| Message ID | fb2c98bd-b579-6ad0-721a-56a4f81f0d6e@infradead.org (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [RFC] security: <linux/lsm_hooks.h>: fix all kernel-doc warnings | expand |
On 2/15/2020 11:08 PM, Randy Dunlap wrote: > From: Randy Dunlap <rdunlap@infradead.org> > > Fix all kernel-doc warnings in <linux/lsm_hooks.h>. > Fixes the following warnings: > > ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'quotactl' not described in 'security_list_options' > ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'quota_on' not described in 'security_list_options' > ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'sb_free_mnt_opts' not described in 'security_list_options' > ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'sb_eat_lsm_opts' not described in 'security_list_options' > ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'sb_kern_mount' not described in 'security_list_options' > ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'sb_show_options' not described in 'security_list_options' > ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'sb_add_mnt_opt' not described in 'security_list_options' > ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'd_instantiate' not described in 'security_list_options' > ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'getprocattr' not described in 'security_list_options' > ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'setprocattr' not described in 'security_list_options' > ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'locked_down' not described in 'security_list_options' > ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'perf_event_open' not described in 'security_list_options' > ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'perf_event_alloc' not described in 'security_list_options' > ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'perf_event_free' not described in 'security_list_options' > ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'perf_event_read' not described in 'security_list_options' > ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'perf_event_write' not described in 'security_list_options' > > Signed-off-by: Randy Dunlap <rdunlap@infradead.org> Acked-by: Casey Schaufler <casey@schaufler-ca.com> Thank you very much. > Cc: John Johansen <john.johansen@canonical.com> > Cc: Kees Cook <keescook@chromium.org> > Cc: Micah Morton <mortonm@chromium.org> > Cc: James Morris <jmorris@namei.org> > Cc: "Serge E. Hallyn" <serge@hallyn.com> > Cc: linux-security-module@vger.kernel.org > Cc: Paul Moore <paul@paul-moore.com> > Cc: Stephen Smalley <sds@tycho.nsa.gov> > Cc: Eric Paris <eparis@parisplace.org> > Cc: Casey Schaufler <casey@schaufler-ca.com> > Cc: Kentaro Takeda <takedakn@nttdata.co.jp> > Cc: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> > --- > Notes: > a. The location for some of these might need to be modified. > b. 'locked_down' was just missing a final ':'. > c. Added a new section: Security hooks for perf events. > > include/linux/lsm_hooks.h | 36 +++++++++++++++++++++++++++++++++++- > 1 file changed, 35 insertions(+), 1 deletion(-) > > --- lnx-56-rc1.orig/include/linux/lsm_hooks.h > +++ lnx-56-rc1/include/linux/lsm_hooks.h > @@ -103,6 +103,10 @@ > * @sb_free_security: > * Deallocate and clear the sb->s_security field. > * @sb contains the super_block structure to be modified. > + * @sb_free_mnt_opts: > + * Free memory associated with @mnt_ops. > + * @sb_eat_lsm_opts: > + * Eat (scan @orig options) and save them in @mnt_opts. > * @sb_statfs: > * Check permission before obtaining filesystem statistics for the @mnt > * mountpoint. > @@ -136,6 +140,10 @@ > * @sb superblock being remounted > * @data contains the filesystem-specific data. > * Return 0 if permission is granted. > + * @sb_kern_mount: > + * Mount this @sb if allowed by permissions. > + * @sb_show_options: > + * Show (print on @m) mount options for this @sb. > * @sb_umount: > * Check permission before the @mnt file system is unmounted. > * @mnt contains the mounted file system. > @@ -155,6 +163,8 @@ > * Copy all security options from a given superblock to another > * @oldsb old superblock which contain information to clone > * @newsb new superblock which needs filled in > + * @sb_add_mnt_opt: > + * Add one mount @option to @mnt_opts. > * @sb_parse_opts_str: > * Parse a string of security data filling in the opts structure > * @options string containing all mount options known by the LSM > @@ -451,6 +461,12 @@ > * security module does not know about attribute or a negative error code > * to abort the copy up. Note that the caller is responsible for reading > * and writing the xattrs as this hook is merely a filter. > + * @d_instantiate: > + * Fill in @inode security information for a @dentry if allowed. > + * @getprocattr: > + * Read attribute @name for process @p and store it into @value if allowed. > + * @setprocattr: > + * Write (set) attribute @name to @value, size @size if allowed. > * > * Security hooks for kernfs node operations > * > @@ -1113,6 +1129,7 @@ > * In case of failure, @secid will be set to zero. > * > * Security hooks for individual messages held in System V IPC message queues > + * > * @msg_msg_alloc_security: > * Allocate and attach a security structure to the msg->security field. > * The security field is initialized to NULL when the structure is first > @@ -1302,6 +1319,10 @@ > * @cap contains the capability <include/linux/capability.h>. > * @opts contains options for the capable check <include/linux/security.h> > * Return 0 if the capability is granted for @tsk. > + * @quotactl: > + * Check whether the quotactl syscall is allowed for this @sb. > + * @quota_on: > + * Check whether QUOTAON is allowed for this @dentry. > * @syslog: > * Check permission before accessing the kernel message ring or changing > * logging to the console. > @@ -1449,11 +1470,24 @@ > * @bpf_prog_free_security: > * Clean up the security information stored inside bpf prog. > * > - * @locked_down > + * @locked_down: > * Determine whether a kernel feature that potentially enables arbitrary > * code execution in kernel space should be permitted. > * > * @what: kernel feature being accessed > + * > + * Security hooks for perf events > + * > + * @perf_event_open: > + * Check whether the @type of perf_event_open syscall is allowed. > + * @perf_event_alloc: > + * Allocate and save perf_event security info. > + * @perf_event_free: > + * Release (free) perf_event security info. > + * @perf_event_read: > + * Read perf_event security info if allowed. > + * @perf_event_write: > + * Write perf_event security info if allowed. > */ > union security_list_options { > int (*binder_set_context_mgr)(struct task_struct *mgr); >
On Sat, Feb 15, 2020 at 11:08:38PM -0800, Randy Dunlap wrote: > From: Randy Dunlap <rdunlap@infradead.org> > > Fix all kernel-doc warnings in <linux/lsm_hooks.h>. > Fixes the following warnings: > > ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'quotactl' not described in 'security_list_options' > ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'quota_on' not described in 'security_list_options' > ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'sb_free_mnt_opts' not described in 'security_list_options' > ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'sb_eat_lsm_opts' not described in 'security_list_options' > ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'sb_kern_mount' not described in 'security_list_options' > ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'sb_show_options' not described in 'security_list_options' > ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'sb_add_mnt_opt' not described in 'security_list_options' > ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'd_instantiate' not described in 'security_list_options' > ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'getprocattr' not described in 'security_list_options' > ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'setprocattr' not described in 'security_list_options' > ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'locked_down' not described in 'security_list_options' > ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'perf_event_open' not described in 'security_list_options' > ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'perf_event_alloc' not described in 'security_list_options' > ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'perf_event_free' not described in 'security_list_options' > ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'perf_event_read' not described in 'security_list_options' > ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'perf_event_write' not described in 'security_list_options' > > Signed-off-by: Randy Dunlap <rdunlap@infradead.org> Yay! Thanks for working through these. :) Acked-by: Kees Cook <keescook@chromium.org>
On 2/16/20 2:08 AM, Randy Dunlap wrote: > From: Randy Dunlap <rdunlap@infradead.org> > > Fix all kernel-doc warnings in <linux/lsm_hooks.h>. > Fixes the following warnings: > > ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'quotactl' not described in 'security_list_options' > ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'quota_on' not described in 'security_list_options' > ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'sb_free_mnt_opts' not described in 'security_list_options' > ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'sb_eat_lsm_opts' not described in 'security_list_options' > ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'sb_kern_mount' not described in 'security_list_options' > ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'sb_show_options' not described in 'security_list_options' > ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'sb_add_mnt_opt' not described in 'security_list_options' > ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'd_instantiate' not described in 'security_list_options' > ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'getprocattr' not described in 'security_list_options' > ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'setprocattr' not described in 'security_list_options' > ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'locked_down' not described in 'security_list_options' > ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'perf_event_open' not described in 'security_list_options' > ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'perf_event_alloc' not described in 'security_list_options' > ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'perf_event_free' not described in 'security_list_options' > ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'perf_event_read' not described in 'security_list_options' > ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'perf_event_write' not described in 'security_list_options' > > Signed-off-by: Randy Dunlap <rdunlap@infradead.org> > Cc: John Johansen <john.johansen@canonical.com> > Cc: Kees Cook <keescook@chromium.org> > Cc: Micah Morton <mortonm@chromium.org> > Cc: James Morris <jmorris@namei.org> > Cc: "Serge E. Hallyn" <serge@hallyn.com> > Cc: linux-security-module@vger.kernel.org > Cc: Paul Moore <paul@paul-moore.com> > Cc: Stephen Smalley <sds@tycho.nsa.gov> > Cc: Eric Paris <eparis@parisplace.org> > Cc: Casey Schaufler <casey@schaufler-ca.com> > Cc: Kentaro Takeda <takedakn@nttdata.co.jp> > Cc: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> > --- > Notes: > a. The location for some of these might need to be modified. > b. 'locked_down' was just missing a final ':'. > c. Added a new section: Security hooks for perf events. > > include/linux/lsm_hooks.h | 36 +++++++++++++++++++++++++++++++++++- > 1 file changed, 35 insertions(+), 1 deletion(-) > > --- lnx-56-rc1.orig/include/linux/lsm_hooks.h > +++ lnx-56-rc1/include/linux/lsm_hooks.h > @@ -136,6 +140,10 @@ > * @sb superblock being remounted > * @data contains the filesystem-specific data. > * Return 0 if permission is granted. > + * @sb_kern_mount: > + * Mount this @sb if allowed by permissions. > + * @sb_show_options: > + * Show (print on @m) mount options for this @sb. > * @sb_umount: > * Check permission before the @mnt file system is unmounted. > * @mnt contains the mounted file system. Thanks for doing this. Note that some of the existing kernel-doc comments for these hooks include a separate line describing each parameter (not just embedded in the function description) and a line describing the return value. Is that optional for kernel-doc? Obviously what you have added here is an improvement, just wondering whether it suffices or needs further augmentation.
On 2/18/20 6:03 AM, Stephen Smalley wrote: > On 2/16/20 2:08 AM, Randy Dunlap wrote: >> From: Randy Dunlap <rdunlap@infradead.org> >> >> Fix all kernel-doc warnings in <linux/lsm_hooks.h>. >> Fixes the following warnings: >> >> ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'quotactl' not described in 'security_list_options' >> ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'quota_on' not described in 'security_list_options' >> ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'sb_free_mnt_opts' not described in 'security_list_options' >> ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'sb_eat_lsm_opts' not described in 'security_list_options' >> ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'sb_kern_mount' not described in 'security_list_options' >> ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'sb_show_options' not described in 'security_list_options' >> ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'sb_add_mnt_opt' not described in 'security_list_options' >> ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'd_instantiate' not described in 'security_list_options' >> ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'getprocattr' not described in 'security_list_options' >> ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'setprocattr' not described in 'security_list_options' >> ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'locked_down' not described in 'security_list_options' >> ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'perf_event_open' not described in 'security_list_options' >> ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'perf_event_alloc' not described in 'security_list_options' >> ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'perf_event_free' not described in 'security_list_options' >> ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'perf_event_read' not described in 'security_list_options' >> ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'perf_event_write' not described in 'security_list_options' >> >> Signed-off-by: Randy Dunlap <rdunlap@infradead.org> >> Cc: John Johansen <john.johansen@canonical.com> >> Cc: Kees Cook <keescook@chromium.org> >> Cc: Micah Morton <mortonm@chromium.org> >> Cc: James Morris <jmorris@namei.org> >> Cc: "Serge E. Hallyn" <serge@hallyn.com> >> Cc: linux-security-module@vger.kernel.org >> Cc: Paul Moore <paul@paul-moore.com> >> Cc: Stephen Smalley <sds@tycho.nsa.gov> >> Cc: Eric Paris <eparis@parisplace.org> >> Cc: Casey Schaufler <casey@schaufler-ca.com> >> Cc: Kentaro Takeda <takedakn@nttdata.co.jp> >> Cc: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> >> --- >> Notes: >> a. The location for some of these might need to be modified. >> b. 'locked_down' was just missing a final ':'. >> c. Added a new section: Security hooks for perf events. >> >> include/linux/lsm_hooks.h | 36 +++++++++++++++++++++++++++++++++++- >> 1 file changed, 35 insertions(+), 1 deletion(-) >> >> --- lnx-56-rc1.orig/include/linux/lsm_hooks.h >> +++ lnx-56-rc1/include/linux/lsm_hooks.h >> @@ -136,6 +140,10 @@ >> * @sb superblock being remounted >> * @data contains the filesystem-specific data. >> * Return 0 if permission is granted. >> + * @sb_kern_mount: >> + * Mount this @sb if allowed by permissions. >> + * @sb_show_options: >> + * Show (print on @m) mount options for this @sb. >> * @sb_umount: >> * Check permission before the @mnt file system is unmounted. >> * @mnt contains the mounted file system. > > Thanks for doing this. Note that some of the existing kernel-doc comments for these hooks include a separate line describing each parameter (not just embedded in the function description) and a line describing the return value. Is that optional for kernel-doc? Obviously what you have added here is an improvement, just wondering whether it suffices or needs further augmentation. Hi Stephen, The additional kernel-doc comments that you refer to are obviously Good to Have, but they are not required. I didn't feel comfortable or qualified to add all of that info, but if anyone wants to help/contribute, please do so. thanks.
