From: Eric Biggers <ebiggers3@gmail.com>
To: Geert Uytterhoeven <geert@linux-m68k.org>
Cc: "Jason A. Donenfeld" <Jason@zx2c4.com>,
linux-security-module@vger.kernel.org, keyrings@vger.kernel.org,
kernel-hardening@lists.openwall.com,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
David Howells <dhowells@redhat.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
Kirill Marinushkin <k.marinushkin@gmail.com>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Ilhan Gurel <ilhan.gurel@gmail.com>,
security@kernel.org, stable <stable@vger.kernel.org>
Subject: [kernel-hardening] Re: Modular BIG_KEYS (was: Re: [PATCH v4] security/keys: rewrite all of big_key crypto)
Date: Mon, 2 Oct 2017 10:01:11 -0700 [thread overview]
Message-ID: <20171002170111.GA6713@gmail.com> (raw)
In-Reply-To: <CAMuHMdWd3ttH7Zdpo=bodkOBw2xiyeX_R9MhPf=Bcf0-QLhOiQ@mail.gmail.com>
On Mon, Oct 02, 2017 at 09:14:36AM +0200, Geert Uytterhoeven wrote:
> Now this has hit mainline, the "BIG_KEYS" Kconfig symbol appeared on my
> radar. Is there any reason this cannot be tristate?
>
> The help text says:
>
> This option provides support for holding large keys within the kernel
> (for example Kerberos ticket caches). The data may be stored out to
> swapspace by tmpfs.
>
> If you are unsure as to whether this is required, answer N.
>
> So to save kernel size, I wan't to save N, but for a distro kernel that might
> have Kerberos users, you currently need to say Y, while M would be nicer.
>
> The symbol seems to just control the build of security/keys/big_key.c,
> which could use module_init() in the modular case.
> I'm not sending a patch to change BIG_KEYS from bool to tristate, as this is
> crypto, and I don't understand the full implications.
>
It's possible to have a key type in a module. In fact, some of the existing key
types such as key_type_rxrpc can already be modular. But I don't think it
really works as intended currently because there is no autoloading of key type
modules. That is, if big_key was a module and you tried to add a key of type
"big_key", the big_key module would *not* be automatically loaded, so the call
would return -ENODEV. This could be fixed, I believe.
(I also still need to convince myself that there aren't any race conditions in
key type unregistering. It's a little weird how it changes the key type to the
".dead" key type, rather than pinning the key type in memory while it's still
used.)
Eric
WARNING: multiple messages have this Message-ID (diff)
From: Eric Biggers <ebiggers3@gmail.com>
To: Geert Uytterhoeven <geert@linux-m68k.org>
Cc: "Jason A. Donenfeld" <Jason@zx2c4.com>,
linux-security-module@vger.kernel.org, keyrings@vger.kernel.org,
kernel-hardening@lists.openwall.com,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
David Howells <dhowells@redhat.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
Kirill Marinushkin <k.marinushkin@gmail.com>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Ilhan Gurel <ilhan.gurel@gmail.com>,
security@kernel.org, stable <stable@vger.kernel.org>
Subject: Re: Modular BIG_KEYS (was: Re: [PATCH v4] security/keys: rewrite all of big_key crypto)
Date: Mon, 02 Oct 2017 17:01:11 +0000 [thread overview]
Message-ID: <20171002170111.GA6713@gmail.com> (raw)
In-Reply-To: <CAMuHMdWd3ttH7Zdpo=bodkOBw2xiyeX_R9MhPf=Bcf0-QLhOiQ@mail.gmail.com>
On Mon, Oct 02, 2017 at 09:14:36AM +0200, Geert Uytterhoeven wrote:
> Now this has hit mainline, the "BIG_KEYS" Kconfig symbol appeared on my
> radar. Is there any reason this cannot be tristate?
>
> The help text says:
>
> This option provides support for holding large keys within the kernel
> (for example Kerberos ticket caches). The data may be stored out to
> swapspace by tmpfs.
>
> If you are unsure as to whether this is required, answer N.
>
> So to save kernel size, I wan't to save N, but for a distro kernel that might
> have Kerberos users, you currently need to say Y, while M would be nicer.
>
> The symbol seems to just control the build of security/keys/big_key.c,
> which could use module_init() in the modular case.
> I'm not sending a patch to change BIG_KEYS from bool to tristate, as this is
> crypto, and I don't understand the full implications.
>
It's possible to have a key type in a module. In fact, some of the existing key
types such as key_type_rxrpc can already be modular. But I don't think it
really works as intended currently because there is no autoloading of key type
modules. That is, if big_key was a module and you tried to add a key of type
"big_key", the big_key module would *not* be automatically loaded, so the call
would return -ENODEV. This could be fixed, I believe.
(I also still need to convince myself that there aren't any race conditions in
key type unregistering. It's a little weird how it changes the key type to the
".dead" key type, rather than pinning the key type in memory while it's still
used.)
Eric
WARNING: multiple messages have this Message-ID (diff)
From: ebiggers3@gmail.com (Eric Biggers)
To: linux-security-module@vger.kernel.org
Subject: Modular BIG_KEYS (was: Re: [PATCH v4] security/keys: rewrite all of big_key crypto)
Date: Mon, 2 Oct 2017 10:01:11 -0700 [thread overview]
Message-ID: <20171002170111.GA6713@gmail.com> (raw)
In-Reply-To: <CAMuHMdWd3ttH7Zdpo=bodkOBw2xiyeX_R9MhPf=Bcf0-QLhOiQ@mail.gmail.com>
On Mon, Oct 02, 2017 at 09:14:36AM +0200, Geert Uytterhoeven wrote:
> Now this has hit mainline, the "BIG_KEYS" Kconfig symbol appeared on my
> radar. Is there any reason this cannot be tristate?
>
> The help text says:
>
> This option provides support for holding large keys within the kernel
> (for example Kerberos ticket caches). The data may be stored out to
> swapspace by tmpfs.
>
> If you are unsure as to whether this is required, answer N.
>
> So to save kernel size, I wan't to save N, but for a distro kernel that might
> have Kerberos users, you currently need to say Y, while M would be nicer.
>
> The symbol seems to just control the build of security/keys/big_key.c,
> which could use module_init() in the modular case.
> I'm not sending a patch to change BIG_KEYS from bool to tristate, as this is
> crypto, and I don't understand the full implications.
>
It's possible to have a key type in a module. In fact, some of the existing key
types such as key_type_rxrpc can already be modular. But I don't think it
really works as intended currently because there is no autoloading of key type
modules. That is, if big_key was a module and you tried to add a key of type
"big_key", the big_key module would *not* be automatically loaded, so the call
would return -ENODEV. This could be fixed, I believe.
(I also still need to convince myself that there aren't any race conditions in
key type unregistering. It's a little weird how it changes the key type to the
".dead" key type, rather than pinning the key type in memory while it's still
used.)
Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
WARNING: multiple messages have this Message-ID (diff)
From: Eric Biggers <ebiggers3@gmail.com>
To: Geert Uytterhoeven <geert@linux-m68k.org>
Cc: "Jason A. Donenfeld" <Jason@zx2c4.com>,
linux-security-module@vger.kernel.org, keyrings@vger.kernel.org,
kernel-hardening@lists.openwall.com,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
David Howells <dhowells@redhat.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
Kirill Marinushkin <k.marinushkin@gmail.com>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Ilhan Gurel <ilhan.gurel@gmail.com>,
security@kernel.org, stable <stable@vger.kernel.org>
Subject: Re: Modular BIG_KEYS (was: Re: [PATCH v4] security/keys: rewrite all of big_key crypto)
Date: Mon, 2 Oct 2017 10:01:11 -0700 [thread overview]
Message-ID: <20171002170111.GA6713@gmail.com> (raw)
In-Reply-To: <CAMuHMdWd3ttH7Zdpo=bodkOBw2xiyeX_R9MhPf=Bcf0-QLhOiQ@mail.gmail.com>
On Mon, Oct 02, 2017 at 09:14:36AM +0200, Geert Uytterhoeven wrote:
> Now this has hit mainline, the "BIG_KEYS" Kconfig symbol appeared on my
> radar. Is there any reason this cannot be tristate?
>
> The help text says:
>
> This option provides support for holding large keys within the kernel
> (for example Kerberos ticket caches). The data may be stored out to
> swapspace by tmpfs.
>
> If you are unsure as to whether this is required, answer N.
>
> So to save kernel size, I wan't to save N, but for a distro kernel that might
> have Kerberos users, you currently need to say Y, while M would be nicer.
>
> The symbol seems to just control the build of security/keys/big_key.c,
> which could use module_init() in the modular case.
> I'm not sending a patch to change BIG_KEYS from bool to tristate, as this is
> crypto, and I don't understand the full implications.
>
It's possible to have a key type in a module. In fact, some of the existing key
types such as key_type_rxrpc can already be modular. But I don't think it
really works as intended currently because there is no autoloading of key type
modules. That is, if big_key was a module and you tried to add a key of type
"big_key", the big_key module would *not* be automatically loaded, so the call
would return -ENODEV. This could be fixed, I believe.
(I also still need to convince myself that there aren't any race conditions in
key type unregistering. It's a little weird how it changes the key type to the
".dead" key type, rather than pinning the key type in memory while it's still
used.)
Eric
next prev parent reply other threads:[~2017-10-02 17:01 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-02 7:14 [kernel-hardening] Modular BIG_KEYS (was: Re: [PATCH v4] security/keys: rewrite all of big_key crypto) Geert Uytterhoeven
2017-10-02 7:14 ` Geert Uytterhoeven
2017-10-02 7:14 ` Geert Uytterhoeven
2017-10-02 7:14 ` Geert Uytterhoeven
2017-10-02 17:01 ` Eric Biggers [this message]
2017-10-02 17:01 ` Eric Biggers
2017-10-02 17:01 ` Eric Biggers
2017-10-02 17:01 ` Eric Biggers
2017-10-03 9:04 ` [kernel-hardening] " David Howells
2017-10-03 9:04 ` David Howells
2017-10-03 9:04 ` David Howells
2017-10-03 9:04 ` David Howells
2017-10-02 21:12 ` [kernel-hardening] " David Howells
2017-10-02 21:12 ` David Howells
2017-10-02 21:12 ` David Howells
2017-10-02 21:12 ` David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171002170111.GA6713@gmail.com \
--to=ebiggers3@gmail.com \
--cc=Jason@zx2c4.com \
--cc=ard.biesheuvel@linaro.org \
--cc=dhowells@redhat.com \
--cc=geert@linux-m68k.org \
--cc=herbert@gondor.apana.org.au \
--cc=ilhan.gurel@gmail.com \
--cc=k.marinushkin@gmail.com \
--cc=kernel-hardening@lists.openwall.com \
--cc=keyrings@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=security@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.