bpf.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] bpf: Drop disabled LSM hooks from the sleepable set
@ 2021-01-22 12:30 Mikko Ylinen
  2021-01-22 22:33 ` KP Singh
  0 siblings, 1 reply; 8+ messages in thread
From: Mikko Ylinen @ 2021-01-22 12:30 UTC (permalink / raw)
  To: bpf, linux-kernel; +Cc: kpsingh, daniel

Networking LSM hooks are conditionally enabled and when building the new
sleepable BPF LSM hooks with the networking LSM hooks disabled, the
following build error occurs:

BTFIDS  vmlinux
FAILED unresolved symbol bpf_lsm_socket_socketpair

To fix the error, conditionally add the networking LSM hooks to the
sleepable set.

Fixes: 423f16108c9d8 ("bpf: Augment the set of sleepable LSM hooks")
Signed-off-by: Mikko Ylinen <mikko.ylinen@linux.intel.com>
---
 kernel/bpf/bpf_lsm.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/kernel/bpf/bpf_lsm.c b/kernel/bpf/bpf_lsm.c
index 70e5e0b6d69d..5041dd35f2a6 100644
--- a/kernel/bpf/bpf_lsm.c
+++ b/kernel/bpf/bpf_lsm.c
@@ -149,7 +149,11 @@ BTF_ID(func, bpf_lsm_file_ioctl)
 BTF_ID(func, bpf_lsm_file_lock)
 BTF_ID(func, bpf_lsm_file_open)
 BTF_ID(func, bpf_lsm_file_receive)
+
+#ifdef CONFIG_SECURITY_NETWORK
 BTF_ID(func, bpf_lsm_inet_conn_established)
+#endif /* CONFIG_SECURITY_NETWORK */
+
 BTF_ID(func, bpf_lsm_inode_create)
 BTF_ID(func, bpf_lsm_inode_free_security)
 BTF_ID(func, bpf_lsm_inode_getattr)
@@ -181,6 +185,8 @@ BTF_ID(func, bpf_lsm_sb_show_options)
 BTF_ID(func, bpf_lsm_sb_statfs)
 BTF_ID(func, bpf_lsm_sb_umount)
 BTF_ID(func, bpf_lsm_settime)
+
+#ifdef CONFIG_SECURITY_NETWORK
 BTF_ID(func, bpf_lsm_socket_accept)
 BTF_ID(func, bpf_lsm_socket_bind)
 BTF_ID(func, bpf_lsm_socket_connect)
@@ -195,6 +201,8 @@ BTF_ID(func, bpf_lsm_socket_recvmsg)
 BTF_ID(func, bpf_lsm_socket_sendmsg)
 BTF_ID(func, bpf_lsm_socket_shutdown)
 BTF_ID(func, bpf_lsm_socket_socketpair)
+#endif /* CONFIG_SECURITY_NETWORK */
+
 BTF_ID(func, bpf_lsm_syslog)
 BTF_ID(func, bpf_lsm_task_alloc)
 BTF_ID(func, bpf_lsm_task_getsecid)
-- 
2.17.1


^ permalink raw reply related	[flat|nested] 8+ messages in thread

* Re: [PATCH] bpf: Drop disabled LSM hooks from the sleepable set
  2021-01-22 12:30 [PATCH] bpf: Drop disabled LSM hooks from the sleepable set Mikko Ylinen
@ 2021-01-22 22:33 ` KP Singh
  2021-01-22 23:50   ` KP Singh
  0 siblings, 1 reply; 8+ messages in thread
From: KP Singh @ 2021-01-22 22:33 UTC (permalink / raw)
  To: Mikko Ylinen; +Cc: bpf, open list, KP Singh, Daniel Borkmann

On Fri, Jan 22, 2021 at 1:32 PM Mikko Ylinen
<mikko.ylinen@linux.intel.com> wrote:
>
> Networking LSM hooks are conditionally enabled and when building the new
> sleepable BPF LSM hooks with the networking LSM hooks disabled, the
> following build error occurs:
>
> BTFIDS  vmlinux
> FAILED unresolved symbol bpf_lsm_socket_socketpair
>
> To fix the error, conditionally add the networking LSM hooks to the
> sleepable set.
>
> Fixes: 423f16108c9d8 ("bpf: Augment the set of sleepable LSM hooks")
> Signed-off-by: Mikko Ylinen <mikko.ylinen@linux.intel.com>

Thanks!

Acked-by: KP Singh <kpsingh@kernel.org>

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [PATCH] bpf: Drop disabled LSM hooks from the sleepable set
  2021-01-22 22:33 ` KP Singh
@ 2021-01-22 23:50   ` KP Singh
  2021-01-25  6:39     ` [PATCH v2] " Mikko Ylinen
  2021-01-25  6:55     ` [PATCH] " Mikko Ylinen
  0 siblings, 2 replies; 8+ messages in thread
From: KP Singh @ 2021-01-22 23:50 UTC (permalink / raw)
  To: Mikko Ylinen; +Cc: bpf, open list, KP Singh, Daniel Borkmann

On Fri, Jan 22, 2021 at 11:33 PM KP Singh <kpsingh@kernel.org> wrote:
>
> On Fri, Jan 22, 2021 at 1:32 PM Mikko Ylinen
> <mikko.ylinen@linux.intel.com> wrote:
> >
> > Networking LSM hooks are conditionally enabled and when building the new
> > sleepable BPF LSM hooks with the networking LSM hooks disabled, the
> > following build error occurs:
> >
> > BTFIDS  vmlinux
> > FAILED unresolved symbol bpf_lsm_socket_socketpair
> >
> > To fix the error, conditionally add the networking LSM hooks to the
> > sleepable set.
> >
> > Fixes: 423f16108c9d8 ("bpf: Augment the set of sleepable LSM hooks")
> > Signed-off-by: Mikko Ylinen <mikko.ylinen@linux.intel.com>
>
> Thanks!
>
> Acked-by: KP Singh <kpsingh@kernel.org>

Btw, I was noticing that there's another hook that is surrounded by ifdefs:

diff --git a/kernel/bpf/bpf_lsm.c b/kernel/bpf/bpf_lsm.c
index 70e5e0b6d69d..f7f7754e938d 100644
--- a/kernel/bpf/bpf_lsm.c
+++ b/kernel/bpf/bpf_lsm.c
@@ -166,7 +166,11 @@ BTF_ID(func, bpf_lsm_inode_symlink)
 BTF_ID(func, bpf_lsm_inode_unlink)
 BTF_ID(func, bpf_lsm_kernel_module_request)
 BTF_ID(func, bpf_lsm_kernfs_init_security)
+
+#ifdef CONFIG_KEYS
 BTF_ID(func, bpf_lsm_key_free)
+#endif
+
 BTF_ID(func, bpf_lsm_mmap_file)
 BTF_ID(func, bpf_lsm_netlink_send)
 BTF_ID(func, bpf_lsm_path_notify)

It would be great if you can also add this to your patch :)

I guess the cleanest solution to never let this happen would be to
incorporate this in
lsm_hook_defs.h and mark hooks as SLEEPABLE and NON_SLEEPABLE with an
extra parameter to the LSM_HOOK macro and then only generate the BTF IDs
based on this macro parameter.

^ permalink raw reply related	[flat|nested] 8+ messages in thread

* [PATCH v2] bpf: Drop disabled LSM hooks from the sleepable set
  2021-01-22 23:50   ` KP Singh
@ 2021-01-25  6:39     ` Mikko Ylinen
  2021-01-25 17:45       ` KP Singh
  2021-01-26 16:20       ` patchwork-bot+netdevbpf
  2021-01-25  6:55     ` [PATCH] " Mikko Ylinen
  1 sibling, 2 replies; 8+ messages in thread
From: Mikko Ylinen @ 2021-01-25  6:39 UTC (permalink / raw)
  To: kpsingh; +Cc: bpf, daniel, kpsingh, linux-kernel, mikko.ylinen

Some networking and keys LSM hooks are conditionally enabled
and when building the new sleepable BPF LSM hooks with those
LSM hooks disabled, the following build error occurs:

BTFIDS  vmlinux
FAILED unresolved symbol bpf_lsm_socket_socketpair

To fix the error, conditionally add the relevant networking/keys
LSM hooks to the sleepable set.

