From patchwork Wed Apr 9 18:49:46 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul Moore X-Patchwork-Id: 14045242 Received: from mail-qv1-f54.google.com (mail-qv1-f54.google.com [209.85.219.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C4CD4277029 for ; Wed, 9 Apr 2025 18:53:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.54 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744224814; cv=none; b=DyhimaKyDnll2Uq+tbA3u/0guwuQhSjBEngBpM81rtwLVATck1WIDe5moHuBgt+aAt+CYe0vzI9+1p9Yvha2tOF6UdBwrF1btcmhMeUcFiAvLIbn+Fhu6CSiTvxvjhHa5IGPMVqBASiYOrkKdSSG9abxZtSyZqf3PCge1EF0K3A= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744224814; c=relaxed/simple; bh=pST0Jy42PlsO0MpZv3Tmw04rGz8RTx/Oz6ErubDMxwo=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ltsVB4MZK6JayMg7g3K9Okq7izwx+1bAkTda8hfNJqSGdzc1NCNv8GjmtvM22iujTO4HHjzQ1nniYyx+F3pJCtZoWUQjuz8Is9zYoTEdTfj5Pq+vx9+Bm7VFyxbvLpBFj8nPQYgW8UwWa/5Ukh1VF18zbj74Bma9vbLl+1CjseA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com; spf=pass smtp.mailfrom=paul-moore.com; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b=Ijz3mOeC; arc=none smtp.client-ip=209.85.219.54 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b="Ijz3mOeC" Received: by mail-qv1-f54.google.com with SMTP id 6a1803df08f44-6e8f06e13a4so11156446d6.0 for ; Wed, 09 Apr 2025 11:53:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore.com; s=google; t=1744224810; x=1744829610; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=riL1KUp604CYpD1AiWNliF00+qwNhMr/LsXwK6I/EDI=; b=Ijz3mOeCYOdU2GA2D1wzEdTUDjv/ZRKlMR/dP/01ML0nFTLB/rBeuF2E8Wfmqss530 y/487Hj0e8tP2JIXYS0weUINerXes5OIrF3xHWiK4ItbTwgUit4uDJksfI8Iyftz9RhB 71FnfF1CpAH3RlFaAenEJ5BwTOp/tko7YbdroKoSaE9C02v869LLM/jK4k/ciMOFqYPz i4DId0FdCGbuBiRQSrwwkSnsHfmp/lymZC/lp2UYDElXVzqFPiBRAJOMS5QyFHKjWH3F ucnizQL1f8ncPMFrlDZXMWtJF9K84uorrkphcmsz86Mu/2AF5K9jkLsZvfDJszTk2JPq aimA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744224810; x=1744829610; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=riL1KUp604CYpD1AiWNliF00+qwNhMr/LsXwK6I/EDI=; b=BVDC2ta0o8OfGio1iDCXbPmFrXWXwpCy7YaS/TZnUvtbLJFW3y++KVtVvgVdDI/wZk 0hbBDCuiRkZKJVKVZ9sXu95+kCe00jUnks0e1JaO9Gre505IhB9lFeLHSee8Nvk3H1u6 0RERP9xf5NbhBbmsBZRI8KzIIVn6Mp9hldcFU3L+IlllRAxntpv8AHaB7A7C9JfTTd1n 6fH0EoTFHBpMIMHhrr/OTX6orb2WJ2PZxg7RTbsxWPGyomdi/SafcXNldOW7xDBj49vx +zEshEcc9mWltlpgcBgYp9X2Eu/1uJ5fVO2WzVJC4zVdgNbwgGdyNKr3FWx3DCioJtOS trvg== X-Gm-Message-State: AOJu0YyBPlZ5APjyMa8RGVdLJymXo/CQ8C4SnKj9AAJiphCcppamN6io tCDBWlQPnjyUTkm7nyif2FXCU29LNZOp2XfO6pV9li7HuAKBvbu9uFyDEjlCNqJyt0rgPS5t6tQ = X-Gm-Gg: ASbGncsI51HPwy9e6Fa98A6bqtSf4FjsFL4T+MVg5lxG0/wxMp6A9pegYjbY9h1Zrmb +lNBkkfgAalYe7kXdx+7GuBV8zV0amKxjRe6KBD5vNpP/5bxx92NICk71mJE0+l9sEf+Qvho96y y0B/NY45HplLMZMPdr55UvIuN/z/v/qo07LQXlZZziGHYXFe7jMwN0ysRtMaHJUU3AKzr4cIOKt txIiZ1rraItJFVSskRPE14E0LOO3uuvg7fbXkSi3rJTXZSoKGqzP4hU2U30/0lq1xR1b6p2hT+B RkwtWo4+VjOem7dfbqFWmAuCT85+6PdWmKC0IqszssQ+ICjq2rfVkaAcmJuiItXJ+9ODFaeKb4k RHo6o8tXpYpKEYh1P25Zl X-Google-Smtp-Source: AGHT+IGGqQ+5TDtMPJUftGLobaOx7r+y0xyJI6orbJraNyiHa62EsNyYAeQTLymIJ5NZ2wzofRrAVg== X-Received: by 2002:a05:6214:29e3:b0:6d9:ac3:e730 with SMTP id 6a1803df08f44-6f0e4c543fcmr8888226d6.5.1744224810451; Wed, 09 Apr 2025 11:53:30 -0700 (PDT) Received: from localhost (pool-71-126-255-178.bstnma.fios.verizon.net. [71.126.255.178]) by smtp.gmail.com with UTF8SMTPSA id 6a1803df08f44-6f0de9732f1sm10627506d6.44.2025.04.09.11.53.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Apr 2025 11:53:30 -0700 (PDT) From: Paul Moore To: linux-security-module@vger.kernel.org, linux-integrity@vger.kernel.org, selinux@vger.kernel.org Cc: John Johansen , Mimi Zohar , Roberto Sassu , Fan Wu , =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , =?utf-8?q?G=C3=BCnt?= =?utf-8?q?her_Noack?= , Kees Cook , Micah Morton , Casey Schaufler , Tetsuo Handa Subject: [RFC PATCH 01/29] lsm: split the notifier code out into lsm_notifier.c Date: Wed, 9 Apr 2025 14:49:46 -0400 Message-ID: <20250409185019.238841-32-paul@paul-moore.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20250409185019.238841-31-paul@paul-moore.com> References: <20250409185019.238841-31-paul@paul-moore.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=3373; i=paul@paul-moore.com; h=from:subject; bh=pST0Jy42PlsO0MpZv3Tmw04rGz8RTx/Oz6ErubDMxwo=; b=owEBbQKS/ZANAwAIAeog8tqXN4lzAcsmYgBn9sFrd2BQ5kvOfAZSK6RvKZzIqRR99lLiF2bqN pnGNiXi9MWJAjMEAAEIAB0WIQRLQqjPB/KZ1VSXfu/qIPLalzeJcwUCZ/bBawAKCRDqIPLalzeJ cwOQD/9bfknkxydw8DwctdBJLYfuqvr64I6HAlZQL5my5A8Wg3Vo1HdGPu6KC3Y53g2Uh1IOPnu 2z+3KL6bAtAzY3vTSt1DzOMeFIwtHRlwl7b13SwzUDNZDjSzjYKvJDrhc5FIdOtA1iRJ165ud9j cOp7hnablMr/sDzHwVZlaS0d4QiN7mtKmcwLxfPrjdimBBmmCFTlxEHbmcacRJmWYAkV6nT7yhZ lhzw68uzYTUCO/jBv4jwC4MntaHJpbNmvvr0xnX08D/drYmAauk3m8WAc70iLiq9p4FzVjIoHzc SH4sfMmLbkSn3lankDvhC7nLg8r7WDDZQr0rhpT7L9YYwMj4HIMh8ILJxsgiEmHMBBmA9F9H0AZ /obaG2I+ts3NWr9Js3Yq00UcR0wwBq0Lw9ev9wp4IvGZcEMsvU0baGLLNBYlR8xVgkCMxgfqN04 f/NhjbSj7EKLI3vXglFkFv+LnOx6hRgLVzofm1uhyLvltJXdkZ3gfCYbJ6dyKFVtZW7oQTTVwcz OhsQlyFY06ybQVOQK92ejGzvNZ0G4NrbK4sKbc1a8xuSDEcsKB/WDVfND+Ste/hT28FYa3eRd44 RtCOjhfd4a5mp+F6aDchV3bg/3ebuLO8EUrKUM1v0u3r5y4FRGigsa4f1zF2p20ok3FKAOCT+yJ u0EBYDe39poS1pQ== X-Developer-Key: i=paul@paul-moore.com; a=openpgp; fpr=7100AADFAE6E6E940D2E0AD655E45A5AE8CA7C8A In an effort to decompose security/security.c somewhat to make it less twisted and unwieldy, pull out the LSM notifier code into a new file as it is fairly well self-contained. No code changes. Signed-off-by: Paul Moore Reviewed-by: Kees Cook Reviewed-by: John Johansen --- security/Makefile | 2 +- security/lsm_notifier.c | 31 +++++++++++++++++++++++++++++++ security/security.c | 23 ----------------------- 3 files changed, 32 insertions(+), 24 deletions(-) create mode 100644 security/lsm_notifier.c diff --git a/security/Makefile b/security/Makefile index 22ff4c8bd8ce..14d87847bce8 100644 --- a/security/Makefile +++ b/security/Makefile @@ -11,7 +11,7 @@ obj-$(CONFIG_SECURITY) += lsm_syscalls.o obj-$(CONFIG_MMU) += min_addr.o # Object file lists -obj-$(CONFIG_SECURITY) += security.o +obj-$(CONFIG_SECURITY) += security.o lsm_notifier.o obj-$(CONFIG_SECURITYFS) += inode.o obj-$(CONFIG_SECURITY_SELINUX) += selinux/ obj-$(CONFIG_SECURITY_SMACK) += smack/ diff --git a/security/lsm_notifier.c b/security/lsm_notifier.c new file mode 100644 index 000000000000..c92fad5d57d4 --- /dev/null +++ b/security/lsm_notifier.c @@ -0,0 +1,31 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * LSM notifier functions + * + */ + +#include +#include + +static BLOCKING_NOTIFIER_HEAD(blocking_lsm_notifier_chain); + +int call_blocking_lsm_notifier(enum lsm_event event, void *data) +{ + return blocking_notifier_call_chain(&blocking_lsm_notifier_chain, + event, data); +} +EXPORT_SYMBOL(call_blocking_lsm_notifier); + +int register_blocking_lsm_notifier(struct notifier_block *nb) +{ + return blocking_notifier_chain_register(&blocking_lsm_notifier_chain, + nb); +} +EXPORT_SYMBOL(register_blocking_lsm_notifier); + +int unregister_blocking_lsm_notifier(struct notifier_block *nb) +{ + return blocking_notifier_chain_unregister(&blocking_lsm_notifier_chain, + nb); +} +EXPORT_SYMBOL(unregister_blocking_lsm_notifier); diff --git a/security/security.c b/security/security.c index fb57e8fddd91..477be0a17e3f 100644 --- a/security/security.c +++ b/security/security.c @@ -90,8 +90,6 @@ const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX + 1] = { [LOCKDOWN_CONFIDENTIALITY_MAX] = "confidentiality", }; -static BLOCKING_NOTIFIER_HEAD(blocking_lsm_notifier_chain); - static struct kmem_cache *lsm_file_cache; static struct kmem_cache *lsm_inode_cache; @@ -643,27 +641,6 @@ void __init security_add_hooks(struct security_hook_list *hooks, int count, } } -int call_blocking_lsm_notifier(enum lsm_event event, void *data) -{ - return blocking_notifier_call_chain(&blocking_lsm_notifier_chain, - event, data); -} -EXPORT_SYMBOL(call_blocking_lsm_notifier); - -int register_blocking_lsm_notifier(struct notifier_block *nb) -{ - return blocking_notifier_chain_register(&blocking_lsm_notifier_chain, - nb); -} -EXPORT_SYMBOL(register_blocking_lsm_notifier); - -int unregister_blocking_lsm_notifier(struct notifier_block *nb) -{ - return blocking_notifier_chain_unregister(&blocking_lsm_notifier_chain, - nb); -} -EXPORT_SYMBOL(unregister_blocking_lsm_notifier); - /** * lsm_blob_alloc - allocate a composite blob * @dest: the destination for the blob From patchwork Wed Apr 9 18:49:47 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul Moore X-Patchwork-Id: 14045244 Received: from mail-qt1-f176.google.com (mail-qt1-f176.google.com [209.85.160.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6A554278150 for ; Wed, 9 Apr 2025 18:53:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.160.176 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744224816; cv=none; b=UHpJJfKfpA2NemYjDWQ/E3jUdWSs1lVVdtgcnwNvCRydxYOhva3NgNEt/lGSVubLz59CU+vWBKGVp0APvRLTHJXfV5z7ABW27VfqI/wQ4SRrVHcr/ZUTk4/Y7lfyXM8x2Y6PDKxfzBi1AJTSjFB1upNp8PKGCftqbCAPcNUuSEk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744224816; c=relaxed/simple; bh=Vv6zaja+nlzZMKcWIbJz6kIl5D/B5kPnob5q9LzbTxI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=hZSCDOv7EIEixaKCX1PULG7Dao1galu3lRiv/FuAsK1LH/IjrXvZTRe4esJh5ZNrTHAUR+HAvyVmvjJBI+y4pRVdrFuK0+7FJr8qZ0YssQ40j+TZd/yoaG3Z2d4Set1xoEqbpk58jjGkGndlZOfMAscC5ggyucl4AlCEup4fazs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com; spf=pass smtp.mailfrom=paul-moore.com; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b=YKvnoIrV; arc=none smtp.client-ip=209.85.160.176 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b="YKvnoIrV" Received: by mail-qt1-f176.google.com with SMTP id d75a77b69052e-476b4c9faa2so83250061cf.3 for ; Wed, 09 Apr 2025 11:53:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore.com; s=google; t=1744224812; x=1744829612; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=3QFK4EDCurNoDPlQMSA4/iAU96Ea8mwh623BrqTA3Pc=; b=YKvnoIrVnW7krFWUlapAzuERrILIyuTc4/cscmpTRgAMwLnGiClNt6nYU6yKi6Mzyr zDLE7VfX26+eGdAM6YD7kynlr9WnscQScdZhPFVDr3IIU4ODGDBE5ysbQ8LbCPEd+eoW dC5k+QaNKgaXtgL+MnVIwtp/Xps2kuisyz61zpIIL6ijIQAj0uCwd+0v9pKjBKA4mGmd 8YafS08cTd1cMBchfAswtwtRXzp0qbwUgf/pgbYPSv2zxdah8itCWN3yAsSc9LEL5+Zq /G6spZkiyhcQlWHE/6d0kvVEUhTU8Jr+S0DvJzvF0AKoSPHlqOmCCuvzou755DE8XYB0 /Fgw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744224812; x=1744829612; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=3QFK4EDCurNoDPlQMSA4/iAU96Ea8mwh623BrqTA3Pc=; b=QiHfOY9uVQw4Kb9qvYH/LiNXZGY/5bOjSgSVVMXus/Laefc9oo/D164SttFPS7CwAi UrJlusGdQcG7I4XYtQALkjS4jSqE2m5mhkfgLybRAOdw4LyPwYCLqc8irbbr/Rg1bdwO sKc/Cj/uCZeLeaGhgQDdSwe/XuA9ICA7fKe0u9gKDOZ5P5v/dMP/9Vrx2WgSOa1GkTSJ Bi6NWHjk538E0rvChk8WyArlIEBNroRcR80Xf5YFGw0cLKM/f1VK3t5E6MXL67404BJv joz+M//wptjktdxWgzNmwBhWCBQVh+sqDKCvJwZuiaYFebOe6MdLlk2IQhWwAUTeGZ4l OGNA== X-Gm-Message-State: AOJu0Yyp44MgHMvA4t3/YBHrD6KghgROn3KnmFYeUBLoP2XOP2TFmNM2 +3VmfgYKkTwbxk/w4weCFDpW0NCrTHCO6eqmdQaHM6yZfE0jtsmp3ALCMYrchqgsiN+9PBRybdI = X-Gm-Gg: ASbGncs55UUZxd+TYkWkNk3mT81Xr/UUEzzA/tZrEy6pMzlqMisyclqZgtT7nGmCLw1 5ktKt3jQVOJjmkLaXHEdwlTDPeIzr4DWrEcbaYzmRb0rDsCz2RlCiC3HtH17Xt+44Cl3UzNPfAh pVnYWPTMO4EfGO5shVSeW7NB/YaT5qKzOJeuMEiMou9I2VTXaMzoEBVrqWP9rFouUorw0qG4b7g Z/fy3UQneK+pp04Gjg9t/rtTePpIm8XSwkMA+NVmRtMP7p2m5E5c/2FIi/Z6FNF7WOTNzhjNte7 imTc+pEPMpkhXWhvx78hcgTvd9RYme6DK/zVuqj8SnbKjTMukUgTbriZww30P2QxMzBqz2HiHG3 +39ChTdpNyw== X-Google-Smtp-Source: AGHT+IFzvaTsFebYSqpFAQMeKgSQ85s05Ak6UM9icQ5qTxFh7oYYqyuVp/51i+afWL2Rwe3tdvXx/g== X-Received: by 2002:a05:622a:ca:b0:477:41c3:3c59 with SMTP id d75a77b69052e-4795f36f6f6mr62982791cf.40.1744224811502; Wed, 09 Apr 2025 11:53:31 -0700 (PDT) Received: from localhost (pool-71-126-255-178.bstnma.fios.verizon.net. [71.126.255.178]) by smtp.gmail.com with UTF8SMTPSA id d75a77b69052e-47964ef6f58sm10319431cf.74.2025.04.09.11.53.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Apr 2025 11:53:31 -0700 (PDT) From: Paul Moore To: linux-security-module@vger.kernel.org, linux-integrity@vger.kernel.org, selinux@vger.kernel.org Cc: John Johansen , Mimi Zohar , Roberto Sassu , Fan Wu , =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , =?utf-8?q?G=C3=BCnt?= =?utf-8?q?her_Noack?= , Kees Cook , Micah Morton , Casey Schaufler , Tetsuo Handa Subject: [RFC PATCH 02/29] lsm: split the init code out into lsm_init.c Date: Wed, 9 Apr 2025 14:49:47 -0400 Message-ID: <20250409185019.238841-33-paul@paul-moore.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20250409185019.238841-31-paul@paul-moore.com> References: <20250409185019.238841-31-paul@paul-moore.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=37458; i=paul@paul-moore.com; h=from:subject; bh=Vv6zaja+nlzZMKcWIbJz6kIl5D/B5kPnob5q9LzbTxI=; b=owEBbQKS/ZANAwAIAeog8tqXN4lzAcsmYgBn9sF00xjcHYqZo/aKpyCtMT765PZ7bqdIy6HPQ huZz7VahWGJAjMEAAEIAB0WIQRLQqjPB/KZ1VSXfu/qIPLalzeJcwUCZ/bBdAAKCRDqIPLalzeJ cwQOD/9tUVeHLPSSDJeKU/i4BNegDuA2x8fF9ndTJxnkklr2T9sZsl2GfZsp64Joo3p16s2oQU/ o2EuvDRSjfQKFZ8RofjdWkztLUIRK3kyTKnrbt1buGrZbYUl4HWnypjpsDZxnm1QhA4nygJJInK QPXcdmGs2IjTnBWsbztsMySZmD1AOSBSN5GR9/u3CYEZAib1ew0N+ZsE/QJktgq9Sji8XhLAkjh Gu0xCBEb4nys6YcnRHW+UvfX8jnGSvu0ywA/EMeEmCJiI1IYTnqXkNR9AB+hSaPFugCziWieUJv 2YxuSP5jXRyjMKmTB85v+awe+83mC6/TrxVBcarUwhJ1WulaJLOXhLRqpdjRZaQm2/xCT2p7UqF ub4lcIivH/2rzoCTS2fc4EqB5O/6yCHGYsVyCNCS4+UYP63VagnW8VFw34n4Rqvo6+5s+ObEJu5 qnQyCWj8UyyzzayvtzRFUIJuVFu4dpuzxTuLnzdiF03F63RAXPomJZYDmWSggFp41qjRqVmH9ST SgEkukMyxgzLsBX8EsBMFHegD15ONyKfL3HFL/L192BXoHSIymjOcRrxmth7D5aZjPT9TVuRWAs Ym8q1+n0xZSKWqkMFuMbYfEHd+vXy+RL0uQaJ0I0rJWPw6GAmSxSu+9JOTfKJfoAYVN/S/N2CYC iE2+d5UVb3jLdvA== X-Developer-Key: i=paul@paul-moore.com; a=openpgp; fpr=7100AADFAE6E6E940D2E0AD655E45A5AE8CA7C8A Continue to pull code out of security/security.c to help improve readability by pulling all of the LSM framework initialization code out into a new file. No code changes. Signed-off-by: Paul Moore Reviewed-by: Kees Cook Reviewed-by: John Johansen --- include/linux/lsm_hooks.h | 3 +- security/Makefile | 2 +- security/lsm.h | 22 ++ security/lsm_init.c | 537 ++++++++++++++++++++++++++++++++++ security/security.c | 591 +++----------------------------------- 5 files changed, 595 insertions(+), 560 deletions(-) create mode 100644 security/lsm.h create mode 100644 security/lsm_init.c diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 090d1d3e19fe..eeb4bfd60b79 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -167,11 +167,10 @@ struct lsm_info { __used __section(".early_lsm_info.init") \ __aligned(sizeof(unsigned long)) + /* DO NOT tamper with these variables outside of the LSM framework */ extern char *lsm_names; extern struct lsm_static_calls_table static_calls_table __ro_after_init; -extern struct lsm_info __start_lsm_info[], __end_lsm_info[]; -extern struct lsm_info __start_early_lsm_info[], __end_early_lsm_info[]; /** * lsm_get_xattr_slot - Return the next available slot and increment the index diff --git a/security/Makefile b/security/Makefile index 14d87847bce8..4601230ba442 100644 --- a/security/Makefile +++ b/security/Makefile @@ -11,7 +11,7 @@ obj-$(CONFIG_SECURITY) += lsm_syscalls.o obj-$(CONFIG_MMU) += min_addr.o # Object file lists -obj-$(CONFIG_SECURITY) += security.o lsm_notifier.o +obj-$(CONFIG_SECURITY) += security.o lsm_notifier.o lsm_init.o obj-$(CONFIG_SECURITYFS) += inode.o obj-$(CONFIG_SECURITY_SELINUX) += selinux/ obj-$(CONFIG_SECURITY_SMACK) += smack/ diff --git a/security/lsm.h b/security/lsm.h new file mode 100644 index 000000000000..0e1731bad4a7 --- /dev/null +++ b/security/lsm.h @@ -0,0 +1,22 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * LSM functions + */ + +#ifndef _LSM_H_ +#define _LSM_H_ + +#include + +/* LSM blob configuration */ +extern struct lsm_blob_sizes blob_sizes; + +/* LSM blob caches */ +extern struct kmem_cache *lsm_file_cache; +extern struct kmem_cache *lsm_inode_cache; + +/* LSM blob allocators */ +int lsm_cred_alloc(struct cred *cred, gfp_t gfp); +int lsm_task_alloc(struct task_struct *task); + +#endif /* _LSM_H_ */ diff --git a/security/lsm_init.c b/security/lsm_init.c new file mode 100644 index 000000000000..70e7d4207dae --- /dev/null +++ b/security/lsm_init.c @@ -0,0 +1,537 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * LSM initialization functions + */ + +#define pr_fmt(fmt) "LSM: " fmt + +#include +#include + +#include "lsm.h" + +char *lsm_names; + +/* Pointers to LSM sections defined in include/asm-generic/vmlinux.lds.h */ +extern struct lsm_info __start_lsm_info[], __end_lsm_info[]; +extern struct lsm_info __start_early_lsm_info[], __end_early_lsm_info[]; + +/* Boot-time LSM user choice */ +static __initconst const char *const builtin_lsm_order = CONFIG_LSM; +static __initdata const char *chosen_lsm_order; +static __initdata const char *chosen_major_lsm; + +/* Ordered list of LSMs to initialize. */ +static __initdata struct lsm_info *ordered_lsms[MAX_LSM_COUNT + 1]; +static __initdata struct lsm_info *exclusive; + +static __initdata bool debug; +#define init_debug(...) \ + do { \ + if (debug) \ + pr_info(__VA_ARGS__); \ + } while (0) + +static int lsm_append(const char *new, char **result); + +/* Save user chosen LSM */ +static int __init choose_major_lsm(char *str) +{ + chosen_major_lsm = str; + return 1; +} +__setup("security=", choose_major_lsm); + +/* Explicitly choose LSM initialization order. */ +static int __init choose_lsm_order(char *str) +{ + chosen_lsm_order = str; + return 1; +} +__setup("lsm=", choose_lsm_order); + +/* Enable LSM order debugging. */ +static int __init enable_debug(char *str) +{ + debug = true; + return 1; +} +__setup("lsm.debug", enable_debug); + +/* Mark an LSM's enabled flag. */ +static int lsm_enabled_true __initdata = 1; +static int lsm_enabled_false __initdata = 0; +static void __init set_enabled(struct lsm_info *lsm, bool enabled) +{ + /* + * When an LSM hasn't configured an enable variable, we can use + * a hard-coded location for storing the default enabled state. + */ + if (!lsm->enabled) { + if (enabled) + lsm->enabled = &lsm_enabled_true; + else + lsm->enabled = &lsm_enabled_false; + } else if (lsm->enabled == &lsm_enabled_true) { + if (!enabled) + lsm->enabled = &lsm_enabled_false; + } else if (lsm->enabled == &lsm_enabled_false) { + if (enabled) + lsm->enabled = &lsm_enabled_true; + } else { + *lsm->enabled = enabled; + } +} + +static inline bool is_enabled(struct lsm_info *lsm) +{ + if (!lsm->enabled) + return false; + + return *lsm->enabled; +} + +/* Is an LSM already listed in the ordered LSMs list? */ +static bool __init exists_ordered_lsm(struct lsm_info *lsm) +{ + struct lsm_info **check; + + for (check = ordered_lsms; *check; check++) + if (*check == lsm) + return true; + + return false; +} + +/* Append an LSM to the list of ordered LSMs to initialize. */ +static int last_lsm __initdata; +static void __init append_ordered_lsm(struct lsm_info *lsm, const char *from) +{ + /* Ignore duplicate selections. */ + if (exists_ordered_lsm(lsm)) + return; + + if (WARN(last_lsm == MAX_LSM_COUNT, "%s: out of LSM static calls!?\n", from)) + return; + + /* Enable this LSM, if it is not already set. */ + if (!lsm->enabled) + lsm->enabled = &lsm_enabled_true; + ordered_lsms[last_lsm++] = lsm; + + init_debug("%s ordered: %s (%s)\n", from, lsm->name, + is_enabled(lsm) ? "enabled" : "disabled"); +} + +/* Is an LSM allowed to be initialized? */ +static bool __init lsm_allowed(struct lsm_info *lsm) +{ + /* Skip if the LSM is disabled. */ + if (!is_enabled(lsm)) + return false; + + /* Not allowed if another exclusive LSM already initialized. */ + if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && exclusive) { + init_debug("exclusive disabled: %s\n", lsm->name); + return false; + } + + return true; +} + +static void __init lsm_set_blob_size(int *need, int *lbs) +{ + int offset; + + if (*need <= 0) + return; + + offset = ALIGN(*lbs, sizeof(void *)); + *lbs = offset + *need; + *need = offset; +} + +static void __init lsm_set_blob_sizes(struct lsm_blob_sizes *needed) +{ + if (!needed) + return; + + lsm_set_blob_size(&needed->lbs_cred, &blob_sizes.lbs_cred); + lsm_set_blob_size(&needed->lbs_file, &blob_sizes.lbs_file); + lsm_set_blob_size(&needed->lbs_ib, &blob_sizes.lbs_ib); + /* + * The inode blob gets an rcu_head in addition to + * what the modules might need. + */ + if (needed->lbs_inode && blob_sizes.lbs_inode == 0) + blob_sizes.lbs_inode = sizeof(struct rcu_head); + lsm_set_blob_size(&needed->lbs_inode, &blob_sizes.lbs_inode); + lsm_set_blob_size(&needed->lbs_ipc, &blob_sizes.lbs_ipc); + lsm_set_blob_size(&needed->lbs_key, &blob_sizes.lbs_key); + lsm_set_blob_size(&needed->lbs_msg_msg, &blob_sizes.lbs_msg_msg); + lsm_set_blob_size(&needed->lbs_perf_event, &blob_sizes.lbs_perf_event); + lsm_set_blob_size(&needed->lbs_sock, &blob_sizes.lbs_sock); + lsm_set_blob_size(&needed->lbs_superblock, &blob_sizes.lbs_superblock); + lsm_set_blob_size(&needed->lbs_task, &blob_sizes.lbs_task); + lsm_set_blob_size(&needed->lbs_tun_dev, &blob_sizes.lbs_tun_dev); + lsm_set_blob_size(&needed->lbs_xattr_count, + &blob_sizes.lbs_xattr_count); + lsm_set_blob_size(&needed->lbs_bdev, &blob_sizes.lbs_bdev); +} + +/* Prepare LSM for initialization. */ +static void __init prepare_lsm(struct lsm_info *lsm) +{ + int enabled = lsm_allowed(lsm); + + /* Record enablement (to handle any following exclusive LSMs). */ + set_enabled(lsm, enabled); + + /* If enabled, do pre-initialization work. */ + if (enabled) { + if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && !exclusive) { + exclusive = lsm; + init_debug("exclusive chosen: %s\n", lsm->name); + } + + lsm_set_blob_sizes(lsm->blobs); + } +} + +/* Initialize a given LSM, if it is enabled. */ +static void __init initialize_lsm(struct lsm_info *lsm) +{ + if (is_enabled(lsm)) { + int ret; + + init_debug("initializing %s\n", lsm->name); + ret = lsm->init(); + WARN(ret, "%s failed to initialize: %d\n", lsm->name, ret); + } +} + +/* + * Current index to use while initializing the lsm id list. + */ +u32 lsm_active_cnt __ro_after_init; +const struct lsm_id *lsm_idlist[MAX_LSM_COUNT]; + +/* Populate ordered LSMs list from comma-separated LSM name list. */ +static void __init ordered_lsm_parse(const char *order, const char *origin) +{ + struct lsm_info *lsm; + char *sep, *name, *next; + + /* LSM_ORDER_FIRST is always first. */ + for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { + if (lsm->order == LSM_ORDER_FIRST) + append_ordered_lsm(lsm, " first"); + } + + /* Process "security=", if given. */ + if (chosen_major_lsm) { + struct lsm_info *major; + + /* + * To match the original "security=" behavior, this + * explicitly does NOT fallback to another Legacy Major + * if the selected one was separately disabled: disable + * all non-matching Legacy Major LSMs. + */ + for (major = __start_lsm_info; major < __end_lsm_info; + major++) { + if ((major->flags & LSM_FLAG_LEGACY_MAJOR) && + strcmp(major->name, chosen_major_lsm) != 0) { + set_enabled(major, false); + init_debug("security=%s disabled: %s (only one legacy major LSM)\n", + chosen_major_lsm, major->name); + } + } + } + + sep = kstrdup(order, GFP_KERNEL); + next = sep; + /* Walk the list, looking for matching LSMs. */ + while ((name = strsep(&next, ",")) != NULL) { + bool found = false; + + for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { + if (strcmp(lsm->name, name) == 0) { + if (lsm->order == LSM_ORDER_MUTABLE) + append_ordered_lsm(lsm, origin); + found = true; + } + } + + if (!found) + init_debug("%s ignored: %s (not built into kernel)\n", + origin, name); + } + + /* Process "security=", if given. */ + if (chosen_major_lsm) { + for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { + if (exists_ordered_lsm(lsm)) + continue; + if (strcmp(lsm->name, chosen_major_lsm) == 0) + append_ordered_lsm(lsm, "security="); + } + } + + /* LSM_ORDER_LAST is always last. */ + for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { + if (lsm->order == LSM_ORDER_LAST) + append_ordered_lsm(lsm, " last"); + } + + /* Disable all LSMs not in the ordered list. */ + for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { + if (exists_ordered_lsm(lsm)) + continue; + set_enabled(lsm, false); + init_debug("%s skipped: %s (not in requested order)\n", + origin, lsm->name); + } + + kfree(sep); +} + +static void __init report_lsm_order(void) +{ + struct lsm_info **lsm, *early; + int first = 0; + + pr_info("initializing lsm="); + + /* Report each enabled LSM name, comma separated. */ + for (early = __start_early_lsm_info; + early < __end_early_lsm_info; early++) + if (is_enabled(early)) + pr_cont("%s%s", first++ == 0 ? "" : ",", early->name); + for (lsm = ordered_lsms; *lsm; lsm++) + if (is_enabled(*lsm)) + pr_cont("%s%s", first++ == 0 ? "" : ",", (*lsm)->name); + + pr_cont("\n"); +} + +/** + * lsm_early_cred - during initialization allocate a composite cred blob + * @cred: the cred that needs a blob + * + * Allocate the cred blob for all the modules + */ +static void __init lsm_early_cred(struct cred *cred) +{ + int rc = lsm_cred_alloc(cred, GFP_KERNEL); + + if (rc) + panic("%s: Early cred alloc failed.\n", __func__); +} + +/** + * lsm_early_task - during initialization allocate a composite task blob + * @task: the task that needs a blob + * + * Allocate the task blob for all the modules + */ +static void __init lsm_early_task(struct task_struct *task) +{ + int rc = lsm_task_alloc(task); + + if (rc) + panic("%s: Early task alloc failed.\n", __func__); +} + +static void __init ordered_lsm_init(void) +{ + struct lsm_info **lsm; + + if (chosen_lsm_order) { + if (chosen_major_lsm) { + pr_warn("security=%s is ignored because it is superseded by lsm=%s\n", + chosen_major_lsm, chosen_lsm_order); + chosen_major_lsm = NULL; + } + ordered_lsm_parse(chosen_lsm_order, "cmdline"); + } else + ordered_lsm_parse(builtin_lsm_order, "builtin"); + + for (lsm = ordered_lsms; *lsm; lsm++) + prepare_lsm(*lsm); + + report_lsm_order(); + + init_debug("cred blob size = %d\n", blob_sizes.lbs_cred); + init_debug("file blob size = %d\n", blob_sizes.lbs_file); + init_debug("ib blob size = %d\n", blob_sizes.lbs_ib); + init_debug("inode blob size = %d\n", blob_sizes.lbs_inode); + init_debug("ipc blob size = %d\n", blob_sizes.lbs_ipc); +#ifdef CONFIG_KEYS + init_debug("key blob size = %d\n", blob_sizes.lbs_key); +#endif /* CONFIG_KEYS */ + init_debug("msg_msg blob size = %d\n", blob_sizes.lbs_msg_msg); + init_debug("sock blob size = %d\n", blob_sizes.lbs_sock); + init_debug("superblock blob size = %d\n", blob_sizes.lbs_superblock); + init_debug("perf event blob size = %d\n", blob_sizes.lbs_perf_event); + init_debug("task blob size = %d\n", blob_sizes.lbs_task); + init_debug("tun device blob size = %d\n", blob_sizes.lbs_tun_dev); + init_debug("xattr slots = %d\n", blob_sizes.lbs_xattr_count); + init_debug("bdev blob size = %d\n", blob_sizes.lbs_bdev); + + /* + * Create any kmem_caches needed for blobs + */ + if (blob_sizes.lbs_file) + lsm_file_cache = kmem_cache_create("lsm_file_cache", + blob_sizes.lbs_file, 0, + SLAB_PANIC, NULL); + if (blob_sizes.lbs_inode) + lsm_inode_cache = kmem_cache_create("lsm_inode_cache", + blob_sizes.lbs_inode, 0, + SLAB_PANIC, NULL); + + lsm_early_cred((struct cred *) current->cred); + lsm_early_task(current); + for (lsm = ordered_lsms; *lsm; lsm++) + initialize_lsm(*lsm); +} + +static bool match_last_lsm(const char *list, const char *lsm) +{ + const char *last; + + if (WARN_ON(!list || !lsm)) + return false; + last = strrchr(list, ','); + if (last) + /* Pass the comma, strcmp() will check for '\0' */ + last++; + else + last = list; + return !strcmp(last, lsm); +} + +static int lsm_append(const char *new, char **result) +{ + char *cp; + + if (*result == NULL) { + *result = kstrdup(new, GFP_KERNEL); + if (*result == NULL) + return -ENOMEM; + } else { + /* Check if it is the last registered name */ + if (match_last_lsm(*result, new)) + return 0; + cp = kasprintf(GFP_KERNEL, "%s,%s", *result, new); + if (cp == NULL) + return -ENOMEM; + kfree(*result); + *result = cp; + } + return 0; +} + +static void __init lsm_static_call_init(struct security_hook_list *hl) +{ + struct lsm_static_call *scall = hl->scalls; + int i; + + for (i = 0; i < MAX_LSM_COUNT; i++) { + /* Update the first static call that is not used yet */ + if (!scall->hl) { + __static_call_update(scall->key, scall->trampoline, + hl->hook.lsm_func_addr); + scall->hl = hl; + static_branch_enable(scall->active); + return; + } + scall++; + } + panic("%s - Ran out of static slots.\n", __func__); +} + +/** + * security_add_hooks - Add a modules hooks to the hook lists. + * @hooks: the hooks to add + * @count: the number of hooks to add + * @lsmid: the identification information for the security module + * + * Each LSM has to register its hooks with the infrastructure. + */ +void __init security_add_hooks(struct security_hook_list *hooks, int count, + const struct lsm_id *lsmid) +{ + int i; + + /* + * A security module may call security_add_hooks() more + * than once during initialization, and LSM initialization + * is serialized. Landlock is one such case. + * Look at the previous entry, if there is one, for duplication. + */ + if (lsm_active_cnt == 0 || lsm_idlist[lsm_active_cnt - 1] != lsmid) { + if (lsm_active_cnt >= MAX_LSM_COUNT) + panic("%s Too many LSMs registered.\n", __func__); + lsm_idlist[lsm_active_cnt++] = lsmid; + } + + for (i = 0; i < count; i++) { + hooks[i].lsmid = lsmid; + lsm_static_call_init(&hooks[i]); + } + + /* + * Don't try to append during early_security_init(), we'll come back + * and fix this up afterwards. + */ + if (slab_is_available()) { + if (lsm_append(lsmid->name, &lsm_names) < 0) + panic("%s - Cannot get early memory.\n", __func__); + } +} + +int __init early_security_init(void) +{ + struct lsm_info *lsm; + + for (lsm = __start_early_lsm_info; lsm < __end_early_lsm_info; lsm++) { + if (!lsm->enabled) + lsm->enabled = &lsm_enabled_true; + prepare_lsm(lsm); + initialize_lsm(lsm); + } + + return 0; +} + +/** + * security_init - initializes the security framework + * + * This should be called early in the kernel initialization sequence. + */ +int __init security_init(void) +{ + struct lsm_info *lsm; + + init_debug("legacy security=%s\n", chosen_major_lsm ? : " *unspecified*"); + init_debug(" CONFIG_LSM=%s\n", builtin_lsm_order); + init_debug("boot arg lsm=%s\n", chosen_lsm_order ? : " *unspecified*"); + + /* + * Append the names of the early LSM modules now that kmalloc() is + * available + */ + for (lsm = __start_early_lsm_info; lsm < __end_early_lsm_info; lsm++) { + init_debug(" early started: %s (%s)\n", lsm->name, + is_enabled(lsm) ? "enabled" : "disabled"); + if (lsm->enabled) + lsm_append(lsm->name, &lsm_names); + } + + /* Load LSMs in specified order. */ + ordered_lsm_init(); + + return 0; +} diff --git a/security/security.c b/security/security.c index 477be0a17e3f..8d370a4c5e74 100644 --- a/security/security.c +++ b/security/security.c @@ -32,24 +32,7 @@ #include #include -#define SECURITY_HOOK_ACTIVE_KEY(HOOK, IDX) security_hook_active_##HOOK##_##IDX - -/* - * Identifier for the LSM static calls. - * HOOK is an LSM hook as defined in linux/lsm_hookdefs.h - * IDX is the index of the static call. 0 <= NUM < MAX_LSM_COUNT - */ -#define LSM_STATIC_CALL(HOOK, IDX) lsm_static_call_##HOOK##_##IDX - -/* - * Call the macro M for each LSM hook MAX_LSM_COUNT times. - */ -#define LSM_LOOP_UNROLL(M, ...) \ -do { \ - UNROLL(MAX_LSM_COUNT, M, __VA_ARGS__) \ -} while (0) - -#define LSM_DEFINE_UNROLL(M, ...) UNROLL(MAX_LSM_COUNT, M, __VA_ARGS__) +#include "lsm.h" /* * These are descriptions of the reasons that can be passed to the @@ -90,21 +73,29 @@ const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX + 1] = { [LOCKDOWN_CONFIDENTIALITY_MAX] = "confidentiality", }; -static struct kmem_cache *lsm_file_cache; -static struct kmem_cache *lsm_inode_cache; +struct lsm_blob_sizes blob_sizes; -char *lsm_names; -static struct lsm_blob_sizes blob_sizes __ro_after_init; +struct kmem_cache *lsm_file_cache; +struct kmem_cache *lsm_inode_cache; -/* Boot-time LSM user choice */ -static __initdata const char *chosen_lsm_order; -static __initdata const char *chosen_major_lsm; +#define SECURITY_HOOK_ACTIVE_KEY(HOOK, IDX) security_hook_active_##HOOK##_##IDX -static __initconst const char *const builtin_lsm_order = CONFIG_LSM; +/* + * Identifier for the LSM static calls. + * HOOK is an LSM hook as defined in linux/lsm_hookdefs.h + * IDX is the index of the static call. 0 <= NUM < MAX_LSM_COUNT + */ +#define LSM_STATIC_CALL(HOOK, IDX) lsm_static_call_##HOOK##_##IDX -/* Ordered list of LSMs to initialize. */ -static __initdata struct lsm_info *ordered_lsms[MAX_LSM_COUNT + 1]; -static __initdata struct lsm_info *exclusive; +/* + * Call the macro M for each LSM hook MAX_LSM_COUNT times. + */ +#define LSM_LOOP_UNROLL(M, ...) \ +do { \ + UNROLL(MAX_LSM_COUNT, M, __VA_ARGS__) \ +} while (0) + +#define LSM_DEFINE_UNROLL(M, ...) UNROLL(MAX_LSM_COUNT, M, __VA_ARGS__) #ifdef CONFIG_HAVE_STATIC_CALL #define LSM_HOOK_TRAMP(NAME, NUM) \ @@ -155,490 +146,25 @@ struct lsm_static_calls_table #undef INIT_LSM_STATIC_CALL }; -static __initdata bool debug; -#define init_debug(...) \ - do { \ - if (debug) \ - pr_info(__VA_ARGS__); \ - } while (0) - -static bool __init is_enabled(struct lsm_info *lsm) -{ - if (!lsm->enabled) - return false; - - return *lsm->enabled; -} - -/* Mark an LSM's enabled flag. */ -static int lsm_enabled_true __initdata = 1; -static int lsm_enabled_false __initdata = 0; -static void __init set_enabled(struct lsm_info *lsm, bool enabled) -{ - /* - * When an LSM hasn't configured an enable variable, we can use - * a hard-coded location for storing the default enabled state. - */ - if (!lsm->enabled) { - if (enabled) - lsm->enabled = &lsm_enabled_true; - else - lsm->enabled = &lsm_enabled_false; - } else if (lsm->enabled == &lsm_enabled_true) { - if (!enabled) - lsm->enabled = &lsm_enabled_false; - } else if (lsm->enabled == &lsm_enabled_false) { - if (enabled) - lsm->enabled = &lsm_enabled_true; - } else { - *lsm->enabled = enabled; - } -} - -/* Is an LSM already listed in the ordered LSMs list? */ -static bool __init exists_ordered_lsm(struct lsm_info *lsm) -{ - struct lsm_info **check; - - for (check = ordered_lsms; *check; check++) - if (*check == lsm) - return true; - - return false; -} - -/* Append an LSM to the list of ordered LSMs to initialize. */ -static int last_lsm __initdata; -static void __init append_ordered_lsm(struct lsm_info *lsm, const char *from) -{ - /* Ignore duplicate selections. */ - if (exists_ordered_lsm(lsm)) - return; - - if (WARN(last_lsm == MAX_LSM_COUNT, "%s: out of LSM static calls!?\n", from)) - return; - - /* Enable this LSM, if it is not already set. */ - if (!lsm->enabled) - lsm->enabled = &lsm_enabled_true; - ordered_lsms[last_lsm++] = lsm; - - init_debug("%s ordered: %s (%s)\n", from, lsm->name, - is_enabled(lsm) ? "enabled" : "disabled"); -} - -/* Is an LSM allowed to be initialized? */ -static bool __init lsm_allowed(struct lsm_info *lsm) -{ - /* Skip if the LSM is disabled. */ - if (!is_enabled(lsm)) - return false; - - /* Not allowed if another exclusive LSM already initialized. */ - if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && exclusive) { - init_debug("exclusive disabled: %s\n", lsm->name); - return false; - } - - return true; -} - -static void __init lsm_set_blob_size(int *need, int *lbs) -{ - int offset; - - if (*need <= 0) - return; - - offset = ALIGN(*lbs, sizeof(void *)); - *lbs = offset + *need; - *need = offset; -} - -static void __init lsm_set_blob_sizes(struct lsm_blob_sizes *needed) -{ - if (!needed) - return; - - lsm_set_blob_size(&needed->lbs_cred, &blob_sizes.lbs_cred); - lsm_set_blob_size(&needed->lbs_file, &blob_sizes.lbs_file); - lsm_set_blob_size(&needed->lbs_ib, &blob_sizes.lbs_ib); - /* - * The inode blob gets an rcu_head in addition to - * what the modules might need. - */ - if (needed->lbs_inode && blob_sizes.lbs_inode == 0) - blob_sizes.lbs_inode = sizeof(struct rcu_head); - lsm_set_blob_size(&needed->lbs_inode, &blob_sizes.lbs_inode); - lsm_set_blob_size(&needed->lbs_ipc, &blob_sizes.lbs_ipc); - lsm_set_blob_size(&needed->lbs_key, &blob_sizes.lbs_key); - lsm_set_blob_size(&needed->lbs_msg_msg, &blob_sizes.lbs_msg_msg); - lsm_set_blob_size(&needed->lbs_perf_event, &blob_sizes.lbs_perf_event); - lsm_set_blob_size(&needed->lbs_sock, &blob_sizes.lbs_sock); - lsm_set_blob_size(&needed->lbs_superblock, &blob_sizes.lbs_superblock); - lsm_set_blob_size(&needed->lbs_task, &blob_sizes.lbs_task); - lsm_set_blob_size(&needed->lbs_tun_dev, &blob_sizes.lbs_tun_dev); - lsm_set_blob_size(&needed->lbs_xattr_count, - &blob_sizes.lbs_xattr_count); - lsm_set_blob_size(&needed->lbs_bdev, &blob_sizes.lbs_bdev); -} - -/* Prepare LSM for initialization. */ -static void __init prepare_lsm(struct lsm_info *lsm) -{ - int enabled = lsm_allowed(lsm); - - /* Record enablement (to handle any following exclusive LSMs). */ - set_enabled(lsm, enabled); - - /* If enabled, do pre-initialization work. */ - if (enabled) { - if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && !exclusive) { - exclusive = lsm; - init_debug("exclusive chosen: %s\n", lsm->name); - } - - lsm_set_blob_sizes(lsm->blobs); - } -} - -/* Initialize a given LSM, if it is enabled. */ -static void __init initialize_lsm(struct lsm_info *lsm) -{ - if (is_enabled(lsm)) { - int ret; - - init_debug("initializing %s\n", lsm->name); - ret = lsm->init(); - WARN(ret, "%s failed to initialize: %d\n", lsm->name, ret); - } -} - -/* - * Current index to use while initializing the lsm id list. - */ -u32 lsm_active_cnt __ro_after_init; -const struct lsm_id *lsm_idlist[MAX_LSM_COUNT]; - -/* Populate ordered LSMs list from comma-separated LSM name list. */ -static void __init ordered_lsm_parse(const char *order, const char *origin) -{ - struct lsm_info *lsm; - char *sep, *name, *next; - - /* LSM_ORDER_FIRST is always first. */ - for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { - if (lsm->order == LSM_ORDER_FIRST) - append_ordered_lsm(lsm, " first"); - } - - /* Process "security=", if given. */ - if (chosen_major_lsm) { - struct lsm_info *major; - - /* - * To match the original "security=" behavior, this - * explicitly does NOT fallback to another Legacy Major - * if the selected one was separately disabled: disable - * all non-matching Legacy Major LSMs. - */ - for (major = __start_lsm_info; major < __end_lsm_info; - major++) { - if ((major->flags & LSM_FLAG_LEGACY_MAJOR) && - strcmp(major->name, chosen_major_lsm) != 0) { - set_enabled(major, false); - init_debug("security=%s disabled: %s (only one legacy major LSM)\n", - chosen_major_lsm, major->name); - } - } - } - - sep = kstrdup(order, GFP_KERNEL); - next = sep; - /* Walk the list, looking for matching LSMs. */ - while ((name = strsep(&next, ",")) != NULL) { - bool found = false; - - for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { - if (strcmp(lsm->name, name) == 0) { - if (lsm->order == LSM_ORDER_MUTABLE) - append_ordered_lsm(lsm, origin); - found = true; - } - } - - if (!found) - init_debug("%s ignored: %s (not built into kernel)\n", - origin, name); - } - - /* Process "security=", if given. */ - if (chosen_major_lsm) { - for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { - if (exists_ordered_lsm(lsm)) - continue; - if (strcmp(lsm->name, chosen_major_lsm) == 0) - append_ordered_lsm(lsm, "security="); - } - } - - /* LSM_ORDER_LAST is always last. */ - for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { - if (lsm->order == LSM_ORDER_LAST) - append_ordered_lsm(lsm, " last"); - } - - /* Disable all LSMs not in the ordered list. */ - for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { - if (exists_ordered_lsm(lsm)) - continue; - set_enabled(lsm, false); - init_debug("%s skipped: %s (not in requested order)\n", - origin, lsm->name); - } - - kfree(sep); -} - -static void __init lsm_static_call_init(struct security_hook_list *hl) -{ - struct lsm_static_call *scall = hl->scalls; - int i; - - for (i = 0; i < MAX_LSM_COUNT; i++) { - /* Update the first static call that is not used yet */ - if (!scall->hl) { - __static_call_update(scall->key, scall->trampoline, - hl->hook.lsm_func_addr); - scall->hl = hl; - static_branch_enable(scall->active); - return; - } - scall++; - } - panic("%s - Ran out of static slots.