1/* 2 Copyright (C) 2002 Richard Henderson 3 Copyright (C) 2001 Rusty Russell, 2002, 2010 Rusty Russell IBM. 4 5 This program is free software; you can redistribute it and/or modify 6 it under the terms of the GNU General Public License as published by 7 the Free Software Foundation; either version 2 of the License, or 8 (at your option) any later version. 9 10 This program is distributed in the hope that it will be useful, 11 but WITHOUT ANY WARRANTY; without even the implied warranty of 12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 GNU General Public License for more details. 14 15 You should have received a copy of the GNU General Public License 16 along with this program; if not, write to the Free Software 17 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 18*/ 19#include <linux/export.h> 20#include <linux/moduleloader.h> 21#include <linux/ftrace_event.h> 22#include <linux/init.h> 23#include <linux/kallsyms.h> 24#include <linux/file.h> 25#include <linux/fs.h> 26#include <linux/sysfs.h> 27#include <linux/kernel.h> 28#include <linux/slab.h> 29#include <linux/vmalloc.h> 30#include <linux/elf.h> 31#include <linux/proc_fs.h> 32#include <linux/security.h> 33#include <linux/seq_file.h> 34#include <linux/syscalls.h> 35#include <linux/fcntl.h> 36#include <linux/rcupdate.h> 37#include <linux/capability.h> 38#include <linux/cpu.h> 39#include <linux/moduleparam.h> 40#include <linux/errno.h> 41#include <linux/err.h> 42#include <linux/vermagic.h> 43#include <linux/notifier.h> 44#include <linux/sched.h> 45#include <linux/device.h> 46#include <linux/string.h> 47#include <linux/mutex.h> 48#include <linux/rculist.h> 49#include <asm/uaccess.h> 50#include <asm/cacheflush.h> 51#include <asm/mmu_context.h> 52#include <linux/license.h> 53#include <asm/sections.h> 54#include <linux/tracepoint.h> 55#include <linux/ftrace.h> 56#include <linux/async.h> 57#include <linux/percpu.h> 58#include <linux/kmemleak.h> 59#include <linux/jump_label.h> 60#include <linux/pfn.h> 61#include <linux/bsearch.h> 62#include <uapi/linux/module.h> 63#include "module-internal.h" 64 65#define CREATE_TRACE_POINTS 66#include <trace/events/module.h> 67 68#ifndef ARCH_SHF_SMALL 69#define ARCH_SHF_SMALL 0 70#endif 71 72/* 73 * Modules' sections will be aligned on page boundaries 74 * to ensure complete separation of code and data, but 75 * only when CONFIG_DEBUG_SET_MODULE_RONX=y 76 */ 77#ifdef CONFIG_DEBUG_SET_MODULE_RONX 78# define debug_align(X) ALIGN(X, PAGE_SIZE) 79#else 80# define debug_align(X) (X) 81#endif 82 83/* 84 * Given BASE and SIZE this macro calculates the number of pages the 85 * memory regions occupies 86 */ 87#define MOD_NUMBER_OF_PAGES(BASE, SIZE) (((SIZE) > 0) ? \ 88 (PFN_DOWN((unsigned long)(BASE) + (SIZE) - 1) - \ 89 PFN_DOWN((unsigned long)BASE) + 1) \ 90 : (0UL)) 91 92/* If this is set, the section belongs in the init part of the module */ 93#define INIT_OFFSET_MASK (1UL << (BITS_PER_LONG-1)) 94 95/* 96 * Mutex protects: 97 * 1) List of modules (also safely readable with preempt_disable), 98 * 2) module_use links, 99 * 3) module_addr_min/module_addr_max. 100 * (delete and add uses RCU list operations). */ 101DEFINE_MUTEX(module_mutex); 102EXPORT_SYMBOL_GPL(module_mutex); 103static LIST_HEAD(modules); 104#ifdef CONFIG_KGDB_KDB 105struct list_head *kdb_modules = &modules; /* kdb needs the list of modules */ 106#endif /* CONFIG_KGDB_KDB */ 107 108#ifdef CONFIG_MODULE_SIG 109#ifdef CONFIG_MODULE_SIG_FORCE 110static bool sig_enforce = true; 111#else 112static bool sig_enforce = false; 113 114static int param_set_bool_enable_only(const char *val, 115 const struct kernel_param *kp) 116{ 117 int err; 118 bool test; 119 struct kernel_param dummy_kp = *kp; 120 121 dummy_kp.arg = &test; 122 123 err = param_set_bool(val, &dummy_kp); 124 if (err) 125 return err; 126 127 /* Don't let them unset it once it's set! */ 128 if (!test && sig_enforce) 129 return -EROFS; 130 131 if (test) 132 sig_enforce = true; 133 return 0; 134} 135 136static const struct kernel_param_ops param_ops_bool_enable_only = { 137 .flags = KERNEL_PARAM_OPS_FL_NOARG, 138 .set = param_set_bool_enable_only, 139 .get = param_get_bool, 140}; 141#define param_check_bool_enable_only param_check_bool 142 143module_param(sig_enforce, bool_enable_only, 0644); 144#endif /* !CONFIG_MODULE_SIG_FORCE */ 145#endif /* CONFIG_MODULE_SIG */ 146 147/* Block module loading/unloading? */ 148int modules_disabled = 0; 149core_param(nomodule, modules_disabled, bint, 0); 150 151/* Waiting for a module to finish initializing? */ 152static DECLARE_WAIT_QUEUE_HEAD(module_wq); 153 154static BLOCKING_NOTIFIER_HEAD(module_notify_list); 155 156/* Bounds of module allocation, for speeding __module_address. 157 * Protected by module_mutex. */ 158static unsigned long module_addr_min = -1UL, module_addr_max = 0; 159 160int register_module_notifier(struct notifier_block *nb) 161{ 162 return blocking_notifier_chain_register(&module_notify_list, nb); 163} 164EXPORT_SYMBOL(register_module_notifier); 165 166int unregister_module_notifier(struct notifier_block *nb) 167{ 168 return blocking_notifier_chain_unregister(&module_notify_list, nb); 169} 170EXPORT_SYMBOL(unregister_module_notifier); 171 172struct load_info { 173 Elf_Ehdr *hdr; 174 unsigned long len; 175 Elf_Shdr *sechdrs; 176 char *secstrings, *strtab; 177 unsigned long symoffs, stroffs; 178 struct _ddebug *debug; 179 unsigned int num_debug; 180 bool sig_ok; 181#ifdef CONFIG_KALLSYMS 182 unsigned long mod_kallsyms_init_off; 183#endif 184 struct { 185 unsigned int sym, str, mod, vers, info, pcpu; 186 } index; 187}; 188 189/* We require a truly strong try_module_get(): 0 means failure due to 190 ongoing or failed initialization etc. */ 191static inline int strong_try_module_get(struct module *mod) 192{ 193 BUG_ON(mod && mod->state == MODULE_STATE_UNFORMED); 194 if (mod && mod->state == MODULE_STATE_COMING) 195 return -EBUSY; 196 if (try_module_get(mod)) 197 return 0; 198 else 199 return -ENOENT; 200} 201 202static inline void add_taint_module(struct module *mod, unsigned flag, 203 enum lockdep_ok lockdep_ok) 204{ 205 add_taint(flag, lockdep_ok); 206 mod->taints |= (1U << flag); 207} 208 209/* 210 * A thread that wants to hold a reference to a module only while it 211 * is running can call this to safely exit. nfsd and lockd use this. 212 */ 213void __module_put_and_exit(struct module *mod, long code) 214{ 215 module_put(mod); 216 do_exit(code); 217} 218EXPORT_SYMBOL(__module_put_and_exit); 219 220/* Find a module section: 0 means not found. */ 221static unsigned int find_sec(const struct load_info *info, const char *name) 222{ 223 unsigned int i; 224 225 for (i = 1; i < info->hdr->e_shnum; i++) { 226 Elf_Shdr *shdr = &info->sechdrs[i]; 227 /* Alloc bit cleared means "ignore it." */ 228 if ((shdr->sh_flags & SHF_ALLOC) 229 && strcmp(info->secstrings + shdr->sh_name, name) == 0) 230 return i; 231 } 232 return 0; 233} 234 235/* Find a module section, or NULL. */ 236static void *section_addr(const struct load_info *info, const char *name) 237{ 238 /* Section 0 has sh_addr 0. */ 239 return (void *)info->sechdrs[find_sec(info, name)].sh_addr; 240} 241 242/* Find a module section, or NULL. Fill in number of "objects" in section. */ 243static void *section_objs(const struct load_info *info, 244 const char *name, 245 size_t object_size, 246 unsigned int *num) 247{ 248 unsigned int sec = find_sec(info, name); 249 250 /* Section 0 has sh_addr 0 and sh_size 0. */ 251 *num = info->sechdrs[sec].sh_size / object_size; 252 return (void *)info->sechdrs[sec].sh_addr; 253} 254 255/* Provided by the linker */ 256extern const struct kernel_symbol __start___ksymtab[]; 257extern const struct kernel_symbol __stop___ksymtab[]; 258extern const struct kernel_symbol __start___ksymtab_gpl[]; 259extern const struct kernel_symbol __stop___ksymtab_gpl[]; 260extern const struct kernel_symbol __start___ksymtab_gpl_future[]; 261extern const struct kernel_symbol __stop___ksymtab_gpl_future[]; 262extern const unsigned long __start___kcrctab[]; 263extern const unsigned long __start___kcrctab_gpl[]; 264extern const unsigned long __start___kcrctab_gpl_future[]; 265#ifdef CONFIG_UNUSED_SYMBOLS 266extern const struct kernel_symbol __start___ksymtab_unused[]; 267extern const struct kernel_symbol __stop___ksymtab_unused[]; 268extern const struct kernel_symbol __start___ksymtab_unused_gpl[]; 269extern const struct kernel_symbol __stop___ksymtab_unused_gpl[]; 270extern const unsigned long __start___kcrctab_unused[]; 271extern const unsigned long __start___kcrctab_unused_gpl[]; 272#endif 273 274#ifndef CONFIG_MODVERSIONS 275#define symversion(base, idx) NULL 276#else 277#define symversion(base, idx) ((base != NULL) ? ((base) + (idx)) : NULL) 278#endif 279 280static bool each_symbol_in_section(const struct symsearch *arr, 281 unsigned int arrsize, 282 struct module *owner, 283 bool (*fn)(const struct symsearch *syms, 284 struct module *owner, 285 void *data), 286 void *data) 287{ 288 unsigned int j; 289 290 for (j = 0; j < arrsize; j++) { 291 if (fn(&arr[j], owner, data)) 292 return true; 293 } 294 295 return false; 296} 297 298/* Returns true as soon as fn returns true, otherwise false. */ 299bool each_symbol_section(bool (*fn)(const struct symsearch *arr, 300 struct module *owner, 301 void *data), 302 void *data) 303{ 304 struct module *mod; 305 static const struct symsearch arr[] = { 306 { __start___ksymtab, __stop___ksymtab, __start___kcrctab, 307 NOT_GPL_ONLY, false }, 308 { __start___ksymtab_gpl, __stop___ksymtab_gpl, 309 __start___kcrctab_gpl, 310 GPL_ONLY, false }, 311 { __start___ksymtab_gpl_future, __stop___ksymtab_gpl_future, 312 __start___kcrctab_gpl_future, 313 WILL_BE_GPL_ONLY, false }, 314#ifdef CONFIG_UNUSED_SYMBOLS 315 { __start___ksymtab_unused, __stop___ksymtab_unused, 316 __start___kcrctab_unused, 317 NOT_GPL_ONLY, true }, 318 { __start___ksymtab_unused_gpl, __stop___ksymtab_unused_gpl, 319 __start___kcrctab_unused_gpl, 320 GPL_ONLY, true }, 321#endif 322 }; 323 324 if (each_symbol_in_section(arr, ARRAY_SIZE(arr), NULL, fn, data)) 325 return true; 326 327 list_for_each_entry_rcu(mod, &modules, list) { 328 struct symsearch arr[] = { 329 { mod->syms, mod->syms + mod->num_syms, mod->crcs, 330 NOT_GPL_ONLY, false }, 331 { mod->gpl_syms, mod->gpl_syms + mod->num_gpl_syms, 332 mod->gpl_crcs, 333 GPL_ONLY, false }, 334 { mod->gpl_future_syms, 335 mod->gpl_future_syms + mod->num_gpl_future_syms, 336 mod->gpl_future_crcs, 337 WILL_BE_GPL_ONLY, false }, 338#ifdef CONFIG_UNUSED_SYMBOLS 339 { mod->unused_syms, 340 mod->unused_syms + mod->num_unused_syms, 341 mod->unused_crcs, 342 NOT_GPL_ONLY, true }, 343 { mod->unused_gpl_syms, 344 mod->unused_gpl_syms + mod->num_unused_gpl_syms, 345 mod->unused_gpl_crcs, 346 GPL_ONLY, true }, 347#endif 348 }; 349 350 if (mod->state == MODULE_STATE_UNFORMED) 351 continue; 352 353 if (each_symbol_in_section(arr, ARRAY_SIZE(arr), mod, fn, data)) 354 return true; 355 } 356 return false; 357} 358EXPORT_SYMBOL_GPL(each_symbol_section); 359 360struct find_symbol_arg { 361 /* Input */ 362 const char *name; 363 bool gplok; 364 bool warn; 365 366 /* Output */ 367 struct module *owner; 368 const unsigned long *crc; 369 const struct kernel_symbol *sym; 370}; 371 372static bool check_symbol(const struct symsearch *syms, 373 struct module *owner, 374 unsigned int symnum, void *data) 375{ 376 struct find_symbol_arg *fsa = data; 377 378 if (!fsa->gplok) { 379 if (syms->licence == GPL_ONLY) 380 return false; 381 if (syms->licence == WILL_BE_GPL_ONLY && fsa->warn) { 382 pr_warn("Symbol %s is being used by a non-GPL module, " 383 "which will not be allowed in the future\n", 384 fsa->name); 385 } 386 } 387 388#ifdef CONFIG_UNUSED_SYMBOLS 389 if (syms->unused && fsa->warn) { 390 pr_warn("Symbol %s is marked as UNUSED, however this module is " 391 "using it.\n", fsa->name); 392 pr_warn("This symbol will go away in the future.\n"); 393 pr_warn("Please evaluate if this is the right api to use and " 394 "if it really is, submit a report to the linux kernel " 395 "mailing list together with submitting your code for " 396 "inclusion.\n"); 397 } 398#endif 399 400 fsa->owner = owner; 401 fsa->crc = symversion(syms->crcs, symnum); 402 fsa->sym = &syms->start[symnum]; 403 return true; 404} 405 406static int cmp_name(const void *va, const void *vb) 407{ 408 const char *a; 409 const struct kernel_symbol *b; 410 a = va; b = vb; 411 return strcmp(a, b->name); 412} 413 414static bool find_symbol_in_section(const struct symsearch *syms, 415 struct module *owner, 416 void *data) 417{ 418 struct find_symbol_arg *fsa = data; 419 struct kernel_symbol *sym; 420 421 sym = bsearch(fsa->name, syms->start, syms->stop - syms->start, 422 sizeof(struct kernel_symbol), cmp_name); 423 424 if (sym != NULL && check_symbol(syms, owner, sym - syms->start, data)) 425 return true; 426 427 return false; 428} 429 430/* Find a symbol and return it, along with, (optional) crc and 431 * (optional) module which owns it. Needs preempt disabled or module_mutex. */ 432const struct kernel_symbol *find_symbol(const char *name, 433 struct module **owner, 434 const unsigned long **crc, 435 bool gplok, 436 bool warn) 437{ 438 struct find_symbol_arg fsa; 439 440 fsa.name = name; 441 fsa.gplok = gplok; 442 fsa.warn = warn; 443 444 if (each_symbol_section(find_symbol_in_section, &fsa)) { 445 if (owner) 446 *owner = fsa.owner; 447 if (crc) 448 *crc = fsa.crc; 449 return fsa.sym; 450 } 451 452 pr_debug("Failed to find symbol %s\n", name); 453 return NULL; 454} 455EXPORT_SYMBOL_GPL(find_symbol); 456 457/* Search for module by name: must hold module_mutex. */ 458static struct module *find_module_all(const char *name, size_t len, 459 bool even_unformed) 460{ 461 struct module *mod; 462 463 list_for_each_entry(mod, &modules, list) { 464 if (!even_unformed && mod->state == MODULE_STATE_UNFORMED) 465 continue; 466 if (strlen(mod->name) == len && !memcmp(mod->name, name, len)) 467 return mod; 468 } 469 return NULL; 470} 471 472struct module *find_module(const char *name) 473{ 474 return find_module_all(name, strlen(name), false); 475} 476EXPORT_SYMBOL_GPL(find_module); 477 478#ifdef CONFIG_SMP 479 480static inline void __percpu *mod_percpu(struct module *mod) 481{ 482 return mod->percpu; 483} 484 485static int percpu_modalloc(struct module *mod, struct load_info *info) 486{ 487 Elf_Shdr *pcpusec = &info->sechdrs[info->index.pcpu]; 488 unsigned long align = pcpusec->sh_addralign; 489 490 if (!pcpusec->sh_size) 491 return 0; 492 493 if (align > PAGE_SIZE) { 494 pr_warn("%s: per-cpu alignment %li > %li\n", 495 mod->name, align, PAGE_SIZE); 496 align = PAGE_SIZE; 497 } 498 499 mod->percpu = __alloc_reserved_percpu(pcpusec->sh_size, align); 500 if (!mod->percpu) { 501 pr_warn("%s: Could not allocate %lu bytes percpu data\n", 502 mod->name, (unsigned long)pcpusec->sh_size); 503 return -ENOMEM; 504 } 505 mod->percpu_size = pcpusec->sh_size; 506 return 0; 507} 508 509static void percpu_modfree(struct module *mod) 510{ 511 free_percpu(mod->percpu); 512} 513 514static unsigned int find_pcpusec(struct load_info *info) 515{ 516 return find_sec(info, ".data..percpu"); 517} 518 519static void percpu_modcopy(struct module *mod, 520 const void *from, unsigned long size) 521{ 522 int cpu; 523 524 for_each_possible_cpu(cpu) 525 memcpy(per_cpu_ptr(mod->percpu, cpu), from, size); 526} 527 528/** 529 * is_module_percpu_address - test whether address is from module static percpu 530 * @addr: address to test 531 * 532 * Test whether @addr belongs to module static percpu area. 533 * 534 * RETURNS: 535 * %true if @addr is from module static percpu area 536 */ 537bool is_module_percpu_address(unsigned long addr) 538{ 539 struct module *mod; 540 unsigned int cpu; 541 542 preempt_disable(); 543 544 list_for_each_entry_rcu(mod, &modules, list) { 545 if (mod->state == MODULE_STATE_UNFORMED) 546 continue; 547 if (!mod->percpu_size) 548 continue; 549 for_each_possible_cpu(cpu) { 550 void *start = per_cpu_ptr(mod->percpu, cpu); 551 552 if ((void *)addr >= start && 553 (void *)addr < start + mod->percpu_size) { 554 preempt_enable(); 555 return true; 556 } 557 } 558 } 559 560 preempt_enable(); 561 return false; 562} 563 564#else /* ... !CONFIG_SMP */ 565 566static inline void __percpu *mod_percpu(struct module *mod) 567{ 568 return NULL; 569} 570static int percpu_modalloc(struct module *mod, struct load_info *info) 571{ 572 /* UP modules shouldn't have this section: ENOMEM isn't quite right */ 573 if (info->sechdrs[info->index.pcpu].sh_size != 0) 574 return -ENOMEM; 575 return 0; 576} 577static inline void percpu_modfree(struct module *mod) 578{ 579} 580static unsigned int find_pcpusec(struct load_info *info) 581{ 582 return 0; 583} 584static inline void percpu_modcopy(struct module *mod, 585 const void *from, unsigned long size) 586{ 587 /* pcpusec should be 0, and size of that section should be 0. */ 588 BUG_ON(size != 0); 589} 590bool is_module_percpu_address(unsigned long addr) 591{ 592 return false; 593} 594 595#endif /* CONFIG_SMP */ 596 597#define MODINFO_ATTR(field) \ 598static void setup_modinfo_##field(struct module *mod, const char *s) \ 599{ \ 600 mod->field = kstrdup(s, GFP_KERNEL); \ 601} \ 602static ssize_t show_modinfo_##field(struct module_attribute *mattr, \ 603 struct module_kobject *mk, char *buffer) \ 604{ \ 605 return scnprintf(buffer, PAGE_SIZE, "%s\n", mk->mod->field); \ 606} \ 607static int modinfo_##field##_exists(struct module *mod) \ 608{ \ 609 return mod->field != NULL; \ 610} \ 611static void free_modinfo_##field(struct module *mod) \ 612{ \ 613 kfree(mod->field); \ 614 mod->field = NULL; \ 615} \ 616static struct module_attribute modinfo_##field = { \ 617 .attr = { .name = __stringify(field), .mode = 0444 }, \ 618 .show = show_modinfo_##field, \ 619 .setup = setup_modinfo_##field, \ 620 .test = modinfo_##field##_exists, \ 621 .free = free_modinfo_##field, \ 622}; 623 624MODINFO_ATTR(version); 625MODINFO_ATTR(srcversion); 626 627static char last_unloaded_module[MODULE_NAME_LEN+1]; 628 629#ifdef CONFIG_MODULE_UNLOAD 630 631EXPORT_TRACEPOINT_SYMBOL(module_get); 632 633/* MODULE_REF_BASE is the base reference count by kmodule loader. */ 634#define MODULE_REF_BASE 1 635 636/* Init the unload section of the module. */ 637static int module_unload_init(struct module *mod) 638{ 639 /* 640 * Initialize reference counter to MODULE_REF_BASE. 641 * refcnt == 0 means module is going. 642 */ 643 atomic_set(&mod->refcnt, MODULE_REF_BASE); 644 645 INIT_LIST_HEAD(&mod->source_list); 646 INIT_LIST_HEAD(&mod->target_list); 647 648 /* Hold reference count during initialization. */ 649 atomic_inc(&mod->refcnt); 650 651 return 0; 652} 653 654/* Does a already use b? */ 655static int already_uses(struct module *a, struct module *b) 656{ 657 struct module_use *use; 658 659 list_for_each_entry(use, &b->source_list, source_list) { 660 if (use->source == a) { 661 pr_debug("%s uses %s!\n", a->name, b->name); 662 return 1; 663 } 664 } 665 pr_debug("%s does not use %s!\n", a->name, b->name); 666 return 0; 667} 668 669/* 670 * Module a uses b 671 * - we add 'a' as a "source", 'b' as a "target" of module use 672 * - the module_use is added to the list of 'b' sources (so 673 * 'b' can walk the list to see who sourced them), and of 'a' 674 * targets (so 'a' can see what modules it targets). 675 */ 676static int add_module_usage(struct module *a, struct module *b) 677{ 678 struct module_use *use; 679 680 pr_debug("Allocating new usage for %s.\n", a->name); 681 use = kmalloc(sizeof(*use), GFP_ATOMIC); 682 if (!use) { 683 pr_warn("%s: out of memory loading\n", a->name); 684 return -ENOMEM; 685 } 686 687 use->source = a; 688 use->target = b; 689 list_add(&use->source_list, &b->source_list); 690 list_add(&use->target_list, &a->target_list); 691 return 0; 692} 693 694/* Module a uses b: caller needs module_mutex() */ 695int ref_module(struct module *a, struct module *b) 696{ 697 int err; 698 699 if (b == NULL || already_uses(a, b)) 700 return 0; 701 702 /* If module isn't available, we fail. */ 703 err = strong_try_module_get(b); 704 if (err) 705 return err; 706 707 err = add_module_usage(a, b); 708 if (err) { 709 module_put(b); 710 return err; 711 } 712 return 0; 713} 714EXPORT_SYMBOL_GPL(ref_module); 715 716/* Clear the unload stuff of the module. */ 717static void module_unload_free(struct module *mod) 718{ 719 struct module_use *use, *tmp; 720 721 mutex_lock(&module_mutex); 722 list_for_each_entry_safe(use, tmp, &mod->target_list, target_list) { 723 struct module *i = use->target; 724 pr_debug("%s unusing %s\n", mod->name, i->name); 725 module_put(i); 726 list_del(&use->source_list); 727 list_del(&use->target_list); 728 kfree(use); 729 } 730 mutex_unlock(&module_mutex); 731} 732 733#ifdef CONFIG_MODULE_FORCE_UNLOAD 734static inline int try_force_unload(unsigned int flags) 735{ 736 int ret = (flags & O_TRUNC); 737 if (ret) 738 add_taint(TAINT_FORCED_RMMOD, LOCKDEP_NOW_UNRELIABLE); 739 return ret; 740} 741#else 742static inline int try_force_unload(unsigned int flags) 743{ 744 return 0; 745} 746#endif /* CONFIG_MODULE_FORCE_UNLOAD */ 747 748/* Try to release refcount of module, 0 means success. */ 749static int try_release_module_ref(struct module *mod) 750{ 751 int ret; 752 753 /* Try to decrement refcnt which we set at loading */ 754 ret = atomic_sub_return(MODULE_REF_BASE, &mod->refcnt); 755 BUG_ON(ret < 0); 756 if (ret) 757 /* Someone can put this right now, recover with checking */ 758 ret = atomic_add_unless(&mod->refcnt, MODULE_REF_BASE, 0); 759 760 return ret; 761} 762 763static int try_stop_module(struct module *mod, int flags, int *forced) 764{ 765 /* If it's not unused, quit unless we're forcing. */ 766 if (try_release_module_ref(mod) != 0) { 767 *forced = try_force_unload(flags); 768 if (!(*forced)) 769 return -EWOULDBLOCK; 770 } 771 772 /* Mark it as dying. */ 773 mod->state = MODULE_STATE_GOING; 774 775 return 0; 776} 777 778/** 779 * module_refcount - return the refcount or -1 if unloading 780 * 781 * @mod: the module we're checking 782 * 783 * Returns: 784 * -1 if the module is in the process of unloading 785 * otherwise the number of references in the kernel to the module 786 */ 787int module_refcount(struct module *mod) 788{ 789 return atomic_read(&mod->refcnt) - MODULE_REF_BASE; 790} 791EXPORT_SYMBOL(module_refcount); 792 793/* This exists whether we can unload or not */ 794static void free_module(struct module *mod); 795 796SYSCALL_DEFINE2(delete_module, const char __user *, name_user, 797 unsigned int, flags) 798{ 799 struct module *mod; 800 char name[MODULE_NAME_LEN]; 801 int ret, forced = 0; 802 803 if (!capable(CAP_SYS_MODULE) || modules_disabled) 804 return -EPERM; 805 806 if (strncpy_from_user(name, name_user, MODULE_NAME_LEN-1) < 0) 807 return -EFAULT; 808 name[MODULE_NAME_LEN-1] = '\0'; 809 810 if (mutex_lock_interruptible(&module_mutex) != 0) 811 return -EINTR; 812 813 mod = find_module(name); 814 if (!mod) { 815 ret = -ENOENT; 816 goto out; 817 } 818 819 if (!list_empty(&mod->source_list)) { 820 /* Other modules depend on us: get rid of them first. */ 821 ret = -EWOULDBLOCK; 822 goto out; 823 } 824 825 /* Doing init or already dying? */ 826 if (mod->state != MODULE_STATE_LIVE) { 827 /* FIXME: if (force), slam module count damn the torpedoes */ 828 pr_debug("%s already dying\n", mod->name); 829 ret = -EBUSY; 830 goto out; 831 } 832 833 /* If it has an init func, it must have an exit func to unload */ 834 if (mod->init && !mod->exit) { 835 forced = try_force_unload(flags); 836 if (!forced) { 837 /* This module can't be removed */ 838 ret = -EBUSY; 839 goto out; 840 } 841 } 842 843 /* Stop the machine so refcounts can't move and disable module. */ 844 ret = try_stop_module(mod, flags, &forced); 845 if (ret != 0) 846 goto out; 847 848 mutex_unlock(&module_mutex); 849 /* Final destruction now no one is using it. */ 850 if (mod->exit != NULL) 851 mod->exit(); 852 blocking_notifier_call_chain(&module_notify_list, 853 MODULE_STATE_GOING, mod); 854 async_synchronize_full(); 855 856 /* Store the name of the last unloaded module for diagnostic purposes */ 857 strlcpy(last_unloaded_module, mod->name, sizeof(last_unloaded_module)); 858 859 free_module(mod); 860 return 0; 861out: 862 mutex_unlock(&module_mutex); 863 return ret; 864} 865 866static inline void print_unload_info(struct seq_file *m, struct module *mod) 867{ 868 struct module_use *use; 869 int printed_something = 0; 870 871 seq_printf(m, " %i ", module_refcount(mod)); 872 873 /* 874 * Always include a trailing , so userspace can differentiate 875 * between this and the old multi-field proc format. 876 */ 877 list_for_each_entry(use, &mod->source_list, source_list) { 878 printed_something = 1; 879 seq_printf(m, "%s,", use->source->name); 880 } 881 882 if (mod->init != NULL && mod->exit == NULL) { 883 printed_something = 1; 884 seq_puts(m, "[permanent],"); 885 } 886 887 if (!printed_something) 888 seq_puts(m, "-"); 889} 890 891void __symbol_put(const char *symbol) 892{ 893 struct module *owner; 894 895 preempt_disable(); 896 if (!find_symbol(symbol, &owner, NULL, true, false)) 897 BUG(); 898 module_put(owner); 899 preempt_enable(); 900} 901EXPORT_SYMBOL(__symbol_put); 902 903/* Note this assumes addr is a function, which it currently always is. */ 904void symbol_put_addr(void *addr) 905{ 906 struct module *modaddr; 907 unsigned long a = (unsigned long)dereference_function_descriptor(addr); 908 909 if (core_kernel_text(a)) 910 return; 911 912 /* 913 * Even though we hold a reference on the module; we still need to 914 * disable preemption in order to safely traverse the data structure. 915 */ 916 preempt_disable(); 917 modaddr = __module_text_address(a); 918 BUG_ON(!modaddr); 919 module_put(modaddr); 920 preempt_enable(); 921} 922EXPORT_SYMBOL_GPL(symbol_put_addr); 923 924static ssize_t show_refcnt(struct module_attribute *mattr, 925 struct module_kobject *mk, char *buffer) 926{ 927 return sprintf(buffer, "%i\n", module_refcount(mk->mod)); 928} 929 930static struct module_attribute modinfo_refcnt = 931 __ATTR(refcnt, 0444, show_refcnt, NULL); 932 933void __module_get(struct module *module) 934{ 935 if (module) { 936 preempt_disable(); 937 atomic_inc(&module->refcnt); 938 trace_module_get(module, _RET_IP_); 939 preempt_enable(); 940 } 941} 942EXPORT_SYMBOL(__module_get); 943 944bool try_module_get(struct module *module) 945{ 946 bool ret = true; 947 948 if (module) { 949 preempt_disable(); 950 /* Note: here, we can fail to get a reference */ 951 if (likely(module_is_live(module) && 952 atomic_inc_not_zero(&module->refcnt) != 0)) 953 trace_module_get(module, _RET_IP_); 954 else 955 ret = false; 956 957 preempt_enable(); 958 } 959 return ret; 960} 961EXPORT_SYMBOL(try_module_get); 962 963void module_put(struct module *module) 964{ 965 int ret; 966 967 if (module) { 968 preempt_disable(); 969 ret = atomic_dec_if_positive(&module->refcnt); 970 WARN_ON(ret < 0); /* Failed to put refcount */ 971 trace_module_put(module, _RET_IP_); 972 preempt_enable(); 973 } 974} 975EXPORT_SYMBOL(module_put); 976 977#else /* !CONFIG_MODULE_UNLOAD */ 978static inline void print_unload_info(struct seq_file *m, struct module *mod) 979{ 980 /* We don't know the usage count, or what modules are using. */ 981 seq_puts(m, " - -"); 982} 983 984static inline void module_unload_free(struct module *mod) 985{ 986} 987 988int ref_module(struct module *a, struct module *b) 989{ 990 return strong_try_module_get(b); 991} 992EXPORT_SYMBOL_GPL(ref_module); 993 994static inline int module_unload_init(struct module *mod) 995{ 996 return 0; 997} 998#endif /* CONFIG_MODULE_UNLOAD */ 999 1000static size_t module_flags_taint(struct module *mod, char *buf) 1001{ 1002 size_t l = 0; 1003 1004 if (mod->taints & (1 << TAINT_PROPRIETARY_MODULE)) 1005 buf[l++] = 'P'; 1006 if (mod->taints & (1 << TAINT_OOT_MODULE)) 1007 buf[l++] = 'O'; 1008 if (mod->taints & (1 << TAINT_FORCED_MODULE)) 1009 buf[l++] = 'F'; 1010 if (mod->taints & (1 << TAINT_CRAP)) 1011 buf[l++] = 'C'; 1012 if (mod->taints & (1 << TAINT_UNSIGNED_MODULE)) 1013 buf[l++] = 'E'; 1014 /* 1015 * TAINT_FORCED_RMMOD: could be added. 1016 * TAINT_CPU_OUT_OF_SPEC, TAINT_MACHINE_CHECK, TAINT_BAD_PAGE don't 1017 * apply to modules. 1018 */ 1019 return l; 1020} 1021 1022static ssize_t show_initstate(struct module_attribute *mattr, 1023 struct module_kobject *mk, char *buffer) 1024{ 1025 const char *state = "unknown"; 1026 1027 switch (mk->mod->state) { 1028 case MODULE_STATE_LIVE: 1029 state = "live"; 1030 break; 1031 case MODULE_STATE_COMING: 1032 state = "coming"; 1033 break; 1034 case MODULE_STATE_GOING: 1035 state = "going"; 1036 break; 1037 default: 1038 BUG(); 1039 } 1040 return sprintf(buffer, "%s\n", state); 1041} 1042 1043static struct module_attribute modinfo_initstate = 1044 __ATTR(initstate, 0444, show_initstate, NULL); 1045 1046static ssize_t store_uevent(struct module_attribute *mattr, 1047 struct module_kobject *mk, 1048 const char *buffer, size_t count) 1049{ 1050 enum kobject_action action; 1051 1052 if (kobject_action_type(buffer, count, &action) == 0) 1053 kobject_uevent(&mk->kobj, action); 1054 return count; 1055} 1056 1057struct module_attribute module_uevent = 1058 __ATTR(uevent, 0200, NULL, store_uevent); 1059 1060static ssize_t show_coresize(struct module_attribute *mattr, 1061 struct module_kobject *mk, char *buffer) 1062{ 1063 return sprintf(buffer, "%u\n", mk->mod->core_size); 1064} 1065 1066static struct module_attribute modinfo_coresize = 1067 __ATTR(coresize, 0444, show_coresize, NULL); 1068 1069static ssize_t show_initsize(struct module_attribute *mattr, 1070 struct module_kobject *mk, char *buffer) 1071{ 1072 return sprintf(buffer, "%u\n", mk->mod->init_size); 1073} 1074 1075static struct module_attribute modinfo_initsize = 1076 __ATTR(initsize, 0444, show_initsize, NULL); 1077 1078static ssize_t show_taint(struct module_attribute *mattr, 1079 struct module_kobject *mk, char *buffer) 1080{ 1081 size_t l; 1082 1083 l = module_flags_taint(mk->mod, buffer); 1084 buffer[l++] = '\n'; 1085 return l; 1086} 1087 1088static struct module_attribute modinfo_taint = 1089 __ATTR(taint, 0444, show_taint, NULL); 1090 1091static struct module_attribute *modinfo_attrs[] = { 1092 &module_uevent, 1093 &modinfo_version, 1094 &modinfo_srcversion, 1095 &modinfo_initstate, 1096 &modinfo_coresize, 1097 &modinfo_initsize, 1098 &modinfo_taint, 1099#ifdef CONFIG_MODULE_UNLOAD 1100 &modinfo_refcnt, 1101#endif 1102 NULL, 1103}; 1104 1105static const char vermagic[] = VERMAGIC_STRING; 1106 1107static int try_to_force_load(struct module *mod, const char *reason) 1108{ 1109#ifdef CONFIG_MODULE_FORCE_LOAD 1110 if (!test_taint(TAINT_FORCED_MODULE)) 1111 pr_warn("%s: %s: kernel tainted.\n", mod->name, reason); 1112 add_taint_module(mod, TAINT_FORCED_MODULE, LOCKDEP_NOW_UNRELIABLE); 1113 return 0; 1114#else 1115 return -ENOEXEC; 1116#endif 1117} 1118 1119#ifdef CONFIG_MODVERSIONS 1120/* If the arch applies (non-zero) relocations to kernel kcrctab, unapply it. */ 1121static unsigned long maybe_relocated(unsigned long crc, 1122 const struct module *crc_owner) 1123{ 1124#ifdef ARCH_RELOCATES_KCRCTAB 1125 if (crc_owner == NULL) 1126 return crc - (unsigned long)reloc_start; 1127#endif 1128 return crc; 1129} 1130 1131static int check_version(Elf_Shdr *sechdrs, 1132 unsigned int versindex, 1133 const char *symname, 1134 struct module *mod, 1135 const unsigned long *crc, 1136 const struct module *crc_owner) 1137{ 1138 unsigned int i, num_versions; 1139 struct modversion_info *versions; 1140 1141 /* Exporting module didn't supply crcs? OK, we're already tainted. */ 1142 if (!crc) 1143 return 1; 1144 1145 /* No versions at all? modprobe --force does this. */ 1146 if (versindex == 0) 1147 return try_to_force_load(mod, symname) == 0; 1148 1149 versions = (void *) sechdrs[versindex].sh_addr; 1150 num_versions = sechdrs[versindex].sh_size 1151 / sizeof(struct modversion_info); 1152 1153 for (i = 0; i < num_versions; i++) { 1154 if (strcmp(versions[i].name, symname) != 0) 1155 continue; 1156 1157 if (versions[i].crc == maybe_relocated(*crc, crc_owner)) 1158 return 1; 1159 pr_debug("Found checksum %lX vs module %lX\n", 1160 maybe_relocated(*crc, crc_owner), versions[i].crc); 1161 goto bad_version; 1162 } 1163 1164 pr_warn("%s: no symbol version for %s\n", mod->name, symname); 1165 return 0; 1166 1167bad_version: 1168 pr_warn("%s: disagrees about version of symbol %s\n", 1169 mod->name, symname); 1170 return 0; 1171} 1172 1173static inline int check_modstruct_version(Elf_Shdr *sechdrs, 1174 unsigned int versindex, 1175 struct module *mod) 1176{ 1177 const unsigned long *crc; 1178 1179 /* Since this should be found in kernel (which can't be removed), 1180 * no locking is necessary. */ 1181 if (!find_symbol(VMLINUX_SYMBOL_STR(module_layout), NULL, 1182 &crc, true, false)) 1183 BUG(); 1184 return check_version(sechdrs, versindex, 1185 VMLINUX_SYMBOL_STR(module_layout), mod, crc, 1186 NULL); 1187} 1188 1189/* First part is kernel version, which we ignore if module has crcs. */ 1190static inline int same_magic(const char *amagic, const char *bmagic, 1191 bool has_crcs) 1192{ 1193 if (has_crcs) { 1194 amagic += strcspn(amagic, " "); 1195 bmagic += strcspn(bmagic, " "); 1196 } 1197 return strcmp(amagic, bmagic) == 0; 1198} 1199#else 1200static inline int check_version(Elf_Shdr *sechdrs, 1201 unsigned int versindex, 1202 const char *symname, 1203 struct module *mod, 1204 const unsigned long *crc, 1205 const struct module *crc_owner) 1206{ 1207 return 1; 1208} 1209 1210static inline int check_modstruct_version(Elf_Shdr *sechdrs, 1211 unsigned int versindex, 1212 struct module *mod) 1213{ 1214 return 1; 1215} 1216 1217static inline int same_magic(const char *amagic, const char *bmagic, 1218 bool has_crcs) 1219{ 1220 return strcmp(amagic, bmagic) == 0; 1221} 1222#endif /* CONFIG_MODVERSIONS */ 1223 1224/* Resolve a symbol for this module. I.e. if we find one, record usage. */ 1225static const struct kernel_symbol *resolve_symbol(struct module *mod, 1226 const struct load_info *info, 1227 const char *name, 1228 char ownername[]) 1229{ 1230 struct module *owner; 1231 const struct kernel_symbol *sym; 1232 const unsigned long *crc; 1233 int err; 1234 1235 /* 1236 * The module_mutex should not be a heavily contended lock; 1237 * if we get the occasional sleep here, we'll go an extra iteration 1238 * in the wait_event_interruptible(), which is harmless. 1239 */ 1240 sched_annotate_sleep(); 1241 mutex_lock(&module_mutex); 1242 sym = find_symbol(name, &owner, &crc, 1243 !(mod->taints & (1 << TAINT_PROPRIETARY_MODULE)), true); 1244 if (!sym) 1245 goto unlock; 1246 1247 if (!check_version(info->sechdrs, info->index.vers, name, mod, crc, 1248 owner)) { 1249 sym = ERR_PTR(-EINVAL); 1250 goto getname; 1251 } 1252 1253 err = ref_module(mod, owner); 1254 if (err) { 1255 sym = ERR_PTR(err); 1256 goto getname; 1257 } 1258 1259getname: 1260 /* We must make copy under the lock if we failed to get ref. */ 1261 strncpy(ownername, module_name(owner), MODULE_NAME_LEN); 1262unlock: 1263 mutex_unlock(&module_mutex); 1264 return sym; 1265} 1266 1267static const struct kernel_symbol * 1268resolve_symbol_wait(struct module *mod, 1269 const struct load_info *info, 1270 const char *name) 1271{ 1272 const struct kernel_symbol *ksym; 1273 char owner[MODULE_NAME_LEN]; 1274 1275 if (wait_event_interruptible_timeout(module_wq, 1276 !IS_ERR(ksym = resolve_symbol(mod, info, name, owner)) 1277 || PTR_ERR(ksym) != -EBUSY, 1278 30 * HZ) <= 0) { 1279 pr_warn("%s: gave up waiting for init of module %s.\n", 1280 mod->name, owner); 1281 } 1282 return ksym; 1283} 1284 1285/* 1286 * /sys/module/foo/sections stuff 1287 * J. Corbet <corbet@lwn.net> 1288 */ 1289#ifdef CONFIG_SYSFS 1290 1291#ifdef CONFIG_KALLSYMS 1292static inline bool sect_empty(const Elf_Shdr *sect) 1293{ 1294 return !(sect->sh_flags & SHF_ALLOC) || sect->sh_size == 0; 1295} 1296 1297struct module_sect_attr { 1298 struct module_attribute mattr; 1299 char *name; 1300 unsigned long address; 1301}; 1302 1303struct module_sect_attrs { 1304 struct attribute_group grp; 1305 unsigned int nsections; 1306 struct module_sect_attr attrs[0]; 1307}; 1308 1309static ssize_t module_sect_show(struct module_attribute *mattr, 1310 struct module_kobject *mk, char *buf) 1311{ 1312 struct module_sect_attr *sattr = 1313 container_of(mattr, struct module_sect_attr, mattr); 1314 return sprintf(buf, "0x%pK\n", (void *)sattr->address); 1315} 1316 1317static void free_sect_attrs(struct module_sect_attrs *sect_attrs) 1318{ 1319 unsigned int section; 1320 1321 for (section = 0; section < sect_attrs->nsections; section++) 1322 kfree(sect_attrs->attrs[section].name); 1323 kfree(sect_attrs); 1324} 1325 1326static void add_sect_attrs(struct module *mod, const struct load_info *info) 1327{ 1328 unsigned int nloaded = 0, i, size[2]; 1329 struct module_sect_attrs *sect_attrs; 1330 struct module_sect_attr *sattr; 1331 struct attribute **gattr; 1332 1333 /* Count loaded sections and allocate structures */ 1334 for (i = 0; i < info->hdr->e_shnum; i++) 1335 if (!sect_empty(&info->sechdrs[i])) 1336 nloaded++; 1337 size[0] = ALIGN(sizeof(*sect_attrs) 1338 + nloaded * sizeof(sect_attrs->attrs[0]), 1339 sizeof(sect_attrs->grp.attrs[0])); 1340 size[1] = (nloaded + 1) * sizeof(sect_attrs->grp.attrs[0]); 1341 sect_attrs = kzalloc(size[0] + size[1], GFP_KERNEL); 1342 if (sect_attrs == NULL) 1343 return; 1344 1345 /* Setup section attributes. */ 1346 sect_attrs->grp.name = "sections"; 1347 sect_attrs->grp.attrs = (void *)sect_attrs + size[0]; 1348 1349 sect_attrs->nsections = 0; 1350 sattr = §_attrs->attrs[0]; 1351 gattr = §_attrs->grp.attrs[0]; 1352 for (i = 0; i < info->hdr->e_shnum; i++) { 1353 Elf_Shdr *sec = &info->sechdrs[i]; 1354 if (sect_empty(sec)) 1355 continue; 1356 sattr->address = sec->sh_addr; 1357 sattr->name = kstrdup(info->secstrings + sec->sh_name, 1358 GFP_KERNEL); 1359 if (sattr->name == NULL) 1360 goto out; 1361 sect_attrs->nsections++; 1362 sysfs_attr_init(&sattr->mattr.attr); 1363 sattr->mattr.show = module_sect_show; 1364 sattr->mattr.store = NULL; 1365 sattr->mattr.attr.name = sattr->name; 1366 sattr->mattr.attr.mode = S_IRUGO; 1367 *(gattr++) = &(sattr++)->mattr.attr; 1368 } 1369 *gattr = NULL; 1370 1371 if (sysfs_create_group(&mod->mkobj.kobj, §_attrs->grp)) 1372 goto out; 1373 1374 mod->sect_attrs = sect_attrs; 1375 return; 1376 out: 1377 free_sect_attrs(sect_attrs); 1378} 1379 1380static void remove_sect_attrs(struct module *mod) 1381{ 1382 if (mod->sect_attrs) { 1383 sysfs_remove_group(&mod->mkobj.kobj, 1384 &mod->sect_attrs->grp); 1385 /* We are positive that no one is using any sect attrs 1386 * at this point. Deallocate immediately. */ 1387 free_sect_attrs(mod->sect_attrs); 1388 mod->sect_attrs = NULL; 1389 } 1390} 1391 1392/* 1393 * /sys/module/foo/notes/.section.name gives contents of SHT_NOTE sections. 1394 */ 1395 1396struct module_notes_attrs { 1397 struct kobject *dir; 1398 unsigned int notes; 1399 struct bin_attribute attrs[0]; 1400}; 1401 1402static ssize_t module_notes_read(struct file *filp, struct kobject *kobj, 1403 struct bin_attribute *bin_attr, 1404 char *buf, loff_t pos, size_t count) 1405{ 1406 /* 1407 * The caller checked the pos and count against our size. 1408 */ 1409 memcpy(buf, bin_attr->private + pos, count); 1410 return count; 1411} 1412 1413static void free_notes_attrs(struct module_notes_attrs *notes_attrs, 1414 unsigned int i) 1415{ 1416 if (notes_attrs->dir) { 1417 while (i-- > 0) 1418 sysfs_remove_bin_file(notes_attrs->dir, 1419 ¬es_attrs->attrs[i]); 1420 kobject_put(notes_attrs->dir); 1421 } 1422 kfree(notes_attrs); 1423} 1424 1425static void add_notes_attrs(struct module *mod, const struct load_info *info) 1426{ 1427 unsigned int notes, loaded, i; 1428 struct module_notes_attrs *notes_attrs; 1429 struct bin_attribute *nattr; 1430 1431 /* failed to create section attributes, so can't create notes */ 1432 if (!mod->sect_attrs) 1433 return; 1434 1435 /* Count notes sections and allocate structures. */ 1436 notes = 0; 1437 for (i = 0; i < info->hdr->e_shnum; i++) 1438 if (!sect_empty(&info->sechdrs[i]) && 1439 (info->sechdrs[i].sh_type == SHT_NOTE)) 1440 ++notes; 1441 1442 if (notes == 0) 1443 return; 1444 1445 notes_attrs = kzalloc(sizeof(*notes_attrs) 1446 + notes * sizeof(notes_attrs->attrs[0]), 1447 GFP_KERNEL); 1448 if (notes_attrs == NULL) 1449 return; 1450 1451 notes_attrs->notes = notes; 1452 nattr = ¬es_attrs->attrs[0]; 1453 for (loaded = i = 0; i < info->hdr->e_shnum; ++i) { 1454 if (sect_empty(&info->sechdrs[i])) 1455 continue; 1456 if (info->sechdrs[i].sh_type == SHT_NOTE) { 1457 sysfs_bin_attr_init(nattr); 1458 nattr->attr.name = mod->sect_attrs->attrs[loaded].name; 1459 nattr->attr.mode = S_IRUGO; 1460 nattr->size = info->sechdrs[i].sh_size; 1461 nattr->private = (void *) info->sechdrs[i].sh_addr; 1462 nattr->read = module_notes_read; 1463 ++nattr; 1464 } 1465 ++loaded; 1466 } 1467 1468 notes_attrs->dir = kobject_create_and_add("notes", &mod->mkobj.kobj); 1469 if (!notes_attrs->dir) 1470 goto out; 1471 1472 for (i = 0; i < notes; ++i) 1473 if (sysfs_create_bin_file(notes_attrs->dir, 1474 ¬es_attrs->attrs[i])) 1475 goto out; 1476 1477 mod->notes_attrs = notes_attrs; 1478 return; 1479 1480 out: 1481 free_notes_attrs(notes_attrs, i); 1482} 1483 1484static void remove_notes_attrs(struct module *mod) 1485{ 1486 if (mod->notes_attrs) 1487 free_notes_attrs(mod->notes_attrs, mod->notes_attrs->notes); 1488} 1489 1490#else 1491 1492static inline void add_sect_attrs(struct module *mod, 1493 const struct load_info *info) 1494{ 1495} 1496 1497static inline void remove_sect_attrs(struct module *mod) 1498{ 1499} 1500 1501static inline void add_notes_attrs(struct module *mod, 1502 const struct load_info *info) 1503{ 1504} 1505 1506static inline void remove_notes_attrs(struct module *mod) 1507{ 1508} 1509#endif /* CONFIG_KALLSYMS */ 1510 1511static void add_usage_links(struct module *mod) 1512{ 1513#ifdef CONFIG_MODULE_UNLOAD 1514 struct module_use *use; 1515 int nowarn; 1516 1517 mutex_lock(&module_mutex); 1518 list_for_each_entry(use, &mod->target_list, target_list) { 1519 nowarn = sysfs_create_link(use->target->holders_dir, 1520 &mod->mkobj.kobj, mod->name); 1521 } 1522 mutex_unlock(&module_mutex); 1523#endif 1524} 1525 1526static void del_usage_links(struct module *mod) 1527{ 1528#ifdef CONFIG_MODULE_UNLOAD 1529 struct module_use *use; 1530 1531 mutex_lock(&module_mutex); 1532 list_for_each_entry(use, &mod->target_list, target_list) 1533 sysfs_remove_link(use->target->holders_dir, mod->name); 1534 mutex_unlock(&module_mutex); 1535#endif 1536} 1537 1538static int module_add_modinfo_attrs(struct module *mod) 1539{ 1540 struct module_attribute *attr; 1541 struct module_attribute *temp_attr; 1542 int error = 0; 1543 int i; 1544 1545 mod->modinfo_attrs = kzalloc((sizeof(struct module_attribute) * 1546 (ARRAY_SIZE(modinfo_attrs) + 1)), 1547 GFP_KERNEL); 1548 if (!mod->modinfo_attrs) 1549 return -ENOMEM; 1550 1551 temp_attr = mod->modinfo_attrs; 1552 for (i = 0; (attr = modinfo_attrs[i]) && !error; i++) { 1553 if (!attr->test || 1554 (attr->test && attr->test(mod))) { 1555 memcpy(temp_attr, attr, sizeof(*temp_attr)); 1556 sysfs_attr_init(&temp_attr->attr); 1557 error = sysfs_create_file(&mod->mkobj.kobj, 1558 &temp_attr->attr); 1559 ++temp_attr; 1560 } 1561 } 1562 return error; 1563} 1564 1565static void module_remove_modinfo_attrs(struct module *mod) 1566{ 1567 struct module_attribute *attr; 1568 int i; 1569 1570 for (i = 0; (attr = &mod->modinfo_attrs[i]); i++) { 1571 /* pick a field to test for end of list */ 1572 if (!attr->attr.name) 1573 break; 1574 sysfs_remove_file(&mod->mkobj.kobj, &attr->attr); 1575 if (attr->free) 1576 attr->free(mod); 1577 } 1578 kfree(mod->modinfo_attrs); 1579} 1580 1581static void mod_kobject_put(struct module *mod) 1582{ 1583 DECLARE_COMPLETION_ONSTACK(c); 1584 mod->mkobj.kobj_completion = &c; 1585 kobject_put(&mod->mkobj.kobj); 1586 wait_for_completion(&c); 1587} 1588 1589static int mod_sysfs_init(struct module *mod) 1590{ 1591 int err; 1592 struct kobject *kobj; 1593 1594 if (!module_sysfs_initialized) { 1595 pr_err("%s: module sysfs not initialized\n", mod->name); 1596 err = -EINVAL; 1597 goto out; 1598 } 1599 1600 kobj = kset_find_obj(module_kset, mod->name); 1601 if (kobj) { 1602 pr_err("%s: module is already loaded\n", mod->name); 1603 kobject_put(kobj); 1604 err = -EINVAL; 1605 goto out; 1606 } 1607 1608 mod->mkobj.mod = mod; 1609 1610 memset(&mod->mkobj.kobj, 0, sizeof(mod->mkobj.kobj)); 1611 mod->mkobj.kobj.kset = module_kset; 1612 err = kobject_init_and_add(&mod->mkobj.kobj, &module_ktype, NULL, 1613 "%s", mod->name); 1614 if (err) 1615 mod_kobject_put(mod); 1616 1617 /* delay uevent until full sysfs population */ 1618out: 1619 return err; 1620} 1621 1622static int mod_sysfs_setup(struct module *mod, 1623 const struct load_info *info, 1624 struct kernel_param *kparam, 1625 unsigned int num_params) 1626{ 1627 int err; 1628 1629 err = mod_sysfs_init(mod); 1630 if (err) 1631 goto out; 1632 1633 mod->holders_dir = kobject_create_and_add("holders", &mod->mkobj.kobj); 1634 if (!mod->holders_dir) { 1635 err = -ENOMEM; 1636 goto out_unreg; 1637 } 1638 1639 err = module_param_sysfs_setup(mod, kparam, num_params); 1640 if (err) 1641 goto out_unreg_holders; 1642 1643 err = module_add_modinfo_attrs(mod); 1644 if (err) 1645 goto out_unreg_param; 1646 1647 add_usage_links(mod); 1648 add_sect_attrs(mod, info); 1649 add_notes_attrs(mod, info); 1650 1651 kobject_uevent(&mod->mkobj.kobj, KOBJ_ADD); 1652 return 0; 1653 1654out_unreg_param: 1655 module_param_sysfs_remove(mod); 1656out_unreg_holders: 1657 kobject_put(mod->holders_dir); 1658out_unreg: 1659 mod_kobject_put(mod); 1660out: 1661 return err; 1662} 1663 1664static void mod_sysfs_fini(struct module *mod) 1665{ 1666 remove_notes_attrs(mod); 1667 remove_sect_attrs(mod); 1668 mod_kobject_put(mod); 1669} 1670 1671#else /* !CONFIG_SYSFS */ 1672 1673static int mod_sysfs_setup(struct module *mod, 1674 const struct load_info *info, 1675 struct kernel_param *kparam, 1676 unsigned int num_params) 1677{ 1678 return 0; 1679} 1680 1681static void mod_sysfs_fini(struct module *mod) 1682{ 1683} 1684 1685static void module_remove_modinfo_attrs(struct module *mod) 1686{ 1687} 1688 1689static void del_usage_links(struct module *mod) 1690{ 1691} 1692 1693#endif /* CONFIG_SYSFS */ 1694 1695static void mod_sysfs_teardown(struct module *mod) 1696{ 1697 del_usage_links(mod); 1698 module_remove_modinfo_attrs(mod); 1699 module_param_sysfs_remove(mod); 1700 kobject_put(mod->mkobj.drivers_dir); 1701 kobject_put(mod->holders_dir); 1702 mod_sysfs_fini(mod); 1703} 1704 1705#ifdef CONFIG_DEBUG_SET_MODULE_RONX 1706/* 1707 * LKM RO/NX protection: protect module's text/ro-data 1708 * from modification and any data from execution. 1709 */ 1710void set_page_attributes(void *start, void *end, int (*set)(unsigned long start, int num_pages)) 1711{ 1712 unsigned long begin_pfn = PFN_DOWN((unsigned long)start); 1713 unsigned long end_pfn = PFN_DOWN((unsigned long)end); 1714 1715 if (end_pfn > begin_pfn) 1716 set(begin_pfn << PAGE_SHIFT, end_pfn - begin_pfn); 1717} 1718 1719static void set_section_ro_nx(void *base, 1720 unsigned long text_size, 1721 unsigned long ro_size, 1722 unsigned long total_size) 1723{ 1724 /* begin and end PFNs of the current subsection */ 1725 unsigned long begin_pfn; 1726 unsigned long end_pfn; 1727 1728 /* 1729 * Set RO for module text and RO-data: 1730 * - Always protect first page. 1731 * - Do not protect last partial page. 1732 */ 1733 if (ro_size > 0) 1734 set_page_attributes(base, base + ro_size, set_memory_ro); 1735 1736 /* 1737 * Set NX permissions for module data: 1738 * - Do not protect first partial page. 1739 * - Always protect last page. 1740 */ 1741 if (total_size > text_size) { 1742 begin_pfn = PFN_UP((unsigned long)base + text_size); 1743 end_pfn = PFN_UP((unsigned long)base + total_size); 1744 if (end_pfn > begin_pfn) 1745 set_memory_nx(begin_pfn << PAGE_SHIFT, end_pfn - begin_pfn); 1746 } 1747} 1748 1749static void unset_module_core_ro_nx(struct module *mod) 1750{ 1751 set_page_attributes(mod->module_core + mod->core_text_size, 1752 mod->module_core + mod->core_size, 1753 set_memory_x); 1754 set_page_attributes(mod->module_core, 1755 mod->module_core + mod->core_ro_size, 1756 set_memory_rw); 1757} 1758 1759static void unset_module_init_ro_nx(struct module *mod) 1760{ 1761 set_page_attributes(mod->module_init + mod->init_text_size, 1762 mod->module_init + mod->init_size, 1763 set_memory_x); 1764 set_page_attributes(mod->module_init, 1765 mod->module_init + mod->init_ro_size, 1766 set_memory_rw); 1767} 1768 1769/* Iterate through all modules and set each module's text as RW */ 1770void set_all_modules_text_rw(void) 1771{ 1772 struct module *mod; 1773 1774 mutex_lock(&module_mutex); 1775 list_for_each_entry_rcu(mod, &modules, list) { 1776 if (mod->state == MODULE_STATE_UNFORMED) 1777 continue; 1778 if ((mod->module_core) && (mod->core_text_size)) { 1779 set_page_attributes(mod->module_core, 1780 mod->module_core + mod->core_text_size, 1781 set_memory_rw); 1782 } 1783 if ((mod->module_init) && (mod->init_text_size)) { 1784 set_page_attributes(mod->module_init, 1785 mod->module_init + mod->init_text_size, 1786 set_memory_rw); 1787 } 1788 } 1789 mutex_unlock(&module_mutex); 1790} 1791 1792/* Iterate through all modules and set each module's text as RO */ 1793void set_all_modules_text_ro(void) 1794{ 1795 struct module *mod; 1796 1797 mutex_lock(&module_mutex); 1798 list_for_each_entry_rcu(mod, &modules, list) { 1799 if (mod->state == MODULE_STATE_UNFORMED) 1800 continue; 1801 if ((mod->module_core) && (mod->core_text_size)) { 1802 set_page_attributes(mod->module_core, 1803 mod->module_core + mod->core_text_size, 1804 set_memory_ro); 1805 } 1806 if ((mod->module_init) && (mod->init_text_size)) { 1807 set_page_attributes(mod->module_init, 1808 mod->module_init + mod->init_text_size, 1809 set_memory_ro); 1810 } 1811 } 1812 mutex_unlock(&module_mutex); 1813} 1814#else 1815static inline void set_section_ro_nx(void *base, unsigned long text_size, unsigned long ro_size, unsigned long total_size) { } 1816static void unset_module_core_ro_nx(struct module *mod) { } 1817static void unset_module_init_ro_nx(struct module *mod) { } 1818#endif 1819 1820void __weak module_memfree(void *module_region) 1821{ 1822 vfree(module_region); 1823} 1824 1825void __weak module_arch_cleanup(struct module *mod) 1826{ 1827} 1828 1829void __weak module_arch_freeing_init(struct module *mod) 1830{ 1831} 1832 1833/* Free a module, remove from lists, etc. */ 1834static void free_module(struct module *mod) 1835{ 1836 trace_module_free(mod); 1837 1838 mod_sysfs_teardown(mod); 1839 1840 /* We leave it in list to prevent duplicate loads, but make sure 1841 * that noone uses it while it's being deconstructed. */ 1842 mutex_lock(&module_mutex); 1843 mod->state = MODULE_STATE_UNFORMED; 1844 mutex_unlock(&module_mutex); 1845 1846 /* Remove dynamic debug info */ 1847 ddebug_remove_module(mod->name); 1848 1849 /* Arch-specific cleanup. */ 1850 module_arch_cleanup(mod); 1851 1852 /* Module unload stuff */ 1853 module_unload_free(mod); 1854 1855 /* Free any allocated parameters. */ 1856 destroy_params(mod->kp, mod->num_kp); 1857 1858 /* Now we can delete it from the lists */ 1859 mutex_lock(&module_mutex); 1860 /* Unlink carefully: kallsyms could be walking list. */ 1861 list_del_rcu(&mod->list); 1862 /* Remove this module from bug list, this uses list_del_rcu */ 1863 module_bug_cleanup(mod); 1864 /* Wait for RCU synchronizing before releasing mod->list and buglist. */ 1865 synchronize_rcu(); 1866 mutex_unlock(&module_mutex); 1867 1868 /* This may be NULL, but that's OK */ 1869 unset_module_init_ro_nx(mod); 1870 module_arch_freeing_init(mod); 1871 module_memfree(mod->module_init); 1872 kfree(mod->args); 1873 percpu_modfree(mod); 1874 1875 /* Free lock-classes; relies on the preceding sync_rcu(). */ 1876 lockdep_free_key_range(mod->module_core, mod->core_size); 1877 1878 /* Finally, free the core (containing the module structure) */ 1879 unset_module_core_ro_nx(mod); 1880 module_memfree(mod->module_core); 1881 1882#ifdef CONFIG_MPU 1883 update_protections(current->mm); 1884#endif 1885} 1886 1887void *__symbol_get(const char *symbol) 1888{ 1889 struct module *owner; 1890 const struct kernel_symbol *sym; 1891 1892 preempt_disable(); 1893 sym = find_symbol(symbol, &owner, NULL, true, true); 1894 if (sym && strong_try_module_get(owner)) 1895 sym = NULL; 1896 preempt_enable(); 1897 1898 return sym ? (void *)sym->value : NULL; 1899} 1900EXPORT_SYMBOL_GPL(__symbol_get); 1901 1902/* 1903 * Ensure that an exported symbol [global namespace] does not already exist 1904 * in the kernel or in some other module's exported symbol table. 1905 * 1906 * You must hold the module_mutex. 1907 */ 1908static int verify_export_symbols(struct module *mod) 1909{ 1910 unsigned int i; 1911 struct module *owner; 1912 const struct kernel_symbol *s; 1913 struct { 1914 const struct kernel_symbol *sym; 1915 unsigned int num; 1916 } arr[] = { 1917 { mod->syms, mod->num_syms }, 1918 { mod->gpl_syms, mod->num_gpl_syms }, 1919 { mod->gpl_future_syms, mod->num_gpl_future_syms }, 1920#ifdef CONFIG_UNUSED_SYMBOLS 1921 { mod->unused_syms, mod->num_unused_syms }, 1922 { mod->unused_gpl_syms, mod->num_unused_gpl_syms }, 1923#endif 1924 }; 1925 1926 for (i = 0; i < ARRAY_SIZE(arr); i++) { 1927 for (s = arr[i].sym; s < arr[i].sym + arr[i].num; s++) { 1928 if (find_symbol(s->name, &owner, NULL, true, false)) { 1929 pr_err("%s: exports duplicate symbol %s" 1930 " (owned by %s)\n", 1931 mod->name, s->name, module_name(owner)); 1932 return -ENOEXEC; 1933 } 1934 } 1935 } 1936 return 0; 1937} 1938 1939/* Change all symbols so that st_value encodes the pointer directly. */ 1940static int simplify_symbols(struct module *mod, const struct load_info *info) 1941{ 1942 Elf_Shdr *symsec = &info->sechdrs[info->index.sym]; 1943 Elf_Sym *sym = (void *)symsec->sh_addr; 1944 unsigned long secbase; 1945 unsigned int i; 1946 int ret = 0; 1947 const struct kernel_symbol *ksym; 1948 1949 for (i = 1; i < symsec->sh_size / sizeof(Elf_Sym); i++) { 1950 const char *name = info->strtab + sym[i].st_name; 1951 1952 switch (sym[i].st_shndx) { 1953 case SHN_COMMON: 1954 /* Ignore common symbols */ 1955 if (!strncmp(name, "__gnu_lto", 9)) 1956 break; 1957 1958 /* We compiled with -fno-common. These are not 1959 supposed to happen. */ 1960 pr_debug("Common symbol: %s\n", name); 1961 pr_warn("%s: please compile with -fno-common\n", 1962 mod->name); 1963 ret = -ENOEXEC; 1964 break; 1965 1966 case SHN_ABS: 1967 /* Don't need to do anything */ 1968 pr_debug("Absolute symbol: 0x%08lx\n", 1969 (long)sym[i].st_value); 1970 break; 1971 1972 case SHN_UNDEF: 1973 ksym = resolve_symbol_wait(mod, info, name); 1974 /* Ok if resolved. */ 1975 if (ksym && !IS_ERR(ksym)) { 1976 sym[i].st_value = ksym->value; 1977 break; 1978 } 1979 1980 /* Ok if weak. */ 1981 if (!ksym && ELF_ST_BIND(sym[i].st_info) == STB_WEAK) 1982 break; 1983 1984 pr_warn("%s: Unknown symbol %s (err %li)\n", 1985 mod->name, name, PTR_ERR(ksym)); 1986 ret = PTR_ERR(ksym) ?: -ENOENT; 1987 break; 1988 1989 default: 1990 /* Divert to percpu allocation if a percpu var. */ 1991 if (sym[i].st_shndx == info->index.pcpu) 1992 secbase = (unsigned long)mod_percpu(mod); 1993 else 1994 secbase = info->sechdrs[sym[i].st_shndx].sh_addr; 1995 sym[i].st_value += secbase; 1996 break; 1997 } 1998 } 1999 2000 return ret; 2001} 2002 2003static int apply_relocations(struct module *mod, const struct load_info *info) 2004{ 2005 unsigned int i; 2006 int err = 0; 2007 2008 /* Now do relocations. */ 2009 for (i = 1; i < info->hdr->e_shnum; i++) { 2010 unsigned int infosec = info->sechdrs[i].sh_info; 2011 2012 /* Not a valid relocation section? */ 2013 if (infosec >= info->hdr->e_shnum) 2014 continue; 2015 2016 /* Don't bother with non-allocated sections */ 2017 if (!(info->sechdrs[infosec].sh_flags & SHF_ALLOC)) 2018 continue; 2019 2020 if (info->sechdrs[i].sh_type == SHT_REL) 2021 err = apply_relocate(info->sechdrs, info->strtab, 2022 info->index.sym, i, mod); 2023 else if (info->sechdrs[i].sh_type == SHT_RELA) 2024 err = apply_relocate_add(info->sechdrs, info->strtab, 2025 info->index.sym, i, mod); 2026 if (err < 0) 2027 break; 2028 } 2029 return err; 2030} 2031 2032/* Additional bytes needed by arch in front of individual sections */ 2033unsigned int __weak arch_mod_section_prepend(struct module *mod, 2034 unsigned int section) 2035{ 2036 /* default implementation just returns zero */ 2037 return 0; 2038} 2039 2040/* Update size with this section: return offset. */ 2041static long get_offset(struct module *mod, unsigned int *size, 2042 Elf_Shdr *sechdr, unsigned int section) 2043{ 2044 long ret; 2045 2046 *size += arch_mod_section_prepend(mod, section); 2047 ret = ALIGN(*size, sechdr->sh_addralign ?: 1); 2048 *size = ret + sechdr->sh_size; 2049 return ret; 2050} 2051 2052/* Lay out the SHF_ALLOC sections in a way not dissimilar to how ld 2053 might -- code, read-only data, read-write data, small data. Tally 2054 sizes, and place the offsets into sh_entsize fields: high bit means it 2055 belongs in init. */ 2056static void layout_sections(struct module *mod, struct load_info *info) 2057{ 2058 static unsigned long const masks[][2] = { 2059 /* NOTE: all executable code must be the first section 2060 * in this array; otherwise modify the text_size 2061 * finder in the two loops below */ 2062 { SHF_EXECINSTR | SHF_ALLOC, ARCH_SHF_SMALL }, 2063 { SHF_ALLOC, SHF_WRITE | ARCH_SHF_SMALL }, 2064 { SHF_WRITE | SHF_ALLOC, ARCH_SHF_SMALL }, 2065 { ARCH_SHF_SMALL | SHF_ALLOC, 0 } 2066 }; 2067 unsigned int m, i; 2068 2069 for (i = 0; i < info->hdr->e_shnum; i++) 2070 info->sechdrs[i].sh_entsize = ~0UL; 2071 2072 pr_debug("Core section allocation order:\n"); 2073 for (m = 0; m < ARRAY_SIZE(masks); ++m) { 2074 for (i = 0; i < info->hdr->e_shnum; ++i) { 2075 Elf_Shdr *s = &info->sechdrs[i]; 2076 const char *sname = info->secstrings + s->sh_name; 2077 2078 if ((s->sh_flags & masks[m][0]) != masks[m][0] 2079 || (s->sh_flags & masks[m][1]) 2080 || s->sh_entsize != ~0UL 2081 || strstarts(sname, ".init")) 2082 continue; 2083 s->sh_entsize = get_offset(mod, &mod->core_size, s, i); 2084 pr_debug("\t%s\n", sname); 2085 } 2086 switch (m) { 2087 case 0: /* executable */ 2088 mod->core_size = debug_align(mod->core_size); 2089 mod->core_text_size = mod->core_size; 2090 break; 2091 case 1: /* RO: text and ro-data */ 2092 mod->core_size = debug_align(mod->core_size); 2093 mod->core_ro_size = mod->core_size; 2094 break; 2095 case 3: /* whole core */ 2096 mod->core_size = debug_align(mod->core_size); 2097 break; 2098 } 2099 } 2100 2101 pr_debug("Init section allocation order:\n"); 2102 for (m = 0; m < ARRAY_SIZE(masks); ++m) { 2103 for (i = 0; i < info->hdr->e_shnum; ++i) { 2104 Elf_Shdr *s = &info->sechdrs[i]; 2105 const char *sname = info->secstrings + s->sh_name; 2106 2107 if ((s->sh_flags & masks[m][0]) != masks[m][0] 2108 || (s->sh_flags & masks[m][1]) 2109 || s->sh_entsize != ~0UL 2110 || !strstarts(sname, ".init")) 2111 continue; 2112 s->sh_entsize = (get_offset(mod, &mod->init_size, s, i) 2113 | INIT_OFFSET_MASK); 2114 pr_debug("\t%s\n", sname); 2115 } 2116 switch (m) { 2117 case 0: /* executable */ 2118 mod->init_size = debug_align(mod->init_size); 2119 mod->init_text_size = mod->init_size; 2120 break; 2121 case 1: /* RO: text and ro-data */ 2122 mod->init_size = debug_align(mod->init_size); 2123 mod->init_ro_size = mod->init_size; 2124 break; 2125 case 3: /* whole init */ 2126 mod->init_size = debug_align(mod->init_size); 2127 break; 2128 } 2129 } 2130} 2131 2132static void set_license(struct module *mod, const char *license) 2133{ 2134 if (!license) 2135 license = "unspecified"; 2136 2137 if (!license_is_gpl_compatible(license)) { 2138 if (!test_taint(TAINT_PROPRIETARY_MODULE)) 2139 pr_warn("%s: module license '%s' taints kernel.\n", 2140 mod->name, license); 2141 add_taint_module(mod, TAINT_PROPRIETARY_MODULE, 2142 LOCKDEP_NOW_UNRELIABLE); 2143 } 2144} 2145 2146/* Parse tag=value strings from .modinfo section */ 2147static char *next_string(char *string, unsigned long *secsize) 2148{ 2149 /* Skip non-zero chars */ 2150 while (string[0]) { 2151 string++; 2152 if ((*secsize)-- <= 1) 2153 return NULL; 2154 } 2155 2156 /* Skip any zero padding. */ 2157 while (!string[0]) { 2158 string++; 2159 if ((*secsize)-- <= 1) 2160 return NULL; 2161 } 2162 return string; 2163} 2164 2165static char *get_modinfo(struct load_info *info, const char *tag) 2166{ 2167 char *p; 2168 unsigned int taglen = strlen(tag); 2169 Elf_Shdr *infosec = &info->sechdrs[info->index.info]; 2170 unsigned long size = infosec->sh_size; 2171 2172 for (p = (char *)infosec->sh_addr; p; p = next_string(p, &size)) { 2173 if (strncmp(p, tag, taglen) == 0 && p[taglen] == '=') 2174 return p + taglen + 1; 2175 } 2176 return NULL; 2177} 2178 2179static void setup_modinfo(struct module *mod, struct load_info *info) 2180{ 2181 struct module_attribute *attr; 2182 int i; 2183 2184 for (i = 0; (attr = modinfo_attrs[i]); i++) { 2185 if (attr->setup) 2186 attr->setup(mod, get_modinfo(info, attr->attr.name)); 2187 } 2188} 2189 2190static void free_modinfo(struct module *mod) 2191{ 2192 struct module_attribute *attr; 2193 int i; 2194 2195 for (i = 0; (attr = modinfo_attrs[i]); i++) { 2196 if (attr->free) 2197 attr->free(mod); 2198 } 2199} 2200 2201#ifdef CONFIG_KALLSYMS 2202 2203/* lookup symbol in given range of kernel_symbols */ 2204static const struct kernel_symbol *lookup_symbol(const char *name, 2205 const struct kernel_symbol *start, 2206 const struct kernel_symbol *stop) 2207{ 2208 return bsearch(name, start, stop - start, 2209 sizeof(struct kernel_symbol), cmp_name); 2210} 2211 2212static int is_exported(const char *name, unsigned long value, 2213 const struct module *mod) 2214{ 2215 const struct kernel_symbol *ks; 2216 if (!mod) 2217 ks = lookup_symbol(name, __start___ksymtab, __stop___ksymtab); 2218 else 2219 ks = lookup_symbol(name, mod->syms, mod->syms + mod->num_syms); 2220 return ks != NULL && ks->value == value; 2221} 2222 2223/* As per nm */ 2224static char elf_type(const Elf_Sym *sym, const struct load_info *info) 2225{ 2226 const Elf_Shdr *sechdrs = info->sechdrs; 2227 2228 if (ELF_ST_BIND(sym->st_info) == STB_WEAK) { 2229 if (ELF_ST_TYPE(sym->st_info) == STT_OBJECT) 2230 return 'v'; 2231 else 2232 return 'w'; 2233 } 2234 if (sym->st_shndx == SHN_UNDEF) 2235 return 'U'; 2236 if (sym->st_shndx == SHN_ABS) 2237 return 'a'; 2238 if (sym->st_shndx >= SHN_LORESERVE) 2239 return '?'; 2240 if (sechdrs[sym->st_shndx].sh_flags & SHF_EXECINSTR) 2241 return 't'; 2242 if (sechdrs[sym->st_shndx].sh_flags & SHF_ALLOC 2243 && sechdrs[sym->st_shndx].sh_type != SHT_NOBITS) { 2244 if (!(sechdrs[sym->st_shndx].sh_flags & SHF_WRITE)) 2245 return 'r'; 2246 else if (sechdrs[sym->st_shndx].sh_flags & ARCH_SHF_SMALL) 2247 return 'g'; 2248 else 2249 return 'd'; 2250 } 2251 if (sechdrs[sym->st_shndx].sh_type == SHT_NOBITS) { 2252 if (sechdrs[sym->st_shndx].sh_flags & ARCH_SHF_SMALL) 2253 return 's'; 2254 else 2255 return 'b'; 2256 } 2257 if (strstarts(info->secstrings + sechdrs[sym->st_shndx].sh_name, 2258 ".debug")) { 2259 return 'n'; 2260 } 2261 return '?'; 2262} 2263 2264static bool is_core_symbol(const Elf_Sym *src, const Elf_Shdr *sechdrs, 2265 unsigned int shnum) 2266{ 2267 const Elf_Shdr *sec; 2268 2269 if (src->st_shndx == SHN_UNDEF 2270 || src->st_shndx >= shnum 2271 || !src->st_name) 2272 return false; 2273 2274 sec = sechdrs + src->st_shndx; 2275 if (!(sec->sh_flags & SHF_ALLOC) 2276#ifndef CONFIG_KALLSYMS_ALL 2277 || !(sec->sh_flags & SHF_EXECINSTR) 2278#endif 2279 || (sec->sh_entsize & INIT_OFFSET_MASK)) 2280 return false; 2281 2282 return true; 2283} 2284 2285/* 2286 * We only allocate and copy the strings needed by the parts of symtab 2287 * we keep. This is simple, but has the effect of making multiple 2288 * copies of duplicates. We could be more sophisticated, see 2289 * linux-kernel thread starting with 2290 * <73defb5e4bca04a6431392cc341112b1@localhost>. 2291 */ 2292static void layout_symtab(struct module *mod, struct load_info *info) 2293{ 2294 Elf_Shdr *symsect = info->sechdrs + info->index.sym; 2295 Elf_Shdr *strsect = info->sechdrs + info->index.str; 2296 const Elf_Sym *src; 2297 unsigned int i, nsrc, ndst, strtab_size = 0; 2298 2299 /* Put symbol section at end of init part of module. */ 2300 symsect->sh_flags |= SHF_ALLOC; 2301 symsect->sh_entsize = get_offset(mod, &mod->init_size, symsect, 2302 info->index.sym) | INIT_OFFSET_MASK; 2303 pr_debug("\t%s\n", info->secstrings + symsect->sh_name); 2304 2305 src = (void *)info->hdr + symsect->sh_offset; 2306 nsrc = symsect->sh_size / sizeof(*src); 2307 2308 /* Compute total space required for the core symbols' strtab. */ 2309 for (ndst = i = 0; i < nsrc; i++) { 2310 if (i == 0 || 2311 is_core_symbol(src+i, info->sechdrs, info->hdr->e_shnum)) { 2312 strtab_size += strlen(&info->strtab[src[i].st_name])+1; 2313 ndst++; 2314 } 2315 } 2316 2317 /* Append room for core symbols at end of core part. */ 2318 info->symoffs = ALIGN(mod->core_size, symsect->sh_addralign ?: 1); 2319 info->stroffs = mod->core_size = info->symoffs + ndst * sizeof(Elf_Sym); 2320 mod->core_size += strtab_size; 2321 mod->core_size = debug_align(mod->core_size); 2322 2323 /* Put string table section at end of init part of module. */ 2324 strsect->sh_flags |= SHF_ALLOC; 2325 strsect->sh_entsize = get_offset(mod, &mod->init_size, strsect, 2326 info->index.str) | INIT_OFFSET_MASK; 2327 pr_debug("\t%s\n", info->secstrings + strsect->sh_name); 2328 2329 /* We'll tack temporary mod_kallsyms on the end. */ 2330 mod->init_size = ALIGN(mod->init_size, 2331 __alignof__(struct mod_kallsyms)); 2332 info->mod_kallsyms_init_off = mod->init_size; 2333 mod->init_size += sizeof(struct mod_kallsyms); 2334 mod->init_size = debug_align(mod->init_size); 2335} 2336 2337/* 2338 * We use the full symtab and strtab which layout_symtab arranged to 2339 * be appended to the init section. Later we switch to the cut-down 2340 * core-only ones. 2341 */ 2342static void add_kallsyms(struct module *mod, const struct load_info *info) 2343{ 2344 unsigned int i, ndst; 2345 const Elf_Sym *src; 2346 Elf_Sym *dst; 2347 char *s; 2348 Elf_Shdr *symsec = &info->sechdrs[info->index.sym]; 2349 2350 /* Set up to point into init section. */ 2351 mod->kallsyms = mod->module_init + info->mod_kallsyms_init_off; 2352 2353 mod->kallsyms->symtab = (void *)symsec->sh_addr; 2354 mod->kallsyms->num_symtab = symsec->sh_size / sizeof(Elf_Sym); 2355 /* Make sure we get permanent strtab: don't use info->strtab. */ 2356 mod->kallsyms->strtab = (void *)info->sechdrs[info->index.str].sh_addr; 2357 2358 /* Set types up while we still have access to sections. */ 2359 for (i = 0; i < mod->kallsyms->num_symtab; i++) 2360 mod->kallsyms->symtab[i].st_info 2361 = elf_type(&mod->kallsyms->symtab[i], info); 2362 2363 /* Now populate the cut down core kallsyms for after init. */ 2364 mod->core_kallsyms.symtab = dst = mod->module_core + info->symoffs; 2365 mod->core_kallsyms.strtab = s = mod->module_core + info->stroffs; 2366 src = mod->kallsyms->symtab; 2367 for (ndst = i = 0; i < mod->kallsyms->num_symtab; i++) { 2368 if (i == 0 || 2369 is_core_symbol(src+i, info->sechdrs, info->hdr->e_shnum)) { 2370 dst[ndst] = src[i]; 2371 dst[ndst++].st_name = s - mod->core_kallsyms.strtab; 2372 s += strlcpy(s, &mod->kallsyms->strtab[src[i].st_name], 2373 KSYM_NAME_LEN) + 1; 2374 } 2375 } 2376 mod->core_kallsyms.num_symtab = ndst; 2377} 2378#else 2379static inline void layout_symtab(struct module *mod, struct load_info *info) 2380{ 2381} 2382 2383static void add_kallsyms(struct module *mod, const struct load_info *info) 2384{ 2385} 2386#endif /* CONFIG_KALLSYMS */ 2387 2388static void dynamic_debug_setup(struct _ddebug *debug, unsigned int num) 2389{ 2390 if (!debug) 2391 return; 2392#ifdef CONFIG_DYNAMIC_DEBUG 2393 if (ddebug_add_module(debug, num, debug->modname)) 2394 pr_err("dynamic debug error adding module: %s\n", 2395 debug->modname); 2396#endif 2397} 2398 2399static void dynamic_debug_remove(struct _ddebug *debug) 2400{ 2401 if (debug) 2402 ddebug_remove_module(debug->modname); 2403} 2404 2405void * __weak module_alloc(unsigned long size) 2406{ 2407 return vmalloc_exec(size); 2408} 2409 2410static void *module_alloc_update_bounds(unsigned long size) 2411{ 2412 void *ret = module_alloc(size); 2413 2414 if (ret) { 2415 mutex_lock(&module_mutex); 2416 /* Update module bounds. */ 2417 if ((unsigned long)ret < module_addr_min) 2418 module_addr_min = (unsigned long)ret; 2419 if ((unsigned long)ret + size > module_addr_max) 2420 module_addr_max = (unsigned long)ret + size; 2421 mutex_unlock(&module_mutex); 2422 } 2423 return ret; 2424} 2425 2426#ifdef CONFIG_DEBUG_KMEMLEAK 2427static void kmemleak_load_module(const struct module *mod, 2428 const struct load_info *info) 2429{ 2430 unsigned int i; 2431 2432 /* only scan the sections containing data */ 2433 kmemleak_scan_area(mod, sizeof(struct module), GFP_KERNEL); 2434 2435 for (i = 1; i < info->hdr->e_shnum; i++) { 2436 /* Scan all writable sections that's not executable */ 2437 if (!(info->sechdrs[i].sh_flags & SHF_ALLOC) || 2438 !(info->sechdrs[i].sh_flags & SHF_WRITE) || 2439 (info->sechdrs[i].sh_flags & SHF_EXECINSTR)) 2440 continue; 2441 2442 kmemleak_scan_area((void *)info->sechdrs[i].sh_addr, 2443 info->sechdrs[i].sh_size, GFP_KERNEL); 2444 } 2445} 2446#else 2447static inline void kmemleak_load_module(const struct module *mod, 2448 const struct load_info *info) 2449{ 2450} 2451#endif 2452 2453#ifdef CONFIG_MODULE_SIG 2454static int module_sig_check(struct load_info *info) 2455{ 2456 int err = -ENOKEY; 2457 const unsigned long markerlen = sizeof(MODULE_SIG_STRING) - 1; 2458 const void *mod = info->hdr; 2459 2460 if (info->len > markerlen && 2461 memcmp(mod + info->len - markerlen, MODULE_SIG_STRING, markerlen) == 0) { 2462 /* We truncate the module to discard the signature */ 2463 info->len -= markerlen; 2464 err = mod_verify_sig(mod, &info->len); 2465 } 2466 2467 if (!err) { 2468 info->sig_ok = true; 2469 return 0; 2470 } 2471 2472 /* Not having a signature is only an error if we're strict. */ 2473 if (err == -ENOKEY && !sig_enforce) 2474 err = 0; 2475 2476 return err; 2477} 2478#else /* !CONFIG_MODULE_SIG */ 2479static int module_sig_check(struct load_info *info) 2480{ 2481 return 0; 2482} 2483#endif /* !CONFIG_MODULE_SIG */ 2484 2485/* Sanity checks against invalid binaries, wrong arch, weird elf version. */ 2486static int elf_header_check(struct load_info *info) 2487{ 2488 if (info->len < sizeof(*(info->hdr))) 2489 return -ENOEXEC; 2490 2491 if (memcmp(info->hdr->e_ident, ELFMAG, SELFMAG) != 0 2492 || info->hdr->e_type != ET_REL 2493 || !elf_check_arch(info->hdr) 2494 || info->hdr->e_shentsize != sizeof(Elf_Shdr)) 2495 return -ENOEXEC; 2496 2497 if (info->hdr->e_shoff >= info->len 2498 || (info->hdr->e_shnum * sizeof(Elf_Shdr) > 2499 info->len - info->hdr->e_shoff)) 2500 return -ENOEXEC; 2501 2502 return 0; 2503} 2504 2505#define COPY_CHUNK_SIZE (16*PAGE_SIZE) 2506 2507static int copy_chunked_from_user(void *dst, const void __user *usrc, unsigned long len) 2508{ 2509 do { 2510 unsigned long n = min(len, COPY_CHUNK_SIZE); 2511 2512 if (copy_from_user(dst, usrc, n) != 0) 2513 return -EFAULT; 2514 cond_resched(); 2515 dst += n; 2516 usrc += n; 2517 len -= n; 2518 } while (len); 2519 return 0; 2520} 2521 2522/* Sets info->hdr and info->len. */ 2523static int copy_module_from_user(const void __user *umod, unsigned long len, 2524 struct load_info *info) 2525{ 2526 int err; 2527 2528 info->len = len; 2529 if (info->len < sizeof(*(info->hdr))) 2530 return -ENOEXEC; 2531 2532 err = security_kernel_module_from_file(NULL); 2533 if (err) 2534 return err; 2535 2536 /* Suck in entire file: we'll want most of it. */ 2537 info->hdr = __vmalloc(info->len, 2538 GFP_KERNEL | __GFP_HIGHMEM | __GFP_NOWARN, PAGE_KERNEL); 2539 if (!info->hdr) 2540 return -ENOMEM; 2541 2542 if (copy_chunked_from_user(info->hdr, umod, info->len) != 0) { 2543 vfree(info->hdr); 2544 return -EFAULT; 2545 } 2546 2547 return 0; 2548} 2549 2550/* Sets info->hdr and info->len. */ 2551static int copy_module_from_fd(int fd, struct load_info *info) 2552{ 2553 struct fd f = fdget(fd); 2554 int err; 2555 struct kstat stat; 2556 loff_t pos; 2557 ssize_t bytes = 0; 2558 2559 if (!f.file) 2560 return -ENOEXEC; 2561 2562 err = security_kernel_module_from_file(f.file); 2563 if (err) 2564 goto out; 2565 2566 err = vfs_getattr(&f.file->f_path, &stat); 2567 if (err) 2568 goto out; 2569 2570 if (stat.size > INT_MAX) { 2571 err = -EFBIG; 2572 goto out; 2573 } 2574 2575 /* Don't hand 0 to vmalloc, it whines. */ 2576 if (stat.size == 0) { 2577 err = -EINVAL; 2578 goto out; 2579 } 2580 2581 info->hdr = vmalloc(stat.size); 2582 if (!info->hdr) { 2583 err = -ENOMEM; 2584 goto out; 2585 } 2586 2587 pos = 0; 2588 while (pos < stat.size) { 2589 bytes = kernel_read(f.file, pos, (char *)(info->hdr) + pos, 2590 stat.size - pos); 2591 if (bytes < 0) { 2592 vfree(info->hdr); 2593 err = bytes; 2594 goto out; 2595 } 2596 if (bytes == 0) 2597 break; 2598 pos += bytes; 2599 } 2600 info->len = pos; 2601 2602out: 2603 fdput(f); 2604 return err; 2605} 2606 2607static void free_copy(struct load_info *info) 2608{ 2609 vfree(info->hdr); 2610} 2611 2612static int rewrite_section_headers(struct load_info *info, int flags) 2613{ 2614 unsigned int i; 2615 2616 /* This should always be true, but let's be sure. */ 2617 info->sechdrs[0].sh_addr = 0; 2618 2619 for (i = 1; i < info->hdr->e_shnum; i++) { 2620 Elf_Shdr *shdr = &info->sechdrs[i]; 2621 if (shdr->sh_type != SHT_NOBITS 2622 && info->len < shdr->sh_offset + shdr->sh_size) { 2623 pr_err("Module len %lu truncated\n", info->len); 2624 return -ENOEXEC; 2625 } 2626 2627 /* Mark all sections sh_addr with their address in the 2628 temporary image. */ 2629 shdr->sh_addr = (size_t)info->hdr + shdr->sh_offset; 2630 2631#ifndef CONFIG_MODULE_UNLOAD 2632 /* Don't load .exit sections */ 2633 if (strstarts(info->secstrings+shdr->sh_name, ".exit")) 2634 shdr->sh_flags &= ~(unsigned long)SHF_ALLOC; 2635#endif 2636 } 2637 2638 /* Track but don't keep modinfo and version sections. */ 2639 if (flags & MODULE_INIT_IGNORE_MODVERSIONS) 2640 info->index.vers = 0; /* Pretend no __versions section! */ 2641 else 2642 info->index.vers = find_sec(info, "__versions"); 2643 info->index.info = find_sec(info, ".modinfo"); 2644 info->sechdrs[info->index.info].sh_flags &= ~(unsigned long)SHF_ALLOC; 2645 info->sechdrs[info->index.vers].sh_flags &= ~(unsigned long)SHF_ALLOC; 2646 return 0; 2647} 2648 2649/* 2650 * Set up our basic convenience variables (pointers to section headers, 2651 * search for module section index etc), and do some basic section 2652 * verification. 2653 * 2654 * Return the temporary module pointer (we'll replace it with the final 2655 * one when we move the module sections around). 2656 */ 2657static struct module *setup_load_info(struct load_info *info, int flags) 2658{ 2659 unsigned int i; 2660 int err; 2661 struct module *mod; 2662 2663 /* Set up the convenience variables */ 2664 info->sechdrs = (void *)info->hdr + info->hdr->e_shoff; 2665 info->secstrings = (void *)info->hdr 2666 + info->sechdrs[info->hdr->e_shstrndx].sh_offset; 2667 2668 err = rewrite_section_headers(info, flags); 2669 if (err) 2670 return ERR_PTR(err); 2671 2672 /* Find internal symbols and strings. */ 2673 for (i = 1; i < info->hdr->e_shnum; i++) { 2674 if (info->sechdrs[i].sh_type == SHT_SYMTAB) { 2675 info->index.sym = i; 2676 info->index.str = info->sechdrs[i].sh_link; 2677 info->strtab = (char *)info->hdr 2678 + info->sechdrs[info->index.str].sh_offset; 2679 break; 2680 } 2681 } 2682 2683 info->index.mod = find_sec(info, ".gnu.linkonce.this_module"); 2684 if (!info->index.mod) { 2685 pr_warn("No module found in object\n"); 2686 return ERR_PTR(-ENOEXEC); 2687 } 2688 /* This is temporary: point mod into copy of data. */ 2689 mod = (void *)info->sechdrs[info->index.mod].sh_addr; 2690 2691 if (info->index.sym == 0) { 2692 pr_warn("%s: module has no symbols (stripped?)\n", mod->name); 2693 return ERR_PTR(-ENOEXEC); 2694 } 2695 2696 info->index.pcpu = find_pcpusec(info); 2697 2698 /* Check module struct version now, before we try to use module. */ 2699 if (!check_modstruct_version(info->sechdrs, info->index.vers, mod)) 2700 return ERR_PTR(-ENOEXEC); 2701 2702 return mod; 2703} 2704 2705static int check_modinfo(struct module *mod, struct load_info *info, int flags) 2706{ 2707 const char *modmagic = get_modinfo(info, "vermagic"); 2708 int err; 2709 2710 if (flags & MODULE_INIT_IGNORE_VERMAGIC) 2711 modmagic = NULL; 2712 2713 /* This is allowed: modprobe --force will invalidate it. */ 2714 if (!modmagic) { 2715 err = try_to_force_load(mod, "bad vermagic"); 2716 if (err) 2717 return err; 2718 } else if (!same_magic(modmagic, vermagic, info->index.vers)) { 2719 pr_err("%s: version magic '%s' should be '%s'\n", 2720 mod->name, modmagic, vermagic); 2721 return -ENOEXEC; 2722 } 2723 2724 if (!get_modinfo(info, "intree")) 2725 add_taint_module(mod, TAINT_OOT_MODULE, LOCKDEP_STILL_OK); 2726 2727 if (get_modinfo(info, "staging")) { 2728 add_taint_module(mod, TAINT_CRAP, LOCKDEP_STILL_OK); 2729 pr_warn("%s: module is from the staging directory, the quality " 2730 "is unknown, you have been warned.\n", mod->name); 2731 } 2732 2733 /* Set up license info based on the info section */ 2734 set_license(mod, get_modinfo(info, "license")); 2735 2736 return 0; 2737} 2738 2739static int find_module_sections(struct module *mod, struct load_info *info) 2740{ 2741 mod->kp = section_objs(info, "__param", 2742 sizeof(*mod->kp), &mod->num_kp); 2743 mod->syms = section_objs(info, "__ksymtab", 2744 sizeof(*mod->syms), &mod->num_syms); 2745 mod->crcs = section_addr(info, "__kcrctab"); 2746 mod->gpl_syms = section_objs(info, "__ksymtab_gpl", 2747 sizeof(*mod->gpl_syms), 2748 &mod->num_gpl_syms); 2749 mod->gpl_crcs = section_addr(info, "__kcrctab_gpl"); 2750 mod->gpl_future_syms = section_objs(info, 2751 "__ksymtab_gpl_future", 2752 sizeof(*mod->gpl_future_syms), 2753 &mod->num_gpl_future_syms); 2754 mod->gpl_future_crcs = section_addr(info, "__kcrctab_gpl_future"); 2755 2756#ifdef CONFIG_UNUSED_SYMBOLS 2757 mod->unused_syms = section_objs(info, "__ksymtab_unused", 2758 sizeof(*mod->unused_syms), 2759 &mod->num_unused_syms); 2760 mod->unused_crcs = section_addr(info, "__kcrctab_unused"); 2761 mod->unused_gpl_syms = section_objs(info, "__ksymtab_unused_gpl", 2762 sizeof(*mod->unused_gpl_syms), 2763 &mod->num_unused_gpl_syms); 2764 mod->unused_gpl_crcs = section_addr(info, "__kcrctab_unused_gpl"); 2765#endif 2766#ifdef CONFIG_CONSTRUCTORS 2767 mod->ctors = section_objs(info, ".ctors", 2768 sizeof(*mod->ctors), &mod->num_ctors); 2769 if (!mod->ctors) 2770 mod->ctors = section_objs(info, ".init_array", 2771 sizeof(*mod->ctors), &mod->num_ctors); 2772 else if (find_sec(info, ".init_array")) { 2773 /* 2774 * This shouldn't happen with same compiler and binutils 2775 * building all parts of the module. 2776 */ 2777 pr_warn("%s: has both .ctors and .init_array.\n", 2778 mod->name); 2779 return -EINVAL; 2780 } 2781#endif 2782 2783#ifdef CONFIG_TRACEPOINTS 2784 mod->tracepoints_ptrs = section_objs(info, "__tracepoints_ptrs", 2785 sizeof(*mod->tracepoints_ptrs), 2786 &mod->num_tracepoints); 2787#endif 2788#ifdef HAVE_JUMP_LABEL 2789 mod->jump_entries = section_objs(info, "__jump_table", 2790 sizeof(*mod->jump_entries), 2791 &mod->num_jump_entries); 2792#endif 2793#ifdef CONFIG_EVENT_TRACING 2794 mod->trace_events = section_objs(info, "_ftrace_events", 2795 sizeof(*mod->trace_events), 2796 &mod->num_trace_events); 2797 mod->trace_enums = section_objs(info, "_ftrace_enum_map", 2798 sizeof(*mod->trace_enums), 2799 &mod->num_trace_enums); 2800#endif 2801#ifdef CONFIG_TRACING 2802 mod->trace_bprintk_fmt_start = section_objs(info, "__trace_printk_fmt", 2803 sizeof(*mod->trace_bprintk_fmt_start), 2804 &mod->num_trace_bprintk_fmt); 2805#endif 2806#ifdef CONFIG_FTRACE_MCOUNT_RECORD 2807 /* sechdrs[0].sh_size is always zero */ 2808 mod->ftrace_callsites = section_objs(info, "__mcount_loc", 2809 sizeof(*mod->ftrace_callsites), 2810 &mod->num_ftrace_callsites); 2811#endif 2812 2813 mod->extable = section_objs(info, "__ex_table", 2814 sizeof(*mod->extable), &mod->num_exentries); 2815 2816 if (section_addr(info, "__obsparm")) 2817 pr_warn("%s: Ignoring obsolete parameters\n", mod->name); 2818 2819 info->debug = section_objs(info, "__verbose", 2820 sizeof(*info->debug), &info->num_debug); 2821 2822 return 0; 2823} 2824 2825static int move_module(struct module *mod, struct load_info *info) 2826{ 2827 int i; 2828 void *ptr; 2829 2830 /* Do the allocs. */ 2831 ptr = module_alloc_update_bounds(mod->core_size); 2832 /* 2833 * The pointer to this block is stored in the module structure 2834 * which is inside the block. Just mark it as not being a 2835 * leak. 2836 */ 2837 kmemleak_not_leak(ptr); 2838 if (!ptr) 2839 return -ENOMEM; 2840 2841 memset(ptr, 0, mod->core_size); 2842 mod->module_core = ptr; 2843 2844 if (mod->init_size) { 2845 ptr = module_alloc_update_bounds(mod->init_size); 2846 /* 2847 * The pointer to this block is stored in the module structure 2848 * which is inside the block. This block doesn't need to be 2849 * scanned as it contains data and code that will be freed 2850 * after the module is initialized. 2851 */ 2852 kmemleak_ignore(ptr); 2853 if (!ptr) { 2854 module_memfree(mod->module_core); 2855 return -ENOMEM; 2856 } 2857 memset(ptr, 0, mod->init_size); 2858 mod->module_init = ptr; 2859 } else 2860 mod->module_init = NULL; 2861 2862 /* Transfer each section which specifies SHF_ALLOC */ 2863 pr_debug("final section addresses:\n"); 2864 for (i = 0; i < info->hdr->e_shnum; i++) { 2865 void *dest; 2866 Elf_Shdr *shdr = &info->sechdrs[i]; 2867 2868 if (!(shdr->sh_flags & SHF_ALLOC)) 2869 continue; 2870 2871 if (shdr->sh_entsize & INIT_OFFSET_MASK) 2872 dest = mod->module_init 2873 + (shdr->sh_entsize & ~INIT_OFFSET_MASK); 2874 else 2875 dest = mod->module_core + shdr->sh_entsize; 2876 2877 if (shdr->sh_type != SHT_NOBITS) 2878 memcpy(dest, (void *)shdr->sh_addr, shdr->sh_size); 2879 /* Update sh_addr to point to copy in image. */ 2880 shdr->sh_addr = (unsigned long)dest; 2881 pr_debug("\t0x%lx %s\n", 2882 (long)shdr->sh_addr, info->secstrings + shdr->sh_name); 2883 } 2884 2885 return 0; 2886} 2887 2888static int check_module_license_and_versions(struct module *mod) 2889{ 2890 /* 2891 * ndiswrapper is under GPL by itself, but loads proprietary modules. 2892 * Don't use add_taint_module(), as it would prevent ndiswrapper from 2893 * using GPL-only symbols it needs. 2894 */ 2895 if (strcmp(mod->name, "ndiswrapper") == 0) 2896 add_taint(TAINT_PROPRIETARY_MODULE, LOCKDEP_NOW_UNRELIABLE); 2897 2898 /* driverloader was caught wrongly pretending to be under GPL */ 2899 if (strcmp(mod->name, "driverloader") == 0) 2900 add_taint_module(mod, TAINT_PROPRIETARY_MODULE, 2901 LOCKDEP_NOW_UNRELIABLE); 2902 2903 /* lve claims to be GPL but upstream won't provide source */ 2904 if (strcmp(mod->name, "lve") == 0) 2905 add_taint_module(mod, TAINT_PROPRIETARY_MODULE, 2906 LOCKDEP_NOW_UNRELIABLE); 2907 2908#ifdef CONFIG_MODVERSIONS 2909 if ((mod->num_syms && !mod->crcs) 2910 || (mod->num_gpl_syms && !mod->gpl_crcs) 2911 || (mod->num_gpl_future_syms && !mod->gpl_future_crcs) 2912#ifdef CONFIG_UNUSED_SYMBOLS 2913 || (mod->num_unused_syms && !mod->unused_crcs) 2914 || (mod->num_unused_gpl_syms && !mod->unused_gpl_crcs) 2915#endif 2916 ) { 2917 return try_to_force_load(mod, 2918 "no versions for exported symbols"); 2919 } 2920#endif 2921 return 0; 2922} 2923 2924static void flush_module_icache(const struct module *mod) 2925{ 2926 mm_segment_t old_fs; 2927 2928 /* flush the icache in correct context */ 2929 old_fs = get_fs(); 2930 set_fs(KERNEL_DS); 2931 2932 /* 2933 * Flush the instruction cache, since we've played with text. 2934 * Do it before processing of module parameters, so the module 2935 * can provide parameter accessor functions of its own. 2936 */ 2937 if (mod->module_init) 2938 flush_icache_range((unsigned long)mod->module_init, 2939 (unsigned long)mod->module_init 2940 + mod->init_size); 2941 flush_icache_range((unsigned long)mod->module_core, 2942 (unsigned long)mod->module_core + mod->core_size); 2943 2944 set_fs(old_fs); 2945} 2946 2947int __weak module_frob_arch_sections(Elf_Ehdr *hdr, 2948 Elf_Shdr *sechdrs, 2949 char *secstrings, 2950 struct module *mod) 2951{ 2952 return 0; 2953} 2954 2955static struct module *layout_and_allocate(struct load_info *info, int flags) 2956{ 2957 /* Module within temporary copy. */ 2958 struct module *mod; 2959 int err; 2960 2961 mod = setup_load_info(info, flags); 2962 if (IS_ERR(mod)) 2963 return mod; 2964 2965 err = check_modinfo(mod, info, flags); 2966 if (err) 2967 return ERR_PTR(err); 2968 2969 /* Allow arches to frob section contents and sizes. */ 2970 err = module_frob_arch_sections(info->hdr, info->sechdrs, 2971 info->secstrings, mod); 2972 if (err < 0) 2973 return ERR_PTR(err); 2974 2975 /* We will do a special allocation for per-cpu sections later. */ 2976 info->sechdrs[info->index.pcpu].sh_flags &= ~(unsigned long)SHF_ALLOC; 2977 2978 /* Determine total sizes, and put offsets in sh_entsize. For now 2979 this is done generically; there doesn't appear to be any 2980 special cases for the architectures. */ 2981 layout_sections(mod, info); 2982 layout_symtab(mod, info); 2983 2984 /* Allocate and move to the final place */ 2985 err = move_module(mod, info); 2986 if (err) 2987 return ERR_PTR(err); 2988 2989 /* Module has been copied to its final place now: return it. */ 2990 mod = (void *)info->sechdrs[info->index.mod].sh_addr; 2991 kmemleak_load_module(mod, info); 2992 return mod; 2993} 2994 2995/* mod is no longer valid after this! */ 2996static void module_deallocate(struct module *mod, struct load_info *info) 2997{ 2998 percpu_modfree(mod); 2999 module_arch_freeing_init(mod); 3000 module_memfree(mod->module_init); 3001 module_memfree(mod->module_core); 3002} 3003 3004int __weak module_finalize(const Elf_Ehdr *hdr, 3005 const Elf_Shdr *sechdrs, 3006 struct module *me) 3007{ 3008 return 0; 3009} 3010 3011static int post_relocation(struct module *mod, const struct load_info *info) 3012{ 3013 /* Sort exception table now relocations are done. */ 3014 sort_extable(mod->extable, mod->extable + mod->num_exentries); 3015 3016 /* Copy relocated percpu area over. */ 3017 percpu_modcopy(mod, (void *)info->sechdrs[info->index.pcpu].sh_addr, 3018 info->sechdrs[info->index.pcpu].sh_size); 3019 3020 /* Setup kallsyms-specific fields. */ 3021 add_kallsyms(mod, info); 3022 3023 /* Arch-specific module finalizing. */ 3024 return module_finalize(info->hdr, info->sechdrs, mod); 3025} 3026 3027/* Is this module of this name done loading? No locks held. */ 3028static bool finished_loading(const char *name) 3029{ 3030 struct module *mod; 3031 bool ret; 3032 3033 /* 3034 * The module_mutex should not be a heavily contended lock; 3035 * if we get the occasional sleep here, we'll go an extra iteration 3036 * in the wait_event_interruptible(), which is harmless. 3037 */ 3038 sched_annotate_sleep(); 3039 mutex_lock(&module_mutex); 3040 mod = find_module_all(name, strlen(name), true); 3041 ret = !mod || mod->state == MODULE_STATE_LIVE 3042 || mod->state == MODULE_STATE_GOING; 3043 mutex_unlock(&module_mutex); 3044 3045 return ret; 3046} 3047 3048/* Call module constructors. */ 3049static void do_mod_ctors(struct module *mod) 3050{ 3051#ifdef CONFIG_CONSTRUCTORS 3052 unsigned long i; 3053 3054 for (i = 0; i < mod->num_ctors; i++) 3055 mod->ctors[i](); 3056#endif 3057} 3058 3059/* For freeing module_init on success, in case kallsyms traversing */ 3060struct mod_initfree { 3061 struct rcu_head rcu; 3062 void *module_init; 3063}; 3064 3065static void do_free_init(struct rcu_head *head) 3066{ 3067 struct mod_initfree *m = container_of(head, struct mod_initfree, rcu); 3068 module_memfree(m->module_init); 3069 kfree(m); 3070} 3071 3072/* 3073 * This is where the real work happens. 3074 * 3075 * Keep it uninlined to provide a reliable breakpoint target, e.g. for the gdb 3076 * helper command 'lx-symbols'. 3077 */ 3078static noinline int do_init_module(struct module *mod) 3079{ 3080 int ret = 0; 3081 struct mod_initfree *freeinit; 3082 3083 freeinit = kmalloc(sizeof(*freeinit), GFP_KERNEL); 3084 if (!freeinit) { 3085 ret = -ENOMEM; 3086 goto fail; 3087 } 3088 freeinit->module_init = mod->module_init; 3089 3090 /* 3091 * We want to find out whether @mod uses async during init. Clear 3092 * PF_USED_ASYNC. async_schedule*() will set it. 3093 */ 3094 current->flags &= ~PF_USED_ASYNC; 3095 3096 do_mod_ctors(mod); 3097 /* Start the module */ 3098 if (mod->init != NULL) 3099 ret = do_one_initcall(mod->init); 3100 if (ret < 0) { 3101 goto fail_free_freeinit; 3102 } 3103 if (ret > 0) { 3104 pr_warn("%s: '%s'->init suspiciously returned %d, it should " 3105 "follow 0/-E convention\n" 3106 "%s: loading module anyway...\n", 3107 __func__, mod->name, ret, __func__); 3108 dump_stack(); 3109 } 3110 3111 /* Now it's a first class citizen! */ 3112 mod->state = MODULE_STATE_LIVE; 3113 blocking_notifier_call_chain(&module_notify_list, 3114 MODULE_STATE_LIVE, mod); 3115 3116 /* 3117 * We need to finish all async code before the module init sequence 3118 * is done. This has potential to deadlock. For example, a newly 3119 * detected block device can trigger request_module() of the 3120 * default iosched from async probing task. Once userland helper 3121 * reaches here, async_synchronize_full() will wait on the async 3122 * task waiting on request_module() and deadlock. 3123 * 3124 * This deadlock is avoided by perfomring async_synchronize_full() 3125 * iff module init queued any async jobs. This isn't a full 3126 * solution as it will deadlock the same if module loading from 3127 * async jobs nests more than once; however, due to the various 3128 * constraints, this hack seems to be the best option for now. 3129 * Please refer to the following thread for details. 3130 * 3131 * http://thread.gmane.org/gmane.linux.kernel/1420814 3132 */ 3133 if (current->flags & PF_USED_ASYNC) 3134 async_synchronize_full(); 3135 3136 mutex_lock(&module_mutex); 3137 /* Drop initial reference. */ 3138 module_put(mod); 3139 trim_init_extable(mod); 3140#ifdef CONFIG_KALLSYMS 3141 /* Switch to core kallsyms now init is done: kallsyms may be walking! */ 3142 rcu_assign_pointer(mod->kallsyms, &mod->core_kallsyms); 3143#endif 3144 unset_module_init_ro_nx(mod); 3145 module_arch_freeing_init(mod); 3146 mod->module_init = NULL; 3147 mod->init_size = 0; 3148 mod->init_ro_size = 0; 3149 mod->init_text_size = 0; 3150 /* 3151 * We want to free module_init, but be aware that kallsyms may be 3152 * walking this with preempt disabled. In all the failure paths, 3153 * we call synchronize_rcu/synchronize_sched, but we don't want 3154 * to slow down the success path, so use actual RCU here. 3155 */ 3156 call_rcu(&freeinit->rcu, do_free_init); 3157 mutex_unlock(&module_mutex); 3158 wake_up_all(&module_wq); 3159 3160 return 0; 3161 3162fail_free_freeinit: 3163 kfree(freeinit); 3164fail: 3165 /* Try to protect us from buggy refcounters. */ 3166 mod->state = MODULE_STATE_GOING; 3167 synchronize_sched(); 3168 module_put(mod); 3169 blocking_notifier_call_chain(&module_notify_list, 3170 MODULE_STATE_GOING, mod); 3171 free_module(mod); 3172 wake_up_all(&module_wq); 3173 return ret; 3174} 3175 3176static int may_init_module(void) 3177{ 3178 if (!capable(CAP_SYS_MODULE) || modules_disabled) 3179 return -EPERM; 3180 3181 return 0; 3182} 3183 3184/* 3185 * We try to place it in the list now to make sure it's unique before 3186 * we dedicate too many resources. In particular, temporary percpu 3187 * memory exhaustion. 3188 */ 3189static int add_unformed_module(struct module *mod) 3190{ 3191 int err; 3192 struct module *old; 3193 3194 mod->state = MODULE_STATE_UNFORMED; 3195 3196again: 3197 mutex_lock(&module_mutex); 3198 old = find_module_all(mod->name, strlen(mod->name), true); 3199 if (old != NULL) { 3200 if (old->state == MODULE_STATE_COMING 3201 || old->state == MODULE_STATE_UNFORMED) { 3202 /* Wait in case it fails to load. */ 3203 mutex_unlock(&module_mutex); 3204 err = wait_event_interruptible(module_wq, 3205 finished_loading(mod->name)); 3206 if (err) 3207 goto out_unlocked; 3208 goto again; 3209 } 3210 err = -EEXIST; 3211 goto out; 3212 } 3213 list_add_rcu(&mod->list, &modules); 3214 err = 0; 3215 3216out: 3217 mutex_unlock(&module_mutex); 3218out_unlocked: 3219 return err; 3220} 3221 3222static int complete_formation(struct module *mod, struct load_info *info) 3223{ 3224 int err; 3225 3226 mutex_lock(&module_mutex); 3227 3228 /* Find duplicate symbols (must be called under lock). */ 3229 err = verify_export_symbols(mod); 3230 if (err < 0) 3231 goto out; 3232 3233 /* This relies on module_mutex for list integrity. */ 3234 module_bug_finalize(info->hdr, info->sechdrs, mod); 3235 3236 /* Set RO and NX regions for core */ 3237 set_section_ro_nx(mod->module_core, 3238 mod->core_text_size, 3239 mod->core_ro_size, 3240 mod->core_size); 3241 3242 /* Set RO and NX regions for init */ 3243 set_section_ro_nx(mod->module_init, 3244 mod->init_text_size, 3245 mod->init_ro_size, 3246 mod->init_size); 3247 3248 /* Mark state as coming so strong_try_module_get() ignores us, 3249 * but kallsyms etc. can see us. */ 3250 mod->state = MODULE_STATE_COMING; 3251 mutex_unlock(&module_mutex); 3252 3253 blocking_notifier_call_chain(&module_notify_list, 3254 MODULE_STATE_COMING, mod); 3255 return 0; 3256 3257out: 3258 mutex_unlock(&module_mutex); 3259 return err; 3260} 3261 3262static int unknown_module_param_cb(char *param, char *val, const char *modname) 3263{ 3264 /* Check for magic 'dyndbg' arg */ 3265 int ret = ddebug_dyndbg_module_param_cb(param, val, modname); 3266 if (ret != 0) 3267 pr_warn("%s: unknown parameter '%s' ignored\n", modname, param); 3268 return 0; 3269} 3270 3271/* Allocate and load the module: note that size of section 0 is always 3272 zero, and we rely on this for optional sections. */ 3273static int load_module(struct load_info *info, const char __user *uargs, 3274 int flags) 3275{ 3276 struct module *mod; 3277 long err; 3278 char *after_dashes; 3279 3280 err = module_sig_check(info); 3281 if (err) 3282 goto free_copy; 3283 3284 err = elf_header_check(info); 3285 if (err) 3286 goto free_copy; 3287 3288 /* Figure out module layout, and allocate all the memory. */ 3289 mod = layout_and_allocate(info, flags); 3290 if (IS_ERR(mod)) { 3291 err = PTR_ERR(mod); 3292 goto free_copy; 3293 } 3294 3295 /* Reserve our place in the list. */ 3296 err = add_unformed_module(mod); 3297 if (err) 3298 goto free_module; 3299 3300#ifdef CONFIG_MODULE_SIG 3301 mod->sig_ok = info->sig_ok; 3302 if (!mod->sig_ok) { 3303 pr_notice_once("%s: module verification failed: signature " 3304 "and/or required key missing - tainting " 3305 "kernel\n", mod->name); 3306 add_taint_module(mod, TAINT_UNSIGNED_MODULE, LOCKDEP_STILL_OK); 3307 } 3308#endif 3309 3310 /* To avoid stressing percpu allocator, do this once we're unique. */ 3311 err = percpu_modalloc(mod, info); 3312 if (err) 3313 goto unlink_mod; 3314 3315 /* Now module is in final location, initialize linked lists, etc. */ 3316 err = module_unload_init(mod); 3317 if (err) 3318 goto unlink_mod; 3319 3320 /* Now we've got everything in the final locations, we can 3321 * find optional sections. */ 3322 err = find_module_sections(mod, info); 3323 if (err) 3324 goto free_unload; 3325 3326 err = check_module_license_and_versions(mod); 3327 if (err) 3328 goto free_unload; 3329 3330 /* Set up MODINFO_ATTR fields */ 3331 setup_modinfo(mod, info); 3332 3333 /* Fix up syms, so that st_value is a pointer to location. */ 3334 err = simplify_symbols(mod, info); 3335 if (err < 0) 3336 goto free_modinfo; 3337 3338 err = apply_relocations(mod, info); 3339 if (err < 0) 3340 goto free_modinfo; 3341 3342 err = post_relocation(mod, info); 3343 if (err < 0) 3344 goto free_modinfo; 3345 3346 flush_module_icache(mod); 3347 3348 /* Now copy in args */ 3349 mod->args = strndup_user(uargs, ~0UL >> 1); 3350 if (IS_ERR(mod->args)) { 3351 err = PTR_ERR(mod->args); 3352 goto free_arch_cleanup; 3353 } 3354 3355 dynamic_debug_setup(info->debug, info->num_debug); 3356 3357 /* Ftrace init must be called in the MODULE_STATE_UNFORMED state */ 3358 ftrace_module_init(mod); 3359 3360 /* Finally it's fully formed, ready to start executing. */ 3361 err = complete_formation(mod, info); 3362 if (err) 3363 goto ddebug_cleanup; 3364 3365 /* Module is ready to execute: parsing args may do that. */ 3366 after_dashes = parse_args(mod->name, mod->args, mod->kp, mod->num_kp, 3367 -32768, 32767, unknown_module_param_cb); 3368 if (IS_ERR(after_dashes)) { 3369 err = PTR_ERR(after_dashes); 3370 goto bug_cleanup; 3371 } else if (after_dashes) { 3372 pr_warn("%s: parameters '%s' after `--' ignored\n", 3373 mod->name, after_dashes); 3374 } 3375 3376 /* Link in to syfs. */ 3377 err = mod_sysfs_setup(mod, info, mod->kp, mod->num_kp); 3378 if (err < 0) 3379 goto bug_cleanup; 3380 3381 /* Get rid of temporary copy. */ 3382 free_copy(info); 3383 3384 /* Done! */ 3385 trace_module_load(mod); 3386 3387 return do_init_module(mod); 3388 3389 bug_cleanup: 3390 /* module_bug_cleanup needs module_mutex protection */ 3391 mutex_lock(&module_mutex); 3392 module_bug_cleanup(mod); 3393 mutex_unlock(&module_mutex); 3394 3395 blocking_notifier_call_chain(&module_notify_list, 3396 MODULE_STATE_GOING, mod); 3397 3398 /* we can't deallocate the module until we clear memory protection */ 3399 unset_module_init_ro_nx(mod); 3400 unset_module_core_ro_nx(mod); 3401 3402 ddebug_cleanup: 3403 dynamic_debug_remove(info->debug); 3404 synchronize_sched(); 3405 kfree(mod->args); 3406 free_arch_cleanup: 3407 module_arch_cleanup(mod); 3408 free_modinfo: 3409 free_modinfo(mod); 3410 free_unload: 3411 module_unload_free(mod); 3412 unlink_mod: 3413 mutex_lock(&module_mutex); 3414 /* Unlink carefully: kallsyms could be walking list. */ 3415 list_del_rcu(&mod->list); 3416 wake_up_all(&module_wq); 3417 /* Wait for RCU synchronizing before releasing mod->list. */ 3418 synchronize_rcu(); 3419 mutex_unlock(&module_mutex); 3420 free_module: 3421 /* Free lock-classes; relies on the preceding sync_rcu() */ 3422 lockdep_free_key_range(mod->module_core, mod->core_size); 3423 3424 module_deallocate(mod, info); 3425 free_copy: 3426 free_copy(info); 3427 return err; 3428} 3429 3430SYSCALL_DEFINE3(init_module, void __user *, umod, 3431 unsigned long, len, const char __user *, uargs) 3432{ 3433 int err; 3434 struct load_info info = { }; 3435 3436 err = may_init_module(); 3437 if (err) 3438 return err; 3439 3440 pr_debug("init_module: umod=%p, len=%lu, uargs=%p\n", 3441 umod, len, uargs); 3442 3443 err = copy_module_from_user(umod, len, &info); 3444 if (err) 3445 return err; 3446 3447 return load_module(&info, uargs, 0); 3448} 3449 3450SYSCALL_DEFINE3(finit_module, int, fd, const char __user *, uargs, int, flags) 3451{ 3452 int err; 3453 struct load_info info = { }; 3454 3455 err = may_init_module(); 3456 if (err) 3457 return err; 3458 3459 pr_debug("finit_module: fd=%d, uargs=%p, flags=%i\n", fd, uargs, flags); 3460 3461 if (flags & ~(MODULE_INIT_IGNORE_MODVERSIONS 3462 |MODULE_INIT_IGNORE_VERMAGIC)) 3463 return -EINVAL; 3464 3465 err = copy_module_from_fd(fd, &info); 3466 if (err) 3467 return err; 3468 3469 return load_module(&info, uargs, flags); 3470} 3471 3472static inline int within(unsigned long addr, void *start, unsigned long size) 3473{ 3474 return ((void *)addr >= start && (void *)addr < start + size); 3475} 3476 3477#ifdef CONFIG_KALLSYMS 3478/* 3479 * This ignores the intensely annoying "mapping symbols" found 3480 * in ARM ELF files: $a, $t and $d. 3481 */ 3482static inline int is_arm_mapping_symbol(const char *str) 3483{ 3484 if (str[0] == '.' && str[1] == 'L') 3485 return true; 3486 return str[0] == '$' && strchr("axtd", str[1]) 3487 && (str[2] == '\0' || str[2] == '.'); 3488} 3489 3490static const char *symname(struct mod_kallsyms *kallsyms, unsigned int symnum) 3491{ 3492 return kallsyms->strtab + kallsyms->symtab[symnum].st_name; 3493} 3494 3495static const char *get_ksymbol(struct module *mod, 3496 unsigned long addr, 3497 unsigned long *size, 3498 unsigned long *offset) 3499{ 3500 unsigned int i, best = 0; 3501 unsigned long nextval; 3502 struct mod_kallsyms *kallsyms = rcu_dereference_sched(mod->kallsyms); 3503 3504 /* At worse, next value is at end of module */ 3505 if (within_module_init(addr, mod)) 3506 nextval = (unsigned long)mod->module_init+mod->init_text_size; 3507 else 3508 nextval = (unsigned long)mod->module_core+mod->core_text_size; 3509 3510 /* Scan for closest preceding symbol, and next symbol. (ELF 3511 starts real symbols at 1). */ 3512 for (i = 1; i < kallsyms->num_symtab; i++) { 3513 if (kallsyms->symtab[i].st_shndx == SHN_UNDEF) 3514 continue; 3515 3516 /* We ignore unnamed symbols: they're uninformative 3517 * and inserted at a whim. */ 3518 if (*symname(kallsyms, i) == '\0' 3519 || is_arm_mapping_symbol(symname(kallsyms, i))) 3520 continue; 3521 3522 if (kallsyms->symtab[i].st_value <= addr 3523 && kallsyms->symtab[i].st_value > kallsyms->symtab[best].st_value) 3524 best = i; 3525 if (kallsyms->symtab[i].st_value > addr 3526 && kallsyms->symtab[i].st_value < nextval) 3527 nextval = kallsyms->symtab[i].st_value; 3528 } 3529 3530 if (!best) 3531 return NULL; 3532 3533 if (size) 3534 *size = nextval - kallsyms->symtab[best].st_value; 3535 if (offset) 3536 *offset = addr - kallsyms->symtab[best].st_value; 3537 return symname(kallsyms, best); 3538} 3539 3540/* For kallsyms to ask for address resolution. NULL means not found. Careful 3541 * not to lock to avoid deadlock on oopses, simply disable preemption. */ 3542const char *module_address_lookup(unsigned long addr, 3543 unsigned long *size, 3544 unsigned long *offset, 3545 char **modname, 3546 char *namebuf) 3547{ 3548 struct module *mod; 3549 const char *ret = NULL; 3550 3551 preempt_disable(); 3552 list_for_each_entry_rcu(mod, &modules, list) { 3553 if (mod->state == MODULE_STATE_UNFORMED) 3554 continue; 3555 if (within_module(addr, mod)) { 3556 if (modname) 3557 *modname = mod->name; 3558 ret = get_ksymbol(mod, addr, size, offset); 3559 break; 3560 } 3561 } 3562 /* Make a copy in here where it's safe */ 3563 if (ret) { 3564 strncpy(namebuf, ret, KSYM_NAME_LEN - 1); 3565 ret = namebuf; 3566 } 3567 preempt_enable(); 3568 return ret; 3569} 3570 3571int lookup_module_symbol_name(unsigned long addr, char *symname) 3572{ 3573 struct module *mod; 3574 3575 preempt_disable(); 3576 list_for_each_entry_rcu(mod, &modules, list) { 3577 if (mod->state == MODULE_STATE_UNFORMED) 3578 continue; 3579 if (within_module(addr, mod)) { 3580 const char *sym; 3581 3582 sym = get_ksymbol(mod, addr, NULL, NULL); 3583 if (!sym) 3584 goto out; 3585 strlcpy(symname, sym, KSYM_NAME_LEN); 3586 preempt_enable(); 3587 return 0; 3588 } 3589 } 3590out: 3591 preempt_enable(); 3592 return -ERANGE; 3593} 3594 3595int lookup_module_symbol_attrs(unsigned long addr, unsigned long *size, 3596 unsigned long *offset, char *modname, char *name) 3597{ 3598 struct module *mod; 3599 3600 preempt_disable(); 3601 list_for_each_entry_rcu(mod, &modules, list) { 3602 if (mod->state == MODULE_STATE_UNFORMED) 3603 continue; 3604 if (within_module(addr, mod)) { 3605 const char *sym; 3606 3607 sym = get_ksymbol(mod, addr, size, offset); 3608 if (!sym) 3609 goto out; 3610 if (modname) 3611 strlcpy(modname, mod->name, MODULE_NAME_LEN); 3612 if (name) 3613 strlcpy(name, sym, KSYM_NAME_LEN); 3614 preempt_enable(); 3615 return 0; 3616 } 3617 } 3618out: 3619 preempt_enable(); 3620 return -ERANGE; 3621} 3622 3623int module_get_kallsym(unsigned int symnum, unsigned long *value, char *type, 3624 char *name, char *module_name, int *exported) 3625{ 3626 struct module *mod; 3627 3628 preempt_disable(); 3629 list_for_each_entry_rcu(mod, &modules, list) { 3630 struct mod_kallsyms *kallsyms; 3631 3632 if (mod->state == MODULE_STATE_UNFORMED) 3633 continue; 3634 kallsyms = rcu_dereference_sched(mod->kallsyms); 3635 if (symnum < kallsyms->num_symtab) { 3636 *value = kallsyms->symtab[symnum].st_value; 3637 *type = kallsyms->symtab[symnum].st_info; 3638 strlcpy(name, symname(kallsyms, symnum), KSYM_NAME_LEN); 3639 strlcpy(module_name, mod->name, MODULE_NAME_LEN); 3640 *exported = is_exported(name, *value, mod); 3641 preempt_enable(); 3642 return 0; 3643 } 3644 symnum -= kallsyms->num_symtab; 3645 } 3646 preempt_enable(); 3647 return -ERANGE; 3648} 3649 3650static unsigned long mod_find_symname(struct module *mod, const char *name) 3651{ 3652 unsigned int i; 3653 struct mod_kallsyms *kallsyms = rcu_dereference_sched(mod->kallsyms); 3654 3655 for (i = 0; i < kallsyms->num_symtab; i++) 3656 if (strcmp(name, symname(kallsyms, i)) == 0 && 3657 kallsyms->symtab[i].st_info != 'U') 3658 return kallsyms->symtab[i].st_value; 3659 return 0; 3660} 3661 3662/* Look for this name: can be of form module:name. */ 3663unsigned long module_kallsyms_lookup_name(const char *name) 3664{ 3665 struct module *mod; 3666 char *colon; 3667 unsigned long ret = 0; 3668 3669 /* Don't lock: we're in enough trouble already. */ 3670 preempt_disable(); 3671 if ((colon = strchr(name, ':')) != NULL) { 3672 if ((mod = find_module_all(name, colon - name, false)) != NULL) 3673 ret = mod_find_symname(mod, colon+1); 3674 } else { 3675 list_for_each_entry_rcu(mod, &modules, list) { 3676 if (mod->state == MODULE_STATE_UNFORMED) 3677 continue; 3678 if ((ret = mod_find_symname(mod, name)) != 0) 3679 break; 3680 } 3681 } 3682 preempt_enable(); 3683 return ret; 3684} 3685 3686int module_kallsyms_on_each_symbol(int (*fn)(void *, const char *, 3687 struct module *, unsigned long), 3688 void *data) 3689{ 3690 struct module *mod; 3691 unsigned int i; 3692 int ret; 3693 3694 list_for_each_entry(mod, &modules, list) { 3695 /* We hold module_mutex: no need for rcu_dereference_sched */ 3696 struct mod_kallsyms *kallsyms = mod->kallsyms; 3697 3698 if (mod->state == MODULE_STATE_UNFORMED) 3699 continue; 3700 for (i = 0; i < kallsyms->num_symtab; i++) { 3701 ret = fn(data, symname(kallsyms, i), 3702 mod, kallsyms->symtab[i].st_value); 3703 if (ret != 0) 3704 return ret; 3705 } 3706 } 3707 return 0; 3708} 3709#endif /* CONFIG_KALLSYMS */ 3710 3711static char *module_flags(struct module *mod, char *buf) 3712{ 3713 int bx = 0; 3714 3715 BUG_ON(mod->state == MODULE_STATE_UNFORMED); 3716 if (mod->taints || 3717 mod->state == MODULE_STATE_GOING || 3718 mod->state == MODULE_STATE_COMING) { 3719 buf[bx++] = '('; 3720 bx += module_flags_taint(mod, buf + bx); 3721 /* Show a - for module-is-being-unloaded */ 3722 if (mod->state == MODULE_STATE_GOING) 3723 buf[bx++] = '-'; 3724 /* Show a + for module-is-being-loaded */ 3725 if (mod->state == MODULE_STATE_COMING) 3726 buf[bx++] = '+'; 3727 buf[bx++] = ')'; 3728 } 3729 buf[bx] = '\0'; 3730 3731 return buf; 3732} 3733 3734#ifdef CONFIG_PROC_FS 3735/* Called by the /proc file system to return a list of modules. */ 3736static void *m_start(struct seq_file *m, loff_t *pos) 3737{ 3738 mutex_lock(&module_mutex); 3739 return seq_list_start(&modules, *pos); 3740} 3741 3742static void *m_next(struct seq_file *m, void *p, loff_t *pos) 3743{ 3744 return seq_list_next(p, &modules, pos); 3745} 3746 3747static void m_stop(struct seq_file *m, void *p) 3748{ 3749 mutex_unlock(&module_mutex); 3750} 3751 3752static int m_show(struct seq_file *m, void *p) 3753{ 3754 struct module *mod = list_entry(p, struct module, list); 3755 char buf[8]; 3756 3757 /* We always ignore unformed modules. */ 3758 if (mod->state == MODULE_STATE_UNFORMED) 3759 return 0; 3760 3761 seq_printf(m, "%s %u", 3762 mod->name, mod->init_size + mod->core_size); 3763 print_unload_info(m, mod); 3764 3765 /* Informative for users. */ 3766 seq_printf(m, " %s", 3767 mod->state == MODULE_STATE_GOING ? "Unloading" : 3768 mod->state == MODULE_STATE_COMING ? "Loading" : 3769 "Live"); 3770 /* Used by oprofile and other similar tools. */ 3771 seq_printf(m, " 0x%pK", mod->module_core); 3772 3773 /* Taints info */ 3774 if (mod->taints) 3775 seq_printf(m, " %s", module_flags(mod, buf)); 3776 3777 seq_puts(m, "\n"); 3778 return 0; 3779} 3780 3781/* Format: modulename size refcount deps address 3782 3783 Where refcount is a number or -, and deps is a comma-separated list 3784 of depends or -. 3785*/ 3786static const struct seq_operations modules_op = { 3787 .start = m_start, 3788 .next = m_next, 3789 .stop = m_stop, 3790 .show = m_show 3791}; 3792 3793static int modules_open(struct inode *inode, struct file *file) 3794{ 3795 return seq_open(file, &modules_op); 3796} 3797 3798static const struct file_operations proc_modules_operations = { 3799 .open = modules_open, 3800 .read = seq_read, 3801 .llseek = seq_lseek, 3802 .release = seq_release, 3803}; 3804 3805static int __init proc_modules_init(void) 3806{ 3807 proc_create("modules", 0, NULL, &proc_modules_operations); 3808 return 0; 3809} 3810module_init(proc_modules_init); 3811#endif 3812 3813/* Given an address, look for it in the module exception tables. */ 3814const struct exception_table_entry *search_module_extables(unsigned long addr) 3815{ 3816 const struct exception_table_entry *e = NULL; 3817 struct module *mod; 3818 3819 preempt_disable(); 3820 list_for_each_entry_rcu(mod, &modules, list) { 3821 if (mod->state == MODULE_STATE_UNFORMED) 3822 continue; 3823 if (mod->num_exentries == 0) 3824 continue; 3825 3826 e = search_extable(mod->extable, 3827 mod->extable + mod->num_exentries - 1, 3828 addr); 3829 if (e) 3830 break; 3831 } 3832 preempt_enable(); 3833 3834 /* Now, if we found one, we are running inside it now, hence 3835 we cannot unload the module, hence no refcnt needed. */ 3836 return e; 3837} 3838 3839/* 3840 * is_module_address - is this address inside a module? 3841 * @addr: the address to check. 3842 * 3843 * See is_module_text_address() if you simply want to see if the address 3844 * is code (not data). 3845 */ 3846bool is_module_address(unsigned long addr) 3847{ 3848 bool ret; 3849 3850 preempt_disable(); 3851 ret = __module_address(addr) != NULL; 3852 preempt_enable(); 3853 3854 return ret; 3855} 3856 3857/* 3858 * __module_address - get the module which contains an address. 3859 * @addr: the address. 3860 * 3861 * Must be called with preempt disabled or module mutex held so that 3862 * module doesn't get freed during this. 3863 */ 3864struct module *__module_address(unsigned long addr) 3865{ 3866 struct module *mod; 3867 3868 if (addr < module_addr_min || addr > module_addr_max) 3869 return NULL; 3870 3871 list_for_each_entry_rcu(mod, &modules, list) { 3872 if (mod->state == MODULE_STATE_UNFORMED) 3873 continue; 3874 if (within_module(addr, mod)) 3875 return mod; 3876 } 3877 return NULL; 3878} 3879EXPORT_SYMBOL_GPL(__module_address); 3880 3881/* 3882 * is_module_text_address - is this address inside module code? 3883 * @addr: the address to check. 3884 * 3885 * See is_module_address() if you simply want to see if the address is 3886 * anywhere in a module. See kernel_text_address() for testing if an 3887 * address corresponds to kernel or module code. 3888 */ 3889bool is_module_text_address(unsigned long addr) 3890{ 3891 bool ret; 3892 3893 preempt_disable(); 3894 ret = __module_text_address(addr) != NULL; 3895 preempt_enable(); 3896 3897 return ret; 3898} 3899 3900/* 3901 * __module_text_address - get the module whose code contains an address. 3902 * @addr: the address. 3903 * 3904 * Must be called with preempt disabled or module mutex held so that 3905 * module doesn't get freed during this. 3906 */ 3907struct module *__module_text_address(unsigned long addr) 3908{ 3909 struct module *mod = __module_address(addr); 3910 if (mod) { 3911 /* Make sure it's within the text section. */ 3912 if (!within(addr, mod->module_init, mod->init_text_size) 3913 && !within(addr, mod->module_core, mod->core_text_size)) 3914 mod = NULL; 3915 } 3916 return mod; 3917} 3918EXPORT_SYMBOL_GPL(__module_text_address); 3919 3920/* Don't grab lock, we're oopsing. */ 3921void print_modules(void) 3922{ 3923 struct module *mod; 3924 char buf[8]; 3925 3926 printk(KERN_DEFAULT "Modules linked in:"); 3927 /* Most callers should already have preempt disabled, but make sure */ 3928 preempt_disable(); 3929 list_for_each_entry_rcu(mod, &modules, list) { 3930 if (mod->state == MODULE_STATE_UNFORMED) 3931 continue; 3932 pr_cont(" %s%s", mod->name, module_flags(mod, buf)); 3933 } 3934 preempt_enable(); 3935 if (last_unloaded_module[0]) 3936 pr_cont(" [last unloaded: %s]", last_unloaded_module); 3937 pr_cont("\n"); 3938} 3939 3940#ifdef CONFIG_MODVERSIONS 3941/* Generate the signature for all relevant module structures here. 3942 * If these change, we don't want to try to parse the module. */ 3943void module_layout(struct module *mod, 3944 struct modversion_info *ver, 3945 struct kernel_param *kp, 3946 struct kernel_symbol *ks, 3947 struct tracepoint * const *tp) 3948{ 3949} 3950EXPORT_SYMBOL(module_layout); 3951#endif 3952