Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp6237752ybv;
        Wed, 12 Feb 2020 08:27:43 -0800 (PST)
X-Google-Smtp-Source: APXvYqxLhfKxTIgl74KKQjAQ2gKRKYZx7p/s8c6o95m0aV5uxeW0JlIckHWNRkBeLGAH+dlLOMT8
X-Received: by 2002:aca:ebcb:: with SMTP id j194mr6866088oih.154.1581524862961;
        Wed, 12 Feb 2020 08:27:42 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1581524862; cv=none;
        d=google.com; s=arc-20160816;
        b=btI8cTfNfczVmK4Kfm6ThthR5pBeK1u9VbksJhNFx7OxEK+IiLqcUds5tHKDyfZdxG
         Im1H5TxXFZiO3O3taVRorfQKQm+Dwa9l6OUcrdp588x/epK/+ANmJ7RzYRGyXpKbbNS/
         Uvi2xxf+sSxcV7BNWhYF88EKYWQTnK3cy1chwJs8YmkEs+y+/Wapcz6X70XFN43TWqyA
         cD1PfTS8XTKKDuh8aG/6AP3aJsUDMs43lG3RT0hxXsjn+/5zlpKJ52POMFr3o5HvTXrK
         5/8CszzF6LQSxHNWft3FuOnv42a7Z6CvgQm5BASr7IDXJzCPfMX35ZqYR8tpaPoR704t
         7RuQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:date:from:dkim-signature;
        bh=+Oq1AdUw8m9+Ejebod5uLNgdGrkCleSq0Jc+gdcY2Xc=;
        b=AicCn7ykYn8cvB/+Epj7p88uoThv4JSAUXwyK1UAnKrLO1oNZhWj/7z/0B5j2Kk4Yn
         He0Yd049ZoudyioJN8S+tD30B7miKri7KYFVAb1eQSlFJFxLuzlNCe4YgvHSv6tb070m
         DwYvchMYtstweN2V6GLe7s7nX3VR9onDoDp5Y2pg7AxJI7xdipoFoYfDUVuOM8IsEqzS
         Hdos2xYah9brqDMWVpdsCft3kSdFtKXCT8fY8wnR9I9gyLidZP2eJKrs9SDI9cthVfbX
         bmOR76GB3scOfs/XyMklu9dH1O7NMjTIdWJHeUstum2dZ4uh/qoHZcr7QC17ukkiQaTg
         VAPw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@chromium.org header.s=google header.b=YpL67d8O;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id g72si3669345oib.157.2020.02.12.08.27.30;
        Wed, 12 Feb 2020 08:27:42 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@chromium.org header.s=google header.b=YpL67d8O;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728384AbgBLQ0S (ORCPT <rfc822;kkoh.linux@gmail.com>
        + 99 others); Wed, 12 Feb 2020 11:26:18 -0500
Received: from mail-wm1-f65.google.com ([209.85.128.65]:55684 "EHLO
        mail-wm1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1727264AbgBLQ0S (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 12 Feb 2020 11:26:18 -0500
Received: by mail-wm1-f65.google.com with SMTP id q9so3004966wmj.5
        for <linux-kernel@vger.kernel.org>; Wed, 12 Feb 2020 08:26:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google;
        h=from:date:to:cc:subject:message-id:references:mime-version
         :content-disposition:in-reply-to:user-agent;
        bh=+Oq1AdUw8m9+Ejebod5uLNgdGrkCleSq0Jc+gdcY2Xc=;
        b=YpL67d8OFfQLpn88KHHeHpPU9M5tKjVFTcgq5WB9ADXua8Vw9eM8D2prp/DJjWvw5x
         IUn9CPoWMY9ErauDjliaZ0oyal2LyauacKjUhMC9MEyWAKMtuwKlz5y5xltvAr5Xm+4a
         LxQdRjGor2YzOi0pqFDJ9uvpsP70D/2xy3qaY=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:date:to:cc:subject:message-id:references
         :mime-version:content-disposition:in-reply-to:user-agent;
        bh=+Oq1AdUw8m9+Ejebod5uLNgdGrkCleSq0Jc+gdcY2Xc=;
        b=toaCCmNzq0TazxIrX913bvEI33KsYvXGpIgduyXjuoiwFxILzb4xrQENPuFHClBaT6
         T4APdQA2DprxmpgwjufFpfJ7ruXlWNHtIR/hkv073izJHcSnTXfkLuNJmC/N4YyIBpVe
         HGcEaMVJY8UZ/xIwgROGLuMLJkQQZZ7how9i+Bpcp/Zc6D/S/mHk/ERVNaC0ewYCIGD5
         O5h40w6cdZXfxbjIlKZH71cnWlOVHvmIFCqwb0L2VHfL3iZ7KnsFN531YLoSm/zcoLZx
         WMhj0YOgy/2CzI/Dodpc2ydhXjzhIbUOYGRct4GFOP/d3AqAmCG1Jf4/A8TL0u99ZtYA
         DNDg==
X-Gm-Message-State: APjAAAUxwa3lpRl3tc+FkSbtuU9ryFOMIqfB4fHGvxTAW/Z/OWB1/6L8
        Y0xt6dL5jWi0WBUBQ+xcriFvUg==
X-Received: by 2002:a7b:cab1:: with SMTP id r17mr13425209wml.116.1581524775975;
        Wed, 12 Feb 2020 08:26:15 -0800 (PST)
Received: from google.com ([2a00:79e0:42:204:8a21:ba0c:bb42:75ec])
        by smtp.gmail.com with ESMTPSA id s8sm1267535wrt.57.2020.02.12.08.26.14
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 12 Feb 2020 08:26:15 -0800 (PST)
From:   KP Singh <kpsingh@chromium.org>
X-Google-Original-From: KP Singh <kpsingh>
