Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp48772imm; Thu, 20 Sep 2018 14:57:22 -0700 (PDT) X-Google-Smtp-Source: ANB0VdbGofxQEkmFRR6yEsn1h83PHWnCxJ64XaZX2qt0WeuoHLnaGNaVzdQfuUEy4/tLWPDwvqIl X-Received: by 2002:a63:1064:: with SMTP id 36-v6mr38530918pgq.254.1537480642111; Thu, 20 Sep 2018 14:57:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1537480642; cv=none; d=google.com; s=arc-20160816; b=Sgfsa9xDMvqqCiF+FSRqV86yj+QJwNQ0KUPDq8dHKY2YLuaRucYZ4ODxHLiGaGkgvq eckCLampPMaErka+fJ4QlDTzGsKH6RyqYQ78snLlrzLTSf1dVtV+JQ7+P+RVD4Z25KEq Vodfcl9yjIX3U3QvTvEF1p5SdwCL5ncDv0/Hk2o4f1rOuafsQJ3Xv1x/zuDOV1jipdbf 8sPQs056gkTmI6CWbDeJ6j+IwYBFF4tdRYpELpNdiKo2mp/kCNDDAkFITvW1SjfLiiLw x3v5xLlvwvnd2XdbA9qz24g4EC8pO+UlsvdIOjct+GmPzoGJ97z1fwBf5XRTjcYt0QkK tKsg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:cc:to:subject :message-id:date:from:references:in-reply-to:mime-version :dkim-signature; bh=O7Ju11CnqlQ65JFs+cTZJv3B3c6e6mPVZbOA0gUwNI4=; b=Uqey1nG4ZiDACBlbKRhGkORmfWEAMH5gGDA493Te1Wv9QD1OrJWLThPALiQU9GDASQ vQXcR8rVh7ILqQRv26lsBB0QlAP5Cf/PfVQ8Jnx5cXkOhOSJoZRIqZb3S4Ya+Lbn8m4L OCngXOO/NAieHNgwPwMP0v78Xxf9BAdBeoFFl6dtFiSUYdFH4IvdaaHgskzl+DZccC7s 9N/zbJRoKPbgttqc5rJTn56e35XBrlZyuKmNo6X+D4WrmK8cV7xe5m0VfWDg9HbV1fHO TAHLH+OCZTtisoJW7YozXaIHPiLl6CnAkyx5NG9gKfN1kVUVri37bQ0Dtt5+eHiI68kf rGwQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=ZH6YgTV3; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z4-v6si4158539pgj.39.2018.09.20.14.57.06; Thu, 20 Sep 2018 14:57:22 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=ZH6YgTV3; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388670AbeIUDla (ORCPT + 99 others); Thu, 20 Sep 2018 23:41:30 -0400 Received: from mail-yb1-f194.google.com ([209.85.219.194]:43651 "EHLO mail-yb1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728347AbeIUDla (ORCPT ); Thu, 20 Sep 2018 23:41:30 -0400 Received: by mail-yb1-f194.google.com with SMTP id w80-v6so4594176ybe.10 for ; Thu, 20 Sep 2018 14:55:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=O7Ju11CnqlQ65JFs+cTZJv3B3c6e6mPVZbOA0gUwNI4=; b=ZH6YgTV35xB6RLGtVB9NFWyayApUadyAJZqoaXzB8L7jiyi7nZBjp9epd9ph4stATt HvmBCFP7BNeh5us4l8G4HQcdRRo5uUp0nIly2eTZw/zQiqc5mkI9F0aCTznwlp0QWeD/ Ljw6PWcwqbB8gIYHo416NTf7opDyY+8sUmat0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=O7Ju11CnqlQ65JFs+cTZJv3B3c6e6mPVZbOA0gUwNI4=; b=GPm+RwKgshDOfTsIqvkM1GUBqKFs3ElB4DoGI6FwyqEjPhOfF2x6vjB0iGzqY55gUL j6UFaH4+KOGUujzuqea/U/e9rDAS8nySqoHKnUizkU4jfRrm4mz51+DnEDoeQ50O6vgl WNGSHgEtJ4lBFkVnhmKVZv/blkaCxRyLAQZ410iG/UIJWgOLLxaWElyjuAYw0arRhIiD aYBBlGEttXXY/LmZfbd2ITt0+wQsH2+xIRf+Er/ba6x0MhJHYXz1u+Y8he++nceqxz9I cT2hJ4SDilXxOEiYNVe5Obv+LfqUyy6nNhjnHw0tyv8FVGWqBltsg+scrSjWG5AiIqWk jJ7A== X-Gm-Message-State: APzg51DC5LxzX0j9hLVa2rwIvDa2J6sVBd2ZSte9EETFKNck1ExJQgVu bNQU76vIr130HqopG4vLbUg9Zf4xcyw= X-Received: by 2002:a25:9702:: with SMTP id d2-v6mr19747978ybo.77.1537480554175; Thu, 20 Sep 2018 14:55:54 -0700 (PDT) Received: from mail-yb1-f169.google.com (mail-yb1-f169.google.com. [209.85.219.169]) by smtp.gmail.com with ESMTPSA id z193-v6sm5366882ywd.90.2018.09.20.14.55.53 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 20 Sep 2018 14:55:53 -0700 (PDT) Received: by mail-yb1-f169.google.com with SMTP id p74-v6so4017239ybc.9 for ; Thu, 20 Sep 2018 14:55:53 -0700 (PDT) X-Received: by 2002:a25:3617:: with SMTP id d23-v6mr12372664yba.141.1537480553100; Thu, 20 Sep 2018 14:55:53 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a25:5f04:0:0:0:0:0 with HTTP; Thu, 20 Sep 2018 14:55:52 -0700 (PDT) In-Reply-To: <1898403.NNy4ELVaME@merkaba> References: <20180920162338.21060-1-keescook@chromium.org> <1898403.NNy4ELVaME@merkaba> From: Kees Cook Date: Thu, 20 Sep 2018 14:55:52 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH security-next v2 00/26] LSM: Explict LSM ordering To: Martin Steigerwald Cc: James Morris , Casey Schaufler , John Johansen , Tetsuo Handa , Paul Moore , Stephen Smalley , "Schaufler, Casey" , LSM , Jonathan Corbet , "open list:DOCUMENTATION" , linux-arch , LKML Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Sep 20, 2018 at 1:14 PM, Martin Steigerwald w= rote: > Kees Cook - 20.09.18, 18:23: >> v2: >> - add "lsm.order=3D" and CONFIG_LSM_ORDER instead of overloading >> "security=3D" - reorganize introduction of ordering logic code >> >> Updated cover letter: >> >> This refactors the LSM registration and initialization infrastructure >> to more centrally support different LSM types. What was considered a >> "major" LSM is kept for legacy use of the "security=3D" boot parameter, >> and now overlaps with the new class of "exclusive" LSMs for the future >> blob sharing (to be added later). The "minor" LSMs become more well >> defined as a result of the refactoring. >> >> Instead of continuing to (somewhat improperly) overload the kernel's >> initcall system, this changes the LSM infrastructure to store a >> registration structure (struct lsm_info) table instead, where metadata >> about each LSM can be recorded (name, flags, order, enable flag, init >> function). This can be extended in the future to include things like >> required blob size for the coming "blob sharing" LSMs. > > I read the cover letter and still don=C2=B4t know what this is about. Now= I > am certainly not engaged deeply with LSM. I bet my main missing piece > is: What is a "blob sharing" LSM. > > I think it would improve the cover letter greatly if it explains briefly > what is a major LSM, what is a minor LSM and what is a "blob sharing" > LSM. > > Why those are all needed? What is the actual security or end user > benefit of this work? The questions are not to question your work. I bet > it makes all perfect sense. I just did not understand its sense from > reading the cover letter. Sure, thanks! I'll include more details for any later versions. This is mainly related to some internal refactoring the LSM is doing to support additional LSM that need more extensive "stacking" of the kernel internals. I aimed this at linux-doc@ and linux-arch@ to get feedback on the Documentation/ and linker script changes, respectively. In theory, users don't need to know anything about minor/major nor blob-sharing, as that should normally be all an internal issue. Thanks! -Kees --=20 Kees Cook Pixel Security