From: Casey Schaufler <casey@schaufler-ca.com>
To: KP Singh <kpsingh@kernel.org>,
linux-security-module@vger.kernel.org, bpf@vger.kernel.org
Cc: ast@kernel.org, paul@paul-moore.com, andrii@kernel.org,
keescook@chromium.org, daniel@iogearbox.net, renauld@google.com,
revest@chromium.org, song@kernel.org,
Kui-Feng Lee <sinquersw@gmail.com>,
Casey Schaufler <casey@schaufler-ca.com>
Subject: Re: [PATCH v11 2/5] security: Count the LSMs enabled at compile time
Date: Fri, 10 May 2024 09:47:32 -0700 [thread overview]
Message-ID: <a4d3a0dd-2ef9-4fbc-bf72-fa6cd84231d8@schaufler-ca.com> (raw)
In-Reply-To: <20240509201421.905965-3-kpsingh@kernel.org>
On 5/9/2024 1:14 PM, KP Singh wrote:
> These macros are a clever trick to determine a count of the number of
> LSMs that are enabled in the config to ascertain the maximum number of
> static calls that need to be configured per LSM hook.
>
> Without this one would need to generate static calls for the total
> number of LSMs in the kernel (even if they are not compiled) times the
> number of LSM hooks which ends up being quite wasteful.
>
> Suggested-by: Kui-Feng Lee <sinquersw@gmail.com>
> Suggested-by: Andrii Nakryiko <andrii@kernel.org>
> Acked-by: Song Liu <song@kernel.org>
> Acked-by: Andrii Nakryiko <andrii@kernel.org>
> Reviewed-by: Kees Cook <keescook@chromium.org>
> Signed-off-by: KP Singh <kpsingh@kernel.org>
Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
> ---
> include/linux/args.h | 6 +-
> include/linux/lsm_count.h | 128 ++++++++++++++++++++++++++++++++++++++
> 2 files changed, 131 insertions(+), 3 deletions(-)
> create mode 100644 include/linux/lsm_count.h
>
> diff --git a/include/linux/args.h b/include/linux/args.h
> index 8ff60a54eb7d..2e8e65d975c7 100644
> --- a/include/linux/args.h
> +++ b/include/linux/args.h
> @@ -17,9 +17,9 @@
> * that as _n.
> */
>
> -/* This counts to 12. Any more, it will return 13th argument. */
> -#define __COUNT_ARGS(_0, _1, _2, _3, _4, _5, _6, _7, _8, _9, _10, _11, _12, _n, X...) _n
> -#define COUNT_ARGS(X...) __COUNT_ARGS(, ##X, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0)
> +/* This counts to 15. Any more, it will return 16th argument. */
> +#define __COUNT_ARGS(_0, _1, _2, _3, _4, _5, _6, _7, _8, _9, _10, _11, _12, _13, _14, _15, _n, X...) _n
> +#define COUNT_ARGS(X...) __COUNT_ARGS(, ##X, 15, 14, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0)
>
> /* Concatenate two parameters, but allow them to be expanded beforehand. */
> #define __CONCAT(a, b) a ## b
> diff --git a/include/linux/lsm_count.h b/include/linux/lsm_count.h
> new file mode 100644
> index 000000000000..73c7cc81349b
> --- /dev/null
> +++ b/include/linux/lsm_count.h
> @@ -0,0 +1,128 @@
> +/* SPDX-License-Identifier: GPL-2.0 */
> +
> +/*
> + * Copyright (C) 2023 Google LLC.
> + */
> +
> +#ifndef __LINUX_LSM_COUNT_H
> +#define __LINUX_LSM_COUNT_H
> +
> +#include <linux/args.h>
> +
> +#ifdef CONFIG_SECURITY
> +
> +/*
> + * Macros to count the number of LSMs enabled in the kernel at compile time.
> + */
> +
> +/*
> + * Capabilities is enabled when CONFIG_SECURITY is enabled.
> + */
> +#if IS_ENABLED(CONFIG_SECURITY)
> +#define CAPABILITIES_ENABLED 1,
> +#else
> +#define CAPABILITIES_ENABLED
> +#endif
> +
> +#if IS_ENABLED(CONFIG_SECURITY_SELINUX)
> +#define SELINUX_ENABLED 1,
> +#else
> +#define SELINUX_ENABLED
> +#endif
> +
> +#if IS_ENABLED(CONFIG_SECURITY_SMACK)
> +#define SMACK_ENABLED 1,
> +#else
> +#define SMACK_ENABLED
> +#endif
> +
> +#if IS_ENABLED(CONFIG_SECURITY_APPARMOR)
> +#define APPARMOR_ENABLED 1,
> +#else
> +#define APPARMOR_ENABLED
> +#endif
> +
> +#if IS_ENABLED(CONFIG_SECURITY_TOMOYO)
> +#define TOMOYO_ENABLED 1,
> +#else
> +#define TOMOYO_ENABLED
> +#endif
> +
> +#if IS_ENABLED(CONFIG_SECURITY_YAMA)
> +#define YAMA_ENABLED 1,
> +#else
> +#define YAMA_ENABLED
> +#endif
> +
> +#if IS_ENABLED(CONFIG_SECURITY_LOADPIN)
> +#define LOADPIN_ENABLED 1,
> +#else
> +#define LOADPIN_ENABLED
> +#endif
> +
> +#if IS_ENABLED(CONFIG_SECURITY_LOCKDOWN_LSM)
> +#define LOCKDOWN_ENABLED 1,
> +#else
> +#define LOCKDOWN_ENABLED
> +#endif
> +
> +#if IS_ENABLED(CONFIG_SECURITY_SAFESETID)
> +#define SAFESETID_ENABLED 1,
> +#else
> +#define SAFESETID_ENABLED
> +#endif
> +
> +#if IS_ENABLED(CONFIG_BPF_LSM)
> +#define BPF_LSM_ENABLED 1,
> +#else
> +#define BPF_LSM_ENABLED
> +#endif
> +
> +#if IS_ENABLED(CONFIG_SECURITY_LANDLOCK)
> +#define LANDLOCK_ENABLED 1,
> +#else
> +#define LANDLOCK_ENABLED
> +#endif
> +
> +#if IS_ENABLED(CONFIG_IMA)
> +#define IMA_ENABLED 1,
> +#else
> +#define IMA_ENABLED
> +#endif
> +
> +#if IS_ENABLED(CONFIG_EVM)
> +#define EVM_ENABLED 1,
> +#else
> +#define EVM_ENABLED
> +#endif
> +
> +/*
> + * There is a trailing comma that we need to be accounted for. This is done by
> + * using a skipped argument in __COUNT_LSMS
> + */
> +#define __COUNT_LSMS(skipped_arg, args...) COUNT_ARGS(args...)
> +#define COUNT_LSMS(args...) __COUNT_LSMS(args)
> +
> +#define MAX_LSM_COUNT \
> + COUNT_LSMS( \
> + CAPABILITIES_ENABLED \
> + SELINUX_ENABLED \
> + SMACK_ENABLED \
> + APPARMOR_ENABLED \
> + TOMOYO_ENABLED \
> + YAMA_ENABLED \
> + LOADPIN_ENABLED \
> + LOCKDOWN_ENABLED \
> + SAFESETID_ENABLED \
> + BPF_LSM_ENABLED \
> + LANDLOCK_ENABLED \
> + IMA_ENABLED \
> + EVM_ENABLED)
> +
> +#else
> +
> +#define MAX_LSM_COUNT 0
> +
> +#endif /* CONFIG_SECURITY */
> +
> +#endif /* __LINUX_LSM_COUNT_H */
next prev parent reply other threads:[~2024-05-10 16:47 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-09 20:14 [PATCH v11 0/5] Reduce overhead of LSMs with static calls KP Singh
2024-05-09 20:14 ` [PATCH v11 1/5] kernel: Add helper macros for loop unrolling KP Singh
2024-05-09 20:14 ` [PATCH v11 2/5] security: Count the LSMs enabled at compile time KP Singh
2024-05-10 16:47 ` Casey Schaufler [this message]
2024-05-09 20:14 ` [PATCH v11 3/5] security: Replace indirect LSM hook calls with static calls KP Singh
2024-05-09 20:14 ` [PATCH v11 4/5] security: Update non standard hooks to use " KP Singh
2024-05-10 17:08 ` Casey Schaufler
2024-05-13 19:01 ` Kees Cook
2024-05-09 20:14 ` [PATCH v11 5/5] bpf: Only enable BPF LSM hooks when an LSM program is attached KP Singh
2024-05-09 21:55 ` Tetsuo Handa
2024-05-10 17:11 ` Casey Schaufler
2024-05-13 19:02 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a4d3a0dd-2ef9-4fbc-bf72-fa6cd84231d8@schaufler-ca.com \
--to=casey@schaufler-ca.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=keescook@chromium.org \
--cc=kpsingh@kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=renauld@google.com \
--cc=revest@chromium.org \
--cc=sinquersw@gmail.com \
--cc=song@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).