From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.4 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id DF03BC433E0 for ; Wed, 8 Jul 2020 03:06:35 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id AE46F20720 for ; Wed, 8 Jul 2020 03:06:35 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=broadcom.com header.i=@broadcom.com header.b="JKld2quK" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728753AbgGHDGf (ORCPT ); Tue, 7 Jul 2020 23:06:35 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56854 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728769AbgGHDGe (ORCPT ); Tue, 7 Jul 2020 23:06:34 -0400 Received: from mail-wm1-x343.google.com (mail-wm1-x343.google.com [IPv6:2a00:1450:4864:20::343]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 90065C08C5E1 for ; Tue, 7 Jul 2020 20:06:34 -0700 (PDT) Received: by mail-wm1-x343.google.com with SMTP id f139so1377823wmf.5 for ; Tue, 07 Jul 2020 20:06:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=broadcom.com; s=google; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding:content-language; bh=clG40jEocuU8wd1OMuvgXzRO4UKlf5Hl17E/FM+Odb4=; b=JKld2quKagE5gZ7N0UONxJhyhzqQiCZ7vZJrP/oWaxIhLdQat6EFYBsSXfR1z5xzFR tDEe0PNwSAPdlTgrGPYC65QJ1XEpGrvK9l53W1ipZx7Ps7WFZblPfvXRVXl6SNIO6H59 qMuWBigh6gQ2kZDXFV/FnmErnLC8LhAArcCgA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=clG40jEocuU8wd1OMuvgXzRO4UKlf5Hl17E/FM+Odb4=; b=YUp+93k9gfGAZrCc/5z3dnqvEf6e2nRQ/zli3d0a9W/gGAhUUceh7+4fcfFhZA3A06 UXJh8xUgE9KWXmNFYE6BZXCgmmzlYCONN7YlPy7qyxgu7Xtj+T3a/NGUq7pxFTARh8ca fVWN60N2j/J1X1Z6vrwlRfADZ2U3rx6944TUdMU/1SekLHv1T8+IysryPTZcjRov7wk8 U8n2Y2FCEG16xacfWDTPBscoUbMwAEmwuOR/1uOm8xP45Z1SkEy3EptnBMf4GINn/7uv 4LZLXp4XD+U/Evc9gjwkzkx97qus+0RGL+cDa4xb2VsiArVgSnalOcThvluSRQH4R87Z Owjg== X-Gm-Message-State: AOAM532bw/Uqp4WGDKff6YRUwBmQKtims8besY5Gq06KGHY5iP4T4Nrv LHFb9D+OhFUBKYSpG5OEgKWXPg== X-Google-Smtp-Source: ABdhPJwDURq126yewbHhgEiHcWbVtS6SzLoFi5wd0CcswuGQSAZ8LL58AC9V+QfEVIgEfQYx34dymg== X-Received: by 2002:a1c:2402:: with SMTP id k2mr7012367wmk.138.1594177593142; Tue, 07 Jul 2020 20:06:33 -0700 (PDT) Received: from [10.136.13.65] ([192.19.228.250]) by smtp.gmail.com with ESMTPSA id 92sm3769255wrr.96.2020.07.07.20.06.25 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 07 Jul 2020 20:06:32 -0700 (PDT) Subject: Re: [PATCH 2/4] fs: Remove FIRMWARE_PREALLOC_BUFFER from kernel_read_file() enums To: Kees Cook Cc: James Morris , Luis Chamberlain , Mimi Zohar , Greg Kroah-Hartman , "Rafael J. Wysocki" , Alexander Viro , Jessica Yu , Dmitry Kasatkin , "Serge E. Hallyn" , Casey Schaufler , "Eric W. Biederman" , Peter Zijlstra , Matthew Garrett , David Howells , Mauro Carvalho Chehab , Randy Dunlap , "Joel Fernandes (Google)" , KP Singh , Dave Olsthoorn , Hans de Goede , Peter Jones , Andrew Morton , Stephen Boyd , Paul Moore , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, Christoph Hellwig References: <20200707081926.3688096-1-keescook@chromium.org> <20200707081926.3688096-3-keescook@chromium.org> <0a5e2c2e-507c-9114-5328-5943f63d707e@broadcom.com> <202007071447.D96AA42ECE@keescook> From: Scott Branden Message-ID: Date: Tue, 7 Jul 2020 20:06:23 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.8.0 MIME-Version: 1.0 In-Reply-To: <202007071447.D96AA42ECE@keescook> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Hi Kees, Thanks for looking at my patch series to see how it relates. I see what you're trying to accomplish in various areas of cleanup. I'll comment as I go through your individual emails. 1 comment below. On 2020-07-07 2:55 p.m., Kees Cook wrote: > On Tue, Jul 07, 2020 at 09:42:02AM -0700, Scott Branden wrote: >> On 2020-07-07 1:19 a.m., Kees Cook wrote: >>> FIRMWARE_PREALLOC_BUFFER is a "how", not a "what", and confuses the LSMs >>> that are interested in filtering between types of things. The "how" >>> should be an internal detail made uninteresting to the LSMs. >>> >>> Fixes: a098ecd2fa7d ("firmware: support loading into a pre-allocated buffer") >>> Fixes: fd90bc559bfb ("ima: based on policy verify firmware signatures (pre-allocated buffer)") >>> Fixes: 4f0496d8ffa3 ("ima: based on policy warn about loading firmware (pre-allocated buffer)") >>> [...] >>> diff --git a/include/linux/fs.h b/include/linux/fs.h >>> index 3f881a892ea7..95fc775ed937 100644 >>> --- a/include/linux/fs.h >>> +++ b/include/linux/fs.h >>> @@ -2993,10 +2993,10 @@ static inline void i_readcount_inc(struct inode *inode) >>> #endif >>> extern int do_pipe_flags(int *, int); >>> +/* This is a list of *what* is being read, not *how*. */ >>> #define __kernel_read_file_id(id) \ >>> id(UNKNOWN, unknown) \ >>> id(FIRMWARE, firmware) \ >> With this change, I'm trying to figure out how the partial firmware read is >> going to work on top of this reachitecture. >> Is it going to be ok to add READING_PARTIAL_FIRMWARE here as that is a >> "what"? > No, that's why I said you need to do the implementation within the API > and not expect each LSM to implement their own (as I mentioned both > times): > > https://lore.kernel.org/lkml/202005221551.5CA1372@keescook/ > https://lore.kernel.org/lkml/202007061950.F6B3D9E6A@keescook/ > > I will reply in the thread above. > >>> - id(FIRMWARE_PREALLOC_BUFFER, firmware) \ >> My patch series gets rejected any time I make a change to the >> kernel_read_file* region in linux/fs.h. >> The requirement is for this api to move to another header file outside of >> linux/fs.h >> It seems the same should apply to your change. > Well I'm hardly making the same level of changes, but yeah, sure, if > that helps move things along, I can include that here. > >> Could you please add the following patch to the start of you patch series to >> move the kernel_read_file* to its own include file? >> https://patchwork.kernel.org/patch/11647063/ > https://lore.kernel.org/lkml/20200706232309.12010-2-scott.branden@broadcom.com/ > > You've included it in include/linux/security.h and that should be pretty > comprehensive, it shouldn't be needed in so many .c files. Some people want the header files included in each c file they are used. Others want header files not included if they are included in another header file. I chose the first approach: every file that uses the api includes the header file. I didn't know there was a standard approach to only put it in security.h >