063a7ce32d
-----BEGIN PGP SIGNATURE----- iQJIBAABCAAyFiEES0KozwfymdVUl37v6iDy2pc3iXMFAmWYKUIUHHBhdWxAcGF1 bC1tb29yZS5jb20ACgkQ6iDy2pc3iXNyHw/+IKnqL1MZ5QS+/HtSzi4jCL47N9yZ OHLol6XswyEGHH9myKPPGnT5lVA93v98v4ty2mws7EJUSGZQQUntYBPbU9Gi40+B XDzYSRocoj96sdlKeOJMgaWo3NBRD9HYSoGPDNWZixy6m+bLPk/Dqhn3FabKf1lo 2qQSmstvChFRmVNkmgaQnBCAtWVqla4EJEL0EKX6cspHbuzRNTeJdTPn6Q/zOUVL O2znOZuEtSVpYS7yg3uJT0hHD8H0GnIciAcDAhyPSBL5Uk5l6gwJiACcdRfLRbgp QM5Z4qUFdKljV5XBCzYnfhhrx1df08h1SG84El8UK8HgTTfOZfYmawByJRWNJSQE TdCmtyyvEbfb61CKBFVwD7Tzb9/y8WgcY5N3Un8uCQqRzFIO+6cghHri5NrVhifp nPFlP4klxLHh3d7ZVekLmCMHbpaacRyJKwLy+f/nwbBEID47jpPkvZFIpbalat+r QaKRBNWdTeV+GZ+Yu0uWsI029aQnpcO1kAnGg09fl6b/dsmxeKOVWebir25AzQ++ a702S8HRmj80X+VnXHU9a64XeGtBH7Nq0vu0lGHQPgwhSx/9P6/qICEPwsIriRjR I9OulWt4OBPDtlsonHFgDs+lbnd0Z0GJUwYT8e9pjRDMxijVO9lhAXyglVRmuNR8 to2ByKP5BO+Vh8Y= =Py+n -----END PGP SIGNATURE----- Merge tag 'lsm-pr-20240105' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm Pull security module updates from Paul Moore: - Add three new syscalls: lsm_list_modules(), lsm_get_self_attr(), and lsm_set_self_attr(). The first syscall simply lists the LSMs enabled, while the second and third get and set the current process' LSM attributes. Yes, these syscalls may provide similar functionality to what can be found under /proc or /sys, but they were designed to support multiple, simultaneaous (stacked) LSMs from the start as opposed to the current /proc based solutions which were created at a time when only one LSM was allowed to be active at a given time. We have spent considerable time discussing ways to extend the existing /proc interfaces to support multiple, simultaneaous LSMs and even our best ideas have been far too ugly to support as a kernel API; after +20 years in the kernel, I felt the LSM layer had established itself enough to justify a handful of syscalls. Support amongst the individual LSM developers has been nearly unanimous, with a single objection coming from Tetsuo (TOMOYO) as he is worried that the LSM_ID_XXX token concept will make it more difficult for out-of-tree LSMs to survive. Several members of the LSM community have demonstrated the ability for out-of-tree LSMs to continue to exist by picking high/unused LSM_ID values as well as pointing out that many kernel APIs rely on integer identifiers, e.g. syscalls (!), but unfortunately Tetsuo's objections remain. My personal opinion is that while I have no interest in penalizing out-of-tree LSMs, I'm not going to penalize in-tree development to support out-of-tree development, and I view this as a necessary step forward to support the push for expanded LSM stacking and reduce our reliance on /proc and /sys which has occassionally been problematic for some container users. Finally, we have included the linux-api folks on (all?) recent revisions of the patchset and addressed all of their concerns. - Add a new security_file_ioctl_compat() LSM hook to handle the 32-bit ioctls on 64-bit systems problem. This patch includes support for all of the existing LSMs which provide ioctl hooks, although it turns out only SELinux actually cares about the individual ioctls. It is worth noting that while Casey (Smack) and Tetsuo (TOMOYO) did not give explicit ACKs to this patch, they did both indicate they are okay with the changes. - Fix a potential memory leak in the CALIPSO code when IPv6 is disabled at boot. While it's good that we are fixing this, I doubt this is something users are seeing in the wild as you need to both disable IPv6 and then attempt to configure IPv6 labeled networking via NetLabel/CALIPSO; that just doesn't make much sense. Normally this would go through netdev, but Jakub asked me to take this patch and of all the trees I maintain, the LSM tree seemed like the best fit. - Update the LSM MAINTAINERS entry with additional information about our process docs, patchwork, bug reporting, etc. I also noticed that the Lockdown LSM is missing a dedicated MAINTAINERS entry so I've added that to the pull request. I've been working with one of the major Lockdown authors/contributors to see if they are willing to step up and assume a Lockdown maintainer role; hopefully that will happen soon, but in the meantime I'll continue to look after it. - Add a handful of mailmap entries for Serge Hallyn and myself. * tag 'lsm-pr-20240105' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm: (27 commits) lsm: new security_file_ioctl_compat() hook lsm: Add a __counted_by() annotation to lsm_ctx.ctx calipso: fix memory leak in netlbl_calipso_add_pass() selftests: remove the LSM_ID_IMA check in lsm/lsm_list_modules_test MAINTAINERS: add an entry for the lockdown LSM MAINTAINERS: update the LSM entry mailmap: add entries for Serge Hallyn's dead accounts mailmap: update/replace my old email addresses lsm: mark the lsm_id variables are marked as static lsm: convert security_setselfattr() to use memdup_user() lsm: align based on pointer length in lsm_fill_user_ctx() lsm: consolidate buffer size handling into lsm_fill_user_ctx() lsm: correct error codes in security_getselfattr() lsm: cleanup the size counters in security_getselfattr() lsm: don't yet account for IMA in LSM_CONFIG_COUNT calculation lsm: drop LSM_ID_IMA LSM: selftests for Linux Security Module syscalls SELinux: Add selfattr hooks AppArmor: Add selfattr hooks Smack: implement setselfattr and getselfattr hooks ...
394 lines
9.6 KiB
C
394 lines
9.6 KiB
C
// SPDX-License-Identifier: GPL-2.0
|
|
|
|
#include <linux/linkage.h>
|
|
#include <linux/errno.h>
|
|
|
|
#include <asm/unistd.h>
|
|
|
|
#ifdef CONFIG_ARCH_HAS_SYSCALL_WRAPPER
|
|
/* Architectures may override COND_SYSCALL and COND_SYSCALL_COMPAT */
|
|
#include <asm/syscall_wrapper.h>
|
|
#endif /* CONFIG_ARCH_HAS_SYSCALL_WRAPPER */
|
|
|
|
/* we can't #include <linux/syscalls.h> here,
|
|
but tell gcc to not warn with -Wmissing-prototypes */
|
|
asmlinkage long sys_ni_syscall(void);
|
|
|
|
/*
|
|
* Non-implemented system calls get redirected here.
|
|
*/
|
|
asmlinkage long sys_ni_syscall(void)
|
|
{
|
|
return -ENOSYS;
|
|
}
|
|
|
|
#ifndef COND_SYSCALL
|
|
#define COND_SYSCALL(name) cond_syscall(sys_##name)
|
|
#endif /* COND_SYSCALL */
|
|
|
|
#ifndef COND_SYSCALL_COMPAT
|
|
#define COND_SYSCALL_COMPAT(name) cond_syscall(compat_sys_##name)
|
|
#endif /* COND_SYSCALL_COMPAT */
|
|
|
|
/*
|
|
* This list is kept in the same order as include/uapi/asm-generic/unistd.h.
|
|
* Architecture specific entries go below, followed by deprecated or obsolete
|
|
* system calls.
|
|
*/
|
|
|
|
COND_SYSCALL(io_setup);
|
|
COND_SYSCALL_COMPAT(io_setup);
|
|
COND_SYSCALL(io_destroy);
|
|
COND_SYSCALL(io_submit);
|
|
COND_SYSCALL_COMPAT(io_submit);
|
|
COND_SYSCALL(io_cancel);
|
|
COND_SYSCALL(io_getevents_time32);
|
|
COND_SYSCALL(io_getevents);
|
|
COND_SYSCALL(io_pgetevents_time32);
|
|
COND_SYSCALL(io_pgetevents);
|
|
COND_SYSCALL_COMPAT(io_pgetevents_time32);
|
|
COND_SYSCALL_COMPAT(io_pgetevents);
|
|
COND_SYSCALL(io_uring_setup);
|
|
COND_SYSCALL(io_uring_enter);
|
|
COND_SYSCALL(io_uring_register);
|
|
COND_SYSCALL(eventfd2);
|
|
COND_SYSCALL(epoll_create1);
|
|
COND_SYSCALL(epoll_ctl);
|
|
COND_SYSCALL(epoll_pwait);
|
|
COND_SYSCALL_COMPAT(epoll_pwait);
|
|
COND_SYSCALL(epoll_pwait2);
|
|
COND_SYSCALL_COMPAT(epoll_pwait2);
|
|
COND_SYSCALL(inotify_init1);
|
|
COND_SYSCALL(inotify_add_watch);
|
|
COND_SYSCALL(inotify_rm_watch);
|
|
COND_SYSCALL(ioprio_set);
|
|
COND_SYSCALL(ioprio_get);
|
|
COND_SYSCALL(flock);
|
|
COND_SYSCALL(quotactl);
|
|
COND_SYSCALL(quotactl_fd);
|
|
COND_SYSCALL(signalfd4);
|
|
COND_SYSCALL_COMPAT(signalfd4);
|
|
COND_SYSCALL(timerfd_create);
|
|
COND_SYSCALL(timerfd_settime);
|
|
COND_SYSCALL(timerfd_settime32);
|
|
COND_SYSCALL(timerfd_gettime);
|
|
COND_SYSCALL(timerfd_gettime32);
|
|
COND_SYSCALL(acct);
|
|
COND_SYSCALL(capget);
|
|
COND_SYSCALL(capset);
|
|
/* __ARCH_WANT_SYS_CLONE3 */
|
|
COND_SYSCALL(clone3);
|
|
COND_SYSCALL(futex);
|
|
COND_SYSCALL(futex_time32);
|
|
COND_SYSCALL(set_robust_list);
|
|
COND_SYSCALL_COMPAT(set_robust_list);
|
|
COND_SYSCALL(get_robust_list);
|
|
COND_SYSCALL_COMPAT(get_robust_list);
|
|
COND_SYSCALL(futex_waitv);
|
|
COND_SYSCALL(futex_wake);
|
|
COND_SYSCALL(futex_wait);
|
|
COND_SYSCALL(futex_requeue);
|
|
COND_SYSCALL(kexec_load);
|
|
COND_SYSCALL_COMPAT(kexec_load);
|
|
COND_SYSCALL(init_module);
|
|
COND_SYSCALL(delete_module);
|
|
COND_SYSCALL(syslog);
|
|
COND_SYSCALL(setregid);
|
|
COND_SYSCALL(setgid);
|
|
COND_SYSCALL(setreuid);
|
|
COND_SYSCALL(setuid);
|
|
COND_SYSCALL(setresuid);
|
|
COND_SYSCALL(getresuid);
|
|
COND_SYSCALL(setresgid);
|
|
COND_SYSCALL(getresgid);
|
|
COND_SYSCALL(setfsuid);
|
|
COND_SYSCALL(setfsgid);
|
|
COND_SYSCALL(setgroups);
|
|
COND_SYSCALL(getgroups);
|
|
COND_SYSCALL(mq_open);
|
|
COND_SYSCALL_COMPAT(mq_open);
|
|
COND_SYSCALL(mq_unlink);
|
|
COND_SYSCALL(mq_timedsend);
|
|
COND_SYSCALL(mq_timedsend_time32);
|
|
COND_SYSCALL(mq_timedreceive);
|
|
COND_SYSCALL(mq_timedreceive_time32);
|
|
COND_SYSCALL(mq_notify);
|
|
COND_SYSCALL_COMPAT(mq_notify);
|
|
COND_SYSCALL(mq_getsetattr);
|
|
COND_SYSCALL_COMPAT(mq_getsetattr);
|
|
COND_SYSCALL(msgget);
|
|
COND_SYSCALL(old_msgctl);
|
|
COND_SYSCALL(msgctl);
|
|
COND_SYSCALL_COMPAT(msgctl);
|
|
COND_SYSCALL_COMPAT(old_msgctl);
|
|
COND_SYSCALL(msgrcv);
|
|
COND_SYSCALL_COMPAT(msgrcv);
|
|
COND_SYSCALL(msgsnd);
|
|
COND_SYSCALL_COMPAT(msgsnd);
|
|
COND_SYSCALL(semget);
|
|
COND_SYSCALL(old_semctl);
|
|
COND_SYSCALL(semctl);
|
|
COND_SYSCALL_COMPAT(semctl);
|
|
COND_SYSCALL_COMPAT(old_semctl);
|
|
COND_SYSCALL(semtimedop);
|
|
COND_SYSCALL(semtimedop_time32);
|
|
COND_SYSCALL(semop);
|
|
COND_SYSCALL(shmget);
|
|
COND_SYSCALL(old_shmctl);
|
|
COND_SYSCALL(shmctl);
|
|
COND_SYSCALL_COMPAT(shmctl);
|
|
COND_SYSCALL_COMPAT(old_shmctl);
|
|
COND_SYSCALL(shmat);
|
|
COND_SYSCALL_COMPAT(shmat);
|
|
COND_SYSCALL(shmdt);
|
|
COND_SYSCALL(socket);
|
|
COND_SYSCALL(socketpair);
|
|
COND_SYSCALL(bind);
|
|
COND_SYSCALL(listen);
|
|
COND_SYSCALL(accept);
|
|
COND_SYSCALL(connect);
|
|
COND_SYSCALL(getsockname);
|
|
COND_SYSCALL(getpeername);
|
|
COND_SYSCALL(setsockopt);
|
|
COND_SYSCALL_COMPAT(setsockopt);
|
|
COND_SYSCALL(getsockopt);
|
|
COND_SYSCALL_COMPAT(getsockopt);
|
|
COND_SYSCALL(sendto);
|
|
COND_SYSCALL(shutdown);
|
|
COND_SYSCALL(recvfrom);
|
|
COND_SYSCALL_COMPAT(recvfrom);
|
|
COND_SYSCALL(sendmsg);
|
|
COND_SYSCALL_COMPAT(sendmsg);
|
|
COND_SYSCALL(recvmsg);
|
|
COND_SYSCALL_COMPAT(recvmsg);
|
|
COND_SYSCALL(mremap);
|
|
COND_SYSCALL(add_key);
|
|
COND_SYSCALL(request_key);
|
|
COND_SYSCALL(keyctl);
|
|
COND_SYSCALL_COMPAT(keyctl);
|
|
COND_SYSCALL(landlock_create_ruleset);
|
|
COND_SYSCALL(landlock_add_rule);
|
|
COND_SYSCALL(landlock_restrict_self);
|
|
COND_SYSCALL(fadvise64_64);
|
|
COND_SYSCALL_COMPAT(fadvise64_64);
|
|
COND_SYSCALL(lsm_get_self_attr);
|
|
COND_SYSCALL(lsm_set_self_attr);
|
|
COND_SYSCALL(lsm_list_modules);
|
|
|
|
/* CONFIG_MMU only */
|
|
COND_SYSCALL(swapon);
|
|
COND_SYSCALL(swapoff);
|
|
COND_SYSCALL(mprotect);
|
|
COND_SYSCALL(msync);
|
|
COND_SYSCALL(mlock);
|
|
COND_SYSCALL(munlock);
|
|
COND_SYSCALL(mlockall);
|
|
COND_SYSCALL(munlockall);
|
|
COND_SYSCALL(mincore);
|
|
COND_SYSCALL(madvise);
|
|
COND_SYSCALL(process_madvise);
|
|
COND_SYSCALL(process_mrelease);
|
|
COND_SYSCALL(remap_file_pages);
|
|
COND_SYSCALL(mbind);
|
|
COND_SYSCALL(get_mempolicy);
|
|
COND_SYSCALL(set_mempolicy);
|
|
COND_SYSCALL(migrate_pages);
|
|
COND_SYSCALL(move_pages);
|
|
COND_SYSCALL(set_mempolicy_home_node);
|
|
COND_SYSCALL(cachestat);
|
|
|
|
COND_SYSCALL(perf_event_open);
|
|
COND_SYSCALL(accept4);
|
|
COND_SYSCALL(recvmmsg);
|
|
COND_SYSCALL(recvmmsg_time32);
|
|
COND_SYSCALL_COMPAT(recvmmsg_time32);
|
|
COND_SYSCALL_COMPAT(recvmmsg_time64);
|
|
|
|
/* Posix timer syscalls may be configured out */
|
|
COND_SYSCALL(timer_create);
|
|
COND_SYSCALL(timer_gettime);
|
|
COND_SYSCALL(timer_getoverrun);
|
|
COND_SYSCALL(timer_settime);
|
|
COND_SYSCALL(timer_delete);
|
|
COND_SYSCALL(clock_adjtime);
|
|
COND_SYSCALL(getitimer);
|
|
COND_SYSCALL(setitimer);
|
|
COND_SYSCALL(alarm);
|
|
COND_SYSCALL_COMPAT(timer_create);
|
|
COND_SYSCALL_COMPAT(getitimer);
|
|
COND_SYSCALL_COMPAT(setitimer);
|
|
|
|
/*
|
|
* Architecture specific syscalls: see further below
|
|
*/
|
|
|
|
/* fanotify */
|
|
COND_SYSCALL(fanotify_init);
|
|
COND_SYSCALL(fanotify_mark);
|
|
|
|
/* open by handle */
|
|
COND_SYSCALL(name_to_handle_at);
|
|
COND_SYSCALL(open_by_handle_at);
|
|
COND_SYSCALL_COMPAT(open_by_handle_at);
|
|
|
|
COND_SYSCALL(sendmmsg);
|
|
COND_SYSCALL_COMPAT(sendmmsg);
|
|
COND_SYSCALL(process_vm_readv);
|
|
COND_SYSCALL_COMPAT(process_vm_readv);
|
|
COND_SYSCALL(process_vm_writev);
|
|
COND_SYSCALL_COMPAT(process_vm_writev);
|
|
|
|
/* compare kernel pointers */
|
|
COND_SYSCALL(kcmp);
|
|
|
|
COND_SYSCALL(finit_module);
|
|
|
|
/* operate on Secure Computing state */
|
|
COND_SYSCALL(seccomp);
|
|
|
|
COND_SYSCALL(memfd_create);
|
|
|
|
/* access BPF programs and maps */
|
|
COND_SYSCALL(bpf);
|
|
|
|
/* execveat */
|
|
COND_SYSCALL(execveat);
|
|
|
|
COND_SYSCALL(userfaultfd);
|
|
|
|
/* membarrier */
|
|
COND_SYSCALL(membarrier);
|
|
|
|
COND_SYSCALL(mlock2);
|
|
|
|
COND_SYSCALL(copy_file_range);
|
|
|
|
/* memory protection keys */
|
|
COND_SYSCALL(pkey_mprotect);
|
|
COND_SYSCALL(pkey_alloc);
|
|
COND_SYSCALL(pkey_free);
|
|
|
|
/* memfd_secret */
|
|
COND_SYSCALL(memfd_secret);
|
|
|
|
/*
|
|
* Architecture specific weak syscall entries.
|
|
*/
|
|
|
|
/* pciconfig: alpha, arm, arm64, ia64, sparc */
|
|
COND_SYSCALL(pciconfig_read);
|
|
COND_SYSCALL(pciconfig_write);
|
|
COND_SYSCALL(pciconfig_iobase);
|
|
|
|
/* sys_socketcall: arm, mips, x86, ... */
|
|
COND_SYSCALL(socketcall);
|
|
COND_SYSCALL_COMPAT(socketcall);
|
|
|
|
/* compat syscalls for arm64, x86, ... */
|
|
COND_SYSCALL_COMPAT(fanotify_mark);
|
|
|
|
/* x86 */
|
|
COND_SYSCALL(vm86old);
|
|
COND_SYSCALL(modify_ldt);
|
|
COND_SYSCALL(vm86);
|
|
COND_SYSCALL(kexec_file_load);
|
|
COND_SYSCALL(map_shadow_stack);
|
|
|
|
/* s390 */
|
|
COND_SYSCALL(s390_pci_mmio_read);
|
|
COND_SYSCALL(s390_pci_mmio_write);
|
|
COND_SYSCALL(s390_ipc);
|
|
COND_SYSCALL_COMPAT(s390_ipc);
|
