Received: by 2002:a05:6a10:6744:0:0:0:0 with SMTP id w4csp457048pxu;
        Tue, 6 Oct 2020 10:20:10 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJxAsV7egb3E835Xn38CJg8KdPUQuBSMW+vuCdc6RiPX5wzMVxQbqvNXV2KCwFdn/mGxji6h
X-Received: by 2002:a17:906:3882:: with SMTP id q2mr584788ejd.452.1602004810084;
        Tue, 06 Oct 2020 10:20:10 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1602004810; cv=none;
        d=google.com; s=arc-20160816;
        b=mr6u/KpibSgXYdkD2BNcau7e662/JWlcDIiu6yCqXaGwxbSJKumQJhAqmSx+M+26r6
         yFRU7hq3f2o9AV8OdfZsXYfFgRgIHBYqL///7Cjelp4njVWtTB8DhqjJECSeTz9Hqpda
         lNCTaVDx6un7COGA++DVRtIUawiaSJsspEgIWkP5lRXmLRVCM8+YrSGza6Q4JqhUnBSK
         v7OJDbh2sgQM/SxQlyiJqfhpGe8H4uDIdrne3Zj9OxAOxfBhTLFeORGO78PQn5ZtOTJq
         Ok+eUqw9DNGFvNcD+7GVhhLXX7az74YLMDV8phea5GcJoXc3WyFkXHJoh25QF0X5wTGM
         uS3Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:mime-version:user-agent:references:message-id
         :in-reply-to:subject:cc:to:from:date;
        bh=w5OwI2LInoUTB1bVQMWTdX4ha3P6Cmo9aH2VSnKKKfs=;
        b=nErNhnfdoJ0xmQo+s2babpPDtAsOUUBs/8FQmleN0pyVHJiAaGqf/If8vwOU3lm3zs
         hdZOnO6tbBiNf1wGzSbRdI1HGzT44ZaUK/BzOdBZ2cJd9QPdvkqeSECCL64yRbBzZ6uK
         VgZkOL/N4mAD2cnFqYLdHRm01JbRrs+IiehCHPQofHvO8UKc99mQ3sHRIDWF35N8iBEd
         XjnK3ovVr/fsr1Aub/igxp2PtpceW3CDlYjDZ2a6Vq4nDzJciQgBN3rZ9bRuKgNWvZwK
         5Td9oDkYwcMunCzc/mxl75rbR5nG5T/8D1SRuCs6TriWa2CHyjl3vlqvGDTxFYPuzGWJ
         +y8Q==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id g3si2922414edu.80.2020.10.06.10.19.43;
        Tue, 06 Oct 2020 10:20:10 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726337AbgJFRSI (ORCPT <rfc822;huangweiredhat@gmail.com>
        + 99 others); Tue, 6 Oct 2020 13:18:08 -0400
Received: from namei.org ([65.99.196.166]:33268 "EHLO namei.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1725902AbgJFRSH (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 6 Oct 2020 13:18:07 -0400
Received: from localhost (localhost [127.0.0.1])
        by namei.org (8.14.4/8.14.4) with ESMTP id 096HHqvb007464;
        Tue, 6 Oct 2020 17:17:52 GMT
Date:   Wed, 7 Oct 2020 04:17:52 +1100 (AEDT)
From:   James Morris <jmorris@namei.org>
To:     Kees Cook <keescook@chromium.org>
cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Mimi Zohar <zohar@linux.ibm.com>,
        Luis Chamberlain <mcgrof@kernel.org>,
        Scott Branden <scott.branden@broadcom.com>,
        stable@vger.kernel.org, Takashi Iwai <tiwai@suse.de>,
        Jessica Yu <jeyu@kernel.org>, SeongJae Park <sjpark@amazon.de>,
        KP Singh <kpsingh@chromium.org>, linux-efi@vger.kernel.org,
        linux-security-module@vger.kernel.org,
        linux-integrity@vger.kernel.org, selinux@vger.kernel.org,
        linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v5 01/16] fs/kernel_read_file: Remove FIRMWARE_PREALLOC_BUFFER
 enum
In-Reply-To: <20201002173828.2099543-2-keescook@chromium.org>
Message-ID: <alpine.LRH.2.21.2010070417400.18879@namei.org>
References: <20201002173828.2099543-1-keescook@chromium.org> <20201002173828.2099543-2-keescook@chromium.org>
User-Agent: Alpine 2.21 (LRH 202 2017-01-01)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri, 2 Oct 2020, Kees Cook wrote:

> FIRMWARE_PREALLOC_BUFFER is a "how", not a "what", and confuses the LSMs
> that are interested in filtering between types of things. The "how"
> should be an internal detail made uninteresting to the LSMs.
> 
> Fixes: a098ecd2fa7d ("firmware: support loading into a pre-allocated buffer")
> Fixes: fd90bc559bfb ("ima: based on policy verify firmware signatures (pre-allocated buffer)")
> Fixes: 4f0496d8ffa3 ("ima: based on policy warn about loading firmware (pre-allocated buffer)")
> Signed-off-by: Kees Cook <keescook@chromium.org>
> Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
> Reviewed-by: Luis Chamberlain <mcgrof@kernel.org>
> Acked-by: Scott Branden <scott.branden@broadcom.com>
> Cc: stable@vger.kernel.org


Reviewed-by: James Morris <jamorris@linux.microsoft.com>


-- 
James Morris
<jmorris@namei.org>