Received: by 2002:a25:e74b:0:0:0:0:0 with SMTP id e72csp3032227ybh;
        Sat, 25 Jul 2020 08:51:07 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJwQuFr+YnDlLF42UC9eVpuYSoMWXWDh5obU+DFWieGZllsIuuQ2Vj+CMeyCQHGgCaQXKrYy
X-Received: by 2002:a50:e8c9:: with SMTP id l9mr13730139edn.272.1595692267130;
        Sat, 25 Jul 2020 08:51:07 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1595692267; cv=none;
        d=google.com; s=arc-20160816;
        b=Gr0jU8WVdUjH8T3o2PQBaWuGA4MdyGJ4bi9taL4v/6ey5rIOkKJl+7ubE/hcTl91ss
         yrptcN7DdoM4szRGnDIGP88OQt+FVdTBmupWORc5M/4aIbjgLlBBSmG36sJdQopBgyFH
         xjMeHYA8dYYbcpxs9U1eb1ZFYGdXt0LZN3CtZHf44IP1eGxLujnjWsUmANldUxu6U+ag
         sQVwCMpKhH/51iREP9+65ilZUKw5itk7mO1aA/vuRqiwvTmzdii7ChtHdEn7Df0xG3I2
         T7nXu/XxLeFC0FfgVaE1lW7NnVnDJSiT63FAWWX/kLp5jCw59cCd2POn8oVX4VGxH+Pg
         P+8w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:in-reply-to:content-disposition
         :mime-version:references:message-id:subject:cc:to:from:date
         :dkim-signature;
        bh=/1vt+B3DVDrdrfR+H/x+bcPYzBM3lx1EeYwS9nHXkv0=;
        b=zUH2cuyFxMXw/qxz+aLmuxBWyKYh7Ud6oVcT6GxMmHCLgUGOiLThAg5u3HVaZRqu72
         2OvT6akomf/W7kRB9Wj/EkFf4RINiZOcGuix0X0+TQON+bx4o8Sgp7gSmOq8Tol6Fm6A
         sq1tDu8emY8EFuWSRRmKNcnevDv2yEypqYqxQtdWZHpdo8JU6m39/1i+85tshXgXjFUd
         DCy8kfvlgkHpCyhitgj5eEcltj38oSkLntnufgUvhaAwH45C3z+vjMaBnlqDakMJtWxa
         dxuN+h2SdYAGhQKuKlYua8NEkabKdxvrs69Q7GH1dQo/l5sMr28CV34TFSI/PxFXwLug
         aHcg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@chromium.org header.s=google header.b=LLuknkdO;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id i23si2663488ejj.578.2020.07.25.08.50.42;
        Sat, 25 Jul 2020 08:51:07 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@chromium.org header.s=google header.b=LLuknkdO;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727043AbgGYPsY (ORCPT <rfc822;peterpeng024@gmail.com>
        + 99 others); Sat, 25 Jul 2020 11:48:24 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56690 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726567AbgGYPsX (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 25 Jul 2020 11:48:23 -0400
Received: from mail-pg1-x541.google.com (mail-pg1-x541.google.com [IPv6:2607:f8b0:4864:20::541])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E9C69C08C5C0
        for <linux-kernel@vger.kernel.org>; Sat, 25 Jul 2020 08:48:22 -0700 (PDT)
Received: by mail-pg1-x541.google.com with SMTP id w2so7010627pgg.10
        for <linux-kernel@vger.kernel.org>; Sat, 25 Jul 2020 08:48:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google;
        h=date:from:to:cc:subject:message-id:references:mime-version
         :content-disposition:in-reply-to;
        bh=/1vt+B3DVDrdrfR+H/x+bcPYzBM3lx1EeYwS9nHXkv0=;
        b=LLuknkdOV2ZtuQPqqojqyvetQWZyKdeY9d3pGLpBMsgkaZgVvKIy/AOCpwPfbYes5B
         H/o0kCTLgkAjS3VbyKJPiw8PQtoBi3SFOF2kTEMS3QjeeRaS8iowUPs0nb2cE46QURNP
         7+NdSyvlQQugboxyBYham2MUGFHTQgh4+wzjg=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:from:to:cc:subject:message-id:references
         :mime-version:content-disposition:in-reply-to;
        bh=/1vt+B3DVDrdrfR+H/x+bcPYzBM3lx1EeYwS9nHXkv0=;
        b=cjdRRYBOu6Fi3iGk/y9gwpSDt+Y+kRcxOaAv9iSgvRJlOkn4cgHTX4PUaKJi6a2qI6