Date:   Wed, 12 Feb 2020 17:26:13 +0100
To:     Casey Schaufler <casey@schaufler-ca.com>
Cc:     Alexei Starovoitov <alexei.starovoitov@gmail.com>,
        Daniel Borkmann <daniel@iogearbox.net>,
        Jann Horn <jannh@google.com>, KP Singh <kpsingh@chromium.org>,
        kernel list <linux-kernel@vger.kernel.org>,
        bpf <bpf@vger.kernel.org>,
        linux-security-module <linux-security-module@vger.kernel.org>,
        Brendan Jackman <jackmanb@google.com>,
        Florent Revest <revest@google.com>,
        Thomas Garnier <thgarnie@google.com>,
        Alexei Starovoitov <ast@kernel.org>,
        James Morris <jmorris@namei.org>,
        Kees Cook <keescook@chromium.org>,
        Thomas Garnier <thgarnie@chromium.org>,
        Michael Halcrow <mhalcrow@google.com>,
        Paul Turner <pjt@google.com>,
        Brendan Gregg <brendan.d.gregg@gmail.com>,
        Matthew Garrett <mjg59@google.com>,
        Christian Brauner <christian@brauner.io>,
        =?iso-8859-1?Q?Micka=EBl_Sala=FCn?= <mic@digikod.net>,
        Florent Revest <revest@chromium.org>,
        Brendan Jackman <jackmanb@chromium.org>,
        "Serge E. Hallyn" <serge@hallyn.com>,
        Mauro Carvalho Chehab <mchehab+samsung@kernel.org>,
        "David S. Miller" <davem@davemloft.net>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Kernel Team <kernel-team@fb.com>
Subject: Re: BPF LSM and fexit [was: [PATCH bpf-next v3 04/10] bpf: lsm: Add
 mutable hooks list for the BPF LSM]
Message-ID: <20200212162613.GB259057@google.com>
References: <CAG48ez25mW+_oCxgCtbiGMX07g_ph79UOJa07h=o_6B6+Q-u5g@mail.gmail.com>
 <20200211190943.sysdbz2zuz5666nq@ast-mbp>
 <CAG48ez2gvo1dA4P1L=ASz7TRfbH-cgLZLmOPmr0NweayL-efLw@mail.gmail.com>
 <20200211201039.om6xqoscfle7bguz@ast-mbp>
 <CAG48ez1qGqF9z7APajFyzjZh82YxFV9sHE64f5kdKBeH9J3YPg@mail.gmail.com>
 <20200211213819.j4ltrjjkuywihpnv@ast-mbp>
 <CAADnVQLsiWgSBXbuxmpkC9TS8d1aQRw2zDHG8J6E=kfcRoXtKQ@mail.gmail.com>
 <1cd10710-a81b-8f9b-696d-aa40b0a67225@iogearbox.net>
 <20200212024542.gdsafhvqykucdp4h@ast-mbp>
 <bee0fd08-b9f2-83e4-2882-475b81c74303@schaufler-ca.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <bee0fd08-b9f2-83e4-2882-475b81c74303@schaufler-ca.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 12-Feb 07:52, Casey Schaufler wrote:
> On 2/11/2020 6:45 PM, Alexei Starovoitov wrote:
> > On Wed, Feb 12, 2020 at 01:09:07AM +0100, Daniel Borkmann wrote:
> >> Another approach could be to have a special nop inside call_int_hook()
> >> macro which would then get patched to avoid these situations. Somewhat
> >> similar like static keys where it could be defined anywhere in text but
> >> with updating of call_int_hook()'s RC for the verdict.
> 
> Tell me again why you can't register your BPF hooks like all the
> other security modules do? You keep reintroducing BPF as a special
> case, and I don't see why.

I think we tried to answer this in the discussion we had:

 https://lore.kernel.org/bpf/20200123152440.28956-1-kpsingh@chromium.org/T/#meb1eea982e63be0806f9bba58e91160871803752

BPF should not allocate a wrapper (to be statically regsitered at
init) for each LSM hook and run the programs from within that as this
implies adding overhead across the board for every hook even if
it's never used (i.e. no BPF program is attached to the hook).

We can, with the suggestions discussed here, avoid adding unncessary
overhead for unused hooks. And, as Alexei mentioned, adding overhead
when not really needed is especially bad for LSM hooks like
sock_sendmsg.

The other LSMs do not provide dynamic / mutable hooks, so it makes
sense for them to register the hooks once at load time.

- KP

> > Sounds nice in theory. I couldn't quite picture how that would look
> > in the code, so I hacked:
> > diff --git a/security/security.c b/security/security.c
> > index 565bc9b67276..ce4bc1e5e26c 100644
> > --- a/security/security.c

[...]