Commit 91f9d330 authored by Jani Nikula's avatar Jani Nikula Committed by Rusty Russell

module: make it possible to have unsafe, tainting module params

Add flags field to struct kernel_params, and add the first flag: unsafe
parameter. Modifying a kernel parameter with the unsafe flag set, either
via the kernel command line or sysfs, will issue a warning and taint the
kernel.

Cc: Rusty Russell <rusty@rustcorp.com.au>
Cc: Jean Delvare <khali@linux-fr.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Li Zhong <zhong@linux.vnet.ibm.com>
Cc: Jon Mason <jon.mason@intel.com>
Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: default avatarJani Nikula <jani.nikula@intel.com>
Signed-off-by: default avatarRusty Russell <rusty@rustcorp.com.au>
parent 6a4c2643
...@@ -3587,7 +3587,7 @@ static void __used s8250_options(void) ...@@ -3587,7 +3587,7 @@ static void __used s8250_options(void)
#ifdef CONFIG_SERIAL_8250_RSA #ifdef CONFIG_SERIAL_8250_RSA
__module_param_call(MODULE_PARAM_PREFIX, probe_rsa, __module_param_call(MODULE_PARAM_PREFIX, probe_rsa,
&param_array_ops, .arr = &__param_arr_probe_rsa, &param_array_ops, .arr = &__param_arr_probe_rsa,
0444, -1); 0444, -1, 0);
#endif #endif
} }
#else #else
......
...@@ -56,11 +56,21 @@ struct kernel_param_ops { ...@@ -56,11 +56,21 @@ struct kernel_param_ops {
void (*free)(void *arg); void (*free)(void *arg);
}; };
/*
* Flags available for kernel_param
*
* UNSAFE - the parameter is dangerous and setting it will taint the kernel
*/
enum {
KERNEL_PARAM_FL_UNSAFE = (1 << 0)
};
struct kernel_param { struct kernel_param {
const char *name; const char *name;
const struct kernel_param_ops *ops; const struct kernel_param_ops *ops;
u16 perm; u16 perm;
s16 level; s8 level;
u8 flags;
union { union {
void *arg; void *arg;
const struct kparam_string *str; const struct kparam_string *str;
...@@ -137,7 +147,7 @@ struct kparam_array ...@@ -137,7 +147,7 @@ struct kparam_array
* The ops can have NULL set or get functions. * The ops can have NULL set or get functions.
*/ */
#define module_param_cb(name, ops, arg, perm) \ #define module_param_cb(name, ops, arg, perm) \
__module_param_call(MODULE_PARAM_PREFIX, name, ops, arg, perm, -1) __module_param_call(MODULE_PARAM_PREFIX, name, ops, arg, perm, -1, 0)
/** /**
* <level>_param_cb - general callback for a module/cmdline parameter * <level>_param_cb - general callback for a module/cmdline parameter
...@@ -149,7 +159,7 @@ struct kparam_array ...@@ -149,7 +159,7 @@ struct kparam_array
* The ops can have NULL set or get functions. * The ops can have NULL set or get functions.
