From: daniel@iogearbox.net (Daniel Borkmann)
To: linux-security-module@vger.kernel.org
Subject: [PATCH net-next 3/4] selinux: bpf: Add selinux check for eBPF syscall operations
Date: Thu, 05 Oct 2017 18:12:51 +0200 [thread overview]
Message-ID: <59D65A03.2000202@iogearbox.net> (raw)
In-Reply-To: <1507210095.27146.5.camel@tycho.nsa.gov>
On 10/05/2017 03:28 PM, Stephen Smalley wrote:
[...]
>> +static int selinux_bpf_prog(struct bpf_prog *prog)
>> +{
>> + u32 sid = current_sid();
>> + struct bpf_security_struct *bpfsec;
>> +
>> + bpfsec = prog->aux->security;
>
> I haven't looked closely at the bpf code, but is it guaranteed that
> prog->aux cannot be NULL here? What's the difference in lifecycle for
> bpf_prog vs bpf_prog_aux? Could the aux field be shared across progs
> created by different processes?
prog->aux cannot be NULL here, its lifetime is 1:1 with prog,
it holds slow-path auxiliary data unlike prog itself which is
additionally set to read-only after initial setup until teardown;
aux is also never shared across BPF progs, so always 1:1 relation
to prog itself.
Things that can be shared across multiple BPF programs and user
space processes are BPF maps themselves. From user space side
they can be passed via fd or pinned/retrieved from bpf fs, so
as currently implemented the void *security member you'd hold
in struct bpf_map would refer to the initial creator process of
the map here that doesn't strictly need to be alive anymore;
similarly for prog itself, when its shared between multiple
user space processes, *security ctx would point to the one that
installed it into the kernel initially.
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2017-10-05 16:12 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-04 18:29 [PATCH 0/4] net-next: security: New file mode and LSM hooks for eBPF object permission control Chenbo Feng
2017-10-04 18:29 ` [PATCH net-next 1/4] bpf: Add file mode configuration into bpf maps Chenbo Feng
2017-10-04 23:29 ` Daniel Borkmann
2017-10-04 23:58 ` Chenbo Feng
2017-10-05 0:51 ` Daniel Borkmann
2017-10-04 18:29 ` [PATCH net-next 2/4] security: bpf: Add LSM hooks for bpf object related syscall Chenbo Feng
2017-10-12 0:31 ` James Morris
2017-10-04 18:29 ` [PATCH net-next 3/4] selinux: bpf: Add selinux check for eBPF syscall operations Chenbo Feng
2017-10-05 13:28 ` Stephen Smalley
2017-10-05 16:12 ` Daniel Borkmann [this message]
2017-10-04 18:29 ` [PATCH net-next 4/4] selinux: bpf: Add addtional check for bpf object file receive Chenbo Feng
2017-10-04 23:44 ` Daniel Borkmann
2017-10-04 23:52 ` Daniel Borkmann
2017-10-05 13:37 ` Stephen Smalley
2017-10-05 18:26 ` Stephen Smalley
2017-10-06 21:10 ` Chenbo Feng
2017-10-06 21:00 ` Chenbo Feng
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=59D65A03.2000202@iogearbox.net \
--to=daniel@iogearbox.net \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).