| Message ID | 20230315224704.2672-6-casey@schaufler-ca.com (mailing list archive) |
|---|---|
| State | Changes Requested |
| Delegated to: | Paul Moore |
| Headers | show |
| Series | LSM: Three basic syscalls | expand |
On Wed, Mar 15, 2023 at 6:48 PM Casey Schaufler <casey@schaufler-ca.com> wrote: > > Create a system call to report the list of Linux Security Modules > that are active on the system. The list is provided as an array > of LSM ID numbers. > > The calling application can use this list determine what LSM > specific actions it might take. That might include chosing an > output format, determining required privilege or bypassing > security module specific behavior. > > Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> > --- > Documentation/userspace-api/lsm.rst | 3 +++ > include/linux/syscalls.h | 1 + > kernel/sys_ni.c | 1 + > security/lsm_syscalls.c | 39 +++++++++++++++++++++++++++++ > 4 files changed, 44 insertions(+) ... > diff --git a/security/lsm_syscalls.c b/security/lsm_syscalls.c > index feee31600219..6efbe244d304 100644 > --- a/security/lsm_syscalls.c > +++ b/security/lsm_syscalls.c > @@ -53,3 +53,42 @@ SYSCALL_DEFINE4(lsm_get_self_attr, unsigned int, attr, struct lsm_ctx __user *, > { > return security_getselfattr(attr, ctx, size, flags); > } > + > +/** > + * sys_lsm_list_modules - Return a list of the active security modules > + * @ids: the LSM module ids > + * @size: size of @ids, updated on return > + * @flags: reserved for future use, must be zero > + * > + * Returns a list of the active LSM ids. On success this function > + * returns the number of @ids array elements. This value may be zero > + * if there are no LSMs active. If @size is insufficient to contain > + * the return data -E2BIG is returned and @size is set to the minimum > + * required size. In all other cases a negative value indicating the > + * error is returned. > + */ > +SYSCALL_DEFINE3(lsm_list_modules, u64 __user *, ids, size_t __user *, size, > + u32, flags) > +{ > + size_t total_size = lsm_active_cnt * sizeof(*ids); > + size_t usize; > + int i; > + > + if (flags) > + return -EINVAL; In other patches in this patchset you use 'if (flags != 0)'; I don't care too much which approach you take, but please be consistent. Actually, I guess you might as well just go with 'if (flags)' since I'm pretty sure someone later down the line will end up wasting reviewer time by changing '(flags != 0)' into '(flags)' ... > + if (get_user(usize, size)) > + return -EFAULT; > + > + if (put_user(total_size, size) != 0) > + return -EFAULT; > + > + if (usize < total_size) > + return -E2BIG; > + > + for (i = 0; i < lsm_active_cnt; i++) > + if (put_user(lsm_idlist[i]->id, ids++)) > + return -EFAULT; > + > + return lsm_active_cnt; > +} > -- > 2.39.2 -- paul-moore.com
It looks like you missed my preview reviews on these patches. On 15/03/2023 23:46, Casey Schaufler wrote: > Create a system call to report the list of Linux Security Modules > that are active on the system. The list is provided as an array > of LSM ID numbers. > > The calling application can use this list determine what LSM > specific actions it might take. That might include chosing an > output format, determining required privilege or bypassing > security module specific behavior. > > Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> > --- > Documentation/userspace-api/lsm.rst | 3 +++ > include/linux/syscalls.h | 1 + > kernel/sys_ni.c | 1 + > security/lsm_syscalls.c | 39 +++++++++++++++++++++++++++++ > 4 files changed, 44 insertions(+) > > diff --git a/Documentation/userspace-api/lsm.rst b/Documentation/userspace-api/lsm.rst > index b45e402302b3..a86e3817f062 100644 > --- a/Documentation/userspace-api/lsm.rst > +++ b/Documentation/userspace-api/lsm.rst > @@ -63,6 +63,9 @@ Get the specified security attributes of the current process > .. kernel-doc:: security/lsm_syscalls.c > :identifiers: sys_lsm_get_self_attr > > +.. kernel-doc:: security/lsm_syscalls.c > + :identifiers: sys_lsm_list_modules > + > Additional documentation > ======================== > > diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h > index 3feca00cb0c1..f755c583f949 100644 > --- a/include/linux/syscalls.h > +++ b/include/linux/syscalls.h > @@ -1063,6 +1063,7 @@ asmlinkage long sys_lsm_get_self_attr(unsigned int attr, struct lsm_ctx *ctx, > size_t *size, __u64 flags); > asmlinkage long sys_lsm_set_self_attr(unsigned int attr, struct lsm_ctx *ctx, > __u64 flags); > +asmlinkage long sys_lsm_list_modules(u64 *ids, size_t *size, u32 flags); > > /* > * Architecture-specific system calls > diff --git a/kernel/sys_ni.c b/kernel/sys_ni.c > index d03c78ef1562..ceb3d21a62d0 100644 > --- a/kernel/sys_ni.c > +++ b/kernel/sys_ni.c > @@ -265,6 +265,7 @@ COND_SYSCALL(mremap); > /* security/lsm_syscalls.c */ > COND_SYSCALL(lsm_get_self_attr); > COND_SYSCALL(lsm_set_self_attr); > +COND_SYSCALL(lsm_list_modules); > > /* security/keys/keyctl.c */ > COND_SYSCALL(add_key); > diff --git a/security/lsm_syscalls.c b/security/lsm_syscalls.c > index feee31600219..6efbe244d304 100644 > --- a/security/lsm_syscalls.c > +++ b/security/lsm_syscalls.c > @@ -53,3 +53,42 @@ SYSCALL_DEFINE4(lsm_get_self_attr, unsigned int, attr, struct lsm_ctx __user *, > { > return security_getselfattr(attr, ctx, size, flags); > } > + > +/** > + * sys_lsm_list_modules - Return a list of the active security modules > + * @ids: the LSM module ids > + * @size: size of @ids, updated on return > + * @flags: reserved for future use, must be zero > + * > + * Returns a list of the active LSM ids. On success this function > + * returns the number of @ids array elements. This value may be zero > + * if there are no LSMs active. If @size is insufficient to contain > + * the return data -E2BIG is returned and @size is set to the minimum > + * required size. In all other cases a negative value indicating the > + * error is returned. > + */ > +SYSCALL_DEFINE3(lsm_list_modules, u64 __user *, ids, size_t __user *, size, > + u32, flags) > +{ > + size_t total_size = lsm_active_cnt * sizeof(*ids); > + size_t usize; > + int i; > + > + if (flags) > + return -EINVAL; > + > + if (get_user(usize, size)) > + return -EFAULT; > + > + if (put_user(total_size, size) != 0) > + return -EFAULT; > + > + if (usize < total_size) > + return -E2BIG; > + > + for (i = 0; i < lsm_active_cnt; i++) > + if (put_user(lsm_idlist[i]->id, ids++)) > + return -EFAULT; > + > + return lsm_active_cnt; > +}
On Mon, Apr 3, 2023 at 8:04 AM Mickaël Salaün <mic@digikod.net> wrote: > > It looks like you missed my preview reviews on these patches. For reference, I believe this is Mickaël's review of the associated v6 patch: https://lore.kernel.org/linux-security-module/1ca41f67-ffa1-56c2-b4ee-f5deece95130@digikod.net/ > On 15/03/2023 23:46, Casey Schaufler wrote: > > Create a system call to report the list of Linux Security Modules > > that are active on the system. The list is provided as an array > > of LSM ID numbers. > > > > The calling application can use this list determine what LSM > > specific actions it might take. That might include chosing an > > output format, determining required privilege or bypassing > > security module specific behavior. > > > > Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> > > --- > > Documentation/userspace-api/lsm.rst | 3 +++ > > include/linux/syscalls.h | 1 + > > kernel/sys_ni.c | 1 + > > security/lsm_syscalls.c | 39 +++++++++++++++++++++++++++++ > > 4 files changed, 44 insertions(+) > > > > diff --git a/Documentation/userspace-api/lsm.rst b/Documentation/userspace-api/lsm.rst > > index b45e402302b3..a86e3817f062 100644 > > --- a/Documentation/userspace-api/lsm.rst > > +++ b/Documentation/userspace-api/lsm.rst > > @@ -63,6 +63,9 @@ Get the specified security attributes of the current process > > .. kernel-doc:: security/lsm_syscalls.c > > :identifiers: sys_lsm_get_self_attr > > > > +.. kernel-doc:: security/lsm_syscalls.c > > + :identifiers: sys_lsm_list_modules > > + > > Additional documentation > > ======================== > > > > diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h > > index 3feca00cb0c1..f755c583f949 100644 > > --- a/include/linux/syscalls.h > > +++ b/include/linux/syscalls.h > > @@ -1063,6 +1063,7 @@ asmlinkage long sys_lsm_get_self_attr(unsigned int attr, struct lsm_ctx *ctx, > > size_t *size, __u64 flags); > > asmlinkage long sys_lsm_set_self_attr(unsigned int attr, struct lsm_ctx *ctx, > > __u64 flags); > > +asmlinkage long sys_lsm_list_modules(u64 *ids, size_t *size, u32 flags); > > > > /* > > * Architecture-specific system calls > > diff --git a/kernel/sys_ni.c b/kernel/sys_ni.c > > index d03c78ef1562..ceb3d21a62d0 100644 > > --- a/kernel/sys_ni.c > > +++ b/kernel/sys_ni.c > > @@ -265,6 +265,7 @@ COND_SYSCALL(mremap); > > /* security/lsm_syscalls.c */ > > COND_SYSCALL(lsm_get_self_attr); > > COND_SYSCALL(lsm_set_self_attr); > > +COND_SYSCALL(lsm_list_modules); > > > > /* security/keys/keyctl.c */ > > COND_SYSCALL(add_key); > > diff --git a/security/lsm_syscalls.c b/security/lsm_syscalls.c > > index feee31600219..6efbe244d304 100644 > > --- a/security/lsm_syscalls.c > > +++ b/security/lsm_syscalls.c > > @@ -53,3 +53,42 @@ SYSCALL_DEFINE4(lsm_get_self_attr, unsigned int, attr, struct lsm_ctx __user *, > > { > > return security_getselfattr(attr, ctx, size, flags); > > } > > + > > +/** > > + * sys_lsm_list_modules - Return a list of the active security modules > > + * @ids: the LSM module ids > > + * @size: size of @ids, updated on return > > + * @flags: reserved for future use, must be zero > > + * > > + * Returns a list of the active LSM ids. On success this function > > + * returns the number of @ids array elements. This value may be zero > > + * if there are no LSMs active. If @size is insufficient to contain > > + * the return data -E2BIG is returned and @size is set to the minimum > > + * required size. In all other cases a negative value indicating the > > + * error is returned. > > + */ > > +SYSCALL_DEFINE3(lsm_list_modules, u64 __user *, ids, size_t __user *, size, > > + u32, flags) > > +{ > > + size_t total_size = lsm_active_cnt * sizeof(*ids); > > + size_t usize; > > + int i; > > + > > + if (flags) > > + return -EINVAL; > > + > > + if (get_user(usize, size)) > > + return -EFAULT; > > + > > + if (put_user(total_size, size) != 0) > > + return -EFAULT; > > + > > + if (usize < total_size) > > + return -E2BIG; > > + > > + for (i = 0; i < lsm_active_cnt; i++) > > + if (put_user(lsm_idlist[i]->id, ids++)) > > + return -EFAULT; > > + > > + return lsm_active_cnt; > > +}
On Mon, Apr 10, 2023 at 7:37 PM Paul Moore <paul@paul-moore.com> wrote: > > On Mon, Apr 3, 2023 at 8:04 AM Mickaël Salaün <mic@digikod.net> wrote: > > > > It looks like you missed my preview reviews on these patches. > > For reference, I believe this is Mickaël's review of the associated v6 patch: > > https://lore.kernel.org/linux-security-module/1ca41f67-ffa1-56c2-b4ee-f5deece95130@digikod.net/ My apologies, I hit send too soon ... Mickaël, if there are a specific points you feel have not been addressed, but should be, it would be helpful if you could list them in this thread. > > On 15/03/2023 23:46, Casey Schaufler wrote: > > > Create a system call to report the list of Linux Security Modules > > > that are active on the system. The list is provided as an array > > > of LSM ID numbers. > > > > > > The calling application can use this list determine what LSM > > > specific actions it might take. That might include chosing an > > > output format, determining required privilege or bypassing > > > security module specific behavior. > > > > > > Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> > > > --- > > > Documentation/userspace-api/lsm.rst | 3 +++ > > > include/linux/syscalls.h | 1 + > > > kernel/sys_ni.c | 1 + > > > security/lsm_syscalls.c | 39 +++++++++++++++++++++++++++++ > > > 4 files changed, 44 insertions(+) > > > > > > diff --git a/Documentation/userspace-api/lsm.rst b/Documentation/userspace-api/lsm.rst > > > index b45e402302b3..a86e3817f062 100644 > > > --- a/Documentation/userspace-api/lsm.rst > > > +++ b/Documentation/userspace-api/lsm.rst > > > @@ -63,6 +63,9 @@ Get the specified security attributes of the current process > > > .. kernel-doc:: security/lsm_syscalls.c > > > :identifiers: sys_lsm_get_self_attr > > > > > > +.. kernel-doc:: security/lsm_syscalls.c > > > + :identifiers: sys_lsm_list_modules > > > + > > > Additional documentation > > > ======================== > > > > > > diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h > > > index 3feca00cb0c1..f755c583f949 100644 > > > --- a/include/linux/syscalls.h > > > +++ b/include/linux/syscalls.h > > > @@ -1063,6 +1063,7 @@ asmlinkage long sys_lsm_get_self_attr(unsigned int attr, struct lsm_ctx *ctx, > > > size_t *size, __u64 flags); > > > asmlinkage long sys_lsm_set_self_attr(unsigned int attr, struct lsm_ctx *ctx, > > > __u64 flags); > > > +asmlinkage long sys_lsm_list_modules(u64 *ids, size_t *size, u32 flags); > > > > > > /* > > > * Architecture-specific system calls > > > diff --git a/kernel/sys_ni.c b/kernel/sys_ni.c > > > index d03c78ef1562..ceb3d21a62d0 100644 > > > --- a/kernel/sys_ni.c > > > +++ b/kernel/sys_ni.c > > > @@ -265,6 +265,7 @@ COND_SYSCALL(mremap); > > > /* security/lsm_syscalls.c */ > > > COND_SYSCALL(lsm_get_self_attr); > > > COND_SYSCALL(lsm_set_self_attr); > > > +COND_SYSCALL(lsm_list_modules); > > > > > > /* security/keys/keyctl.c */ > > > COND_SYSCALL(add_key); > > > diff --git a/security/lsm_syscalls.c b/security/lsm_syscalls.c > > > index feee31600219..6efbe244d304 100644 > > > --- a/security/lsm_syscalls.c > > > +++ b/security/lsm_syscalls.c > > > @@ -53,3 +53,42 @@ SYSCALL_DEFINE4(lsm_get_self_attr, unsigned int, attr, struct lsm_ctx __user *, > > > { > > > return security_getselfattr(attr, ctx, size, flags); > > > } > > > + > > > +/** > > > + * sys_lsm_list_modules - Return a list of the active security modules > > > + * @ids: the LSM module ids > > > + * @size: size of @ids, updated on return > > > + * @flags: reserved for future use, must be zero > > > + * > > > + * Returns a list of the active LSM ids. On success this function > > > + * returns the number of @ids array elements. This value may be zero > > > + * if there are no LSMs active. If @size is insufficient to contain > > > + * the return data -E2BIG is returned and @size is set to the minimum > > > + * required size. In all other cases a negative value indicating the > > > + * error is returned. > > > + */ > > > +SYSCALL_DEFINE3(lsm_list_modules, u64 __user *, ids, size_t __user *, size, > > > + u32, flags) > > > +{ > > > + size_t total_size = lsm_active_cnt * sizeof(*ids); > > > + size_t usize; > > > + int i; > > > + > > > + if (flags) > > > + return -EINVAL; > > > + > > > + if (get_user(usize, size)) > > > + return -EFAULT; > > > + > > > + if (put_user(total_size, size) != 0) > > > + return -EFAULT; > > > + > > > + if (usize < total_size) > > > + return -E2BIG; > > > + > > > + for (i = 0; i < lsm_active_cnt; i++) > > > + if (put_user(lsm_idlist[i]->id, ids++)) > > > + return -EFAULT; > > > + > > > + return lsm_active_cnt; > > > +} > > -- > paul-moore.com
On 11/04/2023 01:38, Paul Moore wrote: > On Mon, Apr 10, 2023 at 7:37 PM Paul Moore <paul@paul-moore.com> wrote: >> >> On Mon, Apr 3, 2023 at 8:04 AM Mickaël Salaün <mic@digikod.net> wrote: >>> >>> It looks like you missed my preview reviews on these patches. >> >> For reference, I believe this is Mickaël's review of the associated v6 patch: >> >> https://lore.kernel.org/linux-security-module/1ca41f67-ffa1-56c2-b4ee-f5deece95130@digikod.net/ > > My apologies, I hit send too soon ... Mickaël, if there are a specific > points you feel have not been addressed, but should be, it would be > helpful if you could list them in this thread. No worries, Casey replied to the original thread: https://lore.kernel.org/linux-security-module/8819e4eb-1e99-bb38-6501-638677d3f4cf@schaufler-ca.com/
diff --git a/Documentation/userspace-api/lsm.rst b/Documentation/userspace-api/lsm.rst index b45e402302b3..a86e3817f062 100644 --- a/Documentation/userspace-api/lsm.rst +++ b/Documentation/userspace-api/lsm.rst @@ -63,6 +63,9 @@ Get the specified security attributes of the current process .. kernel-doc:: security/lsm_syscalls.c :identifiers: sys_lsm_get_self_attr +.. kernel-doc:: security/lsm_syscalls.c + :identifiers: sys_lsm_list_modules + Additional documentation ======================== diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h index 3feca00cb0c1..f755c583f949 100644 --- a/include/linux/syscalls.h +++ b/include/linux/syscalls.h @@ -1063,6 +1063,7 @@ asmlinkage long sys_lsm_get_self_attr(unsigned int attr, struct lsm_ctx *ctx, size_t *size, __u64 flags); asmlinkage long sys_lsm_set_self_attr(unsigned int attr, struct lsm_ctx *ctx, __u64 flags); +asmlinkage long sys_lsm_list_modules(u64 *ids, size_t *size, u32 flags); /* * Architecture-specific system calls diff --git a/kernel/sys_ni.c b/kernel/sys_ni.c index d03c78ef1562..ceb3d21a62d0 100644 --- a/kernel/sys_ni.c +++ b/kernel/sys_ni.c @@ -265,6 +265,7 @@ COND_SYSCALL(mremap); /* security/lsm_syscalls.c */ COND_SYSCALL(lsm_get_self_attr); COND_SYSCALL(lsm_set_self_attr); +COND_SYSCALL(lsm_list_modules); /* security/keys/keyctl.c */ COND_SYSCALL(add_key); diff --git a/security/lsm_syscalls.c b/security/lsm_syscalls.c index feee31600219..6efbe244d304 100644 --- a/security/lsm_syscalls.c +++ b/security/lsm_syscalls.c @@ -53,3 +53,42 @@ SYSCALL_DEFINE4(lsm_get_self_attr, unsigned int, attr, struct lsm_ctx __user *, { return security_getselfattr(attr, ctx, size, flags); } + +/** + * sys_lsm_list_modules - Return a list of the active security modules + * @ids: the LSM module ids + * @size: size of @ids, updated on return + * @flags: reserved for future use, must be zero + * + * Returns a list of the active LSM ids. On success this function + * returns the number of @ids array elements. This value may be zero + * if there are no LSMs active. If @size is insufficient to contain + * the return data -E2BIG is returned and @size is set to the minimum + * required size. In all other cases a negative value indicating the + * error is returned. + */ +SYSCALL_DEFINE3(lsm_list_modules, u64 __user *, ids, size_t __user *, size, + u32, flags) +{ + size_t total_size = lsm_active_cnt * sizeof(*ids); + size_t usize; + int i; + + if (flags) + return -EINVAL; + + if (get_user(usize, size)) + return -EFAULT; + + if (put_user(total_size, size) != 0) + return -EFAULT; + + if (usize < total_size) + return -E2BIG; + + for (i = 0; i < lsm_active_cnt; i++) + if (put_user(lsm_idlist[i]->id, ids++)) + return -EFAULT; + + return lsm_active_cnt; +}
Create a system call to report the list of Linux Security Modules that are active on the system. The list is provided as an array of LSM ID numbers. The calling application can use this list determine what LSM specific actions it might take. That might include chosing an output format, determining required privilege or bypassing security module specific behavior. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> --- Documentation/userspace-api/lsm.rst | 3 +++ include/linux/syscalls.h | 1 + kernel/sys_ni.c | 1 + security/lsm_syscalls.c | 39 +++++++++++++++++++++++++++++ 4 files changed, 44 insertions(+)