From: Igor Stoppa <igor.stoppa@huawei.com>
To: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>,
jglisse@redhat.com, keescook@chromium.org, mhocko@kernel.org,
jmorris@namei.org, labbott@redhat.com, hch@infradead.org,
casey@schaufler-ca.com
Cc: paul@paul-moore.com, sds@tycho.nsa.gov,
linux-security-module@vger.kernel.org, linux-mm@kvack.org,
linux-kernel@vger.kernel.org,
kernel-hardening@lists.openwall.com
Subject: Re: [PATCH v10 0/3] mm: security: ro protection for dynamic data
Date: Tue, 11 Jul 2017 14:37:39 +0300 [thread overview]
Message-ID: <4821f909-8885-654d-701e-3044c79d055f@huawei.com> (raw)
In-Reply-To: <201707112012.GBC05774.QOtOSLJVFHFOFM@I-love.SAKURA.ne.jp>
On 11/07/17 14:12, Tetsuo Handa wrote:
> Igor Stoppa wrote:
>> - I had to rebase Tetsuo Handa's patch because it didn't apply cleanly
>> anymore, I would appreciate an ACK to that or a revised patch, whatever
>> comes easier.
>
> Since we are getting several proposals of changing LSM hooks and both your proposal
> and Casey's "LSM: Security module blob management" proposal touch same files, I think
> we can break these changes into small pieces so that both you and Casey can make
> future versions smaller.
>
> If nobody has objections about direction of Igor's proposal and Casey's proposal,
> I think merging only "[PATCH 2/3] LSM: Convert security_hook_heads into explicit
> array of struct list_head" from Igor's proposal and ->security accessor wrappers (e.g.
I would like to understand if there is still interest about:
* "[PATCH 1/3] Protectable memory support" which was my main interest
* "[PATCH 3/3] Make LSM Writable Hooks a command line option"
which was the example of how to use [1/3]
> #define selinux_security(obj) (obj->security)
> #define smack_security(obj) (obj->security)
> #define tomoyo_security(obj) (obj->security)
> #define apparmor_security(obj) (obj->security)
For example, I see that there are various kzalloc calls that might be
useful to turn into pmalloc ones.
In general, I'd think that, after a transient is complete, where modules
are loaded by allocating dynamic data structures, they could be locked
down in read-only mode.
I have the feeling that, now that I have polished up the pmalloc patch,
the proposed use case is fading away.
Can it be adjusted to the new situation or should I look elsewhere for
an example that would justify merging pmalloc?
thanks, igor
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
prev parent reply other threads:[~2017-07-11 11:39 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-10 15:06 Igor Stoppa
2017-07-10 15:06 ` [PATCH 1/3] Protectable memory support Igor Stoppa
2017-07-11 2:05 ` kbuild test robot
2017-07-10 15:06 ` [PATCH 2/3] LSM: Convert security_hook_heads into explicit array of struct list_head Igor Stoppa
2017-07-10 15:06 ` [PATCH 3/3] Make LSM Writable Hooks a command line option Igor Stoppa
2017-07-11 4:12 ` kbuild test robot
2017-07-11 11:12 ` [PATCH v10 0/3] mm: security: ro protection for dynamic data Tetsuo Handa
2017-07-11 11:37 ` Igor Stoppa [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4821f909-8885-654d-701e-3044c79d055f@huawei.com \
--to=igor.stoppa@huawei.com \
--cc=casey@schaufler-ca.com \
--cc=hch@infradead.org \
--cc=jglisse@redhat.com \
--cc=jmorris@namei.org \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=labbott@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mhocko@kernel.org \
--cc=paul@paul-moore.com \
--cc=penguin-kernel@I-love.SAKURA.ne.jp \
--cc=sds@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox