Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp256087ybi; Thu, 20 Jun 2019 22:25:56 -0700 (PDT) X-Google-Smtp-Source: APXvYqzZoa2iJ+Xb7DuekDnVEz+HCHLen4ECsz40CH2/lJNygqwdbOvHij52DyT+GQH+TJH9SDwm X-Received: by 2002:a63:a046:: with SMTP id u6mr719487pgn.122.1561094756522; Thu, 20 Jun 2019 22:25:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1561094756; cv=none; d=google.com; s=arc-20160816; b=N5fmFSqOTRRMvxCbjIBn4qD0nx5e6V3GW6AW5RKnX/V8B76f+dK+gYHG9ID+bGzXIu zDE7NpQBvNBydq+rKYgLxW1VvMfP2tYvJVBPxMiGMtoNNg8WNcl8dy7V72gpYd5BqBAb tVsbcprGireVDVfEIl3x/hhAavhpU/HXgm4HM9p6IyTN1K+0rn5Xm3HcaEJMZ8HgC9L7 SwOZt+naFtaX/mYiHycjhPPn8FUZTEMPe4H2cnoBeyB/lFbzrNer6jA/R9xZeKNclUom Qyo4Ulft1JVHlNCqY8WR3M2jRxazp6kaZc8/FUnOfc1YzcDXJyM0E1w6O8UVz4H3rQ+z zSZQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=XsaIz4WQlt1B57xMHN6x9LrW/afz3Vl1IEx3SSqOz3c=; b=cGg6GU7O4FhXeWOfsErLoRIorWPguCZXI/3Tb/bjwytyvzRI6hryUbR8wjIM7yXL3p g1BcQdqxBzB2eNRRnFGJKjRBpycirvahuCm/hv4WJ+1sTZPWhMubG2pYF8iZ8fwaKST3 WzxXCqvsfIYaFEZUp9RODmgzZrzmkcIEu94o64XnzQrFjckAU2VnU533rHpj2bj+i26R gMSAaFP5jcrDXKvPGv0T0Wr9qhjcgORfIuGgPSKo2W+p1u279zonvm3ms2EjE+Tsej73 MvDoUlHnJg5pgFxkZ+e9rjb6Ixc4q6F0dh3brSdH5TM8XzFZLqx/A3sab9px1qwrq1Hs labA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=BfXvsm3Z; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p16si1574203pgm.11.2019.06.20.22.25.40; Thu, 20 Jun 2019 22:25:56 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=BfXvsm3Z; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726215AbfFUFX5 (ORCPT + 99 others); Fri, 21 Jun 2019 01:23:57 -0400 Received: from mail.kernel.org ([198.145.29.99]:57256 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725989AbfFUFX5 (ORCPT ); Fri, 21 Jun 2019 01:23:57 -0400 Received: from mail-wr1-f44.google.com (mail-wr1-f44.google.com [209.85.221.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 81B07208CA for ; Fri, 21 Jun 2019 05:23:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1561094636; bh=2EBeRyKGtMJ2VCsx/+amulz5VlNO21rfW55/TIABIls=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=BfXvsm3ZMFqMreFwzf/Y/mFIvYqQ0gKS6DdaChN5rbYjXjVuz0k6iR1K4HvIO1nSg 9R8PZXDIxDTRJovxkP27+WScSyfoOULeqtwc6/QlNy8AhGWIqmNRx6osjfknRfzaub 3eb6B7WSHGzWs77hyeREftTKY7ltG6Laj81/HW8w= Received: by mail-wr1-f44.google.com with SMTP id x4so5199707wrt.6 for ; Thu, 20 Jun 2019 22:23:56 -0700 (PDT) X-Gm-Message-State: APjAAAUZ8WM4g4KhFTPOS76j3sBG4oOs8aKIL32IuSIYuixdELuntk4h UspzaIfRkOHS2LrfiCiExyfQvFxFqw1KgeW2GD6Q0g== X-Received: by 2002:a5d:6207:: with SMTP id y7mr72377327wru.265.1561094635161; Thu, 20 Jun 2019 22:23:55 -0700 (PDT) MIME-Version: 1.0 References: <20190621011941.186255-1-matthewgarrett@google.com> <20190621011941.186255-2-matthewgarrett@google.com> In-Reply-To: <20190621011941.186255-2-matthewgarrett@google.com> From: Andy Lutomirski Date: Thu, 20 Jun 2019 22:23:44 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH V33 01/30] security: Support early LSMs To: Matthew Garrett Cc: James Morris , linux-security@vger.kernel.org, LKML , Linux API , Matthew Garrett Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Jun 20, 2019 at 6:22 PM Matthew Garrett wrote: > > The lockdown module is intended to allow for kernels to be locked down > early in boot - sufficiently early that we don't have the ability to > kmalloc() yet. Add support for early initialisation of some LSMs, and > then add them to the list of names when we do full initialisation later. I'm confused. What does it even mean to lock down the kernel before we're ready to run userspace code? We can't possibly be attacked by user code before there is any to attack us. Am I missing something here? --Andy