[OpenAFS] OpenAFS 1.8.7 on Linux systems running Crowdstrike
falcon-sensor
Martin Kelly
martin.kelly@crowdstrike.com
Thu, 11 Mar 2021 22:30:04 +0000
------=_NextPart_000_002F_01D71682.BD763840
Content-Type: text/plain;
charset="UTF-8"
Content-Transfer-Encoding: 7bit
> The bad news is, override_creds isn't going to fix this, because current->fs
> isn't part of the creds. It's still going to be null (h/t jhutz)
> The less bad news is, I think this will only affect closing a deleted file.
> Other operations should not trigger cache I/O after a flush. (exit_files,
> which occurs before exit_fs, called flush and fput, but fput these days
> doesn't do the work immediately, it punts it to task_work). So if we punt
> the unlink of a sillyrenamed file to a kthread, we should be able to avoid
> this problem.
>
> But we may have other issues.
> If crowdstrike is validating dentry_open against current->fs->root, it might
> deny cache I/O done on behalf of a chroot'd (or namespaced) process. We
> can't solve that without punting ALL cache I/O to a kthread.
[Resending, as originally this sent with uuencoded, which the mail list
archives don't handle well. Hopefully it's OK this time.]
I think the key thing to prevent this crash is just to avoid triggering an LSM
hook during process context. If you see other issues with falcon but are
following all the upstream Linux kernel driver guidance, please contact me (or
CrowdStrike more generally) and we'll be happy to work with you.
------=_NextPart_000_002F_01D71682.BD763840
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIOnDCCBCow
ggMSoAMCAQICBDhj3vgwDQYJKoZIhvcNAQEFBQAwgbQxFDASBgNVBAoTC0VudHJ1c3QubmV0MUAw
PgYDVQQLFDd3d3cuZW50cnVzdC5uZXQvQ1BTXzIwNDggaW5jb3JwLiBieSByZWYuIChsaW1pdHMg
bGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBFbnRydXN0Lm5ldCBMaW1pdGVkMTMwMQYDVQQDEypF
bnRydXN0Lm5ldCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAoMjA0OCkwHhcNOTkxMjI0MTc1MDUx
WhcNMjkwNzI0MTQxNTEyWjCBtDEUMBIGA1UEChMLRW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5l
bnRydXN0Lm5ldC9DUFNfMjA0OCBpbmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNV
BAsTHChjKSAxOTk5IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENl
cnRpZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK1NS6kShrLqoyAHFRZkKitL0b8LSk2O7YB2pWe3eEDAc0LIaMDbUyvdXrh2mDWTixqdfBM6
Dh9btx7P5SQUHrGBqY19uMxrSwPxAgzcq6VAJAB/dJShnQgps4gL9Yd3nVXN5MN+12pkq4UUhpVb
lzJQbz3IumYM4/y9uEnBdolJGf3AqL2Jo2cvxp+8cRlguC3pLMmQdmZ7lOKveNZlU1081pyyzykD
+S+kULLUSM4FMlWK/bJkTA7kmAd123/fuQhVYIUwKfl7SKRphuM1Px6GXXp6Fb3vAI4VIlQXAJAm
k7wOSWiRv/hH052VQsEOTd9vJs/DGCFiZkNw1tXAB+ECAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEG
MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFFXkgdERgL7YibkIozH5oSQJFrlwMA0GCSqGSIb3
DQEBBQUAA4IBAQA7m49WmzDnU5l8enmnTZfXGZWQ+wYfyjN8RmOPlmYk+kAbISfK5nJz8k/+MZn9
