Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp489533ybt; Wed, 8 Jul 2020 04:58:38 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwc5q8VgmuevEpdV3WN00K8tzoDup6wf1DRrtR3JkekS6pNGNe/CKQMiWB19dr2Db8F5vH0 X-Received: by 2002:aa7:c2d7:: with SMTP id m23mr3734423edp.216.1594209518554; Wed, 08 Jul 2020 04:58:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1594209518; cv=none; d=google.com; s=arc-20160816; b=02CdmKJpk61oLLE8s2Zq3U6ps0MZsSyz3fnakjeytybcZ/CTkSKH7U4PTQJOg0Z2Sf pLtD2p8PiHDx24+SNR2PtEvh5r2TZVYz6yBQkTiwMYoj0bOx3OtbjLVi0NH0na0kfW01 rF1/S8+OqtX5O7WhaEXTa5BFBHF558fmgE/oavJenJqzCeZJn7JzByIYyqPp430uZzhz +De3I7harYbaQefG7frf7crMMKUtn8BpVORhm+V6jJBgL+pW7Vk04N5kZ94njJdW+i4S hKE0irQJhDXr3wtuV3dXh713THefiw3BFPnswBwJaPwJDP4O8lAltQPB+EylK+hMmHA8 c0ng== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=jTBZMKlUFpNmWtFn4HrVodPcCTzQQGJkYgOfgBAYscY=; b=AEjOXXYDMrP4v8/VORq0E3rsqq0VxqxvPqtDSvCWvanKJOneETFifCXajPsIKN/oY1 tQtZvF1OmAATQ+eGK2vfmGgSHPzpphjGti4dGHnXsoRxzIbMR4fC8dkn4RMbN3qhz9VP bnlo488kY1DidoVHG3gfQCXhCGDbk5pdxFZEyiLJvxc1+3m8Zw5nujEmw8r2FdDOuaBR 2xCalZaNm75HFbt3k7pw6IsPi+53vR6ITGv3HxSq6r/VOBW89GbeU73hEkZHOF+YrMv9 ujr8wdkzBZq49dizv+cn+rYqMLVA3OfZpfWrlE7msBdwMBf0Q9ucriGAWYvELdpkqlfe zFFw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id r11si16306522eja.618.2020.07.08.04.58.16; Wed, 08 Jul 2020 04:58:38 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728932AbgGHLzW (ORCPT + 99 others); Wed, 8 Jul 2020 07:55:22 -0400 Received: from mail-pj1-f66.google.com ([209.85.216.66]:51891 "EHLO mail-pj1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728592AbgGHLzV (ORCPT ); Wed, 8 Jul 2020 07:55:21 -0400 Received: by mail-pj1-f66.google.com with SMTP id ls15so434307pjb.1; Wed, 08 Jul 2020 04:55:20 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=jTBZMKlUFpNmWtFn4HrVodPcCTzQQGJkYgOfgBAYscY=; b=QbWYJMRC1FMBssFToN6lX3FN3Z1KfD1XTPJw9e2bZ+S/oxwWPIW2H4htJ8Vyi3bfMn vRlBj/Lh2nbCGBKA32qcbY4yWqjCXk1qgS0TXuDjxWyXAZu/mhPms5NlkSIAKDSesiZD akXY8SQexPtwibggcsrhBW7B9pdYe8tExmkX/bzB7r7D09ZSRJF4RIs6AIAw4vx+wxMu IyXDAp/8rJsVd9fx/C1XRIACjppI4t8sCCU75AzGoLNsfAEII/M3SNpOgrRKIRo/NmPx QFd/c+gTV07e8eh1XyCnxJk6JGE7GtBcu5oYAQIZfCHi98I5vTBWb3Sdm7LuEaajkHPW XOpQ== X-Gm-Message-State: AOAM533OWBpHHWoS1zGcOervFLmOtG4SBM/AJyeQoUKpA8NjIo7nIWYM 20Yh5hZQZNfpT8b8i5NnS94= X-Received: by 2002:a17:902:20a:: with SMTP id 10mr22378243plc.127.1594209320371; Wed, 08 Jul 2020 04:55:20 -0700 (PDT) Received: from 42.do-not-panic.com (42.do-not-panic.com. [157.230.128.187]) by smtp.gmail.com with ESMTPSA id 17sm23498716pfv.16.2020.07.08.04.55.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 08 Jul 2020 04:55:18 -0700 (PDT) Received: by 42.do-not-panic.com (Postfix, from userid 1000) id 07E68401AE; Wed, 8 Jul 2020 11:55:18 +0000 (UTC) Date: Wed, 8 Jul 2020 11:55:17 +0000 From: Luis Chamberlain To: Hans de Goede Cc: Kees Cook , James Morris , Mimi Zohar , Scott Branden , Greg Kroah-Hartman , "Rafael J. Wysocki" , Alexander Viro , Jessica Yu , Dmitry Kasatkin , "Serge E. Hallyn" , Casey Schaufler , "Eric W. Biederman" , Peter Zijlstra , Matthew Garrett , David Howells , Mauro Carvalho Chehab , Randy Dunlap , "Joel Fernandes (Google)" , KP Singh , Dave Olsthoorn , Peter Jones , Andrew Morton , Stephen Boyd , Paul Moore , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org Subject: Re: [PATCH 0/4] Fix misused kernel_read_file() enums Message-ID: <20200708115517.GF4332@42.do-not-panic.com> References: <20200707081926.3688096-1-keescook@chromium.org> <3c01073b-c422-dd97-0677-c16fe1158907@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Jul 08, 2020 at 01:37:41PM +0200, Hans de Goede wrote: > Hi, > > On 7/8/20 1:01 PM, Hans de Goede wrote: > > Hi, > > > > On 7/7/20 10:19 AM, Kees Cook wrote: > > > Hi, > > > > > > In looking for closely at the additions that got made to the > > > kernel_read_file() enums, I noticed that FIRMWARE_PREALLOC_BUFFER > > > and FIRMWARE_EFI_EMBEDDED were added, but they are not appropriate > > > *kinds* of files for the LSM to reason about. They are a "how" and > > > "where", respectively. Remove these improper aliases and refactor the > > > code to adapt to the changes. > > > > > > Additionally adds in missing calls to security_kernel_post_read_file() > > > in the platform firmware fallback path (to match the sysfs firmware > > > fallback path) and in module loading. I considered entirely removing > > > security_kernel_post_read_file() hook since it is technically unused, > > > but IMA probably wants to be able to measure EFI-stored firmware images, > > > so I wired it up and matched it for modules, in case anyone wants to > > > move the module signature checks out of the module core and into an LSM > > > to avoid the current layering violations. > > > > > > This touches several trees, and I suspect it would be best to go through > > > James's LSM tree. > > > > > > Thanks! > > > > > > I've done some quick tests on this series to make sure that > > the efi embedded-firmware support did not regress. > > That still works fine, so this series is; > > > > Tested-by: Hans de Goede > > I made a mistake during testing I was not actually running the > kernel with the patches added. > > After fixing that I did find a problem, patch 4/4: > "module: Add hook for security_kernel_post_read_file()" > > Breaks module-loading for me. This is with the 4 patches > on top of 5.8.0-rc4, so this might just be because I'm > not using the right base. > > With patch 4/4 reverted things work fine for me. > > So, please only add my Tested-by to patches 1-3. BTW is there any testing covered by the selftests for the firmware laoder which would have caputured this? If not can you extend it with something to capture this case you ran into? Luis