From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-yb1-f175.google.com ([209.85.219.175]:46917 "EHLO mail-yb1-f175.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725903AbeIWIj1 (ORCPT ); Sun, 23 Sep 2018 04:39:27 -0400 Received: by mail-yb1-f175.google.com with SMTP id y20-v6so6991095ybi.13 for ; Sat, 22 Sep 2018 19:43:39 -0700 (PDT) Received: from mail-yb1-f179.google.com (mail-yb1-f179.google.com. [209.85.219.179]) by smtp.gmail.com with ESMTPSA id a184-v6sm2425974ywc.16.2018.09.22.19.43.37 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 22 Sep 2018 19:43:38 -0700 (PDT) Received: by mail-yb1-f179.google.com with SMTP id 5-v6so7012758ybf.3 for ; Sat, 22 Sep 2018 19:43:37 -0700 (PDT) MIME-Version: 1.0 In-Reply-To: <680e6e16-0890-8304-0e8e-6c58966813b5@schaufler-ca.com> References: <680e6e16-0890-8304-0e8e-6c58966813b5@schaufler-ca.com> From: Kees Cook Date: Sat, 22 Sep 2018 19:43:36 -0700 Message-ID: Subject: Re: [PATCH v4 00/19] LSM: Module stacking for SARA and Landlock To: Casey Schaufler Cc: LSM , James Morris , SE Linux , LKLM , John Johansen , Tetsuo Handa , Paul Moore , Stephen Smalley , "linux-fsdevel@vger.kernel.org" , Alexey Dobriyan , =?UTF-8?B?TWlja2HDq2wgU2FsYcO8bg==?= , Salvatore Mesoraca Content-Type: text/plain; charset="UTF-8" Sender: linux-fsdevel-owner@vger.kernel.org List-ID: On Sat, Sep 22, 2018 at 9:38 AM, Casey Schaufler wrote: > On 9/21/2018 8:02 PM, Kees Cook wrote: >> On Fri, Sep 21, 2018 at 4:59 PM, Casey Schaufler wrote: >>> v4: Finer granularity in the patches and other >>> cleanups suggested by Kees Cook. >>> Removed dead code created by the removal of SELinux >>> credential blob poisoning. >> Thanks for the splitting, this really does make it easier to review >> (at least for me). I think this looks really good, though obviously >> I'd like to refactor it slightly on top of my series. :) > > Whichever goes on top is fine with me. What's one > more patch set merge, after all? > >> One additional thought I had was about the blobs allocations: some are >> separate kmem caches, and some are kmalloc. I'm thinking it might make >> sense to use separate kmem caches for two reasons: > > I had seriously considered doing that. I can't see any reason > not to. It's something that could be done at any time, and with > all the other things that had to change it just didn't get in. Yup; that is an easy future change. Not needed now! > >> - they're going to always be the same size and are regularly >> allocated/freed, so it may offer a performance benefit. >> >> - they're explicitly not supposed to be exposed to userspace, so >> hardened usercopy would protect them if they were not kmalloc()ed. >> >> I'm excited about getting this landed! > > Soon. Real soon. I hope. I would very much like for > someone from the SELinux camp to chime in, especially on > the selinux_is_enabled() removal. Agreed. > On a somewhat related note, I will be out for the first three > weeks of October, returning just in time for the Linux Security > Summit in Edinburgh. My connectivity will be severely limited. > I don't expect to accomplish anything while I'm out. If you're okay with it, I can help with changes while you're out -- I want to try to rebase it on my tree and see how it looks anyway. :) -Kees -- Kees Cook Pixel Security