Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp2667876pxa;
        Mon, 17 Aug 2020 16:03:55 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJzzhufPH5dLhb4rGEJGZq/nr91ZnDh92o2xWfPYWIfozGSDVqcsMYMna6ki+cfXLFuotFWM
X-Received: by 2002:a05:6402:1bc1:: with SMTP id ch1mr17354908edb.142.1597705435070;
        Mon, 17 Aug 2020 16:03:55 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1597705435; cv=none;
        d=google.com; s=arc-20160816;
        b=vCPw6SYBxKz40s3B0zwttgPMSndcug0AppvZEZ8eAogmwPzlWW2gvri/BJZrplqf4k
         9kG2uVwoqQN6nVQSQ4HvWYnzLV2wEYf5jHbWa8iSkanIRzcCNTTyuNDTPOtGH+9drsWU
         4iGdllCBQhCE0vLUovI0ptCCzTBg+tvKKFzSD2iEAaWrvOAmZUkWPrULyFkVNqVU6g2K
         e8Q+/q/zxwXMDJn79jkRBI/+Du1nnjkmHCJfOKwbaDwnMNIG4SWTihSwnisLJHlwUe28
         p8aOYYS6TrB+9QXlyIYGR1gyAMgv1+rez5b6gjRlc6HIgZ3RCe1RHEzFd/FddJDL4M0M
         6O8Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:cc:to:subject
         :message-id:date:from:in-reply-to:references:mime-version
         :dkim-signature;
        bh=9EHgQ35aySRkSWoSC1c8YoXvxP+pSzRq6wKj/4IiByU=;
        b=nhxl0iV08+Y+/vMgNaUCKMn0zVHYxBBw0gVpmORvJSqIO2Hh94xQrfz7gA1wlHmSZF
         5zUn5Tf6unMjELKF9aKbdaNAzBSRshBCq7QYAvwyyp1KuU2Zs/THDzHoSTgGDf/obd2D
         BUMZZNajLdWoy5B3W3sxAQbTIXtH0tAzery/3yFbGwqnjF3qiNSXakhOvG+Nkrddd/1R
         WSY5mCyFAstW89DJC9JTopFHkGbutFq1jDkTU58PpMVskd82eGtKgXbrQqKfgY/4vGKc
         oXdvy6egOgr886VKs0O7saPuaEqEivMe61Q6O5qIYFKfK6/fX3UjTrLSDePK/x2STKuT
         taCQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=nmmwQZfs;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id ot7si12044816ejb.747.2020.08.17.16.03.31;
        Mon, 17 Aug 2020 16:03:55 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=nmmwQZfs;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727793AbgHQVKi (ORCPT <rfc822;parkch98@gmail.com> + 99 others);
        Mon, 17 Aug 2020 17:10:38 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58894 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1727792AbgHQVKd (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 17 Aug 2020 17:10:33 -0400
Received: from mail-io1-xd44.google.com (mail-io1-xd44.google.com [IPv6:2607:f8b0:4864:20::d44])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8C93CC061343
        for <linux-kernel@vger.kernel.org>; Mon, 17 Aug 2020 14:10:33 -0700 (PDT)
Received: by mail-io1-xd44.google.com with SMTP id u126so18982461iod.12
        for <linux-kernel@vger.kernel.org>; Mon, 17 Aug 2020 14:10:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc:content-transfer-encoding;
        bh=9EHgQ35aySRkSWoSC1c8YoXvxP+pSzRq6wKj/4IiByU=;
        b=nmmwQZfsGfkcsu0U0Ge/azJVsybIs0DClANORjcuXseaUqE7xU+GmjDUWh/r3evgV0
         iCf4N4rUJ/lHnNv1sezXrO6BPt99zGhlgtbI0H11Du2J8TpbpWF15LXlQHfv0wVdyput
         lK+CBcoR8bkNtpNTY9p58zgpDkX4+O1osLkhB8U+7ipxNJuv95p1V6OODqVobJ4ex1Cw
         RS4dyyB0lbeb/bFYHWzhPaSPZ8CMOdoZz+osDuSeK7iBn3eFo0CWcKuIdexNMPX6rtZq
         DTQlaCU0W3DBG9cAz4hoMbKSurjuASDfWtAHe8HK1afMuQ1n2GoqFAB/exU2/c5Bzt9C
         uq9w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc:content-transfer-encoding;
        bh=9EHgQ35aySRkSWoSC1c8YoXvxP+pSzRq6wKj/4IiByU=;
        b=FwxbDcjrt8RsqtmWWbbzeu1V5FRMZMQhxzfNDgLeX7jE/NKMkDUqAveGb+PcWeF/4K
         Gz8JK4W8ZyGT0UbzMdJ/gKViV+JL22JlDk/BPbCXzMedh0e+wMg+FAJyV+M8LBhFZoy3
         X5iFnq3z7F0boXzhlPAJatCDKXke/SEG3zxxrTVB3CQDWZOWW0oI1+d1xiBzKx6oI5yS
         LpTgD2caniPhCh/oc/VFhyZNN7bNbb9Vp7dXrTiQDR253dPcWnnoUiIwXEkksRMQC4xf
         Jw+FGoZxt8nzZ6KVis4iocndatyWxcIJBdKn2s8El4ZLqYRcCwxxXeLttpO33ZTTDBmN
         6tWg==
X-Gm-Message-State: AOAM533c3pvsboOMrkefHG6Ke/OuKWPFztvT0AZb9QG9eA07TXJP9Shr
