* [PATCH v35 11/29] LSM: Use lsmblob in security_current_getsecid
[not found] <20220418145945.38797-1-casey@schaufler-ca.com>
@ 2022-04-18 14:59 ` Casey Schaufler
2022-04-18 14:59 ` [PATCH v35 12/29] LSM: Use lsmblob in security_inode_getsecid Casey Schaufler
` (3 subsequent siblings)
4 siblings, 0 replies; 11+ messages in thread
From: Casey Schaufler @ 2022-04-18 14:59 UTC (permalink / raw)
To: casey.schaufler, jmorris, linux-security-module, selinux
Cc: casey, linux-audit, keescook, john.johansen, penguin-kernel, paul,
stephen.smalley.work, linux-kernel, linux-integrity, netdev
Change the security_current_getsecid_subj() and
security_task_getsecid_obj() interfaces to fill in
a lsmblob structure instead of a u32 secid in support of
LSM stacking. Audit interfaces will need to collect all
possible secids for possible reporting.
Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: John Johansen <john.johansen@canonical.com>
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Cc: linux-integrity@vger.kernel.org
Cc: linux-audit@redhat.com
Cc: netdev@vger.kernel.org
---
drivers/android/binder.c | 6 +--
include/linux/security.h | 31 ++++++++++---
kernel/audit.c | 16 +++----
kernel/auditfilter.c | 4 +-
kernel/auditsc.c | 25 +++++------
net/netlabel/netlabel_unlabeled.c | 4 +-
net/netlabel/netlabel_user.h | 6 ++-
security/integrity/ima/ima_appraise.c | 11 ++---
security/integrity/ima/ima_main.c | 63 ++++++++++++++++-----------
security/security.c | 25 ++++++++---
10 files changed, 117 insertions(+), 74 deletions(-)
diff --git a/drivers/android/binder.c b/drivers/android/binder.c
index 381a4fddd4a5..bae8440ffc73 100644
--- a/drivers/android/binder.c
+++ b/drivers/android/binder.c
@@ -2980,16 +2980,16 @@ static void binder_transaction(struct binder_proc *proc,
t->priority = task_nice(current);
if (target_node && target_node->txn_security_ctx) {
- u32 secid;
struct lsmblob blob;
size_t added_size;
+ u32 secid;
security_cred_getsecid(proc->cred, &secid);
/*
- * Later in this patch set security_task_getsecid() will
+ * Later in this patch set security_cred_getsecid() will
* provide a lsmblob instead of a secid. lsmblob_init
* is used to ensure that all the secids in the lsmblob
- * get the value returned from security_task_getsecid(),
+ * get the value returned from security_cred_getsecid(),
* which means that the one expected by
* security_secid_to_secctx() will be set.
*/
diff --git a/include/linux/security.h b/include/linux/security.h
index 4cfeb5eb29fc..d11dfa33c1c7 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -220,6 +220,24 @@ static inline u32 lsmblob_value(const struct lsmblob *blob)
return 0;
}
+/**
+ * lsmblob_first - secid value for the first LSM slot
+ * @blob: Pointer to the data
+ *
+ * Return the secid value from the first LSM slot.
+ * There may not be any LSM slots.
+ *
+ * Return the value in secid[0] if there are any slots, 0 otherwise.
+ */
+static inline u32 lsmblob_first(const struct lsmblob *blob)
+{
+#if LSMBLOB_ENTRIES > 0
+ return blob->secid[0];
+#else
+ return 0;
+#endif
+}
+
/* These functions are in security/commoncap.c */
extern int cap_capable(const struct cred *cred, struct user_namespace *ns,
int cap, unsigned int opts);
@@ -502,8 +520,8 @@ int security_task_fix_setgid(struct cred *new, const struct cred *old,
int security_task_setpgid(struct task_struct *p, pid_t pgid);
int security_task_getpgid(struct task_struct *p);
int security_task_getsid(struct task_struct *p);
-void security_current_getsecid_subj(u32 *secid);
-void security_task_getsecid_obj(struct task_struct *p, u32 *secid);
+void security_current_getsecid_subj(struct lsmblob *blob);
+void security_task_getsecid_obj(struct task_struct *p, struct lsmblob *blob);
int security_task_setnice(struct task_struct *p, int nice);
int security_task_setioprio(struct task_struct *p, int ioprio);
int security_task_getioprio(struct task_struct *p);
@@ -1199,14 +1217,15 @@ static inline int security_task_getsid(struct task_struct *p)
return 0;
}
-static inline void security_current_getsecid_subj(u32 *secid)
+static inline void security_current_getsecid_subj(struct lsmblob *blob)
{
- *secid = 0;
+ lsmblob_init(blob, 0);
}
-static inline void security_task_getsecid_obj(struct task_struct *p, u32 *secid)
+static inline void security_task_getsecid_obj(struct task_struct *p,
+ struct lsmblob *blob)
{
- *secid = 0;
+ lsmblob_init(blob, 0);
}
static inline int security_task_setnice(struct task_struct *p, int nice)
diff --git a/kernel/audit.c b/kernel/audit.c
index 2acf95cf9895..2834e55844db 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -2178,19 +2178,12 @@ int audit_log_task_context(struct audit_buffer *ab)
char *ctx = NULL;
unsigned len;
int error;
- u32 sid;
struct lsmblob blob;
- security_current_getsecid_subj(&sid);
- if (!sid)
+ security_current_getsecid_subj(&blob);
+ if (!lsmblob_is_set(&blob))
return 0;
- /*
- * lsmblob_init sets all values in the lsmblob to sid.
- * This is temporary until security_task_getsecid is converted
- * to use a lsmblob, which happens later in this patch set.
- */
- lsmblob_init(&blob, sid);
error = security_secid_to_secctx(&blob, &ctx, &len);
if (error) {
@@ -2399,6 +2392,7 @@ int audit_set_loginuid(kuid_t loginuid)
int audit_signal_info(int sig, struct task_struct *t)
{
kuid_t uid = current_uid(), auid;
+ struct lsmblob blob;
if (auditd_test_task(t) &&
(sig == SIGTERM || sig == SIGHUP ||
@@ -2409,7 +2403,9 @@ int audit_signal_info(int sig, struct task_struct *t)
audit_sig_uid = auid;
else
audit_sig_uid = uid;
- security_current_getsecid_subj(&audit_sig_sid);
+ security_current_getsecid_subj(&blob);
+ /* scaffolding until audit_sig_sid is converted */
+ audit_sig_sid = lsmblob_first(&blob);
}
return audit_signal_info_syscall(t);
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index 15cd4fe35e9c..39ded5cb2429 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -1339,7 +1339,6 @@ int audit_filter(int msgtype, unsigned int listtype)
struct audit_field *f = &e->rule.fields[i];
struct lsmblob blob;
pid_t pid;
- u32 sid;
switch (f->type) {
case AUDIT_PID:
@@ -1369,8 +1368,7 @@ int audit_filter(int msgtype, unsigned int listtype)
case AUDIT_SUBJ_SEN:
case AUDIT_SUBJ_CLR:
if (f->lsm_str) {
- security_current_getsecid_subj(&sid);
- lsmblob_init(&blob, sid);
+ security_current_getsecid_subj(&blob);
result = security_audit_rule_match(
&blob, f->type, f->op,
&f->lsm_rules);
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index d125dba69a76..b7bfc934436d 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -467,7 +467,6 @@ static int audit_filter_rules(struct task_struct *tsk,
{
const struct cred *cred;
int i, need_sid = 1;
- u32 sid;
struct lsmblob blob;
unsigned int sessionid;
@@ -676,17 +675,9 @@ static int audit_filter_rules(struct task_struct *tsk,
* here even though it always refs
* @current's creds
*/
- security_current_getsecid_subj(&sid);
+ security_current_getsecid_subj(&blob);
need_sid = 0;
}
- /*
- * lsmblob_init sets all values in the lsmblob
- * to sid. This is temporary until
- * security_task_getsecid() is converted to
- * provide a lsmblob, which happens later in
- * this patch set.
- */
- lsmblob_init(&blob, sid);
result = security_audit_rule_match(&blob,
f->type, f->op,
&f->lsm_rules);
@@ -2764,12 +2755,15 @@ int __audit_sockaddr(int len, void *a)
void __audit_ptrace(struct task_struct *t)
{
struct audit_context *context = audit_context();
+ struct lsmblob blob;
context->target_pid = task_tgid_nr(t);
context->target_auid = audit_get_loginuid(t);
context->target_uid = task_uid(t);
context->target_sessionid = audit_get_sessionid(t);
- security_task_getsecid_obj(t, &context->target_sid);
+ security_task_getsecid_obj(t, &blob);
+ /* scaffolding - until target_sid is converted */
+ context->target_sid = lsmblob_first(&blob);
memcpy(context->target_comm, t->comm, TASK_COMM_LEN);
}
@@ -2785,6 +2779,7 @@ int audit_signal_info_syscall(struct task_struct *t)
struct audit_aux_data_pids *axp;
struct audit_context *ctx = audit_context();
kuid_t t_uid = task_uid(t);
+ struct lsmblob blob;
if (!audit_signals || audit_dummy_context())
return 0;
@@ -2796,7 +2791,9 @@ int audit_signal_info_syscall(struct task_struct *t)
ctx->target_auid = audit_get_loginuid(t);
ctx->target_uid = t_uid;
ctx->target_sessionid = audit_get_sessionid(t);
- security_task_getsecid_obj(t, &ctx->target_sid);
+ security_task_getsecid_obj(t, &blob);
+ /* scaffolding until target_sid is converted */
+ ctx->target_sid = lsmblob_first(&blob);
memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN);
return 0;
}
@@ -2817,7 +2814,9 @@ int audit_signal_info_syscall(struct task_struct *t)
axp->target_auid[axp->pid_count] = audit_get_loginuid(t);
axp->target_uid[axp->pid_count] = t_uid;
axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t);
- security_task_getsecid_obj(t, &axp->target_sid[axp->pid_count]);
+ security_task_getsecid_obj(t, &blob);
+ /* scaffolding until target_sid is converted */
+ axp->target_sid[axp->pid_count] = lsmblob_first(&blob);
memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN);
axp->pid_count++;
diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c
index 0a99663e6edb..bbb3b6a4f0d7 100644
--- a/net/netlabel/netlabel_unlabeled.c
+++ b/net/netlabel/netlabel_unlabeled.c
@@ -1562,11 +1562,13 @@ int __init netlbl_unlabel_defconf(void)
int ret_val;
struct netlbl_dom_map *entry;
struct netlbl_audit audit_info;
+ struct lsmblob blob;
/* Only the kernel is allowed to call this function and the only time
* it is called is at bootup before the audit subsystem is reporting
* messages so don't worry to much about these values. */
- security_current_getsecid_subj(&audit_info.secid);
+ security_current_getsecid_subj(&blob);
+ audit_info.secid = lsmblob_first(&blob);
audit_info.loginuid = GLOBAL_ROOT_UID;
audit_info.sessionid = 0;
diff --git a/net/netlabel/netlabel_user.h b/net/netlabel/netlabel_user.h
index d6c5b31eb4eb..34bb6572f33b 100644
--- a/net/netlabel/netlabel_user.h
+++ b/net/netlabel/netlabel_user.h
@@ -32,7 +32,11 @@
*/
static inline void netlbl_netlink_auditinfo(struct netlbl_audit *audit_info)
{
- security_current_getsecid_subj(&audit_info->secid);
+ struct lsmblob blob;
+
+ security_current_getsecid_subj(&blob);
+ /* scaffolding until secid is converted */
+ audit_info->secid = lsmblob_first(&blob);
audit_info->loginuid = audit_get_loginuid(current);
audit_info->sessionid = audit_get_sessionid(current);
}
diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c
index 17232bbfb9f9..f9eadbf53cb6 100644
--- a/security/integrity/ima/ima_appraise.c
+++ b/security/integrity/ima/ima_appraise.c
@@ -71,15 +71,16 @@ bool is_ima_appraise_enabled(void)
int ima_must_appraise(struct user_namespace *mnt_userns, struct inode *inode,
int mask, enum ima_hooks func)
{
- u32 secid;
+ struct lsmblob blob;
if (!ima_appraise)
return 0;
- security_current_getsecid_subj(&secid);
- return ima_match_policy(mnt_userns, inode, current_cred(), secid,
- func, mask, IMA_APPRAISE | IMA_HASH, NULL,
- NULL, NULL, NULL);
+ security_current_getsecid_subj(&blob);
+ return ima_match_policy(mnt_userns, inode, current_cred(),
+ lsmblob_first(&blob), func, mask,
+ IMA_APPRAISE | IMA_HASH, NULL, NULL, NULL,
+ NULL);
}
static int ima_fix_xattr(struct dentry *dentry,
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 3d3f8c5c502b..3d8d9162a5e3 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -405,12 +405,14 @@ static int process_measurement(struct file *file, const struct cred *cred,
*/
int ima_file_mmap(struct file *file, unsigned long prot)
{
- u32 secid;
+ struct lsmblob blob;
if (file && (prot & PROT_EXEC)) {
- security_current_getsecid_subj(&secid);
- return process_measurement(file, current_cred(), secid, NULL,
- 0, MAY_EXEC, MMAP_CHECK);
+ security_current_getsecid_subj(&blob);
+ /* scaffolding - until process_measurement changes */
+ return process_measurement(file, current_cred(),
+ lsmblob_first(&blob), NULL, 0,
+ MAY_EXEC, MMAP_CHECK);
}
return 0;
@@ -437,9 +439,9 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot)
char *pathbuf = NULL;
const char *pathname = NULL;
struct inode *inode;
+ struct lsmblob blob;
int result = 0;
int action;
- u32 secid;
int pcr;
/* Is mprotect making an mmap'ed file executable? */
@@ -447,11 +449,12 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot)
!(prot & PROT_EXEC) || (vma->vm_flags & VM_EXEC))
return 0;
- security_current_getsecid_subj(&secid);
+ security_current_getsecid_subj(&blob);
inode = file_inode(vma->vm_file);
action = ima_get_action(file_mnt_user_ns(vma->vm_file), inode,
- current_cred(), secid, MAY_EXEC, MMAP_CHECK,
- &pcr, &template, NULL, NULL);
+ current_cred(), lsmblob_first(&blob),
+ MAY_EXEC, MMAP_CHECK, &pcr, &template, NULL,
+ NULL);
/* Is the mmap'ed file in policy? */
if (!(action & (IMA_MEASURE | IMA_APPRAISE_SUBMASK)))
@@ -487,10 +490,13 @@ int ima_bprm_check(struct linux_binprm *bprm)
{
int ret;
u32 secid;
+ struct lsmblob blob;
- security_current_getsecid_subj(&secid);
- ret = process_measurement(bprm->file, current_cred(), secid, NULL, 0,
- MAY_EXEC, BPRM_CHECK);
+ security_current_getsecid_subj(&blob);
+ /* scaffolding until process_measurement changes */
+ ret = process_measurement(bprm->file, current_cred(),
+ lsmblob_first(&blob), NULL, 0, MAY_EXEC,
+ BPRM_CHECK);
if (ret)
return ret;
@@ -511,10 +517,12 @@ int ima_bprm_check(struct linux_binprm *bprm)
*/
int ima_file_check(struct file *file, int mask)
{
- u32 secid;
+ struct lsmblob blob;
- security_current_getsecid_subj(&secid);
- return process_measurement(file, current_cred(), secid, NULL, 0,
+ security_current_getsecid_subj(&blob);
+ /* scaffolding until process_measurement changes */
+ return process_measurement(file, current_cred(), lsmblob_first(&blob),
+ NULL, 0,
mask & (MAY_READ | MAY_WRITE | MAY_EXEC |
MAY_APPEND), FILE_CHECK);
}
@@ -710,7 +718,7 @@ int ima_read_file(struct file *file, enum kernel_read_file_id read_id,
bool contents)
{
enum ima_hooks func;
- u32 secid;
+ struct lsmblob blob;
/*
* Do devices using pre-allocated memory run the risk of the
@@ -730,9 +738,10 @@ int ima_read_file(struct file *file, enum kernel_read_file_id read_id,
/* Read entire file for all partial reads. */
func = read_idmap[read_id] ?: FILE_CHECK;
- security_current_getsecid_subj(&secid);
- return process_measurement(file, current_cred(), secid, NULL,
- 0, MAY_READ, func);
+ security_current_getsecid_subj(&blob);
+ /* scaffolding - until process_measurement changes */
+ return process_measurement(file, current_cred(), lsmblob_first(&blob),
+ NULL, 0, MAY_READ, func);
}
const int read_idmap[READING_MAX_ID] = {
@@ -760,7 +769,7 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size,
enum kernel_read_file_id read_id)
{
enum ima_hooks func;
- u32 secid;
+ struct lsmblob blob;
/* permit signed certs */
if (!file && read_id == READING_X509_CERTIFICATE)
@@ -773,9 +782,10 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size,
}
func = read_idmap[read_id] ?: FILE_CHECK;
- security_current_getsecid_subj(&secid);
- return process_measurement(file, current_cred(), secid, buf, size,
- MAY_READ, func);
+ security_current_getsecid_subj(&blob);
+ /* scaffolding - until process_measurement changes */
+ return process_measurement(file, current_cred(), lsmblob_first(&blob),
+ buf, size, MAY_READ, func);
}
/**
@@ -900,7 +910,7 @@ int process_buffer_measurement(struct user_namespace *mnt_userns,
int digest_hash_len = hash_digest_size[ima_hash_algo];
int violation = 0;
int action = 0;
- u32 secid;
+ struct lsmblob blob;
if (digest && digest_len < digest_hash_len)
return -EINVAL;
@@ -923,10 +933,11 @@ int process_buffer_measurement(struct user_namespace *mnt_userns,
* buffer measurements.
*/
if (func) {
- security_current_getsecid_subj(&secid);
+ security_current_getsecid_subj(&blob);
+ /* scaffolding */
action = ima_get_action(mnt_userns, inode, current_cred(),
- secid, 0, func, &pcr, &template,
- func_data, NULL);
+ lsmblob_first(&blob), 0, func, &pcr,
+ &template, func_data, NULL);
if (!(action & IMA_MEASURE) && !digest)
return -ENOENT;
}
diff --git a/security/security.c b/security/security.c
index 131c851dd681..eae5b7f3a0db 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1922,17 +1922,30 @@ int security_task_getsid(struct task_struct *p)
return call_int_hook(task_getsid, 0, p);
}
-void security_current_getsecid_subj(u32 *secid)
+void security_current_getsecid_subj(struct lsmblob *blob)
{
- *secid = 0;
- call_void_hook(current_getsecid_subj, secid);
+ struct security_hook_list *hp;
+
+ lsmblob_init(blob, 0);
+ hlist_for_each_entry(hp, &security_hook_heads.current_getsecid_subj,
+ list) {
+ if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot))
+ continue;
+ hp->hook.current_getsecid_subj(&blob->secid[hp->lsmid->slot]);
+ }
}
EXPORT_SYMBOL(security_current_getsecid_subj);
-void security_task_getsecid_obj(struct task_struct *p, u32 *secid)
+void security_task_getsecid_obj(struct task_struct *p, struct lsmblob *blob)
{
- *secid = 0;
- call_void_hook(task_getsecid_obj, p, secid);
+ struct security_hook_list *hp;
+
+ lsmblob_init(blob, 0);
+ hlist_for_each_entry(hp, &security_hook_heads.task_getsecid_obj, list) {
+ if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot))
+ continue;
+ hp->hook.task_getsecid_obj(p, &blob->secid[hp->lsmid->slot]);
+ }
}
EXPORT_SYMBOL(security_task_getsecid_obj);
--
2.35.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [PATCH v35 12/29] LSM: Use lsmblob in security_inode_getsecid
[not found] <20220418145945.38797-1-casey@schaufler-ca.com>
2022-04-18 14:59 ` [PATCH v35 11/29] LSM: Use lsmblob in security_current_getsecid Casey Schaufler
@ 2022-04-18 14:59 ` Casey Schaufler
2022-04-18 14:59 ` [PATCH v35 13/29] LSM: Use lsmblob in security_cred_getsecid Casey Schaufler
` (2 subsequent siblings)
4 siblings, 0 replies; 11+ messages in thread
From: Casey Schaufler @ 2022-04-18 14:59 UTC (permalink / raw)
To: casey.schaufler, jmorris, linux-security-module, selinux
Cc: casey, linux-audit, keescook, john.johansen, penguin-kernel, paul,
stephen.smalley.work, linux-kernel, linux-integrity
Change the security_inode_getsecid() interface to fill in a
lsmblob structure instead of a u32 secid. This allows for its
callers to gather data from all registered LSMs. Data is provided
for IMA and audit.
Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: John Johansen <john.johansen@canonical.com>
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Cc: linux-integrity@vger.kernel.org
Cc: linux-audit@redhat.com
---
include/linux/security.h | 7 ++++---
kernel/auditsc.c | 6 +++++-
security/integrity/ima/ima_policy.c | 7 ++++---
security/security.c | 11 +++++++++--
4 files changed, 22 insertions(+), 9 deletions(-)
diff --git a/include/linux/security.h b/include/linux/security.h
index d11dfa33c1c7..781b1a2374c0 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -474,7 +474,7 @@ int security_inode_getsecurity(struct user_namespace *mnt_userns,
void **buffer, bool alloc);
int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags);
int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size);
-void security_inode_getsecid(struct inode *inode, u32 *secid);
+void security_inode_getsecid(struct inode *inode, struct lsmblob *blob);
int security_inode_copy_up(struct dentry *src, struct cred **new);
int security_inode_copy_up_xattr(const char *name);
int security_kernfs_init_security(struct kernfs_node *kn_dir,
@@ -1020,9 +1020,10 @@ static inline int security_inode_listsecurity(struct inode *inode, char *buffer,
return 0;
}
-static inline void security_inode_getsecid(struct inode *inode, u32 *secid)
+static inline void security_inode_getsecid(struct inode *inode,
+ struct lsmblob *blob)
{
- *secid = 0;
+ lsmblob_init(blob, 0);
}
static inline int security_inode_copy_up(struct dentry *src, struct cred **new)
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index b7bfc934436d..fb8c4c61189d 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -2300,13 +2300,17 @@ static void audit_copy_inode(struct audit_names *name,
const struct dentry *dentry,
struct inode *inode, unsigned int flags)
{
+ struct lsmblob blob;
+
name->ino = inode->i_ino;
name->dev = inode->i_sb->s_dev;
name->mode = inode->i_mode;
name->uid = inode->i_uid;
name->gid = inode->i_gid;
name->rdev = inode->i_rdev;
- security_inode_getsecid(inode, &name->osid);
+ security_inode_getsecid(inode, &blob);
+ /* scaffolding until osid is updated */
+ name->osid = lsmblob_first(&blob);
if (flags & AUDIT_INODE_NOEVAL) {
name->fcap_ver = -1;
return;
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
index 97470354c8ae..3deedfb2775f 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -624,7 +624,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule,
return false;
for (i = 0; i < MAX_LSM_RULES; i++) {
int rc = 0;
- u32 osid;
+ struct lsmblob lsmdata;
if (!rule->lsm[i].rule) {
if (!rule->lsm[i].args_p)
@@ -636,8 +636,9 @@ static bool ima_match_rules(struct ima_rule_entry *rule,
case LSM_OBJ_USER:
case LSM_OBJ_ROLE:
case LSM_OBJ_TYPE:
- security_inode_getsecid(inode, &osid);
- rc = ima_filter_rule_match(osid, rule->lsm[i].type,
+ security_inode_getsecid(inode, &lsmdata);
+ rc = ima_filter_rule_match(lsmdata.secid[rule->which],
+ rule->lsm[i].type,
Audit_equal,
rule->lsm[i].rule,
rule->which);
diff --git a/security/security.c b/security/security.c
index eae5b7f3a0db..297a6be2e23a 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1566,9 +1566,16 @@ int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer
}
EXPORT_SYMBOL(security_inode_listsecurity);
-void security_inode_getsecid(struct inode *inode, u32 *secid)
+void security_inode_getsecid(struct inode *inode, struct lsmblob *blob)
{
- call_void_hook(inode_getsecid, inode, secid);
+ struct security_hook_list *hp;
+
+ lsmblob_init(blob, 0);
+ hlist_for_each_entry(hp, &security_hook_heads.inode_getsecid, list) {
+ if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot))
+ continue;
+ hp->hook.inode_getsecid(inode, &blob->secid[hp->lsmid->slot]);
+ }
}
int security_inode_copy_up(struct dentry *src, struct cred **new)
--
2.35.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [PATCH v35 13/29] LSM: Use lsmblob in security_cred_getsecid
[not found] <20220418145945.38797-1-casey@schaufler-ca.com>
2022-04-18 14:59 ` [PATCH v35 11/29] LSM: Use lsmblob in security_current_getsecid Casey Schaufler
2022-04-18 14:59 ` [PATCH v35 12/29] LSM: Use lsmblob in security_inode_getsecid Casey Schaufler
@ 2022-04-18 14:59 ` Casey Schaufler
2022-04-18 18:02 ` kernel test robot
` (2 more replies)
2022-04-18 14:59 ` [PATCH v35 15/29] LSM: Ensure the correct LSM context releaser Casey Schaufler
[not found] ` <20220418145945.38797-6-casey@schaufler-ca.com>
4 siblings, 3 replies; 11+ messages in thread
From: Casey Schaufler @ 2022-04-18 14:59 UTC (permalink / raw)
To: casey.schaufler, jmorris, linux-security-module, selinux
Cc: casey, linux-audit, keescook, john.johansen, penguin-kernel, paul,
stephen.smalley.work, linux-kernel, linux-integrity
Change the security_cred_getsecid() interface to fill in a
lsmblob instead of a u32 secid. The associated data elements
in the audit sub-system are changed from a secid to a lsmblob
to accommodate multiple possible LSM audit users.
Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: John Johansen <john.johansen@canonical.com>
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Cc: linux-integrity@vger.kernel.org
Cc: linux-audit@redhat.com
---
drivers/android/binder.c | 12 +----------
include/linux/security.h | 5 +++--
kernel/audit.c | 25 +++++++----------------
kernel/audit.h | 3 ++-
kernel/auditsc.c | 33 +++++++++++--------------------
security/integrity/ima/ima_main.c | 8 ++++----
security/security.c | 12 ++++++++---
7 files changed, 38 insertions(+), 60 deletions(-)
diff --git a/drivers/android/binder.c b/drivers/android/binder.c
index bae8440ffc73..26838061defb 100644
--- a/drivers/android/binder.c
+++ b/drivers/android/binder.c
@@ -2982,18 +2982,8 @@ static void binder_transaction(struct binder_proc *proc,
if (target_node && target_node->txn_security_ctx) {
struct lsmblob blob;
size_t added_size;
- u32 secid;
- security_cred_getsecid(proc->cred, &secid);
- /*
- * Later in this patch set security_cred_getsecid() will
- * provide a lsmblob instead of a secid. lsmblob_init
- * is used to ensure that all the secids in the lsmblob
- * get the value returned from security_cred_getsecid(),
- * which means that the one expected by
- * security_secid_to_secctx() will be set.
- */
- lsmblob_init(&blob, secid);
+ security_cred_getsecid(proc->cred, &blob);
ret = security_secid_to_secctx(&blob, &secctx, &secctx_sz);
if (ret) {
return_error = BR_FAILED_REPLY;
diff --git a/include/linux/security.h b/include/linux/security.h
index 781b1a2374c0..fa413a5a2ccb 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -501,7 +501,7 @@ int security_cred_alloc_blank(struct cred *cred, gfp_t gfp);
void security_cred_free(struct cred *cred);
int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp);
void security_transfer_creds(struct cred *new, const struct cred *old);
-void security_cred_getsecid(const struct cred *c, u32 *secid);
+void security_cred_getsecid(const struct cred *c, struct lsmblob *blob);
int security_kernel_act_as(struct cred *new, struct lsmblob *blob);
int security_kernel_create_files_as(struct cred *new, struct inode *inode);
int security_kernel_module_request(char *kmod_name);
@@ -1141,7 +1141,8 @@ static inline void security_transfer_creds(struct cred *new,
{
}
-static inline void security_cred_getsecid(const struct cred *c, u32 *secid)
+static inline void security_cred_getsecid(const struct cred *c,
+ struct lsmblob *blob)
{
*secid = 0;
}
diff --git a/kernel/audit.c b/kernel/audit.c
index 2834e55844db..2b670ac129be 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -125,7 +125,7 @@ static u32 audit_backlog_wait_time = AUDIT_BACKLOG_WAIT_TIME;
/* The identity of the user shutting down the audit system. */
static kuid_t audit_sig_uid = INVALID_UID;
static pid_t audit_sig_pid = -1;
-static u32 audit_sig_sid;
+struct lsmblob audit_sig_lsm;
/* Records can be lost in several ways:
0) [suppressed in audit_alloc]
@@ -1463,29 +1463,21 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
}
case AUDIT_SIGNAL_INFO:
len = 0;
- if (audit_sig_sid) {
- struct lsmblob blob;
-
- /*
- * lsmblob_init sets all values in the lsmblob
- * to audit_sig_sid. This is temporary until
- * audit_sig_sid is converted to a lsmblob, which
- * happens later in this patch set.
- */
- lsmblob_init(&blob, audit_sig_sid);
- err = security_secid_to_secctx(&blob, &ctx, &len);
+ if (lsmblob_is_set(&audit_sig_lsm)) {
+ err = security_secid_to_secctx(&audit_sig_lsm, &ctx,
+ &len);
if (err)
return err;
}
sig_data = kmalloc(struct_size(sig_data, ctx, len), GFP_KERNEL);
if (!sig_data) {
- if (audit_sig_sid)
+ if (lsmblob_is_set(&audit_sig_lsm))
security_release_secctx(ctx, len);
return -ENOMEM;
}
sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid);
sig_data->pid = audit_sig_pid;
- if (audit_sig_sid) {
+ if (lsmblob_is_set(&audit_sig_lsm)) {
memcpy(sig_data->ctx, ctx, len);
security_release_secctx(ctx, len);
}
@@ -2392,7 +2384,6 @@ int audit_set_loginuid(kuid_t loginuid)
int audit_signal_info(int sig, struct task_struct *t)
{
kuid_t uid = current_uid(), auid;
- struct lsmblob blob;
if (auditd_test_task(t) &&
(sig == SIGTERM || sig == SIGHUP ||
@@ -2403,9 +2394,7 @@ int audit_signal_info(int sig, struct task_struct *t)
audit_sig_uid = auid;
else
audit_sig_uid = uid;
- security_current_getsecid_subj(&blob);
- /* scaffolding until audit_sig_sid is converted */
- audit_sig_sid = lsmblob_first(&blob);
+ security_current_getsecid_subj(&audit_sig_lsm);
}
return audit_signal_info_syscall(t);
diff --git a/kernel/audit.h b/kernel/audit.h
index 58b66543b4d5..316fac62d5f7 100644
--- a/kernel/audit.h
+++ b/kernel/audit.h
@@ -12,6 +12,7 @@
#include <linux/fs.h>
#include <linux/audit.h>
#include <linux/skbuff.h>
+#include <linux/security.h>
#include <uapi/linux/mqueue.h>
#include <linux/tty.h>
#include <uapi/linux/openat2.h> // struct open_how
@@ -143,7 +144,7 @@ struct audit_context {
kuid_t target_auid;
kuid_t target_uid;
unsigned int target_sessionid;
- u32 target_sid;
+ struct lsmblob target_lsm;
char target_comm[TASK_COMM_LEN];
struct audit_tree_refs *trees, *first_trees;
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index fb8c4c61189d..52ea8da8462f 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -99,7 +99,7 @@ struct audit_aux_data_pids {
kuid_t target_auid[AUDIT_AUX_PIDS];
kuid_t target_uid[AUDIT_AUX_PIDS];
unsigned int target_sessionid[AUDIT_AUX_PIDS];
- u32 target_sid[AUDIT_AUX_PIDS];
+ struct lsmblob target_lsm[AUDIT_AUX_PIDS];
char target_comm[AUDIT_AUX_PIDS][TASK_COMM_LEN];
int pid_count;
};
@@ -1018,7 +1018,7 @@ static void audit_reset_context(struct audit_context *ctx)
ctx->target_pid = 0;
ctx->target_auid = ctx->target_uid = KUIDT_INIT(0);
ctx->target_sessionid = 0;
- ctx->target_sid = 0;
+ lsmblob_init(&ctx->target_lsm, 0);
ctx->target_comm[0] = '\0';
unroll_tree_refs(ctx, NULL, 0);
WARN_ON(!list_empty(&ctx->killed_trees));
@@ -1116,14 +1116,14 @@ static inline void audit_free_context(struct audit_context *context)
}
static int audit_log_pid_context(struct audit_context *context, pid_t pid,
- kuid_t auid, kuid_t uid, unsigned int sessionid,
- u32 sid, char *comm)
+ kuid_t auid, kuid_t uid,
+ unsigned int sessionid,
+ struct lsmblob *blob, char *comm)
{
struct audit_buffer *ab;
char *ctx = NULL;
u32 len;
int rc = 0;
- struct lsmblob blob;
ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID);
if (!ab)
@@ -1132,9 +1132,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid,
audit_log_format(ab, "opid=%d oauid=%d ouid=%d oses=%d", pid,
from_kuid(&init_user_ns, auid),
from_kuid(&init_user_ns, uid), sessionid);
- if (sid) {
- lsmblob_init(&blob, sid);
- if (security_secid_to_secctx(&blob, &ctx, &len)) {
+ if (lsmblob_is_set(blob)) {
+ if (security_secid_to_secctx(blob, &ctx, &len)) {
audit_log_format(ab, " obj=(none)");
rc = 1;
} else {
@@ -1814,7 +1813,7 @@ static void audit_log_exit(void)
axs->target_auid[i],
axs->target_uid[i],
axs->target_sessionid[i],
- axs->target_sid[i],
+ &axs->target_lsm[i],
axs->target_comm[i]))
call_panic = 1;
}
@@ -1823,7 +1822,7 @@ static void audit_log_exit(void)
audit_log_pid_context(context, context->target_pid,
context->target_auid, context->target_uid,
context->target_sessionid,
- context->target_sid, context->target_comm))
+ &context->target_lsm, context->target_comm))
call_panic = 1;
if (context->pwd.dentry && context->pwd.mnt) {
@@ -2759,15 +2758,12 @@ int __audit_sockaddr(int len, void *a)
void __audit_ptrace(struct task_struct *t)
{
struct audit_context *context = audit_context();
- struct lsmblob blob;
context->target_pid = task_tgid_nr(t);
context->target_auid = audit_get_loginuid(t);
context->target_uid = task_uid(t);
context->target_sessionid = audit_get_sessionid(t);
- security_task_getsecid_obj(t, &blob);
- /* scaffolding - until target_sid is converted */
- context->target_sid = lsmblob_first(&blob);
+ security_task_getsecid_obj(t, &context->target_lsm);
memcpy(context->target_comm, t->comm, TASK_COMM_LEN);
}
@@ -2783,7 +2779,6 @@ int audit_signal_info_syscall(struct task_struct *t)
struct audit_aux_data_pids *axp;
struct audit_context *ctx = audit_context();
kuid_t t_uid = task_uid(t);
- struct lsmblob blob;
if (!audit_signals || audit_dummy_context())
return 0;
@@ -2795,9 +2790,7 @@ int audit_signal_info_syscall(struct task_struct *t)
ctx->target_auid = audit_get_loginuid(t);
ctx->target_uid = t_uid;
ctx->target_sessionid = audit_get_sessionid(t);
- security_task_getsecid_obj(t, &blob);
- /* scaffolding until target_sid is converted */
- ctx->target_sid = lsmblob_first(&blob);
+ security_task_getsecid_obj(t, &ctx->target_lsm);
memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN);
return 0;
}
@@ -2818,9 +2811,7 @@ int audit_signal_info_syscall(struct task_struct *t)
axp->target_auid[axp->pid_count] = audit_get_loginuid(t);
axp->target_uid[axp->pid_count] = t_uid;
axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t);
- security_task_getsecid_obj(t, &blob);
- /* scaffolding until target_sid is converted */
- axp->target_sid[axp->pid_count] = lsmblob_first(&blob);
+ security_task_getsecid_obj(t, &axp->target_lsm[axp->pid_count]);
memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN);
axp->pid_count++;
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 3d8d9162a5e3..b9ef0f493041 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -489,7 +489,6 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot)
int ima_bprm_check(struct linux_binprm *bprm)
{
int ret;
- u32 secid;
struct lsmblob blob;
security_current_getsecid_subj(&blob);
@@ -500,9 +499,10 @@ int ima_bprm_check(struct linux_binprm *bprm)
if (ret)
return ret;
- security_cred_getsecid(bprm->cred, &secid);
- return process_measurement(bprm->file, bprm->cred, secid, NULL, 0,
- MAY_EXEC, CREDS_CHECK);
+ security_cred_getsecid(bprm->cred, &blob);
+ /* scaffolding until process_measurement changes */
+ return process_measurement(bprm->file, bprm->cred, blob.secid[0],
+ NULL, 0, MAY_EXEC, CREDS_CHECK);
}
/**
diff --git a/security/security.c b/security/security.c
index 297a6be2e23a..2ad0d4eb24b3 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1816,10 +1816,16 @@ void security_transfer_creds(struct cred *new, const struct cred *old)
call_void_hook(cred_transfer, new, old);
}
-void security_cred_getsecid(const struct cred *c, u32 *secid)
+void security_cred_getsecid(const struct cred *c, struct lsmblob *blob)
{
- *secid = 0;
- call_void_hook(cred_getsecid, c, secid);
+ struct security_hook_list *hp;
+
+ lsmblob_init(blob, 0);
+ hlist_for_each_entry(hp, &security_hook_heads.cred_getsecid, list) {
+ if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot))
+ continue;
+ hp->hook.cred_getsecid(c, &blob->secid[hp->lsmid->slot]);
+ }
}
EXPORT_SYMBOL(security_cred_getsecid);
--
2.35.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [PATCH v35 15/29] LSM: Ensure the correct LSM context releaser
[not found] <20220418145945.38797-1-casey@schaufler-ca.com>
` (2 preceding siblings ...)
2022-04-18 14:59 ` [PATCH v35 13/29] LSM: Use lsmblob in security_cred_getsecid Casey Schaufler
@ 2022-04-18 14:59 ` Casey Schaufler
[not found] ` <20220418145945.38797-6-casey@schaufler-ca.com>
4 siblings, 0 replies; 11+ messages in thread
From: Casey Schaufler @ 2022-04-18 14:59 UTC (permalink / raw)
To: casey.schaufler, jmorris, linux-security-module, selinux
Cc: casey, linux-audit, keescook, john.johansen, penguin-kernel, paul,
stephen.smalley.work, linux-kernel, Chuck Lever, linux-integrity,
netdev, netfilter-devel, linux-nfs
Add a new lsmcontext data structure to hold all the information
about a "security context", including the string, its size and
which LSM allocated the string. The allocation information is
necessary because LSMs have different policies regarding the
lifecycle of these strings. SELinux allocates and destroys
them on each use, whereas Smack provides a pointer to an entry
in a list that never goes away.
Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: John Johansen <john.johansen@canonical.com>
Acked-by: Paul Moore <paul@paul-moore.com>
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Acked-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Cc: linux-integrity@vger.kernel.org
Cc: netdev@vger.kernel.org
Cc: linux-audit@redhat.com
Cc: netfilter-devel@vger.kernel.org
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: linux-nfs@vger.kernel.org
---
drivers/android/binder.c | 10 ++++---
fs/ceph/xattr.c | 6 ++++-
fs/nfs/nfs4proc.c | 8 ++++--
fs/nfsd/nfs4xdr.c | 7 +++--
include/linux/security.h | 35 +++++++++++++++++++++++--
include/net/scm.h | 5 +++-
kernel/audit.c | 14 +++++++---
kernel/auditsc.c | 12 ++++++---
net/ipv4/ip_sockglue.c | 4 ++-
net/netfilter/nf_conntrack_netlink.c | 4 ++-
net/netfilter/nf_conntrack_standalone.c | 4 ++-
net/netfilter/nfnetlink_queue.c | 13 ++++++---
net/netlabel/netlabel_unlabeled.c | 19 +++++++++++---
net/netlabel/netlabel_user.c | 4 ++-
security/security.c | 11 ++++----
15 files changed, 121 insertions(+), 35 deletions(-)
diff --git a/drivers/android/binder.c b/drivers/android/binder.c
index 26838061defb..2125b4b795da 100644
--- a/drivers/android/binder.c
+++ b/drivers/android/binder.c
@@ -2725,6 +2725,7 @@ static void binder_transaction(struct binder_proc *proc,
int t_debug_id = atomic_inc_return(&binder_last_id);
char *secctx = NULL;
u32 secctx_sz = 0;
+ struct lsmcontext scaff; /* scaffolding */
struct list_head sgc_head;
struct list_head pf_head;
const void __user *user_buffer = (const void __user *)
@@ -3033,7 +3034,8 @@ static void binder_transaction(struct binder_proc *proc,
t->security_ctx = 0;
WARN_ON(1);
}
- security_release_secctx(secctx, secctx_sz);
+ lsmcontext_init(&scaff, secctx, secctx_sz, 0);
+ security_release_secctx(&scaff);
secctx = NULL;
}
t->buffer->debug_id = t->debug_id;
@@ -3433,8 +3435,10 @@ static void binder_transaction(struct binder_proc *proc,
binder_alloc_free_buf(&target_proc->alloc, t->buffer);
err_binder_alloc_buf_failed:
err_bad_extra_size:
- if (secctx)
- security_release_secctx(secctx, secctx_sz);
+ if (secctx) {
+ lsmcontext_init(&scaff, secctx, secctx_sz, 0);
+ security_release_secctx(&scaff);
+ }
err_get_secctx_failed:
kfree(tcomplete);
binder_stats_deleted(BINDER_STAT_TRANSACTION_COMPLETE);
diff --git a/fs/ceph/xattr.c b/fs/ceph/xattr.c
index afec84088471..8ac30a5c05ef 100644
--- a/fs/ceph/xattr.c
+++ b/fs/ceph/xattr.c
@@ -1383,12 +1383,16 @@ int ceph_security_init_secctx(struct dentry *dentry, umode_t mode,
void ceph_release_acl_sec_ctx(struct ceph_acl_sec_ctx *as_ctx)
{
+#ifdef CONFIG_CEPH_FS_SECURITY_LABEL
+ struct lsmcontext scaff; /* scaffolding */
+#endif
#ifdef CONFIG_CEPH_FS_POSIX_ACL
posix_acl_release(as_ctx->acl);
posix_acl_release(as_ctx->default_acl);
#endif
#ifdef CONFIG_CEPH_FS_SECURITY_LABEL
- security_release_secctx(as_ctx->sec_ctx, as_ctx->sec_ctxlen);
+ lsmcontext_init(&scaff, as_ctx->sec_ctx, as_ctx->sec_ctxlen, 0);
+ security_release_secctx(&scaff);
#endif
if (as_ctx->pagelist)
ceph_pagelist_release(as_ctx->pagelist);
diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
index 16106f805ffa..dc8bdcdd2d2a 100644
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -133,8 +133,12 @@ nfs4_label_init_security(struct inode *dir, struct dentry *dentry,
static inline void
nfs4_label_release_security(struct nfs4_label *label)
{
- if (label)
- security_release_secctx(label->label, label->len);
+ struct lsmcontext scaff; /* scaffolding */
+
+ if (label) {
+ lsmcontext_init(&scaff, label->label, label->len, 0);
+ security_release_secctx(&scaff);
+ }
}
static inline u32 *nfs4_bitmask(struct nfs_server *server, struct nfs4_label *label)
{
diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c
index da92e7d2ab6a..77388b5ece56 100644
--- a/fs/nfsd/nfs4xdr.c
+++ b/fs/nfsd/nfs4xdr.c
@@ -2830,6 +2830,7 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp,
int err;
struct nfs4_acl *acl = NULL;
#ifdef CONFIG_NFSD_V4_SECURITY_LABEL
+ struct lsmcontext scaff; /* scaffolding */
void *context = NULL;
int contextlen;
#endif
@@ -3341,8 +3342,10 @@ nfsd4_encode_fattr(struct xdr_stream *xdr, struct svc_fh *fhp,
out:
#ifdef CONFIG_NFSD_V4_SECURITY_LABEL
- if (context)
- security_release_secctx(context, contextlen);
+ if (context) {
+ lsmcontext_init(&scaff, context, contextlen, 0); /*scaffolding*/
+ security_release_secctx(&scaff);
+ }
#endif /* CONFIG_NFSD_V4_SECURITY_LABEL */
kfree(acl);
if (tempfh) {
diff --git a/include/linux/security.h b/include/linux/security.h
index a6574d13c6fb..5a681f60fd50 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -135,6 +135,37 @@ enum lockdown_reason {
extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1];
+/*
+ * A "security context" is the text representation of
+ * the information used by LSMs.
+ * This structure contains the string, its length, and which LSM
+ * it is useful for.
+ */
+struct lsmcontext {
+ char *context; /* Provided by the module */
+ u32 len;
+ int slot; /* Identifies the module */
+};
+
+/**
+ * lsmcontext_init - initialize an lsmcontext structure.
+ * @cp: Pointer to the context to initialize
+ * @context: Initial context, or NULL
+ * @size: Size of context, or 0
+ * @slot: Which LSM provided the context
+ *
+ * Fill in the lsmcontext from the provided information.
+ * This is a scaffolding function that will be removed when
+ * lsmcontext integration is complete.
