| Message ID | 20230222200838.8149-6-casey@schaufler-ca.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a5d:5915:0:0:0:0:0 with SMTP id v21csp789598wrd;
Wed, 22 Feb 2023 12:14:38 -0800 (PST)
X-Google-Smtp-Source:
AK7set/QYdefwU0Q61hqAz9MBxwc3sxYodld9O1ASIsztLAsi/fXE8kksoeWWp0JyEQIzPUV54/l
X-Received: by 2002:a05:6a20:7fa7:b0:cc:b57:9136 with SMTP id
d39-20020a056a207fa700b000cc0b579136mr469780pzj.57.1677096878393;
Wed, 22 Feb 2023 12:14:38 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1677096878; cv=none;
d=google.com; s=arc-20160816;
b=l9WbEgo0jPhvnf9LDISJY66pKdRzq/lMcfVXXHk0HKfmeszB1Cw8b3bu6F1I5oYngd
ayfnClp/F8NsX8ppZF3yqa1XhDw7K/P2zXVAwJuKi+UV17glJqwa4oXsgZ3970fLQH5F
NR8jb/qVFsorUB5Ngx3ZHvvrvgk/aD1FVY8mzAyx5h9j7Jy0rGAD9Vhlrv0Urzxjjb9A
oTH7tO0Bb0XYgc7ktdrf2htg/Dyf1DWLGl0bhM5Lu+lqfik9LFkAb9zBzX/oLUoD4Bxt
+tEjOtdz6qqecHcpIZoruhU5LwZv1pQFCpiyzAcTrBzN++o+KnOG36l7Msgz0IfJA6S7
MtvQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:references:in-reply-to:message-id:date:subject:cc:to:from
:dkim-signature;
bh=cLBTpt6/NHbOeQZSABD5CvjjuowdS3zG8TJWG0C3m/w=;
b=dWUk/nhtcVd63Qp9+RjlGrH3tJrW61tKlA3ZwqTsdsD3vzN68l9ks6DngDITFo3dnh
V+BX91Bc9LouXrCHW0CKc79z5Go0jLR5kKhdlUKd/ol2iNapQmgKq5Oh5U2VBu5uc5pF
ytWksqOQ8RcuJ2Y9zlOOjAzes1SONv9eZNvZZ/CZC2/2X/Ff20h5iUHemF8MWrllSPzX
Le3lIR1BX4JeWcN2skhp2KI6C4IhclIFO/4wU9g42Pf6kR/XNZX7pUqDSoyjNaHLocdp
QG6sjwElfPzd8ceFDFZI/lw4EcyJ3Ne4ddbS5tq7YbVEj9HvAR720Jp1mk6yZ5k/MiYb
PZ2Q==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@yahoo.com header.s=s2048 header.b=ACNMP4j1;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
s131-20020a632c89000000b00502efeb73e1si1088159pgs.717.2023.02.22.12.14.25;
Wed, 22 Feb 2023 12:14:38 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@yahoo.com header.s=s2048 header.b=ACNMP4j1;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S232085AbjBVUKo (ORCPT <rfc822;chinmaygameti@gmail.com>
+ 99 others); Wed, 22 Feb 2023 15:10:44 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52690 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S232083AbjBVUKd (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Wed, 22 Feb 2023 15:10:33 -0500
Received: from sonic314-27.consmr.mail.ne1.yahoo.com
(sonic314-27.consmr.mail.ne1.yahoo.com [66.163.189.153])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6D48842BDF
for <linux-kernel@vger.kernel.org>;
Wed, 22 Feb 2023 12:10:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
t=1677096630; bh=cLBTpt6/NHbOeQZSABD5CvjjuowdS3zG8TJWG0C3m/w=;
h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To;
b=ACNMP4j1CRZGACEYyfZWEUUBOXIHo5NhvYaCKiyIIrS6noFY3LpolRrHyScxs2oUuS4tKktoJbdQ4ROYIaYMv78ZCG8ppnD/2l7iZTBuvah9GRRZRSJU0gI6GgGJXRJkMHnD/DOie8eC0ZS953NEegJFhPlAXVcwGIlmUwrIHvP7BvJ1Wh5niqyJA+OtPXB1IBXtCwKunelN7vS4iEWzYVgS5KJYjt2/57dXZUgvs0oi7RMQ0fBeD891uebCad5KIFIx9gjZe+l1E7/g/23HdWetdCBRgShqz9PEIPZ2JDGAQG/zB5qGwN7IQJJ75D6WrfB/TT9mkcoh3M6lICVB8g==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
t=1677096630; bh=3Lc2OpvLEgFV8OSzHa1MI5RAVClTBAiLNlHjmaXlnpF=;
h=X-Sonic-MF:From:To:Subject:Date:From:Subject;
b=CsFLXX5+Az7MWhZw8AUThwQHBi6pMjK5FhSxe2VoH21ePXhQCns5JHnuQ1NArrdoq+wsc3O9f4vsnjWH0En0tiOIb8QbCv3yIExrMiPrNgvU0iFyoFszsdCsn6C9m1x5Ikdewrsntv4yjWAS5TIX5gdWiWkMB1pFk0WGhdoxk7pa4DpkTWO+yvOcuVyDNywULjXgKPXpoMrrkN8ei5vB2tuYhvn/4bb/pqvLzea7Bzn71M5lb7vHADQzNDuDRwMZkcJB5ZC9J+p4XXt5d1M57b3N841KhitcamOYC781OMGl9i3HfCFfxpytemxUfdp8kDIcsOZWpv3naBMlypNc+w==
X-YMail-OSG: HPxt4BMVM1n1c3DfMCYkM_8T9PyRMm8SM65fb5e38_CMAhhdlWZaNNjcWox3Y9h
LN7Sed8F_GEdKDVJcPbg7H6DAV9OqHmkty16iFa5nBr2ZujlNPr9dxNi4aEaUGua8h1fMFFPgz4f
hcyuz_iFQAI_XDWSWOAQiQzxG2gDwoZFdFAjKzyOjLvT26sZjdX46DIaOS0c_phyYma0P_iChLYD
XUhl1weFhn4qJHDENef8FjdTC5ISXX0UL.foaWVEH7rJ6T4M91MHuArGPB_eKZZO8j0L15UuUDnx
KakZUbJ6PMTgX7sxnsHxzdcPCHlFdnAPVhXSCVrlfkk.fmNZGjLEwrbKHeSmHevo5eVHttSiJTes
0Z6LgGblj10vaB7r6BCbbN8DfueuNuafDCmnOvpDyr1POLrKdODsfMn1OQxA571mYEfFUeff4CYE
9cx7WIEcFQF22gaAXNI_IZBhxBK95zg43Z9RYOkA.m_9DtjN8q.RAX9nlQPYnC5VZtM9QvL_y25J
cToNhcpuHMT1QoNjFvvYBGfWCPLOlIKZI7d6YnH_n7fVmfnbH5.bHPZIWusLnJF5fd6eyBLOywbS
rwfehiImuk4lf2Nqb6fOqFR2Abpe5pWSMV0pipGovJA2bd7uliZ2M_umdj1wo4ft54E2brk8PMjB
NsKvB5QF.8Hw06F_yNwc9mSdUovJtRtuN59Y9bUMf6PyxSpt60qwq8A1JvxgUmv64okaB6yRxyOG
4aCaUGG69KuBOE7CsTX1j4x8sBLUjejpx91qHL75jBARJ75Q5cmtgrT7Ly1JtN21CE3KNo_5N7xa
.wcK0FtPfvwosSw8wP_5l0BPJfEz97Q0TWP0UeCLu0_8JvKHGLZIt8w7dvnZFQge3_DvRQhBXQY3
ZsUObdRUOd8WMCl2dqbrXCpfTr78RFMzKNZGlP9rrO.l12VeMCx0cS9vm53a7Q7179sy6tAtiSku
HAIqhWeanXtvZylscFlScdnY20tTjMCezA0XsWiwunBNLqN3_O8ksYIEPtgHowN0PU0eq2nCqhV7
Pz6_lOUjuAiYEAJbYMSlx4qZJzJlYCM8K90pY6gKzCGN1NWOWWMq0fk79l4TOCzQmKUB0.A_4GN_
pQvb5WO3LY7Z3UOWDOYMpWekY.5RYp7uvkv5YD3x.8.2zpjg_CKFjy5h8fF0FfwHVIxDK6KzcUdY
tjOB0qJHsmbvDGk_tQKqRScDSdvCLF.YWZ0.I7mj0pP6tBbhTTmw64QkpV4hzsQbVTs7wy1K8i3d
TQzr66tnLr8qCtj8q23nMgrWeldPBKJw4pvPx1y9WroKRu4cS5N6_XPaHWNVOn_riFRboQQRqm4t
B6M0B6i9wIvxxlnshX2ciy_uyvkmEzSrCXNvPxVjuD_bn77rYrh8r3EcBSzuDdG4iV6y72D3.veu
pakEvY9Lx0WHF2mRD0bi5_ZKEfbB6AxPo.4HJueEe73wVFvAC17sZTo_J6futkbaOE6ZuCMG3Nze
LxuJyX6XrYUGDU9r4M75LIpCSFkvXYF74GPw841Dv0YOztnQuF8.Y_FGne0fUQ6sfWnX5JzRGEVZ
dA273byesLRJmCaSkL_RywN823eojIYRCnk6VptBpcOVh5rE30NUI9JMD4ItjNqPu_NkZXIuDwJ4
vkCTGxp00gQrBDRpOwvtNMUD_ov79IdnwXLXHY8v.9TxDyFTlHlzz33h8YE_Mu31DKj..pgzdh.6
Nazb4OaoJn1nO01LZlmud3gBSL78kvZKrI2M3v.H0JAJYyzuwUQiA0YFPnJAEmg0JZGUBKIGHSsG
uXHhgoaJMUZ80IiOmScpiYCVz9jQiHqUyqoMPfJkAy9CNMZ25016tN3bH7wlSzo97_imm.u2BIDd
vnKzkXmckBrsEQFgEt3mzWfNDztIkinrOf5JLkUDEpUJYdELesgHw4hWlhd1XAQdWcK1Xe.Y3.eb
rKed7aBmL2QQMcp3IN7YeIi_xcmskTMIUSKF66rx5AqrWrGtZMsM8yJgncAp.q2Xbu2MgXne.0_g
XDrt54zhW0PPfno_YxgYKiABfwfqLNIcQc_DNwF1hEBM1QGJE9HFzsORA13a3a10bUBMTDv_l45T
mSZa6crfyHINKmjvWbfWaLr04LvTCJ5bTEiOwUe2B4APfQ0_na1jPkYOYRFZxVggPu8bMAzSartV
tHxr6pL5aDoEhtaQZgpewoNAaPOmnRQxr4_5.QotMlkBlB7FFd8Ca.VbBt1k6HKFOCQygrppbp.f
Wxf5TGHTNe5BTpF8nMRvozTD7Z6BQoc_0X8Tkk4gj515gMgnzKLCQiT4TEWzf3wvK_YKOAN_3kyT
yl.mNm2Xu66ZdAKVta14-
X-Sonic-MF: <casey@schaufler-ca.com>
Received: from sonic.gate.mail.ne1.yahoo.com by
sonic314.consmr.mail.ne1.yahoo.com with HTTP; Wed, 22 Feb 2023 20:10:30 +0000
Received: by hermes--production-ne1-746bc6c6c4-sslbc (Yahoo Inc. Hermes SMTP
Server) with ESMTPA ID 54abe124e3c28d3626a364ed2359f9f6;
Wed, 22 Feb 2023 20:10:27 +0000 (UTC)
From: Casey Schaufler <casey@schaufler-ca.com>
To: casey@schaufler-ca.com, paul@paul-moore.com,
linux-security-module@vger.kernel.org
Cc: jmorris@namei.org, keescook@chromium.org,
john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp,
stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org,
linux-api@vger.kernel.org, mic@digikod.net
Subject: [PATCH v6 05/11] LSM: Create lsm_module_list system call
Date: Wed, 22 Feb 2023 12:08:32 -0800
Message-Id: <20230222200838.8149-6-casey@schaufler-ca.com>
X-Mailer: git-send-email 2.39.0
In-Reply-To: <20230222200838.8149-1-casey@schaufler-ca.com>
References: <20230222200838.8149-1-casey@schaufler-ca.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_NONE
autolearn=unavailable autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1758563536306768723?=
X-GMAIL-MSGID: =?utf-8?q?1758563536306768723?=
|
| Series |
LSM: Three basic syscalls
|
|
Commit Message
Casey Schaufler
Feb. 22, 2023, 8:08 p.m. UTC
Create a system call to report the list of Linux Security Modules
that are active on the system. The list is provided as an array
of LSM ID numbers.
The calling application can use this list determine what LSM
specific actions it might take. That might include chosing an
output format, determining required privilege or bypassing
security module specific behavior.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
Documentation/userspace-api/lsm.rst | 3 ++
include/linux/syscalls.h | 1 +
kernel/sys_ni.c | 1 +
security/lsm_syscalls.c | 43 ++++++++++++++++++++++++++++-
4 files changed, 47 insertions(+), 1 deletion(-)
Comments
On Wed, Feb 22, 2023, at 21:08, Casey Schaufler wrote: > @@ -1062,6 +1062,7 @@ asmlinkage long > sys_set_mempolicy_home_node(unsigned long start, unsigned long l > asmlinkage long sys_lsm_get_self_attr(struct lsm_ctx *ctx, size_t > *size, > __u64 flags); > asmlinkage long sys_lsm_set_self_attr(struct lsm_ctx *ctx, __u64 > flags); > +asmlinkage long sys_lsm_module_list(u64 *ids, size_t *size, int flags); ... > + */ > +SYSCALL_DEFINE3(lsm_module_list, > + u64 __user *, ids, > + size_t __user *, size, > + u64, flags) > +{ I see that the prototype does not match the definition here, which really should raise a compiler error, but I suspect that broke at some point. Since none of the flags bits are actually used here, can we please make this a 32-bit field as in the prototype rather than the 64-bit one in the argument list? Passing 64-bit arguments through 32-bit registers would make the calling conventions incompatible with compat mode tasks on 64-bit kernels. Arnd
On 22/02/2023 21:08, Casey Schaufler wrote: > Create a system call to report the list of Linux Security Modules > that are active on the system. The list is provided as an array > of LSM ID numbers. > > The calling application can use this list determine what LSM > specific actions it might take. That might include chosing an "choosing" > output format, determining required privilege or bypassing > security module specific behavior. > > Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> > --- > Documentation/userspace-api/lsm.rst | 3 ++ > include/linux/syscalls.h | 1 + > kernel/sys_ni.c | 1 + > security/lsm_syscalls.c | 43 ++++++++++++++++++++++++++++- > 4 files changed, 47 insertions(+), 1 deletion(-) > > diff --git a/Documentation/userspace-api/lsm.rst b/Documentation/userspace-api/lsm.rst > index b45e402302b3..ecdf1acd15b1 100644 > --- a/Documentation/userspace-api/lsm.rst > +++ b/Documentation/userspace-api/lsm.rst > @@ -63,6 +63,9 @@ Get the specified security attributes of the current process > .. kernel-doc:: security/lsm_syscalls.c > :identifiers: sys_lsm_get_self_attr > > +.. kernel-doc:: security/lsm_syscalls.c > + :identifiers: sys_lsm_module_list > + > Additional documentation > ======================== > > diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h > index 1ef2a3de8ae0..9c947022a411 100644 > --- a/include/linux/syscalls.h > +++ b/include/linux/syscalls.h > @@ -1062,6 +1062,7 @@ asmlinkage long sys_set_mempolicy_home_node(unsigned long start, unsigned long l > asmlinkage long sys_lsm_get_self_attr(struct lsm_ctx *ctx, size_t *size, > __u64 flags); > asmlinkage long sys_lsm_set_self_attr(struct lsm_ctx *ctx, __u64 flags); > +asmlinkage long sys_lsm_module_list(u64 *ids, size_t *size, int flags); > > /* > * Architecture-specific system calls > diff --git a/kernel/sys_ni.c b/kernel/sys_ni.c > index d03c78ef1562..32784e271fa5 100644 > --- a/kernel/sys_ni.c > +++ b/kernel/sys_ni.c > @@ -265,6 +265,7 @@ COND_SYSCALL(mremap); > /* security/lsm_syscalls.c */ > COND_SYSCALL(lsm_get_self_attr); > COND_SYSCALL(lsm_set_self_attr); > +COND_SYSCALL(lsm_module_list); > > /* security/keys/keyctl.c */ > COND_SYSCALL(add_key); > diff --git a/security/lsm_syscalls.c b/security/lsm_syscalls.c > index b89c4e7d009e..ccd3b236670b 100644 > --- a/security/lsm_syscalls.c > +++ b/security/lsm_syscalls.c > @@ -19,7 +19,7 @@ > > struct attrs_map { > char *name; > - int attrs; > + u64 attrs; Why do we need this change in this patch? > }; > > static const struct attrs_map lsm_attr_names[] = { > @@ -102,3 +102,44 @@ SYSCALL_DEFINE3(lsm_get_self_attr, struct lsm_ctx __user *, ctx, > { > return security_getselfattr(flags, ctx, size); > } > + > +/** > + * sys_lsm_module_list - Return a list of the active security modules > + * @ids: the LSM module ids > + * @size: size of @ids, updated on return > + * @flags: reserved for future use, must be zero > + * > + * Returns a list of the active LSM ids. On success this function > + * returns the number of @ids array elements. This value may be zero > + * if there are no LSMs active. If @size is insufficient to contain > + * the return data -E2BIG is returned and @size is set to the minimum > + * required size. In all other cases a negative value indicating the > + * error is returned. > + */ > +SYSCALL_DEFINE3(lsm_module_list, The name of this syscall differ from the two others: there is not "get" verb. What about "lsm_get_modules" or "lsm_list_modules"? > + u64 __user *, ids, > + size_t __user *, size, > + u64, flags) As Arnd said, flags should be a u32. > +{ > + size_t total_size = lsm_active_cnt * sizeof(*ids); > + size_t usize; > + int i; > + > + if (flags) > + return -EINVAL; > + > + if (get_user(usize, size)) > + return -EFAULT; I'm not a fan of using the same pointer to read and write. This avoid using const pointers and differentiate between input and output values. I suggest using a dedicated argument for each. > + > + if (put_user(total_size, size) != 0) > + return -EFAULT; > + > + if (usize < total_size) > + return -E2BIG; > + > + for (i = 0; i < lsm_active_cnt; i++) > + if (put_user(lsm_idlist[i]->id, ids++)) I'm not sure about it, but it may be better to put the complete list of IDs at once. Is it better to set the size before or after? > + return -EFAULT; > + > + return lsm_active_cnt; > +}
On 3/7/2023 3:33 AM, Mickaël Salaün wrote: > > On 22/02/2023 21:08, Casey Schaufler wrote: >> Create a system call to report the list of Linux Security Modules >> that are active on the system. The list is provided as an array >> of LSM ID numbers. >> >> The calling application can use this list determine what LSM >> specific actions it might take. That might include chosing an > > "choosing" Oops. Thank you. > >> output format, determining required privilege or bypassing >> security module specific behavior. >> >> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> >> --- >> Documentation/userspace-api/lsm.rst | 3 ++ >> include/linux/syscalls.h | 1 + >> kernel/sys_ni.c | 1 + >> security/lsm_syscalls.c | 43 ++++++++++++++++++++++++++++- >> 4 files changed, 47 insertions(+), 1 deletion(-) >> >> diff --git a/Documentation/userspace-api/lsm.rst >> b/Documentation/userspace-api/lsm.rst >> index b45e402302b3..ecdf1acd15b1 100644 >> --- a/Documentation/userspace-api/lsm.rst >> +++ b/Documentation/userspace-api/lsm.rst >> @@ -63,6 +63,9 @@ Get the specified security attributes of the >> current process >> .. kernel-doc:: security/lsm_syscalls.c >> :identifiers: sys_lsm_get_self_attr >> +.. kernel-doc:: security/lsm_syscalls.c >> + :identifiers: sys_lsm_module_list >> + >> Additional documentation >> ======================== >> diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h >> index 1ef2a3de8ae0..9c947022a411 100644 >> --- a/include/linux/syscalls.h >> +++ b/include/linux/syscalls.h >> @@ -1062,6 +1062,7 @@ asmlinkage long >> sys_set_mempolicy_home_node(unsigned long start, unsigned long l >> asmlinkage long sys_lsm_get_self_attr(struct lsm_ctx *ctx, size_t >> *size, >> __u64 flags); >> asmlinkage long sys_lsm_set_self_attr(struct lsm_ctx *ctx, __u64 >> flags); >> +asmlinkage long sys_lsm_module_list(u64 *ids, size_t *size, int flags); >> /* >> * Architecture-specific system calls >> diff --git a/kernel/sys_ni.c b/kernel/sys_ni.c >> index d03c78ef1562..32784e271fa5 100644 >> --- a/kernel/sys_ni.c >> +++ b/kernel/sys_ni.c >> @@ -265,6 +265,7 @@ COND_SYSCALL(mremap); >> /* security/lsm_syscalls.c */ >> COND_SYSCALL(lsm_get_self_attr); >> COND_SYSCALL(lsm_set_self_attr); >> +COND_SYSCALL(lsm_module_list); >> /* security/keys/keyctl.c */ >> COND_SYSCALL(add_key); >> diff --git a/security/lsm_syscalls.c b/security/lsm_syscalls.c >> index b89c4e7d009e..ccd3b236670b 100644 >> --- a/security/lsm_syscalls.c >> +++ b/security/lsm_syscalls.c >> @@ -19,7 +19,7 @@ >> struct attrs_map { >> char *name; >> - int attrs; >> + u64 attrs; > > Why do we need this change in this patch? We don't. It's gone in subsequent versions. > >> }; >> static const struct attrs_map lsm_attr_names[] = { >> @@ -102,3 +102,44 @@ SYSCALL_DEFINE3(lsm_get_self_attr, struct >> lsm_ctx __user *, ctx, >> { >> return security_getselfattr(flags, ctx, size); >> } >> + >> +/** >> + * sys_lsm_module_list - Return a list of the active security modules >> + * @ids: the LSM module ids >> + * @size: size of @ids, updated on return >> + * @flags: reserved for future use, must be zero >> + * >> + * Returns a list of the active LSM ids. On success this function >> + * returns the number of @ids array elements. This value may be zero >> + * if there are no LSMs active. If @size is insufficient to contain >> + * the return data -E2BIG is returned and @size is set to the minimum >> + * required size. In all other cases a negative value indicating the >> + * error is returned. >> + */ >> +SYSCALL_DEFINE3(lsm_module_list, > > The name of this syscall differ from the two others: there is not > "get" verb. What about "lsm_get_modules" or "lsm_list_modules"? lsm_list_modules() it is henceforth. > >> + u64 __user *, ids, >> + size_t __user *, size, >> + u64, flags) > > As Arnd said, flags should be a u32. Agreed. > >> +{ >> + size_t total_size = lsm_active_cnt * sizeof(*ids); >> + size_t usize; >> + int i; >> + >> + if (flags) >> + return -EINVAL; >> + >> + if (get_user(usize, size)) >> + return -EFAULT; > > I'm not a fan of using the same pointer to read and write. This avoid > using const pointers and differentiate between input and output > values. I suggest using a dedicated argument for each. This is pretty standard practice. > >> + >> + if (put_user(total_size, size) != 0) >> + return -EFAULT; >> + >> + if (usize < total_size) >> + return -E2BIG; >> + >> + for (i = 0; i < lsm_active_cnt; i++) >> + if (put_user(lsm_idlist[i]->id, ids++)) > > I'm not sure about it, but it may be better to put the complete list > of IDs at once. Is it better to set the size before or after? You may be right. I'll consider it. > > >> + return -EFAULT; >> + >> + return lsm_active_cnt; >> +}
