[no subject]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I think we should keep the use of S_PRIVATE flag as it is for secretmem and kvm_gmem.
However, I'm uncertain about whether we still need security_inode_init_security_anon()
for inodes that are already marked S_PRIVATE.
The two seem contradictory. First, we mark an inode as private to bypass LSM checks,
but then initialize security context for it.

I'd appreciate the guidance from the security team.


> From 782a6053268d8a2bddf90ba18c008495b0791710 Mon Sep 17 00:00:00 2001
> From: David Hildenbrand <david@xxxxxxxxxx>
> Date: Tue, 22 Apr 2025 19:22:00 +0200
> Subject: [PATCH] tmp
> 
> Signed-off-by: David Hildenbrand <david@xxxxxxxxxx>
> ---
>  fs/anon_inodes.c   | 20 ++++++++++++++------
>  include/linux/fs.h |  1 +
>  mm/secretmem.c     |  9 +--------
>  3 files changed, 16 insertions(+), 14 deletions(-)
> 
> diff --git a/fs/anon_inodes.c b/fs/anon_inodes.c
> index 583ac81669c24..ea51fd582deb4 100644
> --- a/fs/anon_inodes.c
> +++ b/fs/anon_inodes.c
> @@ -55,17 +55,18 @@ static struct file_system_type anon_inode_fs_type = {
>      .kill_sb    = kill_anon_super,
>  };
>  
> -static struct inode *anon_inode_make_secure_inode(
> -    const char *name,
> -    const struct inode *context_inode)
> +static struct inode *anon_inode_make_secure_inode(struct super_block *s,
> +        const char *name, const struct inode *context_inode,
> +        bool fs_internal)
>  {
>      struct inode *inode;
>      int error;
>  
> -    inode = alloc_anon_inode(anon_inode_mnt->mnt_sb);
> +    inode = alloc_anon_inode(s);
>      if (IS_ERR(inode))
>          return inode;
> -    inode->i_flags &= ~S_PRIVATE;
> +    if (!fs_internal)
> +        inode->i_flags &= ~S_PRIVATE;
>      error =    security_inode_init_security_anon(inode, &QSTR(name),
>                            context_inode);
>      if (error) {
> @@ -75,6 +76,12 @@ static struct inode *anon_inode_make_secure_inode(
>      return inode;
>  }
>  
> +struct inode *alloc_anon_secure_inode(struct super_block *s, const char *name)
> +{
> +    return anon_inode_make_secure_inode(s, name, NULL, true);
> +}
> +EXPORT_SYMBOL_GPL(alloc_anon_secure_inode);
> +
>  static struct file *__anon_inode_getfile(const char *name,
>                       const struct file_operations *fops,
>                       void *priv, int flags,
> @@ -88,7 +95,8 @@ static struct file *__anon_inode_getfile(const char *name,
>          return ERR_PTR(-ENOENT);
>  
>      if (make_inode) {
> -        inode =    anon_inode_make_secure_inode(name, context_inode);
> +        inode =    anon_inode_make_secure_inode(anon_inode_mnt->mnt_sb,
> +                             name, context_inode, false);
>          if (IS_ERR(inode)) {
>              file = ERR_CAST(inode);
>              goto err;
> diff --git a/include/linux/fs.h b/include/linux/fs.h
> index 016b0fe1536e3..0fded2e3c661a 100644
> --- a/include/linux/fs.h
> +++ b/include/linux/fs.h
> @@ -3550,6 +3550,7 @@ extern int simple_write_begin(struct file *file, struct address_space *mapping,
>  extern const struct address_space_operations ram_aops;
>  extern int always_delete_dentry(const struct dentry *);
>  extern struct inode *alloc_anon_inode(struct super_block *);
> +extern struct inode *alloc_anon_secure_inode(struct super_block *, const char *);
>  extern int simple_nosetlease(struct file *, int, struct file_lease **, void **);
>  extern const struct dentry_operations simple_dentry_operations;
>  
> diff --git a/mm/secretmem.c b/mm/secretmem.c
> index 1b0a214ee5580..c0e459e58cb65 100644
> --- a/mm/secretmem.c
> +++ b/mm/secretmem.c
> @@ -195,18 +195,11 @@ static struct file *secretmem_file_create(unsigned long flags)
>      struct file *file;
>      struct inode *inode;
>      const char *anon_name = "[secretmem]";
> -    int err;
>  
> -    inode = alloc_anon_inode(secretmem_mnt->mnt_sb);
> +    inode = alloc_anon_secure_inode(secretmem_mnt->mnt_sb, anon_name);
>      if (IS_ERR(inode))
>          return ERR_CAST(inode);
>  
> -    err = security_inode_init_security_anon(inode, &QSTR(anon_name), NULL);
> -    if (err) {
> -        file = ERR_PTR(err);
> -        goto err_free_inode;
> -    }
> -
>      file = alloc_file_pseudo(inode, secretmem_mnt, "secretmem",
>                   O_RDWR, &secretmem_fops);
>      if (IS_ERR(file))

Thanks for the patch.
