The recent change "module: delay kobject uevent until after module init call", while helping avoid a race between udev/systemd and the module loader, made it unnecessarily more difficult to monitor kernel module integrity by out-of-tree projects such as Linux Kernel Runtime Guard.
Specifically, that change delayed the kobject uevent unnecessarily too far, to until after sending a MODULE_STATE_LIVE notification. As the uevent modifies internal state of the KOBJ itself, this violated the assumption (non-guaranteed yet handy while we can maintain it) that the KOBJ remains consistent and can be integrity-checked as soon as the module is LIVE. To make all of these projects happy at once, move the kobject KOBJ_ADD uevent to just before sending the MODULE_STATE_LIVE notification. Fixes: 38dc717e9715 ("module: delay kobject uevent until after module init call") Signed-off-by: Adam Zabrocki <p...@pi3.com.pl> --- kernel/module.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/kernel/module.c b/kernel/module.c index 4bf30e4b3eaa..7d56b1b07237 100644 --- a/kernel/module.c +++ b/kernel/module.c @@ -3681,14 +3681,14 @@ static noinline int do_init_module(struct module *mod) dump_stack(); } + /* Delay uevent until module has finished its init routine */ + kobject_uevent(&mod->mkobj.kobj, KOBJ_ADD); + /* Now it's a first class citizen! */ mod->state = MODULE_STATE_LIVE; blocking_notifier_call_chain(&module_notify_list, MODULE_STATE_LIVE, mod); - /* Delay uevent until module has finished its init routine */ - kobject_uevent(&mod->mkobj.kobj, KOBJ_ADD); - /* * We need to finish all async code before the module init sequence * is done. This has potential to deadlock. For example, a newly