[G/H] UBUNTU: [Config] Enable CONFIG_BPF_LSM

Message ID	20201130231403.2737154-1-kpsingh@chromium.org
State	New
Headers	show Return-Path: <kernel-team-bounces@lists.ubuntu.com> From: KP Singh <kpsingh@chromium.org> To: kernel-team@lists.ubuntu.com Subject: [PATCH][G/H] UBUNTU: [Config] Enable CONFIG_BPF_LSM Date: Mon, 30 Nov 2020 23:14:03 +0000 Message-Id: <20201130231403.2737154-1-kpsingh@chromium.org> MIME-Version: 1.0 Precedence: list Cc: Florent Revest <revest@chromium.org>, Brendan Jackman <jackmanb@chromium.org>, Alexei Starovoitov <ast@kernel.org>, Daniel Borkmann <daniel@iogearbox.net>, Kees Cook <keescook@chromium.org> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>
Series	[G/H] UBUNTU: [Config] Enable CONFIG_BPF_LSM \| expand [G/H] UBUNTU: [Config] Enable CONFIG_BPF_LSM

KP Singh Nov. 30, 2020, 11:14 p.m. UTC

From: KP Singh <kpsingh@google.com>

Buglink: https://bugs.launchpad.net/bugs/1905975

[Impact]

Allows users to implement MAC and Audit Policies using BPF programs.

The LSM won't be added to the list of active LSMs by default (in
CONFIG_LSM or lsm= on the boot parameters) yet, as it adds an indirect
function call overhead by registering an empty callback for all hooks.

The LSM can be made "active" by default when the upstream effort [1] of
getting rid of this overhead is merged in the mainline kernel.

[Regression Potential]

Since the LSM is not active by default, it does not cause any
functional or performance regression.

[1]: https://lore.kernel.org/bpf/20200820164753.3256899-1-jackmanb@chromium.org

Signed-off-by: KP Singh <kpsingh@google.com>
---
 debian.master/config/config.common.ubuntu | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Kees Cook Dec. 5, 2020, 11:11 p.m. UTC | #1

Hi!

On Mon, Nov 30, 2020 at 11:14:03PM +0000, KP Singh wrote:
> From: KP Singh <kpsingh@google.com>
> 
> Buglink: https://bugs.launchpad.net/bugs/1905975
> 
> [Impact]
> 
> Allows users to implement MAC and Audit Policies using BPF programs.
> 
> The LSM won't be added to the list of active LSMs by default (in
> CONFIG_LSM or lsm= on the boot parameters) yet, as it adds an indirect
> function call overhead by registering an empty callback for all hooks.
> 
> The LSM can be made "active" by default when the upstream effort [1] of
> getting rid of this overhead is merged in the mainline kernel.
> 
> [Regression Potential]
> 
> Since the LSM is not active by default, it does not cause any
> functional or performance regression.
> 
> [1]: https://lore.kernel.org/bpf/20200820164753.3256899-1-jackmanb@chromium.org
> 
> Signed-off-by: KP Singh <kpsingh@google.com>

FWIW, this looks good to me. I'd love to be able to play with the BPF
LSM on Ubuntu. :)

Adding this CONFIG results in no change in performance unless the user
explicitly turns it on a boot (i.e. they really know what they're
doing), and when enabled is exposed only to root users.

Can this get added to Hirsute, please? (And if that goes well, it'd be
nice to get it in Groovy too, but that's not critical.)

-Kees

> ---
>  debian.master/config/config.common.ubuntu | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/debian.master/config/config.common.ubuntu b/debian.master/config/config.common.ubuntu
> index c20145760f29..39f5fffcc641 100644
> --- a/debian.master/config/config.common.ubuntu
> +++ b/debian.master/config/config.common.ubuntu
> @@ -1216,7 +1216,7 @@ CONFIG_BPF_JIT=y
>  CONFIG_BPF_JIT_ALWAYS_ON=y
>  CONFIG_BPF_JIT_DEFAULT_ON=y
>  CONFIG_BPF_KPROBE_OVERRIDE=y
> -# CONFIG_BPF_LSM is not set
> +CONFIG_BPF_LSM=y
>  CONFIG_BPF_STREAM_PARSER=y
>  CONFIG_BPF_SYSCALL=y
>  CONFIG_BPQETHER=m
> -- 
> 2.29.2.454.gaff20da3a2-goog
>

Andrea Righi Dec. 15, 2020, 8:49 a.m. UTC | #2

On Mon, Nov 30, 2020 at 11:14:03PM +0000, KP Singh wrote:
> From: KP Singh <kpsingh@google.com>
> 
> Buglink: https://bugs.launchpad.net/bugs/1905975
> 
> [Impact]
> 
> Allows users to implement MAC and Audit Policies using BPF programs.
> 
> The LSM won't be added to the list of active LSMs by default (in
> CONFIG_LSM or lsm= on the boot parameters) yet, as it adds an indirect
> function call overhead by registering an empty callback for all hooks.
> 
> The LSM can be made "active" by default when the upstream effort [1] of
> getting rid of this overhead is merged in the mainline kernel.
> 
> [Regression Potential]
> 
> Since the LSM is not active by default, it does not cause any
> functional or performance regression.
> 
> [1]: https://lore.kernel.org/bpf/20200820164753.3256899-1-jackmanb@chromium.org

I think it'd be intersting to have this feature. Moreover it doesn't add
any extra overhead if not explicitly enabled, therefore:

Acked-by: Andrea Righi <andrea.righi@canonical.com>

Andrea Righi Dec. 15, 2020, 9:03 a.m. UTC | #3

On Mon, Nov 30, 2020 at 11:14:03PM +0000, KP Singh wrote:
> From: KP Singh <kpsingh@google.com>
> 
> Buglink: https://bugs.launchpad.net/bugs/1905975
> 
> [Impact]
> 
> Allows users to implement MAC and Audit Policies using BPF programs.
> 
> The LSM won't be added to the list of active LSMs by default (in
> CONFIG_LSM or lsm= on the boot parameters) yet, as it adds an indirect
> function call overhead by registering an empty callback for all hooks.
> 
> The LSM can be made "active" by default when the upstream effort [1] of
> getting rid of this overhead is merged in the mainline kernel.
> 
> [Regression Potential]
> 
> Since the LSM is not active by default, it does not cause any
> functional or performance regression.
> 
> [1]: https://lore.kernel.org/bpf/20200820164753.3256899-1-jackmanb@chromium.org
> 
> Signed-off-by: KP Singh <kpsingh@google.com>
> ---

Applied to unstable. Thanks.

-Andrea

Khalid Elmously Jan. 22, 2021, 9:01 a.m. UTC | #4

On 2020-11-30 23:14:03 , KP Singh wrote:
> From: KP Singh <kpsingh@google.com>
> 
> Buglink: https://bugs.launchpad.net/bugs/1905975
> 
> [Impact]
> 
> Allows users to implement MAC and Audit Policies using BPF programs.
> 
> The LSM won't be added to the list of active LSMs by default (in
> CONFIG_LSM or lsm= on the boot parameters) yet, as it adds an indirect
> function call overhead by registering an empty callback for all hooks.
> 
> The LSM can be made "active" by default when the upstream effort [1] of
> getting rid of this overhead is merged in the mainline kernel.
> 
> [Regression Potential]
> 
> Since the LSM is not active by default, it does not cause any
> functional or performance regression.
> 
> [1]: https://lore.kernel.org/bpf/20200820164753.3256899-1-jackmanb@chromium.org
> 
> Signed-off-by: KP Singh <kpsingh@google.com>


Acked-by: Khalid Elmously <khalid.elmously@canonical.com>

> ---
>  debian.master/config/config.common.ubuntu | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/debian.master/config/config.common.ubuntu b/debian.master/config/config.common.ubuntu
> index c20145760f29..39f5fffcc641 100644
> --- a/debian.master/config/config.common.ubuntu
> +++ b/debian.master/config/config.common.ubuntu
> @@ -1216,7 +1216,7 @@ CONFIG_BPF_JIT=y
>  CONFIG_BPF_JIT_ALWAYS_ON=y
>  CONFIG_BPF_JIT_DEFAULT_ON=y
>  CONFIG_BPF_KPROBE_OVERRIDE=y
> -# CONFIG_BPF_LSM is not set
> +CONFIG_BPF_LSM=y
>  CONFIG_BPF_STREAM_PARSER=y
>  CONFIG_BPF_SYSCALL=y
>  CONFIG_BPQETHER=m
> -- 
> 2.29.2.454.gaff20da3a2-goog
> 
> 
> -- 
> kernel-team mailing list
> kernel-team@lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team

Stefan Bader Jan. 22, 2021, 9:14 a.m. UTC | #5

On 15.12.20 10:03, Andrea Righi wrote:
> On Mon, Nov 30, 2020 at 11:14:03PM +0000, KP Singh wrote:
>> From: KP Singh <kpsingh@google.com>
>>
>> Buglink: https://bugs.launchpad.net/bugs/1905975
>>
>> [Impact]
>>
>> Allows users to implement MAC and Audit Policies using BPF programs.
>>
>> The LSM won't be added to the list of active LSMs by default (in
>> CONFIG_LSM or lsm= on the boot parameters) yet, as it adds an indirect
>> function call overhead by registering an empty callback for all hooks.
>>
>> The LSM can be made "active" by default when the upstream effort [1] of
>> getting rid of this overhead is merged in the mainline kernel.
>>
>> [Regression Potential]
>>
>> Since the LSM is not active by default, it does not cause any
>> functional or performance regression.
>>
>> [1]: https://lore.kernel.org/bpf/20200820164753.3256899-1-jackmanb@chromium.org
>>
>> Signed-off-by: KP Singh <kpsingh@google.com>
>> ---
> 
> Applied to unstable. Thanks.

I don't think we yet had a Hirsute kernel generally available that had this
turned on. Though I know I should be able to trust Kees, I still would like to
be cautious with Groovy and wait there was a chance to have this exposed in
Hirsute to a slightly bugger group.

-Stefan
> 
> -Andrea
>

Kelsey Skunberg Jan. 22, 2021, 7:31 p.m. UTC | #6

On 2021-01-22 10:14:25 , Stefan Bader wrote:
> On 15.12.20 10:03, Andrea Righi wrote:
> > On Mon, Nov 30, 2020 at 11:14:03PM +0000, KP Singh wrote:
> >> From: KP Singh <kpsingh@google.com>
> >>
> >> Buglink: https://bugs.launchpad.net/bugs/1905975
> >>
> >> [Impact]
> >>
> >> Allows users to implement MAC and Audit Policies using BPF programs.
> >>
> >> The LSM won't be added to the list of active LSMs by default (in
> >> CONFIG_LSM or lsm= on the boot parameters) yet, as it adds an indirect
> >> function call overhead by registering an empty callback for all hooks.
> >>
> >> The LSM can be made "active" by default when the upstream effort [1] of
> >> getting rid of this overhead is merged in the mainline kernel.
> >>
> >> [Regression Potential]
> >>
> >> Since the LSM is not active by default, it does not cause any
> >> functional or performance regression.
> >>
> >> [1]: https://lore.kernel.org/bpf/20200820164753.3256899-1-jackmanb@chromium.org
> >>
> >> Signed-off-by: KP Singh <kpsingh@google.com>
> >> ---
> > 
> > Applied to unstable. Thanks.
> 
> I don't think we yet had a Hirsute kernel generally available that had this
> turned on. Though I know I should be able to trust Kees, I still would like to
> be cautious with Groovy and wait there was a chance to have this exposed in
> Hirsute to a slightly bugger group.
> 
> -Stefan

Should this be treated as a NACK for Groovy on this patch for now?

-Kelsey

> > 
> > -Andrea
> > 
> 
> 




> -- 
> kernel-team mailing list
> kernel-team@lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team

KP Singh Jan. 22, 2021, 9:22 p.m. UTC | #7

On Fri, Jan 22, 2021 at 8:31 PM Kelsey Skunberg
<kelsey.skunberg@canonical.com> wrote:
>
> On 2021-01-22 10:14:25 , Stefan Bader wrote:
> > On 15.12.20 10:03, Andrea Righi wrote:
> > > On Mon, Nov 30, 2020 at 11:14:03PM +0000, KP Singh wrote:
> > >> From: KP Singh <kpsingh@google.com>
> > >>
> > >> Buglink: https://bugs.launchpad.net/bugs/1905975
> > >>
> > >> [Impact]
> > >>
> > >> Allows users to implement MAC and Audit Policies using BPF programs.
> > >>
> > >> The LSM won't be added to the list of active LSMs by default (in
> > >> CONFIG_LSM or lsm= on the boot parameters) yet, as it adds an indirect
> > >> function call overhead by registering an empty callback for all hooks.
> > >>
> > >> The LSM can be made "active" by default when the upstream effort [1] of
> > >> getting rid of this overhead is merged in the mainline kernel.
> > >>
> > >> [Regression Potential]
> > >>
> > >> Since the LSM is not active by default, it does not cause any
> > >> functional or performance regression.
> > >>
> > >> [1]: https://lore.kernel.org/bpf/20200820164753.3256899-1-jackmanb@chromium.org
> > >>
> > >> Signed-off-by: KP Singh <kpsingh@google.com>
> > >> ---
> > >
> > > Applied to unstable. Thanks.

Thanks!

> >
> > I don't think we yet had a Hirsute kernel generally available that had this
> > turned on. Though I know I should be able to trust Kees, I still would like to
> > be cautious with Groovy and wait there was a chance to have this exposed in

CONFIG_BPF_LSM alone does nothing unless it's enabled using CONFIG_LSM or
lsm= kernel command line. But, I guess we could do it after we have a kernel
that uses it on Hirsute.

> > Hirsute to a slightly bugger group.
> >
> > -Stefan
>
> Should this be treated as a NACK for Groovy on this patch for now?

If this is the case should I resubmit this for Groovy after a while?

