Received: by 2002:ab2:6857:0:b0:1ef:ffd0:ce49 with SMTP id l23csp55016lqp; Wed, 20 Mar 2024 13:31:29 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCWAm9O1QLHJBGtdDPnWViKfVkmHkwT8lMKp3upva/vvYU944IrWNNIirZ2te2W9gwujGSQK1rIiY3YpOtA7dvKF1EjEEHKZ26G4dG4gkw== X-Google-Smtp-Source: AGHT+IFmsRFe+RFd6m9mCxOKXLPvpbHynlZynecfSfZVDeYvz8pOZmAZO05GMn6ksO88UacGERhY X-Received: by 2002:a17:902:c409:b0:1dd:a285:b428 with SMTP id k9-20020a170902c40900b001dda285b428mr8753305plk.42.1710966689397; Wed, 20 Mar 2024 13:31:29 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1710966689; cv=pass; d=google.com; s=arc-20160816; b=kTltU4BoJNwl1SYVl6te5e1BJmPD/r7q1QicojGjYUxAJLQ5CemC6eeZ1jVk5MqXmF cDrvJVtRsPZj+YBSgHN3y+VJzJHGQJBGilAaBuD/8DiRVX71GzoJaknbLsELEthQs5nE wfYlsAqenO+fG8pCmSK6yClw8kPoZEVq7CFO8OcYpnPSUicb8hkxZykUmKApz37s8RYj nNjV4k7+PMBD4CsaleiB0Ne8hBRCrziuRGtqDo+MFmTzFFgww75AizjNvY3an+GvXjHf nL3Ep9cm4PZt2DP3YpUXldtwWwwtzBHt4N9Mp0Hw5VNmbhWyThqAuPm1ukiM1bF3jfQq +8vw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:date:message-id:dkim-signature :dkim-filter; bh=LjNajcTf5mT64oJtdPlWYXohXjlD7KHbVX6iVtTNaxM=; fh=zzo+5s034HVjH+j1etgptqMEiv/1IGX1UIwhaODpUB8=; b=mgBE4JA5bIj5VcTme25EfakwjlAbRKDUT15KlLaMiwTl6LO1812ASUltjjRo7aYJBp CiV9NuYOndP2PkbbU8v+99Otk9NwMwhhv//HhXyIuDblmDyiX4OVjUqw5oxOiYPQMKMG 58pHJje95lXWCcP0OGVBi+bQ9XXhBGwHJftWHKJ1cFxRR4XQatiQwd/DRtucogzC7azn YjJrZtxabvJGR1wcuKcgjTx7oljEjStXB9ut7+EPgIB6sJXBufK6njwsuAGoQ1ra3ctO nOc0AqkqWPHeAcmoosH1Fd9aNPOAyT5FvWPsc0537zcIJSadmS5y754Std1A6o5qvrUU RIIw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=eJR6sbSR; arc=pass (i=1 spf=pass spfdomain=linux.microsoft.com dkim=pass dkdomain=linux.microsoft.com dmarc=pass fromdomain=linux.microsoft.com); spf=pass (google.com: domain of linux-kernel+bounces-109399-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-109399-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id r11-20020a170903410b00b001dd117b7b35si13208601pld.612.2024.03.20.13.31.29 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 20 Mar 2024 13:31:29 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-109399-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=eJR6sbSR; arc=pass (i=1 spf=pass spfdomain=linux.microsoft.com dkim=pass dkdomain=linux.microsoft.com dmarc=pass fromdomain=linux.microsoft.com); spf=pass (google.com: domain of linux-kernel+bounces-109399-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-109399-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 0D538283265 for ; Wed, 20 Mar 2024 20:31:27 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 771A185C52; Wed, 20 Mar 2024 20:31:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="eJR6sbSR" Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 3673B1B7F5; Wed, 20 Mar 2024 20:31:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=13.77.154.182 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710966668; cv=none; b=ntTHjbstj7TqGtgJZBpKW4Gpa4iJgDUw0NILCb6BWSxva7cuYba3T96zf2JJGYPAOGa2quL59a4+jU6XDvHK5FvJ62H8WsceP6L9sVY7zSot96sxKYyYTpCc66YjYxmh8hKjDMAPGALXLAAdHQZjWb8N+DLQyvTFyBK3ChqOafA= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710966668; c=relaxed/simple; bh=ftELp+AQpN+pT8FlMdTcA2etrhKsXPl9MtAA44puBeI=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: In-Reply-To:Content-Type; b=ijefk5s138sULWnYRdKFBJPfsky3ggqrF5mLjv+rdtxpIQqBEQ++OTUaBQUo0NNdZgYO9x45uMoPQqGzHN8+mwA+JUESfiUGBLWOOJCuirFPh7Igjpu12A6rpm6Twt7AEFA18sx0Jpx5BAwpVVck4A3MyT9/QYzwx/Lg5w5/ufg= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com; spf=pass smtp.mailfrom=linux.microsoft.com; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b=eJR6sbSR; arc=none smtp.client-ip=13.77.154.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.microsoft.com Received: from [10.137.106.151] (unknown [167.220.2.23]) by linux.microsoft.com (Postfix) with ESMTPSA id 8A6A720B74C3; Wed, 20 Mar 2024 13:31:06 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 8A6A720B74C3 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1710966666; bh=LjNajcTf5mT64oJtdPlWYXohXjlD7KHbVX6iVtTNaxM=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=eJR6sbSRnr7jKg1NOAoDHQjhMsLt2lbwNoUurE8453RHuwOP/lav2yod0rrGbe9p7 245ClYUHJ3mecsRXR37rNvTVNg31oEz2ju7BzIZHeIZvg4e6hxTcCVU/+vwVA50149 LDRtRn74I/Tmd9JYCYNcR6ERNpSTh8T0MVBo+5G8= Message-ID: Date: Wed, 20 Mar 2024 13:31:06 -0700 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH RFC v15 12/21] security: add security_bdev_setintegrity() hook Content-Language: en-CA To: Jarkko Sakkinen , Paul Moore , corbet@lwn.net, zohar@linux.ibm.com, jmorris@namei.org, serge@hallyn.com, tytso@mit.edu, ebiggers@kernel.org, axboe@kernel.dk, agk@redhat.com, snitzer@kernel.org, eparis@redhat.com Cc: linux-doc@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, fsverity@lists.linux.dev, linux-block@vger.kernel.org, dm-devel@lists.linux.dev, audit@vger.kernel.org, linux-kernel@vger.kernel.org References: <1710560151-28904-13-git-send-email-wufan@linux.microsoft.com> From: Fan Wu In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit On 3/20/2024 1:31 AM, Jarkko Sakkinen wrote: > On Wed Mar 20, 2024 at 10:28 AM EET, Jarkko Sakkinen wrote: >> On Wed Mar 20, 2024 at 1:00 AM EET, Paul Moore wrote: >>> On Mar 15, 2024 Fan Wu wrote: >>>> >>>> This patch introduces a new hook to save block device's integrity >>>> data. For example, for dm-verity, LSMs can use this hook to save >>>> the roothash signature of a dm-verity into the security blob, >>>> and LSMs can make access decisions based on the data inside >>>> the signature, like the signer certificate. >>>> >>>> Signed-off-by: Fan Wu >>>> >>>> -- >>>> v1-v14: >>>> + Not present >>>> >>>> v15: >>>> + Introduced >>>> >>>> --- >>>> include/linux/lsm_hook_defs.h | 2 ++ >>>> include/linux/security.h | 14 ++++++++++++++ >>>> security/security.c | 28 ++++++++++++++++++++++++++++ >>>> 3 files changed, 44 insertions(+) >>> >>> I'm not sure why you made this a separate patch, help? If there is >>> no significant reason why this is separate, please squash it together >>> with patch 11/21. >> >> Off-topic: it is weird to have *RFC* patch set at v15. >> >> RFC by de-facto is something that can be safely ignored if you don't >> have bandwidth. 15 versions of anything that can be safely ignored >> is by definition spamming :-) I mean just conceptually. >> >> So does the RFC still hold or what the heck is going on with this one? >> >> Haven't followed for some time now... > > I mean if this RFC trend continues I'll just put auto-filter for this > thread to put straight to the bin. There's enough non-RFC patch sets > to review. > > BR, Jarkko Sorry about the confusion with the RFC tag – I wasn't fully aware of its conventional meaning and how it's perceived in terms of importance and urgency. Point taken, and I'll make sure to remove the RFC tag for future submissions. Definitely not my intention to clog up the workflow or seem like I'm spamming. -Fan