWlJMyghRFtRhfHhPnLCDlmoF9CpDfb3TjWhrTzGIU/Wpz9U lIrdLZr+Zm1PHC17yDX79paaM5tsJ7NiwiBNfLdHj1o94zBqB4JBXHMVMqPZagmkRE X5T5YIA58J1NPm32Q19UguByGYvoS31Pif76BDl/jJgbUKjljzVqzDwEWuGIj7z0JE Q0uYK7UhKkAuFddDuuBrsjjZ+xRqcN+64ggZh8XRl7Fk/Nxuu0foiy8jn8w/+M89CX Uc+8vcTLrl7Ws+2GJAyH9cgg4J2tFXM0JkhaJAQ97zLf495Cb/p2ioXvFr8VjIocKu DE4eLm26q/HyA== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 89496C48BEB; Wed, 21 Feb 2024 21:25:06 +0000 (UTC) From: "Seth Forshee (DigitalOcean)" Date: Wed, 21 Feb 2024 15:24:44 -0600 Subject: [PATCH v2 13/25] smack: add hooks for fscaps operations Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20240221-idmap-fscap-refactor-v2-13-3039364623bd@kernel.org> References: <20240221-idmap-fscap-refactor-v2-0-3039364623bd@kernel.org> In-Reply-To: <20240221-idmap-fscap-refactor-v2-0-3039364623bd@kernel.org> To: Christian Brauner , Seth Forshee , Serge Hallyn , Paul Moore , Eric Paris , James Morris , Alexander Viro , Jan Kara , Stephen Smalley , Ondrej Mosnacek , Casey Schaufler , Mimi Zohar , Roberto Sassu , Dmitry Kasatkin , Eric Snowberg , "Matthew Wilcox (Oracle)" , Jonathan Corbet , Miklos Szeredi , Amir Goldstein Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, audit@vger.kernel.org, selinux@vger.kernel.org, linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org, linux-unionfs@vger.kernel.org X-Mailer: b4 0.12.4 X-Developer-Signature: v=1; a=openpgp-sha256; l=3419; i=sforshee@kernel.org; h=from:subject:message-id; bh=YiCWnmvB8338QqWiqSd4eJ/jOoBDPxjCWf8ETipJD0I=; =?utf-8?q?b=3DowEBbQGS/pANAwAKAVMDma7l9DHJAcsmYgBl1mokwpT6Wd5LYVT0NdW4vUmGJ?= =?utf-8?q?H9U+1d+cLjm5vxy_ILld6IGJATMEAAEKAB0WIQSQnt+rKAvnETy4Hc9TA5mu5fQxy?= =?utf-8?q?QUCZdZqJAAKCRBTA5mu5fQxyRbFB/_99rEgJl1COtBpH35uJRkwXLKAW2bI3ehYcq?= =?utf-8?q?wDZaWHYMV9allq0ZPBy2JON08GqXpiydvLVO/Ln9mCh_rrBTyNabTPZ5+6inOHWHz?= =?utf-8?q?Yen+5m4e//T+aD3C35Iu+fYOp1VWDMreKV9CBPDc+o7smjDrcwTT5U3HU_T+MiwUE?= =?utf-8?q?lmV0hrCl9mx1x6ZQ+OZDxR0wxJWjByWHuSobI8LpfwHLfOtNvETMAFmzDNRcoKxdH?= =?utf-8?q?lFIdgb_mLUONM0sKkjjuohgodnMIV64F6StQ4LkZuRqT/sMkNOSOPTPg69udW4Cj0?= =?utf-8?q?fS+JLVxodaQqo5+IAO07?= HkN+gK7eFDKtfF0Q+djswLOfkjsTiZ X-Developer-Key: i=sforshee@kernel.org; a=openpgp; fpr=2ABCA7498D83E1D32D51D3B5AB4800A62DB9F73A X-Endpoint-Received: by B4 Relay for sforshee@kernel.org/default with auth_id=103 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1791545762928508670 X-GMAIL-MSGID: 1791545762928508670 Add hooks for set/get/remove fscaps operations which perform the same checks as the xattr hooks would have done for XATTR_NAME_CAPS. Signed-off-by: Seth Forshee (DigitalOcean) --- security/smack/smack_lsm.c | 71 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 71 insertions(+) diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 0fdbf04cc258..1eaa89dede6b 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -1530,6 +1530,74 @@ static int smack_inode_remove_acl(struct mnt_idmap *idmap, return rc; } +/** + * smack_inode_set_fscaps - Smack check for setting file capabilities + * @mnt_userns: the userns attached to the source mnt for this request + * @detry: the object + * @caps: the file capabilities + * @flags: unused + * + * Returns 0 if the access is permitted, or an error code otherwise. + */ +static int smack_inode_set_fscaps(struct mnt_idmap *idmap, + struct dentry *dentry, + const struct vfs_caps *caps, int flags) +{ + struct smk_audit_info ad; + int rc; + + smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); + smk_ad_setfield_u_fs_path_dentry(&ad, dentry); + rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); + rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); + return rc; +} + +/** + * smack_inode_get_fscaps - Smack check for getting file capabilities + * @dentry: the object + * + * Returns 0 if access is permitted, an error code otherwise + */ +static int smack_inode_get_fscaps(struct mnt_idmap *idmap, + struct dentry *dentry) +{ + struct smk_audit_info ad; + int rc; + + smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); + smk_ad_setfield_u_fs_path_dentry(&ad, dentry); + + rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_READ, &ad); + rc = smk_bu_inode(d_backing_inode(dentry), MAY_READ, rc); + return rc; +} + +/** + * smack_inode_remove_acl - Smack check for removing file capabilities + * @idmap: idmap of the mnt this request came from + * @dentry: the object + * + * Returns 0 if access is permitted, an error code otherwise + */ +static int smack_inode_remove_fscaps(struct mnt_idmap *idmap, + struct dentry *dentry) +{ + struct smk_audit_info ad; + int rc; + + rc = cap_inode_removexattr(idmap, dentry, XATTR_NAME_CAPS); + if (rc != 0) + return rc; + + smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); + smk_ad_setfield_u_fs_path_dentry(&ad, dentry); + + rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); + rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); + return rc; +} + /** * smack_inode_getsecurity - get smack xattrs * @idmap: idmap of the mount @@ -5045,6 +5113,9 @@ static struct security_hook_list smack_hooks[] __ro_after_init = { LSM_HOOK_INIT(inode_set_acl, smack_inode_set_acl), LSM_HOOK_INIT(inode_get_acl, smack_inode_get_acl), LSM_HOOK_INIT(inode_remove_acl, smack_inode_remove_acl), + LSM_HOOK_INIT(inode_set_fscaps, smack_inode_set_fscaps), + LSM_HOOK_INIT(inode_get_fscaps, smack_inode_get_fscaps), + LSM_HOOK_INIT(inode_remove_fscaps, smack_inode_remove_fscaps), LSM_HOOK_INIT(inode_getsecurity, smack_inode_getsecurity), LSM_HOOK_INIT(inode_setsecurity, smack_inode_setsecurity), LSM_HOOK_INIT(inode_listsecurity, smack_inode_listsecurity), From patchwork Wed Feb 21 21:24:45 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Seth Forshee (DigitalOcean)" X-Patchwork-Id: 204443 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:693c:2685:b0:108:e6aa:91d0 with SMTP id mn5csp1309638dyc; Wed, 21 Feb 2024 13:33:11 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCUvh7md7+45PKbOzIgOOpsBGbPHNHciN4YjTWBp+dpy4C1Pyd/mci5f8wQuRlgYR0rKJhPVz3VtVkmH26MpVxKiLwHIgQ== X-Google-Smtp-Source: AGHT+IFqctIIkAEfEb3b5Ijtv7+SVmJqXQjI5TCIu52M61X+RL9DYCHGT5cl8Fd4qq6KRUTnl+l/ X-Received: by 2002:a05:620a:28c9:b0:785:c3b7:4e84 with SMTP id l9-20020a05620a28c900b00785c3b74e84mr1465570qkp.35.1708551191184; Wed, 21 Feb 2024 13:33:11 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708551191; cv=pass; d=google.com; s=arc-20160816; b=YW14hgIUXnkkr7NvpipcEBrvCNk0vaC2BX5mlDr+rlu1rkKmZOb8Ci/ZxDAv4G31sh pq6SVpFv0xmBwCHPmQl+2RYnnKfOh1WHo9DnaRrqEbQMWsFFvaafQey1w4LfyHdNVVCH 3GeCKzv/ZY6WNm0r6YoZcU3fDlNqypB0OUegzNqLT/m73QJxpzYHkSlyl/TC/i+xOWr2 FrF9vbAArV993mfMzVDG70UgDr/dRt/u0lywN9WWEKZXV/wmKQE8gaOp1/dU6AWTuCDA F/DA/bZOkk3jbZ8ngjrk+BqDv+69D6G3f8WDAxq4KTc8GZ6PmJ3C+8S/yRuZbwKwA2dV c30w== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :subject:date:from:dkim-signature; bh=b1IDF3aH5HXVC/FJSW8VHIujSHQVfJnmoSSED6BXwx0=; fh=hxP78V52DM11AQyZLnuoXzboSedtf373GjK953393po=; b=uRSnRzhxtifewbV2qc+zBSMbkOfvPCQC/BVecoZLbJSjs8ZzOzCCaitOrl+BZnP1dF vdcFqJq0FuCUZlFvICAzBKRqVumukw0su1GazAhLwB3BNmVnVXiwgV+IyPs7vX6xzKaO z7x/gUXgcnZHV33mlmPnuA8UZZRq+xftX3je/FDcZkRTjAUVinHjSA4U8OKJIYwTJpoU 7Z9P3mdqb1CIgag87fGyacdFlHA8FFl6PxymUy4mMVvZ8jPeoRlYykZtWmp3Wg+7OsTI ZClmTctY90U87Nb59u0M+1gCCShJeVUErQdoJBXEphikMFBm/FAfyLPreV5EzjruCwgr aVWQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=lzqK00wH; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-75535-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-75535-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id a17-20020a05620a103100b007876a589548si6871702qkk.321.2024.02.21.13.33.11 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 21 Feb 2024 13:33:11 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-75535-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=lzqK00wH; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-75535-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-75535-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id E3CC31C230C3 for ; Wed, 21 Feb 2024 21:33:10 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 3DF08155A5F; Wed, 21 Feb 2024 21:25:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="lzqK00wH" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D598712AAE2; Wed, 21 Feb 2024 21:25:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708550707; cv=none; b=bxM94GCzQ6Qi8Oqgyl3TXv3uJYZ9iMhg/RGGlvSPa+TAp14XczAA2Ous2lD0nBlkzGMnR497dyekF3NdkT/FhSNMTs6NzHzN9r8izkAS/bWt3W0IPYYHdjlUCecZV/BorsvcGPMMLAXfAPTxnRi9GDSowapVC60YNn9Y/qDM0V4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708550707; c=relaxed/simple; bh=Yr3ph0XCYOXrp9CXWdQMd7IWQbhJjbtCnaMZrcY53gY=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=bw/i2eZcirMgisYTFexaGG9ezqUkiUYSYFEU+WtPovHo4VU8V3IqA05fTFXLS+DN4TvL2cEnJLSvjX0TOWdEzpSuz5fHhCvBZaJx7MfK8b9lM00FIad3Jy99EUTXQrsRps9bBdoc4YQaaye80Lw9V9zYqnj0ga/oJN3aFUq5ljw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=lzqK00wH; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPS id B5D8FC32790; Wed, 21 Feb 2024 21:25:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1708550706; bh=Yr3ph0XCYOXrp9CXWdQMd7IWQbhJjbtCnaMZrcY53gY=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=lzqK00wHaspxkj8s4YixHYBHO5uRXAEZjNOy9Tt0Z+zVFhBNoRvYu/G86zief0nKx DOC8vrh8C8IjEHbdu7wwreh1NNB3LwwbqMH0XaZWH+IykU6H5BTj1w/GUbwEY07O5Z pvwC+B2b6olS/XcTYKLHEbL6kmg/L1ovWhiGt+wN7z3/EUgIDJm5CNvALRd0UvLCPr YN7WDcK0FDtDVAfriM9B0F3WsZlZvlWdTcQPII7bNMfNd41fGQdq/VjOUrAZzeTnvH ZJaeZRN5maBuF9hI2NOJ5ijYh2cBqpS/xIahdqiP82EiiWzznvttVF2LXIWeD/RRi7 EhxIDDDI3G5bw== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9E1A0C54791; Wed, 21 Feb 2024 21:25:06 +0000 (UTC) From: "Seth Forshee (DigitalOcean)" Date: Wed, 21 Feb 2024 15:24:45 -0600 Subject: [PATCH v2 14/25] evm: add support for fscaps security hooks Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20240221-idmap-fscap-refactor-v2-14-3039364623bd@kernel.org> References: <20240221-idmap-fscap-refactor-v2-0-3039364623bd@kernel.org> In-Reply-To: <20240221-idmap-fscap-refactor-v2-0-3039364623bd@kernel.org> To: Christian Brauner , Seth Forshee , Serge Hallyn , Paul Moore , Eric Paris , James Morris , Alexander Viro , Jan Kara , Stephen Smalley , Ondrej Mosnacek , Casey Schaufler , Mimi Zohar , Roberto Sassu , Dmitry Kasatkin , Eric Snowberg , "Matthew Wilcox (Oracle)" , Jonathan Corbet , Miklos Szeredi , Amir Goldstein Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, audit@vger.kernel.org, selinux@vger.kernel.org, linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org, linux-unionfs@vger.kernel.org X-Mailer: b4 0.12.4 X-Developer-Signature: v=1; a=openpgp-sha256; l=4327; i=sforshee@kernel.org; h=from:subject:message-id; bh=Yr3ph0XCYOXrp9CXWdQMd7IWQbhJjbtCnaMZrcY53gY=; =?utf-8?q?b=3DowEBbQGS/pANAwAKAVMDma7l9DHJAcsmYgBl1mol25TRgD1iHEn0O+Lzt/PUv?= =?utf-8?q?oaNtWltRiGhhXzf_m3QV75SJATMEAAEKAB0WIQSQnt+rKAvnETy4Hc9TA5mu5fQxy?= =?utf-8?q?QUCZdZqJQAKCRBTA5mu5fQxyS9CB/_9kSIwlWp/cTH5n9oXEiY7IRY7QctvMWegFy?= =?utf-8?q?imx7di5G0HHXG0GkFzYw+GCyZNDCVL5R5AuZIagZMKH_cytRQKwJZdn+UxoBt7VxR?= =?utf-8?q?cVA0NXxcM5vRXXYDzuNpVQNmbfH5HvHaFvaIDzOEYFmJqsIW/jaxzfWVB_RjglGLz?= =?utf-8?q?pDryq2M/ZCsQx9KBTGmEwTBnxzalQNyrtvXgG4UHhg2ZBqBAWhD3SNXDCf7Ii95JG?= =?utf-8?q?mya1vE_xyBqVMzbjM3/l+t7NBgQWvLHaHz7A3od4uGdwyYRfroyU95TFJcCTgcv4b?= =?utf-8?q?gK682Ja2e9Zo3X4dw5Wp?= Ka5r0Q2dpUgYDHMm+pijpjRjRaNrcP X-Developer-Key: i=sforshee@kernel.org; a=openpgp; fpr=2ABCA7498D83E1D32D51D3B5AB4800A62DB9F73A X-Endpoint-Received: by B4 Relay for sforshee@kernel.org/default with auth_id=103 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1791545774109021468 X-GMAIL-MSGID: 1791545774109021468 Support the new fscaps security hooks by converting the vfs_caps to raw xattr data and then handling them the same as other xattrs. Signed-off-by: Seth Forshee (DigitalOcean) --- include/linux/evm.h | 39 +++++++++++++++++++++++++ security/integrity/evm/evm_main.c | 60 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 99 insertions(+) diff --git a/include/linux/evm.h b/include/linux/evm.h index 36ec884320d9..aeb9ff52ad22 100644 --- a/include/linux/evm.h +++ b/include/linux/evm.h @@ -57,6 +57,20 @@ static inline void evm_inode_post_set_acl(struct dentry *dentry, { return evm_inode_post_setxattr(dentry, acl_name, NULL, 0); } +extern int evm_inode_set_fscaps(struct mnt_idmap *idmap, + struct dentry *dentry, + const struct vfs_caps *caps, int flags); +static inline int evm_inode_remove_fscaps(struct dentry *dentry) +{ + return evm_inode_set_fscaps(&nop_mnt_idmap, dentry, NULL, XATTR_REPLACE); +} +extern void evm_inode_post_set_fscaps(struct mnt_idmap *idmap, + struct dentry *dentry, + const struct vfs_caps *caps, int flags); +static inline void evm_inode_post_remove_fscaps(struct dentry *dentry) +{ + return evm_inode_post_set_fscaps(&nop_mnt_idmap, dentry, NULL, 0); +} int evm_inode_init_security(struct inode *inode, struct inode *dir, const struct qstr *qstr, struct xattr *xattrs, @@ -164,6 +178,31 @@ static inline void evm_inode_post_set_acl(struct dentry *dentry, return; } +static inline int evm_inode_set_fscaps(struct mnt_idmap *idmap, + struct dentry *dentry, + const struct vfs_caps *caps, int flags) +{ + return 0; +} + +static inline int evm_inode_remove_fscaps(struct dentry *dentry) +{ + return 0; +} + +static inline void evm_inode_post_set_fscaps(struct mnt_idmap *idmap, + struct dentry *dentry, + const struct vfs_caps *caps, + int flags) +{ + return; +} + +static inline void evm_inode_post_remove_fscaps(struct dentry *dentry) +{ + return; +} + static inline int evm_inode_init_security(struct inode *inode, struct inode *dir, const struct qstr *qstr, struct xattr *xattrs, diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c index cc7956d7878b..ecf4634a921a 100644 --- a/security/integrity/evm/evm_main.c +++ b/security/integrity/evm/evm_main.c @@ -805,6 +805,66 @@ void evm_inode_post_removexattr(struct dentry *dentry, const char *xattr_name) evm_update_evmxattr(dentry, xattr_name, NULL, 0); } +int evm_inode_set_fscaps(struct mnt_idmap *idmap, struct dentry *dentry, + const struct vfs_caps *caps, int flags) +{ + struct inode *inode = d_inode(dentry); + struct vfs_ns_cap_data nscaps; + const void *xattr_data = NULL; + int size = 0; + + /* Policy permits modification of the protected xattrs even though + * there's no HMAC key loaded + */ + if (evm_initialized & EVM_ALLOW_METADATA_WRITES) + return 0; + + if (caps) { + size = vfs_caps_to_xattr(idmap, i_user_ns(inode), caps, &nscaps, + sizeof(nscaps)); + if (size < 0) + return size; + xattr_data = &nscaps; + } + + return evm_protect_xattr(idmap, dentry, XATTR_NAME_CAPS, xattr_data, size); +} + +void evm_inode_post_set_fscaps(struct mnt_idmap *idmap, struct dentry *dentry, + const struct vfs_caps *caps, int flags) +{ + struct inode *inode = d_inode(dentry); + struct vfs_ns_cap_data nscaps; + const void *xattr_data = NULL; + int size = 0; + + if (!evm_revalidate_status(XATTR_NAME_CAPS)) + return; + + evm_reset_status(dentry->d_inode); + + if (!