From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=bl3x=A7=vger.kernel.org=linux-kernel-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-5.5 required=3.0 tests=BAYES_00,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,
	USER_AGENT_SANE_2 autolearn=no autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id D4202C4727A
	for <linux-kernel@archiver.kernel.org>; Mon, 20 Jul 2020 21:42:59 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by mail.kernel.org (Postfix) with ESMTP id BB1B7208E4
	for <linux-kernel@archiver.kernel.org>; Mon, 20 Jul 2020 21:42:59 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727098AbgGTVm6 (ORCPT
        <rfc822;linux-kernel@archiver.kernel.org>);
        Mon, 20 Jul 2020 17:42:58 -0400
Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:35328 "EHLO
        mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1728236AbgGTVip (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 20 Jul 2020 17:38:45 -0400
Received: from pps.filterd (m0098399.ppops.net [127.0.0.1])
        by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 06KKWocY152958;
        Mon, 20 Jul 2020 17:38:25 -0400
Received: from pps.reinject (localhost [127.0.0.1])
        by mx0a-001b2d01.pphosted.com with ESMTP id 32d5x49up3-1
        (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
        Mon, 20 Jul 2020 17:38:25 -0400
Received: from m0098399.ppops.net (m0098399.ppops.net [127.0.0.1])
        by pps.reinject (8.16.0.36/8.16.0.36) with SMTP id 06KKl885030148;
        Mon, 20 Jul 2020 17:38:25 -0400
Received: from ppma04fra.de.ibm.com (6a.4a.5195.ip4.static.sl-reverse.com [149.81.74.106])
        by mx0a-001b2d01.pphosted.com with ESMTP id 32d5x49una-1
        (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
        Mon, 20 Jul 2020 17:38:24 -0400
Received: from pps.filterd (ppma04fra.de.ibm.com [127.0.0.1])
        by ppma04fra.de.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 06KLZBL4020699;
        Mon, 20 Jul 2020 21:38:22 GMT
Received: from b06cxnps4075.portsmouth.uk.ibm.com (d06relay12.portsmouth.uk.ibm.com [9.149.109.197])
        by ppma04fra.de.ibm.com with ESMTP id 32dbmn06yb-1
        (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
        Mon, 20 Jul 2020 21:38:22 +0000
Received: from b06wcsmtp001.portsmouth.uk.ibm.com (b06wcsmtp001.portsmouth.uk.ibm.com [9.149.105.160])
        by b06cxnps4075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 06KLcKd744040416
        (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
        Mon, 20 Jul 2020 21:38:20 GMT
Received: from b06wcsmtp001.portsmouth.uk.ibm.com (unknown [127.0.0.1])
        by IMSVA (Postfix) with ESMTP id 3D90BA4054;
        Mon, 20 Jul 2020 21:38:20 +0000 (GMT)
Received: from b06wcsmtp001.portsmouth.uk.ibm.com (unknown [127.0.0.1])
        by IMSVA (Postfix) with ESMTP id 856E2A4060;
        Mon, 20 Jul 2020 21:38:18 +0000 (GMT)
Received: from localhost.localdomain (unknown [9.85.145.253])
        by b06wcsmtp001.portsmouth.uk.ibm.com (Postfix) with ESMTP;
        Mon, 20 Jul 2020 21:38:18 +0000 (GMT)
Message-ID: <1595281097.5055.79.camel@linux.ibm.com>
Subject: Re: [PATCH v3 00/12] ima: Fix rule parsing bugs and extend
 KEXEC_CMDLINE rule support
From:   Mimi Zohar <zohar@linux.ibm.com>
To:     Tyler Hicks <tyhicks@linux.microsoft.com>,
        Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
        Sasha Levin <sashal@kernel.org>
Cc:     James Morris <jmorris@namei.org>,
        "Serge E . Hallyn" <serge@hallyn.com>,
        Lakshmi Ramasubramanian <nramas@linux.microsoft.com>,
        Prakhar Srivastava <prsriva02@gmail.com>,
        linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org,
        linux-security-module@vger.kernel.org,
        Janne Karhunen <janne.karhunen@gmail.com>,
        Eric Biederman <ebiederm@xmission.com>,
        kexec@lists.infradead.org,
        Casey Schaufler <casey@schaufler-ca.com>,
        Nayna Jain <nayna@linux.ibm.com>
Date:   Mon, 20 Jul 2020 17:38:17 -0400
In-Reply-To: <20200709061911.954326-1-tyhicks@linux.microsoft.com>
References: <20200709061911.954326-1-tyhicks@linux.microsoft.com>
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.20.5 (3.20.5-1.fc24) 
Mime-Version: 1.0
Content-Transfer-Encoding: 8bit
X-TM-AS-GCONF: 00
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235,18.0.687
 definitions=2020-07-20_09:2020-07-20,2020-07-20 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 clxscore=1015
 mlxscore=0 suspectscore=2 malwarescore=0 mlxlogscore=999
 priorityscore=1501 phishscore=0 impostorscore=0 adultscore=0 bulkscore=0
 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1
 engine=8.12.0-2006250000 definitions=main-2007200136
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

[Cc'ing Sasha]

On Thu, 2020-07-09 at 01:18 -0500, Tyler Hicks wrote:

> I envision patches 1-7 going to stable. The series is ordered in a way
> that has all the fixes up front, followed by cleanups, followed by the
> feature patch. The breakdown of patches looks like so:
> 
>  Memory leak fixes: 1-3
>  Parser strictness fixes: 4-7
>  Code cleanups made possible by the fixes: 8-11
>  Extend KEXEC_CMDLINE rule support: 12

I agree they should be backported, but they don't apply cleanly before
linux-5.6.  The changes aren't that major.  Some patch hunks apply
cleanly, but won't compile, while others patch hunks need to be
dropped based on when the feature was upstreamed.  For these reasons,
I'm not Cc'ing stable.

Feature upstreamed:
- LSM policy update: linux 5.3
- key command line: linux 5.3
- blacklist: linux 5.5
- keyrings: linux 5.6

For Linux 5.3:
- Dependency on backporting commit 483ec26eed42 ("ima: ima/lsm policy
rule loading logic bug fixes") to apply " ima: Free the entire rule if
it fails to parse".

Mimi

From mboxrd@z Thu Jan  1 00:00:00 1970
Return-path: <kexec-bounces+dwmw2=infradead.org@lists.infradead.org>
Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1])
 by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux))
 id 1jxdUc-00027M-Tn
 for kexec@lists.infradead.org; Mon, 20 Jul 2020 21:38:39 +0000
Message-ID: <1595281097.5055.79.camel@linux.ibm.com>
Subject: Re: [PATCH v3 00/12] ima: Fix rule parsing bugs and extend
 KEXEC_CMDLINE rule support
From: Mimi Zohar <zohar@linux.ibm.com>
Date: Mon, 20 Jul 2020 17:38:17 -0400
In-Reply-To: <20200709061911.954326-1-tyhicks@linux.microsoft.com>
References: <20200709061911.954326-1-tyhicks@linux.microsoft.com>
Mime-Version: 1.0
List-Id: <kexec.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/kexec>,
 <mailto:kexec-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/kexec/>
List-Post: <mailto:kexec@lists.infradead.org>
List-Help: <mailto:kexec-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/kexec>,
 <mailto:kexec-request@lists.infradead.org?subject=subscribe>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Sender: "kexec" <kexec-bounces@lists.infradead.org>
Errors-To: kexec-bounces+dwmw2=infradead.org@lists.infradead.org
To: Tyler Hicks <tyhicks@linux.microsoft.com>, Dmitry Kasatkin <dmitry.kasatkin@gmail.com>, Sasha Levin <sashal@kernel.org>
Cc: Nayna Jain <nayna@linux.ibm.com>, Janne Karhunen <janne.karhunen@gmail.com>, Prakhar Srivastava <prsriva02@gmail.com>, kexec@lists.infradead.org, James Morris <jmorris@namei.org>, linux-kernel@vger.kernel.org, Lakshmi Ramasubramanian <nramas@linux.microsoft.com>, linux-security-module@vger.kernel.org, Eric Biederman <ebiederm@xmission.com>, Casey Schaufler <casey@schaufler-ca.com>, linux-integrity@vger.kernel.org, "Serge E . Hallyn" <serge@hallyn.com>

W0NjJ2luZyBTYXNoYV0KCk9uIFRodSwgMjAyMC0wNy0wOSBhdCAwMToxOCAtMDUwMCwgVHlsZXIg
SGlja3Mgd3JvdGU6Cgo+IEkgZW52aXNpb24gcGF0Y2hlcyAxLTcgZ29pbmcgdG8gc3RhYmxlLiBU
aGUgc2VyaWVzIGlzIG9yZGVyZWQgaW4gYSB3YXkKPiB0aGF0IGhhcyBhbGwgdGhlIGZpeGVzIHVw
IGZyb250LCBmb2xsb3dlZCBieSBjbGVhbnVwcywgZm9sbG93ZWQgYnkgdGhlCj4gZmVhdHVyZSBw
YXRjaC4gVGhlIGJyZWFrZG93biBvZiBwYXRjaGVzIGxvb2tzIGxpa2Ugc286Cj4gCj4gIE1lbW9y
eSBsZWFrIGZpeGVzOiAxLTMKPiAgUGFyc2VyIHN0cmljdG5lc3MgZml4ZXM6IDQtNwo+ICBDb2Rl
IGNsZWFudXBzIG1hZGUgcG9zc2libGUgYnkgdGhlIGZpeGVzOiA4LTExCj4gIEV4dGVuZCBLRVhF
Q19DTURMSU5FIHJ1bGUgc3VwcG9ydDogMTIKCkkgYWdyZWUgdGhleSBzaG91bGQgYmUgYmFja3Bv
cnRlZCwgYnV0IHRoZXkgZG9uJ3QgYXBwbHkgY2xlYW5seSBiZWZvcmUKbGludXgtNS42LiDCoFRo
ZSBjaGFuZ2VzIGFyZW4ndCB0aGF0IG1ham9yLiDCoFNvbWUgcGF0Y2ggaHVua3MgYXBwbHkKY2xl
YW5seSwgYnV0IHdvbid0IGNvbXBpbGUsIHdoaWxlIG90aGVycyBwYXRjaCBodW5rcyBuZWVkIHRv
IGJlCmRyb3BwZWQgYmFzZWQgb24gd2hlbiB0aGUgZmVhdHVyZSB3YXMgdXBzdHJlYW1lZC4gwqBG
b3IgdGhlc2UgcmVhc29ucywKSSdtIG5vdCBDYydpbmcgc3RhYmxlLgoKRmVhdHVyZSB1cHN0cmVh
bWVkOgotIExTTSBwb2xpY3kgdXBkYXRlOiBsaW51eCA1LjMKLSBrZXkgY29tbWFuZCBsaW5lOiBs
aW51eCA1LjMKLSBibGFja2xpc3Q6IGxpbnV4IDUuNQotIGtleXJpbmdzOiBsaW51eCA1LjYKCkZv
ciBMaW51eCA1LjM6Ci3CoERlcGVuZGVuY3kgb24gYmFja3BvcnRpbmcgY29tbWl0IDQ4M2VjMjZl
ZWQ0MiAoImltYTogaW1hL2xzbSBwb2xpY3kKcnVsZSBsb2FkaW5nIGxvZ2ljIGJ1ZyBmaXhlcyIp
IHRvIGFwcGx5ICLCoGltYTogRnJlZSB0aGUgZW50aXJlIHJ1bGUgaWYKaXQgZmFpbHMgdG8gcGFy
c2UiLgoKTWltaQoKX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X18Ka2V4ZWMgbWFpbGluZyBsaXN0CmtleGVjQGxpc3RzLmluZnJhZGVhZC5vcmcKaHR0cDovL2xp
c3RzLmluZnJhZGVhZC5vcmcvbWFpbG1hbi9saXN0aW5mby9rZXhlYwo=