Received: by 10.223.185.111 with SMTP id b44csp452940wrg; Fri, 9 Mar 2018 07:42:08 -0800 (PST) X-Google-Smtp-Source: AG47ELsem+aI32mplpRyaaZdkOR9JXSU3tL2uPRibdgMLezFL2AhA2/D21MFG+XFuvi8YHDJ3X95 X-Received: by 10.167.131.29 with SMTP id t29mr30848601pfm.116.1520610128106; Fri, 09 Mar 2018 07:42:08 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1520610128; cv=none; d=google.com; s=arc-20160816; b=lDdgGWToXMSl73t1Sg1t0UKTCnGiMzLNxjKaTDOunpHXgGrPiGJdT6lcHOHStJpgT/ AZPPwRv+CndNHz6R7uqbFBpQ3zDmatXUDLVm6RsV1DhQDrkUY9hzB5sivMqF2MeO+cmY g0vop5Kow5zQsAilSdJevy85pc7Zbj7rHmxE6Uk/WW1jQWiOlNxSJiz0J7mFDvvbmHKM FnUDL37jkydf7LTlWFkRF8retA/fP2kMhgEOI0rei2K4icR9VfDIgth79acq7CW8DJnn /g7+pMkHvkqXSvJHtii7s6OCwAx5UH4xqBF1BQ1Sh4TT5nB5TZ07r4mLbFic6KfXTwJV g5WA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:spamdiagnosticmetadata :spamdiagnosticoutput:content-transfer-encoding:in-reply-to :mime-version:user-agent:date:message-id:from:cc:references:to :subject:dkim-signature:dkim-signature:arc-authentication-results; bh=ej8iimOVmrSylaiMWsYHQ8Sg0KmrV2uo1f1EcmK6bJc=; b=ENEB0mnTaFzgJFAvcXcWJmga1ri2LzAZ0InSIADpIdmCWcXpONzqXfGQlctHFZEej4 5wRDn0/IABo3OozhHXbldCEgPvuwUXncwsmBg9ZCJD0BhqpMquecRxfWw6da8rmeYvvz 4KxkYWMpCFj8QjsOeQSYTSUrSEntgALDszOMvrP910YAp4oeHoc55zjOvw8/UwMQzquM HNwHHxK2oAxX1RJsJ1rp5yavKdq3Kql792DyfreA7m8Zwkst9ZikwPgK9EsgZFaCG+Fp 2V1g6rtubS50fBqvsZdDuNkkeUmjOPWWB05dMue5hnOrTCTs8Dm6UVci24uFk2XpkMEo PsOw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@fb.com header.s=facebook header.b=ZI4wMCWc; dkim=fail header.i=@fb.onmicrosoft.com header.s=selector1-fb-com header.b=KWFmhCEX; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=fb.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c18si1019011pfe.335.2018.03.09.07.41.53; Fri, 09 Mar 2018 07:42:08 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@fb.com header.s=facebook header.b=ZI4wMCWc; dkim=fail header.i=@fb.onmicrosoft.com header.s=selector1-fb-com header.b=KWFmhCEX; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=fb.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932303AbeCIPki (ORCPT + 99 others); Fri, 9 Mar 2018 10:40:38 -0500 Received: from mx0b-00082601.pphosted.com ([67.231.153.30]:57516 "EHLO mx0a-00082601.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751333AbeCIPk3 (ORCPT ); Fri, 9 Mar 2018 10:40:29 -0500 Received: from pps.filterd (m0001303.ppops.net [127.0.0.1]) by m0001303.ppops.net (8.16.0.22/8.16.0.22) with SMTP id w29FYIKA016699; Fri, 9 Mar 2018 07:40:01 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.com; h=subject : to : references : cc : from : message-id : date : mime-version : in-reply-to : content-type : content-transfer-encoding; s=facebook; bh=ej8iimOVmrSylaiMWsYHQ8Sg0KmrV2uo1f1EcmK6bJc=; b=ZI4wMCWc6SmCZPVg9CZPoU+rgoO9iznDXqmjwdkWzr81LQC/VPsV3sd5ylqeq6Ma4VK2 nqKHIvwsC3u8G9K7mT/cvpPf8uNa/pLOzq7X1OExACEEdsAx8wUvZbEo0lMbcNM0+kos zPabfltF1PFW3Fvl0G5j6TEehVzc/YBWiOA= Received: from maileast.thefacebook.com ([199.201.65.23]) by m0001303.ppops.net with ESMTP id 2gkup7889u-1 (version=TLSv1 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NOT); Fri, 09 Mar 2018 07:40:00 -0800 Received: from NAM02-SN1-obe.outbound.protection.outlook.com (192.168.183.28) by o365-in.thefacebook.com (192.168.177.32) with Microsoft SMTP Server (TLS) id 14.3.361.1; Fri, 9 Mar 2018 10:39:58 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.onmicrosoft.com; s=selector1-fb-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=ej8iimOVmrSylaiMWsYHQ8Sg0KmrV2uo1f1EcmK6bJc=; b=KWFmhCEX4E/kZxbse6dZTA2H5XxQXN7MLHMhb5c24EZPX0F00noHh7+7ap53E43B/W9Ie8lIGFJBteZ/4L+JdzTfgX1bwFx1AtHCKC/VnC5hsqZKbTNxgute0gH6J2ZKFy9S/Fvgr7dzzvX3plyokxQ6RWZ8X3GU/nTFUlx6ECw= Received: from [IPv6:2620:10d:c082:1055:e43f:a97f:ff02:4c5a] (2620:10d:c090:200::7:649b) by BYAPR15MB2503.namprd15.prod.outlook.com (2603:10b6:a02:8e::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.548.13; Fri, 9 Mar 2018 15:39:37 +0000 Subject: Re: [PATCH net-next] modules: allow modprobe load regular elf binaries To: Andy Lutomirski References: <20180306013457.1955486-1-ast@kernel.org> <87478c51-59a7-f6ac-1fb2-f3ca2dcf658b@fb.com> CC: Linus Torvalds , Kees Cook , Alexei Starovoitov , Djalal Harouni , Al Viro , "David S. Miller" , Daniel Borkmann , Greg KH , "Luis R. Rodriguez" , Network Development , LKML , kernel-team , Linux API From: Alexei Starovoitov Message-ID: <6d2e31fa-d87b-fea6-c919-b7d066bb0385@fb.com> Date: Fri, 9 Mar 2018 07:39:30 -0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset="utf-8"; format=flowed Content-Transfer-Encoding: 8bit X-Originating-IP: [2620:10d:c090:200::7:649b] X-ClientProxiedBy: SN4PR0601CA0009.namprd06.prod.outlook.com (2603:10b6:803:2f::19) To BYAPR15MB2503.namprd15.prod.outlook.com (2603:10b6:a02:8e::11) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 29abea4d-37f1-481e-760a-08d585d3f85b X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(7020095)(4652020)(5600026)(4604075)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020);SRVR:BYAPR15MB2503; X-Microsoft-Exchange-Diagnostics: 1;BYAPR15MB2503;3:maMbFHX3RsTwqP4XFsGLORleFWVLU+Vm2YZ5Urd+S4pzF37H5mNDVtb5ms4ZFuyTWYIg/zysxTxI+Llaq+jYzlwfsDwc6hpKn5u9AHT1jLbDcXwjkqc+WIrMdoIedGwLgwtOnmkdS4PVfXwvG8PyFYnIjMlf4jbHK5G++fM+Odx8Hor1xKXhA6nGLP2JznWBynleubHapYAVxiTtCKFqiL5uSwYvaUBTqfLzM5k13+nEZjXVHV4UApt+fofkYlwx;25:3FbRIJJvVGLRfPqDYBtjQfjmqMHm70CLqaDS5IErLRckp9JvR1k5BJWvfteLoQIZllfsZK2KFVBb7nRSBag6Bm3YAjXJIuBfAtPqlHpYLzwbWMik2RmqTG4QoOS1uxKUaicB7U3KABnIdv8Yfajw96GNPZbmKqoR+9Smg0yEoH6Zddbk6BJHlaFkYhfSgoEONvnb5la+yIfILNnr2GasCbSk9+Toxs7oheUoGl1nseS1AH6YomFV6XTmVOjywBoHtjcB2e6ra05Vdh2cVh+g7jxiOndTRRAGv+Wgq2XVLOfaW0NSlAq2MhMxeWxFKat+h1+hOpDlThp34jkPosN2oQ==;31:A6f22gYbKwYTuUPzxouOgTaqdxeigyUUjs0V0n78v4rhwgGs1GSDQm3d0lAgnGQbHVOk7jsrcrBsCTUkjbOuEOx23I40wGnDIcnaHtzP240jQBB+tjZ3SmexCLbeH0p7UA1FD4BEzfg6rUgdR5ZehIjGbwWJNy6iLkkiEtvWHa+9PeUR9U8x5N8vkHWvs8zXP9PycuY3GzhejPrcvQYNuLN7EqPpAQF4UfqmKk4vPNk= X-MS-TrafficTypeDiagnostic: BYAPR15MB2503: X-Microsoft-Exchange-Diagnostics: 1;BYAPR15MB2503;20:0oqvKfPBWhtNTzm7rzf++yv6470kGDap8rdaAkJqKUceO0mWDhIBtqc7oEB8owBHGMMD2f3boq1fkhRYUpCnass4R0OT0ola73RBRLhtY+MlUIp8S87IiS07RmUYrEsuhzwda8HomWzEM7SlJ/y1Y1pOyqanstQApLLNoMlNKeivKhxStBhKnP4LJ20XNTaI74LI0yNz6ikJhnYbxGOskwuFBVzOErM9BS+U2sakthqI0Qr9gBzjWe4uKAnDL8l9LfzYk0/zSMkn9qsUlgJ8zcvKD2Sz3YvE2p+nWDrUQ5YJCFvKdzIND8I2Fetc3K7DUy5v1/IjtqQLbmI/OTb7pH0cAuM0UzCZHZmEo9w26qRH0/AVNgmgnczE4RyopbxmpC1sZ0hRnMiSZQ12AT8Z5U1/IHoAd9kNhHCQ7AEOrn6TdPdOzYJzh27D4HNsnXbU83ORebjnKk63r/cLpVPDtFf5Y64H6ulj7WkG9+esZtmyoShXx9h2I4IhiQc99BmC;4:01x4UQN8UNX/Q3N5RipDqqRArZDflIckBRqFOAH4xU1dtnWCg3xdz9+7HUIgoYVpBRukBjBdW0MVzkId7wUa/MoBzgNBXSJjFHSGEoatQIAEzjitq4HJ1U/7rSEtBiR+IUOEqYDjfZ0fQQiq1yJV7R+RC4xUEJSRmtSLIQNisDgqLKOIgsRGdIXIMOUPnIOD7coovJpBHRdGBfO+JY5HAqTcCgvYR1aM5R98u64M0KwCZQKtCfWgHjRLJkzUAQqKreC9Crpxr9dxW//6C+xudAFD612drS16CVuUpC/SEBzV9fXlgoPRY6UhPG+9O97GFz4sBa0BPel0ySyhUojoAu+3oy98BBftNBMrc3xbrBw= X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(192374486261705)(67672495146484); X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(3231220)(11241501184)(944501244)(52105095)(10201501046)(93006095)(93001095)(3002001)(6041310)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123562045)(20161123564045)(6072148)(201708071742011);SRVR:BYAPR15MB2503;BCL:0;PCL:0;RULEID:;SRVR:BYAPR15MB2503; X-Forefront-PRVS: 0606BBEB39 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10019020)(366004)(39380400002)(376002)(39860400002)(346002)(396003)(199004)(189003)(23676004)(52146003)(2486003)(52396003)(52116002)(86362001)(81156014)(54906003)(39060400002)(2950100002)(81166006)(6916009)(50466002)(229853002)(31686004)(76176011)(6486002)(64126003)(478600001)(4326008)(8676002)(67846002)(8936002)(68736007)(7736002)(6246003)(386003)(53546011)(25786009)(46003)(305945005)(7416002)(16526019)(186003)(6116002)(1706002)(59450400001)(6666003)(65826007)(31696002)(2870700001)(5660300001)(65956001)(105586002)(36756003)(58126008)(2906002)(47776003)(93886005)(316002)(106356001)(65806001)(53936002)(97736004)(42262002);DIR:OUT;SFP:1102;SCL:1;SRVR:BYAPR15MB2503;H:[IPv6:2620:10d:c082:1055:e43f:a97f:ff02:4c5a];FPR:;SPF:None;PTR:InfoNoRecords;A:1;MX:1;LANG:en; Received-SPF: None (protection.outlook.com: fb.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtCWUFQUjE1TUIyNTAzOzIzOnFXTHNWbjRUMXNQdjF4Z2FURWoxcnYrSFlO?