Received: by 2002:a05:622a:1442:b0:3a5:28ea:c4b9 with SMTP id v2csp756415qtx;
        Thu, 17 Nov 2022 07:40:55 -0800 (PST)
X-Google-Smtp-Source: AA0mqf7pwpadoRGAkS0H/HZyfRIj7jJJGgU9zQa9AZ7Gml6WfCaHunmTHDpiSMKo8oDg0YV0nBKX
X-Received: by 2002:a17:906:89a0:b0:7ae:47ef:93f with SMTP id gg32-20020a17090689a000b007ae47ef093fmr2645679ejc.116.1668699655543;
        Thu, 17 Nov 2022 07:40:55 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1668699655; cv=none;
        d=google.com; s=arc-20160816;
        b=TC6/G5rFEzHljnC3YKFHNJqi2TrhdFzRLYfYWv1pX7ZI7RBstsPmjVmz/c6Sjj9iGc
         SJCtz868vQOrREe7rEpMotlquoK7Y5MxpX7KirLyq91O/iKDuIBQFI+E9pXunlQgffg3
         futY8LepLgLekfhH+1/ZH1AgWqiVW/eRLHU9rFyZKPwXq0yevXTVQvzNfPefZuUevmAG
         o9bjzet1wpk3YKTxfIVCvTnnKFt0iRT2UWl7MRlVouWQ82/cHmSEc4IaZzOFFb+eT+qO
         XIYLzzRHsQZ/DytsdIsICUgyMtt2AhG0DoASPu5bAGGFQXurbYBJM1p8E83J/uWel4mj
         Qq3w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to
         :references:mime-version:dkim-signature;
        bh=YYbyGvr7R4QJ31YRKXqxJVIlaxGSfN/nVPLH9/segYo=;
        b=i4GoMdiAFDPriO2ck7yKyVwaw4LOUnVt54HetwNQ8vKcv0duZnt9h45Z+R6lYOoTQk
         mm4gkhWwJFKv2/iZg7oRLszg2D3EKCFP5As9hApyBD1TRaZfFPTGiE8SzJc0hYwQ+hI8
         53HW2QNm8ISJRTXjyivHTQnsb6urV60tmkBgwxPhJ4CibyOeILw/zlBmivwbme8AmtNB
         QUwPzptQcn00Go3qOv+Kxlmh6oySeSUIjygIjHlfE5F6iXvw84vLPS+RObaU5ApNYBIB
         cSka7sV+/4nPEtDZ5YMyP1lD0SzXIJNA7gfoFcxuyHNDB69awVaBIm4AfIv5hLpryQsI
         lnJQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b=bhV42qvh;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id d13-20020aa7d5cd000000b00462dca18096si996234eds.520.2022.11.17.07.40.33;
        Thu, 17 Nov 2022 07:40:55 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b=bhV42qvh;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S234551AbiKQPcD (ORCPT <rfc822;tarbal@gmail.com> + 92 others);
        Thu, 17 Nov 2022 10:32:03 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47594 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S233179AbiKQPb4 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 17 Nov 2022 10:31:56 -0500
Received: from mail-pj1-x1033.google.com (mail-pj1-x1033.google.com [IPv6:2607:f8b0:4864:20::1033])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DF604E092
        for <linux-kernel@vger.kernel.org>; Thu, 17 Nov 2022 07:31:55 -0800 (PST)
Received: by mail-pj1-x1033.google.com with SMTP id d13-20020a17090a3b0d00b00213519dfe4aso2305863pjc.2
        for <linux-kernel@vger.kernel.org>; Thu, 17 Nov 2022 07:31:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=paul-moore-com.20210112.gappssmtp.com; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=YYbyGvr7R4QJ31YRKXqxJVIlaxGSfN/nVPLH9/segYo=;
        b=bhV42qvhSh6JlAr5LOzLdUDf3KEvgkBFoxSgGMdYhoPh4wNmiNmakO5pya7uYnFNX3
         9vKnTRjuljBe+GvnX2CkYyrlclqY1/0MWPRPksqKeLO4NhA2lGk5oFt9yTwq7qAyaDQy
         16zGofSttVBr7KsWP7JC5kJoDoJSMlh/tUIaMbm1gFflZT41h1lXXpfZvGjWMUnexXSC
         XFbOfhqZ8rRfdbenEkZQfMLMWRZ+KDxBAeflZifNmraa/XKSUNql8j51PuZNSs1hVJDw
         GmMGb3ZTI2FOYZ7Yes6t/xn8JvLFzyDsxqCyMmVIi3WtCSCO1fEfFREmA+vUGKciNLHl
         MI8w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=YYbyGvr7R4QJ31YRKXqxJVIlaxGSfN/nVPLH9/segYo=;
        b=8KZ+GABKancz9Cl4frLVMksYuOk5Me/yaQgy4ioRsuxlSrpInahUvO1UehRYmU45Ya
         BzVQEf5DjUW6Z5bWIUL+ax2H8IKa40WdxjfeDkbmB+pU2AlAuyxaHHQOyh4nKBDuJkgC
         Od3zm484XIJhQYvK9pVOgAnwPW2nMxzWuknbJurWs3ar8jqN4ZKG73EELaDeU34ePmv8
         ep9I1YfsTAjzd5+8tehO08PeYA6J8/plsRmAlyVz50bBptlpJgrEmKj32HsbnWbr4muR
         0qNBgR7lx2c2l0glOUqFidlVHwjsQH+0IaeR0hQjkzaFaZbnEVzYTjHhdCuVrX/BFwhR
         fiTQ==
X-Gm-Message-State: ANoB5pmC3PWMakWAAwbFWgfvqboVsERwaTKNrFdgF4ntt9hyNQzNxwJ+
        b0NwMQ2xFVztKSZSmFt/ZuETIKmxV1h+o/9Gay5a
X-Received: by 2002:a17:902:b097:b0:17b:4ace:b67f with SMTP id
 p23-20020a170902b09700b0017b4aceb67fmr3442926plr.12.1668699115322; Thu, 17
 Nov 2022 07:31:55 -0800 (PST)
MIME-Version: 1.0
References: <20221115175652.3836811-1-roberto.sassu@huaweicloud.com>
 <20221115175652.3836811-4-roberto.sassu@huaweicloud.com> <CAHC9VhTA7SgFnTFGNxOGW38WSkWu7GSizBmNz=TuazUR4R_jUg@mail.gmail.com>
 <83cbff40f16a46e733a877d499b904cdf06949b6.camel@huaweicloud.com>
 <CAHC9VhRX0J8Z61_fH9T5O1ZpRQWSppQekxP8unJqStHuTwQkLQ@mail.gmail.com> <Y3XLgrYbIEpdW0vy@kroah.com>
