Received: by 2002:a05:7412:bbc7:b0:fc:a2b0:25d7 with SMTP id kh7csp3108109rdb; Tue, 6 Feb 2024 07:25:00 -0800 (PST) X-Google-Smtp-Source: AGHT+IEVYqgzo/n6/dx7NcVx6ZIeYms3mPtQsG0fr4EumobelUt3ydpVmfcZInh3fEwPEvEp+BGe X-Received: by 2002:a05:6a20:8f08:b0:19e:8b43:ad7a with SMTP id b8-20020a056a208f0800b0019e8b43ad7amr2217329pzk.24.1707233100637; Tue, 06 Feb 2024 07:25:00 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1707233100; cv=pass; d=google.com; s=arc-20160816; b=AXBeVxjSBJ8kQB3sOJoAYAFHZYjMNITt4KgPdjCNIXfjVg3ar++djlMlaWhy+zu+Ri g8c6+E4WdpiA4Ub8d2Ul3w8zx5lA49VquLTIXj0+W+fUf5OD+DNr+8supErEqub2M669 aD7zbyUOsRBtf8Zs6j+k6rijmt+EujFpoi9eSdHx+rWN0P0HEC5uCQL6THfCOopo+GDI BXYlEveOYxBrqcKa1s4mBU6O8e92RlxP9BcaWMFmqkWsq95C6ZXzzplf76bcclfLGRRW w12RMuK79vFxqn/DPh7R5CieqSfIfISdYWLgwNqOcEigRec1PWnW35fVPguqjzTCQG4W zUSg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:list-unsubscribe:list-subscribe :list-id:precedence:dkim-signature; bh=H7m3nN4KaHdD/C3S03al8GMlkoTP/nChFRL53bv18L8=; fh=ZSVeu1nUpkT6jlsRoRfdccdGbo+lDB8P+RJwHgNawVM=; b=IcgKVgjYcMgxPSifhBZ7shup4K5RZtKK5E6IpWELtEtAlAScLLcHjWFhML5DUBH3Zz w0uz+/quyjm+1wnE/jwq30F5DYNZhiB3Wx40vHtRxfy8jpNQe68PwhNydc0AxWNUV9QD 5bGpHZHsQWmuk0wb4SpWJQAuadfOMJrbEZYASzgNQqM70HTBCQkUIVhaRlBGzFmHTPUA ofqtyp6axU6jWnh1bzqQDkkp+xYHwKkmYEhFMIg42TwOvRCpsigdRMxeLdgllYSlI0yi KmA2jUOgUxM51a6t7gDeP9BcGzJcFMZlVcAULukCH9V8G3sCEg74IB49CFKoUGjNkVQ8 PlyA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=DwgtWICZ; arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com); spf=pass (google.com: domain of linux-kernel+bounces-55205-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-55205-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com X-Forwarded-Encrypted: i=1; AJvYcCXmoqAbghVwNx4VF8cg8n+pvsnIxA2zAOnJsSZANk698FbCHK6bOGfmwb5QEHQC5MNnXNVynpkB0/s9NnjZ3ZGsuxIfBFqinSN6BoEs/A== Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id jw28-20020a056a00929c00b006dbe1b70210si1818486pfb.176.2024.02.06.07.25.00 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Feb 2024 07:25:00 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-55205-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=DwgtWICZ; arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com); spf=pass (google.com: domain of linux-kernel+bounces-55205-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-55205-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id E425B28F893 for ; Tue, 6 Feb 2024 15:17:50 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 7BEB213A24C; Tue, 6 Feb 2024 15:11:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="DwgtWICZ" Received: from mail-oa1-f54.google.com (mail-oa1-f54.google.com [209.85.160.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2A5001350DE; Tue, 6 Feb 2024 15:11:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.160.54 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707232301; cv=none; b=jGBbQSfVcnFxH5ANmuOplpNwZGUwLr8dkNlzX01iZv8HJFnC0rIBS8KkyhAvwMy6pf27E/WHMlRPnZMi9R2XUvoptAcKHpR7aF/4w/6lkarScEE3tzzZ+xCIcq8j9M+ElGMB3G1cnRmJOrNqFNsjsCuf86T4lFoFcw/tN1wCeOU= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707232301; c=relaxed/simple; bh=kfaxoQeNpM0J7vzhMmPAFIpiSCm9y9dHMnMLrGb5m+Y=; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=Ghc5FTZV7My1n6paG1Dvavkn7+JtIAW3tgmeZ7XhgeKEtkIa9PW1NHcmbYjZshBy4XAWmNDLYhIKwaMZ4hVysKaqDK657T9y0CV+hEHodXnUU/FNYbziFui1y/NRBXji9LvoVF9P/JLLSX69bKFai1PYDimCQa7IDnUGDqkREA8= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=DwgtWICZ; arc=none smtp.client-ip=209.85.160.54 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-oa1-f54.google.com with SMTP id 586e51a60fabf-2185d368211so2878457fac.3; Tue, 06 Feb 2024 07:11:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1707232299; x=1707837099; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=H7m3nN4KaHdD/C3S03al8GMlkoTP/nChFRL53bv18L8=; b=DwgtWICZRF0WDR5aYRfPQCwqE0J579IkYjqknrPt0TWJdQj4/NRUq3Hc+xboqIWadH pHAtyqwVqVIExXMA0PSmbQA3jG+WvArafr9qni3sTyvbZ7XMeG9uG5iE6JhRxXaeyx3U l5yzIGlpsJFst1mY5OQRfFzmUB4WdimC8h3r38fHfm6U1Zj2Vc1G3Idj3dy6NJq9Zw7w p3RRlfb5TOAr6AT4QemTw4e0b38v7bBOfRuOpYLSXfMwbdrHqocDMuaRDF8CGoNiZRhi K5DoL57fpaUUydSunN/TSbYD3pbv03r/l5CskFOHIth2XHYSUTTCAmJr8i5mxxDtHqoZ VDlA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707232299; x=1707837099; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=H7m3nN4KaHdD/C3S03al8GMlkoTP/nChFRL53bv18L8=; b=ThtfG4Qd06SidGPFiA8QUFkbnmMmspusnPKXhJWbxTSG1Ls9myVPeaMvlsA8GmYC7Q AKs9N1JCd6GU9TxTSV2H15zaGh9BXfdqCZTd938k88KpeR+qHLjDCmwxM+hi5rDOoani N0Msd3kIngIw/Dhdt8KMnnrCSPXTgqDd6zqoRqAmJyi63CX8au04UfFhYk/cSEgOmKIN 6EKkMbGEwPMDAbLRwYOXpeNKMZGbFjtv3aOs4HiESgSsbsXsvNNvmvl2g6h0zDjeDA0F s4RhvT6OED8Inx0HHYGVGeyo2V8QeUM3C6SEBSgCzdhX/BtOVRxzxTNpFTYb7p+aNg0h fu3A== X-Gm-Message-State: AOJu0YwgK5WgXJkOVQb1ZbOes15SBmHsCZI/ZPQ+KKLGW43jkMIW3Ir6 QAdTd5H5sX7GKssthEpTipBEmLOBEtfEBsRSd+PstspFtZgOj1IUPGrL+vMMuy/98WHZ3HjfAH5 4889dn+PtKFC7hsNQYZMTPF5pfY0= X-Received: by 2002:a05:6871:5813:b0:219:9253:e5aa with SMTP id oj19-20020a056871581300b002199253e5aamr3318308oac.8.1707232299128; Tue, 06 Feb 2024 07:11:39 -0800 (PST) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20240205182506.3569743-1-stefanb@linux.ibm.com> <20240205182506.3569743-8-stefanb@linux.ibm.com> In-Reply-To: <20240205182506.3569743-8-stefanb@linux.ibm.com> From: Amir Goldstein Date: Tue, 6 Feb 2024 17:11:28 +0200 Message-ID: Subject: Re: [PATCH v2 7/9] fs: Rename SB_I_EVM_UNSUPPORTED to SB_I_EVM_HMAC_UNSUPPORTED To: Stefan Berger Cc: linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, linux-unionfs@vger.kernel.org, linux-kernel@vger.kernel.org, paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com, zohar@linux.ibm.com, roberto.sassu@huawei.com, brauner@kernel.org, miklos@szeredi.hu Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Mon, Feb 5, 2024 at 8:25=E2=80=AFPM Stefan Berger wrote: > > Now that EVM supports RSA signatures for previously completely > unsupported filesystems rename the flag SB_I_EVM_UNSUPPORTED to > SB_I_EVM_HMAC_UNSUPPORTED to reflect that only HMAC is not supported. > > Suggested-by: Amir Goldstein > Suggested-by: Mimi Zohar > Signed-off-by: Stefan Berger Acked-by: Amir Goldstein > --- > fs/overlayfs/super.c | 2 +- > include/linux/fs.h | 2 +- > security/integrity/evm/evm_main.c | 2 +- > 3 files changed, 3 insertions(+), 3 deletions(-) > > diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c > index 460126b7e1cd..db132d437e14 100644 > --- a/fs/overlayfs/super.c > +++ b/fs/overlayfs/super.c > @@ -1445,7 +1445,7 @@ int ovl_fill_super(struct super_block *sb, struct f= s_context *fc) > * lead to unexpected results. > */ > sb->s_iflags |=3D SB_I_NOUMASK; > - sb->s_iflags |=3D SB_I_EVM_UNSUPPORTED; > + sb->s_iflags |=3D SB_I_EVM_HMAC_UNSUPPORTED; > > err =3D -ENOMEM; > root_dentry =3D ovl_get_root(sb, ctx->upper.dentry, oe); > diff --git a/include/linux/fs.h b/include/linux/fs.h > index 1823a93202bd..37306a09b4dc 100644 > --- a/include/linux/fs.h > +++ b/include/linux/fs.h > @@ -1177,7 +1177,7 @@ extern int send_sigurg(struct fown_struct *fown); > #define SB_I_USERNS_VISIBLE 0x00000010 /* fstype already moun= ted */ > #define SB_I_IMA_UNVERIFIABLE_SIGNATURE 0x00000020 > #define SB_I_UNTRUSTED_MOUNTER 0x00000040 > -#define SB_I_EVM_UNSUPPORTED 0x00000080 > +#define SB_I_EVM_HMAC_UNSUPPORTED 0x00000080 > > #define SB_I_SKIP_SYNC 0x00000100 /* Skip superblock at global sync= */ > #define SB_I_PERSB_BDI 0x00000200 /* has a per-sb bdi */ > diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/e= vm_main.c > index c3bd88aba78c..ff659e622f4a 100644 > --- a/security/integrity/evm/evm_main.c > +++ b/security/integrity/evm/evm_main.c > @@ -155,7 +155,7 @@ static int is_unsupported_fs(struct dentry *dentry) > { > struct inode *inode =3D d_backing_inode(dentry); > > - if (inode->i_sb->s_iflags & SB_I_EVM_UNSUPPORTED) { > + if (inode->i_sb->s_iflags & SB_I_EVM_HMAC_UNSUPPORTED) { > pr_info_once("%s not supported\n", inode->i_sb->s_type->n= ame); > return 1; > } > -- > 2.43.0 >