From: Roberto Sassu roberto.sassu@huawei.com
Use __vfs_getxattr() instead of vfs_getxattr(), in preparation for deprecating using the vfs_ interfaces for retrieving fscaps.
__vfs_getxattr() is only used for debugging purposes, to check if kernel space and user space see the same xattr value.
Cc: stable@vger.kernel.org # 5.14.x Cc: linux-fsdevel@vger.kernel.org Cc: Christian Brauner brauner@kernel.org Cc: Seth Forshee (DigitalOcean) sforshee@kernel.org Fixes: 907a399de7b0 ("evm: Check xattr size discrepancy between kernel and user") Signed-off-by: Roberto Sassu roberto.sassu@huawei.com --- security/integrity/evm/evm_crypto.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/security/integrity/evm/evm_crypto.c b/security/integrity/evm/evm_crypto.c index b1ffd4cc0b44..168d98c63513 100644 --- a/security/integrity/evm/evm_crypto.c +++ b/security/integrity/evm/evm_crypto.c @@ -278,8 +278,8 @@ static int evm_calc_hmac_or_hash(struct dentry *dentry, if (size < 0) continue;
- user_space_size = vfs_getxattr(&nop_mnt_idmap, dentry, - xattr->name, NULL, 0); + user_space_size = __vfs_getxattr(dentry, inode, xattr->name, + NULL, 0); if (user_space_size != size) pr_debug("file %s: xattr %s size mismatch (kernel: %d, user: %d)\n", dentry->d_name.name, xattr->name, size,
On Thu, Mar 07, 2024 at 01:22:39PM +0100, Roberto Sassu wrote:
From: Roberto Sassu roberto.sassu@huawei.com
Use __vfs_getxattr() instead of vfs_getxattr(), in preparation for deprecating using the vfs_ interfaces for retrieving fscaps.
__vfs_getxattr() is only used for debugging purposes, to check if kernel space and user space see the same xattr value.
__vfs_getxattr() won't give you the value as seen by userspace though. Userspace goes through vfs_getxattr() -> xattr_getsecurity() -> cap_inode_getsecurity(), which does the conversion to the value userspace sees. __vfs_getxattr() just gives the raw disk data.
I'm also currently working on changes to my fscaps series that will make it so that __vfs_getxattr() also cannot be used to read fscaps xattrs. I'll fix this and other code in EVM which will be broken by that change as part of the next version too.
Cc: stable@vger.kernel.org # 5.14.x Cc: linux-fsdevel@vger.kernel.org Cc: Christian Brauner brauner@kernel.org Cc: Seth Forshee (DigitalOcean) sforshee@kernel.org Fixes: 907a399de7b0 ("evm: Check xattr size discrepancy between kernel and user") Signed-off-by: Roberto Sassu roberto.sassu@huawei.com
security/integrity/evm/evm_crypto.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/security/integrity/evm/evm_crypto.c b/security/integrity/evm/evm_crypto.c index b1ffd4cc0b44..168d98c63513 100644 --- a/security/integrity/evm/evm_crypto.c +++ b/security/integrity/evm/evm_crypto.c @@ -278,8 +278,8 @@ static int evm_calc_hmac_or_hash(struct dentry *dentry, if (size < 0) continue;
user_space_size = vfs_getxattr(&nop_mnt_idmap, dentry,xattr->name, NULL, 0);
user_space_size = __vfs_getxattr(dentry, inode, xattr->name,NULL, 0);-- 2.34.1
On Thu, 2024-03-07 at 08:31 -0600, Seth Forshee wrote:
On Thu, Mar 07, 2024 at 01:22:39PM +0100, Roberto Sassu wrote:
From: Roberto Sassu roberto.sassu@huawei.com
Use __vfs_getxattr() instead of vfs_getxattr(), in preparation for deprecating using the vfs_ interfaces for retrieving fscaps.
__vfs_getxattr() is only used for debugging purposes, to check if kernel space and user space see the same xattr value.
__vfs_getxattr() won't give you the value as seen by userspace though. Userspace goes through vfs_getxattr() -> xattr_getsecurity() -> cap_inode_getsecurity(), which does the conversion to the value userspace sees. __vfs_getxattr() just gives the raw disk data.
I'm also currently working on changes to my fscaps series that will make it so that __vfs_getxattr() also cannot be used to read fscaps xattrs. I'll fix this and other code in EVM which will be broken by that change as part of the next version too.
You are right, thank you!
Roberto
Cc: stable@vger.kernel.org # 5.14.x Cc: linux-fsdevel@vger.kernel.org Cc: Christian Brauner brauner@kernel.org Cc: Seth Forshee (DigitalOcean) sforshee@kernel.org Fixes: 907a399de7b0 ("evm: Check xattr size discrepancy between kernel and user") Signed-off-by: Roberto Sassu roberto.sassu@huawei.com
security/integrity/evm/evm_crypto.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/security/integrity/evm/evm_crypto.c b/security/integrity/evm/evm_crypto.c index b1ffd4cc0b44..168d98c63513 100644 --- a/security/integrity/evm/evm_crypto.c +++ b/security/integrity/evm/evm_crypto.c @@ -278,8 +278,8 @@ static int evm_calc_hmac_or_hash(struct dentry *dentry, if (size < 0) continue;
user_space_size = vfs_getxattr(&nop_mnt_idmap, dentry,xattr->name, NULL, 0);
user_space_size = __vfs_getxattr(dentry, inode, xattr->name,NULL, 0);-- 2.34.1
On Thu, 2024-03-07 at 15:36 +0100, Roberto Sassu wrote:
On Thu, 2024-03-07 at 08:31 -0600, Seth Forshee wrote:
On Thu, Mar 07, 2024 at 01:22:39PM +0100, Roberto Sassu wrote:
From: Roberto Sassu roberto.sassu@huawei.com
Use __vfs_getxattr() instead of vfs_getxattr(), in preparation for deprecating using the vfs_ interfaces for retrieving fscaps.
__vfs_getxattr() is only used for debugging purposes, to check if kernel space and user space see the same xattr value.
__vfs_getxattr() won't give you the value as seen by userspace though. Userspace goes through vfs_getxattr() -> xattr_getsecurity() -> cap_inode_getsecurity(), which does the conversion to the value userspace sees. __vfs_getxattr() just gives the raw disk data.
I'm also currently working on changes to my fscaps series that will make it so that __vfs_getxattr() also cannot be used to read fscaps xattrs. I'll fix this and other code in EVM which will be broken by that change as part of the next version too.
You are right, thank you!
(Apologies, I should have been more careful).
Roberto
Roberto
Cc: stable@vger.kernel.org # 5.14.x Cc: linux-fsdevel@vger.kernel.org Cc: Christian Brauner brauner@kernel.org Cc: Seth Forshee (DigitalOcean) sforshee@kernel.org Fixes: 907a399de7b0 ("evm: Check xattr size discrepancy between kernel and user") Signed-off-by: Roberto Sassu roberto.sassu@huawei.com
security/integrity/evm/evm_crypto.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/security/integrity/evm/evm_crypto.c b/security/integrity/evm/evm_crypto.c index b1ffd4cc0b44..168d98c63513 100644 --- a/security/integrity/evm/evm_crypto.c +++ b/security/integrity/evm/evm_crypto.c @@ -278,8 +278,8 @@ static int evm_calc_hmac_or_hash(struct dentry *dentry, if (size < 0) continue;
user_space_size = vfs_getxattr(&nop_mnt_idmap, dentry,xattr->name, NULL, 0);
user_space_size = __vfs_getxattr(dentry, inode, xattr->name,NULL, 0);-- 2.34.1
linux-stable-mirror@lists.linaro.org
-
Roberto Sassu -
Seth Forshee