From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4ADD3C47258 for ; Thu, 25 Jan 2024 17:17:55 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id D4EA08D0008; Thu, 25 Jan 2024 12:17:54 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id CFECA8D0002; Thu, 25 Jan 2024 12:17:54 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id BED478D0008; Thu, 25 Jan 2024 12:17:54 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id AF85B8D0002 for ; Thu, 25 Jan 2024 12:17:54 -0500 (EST) Received: from smtpin02.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 49B86A242E for ; Thu, 25 Jan 2024 17:17:54 +0000 (UTC) X-FDA: 81718490868.02.08D2B26 Received: from mail-ed1-f43.google.com (mail-ed1-f43.google.com [209.85.208.43]) by imf13.hostedemail.com (Postfix) with ESMTP id 43DF12000D for ; Thu, 25 Jan 2024 17:17:52 +0000 (UTC) Authentication-Results: imf13.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=google header.b=Ik3Ff3Uv; dmarc=none; spf=pass (imf13.hostedemail.com: domain of torvalds@linuxfoundation.org designates 209.85.208.43 as permitted sender) smtp.mailfrom=torvalds@linuxfoundation.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1706203072; a=rsa-sha256; cv=none; b=4wadBiX8hlpISQIdZjQvr4Uv3kPeSZIlLSXVz4szXM0RVC6zaY+4lMNMhsxcHB9Ed4z4p0 E07x9Unl5z6CrMcdET0P4iBSwQYDOSpej5YiBOP9C6uZdr+GHS/Wa06tQFl0j3ca1VQkPp /RdsoBMu+RG3hknZhAPKh6iM1KzruT4= ARC-Authentication-Results: i=1; imf13.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=google header.b=Ik3Ff3Uv; dmarc=none; spf=pass (imf13.hostedemail.com: domain of torvalds@linuxfoundation.org designates 209.85.208.43 as permitted sender) smtp.mailfrom=torvalds@linuxfoundation.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1706203072; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=AU+fsHobuU39z9pQZP7B0amkHKcRajVu86fobjazaZU=; b=U3RbAOouofe8z6+wGqCpYsX9c6puCwdxWuQ65/ySJWOrhl7JxTrUqAhXIGyDmf4VF2Say/ qUYHzms3gOXT/eMkwbXqO+F/ZXnAsFlUeA6klEDM7wCPIHSwytJDXH+ngkBtmitEx7Ots/ qHNwXdS0h18kTHjgAmRbF//OnKf6gLo= Received: by mail-ed1-f43.google.com with SMTP id 4fb4d7f45d1cf-55d20f24275so58813a12.0 for ; Thu, 25 Jan 2024 09:17:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; t=1706203070; x=1706807870; darn=kvack.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=AU+fsHobuU39z9pQZP7B0amkHKcRajVu86fobjazaZU=; b=Ik3Ff3Uv42RyrWgsUZDtEctlll7tAhpsjVM7YQYikUlAYDxvzrt9GtZ21VSNQhpiw7 rfgTM49ZV/QMx850jb1senQMhIQ6H7VU2qWxRzS9n5gJhn1DBuw6nyRIshdFYfxuDRVq 31DSFzBpghrcLtf97FQDcC7yeUWFDQOgyrf2I= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706203070; x=1706807870; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=AU+fsHobuU39z9pQZP7B0amkHKcRajVu86fobjazaZU=; b=IzBhATX7AwDoMBUPxf0sv3qBQindGICqezICugPj+xTB/R5MjzAfqPOW+9C/m2aDJ3 YDVMcSnohf+6TwLv3SVj/6KV2m9EC/gsB9/HWxdaBtCYtRZ/eKpabghP3q25R7+cvnvE +k5TX00wJNc5C0lu6Zn2yiLvgD2yw/uUHmrhHlDfKT0IxX2ttc3ui78ugsnW71LK5k7p qsaXFLujHPjc7sHM83K6rdPuAnAMpKdupe9/na/AZQUD+4hF2kpraitG0PSXUHvbOXDQ Lf1FKZzKQ3fKCIGxLANOc1yfRNLkwD8DnLCOP1+A/Rk/G8t195Xo97Pu46GrpUTBI3eP I9vg== X-Gm-Message-State: AOJu0YxApIV4SVnHuLOck6K8sDh9g6vo3NNJzJhedpqSSagM97uoPzUU moMhqtM+m99BC1mJSpMUhuUIr/M9g12DxkiCki/NsLDLQjugWscPW4jP0GfsJcqpISOz7CgoR81 p2SHvAw== X-Google-Smtp-Source: AGHT+IGXEiWsbtk7hu/+njsQhgOchzHxKwGW2vcP1GnDBb4c2gWreZougyuKsKy27DH7BXucPzk/Pg== X-Received: by 2002:a17:907:a809:b0:a30:ee47:828e with SMTP id vo9-20020a170907a80900b00a30ee47828emr748063ejc.110.1706203070588; Thu, 25 Jan 2024 09:17:50 -0800 (PST) Received: from mail-ed1-f45.google.com (mail-ed1-f45.google.com. [209.85.208.45]) by smtp.gmail.com with ESMTPSA id s6-20020a17090699c600b00a31e67de7dbsm495002ejn.4.2024.01.25.09.17.49 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 25 Jan 2024 09:17:49 -0800 (PST) Received: by mail-ed1-f45.google.com with SMTP id 4fb4d7f45d1cf-55a035669d5so8468488a12.2 for ; Thu, 25 Jan 2024 09:17:49 -0800 (PST) X-Received: by 2002:a05:6402:1246:b0:55c:7e2c:ed7 with SMTP id l6-20020a056402124600b0055c7e2c0ed7mr836379edw.18.1706203069390; Thu, 25 Jan 2024 09:17:49 -0800 (PST) MIME-Version: 1.0 References: <202401240832.02940B1A@keescook> <202401240916.044E6A6A7A@keescook> In-Reply-To: From: Linus Torvalds Date: Thu, 25 Jan 2024 09:17:32 -0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [6.8-rc1 Regression] Unable to exec apparmor_parser from virt-aa-helper To: Tetsuo Handa Cc: Kees Cook , John Johansen , Paul Moore , Kevin Locke , Josh Triplett , Mateusz Guzik , Al Viro , linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, Kentaro Takeda Content-Type: text/plain; charset="UTF-8" X-Rspam-User: X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: 43DF12000D X-Stat-Signature: dy675xrxfcmmznau5iai977k3sa6a36e X-HE-Tag: 1706203072-377147 X-HE-Meta: U2FsdGVkX18TYJzqw6lUS3FXLOSiH4g69MPPNK7/fcaH1Gn0VOvIpp8H3U0sEhyIYfuigbwd2gno4n8uAF1ibbTs4GSj7C1JLveesIo5wJwvLNnZgyUbb/5IxaRqR10mqhvhPYNCbSIMx25oNQOGVPq5XdoDoUA5E3FlgrV+iHyZrpmf9MOeA0nh6KnmxMagqoFmqlMUIc/Popg0ywKlz9GtGlYQtOgUn6d2bU/XPJbcK2ILiOIemqA2KLh7iyzorutnvmu/w0WQ9MX1c7dK154FQOa87UAIUeuf2GSoUa2JcTCVrJ2oxiZjfeIXlS+powgMc13T5jCmXkGYJ0jpVsfsxJDp4AYnmE9odouyaPWZgZSWiQGoorF4RSMNIlXCp7HFXd/BwiLfkUX/1QwZAwG3KrOzci2Zlur1v/iY4a47+jgWkYYGOcXiIcrWnYhqGT3hgkRKhVHQgXvFC6Sq62+A4j7e96nXWtZEFsVfCuPTvve1P7jiioeugSuSyEz5SmmUW9q04iw4V6ABsh3uAklQzYPfwF/z+T9un9IkB2UtYZUbfB/z/1dbLIV/BINpps1vQB6w5Vn0Gy72dIh8BoAdhGmK2dqUlEpumxhYizBONVFvl0rnrXZupE81Ku1SLClH7hQzZicTqrEC/BaSZatfx7+FQypuqcPnLsHBhximm5+NZ7oiF85O6YdRxZXEdwfmu/G5LGRbLEeZ9keZ47ilqfaY57O71bTniScG9orlaNzUrmhdzBj7RjO3/yxIHM0FNzXf6K9E6YGYrtR7F6XACwvgZJUoAafPERDXFjzJDvJuWCT24TUAUsEqA15WZSFBX/1yZ7fOjaPGzTZksGYlI8QH0/jZg51zYzEXyEb+c9leDH+8cH6EpMZ4eDMwpFAI5zvJPUX97u6mxE4ukocO/NuOFg6Dkzp8WI6k4uYCJrsedEuA621o9NvTFhSqb9OTBT51lZNEf9izKGr hXndvmQh AhFVPrwQqlkt6IZY8bFXJ01U1oCzzRM5gKdVk8Avxy5z2JzxgPUqkJBoatYtOZdCnNMb915VEElNMF+HBEg+cGaNhvpztzR7AgMbQnebu3iUh4f/v2Z1kyF52AnSMHJ/2Pf9a4fiePPMDgUU9Y8+limbr23khumtE14u5QFPd2wNWv23s8RjhSaTO+j1ZXFYs4E21SjfLrCdHCA8JonuiPuMVot5G3UHjXjvTs+V/lF/RSwz3d0+EuxVqZbJelR6oz5BZ+FvdLgLkxsl6H9/pnuUu8lyPR2mTA32TX0QGUZh6hwuwEaCxow6E00Lf8s/kgPUIe3V+dTUb8pZ7a/mbZUAW+qLh0hYpYdbJ+EVuZHtHB/QJU4AzW6iaPRN2Q0MODEMLWuvtG+I4+wAGQBPxqg7+OY2CCTiRxkphIyr14cU9uOJnRK9B5ph/WfLNyJQ1n9SMKpQ1YwSRYV/wOLsDi2R2krdwmw5aN5O4oqMzdUV0xk2R6nM8+w60FJjbHnonUlC65a914YGFjqKEc+TeanWDHowoDBcV10cECQj9gLaMK2sy1wiNPy9MeEzVZcV17+iF X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Thu, 25 Jan 2024 at 06:17, Tetsuo Handa wrote: > > On 2024/01/25 3:27, Linus Torvalds wrote: > > The whole cred use of current->in_execve in tomoyo should > > *also* be fixed, but I didn't even try to follow what it actually > > wanted. > > Due to TOMOYO's unique domain transition (transits to new domain before > execve() succeeds and returns to old domain if execve() failed), TOMOYO > depends on a tricky ordering shown below. Ok, that doesn't really clarify anything for me. I'm less interested in what the call paths are, and more like "_Why_ is all this needed for tomoyo?" Why doesn't tomoyo just install the new cred at "commit_creds()" time? (The security hooks that surround that are "->bprm_committing_creds()" and "->bprm_committed_creds()") IOW, the whole "save things across two *independent* execve() calls" seems crazy. Very strange and confusing. Linus