Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp32064183rwd; Fri, 7 Jul 2023 08:12:15 -0700 (PDT) X-Google-Smtp-Source: APBJJlHREh/haFYG10auucs5p7Uv6sxpyDp5kMe7sXWQAsQscaLKbqOP1+ujoyfECsq9j/F+QTT4 X-Received: by 2002:a05:6a00:3a0a:b0:678:7744:31fd with SMTP id fj10-20020a056a003a0a00b00678774431fdmr14731998pfb.0.1688742735289; Fri, 07 Jul 2023 08:12:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1688742735; cv=none; d=google.com; s=arc-20160816; b=mmRw8M10buNDlOMHZ1xQCYSi4oiWQ8B8TrZSRw1z8UpqgczeoXd/J8z/W8CNbUHVK2 aEIqaghY/SzqcKmGXnapt+0/xB/5+mU4Qgi2PQUjRGcjctXXUmH0EZfarky7Yw8d0Tcp Z0SMYEGnfLGBCT0OUvBJjBcEU+u7gDN5UDsPdlHGqILE9FDJsk/xPuldudBQ+oV5EHlQ g3N0aOEktiFlZ8oHGQTompcf3ooKEj7rlqIbXfMJEDHH0vR10wJ+NuuLiQ4m5Qnafjjr 4aKOL6RGsIDwLz0h55u2W5GuRpuGLxR872NcHw9fzyUpfhaavUDW7/XLbEQUCNEvSYt6 W45w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:user-agent :content-transfer-encoding:references:in-reply-to:date:cc:to:from :subject:message-id; bh=vLFSpHvlR9LyiuYE37vwfsIPqZbQdhz3pPfKJLEvbsE=; fh=CHIyi6kFukhtpzaMcvTqTGJ0CnLPHwoflfiIkdaMA7o=; b=Lba8gTZAJyseCv3JEE1s6JUJKPmUDiwWlcMNLDo2/JKNT0S5n8bIDVQkBeOJ+2t9X8 uKJv1vVfiCnTIXWjWrQghXeQ9AQqL8U77Um+pd3dIONE0fZkhuKpvxqogyJNO9matD4l kDFT7YhFBBeEjMz/fGOyu2Zub/V/a55NQ1atyR6ZRM1FXwgRbm779LOuNADkcZtmBI4t vO6/yR2xNBYLDJzsQXuBU7AiKG4pPOyKUO40QkcV4t5UUiBxJ2HMfxsX4UgKMUc4xvdR d/+SSYXt+XMHY2XFkiEU0muwWj//k6IoN4XAmJpB023lNibxc8PsI2cj6Huld1J+HDRt ydaw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id bv9-20020a632e09000000b0055acc92299esi3856769pgb.240.2023.07.07.08.12.02; Fri, 07 Jul 2023 08:12:15 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233016AbjGGOn2 convert rfc822-to-8bit (ORCPT + 99 others); Fri, 7 Jul 2023 10:43:28 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33734 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233087AbjGGOn0 (ORCPT ); Fri, 7 Jul 2023 10:43:26 -0400 Received: from frasgout11.his.huawei.com (unknown [14.137.139.23]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 43E891FE9; Fri, 7 Jul 2023 07:43:21 -0700 (PDT) Received: from mail02.huawei.com (unknown [172.18.147.227]) by frasgout11.his.huawei.com (SkyGuard) with ESMTP id 4QyG7k5q1bz9xGgg; Fri, 7 Jul 2023 22:32:18 +0800 (CST) Received: from [127.0.0.1] (unknown [10.204.63.22]) by APP2 (Coremail) with SMTP id GxC2BwDnt15iJKhkVoAxBA--.59537S2; Fri, 07 Jul 2023 15:42:55 +0100 (CET) Message-ID: Subject: Re: [PATCH v12 1/4] security: Allow all LSMs to provide xattrs for inode_init_security hook From: Roberto Sassu To: Paul Moore , Roberto Sassu Cc: "zohar@linux.ibm.com" , "dmitry.kasatkin@gmail.com" , "jmorris@namei.org" , "serge@hallyn.com" , "stephen.smalley.work@gmail.com" , "eparis@parisplace.org" , "casey@schaufler-ca.com" , "linux-kernel@vger.kernel.org" , "linux-integrity@vger.kernel.org" , "linux-security-module@vger.kernel.org" , "selinux@vger.kernel.org" , "bpf@vger.kernel.org" , "kpsingh@kernel.org" , "keescook@chromium.org" , "nicolas.bouchinet@clip-os.org" Date: Fri, 07 Jul 2023 16:42:39 +0200 In-Reply-To: References: <20230610075738.3273764-2-roberto.sassu@huaweicloud.com> <1c8c612d99e202a61e6a6ecf50d4cace.paul@paul-moore.com> <8fd08063bc6b4325b9785052d02da9f2@huawei.com> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8BIT User-Agent: Evolution 3.44.4-0ubuntu1 MIME-Version: 1.0 X-CM-TRANSID: GxC2BwDnt15iJKhkVoAxBA--.59537S2 X-Coremail-Antispam: 1UD129KBjvJXoWxuF4rJF4fXFW8XrW8CrW3ZFb_yoW5trW3pF W3J3Wjkrn5JFWfAr9ayw48u3WS93yrGr4UXr9xtw1UZas0gr1xJr1jkr1ruFykXrWkGFnY qry7Xr9xurn8A37anT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUUkjb4IE77IF4wAFF20E14v26ryj6rWUM7CY07I20VC2zVCF04k2 6cxKx2IYs7xG6rWj6s0DM7CIcVAFz4kK6r1j6r18M28lY4IEw2IIxxk0rwA2F7IY1VAKz4 vEj48ve4kI8wA2z4x0Y4vE2Ix0cI8IcVAFwI0_Jr0_JF4l84ACjcxK6xIIjxv20xvEc7Cj xVAFwI0_Gr0_Cr1l84ACjcxK6I8E87Iv67AKxVW8JVWxJwA2z4x0Y4vEx4A2jsIEc7CjxV AFwI0_Gr0_Gr1UM2AIxVAIcxkEcVAq07x20xvEncxIr21l5I8CrVACY4xI64kE6c02F40E x7xfMcIj6xIIjxv20xvE14v26r1j6r18McIj6I8E87Iv67AKxVWUJVW8JwAm72CE4IkC6x 0Yz7v_Jr0_Gr1lF7xvr2IY64vIr41lFIxGxcIEc7CjxVA2Y2ka0xkIwI1l42xK82IYc2Ij 64vIr41l4I8I3I0E4IkC6x0Yz7v_Jr0_Gr1lx2IqxVAqx4xG67AKxVWUJVWUGwC20s026x 8GjcxK67AKxVWUGVWUWwC2zVAF1VAY17CE14v26r4a6rW5MIIYrxkI7VAKI48JMIIF0xvE 2Ix0cI8IcVAFwI0_Jr0_JF4lIxAIcVC0I7IYx2IY6xkF7I0E14v26r4j6F4UMIIF0xvE42 xK8VAvwI8IcIk0rVWrZr1j6s0DMIIF0xvEx4A2jsIE14v26r1j6r4UMIIF0xvEx4A2jsIE c7CjxVAFwI0_Gr0_Gr1UYxBIdaVFxhVjvjDU0xZFpf9x07UZ18PUUUUU= X-CM-SenderInfo: purev21wro2thvvxqx5xdzvxpfor3voofrz/1tbiAQALBF1jj5AApQAAsK X-CFilter-Loop: Reflected X-Spam-Status: No, score=-0.9 required=5.0 tests=BAYES_00,KHOP_HELO_FCRDNS, PDS_RDNS_DYNAMIC_FP,RDNS_DYNAMIC,SPF_HELO_NONE,SPF_NONE, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, 2023-07-07 at 10:34 -0400, Paul Moore wrote: > On Fri, Jul 7, 2023 at 2:49 AM Roberto Sassu wrote: > > > From: Paul Moore [mailto:paul@paul-moore.com] > > > Sent: Friday, July 7, 2023 3:44 AM > > > On Jun 10, 2023 Roberto Sassu wrote: > > > > > > > > Currently, the LSM infrastructure supports only one LSM providing an xattr > > > > and EVM calculating the HMAC on that xattr, plus other inode metadata. > > > > > > > > Allow all LSMs to provide one or multiple xattrs, by extending the security > > > > blob reservation mechanism. Introduce the new lbs_xattr_count field of the > > > > lsm_blob_sizes structure, so that each LSM can specify how many xattrs it > > > > needs, and the LSM infrastructure knows how many xattr slots it should > > > > allocate. > > > > > > > > Modify the inode_init_security hook definition, by passing the full > > > > xattr array allocated in security_inode_init_security(), and the current > > > > number of xattr slots in that array filled by LSMs. The first parameter > > > > would allow EVM to access and calculate the HMAC on xattrs supplied by > > > > other LSMs, the second to not leave gaps in the xattr array, when an LSM > > > > requested but did not provide xattrs (e.g. if it is not initialized). > > > > > > > > Introduce lsm_get_xattr_slot(), which LSMs can call as many times as the > > > > number specified in the lbs_xattr_count field of the lsm_blob_sizes > > > > structure. During each call, lsm_get_xattr_slot() increments the number of > > > > filled xattrs, so that at the next invocation it returns the next xattr > > > > slot to fill. > > > > > > > > Cleanup security_inode_init_security(). Unify the !initxattrs and > > > > initxattrs case by simply not allocating the new_xattrs array in the > > > > former. Update the documentation to reflect the changes, and fix the > > > > description of the xattr name, as it is not allocated anymore. > > > > > > > > Adapt both SELinux and Smack to use the new definition of the > > > > inode_init_security hook, and to call lsm_get_xattr_slot() to obtain and > > > > fill the reserved slots in the xattr array. > > > > > > > > Move the xattr->name assignment after the xattr->value one, so that it is > > > > done only in case of successful memory allocation. > > > > > > > > Finally, change the default return value of the inode_init_security hook > > > > from zero to -EOPNOTSUPP, so that BPF LSM correctly follows the hook > > > > conventions. > > > > > > > > Reported-by: Nicolas Bouchinet > > > > Link: https://lore.kernel.org/linux-integrity/Y1FTSIo+1x+4X0LS@archlinux/ > > > > Signed-off-by: Roberto Sassu > > > > --- > > > > include/linux/lsm_hook_defs.h | 6 +-- > > > > include/linux/lsm_hooks.h | 20 ++++++++++ > > > > security/security.c | 71 +++++++++++++++++++++++------------ > > > > security/selinux/hooks.c | 17 +++++---- > > > > security/smack/smack_lsm.c | 25 ++++++------ > > > > 5 files changed, 92 insertions(+), 47 deletions(-) > > > > > > Two *very* small suggestions below, but I can make those during the > > > merge if you are okay with that Roberto? > > > > Hi Paul > > > > yes, sure, I'm ok with them. Please make them during the merge. > > Great, I'll queue this up for merging once the merge window closes. > I'll send confirmation once it's done but just a heads-up that things > might be a little delayed next week. Ok, no problem. Thanks! Roberto