From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1EF7BC83030 for ; Tue, 8 Jul 2025 02:45:39 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 975176B03B0; Mon, 7 Jul 2025 22:45:38 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 926076B03B1; Mon, 7 Jul 2025 22:45:38 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 83C486B03B2; Mon, 7 Jul 2025 22:45:38 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 754066B03B0 for ; Mon, 7 Jul 2025 22:45:38 -0400 (EDT) Received: from smtpin14.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id EF647B6B47 for ; Tue, 8 Jul 2025 02:45:37 +0000 (UTC) X-FDA: 83639556714.14.EA943CD Received: from mail-yw1-f178.google.com (mail-yw1-f178.google.com [209.85.128.178]) by imf18.hostedemail.com (Postfix) with ESMTP id AC40C1C0005 for ; Tue, 8 Jul 2025 02:45:35 +0000 (UTC) Authentication-Results: imf18.hostedemail.com; dkim=pass header.d=paul-moore.com header.s=google header.b=DKxIbjxN; spf=pass (imf18.hostedemail.com: domain of paul@paul-moore.com designates 209.85.128.178 as permitted sender) smtp.mailfrom=paul@paul-moore.com; dmarc=pass (policy=none) header.from=paul-moore.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1751942736; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=VQ/NiNUPsy7bq8yRlo+N7RrKNim2+iwf68n6XJkJTqU=; b=xWEglv+0C2CqlW5FwRh0ct0HfmgtQocsb8FGkVt3ZpjBdE8yZRU+nODGfCMLOK8yA8xsjP bomqLgtvo8tpn5mQk5Pz4sThuRTlraOUSeD0paNkof+xXNGTwEOf1GkV/ShuHT4qCyYM31 6nInc0WS5KOFJJKXSmhDYTPXcEAb3SQ= ARC-Authentication-Results: i=1; imf18.hostedemail.com; dkim=pass header.d=paul-moore.com header.s=google header.b=DKxIbjxN; spf=pass (imf18.hostedemail.com: domain of paul@paul-moore.com designates 209.85.128.178 as permitted sender) smtp.mailfrom=paul@paul-moore.com; dmarc=pass (policy=none) header.from=paul-moore.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1751942736; a=rsa-sha256; cv=none; b=lmgGb1wGUM0nrSlXDxKpz06HXVZS5kuH+9kvA0/1QOeJK2OT7jmECN96WHA24XEnB5/pKz SeG5jMcBDVAukcJSagU0qMj9Ya7aROk7Jqu9m4zMAJhq/mJEXqfGLTpHCxU54lc77pCG+z yHaBCYPHKWp9w5ixhavoS7kh4zTXjs8= Received: by mail-yw1-f178.google.com with SMTP id 00721157ae682-713fba639f3so32686707b3.1 for ; Mon, 07 Jul 2025 19:45:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore.com; s=google; t=1751942734; x=1752547534; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=VQ/NiNUPsy7bq8yRlo+N7RrKNim2+iwf68n6XJkJTqU=; b=DKxIbjxNqgLsHQ65SO1TNPZa474yM82AeNy8mABkjRKAluwjH+1Do92JIjUhSEfcFC iOThUBit4/oYxFEAnYNf2mv8GJUlU0zrEPhW1V1IeYj401ITe+IzyoMhKj4msavWohny