From: John Johansen <john.johansen@canonical.com>
To: Casey Schaufler <casey@schaufler-ca.com>,
paul@paul-moore.com, linux-security-module@vger.kernel.org
Cc: jmorris@namei.org, serge@hallyn.com, keescook@chromium.org,
penguin-kernel@i-love.sakura.ne.jp,
stephen.smalley.work@gmail.com, mic@digikod.net
Subject: Re: [PATCH v2 4/6] LSM: Infrastructure management of the dev_tun blob
Date: Wed, 10 Jul 2024 16:08:58 -0700 [thread overview]
Message-ID: <d8f8ee5f-7b30-45d8-b3fc-835f81433573@canonical.com> (raw)
In-Reply-To: <20240710213230.11978-5-casey@schaufler-ca.com>
On 7/10/24 14:32, Casey Schaufler wrote:
> Move management of the dev_tun security blob out of the individual
> security modules and into the LSM infrastructure. The security modules
> tell the infrastructure how much space they require at initialization.
> There are no longer any modules that require the dev_tun_free hook.
> The hook definition has been removed.
>
> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
looks good
Reviewed-by: John Johansen <john.johansen@canonical.com>
> ---
> include/linux/lsm_hook_defs.h | 3 +--
> include/linux/lsm_hooks.h | 1 +
> security/security.c | 17 +++++++++++++++--
> security/selinux/hooks.c | 22 ++++++----------------
> security/selinux/include/objsec.h | 6 ++++++
> 5 files changed, 29 insertions(+), 20 deletions(-)
>
> diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h
> index cc81f7f7c024..f1e0d6138845 100644
> --- a/include/linux/lsm_hook_defs.h
> +++ b/include/linux/lsm_hook_defs.h
> @@ -352,8 +352,7 @@ LSM_HOOK(void, LSM_RET_VOID, secmark_refcount_inc, void)
> LSM_HOOK(void, LSM_RET_VOID, secmark_refcount_dec, void)
> LSM_HOOK(void, LSM_RET_VOID, req_classify_flow, const struct request_sock *req,
> struct flowi_common *flic)
> -LSM_HOOK(int, 0, tun_dev_alloc_security, void **security)
> -LSM_HOOK(void, LSM_RET_VOID, tun_dev_free_security, void *security)
> +LSM_HOOK(int, 0, tun_dev_alloc_security, void *security)
> LSM_HOOK(int, 0, tun_dev_create, void)
> LSM_HOOK(int, 0, tun_dev_attach_queue, void *security)
> LSM_HOOK(int, 0, tun_dev_attach, struct sock *sk, void *security)
> diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
> index 7233bc0737be..0ff14ff128c8 100644
> --- a/include/linux/lsm_hooks.h
> +++ b/include/linux/lsm_hooks.h
> @@ -80,6 +80,7 @@ struct lsm_blob_sizes {
> int lbs_msg_msg;
> int lbs_task;
> int lbs_xattr_count; /* number of xattr slots in new_xattrs array */
> + int lbs_tun_dev;
> };
>
> /**
> diff --git a/security/security.c b/security/security.c
> index e5af4274b8aa..f1eb93b65ae9 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -232,6 +232,7 @@ static void __init lsm_set_blob_sizes(struct lsm_blob_sizes *needed)
> lsm_set_blob_size(&needed->lbs_sock, &blob_sizes.lbs_sock);
> lsm_set_blob_size(&needed->lbs_superblock, &blob_sizes.lbs_superblock);
> lsm_set_blob_size(&needed->lbs_task, &blob_sizes.lbs_task);
> + lsm_set_blob_size(&needed->lbs_tun_dev, &blob_sizes.lbs_tun_dev);
> lsm_set_blob_size(&needed->lbs_xattr_count,
> &blob_sizes.lbs_xattr_count);
> }
> @@ -410,6 +411,7 @@ static void __init ordered_lsm_init(void)
> init_debug("sock blob size = %d\n", blob_sizes.lbs_sock);
> init_debug("superblock blob size = %d\n", blob_sizes.lbs_superblock);
> init_debug("task blob size = %d\n", blob_sizes.lbs_task);
> + init_debug("tun device blob size = %d\n", blob_sizes.lbs_tun_dev);
> init_debug("xattr slots = %d\n", blob_sizes.lbs_xattr_count);
>
> /*
> @@ -4849,7 +4851,18 @@ EXPORT_SYMBOL(security_secmark_refcount_dec);
> */
> int security_tun_dev_alloc_security(void **security)
> {
> - return call_int_hook(tun_dev_alloc_security, security);
> + int rc;
> +
> + rc = lsm_blob_alloc(security, blob_sizes.lbs_tun_dev, GFP_KERNEL);
> + if (rc)
> + return rc;
> +
> + rc = call_int_hook(tun_dev_alloc_security, *security);
> + if (rc) {
> + kfree(*security);
> + *security = NULL;
> + }
> + return rc;
> }
> EXPORT_SYMBOL(security_tun_dev_alloc_security);
>
> @@ -4861,7 +4874,7 @@ EXPORT_SYMBOL(security_tun_dev_alloc_security);
> */
> void security_tun_dev_free_security(void *security)
> {
> - call_void_hook(tun_dev_free_security, security);
> + kfree(security);
> }
> EXPORT_SYMBOL(security_tun_dev_free_security);
>
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index 986825ba1cc5..34ed787a4bfa 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -5573,24 +5573,14 @@ static void selinux_req_classify_flow(const struct request_sock *req,
> flic->flowic_secid = req->secid;
> }
>
> -static int selinux_tun_dev_alloc_security(void **security)
> +static int selinux_tun_dev_alloc_security(void *security)
> {
> - struct tun_security_struct *tunsec;
> + struct tun_security_struct *tunsec = selinux_tun_dev(security);
>
> - tunsec = kzalloc(sizeof(*tunsec), GFP_KERNEL);
> - if (!tunsec)
> - return -ENOMEM;
> tunsec->sid = current_sid();
> -
> - *security = tunsec;
> return 0;
> }
>
> -static void selinux_tun_dev_free_security(void *security)
> -{
> - kfree(security);
> -}
> -
> static int selinux_tun_dev_create(void)
> {
> u32 sid = current_sid();
> @@ -5608,7 +5598,7 @@ static int selinux_tun_dev_create(void)
>
> static int selinux_tun_dev_attach_queue(void *security)
> {
> - struct tun_security_struct *tunsec = security;
> + struct tun_security_struct *tunsec = selinux_tun_dev(security);
>
> return avc_has_perm(current_sid(), tunsec->sid, SECCLASS_TUN_SOCKET,
> TUN_SOCKET__ATTACH_QUEUE, NULL);
> @@ -5616,7 +5606,7 @@ static int selinux_tun_dev_attach_queue(void *security)
>
> static int selinux_tun_dev_attach(struct sock *sk, void *security)
> {
> - struct tun_security_struct *tunsec = security;
> + struct tun_security_struct *tunsec = selinux_tun_dev(security);
> struct sk_security_struct *sksec = selinux_sock(sk);
>
> /* we don't currently perform any NetLabel based labeling here and it
> @@ -5634,7 +5624,7 @@ static int selinux_tun_dev_attach(struct sock *sk, void *security)
>
> static int selinux_tun_dev_open(void *security)
> {
> - struct tun_security_struct *tunsec = security;
> + struct tun_security_struct *tunsec = selinux_tun_dev(security);
> u32 sid = current_sid();
> int err;
>
> @@ -6973,6 +6963,7 @@ struct lsm_blob_sizes selinux_blob_sizes __ro_after_init = {
> .lbs_sock = sizeof(struct sk_security_struct),
> .lbs_superblock = sizeof(struct superblock_security_struct),
> .lbs_xattr_count = SELINUX_INODE_INIT_XATTRS,
> + .lbs_tun_dev = sizeof(struct tun_security_struct),
> };
>
> #ifdef CONFIG_PERF_EVENTS
> @@ -7283,7 +7274,6 @@ static struct security_hook_list selinux_hooks[] __ro_after_init = {
> LSM_HOOK_INIT(secmark_refcount_inc, selinux_secmark_refcount_inc),
> LSM_HOOK_INIT(secmark_refcount_dec, selinux_secmark_refcount_dec),
> LSM_HOOK_INIT(req_classify_flow, selinux_req_classify_flow),
> - LSM_HOOK_INIT(tun_dev_free_security, selinux_tun_dev_free_security),
> LSM_HOOK_INIT(tun_dev_create, selinux_tun_dev_create),
> LSM_HOOK_INIT(tun_dev_attach_queue, selinux_tun_dev_attach_queue),
> LSM_HOOK_INIT(tun_dev_attach, selinux_tun_dev_attach),
> diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h
> index 83b9443d6919..461c6985977d 100644
> --- a/security/selinux/include/objsec.h
> +++ b/security/selinux/include/objsec.h
> @@ -207,4 +207,10 @@ static inline struct sk_security_struct *selinux_sock(const struct sock *sock)
> return sock->sk_security + selinux_blob_sizes.lbs_sock;
> }
>
> +static inline struct tun_security_struct *
> +selinux_tun_dev(void *security)
> +{
> + return security + selinux_blob_sizes.lbs_tun_dev;
> +}
> +
> #endif /* _SELINUX_OBJSEC_H_ */
next prev parent reply other threads:[~2024-07-10 23:09 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20240710213230.11978-1-casey.ref@schaufler-ca.com>
2024-07-10 21:32 ` [PATCH v2 0/6] LSM: Infrastructure blob allocation Casey Schaufler
2024-07-10 21:32 ` [PATCH v2 1/6] LSM: Infrastructure management of the sock security Casey Schaufler
2024-07-10 21:32 ` [PATCH v2 2/6] LSM: Infrastructure management of the key security blob Casey Schaufler
2024-07-10 22:45 ` John Johansen
2024-07-10 21:32 ` [PATCH v2 3/6] LSM: Add helper for blob allocations Casey Schaufler
2024-07-10 21:32 ` [PATCH v2 4/6] LSM: Infrastructure management of the dev_tun blob Casey Schaufler
2024-07-10 23:08 ` John Johansen [this message]
2024-07-10 21:32 ` [PATCH v2 5/6] LSM: Infrastructure management of the infiniband blob Casey Schaufler
2024-07-10 23:09 ` John Johansen
2024-07-10 21:32 ` [PATCH v2 6/6] LSM: Infrastructure management of the perf_event security blob Casey Schaufler
2024-07-10 23:10 ` John Johansen
2024-07-11 20:15 ` [PATCH v2 0/6] LSM: Infrastructure blob allocation Paul Moore
2024-07-29 21:20 ` Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d8f8ee5f-7b30-45d8-b3fc-835f81433573@canonical.com \
--to=john.johansen@canonical.com \
--cc=casey@schaufler-ca.com \
--cc=jmorris@namei.org \
--cc=keescook@chromium.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mic@digikod.net \
--cc=paul@paul-moore.com \
--cc=penguin-kernel@i-love.sakura.ne.jp \
--cc=serge@hallyn.com \
--cc=stephen.smalley.work@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox