Received: by 2002:a05:6358:bb9e:b0:b9:5105:a5b4 with SMTP id df30csp2954805rwb; Mon, 5 Sep 2022 04:21:56 -0700 (PDT) X-Google-Smtp-Source: AA6agR5IfEljie54i9ND+oPc9epnDhc1zKwdxzivgfiXonvZWXfpUF0tF6QPgKYThXzLZ/RqCoyI X-Received: by 2002:a17:907:1623:b0:741:9f8f:be50 with SMTP id hb35-20020a170907162300b007419f8fbe50mr23871716ejc.254.1662376916361; Mon, 05 Sep 2022 04:21:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1662376916; cv=none; d=google.com; s=arc-20160816; b=a73K5/TjUOtlbLbOnTcn0w8ZUQDE76UpfVDeMfTwP1oEu+3ifi9PM+fMFMGd2pLMGj k5bT0NCXUAm5cMZSkIKXM6TzHdPFcBcBsw8TweL7CSltwiw6Ubse9yPKWpUzqGn4MoAD ZcOZLeRzG4zREda8P0z6u1+71ec31+aWWJaYYXBPs6wfjV0XXBqQs9+slyLVE/7BbOtF BvDQslpeGpKxFNDqilLvxsnS5VmwKps+DaNP8wR5XzAolZA5KgzJhGFYjK4KSN3kFGo+ jH1E9Or6uTBkoEXZzgEC+B2f+4FZG6JITPJy35JvTsVEHRNpql0dm6YqTEgkoZGRl5GD wBXQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=MSP7nxlZMdVy1XY332EieoPjlkoDCB95TOL/13xEK/o=; b=bubrfRxMSMjpOiKOYt7T1MuPyNSHcI6KhXlEKp7sSy8h4bbB7rb+ZOJAX3qsf/2y6D Ayfw80TSwVggotvkUF73SVWN0QlwKS4KCRuNIAl9h6/y8NVzXzWCXVjQYx13x5Dg68Hz BsKpBMR3jPdBc7O9YXRe+MYPtT/oaisoRL7OfgxwHyLot7kwWs5eFZDsOZ0GrGp3uYxx Qqs4osmXv268tZwkiLqgllVkDaXias5sjJ8IhFLv88nLSMDGGcgVUVUHUIPVgxXBF2jG relEBQz9yRDftpkMB/6KEDJxQi/0TZH4ukGTdUgDX0hbHkg6OJP2Xs6sgY1XysARskKk YITg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=U2mxWtGL; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id z11-20020a05640235cb00b0043999754363si6476127edc.516.2022.09.05.04.21.21; Mon, 05 Sep 2022 04:21:56 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=U2mxWtGL; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237921AbiIEKRi (ORCPT + 99 others); Mon, 5 Sep 2022 06:17:38 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49296 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237908AbiIEKQ6 (ORCPT ); Mon, 5 Sep 2022 06:16:58 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 70AC254CB6 for ; Mon, 5 Sep 2022 03:16:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1662372914; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=MSP7nxlZMdVy1XY332EieoPjlkoDCB95TOL/13xEK/o=; b=U2mxWtGLmEAq4ZB7tK3hWeieARI10GPfGBUBPb9FqCZ3upEgKKQXbfnUh4fOv73a3Kms30 Y8UnA0ClIV6eFneClsNFLuLSSdd28M2VESkbU7BetaTE8McP0RGOJjutrwdz2mlI5Mm0yd ONi64Wrwdmtj5qWkqSsIshrBzUPuBzQ= Received: from mail-pl1-f199.google.com (mail-pl1-f199.google.com [209.85.214.199]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_128_GCM_SHA256) id us-mta-216-ePGWrB7bO6qXvEwp77I6vg-1; Mon, 05 Sep 2022 06:15:13 -0400 X-MC-Unique: ePGWrB7bO6qXvEwp77I6vg-1 Received: by mail-pl1-f199.google.com with SMTP id m5-20020a170902f64500b0016d313f3ce7so5921306plg.23 for ; Mon, 05 Sep 2022 03:15:13 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date; bh=MSP7nxlZMdVy1XY332EieoPjlkoDCB95TOL/13xEK/o=; b=uc5AlUsNQK/cvpXJIobzvkluc9pMNHZCDufLZdy4ZIwvkC1cO4OleU6yCj/ruRe06I O6Riww/f6pAC342at2thSDVsmlYYLY4qzbd3AhilAt/6JcaUs2eLeHagCH03QE45rJXj +812Hnylt2quPczlgvbWVW1/IH4zqpOUhgEfD4i/IO2CNHGccnKl8rVl11rZ4Wn/Ck5O bVEt/Du9hwUF7bsrJ1URzo1q3whx1AvRD9xC4g1xF6fDCd4OqAPDsDGOGc5ohHbcdjfr DePa98MFUhnYP8uLBcXX45h4dwhn5FUtT+U2yPzDaESuovY9Gp6ecN8kJbkDIuTJbehN sFhQ== X-Gm-Message-State: ACgBeo3Fuf63iDzjKG+wgc3G+Vq1dstiGKDdKNu38xg2B56OfUKhUxc/ 7W9MGT0YzSVygeHP3lHtDD58SnQHc5PWBS1Qvludgq6UyT0sF5jvEPSFiVPyR0BYzeDNSnhiBy2 9FRnkfZmcWupUc45mQonRq8Us7Jem3wYpAO07E6ow X-Received: by 2002:a63:1a53:0:b0:41f:5298:9b5f with SMTP id a19-20020a631a53000000b0041f52989b5fmr40538769pgm.244.1662372912672; Mon, 05 Sep 2022 03:15:12 -0700 (PDT) X-Received: by 2002:a63:1a53:0:b0:41f:5298:9b5f with SMTP id a19-20020a631a53000000b0041f52989b5fmr40538753pgm.244.1662372912450; Mon, 05 Sep 2022 03:15:12 -0700 (PDT) MIME-Version: 1.0 References: <20220901152632.970018-1-omosnace@redhat.com> <20220905090811.ocnnc53y2bow7m3i@wittgenstein> In-Reply-To: <20220905090811.ocnnc53y2bow7m3i@wittgenstein> From: Ondrej Mosnacek Date: Mon, 5 Sep 2022 12:15:01 +0200 Message-ID: Subject: Re: [PATCH 0/2] fs: fix capable() call in simple_xattr_list() To: Christian Brauner Cc: Alexander Viro , Linux FS Devel , Linux Security Module list , SElinux list , rcu@vger.kernel.org, Linux kernel mailing list , Martin Pitt , Vasily Averin Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Sep 5, 2022 at 11:08 AM Christian Brauner wrote: > On Thu, Sep 01, 2022 at 05:26:30PM +0200, Ondrej Mosnacek wrote: > > The goal of these patches is to avoid calling capable() unconditionally > > in simple_xattr_list(), which causes issues under SELinux (see > > explanation in the second patch). > > > > The first patch tries to make this change safer by converting > > simple_xattrs to use the RCU mechanism, so that capable() is not called > > while the xattrs->lock is held. I didn't find evidence that this is an > > issue in the current code, but it can't hurt to make that change > > either way (and it was quite straightforward). > > Hey Ondrey, > > There's another patchset I'd like to see first which switches from a > linked list to an rbtree to get rid of performance issues in this code > that can be used to dos tmpfs in containers: > > https://lore.kernel.org/lkml/d73bd478-e373-f759-2acb-2777f6bba06f@openvz.org > > I don't think Vasily has time to continue with this so I'll just pick it > up hopefully this or the week after LPC. Hm... does rbtree support lockless traversal? Because if not, that would make it impossible to fix the issue without calling capable() inside the critical section (or doing something complicated), AFAICT. Would rhashtable be a workable alternative to rbtree for this use case? Skimming it seems to support both lockless lookup and traversal using RCU. And according to its manpage, *listxattr(2) doesn't guarantee that the returned names are sorted. -- Ondrej Mosnacek Senior Software Engineer, Linux Security - SELinux kernel Red Hat, Inc.