| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 2 Jul 2024 02:44:31 -0300
From: Ágatha Isabelle Chris Moreira Guedes <code@...tha.dev>
To: linux-staging@...ts.linux.dev, linux-kernel@...r.kernel.org,
linux-modules@...r.kernel.org, Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Luis Chamberlain <mcgrof@...nel.org>
Cc: Ágatha Isabelle Chris Moreira Guedes <patch-reply@...tha.dev>,
Jookia <contact@...kia.org>
Subject: [PATCH] staging: Fix missing warning/taint on builtin code
Fix the absence of warning message and kernel tainting when initializing
drivers from the `drivers/staging` subtree from initcalls (when
configured as built-in).
When such a driver is built as module and the module is loaded, the
`load_module()` function taints the kernel to signal code of unknown
quality is loaded, and produces a warning like this:
[ 8.076352] rts5208: module is from the staging directory, the
quality is unknown, you have been warned.
The same behaviour is absent, however, when a staging driver is compiled
as built-in on the kernel image, since loading it happens through
initcalls and not through load_module().
This might prevent relevant information of being available on a bug
report (i.e. on a panic log) among other possible problems.
Signed-off-by: Ágatha Isabelle Chris Moreira Guedes <code@...tha.dev>
---
ACKNOWLEDGEMENTS
Thanks for Jookia, heat and ukleinek for the important comments &
suggestions on this patch prior to submission.
drivers/staging/Makefile | 2 ++
include/linux/init.h | 6 ++++++
include/linux/module.h | 33 +++++++++++++++++++++++++++++++++
init/main.c | 20 ++++++++++++++++++++
kernel/module/main.c | 4 +---
5 files changed, 62 insertions(+), 3 deletions(-)
diff --git a/drivers/staging/Makefile b/drivers/staging/Makefile
index 5390879b5d1b..7cea13436426 100644
--- a/drivers/staging/Makefile
+++ b/drivers/staging/Makefile
@@ -1,6 +1,8 @@
# SPDX-License-Identifier: GPL-2.0
# Makefile for staging directory
+subdir-ccflags-y += -DSTAGING_CODE
+
obj-y += media/
obj-$(CONFIG_FB_OLPC_DCON) += olpc_dcon/
obj-$(CONFIG_RTL8192E) += rtl8192e/
diff --git a/include/linux/init.h b/include/linux/init.h
index 58cef4c2e59a..68c37600958f 100644
--- a/include/linux/init.h
+++ b/include/linux/init.h
@@ -397,4 +397,10 @@ void __init parse_early_options(char *cmdline);
#define __exit_p(x) NULL
#endif
+#ifdef CONFIG_STAGING
+#ifndef __ASSEMBLY__
+extern void staging_taint(const char *code_id, bool module);
+#endif /* __ASSEMBLY__ */
+#endif /* CONFIG_STAGING */
+
#endif /* _LINUX_INIT_H */
diff --git a/include/linux/module.h b/include/linux/module.h
index 330ffb59efe5..ffe58f5d143b 100644
--- a/include/linux/module.h
+++ b/include/linux/module.h
@@ -76,6 +76,39 @@ extern struct module_attribute module_uevent;
extern int init_module(void);
extern void cleanup_module(void);
+#ifdef CONFIG_STAGING
+
+#define __lower_define_initcall(fn, id) ___define_initcall(fn, id, .initcall##id)
+
+/**
+ * __staging_define_initcall(fn,id) - staging initialization entry point
+ * @fn: the function to run at kernel boot time
+ * @id: the initcall level
+ *
+ * __staging_define_initcall() will ensure the drive's init function is always
+ * called during initcalls for staging code by producing a wrapper function.
+ * It applies if a module from the drivers/staging subtree is builtin to the
+ * kernel. It reproduces the behavior in load_module() by tainting the kernel
+ * and logging a warning about the code quality.
+ */
+
+#define __staging_define_initcall(fn, id) \
+ static int __init __staging_wrapped_##fn(void) \
+ { \
+ staging_taint(__FILE__, false); \
+ return fn(); \
+ } \
+__lower_define_initcall(__staging_wrapped_##fn, id)
+
+#ifdef STAGING_CODE
+
+#undef __define_initcall
+#define __define_initcall(fn, id) __staging_define_initcall(fn, id)
+
+#endif /* STAGING_CODE */
+
+#endif /* CONFIG_STAGING */
+
#ifndef MODULE
/**
* module_init() - driver initialization entry point
diff --git a/init/main.c b/init/main.c
index 206acdde51f5..fca889f3bcc0 100644
--- a/init/main.c
+++ b/init/main.c
@@ -1602,3 +1602,23 @@ static noinline void __init kernel_init_freeable(void)
integrity_load_keys();
}
+
+#ifdef CONFIG_STAGING
+/**
+ * staging_init_taint() - We need to taint the kernel whenever staging code
+ * is initialized (from built-in drivers) or loaded (as modules) and issue
+ * a warning the first time it happens.
+ */
+void staging_taint(const char *code_id, bool module)
+{
+ char *code_type = module ? "module" : "builtin driver at";
+
+ pr_warn("%s %s: The kernel contains code from staging directory"
+ "the quality is unknown, you have been warned.\n",
+ code_type, code_id);
+
+ add_taint(TAINT_CRAP, LOCKDEP_STILL_OK);
+}
+EXPORT_SYMBOL(staging_taint);
+
+#endif /* CONFIG_STAGING */
diff --git a/kernel/module/main.c b/kernel/module/main.c
index d18a94b973e1..d7d33336ab43 100644
--- a/kernel/module/main.c
+++ b/kernel/module/main.c
@@ -2039,9 +2039,7 @@ static void module_augment_kernel_taints(struct module *mod, struct load_info *i
check_modinfo_retpoline(mod, info);
if (get_modinfo(info, "staging")) {
- add_taint_module(mod, TAINT_CRAP, LOCKDEP_STILL_OK);
- pr_warn("%s: module is from the staging directory, the quality "
- "is unknown, you have been warned.\n", mod->name);
+ staging_taint(mod->name, true);
}
if (is_livepatch_module(mod)) {
--
2.45.2
Download attachment "signature.asc" of type "application/pgp-signature" (229 bytes)
Powered by blists - more mailing lists