[RFC PATCH] lsm: add the inode_free_security_rcu() LSM implementation hook
Mickaël Salaün
mic at digikod.net
Mon Jul 15 13:34:53 UTC 2024
On Wed, Jul 10, 2024 at 12:24:31PM -0400, Paul Moore wrote:
> On Wed, Jul 10, 2024 at 8:02 AM Mickaël Salaün <mic at digikod.net> wrote:
> > On Tue, Jul 09, 2024 at 10:47:45PM -0400, Paul Moore wrote:
> > > On Tue, Jul 9, 2024 at 10:40 PM Paul Moore <paul at paul-moore.com> wrote:
> > > >
> > > > The LSM framework has an existing inode_free_security() hook which
> > > > is used by LSMs that manage state associated with an inode, but
> > > > due to the use of RCU to protect the inode, special care must be
> > > > taken to ensure that the LSMs do not fully release the inode state
> > > > until it is safe from a RCU perspective.
> > > >
> > > > This patch implements a new inode_free_security_rcu() implementation
> > > > hook which is called when it is safe to free the LSM's internal inode
> > > > state. Unfortunately, this new hook does not have access to the inode
> > > > itself as it may already be released, so the existing
> > > > inode_free_security() hook is retained for those LSMs which require
> > > > access to the inode.
> > > >
> > > > Signed-off-by: Paul Moore <paul at paul-moore.com>
> > > > ---
> > > > include/linux/lsm_hook_defs.h | 1 +
> > > > security/integrity/ima/ima.h | 2 +-
> > > > security/integrity/ima/ima_iint.c | 20 ++++++++------------
> > > > security/integrity/ima/ima_main.c | 2 +-
> > > > security/landlock/fs.c | 9 ++++++---
> > > > security/security.c | 26 +++++++++++++-------------
> > > > 6 files changed, 30 insertions(+), 30 deletions(-)
> > >
> > > FYI, this has only received "light" testing, and even that is fairly
> > > generous. I booted up a system with IMA set to measure the TCB and
> > > ran through the audit and SELinux test suites; IMA seemed to be
> > > working just fine but I didn't poke at it too hard. I didn't have an
> > > explicit Landlock test handy, but I'm hoping that the Landlock
> > > enablement on a modern Rawhide system hit it a little :)
> >
> > If you want to test Landlock, you can do so like this:
> >
> > cd tools/testing/selftests/landlock
> > make -C ../../../.. headers_install
> > make
> > for f in *_test; ./$f; done
>
> Looks okay?
>
> % for f in *_test; do ./$f; done | grep "^# Totals"
> # Totals: pass:7 fail:0 xfail:0 xpass:0 skip:0 error:0
> # SKIP overlayfs is not supported (setup)
> # SKIP overlayfs is not supported (setup)
> # SKIP this filesystem is not supported (setup)
> # SKIP this filesystem is not supported (setup)
> # SKIP this filesystem is not supported (setup)
> # SKIP this filesystem is not supported (setup)
> # SKIP this filesystem is not supported (setup)
> # Totals: pass:117 fail:0 xfail:0 xpass:0 skip:7 error:0
> # Totals: pass:84 fail:0 xfail:0 xpass:0 skip:0 error:0
> # Totals: pass:8 fail:0 xfail:0 xpass:0 skip:0 error:0
It should be enough, thanks. FYI, the minimal configuration required to
run all tests (except hostfs) is listed in
tools/testing/selftests/landlock/config
More information about the Linux-security-module-archive
mailing list