Hi, sorry, I forgot to add -v2 before sending. On 4/3/24 13:42, Michael Weiß wrote: > finit_module() supports the MODULE_INIT_COMPRESS_FILE flag since > Linux 5.17. See commit b1ae6dc41eaaa ("module: add in-kernel support > for decompressing") > > During implementation of a secure module loader in GyroidOS, we > wanted to filter unsafe module parameters. To verify that only the > two documented flags which are disabling sanity checks are unsafe, > we had a look in the current kernel implementation. > > We discovered that this new flag MODULE_INIT_COMPRESS_FILE was added. > Having a deeper look at the code, we also discovered that a new error > code EOPNOTSUPP is possible within newer kernels. > > The inital commit only supported gzip and xz compression algorithms. > Support for zstd was added in Linux 6.2 by commit 169a58ad824d8 > ("module/decompress: Support zstd in-kernel decompression") > > Signed-off-by: Michael Weiß <michael.weiss@xxxxxxxxxxxxxxxxxxx> > --- > > Changes in v2: > - Update formatting (Alejandro) > - Split EINVAL into two entries (Alejandro) > - Fixed error in EINVAL, s/CONFIG_MODULE_DECOMPRESS/MODULE_INIT_COMPRESSED_FILE/ > - Fixed incomplete description for EOPNOTSUPP (Alejandro) > - Link to v1: https://lore.kernel.org/r/20240329124137.630521-1-michael.weiss@xxxxxxxxxxxxxxxxxxx/ > > --- > man2/init_module.2 | 50 ++++++++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 50 insertions(+) > > diff --git a/man2/init_module.2 b/man2/init_module.2 > index 95917a079..133d82b53 100644 > --- a/man2/init_module.2 > +++ b/man2/init_module.2 > @@ -107,6 +107,10 @@ Ignore symbol version hashes. > .TP > .B MODULE_INIT_IGNORE_VERMAGIC > Ignore kernel version magic. > +.TP > +.BR MODULE_INIT_COMPRESSED_FILE " (since Linux 5.17)" > +.\" commit b1ae6dc41eaaa98bb75671e0f3665bfda248c3e7 > +Use in-kernel module decompression. > .P > There are some safety checks built into a module to ensure that > it matches the kernel against which it is loaded. > @@ -136,6 +140,39 @@ If the kernel is built to permit forced loading (i.e., configured with > then loading continues, otherwise it fails with the error > .B ENOEXEC > as expected for malformed modules. > +.P > +If the kernel was build with > +.BR CONFIG_MODULE_DECOMPRESS , > +the in-kernel decompression feature can be used. > +Userspace code can check if the kernel supports decompression by reading the > +.I /sys/module/compression > +attribute. > +If the kernel supports decompression, > +the compressed file can directly be passed to > +.BR finit_module () > +using the > +.B MODULE_INIT_COMPRESSED_FILE > +flag. > +The in-kernel module decompressor supports the following compression algorithms: > +.P > +.RS 4 > +.PD 0 > +.IP \[bu] 3 > +.I gzip > +(since Linux 5.17) > +.IP \[bu] > +.I xz > +(since Linux 5.17) > +.IP \[bu] > +.I zstd > +.\" commit 169a58ad824d896b9e291a27193342616e651b82 > +(since Linux 6.2) > +.PD > +.RE > +.P > +The kernel only implements a single decompression method. > +This is selected during module generation accordingly to the compression method > +chosen in the kernel configuration. > .SH RETURN VALUE > On success, these system calls return 0. > On error, \-1 is returned and > @@ -223,10 +260,23 @@ is too large. > .I flags > is invalid. > .TP > +.B EINVAL > +The decompressor sanity checks failed, > +while loading a compressed module with flag > +.B MODULE_INIT_COMPRESSED_FILE > +set. > +.TP > .B ENOEXEC > .I fd > does not refer to an open file. > .TP > +.BR EOPNOTSUPP " (since Linux 5.17)" > +The flag > +.B MODULE_INIT_COMPRESSED_FILE > +is set to load a compressed module, > +and the kernel was built without > +.BR CONFIG_MODULE_DECOMPRESS . > +.TP > .BR ETXTBSY " (since Linux 4.7)" > .\" commit 39d637af5aa7577f655c58b9e55587566c63a0af > The file referred to by