Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp1006540ybb; Sat, 28 Mar 2020 15:56:44 -0700 (PDT) X-Google-Smtp-Source: ADFU+vvk9vG9O9D4dedFiqnmQCgrZXQYDfPBe903Sm3BqHG7SbXctcFLtazoukwvu5uF41wYkkpK X-Received: by 2002:a05:6830:200c:: with SMTP id e12mr4213107otp.198.1585436204055; Sat, 28 Mar 2020 15:56:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1585436204; cv=none; d=google.com; s=arc-20160816; b=owU8AvyXZJ5zkpuUWCPnwIK41xMsYw9p+5kPs7msM4cJYs6utR6llp1PNyXeB4T3p/ t9hrK7cSBfLOFnXp8qvJvtatJdD2CtncydgJILf7Z0ncZw9pdgwUPnTyrO54iTV0aG2B DE7cdkXDZeuBqgkZcDu5n8BCyNdPS8XZzTPSQljb7RSZccYYENQM84dIzSEjCT9SXG0v 3JNRGTA6P0lwmDOrcNS1W1ec8s8QQG/yvcM2tSWlHmsP7SoeP72Lp3JgMSxbMvmIAYOf A0rwFlNFPBDiXnFAZ5g/2Z3xBjEWFvQjloRh1CAuB6MmYmwECEyOEz4UTAH6ojEHySQe 3HDw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=dXJuf2d61/8VVRTPBrmoNd9kHkfvBJR4eW3rH5y+FIU=; b=RYwSGGVeX8D3Q2sQvylz8eZVNKG2x0vzyguW9rizHSZYZrBUCPCRoHcGZqrOXia3xd X4Or1EUZJAkXpBvFPPtS0ESaDXnz30asLYquA2XH/FDob/rQa0J4Uxu50K4hmp4OTbh+ E0j5ERhErLF0pgjZF1hoPlpWgoKHEXRqPxRJJ9S44XXjMgOWlyjRlPPTybOvHxNr87S3 aMNo4dCRPHO+DWac1VSMqXw3QdRr0MlI6EM0NAYIWD8fHZA/PFG2h56OSH4x3VV/LNP2 4ozQ6ILRKosAMneKHcqYvsmFBWr9nQeD5q7dwMUH9RudvszNH0e+tlbTlYYfAUEkBP0B tzrQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=DFo7Iydl; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o5si1768140otp.191.2020.03.28.15.56.31; Sat, 28 Mar 2020 15:56:44 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=DFo7Iydl; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727763AbgC1Wa0 (ORCPT + 99 others); Sat, 28 Mar 2020 18:30:26 -0400 Received: from mail-wr1-f65.google.com ([209.85.221.65]:35280 "EHLO mail-wr1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727588AbgC1Wa0 (ORCPT ); Sat, 28 Mar 2020 18:30:26 -0400 Received: by mail-wr1-f65.google.com with SMTP id d5so16406921wrn.2 for ; Sat, 28 Mar 2020 15:30:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=dXJuf2d61/8VVRTPBrmoNd9kHkfvBJR4eW3rH5y+FIU=; b=DFo7Iydl8YwLfZxc2DLYtdcLmKa0XDIFKr95+X2iKt8uf+XyU60KPDk8AaAr9fOWP6 16L/XsZ1lN7J4YqSsAZCHcGs8P3OdQtLqKHaYOTN0ZLZUHikJvcjESR1TIa+idWQudiY pR4TUEEW51zfyzcbcyulaG8fqY/4+gJMO2x/Y= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=dXJuf2d61/8VVRTPBrmoNd9kHkfvBJR4eW3rH5y+FIU=; b=DrHTjml2FgpolsZsfgFD1zVDKDMOvV/J0M7nPXcYBeaoyhuMoG9C0P08EVb62stmPy st3mNwIbFXAdMmi1D7qSnfYP/5W2wYCnS0g9/mLB+zazEmplaIIYeKSxZvUjhP60+TfS lXmTykdDkA78V2jdp0/Kg5Qp1XZzqzYSz1i5xvP/Td4oz8wNFKERkywlwOz4vYyGpOeU ilururhAbyVJ9blvNd3SiY/QoxJHQHLOnp4p7U9ICK1/yW+oEjJNbiL3XMcNTSFDnNDW epqyCbqv/9N6LwgVIV/9JvY3WLF5aMLY3XH+VmfwZNYKX+sSYiURn18BLP9/84+uZGil hm/A== X-Gm-Message-State: ANhLgQ18doylBFACzPSDXiJZW8BODvIWw5LNNI6ZuIUQQlbAf5H8k/OO R3fuox5OkEZCcSMuLdY/w5Ul4EP0PdNeKcST/WMl/Q== X-Received: by 2002:adf:e48c:: with SMTP id i12mr6643082wrm.173.1585434623969; Sat, 28 Mar 2020 15:30:23 -0700 (PDT) MIME-Version: 1.0 References: <20200327192854.31150-1-kpsingh@chromium.org> <4e5a09bb-04c4-39b8-10d4-59496ffb5eee@iogearbox.net> <20200328195636.GA95544@google.com> <202003281449.333BDAF6@keescook> In-Reply-To: <202003281449.333BDAF6@keescook> From: KP Singh Date: Sat, 28 Mar 2020 23:30:13 +0100 Message-ID: Subject: Re: [PATCH bpf-next v8 0/8] MAC and Audit policy using eBPF (KRSI) To: Kees Cook Cc: Daniel Borkmann , open list , bpf , Linux Security Module list , Alexei Starovoitov , James Morris , Paul Turner , Jann Horn , Florent Revest , Brendan Jackman , Greg Kroah-Hartman Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Mar 28, 2020 at 10:50 PM Kees Cook wrote: > > On Sat, Mar 28, 2020 at 08:56:36PM +0100, KP Singh wrote: > > Since the attachment succeeds and the hook does not get called, it > > seems like "bpf" LSM is not being initialized and the hook, although > > present, does not get called. > > > > This indicates that "bpf" is not in CONFIG_LSM. It should, however, be > > there by default as we added it to default value of CONFIG_LSM and > > also for other DEFAULT_SECURITY_* options. > > > > Let me know if that's the case and it fixes it. > > Is the selftest expected to at least fail cleanly (i.e. not segfault) I am not sure where the crash comes from, it does not look like it's test_lsm, it seems to happen in test_overhead. Both seem to run fine for me. - KP > when the BPF LSF is not built into the kernel? > > -- > Kees Cook