On Fri, 7 Apr 2017 15:15:36 -0700 Kees Cook <[email protected]> wrote:
> On Fri, Apr 7, 2017 at 3:12 PM, Andrew Morton <[email protected]> > wrote: > > On Fri, 7 Apr 2017 14:53:23 -0700 Kees Cook <[email protected]> wrote: > > > >> > Eddie Kovsky (2): > >> > module: verify address is read-only > >> > extable: verify address is read-only > >> > > >> > include/linux/kernel.h | 2 ++ > >> > include/linux/module.h | 12 ++++++++++++ > >> > kernel/extable.c | 29 +++++++++++++++++++++++++++ > >> > kernel/module.c | 53 > >> > ++++++++++++++++++++++++++++++++++++++++++++++++++ > >> > 4 files changed, 96 insertions(+) > >> > >> Andrew, do you have these in your mailbox (it went to lkml), or should > >> I resend them directly to you? Since they depend on the > >> __start_ro_after_init naming fixes in -mm, it seemed like it'd be best > >> to carry these two patches there. If so, please consider them both: > >> > >> Acked-by: Kees Cook <[email protected]> > >> > >> (And, from the thread on the module patch, Jessica has Acked that one too.) > > > > Well I grabbed them, but the patches don't actually do anything - they > > add interfaces with no users. What's the plan here? > > I'd like to have a way for interfaces (especially the various > *_register()) to be able to check that a structure is either const or > __ro_after_init. My expectation is to add those and similar > sanity-checks now that we can do so. OK. But I'd rather sit on the patches until we have working, tested, reviewed callers which are agreed to be useful.
