Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp3357647imm;
        Fri, 24 Aug 2018 15:44:16 -0700 (PDT)
X-Google-Smtp-Source: ANB0VdYklqZuEgpWA2Me39u1ixGaGwFfwc2NGG5CT1G6H9bdOWXl0j8PAMvuBXcCbQCMcJKW6Q+D
X-Received: by 2002:aa7:84c2:: with SMTP id x2-v6mr3837455pfn.220.1535150656446;
        Fri, 24 Aug 2018 15:44:16 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1535150656; cv=none;
        d=google.com; s=arc-20160816;
        b=nDseePBAxXxNvhMUPILUjpOUyHdozNgu0Jg2IWLekp4z1uwiEytx6Q0pyghbQJhxTu
         gpQh5vIMQpDGOpG/R0p96bP17FN5yU3zylCb8Btej4HKqLaD51Q9WqoWzl7lyqS6fPnj
         Gao/v7HhphXgkfbL9aFPzlz/vwvZBPRwUfTEgTM4LFfp/8Z1vyFoUjLTpaBV5YHNPkad
         yA386/fs/CNLmygQO0is0dlKYd5HL+d74/2OFO3Fh6bdgyR6Ddv5fFP05hJdTH1E/124
         76A1Efdj0TX7D68P/NbZQfiFcGhah1CICN2mowwixyEXbz53pMxJXetgHv4j7DwY5CfW
         Qu9A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:message-id:date:subject:to:from
         :arc-authentication-results;
        bh=dnp7W1v797HbfBK22qq/sFWBXjIysppGAoMY7c1+HL0=;
        b=jVd2F1Q/aKdERYrHvKEF0RY2ztS1ouDYPMeGmeiQOeGu2yrB1q8fm48NFR4cGsae1i
         dZBhV2KDnxH9dnw349qsmaouaa/xVCQS5uEza+KGwgrQLXz1vI9192QglS0oICehcobV
         xBo7psUGsJINaIfR2wMZYFOSWyB9F+MoD3EdAOqVE+1zhBPIRvVAKhWWcALZG0Vkrqwe
         0lBvthkOF5KLGcLoTwy+L6X16C3bbx5rIe9hgwk+vAZkMBHiYPzYxMzy584WExSfU2wQ
         szeB687qeGlEjQEEwzqTjvESA4N9YtlX+Iq5RtabZ5gcIOeQzlyocub+cPoK1HuJ/UDq
         tO3Q==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id 24-v6si5393483pft.235.2018.08.24.15.44.01;
        Fri, 24 Aug 2018 15:44:16 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727112AbeHYCSH (ORCPT <rfc822;chenhe.dev@gmail.com>
        + 99 others); Fri, 24 Aug 2018 22:18:07 -0400
Received: from mga06.intel.com ([134.134.136.31]:59921 "EHLO mga06.intel.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726770AbeHYCSH (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 24 Aug 2018 22:18:07 -0400
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga001.fm.intel.com ([10.253.24.23])
  by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 24 Aug 2018 15:41:31 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.53,284,1531810800"; 
   d="scan'208";a="84307210"
Received: from cschaufl-mobl.amr.corp.intel.com ([10.254.2.129])
  by fmsmga001.fm.intel.com with ESMTP; 24 Aug 2018 15:41:17 -0700
From:   Casey Schaufler <casey.schaufler@intel.com>
To:     kernel-hardening@lists.openwall.com, linux-kernel@vger.kernel.org,
        linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov,
        casey.schaufler@intel.com, dave.hansen@intel.com,
        deneen.t.dock@intel.com, kristen@linux.intel.com,
        arjan@linux.intel.com
Subject: [PATCH v4 0/5] LSM: Add and use a hook for side-channel safety checks
Date:   Fri, 24 Aug 2018 15:41:12 -0700
Message-Id: <20180824224117.3356-1-casey.schaufler@intel.com>
X-Mailer: git-send-email 2.17.0
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

v4: select namespace checks if user namespaces are enabled
    and credential checks are request.
v3: get_task_cred wasn't a good choice due to refcounts.
    Use lower level protection instead
v2: SELinux access policy corrected.
    Use real_cred instead of cred.

This patchset provide a mechanism by which a security module
can advise the system about potential side-channel vulnerabilities.
If security_safe_sidechannel() returns 0 the security modules do
not know of any data that would be subject to a side-channel
attack. If the security module maintains data that it believes
may be susceptible to a side-channel attack it will return -EACCES.

Simple hooks are provided for SELinux and Smack. A new security
module is provided to make determinations regarding traditional
task attributes, including user IDs, capability sets and namespaces.

Signed-off-by: Casey Schaufler <casey.schaufler@intel.com>

---
 MAINTAINERS                        |   6 ++
 arch/x86/mm/tlb.c                  |  12 ++-
 include/linux/lsm_hooks.h          |  12 +++
 include/linux/security.h           |   1 +
 security/Kconfig                   |   1 +
 security/Makefile                  |   2 +
 security/security.c                |   6 ++
 security/selinux/hooks.c           |   9 ++
 security/sidechannel/Kconfig       |  65 +++++++++++++
 security/sidechannel/Makefile      |   1 +
 security/sidechannel/sidechannel.c | 184 +++++++++++++++++++++++++++++++++++++
 security/smack/smack_lsm.c         |  18 ++++
 12 files changed, 313 insertions(+), 4 deletions(-)