+ */
+static inline void lsmcontext_init(struct lsmcontext *cp, char *context,
+ u32 size, int slot)
+{
+ cp->slot = slot;
+ cp->context = context;
+ cp->len = size;
+}
+
/*
* Data exported by the security modules
*
@@ -587,7 +618,7 @@ int security_ismaclabel(const char *name);
int security_secid_to_secctx(struct lsmblob *blob, char **secdata, u32 *seclen);
int security_secctx_to_secid(const char *secdata, u32 seclen,
struct lsmblob *blob);
-void security_release_secctx(char *secdata, u32 seclen);
+void security_release_secctx(struct lsmcontext *cp);
void security_inode_invalidate_secctx(struct inode *inode);
int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen);
int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen);
@@ -1451,7 +1482,7 @@ static inline int security_secctx_to_secid(const char *secdata,
return -EOPNOTSUPP;
}
-static inline void security_release_secctx(char *secdata, u32 seclen)
+static inline void security_release_secctx(struct lsmcontext *cp)
{
}
diff --git a/include/net/scm.h b/include/net/scm.h
index 23a35ff1b3f2..f273c4d777ec 100644
--- a/include/net/scm.h
+++ b/include/net/scm.h
@@ -92,6 +92,7 @@ static __inline__ int scm_send(struct socket *sock, struct msghdr *msg,
#ifdef CONFIG_SECURITY_NETWORK
static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm)
{
+ struct lsmcontext context;
struct lsmblob lb;
char *secdata;
u32 seclen;
@@ -106,7 +107,9 @@ static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct sc
if (!err) {
put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata);
- security_release_secctx(secdata, seclen);
+ /*scaffolding*/
+ lsmcontext_init(&context, secdata, seclen, 0);
+ security_release_secctx(&context);
}
}
}
diff --git a/kernel/audit.c b/kernel/audit.c
index 2b670ac129be..0eff57959b4e 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -1214,6 +1214,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
struct audit_sig_info *sig_data;
char *ctx = NULL;
u32 len;
+ struct lsmcontext scaff; /* scaffolding */
err = audit_netlink_ok(skb, msg_type);
if (err)
@@ -1471,15 +1472,18 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
}
sig_data = kmalloc(struct_size(sig_data, ctx, len), GFP_KERNEL);
if (!sig_data) {
- if (lsmblob_is_set(&audit_sig_lsm))
- security_release_secctx(ctx, len);
+ if (lsmblob_is_set(&audit_sig_lsm)) {
+ lsmcontext_init(&scaff, ctx, len, 0);
+ security_release_secctx(&scaff);
+ }
return -ENOMEM;
}
sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid);
sig_data->pid = audit_sig_pid;
if (lsmblob_is_set(&audit_sig_lsm)) {
memcpy(sig_data->ctx, ctx, len);
- security_release_secctx(ctx, len);
+ lsmcontext_init(&scaff, ctx, len, 0);
+ security_release_secctx(&scaff);
}
audit_send_reply(skb, seq, AUDIT_SIGNAL_INFO, 0, 0,
sig_data, struct_size(sig_data, ctx, len));
@@ -2171,6 +2175,7 @@ int audit_log_task_context(struct audit_buffer *ab)
unsigned len;
int error;
struct lsmblob blob;
+ struct lsmcontext scaff; /* scaffolding */
security_current_getsecid_subj(&blob);
if (!lsmblob_is_set(&blob))
@@ -2185,7 +2190,8 @@ int audit_log_task_context(struct audit_buffer *ab)
}
audit_log_format(ab, " subj=%s", ctx);
- security_release_secctx(ctx, len);
+ lsmcontext_init(&scaff, ctx, len, 0);
+ security_release_secctx(&scaff);
return 0;
error_path:
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 52ea8da8462f..1503fb281278 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -1121,6 +1121,7 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid,
struct lsmblob *blob, char *comm)
{
struct audit_buffer *ab;
+ struct lsmcontext lsmcxt;
char *ctx = NULL;
u32 len;
int rc = 0;
@@ -1138,7 +1139,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid,
rc = 1;
} else {
audit_log_format(ab, " obj=%s", ctx);
- security_release_secctx(ctx, len);
+ lsmcontext_init(&lsmcxt, ctx, len, 0); /*scaffolding*/
+ security_release_secctx(&lsmcxt);
}
}
audit_log_format(ab, " ocomm=");
@@ -1398,6 +1400,7 @@ static void audit_log_time(struct audit_context *context, struct audit_buffer **
static void show_special(struct audit_context *context, int *call_panic)
{
+ struct lsmcontext lsmcxt;
struct audit_buffer *ab;
int i;
@@ -1432,7 +1435,8 @@ static void show_special(struct audit_context *context, int *call_panic)
*call_panic = 1;
} else {
audit_log_format(ab, " obj=%s", ctx);
- security_release_secctx(ctx, len);
+ lsmcontext_init(&lsmcxt, ctx, len, 0);
+ security_release_secctx(&lsmcxt);
}
}
if (context->ipc.has_perm) {
@@ -1594,6 +1598,7 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n,
char *ctx = NULL;
u32 len;
struct lsmblob blob;
+ struct lsmcontext lsmcxt;
lsmblob_init(&blob, n->osid);
if (security_secid_to_secctx(&blob, &ctx, &len)) {
@@ -1602,7 +1607,8 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n,
*call_panic = 2;
} else {
audit_log_format(ab, " obj=%s", ctx);
- security_release_secctx(ctx, len);
+ lsmcontext_init(&lsmcxt, ctx, len, 0); /* scaffolding */
+ security_release_secctx(&lsmcxt);
}
}
diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
index 933a8f94f93a..70ca4510ea35 100644
--- a/net/ipv4/ip_sockglue.c
+++ b/net/ipv4/ip_sockglue.c
@@ -130,6 +130,7 @@ static void ip_cmsg_recv_checksum(struct msghdr *msg, struct sk_buff *skb,
static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb)
{
+ struct lsmcontext context;
struct lsmblob lb;
char *secdata;
u32 seclen, secid;
@@ -145,7 +146,8 @@ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb)
return;
put_cmsg(msg, SOL_IP, SCM_SECURITY, seclen, secdata);
- security_release_secctx(secdata, seclen);
+ lsmcontext_init(&context, secdata, seclen, 0); /* scaffolding */
+ security_release_secctx(&context);
}
static void ip_cmsg_recv_dstaddr(struct msghdr *msg, struct sk_buff *skb)
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index a28e275981d4..f053d7544355 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -348,6 +348,7 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct)
int len, ret;
char *secctx;
struct lsmblob blob;
+ struct lsmcontext context;
/* lsmblob_init() puts ct->secmark into all of the secids in blob.
* security_secid_to_secctx() will know which security module
@@ -368,7 +369,8 @@ static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct)
ret = 0;
nla_put_failure:
- security_release_secctx(secctx, len);
+ lsmcontext_init(&context, secctx, len, 0); /* scaffolding */
+ security_release_secctx(&context);
return ret;
}
#else
diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c
index bba3a66f5636..3b6ba86783f6 100644
--- a/net/netfilter/nf_conntrack_standalone.c
+++ b/net/netfilter/nf_conntrack_standalone.c
@@ -179,6 +179,7 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct)
u32 len;
char *secctx;
struct lsmblob blob;
+ struct lsmcontext context;
lsmblob_init(&blob, ct->secmark);
ret = security_secid_to_secctx(&blob, &secctx, &len);
@@ -187,7 +188,8 @@ static void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct)
seq_printf(s, "secctx=%s ", secctx);
- security_release_secctx(secctx, len);
+ lsmcontext_init(&context, secctx, len, 0); /* scaffolding */
+ security_release_secctx(&context);
}
#else
static inline void ct_show_secctx(struct seq_file *s, const struct nf_conn *ct)
diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
index 6269fe122345..f69d5e997da2 100644
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -397,6 +397,7 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue,
enum ip_conntrack_info ctinfo = 0;
const struct nfnl_ct_hook *nfnl_ct;
bool csum_verify;
+ struct lsmcontext scaff; /* scaffolding */
char *secdata = NULL;
u32 seclen = 0;
ktime_t tstamp;
@@ -634,8 +635,10 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue,
}
nlh->nlmsg_len = skb->len;
- if (seclen)
- security_release_secctx(secdata, seclen);
+ if (seclen) {
+ lsmcontext_init(&scaff, secdata, seclen, 0);
+ security_release_secctx(&scaff);
+ }
return skb;
nla_put_failure:
@@ -643,8 +646,10 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue,
kfree_skb(skb);
net_err_ratelimited("nf_queue: error creating packet message\n");
nlmsg_failure:
- if (seclen)
- security_release_secctx(secdata, seclen);
+ if (seclen) {
+ lsmcontext_init(&scaff, secdata, seclen, 0);
+ security_release_secctx(&scaff);
+ }
return NULL;
}
diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c
index bbb3b6a4f0d7..b3e3d920034d 100644
--- a/net/netlabel/netlabel_unlabeled.c
+++ b/net/netlabel/netlabel_unlabeled.c
@@ -374,6 +374,7 @@ int netlbl_unlhsh_add(struct net *net,
struct net_device *dev;
struct netlbl_unlhsh_iface *iface;
struct audit_buffer *audit_buf = NULL;
+ struct lsmcontext context;
char *secctx = NULL;
u32 secctx_len;
struct lsmblob blob;
@@ -447,7 +448,9 @@ int netlbl_unlhsh_add(struct net *net,
&secctx,
&secctx_len) == 0) {
audit_log_format(audit_buf, " sec_obj=%s", secctx);
- security_release_secctx(secctx, secctx_len);
+ /* scaffolding */
+ lsmcontext_init(&context, secctx, secctx_len, 0);
+ security_release_secctx(&context);
}
audit_log_format(audit_buf, " res=%u", ret_val == 0 ? 1 : 0);
audit_log_end(audit_buf);
@@ -478,6 +481,7 @@ static int netlbl_unlhsh_remove_addr4(struct net *net,
struct netlbl_unlhsh_addr4 *entry;
struct audit_buffer *audit_buf;
struct net_device *dev;
+ struct lsmcontext context;
char *secctx;
u32 secctx_len;
struct lsmblob blob;
@@ -508,7 +512,9 @@ static int netlbl_unlhsh_remove_addr4(struct net *net,
security_secid_to_secctx(&blob,
&secctx, &secctx_len) == 0) {
audit_log_format(audit_buf, " sec_obj=%s", secctx);
- security_release_secctx(secctx, secctx_len);
+ /* scaffolding */
+ lsmcontext_init(&context, secctx, secctx_len, 0);
+ security_release_secctx(&context);
}
audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0);
audit_log_end(audit_buf);
@@ -545,6 +551,7 @@ static int netlbl_unlhsh_remove_addr6(struct net *net,
struct netlbl_unlhsh_addr6 *entry;
struct audit_buffer *audit_buf;
struct net_device *dev;
+ struct lsmcontext context;
char *secctx;
u32 secctx_len;
struct lsmblob blob;
@@ -574,7 +581,8 @@ static int netlbl_unlhsh_remove_addr6(struct net *net,
security_secid_to_secctx(&blob,
&secctx, &secctx_len) == 0) {
audit_log_format(audit_buf, " sec_obj=%s", secctx);
- security_release_secctx(secctx, secctx_len);
+ lsmcontext_init(&context, secctx, secctx_len, 0);
+ security_release_secctx(&context);
}
audit_log_format(audit_buf, " res=%u", entry != NULL ? 1 : 0);
audit_log_end(audit_buf);
@@ -1093,6 +1101,7 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd,
int ret_val = -ENOMEM;
struct netlbl_unlhsh_walk_arg *cb_arg = arg;
struct net_device *dev;
+ struct lsmcontext context;
void *data;
u32 secid;
char *secctx;
@@ -1163,7 +1172,9 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd,
NLBL_UNLABEL_A_SECCTX,
secctx_len,
secctx);
- security_release_secctx(secctx, secctx_len);
+ /* scaffolding */
+ lsmcontext_init(&context, secctx, secctx_len, 0);
+ security_release_secctx(&context);
if (ret_val != 0)
goto list_cb_failure;
diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c
index 893301ae0131..ef139d8ae7cd 100644
--- a/net/netlabel/netlabel_user.c
+++ b/net/netlabel/netlabel_user.c
@@ -84,6 +84,7 @@ struct audit_buffer *netlbl_audit_start_common(int type,
struct netlbl_audit *audit_info)
{
struct audit_buffer *audit_buf;
+ struct lsmcontext context;
char *secctx;
u32 secctx_len;
struct lsmblob blob;
@@ -103,7 +104,8 @@ struct audit_buffer *netlbl_audit_start_common(int type,
if (audit_info->secid != 0 &&
security_secid_to_secctx(&blob, &secctx, &secctx_len) == 0) {
audit_log_format(audit_buf, " subj=%s", secctx);
- security_release_secctx(secctx, secctx_len);
+ lsmcontext_init(&context, secctx, secctx_len, 0);/*scaffolding*/
+ security_release_secctx(&context);
}
return audit_buf;
diff --git a/security/security.c b/security/security.c
index ec4d1b3026d8..407852be43da 100644
--- a/security/security.c
+++ b/security/security.c
@@ -2379,16 +2379,17 @@ int security_secctx_to_secid(const char *secdata, u32 seclen,
}
EXPORT_SYMBOL(security_secctx_to_secid);
-void security_release_secctx(char *secdata, u32 seclen)
+void security_release_secctx(struct lsmcontext *cp)
{
struct security_hook_list *hp;
- int ilsm = lsm_task_ilsm(current);
hlist_for_each_entry(hp, &security_hook_heads.release_secctx, list)
- if (ilsm == LSMBLOB_INVALID || ilsm == hp->lsmid->slot) {
- hp->hook.release_secctx(secdata, seclen);
- return;
+ if (cp->slot == hp->lsmid->slot) {
+ hp->hook.release_secctx(cp->context, cp->len);
+ break;
}
+
+ memset(cp, 0, sizeof(*cp));
}
EXPORT_SYMBOL(security_release_secctx);
--
2.35.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* Re: [PATCH v35 13/29] LSM: Use lsmblob in security_cred_getsecid
2022-04-18 14:59 ` [PATCH v35 13/29] LSM: Use lsmblob in security_cred_getsecid Casey Schaufler
@ 2022-04-18 18:02 ` kernel test robot
2022-04-19 0:41 ` kernel test robot
2022-04-19 0:51 ` kernel test robot
2 siblings, 0 replies; 11+ messages in thread
From: kernel test robot @ 2022-04-18 18:02 UTC (permalink / raw)
To: Casey Schaufler, casey.schaufler, jmorris, linux-security-module,
selinux
Cc: kbuild-all, casey, linux-audit, keescook, john.johansen,
penguin-kernel, paul, stephen.smalley.work, linux-kernel,
linux-integrity
Hi Casey,
I love your patch! Yet something to improve:
[auto build test ERROR on pcmoore-selinux/next]
[also build test ERROR on linus/master v5.18-rc3 next-20220414]
[cannot apply to pcmoore-audit/next jmorris-security/next-testing]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]
url: https://github.com/intel-lab-lkp/linux/commits/Casey-Schaufler/integrity-disassociate-ima_filter_rule-from-security_audit_rule/20220419-000109
base: https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git next
config: i386-tinyconfig (https://download.01.org/0day-ci/archive/20220419/202204190104.VspbI376-lkp@intel.com/config)
compiler: gcc-11 (Debian 11.2.0-19) 11.2.0
reproduce (this is a W=1 build):
# https://github.com/intel-lab-lkp/linux/commit/2fa01492487f9135e9ea9e59924289cc23a66576
git remote add linux-review https://github.com/intel-lab-lkp/linux
git fetch --no-tags linux-review Casey-Schaufler/integrity-disassociate-ima_filter_rule-from-security_audit_rule/20220419-000109
git checkout 2fa01492487f9135e9ea9e59924289cc23a66576
# save the config file to linux build tree
mkdir build_dir
make W=1 O=build_dir ARCH=i386 SHELL=/bin/bash kernel/sched/
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
All errors (new ones prefixed by >>):
In file included from include/linux/perf_event.h:61,
from include/linux/trace_events.h:10,
from include/trace/syscall.h:7,
from include/linux/syscalls.h:88,
from include/linux/syscalls_api.h:1,
from kernel/sched/core.c:13:
include/linux/security.h: In function 'security_cred_getsecid':
>> include/linux/security.h:1147:10: error: 'secid' undeclared (first use in this function)
1147 | *secid = 0;
| ^~~~~
include/linux/security.h:1147:10: note: each undeclared identifier is reported only once for each function it appears in
kernel/sched/core.c: At top level:
kernel/sched/core.c:5235:20: warning: no previous prototype for 'task_sched_runtime' [-Wmissing-prototypes]
5235 | unsigned long long task_sched_runtime(struct task_struct *p)
| ^~~~~~~~~~~~~~~~~~
kernel/sched/core.c:9420:13: warning: no previous prototype for 'sched_init_smp' [-Wmissing-prototypes]
9420 | void __init sched_init_smp(void)
| ^~~~~~~~~~~~~~
kernel/sched/core.c:9448:13: warning: no previous prototype for 'sched_init' [-Wmissing-prototypes]
9448 | void __init sched_init(void)
| ^~~~~~~~~~
--
In file included from include/linux/perf_event.h:61,
from include/linux/trace_events.h:10,
from include/trace/syscall.h:7,
from include/linux/syscalls.h:88,
from include/linux/syscalls_api.h:1,
from kernel/sched/sched.h:60,
from kernel/sched/fair.c:53:
include/linux/security.h: In function 'security_cred_getsecid':
>> include/linux/security.h:1147:10: error: 'secid' undeclared (first use in this function)
1147 | *secid = 0;
| ^~~~~
include/linux/security.h:1147:10: note: each undeclared identifier is reported only once for each function it appears in
kernel/sched/fair.c: At top level:
kernel/sched/fair.c:5530:6: warning: no previous prototype for 'init_cfs_bandwidth' [-Wmissing-prototypes]
5530 | void init_cfs_bandwidth(struct cfs_bandwidth *cfs_b) {}
| ^~~~~~~~~~~~~~~~~~
kernel/sched/fair.c:11757:6: warning: no previous prototype for 'free_fair_sched_group' [-Wmissing-prototypes]
11757 | void free_fair_sched_group(struct task_group *tg) { }
| ^~~~~~~~~~~~~~~~~~~~~
kernel/sched/fair.c:11759:5: warning: no previous prototype for 'alloc_fair_sched_group' [-Wmissing-prototypes]
11759 | int alloc_fair_sched_group(struct task_group *tg, struct task_group *parent)
| ^~~~~~~~~~~~~~~~~~~~~~
kernel/sched/fair.c:11764:6: warning: no previous prototype for 'online_fair_sched_group' [-Wmissing-prototypes]
11764 | void online_fair_sched_group(struct task_group *tg) { }
| ^~~~~~~~~~~~~~~~~~~~~~~
kernel/sched/fair.c:11766:6: warning: no previous prototype for 'unregister_fair_sched_group' [-Wmissing-prototypes]
11766 | void unregister_fair_sched_group(struct task_group *tg) { }
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~
--
In file included from include/linux/perf_event.h:61,
from include/linux/trace_events.h:10,
from include/trace/syscall.h:7,
from include/linux/syscalls.h:88,
from include/linux/syscalls_api.h:1,
from kernel/sched/sched.h:60,
from kernel/sched/build_policy.c:33:
include/linux/security.h: In function 'security_cred_getsecid':
>> include/linux/security.h:1147:10: error: 'secid' undeclared (first use in this function)
1147 | *secid = 0;
| ^~~~~
include/linux/security.h:1147:10: note: each undeclared identifier is reported only once for each function it appears in
In file included from kernel/sched/build_policy.c:43:
kernel/sched/rt.c: At top level:
kernel/sched/rt.c:259:6: warning: no previous prototype for 'unregister_rt_sched_group' [-Wmissing-prototypes]
259 | void unregister_rt_sched_group(struct task_group *tg) { }
| ^~~~~~~~~~~~~~~~~~~~~~~~~
kernel/sched/rt.c:261:6: warning: no previous prototype for 'free_rt_sched_group' [-Wmissing-prototypes]
261 | void free_rt_sched_group(struct task_group *tg) { }
| ^~~~~~~~~~~~~~~~~~~
kernel/sched/rt.c:263:5: warning: no previous prototype for 'alloc_rt_sched_group' [-Wmissing-prototypes]
263 | int alloc_rt_sched_group(struct task_group *tg, struct task_group *parent)
| ^~~~~~~~~~~~~~~~~~~~
kernel/sched/rt.c:666:6: warning: no previous prototype for 'sched_rt_bandwidth_account' [-Wmissing-prototypes]
666 | bool sched_rt_bandwidth_account(struct rt_rq *rt_rq)
| ^~~~~~~~~~~~~~~~~~~~~~~~~~
--
In file included from kernel/sched/build_utility.c:39:
include/linux/security.h: In function 'security_cred_getsecid':
>> include/linux/security.h:1147:10: error: 'secid' undeclared (first use in this function)
1147 | *secid = 0;
| ^~~~~
include/linux/security.h:1147:10: note: each undeclared identifier is reported only once for each function it appears in
vim +/secid +1147 include/linux/security.h
ee18d64c1f6320 David Howells 2009-09-02 1143
2fa01492487f91 Casey Schaufler 2022-04-18 1144 static inline void security_cred_getsecid(const struct cred *c,
2fa01492487f91 Casey Schaufler 2022-04-18 1145 struct lsmblob *blob)
4d5b5539742d25 Todd Kjos 2021-10-12 1146 {
4d5b5539742d25 Todd Kjos 2021-10-12 @1147 *secid = 0;
4d5b5539742d25 Todd Kjos 2021-10-12 1148 }
4d5b5539742d25 Todd Kjos 2021-10-12 1149
--
0-DAY CI Kernel Test Service
https://01.org/lkp
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH v35 13/29] LSM: Use lsmblob in security_cred_getsecid
2022-04-18 14:59 ` [PATCH v35 13/29] LSM: Use lsmblob in security_cred_getsecid Casey Schaufler
2022-04-18 18:02 ` kernel test robot
@ 2022-04-19 0:41 ` kernel test robot
2022-04-19 0:51 ` kernel test robot
2 siblings, 0 replies; 11+ messages in thread
From: kernel test robot @ 2022-04-19 0:41 UTC (permalink / raw)
To: Casey Schaufler, casey.schaufler, jmorris, linux-security-module,
selinux
Cc: llvm, kbuild-all, casey, linux-audit, keescook, john.johansen,
penguin-kernel, paul, stephen.smalley.work, linux-kernel,
linux-integrity
Hi Casey,
I love your patch! Yet something to improve:
[auto build test ERROR on pcmoore-selinux/next]
[also build test ERROR on linus/master v5.18-rc3 next-20220414]
[cannot apply to pcmoore-audit/next jmorris-security/next-testing]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]
url: https://github.com/intel-lab-lkp/linux/commits/Casey-Schaufler/integrity-disassociate-ima_filter_rule-from-security_audit_rule/20220419-000109
base: https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git next
config: arm-milbeaut_m10v_defconfig (https://download.01.org/0day-ci/archive/20220419/202204190850.dXILQlrb-lkp@intel.com/config)
compiler: clang version 15.0.0 (https://github.com/llvm/llvm-project 429cbac0390654f90bba18a41799464adf31a5ec)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# install arm cross compiling tool for clang build
# apt-get install binutils-arm-linux-gnueabi
# https://github.com/intel-lab-lkp/linux/commit/2fa01492487f9135e9ea9e59924289cc23a66576
git remote add linux-review https://github.com/intel-lab-lkp/linux
git fetch --no-tags linux-review Casey-Schaufler/integrity-disassociate-ima_filter_rule-from-security_audit_rule/20220419-000109
git checkout 2fa01492487f9135e9ea9e59924289cc23a66576
# save the config file to linux build tree
mkdir build_dir
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=arm SHELL=/bin/bash
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
All errors (new ones prefixed by >>):
In file included from drivers/firmware/efi/efi.c:33:
>> include/linux/security.h:1147:3: error: use of undeclared identifier 'secid'
*secid = 0;
^
drivers/firmware/efi/efi.c:169:16: warning: no previous prototype for function 'efi_attr_is_visible' [-Wmissing-prototypes]
umode_t __weak efi_attr_is_visible(struct kobject *kobj, struct attribute *attr,
^
drivers/firmware/efi/efi.c:169:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
umode_t __weak efi_attr_is_visible(struct kobject *kobj, struct attribute *attr,
^
static
1 warning and 1 error generated.
--
In file included from fs/iomap/trace.c:12:
In file included from fs/iomap/./trace.h:190:
In file included from include/trace/define_trace.h:102:
In file included from include/trace/trace_events.h:21:
In file included from include/linux/trace_events.h:10:
In file included from include/linux/perf_event.h:61:
>> include/linux/security.h:1147:3: error: use of undeclared identifier 'secid'
*secid = 0;
^
1 error generated.
--
In file included from init/main.c:21:
In file included from include/linux/syscalls.h:88:
In file included from include/trace/syscall.h:7:
In file included from include/linux/trace_events.h:10:
In file included from include/linux/perf_event.h:61:
>> include/linux/security.h:1147:3: error: use of undeclared identifier 'secid'
*secid = 0;
^
init/main.c:769:20: warning: no previous prototype for function 'arch_post_acpi_subsys_init' [-Wmissing-prototypes]
void __init __weak arch_post_acpi_subsys_init(void) { }
^
init/main.c:769:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
void __init __weak arch_post_acpi_subsys_init(void) { }
^
static
init/main.c:781:20: warning: no previous prototype for function 'mem_encrypt_init' [-Wmissing-prototypes]
void __init __weak mem_encrypt_init(void) { }
^
init/main.c:781:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
void __init __weak mem_encrypt_init(void) { }
^
static
init/main.c:783:20: warning: no previous prototype for function 'poking_init' [-Wmissing-prototypes]
void __init __weak poking_init(void) { }
^
init/main.c:783:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
void __init __weak poking_init(void) { }
^
static
3 warnings and 1 error generated.
--
In file included from arch/arm/kernel/ptrace.c:17:
>> include/linux/security.h:1147:3: error: use of undeclared identifier 'secid'
*secid = 0;
^
arch/arm/kernel/ptrace.c:852:16: warning: no previous prototype for function 'syscall_trace_enter' [-Wmissing-prototypes]
asmlinkage int syscall_trace_enter(struct pt_regs *regs)
^
arch/arm/kernel/ptrace.c:852:12: note: declare 'static' if the function is not intended to be used outside of this translation unit
asmlinkage int syscall_trace_enter(struct pt_regs *regs)
^
static
arch/arm/kernel/ptrace.c:880:17: warning: no previous prototype for function 'syscall_trace_exit' [-Wmissing-prototypes]
asmlinkage void syscall_trace_exit(struct pt_regs *regs)
^
arch/arm/kernel/ptrace.c:880:12: note: declare 'static' if the function is not intended to be used outside of this translation unit
asmlinkage void syscall_trace_exit(struct pt_regs *regs)
^
static
2 warnings and 1 error generated.
--
In file included from arch/arm/kernel/signal.c:14:
In file included from include/linux/syscalls.h:88:
In file included from include/trace/syscall.h:7:
In file included from include/linux/trace_events.h:10:
In file included from include/linux/perf_event.h:61:
>> include/linux/security.h:1147:3: error: use of undeclared identifier 'secid'
*secid = 0;
^
arch/arm/kernel/signal.c:186:16: warning: no previous prototype for function 'sys_sigreturn' [-Wmissing-prototypes]
asmlinkage int sys_sigreturn(struct pt_regs *regs)
^
arch/arm/kernel/signal.c:186:12: note: declare 'static' if the function is not intended to be used outside of this translation unit
asmlinkage int sys_sigreturn(struct pt_regs *regs)
^
static
arch/arm/kernel/signal.c:216:16: warning: no previous prototype for function 'sys_rt_sigreturn' [-Wmissing-prototypes]
asmlinkage int sys_rt_sigreturn(struct pt_regs *regs)
^
arch/arm/kernel/signal.c:216:12: note: declare 'static' if the function is not intended to be used outside of this translation unit
asmlinkage int sys_rt_sigreturn(struct pt_regs *regs)
^
static
arch/arm/kernel/signal.c:601:1: warning: no previous prototype for function 'do_work_pending' [-Wmissing-prototypes]
do_work_pending(struct pt_regs *regs, unsigned int thread_flags, int syscall)
^
arch/arm/kernel/signal.c:600:12: note: declare 'static' if the function is not intended to be used outside of this translation unit
asmlinkage int
^
static
3 warnings and 1 error generated.
--
In file included from arch/arm/kernel/sys_arm.c:20:
In file included from include/linux/syscalls.h:88:
In file included from include/trace/syscall.h:7:
In file included from include/linux/trace_events.h:10:
In file included from include/linux/perf_event.h:61:
>> include/linux/security.h:1147:3: error: use of undeclared identifier 'secid'
*secid = 0;
^
In file included from arch/arm/kernel/sys_arm.c:21:
include/linux/mman.h:158:9: warning: division by zero is undefined [-Wdivision-by-zero]
_calc_vm_trans(flags, MAP_SYNC, VM_SYNC ) |
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/mman.h:136:21: note: expanded from macro '_calc_vm_trans'
: ((x) & (bit1)) / ((bit1) / (bit2))))
^ ~~~~~~~~~~~~~~~~~
arch/arm/kernel/sys_arm.c:32:17: warning: no previous prototype for function 'sys_arm_fadvise64_64' [-Wmissing-prototypes]
asmlinkage long sys_arm_fadvise64_64(int fd, int advice,
^
arch/arm/kernel/sys_arm.c:32:12: note: declare 'static' if the function is not intended to be used outside of this translation unit
asmlinkage long sys_arm_fadvise64_64(int fd, int advice,
^
static
2 warnings and 1 error generated.
--
In file included from arch/arm/kernel/smp.c:52:
In file included from include/trace/events/ipi.h:90:
In file included from include/trace/define_trace.h:102:
In file included from include/trace/trace_events.h:21:
In file included from include/linux/trace_events.h:10:
In file included from include/linux/perf_event.h:61:
>> include/linux/security.h:1147:3: error: use of undeclared identifier 'secid'
*secid = 0;
^
arch/arm/kernel/smp.c:582:6: warning: no previous prototype for function 'arch_irq_work_raise' [-Wmissing-prototypes]
void arch_irq_work_raise(void)
^
arch/arm/kernel/smp.c:582:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
void arch_irq_work_raise(void)
^
static
arch/arm/kernel/smp.c:793:5: warning: no previous prototype for function 'setup_profiling_timer' [-Wmissing-prototypes]
int setup_profiling_timer(unsigned int multiplier)
^
arch/arm/kernel/smp.c:793:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
int setup_profiling_timer(unsigned int multiplier)
^
static
2 warnings and 1 error generated.
--
In file included from arch/arm/mm/fault.c:19:
In file included from include/linux/perf_event.h:61:
>> include/linux/security.h:1147:3: error: use of undeclared identifier 'secid'
*secid = 0;
^
arch/arm/mm/fault.c:535:1: warning: no previous prototype for function 'do_DataAbort' [-Wmissing-prototypes]
do_DataAbort(unsigned long addr, unsigned int fsr, struct pt_regs *regs)
^
arch/arm/mm/fault.c:534:12: note: declare 'static' if the function is not intended to be used outside of this translation unit
asmlinkage void
^
static
arch/arm/mm/fault.c:565:1: warning: no previous prototype for function 'do_PrefetchAbort' [-Wmissing-prototypes]
do_PrefetchAbort(unsigned long addr, unsigned int ifsr, struct pt_regs *regs)
^
arch/arm/mm/fault.c:564:12: note: declare 'static' if the function is not intended to be used outside of this translation unit
asmlinkage void
^
static
2 warnings and 1 error generated.
--
In file included from kernel/fork.c:51:
>> include/linux/security.h:1147:3: error: use of undeclared identifier 'secid'
*secid = 0;
^
kernel/fork.c:163:13: warning: no previous prototype for function 'arch_release_task_struct' [-Wmissing-prototypes]
void __weak arch_release_task_struct(struct task_struct *tsk)
^
kernel/fork.c:163:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
void __weak arch_release_task_struct(struct task_struct *tsk)
^
static
kernel/fork.c:853:20: warning: no previous prototype for function 'arch_task_cache_init' [-Wmissing-prototypes]
void __init __weak arch_task_cache_init(void) { }
^
kernel/fork.c:853:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
void __init __weak arch_task_cache_init(void) { }
^
static
kernel/fork.c:948:12: warning: no previous prototype for function 'arch_dup_task_struct' [-Wmissing-prototypes]
int __weak arch_dup_task_struct(struct task_struct *dst,
^
kernel/fork.c:948:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
int __weak arch_dup_task_struct(struct task_struct *dst,
^
static
3 warnings and 1 error generated.
--
In file included from kernel/signal.c:29:
>> include/linux/security.h:1147:3: error: use of undeclared identifier 'secid'
*secid = 0;
^
kernel/signal.c:137:37: warning: array index 3 is past the end of the array (which contains 2 elements) [-Warray-bounds]
case 4: ready = signal->sig[3] &~ blocked->sig[3];
^ ~
arch/arm/include/asm/signal.h:17:2: note: array 'sig' declared here
unsigned long sig[_NSIG_WORDS];
^
kernel/signal.c:137:19: warning: array index 3 is past the end of the array (which contains 2 elements) [-Warray-bounds]
case 4: ready = signal->sig[3] &~ blocked->sig[3];
^ ~
arch/arm/include/asm/signal.h:17:2: note: array 'sig' declared here
unsigned long sig[_NSIG_WORDS];
^
kernel/signal.c:138:30: warning: array index 2 is past the end of the array (which contains 2 elements) [-Warray-bounds]
ready |= signal->sig[2] &~ blocked->sig[2];
^ ~
arch/arm/include/asm/signal.h:17:2: note: array 'sig' declared here
unsigned long sig[_NSIG_WORDS];
^
kernel/signal.c:138:12: warning: array index 2 is past the end of the array (which contains 2 elements) [-Warray-bounds]
ready |= signal->sig[2] &~ blocked->sig[2];
^ ~
arch/arm/include/asm/signal.h:17:2: note: array 'sig' declared here
unsigned long sig[_NSIG_WORDS];
^
4 warnings and 1 error generated.
--
In file included from kernel/kallsyms.c:25:
In file included from include/linux/filter.h:20:
In file included from include/linux/if_vlan.h:10:
In file included from include/linux/netdevice.h:46:
In file included from include/uapi/linux/neighbour.h:6:
In file included from include/linux/netlink.h:9:
In file included from include/net/scm.h:8:
>> include/linux/security.h:1147:3: error: use of undeclared identifier 'secid'
*secid = 0;
^
kernel/kallsyms.c:591:12: warning: no previous prototype for function 'arch_get_kallsym' [-Wmissing-prototypes]
int __weak arch_get_kallsym(unsigned int symnum, unsigned long *value,
^
kernel/kallsyms.c:591:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
int __weak arch_get_kallsym(unsigned int symnum, unsigned long *value,
^
static
1 warning and 1 error generated.
..
vim +/secid +1147 include/linux/security.h
ee18d64c1f6320 David Howells 2009-09-02 1143
2fa01492487f91 Casey Schaufler 2022-04-18 1144 static inline void security_cred_getsecid(const struct cred *c,
2fa01492487f91 Casey Schaufler 2022-04-18 1145 struct lsmblob *blob)
4d5b5539742d25 Todd Kjos 2021-10-12 1146 {
4d5b5539742d25 Todd Kjos 2021-10-12 @1147 *secid = 0;
4d5b5539742d25 Todd Kjos 2021-10-12 1148 }
4d5b5539742d25 Todd Kjos 2021-10-12 1149
--
0-DAY CI Kernel Test Service
https://01.org/lkp
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH v35 13/29] LSM: Use lsmblob in security_cred_getsecid
2022-04-18 14:59 ` [PATCH v35 13/29] LSM: Use lsmblob in security_cred_getsecid Casey Schaufler
2022-04-18 18:02 ` kernel test robot
2022-04-19 0:41 ` kernel test robot
@ 2022-04-19 0:51 ` kernel test robot
2 siblings, 0 replies; 11+ messages in thread
From: kernel test robot @ 2022-04-19 0:51 UTC (permalink / raw)
To: Casey Schaufler, casey.schaufler, jmorris, linux-security-module,
selinux
Cc: llvm, kbuild-all, casey, linux-audit, keescook, john.johansen,
penguin-kernel, paul, stephen.smalley.work, linux-kernel,
linux-integrity
Hi Casey,
I love your patch! Yet something to improve:
[auto build test ERROR on pcmoore-selinux/next]
[also build test ERROR on linus/master v5.18-rc3 next-20220414]
[cannot apply to pcmoore-audit/next jmorris-security/next-testing]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]
url: https://github.com/intel-lab-lkp/linux/commits/Casey-Schaufler/integrity-disassociate-ima_filter_rule-from-security_audit_rule/20220419-000109
base: https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git next
config: s390-randconfig-r044-20220418 (https://download.01.org/0day-ci/archive/20220419/202204190819.XVXsdhdo-lkp@intel.com/config)
compiler: clang version 15.0.0 (https://github.com/llvm/llvm-project 429cbac0390654f90bba18a41799464adf31a5ec)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# install s390 cross compiling tool for clang build
# apt-get install binutils-s390x-linux-gnu
# https://github.com/intel-lab-lkp/linux/commit/2fa01492487f9135e9ea9e59924289cc23a66576
git remote add linux-review https://github.com/intel-lab-lkp/linux
git fetch --no-tags linux-review Casey-Schaufler/integrity-disassociate-ima_filter_rule-from-security_audit_rule/20220419-000109
git checkout 2fa01492487f9135e9ea9e59924289cc23a66576
# save the config file to linux build tree
mkdir build_dir
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=s390 SHELL=/bin/bash drivers/net/ethernet/broadcom/bnx2x/ drivers/net/ethernet/hisilicon/hns/ drivers/net/ethernet/marvell/octeontx2/nic/ drivers/net/ethernet/netronome/nfp/ drivers/net/ethernet/pensando/ionic/
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
All error/warnings (new ones prefixed by >>):
In file included from drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c:31:
In file included from include/linux/pci.h:39:
In file included from include/linux/io.h:13:
In file included from arch/s390/include/asm/io.h:75:
include/asm-generic/io.h:464:31: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
val = __raw_readb(PCI_IOBASE + addr);
~~~~~~~~~~ ^
include/asm-generic/io.h:477:61: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
val = __le16_to_cpu((__le16 __force)__raw_readw(PCI_IOBASE + addr));
~~~~~~~~~~ ^
include/uapi/linux/byteorder/big_endian.h:37:59: note: expanded from macro '__le16_to_cpu'
#define __le16_to_cpu(x) __swab16((__force __u16)(__le16)(x))
^
include/uapi/linux/swab.h:102:54: note: expanded from macro '__swab16'
#define __swab16(x) (__u16)__builtin_bswap16((__u16)(x))
^
In file included from drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c:31:
In file included from include/linux/pci.h:39:
In file included from include/linux/io.h:13:
In file included from arch/s390/include/asm/io.h:75:
include/asm-generic/io.h:490:61: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
val = __le32_to_cpu((__le32 __force)__raw_readl(PCI_IOBASE + addr));
~~~~~~~~~~ ^
include/uapi/linux/byteorder/big_endian.h:35:59: note: expanded from macro '__le32_to_cpu'
#define __le32_to_cpu(x) __swab32((__force __u32)(__le32)(x))
^
include/uapi/linux/swab.h:115:54: note: expanded from macro '__swab32'
#define __swab32(x) (__u32)__builtin_bswap32((__u32)(x))
^
In file included from drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c:31:
In file included from include/linux/pci.h:39:
In file included from include/linux/io.h:13:
In file included from arch/s390/include/asm/io.h:75:
include/asm-generic/io.h:501:33: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
__raw_writeb(value, PCI_IOBASE + addr);
~~~~~~~~~~ ^
include/asm-generic/io.h:511:59: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
__raw_writew((u16 __force)cpu_to_le16(value), PCI_IOBASE + addr);
~~~~~~~~~~ ^
include/asm-generic/io.h:521:59: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
__raw_writel((u32 __force)cpu_to_le32(value), PCI_IOBASE + addr);
~~~~~~~~~~ ^
include/asm-generic/io.h:609:20: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
readsb(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
include/asm-generic/io.h:617:20: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
readsw(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
include/asm-generic/io.h:625:20: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
readsl(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
include/asm-generic/io.h:634:21: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
writesb(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
include/asm-generic/io.h:643:21: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
writesw(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
include/asm-generic/io.h:652:21: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
writesl(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
In file included from drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c:34:
In file included from include/linux/netdevice.h:46:
In file included from include/uapi/linux/neighbour.h:6:
In file included from include/linux/netlink.h:9:
In file included from include/net/scm.h:8:
>> include/linux/security.h:1147:3: error: use of undeclared identifier 'secid'
*secid = 0;
^
drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c:13117:49: warning: shift count >= width of type [-Wshift-count-overflow]
rc = dma_set_mask_and_coherent(&bp->pdev->dev, DMA_BIT_MASK(64));
^~~~~~~~~~~~~~~~
include/linux/dma-mapping.h:76:54: note: expanded from macro 'DMA_BIT_MASK'
#define DMA_BIT_MASK(n) (((n) == 64) ? ~0ULL : ((1ULL<<(n))-1))
^ ~~~
>> drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c:15204:26: warning: shift count >= width of type [-Wshift-count-overflow]
bp->cyclecounter.mask = CYCLECOUNTER_MASK(64);
^~~~~~~~~~~~~~~~~~~~~
include/linux/timecounter.h:14:59: note: expanded from macro 'CYCLECOUNTER_MASK'
#define CYCLECOUNTER_MASK(bits) (u64)((bits) < 64 ? ((1ULL<<(bits))-1) : -1)
^ ~~~~~~
14 warnings and 1 error generated.
--
In file included from drivers/net/ethernet/broadcom/bnx2x/bnx2x_link.c:23:
In file included from include/linux/pci.h:39:
In file included from include/linux/io.h:13:
In file included from arch/s390/include/asm/io.h:75:
include/asm-generic/io.h:464:31: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
val = __raw_readb(PCI_IOBASE + addr);
~~~~~~~~~~ ^
include/asm-generic/io.h:477:61: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
val = __le16_to_cpu((__le16 __force)__raw_readw(PCI_IOBASE + addr));
~~~~~~~~~~ ^
include/uapi/linux/byteorder/big_endian.h:37:59: note: expanded from macro '__le16_to_cpu'
#define __le16_to_cpu(x) __swab16((__force __u16)(__le16)(x))
^
include/uapi/linux/swab.h:102:54: note: expanded from macro '__swab16'
#define __swab16(x) (__u16)__builtin_bswap16((__u16)(x))
^
In file included from drivers/net/ethernet/broadcom/bnx2x/bnx2x_link.c:23:
In file included from include/linux/pci.h:39:
In file included from include/linux/io.h:13:
In file included from arch/s390/include/asm/io.h:75:
include/asm-generic/io.h:490:61: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
val = __le32_to_cpu((__le32 __force)__raw_readl(PCI_IOBASE + addr));
~~~~~~~~~~ ^
include/uapi/linux/byteorder/big_endian.h:35:59: note: expanded from macro '__le32_to_cpu'
#define __le32_to_cpu(x) __swab32((__force __u32)(__le32)(x))
^
include/uapi/linux/swab.h:115:54: note: expanded from macro '__swab32'
#define __swab32(x) (__u32)__builtin_bswap32((__u32)(x))
^
In file included from drivers/net/ethernet/broadcom/bnx2x/bnx2x_link.c:23:
In file included from include/linux/pci.h:39:
In file included from include/linux/io.h:13:
In file included from arch/s390/include/asm/io.h:75:
include/asm-generic/io.h:501:33: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
__raw_writeb(value, PCI_IOBASE + addr);
~~~~~~~~~~ ^
include/asm-generic/io.h:511:59: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
__raw_writew((u16 __force)cpu_to_le16(value), PCI_IOBASE + addr);
~~~~~~~~~~ ^
include/asm-generic/io.h:521:59: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
__raw_writel((u32 __force)cpu_to_le32(value), PCI_IOBASE + addr);
~~~~~~~~~~ ^
include/asm-generic/io.h:609:20: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
readsb(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
include/asm-generic/io.h:617:20: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
readsw(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
include/asm-generic/io.h:625:20: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
readsl(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
include/asm-generic/io.h:634:21: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
writesb(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
include/asm-generic/io.h:643:21: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
writesw(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
include/asm-generic/io.h:652:21: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
writesl(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
In file included from drivers/net/ethernet/broadcom/bnx2x/bnx2x_link.c:24:
In file included from include/linux/netdevice.h:46:
In file included from include/uapi/linux/neighbour.h:6:
In file included from include/linux/netlink.h:9:
In file included from include/net/scm.h:8:
>> include/linux/security.h:1147:3: error: use of undeclared identifier 'secid'
*secid = 0;
^
12 warnings and 1 error generated.
--
In file included from drivers/net/ethernet/hisilicon/hns/hns_dsaf_main.c:12:
In file included from include/linux/netdevice.h:38:
In file included from include/net/net_namespace.h:40:
In file included from include/linux/skbuff.h:31:
In file included from include/linux/dma-mapping.h:10:
In file included from include/linux/scatterlist.h:9:
In file included from arch/s390/include/asm/io.h:75:
include/asm-generic/io.h:464:31: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
val = __raw_readb(PCI_IOBASE + addr);
~~~~~~~~~~ ^
include/asm-generic/io.h:477:61: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
val = __le16_to_cpu((__le16 __force)__raw_readw(PCI_IOBASE + addr));
~~~~~~~~~~ ^
include/uapi/linux/byteorder/big_endian.h:37:59: note: expanded from macro '__le16_to_cpu'
#define __le16_to_cpu(x) __swab16((__force __u16)(__le16)(x))
^
include/uapi/linux/swab.h:102:54: note: expanded from macro '__swab16'
#define __swab16(x) (__u16)__builtin_bswap16((__u16)(x))
^
In file included from drivers/net/ethernet/hisilicon/hns/hns_dsaf_main.c:12:
In file included from include/linux/netdevice.h:38:
In file included from include/net/net_namespace.h:40:
In file included from include/linux/skbuff.h:31:
In file included from include/linux/dma-mapping.h:10:
In file included from include/linux/scatterlist.h:9:
In file included from arch/s390/include/asm/io.h:75:
include/asm-generic/io.h:490:61: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
val = __le32_to_cpu((__le32 __force)__raw_readl(PCI_IOBASE + addr));
~~~~~~~~~~ ^
include/uapi/linux/byteorder/big_endian.h:35:59: note: expanded from macro '__le32_to_cpu'
#define __le32_to_cpu(x) __swab32((__force __u32)(__le32)(x))
^
include/uapi/linux/swab.h:115:54: note: expanded from macro '__swab32'
#define __swab32(x) (__u32)__builtin_bswap32((__u32)(x))
^
In file included from drivers/net/ethernet/hisilicon/hns/hns_dsaf_main.c:12:
In file included from include/linux/netdevice.h:38:
In file included from include/net/net_namespace.h:40:
In file included from include/linux/skbuff.h:31:
In file included from include/linux/dma-mapping.h:10:
In file included from include/linux/scatterlist.h:9:
In file included from arch/s390/include/asm/io.h:75:
include/asm-generic/io.h:501:33: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
__raw_writeb(value, PCI_IOBASE + addr);
~~~~~~~~~~ ^
include/asm-generic/io.h:511:59: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
__raw_writew((u16 __force)cpu_to_le16(value), PCI_IOBASE + addr);
~~~~~~~~~~ ^
include/asm-generic/io.h:521:59: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
__raw_writel((u32 __force)cpu_to_le32(value), PCI_IOBASE + addr);
~~~~~~~~~~ ^
include/asm-generic/io.h:609:20: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
readsb(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
include/asm-generic/io.h:617:20: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
readsw(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
include/asm-generic/io.h:625:20: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
readsl(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
include/asm-generic/io.h:634:21: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
writesb(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
include/asm-generic/io.h:643:21: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
writesw(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
include/asm-generic/io.h:652:21: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
writesl(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
In file included from drivers/net/ethernet/hisilicon/hns/hns_dsaf_main.c:12:
In file included from include/linux/netdevice.h:46:
In file included from include/uapi/linux/neighbour.h:6:
In file included from include/linux/netlink.h:9:
In file included from include/net/scm.h:8:
>> include/linux/security.h:1147:3: error: use of undeclared identifier 'secid'
*secid = 0;
^
>> drivers/net/ethernet/hisilicon/hns/hns_dsaf_main.c:200:48: warning: shift count >= width of type [-Wshift-count-overflow]
if (!dma_set_mask_and_coherent(dsaf_dev->dev, DMA_BIT_MASK(64ULL)))
^~~~~~~~~~~~~~~~~~~
include/linux/dma-mapping.h:76:54: note: expanded from macro 'DMA_BIT_MASK'
#define DMA_BIT_MASK(n) (((n) == 64) ? ~0ULL : ((1ULL<<(n))-1))
^ ~~~
13 warnings and 1 error generated.
--
In file included from drivers/net/ethernet/hisilicon/hns/hns_enet.c:8:
In file included from include/linux/etherdevice.h:20:
In file included from include/linux/if_ether.h:19:
In file included from include/linux/skbuff.h:31:
In file included from include/linux/dma-mapping.h:10:
In file included from include/linux/scatterlist.h:9:
In file included from arch/s390/include/asm/io.h:75:
include/asm-generic/io.h:464:31: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
val = __raw_readb(PCI_IOBASE + addr);
~~~~~~~~~~ ^
include/asm-generic/io.h:477:61: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
val = __le16_to_cpu((__le16 __force)__raw_readw(PCI_IOBASE + addr));
~~~~~~~~~~ ^
include/uapi/linux/byteorder/big_endian.h:37:59: note: expanded from macro '__le16_to_cpu'
#define __le16_to_cpu(x) __swab16((__force __u16)(__le16)(x))
^
include/uapi/linux/swab.h:102:54: note: expanded from macro '__swab16'
#define __swab16(x) (__u16)__builtin_bswap16((__u16)(x))
^
In file included from drivers/net/ethernet/hisilicon/hns/hns_enet.c:8:
In file included from include/linux/etherdevice.h:20:
In file included from include/linux/if_ether.h:19:
In file included from include/linux/skbuff.h:31:
In file included from include/linux/dma-mapping.h:10:
In file included from include/linux/scatterlist.h:9:
In file included from arch/s390/include/asm/io.h:75:
include/asm-generic/io.h:490:61: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
val = __le32_to_cpu((__le32 __force)__raw_readl(PCI_IOBASE + addr));
~~~~~~~~~~ ^
include/uapi/linux/byteorder/big_endian.h:35:59: note: expanded from macro '__le32_to_cpu'
#define __le32_to_cpu(x) __swab32((__force __u32)(__le32)(x))
^
include/uapi/linux/swab.h:115:54: note: expanded from macro '__swab32'
#define __swab32(x) (__u32)__builtin_bswap32((__u32)(x))
^
In file included from drivers/net/ethernet/hisilicon/hns/hns_enet.c:8:
In file included from include/linux/etherdevice.h:20:
In file included from include/linux/if_ether.h:19:
In file included from include/linux/skbuff.h:31:
In file included from include/linux/dma-mapping.h:10:
In file included from include/linux/scatterlist.h:9:
In file included from arch/s390/include/asm/io.h:75:
include/asm-generic/io.h:501:33: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
__raw_writeb(value, PCI_IOBASE + addr);
~~~~~~~~~~ ^
include/asm-generic/io.h:511:59: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
__raw_writew((u16 __force)cpu_to_le16(value), PCI_IOBASE + addr);
~~~~~~~~~~ ^
include/asm-generic/io.h:521:59: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
__raw_writel((u32 __force)cpu_to_le32(value), PCI_IOBASE + addr);
~~~~~~~~~~ ^
include/asm-generic/io.h:609:20: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
readsb(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
include/asm-generic/io.h:617:20: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
readsw(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
include/asm-generic/io.h:625:20: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
readsl(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
include/asm-generic/io.h:634:21: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
writesb(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
include/asm-generic/io.h:643:21: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
writesw(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
include/asm-generic/io.h:652:21: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
writesl(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
In file included from drivers/net/ethernet/hisilicon/hns/hns_enet.c:8:
In file included from include/linux/etherdevice.h:21:
In file included from include/linux/netdevice.h:46:
In file included from include/uapi/linux/neighbour.h:6:
In file included from include/linux/netlink.h:9:
In file included from include/net/scm.h:8:
>> include/linux/security.h:1147:3: error: use of undeclared identifier 'secid'
*secid = 0;
^
drivers/net/ethernet/hisilicon/hns/hns_enet.c:2355:38: warning: shift count >= width of type [-Wshift-count-overflow]
if (!dma_set_mask_and_coherent(dev, DMA_BIT_MASK(64)))
^~~~~~~~~~~~~~~~
include/linux/dma-mapping.h:76:54: note: expanded from macro 'DMA_BIT_MASK'
#define DMA_BIT_MASK(n) (((n) == 64) ? ~0ULL : ((1ULL<<(n))-1))
^ ~~~
13 warnings and 1 error generated.
..
vim +/secid +1147 include/linux/security.h
ee18d64c1f6320 David Howells 2009-09-02 1143
2fa01492487f91 Casey Schaufler 2022-04-18 1144 static inline void security_cred_getsecid(const struct cred *c,
2fa01492487f91 Casey Schaufler 2022-04-18 1145 struct lsmblob *blob)
4d5b5539742d25 Todd Kjos 2021-10-12 1146 {
4d5b5539742d25 Todd Kjos 2021-10-12 @1147 *secid = 0;
4d5b5539742d25 Todd Kjos 2021-10-12 1148 }
4d5b5539742d25 Todd Kjos 2021-10-12 1149
--
0-DAY CI Kernel Test Service
https://01.org/lkp
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH v35 05/29] IMA: avoid label collisions with stacked LSMs
[not found] ` <20220418145945.38797-6-casey@schaufler-ca.com>
@ 2022-04-19 16:50 ` Casey Schaufler
2022-04-20 19:23 ` Mimi Zohar
2022-04-21 3:22 ` Mimi Zohar
0 siblings, 2 replies; 11+ messages in thread
From: Casey Schaufler @ 2022-04-19 16:50 UTC (permalink / raw)
To: Mimi Zohar, linux-integrity@vger.kernel.org; +Cc: Casey Schaufler
On 4/18/2022 7:59 AM, Casey Schaufler wrote:
> Integrity measurement may filter on security module information
> and needs to be clear in the case of multiple active security
> modules which applies. Provide a boot option ima_rules_lsm= to
> allow the user to specify an active security module to apply
> filters to. If not specified, use the first registered module
> that supports the audit_rule_match() LSM hook. Allow the user
> to specify in the IMA policy an lsm= option to specify the
> security module to use for a particular rule.
>
> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
> To: Mimi Zohar <zohar@linux.ibm.com>
> To: linux-integrity@vger.kernel.org
Would it be possible to get feedback on the IMA portions
of the stacking patch set? I believe that I have addressed
previous issues. I need to wrap this up before too long.
Thank you.
> ---
> Documentation/ABI/testing/ima_policy | 8 ++++-
> include/linux/security.h | 14 ++++----
> security/integrity/ima/ima_policy.c | 51 ++++++++++++++++++++++++----
> security/security.c | 35 +++++++++++++++----
> 4 files changed, 89 insertions(+), 19 deletions(-)
>
> diff --git a/Documentation/ABI/testing/ima_policy b/Documentation/ABI/testing/ima_policy
> index 839fab811b18..64863e9d87ea 100644
> --- a/Documentation/ABI/testing/ima_policy
> +++ b/Documentation/ABI/testing/ima_policy
> @@ -26,7 +26,7 @@ Description:
> [uid=] [euid=] [gid=] [egid=]
> [fowner=] [fgroup=]]
> lsm: [[subj_user=] [subj_role=] [subj_type=]
> - [obj_user=] [obj_role=] [obj_type=]]
> + [obj_user=] [obj_role=] [obj_type=]] [lsm=]
> option: [[appraise_type=]] [template=] [permit_directio]
> [appraise_flag=] [appraise_algos=] [keyrings=]
> base:
> @@ -126,6 +126,12 @@ Description:
>
> measure subj_user=_ func=FILE_CHECK mask=MAY_READ
>
> + It is possible to explicitly specify which security
> + module a rule applies to using lsm=. If the security
> + module specified is not active on the system the rule
> + will be rejected. If lsm= is not specified the first
> + security module registered on the system will be assumed.
> +
> Example of measure rules using alternate PCRs::
>
> measure func=KEXEC_KERNEL_CHECK pcr=4
> diff --git a/include/linux/security.h b/include/linux/security.h
> index d00870d2b416..3666eddad59a 100644
> --- a/include/linux/security.h
> +++ b/include/linux/security.h
> @@ -1985,25 +1985,27 @@ static inline void security_audit_rule_free(struct audit_lsm_rules *lsmrules)
> #endif /* CONFIG_AUDIT */
>
> #if defined(CONFIG_IMA_LSM_RULES) && defined(CONFIG_SECURITY)
> -int ima_filter_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule);
> -int ima_filter_rule_match(u32 secid, u32 field, u32 op, void *lsmrule);
> -void ima_filter_rule_free(void *lsmrule);
> +int ima_filter_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule,
> + int lsmslot);
> +int ima_filter_rule_match(u32 secid, u32 field, u32 op, void *lsmrule,
> + int lsmslot);
> +void ima_filter_rule_free(void *lsmrule, int lsmslot);
>
> #else
>
> static inline int ima_filter_rule_init(u32 field, u32 op, char *rulestr,
> - void **lsmrule)
> + void **lsmrule, int lsmslot)
> {
> return 0;
> }
>
> static inline int ima_filter_rule_match(u32 secid, u32 field, u32 op,
> - void *lsmrule)
> + void *lsmrule, int lsmslot)
> {
> return 0;
> }
>
> -static inline void ima_filter_rule_free(void *lsmrule)
> +static inline void ima_filter_rule_free(void *lsmrule, int lsmslot)
> { }
>
> #endif /* defined(CONFIG_IMA_LSM_RULES) && defined(CONFIG_SECURITY) */
> diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
> index eea6e92500b8..97470354c8ae 100644
> --- a/security/integrity/ima/ima_policy.c
> +++ b/security/integrity/ima/ima_policy.c
> @@ -89,6 +89,7 @@ struct ima_rule_entry {
> bool (*fgroup_op)(kgid_t cred_gid, kgid_t rule_gid); /* gid_eq(), gid_gt(), gid_lt() */
> int pcr;
> unsigned int allowed_algos; /* bitfield of allowed hash algorithms */
> + int which; /* which LSM rule applies to */
> struct {
> void *rule; /* LSM file metadata specific */
> char *args_p; /* audit value */
> @@ -285,6 +286,20 @@ static int __init default_appraise_policy_setup(char *str)
> }
> __setup("ima_appraise_tcb", default_appraise_policy_setup);
>
> +static int ima_rules_lsm __ro_after_init;
> +
> +static int __init ima_rules_lsm_init(char *str)
> +{
> + ima_rules_lsm = lsm_name_to_slot(str);
> + if (ima_rules_lsm < 0) {
> + ima_rules_lsm = 0;
> + pr_err("rule lsm \"%s\" not registered", str);
> + }
> +
> + return 1;
> +}
> +__setup("ima_rules_lsm=", ima_rules_lsm_init);
> +
> static struct ima_rule_opt_list *ima_alloc_rule_opt_list(const substring_t *src)
> {
> struct ima_rule_opt_list *opt_list;
> @@ -356,7 +371,7 @@ static void ima_lsm_free_rule(struct ima_rule_entry *entry)
> int i;
>
> for (i = 0; i < MAX_LSM_RULES; i++) {
> - ima_filter_rule_free(entry->lsm[i].rule);
> + ima_filter_rule_free(entry->lsm[i].rule, entry->which);
> kfree(entry->lsm[i].args_p);
> }
> }
> @@ -407,7 +422,8 @@ static struct ima_rule_entry *ima_lsm_copy_rule(struct ima_rule_entry *entry)
>
> ima_filter_rule_init(nentry->lsm[i].type, Audit_equal,
> nentry->lsm[i].args_p,
> - &nentry->lsm[i].rule);
> + &nentry->lsm[i].rule,
> + entry->which);
> if (!nentry->lsm[i].rule)
> pr_warn("rule for LSM \'%s\' is undefined\n",
> nentry->lsm[i].args_p);
> @@ -623,14 +639,16 @@ static bool ima_match_rules(struct ima_rule_entry *rule,
> security_inode_getsecid(inode, &osid);
> rc = ima_filter_rule_match(osid, rule->lsm[i].type,
> Audit_equal,
> - rule->lsm[i].rule);
> + rule->lsm[i].rule,
> + rule->which);
> break;
> case LSM_SUBJ_USER:
> case LSM_SUBJ_ROLE:
> case LSM_SUBJ_TYPE:
> rc = ima_filter_rule_match(secid, rule->lsm[i].type,
> Audit_equal,
> - rule->lsm[i].rule);
> + rule->lsm[i].rule,
> + rule->which);
> break;
> default:
> break;
> @@ -1025,7 +1043,7 @@ enum policy_opt {
> Opt_fowner_lt, Opt_fgroup_lt,
> Opt_appraise_type, Opt_appraise_flag, Opt_appraise_algos,
> Opt_permit_directio, Opt_pcr, Opt_template, Opt_keyrings,
> - Opt_label, Opt_err
> + Opt_lsm, Opt_label, Opt_err
> };
>
> static const match_table_t policy_tokens = {
> @@ -1073,6 +1091,7 @@ static const match_table_t policy_tokens = {
> {Opt_template, "template=%s"},
> {Opt_keyrings, "keyrings=%s"},
> {Opt_label, "label=%s"},
> + {Opt_lsm, "lsm=%s"},
> {Opt_err, NULL}
> };
>
> @@ -1091,7 +1110,8 @@ static int ima_lsm_rule_init(struct ima_rule_entry *entry,
> entry->lsm[lsm_rule].type = audit_type;
> result = ima_filter_rule_init(entry->lsm[lsm_rule].type, Audit_equal,
> entry->lsm[lsm_rule].args_p,
> - &entry->lsm[lsm_rule].rule);
> + &entry->lsm[lsm_rule].rule,
> + entry->which);
> if (!entry->lsm[lsm_rule].rule) {
> pr_warn("rule for LSM \'%s\' is undefined\n",
> entry->lsm[lsm_rule].args_p);
> @@ -1780,6 +1800,19 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry)
> &(template_desc->num_fields));
> entry->template = template_desc;
> break;
> + case Opt_lsm:
> + result = lsm_name_to_slot(args[0].from);
> + if (result == LSMBLOB_INVALID) {
> + int i;
> +
> + for (i = 0; i < MAX_LSM_RULES; i++)
> + entry->lsm[i].args_p = NULL;
> + result = -EINVAL;
> + break;
> + }
> + entry->which = result;
> + result = 0;
> + break;
> case Opt_err:
> ima_log_string(ab, "UNKNOWN", p);
> result = -EINVAL;
> @@ -1816,6 +1849,7 @@ ssize_t ima_parse_add_rule(char *rule)
> struct ima_rule_entry *entry;
> ssize_t result, len;
> int audit_info = 0;
> + int i;
>
> p = strsep(&rule, "\n");
> len = strlen(p) + 1;
> @@ -1833,6 +1867,9 @@ ssize_t ima_parse_add_rule(char *rule)
>
> INIT_LIST_HEAD(&entry->list);
>
> + for (i = 0; i < MAX_LSM_RULES; i++)
> + entry->which = ima_rules_lsm;
> +
> result = ima_parse_rule(p, entry);
> if (result) {
> ima_free_rule(entry);
> @@ -2158,6 +2195,8 @@ int ima_policy_show(struct seq_file *m, void *v)
> seq_puts(m, "appraise_flag=check_blacklist ");
> if (entry->flags & IMA_PERMIT_DIRECTIO)
> seq_puts(m, "permit_directio ");
> + if (entry->which >= 0)
> + seq_printf(m, pt(Opt_lsm), lsm_slot_to_name(entry->which));
> rcu_read_unlock();
> seq_puts(m, "\n");
> return 0;
> diff --git a/security/security.c b/security/security.c
> index d1ddbb857af1..9e0139b0d346 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -2728,19 +2728,42 @@ int security_audit_rule_match(u32 secid, u32 field, u32 op,
> * The integrity subsystem uses the same hooks as
> * the audit subsystem.
