Merge tag 'hwparam-20170420' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs

Pull hw lockdown support from David Howells: "Annotation of module parameters that configure hardware resources including ioports, iomem addresses, irq lines and dma channels. This allows a future patch to prohibit the use of such module parameters to prevent that hardware from being abused to gain access to the running kernel image as part of locking the kernel down under UEFI secure boot conditions. Annotations are made by changing: module_param(n, t, p) module_param_named(n, v, t, p) module_param_array(n, t, m, p) to: module_param_hw(n, t, hwtype, p) module_param_hw_named(n, v, t, hwtype, p) module_param_hw_array(n, t, hwtype, m, p) where the module parameter refers to a hardware setting hwtype specifies the type of the resource being configured. This can be one of: ioport Module parameter configures an I/O port iomem Module parameter configures an I/O mem address ioport_or_iomem Module parameter could be either (runtime set) irq Module parameter configures an I/O port dma Module parameter configures a DMA channel dma_addr Module parameter configures a DMA buffer address other Module parameter configures some other value Note that the hwtype is compile checked, but not currently stored (the lockdown code probably won't require it). It is, however, there for future use. A bonus is that the hwtype can also be used for grepping. The intention is for the kernel to ignore or reject attempts to set annotated module parameters if lockdown is enabled. This applies to options passed on the boot command line, passed to insmod/modprobe or direct twiddling in /sys/module/ parameter files. The module initialisation then needs to handle the parameter not being set, by (1) giving an error, (2) probing for a value or (3) using a reasonable default. What I can't do is just reject a module out of hand because it may take a hardware setting in the module parameters. Some important modules, some ipmi stuff for instance, both probe for hardware and allow hardware to be manually specified; if the driver is aborts with any error, you don't get any ipmi hardware. Further, trying to do this entirely in the module initialisation code doesn't protect against sysfs twiddling. [!] Note that in and of itself, this series of patches should have no effect on the the size of the kernel or code execution - that is left to a patch in the next series to effect. It does mark annotated kernel parameters with a KERNEL_PARAM_FL_HWPARAM flag in an already existing field" * tag 'hwparam-20170420' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs: (38 commits) Annotate hardware config module parameters in sound/pci/ Annotate hardware config module parameters in sound/oss/ Annotate hardware config module parameters in sound/isa/ Annotate hardware config module parameters in sound/drivers/ Annotate hardware config module parameters in fs/pstore/ Annotate hardware config module parameters in drivers/watchdog/ Annotate hardware config module parameters in drivers/video/ Annotate hardware config module parameters in drivers/tty/ Annotate hardware config module parameters in drivers/staging/vme/ Annotate hardware config module parameters in drivers/staging/speakup/ Annotate hardware config module parameters in drivers/staging/media/ Annotate hardware config module parameters in drivers/scsi/ Annotate hardware config module parameters in drivers/pcmcia/ Annotate hardware config module parameters in drivers/pci/hotplug/ Annotate hardware config module parameters in drivers/parport/ Annotate hardware config module parameters in drivers/net/wireless/ Annotate hardware config module parameters in drivers/net/wan/ Annotate hardware config module parameters in drivers/net/irda/ Annotate hardware config module parameters in drivers/net/hamradio/ Annotate hardware config module parameters in drivers/net/ethernet/ ...
author: Linus Torvalds <torvalds@linux-foundation.org> 2017-05-10 22:13:03 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2017-05-10 22:13:03 -0400
commit: 291b38a7565b41676cafd1b4052315a94d9c8977 (patch)
tree: 876251a73901865110c8d0d048cf379b8a6ff0e4 /include/linux/moduleparam.h
parent: b5a53b61a2890ec08f404f524c1c42aa86f09be4 (diff)
parent: 6192c41fc608b0a58d5540b015aa1672c266f3c5 (diff)
1 files changed, 64 insertions, 1 deletions
diff --git a/include/linux/moduleparam.h b/include/linux/moduleparam.h
index 52666d90ca94..6be1949ebcdf 100644
--- a/include/linux/moduleparam.h
+++ b/include/linux/moduleparam.h
@@ -60,9 +60,11 @@ struct kernel_param_ops {
 * Flags available for kernel_param
 *
 * UNSAFE - the parameter is dangerous and setting it will taint the kernel
+ * HWPARAM - Hardware param not permitted in lockdown mode
 */
 enum {
-        KERNEL_PARAM_FL_UNSAFE = (1 << 0)
+        KERNEL_PARAM_FL_UNSAFE  = (1 << 0),
+        KERNEL_PARAM_FL_HWPARAM = (1 << 1),
 };
 struct kernel_param {
@@ -451,6 +453,67 @@ extern int param_set_bint(const char *val, const struct kernel_param *kp);
                            perm, -1, 0);                               \
        __MODULE_PARM_TYPE(name, "array of " #type)
+enum hwparam_type {
+        hwparam_ioport,         /* Module parameter configures an I/O port */
+        hwparam_iomem,          /* Module parameter configures an I/O mem address */
+        hwparam_ioport_or_iomem, /* Module parameter could be either, depending on other option */
+        hwparam_irq,            /* Module parameter configures an I/O port */
+        hwparam_dma,            /* Module parameter configures a DMA channel */
+        hwparam_dma_addr,       /* Module parameter configures a DMA buffer address */
+        hwparam_other,          /* Module parameter configures some other value */
+};
+/**
+ * module_param_hw_named - A parameter representing a hw parameters
+ * @name: a valid C identifier which is the parameter name.
+ * @value: the actual lvalue to alter.
+ * @type: the type of the parameter
+ * @hwtype: what the value represents (enum hwparam_type)
+ * @perm: visibility in sysfs.
+ *
+ * Usually it's a good idea to have variable names and user-exposed names the
+ * same, but that's harder if the variable must be non-static or is inside a
+ * structure.  This allows exposure under a different name.
+ */
+#define module_param_hw_named(name, value, type, hwtype, perm)          \
+        param_check_##type(name, &(value));                             \
+        __module_param_call(MODULE_PARAM_PREFIX, name,                  \
+                            &param_ops_##type, &value,                  \
+                            perm, -1,                                   \
+                            KERNEL_PARAM_FL_HWPARAM | (hwparam_##hwtype & 0));  \
+        __MODULE_PARM_TYPE(name, #type)
+#define module_param_hw(name, type, hwtype, perm)               \
+        module_param_hw_named(name, name, type, hwtype, perm)
+/**
+ * module_param_hw_array - A parameter representing an array of hw parameters
+ * @name: the name of the array variable
+ * @type: the type, as per module_param()
+ * @hwtype: what the value represents (enum hwparam_type)
+ * @nump: optional pointer filled in with the number written
+ * @perm: visibility in sysfs
+ *
+ * Input and output are as comma-separated values.  Commas inside values
+ * don't work properly (eg. an array of charp).
+ *
+ * ARRAY_SIZE(@name) is used to determine the number of elements in the
+ * array, so the definition must be visible.
+ */
+#define module_param_hw_array(name, type, hwtype, nump, perm)           \
+        param_check_##type(name, &(name)[0]);                           \
+        static const struct kparam_array __param_arr_##name             \
+        = { .max = ARRAY_SIZE(name), .num = nump,                       \
+            .ops = &param_ops_##type,                                   \
+            .elemsize = sizeof(name[0]), .elem = name };                \
+        __module_param_call(MODULE_PARAM_PREFIX, name,                  \
+                            &param_array_ops,                           \
+                            .arr = &__param_arr_##name,                 \
+                            perm, -1,                                   \
+                            KERNEL_PARAM_FL_HWPARAM | (hwparam_##hwtype & 0));  \
+        __MODULE_PARM_TYPE(name, "array of " #type)
