Received: by 2002:ac0:de83:0:0:0:0:0 with SMTP id b3csp1099673imk; Sun, 3 Jul 2022 17:21:46 -0700 (PDT) X-Google-Smtp-Source: AGRyM1v9JUFWE3p9lcUhy3IsyiDAupXTXe3gE2ShcwLStYPt4zHb6glnC30ZqI6CC4iOH8QgS8Uv X-Received: by 2002:a17:90a:410a:b0:1ec:7fc8:6d15 with SMTP id u10-20020a17090a410a00b001ec7fc86d15mr31907537pjf.236.1656894106536; Sun, 03 Jul 2022 17:21:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1656894106; cv=none; d=google.com; s=arc-20160816; b=bAexjcIbPLzffeaI0heoTKmYS9wMaJ7y0nN/hM8Vx87LAidF5SMGJNTpltOzmKmRP7 Md8lpsG5uwfgdJCya2VNAJ7FTrwgxzVHjE8ta2DvqvYJfrt8cMAoVMfNAMj/jumHATgy 6sPK1PpA7+vehrFgxVv3WgbznSgZ/0km0Lu421enQTb9f/OW3tN3TjWkOjcyIBxIyzh8 8gGqd50vcy0aJFLMjeR+U2W6f0CeJd2Wm/92BJ1zjv+nRRDKg3sWam5YKZr1wQVe6iAe eC1UKBatJCjHOFxN8DEiBC/FTmwC4URAlMVunrWUcj8oGUlaLDJ3XNaD0k6dGn9dOjB6 1VMA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=pAgE+V0rSALvg9inKDX9+//WkKD5ATI4AmKS7cWLY8k=; b=LRATO/FufVjOtnoW4puxT0EkEDoR1LrYtHbj7ljeR7ibRV4fozuA2T11+Ux1QmTGsB nye/njQxlUy+XARPj7Lhll+g6IXJ47a50oF2/xlJprTO9TzRphvq1f/qZVEeCSoVn8kh y06A+Tn2f3IY9aAilnba48heQVFS66BNavhfxekeznRre82VuLO9Rn/yI68GFWezrpiG zB56CVcZxiPTEsw6cYmyjfXeKB2ujID5NaMivvqP9fMdlBcOBPY3QTL3LUpD240phpql b8AmuxqP3Qp+WC0VYl4Oqo4ScZzyHyLt6ugM3XmqLGBABRRkCnB2tVvPbQzdydtd8iSk cdMw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=E6GjjTxg; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id t6-20020a17090340c600b0016a29155e3asi38484515pld.353.2022.07.03.17.21.30; Sun, 03 Jul 2022 17:21:46 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=E6GjjTxg; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232793AbiGDACi (ORCPT + 99 others); Sun, 3 Jul 2022 20:02:38 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37592 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232068AbiGDACh (ORCPT ); Sun, 3 Jul 2022 20:02:37 -0400 Received: from mail-pg1-x535.google.com (mail-pg1-x535.google.com [IPv6:2607:f8b0:4864:20::535]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C8C5760F7 for ; Sun, 3 Jul 2022 17:02:36 -0700 (PDT) Received: by mail-pg1-x535.google.com with SMTP id q82so296862pgq.6 for ; Sun, 03 Jul 2022 17:02:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=pAgE+V0rSALvg9inKDX9+//WkKD5ATI4AmKS7cWLY8k=; b=E6GjjTxg94q/+ZvA3ip2j8YqwA4TDY2ZByIiK27XtCsaje4XbHPTMge/SEzbkklj+4 +mKXikQhiK8a5mmiSdjvzoPTcTPMt6vJ4VeCNRLeVDZNUVFZUWsSGv6R1Hwo0rfAJgDm mw35vT6huuXo3+vxuqMIMg9J22uTWQSdiOgxI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=pAgE+V0rSALvg9inKDX9+//WkKD5ATI4AmKS7cWLY8k=; b=XJEL0Ng03GRappnPOBCNdrah9YoXRP5VapXGPmJ+5ppolqsmJTsmEDW2pkPE5x4cLK pDoAtiNn+Tn0KvfrhX2dpSOA4kRTzmU/QgHVIfvAP1ul9zbjLbgUdAUzAe0RHBkbWrac kwNsMygM58UvvdsuvXJeNsaHTwv6yubv48j1FH4LfARuKHJrvZIToRmF8NhF2mbOW4+q LXTim+WIiQ8EyYW2Tnm8ONMKofpgYDI+KhP3ym+/iRdh12WDaWVZxnfYDq8SL8xudPWi mWZF8Tw4rCHewZOv5Nk2L1T4IZHCR/ULzRTo5L3T1tIOoj21u/IH74Ibw9W6SmJ3oObx QoNw== X-Gm-Message-State: AJIora8eYbCAWX9be8YZJl6MsKwCJyKD2fDGc+XrPJm4QaNntK/aFdAI 2pHI7Ct/YuyvRg+2Zm4tyetDQsKSC9NO6Q== X-Received: by 2002:a05:6a00:2356:b0:525:4e88:f792 with SMTP id j22-20020a056a00235600b005254e88f792mr33544382pfj.34.1656892956289; Sun, 03 Jul 2022 17:02:36 -0700 (PDT) Received: from dlunevwfh.roam.corp.google.com (n122-107-196-14.sbr2.nsw.optusnet.com.au. [122.107.196.14]) by smtp.gmail.com with ESMTPSA id 63-20020a621542000000b00525204224afsm20014171pfv.94.2022.07.03.17.02.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 03 Jul 2022 17:02:36 -0700 (PDT) From: Daniil Lunev To: Alasdair Kergon Cc: Brian Geffon , Daniil Lunev , Mike Snitzer , dm-devel@redhat.com, linux-kernel@vger.kernel.org Subject: [PATCH 1/1] dm: add message command to disallow device open Date: Mon, 4 Jul 2022 10:02:25 +1000 Message-Id: <20220704100221.1.I15b3f7a84ba5a97fde9276648e391b54957103ff@changeid> X-Mailer: git-send-email 2.31.0 In-Reply-To: <20220704000225.345536-1-dlunev@chromium.org> References: <20220704000225.345536-1-dlunev@chromium.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org A message can be passed to device mapper to prohibit open on a certain mapped device. This makes possible to disallow userspace access to raw swapped data if the system uses device mapper to encrypt it at rest. Signed-off-by: Daniil Lunev --- drivers/md/dm-core.h | 1 + drivers/md/dm-ioctl.c | 10 ++++++++++ drivers/md/dm.c | 12 ++++++++++++ drivers/md/dm.h | 10 ++++++++++ include/uapi/linux/dm-ioctl.h | 5 +++++ 5 files changed, 38 insertions(+) diff --git a/drivers/md/dm-core.h b/drivers/md/dm-core.h index 4277853c75351..37529b605b7c4 100644 --- a/drivers/md/dm-core.h +++ b/drivers/md/dm-core.h @@ -140,6 +140,7 @@ struct mapped_device { #define DMF_SUSPENDED_INTERNALLY 7 #define DMF_POST_SUSPENDING 8 #define DMF_EMULATE_ZONE_APPEND 9 +#define DMF_DISALLOW_OPEN 10 void disable_discard(struct mapped_device *md); void disable_write_zeroes(struct mapped_device *md); diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c index 87310fceb0d86..e35d560aa2ff3 100644 --- a/drivers/md/dm-ioctl.c +++ b/drivers/md/dm-ioctl.c @@ -815,6 +815,9 @@ static void __dev_status(struct mapped_device *md, struct dm_ioctl *param) if (dm_test_deferred_remove_flag(md)) param->flags |= DM_DEFERRED_REMOVE; + if (dm_test_disallow_open_flag(md)) + param->flags |= DM_DISALLOWED_OPEN; + param->dev = huge_encode_dev(disk_devt(disk)); /* @@ -1656,6 +1659,13 @@ static int message_for_md(struct mapped_device *md, unsigned argc, char **argv, } return dm_cancel_deferred_remove(md); } + if (!strcasecmp(argv[0], "@disallow_open")) { + if (argc != 1) { + DMERR("Invalid arguments for @disallow_open"); + return -EINVAL; + } + return dm_disallow_open(md); + } r = dm_stats_message(md, argc, argv, result, maxlen); if (r < 2) diff --git a/drivers/md/dm.c b/drivers/md/dm.c index 82957bd460e89..3e53d1bd40f0c 100644 --- a/drivers/md/dm.c +++ b/drivers/md/dm.c @@ -327,6 +327,7 @@ static int dm_blk_open(struct block_device *bdev, fmode_t mode) goto out; if (test_bit(DMF_FREEING, &md->flags) || + test_bit(DMF_DISALLOW_OPEN, &md->flags) || dm_deleting_md(md)) { md = NULL; goto out; @@ -403,6 +404,12 @@ int dm_cancel_deferred_remove(struct mapped_device *md) return r; } +int dm_disallow_open(struct mapped_device *md) +{ + set_bit(DMF_DISALLOW_OPEN, &md->flags); + return 0; +} + static void do_deferred_remove(struct work_struct *w) { dm_deferred_remove(); @@ -2883,6 +2890,11 @@ int dm_test_deferred_remove_flag(struct mapped_device *md) return test_bit(DMF_DEFERRED_REMOVE, &md->flags); } +int dm_test_disallow_open_flag(struct mapped_device *md) +{ + return test_bit(DMF_DISALLOW_OPEN, &md->flags); +} + int dm_suspended(struct dm_target *ti) { return dm_suspended_md(ti->table->md); diff --git a/drivers/md/dm.h b/drivers/md/dm.h index 9013dc1a7b002..da27f9dfe1413 100644 --- a/drivers/md/dm.h +++ b/drivers/md/dm.h @@ -163,6 +163,16 @@ int dm_test_deferred_remove_flag(struct mapped_device *md); */ void dm_deferred_remove(void); +/* + * Test if the device is openable. + */ +int dm_test_disallow_open_flag(struct mapped_device *md); + +/* + * Prevent new open request on the device. + */ +int dm_disallow_open(struct mapped_device *md); + /* * The device-mapper can be driven through one of two interfaces; * ioctl or filesystem, depending which patch you have applied. diff --git a/include/uapi/linux/dm-ioctl.h b/include/uapi/linux/dm-ioctl.h index 2e9550fef90fa..3b4d12d09c005 100644 --- a/include/uapi/linux/dm-ioctl.h +++ b/include/uapi/linux/dm-ioctl.h @@ -382,4 +382,9 @@ enum { */ #define DM_IMA_MEASUREMENT_FLAG (1 << 19) /* In */ +/* + * If set, the device can not be opened. + */ +#define DM_DISALLOWED_OPEN (1 << 20) /* Out */ + #endif /* _LINUX_DM_IOCTL_H */ -- 2.31.0