\n", __func__); -} - -static void __init lsm_early_cred(struct cred *cred); -static void __init lsm_early_task(struct task_struct *task); - -static int lsm_append(const char *new, char **result); - -static void __init report_lsm_order(void) -{ - struct lsm_info **lsm, *early; - int first = 0; - - pr_info("initializing lsm="); - - /* Report each enabled LSM name, comma separated. */ - for (early = __start_early_lsm_info; - early < __end_early_lsm_info; early++) - if (is_enabled(early)) - pr_cont("%s%s", first++ == 0 ? "" : ",", early->name); - for (lsm = ordered_lsms; *lsm; lsm++) - if (is_enabled(*lsm)) - pr_cont("%s%s", first++ == 0 ? "" : ",", (*lsm)->name); - - pr_cont("\n"); -} - -static void __init ordered_lsm_init(void) -{ - struct lsm_info **lsm; - - if (chosen_lsm_order) { - if (chosen_major_lsm) { - pr_warn("security=%s is ignored because it is superseded by lsm=%s\n", - chosen_major_lsm, chosen_lsm_order); - chosen_major_lsm = NULL; - } - ordered_lsm_parse(chosen_lsm_order, "cmdline"); - } else - ordered_lsm_parse(builtin_lsm_order, "builtin"); - - for (lsm = ordered_lsms; *lsm; lsm++) - prepare_lsm(*lsm); - - report_lsm_order(); - - init_debug("cred blob size = %d\n", blob_sizes.lbs_cred); - init_debug("file blob size = %d\n", blob_sizes.lbs_file); - init_debug("ib blob size = %d\n", blob_sizes.lbs_ib); - init_debug("inode blob size = %d\n", blob_sizes.lbs_inode); - init_debug("ipc blob size = %d\n", blob_sizes.lbs_ipc); -#ifdef CONFIG_KEYS - init_debug("key blob size = %d\n", blob_sizes.lbs_key); -#endif /* CONFIG_KEYS */ - init_debug("msg_msg blob size = %d\n", blob_sizes.lbs_msg_msg); - init_debug("sock blob size = %d\n", blob_sizes.lbs_sock); - init_debug("superblock blob size = %d\n", blob_sizes.lbs_superblock); - init_debug("perf event blob size = %d\n", blob_sizes.lbs_perf_event); - init_debug("task blob size = %d\n", blob_sizes.lbs_task); - init_debug("tun device blob size = %d\n", blob_sizes.lbs_tun_dev); - init_debug("xattr slots = %d\n", blob_sizes.lbs_xattr_count); - init_debug("bdev blob size = %d\n", blob_sizes.lbs_bdev); - - /* - * Create any kmem_caches needed for blobs - */ - if (blob_sizes.lbs_file) - lsm_file_cache = kmem_cache_create("lsm_file_cache", - blob_sizes.lbs_file, 0, - SLAB_PANIC, NULL); - if (blob_sizes.lbs_inode) - lsm_inode_cache = kmem_cache_create("lsm_inode_cache", - blob_sizes.lbs_inode, 0, - SLAB_PANIC, NULL); - - lsm_early_cred((struct cred *) current->cred); - lsm_early_task(current); - for (lsm = ordered_lsms; *lsm; lsm++) - initialize_lsm(*lsm); -} - -int __init early_security_init(void) -{ - struct lsm_info *lsm; - - for (lsm = __start_early_lsm_info; lsm < __end_early_lsm_info; lsm++) { - if (!lsm->enabled) - lsm->enabled = &lsm_enabled_true; - prepare_lsm(lsm); - initialize_lsm(lsm); - } - - return 0; -} - /** - * security_init - initializes the security framework + * lsm_file_alloc - allocate a composite file blob + * @file: the file that needs a blob * - * This should be called early in the kernel initialization sequence. - */ -int __init security_init(void) -{ - struct lsm_info *lsm; - - init_debug("legacy security=%s\n", chosen_major_lsm ? : " *unspecified*"); - init_debug(" CONFIG_LSM=%s\n", builtin_lsm_order); - init_debug("boot arg lsm=%s\n", chosen_lsm_order ? : " *unspecified*"); - - /* - * Append the names of the early LSM modules now that kmalloc() is - * available - */ - for (lsm = __start_early_lsm_info; lsm < __end_early_lsm_info; lsm++) { - init_debug(" early started: %s (%s)\n", lsm->name, - is_enabled(lsm) ? "enabled" : "disabled"); - if (lsm->enabled) - lsm_append(lsm->name, &lsm_names); - } - - /* Load LSMs in specified order. */ - ordered_lsm_init(); - - return 0; -} - -/* Save user chosen LSM */ -static int __init choose_major_lsm(char *str) -{ - chosen_major_lsm = str; - return 1; -} -__setup("security=", choose_major_lsm); - -/* Explicitly choose LSM initialization order. */ -static int __init choose_lsm_order(char *str) -{ - chosen_lsm_order = str; - return 1; -} -__setup("lsm=", choose_lsm_order); - -/* Enable LSM order debugging. */ -static int __init enable_debug(char *str) -{ - debug = true; - return 1; -} -__setup("lsm.debug", enable_debug); - -static bool match_last_lsm(const char *list, const char *lsm) -{ - const char *last; - - if (WARN_ON(!list || !lsm)) - return false; - last = strrchr(list, ','); - if (last) - /* Pass the comma, strcmp() will check for '\0' */ - last++; - else - last = list; - return !strcmp(last, lsm); -} - -static int lsm_append(const char *new, char **result) -{ - char *cp; - - if (*result == NULL) { - *result = kstrdup(new, GFP_KERNEL); - if (*result == NULL) - return -ENOMEM; - } else { - /* Check if it is the last registered name */ - if (match_last_lsm(*result, new)) - return 0; - cp = kasprintf(GFP_KERNEL, "%s,%s", *result, new); - if (cp == NULL) - return -ENOMEM; - kfree(*result); - *result = cp; - } - return 0; -} - -/** - * security_add_hooks - Add a modules hooks to the hook lists. - * @hooks: the hooks to add - * @count: the number of hooks to add - * @lsmid: the identification information for the security module + * Allocate the file blob for all the modules * - * Each LSM has to register its hooks with the infrastructure. + * Returns 0, or -ENOMEM if memory can't be allocated. */ -void __init security_add_hooks(struct security_hook_list *hooks, int count, - const struct lsm_id *lsmid) +static int lsm_file_alloc(struct file *file) { - int i; - - /* - * A security module may call security_add_hooks() more - * than once during initialization, and LSM initialization - * is serialized. Landlock is one such case. - * Look at the previous entry, if there is one, for duplication. - */ - if (lsm_active_cnt == 0 || lsm_idlist[lsm_active_cnt - 1] != lsmid) { - if (lsm_active_cnt >= MAX_LSM_COUNT) - panic("%s Too many LSMs registered.\n", __func__); - lsm_idlist[lsm_active_cnt++] = lsmid; + if (!lsm_file_cache) { + file->f_security = NULL; + return 0; } - for (i = 0; i < count; i++) { - hooks[i].lsmid = lsmid; - lsm_static_call_init(&hooks[i]); - } - - /* - * Don't try to append during early_security_init(), we'll come back - * and fix this up afterwards. - */ - if (slab_is_available()) { - if (lsm_append(lsmid->name, &lsm_names) < 0) - panic("%s - Cannot get early memory.\n", __func__); - } + file->f_security = kmem_cache_zalloc(lsm_file_cache, GFP_KERNEL); + if (file->f_security == NULL) + return -ENOMEM; + return 0; } /** @@ -673,46 +199,11 @@ static int lsm_blob_alloc(void **dest, size_t size, gfp_t gfp) * * Returns 0, or -ENOMEM if memory can't be allocated. */ -static int lsm_cred_alloc(struct cred *cred, gfp_t gfp) +int lsm_cred_alloc(struct cred *cred, gfp_t gfp) { return lsm_blob_alloc(&cred->security, blob_sizes.lbs_cred, gfp); } -/** - * lsm_early_cred - during initialization allocate a composite cred blob - * @cred: the cred that needs a blob - * - * Allocate the cred blob for all the modules - */ -static void __init lsm_early_cred(struct cred *cred) -{ - int rc = lsm_cred_alloc(cred, GFP_KERNEL); - - if (rc) - panic("%s: Early cred alloc failed.\n", __func__); -} - -/** - * lsm_file_alloc - allocate a composite file blob - * @file: the file that needs a blob - * - * Allocate the file blob for all the modules - * - * Returns 0, or -ENOMEM if memory can't be allocated. - */ -static int lsm_file_alloc(struct file *file) -{ - if (!lsm_file_cache) { - file->f_security = NULL; - return 0; - } - - file->f_security = kmem_cache_zalloc(lsm_file_cache, GFP_KERNEL); - if (file->f_security == NULL) - return -ENOMEM; - return 0; -} - /** * lsm_inode_alloc - allocate a composite inode blob * @inode: the inode that needs a blob @@ -743,7 +234,7 @@ static int lsm_inode_alloc(struct inode *inode, gfp_t gfp) * * Returns 0, or -ENOMEM if memory can't be allocated. */ -static int lsm_task_alloc(struct task_struct *task) +int lsm_task_alloc(struct task_struct *task) { return lsm_blob_alloc(&task->security, blob_sizes.lbs_task, GFP_KERNEL); } @@ -812,20 +303,6 @@ static int lsm_bdev_alloc(struct block_device *bdev) return 0; } -/** - * lsm_early_task - during initialization allocate a composite task blob - * @task: the task that needs a blob - * - * Allocate the task blob for all the modules - */ -static void __init lsm_early_task(struct task_struct *task) -{ - int rc = lsm_task_alloc(task); - - if (rc) - panic("%s: Early task alloc failed.\n", __func__); -} - /** * lsm_superblock_alloc - allocate a composite superblock blob * @sb: the superblock that needs a blob From patchwork Wed Apr 9 18:49:48 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul Moore X-Patchwork-Id: 14045243 Received: from mail-qt1-f176.google.com (mail-qt1-f176.google.com [209.85.160.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BBB86277009 for ; Wed, 9 Apr 2025 18:53:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.160.176 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744224816; cv=none; b=kCEkRiwgxbLrK1GVuUA/2rA66z2tIZgwtq7cp26dwnVkpGIUlbYM5+odiROAAvxNKRtABoV78K/M2MHOXbqMWiC5zgOWVOoMjkajK7I9pNKrf52IPK+u2ncMRTSx1K4ytGNFKQUTGPprYD4vdnQGI9NWDnaiRt8j4wmkELIz1sg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744224816; c=relaxed/simple; bh=r3LlTbBg0v5L6VO7OKEzr0vj9s7D5oPdwgU1H8/sOCc=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=gOHaVR6NLtRMnTnw4BG1PU6XqD7v5rGmMinTrboaTuU6b6KaSTO7agIGJe/VmjNErhf4ANKcxnlzdXJwL54OQST4FOcsB5jWQpVa7CR2PGh68vbbyazYHtIaK5zfS/kozW+46ACQshFLbjWAWYHK3bcUkQdccYgK9QPY+lBKBE0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com; spf=pass smtp.mailfrom=paul-moore.com; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b=TkrT1mAo; arc=none smtp.client-ip=209.85.160.176 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b="TkrT1mAo" Received: by mail-qt1-f176.google.com with SMTP id d75a77b69052e-4767e969b94so120193691cf.2 for ; Wed, 09 Apr 2025 11:53:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore.com; s=google; t=1744224812; x=1744829612; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=bwYwsOs1aQwmbIE5IlUqhyi2oMhQFITmOISMC3oihkg=; b=TkrT1mAobwA0EwWotHI5ggIQbNjZ11E6gh/XDtEpsZLIbaMIg9BVsBIe8ZT0Ut2dWd ZqTK7YveOBT7fRhY9WRPwJg4ebJkmOKL1MmWWMZECoIr/esRAw4+RBSTEh5LweaQlpKN cDNEnGbzD8Xoew0/t/XOfk1RlY54j6eBamctISES/qnEMmPfKimteHOfEusl/ZTAUWde 9YMp7SRvwD1PVkuJiksLfcxCJ+KJxsjUvS28CME9n+RxOUeDtXaZq9EFIMQhEDvahlI7 3ycAcqll79im/6WCo1huBJT01RipmWzfa4RIEmkSzdgHA71++4an14N2NC1/JXNcrQc0 8HNQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744224812; x=1744829612; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=bwYwsOs1aQwmbIE5IlUqhyi2oMhQFITmOISMC3oihkg=; b=rmIHaacpi/3CLgS2DVI3O+vzyBA5gOXboDVl8VTl+XgYLqZrBCbIcmFhEwRA6eS+zn 5HkyGrd6ZcSG9pDQif8W1ZI39W9sZyqgV17hYSmgfGTszPMt3TEgIYiGeqPhWBp/Y5cz NCmogpRCFOQD2HrKR51KIANdqJ1RU17/z29r4VYydhwmhc0wKfu3Ydkvr8FONp//5GyJ Pwtkxw9NmRU+FpZSL43L6MmfWhLv9KNYNnMj5FbDbkChHhhQF9BcUGlAQhlWAoqiTjW9 7GTO2zM3PC4UgSAqHPK/h65mOC6/Cdxm3MvltTDvavu+pRus7l6KAypQsl31tSUM0kHB Psvw== X-Gm-Message-State: AOJu0YxuV7j1AQ6jAiPeBaDb87smmfK14umyoHTLiZA1yArQywZ9dzfh ZcyifMDIDVFiViaHYbfdtzNPFnUCbvina09LBBkmHF43MzZmfASoP7Tq/BguYYeZ+uK4dt9fIAY = X-Gm-Gg: ASbGncuTxomLdYgtQyPg1kQqsoIulr/Yaif64ShMQyeJ2a1d7m8eCRU7KsZmzvFpU/9 MUc9MvM2SooeRmfGvIxYTkr0xEwtd+cOKS6tlu1n+jsCxag+aFZTVeph30e8Y+6w1HmmbV8R3yQ fVS6Mro095uumbb+cSsFWpwffI9v/KtPeJjcIBhtUEp8EX5E4I5Ne8uzAohAxDMcyWTuBUTYM+b Km8iy2aDteOKj8pLluj88WBQIOaqtSwFOHRETZLhPdE5npXQ+sCzhcl+j+hVrk6HeX2UABTETZR wy/he6yay9puXT0P3EzXAd778jgVh0tcdJKhE2IXh5gL6/mPQPcU2FiDGwUH3F4ELL3tx3VKbC6 MuKpkzDSkEA== X-Google-Smtp-Source: AGHT+IGaIUi4G/RR3z11v27jpCnKDvarJVjCRYPeih2X67y6Pf/OUnyXfy7M8ebEujGpSfglKywUMw== X-Received: by 2002:ac8:59cf:0:b0:477:64b0:6a21 with SMTP id d75a77b69052e-479600c1df6mr53978941cf.23.1744224812386; Wed, 09 Apr 2025 11:53:32 -0700 (PDT) Received: from localhost (pool-71-126-255-178.bstnma.fios.verizon.net. [71.126.255.178]) by smtp.gmail.com with UTF8SMTPSA id d75a77b69052e-47964ef6f58sm10319561cf.74.2025.04.09.11.53.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Apr 2025 11:53:32 -0700 (PDT) From: Paul Moore To: linux-security-module@vger.kernel.org, linux-integrity@vger.kernel.org, selinux@vger.kernel.org Cc: John Johansen , Mimi Zohar , Roberto Sassu , Fan Wu , =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , =?utf-8?q?G=C3=BCnt?= =?utf-8?q?her_Noack?= , Kees Cook , Micah Morton , Casey Schaufler , Tetsuo Handa Subject: [RFC PATCH 03/29] lsm: simplify prepare_lsm() and rename to lsm_prep_single() Date: Wed, 9 Apr 2025 14:49:48 -0400 Message-ID: <20250409185019.238841-34-paul@paul-moore.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20250409185019.238841-31-paul@paul-moore.com> References: <20250409185019.238841-31-paul@paul-moore.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=5272; i=paul@paul-moore.com; h=from:subject; bh=r3LlTbBg0v5L6VO7OKEzr0vj9s7D5oPdwgU1H8/sOCc=; b=owEBbQKS/ZANAwAIAeog8tqXN4lzAcsmYgBn9sF78za+C6z3zkwal2wB33pphGO6OesCpmiai fvw17kIBj2JAjMEAAEIAB0WIQRLQqjPB/KZ1VSXfu/qIPLalzeJcwUCZ/bBewAKCRDqIPLalzeJ c+KrD/9sZpUJPcJF/4YweCjxX3p+LcuF9WIqR1Vf1exq1GPMG8u68zsgT9r7swvCbLodkeykLh9 jCgCYykeANDJSosrHm2P+e/VwCNLTDPpwDekROyWO5TBGPUPga2qkSCe6Z7ra+M1BdctfoE5vLo 6yMx/FJFbUBRpAFpxs+5Dhs+tGqr0X90kctubDGqBPURPSn6m8rA9hUgxAZjNieh1wYm/WIUVe1 0YigZPBgYAu9IPgEVGLr7CxLtl+UgsU2/Hql4PQZFR41v5alNZcinqkEETzYDJHu39g0C2Qi4f6 5StGpRdgNJozZkdqHIcOJ2Fd2FCq+QCFix+goiL04reRUzPdq/g9cdyLatW6sjtWFL6cFXNHQD2 HMbqYMunjtk548Xo6byv+aUg7qInIwcXMsMCsVUlnQrqqo7lxKyIQWn2sj6X6slcfUZig3D6DJy O1UDV4JGA1JE58i5y7WK9e/uiJVRo3KPPweqohQE6N/35kmK/YLsTqulwhErkri6VauAa/4glHT el8NcGC1djZZ14Xj0suHceDV1AoaZuy1PavTNpXzKokbAhuPcU1zHwiu3uvZSkFJbnaAreQGbCV FLEHqmk5ajJtxZ//tHyL5lh5xKvU6R1reDvDbNq6BiSnQBUyCTAHL4WG+kw7SPOW5KHmmbx3AUd f8i7W8vkj+8hdoQ== X-Developer-Key: i=paul@paul-moore.com; a=openpgp; fpr=7100AADFAE6E6E940D2E0AD655E45A5AE8CA7C8A One part of a larger effort to cleanup the LSM framework initialization code. Signed-off-by: Paul Moore Reviewed-by: Kees Cook Reviewed-by: John Johansen --- security/lsm_init.c | 103 ++++++++++++++++++-------------------------- 1 file changed, 43 insertions(+), 60 deletions(-) diff --git a/security/lsm_init.c b/security/lsm_init.c index 70e7d4207dae..dffa8dc2da36 100644 --- a/security/lsm_init.c +++ b/security/lsm_init.c @@ -123,22 +123,6 @@ static void __init append_ordered_lsm(struct lsm_info *lsm, const char *from) is_enabled(lsm) ? "enabled" : "disabled"); } -/* Is an LSM allowed to be initialized? */ -static bool __init lsm_allowed(struct lsm_info *lsm) -{ - /* Skip if the LSM is disabled. */ - if (!is_enabled(lsm)) - return false; - - /* Not allowed if another exclusive LSM already initialized. */ - if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && exclusive) { - init_debug("exclusive disabled: %s\n", lsm->name); - return false; - } - - return true; -} - static void __init lsm_set_blob_size(int *need, int *lbs) { int offset; @@ -151,51 +135,50 @@ static void __init lsm_set_blob_size(int *need, int *lbs) *need = offset; } -static void __init lsm_set_blob_sizes(struct lsm_blob_sizes *needed) +/** + * lsm_prep_single - Prepare the LSM framework for a new LSM + * @lsm: LSM definition + */ +static void __init lsm_prep_single(struct lsm_info *lsm) { - if (!needed) + struct lsm_blob_sizes *blobs; + + if (!is_enabled(lsm)) { + set_enabled(lsm, false); + return; + } else if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && exclusive) { + init_debug("exclusive disabled: %s\n", lsm->name); + set_enabled(lsm, false); return; - - lsm_set_blob_size(&needed->lbs_cred, &blob_sizes.lbs_cred); - lsm_set_blob_size(&needed->lbs_file, &blob_sizes.lbs_file); - lsm_set_blob_size(&needed->lbs_ib, &blob_sizes.lbs_ib); - /* - * The inode blob gets an rcu_head in addition to - * what the modules might need. - */ - if (needed->lbs_inode && blob_sizes.lbs_inode == 0) - blob_sizes.lbs_inode = sizeof(struct rcu_head); - lsm_set_blob_size(&needed->lbs_inode, &blob_sizes.lbs_inode); - lsm_set_blob_size(&needed->lbs_ipc, &blob_sizes.lbs_ipc); - lsm_set_blob_size(&needed->lbs_key, &blob_sizes.lbs_key); - lsm_set_blob_size(&needed->lbs_msg_msg, &blob_sizes.lbs_msg_msg); - lsm_set_blob_size(&needed->lbs_perf_event, &blob_sizes.lbs_perf_event); - lsm_set_blob_size(&needed->lbs_sock, &blob_sizes.lbs_sock); - lsm_set_blob_size(&needed->lbs_superblock, &blob_sizes.lbs_superblock); - lsm_set_blob_size(&needed->lbs_task, &blob_sizes.lbs_task); - lsm_set_blob_size(&needed->lbs_tun_dev, &blob_sizes.lbs_tun_dev); - lsm_set_blob_size(&needed->lbs_xattr_count, - &blob_sizes.lbs_xattr_count); - lsm_set_blob_size(&needed->lbs_bdev, &blob_sizes.lbs_bdev); -} - -/* Prepare LSM for initialization. */ -static void __init prepare_lsm(struct lsm_info *lsm) -{ - int enabled = lsm_allowed(lsm); - - /* Record enablement (to handle any following exclusive LSMs). */ - set_enabled(lsm, enabled); - - /* If enabled, do pre-initialization work. */ - if (enabled) { - if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && !exclusive) { - exclusive = lsm; - init_debug("exclusive chosen: %s\n", lsm->name); - } - - lsm_set_blob_sizes(lsm->blobs); } + + /* Mark the LSM as enabled. */ + set_enabled(lsm, true); + if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && !exclusive) { + init_debug("exclusive chosen: %s\n", lsm->name); + exclusive = lsm; + } + + /* Register the LSM blob sizes. */ + blobs = lsm->blobs; + lsm_set_blob_size(&blobs->lbs_cred, &blob_sizes.lbs_cred); + lsm_set_blob_size(&blobs->lbs_file, &blob_sizes.lbs_file); + lsm_set_blob_size(&blobs->lbs_ib, &blob_sizes.lbs_ib); + /* inode blob gets an rcu_head in addition to LSM blobs. */ + if (blobs->lbs_inode && blob_sizes.lbs_inode == 0) + blob_sizes.lbs_inode = sizeof(struct rcu_head); + lsm_set_blob_size(&blobs->lbs_inode, &blob_sizes.lbs_inode); + lsm_set_blob_size(&blobs->lbs_ipc, &blob_sizes.lbs_ipc); + lsm_set_blob_size(&blobs->lbs_key, &blob_sizes.lbs_key); + lsm_set_blob_size(&blobs->lbs_msg_msg, &blob_sizes.lbs_msg_msg); + lsm_set_blob_size(&blobs->lbs_perf_event, &blob_sizes.lbs_perf_event); + lsm_set_blob_size(&blobs->lbs_sock, &blob_sizes.lbs_sock); + lsm_set_blob_size(&blobs->lbs_superblock, &blob_sizes.lbs_superblock); + lsm_set_blob_size(&blobs->lbs_task, &blob_sizes.lbs_task); + lsm_set_blob_size(&blobs->lbs_tun_dev, &blob_sizes.lbs_tun_dev); + lsm_set_blob_size(&blobs->lbs_xattr_count, + &blob_sizes.lbs_xattr_count); + lsm_set_blob_size(&blobs->lbs_bdev, &blob_sizes.lbs_bdev); } /* Initialize a given LSM, if it is enabled. */ @@ -358,7 +341,7 @@ static void __init ordered_lsm_init(void) ordered_lsm_parse(builtin_lsm_order, "builtin"); for (lsm = ordered_lsms; *lsm; lsm++) - prepare_lsm(*lsm); + lsm_prep_single(*lsm); report_lsm_order(); @@ -499,7 +482,7 @@ int __init early_security_init(void) for (lsm = __start_early_lsm_info; lsm < __end_early_lsm_info; lsm++) { if (!lsm->enabled) lsm->enabled = &lsm_enabled_true; - prepare_lsm(lsm); + lsm_prep_single(lsm); initialize_lsm(lsm); } From patchwork Wed Apr 9 18:49:49 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul Moore X-Patchwork-Id: 14045245 Received: from mail-qt1-f173.google.com (mail-qt1-f173.google.com [209.85.160.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 859E3269B1E for ; Wed, 9 Apr 2025 18:53:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.160.173 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744224817; cv=none; b=RGExncYdRho482KFCvtRWRH6fQ0emPHmKn896mZS94o4RszMIsVqidgd4D7Ov1mqmB4bLLGCmPYty8qu3IpXUNktpbdYM9fKuIeetPQrFhDGJ6PjSpYmDA/spW6h5+66zkAVuWDpayPE3pQnfnBcl5aTMUNCtIODg0YJRd7f3mM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744224817; c=relaxed/simple; bh=gpr7tsGitQIMbEcgCwGbviHAdreY0TOHnQ6cCKZK2UY=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Gn6Gocn0DK8lhKcEsV9tSG6qA3PK3bWcz7QbdqXxBovu6n4YwrR2ehoggjVhNmvkFyHqZ+1bZtfvzlthjn2Brl0FPFZtzkJfMT3QQG46QOQSOZHeXwdb5Hk/c5ZdS61do32NfEEmyq9XBVyt3e+slwBaLgoBxIjxhewUhCyREOE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com; spf=pass smtp.mailfrom=paul-moore.com; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b=Ttqwv9Hn; arc=none smtp.client-ip=209.85.160.173 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b="Ttqwv9Hn" Received: by mail-qt1-f173.google.com with SMTP id d75a77b69052e-4774d68c670so97079821cf.0 for ; Wed, 09 Apr 2025 11:53:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore.com; s=google; t=1744224813; x=1744829613; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=uyW2hd3CPeNluq5Deagk7Gz7AJbC3npegLBwPU6mSOs=; b=Ttqwv9HnniNCvdqkCDQW/KwY6vqkqcxNEIlFt65C/BZ63tR1xYfmlta9X+kIOajLji 337B1zDcDlylm0cNnfhj79GZu1xScHYmz5twUMVpBqgcCFj2UFua3aw96YwSnKRpAAcc H4X8OYkZ4wCVQceBVN6dEDP0KRhJBvQwAhYQlW0Fm+F78T5AYdN7lkI2vpwLnfN14TK3 x/oJJIrufXimYi0ZpNYiYHYvttit1KtelEL5eOtWG3XNnW5fCfi6UOVPT4nvL2apGHfK ZaiMMcAcwwNRZHbA6cX3iwoPqQZSCk8QcAZ7zcF8+WNEqWF69wuJbcK4BtNKLgp3O9fP wKRA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744224813; x=1744829613; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=uyW2hd3CPeNluq5Deagk7Gz7AJbC3npegLBwPU6mSOs=; b=K/XsdBOg1JsWnuFqqTHBOsifXb3JWtmZZZemW+sEOQOGocpH2Wy8d6F9TQ4diL6T/K f6QNxAofpVqEM91zwGzxfYpn/uT5QmghJucMtKnE6iq0Wg+5kHIX9r5y8YLOotivVbbR iCRft1XEcuxoKsEK10trREHPdqrkAOURExjf5jZXOsvOyo1lASdkob16/KDxLKlMCy63 BIuhMRyo/p885ijtgOlvtwrFtRnoFHtzevFVkkB2Yr61kEnSymXxW4XPNcyI3wUwNIsa G5MD3Ezks05qxOUgm9QiA0TptejmjafX/+Rk3yWCjG+s0ZJ7js2gU8dMEvHulxFcIT0c v0WA== X-Gm-Message-State: AOJu0YyLmsGYykzjLjq5wQbvukHmbWiZCSC28GAI8kYJNFUnezWynFSp qnrl4AOQQv+sD7WszoT6ECzTW0y7npmBVr5panHOcIe55bZ6GYfPhlf839TvEAip86RyD/nAtz0 = X-Gm-Gg: ASbGncsrzQXTjWZ76H/1gPQyveGA5pyOAPo5VltaUCU4JBR+u6ugBPFgM2cW2h6GzI7 tk4YKuRvxj0QIpq2NXln8+kz8jpN3Gk0GcXN937cHds0F5LDTk6K24VypeB5efcO9Ti8oM3CeXj oaB8OE9mEwbIbQgMUGNVRhp9Vy99vDAUBK2WMkl1iUEUfxbtMPPBcBXUlB4S2nKSAklWKdf+/1x CbtD/U/4Re/ZnLzXMzDjX2z9hBHc4cLys8aA2JjYqbtinqQRDCcPkJe+sFV//MaBVkXn+ry+aNq JeFK3JPlMkP+u3oyDzS2SNK2Yx9Y6RPJJuTxWwM+LClPPwIKxYZN6LCfbyIb/HN+eOke7Jr51n2 oPKHmG9oJAQ== X-Google-Smtp-Source: AGHT+IElE6XZTnvc8PwrZp+Tvpsb+oUBi9puAZOOHhxs0inLj4RSOmzkhtSEd80tUBKIzcruBlRftA== X-Received: by 2002:a05:622a:1115:b0:476:6b20:2cef with SMTP id d75a77b69052e-47960134f73mr58523681cf.41.1744224813280; Wed, 09 Apr 2025 11:53:33 -0700 (PDT) Received: from localhost (pool-71-126-255-178.bstnma.fios.verizon.net. [71.126.255.178]) by smtp.gmail.com with UTF8SMTPSA id d75a77b69052e-47964ec504asm10336751cf.62.2025.04.09.11.53.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Apr 2025 11:53:32 -0700 (PDT) From: Paul Moore To: linux-security-module@vger.kernel.org, linux-integrity@vger.kernel.org, selinux@vger.kernel.org Cc: John Johansen , Mimi Zohar , Roberto Sassu , Fan Wu , =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , =?utf-8?q?G=C3=BCnt?= =?utf-8?q?her_Noack?= , Kees Cook , Micah Morton , Casey Schaufler , Tetsuo Handa Subject: [RFC PATCH 04/29] lsm: simplify ordered_lsm_init() and rename to lsm_init_ordered() Date: Wed, 9 Apr 2025 14:49:49 -0400 Message-ID: <20250409185019.238841-35-paul@paul-moore.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20250409185019.238841-31-paul@paul-moore.com> References: <20250409185019.238841-31-paul@paul-moore.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=5284; i=paul@paul-moore.com; h=from:subject; bh=gpr7tsGitQIMbEcgCwGbviHAdreY0TOHnQ6cCKZK2UY=; b=owEBbQKS/ZANAwAIAeog8tqXN4lzAcsmYgBn9sGBx4wuIYQqbtw+d/oiQz36dPSuSfB0GAmp4 QzeVymGZF+JAjMEAAEIAB0WIQRLQqjPB/KZ1VSXfu/qIPLalzeJcwUCZ/bBgQAKCRDqIPLalzeJ c8YTD/45zC/x50mbnS+rmFfYNWP9G7OQcwdN2nOZ7WlXXy/epOxNYO9oqUAgfdTzFclLzS6Cx+q JexaE0/dKwgqBmq2/vsiE3r/sVjTKUrVSi2mvqjV51Geb0hAuDMqWaK7eKvfgtNSesynf5tTqT/ lPk4H7BQUeSa97Fkz/Re2+QYIlwCZJkv31vSfm3+qPCk+OerKWhY8VZu51pBC3CLtgNfxyNSljc g3VsZvrWiU/P3TRj41DhNh/VUgqiKVhg1exx4JwxUBmbLRZbgYhaUqW0LHu/WgXW457mPO3udHR jVSiSfQlYR9vvXVhQW2GsXrWG9p6rRCtBrab6nLdRYB0gcWo6WOG4j2ARZ0tq+iu2EUDn0dMZwm mcoV/4DlyCQGlmXSskfG61bAiexiAZk/B4omodClDjdvIKpTOpl5chS2QxM5hbtPnh0sNsYgY0S wMRjIw2dp1yCDaxBAzHHNrAaCbX4GsKPoshHc9bVzaQS4kWd18EblGK+xlDd+rHYOZklSWgeRT5 miwOSwpsajR0EUTPZge4ZD10xkpSK3YhI/lTH8ctR3cKBhcB7p0CdCl7RSivVwDRYyE1iVaibCl RhAe83ZgFLjc4DBqaXDAHX00Y1WEnIyA9PIr1B81EJF9wzWLKrQpe6cM8eFitRA21hLUmGEETFX oAqDnf61MsjtA3w== X-Developer-Key: i=paul@paul-moore.com; a=openpgp; fpr=7100AADFAE6E6E940D2E0AD655E45A5AE8CA7C8A One part of a larger effort to cleanup the LSM framework initialization code. Signed-off-by: Paul Moore --- security/lsm_init.c | 94 +++++++++++++++++---------------------------- 1 file changed, 36 insertions(+), 58 deletions(-) diff --git a/security/lsm_init.c b/security/lsm_init.c index dffa8dc2da36..407429688f1b 100644 --- a/security/lsm_init.c +++ b/security/lsm_init.c @@ -32,6 +32,12 @@ static __initdata bool debug; pr_info(__VA_ARGS__); \ } while (0) +#define lsm_order_for_each(iter) \ + for ((iter) = ordered_lsms; *(iter); (iter)++) +#define lsm_early_for_each_raw(iter) \ + for ((iter) = __start_early_lsm_info; \ + (iter) < __end_early_lsm_info; (iter)++) + static int lsm_append(const char *new, char **result); /* Save user chosen LSM */ @@ -96,9 +102,10 @@ static bool __init exists_ordered_lsm(struct lsm_info *lsm) { struct lsm_info **check; - for (check = ordered_lsms; *check; check++) + lsm_order_for_each(check) { if (*check == lsm) return true; + } return false; } @@ -279,56 +286,13 @@ static void __init ordered_lsm_parse(const char *order, const char *origin) kfree(sep); } -static void __init report_lsm_order(void) -{ - struct lsm_info **lsm, *early; - int first = 0; - - pr_info("initializing lsm="); - - /* Report each enabled LSM name, comma separated. */ - for (early = __start_early_lsm_info; - early < __end_early_lsm_info; early++) - if (is_enabled(early)) - pr_cont("%s%s", first++ == 0 ? "" : ",", early->name); - for (lsm = ordered_lsms; *lsm; lsm++) - if (is_enabled(*lsm)) - pr_cont("%s%s", first++ == 0 ? "" : ",", (*lsm)->name); - - pr_cont("\n"); -} - /** - * lsm_early_cred - during initialization allocate a composite cred blob - * @cred: the cred that needs a blob - * - * Allocate the cred blob for all the modules + * lsm_init_ordered - Initialize the ordered LSMs */ -static void __init lsm_early_cred(struct cred *cred) -{ - int rc = lsm_cred_alloc(cred, GFP_KERNEL); - - if (rc) - panic("%s: Early cred alloc failed.\n", __func__); -} - -/** - * lsm_early_task - during initialization allocate a composite task blob - * @task: the task that needs a blob - * - * Allocate the task blob for all the modules - */ -static void __init lsm_early_task(struct task_struct *task) -{ - int rc = lsm_task_alloc(task); - - if (rc) - panic("%s: Early task alloc failed.\n", __func__); -} - -static void __init ordered_lsm_init(void) +static void __init lsm_init_ordered(void) { struct lsm_info **lsm; + struct lsm_info *early; if (chosen_lsm_order) { if (chosen_major_lsm) { @@ -340,10 +304,23 @@ static void __init ordered_lsm_init(void) } else ordered_lsm_parse(builtin_lsm_order, "builtin"); - for (lsm = ordered_lsms; *lsm; lsm++) + lsm_order_for_each(lsm) { lsm_prep_single(*lsm); + } - report_lsm_order(); + pr_info("initializing lsm="); + lsm_early_for_each_raw(early) { + if (is_enabled(early)) + pr_cont("%s%s", + early == __start_early_lsm_info ? "" : ",", + early->name); + } + lsm_order_for_each(lsm) { + if (is_enabled(*lsm)) + pr_cont("%s%s", + lsm == ordered_lsms ? "" : ",", (*lsm)->name); + } + pr_cont("\n"); init_debug("cred blob size = %d\n", blob_sizes.lbs_cred); init_debug("file blob size = %d\n", blob_sizes.lbs_file); @@ -362,9 +339,6 @@ static void __init ordered_lsm_init(void) init_debug("xattr slots = %d\n", blob_sizes.lbs_xattr_count); init_debug("bdev blob size = %d\n", blob_sizes.lbs_bdev); - /* - * Create any kmem_caches needed for blobs - */ if (blob_sizes.lbs_file) lsm_file_cache = kmem_cache_create("lsm_file_cache", blob_sizes.lbs_file, 0, @@ -374,10 +348,14 @@ static void __init ordered_lsm_init(void) blob_sizes.lbs_inode, 0, SLAB_PANIC, NULL); - lsm_early_cred((struct cred *) current->cred); - lsm_early_task(current); - for (lsm = ordered_lsms; *lsm; lsm++) + if (lsm_cred_alloc((struct cred *)current->cred, GFP_KERNEL)) + panic("%s: early cred alloc failed.\n", __func__); + if (lsm_task_alloc(current)) + panic("%s: early task alloc failed.\n", __func__); + + lsm_order_for_each(lsm) { initialize_lsm(*lsm); + } } static bool match_last_lsm(const char *list, const char *lsm) @@ -479,7 +457,7 @@ int __init early_security_init(void) { struct lsm_info *lsm; - for (lsm = __start_early_lsm_info; lsm < __end_early_lsm_info; lsm++) { + lsm_early_for_each_raw(lsm) { if (!lsm->enabled) lsm->enabled = &lsm_enabled_true; lsm_prep_single(lsm); @@ -506,7 +484,7 @@ int __init security_init(void) * Append the names of the early LSM modules now that kmalloc() is * available */ - for (lsm = __start_early_lsm_info; lsm < __end_early_lsm_info; lsm++) { + lsm_early_for_each_raw(lsm) { init_debug(" early started: %s (%s)\n", lsm->name, is_enabled(lsm) ? "enabled" : "disabled"); if (lsm->enabled) @@ -514,7 +492,7 @@ int __init security_init(void) } /* Load LSMs in specified order. */ - ordered_lsm_init(); + lsm_init_ordered(); return 0; } From patchwork Wed Apr 9 18:49:50 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul Moore X-Patchwork-Id: 14045246 Received: from mail-qk1-f176.google.com (mail-qk1-f176.google.com [209.85.222.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D5CF327815A for ; Wed, 9 Apr 2025 18:53:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.222.176 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744224818; cv=none; b=Jhwx1jUCRqJew0YZuj/8irQesyR0cv3lM5GEaYBoEB0ntUXwQLIeu6L1X31avehpqDBlb46LUiyqCU4tBOqDGajj1lmP1y4VsKGWDyTD2k4Yr/UfvJ+PfWTFiGW24xKu5YqXzzWRY3nwpOWnX7H7WL5wmxXj41RQmUFA8o8QeDE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744224818; c=relaxed/simple; bh=suwgQBN2f+WUDLS5qxCVT1JfKZ1u9cWT9DOTBoIM33c=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=GijcHJl9I7Mo5Xb7oXm3t/eINmVQC/RcnKRLr6otfETnYi3CJIzNwIt28M6jZAir8biNCNLDg/+Y9RtHCv0hJrd/WqYSeE/B8GKqh8O7zJiqNWDfw4Cw6bmNCUwR8W6a8IwsoWjki4FbwgBvAfEZstGuafOP2gz7QLvTVtkAY90= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com; spf=pass smtp.mailfrom=paul-moore.com; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b=da+0JmD7; arc=none smtp.client-ip=209.85.222.176 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b="da+0JmD7" Received: by mail-qk1-f176.google.com with SMTP id af79cd13be357-7c5b2472969so2974485a.1 for ; Wed, 09 Apr 2025 11:53:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore.com; s=google; t=1744224814; x=1744829614; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=y249LSqoR+cxToQEsmQYSigHHJBjh+WrtpsqV/HUcV4=; b=da+0JmD7krNoqVpATVCIYHS/jf9H2/rBeM2nUpUK1R48Bsq6xf8Pr/SciTXQw99+yP e4uTZskyVCZNcjTEtrVQ2gLT60/i0JTuPVsHVDm2t2TGXZ5MjX9qvX6qkmgMGtRb/bww ZHW2htVIPLniHT/2xXSkFEiH1jywRh8zomqm2vCX2E/H9ND2mes9XdAuBIDjPRczdvNx zq/yNXC7QjTCFq0QhoxrO6Zys2eH3gI99EBqODIGIp0vH6baqKOcdFvVBp6GBISJD94n 7N3JkINxzamWWUuMZKb5LD5kliPV3Mnspz/hZPININvcowra0mmgeTRB2W8KjffAT4ru 4KHg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744224814; x=1744829614; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=y249LSqoR+cxToQEsmQYSigHHJBjh+WrtpsqV/HUcV4=; b=ExPyB0El5KqavoBbyz85HU702gfvzgPc//PksIZWNWNJhUJJm6o/oB6OCGNw22+M4s OHfm4YxgxgsJvlN2HZMdNLMxvJDGhvkAUKFM2F/1zCH2VcyOotj1wZ6pQaZIox80Pzvy hjNQ5hbh15lgAw67Z6nhgAq6uzD0vjyznefyk0gm54/yogFgfSAr+pEIpNMv3ftu3PHA f0Siz4WKS0XYajNPZ5a/2nEF2Ns1MCRTC+Xsk2JSu5Sg1dGZXnTFCsttKFw9sRBXsd6c uJSL1jkUClNUeeiJruJSncgxiYD5msyg/UySrT85NLcF4YZNVuB9cb94Ync4xKWYenxi ziww== X-Gm-Message-State: AOJu0YyC7iU7pIaBwvgGL7N9yAG66nc9kYcbIk48p1HIus/5Hob1SX3G HVwVIK9yxZImXp+dDyzC7hn5BnZ2XLDMJD3GN7nzDVVx1FQpoSICUGBp6M3Ydep9hbUnotvRciE = X-Gm-Gg: ASbGncs90N/NmO+0M054AiXhP9CtG0mU68SfAYgjW01uCZRiaLJN4SIeOxUgfT1xBzh YdQjvSHyXvBvvs5HWkJAryVJNvCZpg0Mc37ee2qpJnbXSFNFMoxsM7cD30GHXIJIL6y+0eshgXh McIrTuXPR5vvvHSvjgaEnJbPWKMHm0Tfz8rQhinwXAd/eb9F0QMpbBJUilVfo77742otfXGBk5R Ou4II5r1GxPq4AxOYISs0ALkmUOjM2pm5Va9NebbwmkggWFvYvtb5XkCMTVTw6SkMrY+sE9iYIU mQfTrd9SRztuZA4uIdKJrF1xK99ncCeFwtCb9NmCSHN4/lRxt79VlXwRBsp3DzWFO2wqyvkDSFe I0KQ8diAy3A== X-Google-Smtp-Source: AGHT+IHWWKmhAUAD5QZyMIWCZm1PyBDKbfkAzPSqMi9p8Qt07R79gPO9Hc6qmLm5WdmO1UV6EXv2Eg== X-Received: by 2002:a05:620a:9607:b0:7c7:a537:7ce2 with SMTP id af79cd13be357-7c7a5377ceemr231947385a.32.1744224814412; Wed, 09 Apr 2025 11:53:34 -0700 (PDT) Received: from localhost (pool-71-126-255-178.bstnma.fios.verizon.net. [71.126.255.178]) by smtp.gmail.com with UTF8SMTPSA id af79cd13be357-7c7a10ba65esm106413385a.28.2025.04.09.11.53.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Apr 2025 11:53:33 -0700 (PDT) From: Paul Moore To: linux-security-module@vger.kernel.org, linux-integrity@vger.kernel.org, selinux@vger.kernel.org Cc: John Johansen , Mimi Zohar , Roberto Sassu , Fan Wu , =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , =?utf-8?q?G=C3=BCnt?= =?utf-8?q?her_Noack?= , Kees Cook , Micah Morton , Casey Schaufler , Tetsuo Handa Subject: [RFC PATCH 05/29] lsm: replace the name field with a pointer to the lsm_id struct Date: Wed, 9 Apr 2025 14:49:50 -0400 Message-ID: <20250409185019.238841-36-paul@paul-moore.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20250409185019.238841-31-paul@paul-moore.com> References: <20250409185019.238841-31-paul@paul-moore.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=12306; i=paul@paul-moore.com; h=from:subject; bh=suwgQBN2f+WUDLS5qxCVT1JfKZ1u9cWT9DOTBoIM33c=; b=owEBbQKS/ZANAwAIAeog8tqXN4lzAcsmYgBn9sGHCEiDm6qt+zIbiQXuhA+Nk1W29JbXEhzUY KE+ZHTqXQCJAjMEAAEIAB0WIQRLQqjPB/KZ1VSXfu/qIPLalzeJcwUCZ/bBhwAKCRDqIPLalzeJ c/TEEAC8Bpb96EjP7814bYL1nDv3LdIYXy3idkVr6RcbUuvqqAO7X8XTw7gTLJyg+J2tcfMndd+ 9KIvK0nsMBU7w4prrFU5W34e/CrIUS7bnLVVDiMMOO84D4ZWTbW5iPdCxYOAK2wAWm+hOCq1BTR 2TtMLBArrR1ZeVwyi3fXBnnASZdnEtS6yj9Cy8RymK21yx9uXjCp0EelagPG0acfS/M0++c/EfI AXxnYpyiNu2csojc1CApxp/DRSMPJ6EZOGFApz/ROloIsJFiJBbKPWzbFNu1GnX+yprbY/rn+JP OMnLu+oUdNfCxSlvcLRprG/3YWZ4UtV8g/bmsD4oJyUXrKU9YR1SzREM5ofiztEh6VMHlabQE1K c6wzsr6fmLg9CeTiHKRn1v3hri2oTMPfMehB9R93v1A1Ja66wBXpy2dQeo8mcMczJoZyn+xsJVK GtW0nTzhm6uRpkMjdQLn4uF+LcX3JanAJxAVhnZf83NwrzXx9bqofJUGUQyqTLB5UaW+Qe08FM3 hTC6tOnH4OaXS97Oz3GBhiJPG8iZegKnbY4rY6zP/Los9IrZAwQmquY+g4UJyShxJZ6IChvC0pc nxKGyn2KD4rwrvtvrIjYmXsBFw5ZfWxxJe/FpxCCAa2IPkYYu5vy5w6KC15Hrn6GzeggdWBSynM C2T3SoJZqTosa9w== X-Developer-Key: i=paul@paul-moore.com; a=openpgp; fpr=7100AADFAE6E6E940D2E0AD655E45A5AE8CA7C8A Reduce the duplication between the lsm_id struct and the DEFINE_LSM() definition by linking the lsm_id struct directly into the individual LSM's DEFINE_LSM() instance. Linking the lsm_id into the LSM definition also allows us to simplify the security_add_hooks() function by removing the code which populates the lsm_idlist[] array and moving it into the normal LSM startup code where the LSM list is parsed and the individual LSMs are enabled, making for a cleaner implementation with less overhead at boot. Signed-off-by: Paul Moore Reviewed-by: Kees Cook Reviewed-by: John Johansen --- include/linux/lsm_hooks.h | 2 +- security/apparmor/lsm.c | 2 +- security/bpf/hooks.c | 2 +- security/commoncap.c | 2 +- security/integrity/evm/evm_main.c | 2 +- security/integrity/ima/ima_main.c | 2 +- security/ipe/ipe.c | 2 +- security/landlock/setup.c | 2 +- security/loadpin/loadpin.c | 2 +- security/lockdown/lockdown.c | 2 +- security/lsm_init.c | 43 ++++++++++++------------------- security/safesetid/lsm.c | 2 +- security/selinux/hooks.c | 2 +- security/smack/smack_lsm.c | 2 +- security/tomoyo/tomoyo.c | 2 +- security/yama/yama_lsm.c | 2 +- 16 files changed, 31 insertions(+), 42 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index eeb4bfd60b79..4cd17c9a229f 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -149,7 +149,7 @@ enum lsm_order { }; struct lsm_info { - const char *name; /* Required. */ + const struct lsm_id *id; enum lsm_order order; /* Optional: default is LSM_ORDER_MUTABLE */ unsigned long flags; /* Optional: flags describing LSM */ int *enabled; /* Optional: controlled by CONFIG_LSM */ diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 9b6c2f157f83..a7f6a3274682 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -2272,7 +2272,7 @@ static int __init apparmor_init(void) } DEFINE_LSM(apparmor) = { - .name = "apparmor", + .id = &apparmor_lsmid, .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE, .enabled = &apparmor_enabled, .blobs = &apparmor_blob_sizes, diff --git a/security/bpf/hooks.c b/security/bpf/hooks.c index db759025abe1..40efde233f3a 100644 --- a/security/bpf/hooks.c +++ b/security/bpf/hooks.c @@ -33,7 +33,7 @@ struct lsm_blob_sizes bpf_lsm_blob_sizes __ro_after_init = { }; DEFINE_LSM(bpf) = { - .name = "bpf", + .id = &bpf_lsmid, .init = bpf_lsm_init, .blobs = &bpf_lsm_blob_sizes }; diff --git a/security/commoncap.c b/security/commoncap.c index 28d4248bf001..e04aa4f50eaf 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -1509,7 +1509,7 @@ static int __init capability_init(void) } DEFINE_LSM(capability) = { - .name = "capability", + .id = &capability_lsmid, .order = LSM_ORDER_FIRST, .init = capability_init, }; diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c index 0add782e73ba..db8e324ed4e6 100644 --- a/security/integrity/evm/evm_main.c +++ b/security/integrity/evm/evm_main.c @@ -1175,7 +1175,7 @@ struct lsm_blob_sizes evm_blob_sizes __ro_after_init = { }; DEFINE_LSM(evm) = { - .name = "evm", + .id = &evm_lsmid, .init = init_evm_lsm, .order = LSM_ORDER_LAST, .blobs = &evm_blob_sizes, diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index f3e7ac513db3..55a4f08a2565 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -1251,7 +1251,7 @@ struct lsm_blob_sizes ima_blob_sizes __ro_after_init = { }; DEFINE_LSM(ima) = { - .name = "ima", + .id = &ima_lsmid, .init = init_ima_lsm, .order = LSM_ORDER_LAST, .blobs = &ima_blob_sizes, diff --git a/security/ipe/ipe.c b/security/ipe/ipe.c index 4317134cb0da..2426441181dc 100644 --- a/security/ipe/ipe.c +++ b/security/ipe/ipe.c @@ -92,7 +92,7 @@ static int __init ipe_init(void) } DEFINE_LSM(ipe) = { - .name = "ipe", + .id = &ipe_lsmid, .init = ipe_init, .blobs = &ipe_blobs, }; diff --git a/security/landlock/setup.c b/security/landlock/setup.c index bd53c7a56ab9..47dac1736f10 100644 --- a/security/landlock/setup.c +++ b/security/landlock/setup.c @@ -75,7 +75,7 @@ static int __init landlock_init(void) } DEFINE_LSM(LANDLOCK_NAME) = { - .name = LANDLOCK_NAME, + .id = &landlock_lsmid, .init = landlock_init, .blobs = &landlock_blob_sizes, }; diff --git a/security/loadpin/loadpin.c b/security/loadpin/loadpin.c index 68252452b66c..b9ddf05c5c16 100644 --- a/security/loadpin/loadpin.c +++ b/security/loadpin/loadpin.c @@ -271,7 +271,7 @@ static int __init loadpin_init(void) } DEFINE_LSM(loadpin) = { - .name = "loadpin", + .id = &loadpin_lsmid, .init = loadpin_init, }; diff --git a/security/lockdown/lockdown.c b/security/lockdown/lockdown.c index cf83afa1d879..4813f168ff93 100644 --- a/security/lockdown/lockdown.c +++ b/security/lockdown/lockdown.c @@ -168,6 +168,6 @@ DEFINE_EARLY_LSM(lockdown) = { #else DEFINE_LSM(lockdown) = { #endif - .name = "lockdown", + .id = &lockdown_lsmid, .init = lockdown_lsm_init, }; diff --git a/security/lsm_init.c b/security/lsm_init.c index 407429688f1b..d458a365b0d5 100644 --- a/security/lsm_init.c +++ b/security/lsm_init.c @@ -124,9 +124,10 @@ static void __init append_ordered_lsm(struct lsm_info *lsm, const char *from) /* Enable this LSM, if it is not already set. */ if (!lsm->enabled) lsm->enabled = &lsm_enabled_true; - ordered_lsms[last_lsm++] = lsm; + ordered_lsms[last_lsm] = lsm; + lsm_idlist[last_lsm++] = lsm->id; - init_debug("%s ordered: %s (%s)\n", from, lsm->name, + init_debug("%s ordered: %s (%s)\n", from, lsm->id->name, is_enabled(lsm) ? "enabled" : "disabled"); } @@ -154,7 +155,7 @@ static void __init lsm_prep_single(struct lsm_info *lsm) set_enabled(lsm, false); return; } else if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && exclusive) { - init_debug("exclusive disabled: %s\n", lsm->name); + init_debug("exclusive disabled: %s\n", lsm->id->name); set_enabled(lsm, false); return; } @@ -162,7 +163,7 @@ static void __init lsm_prep_single(struct lsm_info *lsm) /* Mark the LSM as enabled. */ set_enabled(lsm, true); if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && !exclusive) { - init_debug("exclusive chosen: %s\n", lsm->name); + init_debug("exclusive chosen: %s\n", lsm->id->name); exclusive = lsm; } @@ -194,9 +195,9 @@ static void __init initialize_lsm(struct lsm_info *lsm) if (is_enabled(lsm)) { int ret; - init_debug("initializing %s\n", lsm->name); + init_debug("initializing %s\n", lsm->id->name); ret = lsm->init(); - WARN(ret, "%s failed to initialize: %d\n", lsm->name, ret); + WARN(ret, "%s failed to initialize: %d\n", lsm->id->name, ret); } } @@ -231,10 +232,10 @@ static void __init ordered_lsm_parse(const char *order, const char *origin) for (major = __start_lsm_info; major < __end_lsm_info; major++) { if ((major->flags & LSM_FLAG_LEGACY_MAJOR) && - strcmp(major->name, chosen_major_lsm) != 0) { + strcmp(major->id->name, chosen_major_lsm) != 0) { set_enabled(major, false); init_debug("security=%s disabled: %s (only one legacy major LSM)\n", - chosen_major_lsm, major->name); + chosen_major_lsm, major->id->name); } } } @@ -246,7 +247,7 @@ static void __init ordered_lsm_parse(const char *order, const char *origin) bool found = false; for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { - if (strcmp(lsm->name, name) == 0) { + if (strcmp(lsm->id->name, name) == 0) { if (lsm->order == LSM_ORDER_MUTABLE) append_ordered_lsm(lsm, origin); found = true; @@ -263,7 +264,7 @@ static void __init ordered_lsm_parse(const char *order, const char *origin) for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { if (exists_ordered_lsm(lsm)) continue; - if (strcmp(lsm->name, chosen_major_lsm) == 0) + if (strcmp(lsm->id->name, chosen_major_lsm) == 0) append_ordered_lsm(lsm, "security="); } } @@ -280,7 +281,7 @@ static void __init ordered_lsm_parse(const char *order, const char *origin) continue; set_enabled(lsm, false); init_debug("%s skipped: %s (not in requested order)\n", - origin, lsm->name); + origin, lsm->id->name); } kfree(sep); @@ -313,12 +314,12 @@ static void __init lsm_init_ordered(void) if (is_enabled(early)) pr_cont("%s%s", early == __start_early_lsm_info ? "" : ",", - early->name); + early->id->name); } lsm_order_for_each(lsm) { if (is_enabled(*lsm)) pr_cont("%s%s", - lsm == ordered_lsms ? "" : ",", (*lsm)->name); + lsm == ordered_lsms ? "" : ",", (*lsm)->id->name); } pr_cont("\n"); @@ -426,18 +427,6 @@ void __init security_add_hooks(struct security_hook_list *hooks, int count, { int i; - /* - * A security module may call security_add_hooks() more - * than once during initialization, and LSM initialization - * is serialized. Landlock is one such case. - * Look at the previous entry, if there is one, for duplication. - */ - if (lsm_active_cnt == 0 || lsm_idlist[lsm_active_cnt - 1] != lsmid) { - if (lsm_active_cnt >= MAX_LSM_COUNT) - panic("%s Too many LSMs registered.\n", __func__); - lsm_idlist[lsm_active_cnt++] = lsmid; - } - for (i = 0; i < count; i++) { hooks[i].lsmid = lsmid; lsm_static_call_init(&hooks[i]); @@ -485,10 +474,10 @@ int __init security_init(void) * available */ lsm_early_for_each_raw(lsm) { - init_debug(" early started: %s (%s)\n", lsm->name, + init_debug(" early started: %s (%s)\n", lsm->id->name, is_enabled(lsm) ? "enabled" : "disabled"); if (lsm->enabled) - lsm_append(lsm->name, &lsm_names); + lsm_append(lsm->id->name, &lsm_names); } /* Load LSMs in specified order. */ diff --git a/security/safesetid/lsm.c b/security/safesetid/lsm.c index 1ba564f097f5..9a7c68d4e642 100644 --- a/security/safesetid/lsm.c +++ b/security/safesetid/lsm.c @@ -287,6 +287,6 @@ static int __init safesetid_security_init(void) } DEFINE_LSM(safesetid_security_init) = { + .id = &safesetid_lsmid, .init = safesetid_security_init, - .name = "safesetid", }; diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index e7a7dcab81db..f28a12a0a1c8 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -7562,7 +7562,7 @@ void selinux_complete_init(void) /* SELinux requires early initialization in order to label all processes and objects when they are created. */ DEFINE_LSM(selinux) = { - .name = "selinux", + .id = &selinux_lsmid, .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE, .enabled = &selinux_enabled_boot, .blobs = &selinux_blob_sizes, diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 99833168604e..e09b33fed5f0 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -5282,7 +5282,7 @@ static __init int smack_init(void) * all processes and objects when they are created. */ DEFINE_LSM(smack) = { - .name = "smack", + .id = &smack_lsmid, .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE, .blobs = &smack_blob_sizes, .init = smack_init, diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index d6ebcd9db80a..ed0f7b052a85 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c @@ -612,7 +612,7 @@ static int __init tomoyo_init(void) } DEFINE_LSM(tomoyo) = { - .name = "tomoyo", + .id = &tomoyo_lsmid, .enabled = &tomoyo_enabled, .flags = LSM_FLAG_LEGACY_MAJOR, .blobs = &tomoyo_blob_sizes, diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c index 3d064dd4e03f..38b21ee0c560 100644 --- a/security/yama/yama_lsm.c +++ b/security/yama/yama_lsm.c @@ -476,6 +476,6 @@ static int __init yama_init(void) } DEFINE_LSM(yama) = { - .name = "yama", + .id = &yama_lsmid, .init = yama_init, }; From patchwork Wed Apr 9 18:49:51 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul Moore X-Patchwork-Id: 14045247 Received: from mail-qv1-f53.google.com (mail-qv1-f53.google.com [209.85.219.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BC11327932D for ; Wed, 9 Apr 2025 18:53:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.53 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744224818; cv=none; b=cfT7cwoaGK3ar2tc01qVyzwLWJbW/kzqNK5PmpZT9E82E/wv00M4iAUPDIQstDcLzcdFcHtOolv//O5DG9x8Z3ad3QfbSsbAzFFTGrMOakGJvDj4pYtuF6QWcxPNJnJOPYfvih7DhZiSZPATiI0vZlJmNcaf+0s8VQNXeFLbTrI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744224818; c=relaxed/simple; bh=cAQQMk+Vt6sewNd7r5cJabqUDfdUGGXs+2Q9EYdMTl0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=QJRcXZNETPYImrAaLyYUNFPDQURdAqTD0DUPu5w8rytGUSksBmGpb1OYRdMwDIg5jiM5TtA/93zZfJ4w1y/+HnKnqG7D114qbFCn8b24NF9hWopw+j/gcKRImhq1OZ8AHU881muLZNyEV5AgnnYXGydWU8W0Okoq+4nhMQV3bNo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com; spf=pass smtp.mailfrom=paul-moore.com; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b=ef/fPv60; arc=none smtp.client-ip=209.85.219.53 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b="ef/fPv60" Received: by mail-qv1-f53.google.com with SMTP id 6a1803df08f44-6e8efefec89so61425446d6.3 for ; Wed, 09 Apr 2025 11:53:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore.com; s=google; t=1744224815; x=1744829615; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=j8UNEGBnDjctViFzAeNZ98+Qj49ntmuE/5Qqsa0alp4=; b=ef/fPv60/r3G2z7jcwyi4COMxJukePbCiGXQF1Gu/fewnHhliNz8mZF90txW9DcqW3 gQjK76s5fnpMWa9PoPITjhqAUIhSPjUzBe2TGt7gCbCE5nUil7FelwGYktw2A9a3pYJA CLgC4K7PRz2uQK6q2JDxw9VPDWNaepV7hVqjl44034OJL3+9ZG3Q90ty9KKFD/3IlKF7 FUXpx/Rw6poKylkfNOAcJz31Ncb4yoP0293yjJeu7E1WNIPZe7THGdei6Zt0SCURvsw4 B/WS00Htmm6FIjNvjcmt5o2j0upV5YkOkzpvw3KAzP/hyFByZnNdI6/CaGz+A5hfAIn+ Y5SA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744224815; x=1744829615; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=j8UNEGBnDjctViFzAeNZ98+Qj49ntmuE/5Qqsa0alp4=; b=jHXUqWq36js8oByl3jRn/wBn0zmo6HV5tiX7mwASXUuGHA65hPqHgkseKUK9i3hPGd xBpZxTIeJ02XSh5ABlkMwfKZUlbzL/rysVv5lmD4+dogHG7oT+Iq9YxLXzR0cgyd/joN 5awtLamtuzMCgw5gfifz40nBLNfNeLRe94TXDt3itXZRNQLU923SOFmX+BXIBEJwhnxl yYThSU+FK2dY+8hl5NTeWizPYSX1QrUO/DAiojpVhjooMvAG9sa9tJ0kJp2u8l0KKgV0 wxSCN1SK2sft5U+PkefKFk18+Fmal/uqngvx9xwtwx/6aM1My9CDTEYAQySEm4eMUpr6 8WMA== X-Gm-Message-State: AOJu0YwQyajGsV34X6N8ntym9+PnU548sCsYma4NRbS9GP4Xs+B2zNOq IckcZatvCq84xXArBK+3SIQrUx8+FVrIWUkHuXSOlc6x0C2oIz+Rs1WW2A3yupssfmbwUYqmLZM = X-Gm-Gg: ASbGnctXWXojblOKrFz3Be49wHQ0ahR6ZQ1jpGV6XEiEzqh9KSqH0JLPQw+Gm83DyVA Kd7M+67K2543XZPJ7P+ZB7vU0hqsG9S26KfJvKrprTLU1PeJVjr1cQHOwsK6THZ+xZOLWGd0yod 30WsPww0jlE+EqDn82DrUrRiqBtv/dLUik6QP4ZsXutQUcZDmRsF3Hv/dafl8RYJihUvsVoCf28 AG7B4nY142bUfb0N9OP7A6F/atSCOSYrANxCIcVty3+WPXy0+Zq/Tf7uMcJS+l9Zl1o1moh0VDN cZvtpdCG1PHwJKO6uagkuHoKJPZRdPCZLBTFGQzr83p0i2IP/Wq+CKgHyBBv/5VBf3x76p0Hvi/ 8pbqli1Pd4A== X-Google-Smtp-Source: AGHT+IF1EIeERMEIEyvo2n9JxK+aeVmwH9S+aVkJod3eUny8dqJAKr6fct43BFRjaJ12VpzocVn5Iw== X-Received: by 2002:a05:6214:27e5:b0:6d8:ada3:26c9 with SMTP id 6a1803df08f44-6f0e5a26063mr689146d6.10.1744224815418; Wed, 09 Apr 2025 11:53:35 -0700 (PDT) Received: from localhost (pool-71-126-255-178.bstnma.fios.verizon.net. [71.126.255.178]) by smtp.gmail.com with UTF8SMTPSA id 6a1803df08f44-6f0dea111b5sm10426366d6.117.2025.04.09.11.53.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Apr 2025 11:53:34 -0700 (PDT) From: Paul Moore To: linux-security-module@vger.kernel.org, linux-integrity@vger.kernel.org, selinux@vger.kernel.org Cc: John Johansen , Mimi Zohar , Roberto Sassu , Fan Wu , =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , =?utf-8?q?G=C3=BCnt?= =?utf-8?q?her_Noack?= , Kees Cook , Micah Morton , Casey Schaufler , Tetsuo Handa Subject: [RFC PATCH 06/29] lsm: cleanup and normalize the LSM order symbols naming Date: Wed, 9 Apr 2025 14:49:51 -0400 Message-ID: <20250409185019.238841-37-paul@paul-moore.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20250409185019.238841-31-paul@paul-moore.com> References: <20250409185019.238841-31-paul@paul-moore.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=7191; i=paul@paul-moore.com; h=from:subject; bh=cAQQMk+Vt6sewNd7r5cJabqUDfdUGGXs+2Q9EYdMTl0=; b=owEBbQKS/ZANAwAIAeog8tqXN4lzAcsmYgBn9sGNvvFy3me8wmdAt1I5fboN8swUGDytRzhXL p20NwzmOSuJAjMEAAEIAB0WIQRLQqjPB/KZ1VSXfu/qIPLalzeJcwUCZ/bBjQAKCRDqIPLalzeJ c+i/D/9YxUh19UB8H9azsjHcItUSrWOZOxh89ujZKXQitrtrb6UVAU4hPyN2gBu3QASwgm6dq63 PBxLStkn03/FKeefydiLQYDWr2FBWcPfDGeNRzfwO8y/q39NkahsVEEQo+O6+QChw3ulZYtqrBa PWhuKWSbXOZlzw1Nt/FZ4S17sv18ti/GsrUbitEusu+FpVd4N9HSwNT0nEgDuAI0hhHAwd2dQmS vOBirouHdlG5ekl1NRE/1XENlORh/oqGLlm6J7TAfx5umEhrxMvP8EnJN0V9I6PrHO/Z0ry+F8+ RqnN9AHIc8QKzYoeNMbDq7mabLbWV5qrCQnCmvrjQVKlp7k7aljrjAnHUbxAK5vUI4SwJJClu6p y+Z9hpT/oMXEI74WqVoKDD3+heAsbET5fIzVCDGB8+Lx8H+enx0Y/O6lPY2+Ia5feWBU3BDTBv6 VFo4fyZ9pvE2zPEU7TodqkfG0flF+fB1wvsBU6z9YpEVQFxmyJB/IYDsUbcNrzD+XNvMTnpilFb 6IxEaPP7jSdj8RyW7dvUyrl6aNywV4cnywSfYN3KTja6n6UgVp45rOV5EaYFSUMkRjJBb9Gu7zl R8rMNCVvIB2jD6dGW9x99gj2bs0UQYHZ16IchJhtX7+h6n3EZlca84LMHkDEMq9FDL50A9XcIpf TTPM1seuwDuihWg== X-Developer-Key: i=paul@paul-moore.com; a=openpgp; fpr=7100AADFAE6E6E940D2E0AD655E45A5AE8CA7C8A One part of a larger effort to cleanup the LSM framework initialization code. Signed-off-by: Paul Moore Reviewed-by: Kees Cook Reviewed-by: John Johansen --- security/lsm_init.c | 88 +++++++++++++++++++++++++-------------------- 1 file changed, 49 insertions(+), 39 deletions(-) diff --git a/security/lsm_init.c b/security/lsm_init.c index d458a365b0d5..edf2f4140eaa 100644 --- a/security/lsm_init.c +++ b/security/lsm_init.c @@ -16,14 +16,14 @@ char *lsm_names; extern struct lsm_info __start_lsm_info[], __end_lsm_info[]; extern struct lsm_info __start_early_lsm_info[], __end_early_lsm_info[]; -/* Boot-time LSM user choice */ -static __initconst const char *const builtin_lsm_order = CONFIG_LSM; -static __initdata const char *chosen_lsm_order; -static __initdata const char *chosen_major_lsm; +/* Build and boot-time LSM ordering. */ +static __initconst const char *const lsm_order_builtin = CONFIG_LSM; +static __initdata const char *lsm_order_cmdline; +static __initdata const char *lsm_order_legacy; /* Ordered list of LSMs to initialize. */ -static __initdata struct lsm_info *ordered_lsms[MAX_LSM_COUNT + 1]; -static __initdata struct lsm_info *exclusive; +static __initdata struct lsm_info *lsm_order[MAX_LSM_COUNT + 1]; +static __initdata struct lsm_info *lsm_exclusive; static __initdata bool debug; #define init_debug(...) \ @@ -33,36 +33,46 @@ static __initdata bool debug; } while (0) #define lsm_order_for_each(iter) \ - for ((iter) = ordered_lsms; *(iter); (iter)++) + for ((iter) = lsm_order; *(iter); (iter)++) #define lsm_early_for_each_raw(iter) \ for ((iter) = __start_early_lsm_info; \ (iter) < __end_early_lsm_info; (iter)++) -static int lsm_append(const char *new, char **result); - -/* Save user chosen LSM */ -static int __init choose_major_lsm(char *str) +/** + * lsm_choose_security - Legacy "major" LSM selection + * @str: kernel command line parameter + */ +static int __init lsm_choose_security(char *str) { - chosen_major_lsm = str; + lsm_order_legacy = str; return 1; } -__setup("security=", choose_major_lsm); +__setup("security=", lsm_choose_security); -/* Explicitly choose LSM initialization order. */ -static int __init choose_lsm_order(char *str) +/** + * lsm_choose_lsm - Modern LSM selection + * @str: kernel command line parameter + */ +static int __init lsm_choose_lsm(char *str) { - chosen_lsm_order = str; + lsm_order_cmdline = str; return 1; } -__setup("lsm=", choose_lsm_order); +__setup("lsm=", lsm_choose_lsm); -/* Enable LSM order debugging. */ -static int __init enable_debug(char *str) +/** + * lsm_debug_enable - Enable LSM framework debugging + * @str: kernel command line parameter + * + * Currently we only provide debug info during LSM initialization, but we may + * want to expand this in the future. + */ +static int __init lsm_debug_enable(char *str) { debug = true; return 1; } -__setup("lsm.debug", enable_debug); +__setup("lsm.debug", lsm_debug_enable); /* Mark an LSM's enabled flag. */ static int lsm_enabled_true __initdata = 1; @@ -124,7 +134,7 @@ static void __init append_ordered_lsm(struct lsm_info *lsm, const char *from) /* Enable this LSM, if it is not already set. */ if (!lsm->enabled) lsm->enabled = &lsm_enabled_true; - ordered_lsms[last_lsm] = lsm; + lsm_order[last_lsm] = lsm; lsm_idlist[last_lsm++] = lsm->id; init_debug("%s ordered: %s (%s)\n", from, lsm->id->name, @@ -154,7 +164,7 @@ static void __init lsm_prep_single(struct lsm_info *lsm) if (!is_enabled(lsm)) { set_enabled(lsm, false); return; - } else if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && exclusive) { + } else if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && lsm_exclusive) { init_debug("exclusive disabled: %s\n", lsm->id->name); set_enabled(lsm, false); return; @@ -162,9 +172,9 @@ static void __init lsm_prep_single(struct lsm_info *lsm) /* Mark the LSM as enabled. */ set_enabled(lsm, true); - if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && !exclusive) { + if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && !lsm_exclusive) { init_debug("exclusive chosen: %s\n", lsm->id->name); - exclusive = lsm; + lsm_exclusive = lsm; } /* Register the LSM blob sizes. */ @@ -220,7 +230,7 @@ static void __init ordered_lsm_parse(const char *order, const char *origin) } /* Process "security=", if given. */ - if (chosen_major_lsm) { + if (lsm_order_legacy) { struct lsm_info *major; /* @@ -232,10 +242,10 @@ static void __init ordered_lsm_parse(const char *order, const char *origin) for (major = __start_lsm_info; major < __end_lsm_info; major++) { if ((major->flags & LSM_FLAG_LEGACY_MAJOR) && - strcmp(major->id->name, chosen_major_lsm) != 0) { + strcmp(major->id->name, lsm_order_legacy) != 0) { set_enabled(major, false); init_debug("security=%s disabled: %s (only one legacy major LSM)\n", - chosen_major_lsm, major->id->name); + lsm_order_legacy, major->id->name); } } } @@ -260,11 +270,11 @@ static void __init ordered_lsm_parse(const char *order, const char *origin) } /* Process "security=", if given. */ - if (chosen_major_lsm) { + if (lsm_order_legacy) { for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { if (exists_ordered_lsm(lsm)) continue; - if (strcmp(lsm->id->name, chosen_major_lsm) == 0) + if (strcmp(lsm->id->name, lsm_order_legacy) == 0) append_ordered_lsm(lsm, "security="); } } @@ -295,15 +305,15 @@ static void __init lsm_init_ordered(void) struct lsm_info **lsm; struct lsm_info *early; - if (chosen_lsm_order) { - if (chosen_major_lsm) { + if (lsm_order_cmdline) { + if (lsm_order_legacy) { pr_warn("security=%s is ignored because it is superseded by lsm=%s\n", - chosen_major_lsm, chosen_lsm_order); - chosen_major_lsm = NULL; + lsm_order_legacy, lsm_order_cmdline); + lsm_order_legacy = NULL; } - ordered_lsm_parse(chosen_lsm_order, "cmdline"); + ordered_lsm_parse(lsm_order_cmdline, "cmdline"); } else - ordered_lsm_parse(builtin_lsm_order, "builtin"); + ordered_lsm_parse(lsm_order_builtin, "builtin"); lsm_order_for_each(lsm) { lsm_prep_single(*lsm); @@ -319,7 +329,7 @@ static void __init lsm_init_ordered(void) lsm_order_for_each(lsm) { if (is_enabled(*lsm)) pr_cont("%s%s", - lsm == ordered_lsms ? "" : ",", (*lsm)->id->name); + lsm == lsm_order ? "" : ",", (*lsm)->id->name); } pr_cont("\n"); @@ -465,9 +475,9 @@ int __init security_init(void) { struct lsm_info *lsm; - init_debug("legacy security=%s\n", chosen_major_lsm ? : " *unspecified*"); - init_debug(" CONFIG_LSM=%s\n", builtin_lsm_order); - init_debug("boot arg lsm=%s\n", chosen_lsm_order ? : " *unspecified*"); + init_debug("legacy security=%s\n", lsm_order_legacy ? : " *unspecified*"); + init_debug(" CONFIG_LSM=%s\n", lsm_order_builtin); + init_debug("boot arg lsm=%s\n", lsm_order_cmdline ? : " *unspecified*"); /* * Append the names of the early LSM modules now that kmalloc() is From patchwork Wed Apr 9 18:49:52 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul Moore X-Patchwork-Id: 14045248 Received: from mail-qk1-f178.google.com (mail-qk1-f178.google.com [209.85.222.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BC02C27BF78 for ; Wed, 9 Apr 2025 18:53:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.222.178 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744224819; cv=none; b=ATAnMvLehS7TWAMDbjivA4byk+8WFGZ2nfg3rRvC6qVjGwdsfBD7Uouj3v7bFXZizSHUss1lsVsXEB7g1dsMRxPOT13nVEeGqi4isN3MmdLqTTo5mRN18KgWldX2AGnjEPdHThohhDP0Slbqk+JozhmwnE0EXDHzTmhQd+SzmuE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744224819; c=relaxed/simple; bh=KFsasiNRn/1z1Ik/t9O+JrkG0wsuT47rh8tQ1XBoYQg=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=FfmgGOQuxFUcwoiQs7dArvrN0UOUrB6YzPx7Td6qtdvMG0BAUohaD7wQbZnJXfQV+edKclVN+dQCX2r12OWtjkdsji6cWQ7eML8RgYNI3/14LcdeCeQfk13T/BNfS8z6T5bdb6MGwND07Ig1kjp6PQmqJRMjy/goNdcYQF8gKdk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com; spf=pass smtp.mailfrom=paul-moore.com; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b=VXlg7xM0; arc=none smtp.client-ip=209.85.222.178 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b="VXlg7xM0" Received: by mail-qk1-f178.google.com with SMTP id af79cd13be357-7c5b2472969so2977685a.1 for ; Wed, 09 Apr 2025 11:53:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore.com; s=google; t=1744224816; x=1744829616; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=LJLTaE+oUP17ucfbeTFIwhnNa4ZodMFgNyM712ECkWE=; b=VXlg7xM01Vu+YrOZskLaommm3NxcTerGhA4W+6s3kqQiqFNYs7DUjFZ9nDPhBGDCNY jsemECSvtopm8Q18DX6LC7vcoNFaToKasw5GTXnWf7h5NLYgyncqfB798AsQr/wdYrWe 3Tb7uJ9Jqf4W03IuE3Cbdgc0Emk8pKwdAv+W/b+NHRx0YCtbSEFLYTqMsvilZNpuqslC 518DUH1Dbwz3qN/xANaTBhl6+iiVOBkHqgwbVQr7kamVwiScxWQX9+DZlTbgH9l3R47e KYj9V/Jr8wt0UiDSNmw4lLBqJsLCTnT6DFoOkhfp+zXNKkgOZBgsFRpMVhXCi5bNH5HB wUoQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744224816; x=1744829616; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=LJLTaE+oUP17ucfbeTFIwhnNa4ZodMFgNyM712ECkWE=; b=pZg0v0+h7jMUcM8b5UbhfAkCwtp1erL4Dp2Bmr8cVIM+hT3nAx7ZLQFF+b2Gt1N1Wa 227inDPrwwgxzyROhIXm71SNb/Zr2HydiEHf+1c2hCAfAacN88utUgT6tGIrBLtlGnmu jbZdgg8a7TIE/NdpLjlqpu8cUZr9/roVGaALpgWH7whlQfKMvo7xBzI6jyIm0/Qb3zMF otCZSAi6Ef5Z0+7L43VzX3CzxjgMkkgzEioEOzjC7I26OJ7jJbZuzrkF3SVEMXFLm6I3 xYUhse7q67qAzsojFdWDa3Ub1z7j/oqgTANhn/nvrWouS7lokz1s02+nt+h7+zFzytlo 3B2Q== X-Gm-Message-State: AOJu0YybT0wU1sVfa5NIjDabTVKvA9de3YKsB/aNUvMq8v7OSZqpxSVy WZWMkGgqcbm2lVgvVSrBDRBxCbaAVuhgCHO2C+JQcmezvfgHqQvzys3NE+EHMQLqm7RlbSBt5ZI = X-Gm-Gg: ASbGnctZlQy27fDhe73ViF6a67IqcvhCp0R0H1eCsT5DQ9S/adV7vtodonofB/565mR xUvRcV/3Q4suVjkhVoSab+OR8lD/tZplSxEO8dIH54IR40lbzZMsTRQBWE56SoI6Bgzb3SVIx95 V4+c5cxa6GLNb4LNYTPKdrb3x7v+5EvuT5hmGeosxDD3mvh/upr0yif4Vg4C93+oaCgjf1xB/Xd iBb8qJFpXG5zZVLlpAtnOfDy5UHJUBGIMa+Cq7Q6hodPFayforuE2eX028+mpiylmE7ngtmjoHw 6YGv0v6bsyvp2C0M7vMlql2UJudKW9ZP6Fyufo8AgstmgtunW7Px6JeVmzB9lskqVLIkP6bS2Sh 6N4Yv0AbLOLlhwHu2AUPV X-Google-Smtp-Source: AGHT+IF6i9jk79i1lnBhew3sLdVjuUfx72+rGLC417exG8vWsFKh1Rd+BiDQcc1wJzSrfHcR2QHGWA== X-Received: by 2002:a05:620a:2b8a:b0:7c5:cd0f:5c09 with SMTP id af79cd13be357-7c79cbc9686mr738512885a.7.1744224816335; Wed, 09 Apr 2025 11:53:36 -0700 (PDT) Received: from localhost (pool-71-126-255-178.bstnma.fios.verizon.net. [71.126.255.178]) by smtp.gmail.com with UTF8SMTPSA id 6a1803df08f44-6f0dea10697sm10501726d6.108.2025.04.09.11.53.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Apr 2025 11:53:35 -0700 (PDT) From: Paul Moore To: linux-security-module@vger.kernel.org, linux-integrity@vger.kernel.org, selinux@vger.kernel.org Cc: John Johansen , Mimi Zohar , Roberto Sassu , Fan Wu , =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , =?utf-8?q?G=C3=BCnt?= =?utf-8?q?her_Noack?= , Kees Cook , Micah Morton , Casey Schaufler , Tetsuo Handa Subject: [RFC PATCH 07/29] lsm: rework lsm_active_cnt and lsm_idlist[] Date: Wed, 9 Apr 2025 14:49:52 -0400 Message-ID: <20250409185019.238841-38-paul@paul-moore.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20250409185019.238841-31-paul@paul-moore.com> References: <20250409185019.238841-31-paul@paul-moore.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=4074; i=paul@paul-moore.com; h=from:subject; bh=KFsasiNRn/1z1Ik/t9O+JrkG0wsuT47rh8tQ1XBoYQg=; b=owEBbQKS/ZANAwAIAeog8tqXN4lzAcsmYgBn9sGTR9i1qR9/T23mFgutPDw19iGyksSAWvO+/ 40+g2TwkquJAjMEAAEIAB0WIQRLQqjPB/KZ1VSXfu/qIPLalzeJcwUCZ/bBkwAKCRDqIPLalzeJ c9pvD/4so58JVRFvuGUnYm+kwB48bg+toZDwKdoHi99nNO+yUiYKvQ6tEXgKIZiDB4fEIk5uZl2 ABre8tOp88aUOiTSVjZQ/FTXaIK2/0O5vOgn4XFpC/JIj+iQk0xKcL3lh3iHFA+773KQoFdesc+ oDb8Nf7r4Z09e0VtXJIK0cJzcthFba8HlRbUEYO3iQrzqHLMQhZcr3FHaDCAw9HgBhQV7EJV/6C 26vZi0HY3ALkxfPzUji779qkak0vWeQia1Mm9yNNDp9xxKqq9vuJmZ3MExP3G4Q+aZ3aB1aqqgZ 5y/zflwdH/oUTW6+vs0Wcdx816qGkQgHYmLyDHU2lGS8FRcArdzqPZHvTDbzi5t0dq75/0l9jgL pA7UkE4/vQKLnhfdOkvWtlLQXo3Rv7AiWHmlOnaPx730PLTMJc+ja7j1zvutaMq7R3bTYpnB7xe xH5MmRScCcCfTaG9lJvG7JfHBrPgro3nTs4MTSOki43YXZkZuXo/B7Nj76T3sGodxh9mqflwXzI P4Shpeq/1YsaNWF78rYxsMkC8FSSAtqQdRTmfia11K0RX2UBj86lDYLMO/5gD7jVPUdP8QFQKyx ZvKOqhBXR/nTDa3CdPsXenHKJTml0NSQjTTGQ42e1wjhB3KBUU8WzYqGi+lEnwKvxdDHvbFQJPy kR4VBpbLXYB9smg== X-Developer-Key: i=paul@paul-moore.com; a=openpgp; fpr=7100AADFAE6E6E940D2E0AD655E45A5AE8CA7C8A Move the LSM count and lsm_id list declarations out of a header that is visible across the kernel and into a header that is limited to the LSM framework. This not only helps keep the include/linux headers smaller and cleaner, it helps prevent misuse of these variables. During the move, lsm_active_cnt was renamed to lsm_count for the sake of brevity. Signed-off-by: Paul Moore --- include/linux/security.h | 2 -- security/lsm.h | 5 +++++ security/lsm_init.c | 8 +------- security/lsm_syscalls.c | 8 +++++--- security/security.c | 3 +++ 5 files changed, 14 insertions(+), 12 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index cc9b54d95d22..8aac21787a9f 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -167,8 +167,6 @@ struct lsm_prop { }; extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1]; -extern u32 lsm_active_cnt; -extern const struct lsm_id *lsm_idlist[]; /* These functions are in security/commoncap.c */ extern int cap_capable(const struct cred *cred, struct user_namespace *ns, diff --git a/security/lsm.h b/security/lsm.h index 0e1731bad4a7..af343072199d 100644 --- a/security/lsm.h +++ b/security/lsm.h @@ -7,6 +7,11 @@ #define _LSM_H_ #include +#include + +/* List of configured LSMs */ +extern unsigned int lsm_count; +extern const struct lsm_id *lsm_idlist[]; /* LSM blob configuration */ extern struct lsm_blob_sizes blob_sizes; diff --git a/security/lsm_init.c b/security/lsm_init.c index edf2f4140eaa..981ddb20f48e 100644 --- a/security/lsm_init.c +++ b/security/lsm_init.c @@ -22,8 +22,8 @@ static __initdata const char *lsm_order_cmdline; static __initdata const char *lsm_order_legacy; /* Ordered list of LSMs to initialize. */ -static __initdata struct lsm_info *lsm_order[MAX_LSM_COUNT + 1]; static __initdata struct lsm_info *lsm_exclusive; +static __initdata struct lsm_info *lsm_order[MAX_LSM_COUNT + 1]; static __initdata bool debug; #define init_debug(...) \ @@ -211,12 +211,6 @@ static void __init initialize_lsm(struct lsm_info *lsm) } } -/* - * Current index to use while initializing the lsm id list. - */ -u32 lsm_active_cnt __ro_after_init; -const struct lsm_id *lsm_idlist[MAX_LSM_COUNT]; - /* Populate ordered LSMs list from comma-separated LSM name list. */ static void __init ordered_lsm_parse(const char *order, const char *origin) { diff --git a/security/lsm_syscalls.c b/security/lsm_syscalls.c index 8440948a690c..3fb0d77ae65c 100644 --- a/security/lsm_syscalls.c +++ b/security/lsm_syscalls.c @@ -17,6 +17,8 @@ #include #include +#include "lsm.h" + /** * lsm_name_to_attr - map an LSM attribute name to its ID * @name: name of the attribute @@ -96,7 +98,7 @@ SYSCALL_DEFINE4(lsm_get_self_attr, unsigned int, attr, struct lsm_ctx __user *, SYSCALL_DEFINE3(lsm_list_modules, u64 __user *, ids, u32 __user *, size, u32, flags) { - u32 total_size = lsm_active_cnt * sizeof(*ids); + u32 total_size = lsm_count * sizeof(*ids); u32 usize; int i; @@ -112,9 +114,9 @@ SYSCALL_DEFINE3(lsm_list_modules, u64 __user *, ids, u32 __user *, size, if (usize < total_size) return -E2BIG; - for (i = 0; i < lsm_active_cnt; i++) + for (i = 0; i < lsm_count; i++) if (put_user(lsm_idlist[i]->id, ids++)) return -EFAULT; - return lsm_active_cnt; + return lsm_count; } diff --git a/security/security.c b/security/security.c index 8d370a4c5e74..a3e8dd640b39 100644 --- a/security/security.c +++ b/security/security.c @@ -73,6 +73,9 @@ const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX + 1] = { [LOCKDOWN_CONFIDENTIALITY_MAX] = "confidentiality", }; +unsigned int lsm_count __ro_after_init; +const struct lsm_id *lsm_idlist[MAX_LSM_COUNT]; + struct lsm_blob_sizes blob_sizes; struct kmem_cache *lsm_file_cache; From patchwork Wed Apr 9 18:49:53 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul Moore X-Patchwork-Id: 14045249 Received: from mail-qt1-f172.google.com (mail-qt1-f172.google.com [209.85.160.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D03D827BF8A for ; Wed, 9 Apr 2025 18:53:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.160.172 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744224820; cv=none; b=HGHmn4lCHuf3dKIzn+0BDK+yVP+CtoZL62ufKay2TiBv3UeLvlwKZPxaz+lynKAsTnP7uwm4948ZMrcCUi+5uyxAAEhSHQkhTTno3Iw8ShGExZpfihdUsrYzar7VXCOF/YjBIwFbwDF31BQeAneoyYH2N6fAl0Ouw8QR/uXptzo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744224820; c=relaxed/simple; bh=1NUIa+5KjxYrVyC8+UdcbY2PiKn4glw3Vh9B27xCfbU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=mJkkiuBfYYJzVwiE6L63+YT1TLwz1JwQEFWBJT/QHS3G2Rpqc4AvLqJ4kOcB82ryKDc2yLkT/AwABK1AXhmPXbdNj9C41gyrk1ot9pZc9L+UIXD9nw47L9TCfYo2HOssTYgthUhDu5KEoo/BXT9OYqy609uinp2Utc8TglIJIw0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com; spf=pass smtp.mailfrom=paul-moore.com; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b=OCKCOOuL; arc=none smtp.client-ip=209.85.160.172 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b="OCKCOOuL" Received: by mail-qt1-f172.google.com with SMTP id d75a77b69052e-47688ae873fso69853111cf.0 for ; Wed, 09 Apr 2025 11:53:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore.com; s=google; t=1744224817; x=1744829617; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=myeGk1VKg+RuG9Vt8oAIZ4CZoF5fEne+HCtdGHf+1u0=; b=OCKCOOuLINTjd0MXneCu9wYcOhGrgIutXcJGMtSgwW8nlesaiaE8dgHt4/2vjxcrIE FhRyzcoHKCxQfpHN5GqsZQ/LzhCZwvYZnX2kIOM2jrOMRj0tt+4R+rN9SKqn+Lrq8Ufh 29UV/w5fPzQ0fVGn3WakmLpfdokGvnbfHikgdaFtpE8nT7oOWi8yVymss5MJ3Z8Z3ik9 NQQotstDcfw0helm3M12tqeguorG0nLyixdpR1sKcW8k2wnFKYcfTU5pkDfPJVB/W7Pp nNgTGdtRIq69qi070Wn+Psux2BrdQLtKC2Jf4akMXBU7tcKJtiRXtSrwJhXlxd4krR4u hfXw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744224817; x=1744829617; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=myeGk1VKg+RuG9Vt8oAIZ4CZoF5fEne+HCtdGHf+1u0=; b=ozQ8fxfrpTUR1a/qo8SzdX5ux/blqFbU+TYSwKAXMHszhfLFEc7E8NudLUombSNXDC 8xf1BErQVH/wAsvMBYxxdy005Wi3zsUXAbt9elWdiCPQ3y/H6rYy6dNBBsg69go4yp6w aTkszb9aB/SPkrc+PRTBPIJ7ljqKpdMuW4vgGkVKQP0XKrVA0En0HhLu7Ywi2D1vwPnq BqnPWZFs0ByZxpJ8USNZCdDWeBHxc9lU2g3ABoG5zyCHmCjNNUQ74Ku7/DQZ30pU//KJ CiVv+k2wvPJBh1W79HHocb04qtlf72Zuhwq98s0r79+jFllG+dN6B3ON0OyHTjShfIVq yI+w== X-Gm-Message-State: AOJu0Yxv9sqtkE7gJTdn+KCOnRIJw7HBJujHvSOZCagtvpQWt0ReIp5v Q0vQBpl31ou6ZIonuHkJ5h6qo/sYg2aDeiVrDaFfJmblhch6li/kHJbs3xwxnJuQ2P7AVSFv23o = X-Gm-Gg: ASbGncungqoaKNznjSpihHuyWK+QsBrWul+a2w3nj/QZWdLMyM+wmrz05/zTPTX88IS SM8VMRTPea9RN+U8+8r+wlYyBZJqaRzp7lUtU2asNTPDDfmPifRH/5Ag/nh0D6JlWQ3qR8kZfd/ 5DL68j5aBvbqoSIvviWkkSUT0orP3Bu1DNIn/pCebvSxzIjaJxlV3Tgp5XPDZ2dEzUwDhnfaLMX oLYvnKp3x0lxog40yifeN4YzlCsWBr7x6S3Kiqn2tsAkfXCSPOE+kBVFV4Gdz7H6pP5it3jKN6i bDgJ1JnP+vawi3GONPs+WieHMfKWBkju0AHAwlbH53QmQyy79rVuWCBu8u0UnMVxskg0NYqATLR Rax6wjY0GdQ== X-Google-Smtp-Source: AGHT+IF869mOZKjkkllrrLrKf36gaby9+NevM7t7gjgk6kSd4DDLB+ScY5iVQTnMjkAgz0yr5T6k4w== X-Received: by 2002:a05:622a:1355:b0:477:6e8d:6081 with SMTP id d75a77b69052e-4795f2b15f7mr47540421cf.3.1744224817218; Wed, 09 Apr 2025 11:53:37 -0700 (PDT) Received: from localhost (pool-71-126-255-178.bstnma.fios.verizon.net. [71.126.255.178]) by smtp.gmail.com with UTF8SMTPSA id d75a77b69052e-47964d71c25sm10459981cf.15.2025.04.09.11.53.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Apr 2025 11:53:36 -0700 (PDT) From: Paul Moore To: linux-security-module@vger.kernel.org, linux-integrity@vger.kernel.org, selinux@vger.kernel.org Cc: John Johansen , Mimi Zohar , Roberto Sassu , Fan Wu , =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , =?utf-8?q?G=C3=BCnt?= =?utf-8?q?her_Noack?= , Kees Cook , Micah Morton , Casey Schaufler , Tetsuo Handa Subject: [RFC PATCH 08/29] lsm: get rid of the lsm_names list and do some cleanup Date: Wed, 9 Apr 2025 14:49:53 -0400 Message-ID: <20250409185019.238841-39-paul@paul-moore.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20250409185019.238841-31-paul@paul-moore.com> References: <20250409185019.238841-31-paul@paul-moore.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=4306; i=paul@paul-moore.com; h=from:subject; bh=1NUIa+5KjxYrVyC8+UdcbY2PiKn4glw3Vh9B27xCfbU=; b=owEBbQKS/ZANAwAIAeog8tqXN4lzAcsmYgBn9sGZ8Qx+Hz4VG7LIyRoRI0huhIRkKmkeTJHHt VrxtDvlCrWJAjMEAAEIAB0WIQRLQqjPB/KZ1VSXfu/qIPLalzeJcwUCZ/bBmQAKCRDqIPLalzeJ c9G5D/9S6JPn8naTO8uu0nZdxUikFgCM8ZUNqwDAt9gGeM8mYoq5/7ogzA11hkvaDWBpQMUaExQ jAjDLTa6ONNqfsKvb/w52zmbdNQuCQn6aYjVjVX51D68Uhb7iCaqCzzOlOACDPY2JCO3GCn6UH9 HGNulCCy5JKEcZkkTD6slyvUHClYchdqCkUuNWQuLW/w8RKraeQyhukRMTKhaEImCnm4lLQSt3t t/sdUnm1eo5pJexzBtWws0XhMG1JXLGdcFL8B0YdRlb/63nQaP9UkWJrrJ2t2nSeZ76N1J+qRsp Tmny5x5ZBlZbCvCTSYEu4XprlTROb1R3knFTFhuZeS4EXtYpB9CwVJO0q/Bq94p6C1GfMqvP5kP RCbf9EBhNZ9W8zn0Yox733fIkkA7lEcTkEwoYGRZUJC2JsWFcuPu8llGyG/UUrvJzo7mS9huuIv Vcy/76P1P5k0BaHeOR4aWVcwp+SqZ7eK29/n2IdA9I5V438Nw5PRMZANKw4cVEZv9Gp3rRcnGCh Wa4bK46+m9bqH8/Bg/A+9OBDBtNPDQPvY2m20+RWX3BJ8LWEdl3IU+QjhqvLURuBSlHkNsxvg6P AHl1CEvULin8DaQXs4+88U6kGD9jzUkNAK67x1lfBDD2JMurfXjQmqPQEcMk2EUSIT82NiO+oZy RBaBfUuTCPcbg/w== X-Developer-Key: i=paul@paul-moore.com; a=openpgp; fpr=7100AADFAE6E6E940D2E0AD655E45A5AE8CA7C8A The LSM currently has a lot of code to maintain a list of the currently active LSMs in a human readable string, with the only user being the "/sys/kernel/security/lsm" code. Let's drop all of that code and generate the string on an as-needed basis when userspace reads "/sys/kernel/security/lsm". Signed-off-by: Paul Moore --- include/linux/lsm_hooks.h | 1 - security/inode.c | 27 +++++++++++++++++++-- security/lsm_init.c | 49 --------------------------------------- 3 files changed, 25 insertions(+), 52 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 4cd17c9a229f..bc477fb20d02 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -169,7 +169,6 @@ struct lsm_info { /* DO NOT tamper with these variables outside of the LSM framework */ -extern char *lsm_names; extern struct lsm_static_calls_table static_calls_table __ro_after_init; /** diff --git a/security/inode.c b/security/inode.c index da3ab44c8e57..49bc3578bd23 100644 --- a/security/inode.c +++ b/security/inode.c @@ -22,6 +22,8 @@ #include #include +#include "lsm.h" + static struct vfsmount *mount; static int mount_count; @@ -343,8 +345,29 @@ static struct dentry *lsm_dentry; static ssize_t lsm_read(struct file *filp, char __user *buf, size_t count, loff_t *ppos) { - return simple_read_from_buffer(buf, count, ppos, lsm_names, - strlen(lsm_names)); + int i; + char *str; + ssize_t rc, len = 0; + + for (i = 0; i < lsm_count; i++) + /* the '+ 1' accounts for either a comma or a NUL terminator */ + len += strlen(lsm_order[i]->id->name) + 1; + + str = kmalloc(len, GFP_KERNEL); + if (!str) + return -ENOMEM; + str[0] = '\0'; + + i = 0; + while (i < lsm_count) { + strcat(str, lsm_order[i]->id->name); + if (++i < lsm_count) + strcat(str, ","); + } + + rc = simple_read_from_buffer(buf, count, ppos, str, len); + kfree(str); + return rc; } static const struct file_operations lsm_ops = { diff --git a/security/lsm_init.c b/security/lsm_init.c index 981ddb20f48e..978bb81b58fa 100644 --- a/security/lsm_init.c +++ b/security/lsm_init.c @@ -10,8 +10,6 @@ #include "lsm.h" -char *lsm_names; - /* Pointers to LSM sections defined in include/asm-generic/vmlinux.lds.h */ extern struct lsm_info __start_lsm_info[], __end_lsm_info[]; extern struct lsm_info __start_early_lsm_info[], __end_early_lsm_info[]; @@ -363,42 +361,6 @@ static void __init lsm_init_ordered(void) } } -static bool match_last_lsm(const char *list, const char *lsm) -{ - const char *last; - - if (WARN_ON(!list || !lsm)) - return false; - last = strrchr(list, ','); - if (last) - /* Pass the comma, strcmp() will check for '\0' */ - last++; - else - last = list; - return !strcmp(last, lsm); -} - -static int lsm_append(const char *new, char **result) -{ - char *cp; - - if (*result == NULL) { - *result = kstrdup(new, GFP_KERNEL); - if (*result == NULL) - return -ENOMEM; - } else { - /* Check if it is the last registered name */ - if (match_last_lsm(*result, new)) - return 0; - cp = kasprintf(GFP_KERNEL, "%s,%s", *result, new); - if (cp == NULL) - return -ENOMEM; - kfree(*result); - *result = cp; - } - return 0; -} - static void __init lsm_static_call_init(struct security_hook_list *hl) { struct lsm_static_call *scall = hl->scalls; @@ -435,15 +397,6 @@ void __init security_add_hooks(struct security_hook_list *hooks, int count, hooks[i].lsmid = lsmid; lsm_static_call_init(&hooks[i]); } - - /* - * Don't try to append during early_security_init(), we'll come back - * and fix this up afterwards. - */ - if (slab_is_available()) { - if (lsm_append(lsmid->name, &lsm_names) < 0) - panic("%s - Cannot get early memory.\n", __func__); - } } int __init early_security_init(void) @@ -480,8 +433,6 @@ int __init security_init(void) lsm_early_for_each_raw(lsm) { init_debug(" early started: %s (%s)\n", lsm->id->name, is_enabled(lsm) ? "enabled" : "disabled"); - if (lsm->enabled) - lsm_append(lsm->id->name, &lsm_names); } /* Load LSMs in specified order. */ From patchwork Wed Apr 9 18:49:54 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul Moore X-Patchwork-Id: 14045250 Received: from mail-qt1-f170.google.com (mail-qt1-f170.google.com [209.85.160.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7888727BF9A for ; Wed, 9 Apr 2025 18:53:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.160.170 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744224821; cv=none; b=J/Q1txPqMyCV4kolCWroMgDP3qXirttA4XciDTSVMG/B7kyYkqOblvoFYNN8KccB/pT80g+O0Px2KLtwHUHInSJMqCih+BUT5PqlqPhXWz5nzcR0PKnPI4YbSBwZ2Ep6iGpF8fPHzeOULUHAe+XzSTykNU2+LX/8MnnP3WKXO84= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744224821; c=relaxed/simple; bh=RHbnsK02hzjrS8frwf8Vo7FRCVXpRvvKMlPX+QXLt6M=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=dU2SKvzlfdDsmuy64pFjc9ay3Od9lwDQ7F9AnNucHTcyHOqRsSF64NVstHEL2VnpZ09Phqselw81ZM5Wdv9ZxwRBoCYahPez3S3D2P2VXiWFGkbDsDJYkX3e444pEmwdePHCzI4vcmOZ2AueWFfgnX9mGqnqVDqINz4eLwH7geA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com; spf=pass smtp.mailfrom=paul-moore.com; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b=acZCaTJ9; arc=none smtp.client-ip=209.85.160.170 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b="acZCaTJ9" Received: by mail-qt1-f170.google.com with SMTP id d75a77b69052e-476977848c4so71640911cf.1 for ; Wed, 09 Apr 2025 11:53:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore.com; s=google; t=1744224818; x=1744829618; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=tpg8TLVIx5hZyl/UYe7udGyYnbaCZZ3wgmLEvSZScvA=; b=acZCaTJ9yNxf5ravNJ48c4d1ByncY4UhnFHx3h1mbYmmi5hHt/BUsMOw76hLLX+65F UrfPlZcBXrmSBVst8VIIGiog1YtusYIbu5zpgqQEMElLzNu7abXlVXWuIhy4iHDh3Wql zwsPC7pJOSyOJqjbqv7dYT2C/RFK09joN9qbk5i+S84MVDAuMSxWJk+7sy51zYViwd2R 9tAgPYxUQbqiurWO/foAQSuenAZAeo7Nu134B2Yv+WIOky+lkXKN2Roy5eyU4KYYvtC/ JBbezKD7sjw7WSgtf8OccEIOBDr8WDPz1EY5YRYRLQqhuLpdbJa6f3PHgdwDQpRsk806 PH/A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744224818; x=1744829618; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=tpg8TLVIx5hZyl/UYe7udGyYnbaCZZ3wgmLEvSZScvA=; b=u2/2hLkZdDxomBecVQZK4rU8IRfQ1v/kbu0K1QXohVJumxp6cXTDkb1H3p7PGYItyE ubctGeeSTUS/6f0bRMtqG1+kzA7TqXJsfW0tPxxEzJKeZaWUk7YN0ZCBNPkLsft9WqgD CdGZBxhj3TjQS+zJvS+EhkJ5AO3BrkpFiszFdK1klg2ieW+x6Hhpt98fr8bUnnpAHwVu svRgWtFxx16LXDeiXpxsHK70j72kV8dE9hWtdIcxm4vz0VfGKtErGAP73sE3B1TacIxV KseIRQx7IhhTCbbC9kMaAAyFkbF0ZGaT+rqx2FoV5iY7Z0QuWiQBG8L8e/ysJb+7Qsr2 vNVA== X-Gm-Message-State: AOJu0YwiPLHXpR4MEllpTgOeK3c+IEkIQoxh8cc/saRp5sVRwZaw1eI8 SMewXmTBeupADkPYPt0eejoY5fPHd0631Ld9Z9NujIgllDyu+tUrJXT9dMF9ZkHfPISLOtqinro = X-Gm-Gg: ASbGncvaVnxmb/l/zkwC1TRKB8S8O6B4kVfwUcnPnjhwZd9QNRg2V7NhCIvLXm7iqhZ 5n9hIHibE3ZDMEN3rf7Ead/CPSEWlb4QsHSs7vanjMsTn2AR4WytgmVXqO4bNqseWdfo2gnoBeD owQWXIeCY7krT6puz6mLJgvq2yPkCOVjne9LxMvViSX7zfUIRobq8MIoRVNBctJEZXU21InlGGK 6Q80ny5nNGqv58XADwJ3x8IW4ActUqyE6pWBqf0dB6Pi8uzHZqt2ESusuy4lBcvGRdARgLgIWdh AbFYHFFD3bVq3ofZDngPBWrWisupInNfWqc6OuerlAN991I4aQwpA4We52BM3FVzGga19xXTcQ4 +uwsDpVdCSw== X-Google-Smtp-Source: AGHT+IF+jktutGM7t2K+70yLjoc776B9uVK4nz254ga9W22nLte35+XJhIJhJpyDgwBbmzKgTLjp4A== X-Received: by 2002:a05:622a:13c8:b0:478:f00f:4440 with SMTP id d75a77b69052e-4795f34f0f5mr52136721cf.40.1744224818137; Wed, 09 Apr 2025 11:53:38 -0700 (PDT) Received: from localhost (pool-71-126-255-178.bstnma.fios.verizon.net. [71.126.255.178]) by smtp.gmail.com with UTF8SMTPSA id d75a77b69052e-47964eb988fsm10333751cf.60.2025.04.09.11.53.