lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250522071744.2362563-1-masahiroy@kernel.org>
Date: Thu, 22 May 2025 16:17:20 +0900
From: Masahiro Yamada <masahiroy@...nel.org>
To: linux-kbuild@...r.kernel.org
Cc: linux-kernel@...r.kernel.org,
	Masahiro Yamada <masahiroy@...nel.org>,
	Nathan Chancellor <nathan@...nel.org>,
	Nicolas Schier <nicolas.schier@...ux.dev>
Subject: [PATCH 1/3] modpost: check forbidden MODULE_IMPORT_NS("module:") at compile time

Explicitly adding MODULE_IMPORT_NS("module:...") is not allowed.

Currently, this is only checked at run time. That is, when such a
module is loaded, an error message like the following is shown:

  foo: module tries to import module namespace: module:bar

Obviously, checking this at compile time improves usability.

In such a case, modpost will report the following error at compile time:

  ERROR: modpost: foo: explicitly importing namespace "module:bar" is not allowed.

Signed-off-by: Masahiro Yamada <masahiroy@...nel.org>
---

 scripts/mod/modpost.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c
index 16a69a129805..5ca7c268294e 100644
--- a/scripts/mod/modpost.c
+++ b/scripts/mod/modpost.c
@@ -28,6 +28,8 @@
 #include "modpost.h"
 #include "../../include/linux/license.h"
 
+#define MODULE_NS_PREFIX "module:"
+
 static bool module_enabled;
 /* Are we using CONFIG_MODVERSIONS? */
 static bool modversions;
@@ -1597,8 +1599,13 @@ static void read_symbols(const char *modname)
 
 		for (namespace = get_modinfo(&info, "import_ns");
 		     namespace;
-		     namespace = get_next_modinfo(&info, "import_ns", namespace))
+		     namespace = get_next_modinfo(&info, "import_ns", namespace)) {
+			if (strstarts(namespace, MODULE_NS_PREFIX))
+				error("%s: explicitly importing namespace \"%s\" is not allowed.\n",
+				      mod->name, namespace);
+
 			add_namespace(&mod->imported_namespaces, namespace);
+		}
 
 		if (!get_modinfo(&info, "description"))
 			warn("missing MODULE_DESCRIPTION() in %s\n", modname);
-- 
2.43.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