Received: by 2002:a25:c593:0:0:0:0:0 with SMTP id v141csp5999125ybe; Tue, 10 Sep 2019 11:58:07 -0700 (PDT) X-Google-Smtp-Source: APXvYqxRj2VYhRx4Z1L7hwCl/mjYLAOT2x1CpeNqh9O8kwksgQRX1eVdIEXjmd6gDOPWFgFWXelo X-Received: by 2002:a17:906:d7b5:: with SMTP id pk21mr26297232ejb.174.1568141887016; Tue, 10 Sep 2019 11:58:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1568141887; cv=none; d=google.com; s=arc-20160816; b=rkCkMB9wND1Xi2YwtAnHLxa/iRwBZX3kz/nzmXTkpYXpU4tYKxzdYyy7v/82NXyUmX 07VCyF2S4azJWtIlLm8o1zZU69gffF9hUhGn7HKt4DydoikC8os1xmrQ2Vp+jwzf/vgD 7svuPbfKSzmmPny4TxAJJdtd4rbjf09Y2EHAwP9kD5jz8gi1x6n6GQp06M7XFl2TTLeL 0XGIxZuOQqZapJKdd0cd9j28tDax0ESbAvcHRJmxilnxUSPMnM/VZ3ok7RDF77ndUy0G kyf43r4BHwNvvgorsneXpicj3EC9Vk40JQslr7BIWs6slLJ1HZ+zYML79NVGzAzpUZGd iWPw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=oVQ7Tct8tU0DJx5s8h1k7biDl9I5KG0OFqo1Lpd86hc=; b=M3Ia8It58i6uwH2XbEGBeOP0YQvtQRXChNrsNNfOQDz+1zpmPKfR10Li5J5WliWs31 Klg+m930Bf/GhaFhpHMoIPvSvL4grXS7PgGTQtGhFHDKt03OyWuPP+b/8uetCH5xAeVO FXJBZHN4EoOlEEJ4OyuauYJohbV1seyKGfSlcR29VCio7o87hH0m9q2H71ExPRFUGpMd wYK8TNudJslqCeHa6KzYep2fG1JDvSp7vbh+BDF0wJ8K4zUXYVAcp7WrlrVaTzHnLbt6 ZqnnXsOznnJ26e9sK/wi4lIqRZCFOTR5zgN5VTM46jxDUNJDTefkPXyknQCfgTY1gllz WMYw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b="lIcQYf/a"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b27si9588224eje.123.2019.09.10.11.57.43; Tue, 10 Sep 2019 11:58:06 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b="lIcQYf/a"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388259AbfIJL5V (ORCPT + 99 others); Tue, 10 Sep 2019 07:57:21 -0400 Received: from mail-wr1-f67.google.com ([209.85.221.67]:47010 "EHLO mail-wr1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1733236AbfIJL4i (ORCPT ); Tue, 10 Sep 2019 07:56:38 -0400 Received: by mail-wr1-f67.google.com with SMTP id d17so6860478wrq.13 for ; Tue, 10 Sep 2019 04:56:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=oVQ7Tct8tU0DJx5s8h1k7biDl9I5KG0OFqo1Lpd86hc=; b=lIcQYf/amVBtQDfTxCxyvYoyuo7sxkZenk0YeowuFnzDH6o8iHr3Ldayw8ch8W5+Fa dRQYIkfrm5mFDKNUvGJOYCBnZmxaTxgckK4gIyg2wybSvUgyFr4Qyup1A5rGGxMnbdAf TujF0G6HNz/U56ZKm3MxmHZ9PCEw9y/TPRj+g= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=oVQ7Tct8tU0DJx5s8h1k7biDl9I5KG0OFqo1Lpd86hc=; b=KWC5jEAk03V2U9nE6PYuI9SFgeovjv/rcUAeO1VdLpbEBP4GMmwEQgCWh63bWMXSoK XERnyVhMIxvfRfQSQ5vM3f6L+vJnviT5C1o143zmBLgvhZQ+4gX5zMfNSMrUeyPtha/A bYfYTDzsI89rqy6C0aVo5t1eeT3vyL8i4WY0tQztdDE4RMJZ49+qRPL1k7u9toUam+mY bXRRTwYnBfwGDRe4ggmAruEFep+8wgGl/bGasjSoxUn2uSXrb3LYtAbKaXL0MHHKV54j +ew8rz1uiKlAOYQLqcW/ePpK5iHukFfy8JMq4NVl/CjWPxJw/9VOY4jOEOVIs1jmDYez JdOQ== X-Gm-Message-State: APjAAAX2h6HUGzSw6rdJJqiG1xob3u+CGKReVjOnPk5csHfMr23eeEYY ussNLl3LhEdXdo7C4Xgbwj21iRGBuHw= X-Received: by 2002:adf:e947:: with SMTP id m7mr26846741wrn.178.1568116596374; Tue, 10 Sep 2019 04:56:36 -0700 (PDT) Received: from kpsingh-kernel.c.hoisthospitality.com (110.8.30.213.rev.vodafone.pt. [213.30.8.110]) by smtp.gmail.com with ESMTPSA id q19sm23732935wra.89.2019.09.10.04.56.