| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <cd1d9d9f-1b68-8d2c-118a-334e4c71eb57@tycho.nsa.gov>
Date: Wed, 15 Jan 2020 12:30:08 -0500
From: Stephen Smalley <sds@...ho.nsa.gov>
To: KP Singh <kpsingh@...omium.org>, linux-kernel@...r.kernel.org,
bpf@...r.kernel.org, linux-security-module@...r.kernel.org
Cc: Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
James Morris <jmorris@...ei.org>,
Kees Cook <keescook@...omium.org>,
Thomas Garnier <thgarnie@...omium.org>,
Michael Halcrow <mhalcrow@...gle.com>,
Paul Turner <pjt@...gle.com>,
Brendan Gregg <brendan.d.gregg@...il.com>,
Jann Horn <jannh@...gle.com>,
Matthew Garrett <mjg59@...gle.com>,
Christian Brauner <christian@...uner.io>,
Mickaël Salaün <mic@...ikod.net>,
Florent Revest <revest@...omium.org>,
Brendan Jackman <jackmanb@...omium.org>,
Martin KaFai Lau <kafai@...com>,
Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>,
"Serge E. Hallyn" <serge@...lyn.com>,
Mauro Carvalho Chehab <mchehab+samsung@...nel.org>,
"David S. Miller" <davem@...emloft.net>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Nicolas Ferre <nicolas.ferre@...rochip.com>,
Stanislav Fomichev <sdf@...gle.com>,
Quentin Monnet <quentin.monnet@...ronome.com>,
Andrey Ignatov <rdna@...com>, Joe Stringer <joe@...d.net.nz>
Subject: Re: [PATCH bpf-next v2 04/10] bpf: lsm: Add mutable hooks list for
the BPF LSM
On 1/15/20 12:13 PM, KP Singh wrote:
> From: KP Singh <kpsingh@...gle.com>
>
> - The list of hooks registered by an LSM is currently immutable as they
> are declared with __lsm_ro_after_init and they are attached to a
> security_hook_heads struct.
> - For the BPF LSM we need to de/register the hooks at runtime. Making
> the existing security_hook_heads mutable broadens an
> attack vector, so a separate security_hook_heads is added for only
> those that ~must~ be mutable.
> - These mutable hooks are run only after all the static hooks have
> successfully executed.
>
> This is based on the ideas discussed in:
>
> https://lore.kernel.org/lkml/20180408065916.GA2832@ircssh-2.c.rugged-nimbus-611.internal
>
> Signed-off-by: KP Singh <kpsingh@...gle.com>
> ---
[...]
> diff --git a/security/security.c b/security/security.c
> index cd2d18d2d279..4a2eb4c089b2 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -652,20 +653,21 @@ static void __init lsm_early_task(struct task_struct *task)
> \
> hlist_for_each_entry(P, &security_hook_heads.FUNC, list) \
> P->hook.FUNC(__VA_ARGS__); \
> + CALL_BPF_LSM_VOID_HOOKS(FUNC, __VA_ARGS__); \
> } while (0)
>
> -#define call_int_hook(FUNC, IRC, ...) ({ \
> - int RC = IRC; \
> - do { \
> - struct security_hook_list *P; \
> - \
> +#define call_int_hook(FUNC, IRC, ...) ({ \
> + int RC = IRC; \
> + do { \
> + struct security_hook_list *P; \
> hlist_for_each_entry(P, &security_hook_heads.FUNC, list) { \
> - RC = P->hook.FUNC(__VA_ARGS__); \
> - if (RC != 0) \
> - break; \
> - } \
> - } while (0); \
> - RC; \
> + RC = P->hook.FUNC(__VA_ARGS__); \
> + if (RC != 0) \
> + break; \
> + } \
> + RC = CALL_BPF_LSM_INT_HOOKS(RC, FUNC, __VA_ARGS__); \
Let's not clobber the return code from the other LSMs with the bpf one.
> + } while (0); \
> + RC; \
> })
>
> /* Security operations */
>
Powered by blists - more mailing lists