lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <906d5338-0021-740d-36dc-0f32b2c36f55@schaufler-ca.com>
Date:   Mon, 14 May 2018 09:32:28 -0700
From:   Casey Schaufler <casey@...aufler-ca.com>
To:     Stephen Smalley <sds@...ho.nsa.gov>,
        LSM <linux-security-module@...r.kernel.org>,
        LKLM <linux-kernel@...r.kernel.org>,
        Paul Moore <paul@...l-moore.com>,
        SE Linux <selinux@...ho.nsa.gov>,
        "SMACK-discuss@...ts.01.org" <SMACK-discuss@...ts.01.org>,
        John Johansen <john.johansen@...onical.com>,
        Kees Cook <keescook@...omium.org>,
        Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>,
        James Morris <jmorris@...ei.org>
Subject: Re: [PATCH 10/23] LSM: Infrastructure management of the inode
 security

On 5/14/2018 8:04 AM, Stephen Smalley wrote:
> On 05/10/2018 08:53 PM, Casey Schaufler wrote:
>> From: Casey Schaufler <casey@...aufler-ca.com>
>> Date: Thu, 10 May 2018 14:23:27 -0700
>> Subject: [PATCH 10/23] LSM: Infrastructure management of the inode security
>>  blob
>>
>> Move management of the inode->i_security blob out
>> of the individual security modules and into the security
>> infrastructure. Instead of allocating the blobs from within
>> the modules the modules tell the infrastructure how much
>> space is required, and the space is allocated there.
>>
>> Signed-off-by: Casey Schaufler <casey@...aufler-ca.com>
>> ---
>>  include/linux/lsm_hooks.h         |  3 ++
>>  security/security.c               | 85 +++++++++++++++++++++++++++++++++++++--
>>  security/selinux/hooks.c          | 32 +--------------
>>  security/selinux/include/objsec.h |  5 +--
>>  security/smack/smack_lsm.c        | 70 +++++---------------------------
>>  5 files changed, 99 insertions(+), 96 deletions(-)
>> <SNIP>
>> diff --git a/security/security.c b/security/security.c
>> index b414186ad45f..02df9b608b7e 100644
>> --- a/security/security.c
>> +++ b/security/security.c
>> @@ -41,6 +41,7 @@ struct security_hook_heads security_hook_heads __lsm_ro_after_init;
>>  static ATOMIC_NOTIFIER_HEAD(lsm_notifier_chain);
>>  
>>  static struct kmem_cache *lsm_file_cache;
>> +static struct kmem_cache *lsm_inode_cache;
>>  
>>  char *lsm_names;
>>  static struct lsm_blob_sizes blob_sizes;
>> @@ -98,6 +99,10 @@ int __init security_init(void)
>>  		lsm_file_cache = kmem_cache_create("lsm_file_cache",
>>  						   blob_sizes.lbs_file, 0,
>>  						   SLAB_PANIC, NULL);
>> +	if (blob_sizes.lbs_inode)
>> +		lsm_inode_cache = kmem_cache_create("lsm_inode_cache",
>> +						    blob_sizes.lbs_inode, 0,
>> +						    SLAB_PANIC, NULL);
>>  	/*
>>  	 * The second call to a module specific init function
>>  	 * adds hooks to the hook lists and does any other early
>> @@ -108,8 +113,9 @@ int __init security_init(void)
>>  #ifdef CONFIG_SECURITY_LSM_DEBUG
>>  	pr_info("LSM: cred blob size       = %d\n", blob_sizes.lbs_cred);
>>  	pr_info("LSM: file blob size       = %d\n", blob_sizes.lbs_file);
>> +	pr_info("LSM: inode blob size      = %d\n", blob_sizes.lbs_inode);
>>  	pr_info("LSM: task blob size       = %d\n", blob_sizes.lbs_task);
>> -#endif
>> +#endif /* CONFIG_SECURITY_LSM_DEBUG */
>>  
>>  	return 0;
>>  }
>> @@ -285,6 +291,13 @@ void __init security_add_blobs(struct lsm_blob_sizes *needed)
>>  	lsm_set_size(&needed->lbs_cred, &blob_sizes.lbs_cred);
>>  	lsm_set_size(&needed->lbs_file, &blob_sizes.lbs_file);
>>  	lsm_set_size(&needed->lbs_task, &blob_sizes.lbs_task);
>> +	/*
>> +	 * The inode blob gets an rcu_head in addition to
>> +	 * what the modules might need.
>> +	 */
>> +	if (needed->lbs_inode && blob_sizes.lbs_inode == 0)
>> +		blob_sizes.lbs_inode = sizeof(struct rcu_head);
>> +	lsm_set_size(&needed->lbs_inode, &blob_sizes.lbs_inode);
>>  }
>>  
>>  /**
>> @@ -348,6 +361,46 @@ void lsm_early_task(struct task_struct *task)
>>  		panic("%s: Early task alloc failed.\n", __func__);
>>  }
>>  
>> +/**
>> + * lsm_inode_alloc - allocate a composite inode blob
>> + * @inode: the inode that needs a blob
>> + *
>> + * Allocate the inode blob for all the modules
>> + *
>> + * Returns 0, or -ENOMEM if memory can't be allocated.
>> + */
>> +int lsm_inode_alloc(struct inode *inode)
>> +{
>> +	if (!lsm_inode_cache) {
>> +		inode->i_security = NULL;
>> +		return 0;
>> +	}
>> +
>> +	inode->i_security = kmem_cache_zalloc(lsm_inode_cache, GFP_KERNEL);
> Should be GFP_NOFS (and was that way in SELinux and Smack).

Yes, you're correct. I'll make the change.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