diff mbox series

[04/12] module: move early sanity checks into a helper

Message ID 20230319212746.1783033-5-mcgrof@kernel.org (mailing list archive)
State New, archived
Headers show
Series module: cleanup and call taints after is inserted | expand

Commit Message

Luis Chamberlain March 19, 2023, 9:27 p.m. UTC
Move early sanity checkers for the module into a helper.
This let's us make it clear when we are working with the
local copy of the module prior to allocation.

This produces no functional changes, it just makes subsequent
changes easier to read.

Signed-off-by: Luis Chamberlain <mcgrof@kernel.org>
---
 kernel/module/main.c | 43 ++++++++++++++++++++++++++-----------------
 1 file changed, 26 insertions(+), 17 deletions(-)

Comments

Petr Pavlu March 24, 2023, 1:02 p.m. UTC | #1
On 3/19/23 22:27, Luis Chamberlain wrote:
> Move early sanity checkers for the module into a helper.
> This let's us make it clear when we are working with the
> local copy of the module prior to allocation.
> 
> This produces no functional changes, it just makes subsequent
> changes easier to read.
> 
> Signed-off-by: Luis Chamberlain <mcgrof@kernel.org>
> ---
>  kernel/module/main.c | 43 ++++++++++++++++++++++++++-----------------
>  1 file changed, 26 insertions(+), 17 deletions(-)
> 
> diff --git a/kernel/module/main.c b/kernel/module/main.c
> index 427284ab31f1..933cef72ae13 100644
> --- a/kernel/module/main.c
> +++ b/kernel/module/main.c
> @@ -2668,6 +2668,31 @@ static int unknown_module_param_cb(char *param, char *val, const char *modname,
>  	return 0;
>  }
>  
> +/* Module within temporary copy, this doesn't do any allocation  */
> +static int early_mod_check(struct load_info *info, int flags)
> +{
> +	int err;
> +
> +	/*
> +	 * Now that we know we have the correct module name, check
> +	 * if it's blacklisted.
> +	 */
> +	if (blacklisted(info->name)) {
> +		pr_err("Module %s is blacklisted\n", info->name);
> +		return -EPERM;
> +	}
> +
> +	err = rewrite_section_headers(info, flags);
> +	if (err)
> +		return err;
> +
> +	/* Check module struct version now, before we try to use module. */
> +	if (!check_modstruct_version(info, info->mod))
> +		return ENOEXEC;

The error value when check_modstruct_version() fails is changed in this patch
from -ENOEXEC to ENOEXEC and updated back again in the next patch. It would be
good to avoid introducing this temporary problem and keep the value throughout
as -ENOEXEC.

> +
> +	return 0;
> +}
> +
>  /*
>   * Allocate and load the module: note that size of section 0 is always
>   * zero, and we rely on this for optional sections.
> @@ -2711,26 +2736,10 @@ static int load_module(struct load_info *info, const char __user *uargs,
>  	if (err)
>  		goto free_copy;
>  
> -	/*
> -	 * Now that we know we have the correct module name, check
> -	 * if it's blacklisted.
> -	 */
> -	if (blacklisted(info->name)) {
> -		err = -EPERM;
> -		pr_err("Module %s is blacklisted\n", info->name);
> -		goto free_copy;
> -	}
> -
> -	err = rewrite_section_headers(info, flags);
> +	err = early_mod_check(info, flags);
>  	if (err)
>  		goto free_copy;
>  
> -	/* Check module struct version now, before we try to use module. */
> -	if (!check_modstruct_version(info, info->mod)) {
> -		err = -ENOEXEC;

Original value here.

> -		goto free_copy;
> -	}
> -
>  	/* Figure out module layout, and allocate all the memory. */
>  	mod = layout_and_allocate(info, flags);
>  	if (IS_ERR(mod)) {

Thanks,
Petr
Luis Chamberlain March 24, 2023, 6:33 p.m. UTC | #2
On Fri, Mar 24, 2023 at 02:02:06PM +0100, Petr Pavlu wrote:
> On 3/19/23 22:27, Luis Chamberlain wrote:
> > Move early sanity checkers for the module into a helper.
> > This let's us make it clear when we are working with the
> > local copy of the module prior to allocation.
> > 
> > This produces no functional changes, it just makes subsequent
> > changes easier to read.
> > 
> > Signed-off-by: Luis Chamberlain <mcgrof@kernel.org>
> > ---
> >  kernel/module/main.c | 43 ++++++++++++++++++++++++++-----------------
> >  1 file changed, 26 insertions(+), 17 deletions(-)
> > 
> > diff --git a/kernel/module/main.c b/kernel/module/main.c
> > index 427284ab31f1..933cef72ae13 100644
> > --- a/kernel/module/main.c
> > +++ b/kernel/module/main.c
> > @@ -2668,6 +2668,31 @@ static int unknown_module_param_cb(char *param, char *val, const char *modname,
> >  	return 0;
> >  }
> >  
> > +/* Module within temporary copy, this doesn't do any allocation  */
> > +static int early_mod_check(struct load_info *info, int flags)
> > +{
> > +	int err;
> > +
> > +	/*
> > +	 * Now that we know we have the correct module name, check
> > +	 * if it's blacklisted.
> > +	 */
> > +	if (blacklisted(info->name)) {
> > +		pr_err("Module %s is blacklisted\n", info->name);
> > +		return -EPERM;
> > +	}
> > +
> > +	err = rewrite_section_headers(info, flags);
> > +	if (err)
> > +		return err;
> > +
> > +	/* Check module struct version now, before we try to use module. */
> > +	if (!check_modstruct_version(info, info->mod))
> > +		return ENOEXEC;
> 
> The error value when check_modstruct_version() fails is changed in this patch
> from -ENOEXEC to ENOEXEC and updated back again in the next patch. It would be
> good to avoid introducing this temporary problem and keep the value throughout
> as -ENOEXEC.

Fixed, thanks.

  Luis
diff mbox series

Patch

diff --git a/kernel/module/main.c b/kernel/module/main.c
index 427284ab31f1..933cef72ae13 100644
--- a/kernel/module/main.c
+++ b/kernel/module/main.c
@@ -2668,6 +2668,31 @@  static int unknown_module_param_cb(char *param, char *val, const char *modname,
 	return 0;
 }
 
+/* Module within temporary copy, this doesn't do any allocation  */
+static int early_mod_check(struct load_info *info, int flags)
+{
+	int err;
+
+	/*
+	 * Now that we know we have the correct module name, check
+	 * if it's blacklisted.
+	 */
+	if (blacklisted(info->name)) {
+		pr_err("Module %s is blacklisted\n", info->name);
+		return -EPERM;
+	}
+
+	err = rewrite_section_headers(info, flags);
+	if (err)
+		return err;
+
+	/* Check module struct version now, before we try to use module. */
+	if (!check_modstruct_version(info, info->mod))
+		return ENOEXEC;
+
+	return 0;
+}
+
 /*
  * Allocate and load the module: note that size of section 0 is always
  * zero, and we rely on this for optional sections.
@@ -2711,26 +2736,10 @@  static int load_module(struct load_info *info, const char __user *uargs,
 	if (err)
 		goto free_copy;
 
-	/*
-	 * Now that we know we have the correct module name, check
-	 * if it's blacklisted.
-	 */
-	if (blacklisted(info->name)) {
-		err = -EPERM;
-		pr_err("Module %s is blacklisted\n", info->name);
-		goto free_copy;
-	}
-
-	err = rewrite_section_headers(info, flags);
+	err = early_mod_check(info, flags);
 	if (err)
 		goto free_copy;
 
-	/* Check module struct version now, before we try to use module. */
-	if (!check_modstruct_version(info, info->mod)) {
-		err = -ENOEXEC;
-		goto free_copy;
-	}
-
 	/* Figure out module layout, and allocate all the memory. */
 	mod = layout_and_allocate(info, flags);
 	if (IS_ERR(mod)) {