Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp2175235rwd;
        Fri, 9 Jun 2023 07:39:40 -0700 (PDT)
X-Google-Smtp-Source: ACHHUZ7G28o3oS7kZJm1WfzF6gHaWZe9NxingR2S4Qq/lrqb+3FHoBdDClkBHW+LNYzGbFKhBFqd
X-Received: by 2002:a17:903:487:b0:1b1:d39e:28bb with SMTP id jj7-20020a170903048700b001b1d39e28bbmr975510plb.34.1686321580398;
        Fri, 09 Jun 2023 07:39:40 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1686321580; cv=none;
        d=google.com; s=arc-20160816;
        b=PY/H6eZc1sbjvkqzB3PlnYmIH36oqUP+M3un69XDLir9l8EnepzWm5Fu17p6PbH24B
         xlcNfj2K5j3xMhYjeDGRq5isIfUQUrrs6+rlILFG0IdW88Ze9rnsrXNBu2GgEhm44t3P
         omND36+hWSu6h7F9RnBybqecMJqoeUWUpKknIn3zHnvmD6vkpdEzgtzKMUXoroPMXRuz
         rAXJHpyBx965qnABqZOckXC9zMVFDUS6utr+F2fCE56J3Wm+XTNoisgdc9k0vgSTRCHa
         aDk7/4fSEV6sv3SrACPtVOUqhO8umrFNz0k2m+5pUKmJv5NIk9q4QF1abotdho9HSIfw
         ErzQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:references:to:from:subject
         :message-id:date:content-transfer-encoding:mime-version
         :dkim-signature;
        bh=oXueZefNl/QMi1Biln+bsa0+CZ2RqiQEzYHHde61JEw=;
        b=GATnNpXp0Jy46tT1FweTNbm5NIRjMemgorsBoI4y6/54F4+xMAsX1rVyTd0dnMN+Fu
         y+cX0X9+Fae8NB2ac4OUsxHcp95MVAOmU819mJnkFOKXciPWQ+Do6VdZJ48hoNKOGjpj
         m03/WwSFuAzqL6VMMTEwlIkgJ8sncSu62VQyU8gnfXzuVyyS2PL89cnCY9xkdh7JQq+W
         ERDQJoB6sqS6ZrWupxXF4Wt20fw6BOT3DiuiLRJhtEAhYBQfunRnUNDaL+frmtEzqBQZ
         6rIJTk6BExJ9+LY3Opj3R7CFEg/3lTRBpNuvHy/tP9PBICUiFJPAgM3EqvfphdIgdh3q
         o0yw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=W8kTc9kA;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id y17-20020a170903011100b001b2468a8435si2790924plc.220.2023.06.09.07.39.25;
        Fri, 09 Jun 2023 07:39:40 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=W8kTc9kA;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S241299AbjFIOZM (ORCPT <rfc822;abrown110010@gmail.com>
        + 99 others); Fri, 9 Jun 2023 10:25:12 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49150 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S241383AbjFIOY7 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 9 Jun 2023 10:24:59 -0400
Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3FDA030F2;
        Fri,  9 Jun 2023 07:24:58 -0700 (PDT)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by dfw.source.kernel.org (Postfix) with ESMTPS id 1DA83612DC;
        Fri,  9 Jun 2023 14:24:58 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3EFC0C433EF;
        Fri,  9 Jun 2023 14:24:54 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=k20201202; t=1686320697;
        bh=lPZaYXwJNgQ8vlT2x3myxwgaKUg25CcT5sq/Ukhrut0=;
        h=Date:Subject:From:To:References:In-Reply-To:From;
        b=W8kTc9kAK3vwyM14HxhZNCGyCsgjneC7ZodooyfoMlG7QL799/YlXtnUntj2P8V5+
         xbEXsW87sQ6wqEkEv0B8Dc0R35BsxwV0G25Hr3XSxtbJqI8SoF4lXD//yb9IT5gox8
         fhF7ltXerFotqpYWdtd5KJwdnsqracFfgKWBV5ayFKoPeTpgrX5kYGtrXXjq9D/SxT
         ycrghnTvCqOkt575AxkfxUiqHod9waGPwil9p3nJLPpRc7S0lYwv+SE7sOkvblIBHW
         5aoTUbJHjz8pXitDcJjYjUVtf/qZHi/LgqHXCAYwhTOOq70KzaXOOv1s86EumoHGqj
         W3IrXHGIYfxtg==
Mime-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset=UTF-8
Date:   Fri, 09 Jun 2023 17:24:52 +0300
Message-Id: <CT86SNGF201H.2UZF8SN2MEKZ6@suppilovahvero>
Subject: Re: [PATCH v2] integrity: Fix possible multiple allocation in
 integrity_inode_get()
From:   "Jarkko Sakkinen" <jarkko@kernel.org>
To:     "Tianjia Zhang" <tianjia.zhang@linux.alibaba.com>,
        "Mimi Zohar" <zohar@linux.ibm.com>,
        "Dmitry Kasatkin" <dmitry.kasatkin@gmail.com>,
        "Paul Moore" <paul@paul-moore.com>,
        "James Morris" <jmorris@namei.org>,
        "Serge E. Hallyn" <serge@hallyn.com>,
        <linux-integrity@vger.kernel.org>,
        <linux-security-module@vger.kernel.org>,
        <linux-kernel@vger.kernel.org>
X-Mailer: aerc 0.14.0
References: <20230530121453.10249-1-tianjia.zhang@linux.alibaba.com>
 <20230601064244.33633-1-tianjia.zhang@linux.alibaba.com>
In-Reply-To: <20230601064244.33633-1-tianjia.zhang@linux.alibaba.com>
X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,
        SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu Jun 1, 2023 at 9:42 AM EEST, Tianjia Zhang wrote:
> When integrity_inode_get() is querying and inserting the cache, there
> is a conditional race in the concurrent environment.
>
> The race condition is the result of not properly implementing
> "double-checked locking". In this case, it first checks to see if the
> iint cache record exists before taking the lock, but doesn't check
> again after taking the integrity_iint_lock.
>
> Fixes: bf2276d10ce5 ("ima: allocating iint improvements")
> Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
> Cc: Dmitry Kasatkin <dmitry.kasatkin@gmail.com>
> Cc: <stable@vger.kernel.org> # v3.10+

