Prarit Bhargava <pra...@redhat.com> writes:
> Blacklisting a module in linux has long been a problem. The process of
> blacklisting a module has changed over time, and it seems that every OS
> does it slightly differently and depends on the age of the init system
> used on that OS.
Hi Prarit,
I don't mind the idea, but we can refine the implementation a
little I think.
1) Use core_param(module_blacklist, module_blacklist, charp, 0400)
instead of __setup(). I'd like to kill __setup(), really.
2) Simply search the blacklist string at load time, no new datastructures.
Not completely sure about #2, but I think it'll be fairly neat.
Thanks,
Rusty.
> The current Fedora/systemd procedure is to use rd.blacklist=module_name,
> however, that doesn't cover the case after the initramfs and before a boot
> prompt (where one is supposed to use /etc/modprobe.d/blacklist.conf to
> blacklist runtime loading). Using rd.shell to get an early prompt is
> hit-or-miss, and doesn't cover all situations AFAICT. Explaining all of this
> to an end user isn't trivial. This becomes especially difficult when
> attempting to blacklist a module during system install from RO media.
>
> This patch adds this functionality of blacklisting a module by its name
> via the kernel parameter module_blacklist=module_name. The parameter
> can also accept comma separated values.
>
> Usage example:
>
> [root@intel-mohonpeak-02 ~]# insmod /home/dummy-module/dummy-module.ko
> insmod: ERROR: could not insert module
> /home/rhel7/redhat/debug/dummy-module/dummy-module.ko: Operation not permitted
> [root@intel-mohonpeak-02 ~]# dmesg | grep black
> [ 0.000000] Command line: BOOT_IMAGE=/vmlinuz-4.7.0-rc2+
> root=/dev/mapper/rhel_intel--mohonpeak--02-root ro crashkernel=auto
> rd.lvm.lv=rhel_intel-mohonpeak-02/root rd.lvm.lv=rhel_intel-mohonpeak-02/swap
> console=ttyS0,115200 LANG=en_US.UTF-8 module_blacklist=dummy_module
> [ 0.000000] Kernel command line: BOOT_IMAGE=/vmlinuz-4.7.0-rc2+
> root=/dev/mapper/rhel_intel--mohonpeak--02-root ro crashkernel=auto
> rd.lvm.lv=rhel_intel-mohonpeak-02/root rd.lvm.lv=rhel_intel-mohonpeak-02/swap
> console=ttyS0,115200 LANG=en_US.UTF-8 module_blacklist=dummy_module
> [ 0.000000] blacklisting module dummy_module
> [ 85.127433] module dummy_module has been blacklisted. This module will
> not load.
>
> Signed-off-by: Prarit Bhargava <pra...@redhat.com>
> Cc: Jonathan Corbet <cor...@lwn.net>
> Cc: Rusty Russell <ru...@rustcorp.com.au>
> Cc: linux-...@vger.kernel.org
> ---
> Documentation/kernel-parameters.txt | 3 +++
> kernel/module.c | 37
> +++++++++++++++++++++++++++++++++++
> 2 files changed, 40 insertions(+)
>
> diff --git a/Documentation/kernel-parameters.txt
> b/Documentation/kernel-parameters.txt
> index 82b42c958d1c..c720b96f2efc 100644
> --- a/Documentation/kernel-parameters.txt
> +++ b/Documentation/kernel-parameters.txt
> @@ -2295,6 +2295,9 @@ bytes respectively. Such letter suffixes can also be
> entirely omitted.
> Note that if CONFIG_MODULE_SIG_FORCE is set, that
> is always true, so this option does nothing.
>
> + module_blacklist= [KNL] Do not load a comma-separated list of
> + modules. Useful for debugging problem modules.
> +
> mousedev.tap_time=
> [MOUSE] Maximum time between finger touching and
> leaving touchpad surface for touch to be considered
> diff --git a/kernel/module.c b/kernel/module.c
> index 5f71aa63ed2a..ed3076d98a32 100644
> --- a/kernel/module.c
> +++ b/kernel/module.c
> @@ -46,6 +46,7 @@
> #include <linux/string.h>
> #include <linux/mutex.h>
> #include <linux/rculist.h>
> +#include <linux/bootmem.h>
> #include <asm/uaccess.h>
> #include <asm/cacheflush.h>
> #include <asm/mmu_context.h>
> @@ -3155,16 +3156,52 @@ int __weak module_frob_arch_sections(Elf_Ehdr *hdr,
> return 0;
> }
>
> +struct mod_blacklist_entry {
> + struct list_head next;
> + char *buf;
> +};
> +
> +static LIST_HEAD(blacklisted_modules);
> +static int __init module_blacklist(char *str)
> +{
> + char *str_entry;
> + struct mod_blacklist_entry *entry;
> +
> + /* str argument is a comma-separated list of module names */
> + do {
> + str_entry = strsep(&str, ",");
> + if (str_entry) {
> + pr_debug("blacklisting module %s\n", str_entry);
> + entry = alloc_bootmem(sizeof(*entry));
> + entry->buf = alloc_bootmem(strlen(str_entry) + 1);
> + strcpy(entry->buf, str_entry);
> + list_add(&entry->next, &blacklisted_modules);
> + }
> + } while (str_entry);
> +
> + return 0;
> +}
> +__setup("module_blacklist=", module_blacklist);
> +
> static struct module *layout_and_allocate(struct load_info *info, int flags)
> {
> /* Module within temporary copy. */
> struct module *mod;
> int err;
> + struct mod_blacklist_entry *entry;
>
> mod = setup_load_info(info, flags);
> if (IS_ERR(mod))
> return mod;
>
> + /* Has this module been blacklisted by the user? */
> + list_for_each_entry(entry, &blacklisted_modules, next) {
> + if (!strcmp(mod->name, entry->buf)) {
> + pr_debug("module %s blacklisted\n", mod->name);
> + return ERR_PTR(-EPERM);
> + }
> + }
> +
> err = check_modinfo(mod, info, flags);
> if (err)
> return ERR_PTR(err);
> --
> 1.7.9.3
