On Fri, Feb 1, 2013 at 10:54 AM, Lucas De Marchi <lucas.demarchi@xxxxxxxxxxxxxx> wrote: > Hi Kees, > > On Thu, Jan 31, 2013 at 4:34 PM, Kees Cook <keescook@xxxxxxxxxxxx> wrote: >> Hi, just checking on this. Any objections to this patch? I'd like to >> get it into the tree so more people can verify it. >> >> Thanks! > > > Sorry for the delay. I'm currently on honeymoon and not really paying > attention to my email :-). I just gave it a quick look and I very much Ah! No worries then. Have fun! :) > dislike the ifdefs for compat stuff, particularly for including > headers. If we do anything at all, it should not contain that many > ifdefs. Yeah, I can understand that. I will attempt to reduce this, but at present, given the recent glibc thread on adding finit_module, we'll still need something because glibc doesn't want to maintain the ABI for little-used syscalls. :( > > >> >> -Kees >> >> On Tue, Jan 22, 2013 at 9:54 PM, Kees Cook <keescook@xxxxxxxxxxxx> wrote: >>> When a module is being loaded directly from disk (no compression, >>> etc), pass the file descriptor to the new finit_module() syscall. If >>> finit_module is exported by glibc, use it. Otherwise, manually make >>> the syscall on architectures where it is known to exist. Also update >>> testsuite to expect the call, and fix callers of mmap() to use NULL >>> instead of 0. > > please don't. split the patch so the fix to mmap is separated. Ideally > changes to testsuite should be self-contained as well. > > >>> >>> Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx> > > we don't use s-o-b in kmod Okay, noted. I'll update and resend for when you're back. Thanks! -Kees -- Kees Cook Chrome OS Security -- To unsubscribe from this list: send the line "unsubscribe linux-modules" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
