aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2008-05-04 20:04:16 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2008-05-04 20:04:16 -0400
commit826e4506a0acb6487910a5ebafe839f708a00e1c (patch)
tree20cc66b6b38c0414930d85a8a9705a3a3eff8ddf
parentafa26be86b65a7183ceac29bdf1f51d6fc6932f0 (diff)
Make forced module loading optional
The kernel module loader used to be much too happy to allow loading of modules for the wrong kernel version by default. For example, if you had MODVERSIONS enabled, but tried to load a module with no version info, it would happily load it and taint the kernel - whether it was likely to actually work or not! Generally, such forced module loading should be considered a really really bad idea, so make it conditional on a new config option (MODULE_FORCE_LOAD), and make it default to off. If somebody really wants to force module loads, that's their problem, but we should not encourage it. Especially as it happened to me by mistake (ie regular unversioned Fedora modules getting loaded) causing lots of strange behavior. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r--init/Kconfig9
-rw-r--r--kernel/module.c44
2 files changed, 38 insertions, 15 deletions
diff --git a/init/Kconfig b/init/Kconfig
index 6a44defac3e..f0e62e5ce0d 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -825,6 +825,15 @@ menuconfig MODULES
825 825
826 If unsure, say Y. 826 If unsure, say Y.
827 827
828config MODULE_FORCE_LOAD
829 bool "Forced module loading"
830 depends on MODULES
831 default n
832 help
833 This option allows loading of modules even if that would set the
834 'F' (forced) taint, due to lack of version info. Which is
835 usually a really bad idea.
836
828config MODULE_UNLOAD 837config MODULE_UNLOAD
829 bool "Module unloading" 838 bool "Module unloading"
830 depends on MODULES 839 depends on MODULES
diff --git a/kernel/module.c b/kernel/module.c
index 8674a390a2e..8e4528c9909 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -890,6 +890,19 @@ static struct module_attribute *modinfo_attrs[] = {
890 890
891static const char vermagic[] = VERMAGIC_STRING; 891static const char vermagic[] = VERMAGIC_STRING;
892 892
893static int try_to_force_load(struct module *mod, const char *symname)
894{
895#ifdef CONFIG_MODULE_FORCE_LOAD
896 if (!(tainted & TAINT_FORCED_MODULE))
897 printk("%s: no version for \"%s\" found: kernel tainted.\n",
898 mod->name, symname);
899 add_taint_module(mod, TAINT_FORCED_MODULE);
900 return 0;
901#else
902 return -ENOEXEC;
903#endif
904}
905
893#ifdef CONFIG_MODVERSIONS 906#ifdef CONFIG_MODVERSIONS
894static int check_version(Elf_Shdr *sechdrs, 907static int check_version(Elf_Shdr *sechdrs,
895 unsigned int versindex, 908 unsigned int versindex,
@@ -914,18 +927,18 @@ static int check_version(Elf_Shdr *sechdrs,
914 927
915 if (versions[i].crc == *crc) 928 if (versions[i].crc == *crc)
916 return 1; 929 return 1;
917 printk("%s: disagrees about version of symbol %s\n",
918 mod->name, symname);
919 DEBUGP("Found checksum %lX vs module %lX\n", 930 DEBUGP("Found checksum %lX vs module %lX\n",
920 *crc, versions[i].crc); 931 *crc, versions[i].crc);
921 return 0; 932 goto bad_version;
922 } 933 }
923 /* Not in module's version table. OK, but that taints the kernel. */ 934
924 if (!(tainted & TAINT_FORCED_MODULE)) 935 if (!try_to_force_load(mod, symname))
925 printk("%s: no version for \"%s\" found: kernel tainted.\n", 936 return 1;
926 mod->name, symname); 937
927 add_taint_module(mod, TAINT_FORCED_MODULE); 938bad_version:
928 return 1; 939 printk("%s: disagrees about version of symbol %s\n",
940 mod->name, symname);
941 return 0;
929} 942}
930 943
931static inline int check_modstruct_version(Elf_Shdr *sechdrs, 944static inline int check_modstruct_version(Elf_Shdr *sechdrs,
@@ -1853,9 +1866,9 @@ static struct module *load_module(void __user *umod,
1853 modmagic = get_modinfo(sechdrs, infoindex, "vermagic"); 1866 modmagic = get_modinfo(sechdrs, infoindex, "vermagic");
1854 /* This is allowed: modprobe --force will invalidate it. */ 1867 /* This is allowed: modprobe --force will invalidate it. */
1855 if (!modmagic) { 1868 if (!modmagic) {
1856 add_taint_module(mod, TAINT_FORCED_MODULE); 1869 err = try_to_force_load(mod, "magic");
1857 printk(KERN_WARNING "%s: no version magic, tainting kernel.\n", 1870 if (err)
1858 mod->name); 1871 goto free_hdr;
1859 } else if (!same_magic(modmagic, vermagic)) { 1872 } else if (!same_magic(modmagic, vermagic)) {
1860 printk(KERN_ERR "%s: version magic '%s' should be '%s'\n", 1873 printk(KERN_ERR "%s: version magic '%s' should be '%s'\n",
1861 mod->name, modmagic, vermagic); 1874 mod->name, modmagic, vermagic);
@@ -2006,9 +2019,10 @@ static struct module *load_module(void __user *umod,
2006 (mod->num_gpl_future_syms && !gplfuturecrcindex) || 2019 (mod->num_gpl_future_syms && !gplfuturecrcindex) ||
2007 (mod->num_unused_syms && !unusedcrcindex) || 2020 (mod->num_unused_syms && !unusedcrcindex) ||
2008 (mod->num_unused_gpl_syms && !unusedgplcrcindex)) { 2021 (mod->num_unused_gpl_syms && !unusedgplcrcindex)) {
2009 printk(KERN_WARNING "%s: No versions for exported symbols." 2022 printk(KERN_WARNING "%s: No versions for exported symbols.\n", mod->name);
2010 " Tainting kernel.\n", mod->name); 2023 err = try_to_force_load(mod, "nocrc");
2011 add_taint_module(mod, TAINT_FORCED_MODULE); 2024 if (err)
2025 goto cleanup;
2012 } 2026 }
2013#endif 2027#endif
2014 markersindex = find_sec(hdr, sechdrs, secstrings, "__markers"); 2028 markersindex = find_sec(hdr, sechdrs, secstrings, "__markers");