From patchwork Sun Sep 16 00:30:42 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10601635 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id D522814DB for ; Sun, 16 Sep 2018 00:32:33 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C3CE02A2C4 for ; Sun, 16 Sep 2018 00:32:33 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id B7AEC2A649; Sun, 16 Sep 2018 00:32:33 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6B0D32A2C4 for ; Sun, 16 Sep 2018 00:32:33 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728418AbeIPFxZ (ORCPT ); Sun, 16 Sep 2018 01:53:25 -0400 Received: from mail-pl1-f195.google.com ([209.85.214.195]:40031 "EHLO mail-pl1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728090AbeIPFwD (ORCPT ); Sun, 16 Sep 2018 01:52:03 -0400 Received: by mail-pl1-f195.google.com with SMTP id s17-v6so5782833plp.7 for ; Sat, 15 Sep 2018 17:31:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=Zg+yA6iBpUZzxZCfC7FbRgVPvRB/0N0Ik3Iu+95jWHE=; b=eB8ZoZ4tMyIPviAYdKjqes9M3w8pKOe5njrcU+iiJiycgH0TQa5knqhL7RzMCRSzsh SsTcm9DpzGnUbXAmqVLH3t2fUBOhQ/4znosFarR4rI1+BembNK+S9BVBT3yqyrTrugA7 ebU8PdO/MYadi8BOY9h+SAxStt9PTOTauO2dg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=Zg+yA6iBpUZzxZCfC7FbRgVPvRB/0N0Ik3Iu+95jWHE=; b=Oufu+NmDHr7zF463mkwuMSEqb0o7eXiCVC6ZvuQMP4w2jUStU/WK1VQi4u7/QRcfmF rcnYNqeafzPsDJvGb6H4uI7d1oVACij07K8HGAk+St8AAk+Jumq2tCtjjzyp3gjikCI9 4r6ZEfZHPwrKk6s6R+ZqeLBQu097HNxcYVje/fMixcS0wCeplOx3zcP6ciNQ3GtOKDGW jMIWaxbbJDcMbEsUAiOeA4inuM0xsoMVsd736u0xoAnfVyR2qLji97hKKBJSaMxJodur OwZs304GO3RgFqILKOsTTCp24D4F5tD3/aqx9F7jVFsQ8JXRbELwVMItC1REgA9iWces Bzrg== X-Gm-Message-State: APzg51Ah8zsNMd67Z3iMSAtP6GaPlf6LFWuy4uTJlh+REKmptVyJI06V 4w/zynuhWvFSVGymYyiunHAoDw== X-Google-Smtp-Source: ANB0VdaiGIbcUCES3t3Rn7a0Q101MfJ+m63WoQTqFxMMykjqCPHnrrhjAFG9uHP4B1wFvWpdgeGe3Q== X-Received: by 2002:a17:902:b212:: with SMTP id t18-v6mr18849902plr.107.1537057867383; Sat, 15 Sep 2018 17:31:07 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id r81-v6sm15149679pfa.18.2018.09.15.17.31.03 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sat, 15 Sep 2018 17:31:03 -0700 (PDT) From: Kees Cook To: James Morris Cc: Kees Cook , Casey Schaufler , John Johansen , Tetsuo Handa , Paul Moore , Stephen Smalley , "Schaufler, Casey" , LSM , LKLM Subject: [PATCH 01/18] vmlinux.lds.h: Avoid copy/paste of security_init section Date: Sat, 15 Sep 2018 17:30:42 -0700 Message-Id: <20180916003059.1046-2-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180916003059.1046-1-keescook@chromium.org> References: <20180916003059.1046-1-keescook@chromium.org> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Avoid copy/paste by defining SECURITY_INIT in terms of SECURITY_INITCALL. Signed-off-by: Kees Cook --- include/asm-generic/vmlinux.lds.h | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h index 7b75ff6e2fce..934a45395547 100644 --- a/include/asm-generic/vmlinux.lds.h +++ b/include/asm-generic/vmlinux.lds.h @@ -473,13 +473,6 @@ #define RODATA RO_DATA_SECTION(4096) #define RO_DATA(align) RO_DATA_SECTION(align) -#define SECURITY_INIT \ - .security_initcall.init : AT(ADDR(.security_initcall.init) - LOAD_OFFSET) { \ - __security_initcall_start = .; \ - KEEP(*(.security_initcall.init)) \ - __security_initcall_end = .; \ - } - /* * .text section. Map to function alignment to avoid address changes * during second ld run in second ld pass when generating System.map @@ -798,6 +791,12 @@ KEEP(*(.security_initcall.init)) \ __security_initcall_end = .; +/* Older linker script style for security init. */ +#define SECURITY_INIT \ + .security_initcall.init : AT(ADDR(.security_initcall.init) - LOAD_OFFSET) { \ + SECURITY_INITCALL \ + } + #ifdef CONFIG_BLK_DEV_INITRD #define INIT_RAM_FS \ . = ALIGN(4); \ From patchwork Sun Sep 16 00:30:43 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10601607 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 779CE13AD for ; Sun, 16 Sep 2018 00:31:07 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 63AAE2A647 for ; Sun, 16 Sep 2018 00:31:07 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 52C742A649; Sun, 16 Sep 2018 00:31:07 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E8BD12A647 for ; Sun, 16 Sep 2018 00:31:06 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727556AbeIPFwB (ORCPT ); Sun, 16 Sep 2018 01:52:01 -0400 Received: from mail-pf1-f195.google.com ([209.85.210.195]:37850 "EHLO mail-pf1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727293AbeIPFwB (ORCPT ); Sun, 16 Sep 2018 01:52:01 -0400 Received: by mail-pf1-f195.google.com with SMTP id h69-v6so5927781pfd.4 for ; Sat, 15 Sep 2018 17:31:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=JkAxKUtWlRibGwrMGXJBt5UGVFwepAcEiRLGWZboXYU=; b=JbuK7HgbR1dxxm05eq3VUa9a/aD8xLnYsh4fVbQ34oL6IL13PVFJvkdUcWJlUsWnXT uhm9ZzpSa4Q9wYiVPODpvZe9uVubdk6op+1mMGkeGf1GdUZTbD99AIGLhr0jPisOALZc 7TBDDKYYaaOQX6yyVlHzDcOYg2Wl4Wfk5lEN8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=JkAxKUtWlRibGwrMGXJBt5UGVFwepAcEiRLGWZboXYU=; b=fOUwc9068fR8wgxPwnINzCjmskzPxGmNqOTMewEn9nh85ItG9tUZJRAh9pnZ77uGVp Fy98BL2h30ujt1/qzxHs8tMZWclKZ/PpavTT45fQy3X2fXR2vg6GaSH9NH8UTFLTORu/ gcIMRrFEwdfiu4bRr+h7dGBACm6vGEI8hhjhJpIJOtpUvRDqU7RU4jM92N4etTD7m+oL jd40Eiq+ZM9Jw5o813v8oznhcI0sy7H0PhCFAdim1lzUksKiyReO+7qBl6tpVWhVvDAF E1TIP7NbCsGrSqb3hGRIc1kt6tpZIQxyAm32w26dhTjWLD8SIr/Hdz01VI7omRLyOlfC 109w== X-Gm-Message-State: APzg51Bpv+/kh9tjn+jxvNB4c1oEuqlARJPoprUT9VIu+FzsfTrwR1wU vTA7mzV/wAyLAv/l1k1az9vHSw== X-Google-Smtp-Source: ANB0VdauNSbxnAvnXyetO6FCs03ua+10CelcL1BYJzI/dFf/pPS8T845JrqvfeiIJU2ucNL/woZTLw== X-Received: by 2002:a63:e318:: with SMTP id f24-v6mr17548876pgh.175.1537057864777; Sat, 15 Sep 2018 17:31:04 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id l70-v6sm15456229pge.36.2018.09.15.17.31.03 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sat, 15 Sep 2018 17:31:03 -0700 (PDT) From: Kees Cook To: James Morris Cc: Kees Cook , Casey Schaufler , John Johansen , Tetsuo Handa , Paul Moore , Stephen Smalley , "Schaufler, Casey" , LSM , LKLM Subject: [PATCH 02/18] LSM: Rename .security_initcall section to .lsm_info Date: Sat, 15 Sep 2018 17:30:43 -0700 Message-Id: <20180916003059.1046-3-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180916003059.1046-1-keescook@chromium.org> References: <20180916003059.1046-1-keescook@chromium.org> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP In preparation for switching from initcall to just a regular set of pointers in a section, rename the internal section name. Signed-off-by: Kees Cook --- include/asm-generic/vmlinux.lds.h | 10 +++++----- include/linux/init.h | 4 ++-- security/security.c | 4 ++-- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h index 934a45395547..5079a969e612 100644 --- a/include/asm-generic/vmlinux.lds.h +++ b/include/asm-generic/vmlinux.lds.h @@ -787,14 +787,14 @@ __con_initcall_end = .; #define SECURITY_INITCALL \ - __security_initcall_start = .; \ - KEEP(*(.security_initcall.init)) \ - __security_initcall_end = .; + __start_lsm_info = .; \ + KEEP(*(.lsm_info.init)) \ + __end_lsm_info = .; /* Older linker script style for security init. */ #define SECURITY_INIT \ - .security_initcall.init : AT(ADDR(.security_initcall.init) - LOAD_OFFSET) { \ - SECURITY_INITCALL \ + .lsm_info.init : AT(ADDR(.lsm_info.init) - LOAD_OFFSET) { \ + LSM_INFO \ } #ifdef CONFIG_BLK_DEV_INITRD diff --git a/include/linux/init.h b/include/linux/init.h index 2538d176dd1f..77636539e77c 100644 --- a/include/linux/init.h +++ b/include/linux/init.h @@ -133,7 +133,7 @@ static inline initcall_t initcall_from_entry(initcall_entry_t *entry) #endif extern initcall_entry_t __con_initcall_start[], __con_initcall_end[]; -extern initcall_entry_t __security_initcall_start[], __security_initcall_end[]; +extern initcall_entry_t __start_lsm_info[], __end_lsm_info[]; /* Used for contructor calls. */ typedef void (*ctor_fn_t)(void); @@ -236,7 +236,7 @@ extern bool initcall_debug; static exitcall_t __exitcall_##fn __exit_call = fn #define console_initcall(fn) ___define_initcall(fn,, .con_initcall) -#define security_initcall(fn) ___define_initcall(fn,, .security_initcall) +#define security_initcall(fn) ___define_initcall(fn,, .lsm_info) struct obs_kernel_param { const char *str; diff --git a/security/security.c b/security/security.c index 736e78da1ab9..d49d5ff8be4b 100644 --- a/security/security.c +++ b/security/security.c @@ -51,9 +51,9 @@ static void __init do_security_initcalls(void) initcall_t call; initcall_entry_t *ce; - ce = __security_initcall_start; + ce = __start_lsm_info; trace_initcall_level("security"); - while (ce < __security_initcall_end) { + while (ce < __end_lsm_info) { call = initcall_from_entry(ce); trace_initcall_start(call); ret = call(); From patchwork Sun Sep 16 00:30:44 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10601609 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id EBF3913AD for ; Sun, 16 Sep 2018 00:31:15 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D91392A647 for ; Sun, 16 Sep 2018 00:31:15 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id CB1472A64D; Sun, 16 Sep 2018 00:31:15 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7E12A2A647 for ; Sun, 16 Sep 2018 00:31:15 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727547AbeIPFwC (ORCPT ); Sun, 16 Sep 2018 01:52:02 -0400 Received: from mail-pf1-f194.google.com ([209.85.210.194]:44479 "EHLO mail-pf1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728036AbeIPFwC (ORCPT ); Sun, 16 Sep 2018 01:52:02 -0400 Received: by mail-pf1-f194.google.com with SMTP id k21-v6so5918802pff.11 for ; Sat, 15 Sep 2018 17:31:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=jb16JJKYPrUkwwf+IIiV9x2fMWSaJBPCjHmkUCeoEUA=; b=Dbo5EBYAImPBD30afpw2UwkLCmYG0+qSGkSoO1j88KP43fd8dvD1lMtqISHtIwgDLP owuLG44J3rybcFPZaeQTsbn1XY7Fykn93fno4oHTrcUJ9ZrZTd1zQBsw0a0CiXgWlKu1 F+5wDsTeC1uRGsiqOoBYEKBfRd5O7wCmyT5tI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=jb16JJKYPrUkwwf+IIiV9x2fMWSaJBPCjHmkUCeoEUA=; b=kyPtb1apWgxxB9+7gVpu4LO9gm+KYyHzjjhbqTR4IxXMmwK+oGQRBv6xIQqyC9jkjc Mr1Xmg3rIaggtwA9yli4gidtVXUgHlQcXI/vE3zrIG1K0LValNMmvm2x6ZrLwYgTmFrm ygOxySJKTIOJeLOe2WkDOe4C8NwQswjc6cXAwkosGsv+YdXBoP7D18juMvUspnbF33yE s+9T31QMZ2C1R3qSbJDoiwjc1SIuuF67iitFDqW5XARBK4sHBZPTHfvoRFWH9E84Kufs y0uDxJp/xWvZI1Xue3wGtYnqgKBadrr+7RrMjHZ79P9GrnYz+gajW8tR6V4191vbh3wF ruMg== X-Gm-Message-State: APzg51DL2Rigt851DjdCT1UPEAIcZIECnaphsssLZI+VJ4YTDoF7VM8y UGShVZDZKz0OFg3XDYzvBX4cDQ== X-Google-Smtp-Source: ANB0VdZCrHk5TTxNgXYNU4F2E1hFoHAgchTPyT3QaN70sMbcGo15nl2AR6knA9I6gLFFDVYPvngAhw== X-Received: by 2002:a63:6385:: with SMTP id x127-v6mr17867638pgb.413.1537057866487; Sat, 15 Sep 2018 17:31:06 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id w5-v6sm12814326pfn.44.2018.09.15.17.31.03 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sat, 15 Sep 2018 17:31:03 -0700 (PDT) From: Kees Cook To: James Morris Cc: Kees Cook , Casey Schaufler , John Johansen , Tetsuo Handa , Paul Moore , Stephen Smalley , "Schaufler, Casey" , LSM , LKLM Subject: [PATCH 03/18] LSM: Remove initcall tracing Date: Sat, 15 Sep 2018 17:30:44 -0700 Message-Id: <20180916003059.1046-4-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180916003059.1046-1-keescook@chromium.org> References: <20180916003059.1046-1-keescook@chromium.org> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP This partially reverts commit 58eacfffc417 ("init, tracing: instrument security and console initcall trace events") since security init calls are about to no longer resemble regular init calls. Signed-off-by: Kees Cook --- security/security.c | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/security/security.c b/security/security.c index d49d5ff8be4b..913eb73ff3f9 100644 --- a/security/security.c +++ b/security/security.c @@ -30,8 +30,6 @@ #include #include -#include - #define MAX_LSM_EVM_XATTR 2 /* Maximum number of letters for an LSM name string */ @@ -47,17 +45,13 @@ static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] = static void __init do_security_initcalls(void) { - int ret; initcall_t call; initcall_entry_t *ce; ce = __start_lsm_info; - trace_initcall_level("security"); while (ce < __end_lsm_info) { call = initcall_from_entry(ce); - trace_initcall_start(call); - ret = call(); - trace_initcall_finish(call, ret); + call(); ce++; } } From patchwork Sun Sep 16 00:30:45 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10601637 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id D9A1213AD for ; Sun, 16 Sep 2018 00:32:39 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C83512A2C4 for ; Sun, 16 Sep 2018 00:32:39 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id BCCF82A648; Sun, 16 Sep 2018 00:32:39 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 575ED2A2C4 for ; Sun, 16 Sep 2018 00:32:39 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728036AbeIPFxe (ORCPT ); Sun, 16 Sep 2018 01:53:34 -0400 Received: from mail-pg1-f195.google.com ([209.85.215.195]:33254 "EHLO mail-pg1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727554AbeIPFwB (ORCPT ); Sun, 16 Sep 2018 01:52:01 -0400 Received: by mail-pg1-f195.google.com with SMTP id s7-v6so6036481pgc.0 for ; Sat, 15 Sep 2018 17:31:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=4x3wXndDQ4VJqQe2mF32UbVeYFwfEcL/sUHfxfsY/AY=; b=WEhIvMPEHheL+iis6WilpNhff5SusixPlAblTmrVdRVuh7l6KaYecXkyEOiMfeJ8XL DAwyuIu5SRREFm0cY7UdyKE1XLDmFNfe3XSQIB4mHjYiN8KLSyY7Nl7FpIIgspVECSmB VbCxRihR0B6KrC6qV+VZZHhF5D7c9OIT3LkX4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=4x3wXndDQ4VJqQe2mF32UbVeYFwfEcL/sUHfxfsY/AY=; b=nh14ezj7wxKwBUTymSWGvOQTTsUen18S1N9LnqZkQf9eYRJMf8BHaLo+htcV6FG1W1 LMZYzO/hUuykR/pKA3NuSiwsQVGi2dEXrIJJREIWZBr7kgP33yExHE3EGDbQLEA0AI8u tIlLtzSYmOUrQMg0rcG+k8dvO8ENb9CoOjkDdYIM2kQVVki6lD21Udc10mWGb/BLuFVk /BkxDbnjUrB87JYwesRM8+xJLAMLYTAQFMn5RRw7tdY9PnKhKKnWqNdJfUINI7f0Sqp2 f4nEf62USC8CCgxB5taetYaCFU+UVIO0RE7/aArbsx9+SLeMWMKXlV5Xk6idj2GhfnuN bmdw== X-Gm-Message-State: APzg51BjGmhN8srA5Cr7B1DMKYLrzA8AI43HVALLWc9bVKuTxls0Vylb NJFbfj/5tsZpUFtwlnWoPQcSdA== X-Google-Smtp-Source: ANB0VdZ8B+KsujS956cJd3lB8+BoJSFh7TMLAHBE/iXATYUJQCIz/cnsyE/eO5L44nzMrTEp2pBVlg== X-Received: by 2002:a62:565c:: with SMTP id k89-v6mr19193073pfb.212.1537057865628; Sat, 15 Sep 2018 17:31:05 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id n26-v6sm11777890pgv.78.2018.09.15.17.31.03 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sat, 15 Sep 2018 17:31:03 -0700 (PDT) From: Kees Cook To: James Morris Cc: Kees Cook , Casey Schaufler , John Johansen , Tetsuo Handa , Paul Moore , Stephen Smalley , "Schaufler, Casey" , LSM , LKLM Subject: [PATCH 04/18] LSM: Convert from initcall to struct lsm_info Date: Sat, 15 Sep 2018 17:30:45 -0700 Message-Id: <20180916003059.1046-5-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180916003059.1046-1-keescook@chromium.org> References: <20180916003059.1046-1-keescook@chromium.org> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP In preparation for doing more interesting LSM init probing, this converts the existing initcall system into an explicit call into a function pointer from a section-collected struct lsm_info array. Signed-off-by: Kees Cook --- include/linux/init.h | 2 -- include/linux/lsm_hooks.h | 12 ++++++++++++ include/linux/module.h | 1 - security/integrity/iint.c | 1 + security/security.c | 14 +++++--------- 5 files changed, 18 insertions(+), 12 deletions(-) diff --git a/include/linux/init.h b/include/linux/init.h index 77636539e77c..9c2aba1dbabf 100644 --- a/include/linux/init.h +++ b/include/linux/init.h @@ -133,7 +133,6 @@ static inline initcall_t initcall_from_entry(initcall_entry_t *entry) #endif extern initcall_entry_t __con_initcall_start[], __con_initcall_end[]; -extern initcall_entry_t __start_lsm_info[], __end_lsm_info[]; /* Used for contructor calls. */ typedef void (*ctor_fn_t)(void); @@ -236,7 +235,6 @@ extern bool initcall_debug; static exitcall_t __exitcall_##fn __exit_call = fn #define console_initcall(fn) ___define_initcall(fn,, .con_initcall) -#define security_initcall(fn) ___define_initcall(fn,, .lsm_info) struct obs_kernel_param { const char *str; diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 97a020c616ad..f3ddf9fdbdce 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -2039,6 +2039,18 @@ extern char *lsm_names; extern void security_add_hooks(struct security_hook_list *hooks, int count, char *lsm); +struct lsm_info { + int (*init)(void); +}; + +extern struct lsm_info __start_lsm_info[], __end_lsm_info[]; + +#define security_initcall(lsm) \ + static const struct lsm_info __lsm_##lsm \ + __used __section(.lsm_info.init) \ + __aligned(sizeof(unsigned long)) \ + = { .init = lsm, } + #ifdef CONFIG_SECURITY_SELINUX_DISABLE /* * Assuring the safety of deleting a security module is up to diff --git a/include/linux/module.h b/include/linux/module.h index f807f15bebbe..264979283756 100644 --- a/include/linux/module.h +++ b/include/linux/module.h @@ -123,7 +123,6 @@ extern void cleanup_module(void); #define late_initcall_sync(fn) module_init(fn) #define console_initcall(fn) module_init(fn) -#define security_initcall(fn) module_init(fn) /* Each module must use one module_init(). */ #define module_init(initfn) \ diff --git a/security/integrity/iint.c b/security/integrity/iint.c index 5a6810041e5c..70d21b566955 100644 --- a/security/integrity/iint.c +++ b/security/integrity/iint.c @@ -22,6 +22,7 @@ #include #include #include +#include #include "integrity.h" static struct rb_root integrity_iint_tree = RB_ROOT; diff --git a/security/security.c b/security/security.c index 913eb73ff3f9..74ab98f82d34 100644 --- a/security/security.c +++ b/security/security.c @@ -43,16 +43,12 @@ char *lsm_names; static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] = CONFIG_DEFAULT_SECURITY; -static void __init do_security_initcalls(void) +static void __init major_lsm_init(void) { - initcall_t call; - initcall_entry_t *ce; + struct lsm_info *lsm; - ce = __start_lsm_info; - while (ce < __end_lsm_info) { - call = initcall_from_entry(ce); - call(); - ce++; + for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { + lsm->init(); } } @@ -81,7 +77,7 @@ int __init security_init(void) /* * Load all the remaining security modules. */ - do_security_initcalls(); + major_lsm_init(); return 0; } From patchwork Sun Sep 16 00:30:46 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10601629 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id BF84213AD for ; Sun, 16 Sep 2018 00:32:21 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id AEFBE2A647 for ; Sun, 16 Sep 2018 00:32:21 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id A3AA32A64D; Sun, 16 Sep 2018 00:32:21 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id F3CF32A647 for ; Sun, 16 Sep 2018 00:32:20 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727547AbeIPFxQ (ORCPT ); Sun, 16 Sep 2018 01:53:16 -0400 Received: from mail-pl1-f193.google.com ([209.85.214.193]:35719 "EHLO mail-pl1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728188AbeIPFwG (ORCPT ); Sun, 16 Sep 2018 01:52:06 -0400 Received: by mail-pl1-f193.google.com with SMTP id g2-v6so5791231plo.2 for ; Sat, 15 Sep 2018 17:31:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=zeggc8Kiynho06cDkTryazBV33kA+k93YFXTk1NTHxE=; b=n+fRHQPNFIEyQSUgerwlgNYFTaYj0z+FtziG+F6z4+r+JvjA7rKMwB5iB1uPZQ1uU8 bJLiQeH0C43tHO1DFiMy3ZXskRlsrmToLTabFDjV+oNBm68dCjMPjzBi3banlD2YC4Jn 5yuPw0nPyqLG+6QQzxRzSdOgDivImhEV0GUY8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=zeggc8Kiynho06cDkTryazBV33kA+k93YFXTk1NTHxE=; b=YMOHGeuj02jC/6e1Sb6UKdcjI7ZJGf7NsTpOwiz+RP1e5rzUQkFJRrGDs2ylQbyyu5 qgaYfZQYC6u7C5pSf0Ud91F3XFnsvRMb2f66pnYhfYIfg2cx/MglYvWbvLlJ/gbnLXon zrUvwFxsYZ6HfmZIpI5AKb01XlfwoO4m6Myd0uorQp/GJiZpw2HSwL7eJXYELaprjpnf vR0/yi7JLrZHpSsJmyvdrmrdqHgHcP+5ixAmKBHgP9mtGDeo3p8aqBOQS1VDbbnBJt5T mc4zuMquhVItOl6wYhmzIaREf4nOmgu4y86CKc6JHdxsuaJhXfuDSyrWstBnwFkKJ1ta ZrfQ== X-Gm-Message-State: APzg51CDtjgSjpNqqDqraOCeo2+VwIo3imz8mgqvQwoUeZcjt0tOZdGs JKMkNSsl0nEsSpmNIb32p/aQOg== X-Google-Smtp-Source: ANB0VdZ3fB56o4JhLOV4rwkEjzCwZ4SwxVOvomYOIy0duBMizZzJE01RGhQz/YuMFyER7sbgx3qdxQ== X-Received: by 2002:a17:902:925:: with SMTP id 34-v6mr18626764plm.307.1537057870320; Sat, 15 Sep 2018 17:31:10 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id h132-v6sm15349747pfc.100.2018.09.15.17.31.05 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sat, 15 Sep 2018 17:31:08 -0700 (PDT) From: Kees Cook To: James Morris Cc: Kees Cook , linux-arch@vger.kernel.org, Casey Schaufler , John Johansen , Tetsuo Handa , Paul Moore , Stephen Smalley , "Schaufler, Casey" , LSM , LKLM Subject: [PATCH 05/18] vmlinux.lds.h: Move LSM_TABLE into INIT_DATA Date: Sat, 15 Sep 2018 17:30:46 -0700 Message-Id: <20180916003059.1046-6-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180916003059.1046-1-keescook@chromium.org> References: <20180916003059.1046-1-keescook@chromium.org> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Since the struct lsm_info table is not an initcall, we can just move it into INIT_DATA like all the other tables. Cc: linux-arch@vger.kernel.org Signed-off-by: Kees Cook --- arch/arc/kernel/vmlinux.lds.S | 1 - arch/arm/kernel/vmlinux-xip.lds.S | 1 - arch/arm64/kernel/vmlinux.lds.S | 1 - arch/h8300/kernel/vmlinux.lds.S | 1 - arch/microblaze/kernel/vmlinux.lds.S | 2 -- arch/powerpc/kernel/vmlinux.lds.S | 2 -- arch/um/include/asm/common.lds.S | 2 -- arch/xtensa/kernel/vmlinux.lds.S | 1 - include/asm-generic/vmlinux.lds.h | 24 +++++++++++------------- 9 files changed, 11 insertions(+), 24 deletions(-) diff --git a/arch/arc/kernel/vmlinux.lds.S b/arch/arc/kernel/vmlinux.lds.S index f35ed578e007..8fb16bdabdcf 100644 --- a/arch/arc/kernel/vmlinux.lds.S +++ b/arch/arc/kernel/vmlinux.lds.S @@ -71,7 +71,6 @@ SECTIONS INIT_SETUP(L1_CACHE_BYTES) INIT_CALLS CON_INITCALL - SECURITY_INITCALL } .init.arch.info : { diff --git a/arch/arm/kernel/vmlinux-xip.lds.S b/arch/arm/kernel/vmlinux-xip.lds.S index 3593d5c1acd2..8c74037ade22 100644 --- a/arch/arm/kernel/vmlinux-xip.lds.S +++ b/arch/arm/kernel/vmlinux-xip.lds.S @@ -96,7 +96,6 @@ SECTIONS INIT_SETUP(16) INIT_CALLS CON_INITCALL - SECURITY_INITCALL INIT_RAM_FS } diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S index 605d1b60469c..7d23d591b03c 100644 --- a/arch/arm64/kernel/vmlinux.lds.S +++ b/arch/arm64/kernel/vmlinux.lds.S @@ -166,7 +166,6 @@ SECTIONS INIT_SETUP(16) INIT_CALLS CON_INITCALL - SECURITY_INITCALL INIT_RAM_FS *(.init.rodata.* .init.bss) /* from the EFI stub */ } diff --git a/arch/h8300/kernel/vmlinux.lds.S b/arch/h8300/kernel/vmlinux.lds.S index 35716a3048de..49f716c0a1df 100644 --- a/arch/h8300/kernel/vmlinux.lds.S +++ b/arch/h8300/kernel/vmlinux.lds.S @@ -56,7 +56,6 @@ SECTIONS __init_begin = .; INIT_TEXT_SECTION(4) INIT_DATA_SECTION(4) - SECURITY_INIT __init_end = .; _edata = . ; _begin_data = LOADADDR(.data); diff --git a/arch/microblaze/kernel/vmlinux.lds.S b/arch/microblaze/kernel/vmlinux.lds.S index 289d0e7f3e3a..e1f3e8741292 100644 --- a/arch/microblaze/kernel/vmlinux.lds.S +++ b/arch/microblaze/kernel/vmlinux.lds.S @@ -117,8 +117,6 @@ SECTIONS { CON_INITCALL } - SECURITY_INIT - __init_end_before_initramfs = .; .init.ramfs : AT(ADDR(.init.ramfs) - LOAD_OFFSET) { diff --git a/arch/powerpc/kernel/vmlinux.lds.S b/arch/powerpc/kernel/vmlinux.lds.S index 07ae018e550e..105a976323aa 100644 --- a/arch/powerpc/kernel/vmlinux.lds.S +++ b/arch/powerpc/kernel/vmlinux.lds.S @@ -212,8 +212,6 @@ SECTIONS CON_INITCALL } - SECURITY_INIT - . = ALIGN(8); __ftr_fixup : AT(ADDR(__ftr_fixup) - LOAD_OFFSET) { __start___ftr_fixup = .; diff --git a/arch/um/include/asm/common.lds.S b/arch/um/include/asm/common.lds.S index 7adb4e6b658a..4049f2c46387 100644 --- a/arch/um/include/asm/common.lds.S +++ b/arch/um/include/asm/common.lds.S @@ -53,8 +53,6 @@ CON_INITCALL } - SECURITY_INIT - .exitcall : { __exitcall_begin = .; *(.exitcall.exit) diff --git a/arch/xtensa/kernel/vmlinux.lds.S b/arch/xtensa/kernel/vmlinux.lds.S index a1c3edb8ad56..b727b18a68ac 100644 --- a/arch/xtensa/kernel/vmlinux.lds.S +++ b/arch/xtensa/kernel/vmlinux.lds.S @@ -197,7 +197,6 @@ SECTIONS INIT_SETUP(XCHAL_ICACHE_LINESIZE) INIT_CALLS CON_INITCALL - SECURITY_INITCALL INIT_RAM_FS } diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h index 5079a969e612..b31ea8bdfef9 100644 --- a/include/asm-generic/vmlinux.lds.h +++ b/include/asm-generic/vmlinux.lds.h @@ -203,6 +203,15 @@ #define EARLYCON_TABLE() #endif +#ifdef CONFIG_SECURITY +#define LSM_TABLE() . = ALIGN(8); \ + __start_lsm_info = .; \ + KEEP(*(.lsm_info.init)) \ + __end_lsm_info = .; +#else +#define LSM_TABLE() +#endif + #define ___OF_TABLE(cfg, name) _OF_TABLE_##cfg(name) #define __OF_TABLE(cfg, name) ___OF_TABLE(cfg, name) #define OF_TABLE(cfg, name) __OF_TABLE(IS_ENABLED(cfg), name) @@ -597,7 +606,8 @@ IRQCHIP_OF_MATCH_TABLE() \ ACPI_PROBE_TABLE(irqchip) \ ACPI_PROBE_TABLE(timer) \ - EARLYCON_TABLE() + EARLYCON_TABLE() \ + LSM_TABLE() #define INIT_TEXT \ *(.init.text .init.text.*) \ @@ -786,17 +796,6 @@ KEEP(*(.con_initcall.init)) \ __con_initcall_end = .; -#define SECURITY_INITCALL \ - __start_lsm_info = .; \ - KEEP(*(.lsm_info.init)) \ - __end_lsm_info = .; - -/* Older linker script style for security init. */ -#define SECURITY_INIT \ - .lsm_info.init : AT(ADDR(.lsm_info.init) - LOAD_OFFSET) { \ - LSM_INFO \ - } - #ifdef CONFIG_BLK_DEV_INITRD #define INIT_RAM_FS \ . = ALIGN(4); \ @@ -963,7 +962,6 @@ INIT_SETUP(initsetup_align) \ INIT_CALLS \ CON_INITCALL \ - SECURITY_INITCALL \ INIT_RAM_FS \ } From patchwork Sun Sep 16 00:30:47 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10601631 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id ECB0B17D5 for ; Sun, 16 Sep 2018 00:32:21 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DBF672A647 for ; Sun, 16 Sep 2018 00:32:21 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id D038E2A649; Sun, 16 Sep 2018 00:32:21 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6D8BB2A648 for ; Sun, 16 Sep 2018 00:32:21 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728189AbeIPFwG (ORCPT ); Sun, 16 Sep 2018 01:52:06 -0400 Received: from mail-pl1-f195.google.com ([209.85.214.195]:36398 "EHLO mail-pl1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728020AbeIPFwF (ORCPT ); Sun, 16 Sep 2018 01:52:05 -0400 Received: by mail-pl1-f195.google.com with SMTP id p5-v6so5790333plk.3 for ; Sat, 15 Sep 2018 17:31:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=Zc3U1dGV8mwshQSerhKfT2+ITr8Nf0CTzByoQRiUW8c=; b=bJ/vxs2IwgIRjZCfyokYBHRYrZW21XqaaAtedF7+6cihNFbqRroVZfzMz+CTkZELjI 5A8qBdf0ea4C2ZCchBR6YVruj8sGToea3BnxeoJQa4yIwUTn7PeWoLG8FmwM1Qm+D1go HQLP49gZI5G9J/LlHUKOyn40sKdw8ticwdesU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=Zc3U1dGV8mwshQSerhKfT2+ITr8Nf0CTzByoQRiUW8c=; b=AjWa6GinBMnle7JrtVnDzCfnr//xHaN/zfkexsRg1W9y9vfHkYEYGPKDD06dKaiXVN 5DdkDgVpDermBiZvWj4YJ/oXLt67PwtcA6cH9ymmXXQ+P7ZX4zyRDBR5TVD7bl9JukTe bhXayg/3vz8si5JWgtLOuY2LtIa6b1H/BcIh0CKK2LV8FIi0B3Ow7F7O87XJygyfdVF4 eOZsM6Ah8fj1qm11tzHkJH9qHMdII3/KpalCQBiRY1B0SK5RmbNEoXGlr8HQKNJF4OEV zGnwjRkI8AOu24E7cwJvbVRpmXYYeL+boX9H5Bx34GEIr6F0NsLkIJTPchPeHTLJxZoJ e9Fg== X-Gm-Message-State: APzg51BRR2b5RHtzbWYniwxn5XW8veAPKKJBhv3/fXgzlh3Va2yXQBqH g79YDHMh2kFOLga5s9CUJdL95g== X-Google-Smtp-Source: ANB0VdZJeoCIcmgN22bWWpsi1zF18p+fDoblROy+5qrFczM+etdLdh9aLq5nLUNVscGEt09WUBYajQ== X-Received: by 2002:a17:902:4601:: with SMTP id o1-v6mr18665236pld.202.1537057869426; Sat, 15 Sep 2018 17:31:09 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id s85-v6sm17059211pfa.116.2018.09.15.17.31.05 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sat, 15 Sep 2018 17:31:08 -0700 (PDT) From: Kees Cook To: James Morris Cc: Kees Cook , Casey Schaufler , John Johansen , Tetsuo Handa , Paul Moore , Stephen Smalley , "Schaufler, Casey" , LSM , LKLM Subject: [PATCH 06/18] LSM: Convert security_initcall() into DEFINE_LSM() Date: Sat, 15 Sep 2018 17:30:47 -0700 Message-Id: <20180916003059.1046-7-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180916003059.1046-1-keescook@chromium.org> References: <20180916003059.1046-1-keescook@chromium.org> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Instead of using argument-based initializers, switch to defining the contents of struct lsm_info on a per-LSM basis. This also drops the final use of the now inaccurate "initcall" naming. Signed-off-by: Kees Cook --- include/linux/lsm_hooks.h | 6 ++++-- security/apparmor/lsm.c | 4 +++- security/integrity/iint.c | 4 +++- security/selinux/hooks.c | 4 +++- security/smack/smack_lsm.c | 4 +++- security/tomoyo/tomoyo.c | 4 +++- 6 files changed, 19 insertions(+), 7 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index f3ddf9fdbdce..f8e618e2bdd2 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -2045,11 +2045,13 @@ struct lsm_info { extern struct lsm_info __start_lsm_info[], __end_lsm_info[]; -#define security_initcall(lsm) \ +#define DEFINE_LSM(lsm) \ static const struct lsm_info __lsm_##lsm \ __used __section(.lsm_info.init) \ __aligned(sizeof(unsigned long)) \ - = { .init = lsm, } + = { \ + +#define END_LSM } #ifdef CONFIG_SECURITY_SELINUX_DISABLE /* diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 8b8b70620bbe..7fa7b4464cf4 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -1606,4 +1606,6 @@ static int __init apparmor_init(void) return error; } -security_initcall(apparmor_init); +DEFINE_LSM(apparmor) + .init = apparmor_init, +END_LSM; diff --git a/security/integrity/iint.c b/security/integrity/iint.c index 70d21b566955..20e60df929a3 100644 --- a/security/integrity/iint.c +++ b/security/integrity/iint.c @@ -175,7 +175,9 @@ static int __init integrity_iintcache_init(void) 0, SLAB_PANIC, init_once); return 0; } -security_initcall(integrity_iintcache_init); +DEFINE_LSM(integrity) + .init = integrity_iintcache_init, +END_LSM; /* diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index ad9a9b8e9979..469a90806bc6 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -7202,7 +7202,9 @@ void selinux_complete_init(void) /* SELinux requires early initialization in order to label all processes and objects when they are created. */ -security_initcall(selinux_init); +DEFINE_LSM(selinux) + .init = selinux_init, +END_LSM; #if defined(CONFIG_NETFILTER) diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 340fc30ad85d..1e1ace718e75 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -4882,4 +4882,6 @@ static __init int smack_init(void) * Smack requires early initialization in order to label * all processes and objects when they are created. */ -security_initcall(smack_init); +DEFINE_LSM(smack) + .init = smack_init, +END_LSM; diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index 9f932e2d6852..a280d4eab456 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c @@ -550,4 +550,6 @@ static int __init tomoyo_init(void) return 0; } -security_initcall(tomoyo_init); +DEFINE_LSM(tomoyo) + .init = tomoyo_init, +END_LSM; From patchwork Sun Sep 16 00:30:48 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10601625 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 1790A14DB for ; Sun, 16 Sep 2018 00:32:04 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 06A192A647 for ; Sun, 16 Sep 2018 00:32:04 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id ED9832A649; Sun, 16 Sep 2018 00:32:03 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9CF8D2A647 for ; Sun, 16 Sep 2018 00:32:03 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728261AbeIPFwJ (ORCPT ); Sun, 16 Sep 2018 01:52:09 -0400 Received: from mail-pf1-f195.google.com ([209.85.210.195]:38025 "EHLO mail-pf1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728257AbeIPFwJ (ORCPT ); Sun, 16 Sep 2018 01:52:09 -0400 Received: by mail-pf1-f195.google.com with SMTP id x17-v6so5931459pfh.5 for ; Sat, 15 Sep 2018 17:31:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=nLcsl65zXuCwewU4XBNjy0s1JU3SYG9gCRtZLL604ME=; b=anYDr9YQ4Fa7NbHA7Q7jOy33HQQET52pJj6Qjgiy6nO2oXibz3UKxmVwFPjN1Kofm+ Iir9FuGDLrUNaJ2m+927D3fTmIwo5dLSaxsbMcIe8ZbSd5TENB8H5dmXeHx7TpeyDGAJ wBp5ZaKk6H7eWIxm+5dF0ihSJpWaKzGP/WcGU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=nLcsl65zXuCwewU4XBNjy0s1JU3SYG9gCRtZLL604ME=; b=LWoWQMC/8JtPJZO+DeqQKRNtBIIbkk6OnIybBEFdnfj/cTIc7mUf1n1SMc0t4Ucbjp DweeTvz5OdbAXsYQxMNlC0TKgI2iXEv0f5qe+9Zef9plGGbhzYhbkL8jQuou5rx5Pnoh n6gjr/Ntv23JTIVEhvF0DIt+F2NRE4DmrKZ4mWHnfPLUG5qW88IkXAAT0QZiT8+RGQf2 RkHNyU/B9fg2XJZUIjbxhnxVGD8kxu8XkwkciGUmUTdG2x5AQFWNUOSVG4IlYG+03IDi NRCqIqd4fE9Bt9gKquFczsxIOuxV0ZfUZZTWtmTyS3nhKcjuP7MD/jT59kg9ZKsILbmt 09+A== X-Gm-Message-State: APzg51AW5cTl+HYDAKBDABJONm6t8POZUJHm/aYLVMRY0cXx5JIWxhCb Gr3ORm/TNfNbSdSW+pXXSkua+A== X-Google-Smtp-Source: ANB0VdaijiiKbWYaCFSA7MnRBMzgIsZlDcg8Or9m78blsE1jLfqb7rXumOdTEtXJRC8znedpH75eCA== X-Received: by 2002:a62:c699:: with SMTP id x25-v6mr19433799pfk.16.1537057872936; Sat, 15 Sep 2018 17:31:12 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id h20-v6sm12346317pgg.3.2018.09.15.17.31.06 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sat, 15 Sep 2018 17:31:08 -0700 (PDT) From: Kees Cook To: James Morris Cc: Kees Cook , Casey Schaufler , John Johansen , Tetsuo Handa , Paul Moore , Stephen Smalley , "Schaufler, Casey" , LSM , LKLM Subject: [PATCH 07/18] LSM: Add minor LSM initialization loop Date: Sat, 15 Sep 2018 17:30:48 -0700 Message-Id: <20180916003059.1046-8-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180916003059.1046-1-keescook@chromium.org> References: <20180916003059.1046-1-keescook@chromium.org> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Split initialization loop into two phases: "exclusive" LSMs and "minor" LSMs. Signed-off-by: Kees Cook --- include/linux/lsm_hooks.h | 6 ++++++ security/security.c | 8 +++++--- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index f8e618e2bdd2..ec3419b9b16f 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -2039,7 +2039,13 @@ extern char *lsm_names; extern void security_add_hooks(struct security_hook_list *hooks, int count, char *lsm); +enum lsm_type { + LSM_TYPE_EXCLUSIVE = 0, + LSM_TYPE_MINOR, +}; + struct lsm_info { + enum lsm_type type; /* Optional: default is LSM_TYPE_EXCLUSIVE */ int (*init)(void); }; diff --git a/security/security.c b/security/security.c index 74ab98f82d34..da2a923f2609 100644 --- a/security/security.c +++ b/security/security.c @@ -43,12 +43,13 @@ char *lsm_names; static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] = CONFIG_DEFAULT_SECURITY; -static void __init major_lsm_init(void) +static void __init lsm_init(enum lsm_type type) { struct lsm_info *lsm; for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { - lsm->init(); + if (lsm->type == type) + lsm->init(); } } @@ -73,11 +74,12 @@ int __init security_init(void) capability_add_hooks(); yama_add_hooks(); loadpin_add_hooks(); + lsm_init(LSM_TYPE_MINOR); /* * Load all the remaining security modules. */ - major_lsm_init(); + lsm_init(LSM_TYPE_EXCLUSIVE); return 0; } From patchwork Sun Sep 16 00:30:49 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10601627 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 4046414DB for ; Sun, 16 Sep 2018 00:32:18 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2FA032A647 for ; Sun, 16 Sep 2018 00:32:18 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 238202A649; Sun, 16 Sep 2018 00:32:18 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B8E172A647 for ; Sun, 16 Sep 2018 00:32:17 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727121AbeIPFxH (ORCPT ); Sun, 16 Sep 2018 01:53:07 -0400 Received: from mail-pl1-f196.google.com ([209.85.214.196]:44732 "EHLO mail-pl1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728159AbeIPFwH (ORCPT ); Sun, 16 Sep 2018 01:52:07 -0400 Received: by mail-pl1-f196.google.com with SMTP id ba4-v6so5783025plb.11 for ; Sat, 15 Sep 2018 17:31:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=b0Z1CYwKLnLjlLuTRAvVqGb4C3/ai0Sv79Sf+0Od5TU=; b=FG2tj/TLjj08QzPFUMh+IrjNW2vaWgk1rc4ucne41pTb5ALMdVqOtR0xwQapDuzsrQ CKhlh3UdY6GWxqvwhrI1zsaY1fh0M9EWJL5JiDmvjdn0LwqgjwWSBDMG/GtejC3S2xla zbkJyHD1im5YZFYyfSxt9z6bEnajjJ0pOunQc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=b0Z1CYwKLnLjlLuTRAvVqGb4C3/ai0Sv79Sf+0Od5TU=; b=GHxVakxrEzIJeuPJvAShcXMZz0RrKAgzFbhccVLgIm8wLmD6y36p5cM7VgWNBtndGX 2jrVRdFxlCSPSig/wzdOz8T59TCsar+t8DdsVLQhBfbeAsKH0z6WeJ/kEZE/3/bKtP1E 7Nx5KVOFI2+jqr/cpLNXYnxgdCL5SfHZFhyr50/Udwjzy5yf0ux+9RkDqx/HKAdKCgjC gaswo1noaRLIqyhZtW/K7q57K0FjLeEJNXnjIVKSHEOJtVF6F0VeRZHbHEtu18MIJvMX ID53YWBSMRZ1YAZGAj9aLtU/LodJoHmtk9uK2N6VXBHOU6oy77nfGfUkYUGIlohqufm5 /wUQ== X-Gm-Message-State: APzg51DP6dvwLnW6cnrW7d9zVTuIgRcFDn4oOSb/QF8bkc8KYYcleCVc q9YPyJkkdren/HkIDskk6OhqOw== X-Google-Smtp-Source: ANB0VdbdA+vOkq09PGWOLzclADc4ZMf1SBNlH4qbG+Ru7y7AiMoiNCVtFQO6hKfWoxjz/9mJrgx4BQ== X-Received: by 2002:a17:902:9a8a:: with SMTP id w10-v6mr18129539plp.14.1537057871185; Sat, 15 Sep 2018 17:31:11 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id h132-v6sm15349764pfc.100.2018.09.15.17.31.06 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sat, 15 Sep 2018 17:31:08 -0700 (PDT) From: Kees Cook To: James Morris Cc: Kees Cook , Casey Schaufler , John Johansen , Tetsuo Handa , Paul Moore , Stephen Smalley , "Schaufler, Casey" , LSM , LKLM Subject: [PATCH 08/18] integrity: Initialize as LSM_TYPE_MINOR Date: Sat, 15 Sep 2018 17:30:49 -0700 Message-Id: <20180916003059.1046-9-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180916003059.1046-1-keescook@chromium.org> References: <20180916003059.1046-1-keescook@chromium.org> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP The integrity LSM isn't really an LSM in that it never calls security_add_hooks(), but it uses the early security init because its hooks need to run before the VFS layer initializes. This is the very definition of a non-exclusive LSM, so mark it as such. Signed-off-by: Kees Cook --- security/integrity/iint.c | 1 + 1 file changed, 1 insertion(+) diff --git a/security/integrity/iint.c b/security/integrity/iint.c index 20e60df929a3..d886183848c4 100644 --- a/security/integrity/iint.c +++ b/security/integrity/iint.c @@ -176,6 +176,7 @@ static int __init integrity_iintcache_init(void) return 0; } DEFINE_LSM(integrity) + .type = LSM_TYPE_MINOR, .init = integrity_iintcache_init, END_LSM; From patchwork Sun Sep 16 00:30:50 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10601611 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 49AD814DB for ; Sun, 16 Sep 2018 00:31:16 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 37E402A647 for ; Sun, 16 Sep 2018 00:31:16 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 2C5DB2A649; Sun, 16 Sep 2018 00:31:16 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C77A92A648 for ; Sun, 16 Sep 2018 00:31:15 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728260AbeIPFwI (ORCPT ); Sun, 16 Sep 2018 01:52:08 -0400 Received: from mail-pg1-f196.google.com ([209.85.215.196]:39061 "EHLO mail-pg1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728237AbeIPFwH (ORCPT ); Sun, 16 Sep 2018 01:52:07 -0400 Received: by mail-pg1-f196.google.com with SMTP id i190-v6so6023899pgc.6 for ; Sat, 15 Sep 2018 17:31:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=ooUL0UzptcnBdxX1R2VjgwpCyouyAdeHqleI/GcdB9g=; b=Tf1ZTMBFd4yehERG+eoHASmfpTpolP9B/tda2lPrYfegaTZLOjGeleIVQqzOcdCQ7O R9OCWMjbGJG3qdpvG+Gf0um+sI7Ww0s1r9ndzWzRp3DKLxmVasG7UVsUKPccLh8+hK9u 0+EpF03zYK9cWIdJDc9vsHLQn1qAJdJ/Ck61k= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=ooUL0UzptcnBdxX1R2VjgwpCyouyAdeHqleI/GcdB9g=; b=W0hT7wUq9wxIj/QXL78NKMQiuKXRPcWum1XZ91WdN71lRsT5wYX42gSTos73JSebdO UKH/xC8KqncdCGojar1AmzyJnXafTBfejwn081nPk2sUFfqq0zje14bdu5zl0isrHlZI O5/Gpb1eHEPJtYjxCFhwkL/t7T9y6jJunohY5/5cJD8F2PgXP0tzw9qJVzx2C7bISoFH zyfTzr9F/QyZ0Oilnaq7FFGlF32mVvhnIgdYe3ONWFtA6K5aasfnTL5bPG6dtBkW2FF/ SaggAtoF1Lv27mznjer7bC5NJSjaHay08swOkukimfnjrV7On5szaVkU963E1AKgE38I jPWA== X-Gm-Message-State: APzg51BuffcBl0Wu68iXlCXrk+6HHFmIUTtvnZCN5d0+9vA6lV6+kQ1e Ps6pvptK4lciFjGIb+SKpN2ajQ== X-Google-Smtp-Source: ANB0VdbWZ9c8s8j1sUQjCxqWqwP1maQw1nVS0V3ptqRUnYNgqz1LoDJsL04b20/GCVqusdhej3XzCg== X-Received: by 2002:a62:d544:: with SMTP id d65-v6mr19236393pfg.107.1537057872047; Sat, 15 Sep 2018 17:31:12 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id j22-v6sm13651495pfh.45.2018.09.15.17.31.06 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sat, 15 Sep 2018 17:31:08 -0700 (PDT) From: Kees Cook To: James Morris Cc: Kees Cook , Casey Schaufler , John Johansen , Tetsuo Handa , Paul Moore , Stephen Smalley , "Schaufler, Casey" , LSM , LKLM Subject: [PATCH 09/18] LSM: Record LSM name in struct lsm_info Date: Sat, 15 Sep 2018 17:30:50 -0700 Message-Id: <20180916003059.1046-10-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180916003059.1046-1-keescook@chromium.org> References: <20180916003059.1046-1-keescook@chromium.org> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP In preparation for making LSM selections outside of the LSMs, include the name of LSMs in struct lsm_info. Signed-off-by: Kees Cook --- include/linux/lsm_hooks.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index ec3419b9b16f..a7833193e9e9 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -2045,6 +2045,7 @@ enum lsm_type { }; struct lsm_info { + const char *name; /* Populated automatically. */ enum lsm_type type; /* Optional: default is LSM_TYPE_EXCLUSIVE */ int (*init)(void); }; @@ -2052,10 +2053,13 @@ struct lsm_info { extern struct lsm_info __start_lsm_info[], __end_lsm_info[]; #define DEFINE_LSM(lsm) \ + static const char __lsm_name_##lsm[] __initconst \ + __aligned(1) = #lsm; \ static const struct lsm_info __lsm_##lsm \ __used __section(.lsm_info.init) \ __aligned(sizeof(unsigned long)) \ = { \ + .name = __lsm_name_##lsm, \ #define END_LSM } From patchwork Sun Sep 16 00:30:51 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10601613 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id AAE8814DB for ; Sun, 16 Sep 2018 00:31:17 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9918F2A647 for ; Sun, 16 Sep 2018 00:31:17 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 8D65A2A649; Sun, 16 Sep 2018 00:31:17 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3424F2A647 for ; Sun, 16 Sep 2018 00:31:17 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728281AbeIPFwK (ORCPT ); Sun, 16 Sep 2018 01:52:10 -0400 Received: from mail-pg1-f194.google.com ([209.85.215.194]:39061 "EHLO mail-pg1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727324AbeIPFwK (ORCPT ); Sun, 16 Sep 2018 01:52:10 -0400 Received: by mail-pg1-f194.google.com with SMTP id i190-v6so6023916pgc.6 for ; Sat, 15 Sep 2018 17:31:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=wkRtHeHTFBnAc/sv4IK8rqFQ9+Szak4hW2PMgxRCo6c=; b=MCZYnAHZCfAfy2e+wYykDRQND5+7AhMr94F3SmaLMhlWbPXth2yNb1FpiFGzs3LyLt YtDqU4a1dYHCwtz78vDOeg4rd8fCh9W8E31aAqmUFItuxx09UsfZIm49KKyqxwNFWVoD DoPuItoMWmNL0FwMkQnAFx8CF3fCx/CLDbzOo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=wkRtHeHTFBnAc/sv4IK8rqFQ9+Szak4hW2PMgxRCo6c=; b=H6cn6s5I/ZPulGUH1x91gsD+Oc8ymFY8B4BhN25oFWT6zbl3MyTJB82JrKEKHy1jjh YZf1XPYzvCKcyPwnG1i0iaF6Zy/YPhehSY0IRTJL9zpgfzKdJxheU4UVuetN8mbloEAK 1rD7eBxWV8+5Gtt+Dbq1UE+/wDmldQ554uA/Dr/w23HETPntBzRJSOQerZZSXr1a10GG m/KpFRFFgn+nxhCzIMC+qTneZsaKdvb7M6dB95AQdwKDhp2dSk/GUiE98HJx0RN8Gbtq iNMOuA1J05DKfOKia7i30ZfkITazVvYMWVplrfI6kiGFxay6cIGf5GlqDkLAwVOlhPMZ l6Qg== X-Gm-Message-State: APzg51D0TXzT3oA2IfKjUvPtYoZMCJxTHMf83J2/xlSOO2iXCCHm14ZO ot9Tx9v84+QKJf4oloi+Gq2zmeK0F+I= X-Google-Smtp-Source: ANB0VdaIkx6Stype9deRlghvpX02gJfWtwbzQk5UDnxD3I9SIL9vVYIqLDEI23WufUrhTeWZqUBPjA== X-Received: by 2002:a62:aa02:: with SMTP id e2-v6mr19128516pff.211.1537057873828; Sat, 15 Sep 2018 17:31:13 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id f4-v6sm20045424pfj.46.2018.09.15.17.31.06 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sat, 15 Sep 2018 17:31:08 -0700 (PDT) From: Kees Cook To: James Morris Cc: Kees Cook , Casey Schaufler , John Johansen , Tetsuo Handa , Paul Moore , Stephen Smalley , "Schaufler, Casey" , LSM , LKLM Subject: [PATCH 10/18] LSM: Plumb visibility into optional "enabled" state Date: Sat, 15 Sep 2018 17:30:51 -0700 Message-Id: <20180916003059.1046-11-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180916003059.1046-1-keescook@chromium.org> References: <20180916003059.1046-1-keescook@chromium.org> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP In preparation for lifting the "is this LSM enabled?" logic out of the individual LSMs, pass in any special enabled state tracking (as needed for SELinux, AppArmor, and LoadPin). This must be an "int" to include handling cases where "enabled" is exposed via sysctl which has no "bool" type (i.e. LoadPin's use). LoadPin's "enabled" tracking will be added later when it is marked as LSM_TYPE_MINOR. Signed-off-by: Kees Cook --- include/linux/lsm_hooks.h | 1 + security/apparmor/lsm.c | 5 +++-- security/selinux/hooks.c | 1 + 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index a7833193e9e9..8a3a6cd26f03 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -2046,6 +2046,7 @@ enum lsm_type { struct lsm_info { const char *name; /* Populated automatically. */ + int *enabled; /* Optional: NULL means enabled. */ enum lsm_type type; /* Optional: default is LSM_TYPE_EXCLUSIVE */ int (*init)(void); }; diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 7fa7b4464cf4..6cd630b34c3b 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -1303,8 +1303,8 @@ bool aa_g_paranoid_load = true; module_param_named(paranoid_load, aa_g_paranoid_load, aabool, S_IRUGO); /* Boot time disable flag */ -static bool apparmor_enabled = CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE; -module_param_named(enabled, apparmor_enabled, bool, S_IRUGO); +static int apparmor_enabled = CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE; +module_param_named(enabled, apparmor_enabled, int, 0444); static int __init apparmor_enabled_setup(char *str) { @@ -1607,5 +1607,6 @@ static int __init apparmor_init(void) } DEFINE_LSM(apparmor) + .enabled = &apparmor_enabled, .init = apparmor_init, END_LSM; diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 469a90806bc6..78b5afc188f3 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -7203,6 +7203,7 @@ void selinux_complete_init(void) /* SELinux requires early initialization in order to label all processes and objects when they are created. */ DEFINE_LSM(selinux) + .enabled = &selinux_enabled, .init = selinux_init, END_LSM; From patchwork Sun Sep 16 00:30:52 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10601621 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 8237314DB for ; Sun, 16 Sep 2018 00:31:49 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7010C2A647 for ; Sun, 16 Sep 2018 00:31:49 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 6212C2A64D; Sun, 16 Sep 2018 00:31:49 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C946A2A647 for ; Sun, 16 Sep 2018 00:31:48 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728284AbeIPFwM (ORCPT ); Sun, 16 Sep 2018 01:52:12 -0400 Received: from mail-pl1-f193.google.com ([209.85.214.193]:34485 "EHLO mail-pl1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728280AbeIPFwL (ORCPT ); Sun, 16 Sep 2018 01:52:11 -0400 Received: by mail-pl1-f193.google.com with SMTP id f6-v6so5797982plo.1 for ; Sat, 15 Sep 2018 17:31:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=Ff2uCXniP35yOceinbpCsTgz/UM9QN0S8uqhE84wjE8=; b=jb216WyHsxVPsMBQCNVAs+o6i3gjvUOjAXzF3tfKSQ1AwYem9gRRSonYvA1d2xn8qx Kwl/gfbfpxJ70fF0HjcSiDULLWBjBilQFBgMiyKqjB240Gtyjb3X488uSl6R6vqYbGfw G5NSX99o+527m7Z+KT+0GKnVzyT9xoFT7w4RE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=Ff2uCXniP35yOceinbpCsTgz/UM9QN0S8uqhE84wjE8=; b=oVYLRjVcaTPZ1R9p6caFnvhhfGK/HYDnhTQLZwjBy26Ky7WKtm+jOka6HthP+GFR18 RQrtAUAGaHMlH4F4BGMu2dofJqgexYqANIqJU7h078v0/5ZdWl2b454eSCrTqO/DVADQ 6FTS1K41QOUwOMiWgL73hFuEfnc2Al54pdXV2GTYaXMFtNZOGYBulCcVajK4+lJPsSCa 7OjBB0U9gzKQdp+9JBBAtDcYKuBDzJAtkgrLo6KJ000/DO/ibIxAidpO+4n36L1QFfLg 31+FZIHLDtUa1LgoDOMb8ENjVLIpr2ROcsqmyX7V2ITdLk+Swcj6p2kdt8om+KgJE6DT 7jSg== X-Gm-Message-State: APzg51D2c4a49+6NWKI40JZdXyQGFzYAtqHL6nd/ltc1xASNaMmbKuyM 3lk7MLMLMe113lAO8MMmCcSjlQ== X-Google-Smtp-Source: ANB0VdYd+iGdFv8UyIKEiydt+NBiF3Lg7A+qpiP125RIvA/eYCyVam91t2a1ojgz0N9fbzG9W6kjIw== X-Received: by 2002:a17:902:4081:: with SMTP id c1-v6mr18505314pld.169.1537057874805; Sat, 15 Sep 2018 17:31:14 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id j15-v6sm12933689pfn.52.2018.09.15.17.31.07 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sat, 15 Sep 2018 17:31:08 -0700 (PDT) From: Kees Cook To: James Morris Cc: Kees Cook , Casey Schaufler , John Johansen , Tetsuo Handa , Paul Moore , Stephen Smalley , "Schaufler, Casey" , LSM , LKLM Subject: [PATCH 11/18] LSM: Lift LSM selection out of individual LSMs Date: Sat, 15 Sep 2018 17:30:52 -0700 Message-Id: <20180916003059.1046-12-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180916003059.1046-1-keescook@chromium.org> References: <20180916003059.1046-1-keescook@chromium.org> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP In order to adjust LSM selection logic in the future, this moves the selection logic up out of the individual LSMs, making their init functions only run when actually enabled. Signed-off-by: Kees Cook --- include/linux/lsm_hooks.h | 1 - security/apparmor/lsm.c | 6 --- security/security.c | 75 ++++++++++++++++++++++++++------------ security/selinux/hooks.c | 10 ----- security/smack/smack_lsm.c | 3 -- security/tomoyo/tomoyo.c | 2 - 6 files changed, 51 insertions(+), 46 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 8a3a6cd26f03..6e71e1c47fa1 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -2094,7 +2094,6 @@ static inline void security_delete_hooks(struct security_hook_list *hooks, #define __lsm_ro_after_init __ro_after_init #endif /* CONFIG_SECURITY_WRITABLE_HOOKS */ -extern int __init security_module_enable(const char *module); extern void __init capability_add_hooks(void); #ifdef CONFIG_SECURITY_YAMA extern void __init yama_add_hooks(void); diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 6cd630b34c3b..56c0982b48cd 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -1542,12 +1542,6 @@ static int __init apparmor_init(void) { int error; - if (!apparmor_enabled || !security_module_enable("apparmor")) { - aa_info_message("AppArmor disabled by boot time parameter"); - apparmor_enabled = false; - return 0; - } - aa_secids_init(); error = aa_setup_dfa_engine(); diff --git a/security/security.c b/security/security.c index da2a923f2609..3fedbee5f3ec 100644 --- a/security/security.c +++ b/security/security.c @@ -43,13 +43,63 @@ char *lsm_names; static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] = CONFIG_DEFAULT_SECURITY; +static struct lsm_info *exclusive __initdata; + +/* Mark an LSM's enabled flag, if it exists. */ +static void __init set_enabled(struct lsm_info *lsm, bool enabled) +{ + if (lsm->enabled) + *lsm->enabled = enabled; +} + +/* Is an LSM allowed to be enabled? */ +static bool __init lsm_enabled(struct lsm_info *lsm) +{ + /* Report explicit disabling. */ + if (lsm->enabled && !*lsm->enabled) { + pr_info("%s disabled with boot parameter\n", lsm->name); + return false; + } + + /* If LSM isn't exclusive, ignore exclusive LSM selection rules. */ + if (lsm->type != LSM_TYPE_EXCLUSIVE) + return true; + + /* Disabled if another exclusive LSM already selected. */ + if (exclusive) + return false; + + /* Disabled if this LSM isn't the chosen one. */ + if (strcmp(lsm->name, chosen_lsm) != 0) + return false; + + return true; +} + +/* Check if LSM should be enabled. Mark any that are disabled. */ +static void __init maybe_enable_lsm(struct lsm_info *lsm) +{ + int enabled = lsm_enabled(lsm); + + /* Record enablement. */ + set_enabled(lsm, enabled); + + /* If selected, initialize the LSM. */ + if (enabled) { + if (lsm->type == LSM_TYPE_EXCLUSIVE) { + exclusive = lsm; + } + lsm->init(); + } +} + static void __init lsm_init(enum lsm_type type) { struct lsm_info *lsm; for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { if (lsm->type == type) - lsm->init(); + maybe_enable_lsm(lsm); } } @@ -128,29 +178,6 @@ static int lsm_append(char *new, char **result) return 0; } -/** - * security_module_enable - Load given security module on boot ? - * @module: the name of the module - * - * Each LSM must pass this method before registering its own operations - * to avoid security registration races. This method may also be used - * to check if your LSM is currently loaded during kernel initialization. - * - * Returns: - * - * true if: - * - * - The passed LSM is the one chosen by user at boot time, - * - or the passed LSM is configured as the default and the user did not - * choose an alternate LSM at boot time. - * - * Otherwise, return false. - */ -int __init security_module_enable(const char *module) -{ - return !strcmp(module, chosen_lsm); -} - /** * security_add_hooks - Add a modules hooks to the hook lists. * @hooks: the hooks to add diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 78b5afc188f3..5478abf51f3a 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -7133,16 +7133,6 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = { static __init int selinux_init(void) { - if (!security_module_enable("selinux")) { - selinux_enabled = 0; - return 0; - } - - if (!selinux_enabled) { - pr_info("SELinux: Disabled at boot.\n"); - return 0; - } - pr_info("SELinux: Initializing.\n"); memset(&selinux_state, 0, sizeof(selinux_state)); diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 1e1ace718e75..6e127c357ca2 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -4834,9 +4834,6 @@ static __init int smack_init(void) struct cred *cred; struct task_smack *tsp; - if (!security_module_enable("smack")) - return 0; - smack_inode_cache = KMEM_CACHE(inode_smack, 0); if (!smack_inode_cache) return -ENOMEM; diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index a280d4eab456..0471390409c5 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c @@ -540,8 +540,6 @@ static int __init tomoyo_init(void) { struct cred *cred = (struct cred *) current_cred(); - if (!security_module_enable("tomoyo")) - return 0; /* register ourselves with the security framework */ security_add_hooks(tomoyo_hooks, ARRAY_SIZE(tomoyo_hooks), "tomoyo"); printk(KERN_INFO "TOMOYO Linux initialized\n"); From patchwork Sun Sep 16 00:30:53 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10601619 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id DB16E14DB for ; Sun, 16 Sep 2018 00:31:40 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C9E422A647 for ; Sun, 16 Sep 2018 00:31:40 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id BDE352A649; Sun, 16 Sep 2018 00:31:40 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6C79F2A647 for ; Sun, 16 Sep 2018 00:31:40 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728313AbeIPFwN (ORCPT ); Sun, 16 Sep 2018 01:52:13 -0400 Received: from mail-pg1-f194.google.com ([209.85.215.194]:45811 "EHLO mail-pg1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728295AbeIPFwN (ORCPT ); Sun, 16 Sep 2018 01:52:13 -0400 Received: by mail-pg1-f194.google.com with SMTP id x26-v6so6007239pge.12 for ; Sat, 15 Sep 2018 17:31:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=skFzPzxzOZl4iyQuC6Z8yj0y3sADXmPouVrNkO4jtDo=; b=eTuvNzJn6KqDg8oPBKc/yDGccl+470XP8MInsGrUdrso5dzfm3rh7EwCrZVGO9o59u rfDH04CEdgK60Hj/r29SJzXbanLzEuMbJdrTaHBAz4kcxSeELUHB80W9CDnP6QT1gxuQ 5Vjcz8hkS5JlrJUxsTkJQNk19l/wSz5OMlmr8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=skFzPzxzOZl4iyQuC6Z8yj0y3sADXmPouVrNkO4jtDo=; b=nR4dk3fxDuDpj++EXBTnWBmsa2isGuvM/HtfbkWHDJny9xULs3FtdKVjk4/i9yiLjx 695oqqcJCdTmXXxGGRxE2JDpbgUOK7HcU/1k5ocFh+mZ+Ucf1JAiNIHSc5K8ToX4naDh 5dKgem5VhF3PVFsuHUiflsfCJlh8P34OFlRtvTbr0Rcm6cVKtjiQXkahaIKaKJnoo8xR qluPY9UwdVSGwu1Rc0mkZRQLISXY/oa9fZZ+qDX8EM/L0yVnR5wI3B3ls7pbD33yZDv3 6708At7dtloinsmEJVuvvb2sWwVqsexILkHgrBx+wrE7imgs8PtHAk9m6sNAEkPgkxpw XLjg== X-Gm-Message-State: APzg51DfqgLZkNQeeiAlu4i43Kh/4k2IGz7oCQf+gE+L7tmVi7GPjXWc 1iN7UEva2uLnquZFjd6OiIq+ZQ== X-Google-Smtp-Source: ANB0VdaklE4oYTRRxZdtYi52bqjpzgVT1XrzalPwtMJV6zIZx9Iplzd5cfut8vFMATM+rx/1cB668w== X-Received: by 2002:a63:f751:: with SMTP id f17-v6mr17924670pgk.410.1537057876820; Sat, 15 Sep 2018 17:31:16 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id c78-v6sm14842149pfc.188.2018.09.15.17.31.08 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sat, 15 Sep 2018 17:31:14 -0700 (PDT) From: Kees Cook To: James Morris Cc: Kees Cook , Casey Schaufler , John Johansen , Tetsuo Handa , Paul Moore , Stephen Smalley , "Schaufler, Casey" , LSM , LKLM Subject: [PATCH 12/18] LSM: Introduce ordering details in struct lsm_info Date: Sat, 15 Sep 2018 17:30:53 -0700 Message-Id: <20180916003059.1046-13-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180916003059.1046-1-keescook@chromium.org> References: <20180916003059.1046-1-keescook@chromium.org> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Only minor LSMs have any ordering currently, but only capabilities actually need to go first, so provide either "absolutely first" or "mutable" ordering currently. Default order is "mutable". Signed-off-by: Kees Cook --- include/linux/lsm_hooks.h | 7 +++++++ security/security.c | 9 ++++++--- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 6e71e1c47fa1..89e6ec8eac07 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -2044,10 +2044,17 @@ enum lsm_type { LSM_TYPE_MINOR, }; +enum lsm_order { + LSM_ORDER_FIRST = -1, /* This is only for capabilities. */ + LSM_ORDER_MUTABLE = 0, + LSM_ORDER_MAX, +}; + struct lsm_info { const char *name; /* Populated automatically. */ int *enabled; /* Optional: NULL means enabled. */ enum lsm_type type; /* Optional: default is LSM_TYPE_EXCLUSIVE */ + enum lsm_order order; /* Optional: default is LSM_ORDER_MUTABLE */ int (*init)(void); }; diff --git a/security/security.c b/security/security.c index 3fedbee5f3ec..19afd7949426 100644 --- a/security/security.c +++ b/security/security.c @@ -96,10 +96,13 @@ static void __init maybe_enable_lsm(struct lsm_info *lsm) static void __init lsm_init(enum lsm_type type) { struct lsm_info *lsm; + enum lsm_order order; - for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { - if (lsm->type == type) - maybe_enable_lsm(lsm); + for (order = LSM_ORDER_FIRST; order < LSM_ORDER_MAX; order++) { + for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { + if (lsm->type == type && lsm->order == order) + maybe_enable_lsm(lsm); + } } } From patchwork Sun Sep 16 00:30:54 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10601623 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id C887313AD for ; Sun, 16 Sep 2018 00:31:49 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B797F2A647 for ; Sun, 16 Sep 2018 00:31:49 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id AB3ED2A648; Sun, 16 Sep 2018 00:31:49 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 58DAC2A649 for ; Sun, 16 Sep 2018 00:31:49 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727537AbeIPFwn (ORCPT ); Sun, 16 Sep 2018 01:52:43 -0400 Received: from mail-pg1-f193.google.com ([209.85.215.193]:45809 "EHLO mail-pg1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727452AbeIPFwM (ORCPT ); Sun, 16 Sep 2018 01:52:12 -0400 Received: by mail-pg1-f193.google.com with SMTP id x26-v6so6007227pge.12 for ; Sat, 15 Sep 2018 17:31:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=7Q3mcDF1Iy+AcAiBKA1xOkax77BkrDyqj4tYhY6FxOU=; b=OYdbjjnP+4pUdSlKS3IllhrM6tfxmk8S05p1bdi2Clng4x+WiVYoYSyp16do6zrazv I48L5xu4zB+bQ/LQivc+/JS5+BgnvPs0rhrLCGnRmgwvgBUSEidI74LCH1AnK9vYvGr7 4KhkJ6vyOm1/NKO+gSuvFehqWx+v4qldOVoyY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=7Q3mcDF1Iy+AcAiBKA1xOkax77BkrDyqj4tYhY6FxOU=; b=MwG3PyKIs4Eo2XO4UbS8hDU8kn9Yq6x3t6QQHTaz3HlGeTkO2lNec6O30sg4CPA4TT fxwaK5Uq6HpDY4ww6SfM/tj+h9VUO2hugT6tTdTISOe/Nh6Qyus3Je0TFOcTrZu0Bg+v BDH+4Z5zpUu6T3SOwxUnJU84i66mvrGGejVfry3kC9gNbYAC2iuKe2OFJzPwmUlKliYg GTiCWgf7AydTWW5Mav5WnSOF1kHh01I//QMJGklf+92AbnF/crG9jDIrtxREEGgqNqmB rH/cDYjszYE1v3m8u3ZFMq7pkHA6SQtaw+5z6AsfYK593pDSyRKuiTPFv6gi9z725zVw 1Hgg== X-Gm-Message-State: APzg51BeLINYWn0If01IeksWL8IemAKM5xEGd3G5mhNa3nsW2TElHXBX xW9wxRzEtv6ri5FElcg7TqwT8g== X-Google-Smtp-Source: ANB0VdYfNB49UnJN4Z2Wa6bYXlH4fBOWNXZuvmQ3adQGPnsgsWjbxGp8XdbzYKX0en0x7xwmLSe8NQ== X-Received: by 2002:a63:8f17:: with SMTP id n23-v6mr15987784pgd.131.1537057875922; Sat, 15 Sep 2018 17:31:15 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id j27-v6sm20611906pfj.91.2018.09.15.17.31.08 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sat, 15 Sep 2018 17:31:14 -0700 (PDT) From: Kees Cook To: James Morris Cc: Kees Cook , Casey Schaufler , John Johansen , Tetsuo Handa , Paul Moore , Stephen Smalley , "Schaufler, Casey" , LSM , LKLM Subject: [PATCH 13/18] LoadPin: Initialize as LSM_TYPE_MINOR Date: Sat, 15 Sep 2018 17:30:54 -0700 Message-Id: <20180916003059.1046-14-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180916003059.1046-1-keescook@chromium.org> References: <20180916003059.1046-1-keescook@chromium.org> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP This converts LoadPin to use the new LSM_TYPE_MINOR marking. Signed-off-by: Kees Cook --- include/linux/lsm_hooks.h | 5 ----- security/loadpin/loadpin.c | 11 +++++++++-- security/security.c | 1 - 3 files changed, 9 insertions(+), 8 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 89e6ec8eac07..5e0ca4a05091 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -2107,10 +2107,5 @@ extern void __init yama_add_hooks(void); #else static inline void __init yama_add_hooks(void) { } #endif -#ifdef CONFIG_SECURITY_LOADPIN -void __init loadpin_add_hooks(void); -#else -static inline void loadpin_add_hooks(void) { }; -#endif #endif /* ! __LINUX_LSM_HOOKS_H */ diff --git a/security/loadpin/loadpin.c b/security/loadpin/loadpin.c index 0716af28808a..8798d0b9b8e9 100644 --- a/security/loadpin/loadpin.c +++ b/security/loadpin/loadpin.c @@ -184,12 +184,19 @@ static struct security_hook_list loadpin_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(kernel_load_data, loadpin_load_data), }; -void __init loadpin_add_hooks(void) +static int __init loadpin_init(void) { - pr_info("ready to pin (currently %sabled)", enabled ? "en" : "dis"); + pr_info("ready to pin\n"); security_add_hooks(loadpin_hooks, ARRAY_SIZE(loadpin_hooks), "loadpin"); + return 0; } +DEFINE_LSM(loadpin) + .enabled = &enabled, + .type = LSM_TYPE_MINOR, + .init = loadpin_init, +END_LSM; + /* Should not be mutable after boot, so not listed in sysfs (perm == 0). */ module_param(enabled, int, 0); MODULE_PARM_DESC(enabled, "Pin module/firmware loading (default: true)"); diff --git a/security/security.c b/security/security.c index 19afd7949426..65d7ba1bc1ef 100644 --- a/security/security.c +++ b/security/security.c @@ -126,7 +126,6 @@ int __init security_init(void) */ capability_add_hooks(); yama_add_hooks(); - loadpin_add_hooks(); lsm_init(LSM_TYPE_MINOR); /* From patchwork Sun Sep 16 00:30:55 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10601617 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 355A813AD for ; Sun, 16 Sep 2018 00:31:31 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2471B2A647 for ; Sun, 16 Sep 2018 00:31:31 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 18C162A649; Sun, 16 Sep 2018 00:31:31 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0A4432A647 for ; Sun, 16 Sep 2018 00:31:27 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728317AbeIPFwO (ORCPT ); Sun, 16 Sep 2018 01:52:14 -0400 Received: from mail-pf1-f194.google.com ([209.85.210.194]:37860 "EHLO mail-pf1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728296AbeIPFwN (ORCPT ); Sun, 16 Sep 2018 01:52:13 -0400 Received: by mail-pf1-f194.google.com with SMTP id h69-v6so5927896pfd.4 for ; Sat, 15 Sep 2018 17:31:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=Zqm+45y3CwqjDH3PNBS+oFC+JGgE2+c9aAZo0Gv2nRM=; b=BjbEkjjcXDwOycmGy1HPB6giilzNOuG85J4iIgDv7cSYhIlikd3/HExfLREe96giP3 lSjbmNq0u3m245BlSen/nNc+1NIn3mRGw6Lj0whd3sneyMjShzhsR60WzsLaz84EfDu5 RSyKfCkB4aYFCz4Z2Rd32MV9bkJjNfMShhvp4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=Zqm+45y3CwqjDH3PNBS+oFC+JGgE2+c9aAZo0Gv2nRM=; b=kuAQ1Uh0+1RSDxJhXhsOK9MVk6hVEZlV1OiVMMAAWgOItcmIWla2x5CDk5VJ74qfWP xE9RbV7k8IQTea9HsZVRdbm/wSf3b5Tj0vLwITs+Tf6crpFC9bqeygBocaOraQWWuTdt p2yxLlm/5tDpD0EwLADTtAcyPcBIZqzE5G3Kd4ty3/e5PbTFBlQqo4XLwOcLWAkPndMC 3y59Bh0Ec2oZZlyLeLCPbjlHAgiDzl8d2EgcQIwtM9m7HUSxtxTG0WlpwtzVOLMIMFWO NzaUecA43RBVYFkir/s95Rd4ocIQAKf6DLi0YrkGonRv4AgSx5XpTzvoh/0gxb8eghOF cztw== X-Gm-Message-State: APzg51AyRUU7dEj9mByqN5gDN49MJ7RHUik9NpcCClO/rT66VigdP5EK DyReUJT2exw4x2c25qXeqh1M1g== X-Google-Smtp-Source: ANB0VdYZRUFUCBVifNyQyf+lFAYbSeDvSUMm38ouS+NA8SeI8e7eUA2f/puYmLvBMlns9ezIhVgqSw== X-Received: by 2002:a63:3f45:: with SMTP id m66-v6mr17636170pga.51.1537057877690; Sat, 15 Sep 2018 17:31:17 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id h20-v6sm12346360pgg.3.2018.09.15.17.31.08 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sat, 15 Sep 2018 17:31:14 -0700 (PDT) From: Kees Cook To: James Morris Cc: Kees Cook , Casey Schaufler , John Johansen , Tetsuo Handa , Paul Moore , Stephen Smalley , "Schaufler, Casey" , LSM , LKLM Subject: [PATCH 14/18] Yama: Initialize as LSM_TYPE_MINOR Date: Sat, 15 Sep 2018 17:30:55 -0700 Message-Id: <20180916003059.1046-15-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180916003059.1046-1-keescook@chromium.org> References: <20180916003059.1046-1-keescook@chromium.org> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP This converts Yama to use the new LSM_TYPE_MINOR marking. Signed-off-by: Kees Cook --- include/linux/lsm_hooks.h | 5 ----- security/security.c | 1 - security/yama/yama_lsm.c | 8 +++++++- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 5e0ca4a05091..0564153130c8 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -2102,10 +2102,5 @@ static inline void security_delete_hooks(struct security_hook_list *hooks, #endif /* CONFIG_SECURITY_WRITABLE_HOOKS */ extern void __init capability_add_hooks(void); -#ifdef CONFIG_SECURITY_YAMA -extern void __init yama_add_hooks(void); -#else -static inline void __init yama_add_hooks(void) { } -#endif #endif /* ! __LINUX_LSM_HOOKS_H */ diff --git a/security/security.c b/security/security.c index 65d7ba1bc1ef..c6ca07fc0771 100644 --- a/security/security.c +++ b/security/security.c @@ -125,7 +125,6 @@ int __init security_init(void) * Load minor LSMs, with the capability module always first. */ capability_add_hooks(); - yama_add_hooks(); lsm_init(LSM_TYPE_MINOR); /* diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c index ffda91a4a1aa..e970917926d9 100644 --- a/security/yama/yama_lsm.c +++ b/security/yama/yama_lsm.c @@ -477,9 +477,15 @@ static void __init yama_init_sysctl(void) static inline void yama_init_sysctl(void) { } #endif /* CONFIG_SYSCTL */ -void __init yama_add_hooks(void) +static int __init yama_init(void) { pr_info("Yama: becoming mindful.