Received: by 2002:a05:6358:701b:b0:131:369:b2a3 with SMTP id 27csp449569rwo;
        Fri, 21 Jul 2023 14:49:29 -0700 (PDT)
X-Google-Smtp-Source: APBJJlGwVDNOMf725QhVJSV4vo8ZEj+1DwQW19LvjnQU1M6kSjzm5rK3U6bF5Bq6yw2myntKYCwQ
X-Received: by 2002:a17:90a:ba93:b0:256:2efc:270e with SMTP id t19-20020a17090aba9300b002562efc270emr2953332pjr.5.1689976169179;
        Fri, 21 Jul 2023 14:49:29 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1689976169; cv=none;
        d=google.com; s=arc-20160816;
        b=Wh4yitKYSEZ0P/2kZmrCZGJGprsF5ETYqRe1OWBGOSyjtT9IauUjnL6azG0nfSuQH3
         3HI41Kfwcpha2nnQnQnIgAK1Qi3U4s3LCJYIaWm9J7TJeUk3taTuLVLbv120P/srPm+u
         j5fZRpoGeGXY+QdWbTm6/7RD0askeZaymVX3Igq+qt9MptmyxB2kv7QDi2o1+L8GIkyR
         9KnViI104TWZP5xbLicRMFU/Mu9g7RlZj5svb7wv70GfGXO8DqeCKwWgzt5+Z6RL1RxX
         Sz2Sc45NSfBsgtNHoMb1SrSxNx6m6Na7ynNVNYKAa7gnn3v+02+MuvTVfRitxFWoltJo
         3A0Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:cc:to:subject
         :message-id:date:from:in-reply-to:references:mime-version
         :dkim-signature;
        bh=1l7ane1OFS+DsoXNZ3U+AZ4KjgV57iMuNiejIQehSc4=;
        fh=JM//zYmQbpO2l9iQJU73V8uKueZlJ8AvZ1zLB/uPuf8=;
        b=terVoCk885ZRMxmiIGe7earSfpkB8qRM2PmTWW9YEcmgPdSAgGOR4WZWzSBBvan1bw
         MXUgYnkNzj9jFwJi6ZAdxy/f54pdtklpupQsyGBttDvAKTMLLfvIYtbdOoWw/wkW65Hr
         moYFfQaXuIGissmtj2tY0oSh4O2RI+BjzYUbqbkT2ZILfB8YpyqmWEWCAu5uuPsHaFUP
         NMfSz+htVG3b376AGXUXxT58RrzLktFp/GHfuQ3LeqIfjr3pkXc5SGaSvLcKvbyEeP5T
         2qH+RJVNKcEvtAtFxZbust8ItOEGSZOM0RCbmvqEVq7bt+IuS37fEEpOrk9qL2ReCrhn
         xgig==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@paul-moore.com header.s=google header.b=FSYL0es3;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=paul-moore.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id oc6-20020a17090b1c0600b0026401b3d5besi4158891pjb.190.2023.07.21.14.49.16;
        Fri, 21 Jul 2023 14:49:29 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@paul-moore.com header.s=google header.b=FSYL0es3;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=paul-moore.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230327AbjGUVki (ORCPT <rfc822;andreas.gruenbacher@gmail.com>
        + 99 others); Fri, 21 Jul 2023 17:40:38 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51010 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229592AbjGUVkh (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 21 Jul 2023 17:40:37 -0400
Received: from mail-yw1-x112e.google.com (mail-yw1-x112e.google.com [IPv6:2607:f8b0:4864:20::112e])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 76BDE3A85
        for <linux-kernel@vger.kernel.org>; Fri, 21 Jul 2023 14:40:35 -0700 (PDT)
Received: by mail-yw1-x112e.google.com with SMTP id 00721157ae682-5774335bb2aso28872127b3.0
        for <linux-kernel@vger.kernel.org>; Fri, 21 Jul 2023 14:40:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=paul-moore.com; s=google; t=1689975634; x=1690580434;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=1l7ane1OFS+DsoXNZ3U+AZ4KjgV57iMuNiejIQehSc4=;
        b=FSYL0es3zGYgPSbiIbE7QW63J5pU/Pp1sjBqc2fV7aNAMjPq8/ibss0ZDcKuCz0WIG
         W/pDwheI4n0hlntSOBzbMjuRyUCHn6J1UpZM0i7jacmbpZVhwD+bwXYSZzGaFwphlXxq
         mHOmwpGrQGKTdhU5PkDumCCubMwIFJBn7X46RallzhPKlwFEfXGUV4lHshAGTEFnJPAZ
         7DpFyuDA12HPI8B8H1kFrbriPMQOIB6Fx6+2ImvM21lGje2l0zK5WEF6BdLcO2mfIzUl
         lwkWo19C1XELSkBimTW40s1NN/p5NVBEuw68hDplm+NuuKpleUFzO7ma6Wphsn1x+N4c
         jxPA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1689975634; x=1690580434;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=1l7ane1OFS+DsoXNZ3U+AZ4KjgV57iMuNiejIQehSc4=;
        b=GTvuPWoY2Vq/AmxkMh9VaOWDrJzItwaqB9MvaEAveCXnu9Tn4KrFG77ZmhIcQGwAql
         xfCD/J8JnfuSSqlJ7ZPKMhFFzGaJj+JORdyG2B+UyDUYZnUP4pZx0+Dtttm4EhWpUbqs
         bFg0U3pJXx87fPOn8SgMCN//QEoKQAZCW/U44qy4MIp4K0XF+DkrKEdn7+MXjgh3owji
         zjF2xIOOsPM9M3AVRz1bsshqL13GzejEqfHcMytEEse2MQftHZCxKQdZADhZ3S61ywrG
         sA/66Md+mbgSzjCXxaF5HULwUho8HCwB8wlED+quh7GVS9+e3Kp4MzrTbLGSIVoAUQyy
         +T1w==
X-Gm-Message-State: ABy/qLZU81u+z/Zu4/YL62+whmQNr/wUzFL3IeQwY24k5xXhlgvdD93q
        QN0Os+1sft6BiEQ+C/hkGD9nYl43vtIxGVf1fS4A
X-Received: by 2002:a0d:ddd4:0:b0:577:2cac:cd49 with SMTP id
 g203-20020a0dddd4000000b005772caccd49mr1343753ywe.1.1689975634601; Fri, 21
 Jul 2023 14:40:34 -0700 (PDT)
MIME-Version: 1.0
References: <20230629195535.2590-1-casey@schaufler-ca.com> <20230629195535.2590-3-casey@schaufler-ca.com>
 <9b09c571-9288-73e1-18c5-9023b909a5d9@digikod.net> <b711f8b4-f624-bb2b-1caf-90c674245135@schaufler-ca.com>
In-Reply-To: <b711f8b4-f624-bb2b-1caf-90c674245135@schaufler-ca.com>
From:   Paul Moore <paul@paul-moore.com>
Date:   Fri, 21 Jul 2023 17:40:23 -0400
Message-ID: <CAHC9VhRY1_tdLVnFGK4ZxRDEs+JKJWD3VR+iHrcrm9Psmbowtg@mail.gmail.com>
Subject: Re: [PATCH v12 02/11] LSM: Maintain a table of LSM attribute data
To:     Casey Schaufler <casey@schaufler-ca.com>
Cc:     =?UTF-8?B?TWlja2HDq2wgU2FsYcO8bg==?= <mic@digikod.net>,
        linux-security-module@vger.kernel.org, jmorris@namei.org,
        serge@hallyn.com, keescook@chromium.org,
        john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp,
        stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org,
        linux-api@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
        SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED
        autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri, Jul 14, 2023 at 3:42=E2=80=AFPM Casey Schaufler <casey@schaufler-ca=
.com> wrote:
> On 7/11/2023 8:35 AM, Micka=C3=ABl Sala=C3=BCn wrote:
> > On 29/06/2023 21:55, Casey Schaufler wrote:
> >> As LSMs are registered add their lsm_id pointers to a table.
> >> This will be used later for attribute reporting.
> >>
> >> Determine the number of possible security modules based on
> >> their respective CONFIG options. This allows the number to be
> >> known at build time. This allows data structures and tables
> >> to use the constant.
> >>
> >> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
> >> Reviewed-by: Kees Cook <keescook@chromium.org>
> >> Reviewed-by: Serge Hallyn <serge@hallyn.com>
> >> ---
> >>   include/linux/security.h |  2 ++
> >>   security/security.c      | 37 +++++++++++++++++++++++++++++++++++++
> >>   2 files changed, 39 insertions(+)

...

> >> diff --git a/security/security.c b/security/security.c
> >> index e56714ef045a..5a699e47478b 100644
> >> --- a/security/security.c
> >> +++ b/security/security.c
> >> @@ -521,6 +546,18 @@ void __init security_add_hooks(struct
> >> security_hook_list *hooks, int count,
> >>   {
> >>       int i;
> >>   +    /*
> >> +     * A security module may call security_add_hooks() more
> >> +     * than once during initialization, and LSM initialization
> >> +     * is serialized. Landlock is one such case.
> >> +     * Look at the previous entry, if there is one, for duplication.
> >> +     */
> >> +    if (lsm_active_cnt =3D=3D 0 || lsm_idlist[lsm_active_cnt - 1] !=
=3D
> >> lsmid) {
> >
> > Isn't it possible to have interleaved security_add_hooks() calls?
>
> The initialization is serial and interleaving isn't possible.
>
> >> +        if (lsm_active_cnt >=3D LSM_CONFIG_COUNT)
> >> +            panic("%s Too many LSMs registered.\n", __func__);
> >
> > I'm not sure we should panic, but from a security point of view it is
> > critical enough=E2=80=A6
>
> It's possible this should be a BUG() instance, but the panic() more
> closely resembles what's nearby in the code.

I think the panic() call is okay.  If something is so horribly broken
that we hit this case we have little option but to panic the system as
booting with the LSM controls busted in such a way is very not good.

There are probably those that would object to the above statement, but
those people aren't likely to be building a kernel with any LSMs in
the first place.

--=20
paul-moore.com