From: Roberto Sassu <roberto.sassu@huaweicloud.com>
To: Paul Moore <paul@paul-moore.com>
Cc: ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org,
martin.lau@linux.dev, song@kernel.org, yhs@fb.com,
john.fastabend@gmail.com, kpsingh@kernel.org, sdf@google.com,
haoluo@google.com, jolsa@kernel.org, revest@chromium.org,
jackmanb@chromium.org, jmorris@namei.org, serge@hallyn.com,
bpf@vger.kernel.org, linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org,
Roberto Sassu <roberto.sassu@huawei.com>
Subject: Re: [RFC][PATCH 1/4] lsm: Clarify documentation of vm_enough_memory hook
Date: Wed, 16 Nov 2022 09:06:02 +0100 [thread overview]
Message-ID: <18e375adfe53f8ce5fb38a6a146ad06eaec71a5e.camel@huaweicloud.com> (raw)
In-Reply-To: <CAHC9VhQjnwbFgAoFgTaLQP7YnNDNyP1i0i8H++HZWj930pW=-A@mail.gmail.com>
On Tue, 2022-11-15 at 21:11 -0500, Paul Moore wrote:
> On Tue, Nov 15, 2022 at 12:57 PM Roberto Sassu
> <roberto.sassu@huaweicloud.com> wrote:
> > From: Roberto Sassu <roberto.sassu@huawei.com>
> >
> > include/linux/lsm_hooks.h reports the result of the LSM infrastructure to
> > the callers, not what LSMs should return to the LSM infrastructure.
> >
> > Clarify that and add that returning 1 from the LSMs means calling
> > __vm_enough_memory() with cap_sys_admin set, 0 without.
> >
> > Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
> > Reviewed-by: KP Singh <kpsingh@kernel.org>
> > ---
> > include/linux/lsm_hooks.h | 4 +++-
> > 1 file changed, 3 insertions(+), 1 deletion(-)
> >
> > diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
> > index 4ec80b96c22e..f40b82ca91e7 100644
> > --- a/include/linux/lsm_hooks.h
> > +++ b/include/linux/lsm_hooks.h
> > @@ -1411,7 +1411,9 @@
> > * Check permissions for allocating a new virtual mapping.
> > * @mm contains the mm struct it is being added to.
> > * @pages contains the number of pages.
> > - * Return 0 if permission is granted.
> > + * Return 0 if permission is granted by LSMs to the caller. LSMs should
> > + * return 1 if __vm_enough_memory() should be called with
> > + * cap_sys_admin set, 0 if not.
>
> I think this is a nice addition, but according to the code, any value
> greater than zero will trigger the caller-should-have-CAP_SYS_ADMIN
> behavior, not just 1. I suggest updating the comment.
Ok, yes. Thanks.
Roberto
next prev parent reply other threads:[~2022-11-16 8:06 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-15 17:56 [RFC][PATCH 0/4] security: Ensure LSMs return expected values Roberto Sassu
2022-11-15 17:56 ` [RFC][PATCH 1/4] lsm: Clarify documentation of vm_enough_memory hook Roberto Sassu
2022-11-16 2:11 ` Paul Moore
2022-11-16 8:06 ` Roberto Sassu [this message]
2022-11-16 19:17 ` KP Singh
2022-11-16 19:27 ` Paul Moore
2022-11-15 17:56 ` [RFC][PATCH 2/4] lsm: Add missing return values doc in lsm_hooks.h and fix formatting Roberto Sassu
2022-11-16 2:23 ` Paul Moore
2022-11-16 8:06 ` Roberto Sassu
2022-11-16 19:26 ` Paul Moore
2022-11-15 17:56 ` [RFC][PATCH 3/4] lsm: Redefine LSM_HOOK() macro to add return value flags as argument Roberto Sassu
2022-11-16 2:27 ` Paul Moore
2022-11-16 8:11 ` Roberto Sassu
2022-11-16 22:04 ` Paul Moore
2022-11-17 5:49 ` Greg KH
2022-11-17 15:31 ` Paul Moore
2022-11-15 17:56 ` [RFC][PATCH 4/4] security: Enforce limitations on return values from LSMs Roberto Sassu
2022-11-16 2:35 ` Paul Moore
2022-11-16 14:36 ` Roberto Sassu
2022-11-16 15:47 ` [PoC][PATCH] bpf: Call return value check function in the JITed code Roberto Sassu
2022-11-16 16:16 ` Alexei Starovoitov
2022-11-16 16:41 ` Roberto Sassu
2022-11-16 17:55 ` Alexei Starovoitov
2022-11-16 18:29 ` Casey Schaufler
2022-11-16 19:04 ` KP Singh
2022-11-16 22:40 ` Paul Moore
2022-11-30 13:52 ` Roberto Sassu
2022-11-16 17:12 ` Casey Schaufler
2022-11-16 19:02 ` KP Singh
2022-11-18 8:44 ` Roberto Sassu
2022-11-21 15:31 ` Roberto Sassu
2022-11-16 22:06 ` [RFC][PATCH 4/4] security: Enforce limitations on return values from LSMs Paul Moore
2022-11-15 18:41 ` [RFC][PATCH 0/4] security: Ensure LSMs return expected values Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=18e375adfe53f8ce5fb38a6a146ad06eaec71a5e.camel@huaweicloud.com \
--to=roberto.sassu@huaweicloud.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=haoluo@google.com \
--cc=jackmanb@chromium.org \
--cc=jmorris@namei.org \
--cc=john.fastabend@gmail.com \
--cc=jolsa@kernel.org \
--cc=kpsingh@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=martin.lau@linux.dev \
--cc=paul@paul-moore.com \
--cc=revest@chromium.org \
--cc=roberto.sassu@huawei.com \
--cc=sdf@google.com \
--cc=serge@hallyn.com \
--cc=song@kernel.org \
--cc=yhs@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).