From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from mail-pg1-x544.google.com ([2607:f8b0:4864:20::544]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1jz2MB-0001uT-Ak for kexec@lists.infradead.org; Fri, 24 Jul 2020 18:23:45 +0000 Received: by mail-pg1-x544.google.com with SMTP id l63so5737722pge.12 for ; Fri, 24 Jul 2020 11:23:41 -0700 (PDT) Date: Fri, 24 Jul 2020 11:23:37 -0700 From: Kees Cook Subject: Re: [PATCH v2 15/18] fs/kernel_file_read: Add "offset" arg for partial reads Message-ID: <202007241122.50FD503@keescook> References: <20200722193020.2676422-1-keescook@chromium.org> <20200722193020.2676422-16-keescook@chromium.org> <202007231131.9704A8B330@keescook> <02cffea0-5ed4-05a5-f86d-b6643f32e595@broadcom.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <02cffea0-5ed4-05a5-f86d-b6643f32e595@broadcom.com> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "kexec" Errors-To: kexec-bounces+dwmw2=infradead.org@lists.infradead.org To: Scott Branden Cc: linux-efi@vger.kernel.org, "Rafael J. Wysocki" , Peter Zijlstra , linux-fsdevel@vger.kernel.org, Stephen Boyd , SeongJae Park , Mimi Zohar , David Howells , Tushar Sugandhi , Peter Jones , linux-kselftest@vger.kernel.org, "Joel Fernandes (Google)" , Shuah Khan , Ard Biesheuvel , Thomas Cedeno , linux-security-module@vger.kernel.org, Anders Roxell , Paul Moore , Mauro Carvalho Chehab , Michael Ellerman , Nayna Jain , Matthew Garrett , James Morris , Lakshmi Ramasubramanian , Aaron Goidel , "Serge E. Hallyn" , Wenwen Wang , selinux@vger.kernel.org, Jessica Yu , Hans de Goede , Alexander Viro , Matthieu Baerts , KP Singh , Eric Paris , linux-integrity@vger.kernel.org, Florent Revest , Andrea Righi , Greg Kroah-Hartman , Stephen Smalley , Randy Dunlap , kexec@lists.infradead.org, linux-kernel@vger.kernel.org, Luis Chamberlain , Eric Biederman , Dave Olsthoorn , Dmitry Kasatkin , Casey Schaufler , Joe Perches , Andrew Morton , Thiago Jung Bauermann On Thu, Jul 23, 2020 at 10:41:07PM -0700, Scott Branden wrote: > > > On 2020-07-23 12:15 p.m., Kees Cook wrote: > > On Wed, Jul 22, 2020 at 03:29:26PM -0700, Scott Branden wrote: > > > These changes don't pass the kernel-selftest for partial reads I added > > > (which are at the end of this patch v2 series). > > Oh, interesting. Is there any feedback in dmesg? I wonder if I have the > > LSMs configured differently than you? > I have no LSMs configured that I know of. > Yes, there is failure in dmesg which is how I determined to add my > workaround. > Without workaround, dmesg log attached after booting and running > fw_run_tests.h > > > See change below added for temp workaround for issue. > > > > [...] > > > > + > > > > + whole_file = (offset == 0 && i_size <= buf_size); > > > A hack to get this passing I added which probably breaks some security? > > > if (whole_file) { > > > > + ret = security_kernel_read_file(file, id, whole_file); > > > > + if (ret) > > > > + goto out; > > > > + > > > } > > This would imply I did something wrong in the LSM hook refactoring (i.e. > > some LSM is rejecting the !whole_file case, but if the entire call to > > the hooks are skipped, it's okay). > > > > What does this return on your test system: > > > > echo $(cat /sys/kernel/security/lsm) > ima kernel configs are enabled but I don't enable security policies > on the kernel command line. > > echo $(cat /sys/kernel/security/lsm) > cat: /sys/kernel/security/lsm: No such file or directory Oh, er... CONFIG_SECURITYFS is missing? Can you send me your .config? -- Kees Cook _______________________________________________ kexec mailing list kexec@lists.infradead.org http://lists.infradead.org/mailman/listinfo/kexec