Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp452916ybt; Wed, 8 Jul 2020 04:04:57 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwvAik91gLq7db0vUhX+2+FGtdp+JdDJwnQRyZt1sdU/RjKpRxqN8KDKFcZoTzEZCQVl27X X-Received: by 2002:a17:906:1187:: with SMTP id n7mr45390926eja.161.1594206296936; Wed, 08 Jul 2020 04:04:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1594206296; cv=none; d=google.com; s=arc-20160816; b=AUw7tQepcqFALm6kXs5eTT1Ff+ngkc6iewVOWRhVuxuaL6RaisxqH/q8ua1qY6D4uP Z/mziLj0ud+3Kyn++MqUR7jRmaADxG9K3h+uckm28M5cOESUb+Xj8jCyhvpF73aaqh5c VSUHrpxmgusMEBGHnZ2COfGEZhPVQOfwN8jfSonvWxu27KOwUwe7snuXL3LHvzUZcPCy Np3roR3cnpcZMMbQ3xyeYvj8oGcb3qstHozOleS2Qr+TkV9TB3RCh4fxA37v+VYoE7sg I+lEUGBQgbtWQCeZ+fh7E0H0QHXsRHT3sktSmf3qRRWYCIQfEVMAmI+eJHz4KnhNlB/k 0wXg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature; bh=R5NESMLlssU1+fU+MzHpdMP4ATVfk6Mh7mmKV6aiRHE=; b=qbNzsYSQLUK8Ki6KjIzFG+T21i7ZSg5j3+vk3/HPpAetIwzCwswK8b68sfm+AbQDzh W1Yg/2ca/C713OR+PKs3hmYROvSxi5u6YhcuKZKZiikqhJR3WbeeqBVPN62UdpYAWWDr dHauHNMq1snltDchM10GLcVd6V5BD+BfF6fwiDuk1/7NamA92XQeSJwH/ie2QEGgKSq3 oDSBoSmnBFn3kJgxOBRN0OnKF23oBFuPbV6oypCksC0lkvHDMWrj/lsK1ANicafEaSgh amzE2Lq7bjWRT8DMdhesVa/2PzWgbl8KNpyGuCBbspODRwNtx+BdCLN/cDRQelfE1lbf maBA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b="ZZ9C/f2i"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id dg17si17125492edb.606.2020.07.08.04.04.34; Wed, 08 Jul 2020 04:04:56 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b="ZZ9C/f2i"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728693AbgGHLCG (ORCPT + 99 others); Wed, 8 Jul 2020 07:02:06 -0400 Received: from us-smtp-1.mimecast.com ([207.211.31.81]:41031 "EHLO us-smtp-delivery-1.mimecast.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1728655AbgGHLB7 (ORCPT ); Wed, 8 Jul 2020 07:01:59 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1594206117; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=R5NESMLlssU1+fU+MzHpdMP4ATVfk6Mh7mmKV6aiRHE=; b=ZZ9C/f2i2Fk62BYSwegaJTHQMsqj+SscleRbHgsup1BJCc09TwDH64R4PWyB2l5y4hmG1U hbb7kScH12OrTyIGIqMNm7Jt1Gd1lrzvasxrGJcFoU+rNNcpQtsuFqHfU+h9JwDuALw3DO XXBA4wvXKkkUUF9WFJWjDjy9qxIY2lQ= Received: from mail-ed1-f72.google.com (mail-ed1-f72.google.com [209.85.208.72]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-225-SQQyiX0XPUmdT8fIKrneMQ-1; Wed, 08 Jul 2020 07:01:54 -0400 X-MC-Unique: SQQyiX0XPUmdT8fIKrneMQ-1 Received: by mail-ed1-f72.google.com with SMTP id v8so51862423edj.4 for ; Wed, 08 Jul 2020 04:01:53 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=R5NESMLlssU1+fU+MzHpdMP4ATVfk6Mh7mmKV6aiRHE=; b=Uov93a5j1gdpEQBFaIPPhZw94p5BuiY4xPXtXc+UuTHsa0mQy9oqMP7d2OaxIyf0Ln 8+qFPXAUzcjNmMaEhFQInlu+jPdK/DGHubbR44Hq3JkNRQgAsk24Ip22BrVOeQ3zTIaI rLtNy5iDEh5L18vYJqMRYfdLH0e/dagFg9Ns3jmzFvsa9KI4bco1VBXRvIqqMOFH0yWR OEAQW2/4DVP0g0lL6blFq6Q1jlYfVpt5Q8Z0zzQe99GlDH9YsxAk6Xe4WSPLLASQyYLm 2GdqtLrwOp6HCc0CQN1c9Td0a8DEPk/Wywd0RL8iIO996ajzqJe81mr+Y6bncdSs9VQL YnSg== X-Gm-Message-State: AOAM530oWLIy0RcRxM5eIW/cyMY7vdTVuS4RFd0ukkVcm3aSy0x4szH+ grM3BuAk2LuyEacViQLW9PlorUjxjKG0kr/bRekhG0QFMd7smSXp8mG+B7U4d7wHAMGmsacmhV1 21mkERZQm9XTnFTcPuHWK8Al0 X-Received: by 2002:aa7:d297:: with SMTP id w23mr63681852edq.49.1594206112971; Wed, 08 Jul 2020 04:01:52 -0700 (PDT) X-Received: by 2002:aa7:d297:: with SMTP id w23mr63681803edq.49.1594206112726; Wed, 08 Jul 2020 04:01:52 -0700 (PDT) Received: from x1.localdomain (2001-1c00-0c0c-fe00-d2ea-f29d-118b-24dc.cable.dynamic.v6.ziggo.nl. [2001:1c00:c0c:fe00:d2ea:f29d:118b:24dc]) by smtp.gmail.com with ESMTPSA id p4sm1776088eja.9.2020.07.08.04.01.51 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 08 Jul 2020 04:01:52 -0700 (PDT) Subject: Re: [PATCH 0/4] Fix misused kernel_read_file() enums To: Kees Cook , James Morris Cc: Luis Chamberlain , Mimi Zohar , Scott Branden , Greg Kroah-Hartman , "Rafael J. Wysocki" , Alexander Viro , Jessica Yu , Dmitry Kasatkin , "Serge E. Hallyn" , Casey Schaufler , "Eric W. Biederman" , Peter Zijlstra , Matthew Garrett , David Howells , Mauro Carvalho Chehab , Randy Dunlap , "Joel Fernandes (Google)" , KP Singh , Dave Olsthoorn , Peter Jones , Andrew Morton , Stephen Boyd , Paul Moore , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org References: <20200707081926.3688096-1-keescook@chromium.org> From: Hans de Goede Message-ID: <3c01073b-c422-dd97-0677-c16fe1158907@redhat.com> Date: Wed, 8 Jul 2020 13:01:51 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.9.0 MIME-Version: 1.0 In-Reply-To: <20200707081926.3688096-1-keescook@chromium.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi, On 7/7/20 10:19 AM, Kees Cook wrote: > Hi, > > In looking for closely at the additions that got made to the > kernel_read_file() enums, I noticed that FIRMWARE_PREALLOC_BUFFER > and FIRMWARE_EFI_EMBEDDED were added, but they are not appropriate > *kinds* of files for the LSM to reason about. They are a "how" and > "where", respectively. Remove these improper aliases and refactor the > code to adapt to the changes. > > Additionally adds in missing calls to security_kernel_post_read_file() > in the platform firmware fallback path (to match the sysfs firmware > fallback path) and in module loading. I considered entirely removing > security_kernel_post_read_file() hook since it is technically unused, > but IMA probably wants to be able to measure EFI-stored firmware images, > so I wired it up and matched it for modules, in case anyone wants to > move the module signature checks out of the module core and into an LSM > to avoid the current layering violations. > > This touches several trees, and I suspect it would be best to go through > James's LSM tree. > > Thanks! I've done some quick tests on this series to make sure that the efi embedded-firmware support did not regress. That still works fine, so this series is; Tested-by: Hans de Goede Regards, Hans > > -Kees > > Kees Cook (4): > firmware_loader: EFI firmware loader must handle pre-allocated buffer > fs: Remove FIRMWARE_PREALLOC_BUFFER from kernel_read_file() enums > fs: Remove FIRMWARE_EFI_EMBEDDED from kernel_read_file() enums > module: Add hook for security_kernel_post_read_file() > > drivers/base/firmware_loader/fallback_platform.c | 12 ++++++++++-- > drivers/base/firmware_loader/main.c | 5 ++--- > fs/exec.c | 7 ++++--- > include/linux/fs.h | 3 +-- > include/linux/lsm_hooks.h | 6 +++++- > kernel/module.c | 7 ++++++- > security/integrity/ima/ima_main.c | 6 ++---- > 7 files changed, 30 insertions(+), 16 deletions(-) >