Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp4478129imm; Mon, 20 Aug 2018 17:07:02 -0700 (PDT) X-Google-Smtp-Source: AA+uWPxV3asQbA5zioBeXmnexpwydphnMJQChDP4HdXTn6KRs8tMKtzZZCMp7D89/whyC84sI7FF X-Received: by 2002:a62:fc5:: with SMTP id 66-v6mr50748304pfp.237.1534810022351; Mon, 20 Aug 2018 17:07:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1534810022; cv=none; d=google.com; s=arc-20160816; b=hBW+6pQD0AHQbPQVYXjNyop0V+datyuG1uGNyyvUKLOP9U66YLijBdjG+kI/eMttu9 Pov3zmXNY5XOyiC1et3fY7xtVZoBoB+afSiTDVYsMkvP3qqSDDH4scXT4VU1qLDISKio iyufr8obp040ax5cIRrRQpfMMJVOSZW4z743NgNC/oo7fpXngQeRjdHXv8GAFlfD+4Al 9VZKT93FXHwBNZQ12k9156lbGtnHXoRUfAfwKQ1tKNuLzoa7+VKYRrKF4DBQrSyxPg9l ncrYXHDdW3EkbRiqy5n0UzrRxyxEZjek3hpUoSJcaDjEdzZrq4BLJKzROj+AL+iMuKpI qnUw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:to:from :arc-authentication-results; bh=B3XTpcULsPZvMjWAsUKeGQoZ8Hwf8isJ8FP9MX32tIo=; b=JvuPV0z1q0Zz6e35x1L4dy3gg/S3CVUkftuSC5IvkCzJEVLb0uJH20jA83Y/7bkySe 1yg/xRDdszF88QnARdJsEBHDxw4g3NscovRYkTypvxybfB1mGcDZJGz383aE3T45z57C qCdSZU1Z9Uid6aMMgFdkBbMqCN18mcyX8m/Oj+k6PFxVGd7+PzOlDzX5IXZ/JH6fufW6 akm1nynDz5UJ5/LrX6nQdRGA+xTHRAVvRYbi73mhN4K9+VF2oU72UkMNmQS8miRouA7I aEW/guZP1vT5zmVJ66mZiCvdCCeMIi/ceaqptA8+Zv6XD7ODw0SodtNRBhfKkLt6tRqW SG+A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j10-v6si10719054pgi.500.2018.08.20.17.06.34; Mon, 20 Aug 2018 17:07:02 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726852AbeHUDWa (ORCPT + 99 others); Mon, 20 Aug 2018 23:22:30 -0400 Received: from mga06.intel.com ([134.134.136.31]:10085 "EHLO mga06.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726715AbeHUDWa (ORCPT ); Mon, 20 Aug 2018 23:22:30 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 20 Aug 2018 17:04:45 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.53,267,1531810800"; d="scan'208";a="250527745" Received: from cschaufl-mobl.amr.corp.intel.com ([10.252.136.122]) by orsmga005.jf.intel.com with ESMTP; 20 Aug 2018 17:04:44 -0700 From: Casey Schaufler To: kernel-hardening@lists.openwall.com, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov, casey.schaufler@intel.com, dave.hansen@intel.com, deneen.t.dock@intel.com, kristen@linux.intel.com, arjan@linux.intel.com Subject: [PATCH RFC v3 0/5] LSM: Add and use a hook for side-channel safety checks Date: Mon, 20 Aug 2018 17:04:39 -0700 Message-Id: <20180821000444.7004-1-casey.schaufler@intel.com> X-Mailer: git-send-email 2.17.0 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org v3: get_task_cred wasn't a good choice due to refcounts. Use lower level protection instead v2: SELinux access policy corrected. Use real_cred instead of cred. This patchset provide a mechanism by which a security module can advise the system about potential side-channel vulnerabilities. If security_safe_sidechannel() returns 0 the security modules do not know of any data that would be subject to a side-channel attack. If the security module maintains data that it believes may be susceptible to a side-channel attack it will return -EACCES. Simple hooks are provided for SELinux and Smack. A new security module is provided to make determinations regarding traditional task attributes, including user IDs, capability sets and namespaces. Signed-off-by: Casey Schaufler --- MAINTAINERS | 6 ++ arch/x86/mm/tlb.c | 12 ++- include/linux/lsm_hooks.h | 12 +++ include/linux/security.h | 1 + security/Kconfig | 1 + security/Makefile | 2 + security/security.c | 6 ++ security/selinux/hooks.c | 9 +++ security/sidechannel/Kconfig | 60 ++++++++++++++ security/sidechannel/Makefile | 1 + security/sidechannel/sidechannel.c | 162 +++++++++++++++++++++++++++++++++++++ security/smack/smack_lsm.c | 18 +++++ 12 files changed, 286 insertions(+), 4 deletions(-)