Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752628AbdHVWBD (ORCPT ); Tue, 22 Aug 2017 18:01:03 -0400 Received: from smtp-sh.infomaniak.ch ([128.65.195.4]:55377 "EHLO smtp-sh.infomaniak.ch" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751643AbdHVWBB (ORCPT ); Tue, 22 Aug 2017 18:01:01 -0400 Subject: Re: [PATCH net-next v7 05/10] landlock: Add LSM hooks related to filesystem To: linux-kernel@vger.kernel.org References: <20170821000933.13024-1-mic@digikod.net> <20170821000933.13024-6-mic@digikod.net> Cc: Alexei Starovoitov , Andy Lutomirski , Arnaldo Carvalho de Melo , Casey Schaufler , Daniel Borkmann , David Drysdale , "David S . Miller" , "Eric W . Biederman" , James Morris , Jann Horn , Jonathan Corbet , Matthew Garrett , Michael Kerrisk , Kees Cook , Paul Moore , Sargun Dhillon , "Serge E . Hallyn" , Shuah Khan , Tejun Heo , Thomas Graf , Will Drewry , kernel-hardening@lists.openwall.com, linux-api@vger.kernel.org, linux-security-module@vger.kernel.org, netdev@vger.kernel.org From: =?UTF-8?Q?Micka=c3=abl_Sala=c3=bcn?= Message-ID: <753a3a91-23a4-bc63-27cb-12e764d3d5fc@digikod.net> Date: Tue, 22 Aug 2017 23:59:33 +0200 User-Agent: MIME-Version: 1.0 In-Reply-To: <20170821000933.13024-6-mic@digikod.net> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="Dnvdt9AH49AkVNNJiXKdkOvxXQXGi39Ck" X-Antivirus: Dr.Web (R) for Unix mail servers drweb plugin ver.6.0.2.8 X-Antivirus-Code: 0x100000 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 6328 Lines: 161 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --Dnvdt9AH49AkVNNJiXKdkOvxXQXGi39Ck Content-Type: multipart/mixed; boundary="ibiW1j3iD6nWvBmPbJaOUn4pko8Ovx8GU"; protected-headers="v1" From: =?UTF-8?Q?Micka=c3=abl_Sala=c3=bcn?= To: linux-kernel@vger.kernel.org Cc: Alexei Starovoitov , Andy Lutomirski , Arnaldo Carvalho de Melo , Casey Schaufler , Daniel Borkmann , David Drysdale , "David S . Miller" , "Eric W . Biederman" , James Morris , Jann Horn , Jonathan Corbet , Matthew Garrett , Michael Kerrisk , Kees Cook , Paul Moore , Sargun Dhillon , "Serge E . Hallyn" , Shuah Khan , Tejun Heo , Thomas Graf , Will Drewry , kernel-hardening@lists.openwall.com, linux-api@vger.kernel.org, linux-security-module@vger.kernel.org, netdev@vger.kernel.org Message-ID: <753a3a91-23a4-bc63-27cb-12e764d3d5fc@digikod.net> Subject: Re: [PATCH net-next v7 05/10] landlock: Add LSM hooks related to filesystem References: <20170821000933.13024-1-mic@digikod.net> <20170821000933.13024-6-mic@digikod.net> In-Reply-To: <20170821000933.13024-6-mic@digikod.net> --ibiW1j3iD6nWvBmPbJaOUn4pko8Ovx8GU Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 21/08/2017 02:09, Micka=C3=ABl Sala=C3=BCn wrote: > Handle 33 filesystem-related LSM hooks for the Landlock filesystem > event: LANDLOCK_SUBTYPE_EVENT_FS. >=20 > A Landlock event wrap LSM hooks for similar kernel object types (e.g. > struct file, struct path...). Multiple LSM hooks can trigger the same > Landlock event. >=20 > Landlock handle nine coarse-grained actions: read, write, execute, new,= > get, remove, ioctl, lock and fcntl. Each of them abstract LSM hook > access control in a way that can be extended in the future. >=20 > The Landlock LSM hook registration is done after other LSM to only run > actions from user-space, via eBPF programs, if the access was granted b= y > major (privileged) LSMs. >=20 > Signed-off-by: Micka=C3=ABl Sala=C3=BCn > Cc: Alexei Starovoitov > Cc: Andy Lutomirski > Cc: Daniel Borkmann > Cc: David S. Miller > Cc: James Morris > Cc: Kees Cook > Cc: Serge E. Hallyn > --- >=20 > Changes since v6: > * add 3 more sub-events: IOCTL, LOCK, FCNTL > https://lkml.kernel.org/r/2fbc99a6-f190-f335-bd14-04bdeed35571@digiko= d.net > * use the new security_add_hooks() > * explain the -Werror=3Dunused-function > * constify pointers > * cleanup headers >=20 > Changes since v5: > * split hooks.