From: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
To: Jann Horn <jannh@google.com>
Cc: "Kirill A. Shutemov" <kirill@shutemov.name>,
Roberto Sassu <roberto.sassu@huaweicloud.com>,
Paul Moore <paul@paul-moore.com>,
ebpqwerty472123@gmail.com, kirill.shutemov@linux.intel.com,
zohar@linux.ibm.com, dmitry.kasatkin@gmail.com,
eric.snowberg@oracle.com, jmorris@namei.org, serge@hallyn.com,
linux-integrity@vger.kernel.org,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org, bpf@vger.kernel.org,
Roberto Sassu <roberto.sassu@huawei.com>,
linux-mm@kvack.org, akpm@linux-foundation.org, vbabka@suse.cz,
linux-fsdevel@vger.kernel.org,
Liam Howlett <liam.howlett@oracle.com>
Subject: Re: [PATCH 1/3] ima: Remove inode lock
Date: Fri, 18 Oct 2024 15:48:19 +0100 [thread overview]
Message-ID: <5e288d07-5992-4ca4-8ec1-214d2fa6a326@lucifer.local> (raw)
In-Reply-To: <CAG48ez0m4O5M8m4bLJ++gTZzsAyKgud++cBMBqAm74OLUKBFpg@mail.gmail.com>
On Fri, Oct 18, 2024 at 04:36:16PM +0200, Jann Horn wrote:
> On Fri, Oct 18, 2024 at 1:00 PM Lorenzo Stoakes
> <lorenzo.stoakes@oracle.com> wrote:
> > On Fri, Oct 18, 2024 at 01:49:06PM +0300, Kirill A. Shutemov wrote:
> > > On Fri, Oct 18, 2024 at 11:24:06AM +0200, Roberto Sassu wrote:
> > > > Probably it is hard, @Kirill would there be any way to safely move
> > > > security_mmap_file() out of the mmap_lock lock?
> > >
> > > What about something like this (untested):
> > >
> > > diff --git a/mm/mmap.c b/mm/mmap.c
> > > index dd4b35a25aeb..03473e77d356 100644
> > > --- a/mm/mmap.c
> > > +++ b/mm/mmap.c
> > > @@ -1646,6 +1646,26 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size,
> > > if (pgoff + (size >> PAGE_SHIFT) < pgoff)
> > > return ret;
> > >
> > > + if (mmap_read_lock_killable(mm))
> > > + return -EINTR;
> > > +
> > > + vma = vma_lookup(mm, start);
> > > +
> > > + if (!vma || !(vma->vm_flags & VM_SHARED)) {
> > > + mmap_read_unlock(mm);
> > > + return -EINVAL;
> > > + }
> > > +
> > > + file = get_file(vma->vm_file);
> > > +
> > > + mmap_read_unlock(mm);
> > > +
> > > + ret = security_mmap_file(vma->vm_file, prot, flags);
> >
> > Accessing VMA fields without any kind of lock is... very much not advised.
> >
> > I'm guessing you meant to say:
> >
> > ret = security_mmap_file(file, prot, flags);
> >
> > Here? :)
> >
> > I see the original code did this, but obviously was under an mmap lock.
> >
> > I guess given you check that the file is the same below this.... should be
> > fine? Assuming nothing can come in and invalidate the security_mmap_file()
> > check in the mean time somehow?
> >
> > Jann any thoughts?
>
> The overall approach seems reasonable to me - it aligns this path with
> the other security_mmap_file() checks, which also don't happen under
> the lock.
Yeah equally I find this pattern fine as we check that the file is the same
after we reacquire the lock (a common pattern in mm), so if there's no
objections on security side I don't really see any issue myself - Roberto
if you want to go ahead and post the patch (separately perhaps?) we can
toss some tags your way :)
prev parent reply other threads:[~2024-10-18 14:48 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20241008165732.2603647-1-roberto.sassu@huaweicloud.com>
[not found] ` <CAHC9VhSyWNKqustrTjA1uUaZa_jA-KjtzpKdJ4ikSUKoi7iV0Q@mail.gmail.com>
[not found] ` <CAHC9VhQR2JbB7ni2yX_U8TWE0PcQQkm_pBCuG3nYN7qO15nNjg@mail.gmail.com>
[not found] ` <7358f12d852964d9209492e337d33b8880234b74.camel@huaweicloud.com>
[not found] ` <593282dbc9f48673c8f3b8e0f28e100f34141115.camel@huaweicloud.com>
[not found] ` <15bb94a306d3432de55c0a12f29e7ed2b5fa3ba1.camel@huaweicloud.com>
2024-10-16 9:59 ` Roberto Sassu
2024-10-18 9:24 ` Roberto Sassu
2024-10-18 10:49 ` Kirill A. Shutemov
2024-10-18 10:52 ` Kirill A. Shutemov
2024-10-18 10:55 ` Kirill A. Shutemov
2024-10-18 11:00 ` Lorenzo Stoakes
2024-10-18 11:05 ` Kirill A. Shutemov
2024-10-18 11:22 ` Roberto Sassu
2024-10-18 11:54 ` Kirill A. Shutemov
2024-10-18 11:56 ` Roberto Sassu
2024-10-18 13:29 ` Roberto Sassu
2024-10-18 14:36 ` Jann Horn
2024-10-18 14:48 ` Lorenzo Stoakes [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5e288d07-5992-4ca4-8ec1-214d2fa6a326@lucifer.local \
--to=lorenzo.stoakes@oracle.com \
--cc=akpm@linux-foundation.org \
--cc=bpf@vger.kernel.org \
--cc=dmitry.kasatkin@gmail.com \
--cc=ebpqwerty472123@gmail.com \
--cc=eric.snowberg@oracle.com \
--cc=jannh@google.com \
--cc=jmorris@namei.org \
--cc=kirill.shutemov@linux.intel.com \
--cc=kirill@shutemov.name \
--cc=liam.howlett@oracle.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=roberto.sassu@huawei.com \
--cc=roberto.sassu@huaweicloud.com \
--cc=serge@hallyn.com \
--cc=vbabka@suse.cz \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox