On Thu, Mar 07, 2024 at 01:22:39PM +0100, Roberto Sassu wrote:
From: Roberto Sassu roberto.sassu@huawei.com
Use __vfs_getxattr() instead of vfs_getxattr(), in preparation for deprecating using the vfs_ interfaces for retrieving fscaps.
__vfs_getxattr() is only used for debugging purposes, to check if kernel space and user space see the same xattr value.
__vfs_getxattr() won't give you the value as seen by userspace though. Userspace goes through vfs_getxattr() -> xattr_getsecurity() -> cap_inode_getsecurity(), which does the conversion to the value userspace sees. __vfs_getxattr() just gives the raw disk data.
I'm also currently working on changes to my fscaps series that will make it so that __vfs_getxattr() also cannot be used to read fscaps xattrs. I'll fix this and other code in EVM which will be broken by that change as part of the next version too.
Cc: stable@vger.kernel.org # 5.14.x Cc: linux-fsdevel@vger.kernel.org Cc: Christian Brauner brauner@kernel.org Cc: Seth Forshee (DigitalOcean) sforshee@kernel.org Fixes: 907a399de7b0 ("evm: Check xattr size discrepancy between kernel and user") Signed-off-by: Roberto Sassu roberto.sassu@huawei.com
security/integrity/evm/evm_crypto.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/security/integrity/evm/evm_crypto.c b/security/integrity/evm/evm_crypto.c index b1ffd4cc0b44..168d98c63513 100644 --- a/security/integrity/evm/evm_crypto.c +++ b/security/integrity/evm/evm_crypto.c @@ -278,8 +278,8 @@ static int evm_calc_hmac_or_hash(struct dentry *dentry, if (size < 0) continue;
user_space_size = vfs_getxattr(&nop_mnt_idmap, dentry,
xattr->name, NULL, 0);
user_space_size = __vfs_getxattr(dentry, inode, xattr->name,
if (user_space_size != size) pr_debug("file %s: xattr %s size mismatch (kernel: %d, user: %d)\n", dentry->d_name.name, xattr->name, size,NULL, 0);
-- 2.34.1