[PATCH][G/H] UBUNTU: [Config] Enable CONFIG_BPF_LSM

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

[PATCH][G/H] UBUNTU: [Config] Enable CONFIG_BPF_LSM

KP Singh
From: KP Singh <[hidden email]>

Buglink: https://bugs.launchpad.net/bugs/1905975

[Impact]

Allows users to implement MAC and Audit Policies using BPF programs.

The LSM won't be added to the list of active LSMs by default (in
CONFIG_LSM or lsm= on the boot parameters) yet, as it adds an indirect
function call overhead by registering an empty callback for all hooks.

The LSM can be made "active" by default when the upstream effort [1] of
getting rid of this overhead is merged in the mainline kernel.

[Regression Potential]

Since the LSM is not active by default, it does not cause any
functional or performance regression.

[1]: https://lore.kernel.org/bpf/20200820164753.3256899-1-jackmanb@...

Signed-off-by: KP Singh <[hidden email]>
---
 debian.master/config/config.common.ubuntu | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian.master/config/config.common.ubuntu b/debian.master/config/config.common.ubuntu
index c20145760f29..39f5fffcc641 100644
--- a/debian.master/config/config.common.ubuntu
+++ b/debian.master/config/config.common.ubuntu
@@ -1216,7 +1216,7 @@ CONFIG_BPF_JIT=y
 CONFIG_BPF_JIT_ALWAYS_ON=y
 CONFIG_BPF_JIT_DEFAULT_ON=y
 CONFIG_BPF_KPROBE_OVERRIDE=y
-# CONFIG_BPF_LSM is not set
+CONFIG_BPF_LSM=y
 CONFIG_BPF_STREAM_PARSER=y
 CONFIG_BPF_SYSCALL=y
 CONFIG_BPQETHER=m
--
2.29.2.454.gaff20da3a2-goog


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH][G/H] UBUNTU: [Config] Enable CONFIG_BPF_LSM

Kees Cook-5
Hi!

On Mon, Nov 30, 2020 at 11:14:03PM +0000, KP Singh wrote:

> From: KP Singh <[hidden email]>
>
> Buglink: https://bugs.launchpad.net/bugs/1905975
>
> [Impact]
>
> Allows users to implement MAC and Audit Policies using BPF programs.
>
> The LSM won't be added to the list of active LSMs by default (in
> CONFIG_LSM or lsm= on the boot parameters) yet, as it adds an indirect
> function call overhead by registering an empty callback for all hooks.
>
> The LSM can be made "active" by default when the upstream effort [1] of
> getting rid of this overhead is merged in the mainline kernel.
>
> [Regression Potential]
>
> Since the LSM is not active by default, it does not cause any
> functional or performance regression.
>
> [1]: https://lore.kernel.org/bpf/20200820164753.3256899-1-jackmanb@...
>
> Signed-off-by: KP Singh <[hidden email]>

FWIW, this looks good to me. I'd love to be able to play with the BPF
LSM on Ubuntu. :)

Adding this CONFIG results in no change in performance unless the user
explicitly turns it on a boot (i.e. they really know what they're
doing), and when enabled is exposed only to root users.

Can this get added to Hirsute, please? (And if that goes well, it'd be
nice to get it in Groovy too, but that's not critical.)

-Kees

> ---
>  debian.master/config/config.common.ubuntu | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/debian.master/config/config.common.ubuntu b/debian.master/config/config.common.ubuntu
> index c20145760f29..39f5fffcc641 100644
> --- a/debian.master/config/config.common.ubuntu
> +++ b/debian.master/config/config.common.ubuntu
> @@ -1216,7 +1216,7 @@ CONFIG_BPF_JIT=y
>  CONFIG_BPF_JIT_ALWAYS_ON=y
>  CONFIG_BPF_JIT_DEFAULT_ON=y
>  CONFIG_BPF_KPROBE_OVERRIDE=y
> -# CONFIG_BPF_LSM is not set
> +CONFIG_BPF_LSM=y
>  CONFIG_BPF_STREAM_PARSER=y
>  CONFIG_BPF_SYSCALL=y
>  CONFIG_BPQETHER=m
> --
> 2.29.2.454.gaff20da3a2-goog
>
--
Kees Cook

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

ACK: [PATCH][G/H] UBUNTU: [Config] Enable CONFIG_BPF_LSM

Andrea Righi
In reply to this post by KP Singh
On Mon, Nov 30, 2020 at 11:14:03PM +0000, KP Singh wrote:

> From: KP Singh <[hidden email]>
>
> Buglink: https://bugs.launchpad.net/bugs/1905975
>
> [Impact]
>
> Allows users to implement MAC and Audit Policies using BPF programs.
>
> The LSM won't be added to the list of active LSMs by default (in
> CONFIG_LSM or lsm= on the boot parameters) yet, as it adds an indirect
> function call overhead by registering an empty callback for all hooks.
>
> The LSM can be made "active" by default when the upstream effort [1] of
> getting rid of this overhead is merged in the mainline kernel.
>
> [Regression Potential]
>
> Since the LSM is not active by default, it does not cause any
> functional or performance regression.
>
> [1]: https://lore.kernel.org/bpf/20200820164753.3256899-1-jackmanb@...

I think it'd be intersting to have this feature. Moreover it doesn't add
any extra overhead if not explicitly enabled, therefore:

Acked-by: Andrea Righi <[hidden email]>

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

APPLIED[U]: [PATCH][G/H] UBUNTU: [Config] Enable CONFIG_BPF_LSM

Andrea Righi
In reply to this post by KP Singh
On Mon, Nov 30, 2020 at 11:14:03PM +0000, KP Singh wrote:

> From: KP Singh <[hidden email]>
>
> Buglink: https://bugs.launchpad.net/bugs/1905975
>
> [Impact]
>
> Allows users to implement MAC and Audit Policies using BPF programs.
>
> The LSM won't be added to the list of active LSMs by default (in
> CONFIG_LSM or lsm= on the boot parameters) yet, as it adds an indirect
> function call overhead by registering an empty callback for all hooks.
>
> The LSM can be made "active" by default when the upstream effort [1] of
> getting rid of this overhead is merged in the mainline kernel.
>
> [Regression Potential]
>
> Since the LSM is not active by default, it does not cause any
> functional or performance regression.
>
> [1]: https://lore.kernel.org/bpf/20200820164753.3256899-1-jackmanb@...
>
> Signed-off-by: KP Singh <[hidden email]>
> ---

Applied to unstable. Thanks.

-Andrea

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

ACK: [PATCH][G/H] UBUNTU: [Config] Enable CONFIG_BPF_LSM

Khaled Elmously
In reply to this post by KP Singh
On 2020-11-30 23:14:03 , KP Singh wrote:

> From: KP Singh <[hidden email]>
>
> Buglink: https://bugs.launchpad.net/bugs/1905975
>
> [Impact]
>
> Allows users to implement MAC and Audit Policies using BPF programs.
>
> The LSM won't be added to the list of active LSMs by default (in
> CONFIG_LSM or lsm= on the boot parameters) yet, as it adds an indirect
> function call overhead by registering an empty callback for all hooks.
>
> The LSM can be made "active" by default when the upstream effort [1] of
> getting rid of this overhead is merged in the mainline kernel.
>
> [Regression Potential]
>
> Since the LSM is not active by default, it does not cause any
> functional or performance regression.
>
> [1]: https://lore.kernel.org/bpf/20200820164753.3256899-1-jackmanb@...
>
> Signed-off-by: KP Singh <[hidden email]>


Acked-by: Khalid Elmously <[hidden email]>

> ---
>  debian.master/config/config.common.ubuntu | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/debian.master/config/config.common.ubuntu b/debian.master/config/config.common.ubuntu
> index c20145760f29..39f5fffcc641 100644
> --- a/debian.master/config/config.common.ubuntu
> +++ b/debian.master/config/config.common.ubuntu
> @@ -1216,7 +1216,7 @@ CONFIG_BPF_JIT=y
>  CONFIG_BPF_JIT_ALWAYS_ON=y
>  CONFIG_BPF_JIT_DEFAULT_ON=y
>  CONFIG_BPF_KPROBE_OVERRIDE=y
> -# CONFIG_BPF_LSM is not set
> +CONFIG_BPF_LSM=y
>  CONFIG_BPF_STREAM_PARSER=y
>  CONFIG_BPF_SYSCALL=y
>  CONFIG_BPQETHER=m
> --
> 2.29.2.454.gaff20da3a2-goog
>
>
> --
> kernel-team mailing list
> [hidden email]
> https://lists.ubuntu.com/mailman/listinfo/kernel-team

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

Re: APPLIED[U]: [PATCH][G/H] UBUNTU: [Config] Enable CONFIG_BPF_LSM

Stefan Bader-2
In reply to this post by Andrea Righi
On 15.12.20 10:03, Andrea Righi wrote:

> On Mon, Nov 30, 2020 at 11:14:03PM +0000, KP Singh wrote:
>> From: KP Singh <[hidden email]>
>>
>> Buglink: https://bugs.launchpad.net/bugs/1905975
>>
>> [Impact]
>>
>> Allows users to implement MAC and Audit Policies using BPF programs.
>>
>> The LSM won't be added to the list of active LSMs by default (in
>> CONFIG_LSM or lsm= on the boot parameters) yet, as it adds an indirect
>> function call overhead by registering an empty callback for all hooks.
>>
>> The LSM can be made "active" by default when the upstream effort [1] of
>> getting rid of this overhead is merged in the mainline kernel.
>>
>> [Regression Potential]
>>
>> Since the LSM is not active by default, it does not cause any
>> functional or performance regression.
>>
>> [1]: https://lore.kernel.org/bpf/20200820164753.3256899-1-jackmanb@...
>>
>> Signed-off-by: KP Singh <[hidden email]>
>> ---
>
> Applied to unstable. Thanks.
I don't think we yet had a Hirsute kernel generally available that had this
turned on. Though I know I should be able to trust Kees, I still would like to
be cautious with Groovy and wait there was a chance to have this exposed in
Hirsute to a slightly bugger group.

-Stefan
>
> -Andrea
>



--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: APPLIED[U]: [PATCH][G/H] UBUNTU: [Config] Enable CONFIG_BPF_LSM

Kelsey Skunberg
On 2021-01-22 10:14:25 , Stefan Bader wrote:

> On 15.12.20 10:03, Andrea Righi wrote:
> > On Mon, Nov 30, 2020 at 11:14:03PM +0000, KP Singh wrote:
> >> From: KP Singh <[hidden email]>
> >>
> >> Buglink: https://bugs.launchpad.net/bugs/1905975
> >>
> >> [Impact]
> >>
> >> Allows users to implement MAC and Audit Policies using BPF programs.
> >>
> >> The LSM won't be added to the list of active LSMs by default (in
> >> CONFIG_LSM or lsm= on the boot parameters) yet, as it adds an indirect
> >> function call overhead by registering an empty callback for all hooks.
> >>
> >> The LSM can be made "active" by default when the upstream effort [1] of
> >> getting rid of this overhead is merged in the mainline kernel.
> >>
> >> [Regression Potential]
> >>
> >> Since the LSM is not active by default, it does not cause any
> >> functional or performance regression.
> >>
> >> [1]: https://lore.kernel.org/bpf/20200820164753.3256899-1-jackmanb@...
> >>
> >> Signed-off-by: KP Singh <[hidden email]>
> >> ---
> >
> > Applied to unstable. Thanks.
>
> I don't think we yet had a Hirsute kernel generally available that had this
> turned on. Though I know I should be able to trust Kees, I still would like to
> be cautious with Groovy and wait there was a chance to have this exposed in
> Hirsute to a slightly bugger group.
>
> -Stefan

Should this be treated as a NACK for Groovy on this patch for now?

-Kelsey

> >
> > -Andrea
> >
>
>




> --
> kernel-team mailing list
> [hidden email]
> https://lists.ubuntu.com/mailman/listinfo/kernel-team


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

Re: APPLIED[U]: [PATCH][G/H] UBUNTU: [Config] Enable CONFIG_BPF_LSM

KP Singh-2
On Fri, Jan 22, 2021 at 8:31 PM Kelsey Skunberg
<[hidden email]> wrote:

>
> On 2021-01-22 10:14:25 , Stefan Bader wrote:
> > On 15.12.20 10:03, Andrea Righi wrote:
> > > On Mon, Nov 30, 2020 at 11:14:03PM +0000, KP Singh wrote:
> > >> From: KP Singh <[hidden email]>
> > >>
> > >> Buglink: https://bugs.launchpad.net/bugs/1905975
> > >>
> > >> [Impact]
> > >>
> > >> Allows users to implement MAC and Audit Policies using BPF programs.
> > >>
> > >> The LSM won't be added to the list of active LSMs by default (in
> > >> CONFIG_LSM or lsm= on the boot parameters) yet, as it adds an indirect
> > >> function call overhead by registering an empty callback for all hooks.
> > >>
> > >> The LSM can be made "active" by default when the upstream effort [1] of
> > >> getting rid of this overhead is merged in the mainline kernel.
> > >>
> > >> [Regression Potential]
> > >>
> > >> Since the LSM is not active by default, it does not cause any
> > >> functional or performance regression.
> > >>
> > >> [1]: https://lore.kernel.org/bpf/20200820164753.3256899-1-jackmanb@...
> > >>
> > >> Signed-off-by: KP Singh <[hidden email]>
> > >> ---
> > >
> > > Applied to unstable. Thanks.

Thanks!

> >
> > I don't think we yet had a Hirsute kernel generally available that had this
> > turned on. Though I know I should be able to trust Kees, I still would like to
> > be cautious with Groovy and wait there was a chance to have this exposed in

CONFIG_BPF_LSM alone does nothing unless it's enabled using CONFIG_LSM or
lsm= kernel command line. But, I guess we could do it after we have a kernel
that uses it on Hirsute.

> > Hirsute to a slightly bugger group.
> >
> > -Stefan
>
> Should this be treated as a NACK for Groovy on this patch for now?

If this is the case should I resubmit this for Groovy after a while?

- KP

>
> -Kelsey
>
> > >
> > > -Andrea
> > >
> >
> >
>
>
>
>
> > --
> > kernel-team mailing list
> > [hidden email]
> > https://lists.ubuntu.com/mailman/listinfo/kernel-team
>

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

Re: APPLIED[U]: [PATCH][G/H] UBUNTU: [Config] Enable CONFIG_BPF_LSM

Stefan Bader-2
In reply to this post by Kelsey Skunberg
On 22.01.21 20:31, Kelsey Skunberg wrote:

> On 2021-01-22 10:14:25 , Stefan Bader wrote:
>> On 15.12.20 10:03, Andrea Righi wrote:
>>> On Mon, Nov 30, 2020 at 11:14:03PM +0000, KP Singh wrote:
>>>> From: KP Singh <[hidden email]>
>>>>
>>>> Buglink: https://bugs.launchpad.net/bugs/1905975
>>>>
>>>> [Impact]
>>>>
>>>> Allows users to implement MAC and Audit Policies using BPF programs.
>>>>
>>>> The LSM won't be added to the list of active LSMs by default (in
>>>> CONFIG_LSM or lsm= on the boot parameters) yet, as it adds an indirect
>>>> function call overhead by registering an empty callback for all hooks.
>>>>
>>>> The LSM can be made "active" by default when the upstream effort [1] of
>>>> getting rid of this overhead is merged in the mainline kernel.
>>>>
>>>> [Regression Potential]
>>>>
>>>> Since the LSM is not active by default, it does not cause any
>>>> functional or performance regression.
>>>>
>>>> [1]: https://lore.kernel.org/bpf/20200820164753.3256899-1-jackmanb@...
>>>>
>>>> Signed-off-by: KP Singh <[hidden email]>
>>>> ---
>>>
>>> Applied to unstable. Thanks.
>>
>> I don't think we yet had a Hirsute kernel generally available that had this
>> turned on. Though I know I should be able to trust Kees, I still would like to
>> be cautious with Groovy and wait there was a chance to have this exposed in
>> Hirsute to a slightly bugger group.
>>
>> -Stefan
>
> Should this be treated as a NACK for Groovy on this patch for now?
No I would just leave it as pending. And once we have a bit of settling time in
hirsute we can add the second ack and pull it in.

-Stefan

>
> -Kelsey
>
>>>
>>> -Andrea
>>>
>>
>>
>
>
>
>
>> --
>> kernel-team mailing list
>> [hidden email]
>> https://lists.ubuntu.com/mailman/listinfo/kernel-team
>


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team

signature.asc (849 bytes) Download Attachment