From: Andreas Gruenbacher <agruen@suse.de>
Subject: Novell/external support flag in modules
Patch-mainline: Never, SLES feature

Upon module load, check if a module is supported, and set the
N (TAINT_NO_SUPPORT) or X (TAINT_EXTERNAL_SUPPORT) tail flags
for unsupported or externally suported modules.

Changes:
* Feb 21 2008 - jeffm
- 2.6.25 claimed -S and bumped the flags up a bit, modpost now uses -N

Signed-off-by: Andreas Gruenbacher <agruen@suse.de>

---

 Documentation/kernel-parameters.txt |    6 +++
 Documentation/sysctl/kernel.txt     |   12 ++++++
 Makefile                            |    5 ++
 include/linux/kernel.h              |    8 ++++
 kernel/module.c                     |   42 ++++++++++++++++++++++-
 kernel/panic.c                      |    4 ++
 kernel/sysctl.c                     |    9 ++++
 scripts/Makefile.modpost            |    4 +-
 scripts/mod/modpost.c               |   65 +++++++++++++++++++++++++++++++++++-
 9 files changed, 152 insertions(+), 3 deletions(-)

--- a/Documentation/kernel-parameters.txt
+++ b/Documentation/kernel-parameters.txt
@@ -2549,6 +2549,12 @@ and is between 256 and 4096 characters.
 			improve throughput, but will also increase the
 			amount of memory reserved for use by the client.
 
+	unsupported	Allow loading of unsupported kernel modules:
+			0 = only allow supported modules,
+			1 = warn when loading unsupported modules,
+			2 = don't warn.
+
+
 	swiotlb=	[IA-64] Number of I/O TLB slabs
 
 	switches=	[HW,M68k]
--- a/Documentation/sysctl/kernel.txt
+++ b/Documentation/sysctl/kernel.txt
@@ -477,6 +477,18 @@ can be ORed together:
         instead of using the one provided by the hardware.
  512 - A kernel warning has occurred.
 1024 - A module from drivers/staging was loaded.
+ 0x40000000 - An unsupported kernel module was loaded.
+ 0x80000000 - An kernel module with external support was loaded.
+
+==============================================================
+
+unsupported:
+
+Allow to load unsupported kernel modules:
+
+  0 - refuse to load unsupported modules,
+  1 - warn when loading unsupported modules,
+  2 - don't warn.
 
 ==============================================================
 
--- a/Makefile
+++ b/Makefile
@@ -353,6 +353,11 @@ KBUILD_CFLAGS   := -Wall -Wundef -Wstric
 		   -fno-delete-null-pointer-checks
 KBUILD_AFLAGS   := -D__ASSEMBLY__
 
+# Warn about unsupported modules in kernels built inside Autobuild
+ifneq ($(wildcard /.buildenv),)
+CFLAGS		+= -DUNSUPPORTED_MODULES=2
+endif
+
 # Read KERNELRELEASE from include/config/kernel.release (if it exists)
 KERNELRELEASE = $(shell cat include/config/kernel.release 2> /dev/null)
 KERNELVERSION = $(VERSION).$(PATCHLEVEL).$(SUBLEVEL)$(EXTRAVERSION)
--- a/include/linux/kernel.h
+++ b/include/linux/kernel.h
@@ -317,6 +317,7 @@ extern int panic_timeout;
 extern int panic_on_oops;
 extern int panic_on_unrecovered_nmi;
 extern int panic_on_io_nmi;
+extern int unsupported;
 extern const char *print_tainted(void);
 extern void add_taint(unsigned flag);
 extern int test_taint(unsigned flag);
@@ -345,6 +346,13 @@ extern enum system_states {
 #define TAINT_WARN			9
 #define TAINT_CRAP			10
 
+/*
+ * Take the upper bits to hopefully allow them
+ * to stay the same for more than one release.
+ */
+#define TAINT_NO_SUPPORT		30
+#define TAINT_EXTERNAL_SUPPORT		31
+
 extern void dump_stack(void) __cold;
 
 enum {
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -74,6 +74,20 @@ EXPORT_TRACEPOINT_SYMBOL(module_get);
 /* If this is set, the section belongs in the init part of the module */
 #define INIT_OFFSET_MASK (1UL << (BITS_PER_LONG-1))
 
+/* Allow unsupported modules switch. */
+#ifdef UNSUPPORTED_MODULES
+int unsupported = UNSUPPORTED_MODULES;
+#else
+int unsupported = 2;  /* don't warn when loading unsupported modules. */
+#endif
+
+static int __init unsupported_setup(char *str)
+{
+	get_option(&str, &unsupported);
+	return 1;
+}
+__setup("unsupported=", unsupported_setup);
+
 /* List of modules, protected by module_mutex or preempt_disable
  * (delete uses stop_machine/add uses RCU list operations). */
 DEFINE_MUTEX(module_mutex);
@@ -1947,7 +1961,7 @@ static noinline struct module *load_modu
 	Elf_Ehdr *hdr;
 	Elf_Shdr *sechdrs;
 	char *secstrings, *args, *modmagic, *strtab = NULL;
-	char *staging;
+	char *staging, *supported;
 	unsigned int i;
 	unsigned int symindex = 0;
 	unsigned int strindex = 0;
@@ -2066,6 +2080,28 @@ static noinline struct module *load_modu
 		       mod->name);
 	}
 
+	supported = get_modinfo(sechdrs, infoindex, "supported");
+	if (supported) {
+		if (!strcmp(supported, "external"))
+			add_taint_module(mod, TAINT_EXTERNAL_SUPPORT);
+		else if (strcmp(supported, "yes"))
+			supported = NULL;
+	}
+	if (!supported) {
+		if (unsupported == 0) {
+			printk(KERN_WARNING "%s: module not supported by "
+			       "Novell, refusing to load. To override, echo "
+			       "1 > /proc/sys/kernel/unsupported\n", mod->name);
+			err = -ENOEXEC;
+			goto free_hdr;
+		}
+		add_taint_module(mod, TAINT_NO_SUPPORT);
+		if (unsupported == 1) {
+			printk(KERN_WARNING "%s: module not supported by "
+			       "Novell, setting U taint flag.\n", mod->name);
+		}
+	}
+
 	/* Now copy in args */
 	args = strndup_user(uargs, ~0UL >> 1);
 	if (IS_ERR(args)) {
@@ -2748,6 +2784,10 @@ static char *module_flags(struct module
 			buf[bx++] = 'F';
 		if (mod->taints & (1 << TAINT_CRAP))
 			buf[bx++] = 'C';
+		if (mod->taints & (1 << TAINT_NO_SUPPORT))
+			buf[bx++] = 'N';
+		if (mod->taints & (1 << TAINT_EXTERNAL_SUPPORT))
+			buf[bx++] = 'X';
 		/*
 		 * TAINT_FORCED_RMMOD: could be added.
 		 * TAINT_UNSAFE_SMP, TAINT_MACHINE_CHECK, TAINT_BAD_PAGE don't
--- a/kernel/panic.c
+++ b/kernel/panic.c
@@ -178,6 +178,8 @@ static const struct tnt tnts[] = {
 	{ TAINT_OVERRIDDEN_ACPI_TABLE,	'A', ' ' },
 	{ TAINT_WARN,			'W', ' ' },
 	{ TAINT_CRAP,			'C', ' ' },
+	{ TAINT_NO_SUPPORT,		'N', ' ' },
+	{ TAINT_EXTERNAL_SUPPORT,	'X', ' ' },
 };
 
 /**
@@ -194,6 +196,8 @@ static const struct tnt tnts[] = {
  *  'A' - ACPI table overridden.
  *  'W' - Taint on warning.
  *  'C' - modules from drivers/staging are loaded.
+ *  'N' - Unsuported modules loaded.
+ *  'X' - Modules with external support loaded.
  *
  *	The string is overwritten by the next call to print_tainted().
  */
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -636,6 +636,15 @@ static struct ctl_table kern_table[] = {
 		.extra1		= &pid_max_min,
 		.extra2		= &pid_max_max,
 	},
+#ifdef CONFIG_MODULES
+	{
+		.procname	= "unsupported",
+		.data		= &unsupported,
+		.maxlen		= sizeof(int),
+		.mode		= 0644,
+		.proc_handler	= &proc_dointvec,
+	},
+#endif
 	{
 		.procname	= "panic_on_oops",
 		.data		= &panic_on_oops,
--- a/scripts/Makefile.modpost
+++ b/scripts/Makefile.modpost
@@ -81,7 +81,9 @@ modpost = scripts/mod/modpost
  $(if $(KBUILD_EXTMOD),-o $(modulesymfile))      \
  $(if $(CONFIG_DEBUG_SECTION_MISMATCH),,-S)      \
  $(if $(KBUILD_EXTMOD)$(KBUILD_MODPOST_WARN),-w) \
- $(if $(cross_build),-c)
+ $(if $(cross_build),-c)			 \
+ -N $(firstword $(wildcard $(dir $(MODVERDIR))/Module.supported \
+				  $(objtree)/Module.supported /dev/null))
 
 quiet_cmd_modpost = MODPOST $(words $(filter-out vmlinux FORCE, $^)) modules
       cmd_modpost = $(modpost) -s
--- a/scripts/mod/modpost.c
+++ b/scripts/mod/modpost.c
@@ -1516,6 +1516,48 @@ static void check_sec_ref(struct module
 	}
 }
 
+void *supported_file;
+unsigned long supported_size;
+
+static const char *supported(struct module *mod)
+{
+	unsigned long pos = 0;
+	char *line;
+
+	/* In a first shot, do a simple linear scan. */
+	while ((line = get_next_line(&pos, supported_file,
+				     supported_size))) {
+		const char *basename, *how = "yes";
+		char *l = line;
+
+		/* optional type-of-support flag */
+		for (l = line; *l != '\0'; l++) {
+			if (*l == ' ' || *l == '\t') {
+				*l = '\0';
+				how = l + 1;
+				break;
+			}
+		}
+
+		/* skip directory components */
+		if ((l = strrchr(line, '/')))
+			line = l + 1;
+		/* strip .ko extension */
+		l = line + strlen(line);
+		if (l - line > 3 && !strcmp(l-3, ".ko"))
+			*(l-3) = '\0';
+
+		/* skip directory components */
+		if ((basename = strrchr(mod->name, '/')))
+			basename++;
+		else
+			basename = mod->name;
+		if (!strcmp(basename, line))
+			return how;
+	}
+	return NULL;
+}
+
 static void read_symbols(char *modname)
 {
 	const char *symname;
@@ -1703,6 +1745,13 @@ static void add_staging_flag(struct buff
 		buf_printf(b, "\nMODULE_INFO(staging, \"Y\");\n");
 }
 
+static void add_supported_flag(struct buffer *b, struct module *mod)
+{
+	const char *how = supported(mod);
+	if (how)
+		buf_printf(b, "\nMODULE_INFO(supported, \"%s\");\n", how);
+}
+
 /**
  * Record CRCs for unresolved symbols
  **/
@@ -1843,6 +1892,13 @@ static void write_if_changed(struct buff
 	fclose(file);
 }
 
+static void read_supported(const char *fname)
+{
+	supported_file = grab_file(fname, &supported_size);
+	if (!supported_file)
+		; /* ignore error */
+}
+
 /* parse Module.symvers file. line format:
  * 0x12345678<tab>symbol<tab>module[[<tab>export]<tab>something]
  **/
@@ -1936,12 +1992,13 @@ int main(int argc, char **argv)
 	struct buffer buf = { };
 	char *kernel_read = NULL, *module_read = NULL;
 	char *dump_write = NULL;
+	const char *supported = NULL;
 	int opt;
 	int err;
 	struct ext_sym_list *extsym_iter;
 	struct ext_sym_list *extsym_start = NULL;
 
-	while ((opt = getopt(argc, argv, "i:I:e:cmsSo:awM:K:")) != -1) {
+	while ((opt = getopt(argc, argv, "i:I:e:cmsSo:awM:K:N:")) != -1) {
 		switch (opt) {
 		case 'i':
 			kernel_read = optarg;
@@ -1979,11 +2036,16 @@ int main(int argc, char **argv)
 		case 'w':
 			warn_unresolved = 1;
 			break;
+		case 'N':
+			supported = optarg;
+			break;
 		default:
 			exit(1);
 		}
 	}
 
+	if (supported)
+		read_supported(supported);
 	if (kernel_read)
 		read_dump(kernel_read, 1);
 	if (module_read)
@@ -2016,6 +2078,7 @@ int main(int argc, char **argv)
 
 		add_header(&buf, mod);
 		add_staging_flag(&buf, mod->name);
+		add_supported_flag(&buf, mod);
 		err |= add_versions(&buf, mod);
 		add_depends(&buf, mod, modules);
 		add_moddevtable(&buf, mod);