From: Xie XiuQi <xiexiuqi@huawei.com>
To: <rusty@rustcorp.com.au>, <paulmck@linux.vnet.ibm.com>,
<akpm@linux-foundation.org>, <bobby.prani@gmail.com>
Cc: <dhowells@redhat.com>, <David.Woodhouse@intel.com>,
<linux-kernel@vger.kernel.org>, <hannes@cmpxchg.org>,
<iulia.manda21@gmail.com>, <luto@amacapital.net>,
<huawei.libin@huawei.com>
Subject: [PATCH] module: check vermagic match exactly when load modules
Date: Wed, 9 Dec 2015 21:34:04 +0800 [thread overview]
Message-ID: <1449668044-28367-1-git-send-email-xiexiuqi@huawei.com> (raw)
Usually, checking kernel version will be ignore when loading
modules if CONFIG_MODVERSIONS option is enable. This could
potentially lead to a mismatch with the running kernel.
With this option, we prevent to load the modules which vermagic
is not match exactly with the running kernel.
It could be set to N by default.
Signed-off-by: Xie XiuQi <xiexiuqi@huawei.com>
---
init/Kconfig | 11 +++++++++++
kernel/module.c | 2 ++
2 files changed, 13 insertions(+)
diff --git a/init/Kconfig b/init/Kconfig
index c24b6f7..ce9c23e 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1889,6 +1889,17 @@ config MODVERSIONS
make them incompatible with the kernel you are running. If
unsure, say N.
+config MODULE_VERMAGIC_FORCE
+ bool "Require vermagic match exactly"
+ default n
+ depends on MODVERSIONS
+ help
+ Usually, checking kernel version will be ignore when loading
+ modules if CONFIG_MODVERSIONS option is enable. This could
+ potentially lead to a mismatch with the running kernel.
+ With this option, we prevent to load the modules which vermagic
+ is not match exactly with the running kernel. If unsure, say N.
+
config MODULE_SRCVERSION_ALL
bool "Source checksum for all modules"
help
diff --git a/kernel/module.c b/kernel/module.c
index 8f051a1..cf350d5 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -1350,10 +1350,12 @@ static inline int check_modstruct_version(Elf_Shdr *sechdrs,
static inline int same_magic(const char *amagic, const char *bmagic,
bool has_crcs)
{
+#ifndef CONFIG_MODULE_VERMAGIC_FORCE
if (has_crcs) {
amagic += strcspn(amagic, " ");
bmagic += strcspn(bmagic, " ");
}
+#endif
return strcmp(amagic, bmagic) == 0;
}
#else
--
1.8.3.1
next reply other threads:[~2015-12-09 13:32 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-09 13:34 Xie XiuQi [this message]
2015-12-10 3:06 ` [PATCH] module: check vermagic match exactly when load modules Rusty Russell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1449668044-28367-1-git-send-email-xiexiuqi@huawei.com \
--to=xiexiuqi@huawei.com \
--cc=David.Woodhouse@intel.com \
--cc=akpm@linux-foundation.org \
--cc=bobby.prani@gmail.com \
--cc=dhowells@redhat.com \
--cc=hannes@cmpxchg.org \
--cc=huawei.libin@huawei.com \
--cc=iulia.manda21@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=paulmck@linux.vnet.ibm.com \
--cc=rusty@rustcorp.com.au \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.