Received: by 2002:a05:6358:1087:b0:cb:c9d3:cd90 with SMTP id j7csp229531rwi; Tue, 25 Oct 2022 23:31:14 -0700 (PDT) X-Google-Smtp-Source: AMsMyM6DQbqvotBuw7kaKVg+Anxy67TaDhfQ70w6i5nhKjn4XgtkiAzwlqw9S6/S/JPdiXfoRjM5 X-Received: by 2002:aa7:800a:0:b0:565:af23:f5a4 with SMTP id j10-20020aa7800a000000b00565af23f5a4mr42820079pfi.42.1666765863947; Tue, 25 Oct 2022 23:31:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1666765863; cv=none; d=google.com; s=arc-20160816; b=blfZKg3kpVTmNl938Ek696PwigdGlH40gogfO3UC3t5Qh9vH7x/EGyAN7ewIG2LL9F 4goaE9G3VfWbhpZBnah3tt2Fcg8dCh/nXqSBYezgSicJaB3NDDR+Xran2ACUZZfiq8N0 RKeKICC8HX1wZYh2hlPA2jWAU9XN4OivJwNwx9/sFfJnOctnZv8bBTNb44hv+vFKvUlt 3XIIgZmkSKvQml8e9eifONNut4hBl3rYnFsYa2QpCIWMXFb9lEnfJXgSuPiqJ5nJXoEV yFNaih+RjiJEaPPWKu+fAVbII4+RzBhABjbBpBNm6bKltUy18Ru9xpsA3dHc6SPy37Gi KuJg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:feedback-id :dkim-signature:dkim-signature; bh=cryDf7Y+3M9CLK5RxWlMrIwqHBGNcJC7X2dE+tQcf5E=; b=I1r5FfV9JmOjajpZZNtEAvgFvsyBmCK9UB3cggI8/98dw7qwHblc65iO7KlWiFYMMv qm1A1UHgVQ1SHVEOehZOYFdq8cn03vkXXwC1aUnwaOGp9Cebjeek3pOkSGkv1AtXOKfy QfVNpMO1eHRTn54kg0ilLCQpBAR6n9AIutnh5nN4AjK8D5+NTKIqZVyzF2pon+63bARi W0FINypYRn9NI2BkxiX+2hEcxbDWSFTJkC0OoYsrRerj2rCOWqoe/56344zkBkd/KDrI HzMiaUk8lCMUPotcIxP30FWaYWtozZxDn7afo0hcCuW0idoVHFULp5FV+eEvxE6iu1lf SRrA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kroah.com header.s=fm3 header.b=pJOk1vKH; dkim=pass header.i=@messagingengine.com header.s=fm3 header.b=M1A9P7x2; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id bx17-20020a056a00429100b0055706edd79csi5318013pfb.240.2022.10.25.23.30.51; Tue, 25 Oct 2022 23:31:03 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kroah.com header.s=fm3 header.b=pJOk1vKH; dkim=pass header.i=@messagingengine.com header.s=fm3 header.b=M1A9P7x2; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232913AbiJZGCu (ORCPT + 99 others); Wed, 26 Oct 2022 02:02:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36328 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229497AbiJZGCp (ORCPT ); Wed, 26 Oct 2022 02:02:45 -0400 Received: from wnew4-smtp.messagingengine.com (wnew4-smtp.messagingengine.com [64.147.123.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E01FC275CD; Tue, 25 Oct 2022 23:02:43 -0700 (PDT) Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailnew.west.internal (Postfix) with ESMTP id B31E22B069B3; Wed, 26 Oct 2022 02:02:38 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute4.internal (MEProxy); Wed, 26 Oct 2022 02:02:40 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kroah.com; h=cc :cc:content-type:date:date:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to; s=fm3; t=1666764158; x=1666771358; bh=cryDf7Y+3M 9CLK5RxWlMrIwqHBGNcJC7X2dE+tQcf5E=; b=pJOk1vKHpOJjlwckSNd9BRxqwa A++tLXue4elCDJEs/FwhFCMA4mlybL7/bcnREkCUYMUIfOlEJG3da8STDZkqY5hs SzuYbmSPt3X9XBdPlwqHAwj/lEH9DzXUvPd8zyPxZYn7scRy2QpLPW9tSD1ZCkIm +Y9DmMBJ7crSaYzz2SnCH2FHvBVd/nrLtRvVcKXzrQpfQMJckENGGGKPVAyRhzXH s8Kgkj89i/YsXOkOt2tBxqI6ANLymIEZIitF+w4jgNRdAULBTSEDbv5MrAM7EUp1 5DS+GdYHY6d/uOhz4L8q2f3jwCuGANSKcpVd1P1vfwzmim7NR18JivkiT/Sw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:date:date:feedback-id :feedback-id:from:from:in-reply-to:in-reply-to:message-id :mime-version:references:reply-to:sender:subject:subject:to:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm3; t=1666764158; x=1666771358; bh=cryDf7Y+3M9CLK5RxWlMrIwqHBGN cJC7X2dE+tQcf5E=; b=M1A9P7x2QBOIYwjVzraKyNNSyTnArE+R0obaDKXkbaXk jdvk38VQWdNIpESdexhUNmHWkjVWE1z19E1lHwMP9yYTjvbzj7ndxqyk64e2orYe aeJ3doMIL9SQoHWrH30m79wnCxBzh0ppZTgDdjrJeVEZxBTyyw/evNeDjl2j7IDE 3GY+vViS7j1D6T27qbCCMix12Th5LtnKw+EbC9mOz0L+jAtmOlPJqIZdmkMva6g7 ISidOO8ARUK+jHyO++wVu1Kj3+1JC/gkpKKObBQooHD6KdPbPAecQjitmUOosAUL o2lzTPqt0Ro+20Rlq4G1/rZydnY3UdFSbzXj5QpXEw== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvgedrtddugddutdehucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepfffhvfevuffkfhggtggujgesthdtredttddtvdenucfhrhhomhepifhrvghg ucfmjfcuoehgrhgvgheskhhrohgrhhdrtghomheqnecuggftrfgrthhtvghrnhepheegvd evvdeljeeugfdtudduhfekledtiefhveejkeejuefhtdeufefhgfehkeetnecuvehluhhs thgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepghhrvghgsehkrhhorg hhrdgtohhm X-ME-Proxy: Feedback-ID: i787e41f1:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Wed, 26 Oct 2022 02:02:36 -0400 (EDT) Date: Wed, 26 Oct 2022 08:03:29 +0200 From: Greg KH To: Casey Schaufler Cc: casey.schaufler@intel.com, paul@paul-moore.com, linux-security-module@vger.kernel.org, jmorris@namei.org, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, mic@digikod.net Subject: Re: [PATCH v1 6/8] LSM: lsm_self_attr syscall for LSM self attributes Message-ID: References: <20221025184519.13231-1-casey@schaufler-ca.com> <20221025184519.13231-7-casey@schaufler-ca.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20221025184519.13231-7-casey@schaufler-ca.com> X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS, SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Oct 25, 2022 at 11:45:17AM -0700, Casey Schaufler wrote: > Create a system call lsm_self_attr() to provide the security > module maintained attributes of the current process. Historically > these attributes have been exposed to user space via entries in > procfs under /proc/self/attr. > > Attributes are provided as a collection of lsm_ctx structures > which are placed into a user supplied buffer. Each structure > identifys the security module providing the attribute, which > of the possible attributes is provided, the size of the > attribute, and finally the attribute value. The format of the > attribute value is defined by the security module, but will > always be \0 terminated. The ctx_len value will be larger than > strlen(ctx). > > ------------------------------ > | unsigned int id | > ------------------------------ > | unsigned int flags | > ------------------------------ > | __kernel_size_t ctx_len | > ------------------------------ > | unsigned char ctx[ctx_len] | > ------------------------------ > | unsigned int id | > ------------------------------ > | unsigned int flags | > ------------------------------ > | __kernel_size_t ctx_len | > ------------------------------ > | unsigned char ctx[ctx_len] | > ------------------------------ > > Signed-off-by: Casey Schaufler > --- > include/linux/syscalls.h | 2 + > include/uapi/linux/lsm.h | 21 ++++++ > kernel/sys_ni.c | 3 + > security/Makefile | 1 + > security/lsm_syscalls.c | 156 +++++++++++++++++++++++++++++++++++++++ > 5 files changed, 183 insertions(+) > create mode 100644 security/lsm_syscalls.c > > diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h > index a34b0f9a9972..2d9033e9e5a0 100644 > --- a/include/linux/syscalls.h > +++ b/include/linux/syscalls.h > @@ -71,6 +71,7 @@ struct clone_args; > struct open_how; > struct mount_attr; > struct landlock_ruleset_attr; > +struct lsm_cxt; > enum landlock_rule_type; > > #include > @@ -1056,6 +1057,7 @@ asmlinkage long sys_memfd_secret(unsigned int flags); > asmlinkage long sys_set_mempolicy_home_node(unsigned long start, unsigned long len, > unsigned long home_node, > unsigned long flags); > +asmlinkage long sys_lsm_self_attr(struct lsm_ctx *ctx, size_t *size, int flags); > > /* > * Architecture-specific system calls > diff --git a/include/uapi/linux/lsm.h b/include/uapi/linux/lsm.h > index 61e13b1b9ece..1d27fb5b7746 100644 > --- a/include/uapi/linux/lsm.h > +++ b/include/uapi/linux/lsm.h > @@ -9,6 +9,27 @@ > #ifndef _UAPI_LINUX_LSM_H > #define _UAPI_LINUX_LSM_H > > +#include > +#include > + > +/** > + * struct lsm_ctx - LSM context > + * @id: the LSM id number, see LSM_ID_XXX > + * @flags: context specifier and LSM specific flags > + * @ctx_len: the size of @ctx > + * @ctx: the LSM context, a nul terminated string > + * > + * @ctx in a nul terminated string. > + * (strlen(@ctx) < @ctx_len) is always true. > + * (strlen(@ctx) == @ctx_len + 1) is not guaranteed. > + */ > +struct lsm_ctx { > + unsigned int id; > + unsigned int flags; > + __kernel_size_t ctx_len; > + unsigned char ctx[]; Please use data types that are allowed to cross the user/kernel boundry in a safe way. That would mean this would use __u64 instead of unsigned int, and __u8 instead of unsigned char. thanks, greg k-h