From patchwork Mon Feb 15 12:25:11 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= X-Patchwork-Id: 12088091 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 46844C433E0 for ; Mon, 15 Feb 2021 12:28:27 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 0275964DC3 for ; Mon, 15 Feb 2021 12:28:26 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230408AbhBOM12 (ORCPT ); Mon, 15 Feb 2021 07:27:28 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55714 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230098AbhBOM1U (ORCPT ); Mon, 15 Feb 2021 07:27:20 -0500 Received: from smtp-190b.mail.infomaniak.ch (smtp-190b.mail.infomaniak.ch [IPv6:2001:1600:3:17::190b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EF15AC061756 for ; Mon, 15 Feb 2021 04:26:27 -0800 (PST) Received: from smtp-2-0001.mail.infomaniak.ch (unknown [10.5.36.108]) by smtp-2-3000.mail.infomaniak.ch (Postfix) with ESMTPS id 4DfNcw6fbpzMppPl; Mon, 15 Feb 2021 13:26:24 +0100 (CET) Received: from localhost (unknown [23.97.221.149]) by smtp-2-0001.mail.infomaniak.ch (Postfix) with ESMTPA id 4DfNcw0xDCzlh8Td; Mon, 15 Feb 2021 13:26:23 +0100 (CET) From: =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= To: James Morris , Masahiro Yamada , "Serge E . Hallyn" Cc: =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , Casey Schaufler , Nicolas Iooss , linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= Subject: [PATCH v1 1/3] kconfig: Remove duplicate call to sym_get_string_value() Date: Mon, 15 Feb 2021 13:25:11 +0100 Message-Id: <20210215122513.1773897-2-mic@digikod.net> X-Mailer: git-send-email 2.30.0 In-Reply-To: <20210215122513.1773897-1-mic@digikod.net> References: <20210215122513.1773897-1-mic@digikod.net> MIME-Version: 1.0 Precedence: bulk List-ID: From: Mickaël Salaün Use the saved returned value of sym_get_string_value() instead of calling it twice. Cc: Masahiro Yamada Signed-off-by: Mickaël Salaün Link: https://lore.kernel.org/r/20210215122513.1773897-2-mic@digikod.net --- scripts/kconfig/conf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/kconfig/conf.c b/scripts/kconfig/conf.c index db03e2f45de4..18a233d27a8d 100644 --- a/scripts/kconfig/conf.c +++ b/scripts/kconfig/conf.c @@ -137,7 +137,7 @@ static int conf_string(struct menu *menu) printf("%*s%s ", indent - 1, "", menu->prompt->text); printf("(%s) ", sym->name); def = sym_get_string_value(sym); - if (sym_get_string_value(sym)) + if (def) printf("[%s] ", def); if (!conf_askvalue(sym, def)) return 0; From patchwork Mon Feb 15 12:25:12 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= X-Patchwork-Id: 12088093 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 040B9C433E6 for ; Mon, 15 Feb 2021 12:28:28 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id C9CA864DEC for ; Mon, 15 Feb 2021 12:28:27 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230098AbhBOM1g (ORCPT ); Mon, 15 Feb 2021 07:27:36 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55718 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230236AbhBOM1U (ORCPT ); Mon, 15 Feb 2021 07:27:20 -0500 Received: from smtp-1909.mail.infomaniak.ch (smtp-1909.mail.infomaniak.ch [IPv6:2001:1600:3:17::1909]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 87D0AC061786 for ; Mon, 15 Feb 2021 04:26:28 -0800 (PST) Received: from smtp-3-0000.mail.infomaniak.ch (unknown [10.4.36.107]) by smtp-2-3000.mail.infomaniak.ch (Postfix) with ESMTPS id 4DfNcy5mW0zMpp3T; Mon, 15 Feb 2021 13:26:26 +0100 (CET) Received: from localhost (unknown [23.97.221.149]) by smtp-3-0000.mail.infomaniak.ch (Postfix) with ESMTPA id 4DfNcy0qXRzlh8TX; Mon, 15 Feb 2021 13:26:25 +0100 (CET) From: =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= To: James Morris , Masahiro Yamada , "Serge E . Hallyn" Cc: =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , Casey Schaufler , Nicolas Iooss , linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= Subject: [PATCH v1 2/3] kconfig: Ask user if string needs to be changed when dependency changed Date: Mon, 15 Feb 2021 13:25:12 +0100 Message-Id: <20210215122513.1773897-3-mic@digikod.net> X-Mailer: git-send-email 2.30.0 In-Reply-To: <20210215122513.1773897-1-mic@digikod.net> References: <20210215122513.1773897-1-mic@digikod.net> MIME-Version: 1.0 Precedence: bulk List-ID: From: Mickaël Salaün Content of string configuration may depend on related kernel configurations. Modify oldconfig and syncconfig to inform users about possible required configuration update and give them the opportunity to update it: * if dependencies of this string has changed (e.g. enabled or disabled), * and if the current value of this string is different than the (new) default one. This is particularly relevant for CONFIG_LSM which contains a list of LSMs enabled at boot, but users will not have a chance to update this list with a make oldconfig. Cc: Casey Schaufler