On Thu, Jun 20, 2019 at 8:22 PM Kees Cook <keescook@xxxxxxxxxxxx> wrote: > > On Thu, Jun 20, 2019 at 06:19:12PM -0700, Matthew Garrett wrote: > > The lockdown module is intended to allow for kernels to be locked down > > early in boot - sufficiently early that we don't have the ability to > > kmalloc() yet. Add support for early initialisation of some LSMs, and > > then add them to the list of names when we do full initialisation later. > > So, if I'm reading correctly, these "early LSMs": > > - start up before even boot parameter parsing has happened > - have their position in the LSM ordering ignored > - are initialized in boot order > - cannot use kmalloc, as well as probably lots of other things Accurate. I've expanded the description. > > pr_info("Security Framework initializing\n"); > > I'd rather this was kept in security_init() since it's the string to > search for when debugging normal LSM initialization. Ok. > > > > @@ -343,6 +342,30 @@ int __init security_init(void) > > i++) > > INIT_HLIST_HEAD(&list[i]); > > > > + for (lsm = __start_early_lsm_info; lsm < __end_early_lsm_info; lsm++) { > > + if (!lsm->enabled) > > + lsm->enabled = &lsm_enabled_true; > > + initialize_lsm(lsm); > > + } > > This should call prepare_lsm() before initialize_lsm(). While not needed > for this specific LSM, it would be nice to at least do the blog size > calculations and keep everything the same as other LSMs. Ok. > > + > > + return 0; > > +} > > + > > +/** > > + * security_init - initializes the security framework > > + * > > + * This should be called early in the kernel initialization sequence. > > + */ > > +int __init security_init(void) > > +{ > > + struct lsm_info *lsm; > > + > > + /* Append the names of the early LSM modules now */ > > I would clarify this comment more: "... that kmalloc() is available." Ok,