lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 12 Feb 2020 17:26:13 +0100
From:   KP Singh <>
To:     Casey Schaufler <>
Cc:     Alexei Starovoitov <>,
        Daniel Borkmann <>,
        Jann Horn <>, KP Singh <>,
        kernel list <>,
        bpf <>,
        linux-security-module <>,
        Brendan Jackman <>,
        Florent Revest <>,
        Thomas Garnier <>,
        Alexei Starovoitov <>,
        James Morris <>,
        Kees Cook <>,
        Thomas Garnier <>,
        Michael Halcrow <>,
        Paul Turner <>,
        Brendan Gregg <>,
        Matthew Garrett <>,
        Christian Brauner <>,
        Mickaël Salaün <>,
        Florent Revest <>,
        Brendan Jackman <>,
        "Serge E. Hallyn" <>,
        Mauro Carvalho Chehab <>,
        "David S. Miller" <>,
        Greg Kroah-Hartman <>,
        Kernel Team <>
Subject: Re: BPF LSM and fexit [was: [PATCH bpf-next v3 04/10] bpf: lsm: Add
 mutable hooks list for the BPF LSM]

On 12-Feb 07:52, Casey Schaufler wrote:
> On 2/11/2020 6:45 PM, Alexei Starovoitov wrote:
> > On Wed, Feb 12, 2020 at 01:09:07AM +0100, Daniel Borkmann wrote:
> >> Another approach could be to have a special nop inside call_int_hook()
> >> macro which would then get patched to avoid these situations. Somewhat
> >> similar like static keys where it could be defined anywhere in text but
> >> with updating of call_int_hook()'s RC for the verdict.
> Tell me again why you can't register your BPF hooks like all the
> other security modules do? You keep reintroducing BPF as a special
> case, and I don't see why.

I think we tried to answer this in the discussion we had:

BPF should not allocate a wrapper (to be statically regsitered at
init) for each LSM hook and run the programs from within that as this
implies adding overhead across the board for every hook even if
it's never used (i.e. no BPF program is attached to the hook).

We can, with the suggestions discussed here, avoid adding unncessary
overhead for unused hooks. And, as Alexei mentioned, adding overhead
when not really needed is especially bad for LSM hooks like

The other LSMs do not provide dynamic / mutable hooks, so it makes
sense for them to register the hooks once at load time.

- KP

> > Sounds nice in theory. I couldn't quite picture how that would look
> > in the code, so I hacked:
> > diff --git a/security/security.c b/security/security.c
> > index 565bc9b67276..ce4bc1e5e26c 100644
> > --- a/security/security.c


Powered by blists - more mailing lists