On Sat, 15 Feb 2020, Randy Dunlap wrote: > From: Randy Dunlap <rdunlap@infradead.org> > > Fix all kernel-doc warnings in <linux/lsm_hooks.h>. > Fixes the following warnings: > > ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'quotactl' not described in 'security_list_options' > ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'quota_on' not described in 'security_list_options' > ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'sb_free_mnt_opts' not described in 'security_list_options' > ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'sb_eat_lsm_opts' not described in 'security_list_options' > ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'sb_kern_mount' not described in 'security_list_options' > ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'sb_show_options' not described in 'security_list_options' > ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'sb_add_mnt_opt' not described in 'security_list_options' > ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'd_instantiate' not described in 'security_list_options' > ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'getprocattr' not described in 'security_list_options' > ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'setprocattr' not described in 'security_list_options' > ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'locked_down' not described in 'security_list_options' > ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'perf_event_open' not described in 'security_list_options' > ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'perf_event_alloc' not described in 'security_list_options' > ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'perf_event_free' not described in 'security_list_options' > ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'perf_event_read' not described in 'security_list_options' > ../include/linux/lsm_hooks.h:1830: warning: Function parameter or member 'perf_event_write' not described in 'security_list_options' > > Signed-off-by: Randy Dunlap <rdunlap@infradead.org> Thanks, applied to git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next-general
--- lnx-56-rc1.orig/include/linux/lsm_hooks.h +++ lnx-56-rc1/include/linux/lsm_hooks.h @@ -103,6 +103,10 @@ * @sb_free_security: * Deallocate and clear the sb->s_security field. * @sb contains the super_block structure to be modified. + * @sb_free_mnt_opts: + * Free memory associated with @mnt_ops. + * @sb_eat_lsm_opts: + * Eat (scan @orig options) and save them in @mnt_opts. * @sb_statfs: * Check permission before obtaining filesystem statistics for the @mnt * mountpoint. @@ -136,6 +140,10 @@ * @sb superblock being remounted * @data contains the filesystem-specific data. * Return 0 if permission is granted. + * @sb_kern_mount: + * Mount this @sb if allowed by permissions. + * @sb_show_options: + * Show (print on @m) mount options for this @sb. * @sb_umount: * Check permission before the @mnt file system is unmounted. * @mnt contains the mounted file system. @@ -155,6 +163,8 @@ * Copy all security options from a given superblock to another * @oldsb old superblock which contain information to clone * @newsb new superblock which needs filled in + * @sb_add_mnt_opt: + * Add one mount @option to @mnt_opts. * @sb_parse_opts_str: * Parse a string of security data filling in the opts structure * @options string containing all mount options known by the LSM @@ -451,6 +461,12 @@ * security module does not know about attribute or a negative error code * to abort the copy up. Note that the caller is responsible for reading * and writing the xattrs as this hook is merely a filter. + * @d_instantiate: + * Fill in @inode security information for a @dentry if allowed. + * @getprocattr: + * Read attribute @name for process @p and store it into @value if allowed. + * @setprocattr: + * Write (set) attribute @name to @value, size @size if allowed. * * Security hooks for kernfs node operations * @@ -1113,6 +1129,7 @@ * In case of failure, @secid will be set to zero. * * Security hooks for individual messages held in System V IPC message queues + * * @msg_msg_alloc_security: * Allocate and attach a security structure to the msg->security field. * The security field is initialized to NULL when the structure is first @@ -1302,6 +1319,10 @@ * @cap contains the capability <include/linux/capability.h>. * @opts contains options for the capable check <include/linux/security.h> * Return 0 if the capability is granted for @tsk. + * @quotactl: + * Check whether the quotactl syscall is allowed for this @sb. + * @quota_on: + * Check whether QUOTAON is allowed for this @dentry. * @syslog: * Check permission before accessing the kernel message ring or changing * logging to the console. @@ -1449,11 +1470,24 @@ * @bpf_prog_free_security: * Clean up the security information stored inside bpf prog. * - * @locked_down + * @locked_down: * Determine whether a kernel feature that potentially enables arbitrary * code execution in kernel space should be permitted. * * @what: kernel feature being accessed + * + * Security hooks for perf events + * + * @perf_event_open: + * Check whether the @type of perf_event_open syscall is allowed. + * @perf_event_alloc: + * Allocate and save perf_event security info. + * @perf_event_free: + * Release (free) perf_event security info. + * @perf_event_read: + * Read perf_event security info if allowed. + * @perf_event_write: + * Write perf_event security info if allowed. */ union security_list_options { int (*binder_set_context_mgr)(struct task_struct *mgr);