Thread (6 messages) 6 messages, 4 authors, 2023-08-11

Re: [PATCH v9] vfs, security: Fix automount superblock LSM init problem, preventing NFS sb sharing

From: Casey Schaufler <casey@schaufler-ca.com>
Date: 2023-08-10 14:43:51
Also in: linux-fsdevel, linux-nfs, lkml, selinux 

On 8/10/2023 6:57 AM, Jeff Layton wrote:
On Tue, 2023-08-08 at 15:31 +0200, Christian Brauner wrote:
quoted
On Tue, Aug 08, 2023 at 07:34:20AM -0400, Jeff Layton wrote:
quoted
From: David Howells <dhowells@redhat.com>

When NFS superblocks are created by automounting, their LSM parameters
aren't set in the fs_context struct prior to sget_fc() being called,
leading to failure to match existing superblocks.

This bug leads to messages like the following appearing in dmesg when
fscache is enabled:

    NFS: Cache volume key already in use (nfs,4.2,2,108,106a8c0,1,,,,100000,100000,2ee,3a98,1d4c,3a98,1)

Fix this by adding a new LSM hook to load fc->security for submount
creation.

Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Jeff Layton <jlayton@kernel.org>
Fixes: 9bc61ab18b1d ("vfs: Introduce fs_context, switch vfs_kern_mount() to it.")
Fixes: 779df6a5480f ("NFS: Ensure security label is set for root inode)
Tested-by: Jeff Layton <jlayton@kernel.org>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
I've made a significant number of changes since Casey acked this. It
might be a good idea to drop his Acked-by (unless he wants to chime in
and ask us to keep it).
You can keep the Acked-by.

Thanks,
Jeff
quoted
quoted
Acked-by: "Christian Brauner (Microsoft)" <brauner@kernel.org>
Link: https://lore.kernel.org/r/165962680944.3334508.6610023900349142034.stgit@warthog.procyon.org.uk/ (local) # v1
Link: https://lore.kernel.org/r/165962729225.3357250.14350728846471527137.stgit@warthog.procyon.org.uk/ (local) # v2
Link: https://lore.kernel.org/r/165970659095.2812394.6868894171102318796.stgit@warthog.procyon.org.uk/ (local) # v3
Link: https://lore.kernel.org/r/166133579016.3678898.6283195019480567275.stgit@warthog.procyon.org.uk/ (local) # v4
Link: https://lore.kernel.org/r/217595.1662033775@warthog.procyon.org.uk/ (local) # v5
---
ver #2)
- Added Smack support
- Made LSM parameter extraction dependent on reference != NULL.

ver #3)
- Made LSM parameter extraction dependent on fc->purpose ==
   FS_CONTEXT_FOR_SUBMOUNT.  Shouldn't happen on FOR_RECONFIGURE.

ver #4)
- When doing a FOR_SUBMOUNT mount, don't set the root label in SELinux or Smack.

ver #5)
- Removed unused variable.
- Only allocate smack_mnt_opts if we're dealing with a submount.

ver #6)
- Rebase onto v6.5.0-rc4
- Link to v6: https://lore.kernel.org/r/20230802-master-v6-1-45d48299168b@kernel.org (local)

ver #7)
- Drop lsm_set boolean
- Link to v7: https://lore.kernel.org/r/20230804-master-v7-1-5d4e48407298@kernel.org (local)

ver #8)
- Remove spurious semicolon in smack_fs_context_init
- Make fs_context_init take a superblock as reference instead of dentry
- WARN_ON_ONCE's when fc->purpose != FS_CONTEXT_FOR_SUBMOUNT
- Call the security hook from fs_context_for_submount instead of alloc_fs_context
- Link to v8: https://lore.kernel.org/r/20230807-master-v8-1-54e249595f10@kernel.org (local)

ver #9)
- rename *_fs_context_init to *_fs_context_submount
- remove checks for FS_CONTEXT_FOR_SUBMOUNT and NULL reference pointers
- fix prototype on smack_fs_context_submount
Thanks, this looks good from my perspective. If it looks fine to LSM
folks as well I can put it with the rest of the super work for this
cycle or it can go through the LSM tree.
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help