Skip to content
Advertisement

why module_param_hw( ) macro is more secure than module_param( )?

I’m starting to learn kernel modules programming. To pass any parameter to the kernel module you use module_param( ) macro which i guess work something like dynamic linking method in user space (deffer symbols relocation to run time by kernel modules loader) you can correct me if I’m wrong. Anyways, module_param() takes a permission parameter to specify the read write and execute permissions of parameter values. So how exactly module_param() can become insecure if you set up the permissions correctly and how exactly does module_param_hw( ) fix these issues. I know that module_param_hw is supposed to be used when we pass hardware related values but cant see why it’s more secure.

Advertisement

Answer

It or enum KERNEL_PARAM_FL_UNSAFE to flag member of kernel_param struct in file module_param.h.. Check macro module_param_hw_named

It also adds an extra checks related to lockdown feature of kernel,

if (kp->flags & KERNEL_PARAM_FL_HWPARAM &&
    security_locked_down(LOCKDOWN_MODULE_PARAMETERS))
    return false;

You can check function param_check_unsafe in file kernel/params.c. This function will be called when inserting module in kernel with parameters.

User contributions licensed under: CC BY-SA
5 People found this is helpful
Advertisement