|
|
|
/* powerpc */
|
|
COND_SYSCALL(rtas);
|
|
COND_SYSCALL(spu_run);
|
|
COND_SYSCALL(spu_create);
|
|
COND_SYSCALL(subpage_prot);
|
|
|
|
|
|
/*
|
|
* Deprecated system calls which are still defined in
|
|
* include/uapi/asm-generic/unistd.h and wanted by >= 1 arch
|
|
*/
|
|
|
|
/* __ARCH_WANT_SYSCALL_NO_FLAGS */
|
|
COND_SYSCALL(epoll_create);
|
|
COND_SYSCALL(inotify_init);
|
|
COND_SYSCALL(eventfd);
|
|
COND_SYSCALL(signalfd);
|
|
COND_SYSCALL_COMPAT(signalfd);
|
|
|
|
/* __ARCH_WANT_SYSCALL_OFF_T */
|
|
COND_SYSCALL(fadvise64);
|
|
|
|
/* __ARCH_WANT_SYSCALL_DEPRECATED */
|
|
COND_SYSCALL(epoll_wait);
|
|
COND_SYSCALL(recv);
|
|
COND_SYSCALL_COMPAT(recv);
|
|
COND_SYSCALL(send);
|
|
COND_SYSCALL(uselib);
|
|
|
|
/* optional: time32 */
|
|
COND_SYSCALL(time32);
|
|
COND_SYSCALL(stime32);
|
|
COND_SYSCALL(utime32);
|
|
COND_SYSCALL(adjtimex_time32);
|
|
COND_SYSCALL(sched_rr_get_interval_time32);
|
|
COND_SYSCALL(nanosleep_time32);
|
|
COND_SYSCALL(rt_sigtimedwait_time32);
|
|
COND_SYSCALL_COMPAT(rt_sigtimedwait_time32);
|
|
COND_SYSCALL(timer_settime32);
|
|
COND_SYSCALL(timer_gettime32);
|
|
COND_SYSCALL(clock_settime32);
|
|
COND_SYSCALL(clock_gettime32);
|
|
COND_SYSCALL(clock_getres_time32);
|
|
COND_SYSCALL(clock_nanosleep_time32);
|
|
COND_SYSCALL(utimes_time32);
|
|
COND_SYSCALL(futimesat_time32);
|
|
COND_SYSCALL(pselect6_time32);
|
|
COND_SYSCALL_COMPAT(pselect6_time32);
|
|
COND_SYSCALL(ppoll_time32);
|
|
COND_SYSCALL_COMPAT(ppoll_time32);
|
|
COND_SYSCALL(utimensat_time32);
|
|
COND_SYSCALL(clock_adjtime32);
|
|
|
|
/*
|
|
* The syscalls below are not found in include/uapi/asm-generic/unistd.h
|
|
*/
|
|
|
|
/* obsolete: SGETMASK_SYSCALL */
|
|
COND_SYSCALL(sgetmask);
|
|
COND_SYSCALL(ssetmask);
|
|
|
|
/* obsolete: SYSFS_SYSCALL */
|
|
COND_SYSCALL(sysfs);
|
|
|
|
/* obsolete: __ARCH_WANT_SYS_IPC */
|
|
COND_SYSCALL(ipc);
|
|
COND_SYSCALL_COMPAT(ipc);
|
|
|
|
/* obsolete: UID16 */
|
|
COND_SYSCALL(chown16);
|
|
COND_SYSCALL(fchown16);
|
|
COND_SYSCALL(getegid16);
|
|
COND_SYSCALL(geteuid16);
|
|
COND_SYSCALL(getgid16);
|
|
COND_SYSCALL(getgroups16);
|
|
COND_SYSCALL(getresgid16);
|
|
COND_SYSCALL(getresuid16);
|
|
COND_SYSCALL(getuid16);
|
|
COND_SYSCALL(lchown16);
|
|
COND_SYSCALL(setfsgid16);
|
|
COND_SYSCALL(setfsuid16);
|
|
COND_SYSCALL(setgid16);
|
|
COND_SYSCALL(setgroups16);
|
|
COND_SYSCALL(setregid16);
|
|
COND_SYSCALL(setresgid16);
|
|
COND_SYSCALL(setresuid16);
|
|
COND_SYSCALL(setreuid16);
|
|
COND_SYSCALL(setuid16);
|
|
|
|
/* restartable sequence */
|
|
COND_SYSCALL(rseq);
|