Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp571561imm; Mon, 1 Oct 2018 14:49:40 -0700 (PDT) X-Google-Smtp-Source: ACcGV61EzvIqWxIWRYcK2ltEhjkpB/EKxivRW4PQrf33P9Z1FIrDBjaewxgOTnVkxebucI2fo77w X-Received: by 2002:a17:902:7842:: with SMTP id e2-v6mr13248096pln.104.1538430580260; Mon, 01 Oct 2018 14:49:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538430580; cv=none; d=google.com; s=arc-20160816; b=BbQkftjip1+tDlvg0EXnBr7kH105E2qPEjVCJoCgdC+lgSV4pHgU0c45AB0k8tBMuL YhSjF7GU582TlmH9VUAFGd6p+rezrwufa8a8vCw7sPpbc+MOyeOCz0mBUa3Tqqo8YPFi rSQyWptD4b6+y3BcXALxVb/f5BLnq1ViqGOA4Eso8RISBP2Ktd5DIy8ZL3rRd6/iOep2 kblxHEfSqagTsgchXXZiy3fF8NTXDJKTrgcvsP/6MkYUtIs/WJbQWi0TYYCv+2CPWcJJ prnsvkxpNvcWKwNCJPSSJD6XAhzi1hAG8b1YMM8BAqeMMCZgYcrkd3AhT4IHe628OatY rZqA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature; bh=vuVbGBvdO2o1Skd/DkZnyO58kitCvUZdXNxmr8f8Yxg=; b=ePNtaRtTxeM0ZCJ15aQD8ph1cEQazSHSDgBw1wMkqJP70Q7onRUq9erI5mXcK+szGN 42fA7f0lso9WAQsqG9At7X2atmz9HE8XXdXpkVQbEPn7UMUj7njPp6/Q9yTs2YYohn7p 14cbid91jNNlGrUSG9tVGczbhtz3jzchAUd35sG/NizIugxIsQPERWzDDOc1gJISrgLe PIwLZt+e+rNi48ChVAeCWBsEUx/n+LGWbVpGD3Sz6P7541kx1wBLr0LZN5PMUbglppOb kYzA8/9L/Y0Y6wRHq0HBajnoRrDNxiszmTUJQQygrHDnLfmFGSc4yNqcOeNm8tLHznRe bIoQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=Vb0xabXj; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v31-v6si12402825plg.84.2018.10.01.14.49.25; Mon, 01 Oct 2018 14:49:40 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=Vb0xabXj; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726604AbeJBE2H (ORCPT + 99 others); Tue, 2 Oct 2018 00:28:07 -0400 Received: from mail-yw1-f67.google.com ([209.85.161.67]:37249 "EHLO mail-yw1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726238AbeJBE2G (ORCPT ); Tue, 2 Oct 2018 00:28:06 -0400 Received: by mail-yw1-f67.google.com with SMTP id y14-v6so6186998ywa.4 for ; Mon, 01 Oct 2018 14:48:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=vuVbGBvdO2o1Skd/DkZnyO58kitCvUZdXNxmr8f8Yxg=; b=Vb0xabXjhFv6avYkENO2GloQmgPMmOwjzDr7+6MCMTnrwL+nkM65bPmcsmdmasyv5N HMyZ6mxwtjn+zx2GVuKaAyxxjP4Iit7/phIsPhYDQhxOvweh4PeG7PDb11BTppxUGSLt sDm8VYEiHVHm97ZbPfX5+sJV3GVb1eu6dHTqc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=vuVbGBvdO2o1Skd/DkZnyO58kitCvUZdXNxmr8f8Yxg=; b=pPrtvGPDMVVAy/NngFVhhA8Y3BqpamgZX7wHIQlovpPjWc71YmD0vLZtzhtL5j6bSn qy9qeweL1QQ/AWNe1aEK2rd6ySOLwvPxy2nnvxyd2Z2j33M9l6MiKHNA5W67xeuhnkQa 0pnixnbkD3jFRkO6S4MQmUsLqJX9CyQIEueCLB9FUSIFv6B/BWy0eFnJtxZT79gzdGij tOKEgeVoXCy4ufFAA22ubxkv3EJTwJoDw/XnTWHbfOENKyh4y/GCs+zGvL405qNCoWeU Ot0MdAFBNFZ5JcPS0wbyRfjwRoVR77UaSlx/CBcteWZeQ8SJ7DgQ4Ndfk3cNTGH2CKdL 8kgA== X-Gm-Message-State: ABuFfoibRhzQMEWw3mCZA8QZcoRnjWIJSP+Kpud9ZsyuHWJFZGtiQFzV 2xr34HdEmDs9L1A3mjYuP6NYxwbfljM= X-Received: by 2002:a81:1a14:: with SMTP id a20-v6mr287935ywa.505.1538430494398; Mon, 01 Oct 2018 14:48:14 -0700 (PDT) Received: from mail-yb1-f173.google.com (mail-yb1-f173.google.com. [209.85.219.173]) by smtp.gmail.com with ESMTPSA id 15-v6sm5881877ywi.76.2018.10.01.14.48.12 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 01 Oct 2018 14:48:12 -0700 (PDT) Received: by mail-yb1-f173.google.com with SMTP id c4-v6so6296986ybl.6 for ; Mon, 01 Oct 2018 14:48:12 -0700 (PDT) X-Received: by 2002:a25:396:: with SMTP id 144-v6mr7279029ybd.403.1538430491782; Mon, 01 Oct 2018 14:48:11 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a25:d116:0:0:0:0:0 with HTTP; Mon, 1 Oct 2018 14:48:10 -0700 (PDT) In-Reply-To: <8010a7d0-c6a0-b327-d5dd-6857d6d42561@schaufler-ca.com> References: <8010a7d0-c6a0-b327-d5dd-6857d6d42561@schaufler-ca.com> From: Kees Cook Date: Mon, 1 Oct 2018 14:48:10 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH 21/19] LSM: Cleanup and fixes from Tetsuo Handa To: Casey Schaufler Cc: LSM , James Morris , SE Linux , LKLM , John Johansen , Tetsuo Handa , Paul Moore , Stephen Smalley , "linux-fsdevel@vger.kernel.org" , Alexey Dobriyan , =?UTF-8?B?TWlja2HDq2wgU2FsYcO8bg==?= , Salvatore Mesoraca Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Sep 26, 2018 at 2:57 PM, Casey Schaufler wrote: > lsm_early_cred()/lsm_early_task() are called from only __init functions. > > lsm_cred_alloc()/lsm_file_alloc() are called from only security/security.c . > > lsm_early_inode() should be avoided because it is not appropriate to > call panic() when lsm_early_inode() is called after __init phase. > > Since all free hooks are called when one of init hooks failed, each > free hook needs to check whether init hook was called. > > The original changes are from Tetsuo Handa. I have made minor > changes in some places, but this is mostly his code. > > Signed-off-by: Casey Schaufler > --- > include/linux/lsm_hooks.h | 6 ++---- > security/security.c | 27 ++++----------------------- > security/selinux/hooks.c | 5 ++++- > security/selinux/include/objsec.h | 2 ++ > security/smack/smack_lsm.c | 8 +++++++- > 5 files changed, 19 insertions(+), 29 deletions(-) I've split this across the various commits they touch: Infrastructure management of the cred security blob LSM: Infrastructure management of the file security LSM: Infrastructure management of the inode security LSM: Infrastructure management of the task security LSM: Blob sharing support for S.A.R.A and LandLock Based on these changes, I've uploaded the "v4.1", or "Casey is on vacation", tree here: https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/log/?h=lsm/blob-sharing-v4.1 I'm going to work on a merged series for the "arbitrary ordering" and "blob-sharing" trees next... -Kees -- Kees Cook Pixel Security