From patchwork Thu Oct 10 15:26:41 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= X-Patchwork-Id: 13830414 X-Patchwork-Delegate: paul@paul-moore.com Received: from smtp-42ad.mail.infomaniak.ch (smtp-42ad.mail.infomaniak.ch [84.16.66.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F2EE220DD2; Thu, 10 Oct 2024 15:27:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=84.16.66.173 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728574029; cv=none; b=TGCZ1gnraAV4NcDcGQIq2IXa26DQH72DPpg6DNVL0RUskH7fKc0uU4chYXI30zeF+1wQGRPkSU2GvDeQfr6ArqINmEYq6sBmVqYTNbgofzqRzoPpJ+lmtD84+HQkYnI6g81HKJnPuRbKIw9SPPTIi6SaWkQkH6l1eByU+Ij5VxE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728574029; c=relaxed/simple; bh=pWtLcjsmW4Qrm1YUcmTcA7tapQRt91fGtH3cEhWZ1EY=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version:Content-Type; b=i5vsf5snPj+VdOB0Tx+er62cyAjzUv7Df66g49+rX7h3vk1TvJpE7WZNyp2wBcF/t8RNAdYzmV1CSyR+nM9ofRZBISLMXJhsXWq35mS9o7IBkLKTj3JCnrW7qXzH0BFAncKEi6E2G11eA5monkpDSK9HpZ6Q4bwEMLgiMCaUIrE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=digikod.net; spf=pass smtp.mailfrom=digikod.net; dkim=pass (1024-bit key) header.d=digikod.net header.i=@digikod.net header.b=x5Kg8XAg; arc=none smtp.client-ip=84.16.66.173 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=digikod.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=digikod.net Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=digikod.net header.i=@digikod.net header.b="x5Kg8XAg" Received: from smtp-4-0001.mail.infomaniak.ch (smtp-4-0001.mail.infomaniak.ch [10.7.10.108]) by smtp-4-3000.mail.infomaniak.ch (Postfix) with ESMTPS id 4XPYX03MtCz63h; Thu, 10 Oct 2024 17:26:56 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digikod.net; s=20191114; t=1728574016; bh=oCSwOw598EhYP254uOWzIyCUOB7f8SxQQTeZxoKvSLU=; h=From:To:Cc:Subject:Date:From; b=x5Kg8XAgBFXfFqaybiH6SHrYOau3tOPmMTIzkIEP/oFRB4WdWdWgzZ4LNSB6l+rSK l1NE5fgNuGMKWC036+wChsgGxCX8H5R0sG0z3TrH4Ik52EwcHt/Tb4wgCMzb+jdctv kWakYI2PbopwRZiy5bTbYX/iDfpUfJpPgauzuq8Q= Received: from unknown by smtp-4-0001.mail.infomaniak.ch (Postfix) with ESMTPA id 4XPYWz5bv6zQj1; Thu, 10 Oct 2024 17:26:55 +0200 (CEST) From: =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= To: Christian Brauner , Paul Moore Cc: =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , linux-fsdevel@vger.kernel.org, linux-nfs@vger.kernel.org, linux-security-module@vger.kernel.org, audit@vger.kernel.org, Trond Myklebust , Anna Schumaker , Alexander Viro , Jan Kara Subject: [RFC PATCH v1 1/7] fs: Add inode_get_ino() and implement get_ino() for NFS Date: Thu, 10 Oct 2024 17:26:41 +0200 Message-ID: <20241010152649.849254-1-mic@digikod.net> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Infomaniak-Routing: alpha When a filesystem manages its own inode numbers, like NFS's fileid shown to user space with getattr(), other part of the kernel may still expose the private inode->ino through kernel logs and audit. Another issue is on 32-bit architectures, on which ino_t is 32 bits, whereas the user space's view of an inode number can still be 64 bits. Add a new inode_get_ino() helper calling the new struct inode_operations' get_ino() when set, to get the user space's view of an inode number. inode_get_ino() is called by generic_fillattr(). Implement get_ino() for NFS. Cc: Trond Myklebust Cc: Anna Schumaker Cc: Alexander Viro Cc: Christian Brauner Cc: Jan Kara Signed-off-by: Mickaël Salaün Reviewed-by: Christoph Hellwig --- I'm not sure about nfs_namespace_getattr(), please review carefully. I guess there are other filesystems exposing inode numbers different than inode->i_ino, and they should be patched too. --- fs/nfs/inode.c | 6 ++++-- fs/nfs/internal.h | 1 + fs/nfs/namespace.c | 2 ++ fs/stat.c | 2 +- include/linux/fs.h | 9 +++++++++ 5 files changed, 17 insertions(+), 3 deletions(-) diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c index 542c7d97b235..5dfc176b6d92 100644 --- a/fs/nfs/inode.c +++ b/fs/nfs/inode.c @@ -83,18 +83,19 @@ EXPORT_SYMBOL_GPL(nfs_wait_bit_killable); /** * nfs_compat_user_ino64 - returns the user-visible inode number - * @fileid: 64-bit fileid + * @inode: inode pointer * * This function returns a 32-bit inode number if the boot parameter * nfs.enable_ino64 is zero. */ -u64 nfs_compat_user_ino64(u64 fileid) +u64 nfs_compat_user_ino64(const struct *inode) { #ifdef CONFIG_COMPAT compat_ulong_t ino; #else unsigned long ino; #endif + u64 fileid = NFS_FILEID(inode); if (enable_ino64) return fileid; @@ -103,6 +104,7 @@ u64 nfs_compat_user_ino64(u64 fileid) ino ^= fileid >> (sizeof(fileid)-sizeof(ino)) * 8; return ino; } +EXPORT_SYMBOL_GPL(nfs_compat_user_ino64); int nfs_drop_inode(struct inode *inode) { diff --git a/fs/nfs/internal.h b/fs/nfs/internal.h index 430733e3eff2..f5555a71a733 100644 --- a/fs/nfs/internal.h +++ b/fs/nfs/internal.h @@ -451,6 +451,7 @@ extern void nfs_zap_acl_cache(struct inode *inode); extern void nfs_set_cache_invalid(struct inode *inode, unsigned long flags); extern bool nfs_check_cache_invalid(struct inode *, unsigned long); extern int nfs_wait_bit_killable(struct wait_bit_key *key, int mode); +extern u64 nfs_compat_user_ino64(const struct *inode); #if IS_ENABLED(CONFIG_NFS_LOCALIO) /* localio.c */ diff --git a/fs/nfs/namespace.c b/fs/nfs/namespace.c index e7494cdd957e..d9b1e0606833 100644 --- a/fs/nfs/namespace.c +++ b/fs/nfs/namespace.c @@ -232,11 +232,13 @@ nfs_namespace_setattr(struct mnt_idmap *idmap, struct dentry *dentry, const struct inode_operations nfs_mountpoint_inode_operations = { .getattr = nfs_getattr, .setattr = nfs_setattr, + .get_ino = nfs_compat_user_ino64, }; const struct inode_operations nfs_referral_inode_operations = { .getattr = nfs_namespace_getattr, .setattr = nfs_namespace_setattr, + .get_ino = nfs_compat_user_ino64, }; static void nfs_expire_automounts(struct work_struct *work) diff --git a/fs/stat.c b/fs/stat.c index 41e598376d7e..05636919f94b 100644 --- a/fs/stat.c +++ b/fs/stat.c @@ -50,7 +50,7 @@ void generic_fillattr(struct mnt_idmap *idmap, u32 request_mask, vfsgid_t vfsgid = i_gid_into_vfsgid(idmap, inode); stat->dev = inode->i_sb->s_dev; - stat->ino = inode->i_ino; + stat->ino = inode_get_ino(inode); stat->mode = inode->i_mode; stat->nlink = inode->i_nlink; stat->uid = vfsuid_into_kuid(vfsuid); diff --git a/include/linux/fs.h b/include/linux/fs.h index e3c603d01337..0eba09a21cf7 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -2165,6 +2165,7 @@ struct inode_operations { struct dentry *dentry, struct fileattr *fa); int (*fileattr_get)(struct dentry *dentry, struct fileattr *fa); struct offset_ctx *(*get_offset_ctx)(struct inode *inode); + u64 (*get_ino)(const struct inode *inode); } ____cacheline_aligned; static inline int call_mmap(struct file *file, struct vm_area_struct *vma) @@ -2172,6 +2173,14 @@ static inline int call_mmap(struct file *file, struct vm_area_struct *vma) return file->f_op->mmap(file, vma); } +static inline u64 inode_get_ino(struct inode *inode) +{ + if (unlikely(inode->i_op->get_ino)) + return inode->i_op->get_ino(inode); + + return inode->i_ino; +} + extern ssize_t vfs_read(struct file *, char __user *, size_t, loff_t *); extern ssize_t vfs_write(struct file *, const char __user *, size_t, loff_t *); extern ssize_t vfs_copy_file_range(struct file *, loff_t , struct file *, From patchwork Thu Oct 10 15:26:42 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= X-Patchwork-Id: 13830412 X-Patchwork-Delegate: paul@paul-moore.com Received: from smtp-8faa.mail.infomaniak.ch (smtp-8faa.mail.infomaniak.ch [83.166.143.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BFC0B1CC8BB for ; Thu, 10 Oct 2024 15:27:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=83.166.143.170 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728574029; cv=none; b=pV+YePCePonwDJYpPa5hjinxPNEjGArT/KWnMr/nkZECWwmsR639xJdKfB4YzBgPr6KJDghJU+j5M79qkZmsC2YGdcPN2w1OLPeN/ufatD09qKnRGUqFtnAlpipsUvSCOZ3oNZ/OsifxI0ao3gSRcWGXbhZKzAkrzXuEaFBUdFM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728574029; c=relaxed/simple; bh=IP04WyH8b5ClX6RyMbLRjoix/rEmabeVB5T705Da+EI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=lB7yN8z3RU+Ye5pdJBBmWq/KX1IM7fGZAJ+Ag2zY9rg6NIMXUqUc0BH3P2Sra+N1kW2e1jBChkMAU64MvaDZswLT0nZmQ3RUoBfi0zCQ7o9NEKyoo2ZMOFV8rb+c2LTN1RE73od/2WYZhO87C2UvjFH3sZDqCweQ9guOL2pDVeU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=digikod.net; spf=pass smtp.mailfrom=digikod.net; dkim=pass (1024-bit key) header.d=digikod.net header.i=@digikod.net header.b=gKW1gsty; arc=none smtp.client-ip=83.166.143.170 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=digikod.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=digikod.net Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=digikod.net header.i=@digikod.net header.b="gKW1gsty" Received: from smtp-3-0000.mail.infomaniak.ch (smtp-3-0000.mail.infomaniak.ch [10.4.36.107]) by smtp-3-3000.mail.infomaniak.ch (Postfix) with ESMTPS id 4XPYX13NR6zVX; Thu, 10 Oct 2024 17:26:57 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digikod.net; s=20191114; t=1728574017; bh=Df586XROJKMF1yQSr381EiSbt/vI6xpJkJY3x0sWo24=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=gKW1gstyIqxFplH2KkdMo3/4XmIDKzp7/O2Ibj1sLoDJfTS6MRKhEY4nvBxMuja5W bYy0A4L+fiNz/URueq3YROpu+osO3p+sBKsvN5EUPTCIl8TWIenJiDHdm8IPu39l1f +y6wzQ55DHIZMxcNqruev0BkrBpS0PAFPPVEOm7g= Received: from unknown by smtp-3-0000.mail.infomaniak.ch (Postfix) with ESMTPA id 4XPYX06nnGz9Rb; Thu, 10 Oct 2024 17:26:56 +0200 (CEST) From: =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= To: Christian Brauner , Paul Moore Cc: =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , linux-fsdevel@vger.kernel.org, linux-nfs@vger.kernel.org, linux-security-module@vger.kernel.org, audit@vger.kernel.org, Eric Paris Subject: [RFC PATCH v1 2/7] audit: Fix inode numbers Date: Thu, 10 Oct 2024 17:26:42 +0200 Message-ID: <20241010152649.849254-2-mic@digikod.net> In-Reply-To: <20241010152649.849254-1-mic@digikod.net> References: <20241010152649.849254-1-mic@digikod.net> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Infomaniak-Routing: alpha Use the new inode_get_ino() helper to log the user space's view of inode's numbers instead of the private kernel values. Cc: Paul Moore Cc: Eric Paris Signed-off-by: Mickaël Salaün Acked-by: Paul Moore --- security/lsm_audit.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/security/lsm_audit.c b/security/lsm_audit.c index 849e832719e2..c39a22b27cce 100644 --- a/security/lsm_audit.c +++ b/security/lsm_audit.c @@ -227,7 +227,7 @@ static void dump_common_audit_data(struct audit_buffer *ab, if (inode) { audit_log_format(ab, " dev="); audit_log_untrustedstring(ab, inode->i_sb->s_id); - audit_log_format(ab, " ino=%lu", inode->i_ino); + audit_log_format(ab, " ino=%llu", inode_get_ino(inode)); } break; } @@ -240,7 +240,7 @@ static void dump_common_audit_data(struct audit_buffer *ab, if (inode) { audit_log_format(ab, " dev="); audit_log_untrustedstring(ab, inode->i_sb->s_id); - audit_log_format(ab, " ino=%lu", inode->i_ino); + audit_log_format(ab, " ino=%llu", inode_get_ino(inode)); } break; } @@ -253,7 +253,7 @@ static void dump_common_audit_data(struct audit_buffer *ab, if (inode) { audit_log_format(ab, " dev="); audit_log_untrustedstring(ab, inode->i_sb->s_id); - audit_log_format(ab, " ino=%lu", inode->i_ino); + audit_log_format(ab, " ino=%llu", inode_get_ino(inode)); } audit_log_format(ab, " ioctlcmd=0x%hx", a->u.op->cmd); @@ -271,7 +271,7 @@ static void dump_common_audit_data(struct audit_buffer *ab, if (inode) { audit_log_format(ab, " dev="); audit_log_untrustedstring(ab, inode->i_sb->s_id); - audit_log_format(ab, " ino=%lu", inode->i_ino); + audit_log_format(ab, " ino=%llu", inode_get_ino(inode)); } break; } @@ -290,7 +290,7 @@ static void dump_common_audit_data(struct audit_buffer *ab, } audit_log_format(ab, " dev="); audit_log_untrustedstring(ab, inode->i_sb->s_id); - audit_log_format(ab, " ino=%lu", inode->i_ino); + audit_log_format(ab, " ino=%llu", inode_get_ino(inode)); rcu_read_unlock(); break; } From patchwork Thu Oct 10 15:26:43 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= X-Patchwork-Id: 13830411 X-Patchwork-Delegate: paul@paul-moore.com Received: from smtp-8fad.mail.infomaniak.ch (smtp-8fad.mail.infomaniak.ch [83.166.143.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8BF491CCB22 for ; Thu, 10 Oct 2024 15:27:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=83.166.143.173 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728574029; cv=none; b=gg5YFP765yrruK0QnAjTSKuDh3gNtiNlp0+daGPe3zzKZd52dt9Z/hjKLuXXkLLLITuoXwqbKzhKbwb/fucX9c5h1AnZKvYl1k/NQyh0rWPgQzlyRU6lVHcbRoH617VWlhQTE1p2iOe4RATT7kve5cWON1GmK2SopU9zn9RNUE4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728574029; c=relaxed/simple; bh=b9m/+J0NHIYt2XBf4REoel7im/5tGdJ8vx2caisRitU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=OjywbER8AylyCT/ZcA+uk7vKCSymZfU1loA4aVTwH2Fien0KWTchD73qwYl/MwkUY8fLXGSb0jRIyRq63VpnvX+/Wqgd1z5/CDFCruDun/TarC3Zj+0NtPUF6zsQjiOidOqPhddf+YmNqVp+McTvFmiV4EB2een0BGW+wdOUTm0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=digikod.net; spf=pass smtp.mailfrom=digikod.net; dkim=pass (1024-bit key) header.d=digikod.net header.i=@digikod.net header.b=kxzGWNz8; arc=none smtp.client-ip=83.166.143.173 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=digikod.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=digikod.net Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=digikod.net header.i=@digikod.net header.b="kxzGWNz8" Received: from smtp-4-0000.mail.infomaniak.ch (unknown [IPv6:2001:1600:7:10:40ca:feff:fe05:0]) by smtp-4-3000.mail.infomaniak.ch (Postfix) with ESMTPS id 4XPYX23TrVz6C1; Thu, 10 Oct 2024 17:26:58 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digikod.net; s=20191114; t=1728574018; bh=AvPae8614W2IhRWzUsWrgc6FU1WWWePg3y3V213ZELM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=kxzGWNz8JdR99s0m1e7yN3Ny21/+iH2p9EBA4vF4rLkWIt1vU6NxgFwpsBOQaYgml cWhnNyw/uaMeE1SxnntnZ3bF1Xjo+IHSiHdHf1Qm5SCSmgA6MBkgOGpNkjYgQ9Hz2Q 13aB+ZJzPIuua1hXfXD5ZzhcgDehAH4SKr1acYAU= Received: from unknown by smtp-4-0000.mail.infomaniak.ch (Postfix) with ESMTPA id 4XPYX172zpzBF7; Thu, 10 Oct 2024 17:26:57 +0200 (CEST) From: =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= To: Christian Brauner , Paul Moore Cc: =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , linux-fsdevel@vger.kernel.org, linux-nfs@vger.kernel.org, linux-security-module@vger.kernel.org, audit@vger.kernel.org, Stephen Smalley , Ondrej Mosnacek Subject: [RFC PATCH v1 3/7] selinux: Fix inode numbers in error messages Date: Thu, 10 Oct 2024 17:26:43 +0200 Message-ID: <20241010152649.849254-3-mic@digikod.net> In-Reply-To: <20241010152649.849254-1-mic@digikod.net> References: <20241010152649.849254-1-mic@digikod.net> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Infomaniak-Routing: alpha Use the new inode_get_ino() helper to log the user space's view of inode's numbers instead of the private kernel values. Cc: Paul Moore Cc: Stephen Smalley Cc: Ondrej Mosnacek Signed-off-by: Mickaël Salaün Acked-by: Paul Moore --- security/selinux/hooks.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index fc926d3cac6e..60b31b35f475 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -1384,8 +1384,8 @@ static int inode_doinit_use_xattr(struct inode *inode, struct dentry *dentry, if (rc < 0) { kfree(context); if (rc != -ENODATA) { - pr_warn("SELinux: %s: getxattr returned %d for dev=%s ino=%ld\n", - __func__, -rc, inode->i_sb->s_id, inode->i_ino); + pr_warn("SELinux: %s: getxattr returned %d for dev=%s ino=%llu\n", + __func__, -rc, inode->i_sb->s_id, inode_get_ino(inode)); return rc; } *sid = def_sid; @@ -1396,13 +1396,13 @@ static int inode_doinit_use_xattr(struct inode *inode, struct dentry *dentry, def_sid, GFP_NOFS); if (rc) { char *dev = inode->i_sb->s_id; - unsigned long ino = inode->i_ino; + u64 ino = inode_get_ino(inode); if (rc == -EINVAL) { - pr_notice_ratelimited("SELinux: inode=%lu on dev=%s was found to have an invalid context=%s. This indicates you may need to relabel the inode or the filesystem in question.\n", + pr_notice_ratelimited("SELinux: inode=%llu on dev=%s was found to have an invalid context=%s. This indicates you may need to relabel the inode or the filesystem in question.\n", ino, dev, context); } else { - pr_warn("SELinux: %s: context_to_sid(%s) returned %d for dev=%s ino=%ld\n", + pr_warn("SELinux: %s: context_to_sid(%s) returned %d for dev=%s ino=%llu\n", __func__, context, -rc, dev, ino); } } @@ -3324,8 +3324,8 @@ static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name, &newsid); if (rc) { pr_err("SELinux: unable to map context to SID" - "for (%s, %lu), rc=%d\n", - inode->i_sb->s_id, inode->i_ino, -rc); + "for (%s, %llu), rc=%d\n", + inode->i_sb->s_id, inode_get_ino(inode), -rc); return; } From patchwork Thu Oct 10 15:26:44 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= X-Patchwork-Id: 13830415 X-Patchwork-Delegate: paul@paul-moore.com Received: from smtp-42a9.mail.infomaniak.ch (smtp-42a9.mail.infomaniak.ch [84.16.66.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7BED71CCB27 for ; Thu, 10 Oct 2024 15:27:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=84.16.66.169 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728574029; cv=none; b=hDt53U/UGdzlEXKwPb+cMh8wJ7joEOnxzh7QGbd8fVVL7Ec5T8IgXzzhYBX4zR+Y0bHJyrPW05EbCXu2WQ9fh5kwnM2ryPAxSqCRj+2WTodaZjfrbQKtWcIBS+6YOKiAkUGrn8hQY7Zy334swjky86WQVCz0xR2BBP+l+GuI+qg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728574029; c=relaxed/simple; bh=Vri/r0kNCh5EU1OTk7JJRg44INfy3aDynIPyEgdheKw=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=o6ufZ9LEQEeq016SZ0tAA2S1e6+/00Odgf48TP+PwA9QGzTS4afkBDCh2G2bCDA4+XJVsSIxVYu9TxX3aQ3xp0F8n850fIFmnZzD/9ayj0jbZx+Qr8z/OC5/EakaNMb2gHNIwjSz93eCopHhwJ7dasw8zr1MBFo+1fFZyeh853Q= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=digikod.net; spf=pass smtp.mailfrom=digikod.net; dkim=pass (1024-bit key) header.d=digikod.net header.i=@digikod.net header.b=hWNGFBMf; arc=none smtp.client-ip=84.16.66.169 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=digikod.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=digikod.net Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=digikod.net header.i=@digikod.net header.b="hWNGFBMf" Received: from smtp-4-0001.mail.infomaniak.ch (unknown [IPv6:2001:1600:7:10:40ca:feff:fe05:1]) by smtp-4-3000.mail.infomaniak.ch (Postfix) with ESMTPS id 4XPYX4594xz66K; Thu, 10 Oct 2024 17:27:00 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digikod.net; s=20191114; t=1728574020; bh=SdLulSzLT9TYl10U9ZqAnL7lkf3eOC+kIIq0uoFGsDk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=hWNGFBMfIp1QSTsWRQlrQDxzvxvOygpg0kHOobA5wJtDJY3BwxjkdEX1oRPf7WJ7z laIho5wqdxc7WL98l7jtNzi5MDL6aRLiAmClXYe8IGACDGSUoCtKP/Sd/bbRI/j7bz FJjktKckl2gMB65AcGalWicLifgoj9td+JomvmZc= Received: from unknown by smtp-4-0001.mail.infomaniak.ch (Postfix) with ESMTPA id 4XPYX2758tzSKb; Thu, 10 Oct 2024 17:26:58 +0200 (CEST) From: =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= To: Christian Brauner , Paul Moore Cc: =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , linux-fsdevel@vger.kernel.org, linux-nfs@vger.kernel.org, linux-security-module@vger.kernel.org, audit@vger.kernel.org, Mimi Zohar , Roberto Sassu , Dmitry Kasatkin , Eric Snowberg Subject: [RFC PATCH v1 4/7] integrity: Fix inode numbers in audit records Date: Thu, 10 Oct 2024 17:26:44 +0200 Message-ID: <20241010152649.849254-4-mic@digikod.net> In-Reply-To: <20241010152649.849254-1-mic@digikod.net> References: <20241010152649.849254-1-mic@digikod.net> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Infomaniak-Routing: alpha Use the new inode_get_ino() helper to log the user space's view of inode's numbers instead of the private kernel values. Cc: Mimi Zohar Cc: Roberto Sassu Cc: Dmitry Kasatkin Cc: Eric Snowberg Signed-off-by: Mickaël Salaün --- security/integrity/integrity_audit.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/integrity/integrity_audit.c b/security/integrity/integrity_audit.c index 0ec5e4c22cb2..e344d5bcf99c 100644 --- a/security/integrity/integrity_audit.c +++ b/security/integrity/integrity_audit.c @@ -62,7 +62,7 @@ void integrity_audit_message(int audit_msgno, struct inode *inode, if (inode) { audit_log_format(ab, " dev="); audit_log_untrustedstring(ab, inode->i_sb->s_id); - audit_log_format(ab, " ino=%lu", inode->i_ino); + audit_log_format(ab, " ino=%llu", inode_get_ino(inode)); } audit_log_format(ab, " res=%d errno=%d", !result, errno); audit_log_end(ab); From patchwork Thu Oct 10 15:26:45 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= X-Patchwork-Id: 13830417 X-Patchwork-Delegate: paul@paul-moore.com Received: from smtp-42a9.mail.infomaniak.ch (smtp-42a9.mail.infomaniak.ch [84.16.66.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7E9901CCB4E for ; Thu, 10 Oct 2024 15:27:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=84.16.66.169 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728574030; cv=none; b=N9YBnRb1/9NYSK1zmVvPewZjI9H6VCOeUor6qCMpd7dtNxpwtG0NE5fAjWTh9htAomqTIm0kH84oY/XLOWcDrowncY/XD6GMldHeI3xWrnx2Ec0J9cx0k5S35bW+sx9uy7AvVkHD8Bp23q44ILFdpbhOas1pptonTdGt4X95Kq8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728574030; c=relaxed/simple; bh=8mYX1qnXDm7Tyw5nzXRttaxTYfM94c2OY6x8h1WhS4g=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=cOEzDwQHy6WjbzY1z3C03gUcc/pwwDbbE+coM/G2L9IoTQwh01ZcSzC7jqOZbkAPprzImu/tHMqPP3Yh0pHC3z3GqcOu5Bneioa5nGPNofhOupg5Gq4VA5NxcrFRwqIwENqbXTfnUW6r4gpbicZEASlKbhPUc/ucMkd9sJjeIAQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=digikod.net; spf=pass smtp.mailfrom=digikod.net; dkim=pass (1024-bit key) header.d=digikod.net header.i=@digikod.net header.b=DQuSc0S/; arc=none smtp.client-ip=84.16.66.169 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=digikod.