lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 13 Aug 2019 20:17:34 +0200
From:   Greg KH <gregkh@...uxfoundation.org>
To:     Matthias Maennich <maennich@...gle.com>
Cc:     linux-kernel@...r.kernel.org, maco@...roid.com,
        kernel-team@...roid.com, arnd@...db.de, geert@...ux-m68k.org,
        hpa@...or.com, jeyu@...nel.org, joel@...lfernandes.org,
        kstewart@...uxfoundation.org, linux-arch@...r.kernel.org,
        linux-kbuild@...r.kernel.org, linux-m68k@...ts.linux-m68k.org,
        linux-modules@...r.kernel.org, linux-scsi@...r.kernel.org,
        linux-usb@...r.kernel.org, lucas.de.marchi@...il.com,
        maco@...gle.com, michal.lkml@...kovi.net, mingo@...hat.com,
        oneukum@...e.com, pombredanne@...b.com, sam@...nborg.org,
        sboyd@...eaurora.org, sspatil@...gle.com,
        stern@...land.harvard.edu, tglx@...utronix.de,
        usb-storage@...ts.one-eyed-alien.net, x86@...nel.org,
        yamada.masahiro@...ionext.com,
        Andrew Morton <akpm@...ux-foundation.org>,
        Johannes Weiner <hannes@...xchg.org>,
        "Peter Zijlstra (Intel)" <peterz@...radead.org>,
        Mauro Carvalho Chehab <mchehab+samsung@...nel.org>,
        David Howells <dhowells@...hat.com>,
        Patrick Bellasi <patrick.bellasi@....com>,
        Dan Williams <dan.j.williams@...el.com>,
        Adrian Reber <adrian@...as.de>,
        Richard Guy Briggs <rgb@...hat.com>
Subject: Re: [PATCH v2 05/10] module: add config option
 MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS

On Tue, Aug 13, 2019 at 01:17:02PM +0100, Matthias Maennich wrote:
> If MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS is enabled (default=n), the
> requirement for modules to import all namespaces that are used by
> the module is relaxed.
> 
> Enabling this option effectively allows (invalid) modules to be loaded
> while only a warning is emitted.
> 
> Disabling this option keeps the enforcement at module loading time and
> loading is denied if the module's imports are not satisfactory.
> 
> Reviewed-by: Martijn Coenen <maco@...roid.com>
> Signed-off-by: Matthias Maennich <maennich@...gle.com>
> ---
>  init/Kconfig    | 14 ++++++++++++++
>  kernel/module.c | 11 +++++++++--
>  2 files changed, 23 insertions(+), 2 deletions(-)
> 
> diff --git a/init/Kconfig b/init/Kconfig
> index bd7d650d4a99..b3373334cdf1 100644
> --- a/init/Kconfig
> +++ b/init/Kconfig
> @@ -2119,6 +2119,20 @@ config MODULE_COMPRESS_XZ
>  
>  endchoice
>  
> +config MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS
> +	bool "Allow loading of modules with missing namespace imports"
> +	default n

the default for config options is always N, no need to list it here.

> +	help
> +	  Symbols exported with EXPORT_SYMBOL_NS*() are considered exported in
> +	  a namespace. A module that makes use of a symbol exported with such a
> +	  namespace is required to import the namespace via MODULE_IMPORT_NS().
> +	  This option relaxes this requirement when loading a module. While
> +	  technically there is no reason to enforce correct namespace imports,
> +	  it creates consistency between symbols defining namespaces and users
> +	  importing namespaces they make use of.
> +
> +	  If unsure, say N.
> +
>  config TRIM_UNUSED_KSYMS
>  	bool "Trim unused exported kernel symbols"
>  	depends on MODULES && !UNUSED_SYMBOLS
> diff --git a/kernel/module.c b/kernel/module.c
> index 57e8253f2251..7c934aaae2d3 100644
> --- a/kernel/module.c
> +++ b/kernel/module.c
> @@ -1408,9 +1408,16 @@ static int verify_namespace_is_imported(const struct load_info *info,
>  			imported_namespace = get_next_modinfo(
>  				info, "import_ns", imported_namespace);
>  		}
> -		pr_err("%s: module uses symbol (%s) from namespace %s, but does not import it.\n",
> -		       mod->name, kernel_symbol_name(sym), namespace);
> +#ifdef CONFIG_MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS
> +		pr_warn(
> +#else
> +		pr_err(
> +#endif
> +			"%s: module uses symbol (%s) from namespace %s, but does not import it.\n",
> +			mod->name, kernel_symbol_name(sym), namespace);
> +#ifndef CONFIG_MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS
>  		return -EINVAL;
> +#endif

This #ifdef mess is a hack, but oh well :)

If you drop the above default line, feel free to add:

Reviewed-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