Received: by 2002:ab2:6857:0:b0:1ef:ffd0:ce49 with SMTP id l23csp2374981lqp; Sun, 24 Mar 2024 16:31:32 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCVh4PUzl486r+4Ccy8sj4go2j1/DErqiGQOGbGPD69hOf4fZ5Tcv5tSZeMNk19SwE9dvi4bTEuOiWQqjuGu32/Sf4NW9jzneqCruWm4pg== X-Google-Smtp-Source: AGHT+IE8xfhS5k37yPEUdCAW9g74B/Ith14n4Tp7LCo7g1uJklccw1eA9C4ckwoLvBrGSUVwTKCs X-Received: by 2002:a05:6870:c69e:b0:221:9442:4d58 with SMTP id cv30-20020a056870c69e00b0022194424d58mr6286425oab.28.1711323092410; Sun, 24 Mar 2024 16:31:32 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1711323092; cv=pass; d=google.com; s=arc-20160816; b=kIwbn3HsWCy9Wb6egn+TE4TPJ24tkYXpLy8tXYriA6pLliohgPC3DEdvvAGs8Eg7ff PaRxFfnfGarU6aL7Qg3eaBiMnfr2TEqL7Nvk47GwyY0alvh+c5XFkouVL3oyFQnkdrGc 1ekIUwlWXzwvAgV/DkSOhrcL/qNfHUFIj6warMR3PjoKkdlu12DMTQMia+yAu3AkDG4J F6WY/T5L70Ow/FCqa1gUarkyyIK6im9taq3omfP58nY146mR4NkH4sqaRZxLPsRBsWAm TK4adVZnJYx3yRDLd2BPCmB88KJmEV8ONjWg2GiipSltal3aMlUljCaTvbApRMBLFHPb Gr0w== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:in-reply-to:content-disposition:mime-version :list-unsubscribe:list-subscribe:list-id:precedence:references :message-id:subject:cc:to:from:date:dkim-signature; bh=Rklqzi2NdFnhKdqckzxSh7Jo7lIkng9/OlDypgBPKVE=; fh=KYJBh4NlMcOkEDV+rukuNEOmH0UgU/PTe00F1zZxVEk=; b=Q6FYccTcZJNLjYfuKaPMmMcPPtWHwcwIA9PcOBa48V7tJ0JK0xFjS/dyVJ1fSgD6G+ X5FMjOh1fAfUtFeKgWG5zvQz6linuBH2cp0YVH7dWLBWD73lARbsqPbwyjndMy5KOCqN 84lOwuY8KqH2FLqmZ/pPgX6egszHLLMogHcgp10aUvxM1nGFICKNvPKAHofVd6DHG3q4 DLD1f7YrAWJIJzGLLb+d1YRewxrjPBKkSgyQYjdIKDbLR1tvPascdyYfAzoAYO+2lC0L CLLHCNpiPoqZy8TJnMy6fptf9I5JFUqTXZ//QCp/evNVW7v0tZSSKcCIU0ejJc6S1DUS vShA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linux.org.uk header.s=zeniv-20220401 header.b="l/ezsWwo"; arc=pass (i=1 dkim=pass dkdomain=linux.org.uk dmarc=pass fromdomain=zeniv.linux.org.uk); spf=pass (google.com: domain of linux-kernel+bounces-112847-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-112847-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zeniv.linux.org.uk Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id u1-20020a632341000000b005dc7e74bd95si6568939pgm.564.2024.03.24.16.31.32 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 24 Mar 2024 16:31:32 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-112847-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.org.uk header.s=zeniv-20220401 header.b="l/ezsWwo"; arc=pass (i=1 dkim=pass dkdomain=linux.org.uk dmarc=pass fromdomain=zeniv.linux.org.uk); spf=pass (google.com: domain of linux-kernel+bounces-112847-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-112847-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zeniv.linux.org.uk Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 805DF281309 for ; Sun, 24 Mar 2024 21:02:35 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id AF2D31CA9C; Sun, 24 Mar 2024 21:02:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linux.org.uk header.i=@linux.org.uk header.b="l/ezsWwo" Received: from zeniv.linux.org.uk (zeniv.linux.org.uk [62.89.141.