linux-next: manual merge of the security tree with the net-next tree

linux-next: manual merge of the security tree with the net-next tree

[Stephen Rothwell]

[-- Attachment #1: Type: text/plain, Size: 757 bytes --]

Hi James,

Today's linux-next merge of the security tree got a conflict in
include/linux/filter.h between commit ffe06c17afbb ("filter: add XOR
operation") from the net-next tree and commit 46b325c7eb01
("sk_run_filter: add BPF_S_ANC_SECCOMP_LD_W") from the security tree.

Just context changes.  I fixed it up (see below) and can carry the fax as
necessary.
-- 
Cheers,
Stephen Rothwell                    sfr@canb.auug.org.au

diff --cc include/linux/filter.h
index 7209099,f2e5315..0000000
--- a/include/linux/filter.h
+++ b/include/linux/filter.h
@@@ -232,7 -239,7 +243,8 @@@ enum 
  	BPF_S_ANC_HATYPE,
  	BPF_S_ANC_RXHASH,
  	BPF_S_ANC_CPU,
 +	BPF_S_ANC_ALU_XOR_X,
+ 	BPF_S_ANC_SECCOMP_LD_W,
  };
  
  #endif /* __KERNEL__ */

[-- Attachment #2: Type: application/pgp-signature, Size: 836 bytes --]

Re: linux-next: manual merge of the security tree with the net-next tree

[Paul Moore]

On Thu, Feb 22, 2024 at 8:50 PM Stephen Rothwell <sfr@canb.auug.org.au> wrote:
>
> Hi all,
>
> Today's linux-next merge of the security tree got a conflict in:
>
>   security/security.c
>
> between commits:
>
>   1b67772e4e3f ("bpf,lsm: Refactor bpf_prog_alloc/bpf_prog_free LSM hooks")
>   a2431c7eabcf ("bpf,lsm: Refactor bpf_map_alloc/bpf_map_free LSM hooks")
>   f568a3d49af9 ("bpf,lsm: Add BPF token LSM hooks")
>
> from the net-next tree and commit:
>
>   260017f31a8c ("lsm: use default hook return value in call_int_hook()")
>
> from the security tree.
>
> I fixed it up (I think, see below) and can carry the fix as
> necessary. This is now fixed as far as linux-next is concerned, but any
> non trivial conflicts should be mentioned to your upstream maintainer
> when your tree is submitted for merging.  You may also want to consider
> cooperating with the maintainer of the conflicting tree to minimise any
> particularly complex conflicts.

Thanks Stephen, this looks correct.

-- 
paul-moore.com

linux-next: manual merge of the security tree with the net-next tree

[Stephen Rothwell]

[-- Attachment #1: Type: text/plain, Size: 4002 bytes --]

Hi all,

Today's linux-next merge of the security tree got a conflict in:

  security/security.c

between commits:

  1b67772e4e3f ("bpf,lsm: Refactor bpf_prog_alloc/bpf_prog_free LSM hooks")
  a2431c7eabcf ("bpf,lsm: Refactor bpf_map_alloc/bpf_map_free LSM hooks")
  f568a3d49af9 ("bpf,lsm: Add BPF token LSM hooks")

from the net-next tree and commit:

  260017f31a8c ("lsm: use default hook return value in call_int_hook()")

from the security tree.

I fixed it up (I think, see below) and can carry the fix as
necessary. This is now fixed as far as linux-next is concerned, but any
non trivial conflicts should be mentioned to your upstream maintainer
when your tree is submitted for merging.  You may also want to consider
cooperating with the maintainer of the conflicting tree to minimise any
particularly complex conflicts.

-- 
Cheers,
Stephen Rothwell

diff --cc security/security.c
index aef69632d0a9,b95772333d05..000000000000
--- a/security/security.c
+++ b/security/security.c
@@@ -5458,10 -5436,9 +5439,10 @@@ int security_bpf_prog(struct bpf_prog *
   *
   * Return: Returns 0 on success, error on failure.
   */
 -int security_bpf_map_alloc(struct bpf_map *map)
 +int security_bpf_map_create(struct bpf_map *map, union bpf_attr *attr,
 +			    struct bpf_token *token)
  {
- 	return call_int_hook(bpf_map_create, 0, map, attr, token);
 -	return call_int_hook(bpf_map_alloc_security, map);
++	return call_int_hook(bpf_map_create, map, attr, token);
  }
  
