From: Rusty Russell <rusty@rustcorp.com.au>
To: Xie XiuQi <xiexiuqi@huawei.com>,
paulmck@linux.vnet.ibm.com, akpm@linux-foundation.org,
bobby.prani@gmail.com
Cc: dhowells@redhat.com, David.Woodhouse@intel.com,
linux-kernel@vger.kernel.org, hannes@cmpxchg.org,
iulia.manda21@gmail.com, luto@amacapital.net,
huawei.libin@huawei.com
Subject: Re: [PATCH] module: check vermagic match exactly when load modules
Date: Thu, 10 Dec 2015 13:36:12 +1030 [thread overview]
Message-ID: <87bn9zhujf.fsf@rustcorp.com.au> (raw)
In-Reply-To: <1449668044-28367-1-git-send-email-xiexiuqi@huawei.com>
Xie XiuQi <xiexiuqi@huawei.com> writes:
> Usually, checking kernel version will be ignore when loading
> modules if CONFIG_MODVERSIONS option is enable. This could
> potentially lead to a mismatch with the running kernel.
>
> With this option, we prevent to load the modules which vermagic
> is not match exactly with the running kernel.
>
> It could be set to N by default.
Hi Xie!
I don't understand this patch. The purpose of
CONFIG_MODVERSIONS is so that you can combine modules from different
kernel versions. If you don't want to do that, I suggest not setting
CONFIG_MODVERSIONS.
Cheers,
Rusty.
>
> Signed-off-by: Xie XiuQi <xiexiuqi@huawei.com>
> ---
> init/Kconfig | 11 +++++++++++
> kernel/module.c | 2 ++
> 2 files changed, 13 insertions(+)
>
> diff --git a/init/Kconfig b/init/Kconfig
> index c24b6f7..ce9c23e 100644
> --- a/init/Kconfig
> +++ b/init/Kconfig
> @@ -1889,6 +1889,17 @@ config MODVERSIONS
> make them incompatible with the kernel you are running. If
> unsure, say N.
>
> +config MODULE_VERMAGIC_FORCE
> + bool "Require vermagic match exactly"
> + default n
> + depends on MODVERSIONS
> + help
> + Usually, checking kernel version will be ignore when loading
> + modules if CONFIG_MODVERSIONS option is enable. This could
> + potentially lead to a mismatch with the running kernel.
> + With this option, we prevent to load the modules which vermagic
> + is not match exactly with the running kernel. If unsure, say N.
> +
> config MODULE_SRCVERSION_ALL
> bool "Source checksum for all modules"
> help
> diff --git a/kernel/module.c b/kernel/module.c
> index 8f051a1..cf350d5 100644
> --- a/kernel/module.c
> +++ b/kernel/module.c
> @@ -1350,10 +1350,12 @@ static inline int check_modstruct_version(Elf_Shdr *sechdrs,
> static inline int same_magic(const char *amagic, const char *bmagic,
> bool has_crcs)
> {
> +#ifndef CONFIG_MODULE_VERMAGIC_FORCE
> if (has_crcs) {
> amagic += strcspn(amagic, " ");
> bmagic += strcspn(bmagic, " ");
> }
> +#endif
> return strcmp(amagic, bmagic) == 0;
> }
> #else
> --
> 1.8.3.1
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
prev parent reply other threads:[~2015-12-10 4:54 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-09 13:34 [PATCH] module: check vermagic match exactly when load modules Xie XiuQi
2015-12-10 3:06 ` Rusty Russell [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87bn9zhujf.fsf@rustcorp.com.au \
--to=rusty@rustcorp.com.au \
--cc=David.Woodhouse@intel.com \
--cc=akpm@linux-foundation.org \
--cc=bobby.prani@gmail.com \
--cc=dhowells@redhat.com \
--cc=hannes@cmpxchg.org \
--cc=huawei.libin@huawei.com \
--cc=iulia.manda21@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=paulmck@linux.vnet.ibm.com \
--cc=xiexiuqi@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.