From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.9 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C5885C433E0 for ; Tue, 7 Jul 2020 08:19:44 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id A5D04206C3 for ; Tue, 7 Jul 2020 08:19:44 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="LGKeNNtT" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728140AbgGGITd (ORCPT ); Tue, 7 Jul 2020 04:19:33 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51484 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727951AbgGGITc (ORCPT ); Tue, 7 Jul 2020 04:19:32 -0400 Received: from mail-pg1-x541.google.com (mail-pg1-x541.google.com [IPv6:2607:f8b0:4864:20::541]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2D141C08C5E3 for ; Tue, 7 Jul 2020 01:19:32 -0700 (PDT) Received: by mail-pg1-x541.google.com with SMTP id p3so19659308pgh.3 for ; Tue, 07 Jul 2020 01:19:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=0pw/almlOM0nvvqI+5nYmAdy2Yj1U7UMDcdD61C+qaQ=; b=LGKeNNtTd/zC9lyBS5S1OkdT3sNaE+OZVMRG3YUkLIM//s1udvtMwGfcRKkICTDfwX ciRh8xDXHRSFwSI2d++7iFZs2KTVOZj83GEv3CXcpx2PnvTMoeW3qj/VyUi3VUXCJMRk BZDk4YDxdLaSu4NokEYhbyiGlmhzlQzseg27I= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=0pw/almlOM0nvvqI+5nYmAdy2Yj1U7UMDcdD61C+qaQ=; b=iQL0Zg7DQQ6Q7MPczDxqx+PnCaiBbYTbsNB0pkdk8czRtrL23sqeauODb7deaMaQUg NytHWe4qGN6XmfpYpy7E1mdjK6DxiApEKEmHB1HIkoyzBFJtROOZx2SdYXUvXOT9Namj 8MXpJgAz5IIyBY2adqm8X6d5Z8Fhx2Ugfba9xPGHNl3Acfl3whxMxKkSD2BuZh6gMGmS 8kPLrkatJmLA4IjdpYiPn/3F2tcgTa1J+z7aIexZ4HZP3nRgqyXl5Lyx3EuOYf4utJe8 585DJQXlxAUTLc1+rIpIvB34pvbIBjScjkyK2NsfV0v1yeNCl8u99gTrfZEnzb8+Iff2 9fJA== X-Gm-Message-State: AOAM533QzGYdxEUV2q84iOfZV9d3e50Cyl0envX3ho9L4vwxr4KTlEmJ I42qXpxuGrnG6Zw6tkfVt0WYSA== X-Google-Smtp-Source: ABdhPJxa9aMEUJ/Mjzn5aqtaRqYpVKuj1envkrNds6yTMeT1CX3sElLVK5gBWNoqrM4QS8Ru/kca3w== X-Received: by 2002:a63:2d44:: with SMTP id t65mr33902187pgt.257.1594109971610; Tue, 07 Jul 2020 01:19:31 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id 186sm15400415pfe.1.2020.07.07.01.19.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Jul 2020 01:19:30 -0700 (PDT) From: Kees Cook To: James Morris Cc: Kees Cook , Luis Chamberlain , Mimi Zohar , Scott Branden , Greg Kroah-Hartman , "Rafael J. Wysocki" , Alexander Viro , Jessica Yu , Dmitry Kasatkin , "Serge E. Hallyn" , Casey Schaufler , "Eric W. Biederman" , Peter Zijlstra , Matthew Garrett , David Howells , Mauro Carvalho Chehab , Randy Dunlap , "Joel Fernandes (Google)" , KP Singh , Dave Olsthoorn , Hans de Goede , Peter Jones , Andrew Morton , Stephen Boyd , Paul Moore , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org Subject: [PATCH 0/4] Fix misused kernel_read_file() enums Date: Tue, 7 Jul 2020 01:19:22 -0700 Message-Id: <20200707081926.3688096-1-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi, In looking for closely at the additions that got made to the kernel_read_file() enums, I noticed that FIRMWARE_PREALLOC_BUFFER and FIRMWARE_EFI_EMBEDDED were added, but they are not appropriate *kinds* of files for the LSM to reason about. They are a "how" and "where", respectively. Remove these improper aliases and refactor the code to adapt to the changes. Additionally adds in missing calls to security_kernel_post_read_file() in the platform firmware fallback path (to match the sysfs firmware fallback path) and in module loading. I considered entirely removing security_kernel_post_read_file() hook since it is technically unused, but IMA probably wants to be able to measure EFI-stored firmware images, so I wired it up and matched it for modules, in case anyone wants to move the module signature checks out of the module core and into an LSM to avoid the current layering violations. This touches several trees, and I suspect it would be best to go through James's LSM tree. Thanks! -Kees Kees Cook (4): firmware_loader: EFI firmware loader must handle pre-allocated buffer fs: Remove FIRMWARE_PREALLOC_BUFFER from kernel_read_file() enums fs: Remove FIRMWARE_EFI_EMBEDDED from kernel_read_file() enums module: Add hook for security_kernel_post_read_file() drivers/base/firmware_loader/fallback_platform.c | 12 ++++++++++-- drivers/base/firmware_loader/main.c | 5 ++--- fs/exec.c | 7 ++++--- include/linux/fs.h | 3 +-- include/linux/lsm_hooks.h | 6 +++++- kernel/module.c | 7 ++++++- security/integrity/ima/ima_main.c | 6 ++---- 7 files changed, 30 insertions(+), 16 deletions(-) -- 2.25.1