Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 5 Jun 2017 22:22:15 +0300
From: Igor Stoppa <igor.stoppa@...wei.com>
To: <keescook@...omium.org>, <mhocko@...nel.org>, <jmorris@...ei.org>
CC: <penguin-kernel@...ove.SAKURA.ne.jp>, <paul@...l-moore.com>,
        <sds@...ho.nsa.gov>, <casey@...aufler-ca.com>, <hch@...radead.org>,
        <labbott@...hat.com>, <linux-mm@...ck.org>,
        <linux-kernel@...r.kernel.org>, <kernel-hardening@...ts.openwall.com>,
        Igor Stoppa <igor.stoppa@...wei.com>
Subject: [PATCH 4/5] Make LSM Writable Hooks a command line option

This patch shows how it is possible to take advantage of pmalloc:
instead of using the build-time option __lsm_ro_after_init, to decide if
it is possible to keep the hooks modifiable, now this becomes a
boot-time decision, based on the kernel command line.

This patch relies on:

"Convert security_hook_heads into explicit array of struct list_head"
Author: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>

to break free from the static constraint imposed by the previous
hardening model, based on __ro_after_init.

Signed-off-by: Igor Stoppa <igor.stoppa@...wei.com>
CC: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
---
 init/main.c         |  2 ++
 security/security.c | 29 ++++++++++++++++++++++++++---
 2 files changed, 28 insertions(+), 3 deletions(-)

diff --git a/init/main.c b/init/main.c
index f866510..7850887 100644
--- a/init/main.c
+++ b/init/main.c
@@ -485,6 +485,7 @@ static void __init mm_init(void)
 	ioremap_huge_init();
 }
 
+extern int __init pmalloc_init(void);
 asmlinkage __visible void __init start_kernel(void)
 {
 	char *command_line;
@@ -653,6 +654,7 @@ asmlinkage __visible void __init start_kernel(void)
 	proc_caches_init();
 	buffer_init();
 	key_init();
+	pmalloc_init();
 	security_init();
 	dbg_late_init();
 	vfs_caches_init();
diff --git a/security/security.c b/security/security.c
index c492f68..4285545 100644
--- a/security/security.c
+++ b/security/security.c
@@ -26,6 +26,7 @@
 #include <linux/personality.h>
 #include <linux/backing-dev.h>
 #include <linux/string.h>
+#include <linux/pmalloc.h>
 #include <net/flow.h>
 
 #define MAX_LSM_EVM_XATTR	2
@@ -33,8 +34,17 @@
 /* Maximum number of letters for an LSM name string */
 #define SECURITY_NAME_MAX	10
 
-static struct list_head hook_heads[LSM_MAX_HOOK_INDEX]
-	__lsm_ro_after_init;
+static int security_debug;
+
+static __init int set_security_debug(char *str)
+{
+	get_option(&str, &security_debug);
+	return 0;
+}
+early_param("security_debug", set_security_debug);
+
+static struct list_head *hook_heads;
+static struct pmalloc_pool *sec_pool;
 char *lsm_names;
 /* Boot-time LSM user choice */
 static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] =
@@ -59,6 +69,13 @@ int __init security_init(void)
 {
 	enum security_hook_index i;
 
+	sec_pool = pmalloc_create_pool("security");
+	if (!sec_pool)
+		goto error_pool;
+	hook_heads = pmalloc(sizeof(struct list_head) * LSM_MAX_HOOK_INDEX,
+			     sec_pool);
+	if (!hook_heads)
+		goto error_heads;
 	for (i = 0; i < LSM_MAX_HOOK_INDEX; i++)
 		INIT_LIST_HEAD(&hook_heads[i]);
 	pr_info("Security Framework initialized\n");
@@ -74,8 +91,14 @@ int __init security_init(void)
 	 * Load all the remaining security modules.
 	 */
 	do_security_initcalls();
-
+	if (!security_debug)
+		pmalloc_protect_pool(sec_pool);
 	return 0;
+
+error_heads:
+	pmalloc_destroy_pool(sec_pool);
+error_pool:
+	return -ENOMEM;
 }
 
 /* Save user chosen LSM */
-- 
2.9.3

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.