Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp4318990rwb; Mon, 21 Nov 2022 06:21:40 -0800 (PST) X-Google-Smtp-Source: AA0mqf5FRJtdRWhec21Mh34fyviRqGDFOF1JHISbpt6WSDDWuSNN4/YTEVXWWQAEX2Z71U0ySHKe X-Received: by 2002:a05:6402:1156:b0:467:374e:5f9b with SMTP id g22-20020a056402115600b00467374e5f9bmr16629167edw.283.1669040500215; Mon, 21 Nov 2022 06:21:40 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1669040500; cv=none; d=google.com; s=arc-20160816; b=Vjp3PtIcQZah0xFv3GspLeTlMEGUNG8PHcATFlxRHWfNWEB6XsFEheaVvhsDN18iRC cyEdrws7zntR3LXnmHrkUFmdtOigcflfKAiw1i5bBiX8VdEEFIUSBwwLm8CDP3zOuLvC Lvn1n1l5syKs4mrQ6HHvy/fa9Fl44uR0Q3lyTd0FT93lqCBeYhqDNK/A6FvSuVkR1CZ8 MCu6+8fcaQY909jQDb2GWkVnZVz6bUTLInmcTahzzVW4uA7clkwpwXZ0F8APgqF9DY4C RuxEMf2WcBtb7/4Vq39P8QuwgL4qGox6uaByiK/AGR0bld5vb+MW/RA/gs1Kom6UaU/j DjFg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:date:cc:to:from:subject :message-id; bh=k780vHzrb8bznyJwb3DsG1lZpDun2sd/AsFj/PAUkQU=; b=ElBCZwpWvWkDL2GEruSnmEUDBoiCb9gSs+2GY9gzBuwtifux16eaLq7v1o3zpjiBY0 Gmq4V7A8s7Vs+Ouoa9zB6ehjSyRPQ33NTKASH3toj5GaaoMSrn3emxq4Pu9WaOwkMT3n Hvkb+3rtWibgT/FwD4mS5coAqcrKSgeYNRIfkMDl9Cf0/h75ftruuOBwq42sLvnDqV79 bEzUDPRFoK+crRhXkfGO5Wz0UyfbfCx1Zo7Nj/XquYg4A74jfZZuHkb/v045Avl59PBP E7QBljXd76u6Fy+8BzzGo3vS3yQ+Duj6Ff3kI2Nv8e1CPgfOuhXsatswkZ9skFYpHKcY AO7g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id hd16-20020a170907969000b00791a37e665esi10024596ejc.10.2022.11.21.06.21.13; Mon, 21 Nov 2022 06:21:40 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230229AbiKUNa0 (ORCPT + 91 others); Mon, 21 Nov 2022 08:30:26 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35318 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229730AbiKUNaJ (ORCPT ); Mon, 21 Nov 2022 08:30:09 -0500 Received: from frasgout13.his.huawei.com (frasgout13.his.huawei.com [14.137.139.46]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4B7A6BEAF6; Mon, 21 Nov 2022 05:30:04 -0800 (PST) Received: from mail02.huawei.com (unknown [172.18.147.229]) by frasgout13.his.huawei.com (SkyGuard) with ESMTP id 4NG7PD32hrz9v7Yb; Mon, 21 Nov 2022 21:23:12 +0800 (CST) Received: from roberto-ThinkStation-P620 (unknown [10.204.63.22]) by APP2 (Coremail) with SMTP id GxC2BwC36fU6fXtjYTSBAA--.27697S2; Mon, 21 Nov 2022 14:29:40 +0100 (CET) Message-ID: Subject: Re: [PATCH v4 3/5] security: Allow all LSMs to provide xattrs for inode_init_security hook From: Roberto Sassu To: Casey Schaufler , Mimi Zohar , dmitry.kasatkin@gmail.com, paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com, stephen.smalley.work@gmail.com, eparis@parisplace.org Cc: linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, reiserfs-devel@vger.kernel.org, linux-kernel@vger.kernel.org, keescook@chromium.org, nicolas.bouchinet@clip-os.org, Roberto Sassu Date: Mon, 21 Nov 2022 14:29:20 +0100 In-Reply-To: References: <20221110094639.3086409-1-roberto.sassu@huaweicloud.com> <20221110094639.3086409-4-roberto.sassu@huaweicloud.com> <4c1349f670dc3c23214a5a5036e43ddaa0a7bc89.camel@linux.ibm.com> <3ffb9bb4ab203b5e0459c3892ded4ae0cd80458b.camel@linux.ibm.com> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.36.5-0ubuntu1 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-CM-TRANSID: GxC2BwC36fU6fXtjYTSBAA--.27697S2 X-Coremail-Antispam: 1UD129KBjvJXoW7AryrtF43Ww48ZF1UArWfuFg_yoW8Cw4fpF WUA3Wj9F4kJr47A34Iqr4ruw4a9rWrGayDXFn8Gr1jyFs0qrn3ZrWSvFy5uFy7W395t3yv qa1jva43Ar98AaDanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUUkjb4IE77IF4wAFF20E14v26ryj6rWUM7CY07I20VC2zVCF04k2 6cxKx2IYs7xG6rWj6s0DM7CIcVAFz4kK6r1j6r18M28lY4IEw2IIxxk0rwA2F7IY1VAKz4 vEj48ve4kI8wA2z4x0Y4vE2Ix0cI8IcVAFwI0_Jr0_JF4l84ACjcxK6xIIjxv20xvEc7Cj xVAFwI0_Gr0_Cr1l84ACjcxK6I8E87Iv67AKxVW8JVWxJwA2z4x0Y4vEx4A2jsIEc7CjxV AFwI0_Gr0_Gr1UM2AIxVAIcxkEcVAq07x20xvEncxIr21l5I8CrVACY4xI64kE6c02F40E x7xfMcIj6xIIjxv20xvE14v26r1j6r18McIj6I8E87Iv67AKxVWUJVW8JwAm72CE4IkC6x 0Yz7v_Jr0_Gr1lF7xvr2IY64vIr41lFIxGxcIEc7CjxVA2Y2ka0xkIwI1l42xK82IYc2Ij 64vIr41l4I8I3I0E4IkC6x0Yz7v_Jr0_Gr1lx2IqxVAqx4xG67AKxVWUJVWUGwC20s026x 8GjcxK67AKxVWUGVWUWwC2zVAF1VAY17CE14v26r4a6rW5MIIYrxkI7VAKI48JMIIF0xvE 2Ix0cI8IcVAFwI0_Jr0_JF4lIxAIcVC0I7IYx2IY6xkF7I0E14v26r4j6F4UMIIF0xvE42 xK8VAvwI8IcIk0rVWrZr1j6s0DMIIF0xvEx4A2jsIE14v26r1j6r4UMIIF0xvEx4A2jsIE c7CjxVAFwI0_Gr0_Gr1UYxBIdaVFxhVjvjDU0xZFpf9x07UZ18PUUUUU= X-CM-SenderInfo: purev21wro2thvvxqx5xdzvxpfor3voofrz/1tbiAgADBF1jj4GrBQACsZ X-CFilter-Loop: Reflected X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, 2022-11-18 at 09:31 -0800, Casey Schaufler wrote: > On 11/18/2022 7:10 AM, Mimi Zohar wrote: > > On Fri, 2022-11-18 at 10:14 +0100, Roberto Sassu wrote: > > > > > +static int security_check_compact_xattrs(struct xattr *xattrs, > > > > > + int num_xattrs, int *checked_xattrs) > > > > Perhaps the variable naming is off, making it difficult to read. So > > > > although this is a static function, which normally doesn't require a > > > > comment, it's definitely needs one. > > > Ok, will improve it. > > > > > > > > +{ > > > > > + int i; > > > > > + > > > > > + for (i = *checked_xattrs; i < num_xattrs; i++) { > > > > If the number of "checked" xattrs was kept up to date, removing the > > > > empty xattr gaps wouldn't require a loop. Is the purpose of this loop > > > > to support multiple per LSM xattrs? > > > An LSM might reserve one or more xattrs, but not set it/them (for > > > example because it is not initialized). In this case, removing the gaps > > > is needed for all subsequent LSMs. > > Including this sort of info in the function description or as a comment > > in the code would definitely simplify review. > > > > security_check_compact_xattrs() is called in the loop after getting > > each LSM's xattr(s). Only the current LSMs xattrs need to be > > compressed, yet the loop goes to the maximum number of xattrs each > > time. Just wondering if there is a way of improving it. > > At security module registration each module could identify how > many xattrs it uses. That number could be used to limit the range > of the loop. I have to do similar things for the forthcoming LSM > syscalls and module stacking beyond that. Yes, blob_sizes.lbs_xattr contains the total number of xattrs requested by LSMs. To stop the loop earlier, at the offset of the next LSM, we would need to search the LSM's lsm_info, using the LSM name in the security_hook_list structure. Although it is not optimal, not doing it makes the code simpler. I could do that, if preferred. Roberto