[PATCH 02/11] hornet: invert map set check logic
Blaise Boscaccy
bboscaccy at linux.microsoft.com
Tue Jun 2 16:57:42 UTC 2026
Paul Moore <paul at paul-moore.com> writes:
> On Fri, May 29, 2026 at 8:57 PM Fan Wu <wufan at kernel.org> wrote:
>>
>> On Wed, May 27, 2026 at 8:09 PM Blaise Boscaccy
>> <bboscaccy at linux.microsoft.com> wrote:
>> >
>> > In a multi-map hash verification scenario, a logic bug may have
>> > allowed an attacker to provide duplicate maps to satisfy the hash
>> > check count. Instead, invert the logic to verify each map discretely
>> >
>> > Signed-off-by: Blaise Boscaccy <bboscaccy at linux.microsoft.com>
>> > ---
>>
>> I just realized there is no audit event if hornet_check_prog_maps()
>> fails, probably should add one.
>
> Maybe, but I think it is important to remember that not all LSMs use
> audit for reporting, and Hornet is doing some new things from an LSM
> perspective. I think for right now it would be sufficient to use a
> pr_notice() or a pr_notice_ratelimited() (if we are worried about
> unpriv log spam) message in hornet_check_prog_maps(). Hornet can
> always add proper audit support at a later date if deemed necessary.
>
> Blaise, do you want to submit a patch to add pr_notice{_ratelimited}()
> in the case of denial in hornet_check_prog_maps()?
>
Yeah, that works.
-blaise
> --
> paul-moore.com
More information about the Linux-security-module-archive
mailing list