lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: <CZZLQN9CUN2E.5PNZ0C2JHP42@kernel.org>
Date: Thu, 21 Mar 2024 19:25:21 +0200
From: "Jarkko Sakkinen" <jarkko@...nel.org>
To: "Fan Wu" <wufan@...ux.microsoft.com>, "Paul Moore"
 <paul@...l-moore.com>, <corbet@....net>, <zohar@...ux.ibm.com>,
 <jmorris@...ei.org>, <serge@...lyn.com>, <tytso@....edu>,
 <ebiggers@...nel.org>, <axboe@...nel.dk>, <agk@...hat.com>,
 <snitzer@...nel.org>, <eparis@...hat.com>
Cc: <linux-doc@...r.kernel.org>, <linux-integrity@...r.kernel.org>,
 <linux-security-module@...r.kernel.org>, <fsverity@...ts.linux.dev>,
 <linux-block@...r.kernel.org>, <dm-devel@...ts.linux.dev>,
 <audit@...r.kernel.org>, <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH RFC v15 12/21] security: add
 security_bdev_setintegrity() hook

On Wed Mar 20, 2024 at 10:31 PM EET, Fan Wu wrote:
>
>
> On 3/20/2024 1:31 AM, Jarkko Sakkinen wrote:
> > On Wed Mar 20, 2024 at 10:28 AM EET, Jarkko Sakkinen wrote:
> >> On Wed Mar 20, 2024 at 1:00 AM EET, Paul Moore wrote:
> >>> On Mar 15, 2024 Fan Wu <wufan@...ux.microsoft.com> wrote:
> >>>>
> >>>> This patch introduces a new hook to save block device's integrity
> >>>> data. For example, for dm-verity, LSMs can use this hook to save
> >>>> the roothash signature of a dm-verity into the security blob,
> >>>> and LSMs can make access decisions based on the data inside
> >>>> the signature, like the signer certificate.
> >>>>
> >>>> Signed-off-by: Fan Wu <wufan@...ux.microsoft.com>
> >>>>
> >>>> --
> >>>> v1-v14:
> >>>>    + Not present
> >>>>
> >>>> v15:
> >>>>    + Introduced
> >>>>
> >>>> ---
> >>>>   include/linux/lsm_hook_defs.h |  2 ++
> >>>>   include/linux/security.h      | 14 ++++++++++++++
> >>>>   security/security.c           | 28 ++++++++++++++++++++++++++++
> >>>>   3 files changed, 44 insertions(+)
> >>>
> >>> I'm not sure why you made this a separate patch, help?  If there is
> >>> no significant reason why this is separate, please squash it together
> >>> with patch 11/21.
> >>
> >> Off-topic: it is weird to have *RFC* patch set at v15.
> >>
> >> RFC by de-facto is something that can be safely ignored if you don't
> >> have bandwidth. 15 versions of anything that can be safely ignored
> >> is by definition spamming :-) I mean just conceptually.
> >>
> >> So does the RFC still hold or what the heck is going on with this one?
> >>
> >> Haven't followed for some time now...
> > 
> > I mean if this RFC trend continues I'll just put auto-filter for this
> > thread to put straight to the bin.  There's enough non-RFC patch sets
> > to review.
> > 
> > BR, Jarkko
>
> Sorry about the confusion with the RFC tag – I wasn't fully aware of its 
> conventional meaning and how it's perceived in terms of importance and 
> urgency. Point taken, and I'll make sure to remove the RFC tag for 
> future submissions. Definitely not my intention to clog up the workflow 
> or seem like I'm spamming.

OK cool! Just wanted to point this out also because it already looks
good enough not to be considered as RFC in my eyes :-) If you keep RFC
it is by definition "look into if you have the bandwidth but please
do not take this to mainline". No means to nitpick here...

BR, Jarkko

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