Cc: James Morris Cc: Masahiro Yamada Cc: Serge E. Hallyn Signed-off-by: Mickaël Salaün Link: https://lore.kernel.org/r/20210215122513.1773897-3-mic@digikod.net --- scripts/kconfig/conf.c | 37 ++++++++++++++++++++++++++++++++++--- 1 file changed, 34 insertions(+), 3 deletions(-) diff --git a/scripts/kconfig/conf.c b/scripts/kconfig/conf.c index 18a233d27a8d..8633dacd39a9 100644 --- a/scripts/kconfig/conf.c +++ b/scripts/kconfig/conf.c @@ -82,6 +82,26 @@ static void xfgets(char *str, int size, FILE *in) printf("%s", str); } +static bool may_need_string_update(struct symbol *sym, const char *def) +{ + const struct symbol *dep_sym; + const struct expr *e; + + if (sym->type != S_STRING) + return false; + if (strcmp(def, sym_get_string_default(sym)) == 0) + return false; + /* + * The user may want to synchronize the content of a string related to + * changed dependencies (e.g. CONFIG_LSM). + */ + expr_list_for_each_sym(sym->dir_dep.expr, e, dep_sym) { + if (dep_sym->flags & SYMBOL_CHANGED) + return true; + } + return false; +} + static int conf_askvalue(struct symbol *sym, const char *def) { enum symbol_type type = sym_get_type(sym); @@ -102,7 +122,7 @@ static int conf_askvalue(struct symbol *sym, const char *def) switch (input_mode) { case oldconfig: case syncconfig: - if (sym_has_value(sym)) { + if (sym_has_value(sym) && !may_need_string_update(sym, def)) { printf("%s\n", def); return 0; } @@ -137,8 +157,19 @@ static int conf_string(struct menu *menu) printf("%*s%s ", indent - 1, "", menu->prompt->text); printf("(%s) ", sym->name); def = sym_get_string_value(sym); - if (def) - printf("[%s] ", def); + if (def) { + if (may_need_string_update(sym, def)) { + indent += 2; + printf("\n%*sDefault value is [%s]\n", + indent - 1, "", + sym_get_string_default(sym)); + printf("%*sCurrent value is [%s] ", + indent - 1, "", def); + indent -= 2; + } else { + printf("[%s] ", def); + } + } if (!conf_askvalue(sym, def)) return 0; switch (line[0]) { From patchwork Mon Feb 15 12:25:13 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= X-Patchwork-Id: 12088097 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 32649C433E0 for ; Mon, 15 Feb 2021 12:28:32 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id EA7A464DEC for ; Mon, 15 Feb 2021 12:28:31 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229816AbhBOM2N (ORCPT ); Mon, 15 Feb 2021 07:28:13 -0500 Received: from smtp-bc09.mail.infomaniak.ch ([45.157.188.9]:56097 "EHLO smtp-bc09.mail.infomaniak.ch" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230384AbhBOM1h (ORCPT ); Mon, 15 Feb 2021 07:27:37 -0500 Received: from smtp-3-0001.mail.infomaniak.ch (unknown [10.4.36.108]) by smtp-2-3000.mail.infomaniak.ch (Postfix) with ESMTPS id 4DfNd11gQnzMqC30; Mon, 15 Feb 2021 13:26:29 +0100 (CET) Received: from localhost (unknown [23.97.221.149]) by smtp-3-0001.mail.infomaniak.ch (Postfix) with ESMTPA id 4DfNd03z7nzlh8TQ; Mon, 15 Feb 2021 13:26:27 +0100 (CET) From: =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= To: James Morris , Masahiro Yamada , "Serge E . Hallyn" Cc: =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , Casey Schaufler , Nicolas Iooss , linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= Subject: [PATCH v1 3/3] security: Add LSMs dependencies to CONFIG_LSM Date: Mon, 15 Feb 2021 13:25:13 +0100 Message-Id: <20210215122513.1773897-4-mic@digikod.net> X-Mailer: git-send-email 2.30.0 In-Reply-To: <20210215122513.1773897-1-mic@digikod.net> References: <20210215122513.1773897-1-mic@digikod.net> MIME-Version: 1.0 Precedence: bulk List-ID: From: Mickaël Salaün Thanks to the previous commit, this gives the opportunity to users, when running make oldconfig, to update the list of enabled LSMs at boot time if an LSM has just been enabled or disabled in the build. Moreover, this list only makes sense if at least one LSM is enabled. Cc: Casey Schaufler Cc: James Morris Cc: Masahiro Yamada Cc: Serge E. Hallyn Signed-off-by: Mickaël Salaün Link: https://lore.kernel.org/r/20210215122513.1773897-4-mic@digikod.net Reported-by: kernel test robot --- security/Kconfig | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/security/Kconfig b/security/Kconfig index 7561f6f99f1d..2bc9ff351176 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -277,6 +277,10 @@ endchoice config LSM string "Ordered list of enabled LSMs" + depends on SECURITY_LOCKDOWN_LSM || SECURITY_YAMA || SECURITY_LOADPIN || \ + SECURITY_SAFESETID || INTEGRITY || SECURITY_SELINUX || \ + SECURITY_SMACK || SECURITY_TOMOYO || SECURITY_APPARMOR || \ + BPF_LSM default "lockdown,yama,loadpin,safesetid,integrity,smack,selinux,tomoyo,apparmor,bpf" if DEFAULT_SECURITY_SMACK default "lockdown,yama,loadpin,safesetid,integrity,apparmor,selinux,smack,tomoyo,bpf" if DEFAULT_SECURITY_APPARMOR default "lockdown,yama,loadpin,safesetid,integrity,tomoyo,bpf" if DEFAULT_SECURITY_TOMOYO