I have split this change into two patches and added required documentation.

Best Regards,
Shivank

--------------20J8wHG41v0zlwJYCL04QA7w
Content-Type: text/plain; charset=UTF-8;
 name="0003-fs-add-alloc_anon_secure_inode-for-allocating-secure.patch"
Content-Disposition: attachment;
 filename*0="0003-fs-add-alloc_anon_secure_inode-for-allocating-secure.pa";
 filename*1="tch"
Content-Transfer-Encoding: base64

RnJvbSA3OGY0ODQzN2E4OGIzYjcwYWE3ZDgwYTMyZGI0ZjI2OWEwODA0ZDE4IE1vbiBTZXAgMTcg
MDA6MDA6MDAgMjAwMQpGcm9tOiBEYXZpZCBIaWxkZW5icmFuZCA8ZGF2aWRAcmVkaGF0LmNvbT4K
RGF0ZTogVHVlLCA2IE1heSAyMDI1IDA5OjEzOjA1ICswMDAwClN1YmplY3Q6IFtQQVRDSCBWOCAz
LzldIGZzOiBhZGQgYWxsb2NfYW5vbl9zZWN1cmVfaW5vZGUoKSBmb3IgYWxsb2NhdGluZwogc2Vj
dXJlIGFub255bW91cyBpbm9kZXMKClRoaXMgaW50cm9kdWNlcyBhbGxvY19hbm9uX3NlY3VyZV9p
bm9kZSgpIGNvbWJpbmluZyBhbGxvY19hbm9uX2lub2RlKCkKd2l0aCBzZWN1cml0eV9pbm9kZV9p
bml0X3NlY3VyaXR5X2Fub24oKSwgc2ltaWxhciB0byBzZWNyZXRtZW0ncyB1c2FnZS4KCkFzIGRp
c2N1c3NlZCBbMV0sIHdlIG5lZWQgdGhpcyBmb3IgY2FzZXMgbGlrZSBzZWNyZXRtZW0gYW5kIGt2
bV9nbWVtCndoZW4gdGhlcmUgbWlnaHQgYmUgaW50ZXJlc3QgdG8gaGF2ZSBnbG9iYWwgYWNjZXNz
IGNvbnRyb2wgdmlhIExTTXMgYW5kCm5lZWQgcHJvcGVyIHNlY3VyaXR5IGxhYmVsaW5nIHdoaWxl
IG1haW50YWluaW5nIFNfUFJJVkFURS4KClRoZSBuZXcgaGVscGVyIGF2b2lkcyBkdXBsaWNhdGlu
ZyB0aGUgc2VjdXJpdHkgaW5pdGlhbGl6YXRpb24gZm9yIHNlY3JldG1lbQphbmQga3ZtX2dtZW0u
CgpbMV06IGh0dHBzOi8vbG9yZS5rZXJuZWwub3JnL2xpbnV4LW1tL2I5ZTVmYTQxLTYyZmQtNGIz
ZC1iYjJkLTI0YWU5ZDNjMzNkYUByZWRoYXQuY29tCgpTaWduZWQtb2ZmLWJ5OiBEYXZpZCBIaWxk
ZW5icmFuZCA8ZGF2aWRAcmVkaGF0LmNvbT4KW1NoaXZhbms6IGFkZCBkb2N1bWVudGF0aW9uXQpT
aWduZWQtb2ZmLWJ5OiBTaGl2YW5rIEdhcmcgPHNoaXZhbmtnQGFtZC5jb20+Ci0tLQogZnMvYW5v
bl9pbm9kZXMuYyAgIHwgNDYgKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysr
Ky0tLS0tLQogaW5jbHVkZS9saW51eC9mcy5oIHwgIDEgKwogMiBmaWxlcyBjaGFuZ2VkLCA0MSBp
bnNlcnRpb25zKCspLCA2IGRlbGV0aW9ucygtKQoKZGlmZiAtLWdpdCBhL2ZzL2Fub25faW5vZGVz
LmMgYi9mcy9hbm9uX2lub2Rlcy5jCmluZGV4IDU4M2FjODE2NjljMi4uNDc5ZWZjZWMyMGJjIDEw
MDY0NAotLS0gYS9mcy9hbm9uX2lub2Rlcy5jCisrKyBiL2ZzL2Fub25faW5vZGVzLmMKQEAgLTU1
LDE3ICs1NSwzMyBAQCBzdGF0aWMgc3RydWN0IGZpbGVfc3lzdGVtX3R5cGUgYW5vbl9pbm9kZV9m
c190eXBlID0gewogCS5raWxsX3NiCT0ga2lsbF9hbm9uX3N1cGVyLAogfTsKIAotc3RhdGljIHN0
cnVjdCBpbm9kZSAqYW5vbl9pbm9kZV9tYWtlX3NlY3VyZV9pbm9kZSgKLQljb25zdCBjaGFyICpu
YW1lLAotCWNvbnN0IHN0cnVjdCBpbm9kZSAqY29udGV4dF9pbm9kZSkKKy8qKgorICogYW5vbl9p
bm9kZV9tYWtlX3NlY3VyZV9pbm9kZSAtIGFsbG9jYXRlIGFuIGFub255bW91cyBpbm9kZSB3aXRo
IHNlY3VyaXR5IGNvbnRleHQKKyAqIEBzYjoJCVtpbl0JU3VwZXJibG9jayB0byBhbGxvY2F0ZSBm
cm9tCisgKiBAbmFtZToJW2luXQlOYW1lIG9mIHRoZSBjbGFzcyBvZiB0aGUgbmV3ZmlsZSAoZS5n
LiwgInNlY3JldG1lbSIpCisgKiBAY29udGV4dF9pbm9kZToKKyAqCQlbaW5dCU9wdGlvbmFsIHBh
cmVudCBpbm9kZSBmb3Igc2VjdXJpdHkgaW5oZXJpdGFuY2UKKyAqIEBmc19pbnRlcm5hbDoKKyAq
CQlbaW5dCUlmIHRydWUsIGtlZXAgU19QUklWQVRFIHNldCAoZmxhZyBpbmRpY2F0aW5nIGludGVy
bmFsIGZzIGlub2RlcykKKyAqCisgKiBUaGUgZnVuY3Rpb24gZW5zdXJlcyBwcm9wZXIgc2VjdXJp
dHkgaW5pdGlhbGl6YXRpb24gdGhyb3VnaCB0aGUgTFNNIGhvb2sKKyAqIHNlY3VyaXR5X2lub2Rl
X2luaXRfc2VjdXJpdHlfYW5vbigpLgorICoKKyAqIFJldHVybjoJUG9pbnRlciB0byBuZXcgaW5v
ZGUgb24gc3VjY2VzcywgRVJSX1BUUiBvbiBmYWlsdXJlLgorICovCitzdGF0aWMgc3RydWN0IGlu
b2RlICphbm9uX2lub2RlX21ha2Vfc2VjdXJlX2lub2RlKHN0cnVjdCBzdXBlcl9ibG9jayAqc2Is
CisJCWNvbnN0IGNoYXIgKm5hbWUsIGNvbnN0IHN0cnVjdCBpbm9kZSAqY29udGV4dF9pbm9kZSwK
KwkJYm9vbCBmc19pbnRlcm5hbCkKIHsKIAlzdHJ1Y3QgaW5vZGUgKmlub2RlOwogCWludCBlcnJv
cjsKIAotCWlub2RlID0gYWxsb2NfYW5vbl9pbm9kZShhbm9uX2lub2RlX21udC0+bW50X3NiKTsK