*/ */
#define __level_param_cb(name, ops, arg, perm, level) \ #define __level_param_cb(name, ops, arg, perm, level) \
__module_param_call(MODULE_PARAM_PREFIX, name, ops, arg, perm, level) __module_param_call(MODULE_PARAM_PREFIX, name, ops, arg, perm, level, 0)
#define core_param_cb(name, ops, arg, perm) \ #define core_param_cb(name, ops, arg, perm) \
__level_param_cb(name, ops, arg, perm, 1) __level_param_cb(name, ops, arg, perm, 1)
...@@ -184,14 +194,14 @@ struct kparam_array ...@@ -184,14 +194,14 @@ struct kparam_array
/* This is the fundamental function for registering boot/module /* This is the fundamental function for registering boot/module
parameters. */ parameters. */
#define __module_param_call(prefix, name, ops, arg, perm, level) \ #define __module_param_call(prefix, name, ops, arg, perm, level, flags) \
/* Default value instead of permissions? */ \ /* Default value instead of permissions? */ \
static const char __param_str_##name[] = prefix #name; \ static const char __param_str_##name[] = prefix #name; \
static struct kernel_param __moduleparam_const __param_##name \ static struct kernel_param __moduleparam_const __param_##name \
__used \ __used \
__attribute__ ((unused,__section__ ("__param"),aligned(sizeof(void *)))) \ __attribute__ ((unused,__section__ ("__param"),aligned(sizeof(void *)))) \
= { __param_str_##name, ops, VERIFY_OCTAL_PERMISSIONS(perm), \ = { __param_str_##name, ops, VERIFY_OCTAL_PERMISSIONS(perm), \
level, { arg } } level, flags, { arg } }
/* Obsolete - use module_param_cb() */ /* Obsolete - use module_param_cb() */
#define module_param_call(name, set, get, arg, perm) \ #define module_param_call(name, set, get, arg, perm) \
...@@ -199,7 +209,7 @@ struct kparam_array ...@@ -199,7 +209,7 @@ struct kparam_array
{ 0, (void *)set, (void *)get }; \ { 0, (void *)set, (void *)get }; \
__module_param_call(MODULE_PARAM_PREFIX, \ __module_param_call(MODULE_PARAM_PREFIX, \
name, &__param_ops_##name, arg, \ name, &__param_ops_##name, arg, \
(perm) + sizeof(__check_old_set_param(set))*0, -1) (perm) + sizeof(__check_old_set_param(set))*0, -1, 0)
/* We don't get oldget: it's often a new-style param_get_uint, etc. */ /* We don't get oldget: it's often a new-style param_get_uint, etc. */
static inline int static inline int
...@@ -279,7 +289,7 @@ static inline void __kernel_param_unlock(void) ...@@ -279,7 +289,7 @@ static inline void __kernel_param_unlock(void)
*/ */
#define core_param(name, var, type, perm) \ #define core_param(name, var, type, perm) \
param_check_##type(name, &(var)); \ param_check_##type(name, &(var)); \
__module_param_call("", name, &param_ops_##type, &var, perm, -1) __module_param_call("", name, &param_ops_##type, &var, perm, -1, 0)
#endif /* !MODULE */ #endif /* !MODULE */
/** /**
...@@ -297,7 +307,7 @@ static inline void __kernel_param_unlock(void) ...@@ -297,7 +307,7 @@ static inline void __kernel_param_unlock(void)
= { len, string }; \ = { len, string }; \
__module_param_call(MODULE_PARAM_PREFIX, name, \ __module_param_call(MODULE_PARAM_PREFIX, name, \
&param_ops_string, \ &param_ops_string, \
.str = &__param_string_##name, perm, -1); \ .str = &__param_string_##name, perm, -1, 0);\
__MODULE_PARM_TYPE(name, "string") __MODULE_PARM_TYPE(name, "string")
/** /**
...@@ -346,6 +356,22 @@ static inline void destroy_params(const struct kernel_param *params, ...@@ -346,6 +356,22 @@ static inline void destroy_params(const struct kernel_param *params,
#define __param_check(name, p, type) \ #define __param_check(name, p, type) \
static inline type __always_unused *__check_##name(void) { return(p); } static inline type __always_unused *__check_##name(void) { return(p); }
/**
* param_check_unsafe - Warn and taint the kernel if setting dangerous options.
*
* This gets called from all the standard param setters, but can be used from
* custom setters as well.
*/
static inline void
param_check_unsafe(const struct kernel_param *kp)
{
if (kp->flags & KERNEL_PARAM_FL_UNSAFE) {
pr_warn("Setting dangerous option %s - tainting kernel\n",
kp->name);
add_taint(TAINT_USER, LOCKDEP_STILL_OK);
}
}
extern struct kernel_param_ops param_ops_byte; extern struct kernel_param_ops param_ops_byte;
extern int param_set_byte(const char *val, const struct kernel_param *kp); extern int param_set_byte(const char *val, const struct kernel_param *kp);
extern int param_get_byte(char *buffer, const struct kernel_param *kp); extern int param_get_byte(char *buffer, const struct kernel_param *kp);
...@@ -444,7 +470,7 @@ extern int param_set_bint(const char *val, const struct kernel_param *kp); ...@@ -444,7 +470,7 @@ extern int param_set_bint(const char *val, const struct kernel_param *kp);
__module_param_call(MODULE_PARAM_PREFIX, name, \ __module_param_call(MODULE_PARAM_PREFIX, name, \
&param_array_ops, \ &param_array_ops, \
.arr = &__param_arr_##name, \ .arr = &__param_arr_##name, \
perm, -1); \ perm, -1, 0); \
__MODULE_PARM_TYPE(name, "array of " #type) __MODULE_PARM_TYPE(name, "array of " #type)
extern struct kernel_param_ops param_array_ops; extern struct kernel_param_ops param_array_ops;
......
...@@ -233,6 +233,7 @@ char *parse_args(const char *doing, ...@@ -233,6 +233,7 @@ char *parse_args(const char *doing,
#define STANDARD_PARAM_DEF(name, type, format, strtolfn) \ #define STANDARD_PARAM_DEF(name, type, format, strtolfn) \
int param_set_##name(const char *val, const struct kernel_param *kp) \ int param_set_##name(const char *val, const struct kernel_param *kp) \
{ \ { \
param_check_unsafe(kp); \
return strtolfn(val, 0, (type *)kp->arg); \ return strtolfn(val, 0, (type *)kp->arg); \
} \ } \
int param_get_##name(char *buffer, const struct kernel_param *kp) \ int param_get_##name(char *buffer, const struct kernel_param *kp) \
...@@ -265,6 +266,8 @@ int param_set_charp(const char *val, const struct kernel_param *kp) ...@@ -265,6 +266,8 @@ int param_set_charp(const char *val, const struct kernel_param *kp)
return -ENOSPC; return -ENOSPC;
} }
param_check_unsafe(kp);
maybe_kfree_parameter(*(char **)kp->arg); maybe_kfree_parameter(*(char **)kp->arg);
/* This is a hack. We can't kmalloc in early boot, and we /* This is a hack. We can't kmalloc in early boot, and we
...@@ -302,6 +305,8 @@ EXPORT_SYMBOL(param_ops_charp); ...@@ -302,6 +305,8 @@ EXPORT_SYMBOL(param_ops_charp);
/* Actually could be a bool or an int, for historical reasons. */ /* Actually could be a bool or an int, for historical reasons. */
int param_set_bool(const char *val, const struct kernel_param *kp) int param_set_bool(const char *val, const struct kernel_param *kp)
{ {
param_check_unsafe(kp);
/* No equals means "set"... */ /* No equals means "set"... */
if (!val) val = "1"; if (!val) val = "1";
...@@ -331,6 +336,8 @@ int param_set_invbool(const char *val, const struct kernel_param *kp) ...@@ -331,6 +336,8 @@ int param_set_invbool(const char *val, const struct kernel_param *kp)
bool boolval; bool boolval;
struct kernel_param dummy; struct kernel_param dummy;
param_check_unsafe(kp);
dummy.arg = &boolval; dummy.arg = &boolval;
ret = param_set_bool(val, &dummy); ret = param_set_bool(val, &dummy);
if (ret == 0) if (ret == 0)
...@@ -357,6 +364,8 @@ int param_set_bint(const char *val, const struct kernel_param *kp) ...@@ -357,6 +364,8 @@ int param_set_bint(const char *val, const struct kernel_param *kp)
bool v; bool v;
int ret; int ret;
param_check_unsafe(kp);
/* Match bool exactly, by re-using it. */ /* Match bool exactly, by re-using it. */
boolkp = *kp; boolkp = *kp;
boolkp.arg = &v; boolkp.arg = &v;
...@@ -476,6 +485,8 @@ int param_set_copystring(const char *val, const struct kernel_param *kp) ...@@ -476,6 +485,8 @@ int param_set_copystring(const char *val, const struct kernel_param *kp)
{ {
const struct kparam_string *kps = kp->str; const struct kparam_string *kps = kp->str;
param_check_unsafe(kp);
if (strlen(val)+1 > kps->maxlen) { if (strlen(val)+1 > kps->maxlen) {
pr_err("%s: string doesn't fit in %u chars.\n", pr_err("%s: string doesn't fit in %u chars.\n",
kp->name, kps->maxlen-1); kp->name, kps->maxlen-1);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment