From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752894AbcFOB0u (ORCPT ); Tue, 14 Jun 2016 21:26:50 -0400 Received: from ozlabs.org ([103.22.144.67]:40710 "EHLO ozlabs.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752618AbcFOB0t (ORCPT ); Tue, 14 Jun 2016 21:26:49 -0400 From: Rusty Russell To: Prarit Bhargava , linux-kernel@vger.kernel.org Cc: Prarit Bhargava , Jonathan Corbet , linux-doc@vger.kernel.org Subject: Re: [PATCH v2] Add kernel parameter to blacklist modules In-Reply-To: <1465924545-10090-1-git-send-email-prarit@redhat.com> References: <87h9cw7pg2.fsf@rustcorp.com.au> <1465924545-10090-1-git-send-email-prarit@redhat.com> User-Agent: Notmuch/0.21 (http://notmuchmail.org) Emacs/24.5.1 (x86_64-pc-linux-gnu) Date: Wed, 15 Jun 2016 06:50:33 +0930 Message-ID: <87fusflb6m.fsf@rustcorp.com.au> MIME-Version: 1.0 Content-Type: text/plain Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Prarit Bhargava writes: > Blacklisting a module in linux has long been a problem. The current > procedure is to use rd.blacklist=module_name, however, that doesn't > cover the case after the initramfs and before a boot prompt (where one > is supposed to use /etc/modprobe.d/blacklist.conf to blacklist > runtime loading). Using rd.shell to get an early prompt is hit-or-miss, > and doesn't cover all situations AFAICT. > > This patch adds this functionality of permanently blacklisting a module > by its name via the kernel parameter module_blacklist=module_name. > > [v2]: Rusty, use core_param() instead of __setup(), and drop struct which > simplifies things. > > Signed-off-by: Prarit Bhargava > Cc: Jonathan Corbet > Cc: Rusty Russell > Cc: linux-doc@vger.kernel.org > --- > Documentation/kernel-parameters.txt | 3 +++ > kernel/module.c | 25 +++++++++++++++++++++++++ > 2 files changed, 28 insertions(+) > > diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt > index 82b42c958d1c..c720b96f2efc 100644 > --- a/Documentation/kernel-parameters.txt > +++ b/Documentation/kernel-parameters.txt > @@ -2295,6 +2295,9 @@ bytes respectively. Such letter suffixes can also be entirely omitted. > Note that if CONFIG_MODULE_SIG_FORCE is set, that > is always true, so this option does nothing. > > + module_blacklist= [KNL] Do not load a comma-separated list of > + modules. Useful for debugging problem modules. > + > mousedev.tap_time= > [MOUSE] Maximum time between finger touching and > leaving touchpad surface for touch to be considered > diff --git a/kernel/module.c b/kernel/module.c > index 5f71aa63ed2a..5ff5287b19a8 100644 > --- a/kernel/module.c > +++ b/kernel/module.c > @@ -3155,6 +3155,28 @@ int __weak module_frob_arch_sections(Elf_Ehdr *hdr, > return 0; > } > > +/* module_blacklist is a comma-separated list of module names */ > +static char *module_blacklist; > +static bool blacklisted(char *module_name) > +{ > + char *str, *entry; > + > + if (!module_blacklist) > + return false; > + > + str = module_blacklist; > + do { > + entry = strsep(&str, ","); > + if (!strcmp(module_name, entry)) { > + pr_info("module %s is blacklisted\n", module_name); > + return true; > + } strsep mangles the string; this will only work once :) This is untested, and a little ugly: len = strlen(module_name); while ((p = strstr(p, module_name)) != NULL) { if ((p == module_blacklist || p[-1] == ',') && (p[len] == ',' || p[len] == '\0')) return true; p += len; } return false; Cheers, Rusty.