From nobody Wed Oct 1 23:36:06 2025 Received: from sonic316-26.consmr.mail.ne1.yahoo.com (sonic316-26.consmr.mail.ne1.yahoo.com [66.163.187.152]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8A7E730ACEC for ; Thu, 25 Sep 2025 17:12:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=66.163.187.152 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1758820347; cv=none; b=Yup5h9pSEz2dmgCSpDqKkWkyjfAcQ7ORw+NqbQWcz8iWkT5DDf5KRYqEf3Er4J5NrdUjmoGCMJZ5x6H75WInFf2T8TAB7M0fIDZJnCTadyDFrEHYQCDOtzojWIbcz0tU1yAuc0chZul4LpOKiyFf4moOIH6IZoEGz1Gb8gWrXws= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1758820347; c=relaxed/simple; bh=wPGaNhfNEgBXg6eas8QRRx33yHcI5OAXc/Y1UpJE0T0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=UK777XiSWwbBsajbVOMq5Y7MVuyS+/lK8QDc8xm12JG92odSrF+PxhYW5zr5ut00cMJB6E4GmGOlLSUhq5cFHEr/A+PnWOzTu5c5TgOsnqgVKLhqrMLfWTEmgeUAYBBIdnNJXfCADeXhru+4V4qbSaWTuR1aZRZm7xjRxInHSfU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=schaufler-ca.com; spf=none smtp.mailfrom=schaufler-ca.com; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b=cl5k9Qxy; arc=none smtp.client-ip=66.163.187.152 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=schaufler-ca.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=schaufler-ca.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="cl5k9Qxy" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1758820343; bh=tblYsoVyzFLhhvWGaEm9B2IEdWQfucAi7Kk5TxDwdEA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=cl5k9QxyPrd5x2i4u5PuTDJz4ijGtYZIR2ip7nQ8bTP1tvhqNJA5hJ3K1M2Gb4KpDCN3n7mCNBS/i39qi/5Nu22p2q0ZVsjOsX++KRVOyrIxRuwMkOoiyY2yrEB9PM3JSD1R/vCIyH3yizRrWQFJEfz+R5tywxst1TUXWRYn5x9Mzk3r0fAiMLJTMsfDcn30ep2+qneQ+xXikGXXa5bP4gC2mX2u6d9TP8+xMGVbmGzpRQ3sCaFtUAaGFHitobAtQmmRBpJVAT6TQ+8i3t0UFEcz3fFDD4bwxt1Z/cLDN61eBW4yelF+hP6uMKfMVIFImI/Qk/sqC97/KkF+6VP4EA== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1758820343; bh=Jix7sz7EcP5I//NpFpNQdEgrSRJzexgYxwLFAo82/IH=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=aj8mtBilNvQTrvRKEgYaC87m4BAuhKbnyXsJasnhVbC7a1HXrO8LRqK75L/rxk831tQpSFPj2Eo9Ue+9aqnEB6XZFzJo2LXZZyKc7yWiPG64M7HrHBdajQLIJ2PXjyyXJvhpDE3yCIh3sCtIjQJlOTDPGXoYr7Q0Cl4Zm119nXX5tTlCqb/VMoe6HHGt5QX4EaYs/CQQG8D9n7N73Eme2EZib+C84ODwpgOwn2AIA/rikJIZMosGtOazsZ3eFyMeIfjHDm4F2pNSNWL72NxXMaIsHpjD+OLzEMjvTjv2Oz8virKkn61NXkTU2RJ7s4L/0xBTdpiV206NNqzCLri7dA== X-YMail-OSG: XH.05CgVM1kTU8EUkF.M.BkKsfy0LaeMMFhTabMkRAWzSx3NaDM7VwU4wzrrWOX jXEXrnmycVpB8MgygFQ0y_gG9RoUOy45dxOGe00CjuVT1X83B5v7JuuDLFztCZHMDrdLGb5zGe8O HI3oCiZkep24lLbAVZa7Z4bkAqC5NE88Vu4q_dcBpwl5WsyIm.OAcquGTK1dMbvizGTjQI04.s87 aAJ7VmsmOSraDxHKeqz3If5c1HcoGXMp.V4KKVcvJPa.m94vsEIUxytuYJY6MMCsyGLf.GSeIR0J 7MjvPz.Il.Jzec6SZlnZ4yeiMZWfPLueOAQcLzLNU3FoQ4ZIRV257wKRtiHuqky8dg8uEVxNWiUO cprFDwgX8yJxCh1x5UkPKAqz9fxwXhVq6Yb2XZRRs7PGowMjmJmbSWHn0bldNCkowtnBdpd5MsmW cJb7RMtc6hYWKhUIm7_iXVZ7jaZ_c8GS7sM2rCmnU_dx7aaAYBiVjHSbDvIc3avoq55QtoFdtVd3 ZfYbiSCEjzeHyDY6g1HWALuVoCAf6ZxI54utbhBeQecLo7NYxLb1QQe.c2GWt53nh3o56.oGCXPa iPcFZw27zfkhzqdvYK9llBDjc3yNlGsfXkZRpQLZbkTGyMtWKjHrIrKh9Ug9kpkgj0Cy2pA5QTCd XHPzzJ2H9KTU0hpzbeVBRa7jIzZQkPQUqll6aoozV1PVJKrjuJliXBRAA75BPWv35c6zP1rlBHsG QiaicWRht7_9_qy3qyNBI_aSB3kjDqrB5AF_Y5m3dRwV5ryDoamBcO9IC6MQkcxDh9L2JyO5CkcJ G4LP0gu4E22KfMZIcTdVvI9PgVbVTh9bse_Rp3kjNxfV3iQ1MHca_RZh4Y9C5vVbx4ueyIZleoMX 2AwpOSY.Q3Ad998IO9Rsjmm..FOf1tREIJExRvNZwgtTurWJEu4KKkx0tgDpLDugLG7R9k2PRTdP sRsx3zz6Afg.8hfQbIva04rm7t9JNy2TgBRkPxTUtkdlw_0MkkpG0fwY06.npxSXQmgf7jxDDEWw 8PR0ENlcgRBplORQjDF8o5924Jdmc6wQOrpxsqN9v5cdR4C_bEdHpjJF1txTbXrGaD5G5LtNVzpU 6UsEgrTKsltORpft8oieM9jeGwOP20P7mm2pQiYIPrlh2iC5eiX33Mw8SYiKGgIPVTpWQZGhvWQE Bla0oLWjX0QQidsjs1uQPmyUga1PdCeRTr7qVlT8pDqqgRiHX1U2up9M5kecco5kkPZjpET3SxrX QTdMNndBcCyrPiZCUGPXqQK2whvmThkNilYSDODIFZ6HLU9o_e1u6SN7JFa6r0PZOns.PgpvL3fa h0kgh8oiZfQQmCIupz0B3Tx0gFk3iKUqOKb5KKvQXsKI_70HVJ3M_mDhq43_tK3pf6taxUne8RrO SoMrxJfK.YCNRXKNJ.2cn819WYDMGbK4Mey6ez1KA6X0yYJ8XWmUF2Q9mBIkhULaa0gxdqGhUxRm oc2jHJ6SMLraNWvQGbm2vXzhj.ZnRJDh3rb0w5d9LZy7ievS6KJPFU9IZ.gRQLnZZucQH18zsduv hkp9FZFp6pFF8luvZP5TkmL2xgSz_wUNjEd.oe8_CR5U0N.tVXAHrDqLvYCplQ6KgFGqCRJ3z_Au izCaJw2QK68xcBnSchEtqoFEkswFJWNBg3ItCeTMBo51ubKAH7kErNWd6.Qt8CSUPu0IBLixezyP h_ZWoeY8O1nY20IadcxJ4ObmeHCORnrXUysQsoUHNr0dhxHpmkoOp8mPLtc.OlZvkOKwjTWpdorJ kfLswMiIbmsLGevcJKe5Ca5ffduj50JKCnhmXHx49VWm4UkdT1D_QkytbIAYPzipB1i8mtUW5Gg7 xAq4mgrc8J4Z94BgpGRmhyYtdhSf3_Wd13ZESIdl80daS9JF_QBYoxw2fzA1b2ayu9vNXJuJFAdP CuZHZi3GeGHoKjsGE2S.8qvpEHFExDBd03GVrDkvbCSuwxrolo.8fduhKmPobIbFFMxAg_xmL1n6 kyllN8wwkSspS72oQ3b3faqwqeMJsdiAHBGu531cegJZ7XL3RQ3eVhVRkdSMq2U37w6j.MjkFla1 seFhe2tfliRlLw5FHFUy_S6El4DCf8pIFdN.YU96Q.NpqwK6e22tY.w_7hVPyjTMq3AO0amDcQFb GpkfMCvyaccHwQL2j2eVbkXj2HOfIcwTfeZbJeRQR6ybLCLSctp5oLsWjBFCqMfkRu08wReF0kVl U0Wt5PZzCNG34dQ55vicJm5tCJ8St5etv3ubsAQ7mJiERJY82flS3uCdI9GdBXVFBfLw2LzdOOIh H6F_PZ7JqRuCJmYfLNs9HNhA- X-Sonic-MF: X-Sonic-ID: 8f117207-dae8-4aa7-9653-1db26ab39f48 Received: from sonic.gate.mail.ne1.yahoo.com by sonic316.consmr.mail.ne1.yahoo.com with HTTP; Thu, 25 Sep 2025 17:12:23 +0000 Received: by hermes--production-gq1-6f9f7cb74b-bmbkz (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 6f3ba4c112cabb90c4068fa90708916c; Thu, 25 Sep 2025 17:12:20 +0000 (UTC) From: Casey Schaufler To: casey@schaufler-ca.com, paul@paul-moore.com, eparis@redhat.com, linux-security-module@vger.kernel.org Cc: jmorris@namei.org, serge@hallyn.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, selinux@vger.kernel.org Subject: [PATCH v2 1/2] LSM: Add mount opts blob size tracking Date: Thu, 25 Sep 2025 10:12:07 -0700 Message-ID: <20250925171208.5997-2-casey@schaufler-ca.com> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20250925171208.5997-1-casey@schaufler-ca.com> References: <20250925171208.5997-1-casey@schaufler-ca.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add mount option data to the blob size accounting in anticipation of using a shared mnt_opts blob. Signed-off-by: Casey Schaufler --- include/linux/lsm_hooks.h | 1 + security/security.c | 2 ++ security/selinux/hooks.c | 1 + security/smack/smack_lsm.c | 1 + 4 files changed, 5 insertions(+) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 090d1d3e19fe..0de143d7c094 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -116,6 +116,7 @@ struct lsm_blob_sizes { int lbs_xattr_count; /* number of xattr slots in new_xattrs array */ int lbs_tun_dev; int lbs_bdev; + int lbs_mnt_opts; }; =20 /* diff --git a/security/security.c b/security/security.c index ad163f06bf7a..8390410aec91 100644 --- a/security/security.c +++ b/security/security.c @@ -283,6 +283,7 @@ static void __init lsm_set_blob_sizes(struct lsm_blob_s= izes *needed) lsm_set_blob_size(&needed->lbs_xattr_count, &blob_sizes.lbs_xattr_count); lsm_set_blob_size(&needed->lbs_bdev, &blob_sizes.lbs_bdev); + lsm_set_blob_size(&needed->lbs_mnt_opts, &blob_sizes.lbs_mnt_opts); } =20 /* Prepare LSM for initialization. */ @@ -480,6 +481,7 @@ static void __init ordered_lsm_init(void) init_debug("tun device blob size =3D %d\n", blob_sizes.lbs_tun_dev); init_debug("xattr slots =3D %d\n", blob_sizes.lbs_xattr_count); init_debug("bdev blob size =3D %d\n", blob_sizes.lbs_bdev); + init_debug("mnt_opts blob size =3D %d\n", blob_sizes.lbs_mnt_opts); =20 /* * Create any kmem_caches needed for blobs diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index c95a5874bf7d..4bba9d119713 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -7183,6 +7183,7 @@ struct lsm_blob_sizes selinux_blob_sizes __ro_after_i= nit =3D { .lbs_xattr_count =3D SELINUX_INODE_INIT_XATTRS, .lbs_tun_dev =3D sizeof(struct tun_security_struct), .lbs_ib =3D sizeof(struct ib_security_struct), + .lbs_mnt_opts =3D sizeof(struct selinux_mnt_opts), }; =20 #ifdef CONFIG_PERF_EVENTS diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index fc340a6f0dde..1f236014e7d8 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -5030,6 +5030,7 @@ struct lsm_blob_sizes smack_blob_sizes __ro_after_ini= t =3D { .lbs_sock =3D sizeof(struct socket_smack), .lbs_superblock =3D sizeof(struct superblock_smack), .lbs_xattr_count =3D SMACK_INODE_INIT_XATTRS, + .lbs_mnt_opts =3D sizeof(struct smack_mnt_opts), }; =20 static const struct lsm_id smack_lsmid =3D { --=20 2.51.0 From nobody Wed Oct 1 23:36:06 2025 Received: from sonic317-38.consmr.mail.ne1.yahoo.com (sonic317-38.consmr.mail.ne1.yahoo.com [66.163.184.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2ED8C30DEBA for ; Thu, 25 Sep 2025 17:12:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=66.163.184.49 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1758820351; cv=none; b=KeV0NTNHGTdX/nOwRkEyjPf8K43SBKAWxLnAK561U+zeq7kiaIEhOgbOKihmmoyKrNtewd0HOaSjiRZ7XJ1VfQ909IXWHsmvIlrl/cwlzq6ovALoNwu+dAf0R7T2b0Z2Hu/QBUhkhqAXChWIw3/35AfiOrg5pdxHCjPti6Whzwg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1758820351; c=relaxed/simple; bh=hzpEUG5WmxOd+cY3ckf15AQRQIVh/KHLddBzLpHiwF0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=EzBf45pMG2akqu+1ZM+Gfxk7glse8IgvEfUExo0mo4pnLBEEZT4sOw8YxYwm0wEvBCfyRCx6pg7b3/Bz7rxOIc4Pm+Koy+niUxgSDoaNuY7wchIY0cBV8BMBpIutf4cuAqWc/YdgBLJpu1L0eHXU04bnp/Ma+qfJg2vpLwc/Pj0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=schaufler-ca.com; spf=none smtp.mailfrom=schaufler-ca.com; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b=f91K7JlR; arc=none smtp.client-ip=66.163.184.49 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=schaufler-ca.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=schaufler-ca.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=yahoo.com header.i=@yahoo.com header.b="f91K7JlR" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1758820348; bh=fOAt/RSwEHVaWDF0i0xEFlXoJPD9CsV9Lz6l5OSIqIg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject:Reply-To; b=f91K7JlRN7UZFPV/6APetJxP/4DbYs6wbIFXLdMkjSLE/9YReyu+ZHLrh4WT6m/6COTvbmhdYVAGHG43sIXiZSeuT/Q0sAnN6m6UXc6E3Vv1a2pgkG9x734B1YWqe6gnDdy1fm1RDPHjRqA67w0woWF/5RnGv10U2D+rPSgJEP1SYstvEy59crodjHgcrklR3j+1QfxNFsIYmnd3DFbbQZpBnOEhubApjraluz0j+KXLXebwxiGN50h090TzhVig5U61GF/htQ56camiof69Qjqa1O2C5UUduV3Rz6NTbUe0HxBNVGfaGrWJNuW8mVDY46foawGZhsNOFGwzE3Y/fQ== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1758820348; bh=w5EFE9PCy1T6UJCnR/p9KY13N3TrcgeZihOb0Kw172T=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=Xrjbf8FcqcaroMrm3AX7wCQQuET0ToRkX46sm37DkWabJVsHr4mwWH6I7PYsawcsjJ4QaMWKCXQOTTAJ8E1Wzs/k99eFZR5mi7RFVKDp3zSyUxafcsBYC3BNHzvn8aE6FawOodF2J6mDy3gzaCe8OIB8G7dEGbwD8n3XQtL7CXEFMo9DW8a8YgmC1/Yej6zpd9n5R8XVuVVieXreVtNHPTzaHncXAJw5vuGny35vNh6Lq4V5R7EsBraFHOZSgTHadRzFS/A+x+DF7txrDx3FcwOjYxkr1J76Tqf/0A+RPbPoaU6t+D6lvNKWq/elzZqd66rWzbCHiMFAwKuh7rBe/Q== X-YMail-OSG: Ty_FqwUVM1kmXTvggZceWg7TqGOaex4U8sUs.MDGsFSaak8MtA6xHFqdLf2gXd5 GTmBnqzOen1z7.MpEp7DjUxULOzGrkyE0K_oKMgPK6eNkRXlOVJw9YLlhdCkmnhA4WMtp_UTh4WH 6Z1wDY1Sgoqip6yyk4_i1Yb0UfVCBOUSnDF2nu_vlsg4SXWe6Rr4LOzNHmFNO8VUKYHtQhMyDPkC gaQhWnu6OWq67zDi.gZmXDSm32P3x7_opSJgW5oPwwCy9tKJDRkEA4hn5O0xMbhrrCAZqu7._6dU C1TDWmZHMm.EdHio3S7ANdAJ6Y7O.8pQZPhvZe1gQosngjwdfOxpW1ZFTu7_DdeGJLIZon3vlh1U MvFpwuYjqJC14XUNZwO1rwzYedRMGx8ogqiZsgzcwx.QzfXIT1uNJV9FkxHICOiJvdGDzCfOEb8P bC2sBLozfXhnbvv5dd5FJjt2kd0PlhSLhWVbvRJCaG31F_bHVEW56rkoem15j9gygEXd0841Oxqw B7SQ3EgnQYMfiQsdufW0R.WLNdz._qdUDzFrtRsEKSX6BWrbQTNHffF9m1TF9CCcw1vaqnVL7e4b T6VWbulNxU3LBJkMi9_2MrULOw148yET5hOypoDGGze8WOziehCsE1hrvuSy_F8RDoAAgdTtt3_. e8LjEMLs0PQg.AIEMEtgJEBIowYWMZPrDB5ewd.vFs5TDbKWKSAzxZ0Na00SN10DqX5Wt5tCcR5F N.UElDPMxXNxsqNIHN1689sRouLWaIlK_NNMlrk.l03hl3e.WBNYDy0lGsf1YFrj3PZ3NZW6pjcd QHbsj_b5UNqCi4D4FtoECqm_1PzKIXpfHaPoTFObiGMAVsD5Vt0o1BL8WE560oy4mHjXx6Z7kuWo X0XoJHTmK0wfGazcWZ7n6G9N28._o7KMWqmiEJh1E1DbNdrxHuqSqwNb2AMVm7AvcgFx3wPrlwPr NTWK1h9rjwuURw6aYyqSPXawLn9GM.aU4euIieL4PLvCoHKcB266Cf0J0aPWOJK4J6LX6Hb_kOwv DztNv5psXsCS8QxU6XIGCcQ43arxXfXbnuAi2SxFJ7aJr4k5wp7L1K2RJpFKbvzbw.iBaqTFRhHG CikTOdbeKNuM3DDV6DviZRWJohNUX0KlFFpDe75sqr.s_70ruGuY5ltZW3s4aJhfJCMOLa7lMrui XhA9qrJFlDc16yIg7htObTgYBCF2IUpPiWH5PV.B25Kc30Mg7KP.wP6YK9S1qzCGEEfx0v1so881 hMPuPwkCHNPQ2YWa7Dsijcf3zgJjnKHERls.O0FpF2nIkuw2gn8tiJdit6BUGDCzJ7oKbuVVFc1d G5hFavcKqfXsAhVwLWryxo47QEGucqNyYqk16ptD2NdGCZz74BDFF3Ns49XelySCyU.05lF_ZUt0 5n8fS6gUPZk_YEWqGXo.ASJFJz4q8ljBgc.HpFn7WNy453EBorG3xFHoSnxNgyaeRa67XtFzYiAL Kmpp6rA38aRRA0fw96q7osedENoqovsUVg_rpZgQ5mTzZfnbbOIkuYHWwmJugCnnv.Jmjg3fnWsX oj17M22iHYZ2GNsgVBGBmPlWq9EsRO3TB7XeK85kUVaVetxc3GXpRL1GsITCMtpoxaNHSJLP6flE .x_UgY03dwbMh.POeNaXhAwfI0Q6kDGeHVfelvMlAs9UWiG1KysPO4.ZN6Zq85TTpJVqYLfHyBvr EBR0YbYxUvveEPfDBn6sGyP8Rfl3bqGxbBlRTXZMIqXh.e2QqSH21Avu.rAazvyCiex72MlXsOKF XqI_qite02ig0cDnrukVCABfUeGMRcZM7.M1XTSzIabn3vuujHaOdQqv1_wJJ0UI9SKA.RJFTl.Y gblfg.lHoYKL2_wPoitR7EV8pD286sGGficyLSsBJ.zq49_qGPneFp0YX1rxhuYor89FrH2F0Ncq ehF6jez7RL1QbhRFbtLSRfTQ6LsSKgWerGyFNLJTeYaHzLlDKRGGD.tdPY6ZbcNjMx4M6Dse9yEs HFf5s5JkGeODms08Eq4rke.JZ7OODKXOk3.oFPoSvz7aySHu0NKAl4YASHtq7aBo6TCTjHynN8Dw PDHSKS..9p_dN5I1zsxhX8jlpztjZqoCj0KU0UcvFztlH27mLmXcnmKlL625IIjBPmNJOifYa4Dv T5rUEkMH6biQqh1MSIUjgpy.ZiM5Yb97unC5iBmoYGUSiS08ck64JMiOaGjeZnHbhsXXgJGQlXc5 8clqSZmfDIym1mAkiE7NcOp0SDw16CcruwiStT84IuWxVP0r4kTHpis3YJB8TOH1mqhLGGNqwI0q gmWna4kV2lovIUojKYR6qym45 X-Sonic-MF: X-Sonic-ID: 3e55edb1-174f-46a8-8044-3ed2a8a359f3 Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.ne1.yahoo.com with HTTP; Thu, 25 Sep 2025 17:12:28 +0000 Received: by hermes--production-gq1-6f9f7cb74b-bmbkz (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 6f3ba4c112cabb90c4068fa90708916c; Thu, 25 Sep 2025 17:12:22 +0000 (UTC) From: Casey Schaufler To: casey@schaufler-ca.com, paul@paul-moore.com, eparis@redhat.com, linux-security-module@vger.kernel.org Cc: jmorris@namei.org, serge@hallyn.com, keescook@chromium.org, john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org, selinux@vger.kernel.org Subject: [PATCH v2 2/2] LSM: Infrastructure management of the mnt_opts security blob Date: Thu, 25 Sep 2025 10:12:08 -0700 Message-ID: <20250925171208.5997-3-casey@schaufler-ca.com> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20250925171208.5997-1-casey@schaufler-ca.com> References: <20250925171208.5997-1-casey@schaufler-ca.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Move management of the mnt_opts->security blob out of the individual security modules and into the security infrastructure. The modules tell the infrastructure how much space is required, and the space is allocated as required in the interfaces that use the blob. Signed-off-by: Casey Schaufler --- security/security.c | 42 +++++++++++++++++ security/selinux/hooks.c | 75 ++++++++++--------------------- security/selinux/include/objsec.h | 8 ++++ security/smack/smack.h | 8 ++++ security/smack/smack_lsm.c | 44 +++++------------- 5 files changed, 92 insertions(+), 85 deletions(-) diff --git a/security/security.c b/security/security.c index 8390410aec91..b16c0843dafa 100644 --- a/security/security.c +++ b/security/security.c @@ -29,6 +29,7 @@ #include #include #include +#include #include #include =20 @@ -1337,6 +1338,19 @@ void security_bprm_committed_creds(const struct linu= x_binprm *bprm) call_void_hook(bprm_committed_creds, bprm); } =20 +/** + * lsm_mnt_opts_alloc - allocate a mnt_opts blob + * @opts: pointer to options + * + * Allocate a mount options blob. + * + * Returns 0, or -ENOMEM if memory isn't available. + */ +static int lsm_mnt_opts_alloc(void **opts) +{ + return lsm_blob_alloc(opts, blob_sizes.lbs_mnt_opts, GFP_KERNEL); +} + /** * security_fs_context_submount() - Initialise fc->security * @fc: new filesystem context @@ -1348,6 +1362,13 @@ void security_bprm_committed_creds(const struct linu= x_binprm *bprm) */ int security_fs_context_submount(struct fs_context *fc, struct super_block= *reference) { + int rc; + + if (!fc->security) { + rc =3D lsm_mnt_opts_alloc(&fc->security); + if (rc) + return rc; + } return call_int_hook(fs_context_submount, fc, reference); } =20 @@ -1364,6 +1385,13 @@ int security_fs_context_submount(struct fs_context *= fc, struct super_block *refe */ int security_fs_context_dup(struct fs_context *fc, struct fs_context *src_= fc) { + int rc; + + if (!fc->security) { + rc =3D lsm_mnt_opts_alloc(&fc->security); + if (rc) + return rc; + } return call_int_hook(fs_context_dup, fc, src_fc); } =20 @@ -1386,6 +1414,12 @@ int security_fs_context_parse_param(struct fs_contex= t *fc, int trc; int rc =3D -ENOPARAM; =20 + if (!fc->security) { + trc =3D lsm_mnt_opts_alloc(&fc->security); + if (trc) + return trc; + } + lsm_for_each_hook(scall, fs_context_parse_param) { trc =3D scall->hl->hook.fs_context_parse_param(fc, param); if (trc =3D=3D 0) @@ -1455,6 +1489,7 @@ void security_free_mnt_opts(void **mnt_opts) if (!*mnt_opts) return; call_void_hook(sb_free_mnt_opts, *mnt_opts); + kfree(*mnt_opts); *mnt_opts =3D NULL; } EXPORT_SYMBOL(security_free_mnt_opts); @@ -1470,6 +1505,13 @@ EXPORT_SYMBOL(security_free_mnt_opts); */ int security_sb_eat_lsm_opts(char *options, void **mnt_opts) { + int rc; + + if (!*mnt_opts) { + rc =3D lsm_mnt_opts_alloc(mnt_opts); + if (rc) + return rc; + } return call_int_hook(sb_eat_lsm_opts, options, mnt_opts); } EXPORT_SYMBOL(security_sb_eat_lsm_opts); diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 4bba9d119713..1ccf880e4894 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -383,11 +383,6 @@ struct selinux_mnt_opts { u32 defcontext_sid; }; =20 -static void selinux_free_mnt_opts(void *mnt_opts) -{ - kfree(mnt_opts); -} - enum { Opt_error =3D -1, Opt_context =3D 0, @@ -640,7 +635,7 @@ static int selinux_set_mnt_opts(struct super_block *sb, const struct cred *cred =3D current_cred(); struct superblock_security_struct *sbsec =3D selinux_superblock(sb); struct dentry *root =3D sb->s_root; - struct selinux_mnt_opts *opts =3D mnt_opts; + struct selinux_mnt_opts *opts =3D selinux_mnt_opts(mnt_opts); struct inode_security_struct *root_isec; u32 fscontext_sid =3D 0, context_sid =3D 0, rootcontext_sid =3D 0; u32 defcontext_sid =3D 0; @@ -656,19 +651,13 @@ static int selinux_set_mnt_opts(struct super_block *s= b, mutex_lock(&sbsec->lock); =20 if (!selinux_initialized()) { - if (!opts) { - /* Defer initialization until selinux_complete_init, - after the initial policy is loaded and the security - server is ready to handle calls. */ - if (kern_flags & SECURITY_LSM_NATIVE_LABELS) { - sbsec->flags |=3D SE_SBNATIVE; - *set_kern_flags |=3D SECURITY_LSM_NATIVE_LABELS; - } - goto out; + /* Defer initialization until selinux_complete_init, + after the initial policy is loaded and the security + server is ready to handle calls. */ + if (kern_flags & SECURITY_LSM_NATIVE_LABELS) { + sbsec->flags |=3D SE_SBNATIVE; + *set_kern_flags |=3D SECURITY_LSM_NATIVE_LABELS; } - rc =3D -EINVAL; - pr_warn("SELinux: Unable to set superblock options " - "before the security server is initialized\n"); goto out; } =20 @@ -1003,7 +992,7 @@ static int selinux_sb_clone_mnt_opts(const struct supe= r_block *oldsb, */ static int selinux_add_opt(int token, const char *s, void **mnt_opts) { - struct selinux_mnt_opts *opts =3D *mnt_opts; + struct selinux_mnt_opts *opts =3D selinux_mnt_opts(*mnt_opts); u32 *dst_sid; int rc; =20 @@ -1012,19 +1001,14 @@ static int selinux_add_opt(int token, const char *s= , void **mnt_opts) return 0; if (!s) return -EINVAL; + if (!opts) + return 0; =20 if (!selinux_initialized()) { pr_warn("SELinux: Unable to set superblock options before the security s= erver is initialized\n"); return -EINVAL; } =20 - if (!opts) { - opts =3D kzalloc(sizeof(*opts), GFP_KERNEL); - if (!opts) - return -ENOMEM; - *mnt_opts =3D opts; - } - switch (token) { case Opt_context: if (opts->context_sid || opts->defcontext_sid) @@ -2620,17 +2604,14 @@ static int selinux_sb_eat_lsm_opts(char *options, v= oid **mnt_opts) *q++ =3D c; } arg =3D kmemdup_nul(arg, q - arg, GFP_KERNEL); - if (!arg) { - rc =3D -ENOMEM; - goto free_opt; - } + if (!arg) + return -ENOMEM; } rc =3D selinux_add_opt(token, arg, mnt_opts); kfree(arg); arg =3D NULL; - if (unlikely(rc)) { - goto free_opt; - } + if (unlikely(rc)) + return rc; } else { if (!first) { // copy with preceding comma from--; @@ -2647,18 +2628,11 @@ static int selinux_sb_eat_lsm_opts(char *options, v= oid **mnt_opts) } *to =3D '\0'; return 0; - -free_opt: - if (*mnt_opts) { - selinux_free_mnt_opts(*mnt_opts); - *mnt_opts =3D NULL; - } - return rc; } =20 static int selinux_sb_mnt_opts_compat(struct super_block *sb, void *mnt_op= ts) { - struct selinux_mnt_opts *opts =3D mnt_opts; + struct selinux_mnt_opts *opts =3D selinux_mnt_opts(mnt_opts); struct superblock_security_struct *sbsec =3D selinux_superblock(sb); =20 /* @@ -2703,7 +2677,7 @@ static int selinux_sb_mnt_opts_compat(struct super_bl= ock *sb, void *mnt_opts) =20 static int selinux_sb_remount(struct super_block *sb, void *mnt_opts) { - struct selinux_mnt_opts *opts =3D mnt_opts; + struct selinux_mnt_opts *opts =3D selinux_mnt_opts(mnt_opts); struct superblock_security_struct *sbsec =3D selinux_superblock(sb); =20 if (!(sbsec->flags & SE_SBINITIALIZED)) @@ -2800,14 +2774,10 @@ static int selinux_fs_context_submount(struct fs_co= ntext *fc, const struct superblock_security_struct *sbsec =3D selinux_superblock(ref= erence); struct selinux_mnt_opts *opts; =20 - /* - * Ensure that fc->security remains NULL when no options are set - * as expected by selinux_set_mnt_opts(). - */ if (!(sbsec->flags & (FSCONTEXT_MNT|CONTEXT_MNT|DEFCONTEXT_MNT))) return 0; =20 - opts =3D kzalloc(sizeof(*opts), GFP_KERNEL); + opts =3D selinux_mnt_opts(fc->security); if (!opts) return -ENOMEM; =20 @@ -2817,20 +2787,22 @@ static int selinux_fs_context_submount(struct fs_co= ntext *fc, opts->context_sid =3D sbsec->mntpoint_sid; if (sbsec->flags & DEFCONTEXT_MNT) opts->defcontext_sid =3D sbsec->def_sid; - fc->security =3D opts; return 0; } =20 static int selinux_fs_context_dup(struct fs_context *fc, struct fs_context *src_fc) { - const struct selinux_mnt_opts *src =3D src_fc->security; + const struct selinux_mnt_opts *src =3D selinux_mnt_opts(src_fc->security); + struct selinux_mnt_opts *dst =3D selinux_mnt_opts(fc->security); =20 if (!src) return 0; + if (!dst) + return 0; =20 - fc->security =3D kmemdup(src, sizeof(*src), GFP_KERNEL); - return fc->security ? 0 : -ENOMEM; + *dst =3D *src; + return 0; } =20 static const struct fs_parameter_spec selinux_fs_parameters[] =3D { @@ -7337,7 +7309,6 @@ static struct security_hook_list selinux_hooks[] __ro= _after_init =3D { LSM_HOOK_INIT(bprm_committing_creds, selinux_bprm_committing_creds), LSM_HOOK_INIT(bprm_committed_creds, selinux_bprm_committed_creds), =20 - LSM_HOOK_INIT(sb_free_mnt_opts, selinux_free_mnt_opts), LSM_HOOK_INIT(sb_mnt_opts_compat, selinux_sb_mnt_opts_compat), LSM_HOOK_INIT(sb_remount, selinux_sb_remount), LSM_HOOK_INIT(sb_kern_mount, selinux_sb_kern_mount), diff --git a/security/selinux/include/objsec.h b/security/selinux/include/o= bjsec.h index 1d7ac59015a1..cefc6c550f74 100644 --- a/security/selinux/include/objsec.h +++ b/security/selinux/include/objsec.h @@ -245,4 +245,12 @@ selinux_perf_event(void *perf_event) return perf_event + selinux_blob_sizes.lbs_perf_event; } =20 +static inline struct selinux_mnt_opts *selinux_mnt_opts(void *opts) +{ + if (!opts) + return NULL; + + return opts + selinux_blob_sizes.lbs_mnt_opts; +} + #endif /* _SELINUX_OBJSEC_H_ */ diff --git a/security/smack/smack.h b/security/smack/smack.h index bf6a6ed3946c..828c913dd62d 100644 --- a/security/smack/smack.h +++ b/security/smack/smack.h @@ -367,6 +367,14 @@ static inline struct socket_smack *smack_sock(const st= ruct sock *sock) return sock->sk_security + smack_blob_sizes.lbs_sock; } =20 +static inline struct smack_mnt_opts *smack_mnt_opts(void *opts) +{ + if (!opts) + return NULL; + + return opts + smack_blob_sizes.lbs_mnt_opts; +} + #ifdef CONFIG_KEYS static inline struct smack_known **smack_key(const struct key *key) { diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 1f236014e7d8..c83bb85ee1b5 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -551,22 +551,13 @@ struct smack_mnt_opts { const char *fstransmute; }; =20 -static void smack_free_mnt_opts(void *mnt_opts) -{ - kfree(mnt_opts); -} - static int smack_add_opt(int token, const char *s, void **mnt_opts) { - struct smack_mnt_opts *opts =3D *mnt_opts; + struct smack_mnt_opts *opts =3D smack_mnt_opts(*mnt_opts); struct smack_known *skp; =20 - if (!opts) { - opts =3D kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL); - if (!opts) - return -ENOMEM; - *mnt_opts =3D opts; - } + if (!opts) + return -ENOMEM; if (!s) return -ENOMEM; =20 @@ -622,10 +613,9 @@ static int smack_fs_context_submount(struct fs_context= *fc, struct smack_mnt_opts *ctx; struct inode_smack *isp; =20 - ctx =3D kzalloc(sizeof(*ctx), GFP_KERNEL); + ctx =3D smack_mnt_opts(fc->security); if (!ctx) return -ENOMEM; - fc->security =3D ctx; =20 sbsp =3D smack_superblock(reference); isp =3D smack_inode(reference->s_root->d_inode); @@ -668,22 +658,15 @@ static int smack_fs_context_submount(struct fs_contex= t *fc, static int smack_fs_context_dup(struct fs_context *fc, struct fs_context *src_fc) { - struct smack_mnt_opts *dst, *src =3D src_fc->security; + struct smack_mnt_opts *dst =3D smack_mnt_opts(fc->security); + struct smack_mnt_opts *src =3D smack_mnt_opts(src_fc->security); =20 if (!src) return 0; + if (!dst) + return 0; =20 - fc->security =3D kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL); - if (!fc->security) - return -ENOMEM; - - dst =3D fc->security; - dst->fsdefault =3D src->fsdefault; - dst->fsfloor =3D src->fsfloor; - dst->fshat =3D src->fshat; - dst->fsroot =3D src->fsroot; - dst->fstransmute =3D src->fstransmute; - + *dst =3D *src; return 0; } =20 @@ -741,12 +724,8 @@ static int smack_sb_eat_lsm_opts(char *options, void *= *mnt_opts) arg =3D kmemdup_nul(arg, from + len - arg, GFP_KERNEL); rc =3D smack_add_opt(token, arg, mnt_opts); kfree(arg); - if (unlikely(rc)) { - if (*mnt_opts) - smack_free_mnt_opts(*mnt_opts); - *mnt_opts =3D NULL; + if (unlikely(rc)) return rc; - } } else { if (!first) { // copy with preceding comma from--; @@ -787,7 +766,7 @@ static int smack_set_mnt_opts(struct super_block *sb, struct superblock_smack *sp =3D smack_superblock(sb); struct inode_smack *isp; struct smack_known *skp; - struct smack_mnt_opts *opts =3D mnt_opts; + struct smack_mnt_opts *opts =3D smack_mnt_opts(mnt_opts); bool transmute =3D false; =20 if (sp->smk_flags & SMK_SB_INITIALIZED) @@ -5048,7 +5027,6 @@ static struct security_hook_list smack_hooks[] __ro_a= fter_init =3D { LSM_HOOK_INIT(fs_context_parse_param, smack_fs_context_parse_param), =20 LSM_HOOK_INIT(sb_alloc_security, smack_sb_alloc_security), - LSM_HOOK_INIT(sb_free_mnt_opts, smack_free_mnt_opts), LSM_HOOK_INIT(sb_eat_lsm_opts, smack_sb_eat_lsm_opts), LSM_HOOK_INIT(sb_statfs, smack_sb_statfs), LSM_HOOK_INIT(sb_set_mnt_opts, smack_set_mnt_opts), --=20 2.51.0