On Mon, 2023-06-05 08:38:29 +0000, Roberto Sassu wrote: > > On Sat, 2023-06-03 at 21:15 +0200, Roberto Sassu wrote: > > From: Roberto Sassu <roberto.sassu@xxxxxxxxxx> > > > > With the newly added ability of LSMs to supply multiple xattrs, set > > SMACK64TRASMUTE in smack_inode_init_security(), instead of d_instantiate(). > > Do it by incrementing SMACK_INODE_INIT_XATTRS to 2 and by calling > > lsm_get_xattr_slot() a second time, if the transmuting conditions are met. > > > > The LSM infrastructure passes all xattrs provided by LSMs to the > > filesystems through the initxattrs() callback, so that filesystems can > > store xattrs in the disk. > > > > After the change, the SMK_INODE_TRANSMUTE inode flag is always set by > > d_instantiate() after fetching SMACK64TRANSMUTE from the disk. Before it > > was done by smack_inode_post_setxattr() as result of the __vfs_setxattr() > > call. > > > > Removing __vfs_setxattr() also prevents invalidating the EVM HMAC, by > > adding a new xattr without checking and updating the existing HMAC. > > Hi Mengchi > > could you please redo your tests with this patch set applied? > > https://lore.kernel.org/linux-integrity/20230603191518.1397490-1-roberto.sassu@xxxxxxxxxxxxxxx/ > > You need: > > https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm.git/log/?h=next > > https://github.com/cschaufler/smack-next/commits/next > > Thanks > > Roberto Sorry for the later reply. It turned out lsm.git repo needs your previous two overlay fs fixes before applying these four patches. With v12 I did not see the issue I reported anymore. Best, Mengchi > > > Signed-off-by: Roberto Sassu <roberto.sassu@xxxxxxxxxx> > > --- > > security/smack/smack.h | 2 +- > > security/smack/smack_lsm.c | 43 +++++++++++++++++++++++--------------- > > 2 files changed, 27 insertions(+), 18 deletions(-) > > > > diff --git a/security/smack/smack.h b/security/smack/smack.h > > index aa15ff56ed6..041688e5a77 100644 > > --- a/security/smack/smack.h > > +++ b/security/smack/smack.h > > @@ -128,7 +128,7 @@ struct task_smack { > > > > #define SMK_INODE_INSTANT 0x01 /* inode is instantiated */ > > #define SMK_INODE_TRANSMUTE 0x02 /* directory is transmuting */ > > -#define SMK_INODE_CHANGED 0x04 /* smack was transmuted */ > > +#define SMK_INODE_CHANGED 0x04 /* smack was transmuted (unused) */ > > #define SMK_INODE_IMPURE 0x08 /* involved in an impure transaction */ > > > > /* > > diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c > > index a1c30275692..b67d901ee74 100644 > > --- a/security/smack/smack_lsm.c > > +++ b/security/smack/smack_lsm.c > > @@ -52,7 +52,14 @@ > > #define SMK_RECEIVING 1 > > #define SMK_SENDING 2 > > > > -#define SMACK_INODE_INIT_XATTRS 1 > > +/* > > + * Smack uses multiple xattrs. > > + * SMACK64 - for access control, > > + * SMACK64TRANSMUTE - label initialization, > > + * Not saved on files - SMACK64IPIN and SMACK64IPOUT, > > + * Must be set explicitly - SMACK64EXEC and SMACK64MMAP > > + */ > > +#define SMACK_INODE_INIT_XATTRS 2 > > > > #ifdef SMACK_IPV6_PORT_LABELING > > static DEFINE_MUTEX(smack_ipv6_lock); > > @@ -935,7 +942,6 @@ static int smack_inode_init_security(struct inode *inode, struct inode *dir, > > struct xattr *xattrs, int *xattr_count) > > { > > struct task_smack *tsp = smack_cred(current_cred()); > > - struct inode_smack *issp = smack_inode(inode); > > struct smack_known *skp = smk_of_task(tsp); > > struct smack_known *isp = smk_of_inode(inode); > > struct smack_known *dsp = smk_of_inode(dir); > > @@ -963,6 +969,8 @@ static int smack_inode_init_security(struct inode *inode, struct inode *dir, > > if ((tsp->smk_task == tsp->smk_transmuted) || > > (may > 0 && ((may & MAY_TRANSMUTE) != 0) && > > smk_inode_transmutable(dir))) { > > + struct xattr *xattr_transmute; > > + > > /* > > * The caller of smack_dentry_create_files_as() > > * should have overridden the current cred, so the > > @@ -971,7 +979,16 @@ static int smack_inode_init_security(struct inode *inode, struct inode *dir, > > */ > > if (tsp->smk_task != tsp->smk_transmuted) > > isp = dsp; > > - issp->smk_flags |= SMK_INODE_CHANGED; > > + xattr_transmute = lsm_get_xattr_slot(xattrs, xattr_count); > > + if (xattr_transmute) { > > + xattr_transmute->value = kmemdup(TRANS_TRUE, > > + TRANS_TRUE_SIZE, GFP_NOFS); > > + if (xattr_transmute->value == NULL) > > + return -ENOMEM; > > + > > + xattr_transmute->value_len = TRANS_TRUE_SIZE; > > + xattr_transmute->name = XATTR_SMACK_TRANSMUTE; > > + } > > } > > > > xattr->value = kstrdup(isp->smk_known, GFP_NOFS); > > @@ -3518,20 +3535,12 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) > > * If there is a transmute attribute on the > > * directory mark the inode. > > */ > > - if (isp->smk_flags & SMK_INODE_CHANGED) { > > - isp->smk_flags &= ~SMK_INODE_CHANGED; > > - rc = __vfs_setxattr(&nop_mnt_idmap, dp, inode, > > - XATTR_NAME_SMACKTRANSMUTE, > > - TRANS_TRUE, TRANS_TRUE_SIZE, > > - 0); > > - } else { > > - rc = __vfs_getxattr(dp, inode, > > - XATTR_NAME_SMACKTRANSMUTE, trattr, > > - TRANS_TRUE_SIZE); > > - if (rc >= 0 && strncmp(trattr, TRANS_TRUE, > > - TRANS_TRUE_SIZE) != 0) > > - rc = -EINVAL; > > - } > > + rc = __vfs_getxattr(dp, inode, > > + XATTR_NAME_SMACKTRANSMUTE, trattr, > > + TRANS_TRUE_SIZE); > > + if (rc >= 0 && strncmp(trattr, TRANS_TRUE, > > + TRANS_TRUE_SIZE) != 0) > > + rc = -EINVAL; > > if (rc >= 0) > > transflag = SMK_INODE_TRANSMUTE; > > } > >
