lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <16c14750-cbda-892c-c767-ef4e8b9125dd@schaufler-ca.com>
Date:   Sun, 16 Feb 2020 11:27:36 -0800
From:   Casey Schaufler <casey@...aufler-ca.com>
To:     Randy Dunlap <rdunlap@...radead.org>,
        LKML <linux-kernel@...r.kernel.org>,
        linux-security-module <linux-security-module@...r.kernel.org>
Cc:     John Johansen <john.johansen@...onical.com>,
        Kees Cook <keescook@...omium.org>,
        Micah Morton <mortonm@...omium.org>,
        James Morris <jmorris@...ei.org>,
        "Serge E. Hallyn" <serge@...lyn.com>,
        Paul Moore <paul@...l-moore.com>,
        Stephen Smalley <sds@...ho.nsa.gov>,
        Eric Paris <eparis@...isplace.org>,
        Kentaro Takeda <takedakn@...data.co.jp>,
        Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
Subject: Re: [RFC PATCH] security: <linux/lsm_hooks.h>: fix all kernel-doc
 warnings

On 2/15/2020 11:08 PM, Randy Dunlap wrote:
> From: Randy Dunlap <rdunlap@...radead.org>
>
> Fix all kernel-doc warnings in <linux/lsm_hooks.h>.
> Fixes the following warnings:
>
> ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'quotactl' not described in 'security_list_options'
> ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'quota_on' not described in 'security_list_options'
> ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'sb_free_mnt_opts' not described in 'security_list_options'
> ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'sb_eat_lsm_opts' not described in 'security_list_options'
> ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'sb_kern_mount' not described in 'security_list_options'
> ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'sb_show_options' not described in 'security_list_options'
> ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'sb_add_mnt_opt' not described in 'security_list_options'
> ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'd_instantiate' not described in 'security_list_options'
> ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'getprocattr' not described in 'security_list_options'
> ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'setprocattr' not described in 'security_list_options'
> ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'locked_down' not described in 'security_list_options'
> ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'perf_event_open' not described in 'security_list_options'
> ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'perf_event_alloc' not described in 'security_list_options'
> ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'perf_event_free' not described in 'security_list_options'
> ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'perf_event_read' not described in 'security_list_options'
> ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'perf_event_write' not described in 'security_list_options'
>
> Signed-off-by: Randy Dunlap <rdunlap@...radead.org>

Acked-by: Casey Schaufler <casey@...aufler-ca.com>

Thank you very much.

> Cc: John Johansen <john.johansen@...onical.com>
> Cc: Kees Cook <keescook@...omium.org>
> Cc: Micah Morton <mortonm@...omium.org>
> Cc: James Morris <jmorris@...ei.org>
> Cc: "Serge E. Hallyn" <serge@...lyn.com>
> Cc: linux-security-module@...r.kernel.org
> Cc: Paul Moore <paul@...l-moore.com>
> Cc: Stephen Smalley <sds@...ho.nsa.gov>
> Cc: Eric Paris <eparis@...isplace.org>
> Cc: Casey Schaufler <casey@...aufler-ca.com>
> Cc: Kentaro Takeda <takedakn@...data.co.jp>
> Cc: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
> ---
> Notes:
> a. The location for some of these might need to be modified.
> b. 'locked_down' was just missing a final ':'.
> c. Added a new section: Security hooks for perf events.
>
>  include/linux/lsm_hooks.h |   36 +++++++++++++++++++++++++++++++++++-
>  1 file changed, 35 insertions(+), 1 deletion(-)
>
> --- lnx-56-rc1.orig/include/linux/lsm_hooks.h
> +++ lnx-56-rc1/include/linux/lsm_hooks.h
> @@ -103,6 +103,10 @@
>   * @sb_free_security:
>   *	Deallocate and clear the sb->s_security field.
>   *	@sb contains the super_block structure to be modified.
> + * @sb_free_mnt_opts:
> + * 	Free memory associated with @mnt_ops.
> + * @sb_eat_lsm_opts:
> + * 	Eat (scan @orig options) and save them in @mnt_opts.
>   * @sb_statfs:
>   *	Check permission before obtaining filesystem statistics for the @mnt
>   *	mountpoint.
> @@ -136,6 +140,10 @@
>   *	@sb superblock being remounted
>   *	@data contains the filesystem-specific data.
>   *	Return 0 if permission is granted.
> + * @sb_kern_mount:
> + * 	Mount this @sb if allowed by permissions.
> + * @sb_show_options:
> + * 	Show (print on @m) mount options for this @sb.
>   * @sb_umount:
>   *	Check permission before the @mnt file system is unmounted.
>   *	@mnt contains the mounted file system.
> @@ -155,6 +163,8 @@
>   *	Copy all security options from a given superblock to another
>   *	@oldsb old superblock which contain information to clone
>   *	@newsb new superblock which needs filled in
> + * @sb_add_mnt_opt:
> + * 	Add one mount @option to @mnt_opts.
>   * @sb_parse_opts_str:
>   *	Parse a string of security data filling in the opts structure
>   *	@options string containing all mount options known by the LSM
> @@ -451,6 +461,12 @@
>   *	security module does not know about attribute or a negative error code
>   *	to abort the copy up. Note that the caller is responsible for reading
>   *	and writing the xattrs as this hook is merely a filter.
> + * @d_instantiate:
> + * 	Fill in @inode security information for a @dentry if allowed.
> + * @getprocattr:
> + * 	Read attribute @name for process @p and store it into @value if allowed.
> + * @setprocattr:
> + * 	Write (set) attribute @name to @value, size @size if allowed.
>   *
>   * Security hooks for kernfs node operations
>   *
> @@ -1113,6 +1129,7 @@
>   *	In case of failure, @secid will be set to zero.
>   *
>   * Security hooks for individual messages held in System V IPC message queues
> + *
>   * @msg_msg_alloc_security:
>   *	Allocate and attach a security structure to the msg->security field.
>   *	The security field is initialized to NULL when the structure is first
> @@ -1302,6 +1319,10 @@
>   *	@cap contains the capability <include/linux/capability.h>.
>   *	@opts contains options for the capable check <include/linux/security.h>
>   *	Return 0 if the capability is granted for @tsk.
> + * @quotactl:
> + * 	Check whether the quotactl syscall is allowed for this @sb.
> + * @quota_on:
> + * 	Check whether QUOTAON is allowed for this @dentry.
>   * @syslog:
>   *	Check permission before accessing the kernel message ring or changing
>   *	logging to the console.
> @@ -1449,11 +1470,24 @@
>   * @bpf_prog_free_security:
>   *	Clean up the security information stored inside bpf prog.
>   *
> - * @locked_down
> + * @locked_down:
>   *     Determine whether a kernel feature that potentially enables arbitrary
>   *     code execution in kernel space should be permitted.
>   *
>   *     @what: kernel feature being accessed
> + *
> + * Security hooks for perf events
> + *
> + * @perf_event_open:
> + * 	Check whether the @type of perf_event_open syscall is allowed.
> + * @perf_event_alloc:
> + * 	Allocate and save perf_event security info.
> + * @perf_event_free:
> + * 	Release (free) perf_event security info.
> + * @perf_event_read:
> + * 	Read perf_event security info if allowed.
> + * @perf_event_write:
> + * 	Write perf_event security info if allowed.
>   */
>  union security_list_options {
>  	int (*binder_set_context_mgr)(struct task_struct *mgr);
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