From: "Mickaël Salaün" <mic@digikod.net>
To: Casey Schaufler <casey@schaufler-ca.com>,
paul@paul-moore.com, linux-security-module@vger.kernel.org
Cc: jmorris@namei.org, keescook@chromium.org,
john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp,
stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org,
linux-api@vger.kernel.org
Subject: Re: [PATCH v7 07/11] LSM: Helpers for attribute names and filling an lsm_ctx
Date: Mon, 3 Apr 2023 11:54:57 +0200 [thread overview]
Message-ID: <539e698a-1ab7-a390-a3a4-6c7e43db4eb6@digikod.net> (raw)
In-Reply-To: <544a4809-1a79-9dd7-61a5-5fce1f4a5f10@digikod.net>
On 03/04/2023 11:47, Mickaël Salaün wrote:
>
> On 15/03/2023 23:47, Casey Schaufler wrote:
>> Add lsm_name_to_attr(), which translates a text string to a
>> LSM_ATTR value if one is available.
>>
>> Add lsm_fill_user_ctx(), which fills a struct lsm_ctx, including
>> the trailing attribute value.
>>
>> All are used in module specific components of LSM system calls.
>>
>> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
>> ---
>> include/linux/security.h | 13 ++++++++++
>> security/lsm_syscalls.c | 51 ++++++++++++++++++++++++++++++++++++++++
>> security/security.c | 31 ++++++++++++++++++++++++
>> 3 files changed, 95 insertions(+)
>
> [...]
>
>> diff --git a/security/security.c b/security/security.c
>> index 2c57fe28c4f7..f7b814a3940c 100644
>> --- a/security/security.c
>> +++ b/security/security.c
>> @@ -753,6 +753,37 @@ static int lsm_superblock_alloc(struct super_block *sb)
>> return 0;
>> }
>>
>> +/**
>> + * lsm_fill_user_ctx - Fill a user space lsm_ctx structure
>> + * @ctx: an LSM context to be filled
>> + * @context: the new context value
>> + * @context_size: the size of the new context value
>> + * @id: LSM id
>> + * @flags: LSM defined flags
>> + *
>> + * Fill all of the fields in a user space lsm_ctx structure.
>> + * Caller is assumed to have verified that @ctx has enough space
>> + * for @context.
>> + * Returns 0 on success, -EFAULT on a copyout error.
>> + */
>> +int lsm_fill_user_ctx(struct lsm_ctx __user *ctx, void *context,
>> + size_t context_size, u64 id, u64 flags)
>> +{
>> + struct lsm_ctx local;
>> + void __user *vc = ctx;
>> +
>> + local.id = id;
>> + local.flags = flags;
>> + local.ctx_len = context_size;
>> + local.len = context_size + sizeof(local);
>> + vc += sizeof(local);
>> + if (copy_to_user(ctx, &local, sizeof(local)))
>> + return -EFAULT;
>> + if (context_size > 0 && copy_to_user(vc, context, context_size))
>> + return -EFAULT;
>
> Can we do a single copy_to_user() call? That would avoid inconsistent
> user space data, could speed up a bit the operation, and make the code
> easier to understand. To use the stack, we need to know the maximum size
> of context_size for all use cases, which seems reasonable and can be
> checked at build time (on each LSM side, and potentially with specific
> context type passed as enum instead of context_size) and run time (for
> this generic helper).
Well, actually the context_size should be inferred from id, and the
"local" size should be defined and check at build time against all
context ID sizes.
>
>
>> + return 0;
>> +}
>> +
>> /*
>> * The default value of the LSM hook is defined in linux/lsm_hook_defs.h and
>> * can be accessed with:
next prev parent reply other threads:[~2023-04-03 9:55 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20230315224704.2672-1-casey.ref@schaufler-ca.com>
2023-03-15 22:46 ` [PATCH v7 00/11] LSM: Three basic syscalls Casey Schaufler
2023-03-15 22:46 ` [PATCH v7 01/11] LSM: Identify modules by more than name Casey Schaufler
2023-03-30 1:10 ` Paul Moore
2023-03-15 22:46 ` [PATCH v7 02/11] LSM: Maintain a table of LSM attribute data Casey Schaufler
2023-03-30 1:10 ` Paul Moore
2023-03-15 22:46 ` [PATCH v7 03/11] proc: Use lsmids instead of lsm names for attrs Casey Schaufler
2023-03-15 22:46 ` [PATCH v7 04/11] LSM: syscalls for current process attributes Casey Schaufler
2023-03-16 12:35 ` kernel test robot
2023-03-30 1:12 ` Paul Moore
2023-03-30 11:24 ` Paul Moore
2023-03-30 20:00 ` Casey Schaufler
2023-03-30 23:22 ` Paul Moore
2023-04-03 12:04 ` Mickaël Salaün
2023-04-03 17:36 ` Casey Schaufler
2023-04-03 18:04 ` Mickaël Salaün
2023-04-03 18:28 ` Casey Schaufler
2023-04-11 0:31 ` Paul Moore
2023-03-15 22:46 ` [PATCH v7 05/11] LSM: Create lsm_list_modules system call Casey Schaufler
2023-03-30 1:12 ` Paul Moore
2023-04-03 12:04 ` Mickaël Salaün
2023-04-10 23:37 ` Paul Moore
2023-04-10 23:38 ` Paul Moore
2023-04-13 11:55 ` Mickaël Salaün
2023-03-15 22:46 ` [PATCH v7 06/11] LSM: wireup Linux Security Module syscalls Casey Schaufler
2023-03-15 22:47 ` [PATCH v7 07/11] LSM: Helpers for attribute names and filling an lsm_ctx Casey Schaufler
2023-03-30 1:13 ` Paul Moore
2023-03-30 20:42 ` Casey Schaufler
2023-03-30 23:28 ` Paul Moore
2023-03-31 16:56 ` Casey Schaufler
2023-03-31 19:24 ` Paul Moore
2023-03-31 20:22 ` Casey Schaufler
2023-04-03 9:47 ` Mickaël Salaün
2023-04-03 9:54 ` Mickaël Salaün [this message]
2023-04-03 11:47 ` Mickaël Salaün
2023-04-03 18:04 ` Casey Schaufler
2023-04-03 18:03 ` Casey Schaufler
2023-04-03 18:06 ` Mickaël Salaün
2023-04-03 18:33 ` Casey Schaufler
2023-03-15 22:47 ` [PATCH v7 08/11] Smack: implement setselfattr and getselfattr hooks Casey Schaufler
2023-03-15 22:47 ` [PATCH v7 09/11] AppArmor: Add selfattr hooks Casey Schaufler
2023-03-15 22:47 ` [PATCH v7 10/11] SELinux: " Casey Schaufler
2023-03-30 1:13 ` Paul Moore
2023-03-30 20:55 ` Casey Schaufler
2023-03-30 23:32 ` Paul Moore
2023-03-15 22:47 ` [PATCH v7 11/11] LSM: selftests for Linux Security Module syscalls Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=539e698a-1ab7-a390-a3a4-6c7e43db4eb6@digikod.net \
--to=mic@digikod.net \
--cc=casey@schaufler-ca.com \
--cc=jmorris@namei.org \
--cc=john.johansen@canonical.com \
--cc=keescook@chromium.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=penguin-kernel@i-love.sakura.ne.jp \
--cc=stephen.smalley.work@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox