From: Alejandro Colomar <alx@kernel.org>
To: "Michael Weiß" <michael.weiss@aisec.fraunhofer.de>
Cc: linux-man@vger.kernel.org,
Dmitry Torokhov <dmitry.torokhov@gmail.com>,
Stephen Boyd <swboyd@chromium.org>
Subject: Re: [PATCH] init_module.2: Document MODULE_INIT_COMPRESS_FILE flag
Date: Thu, 4 Apr 2024 11:01:36 +0200 [thread overview]
Message-ID: <qzdqvyayhf4ubzbcvjlzxhscta4qhrbhdl3yqgu7273okdquvn@yao4dmurtir2> (raw)
In-Reply-To: <20240403114223.42696-1-michael.weiss@aisec.fraunhofer.de>
[-- Attachment #1: Type: text/plain, Size: 4234 bytes --]
Hi Michael,
On Wed, Apr 03, 2024 at 01:42:23PM GMT, Michael Weiß wrote:
> finit_module() supports the MODULE_INIT_COMPRESS_FILE flag since
> Linux 5.17. See commit b1ae6dc41eaaa ("module: add in-kernel support
> for decompressing")
>
> During implementation of a secure module loader in GyroidOS, we
> wanted to filter unsafe module parameters. To verify that only the
> two documented flags which are disabling sanity checks are unsafe,
> we had a look in the current kernel implementation.
>
> We discovered that this new flag MODULE_INIT_COMPRESS_FILE was added.
> Having a deeper look at the code, we also discovered that a new error
> code EOPNOTSUPP is possible within newer kernels.
>
> The inital commit only supported gzip and xz compression algorithms.
> Support for zstd was added in Linux 6.2 by commit 169a58ad824d8
> ("module/decompress: Support zstd in-kernel decompression")
>
> Signed-off-by: Michael Weiß <michael.weiss@aisec.fraunhofer.de>
I've applied the patch, with some minor cosmetic changes:
<https://www.alejandro-colomar.es/src/alx/linux/man-pages/man-pages.git/commit/?h=contrib&id=852f6874f5c1f57e70fcdc6e68411435acea2369>
Have a lovely day!
Alex
> ---
>
> Changes in v2:
> - Update formatting (Alejandro)
> - Split EINVAL into two entries (Alejandro)
> - Fixed error in EINVAL, s/CONFIG_MODULE_DECOMPRESS/MODULE_INIT_COMPRESSED_FILE/
> - Fixed incomplete description for EOPNOTSUPP (Alejandro)
> - Link to v1: https://lore.kernel.org/r/20240329124137.630521-1-michael.weiss@aisec.fraunhofer.de/
>
> ---
> man2/init_module.2 | 50 ++++++++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 50 insertions(+)
>
> diff --git a/man2/init_module.2 b/man2/init_module.2
> index 95917a079..133d82b53 100644
> --- a/man2/init_module.2
> +++ b/man2/init_module.2
> @@ -107,6 +107,10 @@ Ignore symbol version hashes.
> .TP
> .B MODULE_INIT_IGNORE_VERMAGIC
> Ignore kernel version magic.
> +.TP
> +.BR MODULE_INIT_COMPRESSED_FILE " (since Linux 5.17)"
> +.\" commit b1ae6dc41eaaa98bb75671e0f3665bfda248c3e7
> +Use in-kernel module decompression.
> .P
> There are some safety checks built into a module to ensure that
> it matches the kernel against which it is loaded.
> @@ -136,6 +140,39 @@ If the kernel is built to permit forced loading (i.e., configured with
> then loading continues, otherwise it fails with the error
> .B ENOEXEC
> as expected for malformed modules.
> +.P
> +If the kernel was build with
> +.BR CONFIG_MODULE_DECOMPRESS ,
> +the in-kernel decompression feature can be used.
> +Userspace code can check if the kernel supports decompression by reading the
> +.I /sys/module/compression
> +attribute.
> +If the kernel supports decompression,
> +the compressed file can directly be passed to
> +.BR finit_module ()
> +using the
> +.B MODULE_INIT_COMPRESSED_FILE
> +flag.
> +The in-kernel module decompressor supports the following compression algorithms:
> +.P
> +.RS 4
> +.PD 0
> +.IP \[bu] 3
> +.I gzip
> +(since Linux 5.17)
> +.IP \[bu]
> +.I xz
> +(since Linux 5.17)
> +.IP \[bu]
> +.I zstd
> +.\" commit 169a58ad824d896b9e291a27193342616e651b82
> +(since Linux 6.2)
> +.PD
> +.RE
> +.P
> +The kernel only implements a single decompression method.
> +This is selected during module generation accordingly to the compression method
> +chosen in the kernel configuration.
> .SH RETURN VALUE
> On success, these system calls return 0.
> On error, \-1 is returned and
> @@ -223,10 +260,23 @@ is too large.
> .I flags
> is invalid.
> .TP
> +.B EINVAL
> +The decompressor sanity checks failed,
> +while loading a compressed module with flag
> +.B MODULE_INIT_COMPRESSED_FILE
> +set.
> +.TP
> .B ENOEXEC
> .I fd
> does not refer to an open file.
> .TP
> +.BR EOPNOTSUPP " (since Linux 5.17)"
> +The flag
> +.B MODULE_INIT_COMPRESSED_FILE
> +is set to load a compressed module,
> +and the kernel was built without
> +.BR CONFIG_MODULE_DECOMPRESS .
> +.TP
> .BR ETXTBSY " (since Linux 4.7)"
> .\" commit 39d637af5aa7577f655c58b9e55587566c63a0af
> The file referred to by
> --
> 2.39.2
>
>
--
<https://www.alejandro-colomar.es/>
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2024-04-04 9:01 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-03 11:42 [PATCH] init_module.2: Document MODULE_INIT_COMPRESS_FILE flag Michael Weiß
2024-04-03 11:48 ` [PATCH v2] " Michael Weiß
2024-04-04 9:01 ` Alejandro Colomar [this message]
-- strict thread matches above, loose matches on Subject: below --
2024-03-29 12:41 [PATCH] " Michael Weiß
2024-03-30 23:05 ` Alejandro Colomar
2024-04-02 11:07 ` Michael Weiß
2024-04-03 9:07 ` Alejandro Colomar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=qzdqvyayhf4ubzbcvjlzxhscta4qhrbhdl3yqgu7273okdquvn@yao4dmurtir2 \
--to=alx@kernel.org \
--cc=dmitry.torokhov@gmail.com \
--cc=linux-man@vger.kernel.org \
--cc=michael.weiss@aisec.fraunhofer.de \
--cc=swboyd@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).