Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp1513665pxj; Fri, 4 Jun 2021 17:12:13 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxk6VtuY1AoB50KzCp9YUsEVRV0+U6ryVhWMf/pxdbWjaFLdSrYj6PyBVrTSa3bzqttiLDO X-Received: by 2002:a05:6402:754:: with SMTP id p20mr7248444edy.311.1622851933094; Fri, 04 Jun 2021 17:12:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1622851933; cv=none; d=google.com; s=arc-20160816; b=vrKcXP6iNTCR6VyLNw9n2iXouavB10wUH9S5YrsJ8vtW6bYgO40ako7cTr/wHo/NP4 pn4f23ru0U7PHuaDk6iZmRcZPPdwsuLYWAfmAUZSW1K2Ku94gPjMlt7pMsK0PGux7RZK yDKVHKSdeYp0nzvNU2NNetezUvaxott6fjEbSK4FTts2RD+Bcgy+SwyCoNgtc1E1FTni o1043OiGk80xSKUYGJQ23e5+0zlb3lCjv2LB008kxTSPQrjLNgIuzoXvc7GzEXV21/3Z fbe0XYXUVYM48o6ppCfCVS3f40srzr+U0SKjpKE8ESdHO1Jes+EpfLSCpPjTl54nxJcq mPeA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=7O4yi6cn6gBER8XX7UVPJXE8JpTGO2BmTJOk3c1YezY=; b=vz6zR/wYptSHrM0vRdLgaU0jBYW0QDquXQN829UesjTiKWgKrZEOdcIt74A5hYSMJX yvNwhuEV3CywEoS3plQsSvTJpTCoovmQXi3CF4dX2feGAfdpL651Eyeoiyw6KEwIvJ2M neNMaQQ0zh6PP9n3/6HCHtAJQZW/Xwzra+aZn3k5UaZumd3WnbhR35/1c5NXAiCv6acZ qGGoZIszVd9mR3AiaXltqTxszFJDc7kKZBzNwCtWzd14+0Z/YngvkFc6NVJ52RdUHLBI 1WRW9tRWEzmGkSe7JwH0FaBFQ+Mp7nGcemfY2AhtJQs07AK+lR7eSNu+gqeF2DNExFg9 72tg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=lONezNtA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id j12si5799915ejy.26.2021.06.04.17.11.48; Fri, 04 Jun 2021 17:12:13 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=lONezNtA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230041AbhFEAKq (ORCPT + 99 others); Fri, 4 Jun 2021 20:10:46 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33952 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229847AbhFEAKp (ORCPT ); Fri, 4 Jun 2021 20:10:45 -0400 Received: from mail-lf1-x130.google.com (mail-lf1-x130.google.com [IPv6:2a00:1450:4864:20::130]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C1537C061766; Fri, 4 Jun 2021 17:08:41 -0700 (PDT) Received: by mail-lf1-x130.google.com with SMTP id a2so16514627lfc.9; Fri, 04 Jun 2021 17:08:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=7O4yi6cn6gBER8XX7UVPJXE8JpTGO2BmTJOk3c1YezY=; b=lONezNtAYZiUSr1iYLLF2FAFUQSyPAyKMiOyNd4PyFlEEnMeuQSfMC3kgd+j+4lyji fB5o3HzOIrLuUbRM74zkvm4Lt68gJ2bu5r4E/DIf+13z01pKiEq2BtEUXGB73MKFTX3w OEDOrkvwgTp9wS6cLO57bDvnaiRV8YFGvYrFASu3FMK79mLc02KdHb6y+LVIDrnO6QKw OSuOcAHiocCmla4RrGF0uChppDDsJ5qc8sbiJuIE4IFOCKqw+6XUleMpLHNKKl40lPFC 3RjG+nHOzqrsTla4+yu4BnwK2TNFFsAS5jni8Dx5cVESEw7yHiVvjBYtk2QSO39BkQ7e wgDw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=7O4yi6cn6gBER8XX7UVPJXE8JpTGO2BmTJOk3c1YezY=; b=dvBbrvd6DRAvLd0X/ulF/IXJg7JVPaDLFRYtlkOhr3JdilQEqrIZriNMTIMX94zm6d NpKNwTLGvypNYiNM6hqvfPdV6W5mQWSGJBvz4cQl1R4mzRjlosZ/mB5HbURyFvJc6c2J 5ny1ShcixfrqIlAjf/eVAk7A721VUrneF+NB4zHyitavLxoduKXzenDn89VGrvQwEw2+ tcW7d2V3u5xDEBoYdGYd2NUSiDtahVDlRcy3G+yvFVs2BELxxMQOAy+LpkIgrAGDMVz9 gwOzsCia8zjjEjeGegrFFsx9zUr8l/7V8NRsOPcJKqqb2RQvOKGRkde33fgtoWjRy+ks B5RQ== X-Gm-Message-State: AOAM533VJlS/9jE4YjhS7Kps3jNjdhkHxXbnMwZhg+7l/ThFUUX5wGSX 4COUzwcHoZvylUKG/OgM5lfAWS3Xo3VWR0N7nbA= X-Received: by 2002:a05:6512:3c91:: with SMTP id h17mr4482345lfv.214.1622851715688; Fri, 04 Jun 2021 17:08:35 -0700 (PDT) MIME-Version: 1.0 References: <20210517092006.803332-1-omosnace@redhat.com> <01135120-8bf7-df2e-cff0-1d73f1f841c3@iogearbox.net> <2e541bdc-ae21-9a07-7ac7-6c6a4dda09e8@iogearbox.net> <3ca181e3-df32-9ae0-12c6-efb899b7ce7a@iogearbox.net> In-Reply-To: From: Alexei Starovoitov Date: Fri, 4 Jun 2021 17:08:24 -0700 Message-ID: Subject: Re: [PATCH v2] lockdown,selinux: avoid bogus SELinux lockdown permission checks To: Paul Moore Cc: Daniel Borkmann , Ondrej Mosnacek , LSM List , James Morris , Steven Rostedt , Ingo Molnar , Stephen Smalley , selinux@vger.kernel.org, ppc-dev , Linux-Fsdevel , bpf , Network Development , LKML , Casey Schaufler , Jiri Olsa , Alexei Starovoitov , Andrii Nakryiko , "David S. Miller" , Jakub Kicinski , Linus Torvalds Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Jun 4, 2021 at 4:34 PM Paul Moore wrote: > > > Again, the problem is not limited to BPF at all. kprobes is doing register- > > time hooks which are equivalent to the one of BPF. Anything in run-time > > trying to prevent probe_read_kernel by kprobes or BPF is broken by design. > > Not being an expert on kprobes I can't really comment on that, but > right now I'm focused on trying to make things work for the BPF > helpers. I suspect that if we can get the SELinux lockdown > implementation working properly for BPF the solution for kprobes won't > be far off. Paul, Both kprobe and bpf can call probe_read_kernel==copy_from_kernel_nofault from all contexts. Including NMI. Most of audit_log_* is not acceptable. Just removing a wakeup is not solving anything. Audit hooks don't belong in NMI. Audit design needs memory allocation. Hence it's not suitable for NMI and hardirq. But kprobes and bpf progs do run just fine there. BPF, for example, only uses pre-allocated memory.