In-Reply-To: <Y3XLgrYbIEpdW0vy@kroah.com>
From:   Paul Moore <paul@paul-moore.com>
Date:   Thu, 17 Nov 2022 10:31:44 -0500
Message-ID: <CAHC9VhTXegLqVH18AXTYrFPBn1WF0Wu8hbybc1Y5LTr-StFrOw@mail.gmail.com>
Subject: Re: [RFC][PATCH 3/4] lsm: Redefine LSM_HOOK() macro to add return
 value flags as argument
To:     Greg KH <gregkh@linuxfoundation.org>
Cc:     Roberto Sassu <roberto.sassu@huaweicloud.com>, ast@kernel.org,
        daniel@iogearbox.net, andrii@kernel.org, martin.lau@linux.dev,
        song@kernel.org, yhs@fb.com, john.fastabend@gmail.com,
        kpsingh@kernel.org, sdf@google.com, haoluo@google.com,
        jolsa@kernel.org, revest@chromium.org, jackmanb@chromium.org,
        jmorris@namei.org, serge@hallyn.com, bpf@vger.kernel.org,
        linux-security-module@vger.kernel.org,
        linux-kernel@vger.kernel.org,
        Roberto Sassu <roberto.sassu@huawei.com>,
        stable@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_NONE autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, Nov 17, 2022 at 12:50 AM Greg KH <gregkh@linuxfoundation.org> wrote:
> On Wed, Nov 16, 2022 at 05:04:05PM -0500, Paul Moore wrote:
> > On Wed, Nov 16, 2022 at 3:11 AM Roberto Sassu
> > <roberto.sassu@huaweicloud.com> wrote:
> > > On Tue, 2022-11-15 at 21:27 -0500, Paul Moore wrote:
> > > > On Tue, Nov 15, 2022 at 12:58 PM Roberto Sassu
> > > > <roberto.sassu@huaweicloud.com> wrote:
> > > > > From: Roberto Sassu <roberto.sassu@huawei.com>
> > > > >
> > > > > Define four return value flags (LSM_RET_NEG, LSM_RET_ZERO, LSM_RET_ONE,
> > > > > LSM_RET_GT_ONE), one for each interval of interest (< 0, = 0, = 1, > 1).
> > > > >
> > > > > Redefine the LSM_HOOK() macro to add return value flags as argument, and
> > > > > set the correct flags for each LSM hook.
> > > > >
> > > > > Implementors of new LSM hooks should do the same as well.
> > > > >
> > > > > Cc: stable@vger.kernel.org # 5.7.x
> > > > > Fixes: 9d3fdea789c8 ("bpf: lsm: Provide attachment points for BPF LSM programs")
> > > > > Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
> > > > > ---
> > > > >  include/linux/bpf_lsm.h       |   2 +-
> > > > >  include/linux/lsm_hook_defs.h | 779 ++++++++++++++++++++--------------
> > > > >  include/linux/lsm_hooks.h     |   9 +-
> > > > >  kernel/bpf/bpf_lsm.c          |   5 +-
> > > > >  security/bpf/hooks.c          |   2 +-
> > > > >  security/security.c           |   4 +-
> > > > >  6 files changed, 466 insertions(+), 335 deletions(-)
> > > >
> > > > Just a quick note here that even if we wanted to do something like
> > > > this, it is absolutely not -stable kernel material.  No way.
> > >
> > > I was unsure about that. We need a proper fix for this issue that needs
> > > to be backported to some kernels. I saw this more like a dependency.
> > > But I agree with you that it would be unlikely that this patch is
> > > applied to stable kernels.
> > >
> > > For stable kernels, what it would be the proper way? We still need to
> > > maintain an allow list of functions that allow a positive return value,
> > > at least. Should it be in the eBPF code only?
> >
> > Ideally the fix for -stable is the same as what is done for Linus'
> > kernel (ignoring backport fuzzing), so I would wait and see how that
> > ends up first.  However, if the patchset for Linus' tree is
> > particularly large and touches a lot of code, you may need to work on
> > something a bit more targeted to the specific problem.  I tend to be
> > more conservative than most kernel devs when it comes to -stable
> > patches, but if you can't backport the main upstream patchset, smaller
> > (both in terms of impact and lines changed) is almost always better.
>
> No, the mainline patch (what is in Linus's tree), is almost always
> better and preferred for stable backports.  When you diverge, bugs
> happen, almost every time, and it makes later fixes harder to backport
> as well.
>
> But first work on solving the problem in Linus's tree.  Don't worry
> about stable trees until after the correct solution is merged.

Perhaps you missed my very first sentence where I mentioned exactly
the same things: solve it in Linus' tree first, backports of patches
in Linus' tree is ideal.

-- 
paul-moore.com