 extern const struct kernel_param_ops param_array_ops;
 extern const struct kernel_param_ops param_ops_string;
author	Linus Torvalds <torvalds@linux-foundation.org>	2017-05-10 22:13:03 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2017-05-10 22:13:03 -0400
commit	291b38a7565b41676cafd1b4052315a94d9c8977 (patch)
tree	876251a73901865110c8d0d048cf379b8a6ff0e4 /include/linux/moduleparam.h
parent	b5a53b61a2890ec08f404f524c1c42aa86f09be4 (diff)
parent	6192c41fc608b0a58d5540b015aa1672c266f3c5 (diff)

diff --git a/include/linux/moduleparam.h b/include/linux/moduleparam.h index 52666d90ca94..6be1949ebcdf 100644 --- a/include/linux/moduleparam.h +++ b/include/linux/moduleparam.h
@@ -60,9 +60,11 @@ struct kernel_param_ops {
60	* Flags available for kernel_param	60	* Flags available for kernel_param
61	*	61	*
62	* UNSAFE - the parameter is dangerous and setting it will taint the kernel	62	* UNSAFE - the parameter is dangerous and setting it will taint the kernel
		63	* HWPARAM - Hardware param not permitted in lockdown mode
63	*/	64	*/
64	enum {	65	enum {
65	KERNEL_PARAM_FL_UNSAFE = (1 << 0)	66	KERNEL_PARAM_FL_UNSAFE = (1 << 0),
		67	KERNEL_PARAM_FL_HWPARAM = (1 << 1),
66	};	68	};
67		69
68	struct kernel_param {	70	struct kernel_param {
@@ -451,6 +453,67 @@ extern int param_set_bint(const char val, const struct kernel_param kp);
451	perm, -1, 0); \	453	perm, -1, 0); \
452	__MODULE_PARM_TYPE(name, "array of " #type)	454	__MODULE_PARM_TYPE(name, "array of " #type)
453		455
		456	enum hwparam_type {
		457	hwparam_ioport, /* Module parameter configures an I/O port */
		458	hwparam_iomem, /* Module parameter configures an I/O mem address */
		459	hwparam_ioport_or_iomem, /* Module parameter could be either, depending on other option */
		460	hwparam_irq, /* Module parameter configures an I/O port */
		461	hwparam_dma, /* Module parameter configures a DMA channel */
		462	hwparam_dma_addr, /* Module parameter configures a DMA buffer address */
		463	hwparam_other, /* Module parameter configures some other value */
		464	};
		465
		466	/**
		467	* module_param_hw_named - A parameter representing a hw parameters
		468	* @name: a valid C identifier which is the parameter name.
		469	* @value: the actual lvalue to alter.
		470	* @type: the type of the parameter
		471	* @hwtype: what the value represents (enum hwparam_type)
		472	* @perm: visibility in sysfs.
		473	*
		474	* Usually it's a good idea to have variable names and user-exposed names the
		475	* same, but that's harder if the variable must be non-static or is inside a
		476	* structure. This allows exposure under a different name.
		477	*/
		478	#define module_param_hw_named(name, value, type, hwtype, perm) \
		479	param_check_##type(name, &(value)); \
		480	__module_param_call(MODULE_PARAM_PREFIX, name, \
		481	&param_ops_##type, &value, \
		482	perm, -1, \
		483	KERNEL_PARAM_FL_HWPARAM \| (hwparam_##hwtype & 0)); \
		484	__MODULE_PARM_TYPE(name, #type)
		485
		486	#define module_param_hw(name, type, hwtype, perm) \
		487	module_param_hw_named(name, name, type, hwtype, perm)
		488
		489	/**
		490	* module_param_hw_array - A parameter representing an array of hw parameters
		491	* @name: the name of the array variable
		492	* @type: the type, as per module_param()
		493	* @hwtype: what the value represents (enum hwparam_type)
		494	* @nump: optional pointer filled in with the number written
		495	* @perm: visibility in sysfs
		496	*
		497	* Input and output are as comma-separated values. Commas inside values
		498	* don't work properly (eg. an array of charp).
		499	*
		500	* ARRAY_SIZE(@name) is used to determine the number of elements in the
		501	* array, so the definition must be visible.
		502	*/
		503	#define module_param_hw_array(name, type, hwtype, nump, perm) \
		504	param_check_##type(name, &(name)[0]); \
		505	static const struct kparam_array __param_arr_##name \
		506	= { .max = ARRAY_SIZE(name), .num = nump, \
		507	.ops = &param_ops_##type, \
		508	.elemsize = sizeof(name[0]), .elem = name }; \
		509	__module_param_call(MODULE_PARAM_PREFIX, name, \
		510	&param_array_ops, \
		511	.arr = &__param_arr_##name, \
		512	perm, -1, \
		513	KERNEL_PARAM_FL_HWPARAM \| (hwparam_##hwtype & 0)); \
		514	__MODULE_PARM_TYPE(name, "array of " #type)
		515
		516
454	extern const struct kernel_param_ops param_array_ops;	517	extern const struct kernel_param_ops param_array_ops;
455		518
456	extern const struct kernel_param_ops param_ops_string;	519	extern const struct kernel_param_ops param_ops_string;