lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <aae67a8e-6f0a-a535-7053-67a6dd601d30@csgroup.eu>
Date:   Wed, 2 Mar 2022 13:41:43 +0000
From:   Christophe Leroy <christophe.leroy@...roup.eu>
To:     Aaron Tomlin <atomlin@...hat.com>
CC:     "mcgrof@...nel.org" <mcgrof@...nel.org>,
        "cl@...ux.com" <cl@...ux.com>, "mbenes@...e.cz" <mbenes@...e.cz>,
        "akpm@...ux-foundation.org" <akpm@...ux-foundation.org>,
        "jeyu@...nel.org" <jeyu@...nel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "linux-modules@...r.kernel.org" <linux-modules@...r.kernel.org>,
        "void@...ifault.com" <void@...ifault.com>,
        "atomlin@...mlin.com" <atomlin@...mlin.com>,
        "allen.lkml@...il.com" <allen.lkml@...il.com>,
        "joe@...ches.com" <joe@...ches.com>,
        "msuchanek@...e.de" <msuchanek@...e.de>,
        "oleksandr@...alenko.name" <oleksandr@...alenko.name>,
        "jason.wessel@...driver.com" <jason.wessel@...driver.com>,
        "daniel.thompson@...aro.org" <daniel.thompson@...aro.org>,
        "pmladek@...e.com" <pmladek@...e.com>
Subject: Re: [PATCH v9 07/14] module: Move extra signature support out of core
 code



Le 02/03/2022 à 14:33, Aaron Tomlin a écrit :
> On Wed 2022-03-02 08:08 +0000, Christophe Leroy wrote:
>>> +bool is_module_sig_enforced(void)
>>> +{
>>> +	return sig_enforce;
>>> +}
>>> +EXPORT_SYMBOL(is_module_sig_enforced);
>>
>> As reported by the test robot, that's not enough.
> 
> Hi Christophe,
> 
> Thanks for testing this.
> 
>> When it was in main.c, is_module_sig_enforced() was build as soon as
>> CONFIG_MODULES was set.
>> Now it is only built when CONFIG_MODULE_SIG is selected,
> 
> Agreed.
> 
>> so you have to modify include/linux/modules.h and have the stub
>> is_module_sig_enforced() when CONFIG_MODULE_SIG is not selected and not
>> only when CONFIG_MODULES is not selected.
> 
> Sure: when Kconfig CONFIG_MODULE_SIG is not selected.
> 
> Luis,
> 
> I can see that the latest series is in mcgrof/modules-testing.
> Should I address the above as a separate patch with "Fixes:" or
> provide a whole new series, with the fix within the same patch?
> In my opinion, another iteration would be cleaner.
> 
> 

On the powerpc list, usually for this kind of stuff, if the fixup 
doesn't impact the other commits of the series, we provide an 
incremental fixup and Michael squashes it in the faulty commit while 
rebasing.

That way you get the advantage of a new iteration without the disadvantages.

Up to Luis to tell what he prefers.

Christophe

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