lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 10 Aug 2023 09:57:35 -0400
From:   Jeff Layton <jlayton@...nel.org>
To:     Christian Brauner <brauner@...nel.org>
Cc:     Alexander Viro <viro@...iv.linux.org.uk>,
        Trond Myklebust <trond.myklebust@...merspace.com>,
        Anna Schumaker <anna@...nel.org>,
        Paul Moore <paul@...l-moore.com>,
        James Morris <jmorris@...ei.org>,
        "Serge E. Hallyn" <serge@...lyn.com>,
        Stephen Smalley <stephen.smalley.work@...il.com>,
        Eric Paris <eparis@...isplace.org>,
        Casey Schaufler <casey@...aufler-ca.com>,
        David Howells <dhowells@...hat.com>,
        Scott Mayhew <smayhew@...hat.com>,
        Stephen Smalley <sds@...ho.nsa.gov>,
        linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
        linux-nfs@...r.kernel.org, linux-security-module@...r.kernel.org,
        selinux@...r.kernel.org
Subject: Re: [PATCH v9] vfs, security: Fix automount superblock LSM init
 problem, preventing NFS sb sharing

On Tue, 2023-08-08 at 15:31 +0200, Christian Brauner wrote:
> On Tue, Aug 08, 2023 at 07:34:20AM -0400, Jeff Layton wrote:
> > From: David Howells <dhowells@...hat.com>
> > 
> > When NFS superblocks are created by automounting, their LSM parameters
> > aren't set in the fs_context struct prior to sget_fc() being called,
> > leading to failure to match existing superblocks.
> > 
> > This bug leads to messages like the following appearing in dmesg when
> > fscache is enabled:
> > 
> >     NFS: Cache volume key already in use (nfs,4.2,2,108,106a8c0,1,,,,100000,100000,2ee,3a98,1d4c,3a98,1)
> > 
> > Fix this by adding a new LSM hook to load fc->security for submount
> > creation.
> > 
> > Signed-off-by: David Howells <dhowells@...hat.com>
> > Signed-off-by: Jeff Layton <jlayton@...nel.org>
> > Fixes: 9bc61ab18b1d ("vfs: Introduce fs_context, switch vfs_kern_mount() to it.")
> > Fixes: 779df6a5480f ("NFS: Ensure security label is set for root inode)
> > Tested-by: Jeff Layton <jlayton@...nel.org>
> > Reviewed-by: Jeff Layton <jlayton@...nel.org>
> > Acked-by: Casey Schaufler <casey@...aufler-ca.com>

I've made a significant number of changes since Casey acked this. It
might be a good idea to drop his Acked-by (unless he wants to chime in
and ask us to keep it).

Thanks,
Jeff

> > Acked-by: "Christian Brauner (Microsoft)" <brauner@...nel.org>
> > Link: https://lore.kernel.org/r/165962680944.3334508.6610023900349142034.stgit@warthog.procyon.org.uk/ # v1
> > Link: https://lore.kernel.org/r/165962729225.3357250.14350728846471527137.stgit@warthog.procyon.org.uk/ # v2
> > Link: https://lore.kernel.org/r/165970659095.2812394.6868894171102318796.stgit@warthog.procyon.org.uk/ # v3
> > Link: https://lore.kernel.org/r/166133579016.3678898.6283195019480567275.stgit@warthog.procyon.org.uk/ # v4
> > Link: https://lore.kernel.org/r/217595.1662033775@warthog.procyon.org.uk/ # v5
> > ---
> > ver #2)
> > - Added Smack support
> > - Made LSM parameter extraction dependent on reference != NULL.
> > 
> > ver #3)
> > - Made LSM parameter extraction dependent on fc->purpose ==
> >    FS_CONTEXT_FOR_SUBMOUNT.  Shouldn't happen on FOR_RECONFIGURE.
> > 
> > ver #4)
> > - When doing a FOR_SUBMOUNT mount, don't set the root label in SELinux or Smack.
> > 
> > ver #5)
> > - Removed unused variable.
> > - Only allocate smack_mnt_opts if we're dealing with a submount.
> > 
> > ver #6)
> > - Rebase onto v6.5.0-rc4
> > - Link to v6: https://lore.kernel.org/r/20230802-master-v6-1-45d48299168b@kernel.org
> > 
> > ver #7)
> > - Drop lsm_set boolean
> > - Link to v7: https://lore.kernel.org/r/20230804-master-v7-1-5d4e48407298@kernel.org
> > 
> > ver #8)
> > - Remove spurious semicolon in smack_fs_context_init
> > - Make fs_context_init take a superblock as reference instead of dentry
> > - WARN_ON_ONCE's when fc->purpose != FS_CONTEXT_FOR_SUBMOUNT
> > - Call the security hook from fs_context_for_submount instead of alloc_fs_context
> > - Link to v8: https://lore.kernel.org/r/20230807-master-v8-1-54e249595f10@kernel.org
> > 
> > ver #9)
> > - rename *_fs_context_init to *_fs_context_submount
> > - remove checks for FS_CONTEXT_FOR_SUBMOUNT and NULL reference pointers
> > - fix prototype on smack_fs_context_submount
> 
> Thanks, this looks good from my perspective. If it looks fine to LSM
> folks as well I can put it with the rest of the super work for this
> cycle or it can go through the LSM tree.

-- 
Jeff Layton <jlayton@...nel.org>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