From: Paul Moore <paul@paul-moore.com>
To: Casey Schaufler <casey@schaufler-ca.com>
Cc: casey.schaufler@intel.com, linux-security-module@vger.kernel.org,
jmorris@namei.org, keescook@chromium.org,
john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp,
stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org,
linux-api@vger.kernel.org, mic@digikod.net
Subject: Re: [PATCH v5 2/8] LSM: Maintain a table of LSM attribute data
Date: Wed, 11 Jan 2023 16:01:02 -0500 [thread overview]
Message-ID: <CAHC9VhTaySsuvkj0U9Jbp405+WoRfhtq+ib5ynO-a9BeM+a5Ew@mail.gmail.com> (raw)
In-Reply-To: <20230109180717.58855-3-casey@schaufler-ca.com>
On Mon, Jan 9, 2023 at 1:07 PM Casey Schaufler <casey@schaufler-ca.com> wrote:
>
> As LSMs are registered add their lsm_id pointers to a table.
> This will be used later for attribute reporting.
>
> Determine the number of possible security modules based on
> their respective CONFIG options. This allows the number to be
> known at build time. This allows data structures and tables
> to use the constant.
>
> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
> ---
> include/linux/security.h | 2 ++
> security/security.c | 44 +++++++++++++++++++++++++++++++++-------
> 2 files changed, 39 insertions(+), 7 deletions(-)
>
> diff --git a/include/linux/security.h b/include/linux/security.h
> index 5b67f208f7de..33ed1860b96f 100644
> --- a/include/linux/security.h
> +++ b/include/linux/security.h
> @@ -138,6 +138,8 @@ enum lockdown_reason {
> };
>
> extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1];
> +extern u32 lsm_active_cnt;
> +extern struct lsm_id *lsm_idlist[];
>
> /* These functions are in security/commoncap.c */
> extern int cap_capable(const struct cred *cred, struct user_namespace *ns,
> diff --git a/security/security.c b/security/security.c
> index 07a8fe7f92bf..a590fa98ddd6 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -28,12 +28,29 @@
> #include <linux/backing-dev.h>
> #include <linux/string.h>
> #include <linux/msg.h>
> +#include <uapi/linux/lsm.h>
> #include <net/flow.h>
>
> #define MAX_LSM_EVM_XATTR 2
>
> -/* How many LSMs were built into the kernel? */
> -#define LSM_COUNT (__end_lsm_info - __start_lsm_info)
> +/*
> + * How many LSMs are built into the kernel as determined at
> + * build time. Used to determine fixed array sizes.
> + * The capability module is accounted for by CONFIG_SECURITY
> + */
> +#define LSM_COUNT ( \
> + (IS_ENABLED(CONFIG_SECURITY) ? 1 : 0) + \
> + (IS_ENABLED(CONFIG_SECURITY_SELINUX) ? 1 : 0) + \
> + (IS_ENABLED(CONFIG_SECURITY_SMACK) ? 1 : 0) + \
> + (IS_ENABLED(CONFIG_SECURITY_TOMOYO) ? 1 : 0) + \
> + (IS_ENABLED(CONFIG_SECURITY_IMA) ? 1 : 0) + \
> + (IS_ENABLED(CONFIG_SECURITY_APPARMOR) ? 1 : 0) + \
> + (IS_ENABLED(CONFIG_SECURITY_YAMA) ? 1 : 0) + \
> + (IS_ENABLED(CONFIG_SECURITY_LOADPIN) ? 1 : 0) + \
> + (IS_ENABLED(CONFIG_SECURITY_SAFESETID) ? 1 : 0) + \
> + (IS_ENABLED(CONFIG_SECURITY_LOCKDOWN_LSM) ? 1 : 0) + \
> + (IS_ENABLED(CONFIG_BPF_LSM) ? 1 : 0) + \
> + (IS_ENABLED(CONFIG_SECURITY_LANDLOCK) ? 1 : 0))
>
> /*
> * These are descriptions of the reasons that can be passed to the
> @@ -90,7 +107,7 @@ static __initdata const char *chosen_major_lsm;
> static __initconst const char * const builtin_lsm_order = CONFIG_LSM;
>
> /* Ordered list of LSMs to initialize. */
> -static __initdata struct lsm_info **ordered_lsms;
> +static __initdata struct lsm_info *ordered_lsms[LSM_COUNT + 1];
I'm guessing this 'LSM_COUNT + 1' logic is basically just copied from
ordered_lsm_init() - which is okay - but can you remind me why it is
'LSM_COUNT + 1' and not just 'LSM_COUNT'? Based on the LSM_COUNT
macro above it seems like LSM_COUNT should be enough, no?
> static __initdata struct lsm_info *exclusive;
>
> static __initdata bool debug;
> @@ -341,13 +358,16 @@ static void __init report_lsm_order(void)
> pr_cont("\n");
> }
>
> +/*
> + * Current index to use while initializing the lsm id list.
> + */
> +u32 lsm_active_cnt __lsm_ro_after_init;
> +struct lsm_id *lsm_idlist[LSM_COUNT] __lsm_ro_after_init;
> +
> static void __init ordered_lsm_init(void)
> {
> struct lsm_info **lsm;
>
> - ordered_lsms = kcalloc(LSM_COUNT + 1, sizeof(*ordered_lsms),
> - GFP_KERNEL);
> -
> if (chosen_lsm_order) {
> if (chosen_major_lsm) {
> pr_warn("security=%s is ignored because it is superseded by lsm=%s\n",
> @@ -388,7 +408,7 @@ static void __init ordered_lsm_init(void)
> for (lsm = ordered_lsms; *lsm; lsm++)
> initialize_lsm(*lsm);
>
> - kfree(ordered_lsms);
> + init_debug("lsm count = %d\n", lsm_active_cnt);
> }
Given 86ef3c735ec8 ("LSM: Better reporting of actual LSMs at boot"),
is this needed?
--
paul-moore.com
next prev parent reply other threads:[~2023-01-11 21:03 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20230109180717.58855-1-casey.ref@schaufler-ca.com>
2023-01-09 18:07 ` [PATCH v5 0/8] LSM: Three basic syscalls Casey Schaufler
2023-01-09 18:07 ` [PATCH v5 1/8] LSM: Identify modules by more than name Casey Schaufler
2023-01-11 21:00 ` Paul Moore
2023-01-12 0:05 ` Casey Schaufler
2023-01-12 20:30 ` Paul Moore
2023-01-09 18:07 ` [PATCH v5 2/8] LSM: Maintain a table of LSM attribute data Casey Schaufler
2023-01-11 1:58 ` kernel test robot
2023-01-11 21:01 ` Paul Moore [this message]
2023-01-12 0:36 ` Casey Schaufler
2023-01-12 20:26 ` Paul Moore
2023-01-09 18:07 ` [PATCH v5 3/8] proc: Use lsmids instead of lsm names for attrs Casey Schaufler
2023-01-11 21:01 ` Paul Moore
2023-01-12 0:37 ` Casey Schaufler
2023-01-09 18:07 ` [PATCH v5 4/8] LSM: lsm_get_self_attr syscall for LSM self attributes Casey Schaufler
2023-01-11 21:07 ` Paul Moore
2023-01-12 1:37 ` Casey Schaufler
2023-01-12 21:37 ` Paul Moore
2023-01-12 14:40 ` Arnd Bergmann
2023-01-12 21:39 ` Paul Moore
2023-02-14 16:48 ` Mickaël Salaün
2023-02-02 4:53 ` Serge Hallyn (shallyn)
2023-02-14 17:41 ` Mickaël Salaün
2023-02-14 18:06 ` Casey Schaufler
2023-01-09 18:07 ` [PATCH v5 5/8] LSM: Create lsm_module_list system call Casey Schaufler
2023-01-11 0:50 ` kernel test robot
2023-01-11 21:07 ` Paul Moore
2023-01-12 1:39 ` Casey Schaufler
2023-01-12 21:43 ` Paul Moore
2023-01-09 18:07 ` [PATCH v5 6/8] LSM: lsm_set_self_attr syscall for LSM self attributes Casey Schaufler
2023-01-09 18:07 ` [PATCH v5 7/8] LSM: wireup Linux Security Module syscalls Casey Schaufler
2023-01-13 9:31 ` Geert Uytterhoeven
2023-01-09 18:07 ` [PATCH v5 8/8] LSM: selftests for " Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAHC9VhTaySsuvkj0U9Jbp405+WoRfhtq+ib5ynO-a9BeM+a5Ew@mail.gmail.com \
--to=paul@paul-moore.com \
--cc=casey.schaufler@intel.com \
--cc=casey@schaufler-ca.com \
--cc=jmorris@namei.org \
--cc=john.johansen@canonical.com \
--cc=keescook@chromium.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mic@digikod.net \
--cc=penguin-kernel@i-love.sakura.ne.jp \
--cc=stephen.smalley.work@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.