Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp5075764rwb; Mon, 21 Nov 2022 16:24:15 -0800 (PST) X-Google-Smtp-Source: AA0mqf4wN/NZthayLN2rQzI2VlD3aZlt2HscyiBNT0nQ/YeiUM8XPWgimNBVlh2x6+1QnIdsHUmm X-Received: by 2002:a17:902:b283:b0:179:fe08:48da with SMTP id u3-20020a170902b28300b00179fe0848damr5595669plr.154.1669076655474; Mon, 21 Nov 2022 16:24:15 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1669076655; cv=none; d=google.com; s=arc-20160816; b=MrDbh5EPag9d+Rye+ap0xtU68umXSp4kKClKR/zk+bd4mMpZwtLsmau+RC2dHOyQ8K aWChJiYkNiG99lvviq0kugxljAae4oolXVUiMy0jaG9t94Div4/NSjw+TrxNhW1xulf8 zV+81RidxH9WvSnlmmoeasDaCSot8P0M4sH932CBvssfdHSeEDxxTNOhpVSFufycU8ks FTQCsQk66u2TPRjXYygzepwmcLajg9NPUBo8lbmpEmvHbD9rPIgUa66nSwWOapP008lU CHbU53+XQFlYlgRovZsb4bmtAJf1zEPfe7srQ59haRUvRjie9ExywJaTiGHKKm6H0k9o bRyQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=sFqoA3xlAXzNwNaJLAB412Ok7P7Z69MnqdPRYsS/dcY=; b=BJhcCDOLp/cRYGdKEM9pUIizX377pyElPg0NLO0lZkVp9gNMb8BNvdgJlBIYWiUr3n 1icxiZIo9UEl7HRw3mYqiFI8l4tlVMZDt9JdRohGdEoeNluLpCt/SXC1ytF9dCm7xS2b oTWwHIjU/4SoC4Y1oCVPN2eTsn4bIkQiFqcYO/adSO/6X94Nce1xKp6xWL08VnGDgWow L9baCMopuKU91geriuEPFCgufTPrylPrzYaSU5JRxizT8VzA7v4rq71WEEX4Ghl/ocrZ cNjPkxXcxE9KCTZrzl/TtNrr6zvKWzEh4gAoegXxnY5FlIIHavv1SYFtJocKwZ2BKT5W Q/ww== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b=UGMGIxl4; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id x1-20020a170902b40100b001890b070acesi8070098plr.38.2022.11.21.16.24.03; Mon, 21 Nov 2022 16:24:15 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b=UGMGIxl4; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232004AbiKUX40 (ORCPT + 92 others); Mon, 21 Nov 2022 18:56:26 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59524 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232007AbiKUX4N (ORCPT ); Mon, 21 Nov 2022 18:56:13 -0500 Received: from mail-pf1-x42d.google.com (mail-pf1-x42d.google.com [IPv6:2607:f8b0:4864:20::42d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A1BD74B98A for ; Mon, 21 Nov 2022 15:56:11 -0800 (PST) Received: by mail-pf1-x42d.google.com with SMTP id b29so12763600pfp.13 for ; Mon, 21 Nov 2022 15:56:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20210112.gappssmtp.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=sFqoA3xlAXzNwNaJLAB412Ok7P7Z69MnqdPRYsS/dcY=; b=UGMGIxl4MlQMRNDDoJWW1JeWd1Saa+VY7wYO0h5+ALzBmXWpD2TS+rloS5mLWItbTu dmLO6NI0/V1oHyb1t8W3cmApDUm4Tye2vUImDyToVFtk3M6GOw5Inchh/UMvHT2e/+Mq TZ0Zu/FXa04YRFFPQkZkOCpTQLS0EdUOIT0pN4L3oxkVk6sF6dYFnXSdIODc7wwURPgb 9uoLDRbPa4Hxw+5ALlkY5tWI5ZiDCeNk3+/eGSw7eJ37LD7LmjdzmNfuwXTxMuQBy69L SQx4AJf0J8sU68MUvZMsMSHdQOZmK/LoNgQ2SeuUcyj1Hy7Nep6MNCRwXKjnXY74GtT0 A1eQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=sFqoA3xlAXzNwNaJLAB412Ok7P7Z69MnqdPRYsS/dcY=; b=GCAjgSs4YWEoRq5VZGIPfYtHMyWa5AcG58zeT9XTUmWNJLH0bB+8dZqviFvQ1y1SMH aStatMhe3SOgfg40Amqn6jN8Bl+aDbp993gS3PGhiGtnxwXCUHLDwAFHip763Repqe/k FTYmZ12jbVKIoiOKQjBuFz4rVjQNRy60ZHY1hDT1S1tL9WVW8jUzkXjtNClNwlKWR86M HpfFMrWCS/t71avhSQXDTSwCWxTrrXhT7SYtJeJqQvftgsoOtyyRGkWOTlSx2dgFk2mF m3kK6Xkl1S45t47aJ6JfJ4dzN2gaD6gaRcRV8HYWl1q/kvRu73Yo2lFBR0jkA0H936dN 4M1A== X-Gm-Message-State: ANoB5plQ4mTvXhK/7CsXTSsb+bdsOh1bXQbf/ggl9pGMpaW4VT4+xJwr uPiAqrB8gniNnuaLcBCLR9iMcvoPFIegx9GICqu9 X-Received: by 2002:a62:2941:0:b0:573:6a8d:dd15 with SMTP id p62-20020a622941000000b005736a8ddd15mr11936805pfp.2.1669074971136; Mon, 21 Nov 2022 15:56:11 -0800 (PST) MIME-Version: 1.0 References: <20221110094639.3086409-1-roberto.sassu@huaweicloud.com> <20221110094639.3086409-3-roberto.sassu@huaweicloud.com> <3dc4f389ead98972cb7d09ef285a0065decb0ad0.camel@linux.ibm.com> <7812899531b2bd936b25fde8fc2f1c2a6080b2bd.camel@linux.ibm.com> In-Reply-To: <7812899531b2bd936b25fde8fc2f1c2a6080b2bd.camel@linux.ibm.com> From: Paul Moore Date: Mon, 21 Nov 2022 18:55:59 -0500 Message-ID: Subject: Re: [PATCH v4 2/5] security: Rewrite security_old_inode_init_security() To: Mimi Zohar Cc: Roberto Sassu , dmitry.kasatkin@gmail.com, jmorris@namei.org, serge@hallyn.com, stephen.smalley.work@gmail.com, eparis@parisplace.org, casey@schaufler-ca.com, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, reiserfs-devel@vger.kernel.org, linux-kernel@vger.kernel.org, keescook@chromium.org, nicolas.bouchinet@clip-os.org, Roberto Sassu , ocfs2-devel@oss.oracle.com Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_NONE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Nov 21, 2022 at 3:54 PM Mimi Zohar wrote: > > On Mon, 2022-11-21 at 10:45 +0100, Roberto Sassu wrote: > > > As ocfs2 already defines initxattrs, that leaves only reiserfs missing > > > initxattrs(). A better, cleaner solution would be to define one. > > > > If I understood why security_old_inode_init_security() is called > > instead of security_inode_init_security(), the reason seems that the > > filesystem code uses the length of the obtained xattr to make some > > calculations (e.g. reserve space). The xattr is written at a later > > time. > > > > Since for reiserfs there is a plan to deprecate it, it probably > > wouldn't be worth to support the creation of multiple xattrs. I would > > define a callback to take the first xattr and make a copy, so that > > calling security_inode_init_security() + reiserfs_initxattrs() is > > equivalent to calling security_old_inode_init_security(). FWIW, reiserfs isn't going to be removed until 2025, I'm hopeful we can remove the IMA/EVM special cases before then :) > > But then, this is what anyway I was doing with the > > security_initxattrs() callback, for all callers of security_old_inode_i > > nit_security(). > > > > Also, security_old_inode_init_security() is exported to kernel modules. > > Maybe, it is used somewhere. So, unless we plan to remove it > > completely, it should be probably be fixed to avoid multiple LSMs > > successfully setting an xattr, and losing the memory of all except the > > last (which this patch fixes by calling security_inode_init_security()). I would much rather remove security_old_inode_init_security() then worry about what out-of-tree modules might be using it. Hopefully we can resolve the ocfs2 usage and get ocfs2 exclusively on the new hook without too much trouble, which means all we have left is reiserfs ... how difficult would you expect the conversion to be for reiserfs? > > If there is still the preference, I will implement the reiserfs > > callback and make a fix for security_old_inode_init_security(). > > There's no sense in doing both, as the purpose of defining a reiserfs > initxattrs function was to clean up this code making it more readable. > > Mimi -- paul-moore.com