Merge branch 'modules-next' of git://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/linux

Pull module updates from Luis Chamberlain:
 "The biggest change here is in-kernel support for module decompression.
  This change is being made to help support LSMs like LoadPin as
  otherwise it loses link between the source of kernel module on the
  disk and binary blob that is being loaded into the kernel.

  kmod decompression is still done by userspace even with this is done,
  both because there are no measurable gains in not doing so and as it
  adds a secondary extra check for validating the module before loading
  it into the kernel.

  The rest of the changes are minor, the only other change worth
  mentionin there is Jessica Yu is now bowing out of maintenance of
  modules as she's taking a break from work.

  While there were other changes posted for modules, those have not yet
  received much review of testing so I'm not yet comfortable in merging
  any of those changes yet."

* 'modules-next' of git://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/linux:
  module: fix signature check failures when using in-kernel decompression
  kernel: Fix spelling mistake "compresser" -> "compressor"
  MAINTAINERS: add mailing lists for kmod and modules
  module.h: allow #define strings to work with MODULE_IMPORT_NS
  module: add in-kernel support for decompressing
  MAINTAINERS: Remove myself as modules maintainer
  module: Remove outdated comment
This commit is contained in:
Linus Torvalds 2022-01-17 07:32:51 +02:00
commit 763978ca67
8 changed files with 340 additions and 19 deletions

View File

@ -10705,6 +10705,7 @@ F: samples/kmemleak/kmemleak-test.c
KMOD KERNEL MODULE LOADER - USERMODE HELPER
M: Luis Chamberlain <mcgrof@kernel.org>
L: linux-kernel@vger.kernel.org
L: linux-modules@vger.kernel.org
S: Maintained
F: include/linux/kmod.h
F: kernel/kmod.c
@ -12994,9 +12995,10 @@ F: drivers/media/dvb-frontends/mn88473*
MODULE SUPPORT
M: Luis Chamberlain <mcgrof@kernel.org>
M: Jessica Yu <jeyu@kernel.org>
L: linux-modules@vger.kernel.org
L: linux-kernel@vger.kernel.org
S: Maintained
T: git git://git.kernel.org/pub/scm/linux/kernel/git/jeyu/linux.git modules-next
T: git git://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/linux.git modules-next
F: include/linux/module.h
F: kernel/module.c

View File

@ -290,7 +290,8 @@ extern typeof(name) __mod_##type##__##name##_device_table \
* files require multiple MODULE_FIRMWARE() specifiers */
#define MODULE_FIRMWARE(_firmware) MODULE_INFO(firmware, _firmware)
#define MODULE_IMPORT_NS(ns) MODULE_INFO(import_ns, #ns)
#define _MODULE_IMPORT_NS(ns) MODULE_INFO(import_ns, #ns)
#define MODULE_IMPORT_NS(ns) _MODULE_IMPORT_NS(ns)
struct notifier_block;

View File

@ -5,5 +5,6 @@
/* Flags for sys_finit_module: */
#define MODULE_INIT_IGNORE_MODVERSIONS 1
#define MODULE_INIT_IGNORE_VERMAGIC 2
#define MODULE_INIT_COMPRESSED_FILE 4
#endif /* _UAPI_LINUX_MODULE_H */

View File

@ -2278,6 +2278,19 @@ config MODULE_COMPRESS_ZSTD
endchoice
config MODULE_DECOMPRESS
bool "Support in-kernel module decompression"
depends on MODULE_COMPRESS_GZIP || MODULE_COMPRESS_XZ
select ZLIB_INFLATE if MODULE_COMPRESS_GZIP
select XZ_DEC if MODULE_COMPRESS_XZ
help
Support for decompressing kernel modules by the kernel itself
instead of relying on userspace to perform this task. Useful when
load pinning security policy is enabled.
If unsure, say N.
config MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS
bool "Allow loading of modules with missing namespace imports"
help

View File

@ -67,6 +67,7 @@ obj-y += up.o
endif
obj-$(CONFIG_UID16) += uid16.o
obj-$(CONFIG_MODULES) += module.o
obj-$(CONFIG_MODULE_DECOMPRESS) += module_decompress.o
obj-$(CONFIG_MODULE_SIG) += module_signing.o
obj-$(CONFIG_MODULE_SIG_FORMAT) += module_signature.o
obj-$(CONFIG_KALLSYMS) += kallsyms.o

View File

@ -22,6 +22,11 @@ struct load_info {
bool sig_ok;
#ifdef CONFIG_KALLSYMS
unsigned long mod_kallsyms_init_off;
#endif
#ifdef CONFIG_MODULE_DECOMPRESS
struct page **pages;
unsigned int max_pages;
unsigned int used_pages;
#endif
struct {
unsigned int sym, str, mod, vers, info, pcpu;
@ -29,3 +34,17 @@ struct load_info {
};
extern int mod_verify_sig(const void *mod, struct load_info *info);
#ifdef CONFIG_MODULE_DECOMPRESS
int module_decompress(struct load_info *info, const void *buf, size_t size);
void module_decompress_cleanup(struct load_info *info);
#else
static inline int module_decompress(struct load_info *info,
const void *buf, size_t size)
{
return -EOPNOTSUPP;
}
static inline void module_decompress_cleanup(struct load_info *info)
{
}
#endif

View File

@ -958,7 +958,6 @@ SYSCALL_DEFINE2(delete_module, const char __user *, name_user,
}
}
/* Stop the machine so refcounts can't move and disable module. */
ret = try_stop_module(mod, flags, &forced);
if (ret != 0)
goto out;
@ -2884,12 +2883,13 @@ static int module_sig_check(struct load_info *info, int flags)
const unsigned long markerlen = sizeof(MODULE_SIG_STRING) - 1;
const char *reason;
const void *mod = info->hdr;
bool mangled_module = flags & (MODULE_INIT_IGNORE_MODVERSIONS |
MODULE_INIT_IGNORE_VERMAGIC);
/*
* Require flags == 0, as a module with version information
* removed is no longer the module that was signed
* Do not allow mangled modules as a module with version information
* removed is no longer the module that was signed.
*/
if (flags == 0 &&
if (!mangled_module &&
info->len > markerlen &&
memcmp(mod + info->len - markerlen, MODULE_SIG_STRING, markerlen) == 0) {
/* We truncate the module to discard the signature */
@ -3174,9 +3174,12 @@ out:
return err;
}
static void free_copy(struct load_info *info)
static void free_copy(struct load_info *info, int flags)
{
vfree(info->hdr);
if (flags & MODULE_INIT_COMPRESSED_FILE)
module_decompress_cleanup(info);
else
vfree(info->hdr);
}
static int rewrite_section_headers(struct load_info *info, int flags)
@ -4125,7 +4128,7 @@ static int load_module(struct load_info *info, const char __user *uargs,
}
/* Get rid of temporary copy. */
free_copy(info);
free_copy(info, flags);
/* Done! */
trace_module_load(mod);
@ -4174,7 +4177,7 @@ static int load_module(struct load_info *info, const char __user *uargs,
module_deallocate(mod, info);
free_copy:
free_copy(info);
free_copy(info, flags);
return err;
}
@ -4201,7 +4204,8 @@ SYSCALL_DEFINE3(init_module, void __user *, umod,
SYSCALL_DEFINE3(finit_module, int, fd, const char __user *, uargs, int, flags)
{
struct load_info info = { };
void *hdr = NULL;
void *buf = NULL;
int len;
int err;
err = may_init_module();
@ -4211,15 +4215,24 @@ SYSCALL_DEFINE3(finit_module, int, fd, const char __user *, uargs, int, flags)
pr_debug("finit_module: fd=%d, uargs=%p, flags=%i\n", fd, uargs, flags);
if (flags & ~(MODULE_INIT_IGNORE_MODVERSIONS
|MODULE_INIT_IGNORE_VERMAGIC))
|MODULE_INIT_IGNORE_VERMAGIC
|MODULE_INIT_COMPRESSED_FILE))
return -EINVAL;
err = kernel_read_file_from_fd(fd, 0, &hdr, INT_MAX, NULL,
len = kernel_read_file_from_fd(fd, 0, &buf, INT_MAX, NULL,
READING_MODULE);
if (err < 0)
return err;
info.hdr = hdr;
info.len = err;
if (len < 0)
return len;
if (flags & MODULE_INIT_COMPRESSED_FILE) {
err = module_decompress(&info, buf, len);
vfree(buf); /* compressed data is no longer needed */
if (err)
return err;
} else {
info.hdr = buf;
info.len = len;
}
return load_module(&info, uargs, flags);
}

271
kernel/module_decompress.c Normal file
View File

@ -0,0 +1,271 @@
// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Copyright 2021 Google LLC.
*/
#include <linux/init.h>
#include <linux/highmem.h>
#include <linux/kobject.h>
#include <linux/mm.h>
#include <linux/module.h>
#include <linux/slab.h>
#include <linux/sysfs.h>
#include <linux/vmalloc.h>
#include "module-internal.h"
static int module_extend_max_pages(struct load_info *info, unsigned int extent)
{
struct page **new_pages;
new_pages = kvmalloc_array(info->max_pages + extent,
sizeof(info->pages), GFP_KERNEL);
if (!new_pages)
return -ENOMEM;
memcpy(new_pages, info->pages, info->max_pages * sizeof(info->pages));
kvfree(info->pages);
info->pages = new_pages;
info->max_pages += extent;
return 0;
}
static struct page *module_get_next_page(struct load_info *info)
{
struct page *page;
int error;
if (info->max_pages == info->used_pages) {
error = module_extend_max_pages(info, info->used_pages);
if (error)
return ERR_PTR(error);
}
page = alloc_page(GFP_KERNEL | __GFP_HIGHMEM);
if (!page)
return ERR_PTR(-ENOMEM);
info->pages[info->used_pages++] = page;
return page;
}
#ifdef CONFIG_MODULE_COMPRESS_GZIP
#include <linux/zlib.h>
#define MODULE_COMPRESSION gzip
#define MODULE_DECOMPRESS_FN module_gzip_decompress
/*
* Calculate length of the header which consists of signature, header
* flags, time stamp and operating system ID (10 bytes total), plus
* an optional filename.
*/
static size_t module_gzip_header_len(const u8 *buf, size_t size)
{
const u8 signature[] = { 0x1f, 0x8b, 0x08 };
size_t len = 10;
if (size < len || memcmp(buf, signature, sizeof(signature)))
return 0;
if (buf[3] & 0x08) {
do {
/*
* If we can't find the end of the file name we must
* be dealing with a corrupted file.
*/
if (len == size)
return 0;
} while (buf[len++] != '\0');
}
return len;
}
static ssize_t module_gzip_decompress(struct load_info *info,
const void *buf, size_t size)
{
struct z_stream_s s = { 0 };
size_t new_size = 0;
size_t gzip_hdr_len;
ssize_t retval;
int rc;
gzip_hdr_len = module_gzip_header_len(buf, size);
if (!gzip_hdr_len) {
pr_err("not a gzip compressed module\n");
return -EINVAL;
}
s.next_in = buf + gzip_hdr_len;
s.avail_in = size - gzip_hdr_len;
s.workspace = kmalloc(zlib_inflate_workspacesize(), GFP_KERNEL);
if (!s.workspace)
return -ENOMEM;
rc = zlib_inflateInit2(&s, -MAX_WBITS);
if (rc != Z_OK) {
pr_err("failed to initialize decompressor: %d\n", rc);
retval = -EINVAL;
goto out;
}
do {
struct page *page = module_get_next_page(info);
if (!page) {
retval = -ENOMEM;
goto out_inflate_end;
}
s.next_out = kmap(page);
s.avail_out = PAGE_SIZE;
rc = zlib_inflate(&s, 0);
kunmap(page);
new_size += PAGE_SIZE - s.avail_out;
} while (rc == Z_OK);
if (rc != Z_STREAM_END) {
pr_err("decompression failed with status %d\n", rc);
retval = -EINVAL;
goto out_inflate_end;
}
retval = new_size;
out_inflate_end:
zlib_inflateEnd(&s);
out:
kfree(s.workspace);
return retval;
}
#elif CONFIG_MODULE_COMPRESS_XZ
#include <linux/xz.h>
#define MODULE_COMPRESSION xz
#define MODULE_DECOMPRESS_FN module_xz_decompress
static ssize_t module_xz_decompress(struct load_info *info,
const void *buf, size_t size)
{
static const u8 signature[] = { 0xfd, '7', 'z', 'X', 'Z', 0 };
struct xz_dec *xz_dec;
struct xz_buf xz_buf;
enum xz_ret xz_ret;
size_t new_size = 0;
ssize_t retval;
if (size < sizeof(signature) ||
memcmp(buf, signature, sizeof(signature))) {
pr_err("not an xz compressed module\n");
return -EINVAL;
}
xz_dec = xz_dec_init(XZ_DYNALLOC, (u32)-1);
if (!xz_dec)
return -ENOMEM;
xz_buf.in_size = size;
xz_buf.in = buf;
xz_buf.in_pos = 0;
do {
struct page *page = module_get_next_page(info);
if (!page) {
retval = -ENOMEM;
goto out;
}
xz_buf.out = kmap(page);
xz_buf.out_pos = 0;
xz_buf.out_size = PAGE_SIZE;
xz_ret = xz_dec_run(xz_dec, &xz_buf);
kunmap(page);
new_size += xz_buf.out_pos;
} while (xz_buf.out_pos == PAGE_SIZE && xz_ret == XZ_OK);
if (xz_ret != XZ_STREAM_END) {
pr_err("decompression failed with status %d\n", xz_ret);
retval = -EINVAL;
goto out;
}
retval = new_size;
out:
xz_dec_end(xz_dec);
return retval;
}
#else
#error "Unexpected configuration for CONFIG_MODULE_DECOMPRESS"
#endif
int module_decompress(struct load_info *info, const void *buf, size_t size)
{
unsigned int n_pages;
ssize_t data_size;
int error;
/*
* Start with number of pages twice as big as needed for
* compressed data.
*/
n_pages = DIV_ROUND_UP(size, PAGE_SIZE) * 2;
error = module_extend_max_pages(info, n_pages);
data_size = MODULE_DECOMPRESS_FN(info, buf, size);
if (data_size < 0) {
error = data_size;
goto err;
}
info->hdr = vmap(info->pages, info->used_pages, VM_MAP, PAGE_KERNEL);
if (!info->hdr) {
error = -ENOMEM;
goto err;
}
info->len = data_size;
return 0;
err:
module_decompress_cleanup(info);
return error;
}
void module_decompress_cleanup(struct load_info *info)
{
int i;
if (info->hdr)
vunmap(info->hdr);
for (i = 0; i < info->used_pages; i++)
__free_page(info->pages[i]);
kvfree(info->pages);
info->pages = NULL;
info->max_pages = info->used_pages = 0;
}
static ssize_t compression_show(struct kobject *kobj,
struct kobj_attribute *attr, char *buf)
{
return sysfs_emit(buf, "%s\n", __stringify(MODULE_COMPRESSION));
}
static struct kobj_attribute module_compression_attr = __ATTR_RO(compression);
static int __init module_decompress_sysfs_init(void)
{
int error;
error = sysfs_create_file(&module_kset->kobj,
&module_compression_attr.attr);
if (error)
pr_warn("Failed to create 'compression' attribute");
return 0;
}
late_initcall(module_decompress_sysfs_init);