Re: [PATCH v2 5/6] LSM: Infrastructure management of the infiniband blob

[John Johansen <john.johansen@canonical.com>]

On 7/10/24 14:32, Casey Schaufler wrote:
> Move management of the infiniband security blob out of the individual
> security modules and into the LSM infrastructure.  The security modules
> tell the infrastructure how much space they require at initialization.
> There are no longer any modules that require the ib_free() hook.
> The hook definition has been removed.
> 
> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>


looks good

Reviewed-by: John Johansen <john.johansen@canonical.com>

> ---
>   include/linux/lsm_hook_defs.h     |  3 +--
>   include/linux/lsm_hooks.h         |  1 +
>   security/security.c               | 17 +++++++++++++++--
>   security/selinux/hooks.c          | 16 +++-------------
>   security/selinux/include/objsec.h |  6 ++++++
>   5 files changed, 26 insertions(+), 17 deletions(-)
> 
> diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h
> index f1e0d6138845..7c979137c0f2 100644
> --- a/include/linux/lsm_hook_defs.h
> +++ b/include/linux/lsm_hook_defs.h
> @@ -372,8 +372,7 @@ LSM_HOOK(int, 0, mptcp_add_subflow, struct sock *sk, struct sock *ssk)
>   LSM_HOOK(int, 0, ib_pkey_access, void *sec, u64 subnet_prefix, u16 pkey)
>   LSM_HOOK(int, 0, ib_endport_manage_subnet, void *sec, const char *dev_name,
>   	 u8 port_num)
> -LSM_HOOK(int, 0, ib_alloc_security, void **sec)
> -LSM_HOOK(void, LSM_RET_VOID, ib_free_security, void *sec)
> +LSM_HOOK(int, 0, ib_alloc_security, void *sec)
>   #endif /* CONFIG_SECURITY_INFINIBAND */
>   
>   #ifdef CONFIG_SECURITY_NETWORK_XFRM
> diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
> index 0ff14ff128c8..b6fc6ac88723 100644
> --- a/include/linux/lsm_hooks.h
> +++ b/include/linux/lsm_hooks.h
> @@ -72,6 +72,7 @@ struct security_hook_list {
>   struct lsm_blob_sizes {
>   	int	lbs_cred;
>   	int	lbs_file;
> +	int	lbs_ib;
>   	int	lbs_inode;
>   	int	lbs_sock;
>   	int	lbs_superblock;
> diff --git a/security/security.c b/security/security.c
> index f1eb93b65ae9..e8f34cbb1990 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -219,6 +219,7 @@ static void __init lsm_set_blob_sizes(struct lsm_blob_sizes *needed)
>   
>   	lsm_set_blob_size(&needed->lbs_cred, &blob_sizes.lbs_cred);
>   	lsm_set_blob_size(&needed->lbs_file, &blob_sizes.lbs_file);
> +	lsm_set_blob_size(&needed->lbs_ib, &blob_sizes.lbs_ib);
>   	/*
>   	 * The inode blob gets an rcu_head in addition to
>   	 * what the modules might need.
> @@ -402,6 +403,7 @@ static void __init ordered_lsm_init(void)
>   
>   	init_debug("cred blob size       = %d\n", blob_sizes.lbs_cred);
>   	init_debug("file blob size       = %d\n", blob_sizes.lbs_file);
> +	init_debug("ib blob size         = %d\n", blob_sizes.lbs_ib);
>   	init_debug("inode blob size      = %d\n", blob_sizes.lbs_inode);
>   	init_debug("ipc blob size        = %d\n", blob_sizes.lbs_ipc);
>   #ifdef CONFIG_KEYS
> @@ -5070,7 +5072,18 @@ EXPORT_SYMBOL(security_ib_endport_manage_subnet);
>    */
>   int security_ib_alloc_security(void **sec)
>   {
> -	return call_int_hook(ib_alloc_security, sec);
> +	int rc;
> +
> +	rc = lsm_blob_alloc(sec, blob_sizes.lbs_ib, GFP_KERNEL);
> +	if (rc)
> +		return rc;
> +
> +	rc = call_int_hook(ib_alloc_security, *sec);
> +	if (rc) {
> +		kfree(*sec);
> +		*sec = NULL;
> +	}
> +	return rc;
>   }
>   EXPORT_SYMBOL(security_ib_alloc_security);
>   
> @@ -5082,7 +5095,7 @@ EXPORT_SYMBOL(security_ib_alloc_security);
>    */
>   void security_ib_free_security(void *sec)
>   {
> -	call_void_hook(ib_free_security, sec);
> +	kfree(sec);
>   }
>   EXPORT_SYMBOL(security_ib_free_security);
>   #endif	/* CONFIG_SECURITY_INFINIBAND */
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index 34ed787a4bfa..11f4bdabda97 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -6776,23 +6776,13 @@ static int selinux_ib_endport_manage_subnet(void *ib_sec, const char *dev_name,
>   			    INFINIBAND_ENDPORT__MANAGE_SUBNET, &ad);
>   }
>   
> -static int selinux_ib_alloc_security(void **ib_sec)
> +static int selinux_ib_alloc_security(void *ib_sec)
>   {
> -	struct ib_security_struct *sec;
> +	struct ib_security_struct *sec = selinux_ib(ib_sec);
>   
> -	sec = kzalloc(sizeof(*sec), GFP_KERNEL);
> -	if (!sec)
> -		return -ENOMEM;
>   	sec->sid = current_sid();
> -
> -	*ib_sec = sec;
>   	return 0;
>   }
> -
> -static void selinux_ib_free_security(void *ib_sec)
> -{
> -	kfree(ib_sec);
> -}
>   #endif
>   
>   #ifdef CONFIG_BPF_SYSCALL
> @@ -6964,6 +6954,7 @@ struct lsm_blob_sizes selinux_blob_sizes __ro_after_init = {
>   	.lbs_superblock = sizeof(struct superblock_security_struct),
>   	.lbs_xattr_count = SELINUX_INODE_INIT_XATTRS,
>   	.lbs_tun_dev = sizeof(struct tun_security_struct),
> +	.lbs_ib = sizeof(struct ib_security_struct),
>   };
>   
>   #ifdef CONFIG_PERF_EVENTS
> @@ -7282,7 +7273,6 @@ static struct security_hook_list selinux_hooks[] __ro_after_init = {
>   	LSM_HOOK_INIT(ib_pkey_access, selinux_ib_pkey_access),
>   	LSM_HOOK_INIT(ib_endport_manage_subnet,
>   		      selinux_ib_endport_manage_subnet),
> -	LSM_HOOK_INIT(ib_free_security, selinux_ib_free_security),
>   #endif
>   #ifdef CONFIG_SECURITY_NETWORK_XFRM
>   	LSM_HOOK_INIT(xfrm_policy_free_security, selinux_xfrm_policy_free),
> diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h
> index 461c6985977d..b1878f9395b5 100644
> --- a/security/selinux/include/objsec.h
> +++ b/security/selinux/include/objsec.h
> @@ -213,4 +213,10 @@ selinux_tun_dev(void *security)
>   	return security + selinux_blob_sizes.lbs_tun_dev;
>   }
>   
> +static inline struct ib_security_struct *
> +selinux_ib(void *ib_sec)
> +{
> +	return ib_sec + selinux_blob_sizes.lbs_ib;
> +}
> +
>   #endif /* _SELINUX_OBJSEC_H_ */