Re: [PATCH 35/39] convert bpf_token_create()

[PATCHSET][RFC] struct fd and memory safety · Al Viro <viro@zeniv.linux.org.uk> · 2024-07-30
[PATCH 01/39] memcg_write_event_control(): fix a user-triggerable oops · viro@kernel.org · 2024-07-30
[PATCH 02/39] introduce fd_file(), convert all accessors to it. · viro@kernel.org · 2024-07-30
Re: [PATCH 02/39] introduce fd_file(), convert all accessors to it. · Christian Brauner <brauner@kernel.org> · 2024-08-07
[PATCH 03/39] struct fd: representation change · viro@kernel.org · 2024-07-30
Re: [PATCH 03/39] struct fd: representation change · Josef Bacik <josef@toxicpanda.com> · 2024-07-30
Re: [PATCH 03/39] struct fd: representation change · Christian Brauner <brauner@kernel.org> · 2024-08-07
Re: [PATCH 03/39] struct fd: representation change · Christian Brauner <brauner@kernel.org> · 2024-08-07
[PATCH 04/39] add struct fd constructors, get rid of __to_fd() · viro@kernel.org · 2024-07-30
Re: [PATCH 04/39] add struct fd constructors, get rid of __to_fd() · Christian Brauner <brauner@kernel.org> · 2024-08-07
[PATCH 05/39] regularize emptiness checks in fini_module(2) and vfs_dedupe_file_range() · viro@kernel.org · 2024-07-30
Re: [PATCH 05/39] regularize emptiness checks in fini_module(2) and vfs_dedupe_file_range() · Christian Brauner <brauner@kernel.org> · 2024-08-07
[PATCH 06/39] net/socket.c: switch to CLASS(fd) · viro@kernel.org · 2024-07-30
Re: [PATCH 06/39] net/socket.c: switch to CLASS(fd) · Christian Brauner <brauner@kernel.org> · 2024-08-07
[PATCH 07/39] introduce struct fderr, convert overlayfs uses to that · viro@kernel.org · 2024-07-30
[PATCH 08/39] experimental: convert fs/overlayfs/file.c to CLASS(...) · viro@kernel.org · 2024-07-30
Re: [PATCH 08/39] experimental: convert fs/overlayfs/file.c to CLASS(...) · Josef Bacik <josef@toxicpanda.com> · 2024-07-30
Re: [PATCH 08/39] experimental: convert fs/overlayfs/file.c to CLASS(...) · Al Viro <viro@zeniv.linux.org.uk> · 2024-07-30
Re: [PATCH 08/39] experimental: convert fs/overlayfs/file.c to CLASS(...) · Josef Bacik <josef@toxicpanda.com> · 2024-07-31
Re: [PATCH 08/39] experimental: convert fs/overlayfs/file.c to CLASS(...) · Christian Brauner <brauner@kernel.org> · 2024-08-07
[PATCH 09/39] timerfd: switch to CLASS(fd, ...) · viro@kernel.org · 2024-07-30
Re: [PATCH 09/39] timerfd: switch to CLASS(fd, ...) · Christian Brauner <brauner@kernel.org> · 2024-08-07
[PATCH 10/39] get rid of perf_fget_light(), convert kernel/events/core.c to CLASS(fd) · viro@kernel.org · 2024-07-30
Re: [PATCH 10/39] get rid of perf_fget_light(), convert kernel/events/core.c to CLASS(fd) · Christian Brauner <brauner@kernel.org> · 2024-08-07
[PATCH 11/39] switch netlink_getsockbyfilp() to taking descriptor · viro@kernel.org · 2024-07-30
Re: [PATCH 11/39] switch netlink_getsockbyfilp() to taking descriptor · Christian Brauner <brauner@kernel.org> · 2024-08-07
[PATCH 12/39] do_mq_notify(): saner skb freeing on failures · viro@kernel.org · 2024-07-30
[PATCH 13/39] do_mq_notify(): switch to CLASS(fd, ...) · viro@kernel.org · 2024-07-30
Re: [PATCH 13/39] do_mq_notify(): switch to CLASS(fd, ...) · Christian Brauner <brauner@kernel.org> · 2024-08-07
[PATCH 14/39] simplify xfs_find_handle() a bit · viro@kernel.org · 2024-07-30
[PATCH 15/39] convert vmsplice() to CLASS(fd, ...) · viro@kernel.org · 2024-07-30
Re: [PATCH 15/39] convert vmsplice() to CLASS(fd, ...) · Christian Brauner <brauner@kernel.org> · 2024-08-07
[PATCH 16/39] convert __bpf_prog_get() to CLASS(fd, ...) · viro@kernel.org · 2024-07-30
Re: [PATCH 16/39] convert __bpf_prog_get() to CLASS(fd, ...) · Andrii Nakryiko <hidden> · 2024-08-06
Re: [PATCH 16/39] convert __bpf_prog_get() to CLASS(fd, ...) · Christian Brauner <brauner@kernel.org> · 2024-08-07
[PATCH 17/39] bpf: resolve_pseudo_ldimm64(): take handling of a single ldimm64 insn into helper · viro@kernel.org · 2024-07-30
Re: [PATCH 17/39] bpf: resolve_pseudo_ldimm64(): take handling of a single ldimm64 insn into helper · Andrii Nakryiko <hidden> · 2024-08-06
Re: [PATCH 17/39] bpf: resolve_pseudo_ldimm64(): take handling of a single ldimm64 insn into helper · Christian Brauner <brauner@kernel.org> · 2024-08-07
Re: [PATCH 17/39] bpf: resolve_pseudo_ldimm64(): take handling of a single ldimm64 insn into helper · Andrii Nakryiko <hidden> · 2024-08-07
Re: [PATCH 17/39] bpf: resolve_pseudo_ldimm64(): take handling of a single ldimm64 insn into helper · Alexei Starovoitov <hidden> · 2024-08-08
Re: [PATCH 17/39] bpf: resolve_pseudo_ldimm64(): take handling of a single ldimm64 insn into helper · Andrii Nakryiko <hidden> · 2024-08-08
Re: [PATCH 17/39] bpf: resolve_pseudo_ldimm64(): take handling of a single ldimm64 insn into helper · Alexei Starovoitov <hidden> · 2024-08-09
Re: [PATCH 17/39] bpf: resolve_pseudo_ldimm64(): take handling of a single ldimm64 insn into helper · Andrii Nakryiko <hidden> · 2024-08-09
Re: [PATCH 17/39] bpf: resolve_pseudo_ldimm64(): take handling of a single ldimm64 insn into helper · Al Viro <viro@zeniv.linux.org.uk> · 2024-08-10
Re: [PATCH 17/39] bpf: resolve_pseudo_ldimm64(): take handling of a single ldimm64 insn into helper · Andrii Nakryiko <hidden> · 2024-08-12
Re: [PATCH 17/39] bpf: resolve_pseudo_ldimm64(): take handling of a single ldimm64 insn into helper · Al Viro <viro@zeniv.linux.org.uk> · 2024-08-13
Re: [PATCH 17/39] bpf: resolve_pseudo_ldimm64(): take handling of a single ldimm64 insn into helper · Andrii Nakryiko <hidden> · 2024-08-13
[PATCH 18/39] bpf maps: switch to CLASS(fd, ...) · viro@kernel.org · 2024-07-30
Re: [PATCH 18/39] bpf maps: switch to CLASS(fd, ...) · Christian Brauner <brauner@kernel.org> · 2024-08-07
[PATCH 19/39] fdget_raw() users: switch to CLASS(fd_raw, ...) · viro@kernel.org · 2024-07-30
Re: [PATCH 19/39] fdget_raw() users: switch to CLASS(fd_raw, ...) · Christian Brauner <brauner@kernel.org> · 2024-08-07
[PATCH 20/39] introduce "fd_pos" class, convert fdget_pos() users to it. · viro@kernel.org · 2024-07-30
Re: [PATCH 20/39] introduce "fd_pos" class, convert fdget_pos() users to it. · Christian Brauner <brauner@kernel.org> · 2024-08-07
[PATCH 21/39] o2hb_region_dev_store(): avoid goto around fdget()/fdput() · viro@kernel.org · 2024-07-30
[PATCH 22/39] privcmd_ioeventfd_assign(): don't open-code eventfd_ctx_fdget() · viro@kernel.org · 2024-07-30
[PATCH 23/39] fdget(), trivial conversions · viro@kernel.org · 2024-07-30
Re: [PATCH 23/39] fdget(), trivial conversions · Christian Brauner <brauner@kernel.org> · 2024-08-07
[PATCH 24/39] fdget(), more trivial conversions · viro@kernel.org · 2024-07-30
Re: [PATCH 24/39] fdget(), more trivial conversions · Christian Brauner <brauner@kernel.org> · 2024-08-07
[PATCH 25/39] convert do_preadv()/do_pwritev() · viro@kernel.org · 2024-07-30
Re: [PATCH 25/39] convert do_preadv()/do_pwritev() · Christian Brauner <brauner@kernel.org> · 2024-08-07
[PATCH 26/39] convert cachestat(2) · viro@kernel.org · 2024-07-30
Re: [PATCH 26/39] convert cachestat(2) · Christian Brauner <brauner@kernel.org> · 2024-08-07
[PATCH 27/39] switch spufs_calls_{get,put}() to CLASS() use · viro@kernel.org · 2024-07-30
[PATCH 28/39] convert spu_run(2) · viro@kernel.org · 2024-07-30
Re: [PATCH 28/39] convert spu_run(2) · Christian Brauner <brauner@kernel.org> · 2024-08-07
[PATCH 29/39] convert media_request_get_by_fd() · viro@kernel.org · 2024-07-30
Re: [PATCH 29/39] convert media_request_get_by_fd() · Christian Brauner <brauner@kernel.org> · 2024-08-07
[PATCH 30/39] convert coda_parse_fd() · viro@kernel.org · 2024-07-30
Re: [PATCH 30/39] convert coda_parse_fd() · Christian Brauner <brauner@kernel.org> · 2024-08-07
[PATCH 31/39] convert cifs_ioctl_copychunk() · viro@kernel.org · 2024-07-30
Re: [PATCH 31/39] convert cifs_ioctl_copychunk() · Christian Brauner <brauner@kernel.org> · 2024-08-07
[PATCH 32/39] convert vfs_dedupe_file_range(). · viro@kernel.org · 2024-07-30
Re: [PATCH 32/39] convert vfs_dedupe_file_range(). · Christian Brauner <brauner@kernel.org> · 2024-08-07
[PATCH 33/39] convert do_select() · viro@kernel.org · 2024-07-30
Re: [PATCH 33/39] convert do_select() · Christian Brauner <brauner@kernel.org> · 2024-08-07
[PATCH 34/39] do_pollfd(): convert to CLASS(fd) · viro@kernel.org · 2024-07-30
Re: [PATCH 34/39] do_pollfd(): convert to CLASS(fd) · Christian Brauner <brauner@kernel.org> · 2024-08-07
[PATCH 35/39] convert bpf_token_create() · viro@kernel.org · 2024-07-30
Re: [PATCH 35/39] convert bpf_token_create() · Andrii Nakryiko <hidden> · 2024-08-06
Re: [PATCH 35/39] convert bpf_token_create() · Al Viro <viro@zeniv.linux.org.uk> · 2024-08-10
Re: [PATCH 35/39] convert bpf_token_create() · Andrii Nakryiko <hidden> · 2024-08-12
Re: [PATCH 35/39] convert bpf_token_create() · Christian Brauner <brauner@kernel.org> · 2024-08-07
[PATCH 36/39] assorted variants of irqfd setup: convert to CLASS(fd) · viro@kernel.org · 2024-07-30
Re: [PATCH 36/39] assorted variants of irqfd setup: convert to CLASS(fd) · Christian Brauner <brauner@kernel.org> · 2024-08-07
Re: [PATCH 36/39] assorted variants of irqfd setup: convert to CLASS(fd) · Al Viro <viro@zeniv.linux.org.uk> · 2024-08-10
[PATCH 37/39] memcg_write_event_control(): switch to CLASS(fd) · viro@kernel.org · 2024-07-30
Re: [PATCH 37/39] memcg_write_event_control(): switch to CLASS(fd) · Christian Brauner <brauner@kernel.org> · 2024-08-07
[PATCH 38/39] css_set_fork(): switch to CLASS(fd_raw, ...) · viro@kernel.org · 2024-07-30
Re: [PATCH 38/39] css_set_fork(): switch to CLASS(fd_raw, ...) · Christian Brauner <brauner@kernel.org> · 2024-08-07
[PATCH 39/39] deal with the last remaing boolean uses of fd_file() · viro@kernel.org · 2024-07-30
Re: [PATCH 39/39] deal with the last remaing boolean uses of fd_file() · Christian Brauner <brauner@kernel.org> · 2024-08-07
Re: [PATCH 01/39] memcg_write_event_control(): fix a user-triggerable oops · Michal Hocko <mhocko@suse.com> · 2024-07-30
Re: [PATCH 01/39] memcg_write_event_control(): fix a user-triggerable oops · Al Viro <viro@zeniv.linux.org.uk> · 2024-07-30
Re: [PATCH 01/39] memcg_write_event_control(): fix a user-triggerable oops · Michal Hocko <mhocko@suse.com> · 2024-07-30
Re: [PATCHSET][RFC] struct fd and memory safety · Al Viro <viro@zeniv.linux.org.uk> · 2024-07-30
Re: [PATCHSET][RFC] struct fd and memory safety · Josef Bacik <josef@toxicpanda.com> · 2024-07-30
Re: [PATCHSET][RFC] struct fd and memory safety · Al Viro <viro@zeniv.linux.org.uk> · 2024-07-31
Re: [PATCHSET][RFC] struct fd and memory safety · Jason Gunthorpe <jgg@ziepe.ca> · 2024-08-06
Re: [PATCHSET][RFC] struct fd and memory safety · Al Viro <viro@zeniv.linux.org.uk> · 2024-08-06
Re: [PATCHSET][RFC] struct fd and memory safety · Christian Brauner <brauner@kernel.org> · 2024-08-07
[PATCHSET v3] struct fd and memory safety · Al Viro <viro@zeniv.linux.org.uk> · 2024-11-02
[PATCH v3 01/28] net/socket.c: switch to CLASS(fd) · Al Viro <viro@zeniv.linux.org.uk> · 2024-11-02
[PATCH v3 07/28] do_mq_notify(): switch to CLASS(fd) · Al Viro <viro@zeniv.linux.org.uk> · 2024-11-02
[PATCH v3 05/28] switch netlink_getsockbyfilp() to taking descriptor · Al Viro <viro@zeniv.linux.org.uk> · 2024-11-02
[PATCH v3 09/28] convert vmsplice() to CLASS(fd) · Al Viro <viro@zeniv.linux.org.uk> · 2024-11-02
[PATCH v3 08/28] simplify xfs_find_handle() a bit · Al Viro <viro@zeniv.linux.org.uk> · 2024-11-02
[PATCH v3 12/28] o2hb_region_dev_store(): avoid goto around fdget()/fdput() · Al Viro <viro@zeniv.linux.org.uk> · 2024-11-02
[PATCH v3 11/28] introduce "fd_pos" class, convert fdget_pos() users to it. · Al Viro <viro@zeniv.linux.org.uk> · 2024-11-02
[PATCH v3 13/28] privcmd_ioeventfd_assign(): don't open-code eventfd_ctx_fdget() · Al Viro <viro@zeniv.linux.org.uk> · 2024-11-02
[PATCH v3 10/28] fdget_raw() users: switch to CLASS(fd_raw) · Al Viro <viro@zeniv.linux.org.uk> · 2024-11-02
[PATCH v3 15/28] fdget(), more trivial conversions · Al Viro <viro@zeniv.linux.org.uk> · 2024-11-02
[PATCH v3 14/28] fdget(), trivial conversions · Al Viro <viro@zeniv.linux.org.uk> · 2024-11-02
Re: [PATCH v3 14/28] fdget(), trivial conversions · Francesco Lavra <hidden> · 2024-11-11
[PATCH v3 17/28] convert cachestat(2) · Al Viro <viro@zeniv.linux.org.uk> · 2024-11-02
[PATCH v3 19/28] convert spu_run(2) · Al Viro <viro@zeniv.linux.org.uk> · 2024-11-02
[PATCH v3 20/28] convert media_request_get_by_fd() · Al Viro <viro@zeniv.linux.org.uk> · 2024-11-02
[PATCH v3 22/28] convert vfs_dedupe_file_range(). · Al Viro <viro@zeniv.linux.org.uk> · 2024-11-02
[PATCH v3 21/28] convert cifs_ioctl_copychunk() · Al Viro <viro@zeniv.linux.org.uk> · 2024-11-02
[PATCH v3 18/28] switch spufs_calls_{get,put}() to CLASS() use · Al Viro <viro@zeniv.linux.org.uk> · 2024-11-02
[PATCH v3 16/28] convert do_preadv()/do_pwritev() · Al Viro <viro@zeniv.linux.org.uk> · 2024-11-02
[PATCH v3 24/28] do_pollfd(): convert to CLASS(fd) · Al Viro <viro@zeniv.linux.org.uk> · 2024-11-02
[PATCH v3 26/28] memcg_write_event_control(): switch to CLASS(fd) · Al Viro <viro@zeniv.linux.org.uk> · 2024-11-02
[PATCH v3 23/28] convert do_select() · Al Viro <viro@zeniv.linux.org.uk> · 2024-11-02
[PATCH v3 28/28] deal with the last remaing boolean uses of fd_file() · Al Viro <viro@zeniv.linux.org.uk> · 2024-11-02
[PATCH v3 27/28] css_set_fork(): switch to CLASS(fd_raw, ...) · Al Viro <viro@zeniv.linux.org.uk> · 2024-11-02
[PATCH v3 25/28] assorted variants of irqfd setup: convert to CLASS(fd) · Al Viro <viro@zeniv.linux.org.uk> · 2024-11-02
[PATCH v3 02/28] regularize emptiness checks in fini_module(2) and vfs_dedupe_file_range() · Al Viro <viro@zeniv.linux.org.uk> · 2024-11-02
[PATCH v3 04/28] get rid of perf_fget_light(), convert kernel/events/core.c to CLASS(fd) · Al Viro <viro@zeniv.linux.org.uk> · 2024-11-02
[PATCH v3 03/28] timerfd: switch to CLASS(fd) · Al Viro <viro@zeniv.linux.org.uk> · 2024-11-02
[PATCH v3 06/28] do_mq_notify(): saner skb freeing on failures · Al Viro <viro@zeniv.linux.org.uk> · 2024-11-02
Re: [PATCH v3 01/28] net/socket.c: switch to CLASS(fd) · Simon Horman <horms@kernel.org> · 2024-11-02
Re: [PATCH v3 01/28] net/socket.c: switch to CLASS(fd) · Al Viro <viro@zeniv.linux.org.uk> · 2024-11-03
Re: [PATCH v3 01/28] net/socket.c: switch to CLASS(fd) · Simon Horman <horms@kernel.org> · 2024-11-06

