On Mon, Oct 02, 2023 at 04:22:25PM +0300, Amir Goldstein wrote: > On Mon, Oct 2, 2023 at 3:57 PM Stefan Berger <[email protected]> > wrote: > > > > From: Stefan Berger <[email protected]> > > > > When vfs_getattr_nosec() calls a filesystem's getattr interface function > > then the 'nosec' should propagate into this function so that > > vfs_getattr_nosec() can again be called from the filesystem's gettattr > > rather than vfs_getattr(). The latter would add unnecessary security > > checks that the initial vfs_getattr_nosec() call wanted to avoid. > > Therefore, introduce the getattr flag GETATTR_NOSEC and allow to pass > > with the new getattr_flags parameter to the getattr interface function. > > In overlayfs and ecryptfs use this flag to determine which one of the > > two functions to call. > > > > In a recent code change introduced to IMA vfs_getattr_nosec() ended up > > calling vfs_getattr() in overlayfs, which in turn called > > security_inode_getattr() on an exiting process that did not have > > current->fs set anymore, which then caused a kernel NULL pointer > > dereference. With this change the call to security_inode_getattr() can > > be avoided, thus avoiding the NULL pointer dereference. > > > > Reported-by: [email protected] > > Fixes: db1d1e8b9867 ("IMA: use vfs_getattr_nosec to get the i_version") > > Cc: Alexander Viro <[email protected]> > > Cc: [email protected] > > Cc: Miklos Szeredi <[email protected]> > > Cc: Amir Goldstein <[email protected]> > > Cc: Tyler Hicks <[email protected]> > > Cc: Mimi Zohar <[email protected]> > > Suggested-by: Christian Brauner <[email protected]> > > Co-developed-by: Amir Goldstein <[email protected]> > > Signed-off-by: Stefan Berger <[email protected]> > > --- > > Reviewed-by: Amir Goldstein <[email protected]> > > Now let's see what vfs maintainers think about this...
Seems fine overall. We kind of need to propagate the knowledge through the layers. But I don't like that we need something like it...
