From: KP Singh <kpsingh@chromium.org> To: Stephen Smalley <sds@tycho.nsa.gov> Cc: "KP Singh" <kpsingh@chromium.org>, linux-kernel@vger.kernel.org, bpf@vger.kernel.org, linux-security-module@vger.kernel.org, "Alexei Starovoitov" <ast@kernel.org>, "Daniel Borkmann" <daniel@iogearbox.net>, "James Morris" <jmorris@namei.org>, "Kees Cook" <keescook@chromium.org>, "Thomas Garnier" <thgarnie@chromium.org>, "Michael Halcrow" <mhalcrow@google.com>, "Paul Turner" <pjt@google.com>, "Brendan Gregg" <brendan.d.gregg@gmail.com>, "Jann Horn" <jannh@google.com>, "Matthew Garrett" <mjg59@google.com>, "Christian Brauner" <christian@brauner.io>, "Mickaël Salaün" <mic@digikod.net>, "Florent Revest" <revest@chromium.org>, "Brendan Jackman" <jackmanb@chromium.org>, "Martin KaFai Lau" <kafai@fb.com>, "Song Liu" <songliubraving@fb.com>, "Yonghong Song" <yhs@fb.com>, "Serge E. Hallyn" <serge@hallyn.com>, "Mauro Carvalho Chehab" <mchehab+samsung@kernel.org>, "David S. Miller" <davem@davemloft.net>, "Greg Kroah-Hartman" <gregkh@linuxfoundation.org>, "Nicolas Ferre" <nicolas.ferre@microchip.com>, "Stanislav Fomichev" <sdf@google.com>, "Quentin Monnet" <quentin.monnet@netronome.com>, "Andrey Ignatov" <rdna@fb.com>, "Joe Stringer" <joe@wand.net.nz> Subject: Re: [PATCH bpf-next v2 04/10] bpf: lsm: Add mutable hooks list for the BPF LSM Date: Thu, 16 Jan 2020 10:48:47 +0100 Message-ID: <20200116094847.GB240584@google.com> (raw) In-Reply-To: <cd1d9d9f-1b68-8d2c-118a-334e4c71eb57@tycho.nsa.gov> On 15-Jan 12:30, Stephen Smalley wrote: > On 1/15/20 12:13 PM, KP Singh wrote: > > From: KP Singh <kpsingh@google.com> > > > > - The list of hooks registered by an LSM is currently immutable as they > > are declared with __lsm_ro_after_init and they are attached to a > > security_hook_heads struct. > > - For the BPF LSM we need to de/register the hooks at runtime. Making > > the existing security_hook_heads mutable broadens an > > attack vector, so a separate security_hook_heads is added for only > > those that ~must~ be mutable. > > - These mutable hooks are run only after all the static hooks have > > successfully executed. > > > > This is based on the ideas discussed in: > > > > https://lore.kernel.org/lkml/20180408065916.GA2832@ircssh-2.c.rugged-nimbus-611.internal > > > > Signed-off-by: KP Singh <kpsingh@google.com> > > --- > [...] > > diff --git a/security/security.c b/security/security.c > > index cd2d18d2d279..4a2eb4c089b2 100644 > > --- a/security/security.c > > +++ b/security/security.c > > @@ -652,20 +653,21 @@ static void __init lsm_early_task(struct task_struct *task) > > \ > > hlist_for_each_entry(P, &security_hook_heads.FUNC, list) \ > > P->hook.FUNC(__VA_ARGS__); \ > > + CALL_BPF_LSM_VOID_HOOKS(FUNC, __VA_ARGS__); \ > > } while (0) > > -#define call_int_hook(FUNC, IRC, ...) ({ \ > > - int RC = IRC; \ > > - do { \ > > - struct security_hook_list *P; \ > > - \ > > +#define call_int_hook(FUNC, IRC, ...) ({ \ > > + int RC = IRC; \ > > + do { \ > > + struct security_hook_list *P; \ > > hlist_for_each_entry(P, &security_hook_heads.FUNC, list) { \ > > - RC = P->hook.FUNC(__VA_ARGS__); \ > > - if (RC != 0) \ > > - break; \ > > - } \ > > - } while (0); \ > > - RC; \ > > + RC = P->hook.FUNC(__VA_ARGS__); \ > > + if (RC != 0) \ > > + break; \ > > + } \ > > + RC = CALL_BPF_LSM_INT_HOOKS(RC, FUNC, __VA_ARGS__); \ > > Let's not clobber the return code from the other LSMs with the bpf one. Good catch and thanks for pointing it out. Should be fixed in v3. - KP > > > + } while (0); \ > > + RC; \ > > }) > > /* Security operations */ > > >
next prev parent reply index Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-01-15 17:13 [PATCH bpf-next v2 00/10] MAC and Audit policy using eBPF (KRSI) KP Singh 2020-01-15 17:13 ` [PATCH bpf-next v2 01/10] bpf: btf: Make some of the API visible outside BTF KP Singh 2020-01-18 12:44 ` kbuild test robot 2020-01-20 11:00 ` KP Singh 2020-01-15 17:13 ` [PATCH bpf-next v2 02/10] bpf: lsm: Add a skeleton and config options KP Singh 2020-01-16 7:04 ` Casey Schaufler 2020-01-16 12:52 ` KP Singh 2020-01-15 17:13 ` [PATCH bpf-next v2 03/10] bpf: lsm: Introduce types for eBPF based LSM KP Singh 2020-01-15 17:13 ` [PATCH bpf-next v2 04/10] bpf: lsm: Add mutable hooks list for the BPF LSM KP Singh 2020-01-15 17:30 ` Stephen Smalley 2020-01-16 9:48 ` KP Singh [this message] 2020-01-16 6:33 ` Casey Schaufler 2020-01-16 10:19 ` KP Singh 2020-01-15 17:13 ` [PATCH bpf-next v2 05/10] bpf: lsm: BTF API for LSM hooks KP Singh 2020-01-17 0:28 ` Andrii Nakryiko 2020-01-20 11:10 ` KP Singh 2020-01-15 17:13 ` [PATCH bpf-next v2 06/10] bpf: lsm: Implement attach, detach and execution KP Singh 2020-01-15 17:24 ` Greg Kroah-Hartman 2020-01-16 9:45 ` KP Singh 2020-01-15 17:13 ` [PATCH bpf-next v2 07/10] bpf: lsm: Make the allocated callback RO+X KP Singh 2020-01-15 17:13 ` [PATCH bpf-next v2 08/10] tools/libbpf: Add support for BPF_PROG_TYPE_LSM KP Singh 2020-01-15 21:19 ` Andrii Nakryiko 2020-01-15 21:37 ` Andrii Nakryiko 2020-01-16 12:49 ` KP Singh 2020-01-16 17:26 ` KP Singh 2020-01-16 19:10 ` Andrii Nakryiko 2020-01-17 22:16 ` KP Singh 2020-01-15 17:13 ` [PATCH bpf-next v2 09/10] bpf: lsm: Add selftests " KP Singh 2020-01-15 17:13 ` [PATCH bpf-next v2 10/10] bpf: lsm: Add Documentation KP Singh 2020-01-15 22:12 ` [PATCH bpf-next v2 00/10] MAC and Audit policy using eBPF (KRSI) Andrii Nakryiko 2020-01-20 11:12 ` KP Singh 2020-01-16 10:03 ` Brendan Jackman
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20200116094847.GB240584@google.com \ --to=kpsingh@chromium.org \ --cc=ast@kernel.org \ --cc=bpf@vger.kernel.org \ --cc=brendan.d.gregg@gmail.com \ --cc=christian@brauner.io \ --cc=daniel@iogearbox.net \ --cc=davem@davemloft.net \ --cc=gregkh@linuxfoundation.org \ --cc=jackmanb@chromium.org \ --cc=jannh@google.com \ --cc=jmorris@namei.org \ --cc=joe@wand.net.nz \ --cc=kafai@fb.com \ --cc=keescook@chromium.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-security-module@vger.kernel.org \ --cc=mchehab+samsung@kernel.org \ --cc=mhalcrow@google.com \ --cc=mic@digikod.net \ --cc=mjg59@google.com \ --cc=nicolas.ferre@microchip.com \ --cc=pjt@google.com \ --cc=quentin.monnet@netronome.com \ --cc=rdna@fb.com \ --cc=revest@chromium.org \ --cc=sdf@google.com \ --cc=sds@tycho.nsa.gov \ --cc=serge@hallyn.com \ --cc=songliubraving@fb.com \ --cc=thgarnie@chromium.org \ --cc=yhs@fb.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
Linux-Security-Module Archive on lore.kernel.org Archives are clonable: git clone --mirror https://lore.kernel.org/linux-security-module/0 linux-security-module/git/0.git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V2 linux-security-module linux-security-module/ https://lore.kernel.org/linux-security-module \ linux-security-module@vger.kernel.org public-inbox-index linux-security-module Example config snippet for mirrors Newsgroup available over NNTP: nntp://nntp.lore.kernel.org/org.kernel.vger.linux-security-module AGPL code for this site: git clone https://public-inbox.org/public-inbox.git