From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id BB2EAC46CD2
	for <linux-mm@archiver.kernel.org>; Wed, 24 Jan 2024 19:02:40 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 0F8316B0072; Wed, 24 Jan 2024 14:02:40 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 0A8626B0081; Wed, 24 Jan 2024 14:02:40 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id E63B96B0082; Wed, 24 Jan 2024 14:02:39 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17])
	by kanga.kvack.org (Postfix) with ESMTP id D46ED6B0072
	for <linux-mm@kvack.org>; Wed, 24 Jan 2024 14:02:39 -0500 (EST)
Received: from smtpin20.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay09.hostedemail.com (Postfix) with ESMTP id 6973E80CC1
	for <linux-mm@kvack.org>; Wed, 24 Jan 2024 19:02:39 +0000 (UTC)
X-FDA: 81715126038.20.1908EEA
Received: from mail-pf1-f171.google.com (mail-pf1-f171.google.com [209.85.210.171])
	by imf09.hostedemail.com (Postfix) with ESMTP id 1F197140034
	for <linux-mm@kvack.org>; Wed, 24 Jan 2024 19:02:36 +0000 (UTC)
Authentication-Results: imf09.hostedemail.com;
	dkim=pass header.d=chromium.org header.s=google header.b=cKDEvzsl;
	dmarc=pass (policy=none) header.from=chromium.org;
	spf=pass (imf09.hostedemail.com: domain of keescook@chromium.org designates 209.85.210.171 as permitted sender) smtp.mailfrom=keescook@chromium.org
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1706122957; a=rsa-sha256;
	cv=none;
	b=tso62E8hiLWwzm4QI86ohhq97Q+wQRRBUPk19G3MMhxI6w+nisy3927dn6HIxpx5Van3eN
	UYMjINhPPWN5IvwPwK0Erbawd5CapS5gcknVxG3bpijU3jhym4EfBVp9zc9rVk2ZCtgP0k
	lJDUfQhXr8n1lj+LP2Ds3ZyMZsagVIs=
ARC-Authentication-Results: i=1;
	imf09.hostedemail.com;
	dkim=pass header.d=chromium.org header.s=google header.b=cKDEvzsl;
	dmarc=pass (policy=none) header.from=chromium.org;
	spf=pass (imf09.hostedemail.com: domain of keescook@chromium.org designates 209.85.210.171 as permitted sender) smtp.mailfrom=keescook@chromium.org
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1706122957;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=zQ4JyM8v1WEvN+KjSOc1OYxcBvKHWZsPYaE3NMgfXqI=;
	b=D/q68AbecmaAcvbkE9BHlJpRaRQ1J8onYp5xT3RtUwAawhf08+rrqxsUp1q8+zLJQJXi+t
	7nvrZvHSchvYNq1Te7H54vzfIypVFhefIv2BU3LAsTg6pejV2GzapgEFVFna6W37qEXenE
	A73IIGqS0Y214Iq9OQfXnD9ymTzft7o=
Received: by mail-pf1-f171.google.com with SMTP id d2e1a72fcca58-6dbb003be79so4998200b3a.0
        for <linux-mm@kvack.org>; Wed, 24 Jan 2024 11:02:36 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google; t=1706122956; x=1706727756; darn=kvack.org;
        h=in-reply-to:content-disposition:mime-version:references:message-id
         :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to;
        bh=zQ4JyM8v1WEvN+KjSOc1OYxcBvKHWZsPYaE3NMgfXqI=;
        b=cKDEvzsltYyTmZCgCgkiFh5gEDEuZRvMzKfisFOkvBJx484VOBvC7wBCGxidAQ8ohV
         2aUF1iOf5tr9O4feqztCy7QdKZyTFmQHWD+wWDoHCCYxRrU+ucK1BnsTWUv13SC+H5rN
         TIbZQ7XIw/5GjS32j4H0U/4PH9XkmdIbObwYA=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1706122956; x=1706727756;
        h=in-reply-to:content-disposition:mime-version:references:message-id
         :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date
         :message-id:reply-to;
        bh=zQ4JyM8v1WEvN+KjSOc1OYxcBvKHWZsPYaE3NMgfXqI=;
        b=Dcj/MYVbhAji/TTGATmPgAHNdyEWDaFAVMbomRHh72ggyxpty0hI3S9xXCq3TsS5hX
         gztLx+IQRVZevUJUwAJBpzfuuaYT/ud3s/es2GdUfynFlqMwQiUt7Cv7K5Qd4DRTgyl5
         mZEoZgy9piY1sqE1kymE9k2iWP5omgLamx96sSmZctfeeJYQTE+AnYbZvYTfQolB1bZb
         m3CO2x0QFiwdna05pv89oo72KzeulCevFSGSSSrjLJjsFfeAfxzvvcJLL4vL0N5neGld
         qpRF5T7TW1DeRvy7Ua8+7iJkkQBXP+j7u266loIripEvFbNv/Xfhjz9D4nATG7wFzSDY
         MQuQ==
