Received: by 10.223.185.111 with SMTP id b44csp635809wrg;
        Fri, 9 Mar 2018 10:44:46 -0800 (PST)
X-Google-Smtp-Source: AG47ELtuw3PjZkkJQXXhyi52/NsmsfCNxnTMTvJFqOI0QoTHGkzZOjdm5+8b9N2woWgdBe0B+D5B
X-Received: by 10.98.165.4 with SMTP id v4mr26216663pfm.51.1520621086610;
        Fri, 09 Mar 2018 10:44:46 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1520621086; cv=none;
        d=google.com; s=arc-20160816;
        b=cY00aL9Mcgd4QwsKgHV1rmdL7nyzAsjt8Kw3/hVHdSvZRITIpmfHLjnMTDmN1GWFmt
         o9GQH+pSq6oLM5u+OQDgDrb4j5eJELHQmwc9+dU7k23HyAHx2811f49Nt59UDht39DXx
         J0mRAFlkjGN4yrbyFwzeatut5tG07XJRysnaxPI8Y51TyHAwAKrBjucvETZxUyPB4LSc
         gqtLK7nK7dGV/bu00jnBvxzWDnsUXWrhpcoIjZSKX1J/OV84lpeWc1771NmD5X/z8RxU
         ktFLRHP6OY2CtSPWAEGOBUPTohUgSy6I/GXpKNXJmKQGvfMmPrgiZrcXUqMGKFD6wMJC
         3lrg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:dkim-signature:dkim-signature
         :arc-authentication-results;
        bh=xjrTs4iSBRjgG1Ez9nuS2pSYpJUTcS5o/rgA1tdfouk=;
        b=G5d1nah+LJ3iX64q4vE2WhuIn4BMOWr27Y1xF+EPYRWCV5SZ9q+2a9q1JQqzwiPD9d
         8pso7A+/f6mGrdeMoPbZ12wt6/ctLeCvfV4Dl+jxBbCExyy/o0LVRXu+UQyWn2ox8ryD
         jehI+eiaip7R/SLPQvHvzY3Sy3P8TTyT7tvMQK+9ts49VOlocNd2gE23JE0A8TIJQVqx
         FTS1ey/WC6dxxv1jx2N8fR9kTCtGZ3qhj+YkyOx+/cRUyIuhRbFrpCfH9ojmvArLcOMM
         t1dS2NkwZvHR4ERUuapl0RkIC9dAnEOb8EzrTw0LQ6O/IRi91rvYywZZ2FBaZE1UqSg8
         kifw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@google.com header.s=20161025 header.b=jUAHfpEl;
       dkim=fail header.i=@chromium.org header.s=google header.b=cyjFUSm4;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id t66si1105888pgc.160.2018.03.09.10.44.31;
        Fri, 09 Mar 2018 10:44:46 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@google.com header.s=20161025 header.b=jUAHfpEl;
       dkim=fail header.i=@chromium.org header.s=google header.b=cyjFUSm4;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S932588AbeCISnJ (ORCPT <rfc822;kernelgary@gmail.com> + 99 others);
        Fri, 9 Mar 2018 13:43:09 -0500
Received: from mail-ua0-f194.google.com ([209.85.217.194]:33701 "EHLO
        mail-ua0-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S932557AbeCISnH (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 9 Mar 2018 13:43:07 -0500
Received: by mail-ua0-f194.google.com with SMTP id f6so2910799ual.0
        for <linux-kernel@vger.kernel.org>; Fri, 09 Mar 2018 10:43:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=xjrTs4iSBRjgG1Ez9nuS2pSYpJUTcS5o/rgA1tdfouk=;
        b=jUAHfpElX7ZouaG8Fu41Yhuk5UY/3fl9EZ9RSt/KgpjRu3PxfBVbAXbddmfZgpVzE3
         826Eowe/Cm4v37ZjlmcIlWM+zca6lmqXkpntLcOB9uwWhswhZFP/FUZ9B/5EJBI4GJSs
         Uw0kiXAdZo1sQapedkOPeNBE4r7YZgjA3sEq9QfmnXm2qFHzEwZ31HBREGOb+6yiP/BP
         KumF9cCWQ836590eO7XD0MdUWkySQuH9a65yU/gS6dBGcIbf4AvHN5X2yodcC8hp7bsH
         AD2yYzwJ0MPwKFviDUU2HGCcHabkArilJ0seZqrq/1WKcb9dSucHBqt/CW61OUPOLbMv
         skVQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=xjrTs4iSBRjgG1Ez9nuS2pSYpJUTcS5o/rgA1tdfouk=;
