* Re: [PATCH v36 07/33] LSM: Use lsmblob in security_kernel_act_as
@ 2022-06-12 14:41 kernel test robot
0 siblings, 0 replies; 3+ messages in thread
From: kernel test robot @ 2022-06-12 14:41 UTC (permalink / raw)
To: kbuild
[-- Attachment #1: Type: text/plain, Size: 3019 bytes --]
CC: kbuild-all(a)lists.01.org
BCC: lkp(a)intel.com
In-Reply-To: <20220609230146.319210-8-casey@schaufler-ca.com>
References: <20220609230146.319210-8-casey@schaufler-ca.com>
TO: Casey Schaufler <casey@schaufler-ca.com>
TO: casey.schaufler(a)intel.com
TO: jmorris(a)namei.org
TO: linux-security-module(a)vger.kernel.org
TO: selinux(a)vger.kernel.org
CC: casey(a)schaufler-ca.com
CC: linux-audit(a)redhat.com
CC: keescook(a)chromium.org
CC: john.johansen(a)canonical.com
CC: penguin-kernel(a)i-love.sakura.ne.jp
CC: paul(a)paul-moore.com
CC: stephen.smalley.work(a)gmail.com
CC: linux-kernel(a)vger.kernel.org
Hi Casey,
I love your patch! Perhaps something to improve:
[auto build test WARNING on pcmoore-audit/next]
[also build test WARNING on pcmoore-selinux/next linus/master v5.19-rc1 next-20220610]
[cannot apply to jmorris-security/next-testing]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]
url: https://github.com/intel-lab-lkp/linux/commits/Casey-Schaufler/integrity-disassociate-ima_filter_rule-from-security_audit_rule/20220610-080129
base: https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit.git next
:::::: branch date: 3 days ago
:::::: commit date: 3 days ago
config: i386-randconfig-m021 (https://download.01.org/0day-ci/archive/20220612/202206122240.t0crUB1l-lkp(a)intel.com/config)
compiler: gcc-11 (Debian 11.3.0-3) 11.3.0
If you fix the issue, kindly add following tag where applicable
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
smatch warnings:
include/linux/security.h:170 lsmblob_init() warn: we never enter this loop
vim +170 include/linux/security.h
03e5d0189b60bc Casey Schaufler 2022-06-09 158
03e5d0189b60bc Casey Schaufler 2022-06-09 159 /**
03e5d0189b60bc Casey Schaufler 2022-06-09 160 * lsmblob_init - initialize a lsmblob structure
03e5d0189b60bc Casey Schaufler 2022-06-09 161 * @blob: Pointer to the data to initialize
03e5d0189b60bc Casey Schaufler 2022-06-09 162 * @secid: The initial secid value
03e5d0189b60bc Casey Schaufler 2022-06-09 163 *
03e5d0189b60bc Casey Schaufler 2022-06-09 164 * Set all secid for all modules to the specified value.
03e5d0189b60bc Casey Schaufler 2022-06-09 165 */
03e5d0189b60bc Casey Schaufler 2022-06-09 166 static inline void lsmblob_init(struct lsmblob *blob, u32 secid)
03e5d0189b60bc Casey Schaufler 2022-06-09 167 {
03e5d0189b60bc Casey Schaufler 2022-06-09 168 int i;
03e5d0189b60bc Casey Schaufler 2022-06-09 169
03e5d0189b60bc Casey Schaufler 2022-06-09 @170 for (i = 0; i < LSMBLOB_ENTRIES; i++)
03e5d0189b60bc Casey Schaufler 2022-06-09 171 blob->secid[i] = secid;
03e5d0189b60bc Casey Schaufler 2022-06-09 172 }
03e5d0189b60bc Casey Schaufler 2022-06-09 173
--
0-DAY CI Kernel Test Service
https://01.org/lkp
^ permalink raw reply [flat|nested] 3+ messages in thread
* [PATCH v36 07/33] LSM: Use lsmblob in security_kernel_act_as
2022-06-09 23:01 [PATCH v36 00/33] LSM: Module stacking for AppArmor Casey Schaufler
@ 2022-06-09 23:01 ` Casey Schaufler
0 siblings, 0 replies; 3+ messages in thread
From: Casey Schaufler @ 2022-06-09 23:01 UTC (permalink / raw)
To: casey.schaufler, jmorris, linux-security-module, selinux
Cc: casey, linux-audit, keescook, john.johansen, penguin-kernel,
paul, stephen.smalley.work, linux-kernel
Change the security_kernel_act_as interface to use a lsmblob
structure in place of the single u32 secid in support of
module stacking. Change its only caller, set_security_override,
to do the same. Change that one's only caller,
set_security_override_from_ctx, to call it with the new
parameter type.
