Yun Levi <ppbuk5246@xxxxxxxxx> writes: >> Mostly of what has been happening with binary formats lately is code >> removal. >> >> So I humbly suggest the best defense against misuse by modules is to >> simply remove "EXPORT_SYMBOL(__register_binfmt)". > > It could be a solution. but that means the kernel doesn't allow > dynamic binfmt using modules too. > I think the best safe way to remove registered binfmt is ... > > unregister binfmt list first ---- (1) > synchronize_rcu_task(); > // tasklist stack-check... > unload module. > > But for this, there shouldn't happen in the above situation of (1). > If unregister_binfmt has this problem.. I think there is no way to > unload safely for dynamic registered binfmt via module. I took a quick look and unregistering in the module exit routine looks safe, as set_binfmt takes a module reference, and so prevents the module from being unloaded. If you can find a bug with existing in-kernel code that would be interesting. Otherwise you are making up assumptions that don't current match the code and saying the code is bugging with respect to assumptions that do not hold. The code in the kernel is practical not an implementation of some abstract that is robust for every possible use case. Eric