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Sep 2019 04:56:35 -0700 (PDT) From: KP Singh To: linux-kernel@vger.kernel.org, bpf@vger.kernel.org, linux-security-module@vger.kernel.org Cc: Alexei Starovoitov , Daniel Borkmann , James Morris , Kees Cook , Thomas Garnier , Michael Halcrow , Paul Turner , Brendan Gregg , Jann Horn , Matthew Garrett , Christian Brauner , =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= , Florent Revest , Martin KaFai Lau , Song Liu , Yonghong Song , "Serge E. Hallyn" , Mauro Carvalho Chehab , "David S. Miller" , Greg Kroah-Hartman , Nicolas Ferre , Stanislav Fomichev , Quentin Monnet , Andrey Ignatov , Joe Stringer Subject: [RFC v1 08/14] krsi: Show attached program names in hook read handler. Date: Tue, 10 Sep 2019 13:55:21 +0200 Message-Id: <20190910115527.5235-9-kpsingh@chromium.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190910115527.5235-1-kpsingh@chromium.org> References: <20190910115527.5235-1-kpsingh@chromium.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: KP Singh For inspectability the system administrator should be able to view the list of active KRSI programs: bash # cat /sys/kernel/security/krsi/process_execution bpf_prog1 Signed-off-by: KP Singh --- security/krsi/krsi_fs.c | 76 ++++++++++++++++++++++++++++++++++++++++- 1 file changed, 75 insertions(+), 1 deletion(-) diff --git a/security/krsi/krsi_fs.c b/security/krsi/krsi_fs.c index 3ba18b52ce85..0ebf4fabe935 100644 --- a/security/krsi/krsi_fs.c +++ b/security/krsi/krsi_fs.c @@ -6,6 +6,7 @@ #include #include #include +#include #include #include @@ -16,8 +17,81 @@ extern struct krsi_hook krsi_hooks_list[]; static struct dentry *krsi_dir; +static void *seq_start(struct seq_file *m, loff_t *pos) + __acquires(rcu) +{ + struct krsi_hook *h; + struct dentry *dentry; + struct bpf_prog_array *progs; + struct bpf_prog_array_item *item; + + /* + * rcu_read_lock() must be held before any return statement + * because the stop() will always be called and thus call + * rcu_read_unlock() + */ + rcu_read_lock(); + + dentry = file_dentry(m->file); + h = dentry->d_fsdata; + if (WARN_ON(!h)) + return ERR_PTR(-EFAULT); + + progs = rcu_dereference(h->progs); + if ((*pos) >= bpf_prog_array_length(progs)) + return NULL; + + item = progs->items + *pos; + if (!item->prog) + return NULL; + + return item; +} + +static void *seq_next(struct seq_file *m, void *v, loff_t *pos) +{ + struct bpf_prog_array_item *item = v; + + item++; + ++*pos; + + if (!item->prog) + return NULL; + + return item; +} + +static void seq_stop(struct seq_file *m, void *v) + __releases(rcu) +{ + rcu_read_unlock(); +} + +static int show_prog(struct seq_file *m, void *v) +{ + struct bpf_prog_array_item *item = v; + + seq_printf(m, "%s\n", item->prog->aux->name); + return 0; +} + +static const struct seq_operations seq_ops = { + .show = show_prog, + .start = seq_start, + .next = seq_next, + .stop = seq_stop, +}; + +static int hook_open(struct inode *inode, struct file *file) +{ + return seq_open(file, &seq_ops); +} + static const struct file_operations krsi_hook_ops = { - .llseek = generic_file_llseek, + .open = hook_open, + .read = seq_read, + .llseek = seq_lseek, + .release = seq_release, }; int krsi_fs_initialized; -- 2.20.1