(evm_initialized & EVM_INIT_HMAC)) + return; + + if (is_unsupported_fs(dentry)) + return; + + if (caps) { + size = vfs_caps_to_xattr(idmap, i_user_ns(inode), caps, &nscaps, + sizeof(nscaps)); + /* + * The fscaps here should have been converted to an xattr by + * evm_inode_set_fscaps() already, so a failure to convert + * here is a bug. + */ + if (WARN_ON_ONCE(size < 0)) + return; + xattr_data = &nscaps; + } + + evm_update_evmxattr(dentry, XATTR_NAME_CAPS, xattr_data, size); +} + static int evm_attr_change(struct mnt_idmap *idmap, struct dentry *dentry, struct iattr *attr) { From patchwork Wed Feb 21 21:24:46 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Seth Forshee (DigitalOcean)" X-Patchwork-Id: 204460 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:693c:2685:b0:108:e6aa:91d0 with SMTP id mn5csp1313192dyc; Wed, 21 Feb 2024 13:42:13 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCVkmNdWpZ7uGC6//8jVnreog2LY33rFAk/yZPIv6kVVBPEpSnR3oFkpcH237dvk+zy9hou3AYCC/hjCDHayVQhoFg/Kww== X-Google-Smtp-Source: AGHT+IFvbLG5Nmv5n+dxffGrOVLO8O2W7W17Z3ZlhE7PLwajGnfwGzzOLIOBQzuJae9jN6n8986W X-Received: by 2002:a17:906:69d0:b0:a3c:af7e:1660 with SMTP id g16-20020a17090669d000b00a3caf7e1660mr13643435ejs.22.1708551733492; Wed, 21 Feb 2024 13:42:13 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708551733; cv=pass; d=google.com; s=arc-20160816; b=imN3pMkRG+TJavxJCajnFPnacEzPmZr5Vw00XInbK+CSFbGqkwthko89lfbohyQ6t9 8A/8ZsRauFuwgM5gogBT/nuWYLkjONrDfAFCRWlpTWKaoZwFdIslfWV9nV+hkyQSHc/R a7v90EEf3PhswDdPOOq0RTzHff/iH2XjQAV1IHBl7UZma26MhW8GE9GPYWVF5s/6QAco S2KJ2oQpU+0CbeWYia6STieSG/hNSqWC5Mw0gX+m5TYMdMJNcjpHNM6Ux2HwXxQJMdsW xRerTtCqNoLRMyK84/2WG007IfZ1gTLNlRoGvR/7D2XnyaLKnlj0ArPX8vxAqv66wV1A uVDg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :subject:date:from:dkim-signature; bh=dqGPM/8O4YzrlohKrXDY5OcHSMo6BOFuaLZIj2wce88=; fh=hxP78V52DM11AQyZLnuoXzboSedtf373GjK953393po=; b=YXDXZZEXlTAduczLcN+lVfe4Jz3o0kY5wArLB/BWRJPSwDfYeVBglrX5v9nH/t2J59 vd3LoDcOuU5yLKUv6uc48b8/k4RXqV7YKr4fQIczh1z315XVQwy8me5jHhrFgFHFv0N4 E/3p4VgPmM3BVk+cPyTwsTEu2zzpIUq97vtKY2xGW/9A7bS4qHEyQHW/hI4ry16fofRP xw66bV4vskrSFRplt+eDBnq+cfDJbMYIrfcoweSibHd5y/qWXW91dN93lJzQPg8G3LQj BpBOQYNmcL2SdPrbGuCR3nkJnxnC9n0R6N4aQHcc6uNPshF9dcTHnnHDilvavl9fkzvP D1RA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=ScFEMz6F; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-75542-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-75542-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id hr15-20020a1709073f8f00b00a3e8157211fsi3611762ejc.4.2024.02.21.13.42.13 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 21 Feb 2024 13:42:13 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-75542-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=ScFEMz6F; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-75542-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-75542-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 3309F1F2518F for ; Wed, 21 Feb 2024 21:35:09 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 1B4F7158D77; Wed, 21 Feb 2024 21:25:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="ScFEMz6F" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EEBFF12B176; Wed, 21 Feb 2024 21:25:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708550707; cv=none; b=nvK7NW0t3P35Ozc+byRM6qG0k1I5fm0Mx+SAORJbtZu31DwFeafs+K0A3k5hf3825pWO0QKtLMuwGqP/EU+sLopTb7FncyGKPcSdNUDhdB/KC5KKA1ygK7Wf7lh0Wx3uSQFPFzS8NuybOHRChlGlcFB38LLSSMIJsjJglr1BZC0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708550707; c=relaxed/simple; bh=CJx4jVGIRqQ1qdmTj2y9zLMKH38BdGpPQGSp5yBCQqY=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=RsSjfPSZE4aHzTEE1oVRx7CuTu3dE7UH05dTc66Nh9j45hHpH8G3mnn3MC0dnM1hDJnxQhgR0IsJcCDjD2vVyAGXoUZK/zbVpptTfPypISd4uoVcayc5zsIu8xRSJ+DdI4QGc2wUWoEPgYrZktaZD8ZaX122lO8gwihHQJ1NUJM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=ScFEMz6F; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPS id CB04AC32795; Wed, 21 Feb 2024 21:25:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1708550706; bh=CJx4jVGIRqQ1qdmTj2y9zLMKH38BdGpPQGSp5yBCQqY=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=ScFEMz6FlokZomeuAvsLqnXQTflRHEh6BIQBe96Ib9pULn8Wj4+DpC7Xfs8aTexs7 qTiVdQUGtX+RU3zggTNkWmIrVpcMUO6N+cwr43fGo9nWV/a5PLS4ItLlRmU9FbrqIB 5Fqw36ofvD0sLbq9fFeIkUSaRu2bFetOjiQk+SpXaVH/bo3+jCjulvqWK0vKRULblx 2LRZiCwub+3/tki2vXE72U2ySzZt7yQa0Fh+FnnVf6+9pIJpgArXMkOTlvYnR1Yx2p pMyEmo3Yf/KuwhCrM2ulibMDJ6mZDj1XgQCNFQHu4B3b7bRKxg/Rx4wNmsitGS/MvI AzKnC3SypEVcw== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id B7938C48BEB; Wed, 21 Feb 2024 21:25:06 +0000 (UTC) From: "Seth Forshee (DigitalOcean)" Date: Wed, 21 Feb 2024 15:24:46 -0600 Subject: [PATCH v2 15/25] security: call evm fscaps hooks from generic security hooks Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20240221-idmap-fscap-refactor-v2-15-3039364623bd@kernel.org> References: <20240221-idmap-fscap-refactor-v2-0-3039364623bd@kernel.org> In-Reply-To: <20240221-idmap-fscap-refactor-v2-0-3039364623bd@kernel.org> To: Christian Brauner , Seth Forshee , Serge Hallyn , Paul Moore , Eric Paris , James Morris , Alexander Viro , Jan Kara , Stephen Smalley , Ondrej Mosnacek , Casey Schaufler , Mimi Zohar , Roberto Sassu , Dmitry Kasatkin , Eric Snowberg , "Matthew Wilcox (Oracle)" , Jonathan Corbet , Miklos Szeredi , Amir Goldstein Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, audit@vger.kernel.org, selinux@vger.kernel.org, linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org, linux-unionfs@vger.kernel.org X-Mailer: b4 0.12.4 X-Developer-Signature: v=1; a=openpgp-sha256; l=1658; i=sforshee@kernel.org; h=from:subject:message-id; bh=CJx4jVGIRqQ1qdmTj2y9zLMKH38BdGpPQGSp5yBCQqY=; =?utf-8?q?b=3DowEBbQGS/pANAwAKAVMDma7l9DHJAcsmYgBl1molI6sVtDD31t+ZdHf1WoPke?= =?utf-8?q?0imykwNoYOzlcEa_MLxxYsqJATMEAAEKAB0WIQSQnt+rKAvnETy4Hc9TA5mu5fQxy?= =?utf-8?q?QUCZdZqJQAKCRBTA5mu5fQxyUmKB/_sG1SON2b9GiN9agwuQ8lNxw2IHmhmbxgz33?= =?utf-8?q?hhQ2tViUIItDAJSIkNy5i0HyqiJgPzP/w1VR+NSBYZ3_rze6gn/V7wNsI6T4BHcLg?= =?utf-8?q?Xfr/PP7enV45rcBxOGWDoeBgrvhVY2RIIRwv0+5nKw+ZUUoxMJyIXsguH_AQe19vJ?= =?utf-8?q?zujrIFbKdZ5VySsugJ5uN9keqsl3z8Qth5BpJ4cml1+ab/U3rPxAwFa/t2OH6DxBK?= =?utf-8?q?RvYF0c_GVb+YvhlZ+LDNcy1vbiuUqcuEeEatxNwdefLfn1dBPKNGW6/nY86XhjMB6?= =?utf-8?q?6KBqJqPp/VEC20A/hPcB?= ne6Sf/61X39xbpD+uZnRFwaVm9Ag8L X-Developer-Key: i=sforshee@kernel.org; a=openpgp; fpr=2ABCA7498D83E1D32D51D3B5AB4800A62DB9F73A X-Endpoint-Received: by B4 Relay for sforshee@kernel.org/default with auth_id=103 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1791546342494552282 X-GMAIL-MSGID: 1791546342494552282 Signed-off-by: Seth Forshee (DigitalOcean) --- security/security.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/security/security.c b/security/security.c index 0d210da9862c..f515d8430318 100644 --- a/security/security.c +++ b/security/security.c @@ -2365,9 +2365,14 @@ int security_inode_remove_acl(struct mnt_idmap *idmap, int security_inode_set_fscaps(struct mnt_idmap *idmap, struct dentry *dentry, const struct vfs_caps *caps, int flags) { + int ret; + if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) return 0; - return call_int_hook(inode_set_fscaps, 0, idmap, dentry, caps, flags); + ret = call_int_hook(inode_set_fscaps, 0, idmap, dentry, caps, flags); + if (ret) + return ret; + return evm_inode_set_fscaps(idmap, dentry, caps, flags); } /** @@ -2387,6 +2392,7 @@ void security_inode_post_set_fscaps(struct mnt_idmap *idmap, if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) return; call_void_hook(inode_post_set_fscaps, idmap, dentry, caps, flags); + evm_inode_post_set_fscaps(idmap, dentry, caps, flags); } /** @@ -2415,9 +2421,14 @@ int security_inode_get_fscaps(struct mnt_idmap *idmap, struct dentry *dentry) */ int security_inode_remove_fscaps(struct mnt_idmap *idmap, struct dentry *dentry) { + int ret; + if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) return 0; - return call_int_hook(inode_remove_fscaps, 0, idmap, dentry); + ret = call_int_hook(inode_remove_fscaps, 0, idmap, dentry); + if (ret) + return ret; + return evm_inode_remove_fscaps(dentry); } /** From patchwork Wed Feb 21 21:24:47 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Seth Forshee (DigitalOcean)" X-Patchwork-Id: 204446 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:693c:2685:b0:108:e6aa:91d0 with SMTP id mn5csp1310656dyc; Wed, 21 Feb 2024 13:35:42 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCWKcr51crQ60mYuZEGbo4gExTeR6IjYeQoqW5ino1Ryv66uUSuQ5x9g5qwWqrIO1CxsVGEzVlGPQXB7kIxTuk/Sdfxi8A== X-Google-Smtp-Source: AGHT+IFxOf3i96g0xPapBVcJXgiI8BHytsexOAtzC5PKfbHmCahzlkM9eVTErZVPydMKLI5aGbWp X-Received: by 2002:a05:620a:6017:b0:787:870b:3021 with SMTP id dw23-20020a05620a601700b00787870b3021mr3163270qkb.25.1708551342005; Wed, 21 Feb 2024 13:35:42 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708551341; cv=pass; d=google.com; s=arc-20160816; b=09VEU+4wX2DFtimJAeaBpiqSgse/7ibLv4VI/TaMHI9bxFP/MVj5qz9KH1u4TuPZ9b ezIOD9wPUVQWktqh6cearkCraArs+1Xjl3BSE68rEh7AOSRDx4/+/HbCEzCZjGLVlOf1 lUY7vsZQFxbnvtMDDaLpMjzN2E/0fXfEW1t6Y/dMXSTJaS1KbCWIZV2DNBFmhopAYxD8 Dj9WbXE4a9v0EJShspvJOrhr3uyhga0hrlzuYplGSRf4Fw1UWJxLx0o65zTce82NR8j+ XJdntMhAu0/ekhW4mF5eRhJs4GYnEw+nAOgwRbPiO/KrfJwYpPAgs4QKgHNnV3wb+WWr swgw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :subject:date:from:dkim-signature; bh=vT20FG5qkoljHEjViefMfMshytU341fBS5cHeJf+P8A=; fh=hxP78V52DM11AQyZLnuoXzboSedtf373GjK953393po=; b=aYcXSYkiuk6z3GrK7rvkQss7lzkYs+zclYolyYf9QsRv0vO31qrDv8bCyhRX8sp6nm LStAvuRIlbmAIaYs3qzismpaHgiLPLqhR/DgNqXWOk8hA6RBg4J3vh1XDRF04H7l8SFn 1HEiYr+s41iRtwYcuB0R2zx2U24Ve9HLfqU73bwAmEzAL22sIccJIwIhOLkix9XB11C5 OWtY+uhnjNoBDgmGocOEQTTpDMnDT36WVMyxvxXMt7jRo25zHDQYyDckkxwvf3PpRlx4 /8pVzqf1jhEMIkqNTnaX2oLEirjtr4A+zi3FobMc9T3WuOLVcdB+Zw4pwqf73NgCkDC5 fWAQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=P7RtPOwF; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-75543-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-75543-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id f18-20020a05620a15b200b00785955d82cfsi11456693qkk.343.2024.02.21.13.35.41 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 21 Feb 2024 13:35:41 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-75543-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=P7RtPOwF; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-75543-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-75543-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 91B751C23420 for ; Wed, 21 Feb 2024 21:35:30 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 9B4F3158D9C; Wed, 21 Feb 2024 21:25:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="P7RtPOwF" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0D3AD12BF0F; Wed, 21 Feb 2024 21:25:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708550707; cv=none; b=pdajl6wYkBzPyiMzyffaAdo2a2g4HoGH4SggB5dArf1PsR5hnZvRwNkMLBMYOV55ZMMSx4C+q3X2qMRMxcT6Ww/32YCpZczYGKDIhjXYl7evJb2IWhlgnaSUuorSzEjvBGlXO2MN2LNTBMk1orMmf7B2gCf48hYsx9qLueksybk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708550707; c=relaxed/simple; bh=yjTkC6GQSOdkd/yofwHxTRqqG6BMoKBOmSs9mRH3lD0=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=XTpGiLNixfm/+/KN9pL+Qc6kLBPkX7Ro9C22ZGcFlN+FuPBr2G6xm7SNzTlu6l6t7BalBmU4Je9ZVnEezJR8QUUyjyKDQdNqAFeOPC8H2V7pDjZOT9zDaYaUP45YrGEkT6lwdm04uHT/W246SLhO/VGgq3PqKyuBOAPWfM8h3LU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=P7RtPOwF; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPS id DF4CFC32794; Wed, 21 Feb 2024 21:25:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1708550706; bh=yjTkC6GQSOdkd/yofwHxTRqqG6BMoKBOmSs9mRH3lD0=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=P7RtPOwFXQfE4KiawGw7UD+AwPubpqVY0iIJcNPerSUBJL36yOifCmQi+HqGF16Cp A8ZpZ/BFTcBqXIpcRIh7IFE+n9k72v3i2I00Un+TNBvYxin8X7EwdZJogNd0QQqMed WOMMpToeKNHRSt6dAAHWUWllAjzc9dEGVP2P3TzYw+HIps3qPMPCs7VJ6MQ+Fb3Moi OBtqAV/6HFxUjipd3IewCctX792BSLaICcJijN/K3cYuNOSR8rJekeaofXqNh+qrJI B6f8RWwZX+YIXmYzLi0QFAkgzTE44Wji71wP7ulDPF6PXLzGKTTrJkLnWJlQSLwaTn au2a08gbKlnPQ== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C9FD7C5478C; Wed, 21 Feb 2024 21:25:06 +0000 (UTC) From: "Seth Forshee (DigitalOcean)" Date: Wed, 21 Feb 2024 15:24:47 -0600 Subject: [PATCH v2 16/25] fs: add inode operations to get/set/remove fscaps Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20240221-idmap-fscap-refactor-v2-16-3039364623bd@kernel.org> References: <20240221-idmap-fscap-refactor-v2-0-3039364623bd@kernel.org> In-Reply-To: <20240221-idmap-fscap-refactor-v2-0-3039364623bd@kernel.org> To: Christian Brauner , Seth Forshee , Serge Hallyn , Paul Moore , Eric Paris , James Morris , Alexander Viro , Jan Kara , Stephen Smalley , Ondrej Mosnacek , Casey Schaufler , Mimi Zohar , Roberto Sassu , Dmitry Kasatkin , Eric Snowberg , "Matthew Wilcox (Oracle)" , Jonathan Corbet , Miklos Szeredi , Amir Goldstein Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, audit@vger.kernel.org, selinux@vger.kernel.org, linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org, linux-unionfs@vger.kernel.org X-Mailer: b4 0.12.4 X-Developer-Signature: v=1; a=openpgp-sha256; l=3842; i=sforshee@kernel.org; h=from:subject:message-id; bh=yjTkC6GQSOdkd/yofwHxTRqqG6BMoKBOmSs9mRH3lD0=; =?utf-8?q?b=3DowEBbQGS/pANAwAKAVMDma7l9DHJAcsmYgBl1momcOrJrmhhvfSlvseUc5Zkz?= =?utf-8?q?jX47oXe/xbCoMiA_8Fhev46JATMEAAEKAB0WIQSQnt+rKAvnETy4Hc9TA5mu5fQxy?= =?utf-8?q?QUCZdZqJgAKCRBTA5mu5fQxyTg8B/_4pdFVXDzplj+s5uQiNwRqie7BpHWe3tIOvD?= =?utf-8?q?iVGDv576tfzBZUMOtKIm4/hiistj+rni3+bxxxwy1bZ_h2v2QzDZVJACen4oBtiHh?= =?utf-8?q?n0ushKMMxAvjSU7gdjX2S93lwm7Zohpkq/zf/lVpj4tqQyk0Y8m+qcThW_YSWAFw6?= =?utf-8?q?66PemdoaOc3QKfeORxCuCimtGEScFebmaQXGK/fwUz6wQxVfIG+BzsMs4ZMK32RRt?= =?utf-8?q?T8y+cI_uKeQCrUVe1DzsTGff5EIdRfwgo5m+3LEV/8lmR4ZceA2pKeEJfJ0OuFbvh?= =?utf-8?q?f3JV0P3lbi/mcCDdcZdT?