diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2016-08-04 09:14:38 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2016-08-04 09:14:38 -0400 |
| commit | fb1b83d3ff78168e10799627f231cf0c05c9d80d (patch) | |
| tree | 57feaa178322a776825329c3c7c170aee2ded837 /kernel | |
| parent | d597690eef4142cf622fd469859ecc56506119b5 (diff) | |
| parent | 49aadcf1b6f4240751921dad52e86c760d70a5f1 (diff) | |
Merge tag 'modules-next-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux
Pull module updates from Rusty Russell:
"The only interesting thing here is Jessica's patch to add
ro_after_init support to modules. The rest are all trivia"
* tag 'modules-next-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux:
extable.h: add stddef.h so "NULL" definition is not implicit
modules: add ro_after_init support
jump_label: disable preemption around __module_text_address().
exceptions: fork exception table content from module.h into extable.h
modules: Add kernel parameter to blacklist modules
module: Do a WARN_ON_ONCE() for assert module mutex not held
Documentation/module-signing.txt: Note need for version info if reusing a key
module: Invalidate signatures on force-loaded modules
module: Issue warnings when tainting kernel
module: fix redundant test.
module: fix noreturn attribute for __module_put_and_exit()
Diffstat (limited to 'kernel')
| -rw-r--r-- | kernel/jump_label.c | 5 | ||||
| -rw-r--r-- | kernel/livepatch/core.c | 2 | ||||
| -rw-r--r-- | kernel/module.c | 121 |
3 files changed, 105 insertions, 23 deletions
diff --git a/kernel/jump_label.c b/kernel/jump_label.c index f19aa02a8f48..20400055f177 100644 --- a/kernel/jump_label.c +++ b/kernel/jump_label.c | |||
| @@ -337,11 +337,14 @@ static int __jump_label_mod_text_reserved(void *start, void *end) | |||
| 337 | { | 337 | { |
| 338 | struct module *mod; | 338 | struct module *mod; |
| 339 | 339 | ||
| 340 | preempt_disable(); | ||
| 340 | mod = __module_text_address((unsigned long)start); | 341 | mod = __module_text_address((unsigned long)start); |
| 342 | WARN_ON_ONCE(__module_text_address((unsigned long)end) != mod); | ||
| 343 | preempt_enable(); | ||
| 344 | |||
| 341 | if (!mod) | 345 | if (!mod) |
| 342 | return 0; | 346 | return 0; |
| 343 | 347 | ||
| 344 | WARN_ON_ONCE(__module_text_address((unsigned long)end) != mod); | ||
| 345 | 348 | ||
| 346 | return __jump_label_text_reserved(mod->jump_entries, | 349 | return __jump_label_text_reserved(mod->jump_entries, |
| 347 | mod->jump_entries + mod->num_jump_entries, | 350 | mod->jump_entries + mod->num_jump_entries, |
diff --git a/kernel/livepatch/core.c b/kernel/livepatch/core.c index 5c2bc1052691..8bbe50704621 100644 --- a/kernel/livepatch/core.c +++ b/kernel/livepatch/core.c | |||
| @@ -309,7 +309,7 @@ static int klp_write_object_relocations(struct module *pmod, | |||
| 309 | break; | 309 | break; |
| 310 | } | 310 | } |
| 311 | 311 | ||
| 312 | module_enable_ro(pmod); | 312 | module_enable_ro(pmod, true); |
| 313 | return ret; | 313 | return ret; |
| 314 | } | 314 | } |
| 315 | 315 | ||
diff --git a/kernel/module.c b/kernel/module.c index a0f48b8b00da..529efae9f481 100644 --- a/kernel/module.c +++ b/kernel/module.c | |||
| @@ -265,7 +265,7 @@ static void module_assert_mutex_or_preempt(void) | |||
| 265 | if (unlikely(!debug_locks)) | 265 | if (unlikely(!debug_locks)) |
| 266 | return; | 266 | return; |
| 267 | 267 | ||
| 268 | WARN_ON(!rcu_read_lock_sched_held() && | 268 | WARN_ON_ONCE(!rcu_read_lock_sched_held() && |
| 269 | !lockdep_is_held(&module_mutex)); | 269 | !lockdep_is_held(&module_mutex)); |
| 270 | #endif | 270 | #endif |
| 271 | } | 271 | } |
| @@ -337,7 +337,7 @@ static inline void add_taint_module(struct module *mod, unsigned flag, | |||
| 337 | * A thread that wants to hold a reference to a module only while it | 337 | * A thread that wants to hold a reference to a module only while it |
| 338 | * is running can call this to safely exit. nfsd and lockd use this. | 338 | * is running can call this to safely exit. nfsd and lockd use this. |
| 339 | */ | 339 | */ |
| 340 | void __module_put_and_exit(struct module *mod, long code) | 340 | void __noreturn __module_put_and_exit(struct module *mod, long code) |
| 341 | { | 341 | { |
| 342 | module_put(mod); | 342 | module_put(mod); |
| 343 | do_exit(code); | 343 | do_exit(code); |
| @@ -1694,8 +1694,7 @@ static int module_add_modinfo_attrs(struct module *mod) | |||
| 1694 | 1694 | ||
| 1695 | temp_attr = mod->modinfo_attrs; | 1695 | temp_attr = mod->modinfo_attrs; |
| 1696 | for (i = 0; (attr = modinfo_attrs[i]) && !error; i++) { | 1696 | for (i = 0; (attr = modinfo_attrs[i]) && !error; i++) { |
| 1697 | if (!attr->test || | 1697 | if (!attr->test || attr->test(mod)) { |
| 1698 | (attr->test && attr->test(mod))) { | ||
| 1699 | memcpy(temp_attr, attr, sizeof(*temp_attr)); | 1698 | memcpy(temp_attr, attr, sizeof(*temp_attr)); |
| 1700 | sysfs_attr_init(&temp_attr->attr); | 1699 | sysfs_attr_init(&temp_attr->attr); |
| 1701 | error = sysfs_create_file(&mod->mkobj.kobj, | 1700 | error = sysfs_create_file(&mod->mkobj.kobj, |
| @@ -1859,10 +1858,11 @@ static void mod_sysfs_teardown(struct module *mod) | |||
| 1859 | * from modification and any data from execution. | 1858 | * from modification and any data from execution. |
| 1860 | * | 1859 | * |
| 1861 | * General layout of module is: | 1860 | * General layout of module is: |
| 1862 | * [text] [read-only-data] [writable data] | 1861 | * [text] [read-only-data] [ro-after-init] [writable data] |
| 1863 | * text_size -----^ ^ ^ | 1862 | * text_size -----^ ^ ^ ^ |
| 1864 | * ro_size ------------------------| | | 1863 | * ro_size ------------------------| | | |
| 1865 | * size -------------------------------------------| | 1864 | * ro_after_init_size -----------------------------| | |
| 1865 | * size -----------------------------------------------------------| | ||
| 1866 | * | 1866 | * |
| 1867 | * These values are always page-aligned (as is base) | 1867 | * These values are always page-aligned (as is base) |
| 1868 | */ | 1868 | */ |
| @@ -1885,14 +1885,24 @@ static void frob_rodata(const struct module_layout *layout, | |||
| 1885 | (layout->ro_size - layout->text_size) >> PAGE_SHIFT); | 1885 | (layout->ro_size - layout->text_size) >> PAGE_SHIFT); |
| 1886 | } | 1886 | } |
| 1887 | 1887 | ||
| 1888 | static void frob_ro_after_init(const struct module_layout *layout, | ||
| 1889 | int (*set_memory)(unsigned long start, int num_pages)) | ||
| 1890 | { | ||
| 1891 | BUG_ON((unsigned long)layout->base & (PAGE_SIZE-1)); | ||
| 1892 | BUG_ON((unsigned long)layout->ro_size & (PAGE_SIZE-1)); | ||
| 1893 | BUG_ON((unsigned long)layout->ro_after_init_size & (PAGE_SIZE-1)); | ||
| 1894 | set_memory((unsigned long)layout->base + layout->ro_size, | ||
