Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp1934251pxk; Sat, 3 Oct 2020 02:55:09 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzF+2TgoGZHvE0FMSvf+YBXd6kR23m1XgqxkqExlhnpDcWy7ixS0TreTexEdRFHkJL2Zn0M X-Received: by 2002:a05:6402:142a:: with SMTP id c10mr7692182edx.261.1601718908826; Sat, 03 Oct 2020 02:55:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1601718908; cv=none; d=google.com; s=arc-20160816; b=Yt66ss/q2SA630gsyF36ulqN++QMgQiR1EDpotsdxnMmItxr3guoR03s0WkMfHEqhf APcSmJlROPoFkNKCevafngVVZsLYqtLimEUQLdkF5oniQHK7/dfjimo3Zcig/bkX8QIg h8V4lPpGfjT/vLssdzwgDMWimAk7BcAE+66exG4ISeCnDp0k4m3V18sdtckOzaJJTAei lAbZvI3KCsXOln1B35t5GFljhVgDDyikqPjzoG47UNm0Ibzzj94aH00F/4pzLp52DIL9 fawhZmyPO578RaZ5AcoW6G9fPk99sz+s353w2C26XCtAyosHnMOQn8+g3ex069C1f6Ay u0qw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=FeLLzio3OvbTfnLtLZHOy2Zs009BfhieNUSzGLdivSk=; b=xlP8kw33N9LZPtP0tmptP5m8FMrXiFFBA2PRwblv/muAie+ihXoTAs9QYHaI2Df7CG R4MTu0oMLF/MuNfq64ZZ3btGFrbHhFrXRJHVixyuR8xAi03DcSuczpkos6Wy4gj+vxlH uECumqWqoGdMRyV+/cuE1NMI+2YdHZlpHuEBMGjklvU8Zi5KM56qVoYB6IVIuYLM71Ce FWcGV0rddIYLiYf5wNJ/8819+KxfVIalsdA6b0K0wEQlWsawELp7qSZwJTFKbNIqQ870 HtGn+y6zgcPk1878zcPoEA38D/43NnTUQ7zFmlyV6fYXHgKzPST7yhuZ3FQmwCHM2lEi 0q7A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmx.net header.s=badeba3b8450 header.b=YgyxAo9i; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id c17si2951230edx.209.2020.10.03.02.54.45; Sat, 03 Oct 2020 02:55:08 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmx.net header.s=badeba3b8450 header.b=YgyxAo9i; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725792AbgJCJxo (ORCPT + 99 others); Sat, 3 Oct 2020 05:53:44 -0400 Received: from mout.gmx.net ([212.227.15.18]:55189 "EHLO mout.gmx.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725775AbgJCJxo (ORCPT ); Sat, 3 Oct 2020 05:53:44 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1601718746; bh=+J10i8bNFrOqOG+3GURM3R/KC2tKxHk7bbB91+yozrE=; h=X-UI-Sender-Class:Date:From:To:Cc:Subject:References:In-Reply-To; b=YgyxAo9ipXCQEdwyhONQS+h1PTqn+hieEUf2kcfmMKmC2iYTGHN7xL2TmTFzp0TtB mf5ffJupFNvyQJoKYlHbI2fMpjGIMKdHsig7UZZDDhhNc/MOlDRh66QmtxQASKpHsh uBc2ARI0Bt9UPKGOIeW6rbl2UzdAcJDvpo0/4NVg= X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c Received: from ubuntu ([79.150.73.70]) by mail.gmx.com (mrgmx005 [212.227.17.184]) with ESMTPSA (Nemesis) id 1MSKyI-1jw0SA1wlc-00Sft4; Sat, 03 Oct 2020 11:52:26 +0200 Date: Sat, 3 Oct 2020 11:52:12 +0200 From: John Wood To: Steven Rostedt Cc: Kees Cook , kernel-hardening@lists.openwall.com, John Wood , Matthew Wilcox , Jonathan Corbet , Alexander Viro , Ingo Molnar , Peter Zijlstra , Juri Lelli , Vincent Guittot , Dietmar Eggemann , Ben Segall , Mel Gorman , Luis Chamberlain , Iurii Zaikin , James Morris , "Serge E. Hallyn" , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org Subject: Re: [RFC PATCH 3/6] security/fbfam: Use the api to manage statistics Message-ID: <20201003095212.GA2911@ubuntu> References: <20200910202107.3799376-1-keescook@chromium.org> <20200910202107.3799376-4-keescook@chromium.org> <202009101625.0E3B6242@keescook> <20200929194712.541c860c@oasis.local.home> <20200929194924.31640617@oasis.local.home> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200929194924.31640617@oasis.local.home> X-Provags-ID: V03:K1:ggAP+Xm36kOZKXGb8H7ns8txs5t75Yr2LN5k1wKKGh7OrSyP4rv hABdr9ji9QjJMvdKJxa0Bo3pYk88oKRhyy8fuCUgx+hQKixmUvHbc1MDhKrV5cNsE+bxTP2 Dk9PDaf2LUhtvdfHI+c0tcesCUkPkqHAYbnqWHE26/KCx1PlkWnubZnT6EbHkaMsMgXGyuU xlSBDE65qQDt9mTbJg9QA== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1;V03:K0:3i4hMYig/Sg=:QgDlo3Fo4OAuy7Zosj84zw ldZ6Q2QLZiTRCIufr3bSmOYnjwZ1lFU18uEMJkn+4Fr8NbsA9s42eEVDlMksDspaRsYMexdGO 45XVRt/IoXnOVWdrg2jyNDsQsFsDT+3H1Ktx5oT8R9JIL9uxREu+JqSjEwscQEoNmE+2FDWK9 w3ENzD6ACmNPB7bStYhkzZXhtS3OlXIMeRHFBKaPl4LjgliDTwfcZ42K2KSfJaV2ut3iyunwk OvrkZsHIHx2N+CC45RRk+zAse5/4ZmTd2llFRdGacvZyVD5G5Amt5tmbhEK8Io7fSkxqtQMTb yDTVfCdXw9Ou2YjoTZGdc29O3NWP9ksSQr2s0Jm4KF+PSAIFY0MVvQ3tkz9QEGZeCTNiJl24t AYWmCP8MFQunYK+/7KQUkV4syjZfKQsOGhWoBeGCogNxTVGAl7eau5NWc506r8MwznKGP0E7X 5H/soS8iQ9tGJsbrQW2bi4Cr9aI+n9aKj8QSpG9Gyg+tJSh7pnxX7nDG0r5KOYZIavMNAoJTm 7O1XtZagVphvyo8BF5X4B0nqUuRwvWiHSa0j31be255+FxswtdXj4AGteOxTeHdryUNcC2N4c IXfBlvZOOtceo/mv8+KomewuYW8ZJyA2FiOXYI98B17Ox7ywOnqeJ33erC301YOEqIhKqpSUB +SnDwitQk+63gfTYzwTfBb6WyjfY0SG+ko9aDzqPTtrRgQU9k9GDC50hN0+lTY6UcxuKz2GWx 3rsTrH4I5k+HD4pxZRyybfx9ezKoAeC+CW17blJUyroVYsqcc7BoaOllFwrrHUqHL8MY4U8Wn gaaOtEm4hIEfgxa4uztTg0NUDg7O7ioBZqC/x+IvNEswdLiS1uYlqTYNUvFhyO49Is7036EVX LiR8BLxqRq3Q+T9OXQQzLOe1RMa2iZjvWxCHq0e9nKAq/mZxo+ZeNv24yNDjQ4pafCASpkTl5 70/RcD2tUgsEg2XVTTpfBuOCUXF3pJr8FyW26PMeJ87GMMR/QCJWUzw4O7E/hT95AP5/rpNIL VaoQENCp6HmFy1Y4ufI99vRrKQHUYIhaGbVh8XMbtSsb9LUS0MtfJUWhVAO0d1T9xywLoHp/e ZgQE09w+RUrtSAEjD6tj+aj/MuFI7e4IMmAqlimOSAnwzxIyC44HiVHojeYn6G4FKtK74g6sC NtpHowXAs6E12LUUobi0vXwNrCdz1IgyUGcpsfaU6OcKS4f50Pb61rPs/b3S5+WDqCnUgcMhI US28q0ydgG9GDKNrO6/GL+5MNwwcCb3XfMxjC9g== Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Steven, On Tue, Sep 29, 2020 at 07:49:24PM -0400, Steven Rostedt wrote: > On Tue, 29 Sep 2020 19:47:12 -0400 > Steven Rostedt wrote: > > > On Thu, 10 Sep 2020 16:33:38 -0700 > > Kees Cook wrote: > > > > > > @@ -1940,6 +1941,7 @@ static int bprm_execve(struct linux_binprm *= bprm, > > > > task_numa_free(current, false); > > > > if (displaced) > > > > put_files_struct(displaced); > > > > + fbfam_execve(); > > > > > > As mentioned in the other emails, I think this could trivially be > > > converted into an LSM: all the hooks are available AFAICT. If you on= ly > > > want to introspect execve _happening_, you can use bprm_creds_for_ex= ec > > > which is called a few lines above. Otherwise, my prior suggestion ("= the > > > exec has happened" hook via brpm_cred_committing, etc). > > > > And if its information only, you could just register a callback to the > > trace_sched_process_exec() tracepoint and do whatever you want then. > > > > The tracepoints are available for anyone to attach to. Not just tracin= g. > > > And there's also trace_sched_process_fork() and > trace_sched_process_exit(). Since this feature requires a pointer to the statistical data in the task_struct structure, and the LSM allows this using the security blobs, I think that the best for now is convert all the code to an LSM. Anyway, thanks for the suggestion. > -- Steve Thanks, John Wood