lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Wed, 6 Jul 2022 16:37:05 -0700
From:   Luis Chamberlain <mcgrof@...nel.org>
To:     Aaron Tomlin <atomlin@...hat.com>
Cc:     linux-modules@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 2/2] module: Show the last unloaded module's taint flag(s)

On Mon, Jun 27, 2022 at 05:40:52PM +0100, Aaron Tomlin wrote:
> For diagnostic purposes, this patch, in addition to keeping a record/or
> track of the last known unloaded module, we now will include the
> module's taint flag(s) too e.g: " [last unloaded: fpga_mgr_mod(OE)]"
> 
> Signed-off-by: Aaron Tomlin <atomlin@...hat.com>
> ---
>  kernel/module/main.c | 10 ++++++++--
>  1 file changed, 8 insertions(+), 2 deletions(-)
> 
> diff --git a/kernel/module/main.c b/kernel/module/main.c
> index dcb83cf18d84..0ca6fd38b903 100644
> --- a/kernel/module/main.c
> +++ b/kernel/module/main.c
> @@ -524,7 +524,12 @@ static struct module_attribute modinfo_##field = {                    \
>  MODINFO_ATTR(version);
>  MODINFO_ATTR(srcversion);
>  
> -static char last_unloaded_module[MODULE_NAME_LEN+1];
> +/*
> + * Maximum number of characters written by module_flags()
> + * without a module's state information.
> + */
> +#define LAST_UNLOADED_MODULE_NAME_LEN (MODULE_NAME_LEN + MODULE_FLAGS_BUF_SIZE - 2 + 1)
> +static char last_unloaded_module[LAST_UNLOADED_MODULE_NAME_LEN];

First of all this then confuses a reader easily as one would expect
last_unloaded_module always just has the module. Second, "module flags"
really throws a user off, as one would expect a module flag is some sort
of parameter, but in reality these are just taint flags.

So I'd much prefer we split the taint flags out to its own buffer and
dump the data to it alone.

The first patch seems sensible.

  Luis

>  #ifdef CONFIG_MODULE_UNLOAD
>  
> @@ -694,6 +699,7 @@ SYSCALL_DEFINE2(delete_module, const char __user *, name_user,
>  {
>  	struct module *mod;
>  	char name[MODULE_NAME_LEN];
> +	char buf[LAST_UNLOADED_MODULE_NAME_LEN];
>  	int ret, forced = 0;
>  
>  	if (!capable(CAP_SYS_MODULE) || modules_disabled)
> @@ -753,8 +759,8 @@ SYSCALL_DEFINE2(delete_module, const char __user *, name_user,
>  
>  	async_synchronize_full();
>  
> -	/* Store the name of the last unloaded module for diagnostic purposes */
>  	strlcpy(last_unloaded_module, mod->name, sizeof(last_unloaded_module));
> +	strcat(last_unloaded_module, module_flags(mod, buf, false));
>  
>  	free_module(mod);
>  	/* someone could wait for the module in add_unformed_module() */
> -- 
> 2.34.3
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