= SZkQ1U89qyGJRlXpcGom2dKvclDCVV X-Developer-Key: i=sforshee@kernel.org; a=openpgp; fpr=2ABCA7498D83E1D32D51D3B5AB4800A62DB9F73A X-Endpoint-Received: by B4 Relay for sforshee@kernel.org/default with auth_id=103 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1791545931887028674 X-GMAIL-MSGID: 1791545931887028674 Add inode operations for getting, setting and removing filesystem capabilities rather than passing around raw xattr data. This provides better type safety for ids contained within xattrs. Signed-off-by: Seth Forshee (DigitalOcean) Reviewed-by: Christian Brauner --- Documentation/filesystems/locking.rst | 4 ++++ Documentation/filesystems/vfs.rst | 17 +++++++++++++++++ include/linux/fs.h | 4 ++++ 3 files changed, 25 insertions(+) diff --git a/Documentation/filesystems/locking.rst b/Documentation/filesystems/locking.rst index d5bf4b6b7509..d208dd9f75ae 100644 --- a/Documentation/filesystems/locking.rst +++ b/Documentation/filesystems/locking.rst @@ -81,6 +81,8 @@ prototypes:: umode_t create_mode); int (*tmpfile) (struct mnt_idmap *, struct inode *, struct file *, umode_t); + int (*get_fscaps)(struct mnt_idmap *, struct dentry *, struct vfs_caps *); + int (*set_fscaps)(struct mnt_idmap *, struct dentry *, const struct vfs_caps *, int setxattr_flags); int (*fileattr_set)(struct mnt_idmap *idmap, struct dentry *dentry, struct fileattr *fa); int (*fileattr_get)(struct dentry *dentry, struct fileattr *fa); @@ -114,6 +116,8 @@ fiemap: no update_time: no atomic_open: shared (exclusive if O_CREAT is set in open flags) tmpfile: no +get_fscaps: no +set_fscaps: exclusive fileattr_get: no or exclusive fileattr_set: exclusive get_offset_ctx no diff --git a/Documentation/filesystems/vfs.rst b/Documentation/filesystems/vfs.rst index eebcc0f9e2bc..ed1cb03f271e 100644 --- a/Documentation/filesystems/vfs.rst +++ b/Documentation/filesystems/vfs.rst @@ -514,6 +514,8 @@ As of kernel 2.6.22, the following members are defined: int (*tmpfile) (struct mnt_idmap *, struct inode *, struct file *, umode_t); struct posix_acl * (*get_acl)(struct mnt_idmap *, struct dentry *, int); int (*set_acl)(struct mnt_idmap *, struct dentry *, struct posix_acl *, int); + int (*get_fscaps)(struct mnt_idmap *, struct dentry *, struct vfs_caps *); + int (*set_fscaps)(struct mnt_idmap *, struct dentry *, const struct vfs_caps *, int setxattr_flags); int (*fileattr_set)(struct mnt_idmap *idmap, struct dentry *dentry, struct fileattr *fa); int (*fileattr_get)(struct dentry *dentry, struct fileattr *fa); @@ -667,6 +669,21 @@ otherwise noted. open; this can be done by calling finish_open_simple() right at the end. +``get_fscaps`` + + called to get filesystem capabilites of an inode. If unset, + xattr handlers will be used to get the raw xattr data. Most + filesystems can rely on the generic handler. + +``set_fscaps`` + + called to set filesystem capabilites of an inode. If unset, + xattr handlers will be used to set the raw xattr data. Most + filesystems can rely on the generic handler. + + If the new fscaps value is NULL the filesystem must remove any + fscaps from the inode. + ``fileattr_get`` called on ioctl(FS_IOC_GETFLAGS) and ioctl(FS_IOC_FSGETXATTR) to retrieve miscellaneous file flags and attributes. Also called diff --git a/include/linux/fs.h b/include/linux/fs.h index ed5966a70495..89163e0f7aad 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -2067,6 +2067,10 @@ struct inode_operations { int); int (*set_acl)(struct mnt_idmap *, struct dentry *, struct posix_acl *, int); + int (*get_fscaps)(struct mnt_idmap *, struct dentry *, + struct vfs_caps *); + int (*set_fscaps)(struct mnt_idmap *, struct dentry *, + const struct vfs_caps *, int setxattr_flags); int (*fileattr_set)(struct mnt_idmap *idmap, struct dentry *dentry, struct fileattr *fa); int (*fileattr_get)(struct dentry *dentry, struct fileattr *fa); From patchwork Wed Feb 21 21:24:48 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Seth Forshee (DigitalOcean)" X-Patchwork-Id: 204445 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:693c:2685:b0:108:e6aa:91d0 with SMTP id mn5csp1310648dyc; Wed, 21 Feb 2024 13:35:41 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCUrqIKbRCHD5OztRaODNN/DAMvStXZWeUc3Sf+2gqFoRikaPYgRisic84RllhialW+ULjZs45k+uZthOM5m8fO3HxqnoA== X-Google-Smtp-Source: AGHT+IH9e5YoeOcXSiDmxhgd8ekBrJ+gD31de/WDajWDpKsun4x9xjN9FpcGTFQkZg8fQ7M2qme5 X-Received: by 2002:a25:a81:0:b0:dcd:63f8:ba41 with SMTP id 123-20020a250a81000000b00dcd63f8ba41mr544729ybk.42.1708551341248; Wed, 21 Feb 2024 13:35:41 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708551341; cv=pass; d=google.com; s=arc-20160816; b=hWgr0FJmZS6fyVDCY7iBbWpKNp5SB7eTGH96qhx6ID9oCEOzV3kWASlDo8Czc1q+3l MDiWwZYi0xcR3wrJbT5ZEz/kXTSC9awRGD0ZnLpwcS2YA1UpIZXawtDL08I+mKGV+rYQ WG4G1o++pYn+RLgphT5vIhbdzr9IHMPsgjKaChumZFHvpo07YIaFYkukzQICZMlaoxqt 7uQbdY0rBTh8fbHqfsmsDzvA3bSOlOVyDkMI2TaMVJrWn89ivVF6C8LDcPo6cQr7/fhq M5ljA3dl+IHRu+W4CDQWZ0+iRxL75C/JPXdf/vBB+E9H9ZCRzy+UGCRlsnLhaTKsnO6/ ahxA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :subject:date:from:dkim-signature; bh=OAJJFRI+pz8JvSeN277Twefw694FYE3Al9GZiNfbE8E=; fh=hxP78V52DM11AQyZLnuoXzboSedtf373GjK953393po=; b=ye/WolrvWDGmyoX5dPnicVR/JqjIbo6joI0AjrBx9CzsCYrsx9SOV9ZMXKR0hZ4iFZ ZFU9PkrywYGFtnxcb9+8DVZ1se+jQHJC/geumX9Sozi0hXzEdaRHLG9L5rokv2AT+KHx OF/B6KuV+iTzT1J9rGn0bYDGWKKzA5ey2jVjhB9mSG0IXrAOpAWYQOYd7eHK4pUnJeDl hdDFEISkBMASCa/haKXLdZrXc2OpkUosdDyPbooB0x1M/7IgE3IbocR6fOiD+9WkkAUr 9ucGQFh42c25oQKiSPwumv+WfcNzmcPNnLltSoIjBMmZeOeRR/Twt4CondzEzRF8PYNm 8f5w==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=DvVoVQef; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-75544-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-75544-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id pi21-20020a05620a379500b0078725ff3ea0si11664053qkn.344.2024.02.21.13.35.41 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 21 Feb 2024 13:35:41 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-75544-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=DvVoVQef; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-75544-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-75544-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 2AE311C22A71 for ; Wed, 21 Feb 2024 21:35:26 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 8099C158D95; Wed, 21 Feb 2024 21:25:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="DvVoVQef" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 282F812D74B; Wed, 21 Feb 2024 21:25:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708550707; cv=none; b=p8SP/J9uTz7ZS2ZIDmXjYEOb3R9d38Ibf2WmNxkTE/bRM4ntO5SL8uDvdpospfqJAWIJwFIHFXrBBM/REuf3xOcvUkqROF4yvNBtSm9JRmdy96IhuYF6GYWAwEtmJxXO1DgZJFDQ61eonGRyjc3iEg4yVn8CE+7ntDe2e759vsA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708550707; c=relaxed/simple; bh=DaMtiOZBeQDVEion4ZN4zKQprvyExzuJ8doVlQBSc+c=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=RjSNYF8NpgIB/xDj6rEN5phSVtjRwUI1lgnDI8Z91JgtnFDStDoHrcfrYh7lNmMUdYWUqozlvq8aMp8N/g93ZEGp2jsFQo+LTyQ6xhRQM7cDdmZ33wDp3OmPu+7C9ioM9BkwY1JEvksImR36q93D1O5n3YEgPRMhyHwudT1hJgk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=DvVoVQef; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPS id EF0F6C3279A; Wed, 21 Feb 2024 21:25:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1708550707; bh=DaMtiOZBeQDVEion4ZN4zKQprvyExzuJ8doVlQBSc+c=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=DvVoVQefCHkO2csohbS3+DfA7v+LfDjn3ihNeo+F5RWTo/d+i+POCZfKnpVl/aq2+ EFlacb9HtfXWmP2h8D8rTfy8DhkMQ0l/b+lImzLz2lC7FDWdgCYnEjxIqIlVIViRJ6 EL2T3qf+BkYg0yboVvr8ooXGcvyAPGpgWHa3rPGYSxypgLadkoUgY0Pa2F10wqPip9 uAKFzt8IhkOFxlo7jHWzeydHasZEdd/inkcYudHEDGW8QI6pZK9FK6eO8unzGvpL9A 5YIAbQU/4f52rFo4iwf2/O4khZjPzsjNcxw2AdJwMLs2eRhEtG27fEWXe3Kc8bGHTA g43F4co1z154Q== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id DB15EC54793; Wed, 21 Feb 2024 21:25:06 +0000 (UTC) From: "Seth Forshee (DigitalOcean)" Date: Wed, 21 Feb 2024 15:24:48 -0600 Subject: [PATCH v2 17/25] fs: add vfs_get_fscaps() Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20240221-idmap-fscap-refactor-v2-17-3039364623bd@kernel.org> References: <20240221-idmap-fscap-refactor-v2-0-3039364623bd@kernel.org> In-Reply-To: <20240221-idmap-fscap-refactor-v2-0-3039364623bd@kernel.org> To: Christian Brauner , Seth Forshee , Serge Hallyn , Paul Moore , Eric Paris , James Morris , Alexander Viro , Jan Kara , Stephen Smalley , Ondrej Mosnacek , Casey Schaufler , Mimi Zohar , Roberto Sassu , Dmitry Kasatkin , Eric Snowberg , "Matthew Wilcox (Oracle)" , Jonathan Corbet , Miklos Szeredi , Amir Goldstein Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, audit@vger.kernel.org, selinux@vger.kernel.org, linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org, linux-unionfs@vger.kernel.org X-Mailer: b4 0.12.4 X-Developer-Signature: v=1; a=openpgp-sha256; l=3594; i=sforshee@kernel.org; h=from:subject:message-id; bh=DaMtiOZBeQDVEion4ZN4zKQprvyExzuJ8doVlQBSc+c=; =?utf-8?q?b=3DowEBbQGS/pANAwAKAVMDma7l9DHJAcsmYgBl1monpM9wsGSZSvppxhKtdjKe8?= =?utf-8?q?E/VR1Wssga6IW1B_2+E5+u6JATMEAAEKAB0WIQSQnt+rKAvnETy4Hc9TA5mu5fQxy?= =?utf-8?q?QUCZdZqJwAKCRBTA5mu5fQxyb00B/_9W4Ogzb7YrK4uooki+F6O5V/u8cnm14dQIt?= =?utf-8?q?C1D1/LcKAxqObtAO+ncDERx5iTwUlrSxVUYHuaHFboa_4Inr3IZy5FL7oDPg9k1hg?= =?utf-8?q?Nlxs/lpczEboUlQdrR0avbXapmFGjvnjVS6aC6M8QKTxhnoUliZVEwjyI_QwyQzL4?= =?utf-8?q?T+7xdZm5xpYnuqlhLTZe0Ir54jV5FO08fcbevSq0ccjxzGD6QUD9sn9Px3PbQrbCI?= =?utf-8?q?Ai8J/V_9BQ9D5Hmqt4o/K33RmONq0GUG2E/pgbLJynIiMrPtQsaMRx/J4gtt89H8G?= =?utf-8?q?j9HULnOCsoy8UvVzJw6r?= kKjfHaJw+PgLCgqMO8rXVQNmIrkzhG X-Developer-Key: i=sforshee@kernel.org; a=openpgp; fpr=2ABCA7498D83E1D32D51D3B5AB4800A62DB9F73A X-Endpoint-Received: by B4 Relay for sforshee@kernel.org/default with auth_id=103 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1791545931421648059 X-GMAIL-MSGID: 1791545931421648059 Provide a type-safe interface for retrieving filesystem capabilities and a generic implementation suitable for most filesystems. Also add an internal interface, vfs_get_fscaps_nosec(), which skips security checks for later use from the capability code. Signed-off-by: Seth Forshee (DigitalOcean) Reviewed-by: Christian Brauner --- fs/xattr.c | 64 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ include/linux/fs.h | 4 ++++ 2 files changed, 68 insertions(+) diff --git a/fs/xattr.c b/fs/xattr.c index 06290e4ebc03..10d1b1f78fc2 100644 --- a/fs/xattr.c +++ b/fs/xattr.c @@ -181,6 +181,70 @@ xattr_supports_user_prefix(struct inode *inode) } EXPORT_SYMBOL(xattr_supports_user_prefix); +static int generic_get_fscaps(struct mnt_idmap *idmap, struct dentry *dentry, + struct vfs_caps *caps) +{ + struct inode *inode = d_inode(dentry); + struct vfs_ns_cap_data nscaps; + int ret; + + ret = __vfs_getxattr(dentry, inode, XATTR_NAME_CAPS, &nscaps, sizeof(nscaps)); + + if (ret >= 0) + ret = vfs_caps_from_xattr(idmap, i_user_ns(inode), caps, &nscaps, ret); + + return ret; +} + +/** + * vfs_get_fscaps_nosec - get filesystem capabilities without security checks + * @idmap: idmap of the mount the inode was found from + * @dentry: the dentry from which to get filesystem capabilities + * @caps: storage in which to return the filesystem capabilities + * + * This function gets the filesystem capabilities for the dentry and returns + * them in @caps. It does not perform security checks. + * + * Return: 0 on success, a negative errno on error. + */ +int vfs_get_fscaps_nosec(struct mnt_idmap *idmap, struct dentry *dentry, + struct vfs_caps *caps) +{ + struct inode *inode = d_inode(dentry); + + if (inode->i_op->get_fscaps) + return inode->i_op->get_fscaps(idmap, dentry, caps); + return generic_get_fscaps(idmap, dentry, caps); +} + +/** + * vfs_get_fscaps - get filesystem capabilities + * @idmap: idmap of the mount the inode was found from + * @dentry: the dentry from which to get filesystem capabilities + * @caps: storage in which to return the filesystem capabilities + * + * This function gets the filesystem capabilities for the dentry and returns + * them in @caps. + * + * Return: 0 on success, a negative errno on error. + */ +int vfs_get_fscaps(struct mnt_idmap *idmap, struct dentry *dentry, + struct vfs_caps *caps) +{ + int error; + + /* + * The VFS has no restrictions on reading security.* xattrs, so + * xattr_permission() isn't needed. Only LSMs get a say. + */ + error = security_inode_get_fscaps(idmap, dentry); + if (error) + return error; + + return vfs_get_fscaps_nosec(idmap, dentry, caps); +} +EXPORT_SYMBOL(vfs_get_fscaps); + int __vfs_setxattr(struct mnt_idmap *idmap, struct dentry *dentry, struct inode *inode, const char *name, const void *value, diff --git a/include/linux/fs.h b/include/linux/fs.h index 89163e0f7aad..d7cd2467e1ea 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -2116,6 +2116,10 @@ extern int vfs_dedupe_file_range(struct file *file, extern loff_t vfs_dedupe_file_range_one(struct file *src_file, loff_t src_pos, struct file *dst_file, loff_t dst_pos, loff_t len, unsigned int remap_flags); +extern int vfs_get_fscaps_nosec(struct mnt_idmap *idmap, struct dentry *dentry, + struct vfs_caps *caps); +extern int vfs_get_fscaps(struct mnt_idmap *idmap, struct dentry *dentry, + struct vfs_caps *caps); /** * enum freeze_holder - holder of the freeze From patchwork Wed Feb 21 21:24:49 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Seth Forshee (DigitalOcean)" X-Patchwork-Id: 204452 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:693c:2685:b0:108:e6aa:91d0 with SMTP id mn5csp1312391dyc; Wed, 21 Feb 2024 13:40:07 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCXDTFV1UAnc3IYrh8HmUg0Zi5Pk6s5Z+JLI9y0LXVrfvi5YBdc9P4HYrubsAOHHktWXC9m458LnNYf+aGjT+EFV43Hc/w== X-Google-Smtp-Source: AGHT+IGKjvSke1KJjEd6YycgQXCwKySG6OclOB9f82qOfEG39RjF5iz7XIY4oAXMM/TQg2vbfvCR X-Received: by 2002:a17:903:2286:b0:1dc:1391:e074 with SMTP id b6-20020a170903228600b001dc1391e074mr7187018plh.49.1708551607436; Wed, 21 Feb 2024 13:40:07 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708551607; cv=pass; d=google.com; s=arc-20160816; b=LHRZdd3WXhrUUY0k/AYdIPSKP1cQm+/216coN3Wxt495MQQWV4bG7mrznV18DUvbzQ 5FdkDRCg6m7E8fmhCgVXVo17A7BbUt7CNe1egNxCYZtFWRqkqaoUYNr3BTHckzzgsYqA 9nVeHqOWCszPwllzGX4puCO1XUT+Xd3Qtt2BFinlVd1DpA25tAt3QU4NneHrkt1TZtty mHCIKXPdNaK1OiMLEsSeUEXgmyXp7DrbdkRmVpLPn/bIsTKDAN/yumRZNgsmC5l0YICn vdAxV84W2XLdaO/ZMCMAXNsjzxg+yqQ8+L5zzlVgp3tBRb0YZdA75/GbveJ9VzrDdxiB 07tg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :subject:date:from:dkim-signature; bh=viuq4FsIeeOz5pvTN3USVnjOi1twG1n0skama7FMFuI=; fh=hxP78V52DM11AQyZLnuoXzboSedtf373GjK953393po=; b=QfWlchuRHMUJ6gRBxwwvFEK4lHnEi8LebTAT/ATNvc4Ju5SBNzmbNV0dgyOHE/TjqJ qW3dFHZO8uTD/urjYdPZhZ/0AV2/fFY0SweFS9P7xQbJaJEJ/8LcQlqYcGtQKO3Daevn 5iKLCiLuKRmxVtHqCkT329rsbKvvDTlSJaEtZ1iw3K8ZeySaIOvlbrwA0XFZWRajj1EE ivfiMTkkw8npVohZSHof+1lCJD6w+40ra23Qbq6C/O5vdgwE408n/tgdIwRDsSVuCGQM OFZ55MHkIkBYIUvaLwz/mV9/6tnmlAtX+2iy+P7zQuTHZzLDHluWSFJvzQowmELYqOdb fhUw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=AK2yECFZ; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-75537-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-75537-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id j14-20020a170903024e00b001db5079b6fesi9167188plh.99.2024.02.21.13.40.07 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 21 Feb 2024 13:40:07 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-75537-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=AK2yECFZ; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-75537-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-75537-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id DF7A12893CC for ; Wed, 21 Feb 2024 21:34:56 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id D27B0158D64; Wed, 21 Feb 2024 21:25:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="AK2yECFZ" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3628B12D76A; Wed, 21 Feb 2024 21:25:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708550707; cv=none; b=fYBu4JDuTHzs7IVZa9hmYI/sybpJSLPG1hgkWgsUB1dw/XqqR4YiNDlIyhdrpG7Ndz61wEY/Y0AIdl+ZaOvoefkGOt2CZqtzRVqgCYxYwGKeYHDwDBjSS6k2dtJJKcGP4Q4b+R6pLZD/KVfQVqjbLkQLZ9oQ9a3lG/eNQnQS41w= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708550707; c=relaxed/simple; bh=+wh5MLx6qw22a4Y5hCQZNo83AwcQ+EWK6GdCRZ0V+nQ=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=KRIZAaYoNEo2S9kCPhZWLMj0yXE75go2vwP28dMuNv+ElH4/9QI5x34+I7AqRDSHrJykGpLhDCJvslEOja4Kwtq8OGfCyVGSwS3fY3UuU13w72ArLrvPTMi6KlNaisGmaKYiyTJBhFzXC77EbFOMJJkFn+uUCDLyNoYonszVDp4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=AK2yECFZ; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPS id 0B327C341C0; Wed, 21 Feb 2024 21:25:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1708550707; bh=+wh5MLx6qw22a4Y5hCQZNo83AwcQ+EWK6GdCRZ0V+nQ=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=AK2yECFZ23ei6Bxl7F8aU4RQFm0YNyCmD5DcPDYqym9xF7gaxYzUJ2X5OzxtyZ0Hw jPUD9OW85WtWmTmE6K2tld1wGbO2HH6O5MD688xPMXAjBVi4ya8mKxsVHOo779FDGV lRw2fvbhrPwugd44qEaOW8vEtMXx58eIHpkKUSZOaTRPoc58KcCScAZVwfupFGcWlX nkizFJHHKDqDwA4QMrPvtj0C1d55a4KCB/ohfrVyv7j5lzaDxLUoDXeFAtXCNDtgeN Nq7ynBMpMFENnCjJi7IdAuahdWZMWMT2NqQLBvoemxpz+mdl2HFCa007AGoS6/7zSY ziChLdNXv1sOQ== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id ECE24C54791; Wed, 21 Feb 2024 21:25:06 +0000 (UTC) From: "Seth Forshee (DigitalOcean)" Date: Wed, 21 Feb 2024 15:24:49 -0600 Subject: [PATCH v2 18/25] fs: add vfs_set_fscaps() Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20240221-idmap-fscap-refactor-v2-18-3039364623bd@kernel.org> References: <20240221-idmap-fscap-refactor-v2-0-3039364623bd@kernel.org> In-Reply-To: <20240221-idmap-fscap-refactor-v2-0-3039364623bd@kernel.org> To: Christian Brauner , Seth Forshee , Serge Hallyn , Paul Moore , Eric Paris , James Morris , Alexander Viro , Jan Kara , Stephen Smalley , Ondrej Mosnacek , Casey Schaufler , Mimi Zohar , Roberto Sassu , Dmitry Kasatkin , Eric Snowberg , "Matthew Wilcox (Oracle)" , Jonathan Corbet , Miklos Szeredi , Amir Goldstein Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, audit@vger.kernel.org, selinux@vger.kernel.org, linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org, linux-unionfs@vger.kernel.org X-Mailer: b4 0.12.4 X-Developer-Signature: v=1; a=openpgp-sha256; l=3582; i=sforshee@kernel.org; h=from:subject:message-id; bh=+wh5MLx6qw22a4Y5hCQZNo83AwcQ+EWK6GdCRZ0V+nQ=; =?utf-8?q?b=3DowEBbQGS/pANAwAKAVMDma7l9DHJAcsmYgBl1mooRK6GQBMSPSNeq9TIC5Eyp?