[RFC PATCH] lsm: add the inode_free_security_rcu() LSM implementation hook
Paul Moore
paul at paul-moore.com
Wed Jul 10 02:47:45 UTC 2024
On Tue, Jul 9, 2024 at 10:40 PM Paul Moore <paul at paul-moore.com> wrote:
>
> The LSM framework has an existing inode_free_security() hook which
> is used by LSMs that manage state associated with an inode, but
> due to the use of RCU to protect the inode, special care must be
> taken to ensure that the LSMs do not fully release the inode state
> until it is safe from a RCU perspective.
>
> This patch implements a new inode_free_security_rcu() implementation
> hook which is called when it is safe to free the LSM's internal inode
> state. Unfortunately, this new hook does not have access to the inode
> itself as it may already be released, so the existing
> inode_free_security() hook is retained for those LSMs which require
> access to the inode.
>
> Signed-off-by: Paul Moore <paul at paul-moore.com>
> ---
> include/linux/lsm_hook_defs.h | 1 +
> security/integrity/ima/ima.h | 2 +-
> security/integrity/ima/ima_iint.c | 20 ++++++++------------
> security/integrity/ima/ima_main.c | 2 +-
> security/landlock/fs.c | 9 ++++++---
> security/security.c | 26 +++++++++++++-------------
> 6 files changed, 30 insertions(+), 30 deletions(-)
FYI, this has only received "light" testing, and even that is fairly
generous. I booted up a system with IMA set to measure the TCB and
ran through the audit and SELinux test suites; IMA seemed to be
working just fine but I didn't poke at it too hard. I didn't have an
explicit Landlock test handy, but I'm hoping that the Landlock
enablement on a modern Rawhide system hit it a little :)
--
paul-moore.com
More information about the Linux-security-module-archive
mailing list