Module compression & loadpin

Module compression & loadpin

[Jack Rosenthal]

Has anyone looked into what it may take to support both module
compression and loadpin (ensures modules come from trusted filesystem)?

From my understanding, this is not supported as kmod currently does the
decompression of modules, and loadpin prefers fload_module as it can
tell where the module came from. (https://crbug.com/777204)

In a gist, I am thinking supporting this scenario would require the
module decompression to happen on the kernel side. Wondering if anyone
has looked into this before I go making a solution...

Thanks,

Jack

Re: Module compression & loadpin

[Lucas De Marchi]

+Jessica

On Sat, Aug 3, 2019 at 9:50 AM Jack Rosenthal <jrosenth@chromium.org> wrote:
>
> Has anyone looked into what it may take to support both module
> compression and loadpin (ensures modules come from trusted filesystem)?
>
> From my understanding, this is not supported as kmod currently does the
> decompression of modules, and loadpin prefers fload_module as it can
> tell where the module came from. (https://crbug.com/777204)
>
> In a gist, I am thinking supporting this scenario would require the
> module decompression to happen on the kernel side. Wondering if anyone
> has looked into this before I go making a solution...

That's my thought as well. In order to use finit_module() with
compressed modules we need to teach the kernel how to open it. It
should not be difficult since kernel already has the decompression
libraries. This also gives us access to another
compression/decompression algorithms - but would be nice to have a
correspondent implementation for modinfo.

I planned to do that some years ago, but never implemented it. Nobody
that I know of is currently working on that. It would be a very
welcome contribution.

Jessica, any comment on having this on the kernel side?

Thanks
Lucas De Marchi


>
> Thanks,
>
> Jack




--
Lucas De Marchi

Re: Module compression & loadpin

[Jessica Yu]

+++ Lucas De Marchi [06/08/19 15:53 -0700]:
>+Jessica
>
>On Sat, Aug 3, 2019 at 9:50 AM Jack Rosenthal <jrosenth@chromium.org> wrote:
>>
>> Has anyone looked into what it may take to support both module
>> compression and loadpin (ensures modules come from trusted filesystem)?
>>
>> From my understanding, this is not supported as kmod currently does the
>> decompression of modules, and loadpin prefers fload_module as it can
>> tell where the module came from. (https://crbug.com/777204)
>>
>> In a gist, I am thinking supporting this scenario would require the
>> module decompression to happen on the kernel side. Wondering if anyone
>> has looked into this before I go making a solution...
>
>That's my thought as well. In order to use finit_module() with
>compressed modules we need to teach the kernel how to open it. It
>should not be difficult since kernel already has the decompression
>libraries. This also gives us access to another
>compression/decompression algorithms - but would be nice to have a
>correspondent implementation for modinfo.
>
>I planned to do that some years ago, but never implemented it. Nobody
>that I know of is currently working on that. It would be a very
>welcome contribution.

Indeed, I don't know of anyone currently working on that. I do not
think it should be that difficult, since as Lucas already mentioned we
already have multiple decompression libraries in the kernel to extract
the compressed kernel image on boot (see: lib/decompress.c and
friends), so at first glance, I don't think it would be too hard to
extend this functionality to the module loader. I'd welcome a patchset :)

Thanks,

Jessica