Module Name: src
Committed By: riastradh
Date: Fri Aug 12 15:17:10 UTC 2022
Modified Files:
src/sys/kern: kern_module.c
Log Message:
module(9): Don't autounload unaudited modules by default.
Modules that have not been audited for autounload safety don't
recognize the command MODULE_CMD_AUTOUNLOAD and return ENOTTY. These
modules are not safe to autounload, so don't autounload them. Since
unload is risky business (if not careful, can lead to use-after-free,
kernel memory corruption, &c.), it needs to be opt-in by default, not
opt-out.
Modules that have been audited can return 0 or EBUSY to explicitly
allow or deny autounload. Users who want to live on the edge to try
to exercise module autounload even for unaudited modules -- and are
willing to accept the consequences, and maybe contribute to auditing!
-- can set the new sysctl knob kern.module.autounload_unsafe=1.
Discussed on tech-kern:
https://mail-index.netbsd.org/tech-kern/2022/08/08/msg028282.html
To generate a diff of this commit:
cvs rdiff -u -r1.157 -r1.158 src/sys/kern/kern_module.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
