Orange Pi5 kernel

Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards

3 Commits   0 Branches   0 Tags
Index
Trunk
Branches
Tags
Trunk
Branches
Tags
Home page
Home page
orangepi/linux-orangepi-5.10.y.git/trunk/security/loadpin/loadpin.c 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   1) // SPDX-License-Identifier: GPL-2.0-only
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   2) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   3)  * Module and Firmware Pinning Security Module
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   4)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   5)  * Copyright 2011-2016 Google Inc.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   6)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   7)  * Author: Kees Cook <keescook@chromium.org>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   8)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   9) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  10) #define pr_fmt(fmt) "LoadPin: " fmt
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  11) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  12) #include <linux/module.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  13) #include <linux/fs.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  14) #include <linux/kernel_read_file.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  15) #include <linux/lsm_hooks.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  16) #include <linux/mount.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  17) #include <linux/blkdev.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  18) #include <linux/path.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  19) #include <linux/sched.h>	/* current */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  20) #include <linux/string_helpers.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  21) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  22) static void report_load(const char *origin, struct file *file, char *operation)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  23) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  24) 	char *cmdline, *pathname;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  25) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  26) 	pathname = kstrdup_quotable_file(file, GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  27) 	cmdline = kstrdup_quotable_cmdline(current, GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  28) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  29) 	pr_notice("%s %s obj=%s%s%s pid=%d cmdline=%s%s%s\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  30) 		  origin, operation,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  31) 		  (pathname && pathname[0] != '<') ? "\"" : "",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  32) 		  pathname,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  33) 		  (pathname && pathname[0] != '<') ? "\"" : "",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  34) 		  task_pid_nr(current),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  35) 		  cmdline ? "\"" : "", cmdline, cmdline ? "\"" : "");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  36) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  37) 	kfree(cmdline);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  38) 	kfree(pathname);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  39) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  40) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  41) static int enforce = IS_ENABLED(CONFIG_SECURITY_LOADPIN_ENFORCE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  42) static char *exclude_read_files[READING_MAX_ID];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  43) static int ignore_read_file_id[READING_MAX_ID] __ro_after_init;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  44) static struct super_block *pinned_root;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  45) static DEFINE_SPINLOCK(pinned_root_spinlock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  46) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  47) #ifdef CONFIG_SYSCTL
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  48) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  49) static struct ctl_path loadpin_sysctl_path[] = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  50) 	{ .procname = "kernel", },
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  51) 	{ .procname = "loadpin", },
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  52) 	{ }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  53) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  54) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  55) static struct ctl_table loadpin_sysctl_table[] = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  56) 	{
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  57) 		.procname       = "enforce",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  58) 		.data           = &enforce,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  59) 		.maxlen         = sizeof(int),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  60) 		.mode           = 0644,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  61) 		.proc_handler   = proc_dointvec_minmax,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  62) 		.extra1         = SYSCTL_ZERO,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  63) 		.extra2         = SYSCTL_ONE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  64) 	},
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  65) 	{ }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  66) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  67) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  68) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  69)  * This must be called after early kernel init, since then the rootdev
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  70)  * is available.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  71)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  72) static void check_pinning_enforcement(struct super_block *mnt_sb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  73) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  74) 	bool ro = false;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  75) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  76) 	/*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  77) 	 * If load pinning is not enforced via a read-only block
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  78) 	 * device, allow sysctl to change modes for testing.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  79) 	 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  80) 	if (mnt_sb->s_bdev) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  81) 		char bdev[BDEVNAME_SIZE];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  82) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  83) 		ro = bdev_read_only(mnt_sb->s_bdev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  84) 		bdevname(mnt_sb->s_bdev, bdev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  85) 		pr_info("%s (%u:%u): %s\n", bdev,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  86) 			MAJOR(mnt_sb->s_bdev->bd_dev),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  87) 			MINOR(mnt_sb->s_bdev->bd_dev),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  88) 			ro ? "read-only" : "writable");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  89) 	} else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  90) 		pr_info("mnt_sb lacks block device, treating as: writable\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  91) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  92) 	if (!ro) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  93) 		if (!register_sysctl_paths(loadpin_sysctl_path,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  94) 					   loadpin_sysctl_table))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  95) 			pr_notice("sysctl registration failed!\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  96) 		else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  97) 			pr_info("enforcement can be disabled.\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  98) 	} else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  99) 		pr_info("load pinning engaged.\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) #else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) static void check_pinning_enforcement(struct super_block *mnt_sb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) 	pr_info("load pinning engaged.\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) static void loadpin_sb_free_security(struct super_block *mnt_sb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) 	/*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) 	 * When unmounting the filesystem we were using for load
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) 	 * pinning, we acknowledge the superblock release, but make sure
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) 	 * no other modules or firmware can be loaded.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114) 	 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) 	if (!IS_ERR_OR_NULL(pinned_root) && mnt_sb == pinned_root) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) 		pinned_root = ERR_PTR(-EIO);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) 		pr_info("umount pinned fs: refusing further loads\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) static int loadpin_read_file(struct file *file, enum kernel_read_file_id id,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) 			     bool contents)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) 	struct super_block *load_root;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) 	const char *origin = kernel_read_file_id_str(id);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) 	/*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128) 	 * If we will not know that we'll be seeing the full contents
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129) 	 * then we cannot trust a load will be complete and unchanged
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) 	 * off disk. Treat all contents=false hooks as if there were
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131) 	 * no associated file struct.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132) 	 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133) 	if (!contents)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) 		file = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) 	/* If the file id is excluded, ignore the pinning. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) 	if ((unsigned int)id < ARRAY_SIZE(ignore_read_file_id) &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138) 	    ignore_read_file_id[id]) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) 		report_load(origin, file, "pinning-excluded");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) 		return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143) 	/* This handles the older init_module API that has a NULL file. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144) 	if (!file) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145) 		if (!enforce) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) 			report_load(origin, NULL, "old-api-pinning-ignored");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147) 			return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150) 		report_load(origin, NULL, "old-api-denied");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151) 		return -EPERM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154) 	load_root = file->f_path.mnt->mnt_sb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156) 	/* First loaded module/firmware defines the root for all others. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157) 	spin_lock(&pinned_root_spinlock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158) 	/*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159) 	 * pinned_root is only NULL at startup. Otherwise, it is either
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160) 	 * a valid reference, or an ERR_PTR.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) 	 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162) 	if (!pinned_root) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163) 		pinned_root = load_root;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164) 		/*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165) 		 * Unlock now since it's only pinned_root we care about.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166) 		 * In the worst case, we will (correctly) report pinning
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167) 		 * failures before we have announced that pinning is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168) 		 * enforcing. This would be purely cosmetic.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169) 		 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170) 		spin_unlock(&pinned_root_spinlock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171) 		check_pinning_enforcement(pinned_root);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172) 		report_load(origin, file, "pinned");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173) 	} else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174) 		spin_unlock(&pinned_root_spinlock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177) 	if (IS_ERR_OR_NULL(pinned_root) || load_root != pinned_root) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178) 		if (unlikely(!enforce)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179) 			report_load(origin, file, "pinning-ignored");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180) 			return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183) 		report_load(origin, file, "denied");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184) 		return -EPERM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 188) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 189) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 190) static int loadpin_load_data(enum kernel_load_data_id id, bool contents)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 191) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 192) 	return loadpin_read_file(NULL, (enum kernel_read_file_id) id, contents);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 193) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 194) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 195) static struct security_hook_list loadpin_hooks[] __lsm_ro_after_init = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 196) 	LSM_HOOK_INIT(sb_free_security, loadpin_sb_free_security),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 197) 	LSM_HOOK_INIT(kernel_read_file, loadpin_read_file),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 198) 	LSM_HOOK_INIT(kernel_load_data, loadpin_load_data),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 199) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 200) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 201) static void __init parse_exclude(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 202) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 203) 	int i, j;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 204) 	char *cur;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 205) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 206) 	/*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 207) 	 * Make sure all the arrays stay within expected sizes. This
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 208) 	 * is slightly weird because kernel_read_file_str[] includes
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 209) 	 * READING_MAX_ID, which isn't actually meaningful here.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 210) 	 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 211) 	BUILD_BUG_ON(ARRAY_SIZE(exclude_read_files) !=
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 212) 		     ARRAY_SIZE(ignore_read_file_id));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 213) 	BUILD_BUG_ON(ARRAY_SIZE(kernel_read_file_str) <
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 214) 		     ARRAY_SIZE(ignore_read_file_id));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 215) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 216) 	for (i = 0; i < ARRAY_SIZE(exclude_read_files); i++) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 217) 		cur = exclude_read_files[i];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 218) 		if (!cur)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 219) 			break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 220) 		if (*cur == '\0')
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 221) 			continue;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 222) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 223) 		for (j = 0; j < ARRAY_SIZE(ignore_read_file_id); j++) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 224) 			if (strcmp(cur, kernel_read_file_str[j]) == 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 225) 				pr_info("excluding: %s\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 226) 					kernel_read_file_str[j]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 227) 				ignore_read_file_id[j] = 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 228) 				/*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 229) 				 * Can not break, because one read_file_str
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 230) 				 * may map to more than on read_file_id.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 231) 				 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 232) 			}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 233) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 234) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 235) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 236) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 237) static int __init loadpin_init(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 238) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 239) 	pr_info("ready to pin (currently %senforcing)\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 240) 		enforce ? "" : "not ");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 241) 	parse_exclude();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 242) 	security_add_hooks(loadpin_hooks, ARRAY_SIZE(loadpin_hooks), "loadpin");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 243) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 244) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 245) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 246) DEFINE_LSM(loadpin) = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 247) 	.name = "loadpin",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 248) 	.init = loadpin_init,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 249) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 250) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 251) /* Should not be mutable after boot, so not listed in sysfs (perm == 0). */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 252) module_param(enforce, int, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 253) MODULE_PARM_DESC(enforce, "Enforce module/firmware pinning");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 254) module_param_array_named(exclude, exclude_read_files, charp, NULL, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 255) MODULE_PARM_DESC(exclude, "Exclude pinning specific read file types");
cGit-ui 0.1.7
Git 2.40.0
Nginx 1.22.1

Where any material of this site is being reproduced, published or issued to others the reference to the source is obligatory.

© Andrey V. Kosteltsev, 2019 – 2025.