On Fri, Aug 12, 2016 at 4:35 PM, Stephen Hemminger
<stephen@xxxxxxxxxxxxxxxxxx> wrote:
>
> For hardening, the driver structure containing function pointers can
> be marked read only after initial registration is done.
Yay more __ro_after_init! (Minor nit below...)
Also, I wonder if there's a way to do build-time section checking,
e.g. adding "is this hv_driver marked __ro_after_init?" in
__vmbus_driver_register...
> Signed-off-by: Stephen Hemminger <sthemmin@xxxxxxxxxxxxxxxxx>
>
> ---
> drivers/hid/hid-hyperv.c | 2 +-
> drivers/input/serio/hyperv-keyboard.c | 2 +-
> drivers/net/hyperv/netvsc_drv.c | 2 +-
> drivers/pci/host/pci-hyperv.c | 2 +-
> drivers/scsi/storvsc_drv.c | 2 +-
> drivers/video/fbdev/hyperv_fb.c | 2 +-
> 6 files changed, 6 insertions(+), 6 deletions(-)
>
> --- a/drivers/net/hyperv/netvsc_drv.c 2016-08-12 16:23:42.077030799 -0700
> +++ b/drivers/net/hyperv/netvsc_drv.c 2016-08-12 16:23:42.073030781 -0700
> @@ -1488,7 +1488,7 @@ static const struct hv_vmbus_device_id i
> MODULE_DEVICE_TABLE(vmbus, id_table);
>
> /* The one and only one */
> -static struct hv_driver netvsc_drv = {
> +static struct hv_driver netvsc_drv __ro_after_init = {
> .name = KBUILD_MODNAME,
> .id_table = id_table,
> .probe = netvsc_probe,
> --- a/drivers/hid/hid-hyperv.c 2016-08-12 16:23:42.077030799 -0700
> +++ b/drivers/hid/hid-hyperv.c 2016-08-12 16:23:42.077030799 -0700
> @@ -593,7 +593,7 @@ static const struct hv_vmbus_device_id i
>
> MODULE_DEVICE_TABLE(vmbus, id_table);
>
> -static struct hv_driver mousevsc_drv = {
> +static struct hv_driver mousevsc_drv __ro_after_init = {
> .name = KBUILD_MODNAME,
> .id_table = id_table,
> .probe = mousevsc_probe,
> --- a/drivers/input/serio/hyperv-keyboard.c 2016-08-12 16:23:42.077030799 -0700
> +++ b/drivers/input/serio/hyperv-keyboard.c 2016-08-12 16:23:42.077030799 -0700
> @@ -420,7 +420,7 @@ static const struct hv_vmbus_device_id i
>
> MODULE_DEVICE_TABLE(vmbus, id_table);
>
> -static struct hv_driver hv_kbd_drv = {
> +static struct hv_driver hv_kbd_drv __ro_after_init = {
> .name = KBUILD_MODNAME,
> .id_table = id_table,
> .probe = hv_kbd_probe,
> @@ -434,6 +434,7 @@ static int __init hv_kbd_init(void)
>
> static void __exit hv_kbd_exit(void)
> {
> +
Accidental whitespace addition?
> vmbus_driver_unregister(&hv_kbd_drv);
> }
>
> --- a/drivers/pci/host/pci-hyperv.c 2016-08-12 16:23:42.077030799 -0700
> +++ b/drivers/pci/host/pci-hyperv.c 2016-08-12 16:23:42.077030799 -0700
> @@ -2340,7 +2340,7 @@ static const struct hv_vmbus_device_id h
>
> MODULE_DEVICE_TABLE(vmbus, hv_pci_id_table);
>
> -static struct hv_driver hv_pci_drv = {
> +static struct hv_driver hv_pci_drv __ro_after_init = {
> .name = "hv_pci",
> .id_table = hv_pci_id_table,
> .probe = hv_pci_probe,
> --- a/drivers/scsi/storvsc_drv.c 2016-08-12 16:23:42.077030799 -0700
> +++ b/drivers/scsi/storvsc_drv.c 2016-08-12 16:23:42.077030799 -0700
> @@ -1739,7 +1739,7 @@ static int storvsc_remove(struct hv_devi
> return 0;
> }
>
> -static struct hv_driver storvsc_drv = {
> +static struct hv_driver storvsc_drv __ro_after_init = {
> .name = KBUILD_MODNAME,
> .id_table = id_table,
> .probe = storvsc_probe,
> --- a/drivers/video/fbdev/hyperv_fb.c 2016-08-12 16:23:42.077030799 -0700
> +++ b/drivers/video/fbdev/hyperv_fb.c 2016-08-12 16:23:42.077030799 -0700
> @@ -907,7 +907,7 @@ static const struct hv_vmbus_device_id i
> MODULE_DEVICE_TABLE(pci, pci_stub_id_table);
> MODULE_DEVICE_TABLE(vmbus, id_table);
>
> -static struct hv_driver hvfb_drv = {
> +static struct hv_driver hvfb_drv __ro_after_init = {
> .name = KBUILD_MODNAME,
> .id_table = id_table,
> .probe = hvfb_probe,
Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx>
-Kees
--
Kees Cook
Nexus Security
_______________________________________________
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxx
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
