| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAHC9VhQ+R1nxsp6aPDqH9trjcPadb6yPsj+fEv47mYQqZ50yeQ@mail.gmail.com> Date: Tue, 4 Mar 2025 19:46:58 -0500 From: Paul Moore <paul@...l-moore.com> To: Blaise Boscaccy <bboscaccy@...ux.microsoft.com> Cc: James Morris <jmorris@...ei.org>, "Serge E. Hallyn" <serge@...lyn.com>, Alexei Starovoitov <ast@...nel.org>, Daniel Borkmann <daniel@...earbox.net>, John Fastabend <john.fastabend@...il.com>, Andrii Nakryiko <andrii@...nel.org>, Martin KaFai Lau <martin.lau@...ux.dev>, Eduard Zingerman <eddyz87@...il.com>, Song Liu <song@...nel.org>, Yonghong Song <yonghong.song@...ux.dev>, KP Singh <kpsingh@...nel.org>, Stanislav Fomichev <sdf@...ichev.me>, Hao Luo <haoluo@...gle.com>, Jiri Olsa <jolsa@...nel.org>, Stephen Smalley <stephen.smalley.work@...il.com>, Ondrej Mosnacek <omosnace@...hat.com>, linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org, bpf@...r.kernel.org, selinux@...r.kernel.org Subject: Re: [PATCH v4 bpf-next 1/2] security: Propagate caller information in bpf hooks On Tue, Mar 4, 2025 at 3:31 PM Blaise Boscaccy <bboscaccy@...ux.microsoft.com> wrote: > > Certain bpf syscall subcommands are available for usage from both > userspace and the kernel. LSM modules or eBPF gatekeeper programs may > need to take a different course of action depending on whether or not > a BPF syscall originated from the kernel or userspace. > > Additionally, some of the bpf_attr struct fields contain pointers to > arbitrary memory. Currently the functionality to determine whether or > not a pointer refers to kernel memory or userspace memory is exposed > to the bpf verifier, but that information is missing from various LSM > hooks. > > Here we augment the LSM hooks to provide this data, by simply passing > a boolean flag indicating whether or not the call originated in the > kernel, in any hook that contains a bpf_attr struct that corresponds > to a subcommand that may be called from the kernel. > > Signed-off-by: Blaise Boscaccy <bboscaccy@...ux.microsoft.com> > Acked-by: Song Liu <song@...nel.org> > --- > include/linux/lsm_hook_defs.h | 6 +++--- > include/linux/security.h | 12 ++++++------ > kernel/bpf/syscall.c | 10 +++++----- > security/security.c | 15 +++++++++------ > security/selinux/hooks.c | 6 +++--- > 5 files changed, 26 insertions(+), 23 deletions(-) ... > diff --git a/security/security.c b/security/security.c > index 143561ebc3e89..38c977091a7fd 100644 > --- a/security/security.c > +++ b/security/security.c > @@ -5627,6 +5627,7 @@ int security_audit_rule_match(struct lsm_prop *prop, u32 field, u32 op, > * @cmd: command > * @attr: bpf attribute > * @size: size > + * @is_kernel: whether or not call originated from kernel This is really nitpicky so please only make this change if you are respinning the patchset for another reason (it looks like you may need to do so for other reasons, so I mentioning it), but please change "is_kernel" to just "kernel" in all the LSM hooks you're updating so it is more consistent with the other LSM hook boolean parameter flags. Regardless of the above, this looks good to me. My ACK is below in case the BPF folks want to merge this, but I'm also happy to take this via the LSM tree once the selftest changes are resolved and ACK'd. Acked-by: Paul Moore <paul@...l-moore.com> -- paul-moore.com
Powered by blists - more mailing lists