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Apr 2025 11:53:37 -0700 (PDT) From: Paul Moore To: linux-security-module@vger.kernel.org, linux-integrity@vger.kernel.org, selinux@vger.kernel.org Cc: John Johansen , Mimi Zohar , Roberto Sassu , Fan Wu , =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , =?utf-8?q?G=C3=BCnt?= =?utf-8?q?her_Noack?= , Kees Cook , Micah Morton , Casey Schaufler , Tetsuo Handa Subject: [RFC PATCH 09/29] lsm: cleanup and normalize the LSM enabled functions Date: Wed, 9 Apr 2025 14:49:54 -0400 Message-ID: <20250409185019.238841-40-paul@paul-moore.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20250409185019.238841-31-paul@paul-moore.com> References: <20250409185019.238841-31-paul@paul-moore.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=9182; i=paul@paul-moore.com; h=from:subject; bh=RHbnsK02hzjrS8frwf8Vo7FRCVXpRvvKMlPX+QXLt6M=; b=owEBbQKS/ZANAwAIAeog8tqXN4lzAcsmYgBn9sGfwTR1SK0PvWqEBfx60PrYjUF0cBqKxzDE+ PrI3Nb38tqJAjMEAAEIAB0WIQRLQqjPB/KZ1VSXfu/qIPLalzeJcwUCZ/bBnwAKCRDqIPLalzeJ c/KpD/4hO3JmUeVA6LFf3hLgioz+bafp/oGEWTCboLa61p4Fuoi4G9pPzhOlnPFUNJkd1cWP4lS w7VcFoKiePdVuCB2QAEy/5Vy+s3zEP8SD0ShNZTS+JaRSGeVU8dGuKqEDTbaXnixXxdETFKu33k 8oUZOomO0R4mXf6xMhAmER9hY7LHTQ7HvMhdA1b46TwN3kK0dWfJdgBIS+6/YF+yy41/yh8wpmt +iZTmSuXVh3kzjcQklbKPtMw8MmoxUHYh4KxhmSC8DGpbdW0j6Iy4DxaGMJQaQZ2IhM0D99EOKS tAiN3j0Hyd/0snBkAUXd0XWPlAPT0L9dxw4NE1xPiCtc0dhdWCVi9lZeaKVuAwssgl9u13qufXb oNwW5tVeU3/Wra+DEHKjIlxE+NspE3Vzqt3dGnr5nSMNTBMIFxpQRlenwJ0r4BxEFI2YPEDAfXX mOTcvx0Jz5S12+wPDzUD5mGbBAOkUI+VAQMNqnkUKZii2xQbhT59LgxjkcB24zlF5Lg+52LLJ2p gAAxUeDPZOO15lcDvX83GbIOoMnK428d87kNKrng/Gd7VdfS8VBDRepy317d13SQzSWC3nMOzJW lPZuKMg0qeB+UriRzBht5n3oU6l9K6Yq3/hxxSSNYiXN59P7Zz6nrOuf0bmmUrhgmzYf5oLEtqm 2i3UO8Baupu59gQ== X-Developer-Key: i=paul@paul-moore.com; a=openpgp; fpr=7100AADFAE6E6E940D2E0AD655E45A5AE8CA7C8A One part of a larger effort to cleanup the LSM framework initialization code. Signed-off-by: Paul Moore --- security/inode.c | 9 ++-- security/lsm_init.c | 110 ++++++++++++++++++++++++-------------------- 2 files changed, 63 insertions(+), 56 deletions(-) diff --git a/security/inode.c b/security/inode.c index 49bc3578bd23..f687e22e6809 100644 --- a/security/inode.c +++ b/security/inode.c @@ -351,18 +351,17 @@ static ssize_t lsm_read(struct file *filp, char __user *buf, size_t count, for (i = 0; i < lsm_count; i++) /* the '+ 1' accounts for either a comma or a NUL terminator */ - len += strlen(lsm_order[i]->id->name) + 1; + len += strlen(lsm_idlist[i]->name) + 1; str = kmalloc(len, GFP_KERNEL); if (!str) return -ENOMEM; str[0] = '\0'; - i = 0; - while (i < lsm_count) { - strcat(str, lsm_order[i]->id->name); - if (++i < lsm_count) + for (i = 0; i < lsm_count; i++) { + if (i > 0) strcat(str, ","); + strcat(str, lsm_idlist[i]->name); } rc = simple_read_from_buffer(buf, count, ppos, str, len); diff --git a/security/lsm_init.c b/security/lsm_init.c index 978bb81b58fa..7f2bc8c22ce9 100644 --- a/security/lsm_init.c +++ b/security/lsm_init.c @@ -10,6 +10,10 @@ #include "lsm.h" +/* LSM enabled constants. */ +int lsm_enabled_true = 1; +int lsm_enabled_false = 0; + /* Pointers to LSM sections defined in include/asm-generic/vmlinux.lds.h */ extern struct lsm_info __start_lsm_info[], __end_lsm_info[]; extern struct lsm_info __start_early_lsm_info[], __end_early_lsm_info[]; @@ -72,41 +76,42 @@ static int __init lsm_debug_enable(char *str) } __setup("lsm.debug", lsm_debug_enable); -/* Mark an LSM's enabled flag. */ -static int lsm_enabled_true __initdata = 1; -static int lsm_enabled_false __initdata = 0; -static void __init set_enabled(struct lsm_info *lsm, bool enabled) +/** + * lsm_enabled_set - Mark a LSM as enabled + * @lsm: LSM definition + * @enabled: enabled flag + */ +static void __init lsm_enabled_set(struct lsm_info *lsm, bool enabled) { /* * When an LSM hasn't configured an enable variable, we can use * a hard-coded location for storing the default enabled state. */ - if (!lsm->enabled) { - if (enabled) - lsm->enabled = &lsm_enabled_true; - else - lsm->enabled = &lsm_enabled_false; - } else if (lsm->enabled == &lsm_enabled_true) { - if (!enabled) - lsm->enabled = &lsm_enabled_false; - } else if (lsm->enabled == &lsm_enabled_false) { - if (enabled) - lsm->enabled = &lsm_enabled_true; + if (!lsm->enabled || + lsm->enabled == &lsm_enabled_true || + lsm->enabled == &lsm_enabled_false) { + lsm->enabled = enabled ? &lsm_enabled_true : &lsm_enabled_false; } else { *lsm->enabled = enabled; } } -static inline bool is_enabled(struct lsm_info *lsm) +/** + * lsm_is_enabled - Determine if a LSM is enabled + * @lsm: LSM definition + */ +static inline bool lsm_is_enabled(struct lsm_info *lsm) { if (!lsm->enabled) return false; - return *lsm->enabled; } -/* Is an LSM already listed in the ordered LSMs list? */ -static bool __init exists_ordered_lsm(struct lsm_info *lsm) +/** + * lsm_order_exists - Determine if a LSM exists in the ordered list + * @lsm: LSM definition + */ +static bool __init lsm_order_exists(struct lsm_info *lsm) { struct lsm_info **check; @@ -118,25 +123,29 @@ static bool __init exists_ordered_lsm(struct lsm_info *lsm) return false; } -/* Append an LSM to the list of ordered LSMs to initialize. */ -static int last_lsm __initdata; -static void __init append_ordered_lsm(struct lsm_info *lsm, const char *from) +/** + * lsm_order_append - Append a LSM to the ordered list + * @lsm: LSM definition + * @src: source of the addition + */ +static void __init lsm_order_append(struct lsm_info *lsm, const char *src) { /* Ignore duplicate selections. */ - if (exists_ordered_lsm(lsm)) + if (lsm_order_exists(lsm)) return; - if (WARN(last_lsm == MAX_LSM_COUNT, "%s: out of LSM static calls!?\n", from)) - return; + /* Skip explicitly disabled LSMs. */ + if (lsm->enabled && !lsm_is_enabled(lsm)) { + if (WARN(lsm_count == MAX_LSM_COUNT, + "%s: out of LSM static calls!?\n", src)) + return; + lsm_enabled_set(lsm, true); + lsm_order[lsm_count] = lsm; + lsm_idlist[lsm_count++] = lsm->id; + } - /* Enable this LSM, if it is not already set. */ - if (!lsm->enabled) - lsm->enabled = &lsm_enabled_true; - lsm_order[last_lsm] = lsm; - lsm_idlist[last_lsm++] = lsm->id; - - init_debug("%s ordered: %s (%s)\n", from, lsm->id->name, - is_enabled(lsm) ? "enabled" : "disabled"); + init_debug("%s ordered: %s (%s)\n", src, lsm->id->name, + lsm_is_enabled(lsm) ? "enabled" : "disabled"); } static void __init lsm_set_blob_size(int *need, int *lbs) @@ -159,17 +168,17 @@ static void __init lsm_prep_single(struct lsm_info *lsm) { struct lsm_blob_sizes *blobs; - if (!is_enabled(lsm)) { - set_enabled(lsm, false); + if (!lsm_is_enabled(lsm)) { + lsm_enabled_set(lsm, false); return; } else if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && lsm_exclusive) { init_debug("exclusive disabled: %s\n", lsm->id->name); - set_enabled(lsm, false); + lsm_enabled_set(lsm, false); return; } /* Mark the LSM as enabled. */ - set_enabled(lsm, true); + lsm_enabled_set(lsm, true); if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && !lsm_exclusive) { init_debug("exclusive chosen: %s\n", lsm->id->name); lsm_exclusive = lsm; @@ -200,7 +209,7 @@ static void __init lsm_prep_single(struct lsm_info *lsm) /* Initialize a given LSM, if it is enabled. */ static void __init initialize_lsm(struct lsm_info *lsm) { - if (is_enabled(lsm)) { + if (lsm_is_enabled(lsm)) { int ret; init_debug("initializing %s\n", lsm->id->name); @@ -218,7 +227,7 @@ static void __init ordered_lsm_parse(const char *order, const char *origin) /* LSM_ORDER_FIRST is always first. */ for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { if (lsm->order == LSM_ORDER_FIRST) - append_ordered_lsm(lsm, " first"); + lsm_order_append(lsm, " first"); } /* Process "security=", if given. */ @@ -235,7 +244,7 @@ static void __init ordered_lsm_parse(const char *order, const char *origin) major++) { if ((major->flags & LSM_FLAG_LEGACY_MAJOR) && strcmp(major->id->name, lsm_order_legacy) != 0) { - set_enabled(major, false); + lsm_enabled_set(major, false); init_debug("security=%s disabled: %s (only one legacy major LSM)\n", lsm_order_legacy, major->id->name); } @@ -251,7 +260,7 @@ static void __init ordered_lsm_parse(const char *order, const char *origin) for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { if (strcmp(lsm->id->name, name) == 0) { if (lsm->order == LSM_ORDER_MUTABLE) - append_ordered_lsm(lsm, origin); + lsm_order_append(lsm, origin); found = true; } } @@ -264,24 +273,24 @@ static void __init ordered_lsm_parse(const char *order, const char *origin) /* Process "security=", if given. */ if (lsm_order_legacy) { for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { - if (exists_ordered_lsm(lsm)) + if (lsm_order_exists(lsm)) continue; if (strcmp(lsm->id->name, lsm_order_legacy) == 0) - append_ordered_lsm(lsm, "security="); + lsm_order_append(lsm, "security="); } } /* LSM_ORDER_LAST is always last. */ for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { if (lsm->order == LSM_ORDER_LAST) - append_ordered_lsm(lsm, " last"); + lsm_order_append(lsm, " last"); } /* Disable all LSMs not in the ordered list. */ for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { - if (exists_ordered_lsm(lsm)) + if (lsm_order_exists(lsm)) continue; - set_enabled(lsm, false); + lsm_enabled_set(lsm, false); init_debug("%s skipped: %s (not in requested order)\n", origin, lsm->id->name); } @@ -313,13 +322,13 @@ static void __init lsm_init_ordered(void) pr_info("initializing lsm="); lsm_early_for_each_raw(early) { - if (is_enabled(early)) + if (lsm_is_enabled(early)) pr_cont("%s%s", early == __start_early_lsm_info ? "" : ",", early->id->name); } lsm_order_for_each(lsm) { - if (is_enabled(*lsm)) + if (lsm_is_enabled(*lsm)) pr_cont("%s%s", lsm == lsm_order ? "" : ",", (*lsm)->id->name); } @@ -404,8 +413,7 @@ int __init early_security_init(void) struct lsm_info *lsm; lsm_early_for_each_raw(lsm) { - if (!lsm->enabled) - lsm->enabled = &lsm_enabled_true; + lsm_enabled_set(lsm, true); lsm_prep_single(lsm); initialize_lsm(lsm); } @@ -432,7 +440,7 @@ int __init security_init(void) */ lsm_early_for_each_raw(lsm) { init_debug(" early started: %s (%s)\n", lsm->id->name, - is_enabled(lsm) ? "enabled" : "disabled"); + lsm_is_enabled(lsm) ? "enabled" : "disabled"); } /* Load LSMs in specified order. */ From patchwork Wed Apr 9 18:49:55 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul Moore X-Patchwork-Id: 14045251 Received: from mail-qv1-f53.google.com (mail-qv1-f53.google.com [209.85.219.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5338027BF78 for ; Wed, 9 Apr 2025 18:53:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.53 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744224822; cv=none; b=m58Abae1eYCbg+1K05hZsu3FpxhodDZBmEQdNXJqjilReXpGAiMyu7fPd62oEtjz/36+HvFoSnuZGrFlw30Dx8FKihdEdMvA5MjhhyI9iK53sIH7DRto39RnmCJnRZudhjsFWQe95vR/F4aJgX+0NuTuWsBv82NWzlx06Ms02AY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744224822; c=relaxed/simple; bh=fcwkPm6l4+RHA9bcjsLXtGXDqmHsJQ/TI+/6NbM7lsU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=tNBCijRu+xpY/7uaalOQ1I9KfWIbT41TO6wQiJmmAR4hdVGiNnZhTukrAzNVijD5MZXGv5z4JEqtYpZBos0Pt9iPhPsSVwYsMoEfJjh9yhDO9+TtHutdZV+0Tye27tfFmZJtdWxC1MFa6Ez4Un/FNLBbrWmseGKS9IXN/r6bu4s= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com; spf=pass smtp.mailfrom=paul-moore.com; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b=ZV6xoXJI; arc=none smtp.client-ip=209.85.219.53 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b="ZV6xoXJI" Received: by mail-qv1-f53.google.com with SMTP id 6a1803df08f44-6e8f254b875so68918596d6.1 for ; Wed, 09 Apr 2025 11:53:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore.com; s=google; t=1744224819; x=1744829619; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=MxPKniuzPeJsq2MGKkGone5ImmkHqpzxLLYbUnfQegY=; b=ZV6xoXJIqlc85r5WPe65ZPVxZAOW4cAOdlRS4yHE+wVOXOi/UOL0ZlWf9OU8BuMSZM zVtwMYBxQjwgI8CsuoTCBOhQBiusk1vFW8R3wWlTdZ0hdEDc5oNWw1zwHBlVITaFF+Ob lQVN1oY3Hc/YaYMQ43cigQUGESt8QNHWbAGImrT69p+gzTzRcYF8HF1+BvW7uWdGsH0G QEGRzyH37olkh+r3eEH9ntncCsVkEcoD/sDKFzaFSmc321aLY+IdtQeJmDSMe8a1VEJ/ n60UXmM9Z4y+vEbP8rpVaeuStQImjZleV5Ih2EgHJJ/2cfAt64jQ2B/tQXdN68vOcl9S EqWw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744224819; x=1744829619; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=MxPKniuzPeJsq2MGKkGone5ImmkHqpzxLLYbUnfQegY=; b=XkneobJMi6RaIy593DSH6snluK3ScQkLUk0qDxesahXTOSgd0Jbo1eHel8fYGTFBwM HGYlmonR0SKEH/kBYV1t3aUU2A9Gd1fu+him9IYOrbjaOH5W6ZtMVBTLzYhoLZekP1Hx QblBr9SH+OTpyVIwRbtQXQoguBNnb1BN1X1dZgkAuqAwc4BfwpYL4afMFZqEPZUc/7y4 V+gU3GFPg1tMW6ad8Fn/iqEle61xjiNpCo518xd/No88vRvl7LdSLTdaHeCjt6w6Cv0h 8wKmVyZxvH9AsvOwA2eAr8NKwO1S8MpaW94EjJGCSJxr4SH2vPaoTSEw49z3etGBBtz6 WR4A== X-Gm-Message-State: AOJu0YxLZNmJ/jxepV3Wq0Ty6DufmkKCgJt7KPwy2dz3hxAd8YxCrfyU Xas2X835TBCGrBMiwA8rJbjxbaN1rgGFG8G0U+u3CmdiFeoTxqi1RzPih3mSM0fnvMzc64kbZnw = X-Gm-Gg: ASbGnculE0A95Q6BkyrLxmzrkwClgUo4udKd/DqdTKP+bym79EZcBKFZRGc2RFaxp17 xf6srGwiNryVN03wD1iTxZmyM8HWUuq4GYSEYEVum1nQxdpTaGuaRWEycGIDa8xeQmb5ccD/Tpc 80vGYC9wfFMRQARrS4ajR44vXLF9Vn+jjGtVpqR6yKH03C/XJ/1xIz+pZYTrZMqKm6j6s4N08IB QIeds4ot0Ohwoa/FRhnP3X1e4u0rTarSgQ0DPs6+O3ERkgpc946O/8dOdRkEJxpNXYFowrW45V5 EbU3lVwIvMvor1glmcqopsZ8TuLJnWpSOsRH8PDyko1V3dgaEZPQdxVe7/SfDmQ7ILc0GsSsTIb +4tySx7tWTg== X-Google-Smtp-Source: AGHT+IFIR3NCeybYkanzOUbrcon5hthEoKzgmw9eaRlfGizZ1TDGKtjpdGzHi+gzX0HsB4fZD6CADw== X-Received: by 2002:a05:6214:2468:b0:6d8:9ead:c665 with SMTP id 6a1803df08f44-6f0e5c12010mr394756d6.27.1744224819219; Wed, 09 Apr 2025 11:53:39 -0700 (PDT) Received: from localhost (pool-71-126-255-178.bstnma.fios.verizon.net. [71.126.255.178]) by smtp.gmail.com with UTF8SMTPSA id 6a1803df08f44-6f0de970befsm10638566d6.27.2025.04.09.11.53.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Apr 2025 11:53:38 -0700 (PDT) From: Paul Moore To: linux-security-module@vger.kernel.org, linux-integrity@vger.kernel.org, selinux@vger.kernel.org Cc: John Johansen , Mimi Zohar , Roberto Sassu , Fan Wu , =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , =?utf-8?q?G=C3=BCnt?= =?utf-8?q?her_Noack?= , Kees Cook , Micah Morton , Casey Schaufler , Tetsuo Handa Subject: [RFC PATCH 10/29] lsm: cleanup the LSM blob size code Date: Wed, 9 Apr 2025 14:49:55 -0400 Message-ID: <20250409185019.238841-41-paul@paul-moore.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20250409185019.238841-31-paul@paul-moore.com> References: <20250409185019.238841-31-paul@paul-moore.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=4763; i=paul@paul-moore.com; h=from:subject; bh=fcwkPm6l4+RHA9bcjsLXtGXDqmHsJQ/TI+/6NbM7lsU=; b=owEBbQKS/ZANAwAIAeog8tqXN4lzAcsmYgBn9sGm5ehreHkrFdt3cc2O4D3ChMptSPmhQWe9j a8tVG3+3ryJAjMEAAEIAB0WIQRLQqjPB/KZ1VSXfu/qIPLalzeJcwUCZ/bBpgAKCRDqIPLalzeJ cyEXEACh3QYKJTL8c02bX1SpOHevSxfKVTorFYqxJSHLoIUVdt/y0KPitqt0qztltUDWoDaOxOj UArQ/ZMFDt7yZ8+dFTRlxXADs4vSeixDGkVU0/C8mIme02378Gb7h31Szlk4mK1PYg7ytgRDZG4 cIv2tMKqZ8yvTsi1rt/rR61LxQH+ZjnEvV6HW1YPucvwmZ6tCRo8yNGoczTD6HF0KgPcWscIiuz UKDh7GwnQ3/rZhsN/hoOF3HRqynx22VDLqFy6MPledKNULUdk5kEUfh1ajgCkt155P/wAEyYwZ2 gYVV75DTdfqGiSFYutUI7eHlLDTlllM3/Q5KOUrv2sot195sewIvjlf+JSLzWICOJNm3CDZFFc7 N2pEXK2j78XZmRaHEG34KbEbYOGJsr5ttsKyt4eRRej9z/goqJ9jPD8vBHLFPyhi0UKA+y038IY TKMML/2aYqt9j4lkc9ubHeX+T6yrva5/Y4/3JiuJTxCznm1Ydg4y2maPXrzCXNrKCNUOsUpmtR6 Uf7rUCr5pUWnsPrwd1TQ3/ajgqRk53vGif39n5vaW+idhEPN6Uq3QZB3VgMeVMYerokC062F7KU tNz8Ybtm5GQ5TtmlY2Nq75J5yb++fTK5A3wwR2+IDOEzMWaermy34YuUc7GO+hsqhCILUYhjVBx BB5fKjiQf2IAilg== X-Developer-Key: i=paul@paul-moore.com; a=openpgp; fpr=7100AADFAE6E6E940D2E0AD655E45A5AE8CA7C8A Convert the lsm_blob_size fields to unsigned integers as there is no current need for them to be negative, change "lsm_set_blob_size()" to "lsm_blob_size_update()" to better reflect reality, and perform some other minor cleanups to the associated code. Signed-off-by: Paul Moore Reviewed-by: Kees Cook Reviewed-by: John Johansen --- include/linux/lsm_hooks.h | 28 +++++++++++----------- security/lsm_init.c | 50 +++++++++++++++++++++++---------------- 2 files changed, 43 insertions(+), 35 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index bc477fb20d02..a7ecb0791a0f 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -102,20 +102,20 @@ struct security_hook_list { * Security blob size or offset data. */ struct lsm_blob_sizes { - int lbs_cred; - int lbs_file; - int lbs_ib; - int lbs_inode; - int lbs_sock; - int lbs_superblock; - int lbs_ipc; - int lbs_key; - int lbs_msg_msg; - int lbs_perf_event; - int lbs_task; - int lbs_xattr_count; /* number of xattr slots in new_xattrs array */ - int lbs_tun_dev; - int lbs_bdev; + unsigned int lbs_cred; + unsigned int lbs_file; + unsigned int lbs_ib; + unsigned int lbs_inode; + unsigned int lbs_sock; + unsigned int lbs_superblock; + unsigned int lbs_ipc; + unsigned int lbs_key; + unsigned int lbs_msg_msg; + unsigned int lbs_perf_event; + unsigned int lbs_task; + unsigned int lbs_xattr_count; /* num xattr slots in new_xattrs array */ + unsigned int lbs_tun_dev; + unsigned int lbs_bdev; }; /* diff --git a/security/lsm_init.c b/security/lsm_init.c index 7f2bc8c22ce9..9bb4b4fc9888 100644 --- a/security/lsm_init.c +++ b/security/lsm_init.c @@ -148,16 +148,22 @@ static void __init lsm_order_append(struct lsm_info *lsm, const char *src) lsm_is_enabled(lsm) ? "enabled" : "disabled"); } -static void __init lsm_set_blob_size(int *need, int *lbs) +/** + * lsm_blob_size_update - Update the LSM blob size and offset information + * @sz_req: the requested additional blob size + * @sz_cur: the existing blob size + */ +static void __init lsm_blob_size_update(unsigned int *sz_req, + unsigned int *sz_cur) { - int offset; + unsigned int offset; - if (*need <= 0) + if (*sz_req == 0) return; - offset = ALIGN(*lbs, sizeof(void *)); - *lbs = offset + *need; - *need = offset; + offset = ALIGN(*sz_cur, sizeof(void *)); + *sz_cur = offset + *sz_req; + *sz_req = offset; } /** @@ -186,24 +192,26 @@ static void __init lsm_prep_single(struct lsm_info *lsm) /* Register the LSM blob sizes. */ blobs = lsm->blobs; - lsm_set_blob_size(&blobs->lbs_cred, &blob_sizes.lbs_cred); - lsm_set_blob_size(&blobs->lbs_file, &blob_sizes.lbs_file); - lsm_set_blob_size(&blobs->lbs_ib, &blob_sizes.lbs_ib); + lsm_blob_size_update(&blobs->lbs_cred, &blob_sizes.lbs_cred); + lsm_blob_size_update(&blobs->lbs_file, &blob_sizes.lbs_file); + lsm_blob_size_update(&blobs->lbs_ib, &blob_sizes.lbs_ib); /* inode blob gets an rcu_head in addition to LSM blobs. */ if (blobs->lbs_inode && blob_sizes.lbs_inode == 0) blob_sizes.lbs_inode = sizeof(struct rcu_head); - lsm_set_blob_size(&blobs->lbs_inode, &blob_sizes.lbs_inode); - lsm_set_blob_size(&blobs->lbs_ipc, &blob_sizes.lbs_ipc); - lsm_set_blob_size(&blobs->lbs_key, &blob_sizes.lbs_key); - lsm_set_blob_size(&blobs->lbs_msg_msg, &blob_sizes.lbs_msg_msg); - lsm_set_blob_size(&blobs->lbs_perf_event, &blob_sizes.lbs_perf_event); - lsm_set_blob_size(&blobs->lbs_sock, &blob_sizes.lbs_sock); - lsm_set_blob_size(&blobs->lbs_superblock, &blob_sizes.lbs_superblock); - lsm_set_blob_size(&blobs->lbs_task, &blob_sizes.lbs_task); - lsm_set_blob_size(&blobs->lbs_tun_dev, &blob_sizes.lbs_tun_dev); - lsm_set_blob_size(&blobs->lbs_xattr_count, - &blob_sizes.lbs_xattr_count); - lsm_set_blob_size(&blobs->lbs_bdev, &blob_sizes.lbs_bdev); + lsm_blob_size_update(&blobs->lbs_inode, &blob_sizes.lbs_inode); + lsm_blob_size_update(&blobs->lbs_ipc, &blob_sizes.lbs_ipc); + lsm_blob_size_update(&blobs->lbs_key, &blob_sizes.lbs_key); + lsm_blob_size_update(&blobs->lbs_msg_msg, &blob_sizes.lbs_msg_msg); + lsm_blob_size_update(&blobs->lbs_perf_event, + &blob_sizes.lbs_perf_event); + lsm_blob_size_update(&blobs->lbs_sock, &blob_sizes.lbs_sock); + lsm_blob_size_update(&blobs->lbs_superblock, + &blob_sizes.lbs_superblock); + lsm_blob_size_update(&blobs->lbs_task, &blob_sizes.lbs_task); + lsm_blob_size_update(&blobs->lbs_tun_dev, &blob_sizes.lbs_tun_dev); + lsm_blob_size_update(&blobs->lbs_xattr_count, + &blob_sizes.lbs_xattr_count); + lsm_blob_size_update(&blobs->lbs_bdev, &blob_sizes.lbs_bdev); } /* Initialize a given LSM, if it is enabled. */ From patchwork Wed Apr 9 18:49:56 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul Moore X-Patchwork-Id: 14045252 Received: from mail-qt1-f174.google.com (mail-qt1-f174.google.com [209.85.160.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3CFEA27C154 for ; Wed, 9 Apr 2025 18:53:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.160.174 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744224823; cv=none; b=cNJ3f7mWFhuOJOyVR8wgkn+i2BAyanbi0cM0FN+PnrL+LR55a53et2D4Hm2qg/0hlQMZtfShf6BoLl/SB9iM5jRfhuNoVQLq6UaZT0ZlZNW21y8G6/U0h5mBg3g6TFQ094Of06IApWe2KjBCr7fSU+RYMGw3WpOU3AbSlFHs4Kw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744224823; c=relaxed/simple; bh=578od+KOKp0Zt5/G5juxhdeXYFulKkNW5mxLTRLFSTE=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=gymwx+vOU9sXuJWAk3goryKrkik//CpFzpn9ib666IrZkd0m1uV11lH3P4UMvNUjBZ7nXlD02Nxk1AqULJPeKKf1N8M8wikqDWKhXtY8Sz+NQXk9uGaYi9+dHRtwgh6RWpEQsR3ItcBvDn2OxDIXnlKBcclVFDUelF9NCW/GCSk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com; spf=pass smtp.mailfrom=paul-moore.com; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b=N7tekTIm; arc=none smtp.client-ip=209.85.160.174 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b="N7tekTIm" Received: by mail-qt1-f174.google.com with SMTP id d75a77b69052e-4775ccf3e56so12199361cf.0 for ; Wed, 09 Apr 2025 11:53:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore.com; s=google; t=1744224820; x=1744829620; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=fM+bz3BaSY4cr5+X5vDEIDHe3dga52xK7vJorYPABfU=; b=N7tekTIm/VpWkeqBUSW2G5hY2qUH7PpvqZ6DPRLxqJrbD+HJZ+GAh1QUEdl/ozZwB5 oY9OvYASHq9VQS0DpWok3OQLvNA+uKavJSB8mmuRlZU/uik4l5BPk2mWGGQuvGPOOtFH aRvU0wbufVjm3ccu2YLSCvRoiE/+HGxmE8RwUya1buTh766UI0TM/0FkX+YBkLGuXKIW 8nvjrvq/bRq8aYacU/QBvIuLSHRI+Uz4eApZonyotbs90/PdgjD0b3XuBjF+VkShu941 fA7aokSmGN0A9vY8yOtFU2WC5UYhpmZpAk05ypUYvG+JUT+eJ9+QIpxIfrtBp7TrE+Lr cZDg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744224820; x=1744829620; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=fM+bz3BaSY4cr5+X5vDEIDHe3dga52xK7vJorYPABfU=; b=SlAkWKNDa2xuBG7KFUuSmCG9IU5ZE9Kn/ZBqZelolp2fdsP0SDRedX+wqQEh+MeUQ0 r4AwkV0AOWJU85tDrHkMJJcelTjeFHo6EBx5PJoiSpwA6/P0hJeMae0Z/F7npwTiCnCp nGreRH8dHhuuWZMSOpGg0iOrYZOAUA0368++1na/6izlxGEjylxkkcMib1Kj39ViNtZU XfXtmB3d3aarM8B1HRsYdW0v7oLP0QNbujA6aBO+jh6qAEzzvfcS1FyzLr8EmLJsgClG qHx28fP7ymy6yHxqzWbQE58wp5yB/uzp9a+OpKYWXfHgJXBrQud+7mZhc3BKMEArtEmQ e3bw== X-Gm-Message-State: AOJu0YztyAU17rdXkLN1CyN322LikAYpKc3L2FW2TLpL8o3MItQyANLc lM0Jgs6iCGPJBpliDpYKqgpvNS90SqgneFjI/Rl8n0uQnS5OWxBK8N0Z5RnVLvtEIdy/bKqyiPs = X-Gm-Gg: ASbGncvvN2APZ6EWDTXHukApnU+K5hmAZb0pISXFfTaMcH4fnsu9Ms8Mvjf0TD0UBw9 qZdz2CjpdcLh0gibw0H0bjMCWB3Wi5rPYtYn2RdYk2Ux7cA3KnmT9F6zXT6xlgVGplOAm60bHPm HHEYMqqOfpoo2Il5aBM5m1X7qeenyoX6loBiGmAbNuoPswVWEHjs6jvHRC/3q0+BpMEIJJKNtWR /DRPpwxrS9ujDiQU6ysx1UKXX49uxSpYAf8wwGUENU4MULpF0hjNu2T5feTOG26/BWVUG11V6Pu c7gvQNA1hGCseAMEgPkln55zBqQC+hT0loOte+cfpJVkpJIm1MeJavcTxmDFVJiahs7lMbnhDee YRDGwxn4I3w== X-Google-Smtp-Source: AGHT+IE/UP+Tgrhv8CukewwDsH4njav3pf0K/xuBK7KpANvlk9kvTIrqyL/7jPJ/3dgc4O2SlpA4Bg== X-Received: by 2002:ac8:5841:0:b0:471:fc73:b656 with SMTP id d75a77b69052e-4796b95122dmr10953001cf.12.1744224820071; Wed, 09 Apr 2025 11:53:40 -0700 (PDT) Received: from localhost (pool-71-126-255-178.bstnma.fios.verizon.net. [71.126.255.178]) by smtp.gmail.com with UTF8SMTPSA id d75a77b69052e-47964ef607fsm10303201cf.75.2025.04.09.11.53.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Apr 2025 11:53:39 -0700 (PDT) From: Paul Moore To: linux-security-module@vger.kernel.org, linux-integrity@vger.kernel.org, selinux@vger.kernel.org Cc: John Johansen , Mimi Zohar , Roberto Sassu , Fan Wu , =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , =?utf-8?q?G=C3=BCnt?= =?utf-8?q?her_Noack?= , Kees Cook , Micah Morton , Casey Schaufler , Tetsuo Handa Subject: [RFC PATCH 11/29] lsm: cleanup initialize_lsm() and rename to lsm_init_single() Date: Wed, 9 Apr 2025 14:49:56 -0400 Message-ID: <20250409185019.238841-42-paul@paul-moore.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20250409185019.238841-31-paul@paul-moore.com> References: <20250409185019.238841-31-paul@paul-moore.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1717; i=paul@paul-moore.com; h=from:subject; bh=578od+KOKp0Zt5/G5juxhdeXYFulKkNW5mxLTRLFSTE=; b=owEBbQKS/ZANAwAIAeog8tqXN4lzAcsmYgBn9sGs6dlM6SxnBucmXuaDFaCMCCh8i2n8VNoWz hFMonzWXF2JAjMEAAEIAB0WIQRLQqjPB/KZ1VSXfu/qIPLalzeJcwUCZ/bBrAAKCRDqIPLalzeJ c/5wD/sEmeiG2IGjN6YHPlgEIeL7I2ozz5bYdjZvFV8W0QPGA7e6OK1nRE3/kTYeQEZh5y90zIp qPSBV7+sa8V8hFyCgfgOF4viD6qKVdT1dZAV8WPYFyPSBHT6wsplyk+r+y72tyJE3moVJWj1hP4 0/SszWMhwYuedWR7/50VGMMiUMpG7B0ZXhARQV4+j10a3dcluMccLUiltXYu20QoKjhjHhReD/C w9ClkTa7e7DZUUBzwYK4wU8hfwpQa7E2ERPgkvYI6HttbSBA3mdAgG8zRISn7kktxdkuSwVUQUr g1wcJFNgyXQXHRAbFovnvMyhFCg0R3k6/VffjSTrclZLATFZd4dfjkdHEi5S/1bwbgx4TcREhcp HP0j1Golz13++5m7zTjtxRSCYqnZ7z6PsfVM4+VKGk7p1sUkjIeWRv7oAJmEIv3aLYi7/FIiJcD CnwHFmEC6mQxVOzGqepqGARFT7W35I9JHiWtahZ3kDjt8/ZBzrnp7qBYNo/WaV6W4lJW3DGS5zr z2QWWn0GlJJXUJ319zzDbMoMzRzPA0TvwVYPzVKtrCB95NoARwm4aKI/xdxZZi/lxWAzRs+pdfq tdveGfZTSgThrpBEyNsimTnKg383hT7t2cBWBca4WUp6hSS09bX6wFy1wyYEBMaRI+l4DTRAlPQ XR4vGI2bKza/IIw== X-Developer-Key: i=paul@paul-moore.com; a=openpgp; fpr=7100AADFAE6E6E940D2E0AD655E45A5AE8CA7C8A One part of a larger effort to cleanup the LSM framework initialization code. Signed-off-by: Paul Moore Reviewed-by: Kees Cook Reviewed-by: John Johansen --- security/lsm_init.c | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/security/lsm_init.c b/security/lsm_init.c index 9bb4b4fc9888..163fc2a1a952 100644 --- a/security/lsm_init.c +++ b/security/lsm_init.c @@ -214,16 +214,20 @@ static void __init lsm_prep_single(struct lsm_info *lsm) lsm_blob_size_update(&blobs->lbs_bdev, &blob_sizes.lbs_bdev); } -/* Initialize a given LSM, if it is enabled. */ -static void __init initialize_lsm(struct lsm_info *lsm) +/** + * lsm_init_single - Initialize a given LSM + * @lsm: LSM definition + */ +static void __init lsm_init_single(struct lsm_info *lsm) { - if (lsm_is_enabled(lsm)) { - int ret; + int ret; - init_debug("initializing %s\n", lsm->id->name); - ret = lsm->init(); - WARN(ret, "%s failed to initialize: %d\n", lsm->id->name, ret); - } + if (!lsm_is_enabled(lsm)) + return; + + init_debug("initializing %s\n", lsm->id->name); + ret = lsm->init(); + WARN(ret, "%s failed to initialize: %d\n", lsm->id->name, ret); } /* Populate ordered LSMs list from comma-separated LSM name list. */ @@ -374,7 +378,7 @@ static void __init lsm_init_ordered(void) panic("%s: early task alloc failed.\n", __func__); lsm_order_for_each(lsm) { - initialize_lsm(*lsm); + lsm_init_single(*lsm); } } @@ -423,7 +427,7 @@ int __init early_security_init(void) lsm_early_for_each_raw(lsm) { lsm_enabled_set(lsm, true); lsm_prep_single(lsm); - initialize_lsm(lsm); + lsm_init_single(lsm); } return 0; From patchwork Wed Apr 9 18:49:57 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul Moore X-Patchwork-Id: 14045254 Received: from mail-qt1-f173.google.com (mail-qt1-f173.google.com [209.85.160.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2869527C15D for ; Wed, 9 Apr 2025 18:53:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.160.173 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744224825; cv=none; b=BqUksEyoToBJp3g3L7sUoCurPpk7o15nuXFCNW1t0bnYUaSJfmZIEROk6nMb6ff0MPSS1bLPSJAWXzTyTeQBIIBz24N4rmUTbh+KWl++q0DLpjpEMW9aDSItg+vVUzC/l/AQXO7vYxvuXPkZA5pTp1DgRLGj6n64kulI16MM1oo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744224825; c=relaxed/simple; bh=GDQ3patH56A9RhEqZVZHzhNee3+KKTm6tdMzSkvZ8pU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=h+Fuoyl82zzvrWDjAalHopRRr497KZVGxK8JC6McTpF7ojmAaG+Kz/htVMH6SlOniWqCukv/eWFAuzZt9UwWo25Je0PObLlvC/RUDwQxEqOOIoewIH1gUzOjNWaaFEhoXeOTAgBMKfC1D2VcNAeF1A4yC5RQ9moi6v84VUCsh3k= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com; spf=pass smtp.mailfrom=paul-moore.com; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b=LWzYAFzL; arc=none smtp.client-ip=209.85.160.173 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b="LWzYAFzL" Received: by mail-qt1-f173.google.com with SMTP id d75a77b69052e-4768f90bf36so65139701cf.0 for ; Wed, 09 Apr 2025 11:53:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore.com; s=google; t=1744224821; x=1744829621; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=CFj14GGZWVRk3rTnUcPsbyI6H25LTwJVhFQZJQhFWBE=; b=LWzYAFzLkGAskcs/xGOpRoBKqoWW6s9IeQsQH0C52om/Rkjndsju9+0kitna2Zdx4E MkKDyrfUmNtoVcEAEv4Ntwtf1I41MqRIpG+vCBiC0TRr18DZAb5gtyfrROlIai7h7HbP Fd1xGcD+Z+9jVhGHAZJ5zWCyHn9knTEQrkkob+AA6XMszcAmfFKXiyGaPdK2PhD2w/co novPOMBYVxslBu3YgivqmvWIoRYeFNUTcwJZNj40iicRkEjzXILxOp+IoMcu4qhxUij4 jUZmyP9aBCTJ9ZWzG9S8evcO7yTbIHEPapkyIpgSVgKNou1iBciSVAfv6JMdFEURDB6y iHRg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744224821; x=1744829621; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=CFj14GGZWVRk3rTnUcPsbyI6H25LTwJVhFQZJQhFWBE=; b=bvcccnmWOVjI4IxsEYYQEHugF7ItlSt31DRWK6O3l1OQL52pYFrarh82rKq+TGDVQm au8Zq/i4PNb6iv3U4x0WcchHQxCbsyBspFUTg5YNda/AfyaY8zQ8QjgJKU2Wi8gS2til DyB7yWnBivHeaWf6le7JEid7eGNnICAzqmgl18ipeTQXS60UmX+MYCTBosG9hChStkQN oi/peIy9UAnwYaAL9BD3PwCBbO9EaZarZApFU/FH+A7jFUdaU1njiYyR1iObdkSkE1Cv SzCo0f5Dq3Y2AlBolq/6JPZ3brUueaZ3myn6zq2B8bdgQxtG6FY3sVemT0myju0Qkjv2 US6Q== X-Gm-Message-State: AOJu0YwYZmMsiW0SWHBVqFV4cT4WATDDvGBhmjZHBv8LaUu1JRrKa5h5 iak0FlqacJU5hDvRkmuaZhuLNFcQQFPeLwxtMhdOU2CT9zVYr+hEGZrd8enQoivBnYfpke36DrA = X-Gm-Gg: ASbGncs3jHab/r9/y3NPLXt5So9sqc6tWybR4TzNZKfbUGnw6IuqArwirjgWReu8/rf SR8gZIfiwIptyxYyq0y/E0GYVleTN4Eh17y2X/oTQFDSJhPlXHKL9G4amXYVBYaCzhgdiuw7eeP 6Asljet4AekFkaDONILkJU9pZLpyIUSjBOsvdznqfhRTdCUiem8UO7HpAQeXN3glp5BlQduz0ut fmm2PMOCyXk/FfkRE9VcCP2iM8CPfpgFup2IkoOKr9TcQwlzIdQGvALuX1sX41bpzPZlsDbLzkp Ox6fzzbLOCjiCIbOHU6VZjopLOM36GCFqRAHpzpJCR6DeH9oDlfjGOGu4mJnL2Xzonfaw6qh9kv k2b7W3K1D8g== X-Google-Smtp-Source: AGHT+IFTzmyMQ9p2FmWUI2/O9PnrefJmwWU5semsY5oW9WRr16w43wZAgR7DXh6QX1NkvvkaNrCueA== X-Received: by 2002:ac8:5ac3:0:b0:477:c04:b512 with SMTP id d75a77b69052e-479600a349amr57411931cf.16.1744224820929; Wed, 09 Apr 2025 11:53:40 -0700 (PDT) Received: from localhost (pool-71-126-255-178.bstnma.fios.verizon.net. [71.126.255.178]) by smtp.gmail.com with UTF8SMTPSA id d75a77b69052e-47964d75b56sm10482841cf.13.2025.04.09.11.53.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Apr 2025 11:53:40 -0700 (PDT) From: Paul Moore To: linux-security-module@vger.kernel.org, linux-integrity@vger.kernel.org, selinux@vger.kernel.org Cc: John Johansen , Mimi Zohar , Roberto Sassu , Fan Wu , =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , =?utf-8?q?G=C3=BCnt?= =?utf-8?q?her_Noack?= , Kees Cook , Micah Morton , Casey Schaufler , Tetsuo Handa Subject: [RFC PATCH 12/29] lsm: cleanup the LSM ordered parsing Date: Wed, 9 Apr 2025 14:49:57 -0400 Message-ID: <20250409185019.238841-43-paul@paul-moore.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20250409185019.238841-31-paul@paul-moore.com> References: <20250409185019.238841-31-paul@paul-moore.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=8760; i=paul@paul-moore.com; h=from:subject; bh=GDQ3patH56A9RhEqZVZHzhNee3+KKTm6tdMzSkvZ8pU=; b=owEBbQKS/ZANAwAIAeog8tqXN4lzAcsmYgBn9sGy1rkxQ1IaeMg1pBvKosIqlnhN4dRB3tMT1 YqrF1VOc/mJAjMEAAEIAB0WIQRLQqjPB/KZ1VSXfu/qIPLalzeJcwUCZ/bBsgAKCRDqIPLalzeJ c/RrD/4rF3KhJOE3kPV3qGx8NmJ2zM6FW+cGBEsRoEtkCh0yx+xwvZbrZ71LpmCsG7oDpGNasf9 VFOPo+Z4LLV9/hgy4AJrk7QWBn37UutngKA8XVgxDwFc3H376mJA66kcQnI01ushxfqTmIf7MJc gCRBJYBiEIlJXdCRhbVLcRBRckB2hqvKxagfZ0RrPRU1rDIJHNJQqwbsOfBBHhrBmRQca2VDrE2 BZFkAGD1jxucc1C+9tyxdsnnE2UmMxejUTJMXUdwilaz+DYWEseGdzU6mFpAm6UX3u0urHbXN14 FYs/yj2Kz5eGhDPDKkKzBuLFsmqmkwJt3MBMai2UPd4Jga8CM4ZuHVbcvUfjETtt1/D3vebZIwk QpzMTKJmx2BESXm2qnpTkbSs+Us1zfsVVTbCmXjfhpAg551r4r8cA8XQ3L6RdXVsNLc8F9rAgC5 VPmS6un4mi7+Tt9lSs57N3APnLOCDgTA2GgOQOSA0V8oKm55yNDAHTR0eQV+sOTEdAuGQhC6eT5 ADAnwDD4Hj1gGOU8037A42Oj38s7K0dlyA/xXYYJkT2vSVgrCA0/zuCnr1c/aVPSYSsAMu4Bx5z m7SKw++Idy7sHd79LHWbfiCEobYNm96dXdWeBZHfEoWaRLkUNLVfGLItQ0xB1JoILw7WWevEExq Rxo/4Nb+B4P0s6g== X-Developer-Key: i=paul@paul-moore.com; a=openpgp; fpr=7100AADFAE6E6E940D2E0AD655E45A5AE8CA7C8A One part of a larger effort to cleanup the LSM framework initialization code. Signed-off-by: Paul Moore --- security/lsm_init.c | 211 ++++++++++++++++++++++---------------------- 1 file changed, 106 insertions(+), 105 deletions(-) diff --git a/security/lsm_init.c b/security/lsm_init.c index 163fc2a1a952..e07fd4d2a16a 100644 --- a/security/lsm_init.c +++ b/security/lsm_init.c @@ -36,6 +36,9 @@ static __initdata bool debug; #define lsm_order_for_each(iter) \ for ((iter) = lsm_order; *(iter); (iter)++) +#define lsm_for_each_raw(iter) \ + for ((iter) = __start_lsm_info; \ + (iter) < __end_lsm_info; (iter)++) #define lsm_early_for_each_raw(iter) \ for ((iter) = __start_early_lsm_info; \ (iter) < __end_early_lsm_info; (iter)++) @@ -127,6 +130,10 @@ static bool __init lsm_order_exists(struct lsm_info *lsm) * lsm_order_append - Append a LSM to the ordered list * @lsm: LSM definition * @src: source of the addition + * + * Append @lsm to the enabled LSM array after ensuring that it hasn't been + * explicitly disabled, is a duplicate entry, or would run afoul of the + * LSM_FLAG_EXCLUSIVE logic. */ static void __init lsm_order_append(struct lsm_info *lsm, const char *src) { @@ -135,19 +142,106 @@ static void __init lsm_order_append(struct lsm_info *lsm, const char *src) return; /* Skip explicitly disabled LSMs. */ - if (lsm->enabled && !lsm_is_enabled(lsm)) { - if (WARN(lsm_count == MAX_LSM_COUNT, - "%s: out of LSM static calls!?\n", src)) - return; - lsm_enabled_set(lsm, true); - lsm_order[lsm_count] = lsm; - lsm_idlist[lsm_count++] = lsm->id; + if (lsm->enabled && !lsm_is_enabled(lsm)) + goto out; + + if (WARN(lsm_count == MAX_LSM_COUNT, + "%s: out of LSM static calls!?\n", src)) { + lsm_enabled_set(lsm, false); + goto out; } + if (lsm->flags & LSM_FLAG_EXCLUSIVE) { + if (lsm_exclusive) { + init_debug("exclusive disabled: %s\n", lsm->id->name); + lsm_enabled_set(lsm, false); + goto out; + } else { + init_debug("exclusive chosen: %s\n", lsm->id->name); + lsm_exclusive = lsm; + } + } + + lsm_enabled_set(lsm, true); + lsm_order[lsm_count] = lsm; + lsm_idlist[lsm_count++] = lsm->id; + +out: init_debug("%s ordered: %s (%s)\n", src, lsm->id->name, lsm_is_enabled(lsm) ? "enabled" : "disabled"); } +/** + * lsm_order_parse - Parse the comma delimited LSM list + * @list: LSM list + * @src: source of the list + */ +static void __init lsm_order_parse(const char *list, const char *src) +{ + struct lsm_info *lsm; + char *sep, *name, *next; + + /* Handle any Legacy LSM exclusions if one was specified. */ + if (lsm_order_legacy) { + /* + * To match the original "security=" behavior, this explicitly + * does NOT fallback to another Legacy Major if the selected + * one was separately disabled: disable all non-matching + * Legacy Major LSMs. + */ + lsm_for_each_raw(lsm) { + if ((lsm->flags & LSM_FLAG_LEGACY_MAJOR) && + strcmp(lsm->id->name, lsm_order_legacy)) { + lsm_enabled_set(lsm, false); + init_debug("security=%s disabled: %s (only one legacy major LSM)\n", + lsm_order_legacy, lsm->id->name); + } + } + } + + /* LSM_ORDER_FIRST */ + lsm_for_each_raw(lsm) { + if (lsm->order == LSM_ORDER_FIRST) + lsm_order_append(lsm, "first"); + } + + /* Normal or "mutable" LSMs */ + sep = kstrdup(list, GFP_KERNEL); + next = sep; + /* Walk the list, looking for matching LSMs. */ + while ((name = strsep(&next, ",")) != NULL) { + lsm_for_each_raw(lsm) { + if (!strcmp(lsm->id->name, name) && + lsm->order == LSM_ORDER_MUTABLE) + lsm_order_append(lsm, src); + } + } + kfree(sep); + + /* Legacy LSM if specified. */ + if (lsm_order_legacy) { + lsm_for_each_raw(lsm) { + if (!strcmp(lsm->id->name, lsm_order_legacy)) + lsm_order_append(lsm, src); + } + } + + /* LSM_ORDER_LAST */ + lsm_for_each_raw(lsm) { + if (lsm->order == LSM_ORDER_LAST) + lsm_order_append(lsm, "last"); + } + + /* Disable all LSMs not previously enabled. */ + lsm_for_each_raw(lsm) { + if (lsm_order_exists(lsm)) + continue; + lsm_enabled_set(lsm, false); + init_debug("%s skipped: %s (not in requested order)\n", + src, lsm->id->name); + } +} + /** * lsm_blob_size_update - Update the LSM blob size and offset information * @sz_req: the requested additional blob size @@ -172,26 +266,12 @@ static void __init lsm_blob_size_update(unsigned int *sz_req, */ static void __init lsm_prep_single(struct lsm_info *lsm) { - struct lsm_blob_sizes *blobs; + struct lsm_blob_sizes *blobs = lsm->blobs; - if (!lsm_is_enabled(lsm)) { - lsm_enabled_set(lsm, false); + if (!blobs) return; - } else if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && lsm_exclusive) { - init_debug("exclusive disabled: %s\n", lsm->id->name); - lsm_enabled_set(lsm, false); - return; - } - - /* Mark the LSM as enabled. */ - lsm_enabled_set(lsm, true); - if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && !lsm_exclusive) { - init_debug("exclusive chosen: %s\n", lsm->id->name); - lsm_exclusive = lsm; - } /* Register the LSM blob sizes. */ - blobs = lsm->blobs; lsm_blob_size_update(&blobs->lbs_cred, &blob_sizes.lbs_cred); lsm_blob_size_update(&blobs->lbs_file, &blob_sizes.lbs_file); lsm_blob_size_update(&blobs->lbs_ib, &blob_sizes.lbs_ib); @@ -230,86 +310,6 @@ static void __init lsm_init_single(struct lsm_info *lsm) WARN(ret, "%s failed to initialize: %d\n", lsm->id->name, ret); } -/* Populate ordered LSMs list from comma-separated LSM name list. */ -static void __init ordered_lsm_parse(const char *order, const char *origin) -{ - struct lsm_info *lsm; - char *sep, *name, *next; - - /* LSM_ORDER_FIRST is always first. */ - for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { - if (lsm->order == LSM_ORDER_FIRST) - lsm_order_append(lsm, " first"); - } - - /* Process "security=", if given. */ - if (lsm_order_legacy) { - struct lsm_info *major; - - /* - * To match the original "security=" behavior, this - * explicitly does NOT fallback to another Legacy Major - * if the selected one was separately disabled: disable - * all non-matching Legacy Major LSMs. - */ - for (major = __start_lsm_info; major < __end_lsm_info; - major++) { - if ((major->flags & LSM_FLAG_LEGACY_MAJOR) && - strcmp(major->id->name, lsm_order_legacy) != 0) { - lsm_enabled_set(major, false); - init_debug("security=%s disabled: %s (only one legacy major LSM)\n", - lsm_order_legacy, major->id->name); - } - } - } - - sep = kstrdup(order, GFP_KERNEL); - next = sep; - /* Walk the list, looking for matching LSMs. */ - while ((name = strsep(&next, ",")) != NULL) { - bool found = false; - - for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { - if (strcmp(lsm->id->name, name) == 0) { - if (lsm->order == LSM_ORDER_MUTABLE) - lsm_order_append(lsm, origin); - found = true; - } - } - - if (!found) - init_debug("%s ignored: %s (not built into kernel)\n", - origin, name); - } - - /* Process "security=", if given. */ - if (lsm_order_legacy) { - for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { - if (lsm_order_exists(lsm)) - continue; - if (strcmp(lsm->id->name, lsm_order_legacy) == 0) - lsm_order_append(lsm, "security="); - } - } - - /* LSM_ORDER_LAST is always last. */ - for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { - if (lsm->order == LSM_ORDER_LAST) - lsm_order_append(lsm, " last"); - } - - /* Disable all LSMs not in the ordered list. */ - for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) { - if (lsm_order_exists(lsm)) - continue; - lsm_enabled_set(lsm, false); - init_debug("%s skipped: %s (not in requested order)\n", - origin, lsm->id->name); - } - - kfree(sep); -} - /** * lsm_init_ordered - Initialize the ordered LSMs */ @@ -324,9 +324,9 @@ static void __init lsm_init_ordered(void) lsm_order_legacy, lsm_order_cmdline); lsm_order_legacy = NULL; } - ordered_lsm_parse(lsm_order_cmdline, "cmdline"); + lsm_order_parse(lsm_order_cmdline, "cmdline"); } else - ordered_lsm_parse(lsm_order_builtin, "builtin"); + lsm_order_parse(lsm_order_builtin, "builtin"); lsm_order_for_each(lsm) { lsm_prep_single(*lsm); @@ -426,6 +426,7 @@ int __init early_security_init(void) lsm_early_for_each_raw(lsm) { lsm_enabled_set(lsm, true); + lsm_order_append(lsm, "early"); lsm_prep_single(lsm); lsm_init_single(lsm); } From patchwork Wed Apr 9 18:49:58 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul Moore X-Patchwork-Id: 14045253 Received: from mail-qk1-f173.google.com (mail-qk1-f173.google.com [209.85.222.