On Wed, Jul 08, 2020 at 01:30:04PM +0000, Luis Chamberlain wrote: > On Wed, Jul 08, 2020 at 01:58:47PM +0200, Hans de Goede wrote: > > Hi, > > > > On 7/8/20 1:55 PM, Luis Chamberlain wrote: > > > On Wed, Jul 08, 2020 at 01:37:41PM +0200, Hans de Goede wrote: > > > > Hi, > > > > > > > > On 7/8/20 1:01 PM, Hans de Goede wrote: > > > > > Hi, > > > > > > > > > > On 7/7/20 10:19 AM, Kees Cook wrote: > > > > > > Hi, > > > > > > > > > > > > In looking for closely at the additions that got made to the > > > > > > kernel_read_file() enums, I noticed that FIRMWARE_PREALLOC_BUFFER > > > > > > and FIRMWARE_EFI_EMBEDDED were added, but they are not appropriate > > > > > > *kinds* of files for the LSM to reason about. They are a "how" and > > > > > > "where", respectively. Remove these improper aliases and refactor the > > > > > > code to adapt to the changes. > > > > > > > > > > > > Additionally adds in missing calls to security_kernel_post_read_file() > > > > > > in the platform firmware fallback path (to match the sysfs firmware > > > > > > fallback path) and in module loading. I considered entirely removing > > > > > > security_kernel_post_read_file() hook since it is technically unused, > > > > > > but IMA probably wants to be able to measure EFI-stored firmware images, > > > > > > so I wired it up and matched it for modules, in case anyone wants to > > > > > > move the module signature checks out of the module core and into an LSM > > > > > > to avoid the current layering violations. > > > > > > > > > > > > This touches several trees, and I suspect it would be best to go through > > > > > > James's LSM tree. > > > > > > > > > > > > Thanks! > > > > > > > > > > > > > > > I've done some quick tests on this series to make sure that > > > > > the efi embedded-firmware support did not regress. > > > > > That still works fine, so this series is; > > > > > > > > > > Tested-by: Hans de Goede <hdegoede@xxxxxxxxxx> > > > > > > > > I made a mistake during testing I was not actually running the > > > > kernel with the patches added. > > > > > > > > After fixing that I did find a problem, patch 4/4: > > > > "module: Add hook for security_kernel_post_read_file()" > > > > > > > > Breaks module-loading for me. This is with the 4 patches > > > > on top of 5.8.0-rc4, so this might just be because I'm > > > > not using the right base. > > > > > > > > With patch 4/4 reverted things work fine for me. > > > > > > > > So, please only add my Tested-by to patches 1-3. > > > > > > BTW is there any testing covered by the selftests for the firmware > > > laoder which would have caputured this? If not can you extend > > > it with something to capture this case you ran into? > > > > This was not a firmware-loading issue. For me in my tests, > > which were limited to 1 device, patch 4/4, which only touches > > the module-loading code, stopped module loading from working. > > > > Since my test device has / on an eMMC and the kernel config > > I'm using has mmc-block as a module, things just hung in the > > initrd since no modules could be loaded, so I did not debug > > this any further. Dropping patch 4/4 from my local tree > > solved this. > > Thanks Hans! > > Kees, would test_kmod.c and the respective selftest would have picked > this issue up? I need to check -- I got a (possibly related) 0day report on it too. Since I have to clean it up further based on Mimi's comments, and adapt it a bit for Scott's series, I'll need to get a v2 spun for sure. :) -- Kees Cook