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=digikod.net Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=digikod.net header.i=@digikod.net header.b="DQuSc0S/" Received: from smtp-4-0001.mail.infomaniak.ch (smtp-4-0001.mail.infomaniak.ch [10.7.10.108]) by smtp-4-3000.mail.infomaniak.ch (Postfix) with ESMTPS id 4XPYX54qCNz66M; Thu, 10 Oct 2024 17:27:01 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digikod.net; s=20191114; t=1728574021; bh=6EsIR1F1yBU2hfVkY0ZIPc1OPufElDnPGIffuAFYdkA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=DQuSc0S/Ny+YDvPYnjRuf8f+8NM9BqlzaFNeWIUkIjw5ZeSdD98cqeYyJ8Zn2NGsz BwDPqVU8ThHfRRRWUZ5nr7oyBYflHdNeLTiU8NGXveUCHvcmYZUC51B6f/WwErS+cU Ca8xPxbcxAtqWEPyogCK0JN988I2zgIKcSSgSKjk= Received: from unknown by smtp-4-0001.mail.infomaniak.ch (Postfix) with ESMTPA id 4XPYX51gnRzS2C; Thu, 10 Oct 2024 17:27:01 +0200 (CEST) From: =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= To: Christian Brauner , Paul Moore Cc: =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , linux-fsdevel@vger.kernel.org, linux-nfs@vger.kernel.org, linux-security-module@vger.kernel.org, audit@vger.kernel.org, Fan Wu Subject: [RFC PATCH v1 5/7] ipe: Fix inode numbers in audit records Date: Thu, 10 Oct 2024 17:26:45 +0200 Message-ID: <20241010152649.849254-5-mic@digikod.net> In-Reply-To: <20241010152649.849254-1-mic@digikod.net> References: <20241010152649.849254-1-mic@digikod.net> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Infomaniak-Routing: alpha Use the new inode_get_ino() helper to log the user space's view of inode's numbers instead of the private kernel values. Cc: Fan Wu Signed-off-by: Mickaël Salaün Acked-by: Fan Wu --- security/ipe/audit.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/ipe/audit.c b/security/ipe/audit.c index f05f0caa4850..72d3e02c2b5f 100644 --- a/security/ipe/audit.c +++ b/security/ipe/audit.c @@ -150,7 +150,7 @@ void ipe_audit_match(const struct ipe_eval_ctx *const ctx, if (inode) { audit_log_format(ab, " dev="); audit_log_untrustedstring(ab, inode->i_sb->s_id); - audit_log_format(ab, " ino=%lu", inode->i_ino); + audit_log_format(ab, " ino=%llu", inode_get_ino(inode)); } else { audit_log_format(ab, " dev=? ino=?"); } From patchwork Thu Oct 10 15:26:46 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= X-Patchwork-Id: 13830413 X-Patchwork-Delegate: paul@paul-moore.com Received: from smtp-8faa.mail.infomaniak.ch (smtp-8faa.mail.infomaniak.ch [83.166.143.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BFC601CC8BC for ; Thu, 10 Oct 2024 15:27:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=83.166.143.170 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728574029; cv=none; b=EzM3RatHXedcspePZKhXw5Pe7LJAFX/ixe6fz9bB3nOAAvxj/tBuPZwyXH3iiNlXW/M7LszrzSxoOZ2HioszuXWaFwmtlNWY8nIw9yhc54zyulVz8TTYLDgYQOD22qYqb59RNZg+YjlZBDxTlTDCkVZooLBXImm9j4gJySFWrtw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728574029; c=relaxed/simple; bh=ryBbVbP+eCu4Chmt9r8z0TKeMs0QNaJcFFaozpvWy6k=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=hchX/HJ6FRE7GUE3qrYGnmKt2cGM1l4p8Yw9XvthcB3G7nt/0UlyxGMHVDaxM+1wMhu4pzKtgzFp8OiP1gpQ3pnPJGDxFAa5gCiHv/hMbGqvyZxTueZeqNcD8zy1d+8RlABC3ujcj1gzXW7AMVyt86CfHT76hp7qOt7AMyGPDxE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=digikod.net; spf=pass smtp.mailfrom=digikod.net; dkim=pass (1024-bit key) header.d=digikod.net header.i=@digikod.net header.b=iuF2wfRk; arc=none smtp.client-ip=83.166.143.170 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=digikod.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=digikod.net Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=digikod.net header.i=@digikod.net header.b="iuF2wfRk" Received: from smtp-3-0000.mail.infomaniak.ch (unknown [IPv6:2001:1600:4:17::246b]) by smtp-3-3000.mail.infomaniak.ch (Postfix) with ESMTPS id 4XPYX663BxzdR; Thu, 10 Oct 2024 17:27:02 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digikod.net; s=20191114; t=1728574022; bh=jlq3WMYYb2u2o19lJZDW1kPWSutQrpjLQmd69+bE43M=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=iuF2wfRkyeYu6EKOgXoVeneuFDbtn7vCOr2DUIxmztTnlwdAzw1qYYx6TCHkhhtz+ w9V83sXxnKBunWfaL236qRsZeF/csBdfEfSmDTUftqaxv75fPASoJuDE0xQ8t6ngI3 VdJSKx/UT5Bx/W3xeGPkpGItyd2t00BFLDjKYrkw= Received: from unknown by smtp-3-0000.mail.infomaniak.ch (Postfix) with ESMTPA id 4XPYX61YlJzB9y; Thu, 10 Oct 2024 17:27:02 +0200 (CEST) From: =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= To: Christian Brauner , Paul Moore Cc: =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , linux-fsdevel@vger.kernel.org, linux-nfs@vger.kernel.org, linux-security-module@vger.kernel.org, audit@vger.kernel.org, Casey Schaufler Subject: [RFC PATCH v1 6/7] smack: Fix inode numbers in logs Date: Thu, 10 Oct 2024 17:26:46 +0200 Message-ID: <20241010152649.849254-6-mic@digikod.net> In-Reply-To: <20241010152649.849254-1-mic@digikod.net> References: <20241010152649.849254-1-mic@digikod.net> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Infomaniak-Routing: alpha Use the new inode_get_ino() helper to log the user space's view of inode's numbers instead of the private kernel values. Cc: Casey Schaufler Signed-off-by: Mickaël Salaün Acked-by: Casey Schaufler --- security/smack/smack_lsm.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 370fd594da12..0be7e442e70f 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -199,8 +199,8 @@ static int smk_bu_inode(struct inode *inode, int mode, int rc) char acc[SMK_NUM_ACCESS_TYPE + 1]; if (isp->smk_flags & SMK_INODE_IMPURE) - pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", - inode->i_sb->s_id, inode->i_ino, current->comm); + pr_info("Smack Unconfined Corruption: inode=(%s %llu) %s\n", + inode->i_sb->s_id, inode_get_ino(inode), current->comm); if (rc <= 0) return rc; @@ -212,9 +212,9 @@ static int smk_bu_inode(struct inode *inode, int mode, int rc) smk_bu_mode(mode, acc); - pr_info("Smack %s: (%s %s %s) inode=(%s %ld) %s\n", smk_bu_mess[rc], + pr_info("Smack %s: (%s %s %s) inode=(%s %llu) %s\n", smk_bu_mess[rc], tsp->smk_task->smk_known, isp->smk_inode->smk_known, acc, - inode->i_sb->s_id, inode->i_ino, current->comm); + inode->i_sb->s_id, inode_get_ino(inode), current->comm); return 0; } #else @@ -231,8 +231,8 @@ static int smk_bu_file(struct file *file, int mode, int rc) char acc[SMK_NUM_ACCESS_TYPE + 1]; if (isp->smk_flags & SMK_INODE_IMPURE) - pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", - inode->i_sb->s_id, inode->i_ino, current->comm); + pr_info("Smack Unconfined Corruption: inode=(%s %llu) %s\n", + inode->i_sb->s_id, inode_get_ino(inode), current->comm); if (rc <= 0) return rc; @@ -240,9 +240,9 @@ static int smk_bu_file(struct file *file, int mode, int rc) rc = 0; smk_bu_mode(mode, acc); - pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc], + pr_info("Smack %s: (%s %s %s) file=(%s %llu %pD) %s\n", smk_bu_mess[rc], sskp->smk_known, smk_of_inode(inode)->smk_known, acc, - inode->i_sb->s_id, inode->i_ino, file, + inode->i_sb->s_id, inode_get_ino(inode), file, current->comm); return 0; } @@ -261,8 +261,8 @@ static int smk_bu_credfile(const struct cred *cred, struct file *file, char acc[SMK_NUM_ACCESS_TYPE + 1]; if (isp->smk_flags & SMK_INODE_IMPURE) - pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n", - inode->i_sb->s_id, inode->i_ino, current->comm); + pr_info("Smack Unconfined Corruption: inode=(%s %llu) %s\n", + inode->i_sb->s_id, inode_get_ino(inode), current->comm); if (rc <= 0) return rc; @@ -270,9 +270,9 @@ static int smk_bu_credfile(const struct cred *cred, struct file *file, rc = 0; smk_bu_mode(mode, acc); - pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc], + pr_info("Smack %s: (%s %s %s) file=(%s %llu %pD) %s\n", smk_bu_mess[rc], sskp->smk_known, smk_of_inode(inode)->smk_known, acc, - inode->i_sb->s_id, inode->i_ino, file, + inode->i_sb->s_id, inode_get_ino(inode), file, current->comm); return 0; } From patchwork Thu Oct 10 15:26:47 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= X-Patchwork-Id: 13830416 X-Patchwork-Delegate: paul@paul-moore.com Received: from smtp-42a9.mail.infomaniak.ch (smtp-42a9.mail.infomaniak.ch [84.16.66.