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CF4A418638; Sun, 24 Mar 2024 21:02:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.89.141.173 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711314142; cv=none; b=GJ7wvqxLL9NMGQ/M7B3V34lovPtRlf9nRmM7xvZ7MjJaxMG2rSxgHWrXh70oWeY/UyXGffDXW7A9w02ywKChXjHf6z5h1nPg58SoTx36OuvJvcE82uvdhqnuxbNm4NBmgv2j8/Z3olecbGd9UQRIVz0uc+ZL9rZcNJTkRRV7T6I= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711314142; c=relaxed/simple; bh=l9rxcWo8n7TOtxZSo3k1Q8wf0u6AKZ4L/iOYuCud2dg=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=H9CE25EHolmkrhGBAwOn+UJ1LCYMDQtJqLFW9Y3VXilf8zO54NO/IEUqhcSUWB9pyRyhpEDYZn82jp7Tq2zI0MN3+uJ+7r/xC0NbX8VoVrOg+vMtNo8bHbakG7Xnw5finbrIdWNF5UwZnXSPO0b2zdONjCbGzlRMxKs43KXPVKI= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zeniv.linux.org.uk; spf=none smtp.mailfrom=ftp.linux.org.uk; dkim=pass (2048-bit key) header.d=linux.org.uk header.i=@linux.org.uk header.b=l/ezsWwo; arc=none smtp.client-ip=62.89.141.173 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zeniv.linux.org.uk Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=ftp.linux.org.uk DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=linux.org.uk; s=zeniv-20220401; h=Sender:In-Reply-To:Content-Type: MIME-Version:References:Message-ID:Subject:Cc:To:From:Date:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=Rklqzi2NdFnhKdqckzxSh7Jo7lIkng9/OlDypgBPKVE=; b=l/ezsWwohAeL9ilP1kNIXmcFtD 8ltIjPTDoszoZwRCbSasucKExma1aRzfrFDVjMLZ98C5r5+AuFMx7u30ko1nE5mxdWkgClu09pCaX /+0be2xkFy609vUxRjbfGX0+F3VaXjsTefeXpgUes2Vmr8FW0hwME+VZlyJa3PivGR08aYlRrVwOV JRFeCpeMjKqWAKK8pnJrafg7lcHQ5PcUDewYy9l/rFuCH+BJCO47xaTuYwqU7l9yY2kNi+XhyriGz sesdWau1zj51qkYlNwqjqBsisqT+rUk2zznp2tssEh6DTOmJqky8sS77V37kf+9Y2nmCEOg51xbYC W6Q50xOQ==; Received: from viro by zeniv.linux.org.uk with local (Exim 4.96 #2 (Red Hat Linux)) id 1roUyp-00G2KE-21; Sun, 24 Mar 2024 21:02:11 +0000 Date: Sun, 24 Mar 2024 21:02:11 +0000 From: Al Viro To: Roberto Sassu Cc: Steve French , LKML , linux-fsdevel , CIFS , Paulo Alcantara , Christian Brauner , Mimi Zohar , Paul Moore , "linux-integrity@vger.kernel.org" , "linux-security-module@vger.kernel.org" Subject: Re: kernel crash in mknod Message-ID: <20240324210211.GV538574@ZenIV> References: <20240324054636.GT538574@ZenIV> <3441a4a1140944f5b418b70f557bca72@huawei.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3441a4a1140944f5b418b70f557bca72@huawei.com> Sender: Al Viro On Sun, Mar 24, 2024 at 04:50:24PM +0000, Roberto Sassu wrote: > Also, please update the description of security_path_post_mknod() to say > that it is not going to be called for non-regular files. If anything, it's rather security_past_create_without_open(), and I really wonder where does the equivalent of those actions happen if you do close(open("foo", O_CREAT|O_RDWR, 0777)) instead of mknod("foo", 0777, 0). I mean, you can substitute the former for the latter, so anything that must be done by the hook in mknod(2) would better be covered at some point in hooks within open(2)... Some explanation of the relationship between those would be nice.