Re: [RFC PATCH v9 09/16] block|security: add LSM blob to block_device

From: Deven Bowers <deven.desai(a)linux.microsoft.com&gt; block_device structures can have valuable security properties, based on how they are created, and what subsystem manages them. By adding LSM storage to this structure, this data can be accessed at the LSM layer. Signed-off-by: Deven Bowers <deven.desai(a)linux.microsoft.com&gt; Signed-off-by: Fan Wu <wufan(a)linux.microsoft.com&gt; Reviewed-by: Casey Schaufler <casey(a)schaufler-ca.com&gt;

--- block/bdev.c | 7 ++++ include/linux/blk_types.h | 3 ++ include/linux/lsm_hook_defs.h | 5 +++ include/linux/lsm_hooks.h | 12 ++++++ include/linux/security.h | 22 +++++++++++ security/security.c | 70 +++++++++++++++++++++++++++++++++++ 6 files changed, 119 insertions(+) diff --git a/block/bdev.c b/block/bdev.c index edc110d90df4..f8db53b47c00 100644 --- a/block/bdev.c +++ b/block/bdev.c @@ -24,6 +24,7 @@ #include <linux/pseudo_fs.h> #include <linux/uio.h> #include <linux/namei.h> +#include <linux/security.h> #include <linux/part_stat.h> #include <linux/uaccess.h> #include <linux/stat.h> @@ -396,6 +397,11 @@ static struct inode *bdev_alloc_inode(struct super_block *sb) if (!ei) return NULL; memset(&ei->bdev, 0, sizeof(ei->bdev)); + + if (security_bdev_alloc(&ei->bdev)) { + kmem_cache_free(bdev_cachep, ei); + return NULL; + } return &ei->vfs_inode; } @@ -405,6 +411,7 @@ static void bdev_free_inode(struct inode *inode) free_percpu(bdev->bd_stats); kfree(bdev->bd_meta_info); + security_bdev_free(bdev); if (!bdev_is_partition(bdev)) { if (bdev->bd_disk && bdev->bd_disk->bdi) diff --git a/include/linux/blk_types.h b/include/linux/blk_types.h index 99be590f952f..137a04f45c17 100644 --- a/include/linux/blk_types.h +++ b/include/linux/blk_types.h @@ -68,6 +68,9 @@ struct block_device { #ifdef CONFIG_FAIL_MAKE_REQUEST bool bd_make_it_fail; #endif +#ifdef CONFIG_SECURITY + void *security; +#endif } __randomize_layout; #define bdev_whole(_bdev) \ diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h index ed6cb2ac55fa..1f79029c9e28 100644 --- a/include/linux/lsm_hook_defs.h +++ b/include/linux/lsm_hook_defs.h @@ -417,3 +417,8 @@ LSM_HOOK(int, 0, uring_override_creds, const struct cred *new) LSM_HOOK(int, 0, uring_sqpoll, void) LSM_HOOK(int, 0, uring_cmd, struct io_uring_cmd *ioucmd) #endif /* CONFIG_IO_URING */ + +LSM_HOOK(int, 0, bdev_alloc_security, struct block_device *bdev) +LSM_HOOK(void, LSM_RET_VOID, bdev_free_security, struct block_device *bdev) +LSM_HOOK(int, 0, bdev_setsecurity, struct block_device *bdev, const char *name, + const void *value, size_t size) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 0a5ba81f7367..b622ceb57d83 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -1618,6 +1618,17 @@ * @what: kernel feature being accessed. * Return 0 if permission is granted. * + * @bdev_alloc_security: + * Initialize the security field inside a block_device structure. + * + * @bdev_free_security: + * Cleanup the security information stored inside a block_device structure. + * + * @bdev_setsecurity: + * Set a security property associated with @name for @bdev with + * value @value. @size indicates the size of @value in bytes. + * If a @name is not implemented, return -EOPNOTSUPP. + *

diff --git a/security/security.c b/security/security.c index d1571900a8c7..5c81dd3b1350 100644 --- a/security/security.c +++ b/security/security.c @@ -2705,6 +2730,51 @@ int security_locked_down(enum lockdown_reason what) } EXPORT_SYMBOL(security_locked_down); +int security_bdev_alloc(struct block_device *bdev) +{ + int rc = 0; + + rc = lsm_bdev_alloc(bdev); + if (unlikely(rc)) + return rc; + + rc = call_int_hook(bdev_alloc_security, 0, bdev); + if (unlikely(rc)) + security_bdev_free(bdev); + + return LSM_RET_DEFAULT(bdev_alloc_security); +} +EXPORT_SYMBOL(security_bdev_alloc); + +void security_bdev_free(struct block_device *bdev) +{ + if (!bdev->security) + return; + + call_void_hook(bdev_free_security, bdev); + + kfree(bdev->security); + bdev->security = NULL; +} +EXPORT_SYMBOL(security_bdev_free); + +int security_bdev_setsecurity(struct block_device *bdev, + const char *name, const void *value, + size_t size) +{ + int rc = 0; + struct security_hook_list *p; + + hlist_for_each_entry(p, &security_hook_heads.bdev_setsecurity, list) { + rc = p->hook.bdev_setsecurity(bdev, name, value, size); + if (rc && rc != -EOPNOTSUPP) + return rc; + } + + return LSM_RET_DEFAULT(bdev_setsecurity); +} +EXPORT_SYMBOL(security_bdev_setsecurity);

#ifdef CONFIG_PERF_EVENTS int security_perf_event_open(struct perf_event_attr *attr, int type) { -- 2.39.0