From: Andrii Nakryiko <hidden>
Date: 2024-08-06 22:43:09
Also in: bpf, cgroups, kvm, linux-fsdevel
Subsystem: security subsystem, selinux security module, the rest · Maintainers: Paul Moore, James Morris, "Serge E. Hallyn", Stephen Smalley, Linus Torvalds

On Mon, Jul 29, 2024 at 10:27 PM [off-list ref] wrote:

From: Al Viro <viro@zeniv.linux.org.uk>

keep file reference through the entire thing, don't bother with
grabbing struct path reference (except, for now, around the LSM
call and that only until it gets constified) and while we are
at it, don't confuse the hell out of readers by random mix of
path.dentry->d_sb and path.mnt->mnt_sb uses - these two are equal,
so just put one of those into a local variable and use that.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
 kernel/bpf/token.c | 69 +++++++++++++++++-----------------------------
 1 file changed, 26 insertions(+), 43 deletions(-)

LGTM overall (modulo // comments, but see below)

Acked-by: Andrii Nakryiko <andrii@kernel.org>

quoted hunk ↗ jump to hunk

diff --git a/kernel/bpf/token.c b/kernel/bpf/token.c
index 9b92cb886d49..15da405d8302 100644
--- a/kernel/bpf/token.c
+++ b/kernel/bpf/token.c

@@ -116,67 +116,52 @@ int bpf_token_create(union bpf_attr *attr)

[...]

-       err = security_bpf_token_create(token, attr, &path);
+       path_get(&path);        // kill it
+       err = security_bpf_token_create(token, attr, &path); // constify
+       path_put(&path);        // kill it
        if (err)
                goto out_token;

By constify you mean something like below?

commit 06a6442ca9cc441805881eea61fd57d7defadaca
Author: Andrii Nakryiko [off-list ref]
Date:   Tue Aug 6 15:38:12 2024 -0700

    security: constify struct path in bpf_token_create() LSM hook

    There is no reason why struct path pointer shouldn't be const-qualified
    when being passed into bpf_token_create() LSM hook. Add that const.

    Suggested-by: Al Viro [off-list ref]
    Signed-off-by: Andrii Nakryiko [off-list ref]

diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h
index 855db460e08b..462b55378241 100644
--- a/include/linux/lsm_hook_defs.h
+++ b/include/linux/lsm_hook_defs.h

@@ -431,7 +431,7 @@ LSM_HOOK(int, 0, bpf_prog_load, struct bpf_prog

*prog, union bpf_attr *attr,
      struct bpf_token *token)
 LSM_HOOK(void, LSM_RET_VOID, bpf_prog_free, struct bpf_prog *prog)
 LSM_HOOK(int, 0, bpf_token_create, struct bpf_token *token, union
bpf_attr *attr,
-     struct path *path)
+     const struct path *path)
 LSM_HOOK(void, LSM_RET_VOID, bpf_token_free, struct bpf_token *token)
 LSM_HOOK(int, 0, bpf_token_cmd, const struct bpf_token *token, enum
bpf_cmd cmd)
 LSM_HOOK(int, 0, bpf_token_capable, const struct bpf_token *token, int cap)

diff --git a/include/linux/security.h b/include/linux/security.h
index 1390f1efb4f0..31523a2c71c4 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h

@@ -2137,7 +2137,7 @@ extern int security_bpf_prog_load(struct

bpf_prog *prog, union bpf_attr *attr,
                   struct bpf_token *token);
 extern void security_bpf_prog_free(struct bpf_prog *prog);
 extern int security_bpf_token_create(struct bpf_token *token, union
bpf_attr *attr,
-                     struct path *path);
+                     const struct path *path);
 extern void security_bpf_token_free(struct bpf_token *token);
 extern int security_bpf_token_cmd(const struct bpf_token *token, enum
bpf_cmd cmd);
 extern int security_bpf_token_capable(const struct bpf_token *token, int cap);

@@ -2177,7 +2177,7 @@ static inline void security_bpf_prog_free(struct

bpf_prog *prog)
 { }

 static inline int security_bpf_token_create(struct bpf_token *token,
union bpf_attr *attr,
-                     struct path *path)
+                        const struct path *path)
 {
     return 0;
 }

diff --git a/security/security.c b/security/security.c
index 8cee5b6c6e6d..d8d0b67ced25 100644
--- a/security/security.c
+++ b/security/security.c

@@ -5510,7 +5510,7 @@ int security_bpf_prog_load(struct bpf_prog

*prog, union bpf_attr *attr,
  * Return: Returns 0 on success, error on failure.
  */
 int security_bpf_token_create(struct bpf_token *token, union bpf_attr *attr,
-                  struct path *path)
+                  const struct path *path)
 {
     return call_int_hook(bpf_token_create, token, attr, path);
 }

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 55c78c318ccd..0eec141a8f37 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c

@@ -6965,7 +6965,7 @@ static void selinux_bpf_prog_free(struct bpf_prog *prog)
 }

 static int selinux_bpf_token_create(struct bpf_token *token, union

bpf_attr *attr,
-                    struct path *path)
+                    const struct path *path)
 {
     struct bpf_security_struct *bpfsec;


[...]

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help