Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp4092193ybb; Mon, 23 Mar 2020 13:21:48 -0700 (PDT) X-Google-Smtp-Source: ADFU+vucLkUzcF/lbzgZ+ojWesaSLerYSqNLSSlIAmVV0BcspYXXflC+tP31TiiJSggaUYQPKa0j X-Received: by 2002:aca:3ad7:: with SMTP id h206mr812085oia.169.1584994908036; Mon, 23 Mar 2020 13:21:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1584994908; cv=none; d=google.com; s=arc-20160816; b=OLU5tIJDUIBaivg2pKDs3aY52XqcwYG6JOh/aJWdoWIci34dVTR95srwfau2J820aM FB3LbkvhttQDlehkx0K5dBOuq6xCRinxVTjSzgkrW/XXWCd8Nea5DFURlG1BAiuxAOMS nlcDEkYlyrzWOPjEhk/mCRJ5Cpt1mk5em4zMcv75ZO2vvcTGvqkyMvSK1KslQ53y3jGZ mz7ikuNNXKXTeUGqrRx+eqcrWXzI5npZ/BRu+TrXF1Jc4eZ2HQ4pY314WcfAaJJQme9o ELQoBI/pOkc92CAkbukOgpphOaxuPmXoke2YMK5O2hqWjDzkfz/Ni/G6r3tBniedkiC8 VOfA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=dq2e7ENlb6avmGzEnYBHkNZ9DRnXGKNiPYpj0AW5dUg=; b=D3Armm5vfvuT2D8Hfu6O8cgQCoTkQTjBw9JkYJVlkaJavqAoiEBSMgInIe0AkursLT 3HY/5XbPMHA96kKZpucbZdsE3BwkTa84rFabOxhm4kbBV2s6JOnk+aJohMCf5+VAt7oY Vh9QuzPfoPAU13iYCvJ1QAB/iTGpMM1BKpUvNtTjHCAF/lmccaV2L6IOmgJkFR2scYRC 4Xo/FKdw/QPyN14YDDLiClfQzaMogPbUXLmgW0ccsb1JepNNpai5roToLKM6ViXbmUwK b4qz5XSB99pBJyAsI2yMOOwTlhfmcrfztmwYlA0eBQ5ar3YyHcC4P2jDZ/5ZbiPbL5AB tgzw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=uu1xFpLO; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 94si8082599otc.25.2020.03.23.13.21.35; Mon, 23 Mar 2020 13:21:48 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=uu1xFpLO; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726143AbgCWUVP (ORCPT + 99 others); Mon, 23 Mar 2020 16:21:15 -0400 Received: from mail-qk1-f194.google.com ([209.85.222.194]:36399 "EHLO mail-qk1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725830AbgCWUVO (ORCPT ); Mon, 23 Mar 2020 16:21:14 -0400 Received: by mail-qk1-f194.google.com with SMTP id d11so16879619qko.3; Mon, 23 Mar 2020 13:21:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=dq2e7ENlb6avmGzEnYBHkNZ9DRnXGKNiPYpj0AW5dUg=; b=uu1xFpLO5YSYuS2vANvLsWqcoNgOTTn9WC1QypwzdjM3kTUkdmt6EUFZrZx3rRBRcX 8bX2LVpHMgmGUolIQ6HFEA4X+66E+q5NQetZrr75cs+GYTfEtVMz7BGWALSzlEw1c0rw KRVZ9eDJL9OSoZTSbDxI+TzPufHpnWwQYxuOyObi01ERpflJ5/+ft4JnSmxKL8tZp0dk INhZVTXEJYcUq7arBtuwT6XTlbbNe3heEz8RDNzwyvUtp8RZHiJ7MqkuADnFq89R/YSp BNs5HVvaAv4eLQbdbEaPN33MTXQAPovB+SWUPMoslKlfeyiNFQdCF5UfQ9/+S6tuxg5k fjgA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=dq2e7ENlb6avmGzEnYBHkNZ9DRnXGKNiPYpj0AW5dUg=; b=OAh6aswAtJ41/KmAuo4RgXPWPlIgiNgQv9s++aoGlwtNsJAKON7wzr/jWF38yUwhBg VZeoehXe10nSXgKWhIgU8gJAepshYjW55iJ32yF4UqHY2vMtAC8TXwJht0P79htXcfXi t/MmYJy3BjNU6NOH5Pv1T1DEaQCgcAhNj/WOuzSj3flL45uSdk92OS/+h6eT18VpLPgf Oqei+IIdQQy7i+pD0Uy4qoEeuXF3VRGINDpggy5QFeCifK7ITm9i+vH6najaU3NYLVAp ekMw/M9onyeu2Lpg9fFWzylvtVqHdAsi7d6nDv6hIT2uyY6tmXPeZQeuKn8VtoP2XH7R NMUw== X-Gm-Message-State: ANhLgQ2pK+aN1iOYw6J/djTUmNaMXHbIT3NHv62hsDhTKnEmG7pCPGEn Oye7h3kJY+91hgLwZiE3cascuh37UIQCPt2XqAU= X-Received: by 2002:a37:e40d:: with SMTP id y13mr22608204qkf.39.1584994873559; Mon, 23 Mar 2020 13:21:13 -0700 (PDT) MIME-Version: 1.0 References: <20200323164415.12943-1-kpsingh@chromium.org> <20200323164415.12943-6-kpsingh@chromium.org> <202003231237.F654B379@keescook> <20200323194759.GB18787@chromium.org> In-Reply-To: <20200323194759.GB18787@chromium.org> From: Andrii Nakryiko Date: Mon, 23 Mar 2020 13:21:02 -0700 Message-ID: Subject: Re: [PATCH bpf-next v5 5/7] bpf: lsm: Initialize the BPF LSM hooks To: KP Singh Cc: Kees Cook , open list , bpf , linux-security-module@vger.kernel.org, Brendan Jackman , Florent Revest , Alexei Starovoitov , Daniel Borkmann , James Morris , Paul Turner , Jann Horn , Florent Revest , Brendan Jackman , Greg Kroah-Hartman Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Mar 23, 2020 at 12:48 PM KP Singh wrote: > > On 23-M=C3=A4r 12:44, Kees Cook wrote: > > On Mon, Mar 23, 2020 at 05:44:13PM +0100, KP Singh wrote: > > > From: KP Singh > > > > > > The bpf_lsm_ nops are initialized into the LSM framework like any oth= er > > > LSM. Some LSM hooks do not have 0 as their default return value. The > > > __weak symbol for these hooks is overridden by a corresponding > > > definition in security/bpf/hooks.c > > > > > > The LSM can be enabled / disabled with CONFIG_LSM. > > > > > > Signed-off-by: KP Singh > > > > Nice! This is super clean on the LSM side of things. :) > > > > One note below... > > > > > Reviewed-by: Brendan Jackman > > [...] > > > > + > > > +/* > > > + * Copyright (C) 2020 Google LLC. > > > + */ > > > +#include > > > +#include > > > + > > > +/* Some LSM hooks do not have 0 as their default return values. Over= ride the > > > + * __weak definitons generated by default for these hooks > > > > If you wanted to avoid this, couldn't you make the default return value > > part of lsm_hooks.h? > > > > e.g.: > > > > LSM_HOOK(int, -EOPNOTSUPP, inode_getsecurity, struct inode *inode, > > const char *name, void **buffer, bool alloc) > > > > ... > > > > #define LSM_HOOK(RET, DEFAULT, NAME, ...) \ > > LSM_HOOK_##RET(NAME, DEFAULT, __VA_ARGS__) > > ... > > #define LSM_HOOK_int(NAME, DEFAULT, ...) \ > > noinline int bpf_lsm_##NAME(__VA_ARGS__) \ > > { \ > > return (DEFAULT); \ > > } > > > > Then all the __weak stuff is gone, and the following 4 functions don't > > need to be written out, and the information is available to the macros > > if anyone else might ever want it. > > Thanks, I like it! > > If no-one objects, I will update it in the next revision. > I was about to propose the same, explicit default value seems like a much cleaner and more straightforward way to do this. > - KP > > > > > -Kees > > > > > + */ > > > +noinline int bpf_lsm_inode_getsecurity(struct inode *inode, const ch= ar *name, > > > + void **buffer, bool alloc) > > > +}; > > [...] > > > > -- > > > 2.20.1 > > > > > > > -- > > Kees Cook