Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp126939imm; Fri, 21 Sep 2018 20:03:24 -0700 (PDT) X-Google-Smtp-Source: ANB0Vdb4WCCsOtnXP9johXmAlwivDZNWhgKpTsuBfYJ0PoHVM4mt8Ao+STFvJ046IakOBKYtQrcj X-Received: by 2002:a62:8186:: with SMTP id t128-v6mr551457pfd.192.1537585404443; Fri, 21 Sep 2018 20:03:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1537585404; cv=none; d=google.com; s=arc-20160816; b=kJh8KZqKBrBS/ZXE45Fdkvyhd3QsnzhRTAT8UOthdGWIdyoeBX3DOXnYUbPX2dpEYI ryrjt+jLadVkGWSQJsBWUVSH9CQeddoj/jILB6UdK3HUQxbQioglnhnRCw2dOJbhsDEh mqPXM98IGRgBpfZMM7lUpDt7jPZRT2Q7slxERxX/0Z++twZMFNgjTktAVqkMftNGvtMm 4MrMxJAqKa062dkCjCVPTk3KGi/7oDbpNUTmN2C0bslhjsK8wUBXJsIbdVE8ExzWr8Ky ozvZhR+vlXdLu/VQyc5msZrRaXGWhXXmVz4lJdzevtJ2G67SrQDl9z0onNH4Lt6sL5SP w7cw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature; bh=8ifYGFE/SJTrUClmE32z/2vk7nXHuTFIbSPM2rJsRxU=; b=HaD1TEpB5VgkaW2e7S2zeIuLcw6bXlbPdDP1w62eJd8syX5pzKDniABHc2EnUUqtxm QEhmeWYCwZnbG2Qo7HjY6X+SxKjP5IF0KrDwxCDZTwUFnZmqVCMtRxRNnjUYkw7rgJTb H3JngpaVeChutYnHMaOsaSOqT1VhJPR5fusT/DYPYg+Y9Z/6B0HH6Rrl2+5GucSFbPp3 2u3ONrxngbIkPBKV6hA3coaLa2ncTEsAQ8C7i1MAtKmFzwWD0YG1H3gdIZHRsJabod6s Xj6WumZkWrTHbm41gGyQwF9n2PAtmLD9FSjMZJ3fNwSPQH0zsn2xZ46UtIsUp3tujJh5 sJsw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=CGXVvx2o; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id bh12-v6si27168695plb.425.2018.09.21.20.03.08; Fri, 21 Sep 2018 20:03:24 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=CGXVvx2o; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725816AbeIVIyy (ORCPT + 99 others); Sat, 22 Sep 2018 04:54:54 -0400 Received: from mail-yw1-f68.google.com ([209.85.161.68]:40330 "EHLO mail-yw1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725791AbeIVIyx (ORCPT ); Sat, 22 Sep 2018 04:54:53 -0400 Received: by mail-yw1-f68.google.com with SMTP id z143-v6so5977786ywa.7 for ; Fri, 21 Sep 2018 20:03:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=8ifYGFE/SJTrUClmE32z/2vk7nXHuTFIbSPM2rJsRxU=; b=CGXVvx2oDdSerIHN+EQGbi1aXks4x/l8aY4Qw5wcPlRgT+t0SJ0t17hqvYj1XY1fOg gmiLRjzXc5d8e3zUNEz1Ti+J4WAG+JvbsXkImOmWfLjNYTTNp0sy1rrGVqy0BM01ppS9 oODjldWm/QPB/rBHH5aBsNMIMTA8lbRuM30VM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=8ifYGFE/SJTrUClmE32z/2vk7nXHuTFIbSPM2rJsRxU=; b=iMd4L9md5FGIvkNgW8Xxktr6wsYbx7NDUoSYjDWKV/OUe7ODBGnrma9L6k4W1CWPnW woWl4ZBx3woHbL6Xze+tQYJAvOPXbZOihe4sa+yzIFohytvr/leZ24GZ101NYZgI4/LR x5MrSgixQoVkPXJwulIbrGrMfISJxSWNb731LL3O1SyaddIMgyJaGJi919Iu8uuUi06G 6GK5f0YhadOk8o2BtGsf1wSwUyaCIdsTkxq9GuvwVy/bfhqOuJqXOirS9dt57/w3wVNt FlROdEiJLT7WKgDnB/M7+wVpM/iquIDy69b5TWqdsoCbm1eogtgKEv08zcDFxeajiApp Vz/w== X-Gm-Message-State: APzg51BqAumJMgaxAPQdCkjTRnHkslk7j2F2oWoy9QZsqM1nGgjofPWe Sd52kAEsRoS4VopyebVey63Qjkk+aVo= X-Received: by 2002:a0d:f801:: with SMTP id i1-v6mr224729ywf.160.1537585380184; Fri, 21 Sep 2018 20:03:00 -0700 (PDT) Received: from mail-yw1-f43.google.com (mail-yw1-f43.google.com. [209.85.161.43]) by smtp.gmail.com with ESMTPSA id r84-v6sm7748745ywe.10.2018.09.21.20.02.58 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 21 Sep 2018 20:02:58 -0700 (PDT) Received: by mail-yw1-f43.google.com with SMTP id d193-v6so3106798ywb.3 for ; Fri, 21 Sep 2018 20:02:58 -0700 (PDT) X-Received: by 2002:a81:9b85:: with SMTP id s127-v6mr206651ywg.47.1537585377975; Fri, 21 Sep 2018 20:02:57 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a25:5f04:0:0:0:0:0 with HTTP; Fri, 21 Sep 2018 20:02:57 -0700 (PDT) In-Reply-To: References: From: Kees Cook Date: Fri, 21 Sep 2018 20:02:57 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v4 00/19] LSM: Module stacking for SARA and Landlock To: Casey Schaufler Cc: LSM , James Morris , SE Linux , LKLM , John Johansen , Tetsuo Handa , Paul Moore , Stephen Smalley , "linux-fsdevel@vger.kernel.org" , Alexey Dobriyan , =?UTF-8?B?TWlja2HDq2wgU2FsYcO8bg==?= , Salvatore Mesoraca Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Sep 21, 2018 at 4:59 PM, Casey Schaufler wrote: > v4: Finer granularity in the patches and other > cleanups suggested by Kees Cook. > Removed dead code created by the removal of SELinux > credential blob poisoning. Thanks for the splitting, this really does make it easier to review (at least for me). I think this looks really good, though obviously I'd like to refactor it slightly on top of my series. :) One additional thought I had was about the blobs allocations: some are separate kmem caches, and some are kmalloc. I'm thinking it might make sense to use separate kmem caches for two reasons: - they're going to always be the same size and are regularly allocated/freed, so it may offer a performance benefit. - they're explicitly not supposed to be exposed to userspace, so hardened usercopy would protect them if they were not kmalloc()ed. I'm excited about getting this landed! -Kees -- Kees Cook Pixel Security