Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp2247430ybv; Fri, 21 Feb 2020 11:42:10 -0800 (PST) X-Google-Smtp-Source: APXvYqwkwrZ85D3EvmOPzAZsSc8Z60XQ7rKatjuRbTjj2UHyiHE6H/NWB/+INPWqCQY+1l1RgwgS X-Received: by 2002:a9d:754e:: with SMTP id b14mr14195256otl.59.1582314130388; Fri, 21 Feb 2020 11:42:10 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1582314130; cv=none; d=google.com; s=arc-20160816; b=XVSd4ikvC5hNPobB/i822xqDdFHKmh7FkoscjyXYSgvLgRWQQjVTTk6Z1dI98+aO+2 2VQ2mT36foXvI3R39rFNIeQIWTsd2OlnXDx5qnjdxv9+9Wy0r1nieopRL0xamg4w1zBy H7supvtUBqczh8KsXano6QuFxI3+kWJVwtRaf/UJlPYfkRKFJ1IL8BfWbH9wL36iyO03 xQMJzdfg7S6aYDznyyH6o14L8OKKBKghkbgeHbK/+AA1MkXlTGKoe0teVl1zJqyEWT1T alETAISMBJWYaQ+nJm/GCzSASBUCGaqqFJR25aa08E0s719fe8gtSi9APNfe6ArXA5Ut RiZA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:date:from:dkim-signature; bh=lF+X01NQeyowOxsjGyQ+K+InDP6nyF3s7HMSuCIuqwU=; b=RDd9hDFkwlRrDXVugHZsclGgxLOByihhgb70V1aWx0CfoLfP+EuJDfAc/EdvlbtWPE kFir8PSyr17ZrnWbPbkSALhQ0FSP1DtrXZxnqzkWhaVmo06CVKXyZznWDGqQ85fwGiHj IJOO/zkzVUr6lZErj52Lf6QBkHMxe3z2/Qo3/YGa1PXa52fHc8QOtCcIJm40+8vkjtWV TFLXUMIlw9MHzIsicAoflBICs9CXb3vyLEHlaC0P/viz1eN0esTLRPb0ZPXb0MeICmZ0 G41VD9htJHPAzBkg/NPeeRpQG5sxygz/9YOv5z8djKH6s/tjC6SYU9P8Ei6orSxnB6A4 iJyA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=EjzllT9j; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u23si1993390otj.242.2020.02.21.11.41.58; Fri, 21 Feb 2020 11:42:10 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=EjzllT9j; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726725AbgBUTly (ORCPT + 99 others); Fri, 21 Feb 2020 14:41:54 -0500 Received: from mail-wr1-f66.google.com ([209.85.221.66]:37406 "EHLO mail-wr1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726526AbgBUTlx (ORCPT ); Fri, 21 Feb 2020 14:41:53 -0500 Received: by mail-wr1-f66.google.com with SMTP id w15so3323629wru.4 for ; Fri, 21 Feb 2020 11:41:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:date:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=lF+X01NQeyowOxsjGyQ+K+InDP6nyF3s7HMSuCIuqwU=; b=EjzllT9j0FNgXh1gzp7ZKM8N0I91TP8vAm+bivdngSVLKq+0Euegsefdl+EWU6IdGD JfHB+Oo9gLRRQrSy4UYadFpYIhdU5UzkXn6LbpRsAoT1YKLo7m/QhEGJMp4BVC1oX25h fxQ/ObVXBcP3rVK/4oaOYEep3dzK7dFngxXR4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:date:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=lF+X01NQeyowOxsjGyQ+K+InDP6nyF3s7HMSuCIuqwU=; b=rih+5zh1CQpMqOPhnvAmUB3Bclve0kiDp35DhQHOlIGs0nBWSP0y6trTsNKDvgf6Cw WF0N/HMSbAD5uhQvXIywj6A2WLP/qq5iIxUGDPmi0iFsaOWIhOsah+iZE8KGYFBMkmos eRPsK+WqEfNzaKiwY+fIGVg3qgkTduo3Ss3xtpARlfxb3AJt/wXc+x5MZ3UOJi6kTWhf 9wHg9wCsEnbDrkgeq+zBN65mrbQToqeSFmx8Cp1MCDcb1h2PstpR0DnSe/E2nRhzcZtx tCacKk4OjmsZIYpMUtkZPyWbb0nWcOQXfOMeknBvRjG/Ey6KnWh10+BW5u5qd7jvk4sq X6kg== X-Gm-Message-State: APjAAAVoQDCJWkuxQQO53c9cmJ4X3QlAS3o2L0COPZEyTm3b7HK92p0U Chx8BtyP60PBWJpn2ttpomK1Dg== X-Received: by 2002:a05:6000:128a:: with SMTP id f10mr52557069wrx.116.1582314111976; Fri, 21 Feb 2020 11:41:51 -0800 (PST) Received: from chromium.org (77-56-209-237.dclient.hispeed.ch. [77.56.209.237]) by smtp.gmail.com with ESMTPSA id 25sm5152414wmi.32.2020.02.21.11.41.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 21 Feb 2020 11:41:51 -0800 (PST) From: KP Singh X-Google-Original-From: KP Singh Date: Fri, 21 Feb 2020 20:41:49 +0100 To: Casey Schaufler Cc: Linux Security Module list , LKML , bpf , James Morris , Kees Cook Subject: Re: [PATCH bpf-next v4 0/8] MAC and Audit policy using eBPF (KRSI) Message-ID: <20200221194149.GA9207@chromium.org> References: <20200220175250.10795-1-kpsingh@chromium.org> <85e89b0c-5f2c-a4b1-17d3-47cc3bdab38b@schaufler-ca.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <85e89b0c-5f2c-a4b1-17d3-47cc3bdab38b@schaufler-ca.com> User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 21-Feb 11:19, Casey Schaufler wrote: > On 2/20/2020 9:52 AM, KP Singh wrote: > > From: KP Singh > > Again, apologies for the CC list trimming. > > > > > # v3 -> v4 > > > > https://lkml.org/lkml/2020/1/23/515 > > > > * Moved away from allocating a separate security_hook_heads and adding a > > new special case for arch_prepare_bpf_trampoline to using BPF fexit > > trampolines called from the right place in the LSM hook and toggled by > > static keys based on the discussion in: > > > > https://lore.kernel.org/bpf/CAG48ez25mW+_oCxgCtbiGMX07g_ph79UOJa07h=o_6B6+Q-u5g@mail.gmail.com/ > > > > * Since the code does not deal with security_hook_heads anymore, it goes > > from "being a BPF LSM" to "BPF program attachment to LSM hooks". > > I've finally been able to review the entire patch set. > I can't imagine how it can make sense to add this much > complexity to the LSM infrastructure in support of this > feature. There is macro magic going on that is going to > break, and soon. You are introducing dependencies on BPF > into the infrastructure, and that's unnecessary and most > likely harmful. We will be happy to document each of the macros in detail. Do note a few things here: * There is really nothing magical about them though, the LSM hooks are collectively declared in lsm_hook_names.h and are used to delcare the security_list_options and security_hook_heads for the LSM framework (this was previously maitained in two different places): For BPF, they declare: * bpf_lsm_ attachment points and their prototypes. * A static key (bpf_lsm_key_) to enable and disable these hooks with a function to set its value i.e. (bpf_lsm__set_enabled). * We have kept the BPF related macros out of security/. * All the BPF calls in the LSM infrastructure are guarded by CONFIG_BPF_LSM (there are only two main calls though, i.e. call_int_hook, call_void_hook). Honestly, the macros aren't any more complicated than call_int_progs/call_void_progs. - KP > > Would you please drop the excessive optimization? I understand > that there's been a lot of discussion and debate about it, > but this implementation is out of control, disruptive, and > dangerous to the code around it. > >