2006-06-28 04:26:45 -07:00
/*
2005-04-16 15:20:36 -07:00
Copyright ( C ) 2002 Richard Henderson
2010-08-05 12:59:13 -06:00
Copyright ( C ) 2001 Rusty Russell , 2002 , 2010 Rusty Russell IBM .
2005-04-16 15:20:36 -07:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation ; either version 2 of the License , or
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
along with this program ; if not , write to the Free Software
Foundation , Inc . , 59 Temple Place , Suite 330 , Boston , MA 02111 - 1307 USA
*/
2011-05-23 14:51:41 -04:00
# include <linux/export.h>
2005-04-16 15:20:36 -07:00
# include <linux/moduleloader.h>
2009-04-10 14:53:50 -04:00
# include <linux/ftrace_event.h>
2005-04-16 15:20:36 -07:00
# include <linux/init.h>
2007-05-08 00:28:38 -07:00
# include <linux/kallsyms.h>
module: add syscall to load module from fd
As part of the effort to create a stronger boundary between root and
kernel, Chrome OS wants to be able to enforce that kernel modules are
being loaded only from our read-only crypto-hash verified (dm_verity)
root filesystem. Since the init_module syscall hands the kernel a module
as a memory blob, no reasoning about the origin of the blob can be made.
Earlier proposals for appending signatures to kernel modules would not be
useful in Chrome OS, since it would involve adding an additional set of
keys to our kernel and builds for no good reason: we already trust the
contents of our root filesystem. We don't need to verify those kernel
modules a second time. Having to do signature checking on module loading
would slow us down and be redundant. All we need to know is where a
module is coming from so we can say yes/no to loading it.
If a file descriptor is used as the source of a kernel module, many more
things can be reasoned about. In Chrome OS's case, we could enforce that
the module lives on the filesystem we expect it to live on. In the case
of IMA (or other LSMs), it would be possible, for example, to examine
extended attributes that may contain signatures over the contents of
the module.
This introduces a new syscall (on x86), similar to init_module, that has
only two arguments. The first argument is used as a file descriptor to
the module and the second argument is a pointer to the NULL terminated
string of module arguments.
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (merge fixes)
2012-10-16 07:31:07 +10:30
# include <linux/file.h>
2008-10-06 13:19:27 +04:00
# include <linux/fs.h>
2007-10-16 23:26:40 -07:00
# include <linux/sysfs.h>
2005-09-13 01:25:16 -07:00
# include <linux/kernel.h>
2005-04-16 15:20:36 -07:00
# include <linux/slab.h>
# include <linux/vmalloc.h>
# include <linux/elf.h>
2008-10-06 13:19:27 +04:00
# include <linux/proc_fs.h>
2012-10-16 07:32:07 +10:30
# include <linux/security.h>
2005-04-16 15:20:36 -07:00
# include <linux/seq_file.h>
# include <linux/syscalls.h>
# include <linux/fcntl.h>
# include <linux/rcupdate.h>
2006-01-11 12:17:46 -08:00
# include <linux/capability.h>
2005-04-16 15:20:36 -07:00
# include <linux/cpu.h>
# include <linux/moduleparam.h>
# include <linux/errno.h>
# include <linux/err.h>
# include <linux/vermagic.h>
# include <linux/notifier.h>
2006-10-18 01:47:25 -04:00
# include <linux/sched.h>
2005-04-16 15:20:36 -07:00
# include <linux/stop_machine.h>
# include <linux/device.h>
[PATCH] modules: add version and srcversion to sysfs
This patch adds version and srcversion files to
/sys/module/${modulename} containing the version and srcversion fields
of the module's modinfo section (if present).
/sys/module/e1000
|-- srcversion
`-- version
This patch differs slightly from the version posted in January, as it
now uses the new kstrdup() call in -mm.
Why put this in sysfs?
a) Tools like DKMS, which deal with changing out individual kernel
modules without replacing the whole kernel, can behave smarter if they
can tell the version of a given module. The autoinstaller feature, for
example, which determines if your system has a "good" version of a
driver (i.e. if the one provided by DKMS has a newer verson than that
provided by the kernel package installed), and to automatically compile
and install a newer version if DKMS has it but your kernel doesn't yet
have that version.
b) Because sysadmins manually, or with tools like DKMS, can switch out
modules on the file system, you can't count on 'modinfo foo.ko', which
looks at /lib/modules/${kernelver}/... actually matching what is loaded
into the kernel already. Hence asking sysfs for this.
c) as the unbind-driver-from-device work takes shape, it will be
possible to rebind a driver that's built-in (no .ko to modinfo for the
version) to a newly loaded module. sysfs will have the
currently-built-in version info, for comparison.
d) tech support scripts can then easily grab the version info for what's
running presently - a question I get often.
There has been renewed interest in this patch on linux-scsi by driver
authors.
As the idea originated from GregKH, I leave his Signed-off-by: intact,
though the implementation is nearly completely new. Compiled and run on
x86 and x86_64.
From: Matthew Dobson <colpatch@us.ibm.com>
build fix
From: Thierry Vignaud <tvignaud@mandriva.com>
build fix
From: Matthew Dobson <colpatch@us.ibm.com>
warning fix
Signed-off-by: Greg Kroah-Hartman <greg@kroah.com>
Signed-off-by: Matt Domsch <Matt_Domsch@dell.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-23 22:05:15 -07:00
# include <linux/string.h>
2006-03-23 03:00:24 -08:00
# include <linux/mutex.h>
2008-08-30 10:09:00 +02:00
# include <linux/rculist.h>
2005-04-16 15:20:36 -07:00
# include <asm/uaccess.h>
# include <asm/cacheflush.h>
2009-09-21 17:03:57 -07:00
# include <asm/mmu_context.h>
2006-06-09 21:53:55 +02:00
# include <linux/license.h>
2008-02-08 04:18:42 -08:00
# include <asm/sections.h>
tracing: Kernel Tracepoints
Implementation of kernel tracepoints. Inspired from the Linux Kernel
Markers. Allows complete typing verification by declaring both tracing
statement inline functions and probe registration/unregistration static
inline functions within the same macro "DEFINE_TRACE". No format string
is required. See the tracepoint Documentation and Samples patches for
usage examples.
Taken from the documentation patch :
"A tracepoint placed in code provides a hook to call a function (probe)
that you can provide at runtime. A tracepoint can be "on" (a probe is
connected to it) or "off" (no probe is attached). When a tracepoint is
"off" it has no effect, except for adding a tiny time penalty (checking
a condition for a branch) and space penalty (adding a few bytes for the
function call at the end of the instrumented function and adds a data
structure in a separate section). When a tracepoint is "on", the
function you provide is called each time the tracepoint is executed, in
the execution context of the caller. When the function provided ends its
execution, it returns to the caller (continuing from the tracepoint
site).
You can put tracepoints at important locations in the code. They are
lightweight hooks that can pass an arbitrary number of parameters, which
prototypes are described in a tracepoint declaration placed in a header
file."
Addition and removal of tracepoints is synchronized by RCU using the
scheduler (and preempt_disable) as guarantees to find a quiescent state
(this is really RCU "classic"). The update side uses rcu_barrier_sched()
with call_rcu_sched() and the read/execute side uses
"preempt_disable()/preempt_enable()".
We make sure the previous array containing probes, which has been
scheduled for deletion by the rcu callback, is indeed freed before we
proceed to the next update. It therefore limits the rate of modification
of a single tracepoint to one update per RCU period. The objective here
is to permit fast batch add/removal of probes on _different_
tracepoints.
Changelog :
- Use #name ":" #proto as string to identify the tracepoint in the
tracepoint table. This will make sure not type mismatch happens due to
connexion of a probe with the wrong type to a tracepoint declared with
the same name in a different header.
- Add tracepoint_entry_free_old.
- Change __TO_TRACE to get rid of the 'i' iterator.
Masami Hiramatsu <mhiramat@redhat.com> :
Tested on x86-64.
Performance impact of a tracepoint : same as markers, except that it
adds about 70 bytes of instructions in an unlikely branch of each
instrumented function (the for loop, the stack setup and the function
call). It currently adds a memory read, a test and a conditional branch
at the instrumentation site (in the hot path). Immediate values will
eventually change this into a load immediate, test and branch, which
removes the memory read which will make the i-cache impact smaller
(changing the memory read for a load immediate removes 3-4 bytes per
site on x86_32 (depending on mov prefixes), or 7-8 bytes on x86_64, it
also saves the d-cache hit).
About the performance impact of tracepoints (which is comparable to
markers), even without immediate values optimizations, tests done by
Hideo Aoki on ia64 show no regression. His test case was using hackbench
on a kernel where scheduler instrumentation (about 5 events in code
scheduler code) was added.
Quoting Hideo Aoki about Markers :
I evaluated overhead of kernel marker using linux-2.6-sched-fixes git
tree, which includes several markers for LTTng, using an ia64 server.
While the immediate trace mark feature isn't implemented on ia64, there
is no major performance regression. So, I think that we don't have any
issues to propose merging marker point patches into Linus's tree from
the viewpoint of performance impact.
I prepared two kernels to evaluate. The first one was compiled without
CONFIG_MARKERS. The second one was enabled CONFIG_MARKERS.
I downloaded the original hackbench from the following URL:
http://devresources.linux-foundation.org/craiger/hackbench/src/hackbench.c
I ran hackbench 5 times in each condition and calculated the average and
difference between the kernels.
The parameter of hackbench: every 50 from 50 to 800
The number of CPUs of the server: 2, 4, and 8
Below is the results. As you can see, major performance regression
wasn't found in any case. Even if number of processes increases,
differences between marker-enabled kernel and marker- disabled kernel
doesn't increase. Moreover, if number of CPUs increases, the differences
doesn't increase either.
Curiously, marker-enabled kernel is better than marker-disabled kernel
in more than half cases, although I guess it comes from the difference
of memory access pattern.
* 2 CPUs
Number of | without | with | diff | diff |
processes | Marker [Sec] | Marker [Sec] | [Sec] | [%] |
--------------------------------------------------------------
50 | 4.811 | 4.872 | +0.061 | +1.27 |
100 | 9.854 | 10.309 | +0.454 | +4.61 |
150 | 15.602 | 15.040 | -0.562 | -3.6 |
200 | 20.489 | 20.380 | -0.109 | -0.53 |
250 | 25.798 | 25.652 | -0.146 | -0.56 |
300 | 31.260 | 30.797 | -0.463 | -1.48 |
350 | 36.121 | 35.770 | -0.351 | -0.97 |
400 | 42.288 | 42.102 | -0.186 | -0.44 |
450 | 47.778 | 47.253 | -0.526 | -1.1 |
500 | 51.953 | 52.278 | +0.325 | +0.63 |
550 | 58.401 | 57.700 | -0.701 | -1.2 |
600 | 63.334 | 63.222 | -0.112 | -0.18 |
650 | 68.816 | 68.511 | -0.306 | -0.44 |
700 | 74.667 | 74.088 | -0.579 | -0.78 |
750 | 78.612 | 79.582 | +0.970 | +1.23 |
800 | 85.431 | 85.263 | -0.168 | -0.2 |
--------------------------------------------------------------
* 4 CPUs
Number of | without | with | diff | diff |
processes | Marker [Sec] | Marker [Sec] | [Sec] | [%] |
--------------------------------------------------------------
50 | 2.586 | 2.584 | -0.003 | -0.1 |
100 | 5.254 | 5.283 | +0.030 | +0.56 |
150 | 8.012 | 8.074 | +0.061 | +0.76 |
200 | 11.172 | 11.000 | -0.172 | -1.54 |
250 | 13.917 | 14.036 | +0.119 | +0.86 |
300 | 16.905 | 16.543 | -0.362 | -2.14 |
350 | 19.901 | 20.036 | +0.135 | +0.68 |
400 | 22.908 | 23.094 | +0.186 | +0.81 |
450 | 26.273 | 26.101 | -0.172 | -0.66 |
500 | 29.554 | 29.092 | -0.461 | -1.56 |
550 | 32.377 | 32.274 | -0.103 | -0.32 |
600 | 35.855 | 35.322 | -0.533 | -1.49 |
650 | 39.192 | 38.388 | -0.804 | -2.05 |
700 | 41.744 | 41.719 | -0.025 | -0.06 |
750 | 45.016 | 44.496 | -0.520 | -1.16 |
800 | 48.212 | 47.603 | -0.609 | -1.26 |
--------------------------------------------------------------
* 8 CPUs
Number of | without | with | diff | diff |
processes | Marker [Sec] | Marker [Sec] | [Sec] | [%] |
--------------------------------------------------------------
50 | 2.094 | 2.072 | -0.022 | -1.07 |
100 | 4.162 | 4.273 | +0.111 | +2.66 |
150 | 6.485 | 6.540 | +0.055 | +0.84 |
200 | 8.556 | 8.478 | -0.078 | -0.91 |
250 | 10.458 | 10.258 | -0.200 | -1.91 |
300 | 12.425 | 12.750 | +0.325 | +2.62 |
350 | 14.807 | 14.839 | +0.032 | +0.22 |
400 | 16.801 | 16.959 | +0.158 | +0.94 |
450 | 19.478 | 19.009 | -0.470 | -2.41 |
500 | 21.296 | 21.504 | +0.208 | +0.98 |
550 | 23.842 | 23.979 | +0.137 | +0.57 |
600 | 26.309 | 26.111 | -0.198 | -0.75 |
650 | 28.705 | 28.446 | -0.259 | -0.9 |
700 | 31.233 | 31.394 | +0.161 | +0.52 |
750 | 34.064 | 33.720 | -0.344 | -1.01 |
800 | 36.320 | 36.114 | -0.206 | -0.57 |
--------------------------------------------------------------
Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@polymtl.ca>
Acked-by: Masami Hiramatsu <mhiramat@redhat.com>
Acked-by: 'Peter Zijlstra' <peterz@infradead.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2008-07-18 12:16:16 -04:00
# include <linux/tracepoint.h>
2008-08-14 15:45:09 -04:00
# include <linux/ftrace.h>
2009-01-07 08:45:46 -08:00
# include <linux/async.h>
2009-02-20 16:29:08 +09:00
# include <linux/percpu.h>
2009-06-11 13:23:20 +01:00
# include <linux/kmemleak.h>
2010-09-17 11:09:00 -04:00
# include <linux/jump_label.h>
2010-11-16 22:35:16 +01:00
# include <linux/pfn.h>
2011-04-20 11:10:52 +02:00
# include <linux/bsearch.h>
2012-09-26 10:09:50 +01:00
# include <linux/fips.h>
2012-10-22 18:09:41 +10:30
# include <uapi/linux/module.h>
2012-09-26 10:09:40 +01:00
# include "module-internal.h"
2005-04-16 15:20:36 -07:00
2009-08-17 16:56:28 +08:00
# define CREATE_TRACE_POINTS
# include <trace/events/module.h>
2005-04-16 15:20:36 -07:00
# ifndef ARCH_SHF_SMALL
# define ARCH_SHF_SMALL 0
# endif
2010-11-16 22:35:16 +01:00
/*
* Modules ' sections will be aligned on page boundaries
* to ensure complete separation of code and data , but
* only when CONFIG_DEBUG_SET_MODULE_RONX = y
*/
# ifdef CONFIG_DEBUG_SET_MODULE_RONX
# define debug_align(X) ALIGN(X, PAGE_SIZE)
# else
# define debug_align(X) (X)
# endif
/*
* Given BASE and SIZE this macro calculates the number of pages the
* memory regions occupies
*/
# define MOD_NUMBER_OF_PAGES(BASE, SIZE) (((SIZE) > 0) ? \
( PFN_DOWN ( ( unsigned long ) ( BASE ) + ( SIZE ) - 1 ) - \
PFN_DOWN ( ( unsigned long ) BASE ) + 1 ) \
: ( 0UL ) )
2005-04-16 15:20:36 -07:00
/* If this is set, the section belongs in the init part of the module */
# define INIT_OFFSET_MASK (1UL << (BITS_PER_LONG-1))
2010-06-05 11:17:36 -06:00
/*
* Mutex protects :
* 1 ) List of modules ( also safely readable with preempt_disable ) ,
* 2 ) module_use links ,
* 3 ) module_addr_min / module_addr_max .
2008-08-30 10:09:00 +02:00
* ( delete uses stop_machine / add uses RCU list operations ) . */
2008-12-05 19:03:59 -05:00
DEFINE_MUTEX ( module_mutex ) ;
EXPORT_SYMBOL_GPL ( module_mutex ) ;
2005-04-16 15:20:36 -07:00
static LIST_HEAD ( modules ) ;
2010-05-20 21:04:21 -05:00
# ifdef CONFIG_KGDB_KDB
struct list_head * kdb_modules = & modules ; /* kdb needs the list of modules */
# endif /* CONFIG_KGDB_KDB */
2012-09-26 10:09:40 +01:00
# ifdef CONFIG_MODULE_SIG
# ifdef CONFIG_MODULE_SIG_FORCE
static bool sig_enforce = true ;
# else
static bool sig_enforce = false ;
static int param_set_bool_enable_only ( const char * val ,
const struct kernel_param * kp )
{
int err ;
bool test ;
struct kernel_param dummy_kp = * kp ;
dummy_kp . arg = & test ;
err = param_set_bool ( val , & dummy_kp ) ;
if ( err )
return err ;
/* Don't let them unset it once it's set! */
if ( ! test & & sig_enforce )
return - EROFS ;
if ( test )
sig_enforce = true ;
return 0 ;
}
static const struct kernel_param_ops param_ops_bool_enable_only = {
2013-08-20 15:33:19 +09:30
. flags = KERNEL_PARAM_FL_NOARG ,
2012-09-26 10:09:40 +01:00
. set = param_set_bool_enable_only ,
. get = param_get_bool ,
} ;
# define param_check_bool_enable_only param_check_bool
module_param ( sig_enforce , bool_enable_only , 0644 ) ;
# endif /* !CONFIG_MODULE_SIG_FORCE */
# endif /* CONFIG_MODULE_SIG */
2005-04-16 15:20:36 -07:00
2009-04-14 17:27:18 +10:00
/* Block module loading/unloading? */
int modules_disabled = 0 ;
2012-02-01 10:33:14 +08:00
core_param ( nomodule , modules_disabled , bint , 0 ) ;
2009-04-14 17:27:18 +10:00
2008-01-29 17:13:18 -05:00
/* Waiting for a module to finish initializing? */
static DECLARE_WAIT_QUEUE_HEAD ( module_wq ) ;
[PATCH] Notifier chain update: API changes
The kernel's implementation of notifier chains is unsafe. There is no
protection against entries being added to or removed from a chain while the
chain is in use. The issues were discussed in this thread:
http://marc.theaimsgroup.com/?l=linux-kernel&m=113018709002036&w=2
We noticed that notifier chains in the kernel fall into two basic usage
classes:
"Blocking" chains are always called from a process context
and the callout routines are allowed to sleep;
"Atomic" chains can be called from an atomic context and
the callout routines are not allowed to sleep.
We decided to codify this distinction and make it part of the API. Therefore
this set of patches introduces three new, parallel APIs: one for blocking
notifiers, one for atomic notifiers, and one for "raw" notifiers (which is
really just the old API under a new name). New kinds of data structures are
used for the heads of the chains, and new routines are defined for
registration, unregistration, and calling a chain. The three APIs are
explained in include/linux/notifier.h and their implementation is in
kernel/sys.c.
With atomic and blocking chains, the implementation guarantees that the chain
links will not be corrupted and that chain callers will not get messed up by
entries being added or removed. For raw chains the implementation provides no
guarantees at all; users of this API must provide their own protections. (The
idea was that situations may come up where the assumptions of the atomic and
blocking APIs are not appropriate, so it should be possible for users to
handle these things in their own way.)
There are some limitations, which should not be too hard to live with. For
atomic/blocking chains, registration and unregistration must always be done in
a process context since the chain is protected by a mutex/rwsem. Also, a
callout routine for a non-raw chain must not try to register or unregister
entries on its own chain. (This did happen in a couple of places and the code
had to be changed to avoid it.)
Since atomic chains may be called from within an NMI handler, they cannot use
spinlocks for synchronization. Instead we use RCU. The overhead falls almost
entirely in the unregister routine, which is okay since unregistration is much
less frequent that calling a chain.
Here is the list of chains that we adjusted and their classifications. None
of them use the raw API, so for the moment it is only a placeholder.
ATOMIC CHAINS
-------------
arch/i386/kernel/traps.c: i386die_chain
arch/ia64/kernel/traps.c: ia64die_chain
arch/powerpc/kernel/traps.c: powerpc_die_chain
arch/sparc64/kernel/traps.c: sparc64die_chain
arch/x86_64/kernel/traps.c: die_chain
drivers/char/ipmi/ipmi_si_intf.c: xaction_notifier_list
kernel/panic.c: panic_notifier_list
kernel/profile.c: task_free_notifier
net/bluetooth/hci_core.c: hci_notifier
net/ipv4/netfilter/ip_conntrack_core.c: ip_conntrack_chain
net/ipv4/netfilter/ip_conntrack_core.c: ip_conntrack_expect_chain
net/ipv6/addrconf.c: inet6addr_chain
net/netfilter/nf_conntrack_core.c: nf_conntrack_chain
net/netfilter/nf_conntrack_core.c: nf_conntrack_expect_chain
net/netlink/af_netlink.c: netlink_chain
BLOCKING CHAINS
---------------
arch/powerpc/platforms/pseries/reconfig.c: pSeries_reconfig_chain
arch/s390/kernel/process.c: idle_chain
arch/x86_64/kernel/process.c idle_notifier
drivers/base/memory.c: memory_chain
drivers/cpufreq/cpufreq.c cpufreq_policy_notifier_list
drivers/cpufreq/cpufreq.c cpufreq_transition_notifier_list
drivers/macintosh/adb.c: adb_client_list
drivers/macintosh/via-pmu.c sleep_notifier_list
drivers/macintosh/via-pmu68k.c sleep_notifier_list
drivers/macintosh/windfarm_core.c wf_client_list
drivers/usb/core/notify.c usb_notifier_list
drivers/video/fbmem.c fb_notifier_list
kernel/cpu.c cpu_chain
kernel/module.c module_notify_list
kernel/profile.c munmap_notifier
kernel/profile.c task_exit_notifier
kernel/sys.c reboot_notifier_list
net/core/dev.c netdev_chain
net/decnet/dn_dev.c: dnaddr_chain
net/ipv4/devinet.c: inetaddr_chain
It's possible that some of these classifications are wrong. If they are,
please let us know or submit a patch to fix them. Note that any chain that
gets called very frequently should be atomic, because the rwsem read-locking
used for blocking chains is very likely to incur cache misses on SMP systems.
(However, if the chain's callout routines may sleep then the chain cannot be
atomic.)
The patch set was written by Alan Stern and Chandra Seetharaman, incorporating
material written by Keith Owens and suggestions from Paul McKenney and Andrew
Morton.
[jes@sgi.com: restructure the notifier chain initialization macros]
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Chandra Seetharaman <sekharan@us.ibm.com>
Signed-off-by: Jes Sorensen <jes@sgi.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-27 01:16:30 -08:00
static BLOCKING_NOTIFIER_HEAD ( module_notify_list ) ;
2005-04-16 15:20:36 -07:00
2010-06-05 11:17:36 -06:00
/* Bounds of module allocation, for speeding __module_address.
* Protected by module_mutex . */
2008-07-22 19:24:28 -05:00
static unsigned long module_addr_min = - 1UL , module_addr_max = 0 ;
2005-04-16 15:20:36 -07:00
int register_module_notifier ( struct notifier_block * nb )
{
[PATCH] Notifier chain update: API changes
The kernel's implementation of notifier chains is unsafe. There is no
protection against entries being added to or removed from a chain while the
chain is in use. The issues were discussed in this thread:
http://marc.theaimsgroup.com/?l=linux-kernel&m=113018709002036&w=2
We noticed that notifier chains in the kernel fall into two basic usage
classes:
"Blocking" chains are always called from a process context
and the callout routines are allowed to sleep;
"Atomic" chains can be called from an atomic context and
the callout routines are not allowed to sleep.
We decided to codify this distinction and make it part of the API. Therefore
this set of patches introduces three new, parallel APIs: one for blocking
notifiers, one for atomic notifiers, and one for "raw" notifiers (which is
really just the old API under a new name). New kinds of data structures are
used for the heads of the chains, and new routines are defined for
registration, unregistration, and calling a chain. The three APIs are
explained in include/linux/notifier.h and their implementation is in
kernel/sys.c.
With atomic and blocking chains, the implementation guarantees that the chain
links will not be corrupted and that chain callers will not get messed up by
entries being added or removed. For raw chains the implementation provides no
guarantees at all; users of this API must provide their own protections. (The
idea was that situations may come up where the assumptions of the atomic and
blocking APIs are not appropriate, so it should be possible for users to
handle these things in their own way.)
There are some limitations, which should not be too hard to live with. For
atomic/blocking chains, registration and unregistration must always be done in
a process context since the chain is protected by a mutex/rwsem. Also, a
callout routine for a non-raw chain must not try to register or unregister
entries on its own chain. (This did happen in a couple of places and the code
had to be changed to avoid it.)
Since atomic chains may be called from within an NMI handler, they cannot use
spinlocks for synchronization. Instead we use RCU. The overhead falls almost
entirely in the unregister routine, which is okay since unregistration is much
less frequent that calling a chain.
Here is the list of chains that we adjusted and their classifications. None
of them use the raw API, so for the moment it is only a placeholder.
ATOMIC CHAINS
-------------
arch/i386/kernel/traps.c: i386die_chain
arch/ia64/kernel/traps.c: ia64die_chain
arch/powerpc/kernel/traps.c: powerpc_die_chain
arch/sparc64/kernel/traps.c: sparc64die_chain
arch/x86_64/kernel/traps.c: die_chain
drivers/char/ipmi/ipmi_si_intf.c: xaction_notifier_list
kernel/panic.c: panic_notifier_list
kernel/profile.c: task_free_notifier
net/bluetooth/hci_core.c: hci_notifier
net/ipv4/netfilter/ip_conntrack_core.c: ip_conntrack_chain
net/ipv4/netfilter/ip_conntrack_core.c: ip_conntrack_expect_chain
net/ipv6/addrconf.c: inet6addr_chain
net/netfilter/nf_conntrack_core.c: nf_conntrack_chain
net/netfilter/nf_conntrack_core.c: nf_conntrack_expect_chain
net/netlink/af_netlink.c: netlink_chain
BLOCKING CHAINS
---------------
arch/powerpc/platforms/pseries/reconfig.c: pSeries_reconfig_chain
arch/s390/kernel/process.c: idle_chain
arch/x86_64/kernel/process.c idle_notifier
drivers/base/memory.c: memory_chain
drivers/cpufreq/cpufreq.c cpufreq_policy_notifier_list
drivers/cpufreq/cpufreq.c cpufreq_transition_notifier_list
drivers/macintosh/adb.c: adb_client_list
drivers/macintosh/via-pmu.c sleep_notifier_list
drivers/macintosh/via-pmu68k.c sleep_notifier_list
drivers/macintosh/windfarm_core.c wf_client_list
drivers/usb/core/notify.c usb_notifier_list
drivers/video/fbmem.c fb_notifier_list
kernel/cpu.c cpu_chain
kernel/module.c module_notify_list
kernel/profile.c munmap_notifier
kernel/profile.c task_exit_notifier
kernel/sys.c reboot_notifier_list
net/core/dev.c netdev_chain
net/decnet/dn_dev.c: dnaddr_chain
net/ipv4/devinet.c: inetaddr_chain
It's possible that some of these classifications are wrong. If they are,
please let us know or submit a patch to fix them. Note that any chain that
gets called very frequently should be atomic, because the rwsem read-locking
used for blocking chains is very likely to incur cache misses on SMP systems.
(However, if the chain's callout routines may sleep then the chain cannot be
atomic.)
The patch set was written by Alan Stern and Chandra Seetharaman, incorporating
material written by Keith Owens and suggestions from Paul McKenney and Andrew
Morton.
[jes@sgi.com: restructure the notifier chain initialization macros]
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Chandra Seetharaman <sekharan@us.ibm.com>
Signed-off-by: Jes Sorensen <jes@sgi.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-27 01:16:30 -08:00
return blocking_notifier_chain_register ( & module_notify_list , nb ) ;
2005-04-16 15:20:36 -07:00
}
EXPORT_SYMBOL ( register_module_notifier ) ;
int unregister_module_notifier ( struct notifier_block * nb )
{
[PATCH] Notifier chain update: API changes
The kernel's implementation of notifier chains is unsafe. There is no
protection against entries being added to or removed from a chain while the
chain is in use. The issues were discussed in this thread:
http://marc.theaimsgroup.com/?l=linux-kernel&m=113018709002036&w=2
We noticed that notifier chains in the kernel fall into two basic usage
classes:
"Blocking" chains are always called from a process context
and the callout routines are allowed to sleep;
"Atomic" chains can be called from an atomic context and
the callout routines are not allowed to sleep.
We decided to codify this distinction and make it part of the API. Therefore
this set of patches introduces three new, parallel APIs: one for blocking
notifiers, one for atomic notifiers, and one for "raw" notifiers (which is
really just the old API under a new name). New kinds of data structures are
used for the heads of the chains, and new routines are defined for
registration, unregistration, and calling a chain. The three APIs are
explained in include/linux/notifier.h and their implementation is in
kernel/sys.c.
With atomic and blocking chains, the implementation guarantees that the chain
links will not be corrupted and that chain callers will not get messed up by
entries being added or removed. For raw chains the implementation provides no
guarantees at all; users of this API must provide their own protections. (The
idea was that situations may come up where the assumptions of the atomic and
blocking APIs are not appropriate, so it should be possible for users to
handle these things in their own way.)
There are some limitations, which should not be too hard to live with. For
atomic/blocking chains, registration and unregistration must always be done in
a process context since the chain is protected by a mutex/rwsem. Also, a
callout routine for a non-raw chain must not try to register or unregister
entries on its own chain. (This did happen in a couple of places and the code
had to be changed to avoid it.)
Since atomic chains may be called from within an NMI handler, they cannot use
spinlocks for synchronization. Instead we use RCU. The overhead falls almost
entirely in the unregister routine, which is okay since unregistration is much
less frequent that calling a chain.
Here is the list of chains that we adjusted and their classifications. None
of them use the raw API, so for the moment it is only a placeholder.
ATOMIC CHAINS
-------------
arch/i386/kernel/traps.c: i386die_chain
arch/ia64/kernel/traps.c: ia64die_chain
arch/powerpc/kernel/traps.c: powerpc_die_chain
arch/sparc64/kernel/traps.c: sparc64die_chain
arch/x86_64/kernel/traps.c: die_chain
drivers/char/ipmi/ipmi_si_intf.c: xaction_notifier_list
kernel/panic.c: panic_notifier_list
kernel/profile.c: task_free_notifier
net/bluetooth/hci_core.c: hci_notifier
net/ipv4/netfilter/ip_conntrack_core.c: ip_conntrack_chain
net/ipv4/netfilter/ip_conntrack_core.c: ip_conntrack_expect_chain
net/ipv6/addrconf.c: inet6addr_chain
net/netfilter/nf_conntrack_core.c: nf_conntrack_chain
net/netfilter/nf_conntrack_core.c: nf_conntrack_expect_chain
net/netlink/af_netlink.c: netlink_chain
BLOCKING CHAINS
---------------
arch/powerpc/platforms/pseries/reconfig.c: pSeries_reconfig_chain
arch/s390/kernel/process.c: idle_chain
arch/x86_64/kernel/process.c idle_notifier
drivers/base/memory.c: memory_chain
drivers/cpufreq/cpufreq.c cpufreq_policy_notifier_list
drivers/cpufreq/cpufreq.c cpufreq_transition_notifier_list
drivers/macintosh/adb.c: adb_client_list
drivers/macintosh/via-pmu.c sleep_notifier_list
drivers/macintosh/via-pmu68k.c sleep_notifier_list
drivers/macintosh/windfarm_core.c wf_client_list
drivers/usb/core/notify.c usb_notifier_list
drivers/video/fbmem.c fb_notifier_list
kernel/cpu.c cpu_chain
kernel/module.c module_notify_list
kernel/profile.c munmap_notifier
kernel/profile.c task_exit_notifier
kernel/sys.c reboot_notifier_list
net/core/dev.c netdev_chain
net/decnet/dn_dev.c: dnaddr_chain
net/ipv4/devinet.c: inetaddr_chain
It's possible that some of these classifications are wrong. If they are,
please let us know or submit a patch to fix them. Note that any chain that
gets called very frequently should be atomic, because the rwsem read-locking
used for blocking chains is very likely to incur cache misses on SMP systems.
(However, if the chain's callout routines may sleep then the chain cannot be
atomic.)
The patch set was written by Alan Stern and Chandra Seetharaman, incorporating
material written by Keith Owens and suggestions from Paul McKenney and Andrew
Morton.
[jes@sgi.com: restructure the notifier chain initialization macros]
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Chandra Seetharaman <sekharan@us.ibm.com>
Signed-off-by: Jes Sorensen <jes@sgi.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-27 01:16:30 -08:00
return blocking_notifier_chain_unregister ( & module_notify_list , nb ) ;
2005-04-16 15:20:36 -07:00
}
EXPORT_SYMBOL ( unregister_module_notifier ) ;
2010-08-05 12:59:07 -06:00
struct load_info {
Elf_Ehdr * hdr ;
unsigned long len ;
Elf_Shdr * sechdrs ;
2010-08-05 12:59:10 -06:00
char * secstrings , * strtab ;
2010-08-05 12:59:08 -06:00
unsigned long symoffs , stroffs ;
2010-08-05 12:59:12 -06:00
struct _ddebug * debug ;
unsigned int num_debug ;
2012-09-26 10:09:40 +01:00
bool sig_ok ;
2010-08-05 12:59:07 -06:00
struct {
unsigned int sym , str , mod , vers , info , pcpu ;
} index ;
} ;
2007-11-08 08:37:38 -08:00
/* We require a truly strong try_module_get(): 0 means failure due to
ongoing or failed initialization etc . */
2005-04-16 15:20:36 -07:00
static inline int strong_try_module_get ( struct module * mod )
{
2013-01-12 11:38:44 +10:30
BUG_ON ( mod & & mod - > state = = MODULE_STATE_UNFORMED ) ;
2005-04-16 15:20:36 -07:00
if ( mod & & mod - > state = = MODULE_STATE_COMING )
2008-01-29 17:13:18 -05:00
return - EBUSY ;
if ( try_module_get ( mod ) )
2005-04-16 15:20:36 -07:00
return 0 ;
2008-01-29 17:13:18 -05:00
else
return - ENOENT ;
2005-04-16 15:20:36 -07:00
}
2013-01-21 17:17:39 +10:30
static inline void add_taint_module ( struct module * mod , unsigned flag ,
enum lockdep_ok lockdep_ok )
2006-10-11 01:21:48 -07:00
{
2013-01-21 17:17:39 +10:30
add_taint ( flag , lockdep_ok ) ;
2008-10-15 22:01:41 -07:00
mod - > taints | = ( 1U < < flag ) ;
2006-10-11 01:21:48 -07:00
}
2007-05-09 07:26:28 +02:00
/*
* A thread that wants to hold a reference to a module only while it
* is running can call this to safely exit . nfsd and lockd use this .
2005-04-16 15:20:36 -07:00
*/
void __module_put_and_exit ( struct module * mod , long code )
{
module_put ( mod ) ;
do_exit ( code ) ;
}
EXPORT_SYMBOL ( __module_put_and_exit ) ;
2007-10-18 03:06:07 -07:00
2005-04-16 15:20:36 -07:00
/* Find a module section: 0 means not found. */
2010-08-05 12:59:10 -06:00
static unsigned int find_sec ( const struct load_info * info , const char * name )
2005-04-16 15:20:36 -07:00
{
unsigned int i ;
2010-08-05 12:59:10 -06:00
for ( i = 1 ; i < info - > hdr - > e_shnum ; i + + ) {
Elf_Shdr * shdr = & info - > sechdrs [ i ] ;
2005-04-16 15:20:36 -07:00
/* Alloc bit cleared means "ignore it." */
2010-08-05 12:59:10 -06:00
if ( ( shdr - > sh_flags & SHF_ALLOC )
& & strcmp ( info - > secstrings + shdr - > sh_name , name ) = = 0 )
2005-04-16 15:20:36 -07:00
return i ;
2010-08-05 12:59:10 -06:00
}
2005-04-16 15:20:36 -07:00
return 0 ;
}
2008-10-22 10:00:13 -05:00
/* Find a module section, or NULL. */
2010-08-05 12:59:10 -06:00
static void * section_addr ( const struct load_info * info , const char * name )
2008-10-22 10:00:13 -05:00
{
/* Section 0 has sh_addr 0. */
2010-08-05 12:59:10 -06:00
return ( void * ) info - > sechdrs [ find_sec ( info , name ) ] . sh_addr ;
2008-10-22 10:00:13 -05:00
}
/* Find a module section, or NULL. Fill in number of "objects" in section. */
2010-08-05 12:59:10 -06:00
static void * section_objs ( const struct load_info * info ,
2008-10-22 10:00:13 -05:00
const char * name ,
size_t object_size ,
unsigned int * num )
{
2010-08-05 12:59:10 -06:00
unsigned int sec = find_sec ( info , name ) ;
2008-10-22 10:00:13 -05:00
/* Section 0 has sh_addr 0 and sh_size 0. */
2010-08-05 12:59:10 -06:00
* num = info - > sechdrs [ sec ] . sh_size / object_size ;
return ( void * ) info - > sechdrs [ sec ] . sh_addr ;
2008-10-22 10:00:13 -05:00
}
2005-04-16 15:20:36 -07:00
/* Provided by the linker */
extern const struct kernel_symbol __start___ksymtab [ ] ;
extern const struct kernel_symbol __stop___ksymtab [ ] ;
extern const struct kernel_symbol __start___ksymtab_gpl [ ] ;
extern const struct kernel_symbol __stop___ksymtab_gpl [ ] ;
2006-03-20 13:17:13 -08:00
extern const struct kernel_symbol __start___ksymtab_gpl_future [ ] ;
extern const struct kernel_symbol __stop___ksymtab_gpl_future [ ] ;
2005-04-16 15:20:36 -07:00
extern const unsigned long __start___kcrctab [ ] ;
extern const unsigned long __start___kcrctab_gpl [ ] ;
2006-03-20 13:17:13 -08:00
extern const unsigned long __start___kcrctab_gpl_future [ ] ;
2008-07-22 19:24:26 -05:00
# ifdef CONFIG_UNUSED_SYMBOLS
extern const struct kernel_symbol __start___ksymtab_unused [ ] ;
extern const struct kernel_symbol __stop___ksymtab_unused [ ] ;
extern const struct kernel_symbol __start___ksymtab_unused_gpl [ ] ;
extern const struct kernel_symbol __stop___ksymtab_unused_gpl [ ] ;
2006-06-28 04:26:45 -07:00
extern const unsigned long __start___kcrctab_unused [ ] ;
extern const unsigned long __start___kcrctab_unused_gpl [ ] ;
2008-07-22 19:24:26 -05:00
# endif
2005-04-16 15:20:36 -07:00
# ifndef CONFIG_MODVERSIONS
# define symversion(base, idx) NULL
# else
2006-03-28 01:56:20 -08:00
# define symversion(base, idx) ((base != NULL) ? ((base) + (idx)) : NULL)
2005-04-16 15:20:36 -07:00
# endif
2008-07-22 19:24:25 -05:00
static bool each_symbol_in_section ( const struct symsearch * arr ,
unsigned int arrsize ,
struct module * owner ,
bool ( * fn ) ( const struct symsearch * syms ,
struct module * owner ,
2011-04-19 21:49:58 +02:00
void * data ) ,
2008-07-22 19:24:25 -05:00
void * data )
2008-05-01 21:14:59 -05:00
{
2011-04-19 21:49:58 +02:00
unsigned int j ;
2008-05-01 21:14:59 -05:00
2008-07-22 19:24:25 -05:00
for ( j = 0 ; j < arrsize ; j + + ) {
2011-04-19 21:49:58 +02:00
if ( fn ( & arr [ j ] , owner , data ) )
return true ;
2006-06-28 04:26:45 -07:00
}
2008-07-22 19:24:25 -05:00
return false ;
2008-05-01 21:14:59 -05:00
}
2008-07-22 19:24:25 -05:00
/* Returns true as soon as fn returns true, otherwise false. */
2011-04-19 21:49:58 +02:00
bool each_symbol_section ( bool ( * fn ) ( const struct symsearch * arr ,
struct module * owner ,
void * data ) ,
void * data )
2008-05-01 21:14:59 -05:00
{
struct module * mod ;
module: reduce stack usage for each_symbol()
And now that I'm looking at that call-chain (to see if it would make sense
to use some other more specific lock - doesn't look like it: all the
readers are using RCU and this is the only writer), I also give you this
trivial one-liner. It changes each_symbol() to not put that constant array
on the stack, resulting in changing
movq $C.388.31095, %rsi #, tmp85
subq $376, %rsp #,
movq %rdi, %rbx # fn, fn
leaq -208(%rbp), %rdi #, tmp84
movq %rbx, %rdx # fn,
rep movsl
xorl %esi, %esi #
leaq -208(%rbp), %rdi #, tmp87
movq %r12, %rcx # data,
call each_symbol_in_section.clone.0 #
into
xorl %esi, %esi #
subq $216, %rsp #,
movq %rdi, %rbx # fn, fn
movq $arr.31078, %rdi #,
call each_symbol_in_section.clone.0 #
which is not so much about being obviously shorter and simpler because we
don't unnecessarily copy that constant array around onto the stack, but
also about having a much smaller stack footprint (376 vs 216 bytes - see
the update of 'rsp').
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2010-08-05 12:59:05 -06:00
static const struct symsearch arr [ ] = {
2008-05-01 21:14:59 -05:00
{ __start___ksymtab , __stop___ksymtab , __start___kcrctab ,
2008-07-22 19:24:25 -05:00
NOT_GPL_ONLY , false } ,
2008-05-01 21:14:59 -05:00
{ __start___ksymtab_gpl , __stop___ksymtab_gpl ,
2008-07-22 19:24:25 -05:00
__start___kcrctab_gpl ,
GPL_ONLY , false } ,
2008-05-01 21:14:59 -05:00
{ __start___ksymtab_gpl_future , __stop___ksymtab_gpl_future ,
2008-07-22 19:24:25 -05:00
__start___kcrctab_gpl_future ,
WILL_BE_GPL_ONLY , false } ,
2008-07-22 19:24:26 -05:00
# ifdef CONFIG_UNUSED_SYMBOLS
2008-05-01 21:14:59 -05:00
{ __start___ksymtab_unused , __stop___ksymtab_unused ,
2008-07-22 19:24:25 -05:00
__start___kcrctab_unused ,
NOT_GPL_ONLY , true } ,
2008-05-01 21:14:59 -05:00
{ __start___ksymtab_unused_gpl , __stop___ksymtab_unused_gpl ,
2008-07-22 19:24:25 -05:00
__start___kcrctab_unused_gpl ,
GPL_ONLY , true } ,
2008-07-22 19:24:26 -05:00
# endif
2008-05-01 21:14:59 -05:00
} ;
2006-06-28 04:26:45 -07:00
2008-07-22 19:24:25 -05:00
if ( each_symbol_in_section ( arr , ARRAY_SIZE ( arr ) , NULL , fn , data ) )
return true ;
2006-06-28 04:26:45 -07:00
2008-08-30 10:09:00 +02:00
list_for_each_entry_rcu ( mod , & modules , list ) {
2008-05-01 21:14:59 -05:00
struct symsearch arr [ ] = {
{ mod - > syms , mod - > syms + mod - > num_syms , mod - > crcs ,
2008-07-22 19:24:25 -05:00
NOT_GPL_ONLY , false } ,
2008-05-01 21:14:59 -05:00
{ mod - > gpl_syms , mod - > gpl_syms + mod - > num_gpl_syms ,
2008-07-22 19:24:25 -05:00
mod - > gpl_crcs ,
GPL_ONLY , false } ,
2008-05-01 21:14:59 -05:00
{ mod - > gpl_future_syms ,
mod - > gpl_future_syms + mod - > num_gpl_future_syms ,
2008-07-22 19:24:25 -05:00
mod - > gpl_future_crcs ,
WILL_BE_GPL_ONLY , false } ,
2008-07-22 19:24:26 -05:00
# ifdef CONFIG_UNUSED_SYMBOLS
2008-05-01 21:14:59 -05:00
{ mod - > unused_syms ,
mod - > unused_syms + mod - > num_unused_syms ,
2008-07-22 19:24:25 -05:00
mod - > unused_crcs ,
NOT_GPL_ONLY , true } ,
2008-05-01 21:14:59 -05:00
{ mod - > unused_gpl_syms ,
mod - > unused_gpl_syms + mod - > num_unused_gpl_syms ,
2008-07-22 19:24:25 -05:00
mod - > unused_gpl_crcs ,
GPL_ONLY , true } ,
2008-07-22 19:24:26 -05:00
# endif
2008-05-01 21:14:59 -05:00
} ;
2013-01-12 11:38:44 +10:30
if ( mod - > state = = MODULE_STATE_UNFORMED )
continue ;
2008-07-22 19:24:25 -05:00
if ( each_symbol_in_section ( arr , ARRAY_SIZE ( arr ) , mod , fn , data ) )
return true ;
}
return false ;
}
2011-04-19 21:49:58 +02:00
EXPORT_SYMBOL_GPL ( each_symbol_section ) ;
2008-07-22 19:24:25 -05:00
struct find_symbol_arg {
/* Input */
const char * name ;
bool gplok ;
bool warn ;
/* Output */
struct module * owner ;
const unsigned long * crc ;
2008-12-05 19:03:56 -05:00
const struct kernel_symbol * sym ;
2008-07-22 19:24:25 -05:00
} ;
2011-04-19 21:49:58 +02:00
static bool check_symbol ( const struct symsearch * syms ,
struct module * owner ,
unsigned int symnum , void * data )
2008-07-22 19:24:25 -05:00
{
struct find_symbol_arg * fsa = data ;
if ( ! fsa - > gplok ) {
if ( syms - > licence = = GPL_ONLY )
return false ;
if ( syms - > licence = = WILL_BE_GPL_ONLY & & fsa - > warn ) {
2013-11-12 15:11:28 -08:00
pr_warn ( " Symbol %s is being used by a non-GPL module, "
" which will not be allowed in the future \n " ,
fsa - > name ) ;
2006-03-20 13:17:13 -08:00
}
2005-04-16 15:20:36 -07:00
}
2008-05-01 21:14:59 -05:00
2008-07-22 19:24:26 -05:00
# ifdef CONFIG_UNUSED_SYMBOLS
2008-07-22 19:24:25 -05:00
if ( syms - > unused & & fsa - > warn ) {
2013-11-12 15:11:28 -08:00
pr_warn ( " Symbol %s is marked as UNUSED, however this module is "
" using it. \n " , fsa - > name ) ;
pr_warn ( " This symbol will go away in the future. \n " ) ;
pr_warn ( " Please evalute if this is the right api to use and if "
" it really is, submit a report the linux kernel "
" mailinglist together with submitting your code for "
" inclusion. \n " ) ;
2008-07-22 19:24:25 -05:00
}
2008-07-22 19:24:26 -05:00
# endif
2008-07-22 19:24:25 -05:00
fsa - > owner = owner ;
fsa - > crc = symversion ( syms - > crcs , symnum ) ;
2008-12-05 19:03:56 -05:00
fsa - > sym = & syms - > start [ symnum ] ;
2008-07-22 19:24:25 -05:00
return true ;
}
2011-04-20 11:10:52 +02:00
static int cmp_name ( const void * va , const void * vb )
{
const char * a ;
const struct kernel_symbol * b ;
a = va ; b = vb ;
return strcmp ( a , b - > name ) ;
}
2011-04-19 21:49:58 +02:00
static bool find_symbol_in_section ( const struct symsearch * syms ,
struct module * owner ,
void * data )
{
struct find_symbol_arg * fsa = data ;
2011-04-20 11:10:52 +02:00
struct kernel_symbol * sym ;
sym = bsearch ( fsa - > name , syms - > start , syms - > stop - syms - > start ,
sizeof ( struct kernel_symbol ) , cmp_name ) ;
if ( sym ! = NULL & & check_symbol ( syms , owner , sym - syms - > start , data ) )
return true ;
2011-04-19 21:49:58 +02:00
return false ;
}
2008-12-05 19:03:56 -05:00
/* Find a symbol and return it, along with, (optional) crc and
2010-06-05 11:17:36 -06:00
* ( optional ) module which owns it . Needs preempt disabled or module_mutex . */
2008-12-05 19:03:59 -05:00
const struct kernel_symbol * find_symbol ( const char * name ,
struct module * * owner ,
const unsigned long * * crc ,
bool gplok ,
bool warn )
2008-07-22 19:24:25 -05:00
{
struct find_symbol_arg fsa ;
fsa . name = name ;
fsa . gplok = gplok ;
fsa . warn = warn ;
2011-04-19 21:49:58 +02:00
if ( each_symbol_section ( find_symbol_in_section , & fsa ) ) {
2008-07-22 19:24:25 -05:00
if ( owner )
* owner = fsa . owner ;
if ( crc )
* crc = fsa . crc ;
2008-12-05 19:03:56 -05:00
return fsa . sym ;
2008-07-22 19:24:25 -05:00
}
2011-12-06 12:11:31 -07:00
pr_debug ( " Failed to find symbol %s \n " , name ) ;
2008-12-05 19:03:56 -05:00
return NULL ;
2005-04-16 15:20:36 -07:00
}
2008-12-05 19:03:59 -05:00
EXPORT_SYMBOL_GPL ( find_symbol ) ;
2005-04-16 15:20:36 -07:00
/* Search for module by name: must hold module_mutex. */
2013-07-02 15:35:11 +09:30
static struct module * find_module_all ( const char * name , size_t len ,
2013-01-12 11:38:44 +10:30
bool even_unformed )
2005-04-16 15:20:36 -07:00
{
struct module * mod ;
list_for_each_entry ( mod , & modules , list ) {
2013-01-12 11:38:44 +10:30
if ( ! even_unformed & & mod - > state = = MODULE_STATE_UNFORMED )
continue ;
2013-07-02 15:35:11 +09:30
if ( strlen ( mod - > name ) = = len & & ! memcmp ( mod - > name , name , len ) )
2005-04-16 15:20:36 -07:00
return mod ;
}
return NULL ;
}
2013-01-12 11:38:44 +10:30
struct module * find_module ( const char * name )
{
2013-07-02 15:35:11 +09:30
return find_module_all ( name , strlen ( name ) , false ) ;
2013-01-12 11:38:44 +10:30
}
2008-12-05 19:03:59 -05:00
EXPORT_SYMBOL_GPL ( find_module ) ;
2005-04-16 15:20:36 -07:00
# ifdef CONFIG_SMP
2009-02-20 16:29:08 +09:00
2010-03-10 18:56:10 +09:00
static inline void __percpu * mod_percpu ( struct module * mod )
2009-02-20 16:29:08 +09:00
{
2010-03-10 18:56:10 +09:00
return mod - > percpu ;
}
2009-02-20 16:29:08 +09:00
2013-07-03 10:06:29 +09:30
static int percpu_modalloc ( struct module * mod , struct load_info * info )
2010-03-10 18:56:10 +09:00
{
2013-07-03 10:06:29 +09:30
Elf_Shdr * pcpusec = & info - > sechdrs [ info - > index . pcpu ] ;
unsigned long align = pcpusec - > sh_addralign ;
if ( ! pcpusec - > sh_size )
return 0 ;
2009-02-20 16:29:08 +09:00
if ( align > PAGE_SIZE ) {
2013-11-12 15:11:28 -08:00
pr_warn ( " %s: per-cpu alignment %li > %li \n " ,
mod - > name , align , PAGE_SIZE ) ;
2009-02-20 16:29:08 +09:00
align = PAGE_SIZE ;
}
2013-07-03 10:06:29 +09:30
mod - > percpu = __alloc_reserved_percpu ( pcpusec - > sh_size , align ) ;
2010-03-10 18:56:10 +09:00
if ( ! mod - > percpu ) {
2013-11-12 15:11:28 -08:00
pr_warn ( " %s: Could not allocate %lu bytes percpu data \n " ,
mod - > name , ( unsigned long ) pcpusec - > sh_size ) ;
2010-03-10 18:56:10 +09:00
return - ENOMEM ;
}
2013-07-03 10:06:29 +09:30
mod - > percpu_size = pcpusec - > sh_size ;
2010-03-10 18:56:10 +09:00
return 0 ;
2009-02-20 16:29:08 +09:00
}
2010-03-10 18:56:10 +09:00
static void percpu_modfree ( struct module * mod )
2009-02-20 16:29:08 +09:00
{
2010-03-10 18:56:10 +09:00
free_percpu ( mod - > percpu ) ;
2009-02-20 16:29:08 +09:00
}
2010-08-05 12:59:10 -06:00
static unsigned int find_pcpusec ( struct load_info * info )
2009-02-20 16:29:07 +09:00
{
2010-08-05 12:59:10 -06:00
return find_sec ( info , " .data..percpu " ) ;
2009-02-20 16:29:07 +09:00
}
2010-03-10 18:56:10 +09:00
static void percpu_modcopy ( struct module * mod ,
const void * from , unsigned long size )
2009-02-20 16:29:07 +09:00
{
int cpu ;
for_each_possible_cpu ( cpu )
2010-03-10 18:56:10 +09:00
memcpy ( per_cpu_ptr ( mod - > percpu , cpu ) , from , size ) ;
2009-02-20 16:29:07 +09:00
}
2010-03-10 18:57:54 +09:00
/**
* is_module_percpu_address - test whether address is from module static percpu
* @ addr : address to test
*
* Test whether @ addr belongs to module static percpu area .
*
* RETURNS :
* % true if @ addr is from module static percpu area
*/
bool is_module_percpu_address ( unsigned long addr )
{
struct module * mod ;
unsigned int cpu ;
preempt_disable ( ) ;
list_for_each_entry_rcu ( mod , & modules , list ) {
2013-01-12 11:38:44 +10:30
if ( mod - > state = = MODULE_STATE_UNFORMED )
continue ;
2010-03-10 18:57:54 +09:00
if ( ! mod - > percpu_size )
continue ;
for_each_possible_cpu ( cpu ) {
void * start = per_cpu_ptr ( mod - > percpu , cpu ) ;
if ( ( void * ) addr > = start & &
( void * ) addr < start + mod - > percpu_size ) {
preempt_enable ( ) ;
return true ;
}
}
}
preempt_enable ( ) ;
return false ;
2009-02-20 16:29:07 +09:00
}
2005-04-16 15:20:36 -07:00
# else /* ... !CONFIG_SMP */
2009-02-20 16:29:07 +09:00
2010-03-10 18:56:10 +09:00
static inline void __percpu * mod_percpu ( struct module * mod )
2005-04-16 15:20:36 -07:00
{
return NULL ;
}
2013-07-03 10:06:29 +09:30
static int percpu_modalloc ( struct module * mod , struct load_info * info )
2010-03-10 18:56:10 +09:00
{
2013-07-03 10:06:29 +09:30
/* UP modules shouldn't have this section: ENOMEM isn't quite right */
if ( info - > sechdrs [ info - > index . pcpu ] . sh_size ! = 0 )
return - ENOMEM ;
return 0 ;
2010-03-10 18:56:10 +09:00
}
static inline void percpu_modfree ( struct module * mod )
2005-04-16 15:20:36 -07:00
{
}
2010-08-05 12:59:10 -06:00
static unsigned int find_pcpusec ( struct load_info * info )
2005-04-16 15:20:36 -07:00
{
return 0 ;
}
2010-03-10 18:56:10 +09:00
static inline void percpu_modcopy ( struct module * mod ,
const void * from , unsigned long size )
2005-04-16 15:20:36 -07:00
{
/* pcpusec should be 0, and size of that section should be 0. */
BUG_ON ( size ! = 0 ) ;
}
2010-03-10 18:57:54 +09:00
bool is_module_percpu_address ( unsigned long addr )
{
return false ;
}
2009-02-20 16:29:07 +09:00
2005-04-16 15:20:36 -07:00
# endif /* CONFIG_SMP */
[PATCH] modules: add version and srcversion to sysfs
This patch adds version and srcversion files to
/sys/module/${modulename} containing the version and srcversion fields
of the module's modinfo section (if present).
/sys/module/e1000
|-- srcversion
`-- version
This patch differs slightly from the version posted in January, as it
now uses the new kstrdup() call in -mm.
Why put this in sysfs?
a) Tools like DKMS, which deal with changing out individual kernel
modules without replacing the whole kernel, can behave smarter if they
can tell the version of a given module. The autoinstaller feature, for
example, which determines if your system has a "good" version of a
driver (i.e. if the one provided by DKMS has a newer verson than that
provided by the kernel package installed), and to automatically compile
and install a newer version if DKMS has it but your kernel doesn't yet
have that version.
b) Because sysadmins manually, or with tools like DKMS, can switch out
modules on the file system, you can't count on 'modinfo foo.ko', which
looks at /lib/modules/${kernelver}/... actually matching what is loaded
into the kernel already. Hence asking sysfs for this.
c) as the unbind-driver-from-device work takes shape, it will be
possible to rebind a driver that's built-in (no .ko to modinfo for the
version) to a newly loaded module. sysfs will have the
currently-built-in version info, for comparison.
d) tech support scripts can then easily grab the version info for what's
running presently - a question I get often.
There has been renewed interest in this patch on linux-scsi by driver
authors.
As the idea originated from GregKH, I leave his Signed-off-by: intact,
though the implementation is nearly completely new. Compiled and run on
x86 and x86_64.
From: Matthew Dobson <colpatch@us.ibm.com>
build fix
From: Thierry Vignaud <tvignaud@mandriva.com>
build fix
From: Matthew Dobson <colpatch@us.ibm.com>
warning fix
Signed-off-by: Greg Kroah-Hartman <greg@kroah.com>
Signed-off-by: Matt Domsch <Matt_Domsch@dell.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-23 22:05:15 -07:00
# define MODINFO_ATTR(field) \
static void setup_modinfo_ # # field ( struct module * mod , const char * s ) \
{ \
mod - > field = kstrdup ( s , GFP_KERNEL ) ; \
} \
static ssize_t show_modinfo_ # # field ( struct module_attribute * mattr , \
2011-07-24 22:06:04 +09:30
struct module_kobject * mk , char * buffer ) \
[PATCH] modules: add version and srcversion to sysfs
This patch adds version and srcversion files to
/sys/module/${modulename} containing the version and srcversion fields
of the module's modinfo section (if present).
/sys/module/e1000
|-- srcversion
`-- version
This patch differs slightly from the version posted in January, as it
now uses the new kstrdup() call in -mm.
Why put this in sysfs?
a) Tools like DKMS, which deal with changing out individual kernel
modules without replacing the whole kernel, can behave smarter if they
can tell the version of a given module. The autoinstaller feature, for
example, which determines if your system has a "good" version of a
driver (i.e. if the one provided by DKMS has a newer verson than that
provided by the kernel package installed), and to automatically compile
and install a newer version if DKMS has it but your kernel doesn't yet
have that version.
b) Because sysadmins manually, or with tools like DKMS, can switch out
modules on the file system, you can't count on 'modinfo foo.ko', which
looks at /lib/modules/${kernelver}/... actually matching what is loaded
into the kernel already. Hence asking sysfs for this.
c) as the unbind-driver-from-device work takes shape, it will be
possible to rebind a driver that's built-in (no .ko to modinfo for the
version) to a newly loaded module. sysfs will have the
currently-built-in version info, for comparison.
d) tech support scripts can then easily grab the version info for what's
running presently - a question I get often.
There has been renewed interest in this patch on linux-scsi by driver
authors.
As the idea originated from GregKH, I leave his Signed-off-by: intact,
though the implementation is nearly completely new. Compiled and run on
x86 and x86_64.
From: Matthew Dobson <colpatch@us.ibm.com>
build fix
From: Thierry Vignaud <tvignaud@mandriva.com>
build fix
From: Matthew Dobson <colpatch@us.ibm.com>
warning fix
Signed-off-by: Greg Kroah-Hartman <greg@kroah.com>
Signed-off-by: Matt Domsch <Matt_Domsch@dell.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-23 22:05:15 -07:00
{ \
2013-08-20 15:34:21 +09:30
return scnprintf ( buffer , PAGE_SIZE , " %s \n " , mk - > mod - > field ) ; \
[PATCH] modules: add version and srcversion to sysfs
This patch adds version and srcversion files to
/sys/module/${modulename} containing the version and srcversion fields
of the module's modinfo section (if present).
/sys/module/e1000
|-- srcversion
`-- version
This patch differs slightly from the version posted in January, as it
now uses the new kstrdup() call in -mm.
Why put this in sysfs?
a) Tools like DKMS, which deal with changing out individual kernel
modules without replacing the whole kernel, can behave smarter if they
can tell the version of a given module. The autoinstaller feature, for
example, which determines if your system has a "good" version of a
driver (i.e. if the one provided by DKMS has a newer verson than that
provided by the kernel package installed), and to automatically compile
and install a newer version if DKMS has it but your kernel doesn't yet
have that version.
b) Because sysadmins manually, or with tools like DKMS, can switch out
modules on the file system, you can't count on 'modinfo foo.ko', which
looks at /lib/modules/${kernelver}/... actually matching what is loaded
into the kernel already. Hence asking sysfs for this.
c) as the unbind-driver-from-device work takes shape, it will be
possible to rebind a driver that's built-in (no .ko to modinfo for the
version) to a newly loaded module. sysfs will have the
currently-built-in version info, for comparison.
d) tech support scripts can then easily grab the version info for what's
running presently - a question I get often.
There has been renewed interest in this patch on linux-scsi by driver
authors.
As the idea originated from GregKH, I leave his Signed-off-by: intact,
though the implementation is nearly completely new. Compiled and run on
x86 and x86_64.
From: Matthew Dobson <colpatch@us.ibm.com>
build fix
From: Thierry Vignaud <tvignaud@mandriva.com>
build fix
From: Matthew Dobson <colpatch@us.ibm.com>
warning fix
Signed-off-by: Greg Kroah-Hartman <greg@kroah.com>
Signed-off-by: Matt Domsch <Matt_Domsch@dell.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-23 22:05:15 -07:00
} \
static int modinfo_ # # field # # _exists ( struct module * mod ) \
{ \
return mod - > field ! = NULL ; \
} \
static void free_modinfo_ # # field ( struct module * mod ) \
{ \
2007-10-18 03:06:07 -07:00
kfree ( mod - > field ) ; \
mod - > field = NULL ; \
[PATCH] modules: add version and srcversion to sysfs
This patch adds version and srcversion files to
/sys/module/${modulename} containing the version and srcversion fields
of the module's modinfo section (if present).
/sys/module/e1000
|-- srcversion
`-- version
This patch differs slightly from the version posted in January, as it
now uses the new kstrdup() call in -mm.
Why put this in sysfs?
a) Tools like DKMS, which deal with changing out individual kernel
modules without replacing the whole kernel, can behave smarter if they
can tell the version of a given module. The autoinstaller feature, for
example, which determines if your system has a "good" version of a
driver (i.e. if the one provided by DKMS has a newer verson than that
provided by the kernel package installed), and to automatically compile
and install a newer version if DKMS has it but your kernel doesn't yet
have that version.
b) Because sysadmins manually, or with tools like DKMS, can switch out
modules on the file system, you can't count on 'modinfo foo.ko', which
looks at /lib/modules/${kernelver}/... actually matching what is loaded
into the kernel already. Hence asking sysfs for this.
c) as the unbind-driver-from-device work takes shape, it will be
possible to rebind a driver that's built-in (no .ko to modinfo for the
version) to a newly loaded module. sysfs will have the
currently-built-in version info, for comparison.
d) tech support scripts can then easily grab the version info for what's
running presently - a question I get often.
There has been renewed interest in this patch on linux-scsi by driver
authors.
As the idea originated from GregKH, I leave his Signed-off-by: intact,
though the implementation is nearly completely new. Compiled and run on
x86 and x86_64.
From: Matthew Dobson <colpatch@us.ibm.com>
build fix
From: Thierry Vignaud <tvignaud@mandriva.com>
build fix
From: Matthew Dobson <colpatch@us.ibm.com>
warning fix
Signed-off-by: Greg Kroah-Hartman <greg@kroah.com>
Signed-off-by: Matt Domsch <Matt_Domsch@dell.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-23 22:05:15 -07:00
} \
static struct module_attribute modinfo_ # # field = { \
2007-06-14 03:45:17 +09:00
. attr = { . name = __stringify ( field ) , . mode = 0444 } , \
[PATCH] modules: add version and srcversion to sysfs
This patch adds version and srcversion files to
/sys/module/${modulename} containing the version and srcversion fields
of the module's modinfo section (if present).
/sys/module/e1000
|-- srcversion
`-- version
This patch differs slightly from the version posted in January, as it
now uses the new kstrdup() call in -mm.
Why put this in sysfs?
a) Tools like DKMS, which deal with changing out individual kernel
modules without replacing the whole kernel, can behave smarter if they
can tell the version of a given module. The autoinstaller feature, for
example, which determines if your system has a "good" version of a
driver (i.e. if the one provided by DKMS has a newer verson than that
provided by the kernel package installed), and to automatically compile
and install a newer version if DKMS has it but your kernel doesn't yet
have that version.
b) Because sysadmins manually, or with tools like DKMS, can switch out
modules on the file system, you can't count on 'modinfo foo.ko', which
looks at /lib/modules/${kernelver}/... actually matching what is loaded
into the kernel already. Hence asking sysfs for this.
c) as the unbind-driver-from-device work takes shape, it will be
possible to rebind a driver that's built-in (no .ko to modinfo for the
version) to a newly loaded module. sysfs will have the
currently-built-in version info, for comparison.
d) tech support scripts can then easily grab the version info for what's
running presently - a question I get often.
There has been renewed interest in this patch on linux-scsi by driver
authors.
As the idea originated from GregKH, I leave his Signed-off-by: intact,
though the implementation is nearly completely new. Compiled and run on
x86 and x86_64.
From: Matthew Dobson <colpatch@us.ibm.com>
build fix
From: Thierry Vignaud <tvignaud@mandriva.com>
build fix
From: Matthew Dobson <colpatch@us.ibm.com>
warning fix
Signed-off-by: Greg Kroah-Hartman <greg@kroah.com>
Signed-off-by: Matt Domsch <Matt_Domsch@dell.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-23 22:05:15 -07:00
. show = show_modinfo_ # # field , \
. setup = setup_modinfo_ # # field , \
. test = modinfo_ # # field # # _exists , \
. free = free_modinfo_ # # field , \
} ;
MODINFO_ATTR ( version ) ;
MODINFO_ATTR ( srcversion ) ;
2008-01-25 21:08:33 +01:00
static char last_unloaded_module [ MODULE_NAME_LEN + 1 ] ;
2006-02-16 13:50:23 -08:00
# ifdef CONFIG_MODULE_UNLOAD
2010-03-29 14:25:18 -04:00
EXPORT_TRACEPOINT_SYMBOL ( module_get ) ;
2005-04-16 15:20:36 -07:00
/* Init the unload section of the module. */
2010-08-05 12:59:04 -06:00
static int module_unload_init ( struct module * mod )
2005-04-16 15:20:36 -07:00
{
2010-08-05 12:59:04 -06:00
mod - > refptr = alloc_percpu ( struct module_ref ) ;
if ( ! mod - > refptr )
return - ENOMEM ;
2010-05-31 12:19:37 -07:00
INIT_LIST_HEAD ( & mod - > source_list ) ;
INIT_LIST_HEAD ( & mod - > target_list ) ;
2010-01-05 15:34:50 +09:00
2005-04-16 15:20:36 -07:00
/* Hold reference count during initialization. */
2010-04-01 19:09:40 +11:00
__this_cpu_write ( mod - > refptr - > incs , 1 ) ;
2005-04-16 15:20:36 -07:00
/* Backwards compatibility macros put refcount during init. */
mod - > waiter = current ;
2010-08-05 12:59:04 -06:00
return 0 ;
2005-04-16 15:20:36 -07:00
}
/* Does a already use b? */
static int already_uses ( struct module * a , struct module * b )
{
struct module_use * use ;
2010-05-31 12:19:37 -07:00
list_for_each_entry ( use , & b - > source_list , source_list ) {
if ( use - > source = = a ) {
2011-12-06 12:11:31 -07:00
pr_debug ( " %s uses %s! \n " , a - > name , b - > name ) ;
2005-04-16 15:20:36 -07:00
return 1 ;
}
}
2011-12-06 12:11:31 -07:00
pr_debug ( " %s does not use %s! \n " , a - > name , b - > name ) ;
2005-04-16 15:20:36 -07:00
return 0 ;
}
2010-05-31 12:19:37 -07:00
/*
* Module a uses b
* - we add ' a ' as a " source " , ' b ' as a " target " of module use
* - the module_use is added to the list of ' b ' sources ( so
* ' b ' can walk the list to see who sourced them ) , and of ' a '
* targets ( so ' a ' can see what modules it targets ) .
*/
static int add_module_usage ( struct module * a , struct module * b )
{
struct module_use * use ;
2011-12-06 12:11:31 -07:00
pr_debug ( " Allocating new usage for %s. \n " , a - > name ) ;
2010-05-31 12:19:37 -07:00
use = kmalloc ( sizeof ( * use ) , GFP_ATOMIC ) ;
if ( ! use ) {
2013-11-12 15:11:28 -08:00
pr_warn ( " %s: out of memory loading \n " , a - > name ) ;
2010-05-31 12:19:37 -07:00
return - ENOMEM ;
}
use - > source = a ;
use - > target = b ;
list_add ( & use - > source_list , & b - > source_list ) ;
list_add ( & use - > target_list , & a - > target_list ) ;
return 0 ;
}
2010-06-05 11:17:36 -06:00
/* Module a uses b: caller needs module_mutex() */
2010-06-05 11:17:37 -06:00
int ref_module ( struct module * a , struct module * b )
2005-04-16 15:20:36 -07:00
{
2010-06-05 11:17:35 -06:00
int err ;
2007-01-18 13:26:15 +01:00
2010-06-05 11:17:37 -06:00
if ( b = = NULL | | already_uses ( a , b ) )
2010-05-25 16:48:30 -07:00
return 0 ;
2010-06-05 11:17:37 -06:00
/* If module isn't available, we fail. */
err = strong_try_module_get ( b ) ;
2008-01-29 17:13:18 -05:00
if ( err )
2010-06-05 11:17:37 -06:00
return err ;
2005-04-16 15:20:36 -07:00
2010-05-31 12:19:37 -07:00
err = add_module_usage ( a , b ) ;
if ( err ) {
2005-04-16 15:20:36 -07:00
module_put ( b ) ;
2010-06-05 11:17:37 -06:00
return err ;
2005-04-16 15:20:36 -07:00
}
2010-06-05 11:17:37 -06:00
return 0 ;
2005-04-16 15:20:36 -07:00
}
2010-06-05 11:17:37 -06:00
EXPORT_SYMBOL_GPL ( ref_module ) ;
2005-04-16 15:20:36 -07:00
/* Clear the unload stuff of the module. */
static void module_unload_free ( struct module * mod )
{
2010-05-31 12:19:37 -07:00
struct module_use * use , * tmp ;
2005-04-16 15:20:36 -07:00
2010-06-05 11:17:36 -06:00
mutex_lock ( & module_mutex ) ;
2010-05-31 12:19:37 -07:00
list_for_each_entry_safe ( use , tmp , & mod - > target_list , target_list ) {
struct module * i = use - > target ;
2011-12-06 12:11:31 -07:00
pr_debug ( " %s unusing %s \n " , mod - > name , i - > name ) ;
2010-05-31 12:19:37 -07:00
module_put ( i ) ;
list_del ( & use - > source_list ) ;
list_del ( & use - > target_list ) ;
kfree ( use ) ;
2005-04-16 15:20:36 -07:00
}
2010-06-05 11:17:36 -06:00
mutex_unlock ( & module_mutex ) ;
2010-08-05 12:59:04 -06:00
free_percpu ( mod - > refptr ) ;
2005-04-16 15:20:36 -07:00
}
# ifdef CONFIG_MODULE_FORCE_UNLOAD
2006-01-08 01:04:29 -08:00
static inline int try_force_unload ( unsigned int flags )
2005-04-16 15:20:36 -07:00
{
int ret = ( flags & O_TRUNC ) ;
if ( ret )
2013-01-21 17:17:39 +10:30
add_taint ( TAINT_FORCED_RMMOD , LOCKDEP_NOW_UNRELIABLE ) ;
2005-04-16 15:20:36 -07:00
return ret ;
}
# else
2006-01-08 01:04:29 -08:00
static inline int try_force_unload ( unsigned int flags )
2005-04-16 15:20:36 -07:00
{
return 0 ;
}
# endif /* CONFIG_MODULE_FORCE_UNLOAD */
struct stopref
{
struct module * mod ;
int flags ;
int * forced ;
} ;
/* Whole machine is stopped with interrupts off when this runs. */
static int __try_stop_module ( void * _sref )
{
struct stopref * sref = _sref ;
2008-07-22 19:24:25 -05:00
/* If it's not unused, quit unless we're forcing. */
if ( module_refcount ( sref - > mod ) ! = 0 ) {
2006-01-08 01:04:29 -08:00
if ( ! ( * sref - > forced = try_force_unload ( sref - > flags ) ) )
2005-04-16 15:20:36 -07:00
return - EWOULDBLOCK ;
}
/* Mark it as dying. */
sref - > mod - > state = MODULE_STATE_GOING ;
return 0 ;
}
static int try_stop_module ( struct module * mod , int flags , int * forced )
{
2008-07-22 19:24:25 -05:00
if ( flags & O_NONBLOCK ) {
struct stopref sref = { mod , flags , forced } ;
2005-04-16 15:20:36 -07:00
2008-07-28 12:16:30 -05:00
return stop_machine ( __try_stop_module , & sref , NULL ) ;
2008-07-22 19:24:25 -05:00
} else {
/* We don't need to stop the machine for this. */
mod - > state = MODULE_STATE_GOING ;
synchronize_sched ( ) ;
return 0 ;
}
2005-04-16 15:20:36 -07:00
}
2012-01-13 09:32:14 +10:30
unsigned long module_refcount ( struct module * mod )
2005-04-16 15:20:36 -07:00
{
2012-01-13 09:32:14 +10:30
unsigned long incs = 0 , decs = 0 ;
2009-02-03 13:31:36 +10:30
int cpu ;
2005-04-16 15:20:36 -07:00
2009-02-03 13:31:36 +10:30
for_each_possible_cpu ( cpu )
2010-04-01 19:09:40 +11:00
decs + = per_cpu_ptr ( mod - > refptr , cpu ) - > decs ;
/*
* ensure the incs are added up after the decs .
* module_put ensures incs are visible before decs with smp_wmb .
*
* This 2 - count scheme avoids the situation where the refcount
* for CPU0 is read , then CPU0 increments the module refcount ,
* then CPU1 drops that refcount , then the refcount for CPU1 is
* read . We would record a decrement but not its corresponding
* increment so we would see a low count ( disaster ) .
*
* Rare situation ? But module_refcount can be preempted , and we
* might be tallying up 4096 + CPUs . So it is not impossible .
*/
smp_rmb ( ) ;
for_each_possible_cpu ( cpu )
incs + = per_cpu_ptr ( mod - > refptr , cpu ) - > incs ;
return incs - decs ;
2005-04-16 15:20:36 -07:00
}
EXPORT_SYMBOL ( module_refcount ) ;
/* This exists whether we can unload or not */
static void free_module ( struct module * mod ) ;
static void wait_for_zero_refcount ( struct module * mod )
{
2008-02-26 10:47:18 -05:00
/* Since we might sleep for some time, release the mutex first */
2006-03-23 03:00:46 -08:00
mutex_unlock ( & module_mutex ) ;
2005-04-16 15:20:36 -07:00
for ( ; ; ) {
2011-12-06 12:11:31 -07:00
pr_debug ( " Looking at refcount... \n " ) ;
2005-04-16 15:20:36 -07:00
set_current_state ( TASK_UNINTERRUPTIBLE ) ;
if ( module_refcount ( mod ) = = 0 )
break ;
schedule ( ) ;
}
current - > state = TASK_RUNNING ;
2006-03-23 03:00:46 -08:00
mutex_lock ( & module_mutex ) ;
2005-04-16 15:20:36 -07:00
}
2009-01-14 14:14:10 +01:00
SYSCALL_DEFINE2 ( delete_module , const char __user * , name_user ,
unsigned int , flags )
2005-04-16 15:20:36 -07:00
{
struct module * mod ;
2007-02-23 14:54:57 -08:00
char name [ MODULE_NAME_LEN ] ;
2005-04-16 15:20:36 -07:00
int ret , forced = 0 ;
2009-04-02 15:49:29 -07:00
if ( ! capable ( CAP_SYS_MODULE ) | | modules_disabled )
2007-02-23 14:54:57 -08:00
return - EPERM ;
if ( strncpy_from_user ( name , name_user , MODULE_NAME_LEN - 1 ) < 0 )
return - EFAULT ;
name [ MODULE_NAME_LEN - 1 ] = ' \0 ' ;
2010-05-06 18:49:20 +02:00
if ( mutex_lock_interruptible ( & module_mutex ) ! = 0 )
return - EINTR ;
2005-04-16 15:20:36 -07:00
mod = find_module ( name ) ;
if ( ! mod ) {
ret = - ENOENT ;
goto out ;
}
2010-05-31 12:19:37 -07:00
if ( ! list_empty ( & mod - > source_list ) ) {
2005-04-16 15:20:36 -07:00
/* Other modules depend on us: get rid of them first. */
ret = - EWOULDBLOCK ;
goto out ;
}
/* Doing init or already dying? */
if ( mod - > state ! = MODULE_STATE_LIVE ) {
/* FIXME: if (force), slam module count and wake up
waiter - - RR */
2011-12-06 12:11:31 -07:00
pr_debug ( " %s already dying \n " , mod - > name ) ;
2005-04-16 15:20:36 -07:00
ret = - EBUSY ;
goto out ;
}
/* If it has an init func, it must have an exit func to unload */
2007-10-16 23:26:27 -07:00
if ( mod - > init & & ! mod - > exit ) {
2006-01-08 01:04:29 -08:00
forced = try_force_unload ( flags ) ;
2005-04-16 15:20:36 -07:00
if ( ! forced ) {
/* This module can't be removed */
ret = - EBUSY ;
goto out ;
}
}
/* Set this up before setting mod->state */
mod - > waiter = current ;
/* Stop the machine so refcounts can't move and disable module. */
ret = try_stop_module ( mod , flags , & forced ) ;
if ( ret ! = 0 )
goto out ;
/* Never wait if forced. */
if ( ! forced & & module_refcount ( mod ) ! = 0 )
wait_for_zero_refcount ( mod ) ;
2008-04-21 14:34:31 +02:00
mutex_unlock ( & module_mutex ) ;
2011-03-30 22:57:33 -03:00
/* Final destruction now no one is using it. */
2008-04-21 14:34:31 +02:00
if ( mod - > exit ! = NULL )
2005-04-16 15:20:36 -07:00
mod - > exit ( ) ;
2008-04-21 14:34:31 +02:00
blocking_notifier_call_chain ( & module_notify_list ,
MODULE_STATE_GOING , mod ) ;
2009-01-07 08:45:46 -08:00
async_synchronize_full ( ) ;
2010-06-05 11:17:36 -06:00
2008-01-25 21:08:33 +01:00
/* Store the name of the last unloaded module for diagnostic purposes */
2008-01-29 17:13:20 -05:00
strlcpy ( last_unloaded_module , mod - > name , sizeof ( last_unloaded_module ) ) ;
2005-04-16 15:20:36 -07:00
2010-06-05 11:17:36 -06:00
free_module ( mod ) ;
return 0 ;
out :
2006-03-23 03:00:46 -08:00
mutex_unlock ( & module_mutex ) ;
2005-04-16 15:20:36 -07:00
return ret ;
}
2008-12-08 14:26:29 +08:00
static inline void print_unload_info ( struct seq_file * m , struct module * mod )
2005-04-16 15:20:36 -07:00
{
struct module_use * use ;
int printed_something = 0 ;
2012-01-13 09:32:14 +10:30
seq_printf ( m , " %lu " , module_refcount ( mod ) ) ;
2005-04-16 15:20:36 -07:00
/* Always include a trailing , so userspace can differentiate
between this and the old multi - field proc format . */
2010-05-31 12:19:37 -07:00
list_for_each_entry ( use , & mod - > source_list , source_list ) {
2005-04-16 15:20:36 -07:00
printed_something = 1 ;
2010-05-31 12:19:37 -07:00
seq_printf ( m , " %s, " , use - > source - > name ) ;
2005-04-16 15:20:36 -07:00
}
if ( mod - > init ! = NULL & & mod - > exit = = NULL ) {
printed_something = 1 ;
seq_printf ( m , " [permanent], " ) ;
}
if ( ! printed_something )
seq_printf ( m , " - " ) ;
}
void __symbol_put ( const char * symbol )
{
struct module * owner ;
2007-07-15 23:41:46 -07:00
preempt_disable ( ) ;
2008-12-05 19:03:56 -05:00
if ( ! find_symbol ( symbol , & owner , NULL , true , false ) )
2005-04-16 15:20:36 -07:00
BUG ( ) ;
module_put ( owner ) ;
2007-07-15 23:41:46 -07:00
preempt_enable ( ) ;
2005-04-16 15:20:36 -07:00
}
EXPORT_SYMBOL ( __symbol_put ) ;
2009-08-26 22:02:54 +09:30
/* Note this assumes addr is a function, which it currently always is. */
2005-04-16 15:20:36 -07:00
void symbol_put_addr ( void * addr )
{
2006-05-15 09:44:06 -07:00
struct module * modaddr ;
2009-08-26 22:02:54 +09:30
unsigned long a = ( unsigned long ) dereference_function_descriptor ( addr ) ;
2005-04-16 15:20:36 -07:00
2009-08-26 22:02:54 +09:30
if ( core_kernel_text ( a ) )
2006-05-15 09:44:06 -07:00
return ;
2005-04-16 15:20:36 -07:00
2009-03-31 13:05:31 -06:00
/* module_text_address is safe here: we're supposed to have reference
* to module from symbol_get , so it can ' t go away . */
2009-08-26 22:02:54 +09:30
modaddr = __module_text_address ( a ) ;
2009-03-31 13:05:31 -06:00
BUG_ON ( ! modaddr ) ;
2006-05-15 09:44:06 -07:00
module_put ( modaddr ) ;
2005-04-16 15:20:36 -07:00
}
EXPORT_SYMBOL_GPL ( symbol_put_addr ) ;
static ssize_t show_refcnt ( struct module_attribute * mattr ,
2011-07-24 22:06:04 +09:30
struct module_kobject * mk , char * buffer )
2005-04-16 15:20:36 -07:00
{
2012-01-13 09:32:14 +10:30
return sprintf ( buffer , " %lu \n " , module_refcount ( mk - > mod ) ) ;
2005-04-16 15:20:36 -07:00
}
2012-01-13 09:32:15 +10:30
static struct module_attribute modinfo_refcnt =
__ATTR ( refcnt , 0444 , show_refcnt , NULL ) ;
2005-04-16 15:20:36 -07:00
2012-03-26 12:50:52 +10:30
void __module_get ( struct module * module )
{
if ( module ) {
preempt_disable ( ) ;
__this_cpu_inc ( module - > refptr - > incs ) ;
trace_module_get ( module , _RET_IP_ ) ;
preempt_enable ( ) ;
}
}
EXPORT_SYMBOL ( __module_get ) ;
bool try_module_get ( struct module * module )
{
bool ret = true ;
if ( module ) {
preempt_disable ( ) ;
if ( likely ( module_is_live ( module ) ) ) {
__this_cpu_inc ( module - > refptr - > incs ) ;
trace_module_get ( module , _RET_IP_ ) ;
} else
ret = false ;
preempt_enable ( ) ;
}
return ret ;
}
EXPORT_SYMBOL ( try_module_get ) ;
2006-10-18 01:47:25 -04:00
void module_put ( struct module * module )
{
if ( module ) {
2010-01-05 15:34:50 +09:00
preempt_disable ( ) ;
2010-04-01 19:09:40 +11:00
smp_wmb ( ) ; /* see comment in module_refcount */
__this_cpu_inc ( module - > refptr - > decs ) ;
2010-01-05 15:34:50 +09:00
2010-03-24 10:57:43 +08:00
trace_module_put ( module , _RET_IP_ ) ;
2006-10-18 01:47:25 -04:00
/* Maybe they're waiting for us to drop reference? */
if ( unlikely ( ! module_is_live ( module ) ) )
wake_up_process ( module - > waiter ) ;
2010-01-05 15:34:50 +09:00
preempt_enable ( ) ;
2006-10-18 01:47:25 -04:00
}
}
EXPORT_SYMBOL ( module_put ) ;
2005-04-16 15:20:36 -07:00
# else /* !CONFIG_MODULE_UNLOAD */
2008-12-08 14:26:29 +08:00
static inline void print_unload_info ( struct seq_file * m , struct module * mod )
2005-04-16 15:20:36 -07:00
{
/* We don't know the usage count, or what modules are using. */
seq_printf ( m , " - - " ) ;
}
static inline void module_unload_free ( struct module * mod )
{
}
2010-06-05 11:17:37 -06:00
int ref_module ( struct module * a , struct module * b )
2005-04-16 15:20:36 -07:00
{
2010-06-05 11:17:37 -06:00
return strong_try_module_get ( b ) ;
2005-04-16 15:20:36 -07:00
}
2010-06-05 11:17:37 -06:00
EXPORT_SYMBOL_GPL ( ref_module ) ;
2005-04-16 15:20:36 -07:00
2010-08-05 12:59:04 -06:00
static inline int module_unload_init ( struct module * mod )
2005-04-16 15:20:36 -07:00
{
2010-08-05 12:59:04 -06:00
return 0 ;
2005-04-16 15:20:36 -07:00
}
# endif /* CONFIG_MODULE_UNLOAD */
2012-01-15 19:32:55 -04:00
static size_t module_flags_taint ( struct module * mod , char * buf )
{
size_t l = 0 ;
if ( mod - > taints & ( 1 < < TAINT_PROPRIETARY_MODULE ) )
buf [ l + + ] = ' P ' ;
if ( mod - > taints & ( 1 < < TAINT_OOT_MODULE ) )
buf [ l + + ] = ' O ' ;
if ( mod - > taints & ( 1 < < TAINT_FORCED_MODULE ) )
buf [ l + + ] = ' F ' ;
if ( mod - > taints & ( 1 < < TAINT_CRAP ) )
buf [ l + + ] = ' C ' ;
/*
* TAINT_FORCED_RMMOD : could be added .
* TAINT_UNSAFE_SMP , TAINT_MACHINE_CHECK , TAINT_BAD_PAGE don ' t
* apply to modules .
*/
return l ;
}
2006-11-24 12:15:25 +01:00
static ssize_t show_initstate ( struct module_attribute * mattr ,
2011-07-24 22:06:04 +09:30
struct module_kobject * mk , char * buffer )
2006-11-24 12:15:25 +01:00
{
const char * state = " unknown " ;
2011-07-24 22:06:04 +09:30
switch ( mk - > mod - > state ) {
2006-11-24 12:15:25 +01:00
case MODULE_STATE_LIVE :
state = " live " ;
break ;
case MODULE_STATE_COMING :
state = " coming " ;
break ;
case MODULE_STATE_GOING :
state = " going " ;
break ;
2013-01-12 11:38:44 +10:30
default :
BUG ( ) ;
2006-11-24 12:15:25 +01:00
}
return sprintf ( buffer , " %s \n " , state ) ;
}
2012-01-13 09:32:15 +10:30
static struct module_attribute modinfo_initstate =
__ATTR ( initstate , 0444 , show_initstate , NULL ) ;
2006-11-24 12:15:25 +01:00
2011-07-24 22:06:04 +09:30
static ssize_t store_uevent ( struct module_attribute * mattr ,
struct module_kobject * mk ,
const char * buffer , size_t count )
{
enum kobject_action action ;
if ( kobject_action_type ( buffer , count , & action ) = = 0 )
kobject_uevent ( & mk - > kobj , action ) ;
return count ;
}
2012-01-13 09:32:15 +10:30
struct module_attribute module_uevent =
__ATTR ( uevent , 0200 , NULL , store_uevent ) ;
static ssize_t show_coresize ( struct module_attribute * mattr ,
struct module_kobject * mk , char * buffer )
{
return sprintf ( buffer , " %u \n " , mk - > mod - > core_size ) ;
}
static struct module_attribute modinfo_coresize =
__ATTR ( coresize , 0444 , show_coresize , NULL ) ;
static ssize_t show_initsize ( struct module_attribute * mattr ,
struct module_kobject * mk , char * buffer )
{
return sprintf ( buffer , " %u \n " , mk - > mod - > init_size ) ;
}
static struct module_attribute modinfo_initsize =
__ATTR ( initsize , 0444 , show_initsize , NULL ) ;
static ssize_t show_taint ( struct module_attribute * mattr ,
struct module_kobject * mk , char * buffer )
{
size_t l ;
l = module_flags_taint ( mk - > mod , buffer ) ;
buffer [ l + + ] = ' \n ' ;
return l ;
}
static struct module_attribute modinfo_taint =
__ATTR ( taint , 0444 , show_taint , NULL ) ;
2011-07-24 22:06:04 +09:30
2006-02-16 13:50:23 -08:00
static struct module_attribute * modinfo_attrs [ ] = {
2012-01-13 09:32:15 +10:30
& module_uevent ,
2006-02-16 13:50:23 -08:00
& modinfo_version ,
& modinfo_srcversion ,
2012-01-13 09:32:15 +10:30
& modinfo_initstate ,
& modinfo_coresize ,
& modinfo_initsize ,
& modinfo_taint ,
2006-02-16 13:50:23 -08:00
# ifdef CONFIG_MODULE_UNLOAD
2012-01-13 09:32:15 +10:30
& modinfo_refcnt ,
2006-02-16 13:50:23 -08:00
# endif
NULL ,
} ;
2005-04-16 15:20:36 -07:00
static const char vermagic [ ] = VERMAGIC_STRING ;
2009-03-31 13:05:33 -06:00
static int try_to_force_load ( struct module * mod , const char * reason )
2008-05-04 17:04:16 -07:00
{
# ifdef CONFIG_MODULE_FORCE_LOAD
2008-10-15 22:01:41 -07:00
if ( ! test_taint ( TAINT_FORCED_MODULE ) )
2013-11-12 15:11:28 -08:00
pr_warn ( " %s: %s: kernel tainted. \n " , mod - > name , reason ) ;
2013-01-21 17:17:39 +10:30
add_taint_module ( mod , TAINT_FORCED_MODULE , LOCKDEP_NOW_UNRELIABLE ) ;
2008-05-04 17:04:16 -07:00
return 0 ;
# else
return - ENOEXEC ;
# endif
}
2005-04-16 15:20:36 -07:00
# ifdef CONFIG_MODVERSIONS
2009-12-15 16:28:32 -06:00
/* If the arch applies (non-zero) relocations to kernel kcrctab, unapply it. */
static unsigned long maybe_relocated ( unsigned long crc ,
const struct module * crc_owner )
{
# ifdef ARCH_RELOCATES_KCRCTAB
if ( crc_owner = = NULL )
return crc - ( unsigned long ) reloc_start ;
# endif
return crc ;
}
2005-04-16 15:20:36 -07:00
static int check_version ( Elf_Shdr * sechdrs ,
unsigned int versindex ,
const char * symname ,
struct module * mod ,
2009-12-15 16:28:32 -06:00
const unsigned long * crc ,
const struct module * crc_owner )
2005-04-16 15:20:36 -07:00
{
unsigned int i , num_versions ;
struct modversion_info * versions ;
/* Exporting module didn't supply crcs? OK, we're already tainted. */
if ( ! crc )
return 1 ;
2008-05-09 16:24:21 +10:00
/* No versions at all? modprobe --force does this. */
if ( versindex = = 0 )
return try_to_force_load ( mod , symname ) = = 0 ;
2005-04-16 15:20:36 -07:00
versions = ( void * ) sechdrs [ versindex ] . sh_addr ;
num_versions = sechdrs [ versindex ] . sh_size
/ sizeof ( struct modversion_info ) ;
for ( i = 0 ; i < num_versions ; i + + ) {
if ( strcmp ( versions [ i ] . name , symname ) ! = 0 )
continue ;
2009-12-15 16:28:32 -06:00
if ( versions [ i ] . crc = = maybe_relocated ( * crc , crc_owner ) )
2005-04-16 15:20:36 -07:00
return 1 ;
2011-12-06 12:11:31 -07:00
pr_debug ( " Found checksum %lX vs module %lX \n " ,
2009-12-15 16:28:32 -06:00
maybe_relocated ( * crc , crc_owner ) , versions [ i ] . crc ) ;
2008-05-04 17:04:16 -07:00
goto bad_version ;
2005-04-16 15:20:36 -07:00
}
2008-05-04 17:04:16 -07:00
2013-11-12 15:11:28 -08:00
pr_warn ( " %s: no symbol version for %s \n " , mod - > name , symname ) ;
2008-05-09 16:24:21 +10:00
return 0 ;
2008-05-04 17:04:16 -07:00
bad_version :
printk ( " %s: disagrees about version of symbol %s \n " ,
mod - > name , symname ) ;
return 0 ;
2005-04-16 15:20:36 -07:00
}
static inline int check_modstruct_version ( Elf_Shdr * sechdrs ,
unsigned int versindex ,
struct module * mod )
{
const unsigned long * crc ;
2010-06-05 11:17:36 -06:00
/* Since this should be found in kernel (which can't be removed),
* no locking is necessary . */
2013-03-15 15:04:17 +10:30
if ( ! find_symbol ( VMLINUX_SYMBOL_STR ( module_layout ) , NULL ,
2009-07-23 23:42:08 +09:30
& crc , true , false ) )
2005-04-16 15:20:36 -07:00
BUG ( ) ;
2013-03-18 19:38:56 +10:30
return check_version ( sechdrs , versindex ,
VMLINUX_SYMBOL_STR ( module_layout ) , mod , crc ,
2009-12-15 16:28:32 -06:00
NULL ) ;
2005-04-16 15:20:36 -07:00
}
2008-05-09 16:25:28 +10:00
/* First part is kernel version, which we ignore if module has crcs. */
static inline int same_magic ( const char * amagic , const char * bmagic ,
bool has_crcs )
2005-04-16 15:20:36 -07:00
{
2008-05-09 16:25:28 +10:00
if ( has_crcs ) {
amagic + = strcspn ( amagic , " " ) ;
bmagic + = strcspn ( bmagic , " " ) ;
}
2005-04-16 15:20:36 -07:00
return strcmp ( amagic , bmagic ) = = 0 ;
}
# else
static inline int check_version ( Elf_Shdr * sechdrs ,
unsigned int versindex ,
const char * symname ,
struct module * mod ,
2009-12-15 16:28:32 -06:00
const unsigned long * crc ,
const struct module * crc_owner )
2005-04-16 15:20:36 -07:00
{
return 1 ;
}
static inline int check_modstruct_version ( Elf_Shdr * sechdrs ,
unsigned int versindex ,
struct module * mod )
{
return 1 ;
}
2008-05-09 16:25:28 +10:00
static inline int same_magic ( const char * amagic , const char * bmagic ,
bool has_crcs )
2005-04-16 15:20:36 -07:00
{
return strcmp ( amagic , bmagic ) = = 0 ;
}
# endif /* CONFIG_MODVERSIONS */
2010-06-05 11:17:36 -06:00
/* Resolve a symbol for this module. I.e. if we find one, record usage. */
2010-08-05 12:59:10 -06:00
static const struct kernel_symbol * resolve_symbol ( struct module * mod ,
const struct load_info * info ,
2008-12-05 19:03:56 -05:00
const char * name ,
2010-06-05 11:17:37 -06:00
char ownername [ ] )
2005-04-16 15:20:36 -07:00
{
struct module * owner ;
2008-12-05 19:03:56 -05:00
const struct kernel_symbol * sym ;
2005-04-16 15:20:36 -07:00
const unsigned long * crc ;
2010-06-05 11:17:37 -06:00
int err ;
2005-04-16 15:20:36 -07:00
2010-06-05 11:17:36 -06:00
mutex_lock ( & module_mutex ) ;
2008-12-05 19:03:56 -05:00
sym = find_symbol ( name , & owner , & crc ,
2008-10-15 22:01:41 -07:00
! ( mod - > taints & ( 1 < < TAINT_PROPRIETARY_MODULE ) ) , true ) ;
2010-06-05 11:17:37 -06:00
if ( ! sym )
goto unlock ;
2010-08-05 12:59:10 -06:00
if ( ! check_version ( info - > sechdrs , info - > index . vers , name , mod , crc ,
owner ) ) {
2010-06-05 11:17:37 -06:00
sym = ERR_PTR ( - EINVAL ) ;
goto getname ;
2005-04-16 15:20:36 -07:00
}
2010-06-05 11:17:37 -06:00
err = ref_module ( mod , owner ) ;
if ( err ) {
sym = ERR_PTR ( err ) ;
goto getname ;
}
getname :
/* We must make copy under the lock if we failed to get ref. */
strncpy ( ownername , module_name ( owner ) , MODULE_NAME_LEN ) ;
unlock :
2010-06-05 11:17:36 -06:00
mutex_unlock ( & module_mutex ) ;
2010-05-25 16:48:30 -07:00
return sym ;
2005-04-16 15:20:36 -07:00
}
2010-08-05 12:59:10 -06:00
static const struct kernel_symbol *
resolve_symbol_wait ( struct module * mod ,
const struct load_info * info ,
const char * name )
2010-06-05 11:17:37 -06:00
{
const struct kernel_symbol * ksym ;
2010-08-05 12:59:10 -06:00
char owner [ MODULE_NAME_LEN ] ;
2010-06-05 11:17:37 -06:00
if ( wait_event_interruptible_timeout ( module_wq ,
2010-08-05 12:59:10 -06:00
! IS_ERR ( ksym = resolve_symbol ( mod , info , name , owner ) )
| | PTR_ERR ( ksym ) ! = - EBUSY ,
2010-06-05 11:17:37 -06:00
30 * HZ ) < = 0 ) {
2013-11-12 15:11:28 -08:00
pr_warn ( " %s: gave up waiting for init of module %s. \n " ,
mod - > name , owner ) ;
2010-06-05 11:17:37 -06:00
}
return ksym ;
}
2005-04-16 15:20:36 -07:00
/*
* / sys / module / foo / sections stuff
* J . Corbet < corbet @ lwn . net >
*/
2010-08-05 12:59:09 -06:00
# ifdef CONFIG_SYSFS
2009-12-19 14:43:01 +00:00
2010-08-05 12:59:09 -06:00
# ifdef CONFIG_KALLSYMS
2009-12-19 14:43:01 +00:00
static inline bool sect_empty ( const Elf_Shdr * sect )
{
return ! ( sect - > sh_flags & SHF_ALLOC ) | | sect - > sh_size = = 0 ;
}
2008-03-13 09:03:44 +00:00
struct module_sect_attr
{
struct module_attribute mattr ;
char * name ;
unsigned long address ;
} ;
struct module_sect_attrs
{
struct attribute_group grp ;
unsigned int nsections ;
struct module_sect_attr attrs [ 0 ] ;
} ;
2005-04-16 15:20:36 -07:00
static ssize_t module_sect_show ( struct module_attribute * mattr ,
2011-07-24 22:06:04 +09:30
struct module_kobject * mk , char * buf )
2005-04-16 15:20:36 -07:00
{
struct module_sect_attr * sattr =
container_of ( mattr , struct module_sect_attr , mattr ) ;
2011-03-22 16:34:22 -07:00
return sprintf ( buf , " 0x%pK \n " , ( void * ) sattr - > address ) ;
2005-04-16 15:20:36 -07:00
}
2006-09-29 02:01:31 -07:00
static void free_sect_attrs ( struct module_sect_attrs * sect_attrs )
{
2008-03-13 09:03:44 +00:00
unsigned int section ;
2006-09-29 02:01:31 -07:00
for ( section = 0 ; section < sect_attrs - > nsections ; section + + )
kfree ( sect_attrs - > attrs [ section ] . name ) ;
kfree ( sect_attrs ) ;
}
2010-08-05 12:59:09 -06:00
static void add_sect_attrs ( struct module * mod , const struct load_info * info )
2005-04-16 15:20:36 -07:00
{
unsigned int nloaded = 0 , i , size [ 2 ] ;
struct module_sect_attrs * sect_attrs ;
struct module_sect_attr * sattr ;
struct attribute * * gattr ;
2007-10-18 03:06:07 -07:00
2005-04-16 15:20:36 -07:00
/* Count loaded sections and allocate structures */
2010-08-05 12:59:09 -06:00
for ( i = 0 ; i < info - > hdr - > e_shnum ; i + + )
if ( ! sect_empty ( & info - > sechdrs [ i ] ) )
2005-04-16 15:20:36 -07:00
nloaded + + ;
size [ 0 ] = ALIGN ( sizeof ( * sect_attrs )
+ nloaded * sizeof ( sect_attrs - > attrs [ 0 ] ) ,
sizeof ( sect_attrs - > grp . attrs [ 0 ] ) ) ;
size [ 1 ] = ( nloaded + 1 ) * sizeof ( sect_attrs - > grp . attrs [ 0 ] ) ;
2006-09-29 02:01:31 -07:00
sect_attrs = kzalloc ( size [ 0 ] + size [ 1 ] , GFP_KERNEL ) ;
if ( sect_attrs = = NULL )
2005-04-16 15:20:36 -07:00
return ;
/* Setup section attributes. */
sect_attrs - > grp . name = " sections " ;
sect_attrs - > grp . attrs = ( void * ) sect_attrs + size [ 0 ] ;
2006-09-29 02:01:31 -07:00
sect_attrs - > nsections = 0 ;
2005-04-16 15:20:36 -07:00
sattr = & sect_attrs - > attrs [ 0 ] ;
gattr = & sect_attrs - > grp . attrs [ 0 ] ;
2010-08-05 12:59:09 -06:00
for ( i = 0 ; i < info - > hdr - > e_shnum ; i + + ) {
Elf_Shdr * sec = & info - > sechdrs [ i ] ;
if ( sect_empty ( sec ) )
modules: don't export section names of empty sections via sysfs
On the parisc architecture we face for each and every loaded kernel module
this kernel "badness warning":
sysfs: cannot create duplicate filename '/module/ac97_bus/sections/.text'
Badness at fs/sysfs/dir.c:487
Reason for that is, that on parisc all kernel modules do have multiple
.text sections due to the usage of the -ffunction-sections compiler flag
which is needed to reach all jump targets on this platform.
An objdump on such a kernel module gives:
Sections:
Idx Name Size VMA LMA File off Algn
0 .note.gnu.build-id 00000024 00000000 00000000 00000034 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
1 .text 00000000 00000000 00000000 00000058 2**0
CONTENTS, ALLOC, LOAD, READONLY, CODE
2 .text.ac97_bus_match 0000001c 00000000 00000000 00000058 2**2
CONTENTS, ALLOC, LOAD, READONLY, CODE
3 .text 00000000 00000000 00000000 000000d4 2**0
CONTENTS, ALLOC, LOAD, READONLY, CODE
...
Since the .text sections are empty (size of 0 bytes) and won't be
loaded by the kernel module loader anyway, I don't see a reason
why such sections need to be listed under
/sys/module/<module_name>/sections/<section_name> either.
The attached patch does solve this issue by not exporting section
names which are empty.
This fixes bugzilla http://bugzilla.kernel.org/show_bug.cgi?id=14703
Signed-off-by: Helge Deller <deller@gmx.de>
CC: rusty@rustcorp.com.au
CC: akpm@linux-foundation.org
CC: James.Bottomley@HansenPartnership.com
CC: roland@redhat.com
CC: dave@hiauly1.hia.nrc.ca
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-12-03 00:29:15 +01:00
continue ;
2010-08-05 12:59:09 -06:00
sattr - > address = sec - > sh_addr ;
sattr - > name = kstrdup ( info - > secstrings + sec - > sh_name ,
2006-09-29 02:01:31 -07:00
GFP_KERNEL ) ;
if ( sattr - > name = = NULL )
goto out ;
sect_attrs - > nsections + + ;
2010-02-12 13:41:56 -08:00
sysfs_attr_init ( & sattr - > mattr . attr ) ;
2005-04-16 15:20:36 -07:00
sattr - > mattr . show = module_sect_show ;
sattr - > mattr . store = NULL ;
sattr - > mattr . attr . name = sattr - > name ;
sattr - > mattr . attr . mode = S_IRUGO ;
* ( gattr + + ) = & ( sattr + + ) - > mattr . attr ;
}
* gattr = NULL ;
if ( sysfs_create_group ( & mod - > mkobj . kobj , & sect_attrs - > grp ) )
goto out ;
mod - > sect_attrs = sect_attrs ;
return ;
out :
2006-09-29 02:01:31 -07:00
free_sect_attrs ( sect_attrs ) ;
2005-04-16 15:20:36 -07:00
}
static void remove_sect_attrs ( struct module * mod )
{
if ( mod - > sect_attrs ) {
sysfs_remove_group ( & mod - > mkobj . kobj ,
& mod - > sect_attrs - > grp ) ;
/* We are positive that no one is using any sect attrs
* at this point . Deallocate immediately . */
2006-09-29 02:01:31 -07:00
free_sect_attrs ( mod - > sect_attrs ) ;
2005-04-16 15:20:36 -07:00
mod - > sect_attrs = NULL ;
}
}
2007-10-16 23:26:40 -07:00
/*
* / sys / module / foo / notes / . section . name gives contents of SHT_NOTE sections .
*/
struct module_notes_attrs {
struct kobject * dir ;
unsigned int notes ;
struct bin_attribute attrs [ 0 ] ;
} ;
2010-05-12 18:28:57 -07:00
static ssize_t module_notes_read ( struct file * filp , struct kobject * kobj ,
2007-10-16 23:26:40 -07:00
struct bin_attribute * bin_attr ,
char * buf , loff_t pos , size_t count )
{
/*
* The caller checked the pos and count against our size .
*/
memcpy ( buf , bin_attr - > private + pos , count ) ;
return count ;
}
static void free_notes_attrs ( struct module_notes_attrs * notes_attrs ,
unsigned int i )
{
if ( notes_attrs - > dir ) {
while ( i - - > 0 )
sysfs_remove_bin_file ( notes_attrs - > dir ,
& notes_attrs - > attrs [ i ] ) ;
2008-09-23 23:51:11 +04:00
kobject_put ( notes_attrs - > dir ) ;
2007-10-16 23:26:40 -07:00
}
kfree ( notes_attrs ) ;
}
2010-08-05 12:59:09 -06:00
static void add_notes_attrs ( struct module * mod , const struct load_info * info )
2007-10-16 23:26:40 -07:00
{
unsigned int notes , loaded , i ;
struct module_notes_attrs * notes_attrs ;
struct bin_attribute * nattr ;
2009-08-28 10:44:56 +02:00
/* failed to create section attributes, so can't create notes */
if ( ! mod - > sect_attrs )
return ;
2007-10-16 23:26:40 -07:00
/* Count notes sections and allocate structures. */
notes = 0 ;
2010-08-05 12:59:09 -06:00
for ( i = 0 ; i < info - > hdr - > e_shnum ; i + + )
if ( ! sect_empty ( & info - > sechdrs [ i ] ) & &
( info - > sechdrs [ i ] . sh_type = = SHT_NOTE ) )
2007-10-16 23:26:40 -07:00
+ + notes ;
if ( notes = = 0 )
return ;
notes_attrs = kzalloc ( sizeof ( * notes_attrs )
+ notes * sizeof ( notes_attrs - > attrs [ 0 ] ) ,
GFP_KERNEL ) ;
if ( notes_attrs = = NULL )
return ;
notes_attrs - > notes = notes ;
nattr = & notes_attrs - > attrs [ 0 ] ;
2010-08-05 12:59:09 -06:00
for ( loaded = i = 0 ; i < info - > hdr - > e_shnum ; + + i ) {
if ( sect_empty ( & info - > sechdrs [ i ] ) )
2007-10-16 23:26:40 -07:00
continue ;
2010-08-05 12:59:09 -06:00
if ( info - > sechdrs [ i ] . sh_type = = SHT_NOTE ) {
2010-02-12 13:41:56 -08:00
sysfs_bin_attr_init ( nattr ) ;
2007-10-16 23:26:40 -07:00
nattr - > attr . name = mod - > sect_attrs - > attrs [ loaded ] . name ;
nattr - > attr . mode = S_IRUGO ;
2010-08-05 12:59:09 -06:00
nattr - > size = info - > sechdrs [ i ] . sh_size ;
nattr - > private = ( void * ) info - > sechdrs [ i ] . sh_addr ;
2007-10-16 23:26:40 -07:00
nattr - > read = module_notes_read ;
+ + nattr ;
}
+ + loaded ;
}
2007-11-05 22:24:43 -08:00
notes_attrs - > dir = kobject_create_and_add ( " notes " , & mod - > mkobj . kobj ) ;
2007-10-16 23:26:40 -07:00
if ( ! notes_attrs - > dir )
goto out ;
for ( i = 0 ; i < notes ; + + i )
if ( sysfs_create_bin_file ( notes_attrs - > dir ,
& notes_attrs - > attrs [ i ] ) )
goto out ;
mod - > notes_attrs = notes_attrs ;
return ;
out :
free_notes_attrs ( notes_attrs , i ) ;
}
static void remove_notes_attrs ( struct module * mod )
{
if ( mod - > notes_attrs )
free_notes_attrs ( mod - > notes_attrs , mod - > notes_attrs - > notes ) ;
}
2005-04-16 15:20:36 -07:00
# else
2006-09-29 02:01:31 -07:00
2010-08-05 12:59:09 -06:00
static inline void add_sect_attrs ( struct module * mod ,
const struct load_info * info )
2005-04-16 15:20:36 -07:00
{
}
static inline void remove_sect_attrs ( struct module * mod )
{
}
2007-10-16 23:26:40 -07:00
2010-08-05 12:59:09 -06:00
static inline void add_notes_attrs ( struct module * mod ,
const struct load_info * info )
2007-10-16 23:26:40 -07:00
{
}
static inline void remove_notes_attrs ( struct module * mod )
{
}
2010-08-05 12:59:09 -06:00
# endif /* CONFIG_KALLSYMS */
2005-04-16 15:20:36 -07:00
2010-06-05 11:17:36 -06:00
static void add_usage_links ( struct module * mod )
{
# ifdef CONFIG_MODULE_UNLOAD
struct module_use * use ;
int nowarn ;
2010-06-05 11:17:36 -06:00
mutex_lock ( & module_mutex ) ;
2010-06-05 11:17:36 -06:00
list_for_each_entry ( use , & mod - > target_list , target_list ) {
nowarn = sysfs_create_link ( use - > target - > holders_dir ,
& mod - > mkobj . kobj , mod - > name ) ;
}
2010-06-05 11:17:36 -06:00
mutex_unlock ( & module_mutex ) ;
2010-06-05 11:17:36 -06:00
# endif
}
static void del_usage_links ( struct module * mod )
{
# ifdef CONFIG_MODULE_UNLOAD
struct module_use * use ;
2010-06-05 11:17:36 -06:00
mutex_lock ( & module_mutex ) ;
2010-06-05 11:17:36 -06:00
list_for_each_entry ( use , & mod - > target_list , target_list )
sysfs_remove_link ( use - > target - > holders_dir , mod - > name ) ;
2010-06-05 11:17:36 -06:00
mutex_unlock ( & module_mutex ) ;
2010-06-05 11:17:36 -06:00
# endif
}
2010-06-05 11:17:36 -06:00
static int module_add_modinfo_attrs ( struct module * mod )
[PATCH] modules: add version and srcversion to sysfs
This patch adds version and srcversion files to
/sys/module/${modulename} containing the version and srcversion fields
of the module's modinfo section (if present).
/sys/module/e1000
|-- srcversion
`-- version
This patch differs slightly from the version posted in January, as it
now uses the new kstrdup() call in -mm.
Why put this in sysfs?
a) Tools like DKMS, which deal with changing out individual kernel
modules without replacing the whole kernel, can behave smarter if they
can tell the version of a given module. The autoinstaller feature, for
example, which determines if your system has a "good" version of a
driver (i.e. if the one provided by DKMS has a newer verson than that
provided by the kernel package installed), and to automatically compile
and install a newer version if DKMS has it but your kernel doesn't yet
have that version.
b) Because sysadmins manually, or with tools like DKMS, can switch out
modules on the file system, you can't count on 'modinfo foo.ko', which
looks at /lib/modules/${kernelver}/... actually matching what is loaded
into the kernel already. Hence asking sysfs for this.
c) as the unbind-driver-from-device work takes shape, it will be
possible to rebind a driver that's built-in (no .ko to modinfo for the
version) to a newly loaded module. sysfs will have the
currently-built-in version info, for comparison.
d) tech support scripts can then easily grab the version info for what's
running presently - a question I get often.
There has been renewed interest in this patch on linux-scsi by driver
authors.
As the idea originated from GregKH, I leave his Signed-off-by: intact,
though the implementation is nearly completely new. Compiled and run on
x86 and x86_64.
From: Matthew Dobson <colpatch@us.ibm.com>
build fix
From: Thierry Vignaud <tvignaud@mandriva.com>
build fix
From: Matthew Dobson <colpatch@us.ibm.com>
warning fix
Signed-off-by: Greg Kroah-Hartman <greg@kroah.com>
Signed-off-by: Matt Domsch <Matt_Domsch@dell.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-23 22:05:15 -07:00
{
struct module_attribute * attr ;
2006-02-16 13:50:23 -08:00
struct module_attribute * temp_attr ;
[PATCH] modules: add version and srcversion to sysfs
This patch adds version and srcversion files to
/sys/module/${modulename} containing the version and srcversion fields
of the module's modinfo section (if present).
/sys/module/e1000
|-- srcversion
`-- version
This patch differs slightly from the version posted in January, as it
now uses the new kstrdup() call in -mm.
Why put this in sysfs?
a) Tools like DKMS, which deal with changing out individual kernel
modules without replacing the whole kernel, can behave smarter if they
can tell the version of a given module. The autoinstaller feature, for
example, which determines if your system has a "good" version of a
driver (i.e. if the one provided by DKMS has a newer verson than that
provided by the kernel package installed), and to automatically compile
and install a newer version if DKMS has it but your kernel doesn't yet
have that version.
b) Because sysadmins manually, or with tools like DKMS, can switch out
modules on the file system, you can't count on 'modinfo foo.ko', which
looks at /lib/modules/${kernelver}/... actually matching what is loaded
into the kernel already. Hence asking sysfs for this.
c) as the unbind-driver-from-device work takes shape, it will be
possible to rebind a driver that's built-in (no .ko to modinfo for the
version) to a newly loaded module. sysfs will have the
currently-built-in version info, for comparison.
d) tech support scripts can then easily grab the version info for what's
running presently - a question I get often.
There has been renewed interest in this patch on linux-scsi by driver
authors.
As the idea originated from GregKH, I leave his Signed-off-by: intact,
though the implementation is nearly completely new. Compiled and run on
x86 and x86_64.
From: Matthew Dobson <colpatch@us.ibm.com>
build fix
From: Thierry Vignaud <tvignaud@mandriva.com>
build fix
From: Matthew Dobson <colpatch@us.ibm.com>
warning fix
Signed-off-by: Greg Kroah-Hartman <greg@kroah.com>
Signed-off-by: Matt Domsch <Matt_Domsch@dell.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-23 22:05:15 -07:00
int error = 0 ;
int i ;
2006-02-16 13:50:23 -08:00
mod - > modinfo_attrs = kzalloc ( ( sizeof ( struct module_attribute ) *
( ARRAY_SIZE ( modinfo_attrs ) + 1 ) ) ,
GFP_KERNEL ) ;
if ( ! mod - > modinfo_attrs )
return - ENOMEM ;
temp_attr = mod - > modinfo_attrs ;
[PATCH] modules: add version and srcversion to sysfs
This patch adds version and srcversion files to
/sys/module/${modulename} containing the version and srcversion fields
of the module's modinfo section (if present).
/sys/module/e1000
|-- srcversion
`-- version
This patch differs slightly from the version posted in January, as it
now uses the new kstrdup() call in -mm.
Why put this in sysfs?
a) Tools like DKMS, which deal with changing out individual kernel
modules without replacing the whole kernel, can behave smarter if they
can tell the version of a given module. The autoinstaller feature, for
example, which determines if your system has a "good" version of a
driver (i.e. if the one provided by DKMS has a newer verson than that
provided by the kernel package installed), and to automatically compile
and install a newer version if DKMS has it but your kernel doesn't yet
have that version.
b) Because sysadmins manually, or with tools like DKMS, can switch out
modules on the file system, you can't count on 'modinfo foo.ko', which
looks at /lib/modules/${kernelver}/... actually matching what is loaded
into the kernel already. Hence asking sysfs for this.
c) as the unbind-driver-from-device work takes shape, it will be
possible to rebind a driver that's built-in (no .ko to modinfo for the
version) to a newly loaded module. sysfs will have the
currently-built-in version info, for comparison.
d) tech support scripts can then easily grab the version info for what's
running presently - a question I get often.
There has been renewed interest in this patch on linux-scsi by driver
authors.
As the idea originated from GregKH, I leave his Signed-off-by: intact,
though the implementation is nearly completely new. Compiled and run on
x86 and x86_64.
From: Matthew Dobson <colpatch@us.ibm.com>
build fix
From: Thierry Vignaud <tvignaud@mandriva.com>
build fix
From: Matthew Dobson <colpatch@us.ibm.com>
warning fix
Signed-off-by: Greg Kroah-Hartman <greg@kroah.com>
Signed-off-by: Matt Domsch <Matt_Domsch@dell.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-23 22:05:15 -07:00
for ( i = 0 ; ( attr = modinfo_attrs [ i ] ) & & ! error ; i + + ) {
if ( ! attr - > test | |
2006-02-16 13:50:23 -08:00
( attr - > test & & attr - > test ( mod ) ) ) {
memcpy ( temp_attr , attr , sizeof ( * temp_attr ) ) ;
2010-02-12 13:41:56 -08:00
sysfs_attr_init ( & temp_attr - > attr ) ;
2006-02-16 13:50:23 -08:00
error = sysfs_create_file ( & mod - > mkobj . kobj , & temp_attr - > attr ) ;
+ + temp_attr ;
}
[PATCH] modules: add version and srcversion to sysfs
This patch adds version and srcversion files to
/sys/module/${modulename} containing the version and srcversion fields
of the module's modinfo section (if present).
/sys/module/e1000
|-- srcversion
`-- version
This patch differs slightly from the version posted in January, as it
now uses the new kstrdup() call in -mm.
Why put this in sysfs?
a) Tools like DKMS, which deal with changing out individual kernel
modules without replacing the whole kernel, can behave smarter if they
can tell the version of a given module. The autoinstaller feature, for
example, which determines if your system has a "good" version of a
driver (i.e. if the one provided by DKMS has a newer verson than that
provided by the kernel package installed), and to automatically compile
and install a newer version if DKMS has it but your kernel doesn't yet
have that version.
b) Because sysadmins manually, or with tools like DKMS, can switch out
modules on the file system, you can't count on 'modinfo foo.ko', which
looks at /lib/modules/${kernelver}/... actually matching what is loaded
into the kernel already. Hence asking sysfs for this.
c) as the unbind-driver-from-device work takes shape, it will be
possible to rebind a driver that's built-in (no .ko to modinfo for the
version) to a newly loaded module. sysfs will have the
currently-built-in version info, for comparison.
d) tech support scripts can then easily grab the version info for what's
running presently - a question I get often.
There has been renewed interest in this patch on linux-scsi by driver
authors.
As the idea originated from GregKH, I leave his Signed-off-by: intact,
though the implementation is nearly completely new. Compiled and run on
x86 and x86_64.
From: Matthew Dobson <colpatch@us.ibm.com>
build fix
From: Thierry Vignaud <tvignaud@mandriva.com>
build fix
From: Matthew Dobson <colpatch@us.ibm.com>
warning fix
Signed-off-by: Greg Kroah-Hartman <greg@kroah.com>
Signed-off-by: Matt Domsch <Matt_Domsch@dell.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-23 22:05:15 -07:00
}
return error ;
}
2010-06-05 11:17:36 -06:00
static void module_remove_modinfo_attrs ( struct module * mod )
[PATCH] modules: add version and srcversion to sysfs
This patch adds version and srcversion files to
/sys/module/${modulename} containing the version and srcversion fields
of the module's modinfo section (if present).
/sys/module/e1000
|-- srcversion
`-- version
This patch differs slightly from the version posted in January, as it
now uses the new kstrdup() call in -mm.
Why put this in sysfs?
a) Tools like DKMS, which deal with changing out individual kernel
modules without replacing the whole kernel, can behave smarter if they
can tell the version of a given module. The autoinstaller feature, for
example, which determines if your system has a "good" version of a
driver (i.e. if the one provided by DKMS has a newer verson than that
provided by the kernel package installed), and to automatically compile
and install a newer version if DKMS has it but your kernel doesn't yet
have that version.
b) Because sysadmins manually, or with tools like DKMS, can switch out
modules on the file system, you can't count on 'modinfo foo.ko', which
looks at /lib/modules/${kernelver}/... actually matching what is loaded
into the kernel already. Hence asking sysfs for this.
c) as the unbind-driver-from-device work takes shape, it will be
possible to rebind a driver that's built-in (no .ko to modinfo for the
version) to a newly loaded module. sysfs will have the
currently-built-in version info, for comparison.
d) tech support scripts can then easily grab the version info for what's
running presently - a question I get often.
There has been renewed interest in this patch on linux-scsi by driver
authors.
As the idea originated from GregKH, I leave his Signed-off-by: intact,
though the implementation is nearly completely new. Compiled and run on
x86 and x86_64.
From: Matthew Dobson <colpatch@us.ibm.com>
build fix
From: Thierry Vignaud <tvignaud@mandriva.com>
build fix
From: Matthew Dobson <colpatch@us.ibm.com>
warning fix
Signed-off-by: Greg Kroah-Hartman <greg@kroah.com>
Signed-off-by: Matt Domsch <Matt_Domsch@dell.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-23 22:05:15 -07:00
{
struct module_attribute * attr ;
int i ;
2006-02-16 13:50:23 -08:00
for ( i = 0 ; ( attr = & mod - > modinfo_attrs [ i ] ) ; i + + ) {
/* pick a field to test for end of list */
if ( ! attr - > attr . name )
break ;
[PATCH] modules: add version and srcversion to sysfs
This patch adds version and srcversion files to
/sys/module/${modulename} containing the version and srcversion fields
of the module's modinfo section (if present).
/sys/module/e1000
|-- srcversion
`-- version
This patch differs slightly from the version posted in January, as it
now uses the new kstrdup() call in -mm.
Why put this in sysfs?
a) Tools like DKMS, which deal with changing out individual kernel
modules without replacing the whole kernel, can behave smarter if they
can tell the version of a given module. The autoinstaller feature, for
example, which determines if your system has a "good" version of a
driver (i.e. if the one provided by DKMS has a newer verson than that
provided by the kernel package installed), and to automatically compile
and install a newer version if DKMS has it but your kernel doesn't yet
have that version.
b) Because sysadmins manually, or with tools like DKMS, can switch out
modules on the file system, you can't count on 'modinfo foo.ko', which
looks at /lib/modules/${kernelver}/... actually matching what is loaded
into the kernel already. Hence asking sysfs for this.
c) as the unbind-driver-from-device work takes shape, it will be
possible to rebind a driver that's built-in (no .ko to modinfo for the
version) to a newly loaded module. sysfs will have the
currently-built-in version info, for comparison.
d) tech support scripts can then easily grab the version info for what's
running presently - a question I get often.
There has been renewed interest in this patch on linux-scsi by driver
authors.
As the idea originated from GregKH, I leave his Signed-off-by: intact,
though the implementation is nearly completely new. Compiled and run on
x86 and x86_64.
From: Matthew Dobson <colpatch@us.ibm.com>
build fix
From: Thierry Vignaud <tvignaud@mandriva.com>
build fix
From: Matthew Dobson <colpatch@us.ibm.com>
warning fix
Signed-off-by: Greg Kroah-Hartman <greg@kroah.com>
Signed-off-by: Matt Domsch <Matt_Domsch@dell.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-23 22:05:15 -07:00
sysfs_remove_file ( & mod - > mkobj . kobj , & attr - > attr ) ;
2006-02-16 13:50:23 -08:00
if ( attr - > free )
attr - > free ( mod ) ;
[PATCH] modules: add version and srcversion to sysfs
This patch adds version and srcversion files to
/sys/module/${modulename} containing the version and srcversion fields
of the module's modinfo section (if present).
/sys/module/e1000
|-- srcversion
`-- version
This patch differs slightly from the version posted in January, as it
now uses the new kstrdup() call in -mm.
Why put this in sysfs?
a) Tools like DKMS, which deal with changing out individual kernel
modules without replacing the whole kernel, can behave smarter if they
can tell the version of a given module. The autoinstaller feature, for
example, which determines if your system has a "good" version of a
driver (i.e. if the one provided by DKMS has a newer verson than that
provided by the kernel package installed), and to automatically compile
and install a newer version if DKMS has it but your kernel doesn't yet
have that version.
b) Because sysadmins manually, or with tools like DKMS, can switch out
modules on the file system, you can't count on 'modinfo foo.ko', which
looks at /lib/modules/${kernelver}/... actually matching what is loaded
into the kernel already. Hence asking sysfs for this.
c) as the unbind-driver-from-device work takes shape, it will be
possible to rebind a driver that's built-in (no .ko to modinfo for the
version) to a newly loaded module. sysfs will have the
currently-built-in version info, for comparison.
d) tech support scripts can then easily grab the version info for what's
running presently - a question I get often.
There has been renewed interest in this patch on linux-scsi by driver
authors.
As the idea originated from GregKH, I leave his Signed-off-by: intact,
though the implementation is nearly completely new. Compiled and run on
x86 and x86_64.
From: Matthew Dobson <colpatch@us.ibm.com>
build fix
From: Thierry Vignaud <tvignaud@mandriva.com>
build fix
From: Matthew Dobson <colpatch@us.ibm.com>
warning fix
Signed-off-by: Greg Kroah-Hartman <greg@kroah.com>
Signed-off-by: Matt Domsch <Matt_Domsch@dell.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-23 22:05:15 -07:00
}
2006-02-16 13:50:23 -08:00
kfree ( mod - > modinfo_attrs ) ;
[PATCH] modules: add version and srcversion to sysfs
This patch adds version and srcversion files to
/sys/module/${modulename} containing the version and srcversion fields
of the module's modinfo section (if present).
/sys/module/e1000
|-- srcversion
`-- version
This patch differs slightly from the version posted in January, as it
now uses the new kstrdup() call in -mm.
Why put this in sysfs?
a) Tools like DKMS, which deal with changing out individual kernel
modules without replacing the whole kernel, can behave smarter if they
can tell the version of a given module. The autoinstaller feature, for
example, which determines if your system has a "good" version of a
driver (i.e. if the one provided by DKMS has a newer verson than that
provided by the kernel package installed), and to automatically compile
and install a newer version if DKMS has it but your kernel doesn't yet
have that version.
b) Because sysadmins manually, or with tools like DKMS, can switch out
modules on the file system, you can't count on 'modinfo foo.ko', which
looks at /lib/modules/${kernelver}/... actually matching what is loaded
into the kernel already. Hence asking sysfs for this.
c) as the unbind-driver-from-device work takes shape, it will be
possible to rebind a driver that's built-in (no .ko to modinfo for the
version) to a newly loaded module. sysfs will have the
currently-built-in version info, for comparison.
d) tech support scripts can then easily grab the version info for what's
running presently - a question I get often.
There has been renewed interest in this patch on linux-scsi by driver
authors.
As the idea originated from GregKH, I leave his Signed-off-by: intact,
though the implementation is nearly completely new. Compiled and run on
x86 and x86_64.
From: Matthew Dobson <colpatch@us.ibm.com>
build fix
From: Thierry Vignaud <tvignaud@mandriva.com>
build fix
From: Matthew Dobson <colpatch@us.ibm.com>
warning fix
Signed-off-by: Greg Kroah-Hartman <greg@kroah.com>
Signed-off-by: Matt Domsch <Matt_Domsch@dell.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-23 22:05:15 -07:00
}
2005-04-16 15:20:36 -07:00
2013-09-03 16:33:57 +09:30
static void mod_kobject_put ( struct module * mod )
{
DECLARE_COMPLETION_ONSTACK ( c ) ;
mod - > mkobj . kobj_completion = & c ;
kobject_put ( & mod - > mkobj . kobj ) ;
wait_for_completion ( & c ) ;
}
2010-06-05 11:17:36 -06:00
static int mod_sysfs_init ( struct module * mod )
2005-04-16 15:20:36 -07:00
{
int err ;
2008-01-27 15:38:40 -08:00
struct kobject * kobj ;
2005-04-16 15:20:36 -07:00
2007-04-13 13:15:19 -07:00
if ( ! module_sysfs_initialized ) {
2013-11-12 15:11:28 -08:00
pr_err ( " %s: module sysfs not initialized \n " , mod - > name ) ;
2006-09-25 16:25:36 -07:00
err = - EINVAL ;
goto out ;
}
2008-01-27 15:38:40 -08:00
kobj = kset_find_obj ( module_kset , mod - > name ) ;
if ( kobj ) {
2013-11-12 15:11:28 -08:00
pr_err ( " %s: module is already loaded \n " , mod - > name ) ;
2008-01-27 15:38:40 -08:00
kobject_put ( kobj ) ;
err = - EINVAL ;
goto out ;
}
2005-04-16 15:20:36 -07:00
mod - > mkobj . mod = mod ;
2006-11-24 12:15:25 +01:00
2007-12-17 23:05:35 -07:00
memset ( & mod - > mkobj . kobj , 0 , sizeof ( mod - > mkobj . kobj ) ) ;
mod - > mkobj . kobj . kset = module_kset ;
err = kobject_init_and_add ( & mod - > mkobj . kobj , & module_ktype , NULL ,
" %s " , mod - > name ) ;
if ( err )
2013-09-03 16:33:57 +09:30
mod_kobject_put ( mod ) ;
2007-01-18 13:26:15 +01:00
2007-11-29 23:46:11 +01:00
/* delay uevent until full sysfs population */
2007-01-18 13:26:15 +01:00
out :
return err ;
}
2010-06-05 11:17:36 -06:00
static int mod_sysfs_setup ( struct module * mod ,
2010-08-05 12:59:09 -06:00
const struct load_info * info ,
2007-01-18 13:26:15 +01:00
struct kernel_param * kparam ,
unsigned int num_params )
{
int err ;
2010-06-05 11:17:36 -06:00
err = mod_sysfs_init ( mod ) ;
if ( err )
goto out ;
2007-11-05 22:24:43 -08:00
mod - > holders_dir = kobject_create_and_add ( " holders " , & mod - > mkobj . kobj ) ;
2007-04-26 00:12:09 -07:00
if ( ! mod - > holders_dir ) {
err = - ENOMEM ;
2007-01-18 13:26:15 +01:00
goto out_unreg ;
2007-04-26 00:12:09 -07:00
}
2007-01-18 13:26:15 +01:00
2005-04-16 15:20:36 -07:00
err = module_param_sysfs_setup ( mod , kparam , num_params ) ;
if ( err )
2007-01-18 13:26:15 +01:00
goto out_unreg_holders ;
2005-04-16 15:20:36 -07:00
[PATCH] modules: add version and srcversion to sysfs
This patch adds version and srcversion files to
/sys/module/${modulename} containing the version and srcversion fields
of the module's modinfo section (if present).
/sys/module/e1000
|-- srcversion
`-- version
This patch differs slightly from the version posted in January, as it
now uses the new kstrdup() call in -mm.
Why put this in sysfs?
a) Tools like DKMS, which deal with changing out individual kernel
modules without replacing the whole kernel, can behave smarter if they
can tell the version of a given module. The autoinstaller feature, for
example, which determines if your system has a "good" version of a
driver (i.e. if the one provided by DKMS has a newer verson than that
provided by the kernel package installed), and to automatically compile
and install a newer version if DKMS has it but your kernel doesn't yet
have that version.
b) Because sysadmins manually, or with tools like DKMS, can switch out
modules on the file system, you can't count on 'modinfo foo.ko', which
looks at /lib/modules/${kernelver}/... actually matching what is loaded
into the kernel already. Hence asking sysfs for this.
c) as the unbind-driver-from-device work takes shape, it will be
possible to rebind a driver that's built-in (no .ko to modinfo for the
version) to a newly loaded module. sysfs will have the
currently-built-in version info, for comparison.
d) tech support scripts can then easily grab the version info for what's
running presently - a question I get often.
There has been renewed interest in this patch on linux-scsi by driver
authors.
As the idea originated from GregKH, I leave his Signed-off-by: intact,
though the implementation is nearly completely new. Compiled and run on
x86 and x86_64.
From: Matthew Dobson <colpatch@us.ibm.com>
build fix
From: Thierry Vignaud <tvignaud@mandriva.com>
build fix
From: Matthew Dobson <colpatch@us.ibm.com>
warning fix
Signed-off-by: Greg Kroah-Hartman <greg@kroah.com>
Signed-off-by: Matt Domsch <Matt_Domsch@dell.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-23 22:05:15 -07:00
err = module_add_modinfo_attrs ( mod ) ;
if ( err )
2006-11-24 12:15:25 +01:00
goto out_unreg_param ;
[PATCH] modules: add version and srcversion to sysfs
This patch adds version and srcversion files to
/sys/module/${modulename} containing the version and srcversion fields
of the module's modinfo section (if present).
/sys/module/e1000
|-- srcversion
`-- version
This patch differs slightly from the version posted in January, as it
now uses the new kstrdup() call in -mm.
Why put this in sysfs?
a) Tools like DKMS, which deal with changing out individual kernel
modules without replacing the whole kernel, can behave smarter if they
can tell the version of a given module. The autoinstaller feature, for
example, which determines if your system has a "good" version of a
driver (i.e. if the one provided by DKMS has a newer verson than that
provided by the kernel package installed), and to automatically compile
and install a newer version if DKMS has it but your kernel doesn't yet
have that version.
b) Because sysadmins manually, or with tools like DKMS, can switch out
modules on the file system, you can't count on 'modinfo foo.ko', which
looks at /lib/modules/${kernelver}/... actually matching what is loaded
into the kernel already. Hence asking sysfs for this.
c) as the unbind-driver-from-device work takes shape, it will be
possible to rebind a driver that's built-in (no .ko to modinfo for the
version) to a newly loaded module. sysfs will have the
currently-built-in version info, for comparison.
d) tech support scripts can then easily grab the version info for what's
running presently - a question I get often.
There has been renewed interest in this patch on linux-scsi by driver
authors.
As the idea originated from GregKH, I leave his Signed-off-by: intact,
though the implementation is nearly completely new. Compiled and run on
x86 and x86_64.
From: Matthew Dobson <colpatch@us.ibm.com>
build fix
From: Thierry Vignaud <tvignaud@mandriva.com>
build fix
From: Matthew Dobson <colpatch@us.ibm.com>
warning fix
Signed-off-by: Greg Kroah-Hartman <greg@kroah.com>
Signed-off-by: Matt Domsch <Matt_Domsch@dell.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-23 22:05:15 -07:00
2010-06-05 11:17:36 -06:00
add_usage_links ( mod ) ;
2010-08-05 12:59:09 -06:00
add_sect_attrs ( mod , info ) ;
add_notes_attrs ( mod , info ) ;
2010-06-05 11:17:36 -06:00
2006-11-24 12:15:25 +01:00
kobject_uevent ( & mod - > mkobj . kobj , KOBJ_ADD ) ;
2005-04-16 15:20:36 -07:00
return 0 ;
2006-11-24 12:15:25 +01:00
out_unreg_param :
module_param_sysfs_remove ( mod ) ;
2007-01-18 13:26:15 +01:00
out_unreg_holders :
2007-12-20 08:13:05 -08:00
kobject_put ( mod - > holders_dir ) ;
2007-01-18 13:26:15 +01:00
out_unreg :
2013-09-03 16:33:57 +09:30
mod_kobject_put ( mod ) ;
2010-06-05 11:17:36 -06:00
out :
2005-04-16 15:20:36 -07:00
return err ;
}
2008-05-20 13:59:48 +04:00
static void mod_sysfs_fini ( struct module * mod )
{
2010-08-05 12:59:09 -06:00
remove_notes_attrs ( mod ) ;
remove_sect_attrs ( mod ) ;
2013-09-03 16:33:57 +09:30
mod_kobject_put ( mod ) ;
2008-05-20 13:59:48 +04:00
}
2010-08-05 12:59:09 -06:00
# else /* !CONFIG_SYSFS */
2008-05-20 13:59:48 +04:00
2010-08-05 12:59:09 -06:00
static int mod_sysfs_setup ( struct module * mod ,
const struct load_info * info ,
2010-06-05 11:17:36 -06:00
struct kernel_param * kparam ,
unsigned int num_params )
{
return 0 ;
}
2008-05-20 13:59:48 +04:00
static void mod_sysfs_fini ( struct module * mod )
{
}
2010-08-05 12:59:09 -06:00
static void module_remove_modinfo_attrs ( struct module * mod )
{
}
2010-06-05 11:17:36 -06:00
static void del_usage_links ( struct module * mod )
{
}
2008-05-20 13:59:48 +04:00
# endif /* CONFIG_SYSFS */
2005-04-16 15:20:36 -07:00
2010-08-05 12:59:09 -06:00
static void mod_sysfs_teardown ( struct module * mod )
2005-04-16 15:20:36 -07:00
{
2010-06-05 11:17:36 -06:00
del_usage_links ( mod ) ;
[PATCH] modules: add version and srcversion to sysfs
This patch adds version and srcversion files to
/sys/module/${modulename} containing the version and srcversion fields
of the module's modinfo section (if present).
/sys/module/e1000
|-- srcversion
`-- version
This patch differs slightly from the version posted in January, as it
now uses the new kstrdup() call in -mm.
Why put this in sysfs?
a) Tools like DKMS, which deal with changing out individual kernel
modules without replacing the whole kernel, can behave smarter if they
can tell the version of a given module. The autoinstaller feature, for
example, which determines if your system has a "good" version of a
driver (i.e. if the one provided by DKMS has a newer verson than that
provided by the kernel package installed), and to automatically compile
and install a newer version if DKMS has it but your kernel doesn't yet
have that version.
b) Because sysadmins manually, or with tools like DKMS, can switch out
modules on the file system, you can't count on 'modinfo foo.ko', which
looks at /lib/modules/${kernelver}/... actually matching what is loaded
into the kernel already. Hence asking sysfs for this.
c) as the unbind-driver-from-device work takes shape, it will be
possible to rebind a driver that's built-in (no .ko to modinfo for the
version) to a newly loaded module. sysfs will have the
currently-built-in version info, for comparison.
d) tech support scripts can then easily grab the version info for what's
running presently - a question I get often.
There has been renewed interest in this patch on linux-scsi by driver
authors.
As the idea originated from GregKH, I leave his Signed-off-by: intact,
though the implementation is nearly completely new. Compiled and run on
x86 and x86_64.
From: Matthew Dobson <colpatch@us.ibm.com>
build fix
From: Thierry Vignaud <tvignaud@mandriva.com>
build fix
From: Matthew Dobson <colpatch@us.ibm.com>
warning fix
Signed-off-by: Greg Kroah-Hartman <greg@kroah.com>
Signed-off-by: Matt Domsch <Matt_Domsch@dell.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-23 22:05:15 -07:00
module_remove_modinfo_attrs ( mod ) ;
2005-04-16 15:20:36 -07:00
module_param_sysfs_remove ( mod ) ;
2007-12-20 08:13:05 -08:00
kobject_put ( mod - > mkobj . drivers_dir ) ;
kobject_put ( mod - > holders_dir ) ;
2008-05-20 13:59:48 +04:00
mod_sysfs_fini ( mod ) ;
2005-04-16 15:20:36 -07:00
}
/*
* unlink the module with the whole machine is stopped with interrupts off
* - this defends against kallsyms not taking locks
*/
static int __unlink_module ( void * _mod )
{
struct module * mod = _mod ;
list_del ( & mod - > list ) ;
2010-10-05 11:29:27 -07:00
module_bug_cleanup ( mod ) ;
2005-04-16 15:20:36 -07:00
return 0 ;
}
2010-11-16 22:35:16 +01:00
# ifdef CONFIG_DEBUG_SET_MODULE_RONX
/*
* LKM RO / NX protection : protect module ' s text / ro - data
* from modification and any data from execution .
*/
void set_page_attributes ( void * start , void * end , int ( * set ) ( unsigned long start , int num_pages ) )
{
unsigned long begin_pfn = PFN_DOWN ( ( unsigned long ) start ) ;
unsigned long end_pfn = PFN_DOWN ( ( unsigned long ) end ) ;
if ( end_pfn > begin_pfn )
set ( begin_pfn < < PAGE_SHIFT , end_pfn - begin_pfn ) ;
}
static void set_section_ro_nx ( void * base ,
unsigned long text_size ,
unsigned long ro_size ,
unsigned long total_size )
{
/* begin and end PFNs of the current subsection */
unsigned long begin_pfn ;
unsigned long end_pfn ;
/*
* Set RO for module text and RO - data :
* - Always protect first page .
* - Do not protect last partial page .
*/
if ( ro_size > 0 )
set_page_attributes ( base , base + ro_size , set_memory_ro ) ;
/*
* Set NX permissions for module data :
* - Do not protect first partial page .
* - Always protect last page .
*/
if ( total_size > text_size ) {
begin_pfn = PFN_UP ( ( unsigned long ) base + text_size ) ;
end_pfn = PFN_UP ( ( unsigned long ) base + total_size ) ;
if ( end_pfn > begin_pfn )
set_memory_nx ( begin_pfn < < PAGE_SHIFT , end_pfn - begin_pfn ) ;
}
}
2011-05-19 16:55:26 -06:00
static void unset_module_core_ro_nx ( struct module * mod )
{
set_page_attributes ( mod - > module_core + mod - > core_text_size ,
mod - > module_core + mod - > core_size ,
set_memory_x ) ;
set_page_attributes ( mod - > module_core ,
mod - > module_core + mod - > core_ro_size ,
set_memory_rw ) ;
}
static void unset_module_init_ro_nx ( struct module * mod )
{
set_page_attributes ( mod - > module_init + mod - > init_text_size ,
mod - > module_init + mod - > init_size ,
set_memory_x ) ;
set_page_attributes ( mod - > module_init ,
mod - > module_init + mod - > init_ro_size ,
set_memory_rw ) ;
2010-11-16 22:35:16 +01:00
}
/* Iterate through all modules and set each module's text as RW */
2011-03-08 22:01:47 +08:00
void set_all_modules_text_rw ( void )
2010-11-16 22:35:16 +01:00
{
struct module * mod ;
mutex_lock ( & module_mutex ) ;
list_for_each_entry_rcu ( mod , & modules , list ) {
2013-01-12 11:38:44 +10:30
if ( mod - > state = = MODULE_STATE_UNFORMED )
continue ;
2010-11-16 22:35:16 +01:00
if ( ( mod - > module_core ) & & ( mod - > core_text_size ) ) {
set_page_attributes ( mod - > module_core ,
mod - > module_core + mod - > core_text_size ,
set_memory_rw ) ;
}
if ( ( mod - > module_init ) & & ( mod - > init_text_size ) ) {
set_page_attributes ( mod - > module_init ,
mod - > module_init + mod - > init_text_size ,
set_memory_rw ) ;
}
}
mutex_unlock ( & module_mutex ) ;
}
/* Iterate through all modules and set each module's text as RO */
2011-03-08 22:01:47 +08:00
void set_all_modules_text_ro ( void )
2010-11-16 22:35:16 +01:00
{
struct module * mod ;
mutex_lock ( & module_mutex ) ;
list_for_each_entry_rcu ( mod , & modules , list ) {
2013-01-12 11:38:44 +10:30
if ( mod - > state = = MODULE_STATE_UNFORMED )
continue ;
2010-11-16 22:35:16 +01:00
if ( ( mod - > module_core ) & & ( mod - > core_text_size ) ) {
set_page_attributes ( mod - > module_core ,
mod - > module_core + mod - > core_text_size ,
set_memory_ro ) ;
}
if ( ( mod - > module_init ) & & ( mod - > init_text_size ) ) {
set_page_attributes ( mod - > module_init ,
mod - > module_init + mod - > init_text_size ,
set_memory_ro ) ;
}
}
mutex_unlock ( & module_mutex ) ;
}
# else
static inline void set_section_ro_nx ( void * base , unsigned long text_size , unsigned long ro_size , unsigned long total_size ) { }
2011-05-19 16:55:26 -06:00
static void unset_module_core_ro_nx ( struct module * mod ) { }
static void unset_module_init_ro_nx ( struct module * mod ) { }
2010-11-16 22:35:16 +01:00
# endif
2011-06-30 21:22:11 +02:00
void __weak module_free ( struct module * mod , void * module_region )
{
vfree ( module_region ) ;
}
void __weak module_arch_cleanup ( struct module * mod )
{
}
2010-06-05 11:17:36 -06:00
/* Free a module, remove from lists, etc. */
2005-04-16 15:20:36 -07:00
static void free_module ( struct module * mod )
{
2009-08-17 16:56:28 +08:00
trace_module_free ( mod ) ;
2010-08-05 12:59:09 -06:00
mod_sysfs_teardown ( mod ) ;
2005-04-16 15:20:36 -07:00
2013-04-17 13:20:03 +09:30
/* We leave it in list to prevent duplicate loads, but make sure
* that noone uses it while it ' s being deconstructed . */
mod - > state = MODULE_STATE_UNFORMED ;
2010-07-27 13:18:01 -07:00
/* Remove dynamic debug info */
ddebug_remove_module ( mod - > name ) ;
2005-04-16 15:20:36 -07:00
/* Arch-specific cleanup. */
module_arch_cleanup ( mod ) ;
/* Module unload stuff */
module_unload_free ( mod ) ;
2009-03-31 13:05:29 -06:00
/* Free any allocated parameters. */
destroy_params ( mod - > kp , mod - > num_kp ) ;
2013-04-17 13:20:03 +09:30
/* Now we can delete it from the lists */
mutex_lock ( & module_mutex ) ;
stop_machine ( __unlink_module , mod , NULL ) ;
mutex_unlock ( & module_mutex ) ;
2005-04-16 15:20:36 -07:00
/* This may be NULL, but that's OK */
2011-05-19 16:55:26 -06:00
unset_module_init_ro_nx ( mod ) ;
2005-04-16 15:20:36 -07:00
module_free ( mod , mod - > module_init ) ;
kfree ( mod - > args ) ;
2010-03-10 18:56:10 +09:00
percpu_modfree ( mod ) ;
2010-08-05 12:59:04 -06:00
[PATCH] lockdep: core
Do 'make oldconfig' and accept all the defaults for new config options -
reboot into the kernel and if everything goes well it should boot up fine and
you should have /proc/lockdep and /proc/lockdep_stats files.
Typically if the lock validator finds some problem it will print out
voluminous debug output that begins with "BUG: ..." and which syslog output
can be used by kernel developers to figure out the precise locking scenario.
What does the lock validator do? It "observes" and maps all locking rules as
they occur dynamically (as triggered by the kernel's natural use of spinlocks,
rwlocks, mutexes and rwsems). Whenever the lock validator subsystem detects a
new locking scenario, it validates this new rule against the existing set of
rules. If this new rule is consistent with the existing set of rules then the
new rule is added transparently and the kernel continues as normal. If the
new rule could create a deadlock scenario then this condition is printed out.
When determining validity of locking, all possible "deadlock scenarios" are
considered: assuming arbitrary number of CPUs, arbitrary irq context and task
context constellations, running arbitrary combinations of all the existing
locking scenarios. In a typical system this means millions of separate
scenarios. This is why we call it a "locking correctness" validator - for all
rules that are observed the lock validator proves it with mathematical
certainty that a deadlock could not occur (assuming that the lock validator
implementation itself is correct and its internal data structures are not
corrupted by some other kernel subsystem). [see more details and conditionals
of this statement in include/linux/lockdep.h and
Documentation/lockdep-design.txt]
Furthermore, this "all possible scenarios" property of the validator also
enables the finding of complex, highly unlikely multi-CPU multi-context races
via single single-context rules, increasing the likelyhood of finding bugs
drastically. In practical terms: the lock validator already found a bug in
the upstream kernel that could only occur on systems with 3 or more CPUs, and
which needed 3 very unlikely code sequences to occur at once on the 3 CPUs.
That bug was found and reported on a single-CPU system (!). So in essence a
race will be found "piecemail-wise", triggering all the necessary components
for the race, without having to reproduce the race scenario itself! In its
short existence the lock validator found and reported many bugs before they
actually caused a real deadlock.
To further increase the efficiency of the validator, the mapping is not per
"lock instance", but per "lock-class". For example, all struct inode objects
in the kernel have inode->inotify_mutex. If there are 10,000 inodes cached,
then there are 10,000 lock objects. But ->inotify_mutex is a single "lock
type", and all locking activities that occur against ->inotify_mutex are
"unified" into this single lock-class. The advantage of the lock-class
approach is that all historical ->inotify_mutex uses are mapped into a single
(and as narrow as possible) set of locking rules - regardless of how many
different tasks or inode structures it took to build this set of rules. The
set of rules persist during the lifetime of the kernel.
To see the rough magnitude of checking that the lock validator does, here's a
portion of /proc/lockdep_stats, fresh after bootup:
lock-classes: 694 [max: 2048]
direct dependencies: 1598 [max: 8192]
indirect dependencies: 17896
all direct dependencies: 16206
dependency chains: 1910 [max: 8192]
in-hardirq chains: 17
in-softirq chains: 105
in-process chains: 1065
stack-trace entries: 38761 [max: 131072]
combined max dependencies: 2033928
hardirq-safe locks: 24
hardirq-unsafe locks: 176
softirq-safe locks: 53
softirq-unsafe locks: 137
irq-safe locks: 59
irq-unsafe locks: 176
The lock validator has observed 1598 actual single-thread locking patterns,
and has validated all possible 2033928 distinct locking scenarios.
More details about the design of the lock validator can be found in
Documentation/lockdep-design.txt, which can also found at:
http://redhat.com/~mingo/lockdep-patches/lockdep-design.txt
[bunk@stusta.de: cleanups]
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Arjan van de Ven <arjan@linux.intel.com>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-07-03 00:24:50 -07:00
/* Free lock-classes: */
lockdep_free_key_range ( mod - > module_core , mod - > core_size ) ;
2005-04-16 15:20:36 -07:00
/* Finally, free the core (containing the module structure) */
2011-05-19 16:55:26 -06:00
unset_module_core_ro_nx ( mod ) ;
2005-04-16 15:20:36 -07:00
module_free ( mod , mod - > module_core ) ;
2009-09-21 17:03:57 -07:00
# ifdef CONFIG_MPU
update_protections ( current - > mm ) ;
# endif
2005-04-16 15:20:36 -07:00
}
void * __symbol_get ( const char * symbol )
{
struct module * owner ;
2008-12-05 19:03:56 -05:00
const struct kernel_symbol * sym ;
2005-04-16 15:20:36 -07:00
2007-07-15 23:41:46 -07:00
preempt_disable ( ) ;
2008-12-05 19:03:56 -05:00
sym = find_symbol ( symbol , & owner , NULL , true , true ) ;
if ( sym & & strong_try_module_get ( owner ) )
sym = NULL ;
2007-07-15 23:41:46 -07:00
preempt_enable ( ) ;
2005-04-16 15:20:36 -07:00
2008-12-05 19:03:56 -05:00
return sym ? ( void * ) sym - > value : NULL ;
2005-04-16 15:20:36 -07:00
}
EXPORT_SYMBOL_GPL ( __symbol_get ) ;
2006-01-08 01:04:25 -08:00
/*
* Ensure that an exported symbol [ global namespace ] does not already exist
2007-05-09 07:26:28 +02:00
* in the kernel or in some other module ' s exported symbol table .
2010-06-05 11:17:37 -06:00
*
* You must hold the module_mutex .
2006-01-08 01:04:25 -08:00
*/
static int verify_export_symbols ( struct module * mod )
{
2008-05-01 21:15:00 -05:00
unsigned int i ;
2006-01-08 01:04:25 -08:00
struct module * owner ;
2008-05-01 21:15:00 -05:00
const struct kernel_symbol * s ;
struct {
const struct kernel_symbol * sym ;
unsigned int num ;
} arr [ ] = {
{ mod - > syms , mod - > num_syms } ,
{ mod - > gpl_syms , mod - > num_gpl_syms } ,
{ mod - > gpl_future_syms , mod - > num_gpl_future_syms } ,
2008-07-22 19:24:26 -05:00
# ifdef CONFIG_UNUSED_SYMBOLS
2008-05-01 21:15:00 -05:00
{ mod - > unused_syms , mod - > num_unused_syms } ,
{ mod - > unused_gpl_syms , mod - > num_unused_gpl_syms } ,
2008-07-22 19:24:26 -05:00
# endif
2008-05-01 21:15:00 -05:00
} ;
2006-01-08 01:04:25 -08:00
2008-05-01 21:15:00 -05:00
for ( i = 0 ; i < ARRAY_SIZE ( arr ) ; i + + ) {
for ( s = arr [ i ] . sym ; s < arr [ i ] . sym + arr [ i ] . num ; s + + ) {
2010-06-05 11:17:37 -06:00
if ( find_symbol ( s - > name , & owner , NULL , true , false ) ) {
2013-11-12 15:11:28 -08:00
pr_err ( " %s: exports duplicate symbol %s "
2008-05-01 21:15:00 -05:00
" (owned by %s) \n " ,
mod - > name , s - > name , module_name ( owner ) ) ;
return - ENOEXEC ;
}
2006-01-08 01:04:25 -08:00
}
2008-05-01 21:15:00 -05:00
}
return 0 ;
2006-01-08 01:04:25 -08:00
}
2007-11-08 08:37:38 -08:00
/* Change all symbols so that st_value encodes the pointer directly. */
2010-08-05 12:59:10 -06:00
static int simplify_symbols ( struct module * mod , const struct load_info * info )
{
Elf_Shdr * symsec = & info - > sechdrs [ info - > index . sym ] ;
Elf_Sym * sym = ( void * ) symsec - > sh_addr ;
2005-04-16 15:20:36 -07:00
unsigned long secbase ;
2010-08-05 12:59:10 -06:00
unsigned int i ;
2005-04-16 15:20:36 -07:00
int ret = 0 ;
2008-12-05 19:03:56 -05:00
const struct kernel_symbol * ksym ;
2005-04-16 15:20:36 -07:00
2010-08-05 12:59:10 -06:00
for ( i = 1 ; i < symsec - > sh_size / sizeof ( Elf_Sym ) ; i + + ) {
const char * name = info - > strtab + sym [ i ] . st_name ;
2005-04-16 15:20:36 -07:00
switch ( sym [ i ] . st_shndx ) {
case SHN_COMMON :
/* We compiled with -fno-common. These are not
supposed to happen . */
2011-12-06 12:11:31 -07:00
pr_debug ( " Common symbol: %s \n " , name ) ;
2005-04-16 15:20:36 -07:00
printk ( " %s: please compile with -fno-common \n " ,
mod - > name ) ;
ret = - ENOEXEC ;
break ;
case SHN_ABS :
/* Don't need to do anything */
2011-12-06 12:11:31 -07:00
pr_debug ( " Absolute symbol: 0x%08lx \n " ,
2005-04-16 15:20:36 -07:00
( long ) sym [ i ] . st_value ) ;
break ;
case SHN_UNDEF :
2010-08-05 12:59:10 -06:00
ksym = resolve_symbol_wait ( mod , info , name ) ;
2005-04-16 15:20:36 -07:00
/* Ok if resolved. */
2010-06-05 11:17:37 -06:00
if ( ksym & & ! IS_ERR ( ksym ) ) {
2008-12-05 19:03:56 -05:00
sym [ i ] . st_value = ksym - > value ;
2005-04-16 15:20:36 -07:00
break ;
2008-12-05 19:03:56 -05:00
}
2005-04-16 15:20:36 -07:00
/* Ok if weak. */
2010-06-05 11:17:37 -06:00
if ( ! ksym & & ELF_ST_BIND ( sym [ i ] . st_info ) = = STB_WEAK )
2005-04-16 15:20:36 -07:00
break ;
2013-11-12 15:11:28 -08:00
pr_warn ( " %s: Unknown symbol %s (err %li) \n " ,
mod - > name , name , PTR_ERR ( ksym ) ) ;
2010-06-05 11:17:37 -06:00
ret = PTR_ERR ( ksym ) ? : - ENOENT ;
2005-04-16 15:20:36 -07:00
break ;
default :
/* Divert to percpu allocation if a percpu var. */
2010-08-05 12:59:10 -06:00
if ( sym [ i ] . st_shndx = = info - > index . pcpu )
2010-03-10 18:56:10 +09:00
secbase = ( unsigned long ) mod_percpu ( mod ) ;
2005-04-16 15:20:36 -07:00
else
2010-08-05 12:59:10 -06:00
secbase = info - > sechdrs [ sym [ i ] . st_shndx ] . sh_addr ;
2005-04-16 15:20:36 -07:00
sym [ i ] . st_value + = secbase ;
break ;
}
}
return ret ;
}
2010-08-05 12:59:10 -06:00
static int apply_relocations ( struct module * mod , const struct load_info * info )
2010-08-05 12:59:05 -06:00
{
unsigned int i ;
int err = 0 ;
/* Now do relocations. */
2010-08-05 12:59:10 -06:00
for ( i = 1 ; i < info - > hdr - > e_shnum ; i + + ) {
unsigned int infosec = info - > sechdrs [ i ] . sh_info ;
2010-08-05 12:59:05 -06:00
/* Not a valid relocation section? */
2010-08-05 12:59:10 -06:00
if ( infosec > = info - > hdr - > e_shnum )
2010-08-05 12:59:05 -06:00
continue ;
/* Don't bother with non-allocated sections */
2010-08-05 12:59:10 -06:00
if ( ! ( info - > sechdrs [ infosec ] . sh_flags & SHF_ALLOC ) )
2010-08-05 12:59:05 -06:00
continue ;
2010-08-05 12:59:10 -06:00
if ( info - > sechdrs [ i ] . sh_type = = SHT_REL )
err = apply_relocate ( info - > sechdrs , info - > strtab ,
info - > index . sym , i , mod ) ;
else if ( info - > sechdrs [ i ] . sh_type = = SHT_RELA )
err = apply_relocate_add ( info - > sechdrs , info - > strtab ,
info - > index . sym , i , mod ) ;
2010-08-05 12:59:05 -06:00
if ( err < 0 )
break ;
}
return err ;
}
2008-12-31 12:31:18 +01:00
/* Additional bytes needed by arch in front of individual sections */
unsigned int __weak arch_mod_section_prepend ( struct module * mod ,
unsigned int section )
{
/* default implementation just returns zero */
return 0 ;
}
2005-04-16 15:20:36 -07:00
/* Update size with this section: return offset. */
2008-12-31 12:31:18 +01:00
static long get_offset ( struct module * mod , unsigned int * size ,
Elf_Shdr * sechdr , unsigned int section )
2005-04-16 15:20:36 -07:00
{
long ret ;
2008-12-31 12:31:18 +01:00
* size + = arch_mod_section_prepend ( mod , section ) ;
2005-04-16 15:20:36 -07:00
ret = ALIGN ( * size , sechdr - > sh_addralign ? : 1 ) ;
* size = ret + sechdr - > sh_size ;
return ret ;
}
/* Lay out the SHF_ALLOC sections in a way not dissimilar to how ld
might - - code , read - only data , read - write data , small data . Tally
sizes , and place the offsets into sh_entsize fields : high bit means it
belongs in init . */
2010-08-05 12:59:10 -06:00
static void layout_sections ( struct module * mod , struct load_info * info )
2005-04-16 15:20:36 -07:00
{
static unsigned long const masks [ ] [ 2 ] = {
/* NOTE: all executable code must be the first section
* in this array ; otherwise modify the text_size
* finder in the two loops below */
{ SHF_EXECINSTR | SHF_ALLOC , ARCH_SHF_SMALL } ,
{ SHF_ALLOC , SHF_WRITE | ARCH_SHF_SMALL } ,
{ SHF_WRITE | SHF_ALLOC , ARCH_SHF_SMALL } ,
{ ARCH_SHF_SMALL | SHF_ALLOC , 0 }
} ;
unsigned int m , i ;
2010-08-05 12:59:10 -06:00
for ( i = 0 ; i < info - > hdr - > e_shnum ; i + + )
info - > sechdrs [ i ] . sh_entsize = ~ 0UL ;
2005-04-16 15:20:36 -07:00
2011-12-06 12:11:31 -07:00
pr_debug ( " Core section allocation order: \n " ) ;
2005-04-16 15:20:36 -07:00
for ( m = 0 ; m < ARRAY_SIZE ( masks ) ; + + m ) {
2010-08-05 12:59:10 -06:00
for ( i = 0 ; i < info - > hdr - > e_shnum ; + + i ) {
Elf_Shdr * s = & info - > sechdrs [ i ] ;
const char * sname = info - > secstrings + s - > sh_name ;
2005-04-16 15:20:36 -07:00
if ( ( s - > sh_flags & masks [ m ] [ 0 ] ) ! = masks [ m ] [ 0 ]
| | ( s - > sh_flags & masks [ m ] [ 1 ] )
| | s - > sh_entsize ! = ~ 0UL
2010-08-05 12:59:10 -06:00
| | strstarts ( sname , " .init " ) )
2005-04-16 15:20:36 -07:00
continue ;
2008-12-31 12:31:18 +01:00
s - > sh_entsize = get_offset ( mod , & mod - > core_size , s , i ) ;
2011-12-06 12:11:31 -07:00
pr_debug ( " \t %s \n " , sname ) ;
2005-04-16 15:20:36 -07:00
}
2010-11-16 22:35:16 +01:00
switch ( m ) {
case 0 : /* executable */
mod - > core_size = debug_align ( mod - > core_size ) ;
2005-04-16 15:20:36 -07:00
mod - > core_text_size = mod - > core_size ;
2010-11-16 22:35:16 +01:00
break ;
case 1 : /* RO: text and ro-data */
mod - > core_size = debug_align ( mod - > core_size ) ;
mod - > core_ro_size = mod - > core_size ;
break ;
case 3 : /* whole core */
mod - > core_size = debug_align ( mod - > core_size ) ;
break ;
}
2005-04-16 15:20:36 -07:00
}
2011-12-06 12:11:31 -07:00
pr_debug ( " Init section allocation order: \n " ) ;
2005-04-16 15:20:36 -07:00
for ( m = 0 ; m < ARRAY_SIZE ( masks ) ; + + m ) {
2010-08-05 12:59:10 -06:00
for ( i = 0 ; i < info - > hdr - > e_shnum ; + + i ) {
Elf_Shdr * s = & info - > sechdrs [ i ] ;
const char * sname = info - > secstrings + s - > sh_name ;
2005-04-16 15:20:36 -07:00
if ( ( s - > sh_flags & masks [ m ] [ 0 ] ) ! = masks [ m ] [ 0 ]
| | ( s - > sh_flags & masks [ m ] [ 1 ] )
| | s - > sh_entsize ! = ~ 0UL
2010-08-05 12:59:10 -06:00
| | ! strstarts ( sname , " .init " ) )
2005-04-16 15:20:36 -07:00
continue ;
2008-12-31 12:31:18 +01:00
s - > sh_entsize = ( get_offset ( mod , & mod - > init_size , s , i )
2005-04-16 15:20:36 -07:00
| INIT_OFFSET_MASK ) ;
2011-12-06 12:11:31 -07:00
pr_debug ( " \t %s \n " , sname ) ;
2005-04-16 15:20:36 -07:00
}
2010-11-16 22:35:16 +01:00
switch ( m ) {
case 0 : /* executable */
mod - > init_size = debug_align ( mod - > init_size ) ;
2005-04-16 15:20:36 -07:00
mod - > init_text_size = mod - > init_size ;
2010-11-16 22:35:16 +01:00
break ;
case 1 : /* RO: text and ro-data */
mod - > init_size = debug_align ( mod - > init_size ) ;
mod - > init_ro_size = mod - > init_size ;
break ;
case 3 : /* whole init */
mod - > init_size = debug_align ( mod - > init_size ) ;
break ;
}
2005-04-16 15:20:36 -07:00
}
}
static void set_license ( struct module * mod , const char * license )
{
if ( ! license )
license = " unspecified " ;
2006-10-11 01:21:48 -07:00
if ( ! license_is_gpl_compatible ( license ) ) {
2008-10-15 22:01:41 -07:00
if ( ! test_taint ( TAINT_PROPRIETARY_MODULE ) )
2013-11-12 15:11:28 -08:00
pr_warn ( " %s: module license '%s' taints kernel. \n " ,
mod - > name , license ) ;
2013-01-21 17:17:39 +10:30
add_taint_module ( mod , TAINT_PROPRIETARY_MODULE ,
LOCKDEP_NOW_UNRELIABLE ) ;
2005-04-16 15:20:36 -07:00
}
}
/* Parse tag=value strings from .modinfo section */
static char * next_string ( char * string , unsigned long * secsize )
{
/* Skip non-zero chars */
while ( string [ 0 ] ) {
string + + ;
if ( ( * secsize ) - - < = 1 )
return NULL ;
}
/* Skip any zero padding. */
while ( ! string [ 0 ] ) {
string + + ;
if ( ( * secsize ) - - < = 1 )
return NULL ;
}
return string ;
}
2010-08-05 12:59:10 -06:00
static char * get_modinfo ( struct load_info * info , const char * tag )
2005-04-16 15:20:36 -07:00
{
char * p ;
unsigned int taglen = strlen ( tag ) ;
2010-08-05 12:59:10 -06:00
Elf_Shdr * infosec = & info - > sechdrs [ info - > index . info ] ;
unsigned long size = infosec - > sh_size ;
2005-04-16 15:20:36 -07:00
2010-08-05 12:59:10 -06:00
for ( p = ( char * ) infosec - > sh_addr ; p ; p = next_string ( p , & size ) ) {
2005-04-16 15:20:36 -07:00
if ( strncmp ( p , tag , taglen ) = = 0 & & p [ taglen ] = = ' = ' )
return p + taglen + 1 ;
}
return NULL ;
}
2010-08-05 12:59:10 -06:00
static void setup_modinfo ( struct module * mod , struct load_info * info )
[PATCH] modules: add version and srcversion to sysfs
This patch adds version and srcversion files to
/sys/module/${modulename} containing the version and srcversion fields
of the module's modinfo section (if present).
/sys/module/e1000
|-- srcversion
`-- version
This patch differs slightly from the version posted in January, as it
now uses the new kstrdup() call in -mm.
Why put this in sysfs?
a) Tools like DKMS, which deal with changing out individual kernel
modules without replacing the whole kernel, can behave smarter if they
can tell the version of a given module. The autoinstaller feature, for
example, which determines if your system has a "good" version of a
driver (i.e. if the one provided by DKMS has a newer verson than that
provided by the kernel package installed), and to automatically compile
and install a newer version if DKMS has it but your kernel doesn't yet
have that version.
b) Because sysadmins manually, or with tools like DKMS, can switch out
modules on the file system, you can't count on 'modinfo foo.ko', which
looks at /lib/modules/${kernelver}/... actually matching what is loaded
into the kernel already. Hence asking sysfs for this.
c) as the unbind-driver-from-device work takes shape, it will be
possible to rebind a driver that's built-in (no .ko to modinfo for the
version) to a newly loaded module. sysfs will have the
currently-built-in version info, for comparison.
d) tech support scripts can then easily grab the version info for what's
running presently - a question I get often.
There has been renewed interest in this patch on linux-scsi by driver
authors.
As the idea originated from GregKH, I leave his Signed-off-by: intact,
though the implementation is nearly completely new. Compiled and run on
x86 and x86_64.
From: Matthew Dobson <colpatch@us.ibm.com>
build fix
From: Thierry Vignaud <tvignaud@mandriva.com>
build fix
From: Matthew Dobson <colpatch@us.ibm.com>
warning fix
Signed-off-by: Greg Kroah-Hartman <greg@kroah.com>
Signed-off-by: Matt Domsch <Matt_Domsch@dell.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-23 22:05:15 -07:00
{
struct module_attribute * attr ;
int i ;
for ( i = 0 ; ( attr = modinfo_attrs [ i ] ) ; i + + ) {
if ( attr - > setup )
2010-08-05 12:59:10 -06:00
attr - > setup ( mod , get_modinfo ( info , attr - > attr . name ) ) ;
[PATCH] modules: add version and srcversion to sysfs
This patch adds version and srcversion files to
/sys/module/${modulename} containing the version and srcversion fields
of the module's modinfo section (if present).
/sys/module/e1000
|-- srcversion
`-- version
This patch differs slightly from the version posted in January, as it
now uses the new kstrdup() call in -mm.
Why put this in sysfs?
a) Tools like DKMS, which deal with changing out individual kernel
modules without replacing the whole kernel, can behave smarter if they
can tell the version of a given module. The autoinstaller feature, for
example, which determines if your system has a "good" version of a
driver (i.e. if the one provided by DKMS has a newer verson than that
provided by the kernel package installed), and to automatically compile
and install a newer version if DKMS has it but your kernel doesn't yet
have that version.
b) Because sysadmins manually, or with tools like DKMS, can switch out
modules on the file system, you can't count on 'modinfo foo.ko', which
looks at /lib/modules/${kernelver}/... actually matching what is loaded
into the kernel already. Hence asking sysfs for this.
c) as the unbind-driver-from-device work takes shape, it will be
possible to rebind a driver that's built-in (no .ko to modinfo for the
version) to a newly loaded module. sysfs will have the
currently-built-in version info, for comparison.
d) tech support scripts can then easily grab the version info for what's
running presently - a question I get often.
There has been renewed interest in this patch on linux-scsi by driver
authors.
As the idea originated from GregKH, I leave his Signed-off-by: intact,
though the implementation is nearly completely new. Compiled and run on
x86 and x86_64.
From: Matthew Dobson <colpatch@us.ibm.com>
build fix
From: Thierry Vignaud <tvignaud@mandriva.com>
build fix
From: Matthew Dobson <colpatch@us.ibm.com>
warning fix
Signed-off-by: Greg Kroah-Hartman <greg@kroah.com>
Signed-off-by: Matt Domsch <Matt_Domsch@dell.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-23 22:05:15 -07:00
}
}
2009-09-25 00:32:58 -06:00
static void free_modinfo ( struct module * mod )
{
struct module_attribute * attr ;
int i ;
for ( i = 0 ; ( attr = modinfo_attrs [ i ] ) ; i + + ) {
if ( attr - > free )
attr - > free ( mod ) ;
}
}
2005-04-16 15:20:36 -07:00
# ifdef CONFIG_KALLSYMS
2008-07-24 15:41:48 +01:00
/* lookup symbol in given range of kernel_symbols */
static const struct kernel_symbol * lookup_symbol ( const char * name ,
const struct kernel_symbol * start ,
const struct kernel_symbol * stop )
{
2011-05-18 22:35:59 +02:00
return bsearch ( name , start , stop - start ,
sizeof ( struct kernel_symbol ) , cmp_name ) ;
2008-07-24 15:41:48 +01:00
}
2009-01-05 08:40:10 -06:00
static int is_exported ( const char * name , unsigned long value ,
const struct module * mod )
2005-04-16 15:20:36 -07:00
{
2009-01-05 08:40:10 -06:00
const struct kernel_symbol * ks ;
if ( ! mod )
ks = lookup_symbol ( name , __start___ksymtab , __stop___ksymtab ) ;
2006-02-08 21:16:45 +01:00
else
2009-01-05 08:40:10 -06:00
ks = lookup_symbol ( name , mod - > syms , mod - > syms + mod - > num_syms ) ;
return ks ! = NULL & & ks - > value = = value ;
2005-04-16 15:20:36 -07:00
}
/* As per nm */
2010-08-05 12:59:07 -06:00
static char elf_type ( const Elf_Sym * sym , const struct load_info * info )
2005-04-16 15:20:36 -07:00
{
2010-08-05 12:59:07 -06:00
const Elf_Shdr * sechdrs = info - > sechdrs ;
2005-04-16 15:20:36 -07:00
if ( ELF_ST_BIND ( sym - > st_info ) = = STB_WEAK ) {
if ( ELF_ST_TYPE ( sym - > st_info ) = = STT_OBJECT )
return ' v ' ;
else
return ' w ' ;
}
if ( sym - > st_shndx = = SHN_UNDEF )
return ' U ' ;
if ( sym - > st_shndx = = SHN_ABS )
return ' a ' ;
if ( sym - > st_shndx > = SHN_LORESERVE )
return ' ? ' ;
if ( sechdrs [ sym - > st_shndx ] . sh_flags & SHF_EXECINSTR )
return ' t ' ;
if ( sechdrs [ sym - > st_shndx ] . sh_flags & SHF_ALLOC
& & sechdrs [ sym - > st_shndx ] . sh_type ! = SHT_NOBITS ) {
if ( ! ( sechdrs [ sym - > st_shndx ] . sh_flags & SHF_WRITE ) )
return ' r ' ;
else if ( sechdrs [ sym - > st_shndx ] . sh_flags & ARCH_SHF_SMALL )
return ' g ' ;
else
return ' d ' ;
}
if ( sechdrs [ sym - > st_shndx ] . sh_type = = SHT_NOBITS ) {
if ( sechdrs [ sym - > st_shndx ] . sh_flags & ARCH_SHF_SMALL )
return ' s ' ;
else
return ' b ' ;
}
2010-08-05 12:59:07 -06:00
if ( strstarts ( info - > secstrings + sechdrs [ sym - > st_shndx ] . sh_name ,
" .debug " ) ) {
2005-04-16 15:20:36 -07:00
return ' n ' ;
2010-08-05 12:59:07 -06:00
}
2005-04-16 15:20:36 -07:00
return ' ? ' ;
}
2009-07-06 14:50:42 +01:00
static bool is_core_symbol ( const Elf_Sym * src , const Elf_Shdr * sechdrs ,
unsigned int shnum )
{
const Elf_Shdr * sec ;
if ( src - > st_shndx = = SHN_UNDEF
| | src - > st_shndx > = shnum
| | ! src - > st_name )
return false ;
sec = sechdrs + src - > st_shndx ;
if ( ! ( sec - > sh_flags & SHF_ALLOC )
# ifndef CONFIG_KALLSYMS_ALL
| | ! ( sec - > sh_flags & SHF_EXECINSTR )
# endif
| | ( sec - > sh_entsize & INIT_OFFSET_MASK ) )
return false ;
return true ;
}
2012-01-13 09:32:14 +10:30
/*
* We only allocate and copy the strings needed by the parts of symtab
* we keep . This is simple , but has the effect of making multiple
* copies of duplicates . We could be more sophisticated , see
* linux - kernel thread starting with
* < 73 defb5e4bca04a6431392cc341112b1 @ localhost > .
*/
2010-08-05 12:59:10 -06:00
static void layout_symtab ( struct module * mod , struct load_info * info )
2009-07-06 14:50:42 +01:00
{
2010-08-05 12:59:10 -06:00
Elf_Shdr * symsect = info - > sechdrs + info - > index . sym ;
Elf_Shdr * strsect = info - > sechdrs + info - > index . str ;
2009-07-06 14:50:42 +01:00
const Elf_Sym * src ;
2012-12-05 12:29:04 +10:30
unsigned int i , nsrc , ndst , strtab_size = 0 ;
2009-07-06 14:50:42 +01:00
/* Put symbol section at end of init part of module. */
symsect - > sh_flags | = SHF_ALLOC ;
symsect - > sh_entsize = get_offset ( mod , & mod - > init_size , symsect ,
2010-08-05 12:59:10 -06:00
info - > index . sym ) | INIT_OFFSET_MASK ;
2011-12-06 12:11:31 -07:00
pr_debug ( " \t %s \n " , info - > secstrings + symsect - > sh_name ) ;
2009-07-06 14:50:42 +01:00
2010-08-05 12:59:10 -06:00
src = ( void * ) info - > hdr + symsect - > sh_offset ;
2009-07-06 14:50:42 +01:00
nsrc = symsect - > sh_size / sizeof ( * src ) ;
2011-11-12 19:08:55 -08:00
2012-01-13 09:32:14 +10:30
/* Compute total space required for the core symbols' strtab. */
2012-10-25 10:49:25 +10:30
for ( ndst = i = 0 ; i < nsrc ; i + + ) {
if ( i = = 0 | |
is_core_symbol ( src + i , info - > sechdrs , info - > hdr - > e_shnum ) ) {
strtab_size + = strlen ( & info - > strtab [ src [ i ] . st_name ] ) + 1 ;
2012-01-13 09:32:14 +10:30
ndst + + ;
2009-07-06 14:51:44 +01:00
}
2012-10-25 10:49:25 +10:30
}
2009-07-06 14:50:42 +01:00
/* Append room for core symbols at end of core part. */
2010-08-05 12:59:10 -06:00
info - > symoffs = ALIGN ( mod - > core_size , symsect - > sh_addralign ? : 1 ) ;
2012-01-13 09:32:14 +10:30
info - > stroffs = mod - > core_size = info - > symoffs + ndst * sizeof ( Elf_Sym ) ;
mod - > core_size + = strtab_size ;
2009-07-06 14:50:42 +01:00
2009-07-06 14:51:44 +01:00
/* Put string table section at end of init part of module. */
strsect - > sh_flags | = SHF_ALLOC ;
strsect - > sh_entsize = get_offset ( mod , & mod - > init_size , strsect ,
2010-08-05 12:59:10 -06:00
info - > index . str ) | INIT_OFFSET_MASK ;
2011-12-06 12:11:31 -07:00
pr_debug ( " \t %s \n " , info - > secstrings + strsect - > sh_name ) ;
2009-07-06 14:50:42 +01:00
}
2010-08-05 12:59:12 -06:00
static void add_kallsyms ( struct module * mod , const struct load_info * info )
2005-04-16 15:20:36 -07:00
{
2009-07-06 14:50:42 +01:00
unsigned int i , ndst ;
const Elf_Sym * src ;
Elf_Sym * dst ;
2009-07-06 14:51:44 +01:00
char * s ;
2010-08-05 12:59:07 -06:00
Elf_Shdr * symsec = & info - > sechdrs [ info - > index . sym ] ;
2005-04-16 15:20:36 -07:00
2010-08-05 12:59:07 -06:00
mod - > symtab = ( void * ) symsec - > sh_addr ;
mod - > num_symtab = symsec - > sh_size / sizeof ( Elf_Sym ) ;
2010-08-05 12:59:08 -06:00
/* Make sure we get permanent strtab: don't use info->strtab. */
mod - > strtab = ( void * ) info - > sechdrs [ info - > index . str ] . sh_addr ;
2005-04-16 15:20:36 -07:00
/* Set types up while we still have access to sections. */
for ( i = 0 ; i < mod - > num_symtab ; i + + )
2010-08-05 12:59:07 -06:00
mod - > symtab [ i ] . st_info = elf_type ( & mod - > symtab [ i ] , info ) ;
2009-07-06 14:50:42 +01:00
2010-08-05 12:59:08 -06:00
mod - > core_symtab = dst = mod - > module_core + info - > symoffs ;
2012-01-13 09:32:14 +10:30
mod - > core_strtab = s = mod - > module_core + info - > stroffs ;
2009-07-06 14:50:42 +01:00
src = mod - > symtab ;
2012-10-25 10:49:25 +10:30
for ( ndst = i = 0 ; i < mod - > num_symtab ; i + + ) {
if ( i = = 0 | |
is_core_symbol ( src + i , info - > sechdrs , info - > hdr - > e_shnum ) ) {
dst [ ndst ] = src [ i ] ;
dst [ ndst + + ] . st_name = s - mod - > core_strtab ;
s + = strlcpy ( s , & mod - > strtab [ src [ i ] . st_name ] ,
KSYM_NAME_LEN ) + 1 ;
}
2009-07-06 14:50:42 +01:00
}
mod - > core_num_syms = ndst ;
2005-04-16 15:20:36 -07:00
}
# else
2010-08-05 12:59:10 -06:00
static inline void layout_symtab ( struct module * mod , struct load_info * info )
2009-07-06 14:50:42 +01:00
{
}
2009-10-01 15:43:54 -07:00
2010-09-20 01:58:08 +02:00
static void add_kallsyms ( struct module * mod , const struct load_info * info )
2005-04-16 15:20:36 -07:00
{
}
# endif /* CONFIG_KALLSYMS */
2009-02-05 11:51:38 -05:00
static void dynamic_debug_setup ( struct _ddebug * debug , unsigned int num )
driver core: basic infrastructure for per-module dynamic debug messages
Base infrastructure to enable per-module debug messages.
I've introduced CONFIG_DYNAMIC_PRINTK_DEBUG, which when enabled centralizes
control of debugging statements on a per-module basis in one /proc file,
currently, <debugfs>/dynamic_printk/modules. When, CONFIG_DYNAMIC_PRINTK_DEBUG,
is not set, debugging statements can still be enabled as before, often by
defining 'DEBUG' for the proper compilation unit. Thus, this patch set has no
affect when CONFIG_DYNAMIC_PRINTK_DEBUG is not set.
The infrastructure currently ties into all pr_debug() and dev_dbg() calls. That
is, if CONFIG_DYNAMIC_PRINTK_DEBUG is set, all pr_debug() and dev_dbg() calls
can be dynamically enabled/disabled on a per-module basis.
Future plans include extending this functionality to subsystems, that define
their own debug levels and flags.
Usage:
Dynamic debugging is controlled by the debugfs file,
<debugfs>/dynamic_printk/modules. This file contains a list of the modules that
can be enabled. The format of the file is as follows:
<module_name> <enabled=0/1>
.
.
.
<module_name> : Name of the module in which the debug call resides
<enabled=0/1> : whether the messages are enabled or not
For example:
snd_hda_intel enabled=0
fixup enabled=1
driver enabled=0
Enable a module:
$echo "set enabled=1 <module_name>" > dynamic_printk/modules
Disable a module:
$echo "set enabled=0 <module_name>" > dynamic_printk/modules
Enable all modules:
$echo "set enabled=1 all" > dynamic_printk/modules
Disable all modules:
$echo "set enabled=0 all" > dynamic_printk/modules
Finally, passing "dynamic_printk" at the command line enables
debugging for all modules. This mode can be turned off via the above
disable command.
[gkh: minor cleanups and tweaks to make the build work quietly]
Signed-off-by: Jason Baron <jbaron@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2008-08-12 16:46:19 -04:00
{
2010-08-05 12:59:12 -06:00
if ( ! debug )
return ;
2009-02-05 11:51:38 -05:00
# ifdef CONFIG_DYNAMIC_DEBUG
if ( ddebug_add_module ( debug , num , debug - > modname ) )
2013-11-12 15:11:28 -08:00
pr_err ( " dynamic debug error adding module: %s \n " ,
debug - > modname ) ;
2009-02-05 11:51:38 -05:00
# endif
2008-10-22 10:00:13 -05:00
}
driver core: basic infrastructure for per-module dynamic debug messages
Base infrastructure to enable per-module debug messages.
I've introduced CONFIG_DYNAMIC_PRINTK_DEBUG, which when enabled centralizes
control of debugging statements on a per-module basis in one /proc file,
currently, <debugfs>/dynamic_printk/modules. When, CONFIG_DYNAMIC_PRINTK_DEBUG,
is not set, debugging statements can still be enabled as before, often by
defining 'DEBUG' for the proper compilation unit. Thus, this patch set has no
affect when CONFIG_DYNAMIC_PRINTK_DEBUG is not set.
The infrastructure currently ties into all pr_debug() and dev_dbg() calls. That
is, if CONFIG_DYNAMIC_PRINTK_DEBUG is set, all pr_debug() and dev_dbg() calls
can be dynamically enabled/disabled on a per-module basis.
Future plans include extending this functionality to subsystems, that define
their own debug levels and flags.
Usage:
Dynamic debugging is controlled by the debugfs file,
<debugfs>/dynamic_printk/modules. This file contains a list of the modules that
can be enabled. The format of the file is as follows:
<module_name> <enabled=0/1>
.
.
.
<module_name> : Name of the module in which the debug call resides
<enabled=0/1> : whether the messages are enabled or not
For example:
snd_hda_intel enabled=0
fixup enabled=1
driver enabled=0
Enable a module:
$echo "set enabled=1 <module_name>" > dynamic_printk/modules
Disable a module:
$echo "set enabled=0 <module_name>" > dynamic_printk/modules
Enable all modules:
$echo "set enabled=1 all" > dynamic_printk/modules
Disable all modules:
$echo "set enabled=0 all" > dynamic_printk/modules
Finally, passing "dynamic_printk" at the command line enables
debugging for all modules. This mode can be turned off via the above
disable command.
[gkh: minor cleanups and tweaks to make the build work quietly]
Signed-off-by: Jason Baron <jbaron@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2008-08-12 16:46:19 -04:00
2010-07-03 13:07:35 +10:00
static void dynamic_debug_remove ( struct _ddebug * debug )
{
if ( debug )
ddebug_remove_module ( debug - > modname ) ;
}
2011-06-30 21:22:11 +02:00
void * __weak module_alloc ( unsigned long size )
{
2012-12-11 09:38:33 +10:30
return vmalloc_exec ( size ) ;
2011-06-30 21:22:11 +02:00
}
2008-07-22 19:24:28 -05:00
static void * module_alloc_update_bounds ( unsigned long size )
{
void * ret = module_alloc ( size ) ;
if ( ret ) {
2010-06-05 11:17:36 -06:00
mutex_lock ( & module_mutex ) ;
2008-07-22 19:24:28 -05:00
/* Update module bounds. */
if ( ( unsigned long ) ret < module_addr_min )
module_addr_min = ( unsigned long ) ret ;
if ( ( unsigned long ) ret + size > module_addr_max )
module_addr_max = ( unsigned long ) ret + size ;
2010-06-05 11:17:36 -06:00
mutex_unlock ( & module_mutex ) ;
2008-07-22 19:24:28 -05:00
}
return ret ;
}
2009-06-11 13:23:20 +01:00
# ifdef CONFIG_DEBUG_KMEMLEAK
2010-08-05 12:59:10 -06:00
static void kmemleak_load_module ( const struct module * mod ,
const struct load_info * info )
2009-06-11 13:23:20 +01:00
{
unsigned int i ;
/* only scan the sections containing data */
2009-10-28 13:33:09 +00:00
kmemleak_scan_area ( mod , sizeof ( struct module ) , GFP_KERNEL ) ;
2009-06-11 13:23:20 +01:00
2010-08-05 12:59:10 -06:00
for ( i = 1 ; i < info - > hdr - > e_shnum ; i + + ) {
2013-05-15 20:33:01 +01:00
/* Scan all writable sections that's not executable */
if ( ! ( info - > sechdrs [ i ] . sh_flags & SHF_ALLOC ) | |
! ( info - > sechdrs [ i ] . sh_flags & SHF_WRITE ) | |
( info - > sechdrs [ i ] . sh_flags & SHF_EXECINSTR ) )
2009-06-11 13:23:20 +01:00
continue ;
2010-08-05 12:59:10 -06:00
kmemleak_scan_area ( ( void * ) info - > sechdrs [ i ] . sh_addr ,
info - > sechdrs [ i ] . sh_size , GFP_KERNEL ) ;
2009-06-11 13:23:20 +01:00
}
}
# else
2010-08-05 12:59:10 -06:00
static inline void kmemleak_load_module ( const struct module * mod ,
const struct load_info * info )
2009-06-11 13:23:20 +01:00
{
}
# endif
2012-09-26 10:09:40 +01:00
# ifdef CONFIG_MODULE_SIG
module: add syscall to load module from fd
As part of the effort to create a stronger boundary between root and
kernel, Chrome OS wants to be able to enforce that kernel modules are
being loaded only from our read-only crypto-hash verified (dm_verity)
root filesystem. Since the init_module syscall hands the kernel a module
as a memory blob, no reasoning about the origin of the blob can be made.
Earlier proposals for appending signatures to kernel modules would not be
useful in Chrome OS, since it would involve adding an additional set of
keys to our kernel and builds for no good reason: we already trust the
contents of our root filesystem. We don't need to verify those kernel
modules a second time. Having to do signature checking on module loading
would slow us down and be redundant. All we need to know is where a
module is coming from so we can say yes/no to loading it.
If a file descriptor is used as the source of a kernel module, many more
things can be reasoned about. In Chrome OS's case, we could enforce that
the module lives on the filesystem we expect it to live on. In the case
of IMA (or other LSMs), it would be possible, for example, to examine
extended attributes that may contain signatures over the contents of
the module.
This introduces a new syscall (on x86), similar to init_module, that has
only two arguments. The first argument is used as a file descriptor to
the module and the second argument is a pointer to the NULL terminated
string of module arguments.
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (merge fixes)
2012-10-16 07:31:07 +10:30
static int module_sig_check ( struct load_info * info )
2012-09-26 10:09:40 +01:00
{
int err = - ENOKEY ;
module: add syscall to load module from fd
As part of the effort to create a stronger boundary between root and
kernel, Chrome OS wants to be able to enforce that kernel modules are
being loaded only from our read-only crypto-hash verified (dm_verity)
root filesystem. Since the init_module syscall hands the kernel a module
as a memory blob, no reasoning about the origin of the blob can be made.
Earlier proposals for appending signatures to kernel modules would not be
useful in Chrome OS, since it would involve adding an additional set of
keys to our kernel and builds for no good reason: we already trust the
contents of our root filesystem. We don't need to verify those kernel
modules a second time. Having to do signature checking on module loading
would slow us down and be redundant. All we need to know is where a
module is coming from so we can say yes/no to loading it.
If a file descriptor is used as the source of a kernel module, many more
things can be reasoned about. In Chrome OS's case, we could enforce that
the module lives on the filesystem we expect it to live on. In the case
of IMA (or other LSMs), it would be possible, for example, to examine
extended attributes that may contain signatures over the contents of
the module.
This introduces a new syscall (on x86), similar to init_module, that has
only two arguments. The first argument is used as a file descriptor to
the module and the second argument is a pointer to the NULL terminated
string of module arguments.
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (merge fixes)
2012-10-16 07:31:07 +10:30
const unsigned long markerlen = sizeof ( MODULE_SIG_STRING ) - 1 ;
const void * mod = info - > hdr ;
2012-10-20 01:19:29 +01:00
module: add syscall to load module from fd
As part of the effort to create a stronger boundary between root and
kernel, Chrome OS wants to be able to enforce that kernel modules are
being loaded only from our read-only crypto-hash verified (dm_verity)
root filesystem. Since the init_module syscall hands the kernel a module
as a memory blob, no reasoning about the origin of the blob can be made.
Earlier proposals for appending signatures to kernel modules would not be
useful in Chrome OS, since it would involve adding an additional set of
keys to our kernel and builds for no good reason: we already trust the
contents of our root filesystem. We don't need to verify those kernel
modules a second time. Having to do signature checking on module loading
would slow us down and be redundant. All we need to know is where a
module is coming from so we can say yes/no to loading it.
If a file descriptor is used as the source of a kernel module, many more
things can be reasoned about. In Chrome OS's case, we could enforce that
the module lives on the filesystem we expect it to live on. In the case
of IMA (or other LSMs), it would be possible, for example, to examine
extended attributes that may contain signatures over the contents of
the module.
This introduces a new syscall (on x86), similar to init_module, that has
only two arguments. The first argument is used as a file descriptor to
the module and the second argument is a pointer to the NULL terminated
string of module arguments.
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (merge fixes)
2012-10-16 07:31:07 +10:30
if ( info - > len > markerlen & &
memcmp ( mod + info - > len - markerlen , MODULE_SIG_STRING , markerlen ) = = 0 ) {
2012-10-20 01:19:29 +01:00
/* We truncate the module to discard the signature */
module: add syscall to load module from fd
As part of the effort to create a stronger boundary between root and
kernel, Chrome OS wants to be able to enforce that kernel modules are
being loaded only from our read-only crypto-hash verified (dm_verity)
root filesystem. Since the init_module syscall hands the kernel a module
as a memory blob, no reasoning about the origin of the blob can be made.
Earlier proposals for appending signatures to kernel modules would not be
useful in Chrome OS, since it would involve adding an additional set of
keys to our kernel and builds for no good reason: we already trust the
contents of our root filesystem. We don't need to verify those kernel
modules a second time. Having to do signature checking on module loading
would slow us down and be redundant. All we need to know is where a
module is coming from so we can say yes/no to loading it.
If a file descriptor is used as the source of a kernel module, many more
things can be reasoned about. In Chrome OS's case, we could enforce that
the module lives on the filesystem we expect it to live on. In the case
of IMA (or other LSMs), it would be possible, for example, to examine
extended attributes that may contain signatures over the contents of
the module.
This introduces a new syscall (on x86), similar to init_module, that has
only two arguments. The first argument is used as a file descriptor to
the module and the second argument is a pointer to the NULL terminated
string of module arguments.
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (merge fixes)
2012-10-16 07:31:07 +10:30
info - > len - = markerlen ;
err = mod_verify_sig ( mod , & info - > len ) ;
2012-09-26 10:09:40 +01:00
}
if ( ! err ) {
info - > sig_ok = true ;
return 0 ;
}
/* Not having a signature is only an error if we're strict. */
2012-09-26 10:09:50 +01:00
if ( err < 0 & & fips_enabled )
panic ( " Module verification failed with error %d in FIPS mode \n " ,
err ) ;
2012-09-26 10:09:40 +01:00
if ( err = = - ENOKEY & & ! sig_enforce )
err = 0 ;
return err ;
}
# else /* !CONFIG_MODULE_SIG */
module: add syscall to load module from fd
As part of the effort to create a stronger boundary between root and
kernel, Chrome OS wants to be able to enforce that kernel modules are
being loaded only from our read-only crypto-hash verified (dm_verity)
root filesystem. Since the init_module syscall hands the kernel a module
as a memory blob, no reasoning about the origin of the blob can be made.
Earlier proposals for appending signatures to kernel modules would not be
useful in Chrome OS, since it would involve adding an additional set of
keys to our kernel and builds for no good reason: we already trust the
contents of our root filesystem. We don't need to verify those kernel
modules a second time. Having to do signature checking on module loading
would slow us down and be redundant. All we need to know is where a
module is coming from so we can say yes/no to loading it.
If a file descriptor is used as the source of a kernel module, many more
things can be reasoned about. In Chrome OS's case, we could enforce that
the module lives on the filesystem we expect it to live on. In the case
of IMA (or other LSMs), it would be possible, for example, to examine
extended attributes that may contain signatures over the contents of
the module.
This introduces a new syscall (on x86), similar to init_module, that has
only two arguments. The first argument is used as a file descriptor to
the module and the second argument is a pointer to the NULL terminated
string of module arguments.
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (merge fixes)
2012-10-16 07:31:07 +10:30
static int module_sig_check ( struct load_info * info )
2012-09-26 10:09:40 +01:00
{
return 0 ;
}
# endif /* !CONFIG_MODULE_SIG */
module: add syscall to load module from fd
As part of the effort to create a stronger boundary between root and
kernel, Chrome OS wants to be able to enforce that kernel modules are
being loaded only from our read-only crypto-hash verified (dm_verity)
root filesystem. Since the init_module syscall hands the kernel a module
as a memory blob, no reasoning about the origin of the blob can be made.
Earlier proposals for appending signatures to kernel modules would not be
useful in Chrome OS, since it would involve adding an additional set of
keys to our kernel and builds for no good reason: we already trust the
contents of our root filesystem. We don't need to verify those kernel
modules a second time. Having to do signature checking on module loading
would slow us down and be redundant. All we need to know is where a
module is coming from so we can say yes/no to loading it.
If a file descriptor is used as the source of a kernel module, many more
things can be reasoned about. In Chrome OS's case, we could enforce that
the module lives on the filesystem we expect it to live on. In the case
of IMA (or other LSMs), it would be possible, for example, to examine
extended attributes that may contain signatures over the contents of
the module.
This introduces a new syscall (on x86), similar to init_module, that has
only two arguments. The first argument is used as a file descriptor to
the module and the second argument is a pointer to the NULL terminated
string of module arguments.
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (merge fixes)
2012-10-16 07:31:07 +10:30
/* Sanity checks against invalid binaries, wrong arch, weird elf version. */
static int elf_header_check ( struct load_info * info )
2010-08-05 12:59:03 -06:00
{
module: add syscall to load module from fd
As part of the effort to create a stronger boundary between root and
kernel, Chrome OS wants to be able to enforce that kernel modules are
being loaded only from our read-only crypto-hash verified (dm_verity)
root filesystem. Since the init_module syscall hands the kernel a module
as a memory blob, no reasoning about the origin of the blob can be made.
Earlier proposals for appending signatures to kernel modules would not be
useful in Chrome OS, since it would involve adding an additional set of
keys to our kernel and builds for no good reason: we already trust the
contents of our root filesystem. We don't need to verify those kernel
modules a second time. Having to do signature checking on module loading
would slow us down and be redundant. All we need to know is where a
module is coming from so we can say yes/no to loading it.
If a file descriptor is used as the source of a kernel module, many more
things can be reasoned about. In Chrome OS's case, we could enforce that
the module lives on the filesystem we expect it to live on. In the case
of IMA (or other LSMs), it would be possible, for example, to examine
extended attributes that may contain signatures over the contents of
the module.
This introduces a new syscall (on x86), similar to init_module, that has
only two arguments. The first argument is used as a file descriptor to
the module and the second argument is a pointer to the NULL terminated
string of module arguments.
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (merge fixes)
2012-10-16 07:31:07 +10:30
if ( info - > len < sizeof ( * ( info - > hdr ) ) )
return - ENOEXEC ;
if ( memcmp ( info - > hdr - > e_ident , ELFMAG , SELFMAG ) ! = 0
| | info - > hdr - > e_type ! = ET_REL
| | ! elf_check_arch ( info - > hdr )
| | info - > hdr - > e_shentsize ! = sizeof ( Elf_Shdr ) )
return - ENOEXEC ;
if ( info - > hdr - > e_shoff > = info - > len
| | ( info - > hdr - > e_shnum * sizeof ( Elf_Shdr ) >
info - > len - info - > hdr - > e_shoff ) )
return - ENOEXEC ;
2010-08-05 12:59:03 -06:00
module: add syscall to load module from fd
As part of the effort to create a stronger boundary between root and
kernel, Chrome OS wants to be able to enforce that kernel modules are
being loaded only from our read-only crypto-hash verified (dm_verity)
root filesystem. Since the init_module syscall hands the kernel a module
as a memory blob, no reasoning about the origin of the blob can be made.
Earlier proposals for appending signatures to kernel modules would not be
useful in Chrome OS, since it would involve adding an additional set of
keys to our kernel and builds for no good reason: we already trust the
contents of our root filesystem. We don't need to verify those kernel
modules a second time. Having to do signature checking on module loading
would slow us down and be redundant. All we need to know is where a
module is coming from so we can say yes/no to loading it.
If a file descriptor is used as the source of a kernel module, many more
things can be reasoned about. In Chrome OS's case, we could enforce that
the module lives on the filesystem we expect it to live on. In the case
of IMA (or other LSMs), it would be possible, for example, to examine
extended attributes that may contain signatures over the contents of
the module.
This introduces a new syscall (on x86), similar to init_module, that has
only two arguments. The first argument is used as a file descriptor to
the module and the second argument is a pointer to the NULL terminated
string of module arguments.
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (merge fixes)
2012-10-16 07:31:07 +10:30
return 0 ;
}
/* Sets info->hdr and info->len. */
static int copy_module_from_user ( const void __user * umod , unsigned long len ,
struct load_info * info )
2010-08-05 12:59:03 -06:00
{
int err ;
module: add syscall to load module from fd
As part of the effort to create a stronger boundary between root and
kernel, Chrome OS wants to be able to enforce that kernel modules are
being loaded only from our read-only crypto-hash verified (dm_verity)
root filesystem. Since the init_module syscall hands the kernel a module
as a memory blob, no reasoning about the origin of the blob can be made.
Earlier proposals for appending signatures to kernel modules would not be
useful in Chrome OS, since it would involve adding an additional set of
keys to our kernel and builds for no good reason: we already trust the
contents of our root filesystem. We don't need to verify those kernel
modules a second time. Having to do signature checking on module loading
would slow us down and be redundant. All we need to know is where a
module is coming from so we can say yes/no to loading it.
If a file descriptor is used as the source of a kernel module, many more
things can be reasoned about. In Chrome OS's case, we could enforce that
the module lives on the filesystem we expect it to live on. In the case
of IMA (or other LSMs), it would be possible, for example, to examine
extended attributes that may contain signatures over the contents of
the module.
This introduces a new syscall (on x86), similar to init_module, that has
only two arguments. The first argument is used as a file descriptor to
the module and the second argument is a pointer to the NULL terminated
string of module arguments.
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (merge fixes)
2012-10-16 07:31:07 +10:30
info - > len = len ;
if ( info - > len < sizeof ( * ( info - > hdr ) ) )
2010-08-05 12:59:03 -06:00
return - ENOEXEC ;
2012-10-16 07:32:07 +10:30
err = security_kernel_module_from_file ( NULL ) ;
if ( err )
return err ;
2010-08-05 12:59:03 -06:00
/* Suck in entire file: we'll want most of it. */
module: add syscall to load module from fd
As part of the effort to create a stronger boundary between root and
kernel, Chrome OS wants to be able to enforce that kernel modules are
being loaded only from our read-only crypto-hash verified (dm_verity)
root filesystem. Since the init_module syscall hands the kernel a module
as a memory blob, no reasoning about the origin of the blob can be made.
Earlier proposals for appending signatures to kernel modules would not be
useful in Chrome OS, since it would involve adding an additional set of
keys to our kernel and builds for no good reason: we already trust the
contents of our root filesystem. We don't need to verify those kernel
modules a second time. Having to do signature checking on module loading
would slow us down and be redundant. All we need to know is where a
module is coming from so we can say yes/no to loading it.
If a file descriptor is used as the source of a kernel module, many more
things can be reasoned about. In Chrome OS's case, we could enforce that
the module lives on the filesystem we expect it to live on. In the case
of IMA (or other LSMs), it would be possible, for example, to examine
extended attributes that may contain signatures over the contents of
the module.
This introduces a new syscall (on x86), similar to init_module, that has
only two arguments. The first argument is used as a file descriptor to
the module and the second argument is a pointer to the NULL terminated
string of module arguments.
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (merge fixes)
2012-10-16 07:31:07 +10:30
info - > hdr = vmalloc ( info - > len ) ;
if ( ! info - > hdr )
2010-08-05 12:59:03 -06:00
return - ENOMEM ;
module: add syscall to load module from fd
As part of the effort to create a stronger boundary between root and
kernel, Chrome OS wants to be able to enforce that kernel modules are
being loaded only from our read-only crypto-hash verified (dm_verity)
root filesystem. Since the init_module syscall hands the kernel a module
as a memory blob, no reasoning about the origin of the blob can be made.
Earlier proposals for appending signatures to kernel modules would not be
useful in Chrome OS, since it would involve adding an additional set of
keys to our kernel and builds for no good reason: we already trust the
contents of our root filesystem. We don't need to verify those kernel
modules a second time. Having to do signature checking on module loading
would slow us down and be redundant. All we need to know is where a
module is coming from so we can say yes/no to loading it.
If a file descriptor is used as the source of a kernel module, many more
things can be reasoned about. In Chrome OS's case, we could enforce that
the module lives on the filesystem we expect it to live on. In the case
of IMA (or other LSMs), it would be possible, for example, to examine
extended attributes that may contain signatures over the contents of
the module.
This introduces a new syscall (on x86), similar to init_module, that has
only two arguments. The first argument is used as a file descriptor to
the module and the second argument is a pointer to the NULL terminated
string of module arguments.
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (merge fixes)
2012-10-16 07:31:07 +10:30
if ( copy_from_user ( info - > hdr , umod , info - > len ) ! = 0 ) {
vfree ( info - > hdr ) ;
return - EFAULT ;
2010-08-05 12:59:03 -06:00
}
module: add syscall to load module from fd
As part of the effort to create a stronger boundary between root and
kernel, Chrome OS wants to be able to enforce that kernel modules are
being loaded only from our read-only crypto-hash verified (dm_verity)
root filesystem. Since the init_module syscall hands the kernel a module
as a memory blob, no reasoning about the origin of the blob can be made.
Earlier proposals for appending signatures to kernel modules would not be
useful in Chrome OS, since it would involve adding an additional set of
keys to our kernel and builds for no good reason: we already trust the
contents of our root filesystem. We don't need to verify those kernel
modules a second time. Having to do signature checking on module loading
would slow us down and be redundant. All we need to know is where a
module is coming from so we can say yes/no to loading it.
If a file descriptor is used as the source of a kernel module, many more
things can be reasoned about. In Chrome OS's case, we could enforce that
the module lives on the filesystem we expect it to live on. In the case
of IMA (or other LSMs), it would be possible, for example, to examine
extended attributes that may contain signatures over the contents of
the module.
This introduces a new syscall (on x86), similar to init_module, that has
only two arguments. The first argument is used as a file descriptor to
the module and the second argument is a pointer to the NULL terminated
string of module arguments.
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (merge fixes)
2012-10-16 07:31:07 +10:30
return 0 ;
}
/* Sets info->hdr and info->len. */
static int copy_module_from_fd ( int fd , struct load_info * info )
{
2013-08-30 12:41:41 -04:00
struct fd f = fdget ( fd ) ;
module: add syscall to load module from fd
As part of the effort to create a stronger boundary between root and
kernel, Chrome OS wants to be able to enforce that kernel modules are
being loaded only from our read-only crypto-hash verified (dm_verity)
root filesystem. Since the init_module syscall hands the kernel a module
as a memory blob, no reasoning about the origin of the blob can be made.
Earlier proposals for appending signatures to kernel modules would not be
useful in Chrome OS, since it would involve adding an additional set of
keys to our kernel and builds for no good reason: we already trust the
contents of our root filesystem. We don't need to verify those kernel
modules a second time. Having to do signature checking on module loading
would slow us down and be redundant. All we need to know is where a
module is coming from so we can say yes/no to loading it.
If a file descriptor is used as the source of a kernel module, many more
things can be reasoned about. In Chrome OS's case, we could enforce that
the module lives on the filesystem we expect it to live on. In the case
of IMA (or other LSMs), it would be possible, for example, to examine
extended attributes that may contain signatures over the contents of
the module.
This introduces a new syscall (on x86), similar to init_module, that has
only two arguments. The first argument is used as a file descriptor to
the module and the second argument is a pointer to the NULL terminated
string of module arguments.
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (merge fixes)
2012-10-16 07:31:07 +10:30
int err ;
struct kstat stat ;
loff_t pos ;
ssize_t bytes = 0 ;
2013-08-30 12:41:41 -04:00
if ( ! f . file )
module: add syscall to load module from fd
As part of the effort to create a stronger boundary between root and
kernel, Chrome OS wants to be able to enforce that kernel modules are
being loaded only from our read-only crypto-hash verified (dm_verity)
root filesystem. Since the init_module syscall hands the kernel a module
as a memory blob, no reasoning about the origin of the blob can be made.
Earlier proposals for appending signatures to kernel modules would not be
useful in Chrome OS, since it would involve adding an additional set of
keys to our kernel and builds for no good reason: we already trust the
contents of our root filesystem. We don't need to verify those kernel
modules a second time. Having to do signature checking on module loading
would slow us down and be redundant. All we need to know is where a
module is coming from so we can say yes/no to loading it.
If a file descriptor is used as the source of a kernel module, many more
things can be reasoned about. In Chrome OS's case, we could enforce that
the module lives on the filesystem we expect it to live on. In the case
of IMA (or other LSMs), it would be possible, for example, to examine
extended attributes that may contain signatures over the contents of
the module.
This introduces a new syscall (on x86), similar to init_module, that has
only two arguments. The first argument is used as a file descriptor to
the module and the second argument is a pointer to the NULL terminated
string of module arguments.
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (merge fixes)
2012-10-16 07:31:07 +10:30
return - ENOEXEC ;
2013-08-30 12:41:41 -04:00
err = security_kernel_module_from_file ( f . file ) ;
2012-09-26 10:09:40 +01:00
if ( err )
2012-10-16 07:32:07 +10:30
goto out ;
2012-09-26 10:09:40 +01:00
2013-08-30 12:41:41 -04:00
err = vfs_getattr ( & f . file - > f_path , & stat ) ;
2012-09-26 10:09:40 +01:00
if ( err )
module: add syscall to load module from fd
As part of the effort to create a stronger boundary between root and
kernel, Chrome OS wants to be able to enforce that kernel modules are
being loaded only from our read-only crypto-hash verified (dm_verity)
root filesystem. Since the init_module syscall hands the kernel a module
as a memory blob, no reasoning about the origin of the blob can be made.
Earlier proposals for appending signatures to kernel modules would not be
useful in Chrome OS, since it would involve adding an additional set of
keys to our kernel and builds for no good reason: we already trust the
contents of our root filesystem. We don't need to verify those kernel
modules a second time. Having to do signature checking on module loading
would slow us down and be redundant. All we need to know is where a
module is coming from so we can say yes/no to loading it.
If a file descriptor is used as the source of a kernel module, many more
things can be reasoned about. In Chrome OS's case, we could enforce that
the module lives on the filesystem we expect it to live on. In the case
of IMA (or other LSMs), it would be possible, for example, to examine
extended attributes that may contain signatures over the contents of
the module.
This introduces a new syscall (on x86), similar to init_module, that has
only two arguments. The first argument is used as a file descriptor to
the module and the second argument is a pointer to the NULL terminated
string of module arguments.
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (merge fixes)
2012-10-16 07:31:07 +10:30
goto out ;
2010-08-05 12:59:03 -06:00
module: add syscall to load module from fd
As part of the effort to create a stronger boundary between root and
kernel, Chrome OS wants to be able to enforce that kernel modules are
being loaded only from our read-only crypto-hash verified (dm_verity)
root filesystem. Since the init_module syscall hands the kernel a module
as a memory blob, no reasoning about the origin of the blob can be made.
Earlier proposals for appending signatures to kernel modules would not be
useful in Chrome OS, since it would involve adding an additional set of
keys to our kernel and builds for no good reason: we already trust the
contents of our root filesystem. We don't need to verify those kernel
modules a second time. Having to do signature checking on module loading
would slow us down and be redundant. All we need to know is where a
module is coming from so we can say yes/no to loading it.
If a file descriptor is used as the source of a kernel module, many more
things can be reasoned about. In Chrome OS's case, we could enforce that
the module lives on the filesystem we expect it to live on. In the case
of IMA (or other LSMs), it would be possible, for example, to examine
extended attributes that may contain signatures over the contents of
the module.
This introduces a new syscall (on x86), similar to init_module, that has
only two arguments. The first argument is used as a file descriptor to
the module and the second argument is a pointer to the NULL terminated
string of module arguments.
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (merge fixes)
2012-10-16 07:31:07 +10:30
if ( stat . size > INT_MAX ) {
err = - EFBIG ;
goto out ;
2010-08-05 12:59:03 -06:00
}
2013-01-03 11:09:53 +10:30
/* Don't hand 0 to vmalloc, it whines. */
if ( stat . size = = 0 ) {
err = - EINVAL ;
goto out ;
}
module: add syscall to load module from fd
As part of the effort to create a stronger boundary between root and
kernel, Chrome OS wants to be able to enforce that kernel modules are
being loaded only from our read-only crypto-hash verified (dm_verity)
root filesystem. Since the init_module syscall hands the kernel a module
as a memory blob, no reasoning about the origin of the blob can be made.
Earlier proposals for appending signatures to kernel modules would not be
useful in Chrome OS, since it would involve adding an additional set of
keys to our kernel and builds for no good reason: we already trust the
contents of our root filesystem. We don't need to verify those kernel
modules a second time. Having to do signature checking on module loading
would slow us down and be redundant. All we need to know is where a
module is coming from so we can say yes/no to loading it.
If a file descriptor is used as the source of a kernel module, many more
things can be reasoned about. In Chrome OS's case, we could enforce that
the module lives on the filesystem we expect it to live on. In the case
of IMA (or other LSMs), it would be possible, for example, to examine
extended attributes that may contain signatures over the contents of
the module.
This introduces a new syscall (on x86), similar to init_module, that has
only two arguments. The first argument is used as a file descriptor to
the module and the second argument is a pointer to the NULL terminated
string of module arguments.
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (merge fixes)
2012-10-16 07:31:07 +10:30
info - > hdr = vmalloc ( stat . size ) ;
if ( ! info - > hdr ) {
err = - ENOMEM ;
goto out ;
2010-08-05 12:59:03 -06:00
}
2010-08-05 12:59:08 -06:00
module: add syscall to load module from fd
As part of the effort to create a stronger boundary between root and
kernel, Chrome OS wants to be able to enforce that kernel modules are
being loaded only from our read-only crypto-hash verified (dm_verity)
root filesystem. Since the init_module syscall hands the kernel a module
as a memory blob, no reasoning about the origin of the blob can be made.
Earlier proposals for appending signatures to kernel modules would not be
useful in Chrome OS, since it would involve adding an additional set of
keys to our kernel and builds for no good reason: we already trust the
contents of our root filesystem. We don't need to verify those kernel
modules a second time. Having to do signature checking on module loading
would slow us down and be redundant. All we need to know is where a
module is coming from so we can say yes/no to loading it.
If a file descriptor is used as the source of a kernel module, many more
things can be reasoned about. In Chrome OS's case, we could enforce that
the module lives on the filesystem we expect it to live on. In the case
of IMA (or other LSMs), it would be possible, for example, to examine
extended attributes that may contain signatures over the contents of
the module.
This introduces a new syscall (on x86), similar to init_module, that has
only two arguments. The first argument is used as a file descriptor to
the module and the second argument is a pointer to the NULL terminated
string of module arguments.
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (merge fixes)
2012-10-16 07:31:07 +10:30
pos = 0 ;
while ( pos < stat . size ) {
2013-08-30 12:41:41 -04:00
bytes = kernel_read ( f . file , pos , ( char * ) ( info - > hdr ) + pos ,
module: add syscall to load module from fd
As part of the effort to create a stronger boundary between root and
kernel, Chrome OS wants to be able to enforce that kernel modules are
being loaded only from our read-only crypto-hash verified (dm_verity)
root filesystem. Since the init_module syscall hands the kernel a module
as a memory blob, no reasoning about the origin of the blob can be made.
Earlier proposals for appending signatures to kernel modules would not be
useful in Chrome OS, since it would involve adding an additional set of
keys to our kernel and builds for no good reason: we already trust the
contents of our root filesystem. We don't need to verify those kernel
modules a second time. Having to do signature checking on module loading
would slow us down and be redundant. All we need to know is where a
module is coming from so we can say yes/no to loading it.
If a file descriptor is used as the source of a kernel module, many more
things can be reasoned about. In Chrome OS's case, we could enforce that
the module lives on the filesystem we expect it to live on. In the case
of IMA (or other LSMs), it would be possible, for example, to examine
extended attributes that may contain signatures over the contents of
the module.
This introduces a new syscall (on x86), similar to init_module, that has
only two arguments. The first argument is used as a file descriptor to
the module and the second argument is a pointer to the NULL terminated
string of module arguments.
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (merge fixes)
2012-10-16 07:31:07 +10:30
stat . size - pos ) ;
if ( bytes < 0 ) {
vfree ( info - > hdr ) ;
err = bytes ;
goto out ;
}
if ( bytes = = 0 )
break ;
pos + = bytes ;
}
info - > len = pos ;
2010-08-05 12:59:03 -06:00
module: add syscall to load module from fd
As part of the effort to create a stronger boundary between root and
kernel, Chrome OS wants to be able to enforce that kernel modules are
being loaded only from our read-only crypto-hash verified (dm_verity)
root filesystem. Since the init_module syscall hands the kernel a module
as a memory blob, no reasoning about the origin of the blob can be made.
Earlier proposals for appending signatures to kernel modules would not be
useful in Chrome OS, since it would involve adding an additional set of
keys to our kernel and builds for no good reason: we already trust the
contents of our root filesystem. We don't need to verify those kernel
modules a second time. Having to do signature checking on module loading
would slow us down and be redundant. All we need to know is where a
module is coming from so we can say yes/no to loading it.
If a file descriptor is used as the source of a kernel module, many more
things can be reasoned about. In Chrome OS's case, we could enforce that
the module lives on the filesystem we expect it to live on. In the case
of IMA (or other LSMs), it would be possible, for example, to examine
extended attributes that may contain signatures over the contents of
the module.
This introduces a new syscall (on x86), similar to init_module, that has
only two arguments. The first argument is used as a file descriptor to
the module and the second argument is a pointer to the NULL terminated
string of module arguments.
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (merge fixes)
2012-10-16 07:31:07 +10:30
out :
2013-08-30 12:41:41 -04:00
fdput ( f ) ;
2010-08-05 12:59:03 -06:00
return err ;
}
2010-08-05 12:59:08 -06:00
static void free_copy ( struct load_info * info )
{
vfree ( info - > hdr ) ;
}
2012-10-22 18:09:41 +10:30
static int rewrite_section_headers ( struct load_info * info , int flags )
2010-08-05 12:59:06 -06:00
{
unsigned int i ;
/* This should always be true, but let's be sure. */
info - > sechdrs [ 0 ] . sh_addr = 0 ;
for ( i = 1 ; i < info - > hdr - > e_shnum ; i + + ) {
Elf_Shdr * shdr = & info - > sechdrs [ i ] ;
if ( shdr - > sh_type ! = SHT_NOBITS
& & info - > len < shdr - > sh_offset + shdr - > sh_size ) {
2013-11-12 15:11:28 -08:00
pr_err ( " Module len %lu truncated \n " , info - > len ) ;
2010-08-05 12:59:06 -06:00
return - ENOEXEC ;
}
/* Mark all sections sh_addr with their address in the
temporary image . */
shdr - > sh_addr = ( size_t ) info - > hdr + shdr - > sh_offset ;
# ifndef CONFIG_MODULE_UNLOAD
/* Don't load .exit sections */
if ( strstarts ( info - > secstrings + shdr - > sh_name , " .exit " ) )
shdr - > sh_flags & = ~ ( unsigned long ) SHF_ALLOC ;
# endif
}
2010-08-05 12:59:07 -06:00
/* Track but don't keep modinfo and version sections. */
2012-10-22 18:09:41 +10:30
if ( flags & MODULE_INIT_IGNORE_MODVERSIONS )
info - > index . vers = 0 ; /* Pretend no __versions section! */
else
info - > index . vers = find_sec ( info , " __versions " ) ;
2010-08-05 12:59:10 -06:00
info - > index . info = find_sec ( info , " .modinfo " ) ;
2010-08-05 12:59:07 -06:00
info - > sechdrs [ info - > index . info ] . sh_flags & = ~ ( unsigned long ) SHF_ALLOC ;
info - > sechdrs [ info - > index . vers ] . sh_flags & = ~ ( unsigned long ) SHF_ALLOC ;
2010-08-05 12:59:06 -06:00
return 0 ;
}
module: add load_info
Btw, here's a patch that _looks_ large, but it really pretty trivial, and
sets things up so that it would be way easier to split off pieces of the
module loading.
The reason it looks large is that it creates a "module_info" structure
that contains all the module state that we're building up while loading,
instead of having individual variables for all the indices etc.
So the patch ends up being large, because every "symindex" access instead
becomes "info.index.sym" etc. That may be a few characters longer, but it
then means that we can just pass a pointer to that "info" structure
around. and let all the pieces fill it in very naturally.
As an example of that, the patch also moves the initialization of all
those convenience variables into a "setup_module_info()" function. And at
this point it really does become very natural to start to peel off some of
the error labels and move them into the helper functions - now the
"truncated" case is gone, and is handled inside that setup function
instead.
So maybe you don't like this approach, and it does make the variable
accesses a bit longer, but I don't think unreadably so. And the patch
really does look big and scary, but there really should be absolutely no
semantic changes - most of it was a trivial and mindless rename.
In fact, it was so mindless that I on purpose kept the existing helper
functions looking like this:
- err = check_modinfo(mod, sechdrs, infoindex, versindex);
+ err = check_modinfo(mod, info.sechdrs, info.index.info, info.index.vers);
rather than changing them to just take the "info" pointer. IOW, a second
phase (if you think the approach is ok) would change that calling
convention to just do
err = check_modinfo(mod, &info);
(and same for "layout_sections()", "layout_symtabs()" etc.) Similarly,
while right now it makes things _look_ bigger, with things like this:
versindex = find_sec(hdr, sechdrs, secstrings, "__versions");
becoming
info->index.vers = find_sec(info->hdr, info->sechdrs, info->secstrings, "__versions");
in the new "setup_module_info()" function, that's again just a result of
it being a search-and-replace patch. By using the 'info' pointer, we could
just change the 'find_sec()' interface so that it ends up being
info->index.vers = find_sec(info, "__versions");
instead, and then we'd actually have a shorter and more readable line. So
for a lot of those mindless variable name expansions there's would be room
for separate cleanups.
I didn't move quite everything in there - if we do this to layout_symtabs,
for example, we'd want to move the percpu, symoffs, stroffs, *strmap
variables to be fields in that module_info structure too. But that's a
much smaller patch, I moved just the really core stuff that is currently
being set up and used in various parts.
But even in this rough form, it removes close to 70 lines from that
function (but adds 22 lines overall, of course - the structure definition,
the helper function declarations and call-sites etc etc).
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2010-06-02 11:01:06 -07:00
/*
* Set up our basic convenience variables ( pointers to section headers ,
* search for module section index etc ) , and do some basic section
* verification .
*
* Return the temporary module pointer ( we ' ll replace it with the final
* one when we move the module sections around ) .
*/
2012-10-22 18:09:41 +10:30
static struct module * setup_load_info ( struct load_info * info , int flags )
module: add load_info
Btw, here's a patch that _looks_ large, but it really pretty trivial, and
sets things up so that it would be way easier to split off pieces of the
module loading.
The reason it looks large is that it creates a "module_info" structure
that contains all the module state that we're building up while loading,
instead of having individual variables for all the indices etc.
So the patch ends up being large, because every "symindex" access instead
becomes "info.index.sym" etc. That may be a few characters longer, but it
then means that we can just pass a pointer to that "info" structure
around. and let all the pieces fill it in very naturally.
As an example of that, the patch also moves the initialization of all
those convenience variables into a "setup_module_info()" function. And at
this point it really does become very natural to start to peel off some of
the error labels and move them into the helper functions - now the
"truncated" case is gone, and is handled inside that setup function
instead.
So maybe you don't like this approach, and it does make the variable
accesses a bit longer, but I don't think unreadably so. And the patch
really does look big and scary, but there really should be absolutely no
semantic changes - most of it was a trivial and mindless rename.
In fact, it was so mindless that I on purpose kept the existing helper
functions looking like this:
- err = check_modinfo(mod, sechdrs, infoindex, versindex);
+ err = check_modinfo(mod, info.sechdrs, info.index.info, info.index.vers);
rather than changing them to just take the "info" pointer. IOW, a second
phase (if you think the approach is ok) would change that calling
convention to just do
err = check_modinfo(mod, &info);
(and same for "layout_sections()", "layout_symtabs()" etc.) Similarly,
while right now it makes things _look_ bigger, with things like this:
versindex = find_sec(hdr, sechdrs, secstrings, "__versions");
becoming
info->index.vers = find_sec(info->hdr, info->sechdrs, info->secstrings, "__versions");
in the new "setup_module_info()" function, that's again just a result of
it being a search-and-replace patch. By using the 'info' pointer, we could
just change the 'find_sec()' interface so that it ends up being
info->index.vers = find_sec(info, "__versions");
instead, and then we'd actually have a shorter and more readable line. So
for a lot of those mindless variable name expansions there's would be room
for separate cleanups.
I didn't move quite everything in there - if we do this to layout_symtabs,
for example, we'd want to move the percpu, symoffs, stroffs, *strmap
variables to be fields in that module_info structure too. But that's a
much smaller patch, I moved just the really core stuff that is currently
being set up and used in various parts.
But even in this rough form, it removes close to 70 lines from that
function (but adds 22 lines overall, of course - the structure definition,
the helper function declarations and call-sites etc etc).
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2010-06-02 11:01:06 -07:00
{
unsigned int i ;
2010-08-05 12:59:06 -06:00
int err ;
module: add load_info
Btw, here's a patch that _looks_ large, but it really pretty trivial, and
sets things up so that it would be way easier to split off pieces of the
module loading.
The reason it looks large is that it creates a "module_info" structure
that contains all the module state that we're building up while loading,
instead of having individual variables for all the indices etc.
So the patch ends up being large, because every "symindex" access instead
becomes "info.index.sym" etc. That may be a few characters longer, but it
then means that we can just pass a pointer to that "info" structure
around. and let all the pieces fill it in very naturally.
As an example of that, the patch also moves the initialization of all
those convenience variables into a "setup_module_info()" function. And at
this point it really does become very natural to start to peel off some of
the error labels and move them into the helper functions - now the
"truncated" case is gone, and is handled inside that setup function
instead.
So maybe you don't like this approach, and it does make the variable
accesses a bit longer, but I don't think unreadably so. And the patch
really does look big and scary, but there really should be absolutely no
semantic changes - most of it was a trivial and mindless rename.
In fact, it was so mindless that I on purpose kept the existing helper
functions looking like this:
- err = check_modinfo(mod, sechdrs, infoindex, versindex);
+ err = check_modinfo(mod, info.sechdrs, info.index.info, info.index.vers);
rather than changing them to just take the "info" pointer. IOW, a second
phase (if you think the approach is ok) would change that calling
convention to just do
err = check_modinfo(mod, &info);
(and same for "layout_sections()", "layout_symtabs()" etc.) Similarly,
while right now it makes things _look_ bigger, with things like this:
versindex = find_sec(hdr, sechdrs, secstrings, "__versions");
becoming
info->index.vers = find_sec(info->hdr, info->sechdrs, info->secstrings, "__versions");
in the new "setup_module_info()" function, that's again just a result of
it being a search-and-replace patch. By using the 'info' pointer, we could
just change the 'find_sec()' interface so that it ends up being
info->index.vers = find_sec(info, "__versions");
instead, and then we'd actually have a shorter and more readable line. So
for a lot of those mindless variable name expansions there's would be room
for separate cleanups.
I didn't move quite everything in there - if we do this to layout_symtabs,
for example, we'd want to move the percpu, symoffs, stroffs, *strmap
variables to be fields in that module_info structure too. But that's a
much smaller patch, I moved just the really core stuff that is currently
being set up and used in various parts.
But even in this rough form, it removes close to 70 lines from that
function (but adds 22 lines overall, of course - the structure definition,
the helper function declarations and call-sites etc etc).
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2010-06-02 11:01:06 -07:00
struct module * mod ;
/* Set up the convenience variables */
info - > sechdrs = ( void * ) info - > hdr + info - > hdr - > e_shoff ;
2010-08-05 12:59:06 -06:00
info - > secstrings = ( void * ) info - > hdr
+ info - > sechdrs [ info - > hdr - > e_shstrndx ] . sh_offset ;
module: add load_info
Btw, here's a patch that _looks_ large, but it really pretty trivial, and
sets things up so that it would be way easier to split off pieces of the
module loading.
The reason it looks large is that it creates a "module_info" structure
that contains all the module state that we're building up while loading,
instead of having individual variables for all the indices etc.
So the patch ends up being large, because every "symindex" access instead
becomes "info.index.sym" etc. That may be a few characters longer, but it
then means that we can just pass a pointer to that "info" structure
around. and let all the pieces fill it in very naturally.
As an example of that, the patch also moves the initialization of all
those convenience variables into a "setup_module_info()" function. And at
this point it really does become very natural to start to peel off some of
the error labels and move them into the helper functions - now the
"truncated" case is gone, and is handled inside that setup function
instead.
So maybe you don't like this approach, and it does make the variable
accesses a bit longer, but I don't think unreadably so. And the patch
really does look big and scary, but there really should be absolutely no
semantic changes - most of it was a trivial and mindless rename.
In fact, it was so mindless that I on purpose kept the existing helper
functions looking like this:
- err = check_modinfo(mod, sechdrs, infoindex, versindex);
+ err = check_modinfo(mod, info.sechdrs, info.index.info, info.index.vers);
rather than changing them to just take the "info" pointer. IOW, a second
phase (if you think the approach is ok) would change that calling
convention to just do
err = check_modinfo(mod, &info);
(and same for "layout_sections()", "layout_symtabs()" etc.) Similarly,
while right now it makes things _look_ bigger, with things like this:
versindex = find_sec(hdr, sechdrs, secstrings, "__versions");
becoming
info->index.vers = find_sec(info->hdr, info->sechdrs, info->secstrings, "__versions");
in the new "setup_module_info()" function, that's again just a result of
it being a search-and-replace patch. By using the 'info' pointer, we could
just change the 'find_sec()' interface so that it ends up being
info->index.vers = find_sec(info, "__versions");
instead, and then we'd actually have a shorter and more readable line. So
for a lot of those mindless variable name expansions there's would be room
for separate cleanups.
I didn't move quite everything in there - if we do this to layout_symtabs,
for example, we'd want to move the percpu, symoffs, stroffs, *strmap
variables to be fields in that module_info structure too. But that's a
much smaller patch, I moved just the really core stuff that is currently
being set up and used in various parts.
But even in this rough form, it removes close to 70 lines from that
function (but adds 22 lines overall, of course - the structure definition,
the helper function declarations and call-sites etc etc).
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2010-06-02 11:01:06 -07:00
2012-10-22 18:09:41 +10:30
err = rewrite_section_headers ( info , flags ) ;
2010-08-05 12:59:06 -06:00
if ( err )
return ERR_PTR ( err ) ;
module: add load_info
Btw, here's a patch that _looks_ large, but it really pretty trivial, and
sets things up so that it would be way easier to split off pieces of the
module loading.
The reason it looks large is that it creates a "module_info" structure
that contains all the module state that we're building up while loading,
instead of having individual variables for all the indices etc.
So the patch ends up being large, because every "symindex" access instead
becomes "info.index.sym" etc. That may be a few characters longer, but it
then means that we can just pass a pointer to that "info" structure
around. and let all the pieces fill it in very naturally.
As an example of that, the patch also moves the initialization of all
those convenience variables into a "setup_module_info()" function. And at
this point it really does become very natural to start to peel off some of
the error labels and move them into the helper functions - now the
"truncated" case is gone, and is handled inside that setup function
instead.
So maybe you don't like this approach, and it does make the variable
accesses a bit longer, but I don't think unreadably so. And the patch
really does look big and scary, but there really should be absolutely no
semantic changes - most of it was a trivial and mindless rename.
In fact, it was so mindless that I on purpose kept the existing helper
functions looking like this:
- err = check_modinfo(mod, sechdrs, infoindex, versindex);
+ err = check_modinfo(mod, info.sechdrs, info.index.info, info.index.vers);
rather than changing them to just take the "info" pointer. IOW, a second
phase (if you think the approach is ok) would change that calling
convention to just do
err = check_modinfo(mod, &info);
(and same for "layout_sections()", "layout_symtabs()" etc.) Similarly,
while right now it makes things _look_ bigger, with things like this:
versindex = find_sec(hdr, sechdrs, secstrings, "__versions");
becoming
info->index.vers = find_sec(info->hdr, info->sechdrs, info->secstrings, "__versions");
in the new "setup_module_info()" function, that's again just a result of
it being a search-and-replace patch. By using the 'info' pointer, we could
just change the 'find_sec()' interface so that it ends up being
info->index.vers = find_sec(info, "__versions");
instead, and then we'd actually have a shorter and more readable line. So
for a lot of those mindless variable name expansions there's would be room
for separate cleanups.
I didn't move quite everything in there - if we do this to layout_symtabs,
for example, we'd want to move the percpu, symoffs, stroffs, *strmap
variables to be fields in that module_info structure too. But that's a
much smaller patch, I moved just the really core stuff that is currently
being set up and used in various parts.
But even in this rough form, it removes close to 70 lines from that
function (but adds 22 lines overall, of course - the structure definition,
the helper function declarations and call-sites etc etc).
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2010-06-02 11:01:06 -07:00
2010-08-05 12:59:06 -06:00
/* Find internal symbols and strings. */
for ( i = 1 ; i < info - > hdr - > e_shnum ; i + + ) {
module: add load_info
Btw, here's a patch that _looks_ large, but it really pretty trivial, and
sets things up so that it would be way easier to split off pieces of the
module loading.
The reason it looks large is that it creates a "module_info" structure
that contains all the module state that we're building up while loading,
instead of having individual variables for all the indices etc.
So the patch ends up being large, because every "symindex" access instead
becomes "info.index.sym" etc. That may be a few characters longer, but it
then means that we can just pass a pointer to that "info" structure
around. and let all the pieces fill it in very naturally.
As an example of that, the patch also moves the initialization of all
those convenience variables into a "setup_module_info()" function. And at
this point it really does become very natural to start to peel off some of
the error labels and move them into the helper functions - now the
"truncated" case is gone, and is handled inside that setup function
instead.
So maybe you don't like this approach, and it does make the variable
accesses a bit longer, but I don't think unreadably so. And the patch
really does look big and scary, but there really should be absolutely no
semantic changes - most of it was a trivial and mindless rename.
In fact, it was so mindless that I on purpose kept the existing helper
functions looking like this:
- err = check_modinfo(mod, sechdrs, infoindex, versindex);
+ err = check_modinfo(mod, info.sechdrs, info.index.info, info.index.vers);
rather than changing them to just take the "info" pointer. IOW, a second
phase (if you think the approach is ok) would change that calling
convention to just do
err = check_modinfo(mod, &info);
(and same for "layout_sections()", "layout_symtabs()" etc.) Similarly,
while right now it makes things _look_ bigger, with things like this:
versindex = find_sec(hdr, sechdrs, secstrings, "__versions");
becoming
info->index.vers = find_sec(info->hdr, info->sechdrs, info->secstrings, "__versions");
in the new "setup_module_info()" function, that's again just a result of
it being a search-and-replace patch. By using the 'info' pointer, we could
just change the 'find_sec()' interface so that it ends up being
info->index.vers = find_sec(info, "__versions");
instead, and then we'd actually have a shorter and more readable line. So
for a lot of those mindless variable name expansions there's would be room
for separate cleanups.
I didn't move quite everything in there - if we do this to layout_symtabs,
for example, we'd want to move the percpu, symoffs, stroffs, *strmap
variables to be fields in that module_info structure too. But that's a
much smaller patch, I moved just the really core stuff that is currently
being set up and used in various parts.
But even in this rough form, it removes close to 70 lines from that
function (but adds 22 lines overall, of course - the structure definition,
the helper function declarations and call-sites etc etc).
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2010-06-02 11:01:06 -07:00
if ( info - > sechdrs [ i ] . sh_type = = SHT_SYMTAB ) {
info - > index . sym = i ;
info - > index . str = info - > sechdrs [ i ] . sh_link ;
2010-08-05 12:59:06 -06:00
info - > strtab = ( char * ) info - > hdr
+ info - > sechdrs [ info - > index . str ] . sh_offset ;
break ;
module: add load_info
Btw, here's a patch that _looks_ large, but it really pretty trivial, and
sets things up so that it would be way easier to split off pieces of the
module loading.
The reason it looks large is that it creates a "module_info" structure
that contains all the module state that we're building up while loading,
instead of having individual variables for all the indices etc.
So the patch ends up being large, because every "symindex" access instead
becomes "info.index.sym" etc. That may be a few characters longer, but it
then means that we can just pass a pointer to that "info" structure
around. and let all the pieces fill it in very naturally.
As an example of that, the patch also moves the initialization of all
those convenience variables into a "setup_module_info()" function. And at
this point it really does become very natural to start to peel off some of
the error labels and move them into the helper functions - now the
"truncated" case is gone, and is handled inside that setup function
instead.
So maybe you don't like this approach, and it does make the variable
accesses a bit longer, but I don't think unreadably so. And the patch
really does look big and scary, but there really should be absolutely no
semantic changes - most of it was a trivial and mindless rename.
In fact, it was so mindless that I on purpose kept the existing helper
functions looking like this:
- err = check_modinfo(mod, sechdrs, infoindex, versindex);
+ err = check_modinfo(mod, info.sechdrs, info.index.info, info.index.vers);
rather than changing them to just take the "info" pointer. IOW, a second
phase (if you think the approach is ok) would change that calling
convention to just do
err = check_modinfo(mod, &info);
(and same for "layout_sections()", "layout_symtabs()" etc.) Similarly,
while right now it makes things _look_ bigger, with things like this:
versindex = find_sec(hdr, sechdrs, secstrings, "__versions");
becoming
info->index.vers = find_sec(info->hdr, info->sechdrs, info->secstrings, "__versions");
in the new "setup_module_info()" function, that's again just a result of
it being a search-and-replace patch. By using the 'info' pointer, we could
just change the 'find_sec()' interface so that it ends up being
info->index.vers = find_sec(info, "__versions");
instead, and then we'd actually have a shorter and more readable line. So
for a lot of those mindless variable name expansions there's would be room
for separate cleanups.
I didn't move quite everything in there - if we do this to layout_symtabs,
for example, we'd want to move the percpu, symoffs, stroffs, *strmap
variables to be fields in that module_info structure too. But that's a
much smaller patch, I moved just the really core stuff that is currently
being set up and used in various parts.
But even in this rough form, it removes close to 70 lines from that
function (but adds 22 lines overall, of course - the structure definition,
the helper function declarations and call-sites etc etc).
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2010-06-02 11:01:06 -07:00
}
}
2010-08-05 12:59:10 -06:00
info - > index . mod = find_sec ( info , " .gnu.linkonce.this_module " ) ;
module: add load_info
Btw, here's a patch that _looks_ large, but it really pretty trivial, and
sets things up so that it would be way easier to split off pieces of the
module loading.
The reason it looks large is that it creates a "module_info" structure
that contains all the module state that we're building up while loading,
instead of having individual variables for all the indices etc.
So the patch ends up being large, because every "symindex" access instead
becomes "info.index.sym" etc. That may be a few characters longer, but it
then means that we can just pass a pointer to that "info" structure
around. and let all the pieces fill it in very naturally.
As an example of that, the patch also moves the initialization of all
those convenience variables into a "setup_module_info()" function. And at
this point it really does become very natural to start to peel off some of
the error labels and move them into the helper functions - now the
"truncated" case is gone, and is handled inside that setup function
instead.
So maybe you don't like this approach, and it does make the variable
accesses a bit longer, but I don't think unreadably so. And the patch
really does look big and scary, but there really should be absolutely no
semantic changes - most of it was a trivial and mindless rename.
In fact, it was so mindless that I on purpose kept the existing helper
functions looking like this:
- err = check_modinfo(mod, sechdrs, infoindex, versindex);
+ err = check_modinfo(mod, info.sechdrs, info.index.info, info.index.vers);
rather than changing them to just take the "info" pointer. IOW, a second
phase (if you think the approach is ok) would change that calling
convention to just do
err = check_modinfo(mod, &info);
(and same for "layout_sections()", "layout_symtabs()" etc.) Similarly,
while right now it makes things _look_ bigger, with things like this:
versindex = find_sec(hdr, sechdrs, secstrings, "__versions");
becoming
info->index.vers = find_sec(info->hdr, info->sechdrs, info->secstrings, "__versions");
in the new "setup_module_info()" function, that's again just a result of
it being a search-and-replace patch. By using the 'info' pointer, we could
just change the 'find_sec()' interface so that it ends up being
info->index.vers = find_sec(info, "__versions");
instead, and then we'd actually have a shorter and more readable line. So
for a lot of those mindless variable name expansions there's would be room
for separate cleanups.
I didn't move quite everything in there - if we do this to layout_symtabs,
for example, we'd want to move the percpu, symoffs, stroffs, *strmap
variables to be fields in that module_info structure too. But that's a
much smaller patch, I moved just the really core stuff that is currently
being set up and used in various parts.
But even in this rough form, it removes close to 70 lines from that
function (but adds 22 lines overall, of course - the structure definition,
the helper function declarations and call-sites etc etc).
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2010-06-02 11:01:06 -07:00
if ( ! info - > index . mod ) {
2013-11-12 15:11:28 -08:00
pr_warn ( " No module found in object \n " ) ;
module: add load_info
Btw, here's a patch that _looks_ large, but it really pretty trivial, and
sets things up so that it would be way easier to split off pieces of the
module loading.
The reason it looks large is that it creates a "module_info" structure
that contains all the module state that we're building up while loading,
instead of having individual variables for all the indices etc.
So the patch ends up being large, because every "symindex" access instead
becomes "info.index.sym" etc. That may be a few characters longer, but it
then means that we can just pass a pointer to that "info" structure
around. and let all the pieces fill it in very naturally.
As an example of that, the patch also moves the initialization of all
those convenience variables into a "setup_module_info()" function. And at
this point it really does become very natural to start to peel off some of
the error labels and move them into the helper functions - now the
"truncated" case is gone, and is handled inside that setup function
instead.
So maybe you don't like this approach, and it does make the variable
accesses a bit longer, but I don't think unreadably so. And the patch
really does look big and scary, but there really should be absolutely no
semantic changes - most of it was a trivial and mindless rename.
In fact, it was so mindless that I on purpose kept the existing helper
functions looking like this:
- err = check_modinfo(mod, sechdrs, infoindex, versindex);
+ err = check_modinfo(mod, info.sechdrs, info.index.info, info.index.vers);
rather than changing them to just take the "info" pointer. IOW, a second
phase (if you think the approach is ok) would change that calling
convention to just do
err = check_modinfo(mod, &info);
(and same for "layout_sections()", "layout_symtabs()" etc.) Similarly,
while right now it makes things _look_ bigger, with things like this:
versindex = find_sec(hdr, sechdrs, secstrings, "__versions");
becoming
info->index.vers = find_sec(info->hdr, info->sechdrs, info->secstrings, "__versions");
in the new "setup_module_info()" function, that's again just a result of
it being a search-and-replace patch. By using the 'info' pointer, we could
just change the 'find_sec()' interface so that it ends up being
info->index.vers = find_sec(info, "__versions");
instead, and then we'd actually have a shorter and more readable line. So
for a lot of those mindless variable name expansions there's would be room
for separate cleanups.
I didn't move quite everything in there - if we do this to layout_symtabs,
for example, we'd want to move the percpu, symoffs, stroffs, *strmap
variables to be fields in that module_info structure too. But that's a
much smaller patch, I moved just the really core stuff that is currently
being set up and used in various parts.
But even in this rough form, it removes close to 70 lines from that
function (but adds 22 lines overall, of course - the structure definition,
the helper function declarations and call-sites etc etc).
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2010-06-02 11:01:06 -07:00
return ERR_PTR ( - ENOEXEC ) ;
}
/* This is temporary: point mod into copy of data. */
mod = ( void * ) info - > sechdrs [ info - > index . mod ] . sh_addr ;
if ( info - > index . sym = = 0 ) {
2013-11-12 15:11:28 -08:00
pr_warn ( " %s: module has no symbols (stripped?) \n " , mod - > name ) ;
module: add load_info
Btw, here's a patch that _looks_ large, but it really pretty trivial, and
sets things up so that it would be way easier to split off pieces of the
module loading.
The reason it looks large is that it creates a "module_info" structure
that contains all the module state that we're building up while loading,
instead of having individual variables for all the indices etc.
So the patch ends up being large, because every "symindex" access instead
becomes "info.index.sym" etc. That may be a few characters longer, but it
then means that we can just pass a pointer to that "info" structure
around. and let all the pieces fill it in very naturally.
As an example of that, the patch also moves the initialization of all
those convenience variables into a "setup_module_info()" function. And at
this point it really does become very natural to start to peel off some of
the error labels and move them into the helper functions - now the
"truncated" case is gone, and is handled inside that setup function
instead.
So maybe you don't like this approach, and it does make the variable
accesses a bit longer, but I don't think unreadably so. And the patch
really does look big and scary, but there really should be absolutely no
semantic changes - most of it was a trivial and mindless rename.
In fact, it was so mindless that I on purpose kept the existing helper
functions looking like this:
- err = check_modinfo(mod, sechdrs, infoindex, versindex);
+ err = check_modinfo(mod, info.sechdrs, info.index.info, info.index.vers);
rather than changing them to just take the "info" pointer. IOW, a second
phase (if you think the approach is ok) would change that calling
convention to just do
err = check_modinfo(mod, &info);
(and same for "layout_sections()", "layout_symtabs()" etc.) Similarly,
while right now it makes things _look_ bigger, with things like this:
versindex = find_sec(hdr, sechdrs, secstrings, "__versions");
becoming
info->index.vers = find_sec(info->hdr, info->sechdrs, info->secstrings, "__versions");
in the new "setup_module_info()" function, that's again just a result of
it being a search-and-replace patch. By using the 'info' pointer, we could
just change the 'find_sec()' interface so that it ends up being
info->index.vers = find_sec(info, "__versions");
instead, and then we'd actually have a shorter and more readable line. So
for a lot of those mindless variable name expansions there's would be room
for separate cleanups.
I didn't move quite everything in there - if we do this to layout_symtabs,
for example, we'd want to move the percpu, symoffs, stroffs, *strmap
variables to be fields in that module_info structure too. But that's a
much smaller patch, I moved just the really core stuff that is currently
being set up and used in various parts.
But even in this rough form, it removes close to 70 lines from that
function (but adds 22 lines overall, of course - the structure definition,
the helper function declarations and call-sites etc etc).
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2010-06-02 11:01:06 -07:00
return ERR_PTR ( - ENOEXEC ) ;
}
2010-08-05 12:59:10 -06:00
info - > index . pcpu = find_pcpusec ( info ) ;
module: add load_info
Btw, here's a patch that _looks_ large, but it really pretty trivial, and
sets things up so that it would be way easier to split off pieces of the
module loading.
The reason it looks large is that it creates a "module_info" structure
that contains all the module state that we're building up while loading,
instead of having individual variables for all the indices etc.
So the patch ends up being large, because every "symindex" access instead
becomes "info.index.sym" etc. That may be a few characters longer, but it
then means that we can just pass a pointer to that "info" structure
around. and let all the pieces fill it in very naturally.
As an example of that, the patch also moves the initialization of all
those convenience variables into a "setup_module_info()" function. And at
this point it really does become very natural to start to peel off some of
the error labels and move them into the helper functions - now the
"truncated" case is gone, and is handled inside that setup function
instead.
So maybe you don't like this approach, and it does make the variable
accesses a bit longer, but I don't think unreadably so. And the patch
really does look big and scary, but there really should be absolutely no
semantic changes - most of it was a trivial and mindless rename.
In fact, it was so mindless that I on purpose kept the existing helper
functions looking like this:
- err = check_modinfo(mod, sechdrs, infoindex, versindex);
+ err = check_modinfo(mod, info.sechdrs, info.index.info, info.index.vers);
rather than changing them to just take the "info" pointer. IOW, a second
phase (if you think the approach is ok) would change that calling
convention to just do
err = check_modinfo(mod, &info);
(and same for "layout_sections()", "layout_symtabs()" etc.) Similarly,
while right now it makes things _look_ bigger, with things like this:
versindex = find_sec(hdr, sechdrs, secstrings, "__versions");
becoming
info->index.vers = find_sec(info->hdr, info->sechdrs, info->secstrings, "__versions");
in the new "setup_module_info()" function, that's again just a result of
it being a search-and-replace patch. By using the 'info' pointer, we could
just change the 'find_sec()' interface so that it ends up being
info->index.vers = find_sec(info, "__versions");
instead, and then we'd actually have a shorter and more readable line. So
for a lot of those mindless variable name expansions there's would be room
for separate cleanups.
I didn't move quite everything in there - if we do this to layout_symtabs,
for example, we'd want to move the percpu, symoffs, stroffs, *strmap
variables to be fields in that module_info structure too. But that's a
much smaller patch, I moved just the really core stuff that is currently
being set up and used in various parts.
But even in this rough form, it removes close to 70 lines from that
function (but adds 22 lines overall, of course - the structure definition,
the helper function declarations and call-sites etc etc).
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2010-06-02 11:01:06 -07:00
/* Check module struct version now, before we try to use module. */
if ( ! check_modstruct_version ( info - > sechdrs , info - > index . vers , mod ) )
return ERR_PTR ( - ENOEXEC ) ;
return mod ;
}
2012-10-22 18:09:41 +10:30
static int check_modinfo ( struct module * mod , struct load_info * info , int flags )
2010-08-05 12:59:03 -06:00
{
2010-08-05 12:59:10 -06:00
const char * modmagic = get_modinfo ( info , " vermagic " ) ;
2010-08-05 12:59:03 -06:00
int err ;
2012-10-22 18:09:41 +10:30
if ( flags & MODULE_INIT_IGNORE_VERMAGIC )
modmagic = NULL ;
2010-08-05 12:59:03 -06:00
/* This is allowed: modprobe --force will invalidate it. */
if ( ! modmagic ) {
err = try_to_force_load ( mod , " bad vermagic " ) ;
if ( err )
return err ;
2010-08-05 12:59:10 -06:00
} else if ( ! same_magic ( modmagic , vermagic , info - > index . vers ) ) {
2013-11-12 15:11:28 -08:00
pr_err ( " %s: version magic '%s' should be '%s' \n " ,
2010-08-05 12:59:03 -06:00
mod - > name , modmagic , vermagic ) ;
return - ENOEXEC ;
}
2011-10-24 15:12:28 +02:00
if ( ! get_modinfo ( info , " intree " ) )
2013-01-21 17:17:39 +10:30
add_taint_module ( mod , TAINT_OOT_MODULE , LOCKDEP_STILL_OK ) ;
2011-10-24 15:12:28 +02:00
2010-08-05 12:59:10 -06:00
if ( get_modinfo ( info , " staging " ) ) {
2013-01-21 17:17:39 +10:30
add_taint_module ( mod , TAINT_CRAP , LOCKDEP_STILL_OK ) ;
2013-11-12 15:11:28 -08:00
pr_warn ( " %s: module is from the staging directory, the quality "
" is unknown, you have been warned. \n " , mod - > name ) ;
2010-08-05 12:59:03 -06:00
}
2010-08-05 12:59:05 -06:00
/* Set up license info based on the info section */
2010-08-05 12:59:10 -06:00
set_license ( mod , get_modinfo ( info , " license " ) ) ;
2010-08-05 12:59:05 -06:00
2010-08-05 12:59:03 -06:00
return 0 ;
}
2010-08-05 12:59:12 -06:00
static void find_module_sections ( struct module * mod , struct load_info * info )
2010-08-05 12:59:02 -06:00
{
2010-08-05 12:59:10 -06:00
mod - > kp = section_objs ( info , " __param " ,
2010-08-05 12:59:02 -06:00
sizeof ( * mod - > kp ) , & mod - > num_kp ) ;
2010-08-05 12:59:10 -06:00
mod - > syms = section_objs ( info , " __ksymtab " ,
2010-08-05 12:59:02 -06:00
sizeof ( * mod - > syms ) , & mod - > num_syms ) ;
2010-08-05 12:59:10 -06:00
mod - > crcs = section_addr ( info , " __kcrctab " ) ;
mod - > gpl_syms = section_objs ( info , " __ksymtab_gpl " ,
2010-08-05 12:59:02 -06:00
sizeof ( * mod - > gpl_syms ) ,
& mod - > num_gpl_syms ) ;
2010-08-05 12:59:10 -06:00
mod - > gpl_crcs = section_addr ( info , " __kcrctab_gpl " ) ;
mod - > gpl_future_syms = section_objs ( info ,
2010-08-05 12:59:02 -06:00
" __ksymtab_gpl_future " ,
sizeof ( * mod - > gpl_future_syms ) ,
& mod - > num_gpl_future_syms ) ;
2010-08-05 12:59:10 -06:00
mod - > gpl_future_crcs = section_addr ( info , " __kcrctab_gpl_future " ) ;
2010-08-05 12:59:02 -06:00
# ifdef CONFIG_UNUSED_SYMBOLS
2010-08-05 12:59:10 -06:00
mod - > unused_syms = section_objs ( info , " __ksymtab_unused " ,
2010-08-05 12:59:02 -06:00
sizeof ( * mod - > unused_syms ) ,
& mod - > num_unused_syms ) ;
2010-08-05 12:59:10 -06:00
mod - > unused_crcs = section_addr ( info , " __kcrctab_unused " ) ;
mod - > unused_gpl_syms = section_objs ( info , " __ksymtab_unused_gpl " ,
2010-08-05 12:59:02 -06:00
sizeof ( * mod - > unused_gpl_syms ) ,
& mod - > num_unused_gpl_syms ) ;
2010-08-05 12:59:10 -06:00
mod - > unused_gpl_crcs = section_addr ( info , " __kcrctab_unused_gpl " ) ;
2010-08-05 12:59:02 -06:00
# endif
# ifdef CONFIG_CONSTRUCTORS
2010-08-05 12:59:10 -06:00
mod - > ctors = section_objs ( info , " .ctors " ,
2010-08-05 12:59:02 -06:00
sizeof ( * mod - > ctors ) , & mod - > num_ctors ) ;
# endif
# ifdef CONFIG_TRACEPOINTS
2011-01-26 17:26:22 -05:00
mod - > tracepoints_ptrs = section_objs ( info , " __tracepoints_ptrs " ,
sizeof ( * mod - > tracepoints_ptrs ) ,
& mod - > num_tracepoints ) ;
2010-08-05 12:59:02 -06:00
# endif
2010-09-17 11:09:00 -04:00
# ifdef HAVE_JUMP_LABEL
mod - > jump_entries = section_objs ( info , " __jump_table " ,
sizeof ( * mod - > jump_entries ) ,
& mod - > num_jump_entries ) ;
# endif
2010-08-05 12:59:02 -06:00
# ifdef CONFIG_EVENT_TRACING
2010-08-05 12:59:10 -06:00
mod - > trace_events = section_objs ( info , " _ftrace_events " ,
2010-08-05 12:59:02 -06:00
sizeof ( * mod - > trace_events ) ,
& mod - > num_trace_events ) ;
# endif
tracing: Fix module use of trace_bprintk()
On use of trace_printk() there's a macro that determines if the format
is static or a variable. If it is static, it defaults to __trace_bprintk()
otherwise it uses __trace_printk().
A while ago, Lai Jiangshan added __trace_bprintk(). In that patch, we
discussed a way to allow modules to use it. The difference between
__trace_bprintk() and __trace_printk() is that for faster processing,
just the format and args are stored in the trace instead of running
it through a sprintf function. In order to do this, the format used
by the __trace_bprintk() had to be persistent.
See commit 1ba28e02a18cbdbea123836f6c98efb09cbf59ec
The problem comes with trace_bprintk() where the module is unloaded.
The pointer left in the buffer is still pointing to the format.
To solve this issue, the formats in the module were copied into kernel
core. If the same format was used, they would use the same copy (to prevent
memory leak). This all worked well until we tried to merge everything.
At the time this was written, Lai Jiangshan, Frederic Weisbecker,
Ingo Molnar and myself were all touching the same code. When this was
merged, we lost the part of it that was in module.c. This kept out the
copying of the formats and unloading the module could cause bad pointers
left in the ring buffer.
This patch adds back (with updates required for current kernel) the
module code that sets up the necessary pointers.
Cc: Lai Jiangshan <laijs@cn.fujitsu.com>
Cc: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
2010-11-10 22:19:24 -05:00
# ifdef CONFIG_TRACING
mod - > trace_bprintk_fmt_start = section_objs ( info , " __trace_printk_fmt " ,
sizeof ( * mod - > trace_bprintk_fmt_start ) ,
& mod - > num_trace_bprintk_fmt ) ;
# endif
2010-08-05 12:59:02 -06:00
# ifdef CONFIG_FTRACE_MCOUNT_RECORD
/* sechdrs[0].sh_size is always zero */
2010-08-05 12:59:10 -06:00
mod - > ftrace_callsites = section_objs ( info , " __mcount_loc " ,
2010-08-05 12:59:02 -06:00
sizeof ( * mod - > ftrace_callsites ) ,
& mod - > num_ftrace_callsites ) ;
# endif
2010-08-05 12:59:05 -06:00
2010-08-05 12:59:12 -06:00
mod - > extable = section_objs ( info , " __ex_table " ,
sizeof ( * mod - > extable ) , & mod - > num_exentries ) ;
2010-08-05 12:59:10 -06:00
if ( section_addr ( info , " __obsparm " ) )
2013-11-12 15:11:28 -08:00
pr_warn ( " %s: Ignoring obsolete parameters \n " , mod - > name ) ;
2010-08-05 12:59:12 -06:00
info - > debug = section_objs ( info , " __verbose " ,
sizeof ( * info - > debug ) , & info - > num_debug ) ;
2010-08-05 12:59:02 -06:00
}
2010-08-05 12:59:10 -06:00
static int move_module ( struct module * mod , struct load_info * info )
2010-08-05 12:59:02 -06:00
{
int i ;
void * ptr ;
/* Do the allocs. */
ptr = module_alloc_update_bounds ( mod - > core_size ) ;
/*
* The pointer to this block is stored in the module structure
* which is inside the block . Just mark it as not being a
* leak .
*/
kmemleak_not_leak ( ptr ) ;
if ( ! ptr )
2010-08-05 12:59:08 -06:00
return - ENOMEM ;
2010-08-05 12:59:02 -06:00
memset ( ptr , 0 , mod - > core_size ) ;
mod - > module_core = ptr ;
2012-12-11 09:38:33 +10:30
if ( mod - > init_size ) {
ptr = module_alloc_update_bounds ( mod - > init_size ) ;
/*
* The pointer to this block is stored in the module structure
* which is inside the block . This block doesn ' t need to be
* scanned as it contains data and code that will be freed
* after the module is initialized .
*/
kmemleak_ignore ( ptr ) ;
if ( ! ptr ) {
module_free ( mod , mod - > module_core ) ;
return - ENOMEM ;
}
memset ( ptr , 0 , mod - > init_size ) ;
mod - > module_init = ptr ;
} else
mod - > module_init = NULL ;
2010-08-05 12:59:02 -06:00
/* Transfer each section which specifies SHF_ALLOC */
2011-12-06 12:11:31 -07:00
pr_debug ( " final section addresses: \n " ) ;
2010-08-05 12:59:10 -06:00
for ( i = 0 ; i < info - > hdr - > e_shnum ; i + + ) {
2010-08-05 12:59:02 -06:00
void * dest ;
2010-08-05 12:59:10 -06:00
Elf_Shdr * shdr = & info - > sechdrs [ i ] ;
2010-08-05 12:59:02 -06:00
2010-08-05 12:59:10 -06:00
if ( ! ( shdr - > sh_flags & SHF_ALLOC ) )
2010-08-05 12:59:02 -06:00
continue ;
2010-08-05 12:59:10 -06:00
if ( shdr - > sh_entsize & INIT_OFFSET_MASK )
2010-08-05 12:59:02 -06:00
dest = mod - > module_init
2010-08-05 12:59:10 -06:00
+ ( shdr - > sh_entsize & ~ INIT_OFFSET_MASK ) ;
2010-08-05 12:59:02 -06:00
else
2010-08-05 12:59:10 -06:00
dest = mod - > module_core + shdr - > sh_entsize ;
2010-08-05 12:59:02 -06:00
2010-08-05 12:59:10 -06:00
if ( shdr - > sh_type ! = SHT_NOBITS )
memcpy ( dest , ( void * ) shdr - > sh_addr , shdr - > sh_size ) ;
2010-08-05 12:59:02 -06:00
/* Update sh_addr to point to copy in image. */
2010-08-05 12:59:10 -06:00
shdr - > sh_addr = ( unsigned long ) dest ;
2011-12-06 12:11:31 -07:00
pr_debug ( " \t 0x%lx %s \n " ,
( long ) shdr - > sh_addr , info - > secstrings + shdr - > sh_name ) ;
2010-08-05 12:59:02 -06:00
}
2010-08-05 12:59:08 -06:00
return 0 ;
2010-08-05 12:59:02 -06:00
}
2010-08-05 12:59:10 -06:00
static int check_module_license_and_versions ( struct module * mod )
2010-08-05 12:59:05 -06:00
{
/*
* ndiswrapper is under GPL by itself , but loads proprietary modules .
* Don ' t use add_taint_module ( ) , as it would prevent ndiswrapper from
* using GPL - only symbols it needs .
*/
if ( strcmp ( mod - > name , " ndiswrapper " ) = = 0 )
2013-01-21 17:17:39 +10:30
add_taint ( TAINT_PROPRIETARY_MODULE , LOCKDEP_NOW_UNRELIABLE ) ;
2010-08-05 12:59:05 -06:00
/* driverloader was caught wrongly pretending to be under GPL */
if ( strcmp ( mod - > name , " driverloader " ) = = 0 )
2013-01-21 17:17:39 +10:30
add_taint_module ( mod , TAINT_PROPRIETARY_MODULE ,
LOCKDEP_NOW_UNRELIABLE ) ;
2010-08-05 12:59:05 -06:00
2012-06-22 13:49:31 -04:00
/* lve claims to be GPL but upstream won't provide source */
if ( strcmp ( mod - > name , " lve " ) = = 0 )
2013-01-21 17:17:39 +10:30
add_taint_module ( mod , TAINT_PROPRIETARY_MODULE ,
LOCKDEP_NOW_UNRELIABLE ) ;
2012-06-22 13:49:31 -04:00
2010-08-05 12:59:05 -06:00
# ifdef CONFIG_MODVERSIONS
if ( ( mod - > num_syms & & ! mod - > crcs )
| | ( mod - > num_gpl_syms & & ! mod - > gpl_crcs )
| | ( mod - > num_gpl_future_syms & & ! mod - > gpl_future_crcs )
# ifdef CONFIG_UNUSED_SYMBOLS
| | ( mod - > num_unused_syms & & ! mod - > unused_crcs )
| | ( mod - > num_unused_gpl_syms & & ! mod - > unused_gpl_crcs )
# endif
) {
return try_to_force_load ( mod ,
" no versions for exported symbols " ) ;
}
# endif
return 0 ;
}
static void flush_module_icache ( const struct module * mod )
{
mm_segment_t old_fs ;
/* flush the icache in correct context */
old_fs = get_fs ( ) ;
set_fs ( KERNEL_DS ) ;
/*
* Flush the instruction cache , since we ' ve played with text .
* Do it before processing of module parameters , so the module
* can provide parameter accessor functions of its own .
*/
if ( mod - > module_init )
flush_icache_range ( ( unsigned long ) mod - > module_init ,
( unsigned long ) mod - > module_init
+ mod - > init_size ) ;
flush_icache_range ( ( unsigned long ) mod - > module_core ,
( unsigned long ) mod - > module_core + mod - > core_size ) ;
set_fs ( old_fs ) ;
}
2011-06-30 21:22:11 +02:00
int __weak module_frob_arch_sections ( Elf_Ehdr * hdr ,
Elf_Shdr * sechdrs ,
char * secstrings ,
struct module * mod )
{
return 0 ;
}
2012-10-22 18:09:41 +10:30
static struct module * layout_and_allocate ( struct load_info * info , int flags )
2005-04-16 15:20:36 -07:00
{
2010-08-05 12:59:08 -06:00
/* Module within temporary copy. */
2005-04-16 15:20:36 -07:00
struct module * mod ;
2010-08-05 12:59:08 -06:00
int err ;
2009-10-01 15:43:54 -07:00
2012-10-22 18:09:41 +10:30
mod = setup_load_info ( info , flags ) ;
2010-08-05 12:59:08 -06:00
if ( IS_ERR ( mod ) )
return mod ;
2005-04-16 15:20:36 -07:00
2012-10-22 18:09:41 +10:30
err = check_modinfo ( mod , info , flags ) ;
2010-08-05 12:59:03 -06:00
if ( err )
return ERR_PTR ( err ) ;
2005-04-16 15:20:36 -07:00
/* Allow arches to frob section contents and sizes. */
2010-08-05 12:59:10 -06:00
err = module_frob_arch_sections ( info - > hdr , info - > sechdrs ,
info - > secstrings , mod ) ;
2005-04-16 15:20:36 -07:00
if ( err < 0 )
2013-07-03 10:06:28 +09:30
return ERR_PTR ( err ) ;
2005-04-16 15:20:36 -07:00
2013-07-03 10:06:28 +09:30
/* We will do a special allocation for per-cpu sections later. */
info - > sechdrs [ info - > index . pcpu ] . sh_flags & = ~ ( unsigned long ) SHF_ALLOC ;
2005-04-16 15:20:36 -07:00
/* Determine total sizes, and put offsets in sh_entsize. For now
this is done generically ; there doesn ' t appear to be any
special cases for the architectures . */
2010-08-05 12:59:10 -06:00
layout_sections ( mod , info ) ;
layout_symtab ( mod , info ) ;
2005-04-16 15:20:36 -07:00
2010-08-05 12:59:02 -06:00
/* Allocate and move to the final place */
2010-08-05 12:59:10 -06:00
err = move_module ( mod , info ) ;
2010-08-05 12:59:08 -06:00
if ( err )
2013-07-03 10:06:28 +09:30
return ERR_PTR ( err ) ;
2010-08-05 12:59:08 -06:00
/* Module has been copied to its final place now: return it. */
mod = ( void * ) info - > sechdrs [ info - > index . mod ] . sh_addr ;
2010-08-05 12:59:10 -06:00
kmemleak_load_module ( mod , info ) ;
2010-08-05 12:59:08 -06:00
return mod ;
}
/* mod is no longer valid after this! */
static void module_deallocate ( struct module * mod , struct load_info * info )
{
percpu_modfree ( mod ) ;
module_free ( mod , mod - > module_init ) ;
module_free ( mod , mod - > module_core ) ;
}
2011-06-30 21:22:11 +02:00
int __weak module_finalize ( const Elf_Ehdr * hdr ,
const Elf_Shdr * sechdrs ,
struct module * me )
{
return 0 ;
}
2010-08-05 12:59:12 -06:00
static int post_relocation ( struct module * mod , const struct load_info * info )
{
2010-08-05 12:59:13 -06:00
/* Sort exception table now relocations are done. */
2010-08-05 12:59:12 -06:00
sort_extable ( mod - > extable , mod - > extable + mod - > num_exentries ) ;
/* Copy relocated percpu area over. */
percpu_modcopy ( mod , ( void * ) info - > sechdrs [ info - > index . pcpu ] . sh_addr ,
info - > sechdrs [ info - > index . pcpu ] . sh_size ) ;
2010-08-05 12:59:13 -06:00
/* Setup kallsyms-specific fields. */
2010-08-05 12:59:12 -06:00
add_kallsyms ( mod , info ) ;
/* Arch-specific module finalizing. */
return module_finalize ( info - > hdr , info - > sechdrs , mod ) ;
}
2012-09-28 14:31:03 +09:30
/* Is this module of this name done loading? No locks held. */
static bool finished_loading ( const char * name )
{
struct module * mod ;
bool ret ;
mutex_lock ( & module_mutex ) ;
2013-07-02 15:35:11 +09:30
mod = find_module_all ( name , strlen ( name ) , true ) ;
2013-01-12 11:38:44 +10:30
ret = ! mod | | mod - > state = = MODULE_STATE_LIVE
| | mod - > state = = MODULE_STATE_GOING ;
2012-09-28 14:31:03 +09:30
mutex_unlock ( & module_mutex ) ;
return ret ;
}
module: add syscall to load module from fd
As part of the effort to create a stronger boundary between root and
kernel, Chrome OS wants to be able to enforce that kernel modules are
being loaded only from our read-only crypto-hash verified (dm_verity)
root filesystem. Since the init_module syscall hands the kernel a module
as a memory blob, no reasoning about the origin of the blob can be made.
Earlier proposals for appending signatures to kernel modules would not be
useful in Chrome OS, since it would involve adding an additional set of
keys to our kernel and builds for no good reason: we already trust the
contents of our root filesystem. We don't need to verify those kernel
modules a second time. Having to do signature checking on module loading
would slow us down and be redundant. All we need to know is where a
module is coming from so we can say yes/no to loading it.
If a file descriptor is used as the source of a kernel module, many more
things can be reasoned about. In Chrome OS's case, we could enforce that
the module lives on the filesystem we expect it to live on. In the case
of IMA (or other LSMs), it would be possible, for example, to examine
extended attributes that may contain signatures over the contents of
the module.
This introduces a new syscall (on x86), similar to init_module, that has
only two arguments. The first argument is used as a file descriptor to
the module and the second argument is a pointer to the NULL terminated
string of module arguments.
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (merge fixes)
2012-10-16 07:31:07 +10:30
/* Call module constructors. */
static void do_mod_ctors ( struct module * mod )
{
# ifdef CONFIG_CONSTRUCTORS
unsigned long i ;
for ( i = 0 ; i < mod - > num_ctors ; i + + )
mod - > ctors [ i ] ( ) ;
# endif
}
/* This is where the real work happens */
static int do_init_module ( struct module * mod )
{
int ret = 0 ;
2013-01-15 18:52:51 -08:00
/*
* We want to find out whether @ mod uses async during init . Clear
* PF_USED_ASYNC . async_schedule * ( ) will set it .
*/
current - > flags & = ~ PF_USED_ASYNC ;
module: add syscall to load module from fd
As part of the effort to create a stronger boundary between root and
kernel, Chrome OS wants to be able to enforce that kernel modules are
being loaded only from our read-only crypto-hash verified (dm_verity)
root filesystem. Since the init_module syscall hands the kernel a module
as a memory blob, no reasoning about the origin of the blob can be made.
Earlier proposals for appending signatures to kernel modules would not be
useful in Chrome OS, since it would involve adding an additional set of
keys to our kernel and builds for no good reason: we already trust the
contents of our root filesystem. We don't need to verify those kernel
modules a second time. Having to do signature checking on module loading
would slow us down and be redundant. All we need to know is where a
module is coming from so we can say yes/no to loading it.
If a file descriptor is used as the source of a kernel module, many more
things can be reasoned about. In Chrome OS's case, we could enforce that
the module lives on the filesystem we expect it to live on. In the case
of IMA (or other LSMs), it would be possible, for example, to examine
extended attributes that may contain signatures over the contents of
the module.
This introduces a new syscall (on x86), similar to init_module, that has
only two arguments. The first argument is used as a file descriptor to
the module and the second argument is a pointer to the NULL terminated
string of module arguments.
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (merge fixes)
2012-10-16 07:31:07 +10:30
blocking_notifier_call_chain ( & module_notify_list ,
MODULE_STATE_COMING , mod ) ;
/* Set RO and NX regions for core */
set_section_ro_nx ( mod - > module_core ,
mod - > core_text_size ,
mod - > core_ro_size ,
mod - > core_size ) ;
/* Set RO and NX regions for init */
set_section_ro_nx ( mod - > module_init ,
mod - > init_text_size ,
mod - > init_ro_size ,
mod - > init_size ) ;
do_mod_ctors ( mod ) ;
/* Start the module */
if ( mod - > init ! = NULL )
ret = do_one_initcall ( mod - > init ) ;
if ( ret < 0 ) {
/* Init routine failed: abort. Try to protect us from
buggy refcounters . */
mod - > state = MODULE_STATE_GOING ;
synchronize_sched ( ) ;
module_put ( mod ) ;
blocking_notifier_call_chain ( & module_notify_list ,
MODULE_STATE_GOING , mod ) ;
free_module ( mod ) ;
wake_up_all ( & module_wq ) ;
return ret ;
}
if ( ret > 0 ) {
2013-11-12 15:11:28 -08:00
pr_warn ( " %s: '%s'->init suspiciously returned %d, it should "
" follow 0/-E convention \n "
" %s: loading module anyway... \n " ,
__func__ , mod - > name , ret , __func__ ) ;
module: add syscall to load module from fd
As part of the effort to create a stronger boundary between root and
kernel, Chrome OS wants to be able to enforce that kernel modules are
being loaded only from our read-only crypto-hash verified (dm_verity)
root filesystem. Since the init_module syscall hands the kernel a module
as a memory blob, no reasoning about the origin of the blob can be made.
Earlier proposals for appending signatures to kernel modules would not be
useful in Chrome OS, since it would involve adding an additional set of
keys to our kernel and builds for no good reason: we already trust the
contents of our root filesystem. We don't need to verify those kernel
modules a second time. Having to do signature checking on module loading
would slow us down and be redundant. All we need to know is where a
module is coming from so we can say yes/no to loading it.
If a file descriptor is used as the source of a kernel module, many more
things can be reasoned about. In Chrome OS's case, we could enforce that
the module lives on the filesystem we expect it to live on. In the case
of IMA (or other LSMs), it would be possible, for example, to examine
extended attributes that may contain signatures over the contents of
the module.
This introduces a new syscall (on x86), similar to init_module, that has
only two arguments. The first argument is used as a file descriptor to
the module and the second argument is a pointer to the NULL terminated
string of module arguments.
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (merge fixes)
2012-10-16 07:31:07 +10:30
dump_stack ( ) ;
}
/* Now it's a first class citizen! */
mod - > state = MODULE_STATE_LIVE ;
blocking_notifier_call_chain ( & module_notify_list ,
MODULE_STATE_LIVE , mod ) ;
2013-01-15 18:52:51 -08:00
/*
* We need to finish all async code before the module init sequence
* is done . This has potential to deadlock . For example , a newly
* detected block device can trigger request_module ( ) of the
* default iosched from async probing task . Once userland helper
* reaches here , async_synchronize_full ( ) will wait on the async
* task waiting on request_module ( ) and deadlock .
*
* This deadlock is avoided by perfomring async_synchronize_full ( )
* iff module init queued any async jobs . This isn ' t a full
* solution as it will deadlock the same if module loading from
* async jobs nests more than once ; however , due to the various
* constraints , this hack seems to be the best option for now .
* Please refer to the following thread for details .
*
* http : //thread.gmane.org/gmane.linux.kernel/1420814
*/
if ( current - > flags & PF_USED_ASYNC )
async_synchronize_full ( ) ;
module: add syscall to load module from fd
As part of the effort to create a stronger boundary between root and
kernel, Chrome OS wants to be able to enforce that kernel modules are
being loaded only from our read-only crypto-hash verified (dm_verity)
root filesystem. Since the init_module syscall hands the kernel a module
as a memory blob, no reasoning about the origin of the blob can be made.
Earlier proposals for appending signatures to kernel modules would not be
useful in Chrome OS, since it would involve adding an additional set of
keys to our kernel and builds for no good reason: we already trust the
contents of our root filesystem. We don't need to verify those kernel
modules a second time. Having to do signature checking on module loading
would slow us down and be redundant. All we need to know is where a
module is coming from so we can say yes/no to loading it.
If a file descriptor is used as the source of a kernel module, many more
things can be reasoned about. In Chrome OS's case, we could enforce that
the module lives on the filesystem we expect it to live on. In the case
of IMA (or other LSMs), it would be possible, for example, to examine
extended attributes that may contain signatures over the contents of
the module.
This introduces a new syscall (on x86), similar to init_module, that has
only two arguments. The first argument is used as a file descriptor to
the module and the second argument is a pointer to the NULL terminated
string of module arguments.
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (merge fixes)
2012-10-16 07:31:07 +10:30
mutex_lock ( & module_mutex ) ;
/* Drop initial reference. */
module_put ( mod ) ;
trim_init_extable ( mod ) ;
# ifdef CONFIG_KALLSYMS
mod - > num_symtab = mod - > core_num_syms ;
mod - > symtab = mod - > core_symtab ;
mod - > strtab = mod - > core_strtab ;
# endif
unset_module_init_ro_nx ( mod ) ;
module_free ( mod , mod - > module_init ) ;
mod - > module_init = NULL ;
mod - > init_size = 0 ;
mod - > init_ro_size = 0 ;
mod - > init_text_size = 0 ;
mutex_unlock ( & module_mutex ) ;
wake_up_all ( & module_wq ) ;
return 0 ;
}
static int may_init_module ( void )
{
if ( ! capable ( CAP_SYS_MODULE ) | | modules_disabled )
return - EPERM ;
return 0 ;
}
2013-01-21 17:18:59 +10:30
/*
* We try to place it in the list now to make sure it ' s unique before
* we dedicate too many resources . In particular , temporary percpu
* memory exhaustion .
*/
static int add_unformed_module ( struct module * mod )
{
int err ;
struct module * old ;
mod - > state = MODULE_STATE_UNFORMED ;
again :
mutex_lock ( & module_mutex ) ;
2013-07-02 15:35:11 +09:30
old = find_module_all ( mod - > name , strlen ( mod - > name ) , true ) ;
if ( old ! = NULL ) {
2013-01-21 17:18:59 +10:30
if ( old - > state = = MODULE_STATE_COMING
| | old - > state = = MODULE_STATE_UNFORMED ) {
/* Wait in case it fails to load. */
mutex_unlock ( & module_mutex ) ;
err = wait_event_interruptible ( module_wq ,
finished_loading ( mod - > name ) ) ;
if ( err )
goto out_unlocked ;
goto again ;
}
err = - EEXIST ;
goto out ;
}
list_add_rcu ( & mod - > list , & modules ) ;
err = 0 ;
out :
mutex_unlock ( & module_mutex ) ;
out_unlocked :
return err ;
}
static int complete_formation ( struct module * mod , struct load_info * info )
{
int err ;
mutex_lock ( & module_mutex ) ;
/* Find duplicate symbols (must be called under lock). */
err = verify_export_symbols ( mod ) ;
if ( err < 0 )
goto out ;
/* This relies on module_mutex for list integrity. */
module_bug_finalize ( info - > hdr , info - > sechdrs , mod ) ;
/* Mark state as coming so strong_try_module_get() ignores us,
* but kallsyms etc . can see us . */
mod - > state = MODULE_STATE_COMING ;
out :
mutex_unlock ( & module_mutex ) ;
return err ;
}
2013-07-02 15:35:12 +09:30
static int unknown_module_param_cb ( char * param , char * val , const char * modname )
{
/* Check for magic 'dyndbg' arg */
int ret = ddebug_dyndbg_module_param_cb ( param , val , modname ) ;
2013-11-12 15:11:28 -08:00
if ( ret ! = 0 )
pr_warn ( " %s: unknown parameter '%s' ignored \n " , modname , param ) ;
2013-07-02 15:35:12 +09:30
return 0 ;
}
2010-08-05 12:59:08 -06:00
/* Allocate and load the module: note that size of section 0 is always
zero , and we rely on this for optional sections . */
2012-10-22 18:09:41 +10:30
static int load_module ( struct load_info * info , const char __user * uargs ,
int flags )
2010-08-05 12:59:08 -06:00
{
2013-01-21 17:18:59 +10:30
struct module * mod ;
2010-08-05 12:59:08 -06:00
long err ;
module: add syscall to load module from fd
As part of the effort to create a stronger boundary between root and
kernel, Chrome OS wants to be able to enforce that kernel modules are
being loaded only from our read-only crypto-hash verified (dm_verity)
root filesystem. Since the init_module syscall hands the kernel a module
as a memory blob, no reasoning about the origin of the blob can be made.
Earlier proposals for appending signatures to kernel modules would not be
useful in Chrome OS, since it would involve adding an additional set of
keys to our kernel and builds for no good reason: we already trust the
contents of our root filesystem. We don't need to verify those kernel
modules a second time. Having to do signature checking on module loading
would slow us down and be redundant. All we need to know is where a
module is coming from so we can say yes/no to loading it.
If a file descriptor is used as the source of a kernel module, many more
things can be reasoned about. In Chrome OS's case, we could enforce that
the module lives on the filesystem we expect it to live on. In the case
of IMA (or other LSMs), it would be possible, for example, to examine
extended attributes that may contain signatures over the contents of
the module.
This introduces a new syscall (on x86), similar to init_module, that has
only two arguments. The first argument is used as a file descriptor to
the module and the second argument is a pointer to the NULL terminated
string of module arguments.
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (merge fixes)
2012-10-16 07:31:07 +10:30
err = module_sig_check ( info ) ;
if ( err )
goto free_copy ;
2010-08-05 12:59:08 -06:00
module: add syscall to load module from fd
As part of the effort to create a stronger boundary between root and
kernel, Chrome OS wants to be able to enforce that kernel modules are
being loaded only from our read-only crypto-hash verified (dm_verity)
root filesystem. Since the init_module syscall hands the kernel a module
as a memory blob, no reasoning about the origin of the blob can be made.
Earlier proposals for appending signatures to kernel modules would not be
useful in Chrome OS, since it would involve adding an additional set of
keys to our kernel and builds for no good reason: we already trust the
contents of our root filesystem. We don't need to verify those kernel
modules a second time. Having to do signature checking on module loading
would slow us down and be redundant. All we need to know is where a
module is coming from so we can say yes/no to loading it.
If a file descriptor is used as the source of a kernel module, many more
things can be reasoned about. In Chrome OS's case, we could enforce that
the module lives on the filesystem we expect it to live on. In the case
of IMA (or other LSMs), it would be possible, for example, to examine
extended attributes that may contain signatures over the contents of
the module.
This introduces a new syscall (on x86), similar to init_module, that has
only two arguments. The first argument is used as a file descriptor to
the module and the second argument is a pointer to the NULL terminated
string of module arguments.
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (merge fixes)
2012-10-16 07:31:07 +10:30
err = elf_header_check ( info ) ;
2010-08-05 12:59:08 -06:00
if ( err )
module: add syscall to load module from fd
As part of the effort to create a stronger boundary between root and
kernel, Chrome OS wants to be able to enforce that kernel modules are
being loaded only from our read-only crypto-hash verified (dm_verity)
root filesystem. Since the init_module syscall hands the kernel a module
as a memory blob, no reasoning about the origin of the blob can be made.
Earlier proposals for appending signatures to kernel modules would not be
useful in Chrome OS, since it would involve adding an additional set of
keys to our kernel and builds for no good reason: we already trust the
contents of our root filesystem. We don't need to verify those kernel
modules a second time. Having to do signature checking on module loading
would slow us down and be redundant. All we need to know is where a
module is coming from so we can say yes/no to loading it.
If a file descriptor is used as the source of a kernel module, many more
things can be reasoned about. In Chrome OS's case, we could enforce that
the module lives on the filesystem we expect it to live on. In the case
of IMA (or other LSMs), it would be possible, for example, to examine
extended attributes that may contain signatures over the contents of
the module.
This introduces a new syscall (on x86), similar to init_module, that has
only two arguments. The first argument is used as a file descriptor to
the module and the second argument is a pointer to the NULL terminated
string of module arguments.
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (merge fixes)
2012-10-16 07:31:07 +10:30
goto free_copy ;
2010-08-05 12:59:08 -06:00
/* Figure out module layout, and allocate all the memory. */
2012-10-22 18:09:41 +10:30
mod = layout_and_allocate ( info , flags ) ;
2010-08-05 12:59:02 -06:00
if ( IS_ERR ( mod ) ) {
err = PTR_ERR ( mod ) ;
2010-08-05 12:59:08 -06:00
goto free_copy ;
2005-04-16 15:20:36 -07:00
}
2013-01-21 17:18:59 +10:30
/* Reserve our place in the list. */
err = add_unformed_module ( mod ) ;
if ( err )
2013-01-12 13:27:34 +10:30
goto free_module ;
2012-09-26 10:09:40 +01:00
# ifdef CONFIG_MODULE_SIG
module: add syscall to load module from fd
As part of the effort to create a stronger boundary between root and
kernel, Chrome OS wants to be able to enforce that kernel modules are
being loaded only from our read-only crypto-hash verified (dm_verity)
root filesystem. Since the init_module syscall hands the kernel a module
as a memory blob, no reasoning about the origin of the blob can be made.
Earlier proposals for appending signatures to kernel modules would not be
useful in Chrome OS, since it would involve adding an additional set of
keys to our kernel and builds for no good reason: we already trust the
contents of our root filesystem. We don't need to verify those kernel
modules a second time. Having to do signature checking on module loading
would slow us down and be redundant. All we need to know is where a
module is coming from so we can say yes/no to loading it.
If a file descriptor is used as the source of a kernel module, many more
things can be reasoned about. In Chrome OS's case, we could enforce that
the module lives on the filesystem we expect it to live on. In the case
of IMA (or other LSMs), it would be possible, for example, to examine
extended attributes that may contain signatures over the contents of
the module.
This introduces a new syscall (on x86), similar to init_module, that has
only two arguments. The first argument is used as a file descriptor to
the module and the second argument is a pointer to the NULL terminated
string of module arguments.
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (merge fixes)
2012-10-16 07:31:07 +10:30
mod - > sig_ok = info - > sig_ok ;
2013-01-21 17:03:02 +10:30
if ( ! mod - > sig_ok ) {
2013-11-12 15:11:28 -08:00
pr_notice_once ( " %s: module verification failed: signature "
" and/or required key missing - tainting "
" kernel \n " , mod - > name ) ;
2013-01-21 17:17:39 +10:30
add_taint_module ( mod , TAINT_FORCED_MODULE , LOCKDEP_STILL_OK ) ;
2013-01-21 17:03:02 +10:30
}
2012-09-26 10:09:40 +01:00
# endif
2013-07-03 10:06:28 +09:30
/* To avoid stressing percpu allocator, do this once we're unique. */
2013-07-03 10:06:29 +09:30
err = percpu_modalloc ( mod , info ) ;
2013-07-03 10:06:28 +09:30
if ( err )
goto unlink_mod ;
2010-08-05 12:59:10 -06:00
/* Now module is in final location, initialize linked lists, etc. */
2010-08-05 12:59:04 -06:00
err = module_unload_init ( mod ) ;
if ( err )
2013-01-12 13:27:34 +10:30
goto unlink_mod ;
2005-04-16 15:20:36 -07:00
2010-08-05 12:59:05 -06:00
/* Now we've got everything in the final locations, we can
* find optional sections . */
module: add syscall to load module from fd
As part of the effort to create a stronger boundary between root and
kernel, Chrome OS wants to be able to enforce that kernel modules are
being loaded only from our read-only crypto-hash verified (dm_verity)
root filesystem. Since the init_module syscall hands the kernel a module
as a memory blob, no reasoning about the origin of the blob can be made.
Earlier proposals for appending signatures to kernel modules would not be
useful in Chrome OS, since it would involve adding an additional set of
keys to our kernel and builds for no good reason: we already trust the
contents of our root filesystem. We don't need to verify those kernel
modules a second time. Having to do signature checking on module loading
would slow us down and be redundant. All we need to know is where a
module is coming from so we can say yes/no to loading it.
If a file descriptor is used as the source of a kernel module, many more
things can be reasoned about. In Chrome OS's case, we could enforce that
the module lives on the filesystem we expect it to live on. In the case
of IMA (or other LSMs), it would be possible, for example, to examine
extended attributes that may contain signatures over the contents of
the module.
This introduces a new syscall (on x86), similar to init_module, that has
only two arguments. The first argument is used as a file descriptor to
the module and the second argument is a pointer to the NULL terminated
string of module arguments.
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (merge fixes)
2012-10-16 07:31:07 +10:30
find_module_sections ( mod , info ) ;
2008-02-28 17:11:02 -05:00
2010-08-05 12:59:10 -06:00
err = check_module_license_and_versions ( mod ) ;
2010-08-05 12:59:05 -06:00
if ( err )
goto free_unload ;
2006-01-08 01:03:41 -08:00
[PATCH] modules: add version and srcversion to sysfs
This patch adds version and srcversion files to
/sys/module/${modulename} containing the version and srcversion fields
of the module's modinfo section (if present).
/sys/module/e1000
|-- srcversion
`-- version
This patch differs slightly from the version posted in January, as it
now uses the new kstrdup() call in -mm.
Why put this in sysfs?
a) Tools like DKMS, which deal with changing out individual kernel
modules without replacing the whole kernel, can behave smarter if they
can tell the version of a given module. The autoinstaller feature, for
example, which determines if your system has a "good" version of a
driver (i.e. if the one provided by DKMS has a newer verson than that
provided by the kernel package installed), and to automatically compile
and install a newer version if DKMS has it but your kernel doesn't yet
have that version.
b) Because sysadmins manually, or with tools like DKMS, can switch out
modules on the file system, you can't count on 'modinfo foo.ko', which
looks at /lib/modules/${kernelver}/... actually matching what is loaded
into the kernel already. Hence asking sysfs for this.
c) as the unbind-driver-from-device work takes shape, it will be
possible to rebind a driver that's built-in (no .ko to modinfo for the
version) to a newly loaded module. sysfs will have the
currently-built-in version info, for comparison.
d) tech support scripts can then easily grab the version info for what's
running presently - a question I get often.
There has been renewed interest in this patch on linux-scsi by driver
authors.
As the idea originated from GregKH, I leave his Signed-off-by: intact,
though the implementation is nearly completely new. Compiled and run on
x86 and x86_64.
From: Matthew Dobson <colpatch@us.ibm.com>
build fix
From: Thierry Vignaud <tvignaud@mandriva.com>
build fix
From: Matthew Dobson <colpatch@us.ibm.com>
warning fix
Signed-off-by: Greg Kroah-Hartman <greg@kroah.com>
Signed-off-by: Matt Domsch <Matt_Domsch@dell.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-23 22:05:15 -07:00
/* Set up MODINFO_ATTR fields */
module: add syscall to load module from fd
As part of the effort to create a stronger boundary between root and
kernel, Chrome OS wants to be able to enforce that kernel modules are
being loaded only from our read-only crypto-hash verified (dm_verity)
root filesystem. Since the init_module syscall hands the kernel a module
as a memory blob, no reasoning about the origin of the blob can be made.
Earlier proposals for appending signatures to kernel modules would not be
useful in Chrome OS, since it would involve adding an additional set of
keys to our kernel and builds for no good reason: we already trust the
contents of our root filesystem. We don't need to verify those kernel
modules a second time. Having to do signature checking on module loading
would slow us down and be redundant. All we need to know is where a
module is coming from so we can say yes/no to loading it.
If a file descriptor is used as the source of a kernel module, many more
things can be reasoned about. In Chrome OS's case, we could enforce that
the module lives on the filesystem we expect it to live on. In the case
of IMA (or other LSMs), it would be possible, for example, to examine
extended attributes that may contain signatures over the contents of
the module.
This introduces a new syscall (on x86), similar to init_module, that has
only two arguments. The first argument is used as a file descriptor to
the module and the second argument is a pointer to the NULL terminated
string of module arguments.
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (merge fixes)
2012-10-16 07:31:07 +10:30
setup_modinfo ( mod , info ) ;
[PATCH] modules: add version and srcversion to sysfs
This patch adds version and srcversion files to
/sys/module/${modulename} containing the version and srcversion fields
of the module's modinfo section (if present).
/sys/module/e1000
|-- srcversion
`-- version
This patch differs slightly from the version posted in January, as it
now uses the new kstrdup() call in -mm.
Why put this in sysfs?
a) Tools like DKMS, which deal with changing out individual kernel
modules without replacing the whole kernel, can behave smarter if they
can tell the version of a given module. The autoinstaller feature, for
example, which determines if your system has a "good" version of a
driver (i.e. if the one provided by DKMS has a newer verson than that
provided by the kernel package installed), and to automatically compile
and install a newer version if DKMS has it but your kernel doesn't yet
have that version.
b) Because sysadmins manually, or with tools like DKMS, can switch out
modules on the file system, you can't count on 'modinfo foo.ko', which
looks at /lib/modules/${kernelver}/... actually matching what is loaded
into the kernel already. Hence asking sysfs for this.
c) as the unbind-driver-from-device work takes shape, it will be
possible to rebind a driver that's built-in (no .ko to modinfo for the
version) to a newly loaded module. sysfs will have the
currently-built-in version info, for comparison.
d) tech support scripts can then easily grab the version info for what's
running presently - a question I get often.
There has been renewed interest in this patch on linux-scsi by driver
authors.
As the idea originated from GregKH, I leave his Signed-off-by: intact,
though the implementation is nearly completely new. Compiled and run on
x86 and x86_64.
From: Matthew Dobson <colpatch@us.ibm.com>
build fix
From: Thierry Vignaud <tvignaud@mandriva.com>
build fix
From: Matthew Dobson <colpatch@us.ibm.com>
warning fix
Signed-off-by: Greg Kroah-Hartman <greg@kroah.com>
Signed-off-by: Matt Domsch <Matt_Domsch@dell.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-23 22:05:15 -07:00
2005-04-16 15:20:36 -07:00
/* Fix up syms, so that st_value is a pointer to location. */
module: add syscall to load module from fd
As part of the effort to create a stronger boundary between root and
kernel, Chrome OS wants to be able to enforce that kernel modules are
being loaded only from our read-only crypto-hash verified (dm_verity)
root filesystem. Since the init_module syscall hands the kernel a module
as a memory blob, no reasoning about the origin of the blob can be made.
Earlier proposals for appending signatures to kernel modules would not be
useful in Chrome OS, since it would involve adding an additional set of
keys to our kernel and builds for no good reason: we already trust the
contents of our root filesystem. We don't need to verify those kernel
modules a second time. Having to do signature checking on module loading
would slow us down and be redundant. All we need to know is where a
module is coming from so we can say yes/no to loading it.
If a file descriptor is used as the source of a kernel module, many more
things can be reasoned about. In Chrome OS's case, we could enforce that
the module lives on the filesystem we expect it to live on. In the case
of IMA (or other LSMs), it would be possible, for example, to examine
extended attributes that may contain signatures over the contents of
the module.
This introduces a new syscall (on x86), similar to init_module, that has
only two arguments. The first argument is used as a file descriptor to
the module and the second argument is a pointer to the NULL terminated
string of module arguments.
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (merge fixes)
2012-10-16 07:31:07 +10:30
err = simplify_symbols ( mod , info ) ;
2005-04-16 15:20:36 -07:00
if ( err < 0 )
2010-08-05 12:59:08 -06:00
goto free_modinfo ;
2005-04-16 15:20:36 -07:00
module: add syscall to load module from fd
As part of the effort to create a stronger boundary between root and
kernel, Chrome OS wants to be able to enforce that kernel modules are
being loaded only from our read-only crypto-hash verified (dm_verity)
root filesystem. Since the init_module syscall hands the kernel a module
as a memory blob, no reasoning about the origin of the blob can be made.
Earlier proposals for appending signatures to kernel modules would not be
useful in Chrome OS, since it would involve adding an additional set of
keys to our kernel and builds for no good reason: we already trust the
contents of our root filesystem. We don't need to verify those kernel
modules a second time. Having to do signature checking on module loading
would slow us down and be redundant. All we need to know is where a
module is coming from so we can say yes/no to loading it.
If a file descriptor is used as the source of a kernel module, many more
things can be reasoned about. In Chrome OS's case, we could enforce that
the module lives on the filesystem we expect it to live on. In the case
of IMA (or other LSMs), it would be possible, for example, to examine
extended attributes that may contain signatures over the contents of
the module.
This introduces a new syscall (on x86), similar to init_module, that has
only two arguments. The first argument is used as a file descriptor to
the module and the second argument is a pointer to the NULL terminated
string of module arguments.
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (merge fixes)
2012-10-16 07:31:07 +10:30
err = apply_relocations ( mod , info ) ;
2010-08-05 12:59:05 -06:00
if ( err < 0 )
2010-08-05 12:59:08 -06:00
goto free_modinfo ;
2005-04-16 15:20:36 -07:00
module: add syscall to load module from fd
As part of the effort to create a stronger boundary between root and
kernel, Chrome OS wants to be able to enforce that kernel modules are
being loaded only from our read-only crypto-hash verified (dm_verity)
root filesystem. Since the init_module syscall hands the kernel a module
as a memory blob, no reasoning about the origin of the blob can be made.
Earlier proposals for appending signatures to kernel modules would not be
useful in Chrome OS, since it would involve adding an additional set of
keys to our kernel and builds for no good reason: we already trust the
contents of our root filesystem. We don't need to verify those kernel
modules a second time. Having to do signature checking on module loading
would slow us down and be redundant. All we need to know is where a
module is coming from so we can say yes/no to loading it.
If a file descriptor is used as the source of a kernel module, many more
things can be reasoned about. In Chrome OS's case, we could enforce that
the module lives on the filesystem we expect it to live on. In the case
of IMA (or other LSMs), it would be possible, for example, to examine
extended attributes that may contain signatures over the contents of
the module.
This introduces a new syscall (on x86), similar to init_module, that has
only two arguments. The first argument is used as a file descriptor to
the module and the second argument is a pointer to the NULL terminated
string of module arguments.
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (merge fixes)
2012-10-16 07:31:07 +10:30
err = post_relocation ( mod , info ) ;
2005-04-16 15:20:36 -07:00
if ( err < 0 )
2010-08-05 12:59:08 -06:00
goto free_modinfo ;
2005-04-16 15:20:36 -07:00
2010-08-05 12:59:05 -06:00
flush_module_icache ( mod ) ;
2005-09-06 15:17:11 -07:00
2010-08-05 12:59:10 -06:00
/* Now copy in args */
mod - > args = strndup_user ( uargs , ~ 0UL > > 1 ) ;
if ( IS_ERR ( mod - > args ) ) {
err = PTR_ERR ( mod - > args ) ;
goto free_arch_cleanup ;
}
2006-03-25 03:07:05 -08:00
module: add syscall to load module from fd
As part of the effort to create a stronger boundary between root and
kernel, Chrome OS wants to be able to enforce that kernel modules are
being loaded only from our read-only crypto-hash verified (dm_verity)
root filesystem. Since the init_module syscall hands the kernel a module
as a memory blob, no reasoning about the origin of the blob can be made.
Earlier proposals for appending signatures to kernel modules would not be
useful in Chrome OS, since it would involve adding an additional set of
keys to our kernel and builds for no good reason: we already trust the
contents of our root filesystem. We don't need to verify those kernel
modules a second time. Having to do signature checking on module loading
would slow us down and be redundant. All we need to know is where a
module is coming from so we can say yes/no to loading it.
If a file descriptor is used as the source of a kernel module, many more
things can be reasoned about. In Chrome OS's case, we could enforce that
the module lives on the filesystem we expect it to live on. In the case
of IMA (or other LSMs), it would be possible, for example, to examine
extended attributes that may contain signatures over the contents of
the module.
This introduces a new syscall (on x86), similar to init_module, that has
only two arguments. The first argument is used as a file descriptor to
the module and the second argument is a pointer to the NULL terminated
string of module arguments.
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (merge fixes)
2012-10-16 07:31:07 +10:30
dynamic_debug_setup ( info - > debug , info - > num_debug ) ;
2010-07-03 13:07:35 +10:00
2013-01-21 17:18:59 +10:30
/* Finally it's fully formed, ready to start executing. */
err = complete_formation ( mod , info ) ;
if ( err )
2013-01-12 13:27:34 +10:30
goto ddebug_cleanup ;
2010-06-05 11:17:37 -06:00
2010-08-05 12:59:13 -06:00
/* Module is ready to execute: parsing args may do that. */
2012-03-26 12:50:51 +10:30
err = parse_args ( mod - > name , mod - > args , mod - > kp , mod - > num_kp ,
2013-07-02 15:35:12 +09:30
- 32768 , 32767 , unknown_module_param_cb ) ;
2005-04-16 15:20:36 -07:00
if ( err < 0 )
2013-01-12 13:27:34 +10:30
goto bug_cleanup ;
2005-04-16 15:20:36 -07:00
2010-08-05 12:59:13 -06:00
/* Link in to syfs. */
module: add syscall to load module from fd
As part of the effort to create a stronger boundary between root and
kernel, Chrome OS wants to be able to enforce that kernel modules are
being loaded only from our read-only crypto-hash verified (dm_verity)
root filesystem. Since the init_module syscall hands the kernel a module
as a memory blob, no reasoning about the origin of the blob can be made.
Earlier proposals for appending signatures to kernel modules would not be
useful in Chrome OS, since it would involve adding an additional set of
keys to our kernel and builds for no good reason: we already trust the
contents of our root filesystem. We don't need to verify those kernel
modules a second time. Having to do signature checking on module loading
would slow us down and be redundant. All we need to know is where a
module is coming from so we can say yes/no to loading it.
If a file descriptor is used as the source of a kernel module, many more
things can be reasoned about. In Chrome OS's case, we could enforce that
the module lives on the filesystem we expect it to live on. In the case
of IMA (or other LSMs), it would be possible, for example, to examine
extended attributes that may contain signatures over the contents of
the module.
This introduces a new syscall (on x86), similar to init_module, that has
only two arguments. The first argument is used as a file descriptor to
the module and the second argument is a pointer to the NULL terminated
string of module arguments.
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (merge fixes)
2012-10-16 07:31:07 +10:30
err = mod_sysfs_setup ( mod , info , mod - > kp , mod - > num_kp ) ;
2005-04-16 15:20:36 -07:00
if ( err < 0 )
2013-01-12 13:27:34 +10:30
goto bug_cleanup ;
2010-06-05 11:17:36 -06:00
2012-01-13 09:32:14 +10:30
/* Get rid of temporary copy. */
module: add syscall to load module from fd
As part of the effort to create a stronger boundary between root and
kernel, Chrome OS wants to be able to enforce that kernel modules are
being loaded only from our read-only crypto-hash verified (dm_verity)
root filesystem. Since the init_module syscall hands the kernel a module
as a memory blob, no reasoning about the origin of the blob can be made.
Earlier proposals for appending signatures to kernel modules would not be
useful in Chrome OS, since it would involve adding an additional set of
keys to our kernel and builds for no good reason: we already trust the
contents of our root filesystem. We don't need to verify those kernel
modules a second time. Having to do signature checking on module loading
would slow us down and be redundant. All we need to know is where a
module is coming from so we can say yes/no to loading it.
If a file descriptor is used as the source of a kernel module, many more
things can be reasoned about. In Chrome OS's case, we could enforce that
the module lives on the filesystem we expect it to live on. In the case
of IMA (or other LSMs), it would be possible, for example, to examine
extended attributes that may contain signatures over the contents of
the module.
This introduces a new syscall (on x86), similar to init_module, that has
only two arguments. The first argument is used as a file descriptor to
the module and the second argument is a pointer to the NULL terminated
string of module arguments.
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (merge fixes)
2012-10-16 07:31:07 +10:30
free_copy ( info ) ;
2005-04-16 15:20:36 -07:00
/* Done! */
2010-08-05 12:59:13 -06:00
trace_module_load ( mod ) ;
module: add syscall to load module from fd
As part of the effort to create a stronger boundary between root and
kernel, Chrome OS wants to be able to enforce that kernel modules are
being loaded only from our read-only crypto-hash verified (dm_verity)
root filesystem. Since the init_module syscall hands the kernel a module
as a memory blob, no reasoning about the origin of the blob can be made.
Earlier proposals for appending signatures to kernel modules would not be
useful in Chrome OS, since it would involve adding an additional set of
keys to our kernel and builds for no good reason: we already trust the
contents of our root filesystem. We don't need to verify those kernel
modules a second time. Having to do signature checking on module loading
would slow us down and be redundant. All we need to know is where a
module is coming from so we can say yes/no to loading it.
If a file descriptor is used as the source of a kernel module, many more
things can be reasoned about. In Chrome OS's case, we could enforce that
the module lives on the filesystem we expect it to live on. In the case
of IMA (or other LSMs), it would be possible, for example, to examine
extended attributes that may contain signatures over the contents of
the module.
This introduces a new syscall (on x86), similar to init_module, that has
only two arguments. The first argument is used as a file descriptor to
the module and the second argument is a pointer to the NULL terminated
string of module arguments.
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (merge fixes)
2012-10-16 07:31:07 +10:30
return do_init_module ( mod ) ;
2005-04-16 15:20:36 -07:00
2013-01-12 13:27:34 +10:30
bug_cleanup :
/* module_bug_cleanup needs module_mutex protection */
2010-06-05 11:17:36 -06:00
mutex_lock ( & module_mutex ) ;
2010-10-05 11:29:27 -07:00
module_bug_cleanup ( mod ) ;
2013-01-20 20:22:58 -08:00
mutex_unlock ( & module_mutex ) ;
2013-01-21 17:18:59 +10:30
ddebug_cleanup :
2013-01-12 13:27:34 +10:30
dynamic_debug_remove ( info - > debug ) ;
2009-03-31 13:05:35 -06:00
synchronize_sched ( ) ;
2010-08-05 12:59:10 -06:00
kfree ( mod - > args ) ;
free_arch_cleanup :
2005-04-16 15:20:36 -07:00
module_arch_cleanup ( mod ) ;
2010-08-05 12:59:08 -06:00
free_modinfo :
2009-09-25 00:32:58 -06:00
free_modinfo ( mod ) ;
2010-08-05 12:59:05 -06:00
free_unload :
2005-04-16 15:20:36 -07:00
module_unload_free ( mod ) ;
2013-01-12 13:27:34 +10:30
unlink_mod :
mutex_lock ( & module_mutex ) ;
/* Unlink carefully: kallsyms could be walking list. */
list_del_rcu ( & mod - > list ) ;
wake_up_all ( & module_wq ) ;
mutex_unlock ( & module_mutex ) ;
2010-08-05 12:59:08 -06:00
free_module :
module: add syscall to load module from fd
As part of the effort to create a stronger boundary between root and
kernel, Chrome OS wants to be able to enforce that kernel modules are
being loaded only from our read-only crypto-hash verified (dm_verity)
root filesystem. Since the init_module syscall hands the kernel a module
as a memory blob, no reasoning about the origin of the blob can be made.
Earlier proposals for appending signatures to kernel modules would not be
useful in Chrome OS, since it would involve adding an additional set of
keys to our kernel and builds for no good reason: we already trust the
contents of our root filesystem. We don't need to verify those kernel
modules a second time. Having to do signature checking on module loading
would slow us down and be redundant. All we need to know is where a
module is coming from so we can say yes/no to loading it.
If a file descriptor is used as the source of a kernel module, many more
things can be reasoned about. In Chrome OS's case, we could enforce that
the module lives on the filesystem we expect it to live on. In the case
of IMA (or other LSMs), it would be possible, for example, to examine
extended attributes that may contain signatures over the contents of
the module.
This introduces a new syscall (on x86), similar to init_module, that has
only two arguments. The first argument is used as a file descriptor to
the module and the second argument is a pointer to the NULL terminated
string of module arguments.
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (merge fixes)
2012-10-16 07:31:07 +10:30
module_deallocate ( mod , info ) ;
2010-08-05 12:59:08 -06:00
free_copy :
module: add syscall to load module from fd
As part of the effort to create a stronger boundary between root and
kernel, Chrome OS wants to be able to enforce that kernel modules are
being loaded only from our read-only crypto-hash verified (dm_verity)
root filesystem. Since the init_module syscall hands the kernel a module
as a memory blob, no reasoning about the origin of the blob can be made.
Earlier proposals for appending signatures to kernel modules would not be
useful in Chrome OS, since it would involve adding an additional set of
keys to our kernel and builds for no good reason: we already trust the
contents of our root filesystem. We don't need to verify those kernel
modules a second time. Having to do signature checking on module loading
would slow us down and be redundant. All we need to know is where a
module is coming from so we can say yes/no to loading it.
If a file descriptor is used as the source of a kernel module, many more
things can be reasoned about. In Chrome OS's case, we could enforce that
the module lives on the filesystem we expect it to live on. In the case
of IMA (or other LSMs), it would be possible, for example, to examine
extended attributes that may contain signatures over the contents of
the module.
This introduces a new syscall (on x86), similar to init_module, that has
only two arguments. The first argument is used as a file descriptor to
the module and the second argument is a pointer to the NULL terminated
string of module arguments.
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (merge fixes)
2012-10-16 07:31:07 +10:30
free_copy ( info ) ;
return err ;
2009-06-17 16:28:03 -07:00
}
2009-01-14 14:14:10 +01:00
SYSCALL_DEFINE3 ( init_module , void __user * , umod ,
unsigned long , len , const char __user * , uargs )
2005-04-16 15:20:36 -07:00
{
module: add syscall to load module from fd
As part of the effort to create a stronger boundary between root and
kernel, Chrome OS wants to be able to enforce that kernel modules are
being loaded only from our read-only crypto-hash verified (dm_verity)
root filesystem. Since the init_module syscall hands the kernel a module
as a memory blob, no reasoning about the origin of the blob can be made.
Earlier proposals for appending signatures to kernel modules would not be
useful in Chrome OS, since it would involve adding an additional set of
keys to our kernel and builds for no good reason: we already trust the
contents of our root filesystem. We don't need to verify those kernel
modules a second time. Having to do signature checking on module loading
would slow us down and be redundant. All we need to know is where a
module is coming from so we can say yes/no to loading it.
If a file descriptor is used as the source of a kernel module, many more
things can be reasoned about. In Chrome OS's case, we could enforce that
the module lives on the filesystem we expect it to live on. In the case
of IMA (or other LSMs), it would be possible, for example, to examine
extended attributes that may contain signatures over the contents of
the module.
This introduces a new syscall (on x86), similar to init_module, that has
only two arguments. The first argument is used as a file descriptor to
the module and the second argument is a pointer to the NULL terminated
string of module arguments.
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (merge fixes)
2012-10-16 07:31:07 +10:30
int err ;
struct load_info info = { } ;
2005-04-16 15:20:36 -07:00
module: add syscall to load module from fd
As part of the effort to create a stronger boundary between root and
kernel, Chrome OS wants to be able to enforce that kernel modules are
being loaded only from our read-only crypto-hash verified (dm_verity)
root filesystem. Since the init_module syscall hands the kernel a module
as a memory blob, no reasoning about the origin of the blob can be made.
Earlier proposals for appending signatures to kernel modules would not be
useful in Chrome OS, since it would involve adding an additional set of
keys to our kernel and builds for no good reason: we already trust the
contents of our root filesystem. We don't need to verify those kernel
modules a second time. Having to do signature checking on module loading
would slow us down and be redundant. All we need to know is where a
module is coming from so we can say yes/no to loading it.
If a file descriptor is used as the source of a kernel module, many more
things can be reasoned about. In Chrome OS's case, we could enforce that
the module lives on the filesystem we expect it to live on. In the case
of IMA (or other LSMs), it would be possible, for example, to examine
extended attributes that may contain signatures over the contents of
the module.
This introduces a new syscall (on x86), similar to init_module, that has
only two arguments. The first argument is used as a file descriptor to
the module and the second argument is a pointer to the NULL terminated
string of module arguments.
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (merge fixes)
2012-10-16 07:31:07 +10:30
err = may_init_module ( ) ;
if ( err )
return err ;
2005-04-16 15:20:36 -07:00
module: add syscall to load module from fd
As part of the effort to create a stronger boundary between root and
kernel, Chrome OS wants to be able to enforce that kernel modules are
being loaded only from our read-only crypto-hash verified (dm_verity)
root filesystem. Since the init_module syscall hands the kernel a module
as a memory blob, no reasoning about the origin of the blob can be made.
Earlier proposals for appending signatures to kernel modules would not be
useful in Chrome OS, since it would involve adding an additional set of
keys to our kernel and builds for no good reason: we already trust the
contents of our root filesystem. We don't need to verify those kernel
modules a second time. Having to do signature checking on module loading
would slow us down and be redundant. All we need to know is where a
module is coming from so we can say yes/no to loading it.
If a file descriptor is used as the source of a kernel module, many more
things can be reasoned about. In Chrome OS's case, we could enforce that
the module lives on the filesystem we expect it to live on. In the case
of IMA (or other LSMs), it would be possible, for example, to examine
extended attributes that may contain signatures over the contents of
the module.
This introduces a new syscall (on x86), similar to init_module, that has
only two arguments. The first argument is used as a file descriptor to
the module and the second argument is a pointer to the NULL terminated
string of module arguments.
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (merge fixes)
2012-10-16 07:31:07 +10:30
pr_debug ( " init_module: umod=%p, len=%lu, uargs=%p \n " ,
umod , len , uargs ) ;
2005-04-16 15:20:36 -07:00
module: add syscall to load module from fd
As part of the effort to create a stronger boundary between root and
kernel, Chrome OS wants to be able to enforce that kernel modules are
being loaded only from our read-only crypto-hash verified (dm_verity)
root filesystem. Since the init_module syscall hands the kernel a module
as a memory blob, no reasoning about the origin of the blob can be made.
Earlier proposals for appending signatures to kernel modules would not be
useful in Chrome OS, since it would involve adding an additional set of
keys to our kernel and builds for no good reason: we already trust the
contents of our root filesystem. We don't need to verify those kernel
modules a second time. Having to do signature checking on module loading
would slow us down and be redundant. All we need to know is where a
module is coming from so we can say yes/no to loading it.
If a file descriptor is used as the source of a kernel module, many more
things can be reasoned about. In Chrome OS's case, we could enforce that
the module lives on the filesystem we expect it to live on. In the case
of IMA (or other LSMs), it would be possible, for example, to examine
extended attributes that may contain signatures over the contents of
the module.
This introduces a new syscall (on x86), similar to init_module, that has
only two arguments. The first argument is used as a file descriptor to
the module and the second argument is a pointer to the NULL terminated
string of module arguments.
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (merge fixes)
2012-10-16 07:31:07 +10:30
err = copy_module_from_user ( umod , len , & info ) ;
if ( err )
return err ;
2005-04-16 15:20:36 -07:00
2012-10-22 18:09:41 +10:30
return load_module ( & info , uargs , 0 ) ;
module: add syscall to load module from fd
As part of the effort to create a stronger boundary between root and
kernel, Chrome OS wants to be able to enforce that kernel modules are
being loaded only from our read-only crypto-hash verified (dm_verity)
root filesystem. Since the init_module syscall hands the kernel a module
as a memory blob, no reasoning about the origin of the blob can be made.
Earlier proposals for appending signatures to kernel modules would not be
useful in Chrome OS, since it would involve adding an additional set of
keys to our kernel and builds for no good reason: we already trust the
contents of our root filesystem. We don't need to verify those kernel
modules a second time. Having to do signature checking on module loading
would slow us down and be redundant. All we need to know is where a
module is coming from so we can say yes/no to loading it.
If a file descriptor is used as the source of a kernel module, many more
things can be reasoned about. In Chrome OS's case, we could enforce that
the module lives on the filesystem we expect it to live on. In the case
of IMA (or other LSMs), it would be possible, for example, to examine
extended attributes that may contain signatures over the contents of
the module.
This introduces a new syscall (on x86), similar to init_module, that has
only two arguments. The first argument is used as a file descriptor to
the module and the second argument is a pointer to the NULL terminated
string of module arguments.
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (merge fixes)
2012-10-16 07:31:07 +10:30
}
2010-11-29 13:15:42 -05:00
2012-10-22 18:09:41 +10:30
SYSCALL_DEFINE3 ( finit_module , int , fd , const char __user * , uargs , int , flags )
module: add syscall to load module from fd
As part of the effort to create a stronger boundary between root and
kernel, Chrome OS wants to be able to enforce that kernel modules are
being loaded only from our read-only crypto-hash verified (dm_verity)
root filesystem. Since the init_module syscall hands the kernel a module
as a memory blob, no reasoning about the origin of the blob can be made.
Earlier proposals for appending signatures to kernel modules would not be
useful in Chrome OS, since it would involve adding an additional set of
keys to our kernel and builds for no good reason: we already trust the
contents of our root filesystem. We don't need to verify those kernel
modules a second time. Having to do signature checking on module loading
would slow us down and be redundant. All we need to know is where a
module is coming from so we can say yes/no to loading it.
If a file descriptor is used as the source of a kernel module, many more
things can be reasoned about. In Chrome OS's case, we could enforce that
the module lives on the filesystem we expect it to live on. In the case
of IMA (or other LSMs), it would be possible, for example, to examine
extended attributes that may contain signatures over the contents of
the module.
This introduces a new syscall (on x86), similar to init_module, that has
only two arguments. The first argument is used as a file descriptor to
the module and the second argument is a pointer to the NULL terminated
string of module arguments.
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (merge fixes)
2012-10-16 07:31:07 +10:30
{
int err ;
struct load_info info = { } ;
2010-11-29 13:15:42 -05:00
module: add syscall to load module from fd
As part of the effort to create a stronger boundary between root and
kernel, Chrome OS wants to be able to enforce that kernel modules are
being loaded only from our read-only crypto-hash verified (dm_verity)
root filesystem. Since the init_module syscall hands the kernel a module
as a memory blob, no reasoning about the origin of the blob can be made.
Earlier proposals for appending signatures to kernel modules would not be
useful in Chrome OS, since it would involve adding an additional set of
keys to our kernel and builds for no good reason: we already trust the
contents of our root filesystem. We don't need to verify those kernel
modules a second time. Having to do signature checking on module loading
would slow us down and be redundant. All we need to know is where a
module is coming from so we can say yes/no to loading it.
If a file descriptor is used as the source of a kernel module, many more
things can be reasoned about. In Chrome OS's case, we could enforce that
the module lives on the filesystem we expect it to live on. In the case
of IMA (or other LSMs), it would be possible, for example, to examine
extended attributes that may contain signatures over the contents of
the module.
This introduces a new syscall (on x86), similar to init_module, that has
only two arguments. The first argument is used as a file descriptor to
the module and the second argument is a pointer to the NULL terminated
string of module arguments.
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (merge fixes)
2012-10-16 07:31:07 +10:30
err = may_init_module ( ) ;
if ( err )
return err ;
2005-04-16 15:20:36 -07:00
2012-10-22 18:09:41 +10:30
pr_debug ( " finit_module: fd=%d, uargs=%p, flags=%i \n " , fd , uargs , flags ) ;
2008-03-10 11:43:52 -07:00
2012-10-22 18:09:41 +10:30
if ( flags & ~ ( MODULE_INIT_IGNORE_MODVERSIONS
| MODULE_INIT_IGNORE_VERMAGIC ) )
return - EINVAL ;
async: Fix module loading async-work regression
Several drivers use asynchronous work to do device discovery, and we
synchronize with them in the compiled-in case before we actually try to
mount root filesystems etc.
However, when compiled as modules, that synchronization is missing - the
module loading completes, but the driver hasn't actually finished
probing for devices, and that means that any user mode that expects to
use the devices after the 'insmod' is now potentially broken.
We already saw one case of a similar issue in the ACPI battery code,
where the kernel itself expected the module to be all done, and unmapped
the init memory - but the async device discovery was still running.
That got hacked around by just removing the "__init" (see commit
5d38258ec026921a7b266f4047ebeaa75db358e5 "ACPI battery: fix async boot
oops"), but the real fix is to just make the module loading wait for all
async work to be completed.
It will slow down module loading, but since common devices should be
built in anyway, and since the bug is really annoying and hard to handle
from user space (and caused several S3 resume regressions), the simple
fix to wait is the right one.
This fixes at least
http://bugzilla.kernel.org/show_bug.cgi?id=13063
but probably a few other bugzilla entries too (12936, for example), and
is confirmed to fix Rafael's storage driver breakage after resume bug
report (no bugzilla entry).
We should also be able to now revert that ACPI battery fix.
Reported-and-tested-by: Rafael J. Wysocki <rjw@suse.com>
Tested-by: Heinz Diehl <htd@fancy-poultry.org>
Acked-by: Arjan van de Ven <arjan@linux.intel.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-04-10 12:17:41 -07:00
module: add syscall to load module from fd
As part of the effort to create a stronger boundary between root and
kernel, Chrome OS wants to be able to enforce that kernel modules are
being loaded only from our read-only crypto-hash verified (dm_verity)
root filesystem. Since the init_module syscall hands the kernel a module
as a memory blob, no reasoning about the origin of the blob can be made.
Earlier proposals for appending signatures to kernel modules would not be
useful in Chrome OS, since it would involve adding an additional set of
keys to our kernel and builds for no good reason: we already trust the
contents of our root filesystem. We don't need to verify those kernel
modules a second time. Having to do signature checking on module loading
would slow us down and be redundant. All we need to know is where a
module is coming from so we can say yes/no to loading it.
If a file descriptor is used as the source of a kernel module, many more
things can be reasoned about. In Chrome OS's case, we could enforce that
the module lives on the filesystem we expect it to live on. In the case
of IMA (or other LSMs), it would be possible, for example, to examine
extended attributes that may contain signatures over the contents of
the module.
This introduces a new syscall (on x86), similar to init_module, that has
only two arguments. The first argument is used as a file descriptor to
the module and the second argument is a pointer to the NULL terminated
string of module arguments.
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (merge fixes)
2012-10-16 07:31:07 +10:30
err = copy_module_from_fd ( fd , & info ) ;
if ( err )
return err ;
2005-04-16 15:20:36 -07:00
2012-10-22 18:09:41 +10:30
return load_module ( & info , uargs , flags ) ;
2005-04-16 15:20:36 -07:00
}
static inline int within ( unsigned long addr , void * start , unsigned long size )
{
return ( ( void * ) addr > = start & & ( void * ) addr < start + size ) ;
}
# ifdef CONFIG_KALLSYMS
/*
* This ignores the intensely annoying " mapping symbols " found
* in ARM ELF files : $ a , $ t and $ d .
*/
static inline int is_arm_mapping_symbol ( const char * str )
{
2007-10-18 03:06:07 -07:00
return str [ 0 ] = = ' $ ' & & strchr ( " atd " , str [ 1 ] )
2005-04-16 15:20:36 -07:00
& & ( str [ 2 ] = = ' \0 ' | | str [ 2 ] = = ' . ' ) ;
}
static const char * get_ksymbol ( struct module * mod ,
unsigned long addr ,
unsigned long * size ,
unsigned long * offset )
{
unsigned int i , best = 0 ;
unsigned long nextval ;
/* At worse, next value is at end of module */
2009-01-06 14:41:49 -08:00
if ( within_module_init ( addr , mod ) )
2005-04-16 15:20:36 -07:00
nextval = ( unsigned long ) mod - > module_init + mod - > init_text_size ;
2007-10-18 03:06:07 -07:00
else
2005-04-16 15:20:36 -07:00
nextval = ( unsigned long ) mod - > module_core + mod - > core_text_size ;
2011-03-30 22:57:33 -03:00
/* Scan for closest preceding symbol, and next symbol. (ELF
2007-10-18 03:06:07 -07:00
starts real symbols at 1 ) . */
2005-04-16 15:20:36 -07:00
for ( i = 1 ; i < mod - > num_symtab ; i + + ) {
if ( mod - > symtab [ i ] . st_shndx = = SHN_UNDEF )
continue ;
/* We ignore unnamed symbols: they're uninformative
* and inserted at a whim . */
if ( mod - > symtab [ i ] . st_value < = addr
& & mod - > symtab [ i ] . st_value > mod - > symtab [ best ] . st_value
& & * ( mod - > strtab + mod - > symtab [ i ] . st_name ) ! = ' \0 '
& & ! is_arm_mapping_symbol ( mod - > strtab + mod - > symtab [ i ] . st_name ) )
best = i ;
if ( mod - > symtab [ i ] . st_value > addr
& & mod - > symtab [ i ] . st_value < nextval
& & * ( mod - > strtab + mod - > symtab [ i ] . st_name ) ! = ' \0 '
& & ! is_arm_mapping_symbol ( mod - > strtab + mod - > symtab [ i ] . st_name ) )
nextval = mod - > symtab [ i ] . st_value ;
}
if ( ! best )
return NULL ;
2007-05-08 00:28:41 -07:00
if ( size )
* size = nextval - mod - > symtab [ best ] . st_value ;
if ( offset )
* offset = addr - mod - > symtab [ best ] . st_value ;
2005-04-16 15:20:36 -07:00
return mod - > strtab + mod - > symtab [ best ] . st_name ;
}
2008-01-29 17:13:22 -05:00
/* For kallsyms to ask for address resolution. NULL means not found. Careful
* not to lock to avoid deadlock on oopses , simply disable preemption . */
2008-02-08 04:18:43 -08:00
const char * module_address_lookup ( unsigned long addr ,
2008-01-29 17:13:22 -05:00
unsigned long * size ,
unsigned long * offset ,
char * * modname ,
char * namebuf )
2005-04-16 15:20:36 -07:00
{
struct module * mod ;
2008-01-14 00:55:03 -08:00
const char * ret = NULL ;
2005-04-16 15:20:36 -07:00
2008-01-14 00:55:03 -08:00
preempt_disable ( ) ;
2008-08-30 10:09:00 +02:00
list_for_each_entry_rcu ( mod , & modules , list ) {
2013-01-12 11:38:44 +10:30
if ( mod - > state = = MODULE_STATE_UNFORMED )
continue ;
2009-01-06 14:41:49 -08:00
if ( within_module_init ( addr , mod ) | |
within_module_core ( addr , mod ) ) {
2006-10-03 01:13:48 -07:00
if ( modname )
* modname = mod - > name ;
2008-01-14 00:55:03 -08:00
ret = get_ksymbol ( mod , addr , size , offset ) ;
break ;
2005-04-16 15:20:36 -07:00
}
}
2008-01-29 17:13:22 -05:00
/* Make a copy in here where it's safe */
if ( ret ) {
strncpy ( namebuf , ret , KSYM_NAME_LEN - 1 ) ;
ret = namebuf ;
}
2008-01-14 00:55:03 -08:00
preempt_enable ( ) ;
2008-02-08 04:18:43 -08:00
return ret ;
2005-04-16 15:20:36 -07:00
}
2007-05-08 00:28:43 -07:00
int lookup_module_symbol_name ( unsigned long addr , char * symname )
{
struct module * mod ;
2008-01-14 00:55:03 -08:00
preempt_disable ( ) ;
2008-08-30 10:09:00 +02:00
list_for_each_entry_rcu ( mod , & modules , list ) {
2013-01-12 11:38:44 +10:30
if ( mod - > state = = MODULE_STATE_UNFORMED )
continue ;
2009-01-06 14:41:49 -08:00
if ( within_module_init ( addr , mod ) | |
within_module_core ( addr , mod ) ) {
2007-05-08 00:28:43 -07:00
const char * sym ;
sym = get_ksymbol ( mod , addr , NULL , NULL ) ;
if ( ! sym )
goto out ;
2007-07-17 04:03:51 -07:00
strlcpy ( symname , sym , KSYM_NAME_LEN ) ;
2008-01-14 00:55:03 -08:00
preempt_enable ( ) ;
2007-05-08 00:28:43 -07:00
return 0 ;
}
}
out :
2008-01-14 00:55:03 -08:00
preempt_enable ( ) ;
2007-05-08 00:28:43 -07:00
return - ERANGE ;
}
2007-05-08 00:28:47 -07:00
int lookup_module_symbol_attrs ( unsigned long addr , unsigned long * size ,
unsigned long * offset , char * modname , char * name )
{
struct module * mod ;
2008-01-14 00:55:03 -08:00
preempt_disable ( ) ;
2008-08-30 10:09:00 +02:00
list_for_each_entry_rcu ( mod , & modules , list ) {
2013-01-12 11:38:44 +10:30
if ( mod - > state = = MODULE_STATE_UNFORMED )
continue ;
2009-01-06 14:41:49 -08:00
if ( within_module_init ( addr , mod ) | |
within_module_core ( addr , mod ) ) {
2007-05-08 00:28:47 -07:00
const char * sym ;
sym = get_ksymbol ( mod , addr , size , offset ) ;
if ( ! sym )
goto out ;
if ( modname )
2007-07-17 04:03:51 -07:00
strlcpy ( modname , mod - > name , MODULE_NAME_LEN ) ;
2007-05-08 00:28:47 -07:00
if ( name )
2007-07-17 04:03:51 -07:00
strlcpy ( name , sym , KSYM_NAME_LEN ) ;
2008-01-14 00:55:03 -08:00
preempt_enable ( ) ;
2007-05-08 00:28:47 -07:00
return 0 ;
}
}
out :
2008-01-14 00:55:03 -08:00
preempt_enable ( ) ;
2007-05-08 00:28:47 -07:00
return - ERANGE ;
}
2007-05-08 00:28:39 -07:00
int module_get_kallsym ( unsigned int symnum , unsigned long * value , char * type ,
char * name , char * module_name , int * exported )
2005-04-16 15:20:36 -07:00
{
struct module * mod ;
2008-01-14 00:55:03 -08:00
preempt_disable ( ) ;
2008-08-30 10:09:00 +02:00
list_for_each_entry_rcu ( mod , & modules , list ) {
2013-01-12 11:38:44 +10:30
if ( mod - > state = = MODULE_STATE_UNFORMED )
continue ;
2005-04-16 15:20:36 -07:00
if ( symnum < mod - > num_symtab ) {
* value = mod - > symtab [ symnum ] . st_value ;
* type = mod - > symtab [ symnum ] . st_info ;
2006-07-14 00:24:04 -07:00
strlcpy ( name , mod - > strtab + mod - > symtab [ symnum ] . st_name ,
2007-07-17 04:03:51 -07:00
KSYM_NAME_LEN ) ;
strlcpy ( module_name , mod - > name , MODULE_NAME_LEN ) ;
2009-01-05 08:40:10 -06:00
* exported = is_exported ( name , * value , mod ) ;
2008-01-14 00:55:03 -08:00
preempt_enable ( ) ;
2007-05-08 00:28:39 -07:00
return 0 ;
2005-04-16 15:20:36 -07:00
}
symnum - = mod - > num_symtab ;
}
2008-01-14 00:55:03 -08:00
preempt_enable ( ) ;
2007-05-08 00:28:39 -07:00
return - ERANGE ;
2005-04-16 15:20:36 -07:00
}
static unsigned long mod_find_symname ( struct module * mod , const char * name )
{
unsigned int i ;
for ( i = 0 ; i < mod - > num_symtab ; i + + )
2006-02-03 03:03:53 -08:00
if ( strcmp ( name , mod - > strtab + mod - > symtab [ i ] . st_name ) = = 0 & &
mod - > symtab [ i ] . st_info ! = ' U ' )
2005-04-16 15:20:36 -07:00
return mod - > symtab [ i ] . st_value ;
return 0 ;
}
/* Look for this name: can be of form module:name. */
unsigned long module_kallsyms_lookup_name ( const char * name )
{
struct module * mod ;
char * colon ;
unsigned long ret = 0 ;
/* Don't lock: we're in enough trouble already. */
2008-01-14 00:55:03 -08:00
preempt_disable ( ) ;
2005-04-16 15:20:36 -07:00
if ( ( colon = strchr ( name , ' : ' ) ) ! = NULL ) {
2013-07-02 15:35:11 +09:30
if ( ( mod = find_module_all ( name , colon - name , false ) ) ! = NULL )
2005-04-16 15:20:36 -07:00
ret = mod_find_symname ( mod , colon + 1 ) ;
} else {
2013-01-12 11:38:44 +10:30
list_for_each_entry_rcu ( mod , & modules , list ) {
if ( mod - > state = = MODULE_STATE_UNFORMED )
continue ;
2005-04-16 15:20:36 -07:00
if ( ( ret = mod_find_symname ( mod , name ) ) ! = 0 )
break ;
2013-01-12 11:38:44 +10:30
}
2005-04-16 15:20:36 -07:00
}
2008-01-14 00:55:03 -08:00
preempt_enable ( ) ;
2005-04-16 15:20:36 -07:00
return ret ;
}
2008-12-05 19:03:58 -05:00
int module_kallsyms_on_each_symbol ( int ( * fn ) ( void * , const char * ,
struct module * , unsigned long ) ,
void * data )
{
struct module * mod ;
unsigned int i ;
int ret ;
list_for_each_entry ( mod , & modules , list ) {
2013-01-12 11:38:44 +10:30
if ( mod - > state = = MODULE_STATE_UNFORMED )
continue ;
2008-12-05 19:03:58 -05:00
for ( i = 0 ; i < mod - > num_symtab ; i + + ) {
ret = fn ( data , mod - > strtab + mod - > symtab [ i ] . st_name ,
mod , mod - > symtab [ i ] . st_value ) ;
if ( ret ! = 0 )
return ret ;
}
}
return 0 ;
}
2005-04-16 15:20:36 -07:00
# endif /* CONFIG_KALLSYMS */
2008-01-25 21:08:33 +01:00
static char * module_flags ( struct module * mod , char * buf )
2006-10-11 01:21:48 -07:00
{
int bx = 0 ;
2013-01-12 11:38:44 +10:30
BUG_ON ( mod - > state = = MODULE_STATE_UNFORMED ) ;
2008-01-25 21:08:33 +01:00
if ( mod - > taints | |
mod - > state = = MODULE_STATE_GOING | |
mod - > state = = MODULE_STATE_COMING ) {
2006-10-11 01:21:48 -07:00
buf [ bx + + ] = ' ( ' ;
2012-01-13 09:32:15 +10:30
bx + = module_flags_taint ( mod , buf + bx ) ;
2008-01-25 21:08:33 +01:00
/* Show a - for module-is-being-unloaded */
if ( mod - > state = = MODULE_STATE_GOING )
buf [ bx + + ] = ' - ' ;
/* Show a + for module-is-being-loaded */
if ( mod - > state = = MODULE_STATE_COMING )
buf [ bx + + ] = ' + ' ;
2006-10-11 01:21:48 -07:00
buf [ bx + + ] = ' ) ' ;
}
buf [ bx ] = ' \0 ' ;
return buf ;
}
2008-10-06 13:19:27 +04:00
# ifdef CONFIG_PROC_FS
/* Called by the /proc file system to return a list of modules. */
static void * m_start ( struct seq_file * m , loff_t * pos )
{
mutex_lock ( & module_mutex ) ;
return seq_list_start ( & modules , * pos ) ;
}
static void * m_next ( struct seq_file * m , void * p , loff_t * pos )
{
return seq_list_next ( p , & modules , pos ) ;
}
static void m_stop ( struct seq_file * m , void * p )
{
mutex_unlock ( & module_mutex ) ;
}
2005-04-16 15:20:36 -07:00
static int m_show ( struct seq_file * m , void * p )
{
struct module * mod = list_entry ( p , struct module , list ) ;
2006-10-11 01:21:48 -07:00
char buf [ 8 ] ;
2013-01-12 11:38:44 +10:30
/* We always ignore unformed modules. */
if ( mod - > state = = MODULE_STATE_UNFORMED )
return 0 ;
2008-07-22 19:24:27 -05:00
seq_printf ( m , " %s %u " ,
2005-04-16 15:20:36 -07:00
mod - > name , mod - > init_size + mod - > core_size ) ;
print_unload_info ( m , mod ) ;
/* Informative for users. */
seq_printf ( m , " %s " ,
mod - > state = = MODULE_STATE_GOING ? " Unloading " :
mod - > state = = MODULE_STATE_COMING ? " Loading " :
" Live " ) ;
/* Used by oprofile and other similar tools. */
2011-03-22 16:34:22 -07:00
seq_printf ( m , " 0x%pK " , mod - > module_core ) ;
2005-04-16 15:20:36 -07:00
2006-10-11 01:21:48 -07:00
/* Taints info */
if ( mod - > taints )
2008-01-25 21:08:33 +01:00
seq_printf ( m , " %s " , module_flags ( mod , buf ) ) ;
2006-10-11 01:21:48 -07:00
2005-04-16 15:20:36 -07:00
seq_printf ( m , " \n " ) ;
return 0 ;
}
/* Format: modulename size refcount deps address
Where refcount is a number or - , and deps is a comma - separated list
of depends or - .
*/
2008-10-06 13:19:27 +04:00
static const struct seq_operations modules_op = {
2005-04-16 15:20:36 -07:00
. start = m_start ,
. next = m_next ,
. stop = m_stop ,
. show = m_show
} ;
2008-10-06 13:19:27 +04:00
static int modules_open ( struct inode * inode , struct file * file )
{
return seq_open ( file , & modules_op ) ;
}
static const struct file_operations proc_modules_operations = {
. open = modules_open ,
. read = seq_read ,
. llseek = seq_lseek ,
. release = seq_release ,
} ;
static int __init proc_modules_init ( void )
{
proc_create ( " modules " , 0 , NULL , & proc_modules_operations ) ;
return 0 ;
}
module_init ( proc_modules_init ) ;
# endif
2005-04-16 15:20:36 -07:00
/* Given an address, look for it in the module exception tables. */
const struct exception_table_entry * search_module_extables ( unsigned long addr )
{
const struct exception_table_entry * e = NULL ;
struct module * mod ;
2007-07-15 23:41:46 -07:00
preempt_disable ( ) ;
2008-08-30 10:09:00 +02:00
list_for_each_entry_rcu ( mod , & modules , list ) {
2013-01-12 11:38:44 +10:30
if ( mod - > state = = MODULE_STATE_UNFORMED )
continue ;
2005-04-16 15:20:36 -07:00
if ( mod - > num_exentries = = 0 )
continue ;
2007-10-18 03:06:07 -07:00
2005-04-16 15:20:36 -07:00
e = search_extable ( mod - > extable ,
mod - > extable + mod - > num_exentries - 1 ,
addr ) ;
if ( e )
break ;
}
2007-07-15 23:41:46 -07:00
preempt_enable ( ) ;
2005-04-16 15:20:36 -07:00
/* Now, if we found one, we are running inside it now, hence
2007-10-18 03:06:07 -07:00
we cannot unload the module , hence no refcnt needed . */
2005-04-16 15:20:36 -07:00
return e ;
}
2006-07-03 00:24:24 -07:00
/*
2009-03-31 13:05:31 -06:00
* is_module_address - is this address inside a module ?
* @ addr : the address to check .
*
* See is_module_text_address ( ) if you simply want to see if the address
* is code ( not data ) .
2006-07-03 00:24:24 -07:00
*/
2009-03-31 13:05:31 -06:00
bool is_module_address ( unsigned long addr )
2006-07-03 00:24:24 -07:00
{
2009-03-31 13:05:31 -06:00
bool ret ;
2006-07-03 00:24:24 -07:00
2007-07-15 23:41:46 -07:00
preempt_disable ( ) ;
2009-03-31 13:05:31 -06:00
ret = __module_address ( addr ) ! = NULL ;
2007-07-15 23:41:46 -07:00
preempt_enable ( ) ;
2006-07-03 00:24:24 -07:00
2009-03-31 13:05:31 -06:00
return ret ;
2006-07-03 00:24:24 -07:00
}
2009-03-31 13:05:31 -06:00
/*
* __module_address - get the module which contains an address .
* @ addr : the address .
*
* Must be called with preempt disabled or module mutex held so that
* module doesn ' t get freed during this .
*/
2009-04-05 11:04:19 -07:00
struct module * __module_address ( unsigned long addr )
2005-04-16 15:20:36 -07:00
{
struct module * mod ;
2008-07-22 19:24:28 -05:00
if ( addr < module_addr_min | | addr > module_addr_max )
return NULL ;
2013-01-12 11:38:44 +10:30
list_for_each_entry_rcu ( mod , & modules , list ) {
if ( mod - > state = = MODULE_STATE_UNFORMED )
continue ;
2009-03-31 13:05:31 -06:00
if ( within_module_core ( addr , mod )
| | within_module_init ( addr , mod ) )
2005-04-16 15:20:36 -07:00
return mod ;
2013-01-12 11:38:44 +10:30
}
2005-04-16 15:20:36 -07:00
return NULL ;
}
2008-12-05 19:03:59 -05:00
EXPORT_SYMBOL_GPL ( __module_address ) ;
2005-04-16 15:20:36 -07:00
2009-03-31 13:05:31 -06:00
/*
* is_module_text_address - is this address inside module code ?
* @ addr : the address to check .
*
* See is_module_address ( ) if you simply want to see if the address is
* anywhere in a module . See kernel_text_address ( ) for testing if an
* address corresponds to kernel or module code .
*/
bool is_module_text_address ( unsigned long addr )
{
bool ret ;
preempt_disable ( ) ;
ret = __module_text_address ( addr ) ! = NULL ;
preempt_enable ( ) ;
return ret ;
}
/*
* __module_text_address - get the module whose code contains an address .
* @ addr : the address .
*
* Must be called with preempt disabled or module mutex held so that
* module doesn ' t get freed during this .
*/
struct module * __module_text_address ( unsigned long addr )
{
struct module * mod = __module_address ( addr ) ;
if ( mod ) {
/* Make sure it's within the text section. */
if ( ! within ( addr , mod - > module_init , mod - > init_text_size )
& & ! within ( addr , mod - > module_core , mod - > core_text_size ) )
mod = NULL ;
}
return mod ;
}
2008-12-05 19:03:59 -05:00
EXPORT_SYMBOL_GPL ( __module_text_address ) ;
2009-03-31 13:05:31 -06:00
2005-04-16 15:20:36 -07:00
/* Don't grab lock, we're oopsing. */
void print_modules ( void )
{
struct module * mod ;
2006-10-02 02:17:02 -07:00
char buf [ 8 ] ;
2005-04-16 15:20:36 -07:00
2009-06-16 11:07:14 -07:00
printk ( KERN_DEFAULT " Modules linked in: " ) ;
2008-08-30 10:09:00 +02:00
/* Most callers should already have preempt disabled, but make sure */
preempt_disable ( ) ;
2013-01-12 11:38:44 +10:30
list_for_each_entry_rcu ( mod , & modules , list ) {
if ( mod - > state = = MODULE_STATE_UNFORMED )
continue ;
2008-01-25 21:08:33 +01:00
printk ( " %s%s " , mod - > name , module_flags ( mod , buf ) ) ;
2013-01-12 11:38:44 +10:30
}
2008-08-30 10:09:00 +02:00
preempt_enable ( ) ;
2008-01-25 21:08:33 +01:00
if ( last_unloaded_module [ 0 ] )
printk ( " [last unloaded: %s] " , last_unloaded_module ) ;
2005-04-16 15:20:36 -07:00
printk ( " \n " ) ;
}
# ifdef CONFIG_MODVERSIONS
2009-03-31 13:05:34 -06:00
/* Generate the signature for all relevant module structures here.
* If these change , we don ' t want to try to parse the module . */
void module_layout ( struct module * mod ,
struct modversion_info * ver ,
struct kernel_param * kp ,
struct kernel_symbol * ks ,
2011-01-26 17:26:22 -05:00
struct tracepoint * const * tp )
2009-03-31 13:05:34 -06:00
{
}
EXPORT_SYMBOL ( module_layout ) ;
2005-04-16 15:20:36 -07:00
# endif