| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <b78ced92-78a4-41d2-8d2b-248f8bb43abb@huaweicloud.com> Date: Sat, 20 Jul 2024 17:27:56 +0800 From: Xu Kuohai <xukuohai@...weicloud.com> To: Paul Moore <paul@...l-moore.com>, bpf@...r.kernel.org, netdev@...r.kernel.org, linux-security-module@...r.kernel.org, linux-kselftest@...r.kernel.org, linux-integrity@...r.kernel.org, selinux@...r.kernel.org Cc: Alexei Starovoitov <ast@...nel.org>, Andrii Nakryiko <andrii@...nel.org>, Daniel Borkmann <daniel@...earbox.net>, Martin KaFai Lau <martin.lau@...ux.dev>, Eduard Zingerman <eddyz87@...il.com>, Song Liu <song@...nel.org>, Yonghong Song <yonghong.song@...ux.dev>, John Fastabend <john.fastabend@...il.com>, KP Singh <kpsingh@...nel.org>, Hao Luo <haoluo@...gle.com>, Jiri Olsa <jolsa@...nel.org>, Matt Bobrowski <mattbobrowski@...gle.com>, Brendan Jackman <jackmanb@...omium.org>, James Morris <jmorris@...ei.org>, "Serge E . Hallyn" <serge@...lyn.com>, Khadija Kamran <kamrankhadijadj@...il.com>, Casey Schaufler <casey@...aufler-ca.com>, Ondrej Mosnacek <omosnace@...hat.com>, Kees Cook <keescook@...omium.org>, John Johansen <john.johansen@...onical.com>, Lukas Bulwahn <lukas.bulwahn@...il.com>, Roberto Sassu <roberto.sassu@...wei.com>, Shung-Hsi Yu <shung-hsi.yu@...e.com>, Edward Cree <ecree.xilinx@...il.com>, Alexander Viro <viro@...iv.linux.org.uk>, Christian Brauner <brauner@...nel.org>, Trond Myklebust <trond.myklebust@...merspace.com>, Anna Schumaker <anna@...nel.org>, Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, Stephen Smalley <stephen.smalley.work@...il.com> Subject: Re: [PATCH v4 2/20] lsm: Refactor return value of LSM hook inode_need_killpriv On 7/19/2024 10:08 AM, Paul Moore wrote: > On Jul 11, 2024 Xu Kuohai <xukuohai@...weicloud.com> wrote: >> >> To be consistent with most LSM hooks, convert the return value of >> hook inode_need_killpriv to 0 or a negative error code. >> >> Before: >> - Both hook inode_need_killpriv and func security_inode_need_killpriv >> return > 0 if security_inode_killpriv is required, 0 if not, and < 0 >> to abort the operation. >> >> After: >> - Both hook inode_need_killpriv and func security_inode_need_killpriv >> return 0 on success and a negative error code on failure. >> On success, hook inode_need_killpriv sets output param @need to true >> if security_inode_killpriv is required, and false if not. When @need >> is true, func security_inode_need_killpriv sets ATTR_KILL_PRIV flag >> in @attr; when false, it clears the flag. >> On failure, @need and @attr remains unchanged. >> >> Signed-off-by: Xu Kuohai <xukuohai@...wei.com> >> --- >> fs/attr.c | 5 ++--- >> fs/inode.c | 4 +--- >> include/linux/lsm_hook_defs.h | 2 +- >> include/linux/security.h | 20 ++++++++++++++++---- >> security/commoncap.c | 12 ++++++++---- >> security/security.c | 29 ++++++++++++++++++++++++----- >> 6 files changed, 52 insertions(+), 20 deletions(-) > > In general I think a lot of these changes are a good improvement, thank > you very much for the time and effort you've spent on this. However, > I'm not in favor of passing the new hook parameter as a way of reducing > the number of states represented by the security_inode_killpriv() return > value. This particular hook may need to remain as one of the odd special > cases. > I learned from previous discussions [1] to use a new output parameter to store odd return values. Actually, I am not in favor of this method either, especially since it requires extra work to enable BPF to access the output parameter. I think we could just keep it as-is. [1] https://lore.kernel.org/bpf/CAHC9VhQ_sTmoXwQ_AVfjTYQe4KR-uTnksPVfsei5JZ+VDJBQkA@mail.gmail.com/
Powered by blists - more mailing lists