[PATCH v13 14/25] LSM: Ensure the correct LSM context releaser

Tue Jan 7 19:16:17 UTC 2020

On 12/24/19 6:59 PM, Casey Schaufler wrote:
> Add a new lsmcontext data structure to hold all the information
> about a "security context", including the string, its size and
> which LSM allocated the string. The allocation information is
> necessary because LSMs have different policies regarding the
> lifecycle of these strings. SELinux allocates and destroys
> them on each use, whereas Smack provides a pointer to an entry
> in a list that never goes away.
> 
> Reviewed-by: Kees Cook <keescook at chromium.org>
> Reviewed-by: John Johansen <john.johansen at canonical.com>
> Signed-off-by: Casey Schaufler <casey at schaufler-ca.com>
> cc: linux-integrity at vger.kernel.org
> cc: netdev at vger.kernel.org
> ---
>   drivers/android/binder.c                | 10 ++++---
>   fs/ceph/xattr.c                         |  6 ++++-
>   fs/nfs/nfs4proc.c                       |  8 ++++--
>   fs/nfsd/nfs4xdr.c                       |  7 +++--
>   include/linux/security.h                | 35 +++++++++++++++++++++++--
>   include/net/scm.h                       |  5 +++-
>   kernel/audit.c                          | 14 +++++++---
>   kernel/auditsc.c                        | 12 ++++++---
>   net/ipv4/ip_sockglue.c                  |  4 ++-
>   net/netfilter/nf_conntrack_netlink.c    |  4 ++-
>   net/netfilter/nf_conntrack_standalone.c |  4 ++-
>   net/netfilter/nfnetlink_queue.c         | 13 ++++++---
>   net/netlabel/netlabel_unlabeled.c       | 19 +++++++++++---
>   net/netlabel/netlabel_user.c            |  4 ++-
>   security/security.c                     | 11 ++++----
>   15 files changed, 121 insertions(+), 35 deletions(-)
> 

> diff --git a/include/linux/security.h b/include/linux/security.h
> index d12b5e828b8d..c040c959b413 100644
> --- a/include/linux/security.h
> +++ b/include/linux/security.h
> @@ -128,6 +128,37 @@ enum lockdown_reason {
>   	LOCKDOWN_CONFIDENTIALITY_MAX,
>   };
>   
> +/*
> + * A "security context" is the text representation of
> + * the information used by LSMs.
> + * This structure contains the string, its length, and which LSM
> + * it is useful for.
> + */
> +struct lsmcontext {
> +	char	*context;	/* Provided by the module */
> +	u32	len;
> +	int	slot;		/* Identifies the module */
> +};
> +
> +/**
> + * lsmcontext_init - initialize an lsmcontext structure.
> + * @cp: Pointer to the context to initialize
> + * @context: Initial context, or NULL
> + * @size: Size of context, or 0
> + * @slot: Which LSM provided the context
> + *
> + * Fill in the lsmcontext from the provided information.
> + * This is a scaffolding function that will be removed when
> + * lsmcontext integration is complete.

Still present after the entire series is applied, with one residual user 
in ceph.  Intentional or an oversight?

Otherwise,
Acked-by: Stephen Smalley <sds at tycho.nsa.gov>

> + */
> +static inline void lsmcontext_init(struct lsmcontext *cp, char *context,
> +				   u32 size, int slot)
> +{
> +	cp->slot = slot;
> +	cp->context = context;
> +	cp->len = size;
> +}
> +
>   /*
>    * Data exported by the security modules
>    *