Received: by 2002:ab2:710b:0:b0:1ef:a325:1205 with SMTP id z11csp1060318lql; Tue, 12 Mar 2024 06:26:51 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUFz96vA9zasNigOTNO0qQSQGbGZv6MpZ55d5f4fpC56FkeQ0x3Yc0ZaUpTo3V3LMIidHWxiV4eH6eE3aiETg/4hG1WPqV/qFc99X34sw== X-Google-Smtp-Source: AGHT+IHq44q1QmGXbXRYh1srMwyGUDNAq5VUfN58RIOEsm9ZUDeVVlhQ4efkyCq0WTMY0I7JHeJI X-Received: by 2002:a05:6a20:8f06:b0:1a1:74ea:d6ab with SMTP id b6-20020a056a208f0600b001a174ead6abmr7856469pzk.1.1710250011296; Tue, 12 Mar 2024 06:26:51 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1710250011; cv=pass; d=google.com; s=arc-20160816; b=NZyIV7tCDcln15QW5jzqQM9hXsQ+mAaLNh+P+hfsHMANuUBxbCuO9fRnyEHq7rfBGW UIneS1BI383ts7IFF9diYitBnj/h0eu5y0FG+dGfkyI1G6TzfMQbdCzWN0Uij4G6yBTr d2Eu7afaBJnGI1ybank2/ElErFG7izFc7GlgAILy3uXHx1/vCgQh1PZJDSml60ivTDQ6 kvCEvOeBb53qP7rsLDC7e3W7IzpAXo8BjQCIAAvIXROF24e1nZP32gdVEyPF5l9eohOI ZjQXqT//4paKTphw7HasABm1VclOK/spQbxmNGEAcLtm67w6vxn2Uyjk2v8HI8JGy0ZP /FTw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:list-unsubscribe:list-subscribe :list-id:precedence:dkim-signature; bh=JB/fCkc+DY4m42yOK4XJQgiO/OTJKfXykryTXv2ZIvc=; fh=o3N+SNgE0gCtP13op78LGhybyoFisssfIIgayj5XUe8=; b=QlekEahs/I+xmxpiCDu6QyxC6ilq0c0fYbkQO6kolPG1O9Kb3u6DoIJPM6ceScwVnm DZOLbJj0CL38fsB0kDWzCasWQrnx5hyQVET2zyOYYkXeuTqQUpKF2TAMfPhYEAIIQbzR JkiWMl+a2TYjNkMuvxMXmpa4mckqiG/PS//6hd29bUiFOlQZgRmm/W3azvDNRPAplYiJ uUqELMPhoUJwjV41brkcfNpqw1Qp9xWs/TdX+YCuRLO51IXMOC046TacLk8IKFoeOH/0 MeyBXr/fNvsc4vU8SfSnlLnG7VesalFzNeIvH3qwVxgYXPsPCOfEHMzIbgzH8JD9fWJZ Yrhw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@paul-moore.com header.s=google header.b="P/rzX1/+"; arc=pass (i=1 spf=pass spfdomain=paul-moore.com dkim=pass dkdomain=paul-moore.com dmarc=pass fromdomain=paul-moore.com); spf=pass (google.com: domain of linux-kernel+bounces-100288-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-100288-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=paul-moore.com Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161]) by mx.google.com with ESMTPS id v11-20020aa799cb000000b006e0385d7185si6919252pfi.229.2024.03.12.06.26.50 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 12 Mar 2024 06:26:51 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-100288-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore.com header.s=google header.b="P/rzX1/+"; arc=pass (i=1 spf=pass spfdomain=paul-moore.com dkim=pass dkdomain=paul-moore.com dmarc=pass fromdomain=paul-moore.com); spf=pass (google.com: domain of linux-kernel+bounces-100288-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-100288-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=paul-moore.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id A97AAB234A3 for ; Tue, 12 Mar 2024 13:25:37 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id EA8667A703; Tue, 12 Mar 2024 13:25:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b="P/rzX1/+" Received: from mail-yb1-f182.google.com (mail-yb1-f182.google.com [209.85.219.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5C0DF5820A for ; Tue, 12 Mar 2024 13:25:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.182 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710249929; cv=none; b=QkWw4DKNzywhdhUaYpxHo8pdiaYD93WJD9n8VIhZ7rRk9Y6QhbpuI3xNqv8tm5P9y+NBW9OOKwvcUzHAhoqmXHb9ZFf66WpTMZ9zDPA5o3DmIaBqy161T2+/4SODRTz3hLQM5XlkdRZEiP4Al9RnF5NW9twYLKDYiRA1dGpWF6w= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710249929; c=relaxed/simple; bh=psGUUbaGpO0STvfivLy6nh3+05iM/5LFBTb9Tiu2sx0=; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=FtI8Zkhv50xmpLLCXWqg+vBqs1esc4nruojxbver01fIDHrxFJh5VSKQ4jb71IeNtbVT7E/C94qbVNedpTrDUmjCu8UndgaEW3ga8SLqCEbWHypEqjbseAqcSR4X9ucrLMyU5Cm5GCvwOH4/RVvRVshdHLeeNJ9qbiOzzFNYrFA= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com; spf=pass smtp.mailfrom=paul-moore.com; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b=P/rzX1/+; arc=none smtp.client-ip=209.85.219.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=paul-moore.com Received: by mail-yb1-f182.google.com with SMTP id 3f1490d57ef6-dbed0710c74so3408362276.1 for ; Tue, 12 Mar 2024 06:25:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore.com; s=google; t=1710249925; x=1710854725; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=JB/fCkc+DY4m42yOK4XJQgiO/OTJKfXykryTXv2ZIvc=; b=P/rzX1/+8Gsya7WVuz83YmqAKIk/yVcSz+63lCQGDNLXEtCbjZfmJqNyyRAeaCHOXf SyFFdqzMnnmVJpWt2JJOgACTKbW2jacz9YWj6isXiPaOP8opHzJwqxFx9f2+Tq8TSH+6 TDUlQRefPZhsKvm5EgYDoNK/TsibUrHaChnFDQZkVAXNOI4bBkr3z4Mlp/uMBHSgF8Kg OBPfpJfXZ5W8jq/cNWT6lnyhZ9BEXFArfSrXw9/3vVRec2VKAHOP/HWtLNfgrltHXtSq fbDyUNeW44TOiwofbMGjbsVxYRjHXhhwpT9PSoYAIh3t2J3Vlk16Jx42AIdlGDfM4ouJ 5xow== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710249925; x=1710854725; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=JB/fCkc+DY4m42yOK4XJQgiO/OTJKfXykryTXv2ZIvc=; b=fGzHcEaOxOvcRlK0rkrqqkNSD3Mv4dlozXmg14EvvpRYLI25oJdm/r+oSrdR2DmvPH Auc6QUFbSYAZoSb0NwzcCi46ZeEJXUsdHNjpnJlZD3xIFjptOvcHaLSGgnN+u+w0RcCp LtO+9sNxIcFw5gqNrXH2OCTC7FuISIHJLI11AdRSObLIcQtdsc+XKAan1IUDNSSfU9ZT lOyzCZWluhRgv3/mLDf1685x/KHHbjjPQlyP6p26wN+Zuse7BdbAWgA8QXHyzSVJ8Vxi VG/gdqQJK+vBeBDeFBrJVh0NhIsXNaXmER9A4PlURKdVYmmZPvVTNTJtRpwnx9mW33Kv MQNQ== X-Forwarded-Encrypted: i=1; AJvYcCWuBlA9uVCvHQ82fp3Ty+su0iNGJV9DXi/OnP8BoztRB2+VBLLiEFaWev9uvtaIG1U6dh6yF+Vtni5hlymt3Kb94mLeX87O9zbiAUJu X-Gm-Message-State: AOJu0YwxOfLjQixri4IcrQlSCXRLS0qcdiEvpxn9ydz3SDv/sCwlOMIv WAfCa5yBon95a72nUBtv22oNCYV6GWncsq/goUSMCL+7ucS5SBtYdOB2hWpIkAQWWL9Gr83TjTK S28g6XKV5h5F2IjE7/vp4G5K+1gxrZPhCXsCL X-Received: by 2002:a25:8f8c:0:b0:dc2:41de:b744 with SMTP id u12-20020a258f8c000000b00dc241deb744mr6886137ybl.32.1710249925381; Tue, 12 Mar 2024 06:25:25 -0700 (PDT) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20230912205658.3432-1-casey@schaufler-ca.com> <20230912205658.3432-6-casey@schaufler-ca.com> <20240312101630.GA903@altlinux.org> In-Reply-To: <20240312101630.GA903@altlinux.org> From: Paul Moore Date: Tue, 12 Mar 2024 09:25:14 -0400 Message-ID: Subject: Re: [PATCH v15 05/11] LSM: Create lsm_list_modules system call To: "Dmitry V. Levin" Cc: Casey Schaufler , linux-security-module@vger.kernel.org, jmorris@namei.org, serge@hallyn.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, mic@digikod.net Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Tue, Mar 12, 2024 at 6:16=E2=80=AFAM Dmitry V. Levin wro= te: > On Tue, Sep 12, 2023 at 01:56:50PM -0700, Casey Schaufler wrote: > [...] > > --- a/security/lsm_syscalls.c > > +++ b/security/lsm_syscalls.c > > @@ -55,3 +55,42 @@ SYSCALL_DEFINE4(lsm_get_self_attr, unsigned int, att= r, struct lsm_ctx __user *, > > { > > return security_getselfattr(attr, ctx, size, flags); > > } > > + > > +/** > > + * sys_lsm_list_modules - Return a list of the active security modules > > + * @ids: the LSM module ids > > + * @size: pointer to size of @ids, updated on return > > + * @flags: reserved for future use, must be zero > > + * > > + * Returns a list of the active LSM ids. On success this function > > + * returns the number of @ids array elements. This value may be zero > > + * if there are no LSMs active. If @size is insufficient to contain > > + * the return data -E2BIG is returned and @size is set to the minimum > > + * required size. In all other cases a negative value indicating the > > + * error is returned. > > + */ > > +SYSCALL_DEFINE3(lsm_list_modules, u64 __user *, ids, size_t __user *, = size, > > + u32, flags) > > I'm sorry but the size of userspace size_t is different from the kernel o= ne > on 32-bit compat architectures. D'oh, yes, thanks for pointing that out. It would have been nice to have caught that before v6.8 was released, but I guess it's better than later. > Looks like there has to be a COMPAT_SYSCALL_DEFINE3(lsm_list_modules, ...= ) > now. Other two added lsm syscalls also have this issue. Considering that Linux v6.8, and by extension these syscalls, are only a few days old, I think I'd rather see us just modify the syscalls and avoid the compat baggage. I'm going to be shocked if anyone has shifted to using the new syscalls yet, and even if they have (!!), moving from a "size_t" type to a "u64" should be mostly transparent for the majority of native 64-bit systems. Those running the absolute latest kernels on 32-bit systems with custom or bleeding edge userspace *may* see a slight hiccup, but I think that user count is in the single digits, if not zero. Let's fix this quickly with /size_t/u64/ in v6.8.1 and avoid the compat shim if we can. Casey, do you have time to put together a patch for this (you should fix the call chains below the syscalls too)? If not, please let me know and I'll get a patch out ASAP. Thanks all. --=20 paul-moore.com