| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAPhsuW4bsiD56PivQRLs6jrWGpiWt+4vfcdQ4YA-KWONxLYv9g@mail.gmail.com> Date: Fri, 28 Feb 2025 16:37:29 -0800 From: Song Liu <song@...nel.org> To: Blaise Boscaccy <bboscaccy@...ux.microsoft.com> Cc: Paul Moore <paul@...l-moore.com>, James Morris <jmorris@...ei.org>, "Serge E. Hallyn" <serge@...lyn.com>, Alexei Starovoitov <ast@...nel.org>, Daniel Borkmann <daniel@...earbox.net>, John Fastabend <john.fastabend@...il.com>, Andrii Nakryiko <andrii@...nel.org>, Martin KaFai Lau <martin.lau@...ux.dev>, Eduard Zingerman <eddyz87@...il.com>, Yonghong Song <yonghong.song@...ux.dev>, KP Singh <kpsingh@...nel.org>, Stanislav Fomichev <sdf@...ichev.me>, Hao Luo <haoluo@...gle.com>, Jiri Olsa <jolsa@...nel.org>, Stephen Smalley <stephen.smalley.work@...il.com>, Ondrej Mosnacek <omosnace@...hat.com>, linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org, bpf@...r.kernel.org, selinux@...r.kernel.org Subject: Re: [PATCH 1/1] security: Propagate caller information in bpf hooks On Fri, Feb 28, 2025 at 8:53 AM Blaise Boscaccy <bboscaccy@...ux.microsoft.com> wrote: > > Certain bpf syscall subcommands are available for usage from both > userspace and the kernel. LSM modules or eBPF gatekeeper programs may > need to take a different course of action depending on whether or not > a BPF syscall originated from the kernel or userspace. > > Additionally, some of the bpf_attr struct fields contain pointers to > arbitrary memory. Currently the functionality to determine whether or > not a pointer refers to kernel memory or userspace memory is exposed > to the bpf verifier, but that information is missing from various LSM > hooks. > > Here we augment the LSM hooks to provide this data, by simply passing > a boolean flag indicating whether or not the call originated in the > kernel, in any hook that contains a bpf_attr struct that corresponds > to a subcommand that may be called from the kernel. > > Signed-off-by: Blaise Boscaccy <bboscaccy@...ux.microsoft.com> > --- > include/linux/lsm_hook_defs.h | 6 +++--- > include/linux/security.h | 12 ++++++------ > kernel/bpf/syscall.c | 10 +++++----- > security/security.c | 17 ++++++++++------- > security/selinux/hooks.c | 6 +++--- > 5 files changed, 27 insertions(+), 24 deletions(-) tools/testing/selftests/bpf/progs/test_cgroup1_hierarchy.c has a BPF program for security_bpf(), please also update it. > > diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h > index e2f1ce37c41ef..25f4e74c173be 100644 > --- a/include/linux/lsm_hook_defs.h > +++ b/include/linux/lsm_hook_defs.h > @@ -426,14 +426,14 @@ LSM_HOOK(void, LSM_RET_VOID, audit_rule_free, void *lsmrule) > #endif /* CONFIG_AUDIT */ > > #ifdef CONFIG_BPF_SYSCALL > -LSM_HOOK(int, 0, bpf, int cmd, union bpf_attr *attr, unsigned int size) > +LSM_HOOK(int, 0, bpf, int cmd, union bpf_attr *attr, bool is_kernel, unsigned int size) I think we should add is_kernel to the end of the argument list. This will cause fewer issues for existing users. Thanks, Song
Powered by blists - more mailing lists