diff options
author | Michael Weiß <michael.weiss@aisec.fraunhofer.de> | 2024-04-03 13:42:23 +0200 |
---|---|---|
committer | Alejandro Colomar <alx@kernel.org> | 2024-04-04 11:00:39 +0200 |
commit | 852f6874f5c1f57e70fcdc6e68411435acea2369 (patch) | |
tree | f9ad6b313c3c4e2afac6f2f367fe264a5ebe5b91 | |
parent | 5788bf3d81934f21ce9c602d623c9b31cf2bedc4 (diff) |
init_module.2: Document MODULE_INIT_COMPRESS_FILE flag
finit_module() supports the MODULE_INIT_COMPRESS_FILE flag since
Linux 5.17. See commit b1ae6dc41eaaa ("module: add in-kernel support
for decompressing")
During implementation of a secure module loader in GyroidOS, we
wanted to filter unsafe module parameters. To verify that only the
two documented flags which are disabling sanity checks are unsafe,
we had a look in the current kernel implementation.
We discovered that this new flag MODULE_INIT_COMPRESS_FILE was added.
Having a deeper look at the code, we also discovered that a new error
code EOPNOTSUPP is possible within newer kernels.
The inital commit only supported gzip and xz compression algorithms.
Support for zstd was added in Linux 6.2 by commit 169a58ad824d8
("module/decompress: Support zstd in-kernel decompression")
Signed-off-by: Michael Weiß <michael.weiss@aisec.fraunhofer.de>
Cc: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Cc: Stephen Boyd <swboyd@chromium.org>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
-rw-r--r-- | man2/init_module.2 | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/man2/init_module.2 b/man2/init_module.2 index 95917a079..5055f2546 100644 --- a/man2/init_module.2 +++ b/man2/init_module.2 @@ -107,6 +107,10 @@ Ignore symbol version hashes. .TP .B MODULE_INIT_IGNORE_VERMAGIC Ignore kernel version magic. +.TP +.BR MODULE_INIT_COMPRESSED_FILE " (since Linux 5.17)" +.\" commit b1ae6dc41eaaa98bb75671e0f3665bfda248c3e7 +Use in-kernel module decompression. .P There are some safety checks built into a module to ensure that it matches the kernel against which it is loaded. @@ -136,6 +140,40 @@ If the kernel is built to permit forced loading (i.e., configured with then loading continues, otherwise it fails with the error .B ENOEXEC as expected for malformed modules. +.P +If the kernel was build with +.BR CONFIG_MODULE_DECOMPRESS , +the in-kernel decompression feature can be used. +User-space code can check if the kernel supports decompression +by reading the +.I /sys/module/compression +attribute. +If the kernel supports decompression, +the compressed file can directly be passed to +.BR finit_module () +using the +.B MODULE_INIT_COMPRESSED_FILE +flag. +The in-kernel module decompressor supports the following compression algorithms: +.P +.RS 4 +.PD 0 +.IP \[bu] 3 +.I gzip +(since Linux 5.17) +.IP \[bu] +.I xz +(since Linux 5.17) +.IP \[bu] +.I zstd +.\" commit 169a58ad824d896b9e291a27193342616e651b82 +(since Linux 6.2) +.PD +.RE +.P +The kernel only implements a single decompression method. +This is selected during module generation accordingly to the compression method +chosen in the kernel configuration. .SH RETURN VALUE On success, these system calls return 0. On error, \-1 is returned and @@ -223,10 +261,23 @@ is too large. .I flags is invalid. .TP +.B EINVAL +The decompressor sanity checks failed, +while loading a compressed module with flag +.B MODULE_INIT_COMPRESSED_FILE +set. +.TP .B ENOEXEC .I fd does not refer to an open file. .TP +.BR EOPNOTSUPP " (since Linux 5.17)" +The flag +.B MODULE_INIT_COMPRESSED_FILE +is set to load a compressed module, +and the kernel was built without +.BR CONFIG_MODULE_DECOMPRESS . +.TP .BR ETXTBSY " (since Linux 4.7)" .\" commit 39d637af5aa7577f655c58b9e55587566c63a0af The file referred to by |