Re: [PATCH 0/4] Fix misused kernel_read_file() enums

[PATCH 0/4] Fix misused kernel_read_file() enums · Kees Cook <hidden> · 2020-07-07
[PATCH 2/4] fs: Remove FIRMWARE_PREALLOC_BUFFER from kernel_read_file() enums · Kees Cook <hidden> · 2020-07-07
Re: [PATCH 2/4] fs: Remove FIRMWARE_PREALLOC_BUFFER from kernel_read_file() enums · Scott Branden <scott.branden@broadcom.com> · 2020-07-07
Re: [PATCH 2/4] fs: Remove FIRMWARE_PREALLOC_BUFFER from kernel_read_file() enums · Kees Cook <hidden> · 2020-07-07
Re: [PATCH 2/4] fs: Remove FIRMWARE_PREALLOC_BUFFER from kernel_read_file() enums · Scott Branden <scott.branden@broadcom.com> · 2020-07-08
Re: [PATCH 2/4] fs: Remove FIRMWARE_PREALLOC_BUFFER from kernel_read_file() enums · Kees Cook <hidden> · 2020-07-08
Re: [PATCH 2/4] fs: Remove FIRMWARE_PREALLOC_BUFFER from kernel_read_file() enums · Scott Branden <scott.branden@broadcom.com> · 2020-07-10
Re: [PATCH 2/4] fs: Remove FIRMWARE_PREALLOC_BUFFER from kernel_read_file() enums · Matthew Wilcox <willy@infradead.org> · 2020-07-10
Re: [PATCH 2/4] fs: Remove FIRMWARE_PREALLOC_BUFFER from kernel_read_file() enums · Scott Branden <scott.branden@broadcom.com> · 2020-07-10
Re: [PATCH 2/4] fs: Remove FIRMWARE_PREALLOC_BUFFER from kernel_read_file() enums · Kees Cook <hidden> · 2020-07-10
Re: [PATCH 2/4] fs: Remove FIRMWARE_PREALLOC_BUFFER from kernel_read_file() enums · Scott Branden <scott.branden@broadcom.com> · 2020-07-10
Re: [PATCH 2/4] fs: Remove FIRMWARE_PREALLOC_BUFFER from kernel_read_file() enums · Scott Branden <scott.branden@broadcom.com> · 2020-07-16
Re: [PATCH 2/4] fs: Remove FIRMWARE_PREALLOC_BUFFER from kernel_read_file() enums · Kees Cook <hidden> · 2020-07-16
[PATCH 1/4] firmware_loader: EFI firmware loader must handle pre-allocated buffer · Kees Cook <hidden> · 2020-07-07
[PATCH 3/4] fs: Remove FIRMWARE_EFI_EMBEDDED from kernel_read_file() enums · Kees Cook <hidden> · 2020-07-07
[PATCH 4/4] module: Add hook for security_kernel_post_read_file() · Kees Cook <hidden> · 2020-07-07
Re: [PATCH 4/4] module: Add hook for security_kernel_post_read_file() · Mimi Zohar <zohar@linux.ibm.com> · 2020-07-08
Re: [PATCH 4/4] module: Add hook for security_kernel_post_read_file() · Kees Cook <hidden> · 2020-07-08
Re: [PATCH 4/4] module: Add hook for security_kernel_post_read_file() · Mimi Zohar <zohar@linux.ibm.com> · 2020-07-08
Re: [PATCH 0/4] Fix misused kernel_read_file() enums · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2020-07-07
Re: [PATCH 0/4] Fix misused kernel_read_file() enums · Mimi Zohar <zohar@linux.ibm.com> · 2020-07-07
Re: [PATCH 0/4] Fix misused kernel_read_file() enums · Kees Cook <hidden> · 2020-07-07
Re: [PATCH 0/4] Fix misused kernel_read_file() enums · Hans de Goede <hidden> · 2020-07-08
Re: [PATCH 0/4] Fix misused kernel_read_file() enums · Hans de Goede <hidden> · 2020-07-08
Re: [PATCH 0/4] Fix misused kernel_read_file() enums · Luis Chamberlain <mcgrof@kernel.org> · 2020-07-08
Re: [PATCH 0/4] Fix misused kernel_read_file() enums · Hans de Goede <hidden> · 2020-07-08
Re: [PATCH 0/4] Fix misused kernel_read_file() enums · Luis Chamberlain <mcgrof@kernel.org> · 2020-07-08
Re: [PATCH 0/4] Fix misused kernel_read_file() enums · Kees Cook <hidden> · 2020-07-09

From: Hans de Goede <hidden>
Date: 2020-07-08 11:58:55
Also in: linux-fsdevel, linux-integrity, lkml

Hi,

On 7/8/20 1:55 PM, Luis Chamberlain wrote:

On Wed, Jul 08, 2020 at 01:37:41PM +0200, Hans de Goede wrote:

quoted

Hi,

On 7/8/20 1:01 PM, Hans de Goede wrote:

quoted

Hi,

On 7/7/20 10:19 AM, Kees Cook wrote:

quoted

Hi,

In looking for closely at the additions that got made to the
kernel_read_file() enums, I noticed that FIRMWARE_PREALLOC_BUFFER
and FIRMWARE_EFI_EMBEDDED were added, but they are not appropriate
*kinds* of files for the LSM to reason about. They are a "how" and
"where", respectively. Remove these improper aliases and refactor the
code to adapt to the changes.

Additionally adds in missing calls to security_kernel_post_read_file()
in the platform firmware fallback path (to match the sysfs firmware
fallback path) and in module loading. I considered entirely removing
security_kernel_post_read_file() hook since it is technically unused,
but IMA probably wants to be able to measure EFI-stored firmware images,
so I wired it up and matched it for modules, in case anyone wants to
move the module signature checks out of the module core and into an LSM
to avoid the current layering violations.

This touches several trees, and I suspect it would be best to go through
James's LSM tree.

Thanks!


I've done some quick tests on this series to make sure that
the efi embedded-firmware support did not regress.
That still works fine, so this series is;

Tested-by: Hans de Goede <redacted>

I made a mistake during testing I was not actually running the
kernel with the patches added.

After fixing that I did find a problem, patch 4/4:
"module: Add hook for security_kernel_post_read_file()"

Breaks module-loading for me. This is with the 4 patches
on top of 5.8.0-rc4, so this might just be because I'm
not using the right base.

With patch 4/4 reverted things work fine for me.

So, please only add my Tested-by to patches 1-3.

BTW is there any testing covered by the selftests for the firmware
laoder which would have caputured this? If not can you extend
it with something to capture this case you ran into?

This was not a firmware-loading issue. For me in my tests,
which were limited to 1 device, patch 4/4, which only touches
the module-loading code, stopped module loading from working.

Since my test device has / on an eMMC and the kernel config
I'm using has mmc-block as a module, things just hung in the
initrd since no modules could be loaded, so I did not debug
this any further. Dropping  patch 4/4 from my local tree
solved this.

Regards,

Hans

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help