Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S969261AbdDSTZI (ORCPT ); Wed, 19 Apr 2017 15:25:08 -0400 Received: from sauhun.de ([88.99.104.3]:44692 "EHLO pokefinder.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1762476AbdDSTZG (ORCPT ); Wed, 19 Apr 2017 15:25:06 -0400 Date: Wed, 19 Apr 2017 21:25:04 +0200 From: Wolfram Sang To: David Howells Cc: linux-kernel@vger.kernel.org, gnomes@lxorguk.ukuu.org.uk, Jean Delvare , gregkh@linuxfoundation.org, linux-security-module@vger.kernel.org, keyrings@vger.kernel.org, linux-i2c@vger.kernel.org Subject: Re: [PATCH 09/38] Annotate hardware config module parameters in drivers/i2c/ Message-ID: <20170419192504.s5bo6tmqns3vx45f@ninjato> References: <149141141298.29162.5612793122429261720.stgit@warthog.procyon.org.uk> <149141148368.29162.12692004178864468110.stgit@warthog.procyon.org.uk> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="jxdx5lp5y4q36bqq" Content-Disposition: inline In-Reply-To: <149141148368.29162.12692004178864468110.stgit@warthog.procyon.org.uk> User-Agent: NeoMutt/20161126 (1.7.1) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2495 Lines: 58 --jxdx5lp5y4q36bqq Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Apr 05, 2017 at 05:58:03PM +0100, David Howells wrote: > When the kernel is running in secure boot mode, we lock down the kernel to > prevent userspace from modifying the running kernel image. Whilst this > includes prohibiting access to things like /dev/mem, it must also prevent > access by means of configuring driver modules in such a way as to cause a > device to access or modify the kernel image. >=20 > To this end, annotate module_param* statements that refer to hardware > configuration and indicate for future reference what type of parameter th= ey > specify. The parameter parser in the core sees this information and can > skip such parameters with an error message if the kernel is locked down. > The module initialisation then runs as normal, but just sees whatever the > default values for those parameters is. >=20 > Note that we do still need to do the module initialisation because some > drivers have viable defaults set in case parameters aren't specified and > some drivers support automatic configuration (e.g. PNP or PCI) in addition > to manually coded parameters. >=20 > This patch annotates drivers in drivers/i2c/. >=20 > Suggested-by: Alan Cox > Signed-off-by: David Howells > cc: Wolfram Sang > cc: Jean Delvare > cc: linux-i2c@vger.kernel.org Acked-by: Wolfram Sang --jxdx5lp5y4q36bqq Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEOZGx6rniZ1Gk92RdFA3kzBSgKbYFAlj3uZAACgkQFA3kzBSg KbbxBA/+PY4e/7kAvvUF3aHrc4dyw4DXT3+4CenBJd0CV+7GVa2vJS8EfhyDydcv 4HcOnEAZ4QI02xEdJ/abKdg0qh0phLWg7j160VWFASIw5+KPeuy8FdK7RG9IZvdJ wJKlANP5nuKrymr/IIUYaiZeBaJAPYORXdolSNvwipbJr5wJrILQsrQQ95SVpN5q 64GwP/7MekFxO5iaCwb8zvyaJgqhkzrtULhS7wRF61CFo4FPU9O11h4jXZhxmR3o jUUay5M/eiZ/zuvlaMcHHcrDBsl7mQGaQfbTYTnCqOj1wmFaKGTxgETZ6bfAOGs7 jOS4duhmMzCEN/6whgI6MsbSYy4ThAdSn1F1hyFCn0RWnz5OTmArCg2ddCy47RmC Cwhb/PrIbuX1M6iT+cHLW5F+ZJQU7EZlTAm2JPj2uJNtVA8DdUzvWUNExhgmTL60 x/JI32o2fELbOXyh3SYXGzcYKroPz3WUMnt0MTN4vp4yXmSc21pmJoLQUsOcA4j3 zw4YY5b9mETMDHew9J9VvkzfJbLHThWVlVAED6/FNz5A7z4qjvYQ+9j9xmLO2fX8 4oVfEU5rPAWK5Z77QZxa8nGFZ+Uo20nXm3TFrHfrSI2zppQsjLRG/dJffvUIYWKK DbkTGWm8zhjrc65O5E0lnwFWBZaDJi7AVI9khgthhGln3S3mRro= =xuRz -----END PGP SIGNATURE----- --jxdx5lp5y4q36bqq--