Thread (46 messages) 46 messages, 5 authors, 2023-04-13

Re: [PATCH v7 05/11] LSM: Create lsm_list_modules system call

From: Paul Moore <paul@paul-moore.com>
Date: 2023-03-30 01:13:14
Also in: linux-security-module, lkml 

On Wed, Mar 15, 2023 at 6:48 PM Casey Schaufler [off-list ref] wrote:
Create a system call to report the list of Linux Security Modules
that are active on the system. The list is provided as an array
of LSM ID numbers.

The calling application can use this list determine what LSM
specific actions it might take. That might include chosing an
output format, determining required privilege or bypassing
security module specific behavior.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
 Documentation/userspace-api/lsm.rst |  3 +++
 include/linux/syscalls.h            |  1 +
 kernel/sys_ni.c                     |  1 +
 security/lsm_syscalls.c             | 39 +++++++++++++++++++++++++++++
 4 files changed, 44 insertions(+)
...
quoted hunk ↗ jump to hunk
diff --git a/security/lsm_syscalls.c b/security/lsm_syscalls.c
index feee31600219..6efbe244d304 100644
--- a/security/lsm_syscalls.c
+++ b/security/lsm_syscalls.c
@@ -53,3 +53,42 @@ SYSCALL_DEFINE4(lsm_get_self_attr, unsigned int, attr, struct lsm_ctx __user *,
 {
        return security_getselfattr(attr, ctx, size, flags);
 }
+
+/**
+ * sys_lsm_list_modules - Return a list of the active security modules
+ * @ids: the LSM module ids
+ * @size: size of @ids, updated on return
+ * @flags: reserved for future use, must be zero
+ *
+ * Returns a list of the active LSM ids. On success this function
+ * returns the number of @ids array elements. This value may be zero
+ * if there are no LSMs active. If @size is insufficient to contain
+ * the return data -E2BIG is returned and @size is set to the minimum
+ * required size. In all other cases a negative value indicating the
+ * error is returned.
+ */
+SYSCALL_DEFINE3(lsm_list_modules, u64 __user *, ids, size_t __user *, size,
+               u32, flags)
+{
+       size_t total_size = lsm_active_cnt * sizeof(*ids);
+       size_t usize;
+       int i;
+
+       if (flags)
+               return -EINVAL;
In other patches in this patchset you use 'if (flags != 0)'; I don't
care too much which approach you take, but please be consistent.

Actually, I guess you might as well just go with 'if (flags)' since
I'm pretty sure someone later down the line will end up wasting
reviewer time by changing '(flags != 0)' into '(flags)' ...


+       if (get_user(usize, size))
+               return -EFAULT;
+
+       if (put_user(total_size, size) != 0)
+               return -EFAULT;
+
+       if (usize < total_size)
+               return -E2BIG;
+
+       for (i = 0; i < lsm_active_cnt; i++)
+               if (put_user(lsm_idlist[i]->id, ids++))
+                       return -EFAULT;
+
+       return lsm_active_cnt;
+}
--
2.39.2
--
paul-moore.com
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help