From: Linus Torvalds <torvalds@linux-foundation.org>
Date: Wed, 13 Mar 2024 03:03:34 +0000 (-0700)
Subject: Merge tag 'lsm-pr-20240312' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm
X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=cc4a875cf3b3bc07d523ea85b8ca45da1ca4f4e6;p=linux.git

Merge tag 'lsm-pr-20240312' of git://git./linux/kernel/git/pcmoore/lsm

Pull lsm updates from Paul Moore:

 - Promote IMA/EVM to a proper LSM

   This is the bulk of the diffstat, and the source of all the changes
   in the VFS code. Prior to the start of the LSM stacking work it was
   important that IMA/EVM were separate from the rest of the LSMs,
   complete with their own hooks, infrastructure, etc. as it was the
   only way to enable IMA/EVM at the same time as a LSM.

   However, now that the bulk of the LSM infrastructure supports
   multiple simultaneous LSMs, we can simplify things greatly by
   bringing IMA/EVM into the LSM infrastructure as proper LSMs. This is
   something I've wanted to see happen for quite some time and Roberto
   was kind enough to put in the work to make it happen.

 - Use the LSM hook default values to simplify the call_int_hook() macro

   Previously the call_int_hook() macro required callers to supply a
   default return value, despite a default value being specified when
   the LSM hook was defined.

   This simplifies the macro by using the defined default return value
   which makes life easier for callers and should also reduce the number
   of return value bugs in the future (we've had a few pop up recently,
   hence this work).

 - Use the KMEM_CACHE() macro instead of kmem_cache_create()

   The guidance appears to be to use the KMEM_CACHE() macro when
   possible and there is no reason why we can't use the macro, so let's
   use it.

 - Fix a number of comment typos in the LSM hook comment blocks

   Not much to say here, we fixed some questionable grammar decisions in
   the LSM hook comment blocks.

* tag 'lsm-pr-20240312' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm: (28 commits)
  cred: Use KMEM_CACHE() instead of kmem_cache_create()
  lsm: use default hook return value in call_int_hook()
  lsm: fix typos in security/security.c comment headers
  integrity: Remove LSM
  ima: Make it independent from 'integrity' LSM
  evm: Make it independent from 'integrity' LSM
  evm: Move to LSM infrastructure
  ima: Move IMA-Appraisal to LSM infrastructure
  ima: Move to LSM infrastructure
  integrity: Move integrity_kernel_module_request() to IMA
  security: Introduce key_post_create_or_update hook
  security: Introduce inode_post_remove_acl hook
  security: Introduce inode_post_set_acl hook
  security: Introduce inode_post_create_tmpfile hook
  security: Introduce path_post_mknod hook
  security: Introduce file_release hook
  security: Introduce file_post_open hook
  security: Introduce inode_post_removexattr hook
  security: Introduce inode_post_setattr hook
  security: Align inode_setattr hook definition with EVM
  ...
---

cc4a875cf3b3bc07d523ea85b8ca45da1ca4f4e6
diff --cc security/security.c
index aef69632d0a9e,4cb832b00c407..a07f43c58d656
--- a/security/security.c
+++ b/security/security.c
@@@ -28,8 -25,8 +25,9 @@@
  #include <linux/personality.h>
  #include <linux/backing-dev.h>
  #include <linux/string.h>
+ #include <linux/xattr.h>
  #include <linux/msg.h>
 +#include <linux/overflow.h>
  #include <net/flow.h>
  
  /* How many LSMs were built into the kernel? */
@@@ -5448,38 -5426,16 +5429,38 @@@ int security_bpf_prog(struct bpf_prog *
  }
  
  /**
 - * security_bpf_map_alloc() - Allocate a bpf map LSM blob
 - * @map: bpf map
 + * security_bpf_map_create() - Check if BPF map creation is allowed
 + * @map: BPF map object
 + * @attr: BPF syscall attributes used to create BPF map
 + * @token: BPF token used to grant user access
 + *
 + * Do a check when the kernel creates a new BPF map. This is also the
 + * point where LSM blob is allocated for LSMs that need them.
 + *
 + * Return: Returns 0 on success, error on failure.
 + */
 +int security_bpf_map_create(struct bpf_map *map, union bpf_attr *attr,
 +			    struct bpf_token *token)
 +{
- 	return call_int_hook(bpf_map_create, 0, map, attr, token);
++	return call_int_hook(bpf_map_create, map, attr, token);
 +}
 +
 +/**
 + * security_bpf_prog_load() - Check if loading of BPF program is allowed
 + * @prog: BPF program object
 + * @attr: BPF syscall attributes used to create BPF program
 + * @token: BPF token used to grant user access to BPF subsystem
   *
 - * Initialize the security field inside bpf map.
 + * Perform an access control check when the kernel loads a BPF program and
 + * allocates associated BPF program object. This hook is also responsible for
 + * allocating any required LSM state for the BPF program.
   *
   * Return: Returns 0 on success, error on failure.
   */
 -int security_bpf_map_alloc(struct bpf_map *map)
 +int security_bpf_prog_load(struct bpf_prog *prog, union bpf_attr *attr,
 +			   struct bpf_token *token)
  {
- 	return call_int_hook(bpf_prog_load, 0, prog, attr, token);
 -	return call_int_hook(bpf_map_alloc_security, map);
++	return call_int_hook(bpf_prog_load, prog, attr, token);
  }
  
  /**
@@@ -5493,42 -5446,9 +5474,42 @@@
   *
   * Return: Returns 0 on success, error on failure.
   */
 -int security_bpf_prog_alloc(struct bpf_prog_aux *aux)
 +int security_bpf_token_create(struct bpf_token *token, union bpf_attr *attr,
 +			      struct path *path)
  {
- 	return call_int_hook(bpf_token_create, 0, token, attr, path);
 -	return call_int_hook(bpf_prog_alloc_security, aux);
++	return call_int_hook(bpf_token_create, token, attr, path);
 +}
 +
 +/**
 + * security_bpf_token_cmd() - Check if BPF token is allowed to delegate
 + * requested BPF syscall command
 + * @token: BPF token object
 + * @cmd: BPF syscall command requested to be delegated by BPF token
 + *
 + * Do a check when the kernel decides whether provided BPF token should allow
 + * delegation of requested BPF syscall command.
 + *
 + * Return: Returns 0 on success, error on failure.
 + */
 +int security_bpf_token_cmd(const struct bpf_token *token, enum bpf_cmd cmd)
 +{
- 	return call_int_hook(bpf_token_cmd, 0, token, cmd);
++	return call_int_hook(bpf_token_cmd, token, cmd);
 +}
 +
 +/**
 + * security_bpf_token_capable() - Check if BPF token is allowed to delegate
 + * requested BPF-related capability
 + * @token: BPF token object
 + * @cap: capabilities requested to be delegated by BPF token
 + *
 + * Do a check when the kernel decides whether provided BPF token should allow
 + * delegation of requested BPF-related capabilities.
 + *
 + * Return: Returns 0 on success, error on failure.
 + */
 +int security_bpf_token_capable(const struct bpf_token *token, int cap)
 +{
- 	return call_int_hook(bpf_token_capable, 0, token, cap);
++	return call_int_hook(bpf_token_capable, token, cap);
  }
  
  /**