Re: [PATCH 1/3] module: Invalidate signatures on force-loaded modules

From: Rusty Russell
Date: Wed Apr 27 2016 - 20:27:24 EST

Next message: Herbert Xu: "Re: [PATCH v2] lib/mpi: Fix kernel unaligned access in mpi_write_to_sgl"
Previous message: Ben Greear: "Re: [PATCH 3.2 085/115] veth: donât modify ip_summed; doing so treats packets with bad checksums as good."
In reply to: Ben Hutchings: "Re: [PATCH 1/3] module: Invalidate signatures on force-loaded modules"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Ben Hutchings <ben@xxxxxxxxxxxxxxx> writes:
> On Tue, 2016-04-26 at 20:07 +0930, Rusty Russell wrote:
>> Ben Hutchings <ben@xxxxxxxxxxxxxxx> writes:
>> > - if (info->len > markerlen &&
>> > + /*
>> > + Â* Require flags == 0, as a module with version information
>> > + Â* removed is no longer the module that was signed
>> > + Â*/
>> > + if (flags == 0 &&
>> This check is a bit lazy.ÂÂWe could have other flags in future,
>> so this should really be !(flags &
>> (MODULE_INIT_IGNORE_MODVERSIONS|MODULE_INIT_IGNORE_VERMAGIC) right?
>
> Yes we could, but I'd prefer this to fail-safe in case no-one thinks
> about whether it should be updated then.

Yeah, line ball. We could screw up either way, and I can't think of
an reasonable new flag off the top of my head to give a concrete
example.

I've applied all three, thanks!
Rusty.

Next message: Herbert Xu: "Re: [PATCH v2] lib/mpi: Fix kernel unaligned access in mpi_write_to_sgl"
Previous message: Ben Greear: "Re: [PATCH 3.2 085/115] veth: donât modify ip_summed; doing so treats packets with bad checksums as good."
In reply to: Ben Hutchings: "Re: [PATCH 1/3] module: Invalidate signatures on force-loaded modules"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]