CHROMIUM: module: add syscall to load module from fd
Instead of (or in addition to) kernel module signing, being able to reason
about the origin of a kernel module would be valuable in situations
where an OS already trusts a specific file system, file, etc, due to
things like security labels or an existing root of trust to a partition
through things like dm-verity.
This introduces a new syscall (currently only on x86), similar to
init_module, that has only two arguments. The first argument is used as
a file descriptor to the module and the second argument is a pointer to
the NULL terminated string of module arguments.
Signed-off-by: Kees Cook <keescook@chromium.org>
[accepted into Rusty's modules-wip tree for linux-next:
http://git.kernel.org/?p=linux/kernel/git/rusty/linux.git;a=shortlog;h=refs/heads/modules-wip]
BUG=chromium-os:34134
TEST=parrot build, manual testing
Change-Id: I51122d61d0085ed40d2ac9b542646b28d066d5e3
Reviewed-on: https://gerrit.chromium.org/gerrit/34302
Tested-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Olof Johansson <olofj@chromium.org>
Commit-Ready: Kees Cook <keescook@chromium.org>