        b=cyjFUSm4AjJvARNAaRSAdbC38mYJZhJhjeYRRYkvk9M47guJx/CPXDzGGjIMwvKQyl
         g0VgJZeFCUuubVGRdjMRHVY6RH1hBeffYV5Vlu4EwqnoyeSA2pZRcEHABiI4SenQeWBA
         ZrQ538kyg3CILSnn0xVjkW8TeC1G2FjIevR4E=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
         :date:message-id:subject:to:cc;
        bh=xjrTs4iSBRjgG1Ez9nuS2pSYpJUTcS5o/rgA1tdfouk=;
        b=jSGFYXw0q3oz2FbSYHGyOl8KjjduGzjyot2IRDFTjB7rLNa2UdbvhujwufDP3bef9+
         CZm+t9g09vG7KAE2AT43xiUv6EZmfs6CJoOVyg777yjEMNlRayG3Ehfp3oZeyshncizc
         vt88QA9hdnz4XFUF6hC6/MpsWxo2yQgz0QmxjQ7gjWf62Rv9MYVnCASx1OSZNX/7KgW0
         JDrOfda/zuSf4AV/l/w+OG+f81K45Ul6DUfVk7PjSwx+2uM8z1FbgfGRpYvClv0S588s
         Y3e1ssaObWrdrz4DdQM9ojLHfqJ9iRX7dUxxiNnEO50RMXiBFA8UF6eg0Opc3HJy2I1y
         87XA==
X-Gm-Message-State: AElRT7H/6oU6nLVfbGgZm8q5bKf8Day6oPnpYa2y5kiA/B6Q4f6mqxZ7
        nMntnpuKhH4v7ViTwyDez+7WgqUSpMm6vucUAXjZbw==
X-Received: by 10.159.38.51 with SMTP id 48mr24702574uag.193.1520620985637;
 Fri, 09 Mar 2018 10:43:05 -0800 (PST)
MIME-Version: 1.0
Received: by 10.31.242.140 with HTTP; Fri, 9 Mar 2018 10:43:04 -0800 (PST)
In-Reply-To: <20180309.133509.1275903267249306409.davem@davemloft.net>
References: <C94A45E9-54A0-446D-86D6-82D06E2A35CD@amacapital.net>
 <87478c51-59a7-f6ac-1fb2-f3ca2dcf658b@fb.com> <CA+55aFwfcXzD+pzjN=vTcvscpK97pSztUZ2JK7pABs+rMtM7BQ@mail.gmail.com>
 <20180309.133509.1275903267249306409.davem@davemloft.net>
From:   Kees Cook <keescook@chromium.org>
Date:   Fri, 9 Mar 2018 10:43:04 -0800
X-Google-Sender-Auth: a2OfxbmnYYGnj1GF7Z6dblf5GUE
Message-ID: <CAGXu5jJcuSojm_KN5+JQ3fV6J09V6dmNB6haqu11xkXTq=nxog@mail.gmail.com>
Subject: Re: [PATCH net-next] modules: allow modprobe load regular elf binaries
To:     David Miller <davem@davemloft.net>
Cc:     Linus Torvalds <torvalds@linux-foundation.org>,
        Alexei Starovoitov <ast@fb.com>,
        Andy Lutomirski <luto@amacapital.net>,
        Alexei Starovoitov <ast@kernel.org>,
        Djalal Harouni <tixxdz@gmail.com>,
        Al Viro <viro@zeniv.linux.org.uk>,
        Daniel Borkmann <daniel@iogearbox.net>,
        Greg KH <gregkh@linuxfoundation.org>,
        "Luis R. Rodriguez" <mcgrof@kernel.org>,
        Network Development <netdev@vger.kernel.org>,
        LKML <linux-kernel@vger.kernel.org>,
        kernel-team <kernel-team@fb.com>,
        Linux API <linux-api@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri, Mar 9, 2018 at 10:35 AM, David Miller <davem@davemloft.net> wrote:
> From: Linus Torvalds <torvalds@linux-foundation.org>
> Date: Fri, 9 Mar 2018 10:17:42 -0800
>
>>  - use deny_write_access() to make sure that we don't have active
>> writers and cannot get them during the execve.
>
> I agree that this is necessary for image validation purposes.

Module loading (via kernel_read_file()) already uses
deny_write_access(), and so does do_open_execat(). As long as module
loading doesn't call allow_write_access() before the execve() has
started in the new implementation, I think we'd be covered here.

-Kees

-- 
Kees Cook
Pixel Security