Merge tag 'modules-next-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux

Pull module update from Rusty Russell: "Nothing all that exciting; a new module-from-fd syscall for those who want to verify the source of the module (ChromeOS) and/or use standard IMA on it or other security hooks." * tag 'modules-next-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux: MODSIGN: Fix kbuild output when using default extra_certificates MODSIGN: Avoid using .incbin in C source modules: don't hand 0 to vmalloc. module: Remove a extra null character at the top of module->strtab. ASN.1: Use the ASN1_LONG_TAG and ASN1_INDEFINITE_LENGTH constants ASN.1: Define indefinite length marker constant moduleparam: use __UNIQUE_ID() __UNIQUE_ID() MODSIGN: Add modules_sign make target powerpc: add finit_module syscall. ima: support new kernel module syscall add finit_module syscall to asm-generic ARM: add finit_module syscall to ARM security: introduce kernel_module_from_file hook module: add flags arg to sys_finit_module() module: add syscall to load module from fd
author: Linus Torvalds <torvalds@linux-foundation.org> 2012-12-19 10:55:08 -0500
committer: Linus Torvalds <torvalds@linux-foundation.org> 2012-12-19 10:55:08 -0500
commit: 7a684c452e2589f3ddd7e2d466b4f747d3715ad9 (patch)
tree: fed803e7450770993575b37807ba2195eafd5b0e /include
parent: 7f2de8171ddf28fdb2ca7f9a683ee1207849f718 (diff)
parent: e10e1774efbdaec54698454200619a03a01e1d64 (diff)
9 files changed, 46 insertions, 5 deletions
diff --git a/include/linux/asn1.h b/include/linux/asn1.h
index 5c3f4e4b9a23..eed6982860ba 100644
--- a/include/linux/asn1.h
+++ b/include/linux/asn1.h
@@ -64,4 +64,6 @@ enum asn1_tag {
        ASN1_LONG_TAG   = 31    /* Long form tag */
 };
+#define ASN1_INDEFINITE_LENGTH 0x80
 #endif /* _LINUX_ASN1_H */
diff --git a/include/linux/compiler-gcc4.h b/include/linux/compiler-gcc4.h
index dc16a858e77c..662fd1b4c42a 100644
--- a/include/linux/compiler-gcc4.h
+++ b/include/linux/compiler-gcc4.h
@@ -31,6 +31,8 @@
 #define __linktime_error(message) __attribute__((__error__(message)))
+#define __UNIQUE_ID(prefix) __PASTE(__PASTE(__UNIQUE_ID_, prefix), __COUNTER__)
 #if __GNUC_MINOR__ >= 5
 /*
 * Mark a position in code as unreachable.  This can be used to
diff --git a/include/linux/compiler.h b/include/linux/compiler.h
index b121554f1fe2..dd852b73b286 100644
--- a/include/linux/compiler.h
+++ b/include/linux/compiler.h
@@ -44,6 +44,10 @@ extern void __chk_io_ptr(const volatile void __iomem *);
 # define __rcu
 #endif
+/* Indirect macros required for expanded argument pasting, eg. __LINE__. */
+#define ___PASTE(a,b) a##b
+#define __PASTE(a,b) ___PASTE(a,b)
 #ifdef __KERNEL__
 #ifdef __GNUC__
@@ -166,6 +170,11 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect);
    (typeof(ptr)) (__ptr + (off)); })
 #endif
+/* Not-quite-unique ID. */
+#ifndef __UNIQUE_ID
+# define __UNIQUE_ID(prefix) __PASTE(__PASTE(__UNIQUE_ID_, prefix), __LINE__)
+#endif
 #endif /* __KERNEL__ */
 #endif /* __ASSEMBLY__ */
diff --git a/include/linux/ima.h b/include/linux/ima.h
index 2c7223d7e73b..86c361e947b9 100644
--- a/include/linux/ima.h
+++ b/include/linux/ima.h
@@ -18,6 +18,7 @@ extern int ima_bprm_check(struct linux_binprm *bprm);
 extern int ima_file_check(struct file *file, int mask);
 extern void ima_file_free(struct file *file);
 extern int ima_file_mmap(struct file *file, unsigned long prot);
+extern int ima_module_check(struct file *file);
 #else
 static inline int ima_bprm_check(struct linux_binprm *bprm)
@@ -40,6 +41,11 @@ static inline int ima_file_mmap(struct file *file, unsigned long prot)
        return 0;
 }
+static inline int ima_module_check(struct file *file)
+{
+        return 0;
+}
 #endif /* CONFIG_IMA_H */
 #ifdef CONFIG_IMA_APPRAISE
diff --git a/include/linux/moduleparam.h b/include/linux/moduleparam.h
index d6a58065c09c..137b4198fc03 100644
--- a/include/linux/moduleparam.h
+++ b/include/linux/moduleparam.h
@@ -16,17 +16,15 @@
 /* Chosen so that structs with an unsigned long line up. */
 #define MAX_PARAM_PREFIX_LEN (64 - sizeof(unsigned long))
-#define ___module_cat(a,b) __mod_ ## a ## b
-#define __module_cat(a,b) ___module_cat(a,b)
 #ifdef MODULE
 #define __MODULE_INFO(tag, name, info)                                    \
-static const char __module_cat(name,__LINE__)[]                           \
+static const char __UNIQUE_ID(name)[]                                     \
  __used __attribute__((section(".modinfo"), unused, aligned(1)))         \
  = __stringify(tag) "=" info
 #else  /* !MODULE */
 /* This struct is here for syntactic coherency, it is not used */
 #define __MODULE_INFO(tag, name, info)                                    \
-  struct __module_cat(name,__LINE__) {}
+  struct __UNIQUE_ID(name) {}
 #endif
 #define __MODULE_PARM_TYPE(name, _type)                                   \
  __MODULE_INFO(parmtype, name##type, #name ":" _type)
diff --git a/include/linux/security.h b/include/linux/security.h
index 05e88bdcf7d9..0f6afc657f77 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -694,6 +694,12 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
 *      userspace to load a kernel module with the given name.
 *      @kmod_name name of the module requested by the kernel
 *      Return 0 if successful.
+ * @kernel_module_from_file:
+ *      Load a kernel module from userspace.
+ *      @file contains the file structure pointing to the file containing
+ *      the kernel module to load. If the module is being loaded from a blob,
+ *      this argument will be NULL.
+ *      Return 0 if permission is granted.
 * @task_fix_setuid:
 *      Update the module's state after setting one or more of the user
 *      identity attributes of the current process.  The @flags parameter
@@ -1508,6 +1514,7 @@ struct security_operations {
        int (*kernel_act_as)(struct cred *new, u32 secid);
        int (*kernel_create_files_as)(struct cred *new, struct inode *inode);
        int (*kernel_module_request)(char *kmod_name);
+        int (*kernel_module_from_file)(struct file *file);
        int (*task_fix_setuid) (struct cred *new, const struct cred *old,
                                int flags);
        int (*task_setpgid) (struct task_struct *p, pid_t pgid);
@@ -1765,6 +1772,7 @@ void security_transfer_creds(struct cred *new, const struct cred *old);
 int security_kernel_act_as(struct cred *new, u32 secid);
 int security_kernel_create_files_as(struct cred *new, struct inode *inode);
 int security_kernel_module_request(char *kmod_name);
+int security_kernel_module_from_file(struct file *file);
 int security_task_fix_setuid(struct cred *new, const struct cred *old,
                             int flags);
 int security_task_setpgid(struct task_struct *p, pid_t pgid);
@@ -2278,6 +2286,11 @@ static inline int security_kernel_module_request(char *kmod_name)
        return 0;
 }
+static inline int security_kernel_module_from_file(struct file *file)
+{
+        return 0;
+}
 static inline int security_task_fix_setuid(struct cred *new,
                                           const struct cred *old,
                                           int flags)
diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h
index 36c3b07c5119..6caee34bf8a2 100644
--- a/include/linux/syscalls.h
+++ b/include/linux/syscalls.h
@@ -880,4 +880,5 @@ asmlinkage long sys_process_vm_writev(pid_t pid,
 asmlinkage long sys_kcmp(pid_t pid1, pid_t pid2, int type,
                         unsigned long idx1, unsigned long idx2);
+asmlinkage long sys_finit_module(int fd, const char __user *uargs, int flags);
 #endif
diff --git a/include/uapi/asm-generic/unistd.h b/include/uapi/asm-generic/unistd.h
index 6e595ba545f4..2c531f478410 100644
--- a/include/uapi/asm-generic/unistd.h
+++ b/include/uapi/asm-generic/unistd.h
@@ -690,9 +690,11 @@ __SC_COMP(__NR_process_vm_writev, sys_process_vm_writev, \
          compat_sys_process_vm_writev)
 #define __NR_kcmp 272
 __SYSCALL(__NR_kcmp, sys_kcmp)
+#define __NR_finit_module 273
+__SYSCALL(__NR_finit_module, sys_finit_module)
 #undef __NR_syscalls
-#define __NR_syscalls 273
+#define __NR_syscalls 274
 /*
 * All syscalls below here should go away really,
diff --git a/include/uapi/linux/module.h b/include/uapi/linux/module.h
new file mode 100644
index 000000000000..38da4258b12f
--- /dev/null
+++ b/include/uapi/linux/module.h
@@ -0,0 +1,8 @@
+#ifndef _UAPI_LINUX_MODULE_H
+#define _UAPI_LINUX_MODULE_H
+/* Flags for sys_finit_module: */
+#define MODULE_INIT_IGNORE_MODVERSIONS  1
+#define MODULE_INIT_IGNORE_VERMAGIC     2
+#endif /* _UAPI_LINUX_MODULE_H */
author	Linus Torvalds <torvalds@linux-foundation.org>	2012-12-19 10:55:08 -0500
committer	Linus Torvalds <torvalds@linux-foundation.org>	2012-12-19 10:55:08 -0500
commit	7a684c452e2589f3ddd7e2d466b4f747d3715ad9 (patch)
tree	fed803e7450770993575b37807ba2195eafd5b0e /include
parent	7f2de8171ddf28fdb2ca7f9a683ee1207849f718 (diff)
parent	e10e1774efbdaec54698454200619a03a01e1d64 (diff)