- KP

>
> -Kelsey
>
> > >
> > > -Andrea
> > >
> >
> >
>
>
>
>
> > --
> > kernel-team mailing list
> > kernel-team@lists.ubuntu.com
> > https://lists.ubuntu.com/mailman/listinfo/kernel-team
>

Stefan Bader Jan. 25, 2021, 8:29 a.m. UTC | #8

On 22.01.21 20:31, Kelsey Skunberg wrote:
> On 2021-01-22 10:14:25 , Stefan Bader wrote:
>> On 15.12.20 10:03, Andrea Righi wrote:
>>> On Mon, Nov 30, 2020 at 11:14:03PM +0000, KP Singh wrote:
>>>> From: KP Singh <kpsingh@google.com>
>>>>
>>>> Buglink: https://bugs.launchpad.net/bugs/1905975
>>>>
>>>> [Impact]
>>>>
>>>> Allows users to implement MAC and Audit Policies using BPF programs.
>>>>
>>>> The LSM won't be added to the list of active LSMs by default (in
>>>> CONFIG_LSM or lsm= on the boot parameters) yet, as it adds an indirect
>>>> function call overhead by registering an empty callback for all hooks.
>>>>
>>>> The LSM can be made "active" by default when the upstream effort [1] of
>>>> getting rid of this overhead is merged in the mainline kernel.
>>>>
>>>> [Regression Potential]
>>>>
>>>> Since the LSM is not active by default, it does not cause any
>>>> functional or performance regression.
>>>>
>>>> [1]: https://lore.kernel.org/bpf/20200820164753.3256899-1-jackmanb@chromium.org
>>>>
>>>> Signed-off-by: KP Singh <kpsingh@google.com>
>>>> ---
>>>
>>> Applied to unstable. Thanks.
>>
>> I don't think we yet had a Hirsute kernel generally available that had this
>> turned on. Though I know I should be able to trust Kees, I still would like to
>> be cautious with Groovy and wait there was a chance to have this exposed in
>> Hirsute to a slightly bugger group.
>>
>> -Stefan
> 
> Should this be treated as a NACK for Groovy on this patch for now?

No I would just leave it as pending. And once we have a bit of settling time in
hirsute we can add the second ack and pull it in.

-Stefan

> 
> -Kelsey
> 
>>>
>>> -Andrea
>>>
>>
>>
> 
> 
> 
> 
>> -- 
>> kernel-team mailing list
>> kernel-team@lists.ubuntu.com
>> https://lists.ubuntu.com/mailman/listinfo/kernel-team
>

Kelsey Skunberg March 12, 2021, 1:19 a.m. UTC | #9

Applied to Groovy master-next. Included the annotations changes, too. 

Thank you! 

-Kelsey

On 2020-11-30 23:14:03 , KP Singh wrote:
> From: KP Singh <kpsingh@google.com>
> 
> Buglink: https://bugs.launchpad.net/bugs/1905975
> 
> [Impact]
> 
> Allows users to implement MAC and Audit Policies using BPF programs.
> 
> The LSM won't be added to the list of active LSMs by default (in
> CONFIG_LSM or lsm= on the boot parameters) yet, as it adds an indirect
> function call overhead by registering an empty callback for all hooks.
> 
> The LSM can be made "active" by default when the upstream effort [1] of
> getting rid of this overhead is merged in the mainline kernel.
> 
> [Regression Potential]
> 
> Since the LSM is not active by default, it does not cause any
> functional or performance regression.
> 
> [1]: https://lore.kernel.org/bpf/20200820164753.3256899-1-jackmanb@chromium.org
> 
> Signed-off-by: KP Singh <kpsingh@google.com>
> ---
>  debian.master/config/config.common.ubuntu | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/debian.master/config/config.common.ubuntu b/debian.master/config/config.common.ubuntu
> index c20145760f29..39f5fffcc641 100644
> --- a/debian.master/config/config.common.ubuntu
> +++ b/debian.master/config/config.common.ubuntu
> @@ -1216,7 +1216,7 @@ CONFIG_BPF_JIT=y
>  CONFIG_BPF_JIT_ALWAYS_ON=y
>  CONFIG_BPF_JIT_DEFAULT_ON=y
>  CONFIG_BPF_KPROBE_OVERRIDE=y
> -# CONFIG_BPF_LSM is not set
> +CONFIG_BPF_LSM=y
>  CONFIG_BPF_STREAM_PARSER=y
>  CONFIG_BPF_SYSCALL=y
>  CONFIG_BPQETHER=m
> -- 
> 2.29.2.454.gaff20da3a2-goog
> 
> 
> -- 
> kernel-team mailing list
> kernel-team@lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team

[G/H] UBUNTU: [Config] Enable CONFIG_BPF_LSM

Commit Message

Comments

Patch