Received: by 2002:a25:c205:0:0:0:0:0 with SMTP id s5csp1596897ybf; Thu, 27 Feb 2020 14:13:19 -0800 (PST) X-Google-Smtp-Source: APXvYqw2IaNahqLo20avtLdZvKrpdfTrd0lmJGrJmE1m3GrnpHnRyya32jjd3aLbFb0ejjeaXmsy X-Received: by 2002:a05:6830:22f2:: with SMTP id t18mr888609otc.290.1582841598946; Thu, 27 Feb 2020 14:13:18 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1582841598; cv=none; d=google.com; s=arc-20160816; b=UMGvjUii4D4OFZAWQ+xA0G2z12eBMb4Er5iSW1XbzP+UyFQIpHgmvqy4/Jf3E5nA4t QL+W1bm6PeH1zR5gZgwsmGYBk9VbRGqepLu0Jp9DH6u2RdhveU9mAQOw6hYMTBxQFzwM P6aBrKW4ME/ctfFf9gT/jvpMirixJaD/ayTsywPLEJWOpy8PVdMbYdNfrMbYmo3aqGJf 3riDxd7DQk9xXKQk73/sw8o4vDrk8bhw+uYkkw+R9BwAsGDyDx3qcSFNz8X60VDY++Px AplORJz5GfT/Zigr6ur6WOK+w6QhcUOiDg1hrp0nnQIUr1XYZS84AEMX9CPXJa7tzUmv TIFw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:references:cc:to:from:subject; bh=Uibppo3yF8JIKPZvHFq8pIY31ZuEmyzF8agqkeBOzKE=; b=GjlNaVJLrhqpm5WyYjtIRZGc59LtJoAKtKI5JbEAEHDwFPNgxFfnmxY7d0dwROPPvS RzPDGJ8aYqj5oiL6Hbs52NpqwIDhlwqCTplr0B5b3uyNNBhUqpy6z5hhT+sQqP78DHfG quuxeuUVlopUJcZmF4ED4Vwj7tBsZW/6YQMU1paGEmvdDShpM8dsyDzjjfHj0hoVD8jR 3SP4VfYiHdv06Z4Ud/rgxSymEoWaO7RlV4/4/tJQihyG06u3dk9bJmoHeFriXPEP2/9/ XTWwxWcSEh1tqVtVlRrQalGfxfOZ55r/nR2bzZN8h5d+EPMxO3C/j7d5K1+JIyAnMC8e Oe+Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 13si661422oiy.28.2020.02.27.14.13.07; Thu, 27 Feb 2020 14:13:18 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730043AbgB0WLe (ORCPT + 99 others); Thu, 27 Feb 2020 17:11:34 -0500 Received: from www262.sakura.ne.jp ([202.181.97.72]:52073 "EHLO www262.sakura.ne.jp" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726460AbgB0WLe (ORCPT ); Thu, 27 Feb 2020 17:11:34 -0500 Received: from fsav105.sakura.ne.jp (fsav105.sakura.ne.jp [27.133.134.232]) by www262.sakura.ne.jp (8.15.2/8.15.2) with ESMTP id 01RMAILC044809; Fri, 28 Feb 2020 07:10:18 +0900 (JST) (envelope-from penguin-kernel@i-love.sakura.ne.jp) Received: from www262.sakura.ne.jp (202.181.97.72) by fsav105.sakura.ne.jp (F-Secure/fsigk_smtp/550/fsav105.sakura.ne.jp); Fri, 28 Feb 2020 07:10:18 +0900 (JST) X-Virus-Status: clean(F-Secure/fsigk_smtp/550/fsav105.sakura.ne.jp) Received: from [192.168.1.9] (M106072142033.v4.enabler.ne.jp [106.72.142.33]) (authenticated bits=0) by www262.sakura.ne.jp (8.15.2/8.15.2) with ESMTPSA id 01RMADxR044793 (version=TLSv1.2 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 28 Feb 2020 07:10:18 +0900 (JST) (envelope-from penguin-kernel@i-love.sakura.ne.jp) Subject: Re: [PATCH] kconfig: Add kernel config option for fuzz testing. From: Tetsuo Handa To: Matthew Garrett , Dmitry Vyukov Cc: Andi Kleen , "Theodore Y. Ts'o" , Greg Kroah-Hartman , Alexander Viro , Petr Mladek , Sergey Senozhatsky , Arnd Bergmann , Jiri Slaby , Steven Rostedt , Linus Torvalds , LKML References: <20191216095955.9886-1-penguin-kernel@I-love.SAKURA.ne.jp> <20191216114636.GB1515069@kroah.com> <20191216201834.GA785904@mit.edu> <46e8f6b3-46ac-6600-ba40-9545b7e44016@i-love.sakura.ne.jp> <4abd90ad-dc1a-7228-1f1c-b106097bcaef@i-love.sakura.ne.jp> Message-ID: <9e5b7fde-4a18-a10b-fc53-c025bf96e8f9@i-love.sakura.ne.jp> Date: Fri, 28 Feb 2020 07:10:12 +0900 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.5.0 MIME-Version: 1.0 In-Reply-To: <4abd90ad-dc1a-7228-1f1c-b106097bcaef@i-love.sakura.ne.jp> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2020/02/18 19:54, Tetsuo Handa wrote: > On 2020/01/03 4:57, Matthew Garrett wrote: >> On Tue, Dec 17, 2019 at 12:53 AM Dmitry Vyukov wrote: >>> +Matthew for a lockdown question >>> We are considering [ab]using lockdown (you knew this will happen!) for >>> fuzzing kernel. LOCKDOWN_DEBUGFS is a no-go for us and we may want a >>> few other things that may be fuzzing-specific. >>> The current inflexibility comes from the global ordering of levels: >>> >>> if (kernel_locked_down >= level) >>> if (kernel_locked_down >= what) { >>> >>> Is it done for performance? Or for simplicity? >> >> Simplicity. Based on discussion, we didn't want the lockdown LSM to >> enable arbitrary combinations of lockdown primitives, both because >> that would make it extremely difficult for userland developers and >> because it would make it extremely easy for local admins to >> accidentally configure policies that didn't achieve the desired >> outcome. There's no inherent problem in adding new options, but really >> right now they should fall into cases where they're protecting either >> the integrity of the kernel or preventing leakage of confidential >> information from the kernel. >> > > Can we resume this topic? > > I think build-time lockdown (i.e. kernel config option) is more reliable > and easier to use. > Here is an example of need to lockdown specific ations. Can we proceed? https://lkml.kernel.org/r/CACT4Y+azQXLcPqtJG9zbj8hxqw4jE3dcwUj5T06bdL3uMaZk+Q@mail.gmail.com