[PATCH 1/6] LSM: Infrastructure management of the sock security

Wed Jul 10 00:00:01 UTC 2024

On Tue, Jul 9, 2024 at 7:29 PM Casey Schaufler <casey at schaufler-ca.com> wrote:
> On 7/9/2024 4:05 PM, Paul Moore wrote:
> > On Tue, Jul 9, 2024 at 7:00 PM Casey Schaufler <casey at schaufler-ca.com> wrote:
> >> On 7/9/2024 12:15 PM, Paul Moore wrote:
> >>> On Mon, Jul 8, 2024 at 5:40 PM Casey Schaufler <casey at schaufler-ca.com> wrote:
> >>>> Move management of the sock->sk_security blob out
> >>>> of the individual security modules and into the security
> >>>> infrastructure. Instead of allocating the blobs from within
> >>>> the modules the modules tell the infrastructure how much
> >>>> space is required, and the space is allocated there.
> >>>>
> >>>> Acked-by: Paul Moore <paul at paul-moore.com>
> >>>> Reviewed-by: Kees Cook <keescook at chromium.org>
> >>>> Reviewed-by: John Johansen <john.johansen at canonical.com>
> >>>> Acked-by: Stephen Smalley <stephen.smalley.work at gmail.com>
> >>>> Signed-off-by: Casey Schaufler <casey at schaufler-ca.com>
> >>>> ---
> >>>>  include/linux/lsm_hooks.h         |  1 +
> >>>>  security/apparmor/include/net.h   |  3 +-
> >>>>  security/apparmor/lsm.c           | 17 +------
> >>>>  security/apparmor/net.c           |  2 +-
> >>>>  security/security.c               | 36 +++++++++++++-
> >>>>  security/selinux/hooks.c          | 80 ++++++++++++++-----------------
> >>>>  security/selinux/include/objsec.h |  5 ++
> >>>>  security/selinux/netlabel.c       | 23 ++++-----
> >>>>  security/smack/smack.h            |  5 ++
> >>>>  security/smack/smack_lsm.c        | 70 +++++++++++++--------------
> >>>>  security/smack/smack_netfilter.c  |  4 +-
> >>>>  11 files changed, 133 insertions(+), 113 deletions(-)
> >>> ..
> >>>
> >>>> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> >>>> index 7eed331e90f0..19346e1817ff 100644
> >>>> --- a/security/selinux/hooks.c
> >>>> +++ b/security/selinux/hooks.c
> >>>> @@ -5495,8 +5488,8 @@ static void selinux_sctp_sk_clone(struct sctp_association *asoc, struct sock *sk
> >>>>
> >>>>  static int selinux_mptcp_add_subflow(struct sock *sk, struct sock *ssk)
> >>>>  {
> >>>> -       struct sk_security_struct *ssksec = ssk->sk_security;
> >>>> -       struct sk_security_struct *sksec = sk->sk_security;
> >>>> +       struct sk_security_struct *ssksec = selinux_sock(ssk);
> >>>> +       struct sk_security_struct *sksec = selinux_sock(sk);
> >>>>
> >>>>         ssksec->sclass = sksec->sclass;
> >>>>         ssksec->sid = sksec->sid;
> >>> That's new :)
> >>>
> >>> Unfortunately I merged a previous version of this patch into lsm/dev a
> >>> couple of weeks ago (see below) which appears to have a bug based on
> >>> the changes in this revision (lore link below).  While I'm generally
> >>> adverse to popping patches off the lsm/dev branch so as to not upset
> >>> any ongoing development work, given that we are at -rc7 it's probably
> >>> okay and much cleaner than doing a full revert; I'll remove that
> >>> commit now.
> >> Sorry 'bout that. I had troubles with kernels built from lsm/dev crashing,
> >> so I switched to linus' tree.
> > No worries, that's fine, my policy is that I'll typically resolve
> > merge conflicts so long as the patches are based on either Linus' or
> > the subsystem tree.  In this case it turned out to be a good thing as
> > it highlighted the MPTCP omission in the commit merged into lsm/dev.
> >
> > However, do you have any more detail on the lsm/dev crashes you are
> > seeing?  I wonder if it is general v6.10-rc1 instability ...
>
> Alas, no. My VMs just stopped hard, with no panic or traces.
> The problem went away with rc3 (I did almost nothing with rc2)
> so I shrugged it off and moved on.

Okay, fair enough.  I haven't seen anything in my testing (although
that is lsm/dev+others merged on top of a Rawhide kernel) so I guess I
won't lose too much sleep over this right now.

-- 
paul-moore.com