[PATCH 00/14] Make the user mode driver code a better citizen
Eric W. Biederman
ebiederm at xmission.com
Sat Jun 27 12:59:25 UTC 2020
Tetsuo Handa <penguin-kernel at i-love.sakura.ne.jp> writes:
> On 2020/06/26 21:51, Eric W. Biederman wrote:
>> Please let me know if you see any bugs. Once the code review is
>> finished I plan to take this through my tree.
>
[sniped example code]
> causes
>
> BUG_ON(!(task->flags & PF_KTHREAD));
>
> in __fput_sync(). Do we want to forbid umd_load_blob() from process context (e.g.
> upon module initialization time) ?
Interesting. I had not realized that fput_sync would not work from
module context.
Forcing the fput to finish is absolutely necessary. Otherwise the file
will still be open for write and deny_write_access in execve will fail.
Can you try replacing the __fput_sync with:
fput(file);
flush_delayed_fput();
task_work_run();
Given that there is a big requirement for the code to run before init
I don't necessarily think it is a problem __fput_sync is a problem.
But it also seems silly to forbid modules if we can easily fix
the code.
Eric
More information about the Linux-security-module-archive
mailing list