Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp42063imu; Thu, 20 Dec 2018 16:30:56 -0800 (PST) X-Google-Smtp-Source: ALg8bN7FTaQPWB3bogttJEo9cU4Utz69pcbWr9fl6xVsc8XOVhC9XeqzfMNfjds/AwRIwQK4GbuE X-Received: by 2002:a17:902:ac8f:: with SMTP id h15mr323238plr.245.1545352256509; Thu, 20 Dec 2018 16:30:56 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1545352256; cv=none; d=google.com; s=arc-20160816; b=KUxn4x8kYBXgy3oLjrM/JxmPVIFNVrk8mVvknvsJZZT9CTzV48oTbGYaJ8cREfQBii A6jTGHDzPFYmlJNYteMuSIucSg/1kZVsnLfwDHIOFRX+gXWoohCmj4cocELOq4T4GYso PG3HjfgJaecQuNEkdgc4bLjwngNdUfHURyAf70h+/1N5TZAnUeZaLEQtMqvQwmNyhakb juXWiHqSQ6B7y+7ch9cqwFLj0CDhpLM07PKjj2wtiy6vXb9n/l6CHEJmOKi71gABsrw8 aWBIgHCWXMZ++vHnuLEbYrNTwzjJ+XmpdhClLZ3KklKrij96sqJCSXSO9Aqu6CdLJ3xH A+AQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature; bh=9PD5IUtbrUQOAUKV5EkOEWfoDu9dse6LjWVMzTkzTzA=; b=B8HuUuZ3aqXWuBepJK4+Gqpx7ermPAjCC1cidv5U91uUqaZv94Hx7llM1TMFBCxh9i N2dmkZxM+o1ufLoGR35g7CrKafO7vRwqYUIf0/UBR+rGqeQT4gVC+30M5mvt05Eyykj0 WV6eZpK9s3vsIyB7Bg3DqOXaJ0lzhXfKcYiSQcRwrkJsRuX8Mk1TrPqs1flyxYNpHHgq xW8/CtyeSb0Et8c17xqvf0jr/PGRjbkXgP+EXBt868Siuh4hgbKAXF1mz3u3jLjAwFyi 3Byqrr5sXTwPC6PrvaAv7dMbdrylENk8IX+J32c4P8QV1WKmzofIg+ZVasDMsl0s20Z9 d8hg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=uNVaC280; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h127si20612219pfe.204.2018.12.20.16.30.40; Thu, 20 Dec 2018 16:30:56 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=uNVaC280; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388149AbeLTRt7 (ORCPT + 99 others); Thu, 20 Dec 2018 12:49:59 -0500 Received: from mail-lf1-f67.google.com ([209.85.167.67]:46107 "EHLO mail-lf1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732259AbeLTRt6 (ORCPT ); Thu, 20 Dec 2018 12:49:58 -0500 Received: by mail-lf1-f67.google.com with SMTP id f23so2001108lfc.13; Thu, 20 Dec 2018 09:49:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=9PD5IUtbrUQOAUKV5EkOEWfoDu9dse6LjWVMzTkzTzA=; b=uNVaC280eFpeI3adOgwn5GC6b7w/FIdMufAADPXoDlo6WEoI9J10Y+FWhHXh2dwU0M fhBsfZ6PbzPd2cllGUS0X+3bSTiuq7fxfbR0BcCTC9DiiLNtHDvfSZcqKw0+bId0XbKr dHMrxIBBfO8v9TRy7barwV/CT6Le47/AjmOWrrnnAYjDgQjJmfc72rWywAQ3xOwvX8Sx KIKz8RH5y/PHM8iIUDV/i/uf8+5HKaIcSu/Z1gJHk1VokqNfNgXkpJHYzx48lGtH+5LH 9HXfnA7eDjoOCbBr69K4MHJgupPv51QNWM2CElp0JlH95NCw1GKPNd/X8kyIW3lvimNI 3dAQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=9PD5IUtbrUQOAUKV5EkOEWfoDu9dse6LjWVMzTkzTzA=; b=CI1bTkj9AG8LnOOnqkOEkUGHq7qI9Q7ZFmVAgl+GgSLidqBNdRU+9nxwm4ZPtD180d f2nnhPqlyOc9JqL0efKyemGfVJpAHOR7z9SfrI6I67mHHeuZ2/68rXaZ0xqALVn58cI3 rSesj+C2RRtEwjoxSwGBdvI1jYhSsZWwYTAPjmkbDslu0PIlY7IbOPcXHMhGtVSMu/fi Um1JOOcbrd/mNL0qUXTas49+Q0Ey4WmbDxCRhyrnthdNQim+oh1aPCBY91T8jQmu8BlQ 8IPn73W006KtVGj3SGy5qaYsiPJk+q7dQ4ceWJ6gPlI4GhADVuTilDY6VHNO/z5PZ7IY mfvw== X-Gm-Message-State: AA+aEWYtUts0WJvXxpnb5KuTsAuWMmE5de2Xf+HKt4gdOqRoU4oruISf WSYqLF+L+80DWeyLERlNsvzg2LndTQ8= X-Received: by 2002:a19:a84e:: with SMTP id r75mr16372028lfe.45.1545328195537; Thu, 20 Dec 2018 09:49:55 -0800 (PST) Received: from ?IPv6:2001:14bb:51:a4c8:5c24:24d7:ca5f:e7d2? (dmhwpt3bffxn8z3-j6k-4.rev.dnainternet.fi. [2001:14bb:51:a4c8:5c24:24d7:ca5f:e7d2]) by smtp.gmail.com with ESMTPSA id e14-v6sm4093717ljb.31.2018.12.20.09.49.53 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 20 Dec 2018 09:49:54 -0800 (PST) Subject: Re: [PATCH 11/12] IMA: turn ima_policy_flags into __wr_after_init To: Thiago Jung Bauermann Cc: Andy Lutomirski , Matthew Wilcox , Peter Zijlstra , Dave Hansen , Mimi Zohar , igor.stoppa@huawei.com, Nadav Amit , Kees Cook , linux-integrity@vger.kernel.org, kernel-hardening@lists.openwall.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org References: <20181219213338.26619-1-igor.stoppa@huawei.com> <20181219213338.26619-12-igor.stoppa@huawei.com> <87pntwumw6.fsf@morokweng.localdomain> From: Igor Stoppa Message-ID: Date: Thu, 20 Dec 2018 19:49:52 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.2.1 MIME-Version: 1.0 In-Reply-To: <87pntwumw6.fsf@morokweng.localdomain> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi, On 20/12/2018 19:30, Thiago Jung Bauermann wrote: > > Hello Igor, > > Igor Stoppa writes: > >> diff --git a/security/integrity/ima/ima_init.c b/security/integrity/ima/ima_init.c >> index 59d834219cd6..5f4e13e671bf 100644 >> --- a/security/integrity/ima/ima_init.c >> +++ b/security/integrity/ima/ima_init.c >> @@ -21,6 +21,7 @@ >> #include >> #include >> #include >> +#include >> >> #include "ima.h" >> >> @@ -98,9 +99,9 @@ void __init ima_load_x509(void) >> { >> int unset_flags = ima_policy_flag & IMA_APPRAISE; >> >> - ima_policy_flag &= ~unset_flags; >> + wr_assign(ima_policy_flag, ima_policy_flag & ~unset_flags); >> integrity_load_x509(INTEGRITY_KEYRING_IMA, CONFIG_IMA_X509_PATH); >> - ima_policy_flag |= unset_flags; >> + wr_assign(ima_policy_flag, ima_policy_flag | unset_flags); >> } >> #endif > > In the cover letter, you said: > >> As the name implies, the write protection kicks in only after init() >> is completed; before that moment, the data is modifiable in the usual >> way. > > Given that, is it still necessary or useful to use wr_assign() in a > function marked with __init? I might have been over enthusiastic of using the wr interface. You are right, I can drop these two. Thank you. -- igor