[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 5 Jun 2017 22:22:15 +0300
From: Igor Stoppa <igor.stoppa@...wei.com>
To: <keescook@...omium.org>, <mhocko@...nel.org>, <jmorris@...ei.org>
CC: <penguin-kernel@...ove.SAKURA.ne.jp>, <paul@...l-moore.com>,
<sds@...ho.nsa.gov>, <casey@...aufler-ca.com>, <hch@...radead.org>,
<labbott@...hat.com>, <linux-mm@...ck.org>,
<linux-kernel@...r.kernel.org>, <kernel-hardening@...ts.openwall.com>,
Igor Stoppa <igor.stoppa@...wei.com>
Subject: [PATCH 4/5] Make LSM Writable Hooks a command line option
This patch shows how it is possible to take advantage of pmalloc:
instead of using the build-time option __lsm_ro_after_init, to decide if
it is possible to keep the hooks modifiable, now this becomes a
boot-time decision, based on the kernel command line.
This patch relies on:
"Convert security_hook_heads into explicit array of struct list_head"
Author: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
to break free from the static constraint imposed by the previous
hardening model, based on __ro_after_init.
Signed-off-by: Igor Stoppa <igor.stoppa@...wei.com>
CC: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
---
init/main.c | 2 ++
security/security.c | 29 ++++++++++++++++++++++++++---
2 files changed, 28 insertions(+), 3 deletions(-)
diff --git a/init/main.c b/init/main.c
index f866510..7850887 100644
--- a/init/main.c
+++ b/init/main.c
@@ -485,6 +485,7 @@ static void __init mm_init(void)
ioremap_huge_init();
}
+extern int __init pmalloc_init(void);
asmlinkage __visible void __init start_kernel(void)
{
char *command_line;
@@ -653,6 +654,7 @@ asmlinkage __visible void __init start_kernel(void)
proc_caches_init();
buffer_init();
key_init();
+ pmalloc_init();
security_init();
dbg_late_init();
vfs_caches_init();
diff --git a/security/security.c b/security/security.c
index c492f68..4285545 100644
--- a/security/security.c
+++ b/security/security.c
@@ -26,6 +26,7 @@
#include <linux/personality.h>
#include <linux/backing-dev.h>
#include <linux/string.h>
+#include <linux/pmalloc.h>
#include <net/flow.h>
#define MAX_LSM_EVM_XATTR 2
@@ -33,8 +34,17 @@
/* Maximum number of letters for an LSM name string */
#define SECURITY_NAME_MAX 10
-static struct list_head hook_heads[LSM_MAX_HOOK_INDEX]
- __lsm_ro_after_init;
+static int security_debug;
+
+static __init int set_security_debug(char *str)
+{
+ get_option(&str, &security_debug);
+ return 0;
+}
+early_param("security_debug", set_security_debug);
+
+static struct list_head *hook_heads;
+static struct pmalloc_pool *sec_pool;
char *lsm_names;
/* Boot-time LSM user choice */
static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] =
@@ -59,6 +69,13 @@ int __init security_init(void)
{
enum security_hook_index i;
+ sec_pool = pmalloc_create_pool("security");
+ if (!sec_pool)
+ goto error_pool;
+ hook_heads = pmalloc(sizeof(struct list_head) * LSM_MAX_HOOK_INDEX,
+ sec_pool);
+ if (!hook_heads)
+ goto error_heads;
for (i = 0; i < LSM_MAX_HOOK_INDEX; i++)
INIT_LIST_HEAD(&hook_heads[i]);
pr_info("Security Framework initialized\n");
@@ -74,8 +91,14 @@ int __init security_init(void)
* Load all the remaining security modules.
*/
do_security_initcalls();
-
+ if (!security_debug)
+ pmalloc_protect_pool(sec_pool);
return 0;
+
+error_heads:
+ pmalloc_destroy_pool(sec_pool);
+error_pool:
+ return -ENOMEM;
}
/* Save user chosen LSM */
--
2.9.3
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
