Received: by 2002:a6b:fb09:0:0:0:0:0 with SMTP id h9csp2204847iog; Sun, 26 Jun 2022 09:16:47 -0700 (PDT) X-Google-Smtp-Source: AGRyM1sIfItVAJUg5q8sHIc6FWEyBcQDPcDOjomle2Yzw51jsg0C8GvuLaMLKMoDDTF5Rkl+LSXw X-Received: by 2002:a63:5615:0:b0:40d:2ff4:bc2b with SMTP id k21-20020a635615000000b0040d2ff4bc2bmr8882505pgb.154.1656260207708; Sun, 26 Jun 2022 09:16:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1656260207; cv=none; d=google.com; s=arc-20160816; b=TUzb3YFM/vC7Ms4NZzz5InRAQUotnusjbe4AlS0vEgnl2Fph3UNZsVSt4komm2BwQp cFn8QgXjEfRwiK5MXe621JmrgAdbeHnO7T/Q5pktzCHnaI5vMuQ9M2m9mhTrgUia275h qe6P0RgVnfn5CHnqQd5LnQi4qK6Jc1tho1Zjm/TUUETytHJGoedBphbGBUbC6pSvHBgC O3N/t03dZhnfFlQvNXE/pkl4crzzIy/VHkHb0oI7qa7ui5cvoRKjWRmZE6ccjNB21Ewz fn+F0fTq8ZQ699ATNMo7b8RTrsrlX8+/llxkA5vnbe6eUgPWHY+4jPXyzdI84qi9iZbY APOQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:content-transfer-encoding :references:in-reply-to:date:cc:to:from:subject:message-id :dkim-signature; bh=Vx8qhw9gsD0GT+n5MLIi+2BfObnIPd+FACJyCWPp8I8=; b=egNxRAAxwCkPgLZVj/uhcunyAb2zcKDH6UPTvj7tzNoXh31ifCmMwfPNpbtAEuj3aD Jr9IGVpy+F1YfKklYO6hXhobPD9JiZsMdvyCHsmOkjO5+SFbN1r+//w36MOAvxUMHCo/ zyRYdjkgCy1ZPzEbTdU4YrXY2HY7BT5Bf8JTXJ3aDr3LfYWIH6bVp+o/lhs32zJ5xwy8 7QxJurfpFNnxPjM0PSiqVaiQRXoA0xTXFRFJvB32izcG4u2lygwR+2iPsArCIirl3PG1 RuJ0fvpUHApkQIKFZ87+1ywXZQQtoKVH1FvEzo9RIKmKmrylUmoFj9pGO4Gri86EVqQf Bfdw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=a1+0w5V9; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id i192-20020a636dc9000000b0040224628c1asi9891352pgc.535.2022.06.26.09.16.34; Sun, 26 Jun 2022 09:16:47 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=a1+0w5V9; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231266AbiFZPsz (ORCPT + 99 others); Sun, 26 Jun 2022 11:48:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56810 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229468AbiFZPsx (ORCPT ); Sun, 26 Jun 2022 11:48:53 -0400 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0D956BC0E; Sun, 26 Jun 2022 08:48:52 -0700 (PDT) Received: from pps.filterd (m0098399.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 25QEC3hk026475; Sun, 26 Jun 2022 15:48:17 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=message-id : subject : from : to : cc : date : in-reply-to : references : content-type : content-transfer-encoding : mime-version; s=pp1; bh=Vx8qhw9gsD0GT+n5MLIi+2BfObnIPd+FACJyCWPp8I8=; b=a1+0w5V9zR4fLwolFFcdgiYDd9Z0TtUsQm43h6ECifBvltnDtebBIT74AiGh/hV8cI9s xmAQQRRJvkrnXzWr9BmuRdKgmf6quhX+c4Xwtxy2PNLTw9yHax1iwKVJYlJDB0hV7D+z U77yZiNCQKeCLF6jkr1Rn0wQLWbVR6IpO3SPGolpog30oQfs14cGd0RpJv8mcE7jrHsD gaqjXphF1jwO4d4OzrefKH2MDlvtb075DKJZ6ZI3elO8wW1eGkSZQg9IUzEYDNLu0Y0O YdEVAsWKg9ahk/obUuQ5nnz8yCXrIMcL+tHfVVsRRfQVMkthfR6LI1X9vHrvbuvJxjSj Yg== Received: from ppma06ams.nl.ibm.com (66.31.33a9.ip4.static.sl-reverse.com [169.51.49.102]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3gxs0hs6vy-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 26 Jun 2022 15:48:17 +0000 Received: from pps.filterd (ppma06ams.nl.ibm.com [127.0.0.1]) by ppma06ams.nl.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 25QFlSel001778; Sun, 26 Jun 2022 15:48:14 GMT Received: from b06cxnps3074.portsmouth.uk.ibm.com (d06relay09.portsmouth.uk.ibm.com [9.149.109.194]) by ppma06ams.nl.ibm.com with ESMTP id 3gwsmj1qn0-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 26 Jun 2022 15:48:14 +0000 Received: from d06av25.portsmouth.uk.ibm.com (d06av25.portsmouth.uk.ibm.com [9.149.105.61]) by b06cxnps3074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 25QFmBZt14221784 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Sun, 26 Jun 2022 15:48:11 GMT Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 8A40C11C050; Sun, 26 Jun 2022 15:48:11 +0000 (GMT) Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id DDA1811C04A; Sun, 26 Jun 2022 15:48:07 +0000 (GMT) Received: from li-f45666cc-3089-11b2-a85c-c57d1a57929f.ibm.com (unknown [9.211.95.64]) by d06av25.portsmouth.uk.ibm.com (Postfix) with ESMTP; Sun, 26 Jun 2022 15:48:07 +0000 (GMT) Message-ID: <54af4a92356090d88639531413ea8cb46837bd18.camel@linux.ibm.com> Subject: Re: [RFC PATCH v2 2/3] fs: define a