LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
* [RFC] export module parameters even the permission is zero
@ 2015-01-14  2:16 Wang, Yalin
  2015-01-14  5:46 ` Kees Cook
  2015-01-20  6:32 ` Rusty Russell
  0 siblings, 2 replies; 4+ messages in thread
From: Wang, Yalin @ 2015-01-14  2:16 UTC (permalink / raw)
  To: 'rusty@rustcorp.com.au',
	'akpm@linux-foundation.org',
	'jani.nikula@intel.com', 'hch@infradead.org',
	'hare@suse.de', 'keescook@chromium.org',
	'linux-kernel@vger.kernel.org'

This patch make sure to export module parameters even the permission
is zero, this is useful for some platforms like Android,
the init process can change the parameter mode/owner by
chmod/chown during bootup

Signed-off-by: Yalin Wang <yalin.wang@sonymobile.com>
---
 kernel/params.c | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/kernel/params.c b/kernel/params.c
index bd65d136..aa80c04 100644
--- a/kernel/params.c
+++ b/kernel/params.c
@@ -607,9 +607,6 @@ static __modinit int add_sysfs_param(struct module_kobject *mk,
 	struct attribute **new_attrs;
 	unsigned int i;
 
-	/* We don't bother calling this with invisible parameters. */
-	BUG_ON(!kp->perm);
-
 	if (!mk->mp) {
 		/* First allocation. */
 		mk->mp = kzalloc(sizeof(*mk->mp), GFP_KERNEL);
@@ -812,9 +809,6 @@ static void __init param_sysfs_builtin(void)
 	for (kp = __start___param; kp < __stop___param; kp++) {
 		char *dot;
 
-		if (kp->perm == 0)
-			continue;
-
 		dot = strchr(kp->name, '.');
 		if (!dot) {
 			/* This happens for core_param() */
-- 
2.1.3

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [RFC] export module parameters even the permission is zero
  2015-01-14  2:16 [RFC] export module parameters even the permission is zero Wang, Yalin
@ 2015-01-14  5:46 ` Kees Cook
  2015-01-20  6:32 ` Rusty Russell
  1 sibling, 0 replies; 4+ messages in thread
From: Kees Cook @ 2015-01-14  5:46 UTC (permalink / raw)
  To: Wang, Yalin; +Cc: rusty, akpm, jani.nikula, hch, hare, linux-kernel

On Tue, Jan 13, 2015 at 6:16 PM, Wang, Yalin <Yalin.Wang@sonymobile.com> wrote:
> This patch make sure to export module parameters even the permission
> is zero, this is useful for some platforms like Android,
> the init process can change the parameter mode/owner by
> chmod/chown during bootup
>
> Signed-off-by: Yalin Wang <yalin.wang@sonymobile.com>

NAK. No sorry, these parameters are explicitly being removed from
sysfs by the various things that use perm==0. This would potentially
expose sensitive values to sysfs. If a value should be exposed, the
perm argument on the specific thing should be changed.

-Kees

> ---
>  kernel/params.c | 6 ------
>  1 file changed, 6 deletions(-)
>
> diff --git a/kernel/params.c b/kernel/params.c
> index bd65d136..aa80c04 100644
> --- a/kernel/params.c
> +++ b/kernel/params.c
> @@ -607,9 +607,6 @@ static __modinit int add_sysfs_param(struct module_kobject *mk,
>         struct attribute **new_attrs;
>         unsigned int i;
>
> -       /* We don't bother calling this with invisible parameters. */
> -       BUG_ON(!kp->perm);
> -
>         if (!mk->mp) {
>                 /* First allocation. */
>                 mk->mp = kzalloc(sizeof(*mk->mp), GFP_KERNEL);
> @@ -812,9 +809,6 @@ static void __init param_sysfs_builtin(void)
>         for (kp = __start___param; kp < __stop___param; kp++) {
>                 char *dot;
>
> -               if (kp->perm == 0)
> -                       continue;
> -
>                 dot = strchr(kp->name, '.');
>                 if (!dot) {
>                         /* This happens for core_param() */
> --
> 2.1.3



