Received: by 2002:a05:6358:489b:b0:bb:da1:e618 with SMTP id x27csp7834061rwn; Wed, 14 Sep 2022 05:19:30 -0700 (PDT) X-Google-Smtp-Source: AA6agR6CKuwdGfwIULt2u7aeo8AtofuG+Lbi6nyglluFjeD+WT6JRHmlt//SRG0NPuvA9vpdApeJ X-Received: by 2002:a17:902:ecd2:b0:178:3b53:ec0d with SMTP id a18-20020a170902ecd200b001783b53ec0dmr11816981plh.167.1663157969891; Wed, 14 Sep 2022 05:19:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1663157969; cv=none; d=google.com; s=arc-20160816; b=gaUnrTys7Pinx/APOiTcPorPzyoV04KBKcy9yuxai48x+gexUArCVC1hWY7e2GOlS7 XtiPcPI6Cz9eujteSaIo1KcJ+OLGhkDt95kNcf0SlgHattQavc7pF9nUjnqXJveS02fz 2pN40gm3NehIcVrNePUqpH1r/V3Xtzg1ei0lHw+MlVe6g+L6/ahu9maI1Q7kS06Y6uPd eJjGDhE9rawk7kM8tqf+s9QhwIp/DOFDEs6QHXMenMXJ//JvxXhUM7Ez68XpCMXG5fQ/ AVb8gw7L/E6jXR49Zq6YC8zScrl2urrXiAzv3aVngXB6XiejZdJS/0sJfI7KbUSsmX1h zMUQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=sOxHaoTJOjG90MRKGtH8xvRMhqWLDRTQda56XXmNdy8=; b=v3jT5dON9mPfqAEPHYwyBm4AUwa0ivJ6Ks79gQlRvsHg8Kc378A3POhuhFc/kDCuCl oPe9+KqwYrNP4e3Wx3vFKAXAxwUpWtTpE6ewBC9JulUNZDUJ8tNMejJtJZBxulV9cqSH U7F610ZAjF5/KdpDbGMWoB8ZkNiUZqmd5jqKRamiS0FNgiJkgPvYKrTcJFFlLy2Pvqf5 iR94MnIDS1wIRKD4OdBPbkvmnYLeLT9aw+actbpicq+ycJjnnt4fntpiHXkSRBl8eDnw 8Bwush780HeILw6GBGJ9eCKFI6kXdlAU1v/Th+8Bs1pcl4kSMkisl2OEMFAdUGq3Ezft XjSA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b=y8pxtjJN; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id a3-20020a636603000000b0041bc27c45b9si5260316pgc.811.2022.09.14.05.19.17; Wed, 14 Sep 2022 05:19:29 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b=y8pxtjJN; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229926AbiINLnk (ORCPT + 99 others); Wed, 14 Sep 2022 07:43:40 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56746 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229941AbiINLn0 (ORCPT ); Wed, 14 Sep 2022 07:43:26 -0400 Received: from mail-oa1-x31.google.com (mail-oa1-x31.google.com [IPv6:2001:4860:4864:20::31]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D3B407C1F9 for ; Wed, 14 Sep 2022 04:43:24 -0700 (PDT) Received: by mail-oa1-x31.google.com with SMTP id 586e51a60fabf-1225219ee46so40179863fac.2 for ; Wed, 14 Sep 2022 04:43:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20210112.gappssmtp.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date; bh=sOxHaoTJOjG90MRKGtH8xvRMhqWLDRTQda56XXmNdy8=; b=y8pxtjJNRTqsadlORjvQJVCQTL15Da9B3B4XK2cnOSKgXSz4dvHCVGs9GWBK1g11Te zLb907AFMy6DLmzbSzLELy7Wg3pmtdZ24bdHRiibV8V55ANh8wSOLq9T/ODJi1/m9hMK QYvMxHoTNNqBdGxuKG7W8YFFjZ8+HO3noGv4eSis4ADs0tNc8xwpjIZt+hn5c4O4XpIw PSh3B1pv8FZF3YGjEL7R34B1aHnhg4pEfCqs+BlWE5ndjB0awYt2hN87gsXQnqQcWdU4 tpqXvSygnCNYxLSoOk+fHVEwybuIuwmKi2XiUJ9x2ZEceXZD+splDVJev18DTbZo2xTr 5glw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date; bh=sOxHaoTJOjG90MRKGtH8xvRMhqWLDRTQda56XXmNdy8=; b=nzl3DHPxoew3gOcovY+/Ws5pEgsX2NskxvGdtd6dY3JDcLl8vqoOuXGv8rS/CDMeQK pD9Gn+hC7Ye1h/aox81X2afI6Q8rHg365rBKAI2VTL1xwoVgOpEbLw9Vt067kL6FyqPl u5p5m5ZC9o+nttB2UyJ2HJ3DMnHh6WUatWwcqUXhMnMjzw3sPh8SrLF6k20YkbZlcomM KGORUg5Y4yhnWN0YOkv7zud8hZX8u3Zxiqpuelz8bMD2oJkQHv4CUOtUyZnnBtFUHHiT 1qiW2Qr4bHQ2hdAiNYDCs91jq+Sg6lqiJ022r25gXg0lTMXZ094ulIc8ziWdIRlN8lfB sVjA== X-Gm-Message-State: ACgBeo2xw0DqUK6lIAmsi0lDX9ct0giyDgWUqUcSbbUgC2vgAzTbIM1e WiuCUwRvBYtA5mDKrC9XwhA3ZoyGXnTzKv3vBXQW0KdFmoOy X-Received: by 2002:a05:6870:178b:b0:12b:c621:b7a9 with SMTP id r11-20020a056870178b00b0012bc621b7a9mr2106429oae.41.1663155804184; Wed, 14 Sep 2022 04:43:24 -0700 (PDT) MIME-Version: 1.0 References: <20220908220222.267255-1-nathanl@linux.ibm.com> In-Reply-To: From: Paul Moore Date: Wed, 14 Sep 2022 07:43:13 -0400 Message-ID: Subject: Re: [PATCH] lockdown: ratelimit denial messages To: Nathan Lynch Cc: linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, jmorris@namei.org, serge@hallyn.com Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_NONE, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Sep 9, 2022 at 10:05 AM Paul Moore wrote: > On Thu, Sep 8, 2022 at 6:02 PM Nathan Lynch wrote: > > > > User space can flood the log with lockdown denial messages: > > > > [ 662.555584] Lockdown: bash: debugfs access is restricted; see man kernel_lockdown.7 > > [ 662.563237] Lockdown: bash: debugfs access is restricted; see man kernel_lockdown.7 > > [ 662.571134] Lockdown: bash: debugfs access is restricted; see man kernel_lockdown.7 > > [ 662.578668] Lockdown: bash: debugfs access is restricted; see man kernel_lockdown.7 > > [ 662.586021] Lockdown: bash: debugfs access is restricted; see man kernel_lockdown.7 > > [ 662.593398] Lockdown: bash: debugfs access is restricted; see man kernel_lockdown.7 > > > > Ratelimiting these shouldn't meaningfully degrade the quality of the > > information logged. > > > > Signed-off-by: Nathan Lynch > > --- > > security/lockdown/lockdown.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > This seems reasonable. While the last visible lockdown message to the > console might be incorrect/old, I think it would give the user a good > indication that lockdown is being hit and hopefully preserve the start > of the denial storm. It is also worth noting that this does introduce > a spinlock to this code path, but since it is only an issue on error I > doubt it will have any significant impact. > > I'll leave this until next week to give people a chance to > comment/object, but if there are no further comments I'll plan on > merging this into lsm/next. Now merged into lsm/next, thanks! -- paul-moore.com