The security module hook is unchanged, still taking a secid.
The infrastructure passes the correct entry from the lsmblob.
lsmblob_init() is used to fill the lsmblob structure, however
this will be removed later in the series when security_secctx_to_secid()
is updated to provide a lsmblob instead of a secid.
Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: John Johansen <john.johansen@canonical.com>
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
To: David Howells <dhowells@redhat.com>
---
include/linux/cred.h | 3 ++-
include/linux/security.h | 5 +++--
kernel/cred.c | 10 ++++++----
security/security.c | 14 ++++++++++++--
4 files changed, 23 insertions(+), 9 deletions(-)
diff --git a/include/linux/cred.h b/include/linux/cred.h
index 9ed9232af934..610f70a99f60 100644
--- a/include/linux/cred.h
+++ b/include/linux/cred.h
@@ -18,6 +18,7 @@
struct cred;
struct inode;
+struct lsmblob;
/*
* COW Supplementary groups list
@@ -165,7 +166,7 @@ extern const struct cred *override_creds(const struct cred *);
extern void revert_creds(const struct cred *);
extern struct cred *prepare_kernel_cred(struct task_struct *);
extern int change_create_files_as(struct cred *, struct inode *);
-extern int set_security_override(struct cred *, u32);
+extern int set_security_override(struct cred *, struct lsmblob *);
extern int set_security_override_from_ctx(struct cred *, const char *);
extern int set_create_files_as(struct cred *, struct inode *);
extern int cred_fscmp(const struct cred *, const struct cred *);
diff --git a/include/linux/security.h b/include/linux/security.h
index 95ba8c223e0c..823880ba613e 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -465,7 +465,7 @@ void security_cred_free(struct cred *cred);
int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp);
void security_transfer_creds(struct cred *new, const struct cred *old);
void security_cred_getsecid(const struct cred *c, u32 *secid);
-int security_kernel_act_as(struct cred *new, u32 secid);
+int security_kernel_act_as(struct cred *new, struct lsmblob *blob);
int security_kernel_create_files_as(struct cred *new, struct inode *inode);
int security_kernel_module_request(char *kmod_name);
int security_kernel_load_data(enum kernel_load_data_id id, bool contents);
@@ -1107,7 +1107,8 @@ static inline void security_cred_getsecid(const struct cred *c, u32 *secid)
*secid = 0;
}
-static inline int security_kernel_act_as(struct cred *cred, u32 secid)
+static inline int security_kernel_act_as(struct cred *cred,
+ struct lsmblob *blob)
{
return 0;
}
diff --git a/kernel/cred.c b/kernel/cred.c
index e10c15f51c1f..3925d38f49f4 100644
--- a/kernel/cred.c
+++ b/kernel/cred.c
@@ -767,14 +767,14 @@ EXPORT_SYMBOL(prepare_kernel_cred);
/**
* set_security_override - Set the security ID in a set of credentials
* @new: The credentials to alter
- * @secid: The LSM security ID to set
+ * @blob: The LSM security information to set
*
* Set the LSM security ID in a set of credentials so that the subjective
* security is overridden when an alternative set of credentials is used.
*/
-int set_security_override(struct cred *new, u32 secid)
+int set_security_override(struct cred *new, struct lsmblob *blob)
{
- return security_kernel_act_as(new, secid);
+ return security_kernel_act_as(new, blob);
}
EXPORT_SYMBOL(set_security_override);
@@ -790,6 +790,7 @@ EXPORT_SYMBOL(set_security_override);
*/
int set_security_override_from_ctx(struct cred *new, const char *secctx)
{
+ struct lsmblob blob;
u32 secid;
int ret;
@@ -797,7 +798,8 @@ int set_security_override_from_ctx(struct cred *new, const char *secctx)
if (ret < 0)
return ret;
- return set_security_override(new, secid);
+ lsmblob_init(&blob, secid);
+ return set_security_override(new, &blob);
}
EXPORT_SYMBOL(set_security_override_from_ctx);
diff --git a/security/security.c b/security/security.c
index ade59e3638e8..d3b28a6b9248 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1810,9 +1810,19 @@ void security_cred_getsecid(const struct cred *c, u32 *secid)
}
EXPORT_SYMBOL(security_cred_getsecid);
-int security_kernel_act_as(struct cred *new, u32 secid)
+int security_kernel_act_as(struct cred *new, struct lsmblob *blob)
{
- return call_int_hook(kernel_act_as, 0, new, secid);
+ struct security_hook_list *hp;
+ int rc;
+
+ hlist_for_each_entry(hp, &security_hook_heads.kernel_act_as, list) {
+ if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot))
+ continue;
+ rc = hp->hook.kernel_act_as(new, blob->secid[hp->lsmid->slot]);
+ if (rc != 0)
+ return rc;
+ }
+ return 0;
}
int security_kernel_create_files_as(struct cred *new, struct inode *inode)
--
2.35.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [PATCH v36 07/33] LSM: Use lsmblob in security_kernel_act_as
@ 2022-06-09 23:01 ` Casey Schaufler
0 siblings, 0 replies; 3+ messages in thread
From: Casey Schaufler @ 2022-06-09 23:01 UTC (permalink / raw)
To: casey.schaufler, jmorris, linux-security-module, selinux
Cc: john.johansen, linux-kernel, linux-audit
Change the security_kernel_act_as interface to use a lsmblob
structure in place of the single u32 secid in support of
module stacking. Change its only caller, set_security_override,
to do the same. Change that one's only caller,
set_security_override_from_ctx, to call it with the new
parameter type.
The security module hook is unchanged, still taking a secid.
The infrastructure passes the correct entry from the lsmblob.
lsmblob_init() is used to fill the lsmblob structure, however
this will be removed later in the series when security_secctx_to_secid()
is updated to provide a lsmblob instead of a secid.
Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: John Johansen <john.johansen@canonical.com>
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
To: David Howells <dhowells@redhat.com>
---
include/linux/cred.h | 3 ++-
include/linux/security.h | 5 +++--
kernel/cred.c | 10 ++++++----
security/security.c | 14 ++++++++++++--
4 files changed, 23 insertions(+), 9 deletions(-)
diff --git a/include/linux/cred.h b/include/linux/cred.h
index 9ed9232af934..610f70a99f60 100644
--- a/include/linux/cred.h
+++ b/include/linux/cred.h
@@ -18,6 +18,7 @@
struct cred;
struct inode;
+struct lsmblob;
/*
* COW Supplementary groups list
@@ -165,7 +166,7 @@ extern const struct cred *override_creds(const struct cred *);
extern void revert_creds(const struct cred *);
extern struct cred *prepare_kernel_cred(struct task_struct *);
extern int change_create_files_as(struct cred *, struct inode *);
-extern int set_security_override(struct cred *, u32);
+extern int set_security_override(struct cred *, struct lsmblob *);
extern int set_security_override_from_ctx(struct cred *, const char *);
extern int set_create_files_as(struct cred *, struct inode *);
extern int cred_fscmp(const struct cred *, const struct cred *);
diff --git a/include/linux/security.h b/include/linux/security.h
index 95ba8c223e0c..823880ba613e 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -465,7 +465,7 @@ void security_cred_free(struct cred *cred);
int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp);
void security_transfer_creds(struct cred *new, const struct cred *old);
void security_cred_getsecid(const struct cred *c, u32 *secid);
-int security_kernel_act_as(struct cred *new, u32 secid);
+int security_kernel_act_as(struct cred *new, struct lsmblob *blob);
int security_kernel_create_files_as(struct cred *new, struct inode *inode);
int security_kernel_module_request(char *kmod_name);
int security_kernel_load_data(enum kernel_load_data_id id, bool contents);
@@ -1107,7 +1107,8 @@ static inline void security_cred_getsecid(const struct cred *c, u32 *secid)
*secid = 0;
}
-static inline int security_kernel_act_as(struct cred *cred, u32 secid)
+static inline int security_kernel_act_as(struct cred *cred,
+ struct lsmblob *blob)
{
return 0;
}
diff --git a/kernel/cred.c b/kernel/cred.c
index e10c15f51c1f..3925d38f49f4 100644
--- a/kernel/cred.c
+++ b/kernel/cred.c
@@ -767,14 +767,14 @@ EXPORT_SYMBOL(prepare_kernel_cred);
/**
* set_security_override - Set the security ID in a set of credentials
* @new: The credentials to alter
- * @secid: The LSM security ID to set
+ * @blob: The LSM security information to set
*
* Set the LSM security ID in a set of credentials so that the subjective
* security is overridden when an alternative set of credentials is used.
*/
-int set_security_override(struct cred *new, u32 secid)
+int set_security_override(struct cred *new, struct lsmblob *blob)
{
- return security_kernel_act_as(new, secid);
+ return security_kernel_act_as(new, blob);
}
EXPORT_SYMBOL(set_security_override);
@@ -790,6 +790,7 @@ EXPORT_SYMBOL(set_security_override);
*/
int set_security_override_from_ctx(struct cred *new, const char *secctx)
{
+ struct lsmblob blob;
u32 secid;
int ret;
@@ -797,7 +798,8 @@ int set_security_override_from_ctx(struct cred *new, const char *secctx)
if (ret < 0)
return ret;
- return set_security_override(new, secid);
+ lsmblob_init(&blob, secid);
+ return set_security_override(new, &blob);
}
EXPORT_SYMBOL(set_security_override_from_ctx);
diff --git a/security/security.c b/security/security.c
index ade59e3638e8..d3b28a6b9248 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1810,9 +1810,19 @@ void security_cred_getsecid(const struct cred *c, u32 *secid)
}
EXPORT_SYMBOL(security_cred_getsecid);
-int security_kernel_act_as(struct cred *new, u32 secid)
+int security_kernel_act_as(struct cred *new, struct lsmblob *blob)
{
- return call_int_hook(kernel_act_as, 0, new, secid);
+ struct security_hook_list *hp;
+ int rc;
+
+ hlist_for_each_entry(hp, &security_hook_heads.kernel_act_as, list) {
+ if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot))
+ continue;
+ rc = hp->hook.kernel_act_as(new, blob->secid[hp->lsmid->slot]);
+ if (rc != 0)
+ return rc;
+ }
+ return 0;
}
int security_kernel_create_files_as(struct cred *new, struct inode *inode)
--
2.35.1
--
Linux-audit mailing list
Linux-audit@redhat.com
https://listman.redhat.com/mailman/listinfo/linux-audit
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-06-12 14:41 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-06-12 14:41 [PATCH v36 07/33] LSM: Use lsmblob in security_kernel_act_as kernel test robot
-- strict thread matches above, loose matches on Subject: below --
2022-06-09 23:01 [PATCH v36 00/33] LSM: Module stacking for AppArmor Casey Schaufler
2022-06-09 23:01 ` [PATCH v36 07/33] LSM: Use lsmblob in security_kernel_act_as Casey Schaufler
2022-06-09 23:01 ` Casey Schaufler
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.