-- 
Kees Cook
Chrome OS Security

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [RFC] export module parameters even the permission is zero
  2015-01-14  2:16 [RFC] export module parameters even the permission is zero Wang, Yalin
  2015-01-14  5:46 ` Kees Cook
@ 2015-01-20  6:32 ` Rusty Russell
  2015-01-22  2:07   ` Wang, Yalin
  1 sibling, 1 reply; 4+ messages in thread
From: Rusty Russell @ 2015-01-20  6:32 UTC (permalink / raw)
  To: Wang, Yalin, 'akpm@linux-foundation.org',
	'jani.nikula@intel.com', 'hch@infradead.org',
	'hare@suse.de', 'keescook@chromium.org',
	'linux-kernel@vger.kernel.org'

"Wang, Yalin" <Yalin.Wang@sonymobile.com> writes:
> This patch make sure to export module parameters even the permission
> is zero, this is useful for some platforms like Android,
> the init process can change the parameter mode/owner by
> chmod/chown during bootup
>
> Signed-off-by: Yalin Wang <yalin.wang@sonymobile.com>

Hi!

        Unfortunately, this won't work.  Various parts of the code
assume that 0 permissions means "cannot be changed or read", so this
change would introduce many bugs (eg. the parameter could be
__initdata).

Since these are owned by root at boot, changing mode and owner should
still work.  However, you can't make a read-only field writable and
expect it to work.

Hope that helps,
Rusty.



> ---
>  kernel/params.c | 6 ------
>  1 file changed, 6 deletions(-)
>
> diff --git a/kernel/params.c b/kernel/params.c
> index bd65d136..aa80c04 100644
> --- a/kernel/params.c
> +++ b/kernel/params.c
> @@ -607,9 +607,6 @@ static __modinit int add_sysfs_param(struct module_kobject *mk,
>  	struct attribute **new_attrs;
>  	unsigned int i;
>  
> -	/* We don't bother calling this with invisible parameters. */
> -	BUG_ON(!kp->perm);
> -
>  	if (!mk->mp) {
>  		/* First allocation. */
>  		mk->mp = kzalloc(sizeof(*mk->mp), GFP_KERNEL);
> @@ -812,9 +809,6 @@ static void __init param_sysfs_builtin(void)
>  	for (kp = __start___param; kp < __stop___param; kp++) {
>  		char *dot;
>  
> -		if (kp->perm == 0)
> -			continue;
> -
>  		dot = strchr(kp->name, '.');
>  		if (!dot) {
>  			/* This happens for core_param() */
> -- 
> 2.1.3
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/

^ permalink raw reply	[flat|nested] 4+ messages in thread

* RE: [RFC] export module parameters even the permission is zero
  2015-01-20  6:32 ` Rusty Russell
@ 2015-01-22  2:07   ` Wang, Yalin
  0 siblings, 0 replies; 4+ messages in thread
From: Wang, Yalin @ 2015-01-22  2:07 UTC (permalink / raw)
  To: 'Rusty Russell', 'akpm@linux-foundation.org',
	'jani.nikula@intel.com', 'hch@infradead.org',
	'hare@suse.de', 'keescook@chromium.org',
	'linux-kernel@vger.kernel.org'

> -----Original Message-----
> From: Rusty Russell [mailto:rusty@rustcorp.com.au]
> Sent: Tuesday, January 20, 2015 2:33 PM
> To: Wang, Yalin; 'akpm@linux-foundation.org'; 'jani.nikula@intel.com';
> 'hch@infradead.org'; 'hare@suse.de'; 'keescook@chromium.org'; 'linux-
> kernel@vger.kernel.org'
> Subject: Re: [RFC] export module parameters even the permission is zero
> 
> "Wang, Yalin" <Yalin.Wang@sonymobile.com> writes:
> > This patch make sure to export module parameters even the permission
> > is zero, this is useful for some platforms like Android, the init
> > process can change the parameter mode/owner by chmod/chown during
> > bootup
> >
> > Signed-off-by: Yalin Wang <yalin.wang@sonymobile.com>
> 
> Hi!
> 
>         Unfortunately, this won't work.  Various parts of the code assume
> that 0 permissions means "cannot be changed or read", so this change would
> introduce many bugs (eg. the parameter could be __initdata).
> 
> Since these are owned by root at boot, changing mode and owner should still
> work.  However, you can't make a read-only field writable and expect it to
> work.
> 
Oh, I see,
This means kernel cmdline can change this module_parameter ignored permission,

Thanks for your comments.

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2015-01-22  2:09 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-01-14  2:16 [RFC] export module parameters even the permission is zero Wang, Yalin
2015-01-14  5:46 ` Kees Cook
2015-01-20  6:32 ` Rusty Russell
2015-01-22  2:07   ` Wang, Yalin

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).