        kwFi11q8Ts6QCWEYspST1QwMDM/szhQ/dhrvSK5UhQ==
X-Received: by 2002:a02:c84b:: with SMTP id r11mr16265122jao.66.1597698631501;
 Mon, 17 Aug 2020 14:10:31 -0700 (PDT)
MIME-Version: 1.0
References: <20200807224941.3440722-1-lokeshgidra@google.com>
 <20200807224941.3440722-2-lokeshgidra@google.com> <20200807230225.GW1236603@ZenIV.linux.org.uk>
In-Reply-To: <20200807230225.GW1236603@ZenIV.linux.org.uk>
From:   Lokesh Gidra <lokeshgidra@google.com>
Date:   Mon, 17 Aug 2020 14:10:20 -0700
Message-ID: <CA+EESO5kDbSCcpzxij6M0aWXqKDyFds+azksQFrXES6ACzTFtA@mail.gmail.com>
Subject: Re: [PATCH v6 1/3] Add a new LSM-supporting anonymous inode interface
To:     Al Viro <viro@zeniv.linux.org.uk>
Cc:     James Morris <jmorris@namei.org>,
        Stephen Smalley <stephen.smalley.work@gmail.com>,
        Casey Schaufler <casey@schaufler-ca.com>,
        Eric Biggers <ebiggers@kernel.org>,
        "Serge E. Hallyn" <serge@hallyn.com>,
        Paul Moore <paul@paul-moore.com>,
        Eric Paris <eparis@parisplace.org>,
        Daniel Colascione <dancol@dancol.org>,
        Kees Cook <keescook@chromium.org>,
        "Eric W. Biederman" <ebiederm@xmission.com>,
        KP Singh <kpsingh@google.com>,
        David Howells <dhowells@redhat.com>,
        Thomas Cedeno <thomascedeno@google.com>,
        Anders Roxell <anders.roxell@linaro.org>,
        Sami Tolvanen <samitolvanen@google.com>,
        Matthew Garrett <matthewgarrett@google.com>,
        Aaron Goidel <acgoide@tycho.nsa.gov>,
        Randy Dunlap <rdunlap@infradead.org>,
        "Joel Fernandes (Google)" <joel@joelfernandes.org>,
        YueHaibing <yuehaibing@huawei.com>,
        Christian Brauner <christian.brauner@ubuntu.com>,
        Alexei Starovoitov <ast@kernel.org>,
        Alexey Budankov <alexey.budankov@linux.intel.com>,
        Adrian Reber <areber@redhat.com>,
        Aleksa Sarai <cyphar@cyphar.com>,
        Linux FS Devel <linux-fsdevel@vger.kernel.org>,
        linux-kernel <linux-kernel@vger.kernel.org>,
        LSM List <linux-security-module@vger.kernel.org>,
        SElinux list <selinux@vger.kernel.org>,
        Kalesh Singh <kaleshsingh@google.com>,
        Calin Juravle <calin@google.com>,
        Suren Baghdasaryan <surenb@google.com>,
        Nick Kralevich <nnk@google.com>,
        Jeffrey Vander Stoep <jeffv@google.com>,
        kernel-team@android.com, Daniel Colascione <dancol@google.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri, Aug 7, 2020 at 4:02 PM Al Viro <viro@zeniv.linux.org.uk> wrote:
>
> On Fri, Aug 07, 2020 at 03:49:39PM -0700, Lokesh Gidra wrote:
>
> > The new functions accept an optional context_inode parameter that
> > callers can use to provide additional contextual information to
> > security modules, e.g., indicating that one anonymous struct file is a
> > logical child of another, allowing a security model to propagate
> > security information from one to the other.
>
> What the hell is "logical child" and what are the lifetime rules implied
> by that relationship?

context_inode provides the security context required by the security
modules for granting/denying permission to create an anon inode of the
same type.

In case of userfaultfd, the relationship between the context_inode and
the created inode is described as that of =E2=80=98logical child=E2=80=99 b=
ecause the
context_inode (userfaultfd inode of the parent process) provides the
security context required for creation of child process=E2=80=99 userfaultf=
d
inode. But there is no relationship beyond this point. Therefore, no
reference to context_inode is held anywhere.