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2802C27C14A for ; Wed, 9 Apr 2025 18:53:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.222.173 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744224825; cv=none; b=Qdy3K8W4E1YLzWAwp80vayVxdcAmw4KvFPhXMxx2oWgy/z7TUO2Q8d8vnRCyUqUj3dKK8fAvCVekX8XunqSQ6Y5OPI79fvocKYWHyI1OJABe0zyDl7M7LzjJYlk4HOdAYzrkXy9s3TACYk2ie4guYIkSy2gJ2+0Lk4lOwcTv64o= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744224825; c=relaxed/simple; bh=qzEYkjSSQT7SHN2iFHggJ9MMMBNBLcrzRuKDbw9m2Yk=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=lD+oD+cHt/3PoHxNZsGR6IKQKUmor4yez4zBOulk5cqkcNyxA0Tl/mFumZsjVfcjMvXYFFxfa8DJ7eYN7JTIwdjaM8QrV2I8t0DFs7rWbD4bdgJi5vQ4c9K66Cs0P7eUj9l+guaoGAwArcObiPyr3uc9qQLzFcop1tgzvQrZHkc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com; spf=pass smtp.mailfrom=paul-moore.com; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b=gMqVmyvM; arc=none smtp.client-ip=209.85.222.173 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b="gMqVmyvM" Received: by mail-qk1-f173.google.com with SMTP id af79cd13be357-7c55500cf80so2204585a.1 for ; Wed, 09 Apr 2025 11:53:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore.com; s=google; t=1744224822; x=1744829622; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=q3N2ly/yeq8SeKiTDDeeS8aDfdMzPtTEEqExSghx5EU=; b=gMqVmyvM4DXkIPGGRU82hYDab0Yi041It/Q1TIZX3G7gAK97uZoM5OnNKGCkwXrOGJ UU4yk5OpwKzhla2TIJeZguiPu1HhhtbXi061NXE4Y3VYtMof84BScIBrlfWL4VRweVHT vcxascZ3AglsAFlnxPtRISCpMDUO7l+pdYCn/4HG4Od4iE7aRtrH6YjwAyjJjdR41wQx +Nzb1C0IBqQ6zdgmROnPcPcUQcyVHvsX6ecf4FhF1ND1RLnZ6TIUbCsm/ManTA2Q3BlK x0CmD/j8Slu4Vu3a3+eh35aXZZ80cLGQaADAeRPAVPsdrgAorciNDXYjbeCH+uRBZA9C 8xTg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744224822; x=1744829622; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=q3N2ly/yeq8SeKiTDDeeS8aDfdMzPtTEEqExSghx5EU=; b=VI89VvD/3j4GVdX+FHI0K0nDdDNENn0ScQdYGj5o4PsTExGyopdKhbjUaLQGiJVD0f 6+ccATjV8r6ggr+gKY3jM+1S+ckoyihTO7qXfSLlCYVOMyOf0R/QZGwsfmQX4wP4oLeU rS0ZWVmErwhDC9wzfHsZR1gOvJJSrkLNzm62r2aKIapbFngdiv4W/EorX1SAp5ZhCdfX cq7Bu5l/qCLkzpUiI42j3MzJpsTixiWbWvJSnC34CqT5priE94LS9aKfzwFxbiFWmb4V hJ3IeV4Wsnnc5VMadCeJM3gu0vOIbRs3M2ryCOfrUkieyvLYiMKjm9OrG6qA3hzzxWZj uZFw== X-Gm-Message-State: AOJu0Yzp82dc5Pvn+3rl44AUQ+ff/k9g0jGOmq+wy8Gg2Btm+F+cm/eB kp4sTM21vHDdROiz6MSWNAEsPTRN+K7BWdV4YA6YpiR/3Nx64IZ7QI8uy/eTZPJ+GPuQCp0vCZU = X-Gm-Gg: ASbGncs03xYCHH9zftR0oLfTWUQYvcWn9QxdIJBt/n+8tr9FttTlidvDdnOF2AmFlPY pw+m7CCD4gwjTAN89XU1yYG9db+yi51xMfAzBAIMTdHu9mO4yHfJaWB0WnmXwuE6Cb71Hl6fJzR t3rQU6AiCJx9FxBY/D0uV8Lj2Xsca1Jp+MqNGhDdA/ddUGQaVKJUl8Sungze4dZgdktdVFe20AK ascpHSYqIMtp0i5zFw+OAVqcjY+3s9Zydj1CghBLYjRdaDjoKXtNmKE5AloMLD7bQfhyGCT/kOg 8kSxpdpcmodYXAR8wD4tr5mMDla09HRi4BRYjFx5rb2ghea6+/1kfuWrdF9is4btmZ9jzwMU0/K teuRkOdoLmw== X-Google-Smtp-Source: AGHT+IH2R1QFDpJ7IptoJ8jPAKU/tn1nZ/FDrssLMBR+YD+UL7EcoRrRp+nWz6yXMBxXlwv1SSRk4A== X-Received: by 2002:a05:620a:c53:b0:7c5:9a6c:b7d3 with SMTP id af79cd13be357-7c79cc31d04mr606759985a.37.1744224821849; Wed, 09 Apr 2025 11:53:41 -0700 (PDT) Received: from localhost (pool-71-126-255-178.bstnma.fios.verizon.net. [71.126.255.178]) by smtp.gmail.com with UTF8SMTPSA id af79cd13be357-7c7a10a397fsm107455785a.7.2025.04.09.11.53.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Apr 2025 11:53:41 -0700 (PDT) From: Paul Moore To: linux-security-module@vger.kernel.org, linux-integrity@vger.kernel.org, selinux@vger.kernel.org Cc: John Johansen , Mimi Zohar , Roberto Sassu , Fan Wu , =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , =?utf-8?q?G=C3=BCnt?= =?utf-8?q?her_Noack?= , Kees Cook , Micah Morton , Casey Schaufler , Tetsuo Handa Subject: [RFC PATCH 13/29] lsm: fold lsm_init_ordered() into security_init() Date: Wed, 9 Apr 2025 14:49:58 -0400 Message-ID: <20250409185019.238841-44-paul@paul-moore.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20250409185019.238841-31-paul@paul-moore.com> References: <20250409185019.238841-31-paul@paul-moore.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=7193; i=paul@paul-moore.com; h=from:subject; bh=qzEYkjSSQT7SHN2iFHggJ9MMMBNBLcrzRuKDbw9m2Yk=; b=owEBbQKS/ZANAwAIAeog8tqXN4lzAcsmYgBn9sG4q+YU4s8gjBcl3GN/lIHlWvocxD6euCzjT hCONllu/a+JAjMEAAEIAB0WIQRLQqjPB/KZ1VSXfu/qIPLalzeJcwUCZ/bBuAAKCRDqIPLalzeJ c3dlD/0chaUT7KCW3OldpGtsj631H9sbdm9c6Jl/Go6QPIDvEvIqS8JpyLn1KdSI7gHoRjtfeTP EbtFPoX5kAieLNO0Zcl+r8Hz4QcOrncDYuV/gWSkVwMwlVaNEaFP98c0Il8I5nBu5ftlkYstgRo xtSjjAa1yeKQaJyqtBL1mnuYrMoDPMkOXoLyhn1W/UnUZ/jAw7wvljRUDl1g1q+viIlbLOV/ONS zBdCYfTmoi+SCNcbJOiLKvXi5IR6SCRucZVPmKEiPbzW9SEnX48lUhRk9u+AKTYKhmivnmxAarr g+arbliy3WvMmrs0qFY7T6eHfIoD0dAfCgkXHGE4fMkaE56vgvpIlHfxL2RIADhzYoddJ0pxnNb /TMbY+rQ9s1SKgLtGOsuav2pI3VTX4axxToxrXxFE8CmNG6Ny3XkFkt6YKK8bU+BIX0AZh21dQW SgqW4FjT05GDBoWTn4VwZLo3CAWts1d5M5EEwlPMxLcGc5yrh5imMjPnUuB42l4am8ZfzTdIhmo 1gv00uK6F4BS5NYYw5nGQQh/eHHpneZ06pZZih9WTka3cm2YRp/szd8pyazOYVqqq190/5HxtI1 7QNz6a+BpWx7C5CkIDAnu6wQBc+g1HJm5jJTuyR+3i/R8O2B+jUwPTlfb7t8ko0I+/h6bfTIgGC oxUqkZPOnqiVklA== X-Developer-Key: i=paul@paul-moore.com; a=openpgp; fpr=7100AADFAE6E6E940D2E0AD655E45A5AE8CA7C8A One part of a larger effort to cleanup the LSM framework initialization code. Signed-off-by: Paul Moore --- security/lsm_init.c | 156 ++++++++++++++++++++------------------------ 1 file changed, 72 insertions(+), 84 deletions(-) diff --git a/security/lsm_init.c b/security/lsm_init.c index e07fd4d2a16a..55b3fa82db76 100644 --- a/security/lsm_init.c +++ b/security/lsm_init.c @@ -18,6 +18,9 @@ int lsm_enabled_false = 0; extern struct lsm_info __start_lsm_info[], __end_lsm_info[]; extern struct lsm_info __start_early_lsm_info[], __end_early_lsm_info[]; +/* Number of "early" LSMs */ +static __initdata unsigned int lsm_count_early; + /* Build and boot-time LSM ordering. */ static __initconst const char *const lsm_order_builtin = CONFIG_LSM; static __initdata const char *lsm_order_cmdline; @@ -310,78 +313,6 @@ static void __init lsm_init_single(struct lsm_info *lsm) WARN(ret, "%s failed to initialize: %d\n", lsm->id->name, ret); } -/** - * lsm_init_ordered - Initialize the ordered LSMs - */ -static void __init lsm_init_ordered(void) -{ - struct lsm_info **lsm; - struct lsm_info *early; - - if (lsm_order_cmdline) { - if (lsm_order_legacy) { - pr_warn("security=%s is ignored because it is superseded by lsm=%s\n", - lsm_order_legacy, lsm_order_cmdline); - lsm_order_legacy = NULL; - } - lsm_order_parse(lsm_order_cmdline, "cmdline"); - } else - lsm_order_parse(lsm_order_builtin, "builtin"); - - lsm_order_for_each(lsm) { - lsm_prep_single(*lsm); - } - - pr_info("initializing lsm="); - lsm_early_for_each_raw(early) { - if (lsm_is_enabled(early)) - pr_cont("%s%s", - early == __start_early_lsm_info ? "" : ",", - early->id->name); - } - lsm_order_for_each(lsm) { - if (lsm_is_enabled(*lsm)) - pr_cont("%s%s", - lsm == lsm_order ? "" : ",", (*lsm)->id->name); - } - pr_cont("\n"); - - init_debug("cred blob size = %d\n", blob_sizes.lbs_cred); - init_debug("file blob size = %d\n", blob_sizes.lbs_file); - init_debug("ib blob size = %d\n", blob_sizes.lbs_ib); - init_debug("inode blob size = %d\n", blob_sizes.lbs_inode); - init_debug("ipc blob size = %d\n", blob_sizes.lbs_ipc); -#ifdef CONFIG_KEYS - init_debug("key blob size = %d\n", blob_sizes.lbs_key); -#endif /* CONFIG_KEYS */ - init_debug("msg_msg blob size = %d\n", blob_sizes.lbs_msg_msg); - init_debug("sock blob size = %d\n", blob_sizes.lbs_sock); - init_debug("superblock blob size = %d\n", blob_sizes.lbs_superblock); - init_debug("perf event blob size = %d\n", blob_sizes.lbs_perf_event); - init_debug("task blob size = %d\n", blob_sizes.lbs_task); - init_debug("tun device blob size = %d\n", blob_sizes.lbs_tun_dev); - init_debug("xattr slots = %d\n", blob_sizes.lbs_xattr_count); - init_debug("bdev blob size = %d\n", blob_sizes.lbs_bdev); - - if (blob_sizes.lbs_file) - lsm_file_cache = kmem_cache_create("lsm_file_cache", - blob_sizes.lbs_file, 0, - SLAB_PANIC, NULL); - if (blob_sizes.lbs_inode) - lsm_inode_cache = kmem_cache_create("lsm_inode_cache", - blob_sizes.lbs_inode, 0, - SLAB_PANIC, NULL); - - if (lsm_cred_alloc((struct cred *)current->cred, GFP_KERNEL)) - panic("%s: early cred alloc failed.\n", __func__); - if (lsm_task_alloc(current)) - panic("%s: early task alloc failed.\n", __func__); - - lsm_order_for_each(lsm) { - lsm_init_single(*lsm); - } -} - static void __init lsm_static_call_init(struct security_hook_list *hl) { struct lsm_static_call *scall = hl->scalls; @@ -429,35 +360,92 @@ int __init early_security_init(void) lsm_order_append(lsm, "early"); lsm_prep_single(lsm); lsm_init_single(lsm); + lsm_count_early++; } return 0; } /** - * security_init - initializes the security framework + * security_init - Initializes the LSM framework * * This should be called early in the kernel initialization sequence. */ int __init security_init(void) { - struct lsm_info *lsm; + unsigned int cnt; + struct lsm_info **lsm; + struct lsm_info *early; init_debug("legacy security=%s\n", lsm_order_legacy ? : " *unspecified*"); init_debug(" CONFIG_LSM=%s\n", lsm_order_builtin); init_debug("boot arg lsm=%s\n", lsm_order_cmdline ? : " *unspecified*"); - /* - * Append the names of the early LSM modules now that kmalloc() is - * available - */ - lsm_early_for_each_raw(lsm) { - init_debug(" early started: %s (%s)\n", lsm->id->name, - lsm_is_enabled(lsm) ? "enabled" : "disabled"); - } + if (lsm_order_cmdline) { + if (lsm_order_legacy) { + pr_warn("security=%s is ignored because it is superseded by lsm=%s\n", + lsm_order_legacy, lsm_order_cmdline); + lsm_order_legacy = NULL; + } + lsm_order_parse(lsm_order_cmdline, "cmdline"); + } else + lsm_order_parse(lsm_order_builtin, "builtin"); - /* Load LSMs in specified order. */ - lsm_init_ordered(); + lsm_order_for_each(lsm) + lsm_prep_single(*lsm); + + pr_info("initializing lsm="); + lsm_early_for_each_raw(early) { + if (lsm_is_enabled(early)) + pr_cont("%s%s", + early == __start_early_lsm_info ? "" : ",", + early->id->name); + } + lsm_order_for_each(lsm) { + if (lsm_is_enabled(*lsm)) + pr_cont("%s%s", + lsm == lsm_order ? "" : ",", (*lsm)->id->name); + } + pr_cont("\n"); + + init_debug("cred blob size = %d\n", blob_sizes.lbs_cred); + init_debug("file blob size = %d\n", blob_sizes.lbs_file); + init_debug("ib blob size = %d\n", blob_sizes.lbs_ib); + init_debug("inode blob size = %d\n", blob_sizes.lbs_inode); + init_debug("ipc blob size = %d\n", blob_sizes.lbs_ipc); +#ifdef CONFIG_KEYS + init_debug("key blob size = %d\n", blob_sizes.lbs_key); +#endif /* CONFIG_KEYS */ + init_debug("msg_msg blob size = %d\n", blob_sizes.lbs_msg_msg); + init_debug("sock blob size = %d\n", blob_sizes.lbs_sock); + init_debug("superblock blob size = %d\n", blob_sizes.lbs_superblock); + init_debug("perf event blob size = %d\n", blob_sizes.lbs_perf_event); + init_debug("task blob size = %d\n", blob_sizes.lbs_task); + init_debug("tun device blob size = %d\n", blob_sizes.lbs_tun_dev); + init_debug("xattr slots = %d\n", blob_sizes.lbs_xattr_count); + init_debug("bdev blob size = %d\n", blob_sizes.lbs_bdev); + + if (blob_sizes.lbs_file) + lsm_file_cache = kmem_cache_create("lsm_file_cache", + blob_sizes.lbs_file, 0, + SLAB_PANIC, NULL); + if (blob_sizes.lbs_inode) + lsm_inode_cache = kmem_cache_create("lsm_inode_cache", + blob_sizes.lbs_inode, 0, + SLAB_PANIC, NULL); + + if (lsm_cred_alloc((struct cred *)current->cred, GFP_KERNEL)) + panic("%s: early cred alloc failed.\n", __func__); + if (lsm_task_alloc(current)) + panic("%s: early task alloc failed.\n", __func__); + + cnt = 0; + lsm_order_for_each(lsm) { + /* skip the "early" LSMs as they have already been setup */ + if (cnt++ < lsm_count_early) + continue; + lsm_init_single(*lsm); + } return 0; } From patchwork Wed Apr 9 18:49:59 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul Moore X-Patchwork-Id: 14045255 Received: from mail-qv1-f45.google.com (mail-qv1-f45.google.com [209.85.219.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1AA8527C166 for ; Wed, 9 Apr 2025 18:53:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.45 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744224825; cv=none; b=mqXfmuoJlOEFv5LUissfCmJripwGi55NustFjm9cHIWDtpDZJQ8YU2QKf1PyY8i9TLBpPYivGJp011yS/6Xup/yWi8v/G9ykCoPmI7ONMeDnXVF5zWWLpeNcVC9cq5BeM3eyonkqXRlaIv2a6Ul+rovYEo/ons2hSn3kPXnBjvk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744224825; c=relaxed/simple; bh=J8s0MQCX1rti68StIWFgrsqpocBfi5qZEsksUWpZxis=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=lNsT7i2GxbHOlJ4tkYvpaRJT29lS+kMePzmtHUxFCiEQoQvb6q9gRVcj3TemVMSE3GSxQvoN2l6BGr8Y1/AC65vNU5c4KN46FSMjPkwa012XtMTm54VQ9dIf2DxZOvJDTgIKMaw1OQLOvXWudU7Vjlo/pP6m4ain832M6F533wk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com; spf=pass smtp.mailfrom=paul-moore.com; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b=d4u5oiYb; arc=none smtp.client-ip=209.85.219.45 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b="d4u5oiYb" Received: by mail-qv1-f45.google.com with SMTP id 6a1803df08f44-6ed16ce246bso34642176d6.3 for ; Wed, 09 Apr 2025 11:53:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore.com; s=google; t=1744224823; x=1744829623; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=HeZKybOSs8+NFkJZkOorGpVfvMZ0pYJDZjai2pWJ8pA=; b=d4u5oiYb5SBvHvUMBDPwTcHp5dsXnnhQyvkK+mKqQc3tZvxKUjuit8ZydID7xmjsbj ka7vrQ5AuOBA3abOYtz9wjOFYXvpL3+AkWgQlhecSCFesxT4pTOfnOL4cINX8II8tFhx y8q/mpN3AWuv3yR/YfUz6X3ucZQ4vwiOcTzSF3lA6Y3FOb4X4KljlIdP5po9kqHVnnzl rwgP+lHc2AG3mzOPXw5z/WJRhhe/JwB8K4aBxbojClvqal4edvJ4ddFM3vE1Q6D/pRow YvMD3Uf/xwGbwA7OcNdMCJ6fHqQW2tpjmfgjG4wy2Ec2AFM0OSua9oZ7SGf3fLkkAgNA vjsA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744224823; x=1744829623; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=HeZKybOSs8+NFkJZkOorGpVfvMZ0pYJDZjai2pWJ8pA=; b=Hg+EbspoauZ+VL2ANsn8IR2ATue2s+XX/V1IDG74DS2Rt5BS2EiBULW3f624t159m6 8Z8JBKOBW+ZLxDs5Z/zDw3bWLF8+1/uPuJTO2vpWYg/MWMxiwUBJ8kWmVr1RXIjKgRtp 9OtvMNiZfmk+v3lC+HtQwNKcCzkb/DJrEIQvH18OnPH+hxBeNzzrTZDSZgKGRf5puFIE HjILLGxPeCuqKmp6zaklEigQC+uO1p5qNy7xiJSO4bFz/kTg5sGNH0tvhB38BhwgyOo6 VFXDDAXblK7DwxoYcYp+zyHYB8XwpmQM4Kac/yD4LKLM9iBK9wbQZnzVvWA8xbxELPVW sHqA== X-Gm-Message-State: AOJu0YyPK6oADOjZ271N7kgjMcXQYdquzIn9SeU5auxpSRuMZZQ37j6d Zv9FwOqzpD+BT+tb7JzpYiE4SxtTK2Mh2uX3Fv+gGO8K3sL1tVpHV7OS6+S/8Y3U9wKvod4SDuA = X-Gm-Gg: ASbGnctvKgxsqugK/zFDDfN1aj6JM3YlrUwPGcNabXMg+J9WkYyF5q0GFwstwXsm7hw bkjR3CbxXCe02qG9sXvfaYZNJKwvc2Wfr7Gd5SKjhDfoORnW7W5sQhT4q79n1VmI0kUwFAxvJMq CuKXxtQaKUBbhAYkyOKwZDMxjiHEgzkhwPs2/oB1u7ESahco5PFbYfajvv9Wb4gv2fJeDL0vvwf e8AZvMzB2hfZ1a/RXsfpNdV1fUphLJ0ku17ek5DgA9ODBFZ7SdNLVX7lnNVDnMxH8yQfK2oj/mx rY0VAouNYNVBX/RSEVds4OG5KzXO7BgtVehDq3iHfBw03Zs59P5DCmd/MFC12hIcdOJcpkCtPwB GiaByIc621A== X-Google-Smtp-Source: AGHT+IESHnGzNmRVVfPacCj/vkxRHpaeuMhAwSPmcfan8bf0MsKhilZAB1P0leX7AFd/wHfREf45Ng== X-Received: by 2002:a05:6214:500f:b0:6e8:fad6:7104 with SMTP id 6a1803df08f44-6f0e5bf7a6bmr258306d6.35.1744224822725; Wed, 09 Apr 2025 11:53:42 -0700 (PDT) Received: from localhost (pool-71-126-255-178.bstnma.fios.verizon.net. [71.126.255.178]) by smtp.gmail.com with UTF8SMTPSA id 6a1803df08f44-6f0de970d77sm10619256d6.28.2025.04.09.11.53.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Apr 2025 11:53:42 -0700 (PDT) From: Paul Moore To: linux-security-module@vger.kernel.org, linux-integrity@vger.kernel.org, selinux@vger.kernel.org Cc: John Johansen , Mimi Zohar , Roberto Sassu , Fan Wu , =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , =?utf-8?q?G=C3=BCnt?= =?utf-8?q?her_Noack?= , Kees Cook , Micah Morton , Casey Schaufler , Tetsuo Handa Subject: [RFC PATCH 14/29] lsm: add missing function header comment blocks in lsm_init.c Date: Wed, 9 Apr 2025 14:49:59 -0400 Message-ID: <20250409185019.238841-45-paul@paul-moore.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20250409185019.238841-31-paul@paul-moore.com> References: <20250409185019.238841-31-paul@paul-moore.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=903; i=paul@paul-moore.com; h=from:subject; bh=J8s0MQCX1rti68StIWFgrsqpocBfi5qZEsksUWpZxis=; b=owEBbQKS/ZANAwAIAeog8tqXN4lzAcsmYgBn9sG+swr7AIcKgsrGNx3b01lMOqA9ckaYbHdkB tLPkjbIOgqJAjMEAAEIAB0WIQRLQqjPB/KZ1VSXfu/qIPLalzeJcwUCZ/bBvgAKCRDqIPLalzeJ c4pOD/4iwZ5xEcGorjH8fqDkC59PW1O43qMZWH+uIU1ASOYZSRvLBdrI9VWc5pmswdaw+LgRNWj 3/4F65Osb4v+kK/qHueTrOgEJLjnhhiDANNtGTrgDRHCRSVSStyACKJCYnpJSgfFYLkGMWegURP CtsszZ/hlTxAI+kH2NYeV01p2H1w/bq2c8zq00xS127hDmPBNJ13L2ZWRF//pdUL2W+ixSAKeFB KThZCVFxS2/4sk6s+LBz6Z/D7D8MsQOPvw1bhVWnQP9Ro6jwKo/sYz7fOZnxraMY9yzgyczCVhE I+JkJ3WhDmD9MWdDPWZIZtRqT+AatuEATTHNaml/tvcEKw336cYdSYz/Yoz5e5StQD/C9rLyDAq YVvdXkJEbYN2zlFOJi7oc9STtDQjEzM5DFzIu8aZa7H5RoeRNfdAEiHr+iIZN25Enx5AWjGXEwu OkYLvDxCS4LyJQJ5sKMHN9g0yPlFaRezAdmxGOAjBKWxNaI5bbooB/Fjt9HAHXh2J84IHctuf6Z AjzQ3WnlfZH3xU7kvRhXhkE6ilZdaJQk/JlDTqWlJAaMigj9O84wJ9BU+6z2bgyLbfqWTAS8KnR dA4T+Ohu5ibbuaAgW18KQRbiQIZda+/B0gA8xQ0ooXUz1vyxM+y18jVW2pT7czR8AyHvrUWvc3S jE9TGSeQuAzCq7A== X-Developer-Key: i=paul@paul-moore.com; a=openpgp; fpr=7100AADFAE6E6E940D2E0AD655E45A5AE8CA7C8A Signed-off-by: Paul Moore --- security/lsm_init.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/security/lsm_init.c b/security/lsm_init.c index 55b3fa82db76..04b1f5e760b1 100644 --- a/security/lsm_init.c +++ b/security/lsm_init.c @@ -313,6 +313,10 @@ static void __init lsm_init_single(struct lsm_info *lsm) WARN(ret, "%s failed to initialize: %d\n", lsm->id->name, ret); } +/** + * lsm_static_call_init - Initialize a LSM's static calls + * @hl: LSM hook list + */ static void __init lsm_static_call_init(struct security_hook_list *hl) { struct lsm_static_call *scall = hl->scalls; @@ -351,6 +355,9 @@ void __init security_add_hooks(struct security_hook_list *hooks, int count, } } +/** + * early_security_init - Initialize the early LSMs + */ int __init early_security_init(void) { struct lsm_info *lsm; From patchwork Wed Apr 9 18:50:00 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul Moore X-Patchwork-Id: 14045256 Received: from mail-qt1-f177.google.com (mail-qt1-f177.google.com [209.85.160.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2542827BF78 for ; Wed, 9 Apr 2025 18:53:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.160.177 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744224826; cv=none; b=F4RDnRkgP1lXbsSmR4AlJE1hV/zXnVCCeZbc6r+z7be2fg0oOjXXPiy9u1QndMLLY4H/3cW2kREO6Z+aSbLRI0y3E41dnJ4iEUdOOKIDSo/P1NjQMwqY+Y8HWaUdn0PKRsoAVPL+QEjfj5o1BswxXH+lojgTxTVyEERMFJT0Kq4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744224826; c=relaxed/simple; bh=/zOcp6vW00K9OLTDKuRlnUWVeOMi2M8xMQFO5DBpqm8=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Gf2elzZE1yH8RyuTW5rhAuecXdz4DHuDkxHSCpAXDp5DhQUXYR6k01rIPqvibxqrDSmJjRtcMy6AGrJNcG5vvZINZqlCBAtAz546wb7zeOkOpObVtWoK9BQ0R7ZYfqPiGfzjFQ4uwUterK+z+sWjL1eID/z17T5tTAbxo6Ped2g= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com; spf=pass smtp.mailfrom=paul-moore.com; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b=FfFeFJlL; arc=none smtp.client-ip=209.85.160.177 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b="FfFeFJlL" Received: by mail-qt1-f177.google.com with SMTP id d75a77b69052e-4774d68c670so97082371cf.0 for ; Wed, 09 Apr 2025 11:53:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore.com; s=google; t=1744224824; x=1744829624; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=YVHQG1C6ddsrtK1xivLmHJGGL5ZFOJnUaGXlM9Lc7Wc=; b=FfFeFJlLiU9AJkjYWc8u17pG+xs3UGGwQ49pyOYEfHUV1rXctKsI+zVcGQTipIzBDQ cUxQZIva716V2FR5xjD9p2fSgCg9TeeTyflLrWFWWApIogU1zawiiMFx5F6EN+OonjV9 VePA11UeWwG2XqcjFVi3XJO2TOAV+HoHH6OVBMsQ5S/VwOF6nsf1fX+ohWUyLF7/4kbk zPR52QjuI51VbdmJNksW+AK2tpNWzWBrPaLDaZCB6nt4p8+urGcd4ps+bEozplqgulQg w2yO6dIIeu+k2dUT3o7NXGiWLvSEIVzWHJPYAMoKrezeEx0ZCmYlhbQsb/tmpkGwPpH4 DV4A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744224824; x=1744829624; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=YVHQG1C6ddsrtK1xivLmHJGGL5ZFOJnUaGXlM9Lc7Wc=; b=IUO5uyaHbK8Je0D4DrbS3/2YLRzrtT8S/7L3mYktdJo1XodlMmNUt/s6iGmJKLRHa4 1E0U3Xvx7TfDcFwVO/FpeRGGelhSnYvqvOKpHScn2hJEmWCNz38MWOQJrw8CpRz68gPX ZqT4KcbjseSwYulT1tNTC3Ec3TG92SKcOoBUuG7z9gX/5rNrS/uv4m3D4RUdFYVBrUrZ SOQ1EIDP2FTNccJ8J/6kjIJUjfAjoxknsPMojo9Y8RsB+n2gHLki76dt392IeHulSLfL EB08PmQyNFzBbRcDBfCRZ0XXbnj6YDizkWO3lODyI/mWCiAAJ/CeWghT4BZWaqlBgO5l meDA== X-Gm-Message-State: AOJu0YzV5xmFiub2fZHWaZHWbN4ls1NN+RwqiZLYPQihYZ+hdrytNgc3 5wqrQcrM3Cc9hfuhFmMavTXoyZf3Hm7e77m/GpBPKKTS49f4zXNyJJYOyCIoZSug8yG56gLj2xw = X-Gm-Gg: ASbGncs/pVWzEQZrYkwS17MlvQ4EeH9S3fAPTzPxB5D334rt9/H3t290MnYuchwUIKJ mYJekhgP0AgOMVurzH0/YY0+lQHMTjJM3Kd1nhDrdcD7TdX5QEJFb4rJMXprV/7QR4XiU2BSLBH MhU+GSJ5NdiazWVqYstqXoHpcQjyJaljRG//9gpMP7aiHnLSKSWBbYFyjEbiPfxevg3jvjjPwMA x2KBxW44DxD3NkVNG/ox0GJpjBRgRc366eXov7vF0RTklarD5R2pCU+cVB59tga3Pc6+hOt6c2r 9eWlNKPgG1/Gn88UtIX2pQ2qMj+hhfdsxZcblumUVWrrhUxNq1uFvtq+mTkFw2+fa67XTV8OEsq d6ZjGGo/AliZjBF6oc0L9 X-Google-Smtp-Source: AGHT+IHq2RugIX4WFOD7M6JwKXBKHkVCFAeiVCQHqswlFJhgNBEKGqnTf6VvFQlUt2Jo/O4eoCMF0w== X-Received: by 2002:ac8:7d4c:0:b0:476:8cad:72d7 with SMTP id d75a77b69052e-4796007888bmr42523341cf.8.1744224823860; Wed, 09 Apr 2025 11:53:43 -0700 (PDT) Received: from localhost (pool-71-126-255-178.bstnma.fios.verizon.net. [71.126.255.178]) by smtp.gmail.com with UTF8SMTPSA id d75a77b69052e-47964de143csm10415171cf.35.2025.04.09.11.53.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Apr 2025 11:53:43 -0700 (PDT) From: Paul Moore To: linux-security-module@vger.kernel.org, linux-integrity@vger.kernel.org, selinux@vger.kernel.org Cc: John Johansen , Mimi Zohar , Roberto Sassu , Fan Wu , =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , =?utf-8?q?G=C3=BCnt?= =?utf-8?q?her_Noack?= , Kees Cook , Micah Morton , Casey Schaufler , Tetsuo Handa Subject: [RFC PATCH 15/29] lsm: cleanup the debug and console output in lsm_init.c Date: Wed, 9 Apr 2025 14:50:00 -0400 Message-ID: <20250409185019.238841-46-paul@paul-moore.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20250409185019.238841-31-paul@paul-moore.com> References: <20250409185019.238841-31-paul@paul-moore.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=9645; i=paul@paul-moore.com; h=from:subject; bh=/zOcp6vW00K9OLTDKuRlnUWVeOMi2M8xMQFO5DBpqm8=; b=owEBbQKS/ZANAwAIAeog8tqXN4lzAcsmYgBn9sHExz7JhVCfgvu+Ih/5YNSFjFh8turGzhYHF qPOgqUXmcuJAjMEAAEIAB0WIQRLQqjPB/KZ1VSXfu/qIPLalzeJcwUCZ/bBxAAKCRDqIPLalzeJ c4gfD/44avckg6JgGRlufNqqKjPFYqQ1kAscZQ08oevz+Z2QV6EfhD8RdjLgz71HRj7r31sytFz D2BrZotzxu/t6dVDbV7pboHsw8y2CV1JTEmgpAba4Xejv9vdFUrWJP5mpX+d75BsQIb1WZ9GbB2 cOkPqr4lTsKVP0bkDxwBnYLVlKlDOK7HThO+OjlstNdf5frannP8yF6tkGUr0D7KXtuO51KBO/y E7ZFLtL8nImTOQKT9vlI1dEmsjcUx0Zd/PplD2gCJO2LW6Fq+DJwdQTlpFWH8NucVHY1uytIBUz 1Pbu75lCfsuOmCSnnR2BkJng+qLMXJmzbgmc/6wB+pj6sPJIzx6y6ut8d/lc83B2g42s4tPKClx PWSTtDbKIn4X2EI0HSSXLcisO3TasfXYTCSRkinq+bsPJuSK4HDBqHNPRZDDZMb8aeTzhZxUSu6 ZCvy7lvYr2wEFRsWQMTlUQMpj8uZ2zoFX7ztheA4SaRbKtJWNXBumXYaKWaFvwaqSgiP92iX+nk 7S8R7ex8kxm9CR9UW8MxTcyXN5OMTmdKuVhyiLIrCd6gnLscDHWuA0jCll3fzS7e/OBpxUMKV6P sQmgZfjodrRpD2TMQ/4MZjMrCMDfODyLE/tqapZjnkzbp2kKhUqBHD1cJP+uWYvMznAgNd8McDO x6HFMQ7otkFEBFw== X-Developer-Key: i=paul@paul-moore.com; a=openpgp; fpr=7100AADFAE6E6E940D2E0AD655E45A5AE8CA7C8A One part of a larger effort to cleanup the LSM framework initialization code. Signed-off-by: Paul Moore --- security/lsm.h | 11 ++++ security/lsm_init.c | 121 +++++++++++++++++++------------------------- security/security.c | 2 + 3 files changed, 66 insertions(+), 68 deletions(-) diff --git a/security/lsm.h b/security/lsm.h index af343072199d..8ecb66896646 100644 --- a/security/lsm.h +++ b/security/lsm.h @@ -6,9 +6,20 @@ #ifndef _LSM_H_ #define _LSM_H_ +#include #include #include +/* LSM debugging */ +extern bool lsm_debug; +#define lsm_pr(...) pr_info(__VA_ARGS__) +#define lsm_pr_cont(...) pr_cont(__VA_ARGS__) +#define lsm_pr_dbg(...) \ + do { \ + if (lsm_debug) \ + pr_info(__VA_ARGS__); \ + } while (0) + /* List of configured LSMs */ extern unsigned int lsm_count; extern const struct lsm_id *lsm_idlist[]; diff --git a/security/lsm_init.c b/security/lsm_init.c index 04b1f5e760b1..aba1253ffc4c 100644 --- a/security/lsm_init.c +++ b/security/lsm_init.c @@ -30,13 +30,6 @@ static __initdata const char *lsm_order_legacy; static __initdata struct lsm_info *lsm_exclusive; static __initdata struct lsm_info *lsm_order[MAX_LSM_COUNT + 1]; -static __initdata bool debug; -#define init_debug(...) \ - do { \ - if (debug) \ - pr_info(__VA_ARGS__); \ - } while (0) - #define lsm_order_for_each(iter) \ for ((iter) = lsm_order; *(iter); (iter)++) #define lsm_for_each_raw(iter) \ @@ -77,7 +70,7 @@ __setup("lsm=", lsm_choose_lsm); */ static int __init lsm_debug_enable(char *str) { - debug = true; + lsm_debug = true; return 1; } __setup("lsm.debug", lsm_debug_enable); @@ -145,22 +138,28 @@ static void __init lsm_order_append(struct lsm_info *lsm, const char *src) return; /* Skip explicitly disabled LSMs. */ - if (lsm->enabled && !lsm_is_enabled(lsm)) - goto out; + if (lsm->enabled && !lsm_is_enabled(lsm)) { + lsm_pr_dbg("skip previously disabled LSM %s:%s\n", + src, lsm->id->name); + return; + } - if (WARN(lsm_count == MAX_LSM_COUNT, - "%s: out of LSM static calls!?\n", src)) { + if (lsm_count == MAX_LSM_COUNT) { + pr_warn("exceeded maximum LSM count on %s:%s\n", + src, lsm->id->name); lsm_enabled_set(lsm, false); - goto out; + return; } if (lsm->flags & LSM_FLAG_EXCLUSIVE) { if (lsm_exclusive) { - init_debug("exclusive disabled: %s\n", lsm->id->name); + lsm_pr_dbg("skip exclusive LSM conflict %s:%s\n", + src, lsm->id->name); lsm_enabled_set(lsm, false); - goto out; + return; } else { - init_debug("exclusive chosen: %s\n", lsm->id->name); + lsm_pr_dbg("select exclusive LSM %s:%s\n", + src, lsm->id->name); lsm_exclusive = lsm; } } @@ -169,9 +168,7 @@ static void __init lsm_order_append(struct lsm_info *lsm, const char *src) lsm_order[lsm_count] = lsm; lsm_idlist[lsm_count++] = lsm->id; -out: - init_debug("%s ordered: %s (%s)\n", src, lsm->id->name, - lsm_is_enabled(lsm) ? "enabled" : "disabled"); + lsm_pr_dbg("enabling LSM %s:%s\n", src, lsm->id->name); } /** @@ -196,8 +193,8 @@ static void __init lsm_order_parse(const char *list, const char *src) if ((lsm->flags & LSM_FLAG_LEGACY_MAJOR) && strcmp(lsm->id->name, lsm_order_legacy)) { lsm_enabled_set(lsm, false); - init_debug("security=%s disabled: %s (only one legacy major LSM)\n", - lsm_order_legacy, lsm->id->name); + lsm_pr_dbg("skip legacy LSM conflict %s:%s\n", + src, lsm->id->name); } } } @@ -240,8 +237,7 @@ static void __init lsm_order_parse(const char *list, const char *src) if (lsm_order_exists(lsm)) continue; lsm_enabled_set(lsm, false); - init_debug("%s skipped: %s (not in requested order)\n", - src, lsm->id->name); + lsm_pr_dbg("skip disabled LSM %s:%s\n", src, lsm->id->name); } } @@ -308,16 +304,18 @@ static void __init lsm_init_single(struct lsm_info *lsm) if (!lsm_is_enabled(lsm)) return; - init_debug("initializing %s\n", lsm->id->name); + lsm_pr_dbg("initialize LSM %s\n", lsm->id->name); ret = lsm->init(); - WARN(ret, "%s failed to initialize: %d\n", lsm->id->name, ret); + if (ret) + pr_warn("failed to initialize LSM %s with errno %d\n", + lsm->id->name, ret); } /** * lsm_static_call_init - Initialize a LSM's static calls * @hl: LSM hook list */ -static void __init lsm_static_call_init(struct security_hook_list *hl) +static int __init lsm_static_call_init(struct security_hook_list *hl) { struct lsm_static_call *scall = hl->scalls; int i; @@ -329,11 +327,12 @@ static void __init lsm_static_call_init(struct security_hook_list *hl) hl->hook.lsm_func_addr); scall->hl = hl; static_branch_enable(scall->active); - return; + return 0; } scall++; } - panic("%s - Ran out of static slots.\n", __func__); + + return -ENOSPC; } /** @@ -351,7 +350,9 @@ void __init security_add_hooks(struct security_hook_list *hooks, int count, for (i = 0; i < count; i++) { hooks[i].lsmid = lsmid; - lsm_static_call_init(&hooks[i]); + if (lsm_static_call_init(&hooks[i])) + panic("exhausted LSM callback slots with LSM %s\n", + lsmid->name); } } @@ -382,18 +383,16 @@ int __init security_init(void) { unsigned int cnt; struct lsm_info **lsm; - struct lsm_info *early; - init_debug("legacy security=%s\n", lsm_order_legacy ? : " *unspecified*"); - init_debug(" CONFIG_LSM=%s\n", lsm_order_builtin); - init_debug("boot arg lsm=%s\n", lsm_order_cmdline ? : " *unspecified*"); + if (lsm_debug) { + lsm_pr("built-in LSM list: %s\n", lsm_order_builtin); + lsm_pr("legacy LSM parameter: %s\n", lsm_order_legacy); + lsm_pr("boot LSM parameter: %s\n", lsm_order_cmdline); + } if (lsm_order_cmdline) { - if (lsm_order_legacy) { - pr_warn("security=%s is ignored because it is superseded by lsm=%s\n", - lsm_order_legacy, lsm_order_cmdline); + if (lsm_order_legacy) lsm_order_legacy = NULL; - } lsm_order_parse(lsm_order_cmdline, "cmdline"); } else lsm_order_parse(lsm_order_builtin, "builtin"); @@ -401,36 +400,22 @@ int __init security_init(void) lsm_order_for_each(lsm) lsm_prep_single(*lsm); - pr_info("initializing lsm="); - lsm_early_for_each_raw(early) { - if (lsm_is_enabled(early)) - pr_cont("%s%s", - early == __start_early_lsm_info ? "" : ",", - early->id->name); + if (lsm_debug) { + lsm_pr("blob(cred) size %d\n", blob_sizes.lbs_cred); + lsm_pr("blob(file) size %d\n", blob_sizes.lbs_file); + lsm_pr("blob(ib) size %d\n", blob_sizes.lbs_ib); + lsm_pr("blob(inode) size %d\n", blob_sizes.lbs_inode); + lsm_pr("blob(ipc) size %d\n", blob_sizes.lbs_ipc); + lsm_pr("blob(key) size %d\n", blob_sizes.lbs_key); + lsm_pr("blob(msg_msg)_size %d\n", blob_sizes.lbs_msg_msg); + lsm_pr("blob(sock) size %d\n", blob_sizes.lbs_sock); + lsm_pr("blob(superblock) size %d\n", blob_sizes.lbs_superblock); + lsm_pr("blob(perf_event) size %d\n", blob_sizes.lbs_perf_event); + lsm_pr("blob(task) size %d\n", blob_sizes.lbs_task); + lsm_pr("blob(tun_dev) size %d\n", blob_sizes.lbs_tun_dev); + lsm_pr("blob(xattr) count %d\n", blob_sizes.lbs_xattr_count); + lsm_pr("blob(bdev) size %d\n", blob_sizes.lbs_bdev); } - lsm_order_for_each(lsm) { - if (lsm_is_enabled(*lsm)) - pr_cont("%s%s", - lsm == lsm_order ? "" : ",", (*lsm)->id->name); - } - pr_cont("\n"); - - init_debug("cred blob size = %d\n", blob_sizes.lbs_cred); - init_debug("file blob size = %d\n", blob_sizes.lbs_file); - init_debug("ib blob size = %d\n", blob_sizes.lbs_ib); - init_debug("inode blob size = %d\n", blob_sizes.lbs_inode); - init_debug("ipc blob size = %d\n", blob_sizes.lbs_ipc); -#ifdef CONFIG_KEYS - init_debug("key blob size = %d\n", blob_sizes.lbs_key); -#endif /* CONFIG_KEYS */ - init_debug("msg_msg blob size = %d\n", blob_sizes.lbs_msg_msg); - init_debug("sock blob size = %d\n", blob_sizes.lbs_sock); - init_debug("superblock blob size = %d\n", blob_sizes.lbs_superblock); - init_debug("perf event blob size = %d\n", blob_sizes.lbs_perf_event); - init_debug("task blob size = %d\n", blob_sizes.lbs_task); - init_debug("tun device blob size = %d\n", blob_sizes.lbs_tun_dev); - init_debug("xattr slots = %d\n", blob_sizes.lbs_xattr_count); - init_debug("bdev blob size = %d\n", blob_sizes.lbs_bdev); if (blob_sizes.lbs_file) lsm_file_cache = kmem_cache_create("lsm_file_cache", @@ -442,9 +427,9 @@ int __init security_init(void) SLAB_PANIC, NULL); if (lsm_cred_alloc((struct cred *)current->cred, GFP_KERNEL)) - panic("%s: early cred alloc failed.\n", __func__); + panic("early LSM cred alloc failed\n"); if (lsm_task_alloc(current)) - panic("%s: early task alloc failed.\n", __func__); + panic("early LSM task alloc failed\n"); cnt = 0; lsm_order_for_each(lsm) { diff --git a/security/security.c b/security/security.c index a3e8dd640b39..cbd544d71093 100644 --- a/security/security.c +++ b/security/security.c @@ -73,6 +73,8 @@ const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX + 1] = { [LOCKDOWN_CONFIDENTIALITY_MAX] = "confidentiality", }; +bool lsm_debug __ro_after_init; + unsigned int lsm_count __ro_after_init; const struct lsm_id *lsm_idlist[MAX_LSM_COUNT]; From patchwork Wed Apr 9 18:50:01 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul Moore X-Patchwork-Id: 14045257 Received: from mail-qv1-f50.google.com (mail-qv1-f50.google.com [209.85.219.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1358E27C170 for ; Wed, 9 Apr 2025 18:53:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.50 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744224827; cv=none; b=PnP/IgDihJkBCNyPVk6Hwt/JfYKTRaeEx4FX5sqrtSb2JB+EO4eemVgf8qZyw67LpPTCKtViOJpop1P1Cg+rZrldVWBdUF6tmPHqD7qrMgB6tq7x+KUEWOdXYp4okE9qJLfTvzTlYhbuoEWaPvnEKy9LVTB29qervrOrjlQ8V2U= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744224827; c=relaxed/simple; bh=m5SDi/Ws99YGf4fQxXOcnXDyD5cqe3LLHIxu36oK/q8=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=bVR/V4RRqb7Hqbp8Icbi7085scgiaR7JqrjD2P5+QDQAidpQHCh8g3eZtHg3aZ+06WZvRFbkusQYxO+xa2z6sYsUS8t0iT7vaUotOO6FRVT42sBrXRkQ1GzzU2lfP1oixFmOBjv8f5+g+lAyIbxTRTZMpZvT/xw1T5PtXuXM0kQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com; spf=pass smtp.mailfrom=paul-moore.com; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b=Y8IJAB+D; arc=none smtp.client-ip=209.85.219.50 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b="Y8IJAB+D" Received: by mail-qv1-f50.google.com with SMTP id 6a1803df08f44-6ecfa716ec1so70027016d6.2 for ; Wed, 09 Apr 2025 11:53:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore.com; s=google; t=1744224825; x=1744829625; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=3LwGa6v7K37aPAxJoM9V/ORkpt6P9aeqeyafgjS7XL0=; b=Y8IJAB+DJZ7BbDLN9TdbqpfWx1mdqevwHgaRphZ12fi004z5LiCVzGuWcgPDJfmMcc P6uF8la97ulU+xU6k16KSXX2Qdp+uvElfQjn5Zvy61bor5pCEkmVo6Bn3auMuSPoxU3z 9dE+WAEkYV5eUDOK1e3eE9ljdGQaZG5ZFcVrZI1tzC433P8Bik2ACxIIVbijLAwP+x9t zkNDM8Y+WYjvqkPBaOVvp+x2ooJTgvSpyOXDGFU3kY4GxCK1lL3hsf+VPy5XgOWOxgEs cOJJCUC1TaMioI0Dh3oRzHIWza6noFdXrtb+I4/P7VoBKpdCKrhf6qtKDz3pxt9Uwz19 OPLg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744224825; x=1744829625; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=3LwGa6v7K37aPAxJoM9V/ORkpt6P9aeqeyafgjS7XL0=; b=lDLG4gMrwbVVKNiN3/+G7jwPRJCjizLFuHF+1ZNPdUQp81+a940XjvOFBpxTi8O8Fu ikF2xaEJrW2+Vcrxwdw0kMVeWrR4yR9O6geiboPpWoLVLaa07+L+2GXH90/4epDXAVFE n0imckoATCmt7BzIC86Q1GWxEhEAHrM/uxtHSH8LKKZggyj+nofvD2QuGt4KqsV7bZ9p m3ZgAXxC8SloGBE37ZjWW/KJUvVp7vZ3ICNhj0OgMX6DjSVHuvcDe2QY2XwRCapbhB/J z4dgroVqQYDTDgeJ5fPJG4f6kQvVZvjfs86AzCd2Pn3NAUvNKj6Cnhsdzv8I/MrJL8yQ 7miA== X-Gm-Message-State: AOJu0Yxv9pJ4lIllEgOoIaHV5VSDigXD/6lkC8Np2C81p8qWW7BUau1J IfE+PlXPdCKsLBpSiwxUMmCblDXC3MTgAMXir5eOat2WPy02eWnN/Tf5r7Rvkdl/wm3yq5aMvSA = X-Gm-Gg: ASbGncvwTh54wa4StTLN83o/b37sNg/LlvKgnDkeYaoqCUrDB1OLGNzQr/uSf4pNWD0 PDTCcoBLBgMcUovk4FDE9xBiztzwIiBVJPUhhmmwETki+Yp4Kl1HzSpVha4kqExqBBK5qqRv61Q KV+l2tOGJtljcNAVf0GRMXLbpmx2742A8gzLKhOYdIO3zgk7NdY1AchwRuPu35AGRaSEi8K7451 DO8uSMwZSQcZtZWVXQSrIJjFJjC6TnBFQ6K9nZfP4Om2bxNeUhPEFtgyqCYd1Uu5UY54oykZJI5 VqEiIDb6iyooRFu7f9waONYfm0NH0WwSyVnEE1lfWzbHW7iVnVhNVH4Fd49ofx6DCByYLILX1HI p1nvrxHOQZA== X-Google-Smtp-Source: AGHT+IGgaqmfp5XWsFxY1xA/2lqF9f3q6zJGWlTf8/5spXPhIo85zJjIag/SaVzmO3byEJrZK8qH/w== X-Received: by 2002:a0c:e5c7:0:b0:6e8:f6d2:e074 with SMTP id 6a1803df08f44-6f0e5bf4d63mr515436d6.28.1744224824755; Wed, 09 Apr 2025 11:53:44 -0700 (PDT) Received: from localhost (pool-71-126-255-178.bstnma.fios.verizon.net. [71.126.255.178]) by smtp.gmail.com with UTF8SMTPSA id 6a1803df08f44-6f0de95f6f5sm10546076d6.7.2025.04.09.11.53.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Apr 2025 11:53:44 -0700 (PDT) From: Paul Moore To: linux-security-module@vger.kernel.org, linux-integrity@vger.kernel.org, selinux@vger.kernel.org Cc: John Johansen , Mimi Zohar , Roberto Sassu , Fan Wu , =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , =?utf-8?q?G=C3=BCnt?= =?utf-8?q?her_Noack?= , Kees Cook , Micah Morton , Casey Schaufler , Tetsuo Handa Subject: [RFC PATCH 16/29] lsm: output available LSMs when debugging Date: Wed, 9 Apr 2025 14:50:01 -0400 Message-ID: <20250409185019.238841-47-paul@paul-moore.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20250409185019.238841-31-paul@paul-moore.com> References: <20250409185019.238841-31-paul@paul-moore.