Re: [PATCH v2] tomoyo: Don't check open/getattr permission on sockets.

KASAN: use-after-free Read in tomoyo_realpath_from_path · syzbot <hidden> · 2019-06-05
Re: KASAN: use-after-free Read in tomoyo_realpath_from_path · Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp> · 2019-06-05
Re: KASAN: use-after-free Read in tomoyo_realpath_from_path · Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp> · 2019-06-06
Re: KASAN: use-after-free Read in tomoyo_realpath_from_path · Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp> · 2019-06-06
[PATCH] tomoyo: Don't check open/getattr permission on sockets. · Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> · 2019-06-09
Re: [PATCH] tomoyo: Don't check open/getattr permission on sockets. · Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> · 2019-06-16
Re: [PATCH] tomoyo: Don't check open/getattr permission on sockets. · Al Viro <viro@zeniv.linux.org.uk> · 2019-06-18
[PATCH v2] tomoyo: Don't check open/getattr permission on sockets. · Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp> · 2019-06-22
Re: [PATCH v2] tomoyo: Don't check open/getattr permission on sockets. · Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp> · 2019-07-04
Re: [PATCH v2] tomoyo: Don't check open/getattr permission on sockets. · James Morris <jmorris@namei.org> · 2019-07-07
Re: [PATCH v2] tomoyo: Don't check open/getattr permission on sockets. · James Morris <jmorris@namei.org> · 2019-07-07
[PATCH v2] tomoyo: Don't check open/getattr permission on sockets. · Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> · 2019-08-09
Re: [PATCH v2] tomoyo: Don't check open/getattr permission on sockets. · Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp> · 2019-09-03
Re: [PATCH v2] tomoyo: Don't check open/getattr permission on sockets. · Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp> · 2019-09-13
Re: [PATCH v2] tomoyo: Don't check open/getattr permission on sockets. · Stephen Rothwell <hidden> · 2019-10-02
Re: [PATCH v2] tomoyo: Don't check open/getattr permission on sockets. · Eric Biggers <ebiggers@kernel.org> · 2019-08-22
Re: [PATCH v2] tomoyo: Don't check open/getattr permission on sockets. · Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp> · 2019-08-22
Re: [PATCH v2] tomoyo: Don't check open/getattr permission on sockets. · Eric Biggers <ebiggers@kernel.org> · 2019-08-22
Re: [PATCH v2] tomoyo: Don't check open/getattr permission on sockets. · Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp> · 2019-08-22
Re: [PATCH v2] tomoyo: Don't check open/getattr permission on sockets. · Eric Biggers <ebiggers@kernel.org> · 2019-08-22

From: Eric Biggers <ebiggers@kernel.org>
Date: 2019-08-22 15:48:09
Also in: linux-fsdevel, lkml

On Thu, Aug 22, 2019 at 04:42:26PM +0900, Tetsuo Handa wrote:

Eric Biggers wrote:

quoted

On Thu, Aug 22, 2019 at 03:55:31PM +0900, Tetsuo Handa wrote:

quoted

Also, isn't the same bug in other places too?:

	- tomoyo_path_chmod()
	- tomoyo_path_chown()
	- smack_inode_getsecurity()
	- smack_inode_setsecurity()

What's the bug? The file descriptor returned by open(O_PATH) cannot be
passed to read(2), write(2), fchmod(2), fchown(2), fgetxattr(2), mmap(2) etc.

chmod(2), chown(2), getxattr(2), and setxattr(2) take a path, not a fd.

OK. Then, is the correct fix

  inode_lock(inode);
  if (SOCKET_I(inode)->sk) {
    // Can access SOCKET_I(sock)->sk->*
  } else {
    // Already close()d. Don't touch.
  }
  inode_unlock(inode);

thanks to

  commit 6d8c50dcb029872b ("socket: close race condition between sock_close() and sockfs_setattr()")
  commit ff7b11aa481f682e ("net: socket: set sock->sk to NULL after calling proto_ops::release()")

changes?

inode_lock() is already held during security_path_chmod(),
security_path_chown(), and security_inode_setxattr().
So you can't just take it again.

- Eric

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help