From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id B8625C46CD2 for ; Wed, 24 Jan 2024 16:55:23 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 163256B0081; Wed, 24 Jan 2024 11:55:23 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 0E9726B0082; Wed, 24 Jan 2024 11:55:23 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id ECBB06B0083; Wed, 24 Jan 2024 11:55:22 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id D93A76B0081 for ; Wed, 24 Jan 2024 11:55:22 -0500 (EST) Received: from smtpin28.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id A3173C03A4 for ; Wed, 24 Jan 2024 16:55:22 +0000 (UTC) X-FDA: 81714805284.28.D4C9A4F Received: from mail-lf1-f41.google.com (mail-lf1-f41.google.com [209.85.167.41]) by imf28.hostedemail.com (Postfix) with ESMTP id 8CE45C0008 for ; Wed, 24 Jan 2024 16:55:20 +0000 (UTC) Authentication-Results: imf28.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=google header.b=E+6vwOns; dmarc=none; spf=pass (imf28.hostedemail.com: domain of torvalds@linuxfoundation.org designates 209.85.167.41 as permitted sender) smtp.mailfrom=torvalds@linuxfoundation.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1706115320; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=sPdCGKuEWKXJWP2sfaXpzZkS4P7GnOGZQJx21so96qE=; b=NfGPSkrDgHIEpaXgikHMKig3kVfaZ+xgQ0rw61RRC/Wj/Gu3piH6B2AhUxA+XghVpJTjpJ hUCsVDM4NMR3U8H4FTTkc3gTcz8NKnt411tEMGCKxS7OSOdmJJBhT0p1swpYsOItC65YU6 z7dZjNrDXUhB4ytw7OQM0hOo59l/yjM= ARC-Authentication-Results: i=1; imf28.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=google header.b=E+6vwOns; dmarc=none; spf=pass (imf28.hostedemail.com: domain of torvalds@linuxfoundation.org designates 209.85.167.41 as permitted sender) smtp.mailfrom=torvalds@linuxfoundation.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1706115320; a=rsa-sha256; cv=none; b=UCRxf8RWuUtLRzAd3cKfQMLGJy6wcy+L/5n/HKX9AKRrY5xwuyrnhX5XFHRM3htqCVGaCr g3rpem2qAqPpRCyipkepRffHzBavke1B4l46EneAbCD1K2XvAUSIy88M5BnS0pYsCctrWL lz/l4emo14IzgUe4oSWfzsqkr5SzQrc= Received: by mail-lf1-f41.google.com with SMTP id 2adb3069b0e04-50eabd1c701so6502831e87.3 for ; Wed, 24 Jan 2024 08:55:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; t=1706115318; x=1706720118; darn=kvack.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=sPdCGKuEWKXJWP2sfaXpzZkS4P7GnOGZQJx21so96qE=; b=E+6vwOnsE620A+hw1msKZlcY2EB4tXzN570t/cPfTEQlOG5eHdwpd1iT8nzptYeqy1 PLZIAfm+yNSVfasV8gqzvR9hCgxIijJAav2xCk35uN9LdTuMCUC1aT/o3EoUQuSVCjqq 8HCDW96NPvz4MTfjZfVahko2kqc5ty8rTAq1U= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706115318; x=1706720118; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=sPdCGKuEWKXJWP2sfaXpzZkS4P7GnOGZQJx21so96qE=; b=pj7uT2ySB29J2luV+EiyYqhqDgg2OnbDLT5AaUS1MKJgL0sYC33rCcP9UxlTF0QYRj mj9B2zWa3oiTwpK/fuYTbXhwsNS26U8/FyEQEKqDRNbJApN84h1Ov8Pj8VV0vh8t00kH 39SIitWBm7ld06zUnYoBuZWw9ygdmuHszOxcw2UuN9AwPcoTJ1bWkcv1t0j2nvPbajOZ r3QWS8XED29G8JTb6whPnPVFjWpM3UR5KxrUyx7I9QPJDhWnA1YQWKxqcMWVaW33AGE2 C4wuxEpuZ+skmAP/hQnRkbqJ1OArQy9O4thN3D2j2dS40KS/GZRvLi0jTishrVCwYIX6 d9Bw== X-Gm-Message-State: AOJu0YxCtlxWkZIIgdLcUAExy8YXG5yDpwUctnAqwTNfbmmanZff3WEL hthaygQHMB1vrnjZAjtyFaUwYOgVpk6fFphuBmO1NIw6q3aXIPxMefTVfTERlfnuQTV6e2lEOtK pR5Qzgw== X-Google-Smtp-Source: AGHT+IGxzQMIBzklRcKD1I52fZgMrCOqYqjSLO7i3ygn/0uq3far6+sPUj3NFZcAeNtRrY9iUw+VFw== X-Received: by 2002:ac2:4989:0:b0:50e:9c59:5627 with SMTP id f9-20020ac24989000000b0050e9c595627mr3946684lfl.45.1706115318543; Wed, 24 Jan 2024 08:55:18 -0800 (PST) Received: from mail-lj1-f179.google.com (mail-lj1-f179.google.com. [209.85.208.179]) by smtp.gmail.com with ESMTPSA id j4-20020a056512398400b0050e86bb4b2esm2625036lfu.218.2024.01.24.08.55.17 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 24 Jan 2024 08:55:17 -0800 (PST) Received: by mail-lj1-f179.google.com with SMTP id 38308e7fff4ca-2cf1fd1cc5bso10639851fa.3 for ; Wed, 24 Jan 2024 08:55:17 -0800 (PST) X-Received: by 2002:a05:651c:1043:b0:2cf:155e:2567 with SMTP id x3-20020a05651c104300b002cf155e2567mr1158083ljm.95.1706115317480; Wed, 24 Jan 2024 08:55:17 -0800 (PST) MIME-Version: 1.0 References: <202401240832.02940B1A@keescook> In-Reply-To: From: Linus Torvalds Date: Wed, 24 Jan 2024 08:54:58 -0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [6.8-rc1 Regression] Unable to exec apparmor_parser from virt-aa-helper To: Kees Cook Cc: Kevin Locke , John Johansen , Josh Triplett , Mateusz Guzik , Al Viro , linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 8CE45C0008 X-Rspam-User: X-Rspamd-Server: rspam02 X-Stat-Signature: iqzu5dggrcbged59b48kibyrgdk5h6w8 X-HE-Tag: 1706115320-857997 X-HE-Meta: U2FsdGVkX18xsW6+6qP3v5wMRtcbtpKCIuLYLzcJaRnOc+zKmsVzzoDJDIXSpVESvK6stC9QWaUQ4KzfGXQQyg0z1r/rhuK7BMy7LPgF7+91eAHjn0U6Rq01xpM7HlWOPNUz4T/kjlrihvUEdMPVFZunnrUIty4RmR1X/lVWzJGHNGQryoad2gxOGYrepGMFfpqLWMSN12wCn+F/p+/MZrwN1qXBS+yzUTwokLvfSZSl8Hufc9LSEeYaYXfbB6Hr1u2uwn+3jAyVcCHbj5hAyT+LM09niTgKu9FuYldcKWnDYs7Z0wMTPzDahD6e7AdueG2y1GT+5mPllgRI5Q2n/f9ZqpTydbZ+2q9V5pgGWNCe7qzz/fSFUEUH+SpWWrC0gr5Fx+40gL5cg9ZN2b/LYqxun1YtaYDJprxOo1J2KKdSd2fZPpWZPL/BoyqN5iOIhe2/MrMQq8hrcOn2gGYgZj4547MHXKxJsZlVfxvtdYuYQJOLK1dCgCagdiLPxnYjaI9KdQd6QCmxv8f/b/4stEtHhwGaeDdOKwBV01rGPZbKHaYKn6jvsefwW1BZQfSXF8hc7YscpJBYIlEZggpN3jJKkeu0BWDSXpgR/MWaqa5vgvaa/3vNt1gCWRmziYyz97D97XGAKbNtLwZgVoyHOqflLF7IddsccpLe2Wm1ieoJ7l0HUDhEgrGpI7E+CmFS7HDprgtsVL20CdhAz2pb60omCg2UjjPoclk8FKj522PkneO6+Sx/4ZEvORwjfww4Q5fxeunZ2YYfpIsE9LkSFEJlj81QEQqFs1fcoBkskh3vqgPWnwbIS9jiCl7HZCg4ndxkpFmz4LL2bBPxdTw02plgHx0Pq7+X5YcDpdSkztFw6D69Qcr/NwjmiWfhQNTrGdzK/BXDaJgavU89e13czFHPALOzwezXqkGTO7lj/H69Lk22NLNw8D4A49P2o0pfKbuIfB/FzvEM6Oq9fld ayMNxaAZ j4PsN4vn45kdyshQ3uNXwW7L59xBxPiuw/H9usZazGfQo9NlvWZOowFsXhSLXQShdGmuMms9YPJvg4RsEe/hxsRDezb4A2T5r8TEz9XpLWYuuyelA7FFFXkBWGP+SIppfNWRZpWVuMEV2IQyx9uavnVNY7uVT/YAgrUjfTDt5zhqFuX8+eGpXgsCSjWix3UKjNYbOPKH24qL6JWiLC0kyPH18SCeUpOmymxYO8ZOG7jIYEtmwtNgVmTV2ncQq67pHSO1E51ILWelxKckgKbxpDZSfa9/xR0Z3hIbWoFPkIqu1voaSGg0bEzgVqKWoGDAYRwdjwCEfWNi3yePd+783s0Vuq0nmhz+rDJlgiwm85n7tEAsxAZQyYC5QUOuWMGrw1ZDTHwxicNes+qQ8VT3drKRLXYnpZKtxDVdvelFehOV8JkLUMRAE0+ye3dWvUUgJPwb9ft6Z5Mx32FU/THllLpvXkvrXuhFSqKdzYsDxYNQfcmhR/BNMzizWZaDYD1cVvrf5J74jhvyACdsgcNC1JrmmcZ/kaN2yglRZsS31MOgj0SnQ8Vgk52IUpbFdmwWBDY4XyWcipZkXEMQc9XXpTGskDmXhB6xinxDkqwFOe8snJAHdEVLF4oefGsAle/bQHajw X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Wed, 24 Jan 2024 at 08:46, Linus Torvalds wrote: > > If the code ends up deciding "is this an exec" based on some state > flag that hasn't been set, that would explain it. > > Something like "current->in_execve", perhaps? Yeah, that looks like exactly what some of the security layer is testing. Hmm. That whole thing is disgusting. I think it should have checked FMODE_EXEC, and I have no idea why it doesn't. Linus