Received: by 2002:a05:6a10:16a7:0:0:0:0 with SMTP id gp39csp4180450pxb; Tue, 10 Nov 2020 09:45:27 -0800 (PST) X-Google-Smtp-Source: ABdhPJymIEMxaFkLuRLCyX6nmFATY+n4lalHvAY1VpaGGFDg7KJLomBLL0RzwF66ja545B2YJlg0 X-Received: by 2002:a50:d582:: with SMTP id v2mr22493813edi.218.1605030327324; Tue, 10 Nov 2020 09:45:27 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1605030327; cv=none; d=google.com; s=arc-20160816; b=DFZRDaZkwpWEneunH4FdL7Js0BIWHgRtGouNvYxdmB8gZvJNUZwKLmxysnBlEjMSp4 +1mSYONhkO3/kF22huZ9PI6JSGM+UAmXq8Ge/D8LlRuDyLVnBbrhRs5PZhWsp15voj2l ycuB2bkntoVdHYisVbNgz6WFqTcMXcXuYuxGWyhqVRHRjFvUOBOSYeHuN3F2TB+O7/gf JkHcugLfHUlZrQ1cFjnzuQWc4V5r/p8UEDOWtLIE/LbBs2G1BkXm7KZJt1TURd5oRGkF XIZjUNceoTs6KArtHk4mct06Nc7NaAPfuBoBw/BwhTss+3lU1BODG7OvCE48LY7lzoM7 ZHBg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=xF9/tbw9kOE7P0FAYcDx8ImhRA3RlHzojbtxK6nR5qQ=; b=KhGUm8DKKDWp0mc+JyQCVLgdQO/yh50tzj4For5fuPTAzSnvJ3NRO4Of1dJvh/S2cg +StQ3Bnw+wN6+vcGaK1BeghBN0OqsJQ0VLTMiGmO7s+Kd1GpeB9SiYTd8VjXY1UKwCNE 3zq74+sxuXpplquSeMAct/+WA/LEHy2SGyX7/LBs+xEmzEHlE+1dzCtvhOnca5y9lYC/ OYFq71Y6jJEJV7VvzaduuWxBTbaL096dDV5VkHm2ksJ8jtUzaM3sMgcHl3QvtdcVizUr KBnn/WJGJw5r25sn4bXTfVWgureS/pjyuMwhqyDTgn7+RcY2vLqgWTRSvIm4djDM0iXy NI/A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=Zh3PDYrA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id l26si9582848ejq.557.2020.11.10.09.45.02; Tue, 10 Nov 2020 09:45:27 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=Zh3PDYrA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730986AbgKJRmY (ORCPT + 99 others); Tue, 10 Nov 2020 12:42:24 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34402 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726400AbgKJRmX (ORCPT ); Tue, 10 Nov 2020 12:42:23 -0500 Received: from mail-pf1-x443.google.com (mail-pf1-x443.google.com [IPv6:2607:f8b0:4864:20::443]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 95A64C0613CF for ; Tue, 10 Nov 2020 09:42:23 -0800 (PST) Received: by mail-pf1-x443.google.com with SMTP id q5so9107256pfk.6 for ; Tue, 10 Nov 2020 09:42:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=xF9/tbw9kOE7P0FAYcDx8ImhRA3RlHzojbtxK6nR5qQ=; b=Zh3PDYrAEV+1C0mncbeDX7SS6s2UY5CwYoWMUaL9sFqBdYheZMRcsKmg7v8y1s1cuv Yf4iIwxQ3jrQRk6U/dT5TAi21MtJDvfzx1yAMA2IgRuHcweM/YSocmMpwwvfIdxZmO9U 5ABXvV0Vc+llYKajBKq6i2CXQW6ZoLhMNHGgwMLfooBOZp9ANdx8tP2bq4HtUR/2t3Xk MvgX1KAPi+RsI/l4zPszmlypBRHLbApduuI+ejk2dRinY1qtXNOVW2Ju0efaLfSNZ9Qi QrkLAjG1Cyf1VUttFW55xVYGA9Lee2nrr+onFSPr0+NvE4k6w/Saq3KBarsiOHxRGog2 vC3g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=xF9/tbw9kOE7P0FAYcDx8ImhRA3RlHzojbtxK6nR5qQ=; b=DN47F7V18SDJ6OHeOP9GJ511v27/kyiuIeEPbDQHFq1zjrpzTGYlWHAJxm9Thy4op7 jsV/wybtPfq/Ma5MnVgudyl9QPcw5Tf0xdcoBLklXMMUWa45k0miAWNwwm8n996+hh9v SRj4muaY2RKtIAs8TymcyQMEduTT8DKzqedn+h/veVpUo2i7CuFvW/s8f6p3TJxrHJm3 2wbzT7umphKOVnQZJ3cNg73KJdGcIJrge4pAq/xr0gGuZRV+dTp0uN4Fo9y4oOR8bFnx roASUB8RiLYvl2j0JGHthaXrW0oplcw6Taift6j8Dk5sOqMI1WlBO5OZt4vZo0Gw8mgN rxPw== X-Gm-Message-State: AOAM530tC6bWL/+qA7Pgu6OMkKJYVEUzv9/Qv9uT6sH/vGlm1mhiDLuZ opfE/Yj+Ox4r3g6GpebIbKCSQ9/UhOTtU1KiCqguXw== X-Received: by 2002:a63:1f53:: with SMTP id q19mr18270115pgm.286.1605030142984; Tue, 10 Nov 2020 09:42:22 -0800 (PST) MIME-Version: 1.0 References: <20201029183526.2131776-1-aleksandrnogikh@gmail.com> <20201029183526.2131776-2-aleksandrnogikh@gmail.com> In-Reply-To: <20201029183526.2131776-2-aleksandrnogikh@gmail.com> From: Andrey Konovalov Date: Tue, 10 Nov 2020 18:42:12 +0100 Message-ID: Subject: Re: [PATCH v3 1/2] security: add fault injection capability To: Aleksandr Nogikh Cc: James Morris , serge@hallyn.com, akinobu.mita@gmail.com, Dmitry Vyukov , Marco Elver , Alexander Potapenko , Kees Cook , casey@schaufler-ca.com, LKML , linux-security-module@vger.kernel.org, Aleksandr Nogikh Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Oct 29, 2020 at 7:35 PM Aleksandr Nogikh wrote: > > From: Aleksandr Nogikh > > Add a fault injection capability to call_int_hook macro. This will > facilitate testing of fault tolerance of the code that invokes > security hooks as well as the fault tolerance of the LSM > implementations themselves. > > Add a KConfig option (CONFIG_FAIL_LSM_HOOKS) that controls whether the > capability is enabled. In order to enable configuration from the user > space, add the standard debugfs entries for fault injection (if > CONFIG_FAULT_INJECTION_DEBUG_FS is enabled). > > Signed-off-by: Aleksandr Nogikh Reviewed-by: Andrey Konovalov > --- > v2: > * Renamed should_fail_lsm_hook() to lsm_hooks_inject_fail(). > --- > lib/Kconfig.debug | 6 +++++ > security/security.c | 53 ++++++++++++++++++++++++++++++++++++++++++--- > 2 files changed, 56 insertions(+), 3 deletions(-) > > diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug > index 537cf3c2937d..80d289591e29 100644 > --- a/lib/Kconfig.debug > +++ b/lib/Kconfig.debug > @@ -1803,6 +1803,12 @@ config FAIL_MAKE_REQUEST > help > Provide fault-injection capability for disk IO. > > +config FAIL_LSM_HOOKS > + bool "Fault-injection capability for LSM hooks" > + depends on FAULT_INJECTION > + help > + Provide fault-injection capability for LSM hooks. > + > config FAIL_IO_TIMEOUT > bool "Fault-injection capability for faking disk interrupts" > depends on FAULT_INJECTION && BLOCK > diff --git a/security/security.c b/security/security.c > index 69ff6e2e2cd4..1105ad0f6891 100644 > --- a/security/security.c > +++ b/security/security.c > @@ -28,6 +28,7 @@ > #include > #include > #include > +#include > #include > > #define MAX_LSM_EVM_XATTR 2 > @@ -669,6 +670,51 @@ static void __init lsm_early_task(struct task_struct *task) > panic("%s: Early task alloc failed.\n", __func__); > } > > + > +#ifdef CONFIG_FAIL_LSM_HOOKS > + > +static struct { > + struct fault_attr attr; > + int retval; > +} fail_lsm_hooks = { > + .attr = FAULT_ATTR_INITIALIZER, > + .retval = -EACCES > +}; > + > +static int __init setup_fail_lsm_hooks(char *str) > +{ > + return setup_fault_attr(&fail_lsm_hooks.attr, str); > +} > +__setup("fail_lsm_hooks=", setup_fail_lsm_hooks); > + > +static int lsm_hooks_inject_fail(void) > +{ > + return should_fail(&fail_lsm_hooks.attr, 1) ? fail_lsm_hooks.retval : 0; > +} > + > +#ifdef CONFIG_FAULT_INJECTION_DEBUG_FS > + > +static int __init fail_lsm_hooks_debugfs(void) > +{ > + umode_t mode = S_IFREG | 0600; > + struct dentry *dir; > + > + dir = fault_create_debugfs_attr("fail_lsm_hooks", NULL, > + &fail_lsm_hooks.attr); > + debugfs_create_u32("retval", mode, dir, &fail_lsm_hooks.retval); > + return 0; > +} > + > +late_initcall(fail_lsm_hooks_debugfs); > + > +#endif /* CONFIG_FAULT_INJECTION_DEBUG_FS */ > + > +#else > + > +static inline int lsm_hooks_inject_fail(void) { return 0; } > + > +#endif /* CONFIG_FAIL_LSM_HOOKS */ > + > /* > * The default value of the LSM hook is defined in linux/lsm_hook_defs.h and > * can be accessed with: > @@ -707,16 +753,17 @@ static void __init lsm_early_task(struct task_struct *task) > } while (0) > > #define call_int_hook(FUNC, IRC, ...) ({ \ > - int RC = IRC; \ > - do { \ > + int RC = lsm_hooks_inject_fail(); \ > + if (RC == 0) { \ > struct security_hook_list *P; \ > + RC = IRC; \ > \ > hlist_for_each_entry(P, &security_hook_heads.FUNC, list) { \ > RC = P->hook.FUNC(__VA_ARGS__); \ > if (RC != 0) \ > break; \ > } \ > - } while (0); \ > + } \ > RC; \ > }) > > -- > 2.29.1.341.ge80a0c044ae-goog >