Received: by 10.223.185.82 with SMTP id b18csp131632wrg; Thu, 8 Mar 2018 21:10:25 -0800 (PST) X-Google-Smtp-Source: AG47ELsf//ig+HrZ9F1XE/j8MmK/Okz+wppMoWHK05rFetdlrRLDqDHN/ax56hVPc0Gi55GRiHEl X-Received: by 2002:a17:902:5a0d:: with SMTP id q13-v6mr26282460pli.152.1520572225409; Thu, 08 Mar 2018 21:10:25 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1520572225; cv=none; d=google.com; s=arc-20160816; b=yg4va9wbVdUuFWvZC13vwb7USp/SOniRuJGEA8eR3mkIeYml/0yfJhPQCVmrr0TP0c cande5q3/pymlMJ5J9FNWmp7hIBkv4+vA/9GGWk9IS1px1wYQWhHLyFQhtlS89wWccTE bvrytRNc0hMgmCyKCo1OggOjNKVpEhXxpObnPsDsVVIvhcM/26txkjApHZ3nKLP2OEqD UvZ0j8aPJNZROWVO6SFjWludiENZX+XIQDEQulzzRQcVf9cCwVY/Pj/SWeaLa7NkbNEE esCn4U32UjcBjB1DttN+LqrfV1oOPw4GUj9rHvH2AoYGeoYleTvfAtl6qayg1aevEES4 tqzQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:spamdiagnosticmetadata :spamdiagnosticoutput:content-transfer-encoding:in-reply-to :mime-version:user-agent:date:message-id:from:cc:references:to :subject:dkim-signature:dkim-signature:arc-authentication-results; bh=b2qNn1oof6gNs5aju/vvy108IPfFq+qhzjYXgtaZpBM=; b=KYT81PM8D6XlGFAHG9Uacfe7tUT0DkmtF6vMD1SiHlbxt/K8S2SHE7rCPRd29heqrZ bgicCDwKkgju97SAovO4MwmdFbJ/wpVx+pk72nzzppeq81f6NZ/jBGZZxuem/LViVeG+ /YosLHpCmeUJsPAfk10gKj/0mpijegQM/FBKxZI5EcCm/iyInAcps9y3klOnHt6sL5AO n035psH8UTFhh/j8Zg8HpfV17GmJwfTFw3PFfSDlzNL4K+SpYx4crtOYzbhJGwWOI+JC euAsK+t9lgig5f2qT40ysuSZmX4BvAmFpInTUgtYz6WM3u2Y34MOo3p5uk8We6O7vAdy XpQg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@fb.com header.s=facebook header.b=hXNfVDRM; dkim=fail header.i=@fb.onmicrosoft.com header.s=selector1-fb-com header.b=gRSuKdSk; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=fb.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 60-v6si240773pld.65.2018.03.08.21.10.11; Thu, 08 Mar 2018 21:10:25 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@fb.com header.s=facebook header.b=hXNfVDRM; dkim=fail header.i=@fb.onmicrosoft.com header.s=selector1-fb-com header.b=gRSuKdSk; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=fb.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751347AbeCIFJI (ORCPT + 99 others); Fri, 9 Mar 2018 00:09:08 -0500 Received: from mx0a-00082601.pphosted.com ([67.231.145.42]:46034 "EHLO mx0a-00082601.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751078AbeCIFJE (ORCPT ); Fri, 9 Mar 2018 00:09:04 -0500 Received: from pps.filterd (m0044008.ppops.net [127.0.0.1]) by mx0a-00082601.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w2954YYX017029; Thu, 8 Mar 2018 21:08:33 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.com; h=subject : to : references : cc : from : message-id : date : mime-version : in-reply-to : content-type : content-transfer-encoding; s=facebook; bh=b2qNn1oof6gNs5aju/vvy108IPfFq+qhzjYXgtaZpBM=; b=hXNfVDRMx9nTWDJ4sMHQWUkWxzAZHnGDxY4NZ40HkCj7FNjmh3K/TzQR51Trc7lcueSL VAerpgGt8n38L2daTBc3m5TMkvdjawA0znQ8EcNLpmHOOPwM7zOaYnVKNxKoQSNC+aC5 m4jTHh3ZK6epv7eQwriQMa2eZxy1+fnGhgw= Received: from maileast.thefacebook.com ([199.201.65.23]) by mx0a-00082601.pphosted.com with ESMTP id 2gkgpwgew7-2 (version=TLSv1 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 08 Mar 2018 21:08:33 -0800 Received: from NAM03-CO1-obe.outbound.protection.outlook.com (192.168.183.28) by o365-in.thefacebook.com (192.168.177.31) with Microsoft SMTP Server (TLS) id 14.3.361.1; Fri, 9 Mar 2018 00:08:29 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.onmicrosoft.com; s=selector1-fb-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=b2qNn1oof6gNs5aju/vvy108IPfFq+qhzjYXgtaZpBM=; b=gRSuKdSke0oVW7xaJxpMsxaYToTA/8Gb6xgHp1mNS9kBdemBAHGq8EI6TfYn60xd6qxoV7tKD5O2xadD871jTrDvM7jklVKHoU6DiZXffYGpxVxhPeNW44bEUKW89pJzaVzWffe2N47tmqZ+55jh3aIwA5fdowj/JoWATUjrPjo= Received: from [IPv6:2620:10d:c081:1131::116e] (2620:10d:c090:180::1:1584) by BN7PR15MB2498.namprd15.prod.outlook.com (2603:10b6:406:86::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.548.13; Fri, 9 Mar 2018 05:08:22 +0000 Subject: Re: [PATCH net-next] modules: allow modprobe load regular elf binaries To: Andy Lutomirski , Linus Torvalds References: <20180306013457.1955486-1-ast@kernel.org> CC: Kees Cook , Alexei Starovoitov , Djalal Harouni , Al Viro , "David S. Miller" , Daniel Borkmann , Greg KH , "Luis R. Rodriguez" , Network Development , LKML , kernel-team , Linux API From: Alexei Starovoitov Message-ID: <87478c51-59a7-f6ac-1fb2-f3ca2dcf658b@fb.com> Date: Thu, 8 Mar 2018 21:08:17 -0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset="utf-8"; format=flowed Content-Transfer-Encoding: 8bit X-Originating-IP: [2620:10d:c090:180::1:1584] X-ClientProxiedBy: BN6PR06CA0001.namprd06.prod.outlook.com (2603:10b6:404:10b::11) To BN7PR15MB2498.namprd15.prod.outlook.com (2603:10b6:406:86::32) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 9df67a15-f110-487e-60bf-08d5857bc92e X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(7020095)(4652020)(5600026)(4604075)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020);SRVR:BN7PR15MB2498; X-Microsoft-Exchange-Diagnostics: 1;BN7PR15MB2498;3:R83CccJAGkODGF8w2u3byWOFvJw8spEds6UZRsDc1DoR46pKkaRW71i1AQCU9tEJovKpec+Sb/C1S8UcJagUIWf9/SdzgeGj0XjiAUskws5EWZgBY0BRo3g2EH5KsESs3Wzje/SXtmny1dL0jToJ11rJOWbKME+Vp100r5uiy47hyEzUUeXemZlvDEK3okvoDZGCcYH4BwMj8hqz0LK2m+h2m45U/aC5WymYlhzZU4dRFt+jkhKnK9g7gBGZPwZM;25:+2TelDvF6cBOl8IwF+pIbAla4EjiKiUIbhrWY58aVDK2lrfwoVbDsvlWYrDBgjm8mnD+DZVUhCDnXL5KRgFt1WiHrzSVQpy+xCvNWg2opkrk8FKq7v0uyEwiinqjCXjG4AFsH119koEnIRD4RwulEzXb8ZPu8SB44Ppgct8ugXLvFULB0kLpjgiDm5Ax9hWD1SsLzVy4LvUz/bSiP6PEpre6H5v27KAQL9BoAoUf+ukV/w01psVb376YEmdEaG/HGNw22tn2ACONarPU8Ub0/k3MLMkVYul6yJ0+BqnVqrzyTDVZWMplBdIi9ETReTZPdzqqDHgvgcaMAjDKBHLQEg==;31:+1Gs/VLH2izP/POpdFWzEJZbOkImgrBpMCBiH5HkUuYIfKXoLgCa5V+QhAkhtdTySe8GO2W6Yyn1zfhoSyQ5bnahMB1wUr0JxfXoAA/8Lo6efo40faRVaIHRK168PROv+fmGgwFiEDRkUupMhnaOOA/DG6wknAg2BDt5KEucH0BpAKai2xaAT4lDcARt/xe3lylMv8hpyVSyNZhcr0xZaeQc7aALNme3rQpK/Oqogh0= X-MS-TrafficTypeDiagnostic: BN7PR15MB2498: X-Microsoft-Exchange-Diagnostics: 1;BN7PR15MB2498;20:Jy2/J4JgMR4gLtU1Qe1COv598rE3TjmZfzLl0hZMvc7pkvn2DeTzCUEeDBEoaHKFmqKoQ4iy1gGJY7/oR0TgNLqMnORmN2A5anVXK8Kgd09taIzZ/lEI4BweF9/SX7rT/RkW6Yo9ufyFT7OCxPVUAPtiJtPPBbH5kwUbnbyZE0z5N8Qe20Qvh2+WbmDWAksXGJXSi8KSCmDJC+90q8driQ/X62poGIW4odtwIWoKdh+IDSe2BPUTV3bAwkzTpytoJfEAVOkOIizJqJoQ+Qz5SorS+BtNMP4BfFkJGP26ymNabKwwm/GOMPoVJjx1yIU3zrjUcXsGaiB+k2jtQfbLvtMZequIFTF7Ckxa1Dx1YbyTMNQtdVTJa0Xu/4OncqcaiY9xQo5ghysnnGc+IfGmEDflJimv4sS2YwtjvzR01IzNWHosyR9UCkliWlHzqqVHIiPd+IBYjASKMPL8OFzzmNMFCxoIOpVBOSQ4gDQOfe/6Pqr2iDkbXXBIS/AMfjxC;4:uYydBr4wwCxyQ5xQlYaYuRx6gRz+7/1hd7rQ85F1pmXHxMs4t9jpDeTkGIYAW5kzxA/uHymXpwCPKiAbZ3zoqJv/vuKGdOCAwBekrKur1F7ZlPMW1Bp8iTvVlmHxJ1yhdHtQF6apIxapqIKtItCai2hewhfuaiFRpK7kHr9PdNovtXs99YYVIZA7Q4VvcVmF34+o8IqaL8No+2MqvStTlNNZR+rvNbhPXIRNL0OazZAmlDsQ0jjiznJMlqhHAqCgaffBb2/BbkF3dQt9OSArzQ== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(3231220)(11241501184)(944501244)(52105095)(3002001)(93006095)(93001095)(10201501046)(6041310)(20161123564045)(20161123560045)(20161123558120)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011);SRVR:BN7PR15MB2498;BCL:0;PCL:0;RULEID:;SRVR:BN7PR15MB2498; X-Forefront-PRVS: 0606BBEB39 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10019020)(346002)(39860400002)(396003)(366004)(376002)(39380400002)(189003)(199004)(36756003)(105586002)(47776003)(2906002)(58126008)(2870700001)(110136005)(31696002)(65826007)(5660300001)(65956001)(65806001)(53936002)(97736004)(93886005)(316002)(106356001)(31686004)(478600001)(67846002)(8676002)(4326008)(6486002)(64126003)(39060400002)(2950100002)(81156014)(54906003)(50466002)(81166006)(52116002)(52396003)(23676004)(52146003)(2486003)(86362001)(229853002)(76176011)(1706002)(6116002)(6666003)(386003)(6246003)(53546011)(25786009)(68736007)(8936002)(7736002)(186003)(16526019)(7416002)(305945005)(46003)(42262002);DIR:OUT;SFP:1102;SCL:1;SRVR:BN7PR15MB2498;H:[IPv6:2620:10d:c081:1131::116e];FPR:;SPF:None;PTR:InfoNoRecords;MX:1;A:1;LANG:en; Received-SPF: None (protection.outlook.com: fb.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtCTjdQUjE1TUIyNDk4OzIzOkY3U3pvM00zRjI2by9Wd2JiZU43cmQ2SHBR?= =?utf-8?B?QnhBSEQ2Z29LZWZVcDkwMDYvS1pxcGpFbkJoWENEenBlZ3ZvdFlaNG0vWE5h?= =?utf-8?B?UjRGUmdtZ3E4Q1dyTXg5SDlkdDVEcmR3M2RleHFqaWJxaE9ZV01PdnB2eXdt?= =?utf-8?B?UktjZGRWMERNSU85YmVQSEI3ejgzQ2t2cDZMRWJMMHdyQWxCNDIybjZvNVQv?= =?utf-8?B?MGdBNGZ2MVNOdmlaT2hCUkh1SnhWek14WFdBNzlhWTBTbzI3KzZOdFhNVlR3?= =?utf-8?B?NTRiVmF1NzdHM2c1NzFhZ3VmRTBQM2hBSkd4U1NoRDIzbXpDalBEbmZNSmFo?= =?utf-8?B?dVkxWHhDcVlVbUtoOXdqNkZkL1pLVTBCaTlvdGhQWERBbW1LanBtQ0FwTVVN?= =?utf-8?B?TzFpWTRxd0FQN01qQmFMOWRMUjB2YlIwS0oweGhsek1FT2EzMUMvQWRncVkr?= =?utf-8?B?RHBYVU1IWTAvNEU5STBhRUowZm5xMlJpRmhSL0RmV1J6VC9sNXlVU1lDYnF1?= =?utf-8?B?MVNmaVEzajdaYStSQ08xYW9LYnJiOGhONkVQSllGeVB4ZDdaaXVDeStDVm9r?= =?utf-8?B?TEw4bUxKaXlLZCtuQ0sxRXQ3SlhoTVlnSjhWV3hBWGFXSVBmMkZGWEEwZkMy?= =?utf-8?B?Q1B5UlJ5WThwc1NWYnBGSWVSK0YzQXc3VnFGWnU1bTQ3SmxLeFpuT1JxZGQ1?= =?utf-8?B?VDcrcWRpRGxRQUVhMDZxRzErUGZzVzBjclcrOEV3Y2U2M3lSdFE0ZHViQWxt?= =?utf-8?B?a0RDNnhoL21qK1VYbGJiSjNWcVNONXZuVi9KYWxISDRHMG5CNlRwWlBFZ215?= =?utf-8?B?VCtlMkV4MWdTZThqdFpQYnZVVlVrYWYwTFhFdjF5UzJkN0pkaFBZd0hiOHVp?= =?utf-8?B?SFEwUmJjbzVmaVFWWGNJb3JUZmtqSFlBNmUvRTJ6MXZ3dVdtZ3ZBS3ZwMmlH?= =?utf-8?B?L25SSmM4cEpmNHN3b0dITmVKeVhEVWhuQ1dHZ2pFUnRPd3ZrTVJ2VmVhUlA3?= =?utf-8?B?TkF6NzhuWlNRYi9KMTJodHJ0RzhtK3Q4NmJ0QXYzYWF3Z2hKVnJ6V2FWUkRY?= =?utf-8?B?U25aY1hqeCtKOFBRaXcyZ0prWkNrQ0E0S01uWk5PMWorVDhrYXVLbXFyT1ov?= =?utf-8?B?MEJKSU8vb0FreEpETHFsSENnb2dwcEhwNHZKQVRVbzRFdXoycDBzb3BsVXpC?= =?utf-8?B?elJ4Q09WVmZPNDBjdXd4bDFySGc0Nk04ZDlRVXRTbGttWUJWN0NkeVJrbXp5?= =?utf-8?B?aDVlaEQ0ankwUWtoUVY2WUtNU3FobmhHUE41dmZ4T1BjZmtYUndnYlloWkFl?= =?utf-8?B?NWorSVErdWNVcGpMSjdPTHN1OERwU0pua3Z4WGx1T1lLR2Vta21tSnFHOTVG?= =?utf-8?B?NFlmcU9rcjkyWkpsa2k5OExrTzE5K0ZXYUUzQjRJRG5Uc3BpMU10TTh2aGd4?= =?utf-8?B?UVZTRDVKUVRLQStjY1hnSENvOEJYR3JOMnBoUTQ0RkRNM244MnJLMWpjbW56?= =?utf-8?B?QUphTmNSenlNL3UwM01CN21qVXExS0JHWDV6ZGlISy9QOVZ4eGJGK2k1ZmFQ?= =?utf-8?B?REY4MGFBamZILzdYemh0LzNBUk9VVUJaczdWSE1ZSzhsNFNiWGdnSjFRdHFD?= =?utf-8?B?RUdlVnU1eGV2TU42ZldZOThpeEdXOVBaNWxRMHIwdFIyR1d2c0ZvSGZtNko5?= =?utf-8?B?cDBXajNFU0JkQy9JOVlrcGdvcnNiejZmaW9QdXJmenBMenp4NFNPV0IveTJv?= =?utf-8?B?NURHVnhLMksrcE82YU9OWHZuc0Ywc0o5L1Z5NG5EL1RuMnNnc24zakQ5M0Qr?= =?utf-8?B?akp1Y3B5RTBBNXphMDdlcHVXcm5iR0w4OUcyb2RzcEY3UGtWbEtmaWM3aXlG?= =?utf-8?B?MXV4Zk1VY3c1eEVqWnUrem1hcjhSVTNZSWU4aEZFT2pTblBlQTM5RXVyaTBs?= =?utf-8?B?TzBDMUdCUFB3PT0=?= X-Microsoft-Antispam-Message-Info: n5mEMeJB9Bej4B6bEyH2FAVXSsBf+KED7pujzh5zzUKdZPfPiwoOMKzq0H0q4ChLsgF/rRlzJMCtxS9m+aRl/N9eVlNJwrkmPgIBd2heV+WCjwjE83txGpcbkFSNvprGSEJcCs+5WPp1o/kyudiQuBgm8tyvu3Od3iJCYkgejHB22usy4hbP73SrAPI+LVkw X-Microsoft-Exchange-Diagnostics: 1;BN7PR15MB2498;6:5e8uMf8eOLe1wgLr8lr6FuNqCqsrBPiDnTJWzshgE1IwORNwvTdq/c0A+5M484tnTMCfKqxqEE6Mm0AgvUexOZp72tG+pUMSLEHrb3e7XI7adL3cexh3ILfo6IQsebyRqkInKVd23AwHVz4KXjZI0mlnOlIFvIB0FoDjSKxGyNyL6tSn0obGxOlDk4KiAq3h2+KCVik1rJu6/U+Knd3MV1HLJRdW2a63LbLQuSk5QApSfRAcWhJiR0jDW4m77BnGIWKyYkBwVSgESKrrCOx6W8Zv6BRsQ6w96Hszd8cAL9PlaIZAhyMTUsVHT+/yUdCJVZ9H3L1EL3T0hNoZFihXmtZbGV+dQLBkE3xgN3pd6AY=;5:2kbSSGrBnhPwxVO11+oJKdQBoGeHBfamBms8inDYUZwCbZlYDnDl3a/Ld99t0s5n01mUTrxWJ60KMePZnLkGnQxHK0tA8WSY0g6JiHg318wX3jhcraNOzkd9k/q050zPgxYeHxCxEHNkA5Mrvb8h1dDhZZzE9W+ua69ZTXRxksE=;24:6CgSyc1Q2MzsPbr+0Noj0yKfVr3DnuanzULT99lxlHPZ/RcRrT5fv5oqF1uhnH+5iE0l00g6NYQvsLqvpKMRvvNVlT6oEdTNp56EQJA99p4=;7:68pyJYMrZujPHo3kQEKSzZ4EkzJAwmDgllJgRpegqvMV7Jq1tJcpQq05Gvyd/IyvfC9FNrZAFS99YhP+mGLsuXZ+hhgKkTjs+1lN8QVsDJgPwqeuvyZAv9JeX7c7zdOrBTIud4l3GUCCfKdZVfi89HUEzzFXEhLhff/89Qr2klbUq+hTEUW3X5+zv+huTTqCDnLW5FTT37yULbnbC2QE/9+2TqFDimNv5YUjGgYuQyMEZvbp5F1IZsMNo/TNp1hV SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;BN7PR15MB2498;20:ZugUAK9Fyf4iuoi5iSaYQNSmszsjWOHgqJIFQVS0EZHqCYHmVXwjsXd64moHJQ6RzBv1BFjQNeIzQuU+O/TyJDA4je5VGiDnxeZ7OvctsWSMSBba6wRrJNkOahNwGhur5qqd0A+Z8qf3S2MTOn4nDncuZ7y35KgL5fSXq7QDKW0= X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Mar 2018 05:08:22.7868 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 9df67a15-f110-487e-60bf-08d5857bc92e X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 8ae927fe-1255-47a7-a2af-5f3a069daaa2 X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN7PR15MB2498 X-OriginatorOrg: fb.com X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2018-03-09_03:,, signatures=0 X-Proofpoint-Spam-Reason: safe X-FB-Internal: Safe Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 3/8/18 7:54 PM, Andy Lutomirski wrote: > > > >> On Mar 8, 2018, at 7:06 PM, Linus Torvalds wrote: >> >> >> Honestly, that "read twice" thing may be what scuttles this. >> Initially, I thought it was a non-issue, because anybody who controls >> the module subdirectory enough to rewrite files would be in a position >> to just execute the file itself directly instead. >> > > On further consideration, I think there’s another showstopper. This patch is a potentially severe ABI break. Right now, loading a module *copies* it into memory and does not hold a reference to the underlying fs. With the patch applied, all kinds of use cases can break in gnarly ways. Initramfs is maybe okay, but initrd may be screwed. If you load an ET_EXEC module from initrd, then umount it, then clear the ramdisk, something will go horribly wrong. Exactly what goes wrong depends on whether userspace notices that umount() failed. Similarly, if you load one of these modules over a network and then lose your connection, you have a problem. there is not abi breakage and file cannot disappear from running task. One cannot umount fs while file is still being used. > > The “read twice” thing is also bad for another reason: containers. Suppose I have a setup where a container can load a signed module blob. With the read twice code, the container can race and run an entirely different blob outside the container. Not only "read twice", but "read many". If .text sections of elf that are not yet in memory can be modified by malicious user, later they will be brought in with different code. I think the easiest fix to tighten this "umh modules" to CAP_SYS_ADMIN.