Received: by 10.223.185.111 with SMTP id b44csp640501wrg;
        Fri, 9 Mar 2018 10:50:16 -0800 (PST)
X-Google-Smtp-Source: AG47ELuXjxhRPBdFb1OFVaw901SHaQmNtejHzn45wavEpveL7soCrStptmhJpSJBQDD/k7SXSr1G
X-Received: by 2002:a17:902:7b90:: with SMTP id w16-v6mr27962467pll.26.1520621415967;
        Fri, 09 Mar 2018 10:50:15 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1520621415; cv=none;
        d=google.com; s=arc-20160816;
        b=YDt13C9mHPqXFGaaxjuhro8i8MfW6RMK2CA1K/jeC0wOEkPCq5W79ZNxVLLVuEtBA6
         FSvSuLRPMzicXBTClo1azZ7SzvBmnRMbZDgkfkkZdJb5v4gqJMsZCTjj126vr6X7LNEg
         rPVoBv9NWGSj9d2AUaS3NjTH0ueuUZFNmJm3hhiwBbK8GcMp4V1PEHU1YQuHrWoxsL/W
         KeQYicu310COPzQh8kG1rdjKAnn7WwihZL8zdWElZiKrTtERYvspdPqgW09PY5VQdDTg
         ZR++m2eo5RewRLRIWRzihivg4ql4CbL3wLibEgtZKz5Ek7q68xuM7Fdid+72Pzpgux2s
         c5YA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:to:references:message-id
         :content-transfer-encoding:cc:date:in-reply-to:from:subject
         :mime-version:dkim-signature:arc-authentication-results;
        bh=LbCYQzTJgthTwMyn6UHaoGGuyspw4Se793S5vF0zfes=;
        b=vgWgIiE+9eLgY4g+X9qT84jRMNYno6jS30LEGd/XBm/jvjwd0KBl5kyxysHAXRLiNt
         STnjQvkJOqvwrwSdBPYuej3Xht8WppeDEgZT2QuWXmPDPrj53EWCKwYGTGQ0AzwdjcwC
         cFRREcd/RZzLQykM+2HaINEQF/9YblrjsHMxgzr8o5iKToKL6YCs08ohzVT6TYhuZD+m
         iHmzlys8vEUxtmA5HbDfmUe88l3wGE2XvFSHQ55WoWNPa5I+3RrobAUaLnLuGZQR01eJ
         MQOzC99hcOZ5hF3NH3nTzYHcDk3MCmwg0baDWTffoxR4LKZ8dbtoWTxR/9/q0JE3KjCk
         b/5g==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=zv4bsLne;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id t8si1082355pgo.118.2018.03.09.10.50.01;
        Fri, 09 Mar 2018 10:50:15 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=zv4bsLne;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S932464AbeCISs4 (ORCPT <rfc822;kernelgary@gmail.com> + 99 others);
        Fri, 9 Mar 2018 13:48:56 -0500
Received: from mail-pf0-f195.google.com ([209.85.192.195]:40076 "EHLO
        mail-pf0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751268AbeCISsy (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 9 Mar 2018 13:48:54 -0500
Received: by mail-pf0-f195.google.com with SMTP id x1so1629587pfh.7
        for <linux-kernel@vger.kernel.org>; Fri, 09 Mar 2018 10:48:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=amacapital-net.20150623.gappssmtp.com; s=20150623;
        h=mime-version:subject:from:in-reply-to:date:cc
         :content-transfer-encoding:message-id:references:to;
        bh=LbCYQzTJgthTwMyn6UHaoGGuyspw4Se793S5vF0zfes=;
        b=zv4bsLne4pdRCxKEFne0iwfEzv6XliMeGM39PV8ViXGgYgvVwK5krngt5tw2+nt7LK
         7Zq8kVKh5Oy0njZjRnWUa435yMAZJuAsfADnxY2+MT4wb+nbF/qcrvw0K3ycUDhwC2vn
         IOx3/mP2V6he4HV27KdKyG7pHNlzW9u7WVzuHncvOXwWDEkHldfAD2kzD2z3g9GVe6Ml
         dOmYc15nMB5euXULwkeO+pjfvpNUK1hrXwdyzDeKMC41Iy/vbZnfS/o9dN4dUYdMEnFL
         HApvqwxCo+a+5KcyvFW0eip1t/VVpU3Eq7QrYfjmfC5pKEQLmqXcUo23l1dgcBTyTJ26
         8M1Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc
         :content-transfer-encoding:message-id:references:to;
        bh=LbCYQzTJgthTwMyn6UHaoGGuyspw4Se793S5vF0zfes=;
        b=Eo36b8nPGPhcCVIvEqCSmrs7otdqaCIxYGTtoEQGccGelzDtg5Arr3MthTqxODVl6m
         azyB3XollWgIwmFVtOCJX2BXyX6EdvVR9ap4Md3HdpP+yf1No8ElHTq5fqAJINRVL0n5
         b6g83FPgigshw5Y4VsASoncL4Muonv2MzhSyDRHQOeiF7GGw5XPCqEFj+oDvH0w/TnBW
         VP8HCw9QXmp9FJbMlWs+0OAY3p7EedpFWlzsUvxfuNDsQ1n8IW9HdtYQSXfEU28e6GNS
         A1bK7t/bjjEEbXfaqzYBJXNRW9mo1VahYz9FJu0e2U4V88aYS2nQrjQXkbsnK4knWl/S
         SUUw==
X-Gm-Message-State: AElRT7EMPVJf/Xn8bJvKhuyr3A2fHfKbqgpgDHUaKYYg98mFtPR8uMU1
        ov8itoJzePKo9lplzFv/k3OJLw==
X-Received: by 10.99.117.24 with SMTP id q24mr11787237pgc.75.1520621333728;
        Fri, 09 Mar 2018 10:48:53 -0800 (PST)
Received: from ?IPv6:2600:1010:b05d:dc76:e069:cad1:42ef:c98b? ([2600:1010:b05d:dc76:e069:cad1:42ef:c98b])
        by smtp.gmail.com with ESMTPSA id l129sm4393068pfl.82.2018.03.09.10.48.52
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Fri, 09 Mar 2018 10:48:52 -0800 (PST)
Content-Type: text/plain;
        charset=utf-8
Mime-Version: 1.0 (1.0)
Subject: Re: [PATCH net-next] modules: allow modprobe load regular elf binaries
From:   Andy Lutomirski <luto@amacapital.net>
X-Mailer: iPhone Mail (15D100)
In-Reply-To: <CA+55aFwfcXzD+pzjN=vTcvscpK97pSztUZ2JK7pABs+rMtM7BQ@mail.gmail.com>
Date:   Fri, 9 Mar 2018 10:48:51 -0800
Cc:     Alexei Starovoitov <ast@fb.com>, Kees Cook <keescook@chromium.org>,
        Alexei Starovoitov <ast@kernel.org>,
        Djalal Harouni <tixxdz@gmail.com>,
        Al Viro <viro@zeniv.linux.org.uk>,
        "David S. Miller" <davem@davemloft.net>,
        Daniel Borkmann <daniel@iogearbox.net>,
        Greg KH <gregkh@linuxfoundation.org>,
        "Luis R. Rodriguez" <mcgrof@kernel.org>,
        Network Development <netdev@vger.kernel.org>,
        LKML <linux-kernel@vger.kernel.org>,
        kernel-team <kernel-team@fb.com>,
        Linux API <linux-api@vger.kernel.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <E459E6CC-F51B-4F2A-9D26-FFB7166E0A47@amacapital.net>
References: <20180306013457.1955486-1-ast@kernel.org> <CAGXu5j+Q=S5sw9N5avyByxi2ekM6povT5Tajjhdb6D9g9ggKxQ@mail.gmail.com> <CALCETrX=Vfk1T-XegwnjtUqeEsyUFXH1744d0yGkufQvDA5xkQ@mail.gmail.com> <CA+55aFwJPDub+tdShCgeTz3UejeskVE7_x+eQLq75mCjYPyP8w@mail.gmail.com> <CAGXu5j+B4wgT3ovynAxa1zwCeROfN5zK45tL1FUnFh0sg8M5AA@mail.gmail.com> <CA+55aFwRGDPvaCUgMtqnQHb2PZ77JSMQMQVf1znSN+PiV7NR-Q@mail.gmail.com> <C94A45E9-54A0-446D-86D6-82D06E2A35CD@amacapital.net> <87478c51-59a7-f6ac-1fb2-f3ca2dcf658b@fb.com> <CA+55aFwfcXzD+pzjN=vTcvscpK97pSztUZ2JK7pABs+rMtM7BQ@mail.gmail.com>
To:     Linus Torvalds <torvalds@linux-foundation.org>
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org



> On Mar 9, 2018, at 10:17 AM, Linus Torvalds <torvalds@linux-foundation.org=
> wrote:
>=20

>=20
> Hmm. I wish we had an "execute blob" model, but we really don't, and
> it would be hard/impossible to do without pinning the pages in memory.
>=20

Why so hard?  We can already execute a struct file for execveat, and Alexei a=
lready has this working for umh. Surely we can make an immutable (as in even=
 root can=E2=80=99t write it) kernel-internal tmpfs file, execveat it, then u=
nlink it. And /proc/PID/exe should be openable and readable.  The blob itsel=
f would be __initdata so it gets discarded after it lands in tmpfs.=20=