[PATCH v2] Add kernel parameter to blacklist modules

Prarit Bhargava Tue, 14 Jun 2016 10:16:20 -0700

Blacklisting a module in linux has long been a problem.  The current
procedure is to use rd.blacklist=module_name, however, that doesn't
cover the case after the initramfs and before a boot prompt (where one
is supposed to use /etc/modprobe.d/blacklist.conf to blacklist
runtime loading). Using rd.shell to get an early prompt is hit-or-miss,
and doesn't cover all situations AFAICT.


This patch adds this functionality of permanently blacklisting a module
by its name via the kernel parameter module_blacklist=module_name.

[v2]: Rusty, use core_param() instead of __setup(), and drop struct which
simplifies things.

Signed-off-by: Prarit Bhargava <pra...@redhat.com>
Cc: Jonathan Corbet <cor...@lwn.net>
Cc: Rusty Russell <ru...@rustcorp.com.au>
Cc: linux-doc@vger.kernel.org
---
 Documentation/kernel-parameters.txt |    3 +++
 kernel/module.c                     |   25 +++++++++++++++++++++++++
 2 files changed, 28 insertions(+)

diff --git a/Documentation/kernel-parameters.txt 
b/Documentation/kernel-parameters.txt
index 82b42c958d1c..c720b96f2efc 100644
--- a/Documentation/kernel-parameters.txt
+++ b/Documentation/kernel-parameters.txt
@@ -2295,6 +2295,9 @@ bytes respectively. Such letter suffixes can also be 
entirely omitted.
                        Note that if CONFIG_MODULE_SIG_FORCE is set, that
                        is always true, so this option does nothing.
 
+       module_blacklist=  [KNL] Do not load a comma-separated list of
+                       modules.  Useful for debugging problem modules.
+
        mousedev.tap_time=
                        [MOUSE] Maximum time between finger touching and
                        leaving touchpad surface for touch to be considered
diff --git a/kernel/module.c b/kernel/module.c
index 5f71aa63ed2a..5ff5287b19a8 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -3155,6 +3155,28 @@ int __weak module_frob_arch_sections(Elf_Ehdr *hdr,
        return 0;
 }
 
+/* module_blacklist is a comma-separated list of module names */
+static char *module_blacklist;
+static bool blacklisted(char *module_name)
+{
+       char *str, *entry;
+
+       if (!module_blacklist)
+               return false;
+
+       str = module_blacklist;
+       do {
+               entry = strsep(&str, ",");
+               if (!strcmp(module_name, entry)) {
+                       pr_info("module %s is blacklisted\n", module_name);
+                       return true;
+               }
+       } while (str);
+
+       return false;
+}
+core_param(module_blacklist, module_blacklist, charp, 0400);
+
 static struct module *layout_and_allocate(struct load_info *info, int flags)
 {
        /* Module within temporary copy. */
@@ -3165,6 +3187,9 @@ static struct module *layout_and_allocate(struct 
load_info *info, int flags)
        if (IS_ERR(mod))
                return mod;
 
+       if (blacklisted(mod->name))
+               return ERR_PTR(-EPERM);
+
        err = check_modinfo(mod, info, flags);
        if (err)
                return ERR_PTR(err);
-- 
1.7.9.3

--
To unsubscribe from this list: send the line "unsubscribe linux-doc" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH v2] Add kernel parameter to blacklist modules

Reply via email to