Re: [PATCH] [RFC] Taint the kernel for unsafe module options

From: Andrew Morton
Date: Wed Mar 05 2014 - 15:33:01 EST

Next message: Stephen Boyd: "Re: [PATCH] ARM: kernel: respect device tree status of cpu nodes"
Previous message: Sergey Senozhatsky: "Re: [PATCH] zram: return error-valued pointer from zcomp_create()"
In reply to: Daniel Vetter: "[PATCH] [RFC] Taint the kernel for unsafe module options"
Next in thread: Daniel Vetter: "Re: [PATCH] [RFC] Taint the kernel for unsafe module options"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 5 Mar 2014 10:33:14 +0100 Daniel Vetter <daniel.vetter@xxxxxxxx> wrote:

> Users just love to set random piles of options since surely enabling
> all the experimental stuff helps. Later on we get bug reports because
> it all fell apart.
>
> Even more fun when it's labelled a regression when some change only
> just made the feature possible (e.g. stolen memory fixes suddenly
> making fbc possible).
>
> Make it clear that users are playing with fire here. In drm/i915 all
> these options follow the same pattern of using -1 as the per-machine
> default, and any other value being used for force the parameter.
>
> Adding a pile of cc's to solicit input and figure out whether this
> would be generally useful - this quick rfc is just for drm/i915.

Seems harmless and potentially useful to others so yes, I'd vote for
putting it in core kernel.

However this only handles integers. Will we end up needed great gobs
of new code to detect unsafe setting of u8's, strings, etc?

> --- a/drivers/gpu/drm/i915/i915_params.c
> +++ b/drivers/gpu/drm/i915/i915_params.c

The patch adds lots of trailing whitespace. checkpatch is ->thattaway.

> @@ -50,7 +50,46 @@ struct i915_params i915 __read_mostly = {
> .disable_display = 0,
> };
>
> -module_param_named(modeset, i915.modeset, int, 0400);
> +int param_set_unsafe_int(const char *val, const struct kernel_param *kp)
> +{
> + long l;
> + int ret;
> +
> + ret = kstrtol(val, 0, &l);
> + if (ret < 0 || ((int)l != l))
> + return ret < 0 ? ret : -EINVAL;

That's a bit screwy. Simpler:

if (ret < 0)
return ret;
if ((int)l != l)
return -EINVAL;

> + /* Taint if userspace overrides the kernel defaults. */
> + if (l != -1) {
> + printk(KERN_WARNING "Setting dangerous option %s to non-default value!\n",
> + kp->name);

pr_warn() is nicer.

> + add_taint(TAINT_USER, LOCKDEP_STILL_OK);
> + }
> +
> + *((int *)kp->arg) = l;
> + return 0;
> +}
>
> ...
>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Stephen Boyd: "Re: [PATCH] ARM: kernel: respect device tree status of cpu nodes"
Previous message: Sergey Senozhatsky: "Re: [PATCH] zram: return error-valued pointer from zcomp_create()"
In reply to: Daniel Vetter: "[PATCH] [RFC] Taint the kernel for unsafe module options"
Next in thread: Daniel Vetter: "Re: [PATCH] [RFC] Taint the kernel for unsafe module options"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]