Fixes: 423f16108c9d8 ("bpf: Augment the set of sleepable LSM hooks")
Signed-off-by: Mikko Ylinen <mikko.ylinen@linux.intel.com>
---
 kernel/bpf/bpf_lsm.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/kernel/bpf/bpf_lsm.c b/kernel/bpf/bpf_lsm.c
index 70e5e0b6d69d..1622a44d1617 100644
--- a/kernel/bpf/bpf_lsm.c
+++ b/kernel/bpf/bpf_lsm.c
@@ -149,7 +149,11 @@ BTF_ID(func, bpf_lsm_file_ioctl)
 BTF_ID(func, bpf_lsm_file_lock)
 BTF_ID(func, bpf_lsm_file_open)
 BTF_ID(func, bpf_lsm_file_receive)
+
+#ifdef CONFIG_SECURITY_NETWORK
 BTF_ID(func, bpf_lsm_inet_conn_established)
+#endif /* CONFIG_SECURITY_NETWORK */
+
 BTF_ID(func, bpf_lsm_inode_create)
 BTF_ID(func, bpf_lsm_inode_free_security)
 BTF_ID(func, bpf_lsm_inode_getattr)
@@ -166,7 +170,11 @@ BTF_ID(func, bpf_lsm_inode_symlink)
 BTF_ID(func, bpf_lsm_inode_unlink)
 BTF_ID(func, bpf_lsm_kernel_module_request)
 BTF_ID(func, bpf_lsm_kernfs_init_security)
+
+#ifdef CONFIG_KEYS
 BTF_ID(func, bpf_lsm_key_free)
+#endif /* CONFIG_KEYS */
+
 BTF_ID(func, bpf_lsm_mmap_file)
 BTF_ID(func, bpf_lsm_netlink_send)
 BTF_ID(func, bpf_lsm_path_notify)
@@ -181,6 +189,8 @@ BTF_ID(func, bpf_lsm_sb_show_options)
 BTF_ID(func, bpf_lsm_sb_statfs)
 BTF_ID(func, bpf_lsm_sb_umount)
 BTF_ID(func, bpf_lsm_settime)
+
+#ifdef CONFIG_SECURITY_NETWORK
 BTF_ID(func, bpf_lsm_socket_accept)
 BTF_ID(func, bpf_lsm_socket_bind)
 BTF_ID(func, bpf_lsm_socket_connect)
@@ -195,6 +205,8 @@ BTF_ID(func, bpf_lsm_socket_recvmsg)
 BTF_ID(func, bpf_lsm_socket_sendmsg)
 BTF_ID(func, bpf_lsm_socket_shutdown)
 BTF_ID(func, bpf_lsm_socket_socketpair)
+#endif /* CONFIG_SECURITY_NETWORK */
+
 BTF_ID(func, bpf_lsm_syslog)
 BTF_ID(func, bpf_lsm_task_alloc)
 BTF_ID(func, bpf_lsm_task_getsecid)
-- 
2.17.1


^ permalink raw reply related	[flat|nested] 8+ messages in thread

* Re: [PATCH] bpf: Drop disabled LSM hooks from the sleepable set
  2021-01-22 23:50   ` KP Singh
  2021-01-25  6:39     ` [PATCH v2] " Mikko Ylinen
@ 2021-01-25  6:55     ` Mikko Ylinen
  2021-01-25 17:49       ` KP Singh
  1 sibling, 1 reply; 8+ messages in thread
From: Mikko Ylinen @ 2021-01-25  6:55 UTC (permalink / raw)
  To: KP Singh; +Cc: bpf, open list, KP Singh, Daniel Borkmann

On Sat, Jan 23, 2021 at 12:50:21AM +0100, KP Singh wrote:
> On Fri, Jan 22, 2021 at 11:33 PM KP Singh <kpsingh@kernel.org> wrote:
> >
> > On Fri, Jan 22, 2021 at 1:32 PM Mikko Ylinen
> > <mikko.ylinen@linux.intel.com> wrote:
> > >
> > > Networking LSM hooks are conditionally enabled and when building the new
> > > sleepable BPF LSM hooks with the networking LSM hooks disabled, the
> > > following build error occurs:
> > >
> > > BTFIDS  vmlinux
> > > FAILED unresolved symbol bpf_lsm_socket_socketpair
> > >
> > > To fix the error, conditionally add the networking LSM hooks to the
> > > sleepable set.
> > >
> > > Fixes: 423f16108c9d8 ("bpf: Augment the set of sleepable LSM hooks")
> > > Signed-off-by: Mikko Ylinen <mikko.ylinen@linux.intel.com>
> >
> > Thanks!
> >
> > Acked-by: KP Singh <kpsingh@kernel.org>
> 
> Btw, I was noticing that there's another hook that is surrounded by ifdefs:
> 
> diff --git a/kernel/bpf/bpf_lsm.c b/kernel/bpf/bpf_lsm.c
> index 70e5e0b6d69d..f7f7754e938d 100644
> --- a/kernel/bpf/bpf_lsm.c
> +++ b/kernel/bpf/bpf_lsm.c
> @@ -166,7 +166,11 @@ BTF_ID(func, bpf_lsm_inode_symlink)
>  BTF_ID(func, bpf_lsm_inode_unlink)
>  BTF_ID(func, bpf_lsm_kernel_module_request)
>  BTF_ID(func, bpf_lsm_kernfs_init_security)
> +
> +#ifdef CONFIG_KEYS
>  BTF_ID(func, bpf_lsm_key_free)
> +#endif
> +
>  BTF_ID(func, bpf_lsm_mmap_file)
>  BTF_ID(func, bpf_lsm_netlink_send)
>  BTF_ID(func, bpf_lsm_path_notify)
> 
> It would be great if you can also add this to your patch :)

Thanks for noticing! I cross-checked the sleepable set but somehow
missed this. Just posted v2.

> I guess the cleanest solution to never let this happen would be to
> incorporate this in
> lsm_hook_defs.h and mark hooks as SLEEPABLE and NON_SLEEPABLE with an
> extra parameter to the LSM_HOOK macro and then only generate the BTF IDs
> based on this macro parameter.

Agree, a way to get the set automatically created makes sense. But the
extra parameter to LSM_HOOK macro would be BPF specific, right?

-- Regards, Mikko

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [PATCH v2] bpf: Drop disabled LSM hooks from the sleepable set
  2021-01-25  6:39     ` [PATCH v2] " Mikko Ylinen
@ 2021-01-25 17:45       ` KP Singh
  2021-01-26 16:20       ` patchwork-bot+netdevbpf
  1 sibling, 0 replies; 8+ messages in thread
From: KP Singh @ 2021-01-25 17:45 UTC (permalink / raw)
  To: Mikko Ylinen; +Cc: bpf, Daniel Borkmann, KP Singh, open list

On Mon, Jan 25, 2021 at 7:39 AM Mikko Ylinen
<mikko.ylinen@linux.intel.com> wrote:
>
> Some networking and keys LSM hooks are conditionally enabled
> and when building the new sleepable BPF LSM hooks with those
> LSM hooks disabled, the following build error occurs:
>
> BTFIDS  vmlinux
> FAILED unresolved symbol bpf_lsm_socket_socketpair
>
> To fix the error, conditionally add the relevant networking/keys
> LSM hooks to the sleepable set.
>
> Fixes: 423f16108c9d8 ("bpf: Augment the set of sleepable LSM hooks")
> Signed-off-by: Mikko Ylinen <mikko.ylinen@linux.intel.com>

Acked-by: KP Singh <kpsingh@kernel.org>

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [PATCH] bpf: Drop disabled LSM hooks from the sleepable set
  2021-01-25  6:55     ` [PATCH] " Mikko Ylinen
@ 2021-01-25 17:49       ` KP Singh
  0 siblings, 0 replies; 8+ messages in thread
From: KP Singh @ 2021-01-25 17:49 UTC (permalink / raw)
  To: Mikko Ylinen; +Cc: bpf, open list, KP Singh, Daniel Borkmann

On Mon, Jan 25, 2021 at 7:55 AM Mikko Ylinen
<mikko.ylinen@linux.intel.com> wrote:
>
> On Sat, Jan 23, 2021 at 12:50:21AM +0100, KP Singh wrote:
> > On Fri, Jan 22, 2021 at 11:33 PM KP Singh <kpsingh@kernel.org> wrote:
> > >
> > > On Fri, Jan 22, 2021 at 1:32 PM Mikko Ylinen
> > > <mikko.ylinen@linux.intel.com> wrote:
> > > >
> > > > Networking LSM hooks are conditionally enabled and when building the new
> > > > sleepable BPF LSM hooks with the networking LSM hooks disabled, the
> > > > following build error occurs:
> > > >
> > > > BTFIDS  vmlinux
> > > > FAILED unresolved symbol bpf_lsm_socket_socketpair
> > > >

[...]

>
> Agree, a way to get the set automatically created makes sense. But the
> extra parameter to LSM_HOOK macro would be BPF specific, right?
>

The information about whether the hook "must not sleep" has been
mentioned sporadically in comments and

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/include/linux/lsm_hooks.h#n920
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/include/linux/lsm_hooks.h#n594

I think it would be generally useful for the framework to actually provide this
in the definition in the hook and then ensure (by calling
might_sleep() for hooks
that can sleep).

- KP

> -- Regards, Mikko

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [PATCH v2] bpf: Drop disabled LSM hooks from the sleepable set
  2021-01-25  6:39     ` [PATCH v2] " Mikko Ylinen
  2021-01-25 17:45       ` KP Singh
@ 2021-01-26 16:20       ` patchwork-bot+netdevbpf
  1 sibling, 0 replies; 8+ messages in thread
From: patchwork-bot+netdevbpf @ 2021-01-26 16:20 UTC (permalink / raw)
  To: Mikko Ylinen; +Cc: kpsingh, bpf, daniel, kpsingh, linux-kernel

Hello:

This patch was applied to bpf/bpf.git (refs/heads/master):

On Mon, 25 Jan 2021 08:39:36 +0200 you wrote:
> Some networking and keys LSM hooks are conditionally enabled
> and when building the new sleepable BPF LSM hooks with those
> LSM hooks disabled, the following build error occurs:
> 
> BTFIDS  vmlinux
> FAILED unresolved symbol bpf_lsm_socket_socketpair
> 
> [...]

Here is the summary with links:
  - [v2] bpf: Drop disabled LSM hooks from the sleepable set
    https://git.kernel.org/bpf/bpf/c/78031381ae9c

You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html



^ permalink raw reply	[flat|nested] 8+ messages in thread

end of thread, other threads:[~2021-01-26 16:23 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-01-22 12:30 [PATCH] bpf: Drop disabled LSM hooks from the sleepable set Mikko Ylinen
2021-01-22 22:33 ` KP Singh
2021-01-22 23:50   ` KP Singh
2021-01-25  6:39     ` [PATCH v2] " Mikko Ylinen
2021-01-25 17:45       ` KP Singh
2021-01-26 16:20       ` patchwork-bot+netdevbpf
2021-01-25  6:55     ` [PATCH] " Mikko Ylinen
2021-01-25 17:49       ` KP Singh

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).