31 Oct, 2012
1 commit
-
Masaki found and patched a kallsyms issue: the last symbol in a
module's symtab wasn't transferred. This is because we manually copy
the zero'th entry (which is always empty) then copy the rest in a loop
starting at 1, though from src[0]. His fix was minimal, I prefer to
rewrite the loops in more standard form.There are two loops: one to get the size, and one to copy. Make these
identical: always count entry 0 and any defined symbol in an allocated
non-init section.This bug exists since the following commit was introduced.
module: reduce symbol table for loaded modules (v2)
commit: 4a4962263f07d14660849ec134ee42b63e95ea9aLKML: http://lkml.org/lkml/2012/10/24/27
Reported-by: Masaki Kimura
Cc: stable@kernel.org
20 Oct, 2012
1 commit
-
Emit the magic string that indicates a module has a signature after the
signature data instead of before it. This allows module_sig_check() to
be made simpler and faster by the elimination of the search for the
magic string. Instead we just need to do a single memcmp().This works because at the end of the signature data there is the
fixed-length signature information block. This block then falls
immediately prior to the magic number.From the contents of the information block, it is trivial to calculate
the size of the signature data and thus the size of the actual module
data.Signed-off-by: David Howells
Signed-off-by: Linus Torvalds
10 Oct, 2012
2 commits
-
If we're in FIPS mode, we should panic if we fail to verify the signature on a
module or we're asked to load an unsigned module in signature enforcing mode.
Possibly FIPS mode should automatically enable enforcing mode.Signed-off-by: David Howells
Signed-off-by: Rusty Russell -
We do a very simple search for a particular string appended to the module
(which is cache-hot and about to be SHA'd anyway). There's both a config
option and a boot parameter which control whether we accept or fail with
unsigned modules and modules that are signed with an unknown key.If module signing is enabled, the kernel will be tainted if a module is
loaded that is unsigned or has a signature for which we don't have the
key.(Useful feedback and tweaks by David Howells )
Signed-off-by: Rusty Russell
Signed-off-by: David Howells
Signed-off-by: Rusty Russell
28 Sep, 2012
4 commits
-
The original module-init-tools module loader used a fnctl lock on the
.ko file to avoid attempts to simultaneously load a module.
Unfortunately, you can't get an exclusive fcntl lock on a read-only
fd, making this not work for read-only mounted filesystems.
module-init-tools has a hacky sleep-and-loop for this now.It's not that hard to wait in the kernel, and only return -EEXIST once
the first module has finished loading (or continue loading the module
if the first one failed to initialize for some reason). It's also
consistent with what we do for dependent modules which are still loading.Suggested-by: Lucas De Marchi
Signed-off-by: Rusty Russell -
We use resolve_symbol_wait(), which blocks if the module containing
the symbol is still loading. However:1) The module_wq we use is only woken after calling the modules' init
function, but there are other failure paths after the module is
placed in the linked list where we need to do the same thing.2) wake_up() only wakes one waiter, and our waitqueue is shared by all
modules, so we need to wake them all.3) wake_up_all() doesn't imply a memory barrier: I feel happier calling
it after we've grabbed and dropped the module_mutex, not just after
the state assignment.Signed-off-by: Rusty Russell
-
Use the mapping of Elf_[SPE]hdr, Elf_Addr, Elf_Sym, Elf_Dyn, Elf_Rel/Rela,
ELF_R_TYPE() and ELF_R_SYM() to either the 32-bit version or the 64-bit version
into asm-generic/module.h for all arches bar MIPS.Also, use the generic definition mod_arch_specific where possible.
To this end, I've defined three new config bools:
(*) HAVE_MOD_ARCH_SPECIFIC
Arches define this if they don't want to use the empty generic
mod_arch_specific struct.(*) MODULES_USE_ELF_RELA
Arches define this if their modules can contain RELA records. This causes
the Elf_Rela mapping to be emitted and allows apply_relocate_add() to be
defined by the arch rather than have the core emit an error message.(*) MODULES_USE_ELF_REL
Arches define this if their modules can contain REL records. This causes
the Elf_Rel mapping to be emitted and allows apply_relocate() to be
defined by the arch rather than have the core emit an error message.Note that it is possible to allow both REL and RELA records: m68k and mips are
two arches that do this.With this, some arch asm/module.h files can be deleted entirely and replaced
with a generic-y marker in the arch Kbuild file.Additionally, I have removed the bits from m32r and score that handle the
unsupported type of relocation record as that's now handled centrally.Signed-off-by: David Howells
Acked-by: Sam Ravnborg
Signed-off-by: Rusty Russell -
Cloudlinux have a product called lve that includes a kernel module. This
was previously GPLed but is now under a proprietary license, but the
module continues to declare MODULE_LICENSE("GPL") and makes use of some
EXPORT_SYMBOL_GPL symbols. Forcibly taint it in order to avoid this.Signed-off-by: Matthew Garrett
Cc: Alex Lyashkov
Signed-off-by: Rusty Russell
Cc: stable@kernel.org
23 May, 2012
1 commit
-
The check:
if (len < hdr->e_shoff + hdr->e_shnum * sizeof(Elf_Shdr))
may not work if there's an overflow in the right-hand side of the condition.
Signed-off-by: David Howells
Signed-off-by: Rusty Russell
01 May, 2012
1 commit
-
This introduces a fake module param $module.dyndbg. Its based upon
Thomas Renninger's $module.ddebug boot-time debugging patch from
https://lkml.org/lkml/2010/9/15/397The 'fake' module parameter is provided for all modules, whether or
not they need it. It is not explicitly added to each module, but is
implemented in callbacks invoked from parse_args.For builtin modules, dynamic_debug_init() now directly calls
parse_args(..., &ddebug_dyndbg_boot_params_cb), to process the params
undeclared in the modules, just after the ddebug tables are processed.While its slightly weird to reprocess the boot params, parse_args() is
already called repeatedly by do_initcall_levels(). More importantly,
the dyndbg queries (given in ddebug_query or dyndbg params) cannot be
activated until after the ddebug tables are ready, and reusing
parse_args is cleaner than doing an ad-hoc parse. This reparse would
break options like inc_verbosity, but they probably should be params,
like verbosity=3.ddebug_dyndbg_boot_params_cb() handles both bare dyndbg (aka:
ddebug_query) and module-prefixed dyndbg params, and ignores all other
parameters. For example, the following will enable pr_debug()s in 4
builtin modules, in the order given:dyndbg="module params +p; module aio +p" module.dyndbg=+p pci.dyndbg
For loadable modules, parse_args() in load_module() calls
ddebug_dyndbg_module_params_cb(). This handles bare dyndbg params as
passed from modprobe, and errors on other unknown params.Note that modprobe reads /proc/cmdline, so "modprobe foo" grabs all
foo.params, strips the "foo.", and passes these to the kernel.
ddebug_dyndbg_module_params_cb() is again called for the unknown
params; it handles dyndbg, and errors on others. The "doing" arg
added previously contains the module name.For non CONFIG_DYNAMIC_DEBUG builds, the stub function accepts
and ignores $module.dyndbg params, other unknowns get -ENOENT.If no param value is given (as in pci.dyndbg example above), "+p" is
assumed, which enables all pr_debug callsites in the module.The dyndbg fake parameter is not shown in /sys/module/*/parameters,
thus it does not use any resources. Changes to it are made via the
control file.Also change pr_info in ddebug_exec_queries to vpr_info,
no need to see it all the time.Signed-off-by: Jim Cromie
CC: Thomas Renninger
CC: Rusty Russell
Acked-by: Jason Baron
Signed-off-by: Greg Kroah-Hartman
26 Mar, 2012
4 commits
-
Module size was limited to 64MB, this was legacy limitation due to vmalloc()
which was removed a while ago.Limiting module size to 64MB is both pointless and affects real world use
cases.Cc: Tim Abbott
Cc: stable@vger.kernel.org
Signed-off-by: Sasha Levin
Signed-off-by: Rusty Russell -
With the preempt, tracepoint and everything, it's getting a bit
chubby. For an Ubuntu-based config:Before:
$ size -t `find * -name '*.ko'` | grep TOTAL
56199906 3870760 1606616 61677282 3ad1ee2 (TOTALS)
$ size vmlinux
text data bss dec hex filename
8509342 850368 3358720 12718430 c2115e vmlinuxAfter:
$ size -t `find * -name '*.ko'` | grep TOTAL
56183760 3867892 1606616 61658268 3acd49c (TOTALS)
$ size vmlinux
text data bss dec hex filename
8501842 849088 3358720 12709650 c1ef12 vmlinuxSigned-off-by: Steven Rostedt
Acked-by: Ingo Molnar
Signed-off-by: Rusty Russell (made all out-of-line) -
This patch adds a set of macros that can be used to declare
kernel parameters to be parsed _before_ initcalls at a chosen
level are executed. We rename the now-unused "flags" field of
struct kernel_param as the level. It's signed, for when we
use this for early params as well, in future.Linker macro collating init calls had to be modified in order
to add additional symbols between levels that are later used
by the init code to split the calls into blocks.Signed-off-by: Pawel Moll
Signed-off-by: Rusty Russell -
Sometimes we need to test a kernel of same version with code or config
option changes.We already have sysctl to disable module load, but add a kernel
parameter will be more convenient.Since modules_disabled is int, so here use bint type in core_param.
TODO: make sysctl accept bool and change modules_disabled to boolSigned-off-by: Dave Young
Signed-off-by: Rusty Russell
16 Jan, 2012
1 commit
-
Recent changes to kernel/module.c caused the following compile
error:kernel/module.c: In function ‘show_taint’:
kernel/module.c:1024:2: error: implicit declaration of function ‘module_flags_taint’ [-Werror=implicit-function-declaration]
cc1: some warnings being treated as errorsCorrect this error by moving the definition of module_flags_taint
outside of the #ifdef CONFIG_MODULE_UNLOAD section.Signed-off-by: Kevin Winchester
Signed-off-by: Linus Torvalds
13 Jan, 2012
5 commits
-
Recent tools do not want to use /proc to retrieve module information. A few
values are currently missing from sysfs to replace the information available
in /proc/modules.This adds /sys/module/*/{coresize,initsize,taint} attributes.
TAINT_PROPRIETARY_MODULE (P) and TAINT_OOT_MODULE (O) flags are both always
shown now, and do no longer exclude each other, also in /proc/modules.Replace the open-coded sysfs attribute initializers with the __ATTR() macro.
Add the new attributes to Documentation/ABI.
Cc: Lucas De Marchi
Signed-off-by: Kay Sievers
Signed-off-by: Rusty Russell -
Use more flexible pr_debug. This allows:
echo "module module +p" > /dbg/dynamic_debug/control
to turn on debug messages when needed.
Signed-off-by: Jim Cromie
Signed-off-by: Rusty Russell -
module_ref contains two "unsigned int" fields.
Thats now too small, since some machines can open more than 2^32 files.
Check commit 518de9b39e8 (fs: allow for more than 2^31 files) for
reference.We can add an aligned(2 * sizeof(unsigned long)) attribute to force
alloc_percpu() allocating module_ref areas in single cache lines.Signed-off-by: Eric Dumazet
CC: Rusty Russell
CC: Tejun Heo
CC: Robin Holt
CC: David Miller
Signed-off-by: Rusty Russell -
Looking at /proc/kallsyms, one starts to ponder whether all of the extra
strtab-related complexity in module.c is worth the memory savings.Instead of making the add_kallsyms() loop even more complex, I tried the
other route of deleting the strmap logic and naively copying each string
into core_strtab with no consideration for consolidating duplicates.Performance on an "already exists" insmod of nvidia.ko (runs
add_kallsyms() but does not actually initialize the module):Original scheme: 1.230s
With naive copying: 0.058sExtra space used: 35k (of a 408k module).
Signed-off-by: Kevin Cernekee
Signed-off-by: Rusty Russell
LKML-Reference: -
Signed-off-by: Kevin Cernekee
Signed-off-by: Rusty Russell
07 Nov, 2011
3 commits
-
* 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux: (230 commits)
Revert "tracing: Include module.h in define_trace.h"
irq: don't put module.h into irq.h for tracking irqgen modules.
bluetooth: macroize two small inlines to avoid module.h
ip_vs.h: fix implicit use of module_get/module_put from module.h
nf_conntrack.h: fix up fallout from implicit moduleparam.h presence
include: replace linux/module.h with "struct module" wherever possible
include: convert various register fcns to macros to avoid include chaining
crypto.h: remove unused crypto_tfm_alg_modname() inline
uwb.h: fix implicit use of asm/page.h for PAGE_SIZE
pm_runtime.h: explicitly requires notifier.h
linux/dmaengine.h: fix implicit use of bitmap.h and asm/page.h
miscdevice.h: fix up implicit use of lists and types
stop_machine.h: fix implicit use of smp.h for smp_processor_id
of: fix implicit use of errno.h in include/linux/of.h
of_platform.h: delete needless include
acpi: remove module.h include from platform/aclinux.h
miscdevice.h: delete unnecessary inclusion of module.h
device_cgroup.h: delete needless include
net: sch_generic remove redundant use of
net: inet_timewait_sock doesnt need
...Fix up trivial conflicts (other header files, and removal of the ab3550 mfd driver) in
- drivers/media/dvb/frontends/dibx000_common.c
- drivers/media/video/{mt9m111.c,ov6650.c}
- drivers/mfd/ab3550-core.c
- include/linux/dmaengine.h -
Use of the GPL or a compatible licence doesn't necessarily make the code
any good. We already consider staging modules to be suspect, and this
should also be true for out-of-tree modules which may receive very
little review.Signed-off-by: Ben Hutchings
Reviewed-by: Dave Jones
Acked-by: Greg Kroah-Hartman
Signed-off-by: Rusty Russell (patched oops-tracing.txt) -
Dynamic debugging is currently disabled for tainted modules, except
for TAINT_CRAP. This prevents use of dynamic debugging for
out-of-tree modules once the next patch is applied.This condition was apparently intended to avoid a crash if a force-
loaded module has an incompatible definition of dynamic debug
structures. However, a administrator that forces us to load a module
is claiming that it *is* compatible even though it fails our version
checks. If they are mistaken, there are any number of ways the module
could crash the system.As a side-effect, proprietary and other tainted modules can now use
dynamic_debug.Signed-off-by: Ben Hutchings
Acked-by: Mathieu Desnoyers
Signed-off-by: Rusty Russell
31 Oct, 2011
1 commit
-
The changed files were only including linux/module.h for the
EXPORT_SYMBOL infrastructure, and nothing else. Revector them
onto the isolated export header for faster compile times.Nothing to see here but a whole lot of instances of:
-#include
+#includeThis commit is only changing the kernel dir; next targets
will probably be mm, fs, the arch dirs, etc.Signed-off-by: Paul Gortmaker
11 Aug, 2011
1 commit
-
Copy the information needed from struct module into a local module list
held within tracepoint.c from within the module coming/going notifier.This vastly simplifies locking of tracepoint registration /
unregistration, because we don't have to take the module mutex to
register and unregister tracepoints anymore. Steven Rostedt ran into
dependency problems related to modules mutex vs kprobes mutex vs ftrace
mutex vs tracepoint mutex that seems to be hard to fix without removing
this dependency between tracepoint and module mutex. (note: it should be
investigated whether kprobes could benefit of being dissociated from the
modules mutex too.)This also fixes module handling of tracepoint list iterators, because it
was expecting the list to be sorted by pointer address. Given we have
control on our own list now, it's OK to sort this list which has
tracepoints as its only purpose. The reason why this sorting is required
is to handle the fact that seq files (and any read() operation from
user-space) cannot hold the tracepoint mutex across multiple calls, so
list entries may vanish between calls. With sorting, the tracepoint
iterator becomes usable even if the list don't contain the exact item
pointed to by the iterator anymore.Signed-off-by: Mathieu Desnoyers
Acked-by: Jason Baron
CC: Ingo Molnar
CC: Lai Jiangshan
CC: Peter Zijlstra
CC: Thomas Gleixner
CC: Masami Hiramatsu
Link: http://lkml.kernel.org/r/20110810191839.GC8525@Krystal
Signed-off-by: Steven Rostedt
24 Jul, 2011
3 commits
-
Userspace wants to manage module parameters with udev rules.
