On Wed, Jan 13, 2021 at 01:33:10AM +0100, Adam Zabrocki wrote:
> The recent change "module: delay kobject uevent until after module init
> call", while helping avoid a race between udev/systemd and the module
> loader, made it unnecessarily more difficult to monitor kernel module
> integrity by out-of-tree projects such as Linux Kernel Runtime Guard.
We don't support out-of-tree kernel code, sorry.
> Specifically, that change delayed the kobject uevent unnecessarily too far,
> to until after sending a MODULE_STATE_LIVE notification. As the uevent
> modifies internal state of the KOBJ itself, this violated the assumption
> (non-guaranteed yet handy while we can maintain it) that the KOBJ remains
> consistent and can be integrity-checked as soon as the module is LIVE.
>
> To make all of these projects happy at once, move the kobject KOBJ_ADD
> uevent to just before sending the MODULE_STATE_LIVE notification.
>
> Fixes: 38dc717e9715 ("module: delay kobject uevent until after module init
> call")
> Signed-off-by: Adam Zabrocki <p...@pi3.com.pl>
> ---
> kernel/module.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/kernel/module.c b/kernel/module.c
> index 4bf30e4b3eaa..7d56b1b07237 100644
> --- a/kernel/module.c
> +++ b/kernel/module.c
> @@ -3681,14 +3681,14 @@ static noinline int do_init_module(struct module *mod)
> dump_stack();
> }
>
> + /* Delay uevent until module has finished its init routine */
> + kobject_uevent(&mod->mkobj.kobj, KOBJ_ADD);
> +
> /* Now it's a first class citizen! */
> mod->state = MODULE_STATE_LIVE;
> blocking_notifier_call_chain(&module_notify_list,
> MODULE_STATE_LIVE, mod);
>
> - /* Delay uevent until module has finished its init routine */
> - kobject_uevent(&mod->mkobj.kobj, KOBJ_ADD);
> -
No, the code is correct as-is, userspace should be told _after_ the
kernel itself has handled all of the needed housekeeping of the module
being added.
so consider this:
Nacked-by: Greg Kroah-Hartman <gre...@linuxfoundation.org>
