From: David Howells <dhowells@redhat.com>
To: linux-kernel@vger.kernel.org
Cc: dhowells@redhat.com, gnomes@lxorguk.ukuu.org.uk,
linux-security-module@vger.kernel.org, keyrings@vger.kernel.org,
minyard@acm.org
Subject: [PATCH 01/39] Annotate module params that specify hardware parameters (eg. ioport)
Date: Thu, 01 Dec 2016 12:29:47 +0000 [thread overview]
Message-ID: <148059538747.31612.8974972913601108271.stgit@warthog.procyon.org.uk> (raw)
In-Reply-To: <148059537897.31612.9461043954611464597.stgit@warthog.procyon.org.uk>
Provided an annotation for module parameters that specify hardware
parameters (such as io ports, iomem addresses, irqs, dma channels, fixed
dma buffers and other types).
This will enable such parameters to be locked down in the core parameter
parser for secure boot support.
I've also included annotations as to what sort of hardware configuration
each module is dealing with for future use. Some of these are
straightforward (ioport, iomem, irq, dma), but there are also:
(1) drivers that switch the semantics of a parameter between ioport and
iomem depending on a second parameter,
(2) drivers that appear to reserve a CPU memory buffer at a fixed address,
(3) other parameters, such as bus types and irq selection bitmasks.
For the moment, the hardware configuration type isn't actually stored,
though its validity is checked.
Signed-off-by: David Howells <dhowells@redhat.com>
---
include/linux/moduleparam.h | 65 ++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 64 insertions(+), 1 deletion(-)
diff --git a/include/linux/moduleparam.h b/include/linux/moduleparam.h
index 52666d90ca94..6be1949ebcdf 100644
--- a/include/linux/moduleparam.h
+++ b/include/linux/moduleparam.h
@@ -60,9 +60,11 @@ struct kernel_param_ops {
* Flags available for kernel_param
*
* UNSAFE - the parameter is dangerous and setting it will taint the kernel
+ * HWPARAM - Hardware param not permitted in lockdown mode
*/
enum {
- KERNEL_PARAM_FL_UNSAFE = (1 << 0)
+ KERNEL_PARAM_FL_UNSAFE = (1 << 0),
+ KERNEL_PARAM_FL_HWPARAM = (1 << 1),
};
struct kernel_param {
@@ -451,6 +453,67 @@ extern int param_set_bint(const char *val, const struct kernel_param *kp);
perm, -1, 0); \
__MODULE_PARM_TYPE(name, "array of " #type)
+enum hwparam_type {
+ hwparam_ioport, /* Module parameter configures an I/O port */
+ hwparam_iomem, /* Module parameter configures an I/O mem address */
+ hwparam_ioport_or_iomem, /* Module parameter could be either, depending on other option */
+ hwparam_irq, /* Module parameter configures an I/O port */
+ hwparam_dma, /* Module parameter configures a DMA channel */
+ hwparam_dma_addr, /* Module parameter configures a DMA buffer address */
+ hwparam_other, /* Module parameter configures some other value */
+};
+
+/**
+ * module_param_hw_named - A parameter representing a hw parameters
+ * @name: a valid C identifier which is the parameter name.
+ * @value: the actual lvalue to alter.
+ * @type: the type of the parameter
+ * @hwtype: what the value represents (enum hwparam_type)
+ * @perm: visibility in sysfs.
+ *
+ * Usually it's a good idea to have variable names and user-exposed names the
+ * same, but that's harder if the variable must be non-static or is inside a
+ * structure. This allows exposure under a different name.
+ */
+#define module_param_hw_named(name, value, type, hwtype, perm) \
+ param_check_##type(name, &(value)); \
+ __module_param_call(MODULE_PARAM_PREFIX, name, \
+ ¶m_ops_##type, &value, \
+ perm, -1, \
+ KERNEL_PARAM_FL_HWPARAM | (hwparam_##hwtype & 0)); \
+ __MODULE_PARM_TYPE(name, #type)
+
+#define module_param_hw(name, type, hwtype, perm) \
+ module_param_hw_named(name, name, type, hwtype, perm)
+
+/**
+ * module_param_hw_array - A parameter representing an array of hw parameters
+ * @name: the name of the array variable
+ * @type: the type, as per module_param()
+ * @hwtype: what the value represents (enum hwparam_type)
+ * @nump: optional pointer filled in with the number written
+ * @perm: visibility in sysfs
+ *
+ * Input and output are as comma-separated values. Commas inside values
+ * don't work properly (eg. an array of charp).
+ *
+ * ARRAY_SIZE(@name) is used to determine the number of elements in the
+ * array, so the definition must be visible.
+ */
+#define module_param_hw_array(name, type, hwtype, nump, perm) \
+ param_check_##type(name, &(name)[0]); \
+ static const struct kparam_array __param_arr_##name \
+ = { .max = ARRAY_SIZE(name), .num = nump, \
+ .ops = ¶m_ops_##type, \
+ .elemsize = sizeof(name[0]), .elem = name }; \
+ __module_param_call(MODULE_PARAM_PREFIX, name, \
+ ¶m_array_ops, \
+ .arr = &__param_arr_##name, \
+ perm, -1, \
+ KERNEL_PARAM_FL_HWPARAM | (hwparam_##hwtype & 0)); \
+ __MODULE_PARM_TYPE(name, "array of " #type)
+
+
extern const struct kernel_param_ops param_array_ops;
extern const struct kernel_param_ops param_ops_string;
next prev parent reply other threads:[~2016-12-01 12:29 UTC|newest]
Thread overview: 81+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-12-01 12:29 [PATCH 00/39] Annotate hw config module params for future lockdown David Howells
2016-12-01 12:29 ` David Howells [this message]
2016-12-01 15:01 ` [PATCH 01/39] Annotate module params that specify hardware parameters (eg. ioport) Greg KH
2016-12-02 3:07 ` Matthew Garrett
2016-12-02 6:55 ` Greg KH
2016-12-02 7:12 ` Matthew Garrett
2016-12-05 21:26 ` One Thousand Gnomes
2016-12-02 14:59 ` David Howells
2016-12-05 15:47 ` Greg KH
2016-12-06 10:54 ` David Howells
2016-12-01 16:02 ` David Howells
2016-12-05 21:12 ` One Thousand Gnomes
2016-12-06 7:11 ` Greg KH
2016-12-06 10:42 ` David Howells
2016-12-06 10:50 ` Greg KH
2016-12-01 12:29 ` [PATCH 02/39] Annotate hardware config module parameters in arch/x86/mm/ David Howells
2016-12-01 12:30 ` [PATCH 03/39] Annotate hardware config module parameters in drivers/char/ipmi/ David Howells
2016-12-01 13:14 ` Corey Minyard
2016-12-01 12:30 ` [PATCH 04/39] Annotate hardware config module parameters in drivers/char/mwave/ David Howells
2016-12-01 12:30 ` [PATCH 05/39] Annotate hardware config module parameters in drivers/char/ David Howells
2016-12-01 12:30 ` [PATCH 06/39] Annotate hardware config module parameters in drivers/clocksource/ David Howells
2016-12-01 12:30 ` [PATCH 07/39] Annotate hardware config module parameters in drivers/cpufreq/ David Howells
2016-12-01 14:02 ` Rafael J. Wysocki
2016-12-01 14:19 ` David Howells
2016-12-01 14:21 ` Rafael J. Wysocki
2016-12-01 12:30 ` [PATCH 08/39] Annotate hardware config module parameters in drivers/gpio/ David Howells
2016-12-01 13:49 ` William Breathitt Gray
2016-12-02 12:55 ` Linus Walleij
2016-12-01 12:30 ` [PATCH 09/39] Annotate hardware config module parameters in drivers/i2c/ David Howells
2016-12-01 13:47 ` Jean Delvare
2016-12-01 14:12 ` David Howells
2016-12-01 16:06 ` Jean Delvare
2016-12-05 21:09 ` One Thousand Gnomes
2016-12-01 12:30 ` [PATCH 10/39] Annotate hardware config module parameters in drivers/iio/ David Howells
2016-12-01 13:50 ` William Breathitt Gray
2016-12-03 9:05 ` Jonathan Cameron
2016-12-07 13:43 ` David Howells
2016-12-07 13:43 ` David Howells
2016-12-01 12:31 ` [PATCH 11/39] Annotate hardware config module parameters in drivers/input/ David Howells
2016-12-03 18:51 ` Dmitry Torokhov
2016-12-01 12:31 ` [PATCH 12/39] Annotate hardware config module parameters in drivers/isdn/ David Howells
2016-12-01 12:31 ` [PATCH 13/39] Annotate hardware config module parameters in drivers/media/ David Howells
2016-12-01 12:31 ` [PATCH 14/39] Annotate hardware config module parameters in drivers/misc/ David Howells
2016-12-01 12:31 ` [PATCH 15/39] Annotate hardware config module parameters in drivers/mmc/host/ David Howells
2016-12-01 12:31 ` [PATCH 16/39] Annotate hardware config module parameters in drivers/net/appletalk/ David Howells
2016-12-01 12:31 ` [PATCH 17/39] Annotate hardware config module parameters in drivers/net/arcnet/ David Howells
2016-12-01 12:32 ` [PATCH 18/39] Annotate hardware config module parameters in drivers/net/can/ David Howells
2016-12-01 13:05 ` Marc Kleine-Budde
2016-12-01 12:32 ` [PATCH 19/39] Annotate hardware config module parameters in drivers/net/ethernet/ David Howells
2016-12-01 12:32 ` [PATCH 20/39] Annotate hardware config module parameters in drivers/net/hamradio/ David Howells
2016-12-01 16:07 ` David Ranch
2016-12-01 12:32 ` [PATCH 21/39] Annotate hardware config module parameters in drivers/net/irda/ David Howells
2016-12-01 12:32 ` [PATCH 22/39] Annotate hardware config module parameters in drivers/net/wan/ David Howells
2016-12-01 12:32 ` [PATCH 23/39] Annotate hardware config module parameters in drivers/net/wireless/ David Howells
2016-12-02 5:04 ` Kalle Valo
2016-12-07 13:45 ` David Howells
2016-12-01 12:32 ` [PATCH 24/39] Annotate hardware config module parameters in drivers/parport/ David Howells
2016-12-01 12:32 ` [PATCH 25/39] Annotate hardware config module parameters in drivers/pci/hotplug/ David Howells
2016-12-07 18:34 ` Bjorn Helgaas
2016-12-01 12:33 ` [PATCH 26/39] Annotate hardware config module parameters in drivers/pcmcia/ David Howells
2016-12-01 12:33 ` [PATCH 27/39] Annotate hardware config module parameters in drivers/scsi/ David Howells
2016-12-01 22:05 ` Finn Thain
2017-04-05 14:33 ` David Howells
2017-04-05 14:33 ` David Howells
2016-12-01 12:33 ` [PATCH 28/39] Annotate hardware config module parameters in drivers/staging/i4l/ David Howells
2016-12-01 12:33 ` [PATCH 29/39] Annotate hardware config module parameters in drivers/staging/media/ David Howells
2016-12-01 14:54 ` Mauro Carvalho Chehab
2016-12-01 14:59 ` David Howells
2016-12-01 15:17 ` Mauro Carvalho Chehab
2016-12-01 12:33 ` [PATCH 30/39] Annotate hardware config module parameters in drivers/staging/speakup/ David Howells
2016-12-01 12:33 ` [PATCH 31/39] Annotate hardware config module parameters in drivers/staging/vme/ David Howells
2016-12-01 12:33 ` [PATCH 32/39] Annotate hardware config module parameters in drivers/tty/ David Howells
2016-12-01 15:02 ` Greg Kroah-Hartman
2016-12-01 12:34 ` [PATCH 33/39] Annotate hardware config module parameters in drivers/video/ David Howells
2016-12-01 12:34 ` [PATCH 34/39] Annotate hardware config module parameters in drivers/watchdog/ David Howells
2016-12-01 12:58 ` Guenter Roeck
2016-12-01 12:34 ` [PATCH 35/39] Annotate hardware config module parameters in fs/pstore/ David Howells
2016-12-01 12:34 ` [PATCH 36/39] Annotate hardware config module parameters in sound/drivers/ David Howells
2016-12-01 12:34 ` [PATCH 37/39] Annotate hardware config module parameters in sound/isa/ David Howells
2016-12-01 12:34 ` [PATCH 38/39] Annotate hardware config module parameters in sound/oss/ David Howells
2016-12-01 12:34 ` [PATCH 39/39] Annotate hardware config module parameters in sound/pci/ David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=148059538747.31612.8974972913601108271.stgit@warthog.procyon.org.uk \
--to=dhowells@redhat.com \
--cc=gnomes@lxorguk.ukuu.org.uk \
--cc=keyrings@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=minyard@acm.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.