kernel_optimize_test/arch/x86
Kees Cook 34e1169d99 module: add syscall to load module from fd
As part of the effort to create a stronger boundary between root and
kernel, Chrome OS wants to be able to enforce that kernel modules are
being loaded only from our read-only crypto-hash verified (dm_verity)
root filesystem. Since the init_module syscall hands the kernel a module
as a memory blob, no reasoning about the origin of the blob can be made.

Earlier proposals for appending signatures to kernel modules would not be
useful in Chrome OS, since it would involve adding an additional set of
keys to our kernel and builds for no good reason: we already trust the
contents of our root filesystem. We don't need to verify those kernel
modules a second time. Having to do signature checking on module loading
would slow us down and be redundant. All we need to know is where a
module is coming from so we can say yes/no to loading it.

If a file descriptor is used as the source of a kernel module, many more
things can be reasoned about. In Chrome OS's case, we could enforce that
the module lives on the filesystem we expect it to live on.  In the case
of IMA (or other LSMs), it would be possible, for example, to examine
extended attributes that may contain signatures over the contents of
the module.

This introduces a new syscall (on x86), similar to init_module, that has
only two arguments. The first argument is used as a file descriptor to
the module and the second argument is a pointer to the NULL terminated
string of module arguments.

Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (merge fixes)
2012-12-14 13:05:22 +10:30
..
boot x86, efi: Fix processor-specific memcpy() build error 2012-11-20 20:52:07 +00:00
configs x86/Kconfig: Turn off DEBUG_NX_TEST module in defconfigs 2012-09-05 10:43:12 +02:00
crypto crypto: aesni - fix XTS mode on x86-32, add wrapper function for asmlinkage aesni_enc() 2012-10-18 14:01:33 -07:00
ia32 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/signal 2012-10-10 12:02:25 +09:00
include Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2012-12-01 13:07:48 -08:00
kernel Merge branch 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2012-12-01 13:08:36 -08:00
kvm x86, kvm: Remove incorrect redundant assembly constraint 2012-11-26 15:52:48 -08:00
lguest virtio: remove CONFIG_VIRTIO_RING 2012-09-28 15:05:15 +09:30
lib UAPI: x86: Fix insn_sanity build failure after UAPI split 2012-10-02 18:01:56 +01:00
math-emu
mm x86, mm: Correct vmflag test for checking VM_HUGETLB 2012-11-14 15:03:20 -08:00
net x86: bpf_jit_comp: add XOR instruction for BPF JIT 2012-09-24 16:54:35 -04:00
oprofile oprofile, x86: Fix wrapping bug in op_x86_get_ctrl() 2012-10-15 14:38:24 +02:00
pci x86/ce4100: Fix PCI configuration register access for devices without interrupts 2012-10-30 10:16:47 +01:00
platform x86/ce4100: Fix reboot by forcing the reboot method to be KBD 2012-10-30 10:16:46 +01:00
power
realmode x86, suspend: Correct the restore of CR4, EFER; skip computing EFLAGS.ID 2012-10-02 08:42:31 +02:00
syscalls module: add syscall to load module from fd 2012-12-14 13:05:22 +10:30
tools UAPI: x86: Fix the test_get_len tool 2012-10-02 18:01:56 +01:00
um Merge branch 'modules-next' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux 2012-10-14 13:39:34 -07:00
vdso time: Convert x86_64 to using new update_vsyscall 2012-09-24 12:38:09 -04:00
video
xen xen/mmu: Use Xen specific TLB flush instead of the generic one. 2012-10-31 12:38:31 -04:00
.gitignore
Kbuild
Kconfig Merge branch 'modules-next' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux 2012-10-14 13:39:34 -07:00
Kconfig.cpu x86/Kconfig: Clean up Kconfig defaults 2012-09-13 17:45:33 +02:00
Kconfig.debug
Makefile kbuild: Fix accidental revert in commit fe04ddf 2012-10-15 13:01:05 -07:00
Makefile_32.cpu
Makefile.um