Received: by 10.223.185.111 with SMTP id b44csp629056wrg; Fri, 9 Mar 2018 10:36:28 -0800 (PST) X-Google-Smtp-Source: AG47ELsYbcdDPH6Eyf1Vk+7xiaLik9aoR0GZyWw0Zt4b20bX+YHEQeWiCEbFXmiJ2BMGVfruEnuX X-Received: by 2002:a17:902:5327:: with SMTP id b36-v6mr28480567pli.332.1520620588189; Fri, 09 Mar 2018 10:36:28 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1520620588; cv=none; d=google.com; s=arc-20160816; b=IqooxPLTfUGImEL4mm6glUEFFMWaYv3mTwM/OZSp1fQmzZoXcKPtwzUShS1D4gl+p9 8qDi5xY8KJO8aa+t0C8eeeRYnkC/NmM5IhS+b5CvHSGWauljD9XWa2i8K7TbLtAo9fzo 5EfaxJvkoVgybryXkRcu+aZZZfTmp4/swC4q3Wid8KbCJfCY+JXAbq1OKU84b3qthftj Uq+be9f8mt9an6aNQyRNX6upAKSHNKp5TDPU/nVoF/PtLpiI4c+g0QhDaX4wO/MsTJOK zcw5R27zotW/4GzX7nUP17wEZY4S+8ypdSsw9ZgxOvGUs3c4i9AwXEcZTNgPqCFXLMnl 874A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:from:subject:cc:to:message-id:date :arc-authentication-results; bh=9OXIekQf6K2IzfmhamREum3TFaBXVN+xldrX+u4tKzE=; b=WDMQplh49llqD6J3wcBzrRplmdrOfmw5+SiHjr5zI7LFebbOJpQR37GfAKOhg6IfTk mcW3tdNfZ3ut8mem4zYT2tpozAZIZH+4X3ofury8vR0WJlsayTQ+/RCYQJFPq9KoUuBp lBo88t4BGvPtRyeGRPSuirhXZ0dgb6FAzgJLR9WQB2yjZqjgtdsP962w3gWzg1VN90yG mEgZzRwaE764FUHDZLUNYQZAGVUN4rL3TUSCuQJAa9ef+nRDAVpTd8S2+T039PeE4/R7 jay0j7aHrbcCfmA69myoIQyKv8SGhhjZ3pEmSVUKw3pwTjebNl1EiuEUXxcTVSPDjyBI OS/w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id s3-v6si1186441plp.461.2018.03.09.10.36.13; Fri, 09 Mar 2018 10:36:28 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932320AbeCISfO (ORCPT + 99 others); Fri, 9 Mar 2018 13:35:14 -0500 Received: from shards.monkeyblade.net ([184.105.139.130]:54826 "EHLO shards.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751231AbeCISfM (ORCPT ); Fri, 9 Mar 2018 13:35:12 -0500 Received: from localhost (67.110.78.66.ptr.us.xo.net [67.110.78.66]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) (Authenticated sender: davem-davemloft) by shards.monkeyblade.net (Postfix) with ESMTPSA id B537D142AD5BE; Fri, 9 Mar 2018 10:35:10 -0800 (PST) Date: Fri, 09 Mar 2018 13:35:09 -0500 (EST) Message-Id: <20180309.133509.1275903267249306409.davem@davemloft.net> To: torvalds@linux-foundation.org Cc: ast@fb.com, luto@amacapital.net, keescook@chromium.org, ast@kernel.org, tixxdz@gmail.com, viro@zeniv.linux.org.uk, daniel@iogearbox.net, gregkh@linuxfoundation.org, mcgrof@kernel.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, kernel-team@fb.com, linux-api@vger.kernel.org Subject: Re: [PATCH net-next] modules: allow modprobe load regular elf binaries From: David Miller In-Reply-To: References: <87478c51-59a7-f6ac-1fb2-f3ca2dcf658b@fb.com> X-Mailer: Mew version 6.7 on Emacs 25.3 / Mule 6.0 (HANACHIRUSATO) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.5.12 (shards.monkeyblade.net [149.20.54.216]); Fri, 09 Mar 2018 10:35:11 -0800 (PST) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Linus Torvalds Date: Fri, 9 Mar 2018 10:17:42 -0800 > - use deny_write_access() to make sure that we don't have active > writers and cannot get them during the execve. I agree that this is necessary for image validation purposes.