Commit 08e30833 authored by Linus Torvalds's avatar Linus Torvalds

Merge tag 'lsm-pr-20230420' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm

Pull lsm updates from Paul Moore:

 - Move the LSM hook comment blocks into security/security.c

   For many years the LSM hook comment blocks were located in a very odd
   place, include/linux/lsm_hooks.h, where they lived on their own,
   disconnected from both the function prototypes and definitions.

   In keeping with current kernel conventions, this moves all of these
   comment blocks to the top of the function definitions, transforming
   them into the kdoc format in the process. This should make it much
   easier to maintain these comments, which are the main source of LSM
   hook documentation.

   For the most part the comment contents were left as-is, although some
   glaring errors were corrected. Expect additional edits in the future
   as we slowly update and correct the comment blocks.

   This is the bulk of the diffstat.

 - Introduce LSM_ORDER_LAST

   Similar to how LSM_ORDER_FIRST is used to specify LSMs which should
   be ordered before "normal" LSMs, the LSM_ORDER_LAST is used to
   specify LSMs which should be ordered after "normal" LSMs.

   This is one of the prerequisites for transitioning IMA/EVM to a
   proper LSM.

 - Remove the security_old_inode_init_security() hook

   The security_old_inode_init_security() LSM hook only allows for a
   single xattr which is problematic both for LSM stacking and the
   IMA/EVM-as-a-LSM effort. This finishes the conversion over to the
   security_inode_init_security() hook and removes the single-xattr LSM
   hook.

 - Fix a reiserfs problem with security xattrs

   During the security_old_inode_init_security() removal work it became
   clear that reiserfs wasn't handling security xattrs properly so we
   fixed it.

* tag 'lsm-pr-20230420' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm: (32 commits)
  reiserfs: Add security prefix to xattr name in reiserfs_security_write()
  security: Remove security_old_inode_init_security()
  ocfs2: Switch to security_inode_init_security()
  reiserfs: Switch to security_inode_init_security()
  security: Remove integrity from the LSM list in Kconfig
  Revert "integrity: double check iint_cache was initialized"
  security: Introduce LSM_ORDER_LAST and set it for the integrity LSM
  device_cgroup: Fix typo in devcgroup_css_alloc description
  lsm: fix a badly named parameter in security_get_getsecurity()
  lsm: fix doc warnings in the LSM hook comments
  lsm: styling fixes to security/security.c
  lsm: move the remaining LSM hook comments to security/security.c
  lsm: move the io_uring hook comments to security/security.c
  lsm: move the perf hook comments to security/security.c
  lsm: move the bpf hook comments to security/security.c
  lsm: move the audit hook comments to security/security.c
  lsm: move the binder hook comments to security/security.c
  lsm: move the sysv hook comments to security/security.c
  lsm: move the key hook comments to security/security.c
  lsm: move the xfrm hook comments to security/security.c
  ...
parents 72eaa096 d82dcd9e
...@@ -242,6 +242,7 @@ static int ocfs2_mknod(struct mnt_idmap *idmap, ...@@ -242,6 +242,7 @@ static int ocfs2_mknod(struct mnt_idmap *idmap,
int want_meta = 0; int want_meta = 0;
int xattr_credits = 0; int xattr_credits = 0;
struct ocfs2_security_xattr_info si = { struct ocfs2_security_xattr_info si = {
.name = NULL,
.enable = 1, .enable = 1,
}; };
int did_quota_inode = 0; int did_quota_inode = 0;
...@@ -1805,6 +1806,7 @@ static int ocfs2_symlink(struct mnt_idmap *idmap, ...@@ -1805,6 +1806,7 @@ static int ocfs2_symlink(struct mnt_idmap *idmap,
int want_clusters = 0; int want_clusters = 0;
int xattr_credits = 0; int xattr_credits = 0;
struct ocfs2_security_xattr_info si = { struct ocfs2_security_xattr_info si = {
.name = NULL,
.enable = 1, .enable = 1,
}; };
int did_quota = 0, did_quota_inode = 0; int did_quota = 0, did_quota_inode = 0;
......
...@@ -7259,9 +7259,21 @@ static int ocfs2_xattr_security_set(const struct xattr_handler *handler, ...@@ -7259,9 +7259,21 @@ static int ocfs2_xattr_security_set(const struct xattr_handler *handler,
static int ocfs2_initxattrs(struct inode *inode, const struct xattr *xattr_array, static int ocfs2_initxattrs(struct inode *inode, const struct xattr *xattr_array,
void *fs_info) void *fs_info)
{ {
struct ocfs2_security_xattr_info *si = fs_info;
const struct xattr *xattr; const struct xattr *xattr;
int err = 0; int err = 0;
if (si) {
si->value = kmemdup(xattr_array->value, xattr_array->value_len,
GFP_KERNEL);
if (!si->value)
return -ENOMEM;
si->name = xattr_array->name;
si->value_len = xattr_array->value_len;
return 0;
}
for (xattr = xattr_array; xattr->name != NULL; xattr++) { for (xattr = xattr_array; xattr->name != NULL; xattr++) {
err = ocfs2_xattr_set(inode, OCFS2_XATTR_INDEX_SECURITY, err = ocfs2_xattr_set(inode, OCFS2_XATTR_INDEX_SECURITY,
xattr->name, xattr->value, xattr->name, xattr->value,
...@@ -7277,13 +7289,23 @@ int ocfs2_init_security_get(struct inode *inode, ...@@ -7277,13 +7289,23 @@ int ocfs2_init_security_get(struct inode *inode,
const struct qstr *qstr, const struct qstr *qstr,
struct ocfs2_security_xattr_info *si) struct ocfs2_security_xattr_info *si)
{ {
int ret;
/* check whether ocfs2 support feature xattr */ /* check whether ocfs2 support feature xattr */
if (!ocfs2_supports_xattr(OCFS2_SB(dir->i_sb))) if (!ocfs2_supports_xattr(OCFS2_SB(dir->i_sb)))
return -EOPNOTSUPP; return -EOPNOTSUPP;
if (si) if (si) {
return security_old_inode_init_security(inode, dir, qstr, ret = security_inode_init_security(inode, dir, qstr,
&si->name, &si->value, &ocfs2_initxattrs, si);
&si->value_len); /*
* security_inode_init_security() does not return -EOPNOTSUPP,
* we have to check the xattr ourselves.
*/
if (!ret && !si->name)
si->enable = 0;
return ret;
}
return security_inode_init_security(inode, dir, qstr, return security_inode_init_security(inode, dir, qstr,
&ocfs2_initxattrs, NULL); &ocfs2_initxattrs, NULL);
......
...@@ -39,6 +39,22 @@ static bool security_list(struct dentry *dentry) ...@@ -39,6 +39,22 @@ static bool security_list(struct dentry *dentry)
return !IS_PRIVATE(d_inode(dentry)); return !IS_PRIVATE(d_inode(dentry));
} }
static int
reiserfs_initxattrs(struct inode *inode, const struct xattr *xattr_array,
void *fs_info)
{
struct reiserfs_security_handle *sec = fs_info;
sec->value = kmemdup(xattr_array->value, xattr_array->value_len,
GFP_KERNEL);
if (!sec->value)
return -ENOMEM;
sec->name = xattr_array->name;
sec->length = xattr_array->value_len;
return 0;
}
/* Initializes the security context for a new inode and returns the number /* Initializes the security context for a new inode and returns the number
* of blocks needed for the transaction. If successful, reiserfs_security * of blocks needed for the transaction. If successful, reiserfs_security
* must be released using reiserfs_security_free when the caller is done. */ * must be released using reiserfs_security_free when the caller is done. */
...@@ -56,12 +72,9 @@ int reiserfs_security_init(struct inode *dir, struct inode *inode, ...@@ -56,12 +72,9 @@ int reiserfs_security_init(struct inode *dir, struct inode *inode,
if (IS_PRIVATE(dir)) if (IS_PRIVATE(dir))
return 0; return 0;
error = security_old_inode_init_security(inode, dir, qstr, &sec->name, error = security_inode_init_security(inode, dir, qstr,
&sec->value, &sec->length); &reiserfs_initxattrs, sec);
if (error) { if (error) {
if (error == -EOPNOTSUPP)
error = 0;
sec->name = NULL; sec->name = NULL;
sec->value = NULL; sec->value = NULL;
sec->length = 0; sec->length = 0;
...@@ -82,11 +95,15 @@ int reiserfs_security_write(struct reiserfs_transaction_handle *th, ...@@ -82,11 +95,15 @@ int reiserfs_security_write(struct reiserfs_transaction_handle *th,
struct inode *inode, struct inode *inode,
struct reiserfs_security_handle *sec) struct reiserfs_security_handle *sec)
{ {
char xattr_name[XATTR_NAME_MAX + 1] = XATTR_SECURITY_PREFIX;
int error; int error;
if (strlen(sec->name) < sizeof(XATTR_SECURITY_PREFIX))
if (XATTR_SECURITY_PREFIX_LEN + strlen(sec->name) > XATTR_NAME_MAX)
return -EINVAL; return -EINVAL;
error = reiserfs_xattr_set_handle(th, inode, sec->name, sec->value, strlcat(xattr_name, sec->name, sizeof(xattr_name));
error = reiserfs_xattr_set_handle(th, inode, xattr_name, sec->value,
sec->length, XATTR_CREATE); sec->length, XATTR_CREATE);
if (error == -ENODATA || error == -EOPNOTSUPP) if (error == -ENODATA || error == -EOPNOTSUPP)
error = 0; error = 0;
......
...@@ -381,7 +381,7 @@ LSM_HOOK(int, 0, key_alloc, struct key *key, const struct cred *cred, ...@@ -381,7 +381,7 @@ LSM_HOOK(int, 0, key_alloc, struct key *key, const struct cred *cred,
LSM_HOOK(void, LSM_RET_VOID, key_free, struct key *key) LSM_HOOK(void, LSM_RET_VOID, key_free, struct key *key)
LSM_HOOK(int, 0, key_permission, key_ref_t key_ref, const struct cred *cred, LSM_HOOK(int, 0, key_permission, key_ref_t key_ref, const struct cred *cred,
enum key_need_perm need_perm) enum key_need_perm need_perm)
LSM_HOOK(int, 0, key_getsecurity, struct key *key, char **_buffer) LSM_HOOK(int, 0, key_getsecurity, struct key *key, char **buffer)
#endif /* CONFIG_KEYS */ #endif /* CONFIG_KEYS */
#ifdef CONFIG_AUDIT #ifdef CONFIG_AUDIT
......
This diff is collapsed.
...@@ -336,9 +336,6 @@ int security_inode_init_security(struct inode *inode, struct inode *dir, ...@@ -336,9 +336,6 @@ int security_inode_init_security(struct inode *inode, struct inode *dir,
int security_inode_init_security_anon(struct inode *inode, int security_inode_init_security_anon(struct inode *inode,
const struct qstr *name, const struct qstr *name,
const struct inode *context_inode); const struct inode *context_inode);
int security_old_inode_init_security(struct inode *inode, struct inode *dir,
const struct qstr *qstr, const char **name,
void **value, size_t *len);
int security_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode); int security_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode);
int security_inode_link(struct dentry *old_dentry, struct inode *dir, int security_inode_link(struct dentry *old_dentry, struct inode *dir,
struct dentry *new_dentry); struct dentry *new_dentry);
...@@ -778,15 +775,6 @@ static inline int security_inode_init_security_anon(struct inode *inode, ...@@ -778,15 +775,6 @@ static inline int security_inode_init_security_anon(struct inode *inode,
return 0; return 0;
} }
static inline int security_old_inode_init_security(struct inode *inode,
struct inode *dir,
const struct qstr *qstr,
const char **name,
void **value, size_t *len)
{
return -EOPNOTSUPP;
}
static inline int security_inode_create(struct inode *dir, static inline int security_inode_create(struct inode *dir,
struct dentry *dentry, struct dentry *dentry,
umode_t mode) umode_t mode)
......
...@@ -241,15 +241,17 @@ endchoice ...@@ -241,15 +241,17 @@ endchoice
config LSM config LSM
string "Ordered list of enabled LSMs" string "Ordered list of enabled LSMs"
default "landlock,lockdown,yama,loadpin,safesetid,integrity,smack,selinux,tomoyo,apparmor,bpf" if DEFAULT_SECURITY_SMACK default "landlock,lockdown,yama,loadpin,safesetid,smack,selinux,tomoyo,apparmor,bpf" if DEFAULT_SECURITY_SMACK
default "landlock,lockdown,yama,loadpin,safesetid,integrity,apparmor,selinux,smack,tomoyo,bpf" if DEFAULT_SECURITY_APPARMOR default "landlock,lockdown,yama,loadpin,safesetid,apparmor,selinux,smack,tomoyo,bpf" if DEFAULT_SECURITY_APPARMOR
default "landlock,lockdown,yama,loadpin,safesetid,integrity,tomoyo,bpf" if DEFAULT_SECURITY_TOMOYO default "landlock,lockdown,yama,loadpin,safesetid,tomoyo,bpf" if DEFAULT_SECURITY_TOMOYO
default "landlock,lockdown,yama,loadpin,safesetid,integrity,bpf" if DEFAULT_SECURITY_DAC default "landlock,lockdown,yama,loadpin,safesetid,bpf" if DEFAULT_SECURITY_DAC
default "landlock,lockdown,yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor,bpf" default "landlock,lockdown,yama,loadpin,safesetid,selinux,smack,tomoyo,apparmor,bpf"
help help
A comma-separated list of LSMs, in initialization order. A comma-separated list of LSMs, in initialization order.
Any LSMs left off this list will be ignored. This can be Any LSMs left off this list, except for those with order
controlled at boot with the "lsm=" parameter. LSM_ORDER_FIRST and LSM_ORDER_LAST, which are always enabled
if selected in the kernel configuration, will be ignored.
This can be controlled at boot with the "lsm=" parameter.
If unsure, leave this as the default. If unsure, leave this as the default.
......
...@@ -216,7 +216,7 @@ static void devcgroup_offline(struct cgroup_subsys_state *css) ...@@ -216,7 +216,7 @@ static void devcgroup_offline(struct cgroup_subsys_state *css)
} }
/* /*
* called from kernel/cgroup.c with cgroup_lock() held. * called from kernel/cgroup/cgroup.c with cgroup_lock() held.
*/ */
static struct cgroup_subsys_state * static struct cgroup_subsys_state *
devcgroup_css_alloc(struct cgroup_subsys_state *parent_css) devcgroup_css_alloc(struct cgroup_subsys_state *parent_css)
......
...@@ -98,14 +98,6 @@ struct integrity_iint_cache *integrity_inode_get(struct inode *inode) ...@@ -98,14 +98,6 @@ struct integrity_iint_cache *integrity_inode_get(struct inode *inode)
struct rb_node *node, *parent = NULL; struct rb_node *node, *parent = NULL;
struct integrity_iint_cache *iint, *test_iint; struct integrity_iint_cache *iint, *test_iint;
/*
* The integrity's "iint_cache" is initialized at security_init(),
* unless it is not included in the ordered list of LSMs enabled
* on the boot command line.
*/
if (!iint_cache)
panic("%s: lsm=integrity required.\n", __func__);
iint = integrity_iint_find(inode); iint = integrity_iint_find(inode);
if (iint) if (iint)
return iint; return iint;
...@@ -182,6 +174,7 @@ static int __init integrity_iintcache_init(void) ...@@ -182,6 +174,7 @@ static int __init integrity_iintcache_init(void)
DEFINE_LSM(integrity) = { DEFINE_LSM(integrity) = {
.name = "integrity", .name = "integrity",
.init = integrity_iintcache_init, .init = integrity_iintcache_init,
.order = LSM_ORDER_LAST,
}; };
......
This diff is collapsed.
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment