lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Mon,  2 May 2022 21:51:02 +0100
From:   Aaron Tomlin <atomlin@...hat.com>
To:     mcgrof@...nel.org
Cc:     cl@...ux.com, pmladek@...e.com, mbenes@...e.cz,
        christophe.leroy@...roup.eu, akpm@...ux-foundation.org,
        linux-kernel@...r.kernel.org, linux-modules@...r.kernel.org,
        atomlin@...mlin.com, ghalat@...hat.com, oleksandr@...alenko.name,
        neelx@...hat.com
Subject: [PATCH v5 0/3] module: Introduce module unload taint tracking

Hi Luis,

This iteration is still based on the latest mcgrof/modules-next branch.

I have decided still to use RCU even though no entry is ever removed from
the unloaded tainted modules list. That being said, if I understand
correctly, it is not safe in some instances to use 'module_mutex' in
print_modules().  So instead we disable preemption to ensure list traversal
with concurrent list manipulation e.g. list_add_rcu(), is safe too.

Changes since v4 [1]
 - Moved code to kernel/module/tracking.c
   (Luis Chamberlain)
 - Used only strcmp() in try_add_tainted_module()
   (Christophe Leroy)

Changes since v3 [2]
 - Fixed kernel build error reported by kernel test robot i.e. moved
   '#endif' outside 'if (!list_empty(&unloaded_tainted_modules))'
   statement in the context of print_modules()
 - Used strncmp() instead of memcmp()
   (Oleksandr Natalenko)
 - Removed the additional strlen()
   (Christoph Lameter)

Changes since v2 [3]
 - Dropped RFC from subject
 - Removed the newline i.e. "\n" in printk()
 - Always include the tainted module's unload count
 - Unconditionally display each unloaded tainted module

Please let me know your thoughts.

[1]: https://lore.kernel.org/all/20220425090841.3958494-1-atomlin@redhat.com/
[2]: https://lore.kernel.org/all/20220420115257.3498300-1-atomlin@redhat.com/
[3]: https://lore.kernel.org/all/20220419150334.3395019-1-atomlin@redhat.com/


Aaron Tomlin (3):
  module: Make module_flags_taint() accept a module's taints bitmap and
    usable outside core code
  module: Move module_assert_mutex_or_preempt() to internal.h
  module: Introduce module unload taint tracking

 init/Kconfig             | 11 ++++++++
 kernel/module/Makefile   |  1 +
 kernel/module/internal.h | 34 ++++++++++++++++++++++
 kernel/module/main.c     | 24 ++++++----------
 kernel/module/tracking.c | 61 ++++++++++++++++++++++++++++++++++++++++
 5 files changed, 116 insertions(+), 15 deletions(-)
 create mode 100644 kernel/module/tracking.c


base-commit: eeaec7801c421e17edda6e45a32d4a5596b633da
-- 
2.34.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