On Mon, Feb 20, 2017 at 9:14 AM, Stephen Hemminger <step...@networkplumber.org> wrote: > On Fri, 17 Feb 2017 21:58:42 -0800 > "Eddie Kovsky" <e...@edkovsky.org> wrote: > >> Implement a mechanism to check if a module's address is in >> the rodata or ro_after_init sections. It mimics the exsiting functions >> that test if an address is inside a module's text section. >> >> Signed-off-by: Eddie Kovsky <e...@edkovsky.org> > > I don't see the point of this for many of the hyper-v functions. > They are only called from a small number of places, and this can be validated > by code inspection. Adding this seems just seems to be code bloat to me.
I think it has value in that it effectively blocks any way for non-ro_after_init structures from being passed into these functions. Since there are so few callers now, it's the perfect place to add this. -Kees -- Kees Cook Pixel Security
