Received: by 2002:ab2:6816:0:b0:1f9:5764:f03e with SMTP id t22csp1670775lqo; Sat, 18 May 2024 13:47:25 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCX4GnrILSxtxpe5gojH/grWXd2Q/ty8dNVAbj8AamKWPd5E2LSI4PwxuP8VhIsYdAQUo+weZXLFlVEXKITo4HnpwsDOqutPrciFaXfMFA== X-Google-Smtp-Source: AGHT+IHmjlkvQvspa0Abl1OwRrnnFJJyLNs90bOljI+nXaJMb44warhiTnNbrEhS2XbI3v/S2wEf X-Received: by 2002:a05:6358:7e52:b0:192:2e43:9285 with SMTP id e5c5f4694b2df-193bb519e86mr2845838355d.13.1716065245407; Sat, 18 May 2024 13:47:25 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1716065245; cv=pass; d=google.com; s=arc-20160816; b=BI+nolDyKD4d2YKCsR/DEdzkC8G3Qvva5Sejejdnsj/GyjsdZXFFcvVAUb/f3xRsmt 2rOYhz7+Po17FzNftEaZHeP2iRC8PkxKO1nAGr8KLY/HEkTXMJxnH3Sv2qnHodMfVhqp M5LRYzkkQ0DPuycT3Jxm85wGoEM/J+fuEyPVAWnTjBDuhHPccnfoeEjyu8tBBboTN180 Ucq4yrZLftq74vypL+6hLTfTO/+WU2Sqm25+JH99lCNsF+nHW+z7cYqjVyDkCCycTyiZ dydin3Kx9rzeRtwvOB2F1l1mXP9lfUjqdcMy+5bwm2Q3d/VDjLLICU2bcDsB2RB59MVg G6hA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=dovlYWU9/q7musU7eTyJn+RHgfUBDCCZTTuGpTV+/mk=; fh=6ENbpwFrVJH17ZkAJThsCPtWNZyNzkZoxLTJ/xiosNQ=; b=Vwxp1WG8cDTa4g9+o3e4hu4iR+0XeCd4BS7BEUtv+zowGlvqdo7AN3cYng9arIahgP YDoT6oYNU/nzyfW/UbZYSUf2vW1C0ok0XruokWpiMNiIGcsFhW9NJ+Q67NnYtanM1yE9 pq1HYjeGAOSWxuY6VEMi803048Brrxih147mSIv/GITOerPa4upVF/8GmtIHgwT4foKs gDkV2iZKc4hXv/GMhk/R21JUVomqfoLydxYr8MfAKdRWtNx9Lvx+fgq0NEOlbQaTEO24 oiHXpR7hniOgLUZRZK0+kEY8Gx2aQOXOnTHC63BOtrk2cmN1UCZMu6Cw1LMdrdkcLu3B Z48w==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=STTZJUTP; arc=pass (i=1 spf=pass spfdomain=chromium.org dkim=pass dkdomain=chromium.org dmarc=pass fromdomain=chromium.org); spf=pass (google.com: domain of linux-kernel+bounces-182965-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-182965-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id 41be03b00d2f7-65c5a29f820si4435866a12.505.2024.05.18.13.47.25 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 18 May 2024 13:47:25 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-182965-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=STTZJUTP; arc=pass (i=1 spf=pass spfdomain=chromium.org dkim=pass dkdomain=chromium.org dmarc=pass fromdomain=chromium.org); spf=pass (google.com: domain of linux-kernel+bounces-182965-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-182965-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 5FE07281FBB for ; Sat, 18 May 2024 20:47:24 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 839A36A33F; Sat, 18 May 2024 20:47:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="STTZJUTP" Received: from mail-pl1-f169.google.com (mail-pl1-f169.google.com [209.85.214.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 892FA3FB88 for ; Sat, 18 May 2024 20:47:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.169 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716065239; cv=none; b=Z9A8jv7NGa8XWL9VNwGodE3A8OxK3Ym7u1TkM44OC1AMU9gzvapwdaG4zsQzek645DHlhAjZ/8QZ7xyCUSYHS2WC67HpJFk4gn0mWTjQMiFtolMSEBq2exRInoBn55uFeTcIUAJfaiUwVdXrrVqO0CfkWAsr5rw1bHGB7Z7QZlA= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716065239; c=relaxed/simple; bh=rznDBSToB52+bJsEeKmwW3jC08WdGdMMMEqdHJrwhgs=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=ftahRtCJ/dlb8c3VsQMva3U2GgaL9IdYkGkGcwTubt7Ch+KZi+1VXsoCD6pQn81uUiZHo329C3WQNXqaKlo5L8GH3UadcTe6QDqD2OLaj9Mb8fLfWcSL7b7LI/SFZIEUwQWhfZBqxA+abvlDRVCwSU94jNBJ86SphzEPGLCubBI= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=STTZJUTP; arc=none smtp.client-ip=209.85.214.169 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Received: by mail-pl1-f169.google.com with SMTP id d9443c01a7336-1f05b669b6cso40616435ad.3 for ; Sat, 18 May 2024 13:47:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1716065237; x=1716670037; darn=vger.kernel.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=dovlYWU9/q7musU7eTyJn+RHgfUBDCCZTTuGpTV+/mk=; b=STTZJUTP6PCP7mAIICbVQXC303mAScYr8CA3W3+hlDviHwwlNZwB2m2GfVMb7pAC6Z trcNs6/KJsZNmDWGeKj0N23u+pXu98EXmJ8zEjBltLhRfh/2Jg6mksZGE29K1ckVTk04 mdhHaSynW7bb37VzDegtGBsP1fcQHlMbOeqLk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1716065237; x=1716670037; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=dovlYWU9/q7musU7eTyJn+RHgfUBDCCZTTuGpTV+/mk=; b=TNNFQOU+9trNSJFMLbOsWleZ8yk8JpeDcfJBpU+1dMQdaXK4ACP810Y/lc+mxU1peN WYat0Hd59GhrNmQXPCT0hOlVZsp10ANJRiE4TOOQO9mdqui2OrUweBE9ENWezdpNefwx rf48rBC9gYV2dK/GjrLB9F3WEpQhqmjc583ScYpNU1Goy2LMNjYGmR5xRW+ILuC+oS86 XCytTHfnO6Yxam1olfMmkCaj7Ebb8A2974S+7IOqKFkarURYnk+aOn637B/wgbfwaSRa 9MRLP+zLlvLa+/+2S460p6+pmo/aqxh0E0W5F2dZDxNH69Oe6FNjulqSDCErS6FGzCbG SBbQ== X-Forwarded-Encrypted: i=1; AJvYcCVsexZMLQBUzWzsDCGNnJLGMajWQVH/uKEfbrAD8C7nQk0kbfP1ubhOQENmDNeOodMFKCppgDlMpKZorpraHeINlDM+mKAbFn+vFuXx X-Gm-Message-State: AOJu0YxlX2gUhxdLOFhwtfqa8ow0jf5egx0pLxDBwCvMxbnYwwuqQLeJ NM6LYkTU2ifhDBU0iz4qkDOEPnTOAg+tFSEUMO41eNUqQ5o2MaZ73wLrgrQk5w== X-Received: by 2002:a05:6a00:1a8f:b0:6ed:caf6:6e4b with SMTP id d2e1a72fcca58-6f4e02d3473mr27469433b3a.18.1716065236358; Sat, 18 May 2024 13:47:16 -0700 (PDT) Received: from www.outflux.net ([198.0.35.241]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-6f6704888c1sm7725286b3a.157.2024.05.18.13.47.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 18 May 2024 13:47:15 -0700 (PDT) Date: Sat, 18 May 2024 13:47:14 -0700 From: Kees Cook To: Stephen Boyd Cc: Paul Moore , James Morris , "Serge E . Hallyn" , linux-kernel@vger.kernel.org, patches@lists.linux.dev, linux-security-module@vger.kernel.org, Dmitry Torokhov , Douglas Anderson Subject: Re: [PATCH] loadpin: Prevent SECURITY_LOADPIN_ENFORCE=y without module decompression Message-ID: <202405181346.901048F98@keescook> References: <20240514224839.2526112-1-swboyd@chromium.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20240514224839.2526112-1-swboyd@chromium.org> On Tue, May 14, 2024 at 03:48:38PM -0700, Stephen Boyd wrote: > If modules are built compressed, and LoadPin is enforcing by default, we > must have in-kernel module decompression enabled (MODULE_DECOMPRESS). > Modules will fail to load without decompression built into the kernel > because they'll be blocked by LoadPin. Add a depends on clause to > prevent this combination. > > Cc: Dmitry Torokhov > Cc: Douglas Anderson > Signed-off-by: Stephen Boyd > --- > security/loadpin/Kconfig | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/security/loadpin/Kconfig b/security/loadpin/Kconfig > index 6724eaba3d36..8c22171088a7 100644 > --- a/security/loadpin/Kconfig > +++ b/security/loadpin/Kconfig > @@ -14,6 +14,9 @@ config SECURITY_LOADPIN > config SECURITY_LOADPIN_ENFORCE > bool "Enforce LoadPin at boot" > depends on SECURITY_LOADPIN > + # Module compression breaks LoadPin unless modules are decompressed in > + # the kernel. > + depends on MODULE_COMPRESS_NONE || MODULE_DECOMPRESS > help > If selected, LoadPin will enforce pinning at boot. If not > selected, it can be enabled at boot with the kernel parameter > I've folded this change in, since loadpin also works in non-module situations: diff --git a/security/loadpin/Kconfig b/security/loadpin/Kconfig index 8c22171088a7..848f8b4a6019 100644 --- a/security/loadpin/Kconfig +++ b/security/loadpin/Kconfig @@ -16,7 +16,7 @@ config SECURITY_LOADPIN_ENFORCE depends on SECURITY_LOADPIN # Module compression breaks LoadPin unless modules are decompressed in # the kernel. - depends on MODULE_COMPRESS_NONE || MODULE_DECOMPRESS + depends on !MODULES || (MODULE_COMPRESS_NONE || MODULE_DECOMPRESS) help If selected, LoadPin will enforce pinning at boot. If not selected, it can be enabled at boot with the kernel parameter -- Kees Cook