lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 10 Aug 2023 07:43:37 -0700
From:   Casey Schaufler <casey@...aufler-ca.com>
To:     Jeff Layton <jlayton@...nel.org>,
        Christian Brauner <brauner@...nel.org>
Cc:     Alexander Viro <viro@...iv.linux.org.uk>,
        Trond Myklebust <trond.myklebust@...merspace.com>,
        Anna Schumaker <anna@...nel.org>,
        Paul Moore <paul@...l-moore.com>,
        James Morris <jmorris@...ei.org>,
        "Serge E. Hallyn" <serge@...lyn.com>,
        Stephen Smalley <stephen.smalley.work@...il.com>,
        Eric Paris <eparis@...isplace.org>,
        David Howells <dhowells@...hat.com>,
        Scott Mayhew <smayhew@...hat.com>,
        Stephen Smalley <sds@...ho.nsa.gov>,
        linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
        linux-nfs@...r.kernel.org, linux-security-module@...r.kernel.org,
        selinux@...r.kernel.org, Casey Schaufler <casey@...aufler-ca.com>
Subject: Re: [PATCH v9] vfs, security: Fix automount superblock LSM init
 problem, preventing NFS sb sharing

On 8/10/2023 6:57 AM, Jeff Layton wrote:
> On Tue, 2023-08-08 at 15:31 +0200, Christian Brauner wrote:
>> On Tue, Aug 08, 2023 at 07:34:20AM -0400, Jeff Layton wrote:
>>> From: David Howells <dhowells@...hat.com>
>>>
>>> When NFS superblocks are created by automounting, their LSM parameters
>>> aren't set in the fs_context struct prior to sget_fc() being called,
>>> leading to failure to match existing superblocks.
>>>
>>> This bug leads to messages like the following appearing in dmesg when
>>> fscache is enabled:
>>>
>>>     NFS: Cache volume key already in use (nfs,4.2,2,108,106a8c0,1,,,,100000,100000,2ee,3a98,1d4c,3a98,1)
>>>
>>> Fix this by adding a new LSM hook to load fc->security for submount
>>> creation.
>>>
>>> Signed-off-by: David Howells <dhowells@...hat.com>
>>> Signed-off-by: Jeff Layton <jlayton@...nel.org>
>>> Fixes: 9bc61ab18b1d ("vfs: Introduce fs_context, switch vfs_kern_mount() to it.")
>>> Fixes: 779df6a5480f ("NFS: Ensure security label is set for root inode)
>>> Tested-by: Jeff Layton <jlayton@...nel.org>
>>> Reviewed-by: Jeff Layton <jlayton@...nel.org>
>>> Acked-by: Casey Schaufler <casey@...aufler-ca.com>
> I've made a significant number of changes since Casey acked this. It
> might be a good idea to drop his Acked-by (unless he wants to chime in
> and ask us to keep it).

You can keep the Acked-by.

>
> Thanks,
> Jeff
>
>>> Acked-by: "Christian Brauner (Microsoft)" <brauner@...nel.org>
>>> Link: https://lore.kernel.org/r/165962680944.3334508.6610023900349142034.stgit@warthog.procyon.org.uk/ # v1
>>> Link: https://lore.kernel.org/r/165962729225.3357250.14350728846471527137.stgit@warthog.procyon.org.uk/ # v2
>>> Link: https://lore.kernel.org/r/165970659095.2812394.6868894171102318796.stgit@warthog.procyon.org.uk/ # v3
>>> Link: https://lore.kernel.org/r/166133579016.3678898.6283195019480567275.stgit@warthog.procyon.org.uk/ # v4
>>> Link: https://lore.kernel.org/r/217595.1662033775@warthog.procyon.org.uk/ # v5
>>> ---
>>> ver #2)
>>> - Added Smack support
>>> - Made LSM parameter extraction dependent on reference != NULL.
>>>
>>> ver #3)
>>> - Made LSM parameter extraction dependent on fc->purpose ==
>>>    FS_CONTEXT_FOR_SUBMOUNT.  Shouldn't happen on FOR_RECONFIGURE.
>>>
>>> ver #4)
>>> - When doing a FOR_SUBMOUNT mount, don't set the root label in SELinux or Smack.
>>>
>>> ver #5)
>>> - Removed unused variable.
>>> - Only allocate smack_mnt_opts if we're dealing with a submount.
>>>
>>> ver #6)
>>> - Rebase onto v6.5.0-rc4
>>> - Link to v6: https://lore.kernel.org/r/20230802-master-v6-1-45d48299168b@kernel.org
>>>
>>> ver #7)
>>> - Drop lsm_set boolean
>>> - Link to v7: https://lore.kernel.org/r/20230804-master-v7-1-5d4e48407298@kernel.org
>>>
>>> ver #8)
>>> - Remove spurious semicolon in smack_fs_context_init
>>> - Make fs_context_init take a superblock as reference instead of dentry
>>> - WARN_ON_ONCE's when fc->purpose != FS_CONTEXT_FOR_SUBMOUNT
>>> - Call the security hook from fs_context_for_submount instead of alloc_fs_context
>>> - Link to v8: https://lore.kernel.org/r/20230807-master-v8-1-54e249595f10@kernel.org
>>>
>>> ver #9)
>>> - rename *_fs_context_init to *_fs_context_submount
>>> - remove checks for FS_CONTEXT_FOR_SUBMOUNT and NULL reference pointers
>>> - fix prototype on smack_fs_context_submount
>> Thanks, this looks good from my perspective. If it looks fine to LSM
>> folks as well I can put it with the rest of the super work for this
>> cycle or it can go through the LSM tree.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