From: Kees Cook <keescook@chromium.org>
To: Scott Branden <scott.branden@broadcom.com>
Cc: "Rafael J. Wysocki" <rafael@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
Stephen Boyd <stephen.boyd@linaro.org>,
Mimi Zohar <zohar@linux.ibm.com>,
David Howells <dhowells@redhat.com>,
Peter Jones <pjones@redhat.com>,
"Joel Fernandes (Google)" <joel@joelfernandes.org>,
linux-security-module@vger.kernel.org,
Paul Moore <paul@paul-moore.com>,
Mauro Carvalho Chehab <mchehab+huawei@kernel.org>,
Matthew Garrett <matthewgarrett@google.com>,
James Morris <jmorris@namei.org>,
Matthew Wilcox <willy@infradead.org>,
KP Singh <kpsingh@google.com>,
"Serge E. Hallyn" <serge@hallyn.com>,
Kees Cook <keescook@chromium.org>,
selinux@vger.kernel.org, Jessica Yu <jeyu@kernel.org>,
Hans de Goede <hdegoede@redhat.com>,
Alexander Viro <viro@zeniv.linux.org.uk>,
linux-integrity@vger.kernel.org,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Stephen Smalley <stephen.smalley.work@gmail.com>,
Randy Dunlap <rdunlap@infradead.org>,
kexec@lists.infradead.org, linux-kernel@vger.kernel.org,
Luis Chamberlain <mcgrof@kernel.org>,
"Eric W. Biederman" <ebiederm@xmission.com>,
Dave Olsthoorn <dave@bewaar.me>,
Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
Casey Schaufler <casey@schaufler-ca.com>,
linux-fsdevel@vger.kernel.org,
Andrew Morton <akpm@linux-foundation.org>
Subject: [PATCH 00/13] Introduce partial kernel_read_file() support
Date: Fri, 17 Jul 2020 10:42:55 -0700 [thread overview]
Message-ID: <20200717174309.1164575-1-keescook@chromium.org> (raw)
Hi,
Here's my attempt at clearing the path to partial read support in
kernel_read_file(), which fixes a number of issues along the way. I'm
still fighting with the firmware test suite (it doesn't seem to pass
for me even in stock v5.7... ?) But I don't want to block Scott's work[1]
any this week, so here's the series as it is currently.
The primary difference to Scott's approach is to avoid adding a new set of
functions and just adapt the existing APIs to deal with "offset". Also,
the fixes for the enum are first in the series so they can be backported
without the header file relocation.
I'll keep poking at the firmware tests...
-Kees
[1] https://lore.kernel.org/lkml/202007161415.10D015477@keescook/
Kees Cook (12):
firmware_loader: EFI firmware loader must handle pre-allocated buffer
fs/kernel_read_file: Remove FIRMWARE_PREALLOC_BUFFER enum
fs/kernel_read_file: Remove FIRMWARE_EFI_EMBEDDED enum
fs/kernel_read_file: Split into separate source file
fs/kernel_read_file: Remove redundant size argument
fs/kernel_read_file: Switch buffer size arg to size_t
fs/kernel_read_file: Add file_size output argument
LSM: Introduce kernel_post_load_data() hook
firmware_loader: Use security_post_load_data()
module: Call security_kernel_post_load_data()
LSM: Add "contents" flag to kernel_read_file hook
fs/kernel_file_read: Add "offset" arg for partial reads
Scott Branden (1):
fs/kernel_read_file: Split into separate include file
drivers/base/firmware_loader/fallback.c | 8 +-
.../base/firmware_loader/fallback_platform.c | 12 +-
drivers/base/firmware_loader/main.c | 13 +-
fs/Makefile | 3 +-
fs/exec.c | 132 +-----------
fs/kernel_read_file.c | 189 ++++++++++++++++++
include/linux/fs.h | 39 ----
include/linux/ima.h | 19 +-
include/linux/kernel_read_file.h | 55 +++++
include/linux/lsm_hook_defs.h | 6 +-
include/linux/lsm_hooks.h | 12 ++
include/linux/security.h | 19 +-
kernel/kexec.c | 2 +-
kernel/kexec_file.c | 18 +-
kernel/module.c | 24 ++-
security/integrity/digsig.c | 8 +-
security/integrity/ima/ima_fs.c | 9 +-
security/integrity/ima/ima_main.c | 58 ++++--
security/integrity/ima/ima_policy.c | 1 +
security/loadpin/loadpin.c | 17 +-
security/security.c | 26 ++-
security/selinux/hooks.c | 8 +-
22 files changed, 432 insertions(+), 246 deletions(-)
create mode 100644 fs/kernel_read_file.c
create mode 100644 include/linux/kernel_read_file.h
--
2.25.1
_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
next reply other threads:[~2020-07-17 17:43 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-17 17:42 Kees Cook [this message]
2020-07-17 17:42 ` [PATCH 01/13] firmware_loader: EFI firmware loader must handle pre-allocated buffer Kees Cook
2020-07-17 19:08 ` Scott Branden
2020-07-17 17:42 ` [PATCH 02/13] fs/kernel_read_file: Remove FIRMWARE_PREALLOC_BUFFER enum Kees Cook
2020-07-17 19:09 ` Scott Branden
2020-07-17 17:42 ` [PATCH 03/13] fs/kernel_read_file: Remove FIRMWARE_EFI_EMBEDDED enum Kees Cook
2020-07-17 19:10 ` Scott Branden
2020-07-17 17:42 ` [PATCH 04/13] fs/kernel_read_file: Split into separate include file Kees Cook
2020-07-17 17:43 ` [PATCH 05/13] fs/kernel_read_file: Split into separate source file Kees Cook
2020-07-17 19:11 ` Scott Branden
2020-07-17 17:43 ` [PATCH 06/13] fs/kernel_read_file: Remove redundant size argument Kees Cook
2020-07-17 19:04 ` Scott Branden
2020-07-17 19:55 ` Scott Branden
2020-07-17 22:06 ` Kees Cook
2020-07-18 5:44 ` Scott Branden
2020-07-21 21:43 ` Scott Branden
2020-07-21 21:50 ` Kees Cook
2020-07-17 17:43 ` [PATCH 07/13] fs/kernel_read_file: Switch buffer size arg to size_t Kees Cook
2020-07-20 8:34 ` David Laight
2020-07-17 17:43 ` [PATCH 08/13] fs/kernel_read_file: Add file_size output argument Kees Cook
2020-07-17 17:43 ` [PATCH 09/13] LSM: Introduce kernel_post_load_data() hook Kees Cook
2020-07-17 17:43 ` [PATCH 10/13] firmware_loader: Use security_post_load_data() Kees Cook
2020-07-17 17:43 ` [PATCH 11/13] module: Call security_kernel_post_load_data() Kees Cook
2020-07-17 17:43 ` [PATCH 12/13] LSM: Add "contents" flag to kernel_read_file hook Kees Cook
2020-07-17 17:43 ` [PATCH 13/13] fs/kernel_file_read: Add "offset" arg for partial reads Kees Cook
2020-07-17 19:17 ` [PATCH 00/13] Introduce partial kernel_read_file() support Scott Branden
2020-07-17 22:10 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200717174309.1164575-1-keescook@chromium.org \
--to=keescook@chromium.org \
--cc=akpm@linux-foundation.org \
--cc=casey@schaufler-ca.com \
--cc=dave@bewaar.me \
--cc=dhowells@redhat.com \
--cc=dmitry.kasatkin@gmail.com \
--cc=ebiederm@xmission.com \
--cc=gregkh@linuxfoundation.org \
--cc=hdegoede@redhat.com \
--cc=jeyu@kernel.org \
--cc=jmorris@namei.org \
--cc=joel@joelfernandes.org \
--cc=kexec@lists.infradead.org \
--cc=kpsingh@google.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=matthewgarrett@google.com \
--cc=mcgrof@kernel.org \
--cc=mchehab+huawei@kernel.org \
--cc=paul@paul-moore.com \
--cc=peterz@infradead.org \
--cc=pjones@redhat.com \
--cc=rafael@kernel.org \
--cc=rdunlap@infradead.org \
--cc=scott.branden@broadcom.com \
--cc=selinux@vger.kernel.org \
--cc=serge@hallyn.com \
--cc=stephen.boyd@linaro.org \
--cc=stephen.smalley.work@gmail.com \
--cc=viro@zeniv.linux.org.uk \
--cc=willy@infradead.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox