Re: [PATCH v13 4/5] security: Update non standard hooks to use static calls

linux-security-module.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Paul Moore <paul@paul-moore.com>
To: Casey Schaufler <casey@schaufler-ca.com>
Cc: KP Singh <kpsingh@kernel.org>,
	linux-security-module@vger.kernel.org,  bpf@vger.kernel.org,
	ast@kernel.org, andrii@kernel.org, keescook@chromium.org,
	 daniel@iogearbox.net, renauld@google.com, revest@chromium.org,
	 song@kernel.org
Subject: Re: [PATCH v13 4/5] security: Update non standard hooks to use static calls
Date: Tue, 9 Jul 2024 15:05:31 -0400	[thread overview]
Message-ID: <CAHC9VhS64J+0PhK6YJVvRe0rRGK935+KPbGMZBO4PxVH22ug0Q@mail.gmail.com> (raw)
In-Reply-To: <e170a720-c6e7-480c-a54d-c6ae7cf9a77a@schaufler-ca.com>

On Tue, Jul 9, 2024 at 12:53 PM Casey Schaufler <casey@schaufler-ca.com> wrote:
> On 7/9/2024 5:36 AM, KP Singh wrote:
> > [...]
> >
> >>> --- a/security/security.c
> >>> +++ b/security/security.c
> >>> @@ -948,10 +948,48 @@ out:                                                                    \
> >>>       RC;                                                             \
> >>>  })
> >>>
> >>> -#define lsm_for_each_hook(scall, NAME)                                       \
> >>> -     for (scall = static_calls_table.NAME;                           \
> >>> -          scall - static_calls_table.NAME < MAX_LSM_COUNT; scall++)  \
> >>> -             if (static_key_enabled(&scall->active->key))
> >>> +/*
> >>> + * Can be used in the context passed to lsm_for_each_hook to get the lsmid of the
> >>> + * current hook
> >>> + */
> >>> +#define current_lsmid() _hook_lsmid
> >> See my comments below about security_getselfattr(), I think we can drop
> >> the current_lsmid() macro.  If we really must keep it, we need to rename
> >> it to something else as it clashes too much with the other current_XXX()
> >> macros/functions which are useful outside of our wacky macros.
> > call_hook_with_lsmid is a pattern used by quite a few hooks, happy to
> > update the name.
> >
> > What do you think about __security_hook_lsm_id().
>
> I really dislike it. The security prefix (even with __) tells the
> developer in security.c that the code is used elsewhere. How about
> lsm_hook_current_id()?

See my reply.  There is enough ugliness in converting the hooks in
this particular patch that I think we need to shelve this patch too.

-- 
paul-moore.com

next prev parent reply	other threads:[~2024-07-09 19:05 UTC|newest]

Thread overview: 34+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-06-29  8:43 [PATCH v13 0/5] Reduce overhead of LSMs with static calls KP Singh
2024-06-29  8:43 ` [PATCH v13 1/5] kernel: Add helper macros for loop unrolling KP Singh
2024-06-29  8:43 ` [PATCH v13 2/5] security: Count the LSMs enabled at compile time KP Singh
2024-07-03  9:44   ` Rasmus Villemoes
2024-07-03 13:12     ` KP Singh
2024-07-03 14:54       ` Paul Moore
2024-06-29  8:43 ` [PATCH v13 3/5] security: Replace indirect LSM hook calls with static calls KP Singh
2024-07-03  0:07   ` Paul Moore
2024-07-03 16:54     ` KP Singh
2024-07-03 20:56       ` Paul Moore
2024-07-03 22:22         ` KP Singh
2024-07-03 22:52           ` Paul Moore
2024-07-03 23:08             ` KP Singh
2024-07-03 23:44               ` Casey Schaufler
2024-07-04  0:24                 ` KP Singh
2024-07-04  1:15                   ` KP Singh
2024-07-05 18:07               ` Paul Moore
2024-07-05 19:34                 ` KP Singh
2024-07-06  0:17                   ` Kees Cook
2024-07-06  4:46                     ` Paul Moore
2024-07-06  4:40                   ` Paul Moore
2024-07-08 10:04                     ` KP Singh
2024-07-08 12:52                       ` Paul Moore
2024-07-08 13:52                         ` KP Singh
2024-07-08 14:23                           ` Paul Moore
2024-06-29  8:43 ` [PATCH v13 4/5] security: Update non standard hooks to use " KP Singh
2024-07-03  0:07   ` Paul Moore
2024-07-09 12:36     ` KP Singh
2024-07-09 14:51       ` Paul Moore
2024-07-09 16:53       ` Casey Schaufler
2024-07-09 19:05         ` Paul Moore [this message]
2024-06-29  8:43 ` [PATCH v13 5/5] bpf: Only enable BPF LSM hooks when an LSM program is attached KP Singh
2024-07-03  0:07   ` Paul Moore
2024-07-03 16:55     ` KP Singh

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAHC9VhS64J+0PhK6YJVvRe0rRGK935+KPbGMZBO4PxVH22ug0Q@mail.gmail.com \
    --to=paul@paul-moore.com \
    --cc=andrii@kernel.org \
    --cc=ast@kernel.org \
    --cc=bpf@vger.kernel.org \
    --cc=casey@schaufler-ca.com \
    --cc=daniel@iogearbox.net \
    --cc=keescook@chromium.org \
    --cc=kpsingh@kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=renauld@google.com \
    --cc=revest@chromium.org \
    --cc=song@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).