\n"); security_add_hooks(yama_hooks, ARRAY_SIZE(yama_hooks), "yama"); yama_init_sysctl(); + return 0; } + +DEFINE_LSM(yama) + .type = LSM_TYPE_MINOR, + .init = yama_init, +END_LSM; From patchwork Sun Sep 16 00:30:56 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10601615 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 206BA13AD for ; Sun, 16 Sep 2018 00:31:27 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0A5022A648 for ; Sun, 16 Sep 2018 00:31:27 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id F24112A64D; Sun, 16 Sep 2018 00:31:26 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 973612A647 for ; Sun, 16 Sep 2018 00:31:26 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726656AbeIPFwV (ORCPT ); Sun, 16 Sep 2018 01:52:21 -0400 Received: from mail-pf1-f196.google.com ([209.85.210.196]:43866 "EHLO mail-pf1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728155AbeIPFwO (ORCPT ); Sun, 16 Sep 2018 01:52:14 -0400 Received: by mail-pf1-f196.google.com with SMTP id j26-v6so5910462pfi.10 for ; Sat, 15 Sep 2018 17:31:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=ZygDN+GKMdmfwM3rhwi50SUesxIf3Y1MGUgzBmc4P3E=; b=ZnQPCYrrvnEUrw1AEs1QnIOLhqnKniP2gEILD8MCwlx0ZIUjOJUOsWj19vTjRUisJf PcAPlkf1igpkEHCXtF3VUeLdQXPIy7id8V6CsjF9cm51Qv5C+xPHziYnSlPOAa4vfAMv oT1Di4yXwwMVFyOOOxKPhHn04g/apqO1L/ers= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=ZygDN+GKMdmfwM3rhwi50SUesxIf3Y1MGUgzBmc4P3E=; b=PRzbXYG1+21bbuviEbvGPBjXRhoaLC5+JSgUgwcWFkwZc3J9e8Oun1eZSOiBPH7NbB Ih0YQoQ7VrzSbNlUjrxnfw/YLQq0+Bq2INMSfdK83vg1lsdmcLImzueEuh7I0YyhHdLK +gwZpDgr1D4lfRT+lm2kaVC8dDrI5oCFg+Ofpj7+n/KvDnlZTb4dUApEvGaJf1QCFHWr C5BJnljc5JG7HfRFnrGBiK1cMji3g5IdFIkuveNsiVFcFThbk6vYmScp6jWALKuhL0e3 PXTmVCmxI/oSqtX7eQtDgyI7qAQshEuncx9PTYLaYfZAImpl2QYYiePdjpZCUPQwKPW1 /R6g== X-Gm-Message-State: APzg51DsXnpSZbqwgvayeX5fZ/RPMrdKF8ZkD9PJi1ZQgxeAfK3ceHl7 JpSbOHoa7bo3SeEon3wyPUYXEg== X-Google-Smtp-Source: ANB0VdbP3het6oYARDPqls52ntBFd/SJ5yaE0lenr89A9qW1H2Hnk7ngoTORUUUYY31z3ST8ER57/w== X-Received: by 2002:a62:c008:: with SMTP id x8-v6mr19211170pff.149.1537057878544; Sat, 15 Sep 2018 17:31:18 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id s3-v6sm16246688pgj.84.2018.09.15.17.31.09 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sat, 15 Sep 2018 17:31:14 -0700 (PDT) From: Kees Cook To: James Morris Cc: Kees Cook , Casey Schaufler , John Johansen , Tetsuo Handa , Paul Moore , Stephen Smalley , "Schaufler, Casey" , LSM , LKLM Subject: [PATCH 15/18] capability: Initialize as LSM_TYPE_MINOR Date: Sat, 15 Sep 2018 17:30:56 -0700 Message-Id: <20180916003059.1046-16-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180916003059.1046-1-keescook@chromium.org> References: <20180916003059.1046-1-keescook@chromium.org> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP This converts capabilities to use the new LSM_TYPE_MINOR marking, as well as the LSM_ORDER_FIRST position. Signed-off-by: Kees Cook --- include/linux/lsm_hooks.h | 2 -- security/commoncap.c | 9 ++++++++- security/security.c | 1 - 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 0564153130c8..f2949744a5d3 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -2101,6 +2101,4 @@ static inline void security_delete_hooks(struct security_hook_list *hooks, #define __lsm_ro_after_init __ro_after_init #endif /* CONFIG_SECURITY_WRITABLE_HOOKS */ -extern void __init capability_add_hooks(void); - #endif /* ! __LINUX_LSM_HOOKS_H */ diff --git a/security/commoncap.c b/security/commoncap.c index 2e489d6a3ac8..44e7a9260f89 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -1366,10 +1366,17 @@ struct security_hook_list capability_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(vm_enough_memory, cap_vm_enough_memory), }; -void __init capability_add_hooks(void) +static int __init capability_init(void) { security_add_hooks(capability_hooks, ARRAY_SIZE(capability_hooks), "capability"); + return 0; } +DEFINE_LSM(capability) + .order = LSM_ORDER_FIRST, + .type = LSM_TYPE_MINOR, + .init = capability_init, +END_LSM; + #endif /* CONFIG_SECURITY */ diff --git a/security/security.c b/security/security.c index c6ca07fc0771..67532326a0ce 100644 --- a/security/security.c +++ b/security/security.c @@ -124,7 +124,6 @@ int __init security_init(void) /* * Load minor LSMs, with the capability module always first. */ - capability_add_hooks(); lsm_init(LSM_TYPE_MINOR); /* From patchwork Sun Sep 16 00:30:57 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10601641 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 6660A13AD for ; Sun, 16 Sep 2018 00:38:55 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5AF8E2A024 for ; Sun, 16 Sep 2018 00:38:55 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 4F3242A03F; Sun, 16 Sep 2018 00:38:55 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9E30C2A024 for ; Sun, 16 Sep 2018 00:38:54 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728171AbeIPF7v (ORCPT ); Sun, 16 Sep 2018 01:59:51 -0400 Received: from mail-pl1-f196.google.com ([209.85.214.196]:39284 "EHLO mail-pl1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728154AbeIPF7u (ORCPT ); Sun, 16 Sep 2018 01:59:50 -0400 Received: by mail-pl1-f196.google.com with SMTP id w14-v6so5783273plp.6 for ; Sat, 15 Sep 2018 17:38:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=VQRyrUWXnb8AuNAtpkPCS0fYxsM62KDeN7UFNaKV3mc=; b=XZLbiTN+JwKzW9hhUi0OTC36CiTE/PlRyC4WnQA1fZLI/YnMVHPIK50v5u5p1QHMfG ePxssnT0/wcSvDkqS5r1bHtQ0kpBdGLi7iAHq6h6TJ+bx0CjXkBD9LwpcchuZdiYglmt CaXmuC6JFbgnZY6vYjPAhTB3fmw+OdXltX7Dk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=VQRyrUWXnb8AuNAtpkPCS0fYxsM62KDeN7UFNaKV3mc=; b=N8HvAdY5XHFe9ziGHvKniu+n9ZEuHa6UBan+fYpHXF4MjvxVSVc5B/8HdzZGXuctTX r1ouVnts+D+PbZr00tm1iVxxrZe6WUzwFTxSjxblm4TDb5me0RdictZxTVw9jzrOrEld cjAXcbfrEdXxt9LF9KVGCPlwQzwrNTqM3dn8LZBgWQYlNdRIO6wL61LSXydjJskwFqXC F/DPhTdVdd/SuUduxNgfAQU0SrQSgjFk7Vw4jnffbcVY/dx+e6Evj4MGIerGriVXudIm MsYXVLt+w3983F9syYZYnc19I5XAdl5XvuQgAzN7HjCEIobZgk2RDnJAt1dOTBbRVo1T +1fQ== X-Gm-Message-State: APzg51AqdhHtaRj8Kedzd+IYVTdr9wb/peo8agtVuvFXz9lUqYLjCmp2 0VHD9mFabZp9u+fgSqUBxZ94hg== X-Google-Smtp-Source: ANB0VdaRbmpI00JyLlOk81D7Vdq+FYb4F7SfgN1DYBYHFMtte7R134Av8PjYjIsg0x3C/nzY+RgoXA== X-Received: by 2002:a17:902:7402:: with SMTP id g2-v6mr18388655pll.321.1537058332274; Sat, 15 Sep 2018 17:38:52 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id a2-v6sm10913499pgc.68.2018.09.15.17.38.48 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sat, 15 Sep 2018 17:38:49 -0700 (PDT) From: Kees Cook To: James Morris Cc: Kees Cook , Casey Schaufler , John Johansen , Tetsuo Handa , Paul Moore , Stephen Smalley , "Schaufler, Casey" , LSM , LKLM Subject: [PATCH 16/18] LSM: Allow arbitrary LSM ordering Date: Sat, 15 Sep 2018 17:30:57 -0700 Message-Id: <20180916003059.1046-17-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180916003059.1046-1-keescook@chromium.org> References: <20180916003059.1046-1-keescook@chromium.org> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP To prepare for having a third type of LSM ("shared blob"), this implements dynamic handling of LSM ordering. The visible change here is that the "security=" boot commandline is now a comma-separated ordered list of all LSMs, not just the single "exclusive" LSM. This means that the "minor" LSMs can now be disabled at boot time by omitting them from the commandline. Additionally LSM ordering becomes entirely mutable for LSMs with LSM_ORDER_MUTABLE ("capability" is not mutable and is always enabled first). Signed-off-by: Kees Cook --- .../admin-guide/kernel-parameters.txt | 13 +- security/security.c | 145 ++++++++++++++---- 2 files changed, 126 insertions(+), 32 deletions(-) diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index 9871e649ffef..6d6bb9481193 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -4027,11 +4027,14 @@ Note: increases power consumption, thus should only be enabled if running jitter sensitive (HPC/RT) workloads. - security= [SECURITY] Choose a security module to enable at boot. - If this boot parameter is not specified, only the first - security module asking for security registration will be - loaded. An invalid security module name will be treated - as if no module has been chosen. + security= [SECURITY] An ordered comma-separated list of + security modules to attempt to enable at boot. If + this boot parameter is not specified, only the + security modules asking for initialization will be + enabled (see CONFIG_DEFAULT_SECURITY). Duplicate + or invalid security modules will be ignored. The + capability module is always loaded first, without + regard to this parameter. selinux= [SELINUX] Disable or enable SELinux at boot time. Format: { "0" | "1" } diff --git a/security/security.c b/security/security.c index 67532326a0ce..f09a4bb3cb86 100644 --- a/security/security.c +++ b/security/security.c @@ -32,17 +32,18 @@ #define MAX_LSM_EVM_XATTR 2 -/* Maximum number of letters for an LSM name string */ -#define SECURITY_NAME_MAX 10 +/* How many LSMs were built into the kernel? */ +#define LSM_COUNT (__end_lsm_info - __start_lsm_info) struct security_hook_heads security_hook_heads __lsm_ro_after_init; static ATOMIC_NOTIFIER_HEAD(lsm_notifier_chain); char *lsm_names; /* Boot-time LSM user choice */ -static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] = - CONFIG_DEFAULT_SECURITY; +static const char *bootparam_lsms; +/* Ordered list of possible LSMs to initialize. */ +static struct lsm_info **possible_lsms __initdata; static struct lsm_info *exclusive __initdata; /* Mark an LSM's enabled flag, if it exists. */ @@ -52,6 +53,108 @@ static void __init set_enabled(struct lsm_info *lsm, bool enabled) *lsm->enabled = enabled; } +/* Is an LSM already listed in the possible LSMs list? */ +static bool __init possible_lsm(struct lsm_info *lsm) +{ + struct lsm_info **check; + + for (check = possible_lsms; *check; check++) + if (*check == lsm) + return true; + + return false; +} + +/* Append an LSM to the list of possible LSMs to initialize. */ +static int last_lsm __initdata; +static void __init append_possible_lsm(struct lsm_info *lsm, const char *from) +{ + /* Ignore duplicate selections. */ + if (possible_lsm(lsm)) { + return; + } + + if (WARN(last_lsm == LSM_COUNT, "%s: out of LSM slots!?\n", from)) + return; + + possible_lsms[last_lsm++] = lsm; +} + +/* Default boot: populate possible LSMs list with builtin ordering. */ +static void __init prepare_lsm_order_builtin(void) +{ + struct lsm_info *lsm; + + /* All minor LSMs should go next. */ + for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { + if (lsm->type == LSM_TYPE_MINOR && + lsm->order == LSM_ORDER_MUTABLE) + append_possible_lsm(lsm, "builtin minor"); + } + + /* Then the CONFIG_DEFAULT_SECURITY exclusive LSM. */ + for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { + if (lsm->type == LSM_TYPE_EXCLUSIVE && + !strcmp(CONFIG_DEFAULT_SECURITY, lsm->name)) + append_possible_lsm(lsm, "builtin default"); + } + + /* Then other exclusive LSMs, in case above is disabled. */ + for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { + if (lsm->type == LSM_TYPE_EXCLUSIVE && + strcmp(CONFIG_DEFAULT_SECURITY, lsm->name)) + append_possible_lsm(lsm, "builtin extra"); + } +} + +/* "security=" boot: populate possible LSMs list from boot commandline. */ +static void __init prepare_lsm_order_commandline(void) +{ + struct lsm_info *lsm; + char *sep, *name, *next; + + sep = kstrdup(bootparam_lsms, GFP_KERNEL); + next = sep; + /* Walk commandline list, looking for matching LSMs. */ + while ((name = strsep(&next, ",")) != NULL) { + for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { + if (lsm->order == LSM_ORDER_MUTABLE && + !strcmp(lsm->name, name)) { + append_possible_lsm(lsm, "commandline"); + } + } + } + kfree(sep); + + /* Mark any LSMs missing from commandline as explicitly disabled. */ + for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { + if (lsm->order == LSM_ORDER_MUTABLE) { + if (possible_lsm(lsm)) + continue; + + set_enabled(lsm, false); + } + } +} + +/* Populate possible LSMs list from build order or commandline order. */ +static void __init prepare_lsm_order(void) +{ + struct lsm_info *lsm; + + /* LSM_ORDER_FIRST is always first. */ + for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { + if (lsm->order == LSM_ORDER_FIRST) + append_possible_lsm(lsm, "first"); + } + + /* If no commandline order defined, use builtin order. */ + if (!bootparam_lsms) + prepare_lsm_order_builtin(); + else + prepare_lsm_order_commandline(); +} + /* Is an LSM allowed to be enabled? */ static bool __init lsm_enabled(struct lsm_info *lsm) { @@ -69,10 +172,6 @@ static bool __init lsm_enabled(struct lsm_info *lsm) if (exclusive) return false; - /* Disabled if this LSM isn't the chosen one. */ - if (strcmp(lsm->name, chosen_lsm) != 0) - return false; - return true; } @@ -93,17 +192,13 @@ static void __init maybe_enable_lsm(struct lsm_info *lsm) } } -static void __init lsm_init(enum lsm_type type) +/* Initialize all possible LSMs in order, if they are enabled. */ +static void __init lsm_init(void) { - struct lsm_info *lsm; - enum lsm_order order; + struct lsm_info **lsm; - for (order = LSM_ORDER_FIRST; order < LSM_ORDER_MAX; order++) { - for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { - if (lsm->type == type && lsm->order == order) - maybe_enable_lsm(lsm); - } - } + for (lsm = possible_lsms; *lsm; lsm++) + maybe_enable_lsm(*lsm); } /** @@ -119,25 +214,21 @@ int __init security_init(void) for (i = 0; i < sizeof(security_hook_heads) / sizeof(struct hlist_head); i++) INIT_HLIST_HEAD(&list[i]); + possible_lsms = kcalloc(LSM_COUNT + 1, sizeof(*possible_lsms), + GFP_KERNEL); pr_info("Security Framework initialized\n"); - /* - * Load minor LSMs, with the capability module always first. - */ - lsm_init(LSM_TYPE_MINOR); - - /* - * Load all the remaining security modules. - */ - lsm_init(LSM_TYPE_EXCLUSIVE); + prepare_lsm_order(); + lsm_init(); + kfree(possible_lsms); return 0; } /* Save user chosen LSM */ static int __init choose_lsm(char *str) { - strncpy(chosen_lsm, str, SECURITY_NAME_MAX); + bootparam_lsms = str; return 1; } __setup("security=", choose_lsm); From patchwork Sun Sep 16 00:30:58 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10601639 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 9EFCC13AD for ; Sun, 16 Sep 2018 00:38:52 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8AFB32A024 for ; Sun, 16 Sep 2018 00:38:52 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 7DEFF2A03F; Sun, 16 Sep 2018 00:38:52 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id ECB2F2A024 for ; Sun, 16 Sep 2018 00:38:51 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727314AbeIPF7s (ORCPT ); Sun, 16 Sep 2018 01:59:48 -0400 Received: from mail-pf1-f194.google.com ([209.85.210.194]:45397 "EHLO mail-pf1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726479AbeIPF7s (ORCPT ); Sun, 16 Sep 2018 01:59:48 -0400 Received: by mail-pf1-f194.google.com with SMTP id i26-v6so5911524pfo.12 for ; Sat, 15 Sep 2018 17:38:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=h2a8mtVOqwOdVQK0JP99dIDkyrDFiG7OKha89K/kGZo=; b=ofzqINPOfpLuNLuL9A2VCBKjO5QtQrS9dGNUj0eZQvRxPSZZDiEcE4Ojf+uHoMbcCV 3MyEwqG5pnTFTpymwuLZqkh8Y9xVY26R/4h42Jrvv/AIPxy6Q8YAV3cyQOjcP0dmPlzz hUdCUI0OQbfEigCM1dswQZJxlHle0Spr2CuZs= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=h2a8mtVOqwOdVQK0JP99dIDkyrDFiG7OKha89K/kGZo=; b=CV6HdTUBjkV2JsNR4ZO5B21a0L6sEJTtwQ+3tutfNiznAvUSvtQL8D+LLxIyadE9Lq PGsahkMq2pH5P3ME2czVsQqv88AsZ8TBn+AKuMe8fH7uONVQR81tjMltVWt2EtRYvF0a Nj/jGmQ+QVxSGYium6H1nFk9XFu54A9BADSNdlFGLgSjiwDCFDAOBukG9Xt/1zYzCLvw icLEdr1tjmjxt8s90NEHNUP7SuPV0ZdvGGoCn74YYe5urcAi43xm4vr+qb8ODUUhAKyG 9GJRAep95bm9xD8Vl23MoGTdWQOXcbMfHKCFtjKrYHuL5S4pBmb3rrsrGN5jnk2lVtEk LBUg== X-Gm-Message-State: APzg51Bb+jndW7LpUKtcifcl4oYETdF7ac8Ivfl+TuUZ1+o7Nj+3N0uG 5oXsfmP/pX22ZHFh4nPGyKzi/g== X-Google-Smtp-Source: ANB0VdYRnkvgbnKbIAgkQ1GPwRJC+dvqK3+qjofA9c3G6qrJjJ0pcpDh3mGVbtv1gJQztqOUFTU+QQ== X-Received: by 2002:a62:7e93:: with SMTP id z141-v6mr19351317pfc.14.1537058330398; Sat, 15 Sep 2018 17:38:50 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id l127-v6sm17374187pfc.55.2018.09.15.17.38.48 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sat, 15 Sep 2018 17:38:49 -0700 (PDT) From: Kees Cook To: James Morris Cc: Kees Cook , Casey Schaufler , John Johansen , Tetsuo Handa , Paul Moore , Stephen Smalley , "Schaufler, Casey" , LSM , LKLM Subject: [PATCH 17/18] LSM: Provide init debugging Date: Sat, 15 Sep 2018 17:30:58 -0700 Message-Id: <20180916003059.1046-18-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180916003059.1046-1-keescook@chromium.org> References: <20180916003059.1046-1-keescook@chromium.org> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Booting with "lsm.debug" will report details on how LSM ordering decisions are being made. Additionally changes tense of "Framework initialized" to "... initializing" since it hadn't finished its work yet. Signed-off-by: Kees Cook --- .../admin-guide/kernel-parameters.txt | 2 ++ security/security.c | 30 ++++++++++++++++++- 2 files changed, 31 insertions(+), 1 deletion(-) diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index 6d6bb9481193..c3e44a27c86a 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -2274,6 +2274,8 @@ ltpc= [NET] Format: ,, + lsm.debug [SECURITY] Enable LSM initialization debugging output. + machvec= [IA-64] Force the use of a particular machine-vector (machvec) in a generic kernel. Example: machvec=hpzx1_swiotlb diff --git a/security/security.c b/security/security.c index f09a4bb3cb86..3b84b7eeb08c 100644 --- a/security/security.c +++ b/security/security.c @@ -12,6 +12,8 @@ * (at your option) any later version. */ +#define pr_fmt(fmt) "LSM: " fmt + #include #include #include @@ -46,6 +48,13 @@ static const char *bootparam_lsms; static struct lsm_info **possible_lsms __initdata; static struct lsm_info *exclusive __initdata; +static bool debug __initdata; +#define init_debug(...) \ + do { \ + if (debug) \ + pr_info(__VA_ARGS__); \ + } while (0) + /* Mark an LSM's enabled flag, if it exists. */ static void __init set_enabled(struct lsm_info *lsm, bool enabled) { @@ -71,6 +80,7 @@ static void __init append_possible_lsm(struct lsm_info *lsm, const char *from) { /* Ignore duplicate selections. */ if (possible_lsm(lsm)) { + init_debug("duplicate: %s\n", lsm->name); return; } @@ -78,6 +88,7 @@ static void __init append_possible_lsm(struct lsm_info *lsm, const char *from) return; possible_lsms[last_lsm++] = lsm; + init_debug("%s possible: %s\n", from, lsm->name); } /* Default boot: populate possible LSMs list with builtin ordering. */ @@ -117,12 +128,18 @@ static void __init prepare_lsm_order_commandline(void) next = sep; /* Walk commandline list, looking for matching LSMs. */ while ((name = strsep(&next, ",")) != NULL) { + bool found = false; + for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { if (lsm->order == LSM_ORDER_MUTABLE && !strcmp(lsm->name, name)) { append_possible_lsm(lsm, "commandline"); + found = true; } } + + if (!found) + init_debug("ignoring: %s\n", name); } kfree(sep); @@ -133,6 +150,7 @@ static void __init prepare_lsm_order_commandline(void) continue; set_enabled(lsm, false); + init_debug("disabled: %s\n", lsm->name); } } } @@ -187,6 +205,7 @@ static void __init maybe_enable_lsm(struct lsm_info *lsm) if (enabled) { if (lsm->type == LSM_TYPE_EXCLUSIVE) { exclusive = lsm; + init_debug("exclusive: %s\n", exclusive->name); } lsm->init(); } @@ -211,12 +230,13 @@ int __init security_init(void) int i; struct hlist_head *list = (struct hlist_head *) &security_hook_heads; + pr_info("Security Framework initializing\n"); + for (i = 0; i < sizeof(security_hook_heads) / sizeof(struct hlist_head); i++) INIT_HLIST_HEAD(&list[i]); possible_lsms = kcalloc(LSM_COUNT + 1, sizeof(*possible_lsms), GFP_KERNEL); - pr_info("Security Framework initialized\n"); prepare_lsm_order(); lsm_init(); @@ -233,6 +253,14 @@ static int __init choose_lsm(char *str) } __setup("security=", choose_lsm); +/* Enable LSM order debugging. */ +static int __init enable_debug(char *str) +{ + debug = true; + return 1; +} +__setup("lsm.debug", enable_debug); + static bool match_last_lsm(const char *list, const char *lsm) { const char *last; From patchwork Sun Sep 16 00:30:59 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10601643 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id DD57313AD for ; Sun, 16 Sep 2018 00:39:03 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id AB5BB2A024 for ; Sun, 16 Sep 2018 00:39:03 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 9F55D2A03F; Sun, 16 Sep 2018 00:39:03 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5571E2A024 for ; Sun, 16 Sep 2018 00:39:03 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728090AbeIPF7t (ORCPT ); Sun, 16 Sep 2018 01:59:49 -0400 Received: from mail-pf1-f193.google.com ([209.85.210.193]:39550 "EHLO mail-pf1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727747AbeIPF7t (ORCPT ); Sun, 16 Sep 2018 01:59:49 -0400 Received: by mail-pf1-f193.google.com with SMTP id j8-v6so5931473pff.6 for ; Sat, 15 Sep 2018 17:38:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=2uODomYPzcjoTQQPESLleriIuqidQ5xqsN+C5mdVLUU=; b=jh/fYOrus0NcGv3zrDb+DvAW8rZwHjKGZcKpIKMJuLsff/l5JVlANpaOP070W9VMG8 1UcOtTzXPlBDj7MfFCEPXQNWkZ0ZwX9D6yR7N1XDv6cxPRjQ1vfuqZqKeYPJ+PL6pgUn FqDdizPT+5O1jjmaSB2TS8cE0cPDgFTrVouNw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=2uODomYPzcjoTQQPESLleriIuqidQ5xqsN+C5mdVLUU=; b=B6hazyDfst5XuZhnTQgOrZFGH5e75Z9wSxQB8ETPHIBQcbA1OhUvy3y85hqsNYcbZb I0Y/TP4eTZBKUWfMqRSz2HkoFXP1fqabDpi/3awX7StESHJlEfM1kcg58k4igdBI0uUb KL19/ZPUPcgaXKKowMk8uwvLOt8fOadxMagP8RU9tHOTRVoipcZUcirWEtZlDCAbywgn xeN6Qt+c01PCZWYtN83W7M2kWgJiZC1eAYd+Sww2/6pfzxr+eRnFVO237pzZO1PeZccl J+KHzKHtJwG00xFanCU6Djj1XliHJ1ugdftPzR7R/DO7Ap/mPr9rezGekzABP3PnioYS bVgg== X-Gm-Message-State: APzg51DWbtVSE/wroqHLOkLjhWIHWzJC+WQ3eaVgZkZsghSuFh7659Yz zhMNcHFbml8jLlFQHbWvnaz/5Q== X-Google-Smtp-Source: ANB0VdaLFr+t4RZrdeBw08gmHeu1924582FoaTeMwO3RjRxuIKCp1Zkl4V350pfuWSOg5TwBYktKPA== X-Received: by 2002:a62:2c53:: with SMTP id s80-v6mr19015526pfs.154.1537058331240; Sat, 15 Sep 2018 17:38:51 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id 5-v6sm14160058pgc.86.2018.09.15.17.38.48 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sat, 15 Sep 2018 17:38:49 -0700 (PDT) From: Kees Cook To: James Morris Cc: Kees Cook , Casey Schaufler , John Johansen , Tetsuo Handa , Paul Moore , Stephen Smalley , "Schaufler, Casey" , LSM , LKLM Subject: [PATCH 18/18] LSM: Don't ignore initialization failures Date: Sat, 15 Sep 2018 17:30:59 -0700 Message-Id: <20180916003059.1046-19-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180916003059.1046-1-keescook@chromium.org> References: <20180916003059.1046-1-keescook@chromium.org> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP LSM initialization failures have traditionally been ignored. We should at least WARN when something goes wrong. Signed-off-by: Kees Cook --- security/security.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/security/security.c b/security/security.c index 3b84b7eeb08c..a7796e522f72 100644 --- a/security/security.c +++ b/security/security.c @@ -203,11 +203,15 @@ static void __init maybe_enable_lsm(struct lsm_info *lsm) /* If selected, initialize the LSM. */ if (enabled) { + int ret; + if (lsm->type == LSM_TYPE_EXCLUSIVE) { exclusive = lsm; init_debug("exclusive: %s\n", exclusive->name); } - lsm->init(); + + ret = lsm->init(); + WARN(ret, "%s failed to initialize: %d\n", lsm->name, ret); } }