Kwlpbm9kZSA9IGFsbG9jX2Fub25faW5vZGUoc2IpOwogCWlmIChJU19FUlIoaW5vZGUpKQogCQly
ZXR1cm4gaW5vZGU7Ci0JaW5vZGUtPmlfZmxhZ3MgJj0gflNfUFJJVkFURTsKKwlpZiAoIWZzX2lu
dGVybmFsKQorCQlpbm9kZS0+aV9mbGFncyAmPSB+U19QUklWQVRFOworCiAJZXJyb3IgPQlzZWN1
cml0eV9pbm9kZV9pbml0X3NlY3VyaXR5X2Fub24oaW5vZGUsICZRU1RSKG5hbWUpLAogCQkJCQkJ
ICBjb250ZXh0X2lub2RlKTsKIAlpZiAoZXJyb3IpIHsKQEAgLTc1LDYgKzkxLDIzIEBAIHN0YXRp
YyBzdHJ1Y3QgaW5vZGUgKmFub25faW5vZGVfbWFrZV9zZWN1cmVfaW5vZGUoCiAJcmV0dXJuIGlu
b2RlOwogfQogCisvKioKKyAqIGFsbG9jX2Fub25fc2VjdXJlX2lub2RlIC0gYWxsb2NhdGUgYSBz
ZWN1cmUgYW5vbnltb3VzIGlub2RlCisgKiBAc2I6CQlbaW5dCVN1cGVyYmxvY2sgdG8gYWxsb2Nh
dGUgdGhlIGlub2RlIGZyb20KKyAqIEBuYW1lOglbaW5dCU5hbWUgb2YgdGhlIGNsYXNzIG9mIHRo
ZSBuZXdmaWxlIChlLmcuLCAic2VjcmV0bWVtIikKKyAqCisgKiBTcGVjaWFsaXplZCB2ZXJzaW9u
IG9mIGFub25faW5vZGVfbWFrZV9zZWN1cmVfaW5vZGUoKSBmb3IgZmlsZXN5c3RlbSB1c2UuCisg
KiBUaGlzIGNyZWF0ZXMgYW4gaW50ZXJuYWwtdXNlIGlub2RlLCBtYXJrZWQgd2l0aCBTX1BSSVZB
VEUgKGhpZGRlbiBmcm9tCisgKiB1c2Vyc3BhY2UpLgorICoKKyAqIFJldHVybjoJQSBwb2ludGVy
IHRvIHRoZSBuZXcgaW5vZGUgb24gc3VjY2VzcywgRVJSX1BUUiBvbiBmYWlsdXJlLgorICovCitz
dHJ1Y3QgaW5vZGUgKmFsbG9jX2Fub25fc2VjdXJlX2lub2RlKHN0cnVjdCBzdXBlcl9ibG9jayAq
c2IsIGNvbnN0IGNoYXIgKm5hbWUpCit7CisJcmV0dXJuIGFub25faW5vZGVfbWFrZV9zZWN1cmVf
aW5vZGUoc2IsIG5hbWUsIE5VTEwsIHRydWUpOworfQorRVhQT1JUX1NZTUJPTF9HUEwoYWxsb2Nf
YW5vbl9zZWN1cmVfaW5vZGUpOworCiBzdGF0aWMgc3RydWN0IGZpbGUgKl9fYW5vbl9pbm9kZV9n
ZXRmaWxlKGNvbnN0IGNoYXIgKm5hbWUsCiAJCQkJCSBjb25zdCBzdHJ1Y3QgZmlsZV9vcGVyYXRp
b25zICpmb3BzLAogCQkJCQkgdm9pZCAqcHJpdiwgaW50IGZsYWdzLApAQCAtODgsNyArMTIxLDgg
QEAgc3RhdGljIHN0cnVjdCBmaWxlICpfX2Fub25faW5vZGVfZ2V0ZmlsZShjb25zdCBjaGFyICpu
YW1lLAogCQlyZXR1cm4gRVJSX1BUUigtRU5PRU5UKTsKIAogCWlmIChtYWtlX2lub2RlKSB7Ci0J
CWlub2RlID0JYW5vbl9pbm9kZV9tYWtlX3NlY3VyZV9pbm9kZShuYW1lLCBjb250ZXh0X2lub2Rl
