| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <332BDB30-BCDC-4F24-BB8C-DD29D5003426@fb.com>
Date: Wed, 13 Nov 2024 01:37:42 +0000
From: Song Liu <songliubraving@...a.com>
To: Casey Schaufler <casey@...aufler-ca.com>
CC: Song Liu <songliubraving@...a.com>, Song Liu <song@...nel.org>,
"bpf@...r.kernel.org" <bpf@...r.kernel.org>,
"linux-fsdevel@...r.kernel.org"
<linux-fsdevel@...r.kernel.org>,
"linux-kernel@...r.kernel.org"
<linux-kernel@...r.kernel.org>,
"linux-security-module@...r.kernel.org"
<linux-security-module@...r.kernel.org>,
Kernel Team <kernel-team@...a.com>,
"andrii@...nel.org" <andrii@...nel.org>,
"eddyz87@...il.com"
<eddyz87@...il.com>,
"ast@...nel.org" <ast@...nel.org>,
"daniel@...earbox.net" <daniel@...earbox.net>,
"martin.lau@...ux.dev"
<martin.lau@...ux.dev>,
"viro@...iv.linux.org.uk" <viro@...iv.linux.org.uk>,
"brauner@...nel.org" <brauner@...nel.org>,
"jack@...e.cz" <jack@...e.cz>,
"kpsingh@...nel.org" <kpsingh@...nel.org>,
"mattbobrowski@...gle.com"
<mattbobrowski@...gle.com>,
"amir73il@...il.com" <amir73il@...il.com>,
"repnop@...gle.com" <repnop@...gle.com>,
"jlayton@...nel.org"
<jlayton@...nel.org>,
Josef Bacik <josef@...icpanda.com>,
"mic@...ikod.net"
<mic@...ikod.net>,
"gnoack@...gle.com" <gnoack@...gle.com>
Subject: Re: [PATCH bpf-next 0/4] Make inode storage available to tracing prog
> On Nov 12, 2024, at 5:10 PM, Casey Schaufler <casey@...aufler-ca.com> wrote:
>
> On 11/12/2024 10:44 AM, Song Liu wrote:
>> Hi Casey,
>>
>> Thanks for your input.
>>
>>> On Nov 12, 2024, at 10:09 AM, Casey Schaufler <casey@...aufler-ca.com> wrote:
>>>
>>> On 11/12/2024 12:25 AM, Song Liu wrote:
>>>> bpf inode local storage can be useful beyond LSM programs. For example,
>>>> bcc/libbpf-tools file* can use inode local storage to simplify the logic.
>>>> This set makes inode local storage available to tracing program.
>>> Mixing the storage and scope of LSM data and tracing data leaves all sorts
>>> of opportunities for abuse. Add inode data for tracing if you can get the
>>> patch accepted, but do not move the LSM data out of i_security. Moving
>>> the LSM data would break the integrity (such that there is) of the LSM
>>> model.
>> I honestly don't see how this would cause any issues. Each bpf inode
>> storage maps are independent of each other, and the bpf local storage is
>> designed to handle multiple inode storage maps properly. Therefore, if
>> the user decide to stick with only LSM hooks, there isn't any behavior
>> change. OTOH, if the user decides some tracing hooks (on tracepoints,
>> etc.) are needed, making a inode storage map available for both tracing
>> programs and LSM programs would help simplify the logic. (Alternatively,
>> the tracing programs need to store per inode data in a hash map, and
>> the LSM program would read that instead of the inode storage map.)
>>
>> Does this answer the question and address the concerns?
>
> First off, I had no question. No, this does not address my concern.
> LSM data should be kept in and managed by the LSMs. We're making an
> effort to make the LSM infrastructure more consistent.
Could you provide more information on the definition of "more
consistent" LSM infrastructure?
BPF LSM programs have full access to regular BPF maps (hash map,
array, etc.). There was never a separation of LSM data vs. other
data.
AFAICT, other LSMs also use kzalloc and similar APIs for memory
allocation. So data separation is not a goal for any LSM, right?
Thanks,
Song
> Moving some of
> the LSM data into an LSM specific field in the inode structure goes
> against this. What you're proposing is a one-off clever optimization
> hack. We have too many of those already.
Powered by blists - more mailing lists