Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp2123385pxb; Fri, 5 Feb 2021 09:27:17 -0800 (PST) X-Google-Smtp-Source: ABdhPJy/WINqrgX3nwXpu2nP5ZBwPK+AVbhwb132fp8TNKKrbKlRU1ziGpJF5XBa5McRV9YxI9wi X-Received: by 2002:a17:906:4dc5:: with SMTP id f5mr4983655ejw.11.1612546037025; Fri, 05 Feb 2021 09:27:17 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1612546037; cv=none; d=google.com; s=arc-20160816; b=v1QBqc/RblmTRmf20vafxj5TSnjAzb44U4B0Lg0knrXb5oMLXCbH4EQ9z6diDNk67n MikZwDroOaveLtxrGCzN0PX1oUFD2mc3+y3yK/tppOUq/8ni0PlBroP1hdrW5WjrfNLz zULIEB3aqNz9IV5ydY0Wsnvv0yUddZjv7/l4dzYDVxzW5E3msPZQRnKUJFbiB/bV6Lay 4wIMwmkXp4gd3prpCwAcBJIJ85OytadPjUs9mB5p7cYZHe4jvZawdAjqort0KW5EKySV yZME8ZQd6ctXAM8azivXoaMX/ptO364mZ3K9acix8fKvB88nHJDK7uyRPCnq3ValvoMW H1TA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-language:content-transfer-encoding :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject:dkim-signature; bh=LGQ2+Oq5r94j/3FnA4uP6fw1KLX7JE1Bzu43eSjT32U=; b=FyfdXPqHGoXAAXvZI46eYZjEEzLoYSeLcFOaZfaj/oeaK49hFSmief7tIT/ozj1DxS HqRodPjzV7qcpUwXrIa20rmEwmi2wvhDuLvUyoJWGFdJPDGWiSCHJUF+CW1USEx7Z3da LcfmTGyeULe1BnIj7jYe7xjBHalbMWXtaLQ5rYtFoWY9TB8RoiSy2wmnEHaqFrc/K5QZ 3Y5nV8TgZoh4UqcDrpybOKtLmB4r4ZZL4lgqt1bSGC7IftL7X8jWTXfxYTWWGIQUkckl CxlK60HpmTo1Hdo0q0KiFS2UvJeLoAKveONYlaXpKMwOs+/QpLbCFImuqLfV7EfDcmiz Ws0A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@yahoo.com header.s=s2048 header.b=dy37tqjO; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id u14si5717743edx.321.2021.02.05.09.26.51; Fri, 05 Feb 2021 09:27:17 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@yahoo.com header.s=s2048 header.b=dy37tqjO; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233311AbhBEPkT (ORCPT + 99 others); Fri, 5 Feb 2021 10:40:19 -0500 Received: from sonic307-15.consmr.mail.ne1.yahoo.com ([66.163.190.38]:37307 "EHLO sonic307-15.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233301AbhBEPeg (ORCPT ); Fri, 5 Feb 2021 10:34:36 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1612545371; bh=LGQ2+Oq5r94j/3FnA4uP6fw1KLX7JE1Bzu43eSjT32U=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From:Subject:Reply-To; b=dy37tqjOqSV7On8FDcyzKcDMD9uOTV19V1iXKrfOOEuWFSm96QIsjQCb7una2mzX7JZHd+5gtbtEPWs/k0Sk9NgTllSDVw+aldj7X9oR/Ubo8d/jrpxdx1iytnHWxfHPeeihML2IbDoMtYvIFPA2xGjsbQref8QLpWfX4rKYQO4kidCcVa84vai5AQEbEGzgvdeSG5/I5Yy3qv9t3rQtyuvyIe+czINaEcCiZsTVOhXMB7U//AY2uYoIGPNmWFBJLU9vQAAvBP+gxMa5LaAq1Rs/TaMwVm4NjkympVkSj0E0r2tcdOfay6BttZqrBKTiQuZZ9xNOhs7S/IFFMKZznQ== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1612545371; bh=qhrJfhr3DG5Yo5yoUYwZHkLme8fW0XZ03fT5A7uW48o=; h=X-Sonic-MF:Subject:To:From:Date:From:Subject; b=lobEPb+px2NqVkZb3x42Ic07gM+GJJmBnFjwulamzsidl9wcNdPTgB853/BG1fMZLcz6J8FZLzNv9r99FV5MLaHwwaYGghKeajTGbORB/53aA5PY6CgwYBlQffhKn+RcG29sbyceWCGbXSxsr4asY6Pe7DUnmxMHCPzkJDpZ6b8S2URWCptPpOpUrzcgvk6q/v5G7oixilXWBBZmVyPWqGBwQz8I1n1L7x7psIX2G/cBmGNw/W4BtGPBekL2wL5L9lxsUzl054Cfpxd3R3AlW+PEiLyO7Wv7A4Hok3hO3Lj5vtRrNNXpCP/M8xUEnycPF/uN7IuxqTWf7cLm0nOoNg== X-YMail-OSG: 4vk6bXoVM1neecdW7wnU5zezuyUc1WRLeXhj8yQJQhIu2KtYXYd28tosTbxPxcR UrgCw4yaZH5U2lQXeyB9yBAIy0rwxN.rJT7pbFlH_AtqnBxj5cnG.H9NPOSFe2OYuI09WiNvdbs2 V6ZsZxSe3NZzYQRE7aW.q6amUOkLgLhxcE_N.xJeCoCw5THeoyAbRpRfhoKFsgQ0f_S_zuCP9pDI iv6SkEhIIox2X22.afQptbIGBFMhynIZszfNjOEp4CPeD2QNd..SisHA6FZhKn4DFjwxKWNpuVDZ kWp72CtdaPSsz.yy60I3Q7PjqASg88FlCVRugf6EIWFMfjX2svZD99rHJXWA76xvhClPoJ4h8jzs VbGg9sZe1veNCX2IseMxYvjPG7TS3iAlyFGNJDyZDS2ROlmXKJseGrEmJLhHdK_f1wyNhWYenTFL p.vEWU0FCkk485OYQkxSsIySjwJX3HziHXBljQ67Da8Go2VDDbuaTLqDYoeNKozFXtDebTutEuKS m4R6sugwHTlIHmNHLMUEB4MukcGtof6AJxK6hVFrY2_Z_usb.vKDoGspF.miOiXIkkpyKF.VW_lb HFQgz10VobTqp67nFY7ziF6wqrpnlfnTjDCaoxZMEvPEIvByqPYn1Js8OqcEyszo5ER8GXPMjSQu .5pbKyQXJVDAw7qTUH8sfqAVUxyhpp6SFZoVTA34ZinQD5lM4yaCex7SVzd6MPX7ZtNqjStXWRjA 3gVrp5mkhLCJQf5373a.KVjzC21kcSmwG2iffGadZ6IBEad1A_03oWU6F_pohXulRE9DNDrM6VLF UKGovhVSlImQQwSuWhTh6Lmq6dCeOhbfHAQL14zpjpcAwJi9ZMM3ZyPzN3aeIwolZ64JG2Ltcnxk zTaQkylzVdKB8ucf3x8citpTKu6Nh4NX1o0ER.iTzjmOzJTtldfismsgGS8qN58xgBZi9_QfLhmq BREiYMUUbc.Beqb_JZ9e.hZST5SfMx_OaduvFd77wWJ7lj_0ahrKLBcAQ999bLD5ZK.zewlgxLkP Y0QYpw_.Df9skZxay_VhOgAiZWqBpE01nSxNR4DA.B7d0OoZL_kQW2Yne3hzqOTtSMijAx6HGMnV uRnpV_cB74ovP0roDKjwKs7VHMbUOVJ8.kdXABWnakvCEpdRzQ7QdtQFIIxrYAcuJo0h0DX2N1Yl SKQoDR.5nv5Yw8j705V4sSsa4TQy25DV8XKjZ3KDzRa2gP1k9fL5nhHWE5IUcxupy5Qia4WTKEZ6 WcZeInLwPzs4mtVXjfEUwaXxr1gF4d2nOGgNFdcU9hmRHpZEyIX9gFSxgS3hO6MsFhebz4ammkdH nTLC9xxBSsmhbt7jUEk7LXTjoqAKXW3fl1T_uQxkfrnlctFWhXYNXljJe62H8.hubANX4nChN6BD CF6hkABc2X6LT8mr0c5yjOuH5twGJIxj5xwx6aPlZDegHKLF3hp8DlheLlSlfrstu_3U7QE_8ncb yvTDN20SvcJWlyCRNoHmcX5cW02KFFlMNOA.XoSFHTIyrE5OXKsGsMfpsG2sr0R4iHmJmUD_kzzx Y3XLexSfhtTQYgc392fpmJMZmvYHu44aG22h1Dqub3.3ZbAPioptx.h.1A7x4xHbWxF0eB.gQZe3 iOjewLa1BzcuyGSDaE6jPBIRg3NQLmO6idWF_Mm8h0y4hmNYHkiOM7NQntJ1TT._NiWPcO6pcvco GW_6kSfSCv_WMG9z.Oy8RpevcEV1PWUtDyGEoNnltM66ZioWI3BhpD67MzNaFgU0RwlJn2RSjHXM dlrYGVHQlpIKAVt1kIaWiXtJf47uCyLyFYM2qbkfYPCZE7chkdX2FfVpENhZqES786vW1gBRJkwb UT_xbrRyZbtrtexASkXzRrpcIaxOafRHAE6a5AIUTisU.ymZJ0Kx.3A_nm.Q.rmA4AIpBIWnRUnP 9T_u.Sfla279vVfjU1.nTx8NkOhfLM_dsOSyck3.ugMwaa.GpwPRdLcM_FAOtNKbUtJmfWI1m.6_ UCggP9jn7dDyrtrBInYBJSWaw149dnBOoBxrbA6jR2NJpig8N8b3crUpHvpMFeeeLimbTSweEHXz 40eytbATLle5Lr4lg4BbT6OryZfNaeQA5dlTXfE2aKtexKp.BK_Mrg3ol8h307sT2YjIGNJbTVM6 ZjDbouOn5rmeP2Ow9pBCmRS2.aG3PrOGdY0DtcD.rPpaI7XM2grCMtVUYqfOy9nRBuj6OmXrvPI9 