Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1754369AbbLINcp (ORCPT <rfc822;w@1wt.eu>);
	Wed, 9 Dec 2015 08:32:45 -0500
Received: from szxga01-in.huawei.com ([58.251.152.64]:20023 "EHLO
	szxga01-in.huawei.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1754153AbbLINco (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Wed, 9 Dec 2015 08:32:44 -0500
From: Xie XiuQi <xiexiuqi@huawei.com>
To: <rusty@rustcorp.com.au>, <paulmck@linux.vnet.ibm.com>,
        <akpm@linux-foundation.org>, <bobby.prani@gmail.com>
CC: <dhowells@redhat.com>, <David.Woodhouse@intel.com>,
        <linux-kernel@vger.kernel.org>, <hannes@cmpxchg.org>,
        <iulia.manda21@gmail.com>, <luto@amacapital.net>,
        <huawei.libin@huawei.com>
Subject: [PATCH] module: check vermagic match exactly when load modules
Date: Wed, 9 Dec 2015 21:34:04 +0800
Message-ID: <1449668044-28367-1-git-send-email-xiexiuqi@huawei.com>
X-Mailer: git-send-email 1.7.1
MIME-Version: 1.0
Content-Type: text/plain
X-Originating-IP: [10.175.100.166]
X-CFilter-Loop: Reflected
X-Mirapoint-Virus-RAPID-Raw: score=unknown(0),
	refid=str=0001.0A020203.56682D69.02AF,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0,
	ip=0.0.0.0,
	so=2013-06-18 04:22:30,
	dmn=2013-03-21 17:37:32
X-Mirapoint-Loop-Id: f3e9523fbb43e1295424f688c06ddca5
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1969
Lines: 62

Usually, checking kernel version will be ignore when loading
modules if CONFIG_MODVERSIONS option is enable. This could
potentially lead to a mismatch with the running kernel.

With this option, we prevent to load the modules which vermagic
is not match exactly with the running kernel.

It could be set to N by default.

Signed-off-by: Xie XiuQi <xiexiuqi@huawei.com>
---
 init/Kconfig    | 11 +++++++++++
 kernel/module.c |  2 ++
 2 files changed, 13 insertions(+)

diff --git a/init/Kconfig b/init/Kconfig
index c24b6f7..ce9c23e 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1889,6 +1889,17 @@ config MODVERSIONS
 	  make them incompatible with the kernel you are running.  If
 	  unsure, say N.
 
+config MODULE_VERMAGIC_FORCE
+	bool "Require vermagic match exactly"
+	default n
+	depends on MODVERSIONS
+	help
+	  Usually, checking kernel version will be ignore when loading
+	  modules if CONFIG_MODVERSIONS option is enable. This could
+	  potentially lead to a mismatch with the running kernel.
+	  With this option, we prevent to load the modules which vermagic
+	  is not match exactly with the running kernel. If unsure, say N.
+
 config MODULE_SRCVERSION_ALL
 	bool "Source checksum for all modules"
 	help
diff --git a/kernel/module.c b/kernel/module.c
index 8f051a1..cf350d5 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -1350,10 +1350,12 @@ static inline int check_modstruct_version(Elf_Shdr *sechdrs,
 static inline int same_magic(const char *amagic, const char *bmagic,
 			     bool has_crcs)
 {
+#ifndef CONFIG_MODULE_VERMAGIC_FORCE
 	if (has_crcs) {
 		amagic += strcspn(amagic, " ");
 		bmagic += strcspn(bmagic, " ");
 	}
+#endif
 	return strcmp(amagic, bmagic) == 0;
 }
 #else
-- 
1.8.3.1

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/