* [PATCH 1/2] selinux: slow_avc_audit has become non-blocking
@ 2021-06-10 15:51 Al Viro
2021-06-10 15:52 ` [PATCH 2/2] kill unused 'flags' argument in avc_has_perm_flags() and avc_audit() Al Viro
2021-06-10 23:12 ` [PATCH 1/2] selinux: slow_avc_audit has become non-blocking Paul Moore
0 siblings, 2 replies; 7+ messages in thread
From: Al Viro @ 2021-06-10 15:51 UTC (permalink / raw)
To: selinux
[followup to dump_common_audit_data() changes from this winter; in vfs.git#work.audit]
Does anybody have objections to the below?
From 663a40ab49308b5acaba8a335190fce66e17d969 Mon Sep 17 00:00:00 2001
From: Al Viro <viro@zeniv.linux.org.uk>
Date: Sat, 16 Jan 2021 15:40:54 -0500
Subject: [PATCH 1/2] selinux: slow_avc_audit has become non-blocking
dump_common_audit_data() is safe to use under rcu_read_lock() now;
no need for AVC_NONBLOCKING and games around it
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
security/selinux/avc.c | 28 ++++++++--------------------
security/selinux/hooks.c | 13 ++-----------
security/selinux/include/avc.h | 4 ----
3 files changed, 10 insertions(+), 35 deletions(-)
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index ad451cf9375e..9c3d2a29616a 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -758,7 +758,11 @@ static void avc_audit_post_callback(struct audit_buffer *ab, void *a)
}
}
-/* This is the slow part of avc audit with big stack footprint */
+/*
+ * This is the slow part of avc audit with big stack footprint.
+ * Note that it is non-blocking and can be called from under
+ * rcu_read_lock().
+ */
noinline int slow_avc_audit(struct selinux_state *state,
u32 ssid, u32 tsid, u16 tclass,
u32 requested, u32 audited, u32 denied, int result,
@@ -825,7 +829,7 @@ int __init avc_add_callback(int (*callback)(u32 event), u32 events)
* @ssid,@tsid,@tclass : identifier of an AVC entry
* @seqno : sequence number when decision was made
* @xpd: extended_perms_decision to be added to the node
- * @flags: the AVC_* flags, e.g. AVC_NONBLOCKING, AVC_EXTENDED_PERMS, or 0.
+ * @flags: the AVC_* flags, e.g. AVC_EXTENDED_PERMS, or 0.
*
* if a valid AVC entry doesn't exist,this function returns -ENOENT.
* if kmalloc() called internal returns NULL, this function returns -ENOMEM.
@@ -844,21 +848,6 @@ static int avc_update_node(struct selinux_avc *avc,
struct hlist_head *head;
spinlock_t *lock;
- /*
- * If we are in a non-blocking code path, e.g. VFS RCU walk,
- * then we must not add permissions to a cache entry
- * because we will not audit the denial. Otherwise,
- * during the subsequent blocking retry (e.g. VFS ref walk), we
- * will find the permissions already granted in the cache entry
- * and won't audit anything at all, leading to silent denials in
- * permissive mode that only appear when in enforcing mode.
- *
- * See the corresponding handling of MAY_NOT_BLOCK in avc_audit()
- * and selinux_inode_permission().