         zSyHttR2RQQ6ZFdhSBL++5N5o5/Z0TnOPkyhFjyYQkTaW2skaXIc8z9Al0pbqq+Lizf4
         +r8PDwANigqpNljG4jdf9xLKGy3FAYGLes6pwmg6p5Gfwc5WLChUBvQ74MBvScE+bsB9
         GpgoCejHduJTO8y6NG7VTkdgPjOpVF/g2jrS2nBeamTXCeIRA67S6pr2hthHI0JewFK5
         CZD+1o7SgkOGGABXbwjDMczu0I4TTwwrZWaDIy3Y3kWvnTV7Nt8e6CpiQbW6VMvtOoSp
         B18g==
X-Gm-Message-State: AOAM532PS0vSF1vY5BlN3r/uiceAv9BMlkOxaTguI4htBfHnyUSHUs44
        Irv0TZnziGXz5htQIhb9PygnFw==
X-Received: by 2002:a63:7d16:: with SMTP id y22mr12268714pgc.136.1595692102486;
        Sat, 25 Jul 2020 08:48:22 -0700 (PDT)
Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163])
        by smtp.gmail.com with ESMTPSA id j10sm9458042pgh.28.2020.07.25.08.48.20
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sat, 25 Jul 2020 08:48:21 -0700 (PDT)
Date:   Sat, 25 Jul 2020 08:48:19 -0700
From:   Kees Cook <keescook@chromium.org>
To:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc:     Scott Branden <scott.branden@broadcom.com>,
        Mimi Zohar <zohar@linux.ibm.com>,
        Luis Chamberlain <mcgrof@kernel.org>,
        Jessica Yu <jeyu@kernel.org>, SeongJae Park <sjpark@amazon.de>,
        KP Singh <kpsingh@chromium.org>, linux-efi@vger.kernel.org,
        linux-security-module@vger.kernel.org,
        linux-integrity@vger.kernel.org, selinux@vger.kernel.org,
        linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v3 00/19] Introduce partial kernel_read_file() support
Message-ID: <202007250843.534DE3DB48@keescook>
References: <20200724213640.389191-1-keescook@chromium.org>
 <20200725100555.GA1073708@kroah.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20200725100555.GA1073708@kroah.com>
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Sat, Jul 25, 2020 at 12:05:55PM +0200, Greg Kroah-Hartman wrote:
> On Fri, Jul 24, 2020 at 02:36:21PM -0700, Kees Cook wrote:
> > v3:
> > - add reviews/acks
> > - add "IMA: Add support for file reads without contents" patch
> > - trim CC list, in case that's why vger ignored v2
> > v2: [missing from lkml archives! (CC list too long?) repeating changes here]
> > - fix issues in firmware test suite
> > - add firmware partial read patches
> > - various bug fixes/cleanups
> > v1: https://lore.kernel.org/lkml/20200717174309.1164575-1-keescook@chromium.org/
> > 
> > Hi,
> > 
> > Here's my tree for adding partial read support in kernel_read_file(),
> > which fixes a number of issues along the way. It's got Scott's firmware
> > and IMA patches ported and everything tests cleanly for me (even with
> > CONFIG_IMA_APPRAISE=y).
> > 
> > I think the intention is for this to go via Greg's tree since Scott's
> > driver code will depend on it?
> 
> I've applied the first 3 now, as I think I need some acks/reviewed-by
> from the subsystem owners of the other patches before I can take them.

Sounds good; thanks!

(I would argue 4 and 5 are also bug fixes, 6 is already Acked by hch and
you, and 7 is a logical follow-up to 6, but I get your point.)

James, Luis, Mimi, and Jessica, the bulk of these patches are LSM,
firmware, IMA, and modules. How does this all look to you? And KP,
you'd mentioned privately that you were interested in being able to
use the new kernel_post_load_data LSM hook for better visibility into
non-file-backed blob loading.

Thanks!

-Kees

-- 
Kees Cook