s/v3.10/v4.14/

I.e. cover only currently maintained longterms, right?


> ---
>  security/integrity/iint.c | 15 +++++++++------
>  1 file changed, 9 insertions(+), 6 deletions(-)
>
> diff --git a/security/integrity/iint.c b/security/integrity/iint.c
> index c73858e8c6d5..a462df827de2 100644
> --- a/security/integrity/iint.c
> +++ b/security/integrity/iint.c
> @@ -43,12 +43,10 @@ static struct integrity_iint_cache *__integrity_iint_=
find(struct inode *inode)
>  		else if (inode > iint->inode)
>  			n =3D n->rb_right;
>  		else
> -			break;
> +			return iint;
>  	}
> -	if (!n)
> -		return NULL;
> =20
> -	return iint;
> +	return NULL;
>  }
> =20
>  /*
> @@ -113,10 +111,15 @@ struct integrity_iint_cache *integrity_inode_get(st=
ruct inode *inode)
>  		parent =3D *p;
>  		test_iint =3D rb_entry(parent, struct integrity_iint_cache,
>  				     rb_node);
> -		if (inode < test_iint->inode)
> +		if (inode < test_iint->inode) {
>  			p =3D &(*p)->rb_left;
> -		else
> +		} else if (inode > test_iint->inode) {
>  			p =3D &(*p)->rb_right;
> +		} else {
> +			write_unlock(&integrity_iint_lock);
> +			kmem_cache_free(iint_cache, iint);
> +			return test_iint;
> +		}
>  	}
> =20
>  	iint->inode =3D inode;
> --=20
> 2.24.3 (Apple Git-128)

Mimi, are you picking this?

Off-topic: how do you compile kernel on macOS, you're using VM right?
I'm just interested because I recently bought Mac mini for both
compiling and testing arm64. Optimal would be to be able to compile
the kernel on bare metal and then deploy to a VM...


BR, Jarkko