[v1] module: Fully remove the kernel_module_from_file hook
diff mbox

Message ID 1468088355-18484-1-git-send-email-mic@digikod.net
State New
Headers show

Commit Message

Mickaël Salaün July 9, 2016, 6:19 p.m. UTC
Fixes: a1db74209483 ("module: replace copy_module_from_fd with kernel version")

Signed-off-by: Mickaël Salaün <mic@digikod.net>
Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Luis R. Rodriguez <mcgrof@kernel.org>
Cc: Rusty Russell <rusty@rustcorp.com.au>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 include/linux/lsm_hooks.h | 1 -
 include/linux/security.h  | 1 -
 2 files changed, 2 deletions(-)

Comments

Kees Cook July 11, 2016, 6:41 p.m. UTC | #1
On Sat, Jul 9, 2016 at 2:19 PM, Mickaël Salaün <mic@digikod.net> wrote:
> Fixes: a1db74209483 ("module: replace copy_module_from_fd with kernel version")

Oh, hrm, was that still in there? Thanks for the catch!

Acked-by: Kees Cook <keescook@chromium.org>

-Kees

>
> Signed-off-by: Mickaël Salaün <mic@digikod.net>
> Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>
> Cc: Kees Cook <keescook@chromium.org>
> Cc: Luis R. Rodriguez <mcgrof@kernel.org>
> Cc: Rusty Russell <rusty@rustcorp.com.au>
> Cc: Linus Torvalds <torvalds@linux-foundation.org>
> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> ---
>  include/linux/lsm_hooks.h | 1 -
>  include/linux/security.h  | 1 -
>  2 files changed, 2 deletions(-)
>
> diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
> index 7ae397669d8b..58c777ec8bcf 100644
> --- a/include/linux/lsm_hooks.h
> +++ b/include/linux/lsm_hooks.h
> @@ -1455,7 +1455,6 @@ union security_list_options {
>         int (*kernel_act_as)(struct cred *new, u32 secid);
>         int (*kernel_create_files_as)(struct cred *new, struct inode *inode);
>         int (*kernel_module_request)(char *kmod_name);
> -       int (*kernel_module_from_file)(struct file *file);
>         int (*kernel_read_file)(struct file *file, enum kernel_read_file_id id);
>         int (*kernel_post_read_file)(struct file *file, char *buf, loff_t size,
>                                      enum kernel_read_file_id id);
> diff --git a/include/linux/security.h b/include/linux/security.h
> index 14df373ff2ca..2b8c7d2a3fd8 100644
> --- a/include/linux/security.h
> +++ b/include/linux/security.h
> @@ -307,7 +307,6 @@ void security_transfer_creds(struct cred *new, const struct cred *old);
>  int security_kernel_act_as(struct cred *new, u32 secid);
>  int security_kernel_create_files_as(struct cred *new, struct inode *inode);
>  int security_kernel_module_request(char *kmod_name);
> -int security_kernel_module_from_file(struct file *file);
>  int security_kernel_read_file(struct file *file, enum kernel_read_file_id id);
>  int security_kernel_post_read_file(struct file *file, char *buf, loff_t size,
>                                    enum kernel_read_file_id id);
> --
> 2.8.1
>
Greg Kroah-Hartman July 11, 2016, 9:42 p.m. UTC | #2
On Sat, Jul 09, 2016 at 08:19:15PM +0200, Mickaël Salaün wrote:
> Fixes: a1db74209483 ("module: replace copy_module_from_fd with kernel version")

It's not a "fix", it's a "cleanup remaining bits"

--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
James Morris July 12, 2016, 12:48 p.m. UTC | #3
On Sat, 9 Jul 2016, Mickaël Salaün wrote:

> Fixes: a1db74209483 ("module: replace copy_module_from_fd with kernel version")
> 
> Signed-off-by: Mickaël Salaün <mic@digikod.net>
> Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>
> Cc: Kees Cook <keescook@chromium.org>
> Cc: Luis R. Rodriguez <mcgrof@kernel.org>
> Cc: Rusty Russell <rusty@rustcorp.com.au>
> Cc: Linus Torvalds <torvalds@linux-foundation.org>
> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>


Acked-by: James Morris <james.l.morris@oracle.com>
Kees Cook July 28, 2016, 6:30 p.m. UTC | #4
On Tue, Jul 12, 2016 at 5:48 AM, James Morris <jmorris@namei.org> wrote:
> On Sat, 9 Jul 2016, Mickaël Salaün wrote:
>
>> Fixes: a1db74209483 ("module: replace copy_module_from_fd with kernel version")
>>
>> Signed-off-by: Mickaël Salaün <mic@digikod.net>
>> Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>
>> Cc: Kees Cook <keescook@chromium.org>
>> Cc: Luis R. Rodriguez <mcgrof@kernel.org>
>> Cc: Rusty Russell <rusty@rustcorp.com.au>
>> Cc: Linus Torvalds <torvalds@linux-foundation.org>
>> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
>
>
> Acked-by: James Morris <james.l.morris@oracle.com>

James, can you take this via the security-next tree?

Thanks!

-Kees
Mimi Zohar Aug. 1, 2016, 2:34 a.m. UTC | #5
On Do, 2016-07-28 at 11:30 -0700, Kees Cook wrote:
> On Tue, Jul 12, 2016 at 5:48 AM, James Morris <jmorris@namei.org> wrote:
> > On Sat, 9 Jul 2016, Mickaël Salaün wrote:
> >
> >> Fixes: a1db74209483 ("module: replace copy_module_from_fd with kernel version")
> >>
> >> Signed-off-by: Mickaël Salaün <mic@digikod.net>
> >> Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>
> >> Cc: Kees Cook <keescook@chromium.org>
> >> Cc: Luis R. Rodriguez <mcgrof@kernel.org>
> >> Cc: Rusty Russell <rusty@rustcorp.com.au>
> >> Cc: Linus Torvalds <torvalds@linux-foundation.org>
> >> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> >
> >
> > Acked-by: James Morris <james.l.morris@oracle.com>
> 
> James, can you take this via the security-next tree?

Kees, thank you for staying on top of this.  James, did you want a pull
request for this patch?

Mimi

--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
James Morris Aug. 2, 2016, 1:12 a.m. UTC | #6
On Sun, 31 Jul 2016, Mimi Zohar wrote:

> On Do, 2016-07-28 at 11:30 -0700, Kees Cook wrote:
> > On Tue, Jul 12, 2016 at 5:48 AM, James Morris <jmorris@namei.org> wrote:
> > > On Sat, 9 Jul 2016, Mickaël Salaün wrote:
> > >
> > >> Fixes: a1db74209483 ("module: replace copy_module_from_fd with kernel version")
> > >>
> > >> Signed-off-by: Mickaël Salaün <mic@digikod.net>
> > >> Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>
> > >> Cc: Kees Cook <keescook@chromium.org>
> > >> Cc: Luis R. Rodriguez <mcgrof@kernel.org>
> > >> Cc: Rusty Russell <rusty@rustcorp.com.au>
> > >> Cc: Linus Torvalds <torvalds@linux-foundation.org>
> > >> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> > >
> > >
> > > Acked-by: James Morris <james.l.morris@oracle.com>
> > 
> > James, can you take this via the security-next tree?
> 
> Kees, thank you for staying on top of this.  James, did you want a pull
> request for this patch?

Nope, just a copy of the patch.
Mimi Zohar Aug. 2, 2016, 2:03 p.m. UTC | #7
On Di, 2016-08-02 at 11:12 +1000, James Morris wrote:
> On Sun, 31 Jul 2016, Mimi Zohar wrote:

> > > James, can you take this via the security-next tree?
> > 
> > Kees, thank you for staying on top of this.  James, did you want a pull
> > request for this patch?
> 
> Nope, just a copy of the patch.

Ok, I cleaned up the patch description, added Kees' ack, and pushed the
patch to
git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git
next.  Please pick up the one commit - 56078b5 "module: Fully remove the
kernel_module_from_file hook".

Thanks,

Mimi

--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
James Morris Aug. 9, 2016, 12:28 a.m. UTC | #8
On Tue, 2 Aug 2016, Mimi Zohar wrote:

> On Di, 2016-08-02 at 11:12 +1000, James Morris wrote:
> > On Sun, 31 Jul 2016, Mimi Zohar wrote:
> 
> > > > James, can you take this via the security-next tree?
> > > 
> > > Kees, thank you for staying on top of this.  James, did you want a pull
> > > request for this patch?
> > 
> > Nope, just a copy of the patch.
> 
> Ok, I cleaned up the patch description, added Kees' ack, and pushed the
> patch to
> git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git
> next.  Please pick up the one commit - 56078b5 "module: Fully remove the
> kernel_module_from_file hook".

Thanks, applied.

Patch
diff mbox

diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 7ae397669d8b..58c777ec8bcf 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -1455,7 +1455,6 @@  union security_list_options {
 	int (*kernel_act_as)(struct cred *new, u32 secid);
 	int (*kernel_create_files_as)(struct cred *new, struct inode *inode);
 	int (*kernel_module_request)(char *kmod_name);
-	int (*kernel_module_from_file)(struct file *file);
 	int (*kernel_read_file)(struct file *file, enum kernel_read_file_id id);
 	int (*kernel_post_read_file)(struct file *file, char *buf, loff_t size,
 				     enum kernel_read_file_id id);
diff --git a/include/linux/security.h b/include/linux/security.h
index 14df373ff2ca..2b8c7d2a3fd8 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -307,7 +307,6 @@  void security_transfer_creds(struct cred *new, const struct cred *old);
 int security_kernel_act_as(struct cred *new, u32 secid);
 int security_kernel_create_files_as(struct cred *new, struct inode *inode);
 int security_kernel_module_request(char *kmod_name);
-int security_kernel_module_from_file(struct file *file);
 int security_kernel_read_file(struct file *file, enum kernel_read_file_id id);
 int security_kernel_post_read_file(struct file *file, char *buf, loff_t size,
 				   enum kernel_read_file_id id);