firmware security filesystem named fwsecurityfs From: Mimi Zohar To: James Bottomley , Greg Kroah-Hartman , Nayna Jain Cc: linuxppc-dev@lists.ozlabs.org, linux-fsdevel@vger.kernel.org, linux-efi@vger.kernel.org, linux-security-module , linux-kernel@vger.kernel.org, Michael Ellerman , Dov Murik , George Wilson , gjoyce@ibm.com, Matthew Garrett , Dave Hansen , Benjamin Herrenschmidt , Paul Mackerras Date: Sun, 26 Jun 2022 11:48:06 -0400 In-Reply-To: <41ca51e8db9907d9060cc38adb59a66dcae4c59b.camel@HansenPartnership.com> References: <20220622215648.96723-1-nayna@linux.ibm.com> <20220622215648.96723-3-nayna@linux.ibm.com> <41ca51e8db9907d9060cc38adb59a66dcae4c59b.camel@HansenPartnership.com> Content-Type: text/plain; charset="ISO-8859-15" X-Mailer: Evolution 3.28.5 (3.28.5-18.el8) X-TM-AS-GCONF: 00 X-Proofpoint-GUID: 9AuopBc9nCHv2PWc6MREZAyjLibJAqd- X-Proofpoint-ORIG-GUID: 9AuopBc9nCHv2PWc6MREZAyjLibJAqd- Content-Transfer-Encoding: 7bit X-Proofpoint-UnRewURL: 0 URL was un-rewritten MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.883,Hydra:6.0.517,FMLib:17.11.122.1 definitions=2022-06-26_03,2022-06-24_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1011 malwarescore=0 mlxscore=0 mlxlogscore=999 spamscore=0 lowpriorityscore=0 suspectscore=0 bulkscore=0 impostorscore=0 phishscore=0 adultscore=0 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2204290000 definitions=main-2206260064 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 2022-06-23 at 09:23 -0400, James Bottomley wrote: > On Thu, 2022-06-23 at 10:54 +0200, Greg Kroah-Hartman wrote: > [...] > > > diff --git a/fs/fwsecurityfs/inode.c b/fs/fwsecurityfs/inode.c > > > new file mode 100644 > > > index 000000000000..5d06dc0de059 > > > --- /dev/null > > > +++ b/fs/fwsecurityfs/inode.c > > > @@ -0,0 +1,159 @@ > > > +// SPDX-License-Identifier: GPL-2.0-only > > > +/* > > > + * Copyright (C) 2022 IBM Corporation > > > + * Author: Nayna Jain > > > + */ > > > + > > > +#include > > > +#include > > > +#include > > > +#include > > > +#include > > > +#include > > > +#include > > > +#include > > > +#include > > > +#include > > > +#include > > > +#include > > > +#include > > > + > > > +#include "internal.h" > > > + > > > +int fwsecurityfs_remove_file(struct dentry *dentry) > > > +{ > > > + drop_nlink(d_inode(dentry)); > > > + dput(dentry); > > > + return 0; > > > +}; > > > +EXPORT_SYMBOL_GPL(fwsecurityfs_remove_file); > > > + > > > +int fwsecurityfs_create_file(const char *name, umode_t mode, > > > + u16 filesize, struct dentry > > > *parent, > > > + struct dentry *dentry, > > > + const struct file_operations > > > *fops) > > > +{ > > > + struct inode *inode; > > > + int error; > > > + struct inode *dir; > > > + > > > + if (!parent) > > > + return -EINVAL; > > > + > > > + dir = d_inode(parent); > > > + pr_debug("securityfs: creating file '%s'\n", name); > > > > Did you forget to call simple_pin_fs() here or anywhere else? > > > > And this can be just one function with the directory creation file, > > just check the mode and you will be fine. Look at securityfs as an > > example of how to make this simpler. > > Actually, before you go down this route can you consider the namespace > ramifications. In fact we're just having to rework securityfs to pull > out all the simple_pin_... calls because simple_pin_... is completely > inimical to namespaces. > > The first thing to consider is if you simply use securityfs you'll > inherit all the simple_pin_... removal work and be namespace ready. It > could be that creating a new filesystem that can't be namespaced is the > right thing to do here, but at least ask the question: would we ever > want any of these files to be presented selectively inside containers? > If the answer is "yes" then simple_pin_... is the wrong interface. Greg, the securityfs changes James is referring to are part of the IMA namespacing patch set: https://lore.kernel.org/linux-integrity/20220420140633.753772-1-stefanb@linux.ibm.com/ I'd really appreciate your reviewing the first two patches: [PATCH v12 01/26] securityfs: rework dentry creation [PATCH v12 02/26] securityfs: Extend securityfs with namespacing support thanks, Mimi