r9.4rWaDK6Y6BEMqc5of.DnNoVG13zV3FLfAmJADOdR1xcb7P7bkPcKHMY6qQaHhFSGe0nKep3Fd UTSkGH68egJUeP5g73tRe_AyNtLU.Ehkh.Pr_9RChFWr5bnB9hATgvjz_RKnpDjcPtjkXe1YLtSZ qrb6T0ULSROP0UhNH4CCR5JOEr5uRGhp2d9XH70Lt7adSWeck1nbNcP5MZCVGseJ08y4MaRjMB.H pEl_hGwogZz3JgYzELYE6HQaXsNTejvtZNsoUpxpIPZFGLvuclLZLUgmOp4UVudq0eQrQmstgZ5L csMHj8Nqt7HvG9Lg972uTdm_l238fMjwFXi7QbgefiGQ_x4hbkj9HuW3QaCxG1YvihRDvsO3ZPal vjpAZon2p21ONztpiCwJ5Qbl9wAKxfY4FbXUS_bYbZ6TsQenl6aKLVp_hEBBBS5.Ns_PbJjQXQy1 XdvLDEprDx13fijlXZgUjRqFk3s19fl6FP96nRoRdsM4ou83TCPV8G9.iyXOe8prjAnj8im3Mf7d g7Z_haPpc9jy4tEXW9B3qrAnA0SFgI4Vr0QoQlb4eBQcs2AU9oBqz2YoOf5uOwfrDuUEjJtQAaJ7 1aS6ztYb8P.3lJ4G_5jzRQzN3R.dv0vOU8wYdFPH6bgNk.fcZDG.oXFiSD8ZNcEAMF1O5szuecOz ubhWC7klruGOUByCHEOLu5G5IAmmoGqEFY5kD.bRt1sg85bDdga.09x5UsJ1iTNpUt7cRr6JeE7t jns5ufY86Upn3G5RytK7MBwPAd2Im9nGsix3wxLqywZEQEqGfPCb5Hxgs.DO16ge1BtOo6CcOYUi qzDYTQYe2PxSUDNoXui.b0OlFcohRJ8HPZMJ4tvhcrENlW7MOjMIlRHf7Rl7Soajft9fSUx_cQwE UW_tfMThJgYk0hh.nQxyatYeq_aiImolN5sKmPQHcdohBJuOvsWPmp.hfMHDDB4P5gUEBCR0D6i7 032.Tkzme5KEjw_HN0_xdtfLleGGskWHL_Kgh84qmt2aYqxl2Mvvv4hbmoPhYnQfGJQ.esw78tvz lpD6k.RyVllO3GP.9udSefpKfb0zpmihyxKkDZCiiG6Yq_WXKQ30weM6XvccpZxN6kRoACK.OJKt ZVC8ivzMNFwRI0y3_5TwaABWt3mCG4tVrFoOXskhasGd7eYB9yQ1SjJoeWE43iWU9E63fSeEIeR. GaeaLCkyYyWwajOjGiRXyrDuKsdplMdvph1UVKx18o0PpedHbTiUaTVCgesF5H70JcJ3QzoweW6U TMdzmG4Dn73nF6LC10W4GYclcCioswdpxT2nQ_Ghu4E93KC7CwO9OrC2uf8uc_LP4XPIQHhSWEER 1q.BDXXoovU5eNr7dAcnyLM9jUlVBjSQSiDmBHe_ZQs1EysOyQKG9nNpPv9ofuq5CLkPTOHkzJcV Lb4RmNeS9NacMDTLkG9nMGFRbpqSasr890GQK9pz8dMT66NXq3iMMsKuJhx_p4RxxjLlIhb7xDwg kWK5u35AstbxTHWdOj7S8o6CmRC2d6t_yGK2DCRoG28hfO0Xsr.UHRDt32PHhHmkIaBW9a41qKwp JdIk1SIhJF.P.7kwtMoLk9t.bx4c0.xG5rAUtJOnn94XD0snqDeknD5vK7YtxrnK58Is5f01Ppti FLDAFMQdGwXSmpLUGwWE1l514TxghjlILmOCZzSnXICRNZXZQ1BXVcwuHhN7Ohj6.e.4gZZozxfm _0qNrzSoOl4pqCtPbct0o1N_5gi.V7jsNTwExH1MBiTdouY8zW_NJhF5CjgbO4vNLIh72gBsosXy SbN_oJqWf5Xoa9KgKGLaLhDacKKaO_RvBVGKbzjEaC_1Smv1WGcjjfBenb4GkN20Kne4mCpTqz1R hIrpyVpVeS5LiT94.tYjEGKD1dG3QR1ZB7Rv_BD2Gmxp_pPGYQUxut9cEUs1Pitl9V.6w0wMzefb BHB.4dwr00aShdirSPJwo1z08wDKfi9lzvUC1IQ8.wHl4LW6Ek_MBo1ApzHrkhrakVdFJAkkF9yr rP7ALgOoJEePXmpg1iqXBq1VV2opUvaY.DQcZsE3d06FzKDjI1MAIVKTjrwAqCajLzhWIci0kbV6 1QZiFwXKZQvON0RnQvz14mhzaokJf0tBnH7G40wr3vR3bBWPk1BPSChm4trk0wqilJdNEO0eTSiq dHHwzCCWXV2N1mUihfIyUHZ0LQq8GcgR.9PT3rKBEu3.wh.6o0gWA6SkenGvTBWhpU.3aKrBLjCL abZkg4OZhoFTUqP6A1IiIPxx9ep3ykt8ITmBEnX0V7XC4QLPZjhxOm7m3BVZ4Ka5IgYgzKH8yuLD eaQmy2dQsU0KF X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic307.consmr.mail.ne1.yahoo.com with HTTP; Fri, 5 Feb 2021 17:16:11 +0000 Received: by smtp419.mail.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 68f140bfc5e1e85057f24de192666647; Fri, 05 Feb 2021 16:51:38 +0000 (UTC) Subject: Re: [PATCH v28 05/12] LSM: Infrastructure management of the superblock To: "Serge E. Hallyn" , =?UTF-8?Q?Micka=c3=abl_Sala=c3=bcn?