From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1423247AbcFMXos (ORCPT ); Mon, 13 Jun 2016 19:44:48 -0400 Received: from ozlabs.org ([103.22.144.67]:38392 "EHLO ozlabs.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1423136AbcFMXoq (ORCPT ); Mon, 13 Jun 2016 19:44:46 -0400 From: Rusty Russell To: Prarit Bhargava , linux-kernel@vger.kernel.org Cc: Prarit Bhargava , Jonathan Corbet , linux-doc@vger.kernel.org Subject: Re: [PATCH] Add kernel parameter to blacklist modules In-Reply-To: <1465821161-13889-1-git-send-email-prarit@redhat.com> References: <1465821161-13889-1-git-send-email-prarit@redhat.com> User-Agent: Notmuch/0.21 (http://notmuchmail.org) Emacs/24.5.1 (x86_64-pc-linux-gnu) Date: Tue, 14 Jun 2016 06:53:57 +0930 Message-ID: <87h9cw7pg2.fsf@rustcorp.com.au> MIME-Version: 1.0 Content-Type: text/plain Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Prarit Bhargava writes: > Blacklisting a module in linux has long been a problem. The process of > blacklisting a module has changed over time, and it seems that every OS > does it slightly differently and depends on the age of the init system > used on that OS. Hi Prarit, I don't mind the idea, but we can refine the implementation a little I think. 1) Use core_param(module_blacklist, module_blacklist, charp, 0400) instead of __setup(). I'd like to kill __setup(), really. 2) Simply search the blacklist string at load time, no new datastructures. Not completely sure about #2, but I think it'll be fairly neat. Thanks, Rusty. > The current Fedora/systemd procedure is to use rd.blacklist=module_name, > however, that doesn't cover the case after the initramfs and before a boot > prompt (where one is supposed to use /etc/modprobe.d/blacklist.conf to > blacklist runtime loading). Using rd.shell to get an early prompt is > hit-or-miss, and doesn't cover all situations AFAICT. Explaining all of this > to an end user isn't trivial. This becomes especially difficult when > attempting to blacklist a module during system install from RO media. > > This patch adds this functionality of blacklisting a module by its name > via the kernel parameter module_blacklist=module_name. The parameter > can also accept comma separated values. > > Usage example: > > [root@intel-mohonpeak-02 ~]# insmod /home/dummy-module/dummy-module.ko > insmod: ERROR: could not insert module /home/rhel7/redhat/debug/dummy-module/dummy-module.ko: Operation not permitted > [root@intel-mohonpeak-02 ~]# dmesg | grep black > [ 0.000000] Command line: BOOT_IMAGE=/vmlinuz-4.7.0-rc2+ root=/dev/mapper/rhel_intel--mohonpeak--02-root ro crashkernel=auto rd.lvm.lv=rhel_intel-mohonpeak-02/root rd.lvm.lv=rhel_intel-mohonpeak-02/swap console=ttyS0,115200 LANG=en_US.UTF-8 module_blacklist=dummy_module > [ 0.000000] Kernel command line: BOOT_IMAGE=/vmlinuz-4.7.0-rc2+ root=/dev/mapper/rhel_intel--mohonpeak--02-root ro crashkernel=auto rd.lvm.lv=rhel_intel-mohonpeak-02/root rd.lvm.lv=rhel_intel-mohonpeak-02/swap console=ttyS0,115200 LANG=en_US.UTF-8 module_blacklist=dummy_module > [ 0.000000] blacklisting module dummy_module > [ 85.127433] module dummy_module has been blacklisted. This module will not load. > > Signed-off-by: Prarit Bhargava > Cc: Jonathan Corbet > Cc: Rusty Russell > Cc: linux-doc@vger.kernel.org > --- > Documentation/kernel-parameters.txt | 3 +++ > kernel/module.c | 37 +++++++++++++++++++++++++++++++++++ > 2 files changed, 40 insertions(+) > > diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt > index 82b42c958d1c..c720b96f2efc 100644 > --- a/Documentation/kernel-parameters.txt > +++ b/Documentation/kernel-parameters.txt > @@ -2295,6 +2295,9 @@ bytes respectively. Such letter suffixes can also be entirely omitted. > Note that if CONFIG_MODULE_SIG_FORCE is set, that > is always true, so this option does nothing. > > + module_blacklist= [KNL] Do not load a comma-separated list of > + modules. Useful for debugging problem modules. > + > mousedev.tap_time= > [MOUSE] Maximum time between finger touching and > leaving touchpad surface for touch to be considered > diff --git a/kernel/module.c b/kernel/module.c > index 5f71aa63ed2a..ed3076d98a32 100644 > --- a/kernel/module.c > +++ b/kernel/module.c > @@ -46,6 +46,7 @@ > #include > #include > #include > +#include > #include > #include > #include > @@ -3155,16 +3156,52 @@ int __weak module_frob_arch_sections(Elf_Ehdr *hdr, > return 0; > } > > +struct mod_blacklist_entry { > + struct list_head next; > + char *buf; > +}; > + > +static LIST_HEAD(blacklisted_modules); > +static int __init module_blacklist(char *str) > +{ > + char *str_entry; > + struct mod_blacklist_entry *entry; > + > + /* str argument is a comma-separated list of module names */ > + do { > + str_entry = strsep(&str, ","); > + if (str_entry) { > + pr_debug("blacklisting module %s\n", str_entry); > + entry = alloc_bootmem(sizeof(*entry)); > + entry->buf = alloc_bootmem(strlen(str_entry) + 1); > + strcpy(entry->buf, str_entry); > + list_add(&entry->next, &blacklisted_modules); > + } > + } while (str_entry); > + > + return 0; > +} > +__setup("module_blacklist=", module_blacklist); > + > static struct module *layout_and_allocate(struct load_info *info, int flags) > { > /* Module within temporary copy. */ > struct module *mod; > int err; > + struct mod_blacklist_entry *entry; > > mod = setup_load_info(info, flags); > if (IS_ERR(mod)) > return mod; > > + /* Has this module been blacklisted by the user? */ > + list_for_each_entry(entry, &blacklisted_modules, next) { > + if (!strcmp(mod->name, entry->buf)) { > + pr_debug("module %s blacklisted\n", mod->name); > + return ERR_PTR(-EPERM); > + } > + } > + > err = check_modinfo(mod, info, flags); > if (err) > return ERR_PTR(err); > -- > 1.7.9.3