From patchwork Sun Mar 19 21:27:35 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Luis Chamberlain X-Patchwork-Id: 13180588 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A5437C7618A for ; Sun, 19 Mar 2023 21:27:58 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230296AbjCSV15 (ORCPT ); Sun, 19 Mar 2023 17:27:57 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44776 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230270AbjCSV1x (ORCPT ); Sun, 19 Mar 2023 17:27:53 -0400 Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 49E8D1B2DF; Sun, 19 Mar 2023 14:27:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20210309; h=Sender:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description; bh=obTOkYQMALUPVKZh8hnISC5FrxebItRSovwj5DZ33rg=; b=flXntIUHiZmULb/iZiq/1sUZ64 Dt0xEwtDqtrtwPkSei2UCYR5CtIQ7qK2cSLmOscjBRNn1eyzMs8WsQTbyMUTt8QoA2w7B5czTFcVg CAMtpdAHzOvVcin/O3G8618cLimOyKr9l/iBEFkppYvrrlBGjb+vd9OxN0WBeuRrlaIwmbYoQQ8bc P3WHWHhJqvevgP05PnoUe+uJVEmkR5Ri9GO0BwD7xjsApPaOyANa0dWFi4VWsfmQ5c2ZnJnzoBNvA F6uvG7eJUrmNWb5ZLQpRetXnc1f2G4C9zV7wL/xyE6WP8z5H5nZ3BzU92tQhYVbpb6mQh24FS59Ia SJbvMI3Q==; Received: from mcgrof by bombadil.infradead.org with local (Exim 4.96 #2 (Red Hat Linux)) id 1pe0Z9-007Tqz-2B; Sun, 19 Mar 2023 21:27:47 +0000 From: Luis Chamberlain To: linux-modules@vger.kernel.org, linux-kernel@vger.kernel.org, pmladek@suse.com, david@redhat.com, petr.pavlu@suse.com, prarit@redhat.com Cc: christophe.leroy@csgroup.eu, song@kernel.org, mcgrof@kernel.org Subject: [PATCH 01/12] module: move get_modinfo() helpers all above Date: Sun, 19 Mar 2023 14:27:35 -0700 Message-Id: <20230319212746.1783033-2-mcgrof@kernel.org> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20230319212746.1783033-1-mcgrof@kernel.org> References: <20230319212746.1783033-1-mcgrof@kernel.org> MIME-Version: 1.0 Sender: Luis Chamberlain Precedence: bulk List-ID: Instead of forward declaring routines for get_modinfo() just move everything up. This makes no functional changes. Signed-off-by: Luis Chamberlain --- kernel/module/main.c | 100 +++++++++++++++++++++---------------------- 1 file changed, 48 insertions(+), 52 deletions(-) diff --git a/kernel/module/main.c b/kernel/module/main.c index b4759f1695b7..1e739f534100 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -1016,9 +1016,55 @@ int try_to_force_load(struct module *mod, const char *reason) #endif } -static char *get_modinfo(const struct load_info *info, const char *tag); +/* Parse tag=value strings from .modinfo section */ +static char *next_string(char *string, unsigned long *secsize) +{ + /* Skip non-zero chars */ + while (string[0]) { + string++; + if ((*secsize)-- <= 1) + return NULL; + } + + /* Skip any zero padding. */ + while (!string[0]) { + string++; + if ((*secsize)-- <= 1) + return NULL; + } + return string; +} + static char *get_next_modinfo(const struct load_info *info, const char *tag, - char *prev); + char *prev) +{ + char *p; + unsigned int taglen = strlen(tag); + Elf_Shdr *infosec = &info->sechdrs[info->index.info]; + unsigned long size = infosec->sh_size; + + /* + * get_modinfo() calls made before rewrite_section_headers() + * must use sh_offset, as sh_addr isn't set! + */ + char *modinfo = (char *)info->hdr + infosec->sh_offset; + + if (prev) { + size -= prev - modinfo; + modinfo = next_string(prev, &size); + } + + for (p = modinfo; p; p = next_string(p, &size)) { + if (strncmp(p, tag, taglen) == 0 && p[taglen] == '=') + return p + taglen + 1; + } + return NULL; +} + +static char *get_modinfo(const struct load_info *info, const char *tag) +{ + return get_next_modinfo(info, tag, NULL); +} static int verify_namespace_is_imported(const struct load_info *info, const struct kernel_symbol *sym, @@ -1544,56 +1590,6 @@ static void set_license(struct module *mod, const char *license) } } -/* Parse tag=value strings from .modinfo section */ -static char *next_string(char *string, unsigned long *secsize) -{ - /* Skip non-zero chars */ - while (string[0]) { - string++; - if ((*secsize)-- <= 1) - return NULL; - } - - /* Skip any zero padding. */ - while (!string[0]) { - string++; - if ((*secsize)-- <= 1) - return NULL; - } - return string; -} - -static char *get_next_modinfo(const struct load_info *info, const char *tag, - char *prev) -{ - char *p; - unsigned int taglen = strlen(tag); - Elf_Shdr *infosec = &info->sechdrs[info->index.info]; - unsigned long size = infosec->sh_size; - - /* - * get_modinfo() calls made before rewrite_section_headers() - * must use sh_offset, as sh_addr isn't set! - */ - char *modinfo = (char *)info->hdr + infosec->sh_offset; - - if (prev) { - size -= prev - modinfo; - modinfo = next_string(prev, &size); - } - - for (p = modinfo; p; p = next_string(p, &size)) { - if (strncmp(p, tag, taglen) == 0 && p[taglen] == '=') - return p + taglen + 1; - } - return NULL; -} - -static char *get_modinfo(const struct load_info *info, const char *tag) -{ - return get_next_modinfo(info, tag, NULL); -} - static void setup_modinfo(struct module *mod, struct load_info *info) { struct module_attribute *attr; From patchwork Sun Mar 19 21:27:36 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Luis Chamberlain X-Patchwork-Id: 13180593 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 132E7C6FD1F for ; Sun, 19 Mar 2023 21:28:03 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230310AbjCSV2C (ORCPT ); Sun, 19 Mar 2023 17:28:02 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44786 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230283AbjCSV1y (ORCPT ); Sun, 19 Mar 2023 17:27:54 -0400 Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3C8591B2FF; Sun, 19 Mar 2023 14:27:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20210309; h=Sender:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description; bh=J+/Q2DOgs8vLCa0HCsTGz7EjcxV00x9bDse9i1PpR1s=; b=CePS1LwRJyuk+mkqKdjf8aIOmS FrhfJ1Wk3YFgAnxvw2mIuv1lFtVQ0yOzMUjwUjJ6+k4kYoIbr73SxK99lOYnNygKn9WVQW4sq16Tx KCpoV0Z0juvqUek64GwK2lp0AQvRbwNqo/n5JhwNblKtSxOStv2JRRA/LdHcZJmm8DjPpLVewxHuT 4ssQNmJsTtmWllfpBp5anKbmmVQifx3xpoHinbk2l+aEsCPPH1Rmz5LDy0e74s1kneUteJQKSGlVl +cVTxGrzRDBKDCcI+f8z0/RtCZY6WuCrQRsr2dXT65xjtOvfkukjMUgK4ytyOlSgef58ks0mDq+Ik rHW3CN7w==; Received: from mcgrof by bombadil.infradead.org with local (Exim 4.96 #2 (Red Hat Linux)) id 1pe0Z9-007Tr1-2I; Sun, 19 Mar 2023 21:27:47 +0000 From: Luis Chamberlain To: linux-modules@vger.kernel.org, linux-kernel@vger.kernel.org, pmladek@suse.com, david@redhat.com, petr.pavlu@suse.com, prarit@redhat.com Cc: christophe.leroy@csgroup.eu, song@kernel.org, mcgrof@kernel.org Subject: [PATCH 02/12] module: rename next_string() to module_next_tag_pair() Date: Sun, 19 Mar 2023 14:27:36 -0700 Message-Id: <20230319212746.1783033-3-mcgrof@kernel.org> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20230319212746.1783033-1-mcgrof@kernel.org> References: <20230319212746.1783033-1-mcgrof@kernel.org> MIME-Version: 1.0 Sender: Luis Chamberlain Precedence: bulk List-ID: This makes it clearer what it is doing. While at it, make it available to other code other than main.c. This will be used in the subsequent patch and make the changes easier to read. Signed-off-by: Luis Chamberlain --- kernel/module/internal.h | 2 ++ kernel/module/main.c | 6 +++--- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/kernel/module/internal.h b/kernel/module/internal.h index e3883b7d4840..1fa2328636ec 100644 --- a/kernel/module/internal.h +++ b/kernel/module/internal.h @@ -96,6 +96,8 @@ long module_get_offset_and_type(struct module *mod, enum mod_mem_type type, char *module_flags(struct module *mod, char *buf, bool show_state); size_t module_flags_taint(unsigned long taints, char *buf); +char *module_next_tag_pair(char *string, unsigned long *secsize); + static inline void module_assert_mutex_or_preempt(void) { #ifdef CONFIG_LOCKDEP diff --git a/kernel/module/main.c b/kernel/module/main.c index 1e739f534100..ebb5e6b92a48 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -1017,7 +1017,7 @@ int try_to_force_load(struct module *mod, const char *reason) } /* Parse tag=value strings from .modinfo section */ -static char *next_string(char *string, unsigned long *secsize) +char *module_next_tag_pair(char *string, unsigned long *secsize) { /* Skip non-zero chars */ while (string[0]) { @@ -1051,10 +1051,10 @@ static char *get_next_modinfo(const struct load_info *info, const char *tag, if (prev) { size -= prev - modinfo; - modinfo = next_string(prev, &size); + modinfo = module_next_tag_pair(prev, &size); } - for (p = modinfo; p; p = next_string(p, &size)) { + for (p = modinfo; p; p = module_next_tag_pair(p, &size)) { if (strncmp(p, tag, taglen) == 0 && p[taglen] == '=') return p + taglen + 1; } From patchwork Sun Mar 19 21:27:37 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Luis Chamberlain X-Patchwork-Id: 13180585 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0A86EC761AF for ; Sun, 19 Mar 2023 21:27:57 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230288AbjCSV1z (ORCPT ); Sun, 19 Mar 2023 17:27:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44762 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230261AbjCSV1x (ORCPT ); Sun, 19 Mar 2023 17:27:53 -0400 Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4AB551B2F2; Sun, 19 Mar 2023 14:27:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20210309; h=Sender:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description; bh=ttolxm8RztPeexRc54yX/SDdKM9dpm837Hu569jN01E=; b=BUoFWO0O2aXq46a8vowGSTOmUE On2jYQOWQx4biFqN81qiBnYsK4soBT2ivCJNNqXTi+kQjQInI8vOcMtRM4pMnANUiD/35hQ5cQbHy hMohMhBn2VfdfgUbXsNftjPJVQitF9K1emCMS/ZGrS/T2wek+DeKrXN68U8dYFIBQn9c5MxBxakhG 7cG6n85FJysxMlYlQy8imW1jWiN6HGL8trNCyXtx8wso2E7YJhJnf+0p2ssAXuqKo6kDz6i+ziyiG Dklap8cLtZiNS8YHUakLbWqNlV33CsK0m8agKvhq512jCc97Y2/eEn+GQf9MogCm8XGSryvGyRYKW qsXfIbPQ==; Received: from mcgrof by bombadil.infradead.org with local (Exim 4.96 #2 (Red Hat Linux)) id 1pe0Z9-007Tr3-2P; Sun, 19 Mar 2023 21:27:47 +0000 From: Luis Chamberlain To: linux-modules@vger.kernel.org, linux-kernel@vger.kernel.org, pmladek@suse.com, david@redhat.com, petr.pavlu@suse.com, prarit@redhat.com Cc: christophe.leroy@csgroup.eu, song@kernel.org, mcgrof@kernel.org Subject: [PATCH 03/12] module: add a for_each_modinfo_entry() Date: Sun, 19 Mar 2023 14:27:37 -0700 Message-Id: <20230319212746.1783033-4-mcgrof@kernel.org> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20230319212746.1783033-1-mcgrof@kernel.org> References: <20230319212746.1783033-1-mcgrof@kernel.org> MIME-Version: 1.0 Sender: Luis Chamberlain Precedence: bulk List-ID: Add a for_each_modinfo_entry() to make it easier to read and use. This produces no functional changes but makes this code easiert to read as we are used to with loops in the kernel and trims more lines of code. Signed-off-by: Luis Chamberlain --- kernel/module/internal.h | 3 +++ kernel/module/main.c | 5 +---- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/kernel/module/internal.h b/kernel/module/internal.h index 1fa2328636ec..6ae29bb8836f 100644 --- a/kernel/module/internal.h +++ b/kernel/module/internal.h @@ -98,6 +98,9 @@ size_t module_flags_taint(unsigned long taints, char *buf); char *module_next_tag_pair(char *string, unsigned long *secsize); +#define for_each_modinfo_entry(entry, info, name) \ + for (entry = get_modinfo(info, name); entry; entry = get_next_modinfo(info, name, entry)) + static inline void module_assert_mutex_or_preempt(void) { #ifdef CONFIG_LOCKDEP diff --git a/kernel/module/main.c b/kernel/module/main.c index ebb5e6b92a48..427284ab31f1 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -1075,12 +1075,9 @@ static int verify_namespace_is_imported(const struct load_info *info, namespace = kernel_symbol_namespace(sym); if (namespace && namespace[0]) { - imported_namespace = get_modinfo(info, "import_ns"); - while (imported_namespace) { + for_each_modinfo_entry(imported_namespace, info, "import_ns") { if (strcmp(namespace, imported_namespace) == 0) return 0; - imported_namespace = get_next_modinfo( - info, "import_ns", imported_namespace); } #ifdef CONFIG_MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS pr_warn( From patchwork Sun Mar 19 21:27:38 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Luis Chamberlain X-Patchwork-Id: 13180586 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 96C33C77B60 for ; Sun, 19 Mar 2023 21:27:57 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230289AbjCSV14 (ORCPT ); Sun, 19 Mar 2023 17:27:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44760 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230263AbjCSV1x (ORCPT ); Sun, 19 Mar 2023 17:27:53 -0400 Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4AA1B1B2F1; Sun, 19 Mar 2023 14:27:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20210309; h=Sender:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description; bh=psuLoCB7yMo0lQ1qK6AoFWy0yUy3JveB/SBuC3I8l14=; b=JqNqxtSTJBKuFUjhNtyLe1tRpu REERQ0T2uRXb/KuQjDj2q+827LAgGqwwcdDo0UwlK6lSdwkJoctjxJDYjaf/oFcHZXHpNVPtKByDo MJzwa7JQm2W9qjCFA5+MV1MhGv/dj+gPO5xz+AoB69YYfDY87Nf1VqFG4BCKbghs4hLMdo/UG3u1q j5AL7curNFHa6ODUxQkodxSKykBVgwLiHw36cSc+97+SghEcJPcUC21Eg1rV9vz97Jl/FylW1utBo ofsyEu+uViWLN1waouyNIqZw2ufh/Q6474CYzO4Rm+uhf5v9RzL68eHiREitIQpi/t9aOoNw/nkBv vahukfig==; Received: from mcgrof by bombadil.infradead.org with local (Exim 4.96 #2 (Red Hat Linux)) id 1pe0Z9-007Tr5-2W; Sun, 19 Mar 2023 21:27:47 +0000 From: Luis Chamberlain To: linux-modules@vger.kernel.org, linux-kernel@vger.kernel.org, pmladek@suse.com, david@redhat.com, petr.pavlu@suse.com, prarit@redhat.com Cc: christophe.leroy@csgroup.eu, song@kernel.org, mcgrof@kernel.org Subject: [PATCH 04/12] module: move early sanity checks into a helper Date: Sun, 19 Mar 2023 14:27:38 -0700 Message-Id: <20230319212746.1783033-5-mcgrof@kernel.org> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20230319212746.1783033-1-mcgrof@kernel.org> References: <20230319212746.1783033-1-mcgrof@kernel.org> MIME-Version: 1.0 Sender: Luis Chamberlain Precedence: bulk List-ID: Move early sanity checkers for the module into a helper. This let's us make it clear when we are working with the local copy of the module prior to allocation. This produces no functional changes, it just makes subsequent changes easier to read. Signed-off-by: Luis Chamberlain --- kernel/module/main.c | 43 ++++++++++++++++++++++++++----------------- 1 file changed, 26 insertions(+), 17 deletions(-) diff --git a/kernel/module/main.c b/kernel/module/main.c index 427284ab31f1..933cef72ae13 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -2668,6 +2668,31 @@ static int unknown_module_param_cb(char *param, char *val, const char *modname, return 0; } +/* Module within temporary copy, this doesn't do any allocation */ +static int early_mod_check(struct load_info *info, int flags) +{ + int err; + + /* + * Now that we know we have the correct module name, check + * if it's blacklisted. + */ + if (blacklisted(info->name)) { + pr_err("Module %s is blacklisted\n", info->name); + return -EPERM; + } + + err = rewrite_section_headers(info, flags); + if (err) + return err; + + /* Check module struct version now, before we try to use module. */ + if (!check_modstruct_version(info, info->mod)) + return ENOEXEC; + + return 0; +} + /* * Allocate and load the module: note that size of section 0 is always * zero, and we rely on this for optional sections. @@ -2711,26 +2736,10 @@ static int load_module(struct load_info *info, const char __user *uargs, if (err) goto free_copy; - /* - * Now that we know we have the correct module name, check - * if it's blacklisted. - */ - if (blacklisted(info->name)) { - err = -EPERM; - pr_err("Module %s is blacklisted\n", info->name); - goto free_copy; - } - - err = rewrite_section_headers(info, flags); + err = early_mod_check(info, flags); if (err) goto free_copy; - /* Check module struct version now, before we try to use module. */ - if (!check_modstruct_version(info, info->mod)) { - err = -ENOEXEC; - goto free_copy; - } - /* Figure out module layout, and allocate all the memory. */ mod = layout_and_allocate(info, flags); if (IS_ERR(mod)) { From patchwork Sun Mar 19 21:27:39 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Luis Chamberlain X-Patchwork-Id: 13180581 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 22B2EC7618A for ; Sun, 19 Mar 2023 21:27:54 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230252AbjCSV1w (ORCPT ); Sun, 19 Mar 2023 17:27:52 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44718 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229619AbjCSV1w (ORCPT ); Sun, 19 Mar 2023 17:27:52 -0400 Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4ACB21B2F4; Sun, 19 Mar 2023 14:27:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20210309; h=Sender:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description; bh=TgcmLQQdyElaRgOFKPmxQnBZLdzQrkkBcxBFD4PRGHw=; b=bxpbjCtQm1SSlUhuFd6bmJaWap nJqLlxA+Igeo4aloU/snQFDDS9j9szPzmaX1hzCc/e+QMsLiXj7y3eOqpR24lRfOTxDp8IrBvx2Jy q4Y8qLW4R40q05IHiZoe4fJ6z378s73dN9JlSQt8QZogNm7Qlri8ssBXfAZNmXGDulI6Ez1eCBVUs X4CRskRlYQBGZnueynO2TVWktXG/b5FIZW6FfsnkN7TSTS7E51feFJh2s6XFej3LWOb4Pnu+x6Nt8 cpFKVulK8o7aymcFwkGi9IMf670+BJVE+tQmtz5gwbkzjAK7yM5ZPwBve3Zix4H/E7bnnatGnM0v7 kVkV6idg==; Received: from mcgrof by bombadil.infradead.org with local (Exim 4.96 #2 (Red Hat Linux)) id 1pe0Z9-007Tr7-2d; Sun, 19 Mar 2023 21:27:47 +0000 From: Luis Chamberlain To: linux-modules@vger.kernel.org, linux-kernel@vger.kernel.org, pmladek@suse.com, david@redhat.com, petr.pavlu@suse.com, prarit@redhat.com Cc: christophe.leroy@csgroup.eu, song@kernel.org, mcgrof@kernel.org Subject: [PATCH 05/12] module: move check_modinfo() early to early_mod_check() Date: Sun, 19 Mar 2023 14:27:39 -0700 Message-Id: <20230319212746.1783033-6-mcgrof@kernel.org> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20230319212746.1783033-1-mcgrof@kernel.org> References: <20230319212746.1783033-1-mcgrof@kernel.org> MIME-Version: 1.0 Sender: Luis Chamberlain Precedence: bulk List-ID: This moves check_modinfo() to early_mod_check(). This doesn't make any functional changes either, as check_modinfo() was the first call on layout_and_allocate(), so we're just moving it back one routine and at the end. This let's us keep separate the checkers from the allocator. Signed-off-by: Luis Chamberlain --- kernel/module/main.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/kernel/module/main.c b/kernel/module/main.c index 933cef72ae13..95fd705328ac 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -2273,10 +2273,6 @@ static struct module *layout_and_allocate(struct load_info *info, int flags) unsigned int ndx; int err; - err = check_modinfo(info->mod, info, flags); - if (err) - return ERR_PTR(err); - /* Allow arches to frob section contents and sizes. */ err = module_frob_arch_sections(info->hdr, info->sechdrs, info->secstrings, info->mod); @@ -2688,7 +2684,11 @@ static int early_mod_check(struct load_info *info, int flags) /* Check module struct version now, before we try to use module. */ if (!check_modstruct_version(info, info->mod)) - return ENOEXEC; + return -ENOEXEC; + + err = check_modinfo(info->mod, info, flags); + if (err) + return err; return 0; } From patchwork Sun Mar 19 21:27:40 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Luis Chamberlain X-Patchwork-Id: 13180591 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 02002C7618A for ; Sun, 19 Mar 2023 21:28:01 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230305AbjCSV2A (ORCPT ); Sun, 19 Mar 2023 17:28:00 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44784 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230281AbjCSV1y (ORCPT ); Sun, 19 Mar 2023 17:27:54 -0400 Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3C18C1B2D8; Sun, 19 Mar 2023 14:27:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20210309; h=Sender:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description; bh=Y4inih6EMR+irK8uhPNLzhLHPy7ra4luuniGmaPokTs=; b=EIz4TIDfS/FzCmyu9OWDP+62u1 1ekZjcAPXtboI1H4AWBlt5FhUiHoPZtJp13yv3914FJ5GIKtHlslvJeTXW+1M8KYSCZwVlpJY1A6X Oo4Zk0gWRfrhBFzfOjvUskXehJ/1NOo+FBBa72egioQZhfYezozRfCE2ec9fXsl6p/BP8Rwch5i9Q S+j1K/N2KFTYAaBdiIrWJILWXf0hvpiTakat2q7jMI3SfDIKaUG+kTzE4ECSssUlu87s4Zh9Grhxt C0Ma6+E1/5saWJVsr3zuHzMODv/ihjgVtqEXWq4se0HcCF/kDiYzQHyhSX0WTaS/gWh4GEb89KMGp W2uBERuQ==; Received: from mcgrof by bombadil.infradead.org with local (Exim 4.96 #2 (Red Hat Linux)) id 1pe0Z9-007Tr9-2k; Sun, 19 Mar 2023 21:27:47 +0000 From: Luis Chamberlain To: linux-modules@vger.kernel.org, linux-kernel@vger.kernel.org, pmladek@suse.com, david@redhat.com, petr.pavlu@suse.com, prarit@redhat.com Cc: christophe.leroy@csgroup.eu, song@kernel.org, mcgrof@kernel.org Subject: [PATCH 06/12] module: rename set_license() to module_license_taint_check() Date: Sun, 19 Mar 2023 14:27:40 -0700 Message-Id: <20230319212746.1783033-7-mcgrof@kernel.org> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20230319212746.1783033-1-mcgrof@kernel.org> References: <20230319212746.1783033-1-mcgrof@kernel.org> MIME-Version: 1.0 Sender: Luis Chamberlain Precedence: bulk List-ID: The set_license() routine would seem to a reader to do some sort of setting, but it does not. It just adds a taint if the license is not set or proprietary. This makes what the code is doing clearer, so much we can remove the comment about it. Signed-off-by: Luis Chamberlain --- kernel/module/main.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/kernel/module/main.c b/kernel/module/main.c index 95fd705328ac..5e64485ac05a 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -1573,7 +1573,7 @@ static void layout_sections(struct module *mod, struct load_info *info) __layout_sections(mod, info, true); } -static void set_license(struct module *mod, const char *license) +static void module_license_taint_check(struct module *mod, const char *license) { if (!license) license = "unspecified"; @@ -1993,8 +1993,7 @@ static int check_modinfo(struct module *mod, struct load_info *info, int flags) if (err) return err; - /* Set up license info based on the info section */ - set_license(mod, get_modinfo(info, "license")); + module_license_taint_check(mod, get_modinfo(info, "license")); if (get_modinfo(info, "test")) { if (!test_taint(TAINT_TEST)) From patchwork Sun Mar 19 21:27:41 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Luis Chamberlain X-Patchwork-Id: 13180587 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 09A1CC6FD1F for ; Sun, 19 Mar 2023 21:27:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229734AbjCSV16 (ORCPT ); Sun, 19 Mar 2023 17:27:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44756 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230259AbjCSV1x (ORCPT ); Sun, 19 Mar 2023 17:27:53 -0400 Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 499A41B2D6; Sun, 19 Mar 2023 14:27:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20210309; h=Sender:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description; bh=TNKFBczfmqBEiVAXmn3NstMmKpWyY8bTvwWC8VMgfwI=; b=2YNfX4Gb7NFUDeTL79AD09p50C URGSVTO2wXU3RJdLci6jM5vAak1lK0yKaMOkQremNdmxdSBxlQS3zTgyXcLG79TOYw1K7fy23WN1U ZXbEJlCnGf0DhpBmAuXrIGI5zJZdO99JvWLxy7KRu0XfXkhk/Fzkb/BKr6S6StW4eub6khk6PfvD/ Hj6P8gHE26VKga8efzNkoQtRibpITDaXE+gWtDCaXHHPtbHhHFcQ1E7PthftYOl6vlqk3FK3DHWl8 5HAhRd+CRdGcLZyUwjchp3jrvHg12hlEQlhKi3Xof6O1ci6KsSwYvTqzwlScyf++bJ7pAEnltdmbD mH9Ac19w==; Received: from mcgrof by bombadil.infradead.org with local (Exim 4.96 #2 (Red Hat Linux)) id 1pe0Z9-007TrB-2r; Sun, 19 Mar 2023 21:27:47 +0000 From: Luis Chamberlain To: linux-modules@vger.kernel.org, linux-kernel@vger.kernel.org, pmladek@suse.com, david@redhat.com, petr.pavlu@suse.com, prarit@redhat.com Cc: christophe.leroy@csgroup.eu, song@kernel.org, mcgrof@kernel.org Subject: [PATCH 07/12] module: split taint work out of check_modinfo_livepatch() Date: Sun, 19 Mar 2023 14:27:41 -0700 Message-Id: <20230319212746.1783033-8-mcgrof@kernel.org> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20230319212746.1783033-1-mcgrof@kernel.org> References: <20230319212746.1783033-1-mcgrof@kernel.org> MIME-Version: 1.0 Sender: Luis Chamberlain Precedence: bulk List-ID: The work to taint the kernel due to a module should be split up eventually. To aid with this, split up the tainting on check_modinfo_livepatch(). This let's us bring more early checks together which do return a value, and makes changes easier to read later where we stuff all the work to do the taints in one single routine. Signed-off-by: Luis Chamberlain --- kernel/module/main.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/kernel/module/main.c b/kernel/module/main.c index 5e64485ac05a..cfb2ff5185fe 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -1808,12 +1808,8 @@ static int check_modinfo_livepatch(struct module *mod, struct load_info *info) /* Nothing more to do */ return 0; - if (set_livepatch_module(mod)) { - add_taint_module(mod, TAINT_LIVEPATCH, LOCKDEP_STILL_OK); - pr_notice_once("%s: tainting kernel with TAINT_LIVEPATCH\n", - mod->name); + if (set_livepatch_module(mod)) return 0; - } pr_err("%s: module is marked as livepatch module, but livepatch support is disabled", mod->name); @@ -1993,6 +1989,11 @@ static int check_modinfo(struct module *mod, struct load_info *info, int flags) if (err) return err; + if (is_livepatch_module(mod)) { + add_taint_module(mod, TAINT_LIVEPATCH, LOCKDEP_STILL_OK); + pr_notice_once("%s: tainting kernel with TAINT_LIVEPATCH\n", + mod->name); + } module_license_taint_check(mod, get_modinfo(info, "license")); if (get_modinfo(info, "test")) { From patchwork Sun Mar 19 21:27:42 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Luis Chamberlain X-Patchwork-Id: 13180592 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A1EE5C76195 for ; Sun, 19 Mar 2023 21:28:02 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230149AbjCSV2A (ORCPT ); Sun, 19 Mar 2023 17:28:00 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44760 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230280AbjCSV1y (ORCPT ); Sun, 19 Mar 2023 17:27:54 -0400 Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 488011B2D3; Sun, 19 Mar 2023 14:27:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20210309; h=Sender:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description; bh=J5+PTL3UiSHXzOIaCcjJ/nf03t7Vym4klhpDlvyr5mo=; b=eYLW42ks3Vsi848lIP3xFkc82R j3TW7LIFItJXnL2NWT83irEvyaPAj63MucP2yOCIcFKeYOBQfS1TC33HV0yyd5IsdleHESkLioCfD FF47ywU8VND3qODu96jtuv9JrrJVsuqpz3gFpN73LfEXKY0ebHKiiLLo+NeGIR8pOmSMUvUO7g3aD xdNQz5DTR1p7U1lQHirv+GbzdW1tcmiyyT0OOhFOqjgSgXNI5ft5LvjBV7OB/W95HHJqHO1jaaCbL sRnr+gFquGE0mZTtQPyY3zhAMWV72aQqmGG0ZCzxw3J+zxyOZH2WDclPrP191GGfxojk62NMnsnDn oeujcASQ==; Received: from mcgrof by bombadil.infradead.org with local (Exim 4.96 #2 (Red Hat Linux)) id 1pe0Z9-007TrD-2y; Sun, 19 Mar 2023 21:27:47 +0000 From: Luis Chamberlain To: linux-modules@vger.kernel.org, linux-kernel@vger.kernel.org, pmladek@suse.com, david@redhat.com, petr.pavlu@suse.com, prarit@redhat.com Cc: christophe.leroy@csgroup.eu, song@kernel.org, mcgrof@kernel.org Subject: [PATCH 08/12] module: split taint adding with info checking Date: Sun, 19 Mar 2023 14:27:42 -0700 Message-Id: <20230319212746.1783033-9-mcgrof@kernel.org> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20230319212746.1783033-1-mcgrof@kernel.org> References: <20230319212746.1783033-1-mcgrof@kernel.org> MIME-Version: 1.0 Sender: Luis Chamberlain Precedence: bulk List-ID: check_modinfo() actually does two things: a) sanity checks, some of which are fatal, and so we prevent the user from completing trying to load a module b) taints the kernel The taints are pretty heavy handed because we're tainting the kernel *before* we ever even get to load the module into the modules linked list. That is, it it can fail for other reasons later as we review the module's structure. But this commit makes no functional changes, it just makes the intent clearer and splits the code up where needed to make that happen. Signed-off-by: Luis Chamberlain --- kernel/module/main.c | 62 ++++++++++++++++++++++++++++---------------- 1 file changed, 40 insertions(+), 22 deletions(-) diff --git a/kernel/module/main.c b/kernel/module/main.c index cfb2ff5185fe..a3953ca18090 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -1951,25 +1951,10 @@ static int setup_load_info(struct load_info *info, int flags) return 0; } -static int check_modinfo(struct module *mod, struct load_info *info, int flags) +/* + * These calls taint the kernel depending certain module circumstances */ +static void module_augment_kernel_taints(struct module *mod, struct load_info *info) { - const char *modmagic = get_modinfo(info, "vermagic"); - int err; - - if (flags & MODULE_INIT_IGNORE_VERMAGIC) - modmagic = NULL; - - /* This is allowed: modprobe --force will invalidate it. */ - if (!modmagic) { - err = try_to_force_load(mod, "bad vermagic"); - if (err) - return err; - } else if (!same_magic(modmagic, vermagic, info->index.vers)) { - pr_err("%s: version magic '%s' should be '%s'\n", - info->name, modmagic, vermagic); - return -ENOEXEC; - } - if (!get_modinfo(info, "intree")) { if (!test_taint(TAINT_OOT_MODULE)) pr_warn("%s: loading out-of-tree module taints kernel.\n", @@ -1985,15 +1970,12 @@ static int check_modinfo(struct module *mod, struct load_info *info, int flags) "is unknown, you have been warned.\n", mod->name); } - err = check_modinfo_livepatch(mod, info); - if (err) - return err; - if (is_livepatch_module(mod)) { add_taint_module(mod, TAINT_LIVEPATCH, LOCKDEP_STILL_OK); pr_notice_once("%s: tainting kernel with TAINT_LIVEPATCH\n", mod->name); } + module_license_taint_check(mod, get_modinfo(info, "license")); if (get_modinfo(info, "test")) { @@ -2002,6 +1984,42 @@ static int check_modinfo(struct module *mod, struct load_info *info, int flags) mod->name); add_taint_module(mod, TAINT_TEST, LOCKDEP_STILL_OK); } +} + +static int check_modinfo(struct module *mod, struct load_info *info, int flags) +{ + const char *modmagic = get_modinfo(info, "vermagic"); + int err; + + if (flags & MODULE_INIT_IGNORE_VERMAGIC) + modmagic = NULL; + + /* This is allowed: modprobe --force will invalidate it. */ + if (!modmagic) { + err = try_to_force_load(mod, "bad vermagic"); + if (err) + return err; + } else if (!same_magic(modmagic, vermagic, info->index.vers)) { + pr_err("%s: version magic '%s' should be '%s'\n", + info->name, modmagic, vermagic); + return -ENOEXEC; + } + + err = check_modinfo_livepatch(mod, info); + if (err) + return err; + + /* + * We are tainting your kernel *even* if you try to load + * modules with possible taints and we fail to load these + * modules for other reasons. + * + * We have a descrepancy though, see the other taints for + * signature and those in check_module_license_and_versions(). + * + * We should compromise and converge. + */ + module_augment_kernel_taints(mod, info); return 0; } From patchwork Sun Mar 19 21:27:43 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Luis Chamberlain X-Patchwork-Id: 13180589 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id DDBA9C76196 for ; Sun, 19 Mar 2023 21:27:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229842AbjCSV16 (ORCPT ); Sun, 19 Mar 2023 17:27:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44774 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230267AbjCSV1x (ORCPT ); Sun, 19 Mar 2023 17:27:53 -0400 Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 488581B2D5; Sun, 19 Mar 2023 14:27:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20210309; h=Sender:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description; bh=DmmClILS1g6mcg7ANVU+N9GnQBvI3D3ynSwuLGeWqeI=; b=JOGTvYtqYTaBIKjuf0MlJsEXU6 ih7Dq5oCMS6MzKn1cNg2MRQqtbCPpb8OHPM2QQs1KwUoSSI63TpttvQnqXLXN+9IRQqPN44SrtjY/ gwPnKkV4vnY+EfQmaDmGJcyd80GRNNttTdbopL45wvuoEvK1MMdPR4nf0QXYF/ZIHpLlFfMkkebTq UqWNaLzQP3DnpQUD1w6khRg1IRSBRIaOyMExY27eU3Zeu+leW3RaAMFtXoP1hSRcynevgfFAG/rtS jiwRUVQss5VQULenHs23VzmWBwGzAOC3OpLCFxv24ySpRLSIubTpscFDzHD5CIPYGXDjf3g4qBHDO 7GLbR8Dw==; Received: from mcgrof by bombadil.infradead.org with local (Exim 4.96 #2 (Red Hat Linux)) id 1pe0Z9-007TrF-35; Sun, 19 Mar 2023 21:27:47 +0000 From: Luis Chamberlain To: linux-modules@vger.kernel.org, linux-kernel@vger.kernel.org, pmladek@suse.com, david@redhat.com, petr.pavlu@suse.com, prarit@redhat.com Cc: christophe.leroy@csgroup.eu, song@kernel.org, mcgrof@kernel.org Subject: [PATCH 09/12] module: move tainting until after a module hits our linked list Date: Sun, 19 Mar 2023 14:27:43 -0700 Message-Id: <20230319212746.1783033-10-mcgrof@kernel.org> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20230319212746.1783033-1-mcgrof@kernel.org> References: <20230319212746.1783033-1-mcgrof@kernel.org> MIME-Version: 1.0 Sender: Luis Chamberlain Precedence: bulk List-ID: It is silly to have taints spread out all over, we can just compromise and add them if the module ever hit our linked list. Our sanity checkers should just prevent crappy drivers / bogus ELF modules / etc and kconfig options should be enough to let you *not* load things you don't want. Signed-off-by: Luis Chamberlain --- kernel/module/main.c | 22 ++++++++++------------ 1 file changed, 10 insertions(+), 12 deletions(-) diff --git a/kernel/module/main.c b/kernel/module/main.c index a3953ca18090..1aa71f82aca2 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -2009,18 +2009,6 @@ static int check_modinfo(struct module *mod, struct load_info *info, int flags) if (err) return err; - /* - * We are tainting your kernel *even* if you try to load - * modules with possible taints and we fail to load these - * modules for other reasons. - * - * We have a descrepancy though, see the other taints for - * signature and those in check_module_license_and_versions(). - * - * We should compromise and converge. - */ - module_augment_kernel_taints(mod, info); - return 0; } @@ -2772,6 +2760,16 @@ static int load_module(struct load_info *info, const char __user *uargs, if (err) goto free_module; + /* + * We are tainting your kernel if your module gets into + * the modules linked list somehow. + * + * We have a descrepancy though, see the other taints for + * signature and those in check_module_license_and_versions(). + * + * We should compromise and converge. + */ + module_augment_kernel_taints(mod, info); #ifdef CONFIG_MODULE_SIG mod->sig_ok = info->sig_ok; if (!mod->sig_ok) { From patchwork Sun Mar 19 21:27:44 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Luis Chamberlain X-Patchwork-Id: 13180584 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id C1DABC76196 for ; Sun, 19 Mar 2023 21:27:55 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230284AbjCSV1y (ORCPT ); Sun, 19 Mar 2023 17:27:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44744 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230255AbjCSV1x (ORCPT ); Sun, 19 Mar 2023 17:27:53 -0400 Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 49BB91B2D9; Sun, 19 Mar 2023 14:27:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20210309; h=Sender:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description; bh=BJziSesoP/Gpg+7BL9qEqeZCL3p8RKiimKBmJEDITp8=; b=g3NwwIG3zD7AFe0LuFyf5oAFC5 HRgQIDx/dWpyLqYoKvOcWyhc5D5C6EJslVjQWlx325cDgx8xdvgFLQVUiRYTTupvcLZyqmtYrYPGz idFG3aftxkZ6sHc6l9y8/90vBIuz3mDyvsKEXfwfCyfIKnjf8P71Zd6eE3+URco0h0E23z109KhhK fHBIb0eQx872JTdamAukzyihSKtICy20JfmfF/KRnbBgPaXwKdMa66UDz4V0KH2zDpWzdd8k3Pv77 m1j+kDkec88lwIEVYJngSs7CIx5eiNmqDWyyd+Btada3Kx0Z1IPq2Dhn05bQP0TVC8QRxpWuP+IkH 28R1TAqw==; Received: from mcgrof by bombadil.infradead.org with local (Exim 4.96 #2 (Red Hat Linux)) id 1pe0Z9-007TrH-3C; Sun, 19 Mar 2023 21:27:47 +0000 From: Luis Chamberlain To: linux-modules@vger.kernel.org, linux-kernel@vger.kernel.org, pmladek@suse.com, david@redhat.com, petr.pavlu@suse.com, prarit@redhat.com Cc: christophe.leroy@csgroup.eu, song@kernel.org, mcgrof@kernel.org Subject: [PATCH 10/12] module: move signature taint to module_augment_kernel_taints() Date: Sun, 19 Mar 2023 14:27:44 -0700 Message-Id: <20230319212746.1783033-11-mcgrof@kernel.org> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20230319212746.1783033-1-mcgrof@kernel.org> References: <20230319212746.1783033-1-mcgrof@kernel.org> MIME-Version: 1.0 Sender: Luis Chamberlain Precedence: bulk List-ID: Just move the signature taint into the helper: module_augment_kernel_taints() Signed-off-by: Luis Chamberlain --- kernel/module/main.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/kernel/module/main.c b/kernel/module/main.c index 1aa71f82aca2..2f1988137965 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -1984,6 +1984,15 @@ static void module_augment_kernel_taints(struct module *mod, struct load_info *i mod->name); add_taint_module(mod, TAINT_TEST, LOCKDEP_STILL_OK); } +#ifdef CONFIG_MODULE_SIG + mod->sig_ok = info->sig_ok; + if (!mod->sig_ok) { + pr_notice_once("%s: module verification failed: signature " + "and/or required key missing - tainting " + "kernel\n", mod->name); + add_taint_module(mod, TAINT_UNSIGNED_MODULE, LOCKDEP_STILL_OK); + } +#endif } static int check_modinfo(struct module *mod, struct load_info *info, int flags) @@ -2770,15 +2779,6 @@ static int load_module(struct load_info *info, const char __user *uargs, * We should compromise and converge. */ module_augment_kernel_taints(mod, info); -#ifdef CONFIG_MODULE_SIG - mod->sig_ok = info->sig_ok; - if (!mod->sig_ok) { - pr_notice_once("%s: module verification failed: signature " - "and/or required key missing - tainting " - "kernel\n", mod->name); - add_taint_module(mod, TAINT_UNSIGNED_MODULE, LOCKDEP_STILL_OK); - } -#endif /* To avoid stressing percpu allocator, do this once we're unique. */ err = percpu_modalloc(mod, info); From patchwork Sun Mar 19 21:27:45 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Luis Chamberlain X-Patchwork-Id: 13180582 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id DF8E4C6FD1F for ; Sun, 19 Mar 2023 21:27:54 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230266AbjCSV1x (ORCPT ); Sun, 19 Mar 2023 17:27:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44728 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230251AbjCSV1w (ORCPT ); Sun, 19 Mar 2023 17:27:52 -0400 Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 49A9D1B2D8; Sun, 19 Mar 2023 14:27:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20210309; h=Sender:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description; bh=rChvCtOI+bS071r53S0Y92CdZ3IVoiOFQgMuZLAmWd0=; b=onCTM8KinqfQaar39+8qVCEvgQ spNwSEwjv8/VHUw2s0drqkIaihL1eei454VoYQmspSNyHFjwythWJ22TgTChYv/vDeiwDjnbR2pUh N2JVTXSDEJaM8jdTH7aSpMUEC1bMtMsbWW8wBS7RTX5jQiCQGyMPMrbVC1PpayJvCIkEjKkGvgC6H UnymMJfQFoP7ftazoIFDdEoszFD6QnbPnXqhsd+8AwEMZM3v4ae772u190bqAq7ZOWfw+4FVBcJo/ ONI0jpMEFCMT5e5ytmpap1ThBo358axDb87nCvZdve7EaZf8FPjHEokYdaSSJutbCdd5yLT/Wf3m+ ELdH0pjg==; Received: from mcgrof by bombadil.infradead.org with local (Exim 4.96 #2 (Red Hat Linux)) id 1pe0ZA-007TrL-06; Sun, 19 Mar 2023 21:27:48 +0000 From: Luis Chamberlain To: linux-modules@vger.kernel.org, linux-kernel@vger.kernel.org, pmladek@suse.com, david@redhat.com, petr.pavlu@suse.com, prarit@redhat.com Cc: christophe.leroy@csgroup.eu, song@kernel.org, mcgrof@kernel.org Subject: [PATCH 11/12] module: converge taint work together Date: Sun, 19 Mar 2023 14:27:45 -0700 Message-Id: <20230319212746.1783033-12-mcgrof@kernel.org> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20230319212746.1783033-1-mcgrof@kernel.org> References: <20230319212746.1783033-1-mcgrof@kernel.org> MIME-Version: 1.0 Sender: Luis Chamberlain Precedence: bulk List-ID: Converge on a compromise: so long as we have a module hit our linked list of modules we taint. That is, the module was about to become live. Signed-off-by: Luis Chamberlain --- kernel/module/main.c | 52 ++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 28 deletions(-) diff --git a/kernel/module/main.c b/kernel/module/main.c index 2f1988137965..f165d93a4ef9 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -1955,6 +1955,8 @@ static int setup_load_info(struct load_info *info, int flags) * These calls taint the kernel depending certain module circumstances */ static void module_augment_kernel_taints(struct module *mod, struct load_info *info) { + int prev_taint = test_taint(TAINT_PROPRIETARY_MODULE); + if (!get_modinfo(info, "intree")) { if (!test_taint(TAINT_OOT_MODULE)) pr_warn("%s: loading out-of-tree module taints kernel.\n", @@ -1993,6 +1995,28 @@ static void module_augment_kernel_taints(struct module *mod, struct load_info *i add_taint_module(mod, TAINT_UNSIGNED_MODULE, LOCKDEP_STILL_OK); } #endif + + /* + * ndiswrapper is under GPL by itself, but loads proprietary modules. + * Don't use add_taint_module(), as it would prevent ndiswrapper from + * using GPL-only symbols it needs. + */ + if (strcmp(mod->name, "ndiswrapper") == 0) + add_taint(TAINT_PROPRIETARY_MODULE, LOCKDEP_NOW_UNRELIABLE); + + /* driverloader was caught wrongly pretending to be under GPL */ + if (strcmp(mod->name, "driverloader") == 0) + add_taint_module(mod, TAINT_PROPRIETARY_MODULE, + LOCKDEP_NOW_UNRELIABLE); + + /* lve claims to be GPL but upstream won't provide source */ + if (strcmp(mod->name, "lve") == 0) + add_taint_module(mod, TAINT_PROPRIETARY_MODULE, + LOCKDEP_NOW_UNRELIABLE); + + if (!prev_taint && test_taint(TAINT_PROPRIETARY_MODULE)) + pr_warn("%s: module license taints kernel.\n", mod->name); + } static int check_modinfo(struct module *mod, struct load_info *info, int flags) @@ -2198,29 +2222,6 @@ static int move_module(struct module *mod, struct load_info *info) static int check_module_license_and_versions(struct module *mod) { - int prev_taint = test_taint(TAINT_PROPRIETARY_MODULE); - - /* - * ndiswrapper is under GPL by itself, but loads proprietary modules. - * Don't use add_taint_module(), as it would prevent ndiswrapper from - * using GPL-only symbols it needs. - */ - if (strcmp(mod->name, "ndiswrapper") == 0) - add_taint(TAINT_PROPRIETARY_MODULE, LOCKDEP_NOW_UNRELIABLE); - - /* driverloader was caught wrongly pretending to be under GPL */ - if (strcmp(mod->name, "driverloader") == 0) - add_taint_module(mod, TAINT_PROPRIETARY_MODULE, - LOCKDEP_NOW_UNRELIABLE); - - /* lve claims to be GPL but upstream won't provide source */ - if (strcmp(mod->name, "lve") == 0) - add_taint_module(mod, TAINT_PROPRIETARY_MODULE, - LOCKDEP_NOW_UNRELIABLE); - - if (!prev_taint && test_taint(TAINT_PROPRIETARY_MODULE)) - pr_warn("%s: module license taints kernel.\n", mod->name); - #ifdef CONFIG_MODVERSIONS if ((mod->num_syms && !mod->crcs) || (mod->num_gpl_syms && !mod->gpl_crcs)) { @@ -2772,11 +2773,6 @@ static int load_module(struct load_info *info, const char __user *uargs, /* * We are tainting your kernel if your module gets into * the modules linked list somehow. - * - * We have a descrepancy though, see the other taints for - * signature and those in check_module_license_and_versions(). - * - * We should compromise and converge. */ module_augment_kernel_taints(mod, info); From patchwork Sun Mar 19 21:27:46 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Luis Chamberlain X-Patchwork-Id: 13180590 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 65291C761AF for ; Sun, 19 Mar 2023 21:28:00 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230168AbjCSV17 (ORCPT ); Sun, 19 Mar 2023 17:27:59 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44758 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230274AbjCSV1y (ORCPT ); Sun, 19 Mar 2023 17:27:54 -0400 Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3C72E1B2F4; Sun, 19 Mar 2023 14:27:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20210309; h=Sender:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description; bh=wQkyT18VZpOuqRMfI0/GbWVG9J9s2yrV/+TTo6WVbWQ=; b=dkn9BWo+buogcOb4zH8SOvdKC5 WNMMT8Jl+AR5MxaBeO9NBZlZeLxqEZOJxSP/6ShMRF76q5E8DoZ5Y+zR6c59absP/Nbr1Oo7wLZy5 PeGPpvVcEhKKa4ZXSwRyVqKLI0ARZi+L9K0HnVuNmQX7iJ589cEzOGzfWQMXUa/3aBgNNv+U3BEIw 3ujVrbll7407IemEyJYcjsz9fbM0TWErvVWtnuQdgSpOBQzqXGRwHOiQR6Y/a7IxtWyXsUUweEUNi 1owqCZYziD0tEV5AQN9bcySH8/0tDgGi6TicwAg0vlP2hN2g/X4Oalkut5vPTNfCHlJ6Nrxc0igN3 lkz+bsfw==; Received: from mcgrof by bombadil.infradead.org with local (Exim 4.96 #2 (Red Hat Linux)) id 1pe0ZA-007TrN-0D; Sun, 19 Mar 2023 21:27:48 +0000 From: Luis Chamberlain To: linux-modules@vger.kernel.org, linux-kernel@vger.kernel.org, pmladek@suse.com, david@redhat.com, petr.pavlu@suse.com, prarit@redhat.com Cc: christophe.leroy@csgroup.eu, song@kernel.org, mcgrof@kernel.org Subject: [PATCH 12/12] module: rename check_module_license_and_versions() to check_export_symbol_versions() Date: Sun, 19 Mar 2023 14:27:46 -0700 Message-Id: <20230319212746.1783033-13-mcgrof@kernel.org> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20230319212746.1783033-1-mcgrof@kernel.org> References: <20230319212746.1783033-1-mcgrof@kernel.org> MIME-Version: 1.0 Sender: Luis Chamberlain Precedence: bulk List-ID: This makes the routine easier to understand what the check its checking for. Signed-off-by: Luis Chamberlain --- kernel/module/main.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kernel/module/main.c b/kernel/module/main.c index f165d93a4ef9..cf097ffe6a4a 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -2220,7 +2220,7 @@ static int move_module(struct module *mod, struct load_info *info) return -ENOMEM; } -static int check_module_license_and_versions(struct module *mod) +static int check_export_symbol_versions(struct module *mod) { #ifdef CONFIG_MODVERSIONS if ((mod->num_syms && !mod->crcs) || @@ -2796,7 +2796,7 @@ static int load_module(struct load_info *info, const char __user *uargs, if (err) goto free_unload; - err = check_module_license_and_versions(mod); + err = check_export_symbol_versions(mod); if (err) goto free_unload;