| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20190813121733.52480-6-maennich@google.com>
Date: Tue, 13 Aug 2019 13:17:02 +0100
From: Matthias Maennich <maennich@...gle.com>
To: linux-kernel@...r.kernel.org, maco@...roid.com
Cc: kernel-team@...roid.com, maennich@...gle.com, arnd@...db.de,
geert@...ux-m68k.org, gregkh@...uxfoundation.org, hpa@...or.com,
jeyu@...nel.org, joel@...lfernandes.org,
kstewart@...uxfoundation.org, linux-arch@...r.kernel.org,
linux-kbuild@...r.kernel.org, linux-m68k@...ts.linux-m68k.org,
linux-modules@...r.kernel.org, linux-scsi@...r.kernel.org,
linux-usb@...r.kernel.org, lucas.de.marchi@...il.com,
maco@...gle.com, michal.lkml@...kovi.net, mingo@...hat.com,
oneukum@...e.com, pombredanne@...b.com, sam@...nborg.org,
sboyd@...eaurora.org, sspatil@...gle.com,
stern@...land.harvard.edu, tglx@...utronix.de,
usb-storage@...ts.one-eyed-alien.net, x86@...nel.org,
yamada.masahiro@...ionext.com,
Andrew Morton <akpm@...ux-foundation.org>,
Johannes Weiner <hannes@...xchg.org>,
"Peter Zijlstra (Intel)" <peterz@...radead.org>,
Mauro Carvalho Chehab <mchehab+samsung@...nel.org>,
David Howells <dhowells@...hat.com>,
Patrick Bellasi <patrick.bellasi@....com>,
Dan Williams <dan.j.williams@...el.com>,
Adrian Reber <adrian@...as.de>,
Richard Guy Briggs <rgb@...hat.com>
Subject: [PATCH v2 05/10] module: add config option MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS
If MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS is enabled (default=n), the
requirement for modules to import all namespaces that are used by
the module is relaxed.
Enabling this option effectively allows (invalid) modules to be loaded
while only a warning is emitted.
Disabling this option keeps the enforcement at module loading time and
loading is denied if the module's imports are not satisfactory.
Reviewed-by: Martijn Coenen <maco@...roid.com>
Signed-off-by: Matthias Maennich <maennich@...gle.com>
---
init/Kconfig | 14 ++++++++++++++
kernel/module.c | 11 +++++++++--
2 files changed, 23 insertions(+), 2 deletions(-)
diff --git a/init/Kconfig b/init/Kconfig
index bd7d650d4a99..b3373334cdf1 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -2119,6 +2119,20 @@ config MODULE_COMPRESS_XZ
endchoice
+config MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS
+ bool "Allow loading of modules with missing namespace imports"
+ default n
+ help
+ Symbols exported with EXPORT_SYMBOL_NS*() are considered exported in
+ a namespace. A module that makes use of a symbol exported with such a
+ namespace is required to import the namespace via MODULE_IMPORT_NS().
+ This option relaxes this requirement when loading a module. While
+ technically there is no reason to enforce correct namespace imports,
+ it creates consistency between symbols defining namespaces and users
+ importing namespaces they make use of.
+
+ If unsure, say N.
+
config TRIM_UNUSED_KSYMS
bool "Trim unused exported kernel symbols"
depends on MODULES && !UNUSED_SYMBOLS
diff --git a/kernel/module.c b/kernel/module.c
index 57e8253f2251..7c934aaae2d3 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -1408,9 +1408,16 @@ static int verify_namespace_is_imported(const struct load_info *info,
imported_namespace = get_next_modinfo(
info, "import_ns", imported_namespace);
}
- pr_err("%s: module uses symbol (%s) from namespace %s, but does not import it.\n",
- mod->name, kernel_symbol_name(sym), namespace);
+#ifdef CONFIG_MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS
+ pr_warn(
+#else
+ pr_err(
+#endif
+ "%s: module uses symbol (%s) from namespace %s, but does not import it.\n",
+ mod->name, kernel_symbol_name(sym), namespace);
+#ifndef CONFIG_MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS
return -EINVAL;
+#endif
}
return 0;
}
--
2.23.0.rc1.153.gdeed80330f-goog
Powered by blists - more mailing lists