Hi Alex,
On 3/31/24 00:05, Alejandro Colomar wrote:
> Hi Michael,
>
> On Fri, Mar 29, 2024 at 01:41:37PM +0100, Michael Weiß wrote:
>> finit_module() supports the MODULE_INIT_COMPRESS_FILE flag since
>> Linux 5.17. See commit b1ae6dc41eaaa ("module: add in-kernel support
>> for decompressing")
>>
>> During implementation of a secure module loader in GyroidOS, we
>> wanted to filter unsafe module parameters. To verify that only the
>> two documented flags which are disabling sanity checks are unsafe,
>> we had a look in the current kernel implementation.
>>
>> We discovered that this new flag MODULE_INIT_COMPRESS_FILE was added.
>> Having a deeper look at the code, we also discovered that a new error
>> code EOPNOTSUPP is possible within newer kernels.
>>
>> The inital commit only supported gzip and xz compression algorithms.
>> Support for zstd was added in Linux 6.2 by commit 169a58ad824d8
>> ("module/decompress: Support zstd in-kernel decompression")
>>
>> Signed-off-by: Michael Weiß <michael.weiss@xxxxxxxxxxxxxxxxxxx>
>> ---
>> man2/init_module.2 | 48 +++++++++++++++++++++++++++++++++++++++++++++-
>> 1 file changed, 47 insertions(+), 1 deletion(-)
>>
>> diff --git a/man2/init_module.2 b/man2/init_module.2
>> index 95917a079..8197b0df6 100644
>> --- a/man2/init_module.2
>> +++ b/man2/init_module.2
>> @@ -107,6 +107,10 @@ Ignore symbol version hashes.
>> .TP
>> .B MODULE_INIT_IGNORE_VERMAGIC
>> Ignore kernel version magic.
>> +.TP
>> +.BR MODULE_INIT_COMPRESSED_FILE " (since Linux 5.17)"
>> +.\" commit b1ae6dc41eaaa98bb75671e0f3665bfda248c3e7
>> +Use in-kernel module decompression.
>> .P
>> There are some safety checks built into a module to ensure that
>> it matches the kernel against which it is loaded.
>> @@ -136,6 +140,41 @@ If the kernel is built to permit forced loading (i.e., configured with
>> then loading continues, otherwise it fails with the error
>> .B ENOEXEC
>> as expected for malformed modules.
>> +.P
>> +If the kernel was build with
>> +.BR CONFIG_MODULE_DECOMPRESS ,
>> +the in-kernel decompression feature can be used.
>> +Userspace code can check if the kernel supports decompression by
>> +reading the
>> +.I /sys/module/compression
>> +attribute.
>> +If the kernel supports decompression, the compressed file can directly
>
> Please use semantic newlines. See man-pages(7):
>
> $ MANWIDTH=72 man man-pages | sed -n '/Use semantic newlines/,/^$/p';
> Use semantic newlines
> In the source of a manual page, new sentences should be started
> on new lines, long sentences should be split into lines at clause
> breaks (commas, semicolons, colons, and so on), and long clauses
> should be split at phrase boundaries. This convention, sometimes
> known as "semantic newlines", makes it easier to see the effect
> of patches, which often operate at the level of individual sen‐
> tences, clauses, or phrases.
>
Thanks for the hint. I'll fix that.
>> +be passed to
>> +.BR finit_module ()
>> +using the
>> +.B MODULE_INIT_COMPRESSED_FILE
>> +flag.
>> +The in-kernel module decompressor supports the following compression
>> +algorithms:
>> +.P
>> +.RS 4
>> +.PD 0
>> +.IP \[bu] 3
>> +.I gzip
>> +(since Linux 5.17)
>> +.IP \[bu]
>> +.I xz
>> +(since Linux 5.17)
>> +.IP \[bu]
>> +.I zstd
>> +.\" commit 169a58ad824d896b9e291a27193342616e651b82
>> +(since Linux 6.2)
>> +.PD
>> +.RE
>> +.P
>> +The kernel only implements a single decompression method which is
>> +selected during module generation accordingly to the compression
>> +method selected in the kernel configuration.
>> .SH RETURN VALUE
>> On success, these system calls return 0.
>> On error, \-1 is returned and
>> @@ -221,12 +260,19 @@ is too large.
>> .TP
>> .B EINVAL
>> .I flags
>> -is invalid.
>> +is invalid or the decompressor sanity checks failed while loading
>> +a compressed module with flag
>> +.BR CONFIG_MODULE_DECOMPRESS
>
> This should use B, not BR. (It uses Bold, not Bold/Roman alternating.)
>
I spotted another error here, too. Should be:
.B MODULE_INIT_COMPRESSED_FILE
I'll fix that in v2.
>> +set.
>> .TP
>> .B ENOEXEC
>> .I fd
>> does not refer to an open file.
>> .TP
>> +.BR EOPNOTSUPP " (since Linux 5.17)"
>> +This error is return if the kernel was configured without
>
> The first words seems redundant. I'd use:
>
> The kernel was configured without CONFIG_MODULE_DECOMPRESS.
>
> Which seems incomplete. I guess if the module is not compressed, then
> it won't report this error.
>
> The module is compressed, and the kernel was built without ...
True. But I would write:
The flag
.B MODULE_INIT_COMPRESSED_FILE
is set to load a compressed module,
and the kernel was built without
.BR CONFIG_MODULE_DECOMPRESS .
Since the error directly dependents on a check of the flag.
>
>> +.BR CONFIG_MODULE_DECOMPRESS
>
> This was missing a terminating '.'.
>
>> +.TP
>> .BR ETXTBSY " (since Linux 4.7)"
>> .\" commit 39d637af5aa7577f655c58b9e55587566c63a0af
>> The file referred to by
>> --
>> 2.39.2
>>
>
> Have a lovely night!
> Alex
>
Regards,
Michael