X-Gm-Message-State: AOJu0YxnGpwV1FntoulRjLA03y9TGcKByX7Ykofuqv4Uzvmkr7q3IeNI
	IX3FK/tCIL9gy/oY4qC4xpEvT4CSVS32pw8dtXrlwEsWD2OElokeADMfrjPwsQ==
X-Google-Smtp-Source: AGHT+IFAS/F4RXOGks5GiDY+E8mYR9mPjx5xv7lBQNebt2fpfiOBryRrsDiTLmDYO/08ULmx8oSQ6A==
X-Received: by 2002:a05:6a00:390f:b0:6dd:8709:d133 with SMTP id fh15-20020a056a00390f00b006dd8709d133mr8609pfb.19.1706122955829;
        Wed, 24 Jan 2024 11:02:35 -0800 (PST)
Received: from www.outflux.net ([198.0.35.241])
        by smtp.gmail.com with ESMTPSA id h10-20020a65518a000000b0059d6f5196fasm10694461pgq.78.2024.01.24.11.02.35
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 24 Jan 2024 11:02:35 -0800 (PST)
Date: Wed, 24 Jan 2024 11:02:34 -0800
From: Kees Cook <keescook@chromium.org>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Kentaro Takeda <takedakn@nttdata.co.jp>,
	Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>,
	John Johansen <john.johansen@canonical.com>,
	Paul Moore <paul@paul-moore.com>,
	Kevin Locke <kevin@kevinlocke.name>,
	Josh Triplett <josh@joshtriplett.org>,
	Mateusz Guzik <mjguzik@gmail.com>,
	Al Viro <viro@zeniv.linux.org.uk>, linux-mm@kvack.org,
	linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
	linux-security-module@vger.kernel.org
Subject: Re: [6.8-rc1 Regression] Unable to exec apparmor_parser from
 virt-aa-helper
Message-ID: <202401241058.16E3140@keescook>
References: <ZbE4qn9_h14OqADK@kevinlocke.name>
 <202401240832.02940B1A@keescook>
 <CAHk-=wgJmDuYOQ+m_urRzrTTrQoobCJXnSYMovpwKckGgTyMxA@mail.gmail.com>
 <CAHk-=wijSFE6+vjv7vCrhFJw=y36RY6zApCA07uD1jMpmmFBfA@mail.gmail.com>
 <CAHk-=wiZj-C-ZjiJdhyCDGK07WXfeROj1ACaSy7OrxtpqQVe-g@mail.gmail.com>
 <202401240916.044E6A6A7A@keescook>
 <CAHk-=whq+Kn-_LTvu8naGqtN5iK0c48L1mroyoGYuq_DgFEC7g@mail.gmail.com>
 <CAHk-=whDAUMSPhDhMUeHNKGd-ZX8ixNeEz7FLfQasAGvi_knDg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAHk-=whDAUMSPhDhMUeHNKGd-ZX8ixNeEz7FLfQasAGvi_knDg@mail.gmail.com>
X-Rspam-User: 
X-Rspamd-Server: rspam06
X-Rspamd-Queue-Id: 1F197140034
X-Stat-Signature: 8r5ego47fqdtyqtjg83cd9opfz31sz9z
X-HE-Tag: 1706122956-541838
X-HE-Meta: U2FsdGVkX18ZEpxJMngATL02U2z76IZOuLhKqNEl/mnfS4Mvf0v99t21APbeklWpvtdXflDkHDHpKbYIwvGnrwLqzMT0YSUWioTGFMIBgeVKQL0oyYLuIZM7jGKx5jr29geS9DTTyENGNqjLGS9deP7oqA0I2Z9q3X74lUDZatFZcRnOp2Mq54IM7ZmzzowJfBUrqtRG9SxIvjPNAqz5rZvDEdWvKn++P/f1vRJ44JkPIQX/9KP8rKFuwGUPw2qlfdbzAfh92kYE5OcwXqhb+TCZ0y1qiRq84gxXb55BpzdQiKielpnxqHtb1ELcVbmZYjOwCCN/gssEKtVBiFrb8ovhar36NNdC5bHteJyWz0K0jvQvdE3D3xOC4W6GClj6mGcMMZt4u+8DW2cP511aGImBxTWV5ZWlmiqKoTE21mMNug6Zw51SJ7m009OyKWr+G/sBMKhRf35ydru1lOdLJUmu/d9cpN/2F68GB5aK39PA0yzvyh+S5rAOy9OmuDBrgWlDZoelwwORERVKJy2QGivvlQNK1KQiy9jKq8cVrHgg3OP/tZVu3vW+iwySk6aIJ6In4He6pU8T4i1+T7geGJ69lJX/svUThWwW2wLVhTiiAAi6DYFq5rpekFkMcR8I5+GHgaVJmjpJjsFEeJnRaOZsXERYHRuY/qBndTUJfSQe4bGeVlDhxXoaaJvwMYxWRKXdvbh+G5fk72NgL3UQClsnbFnYWceVvOeCETD5/4TgNE72sxZLGuz+AvKL20cx/Ysmdg9uUh7uweifUM1lFQ3HMwTYOqW8rrCm7hMBQZDBeHqR8fRal0C4VCPtj/PbMcQAiddiptWDOEWU9XtODjL0uWkK/qa9XSUg09nfuEoysD3P/QadErKeowqMRPhdx34+qsdM2dJZfHL9Cz4YRivOyzT2baO+Benj6Z9cutAxxE2SSCra3zvpUIP+yQ05jYKgxrgFgSlL5Vfe3yT
 owjgRIf9
 P/B/8f+2fXuTAkq/7yXRa+ZafFbWawShZ5de/2rKiZLgP54zXtfmRbJv+Bx8AqYLZjDAEpr4yY1S/RJqS4di3dwjA1iD91Y9zISTk9CtQX6hgCSMHG5/UDAx4VSamfw5mWfh7JBPfEOCZ0G8yKZUg2olEh3b74ysB0pgHFGgFkg1E0+xWNAcMa50McpDaPApvuaIZnOB/ROj6uBVwyWdzo6dCVcmo1H7djoruTGRKjRqpP610zhkVZ6lzhCYuRR/7mGwelehwWD0g/R/nDs03ftmbPHgihG/WUg01zUrgJNdKXomkXSeiOOeVnKFoiDIlskR6xRkPwd/6SqOxttm3jUjs6Ol4RQpfOA4tPsfFnwIruqPA+9mlsqA282qIFEkN/PcVKDThfXyA0PxIQ1noziEH2w+EjSPVHcqFqYRD0igFD8DwI+KJN1E7oSROg9edf1cFeyWhgrU1bEE=
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000043, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

On Wed, Jan 24, 2024 at 10:27:03AM -0800, Linus Torvalds wrote:
> On Wed, 24 Jan 2024 at 09:27, Linus Torvalds
> <torvalds@linux-foundation.org> wrote:
> >
> > IOW, I think the goal here should be "minimal fix" followed by "remove
> > that horrendous thing".
> 
> Ugh. The tomoyo use is even *more* disgusting, in how it uses it for
> "tomoyo_domain()" entirely independently of even the ->file_open()
> callback.

Yeah, I just sent a similar email.

> So for tomoyo, it's not about the file open, it's about
> tomoyo_cred_prepare() and friends.

Yeah, it looks like it should happily follow cred lifetime, but I
haven't fully convinced myself.

> So the patch I posted probably fixes apparmor, but only breaks tomoyo
> instead, because tomoyo really does seem to use it around the whole
> security_bprm_creds_for_exec() thing.
> 
> Now, tomoyo *also* uses it for the file_open() callback, just to confuse things.
> 
> IOW, I think the right thing to do is to split this in two:
> 
>  - leave the existing ->in_execve for the bprm_creds dance in
> boprm_execve(). Horrendous and disgusing.

Agreed.

>  - the ->file_open() thing is changed to check file->f_flags

Agreed. (And I've tested this for AppArmor now. I can confirm the
failure case -- it's only for profile transitions, which is why I didn't
see it originally in testing.

> IOW, I think the patch I posted earlier - and Kees' version of the
> same thing - is just broken. This attached patch might work.

Yup. Should I post a formal patch, or do you want to commit what you've
got (with the "file" -> "f" fix)?

-Kees

-- 
Kees Cook