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1491; i=paul@paul-moore.com; h=from:subject; bh=m5SDi/Ws99YGf4fQxXOcnXDyD5cqe3LLHIxu36oK/q8=; b=owEBbQKS/ZANAwAIAeog8tqXN4lzAcsmYgBn9sHKChmrczEfCENzDC+pQCGE4BSux72u/rOKi LyDwGDcHkWJAjMEAAEIAB0WIQRLQqjPB/KZ1VSXfu/qIPLalzeJcwUCZ/bBygAKCRDqIPLalzeJ c0liEACBjtJdV3P9wJwmBVYcpndOIjNNDeoEg5cXOjcXj0zt8UxLXmlzgtSgeqlgViWqhXcJ3/Z gzv8bkkMpYHWMdcKjcgwm4l2g+SYC/54zYW0GbDX+8hYi7vVafzMm0urmzVezfWXf2bWI2kAf0G Vth24pdK4ECfiZbv9ahaQ92l43GP4OeCcTaj8aPJnela4idSxxGqwPLxkKFcsBisW1cxXoXw6/e 9ngPRZjdSheh9EVe+r+yX1xIoCxsfYNylqFvCokCGiq5i2kv/z2QnymzmQdgEPFX2nvPQX4casB skGrc/GdFHexG3OzeqFxqC261T1s2V0H2htV7p1jjYmhNC/Z+cbzjAYzEeTsMEMqcGrYka897lA JfM1K91gFmHdOFixHHdccoGxuc5uaHbJh49SIvfb/lf1StSAQy594dBQOBeZBzqXS4YdV2zfbV3 DUZvBdWDEZbGLKnIGrmvpIXIyzj7+Cd2M+ipufGklHhQJmR/YKM63TzuNA5zCnjgFN30fYbWL/s UKeNtnrVY5cr3Ma1KSnQAVQ3I/v+TQp0Lr6Pp2fH7XjWiXrzlidJWE3BclbBTAWSr9nbYyLxw2Y UFklhUZDe2pkSPWp3bXINAbLuIy8G/zOTDWQEUg1UMiq63moES3c1IDeLttNOMSrQPTgn89CBEB dsPntWBtJ2AJUng== X-Developer-Key: i=paul@paul-moore.com; a=openpgp; fpr=7100AADFAE6E6E940D2E0AD655E45A5AE8CA7C8A This will display all of the LSMs built into the kernel, regardless of if they are enabled or not. Signed-off-by: Paul Moore --- security/lsm_init.c | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/security/lsm_init.c b/security/lsm_init.c index aba1253ffc4c..8e00afeb84cf 100644 --- a/security/lsm_init.c +++ b/security/lsm_init.c @@ -363,6 +363,8 @@ int __init early_security_init(void) { struct lsm_info *lsm; + /* NOTE: lsm_pr_dbg() doesn't work here as lsm_debug is not yet set */ + lsm_early_for_each_raw(lsm) { lsm_enabled_set(lsm, true); lsm_order_append(lsm, "early"); @@ -385,9 +387,24 @@ int __init security_init(void) struct lsm_info **lsm; if (lsm_debug) { - lsm_pr("built-in LSM list: %s\n", lsm_order_builtin); + struct lsm_info *i; + + cnt = 0; + lsm_pr("available LSMs: "); + lsm_early_for_each_raw(i) + lsm_pr_cont("%s%s(E)", (cnt++ ? "," : ""), i->id->name); + lsm_for_each_raw(i) + lsm_pr_cont("%s%s", (cnt++ ? "," : ""), i->id->name); + lsm_pr_cont("\n"); + + lsm_pr("built-in LSM config: %s\n", lsm_order_builtin); + lsm_pr("legacy LSM parameter: %s\n", lsm_order_legacy); lsm_pr("boot LSM parameter: %s\n", lsm_order_cmdline); + + /* see the note about lsm_pr_dbg() in early_security_init() */ + lsm_early_for_each_raw(i) + lsm_pr("enabled LSM early:%s\n", i->id->name); } if (lsm_order_cmdline) { From patchwork Wed Apr 9 18:50:02 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul Moore X-Patchwork-Id: 14045258 Received: from mail-qk1-f175.google.com (mail-qk1-f175.google.com [209.85.222.175]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D623427C173 for ; Wed, 9 Apr 2025 18:53:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.222.175 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744224828; cv=none; b=q0Xkd88DPV/PW9Cy1gGJjb3CFLAdg6hWd6CqukxpqCUvxFBr/L9j8cZ7Dr6DCmguTO2rr1Wr0j+MUhjoKpqcZzKu4I90xe46XWp8FoLNe9hxS60ZfeF6HPfjaqnsnLjOxcmgyx7pd4d6rwb67dIS9wZYHMbSZYziHMKJZYAR6I8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744224828; c=relaxed/simple; bh=XtVvlYRWblGkknMxfv+0u+Iq02pAOnDokKRM2FiShT4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=fH+OO7gov27lPAWbgTJ80K65Ut722Siis5kXlKm/6yWxIQOOTII9zno0wFTCmRVbhTxoUWBvd3Wg5KyuI0eLD8f75gllBWTBy+MpQT8HNE8l9mx1LX/2VpqduKqeyN9ozzEFZpKy700LtSxAax9xOkH2lWAY84GQtnC85Hpt9tA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com; spf=pass smtp.mailfrom=paul-moore.com; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b=bABg+TkN; arc=none smtp.client-ip=209.85.222.175 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b="bABg+TkN" Received: by mail-qk1-f175.google.com with SMTP id af79cd13be357-7c560c55bc1so1911585a.1 for ; Wed, 09 Apr 2025 11:53:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore.com; s=google; t=1744224826; x=1744829626; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=WiYgLl5uDhdQl6bgeaSF1pb+X4c4kmb/z637fZ12vBc=; b=bABg+TkNnbtkLFqk/dxIoxhs+A8RzY61I7acLGLIGV2vTiDgDkEwSKB82Y1OCnpcrV T/HCrjTjCW/78k7lAmaxTsA6l4btWW6uKrMA0L9abEClFw+oVf3/ZvKeN2EQGyq7e9EL vK6/HVTe9/mgmXEnmeF6h+MpJNPetWpGJeLrN/7BbAbm7J6wgbcU6sclrmFeetwkp24d AEvMRTrO5Bc3zgAmU2pEhnV8JXthA55hAwfKVbGwuWe9mDFyQ3AfpmIWmpQhDU1M/Lwv RSCvrIxhHZsA4Py5AW35Q+FgnQ+WHJp/RoeNNac97J6i9RoVrVprTCSq1NxU/z9AXrZx X6Uw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744224826; x=1744829626; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=WiYgLl5uDhdQl6bgeaSF1pb+X4c4kmb/z637fZ12vBc=; b=BkNbgS1S0MpiT5u7rCWsint0PJB7uK8lvnK75rlMW6GWO4bvxZoj8AfCZXR496+nWl V7oDRL0HN9MgZ9djd/JxFSTBvHFXZcZM9kshDgoyRGVcYj5zIW0csqtpeCLY6jNW1VlW F8ltMh6442ZE5VwdhJsLMBltHDzWFzsElFCxo+l7iLndozTN3n/C6ELDR79TvOJuAgpb 0nW6IoFk6F72SEt10mRMTXnmsPSOZ7EtCo+2JsDjbgrgW80sPKZ1UkbXGHhRmxCefg2U t+cXybWHVwnbFQhpYWmrlw49pq5DQpAnv9YTnVzQUbSODuEc3gIN6aU1RmUKEOKZCWvM LGIg== X-Gm-Message-State: AOJu0YxFKoB9aJoTyhbLNSBgcsCgbYg661u7XjPeFKbDOZEJTiAJvE2H roKN2WT4BBbIMHMdHyPRt5tPqF2RZxVZYVipmddFNjC266T218W1xHRUR6zKLGnNaMei/5dxOFI = X-Gm-Gg: ASbGnct2bu8HYd3XPr0PoBRiCXQ1lXrQxXbthUNNp8f3uuNiATeSe9pdPLrxaxoNnuC SblI7pepMJBwxx2V83iMrjVshtJblpZli2Um6CtvOpbhgJsw9SI2tkWtKcliHoDixY/we/iXxOK Xr9prhamYNA02WA5WSj7yjxwE7G1d3lj4Jn8bCg7A0SbmJS+MhD7vepdxSHRKCpe90/SduSeatA dh1EEZX+dGJZkt5qoSD80pAnhjuRR/FCUM8qCs5PacdQjWXM+Xlbicl46zDaET/msZhJfXnB5zk MJ1Uq409BLZiDv4g+UWJxpszyIp+5yr8/epY1FpJk2kSTNwip0rnn8kyLEWwuZNTmh3Ja8H8eZF VLseskbJGNA== X-Google-Smtp-Source: AGHT+IEstbFu3PL/cbUHeUSev6rcgIuGMR1geIV1sucvr8fjrY/zJYpai452XgMdp2eTPzdTSZOr1A== X-Received: by 2002:a05:620a:2484:b0:7c5:562d:cd02 with SMTP id af79cd13be357-7c79cc356b7mr584073585a.41.1744224825767; Wed, 09 Apr 2025 11:53:45 -0700 (PDT) Received: from localhost (pool-71-126-255-178.bstnma.fios.verizon.net. [71.126.255.178]) by smtp.gmail.com with UTF8SMTPSA id af79cd13be357-7c7a11c9ffesm106634785a.72.2025.04.09.11.53.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Apr 2025 11:53:45 -0700 (PDT) From: Paul Moore To: linux-security-module@vger.kernel.org, linux-integrity@vger.kernel.org, selinux@vger.kernel.org Cc: John Johansen , Mimi Zohar , Roberto Sassu , Fan Wu , =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , =?utf-8?q?G=C3=BCnt?= =?utf-8?q?her_Noack?= , Kees Cook , Micah Morton , Casey Schaufler , Tetsuo Handa Subject: [RFC PATCH 17/29] lsm: introduce an initcall mechanism into the LSM framework Date: Wed, 9 Apr 2025 14:50:02 -0400 Message-ID: <20250409185019.238841-48-paul@paul-moore.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20250409185019.238841-31-paul@paul-moore.com> References: <20250409185019.238841-31-paul@paul-moore.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=5184; i=paul@paul-moore.com; h=from:subject; bh=XtVvlYRWblGkknMxfv+0u+Iq02pAOnDokKRM2FiShT4=; b=owEBbQKS/ZANAwAIAeog8tqXN4lzAcsmYgBn9sHQ+Moqr3n7R64wGhRt/UGOmMdC+5MJlDSx8 8OmCZZcNTGJAjMEAAEIAB0WIQRLQqjPB/KZ1VSXfu/qIPLalzeJcwUCZ/bB0AAKCRDqIPLalzeJ c57FEADj5jUlkFCqXxTiPtSD4o6Qnmx1TwCb2o+mS3u5Tw4nSO9+R66f8yIppWkiMoK8qOI2EC+ v9x+Al/BrRTYnoM5RD5p5/DhfZ6DGx6/s9r6FtRgXOtSIpPXW2aEJQsnHzDdSwQkZoBugDkn4LE 2BPU9w4MKU5TFTUBOE+kSaMEpeCawtM4TLol2DD1Ct/R849T7B50zDgcvPaUhp3vDxIjZAvljWB 7CwHYdsHOhTU+RIi1/jG4/w4wmnAgeo+19dKNdu7rTa6yqjGOeXMkCPMalmIq7Ut0huuf7T15bP hmFEsnJq9OmgQLnyKiR1f868pY5dWxxiQ/PrORnHiuFZKtfeeCkEyh60ZXKOTD/Iq0tOxvb/wG/ XOQibSEEj1vUhlWYCft/D5KePpupRp8lzzKvk1zsK73pgTq56Qzij/k1YwDy/sEHkypZ9YXuWkV YftgErcpYMyLp64Bix/Qp22PcvgkjRrOLwhAteQHnMSuMxfoiNuODr3/IYAvcqu6i1QvSgB8jw0 qRkXG+iidTfUBTUQDuPtnbURcBfudtL5ERl/FDpGxvf69W0a5EIz78G2XQ6b4HgoaeDDtNlOBsH m9hFdNHzfURLvUfYxkEl7JJevreUDiIzZ0e0dPOcVcWjqOa1UbvXXJv3KS/o4kq4CuhcfQd1KFS 3GLCrcrpeqgqzCA== X-Developer-Key: i=paul@paul-moore.com; a=openpgp; fpr=7100AADFAE6E6E940D2E0AD655E45A5AE8CA7C8A Currently the individual LSMs register their own initcalls, and while this should be harmless, it can be wasteful in the case where a LSM is disabled at boot as the initcall will still be executed. This patch introduces support for managing the initcalls in the LSM framework, and future patches will convert the existing LSMs over to this new mechanism. Only initcall types which are used by the current in-tree LSMs are supported, additional initcall types can easily be added in the future if needed. Signed-off-by: Paul Moore Reviewed-by: Kees Cook --- include/linux/lsm_hooks.h | 33 ++++++++++++--- security/lsm_init.c | 89 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 117 insertions(+), 5 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index a7ecb0791a0f..0d2c2a017ffc 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -148,13 +148,36 @@ enum lsm_order { LSM_ORDER_LAST = 1, /* This is only for integrity. */ }; +/** + * struct lsm_info - Define an individual LSM for the LSM framework. + * @id: LSM name/ID info + * @order: ordering with respect to other LSMs, optional + * @flags: descriptive flags, optional + * @blobs: LSM blob sharing, optional + * @enabled: controlled by CONFIG_LSM, optional + * @init: LSM specific initialization routine + * @initcall_pure: LSM callback for initcall_pure() setup, optional + * @initcall_early: LSM callback for early_initcall setup, optional + * @initcall_core: LSM callback for core_initcall() setup, optional + * @initcall_subsys: LSM callback for subsys_initcall() setup, optional + * @initcall_fs: LSM callback for fs_initcall setup, optional + * @nitcall_device: LSM callback for device_initcall() setup, optional + * @initcall_late: LSM callback for late_initcall() setup, optional + */ struct lsm_info { const struct lsm_id *id; - enum lsm_order order; /* Optional: default is LSM_ORDER_MUTABLE */ - unsigned long flags; /* Optional: flags describing LSM */ - int *enabled; /* Optional: controlled by CONFIG_LSM */ - int (*init)(void); /* Required. */ - struct lsm_blob_sizes *blobs; /* Optional: for blob sharing. */ + enum lsm_order order; + unsigned long flags; + struct lsm_blob_sizes *blobs; + int *enabled; + int (*init)(void); + int (*initcall_pure)(void); + int (*initcall_early)(void); + int (*initcall_core)(void); + int (*initcall_subsys)(void); + int (*initcall_fs)(void); + int (*initcall_device)(void); + int (*initcall_late)(void); }; #define DEFINE_LSM(lsm) \ diff --git a/security/lsm_init.c b/security/lsm_init.c index 8e00afeb84cf..75eb0cc82869 100644 --- a/security/lsm_init.c +++ b/security/lsm_init.c @@ -39,6 +39,27 @@ static __initdata struct lsm_info *lsm_order[MAX_LSM_COUNT + 1]; for ((iter) = __start_early_lsm_info; \ (iter) < __end_early_lsm_info; (iter)++) +#define lsm_initcall(level) \ + ({ \ + int _r, _rc = 0; \ + struct lsm_info **_lp, *_l; \ + lsm_order_for_each(_lp) { \ + _l = *_lp; \ + if (!_l->initcall_##level) \ + continue; \ + lsm_pr_dbg("running %s %s initcall", \ + _l->id->name, #level); \ + _r = _l->initcall_##level(); \ + if (_r) { \ + pr_warn("failed LSM %s %s initcall with errno %d\n", \ + _l->id->name, #level, _r); \ + if (!_rc) \ + _rc = _r; \ + } \ + } \ + _rc; \ + }) + /** * lsm_choose_security - Legacy "major" LSM selection * @str: kernel command line parameter @@ -458,3 +479,71 @@ int __init security_init(void) return 0; } + +/** + * security_initcall_pure - Run the LSM pure initcalls + */ +static int __init security_initcall_pure(void) +{ + return lsm_initcall(pure); +} +pure_initcall(security_initcall_pure); + +/** + * security_initcall_early - Run the LSM early initcalls + */ +static int __init security_initcall_early(void) +{ + return lsm_initcall(early); +} +early_initcall(security_initcall_early); + +/** + * security_initcall_core - Run the LSM core initcalls + */ +static int __init security_initcall_core(void) +{ + return lsm_initcall(core); +} +core_initcall(security_initcall_core); + +/** + * security_initcall_subsys - Run the LSM subsys initcalls + */ +static int __init security_initcall_subsys(void) +{ + return lsm_initcall(subsys); +} +subsys_initcall(security_initcall_subsys); + +/** + * security_initcall_fs - Run the LSM fs initcalls + */ +static int __init security_initcall_fs(void) +{ + return lsm_initcall(fs); +} +fs_initcall(security_initcall_fs); + +/** + * security_initcall_device - Run the LSM device initcalls + */ +static int __init security_initcall_device(void) +{ + return lsm_initcall(device); +} +device_initcall(security_initcall_device); + +/** + * security_initcall_late - Run the LSM late initcalls + */ +static int __init security_initcall_late(void) +{ + int rc; + + rc = lsm_initcall(late); + lsm_pr_dbg("all enabled LSMs fully activated\n"); + + return rc; +} +late_initcall(security_initcall_late); From patchwork Wed Apr 9 18:50:03 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul Moore X-Patchwork-Id: 14045259 Received: from mail-qk1-f179.google.com (mail-qk1-f179.google.com [209.85.222.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0C0F127C17D for ; Wed, 9 Apr 2025 18:53:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.222.179 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744224829; cv=none; b=CoTOl68hm2389LSkKHNaZNG7OBLIRtv0rmmT2o47hKtzriZ6QvXBYM79tMNyNKbLRY5ibwdxUk/eymmXk1n8FbpRErfHz+tgnSYgXt8xViPoftKvDRUoiHWwc5ZwAPmG8eA7fnqxV5rm8h9Q8yr2AEj8V7HvM7jHZ7PDjw9/V4o= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744224829; c=relaxed/simple; bh=U0J8daT5qbdY0XH0/6KwMZfXF6KoGXdJq3T5B3kThVs=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=EZ2JGuR83KIIH2CzRU39d7IH12vJKtcTYEg9Xwp6bzdwAfBjVnOwV8JTFD/82DXofzochTvxIdJ3mZi1FbOopn5zopnTOfS+69YY2L1byfbs47QiBx9ocmnM4RX6O4qwj0QSyh4a6Y+6fy9w2PuRehWJjMWkqi6W7XgjC20UGEM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com; spf=pass smtp.mailfrom=paul-moore.com; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b=MlUMReY1; arc=none smtp.client-ip=209.85.222.179 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b="MlUMReY1" Received: by mail-qk1-f179.google.com with SMTP id af79cd13be357-7c5f720c717so111594285a.0 for ; Wed, 09 Apr 2025 11:53:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore.com; s=google; t=1744224826; x=1744829626; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=XOHKz9d/qjT2CE9duhaUIeD9jISgOoKf1CYvh/h5rto=; b=MlUMReY1lCgQD/eolgpi9Nr2raLx8fyK/f/5UFvFpjgpC+ghisy+6p8O9hvspmDe7h ZxD2q9eEHqdyI4QOCghfzrj9w5sqG3+Bpl9jFIhbYI+msYw9pLQdV9CxYdkQ77QE3AkP uKoU6SFRCvV38f6t1iv5r/MncgpusEajtdgBYvgIE8UePHbsaMyIsJD+maZ9fd2pepIb iYIQDO6q3xBPNHRG+FiqNyGVrqkTDlguV5JOk7b8zAwmTBz3OWuUVX4dF02YU4dOYNiR QWf3wJMVAtivjAyvIEy2xf9IpB2Q6Yr4mYdo0FEBlBqj0sm+tzkuoRdoqTDj01kn44k6 MY7w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744224826; x=1744829626; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=XOHKz9d/qjT2CE9duhaUIeD9jISgOoKf1CYvh/h5rto=; b=ahgXGcpjSb+fIu8qUY/WCH9FHYbG/ghiy/ILkJzC5/3oRk2C/HYx+f9+/52FlDF/3W LVxlgvBXmUUYbYq3FLBqAKArmjKYQM3uE1JjOiI/x3X/o2gR9NQkzzg3yeTnApEEsUCZ BznWUIoDum6spBXbfcS9iz6AwNzWamG/fJugZZ7BQWxrf2DLoOdp8SohQpMQ2hZKSTz1 MaqSkpndBBLCzM2BS85RmkqK3gNFhyriTIwEIz3wpbiDLZlS+VfG2r+ASYmlNxJO/rGQ vdiYEqAwDXgo2i1cnSdCb6E+yNSzi/Rat5AQLmdJo4ySkUqtDcVBq7JP4ofCfryZIyBX VzGg== X-Gm-Message-State: AOJu0Yy/NaALHwrIO1KP70tN9eP0DfcM84hUPiGlNpXEGEs1NYqS6EHH LT6QFa1e55I05dSYCQlXDetsBUN7hHwsrgIojVL5WXGNru9gVe/2T6QqqiuMH0O8ZJ46VXXuvCA = X-Gm-Gg: ASbGncs2fr6aKgRWxL+5xMIfySIQHGEqzFbAdqNBzXzh84tfpIc3nhsREo678AcREnj u3wbY7kJ9hV2Mgqmq4IHMlgBo7WMHdes3OUQD79/xBXpCHYJJiqYEevcz9gzCFe6hdMXFRdslr/ jFzPBj71s3PADeYJA9Lu68ZG95IixtkIfhdbxL+VJFh7IfsEv52I1OSgK1hgRug32bMvusrQOV5 j5fzsQ7pXtg4Oim2OUEzHzoDSTsFEeIHIYOTAXgNfR+9JkGJtM3TtvaJlFAXFET3EeEtPuc2lOo NbNXbFAVzwtmZrmBsGyqwYSuKDDowoeE5CHhd5FJcTZ68akD8bdUq3tIguisSZT10j5Ie0XKu8o 6GN1F5C+7zw== X-Google-Smtp-Source: AGHT+IG+c6drXp3nozaPsjXztwAoOvjGgCaW6rE/tB4NQI4PpZiDxVdOYrpKlKJ0q3cSZYNhC4QBsQ== X-Received: by 2002:a05:620a:258d:b0:7c0:b384:77bb with SMTP id af79cd13be357-7c7a65e1ce2mr100060285a.14.1744224826739; Wed, 09 Apr 2025 11:53:46 -0700 (PDT) Received: from localhost (pool-71-126-255-178.bstnma.fios.verizon.net. [71.126.255.178]) by smtp.gmail.com with UTF8SMTPSA id af79cd13be357-7c7a11c9bd0sm105448885a.85.2025.04.09.11.53.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Apr 2025 11:53:46 -0700 (PDT) From: Paul Moore To: linux-security-module@vger.kernel.org, linux-integrity@vger.kernel.org, selinux@vger.kernel.org Cc: John Johansen , Mimi Zohar , Roberto Sassu , Fan Wu , =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , =?utf-8?q?G=C3=BCnt?= =?utf-8?q?her_Noack?= , Kees Cook , Micah Morton , Casey Schaufler , Tetsuo Handa Subject: [RFC PATCH 18/29] loadpin: move initcalls to the LSM framework Date: Wed, 9 Apr 2025 14:50:03 -0400 Message-ID: <20250409185019.238841-49-paul@paul-moore.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20250409185019.238841-31-paul@paul-moore.com> References: <20250409185019.238841-31-paul@paul-moore.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1169; i=paul@paul-moore.com; h=from:subject; bh=U0J8daT5qbdY0XH0/6KwMZfXF6KoGXdJq3T5B3kThVs=; b=owEBbQKS/ZANAwAIAeog8tqXN4lzAcsmYgBn9sHWJoStLswLfKePDDr3dsFYxt6C8v3Zk7goC HEKVxevRFKJAjMEAAEIAB0WIQRLQqjPB/KZ1VSXfu/qIPLalzeJcwUCZ/bB1gAKCRDqIPLalzeJ c2KMEACm7+2OCx2kQ5fG7StRMJW/3n1wX/suF7NH5uiAbGUkQgRDyX3aohGr/TNR1vI0WuBxcxd iKIdGrsFiPSGjQVFKWdgQmAA3zJYwHttMd+uS5G03hIGriID5uLDqrsS0x6/jkN9X1IrTgMWXNd 17OyZ6e4fOYvenc0FEn7YTz5Z1RIBC6zdeMSw8A9U1FFGzWltu8mkyQlTnwBBxQonW7ZZ5TLER+ t40CYiSURQJOBUllsApcrEz5+N64liy92cl726YpbmPrw159omGFxwf5WBG1rn11ERliOAlCRxZ qBo/r24HBp56gtHYSSLiVtKUziOqdVTPKEnhCRXJSx1U5ilJF1Sp1wMa+Biem4oqq1ujXQsK/Km 9Ezmy1vpGCuwmTeoZbWXfJO0K8iq2RSRD9RwpaTvcekvWqCbjOJb6AzQ5aaGAs+NI5QulV59d7J QnQrF2hKccrPBWm9TZrQi8k2S2oAstftdKSDzu57BCqJHT1QweyWXYUhN2TUneUPDNLJXfQ2xX3 IJXNGatmzo6V8malwATvZD5r8vEkCJlosykEOhY1nye5NsnenufsZPDWX7fEBy97J1T3oxhmTTP dUpVwCuOnSmTvsyqvwMopHrPMGloXaQBXAtRfVLJSbkgyDmaYBBntNgyOGRo2Y18lN5XoXHL/gG hT8O2jpwYddoTog== X-Developer-Key: i=paul@paul-moore.com; a=openpgp; fpr=7100AADFAE6E6E940D2E0AD655E45A5AE8CA7C8A Signed-off-by: Paul Moore Reviewed-by: Kees Cook Acked-by: Kees Cook --- security/loadpin/loadpin.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/security/loadpin/loadpin.c b/security/loadpin/loadpin.c index b9ddf05c5c16..273ffbd6defe 100644 --- a/security/loadpin/loadpin.c +++ b/security/loadpin/loadpin.c @@ -270,11 +270,6 @@ static int __init loadpin_init(void) return 0; } -DEFINE_LSM(loadpin) = { - .id = &loadpin_lsmid, - .init = loadpin_init, -}; - #ifdef CONFIG_SECURITY_LOADPIN_VERITY enum loadpin_securityfs_interface_index { @@ -434,10 +429,16 @@ static int __init init_loadpin_securityfs(void) return 0; } -fs_initcall(init_loadpin_securityfs); - #endif /* CONFIG_SECURITY_LOADPIN_VERITY */ +DEFINE_LSM(loadpin) = { + .id = &loadpin_lsmid, + .init = loadpin_init, +#ifdef CONFIG_SECURITY_LOADPIN_VERITY + .initcall_fs = init_loadpin_securityfs, +#endif /* CONFIG_SECURITY_LOADPIN_VERITY */ +}; + /* Should not be mutable after boot, so not listed in sysfs (perm == 0). */ module_param(enforce, int, 0); MODULE_PARM_DESC(enforce, "Enforce module/firmware pinning"); From patchwork Wed Apr 9 18:50:04 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul Moore X-Patchwork-Id: 14045260 Received: from mail-qt1-f169.google.com (mail-qt1-f169.google.com [209.85.160.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B900F27C840 for ; Wed, 9 Apr 2025 18:53:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.160.169 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744224830; cv=none; b=HHs+eB3+E1U72VSQIzQ+jQrDhD77hW2K0jsq9n3vHUslKCxfYquAUAgWMUj8DWl3ZxCn4J9Mk/MKQlRCTPRqMWy0ZOOr7+cWNnSDgYM226LqP7+nVPy0KIENsPkUAg+ki2KE/mFrii1sPt74dhfrdMcRhswVCGyi5DXx5RVPrrI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744224830; c=relaxed/simple; bh=aZmsIvJPoI4ngYmXJWeXgF8y2oOlPMmKtKzq1MSs1DE=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=YI+THjffkyYhfymbcxNcoZXJ0Y3vCz0Cnh5zW87Yupe4krnD+hINMQe/mClmzn65wTQk5HXwFefQzvM7AlruH1hQwg9K6w0g94VR7HbUYKfZJiIoyfIP4byRuKyf020Ehtp2xJqKelep+C9Nh7m8Fzd0z5GrAO/UOTjndz7qJ/o= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com; spf=pass smtp.mailfrom=paul-moore.com; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b=Tqoe9yd9; arc=none smtp.client-ip=209.85.160.169 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b="Tqoe9yd9" Received: by mail-qt1-f169.google.com with SMTP id d75a77b69052e-476ae781d21so68996611cf.3 for ; Wed, 09 Apr 2025 11:53:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore.com; s=google; t=1744224827; x=1744829627; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=0frXzb7FQ4unUv7hadq0SfdHmMnKmLmjlk2MSpCAis4=; b=Tqoe9yd9L05LucWrnguG82ECWN47AzV1zDI1m9MAgp13yEvWHvA+ngzw+BVMLjJ55w BsCpXVCy6l/aLNetiXEyPn/7JECS2Eh7GssTVY6NBNmCRR0MVqDmhFpuBuhfi326GzJk wqLAEGqrucv9BUM5LWvlVXYC3o4/T7PJNzoJh6ss4tzOdkPxYvFFOhV+8Wjm19bEtpLP p8qYGeAnAk6xOVvT9XvVMcU2icEsQJKxWp9xKv9x/LqpJhyrtWsjWn9CKQYJByJ8ZtF3 Im62uF1m/pw773cLUu+nSdwpwtqUh5o+vVuw2RmfYgyspBpLnydcZ5Kulg72aB5a6Qu5 SHcw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744224827; x=1744829627; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=0frXzb7FQ4unUv7hadq0SfdHmMnKmLmjlk2MSpCAis4=; b=DaVFJA0LhbRUQEmsFcWAqk04yaeGtGexIsSSVRIffr6rUBm5diGsq6EnBjuc99hMMG 7Sk4SQWg7xJUDJFQ7yKtn3Oz5wWkr2z8D/BLf4RNLGT8FRe3wRR9X0rcszs/axn9b/pk rvBcNfgTpTpaZ4oLXrOvLAtaqGRsz/XsPTuhfns1OOVZmkuh8UcMtbyiL59GUabPPeYG Fqsv5bSG04LgO3Liw7nbYHK8Jwfn5CV5+oQtCwmINPJuIuhKlH1gw7aK6bFyOXG5tslc rNar0MFeOW7u/pFBOlcb04drOG3GHwMZsZFAJRR4N6o8pxo5MiL1d0/2RpbVm5k+G64S bD4w== X-Gm-Message-State: AOJu0Yx/bhkCFRfh3J6T78FHLfOsxq/bM69F5235EcRidrhwVSt2qMeS 3M1JHoOSPjrAoVfOPh3KJy4zCMDfNFRqfiuODtomC7d1ZwRrtNMZD9cE1mTnXSwnvULmNSJPKOo = X-Gm-Gg: ASbGncutm0UY5DSP9Cl7HdXK9mdC7ZD+4VDdJdRp60KeAdn9BEyIbCUtvnFJhT3ttNj gbHJ6rH8VTDjhC2V9FMTC6k4rD89XMxqJazuz6jerC1fOtdoG3yW/kRG0lz/G0xGma80gYdOtGx 0arlVmPIYwI7Ocmm74M6IlhGK4CwH/MkjWbdEG87XpiTudyLQomDyVnSPEtPbUfltmopP9mC5E2 WOQ/P33xbga5ffajdxZDXdk0cLShG1sWtD0tUI35LXO1TPwAV7PorADCl5Z9Fdk3GVjoz/DLtjc qzVibI0WRTlSXuk4e00osfq5OC4ZYoCXgcJGukv2/LbiQ9Cx6eYDX5vzzQHGQITzYChW4idSnZe FuCrQqG6JOQ== X-Google-Smtp-Source: AGHT+IGM3GNaeeJGL2gDIPHXC+k23Jbk/TbMdo4kNoHgoR36g+QYaYkUm4L98mVKKwoC7nghpRZPpQ== X-Received: by 2002:a05:622a:11d4:b0:476:903c:822e with SMTP id d75a77b69052e-479600c2978mr57671031cf.27.1744224827573; Wed, 09 Apr 2025 11:53:47 -0700 (PDT) Received: from localhost (pool-71-126-255-178.bstnma.fios.verizon.net. [71.126.255.178]) by smtp.gmail.com with UTF8SMTPSA id d75a77b69052e-47964ef7283sm10257671cf.68.2025.04.09.11.53.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Apr 2025 11:53:47 -0700 (PDT) From: Paul Moore To: linux-security-module@vger.kernel.org, linux-integrity@vger.kernel.org, selinux@vger.kernel.org Cc: John Johansen , Mimi Zohar , Roberto Sassu , Fan Wu , =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , =?utf-8?q?G=C3=BCnt?= =?utf-8?q?her_Noack?= , Kees Cook , Micah Morton , Casey Schaufler , Tetsuo Handa Subject: [RFC PATCH 19/29] ipe: move initcalls to the LSM framework Date: Wed, 9 Apr 2025 14:50:04 -0400 Message-ID: <20250409185019.238841-50-paul@paul-moore.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20250409185019.238841-31-paul@paul-moore.com> References: <20250409185019.238841-31-paul@paul-moore.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1483; i=paul@paul-moore.com; h=from:subject; bh=aZmsIvJPoI4ngYmXJWeXgF8y2oOlPMmKtKzq1MSs1DE=; b=owEBbQKS/ZANAwAIAeog8tqXN4lzAcsmYgBn9sHcccWtngsU8Cc84kYdEf9bgvv0CHwM4v1BC 0cgx2uWnuqJAjMEAAEIAB0WIQRLQqjPB/KZ1VSXfu/qIPLalzeJcwUCZ/bB3AAKCRDqIPLalzeJ cxYcD/9+8juKSTsg1WDIkPvMtLDYg1N/UF0f6RqwFmfnoPtH4gJN2rVLNdLp343bq+uZIWhjT5Y sod1rK5biX0sWHs9qmHHFp5+3uGXYDIAyFcALVc5exOCacHkFgdISykduCLLvHb45jKXpTobdSz Uv5s2xMUAKWhcWKlvoBku3Bq1A2bB0w14eca3ndSDzzsk5wKNi9Onja5WDAiAvWdyjPEQRj9Kj+ C37ZlTJc3WlH7faMncbhAjwiuAJwUQDsiOPG2GQ63Sf1GzBo8LDCQ9eMqRJhaoOzsz1CVgJeW4I 56JIs+m4HqvHNGBD9mtVU7rvG9VHwsbdB+uMEtYFSRfZFc37ZkHYB06K7M7takz0uLSPDZKHgfV gke6QlDwoJgPy36OVDcz8W39PZX67hJrmXUx0G1wB/ynhYXt8ygKmLHWZdDxDoZCCmGbNZEzaty AVfucVA+eVkMJ9RrcYHZxv3WRh3vq7bwMhxDi6VORaxNSDFREOEhzEmHG63ahksayaz5apkf3Ri QF/rsrUrUXI7HD7v+ZhndrwPo3gbr+GzcdriefXf4ScabZzjHPEDEVsY1E5fQz6hSE1Nd/mlF/7 HKETphgdAm9rpD0w3MB8Uv3OEqtkfnak/DiYjzBC3VIiypzWRcnOarBE+lUXwKsA8x5QmTazKHd HpLQWAC4uJcZ1Rg== X-Developer-Key: i=paul@paul-moore.com; a=openpgp; fpr=7100AADFAE6E6E940D2E0AD655E45A5AE8CA7C8A Signed-off-by: Paul Moore Reviewed-by: Kees Cook Tested-by: Fan Wu Acked-by: Fan Wu --- security/ipe/fs.c | 4 +--- security/ipe/ipe.c | 1 + security/ipe/ipe.h | 2 ++ 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/security/ipe/fs.c b/security/ipe/fs.c index 5b6d19fb844a..e4437c70ed3d 100644 --- a/security/ipe/fs.c +++ b/security/ipe/fs.c @@ -187,7 +187,7 @@ static const struct file_operations enforce_fops = { * Return: %0 on success. If an error occurs, the function will return * the -errno. */ -static int __init ipe_init_securityfs(void) +int __init ipe_init_securityfs(void) { int rc = 0; struct ipe_policy *ap; @@ -243,5 +243,3 @@ static int __init ipe_init_securityfs(void) securityfs_remove(root); return rc; } - -fs_initcall(ipe_init_securityfs); diff --git a/security/ipe/ipe.c b/security/ipe/ipe.c index 2426441181dc..71644748ed56 100644 --- a/security/ipe/ipe.c +++ b/security/ipe/ipe.c @@ -95,4 +95,5 @@ DEFINE_LSM(ipe) = { .id = &ipe_lsmid, .init = ipe_init, .blobs = &ipe_blobs, + .initcall_fs = ipe_init_securityfs, }; diff --git a/security/ipe/ipe.h b/security/ipe/ipe.h index fb37513812dd..25cfdb8f0c20 100644 --- a/security/ipe/ipe.h +++ b/security/ipe/ipe.h @@ -23,4 +23,6 @@ struct ipe_bdev *ipe_bdev(struct block_device *b); struct ipe_inode *ipe_inode(const struct inode *inode); #endif /* CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG */ +int ipe_init_securityfs(void); + #endif /* _IPE_H */ From patchwork Wed Apr 9 18:50:05 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul Moore X-Patchwork-Id: 14045262 Received: from mail-qv1-f43.google.com (mail-qv1-f43.google.com [209.85.219.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A795627C178 for ; Wed, 9 Apr 2025 18:53:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.43 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744224832; cv=none; b=BEVWcPxjvy7VaiVhOP+ZkjfiIx3VakEJNia/PLOYKxet57zy5nIRHhDVMFOMBPKJnA/R70OmrDTnmLUMyay2mBFYW9eVu4t2jXhm9BqyZpGMlD+mdyzI9xBHRLsRI7GkiFCA7xeRPelXuvRBWec5+reGsLzIk9egd8eJgqdEPuQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744224832; c=relaxed/simple; bh=AVkJRjtNhqXhyUlfGVNTrUMP8tB9qm5nbyF0thgK/JU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=SMihUjJmLDrT3Q4nBePGQMMzjoiz7rTOoKpN1vCEuswC7IVzdX3ja1LOmgvlU8A2jSXOiBnJwNsQXITjMs/pAfWa9146X3Uag8mlsI4UsTc9NU60gOWxYD7wXBclTT+fquVEdkcgfrm5AIg9P3+l4zBqZUcj7gkaYRvPVBc/p24= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com; spf=pass smtp.mailfrom=paul-moore.com; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b=HdD5mXjx; arc=none smtp.client-ip=209.85.219.43 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b="HdD5mXjx" Received: by mail-qv1-f43.google.com with SMTP id 6a1803df08f44-6ed0cc5eca4so11765676d6.1 for ; Wed, 09 Apr 2025 11:53:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore.com; s=google; t=1744224828; x=1744829628; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=VKO29QV8yek+caUxIhnywepsP3FQanTvQ8hfSVxZoMM=; b=HdD5mXjxQX7FsbEwP4WkXckCmmwws0HYW4RfZHgTC0lM1ZzVOfcb1JaeSzOf/q+9YF I91aL0epn9KJhTeYe2caGurMjA3cQpbvou43oBTUv67LuGaALhv8Zp8DUIDsvC4iXYRL bZSQE0qAiFq0YUALIXdVMrDfAwF5LO2gYKmnr/Har6pbItTvnth02ZfWu1pUZw/PnMq3 1QSocebQiJSexpE+efqfkhdXHzrXtCI39mTZF2WSL6W8Zgk55pw4eaGMSmmX+sdpfT5l d7IJL+X8sHIKc1AyMU1Cn+BFEfT/VprrvbkKaIDKx4/tZ+hosUMjew2Kfgx7liweTGvR NWhA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744224828; x=1744829628; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=VKO29QV8yek+caUxIhnywepsP3FQanTvQ8hfSVxZoMM=; b=Xxb7WrC4BdRvjjB3bRAV+lYNP15pEo8ZPgvYm4v+8p6N670xibasBPnYHan7H5ODRm ZdRkZNqon3GN7+LJXmT/0wJskpYwPXBuPjGcrjdv555M2OzEcAZH/i11CdcKxQsz1NGH dwoUN3QQmVUgLo4CXgHCqnxruA544+EARstkdPJHB6PVOcZ016DEdIzECKpqimY4dGIl QvG9cCQe+DgKKgd0oDAspFboeVlzgto/3+6vCJaQdWvZXe0aKMV2Swp4XtPerrD6mLDc X6iUtDJZSEb0+FwmAzfK6JqchxMt1y5K2kxmMhUYNH5URu86PPSEruqe9rET2i5RwOOk XcHw== X-Gm-Message-State: AOJu0YzeRMzh38Klnck/1wS45+iNz30mHIvhtwolMWkghyVLlv6RmXmw 2CHgFetyHX+S75CAn54H/WyL2ycPdffwDnSFH8E2Gyfrcy289zt7jH2CVK5qbwva+AdyS69w67c = X-Gm-Gg: ASbGncskj3cshB9M6tiTmVefz1q20CGsWUZu0jX7a7RL65hO1a1cGjPfq5dCTbS5tB6 imNBmev6bkNw7HjXkVHD3iuBjLeLgKmw64dfQKj1YvreS5nkTyRwqGh9evoPHmF1EYfM42a9cce Pw1ApMVzdjzHxqM2z23a9uf1f5U8EMk/LuBCpcSRbuIaaEfr3QQPh2UKpYjOicBzfETAHGxQco9 46X6FyauwtDqkBuqxClkaKsOFcQ5V0LkXvWPeyRIt2vsKp8wpLoks6Fq8daqlr1tMMG5WsWpIEt s5fNzD2nsE2ebM8DfIVFbIJlBunesmqjqjqyXtGGr0/zBoIml1biOC4aIjx/Vx3eXVdhVuo/4Rw 0Djd0TOIgAw== X-Google-Smtp-Source: AGHT+IGKMAYZQN2V76MHT3Js6gITRLB6/iF8KnmrzKiRhKmZSw8tQwBa3BrqLH4QaSEYiEHiRDo1lw== X-Received: by 2002:ad4:5993:0:b0:6ea:d503:6cfd with SMTP id 6a1803df08f44-6f0e4d04e59mr9943876d6.19.1744224828399; Wed, 09 Apr 2025 11:53:48 -0700 (PDT) Received: from localhost (pool-71-126-255-178.bstnma.fios.verizon.net. [71.126.255.178]) by smtp.gmail.com with UTF8SMTPSA id 6a1803df08f44-6f0de98088dsm10479746d6.58.2025.04.09.11.53.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Apr 2025 11:53:48 -0700 (PDT) From: Paul Moore To: linux-security-module@vger.kernel.org, linux-integrity@vger.kernel.org, selinux@vger.kernel.org Cc: John Johansen , Mimi Zohar , Roberto Sassu , Fan Wu , =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , =?utf-8?q?G=C3=BCnt?= =?utf-8?q?her_Noack?= , Kees Cook , Micah Morton , Casey Schaufler , Tetsuo Handa Subject: [RFC PATCH 20/29] smack: move initcalls to the LSM framework Date: Wed, 9 Apr 2025 14:50:05 -0400 Message-ID: <20250409185019.238841-51-paul@paul-moore.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20250409185019.238841-31-paul@paul-moore.com> References: <20250409185019.238841-31-paul@paul-moore.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=2917; i=paul@paul-moore.com; h=from:subject; bh=AVkJRjtNhqXhyUlfGVNTrUMP8tB9qm5nbyF0thgK/JU=; b=owEBbQKS/ZANAwAIAeog8tqXN4lzAcsmYgBn9sHiys+u8M003Mml32kBFN+BOJZVTyVEBEHBj 0HLFBNfBdKJAjMEAAEIAB0WIQRLQqjPB/KZ1VSXfu/qIPLalzeJcwUCZ/bB4gAKCRDqIPLalzeJ cym7D/0cO1r1L2sdyvHjCYfW98sk0Zr7C2IQOTybQtrf3CEyTX556gVxI7u0yaAGyFGJ7wTyBiN Tv0iaPq/MEstauti5dq5iOAcgZxmM8JqBbaTF489G2jODPQPZ0DRe2JKeV1PIJbW7z4LS4vNXMh sXuDOClT5cLJxPAZXK1jMLMmV38TB7tXZz3dXnNsLpil/tEqosw2iuthX/TOKNRfb+20vqty7mL AsnKQ+0egsonYJQu5BcLeurySXBfjqRuRcwjvsV6+4/QlM1wdVVo8wndbwKV9dkwlFh5GjEoN1d ztu8QcE0aq/LbEl5XZlhJrHf7V2w4kYwCHhMVihgf3YgHh+r3CPSqDqv1y3uVWnd9ydS9zW1uOL mltFax4XfE2WNeDrykY3vGPbHUri7vXIZCR90dj5/l1v+QnxKaq2j9/XNYPqaX6QInu+sGbWJO/ y/tugf9vWo1UGmXX5ClBR/zoiaiS40Y3TLKtjoITmpR1tQf9mJSpsug3eg32YbEr/nvzZEfXjz4 ITIvHlRUeOj0osAi3wx/lnSY+4uTspUFQDECDNPVBt2jZAHji2sDJxwZNFQseJZKkFAzW9MUtsL 9ItubyJeodzYOvxKi5bery3E5E/aKgaB/cWcMfTacaaKyGa0+wJxqKAG1apKl3pjPYd4oNgJy9j OyuqAL+gWyw8Byg== X-Developer-Key: i=paul@paul-moore.com; a=openpgp; fpr=7100AADFAE6E6E940D2E0AD655E45A5AE8CA7C8A As the LSM framework only supports one LSM initcall callback for each initcall type, the init_smk_fs() and smack_nf_ip_init() functions were wrapped with a new function, smack_initcall() that is registered with the LSM framework. Signed-off-by: Paul Moore --- security/smack/smack.h | 6 ++++++ security/smack/smack_lsm.c | 16 ++++++++++++++++ security/smack/smack_netfilter.c | 4 +--- security/smack/smackfs.c | 4 +--- 4 files changed, 24 insertions(+), 6 deletions(-) diff --git a/security/smack/smack.h b/security/smack/smack.h index bf6a6ed3946c..709e0d6cd5e1 100644 --- a/security/smack/smack.h +++ b/security/smack/smack.h @@ -275,6 +275,12 @@ struct smk_audit_info { #endif }; +/* + * Initialization + */ +int init_smk_fs(void); +int smack_nf_ip_init(void); + /* * These functions are in smack_access.c */ diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index e09b33fed5f0..80b129a0c92c 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -5277,6 +5277,21 @@ static __init int smack_init(void) return 0; } +static int smack_initcall(void) +{ + int rc, rc_tmp; + + rc_tmp = init_smk_fs(); + if (rc_tmp) + rc = rc_tmp; + + rc_tmp = smack_nf_ip_init(); + if (!rc && rc_tmp) + rc = rc_tmp; + + return rc; +} + /* * Smack requires early initialization in order to label * all processes and objects when they are created. @@ -5286,4 +5301,5 @@ DEFINE_LSM(smack) = { .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE, .blobs = &smack_blob_sizes, .init = smack_init, + .initcall_device = smack_initcall, }; diff --git a/security/smack/smack_netfilter.c b/security/smack/smack_netfilter.c index 8fd747b3653a..17ba578b1308 100644 --- a/security/smack/smack_netfilter.c +++ b/security/smack/smack_netfilter.c @@ -68,7 +68,7 @@ static struct pernet_operations smack_net_ops = { .exit = smack_nf_unregister, }; -static int __init smack_nf_ip_init(void) +int __init smack_nf_ip_init(void) { if (smack_enabled == 0) return 0; @@ -76,5 +76,3 @@ static int __init smack_nf_ip_init(void) printk(KERN_DEBUG "Smack: Registering netfilter hooks\n"); return register_pernet_subsys(&smack_net_ops); } - -__initcall(smack_nf_ip_init); diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c index 90a67e410808..d33dd0368807 100644 --- a/security/smack/smackfs.c +++ b/security/smack/smackfs.c @@ -2980,7 +2980,7 @@ static struct vfsmount *smackfs_mount; * Returns true if we were not chosen on boot or if * we were chosen and filesystem registration succeeded. */ -static int __init init_smk_fs(void) +int __init init_smk_fs(void) { int err; int rc; @@ -3023,5 +3023,3 @@ static int __init init_smk_fs(void) return err; } - -__initcall(init_smk_fs); From patchwork Wed Apr 9 18:50:06 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul Moore X-Patchwork-Id: 14045261 Received: from mail-qv1-f41.google.com (mail-qv1-f41.google.com [209.85.219.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A13D427C851 for ; Wed, 9 Apr 2025 18:53:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.41 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744224832; cv=none; b=acupARbHlB0Qtem5rvjPMYKZoVInLztc78wNxjFZiIuZbbBA/xJWQIFicNHTdrhUk4fEQs7XHoyT/IiaLSas8J5STBGVXeyfzAWW+CB5XcvgVTW9bWpTiaaCcy0CUNv3eBMsXufaTesZaN4YsntYSzP9e0KHFeubeXouB+8AES0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744224832; c=relaxed/simple; bh=ncP3ipv/bV6iSyC9l86b4mFrIDnsVn2iRTu/Di2SXUk=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=P/MpZQrcAd1+65a7mIgHOrkJA9gPxiMp/lRSKOupjlvTDJZwvE0pfufgTAx+ArfSpkT03RHld8VgOJdyY/72nyk7BHYGf9GqP8TOnDh41yI6Qi/nK9O78K8ddBnjlzTxAFD6FpoTaIij1wT5HrYRRWOotxKBl7YhiUT8T23CiH0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com; spf=pass smtp.mailfrom=paul-moore.com; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b=W/LggYET; arc=none smtp.client-ip=209.85.219.41 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b="W/LggYET" Received: by mail-qv1-f41.google.com with SMTP id 6a1803df08f44-6f0ad74483fso60584286d6.1 for ; Wed, 09 Apr 2025 11:53:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore.com; s=google; t=1744224829; x=1744829629; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=5sXS9/0vT6l4p41gXbqSfGFGiz2UswVqMs3yG5LFyNk=; b=W/LggYETnLpTLb0g9Ue+wdRfslprOAjhBy0PNhyciVkcc/uALWRtz5g0h04B5rZFLx YxOEpPJ2bGxIdC5Sn573x7txiQoOtn8AEwsFwiuNYVwsfgsmOBUvPaO0gESZmmG8duMZ 4l+ECvAUg9uWuVzaV3wOMr0rVsVmL/benCYs4E9Ym7YWmh0+g0Nc55vX4pU5Cf0CGpbG yLUJSVJTyuDvyHstM/GSThZiYwW+6bN3U/p/cBzjO6Pbn+YfjDx1YERKjPNZjpAOMHDn 4weI12tTh1AV5ueWM/8KryXOZqh0PpLn2bip5BjQIv1SgbLOp7wI095LHGtP/cPbHkj7 DLEQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744224829; x=1744829629; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=5sXS9/0vT6l4p41gXbqSfGFGiz2UswVqMs3yG5LFyNk=; b=valWmx8n9WP6ZIWnYB4p7sXir8802TWAkzEc4eNPyeSFfq7AyTMt0crRBuwYje8YvU OFnME+JI24Iw219ELR/jcPDNVacA0P3j1MxHn8bFk2ubwb9aK50eQUeByqq4wFB+qTzo w3x1AhpEewjcknphIYo9IvBiBRIdpbs2FvYTChs7rhlB/368LfbqkxZ7JCvfti83a8z0 +3JPzhCyRIbnb4taVFqWIPMaYDz/35Wx17aXcdFZA/yyxCxEa8qyKEn8STCwGRkUn+PG 6l4OGq8YDm5zkuAfEBAPJ4P0Q+z0RNRaKvRKHj3dq7ID2/jGqS4xB2z0Y81fHsu5Jizd NHLA== X-Gm-Message-State: AOJu0YzcAkfVnjySuMqXv7oFatjuvZR7LyT+FFEf+/Hli5r5yU36UKXo Th2wuz46vqCsS02n5hAokecL9Q1dTMDIiq2m+oQwgj/CHwqvKc8WZWSRM9OD7vRYKatb1rhytVk = X-Gm-Gg: ASbGncu3Tc6nJAvvhWQsRVh7V61rKpcZFEY+E/eR3ULj3c5JuHXga54XLVpcISlbkMN d08IAZRCsNaSqnohe1mTH+y+6ocsQG9cauzi4Pu0HXhekDHBuIITqUh5wSG4LefyOnK6BwZsJUL r/A7VY+qQ2RV4poQ2TUPEdgjpRGc3MWOF0VjwrJ7NM+QsGMASTlw0mzZoncBj18licl1/pX/Fzs l1/wG8YQAFIJ+X9OFROuFZJg33ntGbncDqsDXI7/Djj9AvNUd8DDQByhT3duZpWmqeWzoudw0sm VfRglw3ndqadScMjDS7NsxpZh2nhzReTV+4QypMYc+LpwMaINie4fRpvU+d8DbJ6cG2AIzVsMXN NpHmRl97oWcYL0FkEQhgi X-Google-Smtp-Source: AGHT+IGikOQWcj33KIm5rOskseWH/Yr6wXc7U+ofTbx3SIVskx7NHnm6yUKGbKIPuI6qNIrMd7NHZA== X-Received: by 2002:a05:6214:d8d:b0:6e8:f166:b19e with SMTP id 6a1803df08f44-6f0e5a7764fmr726926d6.17.1744224829253; Wed, 09 Apr 2025 11:53:49 -0700 (PDT) Received: from localhost (pool-71-126-255-178.bstnma.fios.verizon.net. [71.126.255.178]) by smtp.gmail.com with UTF8SMTPSA id 6a1803df08f44-6f0de95f8besm10578896d6.10.2025.04.09.11.53.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Apr 2025 11:53:48 -0700 (PDT) From: Paul Moore To: linux-security-module@vger.kernel.org, linux-integrity@vger.kernel.org, selinux@vger.kernel.org Cc: John Johansen , Mimi Zohar , Roberto Sassu , Fan Wu , =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , =?utf-8?q?G=C3=BCnt?= =?utf-8?q?her_Noack?= , Kees Cook , Micah Morton , Casey Schaufler , Tetsuo Handa Subject: [RFC PATCH 21/29] tomoyo: move initcalls to the LSM framework Date: Wed, 9 Apr 2025 14:50:06 -0400 Message-ID: <20250409185019.238841-52-paul@paul-moore.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20250409185019.238841-31-paul@paul-moore.com> References: <20250409185019.238841-31-paul@paul-moore.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1727; i=paul@paul-moore.com; h=from:subject; bh=ncP3ipv/bV6iSyC9l86b4mFrIDnsVn2iRTu/Di2SXUk=; b=owEBbQKS/ZANAwAIAeog8tqXN4lzAcsmYgBn9sHoju/juiH/zVZi9WwQKm+CMvHYUamYCfM6H 9mASMylxUOJAjMEAAEIAB0WIQRLQqjPB/KZ1VSXfu/qIPLalzeJcwUCZ/bB6AAKCRDqIPLalzeJ c/WbEADf0j6M1iz4BcrNyNfco3AIMMOUeG94gDrwdaYGx0kQ26rRMWRKjyseQ6+Kn6ZAJzATNzT SHBx+ON6VTqMHm8cVtMET2Es0dOVG8ZBf7NF2e4WPP5KfROq7OI7YGMzZLBhHP/UOilArfMT5Iy GqMpA8Hx1LEoC2rxvxtZqVcLMuiBWW7jn4ta/L/0+W25JAmhHY4+G+HFXOFOuCDxPy/4Ru2X33F oMA0GQQVsTWKRIZSBRZZNHrLGWNYHoSGYRNygbf25G3AbE3pvr+Kg4mmtdi61IXtFriUEIMVzHB V57rkGShdnV88dG3FM2farEGXWwkB0hsTLDkWxmH8PL0KyRqvKEYM81U/dpg/Od0qW1IdD+hUy6 oPiRuvdBounRwNQTK0GCGvbY+Ub49xOvgI09tg9Dw8sDFlNdT7kfV9DjIYPsDKYBkMxuhFDTI0Z +vFa0rb3awovFPra5a9LA2EViyasxmzDUP+C1ukFdc3MhmPPFNuc4dsb9QqsbujhNzhpMrGj1TH WHOawO5bhZ5mtdPKoNQgB5yf2GLZcwHH9YPhMlNINkFcNnyTTjjEBF8P774dYasB9ReTykiyZ5Y 42Cb7gikVJg8rbZF5aWuyOgsSvLtnrFG1zeg+c3TnwQ7diJx8j+mXG5ZN5zqBaJiLphX4tNu/dV bvkltXm/UQgAU4A== X-Developer-Key: i=paul@paul-moore.com; a=openpgp; fpr=7100AADFAE6E6E940D2E0AD655E45A5AE8CA7C8A Signed-off-by: Paul Moore Reviewed-by: Kees Cook --- security/tomoyo/common.h | 2 ++ security/tomoyo/securityfs_if.c | 4 +--- security/tomoyo/tomoyo.c | 1 + 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h index 0e8e2e959aef..3b2a97d10a5d 100644 --- a/security/tomoyo/common.h +++ b/security/tomoyo/common.h @@ -924,6 +924,8 @@ struct tomoyo_task { /********** Function prototypes. **********/ +int tomoyo_interface_init(void); + bool tomoyo_address_matches_group(const bool is_ipv6, const __be32 *address, const struct tomoyo_group *group); bool tomoyo_compare_number_union(const unsigned long value, diff --git a/security/tomoyo/securityfs_if.c b/security/tomoyo/securityfs_if.c index 7e69747b2f77..33933645f5b9 100644 --- a/security/tomoyo/securityfs_if.c +++ b/security/tomoyo/securityfs_if.c @@ -233,7 +233,7 @@ static void __init tomoyo_create_entry(const char *name, const umode_t mode, * * Returns 0. */ -static int __init tomoyo_interface_init(void) +int __init tomoyo_interface_init(void) { struct tomoyo_domain_info *domain; struct dentry *tomoyo_dir; @@ -269,5 +269,3 @@ static int __init tomoyo_interface_init(void) tomoyo_load_builtin_policy(); return 0; } - -fs_initcall(tomoyo_interface_init); diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index ed0f7b052a85..a015cf0c4a00 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c @@ -617,4 +617,5 @@ DEFINE_LSM(tomoyo) = { .flags = LSM_FLAG_LEGACY_MAJOR, .blobs = &tomoyo_blob_sizes, .init = tomoyo_init, + .initcall_fs = tomoyo_interface_init, }; From patchwork Wed Apr 9 18:50:07 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul Moore X-Patchwork-Id: 14045263 Received: from mail-qv1-f52.google.com (mail-qv1-f52.google.com [209.85.219.