lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 25 Oct 2011 16:17:24 -0400
From:	Dave Jones <davej@...hat.com>
To:	Greg KH <greg@...ah.com>
Cc:	Nick Bowler <nbowler@...iptictech.com>,
	Ben Hutchings <ben@...adent.org.uk>,
	Rusty Russell <rusty@...tcorp.com.au>,
	Randy Dunlap <rdunlap@...otime.net>,
	LKML <linux-kernel@...r.kernel.org>,
	Debian kernel maintainers <debian-kernel@...ts.debian.org>
Subject: Re: [PATCH] module,bug: Add TAINT_OOT_MODULE flag for modules not
 built in-tree

On Tue, Oct 25, 2011 at 10:04:55PM +0200, Greg Kroah-Hartman wrote:
 > On Tue, Oct 25, 2011 at 12:51:42PM -0400, Nick Bowler wrote:
 > > On 2011-10-25 18:05 +0200, Ben Hutchings wrote:
 > > > On Tue, 2011-10-25 at 11:38 -0400, Nick Bowler wrote:
 > > > > This patch prevents the use of lockdep for debugging out of tree
 > > > > modules, which is rather mean.
 > > > 
 > > > It was already disabled for staging modules, which seems equally
 > > > unhelpful.
 > > 
 > > This is not the case: lockdep works fine with staging modules.
 > 
 > Yes, that was fixed a few kernel versions ago.
 > 
 > Now you might want to update that fix for the TAINT_OOT_MODULE flag as
 > well, if you feel it is needed.

I'm assuming you mean this patch ?

commit 7816c45bf13255157c00fb8aca86cb64d825e878
Author: Roland Vossen <rvossen@...adcom.com>
Date:   Thu Apr 7 11:20:58 2011 +0200

    modules: Enabled dynamic debugging for staging modules
    
    Driver modules from the staging directory are marked 'tainted'
    by module.c. Subsequently, tainted modules are denied dynamic
    debugging. This is unwanted behavior, since staging modules should
    be able to use the dynamic debugging mechanism.
    
    Please merge this also into the staging-linus branch.
    
    Signed-off-by: Roland Vossen <rvossen@...adcom.com>
    Acked-by: Jason Baron <jbaron@...hat.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@...e.de>

diff --git a/kernel/module.c b/kernel/module.c
index d5938a5..4d5c16a 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -2790,7 +2790,7 @@ static struct module *load_module(void __user *umod,
        }
 
        /* This has to be done once we're sure module name is unique. */
-       if (!mod->taints)
+       if (!mod->taints || mod->taints == (1U<<TAINT_CRAP))
                dynamic_debug_setup(info.debug, info.num_debug);
 
        /* Find duplicate symbols */
@@ -2827,7 +2827,7 @@ static struct module *load_module(void __user *umod,
        module_bug_cleanup(mod);
 
  ddebug:
-       if (!mod->taints)
+       if (!mod->taints || mod->taints == (1U<<TAINT_CRAP))
                dynamic_debug_remove(info.debug);
  unlock:
        mutex_unlock(&module_mutex);



If we want to support out of tree modules with this, should we just nuke the
whole check, or do we still want to prevent certain types of tainted kernels
from using this stuff ?

(sidenote: it's not immediately obvious to me that this is the right patch,
as dynamic debug & lockdep are separate things, though this was the only
thing in kernel/module.c's history this year that sounds similar)

	Dave

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