= =?utf-8?q?s87cR1e+jRyO5IO_L9tbqdiJATMEAAEKAB0WIQSQnt+rKAvnETy4Hc9TA5mu5fQxy?= =?utf-8?q?QUCZdZqKAAKCRBTA5mu5fQxybD1B/_9c/EK+CWeOAxlDfTdwJDnyY4A/3nNMB6EGt?= =?utf-8?q?r5LZ4F2yneQa64m4QIo+ZrLzxwRuKvGPtIkZCsgv3Wb_6VqtJ33/oxBPXedXR/8tZ?= =?utf-8?q?F8LC3tHmVHZfMcJiWkgNH1vM/2hjC3leSEQ3Srb60sYUy2gPEfXPlhWpe_h/pci4h?= =?utf-8?q?nVsUsdxdKrZxVZVwxFBuorxCAFi/1o0mLPD9pAPePer6DS5+YEVd3E+OgW7bBhAyD?= =?utf-8?q?biQacI_Rs7+v+o8JqU+YEueRgm1Wmn00s+iF4/Rr+LY78hTjMrqWSXqxGiaZhctJh?= =?utf-8?q?fft1eTDgbM1jEEsoYH6B?= N1daNdaH5CVnSWpjKxBb1/q+bBht8s X-Developer-Key: i=sforshee@kernel.org; a=openpgp; fpr=2ABCA7498D83E1D32D51D3B5AB4800A62DB9F73A X-Endpoint-Received: by B4 Relay for sforshee@kernel.org/default with auth_id=103 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1791546210555534412 X-GMAIL-MSGID: 1791546210555534412 Provide a type-safe interface for setting filesystem capabilities and a generic implementation suitable for most filesystems. Signed-off-by: Seth Forshee (DigitalOcean) --- fs/xattr.c | 79 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ include/linux/fs.h | 2 ++ 2 files changed, 81 insertions(+) diff --git a/fs/xattr.c b/fs/xattr.c index 10d1b1f78fc2..96de43928a51 100644 --- a/fs/xattr.c +++ b/fs/xattr.c @@ -245,6 +245,85 @@ int vfs_get_fscaps(struct mnt_idmap *idmap, struct dentry *dentry, } EXPORT_SYMBOL(vfs_get_fscaps); +static int generic_set_fscaps(struct mnt_idmap *idmap, struct dentry *dentry, + const struct vfs_caps *caps, int setxattr_flags) +{ + struct inode *inode = d_inode(dentry); + struct vfs_ns_cap_data nscaps; + int size; + + size = vfs_caps_to_xattr(idmap, i_user_ns(inode), caps, + &nscaps, sizeof(nscaps)); + if (size < 0) + return size; + + return __vfs_setxattr_noperm(idmap, dentry, XATTR_NAME_CAPS, + &nscaps, size, setxattr_flags); +} + +/** + * vfs_set_fscaps - set filesystem capabilities + * @idmap: idmap of the mount the inode was found from + * @dentry: the dentry on which to set filesystem capabilities + * @caps: the filesystem capabilities to be written + * @setxattr_flags: setxattr flags to use when writing the capabilities xattr + * + * This function writes the supplied filesystem capabilities to the dentry. + * + * Return: 0 on success, a negative errno on error. + */ +int vfs_set_fscaps(struct mnt_idmap *idmap, struct dentry *dentry, + const struct vfs_caps *caps, int setxattr_flags) +{ + struct inode *inode = d_inode(dentry); + struct inode *delegated_inode = NULL; + int error; + +retry_deleg: + inode_lock(inode); + + error = xattr_permission(idmap, inode, XATTR_NAME_CAPS, MAY_WRITE); + if (error) + goto out_inode_unlock; + error = security_inode_set_fscaps(idmap, dentry, caps, setxattr_flags); + if (error) + goto out_inode_unlock; + + error = try_break_deleg(inode, &delegated_inode); + if (error) + goto out_inode_unlock; + + if (inode->i_opflags & IOP_XATTR) { + if (inode->i_op->set_fscaps) + error = inode->i_op->set_fscaps(idmap, dentry, caps, + setxattr_flags); + else + error = generic_set_fscaps(idmap, dentry, caps, + setxattr_flags); + if (!error) { + fsnotify_xattr(dentry); + security_inode_post_set_fscaps(idmap, dentry, caps, + setxattr_flags); + } + } else if (unlikely(is_bad_inode(inode))) { + error = -EIO; + } else { + error = -EOPNOTSUPP; + } + +out_inode_unlock: + inode_unlock(inode); + + if (delegated_inode) { + error = break_deleg_wait(&delegated_inode); + if (!error) + goto retry_deleg; + } + + return error; +} +EXPORT_SYMBOL(vfs_set_fscaps); + int __vfs_setxattr(struct mnt_idmap *idmap, struct dentry *dentry, struct inode *inode, const char *name, const void *value, diff --git a/include/linux/fs.h b/include/linux/fs.h index d7cd2467e1ea..4f5d7ed44644 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -2120,6 +2120,8 @@ extern int vfs_get_fscaps_nosec(struct mnt_idmap *idmap, struct dentry *dentry, struct vfs_caps *caps); extern int vfs_get_fscaps(struct mnt_idmap *idmap, struct dentry *dentry, struct vfs_caps *caps); +extern int vfs_set_fscaps(struct mnt_idmap *idmap, struct dentry *dentry, + const struct vfs_caps *caps, int setxattr_flags); /** * enum freeze_holder - holder of the freeze From patchwork Wed Feb 21 21:24:50 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Seth Forshee (DigitalOcean)" X-Patchwork-Id: 204456 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:693c:2685:b0:108:e6aa:91d0 with SMTP id mn5csp1312944dyc; Wed, 21 Feb 2024 13:41:32 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCUV1qnlbBKClGe0FTfT12/0/C/hEnRaJoqV8fKZdAs7dijlQlGdYWy2vqaVsV0SCy9+vd8A9oPteadABqvTJOprDVWK0A== X-Google-Smtp-Source: AGHT+IEt17Ta2WNbHPiBaqgtNoSz6/hF9OLoIPR65C96waEh6GwNog98wM4qk5O9p/oC1ULRiANA X-Received: by 2002:a17:906:f206:b0:a3e:39f7:52b4 with SMTP id gt6-20020a170906f20600b00a3e39f752b4mr8505881ejb.49.1708551692779; Wed, 21 Feb 2024 13:41:32 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708551692; cv=pass; d=google.com; s=arc-20160816; b=f66ddgUKVugfAk0fJiTE3TYqmycjYiKN+kaul7q+2vemJy0QjJYkiIeZwbCqJ8evYG pHvrxsgb/7kn28zWCtDdybSMceQcdiXkxwOxmhBmDIXaBchr0kCODdL1HjykTW1HUB1p TiBaTnPnCU5i4CLkkFxCkacY7Y3+KBIb2WyHCyvcQ+91EDsJsKz7caI4H4ETv89bezI6 t9YP3/SgZaI/oiLZ1t6eKGpDAs82f4+1JH9mUzFPuaanEOChSqjFpHPYrscCANJnOIq2 0SuyLydJzdrQA369a2OCsRfjFTuqXzNpjLh0piW4Ja2tpKJurGIH29lQRxqLb7srwi/3 JKtQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :subject:date:from:dkim-signature; bh=A32YboJSUppo/dFMRinxJFwkS03uxZsWlS2FwCmRjwM=; fh=hxP78V52DM11AQyZLnuoXzboSedtf373GjK953393po=; b=SRbAR+ZTw/otn/hZOBG0MtKCwwFNZy3etrrmhOj7gBmVeLdN2kgEg6D9mvgUl2TkKQ puidjsXSgvhrd46UMogfv/F91vrR6uR4FJ679QJdlJxpY5jp2mFizTqy2yUIftKOe5TQ 6TjKai71LsQDCpL1nUBWbQR2vH24mqv5eCqddaxx/6O8QwM7J1jFBSX8uIDPHF8crtKt lKEAwkafRd0sRogp8G8mmxpg4OjnZs4lWJf70SOCIfjmbYD8iDswR9gLiBk7eBltW/p3 28rVKCJ0vrxI6HpSDnR3srGc2v64F7TpP2iHOkBjWRL42MdmmAm9Fa6dgP278GdulYLN yEVA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=fyOX9ubk; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-75538-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-75538-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id e25-20020a170906081900b00a3e4f31f890si3952235ejd.696.2024.02.21.13.41.32 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 21 Feb 2024 13:41:32 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-75538-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=fyOX9ubk; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-75538-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-75538-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id DCC631F25386 for ; Wed, 21 Feb 2024 21:35:12 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 32831158D7D; Wed, 21 Feb 2024 21:25:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="fyOX9ubk" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4256612D76C; Wed, 21 Feb 2024 21:25:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708550707; cv=none; b=B/CsYQYNHbSOJiInIRVP223U1MWPXzeclsZpg+n9bDkFeCKPW/odObBMo1dyIM5ei6QTPJTrCKoEDHa7u7MxdyPWz0Vy9E28LCgQaHrsza1LRW8HntHnyw7Sz/+wpZeQx1FKXQ8nod9fIxl4x8Ezwkj2AZkr3O6SLwHlkY+UsJ8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708550707; c=relaxed/simple; bh=a3ugvMhATksPxV+a7Wcb3fojtkXnejQOJKEmfG2Au6A=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=fVZbFFSKr9s7lQxC0+6OGi+CmzxMkIp8ql6XcMui2hcGRToosIR+EsDA10Yg0U00waGtVw8hfzGwKO4a6Fg1mXaR4RI9f6FPv4/nzKC1OoqeKYWv1AH1Vr4N2M82k/ZKr7JgjULAryw8/fcDqsG3OuRzo/svc9VFUv9/puQJ8/E= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=fyOX9ubk; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPS id 1873CC43141; Wed, 21 Feb 2024 21:25:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1708550707; bh=a3ugvMhATksPxV+a7Wcb3fojtkXnejQOJKEmfG2Au6A=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=fyOX9ubkNP7PgYk94oDhtYGquf+vSSCFPMucQ0Dq2rCZQXUB/iZqjXl8cMzOrCk81 80q9tpt7qDd2z033II1TkZorVEAtmK0acy7UCkqNZjpwQo5rZOvnLyQRhHwCSFky1v 1jFcJfZggb8rW0E+8V/yJk/JwS3iFdRQaCXJ6iiVKM7PfETwcKRcQyTcumymYdfA9w oLL4R5CZ9n0TaZTpjw22Tf0CGQBQK69IAh6Zaa681oK6Uh5Dn7qu8EzdsqcH1dFUKE gAT9G4DKCvPMTrv2Id/QAPjwz/fbRyzcOPsTzafuZ+DQKzK7P9rdfqZ76hK4MxMJAe KtZ7d8bEGLS1w== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0511CC48BEB; Wed, 21 Feb 2024 21:25:07 +0000 (UTC) From: "Seth Forshee (DigitalOcean)" Date: Wed, 21 Feb 2024 15:24:50 -0600 Subject: [PATCH v2 19/25] fs: add vfs_remove_fscaps() Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20240221-idmap-fscap-refactor-v2-19-3039364623bd@kernel.org> References: <20240221-idmap-fscap-refactor-v2-0-3039364623bd@kernel.org> In-Reply-To: <20240221-idmap-fscap-refactor-v2-0-3039364623bd@kernel.org> To: Christian Brauner , Seth Forshee , Serge Hallyn , Paul Moore , Eric Paris , James Morris , Alexander Viro , Jan Kara , Stephen Smalley , Ondrej Mosnacek , Casey Schaufler , Mimi Zohar , Roberto Sassu , Dmitry Kasatkin , Eric Snowberg , "Matthew Wilcox (Oracle)" , Jonathan Corbet , Miklos Szeredi , Amir Goldstein Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, audit@vger.kernel.org, selinux@vger.kernel.org, linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org, linux-unionfs@vger.kernel.org X-Mailer: b4 0.12.4 X-Developer-Signature: v=1; a=openpgp-sha256; l=3779; i=sforshee@kernel.org; h=from:subject:message-id; bh=a3ugvMhATksPxV+a7Wcb3fojtkXnejQOJKEmfG2Au6A=; =?utf-8?q?b=3DowEBbQGS/pANAwAKAVMDma7l9DHJAcsmYgBl1mopgDVenhi3VLPaPvFwxM95t?= =?utf-8?q?qNAaxCLXvBKa+2y_76GFlFmJATMEAAEKAB0WIQSQnt+rKAvnETy4Hc9TA5mu5fQxy?= =?utf-8?q?QUCZdZqKQAKCRBTA5mu5fQxyQftB/_0eV/oZCodcvmT2NzrSTKkvLIWCpVU5YGKGF?= =?utf-8?q?ugW3HG3lJRUuGtO+t+A3RwZKzOSWbtk1CkbGAetJWXa_aqqprqjsUstKaAApbpfZo?= =?utf-8?q?Z+eK6TN/rCUWHcGfXJrwsSbxogu7GRc2n0qYaSlu+qA3xEzF8z6c/Ddpr_k/Dc7FV?= =?utf-8?q?T0eukTELGcPFhqthrQZQwUPUa27SB4BCSgNW5nS3MQFGNmL3komWpIDaUw1t7zzje?= =?utf-8?q?PB3Q8p_Sd6mViD54RmlcUD/RuxaNacNOjFHyQ0gXUwF/iAQuoi0uwi4vkFeECAIEt?= =?utf-8?q?6niPSkeZ/0OqmUxINUBZ?= jM1eqVetaMefnRdsKXRtEreKVXPamw X-Developer-Key: i=sforshee@kernel.org; a=openpgp; fpr=2ABCA7498D83E1D32D51D3B5AB4800A62DB9F73A X-Endpoint-Received: by B4 Relay for sforshee@kernel.org/default with auth_id=103 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1791546299315350774 X-GMAIL-MSGID: 1791546299315350774 Provide a type-safe interface for removing filesystem capabilities and a generic implementation suitable for most filesystems. Also add an internal interface, vfs_remove_fscaps_nosec(), which is called with the inode lock held and skips security checks for later use from the capability code. Signed-off-by: Seth Forshee (DigitalOcean) --- fs/xattr.c | 81 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ include/linux/fs.h | 2 ++ 2 files changed, 83 insertions(+) diff --git a/fs/xattr.c b/fs/xattr.c index 96de43928a51..8b0f7384cbc9 100644 --- a/fs/xattr.c +++ b/fs/xattr.c @@ -324,6 +324,87 @@ int vfs_set_fscaps(struct mnt_idmap *idmap, struct dentry *dentry, } EXPORT_SYMBOL(vfs_set_fscaps); +static int generic_remove_fscaps(struct mnt_idmap *idmap, struct dentry *dentry) +{ + return __vfs_removexattr(idmap, dentry, XATTR_NAME_CAPS); +} + +/** + * vfs_remove_fscaps_nosec - remove filesystem capabilities without + * security checks + * @idmap: idmap of the mount the inode was found from + * @dentry: the dentry from which to remove filesystem capabilities + * + * This function removes any filesystem capabilities from the specified + * dentry. Does not perform any security checks, and callers must hold the + * inode lock. + * + * Return: 0 on success, a negative errno on error. + */ +int vfs_remove_fscaps_nosec(struct mnt_idmap *idmap, struct dentry *dentry) +{ + struct inode *inode = dentry->d_inode; + int error; + + if (inode->i_op->set_fscaps) + error = inode->i_op->set_fscaps(idmap, dentry, NULL, + XATTR_REPLACE); + else + error = generic_remove_fscaps(idmap, dentry); + + return error; +} + +/** + * vfs_remove_fscaps - remove filesystem capabilities + * @idmap: idmap of the mount the inode was found from + * @dentry: the dentry from which to remove filesystem capabilities + * + * This function removes any filesystem capabilities from the specified + * dentry. + * + * Return: 0 on success, a negative errno on error. + */ +int vfs_remove_fscaps(struct mnt_idmap *idmap, struct dentry *dentry) +{ + struct inode *inode = dentry->d_inode; + struct inode *delegated_inode = NULL; + int error; + +retry_deleg: + inode_lock(inode); + + error = xattr_permission(idmap, inode, XATTR_NAME_CAPS, MAY_WRITE); + if (error) + goto out_inode_unlock; + + error = security_inode_remove_fscaps(idmap, dentry); + if (error) + goto out_inode_unlock; + + error = try_break_deleg(inode, &delegated_inode); + if (error) + goto out_inode_unlock; + + error = vfs_remove_fscaps_nosec(idmap, dentry); + if (!error) { + fsnotify_xattr(dentry); + evm_inode_post_remove_fscaps(dentry); + } + +out_inode_unlock: + inode_unlock(inode); + + if (delegated_inode) { + error = break_deleg_wait(&delegated_inode); + if (!error) + goto retry_deleg; + } + + return error; +} +EXPORT_SYMBOL(vfs_remove_fscaps); + int __vfs_setxattr(struct mnt_idmap *idmap, struct dentry *dentry, struct inode *inode, const char *name, const void *value, diff --git a/include/linux/fs.h b/include/linux/fs.h index 4f5d7ed44644..c07427d2fc71 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -2122,6 +2122,8 @@ extern int vfs_get_fscaps(struct mnt_idmap *idmap, struct dentry *dentry, struct vfs_caps *caps); extern int vfs_set_fscaps(struct mnt_idmap *idmap, struct dentry *dentry, const struct vfs_caps *caps, int setxattr_flags); +extern int vfs_remove_fscaps_nosec(struct mnt_idmap *idmap, struct dentry *dentry); +extern int vfs_remove_fscaps(struct mnt_idmap *idmap, struct dentry *dentry); /** * enum freeze_holder - holder of the freeze From patchwork Wed Feb 21 21:24:51 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Seth Forshee (DigitalOcean)" X-Patchwork-Id: 204463 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:693c:2685:b0:108:e6aa:91d0 with SMTP id mn5csp1314341dyc; Wed, 21 Feb 2024 13:45:15 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCWB1M8qn/DclhUCRN+YI57+7+6qvk2qPY12NnRokQM21cGx8iHmMxeun5odtlTt9vGIkfBrC+cmL4kV81Iu2AUNaG0hng== X-Google-Smtp-Source: AGHT+IG0ycMHieRlAFHuy9e5jDkGiMyblc7xmVnRI0pHSiaNEciQvAns049GBNKGJS+ZejoCyWqe X-Received: by 