lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <202501061610.203636A9C@keescook>
Date: Mon, 6 Jan 2025 16:13:29 -0800
From: Kees Cook <kees@...nel.org>
To: Petr Pavlu <petr.pavlu@...e.com>
Cc: Christophe Leroy <christophe.leroy@...roup.eu>,
	Luis Chamberlain <mcgrof@...nel.org>,
	Sami Tolvanen <samitolvanen@...gle.com>,
	Daniel Gomez <da.gomez@...sung.com>, linux-modules@...r.kernel.org,
	linux-kernel@...r.kernel.org, Thomas Gleixner <tglx@...utronix.de>,
	Mike Rapoport <rppt@...nel.org>
Subject: Re: [PATCH v1 0/3] module: Don't fail module loading when setting
 ro_after_init section RO failed

On Fri, Jan 03, 2025 at 05:13:32PM +0100, Petr Pavlu wrote:
> On 12/5/24 20:46, Christophe Leroy wrote:
> > This series reworks module loading to avoid leaving the module in a
> > stale state when protecting ro_after_init section fails.
> > 
> > Once module init has succeded it is too late to cancel loading.

Is there at least a big WARN about the ro failing? That should let more
sensitive system owners react to the situation if it looks like an
active attack on memory protections.

(And maybe we should set a TAINT flag, but perhaps this is too specific
a failure mode for that?)

Also, why is it too late to cancel? Can we set the module to the
"Unloading" state to stop any dependent modules from loading on top of
it, and then request it unload?

-- 
Kees Cook

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