Linux-Fsdevel Archive on lore.kernel.org
help / color / mirror / Atom feed
From: Greg KH <gregkh@linuxfoundation.org>
To: Luis Chamberlain <mcgrof@kernel.org>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>,
	Josh Triplett <josh@joshtriplett.org>,
	viro@zeniv.linux.org.uk, rafael@kernel.org, jeyu@kernel.org,
	jmorris@namei.org, keescook@chromium.org, paul@paul-moore.com,
	stephen.smalley.work@gmail.com, eparis@parisplace.org,
	nayna@linux.ibm.com, zohar@linux.ibm.com,
	scott.branden@broadcom.com, dan.carpenter@oracle.com,
	skhan@linuxfoundation.org, geert@linux-m68k.org,
	tglx@linutronix.de, bauerman@linux.ibm.com, dhowells@redhat.com,
	linux-integrity@vger.kernel.org, linux-fsdevel@vger.kernel.org,
	kexec@lists.infradead.org, linux-security-module@vger.kernel.org,
	selinux@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 2/3] security: add symbol namespace for reading file data
Date: Wed, 13 May 2020 18:26:04 +0200	[thread overview]
Message-ID: <20200513162604.GE1362525@kroah.com> (raw)
In-Reply-To: <20200513161622.GS11244@42.do-not-panic.com>

On Wed, May 13, 2020 at 04:16:22PM +0000, Luis Chamberlain wrote:
> On Wed, May 13, 2020 at 10:40:31AM -0500, Eric W. Biederman wrote:
> > Luis Chamberlain <mcgrof@kernel.org> writes:
> > 
> > > Certain symbols are not meant to be used by everybody, the security
> > > helpers for reading files directly is one such case. Use a symbol
> > > namespace for them.
> > >
> > > This will prevent abuse of use of these symbols in places they were
> > > not inteded to be used, and provides an easy way to audit where these
> > > types of operations happen as a whole.
> > 
> > Why not just remove the ability for the firmware loader to be a module?
> > 
> > Is there some important use case that requires the firmware loader
> > to be a module?
> > 
> > We already compile the code in by default.  So it is probably just
> > easier to remove the modular support all together.  Which would allow
> > the export of the security hooks to be removed as well.
> 
> Yeah, that's a better solution. The only constaint I am aware of is
> we *cannot* change the name of the module from firmware_class since the
> old fallback sysfs loader depends on the module name. So, so long as we
> take care with that on built-in and document this very well, I think
> we should be good.
> 
> I checked the commit logs and this was tristate since the code was added
> upstream, so I cannot see any good reason it was enabled as modular.
> 
> Speaking with a *backports experience* hat on, we did have a use case
> to use a module for it in case a new feature was added upstream which
> was not present on older kernels. However I think that using a separate
> symbol prefix would help with that.
> 
> Would any Android stakeholders / small / embedded folks whave any issue
> with this?

Android has build in the firmware loading logic for a while now.  Well,
always, they have not had kernel modules for many years.  That is
changing but this logic is not getting moved to a kernel module as that
would just be silly :)

thanks,

greg k-h

  reply	other threads:[~2020-05-13 16:26 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-05-13 15:21 [PATCH 0/3] fs: reduce export usage of kerne_read*() calls Luis Chamberlain
2020-05-13 15:21 ` [PATCH 1/3] fs: unexport kernel_read_file() Luis Chamberlain
2020-05-13 15:21 ` [PATCH 2/3] security: add symbol namespace for reading file data Luis Chamberlain
2020-05-13 15:40   ` Eric W. Biederman
2020-05-13 16:09     ` Greg KH
2020-05-13 16:16     ` Luis Chamberlain
2020-05-13 16:26       ` Greg KH [this message]
2020-05-13 18:07       ` Josh Triplett
2020-05-13 15:21 ` [PATCH 3/3] fs: move kernel_read*() calls to its own symbol namespace Luis Chamberlain
2020-05-13 16:08   ` Greg KH
2020-05-13 18:17 ` [PATCH 0/3] fs: reduce export usage of kerne_read*() calls Christoph Hellwig
2020-05-15 21:29   ` Luis Chamberlain
2020-05-18  6:22     ` Christoph Hellwig
2020-05-18 12:37       ` Mimi Zohar
2020-05-18 15:21         ` Kees Cook
2020-07-29  1:20           ` Luis Chamberlain
2020-05-22 22:24         ` Scott Branden
2020-05-22 23:04           ` Kees Cook
2020-05-22 23:25             ` Scott Branden
2020-05-24  2:52               ` Mimi Zohar
2020-06-05 18:15                 ` Scott Branden
2020-06-05 18:37                   ` Mimi Zohar

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200513162604.GE1362525@kroah.com \
    --to=gregkh@linuxfoundation.org \
    --cc=bauerman@linux.ibm.com \
    --cc=dan.carpenter@oracle.com \
    --cc=dhowells@redhat.com \
    --cc=ebiederm@xmission.com \
    --cc=eparis@parisplace.org \
    --cc=geert@linux-m68k.org \
    --cc=jeyu@kernel.org \
    --cc=jmorris@namei.org \
    --cc=josh@joshtriplett.org \
    --cc=keescook@chromium.org \
    --cc=kexec@lists.infradead.org \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=mcgrof@kernel.org \
    --cc=nayna@linux.ibm.com \
    --cc=paul@paul-moore.com \
    --cc=rafael@kernel.org \
    --cc=scott.branden@broadcom.com \
    --cc=selinux@vger.kernel.org \
    --cc=skhan@linuxfoundation.org \
    --cc=stephen.smalley.work@gmail.com \
    --cc=tglx@linutronix.de \
    --cc=viro@zeniv.linux.org.uk \
    --cc=zohar@linux.ibm.com \
    --subject='Re: [PATCH 2/3] security: add symbol namespace for reading file data' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).