When MODULE_IMPORT_NS() is missing, "make nsdeps" runs the Coccinelle
script to automatically add MODULE_IMPORT_NS() to each module.
This should not occur for users of EXPORT_SYMBOL_GPL_FOR_MODULES(), which
is intended to export a symbol to a specific module only. In such cases,
explicitly adding MODULE_IMPORT_NS("module:...") is disallowed.
This commit handles the latter case separately in order not to trigger
the Coccinelle, and displays the error message:
ERROR: modpost: module "foo" uses symbol "bar", which is exported only for module "baz"
Apply the same logic for kernel space as well.
Fixes: 092a4f5985f2 ("module: Add module specific symbol namespace support")
Signed-off-by: Masahiro Yamada <masahiroy@xxxxxxxxxx>
---
kernel/module/main.c | 37 ++++++++++++++++++++-----------------
scripts/mod/modpost.c | 35 ++++++++++++++++++-----------------
2 files changed, 38 insertions(+), 34 deletions(-)
diff --git a/kernel/module/main.c b/kernel/module/main.c
index 81035f6552ec..642f790c47e7 100644
--- a/kernel/module/main.c
+++ b/kernel/module/main.c
@@ -65,6 +65,8 @@
#define CREATE_TRACE_POINTS
#include <trace/events/module.h>
+#define MODULE_NS_PREFIX "module:"
+
/*
* Mutex protects:
* 1) List of modules (also safely readable within RCU read section),
@@ -1108,28 +1110,21 @@ static char *get_modinfo(const struct load_info *info, const char *tag)
}
/**
- * verify_module_namespace() - does @modname have access to this symbol's @namespace
- * @namespace: export symbol namespace
+ * module_match() - check if @modname matches @patterns
* @modname: module name
+ * @patterns: comma separated patterns
*
- * If @namespace is prefixed with "module:" to indicate it is a module namespace
- * then test if @modname matches any of the comma separated patterns.
- *
- * The patterns only support tail-glob.
+ * The @patterns only supports tail-glob.
*/
-static bool verify_module_namespace(const char *namespace, const char *modname)
+static bool module_match(const char *modname, const char *patterns)
{
size_t len, modlen = strlen(modname);
- const char *prefix = "module:";
const char *sep;
bool glob;
- if (!strstarts(namespace, prefix))
- return false;
-
- for (namespace += strlen(prefix); *namespace; namespace = sep) {
- sep = strchrnul(namespace, ',');
- len = sep - namespace;
+ for (; *patterns; patterns = sep) {
+ sep = strchrnul(patterns, ',');
+ len = sep - patterns;
glob = false;
if (sep[-1] == '*') {
@@ -1140,7 +1135,7 @@ static bool verify_module_namespace(const char *namespace, const char *modname)
if (*sep)
sep++;
- if (mod_strncmp(namespace, modname, len) == 0 && (glob || len == modlen))
+ if (mod_strncmp(patterns, modname, len) == 0 && (glob || len == modlen))
return true;
}
@@ -1157,8 +1152,16 @@ static int verify_namespace_is_imported(const struct load_info *info,
namespace = kernel_symbol_namespace(sym);
if (namespace && namespace[0]) {
- if (verify_module_namespace(namespace, mod->name))
+ if (strstarts(namespace, MODULE_NS_PREFIX)) {
+ namespace += strlen(MODULE_NS_PREFIX);
+
+ if (!module_match(mod->name, namespace)) {
+ pr_err("module \"%s\" uses symbol \"%s\", which is exported only for module \"%s\"\n",
+ mod->name, kernel_symbol_name(sym), namespace);
+ return -EINVAL;
+ }
return 0;
+ }
for_each_modinfo_entry(imported_namespace, info, "import_ns") {
if (strcmp(namespace, imported_namespace) == 0)
@@ -1743,7 +1746,7 @@ static int setup_modinfo(struct module *mod, struct load_info *info)
* 'module:' prefixed namespaces are implicit, disallow
* explicit imports.
*/
- if (strstarts(imported_namespace, "module:")) {
+ if (strstarts(imported_namespace, MODULE_NS_PREFIX)) {
pr_err("%s: module tries to import module namespace: %s\n",
mod->name, imported_namespace);
return -EPERM;
diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c
index 5ca7c268294e..3948a4bc41b3 100644
--- a/scripts/mod/modpost.c
+++ b/scripts/mod/modpost.c
@@ -1690,28 +1690,21 @@ void buf_write(struct buffer *buf, const char *s, int len)
}
/**
- * verify_module_namespace() - does @modname have access to this symbol's @namespace
- * @namespace: export symbol namespace
+ * module_match() - check if @modname matches @patterns
* @modname: module name
+ * @patterns: comma-separated list of module names
*
- * If @namespace is prefixed with "module:" to indicate it is a module namespace
- * then test if @modname matches any of the comma separated patterns.
- *
- * The patterns only support tail-glob.
+ * The @patterns only supports tail-glob.
*/
-static bool verify_module_namespace(const char *namespace, const char *modname)
+static bool module_match(const char *modname, const char *patterns)
{
size_t len, modlen = strlen(modname);
- const char *prefix = "module:";
const char *sep;
bool glob;
- if (!strstarts(namespace, prefix))
- return false;
-
- for (namespace += strlen(prefix); *namespace; namespace = sep) {
- sep = strchrnul(namespace, ',');
- len = sep - namespace;
+ for (; *patterns; patterns = sep) {
+ sep = strchrnul(patterns, ',');
+ len = sep - patterns;
glob = false;
if (sep[-1] == '*') {
@@ -1722,7 +1715,7 @@ static bool verify_module_namespace(const char *namespace, const char *modname)
if (*sep)
sep++;
- if (strncmp(namespace, modname, len) == 0 && (glob || len == modlen))
+ if (strncmp(patterns, modname, len) == 0 && (glob || len == modlen))
return true;
}
@@ -1756,8 +1749,16 @@ static void check_exports(struct module *mod)
basename = get_basename(mod->name);
- if (!verify_module_namespace(exp->namespace, basename) &&
- !contains_namespace(&mod->imported_namespaces, exp->namespace)) {
+ if (strstarts(exp->namespace, MODULE_NS_PREFIX)) {
+ const char *ns_patterns = exp->namespace +
+ strlen(MODULE_NS_PREFIX);
+
+ if (!module_match(basename, ns_patterns))
+ error("module \"%s\" uses symbol \"%s\", which is exported only for module \"%s\"\n",
+ basename, exp->name, ns_patterns);
+
+ } else if (!contains_namespace(&mod->imported_namespaces,
+ exp->namespace)) {
modpost_log(!allow_missing_ns_imports,
"module %s uses symbol %s from namespace %s, but does not import it.\n",
basename, exp->name, exp->namespace);
--
2.43.0
