On Wed, Jan 13, 2021 at 01:33:10AM +0100, Adam Zabrocki wrote: > The recent change "module: delay kobject uevent until after module init > call", while helping avoid a race between udev/systemd and the module > loader, made it unnecessarily more difficult to monitor kernel module > integrity by out-of-tree projects such as Linux Kernel Runtime Guard.
We don't support out-of-tree kernel code, sorry. > Specifically, that change delayed the kobject uevent unnecessarily too far, > to until after sending a MODULE_STATE_LIVE notification. As the uevent > modifies internal state of the KOBJ itself, this violated the assumption > (non-guaranteed yet handy while we can maintain it) that the KOBJ remains > consistent and can be integrity-checked as soon as the module is LIVE. > > To make all of these projects happy at once, move the kobject KOBJ_ADD > uevent to just before sending the MODULE_STATE_LIVE notification. > > Fixes: 38dc717e9715 ("module: delay kobject uevent until after module init > call") > Signed-off-by: Adam Zabrocki <p...@pi3.com.pl> > --- > kernel/module.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/kernel/module.c b/kernel/module.c > index 4bf30e4b3eaa..7d56b1b07237 100644 > --- a/kernel/module.c > +++ b/kernel/module.c > @@ -3681,14 +3681,14 @@ static noinline int do_init_module(struct module *mod) > dump_stack(); > } > > + /* Delay uevent until module has finished its init routine */ > + kobject_uevent(&mod->mkobj.kobj, KOBJ_ADD); > + > /* Now it's a first class citizen! */ > mod->state = MODULE_STATE_LIVE; > blocking_notifier_call_chain(&module_notify_list, > MODULE_STATE_LIVE, mod); > > - /* Delay uevent until module has finished its init routine */ > - kobject_uevent(&mod->mkobj.kobj, KOBJ_ADD); > - No, the code is correct as-is, userspace should be told _after_ the kernel itself has handled all of the needed housekeeping of the module being added. so consider this: Nacked-by: Greg Kroah-Hartman <gre...@linuxfoundation.org>