KTsKKwkJaW5vZGUgPQlhbm9uX2lub2RlX21ha2Vfc2VjdXJlX2lub2RlKGFub25faW5vZGVfbW50
LT5tbnRfc2IsCisJCQkJCQkgICAgIG5hbWUsIGNvbnRleHRfaW5vZGUsIGZhbHNlKTsKIAkJaWYg
KElTX0VSUihpbm9kZSkpIHsKIAkJCWZpbGUgPSBFUlJfQ0FTVChpbm9kZSk7CiAJCQlnb3RvIGVy
cjsKZGlmZiAtLWdpdCBhL2luY2x1ZGUvbGludXgvZnMuaCBiL2luY2x1ZGUvbGludXgvZnMuaApp
bmRleCAwMTZiMGZlMTUzNmUuLjBmZGVkMmUzYzY2MSAxMDA2NDQKLS0tIGEvaW5jbHVkZS9saW51
eC9mcy5oCisrKyBiL2luY2x1ZGUvbGludXgvZnMuaApAQCAtMzU1MCw2ICszNTUwLDcgQEAgZXh0
ZXJuIGludCBzaW1wbGVfd3JpdGVfYmVnaW4oc3RydWN0IGZpbGUgKmZpbGUsIHN0cnVjdCBhZGRy
ZXNzX3NwYWNlICptYXBwaW5nLAogZXh0ZXJuIGNvbnN0IHN0cnVjdCBhZGRyZXNzX3NwYWNlX29w
ZXJhdGlvbnMgcmFtX2FvcHM7CiBleHRlcm4gaW50IGFsd2F5c19kZWxldGVfZGVudHJ5KGNvbnN0
IHN0cnVjdCBkZW50cnkgKik7CiBleHRlcm4gc3RydWN0IGlub2RlICphbGxvY19hbm9uX2lub2Rl
KHN0cnVjdCBzdXBlcl9ibG9jayAqKTsKK2V4dGVybiBzdHJ1Y3QgaW5vZGUgKmFsbG9jX2Fub25f
c2VjdXJlX2lub2RlKHN0cnVjdCBzdXBlcl9ibG9jayAqLCBjb25zdCBjaGFyICopOwogZXh0ZXJu
IGludCBzaW1wbGVfbm9zZXRsZWFzZShzdHJ1Y3QgZmlsZSAqLCBpbnQsIHN0cnVjdCBmaWxlX2xl
YXNlICoqLCB2b2lkICoqKTsKIGV4dGVybiBjb25zdCBzdHJ1Y3QgZGVudHJ5X29wZXJhdGlvbnMg
c2ltcGxlX2RlbnRyeV9vcGVyYXRpb25zOwogCi0tIAoyLjM0LjEKCg==

--------------20J8wHG41v0zlwJYCL04QA7w
Content-Type: text/plain; charset=UTF-8;
 name="0004-mm-secretmem-use-alloc_anon_secure_inode.patch"
Content-Disposition: attachment;
 filename="0004-mm-secretmem-use-alloc_anon_secure_inode.patch"
Content-Transfer-Encoding: base64

RnJvbSBjYjlmMTE0YjMwOTdkNDlmOTlhMjI0Y2QzZDI0ODNkMTA2NzY2NTIxIE1vbiBTZXAgMTcg
MDA6MDA6MDAgMjAwMQpGcm9tOiBEYXZpZCBIaWxkZW5icmFuZCA8ZGF2aWRAcmVkaGF0LmNvbT4K
RGF0ZTogVHVlLCA2IE1heSAyMDI1IDA5OjIxOjI0ICswMDAwClN1YmplY3Q6IFtQQVRDSCBWOCA0
LzldIG1tL3NlY3JldG1lbTogdXNlIGFsbG9jX2Fub25fc2VjdXJlX2lub2RlKCkKClVzZSBhbGxv