- */
- if (flags & AVC_NONBLOCKING)
- return 0;
-
node = avc_alloc_node(avc);
if (!node) {
rc = -ENOMEM;
@@ -1119,7 +1108,7 @@ int avc_has_extended_perms(struct selinux_state *state,
* @tsid: target security identifier
* @tclass: target security class
* @requested: requested permissions, interpreted based on @tclass
- * @flags: AVC_STRICT, AVC_NONBLOCKING, or 0
+ * @flags: AVC_STRICT or 0
* @avd: access vector decisions
*
* Check the AVC to determine whether the @requested permissions are granted
@@ -1204,8 +1193,7 @@ int avc_has_perm_flags(struct selinux_state *state,
struct av_decision avd;
int rc, rc2;
- rc = avc_has_perm_noaudit(state, ssid, tsid, tclass, requested,
- (flags & MAY_NOT_BLOCK) ? AVC_NONBLOCKING : 0,
+ rc = avc_has_perm_noaudit(state, ssid, tsid, tclass, requested, 0,
&avd);
rc2 = avc_audit(state, ssid, tsid, tclass, requested, &avd, rc,
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index eaea837d89d1..f22ad1229471 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -3164,17 +3164,13 @@ static noinline int audit_inode_permission(struct inode *inode,
{
struct common_audit_data ad;
struct inode_security_struct *isec = selinux_inode(inode);
- int rc;
ad.type = LSM_AUDIT_DATA_INODE;
ad.u.inode = inode;
- rc = slow_avc_audit(&selinux_state,
+ return slow_avc_audit(&selinux_state,
current_sid(), isec->sid, isec->sclass, perms,
audited, denied, result, &ad);
- if (rc)
- return rc;
- return 0;
}
static int selinux_inode_permission(struct inode *inode, int mask)
@@ -3209,8 +3205,7 @@ static int selinux_inode_permission(struct inode *inode, int mask)
return PTR_ERR(isec);
rc = avc_has_perm_noaudit(&selinux_state,
- sid, isec->sid, isec->sclass, perms,
- no_block ? AVC_NONBLOCKING : 0,
+ sid, isec->sid, isec->sclass, perms, 0,
&avd);
audited = avc_audit_required(perms, &avd, rc,
from_access ? FILE__AUDIT_ACCESS : 0,
@@ -3218,10 +3213,6 @@ static int selinux_inode_permission(struct inode *inode, int mask)
if (likely(!audited))
return rc;
- /* fall back to ref-walk if we have to generate audit */
- if (no_block)
- return -ECHILD;
-
rc2 = audit_inode_permission(inode, perms, audited, denied, rc);
if (rc2)
return rc2;
diff --git a/security/selinux/include/avc.h b/security/selinux/include/avc.h
index cf4cc3ef959b..c3bbfc8e8b46 100644
--- a/security/selinux/include/avc.h
+++ b/security/selinux/include/avc.h
@@ -134,9 +134,6 @@ static inline int avc_audit(struct selinux_state *state,
audited = avc_audit_required(requested, avd, result, 0, &denied);
if (likely(!audited))
return 0;
- /* fall back to ref-walk if we have to generate audit */
- if (flags & MAY_NOT_BLOCK)
- return -ECHILD;
return slow_avc_audit(state, ssid, tsid, tclass,
requested, audited, denied, result,
a);
@@ -144,7 +141,6 @@ static inline int avc_audit(struct selinux_state *state,
#define AVC_STRICT 1 /* Ignore permissive mode. */
#define AVC_EXTENDED_PERMS 2 /* update extended permissions */
-#define AVC_NONBLOCKING 4 /* non blocking */
int avc_has_perm_noaudit(struct selinux_state *state,
u32 ssid, u32 tsid,
u16 tclass, u32 requested,
--
2.11.0
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH 2/2] kill unused 'flags' argument in avc_has_perm_flags() and avc_audit()
2021-06-10 15:51 [PATCH 1/2] selinux: slow_avc_audit has become non-blocking Al Viro
@ 2021-06-10 15:52 ` Al Viro
2021-06-10 22:41 ` Paul Moore
2021-06-10 23:12 ` [PATCH 1/2] selinux: slow_avc_audit has become non-blocking Paul Moore
1 sibling, 1 reply; 7+ messages in thread
From: Al Viro @ 2021-06-10 15:52 UTC (permalink / raw)
To: selinux
From 565799de3ee0a295842a07a5f9a459db5e793beb Mon Sep 17 00:00:00 2001
From: Al Viro <viro@zeniv.linux.org.uk>
Date: Sat, 16 Jan 2021 15:57:49 -0500
Subject: [PATCH 2/2] kill unused 'flags' argument in avc_has_perm_flags() and
avc_audit()
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
security/selinux/avc.c | 7 +++----
security/selinux/hooks.c | 5 ++---
security/selinux/include/avc.h | 7 ++-----
3 files changed, 7 insertions(+), 12 deletions(-)
