[PATCH] init_module.2: Document MODULE_INIT_COMPRESS_FILE flag

Linux-man Archive mirror
 help / color / mirror / Atom feed

From: "Michael Weiß" <michael.weiss@aisec.fraunhofer.de>
To: Alejandro Colomar <alx@kernel.org>
Cc: linux-man@vger.kernel.org,
	"Dmitry Torokhov" <dmitry.torokhov@gmail.com>,
	"Stephen Boyd" <swboyd@chromium.org>,
	"Michael Weiß" <michael.weiss@aisec.fraunhofer.de>
Subject: [PATCH] init_module.2: Document MODULE_INIT_COMPRESS_FILE flag
Date: Fri, 29 Mar 2024 13:41:37 +0100	[thread overview]
Message-ID: <20240329124137.630521-1-michael.weiss@aisec.fraunhofer.de> (raw)

finit_module() supports the MODULE_INIT_COMPRESS_FILE flag since
Linux 5.17. See commit b1ae6dc41eaaa ("module: add in-kernel support
for decompressing")

During implementation of a secure module loader in GyroidOS, we
wanted to filter unsafe module parameters. To verify that only the
two documented flags which are disabling sanity checks are unsafe,
we had a look in the current kernel implementation.

We discovered that this new flag MODULE_INIT_COMPRESS_FILE was added.
Having a deeper look at the code, we also discovered that a new error
code EOPNOTSUPP is possible within newer kernels.

The inital commit only supported gzip and xz compression algorithms.
Support for zstd was added in Linux 6.2 by commit 169a58ad824d8
("module/decompress: Support zstd in-kernel decompression")

Signed-off-by: Michael Weiß <michael.weiss@aisec.fraunhofer.de>
---
 man2/init_module.2 | 48 +++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 47 insertions(+), 1 deletion(-)

diff --git a/man2/init_module.2 b/man2/init_module.2
index 95917a079..8197b0df6 100644
--- a/man2/init_module.2
+++ b/man2/init_module.2
@@ -107,6 +107,10 @@ Ignore symbol version hashes.
 .TP
 .B MODULE_INIT_IGNORE_VERMAGIC
 Ignore kernel version magic.
+.TP
+.BR MODULE_INIT_COMPRESSED_FILE " (since Linux 5.17)"
+.\" commit b1ae6dc41eaaa98bb75671e0f3665bfda248c3e7
+Use in-kernel module decompression.
 .P
 There are some safety checks built into a module to ensure that
 it matches the kernel against which it is loaded.
@@ -136,6 +140,41 @@ If the kernel is built to permit forced loading (i.e., configured with
 then loading continues, otherwise it fails with the error
 .B ENOEXEC
 as expected for malformed modules.
+.P
+If the kernel was build with
+.BR CONFIG_MODULE_DECOMPRESS ,
+the in-kernel decompression feature can be used.
+Userspace code can check if the kernel supports decompression by
+reading the
+.I /sys/module/compression
+attribute.
+If the kernel supports decompression, the compressed file can directly
+be passed to
+.BR finit_module ()
+using the
+.B MODULE_INIT_COMPRESSED_FILE
+flag.
+The in-kernel module decompressor supports the following compression
+algorithms:
+.P
+.RS 4
+.PD 0
+.IP \[bu] 3
+.I gzip
+(since Linux 5.17)
+.IP \[bu]
+.I xz
+(since Linux 5.17)
+.IP \[bu]
+.I zstd
+.\" commit 169a58ad824d896b9e291a27193342616e651b82
+(since Linux 6.2)
+.PD
+.RE
+.P
+The kernel only implements a single decompression method which is
+selected during module generation accordingly to the compression
+method selected in the kernel configuration.
 .SH RETURN VALUE
 On success, these system calls return 0.
 On error, \-1 is returned and
@@ -221,12 +260,19 @@ is too large.
 .TP
 .B EINVAL
 .I flags
-is invalid.
+is invalid or the decompressor sanity checks failed while loading
+a compressed module with flag
+.BR CONFIG_MODULE_DECOMPRESS
+set.
 .TP
 .B ENOEXEC
 .I fd
 does not refer to an open file.
 .TP
+.BR EOPNOTSUPP " (since Linux 5.17)"
+This error is return if the kernel was configured without
+.BR CONFIG_MODULE_DECOMPRESS
+.TP
 .BR ETXTBSY " (since Linux 4.7)"
 .\" commit 39d637af5aa7577f655c58b9e55587566c63a0af
 The file referred to by
-- 
2.39.2

next             reply	other threads:[~2024-03-29 12:43 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-03-29 12:41 Michael Weiß [this message]
2024-03-30 23:05 ` [PATCH] init_module.2: Document MODULE_INIT_COMPRESS_FILE flag Alejandro Colomar
2024-04-02 11:07   ` Michael Weiß
2024-04-03  9:07     ` Alejandro Colomar
  -- strict thread matches above, loose matches on Subject: below --
2024-04-03 11:42 Michael Weiß
2024-04-04  9:01 ` Alejandro Colomar

find likely ancestor, descendant, or conflicting patches for this message:
dfblob:95917a07 dfblob:8197b0df
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240329124137.630521-1-michael.weiss@aisec.fraunhofer.de \
    --to=michael.weiss@aisec.fraunhofer.de \
    --cc=alx@kernel.org \
    --cc=dmitry.torokhov@gmail.com \
    --cc=linux-man@vger.kernel.org \
    --cc=swboyd@chromium.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).