+++ Lucas De Marchi [06/08/19 15:53 -0700]:
+Jessica
On Sat, Aug 3, 2019 at 9:50 AM Jack Rosenthal <jrosenth@xxxxxxxxxxxx> wrote:
Has anyone looked into what it may take to support both module
compression and loadpin (ensures modules come from trusted filesystem)?
From my understanding, this is not supported as kmod currently does the
decompression of modules, and loadpin prefers fload_module as it can
tell where the module came from. (https://crbug.com/777204)
In a gist, I am thinking supporting this scenario would require the
module decompression to happen on the kernel side. Wondering if anyone
has looked into this before I go making a solution...
That's my thought as well. In order to use finit_module() with
compressed modules we need to teach the kernel how to open it. It
should not be difficult since kernel already has the decompression
libraries. This also gives us access to another
compression/decompression algorithms - but would be nice to have a
correspondent implementation for modinfo.
I planned to do that some years ago, but never implemented it. Nobody
that I know of is currently working on that. It would be a very
welcome contribution.
Indeed, I don't know of anyone currently working on that. I do not
think it should be that difficult, since as Lucas already mentioned we
already have multiple decompression libraries in the kernel to extract
the compressed kernel image on boot (see: lib/decompress.c and
friends), so at first glance, I don't think it would be too hard to
extend this functionality to the module loader. I'd welcome a patchset :)
Thanks,
Jessica
