Received: by 2002:a25:e74b:0:0:0:0:0 with SMTP id e72csp212566ybh; Mon, 20 Jul 2020 14:44:31 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzjclGup+Uqg5wX5Ics+FSXZwSxcl0se81avqArHoViM7Pa2Ury6KlTvmp09K9GfIlPVsqi X-Received: by 2002:a17:906:3945:: with SMTP id g5mr23834377eje.549.1595281471700; Mon, 20 Jul 2020 14:44:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1595281471; cv=none; d=google.com; s=arc-20160816; b=PkEl2A8BNhwQb13CEbrio8HwuNHlNMqp5usZivqq7u7yoqCoro0qxBMYMaTcV2Al0a r3Tnyqxi1Y17gQzjfqZWWhgFO258AHbbZZMq6hyGsTab8sBc4ycYq6guL97sfpSauyje U2NjfiKBrWYubcesAdSATvSVxVCpTF2R5BF9mJr9BqSn+n9OhL1AGuYKN7yL5pSlsQvP hvCt6fcJK7B0uEiBFOheRsO8iDyGNesysL5c2jSTEYLwvEsz1P5p5h9B6SCb6unxlfe+ ZN5rccGBOCqdVvGHhCp0A9/Hr6oKu2K6OUdAK406xJn26EYreTzIe/zEWKHXSQPgLqkz zLUw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:date:cc:to:from:subject:message-id; bh=jzgbG1SM500T2lNdsrQHy9k14eJbSnIBS4ht/eAKkao=; b=D2fhWWTeGNJ/+oLzfolaB2do+XPCBY1xQnAZiE3k5vOOjWO7iuF/3/1fpfRos3+xji XBNbDwztpkTog8wKPXlo1Ed44iB6wotCa4iaKCVVggnJUEyUzGj7jeYZR3dW7ozynBVo A5x1p+YGc6TgpmUkqeNXlyOQFW9dyXbMmsZahkQ2bLL+l9Eep+Z1Wq7bz1pdzMlHV7Yy plS7W1HtMb/ZhsM1qCM/RVOiGXsKJi1X/BM8amKa/hrob5z8yMa0xSMJCQfDqlWqpkWU cVIiLTnufZp6/0reGRyozIGITRd+P6rryI6C67zmV0vD6gcac91LLEJlAgzOUcQGpsNF DFGw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id d14si11724821eds.574.2020.07.20.14.44.08; Mon, 20 Jul 2020 14:44:31 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728217AbgGTVm4 (ORCPT + 99 others); Mon, 20 Jul 2020 17:42:56 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:35328 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728236AbgGTVip (ORCPT ); Mon, 20 Jul 2020 17:38:45 -0400 Received: from pps.filterd (m0098399.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 06KKWocY152958; Mon, 20 Jul 2020 17:38:25 -0400 Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 32d5x49up3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 20 Jul 2020 17:38:25 -0400 Received: from m0098399.ppops.net (m0098399.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.36/8.16.0.36) with SMTP id 06KKl885030148; Mon, 20 Jul 2020 17:38:25 -0400 Received: from ppma04fra.de.ibm.com (6a.4a.5195.ip4.static.sl-reverse.com [149.81.74.106]) by mx0a-001b2d01.pphosted.com with ESMTP id 32d5x49una-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 20 Jul 2020 17:38:24 -0400 Received: from pps.filterd (ppma04fra.de.ibm.com [127.0.0.1]) by ppma04fra.de.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 06KLZBL4020699; Mon, 20 Jul 2020 21:38:22 GMT Received: from b06cxnps4075.portsmouth.uk.ibm.com (d06relay12.portsmouth.uk.ibm.com [9.149.109.197]) by ppma04fra.de.ibm.com with ESMTP id 32dbmn06yb-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 20 Jul 2020 21:38:22 +0000 Received: from b06wcsmtp001.portsmouth.uk.ibm.com (b06wcsmtp001.portsmouth.uk.ibm.com [9.149.105.160]) by b06cxnps4075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 06KLcKd744040416 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 20 Jul 2020 21:38:20 GMT Received: from b06wcsmtp001.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 3D90BA4054; Mon, 20 Jul 2020 21:38:20 +0000 (GMT) Received: from b06wcsmtp001.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 856E2A4060; Mon, 20 Jul 2020 21:38:18 +0000 (GMT) Received: from localhost.localdomain (unknown [9.85.145.253]) by b06wcsmtp001.portsmouth.uk.ibm.com (Postfix) with ESMTP; Mon, 20 Jul 2020 21:38:18 +0000 (GMT) Message-ID: <1595281097.5055.79.camel@linux.ibm.com> Subject: Re: [PATCH v3 00/12] ima: Fix rule parsing bugs and extend KEXEC_CMDLINE rule support From: Mimi Zohar To: Tyler Hicks , Dmitry Kasatkin , Sasha Levin Cc: James Morris , "Serge E . Hallyn" , Lakshmi Ramasubramanian , Prakhar Srivastava , linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, Janne Karhunen , Eric Biederman , kexec@lists.infradead.org, Casey Schaufler , Nayna Jain Date: Mon, 20 Jul 2020 17:38:17 -0400 In-Reply-To: <20200709061911.954326-1-tyhicks@linux.microsoft.com> References: <20200709061911.954326-1-tyhicks@linux.microsoft.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.20.5 (3.20.5-1.fc24) Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235,18.0.687 definitions=2020-07-20_09:2020-07-20,2020-07-20 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 clxscore=1015 mlxscore=0 suspectscore=2 malwarescore=0 mlxlogscore=999 priorityscore=1501 phishscore=0 impostorscore=0 adultscore=0 bulkscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2006250000 definitions=main-2007200136 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org [Cc'ing Sasha] On Thu, 2020-07-09 at 01:18 -0500, Tyler Hicks wrote: > I envision patches 1-7 going to stable. The series is ordered in a way > that has all the fixes up front, followed by cleanups, followed by the > feature patch. The breakdown of patches looks like so: > > Memory leak fixes: 1-3 > Parser strictness fixes: 4-7 > Code cleanups made possible by the fixes: 8-11 > Extend KEXEC_CMDLINE rule support: 12 I agree they should be backported, but they don't apply cleanly before linux-5.6.  The changes aren't that major.  Some patch hunks apply cleanly, but won't compile, while others patch hunks need to be dropped based on when the feature was upstreamed.  For these reasons, I'm not Cc'ing stable. Feature upstreamed: - LSM policy update: linux 5.3 - key command line: linux 5.3 - blacklist: linux 5.5 - keyrings: linux 5.6 For Linux 5.3: - Dependency on backporting commit 483ec26eed42 ("ima: ima/lsm policy rule loading logic bug fixes") to apply " ima: Free the entire rule if it fails to parse". Mimi