linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Kees Cook <keescook@chromium.org>
To: Casey Schaufler <casey@schaufler-ca.com>
Cc: LSM <linux-security-module@vger.kernel.org>,
	James Morris <jmorris@namei.org>,
	LKLM <linux-kernel@vger.kernel.org>,
	SE Linux <selinux@tycho.nsa.gov>,
	John Johansen <john.johansen@canonical.com>,
	Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>,
	Paul Moore <paul@paul-moore.com>,
	Stephen Smalley <sds@tycho.nsa.gov>,
	"linux-fsdevel@vger.kernel.org" <linux-fsdevel@vger.kernel.org>,
	Alexey Dobriyan <adobriyan@gmail.com>,
	"Schaufler, Casey" <casey.schaufler@intel.com>
Subject: Re: [PATCH 02/10] Smack: Abstract use of cred security blob
Date: Wed, 12 Sep 2018 16:04:10 -0700	[thread overview]
Message-ID: <CAGXu5jLZaDxv140w5L48yNLikUs-=JMJ82oDW-sP=4b3tRC_bA@mail.gmail.com> (raw)
In-Reply-To: <18c20c50-3ec5-0c85-93ef-58a3dbf3498c@schaufler-ca.com>

On Tue, Sep 11, 2018 at 9:41 AM, Casey Schaufler <casey@schaufler-ca.com> wrote:
> Don't use the cred->security pointer directly.
> Provide a helper function that provides the security blob pointer.
>
> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
> ---
>  security/smack/smack.h        | 14 +++++++--
>  security/smack/smack_access.c |  4 +--
>  security/smack/smack_lsm.c    | 57 +++++++++++++++++------------------
>  security/smack/smackfs.c      | 18 +++++------
>  4 files changed, 50 insertions(+), 43 deletions(-)
>
> diff --git a/security/smack/smack.h b/security/smack/smack.h
> index f7db791fb566..0b55d6a55b26 100644
> --- a/security/smack/smack.h
> +++ b/security/smack/smack.h
> @@ -356,6 +356,11 @@ extern struct list_head smack_onlycap_list;
>  #define SMACK_HASH_SLOTS 16
>  extern struct hlist_head smack_known_hash[SMACK_HASH_SLOTS];
>
> +static inline struct task_smack *smack_cred(const struct cred *cred)
> +{
> +       return cred->security;
> +}
> +
>  /*
>   * Is the directory transmuting?
>   */
> @@ -382,13 +387,16 @@ static inline struct smack_known *smk_of_task(const struct task_smack *tsp)
>         return tsp->smk_task;
>  }
>
> -static inline struct smack_known *smk_of_task_struct(const struct task_struct *t)
> +static inline struct smack_known *smk_of_task_struct(
> +                                               const struct task_struct *t)
>  {
>         struct smack_known *skp;
> +       const struct cred *cred;
>
>         rcu_read_lock();
> -       skp = smk_of_task(__task_cred(t)->security);
> +       cred = __task_cred(t);
>         rcu_read_unlock();
> +       skp = smk_of_task(smack_cred(cred));

Hm, why is this safe? (i.e. what is pinning the cred?) I would expect
get_cred()/put_cred() since this is not for "current"? And then what
controls the skp lifetime?

Everything else looks to be mechanical replacement, so that's fine.
Did you use some tooling to do the mechanical replacement or was it
done by hand?

-Kees

-- 
Kees Cook
Pixel Security

  reply	other threads:[~2018-09-12 23:04 UTC|newest]