Y19hbm9uX3NlY3VyZV9pbm9kZSgpIGluc3RlYWQgb2YgYWxsb2NfYW5vbl9pbm9kZSgpICsKc2Vj
dXJpdHlfaW5vZGVfaW5pdF9zZWN1cml0eV9hbm9uKCkgdG8gYXZvaWQgZHVwbGljYXRpbmcgdGhl
CmFub25faW5vZGVfbWFrZV9zZWN1cmVfaW5vZGUoKSBsb2dpYy4KClNpZ25lZC1vZmYtYnk6IERh
dmlkIEhpbGRlbmJyYW5kIDxkYXZpZEByZWRoYXQuY29tPgpTaWduZWQtb2ZmLWJ5OiBTaGl2YW5r
IEdhcmcgPHNoaXZhbmtnQGFtZC5jb20+Ci0tLQogbW0vc2VjcmV0bWVtLmMgfCA5ICstLS0tLS0t
LQogMSBmaWxlIGNoYW5nZWQsIDEgaW5zZXJ0aW9uKCspLCA4IGRlbGV0aW9ucygtKQoKZGlmZiAt
LWdpdCBhL21tL3NlY3JldG1lbS5jIGIvbW0vc2VjcmV0bWVtLmMKaW5kZXggMWIwYTIxNGVlNTU4
Li5jMGU0NTllNThjYjYgMTAwNjQ0Ci0tLSBhL21tL3NlY3JldG1lbS5jCisrKyBiL21tL3NlY3Jl
dG1lbS5jCkBAIC0xOTUsMTggKzE5NSwxMSBAQCBzdGF0aWMgc3RydWN0IGZpbGUgKnNlY3JldG1l
bV9maWxlX2NyZWF0ZSh1bnNpZ25lZCBsb25nIGZsYWdzKQogCXN0cnVjdCBmaWxlICpmaWxlOwog
CXN0cnVjdCBpbm9kZSAqaW5vZGU7CiAJY29uc3QgY2hhciAqYW5vbl9uYW1lID0gIltzZWNyZXRt
ZW1dIjsKLQlpbnQgZXJyOwogCi0JaW5vZGUgPSBhbGxvY19hbm9uX2lub2RlKHNlY3JldG1lbV9t
bnQtPm1udF9zYik7CisJaW5vZGUgPSBhbGxvY19hbm9uX3NlY3VyZV9pbm9kZShzZWNyZXRtZW1f
bW50LT5tbnRfc2IsIGFub25fbmFtZSk7CiAJaWYgKElTX0VSUihpbm9kZSkpCiAJCXJldHVybiBF
UlJfQ0FTVChpbm9kZSk7CiAKLQllcnIgPSBzZWN1cml0eV9pbm9kZV9pbml0X3NlY3VyaXR5X2Fu
b24oaW5vZGUsICZRU1RSKGFub25fbmFtZSksIE5VTEwpOwotCWlmIChlcnIpIHsKLQkJZmlsZSA9
IEVSUl9QVFIoZXJyKTsKLQkJZ290byBlcnJfZnJlZV9pbm9kZTsKLQl9Ci0KIAlmaWxlID0gYWxs
b2NfZmlsZV9wc2V1ZG8oaW5vZGUsIHNlY3JldG1lbV9tbnQsICJzZWNyZXRtZW0iLAogCQkJCSBP
X1JEV1IsICZzZWNyZXRtZW1fZm9wcyk7CiAJaWYgKElTX0VSUihmaWxlKSkKLS0gCjIuMzQuMQoK

--------------20J8wHG41v0zlwJYCL04QA7w--
[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [NTFS 3]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [NTFS 3]     [Samba]     [Device Mapper]     [CEPH Development]

  Powered by Linux