From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id CB7D2C46CD2 for ; Wed, 24 Jan 2024 18:27:27 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 490AA6B007E; Wed, 24 Jan 2024 13:27:27 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 419C06B0081; Wed, 24 Jan 2024 13:27:27 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 2BA396B0082; Wed, 24 Jan 2024 13:27:27 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 173066B007E for ; Wed, 24 Jan 2024 13:27:27 -0500 (EST) Received: from smtpin18.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 96F2E40793 for ; Wed, 24 Jan 2024 18:27:26 +0000 (UTC) X-FDA: 81715037292.18.A31BF8C Received: from mail-lj1-f176.google.com (mail-lj1-f176.google.com [209.85.208.176]) by imf19.hostedemail.com (Postfix) with ESMTP id 90EC61A001F for ; Wed, 24 Jan 2024 18:27:24 +0000 (UTC) Authentication-Results: imf19.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=google header.b=bYf9OmLf; spf=pass (imf19.hostedemail.com: domain of torvalds@linuxfoundation.org designates 209.85.208.176 as permitted sender) smtp.mailfrom=torvalds@linuxfoundation.org; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1706120844; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=3wp26pORWumECbzJWinoQTFNJx6FsiqC4jXvkpoexag=; b=q6DHiy30RFWbR6rt7Ulro9ki5QNuZUbYeuic+GZA+gtaKXsimT4epgUwBSv3gLIWuqz3bc 8p/dN308BVO0pgzLrQ1VD3lmM+y9QgKnY1XEunEeXvbWI5S+pnfPBgSQqAMX5MWysvzM/0 fFKoL1XZ1sY5xwGavwmIdKpogvyPk3U= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1706120844; a=rsa-sha256; cv=none; b=57U4uXif2urIbOY57riCbgWjfYATH5iuOvkyhyOG9HLVx7hQtTwVHtAnyxPZ8I/UeMXWdK 5d/ozqzbjNr2akW+S8F4MG6N+HE4l4dWF8d7mskzF9bPLkioWTFhRISS4O7E+9Yd+3Frib 80kk89UIk/lvYZ+F4gfICA+fcPqtczI= ARC-Authentication-Results: i=1; imf19.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=google header.b=bYf9OmLf; spf=pass (imf19.hostedemail.com: domain of torvalds@linuxfoundation.org designates 209.85.208.176 as permitted sender) smtp.mailfrom=torvalds@linuxfoundation.org; dmarc=none Received: by mail-lj1-f176.google.com with SMTP id 38308e7fff4ca-2cf1586ddb0so21893051fa.1 for ; Wed, 24 Jan 2024 10:27:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; t=1706120842; x=1706725642; darn=kvack.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=3wp26pORWumECbzJWinoQTFNJx6FsiqC4jXvkpoexag=; b=bYf9OmLfsA0Nd2DE6uV3CHihWMoJ5QjqtlF0/MHZ/kD0RuISpBn6nyN7tbDnUnL7/Z jBMG5W1MKxj5iAXsqP7cW9PZEP7vqBbDzo3jZy/lbEg64oEXJl8+zDIuLxNHeM+YOL80 gjhXLWiDgQ8oWsqxrO7zlHCwWmtpsUmfaVoHk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706120842; x=1706725642; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=3wp26pORWumECbzJWinoQTFNJx6FsiqC4jXvkpoexag=; b=M8cT+02kdrCGwkKO74vACu9jvear61/UEf8Uzs/810zL2BKWf02CN/6V07D/8+H2Ag vJuFjkORDlb1yb/fHsMQkpp5tbGNEZpd0dc9yO3GsYOS/hOp6UY+7/HsD2NFvoI5kXD8 E+YQ+6bffOC2AlpPhMk2HU7uJUjDiLGghM/3MjRBvNMWrkarpqpnYSaJMutEvAhWNL8F YWau2+4qwqQI1KsJ2M303Izni82v1bDLlJL6FDS34xewhkoDmhR6h9OyLT5z9wzRi551 gJKLh6caE85kG5GfEwFMdlwJWb+N86zInOFLlsEQsIlK+7vs0R8E0nmoktAacmKR57Iu QquA== X-Gm-Message-State: AOJu0YyUdBGmdxlAYgaUnNBTYNluMQAOupTo+nze5k5lUx4n4x0pqRFc A3NTasum7CmcYUTf1JH4Gq8g4g/3nV01AGTrRQoovaEJNObc1KduZwZywFWK5R81S6Va+IBh+Q+ J4Ld28w== X-Google-Smtp-Source: AGHT+IED3g0nYJ2PR6Nqkdd0Tn+Qmqj2flaax2U8ZxS0Zvt7dIcJVMUdvJtObuciaBTUKrXndyqaDg== X-Received: by 2002:a05:651c:4cf:b0:2cd:f5d3:11db with SMTP id e15-20020a05651c04cf00b002cdf5d311dbmr1312833lji.82.1706120842441; Wed, 24 Jan 2024 10:27:22 -0800 (PST) Received: from mail-lj1-f181.google.com (mail-lj1-f181.google.com. [209.85.208.181]) by smtp.gmail.com with ESMTPSA id w3-20020a05651c118300b002cdb6a40096sm40762ljo.131.2024.01.24.10.27.21 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 24 Jan 2024 10:27:21 -0800 (PST) Received: by mail-lj1-f181.google.com with SMTP id 38308e7fff4ca-2cf2adac1ccso8764421fa.3 for ; Wed, 24 Jan 2024 10:27:21 -0800 (PST) X-Received: by 2002:a2e:8ed3:0:b0:2cf:2a3e:d1a4 with SMTP id e19-20020a2e8ed3000000b002cf2a3ed1a4mr557545ljl.3.1706120841173; Wed, 24 Jan 2024 10:27:21 -0800 (PST) MIME-Version: 1.0 References: <202401240832.02940B1A@keescook> <202401240916.044E6A6A7A@keescook> In-Reply-To: From: Linus Torvalds Date: Wed, 24 Jan 2024 10:27:03 -0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [6.8-rc1 Regression] Unable to exec apparmor_parser from virt-aa-helper To: Kees Cook , Kentaro Takeda , Tetsuo Handa , John Johansen , Paul Moore Cc: Kevin Locke , Josh Triplett , Mateusz Guzik , Al Viro , linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org Content-Type: multipart/mixed; boundary="000000000000af6da8060fb53687" X-Rspamd-Queue-Id: 90EC61A001F X-Rspam-User: X-Stat-Signature: 3djhtu5fwmdm7jfw99748nw6wedfozu3 X-Rspamd-Server: rspam03 X-HE-Tag: 1706120844-180722 X-HE-Meta: U2FsdGVkX19pPEaOrAIA5wWZhLWiXZffcxEXzZJ7C9G4myG00LSLKx77NHPUGVMTmCAlaZsIWRbGEMWeiLOEKx7JeqL7/MU6HGUC+IM3fT6EV0XQpMmzJ/3Y35YgUO1GlDW4WRv4oWecRSJLqWX8Oxx7O44ZQJ12DWybED/kbpEvMP3sKqagqKOHjtX7f5qVVw1oCi+eqaDyAk4arLKvvEsDyQfIk58ZfqvFEn+5ebiTTZAxoy/H5iNKQAoyrRy5o6c1VBHn9JdQqU1dBiP47IQ3RxWhOw8xqbRUvRdgqgQ92sn3M9yCrnXABzZtywwtAFSLdTKbB8li6kUdrhUtQMwvF9JqZZKKb14qGdBlIjNxcIcgm1zEBMJUXPZyQRNz9dbcexyvi1tpFKquv5YPMkQo4VBEoJpsrH6SCPhpkcNc18+hMndoAhbrxyh+oOGj8ORookaycTL1buM3lQpUASM+SQJVLEMqk7IpCfxSK35V48uiGgULV94hMUuM1x5VxSr4q0k4uPDa0/47ulh8FNzvBZ2+xpwzONZQDKnH6LL/XGwbHRExPiK8ldJmDDY8IycNaoW6X5k8yyf9B4TFFi3ScMXaWij+YO8UXFBLb0k18qPvFl3YNmPXkGE7dtHhxuXqGKyZj6LqNZogsYOigYBkaUAtcZjJvNLlOpQ6euKRoGuhqO020OQi5SYoq1BuGrylmXbB6rRLB2OkYftSRanFX6LxsmhSRv3Qecv3JnJqvTtxbmhebtAoHdQOBKVay8ecp75vE7fvnI/Y/wi6s+tc+oct2MxNqw0x8y57kLckDv/WLxPidOBUUbm/zAkou9mJ1hxeUwcGhNQSjTBlOtQmlYkRf3nsarKkkTtoINuAOi3ejPfLow6a/dsFIa3jm7UrV774ZcgO53UM6r/EV5yRzpeAptfSvm65tv0IPxoUT0LTtPijmvJWcEmGqjjVrFAUJeyT2yMQP8v1mQU 833q0yLJ 0SGvzPCFUI39cn604o8iCNZHNzoHnrUoBH0Ech1YKRUftiELIMdeZEjvU2lC3Hl4a8Ec2aR5rFDTzirKcI2gM4KryVfotXDBJlr5peUCy6bebUTC9fSHHW09irCaJGFOxJkQgkkDRR4ONoFNKa0bps+vLl0KxxJBiClOjFuTxfo8+Iru1MBI3zFJJd7ZWGVr4O6w9ObBuBQVqhzJkCAqhsMEeu6+9LxIWwoFK6apIEdyxiqWXHdCMZp7kBca9zDSUBN3EA8Q7H5gvW5i9YltQRpCJJpNXoIK4zq131y/IqYgxtozWWsediLqEBpaZYSNZwR1XDXsP1hCFIepA7W45gYRx6ttFoEjxwRel8r6lN0nbg3La/3w48vg7OtlJdk3cC7jnfb9x6Rgk/z4uF+OEfQJDYrHYjBtu3szWDCGea2Ew57JC8h8ycT0Qr7aYa2WJRhob3Tkdvbz1BzdRL6XOcaz+mNuru88eIuWJWRSJ4WM2cUVcRXkOwliTsKdWLbwdhJ/sCUvte8Qy4q5dMZKdMl6oZw+gynac2odtsLQ8CHIOaTE8wwrFeIM8nNyKEoXibkfrTqjA1sdep8uU4BAdFhw1cZ0Ue1liLoVOaSQ5caIXYQuB6CsAb0wuHtXRrw2i1VPXWaEDulEikzkn3lGVLvBivrj1fiTjjwSNFwgmZMjoxc85C5a101CT87eOq+9Q0KqQJ5KfEDHrfyTk80heLTEvqvBr7zOeENyCQlWSb7uC5wRojQSsM4FflDon63IJHGf5rQr7wWB/nbVCG5xZAwqC9v/Xk3ULRfMhfhAtozc7s/EP3eXGckoiDvDVla5H0zU22sbwBpO+fOQ= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: --000000000000af6da8060fb53687 Content-Type: text/plain; charset="UTF-8" On Wed, 24 Jan 2024 at 09:27, Linus Torvalds wrote: > > IOW, I think the goal here should be "minimal fix" followed by "remove > that horrendous thing". Ugh. The tomoyo use is even *more* disgusting, in how it uses it for "tomoyo_domain()" entirely independently of even the ->file_open() callback. So for tomoyo, it's not about the file open, it's about tomoyo_cred_prepare() and friends. So the patch I posted probably fixes apparmor, but only breaks tomoyo instead, because tomoyo really does seem to use it around the whole security_bprm_creds_for_exec() thing. Now, tomoyo *also* uses it for the file_open() callback, just to confuse things. IOW, I think the right thing to do is to split this in two: - leave the existing ->in_execve for the bprm_creds dance in boprm_execve(). Horrendous and disgusing. - the ->file_open() thing is changed to check file->f_flags (with a comment about how FMODE_EXEC is in f_flags, not f_mode like it should be). IOW, I think the patch I posted earlier - and Kees' version of the same thing - is just broken. This attached patch might work. And as noted, since it checks __FMODE_EXEC, it now allows the uselib() case too. I think that's ok. UNTESTED. But I think this is at least a movement in the right direction. The whole cred use of current->in_execve in tomoyo should *also* be fixed, but I didn't even try to follow what it actually wanted. Linus --000000000000af6da8060fb53687 Content-Type: text/x-patch; charset="US-ASCII"; name="patch.diff" Content-Disposition: attachment; filename="patch.diff" Content-Transfer-Encoding: base64 Content-ID: X-Attachment-Id: f_lrs46mby0 IHNlY3VyaXR5L2FwcGFybW9yL2xzbS5jICB8IDQgKysrLQogc2VjdXJpdHkvdG9tb3lvL3RvbW95 by5jIHwgNSArKystLQogMiBmaWxlcyBjaGFuZ2VkLCA2IGluc2VydGlvbnMoKyksIDMgZGVsZXRp b25zKC0pCgpkaWZmIC0tZ2l0IGEvc2VjdXJpdHkvYXBwYXJtb3IvbHNtLmMgYi9zZWN1cml0eS9h cHBhcm1vci9sc20uYwppbmRleCA3NzE3MzU0Y2UwOTUuLjk4ZTExNTBiZWU5ZCAxMDA2NDQKLS0t IGEvc2VjdXJpdHkvYXBwYXJtb3IvbHNtLmMKKysrIGIvc2VjdXJpdHkvYXBwYXJtb3IvbHNtLmMK QEAgLTQ2OSw4ICs0NjksMTAgQEAgc3RhdGljIGludCBhcHBhcm1vcl9maWxlX29wZW4oc3RydWN0 IGZpbGUgKmZpbGUpCiAJICogQ2FjaGUgcGVybWlzc2lvbnMgZ3JhbnRlZCBieSB0aGUgcHJldmlv dXMgZXhlYyBjaGVjaywgd2l0aAogCSAqIGltcGxpY2l0IHJlYWQgYW5kIGV4ZWN1dGFibGUgbW1h cCB3aGljaCBhcmUgcmVxdWlyZWQgdG8KIAkgKiBhY3R1YWxseSBleGVjdXRlIHRoZSBpbWFnZS4K KwkgKgorCSAqIElsbG9naWNhbGx5LCBGTU9ERV9FWEVDIGlzIGluIGZfZmxhZ3MsIG5vdCBmX21v ZGUuCiAJICovCi0JaWYgKGN1cnJlbnQtPmluX2V4ZWN2ZSkgeworCWlmIChmaWxlLT5mX2ZsYWdz ICYgX19GTU9ERV9FWEVDKSB7CiAJCWZjdHgtPmFsbG93ID0gTUFZX0VYRUMgfCBNQVlfUkVBRCB8 IEFBX0VYRUNfTU1BUDsKIAkJcmV0dXJuIDA7CiAJfQpkaWZmIC0tZ2l0IGEvc2VjdXJpdHkvdG9t b3lvL3RvbW95by5jIGIvc2VjdXJpdHkvdG9tb3lvL3RvbW95by5jCmluZGV4IDNjM2FmMTQ5YmYx Yy4uZThmYjAyYjcxNmFhIDEwMDY0NAotLS0gYS9zZWN1cml0eS90b21veW8vdG9tb3lvLmMKKysr IGIvc2VjdXJpdHkvdG9tb3lvL3RvbW95by5jCkBAIC0zMjcsOCArMzI3LDkgQEAgc3RhdGljIGlu dCB0b21veW9fZmlsZV9mY250bChzdHJ1Y3QgZmlsZSAqZmlsZSwgdW5zaWduZWQgaW50IGNtZCwK ICAqLwogc3RhdGljIGludCB0b21veW9fZmlsZV9vcGVuKHN0cnVjdCBmaWxlICpmKQogewotCS8q IERvbid0IGNoZWNrIHJlYWQgcGVybWlzc2lvbiBoZXJlIGlmIGNhbGxlZCBmcm9tIGV4ZWN2ZSgp LiAqLwotCWlmIChjdXJyZW50LT5pbl9leGVjdmUpCisJLyogRG9uJ3QgY2hlY2sgcmVhZCBwZXJt aXNzaW9uIGhlcmUgaWYgZXhlY3ZlKCkuICovCisJLyogSWxsb2dpY2FsbHksIEZNT0RFX0VYRUMg aXMgaW4gZl9mbGFncywgbm90IGZfbW9kZS4gKi8KKwlpZiAoZmlsZS0+Zl9mbGFncyAmIF9fRk1P REVfRVhFQykKIAkJcmV0dXJuIDA7CiAJcmV0dXJuIHRvbW95b19jaGVja19vcGVuX3Blcm1pc3Np b24odG9tb3lvX2RvbWFpbigpLCAmZi0+Zl9wYXRoLAogCQkJCQkgICAgZi0+Zl9mbGFncyk7Cg== --000000000000af6da8060fb53687--