| 1895 | (layout->ro_after_init_size - layout->ro_size) >> PAGE_SHIFT); | ||
| 1896 | } | ||
| 1897 | |||
| 1888 | static void frob_writable_data(const struct module_layout *layout, | 1898 | static void frob_writable_data(const struct module_layout *layout, |
| 1889 | int (*set_memory)(unsigned long start, int num_pages)) | 1899 | int (*set_memory)(unsigned long start, int num_pages)) |
| 1890 | { | 1900 | { |
| 1891 | BUG_ON((unsigned long)layout->base & (PAGE_SIZE-1)); | 1901 | BUG_ON((unsigned long)layout->base & (PAGE_SIZE-1)); |
| 1892 | BUG_ON((unsigned long)layout->ro_size & (PAGE_SIZE-1)); | 1902 | BUG_ON((unsigned long)layout->ro_after_init_size & (PAGE_SIZE-1)); |
| 1893 | BUG_ON((unsigned long)layout->size & (PAGE_SIZE-1)); | 1903 | BUG_ON((unsigned long)layout->size & (PAGE_SIZE-1)); |
| 1894 | set_memory((unsigned long)layout->base + layout->ro_size, | 1904 | set_memory((unsigned long)layout->base + layout->ro_after_init_size, |
| 1895 | (layout->size - layout->ro_size) >> PAGE_SHIFT); | 1905 | (layout->size - layout->ro_after_init_size) >> PAGE_SHIFT); |
| 1896 | } | 1906 | } |
| 1897 | 1907 | ||
| 1898 | /* livepatching wants to disable read-only so it can frob module. */ | 1908 | /* livepatching wants to disable read-only so it can frob module. */ |
| @@ -1900,21 +1910,26 @@ void module_disable_ro(const struct module *mod) | |||
| 1900 | { | 1910 | { |
| 1901 | frob_text(&mod->core_layout, set_memory_rw); | 1911 | frob_text(&mod->core_layout, set_memory_rw); |
| 1902 | frob_rodata(&mod->core_layout, set_memory_rw); | 1912 | frob_rodata(&mod->core_layout, set_memory_rw); |
| 1913 | frob_ro_after_init(&mod->core_layout, set_memory_rw); | ||
| 1903 | frob_text(&mod->init_layout, set_memory_rw); | 1914 | frob_text(&mod->init_layout, set_memory_rw); |
| 1904 | frob_rodata(&mod->init_layout, set_memory_rw); | 1915 | frob_rodata(&mod->init_layout, set_memory_rw); |
| 1905 | } | 1916 | } |
| 1906 | 1917 | ||
| 1907 | void module_enable_ro(const struct module *mod) | 1918 | void module_enable_ro(const struct module *mod, bool after_init) |
| 1908 | { | 1919 | { |
| 1909 | frob_text(&mod->core_layout, set_memory_ro); | 1920 | frob_text(&mod->core_layout, set_memory_ro); |
| 1910 | frob_rodata(&mod->core_layout, set_memory_ro); | 1921 | frob_rodata(&mod->core_layout, set_memory_ro); |
| 1911 | frob_text(&mod->init_layout, set_memory_ro); | 1922 | frob_text(&mod->init_layout, set_memory_ro); |
| 1912 | frob_rodata(&mod->init_layout, set_memory_ro); | 1923 | frob_rodata(&mod->init_layout, set_memory_ro); |
| 1924 | |||
| 1925 | if (after_init) | ||
| 1926 | frob_ro_after_init(&mod->core_layout, set_memory_ro); | ||
| 1913 | } | 1927 | } |
| 1914 | 1928 | ||
| 1915 | static void module_enable_nx(const struct module *mod) | 1929 | static void module_enable_nx(const struct module *mod) |
| 1916 | { | 1930 | { |
| 1917 | frob_rodata(&mod->core_layout, set_memory_nx); | 1931 | frob_rodata(&mod->core_layout, set_memory_nx); |
| 1932 | frob_ro_after_init(&mod->core_layout, set_memory_nx); | ||
| 1918 | frob_writable_data(&mod->core_layout, set_memory_nx); | 1933 | frob_writable_data(&mod->core_layout, set_memory_nx); |
| 1919 | frob_rodata(&mod->init_layout, set_memory_nx); | 1934 | frob_rodata(&mod->init_layout, set_memory_nx); |
| 1920 | frob_writable_data(&mod->init_layout, set_memory_nx); | 1935 | frob_writable_data(&mod->init_layout, set_memory_nx); |
| @@ -1923,6 +1938,7 @@ static void module_enable_nx(const struct module *mod) | |||
| 1923 | static void module_disable_nx(const struct module *mod) | 1938 | static void module_disable_nx(const struct module *mod) |
| 1924 | { | 1939 | { |
| 1925 | frob_rodata(&mod->core_layout, set_memory_x); | 1940 | frob_rodata(&mod->core_layout, set_memory_x); |
| 1941 | frob_ro_after_init(&mod->core_layout, set_memory_x); | ||
| 1926 | frob_writable_data(&mod->core_layout, set_memory_x); | 1942 | frob_writable_data(&mod->core_layout, set_memory_x); |
| 1927 | frob_rodata(&mod->init_layout, set_memory_x); | 1943 | frob_rodata(&mod->init_layout, set_memory_x); |
| 1928 | frob_writable_data(&mod->init_layout, set_memory_x); | 1944 | frob_writable_data(&mod->init_layout, set_memory_x); |
| @@ -1965,6 +1981,8 @@ static void disable_ro_nx(const struct module_layout *layout) | |||
| 1965 | frob_text(layout, set_memory_rw); | 1981 | frob_text(layout, set_memory_rw); |
| 1966 | frob_rodata(layout, set_memory_rw); | 1982 | frob_rodata(layout, set_memory_rw); |
| 1967 | frob_rodata(layout, set_memory_x); | 1983 | frob_rodata(layout, set_memory_x); |
| 1984 | frob_ro_after_init(layout, set_memory_rw); | ||
| 1985 | frob_ro_after_init(layout, set_memory_x); | ||
| 1968 | frob_writable_data(layout, set_memory_x); | 1986 | frob_writable_data(layout, set_memory_x); |
| 1969 | } | 1987 | } |
| 1970 | 1988 | ||
| @@ -2307,6 +2325,7 @@ static void layout_sections(struct module *mod, struct load_info *info) | |||
| 2307 | * finder in the two loops below */ | 2325 | * finder in the two loops below */ |
| 2308 | { SHF_EXECINSTR | SHF_ALLOC, ARCH_SHF_SMALL }, | 2326 | { SHF_EXECINSTR | SHF_ALLOC, ARCH_SHF_SMALL }, |
| 2309 | { SHF_ALLOC, SHF_WRITE | ARCH_SHF_SMALL }, | 2327 | { SHF_ALLOC, SHF_WRITE | ARCH_SHF_SMALL }, |
| 2328 | { SHF_RO_AFTER_INIT | SHF_ALLOC, ARCH_SHF_SMALL }, | ||
| 2310 | { SHF_WRITE | SHF_ALLOC, ARCH_SHF_SMALL }, | 2329 | { SHF_WRITE | SHF_ALLOC, ARCH_SHF_SMALL }, |
| 2311 | { ARCH_SHF_SMALL | SHF_ALLOC, 0 } | 2330 | { ARCH_SHF_SMALL | SHF_ALLOC, 0 } |
| 2312 | }; | 2331 | }; |
| @@ -2338,7 +2357,11 @@ static void layout_sections(struct module *mod, struct load_info *info) | |||
| 2338 | mod->core_layout.size = debug_align(mod->core_layout.size); | 2357 | mod->core_layout.size = debug_align(mod->core_layout.size); |
| 2339 | mod->core_layout.ro_size = mod->core_layout.size; | 2358 | mod->core_layout.ro_size = mod->core_layout.size; |
| 2340 | break; | 2359 | break; |
| 2341 | case 3: /* whole core */ | 2360 | case 2: /* RO after init */ |
| 2361 | mod->core_layout.size = debug_align(mod->core_layout.size); | ||
| 2362 | mod->core_layout.ro_after_init_size = mod->core_layout.size; | ||
| 2363 | break; | ||
| 2364 | case 4: /* whole core */ | ||
| 2342 | mod->core_layout.size = debug_align(mod->core_layout.size); | 2365 | mod->core_layout.size = debug_align(mod->core_layout.size); |
| 2343 | break; | 2366 | break; |
| 2344 | } | 2367 | } |
| @@ -2368,7 +2391,14 @@ static void layout_sections(struct module *mod, struct load_info *info) | |||
| 2368 | mod->init_layout.size = debug_align(mod->init_layout.size); | 2391 | mod->init_layout.size = debug_align(mod->init_layout.size); |
| 2369 | mod->init_layout.ro_size = mod->init_layout.size; | 2392 | mod->init_layout.ro_size = mod->init_layout.size; |
| 2370 | break; | 2393 | break; |
| 2371 | case 3: /* whole init */ | 2394 | case 2: |
| 2395 | /* | ||
| 2396 | * RO after init doesn't apply to init_layout (only | ||
| 2397 | * core_layout), so it just takes the value of ro_size. | ||
| 2398 | */ | ||
| 2399 | mod->init_layout.ro_after_init_size = mod->init_layout.ro_size; | ||
| 2400 | break; | ||
| 2401 | case 4: /* whole init */ | ||
| 2372 | mod->init_layout.size = debug_align(mod->init_layout.size); | 2402 | mod->init_layout.size = debug_align(mod->init_layout.size); |
| 2373 | break; | 2403 | break; |
| 2374 | } | 2404 | } |
| @@ -2688,13 +2718,18 @@ static inline void kmemleak_load_module(const struct module *mod, | |||
| 2688 | #endif | 2718 | #endif |
| 2689 | 2719 | ||
| 2690 | #ifdef CONFIG_MODULE_SIG | 2720 | #ifdef CONFIG_MODULE_SIG |
| 2691 | static int module_sig_check(struct load_info *info) | 2721 | static int module_sig_check(struct load_info *info, int flags) |
| 2692 | { | 2722 | { |
| 2693 | int err = -ENOKEY; | 2723 | int err = -ENOKEY; |
| 2694 | const unsigned long markerlen = sizeof(MODULE_SIG_STRING) - 1; | 2724 | const unsigned long markerlen = sizeof(MODULE_SIG_STRING) - 1; |
| 2695 | const void *mod = info->hdr; | 2725 | const void *mod = info->hdr; |
| 2696 | 2726 | ||
| 2697 | if (info->len > markerlen && | 2727 | /* |
| 2728 | * Require flags == 0, as a module with version information | ||
| 2729 | * removed is no longer the module that was signed | ||
| 2730 | */ | ||
| 2731 | if (flags == 0 && | ||
| 2732 | info->len > markerlen && | ||
| 2698 | memcmp(mod + info->len - markerlen, MODULE_SIG_STRING, markerlen) == 0) { | 2733 | memcmp(mod + info->len - markerlen, MODULE_SIG_STRING, markerlen) == 0) { |
| 2699 | /* We truncate the module to discard the signature */ | 2734 | /* We truncate the module to discard the signature */ |
| 2700 | info->len -= markerlen; | 2735 | info->len -= markerlen; |
| @@ -2713,7 +2748,7 @@ static int module_sig_check(struct load_info *info) | |||
| 2713 | return err; | 2748 | return err; |
| 2714 | } | 2749 | } |
| 2715 | #else /* !CONFIG_MODULE_SIG */ | 2750 | #else /* !CONFIG_MODULE_SIG */ |
| 2716 | static int module_sig_check(struct load_info *info) | 2751 | static int module_sig_check(struct load_info *info, int flags) |
| 2717 | { | 2752 | { |
| 2718 | return 0; | 2753 | return 0; |
| 2719 | } | 2754 | } |
| @@ -2921,8 +2956,12 @@ static int check_modinfo(struct module *mod, struct load_info *info, int flags) | |||
| 2921 | return -ENOEXEC; | 2956 | return -ENOEXEC; |
| 2922 | } | 2957 | } |
| 2923 | 2958 | ||
| 2924 | if (!get_modinfo(info, "intree")) | 2959 | if (!get_modinfo(info, "intree")) { |
| 2960 | if (!test_taint(TAINT_OOT_MODULE)) | ||
| 2961 | pr_warn("%s: loading out-of-tree module taints kernel.\n", | ||
| 2962 | mod->name); | ||
| 2925 | add_taint_module(mod, TAINT_OOT_MODULE, LOCKDEP_STILL_OK); | 2963 | add_taint_module(mod, TAINT_OOT_MODULE, LOCKDEP_STILL_OK); |
| 2964 | } | ||
| 2926 | 2965 | ||
| 2927 | if (get_modinfo(info, "staging")) { | 2966 | if (get_modinfo(info, "staging")) { |
| 2928 | add_taint_module(mod, TAINT_CRAP, LOCKDEP_STILL_OK); | 2967 | add_taint_module(mod, TAINT_CRAP, LOCKDEP_STILL_OK); |
| @@ -3091,6 +3130,8 @@ static int move_module(struct module *mod, struct load_info *info) | |||
| 3091 | 3130 | ||
| 3092 | static int check_module_license_and_versions(struct module *mod) | 3131 | static int check_module_license_and_versions(struct module *mod) |
| 3093 | { | 3132 | { |
| 3133 | int prev_taint = test_taint(TAINT_PROPRIETARY_MODULE); | ||
| 3134 | |||
| 3094 | /* | 3135 | /* |
| 3095 | * ndiswrapper is under GPL by itself, but loads proprietary modules. | 3136 | * ndiswrapper is under GPL by itself, but loads proprietary modules. |
| 3096 | * Don't use add_taint_module(), as it would prevent ndiswrapper from | 3137 | * Don't use add_taint_module(), as it would prevent ndiswrapper from |
| @@ -3109,6 +3150,9 @@ static int check_module_license_and_versions(struct module *mod) | |||
| 3109 | add_taint_module(mod, TAINT_PROPRIETARY_MODULE, | 3150 | add_taint_module(mod, TAINT_PROPRIETARY_MODULE, |
| 3110 | LOCKDEP_NOW_UNRELIABLE); | 3151 | LOCKDEP_NOW_UNRELIABLE); |
| 3111 | 3152 | ||
| 3153 | if (!prev_taint && test_taint(TAINT_PROPRIETARY_MODULE)) | ||
| 3154 | pr_warn("%s: module license taints kernel.\n", mod->name); | ||
| 3155 | |||
| 3112 | #ifdef CONFIG_MODVERSIONS | 3156 | #ifdef CONFIG_MODVERSIONS |
| 3113 | if ((mod->num_syms && !mod->crcs) | 3157 | if ((mod->num_syms && !mod->crcs) |
| 3114 | || (mod->num_gpl_syms && !mod->gpl_crcs) | 3158 | || (mod->num_gpl_syms && !mod->gpl_crcs) |
| @@ -3156,16 +3200,41 @@ int __weak module_frob_arch_sections(Elf_Ehdr *hdr, | |||
| 3156 | return 0; | 3200 | return 0; |
| 3157 | } | 3201 | } |
| 3158 | 3202 | ||
| 3203 | /* module_blacklist is a comma-separated list of module names */ | ||
| 3204 | static char *module_blacklist; | ||
| 3205 | static bool blacklisted(char *module_name) | ||
| 3206 | { | ||
| 3207 | const char *p; | ||
| 3208 | size_t len; | ||
| 3209 | |||
| 3210 | if (!module_blacklist) | ||
| 3211 | return false; | ||
| 3212 | |||
| 3213 | for (p = module_blacklist; *p; p += len) { | ||
| 3214 | len = strcspn(p, ","); | ||
| 3215 | if (strlen(module_name) == len && !memcmp(module_name, p, len)) | ||
| 3216 | return true; | ||
| 3217 | if (p[len] == ',') | ||
| 3218 | len++; | ||
| 3219 | } | ||
| 3220 | return false; | ||
| 3221 | } | ||
| 3222 | core_param(module_blacklist, module_blacklist, charp, 0400); | ||
| 3223 | |||
| 3159 | static struct module *layout_and_allocate(struct load_info *info, int flags) | 3224 | static struct module *layout_and_allocate(struct load_info *info, int flags) |
| 3160 | { | 3225 | { |
| 3161 | /* Module within temporary copy. */ | 3226 | /* Module within temporary copy. */ |
| 3162 | struct module *mod; | 3227 | struct module *mod; |
| 3228 | unsigned int ndx; | ||
| 3163 | int err; | 3229 | int err; |
| 3164 | 3230 | ||
| 3165 | mod = setup_load_info(info, flags); | 3231 | mod = setup_load_info(info, flags); |
| 3166 | if (IS_ERR(mod)) | 3232 | if (IS_ERR(mod)) |
| 3167 | return mod; | 3233 | return mod; |
| 3168 | 3234 | ||
| 3235 | if (blacklisted(mod->name)) | ||
| 3236 | return ERR_PTR(-EPERM); | ||
| 3237 | |||
| 3169 | err = check_modinfo(mod, info, flags); | 3238 | err = check_modinfo(mod, info, flags); |
| 3170 | if (err) | 3239 | if (err) |
| 3171 | return ERR_PTR(err); | 3240 | return ERR_PTR(err); |
| @@ -3179,6 +3248,15 @@ static struct module *layout_and_allocate(struct load_info *info, int flags) | |||
| 3179 | /* We will do a special allocation for per-cpu sections later. */ | 3248 | /* We will do a special allocation for per-cpu sections later. */ |
| 3180 | info->sechdrs[info->index.pcpu].sh_flags &= ~(unsigned long)SHF_ALLOC; | 3249 | info->sechdrs[info->index.pcpu].sh_flags &= ~(unsigned long)SHF_ALLOC; |
| 3181 | 3250 | ||
| 3251 | /* | ||
| 3252 | * Mark ro_after_init section with SHF_RO_AFTER_INIT so that | ||
| 3253 | * layout_sections() can put it in the right place. | ||
| 3254 | * Note: ro_after_init sections also have SHF_{WRITE,ALLOC} set. | ||
| 3255 | */ | ||
| 3256 | ndx = find_sec(info, ".data..ro_after_init"); | ||
| 3257 | if (ndx) | ||
| 3258 | info->sechdrs[ndx].sh_flags |= SHF_RO_AFTER_INIT; | ||
| 3259 | |||
| 3182 | /* Determine total sizes, and put offsets in sh_entsize. For now | 3260 | /* Determine total sizes, and put offsets in sh_entsize. For now |
| 3183 | this is done generically; there doesn't appear to be any | 3261 | this is done generically; there doesn't appear to be any |
| 3184 | special cases for the architectures. */ | 3262 | special cases for the architectures. */ |
| @@ -3345,12 +3423,14 @@ static noinline int do_init_module(struct module *mod) | |||
| 3345 | /* Switch to core kallsyms now init is done: kallsyms may be walking! */ | 3423 | /* Switch to core kallsyms now init is done: kallsyms may be walking! */ |
| 3346 | rcu_assign_pointer(mod->kallsyms, &mod->core_kallsyms); | 3424 | rcu_assign_pointer(mod->kallsyms, &mod->core_kallsyms); |
| 3347 | #endif | 3425 | #endif |
| 3426 | module_enable_ro(mod, true); | ||
| 3348 | mod_tree_remove_init(mod); | 3427 | mod_tree_remove_init(mod); |
| 3349 | disable_ro_nx(&mod->init_layout); | 3428 | disable_ro_nx(&mod->init_layout); |
| 3350 | module_arch_freeing_init(mod); | 3429 | module_arch_freeing_init(mod); |
| 3351 | mod->init_layout.base = NULL; | 3430 | mod->init_layout.base = NULL; |
| 3352 | mod->init_layout.size = 0; | 3431 | mod->init_layout.size = 0; |
| 3353 | mod->init_layout.ro_size = 0; | 3432 | mod->init_layout.ro_size = 0; |
| 3433 | mod->init_layout.ro_after_init_size = 0; | ||
| 3354 | mod->init_layout.text_size = 0; | 3434 | mod->init_layout.text_size = 0; |
| 3355 | /* | 3435 | /* |
| 3356 | * We want to free module_init, but be aware that kallsyms may be | 3436 | * We want to free module_init, but be aware that kallsyms may be |
| @@ -3442,8 +3522,7 @@ static int complete_formation(struct module *mod, struct load_info *info) | |||
| 3442 | /* This relies on module_mutex for list integrity. */ | 3522 | /* This relies on module_mutex for list integrity. */ |
| 3443 | module_bug_finalize(info->hdr, info->sechdrs, mod); | 3523 | module_bug_finalize(info->hdr, info->sechdrs, mod); |
| 3444 | 3524 | ||
| 3445 | /* Set RO and NX regions */ | 3525 | module_enable_ro(mod, false); |
| 3446 | module_enable_ro(mod); | ||
| 3447 | module_enable_nx(mod); | 3526 | module_enable_nx(mod); |
| 3448 | 3527 | ||
| 3449 | /* Mark state as coming so strong_try_module_get() ignores us, | 3528 | /* Mark state as coming so strong_try_module_get() ignores us, |
| @@ -3499,7 +3578,7 @@ static int load_module(struct load_info *info, const char __user *uargs, | |||
| 3499 | long err; | 3578 | long err; |
| 3500 | char *after_dashes; | 3579 | char *after_dashes; |
| 3501 | 3580 | ||
| 3502 | err = module_sig_check(info); | 3581 | err = module_sig_check(info, flags); |
| 3503 | if (err) | 3582 | if (err) |
| 3504 | goto free_copy; | 3583 | goto free_copy; |
| 3505 | 3584 | ||