Received: by 2002:a25:e74b:0:0:0:0:0 with SMTP id e72csp212566ybh;
        Mon, 20 Jul 2020 14:44:31 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJzjclGup+Uqg5wX5Ics+FSXZwSxcl0se81avqArHoViM7Pa2Ury6KlTvmp09K9GfIlPVsqi
X-Received: by 2002:a17:906:3945:: with SMTP id g5mr23834377eje.549.1595281471700;
        Mon, 20 Jul 2020 14:44:31 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1595281471; cv=none;
        d=google.com; s=arc-20160816;
        b=PkEl2A8BNhwQb13CEbrio8HwuNHlNMqp5usZivqq7u7yoqCoro0qxBMYMaTcV2Al0a
         r3Tnyqxi1Y17gQzjfqZWWhgFO258AHbbZZMq6hyGsTab8sBc4ycYq6guL97sfpSauyje
         U2NjfiKBrWYubcesAdSATvSVxVCpTF2R5BF9mJr9BqSn+n9OhL1AGuYKN7yL5pSlsQvP
         hvCt6fcJK7B0uEiBFOheRsO8iDyGNesysL5c2jSTEYLwvEsz1P5p5h9B6SCb6unxlfe+
         ZN5rccGBOCqdVvGHhCp0A9/Hr6oKu2K6OUdAK406xJn26EYreTzIe/zEWKHXSQPgLqkz
         zLUw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :references:in-reply-to:date:cc:to:from:subject:message-id;
        bh=jzgbG1SM500T2lNdsrQHy9k14eJbSnIBS4ht/eAKkao=;
        b=D2fhWWTeGNJ/+oLzfolaB2do+XPCBY1xQnAZiE3k5vOOjWO7iuF/3/1fpfRos3+xji
         XBNbDwztpkTog8wKPXlo1Ed44iB6wotCa4iaKCVVggnJUEyUzGj7jeYZR3dW7ozynBVo
         A5x1p+YGc6TgpmUkqeNXlyOQFW9dyXbMmsZahkQ2bLL+l9Eep+Z1Wq7bz1pdzMlHV7Yy
         plS7W1HtMb/ZhsM1qCM/RVOiGXsKJi1X/BM8amKa/hrob5z8yMa0xSMJCQfDqlWqpkWU
         cVIiLTnufZp6/0reGRyozIGITRd+P6rryI6C67zmV0vD6gcac91LLEJlAgzOUcQGpsNF
         DFGw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id d14si11724821eds.574.2020.07.20.14.44.08;
        Mon, 20 Jul 2020 14:44:31 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728217AbgGTVm4 (ORCPT <rfc822;huangweiredhat@gmail.com>
        + 99 others); Mon, 20 Jul 2020 17:42:56 -0400
Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:35328 "EHLO
        mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1728236AbgGTVip (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 20 Jul 2020 17:38:45 -0400
Received: from pps.filterd (m0098399.ppops.net [127.0.0.1])
        by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 06KKWocY152958;
        Mon, 20 Jul 2020 17:38:25 -0400
Received: from pps.reinject (localhost [127.0.0.1])
        by mx0a-001b2d01.pphosted.com with ESMTP id 32d5x49up3-1
        (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
        Mon, 20 Jul 2020 17:38:25 -0400
Received: from m0098399.ppops.net (m0098399.ppops.net [127.0.0.1])
        by pps.reinject (8.16.0.36/8.16.0.36) with SMTP id 06KKl885030148;
        Mon, 20 Jul 2020 17:38:25 -0400
Received: from ppma04fra.de.ibm.com (6a.4a.5195.ip4.static.sl-reverse.com [149.81.74.106])
        by mx0a-001b2d01.pphosted.com with ESMTP id 32d5x49una-1
        (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
        Mon, 20 Jul 2020 17:38:24 -0400
Received: from pps.filterd (ppma04fra.de.ibm.com [127.0.0.1])
        by ppma04fra.de.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 06KLZBL4020699;
        Mon, 20 Jul 2020 21:38:22 GMT
Received: from b06cxnps4075.portsmouth.uk.ibm.com (d06relay12.portsmouth.uk.ibm.com [9.149.109.197])
        by ppma04fra.de.ibm.com with ESMTP id 32dbmn06yb-1
        (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
        Mon, 20 Jul 2020 21:38:22 +0000
Received: from b06wcsmtp001.portsmouth.uk.ibm.com (b06wcsmtp001.portsmouth.uk.ibm.com [9.149.105.160])
        by b06cxnps4075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 06KLcKd744040416
        (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
        Mon, 20 Jul 2020 21:38:20 GMT
Received: from b06wcsmtp001.portsmouth.uk.ibm.com (unknown [127.0.0.1])
        by IMSVA (Postfix) with ESMTP id 3D90BA4054;
        Mon, 20 Jul 2020 21:38:20 +0000 (GMT)
Received: from b06wcsmtp001.portsmouth.uk.ibm.com (unknown [127.0.0.1])
        by IMSVA (Postfix) with ESMTP id 856E2A4060;
        Mon, 20 Jul 2020 21:38:18 +0000 (GMT)
Received: from localhost.localdomain (unknown [9.85.145.253])
        by b06wcsmtp001.portsmouth.uk.ibm.com (Postfix) with ESMTP;
        Mon, 20 Jul 2020 21:38:18 +0000 (GMT)
Message-ID: <1595281097.5055.79.camel@linux.ibm.com>
Subject: Re: [PATCH v3 00/12] ima: Fix rule parsing bugs and extend
 KEXEC_CMDLINE rule support
From:   Mimi Zohar <zohar@linux.ibm.com>
To:     Tyler Hicks <tyhicks@linux.microsoft.com>,
        Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
        Sasha Levin <sashal@kernel.org>
Cc:     James Morris <jmorris@namei.org>,
        "Serge E . Hallyn" <serge@hallyn.com>,
        Lakshmi Ramasubramanian <nramas@linux.microsoft.com>,
        Prakhar Srivastava <prsriva02@gmail.com>,
        linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org,
        linux-security-module@vger.kernel.org,
        Janne Karhunen <janne.karhunen@gmail.com>,
        Eric Biederman <ebiederm@xmission.com>,
        kexec@lists.infradead.org,
        Casey Schaufler <casey@schaufler-ca.com>,
        Nayna Jain <nayna@linux.ibm.com>
Date:   Mon, 20 Jul 2020 17:38:17 -0400
In-Reply-To: <20200709061911.954326-1-tyhicks@linux.microsoft.com>
References: <20200709061911.954326-1-tyhicks@linux.microsoft.com>
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.20.5 (3.20.5-1.fc24) 
Mime-Version: 1.0
Content-Transfer-Encoding: 8bit
X-TM-AS-GCONF: 00
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235,18.0.687
 definitions=2020-07-20_09:2020-07-20,2020-07-20 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 clxscore=1015
 mlxscore=0 suspectscore=2 malwarescore=0 mlxlogscore=999
 priorityscore=1501 phishscore=0 impostorscore=0 adultscore=0 bulkscore=0
 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1
 engine=8.12.0-2006250000 definitions=main-2007200136
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

[Cc'ing Sasha]

On Thu, 2020-07-09 at 01:18 -0500, Tyler Hicks wrote:

> I envision patches 1-7 going to stable. The series is ordered in a way
> that has all the fixes up front, followed by cleanups, followed by the
> feature patch. The breakdown of patches looks like so:
> 
>  Memory leak fixes: 1-3
>  Parser strictness fixes: 4-7
>  Code cleanups made possible by the fixes: 8-11
>  Extend KEXEC_CMDLINE rule support: 12

I agree they should be backported, but they don't apply cleanly before
linux-5.6.  The changes aren't that major.  Some patch hunks apply
cleanly, but won't compile, while others patch hunks need to be
dropped based on when the feature was upstreamed.  For these reasons,
I'm not Cc'ing stable.

Feature upstreamed:
- LSM policy update: linux 5.3
- key command line: linux 5.3
- blacklist: linux 5.5
- keyrings: linux 5.6

For Linux 5.3:
- Dependency on backporting commit 483ec26eed42 ("ima: ima/lsm policy
rule loading logic bug fixes") to apply " ima: Free the entire rule if
it fails to parse".

Mimi