= Cc: James Morris , Jann Horn , Al Viro , Andrew Morton , Andy Lutomirski , Anton Ivanov , Arnd Bergmann , Jeff Dike , Jonathan Corbet , Kees Cook , Michael Kerrisk , Richard Weinberger , Shuah Khan , Vincent Dagonneau , kernel-hardening@lists.openwall.com, linux-api@vger.kernel.org, linux-arch@vger.kernel.org, linux-doc@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-security-module@vger.kernel.org, x86@kernel.org, John Johansen , =?UTF-8?Q?Micka=c3=abl_Sala=c3=bcn?= , Stephen Smalley , Casey Schaufler References: <20210202162710.657398-1-mic@digikod.net> <20210202162710.657398-6-mic@digikod.net> <20210205141749.GB17981@mail.hallyn.com> From: Casey Schaufler Message-ID: Date: Fri, 5 Feb 2021 08:51:35 -0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.6.1 MIME-Version: 1.0 In-Reply-To: <20210205141749.GB17981@mail.hallyn.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Content-Language: en-US X-Mailer: WebService/1.1.17648 mail.backend.jedi.jws.acl:role.jedi.acl.token.atz.jws.hermes.yahoo Apache-HttpAsyncClient/4.1.4 (Java/11.0.8) Content-Length: 1622 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2/5/2021 6:17 AM, Serge E. Hallyn wrote: > On Tue, Feb 02, 2021 at 05:27:03PM +0100, Micka=C3=ABl Sala=C3=BCn wrot= e: >> From: Casey Schaufler >> >> Move management of the superblock->sb_security blob out of the >> individual security modules and into the security infrastructure. >> Instead of allocating the blobs from within the modules, the modules >> tell the infrastructure how much space is required, and the space is >> allocated there. >> >> Cc: Kees Cook >> Cc: John Johansen >> Signed-off-by: Casey Schaufler >> Signed-off-by: Micka=C3=ABl Sala=C3=BCn >> Reviewed-by: Stephen Smalley > Acked-by: Serge Hallyn > > I wonder how many out of tree modules this will impact :) There are several blobs that have already been converted to infrastructure management. Not a peep from out-of-tree module developers/maintainers. I can only speculate that OOT modules are either less common than we may think, using alternative data management models (as does eBPF) or sticking with very old kernels. It's also possible that they're suffering in silence, which would be sad because every module that's worth having should be in the tree. > Actually > if some new incoming module does an rcu callback to free the > sb_security, then the security_sb_free will need an update, but > that seems unlikely. We're already doing that for the inode blob, so it's really just a small matter of cut-n-paste and s/inode/sb/ to make that happen.