2002:a05:6a20:4891:b0:19e:cba0:2bd5 with SMTP id fo17-20020a056a20489100b0019ecba02bd5mr17451201pzb.27.1708551914935; Wed, 21 Feb 2024 13:45:14 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708551914; cv=pass; d=google.com; s=arc-20160816; b=MeD1E45Ld/M3ugD/4NtcBM7jqmc6ecl4dwYPiEiKXqefBoviw0K6jgcPdUtMRCe2qQ sHq3DcTX/i6Z9F/qys8SmPY8+sFExu+RwTLppnBHz0ramWFXzrXQq1cqIReqQEuDJvx4 BZwCenBZPY9Wb20DygD8lvLva7vL0Hc/uXo7bUQI9nM5YufepxLYI/4ALpIqti9sRQFT 87Hethw3caehNf0yC+Ea289dDeOS7IhGemkz3CWTzSCcvtY/na82NRPQRD3p77bta89m gWD2tNgFoEdJ7eN9TqJSwTrBTWckM9KqA5GkZWgeTztbmzXrgtGj5RaZ8YoldLzofwvl x3zw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :subject:date:from:dkim-signature; bh=RKQ2Dy0/Ql3cByBgFBkVLdFZGsCHyHAYi8kNnby130U=; fh=hxP78V52DM11AQyZLnuoXzboSedtf373GjK953393po=; b=ZU5uQpWT+dJj94AV7yT8ogpBxY3D1+7jDcJhhiX8TixoOhm4J7APfEMh0+1wUQgzPt zUeIq20yKDcPR344c+Y3flpNdC+Ghi4MtbYdRzwWLbEvip92fnG92tgI32/Bkog01fd3 ra79JINTRs5GZjv2OTyhsjcdFyVw//Xn8klZcJkYaDG8yoNAX+RNAH48kNBx6fNtw1Vg fql30vJn7HNi5xgTI7UwVE3qitxn5yWINcM/S26EhUjvYmt/N2k8K6lqSPUpgKveTXe0 okuRmBY69to5qGg2xxrE1wfy2U5tMs8jlqsq6JeP5BJXjAPD72XhRloPoTG4R2vduBWm vBRw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=uqHKBP3J; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-75536-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-75536-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id f20-20020a056a0022d400b006e4720345b9si4913138pfj.101.2024.02.21.13.45.14 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 21 Feb 2024 13:45:14 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-75536-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=uqHKBP3J; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-75536-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-75536-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id D788E289422 for ; Wed, 21 Feb 2024 21:35:06 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 12B1A158D75; Wed, 21 Feb 2024 21:25:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="uqHKBP3J" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 54C3112DD91; Wed, 21 Feb 2024 21:25:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708550707; cv=none; b=KBrQYCzsHdOYqYU4eWLWaZOFrqcy/Pk5s92zfKWQ/36X3QtA2ruGu6RJxaaHn4e4kEmBTnJ8adhdY2e7RrIMbjTirsvME/vE95WR3n4lCBqr5DLMA1IFuOwnVJ1GWEJCs6TLJAo5EiO/JSFnZrhsgUHH1T0m+sfRJ6polOxLZjA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708550707; c=relaxed/simple; bh=ttWdljGV2VOOVlmLs8ch4F+B9OPu/3AJrV4l738gSBE=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=pw2v80WMhiGpLtqu9x5KB0I6HV5bC3+f6CIL7sKWUZlOQcY5EHaoPXuUx4Rfl/QvAjXVPuWSFB3OTZleUDoj0s/14Ah5RACKokbSzY7tKF2hWDnVrOQbokj+/lxK51PURSP0Ji+YSMGOTNuBX8bEmzbvxmh2dbT3oRjwJUyp9Z0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=uqHKBP3J; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPS id 2E595C36AEE; Wed, 21 Feb 2024 21:25:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1708550707; bh=ttWdljGV2VOOVlmLs8ch4F+B9OPu/3AJrV4l738gSBE=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=uqHKBP3J4IPMX2ack7XXoakPLKGIQWPInhHuqQcEsbokp77sYp+0fBwH7WFmzz1X2 ero9AJeBQJrkHPwe/FaDYck/ACfEJoZgUAzc+Op7aBaIdJVi+6Lzw4u8juhNq9HlAI d5uFcA29Z3Co9rw30F5W2vCC/31QIThKoHnAnPAm6qF/9vI23uOeyQzIUwbAy5b9yS 8ED4KrNbstsfd3mEjSxKkKHw8kexLcNnGqaCFJr0SLSHC5JmdRu8KmLnpjcEU9XLIB nLmaJqBWTTb8vtExN0sZ3E47+JhPHp+5Y064Qlix3nBNp+LkLqh5ccHEWk5KuYwf5V wGjCyip2arhWg== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 17B9FC5478C; Wed, 21 Feb 2024 21:25:07 +0000 (UTC) From: "Seth Forshee (DigitalOcean)" Date: Wed, 21 Feb 2024 15:24:51 -0600 Subject: [PATCH v2 20/25] ovl: add fscaps handlers Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20240221-idmap-fscap-refactor-v2-20-3039364623bd@kernel.org> References: <20240221-idmap-fscap-refactor-v2-0-3039364623bd@kernel.org> In-Reply-To: <20240221-idmap-fscap-refactor-v2-0-3039364623bd@kernel.org> To: Christian Brauner , Seth Forshee , Serge Hallyn , Paul Moore , Eric Paris , James Morris , Alexander Viro , Jan Kara , Stephen Smalley , Ondrej Mosnacek , Casey Schaufler , Mimi Zohar , Roberto Sassu , Dmitry Kasatkin , Eric Snowberg , "Matthew Wilcox (Oracle)" , Jonathan Corbet , Miklos Szeredi , Amir Goldstein Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, audit@vger.kernel.org, selinux@vger.kernel.org, linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org, linux-unionfs@vger.kernel.org X-Mailer: b4 0.12.4 X-Developer-Signature: v=1; a=openpgp-sha256; l=4817; i=sforshee@kernel.org; h=from:subject:message-id; bh=ttWdljGV2VOOVlmLs8ch4F+B9OPu/3AJrV4l738gSBE=; =?utf-8?q?b=3DowEBbQGS/pANAwAKAVMDma7l9DHJAcsmYgBl1moqr1C0o66vju1JEhWEhxdjP?= =?utf-8?q?9MjLsg75RZLdJMz_EGbaqxmJATMEAAEKAB0WIQSQnt+rKAvnETy4Hc9TA5mu5fQxy?= =?utf-8?q?QUCZdZqKgAKCRBTA5mu5fQxyasXB/_0ck2MmFB/6xo9OUk9n0uU1WV1hFMVoAQcMt?= =?utf-8?q?qmhIQz/2o92A+LSQK3qhijWqisOM+8FwP0mq2qJxzMN_vIR8aLOcS0thGDP0hfR39?= =?utf-8?q?KgwnIBaHRd/nB/r7IdYiRO+hJmxzhiWNUp1IIYYbAlGvxeD7YKcQaPI6w_ujDpQ/1?= =?utf-8?q?BRMFLG/aUZlWxGKGWcvTaun5znDQgPzJy2O4WmnYgB0YdN+3H+qKej3XIqL5cxd9t?= =?utf-8?q?pymr8a_HVtkrcMynShyHq7SIhQ1Hshd+ebeNCgKfG4XE3neYdZrCQjNHAcwys74za?= =?utf-8?q?Z8osEiqTuT5wf1p4sORt?= V1GcnFZzEQHrTdJSCnsZ7y7llnM8zr X-Developer-Key: i=sforshee@kernel.org; a=openpgp; fpr=2ABCA7498D83E1D32D51D3B5AB4800A62DB9F73A X-Endpoint-Received: by B4 Relay for sforshee@kernel.org/default with auth_id=103 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1791546532551848161 X-GMAIL-MSGID: 1791546532551848161 Add handlers which read fs caps from the lower or upper filesystem and write/remove fs caps to the upper filesystem, performing copy-up as necessary. While fscaps only really make sense on regular files, the general policy is to allow most xattr namespaces on all different inode types, so fscaps handlers are installed in the inode operations for all types of inodes. Signed-off-by: Seth Forshee (DigitalOcean) --- fs/overlayfs/dir.c | 2 ++ fs/overlayfs/inode.c | 72 ++++++++++++++++++++++++++++++++++++++++++++++++ fs/overlayfs/overlayfs.h | 5 ++++ 3 files changed, 79 insertions(+) diff --git a/fs/overlayfs/dir.c b/fs/overlayfs/dir.c index 0f8b4a719237..4ff360fe10c9 100644 --- a/fs/overlayfs/dir.c +++ b/fs/overlayfs/dir.c @@ -1307,6 +1307,8 @@ const struct inode_operations ovl_dir_inode_operations = { .get_inode_acl = ovl_get_inode_acl, .get_acl = ovl_get_acl, .set_acl = ovl_set_acl, + .get_fscaps = ovl_get_fscaps, + .set_fscaps = ovl_set_fscaps, .update_time = ovl_update_time, .fileattr_get = ovl_fileattr_get, .fileattr_set = ovl_fileattr_set, diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c index c63b31a460be..7a8978ea6fe1 100644 --- a/fs/overlayfs/inode.c +++ b/fs/overlayfs/inode.c @@ -568,6 +568,72 @@ int ovl_set_acl(struct mnt_idmap *idmap, struct dentry *dentry, } #endif +int ovl_get_fscaps(struct mnt_idmap *idmap, struct dentry *dentry, + struct vfs_caps *caps) +{ + int err; + const struct cred *old_cred; + struct path realpath; + + ovl_path_real(dentry, &realpath); + old_cred = ovl_override_creds(dentry->d_sb); + err = vfs_get_fscaps(mnt_idmap(realpath.mnt), realpath.dentry, caps); + revert_creds(old_cred); + return err; +} + +int ovl_set_fscaps(struct mnt_idmap *idmap, struct dentry *dentry, + const struct vfs_caps *caps, int setxattr_flags) +{ + int err; + struct ovl_fs *ofs = OVL_FS(dentry->d_sb); + struct dentry *upperdentry = ovl_dentry_upper(dentry); + struct dentry *realdentry = upperdentry ?: ovl_dentry_lower(dentry); + const struct cred *old_cred; + + /* + * If the fscaps are to be remove from a lower file, check that they + * exist before copying up. + */ + if (!caps && !upperdentry) { + struct path realpath; + struct vfs_caps lower_caps; + + ovl_path_lower(dentry, &realpath); + old_cred = ovl_override_creds(dentry->d_sb); + err = vfs_get_fscaps(mnt_idmap(realpath.mnt), realdentry, + &lower_caps); + revert_creds(old_cred); + if (err) + goto out; + } + + err = ovl_want_write(dentry); + if (err) + goto out; + + err = ovl_copy_up(dentry); + if (err) + goto out_drop_write; + upperdentry = ovl_dentry_upper(dentry); + + old_cred = ovl_override_creds(dentry->d_sb); + if (!caps) + err = vfs_remove_fscaps(ovl_upper_mnt_idmap(ofs), upperdentry); + else + err = vfs_set_fscaps(ovl_upper_mnt_idmap(ofs), upperdentry, + caps, setxattr_flags); + revert_creds(old_cred); + + /* copy c/mtime */ + ovl_copyattr(d_inode(dentry)); + +out_drop_write: + ovl_drop_write(dentry); +out: + return err; +} + int ovl_update_time(struct inode *inode, int flags) { if (flags & S_ATIME) { @@ -747,6 +813,8 @@ static const struct inode_operations ovl_file_inode_operations = { .get_inode_acl = ovl_get_inode_acl, .get_acl = ovl_get_acl, .set_acl = ovl_set_acl, + .get_fscaps = ovl_get_fscaps, + .set_fscaps = ovl_set_fscaps, .update_time = ovl_update_time, .fiemap = ovl_fiemap, .fileattr_get = ovl_fileattr_get, @@ -758,6 +826,8 @@ static const struct inode_operations ovl_symlink_inode_operations = { .get_link = ovl_get_link, .getattr = ovl_getattr, .listxattr = ovl_listxattr, + .get_fscaps = ovl_get_fscaps, + .set_fscaps = ovl_set_fscaps, .update_time = ovl_update_time, }; @@ -769,6 +839,8 @@ static const struct inode_operations ovl_special_inode_operations = { .get_inode_acl = ovl_get_inode_acl, .get_acl = ovl_get_acl, .set_acl = ovl_set_acl, + .get_fscaps = ovl_get_fscaps, + .set_fscaps = ovl_set_fscaps, .update_time = ovl_update_time, }; diff --git a/fs/overlayfs/overlayfs.h b/fs/overlayfs/overlayfs.h index ee949f3e7c77..4f948749ee02 100644 --- a/fs/overlayfs/overlayfs.h +++ b/fs/overlayfs/overlayfs.h @@ -781,6 +781,11 @@ static inline struct posix_acl *ovl_get_acl_path(const struct path *path, } #endif +int ovl_get_fscaps(struct mnt_idmap *idmap, struct dentry *dentry, + struct vfs_caps *caps); +int ovl_set_fscaps(struct mnt_idmap *idmap, struct dentry *dentry, + const struct vfs_caps *caps, int setxattr_flags); + int ovl_update_time(struct inode *inode, int flags); bool ovl_is_private_xattr(struct super_block *sb, const char *name); From patchwork Wed Feb 21 21:24:52 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Seth Forshee (DigitalOcean)" X-Patchwork-Id: 204464 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:693c:2685:b0:108:e6aa:91d0 with SMTP id mn5csp1314449dyc; Wed, 21 Feb 2024 13:45:31 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCXZO2tBDndortiJngq+oNGs13gHwUd/N5/GM2cjrrIircStfReX1qphP14/3USM594oCYWBMvyrxbwBuDU5f8Sve6DWlQ== X-Google-Smtp-Source: AGHT+IF+cd8HuePQ6CPBl1Xr9SXza5wgvxYzQ2X7/ELYgQ0iYxSpaqt/q9+CTLY9hilFKqzUw4xD X-Received: by 2002:a17:90a:17a1:b0:299:d96f:9145 with SMTP id q30-20020a17090a17a100b00299d96f9145mr7113275pja.0.1708551931351; Wed, 21 Feb 2024 13:45:31 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708551931; cv=pass; d=google.com; s=arc-20160816; b=Jo1eX2A15snqRwfuStebDkQm92/cYwHeJoPWY0nXdY6zWbwnzYyJJ9xzA0Y+B/RPuB 1YdFq44+ZZzjE6+0i0xt3LO/BZKoAxMNMhkAWy6VCEsTBAfU6yaksCelBNzOCfXS9o8/ d42xWtbX1SvckSyZrAAvkX50y/08HjKQBiyFmCbnl2RTKpg/llAFIIbzHIoX11ghCCpS nh0n/GINjHvSky1MeuF2iFQ/FxiGkA70JttxGVXTJSbTiw/ivdwhMbYuJbAXAPD3SSGC JRalvsLdp3dyfl6X1y35HoAuIjrzO4p1R6IDFIhjU6vgZIQt78KpNV0D7pp6SLr1MjTH UBng== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :subject:date:from:dkim-signature; bh=RNJBv/LcPb0BeuQJmtnJ4a5yHAdeN0MQrKMH5MkhSMQ=; fh=hxP78V52DM11AQyZLnuoXzboSedtf373GjK953393po=; b=Oaubp3PaauMxgKKqIna8EVa6epDKp09wVlgZy1c05Q8sbtrkFndVKGuhl3PFvE7uuK kkizx+/ztV9DyE7WRET5cLE9YSQE0/vXwt9hv8+MALEwPC30CwPUY5iZkNTWM1aO1zwB dd0MIto8rHbbVS/971Wfnd/Jz4RH/2ZquwC7VhIGSFY7cYBzKkcH84+L2k4mGRYRcJea 3i7WOj3Gd8G6l8jfvTuysmBOAG4lzImlqT9gY6/Wq62cJOZvvgn4azjWIq7TvJIDVbUI WPd5LpKWWkO10Nn/xx2Nv3iwCZ424rd7VuAq/4FW+kuDxjf1VzsfnZcYnbUbtmX4L5vq dR0w==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=EZqTenVf; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-75539-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-75539-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id d11-20020a17090a498b00b0029689cd7463si2203708pjh.186.2024.02.21.13.45.31 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 21 Feb 2024 13:45:31 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-75539-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=EZqTenVf; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-75539-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-75539-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 9F9FD2895E2 for ; Wed, 21 Feb 2024 21:35:15 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 432D6158D83; Wed, 21 Feb 2024 21:25:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="EZqTenVf" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7FB6512E1DF; Wed, 21 Feb 2024 21:25:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708550707; cv=none; b=T8C5TPl4zhOxwfGQSJyTtViA5Q9VIk3mdKsUoADRqMHqFQz8fFjTp4Gd9Logi3hRR06zr/ZkPiX1LZnrqpXFUy/fSXwN/HgXxJj5LU3Lb29+uNe9rBcXk9QHkJSh4RV9SJ/5kqxxc/ZVII49/EbqzOzpSHsmLDHail5+xPBnSj0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708550707; c=relaxed/simple; bh=zODK8f1Oy6szXpHeADRTdhogMg3GAwHuizUWMJpE3DE=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=QruHK1h+evfwFcpkYp0fAKRp5bLv5ksY5MUhVuu5Q7O591me5f+3UGo6ZuZEmRtJc25C38C9WIid9iOECUiBjhRl4+zLUQd1r9lNKNLZf4xAcNGyTj511GjHB/zAAosQFifCLyf1A/F+KdDvQkoOPQqy8YwGy04u/MSPXWWvHes= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=EZqTenVf; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPS id 3AB51C4AF75; Wed, 21 Feb 2024 21:25:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1708550707; bh=zODK8f1Oy6szXpHeADRTdhogMg3GAwHuizUWMJpE3DE=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=EZqTenVf4PLgedTk1rJ753Y6K4Dpv0W+PXOQ+O6XztyKcvNh1FE7lHIrpUjKps0FB BE8fgzu2nqU0fm1hvmeCWrNIJXyeigiIA6CJtIBy0CeExigttHfIPUNoIReHEj91rS n8dSratBFnSdVJt4+CPzym1SwMREEyF9g1MKfOPrU/LrBhfXNWZMyADs12eTMKAnZn JPBthukiLEhLl/cAkGrEOwLc2PLLboFdudLK5fawpg3Lx45Wnw0Ji1YrBH7/j5jjsS Hyay/OR1tYUESoA6X/0MZ4CH4+tgI4RMh75woXvMMb8jM9tQz/5WP5m4qdMQTxyAgZ FWCPpe1pXmGIQ== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2A073C54791; Wed, 21 Feb 2024 21:25:07 +0000 (UTC) From: "Seth Forshee (DigitalOcean)" Date: Wed, 21 Feb 2024 15:24:52 -0600 Subject: [PATCH v2 21/25] ovl: use vfs_{get,set}_fscaps() for copy-up Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20240221-idmap-fscap-refactor-v2-21-3039364623bd@kernel.org> References: <20240221-idmap-fscap-refactor-v2-0-3039364623bd@kernel.org> In-Reply-To: <20240221-idmap-fscap-refactor-v2-0-3039364623bd@kernel.org> To: Christian Brauner , Seth Forshee , Serge Hallyn , Paul Moore , Eric Paris , James Morris , Alexander Viro , Jan Kara , Stephen Smalley , Ondrej Mosnacek , Casey Schaufler , Mimi Zohar , Roberto Sassu , Dmitry Kasatkin , Eric Snowberg , "Matthew Wilcox (Oracle)" , Jonathan Corbet , Miklos Szeredi , Amir Goldstein Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, audit@vger.kernel.org, selinux@vger.kernel.org, linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org, linux-unionfs@vger.kernel.org X-Mailer: b4 0.12.4 X-Developer-Signature: v=1; a=openpgp-sha256; l=4041; i=sforshee@kernel.org; h=from:subject:message-id; bh=zODK8f1Oy6szXpHeADRTdhogMg3GAwHuizUWMJpE3DE=; =?utf-8?q?b=3DowEBbQGS/pANAwAKAVMDma7l9DHJAcsmYgBl1moryy7rWCDyCKYhTErtw9reV?= =?utf-8?q?BQghynbKThrJ7UB_cXmkPrOJATMEAAEKAB0WIQSQnt+rKAvnETy4Hc9TA5mu5fQxy?= =?utf-8?q?QUCZdZqKwAKCRBTA5mu5fQxyVGuB/_98YVYzC3rmVA+s5SJScrnZ4Y5tk6TMC1IC3?= =?utf-8?q?m8QqEF/wR9kN8x37EMkdEPDIonp4yWwKAp6jK5PHooi_f/TDfrw9dyMvPoFu1mtHO?= =?utf-8?q?k7vcZiK+5YhYlIWrGhaRNAhn89fEQAq8U0XJc0QZMBWZX3zC/JjGALUIe_AXfYqoT?= =?utf-8?q?kymSa8cturCezE9r8NumhzW5fw2Xeam38vDff9hJEQnZdTqoORMKGVWyvWlcy0o7g?= =?utf-8?q?1kEuga_GwQcCqZY7BooJEggxTGYotp66PNUyX0oamXw/4QROT9Cldpj8wp9PrlATv?= =?utf-8?q?F94aP27wamFYLAmAwztP?= 1sjZ5ZJP6nJXzabi+skNTzn9983WmN X-Developer-Key: i=sforshee@kernel.org; a=openpgp; fpr=2ABCA7498D83E1D32D51D3B5AB4800A62DB9F73A X-Endpoint-Received: by B4 Relay for sforshee@kernel.org/default with auth_id=103 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1791546549999537457 X-GMAIL-MSGID: 1791546549999537457 Using vfs_{get,set}xattr() for fscaps will be blocked in a future commit, so convert ovl to use the new interfaces. Also remove the now unused ovl_getxattr_value(). Reviewed-by: Amir Goldstein Signed-off-by: Seth Forshee (DigitalOcean) --- fs/overlayfs/copy_up.c | 72 ++++++++++++++++++++++++++------------------------ 1 file changed, 37 insertions(+), 35 deletions(-) diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c index b8e25ca51016..d7c8d76e2394 100644 --- a/fs/overlayfs/copy_up.c +++ b/fs/overlayfs/copy_up.c @@ -73,6 +73,23 @@ static int ovl_copy_acl(struct ovl_fs *ofs, const struct path *path, return err; } +static int ovl_copy_fscaps(struct ovl_fs *ofs, const struct path *oldpath, + struct dentry *new) +{ + struct vfs_caps capability; + int err; + + err = vfs_get_fscaps(mnt_idmap(oldpath->mnt), oldpath->dentry, + &capability); + if (err) { + if (err == -ENODATA || err == -EOPNOTSUPP) + return 0; + return err; + } + + return vfs_set_fscaps(ovl_upper_mnt_idmap(ofs), new, &capability, 0); +} + int ovl_copy_xattr(struct super_block *sb, const struct path *oldpath, struct dentry *new) { struct dentry *old = oldpath->dentry; @@ -130,6 +147,14 @@ int ovl_copy_xattr(struct super_block *sb, const struct path *oldpath, struct de break; } + if (is_fscaps_xattr(name)) { + error = ovl_copy_fscaps(OVL_FS(sb), oldpath, new); + if (!error) + continue; + /* fs capabilities must be copied */ + break; + } + retry: size = ovl_do_getxattr(oldpath, name, value, value_size); if (size == -ERANGE) @@ -1039,61 +1064,40 @@ static bool ovl_need_meta_copy_up(struct dentry *dentry, umode_t mode, return true; } -static ssize_t ovl_getxattr_value(const struct path *path, char *name, char **value) -{ - ssize_t res; - char *buf; - - res = ovl_do_getxattr(path, name, NULL, 0); - if (res == -ENODATA || res == -EOPNOTSUPP) - res = 0; - - if (res > 0) { - buf = kzalloc(res, GFP_KERNEL); - if (!buf) - return -ENOMEM; - - res = ovl_do_getxattr(path, name, buf, res); - if (res < 0) - kfree(buf); - else - *value = buf; - } - return res; -} - /* Copy up data of an inode which was copied up metadata only in the past. */ static int ovl_copy_up_meta_inode_data(struct ovl_copy_up_ctx *c) { struct ovl_fs *ofs = OVL_FS(c->dentry->d_sb); struct path upperpath; int err; - char *capability = NULL; - ssize_t cap_size; + struct vfs_caps capability; + bool has_capability = false; ovl_path_upper(c->dentry, &upperpath); if (WARN_ON(upperpath.dentry == NULL)) return -EIO; if (c->stat.size) { - err = cap_size = ovl_getxattr_value(&upperpath, XATTR_NAME_CAPS, - &capability); - if (cap_size < 0) + err = vfs_get_fscaps(mnt_idmap(upperpath.mnt), upperpath.dentry, + &capability); + if (!err) + has_capability = 1; + else if (err != -ENODATA && err != EOPNOTSUPP) goto out; } err = ovl_copy_up_data(c, &upperpath); if (err) - goto out_free; + goto out; /* * Writing to upper file will clear security.capability xattr. We * don't want that to happen for normal copy-up operation. */ ovl_start_write(c->dentry); - if (capability) { - err = ovl_do_setxattr(ofs, upperpath.dentry, XATTR_NAME_CAPS, - capability, cap_size, 0); + if (has_capability) { + err = vfs_set_fscaps(mnt_idmap(upperpath.mnt), upperpath.dentry, + &capability, 0); } if (!err) { err = ovl_removexattr(ofs, upperpath.dentry, @@ -1101,13 +1105,11 @@ static int ovl_copy_up_meta_inode_data(struct ovl_copy_up_ctx *c) } ovl_end_write(c->dentry); if (err) - goto out_free; + goto out; ovl_clear_flag(OVL_HAS_DIGEST, d_inode(c->dentry)); ovl_clear_flag(OVL_VERIFIED_DIGEST, d_inode(c->dentry)); ovl_set_upperdata(d_inode(c->dentry)); -out_free: - kfree(capability); out: return err; } From patchwork Wed Feb 21 21:24:53 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Seth Forshee (DigitalOcean)" X-Patchwork-Id: 204466 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:693c:2685:b0:108:e6aa:91d0 with SMTP id mn5csp1315244dyc; Wed, 21 Feb 2024 13:47:19 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCXxG3aWH+g7fDsoqS8mQ515PmCsM/T+dfz8roce+g6UjCsElCzb7IP4o/yTHohOuLK8uFxexwsLTNJGSKGlUzbF1dsbuA== X-Google-Smtp-Source: AGHT+IFzhfiwyqJnlbECHHxI3GBMk+CECQHaCbXH8dGtTMPTvux/fCJcTlkGWbkEjl5IcSJCFGWB X-Received: by 2002:a05:6a20:93a9:b0:19e:c3a1:238d with SMTP id x41-20020a056a2093a900b0019ec3a1238dmr21470586pzh.52.1708552038941; Wed, 21 Feb 2024 13:47:18 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708552038; cv=pass; d=google.com; s=arc-20160816; b=We8zgTq9gKgCaVxtLGpc3w2CQHQQF31ST0kuUs/NoE6xu8PeDz58/6Jv63huDDJPdT JCnPQJTFCrMSHbfby1W03WTvnAN9WE/SfSF2206Udtz+MAkyDsbiJKXwbLJv81rQLBa4 32QsWbHLPPnzXftnwDZ7QewwCTvbdidDM/FIHfaJk7+pRkUVy0N5SG2BIxAgJRvFFac1 QjWDAW/GY8sldUwr4d0/4wJFGmyJ/EheA2mNSfx87Pes0dnSKr92jEeFIWZHLs0ILQAq V/8r5glFxRPYqfAQJX23iLLloYxsoEJdMUkaY+jGgZCUPQjIRfoA0DllJr0pcc5K/UXi ssew== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :subject:date:from:dkim-signature; bh=m/h2lbqvhtqVrxrRF0N3CAy8lTOxN8POgnn0R48BNbc=; fh=hxP78V52DM11AQyZLnuoXzboSedtf373GjK953393po=; b=iVYtoS+2oM2/665Of4HcK5T1SjiDqMeV+ExciwiNiv5H3T1wxossDLxe5wvoLt4sT4 BWCwU2wan2wMTz+KeeWLcremyj+j62Vxl+D7g32LZmJOwaHmsh7OVwAGvz3vnqZHI95v won//nD8bonGJr6ufvr7M0HtqJ0d1WCY6hz9HvgGoPSN6VOfa5aWQlAlfUgAgr2ErSMH 44D5gZTauSCucvTGsJfUE0WF/zfPLLL5GuXzut3BCdMhA3boxUOUqdaakvdWaZk9quEA xhPyVGwuFh4ToVUnifPsBdkoVR9jtq69WchxSAYAzPDrAhyNE7PXqzpLP+lBsGJ6OO4r fhGA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="a/DrHt2k"; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-75541-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-75541-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161]) by mx.google.com with ESMTPS id x185-20020a6363c2000000b005dc477d69ddsi8824113pgb.25.2024.02.21.13.47.18 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 21 Feb 2024 13:47:18 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-75541-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="a/DrHt2k"; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-75541-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-75541-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 66F27B291AD for ; Wed, 21 Feb 2024 21:35:52 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 3A0F9159580; Wed, 21 Feb 2024 21:25:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="a/DrHt2k" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8485412E1E8; Wed, 21 Feb 2024 21:25:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708550707; cv=none; b=dseJqO9nVSpov9Srg1XmV/laayeeRhiBmTUAwUz0HAHvYL68s0K2quPuJ2Z/60QqBZYqIpX7WX/uct1bWFtBorquXOtwIiPbkGaNDsPGsl782h0XJVVJNs+/SVB+EJ7YZ4TlSbHl92pfh7EXoNtX/pUzj2i48Pzo/TZeDii8LqE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708550707; c=relaxed/simple; bh=RQFtdcZgDrf45vR2XiLoEkCPweXmO4ZdGDXy9B9n38k=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=ZtfBuVHrXmTD87yDgF+ldZY87NqvSgHzUWCiWADHbeyxfflQpnPattt7A9kYnTapEc8R7B5jaESXZ1XEyjJkUSvsNsuqN4n0oQ3d8bUdcoM2/SCytjbuxElEO9yo1kujPzRCK0ZfBfCA5IWWa556Na+j0fhIQSZonrrf1HR+khY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=a/DrHt2k; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPS id 4B21FC341C8; Wed, 21 Feb 2024 21:25:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1708550707; bh=RQFtdcZgDrf45vR2XiLoEkCPweXmO4ZdGDXy9B9n38k=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=a/DrHt2kmlpWdSvlfpEqoT+ztdgYDFlQx+ciof4tYe7LF1KVF37Ba0B1z/zcyF//n s/dlkzoyTrW/XbIz6ACIbJMaJDxL0HYAp3dFFCwBDQ7am4xSVN6FUDOLsMqbmX9cZY aAJ6QYC9tQ1u54O1o8ca7yjXn1UXn3Wf1oe4DdekQxO04Vb4vMi8wqF71bscivyze5 x12nGIE5ZVRLGAa9NKLmtCvOH9Yo+uNjkqPPBzdqQeiTytcs5MBMnRSG1VXyPmkoEr +1dq6dIcfoeKPPFybfp7hf1Do4+6+Im1/z/ONhjKneEdbOzK77kI1L3Xbn2PJ5yURn 5wMgcIUYJh90g== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 38EA8C54798; Wed, 21 Feb 2024 21:25:07 +0000 (UTC) From: "Seth Forshee (DigitalOcean)" Date: Wed, 21 Feb 2024 15:24:53 -0600 Subject: [PATCH v2 22/25] fs: use vfs interfaces for capabilities xattrs Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20240221-idmap-fscap-refactor-v2-22-3039364623bd@kernel.org> References: <20240221-idmap-fscap-refactor-v2-0-3039364623bd@kernel.org> In-Reply-To: <20240221-idmap-fscap-refactor-v2-0-3039364623bd@kernel.org> To: Christian Brauner , Seth Forshee , Serge Hallyn , Paul Moore , Eric Paris , James Morris , Alexander Viro , Jan Kara , Stephen Smalley , Ondrej Mosnacek , Casey Schaufler , Mimi Zohar , Roberto Sassu , Dmitry Kasatkin , Eric Snowberg , "Matthew Wilcox (Oracle)" , Jonathan Corbet , Miklos Szeredi , Amir Goldstein Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, audit@vger.kernel.org, selinux@vger.kernel.org, linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org, linux-unionfs@vger.kernel.org X-Mailer: b4 0.12.4 X-Developer-Signature: v=1; a=openpgp-sha256; l=8472; i=sforshee@kernel.org; h=from:subject:message-id; bh=RQFtdcZgDrf45vR2XiLoEkCPweXmO4ZdGDXy9B9n38k=; =?utf-8?q?b=3DowEBbQGS/pANAwAKAVMDma7l9DHJAcsmYgBl1mosKTAjMWeC0JwdcAIeT/V7q?= =?utf-8?q?bWgZMaWg9RP69NM_lVsgG1+JATMEAAEKAB0WIQSQnt+rKAvnETy4Hc9TA5mu5fQxy?= =?utf-8?q?QUCZdZqLAAKCRBTA5mu5fQxyYsNB/_9Y4IU7+FdOu481pv/83xdJkuv3HJDQ0OP6d?= =?utf-8?q?PEatAyIagnNoameoxxxOXPAJKIj5Q4CkEed978+mLU2_kAgoUny2gWC/i4OaBfuMH?= =?utf-8?q?hHIX/npJMtYubeIoEdBcvSEMwkUj8HT7HP0Ximcmuy/CiumUMSn1i8uyI_6q6X5c1?= =?utf-8?q?Bamvez+8NIfJ9Dh+OUk4jDZgWUc0rOzf5WprMEmBnUKNDF5R0erPvqoJ2wgO2BbCx?= =?utf-8?q?6eErI4_s++SjtCrwT16me5yj5VUN+2Ix7qkRevh08dpk06QcqYJENzMHW9hkJmy5g?= =?utf-8?q?/XjN3HtxwEWdW7qnUJ05?= E9Boh3G9Ai9l4Tn+77y40mzF1cubex X-Developer-Key: i=sforshee@kernel.org; a=openpgp; fpr=2ABCA7498D83E1D32D51D3B5AB4800A62DB9F73A X-Endpoint-Received: by B4 Relay for sforshee@kernel.org/default with auth_id=103 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1791546663093879485 X-GMAIL-MSGID: 1791546663093879485 Now that all the plumbing is in place, switch over to using the new inode operations to get/set fs caps. This pushes all mapping of ids into the caller's user ns to above the vfs_*() level, making this consistent with other vfs_*() interfaces. cap_convert_nscap() is updated to return vfs_caps and moved to be called from the new code path for setting fscaps. This means that use of vfs_setxattr() will no longer remap ids in fscap xattrs, but all code which used vfs_setxattr() for fscaps xattrs has been converted to the new interfaces. Removing the mapping of fscaps rootids from vfs_getxattr() is more invovled and will be addressed in a later commit. Signed-off-by: Seth Forshee (DigitalOcean) --- fs/xattr.c | 49 ++++++++++++++++++++++++---- include/linux/capability.h | 2 +- security/commoncap.c | 79 +++++++++++++++------------------------------- 3 files changed, 69 insertions(+), 61 deletions(-) diff --git a/fs/xattr.c b/fs/xattr.c index 8b0f7384cbc9..30eff6bc4f6d 100644 --- a/fs/xattr.c +++ b/fs/xattr.c @@ -534,13 +534,6 @@ vfs_setxattr(struct mnt_idmap *idmap, struct dentry *dentry, const void *orig_value = value; int error; - if (size && is_fscaps_xattr(name)) { - error = cap_convert_nscap(idmap, dentry, &value, size); - if (error < 0) - return error; - size = error; - } - retry_deleg: inode_lock(inode); error = __vfs_setxattr_locked(idmap, dentry, name, value, size, @@ -851,6 +844,24 @@ int do_setxattr(struct mnt_idmap *idmap, struct dentry *dentry, return do_set_acl(idmap, dentry, ctx->kname->name, ctx->kvalue, ctx->size); + if (is_fscaps_xattr(ctx->kname->name)) { + struct vfs_caps caps; + int ret; + + /* + * rootid is already in the mount idmap, so pass nop_mnt_idmap + * so that it won't be mapped. + */ + ret = vfs_caps_from_xattr(&nop_mnt_idmap, current_user_ns(), + &caps, ctx->kvalue, ctx->size); + if (ret) + return ret; + ret = cap_convert_nscap(idmap, dentry, &caps); + if (ret) + return ret; + return vfs_set_fscaps(idmap, dentry, &caps, ctx->flags); + } + return vfs_setxattr(idmap, dentry, ctx->kname->name, ctx->kvalue, ctx->size, ctx->flags); } @@ -949,6 +960,27 @@ do_getxattr(struct mnt_idmap *idmap, struct dentry *d, ssize_t error; char *kname = ctx->kname->name; + if (is_fscaps_xattr(kname)) { + struct vfs_caps caps; + struct vfs_ns_cap_data data; + int ret; + + ret = vfs_get_fscaps(idmap, d, &caps); + if (ret) + return ret; + /* + * rootid is already in the mount idmap, so pass nop_mnt_idmap + * so that it won't be mapped. + */ + ret = vfs_caps_to_user_xattr(&nop_mnt_idmap, current_user_ns(), + &caps, &data, ctx->size); + if (ret < 0) + return ret; + if (ctx->size && copy_to_user(ctx->value, &data, ret)) + return -EFAULT; + return ret; + } + if (ctx->size) { if (ctx->size > XATTR_SIZE_MAX) ctx->size = XATTR_SIZE_MAX; @@ -1139,6 +1171,9 @@ removexattr(struct mnt_idmap *idmap, struct dentry *d, if (is_posix_acl_xattr(kname)) return vfs_remove_acl(idmap, d, kname); + if (is_fscaps_xattr(kname)) + return vfs_remove_fscaps(idmap, d); + return vfs_removexattr(idmap, d, kname); } diff --git a/include/linux/capability.h b/include/linux/capability.h index eb06d7c6224b..5e7cbf07e3a7 100644 --- a/include/linux/capability.h +++ b/include/linux/capability.h @@ -229,6 +229,6 @@ int get_vfs_caps_from_disk(struct mnt_idmap *idmap, struct vfs_caps *cpu_caps); int cap_convert_nscap(struct mnt_idmap *idmap, struct dentry *dentry, - const void **ivalue, size_t size); + struct vfs_caps *caps); #endif /* !_LINUX_CAPABILITY_H */ diff --git a/security/commoncap.c b/security/commoncap.c index 19affcfa3126..4254e5e46024 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -485,27 +485,21 @@ int cap_inode_getsecurity(struct mnt_idmap *idmap, } /** - * rootid_from_xattr - translate root uid of vfs caps + * rootid_from_vfs_caps - translate root uid of vfs caps * - * @value: vfs caps value which may be modified by this function - * @size: size of @ivalue + * @caps: vfs caps value which may be modified by this function * @task_ns: user namespace of the caller + * + * Return the rootid from a v3 fs cap, or the id of root in the task's user + * namespace for v1 and v2 fs caps. */ -static vfsuid_t rootid_from_xattr(const void *value, size_t size, - struct user_namespace *task_ns) +static vfsuid_t rootid_from_vfs_caps(const struct vfs_caps *caps, + struct user_namespace *task_ns) { - const struct vfs_ns_cap_data *nscap = value; - uid_t rootid = 0; - - if (size == XATTR_CAPS_SZ_3) - rootid = le32_to_cpu(nscap->rootid); - - return VFSUIDT_INIT(make_kuid(task_ns, rootid)); -} + if ((caps->magic_etc & VFS_CAP_REVISION_MASK) == VFS_CAP_REVISION_3) + return caps->rootid; -static bool validheader(size_t size, const struct vfs_cap_data *cap) -{ - return is_v2header(size, cap) || is_v3header(size, cap); + return VFSUIDT_INIT(make_kuid(task_ns, 0)); } /** @@ -513,11 +507,10 @@ static bool validheader(size_t size, const struct vfs_cap_data *cap) * * @idmap: idmap of the mount the inode was found from * @dentry: used to retrieve inode to check permissions on - * @ivalue: vfs caps value which may be modified by this function - * @size: size of @ivalue + * @caps: vfs caps which may be modified by this function * - * User requested a write of security.capability. If needed, update the - * xattr to change from v2 to v3, or to fixup the v3 rootid. + * User requested a write of security.capability. Check permissions, and if + * needed, update the xattr to change from v2 to v3. * * If the inode has been found through an idmapped mount the idmap of * the vfsmount must be passed through @idmap. This function will then @@ -525,59 +518,39 @@ static bool validheader(size_t size, const struct vfs_cap_data *cap) * permissions. On non-idmapped mounts or if permission checking is to be * performed on the raw inode simply pass @nop_mnt_idmap. * - * Return: On success, return the new size; on error, return < 0. + * Return: On success, return 0; on error, return < 0. */ int cap_convert_nscap(struct mnt_idmap *idmap, struct dentry *dentry, - const void **ivalue, size_t size) + struct vfs_caps *caps) { - struct vfs_ns_cap_data *nscap; - uid_t nsrootid; - const struct vfs_cap_data *cap = *ivalue; - __u32 magic, nsmagic; struct inode *inode = d_backing_inode(dentry); struct user_namespace *task_ns = current_user_ns(), *fs_ns = inode->i_sb->s_user_ns; - kuid_t rootid; vfsuid_t vfsrootid; - size_t newsize; + __u32 revision; - if (!