Blacklisting a module in linux has long been a problem. The current procedure is to use rd.blacklist=module_name, however, that doesn't cover the case after the initramfs and before a boot prompt (where one is supposed to use /etc/modprobe.d/blacklist.conf to blacklist runtime loading). Using rd.shell to get an early prompt is hit-or-miss, and doesn't cover all situations AFAICT. This patch adds this functionality of permanently blacklisting a module by its name via the kernel parameter module_blacklist=module_name. [v2]: Rusty, use core_param() instead of __setup(), and drop struct which simplifies things. Signed-off-by: Prarit Bhargava <prarit@xxxxxxxxxx> Cc: Jonathan Corbet <corbet@xxxxxxx> Cc: Rusty Russell <rusty@xxxxxxxxxxxxxxx> Cc: linux-doc@xxxxxxxxxxxxxxx --- Documentation/kernel-parameters.txt | 3 +++ kernel/module.c | 25 +++++++++++++++++++++++++ 2 files changed, 28 insertions(+) diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt index 82b42c958d1c..c720b96f2efc 100644 --- a/Documentation/kernel-parameters.txt +++ b/Documentation/kernel-parameters.txt @@ -2295,6 +2295,9 @@ bytes respectively. Such letter suffixes can also be entirely omitted. Note that if CONFIG_MODULE_SIG_FORCE is set, that is always true, so this option does nothing. + module_blacklist= [KNL] Do not load a comma-separated list of + modules. Useful for debugging problem modules. + mousedev.tap_time= [MOUSE] Maximum time between finger touching and leaving touchpad surface for touch to be considered diff --git a/kernel/module.c b/kernel/module.c index 5f71aa63ed2a..5ff5287b19a8 100644 --- a/kernel/module.c +++ b/kernel/module.c @@ -3155,6 +3155,28 @@ int __weak module_frob_arch_sections(Elf_Ehdr *hdr, return 0; } +/* module_blacklist is a comma-separated list of module names */ +static char *module_blacklist; +static bool blacklisted(char *module_name) +{ + char *str, *entry; + + if (!module_blacklist) + return false; + + str = module_blacklist; + do { + entry = strsep(&str, ","); + if (!strcmp(module_name, entry)) { + pr_info("module %s is blacklisted\n", module_name); + return true; + } + } while (str); + + return false; +} +core_param(module_blacklist, module_blacklist, charp, 0400); + static struct module *layout_and_allocate(struct load_info *info, int flags) { /* Module within temporary copy. */ @@ -3165,6 +3187,9 @@ static struct module *layout_and_allocate(struct load_info *info, int flags) if (IS_ERR(mod)) return mod; + if (blacklisted(mod->name)) + return ERR_PTR(-EPERM); + err = check_modinfo(mod, info, flags); if (err) return ERR_PTR(err); -- 1.7.9.3 -- To unsubscribe from this list: send the line "unsubscribe linux-doc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html