Received: by 10.213.65.68 with SMTP id h4csp1912691imn; Thu, 29 Mar 2018 13:29:07 -0700 (PDT) X-Google-Smtp-Source: AIpwx4+Nv/7GlA8AMz48189UDYiwWZrxnGP6906fNLUXQzhIqgMF7gAnXSHbAXyOFqLGAo6ej9P6 X-Received: by 10.101.100.203 with SMTP id t11mr6542360pgv.129.1522355347098; Thu, 29 Mar 2018 13:29:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522355347; cv=none; d=google.com; s=arc-20160816; b=RbYAup56o+P6iWXhxnxOv7VR1GqDM8rdyeJFfoq0hu82vN9os1zgbyGDpK+nwOfGEn n2GDwK9G4g1cdRtXSZk58ZXeiz0pyS4aipaMfwMkBEjpm8pNvUvho9T/tzWt2jT5Jnwz d+jH5DRHTuzAPFTHrk8/if4wOel0XuTR67L9IkUtIcBACXEN58fenap1XgObUQa7nY/C uzbzmApMc05Bsd/YjUzKCTx27Ti2CDkWFuyI8WqPr4p4bQX/RwTHXbFIrACgM7iYAo8B 2EeKPDtK99lR6a08XbPbzjulFtwDRbctBM2lLAnSZ1env/l7AbdY9UoAgU+ipkCI9xvL 5WZQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature :arc-authentication-results; bh=qNx+9UQkTGCgs6+mFL971GimGbxM+MGj5rILPg1ugHs=; b=cMMEWa6ZQd3hZ0rYxg5KNQjtGrXhPcjYJ1EfxusYDD8bvXfh3BAr1mbrNSVDlaAJ9w lEndbeU2qgeKK8x/uSmQR51ILZ8lWYlbUCi+1bc8zx3BM0Ag7OohSkBbwK0/ZGuxmnMo kHqB0eFNh8/UmjwgmDHDtC4/+zaoe9f5Xl4wBpH4tUveVd7JAR1BZYsX4aqPfRfv9LHM fE1BvFJPa5IGRMDwlwUAJcmdDN7BhogymQxp9ZFZ1MhGOM2zcEzuqx+gyPyGeDcS23Wy /16nJ964uGEmU/1Xcabsn/QewEyHfusDwoDEuW33iGWBFTw/u3T8YsTWOwUXOIk5VquJ yLsQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=Kxftk0AA; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o12-v6si6526115plg.650.2018.03.29.13.28.53; Thu, 29 Mar 2018 13:29:07 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=Kxftk0AA; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752247AbeC2UZb (ORCPT + 99 others); Thu, 29 Mar 2018 16:25:31 -0400 Received: from mail-wr0-f171.google.com ([209.85.128.171]:41429 "EHLO mail-wr0-f171.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752201AbeC2UZ2 (ORCPT ); Thu, 29 Mar 2018 16:25:28 -0400 Received: by mail-wr0-f171.google.com with SMTP id f14so6447390wre.8; Thu, 29 Mar 2018 13:25:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=qNx+9UQkTGCgs6+mFL971GimGbxM+MGj5rILPg1ugHs=; b=Kxftk0AAGOSkl4AgjW108iIGuxBxBGjXm4JlnQ9POPmfGZh6WJRogMpglvLCGBUpDv V/Wbf4yJ7O5stNqv4KaD3OWE0DmJ4DraFXOBzhmfrzPm4ToBp+R/x90NB7nsQo+KXNFG uBgEPNHqj9VS6MlTMRLO121LBCggML950hxLk0eYM7nYEogoafYL/WMUl25YtJW7QDfg GOzR/cFL0tI/RVLJugSkmc8PyOo6f/GWtzZUJp7suG9D5FhqVWqeHRs7FAZrdwlwi+ir /VAYcp3wn9V4+cNMOcOF+9f21XP3zcQDe/yBv3SthGx8gkGs+D7F8pEqdiGIcDc5pGDg 1Vuw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=qNx+9UQkTGCgs6+mFL971GimGbxM+MGj5rILPg1ugHs=; b=oMYz97lMnsCzULQZTgve6GhkUjse9K3DaBjQzCO8ldkpmCsXUKN/lpamFPBVNe+4Mr BgNc/z1sEFQ9CwIaELHF6U52pmWuqKqq5sXv23EysVPd/SSEaVujFCwAq5aJW9FlbJy3 d9wlXPrmvHpdA1ZdInTtRZVLW2goTFIHGC0EfvPkbaHGavo+YpzQewkt2fdnfdFY1MSv XfeiYz7uqGss2SDHon3H2e2N4E2oHDnS/DwNib3AGev/KmOXNaFCfrNUtz+K1alWLXSo Kt6MaPiSxL0NXGcQNUYymeWdaJS2BN+A02MYZkJ4WSsbBpXlJwEprtcOsaQRvHOc0+iI +Y5w== X-Gm-Message-State: AElRT7G92wyyqQ7wTjtPp8+rtFeMmWZNxwcZUEi2sFVHeDCG7XptYX6e MBPgoL9rPEzILetBl/J9QPo= X-Received: by 10.223.155.154 with SMTP id d26mr8268918wrc.8.1522355127292; Thu, 29 Mar 2018 13:25:27 -0700 (PDT) Received: from [10.1.254.201] (bba389416.alshamil.net.ae. [83.110.0.34]) by smtp.gmail.com with ESMTPSA id x128sm1871144wmg.20.2018.03.29.13.25.24 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 29 Mar 2018 13:25:26 -0700 (PDT) Subject: Re: [RFC PATCH v21 0/6] mm: security: ro protection for dynamic data To: Jonathan Corbet , Igor Stoppa Cc: willy@infradead.org, keescook@chromium.org, mhocko@kernel.org, david@fromorbit.com, rppt@linux.vnet.ibm.com, labbott@redhat.com, linux-security-module@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com References: <20180327153742.17328-1-igor.stoppa@huawei.com> <20180327105509.62ec0d4d@lwn.net> From: Igor Stoppa Message-ID: <5b2a6d5d-5e33-614b-c362-c02a99509def@gmail.com> Date: Fri, 30 Mar 2018 00:25:22 +0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <20180327105509.62ec0d4d@lwn.net> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 27/03/18 20:55, Jonathan Corbet wrote: > On Tue, 27 Mar 2018 18:37:36 +0300 > Igor Stoppa wrote: > >> This patch-set introduces the possibility of protecting memory that has >> been allocated dynamically. > > One thing that jumps out at me as I look at the patch set is: you do not > include any users of this functionality. Where do you expect this > allocator to be used? Actually seeing the API in action would be a useful > addition, I think. Yes, this is very true. Initially I had in mind to use LSM hooks as easy example, but sadly they seem to be in an almost constant flux. My real use case is to secure both those and the SELinux policy DB. I have said this few times, but it didn't seem to be worth mentioning in the cover letter. I was hoping to get this merged and then attack both LSM and SELinux, but it didn't fly, so few months ago i decided to try it all together and put on hold my efforts to get pmalloc merged. However, in January, happened this: http://www.openwall.com/lists/kernel-hardening/2018/01/24/1 which rekindled my hopes to get pmalloc in first, as it would make my life easier in proposing the changes to SELinux, if they ar ebased on a nAPI that is already merged. So I hope that, once both API and implementation for pmalloc are in good shape, xfs could be the first customer. If that doesn't happen, I'll go back to the initial plan. Or look for some other easier target. Also the IMA policy could benefit from pmalloc protection, I think, I spent about a week hacking on it and it seems feasible. But it's not exactly small either. I do not know if I should have followed some other path, but I'm having a bit of a hard time, since the API is objectively touching core functionality, and the change I'd like to use as example affects such a large component a SELinux. -- igor