*ivalue) - return -EINVAL; - if (!validheader(size, cap)) + revision = sansflags(caps->magic_etc); + if (revision != VFS_CAP_REVISION_2 && revision != VFS_CAP_REVISION_3) return -EINVAL; if (!capable_wrt_inode_uidgid(idmap, inode, CAP_SETFCAP)) return -EPERM; - if (size == XATTR_CAPS_SZ_2 && (idmap == &nop_mnt_idmap)) + if (revision == VFS_CAP_REVISION_2 && (idmap == &nop_mnt_idmap)) if (ns_capable(inode->i_sb->s_user_ns, CAP_SETFCAP)) /* user is privileged, just write the v2 */ - return size; + return 0; - vfsrootid = rootid_from_xattr(*ivalue, size, task_ns); + vfsrootid = rootid_from_vfs_caps(caps, task_ns); if (!vfsuid_valid(vfsrootid)) return -EINVAL; - rootid = from_vfsuid(idmap, fs_ns, vfsrootid); - if (!uid_valid(rootid)) + if (!vfsuid_has_fsmapping(idmap, fs_ns, vfsrootid)) return -EINVAL; - nsrootid = from_kuid(fs_ns, rootid); - if (nsrootid == -1) - return -EINVAL; + caps->rootid = vfsrootid; + caps->magic_etc = VFS_CAP_REVISION_3 | + (caps->magic_etc & VFS_CAP_FLAGS_EFFECTIVE); - newsize = sizeof(struct vfs_ns_cap_data); - nscap = kmalloc(newsize, GFP_ATOMIC); - if (!nscap) - return -ENOMEM; - nscap->rootid = cpu_to_le32(nsrootid); - nsmagic = VFS_CAP_REVISION_3; - magic = le32_to_cpu(cap->magic_etc); - if (magic & VFS_CAP_FLAGS_EFFECTIVE) - nsmagic |= VFS_CAP_FLAGS_EFFECTIVE; - nscap->magic_etc = cpu_to_le32(nsmagic); - memcpy(&nscap->data, &cap->data, sizeof(__le32) * 2 * VFS_CAP_U32); - - *ivalue = nscap; - return newsize; + return 0; } /* From patchwork Wed Feb 21 21:24:54 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Seth Forshee (DigitalOcean)" X-Patchwork-Id: 204462 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:693c:2685:b0:108:e6aa:91d0 with SMTP id mn5csp1314285dyc; Wed, 21 Feb 2024 13:45:05 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCXEU3/0dOPokLpWdMJmnicWLQusZZj1bhLVTcjVWXaBT63Hym8qbIYS8rsXVILVh1jXH45LwHBa3wE0epSesGzlaRTZQw== X-Google-Smtp-Source: AGHT+IHBfFLCd1nHHD0w8D9ifZ6NJy2YUMYsvWK3m+FTMTvVlFQG/+tpXjDNUhSaWRtCXpDo5Eah X-Received: by 2002:a05:6358:6509:b0:17b:602f:24ba with SMTP id v9-20020a056358650900b0017b602f24bamr3158842rwg.21.1708551905078; Wed, 21 Feb 2024 13:45:05 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708551905; cv=pass; d=google.com; s=arc-20160816; b=UcwBwW6ooVtA7lstgd+RmntKt2AiKCDI8RuUQUoKoyprxg31kwVcQpY9usmaYI2+fg Q2tBxHw+TdKei9/ktlioQG14eoZ8iCW+CB3heWBEROXHFcDRJeSbF80Ce8LZR6lJBBml ScTpcS648xsN6fLobr/Xft6/6BZBxEu226xc3N7gDORGv8EWGuXG3zYdIV8EOSl7ztpe LgUL5ZIiceWdeFpFE5WwP4aW/2B8FMVGxxIzZKrr6W9peyRAgZWOYZeptup12unimCkY w9nvEUnD5Cj18f6/tVFwr3H9GvNdaBZTn36umNJil5aY1/esD1rhJqBfAZHIXXUc2CNz h2QA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :subject:date:from:dkim-signature; bh=CwSnto9Vb7GzvkYkANFtovqFO6057gstwpsvSe1M/kg=; fh=hxP78V52DM11AQyZLnuoXzboSedtf373GjK953393po=; b=Mre0hmr3kbzwc1h7OYVdRSVYJ5roWx83+UGulfCrk/lZNRWffC2MCPLe2rGl1PhVTl Q4+KVhJJLeFw0DUaR4gjXIuAtTRYQIPf0yiTZa823I0xocNxEo4Y2SejAP1f1z4eZvTH 3AWwcpEuORE9M+xNuJOKRsoQg9eBTPSCP0gxaUpNnmbCvOUA7XdOm61Yc1y8BQcmC/Pg 8OOsKaKzk5BJzaAJHphtAQ7wcYDZjRPwYTZcOzQKMuE3GawNBWXU2nE2DNr0MPoBqYM5 OdfzlKjXr4AKGkWwvY7fLYEaU3TT07bsFGut/EDdFflMbMVQXXMDfYrpACjF7SgPJzeK eFMQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=MucllrXh; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-75540-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-75540-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id fc34-20020a056a002e2200b006e0977b2d56si9033056pfb.160.2024.02.21.13.45.04 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 21 Feb 2024 13:45:05 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-75540-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=MucllrXh; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-75540-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-75540-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 7259A289945 for ; Wed, 21 Feb 2024 21:35:35 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id ADF93159562; Wed, 21 Feb 2024 21:25:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="MucllrXh" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 847E312E1E7; Wed, 21 Feb 2024 21:25:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708550707; cv=none; b=uxswRoY6a9h+sDixW7Pt1mYRxg0Vnp8kifLUEMMHRfpHEifAPFtrYNGUqojykFZgJz76jdPHAcYvUSDRavNrTTCLS1Y4Iid+L4UfwSfntrabIBf43hWSHpMvxaCyx4CV8zad+n1qL60vt0S2q3mRvtXXn+RNbaf+87kSh631dxY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708550707; c=relaxed/simple; bh=1TYsrROC+3Gbnk0WZAJOXwUVYboiTmQbZsKMb1rgvU8=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=ffk2NP2tSw+zmurJgjP4mVQu63yM3LJYP78LqKS40NgiifxYqip9tGr4+4YUS3KdW7Zj1nB6Iyf+tC1jIgPCL3LSAZs8KHPfdXyJB53svG02tP5naxD0FQ4G3F00rz8xzXMtnBxd0xM85sane+la+Yi1IJjxIiuOiSRkOJFya5Y= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=MucllrXh; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPS id 5BCE7C43399; Wed, 21 Feb 2024 21:25:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1708550707; bh=1TYsrROC+3Gbnk0WZAJOXwUVYboiTmQbZsKMb1rgvU8=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=MucllrXhQ6r7FsX+38fnZ1aUg5j9bgZ9FERXnXaWlK+CdSrY6t8Z33IjHZFmA7LF8 cP59OvY345sKFw5R1EHoi6RhHdZKkN90srP7istMzXTcNq+ErR4m+h0cnn8awp2rC+ 2pAKWkB3H5JVZ/3xoIXQj7/kR56fY2BXt622InZC/q/D+i7m8mXddO60lkZkIivWLi ABc4JnFdJ2wis5xnr8c5VUEWxTJ0gcfvWRxuBQtse/a1jn75SqJ0ktoGAQCTpdfiOW WEeNLQ+o3/ul7xKCk+Sn+uy5JMv5ZOSm+sE+MYd3miXOfLvmay6AEM8ZyC7D4Djlkb xabQ7ECfdfLuw== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 46830C5479F; Wed, 21 Feb 2024 21:25:07 +0000 (UTC) From: "Seth Forshee (DigitalOcean)" Date: Wed, 21 Feb 2024 15:24:54 -0600 Subject: [PATCH v2 23/25] commoncap: remove cap_inode_getsecurity() Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20240221-idmap-fscap-refactor-v2-23-3039364623bd@kernel.org> References: <20240221-idmap-fscap-refactor-v2-0-3039364623bd@kernel.org> In-Reply-To: <20240221-idmap-fscap-refactor-v2-0-3039364623bd@kernel.org> To: Christian Brauner , Seth Forshee , Serge Hallyn , Paul Moore , Eric Paris , James Morris , Alexander Viro , Jan Kara , Stephen Smalley , Ondrej Mosnacek , Casey Schaufler , Mimi Zohar , Roberto Sassu , Dmitry Kasatkin , Eric Snowberg , "Matthew Wilcox (Oracle)" , Jonathan Corbet , Miklos Szeredi , Amir Goldstein Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, audit@vger.kernel.org, selinux@vger.kernel.org, linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org, linux-unionfs@vger.kernel.org X-Mailer: b4 0.12.4 X-Developer-Signature: v=1; a=openpgp-sha256; l=6353; i=sforshee@kernel.org; h=from:subject:message-id; bh=1TYsrROC+3Gbnk0WZAJOXwUVYboiTmQbZsKMb1rgvU8=; =?utf-8?q?b=3DowEBbQGS/pANAwAKAVMDma7l9DHJAcsmYgBl1motCgsTy90LeHpbc+1t508RR?= =?utf-8?q?XtO5Tr7ynwS2xU5_yQgyIXmJATMEAAEKAB0WIQSQnt+rKAvnETy4Hc9TA5mu5fQxy?= =?utf-8?q?QUCZdZqLQAKCRBTA5mu5fQxyQ9cB/_9MkVi0GeoZBdDB2ESik5DH2lKt0/HCAcGaH?= =?utf-8?q?hI2z5p4iKB9cR3qimVKy6AeRQZfs0uvL4bMpX25vrN3_vkSxeQd54+0Yi2B2vbiVY?= =?utf-8?q?4RcQdgOgGdROsu4Gb1qFojTTV1755axxStzIFUMmgnl5YeRHN+23qBTLL_IxEOnql?= =?utf-8?q?duM5TIE0uA6dNQ0PUxLJ0qJCQr37gIq2p+3sAtcmseSnVzD+t6LOujXssQqvrMEqi?= =?utf-8?q?levLgY_HJYwxlHlhQFsf4GXMGNvncW/+2qM8tkzBoNYP3lDU//O6orY9JA3BXJ5MY?= =?utf-8?q?rARhiuq4ID02RQF65O6C?= Yae6GRpnBH1D3evacGuX1iUEaVptSk X-Developer-Key: i=sforshee@kernel.org; a=openpgp; fpr=2ABCA7498D83E1D32D51D3B5AB4800A62DB9F73A X-Endpoint-Received: by B4 Relay for sforshee@kernel.org/default with auth_id=103 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1791546522442173810 X-GMAIL-MSGID: 1791546522442173810 Reading of fscaps xattrs is now done via vfs_get_fscaps(), so there is no longer any need to do it from security_inode_getsecurity(). Remove cap_inode_getsecurity() and its associated helpers which are now unused. We don't allow reading capabilities xattrs this way anyomre, so remove the handler and associated helpers. Acked-by: Paul Moore Signed-off-by: Seth Forshee (DigitalOcean) --- include/linux/security.h | 5 +- security/commoncap.c | 132 ----------------------------------------------- 2 files changed, 1 insertion(+), 136 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index 40be548e5e12..599d665eac71 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -162,9 +162,6 @@ int cap_inode_removexattr(struct mnt_idmap *idmap, struct dentry *dentry, const char *name); int cap_inode_need_killpriv(struct dentry *dentry); int cap_inode_killpriv(struct mnt_idmap *idmap, struct dentry *dentry); -int cap_inode_getsecurity(struct mnt_idmap *idmap, - struct inode *inode, const char *name, void **buffer, - bool alloc); extern int cap_mmap_addr(unsigned long addr); extern int cap_mmap_file(struct file *file, unsigned long reqprot, unsigned long prot, unsigned long flags); @@ -984,7 +981,7 @@ static inline int security_inode_getsecurity(struct mnt_idmap *idmap, const char *name, void **buffer, bool alloc) { - return cap_inode_getsecurity(idmap, inode, name, buffer, alloc); + return -EOPNOTSUPP; } static inline int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags) diff --git a/security/commoncap.c b/security/commoncap.c index 4254e5e46024..a0ff7e6092e0 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -353,137 +353,6 @@ static __u32 sansflags(__u32 m) return m & ~VFS_CAP_FLAGS_EFFECTIVE; } -static bool is_v2header(int size, const struct vfs_cap_data *cap) -{ - if (size != XATTR_CAPS_SZ_2) - return false; - return sansflags(le32_to_cpu(cap->magic_etc)) == VFS_CAP_REVISION_2; -} - -static bool is_v3header(int size, const struct vfs_cap_data *cap) -{ - if (size != XATTR_CAPS_SZ_3) - return false; - return sansflags(le32_to_cpu(cap->magic_etc)) == VFS_CAP_REVISION_3; -} - -/* - * getsecurity: We are called for security.* before any attempt to read the - * xattr from the inode itself. - * - * This gives us a chance to read the on-disk value and convert it. If we - * return -EOPNOTSUPP, then vfs_getxattr() will call the i_op handler. - * - * Note we are not called by vfs_getxattr_alloc(), but that is only called - * by the integrity subsystem, which really wants the unconverted values - - * so that's good. - */ -int cap_inode_getsecurity(struct mnt_idmap *idmap, - struct inode *inode, const char *name, void **buffer, - bool alloc) -{ - int size; - kuid_t kroot; - vfsuid_t vfsroot; - u32 nsmagic, magic; - uid_t root, mappedroot; - char *tmpbuf = NULL; - struct vfs_cap_data *cap; - struct vfs_ns_cap_data *nscap = NULL; - struct dentry *dentry; - struct user_namespace *fs_ns; - - if (strcmp(name, "capability") != 0) - return -EOPNOTSUPP; - - dentry = d_find_any_alias(inode); - if (!dentry) - return -EINVAL; - size = vfs_getxattr_alloc(idmap, dentry, XATTR_NAME_CAPS, &tmpbuf, - sizeof(struct vfs_ns_cap_data), GFP_NOFS); - dput(dentry); - /* gcc11 complains if we don't check for !tmpbuf */ - if (size < 0 || !tmpbuf) - goto out_free; - - fs_ns = inode->i_sb->s_user_ns; - cap = (struct vfs_cap_data *) tmpbuf; - if (is_v2header(size, cap)) { - root = 0; - } else if (is_v3header(size, cap)) { - nscap = (struct vfs_ns_cap_data *) tmpbuf; - root = le32_to_cpu(nscap->rootid); - } else { - size = -EINVAL; - goto out_free; - } - - kroot = make_kuid(fs_ns, root); - - /* If this is an idmapped mount shift the kuid. */ - vfsroot = make_vfsuid(idmap, fs_ns, kroot); - - /* If the root kuid maps to a valid uid in current ns, then return - * this as a nscap. */ - mappedroot = from_kuid(current_user_ns(), vfsuid_into_kuid(vfsroot)); - if (mappedroot != (uid_t)-1 && mappedroot != (uid_t)0) { - size = sizeof(struct vfs_ns_cap_data); - if (alloc) { - if (!nscap) { - /* v2 -> v3 conversion */ - nscap = kzalloc(size, GFP_ATOMIC); - if (!nscap) { - size = -ENOMEM; - goto out_free; - } - nsmagic = VFS_CAP_REVISION_3; - magic = le32_to_cpu(cap->magic_etc); - if (magic & VFS_CAP_FLAGS_EFFECTIVE) - nsmagic |= VFS_CAP_FLAGS_EFFECTIVE; - memcpy(&nscap->data, &cap->data, sizeof(__le32) * 2 * VFS_CAP_U32); - nscap->magic_etc = cpu_to_le32(nsmagic); - } else { - /* use allocated v3 buffer */ - tmpbuf = NULL; - } - nscap->rootid = cpu_to_le32(mappedroot); - *buffer = nscap; - } - goto out_free; - } - - if (!rootid_owns_currentns(vfsroot)) { - size = -EOVERFLOW; - goto out_free; - } - - /* This comes from a parent namespace. Return as a v2 capability */ - size = sizeof(struct vfs_cap_data); - if (alloc) { - if (nscap) { - /* v3 -> v2 conversion */ - cap = kzalloc(size, GFP_ATOMIC); - if (!cap) { - size = -ENOMEM; - goto out_free; - } - magic = VFS_CAP_REVISION_2; - nsmagic = le32_to_cpu(nscap->magic_etc); - if (nsmagic & VFS_CAP_FLAGS_EFFECTIVE) - magic |= VFS_CAP_FLAGS_EFFECTIVE; - memcpy(&cap->data, &nscap->data, sizeof(__le32) * 2 * VFS_CAP_U32); - cap->magic_etc = cpu_to_le32(magic); - } else { - /* use unconverted v2 */ - tmpbuf = NULL; - } - *buffer = cap; - } -out_free: - kfree(tmpbuf); - return size; -} - /** * rootid_from_vfs_caps - translate root uid of vfs caps * @@ -1633,7 +1502,6 @@ static struct security_hook_list capability_hooks[] __ro_after_init = { LSM_HOOK_INIT(bprm_creds_from_file, cap_bprm_creds_from_file), LSM_HOOK_INIT(inode_need_killpriv, cap_inode_need_killpriv), LSM_HOOK_INIT(inode_killpriv, cap_inode_killpriv), - LSM_HOOK_INIT(inode_getsecurity, cap_inode_getsecurity), LSM_HOOK_INIT(mmap_addr, cap_mmap_addr), LSM_HOOK_INIT(mmap_file, cap_mmap_file), LSM_HOOK_INIT(task_fix_setuid, cap_task_fix_setuid), From patchwork Wed Feb 21 21:24:55 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Seth Forshee (DigitalOcean)" X-Patchwork-Id: 204465 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:693c:2685:b0:108:e6aa:91d0 with SMTP id mn5csp1314986dyc; Wed, 21 Feb 2024 13:46:43 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCWn+14LpycVPFjP8axl4dK18XKK+B2ulgBjCWel51C2Ibnq7Md+4wWnK8trDc5AT0PbsCLg8At8IoVVWgD0DO96+lWhKA== X-Google-Smtp-Source: AGHT+IHJ0Rh4AtSH41OVD3L1Pbqcz4oWh9qZY7vMttge/8o9W7MKkePEpYQ7FReYh/PkZhdPAnbx X-Received: by 2002:a17:902:d48e:b0:1dc:1e7c:6dd4 with SMTP id c14-20020a170902d48e00b001dc1e7c6dd4mr6781467plg.68.1708552003418; Wed, 21 Feb 2024 13:46:43 