Received: by 2002:a05:7412:8d09:b0:fa:4c10:6cad with SMTP id bj9csp25208rdb; Mon, 15 Jan 2024 10:41:44 -0800 (PST) X-Google-Smtp-Source: AGHT+IGW5JxQz2/dFVW6a3fYXUcLQBeqqAsWooRotLY5BuXPB6l214eV1cQIgT7htbMxOT0cnr8p X-Received: by 2002:a17:907:707:b0:a2c:1132:6b51 with SMTP id xb7-20020a170907070700b00a2c11326b51mr3896553ejb.41.1705344104017; Mon, 15 Jan 2024 10:41:44 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1705344103; cv=none; d=google.com; s=arc-20160816; b=tmpKdzHIEmjE8s07VQ4UcpDwImJy9o1bo1BHd2b1vw65WDUrJYSLBc5/mcXTx6gMAo wK591uTsJsjW3iNRAhkA6cwoBRLL9CrvkMV5Kj4+aEiT1mhRj/OJF3Orwh1304LOvpA2 UfuZSbXoJX+w+VHVcGK1mxu5igJFV47fiiOqylwSwiMP8gNhVOu3/hkuauoZGwM/PSof U43KdN4AaP7edM7IegAaUG0HZL/4mm5MPchkmFdxTP0kXq1z8E5LFR/EK1i/P+fCpfjG BwlDOBf3y9236Bl4yfiFa6Qs4Ywzlycykt7eUOUw3F6WuQ/rQ8aIzX9OPQa3e92mum2m 33kQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from; bh=R36XCkpoeTwbOXiJ2eYkTtCD6cNBUZdVpCYwlJoHd74=; fh=apZIBi5vaQ8Hj5PiD1njiyZXz0lfm1rYPhBE8L44ot4=; b=gyPWaIo3gp68w++Btw/I7WTt5vpfHYz9QPemm4f21HDf4ngx0vYGBcBSIV7FJVMQfA UkRvqI5CdtShmr/PUf8H0LYz/n2mFMo29GHVbRwmyT6UoChMyiYXkmiJqvadHSfVECu0 FuavtPKDECgTDj27mds2F2O4hq+xmZ6QJ0oIisF0bFnoU5C8kB4oK4ep6V55pUJ4Xc4O Gvy2gb32rs4etvMUaEi0xNq/OXmi1UaMHXvb3VS1PB3PA22F5M0KRctQJwTkSxvtT7jA IK5FSUmqgck90sxGDz3KYro1POL1jq5lXA46vZFPv8zY2j53FHzelfUZqD8HH580paKQ WsQw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-nfs+bounces-1111-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-nfs+bounces-1111-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id j10-20020a1709062a0a00b00a28ee0680f0si4074738eje.1009.2024.01.15.10.41.43 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 15 Jan 2024 10:41:43 -0800 (PST) Received-SPF: pass (google.com: domain of linux-nfs+bounces-1111-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-nfs+bounces-1111-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-nfs+bounces-1111-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id BB71A1F2268B for ; Mon, 15 Jan 2024 18:41:43 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 2BDD118657; Mon, 15 Jan 2024 18:41:37 +0000 (UTC) X-Original-To: linux-nfs@vger.kernel.org Received: from frasgout12.his.huawei.com (frasgout12.his.huawei.com [14.137.139.154]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AC49518C01; Mon, 15 Jan 2024 18:41:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=huaweicloud.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=huaweicloud.com Received: from mail.maildlp.com (unknown [172.18.186.29]) by frasgout12.his.huawei.com (SkyGuard) with ESMTP id 4TDKm50Jv9z9xxn6; Tue, 16 Jan 2024 02:04:37 +0800 (CST) Received: from mail02.huawei.com (unknown [7.182.16.27]) by mail.maildlp.com (Postfix) with ESMTP id 1ECF71407FA; Tue, 16 Jan 2024 02:22:43 +0800 (CST) Received: from huaweicloud.com (unknown [10.204.63.22]) by APP2 (Coremail) with SMTP id GxC2BwDn0ia8d6VlgjybAA--.56873S5; Mon, 15 Jan 2024 19:22:42 +0100 (CET) From: Roberto Sassu To: viro@zeniv.linux.org.uk, brauner@kernel.org, chuck.lever@oracle.com, jlayton@kernel.org, neilb@suse.de, kolga@netapp.com, Dai.Ngo@oracle.com, tom@talpey.com, paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com, zohar@linux.ibm.com, dmitry.kasatkin@gmail.com, eric.snowberg@oracle.com, dhowells@redhat.com, jarkko@kernel.org, stephen.smalley.work@gmail.com, eparis@parisplace.org, casey@schaufler-ca.com, shuah@kernel.org, mic@digikod.net Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-nfs@vger.kernel.org, linux-security-module@vger.kernel.org, linux-integrity@vger.kernel.org, keyrings@vger.kernel.org, selinux@vger.kernel.org, linux-kselftest@vger.kernel.org, Roberto Sassu Subject: [PATCH v9 13/25] security: Introduce file_release hook Date: Mon, 15 Jan 2024 19:17:57 +0100 Message-Id: <20240115181809.885385-14-roberto.sassu@huaweicloud.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240115181809.885385-1-roberto.sassu@huaweicloud.com> References: <20240115181809.885385-1-roberto.sassu@huaweicloud.com> Precedence: bulk X-Mailing-List: linux-nfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-CM-TRANSID:GxC2BwDn0ia8d6VlgjybAA--.56873S5 X-Coremail-Antispam: 1UD129KBjvJXoWxuryDJryDZw1rGryDAFW8JFb_yoW5uF1DpF Z8t3WUGF45GFy2grn7Aa9rua4fK393Kr9rWrZ5W34rtFn7Jr95GFs8Cr1UuF1DJrWkJr1v q3W2grW3Gr1DArJanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUUB2b4IE77IF4wAFF20E14v26rWj6s0DM7CY07I20VC2zVCF04k2 6cxKx2IYs7xG6rWj6s0DM7CIcVAFz4kK6r1j6r18M28IrcIa0xkI8VA2jI8067AKxVWUWw A2048vs2IY020Ec7CjxVAFwI0_Xr0E3s1l8cAvFVAK0II2c7xJM28CjxkF64kEwVA0rcxS w2x7M28EF7xvwVC0I7IYx2IY67AKxVW8JVW5JwA2z4x0Y4vE2Ix0cI8IcVCY1x0267AKxV W8Jr0_Cr1UM28EF7xvwVC2z280aVAFwI0_Gr0_Cr1l84ACjcxK6I8E87Iv6xkF7I0E14v2 6F4UJVW0owAS0I0E0xvYzxvE52x082IY62kv0487Mc02F40EFcxC0VAKzVAqx4xG6I80ew Av7VC0I7IYx2IY67AKxVWUGVWUXwAv7VC2z280aVAFwI0_Gr0_Cr1lOx8S6xCaFVCjc4AY 6r1j6r4UM4x0Y48IcxkI7VAKI48JM4IIrI8v6xkF7I0E8cxan2IY04v7MxAIw28IcxkI7V AKI48JMxC20s026xCaFVCjc4AY6r1j6r4UMI8I3I0E5I8CrVAFwI0_Jr0_Jr4lx2IqxVCj r7xvwVAFwI0_JrI_JrWlx4CE17CEb7AF67AKxVW8ZVWrXwCIc40Y0x0EwIxGrwCI42IY6x IIjxv20xvE14v26r4j6ryUMIIF0xvE2Ix0cI8IcVCY1x0267AKxVW8Jr0_Cr1UMIIF0xvE 42xK8VAvwI8IcIk0rVWUJVWUCwCI42IY6I8E87Iv67AKxVW8JVWxJwCI42IY6I8E87Iv6x kF7I0E14v26F4UJVW0obIYCTnIWIevJa73UjIFyTuYvjxUFg4SUUUUU X-CM-SenderInfo: purev21wro2thvvxqx5xdzvxpfor3voofrz/1tbiAQADBF1jj5iR1AAAsq From: Roberto Sassu In preparation for moving IMA and EVM to the LSM infrastructure, introduce the file_release hook. IMA calculates at file close the new digest of the file content and writes it to security.ima, so that appraisal at next file access succeeds. An LSM could implement an exclusive access scheme for files, only allowing access to files that have no references. The new hook cannot return an error and cannot cause the operation to be reverted. Signed-off-by: Roberto Sassu --- fs/file_table.c | 1 + include/linux/lsm_hook_defs.h | 1 + include/linux/security.h | 4 ++++ security/security.c | 11 +++++++++++ 4 files changed, 17 insertions(+) diff --git a/fs/file_table.c b/fs/file_table.c index de4a2915bfd4..c72dc75f2bd3 100644 --- a/fs/file_table.c +++ b/fs/file_table.c @@ -385,6 +385,7 @@ static void __fput(struct file *file) eventpoll_release(file); locks_remove_file(file); + security_file_release(file); ima_file_free(file); if (unlikely(file->f_flags & FASYNC)) { if (file->f_op->fasync) diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h index c3fecc7dcb0b..229f84ce12ae 100644 --- a/include/linux/lsm_hook_defs.h +++ b/include/linux/lsm_hook_defs.h @@ -173,6 +173,7 @@ LSM_HOOK(int, 0, kernfs_init_security, struct kernfs_node *kn_dir, struct kernfs_node *kn) LSM_HOOK(int, 0, file_permission, struct file *file, int mask) LSM_HOOK(int, 0, file_alloc_security, struct file *file) +LSM_HOOK(void, LSM_RET_VOID, file_release, struct file *file) LSM_HOOK(void, LSM_RET_VOID, file_free_security, struct file *file) LSM_HOOK(int, 0, file_ioctl, struct file *file, unsigned int cmd, unsigned long arg) diff --git a/include/linux/security.h b/include/linux/security.h index 97f2212c13b6..2997348afcb7 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -395,6 +395,7 @@ int security_kernfs_init_security(struct kernfs_node *kn_dir, struct kernfs_node *kn); int security_file_permission(struct file *file, int mask); int security_file_alloc(struct file *file); +void security_file_release(struct file *file); void security_file_free(struct file *file); int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg); int security_file_ioctl_compat(struct file *file, unsigned int cmd, @@ -1008,6 +1009,9 @@ static inline int security_file_alloc(struct file *file) return 0; } +static inline void security_file_release(struct file *file) +{ } + static inline void security_file_free(struct file *file) { } diff --git a/security/security.c b/security/security.c index f3d92bffd02f..7d10724872f8 100644 --- a/security/security.c +++ b/security/security.c @@ -2724,6 +2724,17 @@ int security_file_alloc(struct file *file) return rc; } +/** + * security_file_release() - Perform actions before releasing the file ref + * @file: the file + * + * Perform actions before releasing the last reference to a file. + */ +void security_file_release(struct file *file) +{ + call_void_hook(file_release, file); +} + /** * security_file_free() - Free a file's LSM blob * @file: the file -- 2.34.1