From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 32748C4332F for ; Tue, 13 Dec 2022 15:37:42 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 804C08E0003; Tue, 13 Dec 2022 10:37:41 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 7B43E8E0002; Tue, 13 Dec 2022 10:37:41 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 655898E0003; Tue, 13 Dec 2022 10:37:41 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 5332B8E0002 for ; Tue, 13 Dec 2022 10:37:41 -0500 (EST) Received: from smtpin09.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 2948C1A0362 for ; Tue, 13 Dec 2022 15:37:41 +0000 (UTC) X-FDA: 80237687922.09.1CD3DD2 Received: from sonic314-26.consmr.mail.ne1.yahoo.com (sonic314-26.consmr.mail.ne1.yahoo.com [66.163.189.152]) by imf06.hostedemail.com (Postfix) with ESMTP id 61449180016 for ; Tue, 13 Dec 2022 15:37:38 +0000 (UTC) Authentication-Results: imf06.hostedemail.com; dkim=pass header.d=yahoo.com header.s=s2048 header.b=ktBwd0ju; spf=none (imf06.hostedemail.com: domain of casey@schaufler-ca.com has no SPF policy when checking 66.163.189.152) smtp.mailfrom=casey@schaufler-ca.com; dmarc=none ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1670945858; a=rsa-sha256; cv=none; b=S50tD9SoHzcmIkxYIgLlUMn1mYIZjYRWr+N/uqbVXs2gcrD2E8NUSuDupSZnH8oKBlQCrq +FmhidGSsAH6frttwrwCvABzCRDBlTsc4RCBk3tWTRhI/e/h2ujs0IT5cXFhLzOfh5juit WV2Zt4eKnCNuKZbB85SwNXEp+rdbkhs= ARC-Authentication-Results: i=1; imf06.hostedemail.com; dkim=pass header.d=yahoo.com header.s=s2048 header.b=ktBwd0ju; spf=none (imf06.hostedemail.com: domain of casey@schaufler-ca.com has no SPF policy when checking 66.163.189.152) smtp.mailfrom=casey@schaufler-ca.com; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1670945858; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=sOXTvqDHnS4t0uRzxe63xLlgmapSCpal4VxqiUQzZfY=; b=YeHLVNWXbgyDQPSoi+k2UFYnODLI//i/xdOo9aYHc6na9+Qv1MgErW7+TlsqoZ7tRReMhj ccsdN19wgma8Tx7Zv2vjal7vWoC5Qi6Qowa0XYIT9unJFP/HrpzhZHyLK60rKg0rKJKzj+ AUCfw/e9v6YuGqf7U5LTi09gvy/AZ/E= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1670945857; bh=sOXTvqDHnS4t0uRzxe63xLlgmapSCpal4VxqiUQzZfY=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From:Subject:Reply-To; b=ktBwd0juCNCyftgkH/v6HItWujJzkDbV6II6HgFPm/HK7iYA8Abcn2y09r8uJYL1o3ks24RAao8lscyQrxjUwW5EveBq6t4xSVXYQ+13fHPUGtuH2poZ/z+Ki6ihszCy3cY3K5QV1/uVu8E3OmbS/2LJXm/Kvbx6IoMFYBxGP80OdV/axUoRCHnqrAb3zHEhOhV7qrNoDduuXji62ysK/oXhjwfoXcCTYfdhoBv4niMrcqQNsa4dP8jAlJvwyQtQuzboldXiaaUwsYcAo+30eGXqlmcOd5cC/SHeXGRTFn8Q9PVZ2JJqt8TYU3GAC7gAV2K1U0IH3Nz/tynmVFCeVw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1670945857; bh=YE8ZkhyNRLmPKVNTfcmDsM+qMFWCw6ikwyDaV6WZlvm=; h=X-Sonic-MF:Date:Subject:To:From:From:Subject; b=oHkq+rd0Q9v5YWGTefru/kLOj333xla7iY0veZn376G59o7JM5NtYiAQLbVOl3kxPtXeyIH4Jhyu8FLMGnoD3lxOvNDy4jF3zxFMubBb/A8U1nYTeIwY3EfayjIXdSN6fXceAzicsDGvpptuwj9BxszzZf6yiCXkH310cItGDf2HAx/xrHAVwC0+O0E2eW507Z5+2Za/HOKCLzXvLtlQv8UGmN3dukeJiruuanOqJM2HlMs/VMShO2Azj1/z2Cr1m/Os8kZe5KOrxhJrZH5CIjnr0s2bBWnATMdK5Y1RBL7cUtGHgiLa3DDRQwFP3b2yE2fMzQGtciEqbbTaION4Rw== X-YMail-OSG: 8_.lebkVM1mnfFj1NWh627alP1i_ua7hWW8AtL6Ad1BcugYWlVF5nGf7bzaZ7Xt Z9sGg.t5dloDbIlO1IxKcE3XzLritBcM0xZGtoxVpIkMfPVWMDibeuKzPE8Cue44njKArVsI.dsz TZwQbNdvJsrcJZgH47cpgVFAVI6hwiApZGdHBQQm_x.slZ_w1X_qIlUCmVhk8IjZM7JsQ_McgPjI oieXOL0F5YfknpdVDQOPi77G8At1DgxEHsB9XL0Id0hVZxiHauHjJf_CFfkuVxtZYFg8dClLshUD Pi5j5VSyJWgRq5ptD1WWgq0iZG2YkEiplUw0hrOm8DGInhNLr6yjQrKGBNKbplAq9isC31qbiXXk emZe_2ThPXRr48_8BiZuTr_j66NACensRf1sQpepg4vIwmRQx1003l1HEH8tUSZjoSIulESNwa81 8BxixZvR6ysiZeJRPdFeNpkhHiI9I3PssAEzMvTB6OGmxB91jNj7UoC0vyxxgdFz3xAt.MV3hHlk qZ1Jc9gYTcGG77yAiNBi3HvyJokPqKetjO7gNA_xOhY2ulIr43d1beSKSP7JHmDHeQHZE7JpeAYC LjIFyUj4OeNqWZsJ54LZx28BGlqi60Yz48bLo4ZqFvhMAMO5plbeMCKsalLRP9W.YuNYVzDUjwhF W5qeQA2w48Gzw8H9N_yDlZuz9bgP12L6igri5HPTUhU_DLfRtUuCcehGvkmsAt4SwKdEopROBdKb P1hwQ2zqdMWkTnNhPpbDSXxFEW_ragx8Polq9W3IFUzf2DSNytuPEtl90tJKe1bzYPYtywSx7YGG QjNJleCYlKVUubn6C3oQj_HRcQC_ebsTjsHaL4cFAjpwl2LNr6Gz4wLLV1_rBl3MldaeFAT69yQp GZziZ6s8RcXrGLbr2vL55OpprCxRz0dJJFvLTquR9auMmnQkvWPi9eo9BRdIjvGIIB0clfToHmeM muOlzSrGZkh5dQIfERIT8hGBpTEJaEXsolM_fdHiZS_T33vVZmckopEUAkaJ0UDCBxSj4psewgb9 _n5HlPbqiH0zPiQEBSzjCsROIosXYmKTtLq0w0xdRedbKJNaSQ6yKRZwONOOc9_oFA3gT5VN_8Yq cjiJLr8UlR5dMC5Wiyii5ZinFeqRX6HB.AGsjVDJYpB9RbzPErcZa9OEIWrV6W_gjHh8jiZV8pm2 XSSDeO1v5qI6J.8FWgWqtoJd5RHit8mO_alhGbjSQfWGXj2JNyyBT3ZwsOgXps9eNV9hj_ZvzwFL WALmFSbSuEhO9u6E2C7Hz6r3843yPXPwMGWdNHPIjG_Ph2h4YiPVfrbLlRUqCvVe6p3HxNKEK20r HSxq5jEX2wMyd6_OUZxNkNOO0Ha9mHjKG7o83i14_VKp2DNrYRqr1mLyOX1lsIxPyFCTCU9OHoqb IGdji6WzjmXUZDcKLQF__uTbfGD.4Iv.mg.v9upmtfvzt0465RDaVOjHAgp3a6VdJgQsnTsqefAY W45GAYNihOV_al7snAGSTeYqJSLrsAgvQp8Pp.jQprnknSIvz.E2azjb._w_yOnfXdwuxSKz.10x ykjNa7JgiG_R.pEeASJpOWjnwJF_ebPAzeyvko.lauxbPmxrJrCfHDTzY.dTUQ.__.VpcianUcVO P150eAEZFMUv9217f.EW9Gf2tfoGI1QLdjmhPRiHFY4Umv7fQMzXY.iX5GeKknRV19pDe3sdRV12 X2vtqd6QDnELp.U92QxP1E88lJtX5GScjS8zyxEWsux_XCztZJcJx.InbOnszZ4jmCzJMMEkbLgz S1tiLQgCkJHuZfa2hxKWv2zryrXZSbMxdO5ViiOAk5DretADJ6_WO3ukpY5S4wAKeiq40_2unDEX V2zGb7vJxFtijNW2O24KSDMkTnULTQ8HTWIV6bpSB8JslMXcExA1tM84xTtErUwEMxi2ZjvKZLsP B9aCQiE4Tb2mo8NockvD7NZfyJ4H1WtEB1Ve23WA6MB_3Dqec0OU.WmC6TnaH1TkrkjI4RaIhZhO 3t0CV21A0hITeRavgo.vg3Cj9O_CxBHkAwmJM7fLJ7AxmUJoqimVvwy6S3Dg6o_YWbiabUiGmu.w V9NdprlfabrJx1B5j308ixFLtJgpIHMEc0yog1aAndtLDjAUeKr8Q9iqzR0r1.8.n11sp7C5bFDo C.RVslQu1syGK8U_ym4gaiAicJIGWBzSSDVnjl6T8K3IXndJeB.MfBt2p2sNCnuyi11WaL.oPX48 2IoTRrUN3PB5t3NOw5sIZInI76X_TJaoVlFN5GQ-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic314.consmr.mail.ne1.yahoo.com with HTTP; Tue, 13 Dec 2022 15:37:37 +0000 Received: by hermes--production-gq1-d898c4779-9jfqr (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 88e0117bf245ea795b169282af69f581; Tue, 13 Dec 2022 15:37:34 +0000 (UTC) Message-ID: <3e971295-fb0b-3426-6054-e3fa5307943a@schaufler-ca.com> Date: Tue, 13 Dec 2022 07:37:32 -0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.5.1 Subject: Re: [PATCH v7 6/6] mm/memfd: security hook for memfd_create Content-Language: en-US To: Jeff Xu , Paul Moore Cc: jeffxu@chromium.org, skhan@linuxfoundation.org, keescook@chromium.org, akpm@linux-foundation.org, dmitry.torokhov@gmail.com, dverkamp@chromium.org, hughd@google.com, jorgelo@chromium.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, jannh@google.com, linux-hardening@vger.kernel.org, linux-security-module@vger.kernel.org, kernel test robot , casey@schaufler-ca.com References: <20221209160453.3246150-1-jeffxu@google.com> <20221209160453.3246150-7-jeffxu@google.com> From: Casey Schaufler In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Mailer: WebService/1.1.20926 mail.backend.jedi.jws.acl:role.jedi.acl.token.atz.jws.hermes.yahoo X-Rspam-User: X-Rspamd-Server: rspam03 X-Rspamd-Queue-Id: 61449180016 X-Stat-Signature: znoeqz7os4aipcgc9oc9rb7jy7kzykxt X-HE-Tag: 1670945858-575405 X-HE-Meta: U2FsdGVkX1+86QW6UjtRaUl5iQFs1jugrQoXHF5jrvgjfpuAlaFt5DhzRQDFNqSFjIiYia9x6aZt3hnerwyxidO3kPkU9ygSt8rPjfwLGdPg2g8OsquBJAkqqkv7P3io3Wcv2EM51M8xL8Gcc5XVQRIMgW+PmwWz/UtnbEPnxp8oIy/rdamsd73fFRDiUx8WqcCPF7fxOMn7WUA1Wk3Mfly0QFh4s8Bp8XxOh8px7vjRrVE1N/AnGtY47qBACUyltSiLhp7/z2hXOUTeeIIH3sCbcUcrsEffpPtMk0YBu+5iEJ83RzCaLSZ/Ax1m0sI+ytl6IjXhq3ioiWm9eXvXTV9XpS3+/vgRNtxH/IZM0cp6GFOGKuqdNyNoJ/n8GAXORpFk9prg1DgdpYzcmH1lWa6oheAJfTWMDeBjmNbJ3EGz2ibaW1nLZXPmhDEt47J6To+h84cI0p+MaD1X77ESseUyeDsKKWknsgcLgeg5cdAsnBozqKwcuKys5krvKkESHzjT8cahMn5nvhJ7Eb6d969kqMnsHoZI3fozgPm0skzTiluHCfmXhUHYEs0v0N3lj4daxRlcmYCjs3kr1jaIBdOpzgz2pBFgNruG8B7tPKQVW2yHDtMz7AlBDuSykrs4euxGL4s6EQhjwFUdEQaiiYIKegjVh+sMKVcmFQAomTzvM2ogFRNCK0kuTrAjqaoyVd+SosgWN6YTviHQHrUdlbThIa9QfqGGoPtV9j1a2R+9vQ/6FpHVh2uX1iqnmNPbq3KH5v51kNHARoV2gt11JEIIkLuaFYXA3GX06vBfjYULiJASSMSXfxKAHt2Psjlas+9QffIBvseWexKVUII2NwROAHGBJPVKXt1QRPzg0r1jw+KAAbYCN1kcOH5zSvW4qn/rc+CFRbrOENs6t8o93+wUMw8gcVn2gweTNBpFZEYDOtN2pv5Qj0mS/tz4TLVDSivKgLrjck97OIQD7c7 uegpvKnZ G5aMmipIf4qjmY9uLUzVyknLGBg== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 12/13/2022 7:00 AM, Jeff Xu wrote: > On Fri, Dec 9, 2022 at 10:29 AM Paul Moore wrote: >> On Fri, Dec 9, 2022 at 11:05 AM wrote: >>> From: Jeff Xu >>> >>> The new security_memfd_create allows lsm to check flags of >>> memfd_create. >>> >>> The security by default system (such as chromeos) can use this >>> to implement system wide lsm to allow only non-executable memfd >>> being created. >>> >>> Signed-off-by: Jeff Xu >>> Reported-by: kernel test robot >>> --- >>> include/linux/lsm_hook_defs.h | 1 + >>> include/linux/lsm_hooks.h | 4 ++++ >>> include/linux/security.h | 6 ++++++ >>> mm/memfd.c | 5 +++++ >>> security/security.c | 5 +++++ >>> 5 files changed, 21 insertions(+) >> We typically require at least one in-tree LSM implementation to >> accompany a new LSM hook. Beyond simply providing proof that the hook >> has value, it helps provide a functional example both for reviewers as >> well as future LSM implementations. Also, while the BPF LSM is >> definitely "in-tree", its nature is such that the actual >> implementation lives out-of-tree; something like SELinux, AppArmor, >> Smack, etc. are much more desirable from an in-tree example >> perspective. >> > Thanks for the comments. > Would that be OK if I add a new LSM in the kernel to block executable > memfd creation ? > Alternatively, it might be possible to add this into SELinux or > landlock, it will be a larger change. I expect you'll get other opinions, but I'd be happy with a small LSM that does sophisticated memory fd controls. I also expect that the SELinux crew would like to see a hook included there. > > Thanks > > Jeff > > >> -- >> paul-moore.com