Received: by 10.192.165.156 with SMTP id m28csp1188876imm;
        Wed, 11 Apr 2018 14:11:40 -0700 (PDT)
X-Google-Smtp-Source: AIpwx4+UadLKyQk3HGtVrhQLfRqVYiL+Haydt7tf6+uucDqUZ/5I1DflhmQVqqTclfWmnM0m62C+
X-Received: by 2002:a17:902:5381:: with SMTP id c1-v6mr6667531pli.234.1523481100318;
        Wed, 11 Apr 2018 14:11:40 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1523481100; cv=none;
        d=google.com; s=arc-20160816;
        b=qo122b4/uPVxwobuZUjDIDFYKwLFc/KEz6E2GF4J5ai9paizNpqhsS5PAr3N/pt0u/
         SCiyNCFKg7j7vX+UiSzkXyPegHtDzWeOLMYXmRANYgQ0TeU/twFJ+LcGMZYb+xEK9UMw
         NITS994G3Qjr/8Lbp5CNz4bnJQq7yCHaMfcR3U9En/bkCkVVqRTjatnsl2fK50s/P2sI
         kggRivX2JelIjsmgtNLP99HPKYjrWKwvXvRW5zE+c0P5BYaQClcajNWjrDW7FJvQ1bam
         5mPf1mc+DIbcl0Bb37kkl+SgZhZsgQMEA/iZ2/Vi83kHgvz7junSJSsIYIfZUqaFrML9
         g2jg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :feedback-id:references:in-reply-to:message-id:subject:reply-to:cc
         :from:to:dkim-signature:date:arc-authentication-results;
        bh=43AmNGw5etxIc5e/bmeAi7zyzT2rXip/5fxb1ZMWMOE=;
        b=fdSrs+9JauJmhQA8w+l0XmGV2kZgE7W6UJFX8DdeFLhijM35MZmLHLqsRP4MMf7Pea
         yLk1NIIjh5ydZI/mzoK2VxtvMAAEe1L1KlbCZyg8e+YdjpcYSfX55Jv3FepFuz13Io+m
         BlTyCUeM1BK9WvGmxloXZ4GP5WJXye5pukOFlA2tgAxrxVGa0+jiijCAO1dcjScxSpza
         tMQawP6wcfNSpq5AU2AubajeDx1FEDCvz3a8BWhkMdN/Yp/BqU/ndGTo1YSScS3Cd8a0
         f2/u+6jxYcXqUttraEhK4oKRAcpByfzpQrCuCU5pPrgCeOEg309B96zaHcQteSGEIDSE
         iAtA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@protonmail.ch header.s=default header.b=rrlGxmZy;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.ch
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id f9-v6si1860777pln.45.2018.04.11.14.11.04;
        Wed, 11 Apr 2018 14:11:40 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@protonmail.ch header.s=default header.b=rrlGxmZy;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.ch
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1755377AbeDKVFL (ORCPT <rfc822;ablacktshirt@gmail.com>
        + 99 others); Wed, 11 Apr 2018 17:05:11 -0400
Received: from mail5.protonmail.ch ([185.70.40.28]:42853 "EHLO
        mail5.protonmail.ch" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1755101AbeDKVFI (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 11 Apr 2018 17:05:08 -0400
Date:   Wed, 11 Apr 2018 17:05:04 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.ch;
        s=default; t=1523480705;
        bh=43AmNGw5etxIc5e/bmeAi7zyzT2rXip/5fxb1ZMWMOE=;
        h=Date:To:From:Cc:Reply-To:Subject:In-Reply-To:References:
         Feedback-ID:From;
        b=rrlGxmZyf+O2EOwE7F8KdrrcBH/HzvegwYWVMY9Bwhrcn54M8w8CDsZKbASpSiB4B
         IB9ntPwF1TYHOtAClCTydV1UR2uwsI1kH19XCj9kcJ13WLyTbs633rJ+EiJMIZfaxR
         8U/9mHN4mh/jbRukIZz+GW2suMwnO+bU53r3B4l0=
To:     Linus Torvalds <torvalds@linux-foundation.org>
From:   Jordan Glover <Golden_Miller83@protonmail.ch>
Cc:     David Howells <dhowells@redhat.com>,
        linux-man <linux-man@vger.kernel.org>,
        Linux API <linux-api@vger.kernel.org>,
        James Morris <jmorris@namei.org>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        LSM List <linux-security-module@vger.kernel.org>
Reply-To: Jordan Glover <Golden_Miller83@protonmail.ch>
Subject: Re: [PATCH 01/24] Add the ability to lock down access to the running kernel image
Message-ID: <8z0aRQyD-6Krqntk8UD9WQjK5JSqEai2Pt5oeFU2EplgxoWiHlX5nlJXwCDHQ1WcS1oIprXimgz7UvwHCWDB9Z3dYFrEmZmtkEJSqaYMel8=@protonmail.ch>
In-Reply-To: <CA+55aFzPo-dip8dgyo0U+g5qai9SAJU+D1c+AFJ0zV9_PBAB8Q@mail.gmail.com>
References: <152346387861.4030.4408662483445703127.stgit@warthog.procyon.org.uk>
 <152346388583.4030.15146667041427303547.stgit@warthog.procyon.org.uk>
 <CA+55aFzPo-dip8dgyo0U+g5qai9SAJU+D1c+AFJ0zV9_PBAB8Q@mail.gmail.com>
Feedback-ID: QEdvdaLhFJaqnofhWA-dldGwsuoeDdDw7vz0UPs8r8sanA3bIt8zJdf4aDqYKSy4gJuZ0WvFYJtvq21y6ge_uQ==:Ext:ProtonMail
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: No, score=-0.6 required=5.0 tests=ALL_TRUSTED,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,
        FREEMAIL_REPLYTO_END_DIGIT autolearn=no autolearn_force=no version=3.4.1
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on mail.protonmail.ch
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On April 11, 2018 8:09 PM, Linus Torvalds <torvalds@linux-foundation.org> w=
rote:

> On Wed, Apr 11, 2018 at 9:24 AM, David Howells dhowells@redhat.com wrote:
>=20
> > Provide a single call to allow kernel code to determine whether the sys=
tem
> >=20
> > should be locked down, thereby disallowing various accesses that might
> >=20
> > allow the running kernel image to be changed, including:
> >=20
> > -   /dev/mem and similar
> > -   Loading of unauthorised modules
> > -   Fiddling with MSR registers
> > -   Suspend to disk managed by the kernel
> > -   Use of device DMA
>=20
> So what I stlll absolutely detest about this series is that I think
>=20
> many of these things should simply be done as separate config options.
>=20
> For example, if the distro is sure that it doesn't need /dev/mem, then
>=20
> why the hell is this tied to "lockdown" that then may have to be
>=20
> disabled because other changes may not be acceptable (eg people may
>=20
> need that device DMA, or whatever).
>=20
> If that /dev/mem access prevention was just instead done as an even
>=20
> stricter mode of the existing CONFIG_STRICT_DEVMEM, it could just be
>=20
> enabled unconditionally.

CONFIG_DEVMEM=3Dn

>=20
> So none of these patches raise my hackles per se. But what continues
>=20
> to makes me very very uncomfortable is how this is all tied together.
>=20
> Why is this one magical mode that then - because it has such a big
>=20
> impact - has to be enabled/disabled as a single magical mode and with
>=20
> very odd rules?
>=20
> I think a lot of people would be happier if this wasn't so incestuous
>=20
> and mixing together independent things under one name, and one flag.
>=20
> I think a lot of the secure boot problems were exacerbated by that mixup.
>=20
> So I would seriously ask that the distros that have been using these
>=20
> patches look at which parts of lockdown they could make unconditional
>=20
> (because it doesn't break machines), and which ones need that escape
>=20
> clause.
>=20
> Linus
>=20

=E2=80=8BJordan