diff --git a/Documentation/userspace-api/lsm.rst b/Documentation/userspace-api/lsm.rst index b45e402302b3..ecdf1acd15b1 100644 --- a/Documentation/userspace-api/lsm.rst +++ b/Documentation/userspace-api/lsm.rst @@ -63,6 +63,9 @@ Get the specified security attributes of the current process .. kernel-doc:: security/lsm_syscalls.c :identifiers: sys_lsm_get_self_attr +.. kernel-doc:: security/lsm_syscalls.c + :identifiers: sys_lsm_module_list + Additional documentation ======================== diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h index 1ef2a3de8ae0..9c947022a411 100644 --- a/include/linux/syscalls.h +++ b/include/linux/syscalls.h @@ -1062,6 +1062,7 @@ asmlinkage long sys_set_mempolicy_home_node(unsigned long start, unsigned long l asmlinkage long sys_lsm_get_self_attr(struct lsm_ctx *ctx, size_t *size, __u64 flags); asmlinkage long sys_lsm_set_self_attr(struct lsm_ctx *ctx, __u64 flags); +asmlinkage long sys_lsm_module_list(u64 *ids, size_t *size, int flags); /* * Architecture-specific system calls diff --git a/kernel/sys_ni.c b/kernel/sys_ni.c index d03c78ef1562..32784e271fa5 100644 --- a/kernel/sys_ni.c +++ b/kernel/sys_ni.c @@ -265,6 +265,7 @@ COND_SYSCALL(mremap); /* security/lsm_syscalls.c */ COND_SYSCALL(lsm_get_self_attr); COND_SYSCALL(lsm_set_self_attr); +COND_SYSCALL(lsm_module_list); /* security/keys/keyctl.c */ COND_SYSCALL(add_key); diff --git a/security/lsm_syscalls.c b/security/lsm_syscalls.c index b89c4e7d009e..ccd3b236670b 100644 --- a/security/lsm_syscalls.c +++ b/security/lsm_syscalls.c @@ -19,7 +19,7 @@ struct attrs_map { char *name; - int attrs; + u64 attrs; }; static const struct attrs_map lsm_attr_names[] = { @@ -102,3 +102,44 @@ SYSCALL_DEFINE3(lsm_get_self_attr, struct lsm_ctx __user *, ctx, { return security_getselfattr(flags, ctx, size); } + +/** + * sys_lsm_module_list - Return a list of the active security modules + * @ids: the LSM module ids + * @size: size of @ids, updated on return + * @flags: reserved for future use, must be zero + * + * Returns a list of the active LSM ids. On success this function + * returns the number of @ids array elements. This value may be zero + * if there are no LSMs active. If @size is insufficient to contain + * the return data -E2BIG is returned and @size is set to the minimum + * required size. In all other cases a negative value indicating the + * error is returned. + */ +SYSCALL_DEFINE3(lsm_module_list, + u64 __user *, ids, + size_t __user *, size, + u64, flags) +{ + size_t total_size = lsm_active_cnt * sizeof(*ids); + size_t usize; + int i; + + if (flags) + return -EINVAL; + + if (get_user(usize, size)) + return -EFAULT; + + if (put_user(total_size, size) != 0) + return -EFAULT; + + if (usize < total_size) + return -E2BIG; + + for (i = 0; i < lsm_active_cnt; i++) + if (put_user(lsm_idlist[i]->id, ids++)) + return -EFAULT; + + return lsm_active_cnt; +}