Received: by 10.223.185.111 with SMTP id b44csp649417wrg; Fri, 9 Mar 2018 11:00:50 -0800 (PST) X-Google-Smtp-Source: AG47ELu1eLqHzlK8PNHk4ZMTl9x5w31x5yw00NKdDm2R0yIjhvfgfzBX13C8kNX68GKJgepMxUIo X-Received: by 2002:a17:902:9883:: with SMTP id s3-v6mr28142086plp.96.1520622050427; Fri, 09 Mar 2018 11:00:50 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1520622050; cv=none; d=google.com; s=arc-20160816; b=SeR8AFdOcwlyS2xpzMFLmwb6taKcvnpx5j1JIYx0TOHggHQaEC5JEYd9OwUAVedadg pbq/EM1I45oxGWcsOqGqCYJcIWW27BIs46LiFVpZfZCbOHXm5M6btj0cGotSu8hL4PY9 wlBne/BoAzAlJ5nN/rcqxSGmvG3gNZuOTr76R1K0wKC7g1aAvvcnBJP/jJT7jXcTE5o3 6WIs6kWzdRAKlDZLZ6gFOl9r96LnCpB4VsayPXsgtm52ramHhP7n33KabAnFLNGPGk5w jsoV5jfl1te/IpxLdOpUIowuT7VjHFwagUNAcQtPD7SdicZfsId3c2rh/aqWXjgizYk9 B3TQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:spamdiagnosticmetadata :spamdiagnosticoutput:content-transfer-encoding:in-reply-to :mime-version:user-agent:date:message-id:from:cc:references:to :subject:dkim-signature:dkim-signature:arc-authentication-results; bh=YCa9Ae38e9hvD6OG9+fRQc8A9BFFd885rgVBKLJf0w8=; b=IV0VLeFUiwDbagEsBaRdPtPzU8oLhNNBD0hl69fkD8N9Kiyx3sFFh8i1W8F/FrLQn+ P44wiavxv4ZXeqD1pDJl/L6mtT6zCPSbTzst5Rx1qFfFngJVJC+IDK0XW2btMZiMrrMw xsGQTdNExLbIzTbr6Gd/6NBd2FTdAjR6H8ZR6KgVHELwjF1EuM1do3A8QLBVtoIZFOLm SHuKKe4mJoPPngKV1/IuskSf/Q3Qlh0XH5JqnekB0ddJ56RmlHu444WV97XlAxbkp9Q3 KTerp282B3Ghwv5Gd/Q4A4kjeLpYJRfzJhpo987GF1E/lZ2sySDHRBrCmbsqrqjK++H8 bZJQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@fb.com header.s=facebook header.b=A8UKygUf; dkim=fail header.i=@fb.onmicrosoft.com header.s=selector1-fb-com header.b=apU/WUvm; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=fb.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r3-v6si1315810plb.197.2018.03.09.11.00.35; Fri, 09 Mar 2018 11:00:50 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@fb.com header.s=facebook header.b=A8UKygUf; dkim=fail header.i=@fb.onmicrosoft.com header.s=selector1-fb-com header.b=apU/WUvm; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=fb.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932355AbeCIS70 (ORCPT + 99 others); Fri, 9 Mar 2018 13:59:26 -0500 Received: from mx0a-00082601.pphosted.com ([67.231.145.42]:44214 "EHLO mx0a-00082601.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751205AbeCIS7W (ORCPT ); Fri, 9 Mar 2018 13:59:22 -0500 Received: from pps.filterd (m0044010.ppops.net [127.0.0.1]) by mx0a-00082601.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w29IpcvX030420; Fri, 9 Mar 2018 10:58:49 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.com; h=subject : to : references : cc : from : message-id : date : mime-version : in-reply-to : content-type : content-transfer-encoding; s=facebook; bh=YCa9Ae38e9hvD6OG9+fRQc8A9BFFd885rgVBKLJf0w8=; b=A8UKygUf/TCx4fLl+bimE0215bp8B1hQ1EWN2UhgsbXGViiGHku7aQGxUf00on+aJD68 9O0byc1hCxtup4nbUkVsY0n7husw87Na9b8klEc0a5EVYLoXITmnpgpyjMBTKQcXTadx NUohnvVXsAJ0/ltPAJ5sRRiKgpfZzBhc1Uw= Received: from mail.thefacebook.com ([199.201.64.23]) by mx0a-00082601.pphosted.com with ESMTP id 2gkx6uge62-6 (version=TLSv1 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NOT); Fri, 09 Mar 2018 10:58:49 -0800 Received: from NAM01-BY2-obe.outbound.protection.outlook.com (192.168.54.28) by o365-in.thefacebook.com (192.168.16.16) with Microsoft SMTP Server (TLS) id 14.3.361.1; Fri, 9 Mar 2018 10:58:12 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.onmicrosoft.com; s=selector1-fb-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=YCa9Ae38e9hvD6OG9+fRQc8A9BFFd885rgVBKLJf0w8=; b=apU/WUvmhYVIW5LjhJu4YhZz9LBazEC+ZF4s2WavJ4E3IrJEwSSKIFsbsf9e8D6ALz8xaus2fbRoEPGJlJoPHWlwWRWyCw3mIErDGBPi5Q3/ShVYH0Z0/Ai7t44z8vVu/F0t4V79P44zSz5iOZoqImcP31SChPeL9H/Ag828wEI= Received: from [IPv6:2620:10d:c082:1055:7184:6abc:4304:f18] (2620:10d:c090:200::6:ce34) by SN6PR15MB2512.namprd15.prod.outlook.com (2603:10b6:805:25::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.548.13; Fri, 9 Mar 2018 18:58:10 +0000 Subject: Re: [PATCH net-next] modules: allow modprobe load regular elf binaries To: Linus Torvalds , Kees Cook References: <87478c51-59a7-f6ac-1fb2-f3ca2dcf658b@fb.com> <20180309.133509.1275903267249306409.davem@davemloft.net> CC: David Miller , Andy Lutomirski , Alexei Starovoitov , Djalal Harouni , Al Viro , Daniel Borkmann , Greg KH , "Luis R. Rodriguez" , Network Development , LKML , kernel-team , Linux API From: Alexei Starovoitov Message-ID: <77cdc9f5-b51c-a18d-5422-763cc4e76279@fb.com> Date: Fri, 9 Mar 2018 10:58:06 -0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset="utf-8"; format=flowed Content-Transfer-Encoding: 7bit X-Originating-IP: [2620:10d:c090:200::6:ce34] X-ClientProxiedBy: CO2PR05CA0088.namprd05.prod.outlook.com (2603:10b6:104:1::14) To SN6PR15MB2512.namprd15.prod.outlook.com (2603:10b6:805:25::25) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 3dad86d3-238c-47dd-867b-08d585efb480 X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(7020095)(4652020)(5600026)(4604075)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020);SRVR:SN6PR15MB2512; X-Microsoft-Exchange-Diagnostics: 1;SN6PR15MB2512;3:t2NAWF+xTKA5w4QFArD0a+H39W7RP7STyhhBkUmVnwsQeppmsjvC2i9imnTMcdIMo25YgeSOHbUvOnAcLLIuNZCL/1SBpxQcvMnIJBfagQ1IvvPjoWz1iMt9piD3m5S+E2gRj2xIBpaEckLOJKcohc0yaXVfUQQkRv+ee6PYfbzEOTW0aUWEh/UK8rXG5iMhBjzi8Sdc58r71X2syk+wGSZ/sjyNblCF/3yfrlV+MOfdLSsuzFR/LwBVGYEmdY6W;25:xFk4XXngTggOZiw3mJ6F5Llbcag1B3A6iLDKljGPZ5cU6M3wUOr4UyBz2N74bj1IKcPrIbB47Yg/YlNXslqocXKK9p6J7sEBfxucS/dSJPeQj89f7vSuy0EA8ylVA9FPibz51/DuAzKNAYIiQ4ljuXHY9NW+VntFBvC/2M8nmHGeWhU3H9mWHBSUdcRXA0Njltl0bPXFfGAaihaAOUSQ1Ky6R1ivbn+wJP2UDmXAOjPjKy8DOX3ZhPIGxuaDIvQcLXLD5vbjV7ndj8asB58BOsTkcQsE72Tx82gc6KAziwWfpebMfO9CcoBaA8qyG+sqAUfHyPR+GX+42La7QVLQUw==;31:JojDnOgvU+pvBV90jWHbndq9dfdZH0c51CeHNppkYzBEdZhIV/NksDhrRCpJsHJTptPIyaCuQRZwmRjQYuTQ4hJ9H4h3RgIOL+W+dnheVdUw1Oft92s+Mc3pnAvmxgMkj/ojsXdKVHbZivMAnlzdu0qTmBUpWR+ulvtgfrm/zvZgJnC5lkAh7USGMgQ2JISFqPn7K3AteJkioOcitrge89GrPLTGg5qZz2aajERNIGI= X-MS-TrafficTypeDiagnostic: SN6PR15MB2512: X-Microsoft-Exchange-Diagnostics: 1;SN6PR15MB2512;20:cG5ZIJCHLLhg1CieU6ui/PWW9ECP8s3KvyIaNBUeQTw431F03Ycko9qFbpuvPtrkGdQ8qXln8bp1VLu7UPfJsnvEN8A7VqXViskjWnUMhtkqW8Q1u/STQOQ0MTT6hwa3VEPvoMTa10sZ3329NlExMseznOCRENfB3ejPE8d4gDtlg3JN2vS6Pl1FTmHRxWrrMab/omGSnhQSbl2wuRVIJCZ5vL2KvQGZF3sBirUloZCaLj5SaaZb/37OaCk4W5bWKE8q09wCAzs+dGKvLHr/MCv1QehkpUW1NSBY7mF+JaMYvLVMG9ttXFnnhJWDcJopLKpafD3VuRVSGIdzuqwhUg7E321r38ercG4sgdG0Y7iN6aHeQL7Or8ztu5wuPHtlSSjTy+djx6oZ316f9RTbaIWGJ1eOfon7hnRW4uAPBkLk2hsCv+5cGxJ0YERgOqRtwiMIWvQALUm2Xdxd1FFMdPAE/N2pOqlQRfVjCFGbgqESUNS/qNTx3TM2xO5/SOBr;4:w8CJw0hSkmiGHdXMyZMJMG0Jdmhhjd5DeE5+PdWslGX+Xv5TrIGYstIPL2mArYozqto1qohTrhowxl6vLdZjbsoDDQPdqtHbYIm7tyhdbT/hslEkmbBUZukt1kQLxc4oUu/VpaE2J3ka6jsUFRSUpqzWw1KSi8cN1br+xknqN0lLw4Kzuhdoa5qAgeZppmO6AsUdOD+cKriGOK/veHp0D1YZvs8SYd9LNvZlnzyg5nJWJzTaPgPyQMW3StTVmEkr0amF3DeIR9gCJokxd1eFrQ== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(93006095)(93001095)(10201501046)(3002001)(3231220)(11241501184)(944501244)(52105095)(6041310)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123562045)(20161123558120)(6072148)(201708071742011);SRVR:SN6PR15MB2512;BCL:0;PCL:0;RULEID:;SRVR:SN6PR15MB2512; X-Forefront-PRVS: 0606BBEB39 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10019020)(366004)(376002)(39380400002)(396003)(346002)(39860400002)(189003)(199004)(97736004)(4326008)(53936002)(230700001)(25786009)(478600001)(59450400001)(53546011)(64126003)(386003)(229853002)(6486002)(6246003)(47776003)(5660300001)(39060400002)(65956001)(65806001)(1706002)(36756003)(2906002)(6116002)(7736002)(50466002)(65826007)(8676002)(54906003)(93886005)(110136005)(58126008)(81156014)(81166006)(86362001)(6666003)(2950100002)(8936002)(31686004)(316002)(305945005)(106356001)(7416002)(76176011)(52116002)(23676004)(52396003)(52146003)(2486003)(46003)(16526019)(68736007)(186003)(67846002)(31696002)(105586002)(42262002);DIR:OUT;SFP:1102;SCL:1;SRVR:SN6PR15MB2512;H:[IPv6:2620:10d:c082:1055:7184:6abc:4304:f18];FPR:;SPF:None;PTR:InfoNoRecords;MX:1;A:1;LANG:en; Received-SPF: None (protection.outlook.com: fb.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtTTjZQUjE1TUIyNTEyOzIzOmlseVgzcXZwNENCTGlvVjg5Y3pKa3UrNFhF?= =?utf-8?B?VEtBVzZzUGpRL1hBQ0hwMGhUdEJaWnorYndqb3RyaTd4NWhuRmFuTmlDUTFn?= =?utf-8?B?aHl3ZlhNQnRheDZOS3pvU2ZOaTN0cXpPTnNNcVgzQjErUnJWeHU0OWFTKzFE?= =?utf-8?B?R2swZVJGdit4eWxhU0tnc2sreTZRbHBHODJKZGM0dzBBSWx4S25kOFAzaFJZ?= =?utf-8?B?bHVneVBERVI2dHhnNEU3TS9ZWXQ0eFduK21kam4vRm1ROVlpS2RqMW4xR1I5?= =?utf-8?B?ZWdNSkpQVlhsNkJpY2VWZkQvWnl3cU91eXpzVzg4SWZKUTZaaGpxTUMremlq?= =?utf-8?B?ZzBKNmtNbUJKOU5CdmdlK2hLcVdyQnpGS3N6WlZ6YWdtaVRBMjNWSUVCa095?= =?utf-8?B?dlZwdmZocGZhZmQyR01iRllQdjVXY1YybFhPcGJyRlNQTG5JNDVDcWlhcVB3?= =?utf-8?B?alQ1ZWtzajAzZWhHbW1POVQ1WVVnVW1pcFRKNHpjd0RIVlcwdmk3RGxQd05a?= =?utf-8?B?Q1gvN0VlWmZzN2Vyd0RqYStVK1IvMlRpY2JVS1pCaWd0Q1piTGpFN2xJTFhz?= =?utf-8?B?TjJIOUlOaFN6dmVUR3R1YmpJL2VKSHlPeDBMcG9DdVlxZ0RuemNJdk14Vkhz?= =?utf-8?B?dFQwMFl2S20rZkRIcm1XRG5nNFJGYVZ4Sm02aWxVcHFlaCt4Y1h0Um9WRFNi?= =?utf-8?B?SmhiSHdkOFNNWi9Kb3RkQ015SG12Z0hYNjN0alYzUDNQZ2cwMHVHN0prUUtK?= =?utf-8?B?SjY1bkdQMnZXRWFCRGRlVjRRenI3SDRCNEEyMmg4SUpqUmx1WnVod3krc09Z?= =?utf-8?B?TjNYSzQzcmVvQ1I3UkpvMys1SHQ1UnJQeEpZVDlvT24valR2SVc1M0U0WHl5?= =?utf-8?B?b3U2dElBbXpDZHNPbkYvNjRJZFhlTkZudTZIdWZGVWtuaFdXcmNKYUdya29E?= =?utf-8?B?TmJGRVF2bGZMSUYzS1hCdVY0MzFNRjFpUGNkL2JKa3Bpa21HZWYwVjVqNEc0?= =?utf-8?B?bktzdnZIYXpvVzZyQTdtY2V3Y0h5dnUxWHJ1VHlwbkJuRWJTaFZDTUlWK3VN?= =?utf-8?B?RGpkR0ZaRHBta1B0Q0xEZlFrSmlwRTRTTStEQWhXUSthM1FhcHEyb3VuQmxQ?= =?utf-8?B?YlptTXhhV1N5OG5ZSld5NUFMMHFhWThJdXJjVWQrRnZjOHloM2VLNnBBd2xC?= =?utf-8?B?aVkvODI5M2NQUlpBZis5bC9JMkR0TldWWGxTZzg5T294ekc2eE91TFZOQS9h?= =?utf-8?B?RFhYRm9RODduWVpZdGtLRUpBY0NLY0lTMjk4bWlBNEJVS0VIVGcvYVF4ZXd5?= =?utf-8?B?T3FxOXlKN1liTDQ4R0RpbzBpZXovQVpVWXRHR1R4azJkSFlDcUlvMTFNU2d1?= =?utf-8?B?RlpHYzdQd1hSb0oyOGkxR09Dc2Y4bW5IbUZlR3lzbkYxMloyeWRkOUFuclFo?= =?utf-8?B?dVdxbXRnazVjaGU4cHVoc2pMc254VGhLSkdTb0pUR0NWSnpCeE8yU1Y4bi81?= =?utf-8?B?amdsSUhMOWJNREV5VHdRaUVqTXozZCtWZmlYczM3TkxOLzZZcEtQRGpWUFNv?= =?utf-8?B?NHBnQjdMdHRhSlRVelJ3aUxTaFUraTd5TG9yTTVoVmpVY3d0VzkxRDBrMVJq?= =?utf-8?B?WDcvVmxDRkV0aUFLNU9wdXAvVUkvL2ZHcUYxZ0YxR1VmUG8xMmNaNldjOUpa?= =?utf-8?B?eWp0MWx6OTJxdS9sRVM0ZWhGM2t4ZmdoUS93UE1WdUNUcnMzQ0JRWFhiNEtS?= =?utf-8?B?ZGN2aHdkR0QxUjRTUkZ1N01nTW9WOTNiTDlONzVjRmlKTk43NS9SZ1MyVnRl?= =?utf-8?B?a01qcHk3dXcrSzhkOG9QaFk4YjVPeDJnbTFHN2J5WEZWc1ZBZjhSbmJEd3BU?= =?utf-8?B?dEsvcE50bzYxc3F0SzQ3bmNPZ1U3RE9YcVE5N3pQbHUyYUlzeTJxelRNanFr?= =?utf-8?Q?5vvxFTGAnmJ8sIssPrx8zm/ctrC0dg=3D?= X-Microsoft-Antispam-Message-Info: oJXpO/u6mwwNk95lrx3rmIUi7WP2s6ijtmNLIr8nK6964VCeHQe2A0Vfz57r7aoqZBf/wDa6COwC4s5VlYsPVI9WYpqv/Z75U2m4eOKSjIgl/Lkfet4KDAk0r9NyPUcUGXOeXob7GtIEb+M4JgJQcMY8RbOBO7wXG48kCM5zNjOwurxSsor4oXeCbfpXDBoY X-Microsoft-Exchange-Diagnostics: 1;SN6PR15MB2512;6:oJ+zw1Y6/AfPqakU5exUbqh5yC0QeRHy5jNONCbSjeNCkmyEwt3Rcuyd9ZnaPJBKVDOE6HRFrpPShbgApn3h70r+g1nahPaz1WMtIfGTeA/Mb45hTNinHcjZKE413Rtbtwzx/ZfVlamXqAmKY/XrqJACJYHqwafbHlgp1SsLMugMJoj9rVPoQGJUqHmw30enwk5lWt2mmNdtv3lGTLVSavKwXKYgy3uU8sXuKpJqAKBGhBMYdfOu+EvqugkTyYx/m1OFm/UGlaCn2m+hxxojzjZcz1JB+iVDD6Rnt0HurqTfPZyOhoiXeFw9Nb4BtSBiLobyQFOp5T2r/j7J/QveR6f1E5a7H5ng+/mTyjaQSUA=;5:vSWkQu1+wlVFGJbLDO7ATyiB79p/Mmd97uJ5NvIvEqtZyimLbBLGUg/1/mZPauRW3MCL74yg9ztnsBhaonRFByy02NFcHmd6GAsFMKzvwSzUPmLr8qrOj/T3IHvjMTeE7C9T8m74+gzDUMWPCabp/YDJ9rdKDvjLnF4vK6amvHk=;24:xCe/yoSc83bT6sEtIFVMlLAnTCF4N9Do5nlvs/ERBq6ff14pKZa6Nab+9qmOrExRBlz06Sgj4WdsEoJvz8U8hFgkO5ZN8j4oJ9+ZJNa7T3k=;7:ru7M1BRYrGHX7M2UTpMmN4Px5CBx6dFQhteHpfWQ/P61zLO9jBQFY4hvpRk9xyXoudYdAvuFTXU0u6tfOcKWCa2aP2Kt/kbngWZkRhwXz5/eIzskAeEmeoNH5XF1vY6OICA2QaTfZ+eDA8TL3TWOPurut0pjXI6kk8aDPkj5I8IBg7aVAx6Y2wLuyeIVekDr7qefLFC7Gmz+6ztsCZH3gYURfdzUX7pMfFiZP5eU9Yv8wpz9ox46A6Zk5o+Fj5MI SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;SN6PR15MB2512;20:cfGABe5N5vbwA6XBez1U6Q6ZnRf+o+ZBSfnyRroayEJWNv8DY7srFz2gDLorC398gY7SDo+nkSIZ4AEdqv0hUfqIwyv5ZGv/O4bSuBLbMcw2J+qGsLlts6PCEWJDXZfVTWwFxCPKBuuWiTJ1CVx/2OFG4i5aDp+68Rn+YrhN6Gw= X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Mar 2018 18:58:10.1668 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 3dad86d3-238c-47dd-867b-08d585efb480 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 8ae927fe-1255-47a7-a2af-5f3a069daaa2 X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR15MB2512 X-OriginatorOrg: fb.com X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2018-03-09_10:,, signatures=0 X-Proofpoint-Spam-Reason: safe X-FB-Internal: Safe Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 3/9/18 10:50 AM, Linus Torvalds wrote: > On Fri, Mar 9, 2018 at 10:43 AM, Kees Cook wrote: >> >> Module loading (via kernel_read_file()) already uses >> deny_write_access(), and so does do_open_execat(). As long as module >> loading doesn't call allow_write_access() before the execve() has >> started in the new implementation, I think we'd be covered here. > > No. kernel_read_file() only does it *during* the read. > > So there's a huge big honking gap between the two. > > Also, the second part of my suggestion was to be entirely synchronous > with the whole execution of the process, and do it within the "we do > mutual exclusion fo rmodules with the same name" logic. > > Note that Andrei's patch uses UMH_WAIT_EXEC. That's basically > "vfork+exec" - it only waits for the exec to have started, it doesn't > wait for the whole thing. It's not waiting for the whole thing, because once bpfilter starts it stays running/sleeping because it's stateful. It needs normal malloc-ed memory to keep the state of iptable->bpf translation that it will use later during subsequent translation calls. Theoretically it can use bpf maps pinned in kernel memory to keep this state, but then it's non-swappable. It's better to keep bpfilter state in its own user memory.