Thread overview: 58+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-09-11 16:26 [PATCH v2 00/10] LSM: Module stacking in support of S.A.R.A and Landlock Casey Schaufler
2018-09-11 16:41 ` [PATCH 01/10] procfs: add smack subdir to attrs Casey Schaufler
2018-09-11 23:45   ` Ahmed S. Darwish
2018-09-12  0:01     ` Casey Schaufler
2018-09-12 22:57   ` Kees Cook
2018-09-11 16:41 ` [PATCH 02/10] Smack: Abstract use of cred security blob Casey Schaufler
2018-09-12 23:04   ` Kees Cook [this message]
2018-09-11 16:41 ` [PATCH 03/10] SELinux: " Casey Schaufler
2018-09-12 23:10   ` Kees Cook
2018-09-11 16:41 ` [PATCH 04/10] LSM: Infrastructure management of the " Casey Schaufler
2018-09-12 23:53   ` Kees Cook
2018-09-13 19:01     ` Casey Schaufler
2018-09-13 21:12       ` Kees Cook
2018-09-11 16:41 ` [PATCH 05/10] SELinux: Abstract use of file " Casey Schaufler
2018-09-12 23:54   ` Kees Cook
2018-09-11 16:42 ` [PATCH 06/10] LSM: Infrastructure management of the " Casey Schaufler
2018-09-13  0:00   ` Kees Cook
2018-09-11 16:42 ` [PATCH 07/10] SELinux: Abstract use of inode " Casey Schaufler
2018-09-13  0:23   ` Kees Cook
2018-09-11 16:42 ` [PATCH 08/10] Smack: " Casey Schaufler
2018-09-13  0:24   ` Kees Cook
2018-09-11 16:42 ` [PATCH 09/10] LSM: Infrastructure management of the inode security Casey Schaufler
2018-09-13  0:30   ` Kees Cook
2018-09-11 16:42 ` [PATCH 10/10] LSM: Blob sharing support for S.A.R.A and LandLock Casey Schaufler
2018-09-13  4:19   ` Kees Cook
2018-09-13 13:16     ` Paul Moore
2018-09-13 15:19       ` Kees Cook
2018-09-13 19:12         ` Paul Moore
2018-09-13 20:58           ` Jordan Glover
2018-09-13 21:50             ` Paul Moore
2018-09-13 22:04               ` Jordan Glover
2018-09-13 23:01               ` Casey Schaufler
2018-09-13 21:01           ` Kees Cook
2018-09-13 21:38             ` Paul Moore
2018-09-13 21:51               ` Kees Cook
2018-09-13 23:06                 ` Kees Cook
2018-09-13 23:32                   ` John Johansen
2018-09-13 23:51                     ` Kees Cook
2018-09-14  0:03                       ` Casey Schaufler
2018-09-14  0:06                         ` Kees Cook
2018-09-13 23:51                   ` Casey Schaufler
2018-09-13 23:57                     ` Kees Cook
2018-09-14  0:08                       ` Casey Schaufler
2018-09-14  0:19                         ` Kees Cook
2018-09-14 15:57                           ` Casey Schaufler
2018-09-14 20:05                             ` Kees Cook
2018-09-14 20:47                               ` Casey Schaufler
2018-09-14 18:18                         ` James Morris
2018-09-14 18:23                           ` John Johansen
2018-09-14  0:03                     ` Kees Cook
2018-09-14  2:42                 ` Paul Moore
2018-09-11 20:43 ` [PATCH v2 00/10] LSM: Module stacking in support of S.A.R.A and Landlock James Morris
2018-09-12 21:29 ` James Morris
2018-09-16 16:54   ` Salvatore Mesoraca
2018-09-16 17:25     ` Casey Schaufler
2018-09-16 17:45       ` Salvatore Mesoraca
2018-09-18  7:44   ` Mickaël Salaün
2018-09-18 15:23     ` Casey Schaufler

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAGXu5jLZaDxv140w5L48yNLikUs-=JMJ82oDW-sP=4b3tRC_bA@mail.gmail.com' \
    --to=keescook@chromium.org \
    --cc=adobriyan@gmail.com \
    --cc=casey.schaufler@intel.com \
    --cc=casey@schaufler-ca.com \
    --cc=jmorris@namei.org \
    --cc=john.johansen@canonical.com \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=paul@paul-moore.com \
    --cc=penguin-kernel@i-love.sakura.ne.jp \
    --cc=sds@tycho.nsa.gov \
    --cc=selinux@tycho.nsa.gov \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).