summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLuis Chamberlain <mcgrof@kernel.org>2023-03-19 22:27:42 +0100
committerLuis Chamberlain <mcgrof@kernel.org>2023-03-24 19:33:08 +0100
commit437c1f9cc61fd37829eaf12d8ae2f7dcc5dddce0 (patch)
treee3097207f2d185fe0cc952e142b85408ae0a1d28
parentmodule: split taint work out of check_modinfo_livepatch() (diff)
downloadlinux-437c1f9cc61fd37829eaf12d8ae2f7dcc5dddce0.tar.xz
linux-437c1f9cc61fd37829eaf12d8ae2f7dcc5dddce0.zip
module: split taint adding with info checking
check_modinfo() actually does two things: a) sanity checks, some of which are fatal, and so we prevent the user from completing trying to load a module b) taints the kernel The taints are pretty heavy handed because we're tainting the kernel *before* we ever even get to load the module into the modules linked list. That is, it it can fail for other reasons later as we review the module's structure. But this commit makes no functional changes, it just makes the intent clearer and splits the code up where needed to make that happen. Signed-off-by: Luis Chamberlain <mcgrof@kernel.org>
-rw-r--r--kernel/module/main.c62
1 files changed, 40 insertions, 22 deletions
diff --git a/kernel/module/main.c b/kernel/module/main.c
index cfb2ff5185fe..a3953ca18090 100644
--- a/kernel/module/main.c
+++ b/kernel/module/main.c
@@ -1951,25 +1951,10 @@ static int setup_load_info(struct load_info *info, int flags)
return 0;
}
-static int check_modinfo(struct module *mod, struct load_info *info, int flags)
+/*
+ * These calls taint the kernel depending certain module circumstances */
+static void module_augment_kernel_taints(struct module *mod, struct load_info *info)
{
- const char *modmagic = get_modinfo(info, "vermagic");
- int err;
-
- if (flags & MODULE_INIT_IGNORE_VERMAGIC)
- modmagic = NULL;
-
- /* This is allowed: modprobe --force will invalidate it. */
- if (!modmagic) {
- err = try_to_force_load(mod, "bad vermagic");
- if (err)
- return err;
- } else if (!same_magic(modmagic, vermagic, info->index.vers)) {
- pr_err("%s: version magic '%s' should be '%s'\n",
- info->name, modmagic, vermagic);
- return -ENOEXEC;
- }
-
if (!get_modinfo(info, "intree")) {
if (!test_taint(TAINT_OOT_MODULE))
pr_warn("%s: loading out-of-tree module taints kernel.\n",
@@ -1985,15 +1970,12 @@ static int check_modinfo(struct module *mod, struct load_info *info, int flags)
"is unknown, you have been warned.\n", mod->name);
}
- err = check_modinfo_livepatch(mod, info);
- if (err)
- return err;
-
if (is_livepatch_module(mod)) {
add_taint_module(mod, TAINT_LIVEPATCH, LOCKDEP_STILL_OK);
pr_notice_once("%s: tainting kernel with TAINT_LIVEPATCH\n",
mod->name);
}
+
module_license_taint_check(mod, get_modinfo(info, "license"));
if (get_modinfo(info, "test")) {
@@ -2002,6 +1984,42 @@ static int check_modinfo(struct module *mod, struct load_info *info, int flags)
mod->name);
add_taint_module(mod, TAINT_TEST, LOCKDEP_STILL_OK);
}
+}
+
+static int check_modinfo(struct module *mod, struct load_info *info, int flags)
+{
+ const char *modmagic = get_modinfo(info, "vermagic");
+ int err;
+
+ if (flags & MODULE_INIT_IGNORE_VERMAGIC)
+ modmagic = NULL;
+
+ /* This is allowed: modprobe --force will invalidate it. */
+ if (!modmagic) {
+ err = try_to_force_load(mod, "bad vermagic");
+ if (err)
+ return err;
+ } else if (!same_magic(modmagic, vermagic, info->index.vers)) {
+ pr_err("%s: version magic '%s' should be '%s'\n",
+ info->name, modmagic, vermagic);
+ return -ENOEXEC;
+ }
+
+ err = check_modinfo_livepatch(mod, info);
+ if (err)
+ return err;
+
+ /*
+ * We are tainting your kernel *even* if you try to load
+ * modules with possible taints and we fail to load these
+ * modules for other reasons.
+ *
+ * We have a descrepancy though, see the other taints for
+ * signature and those in check_module_license_and_versions().
+ *
+ * We should compromise and converge.
+ */
+ module_augment_kernel_taints(mod, info);
return 0;
}