Received: by 2002:a25:1985:0:0:0:0:0 with SMTP id 127csp891365ybz;
        Wed, 22 Apr 2020 09:45:44 -0700 (PDT)
X-Google-Smtp-Source: APiQypJ6l9g9PY2GAPRUMqV1zJq0R4mZf7upWCcclQAcQ2HvJ3HQ8tDrm938652viEhrmYeWxKsW
X-Received: by 2002:aa7:dcc3:: with SMTP id w3mr22708091edu.231.1587573944023;
        Wed, 22 Apr 2020 09:45:44 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1587573944; cv=none;
        d=google.com; s=arc-20160816;
        b=gO+zFeAWFKlmFPtIpbrMaOsCWdnlegr2OSr97g9BjVec1C3pljdV18hjamGq9mpK6V
         cUN4QqqHOeWNXPe0C9qyBRwL94+u7y22zPgSg7NN3K70HB+wHScYlqiTidweFSLTdr0a
         FqvTAKLF42FxJCzI6OEO38tD+qxsN4ORa7SoX7FbIUxwfsVdBb6KM6PsL3PZ2JBXwywg
         dsBTWgwItA+1sOAEt8gTp7LXihfdY+Rhb4cyeaEG5skMGy5ebeM2Ti8F8qoR8CjwShTm
         KrcmEuuaR/2mUs1+g8gCdbJW1q1HHEY4vByzH/re0zdL+Vsb8sRFQKu/16jL3skft+jQ
         7wuA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:references
         :message-id:in-reply-to:subject:cc:to:from:date;
        bh=c2uaY2BtxHC9aJjrqz0UzKts0nQzqvoqx7/R3N6D/Vc=;
        b=N+v1vfC3IZaGr8Mqhh42SbajWVjnnZVtXJU1MOoAGVIwhME695FuPqiX8b5zeZd98s
         P7pICiL8QU+ozffd0ysie1IxONz6X+Bku7z5rG9NIZG+afunN/i0ZFgxSyvMYl6jSJ5A
         nEcwiyHvIsod6M9SQ8aJa9zVDQEdZ9PJKpC11gNLSiOaUskX9vwYcFNyjQmwq+VpRbdr
         h2uTPA2upS2CIWHo0IcypTGu8iO+DGEAGs+bPNOsnyTxkl13ZdDMgOGTkBUpyJssN+Lm
         OVDPHHe5mJru3rVOwo8D8jRFrI07kXRMSL0eXWDt/NQc2z/rUBnWnLKPz5+fwez6DuYS
         g2kQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id u25si3785299edi.574.2020.04.22.09.44.50;
        Wed, 22 Apr 2020 09:45:44 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726724AbgDVQnY (ORCPT <rfc822;ulfalizer@gmail.com> + 99 others);
        Wed, 22 Apr 2020 12:43:24 -0400
Received: from namei.org ([65.99.196.166]:52006 "EHLO namei.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726423AbgDVQnY (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 22 Apr 2020 12:43:24 -0400
Received: from localhost (localhost [127.0.0.1])
        by namei.org (8.14.4/8.14.4) with ESMTP id 03MGgnwT012761;
        Wed, 22 Apr 2020 16:42:49 GMT
Date:   Thu, 23 Apr 2020 02:42:49 +1000 (AEST)
From:   James Morris <jmorris@namei.org>
To:     deven.desai@linux.microsoft.com
cc:     agk@redhat.com, axboe@kernel.dk, snitzer@redhat.com,
        "Serge E. Hallyn" <serge@hallyn.com>, zohar@linux.ibm.com,
        linux-integrity@vger.kernel.org,
        linux-security-module@vger.kernel.org, dm-devel@redhat.com,
        linux-block@vger.kernel.org, jannh@google.com,
        tyhicks@linux.microsoft.com, pasha.tatashin@soleen.com,
        sashal@kernel.org, jaskarankhurana@linux.microsoft.com,
        nramas@linux.microsoft.com, mdsakib@linux.microsoft.com,
        linux-kernel@vger.kernel.org, Jonathan Corbet <corbet@lwn.net>,
        Stephen Smalley <sds@tycho.nsa.gov>,
        Chad Sellers <csellers@tresys.com>,
        John Johansen <john.johansen@canonical.com>
Subject: Re: [RFC PATCH v3 05/12] fs: add security blob and hooks for
 block_device
In-Reply-To: <20200415162550.2324-6-deven.desai@linux.microsoft.com>
Message-ID: <alpine.LRH.2.21.2004230234420.12318@namei.org>
References: <20200415162550.2324-1-deven.desai@linux.microsoft.com> <20200415162550.2324-6-deven.desai@linux.microsoft.com>
User-Agent: Alpine 2.21 (LRH 202 2017-01-01)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, 15 Apr 2020, deven.desai@linux.microsoft.com wrote:

> From: Deven Bowers <deven.desai@linux.microsoft.com>
> 
> Add a security blob and associated allocation, deallocation and set hooks
> for a block_device structure.
> 
> Signed-off-by: Deven Bowers <deven.desai@linux.microsoft.com>

Is there any feedback from block or LSM folk on the addition of a security 
blob for block_device here?

IPE uses this is to track the status of integrity verification of e.g. 
DM-Verity devices, per this code from a subsequent patch:


+       ret = security_bdev_setsecurity(dm_table_get_md(v->ti->table)->bdev,
+                                       DM_VERITY_SIGNATURE_SEC_NAME,
+                                       v->sig->sig, v->sig->sig_size);


-- 
James Morris
<jmorris@namei.org>