From patchwork Fri Aug 24 22:41:12 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Schaufler, Casey" X-Patchwork-Id: 10575953 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 45AAE112E for ; Fri, 24 Aug 2018 22:41:50 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 36FA92CD2A for ; Fri, 24 Aug 2018 22:41:50 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 2B01F2CD43; Fri, 24 Aug 2018 22:41:50 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id 3966A2CD2A for ; Fri, 24 Aug 2018 22:41:48 +0000 (UTC) Received: (qmail 22184 invoked by uid 550); 24 Aug 2018 22:41:45 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 22147 invoked from network); 24 Aug 2018 22:41:44 -0000 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.53,284,1531810800"; d="scan'208";a="84307210" From: Casey Schaufler To: kernel-hardening@lists.openwall.com, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov, casey.schaufler@intel.com, dave.hansen@intel.com, deneen.t.dock@intel.com, kristen@linux.intel.com, arjan@linux.intel.com Subject: [PATCH v4 0/5] LSM: Add and use a hook for side-channel safety checks Date: Fri, 24 Aug 2018 15:41:12 -0700 Message-Id: <20180824224117.3356-1-casey.schaufler@intel.com> X-Mailer: git-send-email 2.17.0 X-Virus-Scanned: ClamAV using ClamSMTP v4: select namespace checks if user namespaces are enabled and credential checks are request. v3: get_task_cred wasn't a good choice due to refcounts. Use lower level protection instead v2: SELinux access policy corrected. Use real_cred instead of cred. This patchset provide a mechanism by which a security module can advise the system about potential side-channel vulnerabilities. If security_safe_sidechannel() returns 0 the security modules do not know of any data that would be subject to a side-channel attack. If the security module maintains data that it believes may be susceptible to a side-channel attack it will return -EACCES. Simple hooks are provided for SELinux and Smack. A new security module is provided to make determinations regarding traditional task attributes, including user IDs, capability sets and namespaces. Signed-off-by: Casey Schaufler --- MAINTAINERS | 6 ++ arch/x86/mm/tlb.c | 12 ++- include/linux/lsm_hooks.h | 12 +++ include/linux/security.h | 1 + security/Kconfig | 1 + security/Makefile | 2 + security/security.c | 6 ++ security/selinux/hooks.c | 9 ++ security/sidechannel/Kconfig | 65 +++++++++++++ security/sidechannel/Makefile | 1 + security/sidechannel/sidechannel.c | 184 +++++++++++++++++++++++++++++++++++++ security/smack/smack_lsm.c | 18 ++++ 12 files changed, 313 insertions(+), 4 deletions(-)