lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Sun, 13 May 2007 16:25:17 +0300
From:	Dan Aloni <da-x@...atomic.org>
To:	Linux Kernel List <linux-kernel@...r.kernel.org>
Subject: [PATCH] allow kernel module exclusion on load

Kernel developers might find it useful for quickly getting out from some 
rough debugging scenarios.

Signed-off-by: Dan Aloni <da-x@...atomic.org>

diff --git a/init/Kconfig b/init/Kconfig
index 4e009fd..796715e 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -682,6 +682,17 @@ config KMOD
 	  runs modprobe with the appropriate arguments, thereby
 	  loading the module if it is available.  If unsure, say Y.
 
+config MODULE_EXCLUSION
+	bool "Refuse loading of modules with certain names"
+	depends on MODULES && DEBUG_KERNEL
+	help
+	  During kernel module development and debugging you might come
+	  into a situation where one of your kernel modules crashes the
+	  kernel on boot. This option lets you specify in the kernel
+	  command line (via exclude-modules=) a comma-separated list 
+	  of kernel modules that the kernel will refuse to load based 
+	  on their names.
+
 config STOP_MACHINE
 	bool
 	default y
diff --git a/kernel/module.c b/kernel/module.c
index 9bd93de..14457dd 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -1551,6 +1551,27 @@ static inline void add_kallsyms(struct module *mod,
 }
 #endif /* CONFIG_KALLSYMS */
 
+#ifdef CONFIG_MODULE_EXCLUSION
+
+static char exclusion_names[0x100];
+static int __init module_exclusion_setup(char *str)
+{
+	snprintf(exclusion_names, sizeof(exclusion_names), ",%s,", str);
+	return 1;
+}
+__setup("exclude-modules=", module_exclusion_setup);
+
+static int is_module_excluded(const char *name)
+{
+	char lookup_str[MODULE_NAME_LEN+3];
+	snprintf(lookup_str, sizeof(lookup_str), ",%s,", name);
+	return strstr(exclusion_names, lookup_str) != NULL;
+}
+
+#else
+static inline int is_module_excluded(const char *name) {return 0;}
+#endif
+
 /* Allocate and load the module: note that size of section 0 is always
    zero, and we rely on this for optional sections. */
 static struct module *load_module(void __user *umod,
@@ -1714,6 +1735,11 @@ static struct module *load_module(void __user *umod,
 		goto free_hdr;
 	}
 
+	if (is_module_excluded(mod->name)) {
+		err = -EACCES;
+		goto free_mod;
+	}
+
 	if (find_module(mod->name)) {
 		err = -EEXIST;
 		goto free_mod;


-- 
Dan Aloni
XIV LTD, http://www.xivstorage.com
da-x (at) monatomic.org, dan (at) xiv.co.il
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