| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4e5a09bb-04c4-39b8-10d4-59496ffb5eee@iogearbox.net>
Date: Sat, 28 Mar 2020 18:18:38 +0100
From: Daniel Borkmann <daniel@...earbox.net>
To: KP Singh <kpsingh@...omium.org>, linux-kernel@...r.kernel.org,
bpf@...r.kernel.org, linux-security-module@...r.kernel.org
Cc: Alexei Starovoitov <ast@...nel.org>,
James Morris <jmorris@...ei.org>,
Kees Cook <keescook@...omium.org>,
Paul Turner <pjt@...gle.com>, Jann Horn <jannh@...gle.com>,
Florent Revest <revest@...omium.org>,
Brendan Jackman <jackmanb@...omium.org>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: Re: [PATCH bpf-next v8 0/8] MAC and Audit policy using eBPF (KRSI)
Hey KP,
On 3/27/20 8:28 PM, KP Singh wrote:
> From: KP Singh <kpsingh@...gle.com>
>
> # v7 -> v8
>
> https://lore.kernel.org/bpf/20200326142823.26277-1-kpsingh@chromium.org/
>
> * Removed CAP_MAC_ADMIN check from bpf_lsm_verify_prog. LSMs can add it
> in their own bpf_prog hook. This can be revisited as a separate patch.
> * Added Andrii and James' Ack/Review tags.
> * Fixed an indentation issue and missing newlines in selftest error
> a cases.
> * Updated a comment as suggested by Alexei.
> * Updated the documentation to use the newer libbpf API and some other
> fixes.
> * Rebase
>
> # v6 -> v7
>
> https://lore.kernel.org/bpf/20200325152629.6904-1-kpsingh@chromium.org/
>
[...]
> KP Singh (8):
> bpf: Introduce BPF_PROG_TYPE_LSM
> security: Refactor declaration of LSM hooks
> bpf: lsm: provide attachment points for BPF LSM programs
> bpf: lsm: Implement attach, detach and execution
> bpf: lsm: Initialize the BPF LSM hooks
> tools/libbpf: Add support for BPF_PROG_TYPE_LSM
> bpf: lsm: Add selftests for BPF_PROG_TYPE_LSM
> bpf: lsm: Add Documentation
I was about to apply, but then I'm getting the following selftest issue on
the added LSM one, ptal:
# ./test_progs
[...]
#65/1 test_global_func1.o:OK
#65/2 test_global_func2.o:OK
#65/3 test_global_func3.o:OK
#65/4 test_global_func4.o:OK
#65/5 test_global_func5.o:OK
#65/6 test_global_func6.o:OK
#65/7 test_global_func7.o:OK
#65 test_global_funcs:OK
test_test_lsm:PASS:skel_load 0 nsec
test_test_lsm:PASS:attach 0 nsec
test_test_lsm:PASS:exec_cmd 0 nsec
test_test_lsm:FAIL:bprm_count bprm_count = 0
test_test_lsm:FAIL:heap_mprotect want errno=EPERM, got 22
#66 test_lsm:FAIL
test_test_overhead:PASS:obj_open_file 0 nsec
test_test_overhead:PASS:find_probe 0 nsec
test_test_overhead:PASS:find_probe 0 nsec
test_test_overhead:PASS:find_probe 0 nsec
test_test_overhead:PASS:find_probe 0 nsec
test_test_overhead:PASS:find_probe 0 nsec
Caught signal #11!
Stack trace:
./test_progs(crash_handler+0x31)[0x56100f25eb51]
/lib/x86_64-linux-gnu/libpthread.so.0(+0x12890)[0x7f9d8d225890]
/lib/x86_64-linux-gnu/libc.so.6(+0x18ef2d)[0x7f9d8cfb0f2d]
/lib/x86_64-linux-gnu/libc.so.6(__libc_calloc+0x372)[0x7f9d8cebc3a2]
/usr/local/lib/libelf.so.1(+0x33ce)[0x7f9d8d85a3ce]
/usr/local/lib/libelf.so.1(+0x3fb2)[0x7f9d8d85afb2]
./test_progs(btf__parse_elf+0x15d)[0x56100f27a141]
./test_progs(libbpf_find_kernel_btf+0x169)[0x56100f27ee83]
./test_progs(+0x43906)[0x56100f266906]
./test_progs(bpf_object__load_xattr+0xe5)[0x56100f26e93c]
./test_progs(bpf_object__load+0x47)[0x56100f26eafd]
./test_progs(test_test_overhead+0x252)[0x56100f24a922]
./test_progs(main+0x212)[0x56100f22f772]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xe7)[0x7f9d8ce43b97]
./test_progs(_start+0x2a)[0x56100f22f8fa]
Segmentation fault (core dumped)
#
(Before the series, it runs through fine on my side.)
Thanks,
Daniel
Powered by blists - more mailing lists