tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Enabling built-in modules earlier in init



On Wed Jun 16 2010 at 06:31:59 -0700, Paul Goyette wrote:
> The attached diffs add a new mod_disabled member to the module_t 
> structure, and set the value to false in each place that a new entry is 
> created.  (Since all of the allocations of module_t structures are done 
> with kmem_zalloc() I could probably avoid the explicit setting of the 
> value to false.)
> 
> The value is set to true whenever a module is removed from active duty 
> and returned to the module_builtin list.  (I specifically did NOT mark a 
> module disabled if its modcmd(INIT) failed, under the assumption that it 
> might succeed in a later retry.)

Keeping the same security use case in mind, it would be better that after
full module bootstrap (i.e. MODULE_CLASS_ANY) all builtin modules would
be either initialized or disabled.  Otherwise, if we assume that init
may later succeed for whatever reason, an operator that checks a module
with a security problem is not activated may be surprised to later find
out that the same module has now been autoenabled.


Home | Main Index | Thread Index | Old Index