Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp343925rwb; Thu, 1 Dec 2022 03:00:47 -0800 (PST) X-Google-Smtp-Source: AA0mqf7Ogycr5lr/m8s/5ZtAGXjBJDiJ9nb8Im/ZzoDTlCXmR2FKTzwSc6sTW2Q0rIbwFo98jSZF X-Received: by 2002:a17:906:1e8a:b0:7b2:b992:694d with SMTP id e10-20020a1709061e8a00b007b2b992694dmr50113055ejj.651.1669892447584; Thu, 01 Dec 2022 03:00:47 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1669892447; cv=none; d=google.com; s=arc-20160816; b=odBza7TTp4CUWMPMDbgsy4cFO/EFWAMeznqHmlrCZl6FM2AR3KWKhVrT6oxEuzn6+P FaVzpMu8IjXX7la1xty7C7aLfFmgg3m58zHzVmESRXgzLg4UOmRwkttFlfdj++tZ1h70 8WjDLgPya/g2SwxUYDDezQWtchZI6tS2LqttzgbvPbBAQrvK/quyQise9KjkbKxRPxyz t+Fh6Y5XahbSdbhWA19oJUDDfb0D0C+w0jqpEU9teEtjRDDG4c67oCd/TFOOVz3noYQN BZEB43GM4dyGD6kgX5pN+9LtO9isPO0SqCr5jBFbmHHK12yt/KT5Cj0b/kLVwMfuKhtp abQA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=O/HIOA+hOA6oJAkKtupR1S4+0EY4TV5GiqE8WJXHrYU=; b=NB/K1vv9qA9wWGYKx3MTTFV1//299eKRwU3+yAQ/VMtLHEkC21HnzjBIwjgNBXiguB 1p6P2qeHqo0ZaE6xDbM56OVhi3B+Y5WaxembTSMRKZl2Rfl78E2hKO6TLKm5rlfw4gsE sSgumwuWSDx+Qjv79+YU6X4wX+xfJnamjEJnOrL4JLJvXZ/mY3hLZNBewCOHbX4HYOG4 9qW6pNY9X8TTRCPJnBWT31tDP6ZotJUN3U0nYUxbwDxt2iHNY+xy4n+YpmZSQ9GYT774 1s+v3/jrkfN4cou7A2/CpnkKX2vVBDEFt+l0X4cAXOQqWpf4wdcfcEkoITjiJqlgeWnQ Hshg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id hz5-20020a1709072ce500b0078db70cc9b8si3702080ejc.606.2022.12.01.03.00.26; Thu, 01 Dec 2022 03:00:47 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230525AbiLAKnO (ORCPT + 83 others); Thu, 1 Dec 2022 05:43:14 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51252 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230478AbiLAKmn (ORCPT ); Thu, 1 Dec 2022 05:42:43 -0500 Received: from frasgout13.his.huawei.com (frasgout13.his.huawei.com [14.137.139.46]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C5BF62ADC; Thu, 1 Dec 2022 02:42:34 -0800 (PST) Received: from mail02.huawei.com (unknown [172.18.147.229]) by frasgout13.his.huawei.com (SkyGuard) with ESMTP id 4NNCC93B8dz9v7Yy; Thu, 1 Dec 2022 18:35:33 +0800 (CST) Received: from huaweicloud.com (unknown [10.204.63.22]) by APP1 (Coremail) with SMTP id LxC2BwCHcm_phIhjrxuvAA--.49496S3; Thu, 01 Dec 2022 11:42:06 +0100 (CET) From: Roberto Sassu To: mark@fasheh.com, jlbec@evilplan.org, joseph.qi@linux.alibaba.com, zohar@linux.ibm.com, dmitry.kasatkin@gmail.com, paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com, stephen.smalley.work@gmail.com, eparis@parisplace.org, casey@schaufler-ca.com Cc: ocfs2-devel@oss.oracle.com, reiserfs-devel@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, linux-kernel@vger.kernel.org, keescook@chromium.org, nicolas.bouchinet@clip-os.org, Roberto Sassu Subject: [PATCH v7 1/6] reiserfs: Switch to security_inode_init_security() Date: Thu, 1 Dec 2022 11:41:20 +0100 Message-Id: <20221201104125.919483-2-roberto.sassu@huaweicloud.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20221201104125.919483-1-roberto.sassu@huaweicloud.com> References: <20221201104125.919483-1-roberto.sassu@huaweicloud.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-CM-TRANSID: LxC2BwCHcm_phIhjrxuvAA--.49496S3 X-Coremail-Antispam: 1UD129KBjvJXoWxZF13CFWkJw1ktF48uryfWFg_yoW5Jw4rpF 43K3W7Krs8JF1Igr1Sya13W3WfKrWfKw47JrsxKryDAanrJr1rtry0yw13u34rGrZ7Jr1I qw4Ivw43Cws8JwUanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUUBYb4IE77IF4wAFF20E14v26rWj6s0DM7CY07I20VC2zVCF04k2 6cxKx2IYs7xG6rWj6s0DM7CIcVAFz4kK6r1j6r18M28IrcIa0xkI8VA2jI8067AKxVWUGw A2048vs2IY020Ec7CjxVAFwI0_Gr0_Xr1l8cAvFVAK0II2c7xJM28CjxkF64kEwVA0rcxS w2x7M28EF7xvwVC0I7IYx2IY67AKxVWUJVWUCwA2z4x0Y4vE2Ix0cI8IcVCY1x0267AKxV W8JVWxJwA2z4x0Y4vEx4A2jsIE14v26r4j6F4UM28EF7xvwVC2z280aVCY1x0267AKxVW8 Jr0_Cr1UM2AIxVAIcxkEcVAq07x20xvEncxIr21l5I8CrVACY4xI64kE6c02F40Ex7xfMc Ij6xIIjxv20xvE14v26r1j6r18McIj6I8E87Iv67AKxVWUJVW8JwAm72CE4IkC6x0Yz7v_ Jr0_Gr1lF7xvr2IYc2Ij64vIr41lFIxGxcIEc7CjxVA2Y2ka0xkIwI1l42xK82IYc2Ij64 vIr41l4I8I3I0E4IkC6x0Yz7v_Jr0_Gr1lx2IqxVAqx4xG67AKxVWUJVWUGwC20s026x8G jcxK67AKxVWUGVWUWwC2zVAF1VAY17CE14v26r4a6rW5MIIYrxkI7VAKI48JMIIF0xvE2I x0cI8IcVAFwI0_Jr0_JF4lIxAIcVC0I7IYx2IY6xkF7I0E14v26r4j6F4UMIIF0xvE42xK 8VAvwI8IcIk0rVWUJVWUCwCI42IY6I8E87Iv67AKxVWUJVW8JwCI42IY6I8E87Iv6xkF7I 0E14v26r4UJVWxJrUvcSsGvfC2KfnxnUUI43ZEXa7IU8-TmDUUUUU== X-CM-SenderInfo: purev21wro2thvvxqx5xdzvxpfor3voofrz/1tbiAQANBF1jj4YhwwAAsd X-CFilter-Loop: Reflected X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Roberto Sassu In preparation for removing security_old_inode_init_security(), switch to security_inode_init_security(). Define the initxattrs callback reiserfs_initxattrs(), to populate the name/value/len triple in the reiserfs_security_handle() with the first xattr provided by LSMs. Make a copy of the xattr value, as security_inode_init_security() frees it. After the call to security_inode_init_security(), remove the check for returning -EOPNOTSUPP, as security_inode_init_security() changes it to zero. Multiple xattrs are currently not supported, as the reiserfs_security_handle structure is exported to user space. As a consequence, even if EVM is invoked, it will not provide an xattr (if it is not the first to set it, its xattr will be discarded; if it is the first, it does not have xattrs to calculate the HMAC on). Signed-off-by: Roberto Sassu Reviewed-by: Casey Schaufler --- fs/reiserfs/xattr_security.c | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/fs/reiserfs/xattr_security.c b/fs/reiserfs/xattr_security.c index 857a65b05726..0ba96757681d 100644 --- a/fs/reiserfs/xattr_security.c +++ b/fs/reiserfs/xattr_security.c @@ -39,6 +39,22 @@ static bool security_list(struct dentry *dentry) return !IS_PRIVATE(d_inode(dentry)); } +static int +reiserfs_initxattrs(struct inode *inode, const struct xattr *xattr_array, + void *fs_info) +{ + struct reiserfs_security_handle *sec = fs_info; + + sec->value = kmemdup(xattr_array->value, xattr_array->value_len, + GFP_KERNEL); + if (!sec->value) + return -ENOMEM; + + sec->name = xattr_array->name; + sec->length = xattr_array->value_len; + return 0; +} + /* Initializes the security context for a new inode and returns the number * of blocks needed for the transaction. If successful, reiserfs_security * must be released using reiserfs_security_free when the caller is done. */ @@ -56,12 +72,9 @@ int reiserfs_security_init(struct inode *dir, struct inode *inode, if (IS_PRIVATE(dir)) return 0; - error = security_old_inode_init_security(inode, dir, qstr, &sec->name, - &sec->value, &sec->length); + error = security_inode_init_security(inode, dir, qstr, + &reiserfs_initxattrs, sec); if (error) { - if (error == -EOPNOTSUPP) - error = 0; - sec->name = NULL; sec->value = NULL; sec->length = 0; -- 2.25.1