[ch] into hooks.[ch] and hooks_fs.[ch] > * add more documentation > * cosmetic fixes > * rebase (SCALAR_VALUE) >=20 > Changes since v4: > * add LSM hook abstraction called Landlock event > * use the compiler type checking to verify hooks use by an event > * handle all filesystem related LSM hooks (e.g. file_permission, > mmap_file, sb_mount...) > * register BPF programs for Landlock just after LSM hooks registration > * move hooks registration after other LSMs > * add failsafes to check if a hook is not used by the kernel > * allow partial raw value access form the context (needed for programs > generated by LLVM) >=20 > Changes since v3: > * split commit > * add hooks dealing with struct inode and struct path pointers: > inode_permission and inode_getattr > * add abstraction over eBPF helper arguments thanks to wrapping structs= > --- > include/linux/lsm_hooks.h | 5 + > security/landlock/Makefile | 7 +- > security/landlock/common.h | 2 + > security/landlock/hooks.c | 83 ++++++ > security/landlock/hooks.h | 177 +++++++++++++ > security/landlock/hooks_fs.c | 586 +++++++++++++++++++++++++++++++++++= ++++++++ > security/landlock/hooks_fs.h | 19 ++ > security/landlock/init.c | 10 + > security/security.c | 12 +- > 9 files changed, 899 insertions(+), 2 deletions(-) > create mode 100644 security/landlock/hooks.c > create mode 100644 security/landlock/hooks.h > create mode 100644 security/landlock/hooks_fs.c > create mode 100644 security/landlock/hooks_fs.h > diff --git a/security/landlock/init.c b/security/landlock/init.c > index 09acbc74abd6..1e6660fed697 100644 > --- a/security/landlock/init.c > +++ b/security/landlock/init.c > @@ -10,8 +10,10 @@ > =20 > #include /* enum bpf_access_type */ > #include /* capable */ > +#include > =20 > #include "common.h" /* LANDLOCK_* */ > +#include "hooks_fs.h" > =20 > =20 > static inline bool bpf_landlock_is_valid_access(int off, int size, > @@ -23,6 +25,8 @@ static inline bool bpf_landlock_is_valid_access(int o= ff, int size, > =20 > switch (prog_subtype->landlock_rule.event) { > case LANDLOCK_SUBTYPE_EVENT_FS: > + return landlock_is_valid_access_event_FS(off, size, type, > + &info->reg_type, prog_subtype); I forgot to handle LANDLOCK_SUBTYPE_EVENT_FS_{IOCTL,LOCK_FCNTL} here and I included some hunks in the wrong patches. I will fix this in the next series and add tests for those anyway. :) Regards, Micka=C3=ABl --ibiW1j3iD6nWvBmPbJaOUn4pko8Ovx8GU-- --Dnvdt9AH49AkVNNJiXKdkOvxXQXGi39Ck Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEUysCyY8er9Axt7hqIt7+33O9apUFAlmcqUUACgkQIt7+33O9 apVSrQgAkpiEGSlcj4s42B8EP98Wq5IkvJbLVitw/iMEiWsXDO2vDp+9aWG1tXDB lKSPkE/FdU6GCG8Unk0AETiDkG2zkcygiaOu1apcJ90V7ByVmvUUfT1EoRiYmam7 D75lEcqaP3tycXecTlAlTr3OQkE12HiZ2PscRt8HYZ/UIf6EeSDFwhOEUTH2YioW osemeTd/DkNO6PEzJ9NrAkBsFn3jc9pi5b0+994N3ATTOxCPTcDSOGZ09zGrx9ni RWVYsFZwpGCtYyKEFagP/vI0BRTlkM9Bh6ha3hpwi06s7St7JPuqZokL0/aHcikS +n/4+J1x4kU9ydOoD/KuXXZ5NkdJdw== =dAlT -----END PGP SIGNATURE----- --Dnvdt9AH49AkVNNJiXKdkOvxXQXGi39Ck--