Re: [PATCH 0/4] Fix misused kernel_read_file() enums

From: Luis Chamberlain <mcgrof@kernel.org>
To: Hans de Goede <hdegoede@redhat.com>
Cc: Kees Cook <keescook@chromium.org>,
	James Morris <jmorris@namei.org>,
	Mimi Zohar <zohar@linux.ibm.com>,
	Scott Branden <scott.branden@broadcom.com>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	"Rafael J. Wysocki" <rafael@kernel.org>,
	Alexander Viro <viro@zeniv.linux.org.uk>,
	Jessica Yu <jeyu@kernel.org>,
	Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
	"Serge E. Hallyn" <serge@hallyn.com>,
	Casey Schaufler <casey@schaufler-ca.com>,
	"Eric W. Biederman" <ebiederm@xmission.com>,
	Peter Zijlstra <peterz@infradead.org>,
	Matthew Garrett <matthewgarrett@google.com>,
	David Howells <dhowells@redhat.com>,
	Mauro Carvalho Chehab <mchehab+huawei@kernel.org>,
	Randy Dunlap <rdunlap@infradead.org>,
	"Joel Fernandes (Google)" <joel@joelfernandes.org>,
	KP Singh <kpsingh@google.com>, Dave Olsthoorn <dave@bewaar.me>,
	Peter Jones <pjones@redhat.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	Stephen Boyd <stephen.boyd@linaro.org>,
	Paul Moore <paul@paul-moore.com>,
	linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
	linux-integrity@vger.kernel.org,
	linux-security-module@vger.kernel.org
Subject: Re: [PATCH 0/4] Fix misused kernel_read_file() enums
Date: Wed, 8 Jul 2020 11:55:17 +0000	[thread overview]
Message-ID: <20200708115517.GF4332@42.do-not-panic.com> (raw)
In-Reply-To: <f5e65f73-2c94-3614-2479-69b2bfda9775@redhat.com>

On Wed, Jul 08, 2020 at 01:37:41PM +0200, Hans de Goede wrote:
> Hi,
> 
> On 7/8/20 1:01 PM, Hans de Goede wrote:
> > Hi,
> > 
> > On 7/7/20 10:19 AM, Kees Cook wrote:
> > > Hi,
> > > 
> > > In looking for closely at the additions that got made to the
> > > kernel_read_file() enums, I noticed that FIRMWARE_PREALLOC_BUFFER
> > > and FIRMWARE_EFI_EMBEDDED were added, but they are not appropriate
> > > *kinds* of files for the LSM to reason about. They are a "how" and
> > > "where", respectively. Remove these improper aliases and refactor the
> > > code to adapt to the changes.
> > > 
> > > Additionally adds in missing calls to security_kernel_post_read_file()
> > > in the platform firmware fallback path (to match the sysfs firmware
> > > fallback path) and in module loading. I considered entirely removing
> > > security_kernel_post_read_file() hook since it is technically unused,
> > > but IMA probably wants to be able to measure EFI-stored firmware images,
> > > so I wired it up and matched it for modules, in case anyone wants to
> > > move the module signature checks out of the module core and into an LSM
> > > to avoid the current layering violations.
> > > 
> > > This touches several trees, and I suspect it would be best to go through
> > > James's LSM tree.
> > > 
> > > Thanks!
> > 
> > 
> > I've done some quick tests on this series to make sure that
> > the efi embedded-firmware support did not regress.
> > That still works fine, so this series is;
> > 
> > Tested-by: Hans de Goede <hdegoede@redhat.com>
> 
> I made a mistake during testing I was not actually running the
> kernel with the patches added.
> 
> After fixing that I did find a problem, patch 4/4:
> "module: Add hook for security_kernel_post_read_file()"
> 
> Breaks module-loading for me. This is with the 4 patches
> on top of 5.8.0-rc4, so this might just be because I'm
> not using the right base.
> 
> With patch 4/4 reverted things work fine for me.
> 
> So, please only add my Tested-by to patches 1-3.

BTW is there any testing covered by the selftests for the firmware
laoder which would have caputured this? If not can you extend
it with something to capture this case you ran into?

  Luis