  /**
@@@ -5476,59 -5449,9 +5457,59 @@@
   *
   * Return: Returns 0 on success, error on failure.
   */
 -int security_bpf_prog_alloc(struct bpf_prog_aux *aux)
 +int security_bpf_prog_load(struct bpf_prog *prog, union bpf_attr *attr,
 +			   struct bpf_token *token)
  {
- 	return call_int_hook(bpf_prog_load, 0, prog, attr, token);
 -	return call_int_hook(bpf_prog_alloc_security, aux);
++	return call_int_hook(bpf_prog_load, prog, attr, token);
 +}
 +
 +/**
 + * security_bpf_token_create() - Check if creating of BPF token is allowed
 + * @token: BPF token object
 + * @attr: BPF syscall attributes used to create BPF token
 + * @path: path pointing to BPF FS mount point from which BPF token is created
 + *
 + * Do a check when the kernel instantiates a new BPF token object from BPF FS
 + * instance. This is also the point where LSM blob can be allocated for LSMs.
 + *
 + * Return: Returns 0 on success, error on failure.
 + */
 +int security_bpf_token_create(struct bpf_token *token, union bpf_attr *attr,
 +			      struct path *path)
 +{
- 	return call_int_hook(bpf_token_create, 0, token, attr, path);
++	return call_int_hook(bpf_token_create, token, attr, path);
 +}
 +
 +/**
 + * security_bpf_token_cmd() - Check if BPF token is allowed to delegate
 + * requested BPF syscall command
 + * @token: BPF token object
 + * @cmd: BPF syscall command requested to be delegated by BPF token
 + *
 + * Do a check when the kernel decides whether provided BPF token should allow
 + * delegation of requested BPF syscall command.
 + *
 + * Return: Returns 0 on success, error on failure.
 + */
 +int security_bpf_token_cmd(const struct bpf_token *token, enum bpf_cmd cmd)
 +{
- 	return call_int_hook(bpf_token_cmd, 0, token, cmd);
++	return call_int_hook(bpf_token_cmd, token, cmd);
 +}
 +
 +/**
 + * security_bpf_token_capable() - Check if BPF token is allowed to delegate
 + * requested BPF-related capability
 + * @token: BPF token object
 + * @cap: capabilities requested to be delegated by BPF token
 + *
 + * Do a check when the kernel decides whether provided BPF token should allow
 + * delegation of requested BPF-related capabilities.
 + *
 + * Return: Returns 0 on success, error on failure.
 + */
 +int security_bpf_token_capable(const struct bpf_token *token, int cap)
 +{
- 	return call_int_hook(bpf_token_capable, 0, token, cap);
++	return call_int_hook(bpf_token_capable, token, cap);
  }
  
  /**

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

Re: linux-next: manual merge of the security tree with the net-next tree

[Paul Moore]

On Mon, Jul 31, 2023 at 9:42 PM Stephen Rothwell <sfr@canb.auug.org.au> wrote:
>
> Hi all,
>
> Today's linux-next merge of the security tree got a conflict in:
>
>   security/security.c
>
> between commit:
>
>   5b52ad34f948 ("security: Constify sk in the sk_getsecid hook.")
>
> from the net-next tree and commit:
>
>   bd1f5934e460 ("lsm: add comment block for security_sk_classify_flow LSM hook")
>
> from the security tree.
>
> I fixed it up (see below) and can carry the fix as necessary. This
> is now fixed as far as linux-next is concerned, but any non trivial
> conflicts should be mentioned to your upstream maintainer when your tree
> is submitted for merging.  You may also want to consider cooperating
> with the maintainer of the conflicting tree to minimise any particularly
> complex conflicts.
>
> --
> Cheers,
> Stephen Rothwell
>
> diff --cc security/security.c
> index 2dfc7b9f6ed9,9177fd0968bd..000000000000
> --- a/security/security.c
> +++ b/security/security.c
> @@@ -4396,7 -4421,14 +4421,14 @@@ void security_sk_clone(const struct soc
>   }
>   EXPORT_SYMBOL(security_sk_clone);
>
> + /**
> +  * security_sk_classify_flow() - Set a flow's secid based on socket
> +  * @sk: original socket
> +  * @flic: target flow
> +  *
> +  * Set the target flow's secid to socket's secid.
> +  */
>  -void security_sk_classify_flow(struct sock *sk, struct flowi_common *flic)
>  +void security_sk_classify_flow(const struct sock *sk, struct flowi_common *flic)
>   {
>         call_void_hook(sk_getsecid, sk, &flic->flowic_secid);
>   }

Thanks Stephen, it's obviously a trivial fixup, but it looks correct to me.

-- 
paul-moore.com

linux-next: manual merge of the security tree with the net-next tree

[Stephen Rothwell]

[-- Attachment #1: Type: text/plain, Size: 1431 bytes --]

Hi all,

Today's linux-next merge of the security tree got a conflict in:

  security/security.c

between commit:

  5b52ad34f948 ("security: Constify sk in the sk_getsecid hook.")

from the net-next tree and commit:

  bd1f5934e460 ("lsm: add comment block for security_sk_classify_flow LSM hook")

from the security tree.

