Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S936986AbdCYB7K (ORCPT ); Fri, 24 Mar 2017 21:59:10 -0400 Received: from mail-it0-f43.google.com ([209.85.214.43]:36869 "EHLO mail-it0-f43.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932447AbdCYB7A (ORCPT ); Fri, 24 Mar 2017 21:59:00 -0400 MIME-Version: 1.0 In-Reply-To: <20170325014140.GB1251@athena> References: <20170323025549.19588-1-ewk@edkovsky.org> <20170323025549.19588-2-ewk@edkovsky.org> <20170325004040.azlzgcmedusypah5@jeyu> <20170325014140.GB1251@athena> From: Kees Cook Date: Fri, 24 Mar 2017 18:58:58 -0700 X-Google-Sender-Auth: vmTPnNpZefs4E9tD3tbwAhJpeLM Message-ID: Subject: Re: [PATCH v3 1/2] module: verify address is read-only To: Jessica Yu , Rusty Russell , Kees Cook , LKML , "kernel-hardening@lists.openwall.com" Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1063 Lines: 32 On Fri, Mar 24, 2017 at 6:41 PM, Eddie Kovsky wrote: > On 03/24/17, Jessica Yu wrote: >> +++ Eddie Kovsky [22/03/17 20:55 -0600]: >> > Implement a mechanism to check if a module's address is in >> > the rodata or ro_after_init sections. It mimics the exsiting functions >> > that test if an address is inside a module's text section. >> > >> > Functions that take a module as an argument will be able to >> >> > verify that the module is in a read-only section. >> >> s/module/module address/? >> > Yes, that is more accurate. > >> Also, there is some useful information in your cover letter on the >> context and motivation for adding to the api, it would be good to >> reproduce that info here so that we can have it officially in the >> changelog. (sentences "This implements a suggestion made by Kees..." >> and "The idea is to prevent structures..." would be nice to copy here) >> > Okay, that's easy to add. > > Kees, would you like me to add your Suggested-by as well? Sure! I'm find either way. :) -Kees -- Kees Cook Pixel Security