= =?utf-8?B?YUFabDlBVDJqSXB3eUtRRlZGdGNCcGlhVmZJdkExcGZBYVlpNEt4SFVhNlJS?= =?utf-8?B?U1N4WkJPSnVlS1p2dHEyS0I0WCs5VzZTOXU1eE8yb3FsejI1Nk0rSnRhcGN3?= =?utf-8?B?WUZweElSNU4zSlZ0OEFkeFZsUFcvQlFnZ0lFcDJ4L0V3b3ZlNWtoSFI2OFd3?= =?utf-8?B?S2NHS0dJK1dJbHQ1bVZYVXdzZnEzcURCeFpuWUJhd3IvWHEzdmdEVFNHMEE3?= =?utf-8?B?N284ZFdsSldsQkRMNGVxOUFmRFJtR1FGOU9aSnVkaFhMeHpTWWxKanFZZE9a?= =?utf-8?B?c3pmeE43andxNDlXT01CcEpnQjRWUmNPR1FEU2JxTTBaZ3d6ZGdtUUxMMjh5?= =?utf-8?B?L1lOT2d1ZGM4QWJtemEzZXZVaVpMRHdLbkhEeWhNTzV1T2QzcU5vMW1EL0tv?= =?utf-8?B?SU9zeCtxWSsyUElvelRoUnBIV0UrZm5NcGFsc0RDcG51OXp5R0xUQk5wM1RC?= =?utf-8?B?NG44RjV4RXFMOTA2dng2WTIwRVVlU3RoY0txQjNJVStJbXJaaUc0WGt1VFpx?= =?utf-8?B?T0tCMWkrSSt6RjBDTEJacVZRSVcxb0dnTUlWU09KT25TL2xYdUh4YUhjeGRO?= =?utf-8?B?cDhOK0J6Q2Q1VlMwdDZhaTV3NU11S053QzB3V3lSMUxPU2RCMHQ4M0ViZXVy?= =?utf-8?B?UnBMb1dqZjdxK1FLNFIzWDAxcGx2enlaMklXOU81R3VYTlRTeE9DZmZsSWU3?= =?utf-8?B?dTlpdTdkZkowc25QZ2RPdEt2bnI5amU1R2ljVkMwOCsrcy91ekJ5R3hNbnp0?= =?utf-8?B?TlJldTN2amxXQzhLL2YyY1VhNWR4UmROZXhxZyt6N2k0S3lIc2NOSVJSU2Ir?= =?utf-8?B?VEt6RStvUTkzRS8wTU9sV1ByTHZURk14d0x4MUplTDlYaUxSdmtPMDR5aHp1?= =?utf-8?B?VVVnajlOSERjbWY3VkdMenJDSVhqbnNOZC9rZkdvZlhrRjVuS01nZnVjU3hH?= =?utf-8?B?NkVwdUVtdFU3OEpoZU1ab0hUZVUxcDNkWlQ0L3JkNzdlY0dHZHBmR2xNUUFm?= =?utf-8?B?L000V0RBTitrUUpwdkZCSzRvWXVPMXg4MEpNR1lKNHdoRWlzWU1BdStySlA2?= =?utf-8?B?SVNJVTlnNkFqM20yUGV4THVPdTluSDI0L25mekZYVWg2NEE2WkxFTVBLL05Q?= =?utf-8?B?NzNzd1ZUWWVlQUNDK2wxTEVWbVRuNkF1WU5TMStlS1paU09xeFp1bm0yWFd4?= =?utf-8?B?WnpzREcyTnB4OHVSZXpjWW1wVTNkZWN6QjFwZXRTMnliRHdqUzFLT25DSXF1?= =?utf-8?B?MDNGK3RncXZLWXN0enNoN0dSajhLZ2hIK3dtcnZTUER4eVRCUUdLWVZzZnM1?= =?utf-8?B?YzFyOUNRVlJKQmltNmcxek5BWThTNEYvOGwzVERZQURGNlNjOFM4RFV4R3d2?= =?utf-8?B?aWhkNzZpRmFkT2tjUDlEU0FjaG1TOENHVVc4RWMyb1docHFVSC8wazdwcmti?= =?utf-8?B?RWhnalFoZVNxZkc5SXUxRnJlWVhVVnZBTXU2UGRTN25TeFZHUXd1eXNkelp3?= =?utf-8?B?aDhVaFJxc3BFWWJTNmdrS1FxQUd3TS9qVlhHT1dXOUVJQ2JsMEJlTjdvV1Ni?= =?utf-8?B?Wko2ZkEwWFV4eE9ITGpmcStMN2FrTmhEZW8yb3l2dUdOTUlKLzcxdE0wWkRo?= =?utf-8?B?SlVIVlkvWjlYejE5Z1FPKzQ4VDUxY1dDdXR4VERhVGZjRnlEbkRRLzBjZEtq?= =?utf-8?B?TVE2N2hETDdPbUZ6aGFVQld0NnRuK3ZrbGk5Q2YrVHNyelpMdyszZDd2N2Fy?= =?utf-8?B?TVQ0eW0vY3RPb2RydnV3aWJtTmJGRVEwaTBFTVdqMFpxL3BYRTRObDlveDhL?= =?utf-8?B?Yy9JLzh3RzFLWThuWTVWRkVOWVhBSEJobUhBS1ArUEQ2V2VYQUlNbGF1dWVo?= =?utf-8?Q?1F+xV1qmGwb82fzRBZLHhu2UmTFwz8=3D?= X-Microsoft-Antispam-Message-Info: 917pxNQ3RfRD5SYIAZcxFIOfWUiPbt79j37428NoPT+zGO+hz8XoAXPYTN2KT0bYNNZ8fGS+LyCHm3HFMvThtP1kTT278GLP4a44S/G1/eitKyX+UPtJjdHO8SBgGTF7cZhpx34Ol3Bbc1vW1L0GYsUjvj7PaZIIv/OeOOgUouVNvnK+CtyAKP7APhLYeNth X-Microsoft-Exchange-Diagnostics: 1;BYAPR15MB2503;6:XbnM9tj+IHvMiJXbEyIAkq4kLrn8OmpxZ8C3z9jOKdjtGNNUzSebKAsmZFg4WsTJ/viXQAmr5lam62GRSGJ3wy7qtxaeSyirhPZ69NvmXqD2jU7gNZxLGpByDonU88Xd7mnUEi3zgHCGpcMSukb4Qsfr3o6lxpB0CjKAuEmnLs9SFzXCbTmJPJqKKXVz6MTc+qEnJYQplVYqt/UR9bILOKoJ67gmeFsQ9m3ihUFO0vvbOVWYW/rKDg5DIMYd00y+Wm/s0KX2NEICiMVVUryiZuovTA4pLVuYxXx0wrTbu9tf8UTKt1Oa/eO/eGu8XHce2I2qOcysxr3McpvUe+DJIfqzutVTKMyO2IrvSXrm1Fs=;5:KaYK2eqv4dJTp2Nms5TXacF10K70hpbLqdVSJkPtkiMWoTh35v+eKfvxeHPQf0qMkqNRHKRoCUyTpin8k8PUHW9tncsv9596m5Zd0LnfU70ig3AlojVoODvgb8nEsymriH/CuMeaHxa1Fx5dKj441rAbmkkEFjkL5TiqMVLFXNE=;24:Q+w07WjYQlFXrN3FsfbIJlKJc9S9dJLmO34bbzbgeH0oiZqw8DP28HICRAeaaVphaQEa5stfzowCKt8ty/CZUh+IXXJnpvLFhbQ0aQ8yToU=;7:f2iEb7EsMIo+SM49C0R2joA8LcYkrFjKtqfYxQjDANljdr48KlZ3jJfOhJTcB3QlNLOt6MWd6/cOvPcEDtjjHX0Q0ybgvBlaoeyMhDysrrRkc8AHoQADM73JqVbhM4W4w77GlkgUN44p99I68trj8PySnjMwa+pcR5V49fzMEBRZ6GNyz35WGB/LcAr+9xpbU+iYQ3a7nV5GSubjpcIra8xM0IZYioKAcJig6Qq+vmOqNlkThHGTOuBuYo6OtZZy SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;BYAPR15MB2503;20:hesOqiUdceTFy6L5DbV54ADZowNCa1v8wLcikV/hOkbLF3zFRGw5ptRqGM4fhWlhUDSun5zwamXZGP1cxQurx39YqO9zTR3sX0PzHkljM+aYuiRvqo4ZcPNWvnBGSASinkO28JWa93Dcwvf558EGcTp0aKUpY5vm4hFao7xYWdw= X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Mar 2018 15:39:37.1786 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 29abea4d-37f1-481e-760a-08d585d3f85b X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 8ae927fe-1255-47a7-a2af-5f3a069daaa2 X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR15MB2503 X-OriginatorOrg: fb.com X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2018-03-09_08:,, signatures=0 X-Proofpoint-Spam-Reason: safe X-FB-Internal: Safe Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 3/9/18 7:16 AM, Andy Lutomirski wrote: >>> On Mar 8, 2018, at 9:08 PM, Alexei Starovoitov wrote: >>> >>> On 3/8/18 7:54 PM, Andy Lutomirski wrote: >>> >>> >>> >>>> On Mar 8, 2018, at 7:06 PM, Linus Torvalds wrote: >>>> >>>> >>>> Honestly, that "read twice" thing may be what scuttles this. >>>> Initially, I thought it was a non-issue, because anybody who controls >>>> the module subdirectory enough to rewrite files would be in a position >>>> to just execute the file itself directly instead. >>> >>> On further consideration, I think there’s another showstopper. This patch is a potentially severe ABI break. Right now, loading a module *copies* it into memory and does not hold a reference to the underlying fs. With the patch applied, all kinds of use cases can break in gnarly ways. Initramfs is maybe okay, but initrd may be screwed. If you load an ET_EXEC module from initrd, then umount it, then clear the ramdisk, something will go horribly wrong. Exactly what goes wrong depends on whether userspace notices that umount() failed. Similarly, if you load one of these modules over a network and then lose your connection, you have a problem. >> >> there is not abi breakage and file cannot disappear from running task. >> One cannot umount fs while file is still being used. > > Sure it is. Without your patch, init_module doesn’t keep using the > file, so it’s common practice to load a module and then delete or > unmount it. With your patch, the unmount case breaks. This is likely > to break existing userspace, so, in Linux speak it’s an ABI break. please read the patch again. file is only used in case of umh modules. There is zero difference in default case. >> >>> >>> The “read twice” thing is also bad for another reason: containers. Suppose I have a setup where a container can load a signed module blob. With the read twice code, the container can race and run an entirely different blob outside the container. >> >> Not only "read twice", but "read many". >> If .text sections of elf that are not yet in memory can be modified >> by malicious user, later they will be brought in with different code. >> I think the easiest fix to tighten this "umh modules" to CAP_SYS_ADMIN. > > Given this issue, I think the patch would need Kees’s explicit ack. I > had initially thought your patch had minimal security impact, but I > was wrong Module security is very complicated and needs to satisfy a > bunch of requirements. There is a lot of code in the kernel that > assumes that it’s sufficient to verify a module once at load time, > your patch changes that, and this has all kinds of nasty interactions > with autoloading. not true. you misread the patch and making incorrect conclusions. > Kees is very reasonable, and he’ll change his mind > and ack a patch that he’s nacked when presented with a valid technical > argument. > > But I think my ABI break observation is also a major problem, and > Linus is going to be pissed if this thing lands in his tree and breaks > systems due to an issue that was raised during review. So I think you > need to either rework the patch or do a serious survey of how all the I think you need to stop overreacting on non-issue. > distros deal with modules (dracut, initramfs-tools, all the older > stuff, and probably more) and make sure they can all handle your > patch. I'd also be concerned about anyone who puts /lib/modules on > less reliable storage than they use for the rest of their system. (I > know it's quite common to have /boot be the only non-RAID partition on > a system, but modules don't generally live in /boot.) > > Also, I think you really ought to explain how your approach will work > with MODULES=n or convince Linus that it’s okay to start adding core > networking features that don’t work with MODULES=n and can't be built > into the main kernel image. that ship sailed long ago. config BPF_JIT bool "enable BPF Just In Time compiler" depends on HAVE_CBPF_JIT || HAVE_EBPF_JIT depends on MODULES