From: "Luis R. Rodriguez" <mcgrof@suse.com>
To: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: linux-security-module@vger.kernel.org, kexec@lists.infradead.org,
linux-modules@vger.kernel.org, fsdevel@vger.kernel.org,
David Howells <dhowells@redhat.com>,
David Woodhouse <dwmw2@infradead.org>,
Kees Cook <keescook@chromium.org>,
Dmitry Torokhov <dmitry.torokhov@gmail.com>,
Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
Julia Lawall <julia.lawall@lip6.fr>
Subject: Re: [RFC PATCH v2 06/11] kexec: replace call to copy_file_from_fd() with kernel version
Date: Thu, 21 Jan 2016 00:12:40 +0100 [thread overview]
Message-ID: <20160120231240.GL11277@wotan.suse.de> (raw)
In-Reply-To: <1453129886-20192-7-git-send-email-zohar@linux.vnet.ibm.com>
On Mon, Jan 18, 2016 at 10:11:21AM -0500, Mimi Zohar wrote:
> diff --git a/fs/exec.c b/fs/exec.c
> index 211b81c..a5ae51e 100644
> --- a/fs/exec.c
> +++ b/fs/exec.c
> @@ -884,6 +884,21 @@ out:
> }
> EXPORT_SYMBOL_GPL(kernel_read_file);
>
> +int kernel_read_file_from_fd(int fd, void **buf, loff_t *size, loff_t max_size,
> + int policy_id)
> +{
> + struct fd f = fdget(fd);
> + int ret = -ENOEXEC;
> +
> + if (!f.file)
> + goto out;
> +
> + ret = kernel_read_file(f.file, buf, size, max_size, policy_id);
> +out:
> + fdput(f);
> + return ret;
> +}
> +
Don't you need to EXPORT_SYMBOL_GPL() here as well?
> diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c
> index 4edf47f..3adf937 100644
> --- a/security/integrity/ima/ima_appraise.c
> +++ b/security/integrity/ima/ima_appraise.c
> @@ -78,6 +78,8 @@ enum integrity_status ima_get_cache_status(struct integrity_iint_cache *iint,
> return iint->ima_module_status;
> case FIRMWARE_CHECK:
> return iint->ima_firmware_status;
> + case KEXEC_CHECK ... IMA_MAX_READ_CHECK - 1:
> + return iint->ima_read_status;
I didn't get the memo that we're OK to use compiler specific extensions
like this. I'm sure if you are using it its not the first case, just
want to be sure we are aware of possible issues if some compiler doesn't
support this.
If we don't have a precedence can we just avoid its use?
Cc'd Julia in case this might be of interest for Coccinelle to grok.
> case FILE_CHECK:
> default:
> return iint->ima_file_status;
> @@ -100,6 +102,9 @@ static void ima_set_cache_status(struct integrity_iint_cache *iint,
> case FIRMWARE_CHECK:
> iint->ima_firmware_status = status;
> break;
> + case KEXEC_CHECK ... IMA_MAX_READ_CHECK - 1:
> + iint->ima_read_status = status;
> + break;
> case FILE_CHECK:
> default:
> iint->ima_file_status = status;
Likewise.
> @@ -122,6 +127,8 @@ static void ima_cache_flags(struct integrity_iint_cache *iint, int func)
> case FIRMWARE_CHECK:
> iint->flags |= (IMA_FIRMWARE_APPRAISED | IMA_APPRAISED);
> break;
> + case KEXEC_CHECK ... IMA_MAX_READ_CHECK - 1:
> + break;
> case FILE_CHECK:
> default:
> iint->flags |= (IMA_FILE_APPRAISED | IMA_APPRAISED);
Likewise.
> diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
> index 595e038..4711083 100644
> --- a/security/integrity/ima/ima_policy.c
> +++ b/security/integrity/ima/ima_policy.c
> @@ -306,6 +306,8 @@ static int get_subaction(struct ima_rule_entry *rule, int func)
> return IMA_MODULE_APPRAISE;
> case FIRMWARE_CHECK:
> return IMA_FIRMWARE_APPRAISE;
> + case KEXEC_CHECK ... IMA_MAX_READ_CHECK - 1:
> + return IMA_READ_APPRAISE;
> case FILE_CHECK:
> default:
> return IMA_FILE_APPRAISE;
Likewise.
> @@ -948,10 +956,19 @@ int ima_policy_show(struct seq_file *m, void *v)
> seq_printf(m, pt(Opt_func), ft(func_post));
> break;
> default:
> - snprintf(tbuf, sizeof(tbuf), "%d",
> - entry->hooks.func);
> - seq_printf(m, pt(Opt_func), tbuf);
> - break;
> + switch (entry->hooks.policy_id) {
> + case KEXEC_CHECK:
> + seq_printf(m, pt(Opt_func), ft(func_kexec));
> + break;
> + case INITRAMFS_CHECK:
> + seq_printf(m, pt(Opt_func), ft(func_initramfs));
> + break;
> + default:
> + snprintf(tbuf, sizeof(tbuf), "%d",
> + entry->hooks.func);
> + seq_printf(m, pt(Opt_func), tbuf);
> + break;
> + }
> }
> seq_puts(m, " ");
> }
Two switches wrapped tend to lead to messy and hard to read code,
is using a function here better?
Luis
next prev parent reply other threads:[~2016-01-20 23:12 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-18 15:11 [RFC PATCH v2 00/11] vfss: support for a common kernel file loader Mimi Zohar
2016-01-18 15:11 ` [RFC PATCH v2 01/11] ima: separate 'security.ima' reading functionality from collect Mimi Zohar
2016-01-19 20:00 ` Dmitry Kasatkin
2016-01-21 13:19 ` Mimi Zohar
2016-01-21 18:18 ` Dmitry Kasatkin
2016-01-18 15:11 ` [RFC PATCH v2 02/11] vfs: define a generic function to read a file from the kernel Mimi Zohar
2016-01-20 1:09 ` Luis R. Rodriguez
2016-01-21 13:24 ` Mimi Zohar
2016-01-18 15:11 ` [RFC PATCH v2 03/11] ima: provide buffer hash calculation function Mimi Zohar
2016-01-19 19:26 ` Dmitry Kasatkin
2016-01-21 13:18 ` Mimi Zohar
2016-01-18 15:11 ` [RFC PATCH v2 04/11] ima: calculate the hash of a buffer using aynchronous hash(ahash) Mimi Zohar
2016-01-18 15:11 ` [RFC PATCH v2 05/11] ima: define a new hook to measure and appraise a file already in memory Mimi Zohar
2016-01-18 15:11 ` [RFC PATCH v2 06/11] kexec: replace call to copy_file_from_fd() with kernel version Mimi Zohar
2016-01-20 3:22 ` Minfei Huang
2016-01-20 23:12 ` Luis R. Rodriguez [this message]
2016-01-21 0:27 ` Dmitry Torokhov
2016-01-25 6:37 ` Dave Young
2016-01-25 7:02 ` Dave Young
2016-01-25 15:04 ` Mimi Zohar
2016-01-25 20:34 ` Luis R. Rodriguez
2016-01-25 23:48 ` Mimi Zohar
2016-01-26 20:48 ` Luis R. Rodriguez
2016-01-26 1:20 ` Dave Young
2016-01-26 16:40 ` Mimi Zohar
2016-01-27 1:50 ` Dave Young
2016-01-18 15:11 ` [RFC PATCH v2 07/11] firmware: replace call to fw_read_file_contents() " Mimi Zohar
2016-01-20 0:10 ` Kees Cook
2016-01-21 12:04 ` Mimi Zohar
2016-01-20 23:39 ` Luis R. Rodriguez
2016-01-20 23:56 ` Luis R. Rodriguez
2016-01-21 12:05 ` Mimi Zohar
2016-01-21 16:49 ` Luis R. Rodriguez
2016-01-18 15:11 ` [RFC PATCH v2 08/11] module: replace copy_module_from_fd " Mimi Zohar
2016-01-21 0:03 ` Luis R. Rodriguez
2016-01-21 13:12 ` Mimi Zohar
2016-01-21 15:45 ` Paul Moore
2016-01-21 21:15 ` Mimi Zohar
2016-01-21 21:26 ` Paul Moore
2016-01-21 21:58 ` Kees Cook
2016-01-21 16:56 ` Luis R. Rodriguez
2016-01-21 20:37 ` Mimi Zohar
2016-01-18 15:11 ` [RFC PATCH v2 09/11] ima: load policy using path Mimi Zohar
2016-01-21 0:05 ` Luis R. Rodriguez
2016-01-21 13:15 ` Mimi Zohar
2016-01-23 2:59 ` Luis R. Rodriguez
2016-01-18 15:11 ` [RFC PATCH v2 10/11] ima: measure and appraise the IMA policy itself Mimi Zohar
2016-01-18 15:11 ` [RFC PATCH v2 11/11] ima: require signed IMA policy Mimi Zohar
2016-01-21 20:16 ` [RFC PATCH v2 00/11] vfss: support for a common kernel file loader Luis R. Rodriguez
2016-01-21 20:18 ` Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160120231240.GL11277@wotan.suse.de \
--to=mcgrof@suse.com \
--cc=dhowells@redhat.com \
--cc=dmitry.kasatkin@gmail.com \
--cc=dmitry.torokhov@gmail.com \
--cc=dwmw2@infradead.org \
--cc=fsdevel@vger.kernel.org \
--cc=julia.lawall@lip6.fr \
--cc=keescook@chromium.org \
--cc=kexec@lists.infradead.org \
--cc=linux-modules@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).