From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0BE89C46CD2 for ; Sat, 27 Jan 2024 11:23:35 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 415AE6B007E; Sat, 27 Jan 2024 06:23:35 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 39DE16B0080; Sat, 27 Jan 2024 06:23:35 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 23E246B0081; Sat, 27 Jan 2024 06:23:35 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 10ED46B007E for ; Sat, 27 Jan 2024 06:23:35 -0500 (EST) Received: from smtpin23.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id AD71FC0846 for ; Sat, 27 Jan 2024 11:23:34 +0000 (UTC) X-FDA: 81724855548.23.5C57639 Received: from www262.sakura.ne.jp (www262.sakura.ne.jp [202.181.97.72]) by imf18.hostedemail.com (Postfix) with ESMTP id 6BA531C0018 for ; Sat, 27 Jan 2024 11:23:32 +0000 (UTC) Authentication-Results: imf18.hostedemail.com; dkim=none; dmarc=none; spf=none (imf18.hostedemail.com: domain of penguin-kernel@I-love.SAKURA.ne.jp has no SPF policy when checking 202.181.97.72) smtp.mailfrom=penguin-kernel@I-love.SAKURA.ne.jp ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1706354613; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=YCYWAyrbz7w7M4Pys56d6zOTx7Fpc6oVuzhLF9SMd5A=; b=bmH5hQIPWTtndPGDTOuSVBLy4sFvWMzyoDSeThMN0zTJpinXr/n5gJUQ6593WUeQQzZ6X2 LCW6OsnM+jE1T+rh0tv4qKLS5eGuzTm4MmW17PCGVxJoXwm0sdVyUGmlpnoHfR7h0YO3lz wciU1a//E+54iKT2SN8wGkeSvVVs3xo= ARC-Authentication-Results: i=1; imf18.hostedemail.com; dkim=none; dmarc=none; spf=none (imf18.hostedemail.com: domain of penguin-kernel@I-love.SAKURA.ne.jp has no SPF policy when checking 202.181.97.72) smtp.mailfrom=penguin-kernel@I-love.SAKURA.ne.jp ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1706354613; a=rsa-sha256; cv=none; b=zAnPTrWRMRVBCA+LMPRTETBMzT/xLxyILXf5+8afe7kpKGDor6DJVwqDouv4OHruCQJAqw pkOwLBjeDL9LwwcH4WOkzfWybtZ1VqG83oQUBhOaVYBRaDUmAEZD5mVcW6QW/QpRkpHfA4 mCpIxOGwBASdeg0MHpFeGKv7M+92b3U= Received: from fsav113.sakura.ne.jp (fsav113.sakura.ne.jp [27.133.134.240]) by www262.sakura.ne.jp (8.15.2/8.15.2) with ESMTP id 40RBN64w055077; Sat, 27 Jan 2024 20:23:06 +0900 (JST) (envelope-from penguin-kernel@I-love.SAKURA.ne.jp) Received: from www262.sakura.ne.jp (202.181.97.72) by fsav113.sakura.ne.jp (F-Secure/fsigk_smtp/550/fsav113.sakura.ne.jp); Sat, 27 Jan 2024 20:23:06 +0900 (JST) X-Virus-Status: clean(F-Secure/fsigk_smtp/550/fsav113.sakura.ne.jp) Received: from [192.168.1.6] (M106072142033.v4.enabler.ne.jp [106.72.142.33]) (authenticated bits=0) by www262.sakura.ne.jp (8.15.2/8.15.2) with ESMTPSA id 40RBN6FL055072 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NO); Sat, 27 Jan 2024 20:23:06 +0900 (JST) (envelope-from penguin-kernel@I-love.SAKURA.ne.jp) Message-ID: Date: Sat, 27 Jan 2024 20:23:06 +0900 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [6.8-rc1 Regression] Unable to exec apparmor_parser from virt-aa-helper Content-Language: en-US From: Tetsuo Handa To: Linus Torvalds Cc: Kees Cook , Paul Moore , Kevin Locke , Josh Triplett , Mateusz Guzik , Al Viro , linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, Kentaro Takeda , John Johansen References: <202401240832.02940B1A@keescook> <202401240916.044E6A6A7A@keescook> <0d820f39-2b9e-4294-801b-4fe30c71f497@I-love.SAKURA.ne.jp> In-Reply-To: <0d820f39-2b9e-4294-801b-4fe30c71f497@I-love.SAKURA.ne.jp> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Rspamd-Server: rspam09 X-Rspamd-Queue-Id: 6BA531C0018 X-Stat-Signature: q5fbjciaopkjdjfb18gfos4okrod6qos X-Rspam-User: X-HE-Tag: 1706354612-366324 X-HE-Meta: U2FsdGVkX1+GeCxl3QR4rfzumRpLZy3UDKuVishAOfoaf+rQ4pN8pwBN5XbmpBcvGo+ypCIYglrvcnFJ15WByOVZKEADsfUGWFGA/qgWVlW18il1f42U9HGyRtj2WMGxW/kW9x3IkAzM983nKkz10TPhds0rYfk+c6XYQD+sI4nXMSd7lk4zJyoOmIZZNYnsngg7ZVbICaIhmZ+hCY0snpLy+9Zc20cNig9ZTQtm4e8nE4VYsAlT8nCyB9OsayDdzvtd9qk79Z0xNsHih9VJhpBTPIJBaqJfIyXmkruR6rf2XoUB0E+0vtKn4vfNg8+CZ5FfVFT+nZ10NO20bWPnQkEHb/KvhVjtwU3hD8T+xxdu/gzmEnDr+N+QlCEfuO+NY++OydtNnyjy35gbNcYG5gKEYy1QAhIw7iPs9ZdmDy//MbK8CrD99SbHTH0foAdFuRU+Ay3vzDM53GV3guQhKtETQ36grPOrGYHQGIh6Fg0Gb54edMPB0PaUGG83YuWrT7VgsmzjPuB1Llxd8zw0TsI3b5u4Dc4oPEyaxXlH0p9Idz0tsa3Xo1YbXRYT6q7psOwW8oihYcNPjgcq89x8TKZIOnxbC5DdBlmFbG5HqA2gumbRcEqZd5r+jDhErQEL9rKT4Ei0qzTufhzpQc8mK9ajviW41P7YX3Ja2+MtrF8eYq+Y06JiqBGCX+p2lUYUIgb1SWWw0YuCHfCQR/opgIwbsKcJlUEZIKk01UNZaqizDpWQktPfDkKg2nIqhhV0tQ1FpLiRuhtRlewqiOcOpxhNzu9cX91SaQ32JEm3cQTSgP1uUoCXgNjgVHrvmRoM0YsCrLzPNigwUN6oejRsVmlAh+VH2Kjgkd+CFTVaJq2B9ZsHg6q7pjNIfoPVsbhk5zdL1MbIshG/0sSjj0U1mIhab2bh79PVLsWbTL5MviaVgUkFCWX5ui6H++P6xutXAVjiPI/tCzrury1lGQY fX0f+1ke eTpkcAfNN7Buws7pijaPTprVlwkVCuj3PWhdOxyoeMBmgvlMWxZrzYekci0lrQWRT6OOVpZAvAe7a1KQPPJPxtV3gwd06HomlHww11NbSV5M0ZOTjfC63/qvjP9XE7U0xCdDKoLJ+4D8ZQLddKNLE4UpvUblMnoWz7XZGr/DDHSzILQWJgbHW9ksXVBVdY59BhiA4jTaY+oJhiLt0SlwJrtYu986g8K4vlJ8urzdJ9Dh5Z+NSqW34IA1sGaPs3Lgu1jlhPAML80t04cK2MGpTFPWYCdIRB4lb0uvb/spBiqt+HNk= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On 2024/01/27 20:00, Tetsuo Handa wrote: > On 2024/01/27 16:04, Tetsuo Handa wrote: >> If we can accept revival of security_bprm_free(), we can "get rid of current->in_execve flag" >> and "stop saving things across two *independent* execve() calls". > > Oops, I found a bug in TOMOYO (and possibly in AppArmor as well). > TOMOYO has to continue depending on current->in_execve flag even if > security_bprm_free() is revived. No. We can "get rid of current->in_execve flag" and "stop saving things across two *independent* execve() calls". > @@ -327,9 +322,13 @@ static int tomoyo_file_fcntl(struct file *file, unsigned int cmd, > */ > static int tomoyo_file_open(struct file *f) > { > - /* Don't check read permission here if called from execve(). */ > - /* Illogically, FMODE_EXEC is in f_flags, not f_mode. */ > - if (f->f_flags & __FMODE_EXEC) > + /* > + * Don't check read permission here if called from execve() for > + * the first time of that execve() request, for execute permission > + * will be checked at tomoyo_bprm_check_security() with argv/envp > + * taken into account. > + */ > + if (current->in_execve && !tomoyo_task(current)->old_domain_info) Since "f->f_flags & __FMODE_EXEC" == "current->in_execve", TOMOYO can continue using "f->f_flags & __FMODE_EXEC", provided that tomoyo_task(current)->old_domain_info is reset to NULL via security_bprm_free() callback when previous execve() request failed. That is, if security_bprm_free() is revived, we can also get rid of current->in_execve.