Re: [PATCH 1/3] libkmod: add finit_module logic

[Lucas De Marchi <lucas.demarchi@xxxxxxxxxxxxxx>]

On Tue, Feb 12, 2013 at 8:32 PM, Kees Cook <keescook@xxxxxxxxxxxx> wrote:
> When a module is being loaded directly from disk (no compression,
> etc), pass the file descriptor to the new finit_module() syscall. If
> finit_module is exported by glibc, use it. Otherwise, manually make
> the syscall on architectures where it is known to exist.
> ---
>  libkmod/libkmod-file.c    |   16 +++++++++++++++-
>  libkmod/libkmod-module.c  |   18 ++++++++++++++++++
>  libkmod/libkmod-private.h |    2 ++
>  3 files changed, 35 insertions(+), 1 deletion(-)
>
> diff --git a/libkmod/libkmod-file.c b/libkmod/libkmod-file.c
> index ced20a8..76585f5 100644
> --- a/libkmod/libkmod-file.c
> +++ b/libkmod/libkmod-file.c
> @@ -52,6 +52,7 @@ struct kmod_file {
>         gzFile gzf;
>  #endif
>         int fd;
> +       int direct;

it's either true or false. It should be bool, not int.


>         off_t size;
>         void *memory;
>         const struct file_ops *ops;
> @@ -254,9 +255,11 @@ static int load_reg(struct kmod_file *file)
>                 return -errno;
>
>         file->size = st.st_size;
> -       file->memory = mmap(0, file->size, PROT_READ, MAP_PRIVATE, file->fd, 0);
> +       file->memory = mmap(NULL, file->size, PROT_READ, MAP_PRIVATE,
> +                           file->fd, 0);
>         if (file->memory == MAP_FAILED)
>                 return -errno;

this should be in patch 3.

> +       file->direct = 1;

s/1/true/

>         return 0;
>  }
>
> @@ -300,6 +303,7 @@ struct kmod_file *kmod_file_open(const struct kmod_ctx *ctx,
>                         magic_size_max = itr->magic_size;
>         }
>
> +       file->direct = 0;
>         if (magic_size_max > 0) {
>                 char *buf = alloca(magic_size_max + 1);
>                 ssize_t sz;
> @@ -353,6 +357,16 @@ off_t kmod_file_get_size(const struct kmod_file *file)
>         return file->size;
>  }
>
> +int kmod_file_get_direct(const struct kmod_file *file)
> +{
> +       return file->direct;
> +}
> +
> +int kmod_file_get_fd(const struct kmod_file *file)
> +{
> +       return file->fd;
> +}

a leftover from previous patch? there's no reason for this function to exist.


> +
>  void kmod_file_unref(struct kmod_file *file)
>  {
>         if (file->elf)
> diff --git a/libkmod/libkmod-module.c b/libkmod/libkmod-module.c
> index b1d40b1..5a9473a 100644
> --- a/libkmod/libkmod-module.c
> +++ b/libkmod/libkmod-module.c
> @@ -33,6 +33,7 @@
>  #include <sys/stat.h>
>  #include <sys/types.h>
>  #include <sys/mman.h>
> +#include <sys/syscall.h>
>  #include <sys/wait.h>
>  #include <string.h>
>  #include <fnmatch.h>
> @@ -763,6 +764,14 @@ KMOD_EXPORT int kmod_module_remove_module(struct kmod_module *mod,
>
>  extern long init_module(const void *mem, unsigned long len, const char *args);
>
> +#ifndef __NR_finit_module
> +# define __NR_finit_module -1
> +#endif
> +static inline int finit_module(int fd, const char *uargs, int flags)
> +{
> +   return syscall(__NR_finit_module, fd, uargs, flags);
> +}
> +

this looks much better than in the previous patch :-)

>  /**
>   * kmod_module_insert_module:
>   * @mod: kmod module
> @@ -803,6 +812,14 @@ KMOD_EXPORT int kmod_module_insert_module(struct kmod_module *mod,
>                 return err;
>         }
>
> +       if (kmod_file_get_direct(file)) {
> +               err = finit_module(kmod_file_get_fd(file), args,
> +                                  flags & (KMOD_INSERT_FORCE_VERMAGIC |
> +                                           KMOD_INSERT_FORCE_MODVERSION));

This is wrong.  We export this flags to users, but they are not the
same flags to pass to kernel. We should map them to
MODULE_INIT_IGNORE_MODVERSIONS and MODULE_INIT_IGNORE_VERMAGIC.

And it's unfortunate that I realized only now that kernel defines are
in the opposite order as we define them.


> +               if (err == 0 || errno != ENOSYS)
> +                       goto init_finished;
> +       }
> +
>         size = kmod_file_get_size(file);
>         mem = kmod_file_get_contents(file);
>
> @@ -829,6 +846,7 @@ KMOD_EXPORT int kmod_module_insert_module(struct kmod_module *mod,
>         }
>
>         err = init_module(mem, size, args);
> +init_finished:
>         if (err < 0) {
>                 err = -errno;
>                 INFO(mod->ctx, "Failed to insert module '%s': %m\n", path);
> diff --git a/libkmod/libkmod-private.h b/libkmod/libkmod-private.h
> index b472c62..c765003 100644
> --- a/libkmod/libkmod-private.h
> +++ b/libkmod/libkmod-private.h
> @@ -142,6 +142,8 @@ struct kmod_file *kmod_file_open(const struct kmod_ctx *ctx, const char *filenam
>  struct kmod_elf *kmod_file_get_elf(struct kmod_file *file) __attribute__((nonnull(1)));
>  void *kmod_file_get_contents(const struct kmod_file *file) _must_check_ __attribute__((nonnull(1)));
>  off_t kmod_file_get_size(const struct kmod_file *file) _must_check_ __attribute__((nonnull(1)));
> +int kmod_file_get_direct(const struct kmod_file *file) _must_check_ __attribute__((nonnull(1)));
> +int kmod_file_get_fd(const struct kmod_file *file) _must_check_ __attribute__((nonnull(1)));

As said, this function should not exist or at least should not be
visible to other files.

>  void kmod_file_unref(struct kmod_file *file) __attribute__((nonnull(1)));
>
>  /* libkmod-elf.c */
> --
> 1.7.9.5
>



Lucas De Marchi
--
To unsubscribe from this list: send the line "unsubscribe linux-modules" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html