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708552003; cv=pass; d=google.com; s=arc-20160816; b=MkYAKrhT8bgjnjpHAFL/0q8FmlyTo5ydNtY/qcG4JAKTk9h63vmnhjSiTHsiT4S5Xj T1Bi2m5ZQGGOCe/DqboQ61nuJuxLgpkt6iL738KGIqXjhBIzAOmnXreBFbMsgwRVNtxn 0JwFVcc4GjMmP7BOvyO8HMlcGPc+cI09yLGQEFJgEZGqxR2vDuUjlbVbLmxCosUeY8dS ufnJ24pEEOoC0HSatpKXJJRAkT+Gptto2UdCH0Z/QrA4355P1Kx17//mHdj2KzyrdasF i/2gwHc5UV27EJENWFL78mU4v0iWdGDEZJV/9uWpoG6aUjBwSzzfCROwnRPuQ058RBII b2Ww== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :subject:date:from:dkim-signature; bh=U41+CaG3SJ34szpRIDOot4FEUYppHGvei22FBnSTrKw=; fh=hxP78V52DM11AQyZLnuoXzboSedtf373GjK953393po=; b=h4rh6VDSuxx2Nf0ujL/9SDjBwSWnED9YbjI5dweEAuFbaJFwJSeswlxUjzql+Jc9NK LIFdBmfkehSYzR25QfRNRnE4Y2MoeGEEnHcozI3yp7x2e8jnwP20Lh5rPMhqTBjIY9Hd Oub7ZBqCyABqIqvGBQTukfeQL6crUW1spDxwVdsM2Anjvpu+s7igAJmPUYNlD9mYUfQt gxao4B4jtR+4I9d0kVSPiiAAArvVt5of0+/GtWAXPwLu0oHF51FOYpI5XqAasawVSwLo I+2ESc6vzlfzeth9FvlDt+Ei7XcuoBegrENzLkoyjaoTyBPrq7kr9ccoeWf7uoLR9Wlo 0hzg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=SKRsQRoc; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-75545-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-75545-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161]) by mx.google.com with ESMTPS id y22-20020a17090264d600b001dbe268a07fsi6817085pli.16.2024.02.21.13.46.43 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 21 Feb 2024 13:46:43 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-75545-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=SKRsQRoc; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-75545-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-75545-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id D5D45B28F07 for ; Wed, 21 Feb 2024 21:35:29 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 9111D158D99; Wed, 21 Feb 2024 21:25:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="SKRsQRoc" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B1C9F12F5B3; Wed, 21 Feb 2024 21:25:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708550707; cv=none; b=hCfJhxaFG5Tfcfr1kq1ZVLI8znJ1I9RlfwmnwyVIz+ZRmCTNFWiI/2xDU11RPmDK2QRUXgwW3tOBIPeeZE0mlR5bvBgQJWHXyA8ZOeUs2vOZWNJocxJKESkoF3bFoIhlLWRSaPGjvi4OfpQfXsi8sDbWafWpjGGuY4okn47xoY4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708550707; c=relaxed/simple; bh=zvbUblF/TCnxaSxVn34c8qD/M35GRlC4hQ2KeRAG42o=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=pwPR5pnB80Y05/NSyV+T8CCBnRtFql7ZOv/ahG5Q9dq4JW8KOI24P7/Ef0uyEd3DXWUIxFiseOg7K7F7Iy2QWu6bbxszunBI3zOazP4WDlafHkzXNx9iQbBsA92GWNvisEuQunS2R5v/n1uuDlR96uAqJkoY9iL48humC5nlxec= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=SKRsQRoc; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPS id 68AF3C4160D; Wed, 21 Feb 2024 21:25:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1708550707; bh=zvbUblF/TCnxaSxVn34c8qD/M35GRlC4hQ2KeRAG42o=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=SKRsQRocESZKds2vMmzDujSVC0SaK+TPB9iVo2XR4q47+NE6qs231rq9rzz933lJ5 oPVzUdevmGiNU9XRdwvvFnMaFD1ajdUz3cg/gsMYIk9Y4aVeS3vFCAjku65uyfG3Do su9OTtRzMfobX+5JdtwaJjMHr4k49WoRZY4SgkF52OWD63ZsSUUvHJwPlsmICJ0ahH 8fBe0zR8kwd0wtnJ+mqSGj9Nl2YRaen+lV7gGxd0aD7DA6IXBiQK4WRRkOw5QmwAUc jcxuZZAtzdHfaz3fHsCRfBb4H0Im2TZYioWp185DZbzBfKIhCVqwcm/1bwCa6TUEtB ePUEa8FJldjMA== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 53EA3C5478C; Wed, 21 Feb 2024 21:25:07 +0000 (UTC) From: "Seth Forshee (DigitalOcean)" Date: Wed, 21 Feb 2024 15:24:55 -0600 Subject: [PATCH v2 24/25] commoncap: use vfs fscaps interfaces Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20240221-idmap-fscap-refactor-v2-24-3039364623bd@kernel.org> References: <20240221-idmap-fscap-refactor-v2-0-3039364623bd@kernel.org> In-Reply-To: <20240221-idmap-fscap-refactor-v2-0-3039364623bd@kernel.org> To: Christian Brauner , Seth Forshee , Serge Hallyn , Paul Moore , Eric Paris , James Morris , Alexander Viro , Jan Kara , Stephen Smalley , Ondrej Mosnacek , Casey Schaufler , Mimi Zohar , Roberto Sassu , Dmitry Kasatkin , Eric Snowberg , "Matthew Wilcox (Oracle)" , Jonathan Corbet , Miklos Szeredi , Amir Goldstein Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, audit@vger.kernel.org, selinux@vger.kernel.org, linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org, linux-unionfs@vger.kernel.org X-Mailer: b4 0.12.4 X-Developer-Signature: v=1; a=openpgp-sha256; l=2792; i=sforshee@kernel.org; h=from:subject:message-id; bh=zvbUblF/TCnxaSxVn34c8qD/M35GRlC4hQ2KeRAG42o=; =?utf-8?q?b=3DowEBbQGS/pANAwAKAVMDma7l9DHJAcsmYgBl1motMsHmTPRzonCbUf17MUmkA?= =?utf-8?q?trgRQQP52t1limF_xnRCVamJATMEAAEKAB0WIQSQnt+rKAvnETy4Hc9TA5mu5fQxy?= =?utf-8?q?QUCZdZqLQAKCRBTA5mu5fQxySjhB/_9/xvaR6j6ROnXfKTxmKnKxnszhmNMXT1obo?= =?utf-8?q?WqLVttCDoIEShnCN3jNsyIpALo6DQpAxED7nadYlW2F_vDcaQlOVAqpLDZExtPdSn?= =?utf-8?q?IAd61AuZiTbo96dmmNv46xSZbKz4YFtYStNCCynSuEuJ6T5hDfXI8ZC7l_D++5+5X?= =?utf-8?q?5lQSz00p/UyCKeSsMVATo8TLtwEQ0z6Z+55owxbqadtCXLzeeT9jYnv43ixJny2K5?= =?utf-8?q?DFwAT/_ONWSTYt66Dh/JR/D5nJ8mlOrqPvXlnOYpONu68LvMfAd5c3IWAYp3NeQYi?= =?utf-8?q?6GFXjBbQuE0sXInhC7rb?= xFOguuTz0t3YgEiStWMwzbqX0R1zY8 X-Developer-Key: i=sforshee@kernel.org; a=openpgp; fpr=2ABCA7498D83E1D32D51D3B5AB4800A62DB9F73A X-Endpoint-Received: by B4 Relay for sforshee@kernel.org/default with auth_id=103 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1791546625386912610 X-GMAIL-MSGID: 1791546625386912610 Use the vfs interfaces for fetching file capabilities for killpriv checks and from get_vfs_caps_from_disk(). While there, update the kerneldoc for get_vfs_caps_from_disk() to explain how it is different from vfs_get_fscaps_nosec(). Signed-off-by: Seth Forshee (DigitalOcean) --- security/commoncap.c | 30 +++++++++++++----------------- 1 file changed, 13 insertions(+), 17 deletions(-) diff --git a/security/commoncap.c b/security/commoncap.c index a0ff7e6092e0..751bb26a06a6 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -296,11 +296,12 @@ int cap_capset(struct cred *new, */ int cap_inode_need_killpriv(struct dentry *dentry) { - struct inode *inode = d_backing_inode(dentry); + struct vfs_caps caps; int error; - error = __vfs_getxattr(dentry, inode, XATTR_NAME_CAPS, NULL, 0); - return error > 0; + /* Use nop_mnt_idmap for no mapping here as mapping is unimportant */ + error = vfs_get_fscaps_nosec(&nop_mnt_idmap, dentry, &caps); + return error == 0; } /** @@ -323,7 +324,7 @@ int cap_inode_killpriv(struct mnt_idmap *idmap, struct dentry *dentry) { int error; - error = __vfs_removexattr(idmap, dentry, XATTR_NAME_CAPS); + error = vfs_remove_fscaps_nosec(idmap, dentry); if (error == -EOPNOTSUPP) error = 0; return error; @@ -719,6 +720,10 @@ ssize_t vfs_caps_to_user_xattr(struct mnt_idmap *idmap, * @cpu_caps: vfs capabilities * * Extract the on-exec-apply capability sets for an executable file. + * For version 3 capabilities xattrs, returns the capabilities only if + * they are applicable to current_user_ns() (i.e. that the rootid + * corresponds to an ID which maps to ID 0 in current_user_ns() or an + * ancestor), and returns -ENODATA otherwise. * * If the inode has been found through an idmapped mount the idmap of * the vfsmount must be passed through @idmap. This function will then @@ -731,25 +736,16 @@ int get_vfs_caps_from_disk(struct mnt_idmap *idmap, struct vfs_caps *cpu_caps) { struct inode *inode = d_backing_inode(dentry); - int size, ret; - struct vfs_ns_cap_data data, *nscaps = &data; + int ret; if (!inode) return -ENODATA; - size = __vfs_getxattr((struct dentry *)dentry, inode, - XATTR_NAME_CAPS, &data, XATTR_CAPS_SZ); - if (size == -ENODATA || size == -EOPNOTSUPP) + ret = vfs_get_fscaps_nosec(idmap, (struct dentry *)dentry, cpu_caps); + if (ret == -EOPNOTSUPP || ret == -EOVERFLOW) /* no data, that's ok */ - return -ENODATA; + ret = -ENODATA; - if (size < 0) - return size; - - ret = vfs_caps_from_xattr(idmap, inode->i_sb->s_user_ns, - cpu_caps, nscaps, size); - if (ret == -EOVERFLOW) - return -ENODATA; if (ret) return ret; From patchwork Wed Feb 21 21:24:56 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Seth Forshee (DigitalOcean)" X-Patchwork-Id: 204457 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:693c:2685:b0:108:e6aa:91d0 with SMTP id mn5csp1312960dyc; Wed, 21 Feb 2024 13:41:35 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCX4b5hOnhQTNWNuytfWN5wnhcve57RmzwVwMnfGzvkF9ZvU75+ZCLhWnvR9ZEeFy1knqIw235j0av+kPzq4Yy+ML3ogew== X-Google-Smtp-Source: AGHT+IGNewhfF9Ww6JhEinZEbdtkPCJNelvphx5dF1+DPTGegq8n2xU1GUj/fl0EhPhwJxlAnCQp X-Received: by 2002:a17:906:c41:b0:a3e:96f4:492e with SMTP id t1-20020a1709060c4100b00a3e96f4492emr6110006ejf.31.1708551695390; Wed, 21 Feb 2024 13:41:35 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708551695; cv=pass; d=google.com; s=arc-20160816; b=JF+ulm81TtC9JOLLi0OKBsa2jxA+rmIwSer9dEF89+kU4ygPn3ED6S184vZlUWNsOi KJFX5qMVVhlbVOcGSgqiCPTeMtJeaJP9Hdyd0aK/vJUPCJ66/rJH/cCuI4dOIYhtbBAO 00+fG7tTUMDvthgFWBTBvQwlVtCgRj1gwUxuvErYwqEEnUct3rGMw1QmR0olecZcl246 NNuA84p2nILzdCPGjVFXhF+OlsSWcU4sOD50WoUUK8d/o48PGZpkUqZk9oituT5JWBOL CRO9+T0MSypn/fZxD1/kCnhIChvWyVvxW6IuG+oFpyjpKE9/KYE0VY+vATRejXcgmcjW Rkww== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :subject:date:from:dkim-signature; bh=uRh7z19NpZp4hjjlCrt949sqDyQFM6fv/MPeAHYVa8Q=; fh=hxP78V52DM11AQyZLnuoXzboSedtf373GjK953393po=; b=omn87R12UjM701RGsz5qdzDG6vptw83VkHn7iHgbYexcyUZWiHjV7CePcejZmtSFLT 0iqQ9yokG4O5Va8hiwpLqiIvOrQHzdd6Q3o2MjpGBSyQ4np2KL3bNEZW/l2ZOjoBfU/P 1K95cYBZJgr6g7bNersd0ti4mfDqckmHE9I6+lmIVqyIYutGQVQsMWk/OFpHwwcNoj8P GcjnpNsL1+dnwmu0kwwMiboWHTm1b/MX9JuLCqO0mOzWITb29d3sCcZihSyCQOoK/zBs 2yMbBO+aDfIEtrZ8gaHaEoJK6BDd/Du7AHpSo94yvo1f4waWlffnUj42439fab3c49er bXOQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=BRSh2cwD; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-75546-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-75546-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id cw15-20020a170906478f00b00a3f51d9d7d2si598888ejc.101.2024.02.21.13.41.35 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 21 Feb 2024 13:41:35 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-75546-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=BRSh2cwD; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-75546-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-75546-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 8CFEB1F254FB for ; Wed, 21 Feb 2024 21:35:15 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 4809A158D85; Wed, 21 Feb 2024 21:25:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="BRSh2cwD" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B6B8A12FB30; Wed, 21 Feb 2024 21:25:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708550707; cv=none; b=HboMgOmEtxyZzmQz11Tm7Lk3fo3OuwWTst9YoQPvjuqUbl1ovYXElMcqjWaFejy/0pUv0+5EApHPNM48ZUjBws14w5Mls7QdQs3v/XNUMXQmTaIxGc78Ld+sgw+BnS6RtN90fkGEZGsu8xD07qaLbi5Hh459XOZ1lbiqf02K6EM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708550707; c=relaxed/simple; bh=JkAYnCkvvJdZGpxH4b0zbmLDehUJl7XVpS/k3t/jU9U=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=H6PhMTWwGgklOkwQJCKeHQcxiEedR+0GdGaerzK943HYZmQ6J6MP9aSW6RMmqCzXfH368n/FRkpQR74HO///+emAlOr5AjC0QoPvhUaIIAGoXFbMyW8xa6r9K35irZhu4cSmN9dLwNLs2+09gAkxMh3LThm1I+Q9UK3D6C8Qp7c= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=BRSh2cwD; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPS id 73227C41679; Wed, 21 Feb 2024 21:25:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1708550707; bh=JkAYnCkvvJdZGpxH4b0zbmLDehUJl7XVpS/k3t/jU9U=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=BRSh2cwDivQmO5cvnVkqxeC7Nu/3tUOtiCSGbP9nzwTtRBOai53XjC60y7iBHWVCL Dx94tHN+ntUevMHXYVUbAS96T3OzjNnBeM8g6bT+w0cgsa+m/9GIMoWSOpL3L109Dy p/jRXZVKK3Qjitov8q4GUy+frcJTU6YE5Ie3LnK3jmqZAXOJeDLPo4jOozcggPjlcT bz3P6FSFwLZzaSt/6n//M6/PaXd4R8vES39SkmRstrtljgGBEWOAKbkiv5Bhk6T9n2 Pw+aGyaiA2KT1m8IKWHDlgRepdSTF3fyENURSQ5hgUUZSI7XfpBd46oydQjBI3KyjM z/g84a8N8kCRQ== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6283CC48BEB; Wed, 21 Feb 2024 21:25:07 +0000 (UTC) From: "Seth Forshee (DigitalOcean)" Date: Wed, 21 Feb 2024 15:24:56 -0600 Subject: [PATCH v2 25/25] vfs: return -EOPNOTSUPP for fscaps from vfs_*xattr() Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20240221-idmap-fscap-refactor-v2-25-3039364623bd@kernel.org> References: <20240221-idmap-fscap-refactor-v2-0-3039364623bd@kernel.org> In-Reply-To: <20240221-idmap-fscap-refactor-v2-0-3039364623bd@kernel.org> To: Christian Brauner , Seth Forshee , Serge Hallyn , Paul Moore , Eric Paris , James Morris , Alexander Viro , Jan Kara , Stephen Smalley , Ondrej Mosnacek , Casey Schaufler , Mimi Zohar , Roberto Sassu , Dmitry Kasatkin , Eric Snowberg , "Matthew Wilcox (Oracle)" , Jonathan Corbet , Miklos Szeredi , Amir Goldstein Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, audit@vger.kernel.org, selinux@vger.kernel.org, linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org, linux-unionfs@vger.kernel.org X-Mailer: b4 0.12.4 X-Developer-Signature: v=1; a=openpgp-sha256; l=1556; i=sforshee@kernel.org; h=from:subject:message-id; bh=JkAYnCkvvJdZGpxH4b0zbmLDehUJl7XVpS/k3t/jU9U=; =?utf-8?q?b=3DowEBbQGS/pANAwAKAVMDma7l9DHJAcsmYgBl1mouT6WPJX7a66eMZi03rVY0Q?= =?utf-8?q?ujcBq9Oshkq0LfM_Tuo4JCOJATMEAAEKAB0WIQSQnt+rKAvnETy4Hc9TA5mu5fQxy?= =?utf-8?q?QUCZdZqLgAKCRBTA5mu5fQxyYCgB/_945jyUfmMhsxGudorl5vI3QR/Ixu+abEbAK?= =?utf-8?q?QoQWFIgQCflgI7lEzlE8Gpqk4PF6fP+Z4ZfP0ipIhZW_Hvcg61i4lw3bmENsZEOVv?= =?utf-8?q?ExwPI4miDqPaQYM5MgS72JjInytlPLdJ5J9YHHPBvYMhUlUJvF4NzVBC1_9E242eb?= =?utf-8?q?zj+LwCGygOgJWhED2lY/Hb6uyrRFm1Cz7HpnhwU6iLvmwzI2zV1OW2VbkuTMnKBAY?= =?utf-8?q?o6R6P4_c+pauDINbyl1S9IwKjV1/Nmp3njKa6CF4FcIE+hdhnDFMdvpB7KmRK/3vS?= =?utf-8?q?9yDqlhgFpDIuqkf8wNp7?= kOXGHoNmPjZ5soY0mZi+wE1d1xksOV X-Developer-Key: i=sforshee@kernel.org; a=openpgp; fpr=2ABCA7498D83E1D32D51D3B5AB4800A62DB9F73A X-Endpoint-Received: by B4 Relay for sforshee@kernel.org/default with auth_id=103 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1791546302812648698 X-GMAIL-MSGID: 1791546302812648698 Now that the new vfs-level interfaces are fully supported and all code has been converted to use them, stop permitting use of the top-level vfs xattr interfaces for capabilities xattrs. Unlike with ACLs we still need to be able to work with fscaps xattrs using lower-level interfaces in a handful of places, so only use of the top-level xattr interfaces is restricted. Signed-off-by: Seth Forshee (DigitalOcean) --- fs/xattr.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/fs/xattr.c b/fs/xattr.c index 30eff6bc4f6d..2b8214c9534f 100644 --- a/fs/xattr.c +++ b/fs/xattr.c @@ -534,6 +534,9 @@ vfs_setxattr(struct mnt_idmap *idmap, struct dentry *dentry, const void *orig_value = value; int error; + if (WARN_ON_ONCE(is_fscaps_xattr(name))) + return -EOPNOTSUPP; + retry_deleg: inode_lock(inode); error = __vfs_setxattr_locked(idmap, dentry, name, value, size, @@ -649,6 +652,9 @@ vfs_getxattr(struct mnt_idmap *idmap, struct dentry *dentry, struct inode *inode = dentry->d_inode; int error; + if (WARN_ON_ONCE(is_fscaps_xattr(name))) + return -EOPNOTSUPP; + error = xattr_permission(idmap, inode, name, MAY_READ); if (error) return error; @@ -788,6 +794,9 @@ vfs_removexattr(struct mnt_idmap *idmap, struct dentry *dentry, struct inode *delegated_inode = NULL; int error; + if (WARN_ON_ONCE(is_fscaps_xattr(name))) + return -EOPNOTSUPP; + retry_deleg: inode_lock(inode); error = __vfs_removexattr_locked(idmap, dentry,