On Thu, Apr 6, 2017 at 6:58 PM, Jessica Yu <j...@redhat.com> wrote: > +++ Eddie Kovsky [05/04/17 21:35 -0600]: >> >> Implement a mechanism to check if a module's address is in >> the rodata or ro_after_init sections. It mimics the existing functions >> that test if an address is inside a module's text section. >> >> Functions that take a module as an argument will be able to verify that >> the >> module address is in a read-only section. The idea is to prevent >> structures >> (including modules) that are not read-only from being passed to functions. >> >> This implements the first half of a suggestion made by Kees Cook for >> the Kernel Self Protection Project: >> >> - provide mechanism to check for ro_after_init memory areas, and >> reject structures not marked ro_after_init in vmbus_register() >> >> Suggested-by: Kees Cook <keesc...@chromium.org> >> Signed-off-by: Eddie Kovsky <e...@edkovsky.org> > > > Acked-by: Jessica Yu <j...@redhat.com>
Thanks! I'll either get these into my kspp tree or ask akpm to carry these since they depend on the renaming in his tree already. -Kees -- Kees Cook Pixel Security