This currently only works for loaded modules, but not for
built-in ones.To allow access to the built-in modules we need to
re-trigger all module load events that happened before any
userspace was running. We already do the same thing for all
devices, subsystems(buses) and drivers.This adds the currently missing /sys/module//uevent files
to all module entries.Signed-off-by: Kay Sievers
Signed-off-by: Rusty Russell (split & trivial fix) -
This simplifies the next patch, where we have an attribute on a
builtin module (ie. module == NULL).Signed-off-by: Kay Sievers
Signed-off-by: Rusty Russell (split into 2) -
The module loader code allows architectures to hook into the code by
providing a small number of entry points that each arch must implement.
This patch provides __weakly linked generic implementations of these
entry points for architectures that don't need to do anything special.Signed-off-by: Jonas Bonn
Signed-off-by: Rusty Russell
24 May, 2011
1 commit
-
* 'staging-next' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging-2.6: (970 commits)
staging: usbip: replace usbip_u{dbg,err,info} and printk with dev_ and pr_
staging:iio: Trivial kconfig reorganization and uniformity improvements.
staging:iio:documenation partial update.
staging:iio: use pollfunc allocation helpers in remaining drivers.
staging:iio:max1363 misc cleanups and use of for_each_bit_set to simplify event code spitting out.
staging:iio: implement an iio_info structure to take some of the constant elements out of iio_dev.
staging:iio:meter:ade7758: Use private data space from iio_allocate_device
staging:iio:accel:lis3l02dq make write_reg_8 take value not a pointer to value.
staging:iio: ring core cleanups + check if read_last available in lis3l02dq
staging:iio:core cleanup: squash tiny wrappers and use dev_set_name to handle creation of event interface name.
staging:iio: poll func allocation clean up.
staging:iio:ad7780 trivial unused header cleanup.
staging:iio:adc: AD7780: Use private data space from iio_allocate_device + trivial fixes
staging:iio:adc:AD7780: Convert to new channel registration method
staging:iio:adc: AD7606: Drop dev_data in favour of iio_priv()
staging:iio:adc: AD7606: Consitently use indio_dev
staging:iio: Rip out helper for software rings.
staging:iio:adc:AD7298: Use private data space from iio_allocate_device
staging:iio: rationalization of different buffer implementation hooks.
staging:iio:imu:adis16400 avoid allocating rx, tx, and state separately from iio_dev.
...Fix up trivial conflicts in
- drivers/staging/intel_sst/intelmid.c: patches applied in both branches
- drivers/staging/rt2860/common/cmm_data_{pci,usb}.c: removed vs spelling
- drivers/staging/usbip/vhci_sysfs.c: trivial header file inclusion
19 May, 2011
7 commits
-
The function is_exported() with its helper function lookup_symbol() are used to
verify if a provided symbol is effectively exported by the kernel or by the
modules. Now that both have their symbols sorted we can replace a linear search
with a binary search which provide a considerably speed-up.This work was supported by a hardware donation from the CE Linux Forum.
Signed-off-by: Alessio Igor Bogani
Acked-by: Greg Kroah-Hartman
Signed-off-by: Rusty Russell -
Takes advantage of the order and locates symbols using binary search.
This work was supported by a hardware donation from the CE Linux Forum.
Signed-off-by: Alessio Igor Bogani
Signed-off-by: Rusty Russell
Tested-by: Dirk Behme -
Instead of having a callback function for each symbol in the kernel,
have a callback for each array of symbols.This eases the logic when we move to sorted symbols and binary search.
Signed-off-by: Rusty Russell
Signed-off-by: Alessio Igor Bogani -
Split the unprotect function into a function per section to make
the code more readable and add the missing static declaration.Signed-off-by: Jan Glauber
Signed-off-by: Rusty Russell -
While debugging I stumbled over two problems in the code that protects module
pages.First issue is that disabling the protection before freeing init or unload of
a module is not symmetric with the enablement. For instance, if pages are set
to RO the page range from module_core to module_core + core_ro_size is
protected. If a module is unloaded the page range from module_core to
module_core + core_size is set back to RW.
So pages that were not set to RO are also changed to RW.
This is not critical but IMHO it should be symmetric.Second issue is that while set_memory_rw & set_memory_ro are used for
RO/RW changes only set_memory_nx is involved for NX/X. One would await that
the inverse function is called when the NX protection should be removed,
which is not the case here, unless I'm missing something.Signed-off-by: Jan Glauber
Signed-off-by: Rusty Russell -
Reset mod->init_ro_size to zero after the init part of a module is unloaded.
Otherwise we need to check if module->init is NULL in the unprotect functions
in the next patch.Signed-off-by: Jan Glauber
Signed-off-by: Rusty Russell -
Fix function prototype to be ANSI-C compliant, consistent with other
function prototypes, addressing a sparse warning.Signed-off-by: Daniel J Blueman
Signed-off-by: Rusty Russell
26 Apr, 2011
1 commit
-
Driver modules from the staging directory are marked 'tainted'
by module.c. Subsequently, tainted modules are denied dynamic
debugging. This is unwanted behavior, since staging modules should
be able to use the dynamic debugging mechanism.Please merge this also into the staging-linus branch.
Signed-off-by: Roland Vossen
Acked-by: Jason Baron
Signed-off-by: Greg Kroah-Hartman
31 Mar, 2011
1 commit
-
Fixes generated by 'codespell' and manually reviewed.
Signed-off-by: Lucas De Marchi
23 Mar, 2011
1 commit
-
In an effort to reduce kernel address leaks that might be used to help
target kernel privilege escalation exploits, this patch uses %pK when
displaying addresses in /proc/kallsyms, /proc/modules, and
/sys/module/*/sections/*.Note that this changes %x to %p, so some legitimately 0 values in
/proc/kallsyms would have changed from 00000000 to "(null)". To avoid
this, "(null)" is not used when using the "K" format. Anything that was
already successfully parsing "(null)" in addition to full hex digits
should have no problem with this change. (Thanks to Joe Perches for the
suggestion.) Due to the %x to %p, "void *" casts are needed since these
addresses are already "unsigned long" everywhere internally, due to their
starting life as ELF section offsets.Signed-off-by: Kees Cook
Cc: Eugene Teo
Cc: Dan Rosenberg
Cc: Rusty Russell
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
03 Feb, 2011
1 commit
-
Make the tracepoints more robust, making them solid enough to handle compiler
changes by not relying on anything based on compiler-specific behavior with
respect to structure alignment. Implement an approach proposed by David Miller:
use an array of const pointers to refer to the individual structures, and export
this pointer array through the linker script rather than the structures per se.
It will consume 32 extra bytes per tracepoint (24 for structure padding and 8
for the pointers), but are less likely to break due to compiler changes.History:
commit 7e066fb8 tracepoints: add DECLARE_TRACE() and DEFINE_TRACE()
added the aligned(32) type and variable attribute to the tracepoint structures
to deal with gcc happily aligning statically defined structures on 32-byte
multiples.One attempt was to use a 8-byte alignment for tracepoint structures by applying
both the variable and type attribute to tracepoint structures definitions and
declarations. It worked fine with gcc 4.5.1, but broke with gcc 4.4.4 and 4.4.5.The reason is that the "aligned" attribute only specify the _minimum_ alignment
for a structure, leaving both the compiler and the linker free to align on
larger multiples. Because tracepoint.c expects the structures to be placed as an
array within each section, up-alignment cause NULL-pointer exceptions due to the
extra unexpected padding.(this patch applies on top of -tip)
Signed-off-by: Mathieu Desnoyers
Acked-by: David S. Miller
LKML-Reference:
CC: Frederic Weisbecker
CC: Ingo Molnar
CC: Thomas Gleixner
CC: Andrew Morton
CC: Peter Zijlstra
CC: Rusty Russell
Signed-off-by: Steven Rostedt