lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 24 Nov 2020 10:31:18 +0100
From:   Jessica Yu <jeyu@...nel.org>
To:     William Mcvicker <willmcvicker@...gle.com>
Cc:     Christoph Hellwig <hch@...radead.org>,
        Masahiro Yamada <masahiroy@...nel.org>,
        Michal Marek <michal.lkml@...kovi.net>,
        linux-kernel@...r.kernel.org, linux-kbuild@...r.kernel.org,
        kernel-team@...roid.com,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Saravana Kannan <saravanak@...gle.com>
Subject: Re: [PATCH v1 0/2] Add support to capture external module's SCM
 version

+++ William Mcvicker [23/11/20 14:13 -0800]:
>On Mon, Nov 23, 2020 at 09:02:57AM +0000, Christoph Hellwig wrote:
>> On Sat, Nov 21, 2020 at 01:16:49AM +0000, Will McVicker wrote:
>> > These two patches add module support to capture an external module's SCM
>> > version as a MODULE_INFO() attribute. This allows users to identity the SCM
>> > version of a given kernel module by using the modinfo tool or on the device
>> > via sysfs:
>>
>> As this obviously is of no use for in-tree modules it falls under the we
>> don't add code to support things that are not in tree rule and has no
>> business in the kernel.
>
>Hi Christoph,
>
>Ah sorry, I didn't intend this to come across as only for external modules.
>That just seemed like the easiest way to explain how the scmversion attribute
>can be different from the vermagic. We mainly need this for in-tree kernel
>modules since that's where most our drivers are. Let me re-phrase this with
>that in mind. Basically, I like to look at this as an improved version of the
>existing srcversion module attribute since it allows you to easily identify the
>module version with a quick SCM version string check instead of doing a full
>checksum on the module source.
>
>For example, we have a setup to test kernel changes on the hikey and db845c
>devices without updating the kernel modules. Without this scmversion module
>attribute, you can't identify the original module version using `uname
>-r`. And for kernel modules in the initramfs, you can't even use modinfo to get
>the module vermagic.  With this patch, you are able to get the SCM version for
>*all* kernel modules (on disk and in the initramfs) via the sysfs node:
>/sys/module/<mod>/scmversion. This also works the other way around when
>developers update their kernel modules to fix some bug (like a security
>vulnerability) but don't need to update the full kernel.

Hi Will,

If this were also intended for in-tree kernel modules, then why do
intree modules only get the UTS_RELEASE string in their scmversion
field, which basically already exists in the vermagic? Or do you plan
to change that?

Jessica

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