I fixed it up (see below) and can carry the fix as necessary. This
is now fixed as far as linux-next is concerned, but any non trivial
conflicts should be mentioned to your upstream maintainer when your tree
is submitted for merging.  You may also want to consider cooperating
with the maintainer of the conflicting tree to minimise any particularly
complex conflicts.

-- 
Cheers,
Stephen Rothwell

diff --cc security/security.c
index 2dfc7b9f6ed9,9177fd0968bd..000000000000
--- a/security/security.c
+++ b/security/security.c
@@@ -4396,7 -4421,14 +4421,14 @@@ void security_sk_clone(const struct soc
  }
  EXPORT_SYMBOL(security_sk_clone);
  
+ /**
+  * security_sk_classify_flow() - Set a flow's secid based on socket
+  * @sk: original socket
+  * @flic: target flow
+  *
+  * Set the target flow's secid to socket's secid.
+  */
 -void security_sk_classify_flow(struct sock *sk, struct flowi_common *flic)
 +void security_sk_classify_flow(const struct sock *sk, struct flowi_common *flic)
  {
  	call_void_hook(sk_getsecid, sk, &flic->flowic_secid);
  }

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

Re: linux-next: manual merge of the security tree with the net-next tree

[Alexei Starovoitov]

On Sun, Aug 3, 2014 at 11:26 PM, Stephen Rothwell <sfr@canb.auug.org.au> wrote:
> Hi James,
>
> Today's linux-next merge of the security tree got a conflict in
> kernel/seccomp.c between commit 7ae457c1e5b4 ("net: filter: split
> 'struct sk_filter' into socket and bpf parts") from the net-next tree
> and commits c8bee430dc52 ("seccomp: split filter prep from check and
> apply") and 3ba2530cc06e ("seccomp: allow mode setting across threads")
> from the security tree.
>
> I fixed it up (I hope - see below) and can carry the fix as necessary
> (no action is required).

Looks correct. Thanks.
Will double check during merge window.

linux-next: manual merge of the security tree with the net-next tree

[Stephen Rothwell]

[-- Attachment #1: Type: text/plain, Size: 2136 bytes --]

Hi James,

Today's linux-next merge of the security tree got a conflict in
kernel/seccomp.c between commit 7ae457c1e5b4 ("net: filter: split
'struct sk_filter' into socket and bpf parts") from the net-next tree
and commits c8bee430dc52 ("seccomp: split filter prep from check and
apply") and 3ba2530cc06e ("seccomp: allow mode setting across threads")
from the security tree.

I fixed it up (I hope - see below) and can carry the fix as necessary
(no action is required).

-- 
Cheers,
Stephen Rothwell                    sfr@canb.auug.org.au

diff --cc kernel/seccomp.c
index 2f3fa2cc2eac,74f460179171..000000000000
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@@ -186,8 -191,8 +191,8 @@@ static u32 seccomp_run_filters(int sysc
  	 * All filters in the list are evaluated and the lowest BPF return
  	 * value always takes priority (ignoring the DATA).
  	 */
- 	for (f = current->seccomp.filter; f; f = f->prev) {
+ 	for (; f; f = f->prev) {
 -		u32 cur_ret = SK_RUN_FILTER(f->prog, (void *)&sd);
 +		u32 cur_ret = BPF_PROG_RUN(f->prog, (void *)&sd);
  
  		if ((cur_ret & SECCOMP_RET_ACTION) < (ret & SECCOMP_RET_ACTION))
  			ret = cur_ret;
@@@ -273,15 -408,9 +408,9 @@@ static struct seccomp_filter *seccomp_p
  	atomic_set(&filter->usage, 1);
  	filter->prog->len = new_len;
  
 -	sk_filter_select_runtime(filter->prog);
 +	bpf_prog_select_runtime(filter->prog);
  
- 	/*
- 	 * If there is an existing filter, make it the prev and don't drop its
- 	 * task reference.
- 	 */
- 	filter->prev = current->seccomp.filter;
- 	current->seccomp.filter = filter;
- 	return 0;
+ 	return filter;
  
  free_filter_prog:
  	kfree(filter->prog);
@@@ -329,6 -506,14 +506,14 @@@ void get_seccomp_filter(struct task_str
  	atomic_inc(&orig->usage);
  }
  
+ static inline void seccomp_filter_free(struct seccomp_filter *filter)
+ {
+ 	if (filter) {
 -		sk_filter_free(filter->prog);
++		bpf_prog_free(filter->prog);
+ 		kfree(filter);
+ 	}
+ }
+ 
  /* put_seccomp_filter - decrements the ref count of tsk->seccomp.filter */
  void put_seccomp_filter(struct task_struct *tsk)
  {

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]