N14NTvKn2OmNAOExOh2rBa7Q8VOUcA8aVh6q2vQ704JeB7xOZekMyS/eRAici258IC7Q 3mEiLhB9wN0VbCSb4Tv1vS+YfMmI93dYQJvdz+7eR3AW2rXzcXqQWawYB5wDM3zk/Nw2 eVBhXxXGCr1Q86wb4582ccYExFUq8XZ6EhUa5pvLHevUqLmI6OT5n8dTWb0XUylXnxS8 vyqA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1751942734; x=1752547534; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=VQ/NiNUPsy7bq8yRlo+N7RrKNim2+iwf68n6XJkJTqU=; b=X76jB0yILsJ6lpX3w7VAzAF45DJ3r+j36X7A5tlAQI+AVaLQwlkwDv+99/iDV/QrR3 sNDrm7T1TcOGOoh8WdF5UxyBJkMZP2t4zCKt1kpaxI3xu+aF0pSFh2Y63caExX2HgN1T yed/wueyHoFy/1FO4AuSce403sAdPIbuy0cad1b5iIfqdAnb9vTmwOaqqJlVlBH9sEFA bs58WGBEfIBzGk6z2ykN8ATLkDj0mkE9PcMZaHpmxsn6/gy741BmBnfg1441PsMgaT6C p4C/kXW/M1Jy/BXnkE+VKhEYhnvC6qRwGhdeR4YIlsicGTNd1kWXiBm+8tZdIfhBBV6P U1qw== X-Forwarded-Encrypted: i=1; AJvYcCUpj0uwq8ewGoCoSqiLXWiqRXqp7X62NDoHWhgHVjnMQoVKqk4yxuheOeJ+6rp0xoiKcAZb9CLcXA==@kvack.org X-Gm-Message-State: AOJu0YyXNvYlm/r+XS6MtaUY4UHLgakvwdkmdnBlRzr/VUze3WL3TOHr 8+VpdboLdqzq9+BpGIxJ8ft3JmNU0PslWs0fc4YdNbiE+cvVWjdqbcIdY3bmKODZ8QDPQQLd1H+ 1dyrnWe2pOR7Ckf1vYz71HMDsTcQRTWx0j4EbToP5 X-Gm-Gg: ASbGnctJYEMaLaBtzBFuuwPvHV/KRvnQkvao6zIfvYypLM0PatqqNeN25YbDIdnCLPr X7ouIkY0J09XHOgZreXJsUPNgrdCPaU0B45j/yoPJHOZRmJefb06q7Fo7Zr8ff1VoVeTGZ8V4gi jyiunYPRF16wUyxq25GPByq1XQl+N+/xu8LmEn+0MQNjo= X-Google-Smtp-Source: AGHT+IHWCYgBwFfnvQ04g7x7wixvMXAER4hy7VugO4JmRhjOft/6uFE58Yw19AkqzbY/9MfAI0j4ZrhQW/BRI9ZtxG0= X-Received: by 2002:a05:690c:700d:b0:715:952:e8d1 with SMTP id 00721157ae682-717a0414aeemr15148317b3.20.1751942734451; Mon, 07 Jul 2025 19:45:34 -0700 (PDT) MIME-Version: 1.0 References: <20250626191425.9645-5-shivankg@amd.com> <67c40ef1-8d90-44c5-b071-b130a960ecc4@amd.com> <48916a70-2a89-4d24-8e36-d15ccc112519@ieee.org> In-Reply-To: <48916a70-2a89-4d24-8e36-d15ccc112519@ieee.org> From: Paul Moore Date: Mon, 7 Jul 2025 22:45:23 -0400 X-Gm-Features: Ac12FXx48DIUvMS0yWAzdQUJMMUn3Ep5a8fVtcwuwTJZh9ePscSPqgGP30FbUrk Message-ID: Subject: Re: [PATCH v3] fs: generalize anon_inode_make_secure_inode() and fix secretmem LSM bypass To: Chris PeBenito Cc: Shivank Garg , david@redhat.com, akpm@linux-foundation.org, brauner@kernel.org, rppt@kernel.org, viro@zeniv.linux.org.uk, seanjc@google.com, vbabka@suse.cz, willy@infradead.org, pbonzini@redhat.com, tabba@google.com, afranji@google.com, ackerleytng@google.com, jack@suse.cz, hch@infradead.org, cgzones@googlemail.com, ira.weiny@intel.com, roypat@amazon.co.uk, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, selinux-refpolicy@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspam-User: X-Rspamd-Queue-Id: AC40C1C0005 X-Rspamd-Server: rspam09 X-Stat-Signature: uhpszakodcdbwk4hgcwadrbg5dicd5da X-HE-Tag: 1751942735-57159 X-HE-Meta: U2FsdGVkX1+4W/wdHKV1H00sQkiLWwhIkXXvCDEYlc30GWD0Pt4OK534zecyo/lgv/UuSOsj0FrePW6mUGM6L3yPopcLw+HdUxnTYoS3oiKtNbk6KZePWGFV7V0zvee9yBzXHQ0VKwE9NFzvWALRwc4KNqL/K2jm1afQn5+fk56wONME4t5DdlMKMAQVUI78iTANlkZyWHOjTVMU6UuYsbmjtQorntYPqcC3oD1eoLgCAU0F2AQScTt/AFo2Lz0ZkJWe38qqWamo8hZ3u72jOM3MfvVKafCVFRcHjDHlNp77Lp16M++7/TkuK0Af8VDHiMt6xZBLjqV+FCRC2V4oBfvpJ1Ft+DtfsS32KYL45vU6SwYXDFujyQ+GDRb1eurHyD50AHARl6nGK6kko2XsxmGtRoBHD8Y6F2cVMpjweAgPakgXpDG9n3yE9zI7eosZIjHnnR3vjNLPfy6LmKrRu91gDnnzfLsM1whfVs+TzcHi0Jgh9dER9bC+TmQhoePQEcXWoZgY7GUajNrbPyevQMO750n4pRueytlc5wv0Z+30TejXb8RlBcYz2/21fvLsTTeKSomar2iIxr6ZUdeyD7bk/LMoxTEm16qLFnpoantxHykF7PWnwVyZvADkyFu5XcW2yi/RuZF5T7Nybr1788M1T7zvpJ5Q55eo2Mj8cWZZKID9ui3xjAINMWyVgXh2l3RtmGeWhcYedy7Xrf1cP+UG0F4DzgMeC+dplauQBNfz3WDqdP/+DNIkPGvyyjhBW3qGmh6aBOeEGLKmImuZxIArhPVX5Hl7xCDX6AeQTWA8d5+85Gp93gZXeqv6VwfpsQaMBMh3NSFI46Jwqqe4mO+VE/VMmAHnqK9GFf4QEksKrLgv3mASvDN8hOTiufbN7H8cvqW309EcfPHrtXXGHjAhfAGgpzGNzzLOsY80mqpUKcj+/1i5nQiuvi44aYPcx2U49v4NUfdDy6OiKCd 7GCm7NmQ jUGRF59qlSDY9vw0H3TuzdvfxzHikwGOuuX90CELSuu2MHCDOLzpLvZvN8Yp03fNahFdCukeF3Q6Cgqa+aDHPtr7f4v84ThljaB+TzD6s3pPiEdJD5zEl1odic94IJ4hf5P10X5eCmdFE/WBl8uJ4koZGlLONcYVmGellX8VxGzZrJUFRyHaXNH9Qm29N+HpvI0HNYrhSFHt6RRzVro6yLbjJX7X7h5mrlcGhuVTrWKyUnfuyLzZpBEjC+sREgB9cnUXcJ9Ua8Bi70S2lrXuVJ1DVFm82+WXLWQe11tEyliS2AwhEEpZjOlFkWl0wzQs8GWW99oVNJKrQMRo= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Mon, Jul 7, 2025 at 4:38=E2=80=AFPM Chris PeBenito w= rote: > On 7/7/2025 4:01 PM, Paul Moore wrote: > > > > Strictly speaking this is a regression in the kernel, even if the new > > behavior is correct. I'm CC'ing the SELinux and Reference Policy > > lists so that the policy devs can take a look and see what impacts > > there might be to the various public SELinux policies. If this looks > > like it may be a significant issue, we'll need to work around this > > with a SELinux "policy capability" or some other compatibility > > solution. > > In refpolicy, there are 34 rules for anon_inode and they all have { > create read write map } -- none of them have the execute permission. Of > these, only 4 are explict and could potentially be broken. The > remaining get it due to being unconfined, thus can be immediately fixed, > since it's unconfined. > > IMO, this is very low impact. Thanks Chris, I think it's worth leaving the kernel code as-is and just patching the selinux-testsuite. I'll send out a patch for that tomorrow. --=20 paul-moore.com