Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp6396528rwb; Mon, 14 Nov 2022 20:05:17 -0800 (PST) X-Google-Smtp-Source: AA0mqf6t1kPL1EOdDfi1uJ3Bh9fY4FsZpH7nGSMV7Y1BOpAePJS0dFvBnqqy9MrGRhPVNafzW7nb X-Received: by 2002:a17:902:b706:b0:186:880c:167a with SMTP id d6-20020a170902b70600b00186880c167amr1015846pls.165.1668485116933; Mon, 14 Nov 2022 20:05:16 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668485116; cv=none; d=google.com; s=arc-20160816; b=Kn97dkVlFJDxWxxOHyRcGJYQV3VyttBDxKBUaR58AdInIXkmwHvK4tzB8rsCgxPIs9 Ihw+bjwS1c50F0v2q6wTcFH9C1t2Ed2L+yFCpsGgImHWdxP/HACnoiHzMOOT8O6+nwmM OJscPdDibq66BWfbP8C/dQFJuAb9o9Rr7bBxBa+E4cm09n1CL+Mr2QEQYwbfWUwNajJi x5tHYAUVEek9GS0Ohu68xRNShH0PYtZeR7Mmpln0lUJ1rwoXTiQIyB96pFoapnVOI0fD NWkidG7PCXQzq5uHUhSxjobZR6LwnNy56zMwYkz8UQWG2QZV5q1DB70qllhC6NBoUiFv qSvA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to :mime-version:user-agent:date:message-id:from:references:cc:to :subject; bh=JxlvmDAWrHCoo5AIriickOQV+0DLuLAg1EPJ+mI64l0=; b=ikRqswUmVEz8c4jpOVxRJyN2EXsg4i1+68jZ/bNFH4ofrR2jhJST93mLPwB94hpNx/ b/XKvH7hEhsS1DuMnk20DpXEJflMtbcy3gtbKgPgGNkP6tESCZZ2JVs95jmRe9wM2V+s 2dFxdbe//o5e70OXlOnTo4fAFePRV+iFHDUYB29A3W8Qdo1RplV8dyAOx8UyPpKzcE7g +g3ZEP2ziU6xNK1RirDDJSjA5VQFZr9F5eBRzmIgbjpQDTE5OX2pjny6vNgTaTebvTPI z8PUH2i6Fesm68lM7nNsYglZ/AZdcaMtEDwdvbg1KPxhVLdR98iYHw7hWucdGe98dYG3 2CwQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id y4-20020a170902864400b0017f791f52c3si10257805plt.88.2022.11.14.20.05.05; Mon, 14 Nov 2022 20:05:16 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237079AbiKODy6 (ORCPT + 88 others); Mon, 14 Nov 2022 22:54:58 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42538 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232040AbiKODy5 (ORCPT ); Mon, 14 Nov 2022 22:54:57 -0500 Received: from szxga01-in.huawei.com (szxga01-in.huawei.com [45.249.212.187]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3E52B17A9E; Mon, 14 Nov 2022 19:54:56 -0800 (PST) Received: from dggpemm500023.china.huawei.com (unknown [172.30.72.53]) by szxga01-in.huawei.com (SkyGuard) with ESMTP id 4NBC3s4gblzmVtp; Tue, 15 Nov 2022 11:54:33 +0800 (CST) Received: from dggpemm500001.china.huawei.com (7.185.36.107) by dggpemm500023.china.huawei.com (7.185.36.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Tue, 15 Nov 2022 11:54:54 +0800 Received: from [10.67.108.193] (10.67.108.193) by dggpemm500001.china.huawei.com (7.185.36.107) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Tue, 15 Nov 2022 11:54:53 +0800 Subject: Re: [PATCH] device_cgroup: Roll back to original exceptions after copy failure To: Paul Moore CC: , , , , , , , wangweiyang References: <20221025113101.41132-1-wangweiyang2@huawei.com> From: wangweiyang Message-ID: <7da459bc-ffb7-1b0b-dcac-5e967d836434@huawei.com> Date: Tue, 15 Nov 2022 11:54:53 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.6.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Originating-IP: [10.67.108.193] X-ClientProxiedBy: dggems701-chm.china.huawei.com (10.3.19.178) To dggpemm500001.china.huawei.com (7.185.36.107) X-CFilter-Loop: Reflected X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,NICE_REPLY_A, RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi, Paul Can this patch be applied or something to improve? Thanks on 2022/10/28 19:19, Paul Moore wrote: > On Tue, Oct 25, 2022 at 7:02 AM Wang Weiyang wrote: >> >> When add the 'a *:* rwm' entry to devcgroup A's whitelist, at first A's >> exceptions will be cleaned and A's behavior is changed to >> DEVCG_DEFAULT_ALLOW. Then parent's exceptions will be copyed to A's >> whitelist. If copy failure occurs, just return leaving A to grant >> permissions to all devices. And A may grant more permissions than >> parent. >> >> Backup A's whitelist and recover original exceptions after copy >> failure. >> >> Fixes: 4cef7299b478 ("device_cgroup: add proper checking when changing default behavior") >> Signed-off-by: Wang Weiyang >> --- >> security/device_cgroup.c | 33 +++++++++++++++++++++++++++++---- >> 1 file changed, 29 insertions(+), 4 deletions(-) > > On quick glance this looks reasonable to me, but I'm working with > limited time connected to a network so I can't say I've given this a > full and proper review; if a third party could spend some time to give > this an additional review before I merge it I would greatly appreciate > it. > >> diff --git a/security/device_cgroup.c b/security/device_cgroup.c >> index a9f8c63a96d1..bef2b9285fb3 100644 >> --- a/security/device_cgroup.c >> +++ b/security/device_cgroup.c >> @@ -82,6 +82,17 @@ static int dev_exceptions_copy(struct list_head *dest, struct list_head *orig) >> return -ENOMEM; >> } >> >> +static void dev_exceptions_move(struct list_head *dest, struct list_head *orig) >> +{ >> + struct dev_exception_item *ex, *tmp; >> + >> + lockdep_assert_held(&devcgroup_mutex); >> + >> + list_for_each_entry_safe(ex, tmp, orig, list) { >> + list_move_tail(&ex->list, dest); >> + } >> +} >> + >> /* >> * called under devcgroup_mutex >> */ >> @@ -604,11 +615,13 @@ static int devcgroup_update_access(struct dev_cgroup *devcgroup, >> int count, rc = 0; >> struct dev_exception_item ex; >> struct dev_cgroup *parent = css_to_devcgroup(devcgroup->css.parent); >> + struct dev_cgroup tmp_devcgrp; >> >> if (!capable(CAP_SYS_ADMIN)) >> return -EPERM; >> >> memset(&ex, 0, sizeof(ex)); >> + memset(&tmp_devcgrp, 0, sizeof(tmp_devcgrp)); >> b = buffer; >> >> switch (*b) { >> @@ -620,15 +633,27 @@ static int devcgroup_update_access(struct dev_cgroup *devcgroup, >> >> if (!may_allow_all(parent)) >> return -EPERM; >> - dev_exception_clean(devcgroup); >> - devcgroup->behavior = DEVCG_DEFAULT_ALLOW; >> - if (!parent) >> + if (!parent) { >> + devcgroup->behavior = DEVCG_DEFAULT_ALLOW; >> + dev_exception_clean(devcgroup); >> break; >> + } >> >> + INIT_LIST_HEAD(&tmp_devcgrp.exceptions); >> + rc = dev_exceptions_copy(&tmp_devcgrp.exceptions, >> + &devcgroup->exceptions); >> + if (rc) >> + return rc; >> + dev_exception_clean(devcgroup); >> rc = dev_exceptions_copy(&devcgroup->exceptions, >> &parent->exceptions); >> - if (rc) >> + if (rc) { >> + dev_exceptions_move(&devcgroup->exceptions, >> + &tmp_devcgrp.exceptions); >> return rc; >> + } >> + devcgroup->behavior = DEVCG_DEFAULT_ALLOW; >> + dev_exception_clean(&tmp_devcgrp); >> break; >> case DEVCG_DENY: >> if (css_has_online_children(&devcgroup->css)) >> -- >> 2.17.1 >> > >