From nobody Tue Feb 10 09:22:17 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4BD37C6FD1F for ; Sun, 19 Mar 2023 21:28:19 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230200AbjCSV2R (ORCPT ); Sun, 19 Mar 2023 17:28:17 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44776 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230270AbjCSV1x (ORCPT ); Sun, 19 Mar 2023 17:27:53 -0400 Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 49E8D1B2DF; Sun, 19 Mar 2023 14:27:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20210309; h=Sender:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description; bh=obTOkYQMALUPVKZh8hnISC5FrxebItRSovwj5DZ33rg=; b=flXntIUHiZmULb/iZiq/1sUZ64 Dt0xEwtDqtrtwPkSei2UCYR5CtIQ7qK2cSLmOscjBRNn1eyzMs8WsQTbyMUTt8QoA2w7B5czTFcVg CAMtpdAHzOvVcin/O3G8618cLimOyKr9l/iBEFkppYvrrlBGjb+vd9OxN0WBeuRrlaIwmbYoQQ8bc P3WHWHhJqvevgP05PnoUe+uJVEmkR5Ri9GO0BwD7xjsApPaOyANa0dWFi4VWsfmQ5c2ZnJnzoBNvA F6uvG7eJUrmNWb5ZLQpRetXnc1f2G4C9zV7wL/xyE6WP8z5H5nZ3BzU92tQhYVbpb6mQh24FS59Ia SJbvMI3Q==; Received: from mcgrof by bombadil.infradead.org with local (Exim 4.96 #2 (Red Hat Linux)) id 1pe0Z9-007Tqz-2B; Sun, 19 Mar 2023 21:27:47 +0000 From: Luis Chamberlain To: linux-modules@vger.kernel.org, linux-kernel@vger.kernel.org, pmladek@suse.com, david@redhat.com, petr.pavlu@suse.com, prarit@redhat.com Cc: christophe.leroy@csgroup.eu, song@kernel.org, mcgrof@kernel.org Subject: [PATCH 01/12] module: move get_modinfo() helpers all above Date: Sun, 19 Mar 2023 14:27:35 -0700 Message-Id: <20230319212746.1783033-2-mcgrof@kernel.org> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20230319212746.1783033-1-mcgrof@kernel.org> References: <20230319212746.1783033-1-mcgrof@kernel.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: Luis Chamberlain Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" Instead of forward declaring routines for get_modinfo() just move everything up. This makes no functional changes. Signed-off-by: Luis Chamberlain --- kernel/module/main.c | 100 +++++++++++++++++++++---------------------- 1 file changed, 48 insertions(+), 52 deletions(-) diff --git a/kernel/module/main.c b/kernel/module/main.c index b4759f1695b7..1e739f534100 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -1016,9 +1016,55 @@ int try_to_force_load(struct module *mod, const char= *reason) #endif } =20 -static char *get_modinfo(const struct load_info *info, const char *tag); +/* Parse tag=3Dvalue strings from .modinfo section */ +static char *next_string(char *string, unsigned long *secsize) +{ + /* Skip non-zero chars */ + while (string[0]) { + string++; + if ((*secsize)-- <=3D 1) + return NULL; + } + + /* Skip any zero padding. */ + while (!string[0]) { + string++; + if ((*secsize)-- <=3D 1) + return NULL; + } + return string; +} + static char *get_next_modinfo(const struct load_info *info, const char *ta= g, - char *prev); + char *prev) +{ + char *p; + unsigned int taglen =3D strlen(tag); + Elf_Shdr *infosec =3D &info->sechdrs[info->index.info]; + unsigned long size =3D infosec->sh_size; + + /* + * get_modinfo() calls made before rewrite_section_headers() + * must use sh_offset, as sh_addr isn't set! + */ + char *modinfo =3D (char *)info->hdr + infosec->sh_offset; + + if (prev) { + size -=3D prev - modinfo; + modinfo =3D next_string(prev, &size); + } + + for (p =3D modinfo; p; p =3D next_string(p, &size)) { + if (strncmp(p, tag, taglen) =3D=3D 0 && p[taglen] =3D=3D '=3D') + return p + taglen + 1; + } + return NULL; +} + +static char *get_modinfo(const struct load_info *info, const char *tag) +{ + return get_next_modinfo(info, tag, NULL); +} =20 static int verify_namespace_is_imported(const struct load_info *info, const struct kernel_symbol *sym, @@ -1544,56 +1590,6 @@ static void set_license(struct module *mod, const ch= ar *license) } } =20 -/* Parse tag=3Dvalue strings from .modinfo section */ -static char *next_string(char *string, unsigned long *secsize) -{ - /* Skip non-zero chars */ - while (string[0]) { - string++; - if ((*secsize)-- <=3D 1) - return NULL; - } - - /* Skip any zero padding. */ - while (!string[0]) { - string++; - if ((*secsize)-- <=3D 1) - return NULL; - } - return string; -} - -static char *get_next_modinfo(const struct load_info *info, const char *ta= g, - char *prev) -{ - char *p; - unsigned int taglen =3D strlen(tag); - Elf_Shdr *infosec =3D &info->sechdrs[info->index.info]; - unsigned long size =3D infosec->sh_size; - - /* - * get_modinfo() calls made before rewrite_section_headers() - * must use sh_offset, as sh_addr isn't set! - */ - char *modinfo =3D (char *)info->hdr + infosec->sh_offset; - - if (prev) { - size -=3D prev - modinfo; - modinfo =3D next_string(prev, &size); - } - - for (p =3D modinfo; p; p =3D next_string(p, &size)) { - if (strncmp(p, tag, taglen) =3D=3D 0 && p[taglen] =3D=3D '=3D') - return p + taglen + 1; - } - return NULL; -} - -static char *get_modinfo(const struct load_info *info, const char *tag) -{ - return get_next_modinfo(info, tag, NULL); -} - static void setup_modinfo(struct module *mod, struct load_info *info) { struct module_attribute *attr; --=20 2.39.1 From nobody Tue Feb 10 09:22:17 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 00471C6FD1F for ; Sun, 19 Mar 2023 21:28:42 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230075AbjCSV2l (ORCPT ); Sun, 19 Mar 2023 17:28:41 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44786 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230283AbjCSV1y (ORCPT ); Sun, 19 Mar 2023 17:27:54 -0400 Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3C8591B2FF; Sun, 19 Mar 2023 14:27:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20210309; h=Sender:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description; bh=J+/Q2DOgs8vLCa0HCsTGz7EjcxV00x9bDse9i1PpR1s=; b=CePS1LwRJyuk+mkqKdjf8aIOmS FrhfJ1Wk3YFgAnxvw2mIuv1lFtVQ0yOzMUjwUjJ6+k4kYoIbr73SxK99lOYnNygKn9WVQW4sq16Tx KCpoV0Z0juvqUek64GwK2lp0AQvRbwNqo/n5JhwNblKtSxOStv2JRRA/LdHcZJmm8DjPpLVewxHuT 4ssQNmJsTtmWllfpBp5anKbmmVQifx3xpoHinbk2l+aEsCPPH1Rmz5LDy0e74s1kneUteJQKSGlVl +cVTxGrzRDBKDCcI+f8z0/RtCZY6WuCrQRsr2dXT65xjtOvfkukjMUgK4ytyOlSgef58ks0mDq+Ik rHW3CN7w==; Received: from mcgrof by bombadil.infradead.org with local (Exim 4.96 #2 (Red Hat Linux)) id 1pe0Z9-007Tr1-2I; Sun, 19 Mar 2023 21:27:47 +0000 From: Luis Chamberlain To: linux-modules@vger.kernel.org, linux-kernel@vger.kernel.org, pmladek@suse.com, david@redhat.com, petr.pavlu@suse.com, prarit@redhat.com Cc: christophe.leroy@csgroup.eu, song@kernel.org, mcgrof@kernel.org Subject: [PATCH 02/12] module: rename next_string() to module_next_tag_pair() Date: Sun, 19 Mar 2023 14:27:36 -0700 Message-Id: <20230319212746.1783033-3-mcgrof@kernel.org> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20230319212746.1783033-1-mcgrof@kernel.org> References: <20230319212746.1783033-1-mcgrof@kernel.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: Luis Chamberlain Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" This makes it clearer what it is doing. While at it, make it available to other code other than main.c. This will be used in the subsequent patch and make the changes easier to read. Signed-off-by: Luis Chamberlain --- kernel/module/internal.h | 2 ++ kernel/module/main.c | 6 +++--- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/kernel/module/internal.h b/kernel/module/internal.h index e3883b7d4840..1fa2328636ec 100644 --- a/kernel/module/internal.h +++ b/kernel/module/internal.h @@ -96,6 +96,8 @@ long module_get_offset_and_type(struct module *mod, enum = mod_mem_type type, char *module_flags(struct module *mod, char *buf, bool show_state); size_t module_flags_taint(unsigned long taints, char *buf); =20 +char *module_next_tag_pair(char *string, unsigned long *secsize); + static inline void module_assert_mutex_or_preempt(void) { #ifdef CONFIG_LOCKDEP diff --git a/kernel/module/main.c b/kernel/module/main.c index 1e739f534100..ebb5e6b92a48 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -1017,7 +1017,7 @@ int try_to_force_load(struct module *mod, const char = *reason) } =20 /* Parse tag=3Dvalue strings from .modinfo section */ -static char *next_string(char *string, unsigned long *secsize) +char *module_next_tag_pair(char *string, unsigned long *secsize) { /* Skip non-zero chars */ while (string[0]) { @@ -1051,10 +1051,10 @@ static char *get_next_modinfo(const struct load_inf= o *info, const char *tag, =20 if (prev) { size -=3D prev - modinfo; - modinfo =3D next_string(prev, &size); + modinfo =3D module_next_tag_pair(prev, &size); } =20 - for (p =3D modinfo; p; p =3D next_string(p, &size)) { + for (p =3D modinfo; p; p =3D module_next_tag_pair(p, &size)) { if (strncmp(p, tag, taglen) =3D=3D 0 && p[taglen] =3D=3D '=3D') return p + taglen + 1; } --=20 2.39.1 From nobody Tue Feb 10 09:22:17 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id BC024C7618A for ; Sun, 19 Mar 2023 21:28:10 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229830AbjCSV2I (ORCPT ); Sun, 19 Mar 2023 17:28:08 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44762 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230261AbjCSV1x (ORCPT ); Sun, 19 Mar 2023 17:27:53 -0400 Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4AB551B2F2; Sun, 19 Mar 2023 14:27:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20210309; h=Sender:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description; bh=ttolxm8RztPeexRc54yX/SDdKM9dpm837Hu569jN01E=; b=BUoFWO0O2aXq46a8vowGSTOmUE On2jYQOWQx4biFqN81qiBnYsK4soBT2ivCJNNqXTi+kQjQInI8vOcMtRM4pMnANUiD/35hQ5cQbHy hMohMhBn2VfdfgUbXsNftjPJVQitF9K1emCMS/ZGrS/T2wek+DeKrXN68U8dYFIBQn9c5MxBxakhG 7cG6n85FJysxMlYlQy8imW1jWiN6HGL8trNCyXtx8wso2E7YJhJnf+0p2ssAXuqKo6kDz6i+ziyiG Dklap8cLtZiNS8YHUakLbWqNlV33CsK0m8agKvhq512jCc97Y2/eEn+GQf9MogCm8XGSryvGyRYKW qsXfIbPQ==; Received: from mcgrof by bombadil.infradead.org with local (Exim 4.96 #2 (Red Hat Linux)) id 1pe0Z9-007Tr3-2P; Sun, 19 Mar 2023 21:27:47 +0000 From: Luis Chamberlain To: linux-modules@vger.kernel.org, linux-kernel@vger.kernel.org, pmladek@suse.com, david@redhat.com, petr.pavlu@suse.com, prarit@redhat.com Cc: christophe.leroy@csgroup.eu, song@kernel.org, mcgrof@kernel.org Subject: [PATCH 03/12] module: add a for_each_modinfo_entry() Date: Sun, 19 Mar 2023 14:27:37 -0700 Message-Id: <20230319212746.1783033-4-mcgrof@kernel.org> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20230319212746.1783033-1-mcgrof@kernel.org> References: <20230319212746.1783033-1-mcgrof@kernel.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: Luis Chamberlain Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" Add a for_each_modinfo_entry() to make it easier to read and use. This produces no functional changes but makes this code easiert to read as we are used to with loops in the kernel and trims more lines of code. Signed-off-by: Luis Chamberlain --- kernel/module/internal.h | 3 +++ kernel/module/main.c | 5 +---- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/kernel/module/internal.h b/kernel/module/internal.h index 1fa2328636ec..6ae29bb8836f 100644 --- a/kernel/module/internal.h +++ b/kernel/module/internal.h @@ -98,6 +98,9 @@ size_t module_flags_taint(unsigned long taints, char *buf= ); =20 char *module_next_tag_pair(char *string, unsigned long *secsize); =20 +#define for_each_modinfo_entry(entry, info, name) \ + for (entry =3D get_modinfo(info, name); entry; entry =3D get_next_modinfo= (info, name, entry)) + static inline void module_assert_mutex_or_preempt(void) { #ifdef CONFIG_LOCKDEP diff --git a/kernel/module/main.c b/kernel/module/main.c index ebb5e6b92a48..427284ab31f1 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -1075,12 +1075,9 @@ static int verify_namespace_is_imported(const struct= load_info *info, =20 namespace =3D kernel_symbol_namespace(sym); if (namespace && namespace[0]) { - imported_namespace =3D get_modinfo(info, "import_ns"); - while (imported_namespace) { + for_each_modinfo_entry(imported_namespace, info, "import_ns") { if (strcmp(namespace, imported_namespace) =3D=3D 0) return 0; - imported_namespace =3D get_next_modinfo( - info, "import_ns", imported_namespace); } #ifdef CONFIG_MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS pr_warn( --=20 2.39.1 From nobody Tue Feb 10 09:22:17 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id EB124C7618A for ; Sun, 19 Mar 2023 21:28:14 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230332AbjCSV2M (ORCPT ); Sun, 19 Mar 2023 17:28:12 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44760 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230263AbjCSV1x (ORCPT ); Sun, 19 Mar 2023 17:27:53 -0400 Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4AA1B1B2F1; Sun, 19 Mar 2023 14:27:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20210309; h=Sender:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description; bh=psuLoCB7yMo0lQ1qK6AoFWy0yUy3JveB/SBuC3I8l14=; b=JqNqxtSTJBKuFUjhNtyLe1tRpu REERQ0T2uRXb/KuQjDj2q+827LAgGqwwcdDo0UwlK6lSdwkJoctjxJDYjaf/oFcHZXHpNVPtKByDo MJzwa7JQm2W9qjCFA5+MV1MhGv/dj+gPO5xz+AoB69YYfDY87Nf1VqFG4BCKbghs4hLMdo/UG3u1q j5AL7curNFHa6ODUxQkodxSKykBVgwLiHw36cSc+97+SghEcJPcUC21Eg1rV9vz97Jl/FylW1utBo ofsyEu+uViWLN1waouyNIqZw2ufh/Q6474CYzO4Rm+uhf5v9RzL68eHiREitIQpi/t9aOoNw/nkBv vahukfig==; Received: from mcgrof by bombadil.infradead.org with local (Exim 4.96 #2 (Red Hat Linux)) id 1pe0Z9-007Tr5-2W; Sun, 19 Mar 2023 21:27:47 +0000 From: Luis Chamberlain To: linux-modules@vger.kernel.org, linux-kernel@vger.kernel.org, pmladek@suse.com, david@redhat.com, petr.pavlu@suse.com, prarit@redhat.com Cc: christophe.leroy@csgroup.eu, song@kernel.org, mcgrof@kernel.org Subject: [PATCH 04/12] module: move early sanity checks into a helper Date: Sun, 19 Mar 2023 14:27:38 -0700 Message-Id: <20230319212746.1783033-5-mcgrof@kernel.org> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20230319212746.1783033-1-mcgrof@kernel.org> References: <20230319212746.1783033-1-mcgrof@kernel.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: Luis Chamberlain Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" Move early sanity checkers for the module into a helper. This let's us make it clear when we are working with the local copy of the module prior to allocation. This produces no functional changes, it just makes subsequent changes easier to read. Signed-off-by: Luis Chamberlain --- kernel/module/main.c | 43 ++++++++++++++++++++++++++----------------- 1 file changed, 26 insertions(+), 17 deletions(-) diff --git a/kernel/module/main.c b/kernel/module/main.c index 427284ab31f1..933cef72ae13 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -2668,6 +2668,31 @@ static int unknown_module_param_cb(char *param, char= *val, const char *modname, return 0; } =20 +/* Module within temporary copy, this doesn't do any allocation */ +static int early_mod_check(struct load_info *info, int flags) +{ + int err; + + /* + * Now that we know we have the correct module name, check + * if it's blacklisted. + */ + if (blacklisted(info->name)) { + pr_err("Module %s is blacklisted\n", info->name); + return -EPERM; + } + + err =3D rewrite_section_headers(info, flags); + if (err) + return err; + + /* Check module struct version now, before we try to use module. */ + if (!check_modstruct_version(info, info->mod)) + return ENOEXEC; + + return 0; +} + /* * Allocate and load the module: note that size of section 0 is always * zero, and we rely on this for optional sections. @@ -2711,26 +2736,10 @@ static int load_module(struct load_info *info, cons= t char __user *uargs, if (err) goto free_copy; =20 - /* - * Now that we know we have the correct module name, check - * if it's blacklisted. - */ - if (blacklisted(info->name)) { - err =3D -EPERM; - pr_err("Module %s is blacklisted\n", info->name); - goto free_copy; - } - - err =3D rewrite_section_headers(info, flags); + err =3D early_mod_check(info, flags); if (err) goto free_copy; =20 - /* Check module struct version now, before we try to use module. */ - if (!check_modstruct_version(info, info->mod)) { - err =3D -ENOEXEC; - goto free_copy; - } - /* Figure out module layout, and allocate all the memory. */ mod =3D layout_and_allocate(info, flags); if (IS_ERR(mod)) { --=20 2.39.1 From nobody Tue Feb 10 09:22:17 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id DBC12C761A6 for ; Sun, 19 Mar 2023 21:27:56 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230287AbjCSV1z (ORCPT ); Sun, 19 Mar 2023 17:27:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44718 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229619AbjCSV1w (ORCPT ); Sun, 19 Mar 2023 17:27:52 -0400 Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4ACB21B2F4; Sun, 19 Mar 2023 14:27:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20210309; h=Sender:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description; bh=TgcmLQQdyElaRgOFKPmxQnBZLdzQrkkBcxBFD4PRGHw=; b=bxpbjCtQm1SSlUhuFd6bmJaWap nJqLlxA+Igeo4aloU/snQFDDS9j9szPzmaX1hzCc/e+QMsLiXj7y3eOqpR24lRfOTxDp8IrBvx2Jy q4Y8qLW4R40q05IHiZoe4fJ6z378s73dN9JlSQt8QZogNm7Qlri8ssBXfAZNmXGDulI6Ez1eCBVUs X4CRskRlYQBGZnueynO2TVWktXG/b5FIZW6FfsnkN7TSTS7E51feFJh2s6XFej3LWOb4Pnu+x6Nt8 cpFKVulK8o7aymcFwkGi9IMf670+BJVE+tQmtz5gwbkzjAK7yM5ZPwBve3Zix4H/E7bnnatGnM0v7 kVkV6idg==; Received: from mcgrof by bombadil.infradead.org with local (Exim 4.96 #2 (Red Hat Linux)) id 1pe0Z9-007Tr7-2d; Sun, 19 Mar 2023 21:27:47 +0000 From: Luis Chamberlain To: linux-modules@vger.kernel.org, linux-kernel@vger.kernel.org, pmladek@suse.com, david@redhat.com, petr.pavlu@suse.com, prarit@redhat.com Cc: christophe.leroy@csgroup.eu, song@kernel.org, mcgrof@kernel.org Subject: [PATCH 05/12] module: move check_modinfo() early to early_mod_check() Date: Sun, 19 Mar 2023 14:27:39 -0700 Message-Id: <20230319212746.1783033-6-mcgrof@kernel.org> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20230319212746.1783033-1-mcgrof@kernel.org> References: <20230319212746.1783033-1-mcgrof@kernel.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: Luis Chamberlain Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" This moves check_modinfo() to early_mod_check(). This doesn't make any functional changes either, as check_modinfo() was the first call on layout_and_allocate(), so we're just moving it back one routine and at the end. This let's us keep separate the checkers from the allocator. Signed-off-by: Luis Chamberlain --- kernel/module/main.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/kernel/module/main.c b/kernel/module/main.c index 933cef72ae13..95fd705328ac 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -2273,10 +2273,6 @@ static struct module *layout_and_allocate(struct loa= d_info *info, int flags) unsigned int ndx; int err; =20 - err =3D check_modinfo(info->mod, info, flags); - if (err) - return ERR_PTR(err); - /* Allow arches to frob section contents and sizes. */ err =3D module_frob_arch_sections(info->hdr, info->sechdrs, info->secstrings, info->mod); @@ -2688,7 +2684,11 @@ static int early_mod_check(struct load_info *info, i= nt flags) =20 /* Check module struct version now, before we try to use module. */ if (!check_modstruct_version(info, info->mod)) - return ENOEXEC; + return -ENOEXEC; + + err =3D check_modinfo(info->mod, info, flags); + if (err) + return err; =20 return 0; } --=20 2.39.1 From nobody Tue Feb 10 09:22:17 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id AC5AAC7618A for ; Sun, 19 Mar 2023 21:28:35 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230355AbjCSV2d (ORCPT ); Sun, 19 Mar 2023 17:28:33 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44784 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230281AbjCSV1y (ORCPT ); Sun, 19 Mar 2023 17:27:54 -0400 Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3C18C1B2D8; Sun, 19 Mar 2023 14:27:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20210309; h=Sender:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description; bh=Y4inih6EMR+irK8uhPNLzhLHPy7ra4luuniGmaPokTs=; b=EIz4TIDfS/FzCmyu9OWDP+62u1 1ekZjcAPXtboI1H4AWBlt5FhUiHoPZtJp13yv3914FJ5GIKtHlslvJeTXW+1M8KYSCZwVlpJY1A6X Oo4Zk0gWRfrhBFzfOjvUskXehJ/1NOo+FBBa72egioQZhfYezozRfCE2ec9fXsl6p/BP8Rwch5i9Q S+j1K/N2KFTYAaBdiIrWJILWXf0hvpiTakat2q7jMI3SfDIKaUG+kTzE4ECSssUlu87s4Zh9Grhxt C0Ma6+E1/5saWJVsr3zuHzMODv/ihjgVtqEXWq4se0HcCF/kDiYzQHyhSX0WTaS/gWh4GEb89KMGp W2uBERuQ==; Received: from mcgrof by bombadil.infradead.org with local (Exim 4.96 #2 (Red Hat Linux)) id 1pe0Z9-007Tr9-2k; Sun, 19 Mar 2023 21:27:47 +0000 From: Luis Chamberlain To: linux-modules@vger.kernel.org, linux-kernel@vger.kernel.org, pmladek@suse.com, david@redhat.com, petr.pavlu@suse.com, prarit@redhat.com Cc: christophe.leroy@csgroup.eu, song@kernel.org, mcgrof@kernel.org Subject: [PATCH 06/12] module: rename set_license() to module_license_taint_check() Date: Sun, 19 Mar 2023 14:27:40 -0700 Message-Id: <20230319212746.1783033-7-mcgrof@kernel.org> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20230319212746.1783033-1-mcgrof@kernel.org> References: <20230319212746.1783033-1-mcgrof@kernel.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: Luis Chamberlain Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" The set_license() routine would seem to a reader to do some sort of setting, but it does not. It just adds a taint if the license is not set or proprietary. This makes what the code is doing clearer, so much we can remove the comment about it. Signed-off-by: Luis Chamberlain --- kernel/module/main.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/kernel/module/main.c b/kernel/module/main.c index 95fd705328ac..5e64485ac05a 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -1573,7 +1573,7 @@ static void layout_sections(struct module *mod, struc= t load_info *info) __layout_sections(mod, info, true); } =20 -static void set_license(struct module *mod, const char *license) +static void module_license_taint_check(struct module *mod, const char *lic= ense) { if (!license) license =3D "unspecified"; @@ -1993,8 +1993,7 @@ static int check_modinfo(struct module *mod, struct l= oad_info *info, int flags) if (err) return err; =20 - /* Set up license info based on the info section */ - set_license(mod, get_modinfo(info, "license")); + module_license_taint_check(mod, get_modinfo(info, "license")); =20 if (get_modinfo(info, "test")) { if (!test_taint(TAINT_TEST)) --=20 2.39.1 From nobody Tue Feb 10 09:22:17 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 810D6C7618A for ; Sun, 19 Mar 2023 21:28:22 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230343AbjCSV2V (ORCPT ); Sun, 19 Mar 2023 17:28:21 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44756 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230259AbjCSV1x (ORCPT ); Sun, 19 Mar 2023 17:27:53 -0400 Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 499A41B2D6; Sun, 19 Mar 2023 14:27:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20210309; h=Sender:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description; bh=TNKFBczfmqBEiVAXmn3NstMmKpWyY8bTvwWC8VMgfwI=; b=2YNfX4Gb7NFUDeTL79AD09p50C URGSVTO2wXU3RJdLci6jM5vAak1lK0yKaMOkQremNdmxdSBxlQS3zTgyXcLG79TOYw1K7fy23WN1U ZXbEJlCnGf0DhpBmAuXrIGI5zJZdO99JvWLxy7KRu0XfXkhk/Fzkb/BKr6S6StW4eub6khk6PfvD/ Hj6P8gHE26VKga8efzNkoQtRibpITDaXE+gWtDCaXHHPtbHhHFcQ1E7PthftYOl6vlqk3FK3DHWl8 5HAhRd+CRdGcLZyUwjchp3jrvHg12hlEQlhKi3Xof6O1ci6KsSwYvTqzwlScyf++bJ7pAEnltdmbD mH9Ac19w==; Received: from mcgrof by bombadil.infradead.org with local (Exim 4.96 #2 (Red Hat Linux)) id 1pe0Z9-007TrB-2r; Sun, 19 Mar 2023 21:27:47 +0000 From: Luis Chamberlain To: linux-modules@vger.kernel.org, linux-kernel@vger.kernel.org, pmladek@suse.com, david@redhat.com, petr.pavlu@suse.com, prarit@redhat.com Cc: christophe.leroy@csgroup.eu, song@kernel.org, mcgrof@kernel.org Subject: [PATCH 07/12] module: split taint work out of check_modinfo_livepatch() Date: Sun, 19 Mar 2023 14:27:41 -0700 Message-Id: <20230319212746.1783033-8-mcgrof@kernel.org> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20230319212746.1783033-1-mcgrof@kernel.org> References: <20230319212746.1783033-1-mcgrof@kernel.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: Luis Chamberlain Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" The work to taint the kernel due to a module should be split up eventually. To aid with this, split up the tainting on check_modinfo_livepatch(). This let's us bring more early checks together which do return a value, and makes changes easier to read later where we stuff all the work to do the taints in one single routine. Signed-off-by: Luis Chamberlain --- kernel/module/main.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/kernel/module/main.c b/kernel/module/main.c index 5e64485ac05a..cfb2ff5185fe 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -1808,12 +1808,8 @@ static int check_modinfo_livepatch(struct module *mo= d, struct load_info *info) /* Nothing more to do */ return 0; =20 - if (set_livepatch_module(mod)) { - add_taint_module(mod, TAINT_LIVEPATCH, LOCKDEP_STILL_OK); - pr_notice_once("%s: tainting kernel with TAINT_LIVEPATCH\n", - mod->name); + if (set_livepatch_module(mod)) return 0; - } =20 pr_err("%s: module is marked as livepatch module, but livepatch support i= s disabled", mod->name); @@ -1993,6 +1989,11 @@ static int check_modinfo(struct module *mod, struct = load_info *info, int flags) if (err) return err; =20 + if (is_livepatch_module(mod)) { + add_taint_module(mod, TAINT_LIVEPATCH, LOCKDEP_STILL_OK); + pr_notice_once("%s: tainting kernel with TAINT_LIVEPATCH\n", + mod->name); + } module_license_taint_check(mod, get_modinfo(info, "license")); =20 if (get_modinfo(info, "test")) { --=20 2.39.1 From nobody Tue Feb 10 09:22:17 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 10991C6FD1F for ; Sun, 19 Mar 2023 21:28:40 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229676AbjCSV2i (ORCPT ); Sun, 19 Mar 2023 17:28:38 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44760 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230280AbjCSV1y (ORCPT ); Sun, 19 Mar 2023 17:27:54 -0400 Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 488011B2D3; Sun, 19 Mar 2023 14:27:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20210309; h=Sender:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description; bh=J5+PTL3UiSHXzOIaCcjJ/nf03t7Vym4klhpDlvyr5mo=; b=eYLW42ks3Vsi848lIP3xFkc82R j3TW7LIFItJXnL2NWT83irEvyaPAj63MucP2yOCIcFKeYOBQfS1TC33HV0yyd5IsdleHESkLioCfD FF47ywU8VND3qODu96jtuv9JrrJVsuqpz3gFpN73LfEXKY0ebHKiiLLo+NeGIR8pOmSMUvUO7g3aD xdNQz5DTR1p7U1lQHirv+GbzdW1tcmiyyT0OOhFOqjgSgXNI5ft5LvjBV7OB/W95HHJqHO1jaaCbL sRnr+gFquGE0mZTtQPyY3zhAMWV72aQqmGG0ZCzxw3J+zxyOZH2WDclPrP191GGfxojk62NMnsnDn oeujcASQ==; Received: from mcgrof by bombadil.infradead.org with local (Exim 4.96 #2 (Red Hat Linux)) id 1pe0Z9-007TrD-2y; Sun, 19 Mar 2023 21:27:47 +0000 From: Luis Chamberlain To: linux-modules@vger.kernel.org, linux-kernel@vger.kernel.org, pmladek@suse.com, david@redhat.com, petr.pavlu@suse.com, prarit@redhat.com Cc: christophe.leroy@csgroup.eu, song@kernel.org, mcgrof@kernel.org Subject: [PATCH 08/12] module: split taint adding with info checking Date: Sun, 19 Mar 2023 14:27:42 -0700 Message-Id: <20230319212746.1783033-9-mcgrof@kernel.org> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20230319212746.1783033-1-mcgrof@kernel.org> References: <20230319212746.1783033-1-mcgrof@kernel.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: Luis Chamberlain Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" check_modinfo() actually does two things: a) sanity checks, some of which are fatal, and so we prevent the user from completing trying to load a module b) taints the kernel The taints are pretty heavy handed because we're tainting the kernel *before* we ever even get to load the module into the modules linked list. That is, it it can fail for other reasons later as we review the module's structure. But this commit makes no functional changes, it just makes the intent clearer and splits the code up where needed to make that happen. Signed-off-by: Luis Chamberlain --- kernel/module/main.c | 62 ++++++++++++++++++++++++++++---------------- 1 file changed, 40 insertions(+), 22 deletions(-) diff --git a/kernel/module/main.c b/kernel/module/main.c index cfb2ff5185fe..a3953ca18090 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -1951,25 +1951,10 @@ static int setup_load_info(struct load_info *info, = int flags) return 0; } =20 -static int check_modinfo(struct module *mod, struct load_info *info, int f= lags) +/* + * These calls taint the kernel depending certain module circumstances */ +static void module_augment_kernel_taints(struct module *mod, struct load_i= nfo *info) { - const char *modmagic =3D get_modinfo(info, "vermagic"); - int err; - - if (flags & MODULE_INIT_IGNORE_VERMAGIC) - modmagic =3D NULL; - - /* This is allowed: modprobe --force will invalidate it. */ - if (!modmagic) { - err =3D try_to_force_load(mod, "bad vermagic"); - if (err) - return err; - } else if (!same_magic(modmagic, vermagic, info->index.vers)) { - pr_err("%s: version magic '%s' should be '%s'\n", - info->name, modmagic, vermagic); - return -ENOEXEC; - } - if (!get_modinfo(info, "intree")) { if (!test_taint(TAINT_OOT_MODULE)) pr_warn("%s: loading out-of-tree module taints kernel.\n", @@ -1985,15 +1970,12 @@ static int check_modinfo(struct module *mod, struct= load_info *info, int flags) "is unknown, you have been warned.\n", mod->name); } =20 - err =3D check_modinfo_livepatch(mod, info); - if (err) - return err; - if (is_livepatch_module(mod)) { add_taint_module(mod, TAINT_LIVEPATCH, LOCKDEP_STILL_OK); pr_notice_once("%s: tainting kernel with TAINT_LIVEPATCH\n", mod->name); } + module_license_taint_check(mod, get_modinfo(info, "license")); =20 if (get_modinfo(info, "test")) { @@ -2002,6 +1984,42 @@ static int check_modinfo(struct module *mod, struct = load_info *info, int flags) mod->name); add_taint_module(mod, TAINT_TEST, LOCKDEP_STILL_OK); } +} + +static int check_modinfo(struct module *mod, struct load_info *info, int f= lags) +{ + const char *modmagic =3D get_modinfo(info, "vermagic"); + int err; + + if (flags & MODULE_INIT_IGNORE_VERMAGIC) + modmagic =3D NULL; + + /* This is allowed: modprobe --force will invalidate it. */ + if (!modmagic) { + err =3D try_to_force_load(mod, "bad vermagic"); + if (err) + return err; + } else if (!same_magic(modmagic, vermagic, info->index.vers)) { + pr_err("%s: version magic '%s' should be '%s'\n", + info->name, modmagic, vermagic); + return -ENOEXEC; + } + + err =3D check_modinfo_livepatch(mod, info); + if (err) + return err; + + /* + * We are tainting your kernel *even* if you try to load + * modules with possible taints and we fail to load these + * modules for other reasons. + * + * We have a descrepancy though, see the other taints for + * signature and those in check_module_license_and_versions(). + * + * We should compromise and converge. + */ + module_augment_kernel_taints(mod, info); =20 return 0; } --=20 2.39.1 From nobody Tue Feb 10 09:22:17 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2BE05C6FD1F for ; Sun, 19 Mar 2023 21:28:27 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230348AbjCSV2X (ORCPT ); Sun, 19 Mar 2023 17:28:23 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44774 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230267AbjCSV1x (ORCPT ); Sun, 19 Mar 2023 17:27:53 -0400 Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 488581B2D5; Sun, 19 Mar 2023 14:27:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20210309; h=Sender:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description; bh=DmmClILS1g6mcg7ANVU+N9GnQBvI3D3ynSwuLGeWqeI=; b=JOGTvYtqYTaBIKjuf0MlJsEXU6 ih7Dq5oCMS6MzKn1cNg2MRQqtbCPpb8OHPM2QQs1KwUoSSI63TpttvQnqXLXN+9IRQqPN44SrtjY/ gwPnKkV4vnY+EfQmaDmGJcyd80GRNNttTdbopL45wvuoEvK1MMdPR4nf0QXYF/ZIHpLlFfMkkebTq UqWNaLzQP3DnpQUD1w6khRg1IRSBRIaOyMExY27eU3Zeu+leW3RaAMFtXoP1hSRcynevgfFAG/rtS jiwRUVQss5VQULenHs23VzmWBwGzAOC3OpLCFxv24ySpRLSIubTpscFDzHD5CIPYGXDjf3g4qBHDO 7GLbR8Dw==; Received: from mcgrof by bombadil.infradead.org with local (Exim 4.96 #2 (Red Hat Linux)) id 1pe0Z9-007TrF-35; Sun, 19 Mar 2023 21:27:47 +0000 From: Luis Chamberlain To: linux-modules@vger.kernel.org, linux-kernel@vger.kernel.org, pmladek@suse.com, david@redhat.com, petr.pavlu@suse.com, prarit@redhat.com Cc: christophe.leroy@csgroup.eu, song@kernel.org, mcgrof@kernel.org Subject: [PATCH 09/12] module: move tainting until after a module hits our linked list Date: Sun, 19 Mar 2023 14:27:43 -0700 Message-Id: <20230319212746.1783033-10-mcgrof@kernel.org> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20230319212746.1783033-1-mcgrof@kernel.org> References: <20230319212746.1783033-1-mcgrof@kernel.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: Luis Chamberlain Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" It is silly to have taints spread out all over, we can just compromise and add them if the module ever hit our linked list. Our sanity checkers should just prevent crappy drivers / bogus ELF modules / etc and kconfig options should be enough to let you *not* load things you don't want. Signed-off-by: Luis Chamberlain --- kernel/module/main.c | 22 ++++++++++------------ 1 file changed, 10 insertions(+), 12 deletions(-) diff --git a/kernel/module/main.c b/kernel/module/main.c index a3953ca18090..1aa71f82aca2 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -2009,18 +2009,6 @@ static int check_modinfo(struct module *mod, struct = load_info *info, int flags) if (err) return err; =20 - /* - * We are tainting your kernel *even* if you try to load - * modules with possible taints and we fail to load these - * modules for other reasons. - * - * We have a descrepancy though, see the other taints for - * signature and those in check_module_license_and_versions(). - * - * We should compromise and converge. - */ - module_augment_kernel_taints(mod, info); - return 0; } =20 @@ -2772,6 +2760,16 @@ static int load_module(struct load_info *info, const= char __user *uargs, if (err) goto free_module; =20 + /* + * We are tainting your kernel if your module gets into + * the modules linked list somehow. + * + * We have a descrepancy though, see the other taints for + * signature and those in check_module_license_and_versions(). + * + * We should compromise and converge. + */ + module_augment_kernel_taints(mod, info); #ifdef CONFIG_MODULE_SIG mod->sig_ok =3D info->sig_ok; if (!mod->sig_ok) { --=20 2.39.1 From nobody Tue Feb 10 09:22:17 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A65BAC76196 for ; Sun, 19 Mar 2023 21:28:03 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230311AbjCSV2C (ORCPT ); Sun, 19 Mar 2023 17:28:02 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44744 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230255AbjCSV1x (ORCPT ); Sun, 19 Mar 2023 17:27:53 -0400 Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 49BB91B2D9; Sun, 19 Mar 2023 14:27:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20210309; h=Sender:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description; bh=BJziSesoP/Gpg+7BL9qEqeZCL3p8RKiimKBmJEDITp8=; b=g3NwwIG3zD7AFe0LuFyf5oAFC5 HRgQIDx/dWpyLqYoKvOcWyhc5D5C6EJslVjQWlx325cDgx8xdvgFLQVUiRYTTupvcLZyqmtYrYPGz idFG3aftxkZ6sHc6l9y8/90vBIuz3mDyvsKEXfwfCyfIKnjf8P71Zd6eE3+URco0h0E23z109KhhK fHBIb0eQx872JTdamAukzyihSKtICy20JfmfF/KRnbBgPaXwKdMa66UDz4V0KH2zDpWzdd8k3Pv77 m1j+kDkec88lwIEVYJngSs7CIx5eiNmqDWyyd+Btada3Kx0Z1IPq2Dhn05bQP0TVC8QRxpWuP+IkH 28R1TAqw==; Received: from mcgrof by bombadil.infradead.org with local (Exim 4.96 #2 (Red Hat Linux)) id 1pe0Z9-007TrH-3C; Sun, 19 Mar 2023 21:27:47 +0000 From: Luis Chamberlain To: linux-modules@vger.kernel.org, linux-kernel@vger.kernel.org, pmladek@suse.com, david@redhat.com, petr.pavlu@suse.com, prarit@redhat.com Cc: christophe.leroy@csgroup.eu, song@kernel.org, mcgrof@kernel.org Subject: [PATCH 10/12] module: move signature taint to module_augment_kernel_taints() Date: Sun, 19 Mar 2023 14:27:44 -0700 Message-Id: <20230319212746.1783033-11-mcgrof@kernel.org> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20230319212746.1783033-1-mcgrof@kernel.org> References: <20230319212746.1783033-1-mcgrof@kernel.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: Luis Chamberlain Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" Just move the signature taint into the helper: module_augment_kernel_taints() Signed-off-by: Luis Chamberlain --- kernel/module/main.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/kernel/module/main.c b/kernel/module/main.c index 1aa71f82aca2..2f1988137965 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -1984,6 +1984,15 @@ static void module_augment_kernel_taints(struct modu= le *mod, struct load_info *i mod->name); add_taint_module(mod, TAINT_TEST, LOCKDEP_STILL_OK); } +#ifdef CONFIG_MODULE_SIG + mod->sig_ok =3D info->sig_ok; + if (!mod->sig_ok) { + pr_notice_once("%s: module verification failed: signature " + "and/or required key missing - tainting " + "kernel\n", mod->name); + add_taint_module(mod, TAINT_UNSIGNED_MODULE, LOCKDEP_STILL_OK); + } +#endif } =20 static int check_modinfo(struct module *mod, struct load_info *info, int f= lags) @@ -2770,15 +2779,6 @@ static int load_module(struct load_info *info, const= char __user *uargs, * We should compromise and converge. */ module_augment_kernel_taints(mod, info); -#ifdef CONFIG_MODULE_SIG - mod->sig_ok =3D info->sig_ok; - if (!mod->sig_ok) { - pr_notice_once("%s: module verification failed: signature " - "and/or required key missing - tainting " - "kernel\n", mod->name); - add_taint_module(mod, TAINT_UNSIGNED_MODULE, LOCKDEP_STILL_OK); - } -#endif =20 /* To avoid stressing percpu allocator, do this once we're unique. */ err =3D percpu_modalloc(mod, info); --=20 2.39.1 From nobody Tue Feb 10 09:22:17 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id EF99AC761A6 for ; Sun, 19 Mar 2023 21:27:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230301AbjCSV16 (ORCPT ); Sun, 19 Mar 2023 17:27:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44728 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230251AbjCSV1w (ORCPT ); Sun, 19 Mar 2023 17:27:52 -0400 Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 49A9D1B2D8; Sun, 19 Mar 2023 14:27:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20210309; h=Sender:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description; bh=rChvCtOI+bS071r53S0Y92CdZ3IVoiOFQgMuZLAmWd0=; b=onCTM8KinqfQaar39+8qVCEvgQ spNwSEwjv8/VHUw2s0drqkIaihL1eei454VoYQmspSNyHFjwythWJ22TgTChYv/vDeiwDjnbR2pUh N2JVTXSDEJaM8jdTH7aSpMUEC1bMtMsbWW8wBS7RTX5jQiCQGyMPMrbVC1PpayJvCIkEjKkGvgC6H UnymMJfQFoP7ftazoIFDdEoszFD6QnbPnXqhsd+8AwEMZM3v4ae772u190bqAq7ZOWfw+4FVBcJo/ ONI0jpMEFCMT5e5ytmpap1ThBo358axDb87nCvZdve7EaZf8FPjHEokYdaSSJutbCdd5yLT/Wf3m+ ELdH0pjg==; Received: from mcgrof by bombadil.infradead.org with local (Exim 4.96 #2 (Red Hat Linux)) id 1pe0ZA-007TrL-06; Sun, 19 Mar 2023 21:27:48 +0000 From: Luis Chamberlain To: linux-modules@vger.kernel.org, linux-kernel@vger.kernel.org, pmladek@suse.com, david@redhat.com, petr.pavlu@suse.com, prarit@redhat.com Cc: christophe.leroy@csgroup.eu, song@kernel.org, mcgrof@kernel.org Subject: [PATCH 11/12] module: converge taint work together Date: Sun, 19 Mar 2023 14:27:45 -0700 Message-Id: <20230319212746.1783033-12-mcgrof@kernel.org> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20230319212746.1783033-1-mcgrof@kernel.org> References: <20230319212746.1783033-1-mcgrof@kernel.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: Luis Chamberlain Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" Converge on a compromise: so long as we have a module hit our linked list of modules we taint. That is, the module was about to become live. Signed-off-by: Luis Chamberlain --- kernel/module/main.c | 52 ++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 28 deletions(-) diff --git a/kernel/module/main.c b/kernel/module/main.c index 2f1988137965..f165d93a4ef9 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -1955,6 +1955,8 @@ static int setup_load_info(struct load_info *info, in= t flags) * These calls taint the kernel depending certain module circumstances */ static void module_augment_kernel_taints(struct module *mod, struct load_i= nfo *info) { + int prev_taint =3D test_taint(TAINT_PROPRIETARY_MODULE); + if (!get_modinfo(info, "intree")) { if (!test_taint(TAINT_OOT_MODULE)) pr_warn("%s: loading out-of-tree module taints kernel.\n", @@ -1993,6 +1995,28 @@ static void module_augment_kernel_taints(struct modu= le *mod, struct load_info *i add_taint_module(mod, TAINT_UNSIGNED_MODULE, LOCKDEP_STILL_OK); } #endif + + /* + * ndiswrapper is under GPL by itself, but loads proprietary modules. + * Don't use add_taint_module(), as it would prevent ndiswrapper from + * using GPL-only symbols it needs. + */ + if (strcmp(mod->name, "ndiswrapper") =3D=3D 0) + add_taint(TAINT_PROPRIETARY_MODULE, LOCKDEP_NOW_UNRELIABLE); + + /* driverloader was caught wrongly pretending to be under GPL */ + if (strcmp(mod->name, "driverloader") =3D=3D 0) + add_taint_module(mod, TAINT_PROPRIETARY_MODULE, + LOCKDEP_NOW_UNRELIABLE); + + /* lve claims to be GPL but upstream won't provide source */ + if (strcmp(mod->name, "lve") =3D=3D 0) + add_taint_module(mod, TAINT_PROPRIETARY_MODULE, + LOCKDEP_NOW_UNRELIABLE); + + if (!prev_taint && test_taint(TAINT_PROPRIETARY_MODULE)) + pr_warn("%s: module license taints kernel.\n", mod->name); + } =20 static int check_modinfo(struct module *mod, struct load_info *info, int f= lags) @@ -2198,29 +2222,6 @@ static int move_module(struct module *mod, struct lo= ad_info *info) =20 static int check_module_license_and_versions(struct module *mod) { - int prev_taint =3D test_taint(TAINT_PROPRIETARY_MODULE); - - /* - * ndiswrapper is under GPL by itself, but loads proprietary modules. - * Don't use add_taint_module(), as it would prevent ndiswrapper from - * using GPL-only symbols it needs. - */ - if (strcmp(mod->name, "ndiswrapper") =3D=3D 0) - add_taint(TAINT_PROPRIETARY_MODULE, LOCKDEP_NOW_UNRELIABLE); - - /* driverloader was caught wrongly pretending to be under GPL */ - if (strcmp(mod->name, "driverloader") =3D=3D 0) - add_taint_module(mod, TAINT_PROPRIETARY_MODULE, - LOCKDEP_NOW_UNRELIABLE); - - /* lve claims to be GPL but upstream won't provide source */ - if (strcmp(mod->name, "lve") =3D=3D 0) - add_taint_module(mod, TAINT_PROPRIETARY_MODULE, - LOCKDEP_NOW_UNRELIABLE); - - if (!prev_taint && test_taint(TAINT_PROPRIETARY_MODULE)) - pr_warn("%s: module license taints kernel.\n", mod->name); - #ifdef CONFIG_MODVERSIONS if ((mod->num_syms && !mod->crcs) || (mod->num_gpl_syms && !mod->gpl_crcs)) { @@ -2772,11 +2773,6 @@ static int load_module(struct load_info *info, const= char __user *uargs, /* * We are tainting your kernel if your module gets into * the modules linked list somehow. - * - * We have a descrepancy though, see the other taints for - * signature and those in check_module_license_and_versions(). - * - * We should compromise and converge. */ module_augment_kernel_taints(mod, info); =20 --=20 2.39.1 From nobody Tue Feb 10 09:22:17 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 33D60C6FD1F for ; Sun, 19 Mar 2023 21:28:31 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230176AbjCSV23 (ORCPT ); Sun, 19 Mar 2023 17:28:29 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44758 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230274AbjCSV1y (ORCPT ); Sun, 19 Mar 2023 17:27:54 -0400 Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3C72E1B2F4; Sun, 19 Mar 2023 14:27:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20210309; h=Sender:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description; bh=wQkyT18VZpOuqRMfI0/GbWVG9J9s2yrV/+TTo6WVbWQ=; b=dkn9BWo+buogcOb4zH8SOvdKC5 WNMMT8Jl+AR5MxaBeO9NBZlZeLxqEZOJxSP/6ShMRF76q5E8DoZ5Y+zR6c59absP/Nbr1Oo7wLZy5 PeGPpvVcEhKKa4ZXSwRyVqKLI0ARZi+L9K0HnVuNmQX7iJ589cEzOGzfWQMXUa/3aBgNNv+U3BEIw 3ujVrbll7407IemEyJYcjsz9fbM0TWErvVWtnuQdgSpOBQzqXGRwHOiQR6Y/a7IxtWyXsUUweEUNi 1owqCZYziD0tEV5AQN9bcySH8/0tDgGi6TicwAg0vlP2hN2g/X4Oalkut5vPTNfCHlJ6Nrxc0igN3 lkz+bsfw==; Received: from mcgrof by bombadil.infradead.org with local (Exim 4.96 #2 (Red Hat Linux)) id 1pe0ZA-007TrN-0D; Sun, 19 Mar 2023 21:27:48 +0000 From: Luis Chamberlain To: linux-modules@vger.kernel.org, linux-kernel@vger.kernel.org, pmladek@suse.com, david@redhat.com, petr.pavlu@suse.com, prarit@redhat.com Cc: christophe.leroy@csgroup.eu, song@kernel.org, mcgrof@kernel.org Subject: [PATCH 12/12] module: rename check_module_license_and_versions() to check_export_symbol_versions() Date: Sun, 19 Mar 2023 14:27:46 -0700 Message-Id: <20230319212746.1783033-13-mcgrof@kernel.org> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20230319212746.1783033-1-mcgrof@kernel.org> References: <20230319212746.1783033-1-mcgrof@kernel.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: Luis Chamberlain Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" This makes the routine easier to understand what the check its checking for. Signed-off-by: Luis Chamberlain --- kernel/module/main.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kernel/module/main.c b/kernel/module/main.c index f165d93a4ef9..cf097ffe6a4a 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -2220,7 +2220,7 @@ static int move_module(struct module *mod, struct loa= d_info *info) return -ENOMEM; } =20 -static int check_module_license_and_versions(struct module *mod) +static int check_export_symbol_versions(struct module *mod) { #ifdef CONFIG_MODVERSIONS if ((mod->num_syms && !mod->crcs) || @@ -2796,7 +2796,7 @@ static int load_module(struct load_info *info, const = char __user *uargs, if (err) goto free_unload; =20 - err =3D check_module_license_and_versions(mod); + err =3D check_export_symbol_versions(mod); if (err) goto free_unload; =20 --=20 2.39.1