[PATCH] fix Module taint flags listing in Oops/panic
Module taint flags listing in Oops/panic has a couple of issues: * taint_flags() doesn't null-terminate the buffer after printing the flags * per-module taints are only set if the kernel is not already tainted (with that particular flag) => only the first offending module gets its taint info correctly updated Some additional changes: * 'license_gplok' is no longer needed - equivalent to !(taints & TAINT_PROPRIETARY_MODULE) - so we can drop it from struct module * exporting module taint info via /proc/module: pwc 88576 0 - Live 0xf8c32000 evilmod 6784 1 pwc, Live 0xf8bbf000 (PF) Signed-off-by: Florin Malita <fmalita@gmail.com> Cc: "Randy.Dunlap" <rdunlap@xenotime.net> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
This commit is contained in:
parent
3719bc5c22
commit
fa3ba2e81e
@ -317,9 +317,6 @@ struct module
|
|||||||
/* Am I unsafe to unload? */
|
/* Am I unsafe to unload? */
|
||||||
int unsafe;
|
int unsafe;
|
||||||
|
|
||||||
/* Am I GPL-compatible */
|
|
||||||
int license_gplok;
|
|
||||||
|
|
||||||
unsigned int taints; /* same bits as kernel:tainted */
|
unsigned int taints; /* same bits as kernel:tainted */
|
||||||
|
|
||||||
#ifdef CONFIG_MODULE_UNLOAD
|
#ifdef CONFIG_MODULE_UNLOAD
|
||||||
|
@ -87,6 +87,12 @@ static inline int strong_try_module_get(struct module *mod)
|
|||||||
return try_module_get(mod);
|
return try_module_get(mod);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static inline void add_taint_module(struct module *mod, unsigned flag)
|
||||||
|
{
|
||||||
|
add_taint(flag);
|
||||||
|
mod->taints |= flag;
|
||||||
|
}
|
||||||
|
|
||||||
/* A thread that wants to hold a reference to a module only while it
|
/* A thread that wants to hold a reference to a module only while it
|
||||||
* is running can call ths to safely exit.
|
* is running can call ths to safely exit.
|
||||||
* nfsd and lockd use this.
|
* nfsd and lockd use this.
|
||||||
@ -847,12 +853,10 @@ static int check_version(Elf_Shdr *sechdrs,
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
/* Not in module's version table. OK, but that taints the kernel. */
|
/* Not in module's version table. OK, but that taints the kernel. */
|
||||||
if (!(tainted & TAINT_FORCED_MODULE)) {
|
if (!(tainted & TAINT_FORCED_MODULE))
|
||||||
printk("%s: no version for \"%s\" found: kernel tainted.\n",
|
printk("%s: no version for \"%s\" found: kernel tainted.\n",
|
||||||
mod->name, symname);
|
mod->name, symname);
|
||||||
add_taint(TAINT_FORCED_MODULE);
|
add_taint_module(mod, TAINT_FORCED_MODULE);
|
||||||
mod->taints |= TAINT_FORCED_MODULE;
|
|
||||||
}
|
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -910,7 +914,8 @@ static unsigned long resolve_symbol(Elf_Shdr *sechdrs,
|
|||||||
unsigned long ret;
|
unsigned long ret;
|
||||||
const unsigned long *crc;
|
const unsigned long *crc;
|
||||||
|
|
||||||
ret = __find_symbol(name, &owner, &crc, mod->license_gplok);
|
ret = __find_symbol(name, &owner, &crc,
|
||||||
|
!(mod->taints & TAINT_PROPRIETARY_MODULE));
|
||||||
if (ret) {
|
if (ret) {
|
||||||
/* use_module can fail due to OOM, or module unloading */
|
/* use_module can fail due to OOM, or module unloading */
|
||||||
if (!check_version(sechdrs, versindex, name, mod, crc) ||
|
if (!check_version(sechdrs, versindex, name, mod, crc) ||
|
||||||
@ -1335,12 +1340,11 @@ static void set_license(struct module *mod, const char *license)
|
|||||||
if (!license)
|
if (!license)
|
||||||
license = "unspecified";
|
license = "unspecified";
|
||||||
|
|
||||||
mod->license_gplok = license_is_gpl_compatible(license);
|
if (!license_is_gpl_compatible(license)) {
|
||||||
if (!mod->license_gplok && !(tainted & TAINT_PROPRIETARY_MODULE)) {
|
if (!(tainted & TAINT_PROPRIETARY_MODULE))
|
||||||
printk(KERN_WARNING "%s: module license '%s' taints kernel.\n",
|
printk(KERN_WARNING "%s: module license '%s' taints"
|
||||||
mod->name, license);
|
"kernel.\n", mod->name, license);
|
||||||
add_taint(TAINT_PROPRIETARY_MODULE);
|
add_taint_module(mod, TAINT_PROPRIETARY_MODULE);
|
||||||
mod->taints |= TAINT_PROPRIETARY_MODULE;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1619,8 +1623,7 @@ static struct module *load_module(void __user *umod,
|
|||||||
modmagic = get_modinfo(sechdrs, infoindex, "vermagic");
|
modmagic = get_modinfo(sechdrs, infoindex, "vermagic");
|
||||||
/* This is allowed: modprobe --force will invalidate it. */
|
/* This is allowed: modprobe --force will invalidate it. */
|
||||||
if (!modmagic) {
|
if (!modmagic) {
|
||||||
add_taint(TAINT_FORCED_MODULE);
|
add_taint_module(mod, TAINT_FORCED_MODULE);
|
||||||
mod->taints |= TAINT_FORCED_MODULE;
|
|
||||||
printk(KERN_WARNING "%s: no version magic, tainting kernel.\n",
|
printk(KERN_WARNING "%s: no version magic, tainting kernel.\n",
|
||||||
mod->name);
|
mod->name);
|
||||||
} else if (!same_magic(modmagic, vermagic)) {
|
} else if (!same_magic(modmagic, vermagic)) {
|
||||||
@ -1714,14 +1717,10 @@ static struct module *load_module(void __user *umod,
|
|||||||
/* Set up license info based on the info section */
|
/* Set up license info based on the info section */
|
||||||
set_license(mod, get_modinfo(sechdrs, infoindex, "license"));
|
set_license(mod, get_modinfo(sechdrs, infoindex, "license"));
|
||||||
|
|
||||||
if (strcmp(mod->name, "ndiswrapper") == 0) {
|
if (strcmp(mod->name, "ndiswrapper") == 0)
|
||||||
add_taint(TAINT_PROPRIETARY_MODULE);
|
add_taint_module(mod, TAINT_PROPRIETARY_MODULE);
|
||||||
mod->taints |= TAINT_PROPRIETARY_MODULE;
|
if (strcmp(mod->name, "driverloader") == 0)
|
||||||
}
|
add_taint_module(mod, TAINT_PROPRIETARY_MODULE);
|
||||||
if (strcmp(mod->name, "driverloader") == 0) {
|
|
||||||
add_taint(TAINT_PROPRIETARY_MODULE);
|
|
||||||
mod->taints |= TAINT_PROPRIETARY_MODULE;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Set up MODINFO_ATTR fields */
|
/* Set up MODINFO_ATTR fields */
|
||||||
setup_modinfo(mod, sechdrs, infoindex);
|
setup_modinfo(mod, sechdrs, infoindex);
|
||||||
@ -1766,8 +1765,7 @@ static struct module *load_module(void __user *umod,
|
|||||||
(mod->num_unused_gpl_syms && !unusedgplcrcindex)) {
|
(mod->num_unused_gpl_syms && !unusedgplcrcindex)) {
|
||||||
printk(KERN_WARNING "%s: No versions for exported symbols."
|
printk(KERN_WARNING "%s: No versions for exported symbols."
|
||||||
" Tainting kernel.\n", mod->name);
|
" Tainting kernel.\n", mod->name);
|
||||||
add_taint(TAINT_FORCED_MODULE);
|
add_taint_module(mod, TAINT_FORCED_MODULE);
|
||||||
mod->taints |= TAINT_FORCED_MODULE;
|
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -2132,9 +2130,33 @@ static void m_stop(struct seq_file *m, void *p)
|
|||||||
mutex_unlock(&module_mutex);
|
mutex_unlock(&module_mutex);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static char *taint_flags(unsigned int taints, char *buf)
|
||||||
|
{
|
||||||
|
int bx = 0;
|
||||||
|
|
||||||
|
if (taints) {
|
||||||
|
buf[bx++] = '(';
|
||||||
|
if (taints & TAINT_PROPRIETARY_MODULE)
|
||||||
|
buf[bx++] = 'P';
|
||||||
|
if (taints & TAINT_FORCED_MODULE)
|
||||||
|
buf[bx++] = 'F';
|
||||||
|
/*
|
||||||
|
* TAINT_FORCED_RMMOD: could be added.
|
||||||
|
* TAINT_UNSAFE_SMP, TAINT_MACHINE_CHECK, TAINT_BAD_PAGE don't
|
||||||
|
* apply to modules.
|
||||||
|
*/
|
||||||
|
buf[bx++] = ')';
|
||||||
|
}
|
||||||
|
buf[bx] = '\0';
|
||||||
|
|
||||||
|
return buf;
|
||||||
|
}
|
||||||
|
|
||||||
static int m_show(struct seq_file *m, void *p)
|
static int m_show(struct seq_file *m, void *p)
|
||||||
{
|
{
|
||||||
struct module *mod = list_entry(p, struct module, list);
|
struct module *mod = list_entry(p, struct module, list);
|
||||||
|
char buf[8];
|
||||||
|
|
||||||
seq_printf(m, "%s %lu",
|
seq_printf(m, "%s %lu",
|
||||||
mod->name, mod->init_size + mod->core_size);
|
mod->name, mod->init_size + mod->core_size);
|
||||||
print_unload_info(m, mod);
|
print_unload_info(m, mod);
|
||||||
@ -2147,6 +2169,10 @@ static int m_show(struct seq_file *m, void *p)
|
|||||||
/* Used by oprofile and other similar tools. */
|
/* Used by oprofile and other similar tools. */
|
||||||
seq_printf(m, " 0x%p", mod->module_core);
|
seq_printf(m, " 0x%p", mod->module_core);
|
||||||
|
|
||||||
|
/* Taints info */
|
||||||
|
if (mod->taints)
|
||||||
|
seq_printf(m, " %s", taint_flags(mod->taints, buf));
|
||||||
|
|
||||||
seq_printf(m, "\n");
|
seq_printf(m, "\n");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@ -2235,28 +2261,6 @@ struct module *module_text_address(unsigned long addr)
|
|||||||
return mod;
|
return mod;
|
||||||
}
|
}
|
||||||
|
|
||||||
static char *taint_flags(unsigned int taints, char *buf)
|
|
||||||
{
|
|
||||||
*buf = '\0';
|
|
||||||
if (taints) {
|
|
||||||
int bx;
|
|
||||||
|
|
||||||
buf[0] = '(';
|
|
||||||
bx = 1;
|
|
||||||
if (taints & TAINT_PROPRIETARY_MODULE)
|
|
||||||
buf[bx++] = 'P';
|
|
||||||
if (taints & TAINT_FORCED_MODULE)
|
|
||||||
buf[bx++] = 'F';
|
|
||||||
/*
|
|
||||||
* TAINT_FORCED_RMMOD: could be added.
|
|
||||||
* TAINT_UNSAFE_SMP, TAINT_MACHINE_CHECK, TAINT_BAD_PAGE don't
|
|
||||||
* apply to modules.
|
|
||||||
*/
|
|
||||||
buf[bx] = ')';
|
|
||||||
}
|
|
||||||
return buf;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Don't grab lock, we're oopsing. */
|
/* Don't grab lock, we're oopsing. */
|
||||||
void print_modules(void)
|
void print_modules(void)
|
||||||
{
|
{
|
||||||
|
Loading…
Reference in New Issue
Block a user