yAxMaFPGgIITmPq2rdpdPfHObvYVEZSCDO4/la8Rqw/XL94fA49XLB7Ju5oaRJXrGE+mH819VxAv
mwQJWoS1btgdOuHWntFseV55HBTF49BMkztlPO3fPb6m5ZUaw7UZw71eW7v/I+9oGcsSkydcAy1v
MNAethqs3lr30aqoJ6b+eYHEeZkzV7oSsKngQmyTylbe/m2ECwiLfo3q15ghxvPnPHkvXpzRTBWN
4ewiN8yaQwuX3ICQjbNnm29ICBVWz7/xK3xemnbpWZDFfIM1EWVRMIIFFTCCA/2gAwIBAgIRAK8c
BLKsjP+bAAAAAFHOGOMwDQYJKoZIhvcNAQELBQAwgbQxFDASBgNVBAoTC0VudHJ1c3QubmV0MUAw
PgYDVQQLFDd3d3cuZW50cnVzdC5uZXQvQ1BTXzIwNDggaW5jb3JwLiBieSByZWYuIChsaW1pdHMg
bGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBFbnRydXN0Lm5ldCBMaW1pdGVkMTMwMQYDVQQDEypF
bnRydXN0Lm5ldCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAoMjA0OCkwHhcNMjAwNzI5MTU0ODMw
WhcNMjkwNjI5MTYxODMwWjCBpTELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4x
OTA3BgNVBAsTMHd3dy5lbnRydXN0Lm5ldC9DUFMgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5j
ZTEfMB0GA1UECxMWKGMpIDIwMTAgRW50cnVzdCwgSW5jLjEiMCAGA1UEAxMZRW50cnVzdCBDbGFz
cyAyIENsaWVudCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMQyjULQnhmdW5Ba
EEy1EAAhuQdI3q5ugNb/FFAG6HWva0aO56VPrcOMsPp74BmR/fBjrXFJ86gcH6s0GSBOS1TpAJO+
cAgx3olTrFe8JO8qj0LU9+qVJV0UdtLNpxL6G7K0XGFAvV/dV5tEVdjFiRk8ZT256NSlLcIs0+qD
MaIIPF5ZrhIuKgqMXvOzMa4KrX7ssEkJ/KcuIh5oZDSdFuOmPQMxQBb3lPZLGTTJl+YinEjeZKCD
C1gFmMQiRokF/aO+9klMYQMWpPgKmRziwMZ+aQIyV5ADrwCUobnczq/v9HwYzjALyof41V8fWVHY
iwu5OMZYwlN82ibU2/K9kM0CAwEAAaOCAS0wggEpMA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAU
BggrBgEFBQcDBAYIKwYBBQUHAwIwEgYDVR0TAQH/BAgwBgEB/wIBADAzBggrBgEFBQcBAQQnMCUw
IwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmVudHJ1c3QubmV0MDIGA1UdHwQrMCkwJ6AloCOGIWh0
dHA6Ly9jcmwuZW50cnVzdC5uZXQvMjA0OGNhLmNybDA7BgNVHSAENDAyMDAGBFUdIAAwKDAmBggr
BgEFBQcCARYaaHR0cDovL3d3dy5lbnRydXN0Lm5ldC9ycGEwHQYDVR0OBBYEFAmRpbrp8i4qdd/N
fv53yvLea5skMB8GA1UdIwQYMBaAFFXkgdERgL7YibkIozH5oSQJFrlwMA0GCSqGSIb3DQEBCwUA
A4IBAQA/vekQdfNCp9FsgSahRiBXEiQVWrIMCH/dR7k/QpOkCq9MEe7MazD0tCyE3goXkPl4NK6u
JkV2BTUkg8CTc5lPpXJxY7QJiBHLbG7vlJXVSTfPoQDwDUsUUUb0aHGy/mChNw8l/O8gWjPGqYfJ
6lL212lIls5azxCb9rcBwzohpchDwISdA/jFNAiHy4sKg1yqIyvp/7jep0kObTIVgTDIJ/TA/s8a
dcyHu7oRoYJlUAWf80WSh6BFuBnnX/hGClvM2F1rFpFMFZVq4+T83gZ09mxU3cQl8GkW1uoOP1m+
AWL5YJ8dQLMx9xCcL/mKRGbYYAJOMRCx9peO/iCDvU1KMIIFUTCCBDmgAwIBAgIQDJP99GX/o7gA
AAAATDnPWjANBgkqhkiG9w0BAQsFADCBpTELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3Qs
IEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0Lm5ldC9DUFMgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJl
ZmVyZW5jZTEfMB0GA1UECxMWKGMpIDIwMTAgRW50cnVzdCwgSW5jLjEiMCAGA1UEAxMZRW50cnVz
dCBDbGFzcyAyIENsaWVudCBDQTAeFw0yMDEwMTQyMjA2NDRaFw0yMjEwMTQyMjM2NDNaMIGRMQsw
CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEPMA0GA1UEBxMGSXJ2aW5lMRowGAYDVQQK
ExFDcm93ZFN0cmlrZSwgSW5jLjFAMBMGA1UEAxMMTWFydGluIEtlbGx5MCkGCSqGSIb3DQEJARYc
bWFydGluLmtlbGx5QGNyb3dkc3RyaWtlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMT46ZuzJ/RhZGH9+qht+LO1VOIYXTlKXOYwfashRkS/Bbro15Km8ARz41X1CQ/9AmjPgPFL
wFJXQlYZZybTsGl1o/R4PBmZUZ9AwfqHPXUrM3WKP3A4s5mVffPilfe6lTuSoipTzq8MoOaz2rK/
4kffBpTqDL3MvYvJX9hva2UJ4RvhQ9kS/6NAf/2mobNyVufM2NAAdUyQlUV4A8Hgdz+GklWtDpzR
jdZjGs7Cb+cylSVG/X8ntvq2idrWOUu8/2gH6aV1ZiR3G1U3I8HaYAdZK6ycXNfvdFSrePv9TKCk
7ud/0v5RwTcenut579PJ9J1ILBxxrphRD1MsulKWP4MCAwEAAaOCAY0wggGJMA4GA1UdDwEB/wQE
AwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwQgYDVR0gBDswOTA3BgtghkgBhvps
CgEEAjAoMCYGCCsGAQUFBwIBFhpodHRwOi8vd3d3LmVudHJ1c3QubmV0L3JwYTBqBggrBgEFBQcB
AQReMFwwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmVudHJ1c3QubmV0MDUGCCsGAQUFBzAChilo
dHRwOi8vYWlhLmVudHJ1c3QubmV0LzIwNDhjbGFzczJzaGEyLmNlcjA0BgNVHR8ELTArMCmgJ6Al
hiNodHRwOi8vY3JsLmVudHJ1c3QubmV0L2NsYXNzMmNhLmNybDAnBgNVHREEIDAegRxtYXJ0aW4u
a2VsbHlAY3Jvd2RzdHJpa2UuY29tMB8GA1UdIwQYMBaAFAmRpbrp8i4qdd/Nfv53yvLea5skMB0G
A1UdDgQWBBSlEgDqZESbubhJcEKhhhhKnl7OtDAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IB
AQCoPnFPAX5tAP+aIr17tIgq1L2nP1F2pTeHgXd7ETwtUF1rSfq22mtKsDslQ5cRxy6l8LzH9j1h
2QmWK6dd+lSOUR/KaDSnXyhXsCHBX9455sWu6+n6Umrol/kOoRB3eFAht8wvXyIkNWoGf2M+p1kC
r7NYzgTDauE40ch1P15zLw47j9BODeX1BRhzlal0mrdEbLgZmcCdThe9S3+X1WOucSUIA54mFl46
uuZWlpl2lSKCrvWZn5RcGWqrdbM27SsNipli0sz0H+jPKUtFfr3DNsPQTANJsPU3u9k9A5HropDq
sZRj+3j+2z9Yiyi01g1k7bjc6LHmxXa0YjhQeMA8MYIEdzCCBHMCAQEwgbowgaUxCzAJBgNVBAYT
AlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMTkwNwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BT
IGlzIGluY29ycG9yYXRlZCBieSByZWZlcmVuY2UxHzAdBgNVBAsTFihjKSAyMDEwIEVudHJ1c3Qs
IEluYy4xIjAgBgNVBAMTGUVudHJ1c3QgQ2xhc3MgMiBDbGllbnQgQ0ECEAyT/fRl/6O4AAAAAEw5
z1owCQYFKw4DAhoFAKCCApEwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUx
DxcNMjEwMzExMjIyODAxWjAjBgkqhkiG9w0BCQQxFgQUfm/K5UftoKMmSElGBg93EHp2GeQwgZMG
CSqGSIb3DQEJDzGBhTCBgjALBglghkgBZQMEASowCwYJYIZIAWUDBAEWMAoGCCqGSIb3DQMHMAsG
CWCGSAFlAwQBAjAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAhowCwYJYIZI
AWUDBAIDMAsGCWCGSAFlAwQCAjALBglghkgBZQMEAgEwgcsGCSsGAQQBgjcQBDGBvTCBujCBpTEL
MAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0
Lm5ldC9DUFMgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMWKGMpIDIwMTAg
RW50cnVzdCwgSW5jLjEiMCAGA1UEAxMZRW50cnVzdCBDbGFzcyAyIENsaWVudCBDQQIQDJP99GX/
o7gAAAAATDnPWjCBzQYLKoZIhvcNAQkQAgsxgb2ggbowgaUxCzAJBgNVBAYTAlVTMRYwFAYDVQQK
Ew1FbnRydXN0LCBJbmMuMTkwNwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9y
YXRlZCBieSByZWZlcmVuY2UxHzAdBgNVBAsTFihjKSAyMDEwIEVudHJ1c3QsIEluYy4xIjAgBgNV
BAMTGUVudHJ1c3QgQ2xhc3MgMiBDbGllbnQgQ0ECEAyT/fRl/6O4AAAAAEw5z1owDQYJKoZIhvcN
AQEBBQAEggEAr6LDYb4nyp8osvOBa/rDQ+a0dXki5qK1eMbtv8ADVzafV11VWeskGPWr+ZcdqzR0
oSiTEqNhwugyrAyhs9NrKs2IZ9F0wMCPe/8DNMjGznBdSqneoqqsPeuY8/E6IIgeDpDomuB9zrnp
YSqgIBdkvUUeol6ep7ZbJEhFQuVl0ZIdxjS/1UPINC6pDjiUAyErRGYpB0dNnCV5lEgFyeyYda/r
uV7LriqroXiDI791znQMnaNbuJkAninElgJKEaV3llFu2/NRPupHjbcgg8K6nUtuoo/NrvND2rBf
SAl4EHnwXCpczGBpzRmwrEG8v9TxoWUZJHEoXtDwdOKlUTAAUwAAAAAAAA==
------=_NextPart_000_002F_01D71682.BD763840--