From: "Serge E. Hallyn" <serge@hallyn.com>
To: Topi Miettinen <toiwoton@gmail.com>
Cc: linux-kernel@vger.kernel.org,
James Morris <james.l.morris@oracle.com>,
"Serge E. Hallyn" <serge@hallyn.com>,
"open list:SECURITY SUBSYSTEM"
<linux-security-module@vger.kernel.org>
Subject: Re: [RFC 04/18] device_cgroup: track and present accessed devices
Date: Fri, 17 Jun 2016 10:22:46 -0500 [thread overview]
Message-ID: <20160617152246.GA2349@mail.hallyn.com> (raw)
In-Reply-To: <1465847065-3577-5-git-send-email-toiwoton@gmail.com>
Quoting Topi Miettinen (toiwoton@gmail.com):
> Track what devices are accessed and present them cgroup devices.accessed.
>
> Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
> ---
> security/device_cgroup.c | 70 +++++++++++++++++++++++++++++++++++++++++-------
> 1 file changed, 60 insertions(+), 10 deletions(-)
>
> diff --git a/security/device_cgroup.c b/security/device_cgroup.c
> index 03c1652..45aa730 100644
> --- a/security/device_cgroup.c
> +++ b/security/device_cgroup.c
> @@ -48,6 +48,7 @@ struct dev_exception_item {
> struct dev_cgroup {
> struct cgroup_subsys_state css;
> struct list_head exceptions;
> + struct list_head accessed;
> enum devcg_behavior behavior;
> };
>
> @@ -90,7 +91,7 @@ free_and_exit:
> /*
> * called under devcgroup_mutex
> */
> -static int dev_exception_add(struct dev_cgroup *dev_cgroup,
> +static int dev_exception_add(struct list_head *exceptions,
> struct dev_exception_item *ex)
If you're going to re-use this function for the accessed list, then it
should be renamed, bc as it is it's misleading.
It also should be restructured. The add-exceptions case was rare, so
doing kmemdup before checking for duplicates was ok. But for the
accessed list I think we want to check for duplicates before we kmemdup.
> {
> struct dev_exception_item *excopy, *walk;
> @@ -101,7 +102,7 @@ static int dev_exception_add(struct dev_cgroup *dev_cgroup,
> if (!excopy)
> return -ENOMEM;
>
> - list_for_each_entry(walk, &dev_cgroup->exceptions, list) {
> + list_for_each_entry(walk, exceptions, list) {
> if (walk->type != ex->type)
> continue;
> if (walk->major != ex->major)
> @@ -115,7 +116,7 @@ static int dev_exception_add(struct dev_cgroup *dev_cgroup,
> }
>
> if (excopy != NULL)
> - list_add_tail_rcu(&excopy->list, &dev_cgroup->exceptions);
> + list_add_tail_rcu(&excopy->list, exceptions);
> return 0;
> }
>
> @@ -155,6 +156,16 @@ static void __dev_exception_clean(struct dev_cgroup *dev_cgroup)
> }
> }
>
> +static void dev_accessed_clean(struct dev_cgroup *dev_cgroup)
> +{
> + struct dev_exception_item *ex, *tmp;
> +
> + list_for_each_entry_safe(ex, tmp, &dev_cgroup->accessed, list) {
> + list_del_rcu(&ex->list);
> + kfree_rcu(ex, rcu);
> + }
> +}
> +
> /**
> * dev_exception_clean - frees all entries of the exception list
> * @dev_cgroup: dev_cgroup with the exception list to be cleaned
> @@ -221,6 +232,7 @@ devcgroup_css_alloc(struct cgroup_subsys_state *parent_css)
> if (!dev_cgroup)
> return ERR_PTR(-ENOMEM);
> INIT_LIST_HEAD(&dev_cgroup->exceptions);
> + INIT_LIST_HEAD(&dev_cgroup->accessed);
> dev_cgroup->behavior = DEVCG_DEFAULT_NONE;
>
> return &dev_cgroup->css;
> @@ -231,6 +243,7 @@ static void devcgroup_css_free(struct cgroup_subsys_state *css)
> struct dev_cgroup *dev_cgroup = css_to_devcgroup(css);
>
> __dev_exception_clean(dev_cgroup);
> + dev_accessed_clean(dev_cgroup);
> kfree(dev_cgroup);
> }
>
> @@ -272,9 +285,9 @@ static void set_majmin(char *str, unsigned m)
> sprintf(str, "%u", m);
> }
>
> -static int devcgroup_seq_show(struct seq_file *m, void *v)
> +static int devcgroup_seq_show_list(struct seq_file *m, struct dev_cgroup *devcgroup,
> + struct list_head *exceptions, bool allow)
> {
> - struct dev_cgroup *devcgroup = css_to_devcgroup(seq_css(m));
> struct dev_exception_item *ex;
> char maj[MAJMINLEN], min[MAJMINLEN], acc[ACCLEN];
>
> @@ -285,14 +298,14 @@ static int devcgroup_seq_show(struct seq_file *m, void *v)
> * - List the exceptions in case the default policy is to deny
> * This way, the file remains as a "whitelist of devices"
> */
> - if (devcgroup->behavior == DEVCG_DEFAULT_ALLOW) {
> + if (allow) {
> set_access(acc, ACC_MASK);
> set_majmin(maj, ~0);
> set_majmin(min, ~0);
> seq_printf(m, "%c %s:%s %s\n", type_to_char(DEV_ALL),
> maj, min, acc);
> } else {
> - list_for_each_entry_rcu(ex, &devcgroup->exceptions, list) {
> + list_for_each_entry_rcu(ex, exceptions, list) {
> set_access(acc, ex->access);
> set_majmin(maj, ex->major);
> set_majmin(min, ex->minor);
> @@ -305,6 +318,36 @@ static int devcgroup_seq_show(struct seq_file *m, void *v)
> return 0;
> }
>
> +static int devcgroup_seq_show(struct seq_file *m, void *v)
> +{
> + struct dev_cgroup *devcgroup = css_to_devcgroup(seq_css(m));
> +
> + return devcgroup_seq_show_list(m, devcgroup, &devcgroup->exceptions,
> + devcgroup->behavior == DEVCG_DEFAULT_ALLOW);
> +}
> +
> +static int devcgroup_seq_show_accessed(struct seq_file *m, void *v)
> +{
> + struct dev_cgroup *devcgroup = css_to_devcgroup(seq_css(m));
> +
> + return devcgroup_seq_show_list(m, devcgroup, &devcgroup->accessed, false);
> +}
> +
> +static void devcgroup_add_accessed(struct dev_cgroup *dev_cgroup, short type,
> + u32 major, u32 minor, short access)
> +{
> + struct dev_exception_item ex;
> +
> + ex.type = type;
> + ex.major = major;
> + ex.minor = minor;
> + ex.access = access;
> +
> + mutex_lock(&devcgroup_mutex);
> + dev_exception_add(&dev_cgroup->accessed, &ex);
> + mutex_unlock(&devcgroup_mutex);
> +}
> +
> /**
> * match_exception - iterates the exception list trying to find a complete match
> * @exceptions: list of exceptions
> @@ -566,7 +609,7 @@ static int propagate_exception(struct dev_cgroup *devcg_root,
> */
> if (devcg_root->behavior == DEVCG_DEFAULT_ALLOW &&
> devcg->behavior == DEVCG_DEFAULT_ALLOW) {
> - rc = dev_exception_add(devcg, ex);
> + rc = dev_exception_add(&devcg->exceptions, ex);
> if (rc)
> break;
> } else {
> @@ -736,7 +779,7 @@ static int devcgroup_update_access(struct dev_cgroup *devcgroup,
>
> if (!parent_has_perm(devcgroup, &ex))
> return -EPERM;
> - rc = dev_exception_add(devcgroup, &ex);
> + rc = dev_exception_add(&devcgroup->exceptions, &ex);
> break;
> case DEVCG_DENY:
> /*
> @@ -747,7 +790,7 @@ static int devcgroup_update_access(struct dev_cgroup *devcgroup,
> if (devcgroup->behavior == DEVCG_DEFAULT_DENY)
> dev_exception_rm(devcgroup, &ex);
> else
> - rc = dev_exception_add(devcgroup, &ex);
> + rc = dev_exception_add(&devcgroup->exceptions, &ex);
>
> if (rc)
> break;
> @@ -788,6 +831,11 @@ static struct cftype dev_cgroup_files[] = {
> .seq_show = devcgroup_seq_show,
> .private = DEVCG_LIST,
> },
> + {
> + .name = "accessed",
> + .seq_show = devcgroup_seq_show_accessed,
> + .private = DEVCG_LIST,
> + },
> { } /* terminate */
> };
>
> @@ -830,6 +878,8 @@ static int __devcgroup_check_permission(short type, u32 major, u32 minor,
> if (!rc)
> return -EPERM;
>
> + devcgroup_add_accessed(dev_cgroup, type, major, minor, access);
> +
> return 0;
> }
>
> --
> 2.8.1
next prev parent reply other threads:[~2016-06-17 15:22 UTC|newest]
Thread overview: 96+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-13 19:44 [RFC 00/18] Present useful limits to user Topi Miettinen
2016-06-13 19:44 ` [RFC 01/18] capabilities: track actually used capabilities Topi Miettinen
2016-06-13 20:32 ` Andy Lutomirski
2016-06-13 20:45 ` Topi Miettinen
2016-06-13 21:12 ` Andy Lutomirski
2016-06-13 21:48 ` Topi Miettinen
2016-06-13 19:44 ` [RFC 02/18] cgroup_pids: track maximum pids Topi Miettinen
2016-06-13 19:44 ` Topi Miettinen
[not found] ` <1465847065-3577-3-git-send-email-toiwoton-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2016-06-13 21:12 ` Tejun Heo
2016-06-13 21:12 ` Tejun Heo
[not found] ` <20160613211227.GG31708-piEFEHQLUPpN0TnZuCh8vA@public.gmane.org>
2016-06-13 21:29 ` Topi Miettinen
2016-06-13 21:29 ` Topi Miettinen
[not found] ` <17cb1a37-47b1-dbd4-6835-efad3cf6c12f-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2016-06-13 21:33 ` Tejun Heo
2016-06-13 21:33 ` Tejun Heo
[not found] ` <20160613213354.GH31708-piEFEHQLUPpN0TnZuCh8vA@public.gmane.org>
2016-06-13 21:59 ` Topi Miettinen
2016-06-13 21:59 ` Topi Miettinen
[not found] ` <15ef1041-35b6-cb31-ff98-8b0be7780bc3-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2016-06-13 22:09 ` Tejun Heo
2016-06-13 22:09 ` Tejun Heo
2016-07-17 20:11 ` Topi Miettinen
2016-07-17 20:11 ` Topi Miettinen
[not found] ` <3b03822f-c5d0-5b84-79c3-edeb8e78e2dd-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2016-07-19 1:09 ` Tejun Heo
2016-07-19 1:09 ` Tejun Heo
2016-07-19 16:59 ` Topi Miettinen
[not found] ` <45e50dcb-7446-d203-de6e-0a59dc09a874-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2016-07-19 18:13 ` Tejun Heo
2016-07-19 18:13 ` Tejun Heo
2016-06-13 19:44 ` [RFC 03/18] memcontrol: present maximum used memory also for cgroup-v2 Topi Miettinen
2016-06-13 19:44 ` Topi Miettinen
[not found] ` <1465847065-3577-4-git-send-email-toiwoton-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2016-06-14 7:01 ` Michal Hocko
2016-06-14 7:01 ` Michal Hocko
2016-06-14 7:01 ` Michal Hocko
[not found] ` <20160614070130.GB5681-2MMpYkNvuYDjFM9bn6wA6Q@public.gmane.org>
2016-06-14 15:47 ` Topi Miettinen
2016-06-14 15:47 ` Topi Miettinen
2016-06-14 15:47 ` Topi Miettinen
[not found] ` <b9d04ccd-28d2-993a-2a40-bbed7b6289d4-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2016-06-14 16:04 ` Johannes Weiner
2016-06-14 16:04 ` Johannes Weiner
2016-06-14 16:04 ` Johannes Weiner
[not found] ` <20160614160410.GB14279-druUgvl0LCNAfugRpC6u6w@public.gmane.org>
2016-06-14 17:15 ` Topi Miettinen
2016-06-14 17:15 ` Topi Miettinen
2016-06-14 17:15 ` Topi Miettinen
[not found] ` <db6a51eb-d1f7-691b-11a6-ef0b7c1c9462-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2016-06-16 10:27 ` Michal Hocko
2016-06-16 10:27 ` Michal Hocko
2016-06-16 10:27 ` Michal Hocko
2016-06-13 19:44 ` [RFC 04/18] device_cgroup: track and present accessed devices Topi Miettinen
2016-06-17 15:22 ` Serge E. Hallyn [this message]
2016-06-13 19:44 ` [RFC 05/18] limits: track and present RLIMIT_NOFILE actual max Topi Miettinen
2016-06-13 20:40 ` Andy Lutomirski
2016-06-13 21:13 ` Topi Miettinen
2016-06-13 21:16 ` Andy Lutomirski
2016-06-14 15:21 ` Topi Miettinen
2016-06-13 19:44 ` [RFC 06/18] limits: present RLIMIT_CPU and RLIMIT_RTTIMER current status Topi Miettinen
2016-06-14 9:14 ` Alexey Dobriyan
2016-06-13 19:44 ` [RFC 07/18] limits: track RLIMIT_FSIZE actual max Topi Miettinen
2016-06-13 19:44 ` Topi Miettinen
2016-06-13 19:44 ` Topi Miettinen
2016-06-13 19:44 ` [RFC 08/18] limits: track RLIMIT_DATA " Topi Miettinen
2016-06-13 19:44 ` Topi Miettinen
2016-06-13 19:44 ` Topi Miettinen
2016-06-13 19:44 ` [RFC 09/18] limits: track RLIMIT_CORE " Topi Miettinen
2016-06-13 19:44 ` [RFC 10/18] limits: track RLIMIT_STACK " Topi Miettinen
2016-06-13 19:44 ` Topi Miettinen
2016-06-13 19:44 ` [RFC 11/18] limits: track and present RLIMIT_NPROC " Topi Miettinen
2016-06-13 22:27 ` Jann Horn
2016-06-14 15:40 ` Topi Miettinen
2016-06-14 23:15 ` Jann Horn
2016-06-13 19:44 ` [RFC 12/18] limits: track RLIMIT_MEMLOCK " Topi Miettinen
2016-06-13 19:44 ` Topi Miettinen
2016-06-13 19:44 ` Topi Miettinen
2016-06-13 20:43 ` Alex Williamson
2016-06-13 20:43 ` Alex Williamson
2016-06-13 20:43 ` Alex Williamson
2016-06-13 21:17 ` Topi Miettinen
2016-06-13 21:17 ` Topi Miettinen
2016-06-13 21:17 ` Topi Miettinen
2016-06-18 0:59 ` Doug Ledford
2016-06-18 0:59 ` Doug Ledford
2016-06-18 7:00 ` Topi Miettinen
2016-06-18 7:00 ` Topi Miettinen
2016-06-18 7:00 ` Topi Miettinen
2016-06-13 19:44 ` [RFC 13/18] limits: track RLIMIT_AS " Topi Miettinen
2016-06-13 19:44 ` Topi Miettinen
2016-06-13 19:44 ` [RFC 14/18] limits: track RLIMIT_SIGPENDING " Topi Miettinen
2016-06-14 14:50 ` Oleg Nesterov
2016-06-14 15:51 ` Topi Miettinen
2016-06-13 19:44 ` [RFC 15/18] limits: track RLIMIT_MSGQUEUE " Topi Miettinen
2016-06-17 19:52 ` Doug Ledford
2016-06-13 19:44 ` [RFC 16/18] limits: track RLIMIT_NICE " Topi Miettinen
2016-06-13 19:44 ` [RFC 17/18] limits: track RLIMIT_RTPRIO " Topi Miettinen
2016-06-13 19:44 ` [RFC 18/18] proc: present VM_LOCKED memory in /proc/self/maps Topi Miettinen
2016-06-13 20:43 ` Kees Cook
2016-06-13 20:52 ` Topi Miettinen
2016-06-14 19:03 ` [RFC 00/18] Present useful limits to user Konstantin Khlebnikov
2016-06-14 19:46 ` Topi Miettinen
2016-06-15 14:47 ` Austin S. Hemmelgarn
2016-06-18 14:45 ` Konstantin Khlebnikov
2016-06-19 6:38 ` Topi Miettinen
2016-06-20 17:37 ` Austin S. Hemmelgarn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160617152246.GA2349@mail.hallyn.com \
--to=serge@hallyn.com \
--cc=james.l.morris@oracle.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=toiwoton@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.