Re: [RFC] Raceless module interface

Bill Davidsen (davidsen@tmr.com)
Sun, 15 Sep 2002 20:24:59 -0400 (EDT)


On Fri, 13 Sep 2002, Daniel Phillips wrote:

> > What DoS opportunities are there?
>
> Suppose the module exit relies on synchronize_kernel. The attacker
> can force repeated synchronize_kernels, knowing that module.c will
> mindlessly do a synchronize_kernel every time a module init fails,
> whether needed or not. Each synchronize_kernel takes an unbounded
> amount of time to complete, across which module.c holds a lock.

That's a good argument WRT the kernel autoloader, but not for manual load
by root. The system should not refuse to attempt an operation about which
root may have additional information (odd hardware or the like). We don't
want to have the kernel DOS itself, but root should be allowed to at least
try.

-- 
bill davidsen <davidsen@tmr.com>
  CTO, TMR Associates, Inc
Doing interesting things with little computers since 1979.

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/