From: Matthew Wilcox <willy@infradead.org>
To: Mimi Zohar <zohar@linux.ibm.com>
Cc: Scott Branden <scott.branden@broadcom.com>,
Luis Chamberlain <mcgrof@kernel.org>,
Wolfram Sang <wsa@kernel.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
David Brown <david.brown@linaro.org>,
Alexander Viro <viro@zeniv.linux.org.uk>,
Shuah Khan <shuah@kernel.org>,
bjorn.andersson@linaro.org,
Shuah Khan <skhan@linuxfoundation.org>,
Arnd Bergmann <arnd@arndb.de>,
"Rafael J . Wysocki" <rafael@kernel.org>,
linux-kernel@vger.kernel.org, linux-arm-msm@vger.kernel.org,
linux-fsdevel@vger.kernel.org,
BCM Kernel Feedback <bcm-kernel-feedback-list@broadcom.com>,
Olof Johansson <olof@lixom.net>,
Andrew Morton <akpm@linux-foundation.org>,
Dan Carpenter <dan.carpenter@oracle.com>,
Colin Ian King <colin.king@canonical.com>,
Kees Cook <keescook@chromium.org>, Takashi Iwai <tiwai@suse.de>,
linux-kselftest@vger.kernel.org, Andy Gross <agross@kernel.org>,
linux-integrity@vger.kernel.org,
linux-security-module@vger.kernel.org,
Christoph Hellwig <hch@infradead.org>
Subject: Re: [PATCH v7 1/8] fs: introduce kernel_pread_file* support
Date: Mon, 8 Jun 2020 06:32:49 -0700 [thread overview]
Message-ID: <20200608133249.GW19604@bombadil.infradead.org> (raw)
In-Reply-To: <1591622526.4638.71.camel@linux.ibm.com>
On Mon, Jun 08, 2020 at 09:22:06AM -0400, Mimi Zohar wrote:
> On Mon, 2020-06-08 at 06:16 -0700, Matthew Wilcox wrote:
> > On Mon, Jun 08, 2020 at 09:03:21AM -0400, Mimi Zohar wrote:
> > > With this new design of not using a private vmalloc, will the file
> > > data be accessible prior to the post security hooks? From an IMA
> > > perspective, the hooks are used for measuring and/or verifying the
> > > integrity of the file.
> >
> > File data is already accessible prior to the post security hooks.
> > Look how kernel_read_file works:
> >
> > ret = deny_write_access(file);
> > ret = security_kernel_read_file(file, id);
> > *buf = vmalloc(i_size);
> > bytes = kernel_read(file, *buf + pos, i_size - pos, &pos);
> > ret = security_kernel_post_read_file(file, *buf, i_size, id);
> >
> > kernel_read() will read the data into the page cache and then copy it
> > into the vmalloc'd buffer. There's nothing here to prevent read accesses
> > to the file.
>
> The post security hook needs to access to the file data in order to
> calculate the file hash. The question is whether prior to returning
> from kernel_read_file() the caller can access the file data.
Whether you copy the data (as today) or map it (as I'm proposing),
the data goes into the page cache. It's up to the security system to
block access to the page cache until it's been verified.
next prev parent reply other threads:[~2020-06-08 13:33 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-06 5:04 [PATCH v7 0/8] firmware: add partial read support in request_firmware_into_buf Scott Branden
2020-06-06 5:04 ` [PATCH v7 1/8] fs: introduce kernel_pread_file* support Scott Branden
2020-06-06 15:52 ` Matthew Wilcox
2020-06-08 13:03 ` Mimi Zohar
2020-06-08 13:16 ` Matthew Wilcox
2020-06-08 13:22 ` Mimi Zohar
2020-06-08 13:27 ` Mimi Zohar
2020-06-08 13:32 ` Matthew Wilcox [this message]
2020-06-08 22:29 ` Scott Branden
2020-06-09 13:21 ` Matthew Wilcox
2020-06-09 22:55 ` Scott Branden
2020-06-06 5:04 ` [PATCH v7 2/8] firmware: add offset to request_firmware_into_buf Scott Branden
2020-06-09 14:34 ` Matthew Wilcox
2020-06-06 5:04 ` [PATCH v7 3/8] test_firmware: add partial read support for request_firmware_into_buf Scott Branden
2020-06-06 5:04 ` [PATCH v7 4/8] firmware: test partial file reads of request_firmware_into_buf Scott Branden
2020-06-06 5:04 ` [PATCH v7 5/8] bcm-vk: add bcm_vk UAPI Scott Branden
2020-06-06 5:04 ` [PATCH v7 6/8] misc: bcm-vk: add Broadcom VK driver Scott Branden
2020-06-06 5:04 ` [PATCH v7 7/8] MAINTAINERS: bcm-vk: add maintainer for Broadcom VK Driver Scott Branden
2020-06-06 5:04 ` [PATCH v7 8/8] ima: add FIRMWARE_PARTIAL_READ support Scott Branden
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200608133249.GW19604@bombadil.infradead.org \
--to=willy@infradead.org \
--cc=agross@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=arnd@arndb.de \
--cc=bcm-kernel-feedback-list@broadcom.com \
--cc=bjorn.andersson@linaro.org \
--cc=colin.king@canonical.com \
--cc=dan.carpenter@oracle.com \
--cc=david.brown@linaro.org \
--cc=gregkh@linuxfoundation.org \
--cc=hch@infradead.org \
--cc=keescook@chromium.org \
--cc=linux-arm-msm@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mcgrof@kernel.org \
--cc=olof@lixom.net \
--cc=rafael@kernel.org \
--cc=scott.branden@broadcom.com \
--cc=shuah@kernel.org \
--cc=skhan@linuxfoundation.org \
--cc=tiwai@suse.de \
--cc=viro@zeniv.linux.org.uk \
--cc=wsa@kernel.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.