Re: [RFC PATCH] lsm: add the inode_free_security_rcu() LSM implementation hook
From: Paul Moore <paul@paul-moore.com>
Date: 2024-07-10 16:24:43
Also in:
selinux
On Wed, Jul 10, 2024 at 8:02 AM Mickaël Salaün [off-list ref] wrote:
On Tue, Jul 09, 2024 at 10:47:45PM -0400, Paul Moore wrote:quoted
On Tue, Jul 9, 2024 at 10:40 PM Paul Moore [off-list ref] wrote:quoted
The LSM framework has an existing inode_free_security() hook which is used by LSMs that manage state associated with an inode, but due to the use of RCU to protect the inode, special care must be taken to ensure that the LSMs do not fully release the inode state until it is safe from a RCU perspective. This patch implements a new inode_free_security_rcu() implementation hook which is called when it is safe to free the LSM's internal inode state. Unfortunately, this new hook does not have access to the inode itself as it may already be released, so the existing inode_free_security() hook is retained for those LSMs which require access to the inode. Signed-off-by: Paul Moore <paul@paul-moore.com> --- include/linux/lsm_hook_defs.h | 1 + security/integrity/ima/ima.h | 2 +- security/integrity/ima/ima_iint.c | 20 ++++++++------------ security/integrity/ima/ima_main.c | 2 +- security/landlock/fs.c | 9 ++++++--- security/security.c | 26 +++++++++++++------------- 6 files changed, 30 insertions(+), 30 deletions(-)FYI, this has only received "light" testing, and even that is fairly generous. I booted up a system with IMA set to measure the TCB and ran through the audit and SELinux test suites; IMA seemed to be working just fine but I didn't poke at it too hard. I didn't have an explicit Landlock test handy, but I'm hoping that the Landlock enablement on a modern Rawhide system hit it a little :)If you want to test Landlock, you can do so like this: cd tools/testing/selftests/landlock make -C ../../../.. headers_install make for f in *_test; ./$f; done
Looks okay? % for f in *_test; do ./$f; done | grep "^# Totals" # Totals: pass:7 fail:0 xfail:0 xpass:0 skip:0 error:0 # SKIP overlayfs is not supported (setup) # SKIP overlayfs is not supported (setup) # SKIP this filesystem is not supported (setup) # SKIP this filesystem is not supported (setup) # SKIP this filesystem is not supported (setup) # SKIP this filesystem is not supported (setup) # SKIP this filesystem is not supported (setup) # Totals: pass:117 fail:0 xfail:0 xpass:0 skip:7 error:0 # Totals: pass:84 fail:0 xfail:0 xpass:0 skip:0 error:0 # Totals: pass:8 fail:0 xfail:0 xpass:0 skip:0 error:0 -- paul-moore.com