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index 9c3d2a29616a..10b71a0efc50 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -1179,7 +1179,7 @@ int avc_has_perm(struct selinux_state *state, u32 ssid, u32 tsid, u16 tclass,
&avd);
rc2 = avc_audit(state, ssid, tsid, tclass, requested, &avd, rc,
- auditdata, 0);
+ auditdata);
if (rc2)
return rc2;
return rc;
@@ -1187,8 +1187,7 @@ int avc_has_perm(struct selinux_state *state, u32 ssid, u32 tsid, u16 tclass,
int avc_has_perm_flags(struct selinux_state *state,
u32 ssid, u32 tsid, u16 tclass, u32 requested,
- struct common_audit_data *auditdata,
- int flags)
+ struct common_audit_data *auditdata)
{
struct av_decision avd;
int rc, rc2;
@@ -1197,7 +1196,7 @@ int avc_has_perm_flags(struct selinux_state *state,
&avd);
rc2 = avc_audit(state, ssid, tsid, tclass, requested, &avd, rc,
- auditdata, flags);
+ auditdata);
if (rc2)
return rc2;
return rc;
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index f22ad1229471..2ae55348bd1c 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1676,7 +1676,7 @@ static int cred_has_capability(const struct cred *cred,
sid, sid, sclass, av, 0, &avd);
if (!(opts & CAP_OPT_NOAUDIT)) {
int rc2 = avc_audit(&selinux_state,
- sid, sid, sclass, av, &avd, rc, &ad, 0);
+ sid, sid, sclass, av, &avd, rc, &ad);
if (rc2)
return rc2;
}
@@ -3154,8 +3154,7 @@ static int selinux_inode_follow_link(struct dentry *dentry, struct inode *inode,
return PTR_ERR(isec);
return avc_has_perm_flags(&selinux_state,
- sid, isec->sid, isec->sclass, FILE__READ, &ad,
- rcu ? MAY_NOT_BLOCK : 0);
+ sid, isec->sid, isec->sclass, FILE__READ, &ad);
}
static noinline int audit_inode_permission(struct inode *inode,
diff --git a/security/selinux/include/avc.h b/security/selinux/include/avc.h
index c3bbfc8e8b46..098f31c415e2 100644
--- a/security/selinux/include/avc.h
+++ b/security/selinux/include/avc.h
@@ -111,7 +111,6 @@ int slow_avc_audit(struct selinux_state *state,
* @avd: access vector decisions
* @result: result from avc_has_perm_noaudit
* @a: auxiliary audit data
- * @flags: VFS walk flags
*
* Audit the granting or denial of permissions in accordance
* with the policy. This function is typically called by
@@ -127,8 +126,7 @@ static inline int avc_audit(struct selinux_state *state,
u16 tclass, u32 requested,
struct av_decision *avd,
int result,
- struct common_audit_data *a,
- int flags)
+ struct common_audit_data *a)
{
u32 audited, denied;
audited = avc_audit_required(requested, avd, result, 0, &denied);
@@ -154,8 +152,7 @@ int avc_has_perm(struct selinux_state *state,
int avc_has_perm_flags(struct selinux_state *state,
u32 ssid, u32 tsid,
u16 tclass, u32 requested,
- struct common_audit_data *auditdata,
- int flags);
+ struct common_audit_data *auditdata);
int avc_has_extended_perms(struct selinux_state *state,
u32 ssid, u32 tsid, u16 tclass, u32 requested,
--
2.11.0
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH 2/2] kill unused 'flags' argument in avc_has_perm_flags() and avc_audit()
2021-06-10 15:52 ` [PATCH 2/2] kill unused 'flags' argument in avc_has_perm_flags() and avc_audit() Al Viro
@ 2021-06-10 22:41 ` Paul Moore
0 siblings, 0 replies; 7+ messages in thread
From: Paul Moore @ 2021-06-10 22:41 UTC (permalink / raw)
To: Al Viro; +Cc: selinux
On Thu, Jun 10, 2021 at 11:52 AM Al Viro <viro@zeniv.linux.org.uk> wrote:
>
> From 565799de3ee0a295842a07a5f9a459db5e793beb Mon Sep 17 00:00:00 2001
> From: Al Viro <viro@zeniv.linux.org.uk>
> Date: Sat, 16 Jan 2021 15:57:49 -0500
> Subject: [PATCH 2/2] kill unused 'flags' argument in avc_has_perm_flags() and
> avc_audit()
>
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
> ---
> security/selinux/avc.c | 7 +++----
> security/selinux/hooks.c | 5 ++---
> security/selinux/include/avc.h | 7 ++-----
> 3 files changed, 7 insertions(+), 12 deletions(-)
I'm looking at patch 1/2 now, but if we can safely get rid of the
flags arg then we might as well do away with avc_has_perm_flags()
altogether and just convert the callers to avc_has_perm().
> diff --git a/security/selinux/include/avc.h b/security/selinux/include/avc.h
> index c3bbfc8e8b46..098f31c415e2 100644
> --- a/security/selinux/include/avc.h
> +++ b/security/selinux/include/avc.h
> @@ -154,8 +152,7 @@ int avc_has_perm(struct selinux_state *state,
> int avc_has_perm_flags(struct selinux_state *state,
> u32 ssid, u32 tsid,
> u16 tclass, u32 requested,
> - struct common_audit_data *auditdata,
> - int flags);
> + struct common_audit_data *auditdata);
>
> int avc_has_extended_perms(struct selinux_state *state,
> u32 ssid, u32 tsid, u16 tclass, u32 requested,
> --
> 2.11.0
--
paul moore
www.paul-moore.com
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 1/2] selinux: slow_avc_audit has become non-blocking
2021-06-10 15:51 [PATCH 1/2] selinux: slow_avc_audit has become non-blocking Al Viro
2021-06-10 15:52 ` [PATCH 2/2] kill unused 'flags' argument in avc_has_perm_flags() and avc_audit() Al Viro
@ 2021-06-10 23:12 ` Paul Moore
2021-06-11 1:45 ` Al Viro
1 sibling, 1 reply; 7+ messages in thread
From: Paul Moore @ 2021-06-10 23:12 UTC (permalink / raw)
To: Al Viro; +Cc: selinux
On Thu, Jun 10, 2021 at 11:51 AM Al Viro <viro@zeniv.linux.org.uk> wrote:
>
> [followup to dump_common_audit_data() changes from this winter; in vfs.git#work.audit]
> Does anybody have objections to the below?
>
> From 663a40ab49308b5acaba8a335190fce66e17d969 Mon Sep 17 00:00:00 2001
> From: Al Viro <viro@zeniv.linux.org.uk>
> Date: Sat, 16 Jan 2021 15:40:54 -0500
> Subject: [PATCH 1/2] selinux: slow_avc_audit has become non-blocking
>
> dump_common_audit_data() is safe to use under rcu_read_lock() now;
> no need for AVC_NONBLOCKING and games around it
>
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
> ---
> security/selinux/avc.c | 28 ++++++++--------------------
> security/selinux/hooks.c | 13 ++-----------
> security/selinux/include/avc.h | 4 ----
> 3 files changed, 10 insertions(+), 35 deletions(-)
This looks okay to me, thanks Al. If you want to fix patch 2/2 I can
pull both into selinux/next.
--
paul moore
www.paul-moore.com
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 1/2] selinux: slow_avc_audit has become non-blocking
2021-06-10 23:12 ` [PATCH 1/2] selinux: slow_avc_audit has become non-blocking Paul Moore
@ 2021-06-11 1:45 ` Al Viro
2021-06-11 1:51 ` Paul Moore
0 siblings, 1 reply; 7+ messages in thread
From: Al Viro @ 2021-06-11 1:45 UTC (permalink / raw)
To: Paul Moore; +Cc: selinux
On Thu, Jun 10, 2021 at 07:12:15PM -0400, Paul Moore wrote:
> On Thu, Jun 10, 2021 at 11:51 AM Al Viro <viro@zeniv.linux.org.uk> wrote:
> >
> > [followup to dump_common_audit_data() changes from this winter; in vfs.git#work.audit]
> > Does anybody have objections to the below?
> >
> > From 663a40ab49308b5acaba8a335190fce66e17d969 Mon Sep 17 00:00:00 2001
> > From: Al Viro <viro@zeniv.linux.org.uk>
> > Date: Sat, 16 Jan 2021 15:40:54 -0500
> > Subject: [PATCH 1/2] selinux: slow_avc_audit has become non-blocking
> >
> > dump_common_audit_data() is safe to use under rcu_read_lock() now;
> > no need for AVC_NONBLOCKING and games around it
> >
> > Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
> > ---
> > security/selinux/avc.c | 28 ++++++++--------------------
> > security/selinux/hooks.c | 13 ++-----------
> > security/selinux/include/avc.h | 4 ----
> > 3 files changed, 10 insertions(+), 35 deletions(-)
>
> This looks okay to me, thanks Al. If you want to fix patch 2/2 I can
> pull both into selinux/next.
Done and force-pushed into the same branch... Do you want a formal pull request?
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 1/2] selinux: slow_avc_audit has become non-blocking
2021-06-11 1:45 ` Al Viro
@ 2021-06-11 1:51 ` Paul Moore
2021-06-11 17:18 ` Paul Moore
0 siblings, 1 reply; 7+ messages in thread
From: Paul Moore @ 2021-06-11 1:51 UTC (permalink / raw)
To: Al Viro; +Cc: selinux
On Thu, Jun 10, 2021 at 9:45 PM Al Viro <viro@zeniv.linux.org.uk> wrote:
> On Thu, Jun 10, 2021 at 07:12:15PM -0400, Paul Moore wrote:
> > On Thu, Jun 10, 2021 at 11:51 AM Al Viro <viro@zeniv.linux.org.uk> wrote:
> > >
> > > [followup to dump_common_audit_data() changes from this winter; in vfs.git#work.audit]
> > > Does anybody have objections to the below?
> > >
> > > From 663a40ab49308b5acaba8a335190fce66e17d969 Mon Sep 17 00:00:00 2001
> > > From: Al Viro <viro@zeniv.linux.org.uk>
> > > Date: Sat, 16 Jan 2021 15:40:54 -0500
> > > Subject: [PATCH 1/2] selinux: slow_avc_audit has become non-blocking
> > >
> > > dump_common_audit_data() is safe to use under rcu_read_lock() now;
> > > no need for AVC_NONBLOCKING and games around it
> > >
> > > Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
> > > ---
> > > security/selinux/avc.c | 28 ++++++++--------------------
> > > security/selinux/hooks.c | 13 ++-----------
> > > security/selinux/include/avc.h | 4 ----
> > > 3 files changed, 10 insertions(+), 35 deletions(-)
> >
> > This looks okay to me, thanks Al. If you want to fix patch 2/2 I can
> > pull both into selinux/next.
>
> Done and force-pushed into the same branch... Do you want a formal pull request?
Thanks for the offer, but I can just pull those top two patches from
work.audit. However, this mail came in just as I was shutting down
for the evening so I'll take care of it tomorrow.
--
paul moore
www.paul-moore.com
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 1/2] selinux: slow_avc_audit has become non-blocking
2021-06-11 1:51 ` Paul Moore
@ 2021-06-11 17:18 ` Paul Moore
0 siblings, 0 replies; 7+ messages in thread
From: Paul Moore @ 2021-06-11 17:18 UTC (permalink / raw)
To: Al Viro; +Cc: selinux
On Thu, Jun 10, 2021 at 9:51 PM Paul Moore <paul@paul-moore.com> wrote:
> On Thu, Jun 10, 2021 at 9:45 PM Al Viro <viro@zeniv.linux.org.uk> wrote:
> > On Thu, Jun 10, 2021 at 07:12:15PM -0400, Paul Moore wrote:
> > > On Thu, Jun 10, 2021 at 11:51 AM Al Viro <viro@zeniv.linux.org.uk> wrote:
> > > >
> > > > [followup to dump_common_audit_data() changes from this winter; in vfs.git#work.audit]
> > > > Does anybody have objections to the below?
> > > >
> > > > From 663a40ab49308b5acaba8a335190fce66e17d969 Mon Sep 17 00:00:00 2001
> > > > From: Al Viro <viro@zeniv.linux.org.uk>
> > > > Date: Sat, 16 Jan 2021 15:40:54 -0500
> > > > Subject: [PATCH 1/2] selinux: slow_avc_audit has become non-blocking
> > > >
> > > > dump_common_audit_data() is safe to use under rcu_read_lock() now;
> > > > no need for AVC_NONBLOCKING and games around it
> > > >
> > > > Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
> > > > ---
> > > > security/selinux/avc.c | 28 ++++++++--------------------
> > > > security/selinux/hooks.c | 13 ++-----------
> > > > security/selinux/include/avc.h | 4 ----
> > > > 3 files changed, 10 insertions(+), 35 deletions(-)
> > >
> > > This looks okay to me, thanks Al. If you want to fix patch 2/2 I can
> > > pull both into selinux/next.
> >
> > Done and force-pushed into the same branch... Do you want a formal pull request?
>
> Thanks for the offer, but I can just pull those top two patches from
> work.audit. However, this mail came in just as I was shutting down
> for the evening so I'll take care of it tomorrow.
Both are now in selinux/next, thanks Al.
--
paul moore
www.paul-moore.com
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2021-06-11 17:19 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-06-10 15:51 [PATCH 1/2] selinux: slow_avc_audit has become non-blocking Al Viro
2021-06-10 15:52 ` [PATCH 2/2] kill unused 'flags' argument in avc_has_perm_flags() and avc_audit() Al Viro
2021-06-10 22:41 ` Paul Moore
2021-06-10 23:12 ` [PATCH 1/2] selinux: slow_avc_audit has become non-blocking Paul Moore
2021-06-11 1:45 ` Al Viro
2021-06-11 1:51 ` Paul Moore
2021-06-11 17:18 ` Paul Moore
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.