Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp97615imm; Tue, 5 Jun 2018 15:49:26 -0700 (PDT) X-Google-Smtp-Source: ADUXVKJnWZ9oFvCUiHoNliIqBwDjNaPh8BaqJpFo5Do3psWh3poYrOEXepCdwFteQf61PsdRwMV+ X-Received: by 2002:a17:902:229:: with SMTP id 38-v6mr516398plc.384.1528238966789; Tue, 05 Jun 2018 15:49:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1528238966; cv=none; d=google.com; s=arc-20160816; b=KPzSgS5Jsib1E2w+Q7b7BE/Dr7XKJ4HeoaI3Zugu8I0gABSaEa8a3w1qAQG/VaPLUr ytQwmHD2D9snn0MnUcN1SEDrdrhAQvDF2BzX/EaNQmjTcc3pnhIjAr+tEZvb8f8eS2fJ Z5XcmeEtIIKXpGoUUJg5b3gNd41iRHqIR1D7NCsZrqndjRj3ApwUGC31Pq0oWKhaFlyE Y96VWUFUh96NaFTwXXFAUgXL1j92NwQvP3SsM8Z0LRMjLj+LOWLXwg4wmdHEVOf+iB1t lpifTT21uQG4Z5SzQhQ5jXzvajmigwn8XzvN1kMenWtGKxtI8AUAhGS8VU6SrG62riHC xltQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:content-transfer-encoding :mime-version:date:references:in-reply-to:cc:to:from:subject :arc-authentication-results; bh=230xan2E7BEY6RbUZOImKi/NyAMvE9yQQdxYfxgklaQ=; b=kK8+y4nlKAyVSJLo3nD1dXjswOh32N//7/Hr6l+HRMLSsCS7ef0ufTVjIkifvQoAeC Ymw6zFW3/BCruzzddhBisIcVRMXs574m3Zlm5Xo11gj7TAGejCozsjEBy363RR/cXu3D WuhF1797YRHKGJ3CTK7jxnDsqTeUniwIKJuWB5Y/PiI09V8T8kCFU3q/YdQ+Jfgy3t/A DMnJqhyg14dKJaSsR0MnmS8adt/9dIAdcvzqKp+ciHqxotF6ivP61yJz9rQq3oNxICHo C2DhrFDy1D8+UG/hv0R+v6ymn+ra+OJxbntkFRcVfaJoTgO38T1LLtFUM2RtYwAQx/iG 1vNQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a38-v6si9353085pla.541.2018.06.05.15.49.11; Tue, 05 Jun 2018 15:49:26 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932074AbeFEWru (ORCPT + 99 others); Tue, 5 Jun 2018 18:47:50 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:56448 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752318AbeFEWrs (ORCPT ); Tue, 5 Jun 2018 18:47:48 -0400 Received: from pps.filterd (m0098399.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w55Mi7Tk061926 for ; Tue, 5 Jun 2018 18:47:48 -0400 Received: from e06smtp07.uk.ibm.com (e06smtp07.uk.ibm.com [195.75.94.103]) by mx0a-001b2d01.pphosted.com with ESMTP id 2je2uwhhky-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 05 Jun 2018 18:47:48 -0400 Received: from localhost by e06smtp07.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Tue, 5 Jun 2018 23:47:45 +0100 Received: from b06cxnps4075.portsmouth.uk.ibm.com (9.149.109.197) by e06smtp07.uk.ibm.com (192.168.101.137) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Tue, 5 Jun 2018 23:47:41 +0100 Received: from d06av23.portsmouth.uk.ibm.com (d06av23.portsmouth.uk.ibm.com [9.149.105.59]) by b06cxnps4075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id w55Mle8911600070 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Tue, 5 Jun 2018 22:47:40 GMT Received: from d06av23.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 70455A4051; Tue, 5 Jun 2018 23:38:42 +0100 (BST) Received: from d06av23.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id AD4EAA4040; Tue, 5 Jun 2018 23:38:40 +0100 (BST) Received: from dhcp-9-232-182-72 (unknown [9.80.110.193]) by d06av23.portsmouth.uk.ibm.com (Postfix) with ESMTP; Tue, 5 Jun 2018 23:38:40 +0100 (BST) Subject: Re: [PATCH v4a 8/8] module: replace the existing LSM hook in init_module From: Mimi Zohar To: Kees Cook Cc: Paul Moore , linux-integrity , linux-security-module , LKML , David Howells , "Luis R . Rodriguez" , Eric Biederman , Kexec Mailing List , Andres Rodriguez , Greg Kroah-Hartman , Ard Biesheuvel , Jeff Vander Stoep , Casey Schaufler , James Morris In-Reply-To: References: <1527616920-5415-1-git-send-email-zohar@linux.vnet.ibm.com> <1527616920-5415-9-git-send-email-zohar@linux.vnet.ibm.com> <1527635645.3534.39.camel@linux.vnet.ibm.com> <1527780226.3427.20.camel@linux.vnet.ibm.com> <1528234513.3557.16.camel@linux.vnet.ibm.com> Content-Type: text/plain; charset="UTF-8" Date: Tue, 05 Jun 2018 18:40:11 -0400 Mime-Version: 1.0 X-Mailer: Evolution 3.20.5 (3.20.5-1.fc24) Content-Transfer-Encoding: 8bit X-TM-AS-GCONF: 00 x-cbid: 18060522-0028-0000-0000-000002CD8256 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 18060522-0029-0000-0000-000023848935 Message-Id: <1528238411.3557.32.camel@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2018-06-05_09:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=3 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=917 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1805220000 definitions=main-1806050255 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 2018-06-05 at 15:26 -0700, Kees Cook wrote: > On Tue, Jun 5, 2018 at 2:35 PM, Mimi Zohar wrote: > > On Tue, 2018-06-05 at 12:45 -0700, Kees Cook wrote: > > > >> And if you must have a separate enum, please change this to fail > >> closed instead of open (and mark the fall-through): > >> > >> int rc = -EPERM; > >> > >> switch (id) { > >> case LOADING_MODULE: > >> rc = loadpin_read_file(NULL, READING_MODULE); > >> /* Fall-through */ > >> default: > >> break; > >> } > > > > This will fail the sysfs firmware fallback loading and the kexec_load > > syscall without any message, as you have for init_module. Is that > > what you want? > > I'd prefer there be a full mapping of the enums so that everything > gets passed into loadpin_read_file() :) > > Can the enum be shared or is that nonsensical? Considering this is v4 of the patch set, it's pretty obvious I did everything possible not to define a new LSM hook.  Even if we can't re-use the existing enum, we could define the new enum in terms of __kernel_read_file_id. enum kernel_load_data_id { __kernel_read_file_id(__data_id_enumify) }; static const char * const kernel_load_data_str[] = { __kernel_read_file_id(__data_id_stringify) }; Eric, Serge, would using either the existing __kernel_read_file_id enum or the above definitions be acceptable? Mimi