From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1422961AbcFMMcq (ORCPT <rfc822;w@1wt.eu>);
	Mon, 13 Jun 2016 08:32:46 -0400
Received: from mx1.redhat.com ([209.132.183.28]:33497 "EHLO mx1.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1030186AbcFMMco (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Mon, 13 Jun 2016 08:32:44 -0400
From: Prarit Bhargava <prarit@redhat.com>
To: linux-kernel@vger.kernel.org
Cc: Prarit Bhargava <prarit@redhat.com>, Jonathan Corbet <corbet@lwn.net>,
        Rusty Russell <rusty@rustcorp.com.au>, linux-doc@vger.kernel.org
Subject: [PATCH] Add kernel parameter to blacklist modules
Date: Mon, 13 Jun 2016 08:32:41 -0400
Message-Id: <1465821161-13889-1-git-send-email-prarit@redhat.com>
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Mon, 13 Jun 2016 12:32:44 +0000 (UTC)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Blacklisting a module in linux has long been a problem.  The process of
blacklisting a module has changed over time, and it seems that every OS
does it slightly differently and depends on the age of the init system
used on that OS.

The current Fedora/systemd procedure is to use rd.blacklist=module_name,
however, that doesn't cover the case after the initramfs and before a boot
prompt (where one is supposed to use /etc/modprobe.d/blacklist.conf to
blacklist runtime loading). Using rd.shell to get an early prompt is
hit-or-miss, and doesn't cover all situations AFAICT.  Explaining all of this
to an end user isn't trivial.  This becomes especially difficult when
attempting to blacklist a module during system install from RO media.

This patch adds this functionality of blacklisting a module by its name
via the kernel parameter module_blacklist=module_name.  The parameter
can also accept comma separated values.

Usage example:

[root@intel-mohonpeak-02 ~]# insmod /home/dummy-module/dummy-module.ko
insmod: ERROR: could not insert module /home/rhel7/redhat/debug/dummy-module/dummy-module.ko: Operation not permitted
[root@intel-mohonpeak-02 ~]# dmesg | grep black
[    0.000000] Command line: BOOT_IMAGE=/vmlinuz-4.7.0-rc2+ root=/dev/mapper/rhel_intel--mohonpeak--02-root ro crashkernel=auto rd.lvm.lv=rhel_intel-mohonpeak-02/root rd.lvm.lv=rhel_intel-mohonpeak-02/swap console=ttyS0,115200 LANG=en_US.UTF-8 module_blacklist=dummy_module
[    0.000000] Kernel command line: BOOT_IMAGE=/vmlinuz-4.7.0-rc2+ root=/dev/mapper/rhel_intel--mohonpeak--02-root ro crashkernel=auto rd.lvm.lv=rhel_intel-mohonpeak-02/root rd.lvm.lv=rhel_intel-mohonpeak-02/swap console=ttyS0,115200 LANG=en_US.UTF-8 module_blacklist=dummy_module
[    0.000000] blacklisting module dummy_module
[   85.127433] module dummy_module has been blacklisted.  This module will not load.

Signed-off-by: Prarit Bhargava <prarit@redhat.com>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Rusty Russell <rusty@rustcorp.com.au>
Cc: linux-doc@vger.kernel.org
---
 Documentation/kernel-parameters.txt |    3 +++
 kernel/module.c                     |   37 +++++++++++++++++++++++++++++++++++
 2 files changed, 40 insertions(+)

diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
index 82b42c958d1c..c720b96f2efc 100644
--- a/Documentation/kernel-parameters.txt
+++ b/Documentation/kernel-parameters.txt
@@ -2295,6 +2295,9 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
 			Note that if CONFIG_MODULE_SIG_FORCE is set, that
 			is always true, so this option does nothing.
 
+	module_blacklist=  [KNL] Do not load a comma-separated list of
+			modules.  Useful for debugging problem modules.
+
 	mousedev.tap_time=
 			[MOUSE] Maximum time between finger touching and
 			leaving touchpad surface for touch to be considered
diff --git a/kernel/module.c b/kernel/module.c
index 5f71aa63ed2a..ed3076d98a32 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -46,6 +46,7 @@
 #include <linux/string.h>
 #include <linux/mutex.h>
 #include <linux/rculist.h>
+#include <linux/bootmem.h>
 #include <asm/uaccess.h>
 #include <asm/cacheflush.h>
 #include <asm/mmu_context.h>
@@ -3155,16 +3156,52 @@ int __weak module_frob_arch_sections(Elf_Ehdr *hdr,
 	return 0;
 }
 
+struct mod_blacklist_entry {
+	struct list_head next;
+	char *buf;
+};
+
+static LIST_HEAD(blacklisted_modules);
+static int __init module_blacklist(char *str)
+{
+	char *str_entry;
+	struct mod_blacklist_entry *entry;
+
+	/* str argument is a comma-separated list of module names */
+	do {
+		str_entry = strsep(&str, ",");
+		if (str_entry) {
+			pr_debug("blacklisting module %s\n", str_entry);
+			entry = alloc_bootmem(sizeof(*entry));
+			entry->buf = alloc_bootmem(strlen(str_entry) + 1);
+			strcpy(entry->buf, str_entry);
+			list_add(&entry->next, &blacklisted_modules);
+		}
+	} while (str_entry);
+
+	return 0;
+}
+__setup("module_blacklist=", module_blacklist);
+
 static struct module *layout_and_allocate(struct load_info *info, int flags)
 {
 	/* Module within temporary copy. */
 	struct module *mod;
 	int err;
+	struct mod_blacklist_entry *entry;
 
 	mod = setup_load_info(info, flags);
 	if (IS_ERR(mod))
 		return mod;
 
+	/* Has this module been blacklisted by the user? */
+	list_for_each_entry(entry, &blacklisted_modules, next) {
+		if (!strcmp(mod->name, entry->buf)) {
+			pr_debug("module %s blacklisted\n", mod->name);
+			return ERR_PTR(-EPERM);
+		}
+	}
+
 	err = check_modinfo(mod, info, flags);
 	if (err)
 		return ERR_PTR(err);
-- 
1.7.9.3