chromeos-kernel-linux-surface icon indicating copy to clipboard operation
chromeos-kernel-linux-surface copied to clipboard
verified publisher icon kitakar5525

LoadPin module can't handle compressed modules

Open kitakar5525 opened this issue 6 years ago • 2 comments

I can compress the modules:

CONFIG_MODULE_COMPRESS=y
CONFIG_MODULE_COMPRESS_GZIP=y

but Chromium OS will not load the compressed modules (fail to boot).

kitakar5525 avatar Nov 21 '19 02:11 kitakar5525

I tried loading gzip compressed module on a working chromeos:

  1. compress modules with gzip (e.g. gzip mwifiex_pcie.ko)
  2. copy them into /lib/modules/$(uname -r)/updates/
  3. run sudo depmod
  4. unload module (e.g. sudo modprobe -r mwifiex_pcie)
  5. load the compressed modules (e.g. sudo modprobe mwifiex_pcie)

And the following is the message on dmesg:

kern  :notice: [ 1273.001299] LoadPin: kernel-module old-api-denied obj=<unknown> pid=11317 cmdline="modprobe mwifiex_pcie"

If I disable enforcing loadpin (sudo echo 0 | sudo tee /proc/sys/kernel/loadpin/enforce), it loaded:

LoadPin: kernel-module old-api-pinning-ignored obj=<unknown> pid=22313 cmdline="modprobe mwifiex_pcie"

Related code: https://github.com/torvalds/linux/blob/caffb99b6929f41a69edbb5aef3a359bf45f3315/security/loadpin/loadpin.c#L131-L140

Further search revealed that currently the LoadPin module can't handle compressed modules...

  • https://www.spinics.net/lists/linux-modules/msg01663.html ("Module compression & loadpin")

kitakar5525 avatar May 24 '20 13:05 kitakar5525

See: https://lore.kernel.org/linux-modules/[email protected]/ and https://lore.kernel.org/lkml/[email protected]/

Allen-Webb avatar Nov 15 '22 22:11 Allen-Webb