From: Kees Cook <kees@kernel.org>
To: Luis Chamberlain <mcgrof@kernel.org>
Cc: "Kees Cook" <kees@kernel.org>,
"Rusty Russell" <rusty@rustcorp.com.au>,
"Petr Pavlu" <petr.pavlu@suse.com>,
"Daniel Gomez" <da.gomez@kernel.org>,
"Sami Tolvanen" <samitolvanen@google.com>,
linux-modules@vger.kernel.org,
"Malcolm Priestley" <tvboxspy@gmail.com>,
"Mauro Carvalho Chehab" <mchehab@kernel.org>,
"Hans Verkuil" <hverkuil@kernel.org>,
"Uwe Kleine-König" <u.kleine-koenig@pengutronix.de>,
linux-kernel@vger.kernel.org, linux-media@vger.kernel.org,
linux-hardening@vger.kernel.org
Subject: [PATCH 3/3] module: Add compile-time check for embedded NUL characters
Date: Tue, 7 Oct 2025 20:59:35 -0700 [thread overview]
Message-ID: <20251008035938.838263-3-kees@kernel.org> (raw)
In-Reply-To: <20251008033844.work.801-kees@kernel.org>
Long ago, the kernel module license checks were bypassed by embedding a
NUL character in the MODULE_LICENSE() string[1]. By using a string like
"GPL\0proprietary text", the kernel would only read "GPL" due to C string
termination at the NUL byte, allowing proprietary modules to avoid kernel
tainting and access GPL-only symbols.
The MODULE_INFO() macro stores these strings in the .modinfo ELF
section, and get_next_modinfo() uses strcmp()-family functions
which stop at the first NUL. This split the embedded string into two
separate .modinfo entries, with only the first part being processed by
license_is_gpl_compatible().
Add a compile-time check using _Static_assert that compares the full
string length (sizeof - 1) against __builtin_strlen(), which stops at
the first NUL. If they differ, compilation fails with a clear error
message.
While this check can still be circumvented by modifying the ELF binary
post-compilation, it prevents accidental embedded NULs and forces
intentional abuse to require deliberate binary manipulation rather than
simple source-level tricks.
Build tested with test modules containing both valid and invalid license
strings. The check correctly rejects:
MODULE_LICENSE("GPL\0proprietary")
while accepting normal declarations:
MODULE_LICENSE("GPL")
Link: https://lwn.net/Articles/82305/ [1]
Suggested-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Kees Cook <kees@kernel.org>
---
Cc: Luis Chamberlain <mcgrof@kernel.org>
Cc: Petr Pavlu <petr.pavlu@suse.com>
Cc: Daniel Gomez <da.gomez@kernel.org>
Cc: Sami Tolvanen <samitolvanen@google.com>
Cc: <linux-modules@vger.kernel.org>
---
include/linux/moduleparam.h | 3 +++
1 file changed, 3 insertions(+)
diff --git a/include/linux/moduleparam.h b/include/linux/moduleparam.h
index 6907aedc4f74..160f1678fafa 100644
--- a/include/linux/moduleparam.h
+++ b/include/linux/moduleparam.h
@@ -26,6 +26,9 @@
/* Generic info of form tag = "info" */
#define MODULE_INFO(tag, info) \
+ _Static_assert( \
+ sizeof(info) - 1 == __builtin_strlen(info), \
+ "MODULE_INFO(" #tag ", ...) contains embedded NUL byte"); \
static const char __UNIQUE_ID(modinfo)[] \
__used __section(".modinfo") __aligned(1) \
= __MODULE_INFO_PREFIX __stringify(tag) "=" info
--
2.34.1
next prev parent reply other threads:[~2025-10-08 3:59 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-08 3:59 [PATCH 0/3] module: Add compile-time check for embedded NUL characters Kees Cook
2025-10-08 3:59 ` [PATCH 1/3] media: dvb-usb-v2: lmedm04: Fix firmware macro definitions Kees Cook
2025-10-08 6:24 ` Hans Verkuil
2025-10-08 3:59 ` [PATCH 2/3] media: radio: si470x: Fix DRIVER_AUTHOR macro definition Kees Cook
2025-10-08 6:24 ` Hans Verkuil
2025-10-08 3:59 ` Kees Cook [this message]
2025-10-08 9:55 ` [PATCH 3/3] module: Add compile-time check for embedded NUL characters Petr Pavlu
2025-12-08 21:05 ` Luck, Tony
2025-12-09 0:11 ` Eric Biggers
2025-12-09 8:18 ` Daniel Gomez
2025-12-09 16:20 ` Luck, Tony
2025-12-09 16:45 ` Luck, Tony
2025-12-09 18:29 ` Luck, Tony
2025-12-10 1:00 ` Sami Tolvanen
2025-12-10 22:29 ` Luck, Tony
2025-12-11 8:28 ` Dan Carpenter
2025-12-11 17:03 ` Sami Tolvanen
2025-12-11 17:30 ` Daniel Gomez
2025-12-11 17:51 ` Sami Tolvanen
2025-12-19 12:45 ` Dan Carpenter
2025-12-19 16:21 ` Luck, Tony
2026-01-08 8:49 ` Andy Shevchenko
2026-02-18 6:50 ` Dmitry Torokhov
2026-02-19 17:04 ` Chris Li
2025-10-08 6:27 ` [PATCH 0/3] " Hans Verkuil
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251008035938.838263-3-kees@kernel.org \
--to=kees@kernel.org \
--cc=da.gomez@kernel.org \
--cc=hverkuil@kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=linux-modules@vger.kernel.org \
--cc=mcgrof@kernel.org \
--cc=mchehab@kernel.org \
--cc=petr.pavlu@suse.com \
--cc=rusty@rustcorp.com.au \
--cc=samitolvanen@google.com \
--cc=tvboxspy@gmail.com \
--cc=u.kleine-koenig@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.