> */
> -int ima_filter_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule)
> +int ima_filter_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule,
> + int lsmslot)
> {
> - return call_int_hook(audit_rule_init, 0, field, op, rulestr, lsmrule);
> + struct security_hook_list *hp;
> +
> + hlist_for_each_entry(hp, &security_hook_heads.audit_rule_init, list)
> + if (hp->lsmid->slot == lsmslot)
> + return hp->hook.audit_rule_init(field, op, rulestr,
> + lsmrule);
> +
> + return 0;
> }
>
> -void ima_filter_rule_free(void *lsmrule)
> +void ima_filter_rule_free(void *lsmrule, int lsmslot)
> {
> - call_void_hook(audit_rule_free, lsmrule);
> + struct security_hook_list *hp;
> +
> + hlist_for_each_entry(hp, &security_hook_heads.audit_rule_free, list) {
> + if (hp->lsmid->slot == lsmslot) {
> + hp->hook.audit_rule_free(lsmrule);
> + return;
> + }
> + }
> }
>
> -int ima_filter_rule_match(u32 secid, u32 field, u32 op, void *lsmrule)
> +int ima_filter_rule_match(u32 secid, u32 field, u32 op, void *lsmrule,
> + int lsmslot)
> {
> - return call_int_hook(audit_rule_match, 0, secid, field, op, lsmrule);
> + struct security_hook_list *hp;
> +
> + hlist_for_each_entry(hp, &security_hook_heads.audit_rule_match, list)
> + if (hp->lsmid->slot == lsmslot)
> + return hp->hook.audit_rule_match(secid, field, op,
> + lsmrule);
> +
> + return 0;
> }
> #endif /* CONFIG_IMA_LSM_RULES */
>
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH v35 05/29] IMA: avoid label collisions with stacked LSMs
2022-04-19 16:50 ` [PATCH v35 05/29] IMA: avoid label collisions with stacked LSMs Casey Schaufler
@ 2022-04-20 19:23 ` Mimi Zohar
2022-04-20 21:15 ` Casey Schaufler
2022-04-21 3:22 ` Mimi Zohar
1 sibling, 1 reply; 11+ messages in thread
From: Mimi Zohar @ 2022-04-20 19:23 UTC (permalink / raw)
To: Casey Schaufler, linux-integrity@vger.kernel.org
Hi Casey,
Below are a few initial comments/questions from a high level...
On Tue, 2022-04-19 at 09:50 -0700, Casey Schaufler wrote:
> On 4/18/2022 7:59 AM, Casey Schaufler wrote:
> > diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
> > index eea6e92500b8..97470354c8ae 100644
> > --- a/security/integrity/ima/ima_policy.c
> > +++ b/security/integrity/ima/ima_policy.c
> > @@ -89,6 +89,7 @@ struct ima_rule_entry {
> > bool (*fgroup_op)(kgid_t cred_gid, kgid_t rule_gid); /* gid_eq(), gid_gt(), gid_lt() */
> > int pcr;
> > unsigned int allowed_algos; /* bitfield of allowed hash algorithms */
> > + int which; /* which LSM rule applies to */
If "which" was defined in the lsm[] structure, it would be clear
reading the code that "which" refers to an LSM (e.g. entry-
>lsm[i].which). Perhaps rename "which" to "which_lsm", "lsm_slot", or
"rules_lsm".
> > struct {
> > void *rule; /* LSM file metadata specific */
> > char *args_p; /* audit value */
> > @@ -285,6 +286,20 @@ static int __init default_appraise_policy_setup(char *str)
> > }
> > __setup("ima_appraise_tcb", default_appraise_policy_setup);
> >
> > +static int ima_rules_lsm __ro_after_init;
> > +
> > +static int __init ima_rules_lsm_init(char *str)
> > +{
> > + ima_rules_lsm = lsm_name_to_slot(str);
> > + if (ima_rules_lsm < 0) {
> > + ima_rules_lsm = 0;
> > + pr_err("rule lsm \"%s\" not registered", str);
> > + }
Specific IMA policy rules could be independent of the default one being
initialized here. Probably "ima_rules_lsm" should be renamed
"default_rules_lsm" or "default_ima_rules_lsm". The pr_err() message
should indicate setting the default rule LSM failed with an indication
of which LSM is set as the default.
Assuming 0 is guaranteed to be a valid LSM, then something like:
"default rule lsm \"%s\" not registered, using \"%s"\", str,
lsm_slot_to_name(0));
> > +
> > + return 1;
> > +}
> > +__setup("ima_rules_lsm=", ima_rules_lsm_init);
> > +
> > static struct ima_rule_opt_list *ima_alloc_rule_opt_list(const substring_t *src)
> > {
> > struct ima_rule_opt_list *opt_list;
> > @@ -356,7 +371,7 @@ static void ima_lsm_free_rule(struct ima_rule_entry *entry)
> > int i;
> >
> > for (i = 0; i < MAX_LSM_RULES; i++) {
> > - ima_filter_rule_free(entry->lsm[i].rule);
> > + ima_filter_rule_free(entry->lsm[i].rule, entry->which);
> > kfree(entry->lsm[i].args_p);
> > }
> > }
ima_rules_lsm is initialized to 0, If it isn't guranteed to be a valid
LSM, then ima_rules_lsm_init() needs to be called from ima_init.c:
ima_init(), so that it can be reset to an invalid value. Then
ima_filter_rule_init()/free() could check it.
thanks,
Mimi
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH v35 05/29] IMA: avoid label collisions with stacked LSMs
2022-04-20 19:23 ` Mimi Zohar
@ 2022-04-20 21:15 ` Casey Schaufler
0 siblings, 0 replies; 11+ messages in thread
From: Casey Schaufler @ 2022-04-20 21:15 UTC (permalink / raw)
To: Mimi Zohar, linux-integrity@vger.kernel.org; +Cc: Casey Schaufler
On 4/20/2022 12:23 PM, Mimi Zohar wrote:
> Hi Casey,
>
> Below are a few initial comments/questions from a high level...
>
> On Tue, 2022-04-19 at 09:50 -0700, Casey Schaufler wrote:
>> On 4/18/2022 7:59 AM, Casey Schaufler wrote:
>>> diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
>>> index eea6e92500b8..97470354c8ae 100644
>>> --- a/security/integrity/ima/ima_policy.c
>>> +++ b/security/integrity/ima/ima_policy.c
>>> @@ -89,6 +89,7 @@ struct ima_rule_entry {
>>> bool (*fgroup_op)(kgid_t cred_gid, kgid_t rule_gid); /* gid_eq(), gid_gt(), gid_lt() */
>>> int pcr;
>>> unsigned int allowed_algos; /* bitfield of allowed hash algorithms */
>>> + int which; /* which LSM rule applies to */
> If "which" was defined in the lsm[] structure, it would be clear
> reading the code that "which" refers to an LSM (e.g. entry-
>> lsm[i].which). Perhaps rename "which" to "which_lsm", "lsm_slot", or
> "rules_lsm".
Both fine suggestions. I will incorporate them.
>
>>> struct {
>>> void *rule; /* LSM file metadata specific */
>>> char *args_p; /* audit value */
>>> @@ -285,6 +286,20 @@ static int __init default_appraise_policy_setup(char *str)
>>> }
>>> __setup("ima_appraise_tcb", default_appraise_policy_setup);
>>>
>>> +static int ima_rules_lsm __ro_after_init;
>>> +
>>> +static int __init ima_rules_lsm_init(char *str)
>>> +{
>>> + ima_rules_lsm = lsm_name_to_slot(str);
>>> + if (ima_rules_lsm < 0) {
>>> + ima_rules_lsm = 0;
>>> + pr_err("rule lsm \"%s\" not registered", str);
>>> + }
> Specific IMA policy rules could be independent of the default one being
> initialized here. Probably "ima_rules_lsm" should be renamed
> "default_rules_lsm" or "default_ima_rules_lsm".
Sure. No problem to change.
> The pr_err() message
> should indicate setting the default rule LSM failed with an indication
> of which LSM is set as the default.
>
> Assuming 0 is guaranteed to be a valid LSM,
Unfortunately, it's possible for there to be no LSMs,
in which case 0 won't match any LSM when the hooks are
being invoked.
> then something like:
> "default rule lsm \"%s\" not registered, using \"%s"\", str,
> lsm_slot_to_name(0));
>
>>> +
>>> + return 1;
>>> +}
>>> +__setup("ima_rules_lsm=", ima_rules_lsm_init);
>>> +
>>> static struct ima_rule_opt_list *ima_alloc_rule_opt_list(const substring_t *src)
>>> {
>>> struct ima_rule_opt_list *opt_list;
>>> @@ -356,7 +371,7 @@ static void ima_lsm_free_rule(struct ima_rule_entry *entry)
>>> int i;
>>>
>>> for (i = 0; i < MAX_LSM_RULES; i++) {
>>> - ima_filter_rule_free(entry->lsm[i].rule);
>>> + ima_filter_rule_free(entry->lsm[i].rule, entry->which);
>>> kfree(entry->lsm[i].args_p);
>>> }
>>> }
> ima_rules_lsm is initialized to 0, If it isn't guranteed to be a valid
> LSM, then ima_rules_lsm_init() needs to be called from ima_init.c:
> ima_init(), so that it can be reset to an invalid value. Then
> ima_filter_rule_init()/free() could check it.
If there is no LSM in slot 0 that implies there are no LSMs
suppling the hooks. Since the list of hooks to invoke will be
empty it doesn't matter what value is in default_rules_lsm.
>
> thanks,
>
> Mimi
>
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH v35 05/29] IMA: avoid label collisions with stacked LSMs
2022-04-19 16:50 ` [PATCH v35 05/29] IMA: avoid label collisions with stacked LSMs Casey Schaufler
2022-04-20 19:23 ` Mimi Zohar
@ 2022-04-21 3:22 ` Mimi Zohar
1 sibling, 0 replies; 11+ messages in thread
From: Mimi Zohar @ 2022-04-21 3:22 UTC (permalink / raw)
To: Casey Schaufler, linux-integrity@vger.kernel.org
On Tue, 2022-04-19 at 09:50 -0700, Casey Schaufler wrote:
>
> > @@ -1025,7 +1043,7 @@ enum policy_opt {
> > Opt_fowner_lt, Opt_fgroup_lt,
> > Opt_appraise_type, Opt_appraise_flag, Opt_appraise_algos,
> > Opt_permit_directio, Opt_pcr, Opt_template, Opt_keyrings,
> > - Opt_label, Opt_err
> > + Opt_lsm, Opt_label, Opt_err
> > };
> >
> > static const match_table_t policy_tokens = {
> > @@ -1073,6 +1091,7 @@ static const match_table_t policy_tokens = {
> > {Opt_template, "template=%s"},
> > {Opt_keyrings, "keyrings=%s"},
> > {Opt_label, "label=%s"},
> > + {Opt_lsm, "lsm=%s"},
> > {Opt_err, NULL}
> > };
The ordering of "Opt_lsm" and "Opt_label" are reversed here. They need
to be in sync. Displaying the policy rules results in "label=selinux",
as opposed to "lsm=selinux".
> > @@ -2158,6 +2195,8 @@ int ima_policy_show(struct seq_file *m, void *v)
> > seq_puts(m, "appraise_flag=check_blacklist ");
> > if (entry->flags & IMA_PERMIT_DIRECTIO)
> > seq_puts(m, "permit_directio ");
> > + if (entry->which >= 0)
> > + seq_printf(m, pt(Opt_lsm), lsm_slot_to_name(entry->which));
Please only include the LSM name on those rules which are LSM specific.
I would move this statement to the "for (i = 0; i < MAX_LSM_RULES; i++)
{" loop.
None of the builtin policy rules are LSM specific. To test, add
"ima_policy=tcb" to the boot command line. Then to view the policy,
cat /sys/kernel/security/ima/policy.
Also, unless the IMA policy rule explicitly indicated a specific LSM, I
would place the LSM name in parenthesis.
> > rcu_read_unlock();
> > seq_puts(m, "\n");
> > return 0;
thanks,
Mimi
^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2022-04-21 3:22 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <20220418145945.38797-1-casey@schaufler-ca.com>
2022-04-18 14:59 ` [PATCH v35 11/29] LSM: Use lsmblob in security_current_getsecid Casey Schaufler
2022-04-18 14:59 ` [PATCH v35 12/29] LSM: Use lsmblob in security_inode_getsecid Casey Schaufler
2022-04-18 14:59 ` [PATCH v35 13/29] LSM: Use lsmblob in security_cred_getsecid Casey Schaufler
2022-04-18 18:02 ` kernel test robot
2022-04-19 0:41 ` kernel test robot
2022-04-19 0:51 ` kernel test robot
2022-04-18 14:59 ` [PATCH v35 15/29] LSM: Ensure the correct LSM context releaser Casey Schaufler
[not found] ` <20220418145945.38797-6-casey@schaufler-ca.com>
2022-04-19 16:50 ` [PATCH v35 05/29] IMA: avoid label collisions with stacked LSMs Casey Schaufler
2022-04-20 19:23 ` Mimi Zohar
2022-04-20 21:15 ` Casey Schaufler
2022-04-21 3:22 ` Mimi Zohar
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).