Skip to content

Commit 395a02d

Browse files
gnoackl0kod
gnoack
authored and
l0kod
committed
landlock: Use bit-fields for storing handled layer access masks
When defined using bit-fields, the compiler takes care of packing the bits in a memory-efficient way and frees us from defining LANDLOCK_SHIFT_ACCESS_* by hand. The exact memory layout does not matter in our use case. The manual definition of LANDLOCK_SHIFT_ACCESS_* has resulted in bugs in at least two recent patch sets [1] [2] where new kinds of handled access rights were introduced. Cc: Mikhail Ivanov <[email protected]> Cc: Tahera Fahimi <[email protected]> Link: https://lore.kernel.org/r/[email protected] [1] Link: https://lore.kernel.org/r/[email protected] [2] Signed-off-by: Günther Noack <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Mickaël Salaün <[email protected]>
1 parent 256abd8 commit 395a02d

File tree

3 files changed

+9
-21
lines changed

3 files changed

+9
-21
lines changed

security/landlock/limits.h

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -21,12 +21,10 @@
2121
#define LANDLOCK_LAST_ACCESS_FS LANDLOCK_ACCESS_FS_IOCTL_DEV
2222
#define LANDLOCK_MASK_ACCESS_FS ((LANDLOCK_LAST_ACCESS_FS << 1) - 1)
2323
#define LANDLOCK_NUM_ACCESS_FS __const_hweight64(LANDLOCK_MASK_ACCESS_FS)
24-
#define LANDLOCK_SHIFT_ACCESS_FS 0
2524

2625
#define LANDLOCK_LAST_ACCESS_NET LANDLOCK_ACCESS_NET_CONNECT_TCP
2726
#define LANDLOCK_MASK_ACCESS_NET ((LANDLOCK_LAST_ACCESS_NET << 1) - 1)
2827
#define LANDLOCK_NUM_ACCESS_NET __const_hweight64(LANDLOCK_MASK_ACCESS_NET)
29-
#define LANDLOCK_SHIFT_ACCESS_NET LANDLOCK_NUM_ACCESS_FS
3028

3129
/* clang-format on */
3230

security/landlock/ruleset.c

Lines changed: 0 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -169,13 +169,9 @@ static void build_check_ruleset(void)
169169
.num_rules = ~0,
170170
.num_layers = ~0,
171171
};
172-
typeof(ruleset.access_masks[0]) access_masks = ~0;
173172

174173
BUILD_BUG_ON(ruleset.num_rules < LANDLOCK_MAX_NUM_RULES);
175174
BUILD_BUG_ON(ruleset.num_layers < LANDLOCK_MAX_NUM_LAYERS);
176-
BUILD_BUG_ON(access_masks <
177-
((LANDLOCK_MASK_ACCESS_FS << LANDLOCK_SHIFT_ACCESS_FS) |
178-
(LANDLOCK_MASK_ACCESS_NET << LANDLOCK_SHIFT_ACCESS_NET)));
179175
}
180176

181177
/**

security/landlock/ruleset.h

Lines changed: 9 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -39,10 +39,10 @@ static_assert(BITS_PER_TYPE(access_mask_t) >= LANDLOCK_NUM_ACCESS_NET);
3939
static_assert(sizeof(unsigned long) >= sizeof(access_mask_t));
4040

4141
/* Ruleset access masks. */
42-
typedef u32 access_masks_t;
43-
/* Makes sure all ruleset access rights can be stored. */
44-
static_assert(BITS_PER_TYPE(access_masks_t) >=
45-
LANDLOCK_NUM_ACCESS_FS + LANDLOCK_NUM_ACCESS_NET);
42+
struct access_masks {
43+
access_mask_t fs : LANDLOCK_NUM_ACCESS_FS;
44+
access_mask_t net : LANDLOCK_NUM_ACCESS_NET;
45+
};
4646

4747
typedef u16 layer_mask_t;
4848
/* Makes sure all layers can be checked. */
@@ -226,7 +226,7 @@ struct landlock_ruleset {
226226
* layers are set once and never changed for the
227227
* lifetime of the ruleset.
228228
*/
229-
access_masks_t access_masks[];
229+
struct access_masks access_masks[];
230230
};
231231
};
232232
};
@@ -265,8 +265,7 @@ landlock_add_fs_access_mask(struct landlock_ruleset *const ruleset,
265265

266266
/* Should already be checked in sys_landlock_create_ruleset(). */
267267
WARN_ON_ONCE(fs_access_mask != fs_mask);
268-
ruleset->access_masks[layer_level] |=
269-
(fs_mask << LANDLOCK_SHIFT_ACCESS_FS);
268+
ruleset->access_masks[layer_level].fs |= fs_mask;
270269
}
271270

272271
static inline void
@@ -278,17 +277,14 @@ landlock_add_net_access_mask(struct landlock_ruleset *const ruleset,
278277

279278
/* Should already be checked in sys_landlock_create_ruleset(). */
280279
WARN_ON_ONCE(net_access_mask != net_mask);
281-
ruleset->access_masks[layer_level] |=
282-
(net_mask << LANDLOCK_SHIFT_ACCESS_NET);
280+
ruleset->access_masks[layer_level].net |= net_mask;
283281
}
284282

285283
static inline access_mask_t
286284
landlock_get_raw_fs_access_mask(const struct landlock_ruleset *const ruleset,
287285
const u16 layer_level)
288286
{
289-
return (ruleset->access_masks[layer_level] >>
290-
LANDLOCK_SHIFT_ACCESS_FS) &
291-
LANDLOCK_MASK_ACCESS_FS;
287+
return ruleset->access_masks[layer_level].fs;
292288
}
293289

294290
static inline access_mask_t
@@ -304,9 +300,7 @@ static inline access_mask_t
304300
landlock_get_net_access_mask(const struct landlock_ruleset *const ruleset,
305301
const u16 layer_level)
306302
{
307-
return (ruleset->access_masks[layer_level] >>
308-
LANDLOCK_SHIFT_ACCESS_NET) &
309-
LANDLOCK_MASK_ACCESS_NET;
303+
return ruleset->access_masks[layer_level].net;
310304
}
311305

312306
bool landlock_unmask_layers(const struct landlock_rule *const rule,

0 commit comments

Comments
 (0)