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7BF321CCB28 for ; Thu, 10 Oct 2024 15:27:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=84.16.66.169 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728574029; cv=none; b=W9cqGhWRf7R68WMnrMHkeCmgzSRAIxy5QIrRVCjEgTqmaOWur1oaWGUQPreOzpHfy1GwCEWeJmm5k/WDNWqA16iAm+WJufgSXj95i1uyNZYvxt1okQldYQEscs91ik4uacsfB/DDXVSn1b5+Q1wo+XstPlMYiIzy5ic9Fqrc1o0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728574029; c=relaxed/simple; bh=eOBhKnEXSIV7rYPECudDK6DtOaktNZ5HqAb3X21chGQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=qy/jBQwGrpvhow9EGFB+zoyVcnhECUonYc/a3RksescesQmSwdLHMJsvvQy804jTzLOikzipDDjf16eOaPkkpH7O4YJ8DfLzEfJd8F7t6zlnTCR7h+3MGY84/URzZKOd7YDDfbVADuwO/bja+tt1CkGKE3ptJBGn4uxsMc7uwhU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=digikod.net; spf=pass smtp.mailfrom=digikod.net; dkim=pass (1024-bit key) header.d=digikod.net header.i=@digikod.net header.b=viQD5Unf; arc=none smtp.client-ip=84.16.66.169 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=digikod.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=digikod.net Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=digikod.net header.i=@digikod.net header.b="viQD5Unf" Received: from smtp-4-0000.mail.infomaniak.ch (smtp-4-0000.mail.infomaniak.ch [10.7.10.107]) by smtp-4-3000.mail.infomaniak.ch (Postfix) with ESMTPS id 4XPYX95RxLzskR; Thu, 10 Oct 2024 17:27:05 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digikod.net; s=20191114; t=1728574025; bh=h+xbwtkv9Q0HfRvF0JnaC1JBpxwqk3C/8JEj+tSRoi0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=viQD5UnfVVrkQwxXvKuz2f8rvu3AVr0TTmAand/JkKo3azywinegXl/kkpQsafg0T VQAeNcmxNnuaEkRDlnYVYMVwL/OwkRbvbJxuhpY+kyzuPzTSkeAyzN/77uV+zFXT/O S5ARmU3HrWJQxDdjj9voLP/BZlG+B6mJcPMGTKYg= Received: from unknown by smtp-4-0000.mail.infomaniak.ch (Postfix) with ESMTPA id 4XPYX72DrWzBR4; Thu, 10 Oct 2024 17:27:03 +0200 (CEST) From: =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= To: Christian Brauner , Paul Moore Cc: =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , linux-fsdevel@vger.kernel.org, linux-nfs@vger.kernel.org, linux-security-module@vger.kernel.org, audit@vger.kernel.org, Kentaro Takeda , Tetsuo Handa Subject: [RFC PATCH v1 7/7] tomoyo: Fix inode numbers in logs Date: Thu, 10 Oct 2024 17:26:47 +0200 Message-ID: <20241010152649.849254-7-mic@digikod.net> In-Reply-To: <20241010152649.849254-1-mic@digikod.net> References: <20241010152649.849254-1-mic@digikod.net> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Infomaniak-Routing: alpha Use the new inode_get_ino() helper to log the user space's view of inode's numbers instead of the private kernel values. Cc: Kentaro Takeda Cc: Tetsuo Handa Signed-off-by: Mickaël Salaün --- Because of the required type changes, there might be some side effects. Please review carefully. --- security/tomoyo/common.h | 4 ++-- security/tomoyo/condition.c | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h index 0e8e2e959aef..c670a8e3c351 100644 --- a/security/tomoyo/common.h +++ b/security/tomoyo/common.h @@ -524,7 +524,7 @@ struct tomoyo_name_union { /* Structure for holding a number. */ struct tomoyo_number_union { - unsigned long values[2]; + u64 values[2]; struct tomoyo_group *group; /* Maybe NULL. */ /* One of values in "enum tomoyo_value_type". */ u8 value_type[2]; @@ -567,7 +567,7 @@ struct tomoyo_address_group { struct tomoyo_mini_stat { kuid_t uid; kgid_t gid; - ino_t ino; + u64 ino; umode_t mode; dev_t dev; dev_t rdev; diff --git a/security/tomoyo/condition.c b/security/tomoyo/condition.c index f8bcc083bb0d..a44ea574fd89 100644 --- a/security/tomoyo/condition.c +++ b/security/tomoyo/condition.c @@ -741,7 +741,7 @@ void tomoyo_get_attributes(struct tomoyo_obj_info *obj) stat->uid = inode->i_uid; stat->gid = inode->i_gid; - stat->ino = inode->i_ino; + stat->ino = inode_get_ino(inode); stat->mode = inode->i_mode; stat->dev = inode->i_sb->s_dev; stat->rdev = inode->i_rdev; @@ -766,8 +766,8 @@ bool tomoyo_condition(struct tomoyo_request_info *r, const struct tomoyo_condition *cond) { u32 i; - unsigned long min_v[2] = { 0, 0 }; - unsigned long max_v[2] = { 0, 0 }; + u64 min_v[2] = { 0, 0 }; + u64 max_v[2] = { 0, 0 }; const struct tomoyo_condition_element *condp; const struct tomoyo_number_union *numbers_p; const struct tomoyo_name_union *names_p; @@ -834,7 +834,7 @@ bool tomoyo_condition(struct tomoyo_request_info *r, /* Check numeric or bit-op expressions. */ for (j = 0; j < 2; j++) { const u8 index = j ? right : left; - unsigned long value = 0; + u64 value = 0; switch (index) { case TOMOYO_TASK_UID: