From: Daniel Gomez <da.gomez@kernel.org>
To: Eric Biggers <ebiggers@kernel.org>, "Luck, Tony" <tony.luck@intel.com>
Cc: "Kees Cook" <kees@kernel.org>,
"Luis Chamberlain" <mcgrof@kernel.org>,
"Rusty Russell" <rusty@rustcorp.com.au>,
"Petr Pavlu" <petr.pavlu@suse.com>,
"Sami Tolvanen" <samitolvanen@google.com>,
linux-modules@vger.kernel.org,
"Malcolm Priestley" <tvboxspy@gmail.com>,
"Mauro Carvalho Chehab" <mchehab@kernel.org>,
"Hans Verkuil" <hverkuil@kernel.org>,
"Uwe Kleine-König" <u.kleine-koenig@pengutronix.de>,
linux-kernel@vger.kernel.org, linux-media@vger.kernel.org,
linux-hardening@vger.kernel.org
Subject: Re: [PATCH 3/3] module: Add compile-time check for embedded NUL characters
Date: Tue, 9 Dec 2025 17:18:03 +0900 [thread overview]
Message-ID: <d3dd8fc8-ab46-4cf1-87a9-0324685ba2e0@kernel.org> (raw)
In-Reply-To: <20251209001139.GA7982@quark>
On 09/12/2025 09.11, Eric Biggers wrote:
> On Mon, Dec 08, 2025 at 01:05:55PM -0800, Luck, Tony wrote:
>> On Tue, Oct 07, 2025 at 08:59:35PM -0700, Kees Cook wrote:
>>> Long ago, the kernel module license checks were bypassed by embedding a
>>> NUL character in the MODULE_LICENSE() string[1]. By using a string like
>>> "GPL\0proprietary text", the kernel would only read "GPL" due to C string
>>> termination at the NUL byte, allowing proprietary modules to avoid kernel
>>> tainting and access GPL-only symbols.
>>>
>>> The MODULE_INFO() macro stores these strings in the .modinfo ELF
>>> section, and get_next_modinfo() uses strcmp()-family functions
>>> which stop at the first NUL. This split the embedded string into two
>>> separate .modinfo entries, with only the first part being processed by
>>> license_is_gpl_compatible().
>>>
>>> Add a compile-time check using _Static_assert that compares the full
>>> string length (sizeof - 1) against __builtin_strlen(), which stops at
>>> the first NUL. If they differ, compilation fails with a clear error
>>> message.
>>>
>>> While this check can still be circumvented by modifying the ELF binary
>>> post-compilation, it prevents accidental embedded NULs and forces
>>> intentional abuse to require deliberate binary manipulation rather than
>>> simple source-level tricks.
>>>
>>> Build tested with test modules containing both valid and invalid license
>>> strings. The check correctly rejects:
>>>
>>> MODULE_LICENSE("GPL\0proprietary")
>>>
>>> while accepting normal declarations:
>>>
>>> MODULE_LICENSE("GPL")
>>
>>
>> I did a "make W=1 C=1" and found that sparse is now unhappy with all MODULE_LICENSE(),
>> MODULE_PARM_DESC(), MODULE_DESCRIPTION(), MODULE_AUTHOR() defintions (with no NUL byte).
>>
>> I see:
>>
>> error: bad integer constant expression
>> error: static assertion failed: "MODULE_INFO(parmtype, ...) contains embedded NUL byte"
>>
>> for every use.
>
> Likewise, I just got the following kernel test robot report sent to me,
> where it's warning about MODULE_LICENSE("GPL"):
> https://lore.kernel.org/all/202512090359.7BkUaiC9-lkp@intel.com/
Can you both confirm which version of sparse are you using?
My understanding was that this patch fixed that problem:
https://lore.kernel.org/linux-sparse/CACePvbVG2KrGQq4cNKV=wbO5h=jp3M0RO1SdfX8kV4OukjPG8A@mail.gmail.com/T/#mf838b3e2e3245d88c30a801ea7473d5a5c0eb121
The patch is already merged into the sparse tree, and I was not able to
reproduce the issue.
next prev parent reply other threads:[~2025-12-09 8:18 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-08 3:59 [PATCH 0/3] module: Add compile-time check for embedded NUL characters Kees Cook
2025-10-08 3:59 ` [PATCH 1/3] media: dvb-usb-v2: lmedm04: Fix firmware macro definitions Kees Cook
2025-10-08 6:24 ` Hans Verkuil
2025-10-08 3:59 ` [PATCH 2/3] media: radio: si470x: Fix DRIVER_AUTHOR macro definition Kees Cook
2025-10-08 6:24 ` Hans Verkuil
2025-10-08 3:59 ` [PATCH 3/3] module: Add compile-time check for embedded NUL characters Kees Cook
2025-10-08 9:55 ` Petr Pavlu
2025-12-08 21:05 ` Luck, Tony
2025-12-09 0:11 ` Eric Biggers
2025-12-09 8:18 ` Daniel Gomez [this message]
2025-12-09 16:20 ` Luck, Tony
2025-12-09 16:45 ` Luck, Tony
2025-12-09 18:29 ` Luck, Tony
2025-12-10 1:00 ` Sami Tolvanen
2025-12-10 22:29 ` Luck, Tony
2025-12-11 8:28 ` Dan Carpenter
2025-12-11 17:03 ` Sami Tolvanen
2025-12-11 17:30 ` Daniel Gomez
2025-12-11 17:51 ` Sami Tolvanen
2025-12-19 12:45 ` Dan Carpenter
2025-12-19 16:21 ` Luck, Tony
2026-01-08 8:49 ` Andy Shevchenko
2026-02-18 6:50 ` Dmitry Torokhov
2026-02-19 17:04 ` Chris Li
2025-10-08 6:27 ` [PATCH 0/3] " Hans Verkuil
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d3dd8fc8-ab46-4cf1-87a9-0324685ba2e0@kernel.org \
--to=da.gomez@kernel.org \
--cc=ebiggers@kernel.org \
--cc=hverkuil@kernel.org \
--cc=kees@kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=linux-modules@vger.kernel.org \
--cc=mcgrof@kernel.org \
--cc=mchehab@kernel.org \
--cc=petr.pavlu@suse.com \
--cc=rusty@rustcorp.com.au \
--cc=samitolvanen@google.com \
--cc=tony.luck@intel.com \
--cc=tvboxspy@gmail.com \
--cc=u.kleine-koenig@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox