Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp17782840ybl; Thu, 2 Jan 2020 11:58:28 -0800 (PST) X-Google-Smtp-Source: APXvYqzBvsNKRGwnvAVhcalkypv1HOAIc+e2T/yuqKZlHAgfjmsGHZH+HJlwtoNAWDA2Eg0XpEhD X-Received: by 2002:a05:6830:1199:: with SMTP id u25mr88649604otq.344.1577995108538; Thu, 02 Jan 2020 11:58:28 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1577995108; cv=none; d=google.com; s=arc-20160816; b=QpcBCVL9ArJU2ulj2vJsBnxawMeHD//I/ClZ3B4wIovT6QIGMd+6rn0tGj0HusjRqV RDP5KjgE/5K2XTZrV2QaPghk8QYgu8q9AgboOb4Gf/xWWqVuVNbg8F5HvTn7nEpAHnuD Nfm/djLvDuFDL4ilTATiNmuEugocN2HpBiwXOZTbFLbEz0ZYT4zgbzt9E3ln9JY6jKG+ U7aXGnzPKkDMCx9XUKz60ez54ovXa3bHh0z29K78BGlHFRX0KluLlbmyVSBnVJSTHsAH ExYcKvV7WcjM4qw8m8V4sNsCdDIIo2tSPzMXAPGyzkAYFXABsI/w3NPV7X9hriPKL7zN nfeg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=R4iJSqevWdPyqOUmhE3mWH5fpeZvhvCfBp6cN45qRtI=; b=Cw0oC856H2o7LqefCGbn0AVS/O3hHVTMKLtXcRzU5XNChKXBA01OMoJ+pjqvw35rT+ RXQhcbAOzPFZhAuji5tbs+nAwvade3GGThw/jIoVlcrXP7GTbMWhzPJ+ecZbvgdrArPo N/YCnugu5nKWzZo1Y+LrSLjYm+4QuIlGLUK7bfYaAAynfkGWPZn3ztGVeiqo6kcac2Wu OAFGWvLELIgC0OYDiE7Lh2WveIqC7RxK2YX9VA9cGMXemYcIpDmg3vImJcOhQZitCkMW nFzJLRc+/OYJy5WUZUOvL9pIMh58wRuU6zCy0EctzEDoqNFxe0Ls1vmM1VvRWMuK13p+ ZBfg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=o10CEcaJ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m18si26266064otq.72.2020.01.02.11.58.16; Thu, 02 Jan 2020 11:58:28 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=o10CEcaJ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728516AbgABT5Z (ORCPT + 99 others); Thu, 2 Jan 2020 14:57:25 -0500 Received: from mail-il1-f193.google.com ([209.85.166.193]:36484 "EHLO mail-il1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728260AbgABT5Y (ORCPT ); Thu, 2 Jan 2020 14:57:24 -0500 Received: by mail-il1-f193.google.com with SMTP id b15so34968231iln.3 for ; Thu, 02 Jan 2020 11:57:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=R4iJSqevWdPyqOUmhE3mWH5fpeZvhvCfBp6cN45qRtI=; b=o10CEcaJsvbpjVX6UPZffvRUyKoYVDNats6yRm5uzS0NEeH88LH3Atvn6UTrlRLLz3 /myAsYDWqGtiMWng3rJKHPAfoJNgcgAIpon3T8rORwGzebHvzsb0/PvEokm+hetSUK2w XoTgnxzI+c85ygnUrH1dIqa9LrDpiddlbTZupWUqzSAVm+55WwTsDXRW94wPoAN1ihn/ /xYz9XGWmMSTDdis5QQcfV00JC+Is1ev9Q/1w5npKbLvGK2dbApMhHkiAZrUxOigf5WR qJTUkJErHoyjCXLofenxYlIHbRDJC5VM9uMfGpJc28o92pR76m37a5CmQiMvKPiDEMaK OXzg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=R4iJSqevWdPyqOUmhE3mWH5fpeZvhvCfBp6cN45qRtI=; b=g7Qemtja8jBPwvL7G7p1EsPT5CzqNJJGzWFcHXwyOBE9ctJePW4CgwjaZwWjLPC4qe lJ/xkN5ZhfXXQgItWB4bjjivm4oV4yIWAfP+YpjzQQSpDuXMmyxpPoimLu8mWmszp1jU eRTjBaat3dZAMnoXvGe0WqANG8hdrGCk37wzKPFNdIkqYWjkdeCyRh0epB5cckML3Kki igB//VzEJ7mCSaaBt2mvgDKxQM1XXRnLBwFr6SCLczEhDurz5WPb31YusHJX9ZhLSmtP 9z+2HuYh9ssJESwypkZLwB9EIoz7/jDdSRl80tn3EriWv+NIFGTFIcXJN3yrtauyKxXE QlLA== X-Gm-Message-State: APjAAAWaJN92fYh87mqOW7VjfSQMXW2XoCMMgzWUVfGfjd0bHQShgtxd ReSffjZto6fxUEh+EK6Z0QGWaPDjrABf5lCbP7nqOQ== X-Received: by 2002:a92:d642:: with SMTP id x2mr71408859ilp.169.1577995043289; Thu, 02 Jan 2020 11:57:23 -0800 (PST) MIME-Version: 1.0 References: <20191216095955.9886-1-penguin-kernel@I-love.SAKURA.ne.jp> <20191216114636.GB1515069@kroah.com> <20191216201834.GA785904@mit.edu> <46e8f6b3-46ac-6600-ba40-9545b7e44016@i-love.sakura.ne.jp> In-Reply-To: From: Matthew Garrett Date: Thu, 2 Jan 2020 11:57:12 -0800 Message-ID: Subject: Re: [PATCH] kconfig: Add kernel config option for fuzz testing. To: Dmitry Vyukov Cc: Tetsuo Handa , Andi Kleen , "Theodore Y. Ts'o" , Greg Kroah-Hartman , Alexander Viro , Petr Mladek , Sergey Senozhatsky , Arnd Bergmann , Jiri Slaby , Steven Rostedt , Linus Torvalds , LKML Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Dec 17, 2019 at 12:53 AM Dmitry Vyukov wrote: > +Matthew for a lockdown question > We are considering [ab]using lockdown (you knew this will happen!) for > fuzzing kernel. LOCKDOWN_DEBUGFS is a no-go for us and we may want a > few other things that may be fuzzing-specific. > The current inflexibility comes from the global ordering of levels: > > if (kernel_locked_down >= level) > if (kernel_locked_down >= what) { > > Is it done for performance? Or for simplicity? Simplicity. Based on discussion, we didn't want the lockdown LSM to enable arbitrary combinations of lockdown primitives, both because that would make it extremely difficult for userland developers and because it would make it extremely easy for local admins to accidentally configure policies that didn't achieve the desired outcome. There's no inherent problem in adding new options, but really right now they should fall into cases where they're protecting either the integrity of the kernel or preventing leakage of confidential information from the kernel.