Received: by 2002:a25:1985:0:0:0:0:0 with SMTP id 127csp891365ybz; Wed, 22 Apr 2020 09:45:44 -0700 (PDT) X-Google-Smtp-Source: APiQypJ6l9g9PY2GAPRUMqV1zJq0R4mZf7upWCcclQAcQ2HvJ3HQ8tDrm938652viEhrmYeWxKsW X-Received: by 2002:aa7:dcc3:: with SMTP id w3mr22708091edu.231.1587573944023; Wed, 22 Apr 2020 09:45:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1587573944; cv=none; d=google.com; s=arc-20160816; b=gO+zFeAWFKlmFPtIpbrMaOsCWdnlegr2OSr97g9BjVec1C3pljdV18hjamGq9mpK6V cUN4QqqHOeWNXPe0C9qyBRwL94+u7y22zPgSg7NN3K70HB+wHScYlqiTidweFSLTdr0a FqvTAKLF42FxJCzI6OEO38tD+qxsN4ORa7SoX7FbIUxwfsVdBb6KM6PsL3PZ2JBXwywg dsBTWgwItA+1sOAEt8gTp7LXihfdY+Rhb4cyeaEG5skMGy5ebeM2Ti8F8qoR8CjwShTm KrcmEuuaR/2mUs1+g8gCdbJW1q1HHEY4vByzH/re0zdL+Vsb8sRFQKu/16jL3skft+jQ 7wuA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date; bh=c2uaY2BtxHC9aJjrqz0UzKts0nQzqvoqx7/R3N6D/Vc=; b=N+v1vfC3IZaGr8Mqhh42SbajWVjnnZVtXJU1MOoAGVIwhME695FuPqiX8b5zeZd98s P7pICiL8QU+ozffd0ysie1IxONz6X+Bku7z5rG9NIZG+afunN/i0ZFgxSyvMYl6jSJ5A nEcwiyHvIsod6M9SQ8aJa9zVDQEdZ9PJKpC11gNLSiOaUskX9vwYcFNyjQmwq+VpRbdr h2uTPA2upS2CIWHo0IcypTGu8iO+DGEAGs+bPNOsnyTxkl13ZdDMgOGTkBUpyJssN+Lm OVDPHHe5mJru3rVOwo8D8jRFrI07kXRMSL0eXWDt/NQc2z/rUBnWnLKPz5+fwez6DuYS g2kQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id u25si3785299edi.574.2020.04.22.09.44.50; Wed, 22 Apr 2020 09:45:44 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726724AbgDVQnY (ORCPT + 99 others); Wed, 22 Apr 2020 12:43:24 -0400 Received: from namei.org ([65.99.196.166]:52006 "EHLO namei.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726423AbgDVQnY (ORCPT ); Wed, 22 Apr 2020 12:43:24 -0400 Received: from localhost (localhost [127.0.0.1]) by namei.org (8.14.4/8.14.4) with ESMTP id 03MGgnwT012761; Wed, 22 Apr 2020 16:42:49 GMT Date: Thu, 23 Apr 2020 02:42:49 +1000 (AEST) From: James Morris To: deven.desai@linux.microsoft.com cc: agk@redhat.com, axboe@kernel.dk, snitzer@redhat.com, "Serge E. Hallyn" , zohar@linux.ibm.com, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, dm-devel@redhat.com, linux-block@vger.kernel.org, jannh@google.com, tyhicks@linux.microsoft.com, pasha.tatashin@soleen.com, sashal@kernel.org, jaskarankhurana@linux.microsoft.com, nramas@linux.microsoft.com, mdsakib@linux.microsoft.com, linux-kernel@vger.kernel.org, Jonathan Corbet , Stephen Smalley , Chad Sellers , John Johansen Subject: Re: [RFC PATCH v3 05/12] fs: add security blob and hooks for block_device In-Reply-To: <20200415162550.2324-6-deven.desai@linux.microsoft.com> Message-ID: References: <20200415162550.2324-1-deven.desai@linux.microsoft.com> <20200415162550.2324-6-deven.desai@linux.microsoft.com> User-Agent: Alpine 2.21 (LRH 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 15 Apr 2020, deven.desai@linux.microsoft.com wrote: > From: Deven Bowers > > Add a security blob and associated allocation, deallocation and set hooks > for a block_device structure. > > Signed-off-by: Deven Bowers Is there any feedback from block or LSM folk on the addition of a security blob for block_device here? IPE uses this is to track the status of integrity verification of e.g. DM-Verity devices, per this code from a subsequent patch: + ret = security_bdev_setsecurity(dm_table_get_md(v->ti->table)->bdev, + DM_VERITY_SIGNATURE_SEC_NAME, + v->sig->sig, v->sig->sig_size); -- James Morris