From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752999AbbLJEyn (ORCPT ); Wed, 9 Dec 2015 23:54:43 -0500 Received: from ozlabs.org ([103.22.144.67]:40032 "EHLO ozlabs.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752633AbbLJEym (ORCPT ); Wed, 9 Dec 2015 23:54:42 -0500 From: Rusty Russell To: Xie XiuQi , paulmck@linux.vnet.ibm.com, akpm@linux-foundation.org, bobby.prani@gmail.com Cc: dhowells@redhat.com, David.Woodhouse@intel.com, linux-kernel@vger.kernel.org, hannes@cmpxchg.org, iulia.manda21@gmail.com, luto@amacapital.net, huawei.libin@huawei.com Subject: Re: [PATCH] module: check vermagic match exactly when load modules In-Reply-To: <1449668044-28367-1-git-send-email-xiexiuqi@huawei.com> References: <1449668044-28367-1-git-send-email-xiexiuqi@huawei.com> User-Agent: Notmuch/0.20.2 (http://notmuchmail.org) Emacs/24.5.1 (x86_64-pc-linux-gnu) Date: Thu, 10 Dec 2015 13:36:12 +1030 Message-ID: <87bn9zhujf.fsf@rustcorp.com.au> MIME-Version: 1.0 Content-Type: text/plain Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Xie XiuQi writes: > Usually, checking kernel version will be ignore when loading > modules if CONFIG_MODVERSIONS option is enable. This could > potentially lead to a mismatch with the running kernel. > > With this option, we prevent to load the modules which vermagic > is not match exactly with the running kernel. > > It could be set to N by default. Hi Xie! I don't understand this patch. The purpose of CONFIG_MODVERSIONS is so that you can combine modules from different kernel versions. If you don't want to do that, I suggest not setting CONFIG_MODVERSIONS. Cheers, Rusty. > > Signed-off-by: Xie XiuQi > --- > init/Kconfig | 11 +++++++++++ > kernel/module.c | 2 ++ > 2 files changed, 13 insertions(+) > > diff --git a/init/Kconfig b/init/Kconfig > index c24b6f7..ce9c23e 100644 > --- a/init/Kconfig > +++ b/init/Kconfig > @@ -1889,6 +1889,17 @@ config MODVERSIONS > make them incompatible with the kernel you are running. If > unsure, say N. > > +config MODULE_VERMAGIC_FORCE > + bool "Require vermagic match exactly" > + default n > + depends on MODVERSIONS > + help > + Usually, checking kernel version will be ignore when loading > + modules if CONFIG_MODVERSIONS option is enable. This could > + potentially lead to a mismatch with the running kernel. > + With this option, we prevent to load the modules which vermagic > + is not match exactly with the running kernel. If unsure, say N. > + > config MODULE_SRCVERSION_ALL > bool "Source checksum for all modules" > help > diff --git a/kernel/module.c b/kernel/module.c > index 8f051a1..cf350d5 100644 > --- a/kernel/module.c > +++ b/kernel/module.c > @@ -1350,10 +1350,12 @@ static inline int check_modstruct_version(Elf_Shdr *sechdrs, > static inline int same_magic(const char *amagic, const char *bmagic, > bool has_crcs) > { > +#ifndef CONFIG_MODULE_VERMAGIC_FORCE > if (has_crcs) { > amagic += strcspn(amagic, " "); > bmagic += strcspn(bmagic, " "); > } > +#endif > return strcmp(amagic, bmagic) == 0; > } > #else > -- > 1.8.3.1 > > -- > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > Please read the FAQ at http://www.tux.org/lkml/