From patchwork Sun May 21 11:14:05 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tetsuo Handa X-Patchwork-Id: 9738997 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 9B6D060328 for ; Sun, 21 May 2017 11:14:57 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8FBA4286C8 for ; Sun, 21 May 2017 11:14:57 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 84036286D1; Sun, 21 May 2017 11:14:57 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 11426286C8 for ; Sun, 21 May 2017 11:14:57 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755099AbdEULO4 (ORCPT ); Sun, 21 May 2017 07:14:56 -0400 Received: from www262.sakura.ne.jp ([202.181.97.72]:57727 "EHLO www262.sakura.ne.jp" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751960AbdEULOz (ORCPT ); Sun, 21 May 2017 07:14:55 -0400 Received: from fsav403.sakura.ne.jp (fsav403.sakura.ne.jp [133.242.250.102]) by www262.sakura.ne.jp (8.14.5/8.14.5) with ESMTP id v4LBE9eI009025; Sun, 21 May 2017 20:14:09 +0900 (JST) (envelope-from penguin-kernel@I-love.SAKURA.ne.jp) Received: from www262.sakura.ne.jp (202.181.97.72) by fsav403.sakura.ne.jp (F-Secure/fsigk_smtp/530/fsav403.sakura.ne.jp); Sun, 21 May 2017 20:14:09 +0900 (JST) X-Virus-Status: clean(F-Secure/fsigk_smtp/530/fsav403.sakura.ne.jp) Received: from ccsecurity.localdomain (softbank126227147111.bbtec.net [126.227.147.111]) (authenticated bits=0) by www262.sakura.ne.jp (8.14.5/8.14.5) with ESMTP id v4LBE4sn009016 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Sun, 21 May 2017 20:14:08 +0900 (JST) (envelope-from penguin-kernel@I-love.SAKURA.ne.jp) From: Tetsuo Handa To: linux-security-module@vger.kernel.org Cc: linux-mm@kvack.org, kernel-hardening@lists.openwall.com, linux-kernel@vger.kernel.org, Tetsuo Handa , Casey Schaufler , Greg KH , Igor Stoppa , James Morris , Kees Cook , Paul Moore , Stephen Smalley Subject: [PATCH] LSM: Make security_hook_heads a local variable. Date: Sun, 21 May 2017 20:14:05 +0900 Message-Id: <1495365245-3185-1-git-send-email-penguin-kernel@I-love.SAKURA.ne.jp> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <20170520085147.GA4619@kroah.com> References: <20170520085147.GA4619@kroah.com> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP A sealable memory allocator patch was proposed at http://lkml.kernel.org/r/20170519103811.2183-1-igor.stoppa@huawei.com , and is waiting for a follow-on patch showing how any of the kernel can be changed to use this new subsystem. So, here it is for LSM hooks. The LSM hooks ("struct security_hook_heads security_hook_heads" and "struct security_hook_list ...[]") will benefit from this allocator via protection using set_memory_ro()/set_memory_rw(), and it will remove CONFIG_SECURITY_WRITABLE_HOOKS config option. This means that these structures will be allocated at run time using smalloc(), and therefore the address of these structures will be determined at run time rather than compile time. But currently, LSM_HOOK_INIT() macro depends on the address of security_hook_heads being known at compile time. But we already initialize security_hook_heads as an array of "struct list_head". Therefore, let's use index number (or relative offset from the head of security_hook_heads) instead of absolute address of security_hook_heads so that LSM_HOOK_INIT() macro does not need to know absolute address of security_hook_heads. Then, security_add_hooks() will be able to allocate and copy "struct security_hook_list ...[]" using smalloc(). Signed-off-by: Tetsuo Handa Cc: Kees Cook Cc: Paul Moore Cc: Stephen Smalley Cc: Casey Schaufler Cc: James Morris Cc: Igor Stoppa Cc: Greg KH --- include/linux/lsm_hooks.h | 6 +++--- security/security.c | 10 ++++++++-- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 080f34e..865c11d 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -1884,8 +1884,8 @@ struct security_hook_heads { */ struct security_hook_list { struct list_head list; - struct list_head *head; union security_list_options hook; + const unsigned int idx; char *lsm; }; @@ -1896,9 +1896,9 @@ struct security_hook_list { * text involved. */ #define LSM_HOOK_INIT(HEAD, HOOK) \ - { .head = &security_hook_heads.HEAD, .hook = { .HEAD = HOOK } } + { .idx = offsetof(struct security_hook_heads, HEAD) / \ + sizeof(struct list_head), .hook = { .HEAD = HOOK } } -extern struct security_hook_heads security_hook_heads; extern char *lsm_names; extern void security_add_hooks(struct security_hook_list *hooks, int count, diff --git a/security/security.c b/security/security.c index 54b1e39..d6883ce 100644 --- a/security/security.c +++ b/security/security.c @@ -33,7 +33,7 @@ /* Maximum number of letters for an LSM name string */ #define SECURITY_NAME_MAX 10 -struct security_hook_heads security_hook_heads __lsm_ro_after_init; +static struct security_hook_heads security_hook_heads __lsm_ro_after_init; char *lsm_names; /* Boot-time LSM user choice */ static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] = @@ -152,10 +152,16 @@ void __init security_add_hooks(struct security_hook_list *hooks, int count, char *lsm) { int i; + struct list_head *list = (struct list_head *) &security_hook_heads; for (i = 0; i < count; i++) { + const unsigned int idx = hooks[i].idx; + + if (WARN_ON(idx >= sizeof(security_hook_heads) / + sizeof(struct list_head))) + continue; hooks[i].lsm = lsm; - list_add_tail_rcu(&hooks[i].list, hooks[i].head); + list_add_tail_rcu(&hooks[i].list, &list[idx]); } if (lsm_append(lsm, &lsm_names) < 0) panic("%s - Cannot get early memory.\n", __func__);