Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp1598638rwb; Wed, 16 Nov 2022 21:57:20 -0800 (PST) X-Google-Smtp-Source: AA0mqf7nPx19bYwJi9eqr6CDQTwF0S4i35FoHbdzygVVsMjFmsDAEHWTKzSVBls9vhYQPUzogqI4 X-Received: by 2002:a05:6402:f01:b0:459:9dd3:2217 with SMTP id i1-20020a0564020f0100b004599dd32217mr834789eda.163.1668664639931; Wed, 16 Nov 2022 21:57:19 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668664639; cv=none; d=google.com; s=arc-20160816; b=ZwrijvT3tltXTrdLP4DIFwndtuddtfr9LaxruEL7L56ulhJm0BansN8ULfu0eYmWil MeDtHFItlUTHBjycHCArYLTmmw+r0DMMLjxD0GqtCpOc+fs+iwV1CyXozpLWDl2K9rYz aeaWLoF9x7G4OKnyg+ht0ks5EfGFJUoe0ptLyw+XNs59hyUmLZqW04Hl3XBEp2uelzau i8AW1NU0eSLIgi9APw8i5RT3DA5hH9wzkvt6Cct2zOK8bKtCTsOvaIxdhv8Rn/Ktcy6O oyoPd9P9SRW+y4Awlql4GIKZbIrRZFUBmSlrmng9Lb2RpgDxZnb4CqTdeWgrA7gcjK0y oPPQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=F/hvm5QNNvkoCPO2ZpLNFYkSxS1A7o2rCHOacXWCOV0=; b=B6aC3RYnOo9oSSVqsmDdxpeKdcE43QRNKoCh0ePhrptbNs0iu40tRlMPdYOdPEWsJS UJ2mokRtMrDVNok3oE0yvPzmNUjH+69DsL3TzjZWVumWF2TRdXTSGlkcLRqbG1wQCgmg al6s9cb6WX5XKkTP4gMcALSHFAXgk1PPhjJAzZd5SQvmdF+vbhP3izPXREtul9Kv2hUh ryY7D9+3+hKB09nsBgl98Tr8AjbGMHA0dqRF/FQ1Upg2fURjbuKZSZcAY1++GNLndY7N tSnOlAnDWpNxscbLtgdIe9OtTdmCScK+41BGlfQf/0JujVoFf9ROLmFKfxdWKA+A2a9j jRpw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=D9NNrD2f; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id c3-20020a0564021f8300b004680b40d2ecsi132747edc.235.2022.11.16.21.56.58; Wed, 16 Nov 2022 21:57:19 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=D9NNrD2f; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239155AbiKQFui (ORCPT + 90 others); Thu, 17 Nov 2022 00:50:38 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44836 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239298AbiKQFuK (ORCPT ); Thu, 17 Nov 2022 00:50:10 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6A91A11813; Wed, 16 Nov 2022 21:49:59 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id C19F462085; Thu, 17 Nov 2022 05:49:58 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id DC1FEC433D6; Thu, 17 Nov 2022 05:49:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1668664198; bh=qGKZERLnu8H566XOnqj6FLlWt0eOikd2hAvc/xFshHU=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=D9NNrD2fNtF7I72M6hrNhHhwkE2rhBXmwCdDK8zyAqTTmwRIFYD8KFuG7BWWnwbHO oWYhw9cBKohhzm1BSqMZa60ABglKr+cHH8E6/Kks2Pl8YyevoNX4FPKY196qp0r3a4 cv8MWhjq/phiXboDHlQQVjm0Ujb5crZk7pYpUmNg= Date: Thu, 17 Nov 2022 06:49:54 +0100 From: Greg KH To: Paul Moore Cc: Roberto Sassu , ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org, martin.lau@linux.dev, song@kernel.org, yhs@fb.com, john.fastabend@gmail.com, kpsingh@kernel.org, sdf@google.com, haoluo@google.com, jolsa@kernel.org, revest@chromium.org, jackmanb@chromium.org, jmorris@namei.org, serge@hallyn.com, bpf@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, Roberto Sassu , stable@vger.kernel.org Subject: Re: [RFC][PATCH 3/4] lsm: Redefine LSM_HOOK() macro to add return value flags as argument Message-ID: References: <20221115175652.3836811-1-roberto.sassu@huaweicloud.com> <20221115175652.3836811-4-roberto.sassu@huaweicloud.com> <83cbff40f16a46e733a877d499b904cdf06949b6.camel@huaweicloud.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Nov 16, 2022 at 05:04:05PM -0500, Paul Moore wrote: > On Wed, Nov 16, 2022 at 3:11 AM Roberto Sassu > wrote: > > On Tue, 2022-11-15 at 21:27 -0500, Paul Moore wrote: > > > On Tue, Nov 15, 2022 at 12:58 PM Roberto Sassu > > > wrote: > > > > From: Roberto Sassu > > > > > > > > Define four return value flags (LSM_RET_NEG, LSM_RET_ZERO, LSM_RET_ONE, > > > > LSM_RET_GT_ONE), one for each interval of interest (< 0, = 0, = 1, > 1). > > > > > > > > Redefine the LSM_HOOK() macro to add return value flags as argument, and > > > > set the correct flags for each LSM hook. > > > > > > > > Implementors of new LSM hooks should do the same as well. > > > > > > > > Cc: stable@vger.kernel.org # 5.7.x > > > > Fixes: 9d3fdea789c8 ("bpf: lsm: Provide attachment points for BPF LSM programs") > > > > Signed-off-by: Roberto Sassu > > > > --- > > > > include/linux/bpf_lsm.h | 2 +- > > > > include/linux/lsm_hook_defs.h | 779 ++++++++++++++++++++-------------- > > > > include/linux/lsm_hooks.h | 9 +- > > > > kernel/bpf/bpf_lsm.c | 5 +- > > > > security/bpf/hooks.c | 2 +- > > > > security/security.c | 4 +- > > > > 6 files changed, 466 insertions(+), 335 deletions(-) > > > > > > Just a quick note here that even if we wanted to do something like > > > this, it is absolutely not -stable kernel material. No way. > > > > I was unsure about that. We need a proper fix for this issue that needs > > to be backported to some kernels. I saw this more like a dependency. > > But I agree with you that it would be unlikely that this patch is > > applied to stable kernels. > > > > For stable kernels, what it would be the proper way? We still need to > > maintain an allow list of functions that allow a positive return value, > > at least. Should it be in the eBPF code only? > > Ideally the fix for -stable is the same as what is done for Linus' > kernel (ignoring backport fuzzing), so I would wait and see how that > ends up first. However, if the patchset for Linus' tree is > particularly large and touches a lot of code, you may need to work on > something a bit more targeted to the specific problem. I tend to be > more conservative than most kernel devs when it comes to -stable > patches, but if you can't backport the main upstream patchset, smaller > (both in terms of impact and lines changed) is almost always better. No, the mainline patch (what is in Linus's tree), is almost always better and preferred for stable backports. When you diverge, bugs happen, almost every time, and it makes later fixes harder to backport as well. But first work on solving the problem in Linus's tree. Don't worry about stable trees until after the correct solution is merged. thanks, greg k-h