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8ABB527C179 for ; Wed, 9 Apr 2025 18:53:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.52 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744224833; cv=none; b=GgVMmrSA9Uetafamcd7ciBZyP4Igei8moAwfvoCi8g091VVHY9y/P6pit6W7D1IBSyizDwdavsswK6dQ1+uRHk/yDEH4HZHSHduQdhunvOkf65R08r9Y9e3ebgF1I6usIC8xsAqs6diRUqjF1wtjlGKX8fXz3xS1+3KzkybXih4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744224833; c=relaxed/simple; bh=ApRTJHP3nnJAjZEel9K+GvPb3rr0j6am0sMw9Kt41Lc=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=jQV69jRm1dDGJh3CZNw7vyKl6wQ0/pGeHmzycnjnWmmUgtRgLHRSSPh/qMOmREc72S2HSVXABb+ZhCIVjtvDYYX+FF9sOVWZ0R3qH/lpneZMu82gs4FdnybL7IgJNlNn5M69rtdQg5Qv+m57Z7FA8fCkT6r3SjNvzIF+ICEYhBo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com; spf=pass smtp.mailfrom=paul-moore.com; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b=cIRRjgji; arc=none smtp.client-ip=209.85.219.52 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b="cIRRjgji" Received: by mail-qv1-f52.google.com with SMTP id 6a1803df08f44-6f0c30a1ca3so43737886d6.1 for ; Wed, 09 Apr 2025 11:53:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore.com; s=google; t=1744224830; x=1744829630; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=cb1UzoeDrUAtaptT6ufvlujinhVhnpVPzpxEo5c3TZ8=; b=cIRRjgjibheY29FpaOu9VaryaTgZBwWNlL35FPxNJjp4rUmjQSjDDOt1vwVGvvnskJ j05AZV2KecODG47U0u2xRe8znYK5vK9Ye6ByZJV/vweyqnkRiEeqhwJiEMNfVtr+YTND VBtFhNQgbuvvAbzLlGaTtBX9XFNi8G2UNjJ58BrDc5ajj/idLRwygWsw/0nSu3LybiuK FsQivAWL+m5bt24cURTDopz+EY6N/WeYP+HgS4MjoNwtIdTy0NU+E7e/Z+IZYDiYMiRM neSX9wl/uC/i1+LAYd4qECVhzmxL4EK4LLvidqLuGTVjrYgtOt9uFuE9AHAVmdqvFMgc 1EBg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744224830; x=1744829630; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=cb1UzoeDrUAtaptT6ufvlujinhVhnpVPzpxEo5c3TZ8=; b=DbuY7fuTGOTdmO77O3qHB0TyLwuJcqSaBOb2CiPcBkNEQ9GeFxsicgYT3LQku4UzaU 70OmsRQqpFW9WFWypOMUb3q2wUML0WMfkmtJ5nYnSNFtXgjT04a1ll5h5AqMEfBh4eVq eBRx5RA13f50G1t7kTde7SBgknI2talE0CKMGooJGbVfQv5gaqwGHhcHueiRRNNRMRLh zLrGT4Eed8kbdrNwIO90qXdyOKEabzf43DIaxtLqmo47pNQFsw7oddEeJ59br5+sXLce o/k8Cma8qoGmc3vXacNPfwI2LTkxQi9dkJKmEjnEnHzgPGCnDqGoU2E2Hdw1lpq24/MO OAUg== X-Gm-Message-State: AOJu0YwA4dDHLJ5Y0Pcsslm3wR8XEtiZhCqC5KIE3aymVI5H44jXBBlY 8gTopUQYKl3iEx3tiqsLY1x54LmYP/B5DHkfF8AeN24dXXHEAqMp6eupzOcHKJeOhmULv8yzJsc = X-Gm-Gg: ASbGncshqU4I98zWMdlPT8as3DIqua/so5PN0bvBVZmDkscmAHw8irMfN3K7La580+D vrXbod4T0AWyx7xEklGVgh2KQpUAvWq5d+YCgWMQL+vzpyYiqonZ0tlUBBNwF+1zRk9dLF4eflZ 7LZikQwVdZBGJln9rqlS9U7fdxHv5Ry7PpvaW9pZPcxDCkWn7jUmSWvmhprv+HzsFzfhTMrWcY8 0dmgKwNw8HLrXHrSZi5mbE/I/Aj8MG5vP5OQG1Oy+IzwmvwDLeuBdtfK70ZQPA3rUiic9hcD4qV HG4xaq1HsevsG0hfjxtRQpcapmGHYEsCWQpszFo/Rmmn3MoqkKvmKSAwOKkTAXS74QW7uI8Wqm0 mBZhcX1o0mQ== X-Google-Smtp-Source: AGHT+IHWJwxR8jMogD/fSGoa/CWBNTRcOeWbfqXUPgXrQmIL/bl6N7pnAKKxRzFmTst3onulpE5kfg== X-Received: by 2002:a05:6214:23c8:b0:6e8:feae:929c with SMTP id 6a1803df08f44-6f0e5ac27f0mr566686d6.21.1744224830161; Wed, 09 Apr 2025 11:53:50 -0700 (PDT) Received: from localhost (pool-71-126-255-178.bstnma.fios.verizon.net. [71.126.255.178]) by smtp.gmail.com with UTF8SMTPSA id 6a1803df08f44-6f0dea2186csm10444416d6.123.2025.04.09.11.53.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Apr 2025 11:53:49 -0700 (PDT) From: Paul Moore To: linux-security-module@vger.kernel.org, linux-integrity@vger.kernel.org, selinux@vger.kernel.org Cc: John Johansen , Mimi Zohar , Roberto Sassu , Fan Wu , =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , =?utf-8?q?G=C3=BCnt?= =?utf-8?q?her_Noack?= , Kees Cook , Micah Morton , Casey Schaufler , Tetsuo Handa Subject: [RFC PATCH 22/29] safesetid: move initcalls to the LSM framework Date: Wed, 9 Apr 2025 14:50:07 -0400 Message-ID: <20250409185019.238841-53-paul@paul-moore.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20250409185019.238841-31-paul@paul-moore.com> References: <20250409185019.238841-31-paul@paul-moore.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1734; i=paul@paul-moore.com; h=from:subject; bh=ApRTJHP3nnJAjZEel9K+GvPb3rr0j6am0sMw9Kt41Lc=; b=owEBbQKS/ZANAwAIAeog8tqXN4lzAcsmYgBn9sHuO8qs0Kplr4XEiQFOq7N91C8f9aD/G+zla 4l9lgn41KCJAjMEAAEIAB0WIQRLQqjPB/KZ1VSXfu/qIPLalzeJcwUCZ/bB7gAKCRDqIPLalzeJ c3nOEACSTIJJdI2vHKuXlfwTlrsp93s4wVYXXPlNAcPLJiwpjg06/tph4qDy7SOWy0uxU47VSgj IacsIdwLSgxIAEiGmQrpkv8Xx8sNW2goL165LYw3hELx7qJIDxxjIIPnOuyM87MkgGofowjc64S ji7U3XQkRPJVB2MvfXGuV7OmfikzEjTT+2RaE9sgZ6C4be68ZqPCdUxi7RWkB5fkpaRDHsZG5vF RZRt5+/Mo+51wxYOEFMzYFF9gtSIrrqfesq4XkrNa3yq4CeG3J+aBOPzWZInu4o9xTuxDlpoJVu +YK95xEtAkatBf7VulmWyXg90Yda+F6MW0QCAkm36YuntiDZbrWD4mClhiRRZ1NAIuoo4tHrsfd gnEnh+T4hz12WVuslbiBY97cna2Su2Q4301XdLDrrtgiVk6mT0LqL7DxgtsuV1HHORVUxLU019r 95KDD1p6RMky/N4fZ6acI9JqkF1fi2nYuQ9vS8tRsiJfeBhHx0ZzU8zLFP0BDdySyjU1O0PvTq7 hBbaVCsK2GqumhsV9H8WNJzuus4yfMiCtUGOJbDp+2QV6qdUisUGylT81fSDaM3VwjukDXQRbPh 7a2Zmrp4wRbHP2A7sMCiBVku/zEGb56TtgkkqIRnRJ1qbyiJ0/z0f+7mQni7plWfCFZ+mMxzT5I vSGGHZkITDiC75A== X-Developer-Key: i=paul@paul-moore.com; a=openpgp; fpr=7100AADFAE6E6E940D2E0AD655E45A5AE8CA7C8A Signed-off-by: Paul Moore Reviewed-by: Kees Cook Acked-by: Micah Morton --- security/safesetid/lsm.c | 1 + security/safesetid/lsm.h | 2 ++ security/safesetid/securityfs.c | 3 +-- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/security/safesetid/lsm.c b/security/safesetid/lsm.c index 9a7c68d4e642..d5fb949050dd 100644 --- a/security/safesetid/lsm.c +++ b/security/safesetid/lsm.c @@ -289,4 +289,5 @@ static int __init safesetid_security_init(void) DEFINE_LSM(safesetid_security_init) = { .id = &safesetid_lsmid, .init = safesetid_security_init, + .initcall_fs = safesetid_init_securityfs, }; diff --git a/security/safesetid/lsm.h b/security/safesetid/lsm.h index d346f4849cea..bf5172e2c3f7 100644 --- a/security/safesetid/lsm.h +++ b/security/safesetid/lsm.h @@ -70,4 +70,6 @@ enum sid_policy_type _setid_policy_lookup(struct setid_ruleset *policy, extern struct setid_ruleset __rcu *safesetid_setuid_rules; extern struct setid_ruleset __rcu *safesetid_setgid_rules; +int safesetid_init_securityfs(void); + #endif /* _SAFESETID_H */ diff --git a/security/safesetid/securityfs.c b/security/safesetid/securityfs.c index 8e1ffd70b18a..ece259f75b0d 100644 --- a/security/safesetid/securityfs.c +++ b/security/safesetid/securityfs.c @@ -308,7 +308,7 @@ static const struct file_operations safesetid_gid_file_fops = { .write = safesetid_gid_file_write, }; -static int __init safesetid_init_securityfs(void) +int __init safesetid_init_securityfs(void) { int ret; struct dentry *policy_dir; @@ -345,4 +345,3 @@ static int __init safesetid_init_securityfs(void) securityfs_remove(policy_dir); return ret; } -fs_initcall(safesetid_init_securityfs); From patchwork Wed Apr 9 18:50:08 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul Moore X-Patchwork-Id: 14045264 Received: from mail-qv1-f41.google.com (mail-qv1-f41.google.com [209.85.219.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 40833279359 for ; Wed, 9 Apr 2025 18:53:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.41 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744224834; cv=none; b=iW/ROZeAyh3l3YexFE7ENzX4yF9ZW4Pp/JOgbBs20B/O+UqVJWWhb4N2t3OiCRbFSHzxnau7ADP5DJVXEhwnM5G9Tmv12foc8KcFSuSk+oRYNkfe6zZ4hmG53/thIosoBf33Hkeksexi1hzHPHlEz2f6dcIATi2kAoU4wBNNZ/E= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744224834; c=relaxed/simple; bh=o9kemQg2ZrcZ++q3g/lVrPZOr+jvZkLZMu//o1GFu5E=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=O35YIe3FGl/7pmZTVEC4AsyTK9LjDW/Zyi7rxEgKbzPXbwVhNd5eeM8zRHbSdIni8t4dIG8zGNTRB1Nlc3ZRVf2KuuA46VJ1klcDnC8AeDvCCOc+j9pqPVOBGQY50ou3Zrni0Ifbb+e7Xu4pGKMIqkx3Y6m4vP8nlJc8CPjozMQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com; spf=pass smtp.mailfrom=paul-moore.com; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b=G1a+k6Ja; arc=none smtp.client-ip=209.85.219.41 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b="G1a+k6Ja" Received: by mail-qv1-f41.google.com with SMTP id 6a1803df08f44-6ecfbf1c7cbso119531866d6.2 for ; Wed, 09 Apr 2025 11:53:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore.com; s=google; t=1744224831; x=1744829631; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=5gq/nNyMiHZBvGSIX/mJ97n45zcpCP+F85FIHz03xjw=; b=G1a+k6JaaqG9O0j7MNju4IWQkRpQge5FRvBIOxORQbie3BR+GcRSPa8cvmVozw8MYT logS59QCLl8mGho7JFEmV31PGLoCr8hAgN2RiCAftrY455ikmDh2+OiBjiiZzwawASHw Y4U5sc5eKvNvB9Rj2K2bu5knqfbqZBHgPBcfySMm/qWMZjk2ocAezyAXBASSKFwR77EI Nj6p/3kjvB3koAlqWLAYTk5Kz41QjjPRM6aGWS+ejYNj+o+UED9U6A6pIpx8hFtLbvc+ 12iij14bqAuexP6Q1UZckbYrMXyvI2JQF8XqXv2fJVusAZWOAqsag/exp4MD9NKD9N3f Ntgg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744224831; x=1744829631; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=5gq/nNyMiHZBvGSIX/mJ97n45zcpCP+F85FIHz03xjw=; b=ZYnN5uUiPEK6GS9dnSYBqo0TZUAq1WxJnhQU3mNx7+97qJ3anj5ADa2ybFcucJRM05 naK4ER5vcBwQajrf/DCUZb/YjaEUgt9I8nSYzSj9oVIK/BMWf+4+NvWPD6IsRYbHFtfW EwcvSAFP/ObwAhwoKv/ERDlscB53l/Skfyk2pXY4SH+MKMmnNrKqfe43ks9KI8VNi2ZH 8q7KdGVOuuyiPqgYiUnqGWMb4yInygsH+/9GRc/79j5A5MiaUfWIgVSkfUnRQB239Mte wWt3n0k7VkygqsQ5yMvdB8JU5GaTD8an8WEpcqa6D01vMaxKGsK5uk5J11pxsnjflCc0 Pimg== X-Gm-Message-State: AOJu0YwoCum722BzXvDisuBRhOx75Cl3fm3EIO3OV3bfqy0oxujnkdnl lSgmf/nneFg25gctWJEOFTIu1IFEOMaBung15YHlfiIiZQHCjM8Ifdfht2XCRAefW8FC79MwqYk = X-Gm-Gg: ASbGncsNebNq1nAVOEU1cwOvNKR0ZPtLk7n8TSjDP5DsKfIW/DgMfpYvKRvZPb14Nhe TANr6KWvISSJk5U/V2VMKrBMJ4v7XLckI7HhEOWbEAikG5E429q0Rmqmzuhwbqy5PdOV07+KTr5 TMuQZoY9M70VDlwI51bQfY0EbOldcFxDVlsHWJimXwIhCDOcf0NM4uQv+KrWvR2QPHL8VxI17nV sI8onbwD4z5EoXY1aL6IbEp8wfM4J0L7FCmMJDSrKT+ZTFuxuz7+ZYyavk9VMch86r9IZTF3mmW 4Z30NFCWlCVwXxvS/b+mGYseUL0NedhA1UcPS94SWj08ZEZdte+Sm8jShei5Jjow33Su14rWNCv fnHwR4fzvqQ== X-Google-Smtp-Source: AGHT+IERc47YhNjd68qKisl3YeXLOV6qZiNUCE9Ko7pcD1uZwQwJOKkg6wSZglwrVrKmilNNAGJuzA== X-Received: by 2002:a05:6214:500e:b0:6e8:f99c:7939 with SMTP id 6a1803df08f44-6f0e5c4f53cmr364166d6.44.1744224831065; Wed, 09 Apr 2025 11:53:51 -0700 (PDT) Received: from localhost (pool-71-126-255-178.bstnma.fios.verizon.net. [71.126.255.178]) by smtp.gmail.com with UTF8SMTPSA id 6a1803df08f44-6f0dea07f3esm10479066d6.76.2025.04.09.11.53.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Apr 2025 11:53:50 -0700 (PDT) From: Paul Moore To: linux-security-module@vger.kernel.org, linux-integrity@vger.kernel.org, selinux@vger.kernel.org Cc: John Johansen , Mimi Zohar , Roberto Sassu , Fan Wu , =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , =?utf-8?q?G=C3=BCnt?= =?utf-8?q?her_Noack?= , Kees Cook , Micah Morton , Casey Schaufler , Tetsuo Handa Subject: [RFC PATCH 23/29] apparmor: move initcalls to the LSM framework Date: Wed, 9 Apr 2025 14:50:08 -0400 Message-ID: <20250409185019.238841-54-paul@paul-moore.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20250409185019.238841-31-paul@paul-moore.com> References: <20250409185019.238841-31-paul@paul-moore.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=3522; i=paul@paul-moore.com; h=from:subject; bh=o9kemQg2ZrcZ++q3g/lVrPZOr+jvZkLZMu//o1GFu5E=; b=owEBbQKS/ZANAwAIAeog8tqXN4lzAcsmYgBn9sH03vin1FJAZpmk4yWHgdyKl0i3IYbWfCCjq 30OtauprY6JAjMEAAEIAB0WIQRLQqjPB/KZ1VSXfu/qIPLalzeJcwUCZ/bB9AAKCRDqIPLalzeJ c+14EADA1cR6Q/zr76e0c/96sV2AcfOQEoH+DEP8AgzvuEqodGyhZtP3555kNnu9iHrpw5NYGRg CMTnHuOIN3ILgP+KoUhfdQnmOFEUcORJFTPnL7+YT0dH4fWXTgFedGOEiq3+Yv/iP5VHvIVBg4p O3aU9hAmQQLFJ3PhnUNVAkGx3i9hmJ/OmTi68+pju7OF2FXL2/JPNNCXmF+nBI+vAkR7drGn/qk OyXutUnOOtDAuGWxbwm17tJFcuVJ9RWsg9lVN2ugqf94q0v9422QgcJNwJYHkE8SnRibL3pdu6h zuOVJ9kHtgZiw81K2QNTuimaojrHWOmGdC56kU3HDmlWRlGSfPM7Q3GkcWorxeZ7Ol5GfI9uBGX l+L2YaeiFFGE0xrcrq7WvWlkrdYn9HdQnyc8bz6kDp0sKpQ/yMR9YsRvIr8wflgxde2pVWaI3/d dZhFyJ3Ny917pu1YnaKetFstt4+U+UlXH70UWyh87hWi8WPuou2nvqnyUN+maRbpZGj/NqYpuyk wJraLkumWEPBr4bse8xkNevdWY6toA124oQG2RXhOAsYU3d+8of3MLOLnozBb+uPUf4MyvinH6n +ewpOjJy2fCl5YjuK9skj9ndgZUX4mf0DYXZGpfVONzlm71JL6qepc0+IHzXXcZZY6AldT9BCV5 IigqMnvdQqIAmWQ== X-Developer-Key: i=paul@paul-moore.com; a=openpgp; fpr=7100AADFAE6E6E940D2E0AD655E45A5AE8CA7C8A Signed-off-by: Paul Moore Reviewed-by: Kees Cook --- security/apparmor/apparmorfs.c | 4 +--- security/apparmor/crypto.c | 4 +--- security/apparmor/include/apparmorfs.h | 2 ++ security/apparmor/include/crypto.h | 1 + security/apparmor/lsm.c | 9 ++++++++- 5 files changed, 13 insertions(+), 7 deletions(-) diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c index 6039afae4bfc..0a7550a5bceb 100644 --- a/security/apparmor/apparmorfs.c +++ b/security/apparmor/apparmorfs.c @@ -2632,7 +2632,7 @@ static const struct inode_operations policy_link_iops = { * * Returns: error on failure */ -static int __init aa_create_aafs(void) +int __init aa_create_aafs(void) { struct dentry *dent; int error; @@ -2711,5 +2711,3 @@ static int __init aa_create_aafs(void) AA_ERROR("Error creating AppArmor securityfs\n"); return error; } - -fs_initcall(aa_create_aafs); diff --git a/security/apparmor/crypto.c b/security/apparmor/crypto.c index aad486b2fca6..e4395c1bfac5 100644 --- a/security/apparmor/crypto.c +++ b/security/apparmor/crypto.c @@ -99,7 +99,7 @@ int aa_calc_profile_hash(struct aa_profile *profile, u32 version, void *start, return error; } -static int __init init_profile_hash(void) +int __init init_profile_hash(void) { struct crypto_shash *tfm; @@ -119,5 +119,3 @@ static int __init init_profile_hash(void) return 0; } - -late_initcall(init_profile_hash); diff --git a/security/apparmor/include/apparmorfs.h b/security/apparmor/include/apparmorfs.h index 1e94904f68d9..dd580594dfb7 100644 --- a/security/apparmor/include/apparmorfs.h +++ b/security/apparmor/include/apparmorfs.h @@ -104,6 +104,8 @@ enum aafs_prof_type { #define prof_dir(X) ((X)->dents[AAFS_PROF_DIR]) #define prof_child_dir(X) ((X)->dents[AAFS_PROF_PROFS]) +int aa_create_aafs(void); + void __aa_bump_ns_revision(struct aa_ns *ns); void __aafs_profile_rmdir(struct aa_profile *profile); void __aafs_profile_migrate_dents(struct aa_profile *old, diff --git a/security/apparmor/include/crypto.h b/security/apparmor/include/crypto.h index 636a04e20d91..f3ffd388cc58 100644 --- a/security/apparmor/include/crypto.h +++ b/security/apparmor/include/crypto.h @@ -13,6 +13,7 @@ #include "policy.h" #ifdef CONFIG_SECURITY_APPARMOR_HASH +int init_profile_hash(void); unsigned int aa_hash_size(void); char *aa_calc_hash(void *data, size_t len); int aa_calc_profile_hash(struct aa_profile *profile, u32 version, void *start, diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index a7f6a3274682..2fefaab6349f 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -31,6 +31,7 @@ #include "include/audit.h" #include "include/capability.h" #include "include/cred.h" +#include "include/crypto.h" #include "include/file.h" #include "include/ipc.h" #include "include/net.h" @@ -2146,7 +2147,6 @@ static int __init apparmor_nf_ip_init(void) return 0; } -__initcall(apparmor_nf_ip_init); #endif static char nulldfa_src[] = { @@ -2277,4 +2277,11 @@ DEFINE_LSM(apparmor) = { .enabled = &apparmor_enabled, .blobs = &apparmor_blob_sizes, .init = apparmor_init, + .initcall_fs = aa_create_aafs, +#if defined(CONFIG_NETFILTER) && defined(CONFIG_NETWORK_SECMARK) + .initcall_device = apparmor_nf_ip_init, +#endif +#ifdef CONFIG_SECURITY_APPARMOR_HASH + .initcall_late = init_profile_hash, +#endif }; From patchwork Wed Apr 9 18:50:09 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul Moore X-Patchwork-Id: 14045265 Received: from mail-qk1-f177.google.com (mail-qk1-f177.google.com [209.85.222.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 453172777F3 for ; Wed, 9 Apr 2025 18:53:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.222.177 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744224834; cv=none; b=c1Bl1XX99w0t/fxOZLNKthOGvUwPOTGKfgpHWGR0SaseTA7GUKkpe8+F+r4xaBXYYicULwTyKqOX4VHiIpHdJgwa57CWf8ceJVIwEJY07QoO6Aa22fu8jrWZ4lBP57IcT1XYTXRo89M7dfLuFntECvHRaMKgmpp3YnI93QW8xrw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744224834; c=relaxed/simple; bh=MkPoYwIG4TinjPfNk0EXrsRLK59ADeRUmFIT97JZOE0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=s9vRqATdw+yXQ2xVLZ7G67OO7TsFk2OcJZCjz235B2E3EHcM6ZdEI1YGjOwy+awxgykv+cwv2TH++U73oGIRhnummp4Pt3t0zYoXxEUDZWyz89piO93buY5ihO4FWlgTKIKimVpZWG9ZezFLMRN/uXYdugn5QhZAfIMgDBXmI/w= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com; spf=pass smtp.mailfrom=paul-moore.com; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b=B4B8KgAN; arc=none smtp.client-ip=209.85.222.177 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b="B4B8KgAN" Received: by mail-qk1-f177.google.com with SMTP id af79cd13be357-7c56a3def84so4181985a.0 for ; Wed, 09 Apr 2025 11:53:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore.com; s=google; t=1744224832; x=1744829632; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=MpBxHpsE71g/suNoRLUwEmP3N3oQiPkN9k6/6tTBThM=; b=B4B8KgANTO2yMHa4TLnCd7wW9aprQd1uLNDJqAGyqZttnLaxWL9lv7pxK/OfibSkpF 2IZAosKKF44VVLw3o+Ue9afWSUy2g9LDKaa3JyOCsRsY92f6S8bFjcuT0VYbiajqzb+d HYkaYUx/gX4kzY6Yr5uQTcepv0zlFp7aJ9rIQVKlIIjhBkmUa6Qp2dZJ8HlzYX7ZMJpu xqM1gXbaW/BMqE4Yw1Cvi66D4kvr5PBHE/rhsZi5AaWUsaiT36wjy1xV+rTdFJMkI9C3 QQUl+hK3d3wHEwORezgDTZp3MA7mrBarFVXwv6P0FlojDv1DOj/+h+ji6wdZg2zTkMuu uHhQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744224832; x=1744829632; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=MpBxHpsE71g/suNoRLUwEmP3N3oQiPkN9k6/6tTBThM=; b=YQSylPGte34ztojLr6bBC4n2ML+DO7/6oN9P4lASjZ/PFf3oYe4kKEQUcSdTs3faxZ xKklBoEoRCyzC7NZJdBczwVMy3FDvShIy22YsjePkNNqlnfo5f39kCoyidF6EU7KJ5T7 28beZUvKZM4ZHhMdik6v6Xa9a9bKsTmka9iAIadPVHWW2G/in/4xGuFquzvs7x3Ooz+A kBMnnCt9By5gZx10HCX/PbQFb6ARDCmlIETpcVr+HyOCgya368rBYRbhW/An2vuG7E9C l1+xN5r+JaH1ElWgQGwqCGLG4nJcanCJ8KMIa6/zU0r3TFcMktUicX3hEtLA/WZy9cdV TmBg== X-Gm-Message-State: AOJu0YwEvnKtumOVSKeuT/v0Yd4oBVA3MX9m0aXdZmIsEEe+hTler4cj sxwfuxGXQMU8bQrzci3LVocyqiJ64kEZGiiSpipEgBNFllI0fgtGILlzZCu6sGx7+tG3TyN4vv0 = X-Gm-Gg: ASbGncvxyQSPgN3WaGXGINN8HcDmM/BOAQ+Ea4pdCALwtCje/AQHsRAX1c/IF9q/f+B GakeW0gT8CsMRWv45jDoTFWDp9U6SgUYbZoI0DyPMjoeLMxdEgeaZIaBYL5UA4oVlbsOvKjx3rE erRVAlt9pcCt9L0NHZni76ECBe8oFOy1l93hBsl1ud8x57nFCfSmJzbG9rwUUA2ZfnL2Mvbtc4t PrdrcQjmZBfIe3KCIEC+ckFbGUdh6iy7VBCZqj+F0kDx3ijxyUFMcyj6faJYefC2LQVzqGt49hk 3NJv7vCDt4PJ2K0QTLiMHfTTK1w3Hlbk5IhBiLi4crrmnzYJpOO/KuKLNwEFq+ynqUzVWDr5jVJ WN3sbCEkJ+g== X-Google-Smtp-Source: AGHT+IGKjEcW8b/8GPzhZUHT1zNIKNgDIj/v7fuhXJr44NKDkgr4AuVO0W+EG6FcVrakZVdFk11qZA== X-Received: by 2002:ac8:5844:0:b0:476:80ce:a61f with SMTP id d75a77b69052e-4795f3598ffmr68385611cf.39.1744224832022; Wed, 09 Apr 2025 11:53:52 -0700 (PDT) Received: from localhost (pool-71-126-255-178.bstnma.fios.verizon.net. [71.126.255.178]) by smtp.gmail.com with UTF8SMTPSA id d75a77b69052e-47964da3c4asm10539011cf.21.2025.04.09.11.53.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Apr 2025 11:53:51 -0700 (PDT) From: Paul Moore To: linux-security-module@vger.kernel.org, linux-integrity@vger.kernel.org, selinux@vger.kernel.org Cc: John Johansen , Mimi Zohar , Roberto Sassu , Fan Wu , =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , =?utf-8?q?G=C3=BCnt?= =?utf-8?q?her_Noack?= , Kees Cook , Micah Morton , Casey Schaufler , Tetsuo Handa Subject: [RFC PATCH 24/29] lockdown: move initcalls to the LSM framework Date: Wed, 9 Apr 2025 14:50:09 -0400 Message-ID: <20250409185019.238841-55-paul@paul-moore.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20250409185019.238841-31-paul@paul-moore.com> References: <20250409185019.238841-31-paul@paul-moore.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=734; i=paul@paul-moore.com; h=from:subject; bh=MkPoYwIG4TinjPfNk0EXrsRLK59ADeRUmFIT97JZOE0=; b=owEBbQKS/ZANAwAIAeog8tqXN4lzAcsmYgBn9sH7zz2TyyNFtvO3UgRZnEV312ilpaAUNyWAI hQx5NGZYJCJAjMEAAEIAB0WIQRLQqjPB/KZ1VSXfu/qIPLalzeJcwUCZ/bB+wAKCRDqIPLalzeJ cwNwEACfZo0wxnpfxkfjEszjRYFP9SCK/ie6gsYwcnTay9PKHXK8dv/Z4Hkt3MEWRmw3yIhWk2x 7bhGuKKRKWE4yrAbvkiEtFiApt10TVNU8JbiwrAJ6tVn2P47KPw0xGf70X5FLCvTKepz/k6+n9h D9jcyIOM5XE5nOUB6ojFqnLxOH/6C1QbrYBsg9238A1T1MVqk438tnlXYt1vQ5shxMM5nMYRGjQ yLAFBk9r5KP6f81vUEOVBA9gi2FgAYt1tWfUxWlOdUmTb7b0zAH/FL5K3Hga5NWgt2L/sr8D4Yb jBSh0HFxlXRGUe+ImUxEmqjZAREIwIP6KZuN4Q1hItmkTijpeY30koe3NF+o3f1+M/NvlC/I6xw alM7u43vHu5uP+1ehpTTS4VkdeDfv2a5Z86Mk/fZ7c0k+gDkaDBIuFEpnDuIGKxeoRZkIUut7zH kNg1TRNxeU4HxyJ9kSvhuX+VzgunlavA7XD6KFeQA3rrscdJPiLTQPT+NKxCKxrJ+7MxO5WKkCM ovXoKMxLPvHVbTbBYiPkhmOUEOsBcCQie+JGS6MTZSQlgyqAH3/l9O/s19FdSZO4OeAHQyGZb0U rt9tBhntZiEZ4EzbFllxU1uO+BhsfCtmhPWzQpWqYdAeSXS94BWyheG32ouvcy9XiUH1co/8qVn uNrcYeQ+acXJCew== X-Developer-Key: i=paul@paul-moore.com; a=openpgp; fpr=7100AADFAE6E6E940D2E0AD655E45A5AE8CA7C8A Signed-off-by: Paul Moore Reviewed-by: Kees Cook --- security/lockdown/lockdown.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/security/lockdown/lockdown.c b/security/lockdown/lockdown.c index 4813f168ff93..8d46886d2cca 100644 --- a/security/lockdown/lockdown.c +++ b/security/lockdown/lockdown.c @@ -161,8 +161,6 @@ static int __init lockdown_secfs_init(void) return PTR_ERR_OR_ZERO(dentry); } -core_initcall(lockdown_secfs_init); - #ifdef CONFIG_SECURITY_LOCKDOWN_LSM_EARLY DEFINE_EARLY_LSM(lockdown) = { #else @@ -170,4 +168,5 @@ DEFINE_LSM(lockdown) = { #endif .id = &lockdown_lsmid, .init = lockdown_lsm_init, + .initcall_core = lockdown_secfs_init, }; From patchwork Wed Apr 9 18:50:10 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul Moore X-Patchwork-Id: 14045267 Received: from mail-qt1-f179.google.com (mail-qt1-f179.google.com [209.85.160.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 98C7627C17F for ; Wed, 9 Apr 2025 18:53:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.160.179 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744224837; cv=none; b=haMgkRoMMwjTpp3Snd1TCTFTwa81vFCA8bKSvb0JwFY11CQYdgUGr+oaW2VA4FcNkFS9T7ox0EPuYUaxzszSL3HG49q4ouhSzpKZVYrYfOcSExmWBvCtEFcdY5J+pzGdgByzP/HOVi12GAteKAmcSCb+/3ewOeO3vLc4v5pyiNU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744224837; c=relaxed/simple; bh=qSinNT/tx+AFMXq4mOAmrQ6OXexHwQ1Obc6kW4yKz08=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=dAu2Y615/4j+a0QP+fUnbkfL6Jp7sxnEeq/WPFzeCSyBMTOOz/pMkU86zGVC6SRISEeREwtBdmJPkuTAtZlvfSfFjAjsaiZ/iP++nr8HVMGZm4pk65zm/h7soTLpiNgF9Ajab4Ljo6fD11av209my/s6yhYThtoI/L7W34oFD9U= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com; spf=pass smtp.mailfrom=paul-moore.com; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b=clA59IMI; arc=none smtp.client-ip=209.85.160.179 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b="clA59IMI" Received: by mail-qt1-f179.google.com with SMTP id d75a77b69052e-4774193fdffso101585881cf.1 for ; Wed, 09 Apr 2025 11:53:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore.com; s=google; t=1744224833; x=1744829633; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=R7F+J7CLv0Q7TKcdsCSnDPPpdWK10ZRyc/PbHcMRk/Y=; b=clA59IMIgKYjNos5GixO2LJYlqJetGzTF/hrk4AB51BarPU6I/c9yhJS4W18YI3sP/ WnNH/HN1C79cnJbiRG8H3hobHJTbeTJ7M3IzQ+7OFiRJrJOrUSDfYAgHI5SPzmOXgYQ8 blfTgS0FPP9IW4s7BOLyx8R2P7zp2iR/jVRVGQGRSpIBMz2nW0V54HIiY2W/lXpUc8R0 zC53Sc97pfWO6r+rqr0EgO/1oVHMV4oea62fl7YliUdK8ct4NXBmlj2FQkLOv01kxO52 18enDS+JEmTUGNSh2xLvvEIfXEOW1ffMaLmAJ4iQ4K/CYMVgFr0gqwV3g2uqMeI9c/if hPmg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744224833; x=1744829633; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=R7F+J7CLv0Q7TKcdsCSnDPPpdWK10ZRyc/PbHcMRk/Y=; b=ZNIkbjebU0eYxWOhBtxyFNBQGNuuH6tjUHRH5Ojgu6P18tm6mDrzDoEZ0KLcammP6g yAb6GcPPoY0EZMcmPVlPUCkat2Y/rraQNsRk475wgayDYZy5OjRWmr9RuorIedryWY9z GidXx3b8rYX2RHDXRIbYEER2YGAeJ9OA904exnzZCbQW8bpdfi73yEVngwTJysK+kNll zWsK2Kywj2siYuRiodajvr/dyb66fb/0sG/7PgnhrYAVb2ib+02Y1cI0FBWERTnS/QJ9 /22m5sAW3wracNfRhj4KeT7faBIk31fircd5CfvK3TMUAKToqAmYZcYwJZuDc5fmpMBK B9pA== X-Gm-Message-State: AOJu0YxyvT+/NmnZOg+6Ar7U6dkS9+K9LRDseU7tZyGVQhF96KGk59kC 1ck82TjLNP3NyX9FQ+TvuNTCQdXLRtVn/mWPabiIMZ4MrQttqEnIE3hdY+IX1gnaGNXDPs5DJoc = X-Gm-Gg: ASbGnct/POAzL2Tx/t3bJ5kecpqGx0k6ucR3BINIT55NiKSG0Wy5vTuKK5+YJf6MwhN YgnyKvu/chA0gcSkcf5fxH1d3EUMn3txQqc3ocGwkPTxtEOtuuHUb08ZL+qaL9fdbOQeKbavHoQ GZyCnRzYX3o5sJjVZP/AuUi0wB96zf2OwBvO37lN5NkPBoSEK6hSXusQTcZthmOivFYQc4sZjj0 XnxGphekOx9/Omxm+pzGjd2uULwLGdLgLuVxs7pRc68QOrt+ItBh+MfisdMoSmhf1pvIGyvVpPP kBGh9rLXxL6yBN1xYQByapC6MBpv586NcVDr/5xYQslff938n6mw5c+kv3lD5BsLRZXnka7276S v8YDaw1KZ5w== X-Google-Smtp-Source: AGHT+IH8j+L3/WyowCHdZ+Lpg6i+z+njJlPi3PEm69Uk5bk5N1/ViqjQ2L4JUW0jWazX/KM5DcXLPw== X-Received: by 2002:ac8:7dd1:0:b0:476:aa36:d674 with SMTP id d75a77b69052e-479600c0adamr57068541cf.28.1744224832898; Wed, 09 Apr 2025 11:53:52 -0700 (PDT) Received: from localhost (pool-71-126-255-178.bstnma.fios.verizon.net. [71.126.255.178]) by smtp.gmail.com with UTF8SMTPSA id d75a77b69052e-47964ef799csm10296181cf.77.2025.04.09.11.53.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Apr 2025 11:53:52 -0700 (PDT) From: Paul Moore To: linux-security-module@vger.kernel.org, linux-integrity@vger.kernel.org, selinux@vger.kernel.org Cc: John Johansen , Mimi Zohar , Roberto Sassu , Fan Wu , =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , =?utf-8?q?G=C3=BCnt?= =?utf-8?q?her_Noack?= , Kees Cook , Micah Morton , Casey Schaufler , Tetsuo Handa Subject: [RFC PATCH 25/29] ima,evm: move initcalls to the LSM framework Date: Wed, 9 Apr 2025 14:50:10 -0400 Message-ID: <20250409185019.238841-56-paul@paul-moore.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20250409185019.238841-31-paul@paul-moore.com> References: <20250409185019.238841-31-paul@paul-moore.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=13008; i=paul@paul-moore.com; h=from:subject; bh=qSinNT/tx+AFMXq4mOAmrQ6OXexHwQ1Obc6kW4yKz08=; b=owEBbQKS/ZANAwAIAeog8tqXN4lzAcsmYgBn9sIBY2NMysmrJycfEVkky+9RGdUyFZimt4PfU HcMklsmSqGJAjMEAAEIAB0WIQRLQqjPB/KZ1VSXfu/qIPLalzeJcwUCZ/bCAQAKCRDqIPLalzeJ cynREACJKuiuDtFmEhBelYW8gr2pM/SehiGMWVwHzORAOnCmMiu9oHKiCqLsa5CakgfcyHC9tcb 28T4o0cS7gxWQpppRBSy43MKe2KDxz656x77UztAuHhOYubdyvSlC+ReR+8TXwQr25NIYR/nX9N v6DkWGCjAHKNsi1rYzDq1E3CDuuwLAUp20gFA3UjTI1e8wPXxSsGPu+i6z8vVMKkNOkQRr9mfBJ zU1G4sOVPH76SThD1rR7foAq9i4n5pjTHrKF9Ym4Chk7wx8yAOB5nyOQRTKVB7ocPB8hdHRMAQG PvKPK/Rmd9XaLmjSrixc9Wh9/0B4xVE7WoOZfuTx+LJupJV0hbFSjh2nO2ie78NMtdN5XiIUlRB qBYZyPqBM7rYt8Eze12OTDnJVXX1IzxWgz61JW9iVIAmVojR0fVb2Ya83L1Nvl2hROX1ERtg8fk 3vvMD2s9gIFEm8dbKVRDVKiXisVASvkyfO8/RPFis5T8ETeKRUMhKMeq7EZ8lVVdtzKj+CtedM/ Dnud8+m82aiIH4V3mMaqLgQiEH/xeaxQT2LFaxnv+bgfFfo+bMbmcNyRIu4+LvVfkoPiVhTWa2H ydhBe1wcsqFQEKtxUUB4m1x9wx3rPn4eu5L7IsEmN6zQYtP3IpR7mFCoHVPYo50NkbeDfr6NywE TW+wngHjRR/U5kw== X-Developer-Key: i=paul@paul-moore.com; a=openpgp; fpr=7100AADFAE6E6E940D2E0AD655E45A5AE8CA7C8A This patch converts IMA and EVM to use the LSM frameworks's initcall mechanism. There were two challenges to doing this conversion: the first simply being the number of initcalls across IMA and EVM, and the second was the number of resources shared between the two related, yet independent LSMs. The first problem was resolved by the creation of two new functions, integrity_device_init() and integrity_late_init(), with each focused on calling all of the various IMA/EVM initcalls for a single initcall type. The second problem was resolved by registering both of these new functions as initcalls for each LSM and including code in each registered initcall to ensure it only executes once. Signed-off-by: Paul Moore --- security/integrity/Makefile | 2 +- security/integrity/evm/evm_main.c | 7 +- security/integrity/iint.c | 4 +- security/integrity/ima/ima_main.c | 7 +- security/integrity/ima/ima_mok.c | 4 +- security/integrity/initcalls.c | 97 +++++++++++++++++++ security/integrity/initcalls.h | 23 +++++ .../integrity/platform_certs/load_ipl_s390.c | 4 +- .../integrity/platform_certs/load_powerpc.c | 4 +- security/integrity/platform_certs/load_uefi.c | 4 +- .../platform_certs/machine_keyring.c | 4 +- .../platform_certs/platform_keyring.c | 14 ++- 12 files changed, 147 insertions(+), 27 deletions(-) create mode 100644 security/integrity/initcalls.c create mode 100644 security/integrity/initcalls.h diff --git a/security/integrity/Makefile b/security/integrity/Makefile index 92b63039c654..6ea330ea88b1 100644 --- a/security/integrity/Makefile +++ b/security/integrity/Makefile @@ -5,7 +5,7 @@ obj-$(CONFIG_INTEGRITY) += integrity.o -integrity-y := iint.o +integrity-y := iint.o initcalls.o integrity-$(CONFIG_INTEGRITY_AUDIT) += integrity_audit.o integrity-$(CONFIG_INTEGRITY_SIGNATURE) += digsig.o integrity-$(CONFIG_INTEGRITY_ASYMMETRIC_KEYS) += digsig_asymmetric.o diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c index db8e324ed4e6..770d0411da2b 100644 --- a/security/integrity/evm/evm_main.c +++ b/security/integrity/evm/evm_main.c @@ -25,6 +25,7 @@ #include #include #include +#include "../initcalls.h" #include "evm.h" int evm_initialized; @@ -1112,7 +1113,7 @@ void __init evm_load_x509(void) } #endif -static int __init init_evm(void) +int __init init_evm(void) { int error; struct list_head *pos, *q; @@ -1179,6 +1180,6 @@ DEFINE_LSM(evm) = { .init = init_evm_lsm, .order = LSM_ORDER_LAST, .blobs = &evm_blob_sizes, + .initcall_device = integrity_device_init, + .initcall_late = integrity_late_init, }; - -late_initcall(init_evm); diff --git a/security/integrity/iint.c b/security/integrity/iint.c index 068ac6c2ae1e..a4b88d67ff43 100644 --- a/security/integrity/iint.c +++ b/security/integrity/iint.c @@ -11,6 +11,7 @@ */ #include #include "integrity.h" +#include "initcalls.h" struct dentry *integrity_dir; @@ -42,7 +43,7 @@ void __init integrity_load_keys(void) evm_load_x509(); } -static int __init integrity_fs_init(void) +int __init integrity_fs_init(void) { integrity_dir = securityfs_create_dir("integrity", NULL); if (IS_ERR(integrity_dir)) { @@ -58,4 +59,3 @@ static int __init integrity_fs_init(void) return 0; } -late_initcall(integrity_fs_init) diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 55a4f08a2565..1687badafb48 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -27,6 +27,7 @@ #include #include #include +#include "../initcalls.h" #include "ima.h" @@ -1180,7 +1181,7 @@ static int ima_kernel_module_request(char *kmod_name) #endif /* CONFIG_INTEGRITY_ASYMMETRIC_KEYS */ -static int __init init_ima(void) +int __init init_ima(void) { int error; @@ -1255,6 +1256,6 @@ DEFINE_LSM(ima) = { .init = init_ima_lsm, .order = LSM_ORDER_LAST, .blobs = &ima_blob_sizes, + .initcall_device = integrity_device_init, + .initcall_late = integrity_late_init, }; - -late_initcall(init_ima); /* Start IMA after the TPM is available */ diff --git a/security/integrity/ima/ima_mok.c b/security/integrity/ima/ima_mok.c index 95cc31525c57..4374fb6cc66d 100644 --- a/security/integrity/ima/ima_mok.c +++ b/security/integrity/ima/ima_mok.c @@ -14,6 +14,7 @@ #include #include #include +#include "../initcalls.h" struct key *ima_blacklist_keyring; @@ -21,7 +22,7 @@ struct key *ima_blacklist_keyring; /* * Allocate the IMA blacklist keyring */ -static __init int ima_mok_init(void) +int __init ima_mok_init(void) { struct key_restriction *restriction; @@ -46,4 +47,3 @@ static __init int ima_mok_init(void) panic("Can't allocate IMA blacklist keyring."); return 0; } -device_initcall(ima_mok_init); diff --git a/security/integrity/initcalls.c b/security/integrity/initcalls.c new file mode 100644 index 000000000000..de39754a1c2c --- /dev/null +++ b/security/integrity/initcalls.c @@ -0,0 +1,97 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Platform certificate / keyring initcalls + * + */ + +#include + +#include "initcalls.h" + +/** + * integrity_device_init - device_initcalls for IMA/EVM + * + * This helper function wraps all of the device_initcalls for both IMA and EVM. + * It can be called multiple times, e.g. once from IMA and once from EVM, + * without problem as it maintains an internal static state variable which + * ensures that any setup/initialization is only done once. + */ +int __init integrity_device_init(void) +{ + int rc = 0, rc_tmp; + static bool setup = false; + + if (setup) + return 0; + setup = true; + +#if defined(CONFIG_INTEGRITY_PLATFORM_KEYRING) + rc_tmp = platform_keyring_init(); + if (!rc && rc_tmp) + rc = rc_tmp; +#endif + +#if defined(CONFIG_INTEGRITY_MACHINE_KEYRING) + rc_tmp = machine_keyring_init(); + if (!rc && rc_tmp) + rc = rc_tmp; +#endif + +#if defined(CONFIG_IMA_BLACKLIST_KEYRING) + rc_tmp = ima_mok_init(); + if (!rc && rc_tmp) + rc = rc_tmp; +#endif + + return rc; +} + +/** + * integrity_late_init - late_initcalls for IMA/EVM + * + * This helper function wraps all of the late_initcalls for both IMA and EVM. + * It can be called multiple times, e.g. once from IMA and once from EVM, + * without problem as it maintains an internal static state variable which + * ensures that any setup/initialization is only done once. + */ +int __init integrity_late_init(void) +{ + int rc = 0, rc_tmp; + static bool setup = false; + + if (setup) + return 0; + setup = true; + +#if defined(CONFIG_LOAD_UEFI_KEYS) + rc_tmp = load_uefi_certs(); + if (!rc && rc_tmp) + rc = rc_tmp; +#endif + +#if defined(CONFIG_LOAD_IPL_KEYS) + rc_tmp = load_ipl_certs(); + if (!rc && rc_tmp) + rc = rc_tmp; +#endif + +#if defined(CONFIG_LOAD_PPC_KEYS) + rc_tmp = load_powerpc_certs(); + if (!rc && rc_tmp) + rc = rc_tmp; +#endif + + rc_tmp = integrity_fs_init(); + if (!rc && rc_tmp) + rc = rc_tmp; + + rc_tmp = init_ima(); + if (!rc && rc_tmp) + rc = rc_tmp; + + rc_tmp = init_evm(); + if (!rc && rc_tmp) + rc = rc_tmp; + + return rc; +} diff --git a/security/integrity/initcalls.h b/security/integrity/initcalls.h new file mode 100644 index 000000000000..dce16abb3b8a --- /dev/null +++ b/security/integrity/initcalls.h @@ -0,0 +1,23 @@ +/* SPDX-License-Identifier: GPL-2.0 */ + +#ifndef PLATFORM_CERTS_INITCALLS_H +#define PLATFORM_CERTS_INITCALLS_H + +int machine_keyring_init(void); +int platform_keyring_init(void); + +int load_uefi_certs(void); +int load_ipl_certs(void); +int load_powerpc_certs(void); + +int integrity_fs_init(void); + +int init_ima(void); +int init_evm(void); + +int ima_mok_init(void); + +int integrity_device_init(void); +int integrity_late_init(void); + +#endif diff --git a/security/integrity/platform_certs/load_ipl_s390.c b/security/integrity/platform_certs/load_ipl_s390.c index c7c381a9ddaa..3bf91d925614 100644 --- a/security/integrity/platform_certs/load_ipl_s390.c +++ b/security/integrity/platform_certs/load_ipl_s390.c @@ -10,12 +10,13 @@ #include #include #include "../integrity.h" +#include "../initcalls.h" /* * Load the certs contained in the IPL report created by the machine loader * into the platform trusted keyring. */ -static int __init load_ipl_certs(void) +int __init load_ipl_certs(void) { void *ptr, *end; unsigned int len; @@ -33,4 +34,3 @@ static int __init load_ipl_certs(void) } return 0; } -late_initcall(load_ipl_certs); diff --git a/security/integrity/platform_certs/load_powerpc.c b/security/integrity/platform_certs/load_powerpc.c index c85febca3343..2904559e485b 100644 --- a/security/integrity/platform_certs/load_powerpc.c +++ b/security/integrity/platform_certs/load_powerpc.c @@ -14,6 +14,7 @@ #include #include "keyring_handler.h" #include "../integrity.h" +#include "../initcalls.h" #define extract_esl(db, data, size, offset) \ do { db = data + offset; size = size - offset; } while (0) @@ -56,7 +57,7 @@ static __init void *get_cert_list(u8 *key, unsigned long keylen, u64 *size) * keyring and the blacklisted X.509 cert SHA256 hashes into the blacklist * keyring. */ -static int __init load_powerpc_certs(void) +int __init load_powerpc_certs(void) { void *db = NULL, *dbx = NULL, *data = NULL; void *trustedca; @@ -156,4 +157,3 @@ static int __init load_powerpc_certs(void) return rc; } -late_initcall(load_powerpc_certs); diff --git a/security/integrity/platform_certs/load_uefi.c b/security/integrity/platform_certs/load_uefi.c index d1fdd113450a..52c180704674 100644 --- a/security/integrity/platform_certs/load_uefi.c +++ b/security/integrity/platform_certs/load_uefi.c @@ -12,6 +12,7 @@ #include #include "../integrity.h" #include "keyring_handler.h" +#include "../initcalls.h" /* * On T2 Macs reading the db and dbx efi variables to load UEFI Secure Boot @@ -157,7 +158,7 @@ static int __init load_moklist_certs(void) * keyring and the UEFI blacklisted X.509 cert SHA256 hashes into the blacklist * keyring. */ -static int __init load_uefi_certs(void) +int __init load_uefi_certs(void) { efi_guid_t secure_var = EFI_IMAGE_SECURITY_DATABASE_GUID; efi_guid_t mok_var = EFI_SHIM_LOCK_GUID; @@ -235,4 +236,3 @@ static int __init load_uefi_certs(void) return rc; } -late_initcall(load_uefi_certs); diff --git a/security/integrity/platform_certs/machine_keyring.c b/security/integrity/platform_certs/machine_keyring.c index a401640a63cd..b49eb2bab7a2 100644 --- a/security/integrity/platform_certs/machine_keyring.c +++ b/security/integrity/platform_certs/machine_keyring.c @@ -7,8 +7,9 @@ #include #include "../integrity.h" +#include "../initcalls.h" -static __init int machine_keyring_init(void) +int __init machine_keyring_init(void) { int rc; @@ -19,7 +20,6 @@ static __init int machine_keyring_init(void) pr_notice("Machine keyring initialized\n"); return 0; } -device_initcall(machine_keyring_init); void __init add_to_machine_keyring(const char *source, const void *data, size_t len) { diff --git a/security/integrity/platform_certs/platform_keyring.c b/security/integrity/platform_certs/platform_keyring.c index bcafd7387729..84a8e4309f06 100644 --- a/security/integrity/platform_certs/platform_keyring.c +++ b/security/integrity/platform_certs/platform_keyring.c @@ -13,6 +13,7 @@ #include #include #include "../integrity.h" +#include "../initcalls.h" /** * add_to_platform_keyring - Add to platform keyring without validation. @@ -37,10 +38,12 @@ void __init add_to_platform_keyring(const char *source, const void *data, pr_info("Error adding keys to platform keyring %s\n", source); } -/* - * Create the trusted keyrings. +/** + * platform_keyring_init - Create the trusted keyrings. + * + * Must be initialised before we try and load the keys into the keyring. */ -static __init int platform_keyring_init(void) +int __init platform_keyring_init(void) { int rc; @@ -51,8 +54,3 @@ static __init int platform_keyring_init(void) pr_notice("Platform Keyring initialized\n"); return 0; } - -/* - * Must be initialised before we try and load the keys into the keyring. - */ -device_initcall(platform_keyring_init); From patchwork Wed Apr 9 18:50:11 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul Moore X-Patchwork-Id: 14045266 Received: from mail-qv1-f48.google.com (mail-qv1-f48.google.com [209.85.219.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4D7A327C875 for ; Wed, 9 Apr 2025 18:53:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.48 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744224837; cv=none; b=oQg0/KmIzffA0XQWcOjNzalO3+N/N2LgCz6lip8kDYnWMOWFgvpq9Nq5HMWXCyaoOTfYnQ/Iay3UBoDaCVO+b9FKivaSWFnX9y3vF6Wflm5z8ljf1pmj6NuUUJn27LmWIR2GLFuZ6Q8DluE7YgMxhMnmNvqZqf54et41Rw+Sb7k= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744224837; c=relaxed/simple; bh=utztmI35MpdP47rjxg0B2XjEZ9UWOwImBPwZUXo9w+w=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ciISnNryV/G1GQY8P+JOi7pKBR2s1lJiCORoBmIBPbSENKqCKW2YWEZFnChlLvWtPkkl4asXc+3GK3zchQymDhdFDYG52cOowRmQlBWak1uJIQ+Zm8b93khi+9SOjJLJFunpayAvIiZ3MxAsPCpFa/siWg/ywCthC1Ck9sviI+Q= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com; spf=pass smtp.mailfrom=paul-moore.com; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b=Jxs6a4yq; arc=none smtp.client-ip=209.85.219.48 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b="Jxs6a4yq" Received: by mail-qv1-f48.google.com with SMTP id 6a1803df08f44-6eaf1b6ce9aso78610396d6.2 for ; Wed, 09 Apr 2025 11:53:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore.com; s=google; t=1744224834; x=1744829634; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=fi2ZbxP1dCxAkMqJls0a7AvY5T+kQXoKTuD9ZugI9O0=; b=Jxs6a4yqdMaewRKM1DFFcakJWQDuNlDj2RpB8Fc/4HBXEr4Ha5QejtX0SQm09k4gH2 T2VG4dTFJY2+stV6SmDpNym2DGnp36SQk9iyE4oD6spjDhznVineOvVCDb4nt6BrFvVH PE6oGHrj2GeydMRBgUW+OwrakPbI95F2B1hF6lYPYDQ1Eb3mB5EcKwsBExjmqceBjB+v tTx9rcxFhRzEk1gE63EVTnADD2oXZsd17joY2HOPuCwP/YqO0AjJDri94wJ6tn/eZBfs 2eVBpROeeXLZ9LWcY0pG0X1XxrgALi66yyAvr1gimgEKR4Ks6TrGOEMHUAQfVK20/l8L OW8w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744224834; x=1744829634; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=fi2ZbxP1dCxAkMqJls0a7AvY5T+kQXoKTuD9ZugI9O0=; b=ii6Q1BeJDqvG4e+YaL26yO2M8IJPYwPE+tqjji2IvZvvshbCYuFH6vgB9Rz6JMF/gi SJZKRS0fYBScSnXLOJXP/fE4boUYJ6+Kin0rNP1NLR9QD2vAqZhN9yixtt1PzotcdxF+ mHuG2OthxAp1AYPnup38qs+C7ztIpVbvtdUgZ/6xS3B5ahKHN9wzUmcQbq+Ii7b4KFOL yPo6j5xBQ1eDZlRv5WBoKjGfpSOdzmMsdwMKEe07foFEWBOhWM5fjzkMVq1M4cTT5fQ7 ZjGYKAiBi4fqZdNZj1jBs8tSHfO/004nMT8Shi4ed8xLqCTPw+F+XxoHSwgQyBXJCRvz oM8Q== X-Gm-Message-State: AOJu0Yy2ts0XxQDYR+oqrpxsCnPJ3lBo45y4KHdbgefL935+MU/TxTgv ORzg1ncRx7GVFeXKEXw3dccMpSl6ZfBsHy9ehPRJDMWFqxPGW7C4cSgHx0lwet96bwFmMiZmCWI = X-Gm-Gg: ASbGncvwIYo6DM/lM31W880GqbbJB55ASV6LefgwWAhpSMQdlKNgMK3KKrH50xlbWAM 0SzeLRCXuSatwtCpvawd9uQkwBFu4d2cYuh3OvMJh78gSxU6YRWtj7eQf0oQ/0KA7bTjFCcFlby UezOq3pbV8OoFzIqOXfznLV9gr1Ehrhoexcqfcqm/P3mu84g3mFPyD0Ui70s96yAzVw1lCUOLWH CKyPHVs9Cfi9ZL8bzj/rLcbXhnbnGapt2bpKKcaSOTlRIOIODMGoBC0BM83SERaWy7Prb4PjkLN WGO4E49wxhbXrLa+luHtf4zF5v7722d3z7OHGlAgIXYbJDdNRnYtfWU9h1YtZ2l/YwYGnr/TUd0 ypGlemWf5P5HklNyyqtar X-Google-Smtp-Source: AGHT+IFl66cH2RPOfrpETumLCEBM5Q5jzQ5/Cpv5i0rzGC0zuvYeprgQ/1/FXLHgr/Q4H7qe9913Yw== X-Received: by 2002:a05:6214:252c:b0:6e4:4085:9f72 with SMTP id 6a1803df08f44-6f0e5a67103mr742576d6.7.1744224833948; Wed, 09 Apr 2025 11:53:53 -0700 (PDT) Received: from localhost (pool-71-126-255-178.bstnma.fios.verizon.net. [71.126.255.178]) by smtp.gmail.com with UTF8SMTPSA id 6a1803df08f44-6f0dea107a3sm10467746d6.114.2025.04.09.11.53.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Apr 2025 11:53:53 -0700 (PDT) From: Paul Moore To: linux-security-module@vger.kernel.org, linux-integrity@vger.kernel.org, selinux@vger.kernel.org Cc: John Johansen , Mimi Zohar , Roberto Sassu , Fan Wu , =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , =?utf-8?q?G=C3=BCnt?= =?utf-8?q?her_Noack?= , Kees Cook , Micah Morton , Casey Schaufler , Tetsuo Handa Subject: [RFC PATCH 26/29] selinux: move initcalls to the LSM framework Date: Wed, 9 Apr 2025 14:50:11 -0400 Message-ID: <20250409185019.238841-57-paul@paul-moore.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20250409185019.238841-31-paul@paul-moore.com> References: <20250409185019.238841-31-paul@paul-moore.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=10675; i=paul@paul-moore.com; h=from:subject; bh=utztmI35MpdP47rjxg0B2XjEZ9UWOwImBPwZUXo9w+w=; b=owEBbQKS/ZANAwAIAeog8tqXN4lzAcsmYgBn9sII2T89dnUOGapoKo7YIS43SbOGs1ek/wqFy Re6iuI6meKJAjMEAAEIAB0WIQRLQqjPB/KZ1VSXfu/qIPLalzeJcwUCZ/bCCAAKCRDqIPLalzeJ c8aWEAClRdwnan2ftM0+IAQ9rlfu+hkp88V5wXZ5vnX4E62Wq7OB+9t1zquaqVAWXJCWudAuN1b a9ZaGZ95p8KONGykdvsNSJo6a3OuCSgsMU7ssFgW8XV34327OCLef4z4FVIz2peFbtAZsUeL8D3 1N/nhzvML5mYrPK54Gn5MCphFojDJ4oIwt+yQwgvlBvJO63gz4q2HeHvOk3E/SZSBUsyHsWzSdk Q5Y75IDXLTvCtVBy0JAvwkiUXztUVR0iPVmiJxnXF+Q9VqbtIROkI02cjONlASzQHwuVy1yTAiH CMVced8V9KEGI3c6W+0TXwEV74Ng61oZKFXsH10inYzL8PFTkavC1AfTT/Es8UtDv7lbnQx0Yj5 srytN/imfEm1+kX0fmVnWkhWfG6ZYPwPIjtZFvC07GjVjDuwt2WCrthQyF4gHTeHzkx9WeQvn2T DjmUuruDKsWc5JgWBUuIobk38fMN4Iyy30Fgf0FpA1nRor/yTd6kj3epvD/Ch7u0st9fRH1UKWK whJPXsWpfZls3K1vZtoHtAGehRNgAmzIb8N2CEaPGljJMMXwB+HWfJI0Vas4G1r4Aoaq79Q54hE CFCO+O7d5M1Lj0xq20K7GGkAJ1cwlH+c64AACErheXwEOIAyY4E7WOwbHiiy6kvQIjhpgA12Bxp xQYjiP7KyFj9n+w== X-Developer-Key: i=paul@paul-moore.com; a=openpgp; fpr=7100AADFAE6E6E940D2E0AD655E45A5AE8CA7C8A SELinux currently has a number of initcalls so we've created a new function, selinux_initcall(), which wraps all of these initcalls so that we have a single initcall function that can be registered with the LSM framework. Signed-off-by: Paul Moore --- security/selinux/Makefile | 2 +- security/selinux/hooks.c | 9 +++-- security/selinux/ibpkey.c | 5 ++- security/selinux/include/audit.h | 5 +++ security/selinux/include/initcalls.h | 19 +++++++++++ security/selinux/initcalls.c | 50 ++++++++++++++++++++++++++++ security/selinux/netif.c | 5 ++- security/selinux/netlink.c | 5 ++- security/selinux/netnode.c | 5 ++- security/selinux/netport.c | 5 ++- security/selinux/selinuxfs.c | 5 ++- security/selinux/ss/services.c | 26 ++++----------- 12 files changed, 101 insertions(+), 40 deletions(-) create mode 100644 security/selinux/include/initcalls.h create mode 100644 security/selinux/initcalls.c diff --git a/security/selinux/Makefile b/security/selinux/Makefile index 66e56e9011df..72d3baf7900c 100644 --- a/security/selinux/Makefile +++ b/security/selinux/Makefile @@ -15,7 +15,7 @@ ccflags-y := -I$(srctree)/security/selinux -I$(srctree)/security/selinux/include ccflags-$(CONFIG_SECURITY_SELINUX_DEBUG) += -DDEBUG selinux-y := avc.o hooks.o selinuxfs.o netlink.o nlmsgtab.o netif.o \ - netnode.o netport.o status.o \ + netnode.o netport.o status.o initcalls.o \ ss/ebitmap.o ss/hashtab.o ss/symtab.o ss/sidtab.o ss/avtab.o \ ss/policydb.o ss/services.o ss/conditional.o ss/mls.o ss/context.o diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index f28a12a0a1c8..95b2399b1f4d 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -95,6 +95,7 @@ #include #include +#include "initcalls.h" #include "avc.h" #include "objsec.h" #include "netif.h" @@ -7535,6 +7536,10 @@ static __init int selinux_init(void) if (avc_add_callback(selinux_lsm_notifier_avc_callback, AVC_CALLBACK_RESET)) panic("SELinux: Unable to register AVC LSM notifier callback\n"); + if (avc_add_callback(selinux_audit_rule_avc_callback, + AVC_CALLBACK_RESET)) + panic("SELinux: Unable to register AVC audit callback\n"); + if (selinux_enforcing_boot) pr_debug("SELinux: Starting in enforcing mode\n"); else @@ -7567,6 +7572,7 @@ DEFINE_LSM(selinux) = { .enabled = &selinux_enabled_boot, .blobs = &selinux_blob_sizes, .init = selinux_init, + .initcall_device = selinux_initcall, }; #if defined(CONFIG_NETFILTER) @@ -7628,7 +7634,7 @@ static struct pernet_operations selinux_net_ops = { .exit = selinux_nf_unregister, }; -static int __init selinux_nf_ip_init(void) +int __init selinux_nf_ip_init(void) { int err; @@ -7643,5 +7649,4 @@ static int __init selinux_nf_ip_init(void) return 0; } -__initcall(selinux_nf_ip_init); #endif /* CONFIG_NETFILTER */ diff --git a/security/selinux/ibpkey.c b/security/selinux/ibpkey.c index 48f537b41c58..2609913f338a 100644 --- a/security/selinux/ibpkey.c +++ b/security/selinux/ibpkey.c @@ -23,6 +23,7 @@ #include #include +#include "initcalls.h" #include "ibpkey.h" #include "objsec.h" @@ -219,7 +220,7 @@ void sel_ib_pkey_flush(void) spin_unlock_irqrestore(&sel_ib_pkey_lock, flags); } -static __init int sel_ib_pkey_init(void) +int __init sel_ib_pkey_init(void) { int iter; @@ -233,5 +234,3 @@ static __init int sel_ib_pkey_init(void) return 0; } - -subsys_initcall(sel_ib_pkey_init); diff --git a/security/selinux/include/audit.h b/security/selinux/include/audit.h index d5b0425055e4..5989f8dd1e86 100644 --- a/security/selinux/include/audit.h +++ b/security/selinux/include/audit.h @@ -15,6 +15,11 @@ #include #include +/** + * XXX + */ +int selinux_audit_rule_avc_callback(u32 event); + /** * selinux_audit_rule_init - alloc/init an selinux audit rule structure. * @field: the field this rule refers to diff --git a/security/selinux/include/initcalls.h b/security/selinux/include/initcalls.h new file mode 100644 index 000000000000..6674cf489473 --- /dev/null +++ b/security/selinux/include/initcalls.h @@ -0,0 +1,19 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * SELinux initcalls + */ + +#ifndef _SELINUX_INITCALLS_H +#define _SELINUX_INITCALLS_H + +int init_sel_fs(void); +int sel_netport_init(void); +int sel_netnode_init(void); +int sel_netif_init(void); +int sel_netlink_init(void); +int sel_ib_pkey_init(void); +int selinux_nf_ip_init(void); + +int selinux_initcall(void); + +#endif diff --git a/security/selinux/initcalls.c b/security/selinux/initcalls.c new file mode 100644 index 000000000000..81f01f8ad215 --- /dev/null +++ b/security/selinux/initcalls.c @@ -0,0 +1,50 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * SELinux initcalls + */ + +#include + +#include "initcalls.h" + +/** + * selinux_initcall - Perform the SELinux initcalls + * + * Used as a device initcall in the SELinux LSM definition. + */ +int __init selinux_initcall(void) +{ + int rc = 0, rc_tmp = 0; + + rc_tmp = init_sel_fs(); + if (!rc && rc_tmp) + rc = rc_tmp; + + rc_tmp = sel_netport_init(); + if (!rc && rc_tmp) + rc = rc_tmp; + + rc_tmp = sel_netnode_init(); + if (!rc && rc_tmp) + rc = rc_tmp; + + rc_tmp = sel_netif_init(); + if (!rc && rc_tmp) + rc = rc_tmp; + + rc_tmp = sel_netlink_init(); + if (!rc && rc_tmp) + rc = rc_tmp; + + rc_tmp = sel_ib_pkey_init(); + if (!rc && rc_tmp) + rc = rc_tmp; + +#if defined(CONFIG_NETFILTER) + rc_tmp = selinux_nf_ip_init(); + if (!rc && rc_tmp) + rc = rc_tmp; +#endif + + return rc; +} diff --git a/security/selinux/netif.c b/security/selinux/netif.c index 43a0d3594b72..69f660721dc8 100644 --- a/security/selinux/netif.c +++ b/security/selinux/netif.c @@ -22,6 +22,7 @@ #include #include +#include "initcalls.h" #include "security.h" #include "objsec.h" #include "netif.h" @@ -261,7 +262,7 @@ static struct notifier_block sel_netif_netdev_notifier = { .notifier_call = sel_netif_netdev_notifier_handler, }; -static __init int sel_netif_init(void) +int __init sel_netif_init(void) { int i; @@ -276,5 +277,3 @@ static __init int sel_netif_init(void) return 0; } -__initcall(sel_netif_init); - diff --git a/security/selinux/netlink.c b/security/selinux/netlink.c index 1760aee712fd..eb40e4603475 100644 --- a/security/selinux/netlink.c +++ b/security/selinux/netlink.c @@ -17,6 +17,7 @@ #include #include +#include "initcalls.h" #include "security.h" static struct sock *selnl __ro_after_init; @@ -105,7 +106,7 @@ void selnl_notify_policyload(u32 seqno) selnl_notify(SELNL_MSG_POLICYLOAD, &seqno); } -static int __init selnl_init(void) +int __init sel_netlink_init(void) { struct netlink_kernel_cfg cfg = { .groups = SELNLGRP_MAX, @@ -117,5 +118,3 @@ static int __init selnl_init(void) panic("SELinux: Cannot create netlink socket."); return 0; } - -__initcall(selnl_init); diff --git a/security/selinux/netnode.c b/security/selinux/netnode.c index 5c8c77e50aad..11b5eac30641 100644 --- a/security/selinux/netnode.c +++ b/security/selinux/netnode.c @@ -30,6 +30,7 @@ #include #include +#include "initcalls.h" #include "netnode.h" #include "objsec.h" @@ -287,7 +288,7 @@ void sel_netnode_flush(void) spin_unlock_bh(&sel_netnode_lock); } -static __init int sel_netnode_init(void) +int __init sel_netnode_init(void) { int iter; @@ -301,5 +302,3 @@ static __init int sel_netnode_init(void) return 0; } - -__initcall(sel_netnode_init); diff --git a/security/selinux/netport.c b/security/selinux/netport.c index 2e22ad9c2bd0..d1c12f58a628 100644 --- a/security/selinux/netport.c +++ b/security/selinux/netport.c @@ -29,6 +29,7 @@ #include #include +#include "initcalls.h" #include "netport.h" #include "objsec.h" @@ -220,7 +221,7 @@ void sel_netport_flush(void) spin_unlock_bh(&sel_netport_lock); } -static __init int sel_netport_init(void) +int __init sel_netport_init(void) { int iter; @@ -234,5 +235,3 @@ static __init int sel_netport_init(void) return 0; } - -__initcall(sel_netport_init); diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index 47480eb2189b..88d16c1dbb5a 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -35,6 +35,7 @@ /* selinuxfs pseudo filesystem for exporting the security policy API. Based on the proc code and the fs/nfsd/nfsctl.c code. */ +#include "initcalls.h" #include "flask.h" #include "avc.h" #include "avc_ss.h" @@ -2131,7 +2132,7 @@ static struct file_system_type sel_fs_type = { struct path selinux_null __ro_after_init; -static int __init init_sel_fs(void) +int __init init_sel_fs(void) { struct qstr null_name = QSTR_INIT(NULL_FILE_NAME, sizeof(NULL_FILE_NAME)-1); @@ -2175,5 +2176,3 @@ static int __init init_sel_fs(void) return err; } - -__initcall(init_sel_fs); diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index e431772c6168..d84a496e5f7f 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -3534,6 +3534,13 @@ struct selinux_audit_rule { struct context au_ctxt; }; +int selinux_audit_rule_avc_callback(u32 event) +{ + if (event == AVC_CALLBACK_RESET) + return audit_update_lsm_rules(); + return 0; +} + void selinux_audit_rule_free(void *vrule) { struct selinux_audit_rule *rule = vrule; @@ -3784,25 +3791,6 @@ int selinux_audit_rule_match(struct lsm_prop *prop, u32 field, u32 op, void *vru return match; } -static int aurule_avc_callback(u32 event) -{ - if (event == AVC_CALLBACK_RESET) - return audit_update_lsm_rules(); - return 0; -} - -static int __init aurule_init(void) -{ - int err; - - err = avc_add_callback(aurule_avc_callback, AVC_CALLBACK_RESET); - if (err) - panic("avc_add_callback() failed, error %d\n", err); - - return err; -} -__initcall(aurule_init); - #ifdef CONFIG_NETLABEL /** * security_netlbl_cache_add - Add an entry to the NetLabel cache From patchwork Wed Apr 9 18:50:12 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul Moore X-Patchwork-Id: 14045268 Received: from mail-qv1-f50.google.com (mail-qv1-f50.google.com [209.85.219.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 001EC27C879 for ; Wed, 9 Apr 2025 18:53:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.50 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744224838; cv=none; b=Rka47xxIuv2yPK1aefuMHfqe/exWbYtZWMrJvQBxK2Vdzf8LD1RgMvlQ4Kwamp96+O8fhcwqbusb9OfDyhyV8jxGZKQjEIZ+YJxGlB6eCt2eux7sUbymyFVYcEjajoXbAmY1ZH0js4WIyrdNtrmdbC/qkpBnPcGVF74zDZX4RyI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744224838; c=relaxed/simple; bh=PrN0eKET272MqYvpyKfbTsLvpxVkWcKMDEl17osJyFs=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=F36ak99d8W7+60XGO5bQdl8lsQHQTsKWV/F7f28eARNTy+R6JYOPaZ9Y9EwpdV9hURQbVy6UZgsSQppZy6SWGvcAboJQv6xCi+T3xp70MJMYezREuRTdTBvRT7wUOzOJshBuQuGN6gGfFGslvE6qAwNjSrCC3M0r45SijJ51vPI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com; spf=pass smtp.mailfrom=paul-moore.com; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b=EaUXia/m; arc=none smtp.client-ip=209.85.219.50 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b="EaUXia/m" Received: by mail-qv1-f50.google.com with SMTP id 6a1803df08f44-6ecf0e07947so658276d6.0 for ; Wed, 09 Apr 2025 11:53:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore.com; s=google; t=1744224835; x=1744829635; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=kATB6b7rfxqvL0cXzYWVDgnxVdpmTKsX9O+BlcwUWW0=; b=EaUXia/mBZVBBhMbdBNZAkAPkmW7/V4qQNNoRW38C/gpwjTPI3XAjv1+eAp2pi4MCa crVlwFOgSI9Bfx/czxKa3I4QSdPW6BS5M1ama8uPcWQJ9yHHZvQ7745Cy59oUtBVq2O1 /Ppqg7TnrX/i4eBahJckgJO7fBfF6aF9L4uaiJRDtUHr+ZnuJdtBYLymQ88WTEAQ1NnZ B4QuopTZlr+cVU6wilY9hjtVaNd6wjskpE9JyZzCU5WQEW6rVlvjxPx3hpqdAkirhz54 hOi0DIfnLCgveSd+9YwXXhvrkHKcyTsqDc5lSEJq+/A6Eh+Edo39x5gjqyTMklAAVp9N y0sA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744224835; x=1744829635; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=kATB6b7rfxqvL0cXzYWVDgnxVdpmTKsX9O+BlcwUWW0=; b=kRA3HIPo3LzvodcmhsnFSZbpOnRdxyy/BbkTNNpz/O/9Amvk9chdWZ85nCfR9f2qTG QPTfFflnxoHTQeZn9ZzyjVKlyKazoEPDBFf6wlkVxarvLfAy9TdcrY0LUvb4V2HXrTCU Ekgy+2kXgd3wH6tUAnogmZ0Aal7S5jfWueicDSDp18uDQNXbBoXNmoSvYPzwaawduJy4 +7sfJnjbRFF4cf97DWO9uIZNa7zgeNVnFQ1RmXB3DSXJvV2bS47eYd93B0Ao5JCQUluI F8k/w35x8R0mOlVKsyGEjqKKIO0xFzTZ30f1ZU9Ui0Rte+8rU5N8Ce3tyR1TLrknBU+s kmQQ== X-Gm-Message-State: AOJu0YyosAP94MsgY5uuXjnl4oYTr5Wc0Xxc2vR5V0dR6K9xWlH9pRqR vHKSgFK4xOLPYxhBHmEzGVhJ0TfgByZB7NziFWERD/vLjpX75CRLylAtQcd3C5w7d9ca4z12muI = X-Gm-Gg: ASbGncvNoLd1fsJt+s0bBGTqCzOZ5WGaaVvOk5VzQBT5lxeLHvXSBSogA5ReCccBmKH m3oOqr4VprWQtel+f6bBjCjq9J521ibO1Tcg2zIy6Fwed1/LlXCcJVUSZDw1a8psD5htdCpbp8N dd9V41RvAwlr+227PtubX5SHdi+5F9KXjKR4O+t09DvxmukjGuf1TrBB+Xqf/ouatI7ru5EKw9W ZARSXM0nYOETy20uQGHwbwNCLu/iTDwvLPBUN2l5A0yC0uK52PMPBR7OqS/cBMw7IaPGbv0r8Tr Cw6690teuUGzLKDvapNCTFaC1d6xe0KDvLb6FwRFGfhG9iJgnfjxt9IWvNbRpQbb1SqoWgknW68 gVHWLkQHflQ== X-Google-Smtp-Source: AGHT+IEemC50KA/WyRHDEgLiWRsHI0RRXRXGr8ZGg4VJ6LThazDHrCCsoVbGLWt+McOXildVKh51Lw== X-Received: by 2002:ad4:504c:0:b0:6e2:383f:4acd with SMTP id 6a1803df08f44-6f0e4c7f873mr9893526d6.7.1744224834852; Wed, 09 Apr 2025 11:53:54 -0700 (PDT) Received: from localhost (pool-71-126-255-178.bstnma.fios.verizon.net. [71.126.255.178]) by smtp.gmail.com with UTF8SMTPSA id af79cd13be357-7c7a10ba74bsm106575785a.30.2025.04.09.11.53.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Apr 2025 11:53:54 -0700 (PDT) From: Paul Moore To: linux-security-module@vger.kernel.org, linux-integrity@vger.kernel.org, selinux@vger.kernel.org Cc: John Johansen , Mimi Zohar , Roberto Sassu , Fan Wu , =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , =?utf-8?q?G=C3=BCnt?= =?utf-8?q?her_Noack?= , Kees Cook , Micah Morton , Casey Schaufler , Tetsuo Handa Subject: [RFC PATCH 27/29] lsm: consolidate all of the LSM framework initcalls Date: Wed, 9 Apr 2025 14:50:12 -0400 Message-ID: <20250409185019.238841-58-paul@paul-moore.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20250409185019.238841-31-paul@paul-moore.com> References: <20250409185019.238841-31-paul@paul-moore.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=2798; i=paul@paul-moore.com; h=from:subject; bh=PrN0eKET272MqYvpyKfbTsLvpxVkWcKMDEl17osJyFs=; b=owEBbQKS/ZANAwAIAeog8tqXN4lzAcsmYgBn9sIPi3POvhOt2pY5xdpdJT2VBGb5TQ6QlFVu1 pjLw27Jb26JAjMEAAEIAB0WIQRLQqjPB/KZ1VSXfu/qIPLalzeJcwUCZ/bCDwAKCRDqIPLalzeJ c7h1D/9bnJjmcuDTeSIQESIabJvH4KNhWLg4YzqOI/sU8P+OAvAW7fF2SD4n390qfH0v9MO3hli 830/HKjpk5NAZv2hVj2JqZWrnBR0zYcanselNm5d7k1Bc0p3bmN7R4fnZm0Nyoy5JkKWCvjjMtZ TGFshBhE5jvFEqb9W7Szs8A+qM4Nt9B2NqZkSfwN5+AsJvxesBoqg7675a3tDgXSHw8BzpuSun3 uRl7gIkgxptSXQzt9+KSnFCCwUF71Lz/MiaHFlLKo99amklfPsB83bArpDtCWInojRVEIk/f2v4 gpXAlIlW+WyPiSlGXevb1fXcV9GAQTpQfAsK+vaf2nH3S6o7yfPz6c1wC8nZHCRWbxQUooli1r0 Ica4Iby3EtavtMxdvz0tcCnkaw/dgUyXG/L1dQkKzSwVLzQOwaiw2NuoQUk7YMcC0CpCE9s6K9H EtqUPxUSowPjKd3YIbUuAwcV9EX2BfeVv7SPz+GsYA0uZ73K2zfargaKf3YgQ/1azVOWz4aXVRl kaW+5shHpKmTm77tcclL4NbryLowtMgXKah6v7HwzRZ4IevAtF9khPYVTvRzed29qxS+LYLtiFA LFS4LZ2BIlUEAxZEuumoYSH8Jvo5/q8V5MTHiME/8vf0lTZkEKsZKU3oKPY/UfEDr9TW3gTxZf8 N5K4JluwMBddtow== X-Developer-Key: i=paul@paul-moore.com; a=openpgp; fpr=7100AADFAE6E6E940D2E0AD655E45A5AE8CA7C8A The LSM framework itself registers a small number of initcalls, this patch converts these initcalls into the new initcall mechanism. Signed-off-by: Paul Moore --- security/inode.c | 3 +-- security/lsm.h | 4 ++++ security/lsm_init.c | 14 ++++++++++++-- security/min_addr.c | 5 +++-- 4 files changed, 20 insertions(+), 6 deletions(-) diff --git a/security/inode.c b/security/inode.c index f687e22e6809..671c66c147bc 100644 --- a/security/inode.c +++ b/security/inode.c @@ -375,7 +375,7 @@ static const struct file_operations lsm_ops = { }; #endif -static int __init securityfs_init(void) +int __init securityfs_init(void) { int retval; @@ -394,4 +394,3 @@ static int __init securityfs_init(void) #endif return 0; } -core_initcall(securityfs_init); diff --git a/security/lsm.h b/security/lsm.h index 8ecb66896646..c432dc0c5e30 100644 --- a/security/lsm.h +++ b/security/lsm.h @@ -35,4 +35,8 @@ extern struct kmem_cache *lsm_inode_cache; int lsm_cred_alloc(struct cred *cred, gfp_t gfp); int lsm_task_alloc(struct task_struct *task); +/* LSM framework initializers */ +int securityfs_init(void); +int min_addr_init(void); + #endif /* _LSM_H_ */ diff --git a/security/lsm_init.c b/security/lsm_init.c index 75eb0cc82869..c0881407ca3f 100644 --- a/security/lsm_init.c +++ b/security/lsm_init.c @@ -485,7 +485,12 @@ int __init security_init(void) */ static int __init security_initcall_pure(void) { - return lsm_initcall(pure); + int rc_adr, rc_lsm; + + rc_adr = min_addr_init(); + rc_lsm = lsm_initcall(pure); + + return (rc_adr ? rc_adr : rc_lsm); } pure_initcall(security_initcall_pure); @@ -503,7 +508,12 @@ early_initcall(security_initcall_early); */ static int __init security_initcall_core(void) { - return lsm_initcall(core); + int rc_sfs, rc_lsm; + + rc_sfs = securityfs_init(); + rc_lsm = lsm_initcall(core); + + return (rc_sfs ? rc_sfs : rc_lsm); } core_initcall(security_initcall_core); diff --git a/security/min_addr.c b/security/min_addr.c index df1bc643d886..40714bdeefbe 100644 --- a/security/min_addr.c +++ b/security/min_addr.c @@ -4,6 +4,8 @@ #include #include +#include "lsm.h" + /* amount of vm to protect from userspace access by both DAC and the LSM*/ unsigned long mmap_min_addr; /* amount of vm to protect from userspace using CAP_SYS_RAWIO (DAC) */ @@ -54,11 +56,10 @@ static const struct ctl_table min_addr_sysctl_table[] = { }, }; -static int __init init_mmap_min_addr(void) +int __init min_addr_init(void) { register_sysctl_init("vm", min_addr_sysctl_table); update_mmap_min_addr(); return 0; } -pure_initcall(init_mmap_min_addr); From patchwork Wed Apr 9 18:50:13 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul Moore X-Patchwork-Id: 14045270 Received: from mail-qv1-f46.google.com (mail-qv1-f46.google.com [209.85.219.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 04B1B278149 for ; Wed, 9 Apr 2025 18:53:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.46 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744224840; cv=none; b=F03ov4GF11a5r+cPhkpetfvosR8PyP6CL8rZ7Nm6EObwVCFkLc8xOYo3yoJdXa4cn61xD9b2Z2xzvU5QYofGizRLls/XZrEijQbesoWADIAseOg3uEJ7tq6d++82XELVw0vEes1KEUNQvN6fbI5NHolivWg/HeGlbTDgdDZ/y7A= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744224840; c=relaxed/simple; bh=EOhKFjWPk2W+JME5T82mhmndtBkKJ4lU4BvvjUFikbE=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=bH1VocAS9Guk1RB1+kqTqV0pK2EtYzH5qU7g/GLQCwZnnNDUmzE1G0fX5fECQL/xL216eTFVLt2lTfWD9ow9UXdVFFn6Oj5Ob2agJQe86wj+SWkPCvJMStJjU6v3mbv9x7UDNMmNhAXuEytGke4wruf4iPB7Fz8WkN4qC2CbY/0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com; spf=pass smtp.mailfrom=paul-moore.com; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b=CsTLtt5V; arc=none smtp.client-ip=209.85.219.46 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b="CsTLtt5V" Received: by mail-qv1-f46.google.com with SMTP id 6a1803df08f44-6e8f06e13a4so11159366d6.0 for ; Wed, 09 Apr 2025 11:53:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore.com; s=google; t=1744224836; x=1744829636; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=FznqwKTb5apAKN7+PdryvYkHD8cDOK5T7aoHaw7NUu0=; b=CsTLtt5Vw0RXkken0N8YjsPORF8mLyHFZ0YXh/8IbHm44jrOdpKe6MDn6jvI2WPG2w w86XA9Ia6zquksFtR5r0aErwZLEfDVxGkqhgWtWF453+g+4wkWtEbweADVmhwcbFMwmn SD/LsqvvLZdZQpVVBX/N/kSplrKirdbSHXlbdisQQQBoGQV81GnJKiiU+ijmfzl/GahL J+dP/AM6JbH7WRIAWHnnbq8cFgR+ibIqocWO5F3mfehzv1vxIQ9HvGmsQhIsQHSiEKTi +oWF1vf24K1MsMuUZsSHmyNyuF2wNOHrFOQdYF3AjitEh85qtBD5AYVWNukCziwlwyx8 PyQg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744224836; x=1744829636; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=FznqwKTb5apAKN7+PdryvYkHD8cDOK5T7aoHaw7NUu0=; b=wlKfYytGhiYGBi2BoTyJSE8aORS8WZPg++QgxlWONNKy02r9fmUMZPjd26YAywyuhw 8bxtPB6NW4oTaCW00HtKEWKCkq7psjP9RO2VYJoZZiHEFy6hL3cs76SC0MIyjHtNjOiG J8KMBaiK7oXIm9ZeFDRORYeMQIlQpsZ+dQAmW6JU7prygK6/+Fsk4x32pn5xfOZBU30K UuN49+fnYu9w2lhYf/qC7Pf4m13WhiMtZTv/2apvbrUMFJ0ayzebhuNHCIAPoUTyUlP8 nFMIvzCQBC08UiHAppU24B+7SIHPdJ3MR80QqLq3wJpA6i2TaLPnFp5O6hj0zikF962X gbeA== X-Gm-Message-State: AOJu0YzPIPK7g0FgrHCbO1kUNzRN7UKF7+Eh2QG9uePemZmDYrrRHkKZ l/JvemWOgY4S8lyJvv/xmvtWQCqiJTiYcNZyzmCCikNiBmWzz3W/r85+qKrwM/l9fSOW/ucO2CA = X-Gm-Gg: ASbGncsUlhMANIL9fxAuQx4yGeQfVrLnbtt2S5AogYtAkj0oTSAfoA5dgpyz/VXpAqm Nyno3nQ3rsUkAJX+CSgoLgqfnBaJw3dm/+ByybxSfXvMFosVCbaOOlFBJgkm/BSYXZdU0Peozav dR06w9d/3qWni7fNXwJOpQvevAMqCGLZhPBTkt/Pdef7ZCgQ7L3grW2n9z45RdJhEa61egI/RUR GYG3njIW+3QiuPFvjOve6z1JJxL3W5lZAXf57qaua4mqKtto2AJAc+R2H3Tpmty+CqRdpZtSQkR 1nnH+ES4EMks6euVHfrHIPiKvPNlczhre9WLCGzl1UskRg+xHdRj4ThKd8c5XMc/5w4aFrvsngg RDy7A+S1ZXA== X-Google-Smtp-Source: AGHT+IFcpDIpn9yzoagNWWHWb0KRZQDu1+LHtagATeLv2Xto1aKeAbvvTuZ3Ieu6WEHXP5eExSlB2Q== X-Received: by 2002:a0c:da0b:0:b0:6e1:715f:cdf5 with SMTP id 6a1803df08f44-6f0e4cd95d2mr9685806d6.15.1744224835695; Wed, 09 Apr 2025 11:53:55 -0700 (PDT) Received: from localhost (pool-71-126-255-178.bstnma.fios.verizon.net. [71.126.255.178]) by smtp.gmail.com with UTF8SMTPSA id 6a1803df08f44-6f0de95fdd1sm10572126d6.18.2025.04.09.11.53.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Apr 2025 11:53:55 -0700 (PDT) From: Paul Moore To: linux-security-module@vger.kernel.org, linux-integrity@vger.kernel.org, selinux@vger.kernel.org Cc: John Johansen , Mimi Zohar , Roberto Sassu , Fan Wu , =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , =?utf-8?q?G=C3=BCnt?= =?utf-8?q?her_Noack?= , Kees Cook , Micah Morton , Casey Schaufler , Tetsuo Handa Subject: [RFC PATCH 28/29] lsm: add a LSM_STARTED_ALL notification event Date: Wed, 9 Apr 2025 14:50:13 -0400 Message-ID: <20250409185019.238841-59-paul@paul-moore.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20250409185019.238841-31-paul@paul-moore.com> References: <20250409185019.238841-31-paul@paul-moore.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=974; i=paul@paul-moore.com; h=from:subject; bh=EOhKFjWPk2W+JME5T82mhmndtBkKJ4lU4BvvjUFikbE=; b=owEBbQKS/ZANAwAIAeog8tqXN4lzAcsmYgBn9sIVMDPtmaBS3eTRatijsag/DCisyb4Lmzoy2 Rs47FQHppuJAjMEAAEIAB0WIQRLQqjPB/KZ1VSXfu/qIPLalzeJcwUCZ/bCFQAKCRDqIPLalzeJ c/RFD/4o3uzOvFwpzkMnP8y/Ozb/Np5gbUiHvWCt3vtNSOHqvzf0kuvVf7K5dmKldtN9VG7Fezu fWYpsoGhZq1z49oePGfOIAM4XWj0xIayB/J7ufugfCI31/BQHMPk34mgdIpFiRlFjMTJD1KFpWg ZYWf+18CAuYoS9wIZmHMJlsCWtYzYOXy/ahoakG3nmIJ4Z+GmMq+ofY3qFV4zo2Eo6v+61VGyNZ Uq6hHMbSW2PfT0Is3JBP2lOhMOmnFKkhRKKCwDoLihPwYTIQdtu+qaK7y8LC7ucVTU0cAXT6RGL eFpYPjQJaKBmUvbBLfxv5Tc42Uv7cWQ+q1qfZo5bHyN48RutQHFZVbvJ1D7JWF0vsgj114lQaeZ m7Mu4Gms3TrcFwXePRReawxy9shpXmPvBOZQxu1ZRpfm9M+jkSy6x4QzBNaWT5LogVX85zm3m8A 7ibswbi2ktT2WSqTN3qF9mYhOoMAKnaEGmvyWG/7hPZTAHtTZx9SMnExdo1qacaqvgfKszoEnqK IGORQ4NgoeRN3eDQ//A1nhOVv5t2+yBkmRYY36PlyByhrLMSyspPDATpYz+WAEnV70rUObVJ8Xe BYGN0lmKkTl2Eketjbl9HRhYZkElCMGP+VjXuLOBTTDLVDMDDP4fF1NBNSYKygjirwv9SRmxVEc osl1Vp92YTaoFUg== X-Developer-Key: i=paul@paul-moore.com; a=openpgp; fpr=7100AADFAE6E6E940D2E0AD655E45A5AE8CA7C8A Add a new LSM notifier event, LSM_STARTED_ALL, which is fired once at boot when all of the LSMs have been started. Signed-off-by: Paul Moore Reviewed-by: Kees Cook --- include/linux/security.h | 1 + security/lsm_init.c | 1 + 2 files changed, 2 insertions(+) diff --git a/include/linux/security.h b/include/linux/security.h index 8aac21787a9f..a0ff4fc69375 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -85,6 +85,7 @@ struct timezone; enum lsm_event { LSM_POLICY_CHANGE, + LSM_STARTED_ALL, }; struct dm_verity_digest { diff --git a/security/lsm_init.c b/security/lsm_init.c index c0881407ca3f..cad6d243a2a6 100644 --- a/security/lsm_init.c +++ b/security/lsm_init.c @@ -553,6 +553,7 @@ static int __init security_initcall_late(void) rc = lsm_initcall(late); lsm_pr_dbg("all enabled LSMs fully activated\n"); + call_blocking_lsm_notifier(LSM_STARTED_ALL, NULL); return rc; } From patchwork Wed Apr 9 18:50:14 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul Moore X-Patchwork-Id: 14045269 Received: from mail-qk1-f176.google.com (mail-qk1-f176.google.com [209.85.222.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D09F527C875 for ; Wed, 9 Apr 2025 18:53:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.222.176 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744224840; cv=none; b=Nf9QWKnt62sG6Ton3kDptmzqiPUcrohKzfMA8WcS4NaelusrHrVVedIS/RWEHUlZgPGSjI/nfd6WWLvYYZLvwcpZ0x+lxp8QV//FciiyUh8IzzRUM8HbiSbNo+FW55V5SdO8bGNGJkejkSp5EOizj73FQoj46xWd7nsdZO3RHPU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744224840; c=relaxed/simple; bh=sA9hFu6yxQ2fxu1Aay8jzwhRLhp2Y5W1l64str1QuyU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=juxzVeJ+R6oG46Ze7M89pRhe7yVFxsRUogefvnw3iUIJcuAeNp8b18N0LkGxfmL+rg9SaqUBshxLywjN2jvANEBi5zExiAwJWkrQg+R4HmSyonP30U0FpLi4Nw2K7uXbKMzuzwPkuPoBBdHdKoeMTo8EAo4TYcHjafQisSbL+b4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com; spf=pass smtp.mailfrom=paul-moore.com; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b=bgyjikM+; arc=none smtp.client-ip=209.85.222.176 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b="bgyjikM+" Received: by mail-qk1-f176.google.com with SMTP id af79cd13be357-7c7913bab2cso2735785a.0 for ; Wed, 09 Apr 2025 11:53:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore.com; s=google; t=1744224836; x=1744829636; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=9KR59u0DidL2Cq6sqSkjIG2B+LoZiP5bmcIUOEIwRHY=; b=bgyjikM+OFLpE0YMQHFfu9QNy6oJeOBYGupE/r/53iq8Oeuc4Bzjk0A1cu/H2m5IrV 4qu43tGhzcRyV1xX0zBmg7QxsrUXyAy1rQ4j5P7PoK+chyH+gegLmjd7snziF1XhMVCq hGP/FZ4/B8SHFSs+0+LbUsqHeNooPekHJyjxI/Zw0NAhGLii7X+CtBurJ8iNESQWsG74 72O+XKc+UVEiTmlS4xHmUwozctVgygmS/OsQ8DKen5XmEPeWbHNxqqvnmgaIz3C5byph 9xcUbwn04MZGT1mrhHIn9FEXRvdyUdjwYB/szI1tIAX81h8rq7mX51UdIRwpyklRywl6 Dr3A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744224836; x=1744829636; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=9KR59u0DidL2Cq6sqSkjIG2B+LoZiP5bmcIUOEIwRHY=; b=WRmE5bFjmNC9dpyQp5Uv0buTf+flnhXpYPsdiCIFsmPuUerhLDNtq3yk+OLGNxm23W N7F5SfJo4C+vVF1ZBCwSIGzj4PQFvrFmkQ65HZaR3RFujHmxgyQYqVMPL4SXMASi2jEF xDJAdD003GPgaf8Oaqw2VvBJD/G69fRaT/xu2FA8Uht3WqBrmI/JLuE3B6Gagudgls/d vgPRR3yIDcJlwHLLWtnpinomlaJ2uQbGJv8G+B7RtjbQdjQ7Bc6okrpUXS7lXFZN8jzq xrwHaGdOGcVHt80xmjdac1NHWj8c9llJ/unDsmTnhRn0DZnSBk70Jno3eQRPO8FJuJ2f 7qig== X-Gm-Message-State: AOJu0YwS7r9gZyoQ8Dt2Kxo8bPyH2OmpEaG6bZyW3kLCEfYef/z/liLs gd4HgFnyfiW5v6T2uWplqHQSyc3QsuNOviC8wz6x5G3MESHS2vgJ2i407zFlC1yqNcCaqJH/l7c = X-Gm-Gg: ASbGnct2Jt9Kn5vdfh26JszCmolHP1SieG6sMyJxhc9mnzfHKwfsIs/bDPXdO6izSig L+VpkiXmFhokAkqox4+iFGoUurL3tKgeS546wQoolpHM+Xgw+s4zMSxMFxgHNdkzDl5LB0Y/9sy 7/h0izilzy4s/z2Y5qmn3O3NQqQZvVD9hUEfW7jSv4NA/hrxYMyqkHSJOXY5hrl+9nUll8ID6wb TbciCwbt5zvuiH4/bKZgMmxbVBW4CGf/2DXwvvIl5DjxEg9uKGOsmHT3nx4jNsgfzqVofUiC0TH iMebIy6c490P9+4MEXx6GhjghZq7B3+rLn9IWnoH0T5jdf9Y1mGMutl8HK1gWgFzQxYOxYc4VYd cwJP7uWFNgA== X-Google-Smtp-Source: AGHT+IEmXwh8PMSvwNhNQdoQ5rDpIlhn0mK3qwkmY7f14ZzwIUqabp/1BQUBWzRJalPwMdRa9xnctA== X-Received: by 2002:a05:620a:19a7:b0:7c5:5d4b:e63c with SMTP id af79cd13be357-7c79dea5a60mr531660085a.47.1744224836571; Wed, 09 Apr 2025 11:53:56 -0700 (PDT) Received: from localhost (pool-71-126-255-178.bstnma.fios.verizon.net. [71.126.255.178]) by smtp.gmail.com with UTF8SMTPSA id af79cd13be357-7c7a11e69edsm105421785a.91.2025.04.09.11.53.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Apr 2025 11:53:56 -0700 (PDT) From: Paul Moore To: linux-security-module@vger.kernel.org, linux-integrity@vger.kernel.org, selinux@vger.kernel.org Cc: John Johansen , Mimi Zohar , Roberto Sassu , Fan Wu , =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , =?utf-8?q?G=C3=BCnt?= =?utf-8?q?her_Noack?= , Kees Cook , Micah Morton , Casey Schaufler , Tetsuo Handa Subject: [RFC PATCH 29/29] lsm: add support for counting lsm_prop support among LSMs Date: Wed, 9 Apr 2025 14:50:14 -0400 Message-ID: <20250409185019.238841-60-paul@paul-moore.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20250409185019.238841-31-paul@paul-moore.com> References: <20250409185019.238841-31-paul@paul-moore.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=9758; i=paul@paul-moore.com; h=from:subject; bh=sA9hFu6yxQ2fxu1Aay8jzwhRLhp2Y5W1l64str1QuyU=; b=owEBbQKS/ZANAwAIAeog8tqXN4lzAcsmYgBn9sIcbMe8gohBFeR3748PsPRVkHOc/35km4sRr I+9MXZ3tJKJAjMEAAEIAB0WIQRLQqjPB/KZ1VSXfu/qIPLalzeJcwUCZ/bCHAAKCRDqIPLalzeJ c4/uD/48/3OekZ3eSzC6s+GQ38Lz8gFwBEBQXwZfWDx4Z1h9kquTi1sintb3X0IFq1CfzBBqFA6 y6eseRq9oGNJonBBx00VC2bzZZuRFX7Rg10xgqa8e0uJHZkkfkbhrfqdOyBJ8lp22q6SGlgPqAc XPs/4Xs06gaAr7X4exV5MlPZpCcF8s9Clut0U7AnKlvto8kveg7GqZGwzIuFS6PKbVR5sYcZeDM T1UCg2UFX9D2+3uE2Jw5oYiJzDZn2xADu/qUjM1PX1+qLR+uBAT78IrcQtPOTWAzOZRvwuASHXI rzTBhjBnAxsNVDbDRXjLLZdeB80DNvgPfzqR0Yat8NsV4XJw5RR8Adl2Eh0iFM8u01HM6peWT+3 PXp96C3U8l1CJ1QjSbKdm457X7WRLuG+eUi+TNjB2rMaqLx7m9zitKws6JlPEowEHfjeLyPsfx1 TNFGHId3NEb0RVu0Q3/M7W+D5mbht/dyssffxWW0cloE1QGx5YSe/Eu/theLopGUSjDpN6SXeGd 6JAFzEuI6HMP5j7AUaEuCZlcKlRuAkcyk1yGjOktAje7rDWt83sJaonWtxbDa0VznMe4LjqTU52 2bq33T5mdM9+u4ivtA194VQYHulJvdLbgDn1edrR1fA+ZVfOYk9wcgwVLhRleuX2Yri/H19wySv hd0P0WTYrfaDJEw== X-Developer-Key: i=paul@paul-moore.com; a=openpgp; fpr=7100AADFAE6E6E940D2E0AD655E45A5AE8CA7C8A Add two new variables, lsm_count_prop_subj and lsm_count_prop_obj, to count the number of lsm_prop entries for subjects and objects across all of the enabled LSMs. Future patches will use this to continue the conversion towards the lsm_prop struct. Signed-off-by: Paul Moore --- include/linux/lsm_hooks.h | 6 ++++++ security/apparmor/lsm.c | 1 + security/bpf/hooks.c | 1 + security/commoncap.c | 1 + security/integrity/evm/evm_main.c | 1 + security/integrity/ima/ima_main.c | 1 + security/ipe/ipe.c | 1 + security/landlock/setup.c | 1 + security/loadpin/loadpin.c | 1 + security/lockdown/lockdown.c | 1 + security/lsm.h | 4 ++++ security/lsm_init.c | 6 ++++++ security/safesetid/lsm.c | 1 + security/security.c | 3 +++ security/selinux/hooks.c | 1 + security/smack/smack_lsm.c | 1 + security/tomoyo/tomoyo.c | 1 + security/yama/yama_lsm.c | 1 + 18 files changed, 33 insertions(+) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 0d2c2a017ffc..5bc144c5f685 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -71,16 +71,22 @@ struct lsm_static_calls_table { #undef LSM_HOOK } __packed __randomize_layout; +#define LSM_ID_FLG_NONE 0x00000000 +#define LSM_ID_FLG_PROP_SUBJ 0x00000001 +#define LSM_ID_FLG_PROP_OBJ 0x00000002 + /** * struct lsm_id - Identify a Linux Security Module. * @lsm: name of the LSM, must be approved by the LSM maintainers * @id: LSM ID number from uapi/linux/lsm.h + * @flags: LSM flags, see LSM_ID_FLG_XXX * * Contains the information that identifies the LSM. */ struct lsm_id { const char *name; u64 id; + u32 flags; }; /* diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 2fefaab6349f..db8592bed189 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -1428,6 +1428,7 @@ struct lsm_blob_sizes apparmor_blob_sizes __ro_after_init = { static const struct lsm_id apparmor_lsmid = { .name = "apparmor", .id = LSM_ID_APPARMOR, + .flags = LSM_ID_FLG_PROP_SUBJ, }; static struct security_hook_list apparmor_hooks[] __ro_after_init = { diff --git a/security/bpf/hooks.c b/security/bpf/hooks.c index 40efde233f3a..c72df6ff69f7 100644 --- a/security/bpf/hooks.c +++ b/security/bpf/hooks.c @@ -18,6 +18,7 @@ static struct security_hook_list bpf_lsm_hooks[] __ro_after_init = { static const struct lsm_id bpf_lsmid = { .name = "bpf", .id = LSM_ID_BPF, + .flags = LSM_ID_FLG_PROP_SUBJ | LSM_ID_FLG_PROP_OBJ, }; static int __init bpf_lsm_init(void) diff --git a/security/commoncap.c b/security/commoncap.c index e04aa4f50eaf..fab692104c87 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -1479,6 +1479,7 @@ int cap_mmap_addr(unsigned long addr) static const struct lsm_id capability_lsmid = { .name = "capability", .id = LSM_ID_CAPABILITY, + .flags = LSM_ID_FLG_NONE, }; static struct security_hook_list capability_hooks[] __ro_after_init = { diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c index 770d0411da2b..b3a3324f48b1 100644 --- a/security/integrity/evm/evm_main.c +++ b/security/integrity/evm/evm_main.c @@ -1162,6 +1162,7 @@ static struct security_hook_list evm_hooks[] __ro_after_init = { static const struct lsm_id evm_lsmid = { .name = "evm", .id = LSM_ID_EVM, + .flags = LSM_ID_FLG_NONE, }; static int __init init_evm_lsm(void) diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 1687badafb48..d98e7815175b 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -1237,6 +1237,7 @@ static struct security_hook_list ima_hooks[] __ro_after_init = { static const struct lsm_id ima_lsmid = { .name = "ima", .id = LSM_ID_IMA, + .flags = LSM_ID_FLG_NONE, }; static int __init init_ima_lsm(void) diff --git a/security/ipe/ipe.c b/security/ipe/ipe.c index 71644748ed56..7d9cdbc3d23a 100644 --- a/security/ipe/ipe.c +++ b/security/ipe/ipe.c @@ -24,6 +24,7 @@ static struct lsm_blob_sizes ipe_blobs __ro_after_init = { static const struct lsm_id ipe_lsmid = { .name = "ipe", .id = LSM_ID_IPE, + .flags = LSM_ID_FLG_NONE, }; struct ipe_superblock *ipe_sb(const struct super_block *sb) diff --git a/security/landlock/setup.c b/security/landlock/setup.c index 47dac1736f10..5c8d5693c4c7 100644 --- a/security/landlock/setup.c +++ b/security/landlock/setup.c @@ -25,6 +25,7 @@ bool landlock_initialized __ro_after_init = false; const struct lsm_id landlock_lsmid = { .name = LANDLOCK_NAME, .id = LSM_ID_LANDLOCK, + .flags = LSM_ID_FLG_NONE, }; struct lsm_blob_sizes landlock_blob_sizes __ro_after_init = { diff --git a/security/loadpin/loadpin.c b/security/loadpin/loadpin.c index 273ffbd6defe..05a842c36fd8 100644 --- a/security/loadpin/loadpin.c +++ b/security/loadpin/loadpin.c @@ -211,6 +211,7 @@ static int loadpin_load_data(enum kernel_load_data_id id, bool contents) static const struct lsm_id loadpin_lsmid = { .name = "loadpin", .id = LSM_ID_LOADPIN, + .flags = LSM_ID_FLG_NONE, }; static struct security_hook_list loadpin_hooks[] __ro_after_init = { diff --git a/security/lockdown/lockdown.c b/security/lockdown/lockdown.c index 8d46886d2cca..a2396b67bfe4 100644 --- a/security/lockdown/lockdown.c +++ b/security/lockdown/lockdown.c @@ -79,6 +79,7 @@ static struct security_hook_list lockdown_hooks[] __ro_after_init = { static const struct lsm_id lockdown_lsmid = { .name = "lockdown", .id = LSM_ID_LOCKDOWN, + .flags = LSM_ID_FLG_NONE, }; static int __init lockdown_lsm_init(void) diff --git a/security/lsm.h b/security/lsm.h index c432dc0c5e30..d1d54540da98 100644 --- a/security/lsm.h +++ b/security/lsm.h @@ -24,6 +24,10 @@ extern bool lsm_debug; extern unsigned int lsm_count; extern const struct lsm_id *lsm_idlist[]; +/* LSM property configuration */ +extern unsigned int lsm_count_prop_subj; +extern unsigned int lsm_count_prop_obj; + /* LSM blob configuration */ extern struct lsm_blob_sizes blob_sizes; diff --git a/security/lsm_init.c b/security/lsm_init.c index cad6d243a2a6..c2ef4db055db 100644 --- a/security/lsm_init.c +++ b/security/lsm_init.c @@ -6,6 +6,7 @@ #define pr_fmt(fmt) "LSM: " fmt #include +#include #include #include "lsm.h" @@ -189,6 +190,11 @@ static void __init lsm_order_append(struct lsm_info *lsm, const char *src) lsm_order[lsm_count] = lsm; lsm_idlist[lsm_count++] = lsm->id; + if (lsm->id->flags & LSM_ID_FLG_PROP_SUBJ) + lsm_count_prop_subj++; + if (lsm->id->flags & LSM_ID_FLG_PROP_OBJ) + lsm_count_prop_obj++; + lsm_pr_dbg("enabling LSM %s:%s\n", src, lsm->id->name); } diff --git a/security/safesetid/lsm.c b/security/safesetid/lsm.c index d5fb949050dd..ac25674376fe 100644 --- a/security/safesetid/lsm.c +++ b/security/safesetid/lsm.c @@ -265,6 +265,7 @@ static int safesetid_task_fix_setgroups(struct cred *new, const struct cred *old static const struct lsm_id safesetid_lsmid = { .name = "safesetid", .id = LSM_ID_SAFESETID, + .flags = LSM_ID_FLG_NONE, }; static struct security_hook_list safesetid_security_hooks[] = { diff --git a/security/security.c b/security/security.c index cbd544d71093..2b9dde02f4de 100644 --- a/security/security.c +++ b/security/security.c @@ -78,6 +78,9 @@ bool lsm_debug __ro_after_init; unsigned int lsm_count __ro_after_init; const struct lsm_id *lsm_idlist[MAX_LSM_COUNT]; +unsigned int lsm_count_prop_subj __ro_after_init; +unsigned int lsm_count_prop_obj __ro_after_init; + struct lsm_blob_sizes blob_sizes; struct kmem_cache *lsm_file_cache; diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 95b2399b1f4d..1dc4b3987af4 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -7200,6 +7200,7 @@ static int selinux_uring_allowed(void) static const struct lsm_id selinux_lsmid = { .name = "selinux", .id = LSM_ID_SELINUX, + .flags = LSM_ID_FLG_PROP_SUBJ | LSM_ID_FLG_PROP_OBJ, }; /* diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 80b129a0c92c..d04667a42f91 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -5042,6 +5042,7 @@ struct lsm_blob_sizes smack_blob_sizes __ro_after_init = { static const struct lsm_id smack_lsmid = { .name = "smack", .id = LSM_ID_SMACK, + .flags = LSM_ID_FLG_PROP_SUBJ | LSM_ID_FLG_PROP_OBJ, }; static struct security_hook_list smack_hooks[] __ro_after_init = { diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index a015cf0c4a00..0a030cbdf424 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c @@ -547,6 +547,7 @@ static void tomoyo_task_free(struct task_struct *task) static const struct lsm_id tomoyo_lsmid = { .name = "tomoyo", .id = LSM_ID_TOMOYO, + .flags = LSM_ID_FLG_NONE, }; /* tomoyo_hooks is used for registering TOMOYO. */ diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c index 38b21ee0c560..e4a6cf663177 100644 --- a/security/yama/yama_lsm.c +++ b/security/yama/yama_lsm.c @@ -419,6 +419,7 @@ static int yama_ptrace_traceme(struct task_struct *parent) static const struct lsm_id yama_lsmid = { .name = "yama", .id = LSM_ID_YAMA, + .flags = LSM_ID_FLG_NONE, }; static struct security_hook_list yama_hooks[] __ro_after_init = {