[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20200513152108.25669-1-mcgrof@kernel.org>
Date: Wed, 13 May 2020 15:21:05 +0000
From: Luis Chamberlain <mcgrof@...nel.org>
To: viro@...iv.linux.org.uk, gregkh@...uxfoundation.org,
rafael@...nel.org, ebiederm@...ssion.com, jeyu@...nel.org,
jmorris@...ei.org, keescook@...omium.org, paul@...l-moore.com,
stephen.smalley.work@...il.com, eparis@...isplace.org,
nayna@...ux.ibm.com, zohar@...ux.ibm.com
Cc: scott.branden@...adcom.com, dan.carpenter@...cle.com,
skhan@...uxfoundation.org, geert@...ux-m68k.org,
tglx@...utronix.de, bauerman@...ux.ibm.com, dhowells@...hat.com,
linux-integrity@...r.kernel.org, linux-fsdevel@...r.kernel.org,
kexec@...ts.infradead.org, linux-security-module@...r.kernel.org,
selinux@...r.kernel.org, linux-kernel@...r.kernel.org,
Luis Chamberlain <mcgrof@...nel.org>
Subject: [PATCH 0/3] fs: reduce export usage of kerne_read*() calls
While reviewing Scott Branden's submission of the new Broadcom VK driver
driver upstream [0], part of which included 4 new pread varaints of the
existing kernel_read*(), calls I grew shivers of the possibility of drivers
using these exported symbols loosely. If we're going to grow these, it
seems best to restrict the symbols to a namespace so drivers and
subsystem maintainers don't use these carelessly.
This should also help with making it easier to audit future locations in
the kernel such read calls happen by just looking at the imports of the
namespace.
This goes compile tested with allyesconfig and allmodconfig on x86_64.
0-day should have a report on build status with other configs later of
my branch [1].
[0] https://lkml.kernel.org/r/20200508002739.19360-1-scott.branden@broadcom.com
[1] https://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/linux-next.git/log/?h=20200513-kernel-read-sym
Luis Chamberlain (3):
fs: unexport kernel_read_file()
security: add symbol namespace for reading file data
fs: move kernel_read*() calls to its own symbol namespace
drivers/base/firmware_loader/fallback.c | 1 +
drivers/base/firmware_loader/main.c | 1 +
fs/exec.c | 9 +++++----
kernel/kexec.c | 2 ++
kernel/kexec_file.c | 2 ++
kernel/module.c | 3 +++
security/integrity/digsig.c | 3 +++
security/integrity/ima/ima_fs.c | 3 +++
security/integrity/ima/ima_main.c | 2 ++
security/loadpin/loadpin.c | 2 ++
security/security.c | 8 +++++---
security/selinux/hooks.c | 2 ++
12 files changed, 31 insertions(+), 7 deletions(-)
--
2.26.2
Powered by blists - more mailing lists