If MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS is enabled (default=n), the
requirement for modules to import all namespaces that are used by
the module is relaxed.
Enabling this option effectively allows (invalid) modules to be loaded
while only a warning is emitted.
Disabling this option keeps the enforcement at module loading time and
loading is denied if the module's imports are not satisfactory.
Reviewed-by: Martijn Coenen <[email protected]>
Signed-off-by: Matthias Maennich <[email protected]>
---
init/Kconfig | 14 ++++++++++++++
kernel/module.c | 11 +++++++++--
2 files changed, 23 insertions(+), 2 deletions(-)
diff --git a/init/Kconfig b/init/Kconfig
index bd7d650d4a99..b3373334cdf1 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -2119,6 +2119,20 @@ config MODULE_COMPRESS_XZ
endchoice
+config MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS
+ bool "Allow loading of modules with missing namespace imports"
+ default n
+ help
+ Symbols exported with EXPORT_SYMBOL_NS*() are considered exported in
+ a namespace. A module that makes use of a symbol exported with such a
+ namespace is required to import the namespace via MODULE_IMPORT_NS().
+ This option relaxes this requirement when loading a module. While
+ technically there is no reason to enforce correct namespace imports,
+ it creates consistency between symbols defining namespaces and users
+ importing namespaces they make use of.
+
+ If unsure, say N.
+
config TRIM_UNUSED_KSYMS
bool "Trim unused exported kernel symbols"
depends on MODULES && !UNUSED_SYMBOLS
diff --git a/kernel/module.c b/kernel/module.c
index 57e8253f2251..7c934aaae2d3 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -1408,9 +1408,16 @@ static int verify_namespace_is_imported(const struct load_info *info,
imported_namespace = get_next_modinfo(
info, "import_ns", imported_namespace);
}
- pr_err("%s: module uses symbol (%s) from namespace %s, but does not import it.\n",
- mod->name, kernel_symbol_name(sym), namespace);
+#ifdef CONFIG_MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS
+ pr_warn(
+#else
+ pr_err(
+#endif
+ "%s: module uses symbol (%s) from namespace %s, but does not import it.\n",
+ mod->name, kernel_symbol_name(sym), namespace);
+#ifndef CONFIG_MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS
return -EINVAL;
+#endif
}
return 0;
}
--
2.23.0.rc1.153.gdeed80330f-goog
On Tue, Aug 13, 2019 at 01:17:02PM +0100, Matthias Maennich wrote:
> If MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS is enabled (default=n), the
> requirement for modules to import all namespaces that are used by
> the module is relaxed.
>
> Enabling this option effectively allows (invalid) modules to be loaded
> while only a warning is emitted.
>
> Disabling this option keeps the enforcement at module loading time and
> loading is denied if the module's imports are not satisfactory.
>
> Reviewed-by: Martijn Coenen <[email protected]>
> Signed-off-by: Matthias Maennich <[email protected]>
> ---
> init/Kconfig | 14 ++++++++++++++
> kernel/module.c | 11 +++++++++--
> 2 files changed, 23 insertions(+), 2 deletions(-)
>
> diff --git a/init/Kconfig b/init/Kconfig
> index bd7d650d4a99..b3373334cdf1 100644
> --- a/init/Kconfig
> +++ b/init/Kconfig
> @@ -2119,6 +2119,20 @@ config MODULE_COMPRESS_XZ
>
> endchoice
>
> +config MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS
> + bool "Allow loading of modules with missing namespace imports"
> + default n
the default for config options is always N, no need to list it here.
> + help
> + Symbols exported with EXPORT_SYMBOL_NS*() are considered exported in
> + a namespace. A module that makes use of a symbol exported with such a
> + namespace is required to import the namespace via MODULE_IMPORT_NS().
> + This option relaxes this requirement when loading a module. While
> + technically there is no reason to enforce correct namespace imports,
> + it creates consistency between symbols defining namespaces and users
> + importing namespaces they make use of.
> +
> + If unsure, say N.
> +
> config TRIM_UNUSED_KSYMS
> bool "Trim unused exported kernel symbols"
> depends on MODULES && !UNUSED_SYMBOLS
> diff --git a/kernel/module.c b/kernel/module.c
> index 57e8253f2251..7c934aaae2d3 100644
> --- a/kernel/module.c
> +++ b/kernel/module.c
> @@ -1408,9 +1408,16 @@ static int verify_namespace_is_imported(const struct load_info *info,
> imported_namespace = get_next_modinfo(
> info, "import_ns", imported_namespace);
> }
> - pr_err("%s: module uses symbol (%s) from namespace %s, but does not import it.\n",
> - mod->name, kernel_symbol_name(sym), namespace);
> +#ifdef CONFIG_MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS
> + pr_warn(
> +#else
> + pr_err(
> +#endif
> + "%s: module uses symbol (%s) from namespace %s, but does not import it.\n",
> + mod->name, kernel_symbol_name(sym), namespace);
> +#ifndef CONFIG_MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS
> return -EINVAL;
> +#endif
This #ifdef mess is a hack, but oh well :)
If you drop the above default line, feel free to add:
Reviewed-by: Greg Kroah-Hartman <[email protected]>
On Tue, Aug 13, 2019 at 5:19 AM 'Matthias Maennich' via kernel-team
<[email protected]> wrote:
>
> If MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS is enabled (default=n), the
> requirement for modules to import all namespaces that are used by
> the module is relaxed.
>
> Enabling this option effectively allows (invalid) modules to be loaded
> while only a warning is emitted.
>
> Disabling this option keeps the enforcement at module loading time and
> loading is denied if the module's imports are not satisfactory.
>
> Reviewed-by: Martijn Coenen <[email protected]>
> Signed-off-by: Matthias Maennich <[email protected]>
> ---
> init/Kconfig | 14 ++++++++++++++
> kernel/module.c | 11 +++++++++--
> 2 files changed, 23 insertions(+), 2 deletions(-)
>
> diff --git a/init/Kconfig b/init/Kconfig
> index bd7d650d4a99..b3373334cdf1 100644
> --- a/init/Kconfig
> +++ b/init/Kconfig
> @@ -2119,6 +2119,20 @@ config MODULE_COMPRESS_XZ
>
> endchoice
>
> +config MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS
> + bool "Allow loading of modules with missing namespace imports"
> + default n
> + help
> + Symbols exported with EXPORT_SYMBOL_NS*() are considered exported in
> + a namespace. A module that makes use of a symbol exported with such a
> + namespace is required to import the namespace via MODULE_IMPORT_NS().
> + This option relaxes this requirement when loading a module.
> While
> + technically there is no reason to enforce correct namespace imports,
> + it creates consistency between symbols defining namespaces and users
> + importing namespaces they make use of.
I'm confused by this sentence. It sounds like it's the opposite of
what the config is doing? Can you please reword it for clarify?
-Saravana
On Tue, Aug 13, 2019 at 01:15:44PM -0700, Saravana Kannan wrote:
>On Tue, Aug 13, 2019 at 5:19 AM 'Matthias Maennich' via kernel-team
><[email protected]> wrote:
>>
>> If MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS is enabled (default=n), the
>> requirement for modules to import all namespaces that are used by
>> the module is relaxed.
>>
>> Enabling this option effectively allows (invalid) modules to be loaded
>> while only a warning is emitted.
>>
>> Disabling this option keeps the enforcement at module loading time and
>> loading is denied if the module's imports are not satisfactory.
>>
>> Reviewed-by: Martijn Coenen <[email protected]>
>> Signed-off-by: Matthias Maennich <[email protected]>
>> ---
>> init/Kconfig | 14 ++++++++++++++
>> kernel/module.c | 11 +++++++++--
>> 2 files changed, 23 insertions(+), 2 deletions(-)
>>
>> diff --git a/init/Kconfig b/init/Kconfig
>> index bd7d650d4a99..b3373334cdf1 100644
>> --- a/init/Kconfig
>> +++ b/init/Kconfig
>> @@ -2119,6 +2119,20 @@ config MODULE_COMPRESS_XZ
>>
>> endchoice
>>
>> +config MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS
>> + bool "Allow loading of modules with missing namespace imports"
>> + default n
>> + help
>> + Symbols exported with EXPORT_SYMBOL_NS*() are considered exported in
>> + a namespace. A module that makes use of a symbol exported with such a
>> + namespace is required to import the namespace via MODULE_IMPORT_NS().
>> + This option relaxes this requirement when loading a module.
>
>> While
>> + technically there is no reason to enforce correct namespace imports,
>> + it creates consistency between symbols defining namespaces and users
>> + importing namespaces they make use of.
>
>I'm confused by this sentence. It sounds like it's the opposite of
>what the config is doing? Can you please reword it for clarify?
How about:
Symbols exported with EXPORT_SYMBOL_NS*() are considered exported in
a namespace. A module that makes use of a symbol exported with such a
namespace is required to import the namespace via MODULE_IMPORT_NS().
There is no technical reason to enforce correct namespace imports,
but it creates consistency between symbols defining namespaces and
users importing namespaces they make use of. This option relaxes this
requirement and lifts the enforcement when loading a module.
--
Cheers,
Matthias
On Wed, Aug 14, 2019 at 5:54 AM 'Matthias Maennich' via kernel-team
<[email protected]> wrote:
>
> On Tue, Aug 13, 2019 at 01:15:44PM -0700, Saravana Kannan wrote:
> >On Tue, Aug 13, 2019 at 5:19 AM 'Matthias Maennich' via kernel-team
> ><[email protected]> wrote:
> >>
> >> If MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS is enabled (default=n), the
> >> requirement for modules to import all namespaces that are used by
> >> the module is relaxed.
> >>
> >> Enabling this option effectively allows (invalid) modules to be loaded
> >> while only a warning is emitted.
> >>
> >> Disabling this option keeps the enforcement at module loading time and
> >> loading is denied if the module's imports are not satisfactory.
> >>
> >> Reviewed-by: Martijn Coenen <[email protected]>
> >> Signed-off-by: Matthias Maennich <[email protected]>
> >> ---
> >> init/Kconfig | 14 ++++++++++++++
> >> kernel/module.c | 11 +++++++++--
> >> 2 files changed, 23 insertions(+), 2 deletions(-)
> >>
> >> diff --git a/init/Kconfig b/init/Kconfig
> >> index bd7d650d4a99..b3373334cdf1 100644
> >> --- a/init/Kconfig
> >> +++ b/init/Kconfig
> >> @@ -2119,6 +2119,20 @@ config MODULE_COMPRESS_XZ
> >>
> >> endchoice
> >>
> >> +config MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS
> >> + bool "Allow loading of modules with missing namespace imports"
> >> + default n
> >> + help
> >> + Symbols exported with EXPORT_SYMBOL_NS*() are considered exported in
> >> + a namespace. A module that makes use of a symbol exported with such a
> >> + namespace is required to import the namespace via MODULE_IMPORT_NS().
> >> + This option relaxes this requirement when loading a module.
> >
> >> While
> >> + technically there is no reason to enforce correct namespace imports,
> >> + it creates consistency between symbols defining namespaces and users
> >> + importing namespaces they make use of.
> >
> >I'm confused by this sentence. It sounds like it's the opposite of
> >what the config is doing? Can you please reword it for clarify?
>
> How about:
>
> Symbols exported with EXPORT_SYMBOL_NS*() are considered exported in
> a namespace. A module that makes use of a symbol exported with such a
> namespace is required to import the namespace via MODULE_IMPORT_NS().
> There is no technical reason to enforce correct namespace imports,
> but it creates consistency between symbols defining namespaces and
> users importing namespaces they make use of. This option relaxes this
> requirement and lifts the enforcement when loading a module.
That's a lot better. Especially moving the "This option relaxes..." to
the bottom. Thanks.
-Saravana