From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.3 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_SANE_2 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 188FAC433E0 for ; Mon, 18 May 2020 12:38:54 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 0055D2067D for ; Mon, 18 May 2020 12:38:53 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726999AbgERMix (ORCPT ); Mon, 18 May 2020 08:38:53 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:22500 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726739AbgERMiw (ORCPT ); Mon, 18 May 2020 08:38:52 -0400 Received: from pps.filterd (m0098393.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 04ICX7lY088693; Mon, 18 May 2020 08:37:52 -0400 Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 31292e4yye-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 18 May 2020 08:37:51 -0400 Received: from m0098393.ppops.net (m0098393.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.36/8.16.0.36) with SMTP id 04ICYhbj094964; Mon, 18 May 2020 08:37:51 -0400 Received: from ppma03fra.de.ibm.com (6b.4a.5195.ip4.static.sl-reverse.com [149.81.74.107]) by mx0a-001b2d01.pphosted.com with ESMTP id 31292e4yx8-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 18 May 2020 08:37:50 -0400 Received: from pps.filterd (ppma03fra.de.ibm.com [127.0.0.1]) by ppma03fra.de.ibm.com (8.16.0.27/8.16.0.27) with SMTP id 04ICa50C017752; Mon, 18 May 2020 12:37:48 GMT Received: from b06cxnps3074.portsmouth.uk.ibm.com (d06relay09.portsmouth.uk.ibm.com [9.149.109.194]) by ppma03fra.de.ibm.com with ESMTP id 3127t5hnhx-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 18 May 2020 12:37:48 +0000 Received: from d06av22.portsmouth.uk.ibm.com (d06av22.portsmouth.uk.ibm.com [9.149.105.58]) by b06cxnps3074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 04ICbjrD24838244 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 18 May 2020 12:37:45 GMT Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 6BD284C059; Mon, 18 May 2020 12:37:45 +0000 (GMT) Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 9F7144C04E; Mon, 18 May 2020 12:37:42 +0000 (GMT) Received: from localhost.localdomain (unknown [9.85.145.145]) by d06av22.portsmouth.uk.ibm.com (Postfix) with ESMTP; Mon, 18 May 2020 12:37:42 +0000 (GMT) Message-ID: <1589805462.5111.107.camel@linux.ibm.com> Subject: Re: [PATCH 0/3] fs: reduce export usage of kerne_read*() calls From: Mimi Zohar To: Christoph Hellwig , Luis Chamberlain Cc: viro@zeniv.linux.org.uk, gregkh@linuxfoundation.org, rafael@kernel.org, ebiederm@xmission.com, jeyu@kernel.org, jmorris@namei.org, keescook@chromium.org, paul@paul-moore.com, stephen.smalley.work@gmail.com, eparis@parisplace.org, nayna@linux.ibm.com, scott.branden@broadcom.com, dan.carpenter@oracle.com, skhan@linuxfoundation.org, geert@linux-m68k.org, tglx@linutronix.de, bauerman@linux.ibm.com, dhowells@redhat.com, linux-integrity@vger.kernel.org, linux-fsdevel@vger.kernel.org, kexec@lists.infradead.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, linux-kernel@vger.kernel.org Date: Mon, 18 May 2020 08:37:42 -0400 In-Reply-To: <20200518062255.GB15641@infradead.org> References: <20200513152108.25669-1-mcgrof@kernel.org> <20200513181736.GA24342@infradead.org> <20200515212933.GD11244@42.do-not-panic.com> <20200518062255.GB15641@infradead.org> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.20.5 (3.20.5-1.fc24) Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.216,18.0.676 definitions=2020-05-18_05:2020-05-15,2020-05-18 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 clxscore=1011 lowpriorityscore=0 adultscore=0 impostorscore=0 bulkscore=0 priorityscore=1501 mlxlogscore=999 mlxscore=0 suspectscore=0 spamscore=0 malwarescore=0 cotscore=-2147483648 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2004280000 definitions=main-2005180114 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Christoph, On Sun, 2020-05-17 at 23:22 -0700, Christoph Hellwig wrote: > On Fri, May 15, 2020 at 09:29:33PM +0000, Luis Chamberlain wrote: > > On Wed, May 13, 2020 at 11:17:36AM -0700, Christoph Hellwig wrote: > > > Can you also move kernel_read_* out of fs.h? That header gets pulled > > > in just about everywhere and doesn't really need function not related > > > to the general fs interface. > > > > Sure, where should I dump these? > > Maybe a new linux/kernel_read_file.h? Bonus points for a small top > of the file comment explaining the point of the interface, which I > still don't get :) Instead of rolling your own method of having the kernel read a file, which requires call specific security hooks, this interface provides a single generic set of pre and post security hooks.  The kernel_read_file_id enumeration permits the security hook to differentiate between callers. To comply with secure and trusted boot concepts, a file cannot be accessible to the caller until after it has been measured and/or the integrity (hash/signature) appraised. In some cases, the file was previously read twice, first to measure and/or appraise the file and then read again into a buffer for use.  This interface reads the file into a buffer once, calls the generic post security hook, before providing the buffer to the caller.  (Note using firmware pre-allocated memory might be an issue.) Partial reading firmware will result in needing to pre-read the entire file, most likely on the security pre hook. Mimi